https://www.softscheck.com/en/blog/deobfuscating-vba-and-powershell-emotet-trojan/