Technical Information
- <SYSTEM32>\tasks\rutssvc645
- <SYSTEM32>\conhost.exe
- firefox.exe
- firefox.exe process, advapi32.dll module
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> >> NUL' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+[Char](83)+''+'O'+''+[Char](70)+''+'T'+''+[Char](87)+'A'+[Char](82)+''+[Char](69)+'\'+[Char](77)+''+[Char](10...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> >> NUL
- '<SYSTEM32>\dllhost.exe' /Processid:{134ddf81-c94e-4f97-bb27-11faf81f4d08}
- '%WINDIR%\syswow64\dllhost.exe'