<\/a><\/figure>\n\n\n\nDuring the investigation, the researchers detected multiple LNK files that were used to download similar executables containing an embedded HTA script. The HTA script executed additional malicious code and downloads two files, a decoy PDF designed to divert the victim’s attention and an execution file that injects shell code for the subsequent stages of the attack.<\/gwmw><\/p>\n\n\n\n