154100x8000000000000000384Microsoft-Windows-Sysmon/Operationalsongoku-2024-12-12 08:05:10.668{58cbaf31-9936-675a-a400-00000000f901}4052C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEC:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder\*" /inheritance:e /T /C C:\Windows\system32\NT AUTHORITY\SYSTEM{58cbaf31-98fa-675a-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{58cbaf31-9936-675a-a200-00000000f901}724C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder\*" /inheritance:e /T /C >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"NT AUTHORITY\SYSTEM 154100x8000000000000000383Microsoft-Windows-Sysmon/Operationalsongoku-2024-12-12 08:05:10.642{58cbaf31-9936-675a-a200-00000000f901}724C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder\*" /inheritance:e /T /C >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"C:\Windows\system32\NT AUTHORITY\SYSTEM{58cbaf31-98fa-675a-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{58cbaf31-9930-675a-7500-00000000f901}4088C:\Windows\System32\msiexec.exeC:\Windows\System32\MsiExec.exe -Embedding E0B335A1071315164B559AB5716810BD E Global\MSI0000NT AUTHORITY\SYSTEM 154100x8000000000000000382Microsoft-Windows-Sysmon/Operationalsongoku-2024-12-12 08:05:10.544{58cbaf31-9936-675a-a100-00000000f901}4032C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEC:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder" /inheritance:d C:\Windows\system32\NT AUTHORITY\SYSTEM{58cbaf31-98fa-675a-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{58cbaf31-9936-675a-9f00-00000000f901}3304C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder" /inheritance:d >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"NT AUTHORITY\SYSTEM 154100x8000000000000000381Microsoft-Windows-Sysmon/Operationalsongoku-2024-12-12 08:05:10.515{58cbaf31-9936-675a-9f00-00000000f901}3304C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder" /inheritance:d >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"C:\Windows\system32\NT AUTHORITY\SYSTEM{58cbaf31-98fa-675a-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{58cbaf31-9930-675a-7500-00000000f901}4088C:\Windows\System32\msiexec.exeC:\Windows\System32\MsiExec.exe -Embedding E0B335A1071315164B559AB5716810BD E Global\MSI0000NT AUTHORITY\SYSTEM 154100x8000000000000000380Microsoft-Windows-Sysmon/Operationalsongoku-2024-12-12 08:05:10.497{58cbaf31-9936-675a-9e00-00000000f901}3216C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEC:\Windows\system32\icacls.exe C:\Program Files\SplunkUniversalForwarderC:\Windows\system32\NT AUTHORITY\SYSTEM{58cbaf31-98fa-675a-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{58cbaf31-9936-675a-9c00-00000000f901}720C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe C:\Program Files\SplunkUniversalForwarder"NT AUTHORITY\SYSTEM 154100x8000000000000000379Microsoft-Windows-Sysmon/Operationalsongoku-2024-12-12 08:05:10.465{58cbaf31-9936-675a-9c00-00000000f901}720C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe C:\Program Files\SplunkUniversalForwarder"C:\Windows\system32\NT AUTHORITY\SYSTEM{58cbaf31-98fa-675a-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{58cbaf31-9930-675a-7500-00000000f901}4088C:\Windows\System32\msiexec.exeC:\Windows\System32\MsiExec.exe -Embedding E0B335A1071315164B559AB5716810BD E Global\MSI0000NT AUTHORITY\SYSTEM 154100x800000000000000027230Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:37:54.479{c8f010d8-9c62-6748-6d5a-00000000f901}2980C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEicacls C:\Windows\Tasks /deny "Users:(R,REA,RA,RD)"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9c62-6748-645a-00000000f901}1776C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "Users:(R,REA,RA,RD)"NT AUTHORITY\SYSTEM 154100x800000000000000027229Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:37:54.459{c8f010d8-9c62-6748-6c5a-00000000f901}5008C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEicacls C:\Windows\Tasks /deny "VEGETA$:(R,REA,RA,RD)"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9c62-6748-625a-00000000f901}4528C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "%username%:(R,REA,RA,RD)"NT AUTHORITY\SYSTEM 154100x800000000000000027228Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:37:54.451{c8f010d8-9c62-6748-6b5a-00000000f901}1604C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEicacls C:\Windows\Tasks /deny "Administrators:(R,REA,RA,RD))"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9c62-6748-655a-00000000f901}116C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "Administrators:(R,REA,RA,RD))"NT AUTHORITY\SYSTEM 154100x800000000000000027226Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:37:54.294{c8f010d8-9c62-6748-655a-00000000f901}116C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "Administrators:(R,REA,RA,RD))"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{c8f010d8-9c61-6748-605a-00000000f901}2792C:\Windows\Tasks\IntelConfigService.exe"IntelConfigService.exe" NT AUTHORITY\SYSTEM 154100x800000000000000027225Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:37:54.292{c8f010d8-9c62-6748-645a-00000000f901}1776C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "Users:(R,REA,RA,RD)"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{c8f010d8-9c61-6748-605a-00000000f901}2792C:\Windows\Tasks\IntelConfigService.exe"IntelConfigService.exe" NT AUTHORITY\SYSTEM 154100x800000000000000027224Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:37:54.290{c8f010d8-9c62-6748-625a-00000000f901}4528C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "%%username%%:(R,REA,RA,RD)"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{c8f010d8-9c61-6748-605a-00000000f901}2792C:\Windows\Tasks\IntelConfigService.exe"IntelConfigService.exe" NT AUTHORITY\SYSTEM 154100x800000000000000027132Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.518{c8f010d8-9ba2-6748-1d5a-00000000f901}4520C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027131Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.506{c8f010d8-9ba2-6748-1c5a-00000000f901}4720C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant %%username%%:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027130Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.492{c8f010d8-9ba2-6748-1b5a-00000000f901}3648C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027129Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.482{c8f010d8-9ba2-6748-1a5a-00000000f901}4552C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027128Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.469{c8f010d8-9ba2-6748-195a-00000000f901}1796C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027127Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.458{c8f010d8-9ba2-6748-185a-00000000f901}5012C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027126Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.425{c8f010d8-9ba2-6748-175a-00000000f901}3760C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027125Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.414{c8f010d8-9ba2-6748-165a-00000000f901}4924C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant %%username%%:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027124Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.399{c8f010d8-9ba2-6748-155a-00000000f901}2444C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027123Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.388{c8f010d8-9ba2-6748-145a-00000000f901}4608C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027122Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.378{c8f010d8-9ba2-6748-135a-00000000f901}5036C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027121Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:34:42.366{c8f010d8-9ba2-6748-125a-00000000f901}4592C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b96-6748-f2a5-280300000000}0x328a5f20HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b96-6748-0b5a-00000000f901}1336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027089Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.932{c8f010d8-9b6a-6748-f359-00000000f901}4832C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027088Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.922{c8f010d8-9b6a-6748-f259-00000000f901}820C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027087Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.912{c8f010d8-9b6a-6748-f159-00000000f901}1688C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027086Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.902{c8f010d8-9b6a-6748-f059-00000000f901}2128C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027085Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.891{c8f010d8-9b6a-6748-ef59-00000000f901}3060C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027084Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.882{c8f010d8-9b6a-6748-ee59-00000000f901}3800C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027083Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.872{c8f010d8-9b6a-6748-ed59-00000000f901}3492C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027082Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.860{c8f010d8-9b6a-6748-ec59-00000000f901}3356C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027081Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.849{c8f010d8-9b6a-6748-eb59-00000000f901}4032C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027080Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.837{c8f010d8-9b6a-6748-ea59-00000000f901}4272C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027079Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.827{c8f010d8-9b6a-6748-e959-00000000f901}1592C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027078Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.803{c8f010d8-9b6a-6748-e859-00000000f901}5004C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027077Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.785{c8f010d8-9b6a-6748-e759-00000000f901}3184C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027076Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.760{c8f010d8-9b6a-6748-e659-00000000f901}4588C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027075Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.738{c8f010d8-9b6a-6748-e559-00000000f901}2884C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027073Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:46.111{c8f010d8-9b6a-6748-e359-00000000f901}4916C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027071Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:45.583{c8f010d8-9b69-6748-e159-00000000f901}2408C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027070Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:44.973{c8f010d8-9b68-6748-e059-00000000f901}4124C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027068Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:44.409{c8f010d8-9b68-6748-de59-00000000f901}3708C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027066Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:43.916{c8f010d8-9b67-6748-dc59-00000000f901}4236C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027065Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:43.905{c8f010d8-9b67-6748-db59-00000000f901}1660C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027064Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:43.894{c8f010d8-9b67-6748-da59-00000000f901}4564C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027063Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:43.878{c8f010d8-9b67-6748-d959-00000000f901}2352C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027062Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:43.862{c8f010d8-9b67-6748-d859-00000000f901}200C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027061Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:43.825{c8f010d8-9b67-6748-d759-00000000f901}3820C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b67-6748-bf98-270300000000}0x32798bf0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b67-6748-d659-00000000f901}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=VEGETA\Administrator 154100x800000000000000027055Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.867{c8f010d8-9b65-6748-d159-00000000f901}2416C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027054Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.854{c8f010d8-9b65-6748-d059-00000000f901}4852C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027053Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.836{c8f010d8-9b65-6748-cf59-00000000f901}1916C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027052Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.823{c8f010d8-9b65-6748-ce59-00000000f901}4776C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027051Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.811{c8f010d8-9b65-6748-cd59-00000000f901}5040C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027050Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.801{c8f010d8-9b65-6748-cc59-00000000f901}3908C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027049Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.790{c8f010d8-9b65-6748-cb59-00000000f901}4248C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027048Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.774{c8f010d8-9b65-6748-ca59-00000000f901}2232C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027047Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.764{c8f010d8-9b65-6748-c959-00000000f901}4604C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027046Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.753{c8f010d8-9b65-6748-c859-00000000f901}3104C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027045Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.736{c8f010d8-9b65-6748-c759-00000000f901}2564C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027044Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.724{c8f010d8-9b65-6748-c659-00000000f901}4516C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027043Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.713{c8f010d8-9b65-6748-c559-00000000f901}3124C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027042Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.700{c8f010d8-9b65-6748-c459-00000000f901}3228C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027041Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.684{c8f010d8-9b65-6748-c359-00000000f901}1180C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027040Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.672{c8f010d8-9b65-6748-c259-00000000f901}4036C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027039Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.659{c8f010d8-9b65-6748-c159-00000000f901}3428C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027038Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.647{c8f010d8-9b65-6748-c059-00000000f901}3768C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027037Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.634{c8f010d8-9b65-6748-bf59-00000000f901}3076C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027036Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.621{c8f010d8-9b65-6748-be59-00000000f901}4320C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027035Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.612{c8f010d8-9b65-6748-bd59-00000000f901}3716C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027034Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.600{c8f010d8-9b65-6748-bc59-00000000f901}3084C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027033Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.585{c8f010d8-9b65-6748-bb59-00000000f901}4720C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027032Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.574{c8f010d8-9b65-6748-ba59-00000000f901}4500C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027031Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.555{c8f010d8-9b65-6748-b959-00000000f901}4580C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027030Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.544{c8f010d8-9b65-6748-b859-00000000f901}3628C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027029Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.533{c8f010d8-9b65-6748-b759-00000000f901}1896C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027028Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.520{c8f010d8-9b65-6748-b659-00000000f901}5036C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027027Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.505{c8f010d8-9b65-6748-b559-00000000f901}3792C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027026Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.492{c8f010d8-9b65-6748-b459-00000000f901}4992C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027025Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.480{c8f010d8-9b65-6748-b359-00000000f901}2576C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027024Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.467{c8f010d8-9b65-6748-b259-00000000f901}5076C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027023Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.457{c8f010d8-9b65-6748-b159-00000000f901}3212C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027022Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.445{c8f010d8-9b65-6748-b059-00000000f901}4700C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x800000000000000027021Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-28 16:33:41.428{c8f010d8-9b65-6748-af59-00000000f901}4616C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\VEGETA\Administrator{c8f010d8-9b64-6748-3f69-270300000000}0x327693f0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-9b65-6748-ae59-00000000f901}3244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==VEGETA\Administrator 154100x80000000000000004311Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:44:29.190{86ec55c7-decd-6745-ab11-00000000f901}2856C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEicacls C:\Windows\Tasks /deny "Administrators:(R,REA,RA,RD))"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-decd-6745-a311-00000000f901}3728C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "Administrators:(R,REA,RA,RD))"NT AUTHORITY\SYSTEM 154100x80000000000000004310Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:44:29.187{86ec55c7-decd-6745-aa11-00000000f901}1224C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEicacls C:\Windows\Tasks /deny "SONGOKU$:(R,REA,RA,RD)"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-decd-6745-a011-00000000f901}2176C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "%username%:(R,REA,RA,RD)"NT AUTHORITY\SYSTEM 154100x80000000000000004308Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:44:29.161{86ec55c7-decd-6745-a711-00000000f901}4084C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEicacls C:\Windows\Tasks /deny "Users:(R,REA,RA,RD)"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-decd-6745-a111-00000000f901}2508C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "Users:(R,REA,RA,RD)"NT AUTHORITY\SYSTEM 154100x80000000000000004307Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:44:29.081{86ec55c7-decd-6745-a311-00000000f901}3728C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "Administrators:(R,REA,RA,RD))"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{86ec55c7-decc-6745-9e11-00000000f901}3428C:\Windows\Tasks\IntelConfigService.exe"IntelConfigService.exe" NT AUTHORITY\SYSTEM 154100x80000000000000004306Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:44:29.079{86ec55c7-decd-6745-a111-00000000f901}2508C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "Users:(R,REA,RA,RD)"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{86ec55c7-decc-6745-9e11-00000000f901}3428C:\Windows\Tasks\IntelConfigService.exe"IntelConfigService.exe" NT AUTHORITY\SYSTEM 154100x80000000000000004305Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:44:29.077{86ec55c7-decd-6745-a011-00000000f901}2176C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c icacls C:\Windows\Tasks /deny "%%username%%:(R,REA,RA,RD)"C:\Windows\Tasks\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{86ec55c7-decc-6745-9e11-00000000f901}3428C:\Windows\Tasks\IntelConfigService.exe"IntelConfigService.exe" NT AUTHORITY\SYSTEM 154100x80000000000000004218Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.809{86ec55c7-de10-6745-5e11-00000000f901}3440C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004217Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.798{86ec55c7-de10-6745-5d11-00000000f901}1636C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant %%username%%:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004216Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.787{86ec55c7-de10-6745-5c11-00000000f901}1612C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004215Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.777{86ec55c7-de10-6745-5b11-00000000f901}1600C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004214Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.767{86ec55c7-de10-6745-5a11-00000000f901}864C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004213Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.756{86ec55c7-de10-6745-5911-00000000f901}984C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Tasks /inheritance:e /grant *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004212Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.721{86ec55c7-de10-6745-5811-00000000f901}2764C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004211Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.708{86ec55c7-de10-6745-5711-00000000f901}2360C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant %%username%%:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004210Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.696{86ec55c7-de10-6745-5611-00000000f901}2760C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004209Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.685{86ec55c7-de10-6745-5511-00000000f901}3080C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004208Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.674{86ec55c7-de10-6745-5411-00000000f901}8C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004207Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:41:20.664{86ec55c7-de10-6745-5311-00000000f901}2612C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\ProgramData\migrate.exe /inheritance:e /grant *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-de04-6745-76e3-7a0000000000}0x7ae3760HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-de04-6745-4c11-00000000f901}3436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBuAGUAdAAgAHMAdABvAHAAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAcwBjACAAZABlAGwAZQB0AGUAIABXAE0AUwBlAHIAdgBpAGMAZQA7AAoAdABhAHMAawBrAGkAbABsACAALwBmACAALwBpAG0AIABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAIAAvAFIAOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAbQBpAGcAcgBhAHQAZQAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEkAbgB0AGUAbABDAG8AbgBmAGkAZwBTAGUAcgB2AGkAYwBlAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFMAdQBwAGUAcgBmAGUAdABjAGgALgBlAHgAZQAnACkAKQApAHsAJABfAC4AVABlAHIAbQBpAG4AYQB0AGUAKAApADsAZABlAGwAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0ARgBvAHIAYwBlADsAfQB9ADsACgBnAHcAbQBpACAALQBDAGwAYQBzAHMAIAAnAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAJwAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAPQAnAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwAiAHwAJQB7AGkAZgAoACgAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBlAHEAIAAoACcAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABBAHAAcABsAGkAYwBhAHQAaQBvAG4AcwBGAHIAYQBtAGUASABvAHMAdAAuAGUAeABlACcAKQApACkAewAkAF8ALgBUAGUAcgBtAGkAbgBhAHQAZQAoACkAOwBkAGUAbAAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJABfAC4ARQB4AGUAYwB1AHQAYQBiAGwAZQBQAGEAdABoACAALQBGAG8AcgBjAGUAOwB9AH0AOwAKAGcAdwBtAGkAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAnACAALQBGAGkAbAB0AGUAcgAgACIATgBhAG0AZQA9ACcAVwByAGEAcAAuAGUAeABlACcAIgB8ACUAewBpAGYAKAAoACQAXwAuAEUAeABlAGMAdQB0AGEAYgBsAGUAUABhAHQAaAAgAC0AZQBxACAAKAAnAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABXAHIAYQBwAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZwB3AG0AaQAgAC0AQwBsAGEAcwBzACAAJwBXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACcAIAAtAEYAaQBsAHQAZQByACAAIgBOAGEAbQBlAD0AJwBXAG0AaQBpAGMALgBlAHgAZQAnACIAfAAlAHsAaQBmACgAKAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAGUAcQAgACgAJwBDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAJwApACkAKQB7ACQAXwAuAFQAZQByAG0AaQBuAGEAdABlACgAKQA7AGQAZQBsACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAF8ALgBFAHgAZQBjAHUAdABhAGIAbABlAFAAYQB0AGgAIAAtAEYAbwByAGMAZQA7AH0AfQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB1AHMAZQByAHMAXABtAGkAZwAuAHIAZABwAC4AZQB4AGUAOwAKAHQAYQBrAGUAbwB3AG4AIAAvAEYAIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABtAGkAZwByAGEAdABlAC4AZQB4AGUAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAJQB1AHMAZQByAG4AYQBtAGUAJQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAG0AaQBnAHIAYQB0AGUALgBlAHgAZQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAGQAZQBsACAALwBGACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAbQBpAGcAcgBhAHQAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAHcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABJAG4AdABlAGwAQwBvAG4AZgBpAGcAUwBlAHIAdgBpAGMAZQAuAGUAeABlADsACgBkAGUAbAAgAC8ARgAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAHUAcABlAHIAZgBlAHQAYwBoAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAE0AUwBUAGEAcwBrAC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzAEYAcgBhAG0AZQBIAG8AcwB0AC4AZQB4AGUAOwAKAGQAZQBsACAALwBGACAAQwA6AFwAdwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwBcAFcAcgBhAHAALgBlAHgAZQA7AAoAZABlAGwAIAAvAEYAIABDADoAXAB3AGkAbgBkAG8AdwBzAFwAVABhAHMAawBzAFwAVwBtAGkAaQBjAC4AZQB4AGUAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABhAHMAawBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AGUAIAAvAGcAcgBhAG4AdAAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAZQAgAC8AZwByAGEAbgB0ACAAIgAlAHUAcwBlAHIAbgBhAG0AZQAlADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAYQBzAGsAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgBlACAALwBnAHIAYQBuAHQAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004170Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.360{86ec55c7-ddd9-6745-2f11-00000000f901}4004C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004169Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.346{86ec55c7-ddd9-6745-2e11-00000000f901}3420C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004168Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.334{86ec55c7-ddd9-6745-2d11-00000000f901}2108C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004167Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.319{86ec55c7-ddd9-6745-2c11-00000000f901}3948C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004166Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.301{86ec55c7-ddd9-6745-2b11-00000000f901}3816C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\Log\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004165Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.288{86ec55c7-ddd9-6745-2a11-00000000f901}3372C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004164Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.275{86ec55c7-ddd9-6745-2911-00000000f901}2836C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004163Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.264{86ec55c7-ddd9-6745-2811-00000000f901}2736C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004162Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.252{86ec55c7-ddd9-6745-2711-00000000f901}1272C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004161Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.240{86ec55c7-ddd9-6745-2611-00000000f901}1632C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\nat\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004160Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.223{86ec55c7-ddd9-6745-2511-00000000f901}3068C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004159Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.211{86ec55c7-ddd9-6745-2411-00000000f901}3176C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004158Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.199{86ec55c7-ddd9-6745-2311-00000000f901}1372C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004157Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.189{86ec55c7-ddd9-6745-2211-00000000f901}1108C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004156Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:25.154{86ec55c7-ddd9-6745-2111-00000000f901}3332C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System\winrm\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004155Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:24.642{86ec55c7-ddd8-6745-2011-00000000f901}1204C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004154Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:24.108{86ec55c7-ddd8-6745-1f11-00000000f901}2148C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004153Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:23.591{86ec55c7-ddd7-6745-1e11-00000000f901}3492C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004152Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:23.123{86ec55c7-ddd7-6745-1d11-00000000f901}3540C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004151Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:22.593{86ec55c7-ddd6-6745-1c11-00000000f901}1064C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\assembly\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004150Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:22.584{86ec55c7-ddd6-6745-1b11-00000000f901}2156C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004149Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:22.574{86ec55c7-ddd6-6745-1a11-00000000f901}1152C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004148Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:22.557{86ec55c7-ddd6-6745-1911-00000000f901}1364C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004147Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:22.527{86ec55c7-ddd6-6745-1811-00000000f901}4060C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004146Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:22.509{86ec55c7-ddd6-6745-1711-00000000f901}3076C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\Inf\aspnet\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd5-6745-11e3-790000000000}0x79e3110HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd6-6745-1611-00000000f901}3300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwASQBuAGYAXABhAHMAcABuAGUAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABJAG4AZgBcAGEAcwBwAG4AZQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAEkAbgBmAFwAYQBzAHAAbgBlAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAYQBzAHMAZQBtAGIAbAB5AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGEAcwBzAGUAbQBiAGwAeQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABhAHMAcwBlAG0AYgBsAHkAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AXAB3AGkAbgByAG0AXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQBcAHcAaQBuAHIAbQBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtAFwAdwBpAG4AcgBtAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG4AYQB0AFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbgBhAHQAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABuAGEAdABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABMAG8AZwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAEwAbwBnAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwATABvAGcAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIACgA=SONGOKU\Administrator 154100x80000000000000004141Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.590{86ec55c7-ddd4-6745-1211-00000000f901}1096C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004140Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.579{86ec55c7-ddd4-6745-1111-00000000f901}3028C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004139Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.568{86ec55c7-ddd4-6745-1011-00000000f901}1892C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004138Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.554{86ec55c7-ddd4-6745-0f11-00000000f901}3092C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004137Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.539{86ec55c7-ddd4-6745-0e11-00000000f901}2392C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\csc\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004136Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.528{86ec55c7-ddd4-6745-0d11-00000000f901}1488C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004135Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.517{86ec55c7-ddd4-6745-0c11-00000000f901}1900C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004134Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.503{86ec55c7-ddd4-6745-0b11-00000000f901}1612C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004133Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.489{86ec55c7-ddd4-6745-0a11-00000000f901}812C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004132Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.478{86ec55c7-ddd4-6745-0911-00000000f901}3304C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\dell\ /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004131Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.462{86ec55c7-ddd4-6745-0811-00000000f901}3184C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004130Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.446{86ec55c7-ddd4-6745-0711-00000000f901}3404C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004129Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.434{86ec55c7-ddd4-6745-0611-00000000f901}572C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004128Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.419{86ec55c7-ddd4-6745-0511-00000000f901}2768C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004127Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.404{86ec55c7-ddd4-6745-0411-00000000f901}3256C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\System32\LogFiles /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004126Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.392{86ec55c7-ddd4-6745-0311-00000000f901}2772C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004125Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.378{86ec55c7-ddd4-6745-0211-00000000f901}1652C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004124Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.363{86ec55c7-ddd4-6745-0111-00000000f901}2864C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004123Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.349{86ec55c7-ddd4-6745-0011-00000000f901}3352C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004122Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.334{86ec55c7-ddd4-6745-ff10-00000000f901}2092C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004121Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.322{86ec55c7-ddd4-6745-fe10-00000000f901}2640C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004120Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.291{86ec55c7-ddd4-6745-fd10-00000000f901}3388C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004119Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.258{86ec55c7-ddd4-6745-fc10-00000000f901}1848C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004118Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.233{86ec55c7-ddd4-6745-fb10-00000000f901}588C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004117Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.214{86ec55c7-ddd4-6745-fa10-00000000f901}2544C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\Windows\debug\m /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004116Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.199{86ec55c7-ddd4-6745-f910-00000000f901}2120C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004115Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.186{86ec55c7-ddd4-6745-f810-00000000f901}3956C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004114Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.171{86ec55c7-ddd4-6745-f710-00000000f901}2372C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004113Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.159{86ec55c7-ddd4-6745-f610-00000000f901}2800C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004112Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.143{86ec55c7-ddd4-6745-f510-00000000f901}3736C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004111Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.122{86ec55c7-ddd4-6745-f410-00000000f901}1116C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny EVERYONE:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004110Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.103{86ec55c7-ddd4-6745-f310-00000000f901}2632C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny Users:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004109Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.087{86ec55c7-ddd4-6745-f210-00000000f901}3864C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny Administrators:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004108Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.075{86ec55c7-ddd4-6745-f110-00000000f901}3872C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny SYSTEM:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x80000000000000004107Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 14:40:20.043{86ec55c7-ddd4-6745-f010-00000000f901}612C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\system32\icacls.exe" C:\PerfLogs\Admin\m /inheritance:r /deny *S-1-1-0:(R,REA,RA,RD) *S-1-5-7:(R,REA,RA,RD)C:\Users\Administrator\SONGOKU\Administrator{86ec55c7-ddd3-6745-2eb4-790000000000}0x79b42e0HighMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-ddd3-6745-ef10-00000000f901}896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -encodedcommand CgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABQAGUAcgBmAEwAbwBnAHMAXABBAGQAbQBpAG4AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAUABlAHIAZgBMAG8AZwBzAFwAQQBkAG0AaQBuACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFAAZQByAGYATABvAGcAcwBcAEEAZABtAGkAbgAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnAFwAbQAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAXABtACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwBcAG0AIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgAqAFMALQAxAC0AMQAtADAAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAIAAiACoAUwAtADEALQA1AC0ANwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAUwBZAFMAVABFAE0AOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGIAdQBnACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAYgB1AGcAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAVQBzAGUAcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBiAHUAZwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBFAFYARQBSAFkATwBOAEUAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiACoAUwAtADEALQAxAC0AMAA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAgACIAKgBTAC0AMQAtADUALQA3ADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABMAG8AZwBGAGkAbABlAHMAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEwAbwBnAEYAaQBsAGUAcwAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBVAHMAZQByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwATABvAGcARgBpAGwAZQBzACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFMAWQBTAFQARQBNADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAGQAZQBsAGwAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAZABlAGwAbABcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABkAGUAbABsAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIARQBWAEUAUgBZAE8ATgBFADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiADsACgBpAGMAYQBjAGwAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGMAcwBjAFwAIgAgAC8AaQBuAGgAZQByAGkAdABhAG4AYwBlADoAcgAgAC8AZABlAG4AeQAgACIAKgBTAC0AMQAtADEALQAwADoAKABSACwAUgBFAEEALABSAEEALABSAEQAKQAiACAAIgAqAFMALQAxAC0ANQAtADcAOgAoAFIALABSAEUAQQAsAFIAQQAsAFIARAApACIAOwAKAGkAYwBhAGMAbABzACAAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAYwBzAGMAXAAiACAALwBpAG4AaABlAHIAaQB0AGEAbgBjAGUAOgByACAALwBkAGUAbgB5ACAAIgBTAFkAUwBUAEUATQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAFUAcwBlAHIAcwA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgA7AAoAaQBjAGEAYwBsAHMAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABjAHMAYwBcACIAIAAvAGkAbgBoAGUAcgBpAHQAYQBuAGMAZQA6AHIAIAAvAGQAZQBuAHkAIAAiAEUAVgBFAFIAWQBPAE4ARQA6ACgAUgAsAFIARQBBACwAUgBBACwAUgBEACkAIgAKAA==SONGOKU\Administrator 154100x8000000000000000377Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 08:36:06.030{86ec55c7-8876-6745-9c00-00000000f901}1912C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEC:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder\*" /inheritance:e /T /C C:\Windows\system32\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-8876-6745-9a00-00000000f901}3984C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder\*" /inheritance:e /T /C >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"NT AUTHORITY\SYSTEM 154100x8000000000000000376Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 08:36:06.003{86ec55c7-8876-6745-9a00-00000000f901}3984C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder\*" /inheritance:e /T /C >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"C:\Windows\system32\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{86ec55c7-886f-6745-6d00-00000000f901}3748C:\Windows\System32\msiexec.exeC:\Windows\System32\MsiExec.exe -Embedding 4EB91F9434520A523012576BD8398B03 E Global\MSI0000NT AUTHORITY\SYSTEM 154100x8000000000000000375Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 08:36:05.867{86ec55c7-8875-6745-9900-00000000f901}3232C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEC:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder" /inheritance:d C:\Windows\system32\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-8875-6745-9700-00000000f901}2640C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder" /inheritance:d >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"NT AUTHORITY\SYSTEM 154100x8000000000000000374Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 08:36:05.838{86ec55c7-8875-6745-9700-00000000f901}2640C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder" /inheritance:d >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"C:\Windows\system32\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{86ec55c7-886f-6745-6d00-00000000f901}3748C:\Windows\System32\msiexec.exeC:\Windows\System32\MsiExec.exe -Embedding 4EB91F9434520A523012576BD8398B03 E Global\MSI0000NT AUTHORITY\SYSTEM 154100x8000000000000000373Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 08:36:05.821{86ec55c7-8875-6745-9600-00000000f901}1880C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEC:\Windows\system32\icacls.exe C:\Program Files\SplunkUniversalForwarderC:\Windows\system32\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{86ec55c7-8875-6745-9400-00000000f901}2912C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe C:\Program Files\SplunkUniversalForwarder"NT AUTHORITY\SYSTEM 154100x8000000000000000372Microsoft-Windows-Sysmon/Operationalsongoku-2024-11-26 08:36:05.787{86ec55c7-8875-6745-9400-00000000f901}2912C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe C:\Program Files\SplunkUniversalForwarder"C:\Windows\system32\NT AUTHORITY\SYSTEM{86ec55c7-883a-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{86ec55c7-886f-6745-6d00-00000000f901}3748C:\Windows\System32\msiexec.exeC:\Windows\System32\MsiExec.exe -Embedding 4EB91F9434520A523012576BD8398B03 E Global\MSI0000NT AUTHORITY\SYSTEM 154100x8000000000000000380Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-26 08:19:06.344{c8f010d8-847a-6745-a100-00000000f901}1804C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEC:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder\*" /inheritance:e /T /C C:\Windows\system32\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-847a-6745-9f00-00000000f901}2364C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder\*" /inheritance:e /T /C >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"NT AUTHORITY\SYSTEM 154100x8000000000000000379Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-26 08:19:06.312{c8f010d8-847a-6745-9f00-00000000f901}2364C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder\*" /inheritance:e /T /C >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"C:\Windows\system32\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{c8f010d8-846f-6745-6d00-00000000f901}2648C:\Windows\System32\msiexec.exeC:\Windows\System32\MsiExec.exe -Embedding 8D11BD85012C4BDC3B953D468E015B97 E Global\MSI0000NT AUTHORITY\SYSTEM 154100x8000000000000000378Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-26 08:19:06.178{c8f010d8-847a-6745-9e00-00000000f901}3012C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEC:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder" /inheritance:d C:\Windows\system32\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-847a-6745-9c00-00000000f901}3016C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder" /inheritance:d >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"NT AUTHORITY\SYSTEM 154100x8000000000000000377Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-26 08:19:06.112{c8f010d8-847a-6745-9c00-00000000f901}3016C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe "C:\Program Files\SplunkUniversalForwarder" /inheritance:d >> "C:\Users\Admin\AppData\Local\Temp\splunk.log" 2>&1"C:\Windows\system32\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{c8f010d8-846f-6745-6d00-00000000f901}2648C:\Windows\System32\msiexec.exeC:\Windows\System32\MsiExec.exe -Embedding 8D11BD85012C4BDC3B953D468E015B97 E Global\MSI0000NT AUTHORITY\SYSTEM 154100x8000000000000000376Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-26 08:19:06.061{c8f010d8-847a-6745-9b00-00000000f901}2652C:\Windows\System32\icacls.exe10.0.20348.1 (WinBuild.160101.0800)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXEC:\Windows\system32\icacls.exe C:\Program Files\SplunkUniversalForwarderC:\Windows\system32\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=4B8207877186FAFFB90E3A4D9358CBA6,SHA256=054355C415F5686DA598011065E6FDF6BED35C5FDDA81BC5BF22B9D093CC30E2,IMPHASH=446163A548337B5BCF2727BCD1CFB399{c8f010d8-8479-6745-9900-00000000f901}3104C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe C:\Program Files\SplunkUniversalForwarder"NT AUTHORITY\SYSTEM 154100x8000000000000000375Microsoft-Windows-Sysmon/Operationalvegeta-2024-11-26 08:19:05.979{c8f010d8-8479-6745-9900-00000000f901}3104C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Windows\system32\icacls.exe C:\Program Files\SplunkUniversalForwarder"C:\Windows\system32\NT AUTHORITY\SYSTEM{c8f010d8-8434-6745-e703-000000000000}0x3e70SystemMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{c8f010d8-846f-6745-6d00-00000000f901}2648C:\Windows\System32\msiexec.exeC:\Windows\System32\MsiExec.exe -Embedding 8D11BD85012C4BDC3B953D468E015B97 E Global\MSI0000NT AUTHORITY\SYSTEM