Technical Information
- %LOCALAPPDATA%\com1.{17cd9488-1228-4b2f-88ce-4298e93e0966}\taskmgr.exe
- '%LOCALAPPDATA%\com1.{17cd9488-1228-4b2f-88ce-4298e93e0966}\taskmgr.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Start-Sleep -s 10;Remove-Item -Path '<Full path to file>'' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Copy-Item -Path '<Full path to file>' -Destination '%LOCALAPPDATA%\com1.{17cd9488-1228-4b2f-88ce-4298e93e0966}\taskmgr.exe';Start-Sleep -s 60;Start-Process '%LOCALAPPDATA%\com1.{17cd9488-1228-4...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Copy-Item -Path '<Full path to file>' -Destination '%LOCALAPPDATA%\com1.{17cd9488-1228-4b2f-88ce-4298e93e0966}\taskmgr.exe';Start-Sleep -s 60;Start-Process '%LOCALAPPDATA%\com1.{17cd9488-1228-4...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Start-Sleep -s 10;Remove-Item -Path '<Full path to file>'