captainindia

Wave 2 representative package from terminal3airport. Obfuscated JS with hex variable names (_0x patterns), randomized filenames. Same adware proxy payload.