Skill UI

A forensic tool designed to parse Windows PowerShell Script Block Logs (Event ID 4104) from EVTX files. It reconstructs multi-block scripts and applies advanced detection heuristics to identify obfuscated commands, encoded payloads (Base64), download cradles, and AMSI bypass attempts, crucial for threat hunting and incident response.