Description
This typically indicates the parent process was compromised via an exploit or macro.
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4
89KB
220521-pepm4aadbp
b52f6306e6c5af7bd87fab6f32a937b9
e7043e9907b332b9039eeb4487959d10e05d2dc0
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4
0f5212be7b3294cb4b86e4f884f9b750a056c34ab9d9df040481d2244659ee2c79c084747ed5cf056ae9d4d3d35563b1901dacfbec464a20ea466029916cc9cb
Language | ps1 |
Deobfuscated |
|
URLs |
exe.dropper
http://62.108.35.164/api.php |
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4
b52f6306e6c5af7bd87fab6f32a937b9
89KB
e7043e9907b332b9039eeb4487959d10e05d2dc0
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4
0f5212be7b3294cb4b86e4f884f9b750a056c34ab9d9df040481d2244659ee2c79c084747ed5cf056ae9d4d3d35563b1901dacfbec464a20ea466029916cc9cb
This typically indicates the parent process was compromised via an exploit or macro.
Looks up country code configured in the registry, likely geofence.