79.137.206.177 212.113.119.6 The backdoor does not use POST requests for C2 communication to evade detection but, instead, it passes data through cookies and GET requests without visible parameters.

This means it can tailor malicious behavior to user actions. Any payload sent through this channel is base64-encoded, decoded, and executed dynamically using JavaScript’s Function constructor.