MDR used a Python script created by Mandiant for auto-decoding of GootLoader JavaScript to statically analyze the initially downloaded Are_bengal_cats_legal_in_australia_72495.js. As shown in Figure 9, the file was identified as Gootloader variant 3.0 through the obfuscation method, where the first file created was named Huthwaite SPIN selling.dat followed by Small Units Tactics.js and Scheduled Task named Destination Branding. The decoder also identified various malicious domain names within the obfuscated strings.