TrendLas: Netwalker Fileless Ransomware Injected via Reflective Loading

Figure 1. Overview of the PowerShell script’s behavior

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via-reflective-loading/