Technical Information
- https://raw.githubusercontent.com/powershellempire/empire/master/data/module_source/code_execution/invoke-shellcode.ps1
- <SYSTEM32>\cmd.exe
- %TEMP%\92d1.tmp\9320.bat
- <Current directory>\pl.bat
- %TEMP%\92d1.tmp\9320.bat
- '88.##0.254.183':433
- 'ra#.####ubusercontent.com':443
- DNS ASK ra#.####ubusercontent.com
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\92D1.tmp\9320.bat <Full path to file>"
- '<SYSTEM32>\cmd.exe' /K PL.bat
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -NoProfile -Command -