I use regex as mentioned, then send it to GPT API via pyrhon plugin for decoding and analysis of what it does then get the response in email. I’ve been considering parsing out any URL from decoded text and sending it to reputation check because encoded commands more often than not are hiding some kind of external link in powershell or other script.