Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. The trick is part of a longer chain with intermediary PowerShell commands that ultimately delivers a script for reconnaissance purposes. The script decodes this way applies an in-memory patch to the Antimalware Scan Interface (AMSI) to bypass it. The payload collects details about installed browsers, general and specific tax-preparation and security products.
Source: https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-error-logs-to-hide-malicious-payload/