Encoded Base64: IRhQEdy2InZZJ B3 Decoded Base64: MTg1LjE5Ni44LjM3 Decoded String --> 185.196.8.37 Encoded Base64: HYe HxPo67khJSauUHL1NrCl B== Decoded Base64: L0dkODVra2pmL2luZGV4LnBocA== Decoded String --> /Gd85kkjf/index.php Encoded Base64: JQ5mFa== Decoded Base64: NS4xMg== Decoded String --> 5.12 Encoded Base64: Qw1a5BOq Decoded Base64: Uy0lbHUt Decoded String --> S-%lu- Encoded Base64: FQ2h7K== Decoded Base64: JS1sdQ== Decoded String --> %-lu Encoded Base64: HQWh7K== Decoded Base64: LSVsdQ== Decoded String --> -%lu Encoded Base64: U0O7FNeXHLUfWG== Decoded Base64: Y2NhMTk0MGZkYQ== Decoded String --> cca1940fda Encoded Base64: N1iP7RPqGrQZXG== Decoded Base64: R3h0dXVtLmV4ZQ== Decoded String --> Gxtuum.exe Encoded Base64: QY vOz8yPpQ8RMaj8nZwd60XUG4kdbPw 1O2JXPv8rQpbvOl8oDmd66 RoLpVR3kVO== Decoded Base64: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuT25jZQ== Decoded String --> SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Encoded Base64: QY vOz8yPpQ8RMaj8nZwd60XUG4kdbPw 1O2JXPv8rQpbvOl8oDmd66 OY8rdv7zVVK2ORHi8nwO9wKs7DrDd6yhWYzu Decoded Base64: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cRXhwbG9yZXJcVXNlciBTaGVsbCBGb2xkZXJz Decoded String --> SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Encoded Base64: Q1S76hLY8F== Decoded Base64: U3RhcnR1cA== Decoded String --> Startup Encoded Base64: QkWi Decoded Base64: UmVt Decoded String --> Rem Encoded Base64: U02 Bw3ADKEIPuaSDDZwN7Fd Decoded Base64: Y21kIC9DIFJNRElSIC9zL3Eg Decoded String --> cmd /C RMDIR /s/q Encoded Base64: QY vOz8yPpQ8RMaj8nZwd60XUG4kdbPw 1O2JXPv8rQpbvOl8oDmd66 RoLp Decoded Base64: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu Decoded String --> SOFTWARE\Microsoft\Windows\CurrentVersion\Run Encoded Base64: 9lWjSArpHEDb Decoded Base64: cnVuZGxsMzIg Decoded String --> rundll32 Encoded Base64: QFKkSXDe72H= Decoded Base64: UHJvZ3JhbXM= Decoded String --> Programs Encoded Base64: QY vOz8yPpQ8RMaj8nZwd60XUG4kdbPw 1O2JXPv8rQpbvOl8oDmd66 OY8rdv7zVVK2NWbi7LrbPcYsUHLveA== Decoded Base64: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cRXhwbG9yZXJcU2hlbGwgRm9sZGVycw== Decoded String --> SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Encoded Base64: FTWIKPDNPp4BQKmFER== Decoded Base64: JVVTRVJQUk9GSUxFJQ== Decoded String --> %USERPROFILE% Encoded Base64: TCGl6u== Decoded Base64: XEFwcA== Decoded String --> \App Encoded Base64: QC IOu== Decoded Base64: UE9TVA== Decoded String --> POST Encoded Base64: NYWJ Decoded Base64: R0VU Decoded String --> GET Encoded Base64: 7URV Decoded Base64: aWQ6 Decoded String --> id: Encoded Base64: lNV Decoded Base64: dnM6 Decoded String --> vs: Encoded Base64: 90RV Decoded Base64: c2Q6 Decoded String --> sd: Encoded Base64: 81NV Decoded Base64: b3M6 Decoded String --> os: Encoded Base64: UklV Decoded Base64: Ymk6 Decoded String --> bi: Encoded Base64: UVJV Decoded Base64: YXI6 Decoded String --> ar: Encoded Base64: 9ENV Decoded Base64: cGM6 Decoded String --> pc: Encoded Base64: U5V Decoded Base64: dW46 Decoded String --> un: Encoded Base64: VE1V Decoded Base64: ZG06 Decoded String --> dm: Encoded Base64: UVZV Decoded Base64: YXY6 Decoded String --> av: Encoded Base64: 8FZV Decoded Base64: bHY6 Decoded String --> lv: Encoded Base64: 80dV Decoded Base64: b2c6 Decoded String --> og: Encoded Base64: 9h1= Decoded Base64: cj0= Decoded String --> r= Encoded Base64: U1KaSwZh7Ls3WSmp8DVhdKy5 Decoded Base64: Y3JlZC5kbGx8Y2xpcC5kbGx8 Decoded String --> cred.dll|clip.dll| Encoded Base64: U1KaSwZh7Lr= Decoded Base64: Y3JlZC5kbGw= Decoded String --> cred.dll Encoded Base64: U0ye6wZh7Lr= Decoded Base64: Y2xpcC5kbGw= Decoded String --> clip.dll Encoded Base64: VBF= Decoded Base64: ZDE= Decoded String --> d1 Encoded Base64: VRF= Decoded Base64: ZTE= Decoded String --> e1 Encoded Base64: VRJ= Decoded Base64: ZTI= Decoded String --> e2 Encoded Base64: VRN= Decoded Base64: ZTM= Decoded String --> e3 Encoded Base64: PUGe5a== Decoded Base64: TWFpbg== Decoded String --> Main Encoded Base64: 7FSP6xisGB== Decoded Base64: aHR0cDovLw== Decoded String --> http:// Encoded Base64: 7FSP6BG3GD3= Decoded Base64: aHR0cHM6Ly8= Decoded String --> https:// Encoded Base64: VVia Decoded Base64: ZXhl Decoded String --> exe Encoded Base64: VEyh Decoded Base64: ZGxs Decoded String --> dll Encoded Base64: U02 Decoded Base64: Y21k Decoded String --> cmd Encoded Base64: 9FNm Decoded Base64: cHMx Decoded String --> ps1 Encoded Base64: 8VOe Decoded Base64: bXNp Decoded String --> msi Encoded Base64: akml Decoded Base64: emlw Decoded String --> zip Encoded Base64: H1GQ4QPX Decoded Base64: L3F1aWV0 Decoded String --> /quiet Encoded Base64: LEN+ Decoded Base64: PGM+ Decoded String --> Encoded Base64: LER+ Decoded Base64: PGQ+ Decoded String --> Encoded Base64: HZCh7Q8m7sHq Decoded Base64: L1BsdWdpbnMv Decoded String --> /Plugins/ Encoded Base64: Gwtg Decoded Base64: Kysr Decoded String --> +++ Encoded Base64: Eu== Decoded Base64: Iw== Decoded String --> # Encoded Base64: by== Decoded Base64: fA== Decoded String --> | Encoded Base64: FlWj4RK6 Decoded Base64: JnVuaXQ9 Decoded String --> &unit= Encoded Base64: LO== Decoded Base64: PQ== Decoded String --> = Encoded Base64: 90ia5AqwHn0f wl= Decoded Base64: c2hlbGwzMi5kbGw= Decoded String --> shell32.dll Encoded Base64: 70Wn5gPpHEDpXwms Decoded Base64: a2VybmVsMzIuZGxs Decoded String --> kernel32.dll Encoded Base64: N0WPMgzX62UgSTaz9HLqU06j9x== Decoded Base64: R2V0TmF0aXZlU3lzdGVtSW5mbw== Decoded String --> GetNativeSystemInfo Encoded Base64: QFKkSXDe7ZMcbwuc Decoded Base64: UHJvZ3JhbURhdGFc Decoded String --> ProgramData\ Encoded Base64: MT0qNVKdP74hbx3h8nK= Decoded Base64: QVZBU1QgU29mdHdhcmU= Decoded String --> AVAST Software Encoded Base64: MV0e6gy= Decoded Base64: QXZpcmE= Decoded String --> Avira Encoded Base64: O0Go6APv87o0GumhTh== Decoded Base64: S2FzcGVyc2t5IExhYg== Decoded String --> Kaspersky Lab Encoded Base64: NTOuOu== Decoded Base64: RVNFVA== Decoded String --> ESET Encoded Base64: QEGjSAydP7QebNyp9Ia= Decoded Base64: UGFuZGEgU2VjdXJpdHk= Decoded String --> Panda Security Encoded Base64: NE 97A3vDK9gW7== Decoded Base64: RG9jdG9yIFdlYg== Decoded String --> Doctor Web Encoded Base64: MT0w Decoded Base64: QVZH Decoded String --> AVG Encoded Base64: IxZlOA3XT1sOXMC18nbXgU== Decoded Base64: MzYwVG90YWxTZWN1cml0eQ== Decoded String --> 360TotalSecurity Encoded Base64: MkmPSAPjU10fXNx= Decoded Base64: Qml0ZGVmZW5kZXI= Decoded String --> Bitdefender Encoded Base64: Pk n7A3r Decoded Base64: Tm9ydG9u Decoded String --> Norton Encoded Base64: Q0 l4A3w Decoded Base64: U29waG9z Decoded String --> Sophos Encoded Base64: M0 i5WLs Decoded Base64: Q29tb2Rv Decoded String --> Comodo Encoded Base64: R0mjKAPjU10fXNx= Decoded Base64: V2luRGVmZW5kZXI= Decoded String --> WinDefender Encoded Base64: IBFnFtKYIo8ZMG== Decoded Base64: MDEyMzQ1Njc4OQ== Decoded String --> 0123456789 Encoded Base64: 9kJ= Decoded Base64: cmI= Decoded String --> rb Encoded Base64: 0J= Decoded Base64: d2I= Decoded String --> wb Encoded Base64: M0 j7APr9HWPcNqlJjrqf0yX8YrcecOwVk n5MVhT2McMoqi74Lr1KGvbUQoNHYu Decoded Base64: Q29udGVudC1UeXBlOiBtdWx0aXBhcnQvZm9ybS1kYXRhOyBib3VuZGFyeT0tLS0t Decoded String --> Content-Type: multipart/form-data; boundary=---- Encoded Base64: HQ1iEMUq Decoded Base64: LS0tLS0t Decoded String --> ------ Encoded Base64: zOqs5WZXU10VJKGp84rse6mX8XZpQ8zn81KiEQLe9Lz2GwUh7XK6KqSeaHudQnzn7Uya5gzqUYVd Decoded Base64: DQpDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRhdGE7IG5hbWU9ImRhdGEiOyBmaWxlbmFtZT0i Decoded String --> Content-Disposition: form-data; name="data"; filename=" Encoded Base64: Ee1zJW3r9LQpbsQU YriQmCe IrncLLi Emk5c3sT8MgbsQz9Izi001KzhQF Decoded Base64: Ig0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCg0K Decoded String --> " Content-Type: application/octet-stream Encoded Base64: zOpiEMUqGXV= Decoded Base64: DQotLS0tLS0= Decoded String --> ------ Encoded Base64: HQ1Cva== Decoded Base64: LS0NCg== Decoded String --> -- Encoded Base64: L1O96dUu Decoded Base64: P3Njcj0x Decoded String --> ?scr=1 Encoded Base64: HkqlSq== Decoded Base64: LmpwZw== Decoded String --> .jpg Encoded Base64: M0 j7APr9HWPcNqlJjreeLCp8XDcfvjw8g TER809DWh TytGYLvdKWrV3Zf1LO= Decoded Base64: Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ= Decoded String --> Content-Type: application/x-www-form-urlencoded Encoded Base64: QZmIOyPKSJIWadyl7oHAd66X nZnWRT1TCOk5hLv77s8OSYt8ILX11KLVXRgZtLw8VCQ7APvOrAoXG== Decoded Base64: U1lTVEVNXEN1cnJlbnRDb250cm9sU2V0XENvbnRyb2xcQ29tcHV0ZXJOYW1lXENvbXB1dGVyTmFtZQ== Decoded String --> SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName Encoded Base64: M0 i6BPXU2EJWMQl Decoded Base64: Q29tcHV0ZXJOYW1l Decoded String --> ComputerName Encoded Base64: UUK9SAPjU7ck9cis7XVseLGv 4HWfcb5aVplFNCwIIPXLp65GWY= Decoded Base64: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5LV8= Decoded String --> abcdefghijklmnopqrstuvwxyz0123456789-_ Encoded Base64: HVWj4QHsULPo Decoded Base64: LXVuaWNvZGUt Decoded String --> -unicode- Encoded Base64: QZmIOyPKSJIWadyl7oHAd66X nZnWRT1TCOk5hLv77s8TMUp9HLhXqmhWXZ8SP7PRDKEMzrTNZMARRl= Decoded Base64: U1lTVEVNXEN1cnJlbnRDb250cm9sU2V0XENvbnRyb2xcVW5pdGVkVmlkZW9cQ09OVFJPTFxWSURFT1w= Decoded String --> SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ Encoded Base64: QZmIOyPKSJIq dGy73nQ11RtJEv8WRTz km9SRH LrAu9MCE6YDtdKG2UGPk1vTw Decoded Base64: U1lTVEVNXENvbnRyb2xTZXQwMDFcU2VydmljZXNcQmFzaWNEaXNwbGF5XFZpZGVv Decoded String --> SYSTEM\ControlSet001\Services\BasicDisplay\Video Encoded Base64: Rkm SQ3GMF== Decoded Base64: VmlkZW9JRA== Decoded String --> VideoID Encoded Base64: TBBlFxu= Decoded Base64: XDAwMDA= Decoded String --> \0000 Encoded Base64: NEWbRRPp9KIgbxGp7n4wNpiPWYDqdwT17U j Decoded Base64: RGVmYXVsdFNldHRpbmdzLlhSZXNvbHV0aW9u Decoded String --> DefaultSettings.XResolution Encoded Base64: NEWbRRPp9KIgbxGp7n4wNpmPWYDqdwT17U j Decoded Base64: RGVmYXVsdFNldHRpbmdzLllSZXNvbHV0aW9u Decoded String --> DefaultSettings.YResolution Encoded Base64: QY vOz8yPpQ8RMaj8nZwd60XUG4kdbPw 1N6MfL L8QtacKu9GPierOm93U= Decoded Base64: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3MgTlRcQ3VycmVudFZlcnNpb24= Decoded String --> SOFTWARE\Microsoft\Windows NT\CurrentVersion Encoded Base64: QFKkSBPg9J0c MJ= Decoded Base64: UHJvZHVjdE5hbWU= Decoded String --> ProductName Encoded Base64: IhBmHK== Decoded Base64: MjAxOQ== Decoded String --> 2019 Encoded Base64: IhBnFa== Decoded Base64: MjAyMg== Decoded String --> 2022 Encoded Base64: IhBmGa== Decoded Base64: MjAxNg== Decoded String --> 2016 Encoded Base64: IhBnGK== Decoded Base64: MjAyNQ== Decoded String --> 2025 Encoded Base64: M1Wn6gPr9JEW9Mmk Decoded Base64: Q3VycmVudEJ1aWxk Decoded String --> CurrentBuild Encoded Base64: Ty== Decoded Base64: XA== Decoded String --> \ Encoded Base64: KhpV Decoded Base64: Ojo6 Decoded String --> ::: Encoded Base64: 9lWjSArpHEDpXN7l Decoded Base64: cnVuZGxsMzIuZXhl Decoded String --> rundll32.exe Encoded Base64: H0t6 Decoded Base64: L2sg Decoded String --> /k Encoded Base64: ElS76Wno61snGsYmDDZmdWBf Decoded Base64: InRhc2traWxsIC9mIC9pbSAi Decoded String --> "taskkill /f /im " Encoded Base64: EgBbCcvX61Wg TK0DEudLmZdWHLnKp== Decoded Base64: IiAmJiB0aW1lb3V0IDEgJiYgZGVsIA== Decoded String --> " && timeout 1 && del Encoded Base64: FgZ6KRbm9HD= Decoded Base64: JiYgRXhpdCI= Decoded String --> && Exit" Encoded Base64: EgBbCcvvU1Zb Decoded Base64: IiAmJiByZW4g Decoded String --> " && ren Encoded Base64: EAZbBu== Decoded Base64: ICYmIA== Decoded String --> && Encoded Base64: QE SSRDw6LQn sUl HK= Decoded Base64: UG93ZXJzaGVsbC5leGU= Decoded String --> Powershell.exe Encoded Base64: HUWTSQHY9Lgq dqv7HbggWCvWXRqfvTA7UejSQKdGZUk wJgDh== Decoded Base64: LWV4ZWN1dGlvbnBvbGljeSByZW1vdGVzaWduZWQgLUZpbGUgIg== Decoded String --> -executionpolicy remotesigned -File " Encoded Base64: Ee== Decoded Base64: Ig== Decoded String --> " Encoded Base64: 90iQ7ALs97ZbJNBgGYGdOE== Decoded Base64: c2h1dGRvd24gLXMgLXQgMA== Decoded String --> shutdown -s -t 0 Encoded Base64: 91RY6q== Decoded Base64: c3Q9cw== Decoded String --> st=s Encoded Base64: 9kGjSA3q Decoded Base64: cmFuZG9t Decoded String --> random Encoded Base64: O0WURg3e8rLbRwu574LXZJCvWXnq0LO= Decoded Base64: S2V5Ym9hcmQgTGF5b3V0XFByZWxvYWQ= Decoded String --> Keyboard Layout\Preload Encoded Base64: IBBlFxuXHYf= Decoded Base64: MDAwMDA0MTk= Decoded String --> 00000419 Encoded Base64: IBBlFxuXHoD= Decoded Base64: MDAwMDA0MjI= Decoded String --> 00000422 Encoded Base64: IBBlFxuXHoH= Decoded Base64: MDAwMDA0MjM= Decoded String --> 00000423 Encoded Base64: IBBlFxuXH7T= Decoded Base64: MDAwMDA0M2Y= Decoded String --> 0000043f