Technical Information
- <Current directory>\ps4697.ps1
- %TEMP%\1684r4ha.bat
- <Current directory>\ps4697.ps1
- %TEMP%\1684r4ha.bat
- %TEMP%\1684r4ha.bat
- <Current directory>\ps4697.ps1
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\1684R4HA.bat" "<Full path to file>" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\1684R4HA.bat" "<Full path to file>" "
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden -noprofile -executionpolicy bypass -file .\ps4697.ps1