inzlain

<Sysmon schemaversion="3.30">
    <HashAlgorithms>MD5,SHA1,SHA256</HashAlgorithms>
    <EventFiltering>
		<ProcessAccess onmatch="include">
			<SourceImage condition="contains">powershell.exe</SourceImage>
		</ProcessAccess>
    </EventFiltering>
</Sysmon>

inzlain

<Sysmon schemaversion="3.30">
	<EventFiltering>
		<RegistryEvent onmatch="include">
			<!--Watch for any changes to user or system environment variables-->
			<TargetObject condition="contains">\Environment\</TargetObject>
			<!--Alternatively watch for specific environment variables being changed such as PATH-->
			<TargetObject condition="end with">\Environment\Path</TargetObject>
			<!--@subTee malicious.NET profiler variables - see https://subt0x10.blogspot.co.nz/2017/05/subvert-clr-process-listing-with-net.html-->
			<TargetObject condition="end with">\Environment\COR_ENABLE_PROFILING</TargetObject>
			<TargetObject condition="end with">\Environment\COR_PROFILER</TargetObject>

inzlain

#!/usr/bin/python3

import sys
from pyppeteer import launch
import asyncio
import time

try:
    company_name = sys.argv[1]
except IndexError: