Max
@3i
The malware "Catalog Advertising manager.exe" performed a PowerShell Invoke-WebRequest (IWR) to Pastebin to grab another PowerShell script known as NukeAMSI and then established persistence via a scheduledtask for a .OCX file using regsvr32 ☣️
0 reply
0 recast
0 reaction