{"id":13137,"date":"2025-04-29T12:06:46","date_gmt":"2025-04-29T12:06:46","guid":{"rendered":"\/cybersecurity-blog\/?p=13137"},"modified":"2025-07-17T08:22:10","modified_gmt":"2025-07-17T08:22:10","slug":"pentagon-stealer-malware-analysis","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/","title":{"rendered":"Pentagon Stealer: Go and Python Malware with Crypto Theft Capabilities\u00a0"},"content":{"rendered":"\n<p>The current article provides technical analysis of an emerging malware named Pentagon Stealer. The research has been prepared by the analyst team at <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key Takeaways&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Variants<\/strong>: Exists in <a href=\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">Python<\/a> (AES-encrypted, multi-stage) and Golang (unencrypted, part of attack chains) versions.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Data Theft<\/strong>: Steals browser credentials, cookies, <a href=\"https:\/\/any.run\/cybersecurity-blog\/crypto-malware\/\" target=\"_blank\" rel=\"noreferrer noopener\">crypto<\/a> wallet data (Atomic\/Exodus), Discord\/Telegram tokens, and specific files.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Debug Mode Exploitation<\/strong>: Launches Chromium-based browsers in debug mode to extract unencrypted cookies, bypassing DPAPI <a href=\"https:\/\/any.run\/cybersecurity-blog\/encryption-algorithms-in-malware\/\" target=\"_blank\" rel=\"noreferrer noopener\">encryption<\/a> for easier data theft.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Crypto Wallet Injection<\/strong>: Replaces app.asar files in Atomic\/Exodus wallets with patched versions to steal mnemonics\/passwords, using a public proof-of-concept available on GitHub.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Evolution and Campaigns<\/strong>: Spread via typosquatting, later under the names 1312, Acab, Vilsa, and BLX stealer. BLX adds clipboard, screenshot, and Steam\/Epic data theft.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>C2 Communication<\/strong>: Uses HTTP requests with servers like pentagon[.]cy and <em>stealer[.]cy<\/em>; BLX uploads to gofile.io, sending links to C2.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ongoing Threat<\/strong>: Simple but persistent, with new variants showing minor updates, continuing to pose risks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How We Discovered Pentagon Stealer&nbsp;<\/h2>\n\n\n\n<p>In early March of this year, when browsing <a href=\"https:\/\/app.any.run\/submissions\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Public submissions<\/a>, the ANY.RUN team came across an interesting malware sample written in Golang.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/ee0a809d-1d42-4074-aa15-83a5ae6be6cb\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">View sandbox analysis of the sample<\/a>&nbsp;<\/p>\n\n\n\n<p>The malicious program exhibited unusual behavior, first terminating and then restarting processes of popular web browsers (Image 1).&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"727\" height=\"641\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1c.png\" alt=\"\" class=\"wp-image-13156\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1c.png 727w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1c-300x265.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1c-370x326.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1c-270x238.png 270w\" sizes=\"(max-width: 727px) 100vw, 727px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 1<\/em><\/strong><em>. ANY.RUN Sandbox showing the sample\u2019s browser activities<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The malware also engaged in data theft, which was flagged by ANY.RUN&#8217;s Interactive Sandbox.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1894\" height=\"780\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/2-1024x422.png\" alt=\"\" class=\"wp-image-13158\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/2-1024x422.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/2-300x124.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/2-768x316.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/2-1536x633.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/2-370x152.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/2-270x111.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/2-740x305.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/2.png 1894w\" sizes=\"(max-width: 1894px) 100vw, 1894px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 2<\/em><\/strong><em>. The sandbox flagged Pentagon\u2019s data theft attempts<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>To collect more context about this malware, we used <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> (Image 3)\u00a0with queries like the following one:\u00a0<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktolookup#%7B%2522query%2522:%2522domainName:%255C%2522pentagon.cy%255C%2522%2520OR%2520domainName:%255C%2522stealer.cy%255C%2522%2522,%2522dateRange%2522:180%7D\" target=\"_blank\" rel=\"noreferrer noopener\">domainName:&#8221;pentagon.cy&#8221; OR domainName:&#8221;stealer.cy&#8221;<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"563\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1f-1-1024x563.png\" alt=\"\" class=\"wp-image-13160\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1f-1-1024x563.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1f-1-300x165.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1f-1-768x422.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1f-1-1536x845.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1f-1-370x204.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1f-1-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1f-1-740x407.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image1f-1.png 1840w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 3<\/em><\/strong><em>. Sandbox analyses with the Pentagon tag displayed in TI Lookup<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Among the search results, we identified a <a href=\"https:\/\/app.any.run\/tasks\/804f96d2-5ed6-4a44-babd-0a7ada9ed80d\" target=\"_blank\" rel=\"noreferrer noopener\">sandbox analysis<\/a> of a website hosted on the domain <em>pentagon.cy<\/em> that featured the admin panel of this malware. Thus, we named it Pentagon Stealer.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"757\" height=\"788\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image20.png\" alt=\"\" class=\"wp-image-13162\" style=\"width:520px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image20.png 757w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image20-288x300.png 288w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image20-370x385.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image20-270x281.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image20-740x770.png 740w\" sizes=\"(max-width: 757px) 100vw, 757px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 4<\/em><\/strong><em>. The admin panel<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Exploring the website further, we discovered that there was also a Python-based version of this malicious program, available at <em>pentagon[.]cy\/paste?userid=&lt;n&gt;<\/em>. You can see the page in <a href=\"https:\/\/app.any.run\/tasks\/303dab54-a2d4-4de9-82a1-6d98fe590914\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">this sandbox session<\/a>.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1001\" height=\"330\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image21-1.png\" alt=\"\" class=\"wp-image-13164\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image21-1.png 1001w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image21-1-300x99.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image21-1-768x253.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image21-1-370x122.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image21-1-270x89.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image21-1-740x244.png 740w\" sizes=\"(max-width: 1001px) 100vw, 1001px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 5. The original page<\/em><\/strong><em> containing a dropper script for deploying the first stage of the malware<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Considering the lack of public information on the malware and its potential to pose serious threat to our clients, we decided to analyze it and collect essential intel for effective detection of Pentagon Stealer.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s what we\u2019ve found.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nFollow along the analysis with <span class=\"highlight\">ANY.RUN&#8217;s Interactive Sandbox<\/span> and launch your own malware investigations&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=pentagon_stealer&#038;utm_term=290425&#038;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noopener\">\nSign up with business email\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Python Version of Pentagon Stealer&nbsp;<\/h2>\n\n\n\n<p>Let\u2019s start with the Python variant which still can be found on the attackers\u2019 infrastructure to this day. Next, we\u2019ll compare its functionality to that of the previous versions.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Initial Stage: Script Dropper&nbsp;<\/h3>\n\n\n\n<p>As seen in the <a href=\"https:\/\/app.any.run\/tasks\/3ee45ba5-af74-42e8-9a04-019bcbf0c349\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">sandbox analysis<\/a>, the attack begins with a script dropper. Its purpose is to launch python_setup.py encrypted via Fernet using AES in CBC mode.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"610\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2a-1024x610.png\" alt=\"\" class=\"wp-image-13166\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2a-1024x610.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2a-300x179.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2a-768x458.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2a-370x221.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2a-270x161.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2a-740x441.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2a.png 1535w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 6.<\/em><\/strong><em>&nbsp;Decrypted script in CyberChef<\/em> &nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Use this <a href=\"https:\/\/gchq.github.io\/CyberChef\/#recipe=Fernet_Decrypt('_42xi_g54tAqgEXHzc3eqvJJkkX3fQAqGisHeNmpKjM%3D')&amp;input=Z0FBQUFBQm55cXkyUGxzVjlsVVlkRHZWd1RXNm5DRTZCeW5XZDZtbE5PUy1HVWZneUc0bHpZTHRmczV2Yjd6Y2xuS3d3WW9GTlBTbU00Y0FrRXJEZmJKLVQ4VlRrQTlqQkRLQlFCeUNXVXZmR3NpUmZKRFM2Vm8wZDhjblpTaDl1ckZvSXdoZElxTXB3LUVweTZMZTF1ajNReVA4TzJVRUhqZFMwTTh6cGduUkU0Q001Qk1ZSDBuTjkzUGxIMEdzTG9QOW1jdHc0NXcwMnFoa2dtLW02R29OQzE3RnY1ajBUWlRJTnhWVW1OdEd3dmxyTHJDMUE2Z3dBWTlDNksxdmJENlBnN0EtOUVzeXQ4cXhmdU1wV0xCc0JqV2FIRDFQTGhVb0p5bF8tRU1yQzFpRy1zc3VncnYxeDdET3FpeVh5VnhxS3EwRnNWQlpsQWY1bUJjMUE1ZmQwRUJtWU5PUHVIdy1jQUJGMFE3OTlPdzA1SlV4NkZrdVdnNm5EYlpwS2M0Snk2SWNUTjNVNVdmZmNib2lCUWR4bjZSVVYwUmV0ZkUyNmx2MWlWck1acVBmWkhiNFo4Z3RtbjIyNzRxbU1vRGFzY09rMEw4bTNEbkpXSUlsd05SakRrVUh1LUNpaW9LSHFHVWZVMzBzTGZlZUFiLUZoRUdrLVB1UVhHXzRBcmxPZmJZTlJiblEtUURDOU94YVVBckFoR19CcjJfUDI4SkR6NFRYU3h5d2pqa2R0Z0JPYkxscXE2M19VNTVxVjF6cmZFdzZ3YnJpNWhKQlhJaGtyZjRIdUNiejk5OHV2czJEODdGUHBkd2sySjRRUmJQNnJGUEs4THliR2JsejRxS2hJSkJic2J2a2g1MUNiOG5LeEEwVFlKdUQ2ZTBXQnV5Sy1Da3dZZDlKZ2xXU1VlcHBVemtQc1RtOWlfM2NzSVBZNDlGV2s0cFMzd1RBUGhELXQxUExVWnllZkZlNldZc3E5RjQ0MnIwMGVVR1lBUEotN1lNb1o3Q0p6ZmdkanM2ZkZxS0FUTGJEejFsSzgxLXVOeE1SR25vWEN2cktNV0dXMHJfU3J0N1AzWDdRY2tGMUJ0Q2FkX295SUV1MFRJV3V5aWxQLUtMZ1EwWlpHZE1XWG1NeTlRX2NUcV9ac2k4bXA3bGNabFZyTlZOdVloVTdjSzVPb08wa05nMUVGRDB0Q0JORF9XZjBaeXM0VnJJRDdqNG5OV2Y5OEhWNU1zUDZyN0hva2lmOEpGMUFfQWg4OU4wcnloYTZXbm9MeDZ4TVBmQkFjczhhekFWNndWVFRXaEpoTHZIaHE4RzF5eV9nMTJlVjZhM1FxbG9fR0s2SU11cFhWZl9rTzhWNDBEeU5jQ29PUm1EZVVBU29hRDRvMm5pS3I3R09rUDE4aFdmekltR0xMQkxZMzh6d1d1cWxBTm45bUVjc1BCZmVSMXB3cUE4LWJ2T014eVQ3ZzFJUTlmck4zbENDdmhUWGRiZE5xOU9ZZmlFRW9KSnNybW1IUGVSQzVvQXM1T09LM1ozZXAxdlNhNFZfUkJ0RG11R3QxdDFwWjU3c19pSnE5eGx0bWtwNDVNOUNIdzVYRkRmeG5KZEtjZzNIRE1Dc0l3Nkd4SFdCaDA0VnlzYy1zT29BTlk1VDk4VHVsSUpkcE1vdkU3WFNXNTRPWXI0Sm1qT08zS2RRZ3Q4VGJHMlR2d0RiODkwNC03bUNqeFFMZVlBV1JvZU01OXBWb0pPc1hEOW56ZUY4dmlFOWU4dXFfUGJHOElESlBuc1JJU2trMmRKb25ISnZDblYtZktrQ1RaWkY5LV9xVGZ0V2N5NU8wSHhZSExjTTdlcENidXRtdzFfemYtZXJEZk9Md2VoNGtVQ2JXZ3AtVjZueXZiUGNVTmxJT19DWTFDSXZDMWVUMFYzbnIzMzR0cGJSQnZsTW9TVGlURDVVMlZKSTVuOHBvczlMNG1Jb2d4ZHE0cFdPenBwS0ZVRDZXOTR1ZlowcFIwOVRKZEs0YnBoWno3a2ZXc0IyLTRDSkJ2SXd2SVlRUXEwVlhERWU5dk1zbWt3dkVVQXZPTExvUVhOcFF0N1A4MGVfVUVfSVVFa3RvRWh1YnVVM1EtcGFMNWN2NTN0S3JmWWYwbENCOTFnOWJBUXFTNFlRZXJqYXdnQ0Y3bDBhdWxMcWp0WHFvcFI3aEI1Tk1mZF9hRGE5b3lvRDZVY25CcmZqV1J2SlZEY2dnZk9MWDdmVUw2VGNnSzNBVFYzY2JKWWxkQmtjX1BsSmJldHQ1VjQwLWdOREEyWHZVRE83NGN4cHRnSWJNN2N5ZVlHSXQ3dHNPODBUWjNyV2h5UElXM09tOXlPWmxGb0duSUFQX01qcE9obTlEWDF0blZ3dFA5OHZyUllsTWRmaGt2LWFuaUhmdXczSUp6WEN3TkliRldybGdlN3pNQllWdjg3Zlp4NFJIZG5EcE5DbjJWbGd4Vi0ySzdoX2lOVjdQOVVuMDdZSDJ2cE8zQmkwbW1KUUlOUTAwaGF5VHBRcXBkOXA2Z0EtX3lXN002T1c2TlA3blVMRjJLbEN0V0RUcm9Kb3hLaEl0d0hSLUs1VW0yd3dRNUZlLTNUS0lnaUZlUjFWZld6QU1MaXpvd0dQZ2RNV3ZXZnc2MjRELWJ1MDNfYXlKYUhsQktTdEl6TW5MNkVIVUFzZGdRelJoVDJkSkd0cW9IaDVfZ1BFRkx5OUhaSkQ5Ykh2V2U5MkV3SlpNSnhSbFFMSnFkVlMwSnZadFB6elY1VXI0UzZUSEFhQjNCQ2VsdW9tN1F1VVoxS2x0MG9ab3V2N19ab0NVaE8tRHdoaFBhVWlMNnNVTkhWQk9JUlQwazJ3dUlGbHdIR3Q0SUt3RGtlNGlBRmRnV3hIcTgwZEJ0MERhdVRONUJTNDdoZGV1bHhnSFdGb3VuU1k4Mk4tM2ZUUXl2VnNTek1vU05qQ2JjemEwYmV6VDQtSmowMXhvU0hKQmI3X0ZDUlkwaDJ1akUzelNEZFJVWV9rS2NrRXI0STBPOXVKWW5zYTZmODdaQUV2UzVXVjUzdmlBNUNNUjFkTkhMQ0E4NVhDR3NvRzEtcEVwOEdKbHhnZmtsM0k4dkJuUmRGdklYdnUzbzdJREtqYllOVWU2bzRhVkFmVlBkcmtyNHR0N3hhYVpVNXNyVUFiN3BuWWFaYUl1cFB2ejlyT0ZlRm9PS3Zxd0phbGItTmJLaDV4ZFFPWnZXR3MyNHZCQ0tsMkg3YlVZR3pzdlhibndlUkl0Rm91SlBwc0RxRWtHQzFONHZ6RjZoc1JNbXNnMHJwSmIyVGljMDJRc05NOERKZEkyWmNBQWZXZDU1Z1d5STFMcXMzVFA5ZU9NTDJySGl1akE4WVR2cFVuYjViWVZWRjM4dWZHSFRxSWJwekxYOE5rdGVkMUhUeXNxOTY2b1dmanJtUnotNkhQV1ozaEN3N19SM3ctX3pwZ0RWa0tQYmtpR0pTcnRtXzRFTDZBallORkZsR1pZdWptdlBFWDVhUGY4MVRNdWNuckZXYm5RaWpJZHp3eDdwUzl4d2tlNW9nOUtOdFE3VkZ5cXpsQVItSjlKcE1fdzFRS2x2Q2FHMDhUOW1KWnl3SXVObEx4TlFoaGFWTzFGSnp0TzdRN2VpTUpLaDJKQUhrREczSWhSVXJ3MGNFaDVXTEVaX2lkWWk0S0RwSktVMGZ1MWdad2p1NGpsQ0dUQkw4WmNLZmpLdXhSR2xNdVh3cFhFT1VTR3FQRWxJRDVuc3BQYmw1Rk04U3NJREg5ZzhGMm9kZmZRemFsakktN3BrcVdENHlVRWg4Vy16LTBzT2c5SnVQczFkdUxESm9zU2dLdVh0SkE4c3ZWYklzMnZlZTJJeWNqOHlzVGJsWmIweWVlMll1ZTZPczROYzc5THMxRmpmRDZPQmJYUS1EeFlrN3o2WG1OdlhxVWhpazhKbF8wMTVwb01yZmlZeFVDeDQxYVZsWmZfU2lDMjNYaUVNc08xNjU1azN3ZEQ2a0pLYzMyRHBRLUJRVmVPY0ItUy1zYm5fVXhPTFJDU09yQWdrNDNZc0RsWEtsTzRIUFhIdFNDQnY2dDVKTTZ1Wl95TTY4QWlxc0oyUU9QTTBwVEQ2aVRsNURsLXdKcEZ4d004bHBfc1psV1RxRDZTanE4ejdFcDF4OFZYQllfb3liN2RyeTVqSllLak1aUTNqZC1EOE5Na0doejNUUEg2ZDltR0MtQTBReVdhcDRoZWxoV2lyZGh0WEtwam5SQy1OaEJkZTRWVncxY095NmxsUUp5UGJXcG0tdHEtNXhlajg4VmdzUTlCT1JrUGtSUTFSZ0dDcWxqU3luVl9xZDB0bFZzZjFTOHROSGlfV0k4cmQ1NllMUjl0QlRhNGFPTnZCOWdQOTdvVEIySHl2QlhCZkhJVzB0NjhyT09FZlM0ZmpoekxpcDBhcjF1ZHQwVng5b2ZfTjZvTFJpano1UnRUZHRBclliTGRvWlhhUjFJWGtScEx0WUdSQk1HclZuTmNjdmFvUDlYVGFlYmxnZFhKOVB4VHRJcFQzZ3pTNWpfSlh0emN0Mkt6N0VETDlkMnhCT1ZFMnpBdk14Y2VMM2lXMEZ4OVVUejhhREYxYVh6ckVXTDBUaXhoNHJUcnZlUThtQ3pnWEJsRm96V2ltdm4zZUtWMEFhTENKeGpYUWh6LUZUWU1iVUNvTGE2RDlDc3paVUdKbUZCb2o2alBUd0MzR3J3aVZfNDBVbVJsY1BmNTBDRXVvWjFGY3VNUHFjOE1LdjhqX3BkS2h2LXhBQnNycGh5aW51aGZqcXhBbGFVVVMzUHVUUWg1MURSeHlMMW1iZW54dVdRYnFpUUd0TkZwZDZXcFZKTEQ0cXpyNU1qeE4zY2dGODZXMUcyT0hMUEVJaksyYmlXZ044UEVOSENEajg5N05zV0d6ajFhOVhlWkJkYWJkTnF0ZnJkUTE5elp5NFZHbTZua1JjS01nZm52X0hWVWdIUHUwbzFlNlptYjZ2XzVZZzlEeENUS3FOc1FZRXZPM1NRbk9xRnJKVENXVHBEeG5wMzJQaGtoclBoMUJZSjlVUDQ0LUdUU0EtbTd3cXFQRXZIZ2g5ak41RDFGaXZSR3NSQnhlRXptcWtWX0c2UDlvMm4xY21sQ0ZVOUMzWDFDaHlwXzBiWW1xQ0ZLakdwc1h0eWRnR19VSUNGUElJdXQ0UlhFeHRURUEtbFByNGpuNVM5QVRLQ0ZxN0paQWdrVFRKc19LSm9paUdwZVVWVVdxSHY0c29LZmlocVQtXy1HQ25qU1UyT2NCenEwR0llWmtvbWZhdjJqMFNNYUhEdHpXNFVFazlCVTA3OGZZbVlXVHVFV2xkdVhkbWJnd3VtYzV4VlBUMnRmNTlheTViR0lpZkFaMk90dmt4VXpZcVNrclF3azVWMFlrNkRabmtkN1Q4WFJmOWk4aW9fenlJRkp0aDlGV01sdDlQc0p4R21tTUpNTURFZUYtelVHYzBJOWtRanZkVHNyVVlURzlfNUFCeVRscE40QloxdmtQVTcxU3ZHejFJa3NXX1JiV2ptWDhlbWNIX21Id252R2Y1VTZYWkMxa3VMUjRHMVhVVGlxR2F6RS1ja25kTjZsMVZqUDF2aEg5Q1lMd3NqVGkzeEx3UVpDa0Z0VlhCdkk1YktaendlYWJsLXZPWjNrVEtzMjhWS1d0WVFFX29meDdUaFlneFBFV1AxWElTZVpSV2d5Q1YySmtHSEVVTU1fVmVEYmZ4cnFBSXRZN1dBb3hUaE8tNUtIZG1KT3d3ZGw2bkJTdGh1ZU8waVR6bTN2WlJVZlJXVFRSLWxmbEdrVndwbkFsdEJYVlRVdXZzNEJPRXNacUNYcU1felUzQVd1dV9PQWdLdE9TN042RXVkT28tM1gtLUQwRVhzclIzWG9Qc01PNk9zUTNrZlNvUVN5cTlKNG1HbmhtSlNmdHE2Ni1mTEhDQzMyQ09BYVNQN0R2VE9POTA0dUpXZUNpOFFNbkY3NC12WG5tcERZaXFDS25IUVo4a094RHl2SUE0eXVLbnBNQ1p4R2FCNENjYS1fM0NTV1ppVGNqeUNwSV84UXZFb0V2R1ZuaU01bHVUd0FXaXRyVlI2QnR1NV9yZFBzNllpNWNFUzRFcnFMOERlQ1VScVgzYVBNdWd3bmxaSDhWWk5OcUtkUlFfT2NJQlZieUFneUlMVDJlRjF2b3VpcVRYdmtmTDd2R2ZwdVJ3eUlHaG04ZzdLUzZRV2hTSktHQ2JOVm5OcnFMR1JBcTFnRnJIa3RYcWs1cHh6dWU4RlRYLWM5Q0M3X2hXazFLTDU0dmk3WUpneENqbExxajdVZ1AxeF9JQnNJc2VGWDRKWFlOQ2IxLS1ZWm1ITmNpOTR4WHlIN2taSzhDVkpYT2Q4ZDNnQ0pxLURyMUhHa2ltbmtoU0lDWVdfZ1JGbktoZExLN21NRmduWE9JUmlVc3dPR0VaQkR1LWpnNnVxek9lVVk0RzdJeC13bWlXTVdMVzdSYWlEbUhVUnpuM1l1dEx0b2RlR19QUDNJTmlWdWtoNmVrUWotcm1RYnlNN1lwTjFKOXZFTm1KZ0RmTE9wSGRHMHlGSDNyRWRGTWQwMmQ0MzRmZUxKd0FkaEZXNmtoQklnanVKZF9zUFE5VV83aGVVN0hJOGhhenVYZ3dwbnVCcFdlRGlITTFMVVl0cUhlZnpobWNCcnpNSXJhZ1hTSG1WbWZKTjhFWWhHR0FVaDVyWE9qTGEzRmp2T2ZKRFMzeVliak9XOER4b1YtdGpjN090UzMxazIxd09mOE9zdFJLQkxkU2o0aVhUNXBxa1Jud2VwWm1oV3hjQXFpLUg0Z25FVVlhbjRMSkpOUjgya1VYNENyWEpucUE3NDI2czFLOWR6cGRhWVNfSm5RaDlheEo3SlQyQjI2ZXRRWDRtOFRQbXktankyMFdTV2kya3lHUGFkSGlqRzlMdVpsUWFycGFmbzhmdG1jeEJpZ2RrM1hfR3FlQTZBbzByU2tKMG15V241RS1YTEJiYTdWX3R2VVhDTFRNbEJXXzZlWDhydDNTWXlpdDlGT0NDd0t5dGwtcFdRa2lnYTg2bmp6YmdUV0ZNNkRsdXVoMEFhVkRkZmdDWlJYZlh2RmxtSEFNaVB5T1dEM2Q3cVhsVzVSUTNLYUdnSDJ3aEpaTWRhb0pma3BRMzlKY2xhT2dZbnRNSzJGLUtxU3FtU1FFZkF5V1NwaGhpMGdpY3NIWXYtTHFSNDl5TF9XSjRmaHJIT1Z1ZXItZk1YLUpOM2hDSmhkU1hlSXE4MlVZY3dmVFQzRklKdVJ3bkZKMVlxWk93VzR3WHh5Zk1DTnhXNi16b01UTUFZaWUzbm5VSWVHWXd2V0V1TTdoeVJMYmRjbkJhbU5ZeWFfbzQyc3Mta0d3MFZpd3Rvbm9JdFF0OVo3TVBDcTZUSGYyS1JoVDk0SVA0UkZyRmxXeDRjNzNpaEhTc2ZTN2xhUGI4QlpZcjlueVpUZnA1VW5qc1N5VVc3dkxJTWxGdzFCOVBMUHRQcWlHV1U4MlI1c2VRN04zTFFLM0ZvRVpUSVlpTGZhNFJwdC1tYktMYjMwOHFUVWMzYkRrbHVoMkNwcmJuXzJIT2NFM3M5ZmxIZ0RKdndFNDc3c2hWVTR0SE9KendfaldrSWxuMFJWMV9PWXlUN2RmbXljMWUydmczNzRQXzdQQ1dPRVl3OW1wM2xwZXpWRlFvYzNxekhGU2RyVllPMElFVDNQOW94ZWl0QVNoUHp6dnl6NFBRMy1xUmotTlYwaUM2aEp4QWRsMlBaX0pkcVBQRG1DRzVpVzZ3UlR5RUQ4cV9lSVl6WktKTnZTSUphaTdBRzdteXV5MmRwRndvRVFTZkRjTEQzRlZGRUc5Nk10cDZMZVh3Y19OWU5Kd1lSUUJPdk1aLU5DZEtMbUxZRWw1SDg0cE42bjRFNzkxMTA2WXRwTEVhdHl5N05WUmFPSDBNWHRaZVl3NXhibXhqRlJsQWFzOWFabno3UzFGWG5qUEFNSEQ3dTZELUZBRG56RFdhMkk3a05ld0FyWnhIN0xUQ3hTUmRtamp4azRWZUI1LUVvcFlJNGUxd2RWemowMlNVTUtCSmJ4dlJtVjRhT2VnWjdkejlZbk93aTliLTRkQ1RCVXk5YUlnRmk4UHppSjZBeEk3OTZ2ZFdVbTdPbU5zd0JuXzJRVkxkWnFmS2p0bk83MnBXYUo5dXBJQU82RzJ4NnhFQmRwZWJ0cmlKZkwwdDhudHRiVXMwLWRfeEJXWjFrQUNtbE9ueDNzU1NxZlZrbW81RTllMjNFZ1BKb2txMFFHNFNPYi1BbGJGblF6LWVNcWJfT0V0VTlUaHpHa0xpTVdmY1BKQVd2ZzNqSlVIRnM5NXhjRmNfMmJmdTFXU0pUUVA5LUx3RUdtVHF5ZDBHN00wZkVIelQ4SjNJYm5Ua2NtUThmRXNpTVlkWVNfbFNESHpBSmNlTzlRTDhqaGdIRElwVGhKOTBmaUVjYm92T1Z6am9Id2FDVHlfdkZ1VnRpUHZrZjkwU0dnbENMNHRqZHpveGVRdEM0dE1KVWNqbmw4d1k5NGlNY01nY2k3RjdsS2E0TTBRNTNVN3JzQU44VDlkcWRJeENTSFlCdVdqN0dVVldJWHVCaW5oSUlHTzRQVWFGZHQ3NGRqcnM2NGhTSnAyRWNlN0FQYUd5Y05LTXJEcGcxZXpTN3dGeVdZdEdua1NpbFJWTEUwaXg2R0I0b3g5WmJNUEdpOHNLU01GWHdqNEpQSlVxQTJ2NkplVGIwd2c2T1JfbHZ1cThmcjdIUE9qNHlCTkFpLXVUd245WTk0X2xYOXpjcTdMQjQzeGVoWXVDb1dHQW9NMVZlRzM3dk5DTmhDbHU2VngwX2QwZW9EZjNmZ21nWU1HNll5cm9iMXctS0ljeUpfWUdaclFDbzRWazZ6Tk0tREtDRDFMME9uYUQ0Q1VvNjFkd3p3dEV5ZUZESjVRRDFVQndlWlpWUnpYNFBPRER2YWxjckh3MUxTYWRBbnUySTZReUdnQi0wdVhfM3FwenUtcnBRdjE0ZHc3MXhucjBxdDJyRDZxX19nZldFaTc3X2tkcHgyazYwNXJZeUFWUnFTNGx2NlJ2Wjh0LXhUTDdpZ3daRjViTU5najVQRUVXUmxDYTBLczlGN1gtNGRjQ0lMSEg4dTZEbkR1QXRiRzBwNmZyR3ZlelE1c1hsOXdZUTIzREROSkwtbWRIY2ZJYzByOGVKUVRkRnc0VDVOMkNOR2NIT3RsS0J0ejEzQTI2ZGVMbTM1cnFFMlE0VTNkbWNWSkdUSTlzVXNUNkYyMVZXckZHZzdEd2pQVkVSRUxQYWJNSUt3bjVtdGRFTkVSYXl0ZWd6OHFqUWpEbFkyOG51RHRsTjRiZUV3SkRrSnJtTXd6SFRSRnk1a0NHTlh4V1dKVGRNdzJ3SDZvQV9RY2JIQllYNGdUYlVKUkFJNl9NN0dpaWtvYXhGT3YwdmFic2duQmt5c3Z5TnZWYTRGdE1lRkVfVDBQaFFpLUJaS2kwS1hXTXd5N0Q3Q0VIMHpjZ05KVlZJSTc1NkM2cURzVjBHUW9TYWtVN0dsWHItaGlpNmNreVVwV3lPY0l1eS1BendoVk0zaC1ucndNVkxZMjFrZUlHU1UtWEFnaFA0VWRzdkJDYmVQSnZaVUE2ZWZyeUVTNGF4MG1tamlzak96TlZmbXpHQ3ZCTEp6MkhVMnd1T2FmSnQ0ZTB5TUdkbXRYVGJERDRpczREaEtSWXNVT1BqY25heS1CZmx2X3VkbENJcWFVOTU4SUtPdjRCYjZjbk9ROUE5Z0xzMlNSSjV4bGRGSjZfdlJJa2NkVU4yVG1OUFdidnROOEE5d2s2c3JuekFQc3V2VDJSY3J5aUpYaV9OTm9oRmV6NnhGdF9nVEhUbWFMcUlSS1ZISC1PNzVoZFRkOS1HUFVJbEZvMXdIT29LQjRwa2p5X3BJQzJRQXJUa3VJejJvNUsyYWw0blVTeGdJbE0zbmFHNzRHX3NMRDJtVmVIUkNWSXl6MTVPa1RRVGJ5Y3J1RGJ4S2pRalJFblMyTExCcTRLbWhWOWhFVEt6OFFSNEs1d2VpdjlGb0dEWVV6WTJKTHdKQTU5TjhNVFZWRUtJMzlrZkU4VlppTkh6ZWxrYnlzaFc3V2g4cnhzaXJKbGZ0UC1zUlh1R1FkbkxoeHdIOWFORTZCdTRZTGJHYVRnQmxEVEVwX0Fva3F0NWFiOE52UGk2eENLNDc4d3I3V0h6Q1lWRldKOWdJRWhRNi16RVZ3S0x4RzJCdjIxMDE0LXZOQkFfaDZOcVVoT3N0Q1oyOW9IYTh5eVBRel9Cb0tuUDBWUTdIQXhaVEtXYzlxQ001bHpkXzRqaTZQeTRFd0Y4RkxhUlV5YnRQdS1Mb1czYVViczlKSmdPZXhmYlFVRlZqNF96ZkRuem9zbWpBV0tJYTlnNU1td2tINk5wQ2Nnb1ItclpUb3pmTUZTSGFOc3hQSzdYX2N5YTRxVFJvSVEwdkUwcmEtTTFWN0hWdUc3VTVwQkxuVndiRVNRSmlXdWdtbUp4VmxyUUNNUGFuUTZpcnUyX0VENGxHTkVvUU96REEyNjROQlVyUzNuV1FKWURmU1JRMnZxTEpyMC0zSm1ieTA4ZGxiSDRvSFI1TDA5SEJEc3A1RC0tS01OYW9yVGNJbVJsb2JmMEZXcTViN2ZzLXBVZ29kUElaTkliOVhLcTBJV25YUVZ4Qi0zTEhzN3lqaHk5Wk55aGExVzJoN1VkX3gzT2R4aUFVa3g5SV9CdGxudWtXTXJYWE9XeDhyZGY3NzRpdENCNTA0V1V5RFFiSEl4NEZJU0RnQ2F1NXNhNlFjdHZsdXoyUmsyVEI0MlZub3RIV2pvM1MwNDktYlBzRExONURXTGpUNkFQNUhTbHZfcFZ3LXBTaGlQa2ZrTTlXZlJPeTE5aTYxQ2ZNQ2x6YVFxS0lFNHNMTXdTdy1zNnRsQWMwZm9NMjdtLUxLVmZqUFFkZTI4a3BkSk1PNFNIR3ItUTBCWWZjem1Tdk90dkU2YXhhMTdjLXYzdFUxbjJDVF9hVmM0cVN0SWZqVy1EcnJseGY3eU16ejh1aWN0TWs3M1l0cmRVVkdPZWYzRU1DQ3ZGbnRjV3BUc1I3RUV2cWsxOG0wSDhuVzFaVUxUNlpIY2tib2Zyd1VUOS1WeVMyRGVzU2sweDhubnVTUUd0ME9sNnJnd0VzeHBVTEdxX0RvcVB6enZwaWxaLUliWWh3NEVEZFFETDBSV2E0NUQ0UEhWd3c4QXBsSHdVUE9kMDZGbWFEMzh4S3NfeTQ2Wk5BMy1MMEhMYkQzQ2FSbVdKWU0zbS1uV0lFc1dHTnNJc1paSlEzSzl2UGZ4VHNpSXhuYnk5dVN5bmlnOW9tVU8xaFVNMXh0M0xVSU5oTldxYnFXd3QxMEs5ZFhCczFPeHFwX1JzUEhUNGJfSzBick5MbVRtV0d6dUxzTmJ6Uy1OWnFVbWhHNkZndjBva081X09NeW5NaXo2NlNQVTM5SkZmSXZfNC1JWTJrdTZ1UFRuN3NTLVU3WEkzWDBYc2Rndk5INktpSVV1bW5mTWpZelB0VUNOTGt0aGJIbW9kRm9BXzVYYVpaR1o4ZkxTWDBpOF9ESFhOTk92cmp2TWd5V3k2ckxwWXc3ZDZNcDZUY0NWaFhCMURnaVh2VktnWDN6dWhaYVR0TEl4X0FFVkNIUUM2TGJmN1Bic0xpbWtHY1BULXhibWpkY1JJUlJ1R09JMDhGWnFMYkhMS2FxUGF6R1hxQW5EX3ZvY2M4bjN0TVozRXl5TU42N0o5eG5vOWM0NEZER093X0dRZ3IxVkMzWWdfU1l0b0JZZk9MeEJJVng5Q2JibGx1VUJuQWRrbXFWc1pHZVJqQ2VvZnpiYUNSMTlwU3F4MW5aOGdiMmxEbUY1cmpBSC0xVTljUXJFQkNuakZPNEtUYWxfWEQtbXFJSkhmWVJoNXpsZkhrQXd4d3FYdlU2LUMxSkxTcS1uZllud01kaHZOd2dIZUl6amlERVJLSXNhcEdleldBek1WdVhqV0pKMEo5TTd3TlMtNE1Gak5MQW85c3dfUzdiSkNSSUV2VkFmLXlsMWp5S2hrcTNDM1RwQXJPTkZBODc3dmRPSjhpYTJ0SGxqZHBUU2VqQlNvR1F5WFV0X0lDM0dFRVlCU29CTzRGTU4tOGs0Y0daRDRhYy1UU184a2Voa0dXODlVb3M0WkkyYTh0dHg4RENCRHkzY2ZvYnFJbks5ZjFKSDY0ZVp4LW1DNGcyZ0M2WGZIazB3N1JIa3djTVkzamxtUXMtLWp4NmtBLVFsemVQN3dhdTR2QU5RX0QtQ20xaTZYdTNsUjYtTXl5c2xPc1BwekpQNjVUQlc3bTZYOGNPNUdHR2thYVBKTmdTVlVMU18xa1VmdmdaUVNNM3hibWJJM2dtZHNWTENtazZxY1lBWmpKMnhEWm4wUnBDeVlfYldteHRZMEhIbExjd1hjV01ndXp1akcwTDc5Tmd0b2hiTFluV1QyMG0xQ1Y4SUF3MHNSSDVSb3FhYmJIeDhDcFlQSncydW92Uzk2V0NFRXJFaTJMVThTSGhTenRNTm5NaXhSSEJtMXVpMDBqODI1akRscU41ejd6Sm9JN2hTd1U1eU1ucnl1Sk5yU2dEdTBNajRHRFhqLW5tZWxQVFlLd3AxMU9EOVJ3VlNjbmNGd3Bjb3VYWVBDM2czRmZZRFdBWGdWTkZ4VTdXTk9vUjFjRlNzNmIwZ29iZVhNYWJwcklrLXMxOC1lTUQxUFdFaDNkX3c3UHV2N09fbko5WjN6el9CT2lSSHRHZHpSSmhJVVZ6bFUyaTNDQ0U1WjQ5REZjRFFrU3JmbFFZb0tjYUZ4WktXcWxlSnNRRFp4UGExYS10UEg2ZUV4Q1F1THlBejYxQzVQeF9NcURqa0NjcG0zbDJKSVl4UWQ4dUVzQlVDb0RIME5uSmZlT1ZkeEVkemRidnEza01vMXhOa0M3QmhmckNKZkNLaFQzZUJzeVFDV29LZno4bkZGX0U5UVJ2eG9ZNTdqdktOU1JCbDgwYVFlWk8yMVBxTS1uRDdwOFVaSFdOUmRZcmx3OW5qSUt1NWUzMlZpekw4VVFRSGgwWTZSclJjYTV6ejFsN0REVGNGd0hKWVhZYTQ4b21OVmNFYUdXOXlQZ1BJSlBwNm5Pd0lIaXVkUXRPLTUwRTZ0Wk9KaDNJOGRMOTllbk42bWVlTGo0YnM1a2tEeFpqNXl0RW1lUEc5N2doblZDbGJQbG1aWjhMby13aTVkX0VmcUcwOEExUXROTDhBZTZjUDdLV1VpbGIwWW41OGFVTW9ncE1YRXRnTW9aaTFiYnNqVThiMkluVE5oRjR3dnMwdlM4NFVEU2phVURpazM1cFpxTkJJWlNrRF9WdHFXcVN6eXZQMUdGNjIydFR5WTNhcWt6ZkFrMFJwSUtlaHlwYVUtQVhQYzlFdVcyeHM4emszVEc5T3dXVTlRYmJXc2ZVRFprSE1ycjhab3BuUXQwUjM4elBPQ2x3UGRsRXZOc2tyeVlORWFwMTJWNW5hRlB2VGxfaktmLUJydDV4YkV6bHpWSE5YRE12NVRkUXVQQ2QtOTE5RVNPY0pNT3pxNFlJODJvcnZIaFJkSjFqVVhZdTZqOGFOTmNxaFlrZXlyQVlRWnNCTl9pVV9JU181WWFqb3pGRk83MUVWdUZ3SUozSW1RUzBManVwaDF2aTd4ZVlNajJNc25EMUFYb0xTYTdHX01DNm1hRVozYjQ2WGRuM2M1X3JxeW5zS1ZBcnBwTEVKbzUxWGE4Sk1sdUVkUFpHdlBaMGNCMU4wWEEwWVk3RHRmd2NSMmVJUWdiQWdRX1EwTFFTU3RhQXlEaUtPcFpmU2FVSWxKMW1YNXh0QlU1NkdMMU9oeDZ1TFlJdmRsTkRnMzBISVVHbHg4WTNFd2hvR2RBVE82eUZySFVKZnFoTmR2bWZESHhMSjQyVW4yNnlyNE5yQUxEZzhJOWIwSjg0OWw2ZUtTMTE3aVVidm5oSHRLZXJoMF9TRVl5NDd0NkZ4OHZGUkp1S0pfR3lheU9rQmJiZk1lN3JFbnlraDBqUVBaMnhhSC04NzQ5eURkVmI2X3BCVUdXQUQ2QVVXUW5peWJZQ0F3LUQwcDA1SWFuUVRjaTdUVHpkNlZUdXdoTE5mN2RhQjZvSmxuOVZZSFo3Vy1hS3NoQTRnNnpUX3dnQUZxWDNtSi1idW5QLTJNeUh6SzJPclZrWlhUekR3enY1R0d1ZkFra0JvT0V4d04zTXpQa3dSb0dOZndLbnVFd1RCTFNpZlNwcDloNFlOLVVUek9QUk1qVHIycFhwOHkyUWFvenItLUxPVDZ0ZUhKXzR1WVFsaVJyYXhXc01hc0NnSUYtVk5IVGZJTEFxcktSX0JsaXZRa1Z3S2ZYeWl0R1lMRkhJYlhoYjNzUzQxaVdrS0JaOWllbnRBSzhuVnJmbUxuSm1PNEJDQTBzZEI5WnM5T2VvRzlGcVJSVllSTS1MLTU3dWN1dGVBRzI3UlY1WkFMMDJDejVBUUM5VHVUUUVTQnhfX1VQeUNyOU9tRjMzOFdtaDhpbHk5c3JHQlNzNkFlVHZ4SmZqMWllZDIyYnVvczdnQm9kdi1UTlNhUDU2UlNPRHZLMXRuQlM1VHp0dG40c3kwejRPZWluQlFNT25jSmNmSEdSWWpLd0xXR0N2dkJWSDc2ZGU3dFdwWGs0M0NRQ2ZzZTBnU1NpSEpwdVNHSzI3Uk5rdWR6aEYyVEZOajIzel9udTliYzV1UXhxenYtaFdCOWc0eHlVa2lWY3kyeVNaMndlNHQ2eUlDMUFfNDZRQ2pXSURZTU95ak5vTTZZbjk1anc0QmFiTzVuOUV6UnBkNlItUjFFY0hqSU02RkFmRmtuRFJVQ3ZESzFZcFNLcnpUNjM2bV9BMGxzU19Yc1g2N01OS3F6d2VZdjIyRHAzTU9CUjhJZHM1SUVra0FrMTdUcE43amwxNUF6NzNRdjEycnIzbFJhb1NibVpqYktNcUo4cXhUclczNW1xSmR6Ym03Ny1BajFkcEVwcndiam1EM0ZLX3hYaWktZ3d4S0FvVnMzY0FCZnVSdkxKQzBkMzNoczBFcFBNblRna0tPY1VVTy1LTWNZcTJIVjJMczBuU1NKQUhGeUh5dTVrZk5adFkwUG1nS2pwTVBRdHlDcElBQ1VOWFR6b3ZPWUdKN1RLcF9uTEluMlFPcWZEVlIxMjFaXzVnVUtmcFJPRllCVkJ4dUF5dUlOV0Y2aFNuLU9UYlRWbDFSTDJQaS1KM3VMVGJLSTM1Q3N0VnozMHdxWWhScml5aFhVdmFUcEVjNU9KVmZka2ZKTEF6RXRIYTU1V2RXdlRHZUJmNUIzZEhHR2lIcXpRbjlzLWJ0ZDJnWkM3d2I3QVhvelVUR0R0ZmZvQUJWZXNWWE96blNPUEZ0LUZOTWVzdG5sMEJhRVJUOGtaWG05WEo1akEtRHQ1LWFyeUFfVE40dEZFMXRFM05VU2h4SjJHRXZ6TlRrU0FaQTU3Nzk4ZlF5YzY2ejQyRmYzem1fUkY3WmJkUmxGd2NDVWhkMFR2eUVnOEItSExGWTBXN0dYMVRKM2NXOE5NM0IxeU1BREN5cFZzbTlGQklEN1VMcFhZYzRqbzk4bTJueWtjMWlFWG9rVC1SWVEtZVRzT0V1OVRyOVgtVGs0dy1NVlI0MlRra29CZFZkOGdfMTJmTmM2X0xZVnBFTzBhWUVvQzZuSkpJVlJIb0p6OWNOdzZpTEZOZ3U5LXM4Y2pMbzNVUHAxRHhYVlFNdU9tal9SUzNBQnl4bTJNZ0VvN0NiZnRvZ3RQblNUdndzVzRKZTR1U3NjUy04YkZFOTc0QURiQjlFbUdzR1ZEQ0QyR1J2SU9sVnNadDZ1R01WYjFqS0J5UWJOSDhVMXItV3Q5ZE53YWtzUC12aU9YSWdRX1dpZUYycU1qRXJEemVOX0xZbzlWTWxWMTJJNUJpZW9ZMi1vRlRkdHVQcURoM2k2NmhtbzYzakx0X1ZXd3JFTzZPakZRVmpnOUFxSEZYV2R5cnprcFpyWmxWbjh2SkkwYVRLTDF1bjUwZmExa3VMT1hDRWpvdGFNYVhQMGUtS3MzZndOZVQ0WmRSZ0FEZTlwQ2VZLXpYcGpxdmg2QTZ0SEl2NHJneHRuMGZRRFZUTGNYUklHOTdYU3Q3WXoyN2ltWmV6dUNvM1pZaHQ1a3BBaVhreVpLUkJ1VWt4LXJmWWREVC0xaEdULUNxeXF6R19pTVN1MVZUNldkcjdpMEloTUdfdTFIN3gxeFJYRXIxOVN6VHR3ZlBfSlVxS29zbXRudVJTNHFLX0FXVUwtblpBci0yWXAzQU0yZDBWOW5iazJXd2JvYjB1N3F4SXNJSmJ0RHdzSWZiN053Y0FldjcyaWt1R19iQ0RqZWlHZmhHVnE0WDFiT3pwQV94bFl3ZXRmQXBsaU5ZRVUycW4tWkp6WkRzcVBFdi1iZzgwaU4xc3NObFJDNnNMUjlYajQ2QW15bnNoYTY0NDQxQmJTbEoxc3N6Q1E5N1lCOUJNbmM3bFZabENrUnhSUHhWLTN1WVRnMDRHcEZtUXpOVW9mZkZMWjg3RE82NXg5STdsbGlxQy1uQlQ5eUxVaWktU2hTMm1oYXhYdjZGdlJLNVh6RnlSRkRQTVN3YzJlRnp6TmFrWThzT3paejhBWGdYZVUxbWxTVi16Z19aV1R5QUlySHgweFdRT2x5Y3dnekUzb0pCZkhDRGxNcTBHRDA5Q1UzOVhaeUdjbVNPQzktbGJnb3JtWWZaQWE3Njk2bXZUVVlSclJ4ZEloY2xOdEstOUdYSWJ2Z0tBaUMtbTQtRzBYX2lkOTQ3azZaU1p4X0szSU8yYXIxYkFRSTVvOW9wUDRTclJ3RmF3YUU5RHZrZ2RscWhZaG5rSmZZRW5ZNi1oZVBzRFZRalEzLThpd24yWllfc2RmQmd2WWxHREhlQ1hlQWcwaUdyZU1RcDNQcjUtWDBXNk9NRzJxOEp4bjhENkdEeG11YnBYUGRXdzBBQUkwQUNmN1Y3eDlqaHRCQXRPNEtORno5NkdMd01oSGNmQ2VXQXRSNDlxaVA3Y0tjazBvWWRTU285czAtRzJBZC1TN3JHcDNRRGhsWTloOHU5R1lqR0FfcXpYYlN0djJ1QUpyNnJxQ3RFZU9mU2U0dzQ0Z3poWWREZUxscnhXNmxiVzVpZEJ4YzVzMklJYk5qWXFjUG9kXzEyZmZHR3h2M3pRWFl4UHhYbFU4YnlwNktfVlhYdHd4Y2dVdTZHTU0tUTlsSlpWZmZ0MC1wb25YNHpKQXhGdzNtTzVKdDM4UnhuS1ZBQVlmeTY2ZjZfMVY0VmtmR0c5RTNSMlBlUU56Tm9UUUFTRHhVSXQzQkw5LXg4MXh0Rm9UaUVuV3RMRW84RHhzOVdKQ1lOSlpsalFIaXpOR0F5cDVGRDdyQkI0RFFjSVhvOENuaGhJVFdDa2lIRy16Z1FXbEF5QThFMk5wOU1KY2o3M2lMVnNjNmw3SjRlZ21UT3FaTVlmVmRzZmZKdmRVRmsxNDhxa2RZOGhtWmZ2cVVoQUR5cEZZQktHUjQ3Y3hBNmdReWJfMm9DZ2I3eVkyNFhHRTJ1QjdvR3ZnUlhsTTVST2V5UnlDMUpoRGc2S21lZWFWRmxvUUNLM24xeWZYelUxaUtZRWxfa01LOFdxbXhiOHhxRV82Vkcxa3dhTU1JUnNjLWVXV05JbWhnSTZzVWNwZFJ5V1htaXpGamdFOU1vSlYzaVJEbUVwX2locHpMdldxZ2EweGVQVlNGWVQ3Q09Gam1kMGw3aFNkU0tKNTB4VUVqaUN1LUc5YnFvU0ZoYnNzNXVaSUR2Mnh4clhDZVctSnR2TGFPZHhYbTJ1bW5DRVJKdHdZM3lCUEV5UlFrcEZRZG16blpDRzhxMUNDS2xWWjYwSEduYjVOeWswRE9lMC1iU2diajZYenZIbUtzNmljSUhaN1NrdEoxMmZwbzBQeXdGS29teHNLbzEtcDRORnlxaFlnYXd6Qng5aW5Ga24xUDZRSW54bHhXQVh4a0E5R2d4MDU2dFhSS2FfTUZseVhpNDFFVFdqZVhTYUY1SGgxUUpwU29adHg2OEpTNi1TVDZGOVBtb01BdG5vRllKUlhHTmotLTRFTFJiR19hbjNtSEliaXlBNENieG04R253cDZQZ1BWM0JNZmpMWXg3Mjl4c0dKZkxvYzZ4SFk5UVgyLW1vQ3lRMFowZmhiWG82a1lWb3UwVG9QQVJiaThGV2ZVaWZPZ0RZc2s4TmQxX2JRN05xY2hMWjZFX0ZkT2RSWGVCck1teWF3MUFSOFgtMjZGX0pzdHZ4d01tTGtJTWxwOGJmZk1Sb2VWNlRCeWRrcXR3Wk55Zzg3UkhGVTNaZC1ieWFwSzQ0QUtaTFZSekUxUkdmaXZPbk1zNnE3RFB3Qnh4SzBGTUZwY0VKd1JleGF3amdycDBhUVdCdHFDZkllZ2NhWElQQzMwTnhfUzF3NXhIZnQzc3h2My1LMEN3aXMtVmlnd2pobFI1R0tVcW1qS2lJQ2R0VElQclZyZTZmTS1IV1pYajNub2Y5X2VmSEs4OFlkdExQRzhQY2JBUFJKdnRHd1BkMGZ1UU5kLUk5TFFPdXNlZGRfSjM5N3lhVEp0cDlyYkFOVElheDNQbHJNdU1aWG1NeGNEdVpJOU9fQjNHRzY0RDM2RnBaRXU4YVY1UzNQcGtVc0tHdjNVNUc3U0E4SUloSmJSZjBFWTNiQUVBUVVnREFjckwwbFpYeTh4UDVZS1hZMkl5T1FZYmdLOUVWVWJCOG5EQzdiUVYtaW5BRk5iVk1ESUdtVVJDQjdfTkw0SWJkbkp3b3FQWU1yWnF4c0xYZFRrMTdYOVlxMmxpcnE2aDVIUVo0c3doaXkxWFpjZDczYVNRanlFZFB4MFVZeEUxSHZHWjZsT3IyVnF0RWlHSkhhWV92Mk1lMXkwTU1Db1ltdE5vanN3dndzdWZRTWh5eHgxUXRjRk9uWjQtLUxoU1QybVVpLWtNWUhwazRBTHY2X2REdzRJbmREdllOcm1qS1Vwb2RJSVhFYkVxZmtNenY2QjJtRnlVeV9lVW4wcHpmUEswOEVOZW1GdjdmeklJX0ZkUHR2cmVjZWJPRHhfbVNWUHVObVRhb1Q1RF8wUGZDd1FHdXlqdzhNbnVFYkc5T05TTkVJY21RM1FXUVNvTmtyeFJIckMtSlM4LUZsR0hvTmlsa2s2NjFoWnpYa2dXOXhyQ1V0VDYzN3psN0M3ZDdaTTVvSDhVX1gweEl0cXJoT2hjOGpwaS1SZ2ZKYVNIQjkwQmR6RjlPN3NEMEF1V0lyYmZQamRYY0JVZW5EcVFTMWZ3U2I3bU54OUtJZ0VaTjRmZGdjdFk0WXN1eWlOSXBQVmFaZ1lBb2hKQk85R0ppdndpeW5TRHBMNC1MVElCUnVIRlF4M3JmTmZlNHJWZmw5d21hZlIwbEtiR1hkUkJhWXJfaVZ3WXd2b2tFZGhFV0xPMEcyS1dxN1QwaHNJMFlDZmxHa1I4dy1xbHJVVk5nOXItWWpiWm5HbmJkUGVrTEUtbVhjM3kxLW5mc2ZURXRvV3NrTVpaUm1lczM5U1Raajc1aG5mWDZDQzNQTXpTYWFMakR6SjZuaFlsQWE3dE5JR3NfRERsbXRvaHZjTnhHMnpZbU11eFJqLXF3dFN3dzcyZXhxMEJ4Z21ZZDdxX3FtZEJLX3NfU29fekZEWWdIMEtXbG1xMGR5c0hxLW5oLW5FNTk2alVZUVJwNmxfMzZqT0xiSXZSX1JzYTVQSW5MTU9EUEU3ZVl3U3JRbDQ0LVVoVTQ5QmFqQnFnU1RCRjJ4SV9rcFdmWnlpUzZnUEZwWk5jSVgtV1JyWU5SX2xjYm1PczZIUFRDc3cyaVQ2Ty1hV2FJOFI3YllmRkx1VGxnUEU1LXp5bE5za1hwdk5zakR5ejlueXR5YTFkWTNwa1Nnbmg3ZnFGemExQmFGbjBkZm5YdGtrZ0FCeXZBaVREaTVSTW5ENXBYbkVKY1dJNlc1TXBXX3gtek1iRkhNcmgxMVNCY01ZUm1aWVBGcGVVbFdqaGFnV1lOYklHOGtSSm13eTg5TlN5QVZxNWlDNGFGd2lObzUtNWVzTklzWWFVQ3dPNTlaa0Mta3oweUtlWUExcXlUR0p2aFJWYlVLSUl1LWJQTDFGSkUtcjV4R0lSZkJ4ZG5ycDF0SmpibHVzb3E1V1haUWxJLUdvWXNSSHo0cHcxc3lvVTR2VS1WS1A3OEtFbUQtTk1Xb0d0a0JRSVRqbklVYTVuWHlrOHJPRE0yNnhHOE5aaDJQTlZRNDFVckZScFloemhKQlRVZnFubTR0ckJCSnNsTFludU5pTmJ5cDVkX200WUVTYnpvUngtUXN5MmR2ZkVsMVpvMTAxSnhERVg3aHMxSFQ5QTJPUG56dDlkSkdWX1lGZWR5UlA5VWQ0LXpLY3ZFWm05QkxXbXZpX1N1LW9oU2NmSVUxeEtCbF95LVE0czlUei1LUWlnb29ObHd6RThrM3NlX2xfU2VwZTdXSkNuR2doUmtmMWFwV0ozZzVLclVPcVZwUktzekhSazc5RjVuSEd2YUt2SXBobURLWUlyUm1QMXhzWU9iUVRKeXpQSzI1Zm9UcHUtU1dlNHFCTWxxcEt1OUM5Z3Z0UUZ3a3hNb3VhS3ZFcmZGMGpwUGF0Um5kTnk1ek94emY1eE55V3FNNDFobDFkdzVYbG9UdWxrSjBEaWEyWjF1YlZVdnZpOUdBZ1FxZVA3eWszcHdxTEs0aUxPdDVrTUVGNzdoaDRKWUdIMm5LbVhLUEFVRFFLeExaMWplN1lpcll0QV80UEhxaWlVLURIYnJlaXFEb0dnU2xFTzBDby14RmZKdW1SYmZOSEZSSGczRU56clVvYndaQ1J3MkpXX0xCX1NtcWVpT2phdnJncWN0X3N5RkRNVy0wMkNFVGtPdjBCNDM0aU1QWjdsOUtwdmdqUldQMGlEV0E2cHJDdlhEVHRjcHlZQkpRbHRxeDF0WWptUUkwbWtKRzkyRUtsSnZyT2tuOXlWSGVaX0VPblk3QklFOURwa2xmNTA1SENqdXRmUmthUDZoUWtzTGpEc191bG9KTk5TM3hTV1JjV3dydVpESU91M2EyVVREdDMyR3M3WXVRemllaTVlWnBjUUJIeHNyWnJOWENLc1JvOW9ERjVWTjhXUUdvaEt3SzlpUVphNm45MDRncGJPTTNxeXMxajFqRmxSS1pnektMaVNkRlpXXzFROUw3V2l4REg2d2REdGNzZ1NRa2R1Wk51UmR1OFBwQWpTclRYZm9rdE9kUnJNUWh2REg1R3FoSHhWWFItclVTVGJxWjFKa01YWEt2cmVLZGRyZjZHRlQ0NWdwZUtXWDNfV3Q4VDAydENMMnZZWVdSeTd3dXBBOV9QUWZXUXBVbE5MNTRQbXY0d083dzMxbnlWaUpPRnZ4d1dGblFxZk5nbldKRWllZ1hIQ0tHV1h6RmlHZUtrXzZRb0tIMVdtTlFZU3VmX0dVRVdkZGNqNHEwU2diRUpKb2tseTZaQkR1OEVYMGw1VUtvcnpOUUx3SWMxeEpzTTJnOUd6eHNMR29uQmtEeEROVlpfMEkzd0FIUDlqdmx6RWFPa2tNWm9YYXhGNUNwVUR6a0xid1Y3OXVRZEJBODBYRHB6RmdaTXVyWHlBU0p3MXVMSy1kVjM0QUtTUy00X2hFbXRJdnVERTBabU9fLVVZU0JTTk9oTjJobzFIeFNCMEQzLVljZDRaTFVpS0hucHVtRGdFcUpxSmJ2dExLeTdfeUU4R056X04zX0V4bFc1eF9tYzExS05LZnhmVnRtdHMwVXhvLXpyaHAyNHlBWHA4dDNvaV9McjlvVC1adGM5Q1BLRVc4YVlqelVPdzQ5UEhtTXRDcGtHRVROTjdmVnJQVk1SWlprLS1IRVEzeXAtTWp2S00tN1EyZFVYZ3pmUjVZa1ZCVFlmNjlNRW5FZE9VbkpBRzBkVWZtQ0tIX3FfVXhfSTcxQVFrSjFlb1A5Z1R6R0pmbUVBTllDN0JGYlpjOG5xeExYdk5VOGJra2dXQ2xNenNuRUUwTVdNcTJRNlBMb09lU1VXQzVCeXJZVV92VW85WE1qU1IxT1NKeDhlaWh1a2N5b1gxX25sdGxwQzhYemZfTzZyZFRMN1JsWDM2bGwtTUJwbVlEZDlTZzU5Nm9xNUdGamZ5UTQtYk80N05EMzBXVVlMcGY0SjFDelJTSm1NejN6OUY0aUo3MDBuMTdTRDhoNHhLMHhvSlB0c1Y1YTN5RHNfRUlWVTN0UnB6VGZPUmg0YlRZYXByTGREb01fYjBVbGNGejY4NzFuNjY5VElaSjZtR2ZTbDdvZ212MFVEY2hVS3I4LWdnTl9VOGc2ZHNkZ1FRUzY0Ym9FU3VXd0NCQkpnR25mN3Q4ZWo3X2YwY2lhaGZwYVQ2TTYzTkhqSkljYldicTAzZ1hPUzRya2VKS0pLcHVSVmhucGM4ai1qaFJiM2VIaG12NzZhaTFKR3g3V1FaOFJNNy1nSU10TWVwVHVFeXRXOVRxWUFjdWhQV0lpcmd4VjFoOWl0Qk54Rzdnemk0UEEzaHhCcThPZHlkTU1YSzZ2NGk4dHBpOE4xdFJFV1pGZXlYcmZqakhRcndlUHZnU015VnpTeGQ2T1JIWnIxUWVLNUh6NlJJakJ6VGxuUWdHMXc5WEZ0MkFYcnVhcGZ2bHJBUWVWUERnbTBnWTdLUXUyR1lRM0F1TnNKVzNFeUFwSXhGVFpzVWlhbDFUVGJxdWJYU3ZLTGNvZTlKdTRrTzJWSG0wS1VRU09jckp4Tm5ZbEdWb1MxdmdBYWRVVlhfR2hLT0E2cTV6QWdkcFZORXRsS2pxX0hraUFMQ0NRVTJoUXpweEpMMjJPRjJPNDd3QnBSNmNqWXprSC15dnYxWXNSbkw4OF90VkU3OC1FOHZmRnFvLUxud21BT2toVmRQVFRPbUtHSVpPOTVYS19wa3FsN0dYMElsdURuZGJkaUlxV3NIendrY3pnWUFnVVcxTFh6R2xTVzRPRFFZdWFUa1ZnNWtiLXFDNWVxdk9GMHlDT1Q0TUZsSTVkalp6aGVITWd3X0JEcmdjX2tzYThuMXhMbEc4V2Jld0hzTVg2V0xwSElTWEMwMEI1ZDJzaUpna2hEbTh1RlJSS0RfYkU2MGJRQzlpYUVTbVYxU1g1UFgzeEN6Rk1iSHpWVFVqMTZGNWVDNXZ4a2JVYVhxZlRwQUFlTDk1NWZqRmlKOF9UdWlaWnBZckZzQ19NSk9DSWlJT2VDVUI5MDZ0a0JxUEtoVkN4YUJETDVOV2hjSFQybjUwakowRHZVSWs2QUl4YnFpNGQ5YVJBblBNNHFpSDVKWWdhSEZzaWNwN0t6a3RSQXZQR1I5Z1oyWFVtUlVFT0JKc1BpbHEtVXZjS2tzekpETjhKRVh1OUxxM2UtM2l1Q1lWcHl6SWJna1JkN1RwQ0gzS3hTTlRSZWNDZWJMaTlIeGgzR2xOSHJXOTFDZUcxaXBnSG1FNC1tYV9JdjJBbEw5c3FzVDBSd2hTNGp5MGd4LUd6N2wwNlBuVUxJZWVFWkg0NGlMWVlnZEN5WUVvejRhd3hibTlWeVRFUFV3SGtGVzFEXzhoNmE0STFHTmdobC1lMEN4Z2xaa01IQ1JFeDctbWJOY1NvcDR6NUJTWkZ4QUg5b2lkZVB4Snl1c1FCbGhGNW91UkQzX1JlbHNGZFp4MGJIX2Rndk5Wa3hzUFQydTdQY0I4SXhUMGk2ZFo5cFlyMVlySW5xdEdNNzMzQ2Y1Z0pHdGZCaWVLeUJHcWY5WWZSOEhDbEZTUHcyVEttLUg3TC15b245WW44bmdTT0c5RzNVS2RiWnp1a1VuSVNqbk9tbUdTUmtlRnhLMlBsQ0g0UnFiZWhza2dLSkFaeGtyaUY3RktPWWxHamNmSmNDTnY1VlYxY0s2aFNfd1pwZFpwQnRUcE1vajM5VmtRemZsbC1VQUtJMFk1N2VNSHdEaE8zaEJjZXBxLU1SQlJoSTNBMGZHeVZOc0F6UUJZdXcweGlsTFZ0ZFJ3TjZRT1RiRlE1Mk5MVUNCX3hYWDE4eUJZTzI3NlJtc3p4eVJTRUFEaFQ3eWowZE9QblJGZTRtcFg0LTE3MUJlYkJpRkoxTWowYzBBRWhTUGVGbzZuS3lUTHlLZThoa1YzZHBlbFRhTVFDYU1IdHpvbVV5bnJ0RGg2dlpYTHFqUThqZkRHWElLZXJJY0hEUnlYZzFFODBsbTg4SFFadkVlSldCMVNENmJuclNjcjVXS3l1VkFJSEM0ZzRRcDRtajZ0T0RadFUwRmRpODYyM3JhZ3lGbHo1UWtobDF5QnZpalB3Ul90MkhTd2JaZ0t5ZEtHYS1SeWZxcUtoSFY4aHA4a0JzRGxRRTNFQ00yRnFEOUhra3NkVTRVSXViWWlQU2xIOFEzNW1KUmM1SEVhUFB6dmpTRTVhMm1VSk1JYVhnemFaVUZJc3ZyS0hTLXR5dkRON0ZkcFMtUm9EUFdIekgzdVZESzlfeFY1SWtIdHlPMFBZOG5ZMjJ1b0l6XzNNR0RsRDBlMW9IV3g5MzNpUldkSkM1NjlLWnR0WDdBRUtlelB2ei1YMGlEYlc5MDA0QkM3QlJwRUVrMkVuVFJWdDMtWjNLUS1ZNVJ2V01FX2hyQVJUWmo4b0ZkV0FlMTIxa3ZqdnRrNWp4VWFoM0xXaE4weVFxcTg0Q2dkcG43MWlRaDduZjBJdTR3aV94Y0NBQjJXTTVtUzkzSk5HSnVBY0t1QUF2aEhQbG5ENWhqYVd3NlZDcFpQdTBVOTJJTjRvTlV6eW9IT001UjkxcjBjc2VxZHZXejQ3MG9vQVNCQmZpYUZCOVptT0tYVnI4ejVMeXRia0NmZXlSUEdudFJZWEc3ZFRCZ0tWZmZYR3RNYnFQWjlES1hsYVNuREZMRTNabElpR0hDZ0ZmeE94UjJXT3RSdXY1XzZ6czVCVXB1aDFoT21hRnBVMWZCdXpaVVJhbzlqYW54czhucS1HYWpUSVMwWlcxSDdXeDM2UGJIQWs0dkVPYzlfenhhclhYY2ROTmZLLUdCbDc2OExtcmZJYjdSSVd3bXFrcHQya3FZRlFKc1V3bm0xNkJxZmVOUzNlbEJiSFVDTDZIcnJlT0RHUG5ZLTY3SGRaY2ZwNDVxajVsMzVab2dtdF9iV3g1eXZLRTlHNFhTUFJoYVpYNnozWmV2TU9xSVJmMlB3WlJSY1Y5ZkljZGpsM2w0aENvRDdZRkZ3djRfbmpmR0x2anVFUm5hQ1l6aW1taWdRaldtZXMxbGtKSXlTcWE3Vk5RODlrajc3OEdhY0MtOWplT1I4ZzZMR3V0V1dFckdxa0JsOUpuRDBXU245VVUxYTZPYUtVckczeURMUUpaYW9KVDlRTXNrdThoX0lYSDV0R0c0UzRnNkluVHR0WDUyZS1QdzFJX3pKM3pCWVRnYVlzaVpyV1N4MVkyTWRlVDZfVGJabWM3VV9LZHFYQVZCbXZGeHdkcVd3c25TdGk5OFVXZHRrS3dtdWE3eTJ3SGxtUUM4Rk5IT3NTR3VMaHByODJaZFVIMndwaUd6WWg1Q0tzVlV6RGoyeTRUejZ1WFM4VlM4XzY3cm05ZHNZNlh0SzV2cmlmMU0zUHY5RnRHd0lnTW5OakFpUllKdTVZdFNQdUc2QTJzSHhhd1N1dDJJTXJtYkQ1N0UwWlBjSzh0dmhjRVA4YWM0MGpTYXByNmdEUHFOWDF3WWVDX0FHeFZlbkVTNXVBNDdHSmRyVS11c2JpRG8yOHMxS2lfSThkUVItZHNyblJURjh0bERGSGdHcE96c1ZaMWNjd2ZoUTlXRjB2TUxRWXJwNnRJV0JiclV5alBPV08xZEpaZWtXWWNXT1FGZVpzWVBqTHUzbEg2dFY2ZEt3SEh6UmRsUWxOUnFqUVJVdm9NNTkzRnA0R0txREVKOXBJNW5WSnc5dFhDbUE0cGhyTFE2TDZHQm4zOTAzLVoxbndKWVFFTWRZdkpCS3JsMHhReWZOYzZMcmZsdlk5ZEtiaUVHbkd1WjdlTUpzeVhXUkFhU2FQRnR3ZThUaWVBUW5IVC1MRUxJNmUzOWZZR1NpMmt6S2kyMk5CdkFKWGJ4LVFSNVMxT09fS2U1Y3kteFVUOWo5TmQ0VFZxa0FFYzItUG0yNzEtQjhoa0VPU29FTGR0LWJNZEhDZThOaE5WYXhNbkJ2N3poby1VcGpQY0t0LXN6azdSLUhHQXNfNXJMQzhuNnQ1NnBnbjhvTW0tenFmVjNiUmlhWGJScG1NN1FnSk1yQVV4WVpYQXktMGFlUTBSTEgxbWZ3WHdXM3loaks2WkRweXAtNVVhNWh6Wm43SXdvdVRKQ3NlNUZOZkNGR256bTl2S0VLREtmZGpIT0MxYXp4N3I1X3VldTVkMFN0elI0WG1rcmFtamp2NElNTG1oaWlEc0ViUXhKU21sbGRULUZ5LU9JNmFfZU1wMTd2Z19Kb0lFc2diSW9PcXJsbGJCUk5aZjVJVWlmRjN0blVHcXlTdU9TMGZRS3EyVUdGVHFSLS1tWlBYSGl4TmpOZkJsaEdDaGZfdVRWUVdKOHlxcWxfTGdDWnVsOUl5MVp4VHhpUkRsbWlPMXJDWkdmdnRkRFpjSjhFbjh0YWdSN25SQk1tMHdNQXp5SDNfQWF3M1hzZEU0ZHQ0Q1hRdU9MUENHVWZKdVBCUXBzYVBWeENCcmxOZm1YcEZtYmhJSEMxMktHUXAzaDFSd0lkcmhVT1Yzb2lOTEh3dFl4Qk14Q0o5d2N5aUdhbXFMblBBWkpPQWlFOXRBUnN5MG44ZW54ZmhqT3JCVFJDTUpNZ3FmT25OWjBBeXExaWFmUXRBQVZHdHFPVU51bkViVWhaSmFWc2h2X2NJM2dLdERBNlcyY3NiT1BXNnNkRmpIZl9mdFA3czhNbDhuQ1NtdnU5OUVGVVZKVmV2TUoxZWJrNm5FcGt4a0FvbXVFWWJ2Qzg0bXhfV3VrNllLbjg1N2VCM3ZFb1lmY2FObU9PWjBlQnE1WGNwanFmNHRsX2FsaHUwMGJEWlhOaXdJZEVUd0FtbExwdU5lRmZCemlITXVfQ3AycE5HMURwVzUyTEtyUlVmaU4yVnBGWGM0WDNCZnlObGdzT3ZkZFY4Sk9HbDVvbFIyV2xlNlNhQXg0UzZwZlZkbmJKQWk5bXZzTEVVbnZYX0xfbXRLYVkwLWtaUkJmcjd0azNDV1I4el9SQ1hmYU1mX0NGcmo1SFpNdlpvYzRmY19oY1NaU1ZfaEtHTEdFTERYeEJzOHB5LTlCdENwd29PcTFLOW90VExqYThWWlB1RDExTGtfQUlTd0F0YjQ3MEsxSTVPMUR0Ul9YazExLTZUaVZYSUtyTmFEcTJwUm5vMGZ5RkVZU2ZMc3lDdnAzVkpFWDBaUEJQa1Q5UlJYR2FlSWdEUkUwVG1RcFZuMDJ4dFl5SlJZRUl5WVpyQV9lQUhRM0NuR0FwdER5WEQ2VHBTNHZ4aGk2aUZRYktfVGYtTzNUSHFPNnUwQkJSTGVhdnBUVWNvNndNcEpJUDNiUEppa1lwWWtBMmZoQTNESlRxM0xOOV9YOHMwNHduUDFLV3dXQW5xVEd4XzRCTG52NkxzdzJvaDJDNy1nQW9TSXFOUnZTdTRoWG5kTTRnYnpuTS1nZ24xcWY3RGFxYXloYTMyNE10cVpKaHZuZUdhbFN4R2tLYWFNX09GWmsxa0pmX054VGRyNmVrNTJTZm1LRm85TG45TmRtdFU0dTAwWHJZdnZYM3EwaExTN3REbnAtTmVwMDRtelJsYjRvbjA5WjkzVHNqRWVSa2ZxYndNekVaT0otcjY0UENMdnBGOUJYUGQ0RjV0c2RMU2I5Wk5ld05yN0FoVW9iVUc3Q1JsQTlJaUpqTnI4WE5qcVpLQzV0S2cxa3Vqdmd0RlByblRtRGtrdWpUTEx6ZzVXWjNaTlZFTTNuYjFOcDZ0RWk5bHd3SHNLLUExa09UWWVxZjRsM3ZyNzZRWFpxTkM2Q25vRWs4djdzY1g1NlpyRGNsUU5jdmwwX1FQSzBXVGJ3VmVEUFJWeEstUkE0QWNGYmUzaTZkVExXenpFeGNrRUp1VHJ4VnI3X29peE1hSS1uZFEtS1pGakhkV0xVeTl0TEZnbUpTNzhFSVJJQVV1MFIzeGFIYmNuc0U4dG5NYmlPOTBMLVpXdWxMTGx4UXg5R01UQVE5TVoyNGdJa0VPbjJubkJGd0xFaWk2TlhMSER4bWxyTGJkMk16TVd5b0trdjJXWjh3T1pyQ1JjTlBGNjBmdElqZzk0bVJRX012OTMwTTFpYTFhMnZ5b1BlaVlVQ185WUl1Z1NGVFdLLUxGWS1wb05GOFhBUUJDclZXWHlnZFVxZGRmNDloem1tRk9nZ2ZuNTB1MmFpclY3RXg4RzQ0TnZoMm5EN1JCaFZFbGJpWlVCdTZRdmJyaUtfV0s3UWtpVk54cGdhcHNjZ01VMHJ5V1EtXzhOOTg5bGd5WkVHcnA3b2JOS0Z2X2Z5ZGZYVkhGUlpreXZGWTQ1RHJlTk9rRUVyUlF1Q3Z3aGxDVVVkVUgyTWZ1a2d0UXlLWkFxcElGS0ZQbU5jdHE0ZEJnU0M0ODhtZFJHaDR2ODZldnBpSVB2bFo5TUpGTmxnN2dfUlBEclRRN2k4RXJJV0Ytczl5UEpJX01ZWVRGSUgtbWtnVlExMTNmWU9yT3plcFcxMUhHZVRhcGpxWTYwaTZWZEpXRnE4b0dHLTh4c09Jb2hHc1JpemFHalRzRTlOYXBnVHdMZk12VVRYRGNUSFlKNTJoaXlLeXBpTnl4NWwxQkkyQU5xNkgzMUtuejJONjBUWHRHeF9DaVh1Um5xVl9uSGVzZVhXZ3dKT0tFSks5cFdhWWVSVzR4U3VoQWFtMVQtaHFPLWFSY2hpa1NrcFF1S09sQjlSRXFDQ3IzYUszTTZBWU1VZEVWakJhaThQU1hsdERKN2JTcWpMcFlqZmFBR1ROMkNjYlctSFY0UjR2QXVhYUVfbXBqSWZLY21XMTQ4aDZ6M094aW5YMGNqdFJJNUlfdkxEY2FBRmhJS3M0MWZRLUtPY3VuVlV2SVJUN3RlV1R4SHNQeGxudndZNm5CTF9Zbi1YZ2VkVllkcjdROUlaZG5ObFhkSWRTS242alBpa2pCVGp4bWhoYnhaVy1kQ0liWjh5eVNjeGxsQW9CdmxoVWxsRVp5b0k5X0Vsb2VGb1BrNFBYaHp0WEpNeG5HV0ZNWEJYdWlHbXBreGg2QjBLT0RYNFpscUVnalBPYS1tWS1uS053aDJGdmRDcVAyRmNnV1d4Y3Z6WWNXaGZJTF9CNUVlNy1hd2xXVUxKNnRWeW9qMDdHYlNqaGpOem56YmJiTXFVRFl2RUEwWGFHZHhZaXNTRlNtOE10MHFsVml2OEs0TTM0eVN6N01MTnlWZTl5dWhWMGdQNkQ5Rk53d21nZU9nNzNENlhoYkdqQzhnWkhrbmZXbmRuX3Yyb2ptekRLWXBUdDRUQm9ncXRaRnlsUTJKMzFxMG5GUXZLRXVTQWlhQzhrNkdRX3FFeDN6aGQtcllBUVFkU1J4WXFMNUI4RzU0SlpRMTlGLTdYQVB5azFxdXNUN084TXVlRHh2QW93LXF4MGQzYmxtTFFpcWtIcjl5UWJpU0cwWFVGUEp3U2s1Mm5VeGtxUWVlUVhCRnFHSUI5eGxudUFRSER5cnprbXg5dmt0MEwyZnJqZERrUlJmYkZVaXZfVUZTSWRzSzF1aXZ3N1dfblNGUlNwMFFrckRiOXZONmFkZ1JaWHF1cFZxSlRFcEdvVTlZaXlUT1JwRzYyNGRHcE8ydmlpMDlvaTFzNUxldjk2Y244dkpHUVJEeGpCRXdJc2ZfdXZ3OEJYMTFReWhDYVRXNVdyc09WRk43N0NUNnZhQVN1Zm9ucS1YRVlQNTBrbjBUR3pRMG1PeTJQX1Vwb2hRUDlmZWV1Mld2enR2ZFc1ZGNUdm41SDVFZFUxOHBBU2dlSzAzTWpEa2Y4ejEzVl9kWXJhb2Nia0Z1MXBoeVZXcDFUMTZHTUtlYW1hNTIzTkNKbDhsYlhkRkxsdEtWbXZNWXZZNW04NHVkQlFNeFBuMVBJbnBPdFRyRDYzQW9HRllwR1VhS1ZEQ1FHZW9jSVZRdmtaeHNfbF9oOE54OU1ZRDZUdTZPMk5UYmtNUUl0a3pTbDhKY3hDbWtvTG1jaVJFV3hrOVc4cEFmTmtsSm9kR2ZZN09FNEpqaTY2bWFyakRwLUs3cnNiU0hoc3Y2dXRWcHpGYkplUjNCZFpLZzN1dVhZVjJWYl9ab3BuYmFYYjRXM1NpRWcyc0o1NnE2SFV4SDFHcWpMYVN0NzNzQURQbmVTdl9YdEZtRW42a3BlVE5OWUZncTFyV2FCelB6cm51cjlJQWpkbExrcG51VjFTQkNTaXNKU05yRXdnZWlQQmpCaHhVY1l1V0VLVmpfMXYwdXptSmpyTk9DNkhoYVZoRDRoemp3a3pkNHFNWmdvaFJ2RklrWGZLd2d2NnV1TkF3Sk1xT2RuSEszYnNOYnBPRHUzeWdPN19GUVhZX2ZyYW9YMG40WV9QYnRyeW40RnFJdmljdmRJTlppanNtUDJ3dllCZmZGdHB1aXJzUkVvYVdSbHRoLV9mVmRkWDBDTUJqVXlMQVlmb08wMVBHZzY5ZkRMZmFoSGpkbXUwU1FKbEcycVU3ckIxQks1SWRtemtWb1M4OTR0ZE5KazFsOE9GR0VqRUF3QmFQQ1NtdVdyYVBlMHpQWl9tcUFMbENhdG1pQXo5dzBDZmROZE5NM2pWTzBLVE4wX1RLanBZUVM1ekJVME5BMzZ2Z2hXU1NOY0pYckxUeWRUclpaS3gtYm1FbTNac1JsMDg3MHZSZVhoWVNjbTUwd3BnNEdQd2plbFlCdkFSeEQ0dWFUV2lqYzNXZWprTTJBUF9wTXFHU1djajNkY1RZYTk3cWEyanpLQlAzV0hyXzY3X0hXLVpmS0l6S2c1VlBtNzZ3M041ZmJ5N0pFSDY3Vkpkc3VHNEdCUjltWk9zSVc1WFAwaV9MeGs2c0xlRDcyM3BQQTJ6d1BTa1dLcVozRWNpTU4xTjN2N2ZvRlFUdnhuR1RINS1EWHZVSHpYRmlVU2pwajREUkcwWnZTMGJuT3kwSUhyMklScnhPQjk4WGJYeDJieXRZZEx5NmFaWGExb1NrdGNJT283SV9hWFVldDRjRXRta2VOTnhqTExkMlJpSmpVOXVRUVRkRnJWY0VaZU5fNE5iWHVIOTIyMm5Hd3ZzR1dUX3YtdUQ5NHB0czRGdkFRNWFQdlhmNkwxUld4QkpnVjlwajNHVWpfRF9tbzBfZkt1ckFLbmozeWdfdXRoMGxrZmoxM3hZVGxYYlZBYjJWam84MUk3M0pVVlBtRy1fcWt2RHd6am5Zd0xJanNWd1pkZkhSZUloUUdadWdKQ2UwbmI0NDJmb1ZkRkw4blNXV1VENW1lRkRGVVF2cTlYRXVsVXpDd1RLaUtDN0JsQTRGbUR0QWdSbUZ0cVV0S2F3bzhpd2VLVHFrb3BybUVNeV9xOHdLMjZkekNfZFVsNGhIdkVhTlFfRC12Qzh4ck1YZm92bUMtVmRUbUpXdkMtY1YzWlMxS0tZU2VZMmQxeUg3eEdmLTV6SldSZTdCTERKNXU1QlpZdGh3WVZSamxxWDIxSHF6WHk1RTByQzZBeXFQSDVUTTkwNG1vcGxRdDk4S3FNR3d2bjFvZGppUF9JRHQyWUpZb0pYaFRueHBaOXJqR2tTeUdCWUNhakJXTUpUU3B2MUhtM1doTHdmNWNjMzZUTkxHQnBiUFNDREVkU1hPVXExUXd5QTZqV1dqaWdfbmliTHRwalZQNGp2eE13OTYtcUhNbGFqLUR3blltY2p2cjJ0VXhFY29zdWlEMFRMN3NIOFdXbTczejdXZnNtUmplbHlBMmVjVTJTOGp4dWdUN0ZrQVgyUHhBWDAzTHNjMVJWc3JRR0M0c1B2YXFJazNNS0pkdEMxVk84YnBKUVQtZ1RNY1loNmFDZlNBcWNNaHRaSjMwWWFLak5fV0NWZXFBcHg5VGN6dzZmNXlwZUZKaHZhNUF1bXd3LXF6SnN4cDFYVDh4Vzk4TmYwdVRJOFN3TE5Ib3VhVndXTm1iY2ktWXZKRVF0NE1uU19pdHRIYnRneVZOOWViNmFLZXZ6Nm9UQkwzUkU2TUw0aDJmZHBVWjFBTUdWUGRHMjhkb3JuV0wwWlRFLVFxYmdGMGNYdXNESU1FTWVBSmRVZE9lMkF1VThPSmMycktvLTVyVnVBMGd0YU1OZXpveklSR0RXM25lS0UzZWdpeUszdVhwNXlTSk1TNExQU280T3lBcWtBdGVmSmIzMFVkY2VJUlJhc0RwSWxMYXRPdVoyXzVoTU1MTzBjQktPbDVBbHk5RmwtUDJkZE9BQ1ZSSVBoQTl1Vmo0LU1kQWY3bXJobjNCbzhGWEgwd3E1Tm1IVmhEZTJxTVF4YW5iV0d3WmdSRjAyUE9fb25tdGVhWE9XNDQ3SUtBTHByVmh3RUhwR1hsdFUxTjR1bktvSXQzRzNMajh1Um5JbXBtT3h0NHFGV1lRZHNsM09wMjhWeml3b19vTjNqQWJCM1NDVkY0Qk5GTGhrY054aVpsRUdtTFFaWlpVMlNxalRXVFp6MHZqN0FaeFNMV2JjZVpkZGRLcm4ybnlxRkVoaXpLcnY5REV3RGh4TkdRdEdxVUgtdmJEWExQM2Fqb0JGWWtQTjUxQ0tYc3cxV2VHaUlaVENGSi1mWkRNalZSOVd2NzIxcWp2WUxLbWdKWTBNZlNody1GT3BBNGt5dlFzUlNFMjRXZWdid1Y2Y1FnY3hCUVNVZ0xiVXR0QmhXWHNyMTE1em5FM0NzMFNNSHo3eXpNQjBMUjBHUjlvTkNhdDhLX1RuX1pHNFhRcUJRSGg0NnJnVUtva3p1anZpMHJNM3haUzNwZWtkRHlvN1JzNGJwSU9LWVlzTjJhWmJkMzZscEo4Z1dOUzFldndaaldpUHI0NVNoNWJTY2M1MEtEelpseVV4a2JUNGpKV1BFVnZuQ3gtS01DYnE1RXByM19uZlZsQ2JLR0hfcHU5LVN2ZE1wcTItTERUZWdyekVkdEtobDlNTGtXV2hzRWpNTDFpdkNFdVd5YzNDUl9LcDZLckZOVnNSaFFmYU14VWVmN2hfNXVPUGdoNlJoYXI2NjFaNUdpbkNYRTRFd1dZZ1hyTnB1RzVqd2UtSGtpb0NObDVSNkpoaGRhNkZxSGxSYkdabVlMbWo1YjEtOU1HRmxBNWNrbFRIa3JuMHY0S0RhWFRtOUVOcVd2YlpBWDEyalhWSl94UWZ2RDNJSXVtTzJLVENlNVZoR3k3amk1ZVpGRDNSakJBZW1CMThXOHlqdmZrYmtUNDZqdV9OWmlHOWh1LXFxUzliaENMVE9hZ095aDRkd2NteUx0cEdzaHZiSUV6dkJyelJkc3o5TFlsbzdsM1F4ZEZzMV95OFg0QUN4N1dVYlp2S1BwVGpmVVQ5bGdyWVlXWklwZzUyb3diSHJHcVA0VjZfdVRtdjBTeHQ4bUtXN0tNVUp5NnczR2p6UUtfWlhyclE0VTlvUlYwbkd2MzU2T2tEamdfWjd1ZTZmY0JZZ2R3eVlTRnA3REJDZzBKUnptTWJYcHBUdlVtSmhPUzU5cFE3Mk5lN3E3b2ZoS21kSTZiakM1SXpnTC1HOGR2czhZYnRIcDlUOFJaa2M2dDVyXzlVb1Jhb3N0bW5rSl9OVFFGSlNEZ2ItLS1MdDgxQldIYkVmUW53R2V6VXpCQzE4dE1lR0oyNWhNMkx6bUJBa0FRVjJVblBvMGJscjFaREowX01tcHktbVdTVmt5ckRFNVVESEZLNXJwaldmMEsyTVlURUZIZkFfWm1EYmZVenZ6N25MYzk1ck9YY25qT0ZwQzJOdk9obDdpUmE5QXljUmd3Qnp5VjdVMHBjdmdhWnBhTTFBek9OSkprX3ZBRWdoRk5mRlhQTHdadUFWbUZHOVhIZ3RHYTdrZURrYmlFZVlMaXJtTHd1dU9PbTB4cWNNemc4SmFOaEpTTXBBWU50b1V0eHVJejlBb1ZXc2ZfbFFLVkE4RUVhX2ZGSXh6Nzh2aVBiVUFoQVpyR1I2WXJlb3FLTkUzLWo2ZWRON3Rfc2s3WkVjYXNWcFNKM05JdWFUMWhkRzdCa2FVTjA1X2ZxcFFmYXZlRzJuVHhQYTRpd1hFN25BUkY0RlBQWEdyb3hFQkhzR1ZELTVWVGRjZS14eWdxaFk5U0Rld1J6T3V5RF9tSUx1R01pbHJaakY2OFlrSnNsRlNOUXVYSlNMbWpSc3pYSFZZazBUVkJuTWhwanhGRk9JVF9MMzNYSXlILWwwSXdOXzV1ZHpQMlVOdnJJbzdrZ1JkVHJNdl9nQWlVS25qV1dHNENWMmFkdVN2bmNJWFRXZ1pzWHdHTXVMTXRIa0hJLU5fMkJKUXFZNW9wNk9PM2o2d3Y1bUxMenM5YVVQSjNCMnZWdExJTFlZWm9PTHZUN09SNDZFeVF6aXkyYWJ4aXhYcDBkSDBiSTNQem95SjJUbDBRdDlPOVRjVDE4ak1kbUpoSDRQLVNHWGhGTnRlTHQ2SGxjUVJ1QkZ2M1l4Ml9GNXRKM05BajJxSVExR3VpRTdJRWlYUWt6cnZYYVZFcVhtV0g2d1FPc2RVQjl0bVJHZklhY2Q0dUVmdHYyWmQzNU1ZMElEWDNsbTN2c0pSU2Z4YVg1ZU81NUVocVRSVGs1c2JrWnkyN05WVnlNdE1yS3BMc3FGTjNDOGRLNmFad0lSVTRORU9wQmdsdkhtSWJVN2pvTXhiU1F0eVp1RWFBZ3h0Z2lVdGo0X3lwTl9ISXJqbDhhUjZkd3k2MGx2c0Fuc2JMRlJlRVVUZEYtMnlaUVo4TmtEY1daZjNyRklxZFJSYmdwYVpWNFJka2hVUEJ6N1VKd1Zob010cWM0ZGdKalpJZzk0Sm56bGI2WTVzbVB5NGxkdXpGVW5aZUFITXRvWGJyLXR1VUVHNkFMZGVXcXd1Z3BIb0t3LWRldkUyVzZab0luLWdaRnJOTUJobENSa2dYS1NOZ3RneFZCNjJ5Zno1YjF6OGNaRGtKZmwyQU9nVE5vMURmZXppeXJwTjlkQ3BUT0g1QnBvUHhLbjBrNG82WjgtaERsbTYwMHdoQjNiZ0p3M2VWenV2aUI5WFBfckZDV0c0TkhKbjlOWVpzenNicmZJcEpvTG1JM2VUY051d1V4Q0s3VkVYcHI2M2RqNF83LU40MVZiQzdXd3llclBZSkh4RktMOFlrMUY2ZGNKWDJ4SUJaRDRDTGtjRDFzTTI4bEZPYXFieTBXbk1zcFdKRS0yWHVPZGFUajJfS2QtcTJ0U296UVJxd01HUnpWM2Nza2lGZWxia2RFekxOTkNuM1V2RXF4R3FseThaZGI3ZElDRjc2R1I2SkN3OVNNOGJIQy1UOFJrU2RPMTF2eVBDOTI2N1EwN0w5YnpXQV9NSkdaUWNuR3J3UExBMzQ2a0IwbjRiZDhrVFNqMC1GX1B5YWYzbTZZZmdLTzRFa2RXLW5Dc3Z6cUJjM3NkcjVYX0V5SzNkX01QR3VrejBWaTltdzBPUWhDeVJkcE9GemZmbzE3WHEzWUtaSnl6ME96Q0VRM0FUWGtvZmNPLW81N2RkOVJJUUFTTXZ1Z0RoejRCTTZtTlA5elU2cDE2N0I2SDZiNDZyeHhPeTYtTC0zOWFyS1UyNWE5V1JGcFBGb18wbDVTdVRZclNBVTUxdWhmMGtFclZSXzc0VTR3SUU5MEc0UVE4VEZNYlJKaXE4LVdwcjhEbm9KRC1zb2lseGhIWFEyVnZFS1YtSWEybVdESzEwYV90YlFUS3BVdkMxWVkwaGt2M3lXbXFOSGhna1QzZzE1Zm5MbXFPNENESUhhaHZsQkV3MTFwWXFhQWdZN2NScDFSQmdzLWZtZEdtTUJ3WDJ2d3BqbTM3bE5TWE9Wa25wY3dsRGFzeUlrZ3dRcVRFYlg5dlMwajZXNkFNZnN3eVRnd2YyVk1tUDNmVE9QOEYzSUZ5N0lTbWJfTHVReHMtWUJWZENHcFpfZWxJN29IQmVsNWlJN3NhQWdDaWx0SnNncUZUOFdqV2RaWUx5Z0pJWTRHVVZHV3ZzbTJvbFM0Sy1zTVUyTFVKNk81V1ZHTktwVzRldjZIRlNwRnpZSkZTcDdOcTdOV0xKZmFQM1pQZnI1blRHSHQ2T3pnU3FIZE04UV9pZkhPbGlFWU1pSlpsT0U1UW5GUnNoellBNnJTR0owbkZRQzNLb3psNl9mUHVIX3VvUFpEQTdFSUdQakZXUUdVbnc0RThpajE5UlVEY3RETDg1clExWVNxSmJOVHMyOFNMOW1UVjNfTldvNkhmRW9RV3gyaWI4RmtOdmJ1Mm1tT0NlS2c5eUUyRDViYW1qYWdyREFZUndxM2ZZSDk1dkR2VkFpUWEybWJoWmpiZ2xEZHlrWUFlY29EaF96WDczTzE3LUlSQWo1WHRCeWRZdURpX3RNQVVMREJGQnV3ak92dVQ4cjVSVkJ4Z3ZNb0FvLUtQZHRnMWlJY2p5bkdBdmV3SHBhY1AzY2k4bUI2RWZiYjlIdU9HVm4xbVRsYkVaRkxuTmlMeVJjY2NPRkY3dlpSMmJ2ZUR1R0NiRUNJN21jZXBNQmVkVmhaX1FJcDFwNXdULW81bC1KbTI5ZUJBdE05cERVUDdQSU5kQmNPd3VkbTlLUW1MX3dKaXhZLUF0akQyajdsVWVJM3F2M1lnTFo2RFYzd2VoT01Oc1pEWlN3WTdaQ1haMXZnNXZ4Vlk4cGpMblVTNXRWWU9iWkEwMVA1eVhNalJBakQ4eU1pZGNELVhCUWxSUnlYckQ5QzEzdktQZnZVUlQtNzNNcVlUejVOeUtWTGxpR3BQRFgtOVROSGFRckJ5dE4tYnBYVDJzanlFRlNtWUF6bWhoM3NkQUxFVkNqZG4yUVBvLXFfUWhra2RVN09xQmhCTEpyeXlLcFRuVzNVSHFYRWs1N1hYaHBiZGxmNnBwVm1od2tXQlJqZnVXdU5mR1YxRnB0TWl6Z2ozb0w4MXNveWJKTGU4Vm8yNndxcnk4WUlsSWh0dXI4Mzd2blVMTUFYMlg0MFNzdm9QXzZWdzJjMlNHRUZBdWNwbnZIY1dFaFZQLUxBQU5jam9sVXpHT0RTY2E0Zjd5UTN4eGpFcDRkcXdJZ3p4bkpaSWJ0a3hHQ2RZOVoxbVZCWWpjRzZHM2lGYTJDYXRLRFAtb25XMHRrSkJJQVozVWxmaC10aHZVZzFBRkdHRk9MdjdKYUY5N1JETE44alF3a0I3dGF1S19ycUlZUzk0cjlrRmNnOUZIQVpwWUx3cWhZRlNzaXVUT2lqemx6TWh2YmdibHdGaTltNURIeDhNM3dqTWY0ejBWLUcwWThDT3l0RVRqWHFrTUdaRUFROUdLTUNYSG1FOUFpN1dPVDZKSV8tdHVVLVJQaTlJSzBqa2hraVdxMDk4UjhuWHJMOTJCUXN0TXNURmJyUDF0WWFfNmdBR1Fyc1NURUQ3R2pTR3d5TnNETlhnZnZuVUhDYVJlczgwd3dwSXZIbW5aMGstQ1Njb05wZnNEeGN3NUJLRjZEbFVZeGRRY3p6OGxMQmhOTXN1bVRLOEdaZVFxOHZpWVJoazJRbVdYVi1weUxqMk5Ka1NvLUgwM0VlaFJaWHF6Q3g4VlpBVzVfUnhyNGF0SXNJbHJLcFlJNTNkR2NSdjRIbVlmYkhtdGMwWWU5WFZqOW5aYjdONUFOWkxIMHI5aDRBMzlKdXRHcklvSkdXTFM0MkRiTkVTc1o1Ym9SVmVsMnlFZnhqY1FORjRHQjJGcXRNektNaHg1cHJpcWdhaEtxekVJYWVaYmdER216N3U4NEc3S0pGM2dDZ2ZFXy1udmdIbDVRZUwyN0c5b0xjMVpldlNUQUVTSmJFVWN6c0pPaEpMM2ZFNTNBM3BXam5kWnk3MThVRmhOSHpxeGw1S3Vkem5obmdTajJTa29aREE2T3AwMUpOeXJSbXBQeUFWNlZld2EyN1JZcG1PRHptRjRpS21zaktsSDJqSlFzbXVJT0Q4eVBRVDlCWnlpUWRqVVlkUXRtVUFqTTM0dnRxYWllYTB1a1pRU2ZXVDlzb0VXa1p3LWtuZzJUUExUaEIxSk5vRGNPVURtQnVSSDRKY1kwOFQtS1lJOWY4UFVqQWhXNm1IU3BJOFYzM2xMMVpkNVlOU3JTVjA0SDFabWhZS2pZRDgxQ0QyMHZQUFR5S2JpRktJWC04THIyV0JMTDJfTXJRZmJyVmtYVUhTTWt2YmVBSDZQSlRfcHZmOW9VQWpoZjRPQlgtdnY0LXFldTRuazI2SDQyc0dGeEhnZmVRVFRYOVdLdlJJYVZGRzJIMVpSbjVLNEpNc2UzaVF3THZoR085a3NfdWtzVk1wN0NMNEEzQk9CWWF5WnZFOHhRTWNPUmhBVlM4MlQ0R2FRWE5JRDJpSVVQUExsU0ZRX28tYURCYnJXbmhqcl9IVkhSaEJwR2ZWMEsxMDhDS2hXRkRYanZCSWxiZEpvNlJYOGFYOVMtdjhhOGc2WkZxTEw3S1BzMWZxMnI2WHpYN3gtOU9kUFVadVVka2JmY0JZaDZiUXZiUUdsN3AyM3BsRlFVU1pSWE5lV0Z1Q282bURHc0drY2RvTTAxM3Jmc1I4R21Ha3RrQlZUR1loRGFvbmNiRnY3SlNSbEtjU2sxVlBtbkoweWlkTnhudlE3QXpPR2NaVy00VUpIZzZQYlRWcHJUR2RvMkN3VE81M0t5dmFKd1d6dHd4dmVLbVJHNE1Vbk1wUXIwaG5LUV9nUThCZUVwNmRYTHFybWpDN1JvZ2NaaTYtMXFzVFNDM25Vb2pFdzlSOEQ5eU9MdnpDQUxzWTBOc0xLVTltUmdla2NPaTczb2czNzZOaTlJekQwZEdyclNqT3ZaaGxGazY4cEJuN1NLRXp6X1l3dC1XMEh2eF9pWGY1eWpuOENGanlONjhpN0ZsTWRWcjZObFhLWHJ1LXBwdEo4UVpBTTdGLUFWeXVvT29HaFVyVWpENmxpbFRGNjRWMFNOSUZBZGw1cHR5ZnlsSHZNdVFoUHFpU0tpR1Y2d0gwcloteVh0UDhabEUzUFZ4WnNJeGFZbGFIUjBOeGlvd3lKMlppWTJNaTZFUC13VnZJZ2s4VHg4aDNVUEhNMUR1T0JRbklZMTVaQzV6eDVaLWU4ZWd1Q1pfY2RBbG9iMm1jd012eVZidUlCWk1hdDNzUDMzRU16SXd4RXJnUWdjQW1fQjJnVi1JcDZ4SXQyMEs0ankxaENVb3Y5SjFYWGNlNjdQQjZONmUtZEVrYmpuWkxGeHlhRTNNRnJha0V0NkRwMTRpY1ViTGgwM3NWclhLSkFsSUpmdTVhZV82NjBuTXppWnctYVBzc1NJcUE5bmp3MU1TelF5R2txSFJTS1ViQ0VrOXNFbTJLeHRnZVFIVTctSlFQYlFWbjR4X3FxeEZqb0c0R1lQQWVMQmpTZ2tUTU1rUmxtRHJMc1Vkb2J4UkdwdE5laV9QOWRlZW9BUzl1UG1sOU9ycnBlNWV1cFBkT2U0Zm9ZZmU5bDJfMnN5UTZYR0hDeGY5VlhHUlhMcTRNNEZPdUwxRF9IbHU5TnBjU1VENERPYzVKRHhLemtuMzYtUFViY1Jja3pVbUdqeHFhMVhPNDlEWGRtUVRpcFR0MVNxNEN4SlZ5bmR4TnFua2pidGgyVkxJX25QbjdSUUtoc0lzYnJQNWZZOW9ZNGd6NUxoYnVaYWFBUXNLeTItekxPVENBZURwVjYzVjZXOE94MHFpTkdTU3M0ZG5yWDZQSGx2dzlWZzdlRkQ5NmlYdUZDUUZnTC02U1p6bElKcmZpMUlwQzlpUlpDb0tMd3BRTVdnaDYxYU1BYkk1dGxvRUg4emRDQzVYSEsyTzJZRXAySlYwdHdOMUUyZ3RzWXRLMVRiRUVlMVd0VzRKRExvNUJYemx4NXB0akowRGhleXJYWDdtMHpZZWh6b0R4LWVBUHFxZ3E5bjV2MEVXYjRKRDdqQmZ5TkFIeTFlQWJBV0F1OVlIWExVTF9sSUdKcU9sSERFWVFrTlBxaXJUYTc2X0lNQWp2VzFvSXhQZm1qQTU2WktEdnRweTZ1dFJGSTZ1MmxQY3JKSzlMaGFONmt0Yy1lNTI0eWN3RmxSa2RybTkySV90d0tVcDhpeWxQVjNTcE1FbTAwaTBGYS1nSndPejlOXzB2UUx4MUxONDFCdzRiRjJ0ZkF5bU5QYVBDUlpDN3RjOFFYb3JIa0YtOVd6aEhTN3BMNE9ybVBlT250RWVUUFVNLV9ISDN1Yi1PcEdQZzAtZVJPTUZXbVFNWWpSeEJzZTZHY2hvamJzQ2tId2hiSzRaRGtIcHQzclRUdG9nLXBHa0FTYW0yVk4yRlIxRUxPMmNZUlFwWnB6UTc4azFMRkxvWURvTDktVUFIQ0FCQV85OGR3eVdKV0M3blFMOGhjN3puLWItd3BoVjNUU0VtaDBweWlmV3hYVTJVRG9DS2M0cVI5UHVBeGdmcGVfUTZRQThtU2dYNTNPampFVU9HdDgtQ3U1RTJYeVE5cXBXYlpRVHpzcllFaHhFRTFtWFJiOGtSQ3Y0QmdZTzFiQjROaTZURlhWYTI3STJGa0c4UEtDeFpCWC1lWmpGckpZOW9SS1pnVTFqZXlOaGNPMHhISkl3Tk5iMHlSbkxsR0dITG9jbEVTTjNHLUExNFpENC1WVDBLY3ZtU0N0LU84VVNCb2F0VVBvUjdpVDVKejhjY09rNFd4NnhPWWkzTXRzWXZSSktPcDMyZks5MVhRRFNyOXExMDVfQ2RZQ0ZJQ3NGQVNodmdpdTRtVWl6amVEekE4cjByN0hkeUF1bVhWRkN3a0lwY1YtcFB4bU9ZN3lYVlc0NlhRbTItUWVrdFl0TmhfY3VFWUw3dkRfMnp5VFdlS1VVMkwyOEN2UlAtOFV0dnJPWVZrVXd3ekFWLVpvQ04yYlBDbV8zNE5NYWVNUjlxdlFwR01PZjZ0Rnd3SGNIajR0Y0ZwNkFDVzNkRUp2YnEtWHNyNlBPVEFmZWlWMUJjTWlxS0l5LWxrYmpVQmJFOU9Eb0VwTHVIbXlfcWdHMHgtNGlITm5XMTBsSFFvYWtyNEFlSTZybHRlVXJVaG9uX0NsaC0tbTVWVDFMWVNNUnV1dlNGYzVRNl9UZENrbm1tN2ZQLWQzSTd3VDQ3cVRxWTZrdmd1Q1hucExEaGlyZHFxRFdSdThDVlg3U3BVSWRCZlBjVEluVkNRNEM1VG45WEo5eFhPTER1ZE9wcGxleUJKdFU5UkFwOXNQUDVYNVMydXNBYzhKaE1GdHBmRWVIX0lkYjJ5bm9pNTJDeFdEY0lTY2t6bl8tY1YyNFVWN0VDY2JNcWEteVY5RFRCbzZYNjk1UUtmUF9EYWtleXJjczZWWUFXbDRhVzBselh5Y28yWlJ1amRQam9yTHU4TVRLWTlOU19ZY1NsNDdsZkJUdS1Yd09qRGZDZEZWR0IyV0VVR2RGWHpqdkJPazNqeVVfaVNyZjNhMWlqUElLQV9Xdld4RDYyRkl0a0xkUXNSTWltbzBzWDJ1S0xkZU5lVXV1YTBiajYxblljSWNzSFVVNFpzSlJTb1piM1RWbjFLeHFFdlV6RFlRMUdoZk0ySmxKWElqanc3LTR4VElDMUNmR09HM0xjWENxcG00X1kzalJ3VmlPZEV4RUVJbnVSY0lMdUFDVUFKaTY1ZVM5WFRDS0UwTXBDLWdTbUhsY3JZdjg0YnhnYkxiZUZrbnd0RDFQcnpfdDBJUFE2YWdhQVNqeWNFRUg2RmdLRUhjRmZjMW00UThzSjkxbzFqVDRJc1lPQldwZ0NNbUZTMm9yanJiMFFRZW1tZWhyVTdwaHVPMUtHT0ItcjNCVm0yYWl6R2hwWllZdTNwbG9PMFFya1dFWFRDdkVSejc4YVplSmVTR2g1b0lFTXZwZmN3X2tMNGpYdll0eUdFUUJaV1NZYjJuVTFSd0pqNzU3OGx3ZFVUX0xWWm5Hd00wcHp1clRsMWtuWWl0U3NpSVdOb2ZDWEd6aU8xSVZhQ0ZLektkVk1KdDRURDNJZjlGQnUxblZrdHVad2t5N2JraWw1LXFCa2pDcDh4S0hCOGtpTXBHZDNoMzBzX1B0UUJ3cXItVTRTeHNkTU9DMlVNaXU5OTJmd2xraEFNekp1VmhqXzFWY2RRQXpWb2xaTTFLM2FXYjRpVk83dW94VW83ZkNyeU5ONlpZT0RydEdvQ1g3RFU0V09pVExoeXJURjVJYjl5S3VFZ3dlMjB3VF9BNXNtUjNnRGRhU2J4U3A1RmhIUUZtcDZfNi1UTldYMS13UkpOYkJKWXI4UHNXbTVLRWNFZjFSeUxTRW5GWGdaMUxPLTVYb3habFRHYllvdEVMVG1aVHY2VldGLTZRb3hySXlTU1ZNRzJNeDZ4VExOLXo0Tm9VVnJDdTB6OTNzSWJDd01wZk1DYWlld2pYb2s4UTNndlJWX21rNlhkMmhMVTFfVWNUUVJYVGV5R181bFdTVFRORFFLVGlJbVVDcmR4RVpYanZ3bEFHQVNQS3FDRHF1dTUxMWptUWlURlJQb01vblBkWFV0eVhuSG5CbDV0VUl6VTRhZ0NoR1dOeExtcnRMR1ktUl9JRHdMWno0WUk2VmpOOHBTVnFSWEdDNzc0TndPekpRTEctVTFweFZnZTVlQzRzSVNHRUtPb2VpMTFiX21Bd2JBcXRMRDIxcTNvaVJCc042eHZ4dnlYclhFbEFGWFNNMHpzR1N5NS10cGlEVTNIdUxwbDJ5QU5wMi1VUzZoOUZwTWtKQlk3djdITGxUUFYwczNDcEtBeEFVamtlamc5UmJoODhYUkhQeHE1RTlQVzdFWFRwWklJLXc1QXJaNFdrUXpseDF3OTJVbWVHSkNEQjJabG5PaWx4eExBWE1LdjVqc0l4MHd3UUdWcklKdEFpRVB6NUhUYTIwSWJKam0xUUpxc0ZKUHdQX0hxRDhJNlluTXBsMGljM0RNMWZPNDM2WFFlSHZEY25ENXdzdmZzMGJyODRPakZyUXRkSWJCdFdqcDdsZXZwNXJ4QjdlZ1dkb09VUWoyRXktdE5EbUlZSGlBUHRJM19KTVFPUk1TUHMwNmpoQjlablBUaHhTNDZrYllsWVg0MHl2ZUpRc2k3SVdfR1NmZW9JV2p4bE9BeC1JNU9LOXlNclcxX1ptZ25ZYjdSOGJfZzhtbEdDSGpIOVRJenlsMFM4NEM5RS1EeS1sQmZTOFhFWlJCN0hFOWQyOENmYnlFNTFDSU83N3Z0RzFpeUN4bWZya24wY0xwd1ltLWFsR3d2RGpVdGFnSXRpc3RDZ1pfQ3dvZmc1Tk9BS280Z2NwbVgxMndzcWFEaE9KbEhuVnRTb2M5M2xKcVJOc3loNGkzNTJhUU5qTVYtbGZOM3UwUVVTUEtjMzdjQkpCRDdHU1FqdzBnZVdLU2ExTHRwbEdFa0xWRHhrYjNpYXFzVGFiRzgwaTJuaGVuQ0JBbUFmLWFqT0pwcEpHY1d2MzktQVBUdWcxeWxiRUNoUE9uN2NQOHpkRVlSeEx2ajJQbmFKYWljRldrb1NmMl9Ha21uU1pHWHdVbXJnWnptR3R6VDhDdFViejd2NjV3b2MzNDNPQ2RmZTNqbVJQMDR0UkdLTlJYenIxTElPOF9wbUU2ekVBN3RPTUhFOFJqVTdVREtyQ20xOERoUUt5RUtReGdtdlpUUGVGTjBBTFF5ZFZ1Q0dJRW54U2gyNmJud0dIUS00YWZFeVA3ZmQ0akNwUWVNMnp2OWxRdmpxQldsSmR4em5DcHQwRk9YSVdpRXdRa2JJLU5SWk4xOGFnOXRsMi1XdXN5RW1GQVhtOFYxUE9ZMXE3X1dPNEU1X2FXaWZTbHdLcmNORllTS1FPenNaRHpuRVktdTFfLUhHMURIMnhjRHA3azFBcDFaRk51c2ZqME5wNXNsd0gwb3E3ZHNoWE9SdDRNUlVadFNiMU5uU2pzRzFDdVJwUF9lMjNuazFYYzhVdS1LYW5Va25mVmh2N1BUZmJZNDFaU2dGOWVMTHNNT1BoU1JxOEJ5cWtFMjlrRUJFaTNYcTJZenJTYkYweG5GV0VyVHlfbC1nLWVqVGc1OWdkN3ZqVFN1dnp4d28tM2FFcnJaa0xCYkJSZkZKdkI2LTN4bFJrLUFKc05MRGNVZ182X25nRFhEVzhhT1JVRzNEODZNMzFKcmdvcWhQRjhheVUtcFIwa2tXUlIxdEt6R3AtUG5ibG93LVZzNHFSenpOQ0RHd05qZk5qb2hVazdOTTVhampLaXNkc2VwZ3FIRUtUM3g2YmpES3Zla1l3NG9hNFdwanRFVEM5b1hUVkFDaDBud0dVVDdLVGlPT1ZpTlJmemdMUHpQbTl3MEVaNVZzTkpKYktQXzdTYzRWRE5tWVY0Z2Jsa29jSEFINm5zeFFRdm1TQ2RQdFBCRVFfamRsR2pmMFk1N3hIZC1rS3pCbFhINDdJSTNPQ3dVZ3dsdjQ4akZtaExFbm0yUXFqU25qTHVsM1YxZVd2TzI5SjBLd3dWc0dldENVR3hOTVZmQjNBUXpVLXFFN251b0E4UDFpTjB6WWt4OG9QMzdZYnByYTAwYU05THpGMnRPSGRYYXNmNWhjbDZ5dmdTbEFWQmJObzRFMG1zMGVvV1NIZE5EVm1BcVpOblBOeTA5eElPejVUY1FsZjJuMzA5V2ctemRFMEUzWEhBTWFHUlRpVV81STE0NUJBMllxRzY0ejI2VTRPTGdnc2RXZDB3bHRVYmlFbUxUQzVFNnh4YnIwTmM1dVRjTHAyMDh0MVpjQWJQUHJrQVNnRk5YcU1SSE1ON2tDanlQNW1CUDd5OGNVLThEUWhxRldXdUNLUllDYkNMNFFNVmNWZHVNUlZfeHJXV0R2OGREOHpLUzZRMG1YY1ZKM09NV2xPVUxLLXZZVmdzUEg3SVRILVNTOE1qS2VaVEdNOXhuOUdDcV9GbmpaS2VuY2hPMnB1ZVFUWkxZN3BneFBCb2RrMVE5Uk95ckNWeFdLeG5SRUxSZlJ6TWNZRkJYZ2xrd1U4YjNRUzR5ZklnUUJZdzVnRU5Jb0lGNXZaUC1EbFhWTmVZQ0VXNEVDbzNINkhqLXZOWldobU96Rk9zeVdGSWVSSE90aVBONE9Jd2lYaHVIOVU1aXV3UTkyRFJqeVRXUWpTcTAxckwySXh5cE9tUUw3U2ZKcUs4T3A1RnAxN29ha1hEU0xkUFdBNFB0RTVfMWwwdHFqVGJ5dS1JTjc0bmRmSGlpNTdxVmhfc3l2VGhSS2ItWUwyUkRDSVZRS2VLcEtwQjFaZmVkOWpkSl8zaDRvYTRzbnVEeUFLbU5hbUY4TVFDRXRHVW5MQmNQWmRfVWRocWhKYnJrbngxT2ZqWGZUcTN3U1RGcktHVWJLby1vTkd1VDBQOVVMYlJUaDFNeFdIYW1DeERWOGFXbVVhRnM0ck9RX0pLZDFiMnc3WWFiOXZsZkczcEhFbWE3M3VDb3pob1VZUFpmZWVpd1ZGbWpFMV9BT09Ma05Vd1lxekN2bXZBT2pfUnkwT1Fld1NzdEdJMFVwY1NpU3ljRGJfdkNCSlZfY1hFZnI3SHVXQjJFclN1X0NJTWdscHlOcXJ1VENBby02aS12SGpSa2lFTmVTR2d3Yjl2bXN6dlVRR2poSm54MEFKMHNJdG1zRU9XenJqRWROWE5XRXRGNDBOUkM4X0xKV3RQZ0lEbXJRNUVjcHg2ejJ0QUVTeVI1LUdaeGF6WGpvbjBUTTliYmYtNVM5VmtQS3dmdDFJdTYyZ2hGUmY0bW5yS2Q2TVY1TGFIeG9IazI1S3dYWVpvbUtlQmxLSFlIOHdNbEc3Sjg0ZlowU0U1Qm15M2U3QVozQnhqT25aMHFPS29qNkY4V0Zrd040Uzl4QlNKQ0NNbnJMdjZ6SlBWXzhjVDdxaENUM0FJdVZwWkkyWEp2eXdNWnM4ekVrUTJ2SzVvZVc1WURJU1JZUHRYUGREa2xLZ0RyQTFLS19zbGVoMC1FZzNNc25fczVUc2RMc2RKMnJRdWxjOWNOYXI3ZjZLNTRnNzRiYUdidXRYdzJwM0daUnpoU1VxS29oMEliUFZQMTQwc1FFaHZSLWVXeEpfbE4xZ0t1bGlzblV5WjZlVnJvdTF3SDhfQ2dETEpqdTVhRlpveUp2Q2NnbFJFVkFPUGtWVmpZZ1JFSklaMDlmSjZZZ0JzYzhKVWFPSzhkZFhXelVON1JpQUpvajE0N1Z4ZTRWaFlfcXhRYzI5NktOaUtmbjZlT1ViNnBZMmZIY1dJS1FOWDVVcmZDeE9MdmhpR2JDYi1FcWxIWHZJcVpUSXdTeXpZNkpmdllCb0hIY1dOZXNTOUpDZzBwOWNmTUF6RnQzSXNMYnBVMnY5MWVtbk5YRFloS0tJNzVnNlhNT3ZUMmhQVVVyRkRaVzVfeU5UZWo3RFNyWjFJdlE3RjZOTVJzT1JGa0dnT3RTelZTNWpETm5HYUNBYzJnc3lHNlY3NTlJQkFFbXlSXzh6eFlLRDY5c01qZUdPWUtpTWI4RFRNTHdSNzBNWW00ZFozdHc3a2pIUU5pazUyb2V4emxjUDZMQ1Z3Vldrb05HVnJFVk1FeGt4V3BPWEFkSG9UTVN3U1hyWi1YVTV1NXRnSS1sSG5UTWNYdmlyU3dORlpUaDlQWW5aU2dSeHU5SkZyMkFtY2Jjcy0tR0w4SE8tb2NsQURNVEtGcElMZHprNHRzaEJ0WjVUeW11X0d0Y09Lck91YlR4WTZnekVuanpTdUVjTGFrV3dyY0xuSTRUVDVKYUJkMlMwYmJVSGw1TEVXdmtNY0tZWHBpUXppX2ZKem5GbG1CX0NzaExyYjRpczRwOUJIQXhVeVZkUHRJcGRxZVFCN0lEQXlRby1acGJJZ2RfeVF0OUtpRHV2ZWRzaWZPczRETnlLajBKTEFNWWVKZkswMEREQ3Y2UDFIaGhXQXAzaDRPNnV3RWFYZ2pCMWZGakNJeGpYQ0Z6YXVDWlZpV2R2NXhScTNZcGtTN0s2QklhV3FxTVNXZmREcHBLaDhVcDhmMlR4cWU2OG9QVkI5a3lRUEgyQ2o2dnRxcUNTbXVKZEE4U3g5cnBYUkxDQWRmYUFxQTg0aXp1UFBQMDZNa2p4Z1hodUhRZU5MQ051LUlqb05YcmlDSnlieW1zTExURWVrdXEydjVNbjNERVBRenBJNjB2VmMtSFc5MGlGSmFVTlNFMGxURmFmZmk1NHIwNTFiMENJeGRVT184SjRIOTk0dnc2cEFrZ2FLeHdSeTdnQTEwaU1rZlBtcWdkaXVlRm1wY3AzNXRkLWZiOVB2NnhzY1A4QU1qUXFocjV4ZXNKbjFCTG8wTXByZXYyN1VCVGlHMlFfTWdLY0NNeHlYSHp3U0JGQ0w4RW1PZU9XQVBYbGJIaEtOTmY2WWVJWHIwTXRxajZuYU05VnhfN2pRQ1Nmd1pHU0podzc5UERKcC1IdDUzYncxcTJLNWRBTk9ERDRUZFRMeVRWN1Y0UWtENTJnQkRtYnV0U3d2WkN2bjFZbHdRUFZKN2Jid3BjRHRrZXBrMktiRmdDWVFTd2VCUnJSUnEyYTh2TUtqY0luSllJd2lQT1NvME11dmtQdU1QTkRyeU50blJrcU92YzZ5ODBZNTY0WmVVaF9XV1Y0UjNCTWs4OWxkMGdQRzBqcjBINERZV2xyYkFJRUhWVnZONk9mS2FmYWJDMTFOUEVLenRtckpZVTktLXNfVGtCaWZJYWZtZEV3cFRaYjRhMTVuOG5TUy1UR1kwMkE4OWdQbS1CUFctdWdhYlNnV2NoZmJtTzZEenlMR3BTZU1HOFNoQ0xZVnM5OWFtYXJlanlDY2kza3I3eV9TbktNU3R6cEd6WWNGY1hfMXVhVEdOeDJLelBTSk56R2FiSUFXN21KakNhRktvcWVKLVZHcGlJVkVqWGgxd1YxZ09LMnh3clBVZnZrc3N5Q3paWlZTTnBTSmFSZ043Z0s0Ymp3NWozQlNZdHlmczNlZ09mMDdWUTIxNWdCOWF4RzhlN1M0UXU3UFFkMW1oeTE0N1BzcWRwZDZCSGhTdXlWdkFoMFJwMlU5QXdUdUVHZWhIRXlaeFVSX1JtbkR1VEgzWnJIbTdvRng3LXQyMmx5YUtyMDc5Sll5cUhtX0lZVk15V2xYM2c0Y3BpWnI3TlExR2Z1YUVwOGVoaklFYlZDSWVDWkI3cDU2Z1NYemlQTDBXb1djeC0tMkRLck5MNEp5alZ1TzZhZW8zdFZUNUkxU00zb3E2bmZJaDhQNXVBNWoyTXp3WVZlekF6c1VscFgzT0VFal9lUEdVT2hubHdQQ3F0TS1nd2tlUmpzbTlYQmpjZG15dUxEUi1OeGtJZFppWlFiWmpBNkpsajNCdnBjeW1jd1lGekRVTVhpNVhuMlpBSXZ0dzAyVjNTbXNWRHh1OENBZG44S3dMc3JOYlFDcFBmYl96REQxZjFXUVE5VFQ0ZlpVYVBvb2xKaVpMaGRDTjkzVWR4VVl6bDBoNU13Zk9qTWdNc01jVDVqT1N2aElKWnkxeGNZSUV5UTBNUC15UDlsa0pmd1BwRWJSTDladm9qRFk2enNpVGJSWUZ1Q25kWlpjcTZUMC02R1pWWkRIZVE3VW9ReDlwOGJYQlFiejJQY3FmVldvbXFiV0pVZm9fVGZyVGpVamMwOEJxd0U1TzZCUnpkQnlMNHJmRWVqRC1GRFFGY1hPN1ExNEU2ZHo0UzJYNUpKdjRXMEhFLXhSMjluVWJRcXF6VHV4WC01Y285OEN0M3VGRW83TUE0QlBQaUoxNXJnbS1icnVnTEEyMlRVZXlwU3VCekZaYnRianZZUnR3Qk1CRmdpLUhCYTIxUmNDNVFQTGJHbXM2X1pRdUwwQTMtTmV3bFg0dFFiRThITV93dGFRUEVlMHByNVFQbjRMZlRpLWp2RlVGakFNVFdhN0lOOF9ZWEdaT3JOa2c0d0liQXVmaFc2X0VjTTZSNHFwY3pBaVZpMmRYNjV5bkVGSFpCckpqTTBfMlR6ZVBvSHNvYkstQ1lDa0txVUVnY2RuOHNhVU85RFBrUXc3bWJITGY1SW1obkZJaXR3TDJGQmlXZHVPSkxobEJXdjNBS3VfZ21xUTBianJKS3o4Yi16ZmtHUm5LUWZ0SVlRZkpiV0xER1RpYjhOMzh0YlJBNUpxdTEwTnV6enJaOEFxc1hkbzRGOW9DdmxzOFZnbTR1YjVyNVoxRm1pR29HTnpQVGp3Mm9aQVRQbWxseTA1bGF4bXJsR081UXlycGZ2dVNyYVNNNjVZcTR3a2lHMk9LcmN6cEFXQWJQMnotZlZiOXA0czdSa3N5cUlZNTFHeDhQTUJ5TE4yTE0xYlpXZkZiRXZkVWt3aUVkME5IMUMtR0IxSE1fZjJDSmU5YkluN0FYOTM0aGpEYVpoTExQd2NERWsxbktWTy1nSkwxS1o1RnBWSUdEWlBNOVVYb19nbjExc2dLY2xQQVZRWXBVTF90WTdqY3JnejY5d2ZVci1OeHRfb212RHBmT0RneVdfQk9VbElBOVQwVEgwLWNJU0R2aGpFQkxhMVRTaXBNbTE0OHB2VHVkSXk1ZW1HNmRZZWlBU2FmVlJYVXdVTzBCREx4RmtLLUNLeE53WmZmVDJwUzh6RFljZlZ1OXNScl9MZzAtSnB0VHVkOUlZYk9VWVJ3Q2Z5by04dGZEelJETGE4UU1ZZmY2Y3JoRTFuUDdSQ1Q0bGtMTDdtRGJwR3I0X1JLbHZ2aUlZTU9qdXZ4TzdBLWwwRnZWZm4wOHdGU1ZNazF5UW83ME5ySzdqRVJHWlV6NmIzcEdBemFROExLcURHXzViNTZsQ0pDN01BY2s0QVUzOTRxams2Z3ZnUk1pYTdTMXVLSUFCVy1wblloNU1TTGdScmZfMlpYcElsSDlmV0FjUjlRMWxTZHBLODBMQl94U0swMXNnNG43eENBWmotWVF1emszSkhVNWMtRFhHbEFsbWpxdTFFd3BvR0xxMExmMlMwamt5V2VQeFZDbzctaFJGVS0zdHMtRVdSdVFHTEtQUEM4Z3prZWVSUGFxSEVLclljNV8xUm8za1E0WExTbzhRVDhNU3hJV0IzdUJ5YU1CeFhNWnBlbFlLX0V2MVBTVG9xc2M4UHhlRkdCVDkyelhOQjBjeHJzZ3d2d3lUV3lGX3lfY2VfZko1QkxVMGRrSk9YVzBSWFhuc202NWN4aE1hRXFpUDE3M0hJTXVUV3lZaG1fNm5teEw1LWdlWnZubUZydTg1ZFJ4X1BfQ281VG42YXV6ejJRQ0tOWGd5Snh1US1Bc2k0RFNUMVVMeTlRRVZqM1ZUczQ0LVhaR0p2MGFYQVkyWFNvZEdFcTRZNGxLQ0drWFRVdjBfQl9TRnZaNi1nTHlyN1RLX2dhRFMzRUM2MmNweV91clpaX0lJMzcwYlZsWHN4MVdERHU5T0w4MGxfNWdyLW4yWkxRaHlEcE1tbTFjdFlNUWFUQlVYYnRoX3Z2bGxPMUlzdVRuSjgwcG42SmRoM2U4cFJWS0hNZG96ckpzY2JmZU0zWU5EUzlyRE0tVlVjN3FkZ1ZNVUo2V2hIMmJYYkRKaGh0WWk1T2hfZVNOUlJ3akYwMV9seGUwaHBMWld2QmhGeS1QNWExVGxDcVRRcWVaOU50OXNMY0ktaDhCNWNQOEpJSVZtS2h2RkZ3ZmZyQmI1YnU4RlY3WnhScE5XOFlkQS1GLTRYMmsyT0pwNWloZEJJNnVCU1N1MnRUQXhHVkJUMTJpUW92ZEw3YkJnOTB1QXVYZlE4T0JJTXc0cWNkNDJ0MVhSckZfRmFNNVJIWkx3MzdpUlNKZnY4Z1BDTEtIcFJ6Q2xjTjlJMV9lc3ZnOWNseTQweW5obFlOcmhiV2FsN1NpUHVRbVdNWUJDLWFYenVaUFg1enRWN2lVQUZqNzRXeDdaejQ5LVFmZDg5NHl4MGdrUHV2eUxoMEtyd3NaY0tvdXhsNTY0aGQxMnVnZ3ZTTV9wRTN3ZHRUWHpNT0I1bVdPN2k4dm41c1ZSQXJ4REIxWmRlWkx6RUNzaWNDS2NxcUdNT1JKXzluZWVZeTM2Z3huN2YtZ0hicUZsMEdzRl96VFlhU09UaTBndUJqand5LTg3MS1rTnFjZjN1Y1lEb2d3d3JlbWdXWVRnSEYxRno5VTN3elVENWlVUDNWdzVLOE9VUGhxazVQZWctNmd4dkhjV2dlN2ZtYXBaNFhud0pKQ3BCV2htaF81QnAtZV9YbEh6ZTR5Sy1OS3NKZ2dZX0FHdUxJNThpRUlQLWYzUmJoT3lSZVN6bnJUa0ZGRE1FbktrX054Z2RHYWJTekJHT3JpQkx1TEFlTi1fVHB6Q1RNT0dRX08yTEE4ck51QXlLTndZbURXQUVlN0g1WTNQakNuVEgzUF9aNTVIRkQwd1lvT2xrTURWVzJkQlBTc01vMGlMTDdWaGhMM3VXaTVNcXB1bnU0OXJxZ2N5cFF6c0pwRDhrQ3UzSGNTUFNVRUlhQmVFSTFqdXZBMjFPOTgzN1k0ZHozRk1qOGVYcUJVSS11eDFQU0xDTUhnMEVza0ZESzN3c1ZsN3JCTnBmRDBKR1BzeVlhSHBqSnRZNHk3ME5VYnY2aGJKc1FwNnVRLTB5UW5kRkU2azBfZ2FOVTJaaTdYd1RYR3YtMnFNWHdENGNCNXdYRHlTTGR2d2thSU9SbktPNmRraWhYWlhYaDBXcDRvazA5emVDeWF2RFJHMjNvaXRrQVdyaEJieElqUTZhdk9oNTB4TFlZTFFPVkpiZFh5UEFzNE5SUDhDVE5tR0ZCMU1YSklya3NzaUtCVGQwa2ExaFRSd04tYnEwY2Z4M0ctUzNQN2JlbmVwaHphMkVVdVVkUHU1VkhQUUlhV1hLWUxKWWprTUJWOGZPQ1BFU0dMbk4yZExlal9LLV9tNHZuTjA3M3Vua0RUUEI3Rm9sdUtPMU1YOWl0S0U1bHZQUVdOckh4dVlYWlk4R1FQMU5QdS1KRlJtaEFxY29MMmNVaDlxLVlRbWN5TGRaNXRCalpIWnQwbTc3NUtuYmlVNWs3TXVybnZiRFJNZTRZMVVaUE9tYnBsaVdiVld5NzVULVE1ZXctWDNaZGY5UmNmazltQ185T01iUHkwQ01yYlRsbXcxem9kVGFxWmNWTlRTRjFjd004REZWUHkxakZuclhVYU03RUZsUHhid29Nc25BcnhNN0FZY3IyNkM3SHBFWjNselB1ZDBRc3hSRTc1aFp3VnJ3VXJhaTBIb3VITFdUSXE2LV9RaFRrNDg2Y3lCTkFabExsMy1jcGNHcnItRnBUMlZsZDJzUHdYZm0wYl9iS2prSE5ycGZGMG1pLTRqLTlQN3hHejMxd0xlS0IwNTFDUWZGdnFEM3hVTFhGUXZFOXVIYmp5VmZkaU5yR0c5V3dNeHUxS0llMzlHQUZVakpnRW5OaVAzVG9CeDAwQ2Y4WVRPbXR5bGFoQUdZcFFJNzl0OEgzMVBweXF2Yk1xbGw1N3pUekFZNWxCY21lV3RZX0JCS1VpdU5TZDQ5blBHNzBkaXVWVFhfMEwzeTR3Tm1qOXNFZTBJSzJicEcybS1xTUJUbVZyeGh5TlNsVzFkWVJTOW96bC1UM29IVkhlYXBWRS1sRm5udnFIQXk0RkdVUW9uTGlQMW1aU0JiNktuOWp5dUJRMXZremw2SVNQTmw0Si1kRThrRDBHODNJVHA2bjdDcjhOR1ppTUstREN5VmJWZEtrN3M2TThyWlFSTERFSlFLQXNHemNFMVhzSTk3M2RGUW85N3QtMWdkc2NnbFZ4QzFmVFdiOU1zb3FVelpRMEI1eFlHakNkTEMtTERSd2d2ekZVWlhlcVkwNE5UNTdveHBhakxNdnMxMThHdS1VTXBmWFF1VGl4SnBxYmFxZ0g1SGR6dXVwQzN3V3pkN0dXeUZCa1JDYUU1Ymc2UVI0ZGJGcExlU05HV3FQajhZUm5KUE51NVVpcnZrZEhXamlEdEl3eHdHSVV2cW5VcTIwZjNnN2F5NzZZcmdnMVVEZzloMzNNOGtrVnR1LXR2V2NZQnFMWjQ4VjYwYWw0cm5FRXJmWkZSYmNvbEppTEMtQXc1SG5MN3Rqd2kyT1RYM2p2REZPVTBiN3c2Q3lYRXRUc0d0cENWaGNfQk51ZVpTcWlUdXhzWE5yS0RnRm9iVWY3YlN4MDZqd0YtNWlNc1JWLU45RGhwRHBTY1BYQnVpc2QxcFE4S2xZM29VQjJpQVFTNWhaSW9wdGZYbVc4cW1IOXY4WDJTdE1FeXp2dzBUWXBiSkhkblJMV0ludGVodVZpMlUzbEYwdGY1a194MG9WVmFXNlMwaGFHcEtnRmFEN3FlOUVQWTFwWTBjMWhIRXpIcHZuQWNnbDMxdDRsOWlTbXZGT19fWW95elNRUGRzd2RlUE1zdkNIZi1Jcm55dTZmSWdwbmRnbEFSb3UyZElHLXFMa3lfeFZCTVV6ZGh4blJDUGlTRHI5Skh4M09XR1VJTDNsYjhfdFBHUF9qUHZZMzJOWGpvaFhiSGFwMDlvVzFOal9EVHdWaHcyYXllbnRRWmlIaFhKWm9UMUZTVFQ3UkFITXkwQXZZS2l0VlFUMVRUc0phSXZ3Yl9Wb3RGaVVFbzhMdkhwcWU1bHFvejEyU3VaeGVwbmptdWxSYmlFMEZobzQ0VGFMX3Z1QzJlMjJlY09pMl94NDdHMjZKYTMyWUhQREkyRmtzak9hMlF2YzBxYlVGWUxEZ0ExZGZUbi1MQ1E1M2ptR1FCT216WDY4LVhQazBtN1ZDVUFIa01EUkZuVUVCWEtGME1HM2w2RUwyenhGRlVqRkllSWFlck1yZDVjYXVydWEwdkdNZVI2Y2hvX2Z3UzRjSlBhUHJ2N2JySkpfSW1Qb1ZDSFVmYjZLaS1FLXVFTVpwbU5ibU9xR2I1ck9MNDFEUkRFWmd6bXdYd18zWUdfMGYtNXBKM3o2MGNrYWhwaVVwdHpiTEdfVk84X1NjeUItQ0xPbEJFTXJQRGN6RGVnQzdLcFZfamIzRUZPX1JCT3NlMl83ZzQwemRoM2hReGQtSy1OUzFGaDM0akJYSFdxY0Zuc1MwbEZrNDYzRWFQQ0U2OWctaHpPYm50WDBtdWk2dVIxVUhQMm5NcWltUmlUQmc1eGZJV3M5cVVrZFB3cDUxd25jS3VZSlFxQ3hHaVhLTkIwdzQ1UE5qZzJnRF9MSEN0OS10VnYtRWloOWVLRFp2NFFuRXFZQVRVOGw1YTc1MV9MeldWNGswejJqd2xhWVRXQkxzQVEwQnphM015T2EzbVVBeS1RQ3ViQWNfcXE2RGtXOFBwekc3V0tUdkoxQ0VzMUVwTDBqcG96SHYwY0dhNVJTU3M4eTROWkJHVXlab2JGVDhoQzgtWVNTbEpwcWlCbEp1M1FQd0d2VkZaanVDWXBiVUFPNU9UbzFlaGtGVHpuQVJfaWJNc0M5TzhBQzJzN2JOR3Y0SGRZM0FIdWhGVy1pQi1ITWpTeXVTeXBUdzNtb0hxaGZBajBpd01OMDNubFB2QWJzU0pDMDJEck9wOEVWLVYwX0I1MmV6eGE1VHZWczlneW9zSFh2Z29MdW9Ha3pjZ0gzUkNLbUVSZFk5ckVucDRuSWNwRnplNkVHZHRON0NTa1ZER3kyMEFFYzFocEQxU3ExeXRUTDloVUp1ZlZ3NW85dWdVR1FuX0tBaTJ3cVc2TUt1Z2R4NTYtOFZlc2VILTN5ZjVPRDlWdm5kY2Y0bGpNNnRISzRSc3lpbUx1VzV3dFIyLTc1Um1qQnBDNUdPaGxGMTJid3ZFQUVfcnVpQm5MMmxHTno4cThLNEJTT2h1dlJPTWpGRUN6YTJrTzVoNnJlUUNKbzlONjlPWEFCVk9SLXdtVmdERm42MHNCb0l3S2FNOEpfR0JoU05UcHFQM09maFllVVd5c0RGbHJxNGlFRElFZ3A5MnkxNWI5OVBqUzllNmhGdDNsdDV6THRwQXZuc2hVdFpVSE5jQXQ2TnlBeGdVSzdwcmpPOXE2MF95bVdBb3pTWHFSM2h0ellfZUpwZlVKM0FOaHFTbWlURHdTS3F2M1J0MkJTc2xSQzhQTVVQdnhxWE9oMXV5OWlQWE5HdFhJcXQ3SnNvQ1dUU00zQVlmd0dHaHpkLVp0Y2p2RXRhWmdGa2pOaW9rQ0R2SEJPYjV0VVhSRWRmR215X2JTMnJPWS1USjljenBmc3VvZ3E4VzBUTklWUjR2VjRLeFpZZWhvV1BHcDBHWWJFTG9Oay1rSG9hNVZDYkVrdWx5a09HMzdVZENRR0dEbm9iU0Znb09oNHFsdnpoeHhaUE5aa2UzUE9ZOTFFdnlzUzdieXphTndpcDlpUEtYdVVQR2xyLUEzY0l2d3hmYlktQ212MTh4XzFQVkFCOHViTkQyOUYzUkJDa2lPemQxR2NXZFpFNFpTbFNzTl9iaVRIMWpoZEFNUmFjRE9VLWVsNURLcEVLM1RWSXZTbHpMQkJPTWdnYmIyOUZuTk5VeDFxZmRVV3R5ZXY1c3JsaDMtQmoyZ2pfUUJzZ0NaWlVNa1hLUTA5aVdnN3FPT0JBVzIxZWpoTXdTSzFVZ1lqc296anB2aWVpYTYtU0ZBcFVoRGFCN05rakJQZ2pLSlJDbV9rTzZJVlkwazFkZDdJYWwwMjVXSTliRTRhZHBXem1SZ1c2Rk5jMjFPRkdsdGtsUmFWaUdPR3p6c0RMU3hnbURtLTNTVGk5WklRNnZvYk9JN0EtcFZocE5hc19xWE10aGpDejhpOG4yNGpDMmtyRjdfQkN0RHcwQVM4c3NhTnJNNVREeDFBNXAwejN6NVlkX3Jkb25FbWo2UG4tN1Q3ejJNWHNXa1N5U21hLU56LWd1Qm5ZRld0QU9jT2R4X3ctTDczV2lENlFlb190N21vWjFmMURtYngyXzZKVEJmV2dZdlAxWV9FYTVOMDVGczBLSjdGN3J6OENvbVNqUVNHYzZaYUR0X2RTRC1jMkpuN0JVNU5aOEpIMU01TTRiNGp5ZEExNkJocTRJS2ZydlBQUE1ZMDlvTVQwWVpnaUVhWGdKV0J2eUJSMXB1NmRTRW1HQ2hTU2JjdW14Mm9fMlNoOTZfdks4NWkwd2tDWEZtTnFwTU5fSVNoN2VDV1g5aWJOMjROWjAya0VJclg3djYxLURGMzhpX1FDLWU3UkFPTFVXYWwwRE02cDJLVW9WUW1NXy1kdTM0ZzNmM1FfQ2lBWTkxZ2M0cjJaSVlLbEEwV2RRTS01LU8xWklrZDQxNzFIY1JNcklaY2dFOFF0NVNJTlMwam5PSDcwLXkzVWtYLTEtQXBXQVVOVFVKV2tBeFBUb2ZNRm1INGpxd0FITVVpTGRoMkZ4elRHX3Mtc3R1TzBmbW92TVpkVFplSkpkUGNKNzdOUWJkTXlzNjN2YkZiSG5hWHM4RVJZSjVuZXJMUnZkODF4MjJNT2UyY0c1SWNZdXZ3TmVKU2ExVWpGVnRIdjF1UUhib1NkeE52ZTdQRFMyTzdyc0t0WFpqX3BVYUZJSlNWVmpiYk4wdUx6Q2VRbEN0dS1XejhJMnc5WmZDVjdsSk9CMVcxeThmX0VKR0xDMEVPYmt2RnBuMnVweEh4OTU0aGZVcWQ4LTYteDZvZ0J2WkFKVF9XbWIwRE9ESVlxSkJDTHI4Yy1rS2poWmxHc3VrNjVGQXBSWTl1X2RSZE9uckVoWWlUMXJoQjJ0ZVc0Z2V2TXVTN2YxQ1g5QzY0aGNpeGF1UTczakU1ZDVjSm9sZEM4am5hMDNfcTZLT21jT3pQNzZSRVJ4bTF3ZXdGWkJORDRTeC1nRzJGRGlMd3NWa2xkNmFpRGFnLWIycVE0UEUyNlR4SktnVXc3QTQySW5hV2xiLUNpeVZoNGtmWHhZWG1OMHVjVVI3ZTlSeTdQSjZkVUQwNFVKYktGNllmZHFPdDl3MjJ4NlhMa3pRNkJ5UmE1TnFjV25mQ2ticnljZjJxcVlXakZIX3N2cGNVSmFPNEZ1Y3VFSFJNel8zTktjY2xhdlNYZWJLWlBJYThoeDBNdGhGb19jd3lUcVNKWkNTS0xoUGdNSVNwOWpPSlEzVEZ6QThuaDZHZV91dWYwWlVIRnNSOEpGRVQ0ZXN6Sk9XRXhJaDJLWTViTHhFVHQ0OXRlVTVFRmYyaS15eHlEWFVHM2ZBZXRhYjRHWHpZV01qR3JfcDNOSTlXUW0zZzlwQ3QtdGhhVUJOaHk2ZmVXMXV2NlB2OE9RS0Y0cG01UzNUVGJ0YW5idER1Smh0UHZ6YjJieFV0d0lkX21JMncyTTJjQ2hjNHlMbHBoVVA1STNEVTJ1RTZRdHd5LVlNY04zZktncnA1S0lSa0tmUDJ5WHVjVGFwTmdNSGF3U0puakNnVTJmbHQ0dUlfWnFidGxQVlhUSXA5Qmhxc3ZLMWYwVjhXdTNaa1hoR1FMT2JnTzUwNzMwSzA3UGlrQ2FNdkl3ekl0dUQ4cFUwbFh1Z0JVbWJJelM0T3YzZ210ajhDMVRNRXNVdUJYdkZod3ZNQmVSb2ZGZlN1czV6RC0zTy05RHllTTNva2ZGaGxrVXJkUUdZZjZtRjRwbm82bEltZHR6TEV6dXhwR3pxamk3TTVGWmFHVGVabS1Tdk15ZHUyNDVyV1gxS05oaTZEMnhjWmYwMXJWdHc4YmJpWDFieldkV2ZyOVAxdGFZVnJNYTRjLVlKVWRIdWJmMklYMk43TUpJTUhOYWFxOVdiMGtwQnNtNFIwUWRyc1RTbUYxZWw4MGtmVjh4UG5JUl9RR1Z1a0Q2OXFBX01BclYyTUNXQ3MxWld5M2V6WU9LdHZTWHFWUXFhRi05ZERYa2RWeXF3cVVVX3BEbHJLd0xfS09hSXFJcWVOQ1ZJUm11RzZ0dTZwVzNha2txSGlSdVJGckMwZUV5M0ZXd2FQeGpyWnZlX1dBaE1GYUZXMy1odFNQb3JCNk5aeFFObHdFbDJNT1VEaVY4WmtvdmdRYnpyN1VOb3E1b2tTYkoxRkdFYXlhd2g5S0E5OG1LaGg5czBrYmNrQ1podE5LNHdzb0J6cUI5NnRUSkFhZldGTDd4NUp1b1dJY25Sbml2aDlYVS10bk5vV3U4dm8tb3QwQk50ZlJvVE1zUlA3cTZKb0c3dTFWUEFUQy1CLWpralU4VW1xYXVrVG04MnZFZ2czQjRWNjBQakstaDhUZjhtZ3YyUTd0N1RRN3czeGJqOUtTekVXTzR5djVmU09xdjF0SUpTSElMdktaaUxBelFJT2dfZlR2U3hkTlYxdlQwMm05ZWhqRzAxaGllOFU3NWVsdnFySDNCQnlLRjFtdmhPaUlLZFpCNkZKckZKcHBaTFpkMExwXzZJSFY3eWprcmYxcGs0ZmdJVjRtSGY3NE1LQ2Y2ZnMzVFV2Z2NpTjVKQWFhZnlqRmpZdnUtczh3VnlNMWRvQ1M3LXR2eVRqbGRXNDZQSFo2SFE0QzlLRndLeWtBcFlwQ1pTeWhSdXpINnNENDc2WUM0X0hhdy1TV0xXR2I0WVpQZDgybW45aWtDVnFoYjA0UjZuUDFUV2E1WnZMWFhDV09fR3VjU2NiQWtkUkRfOE5EREdLaUI4WV91eDJOMUs4SW1wMmFTdEdsZ1ZoaEM4aU9yTko5SkRweTZtVFVPZlFhOC13WVVaM19TLU9XUXpyQ0V5eTRfVXlCc1hoZUY3cmVoWHRta3J1dFlNd3lXVER1TmpWc2dVMlFXRHRMZlV5VUhMLU44TUgya19EZzB4b3lrTERTZnpQR2dzQmRXSnozcFZvLVZnWjVyLUdRbmNaZ2VpUm9fbjNPOHdOU240WDI4QnQ4d3BMVlVEWUxZd0M1emZVaFplVHJQeFRNdGs1SXdVSUdVcEI1MXdseHFZci10cHl1ajhwNGNMcHdRbGFselItdm0zV1ZLRmxYNEJWNFFZZE1hYUxKR1VTc1kzd0RzajNSMDRqeUpoRmtwaTlZNHBNNUE3SEExbDJkWjdvclhBczB1M1p1dTBoVzZGbTZzTlBQdUY0dzlaT1h4UmNwdF9KNTI1eWExWGYwTF9xaHpSZTlqckJzV2JkM3RnSVdncFItNC1mVE5uOTBNVjJMbzhiS0pEdExORGpnZkU1RVdtdlBfcy0yTTVJWGhpNFI0ckZ2RmdlUkw4cUlta3VKSkh4M2k5Ukd3ZVRCZHlHRnNFdmRhaEJSbmQwSG9uYlZBbFltcldoakh2NzROcklhaFl0TlRjSXVzYy10RWx0b2hWWXplU1ItaGVGMm5IWDFFLUduVVFwSE9ZeWVxZ1hQTUt4RnFBNG5rRnQwNWJmOFdiNi01UC04eF92V0ZuaEE0V1RRQzU4bEFtNW4wT3BrVE45QlRZcEd0SjA1UnR0XzhUOUVaank0ZmFDMndHQmpZajdHMWZJb3o0dUxyMTFkZ21kc1FOczcyS2g0S1JkbWRfTGE4X3YzcTc4SFlFRVdDOHVrYjZWNExDU0l1T09xRGhDbXBCOVFxaGtLN1BVMXFvajdnMVluNlNxS3VFTmx0aGt2Q0pGTlN5TUJoY1RvT1JnMjZOWExjZVphUlpQMXY4RzJLN2UxUkZuNWlIcVRhclRGM3NfTzBYWWRKNi1HcGNUSXdfNWpHbTJuZ0xmU2JiS3NfR0NMdXRicEU0OTJtaDgzRlZqQmVJZUYwRjZyTWdUckRGS2tDYThfNTVXbnVsNGFlMnRqaXV4WUNlelg2dG04SnFYaVNRTW5xb2UwSjVzaGx6b01oUEo5YmJzSkdkRlNiQlIzeHR6Vjdqa2hpYWFPcTgyVFAtc3BMd3d0d19ZMEJmaG1uX3pSTVdxdTB6ek9nSWVhYlJQM1BxSXpUekxhS3JJeno3aTU4aHBCN0o2TUc3N2JRbllCWjFSa1ctVFpvUEo4eWZJVENOdjRYWE95eW8yX044cGlmN0hiczlzaF81RnBiX3Rxemk3cWlwU2dZZUpkcDZJNk8tcXdIZ3dOVS1vSV9HLUUwaXdfajBrZmhQbnNLY3NGWU5ldTRMUzNRZVRHOWtRM3NKSFpPb0JpUFlIRU41T2NzeVNtWktUVFRZVy1zYnFRWkR3N3dCOU5WNW1oWmRhWlFjWkU1RDdkb3ZxS1Zhd0FvZjhnWS0yLXpFSXE1UENHS3dCX0NIXzBLdkNYMFdxMy1jamJSQ1JEM2RIMTJMaWZZTkVKWlJhdDVQMVNYUnpUVVBmbVBfQmd5OEZMQ1pydlVEMDZVMDJ5R296djJ5Q1BrSXhBNG1mQTgxOWtydU9qTmxlNEFVWHZJZU42S2pOSWVFVkI3RjRVSE5UZVVsdW9VbmxVd202MXducEc4czExSWlJSE0yYkFRN1hMX2JiVnlod2Y2Y0R0YkJ0VWlOVldZdkV0WXBKRFdJTk9HUWN6emRpUkVBTjNqMU1BTHNmZHN0V0Z0c2M3TGNkc0p1R3BYWVJDMnJ1SlMzYnRhMHJldWVRZjlxMzZ4NGVWTDA1V1hkY1d3MjR2bnM0R0hoRzViZ0ZoVVBzU2RlbGRxS1pyeXNCM0pfSmZOcXNPdGpFX0oxYXF0THl4WjNoZ3BESHB3ekJKODdNM1Q5V1pzc09UdEMteEY1QXZ6eXhleW9iUXdrMGVwZHo3WlVtNUtlOUNqZGJaU3l0V3RaQV9vZGQxT1VmZjFoUXBZQ2Jlb3dBbS1jLTlMYm1Vbld5eVRFd2tuRFA4d1RWNTN3SzRlQnN1a25VUFpDSlc0M3VsS0lBMVJScHRIc092WmNlNzJZNGxKbEtCSXdiNWJTeTY2ZVFvM1FoS3hQWGFsd3VRc0drTUpQN21DZnNvTkdyZXdXdGFmVFQ1QThKeTI1V0tJZ2R1djhhdVBhcnVEWUtPcmgtZE9zNXVYR2NJUGpTTEh4NmJudlFnQnM2aXRxekZScEZYRm5HVC1paFJ2Szc2WEE0WVBMd2xETXRPenB4cWxMQzNObzlORDRlMDBmbHZLSldYRWUzZTliVnEwNTU4MXpHTkNQWVlqWjFqeDRtUUVSTmFISHhPYllqTmgwVFNHSHVuZ3NPNDIxbEpLTFQtcXVTZnVwTk1lR05SRHJWV3U1dHhPWGJtNElhUzR1dzF0dER0RXlYNVBTejNYUndoMEJIbFVPOXd6MWYxaW5IalZGM3YzRDMyZWE2bC1IY1ZaYXE3aWZ4MG5KNHZHc1VyRlI1QS1SM3NTRTRxSlNaNmJyZzdGZmRwRXVidXNjb0F0eGlMNFV0eWlRV2dMSDBTWENnTE1CLVM3UGo4M0ZpYUZ6RnFSR0RrNndFX0ljUVE5R3NjZDFmdG9hYUVYd2N5M1hubWlBV0FnU3NxNHVpTWRZYl9aX09LcFZOWlM1Vk96MUZpY3cxbzhoTDNBTDZLSkZHQmNfMTY4RFFsSzBiM2JOM1QxQmJJb3UwemJQOThMX2hiX3Jna1lRWVU3XzU0SW9xWnhXdTJ3eGhyenRXajdsajJLUEZpZ3hkU21hNTczb0o0NElJX3NwZmhXOTdiTVYwNFJGTEtCWVV1VFgyZz09\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">decryption recipe in CyberChef<\/a> for decrypting the initial and all the following stages, as the algorithm remains unchanged, only the key changes.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Main Stealer Module&nbsp;<\/h3>\n\n\n\n<p>Once we decrypt the payload, we can see the code of the stealer\u2019s main module.&nbsp;<\/p>\n\n\n\n<p>First, it checks whether the directory &#8220;%LOCALAPPDATA%\/HD Realtek Audio Player&#8221; exists on the victim&#8217;s computer. If not, it creates it and continues execution. This is a technique used by the malware to check if the machine has already been infected.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The malware then begins to steal a variety of data, including:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Login credentials, cookies, and extension data from Chromium-based browsers and cookie data from Mozilla Firefox&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"569\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2b-1024x569.png\" alt=\"\" class=\"wp-image-13169\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2b-1024x569.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2b-300x167.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2b-768x427.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2b-370x206.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2b-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2b-740x411.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image2b.png 1074w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 7<\/em><\/strong><em>. Code for stealing Firefox cookies<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li>Data from apps for managing cryptocurrency wallets&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Discord tokens and Telegram authorization data&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Files with specific names and extensions from user directories&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>There are also two actions performed by the malware that stand out from the rest and are worth a more detailed analysis:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>To steal cookies, Pentagon launches Chromium-based browsers in debug mode.&nbsp;&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>The malware also replaces <em>app.asar <\/em>files used by Exodus and Atomic wallets.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p>Let\u2019s take a closer look at them.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Injection into Atomic and Exodus Crypto Wallets<\/strong>&nbsp;<\/h3>\n\n\n\n<p>The stealer can inject into two popular cryptocurrency wallet management applications: Atomic and Exodus. Both use <a href=\"https:\/\/www.electronjs.org\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Electron<\/a>, which stores JavaScript code in app.asar files.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The injection performed by Pentagon involves replacing these files with attacker-patched versions.&nbsp;<\/p>\n\n\n\n<p>The image above shows the stealer overwriting the <em>app.asar <\/em>content of both applications with data from its command server. Additionally, a loguuid is written to the LICENSE files in both cases, which allows the attackers to identify the victim.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"751\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6-1024x751.png\" alt=\"\" class=\"wp-image-13173\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6-1024x751.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6-300x220.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6-768x563.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6-1536x1126.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6-370x271.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6-270x198.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6-740x542.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6-80x60.png 80w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/6.png 1569w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 8<\/em><\/strong><em>. Code for injecting into Atomic and Exodus<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>But why did they overwrite app.asar and what specific changes were made?&nbsp;&nbsp;<\/p>\n\n\n\n<p>Since .asar files are archives containing .js files, we can unpack them with 7-Zip with a <a href=\"https:\/\/www.tc4shell.com\/en\/7zip\/asar\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">special plugin<\/a> to analyze the code. As expected, the goal here is to obtain the user&#8217;s mnemonic and password. The images below illustrate how this is done.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"622\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/7-1-1024x622.png\" alt=\"\" class=\"wp-image-13175\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/7-1-1024x622.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/7-1-300x182.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/7-1-768x466.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/7-1-1536x933.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/7-1-370x225.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/7-1-270x164.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/7-1-740x449.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/7-1.png 2030w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 9<\/em><\/strong><em>. Collection of the user data in Atomic Wallet<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The images show how a packet, containing the user&#8217;s password, mnemonic, and wallet type, is formed. One of the headers includes the loguuid.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"656\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/8-1-1024x656.png\" alt=\"\" class=\"wp-image-13178\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/8-1-1024x656.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/8-1-300x192.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/8-1-768x492.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/8-1-370x237.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/8-1-270x173.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/8-1-740x474.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/8-1.png 1401w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 10<\/em><\/strong><em>. Collection of the user data in Exodus Wallet<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>It&#8217;s worth noting that the attacker clearly used <a href=\"https:\/\/github.com\/hackirby\/wallets-injection?tab=readme-ov-file\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Inject_PoC<\/a> in this part of the operation, as indicated by the code similarity.&nbsp;&nbsp;<\/p>\n\n\n\n<p>For example, the Atomic Wallet section from the PoC repository looks like this:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1014\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1-1024x1014.png\" alt=\"\" class=\"wp-image-13180\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1-1024x1014.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1-300x297.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1-150x150.png 150w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1-768x761.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1-70x70.png 70w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1-370x366.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1-270x267.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1-740x733.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/9-1.png 1148w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 11<\/em><\/strong><em>. The attacker reused code for injecting into Atomic<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The similarity is evident. The attacker just simplified the packet. In the case of Atomic, even the application version matches.&nbsp;&nbsp;<\/p>\n\n\n\n<p>For Exodus, the code segment from the repository looks like this:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"952\" height=\"1024\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/10-952x1024.png\" alt=\"\" class=\"wp-image-13182\" style=\"width:508px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/10-952x1024.png 952w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/10-279x300.png 279w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/10-768x826.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/10-370x398.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/10-270x290.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/10-740x796.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/10.png 1140w\" sizes=\"(max-width: 952px) 100vw, 952px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 12<\/em><\/strong><em>. Inject_PoC code for injecting into Exodus<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\"><strong>Launching Browsers in Debug Mode<\/strong>&nbsp;<\/h3>\n\n\n\n<p>This is a <a href=\"https:\/\/mango.pdf.zone\/stealing-chrome-cookies-without-a-password\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">common technique<\/a> for obtaining cookies in unencrypted form.&nbsp;<\/p>\n\n\n\n<p>In short, this method causes some Chromium-based browsers to provide cookies in plaintext. If the standard method of extracting cookies from files were used, they would need to be decrypted, which can be problematic.&nbsp;<\/p>\n\n\n\n<p>These browsers use the DPAPI mechanism to protect sensitive data. If the malware is executed in the session of a user whose password was used in the encryption process, a call to the UnProtect() function may be enough to decrypt the data. Otherwise, decryption can be extremely difficult. In addition, the task may be complicated, for example, by the <a href=\"https:\/\/security.googleblog.com\/2024\/07\/improving-security-of-chrome-cookies-on.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Application-Bound (App-Bound) Encryption method<\/a> used in the latest versions of Chrome.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s how debugging helps to get cookies in an easier way:&nbsp;&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>The browser is launched with a specified debugging port (default 9222).&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>A GET request is made to http:\/\/localhost:9222\/json, which returns a JSON response containing webSocketDebuggerUrl.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Commands can be sent to this URL using the WebSocket protocol.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Using the Network.getAllCookies command, the desired cookies are obtained, already decrypted by the browser.&nbsp;<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"368\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/11-1024x368.png\" alt=\"\" class=\"wp-image-13185\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/11-1024x368.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/11-300x108.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/11-768x276.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/11-1536x553.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/11-370x133.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/11-270x97.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/11-740x266.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/11.png 1946w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 13.<\/em><\/strong><em> Code for launching browsers in debug mode<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>This method explains the unusual behavior of relaunching browser, which piqued our interest when we first came across Pentagon\u2019s sample.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Decryption and Transition to the Next Stage: runpython.py&nbsp;<\/h3>\n\n\n\n<p>The final part of the stealer module is the decryption and launch of the next stage, runpython.py.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"208\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/12-1024x208.png\" alt=\"\" class=\"wp-image-13187\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/12-1024x208.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/12-300x61.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/12-768x156.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/12-1536x313.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/12-370x75.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/12-270x55.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/12-740x151.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/12.png 1970w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 14<\/em><\/strong><em>. Code for initializing the next stage<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Once we decrypt the payload, we can see the command used.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"765\" height=\"118\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3f.png\" alt=\"\" class=\"wp-image-13190\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3f.png 765w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3f-300x46.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3f-370x57.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3f-270x42.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3f-740x114.png 740w\" sizes=\"(max-width: 765px) 100vw, 765px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 15<\/em><\/strong><em>. Decrypted command for the next stage launch<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Following the URL inside the command reveals the dropper script used for launching runpython.py.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"318\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/13-1024x318.png\" alt=\"\" class=\"wp-image-13192\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/13-1024x318.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/13-300x93.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/13-768x238.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/13-1536x477.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/13-370x115.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/13-270x84.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/13-740x230.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/13.png 1982w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 16<\/em><\/strong><em>. Runpython.py dropper script<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Yet Another Stage: Functionality of runpython.py&nbsp;<\/h3>\n\n\n\n<p>Inside runpython.py, we can see the following bat-file:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"757\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1-1024x757.png\" alt=\"\" class=\"wp-image-13195\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1-1024x757.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1-300x222.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1-768x567.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1-1536x1135.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1-370x273.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1-270x199.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1-740x547.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1-80x60.png 80w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/14-1.png 1685w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 17<\/em><\/strong><em>. Bat-file loader of the next stage<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>It follows this algorithm:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Checks if it has access to system files, indicating admin rights.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>If not, creates a temporary VBS script to relaunch the current BAT script with admin rights.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Creates the directory C:\\Windows\\WinEmptyfold as an infection indicator.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Runs PowerShell to add a Windows Defender exclusion, preventing it from scanning the C:\/ drive.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Downloads the next stage from a remote resource and executes it as RuntimeBroker.exe.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>Deletes files and directories used by the stealer.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p>In all samples we have analyzed (<a href=\"https:\/\/app.any.run\/tasks\/722ad096-e108-4819-bc69-51123e039a5b\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">example<\/a>),&nbsp;Pentagon Stealer exclusively dropped Purecrypter which then deployed a miner. However, it is possible that there can be alternative payloads.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Attack Chain and Timeline of Python-based Pentagon Stealer&nbsp;<\/h2>\n\n\n\n<p>Pentagon Stealer\u2019s chain of attack can be represented in the following way:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"569\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/15-1024x569.png\" alt=\"\" class=\"wp-image-13197\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/15-1024x569.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/15-300x167.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/15-768x427.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/15-1536x853.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/15-370x206.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/15-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/15-740x411.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/15.png 2045w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 18<\/em><\/strong><em>. Python-based Pentagon Stealer kill chain<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Let\u2019s now take a look at Pentagon\u2019s development timeline and see what methods the attackers used for delivering it to victims.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">March 2024: Typosquatting Campaign&nbsp;<\/h3>\n\n\n\n<p>One of the <a href=\"https:\/\/blog.phylum.io\/typosquatting-campaign-targets-python-developers\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">earliest campaigns<\/a> we came across in our research involved masking Pentagon as popular PyPI Python packages using a technique called \u201ctyposquatting\u201d.&nbsp;<\/p>\n\n\n\n<p>In this version, the malware couldn&#8217;t steal Web Data from Chromium browsers, unencrypted cookies via browser debugging, or Telegram data. Additionally, the protocol for interacting with the C2 server was more primitive: all information was written to files, which were then sent to funcaptcha[.]ru\/delivery.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">September 2024: 1312 Stealer&nbsp;<\/h3>\n\n\n\n<p>In another campaign, the stealer was available under the name 1312 Stealer. ANY.RUN\u2019s <a href=\"https:\/\/app.any.run\/submissions\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Public submissions<\/a> help us track changes in the admin panel.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/41cd2a5b-2306-4881-a053-2478d4fdf2e7\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">On September 2<\/a> 2024, it appeared as follows:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"581\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/16-1024x581.png\" alt=\"\" class=\"wp-image-13199\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/16-1024x581.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/16-300x170.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/16-768x435.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/16-370x210.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/16-270x153.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/16-740x420.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/16.png 1263w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 19<\/em><\/strong><em>. 1312 Stealer Admin Panel on 02.09.24<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>By <a href=\"https:\/\/app.any.run\/tasks\/c4623952-d84d-46cc-8951-9ef27802629a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">September 23<\/a>, it looked like this:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"581\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/17-1024x581.png\" alt=\"\" class=\"wp-image-13201\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/17-1024x581.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/17-300x170.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/17-768x436.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/17-370x210.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/17-270x153.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/17-740x420.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/17.png 1270w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 20<\/em><\/strong><em>. 1312 Stealer Admin panel on 23.09.24<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>A Telegram account is listed for contact, previously seen in Pentagon Stealer Admin Panel.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This campaign used two domains: 1312services[.]ru and 1312stealing[.]ru.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The code for this version can <a href=\"https:\/\/github.com\/Sallie-May\/1312services.ru-Stealer\" target=\"_blank\" rel=\"noreferrer noopener\">be viewed here<\/a>.&nbsp;<\/p>\n\n\n\n<p>1312\u2019s new functionality included stealing Web Data from Chromium-based browsers and Telegram tdata. Communication with the C2 server changed: passwords were sent to 1312services[.]ru\/pw, Web Data to 1312services[.]ru\/webdata, and everything else to 1312services[.]ru\/delivery.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Campaigns&nbsp;<\/h3>\n\n\n\n<p>There are also versions of 1312 Stealer, which include <a href=\"https:\/\/github.com\/Sallie-May\/Acab-Stealer\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Acab Stealer<\/a> and <a href=\"https:\/\/www.cyfirma.com\/research\/vilsa-stealer\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Vilsa Stealer<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Golang Version of Pentagon Stealer&nbsp;<\/h2>\n\n\n\n<p>Now, it\u2019s time to dissect the latest version of the stealer, which is currently being actively distributed. It kept the functionality of the Python version, but with some improvements described below.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"719\" height=\"531\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image-12.png\" alt=\"\" class=\"wp-image-13148\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image-12.png 719w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image-12-300x222.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image-12-370x273.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image-12-270x199.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image-12-80x60.png 80w\" sizes=\"(max-width: 719px) 100vw, 719px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 21<\/em><\/strong><em>. Detect It Easy identified the sample as being written in Go<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/9c58dc61-5a7c-484c-a68e-4d13767939c4\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">View sandbox analysis of the Golang version<\/a>&nbsp;<\/p>\n\n\n\n<p>Unlike its Python counterpart, this variant does not download subsequent stages independently. Instead, it is used as one of the modules in the attack chain, as shown by sandbox analysis. Learn more about this in the &#8216;Infection Methods&#8217; section.&nbsp;<\/p>\n\n\n\n<p>Upon launch, the stealer hides its console window and checks for the directory %LOCALAPPDATA%\\Realtek HD Audio Service on the victim&#8217;s computer, indicating previous execution.&nbsp;&nbsp;<\/p>\n\n\n\n<!-- CTA Split START -->\n<div class=\"cta-split\">\n<div class=\"cta__split-left\">\n\n<!-- Image -->\n<img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/mcusercontent.com\/663b94f19348582a8dc323efe\/images\/0d88188b-3e89-2314-5a60-cb87e8077326.png\" alt=\"Learn to analyze malware in a sandbox\" class=\"cta__split-icon\" \/>\n<\/div>\n\n<div class=\"cta__split-right\">\n<div>\n\n<!-- Heading -->\n<h3 class=\"cta__split-heading\"><br>Learn to analyze cyber threats<\/h3>\n\n<!-- Text -->\n<p class=\"cta__split-text\">\nFollow along a detailed guide to using ANY.RUN&#8217;s <span class=\"highlight\">Interactive Sandbox<\/span> for malware and phishing analysis\n<br \/>\n<br \/>\n<\/p>\n<\/div>\n<!-- CTA Link -->\n<a target=\"_blank\" rel=\"noopener\" id=\"article-banner-split\" href=\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/\"><div class=\"cta__split-link\">Read full guide<\/div><\/a>\n<\/div>\n<\/div>\n<!-- CTA Split END -->\n<!-- CTA Split Styles START -->\n<style>\n.cta-split {\noverflow: hidden;\nmargin: 3rem 0;\ndisplay: grid;\njustify-items: center;\nborder-radius: 0.5rem;\nwidth: 100%;\nmin-height: 25rem;\ngrid-template-columns: repeat(2, 1fr);\nborder: 1px solid rgba(75, 174, 227, 0.32);\nfont-family: 'Catamaran Bold';\n}\n\n.cta__split-left {\ndisplay: flex;\nalign-items: center;\njustify-content: center;\nheight: 100%;\nwidth: 100%;\nbackground-color: #161c59;\nbackground-position: center center;\nbackground: rgba(32, 168, 241, 0.1);\n}\n\n.cta__split-icon { \nwidth: 100%;\nheight: auto;\nobject-fit: contain;\nmax-width: 100%;\n}\n\n.cta__split-right {\ndisplay: flex;\nflex-direction: column;\njustify-content: space-between;\npadding: 2rem;\n}\n\n.cta__split-heading { font-size: 1.5rem; }\n\n.cta__split-text {\nmargin-top: 1rem;\nfont-family: Lato, Roboto, sans-serif;\n}\n\n.cta__split-link {\npadding: 0.5rem 1rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: white;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\ndisplay: block;\nz-index: 1000;\nposition: relative;\ncursor: pointer !important;\n}\n\n.cta__split-link:hover {\nbackground-color: #68CBFF;\ncolor: white;\ncursor: pointer;\n}\n\n.highlight { color: #ea2526;}\n\n\n\/* Mobile styles START *\/\n@media only screen and (max-width: 768px) {\n\n.cta-split {\ngrid-template-columns: 1fr;\nmin-height: auto;\n}\n\n.cta__split-left {\nheight: auto;\nmin-height: 10rem;\n}\n\n\n.cta__split-left, .cta__split-right {\nheight: auto;\n}\n\n.cta__split-heading { font-size: 1.2rem; }\n\n.cta__split-text { font-size: 1rem; }\n.cta__split-icon {\nmax-height: auto;\nobject-fit: cover;\n}\n\n}\n\/* Mobile styles END *\/\n<\/style>\n<!-- CTA Split Styles END -->\n\n\n\n<p>It then begins collecting information as described. The main improvement, unique to the Golang version, is the ability to steal data not only from Firefox but also from other Gecko-based browsers, including:&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-grid wp-container-core-group-is-layout-1 wp-block-group-is-layout-grid\">\n<ul class=\"wp-block-list\">\n<li>Zen&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SeaMonkey&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Waterfox&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>K-Meleon&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Thunderbird&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IceDragon&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cyberfox&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>BlackHaw&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Pale Moon&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mercury&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Librewolf&nbsp;<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<p>The malware now can steal passwords from these browsers, in addition to cookies. The rest of the functionality remains unchanged, though the programming language has been altered.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">C2 Communication Protocol&nbsp;<\/h3>\n\n\n\n<p>Regarding interaction with the C2 server, recent malware versions use two domains: <em>stealer[.]cy<\/em> and <em>pentagon[.]cy<\/em>. The communication method is identical in both the latest Python and Golang versions.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"606\" height=\"1024\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1-606x1024.png\" alt=\"\" class=\"wp-image-13206\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1-606x1024.png 606w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1-177x300.png 177w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1-768x1299.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1-908x1536.png 908w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1-1211x2048.png 1211w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1-370x626.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1-270x457.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1-740x1251.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/18-1.png 1362w\" sizes=\"(max-width: 606px) 100vw, 606px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 22<\/em><\/strong><em>. How Pentagon Stealer communicate with C2<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The stealer and command server communicate via HTTP requests. Upon log creation (create_log()), the victim sends the number of collected passwords, cookies, Discord tokens, and names of all collected files. The server responds with either a rejection or a log_uuid, which is subsequently used as the victim&#8217;s identifier, replacing the previously hardcoded uuid.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"720\" height=\"93\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39-1.png\" alt=\"\" class=\"wp-image-13210\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39-1.png 720w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39-1-300x39.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39-1-370x48.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39-1-270x35.png 270w\" sizes=\"(max-width: 720px) 100vw, 720px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 23<\/em><\/strong><em>. POST request to pentagon[.]cy\/create_log shown in ANY.RUN<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"720\" height=\"93\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39.png\" alt=\"\" class=\"wp-image-13209\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39.png 720w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39-300x39.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39-370x48.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image39-270x35.png 270w\" sizes=\"(max-width: 720px) 100vw, 720px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 24.<\/em><\/strong><em> C2 response<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Infection Methods&nbsp;<\/h3>\n\n\n\n<p>Notably, the Golang version of the stealer lacks any encryption of its code and strings, which is unusual since each subsequent stage of its Python counterpart is encrypted using AES. This suggests the possible existence of a dropper or loader.&nbsp;&nbsp;<\/p>\n\n\n\n<p>A search in TI Lookup involving the stealer yielded the <a href=\"https:\/\/app.any.run\/tasks\/10345e59-46a2-4800-8adf-38155af255b7\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">following analysis<\/a>.&nbsp;<\/p>\n\n\n\n<p>Here is the sample\u2019s execution chain:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"605\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/21-1024x605.png\" alt=\"\" class=\"wp-image-13212\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/21-1024x605.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/21-300x177.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/21-768x454.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/21-370x219.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/21-270x160.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/21-740x438.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/21.png 1534w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 25<\/em><\/strong><em>. Attack chain involving the Golang version&nbsp;<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The initial attack stage involved running an NSIS installer named BlumBot.exe. This installer executed a VBS script that displayed a familiar message, \u201cvcruntime140.dll is missing from your computer\u201d. It then proceeds to launch the next stage, Installer.exe.&nbsp;<\/p>\n\n\n\n<p>Notably, reverse-engineering BlumBot.exe was not necessary to uncover this. A tool capable of unpacking NSIS installers and extracting the .nsi script was enough. In our investigation, we used <a href=\"https:\/\/github.com\/M2Team\/NanaZip?tab=readme-ov-file\" target=\"_blank\" rel=\"noreferrer noopener\">NanaZip<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>NSIS installer in NanaZip:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"247\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/22-1024x247.png\" alt=\"\" class=\"wp-image-13214\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/22-1024x247.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/22-300x72.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/22-768x185.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/22-370x89.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/22-270x65.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/22-740x179.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/22.png 1123w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 26<\/em><\/strong><em>. NSIS installer in NanaZip<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Fragment of the .nsi script:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"622\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/23-1-1024x622.png\" alt=\"\" class=\"wp-image-13217\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/23-1-1024x622.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/23-1-300x182.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/23-1-768x467.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/23-1-370x225.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/23-1-270x164.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/23-1-740x450.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/23-1.png 1432w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 27<\/em><\/strong><em>. Piece of .nsi script<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Installer.exe is a loader written in Golang. Its sole purpose is to download and execute two files, ByPass.exe and Main.exe, from biteblob[.]com, and then send a Telegram message confirming successful execution.&nbsp;<\/p>\n\n\n\n<p>Following this, the stealer and a second module, which is actually a miner, are executed.&nbsp;<\/p>\n\n\n\n<p>This is just one example of how Pentagon Stealer is used. In Public Submissions, you can frequently observe samples of various malware using this stealer as one stage in an attack chain.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Further Evolution of Pentagon Stealer&nbsp;<\/h2>\n\n\n\n<p>As mentioned, this malware has appeared under various names, although its core functionality remains unchanged, with only minor logical modifications. This trend continues today.&nbsp;&nbsp;<\/p>\n\n\n\n<p>For instance, we recently discovered samples of a stealer with identical code but named BLX Stealer, as indicated by code strings and description in <a href=\"https:\/\/www.cyfirma.com\/research\/blx-stealer\/\" target=\"_blank\" rel=\"noreferrer noopener\">this article<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/75fbe107-c04f-42ea-ad78-e13ecfa67eef\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pentagon_stealer&amp;utm_term=290425&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">View sandbox analysis of BLX Stealer<\/a>&nbsp;<\/p>\n\n\n\n<p>The attack consists of multiple stages, but we focus on the stealer itself.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This version is written in Python, like its predecessors, but is packaged into an executable using PyInstaller. With <a href=\"https:\/\/github.com\/extremecoders-re\/pyinstxtractor\" target=\"_blank\" rel=\"noreferrer noopener\">pyinstxtractor<\/a> and <a href=\"https:\/\/pylingual.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">pylingual.io<\/a>, we successfully reconstructed the stealer&#8217;s source code for analysis.&nbsp;<\/p>\n\n\n\n<p>Regarding functionality, this version did not branch out from the latest Pentagon Stealer, as it lacks crypto-wallet injection and data theft from Gecko-based browsers other than Mozilla Firefox.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Yet, it has unique features not previously observed:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Extracts clipboard content&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Captures screenshots&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reads system information&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Retrieves additional Discord user information, including two-factor authentication status, Nitro subscription type, and user badges&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Steals Steam and Epic Games account data&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The communication protocol with the C2 server is also noteworthy. The stealer does not send files directly; instead, it uploads them to gofile.io and then sends the access link to http[:]\/\/&lt;ip&gt;\/tgproxy\/{USERID}\/.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"599\" height=\"64\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3e.png\" alt=\"\" class=\"wp-image-13220\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3e.png 599w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3e-300x32.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3e-370x40.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3e-270x29.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/04\/image3e-585x64.png 585w\" sizes=\"(max-width: 599px) 100vw, 599px\" \/><figcaption class=\"wp-element-caption\"><strong><em>Image 28<\/em><\/strong><em>. Example of C2 communication<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>We also discovered a sample with the capability to steal NordVPN configuration files (user.config).&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp; <\/h2>\n\n\n\n<p>Pentagon Stealer cannot be considered malware capable of complex targeted attacks due to its simplicity. Its development history shows that authors often merely changed the domain, leaving the functionality intact. However, a year has passed since its first mention, and it has undergone modifications, with the most significant changes occurring this year. The story is far from over, as new, more complex versions continue to emerge, albeit from different authors.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">IOCs and TTPs<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">MITRE ATT&amp;CK&nbsp;<\/h3>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-235\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"3\"\n           data-rows=\"17\"\n           data-wpID=\"235\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell \"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Tactics\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell \"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Techniques\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell \"\n                                            data-cell-id=\"C1\"\n                    data-col-index=\"2\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Description\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TA0002: Execution\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"C2\"\n                    data-col-index=\"2\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.001: Command and Scripting Interpreter: PowerShell\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C3\"\n                    data-col-index=\"2\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Disables disk C: scanning using Microsoft Defender in the Python version\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.003: Command and Scripting Interpreter: Windows Command Shell\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C4\"\n                    data-col-index=\"2\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Executes a .bat file to download the next stage in the Python version\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.005: Command and Scripting Interpreter: Visual Basic\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C5\"\n                    data-col-index=\"2\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Launches a .vbs script to escalate privileges in the Python version\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TA005: Defense Evasion\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"C6\"\n                    data-col-index=\"2\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A7\"\n                    data-col-index=\"0\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B7\"\n                    data-col-index=\"1\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1140: Deobfuscate\/Decode Files or Information\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C7\"\n                    data-col-index=\"2\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Decrypts Python stages using Fernet\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A8\"\n                    data-col-index=\"0\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TA0006: Credential Access\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"B8\"\n                    data-col-index=\"1\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"C8\"\n                    data-col-index=\"2\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A9\"\n                    data-col-index=\"0\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B9\"\n                    data-col-index=\"1\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1555.003: Credentials from Web Browsers\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C9\"\n                    data-col-index=\"2\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Steals passwords from various browsers\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A10\"\n                    data-col-index=\"0\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B10\"\n                    data-col-index=\"1\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1539: Steal Web Session Cookie\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C10\"\n                    data-col-index=\"2\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Steals cookies from various browsers\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A11\"\n                    data-col-index=\"0\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TA0009: Collection\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"B11\"\n                    data-col-index=\"1\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"C11\"\n                    data-col-index=\"2\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A12\"\n                    data-col-index=\"0\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B12\"\n                    data-col-index=\"1\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1005: Data from Local System\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C12\"\n                    data-col-index=\"2\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Collects files with specific names and extensions from user directories\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A13\"\n                    data-col-index=\"0\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TA0011: Command and Control \t\t\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"B13\"\n                    data-col-index=\"1\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"C13\"\n                    data-col-index=\"2\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A14\"\n                    data-col-index=\"0\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B14\"\n                    data-col-index=\"1\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1071.001: Application Layer Protocol\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C14\"\n                    data-col-index=\"2\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Sends collected data to the command server\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A15\"\n                    data-col-index=\"0\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B15\"\n                    data-col-index=\"1\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1659: Content Injection\u00a0\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C15\"\n                    data-col-index=\"2\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Injects custom JavaScript code into cryptocurrency management software\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A16\"\n                    data-col-index=\"0\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TA0040: Impact\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"B16\"\n                    data-col-index=\"1\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                                <td class=\"wpdt-cell  wpdt-empty-cell \"\n                                            data-cell-id=\"C16\"\n                    data-col-index=\"2\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A17\"\n                    data-col-index=\"0\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B17\"\n                    data-col-index=\"1\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1657: Financial Theft\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C17\"\n                    data-col-index=\"2\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Steals credentials from cryptocurrency management software\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-235'>\ntable#wpdtSimpleTable-235{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-235 td, table.wpdtSimpleTable235 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<h3 class=\"wp-block-heading\">IOCs<\/h3>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-236\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"5\"\n           data-wpID=\"236\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Title\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Description\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Name\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        build_59.exe\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        MD5\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        a1726ff80b020aa291bdcbb21159c618\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        SHA1\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        51c9978e60995174ed2b6b8cc5e8e1a973b66337\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        SHA256\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        0411589551ab684892e3cc776674df0f07bcdbb931c29da93c2afd08fe077336\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-236'>\ntable#wpdtSimpleTable-236{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-236 td, table.wpdtSimpleTable236 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p><strong>DNS requests<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>pentagon[.]cy&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>stealer[.]cy&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>HTTP\/HTTPS requests<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/pentagon[.]cy\/create_log&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/pentagon[.]cy\/log_data&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/pentagon[.]cy\/log_files&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/pentagon[.]cy\/exodus&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/pentagon[.]cy\/atomic &nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/pentagon[.]cy\/wallet_injection&nbsp;<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The current article provides technical analysis of an emerging malware named Pentagon Stealer. The research has been prepared by the analyst team at ANY.RUN.&nbsp; Key Takeaways&nbsp; How We Discovered Pentagon Stealer&nbsp; In early March of this year, when browsing Public submissions, the ANY.RUN team came across an interesting malware sample written in Golang.&nbsp; View sandbox [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":13236,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[57,10,15,34,40],"class_list":["post-13137","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-analysis","tag-anyrun","tag-cybersecurity","tag-malware","tag-malware-analysis","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Pentagon Stealer: Go and Python Malware Targeting Crypto\u00a0<\/title>\n<meta name=\"description\" content=\"Read in-depth technical analysis of Pentagon Stealer, an evolving malware with Python &amp; Golang variants that targets crypto wallets.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"17 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Pentagon Stealer: Go and Python Malware with Crypto Theft Capabilities\u00a0\",\"datePublished\":\"2025-04-29T12:06:46+00:00\",\"dateModified\":\"2025-07-17T08:22:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/\"},\"wordCount\":2767,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware\",\"malware analysis\",\"malware behavior\"],\"articleSection\":[\"Malware Analysis\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/\",\"name\":\"Pentagon Stealer: Go and Python Malware Targeting Crypto\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-04-29T12:06:46+00:00\",\"dateModified\":\"2025-07-17T08:22:10+00:00\",\"description\":\"Read in-depth technical analysis of Pentagon Stealer, an evolving malware with Python & Golang variants that targets crypto wallets.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware Analysis\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/malware-analysis\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Pentagon Stealer: Go and Python Malware with Crypto Theft Capabilities\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pentagon Stealer: Go and Python Malware Targeting Crypto\u00a0","description":"Read in-depth technical analysis of Pentagon Stealer, an evolving malware with Python & Golang variants that targets crypto wallets.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"17 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Pentagon Stealer: Go and Python Malware with Crypto Theft Capabilities\u00a0","datePublished":"2025-04-29T12:06:46+00:00","dateModified":"2025-07-17T08:22:10+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/"},"wordCount":2767,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware","malware analysis","malware behavior"],"articleSection":["Malware Analysis"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/","url":"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/","name":"Pentagon Stealer: Go and Python Malware Targeting Crypto\u00a0","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-04-29T12:06:46+00:00","dateModified":"2025-07-17T08:22:10+00:00","description":"Read in-depth technical analysis of Pentagon Stealer, an evolving malware with Python & Golang variants that targets crypto wallets.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/pentagon-stealer-malware-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Malware Analysis","item":"https:\/\/any.run\/cybersecurity-blog\/category\/malware-analysis\/"},{"@type":"ListItem","position":3,"name":"Pentagon Stealer: Go and Python Malware with Crypto Theft Capabilities\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/13137"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=13137"}],"version-history":[{"count":50,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/13137\/revisions"}],"predecessor-version":[{"id":13244,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/13137\/revisions\/13244"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/13236"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=13137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=13137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=13137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}