@Drazen2003 Attackers in your case injected another script - it's under new location and for sure code is different. Script source code is obfuscated, so it's not easy to decode. We can try to obfuscate using https://obfuscator.io but it's still not easy to understand.