├── .github
    └── workflows
    │   └── terraform.yml
├── LICENSE
├── README.md
├── images
    └── flow.png
└── terraform
    ├── Lambda_all
        └── lambda_function_all.py
    ├── Lambda_plugin
        └── lambda_function_plugin.py
    ├── analysis_script
        ├── analysis.py
        ├── template.css
        ├── template.html
        └── template.js
    ├── api.tf
    ├── batch.tf
    ├── cloudwatch.tf
    ├── codecommit.tf
    ├── docker
        ├── Dockerfile
        └── run.sh
    ├── ecr.tf
    ├── iam.tf
    ├── init.tf
    ├── lambda.tf
    ├── network.tf
    ├── s3.tf
    ├── s3
        └── error.html
    ├── sns.tf
    └── variables.tf


/.github/workflows/terraform.yml:
--------------------------------------------------------------------------------
 1 | name: 'Deploy to AWS using Terraform'
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |     - main
 7 |     paths:
 8 |       - 'terraform/**'
 9 | 
10 | jobs:
11 | 
12 |   setup_terraform:
13 | 
14 |     runs-on: ubuntu-latest
15 | 
16 |     steps:
17 |     - name: Checkout
18 |       uses: actions/checkout@v3
19 | 
20 |     - name: Configure AWS credentials
21 |       uses: aws-actions/configure-aws-credentials@v1
22 |       with:
23 |         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
24 |         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
25 |         aws-region: ${{ secrets.AWS_REGION }}
26 | 
27 |     - name: Login to ECR
28 |       uses: docker/login-action@v2
29 |       with:
30 |         registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
31 |         username: ${{ secrets.AWS_ACCESS_KEY_ID }}
32 |         password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
33 | 
34 |     - name: Caching state
35 |       id: cache
36 |       uses: actions/cache@v3
37 |       with:
38 |         path: ~/terraform/.terraform
39 |         key: ${{ runner.os }}-terraform-state
40 | 
41 |     - name: Setup Terraform
42 |       uses: hashicorp/setup-terraform@v2
43 |       with:
44 |         terraform_version: 1.2.3
45 | 
46 |     - name: Terraform Init
47 |       run: terraform init
48 |       working-directory: ./terraform
49 | 
50 |     - name: Terraform Plan
51 |       run: terraform plan -no-color
52 |       working-directory: ./terraform
53 | 
54 |     - name: Terraform Apply
55 |       run: terraform apply -auto-approve -no-color
56 |       working-directory: ./terraform
57 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The 3-Clause BSD License
 2 | 
 3 | SPDX short identifier: BSD-3-Clause  
 4 | Note: This license has also been called the "New BSD License" or "Modified BSD License". See also the 2-clause BSD License.
 5 | 
 6 | ---
 7 | 
 8 | Copyright 2023 JPCERT Coordination Center
 9 | 
10 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
11 | 
12 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
13 | 
14 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
15 | 
16 | 3. Neither JPCERT Coordination Center nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
17 | 
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 
19 | 
20 | IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Memory Forensic on Cloud
  2 | 
  3 | This repository is a PoC for memory forensic on AWS.
  4 | 
  5 | ![flow](images/flow.png)
  6 | 
  7 | ## Support OS
  8 | 
  9 | This system only supports memory forensics on Windows OS.
 10 | 
 11 | ## Requirements Service
 12 | 
 13 | Get an account for the following services.
 14 | 
 15 | * AWS
 16 | * GitHub
 17 | 
 18 | ## How to Use
 19 | 
 20 | ### Clone or Fork This Repository
 21 | 
 22 | ```bash
 23 | $ git clone https://github.com/JPCERTCC/MemoryForensic-on-Cloud.git
 24 | ```
 25 | 
 26 | ### Setup Configuration
 27 | 
 28 | #### variables.tf
 29 | 
 30 | ```python
 31 | # Region to build the system
 32 | variable "region" {
 33 |   default = "us-east-1"
 34 | }
 35 | 
 36 | # Docker image name
 37 | variable "image_name" {
 38 |   default = "memory-analysis"
 39 | }
 40 | 
 41 | # Dockerfile directory
 42 | variable "docker_dir" {
 43 |   default = "docker"
 44 | }
 45 | 
 46 | # Analysis script directory
 47 | variable "codecommit_dir" {
 48 |   default = "analysis_script"
 49 | }
 50 | 
 51 | # Username to commit to Codecommit
 52 | variable "codecommit_username" {
 53 |   default = "terraformer"
 54 | }
 55 | 
 56 | # E-mail to commit to Codecommit
 57 | variable "codecommit_email" {
 58 |   default = "test@example.com"
 59 | }
 60 | 
 61 | # System name to build on AWS
 62 | variable "app_name" {
 63 |   default = "memory-analysis"
 64 | }
 65 | 
 66 | # IP address to access API Gateway and S3
 67 | variable "trusted_ip" {
 68 |   default = "192.168.1.1/32"
 69 | }
 70 | 
 71 | # Network address used by VPC
 72 | variable "cidr_block_vpc" {
 73 |   default = "172.20.0.0/16"
 74 | }
 75 | 
 76 | # AWS access key
 77 | variable "aws_access_key_id" {
 78 |   default = ""
 79 | }
 80 | 
 81 | # AWS secret access key
 82 | variable "aws_secret_access_key" {
 83 |   default = ""
 84 | }
 85 | 
 86 | # E-mail to notify the analysis status
 87 | variable "sns_email" {
 88 |   default = ""
 89 | }
 90 | 
 91 | 
 92 | ```
 93 | 
 94 | ### Setup GitHub Actions
 95 | 
 96 | Set GitHub Actions secrets.
 97 | 
 98 | * AWS_ACCESS_KEY_ID
 99 | * AWS_SECRET_ACCESS_KEY
100 | * AWS_ACCOUNT_NUMBER
101 | * AWS_REGION
102 | 
103 | How to use GitHub Actions secrets. https://docs.github.com/en/actions/security-guides/encrypted-secrets
104 | 
105 | Finally, commit the repository to GitHub.
106 | 


--------------------------------------------------------------------------------
/images/flow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/MemoryForensic-on-Cloud/1ec5699389b5c1c060e032bb168993b8a1ecc379/images/flow.png


--------------------------------------------------------------------------------
/terraform/Lambda_all/lambda_function_all.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | import boto3
 3 | import logging
 4 | import datetime
 5 | 
 6 | JOB_QUEUE = os.environ['JOB_QUEUE']
 7 | JOB_DEFINITION = os.environ['JOB_DEFINITION']
 8 | 
 9 | logger = logging.getLogger()
10 | logLevelTable={'DEBUG':logging.DEBUG,'INFO':logging.INFO,'WARNING':logging.WARNING,'ERROR':logging.ERROR,'CRITICAL':logging.CRITICAL}
11 | if 'logging_level' in os.environ and os.environ['logging_level'] in logLevelTable :
12 |     logLevel=logLevelTable[os.environ['logging_level']]
13 | else:
14 |     logLevel=logging.WARNING
15 | logger.setLevel(logLevel)
16 | 
17 | def lambda_handler(event, context):
18 |     file_name = event['detail']['object']['key']
19 |     source_ip = event['detail']['source-ip-address']
20 |     logger.info(" : upload file name {0} from {1}".format(file_name, source_ip))
21 |     commands = ["/tmp/run.sh", file_name, "all"]
22 | 
23 |     logger.info(" : commands {0}".format(commands))
24 | 
25 |     client = boto3.client('batch')
26 | 
27 |     response = client.submit_job(
28 |         jobName = "MemForensicJob_" + file_name,
29 |         jobQueue = JOB_QUEUE,
30 |         jobDefinition = JOB_DEFINITION,
31 |         containerOverrides={
32 |             'command': commands
33 |             }
34 |         )
35 |     print(response)
36 | 


--------------------------------------------------------------------------------
/terraform/Lambda_plugin/lambda_function_plugin.py:
--------------------------------------------------------------------------------
 1 | import re
 2 | import os
 3 | import boto3
 4 | import logging
 5 | import datetime
 6 | 
 7 | JOB_QUEUE = os.environ['JOB_QUEUE']
 8 | JOB_DEFINITION = os.environ['JOB_DEFINITION']
 9 | 
10 | # Sha256 Check
11 | HASH_CHECK = r"[%*+=\[\]\\/|;:\"<>?,&]"
12 | 
13 | logger = logging.getLogger()
14 | logLevelTable={'DEBUG':logging.DEBUG,'INFO':logging.INFO,'WARNING':logging.WARNING,'ERROR':logging.ERROR,'CRITICAL':logging.CRITICAL}
15 | if 'logging_level' in os.environ and os.environ['logging_level'] in logLevelTable :
16 |     logLevel=logLevelTable[os.environ['logging_level']]
17 | else:
18 |     logLevel=logging.WARNING
19 | logger.setLevel(logLevel)
20 | 
21 | def lambda_handler(event, context):
22 |     file_name = event['queryStringParameters']['hash']
23 |     plugin = event['queryStringParameters']['plugin']
24 |     if not re.search(r"\A[0-9a-zA-Z]{64}\Z", file_name):
25 |         logger.error(" : Hash value does not match format.")
26 |         return "Error"
27 | 
28 |     if not re.search(r"\A[a-z_]{4,25}\Z", plugin):
29 |         logger.error(" : Plugin name does not match format.")
30 |         return "Error"
31 | 
32 |     if plugin in "dumpfiles":
33 |         try:
34 |             pid = event['queryStringParameters']['pid']
35 |             if not re.search(r"\A[0-9]{1,6}\Z", pid):
36 |                 logger.error(" : PID does not match format.")
37 |                 return "Error"
38 |             logger.info(" : dump file {0} pid {1}".format(file_name, pid))
39 |             commands = ["/tmp/run.sh", file_name, "dumpfiles", "-p", pid]
40 |         except:
41 |             logger.error(" : Can't get pid option.")
42 |             return "Error"
43 |     else:
44 |         logger.info(" : Analysis file {0} plugin {1}".format(file_name, plugin))
45 |         commands = ["/tmp/run.sh", file_name, plugin]
46 | 
47 |     logger.info(" : commands {0}".format(commands))
48 | 
49 |     client = boto3.client('batch')
50 | 
51 |     response = client.submit_job(
52 |         jobName = "MemForensicJob_" + plugin + "_" + file_name,
53 |         jobQueue = JOB_QUEUE,
54 |         jobDefinition = JOB_DEFINITION,
55 |         containerOverrides={
56 |             'command': commands
57 |             }
58 |         )
59 | 
60 |     logger.debug(response)
61 | 
62 |     if plugin in "dumpfiles":
63 |         return {
64 |             'statusCode':303,
65 |             'headers':{
66 |                 'Location': "http://" + os.environ['S3_BUCKET'] + "/" + file_name + "/" + pid + ".zip",
67 |             }
68 |         }
69 |     else:
70 |         return "Start job."
71 | 


--------------------------------------------------------------------------------
/terraform/analysis_script/analysis.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import os
  5 | import sys
  6 | import git
  7 | import json
  8 | import time
  9 | import yara
 10 | import shutil
 11 | import hashlib
 12 | import datetime
 13 | import argparse
 14 | import subprocess
 15 | 
 16 | 
 17 | FPATH = os.path.dirname(os.path.abspath(__file__))
 18 | MAIN_DIR = os.path.join(FPATH, 'main')
 19 | YARA_DIR = os.path.join(FPATH, "yara_sig")
 20 | YARA_FILE = os.path.join(FPATH, "all.yara")
 21 | 
 22 | with open(os.path.join(FPATH, "template.html"), "r") as f:
 23 |     HTML_DATA = f.read()
 24 | 
 25 | with open(os.path.join(FPATH, "template.js"), "r") as f:
 26 |     JS_DATA = f.read()
 27 | 
 28 | with open(os.path.join(FPATH, "template.css"), "r") as f:
 29 |     CSS_DATA = f.read()
 30 | 
 31 | yara_repos = ["https://github.com/JPCERTCC/jpcert-yara.git",
 32 |               #"https://github.com/Neo23x0/signature-base.git",
 33 |               "https://github.com/volexity/threat-intel.git",
 34 |               "https://github.com/mandiant/red_team_tool_countermeasures.git",
 35 |               ]
 36 | 
 37 | memory_backet_name = os.environ['IMAGE_BACKET_NAME']
 38 | result_backet_name = os.environ['BACKET_NAME']
 39 | repo_name = os.environ['REPO_NAME']
 40 | region = os.environ['REGION']
 41 | api_gateway_url = os.environ['API_GATEWAY_URL']
 42 | 
 43 | parser = argparse.ArgumentParser(description="Analysis memory image using Volatility3.")
 44 | parser.add_argument(dest="file", action="store", type=str, metavar="FILE",
 45 |                     help="Memory dump file.")
 46 | parser.add_argument(dest="plugin", action="store", type=str, metavar="PLUGIN_NAME",
 47 |                     help="Set using plugin name. (if 'all', execute all plugins)")
 48 | parser.add_argument("-p", "--pid", dest="pid", action="store", type=str, metavar="PID",
 49 |                     help="Set the pid of dumpfile..")
 50 | args = parser.parse_args()
 51 | 
 52 | PLUGINS = ["windows.bigpools.BigPools",
 53 |            "windows.cachedump.Cachedump",
 54 |            "windows.callbacks.Callbacks",
 55 |            "windows.cmdline.CmdLine",
 56 |            "windows.driverirp.DriverIrp",
 57 |            "windows.driverscan.DriverScan",
 58 |            "windows.envars.Envars",
 59 |            "windows.filescan.FileScan",
 60 |            "windows.getservicesids.GetServiceSIDs",
 61 |            "windows.getsids.GetSIDs",
 62 |            #"windows.handles.Handles", # slow analysis
 63 |            "windows.hashdump.Hashdump",
 64 |            "windows.lsadump.Lsadump",
 65 |            #"windows.memmap.Memmap", # slow analysis
 66 |            "windows.modscan.ModScan",
 67 |            "windows.mutantscan.MutantScan",
 68 |            "windows.netscan.NetScan",
 69 |            "windows.netstat.NetStat",
 70 |            "windows.poolscanner.PoolScanner",
 71 |            "windows.privileges.Privs",
 72 |            "windows.pstree.PsTree",
 73 |            "windows.registry.certificates.Certificates", # bug?
 74 |            "windows.registry.hivelist.HiveList",
 75 |            "windows.registry.hivescan.HiveScan",
 76 |            #"windows.registry.userassist.UserAssist", # Set HIVE offset (--offset) from HiveScan
 77 |            "windows.skeleton_key_check.Skeleton_Key_Check",
 78 |            "windows.ssdt.SSDT",
 79 |            #"windows.strings.Strings", # Set pid (--pid)
 80 |            "windows.svcscan.SvcScan",
 81 |            "windows.symlinkscan.SymlinkScan",
 82 |            "windows.vadinfo.VadInfo",
 83 |            "windows.verinfo.VerInfo",
 84 |            "windows.virtmap.VirtMap",]
 85 | 
 86 | DUMP_PLUGINS = ["windows.pslist.PsList",
 87 |                 "windows.psscan.PsScan",
 88 |                 "windows.malfind.Malfind",
 89 |                 "windows.modules.Modules",
 90 |                 "windows.dlllist.DllList",]
 91 | 
 92 | def download_from_s3(filename):
 93 |     print("[+]{0} : download memory image".format(datetime.datetime.now()))
 94 |     subprocess.call('aws s3 cp s3://' + memory_backet_name + '/' + filename + ' /tmp/' + repo_name + '/ ', shell=True)
 95 | 
 96 | def yara_download():
 97 |     if os.path.exists(YARA_DIR) is True:
 98 |         shutil.rmtree(YARA_DIR)
 99 | 
100 |     if os.path.exists(YARA_FILE) is True:
101 |         os.remove(YARA_FILE)
102 | 
103 |     for i, yara_repo in enumerate(yara_repos):
104 |         for j in range(1, 4):
105 |             try:
106 |                 git.Repo.clone_from(yara_repo, os.path.join(YARA_DIR, str(i)))
107 |                 print("[+]{0} : download yara rule {1}".format(datetime.datetime.now(), yara_repo))
108 |                 break
109 |             except git.GitCommandError as ex:
110 |                 print("[!]{0} :error:{1}: retry:{2}/3".format(datetime.datetime.now(), ex, j))
111 |                 time.sleep(10 * j)
112 |                 print("[+]{0} :retrying".format(datetime.datetime.now()))
113 |             if j == 3:
114 |                 sys.exit("[!]{0} : Can't clone {1}".format(datetime.datetime.now(), yara_repo))
115 | 
116 |     with open(YARA_FILE, "a", encoding="utf-8") as f:
117 |         for cur_dir, dirs, files in os.walk(YARA_DIR):
118 |             for file in files:
119 |                 if (file.endswith(".yara") or file.endswith(".yar")) and not file.startswith("all-yara.yar"):
120 |                     try:
121 |                         yara.compile(os.path.abspath(os.path.join(cur_dir, file)))
122 |                         with open(os.path.abspath(os.path.join(cur_dir, file)), "r") as fyara:
123 |                             yara_data = fyara.read()
124 |                         f.write(yara_data + "\n")
125 |                     except:
126 |                         print("[!]{0} : Can't load yara file {1}".format(datetime.datetime.now(), os.path.abspath(os.path.join(cur_dir, file))))
127 | 
128 | def get_hash(filename):
129 |     hash = hashlib.sha256()
130 | 
131 |     with open(filename, 'rb') as f:
132 |         while True:
133 |             chunk = f.read(2048 * hash.block_size)
134 |             if len(chunk) == 0:
135 |                 break
136 | 
137 |             hash.update(chunk)
138 | 
139 |     return hash.hexdigest()
140 | 
141 | def vol_analysis_plugin(filename, archive_path, plugin):
142 |     print("[+]{0} : running analysis {1}".format(datetime.datetime.now(), plugin))
143 |     subprocess.call("vol -r json -f " + filename + " --plugin-dirs /tmp/impfuzzy/impfuzzy_for_Volatility3 " + plugin + " > " + archive_path + "/" + plugin + ".json", shell=True)
144 | 
145 | def vol_analysis_yara(filename, archive_path):
146 |     print("[+]{0} : running analysis yarascan.YaraScan".format(datetime.datetime.now()))
147 |     subprocess.call("vol -r json -f " + filename + " yarascan.YaraScan --yara-file " + YARA_FILE + " > " + archive_path + "/yarascan.YaraScan.json", shell=True)
148 | 
149 | def vol_analysis_ps(filename, archive_path):
150 |     for plugin in DUMP_PLUGINS:
151 |         print("[+]{0} : running analysis {1}".format(datetime.datetime.now(), plugin))
152 |         subprocess.call("vol -c config.json -r json " + plugin + " --dump > " + archive_path + "/" + plugin + ".json", shell=True)
153 |     subprocess.call("mv *.dmp " + archive_path, shell=True)
154 | 
155 | def vol_analysis_timeline(filename, archive_path):
156 |     print("[+]{0} : running analysis timeliner.Timeliner".format(datetime.datetime.now()))
157 |     subprocess.call("vol -r json -f " + filename + " timeliner.Timeliner > " + archive_path + "/timeliner.Timeliner.json", shell=True)
158 | 
159 | def vol_analysis_printkey(filename, archive_path):
160 |     print("[+]{0} : running analysis windows.registry.printkey.PrintKey".format(datetime.datetime.now()))
161 |     with open(os.path.join(archive_path, "windows.registry.hivelist.HiveList.json"), "r") as f:
162 |         json_load = json.load(f)
163 |     for data in json_load:
164 |         offset = "0x{:x}".format(data["Offset"])
165 |         print("[+]{0} : running analysis windows.registry.printkey.PrintKey {1}".format(datetime.datetime.now(), offset))
166 |         subprocess.call("vol -c config.json -r json windows.registry.printkey.PrintKey --offset=" + offset + " --recurse > " + archive_path + "/windows.registry.printkey.PrintKey." + offset + ".json", shell=True)
167 | 
168 | def vol_analysis(filename, archive_path):
169 |     subprocess.call("vol --write-config -r json -f " + filename + " windows.info.Info > " + archive_path + "/windows.info.Info.json", shell=True)
170 | 
171 |     for plugin in PLUGINS:
172 |         print("[+]{0} : running analysis {1}".format(datetime.datetime.now(), plugin))
173 |         subprocess.call("vol -c config.json -r json " + plugin + " > " + archive_path + "/" + plugin + ".json", shell=True)
174 | 
175 | def vol_analysis_dumpfile(filename, archive_path, pid):
176 |     print("[+]{0} : running analysis windows.dumpfiles.DumpFiles".format(datetime.datetime.now()))
177 |     subprocess.call("vol -r json -f " + filename + " windows.dumpfiles.DumpFiles --pid " + pid, shell=True)
178 |     subprocess.call("zip -e --password=infected " + archive_path + "/" + pid + ".zip file*", shell=True)
179 | 
180 | def main():
181 |     download_from_s3(args.file)
182 | 
183 |     print("[+]{0} : Start analysis".format(datetime.datetime.now()))
184 | 
185 |     memfile = os.path.join(FPATH, args.file)
186 |     if os.path.isfile(memfile):
187 |         print("[+]{0} : Lode file {1}".format(datetime.datetime.now(), memfile))
188 |     else:
189 |         sys.exit("[!]{0} : Can't load file {1}".format(datetime.datetime.now(), memfile))
190 | 
191 |     id = get_hash(memfile)
192 |     archive_path = os.path.join(MAIN_DIR, id)
193 | 
194 |     if os.path.exists(MAIN_DIR) is False:
195 |         os.mkdir(MAIN_DIR)
196 | 
197 |     if os.path.exists(archive_path) is False:
198 |         os.mkdir(archive_path)
199 |         print("[+]{0} : Created directory {1}".format(datetime.datetime.now(), archive_path))
200 | 
201 |     if args.plugin in "all":
202 |         yara_download()
203 |         vol_analysis(memfile, archive_path)
204 |         vol_analysis_ps(memfile, archive_path)
205 |         vol_analysis_timeline(memfile, archive_path)
206 |         vol_analysis_yara(memfile, archive_path)
207 |         vol_analysis_printkey(memfile, archive_path)
208 |     if args.plugin in "dumpfiles":
209 |         vol_analysis_dumpfile(memfile, archive_path, args.pid)
210 |     if args.plugin in "impfuzzy":
211 |         vol_analysis_plugin(memfile, archive_path, "pehash.ImpFuzzy")
212 |     if args.plugin in "imphash":
213 |         vol_analysis_plugin(memfile, archive_path, "pehash.ImpHash")
214 | 
215 |     print("[+]{0} : Finished analysis".format(datetime.datetime.now()))
216 | 
217 |     # create result page
218 |     with open(os.path.join(archive_path, "index.html"), "w", encoding="utf-8") as f:
219 |         f.write(HTML_DATA.format(**{"hash": args.file}))
220 | 
221 |     with open(os.path.join(archive_path, "script.js"), "w", encoding="utf-8") as f:
222 |         f.write(JS_DATA.format(**{"api_gateway_url": api_gateway_url}))
223 | 
224 |     with open(os.path.join(archive_path, "tree-boxes.css"), "w", encoding="utf-8") as f:
225 |         f.write(CSS_DATA)
226 | 
227 |     time.sleep(1)
228 |     subprocess.call('aws s3 cp /tmp/' + repo_name + '/main s3://' + result_backet_name + '/ --exclude "*" --include "*.html" --include "*.json" --include "*.js" --include "*.zip" --include "*.css" --include "*.dmp" --recursive ', shell=True)
229 |     print("[+]{0} : Uploaded result".format(datetime.datetime.now()))
230 | 
231 | if __name__ == "__main__":
232 |     main()
233 | 


--------------------------------------------------------------------------------
/terraform/analysis_script/template.css:
--------------------------------------------------------------------------------
  1 | #tree-container {
  2 | 	width: 100%;
  3 | }
  4 | 
  5 | .svgContainer {
  6 | 	display: block;
  7 |     margin: auto;
  8 | }
  9 | 
 10 | .node {
 11 | 	cursor: pointer;
 12 | }
 13 | 
 14 | .node-rect {
 15 | }
 16 | 
 17 | .node-rect-closed {
 18 | 	stroke-width: 2px;
 19 | 	stroke: rgb(0,0,0);
 20 | }
 21 | 
 22 | .link {
 23 | 	fill: none;
 24 | 	stroke: lightsteelblue;
 25 | 	stroke-width: 2px;
 26 | }
 27 | 
 28 | .linkselected {
 29 | 	fill: none;
 30 | 	stroke: tomato;
 31 | 	stroke-width: 2px;
 32 | }
 33 | 
 34 | .arrow {
 35 | 	fill: lightsteelblue;
 36 | 	stroke-width: 1px;
 37 | }
 38 | 
 39 | .arrowselected {
 40 | 	fill: tomato;
 41 | 	stroke-width: 2px;
 42 | }
 43 | 
 44 | .link text {
 45 | 	font: 7px sans-serif;
 46 | 	fill: #CC0000;
 47 | }
 48 | 
 49 | .wordwrap {
 50 | 	white-space: pre-wrap; /* CSS3 */
 51 | 	white-space: -moz-pre-wrap; /* Firefox */
 52 | 	white-space: -pre-wrap; /* Opera <7 */
 53 | 	white-space: -o-pre-wrap; /* Opera 7 */
 54 | 	word-wrap: break-word; /* IE */
 55 | }
 56 | 
 57 | .node-text {
 58 | 	font: 7px sans-serif;
 59 | 	color: white;
 60 | }
 61 | 
 62 | .tooltip-text-container {
 63 |     height: 100%;
 64 | 	width: 100%;
 65 | }
 66 | 
 67 | .tooltip-text {
 68 | 	visibility: hidden;
 69 | 	font: 7px sans-serif;
 70 | 	color: white;
 71 | 	display: block;
 72 |  	padding: 5px;
 73 | }
 74 | 
 75 | .tooltip-box {
 76 | 	background: rgba(0, 0, 0, 0.7);
 77 | 	visibility: hidden;
 78 | 	position: absolute;
 79 | 	border-style: solid;
 80 |     border-width: 1px;
 81 |     border-color: black;
 82 |     border-top-right-radius: 0.5em;
 83 | }
 84 | 
 85 | p {
 86 | 	display: inline;
 87 | }
 88 | 
 89 | .textcolored {
 90 | 	color: orange;
 91 | }
 92 | 
 93 | a.exchangeName {
 94 | 	color: orange;
 95 | }
 96 | 
 97 | .b-example-divider {
 98 |   flex-shrink: 0;
 99 |   width: 1.5rem;
100 |   height: 100vh;
101 |   background-color: rgba(0, 0, 0, .1);
102 |   border: solid rgba(0, 0, 0, .15);
103 |   border-width: 1px 0;
104 |   box-shadow: inset 0 .5em 1.5em rgba(0, 0, 0, .1), inset 0 .125em .5em rgba(0, 0, 0, .15);
105 | }
106 | 
107 | .bi {
108 |   vertical-align: -.125em;
109 |   pointer-events: none;
110 |   fill: currentColor;
111 | }
112 | 
113 | .dropdown-toggle { outline: 0; }
114 | 
115 | .nav-flush .nav-link {
116 |   border-radius: 0;
117 | }
118 | 
119 | .btn-toggle {
120 |   display: inline-flex;
121 |   align-items: center;
122 |   padding: .25rem .5rem;
123 |   font-weight: 600;
124 |   color: rgba(0, 0, 0, .65);
125 |   background-color: transparent;
126 |   border: 0;
127 | }
128 | .btn-toggle:hover,
129 | .btn-toggle:focus {
130 |   color: rgba(0, 0, 0, .85);
131 |   background-color: #d2f4ea;
132 | }
133 | 
134 | .btn-toggle::before {
135 |   width: 1.25em;
136 |   line-height: 0;
137 |   content: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='rgba%280,280,280,.5%29' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='M5 14l6-6-6-6'/%3e%3c/svg%3e");
138 |   transition: transform .35s ease;
139 |   transform-origin: .5em 50%;
140 | }
141 | 
142 | .btn-toggle[aria-expanded="true"] {
143 |   color: rgba(0, 0, 0, .85);
144 | }
145 | .btn-toggle[aria-expanded="true"]::before {
146 |   transform: rotate(90deg);
147 | }
148 | 
149 | .btn-toggle-nav a {
150 |   display: inline-flex;
151 |   padding: .1875rem .5rem;
152 |   margin-top: .125rem;
153 |   margin-left: 1.25rem;
154 |   text-decoration: none;
155 | }
156 | .btn-toggle-nav a:hover,
157 | .btn-toggle-nav a:focus {
158 |   background-color: #d2f4ea;
159 | }
160 | 
161 | .scrollarea {
162 |   overflow-y: auto;
163 | }
164 | 
165 | .fw-semibold { font-weight: 600; }
166 | .lh-tight { line-height: 1.25; }
167 | 


--------------------------------------------------------------------------------
/terraform/analysis_script/template.html:
--------------------------------------------------------------------------------
  1 | <html>
  2 | 
  3 | <head>
  4 |   <meta charset="utf-8">
  5 |   <title>Analysis Results</title>
  6 |   <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/css/bootstrap.min.css" integrity="sha384-+0n0xVW2eSR5OomGNYDnhzAbDsOXxcvSN1TPprVMTNDbiYZCxYbOOl7+AMvyTG2x" crossorigin="anonymous">
  7 |   <link rel="stylesheet" href="https://cdn.datatables.net/1.12.0/css/jquery.dataTables.min.css" integrity="sha384-1acln9x8L/qLiaGGA71iWpzCKwZpGAPXErmVAFNPf2k/3GYOsLOZfQ3+0uxxFtM5" crossorigin="anonymous">
  8 |   <link rel="stylesheet" href="https://cdn.datatables.net/1.12.0/css/dataTables.bootstrap5.min.css" integrity="sha384-4q9R5gWW06F9fxnm6FJFKqPzUNmBSxIs3OCi1HJtyNi0MH3amxQbjzNyVtSWqLW8" crossorigin="anonymous">
  9 |   <link rel="stylesheet" type="text/css" href="tree-boxes.css">
 10 |   <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
 11 |   <script src="https://cdn.datatables.net/1.12.0/js/jquery.dataTables.min.js" integrity="sha384-s7LDjBS3uY32p0EUh+XP2VdltF/CGVgjP2vuDnw7Vh4iWtLDegDuhTjzK46NYnSU" crossorigin="anonymous"></script>
 12 |   <script src="https://cdn.datatables.net/1.12.0/js/dataTables.bootstrap5.min.js" integrity="sha384-jIAE3P7Re8BgMkT0XOtfQ6lzZgbDw/02WeRMJvXK3WMHBNynEx5xofqia1OHuGh0" crossorigin="anonymous"></script>
 13 |   <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.min.js" integrity="sha384-Atwg2Pkwv9vp0ygtn1JAojH0nYbwNJLPhwyoVbhoPwBhjQPR5VtM2+xf0Uwh9KtT" crossorigin="anonymous"></script>
 14 |   <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.3/moment.min.js" integrity="sha384-VkYBpizY3H/V5eDF5oW+byIGs0i23IayoHzsEYFCrqG6RzlO3+GPSsQb4uG5cRDp" crossorigin="anonymous"></script>
 15 |   <script src="https://cdn.datatables.net/plug-ins/1.12.0/sorting/datetime-moment.js" integrity="sha384-ulPa01ok97KJoRWI1yIDnhYafUx4tNroVNeizOBN+x2qdzhX8crKwEI+9Ez3YAFz" crossorigin="anonymous"></script>
 16 |   <script src="https://d3js.org/d3.v3.min.js" type="text/javascript"></script>
 17 |   <script src="script.js" type="text/javascript"></script>
 18 | 
 19 | </head>
 20 | 
 21 | <body>
 22 |   <nav class="navbar navbar-light bg-light shadow">
 23 |     <div class="container-fluid">
 24 |       <span class="navbar-brand mb-0">
 25 |         <img
 26 |           src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAArQAAABLCAIAAAAOB4NoAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAEaYSURBVHhe7X0HmBRV1nZLHCQHWcO3uruuq66u++muYVfXNa2CxMmZIEGCJAHJgihZzCCiqKAoqwSRIEEwEAQEkZwzyFRV5xwG+n9PVU9Pd3V31e3uGobvt3jeZ56m6t5zzw11znuzwevz69ChQ4cOHTp0hKGTAx06dOjQoUNHFHRyoEOHDh06dOiIgk4OdOjQoUOHDh1R0MmBDh06dOjQoSMKOjnQoUOHDh06dERBJwc6dOjQoUOHjijo5ECHDh06dOjQEQWdHOjQoUOHDh06oqCTAx06EsLnr4Ts1f8J/F/XX4cM/nJ/eTAKgQt65f664Av4Axej28BFeigLlj6qihxA4yAbLgblcZODXy4wLgLlMRHVEIgRIoMvJkpSQMZlAhOh/II8bnIIyAUmAv7J46YG5hSB1BqAau0AyZYbPjCxUgIVwH+9waBPBH6En9Or8ovy6Cy4EK1hIlxISfgl0F9DiDmNVCllVBQaGnDyn3mFAZHJrCKQL5croAjkKLJO7Tbfib2eUwdCOLnfw59FzYYDUCEkxRX8oU81JF8RrB4IOjPIlMcSXYYsTCLI46aIS1r1kUiujhC4wm5QdDw5fchzMqINnD3qRbsKC0eD0YQrVAk5gH4HlztWznasnqOCr2Y5tmzzSBlOBVS73q9nOVbFSI7EilmO8y7/xWSsYSAYOLXRueIduagwlr3tdKfBD2Cvv3/Pseo9udhYrJjpOCHAuMslsAIfv9u78i252Fgsn+EwEj2IkZAsQGwtnpUz5fLjYtU7js1b0QBihCjiQjBwfrsL1SqTFgkosP+Il5EfiN9eIFju3fK5c/FL1ucfMJY0Fwoa8TIUNRd632GcMcy66n3ngaNQuxyxEFcmLRHw0f403/GVWqWvfNuxe783KX5wafTXEEh33VznjN7WSTnmKXmpABHf6W+dO9L2yTjb2g+da9537tvksZnxpYRMJBNRIAMSQMt/rYtlcq48CW0xMcv80WibifOhnydXIx4kTuBy+rYuc7070PrsPaa8+nx+Qz73Sj63fgWu5PMa8PkN+G43COPbmhe/bN+3mb4mRGSpVhSRL+D7ZJx9YqZcWznyLQun2CFT1ev4L/jtVt8nL9gRRS5ExOQc8xvdLOvmOaFkOBZ0PvKTZ/YA26RsefhIUNzulpWzEbcyxRQhVv2q2Q4IhFhZQlUEtDG0tKVvOKA/Cz+oIEz+3d+7P33RNvxf5tKWVN2VDUAEGgaaQddreQRY8JJ9xxqXyM8oIrIpk8kO7cmBP+i3b7Q/YeCy6jCgNtfWwL2/wJ1aZcNJbH/F/LhaWpk1uI7XG53BQICRT1G7cXcylHWoLRcVxhOGsrW7qE3L4zIA1bZxlLEVYxHV4toY+J/LkiM3YSCtdUOMLNXRxlD26usafHUXg4ENzxsfY24ArQ3chqNJsB/fRf/F084OBi4zce0AbQ1lI4aoZwdNCGF2LXFM+pcAU5tdl8uuxxc04Ytb8CVXxaAFX9SUz7uSh3x8k/lXCTNH2fYeJHarmpAP3/kex2OGskgl4yLTwLW5zQyZMglxccn01xBIC8wA9Q5tUYkpoyO+65qEDlfQX2QfvrPTb4Sxrczr5jrcHmr8yj4SAWYPssEEUbHHyNcWUhIlLQTVmpVoAUz8hExLToZYSrXoS0F05LS9gWuHFmIgy4nfAPKOAHiLHzmo/Ub8y8WWn9fBqKq4BwToep0gxVUGlEfSz/7dpKo8Ajx9oxGaSArHRU4G/6SB+/It8pGIAhd4+pC3laGMpT0gDOIumxGKmzKg58iHzCg9luxrCbG5DrlXpSQlWnBsl2dGLytaNUosVKS1uA41KtsAEGoDNUKNBMGyM3g0g4lZlo2LXBCCgkptIEF7cgBt5rXmcxrRV8qC0uZ8q0ZG2LgUeuHwQ5smmjMzVNIC2yrI4J7JtynXRyXQ2/a5cg1cSYyoMLJrcCt/SLFDHwx6+9XlCluwFVFLobA+15OUl8thAbK8sq8xu756WiiiCRM1IAdw3hfOubJRei3lScRFcRM+V/SFjA0AIWffTw2sNEZUGKUt+Na1hfNBf3nir8InDsTt/8ze62oeH1V+Y3KfaCoyUXGBYKXwtc353Hp8dgbX7S7Tt6ItvpB4oALkwPODo20NTiYqDprxrX+vTg4usf4aAglNzLTAl/e9zTglz4Jua2pAL3PEv03wWEDnawT4DJhdMpHgWLU5dKdGP2ra9S3lC6ZWpoMEvOp2vRHGd/i/TJNzUtdEHVnmCZnmgsbkFI3naRBYpokEqcO353t3n1uMcCQSLYDpRwZnPWNd9a5j70b36YMe/pwXOXI7fSf3e47v8mxc6Fo41T6t0NL7T0bIp+yLJdDrT8Y178OJxmdIgYv+0we88C4gE9OKlPKOch77hKmwCQ//TUPWidkG9HdYfaB9yCnyi1zLRAGocdQ7av/FdqFGDpvz/lBbdh2ux++FqflKmkzOtaAoEHfUI+o0RQH+C35jmbe1oQx6jm9rnhRPzyrC5DwLChxF9Mtxb/wxJHFI48R+z6hHzKhEqTZBBPv9xfhGd+vSNxxgjWcOe86foDYAnNjrOXvEs22Fa/F0+2tdLAgW+goQtzZX1IxfONUh0s2YhNSgNTmgGSxPiYErZnMMhJZ8loFbszMVRwtysHmyOjkAYA3RIftwCdsQBXIRcOWrkYOvtqaiM42sfGtvc4WSb5MBdrzNFYIQhKeTS1MF2tlX/VjJwcTJWozXiYlueM7Yri6To0IDAJOYv4KmTmVyYoGK8Wy1wwKWKjawHAM3a55SXYOMXrC6J94jgGgXNmP1qXGB2ilqTLy+73/Mpy0JmwTIgXcryAFDQs34J/+oQg4uvf4aAlkb8aAJlmtmLyt+I8V0AMMHwEq6nD5QgaWvOSZ0JOYBE4kuFKzk6EfNZ47QkguZGgAedv0fAV2xLV8Sh5BJ1hQBf8CP3h60OrydzLpMEwDByi/6xz1pRl1Af7jtofcZV85y+Hw+aSwBAeDmEZcWIcIWVCxODKeCYCbet2iqffA9JkSHEGQfPOPozzQ4JEsOEaEJ9EFIcYKpUk4MAqARKCXob7cgZpScSEjkAMEAcTVD3CINoN5R+yMfDJODwOtdrSBDYx7DExVNlrzigCYj/63OnhUQzruinlWEchR4omYgLR1491kb8gjiDl7Y6ybh0/F2u7WyDUitXVqECOA3IL6lAPjhdPpWvu0Y14rGRegTqM2hG7BlGbXwpGYZNCYH5cHAsXnWdrWT8HxAYQN+YE878iaTpgp2cgDACLY18Ic9/qBq96gqyQEax8JiIUcc/2QGn1OT+5iR2UQDDeLSkwOR/HoHNWQdHSltzrf/jTEQLFdd8QD1ptzC5TVVElvShM+93YKMJxqKwCvTdntpHQ61kI5bjQTkoBm3ry0s3xDHEAMakoNq0V9DQP6oh8ywWW92I3Ige5sc0GBEwDHBM8F3ooUA+L35C9fgu03ocsFHwkp+SRO98rTw5KnfCrDUGz53adPyEwBdVYeNvCbSOrIzjldA6if3eYqa0oAwtB18r+ngVvrepbww2nSkU7EwzX9gi3v0I2akmIdqNXDLaAw/KvvQ4chP5CBBtZVrAaV6VAwJaciFCjkQsxkKGc/SIi3UO2ofbUBKN/ZJIiBfn092QBPVkMqgvO+IyNElGTCTALWlIS4UvqwZoJzh8nvdZJSmV7pdL3z7KRlkRCE6yNwGUAtSLOEX34xeVqRFXLkGN61QtIrMUwwakwOkPftfXF6T5AxWaQu+TT3BBXIdI1AZSZEDoLgRX3wnWlW5ygh21ZED8pqeHjW4oquSKyJo3qlNKpYUUaqBHIg0UVhPs7lsNJHPrcm9NlPFQENm2XJrGwM8oix6BFqCAnLbziasGvS5TRvsWQausHlyFJYFYOgwxJ+ujEPjtCIH1aW/hkDWNCMHCQALiCxA+Nblrs5XC/C4HWtws/vLk8N/JXLwfVWTg0ivaZX7VyR9bI+3Yw1aMwEjvnoOPkPqAjJygjjwS13JwMFtnk4thZwMGkd5p19U9tnJQThkyJWyk4N4IZHWZUEO2HKkOaB2XHIAZmDifF2uFfLq06DR+0NpEhz5ZeQEcQGqASFlZ7zDHzCjXWXV4QbfQ9MxjDI1JQcgLB5xqp59TiEEPvsKbvE6poHlSCRLDuA54ITGj6NvTyYqClVGDgLBwLnFtrY1kzbr6Ni1M/DHgwGFSfS4QE6rhRwASPrdh/lsttUnRBDrCILColHiVb4R13AFzZQEFtTlRj0bp48oAfV64ZQzx8AVMS74SB6UEQO387xPtoBUE3JQjfprCGStqslBCNRmKLnh/zZl1iKLLNnccAD8rgZyEO2NyCuch6MiZlDcjD9zWJwBScMlRAKZgvwX2piRfSS9fGblp6GTA5YcaQ6oHUsORC5LM1x5Dahv89NamgJg7+IrA6lA2ofDbB0MtAphagGNH8jCxIWW5AB9mj1vmTswzjRHo6gh/3Rh0jMLSZMD0cu2N/Dr9yv69SojB6iVua35XObVmpHIrc29NzfpLh1SrC5yQCvm7FSMxVfJ04qL/Lrc2NEwXnI5EtC6Ds42K/MqOLa2DYxWMIy4tlWkF8OvU5mVSB+F9bhObeWNWQNyUK36awhk7RKRAxEw/Uhlco4luy4t7Dq22wN/Kb3C8+olB5JXQJmDGeReydvM+G9lLE3gFycaXmxvhuNpbeDMvE9aDqmTA5YcaQ6oHUsO8HDMY2ZpRmnXd8QMwuE1AWoGMuePs4McIMubF7toXCommAxakgPU3NSb+XzFjl0i0IKAmjyf5Jq7FMgBUNKM79DS6FDopFYROSBD4C5KarVmBEqa8IX3s5K+MBC+usgBgNS3v2hqW5upgqRFIcdgzWK/VWrc3mdUFjHQmtNPVnsSZQGtZcckc9taTMM2IJHoxhU0pF3FITTkC5sqzmiIKGrMP1mTX7lWrkb65KB69dcQyFpS5AC2G7YsFjRHyzZbDAlIqPsN5IORx3Ci+FG95AAKzBlMJrv9FdyJveplHrhIGUewSKAclHuZYrDy7Lq0hXXBSyHap5MDlhxpDqgtIwfI1JYvXVKhffVOwlHPMNDmY9sAnijnQpxiKO97mxEU5KX2TKWnHTkAPy1zdVRbRq4AWnO3ODmTlBo5AArqcX2y8ZEkKKCqIQflwcDRuZZkV2tWgsY8uH2eQBzfmRjIYzWSA6mzO+pqjpEyFtbnnimNUy94sm28qX0dpaIrbsh3eSyxsyFNPD1qMq32KGzE40PtfqtxYpH59aesr3W14O/0IvPwvwvgH1n1+OJ4QuCPc2txnW83HTbGaRjpkoPq1l9DIGvs5ABWz2qig4A2LnJtWlyJjYucP33tFs7RIDwMnyxWLOBBzx7xoljwEW1bGeo5IW5S5EDyzSkAwgPltFsBCC/4R5/eafO1Ec97+HCYykZr6I8AZ496f1jq+mySfdHL9nmjbAun2Nd+6Px5vdsjHuqQyBmXnfH2u8NY1JR/wlCGQpMGTn7l5CC8W0EqWEVQvcskxIXogFWlXYghB4GiZnSQ0aiHVTIlrTYVfvH9uNK19HXHomliG5hqXz7DsX21C58J3sZVlbJwwf9iO3NhY7IMC8YzjQtqRg7gp3940dSxHoPtS4DiRnyXtskNM6ZMDmAHYSU/+iLBKH3VkANkbca9Sa/WjEReXe5NtVV7MiDR6iQHaNDBgG2bHRaZhTWiXtob+K2nowtWHHF5qiYX16VJKL2KdpAfcgQuJuhK0j6ajyws3e682tyANpYTv3h9FYt+K0CnGrscnuWjLcV15fVY0py+uhefI2YTtwzTJAfVrr+GQBKM5ACW7vwpL0ICHWqIpx5VAOY1O4MvbMJPyLSYOKblSkjr2btN8MQTsyrdEjs5QODTh7ybl7g2f5E0tq1wwZSj09bKUAaWIHX0keK8UXb05uEYIBy+NTK5SODt0Z88A+80Ir/QVso+lYN4ok5OBl/cnJ/ZyyqGrIwF34yIX891Skmgfj8eXUlBfs3kAO3q9AFiivkN+beetrzd1zqzd3zg7YcjbGeORC0ejAvI5M56PxxuQxSZkEjMGWJFXcAeHtzqgUwQx63LXR3EI6240z6FVJB3i9E3oaMFbYAW0ES2AXGxYXEzfnw7c9np6F274oTC3k3urtfSulRk+YU2VHQKjS0MzcgBOogvXMcVNGewfQkAx9DOwJ9IZs1dyuQAKG3Bt6slHHH7g7FUqyrIAT5UtysPMlMdWQFKmvJZtyb3VSBw9ZIDADp83FbIasBUTbQv48Go2RP8XtVL6HilUvS8WtyEiUr2HUI+aiuons1V1JDvm00eCx9t7FAtvihpBtdb5hp5I59ZUaqFDfiOTYS1X3vwyp+g9aZJDqpdfw2BVBjJAd7O7meDOwf5g57gl2F0vlqAhc2i4/bIO5465EWWZdFlQPNYM4c8JQwxJKM08JeRHED4psUuySgj3RSAuNCz9y3GcJaDwXI8yc7g5o5UGjaAYt9+6kS60p7M0quEZ/9uev5x89gnzM/cZgRg8bPFo3KKmglbliEjJAoKA1PyLHAeICXwKD+vFyezK7zCr5kciC7Tj8LMrU9TLaiaRMBbIK++ShEBCACqIYWXCZEhrwH1ZEAmpBUnqEe0gefuVzrWCVVw9pgX9YjWjpYAetH/DiMiAv3/auz3FxNKD5KpOdXlv3hFnJvwSyMZgY+ft1Oi9UEp+OV0siTrUkdtyAEM38UDDnxyLL1DBdCau4+SWHOXDjkA4IeK7qJGJt/ZWAXkAKrunJ7ias1KtOQ7GPgdvD9R/zgWyF21kwMiRj53Z+r6yxONA3FQZ9kPob6guKrRSXWRuGmVNOMzrzcF4NiU+l7eYY3Vz13IuoLbeByB5dFlQFoQOO1Ovn1tOsKr10Pm816VWGmTg2rWX0Mga+zk4PWuVri315+yXgj6HXZfJJwO39LXHHB7BY3oeADor2z1Ahf8FiHkukxlobtqGMkBQg69zwSz3u16YQDM8e1Jo8+tZM2tZp+0q17qaMJmQpnzpxIclodmQ1fwBaBhQWO6QGH3t263myRAW0lhBPjluPejMfZ88ch9SFv1HhxA+Yk9nm6/FcCr4AKff8Jkt8uN1a+aHIjTNCcPeCdlW0Y+bBr9aHyM+Y952AOmoqbky5129YwjGAIjCiLKRIUx6mHT+Dbmg9s8EpdFLtob6ITTr+cq2V4EQxNC80NT/26By+WCy6LSAPADbQDteeU7js7XCGAPHWtwr3bBl1UOlYY/YMLnA/k9fi+cTnIjjDbkAEmuHWTMUvRALLyhpAmf/48k1tylSQ5oZ2MNbhKdGRydYhWQA4ScepPiak2xPyR/GIP8DG7ChCRcOLJW/eRArKm9b1ja1GBab1HSlM/+o7gfV9R/QUchS+HMKCJM3OqdigPL9CG5OzMsBc2pxS1ZzzRGLZ5e7J2dZXpzEpFx1XuS0iIHl4H+GgLJsZMDhEFX6a3uFBImOAqidz+2ywNRsIDL31JpvTCjsMh0Pl0NGtSVJpvZyQFColP42UQUV9QrRnhE+hUmAfi99gOn1JWE8HAwGeCYD23zSGMPHjfFQsaRETLxolcAEAYSTJyv721G9B3Bk6YVWuBI0FlEThe9TPUbSz5+5eQAkMoNzUAaZYkFkju51wtfS9mJOZ0iEpRx8WhIBEYURJSJCkNqdfiLWKiUc8coFiqXP5fwRi6IR/hWhjIU0U7xmHMkh3qPbAMS08UXAeaB8gEbeLnIAq6QeyXtjXyrJ3FrpC6TrAytyIF3sOJK8tLmfFY99ZXS4po7fj/zmrt0yYE4l4GKWS9WZ6VkrcmB76I/eMaBhBKWQEtaJZ5HB97FvIpGaTO+/W9DjlOWSlwg5OVADkT35ht/I9s2vJZ8zhXcHLqOKxA84eyoOGxQWJ/rm6eymIsq1KtyWYaEkmZ83h9Mp22hD5issExUJGhUkKASTERa5OAy0F9DQLdkyYFCSDwf+7gZXeRxrdUdBgLAdMIfS2wA/02OHNTmPp9CvlayyMkiWqD/s0kOaNL3z5UTDbGA0efO+FqLjmH7avoiYOLjeilUN94OudcE/wSKAFWh8NGdNFVEXiQmvE4OQkDhJACKNNmjIREYURBRJioKFbEQbN8mD+oLhFUt4wH4+Nx6/NzhZOtQDnGZhEQRZg+wQRO6fimD9sduEq9fUlA+ETQgB/6g37NNnFOIMVUSwAwybzCZf3J0YOg45tXlXntD5UMNI31yAKCf2uGa6DsbtSYHpOcLSqs1ixryz/awb51izlKcWSeIo+7fM19jiGZxWZADaicB9x67sqcPA22mXTMYzfL3HhRyGidUng42qCOcuajGJlGhF12FDM4VKG7C5zXhXxtt37vdA48ufYrqjlYN6ZKD6tZfQ0AlbcnBJ+PtHWtyQ+5hIgewVGmRg8kpjhzIAIGz+luhiXihgEoh9L+DdqDl1ucndDRvW+my0HaSULVGGv2Qb+hve+Z24+tdrdLsQ/itDDo5UEUKGUdgREFEWYC4QHa+W+BCxlWrAG/R+8eHkJPBjXrY9O2nzrJT6NCiDRBZRL2HQ4KD4uGKWY5+dxhfbGfmz1Cw8NukoAE5QNpLOxuzEy83K7iSGzOCvM6QRuqTprTmjvm+Wk3IAQC/2K8govepNTlAsDG/UVqtmW3glv7gC1rpJmLVwQOU5+jnWC0UMnWZkAMAyiwpNiovLQyjqBE/8H5jseJoSo6Be5vtYKhg0NPLwBUx8BKgpAWfV4/GunrcJDz3hHn15879uzwXxE8RaZWnNAKfFjm4DPTXEFBDW3IAu8niWtBpQwBpWuHAlpSmFbQkB/5PJU6jdnsvTL/L7R/wVxN8T1YdmkDpcq0w+B7jx2Pseza64ZMQnaoV/E8cn8B/iYqrbXzXyYEqqpocwK/vWO1GhYpVUC57GwmpQse3tSAJtAGkUnoV3/fPxtkDbT+tcQm/RJPFitrHX0ZN4iJtckB6eHvXSbz9uiWPzuLmMwgW+PpZI0vPGOF/PM+05k4rciB1x+curHAzmpIDeIUL+5RWa1L3t6HgFq8jm3oLl6828E7hm6LvAEsgTysWKPbLhxzQysSgpztaixpHlFCseGhPCbrId5CNYJlhQTAq22RO6CoVzxEqbMRn1eKyG/JP32wcW2j5bpnr6EEaqgVknF0ZaZODatZfQyDpZMnBWz0oJLrCkQiI28phEPPq89l1uQ+GgN/LJUQChvLEPg8MK/iBRZCW9SVBDrpeR+Tgi1dpWkEN6uM0CLN8Bk0rdLq68lCmRJByuupdx4gHTQWNaCZUYgn4+9T1wvAHTZ9Pth/d6fF4K4mCTEIswp5PJweJkELGEZidHCDY0Z0kH94BFkI28SSDRPu2rXS/1MFc3FxAWmiNaD8da3GdrxYG3mX8ZJx9zwZ35KiSaiNURrrkIBAM8CtsCgvNSpvxHW4kauwHTz+kNPsQRn4GN4ltzZ1m5ED0uO3q8Mc8IinRlBwg76v6Ka3WLKzPDXmGuiPIzs5XWXY00Arz1T+xpn4ZkQOxyo68b6HLk2IUSArixldu83GmQgBQDmsGGjPZBi1iAZ4uHTiYWZOWTfS5wzilh2XLOvdp8RAe6KD6HaZPDqpXfw2BFNnJwRtP0W6FVztZ3W6f8by3EmXe86e8u9a7ev9JgL+Ev0f/KdGSLgnI5oq3HTCpeQ3oXAHxSRLkAB213Pr82Fbmj8faPhyeEHOGWNfMcaqaZgTY+bUbvAfNmAIrOgYA0qAhYBZ8mxa7Xu1sGXCnKRudSHGPO4ootx7f4/fCuFbmlW87zp+sqNbEYnVyoIqqJgeI5fHQgpKONbh9m0KHUymh4j4tMICda93vDbI9908T2mSYLKIMQWFBFkFhj+8O9QFAguVy2JAuOUDan3RQ2n4NT//y9NCHFwz6xjKchcC+5k5DcgDQzsa/UZtDnWlKDnzPNlCYT6FBi/UHRFHoythd2UhXbfS4sAE/iO2Sa2TnsiIHAJKYegeXm8ZhUAC0HdE/zlmKiUDjN4ed+HpVZ21U0JIcbVFTPr8+XfRX+Bt+8CPm79a60WKUiy5NclDt+msIZI2dHLzV3Zpdl7rX8OIwfJX4H9rdg1fSemz4Y9XGgAB9bzVmZ3BTckNbovCXmRz4Px1nhx/NqUdH0CgA5APVNCVPZdeV2BGkrROIIh5OIA8QH6GTKkhzSAA9Wv2+E2n1vc2IXEhjCfhR3Jwfep9x1bvEURA4Lk3RyYEqqpocAMjF0zcZUWsfRF8JpgwkJ7EE/AVR3rzU9VZP68C7SA4UIKIgnorxzO3GT16w2cxwLqlc45QeOaD27VHaYSXuBdhtC1wQyQv5csV1eSGIg/zfHaGmEJVcDLQlB3RxcA1uwktkZbQiB/6g377R3jZxR7m0Od/+WhMyIjEhJP3W3bSgTBZMBtj3NhlGO8PMAgRebuQAZRI46sxi4ECJQIXWWEh4wVICIGuv3ZkuKYlEaUu+pAWN2+NTfOpW01pxl1GiCzvSJAdA9eqvIZAKIzmAkT2x1ysd/gOrJwMeQsiQe01bV8C5qhhWuMkT+zww32AS+zaHemmIxUgOpHnc+WNtwx8wIcWh98UHenKD/hY6qJhUUmyfCDD4bhPYxnP/UFl2EBcw99J0A+J6vP5T+z1fvuF4qb0ZOUI2QZtQrT1vNH63gAxa7EITnRyo4tKQg3cGEP0tbKpySmZ8+GlmUCIK0IE74/1mvnNaoaX3zUZpOAHUs+Qqfu5I+GAKJo+uiLTIQXkwcPJTa7vER7rSrPA9lQyadvSdY15zN0x94Q8TOWjJ5zVgHcSWBqvFvQBuTchBMFi+pFRQWq1Zj3uRrpAOhRfvHrS0r6PqAOiS6yXfeBkUuOzIAQCtVvU0dkjtsO2WNKsyf4UnWVVpW80+J3hnyqQkEWh2XzzXdmRnqzvBmQHpk4Pq1V9DIGsw7izkAEAtmwXfjlUudK+3Lq/Eli9du751nztO28ZYWgISGvBXU159vueNqV68RPyAxlfgaGH94wJvj+/2ogcPCoIem4I7AWCsf1jqghFH4NOHxP1vMWEYAaIgpQ4NbVbfznXuiVl01IFEEYb+w2yndYtRURBeJwfKSCHjCJwUOQC948/60ADgxZe9RctZZAHYEUkW3R7f/i2et3paCxrTplY0SDT743vEfa0xERMhLXKAlGb/i89NvNMstzb37ryoxeT4Pfkm9XVV0po7v1rPWJ0cgBk0Nc4bau6oeGdPJEqa8VnXmcq97oIrlJZHMJEDsibennRZjjx6COIBPtuFiNWX5f5gOd3cqOoAihryPVX394t1dBmSA2nMSe2Wxfgobsh3fogYJ+NJD5FArG+GmuChGRtDUoCLzavNlf7NbAv6paGySKRPDoBq1F9DIBfs5ACA5YXjhCuVAQ9hDfFeFj4WSOWTcbQ1oI2B2/+DG3HDz5MgBxVAiokAlaQlZqruRAIU6HYD3eKPrh5+pzD2GwskigxCWtkp74SOFnidnHp8SXNBXIhQGUwnB6q4BOQAQEZQTbRV9UreZlG6XoEdaEgiaQ4Yy3zvDrJl1SbhaP8bF9MwkixwIqRBDuDGPOLYeyI31pJu4D0VfVcC3PmOl80d1CcCxDV3P6t4X3VycBXftgkN2U25nVPYLi9DURO++++E4hZKJpiFHASCgfNLbW1rJpRD+zZvl7dy/HfOI0qUS0IpXXItCGpD65B2OZIDcYzk1EILTbgk0w+mXF/BH7D4L6bWuxUHh997XFC+4DEdoBg7PWBGy5Sd5awJOahG/TUEspYUOUgHsNtIYsNCJ42y1uZe7RS1FAC/UyAHCmB3JxJgwQ/9SJMd0O0NcUcGqlgWJmVAGQjctNgFx5BXny9qKsBVhH1PWFWdHCRCChlH4GTJgf+C3+n0Z4mXYw2+B95Kyz1E4lhC4OA2T3eRg0K9H1exNvXUyQGM+543Le0TL60vbsR3bRfz8YNS2MWz3tRcQmEDfkAPlTV3TOSgoRGd8aDN1Qk9eOZ+aokiMwBYyAHyPu9JPjfxas28OnFuWSwPBs5+bm1bS11VuuR6kcroOnS4PMkBgLTevI9nJ21AXi3uJVoUIheVBGg7pXfmo0K7GnxJyySSZkduDW7MCPkIoTbkAKgm/TUEJF8aciB1oBdOscMmwkFKZxFG9s7x3+olBwB0+HA4XVuKWHPEVWkssdgBgcf3eHPrET9An4dKQOQfOjlQxaUhBwDyBZ/dlo415Ib+k/hBshKUAYFgCcXNhfyGNH7gdPpY+Efq5ADpvfoXXmFTfk4t7vOVcVwXKnUGy5q7FnzbeoIjSCeJyySEwUgOvOKOjjNLrKi8dBd7V0CdHDCs1uxwBX8ENFHW5qiv43mqhvpB+qBfnVurmFe8vWzJAfxl8KyT/abKkmZ89g0mOuAhvd6VdJfxF4PMWVdwBU2SG7pgQWlL2lm383zU8IZm5KCa9NcQyFpVkwMwAEg+sNU9/EHx4pk6XO+bBVhwmMjIYAhT7eRA/N4D00voOIeONeiKKcQiZbQbQoC0Q9tofCKzFjd3RGguMqyqTg4SIYWMI3AK5ABAdj4abSd+UJcbcp9JOq5Ak2kmCReCfovJl9eA5hdGPMi0ADZVcnDBHzQqH3rPdzTwp+lgH3LM0SjfPs2kfhqSuOZu8TqlnjE7OfCJpb+0i7F9XW3GY1XJQTkI+zxLu9oJdSttzne4GU08fhG98w8l4hWCOHFzUvGSa0i7bMkBAPXWD2I9MzGvDjdnPtN5iOoQN5Kd/sYx9DZa9gEXW5LoFK+UUNSA75UftSJEQ3JAuOT6awiIrVJyAFt9Megf19pM0+3iFbdTCyyw17EmG6lXPzmooDIvF4XOv+t+g/Hnb2jnCFRilKAKSHv7GWtOBtE+D3hHeaWqOjlIhBQyjsCpkQMAOVr6Oh0FlFuPL2jMr57jRP8eD7WaZUDpbVzkwueANsByrEKK5ABeeetLZuVNiUVN+YEPmMY8Zhr1SBTGPG4eeKtQrHbaAVDUkH868lTjGCRFDkR76ht1A6c6aMECVXIAtd/+p+IASUu+sKkwqpV5dHT5AGNbmXtey2Tuacmn4vnBUONyJgfiILmrmG3wAGW+Sm0qJymIJwr79i6xj/knZb9jbfomi5qhL55uCxE731ELbjQmByIupf4aAllLghyIyywQLALkTeXBIgBm8MOXLvi8wib8s383bfkSjj/+WD2eJ0UOxHkKZQROHwy5E7viPX4ySPxgwUs26bIcWPDn7jdtW+mCECnLtPQyjbqQ5GfVpv0LHz8Po6qTA3VcYnIAIFObl7jgOrNBaq+gLQZrP3DwFSeVQayCDiyAnAF/pd2zox5WL8AUyQEUHf9brkBt0wEyWdg4DliYAUC7+Q0Cn3jNXXLkAFUIY3fcWVCDK067m6VCDuDz3AxLK8APYgpHAmNHsKQJX6B4yTVeXdbkgDT0DWvIFSba0BGBLAP33WF/UNuxblphTh/euYPuDbNtL/zHNOBWIac2l1mHrk5Px9Hm1OQ+XVo57lUV5IBwqfTXEMgaKzkQh9znj7ONftQ8WuxmTC2wLJxmh5VU8JToEv283i3N4pvKyLnKAoSBV+zkAAE2f+H6bJJ90bSE+OJV+/tDbXkNeHhcj0flQFw5xMye3O8deKcpqw4NL8PZdLtBeLGdec37jrPHvJGnI6dAFBB3ziAbxJY0py315Pl2kOdDPxL/lQWORDgki4902nVykDo5AJBHq8k3MdOCmsquS0sIC5vy6FEvfd1xdKdH3JKaOlFAxE2LXZm1qNLdLqUcAamQA5i5C4cdKIgqWi8dCVio+UsSWqhkyQGAkt3/rqVdkovkY6FMDmCvd73GchBy2lC75Br5vfzJwXNs5CDTwP1wuryKJsIDYrcPuOjzHt/t3viedfzjpgG30zWhHWvx+ck72sL63LCBleVZVeSgAlWtv4aAkozkAKnDJrY2lOXVp+3aAOwavP6wB1QmTfEWDBs9pDcUk8ArRnKAt0um2VuLxy6hW68AKCnN7CprmAjSDrR9G90jHzaD3kE3OAkSW4d75nbjxEzzipmOUwe9LlcEUWBbnYCQiIjSg2MQp7Qrd13aFY9kIB/JRg4CF/zCLxXkIMHACdTWyYEypC0Gx3d7JmWZO18j0EYb8XRkoOeNdEL24ulEFKzi0YcoE7QZRrJIHWTpYtKa3MZFrouKeqZCDiB9/dDUj3lPCsWN+U5PJPy8UyAHAKTNbS0wznMngjI5wPPpf1a/QkkT5NflXn09oWlDZv9/IgebTweqiByEgc8M3zbKjXDBe3KX58dF9ilPmAbcQYsecuozD+o05kv+U9l0q5ochFFF+msIyGQmB4FXO9FMeb87jK8/ZX2l1DKtkHaEo19+ZAddqygLHwaa8ZLpdI0C7LWC6YR8ZnIQ6HmjEd669y1GUJOh/0iIIfeZhv7TdGKPJ2UPAW2lfRZnj3rXzXOO+Lep++8Ecg/SNQo1iCFBDRCFJa84Tu4NXS/J4h4QDJ4G0b/9lPJrM4UcObqqCifw4xXIhBTS5VDykcjy4e3kTeF+XE6fT5EcjHwoxPDCT3RyUAmIFKvVLPi++69zcq65158Eab4JrRosAfXY/QZh9KPmzybaD+3wSGRRQcMwEGzIvSa0gfcGqywqSo0c+IY1S+X4mlSguOYuNXIgznN7BjVXnxZRgBI5uOAPltFqTc2XkceF8iXXeK6Tg7io6GrLn0dBdLSSpYaeZ3a7P+5hAhtjmZYqbcpn/z3ieFAkpCk5uMT6awjIZCcHCAODOKsPDJm0dLf86ZuM2Rn8q52VdIOnxNvMWjy86afjE97Bgefs5KDr/9CtjF++4UiwiDgKqbkHyR9AE/xFFsQeJP22WXzHdnmWvuYY87i5xx8qiILoJICBdxoXTrGjllVXrkFUr5uMcAyfTaStqi47nc2n6s/gcuwWCgmHdOagUkjQlEPbPNCtNZ0eHf8OYqT7ZncrwrzSKVT79EQnBxUQ786gSxPwF2LDV2l4fb4Tez0r33FMyrH0uYV4KtKSRhRQL0//UXinn9XpoI9dJlAGiHoDpV2LG/eEShkmTQ7oDNcf7W0uyZyChLza3DsfxF9zlyI5IMMacO1ypHO8vwI5IK1YrpDQCtIl11z8S65R/To5kEP0HMLPzklPmj+cgSyzWZkKLn9mqS27pjrzK4WPF+8jlaJrSQ6qQ38NAZnJkoNwSLTPxS/bYRNh3fAEBikyfCTwdtYztuwMLl+8gzFuSDxnJwcICX8M51QV3whZ1mDg1AHP5FzL0H+Y5o2kNYPhwQA4CbHuKIzT4Tvyk+fLNx3j25l7/lHIyaAJF2QBXp+yqTh+gABjHjXDnbz3LPUagdbwZzW4w9uVhmGkxRAgB4i4fVXl+ZKxgIbLZzpQswWNE86q4Pm4VrSRRLqGW3qikwMJyKDd6oObH3yP6fWnLD7Ue4W5Q82G2wBY4KmDnq8/FO/c+rNROr0ABVjcnP/lhMo53Ig+d4QN4Yerzc0lTQ4gbulTSpcFaI6SJnz+vfF7CSmTAwACt04wtauR4uIDBXIAb8dy+aSGyK/HTRgf368jmzo5iITY4fatGmfJMXC5DWhn1+erklt2hyL94BFBdc8LXSzyz0oTphU5qC79NQRkpkwOYIVdbrrMEF3PH5YqOSoYUKs4GA47uP7j+L4fMi8HciCRtoVTHSA92XVpSABqTxXvdYzlNJFEwePzHf6JjtDPq0/bEJ5/XGWkB29HPUwl/1pnKk8gpx6P/66mOy3lgSOBkD1vNEKx+eOUrkLFK7grBBvfJmHLwfN+f6Fh7QUvhs64wxOdHEgDBpsWu4qbUY2gDFFE/W4X4OljB4QiiQL+nj7o+e8EOwhZXgO+87Xi1SFKpNm/6GUHPooB/0tsUvY2EkmSA6KQ3r51El8WUBWQ1ty546y5S4ccACim1+/hsxsy2OsYJCIH8AEXD9Be1Us2sgLQJde/IxoYlwPp5CAEsQPkOOoaewffrmboeEFxRwy/bhv8K6utCQbLV/c3qvLj4oZ8j5zKIz41IAfVqr+GgKopkwPp4bAHTNl1+XGtVX1JAF4K/i/ysqVI4GE1kwOxTvlffCMeNLUXD8Dp8Qfj7AFW2G5oNeNpyrXCYABeSQsOvp7rzK7DtaJ9B0rrExFyxIM0cvDxGKpZ6b+oiHAnPhHwdlZf2unQ9TpxSCBeEtIAONSGV1vxdkJLgujZGXTt9TfzQ2Hw5FdODqgc/P7XulgRHc21qBk/Z7ANpZSTwQ+5lwy77PCuSFDiYlWeO+ZFqcL17P9BeTlOYHZ/G0KO+rdKGSZHDgLBgGmV7cmqufdFAbTm7rU4rS1NcuBDaw64u1/JFSbfy09EDlDcawYasxicsaagS66/ORxfH3ZyMPVVFLI05Zk0lMeyFHBpyIFfnL79YYalsDaX1ziqAZc259vV4Zcuo2NnytVmbcWOu/e5luprbvIzuCmTK11OmuSg2vXXENAzPXLg/2Z+aDsWsqPgO2E0j+/1wlzCau/dEOfUF8hMlhx88SrN1qcKUiksEz1CPFw315l7JW2sgM9+pZPVT3NG5W/1pFlhqP2+eKAyaZ7I5RO9oIsrkQvk9OxRn4IjgajO1wgo+YXTiOIAn463I6E+t6h0IqH26YNeGrCpCcdPJRDlKSv800sdLMhLxxriPE68egGBsJlDyxeOV6zZROBkycHzjyGk+sqPeIiqAmUgZFWTA5QStDqwxd3lOnEpSU3uuX+ahPOw5OUgTxCIh88/bpZqGenIoochLk8pz6lLreibT5QaM5KbkkvXcU3K0ZQcQNaCLD5Hratd0pwvbsYGtlWNtObuL3FykiY5AMpBd76lg82TXXyQmBz4hjRSsbylLWPKITEY15YXXMmNGR6nT4NCYyQHxY35vm0s25Y7vvssaXzziWPnNo+f+ZOIxCUgB/hWy22e6f8S2hn4uGvxSlvwaAMv9rMJFWfOIApsdxj4r/Tcybun/l3IUh9tEm8O+6myhaRDDi4H/TUENEmHHEj2lOxmbW4lOaqoKDIg5MD/pVNfhj8Qx4DgCTs56Ha9kN+Af/4J80djbB8MSxpzhtoWTrEfpDEeEihNiIxva0bFQb3i5oKog+h0xeGECR0tUAy2vv8dpl+OS8fgUA2CKADigjUKhh/wJUPukVaoJVxdAaDcIPxJcUZmj0iVEHfHGhf+i8JUiCgBASZlW8iB1SB+gMCiPiGt+HO+sa2oTiFqxcyElYLnGz53IVjo5CUxRfxgJwf/nWBHvfe51Tj/BbushFWBKlg83X5yH+s0HL6aKiUH+DChCRRDGwCpQtmK41Kh1az48el4G2TmwMG15H9eT5NoeIgoUhsA8FtEwOn0Ty+h2aXWhrJzx7zKBLHL1UQQP5+iMi6YDDmgb9LTxcAVK9rx4iZ81xuFPjcLvf6kgt63CN2uZeMH4pq7bZx8zV365ABAYa3tb2pXO7nhkLjkAN7RuUllTgHMoKAx3+tWoTdDEfW5VejUnIkf0FUUTYx070CEPgByx0gOAPADfHip4TFD2eodqfiSqiYHqBTHHmdpRllOA6X1JaiX/Hp8ZiN+fLZl8Xv2Y0c9/FmvcN5rPO/lz3nP7XeufsU2NdNUWJdTvTATQG++bUsjqGe44aVMDi4T/TUEspYOOZCeT86xZGfwqvOmaJBbl7nai73qX07I78NFXHZyMOYxM8x3+MSFFCA6xbIfV1JaZad80kF46MONftTstEd9OxIBeqc/jR/AbeDvyIfM7w+1ffepa/f37l3furevdq9+z/HfifZh95sQILc+jwx+8ZqSuYdr2bLcDVFwzPgtcQWPjxZw4OF3/1UpAVEl/zO3G1EIqJEefxAmZppnD7K9XGwZ/YhZGvxASb6pOEOBV9MKiWEMjzjeHz/YycFXs53QH0xIVrbsaB0xaKGMKiUHKE/UQq+bjOB/KP++txlP7BEnByMoGv4LpoWCRfFC8rN3m2b1s6153wFuhzaAv1/Ndiyf4Xj+cTMsQ3ZdGo9RLn/QEavJhxpHyANbFFehJkUOYCnOLFC5LRAuql0zo5O4DNq6KvwXjzgYt/zl1+MmxlzHpwk5EHm6b+LtyV0PGJccoFa+6KKyWrO4Ed+jDS1Fji6KRPDvesXCcMM1QF29VTHuGSqxk4N0kFOL++9ipYOcEwHZrFJygEayboixbeJLLiKBBgy7k1OHLizAp56VQdPA+JDgXbIy6CghxoGcvFrc9OjDJ1ImB5eJ/hoCWUuTHMCo7frGDXMJX2sWyOSFX8UCEWFhYGGnl8jX6+G/jOQAXTHujG/YA+ZeNxv7/jkVwK12/50AL44edjBY3k28Qhf8APYdasR29YgWBgPoL/b4vQDngeKCY0NRoDahMEBOBQ/FrjyqbA0tKlQpzJH/NqMbKt77FwqJH6Mfo2UZg+5SWbsOQElgagHNHUATaCXpgL/Qoet1wspZlBdZrDAkepFZixbcraBdNqHniMJIDqTR9Te6WfvcYuxzq7yEVdHvL8bO19D+jln9VBqehColB1DgZfCk2nTI96xnSB9wBVkYAM/Pn/IOvIsOzcysSW0ApS21Afyl8q9J3zjKH3LmDgc7VMoX3s5/3o7wqEEKqThWlAQ5gKx3HuTzFD1o4ZXcyCFi+0CqDEBNT/wdl89w3kBpM77D9fI1d9qQA9FwB62uUgNXxGY6gTjkgLLjebqm8mpNHhEXfe2liDGlEQtaFVHuymeb9ShswA3qKR/QQ4ldMnLw+dLLkRxQGZbR3Y8pnJmN7jgh5rky0FbbtjC6glG3R6ZMDi4T/TUEspYmOZBewcDBzH1C6+crn8cCb5e96URysN34b6SJhxBGcgDALyJ8Gihf9ibNl8NDB4MX/mMoy8ngvp6r6tEp0c1LXW90J48IStHlWgEMD06u2/UCuu/Tiy1fz3OKZ+DI40YCdOqXY6HJ/i1fVh6Nh+e7v6OjptEdF87LR1ZiIQ1pnNxHhy5MK7SMa21+/gnzu4NsW5a6JN8vCx8JvF36euhkKhjkcEVAICs5AETOlCrKxz5ODe+Npy4LctDjD0a0AbFtl6P0ZAHCgDQE3rPB/cEw24A7jd1vENBo0QbwaaM9gDuOa2VGdZh4tAGlTEFJVEF+A5q/kNayyALIwEwOIDfgLlD2Ui2p87p+n0ozjQS8+5YJpo5sPWP4hu+OUvYio2tCDgCIOrnAio+EZRgDiCUHgWBAWGFrU1PJFpdCn9pGS+LbImKBKnz7H0yXRUH4kxmCI3pmAdF/5eQAQCEcmE1X3kkr/KsUqAUk9NV2kf9F6JDOmoPLQX8NgexoQg5m96f183CTykJgFRGgYw1iEh+Njupa4Tc7OUgTkB+x0r58yH3GvPo8ensw/eG97HEB/eHLoSoAF2I1+c6f9Jp5X8VVC0AU44mFVAL97jDmNeDRv8dv6ntUvMV/Ue9gWmPVTsUJQ3RXIZUkSPMUsmCRkDxTdl0+px4HVhGZEH4nQQ7SAIQzNjwJVU0O5gy1SSMBZw6rf27iCgMqapBUl8OPNsCd8Xp9lW1AefwMQLA3e1qzMzh8C8onXUpgJQcXgoH9syzt6yjZJpqn/I28c68C9Io4F4w+i0suuJIbRcMSldE1JAcANF+Yb+yQwdTTiiUHiD6/A5/TSKmIihrwz3RW6ejIUB4MHFO8+jkSdMm1NCxRER1a6eQAgGLfjqLFX4xrYFMDPGtHA/fKlDjdwXTIAVDt+msICE+fHMD+njpAOxGAE3tVppAR94OhdCASEsVvGPPw82oiBwHurDezFq0VGPQ3WjbB4k4AOGDYdLgB/FV2xmFIzEDavdbGwO35Xn44BBRb/zEtjAfWvF8lVS/pMCXPAmYAz+SEo43wZHj1KyQHqD7oUHqVkN+QbiI00g4FeZi4QGpSGwAY2wCAtL5dQLUMDT+fpDL7IIGVHEDv1/+Xy1O8LKCgHvfCGLQteVxlIPyUm9hmFlrwbZqY0EEPe3ptyYG44tL73DVMdyLIyQHFddNqTSWWw2cbuGWbk+yTiZIL2WYW6JLr6Gv48VsnBxJQFHvesxXU4XIb0YicTHj6KGlOi4ZeodOo4rS3NMkBUL36awjIT58cSG/h2rMz+LfE8wBkbyMBV4SuEmgEHORXsyttlCQBub705AD49hMn2F5OPb73zUank5SBprJYaQJeBGIXT3cgIeR9Zp/4BUXj7U/QokL0YoVfWL0UIyQdPniONoUh+1BGpgP++yskBwBY2plDRHDBD4qa8sd304JEhVRSA7SD2G0rXCh/VPHQ+8TFJQwtjY0coH9vcsI0K88pIMDGk0nfqAsHv32qmXFmIcvArdxW6Vw1JgdUioHyU45chvldGTkQ+/dW5VVjRG7qC+6YDQWqQF2+9xDTInPkt80VPBcxbYG4OjkIA6XhOuOacK+QVYvLb6KZi0WHu6A+n1mPX7gCPiZ+Y0ufHADVqL+GQBIakQP/gpdodVV2XfXVVQgwKZsuber6P5XTEPhRXeRAfEJr0WGy8+rzufX4NR8QLUMw9u6gAkSXQEm81NEMpwVmMIbOBohf2qL/9uc14OGlCpvwwjlYNm2YCsTCBb7dh7bkZdXhxrWOc4Yjnvw6yQGA8jm0w5NVhw437GDg5o2yiyeRaEQRwIpFaUtepVuU0cw6XS1AN9UJCAlM5AA+WHVlQGkzvt1vk5xTkADmIbDOLBTW5wb2qByWJ3IwSUtyAIBE759pbqt2pzORgy2V5AAZn/UvXtl/Q/lneyc3pyAhPLPAMt+RU5Ob93mlk4Zil4wcfPZFiuRgaANWcrDpVFrkAPDT1+I/vNox6g4hty7dUljcPEUvi1glLcitZmXwQzItZ60kWZZcGEQOtrCSg9a/T7h0vLr01xDImibkgE7UsdK+LFjk7WuUjlIGYBNPHaReGpzxT+tCgSGzGsmB+JC6dPkNaCYeig240yRdpIvngYvk4MPR2SGOVxM2LXZ1u552uIEZTMwir+xPTDuQ6Il93qza5KUya/Gr36PxFSA1plKhAx3vQ1dKiocBD7tfdBAxAvHwV0sOABTU6YPep66nQ5BQSmiQy2c6xAKkw69SLn+pFZ064Blyd+jwzV43GaEnu25M5ABpzG8jZF5JZigRcmpwEyel+IEh1uQbuZxGcplx0Ih/XNyzIEUEOdgw3tSuVkywMJryT9Q2epKkLNBnzhNC+zox0iLQwVC2/IdIcuAbUKMsv6k8WCTaGcrW/lwZJQmIMwv5BjrJUSYzFnl1uWf7VK7MQFkt72XsoJgXTdDRwC1IceTAP7xJWV4TucBYtDGU/XAuEPd+qWQhEeoTm11zu5k6teThZeEgC1F9LWizH7xmXGooPieHCmUKYENrc4gyutiyez+NByqfTghy4PvB/riBLkdRRlEDvl28I78icen11xBIa+S/yUbP6Ek2GtYqEfB2Zi8iB4mWl+PhoL8bs+vyEzKpxGTRZQDvf+5+OhApNLIqRpfIwWbitSrR0wTkL3pZTg5EHfxul39sazM8aE4GUYTeNxvnjbJxZ+gGHYREAGl2mbhCLF3w03O8La+4whGs4vuFzr5/NsJX5YqnMkjLMBWYgQREP77Hi/aTk0FnavW9zfjNfKekOekAspJAB1JA1EHc0EHhofmPq1xjW9GgRa54TsP7Q0Ud4vlXPEf9oj2MeUS9EtMBhCMJJJTEboUdIXLgcZPpjpQWCbxCAIkcHN6eHDkAREfuf3cgLbAFOtZAV5l/u7f1yE6PWKRU/pBJ5Y9KjEcZQ+WPnraYTQTe/b17XCv0ckPlP0lkh8pLX2VgIgfouR74wJrXkO9yLW2kiUXn3/Cd/mzioFxKNCcQDJxfZ4Pjl4mNRUljfuK4Ss+HXpR9t7NbS9rYIwspoVMLvl8WUzuIQrk/eNE79QGhuKVcoATkt8tdJgvaekU9IYnPi4WC5vKQYZQ25wfnWcFmUhuzhfxvRpoKmqgXUf6V/PKNlTMvKCLjNkfXFnQhhyykhkCBdP2rib8QSKEBSAyvsJlK1kqv4kd1suEr0nDQW/yq8eF59652rZhufe4OeFC+qAkd5wKTmlWHh9cJQ3zC5YAiX0WFObaT5dslLmsFwZdJjgMa5vWM/ytf8ht51qJwjVByjbB6A9MhbpdUf+2AFMc8ZoIRRHf2l+Peo7s8cXFst+fkfu/wB02w5rP6xt95hVJCH5f22dfk9m52H98jFxKJM4c9i6bRkTKZNcXj+URNpGNrP5tkP31IHl5bnD3qmdnbiloYEXH+jwTxVoLAvs2ekQ+b4JiRX6gETzPwLhPcGDy08bzXAzsZMv0SyGFIIOrg95875lk9h67pK2xCa0eQTVR6/ztMZ47AGrAaQEiD/x7fTmIqJKekOT+10PLtJ86yU160YTQ5yZOJCOmAh2hCcE4Is/ZDx9t9rN1uEKB/dgYtYuj3FyM4BwJDSVlyEvBqRi8rsjz4btP5UwnbQ/qAcCSBhFQXqUhAvo7v9YInwbke3KbUuvAKARAMuT59UOmAwkRA6UGl8ye9r5RaJXeO6oNr7/47YWqBBTV7+gDtTUDtxJY/VYE4zmQ2+tZ/7AyXP9mBOlz3G4Qda4j7ErGISVcBrAsSwQ9EVZSQGjOQAH4gk5YYURHFUVZZADkiw7NCrCplyHaBy97GRTqOTSZKEVERWYpIE6TcAMAPZKISQEtmUImKmTkRPuGY+6fVrg3/da77wL7sTdvyGQT8WPux8/vPndvXu01usnSSPqq9sSgQP5AiqiImrgIumf4aAel+PJqWp+U3pG2TCpDCtDaUbVlWuTU/EpJJhQcqaEzH8siixwIOD5Z34J2VIwfoUcGAZmfIQ1YFkDRyNHcEnYEWmQsJUiUe2+VBDxIckaYDahJLQO7gJGDo+9xqHPO4+cX25hfamMEzXupAv/EEz1FKCAOPgvD4i/+CguzdJA4IJdWWYC7E9YP7t3hGP2bKa0DePawD+ocD7zSOfMiEpKHDO/2t+PtSR/Ozd5sG32MsaSFIly+A3EAHZHbwPaZNi2g4WZl9IsDX85yIi0qUlZjmQBJIaN1HTIPcaF0XLvofN5QVt1BvXQhQ3IwXj4UmPy0TxQhpnABc8NMX7d2upyOzwuWJJMDYevzBOOoRKv/xbc2vdbVOyjaDyb3Yztz/r8YSuoONyh/BEB511+tPxvUfhRayyBJiASs50KHjVwJ8n6KZliA50ZArBeCi4g6NXj64/PUnvhr0j2ttzm8kv0lEhqKmtD5uwUtKO6+QowNbPF2uFRBSFj0W8A09/yCYOJ+0JgtF4bD7htxrwnNZyKoAfPa4J2nkXMF5VIwGBX762vXRGNvQe03IFyJKo80E6VBC8YBC6QcA/w1ngOIa8x/z0tcdyCAkKLtkZUhMRTjnXfamA2xA0gHJwQWG3JX4O/ykwxVEZRAGOgx7wDRvpO3UAYmDxh8GlwEh33jKSlmIKTQNAeFIgnHYQAJCLp7mAKeUiYoFMg7hGxZqsHhFHCKiNnD4J/fCKfbxbcwofzr5NIM4ilTjVPWoCLENSA8lQoCQaM/zx9qkESPG8o8LnRzo0KHjUkPkB+S9XE6f25UQTgc5OVVrK3kyBJZFj4UkMHLUV+oo+wN+V0xgbQH5SAVpKTCDSoRGg8TwAf/x3Z6ty13LZjjmP2+b0cv6cpFlejFhaoHlk3E2PMfbwztoKgrh8VeiPumjYiKDZEKHDQudy2c65o2yTSsIKTCt0PLhMNvHY2x4/t0Cp7gZLxQ+2RELKZZye0gTEC6pJ0taGYii2lABJwlXb6tJQWSKoZI5fci7Y61rzQdOUMY5g20o+VAVFFjmjbYtmubYuMh56EeP1MYQPqnlBXGhkwMdOnRUD+Am4fmUIYuiAFnERJDFkiALU3WQpcsCxIKTqJhpht2PBb0lZ5xqH1EVRKJCCiTUAUhXB4b2kCZSU4+loQJVV/6QDEar3Aak8ic1ZHFThU4OdOjQoUOHDh1R0MmBDh06dOjQoSMKOjnQoUOHDh06dERBJwc6dOjQoUOHjijo5ECHDh06dOjQEQWdHOjQoUOHDh06oqCTAx06dOjQoUNHFHRyoEOHDh06dOiIgk4OdOjQoUOHDh1R0MmBDh06dOjQoSMKOjnQoUOHDh06dERBJwc6dOjQoUOHjijo5ECHDh06dOjQEQGf//8BHuhhWECmXPUAAAAASUVORK5CYII="
 27 |           width="270">
 28 |       </span>
 29 |       <div id="hostname"></div>
 30 |     </div>
 31 |   </nav>
 32 |   <div class="container-fluid">
 33 |     <div class="row">
 34 |       <div class="d-flex flex-column flex-shrink-0 p-3 text-white bg-dark col-sm-2 col-md-2 min-vh-100">
 35 |         <a href="/" class="d-flex align-items-center pb-3 mb-3 link-dark text-decoration-none border-bottom">
 36 |           <svg class="bi me-2" width="30" height="24"><use xlink:href="#bootstrap"/></svg>
 37 |           <span class="fs-5 fw-semibold text-white">Analysis Menu</span>
 38 |         </a>
 39 |         <ul class="list-unstyled ps-0">
 40 |           <li class="mb-1">
 41 |             <button class="btn btn-toggle align-items-center rounded collapsed text-white" data-bs-toggle="collapse" data-bs-target="#Timeliner-collapse" aria-expanded="true">
 42 |               Timeliner
 43 |             </button>
 44 |             <div class="collapse show" id="Timeliner-collapse">
 45 |               <ul class="btn-toggle-nav list-unstyled fw-normal pb-1 small">
 46 |                 <li><a href="#" class="nav-link text-white" onclick="queryTimeliner()">Timeliner</a></li>
 47 |               </ul>
 48 |             </div>
 49 |           </li>
 50 |           <li class="mb-1">
 51 |             <button class="btn btn-toggle align-items-center rounded collapsed text-white" data-bs-toggle="collapse" data-bs-target="#Process-collapse" aria-expanded="false">
 52 |               Process
 53 |             </button>
 54 |             <div class="collapse" id="Process-collapse">
 55 |               <ul class="btn-toggle-nav list-unstyled fw-normal pb-1 small">
 56 |                 <li><a href="#" class="nav-link text-white" onclick="queryCmdLine()">CmdLine</a></li>
 57 |                 <li><a href="#" class="nav-link text-white" onclick="queryPsList()">PsList</a></li>
 58 |                 <li><a href="#" class="nav-link text-white" onclick="queryPsScan()">PsScan</a></li>
 59 |                 <li><a href="#" class="nav-link text-white" onclick="queryPsTree()">PsTree</a></li>
 60 |                 <li><a href="#" class="nav-link text-white" onclick="queryMalfind()">Malfind</a></li>
 61 |                 <li><a href="#" class="nav-link text-white" onclick="queryYaraScan()">YaraScan</a></li>
 62 |                 <li><a href="#" class="nav-link text-white" onclick="queryPrivs()">Privs</a></li>
 63 |                 <li><a href="#" class="nav-link text-white" onclick="querySSDT()">SSDT</a></li>
 64 |               </ul>
 65 |             </div>
 66 |           </li>
 67 |           <li class="mb-1">
 68 |             <button class="btn btn-toggle align-items-center rounded collapsed text-white" data-bs-toggle="collapse" data-bs-target="#Registry-collapse" aria-expanded="false">
 69 |               Registry
 70 |             </button>
 71 |             <div class="collapse" id="Registry-collapse">
 72 |               <ul class="btn-toggle-nav list-unstyled fw-normal pb-1 small">
 73 |                 <li><a href="#" class="nav-link text-white" onclick="queryHiveList()">HiveList</a></li>
 74 |                 <li><a href="#" class="nav-link text-white" onclick="queryHiveScan()">HiveScan</a></li>
 75 |                 <li><a href="#" class="nav-link text-white" onclick="queryPrintKey()">PrintKey</a></li>
 76 |                 <li><a href="#" class="nav-link text-white" onclick="querySvcScan()">SvcScan</a></li>
 77 |                 <!-- <li><a href="#" class="nav-link text-white">UserAssist</a></li> -->
 78 |               </ul>
 79 |             </div>
 80 |           </li>
 81 |           <li class="mb-1">
 82 |             <button class="btn btn-toggle align-items-center rounded collapsed text-white" data-bs-toggle="collapse" data-bs-target="#Module-collapse" aria-expanded="false">
 83 |               Module
 84 |             </button>
 85 |             <div class="collapse" id="Module-collapse">
 86 |               <ul class="btn-toggle-nav list-unstyled fw-normal pb-1 small">
 87 |                 <li><a href="#" class="nav-link text-white" onclick="queryDllList()">DllList</a></li>
 88 |                 <li><a href="#" class="nav-link text-white" onclick="queryModScan()">ModScan</a></li>
 89 |                 <li><a href="#" class="nav-link text-white" onclick="queryModules()">Modules</a></li>
 90 |                 <li><a href="#" class="nav-link text-white" onclick="queryCallbacks()">Callbacks</a></li>
 91 |               </ul>
 92 |             </div>
 93 |           </li>
 94 |           <li class="mb-1">
 95 |             <button class="btn btn-toggle align-items-center rounded collapsed text-white" data-bs-toggle="collapse" data-bs-target="#Network-collapse" aria-expanded="false">
 96 |               Network
 97 |             </button>
 98 |             <div class="collapse" id="Network-collapse">
 99 |               <ul class="btn-toggle-nav list-unstyled fw-normal pb-1 small">
100 |                 <li><a href="#" class="nav-link text-white" onclick="queryNetScan()">NetScan</a></li>
101 |                 <li><a href="#" class="nav-link text-white" onclick="queryNetStat()">NetStat</a></li>
102 |               </ul>
103 |             </div>
104 |           </li>
105 |           <li class="mb-1">
106 |             <button class="btn btn-toggle align-items-center rounded collapsed text-white" data-bs-toggle="collapse" data-bs-target="#File-collapse" aria-expanded="false">
107 |               File
108 |             </button>
109 |             <div class="collapse" id="File-collapse">
110 |               <ul class="btn-toggle-nav list-unstyled fw-normal pb-1 small">
111 |                 <li><a href="#" class="nav-link text-white" onclick="queryDumpFiles('{hash}')">DumpFiles</a></li>
112 |                 <li><a href="#" class="nav-link text-white" onclick="queryFileScan()">FileScan</a></li>
113 |               </ul>
114 |             </div>
115 |           </li>
116 |           <li class="mb-1">
117 |             <button class="btn btn-toggle align-items-center rounded collapsed text-white" data-bs-toggle="collapse" data-bs-target="#Env-collapse" aria-expanded="false">
118 |               Env
119 |             </button>
120 |             <div class="collapse" id="Env-collapse">
121 |               <ul class="btn-toggle-nav list-unstyled fw-normal pb-1 small">
122 |                 <li><a href="#" class="nav-link text-white" onclick="queryCertificates()">Certificates</a></li>
123 |                 <li><a href="#" class="nav-link text-white" onclick="queryEnvars()">Envars</a></li>
124 |                 <li><a href="#" class="nav-link text-white" onclick="queryDriverIrp()">DriverIrp</a></li>
125 |                 <li><a href="#" class="nav-link text-white" onclick="queryDriverScan()">DriverScan</a></li>
126 |                 <li><a href="#" class="nav-link text-white" onclick="queryGetServiceSIDs()">GetServiceSIDs</a></li>
127 |                 <li><a href="#" class="nav-link text-white" onclick="queryGetSIDs()">GetSIDs</a></li>
128 |                 <li><a href="#" class="nav-link text-white" onclick="queryMutantScan()">MutantScan</a></li>
129 |                 <li><a href="#" class="nav-link text-white" onclick="queryHashdump()">Hashdump</a></li>
130 |                 <li><a href="#" class="nav-link text-white" onclick="queryLsadump()">Lsadump</a></li>
131 |                 <li><a href="#" class="nav-link text-white" onclick="querySkeleton_Key_Check()">Skeleton_Key_Check</a></li>
132 |                 <li><a href="#" class="nav-link text-white" onclick="querySymlinkScan()">SymlinkScan</a></li>
133 |                 <li><a href="#" class="nav-link text-white" onclick="queryVadInfo()">VadInfo</a></li>
134 |                 <li><a href="#" class="nav-link text-white" onclick="queryVerInfo()">VerInfo</a></li>
135 |               </ul>
136 |             </div>
137 |           </li>
138 |           <li class="mb-1">
139 |             <button class="btn btn-toggle align-items-center rounded collapsed text-white" data-bs-toggle="collapse" data-bs-target="#Plugin-collapse" aria-expanded="false">
140 |               Plugin
141 |             </button>
142 |             <div class="collapse" id="Plugin-collapse">
143 |               <ul class="btn-toggle-nav list-unstyled fw-normal pb-1 small">
144 |                 <li><a href="#" class="nav-link text-white" onclick="queryImpHash('{hash}')">ImpHash</a></li>
145 |                 <li><a href="#" class="nav-link text-white" onclick="queryImpFuzzy('{hash}')">ImpFuzzy</a></li>
146 |               </ul>
147 |             </div>
148 |           </li>
149 |           <li class="mb-1">
150 |             <button class="btn btn-toggle align-items-center rounded collapsed text-white" data-bs-toggle="collapse" data-bs-target="#Other-collapse" aria-expanded="false">
151 |               Other
152 |             </button>
153 |             <div class="collapse" id="Other-collapse">
154 |               <ul class="btn-toggle-nav list-unstyled fw-normal pb-1 small">
155 |                 <li><a href="#" class="nav-link text-white" onclick="queryBigPools()">BigPools</a></li>
156 |                 <li><a href="#" class="nav-link text-white" onclick="queryCachedump()">Cachedump</a></li>
157 |                 <li><a href="#" class="nav-link text-white" onclick="queryPoolScanner()">PoolScanner</a></li>
158 |                 <li><a href="#" class="nav-link text-white" onclick="queryVirtMap()">VirtMap</a></li>
159 |                 <!-- <li><a href="#" class="nav-link text-white">Strings</a></li> -->
160 |                 <!-- <li><a href="#" class="nav-link text-white">Handles</a></li> -->
161 |                 <!-- <li><a href="#" class="nav-link text-white">Memmap</a></li> -->
162 |               </ul>
163 |             </div>
164 |           </li>
165 |         </ul>
166 |       </div>
167 |       <div class="col-sm-10 col-md-10 main mt-3">
168 |         <div id="resultTable"></div>
169 |         <div id="tree-container"></div>
170 |       </div>
171 |     </div>
172 |   </div>
173 |   <script>
174 |     $.fn.dataTable.moment('YYYY-MM-DDThh:mm:ss');
175 |     let request = new XMLHttpRequest();
176 | 
177 |     request.open('GET', 'windows.envars.Envars.json');
178 |     request.send();
179 | 
180 |     request.onreadystatechange = () => {{
181 |       if (request.readyState == 4 && request.status == 200) {{
182 |         let json = JSON.parse(request.responseText);
183 |         let html = '<p class="fs-6 fw-lighter text-secondary mb-0">hostname: ';
184 | 
185 |         for (let i = 0; i < json.length; i++) {{
186 |           if (json[i].Variable === 'COMPUTERNAME') {{
187 |             html += json[i].Value;
188 |             break;
189 |           }}
190 |         }}
191 |         html += '</p>';
192 | 
193 |         document.getElementById('hostname').innerHTML = html;
194 |       }}
195 |     }};
196 |   </script>
197 | </body>
198 | 
199 | </html>
200 | 


--------------------------------------------------------------------------------
/terraform/analysis_script/template.js:
--------------------------------------------------------------------------------
   1 | $.fn.dataTable.moment('YYYY-MM-DDThh:mm:ss');
   2 | 
   3 | function queryTimeliner() {{
   4 |   html = '<table id="onTable" class="display"><thead><tr><th>Accessed Date</th><th>Changed Date</th><th>Created Date</th><th>Description</th><th>Modified Date</th><th>Plugin</th></tr></thead><tbody></tbody></table>';
   5 |   document.getElementById("resultTable").innerHTML = html;
   6 | 
   7 |   $("#tree-container").empty();
   8 | 
   9 |   var myTable = $("#onTable").dataTable({{
  10 |     "pageLength": 50,
  11 |     ajax: {{
  12 |       "url": "timeliner.Timeliner.json",
  13 |       "type": "GET",
  14 |       "dataSrc": "",
  15 |     }},
  16 |     columns: [
  17 |       {{data: 'Accessed Date'}},
  18 |       {{data: 'Changed Date'}},
  19 |       {{data: 'Created Date'}},
  20 |       {{data: 'Description'}},
  21 |       {{data: 'Modified Date'}},
  22 |       {{data: 'Plugin'}},
  23 |     ],
  24 |   }});
  25 | }}
  26 | 
  27 | function queryBigPools() {{
  28 |   html = '<table id="onTable" class="display"><thead><tr><th>Allocation</th><th>NumberOfBytes</th><th>PoolType</th><th>Tag</th></tr></thead><tbody></tbody></table>';
  29 |   document.getElementById("resultTable").innerHTML = html;
  30 | 
  31 |   $("#tree-container").empty();
  32 | 
  33 |   var myTable = $("#onTable").dataTable({{
  34 |     "pageLength": 50,
  35 |     ajax: {{
  36 |       "url": "windows.bigpools.BigPools.json",
  37 |       "type": "GET",
  38 |       "dataSrc": "",
  39 |     }},
  40 |     columns: [
  41 |       {{data: 'Allocation'}},
  42 |       {{data: 'NumberOfBytes'}},
  43 |       {{data: 'PoolType'}},
  44 |       {{data: 'Tag'}},
  45 |     ],
  46 |   }});
  47 | }}
  48 | 
  49 | function queryCachedump() {{
  50 |   html = '<table id="onTable" class="display"><thead><tr><th>Username</th><th>Domain</th><th>Domain name</th><th>Hash</th></tr></thead><tbody></tbody></table>';
  51 |   document.getElementById("resultTable").innerHTML = html;
  52 | 
  53 |   $("#tree-container").empty();
  54 | 
  55 |   var myTable = $("#onTable").dataTable({{
  56 |     "pageLength": 50,
  57 |     ajax: {{
  58 |       "url": "windows.cachedump.Cachedump.json",
  59 |       "type": "GET",
  60 |       "dataSrc": "",
  61 |     }},
  62 |     columns: [
  63 |       {{data: 'Username'}},
  64 |       {{data: 'Domain'}},
  65 |       {{data: 'Domain name'}},
  66 |       {{data: 'Hash'}},
  67 |     ],
  68 |   }});
  69 | }}
  70 | 
  71 | function queryCallbacks() {{
  72 |   html = '<table id="onTable" class="display"><thead><tr><th>Callback</th><th>Detail</th><th>Module</th><th>Symbol</th><th>Type</th></tr></thead><tbody></tbody></table>';
  73 |   document.getElementById("resultTable").innerHTML = html;
  74 | 
  75 |   $("#tree-container").empty();
  76 | 
  77 |   var myTable = $("#onTable").dataTable({{
  78 |     "pageLength": 50,
  79 |     ajax: {{
  80 |       "url": "windows.callbacks.Callbacks.json",
  81 |       "type": "GET",
  82 |       "dataSrc": "",
  83 |     }},
  84 |     columns: [
  85 |       {{data: 'Callback'}},
  86 |       {{data: 'Detail'}},
  87 |       {{data: 'Module'}},
  88 |       {{data: 'Symbol'}},
  89 |       {{data: 'Type'}},
  90 |     ],
  91 |   }});
  92 | }}
  93 | 
  94 | function queryCmdLine() {{
  95 |   html = '<table id="onTable" class="display"><thead><tr><th>Args</th><th>PID</th><th>Process</th></tr></thead><tbody></tbody></table>';
  96 |   document.getElementById("resultTable").innerHTML = html;
  97 | 
  98 |   $("#tree-container").empty();
  99 | 
 100 |   var myTable = $("#onTable").dataTable({{
 101 |     "pageLength": 50,
 102 |     ajax: {{
 103 |       "url": "windows.cmdline.CmdLine.json",
 104 |       "type": "GET",
 105 |       "dataSrc": "",
 106 |     }},
 107 |     columns: [
 108 |       {{data: 'Args'}},
 109 |       {{data: 'PID'}},
 110 |       {{data: 'Process'}},
 111 |     ],
 112 |   }});
 113 | }}
 114 | 
 115 | function queryDllList() {{
 116 |   html = '<table id="onTable" class="display"><thead><tr><th>Base</th><th>LoadTime</th><th>Name</th><th>PID</th><th>Path</th><th>Process</th><th>Size</th></tr></thead><tbody></tbody></table>';
 117 |   document.getElementById("resultTable").innerHTML = html;
 118 | 
 119 |   $("#tree-container").empty();
 120 | 
 121 |   var myTable = $("#onTable").dataTable({{
 122 |     "pageLength": 50,
 123 |     "fnRowCallback": function(nRow, aData, iDisplayIndex) {{
 124 |             $('td:eq(3)', nRow).html('<a href="' + aData["File output"] + '" target="_blank">' + aData["PID"] + '</a>');
 125 |             return nRow;
 126 |         }},
 127 |     ajax: {{
 128 |       "url": "windows.dlllist.DllList.json",
 129 |       "type": "GET",
 130 |       "dataSrc": "",
 131 |     }},
 132 |     columns: [
 133 |       {{data: 'Base'}},
 134 |       {{data: 'LoadTime'}},
 135 |       {{data: 'Name'}},
 136 |       {{data: 'PID'}},
 137 |       {{data: 'Path'}},
 138 |       {{data: 'Process'}},
 139 |       {{data: 'Size'}},
 140 |     ],
 141 |   }});
 142 | }}
 143 | 
 144 | function queryDriverIrp() {{
 145 |   html = '<table id="onTable" class="display"><thead><tr><th>Address</th><th>Driver Name</th><th>IRP</th><th>Module</th><th>Symbol</th></tr></thead><tbody></tbody></table>';
 146 |   document.getElementById("resultTable").innerHTML = html;
 147 | 
 148 |   $("#tree-container").empty();
 149 | 
 150 |   var myTable = $("#onTable").dataTable({{
 151 |     "pageLength": 50,
 152 |     ajax: {{
 153 |       "url": "windows.driverirp.DriverIrp.json",
 154 |       "type": "GET",
 155 |       "dataSrc": "",
 156 |     }},
 157 |     columns: [
 158 |       {{data: 'Address'}},
 159 |       {{data: 'Driver Name'}},
 160 |       {{data: 'IRP'}},
 161 |       {{data: 'Module'}},
 162 |       {{data: 'Symbol'}},
 163 |     ],
 164 |   }});
 165 | }}
 166 | 
 167 | function queryDriverScan() {{
 168 |   html = '<table id="onTable" class="display"><thead><tr><th>Driver Name</th><th>Name</th><th>Service Key</th><th>Size</th><th>Start</th></tr></thead><tbody></tbody></table>';
 169 |   document.getElementById("resultTable").innerHTML = html;
 170 | 
 171 |   $("#tree-container").empty();
 172 | 
 173 |   var myTable = $("#onTable").dataTable({{
 174 |     "pageLength": 50,
 175 |     ajax: {{
 176 |       "url": "windows.driverscan.DriverScan.json",
 177 |       "type": "GET",
 178 |       "dataSrc": "",
 179 |     }},
 180 |     columns: [
 181 |       {{data: 'Driver Name'}},
 182 |       {{data: 'Name'}},
 183 |       {{data: 'Service Key'}},
 184 |       {{data: 'Size'}},
 185 |       {{data: 'Start'}},
 186 |     ],
 187 |   }});
 188 | }}
 189 | 
 190 | function queryEnvars() {{
 191 |   html = '<table id="onTable" class="display"><thead><tr><th>Block</th><th>PID</th><th>Process</th><th>Value</th><th>Variable</th></tr></thead><tbody></tbody></table>';
 192 |   document.getElementById("resultTable").innerHTML = html;
 193 | 
 194 |   $("#tree-container").empty();
 195 | 
 196 |   var myTable = $("#onTable").dataTable({{
 197 |     "pageLength": 50,
 198 |     ajax: {{
 199 |       "url": "windows.envars.Envars.json",
 200 |       "type": "GET",
 201 |       "dataSrc": "",
 202 |     }},
 203 |     columns: [
 204 |       {{data: 'Block'}},
 205 |       {{data: 'PID'}},
 206 |       {{data: 'Process'}},
 207 |       {{data: 'Value'}},
 208 |       {{data: 'Variable'}},
 209 |     ],
 210 |   }});
 211 | }}
 212 | 
 213 | function queryFileScan() {{
 214 |   html = '<table id="onTable" class="display"><thead><tr><th>Name</th><th>Offset</th><th>Size</th></tr></thead><tbody></tbody></table>';
 215 |   document.getElementById("resultTable").innerHTML = html;
 216 | 
 217 |   $("#tree-container").empty();
 218 | 
 219 |   var myTable = $("#onTable").dataTable({{
 220 |     "pageLength": 50,
 221 |     ajax: {{
 222 |       "url": "windows.filescan.FileScan.json",
 223 |       "type": "GET",
 224 |       "dataSrc": "",
 225 |     }},
 226 |     columns: [
 227 |       {{data: 'Name'}},
 228 |       {{data: 'Offset'}},
 229 |       {{data: 'Size'}},
 230 |     ],
 231 |   }});
 232 | }}
 233 | 
 234 | function queryGetServiceSIDs() {{
 235 |   html = '<table id="onTable" class="display"><thead><tr><th>SID</th><th>Service</th></tr></thead><tbody></tbody></table>';
 236 |   document.getElementById("resultTable").innerHTML = html;
 237 | 
 238 |   $("#tree-container").empty();
 239 | 
 240 |   var myTable = $("#onTable").dataTable({{
 241 |     "pageLength": 50,
 242 |     ajax: {{
 243 |       "url": "windows.getservicesids.GetServiceSIDs.json",
 244 |       "type": "GET",
 245 |       "dataSrc": "",
 246 |     }},
 247 |     columns: [
 248 |       {{data: 'SID'}},
 249 |       {{data: 'Service'}},
 250 |     ],
 251 |   }});
 252 | }}
 253 | 
 254 | function queryGetSIDs() {{
 255 |   html = '<table id="onTable" class="display"><thead><tr><th>Name</th><th>PID</th><th>Process</th><th>SID</th></tr></thead><tbody></tbody></table>';
 256 |   document.getElementById("resultTable").innerHTML = html;
 257 | 
 258 |   $("#tree-container").empty();
 259 | 
 260 |   var myTable = $("#onTable").dataTable({{
 261 |     "pageLength": 50,
 262 |     ajax: {{
 263 |       "url": "windows.getsids.GetSIDs.json",
 264 |       "type": "GET",
 265 |       "dataSrc": "",
 266 |     }},
 267 |     columns: [
 268 |       {{data: 'Name'}},
 269 |       {{data: 'PID'}},
 270 |       {{data: 'Process'}},
 271 |       {{data: 'SID'}},
 272 |     ],
 273 |   }});
 274 | }}
 275 | 
 276 | function queryHashdump() {{
 277 |   html = '<table id="onTable" class="display"><thead><tr><th>User</th><th>lmhash</th><th>nthash</th><th>rid</th></tr></thead><tbody></tbody></table>';
 278 |   document.getElementById("resultTable").innerHTML = html;
 279 | 
 280 |   $("#tree-container").empty();
 281 | 
 282 |   var myTable = $("#onTable").dataTable({{
 283 |     "pageLength": 50,
 284 |     ajax: {{
 285 |       "url": "windows.hashdump.Hashdump.json",
 286 |       "type": "GET",
 287 |       "dataSrc": "",
 288 |     }},
 289 |     columns: [
 290 |       {{data: 'User'}},
 291 |       {{data: 'lmhash'}},
 292 |       {{data: 'nthash'}},
 293 |       {{data: 'rid'}},
 294 |     ],
 295 |   }});
 296 | }}
 297 | 
 298 | function queryLsadump() {{
 299 |   html = '<table id="onTable" class="display"><thead><tr><th>Hex</th><th>Key</th><th>Secret</th></tr></thead><tbody></tbody></table>';
 300 |   document.getElementById("resultTable").innerHTML = html;
 301 | 
 302 |   $("#tree-container").empty();
 303 | 
 304 |   var myTable = $("#onTable").dataTable({{
 305 |     "pageLength": 50,
 306 |     ajax: {{
 307 |       "url": "windows.lsadump.Lsadump.json",
 308 |       "type": "GET",
 309 |       "dataSrc": "",
 310 |     }},
 311 |     columns: [
 312 |       {{data: 'Hex'}},
 313 |       {{data: 'Key'}},
 314 |       {{data: 'Secret'}},
 315 |     ],
 316 |   }});
 317 | }}
 318 | 
 319 | function queryMalfind() {{
 320 |   html = '<table id="onTable" class="display"><thead><tr><th>Disasm</th><th>Hexdump</th><th>PID</th><th>Process</th><th>Tag</th></tr></thead><tbody></tbody></table>';
 321 |   document.getElementById("resultTable").innerHTML = html;
 322 | 
 323 |   $("#tree-container").empty();
 324 | 
 325 |   var myTable = $("#onTable").dataTable({{
 326 |     "pageLength": 50,
 327 |     "fnRowCallback": function(nRow, aData, iDisplayIndex) {{
 328 |             $('td:eq(2)', nRow).html('<a href="' + aData["File output"] + '" target="_blank">' + aData["PID"] + '</a>');
 329 |             return nRow;
 330 |         }},
 331 |     ajax: {{
 332 |       "url": "windows.malfind.Malfind.json",
 333 |       "type": "GET",
 334 |       "dataSrc": "",
 335 |     }},
 336 |     columns: [
 337 |       {{data: 'Disasm'}},
 338 |       {{data: 'Hexdump'}},
 339 |       {{data: 'PID'}},
 340 |       {{data: 'Process'}},
 341 |       {{data: 'Tag'}},
 342 |     ],
 343 |   }});
 344 | }}
 345 | 
 346 | function queryModScan() {{
 347 |   html = '<table id="onTable" class="display"><thead><tr><th>Base</th><th>Name</th><th>Path</th><th>Size</th></tr></thead><tbody></tbody></table>';
 348 |   document.getElementById("resultTable").innerHTML = html;
 349 | 
 350 |   $("#tree-container").empty();
 351 | 
 352 |   var myTable = $("#onTable").dataTable({{
 353 |     "pageLength": 50,
 354 |     ajax: {{
 355 |       "url": "windows.modscan.ModScan.json",
 356 |       "type": "GET",
 357 |       "dataSrc": "",
 358 |     }},
 359 |     columns: [
 360 |       {{data: 'Base'}},
 361 |       {{data: 'Name'}},
 362 |       {{data: 'Path'}},
 363 |       {{data: 'Size'}},
 364 |     ],
 365 |   }});
 366 | }}
 367 | 
 368 | function queryModules() {{
 369 |   html = '<table id="onTable" class="display"><thead><tr><th>Base</th><th>Name</th><th>Path</th><th>Size</th></tr></thead><tbody></tbody></table>';
 370 |   document.getElementById("resultTable").innerHTML = html;
 371 | 
 372 |   $("#tree-container").empty();
 373 | 
 374 |   var myTable = $("#onTable").dataTable({{
 375 |     "pageLength": 50,
 376 |     "fnRowCallback": function(nRow, aData, iDisplayIndex) {{
 377 |             $('td:eq(1)', nRow).html('<a href="' + aData["File output"] + '" target="_blank">' + aData["Name"] + '</a>');
 378 |             return nRow;
 379 |         }},
 380 |     ajax: {{
 381 |       "url": "windows.modules.Modules.json",
 382 |       "type": "GET",
 383 |       "dataSrc": "",
 384 |     }},
 385 |     columns: [
 386 |       {{data: 'Base'}},
 387 |       {{data: 'Name'}},
 388 |       {{data: 'Path'}},
 389 |       {{data: 'Size'}},
 390 |     ],
 391 |   }});
 392 | }}
 393 | 
 394 | function queryMutantScan() {{
 395 |   html = '<table id="onTable" class="display"><thead><tr><th>Name</th><th>Offset</th></tr></thead><tbody></tbody></table>';
 396 |   document.getElementById("resultTable").innerHTML = html;
 397 | 
 398 |   $("#tree-container").empty();
 399 | 
 400 |   var myTable = $("#onTable").dataTable({{
 401 |     "pageLength": 50,
 402 |     ajax: {{
 403 |       "url": "windows.mutantscan.MutantScan.json",
 404 |       "type": "GET",
 405 |       "dataSrc": "",
 406 |     }},
 407 |     columns: [
 408 |       {{data: 'Name'}},
 409 |       {{data: 'Offset'}},
 410 |     ],
 411 |   }});
 412 | }}
 413 | 
 414 | function queryNetScan() {{
 415 |   html = '<table id="onTable" class="display"><thead><tr><th>Created</th><th>ForeignAddr</th><th>ForeignPort</th><th>LocalAddr</th><th>LocalPort</th><th>Owner</th><th>PID</th><th>Proto</th><th>State</th></tr></thead><tbody></tbody></table>';
 416 |   document.getElementById("resultTable").innerHTML = html;
 417 | 
 418 |   $("#tree-container").empty();
 419 | 
 420 |   var myTable = $("#onTable").dataTable({{
 421 |     "pageLength": 50,
 422 |     ajax: {{
 423 |       "url": "windows.netscan.NetScan.json",
 424 |       "type": "GET",
 425 |       "dataSrc": "",
 426 |     }},
 427 |     columns: [
 428 |       {{data: 'Created'}},
 429 |       {{data: 'ForeignAddr'}},
 430 |       {{data: 'ForeignPort'}},
 431 |       {{data: 'LocalAddr'}},
 432 |       {{data: 'LocalPort'}},
 433 |       {{data: 'Owner'}},
 434 |       {{data: 'PID'}},
 435 |       {{data: 'Proto'}},
 436 |       {{data: 'State'}},
 437 |     ],
 438 |   }});
 439 | }}
 440 | 
 441 | function queryNetStat() {{
 442 |   html = '<table id="onTable" class="display"><thead><tr><th>Created</th><th>ForeignAddr</th><th>ForeignPort</th><th>LocalAddr</th><th>LocalPort</th><th>Owner</th><th>PID</th><th>Proto</th><th>State</th></tr></thead><tbody></tbody></table>';
 443 |   document.getElementById("resultTable").innerHTML = html;
 444 | 
 445 |   $("#tree-container").empty();
 446 | 
 447 |   var myTable = $("#onTable").dataTable({{
 448 |     "pageLength": 50,
 449 |     ajax: {{
 450 |       "url": "windows.netstat.NetStat.json",
 451 |       "type": "GET",
 452 |       "dataSrc": "",
 453 |     }},
 454 |     columns: [
 455 |       {{data: 'Created'}},
 456 |       {{data: 'ForeignAddr'}},
 457 |       {{data: 'ForeignPort'}},
 458 |       {{data: 'LocalAddr'}},
 459 |       {{data: 'LocalPort'}},
 460 |       {{data: 'Owner'}},
 461 |       {{data: 'PID'}},
 462 |       {{data: 'Proto'}},
 463 |       {{data: 'State'}},
 464 |     ],
 465 |   }});
 466 | }}
 467 | 
 468 | function queryPoolScanner() {{
 469 |   html = '<table id="onTable" class="display"><thead><tr><th>Layer</th><th>Name</th><th>Tag</th></tr></thead><tbody></tbody></table>';
 470 |   document.getElementById("resultTable").innerHTML = html;
 471 | 
 472 |   $("#tree-container").empty();
 473 | 
 474 |   var myTable = $("#onTable").dataTable({{
 475 |     "pageLength": 50,
 476 |     ajax: {{
 477 |       "url": "windows.poolscanner.PoolScanner.json",
 478 |       "type": "GET",
 479 |       "dataSrc": "",
 480 |     }},
 481 |     columns: [
 482 |       {{data: 'Layer'}},
 483 |       {{data: 'Name'}},
 484 |       {{data: 'Tag'}},
 485 |     ],
 486 |   }});
 487 | }}
 488 | 
 489 | function queryPsList() {{
 490 |   html = '<table id="onTable" class="display"><thead><tr><th>CreateTime</th><th>ExitTime</th><th>Handles</th><th>ImageFileName</th><th>PID</th><th>PPID</th><th>SessionId</th><th>Threads</th><th>Wow64</th></tr></thead><tbody></tbody></table>';
 491 |   document.getElementById("resultTable").innerHTML = html;
 492 | 
 493 |   $("#tree-container").empty();
 494 | 
 495 |   var myTable = $("#onTable").dataTable({{
 496 |     "pageLength": 50,
 497 |     "fnRowCallback": function(nRow, aData, iDisplayIndex) {{
 498 |             $('td:eq(4)', nRow).html('<a href="' + aData["File output"] + '" target="_blank">' + aData["PID"] + '</a>');
 499 |             return nRow;
 500 |         }},
 501 |     ajax: {{
 502 |       "url": "windows.pslist.PsList.json",
 503 |       "type": "GET",
 504 |       "dataSrc": "",
 505 |     }},
 506 |     columns: [
 507 |       {{data: 'CreateTime'}},
 508 |       {{data: 'ExitTime'}},
 509 |       {{data: 'Handles'}},
 510 |       {{data: 'ImageFileName'}},
 511 |       {{data: 'PID'}},
 512 |       {{data: 'PPID'}},
 513 |       {{data: 'SessionId'}},
 514 |       {{data: 'Threads'}},
 515 |       {{data: 'Wow64'}},
 516 |     ],
 517 |   }});
 518 | }}
 519 | 
 520 | function queryPsScan() {{
 521 |   html = '<table id="onTable" class="display"><thead><tr><th>CreateTime</th><th>ExitTime</th><th>Handles</th><th>ImageFileName</th><th>PID</th><th>PPID</th><th>SessionId</th><th>Threads</th><th>Wow64</th></tr></thead><tbody></tbody></table>';
 522 |   document.getElementById("resultTable").innerHTML = html;
 523 | 
 524 |   $("#tree-container").empty();
 525 | 
 526 |   var myTable = $("#onTable").dataTable({{
 527 |     "pageLength": 50,
 528 |     "fnRowCallback": function(nRow, aData, iDisplayIndex) {{
 529 |             $('td:eq(4)', nRow).html('<a href="' + aData["File output"] + '" target="_blank">' + aData["PID"] + '</a>');
 530 |             return nRow;
 531 |         }},
 532 |     ajax: {{
 533 |       "url": "windows.psscan.PsScan.json",
 534 |       "type": "GET",
 535 |       "dataSrc": "",
 536 |     }},
 537 |     columns: [
 538 |       {{data: 'CreateTime'}},
 539 |       {{data: 'ExitTime'}},
 540 |       {{data: 'Handles'}},
 541 |       {{data: 'ImageFileName'}},
 542 |       {{data: 'PID'}},
 543 |       {{data: 'PPID'}},
 544 |       {{data: 'SessionId'}},
 545 |       {{data: 'Threads'}},
 546 |       {{data: 'Wow64'}},
 547 |     ],
 548 |   }});
 549 | }}
 550 | 
 551 | function queryPrivs() {{
 552 |   html = '<table id="onTable" class="display"><thead><tr><th>Attributes</th><th>Description</th><th>PID</th><th>Privilege</th><th>Process</th><th>Value</th></tr></thead><tbody></tbody></table>';
 553 |   document.getElementById("resultTable").innerHTML = html;
 554 | 
 555 |   $("#tree-container").empty();
 556 | 
 557 |   var myTable = $("#onTable").dataTable({{
 558 |     "pageLength": 50,
 559 |     ajax: {{
 560 |       "url": "windows.privileges.Privs.json",
 561 |       "type": "GET",
 562 |       "dataSrc": "",
 563 |     }},
 564 |     columns: [
 565 |       {{data: 'Attributes'}},
 566 |       {{data: 'Description'}},
 567 |       {{data: 'PID'}},
 568 |       {{data: 'Privilege'}},
 569 |       {{data: 'Process'}},
 570 |       {{data: 'Value'}},
 571 |     ],
 572 |   }});
 573 | }}
 574 | 
 575 | function queryCertificates() {{
 576 |   html = '<table id="onTable" class="display"><thead><tr><th>Certificate path</th><th>Certificate section</th><th>Certificate ID</th><th>Certificate name</th></tr></thead><tbody></tbody></table>';
 577 |   document.getElementById("resultTable").innerHTML = html;
 578 | 
 579 |   $("#tree-container").empty();
 580 | 
 581 |   var myTable = $("#onTable").dataTable({{
 582 |     "pageLength": 50,
 583 |     ajax: {{
 584 |       "url": "windows.registry.certificates.Certificates.json",
 585 |       "type": "GET",
 586 |       "dataSrc": "",
 587 |     }},
 588 |     columns: [
 589 |       {{data: 'Certificate path'}},
 590 |       {{data: 'Certificate section'}},
 591 |       {{data: 'Certificate ID'}},
 592 |       {{data: 'Certificate name'}},
 593 |     ],
 594 |   }});
 595 | }}
 596 | 
 597 | function queryHiveList() {{
 598 |   html = '<table id="onTable" class="display"><thead><tr><th>FileFullPath</th><th>Offset</th><</tr></thead><tbody></tbody></table>';
 599 |   document.getElementById("resultTable").innerHTML = html;
 600 | 
 601 |   $("#tree-container").empty();
 602 | 
 603 |   var myTable = $("#onTable").dataTable({{
 604 |     "pageLength": 50,
 605 |     ajax: {{
 606 |       "url": "windows.registry.hivelist.HiveList.json",
 607 |       "type": "GET",
 608 |       "dataSrc": "",
 609 |     }},
 610 |     columns: [
 611 |       {{data: 'FileFullPath'}},
 612 |       {{data: 'Offset'}},
 613 |     ],
 614 |   }});
 615 | }}
 616 | 
 617 | function queryHiveScan() {{
 618 |   html = '<table id="onTable" class="display"><thead><tr><th>Offset</th></tr></thead><tbody></tbody></table>';
 619 |   document.getElementById("resultTable").innerHTML = html;
 620 | 
 621 |   $("#tree-container").empty();
 622 | 
 623 |   var myTable = $("#onTable").dataTable({{
 624 |     "pageLength": 50,
 625 |     ajax: {{
 626 |       "url": "windows.registry.hivescan.HiveScan.json",
 627 |       "type": "GET",
 628 |       "dataSrc": "",
 629 |     }},
 630 |     columns: [
 631 |       {{data: 'Offset'}},
 632 |     ],
 633 |   }});
 634 | }}
 635 | 
 636 | function queryPrintKey() {{
 637 |   html = '<table id="onTable" class="display"><thead><tr><th>FileFullPath</th><th>Offset</th><</tr></thead><tbody></tbody></table>';
 638 |   document.getElementById("resultTable").innerHTML = html;
 639 | 
 640 |   $("#tree-container").empty();
 641 | 
 642 |   var myTable = $("#onTable").dataTable({{
 643 |     "pageLength": 50,
 644 |     "fnRowCallback": function(nRow, aData, iDisplayIndex) {{
 645 |             $('td:eq(1)', nRow).html('<a href="#" onclick="queryPrintKeySub(\'' + "0x" + aData["Offset"].toString(16) + '\')">' + "0x" + aData["Offset"].toString(16) + '</a>');
 646 |             return nRow;
 647 |         }},
 648 |     ajax: {{
 649 |       "url": "windows.registry.hivelist.HiveList.json",
 650 |       "type": "GET",
 651 |       "dataSrc": "",
 652 |     }},
 653 |     columns: [
 654 |       {{data: 'FileFullPath'}},
 655 |       {{data: 'Offset'}},
 656 |     ],
 657 |   }});
 658 | }}
 659 | 
 660 | function queryPrintKeySub(offset) {{
 661 |   html = '<table id="onTable" class="display"><thead><tr><th>Last Write Time</th><th>Type</th><th>Key</th><th>Name</th><th>Data</th></tr></thead><tbody></tbody></table>';
 662 |   document.getElementById("resultTable").innerHTML = "";
 663 |   document.getElementById("resultTable").innerHTML = html;
 664 | 
 665 |   var myTable = $("#onTable").dataTable({{
 666 |     "pageLength": 50,
 667 |     ajax: {{
 668 |       "url": "windows.registry.printkey.PrintKey." + offset + ".json",
 669 |       "type": "GET",
 670 |       "dataSrc": function(obj) {{
 671 |           return flat(obj);
 672 |       }}
 673 |     }},
 674 |     columns: [
 675 |       {{data: 'Last Write Time'}},
 676 |       {{data: 'Type'}},
 677 |       {{data: 'Key'}},
 678 |       {{data: 'Name'}},
 679 |       {{data: 'Data'}},
 680 |     ],
 681 |   }});
 682 | }}
 683 | 
 684 | function flat(array) {{
 685 |     var result = [];
 686 |     array.forEach(function (a) {{
 687 |         result.push(a);
 688 |         if (Array.isArray(a.__children)) {{
 689 |             result = result.concat(flat(a.__children));
 690 |         }}
 691 |     }});
 692 |     return result;
 693 | }}
 694 | 
 695 | function querySkeleton_Key_Check() {{
 696 |   html = '<table id="onTable" class="display"><thead><tr><th>PID</th><th>Process</th><th>Skeleton Key Found</th><th>rc4HmacDecrypt</th><th>rc4HmacInitialize</th></tr></thead><tbody></tbody></table>';
 697 |   document.getElementById("resultTable").innerHTML = html;
 698 | 
 699 |   $("#tree-container").empty();
 700 | 
 701 |   var myTable = $("#onTable").dataTable({{
 702 |     "pageLength": 50,
 703 |     ajax: {{
 704 |       "url": "windows.skeleton_key_check.Skeleton_Key_Check.json",
 705 |       "type": "GET",
 706 |       "dataSrc": "",
 707 |     }},
 708 |     columns: [
 709 |       {{data: 'PID'}},
 710 |       {{data: 'Process'}},
 711 |       {{data: 'Skeleton Key Found'}},
 712 |       {{data: 'rc4HmacDecrypt'}},
 713 |       {{data: 'rc4HmacInitialize'}},
 714 |     ],
 715 |   }});
 716 | }}
 717 | 
 718 | function querySSDT() {{
 719 |   html = '<table id="onTable" class="display"><thead><tr><th>Address</th><th>Index</th><th>Module</th><th>Symbol</th></tr></thead><tbody></tbody></table>';
 720 |   document.getElementById("resultTable").innerHTML = html;
 721 | 
 722 |   $("#tree-container").empty();
 723 | 
 724 |   var myTable = $("#onTable").dataTable({{
 725 |     "pageLength": 50,
 726 |     ajax: {{
 727 |       "url": "windows.ssdt.SSDT.json",
 728 |       "type": "GET",
 729 |       "dataSrc": "",
 730 |     }},
 731 |     columns: [
 732 |       {{data: 'Address'}},
 733 |       {{data: 'Index'}},
 734 |       {{data: 'Module'}},
 735 |       {{data: 'Symbol'}},
 736 |     ],
 737 |   }});
 738 | }}
 739 | 
 740 | function querySvcScan() {{
 741 |   html = '<table id="onTable" class="display"><thead><tr><th>Binary</th><th>Display</th><th>Name</th><th>Order</th><th>PID</th><th>Start</th><th>State</th><th>Type</th></tr></thead><tbody></tbody></table>';
 742 |   document.getElementById("resultTable").innerHTML = html;
 743 | 
 744 |   $("#tree-container").empty();
 745 | 
 746 |   var myTable = $("#onTable").dataTable({{
 747 |     "pageLength": 50,
 748 |     ajax: {{
 749 |       "url": "windows.svcscan.SvcScan.json",
 750 |       "type": "GET",
 751 |       "dataSrc": "",
 752 |     }},
 753 |     columns: [
 754 |       {{data: 'Binary'}},
 755 |       {{data: 'Display'}},
 756 |       {{data: 'Name'}},
 757 |       {{data: 'Order'}},
 758 |       {{data: 'PID'}},
 759 |       {{data: 'Start'}},
 760 |       {{data: 'State'}},
 761 |       {{data: 'Type'}},
 762 |     ],
 763 |   }});
 764 | }}
 765 | 
 766 | function querySymlinkScan() {{
 767 |   html = '<table id="onTable" class="display"><thead><tr><th>CreateTime</th><th>From Name</th><th>To Name</th></tr></thead><tbody></tbody></table>';
 768 |   document.getElementById("resultTable").innerHTML = html;
 769 | 
 770 |   $("#tree-container").empty();
 771 | 
 772 |   var myTable = $("#onTable").dataTable({{
 773 |     "pageLength": 50,
 774 |     ajax: {{
 775 |       "url": "windows.symlinkscan.SymlinkScan.json",
 776 |       "type": "GET",
 777 |       "dataSrc": "",
 778 |     }},
 779 |     columns: [
 780 |       {{data: 'CreateTime'}},
 781 |       {{data: 'From Name'}},
 782 |       {{data: 'To Name'}},
 783 |     ],
 784 |   }});
 785 | }}
 786 | 
 787 | function queryVadInfo() {{
 788 |   html = '<table id="onTable" class="display"><thead><tr><th>CommitCharge</th><th>End VPN</th><th>File</th><th>PID</th><th>Parent</th><th>PrivateMemory</th><th>Process</th><th>Protection</th><th>Start VPN</th><th>Tag</th></tr></thead><tbody></tbody></table>';
 789 |   document.getElementById("resultTable").innerHTML = html;
 790 | 
 791 |   $("#tree-container").empty();
 792 | 
 793 |   var myTable = $("#onTable").dataTable({{
 794 |     "pageLength": 50,
 795 |     ajax: {{
 796 |       "url": "windows.vadinfo.VadInfo.json",
 797 |       "type": "GET",
 798 |       "dataSrc": "",
 799 |     }},
 800 |     columns: [
 801 |       {{data: 'CommitCharge'}},
 802 |       {{data: 'End VPN'}},
 803 |       {{data: 'File'}},
 804 |       {{data: 'PID'}},
 805 |       {{data: 'Parent'}},
 806 |       {{data: 'PrivateMemory'}},
 807 |       {{data: 'Process'}},
 808 |       {{data: 'Protection'}},
 809 |       {{data: 'Start VPN'}},
 810 |       {{data: 'Tag'}},
 811 |     ],
 812 |   }});
 813 | }}
 814 | 
 815 | function queryVerInfo() {{
 816 |   html = '<table id="onTable" class="display"><thead><tr><th>Base</th><th>Build</th><th>Major</th><th>Minor</th><th>Name</th><th>PID</th><th>Process</th><th>Product</th></tr></thead><tbody></tbody></table>';
 817 |   document.getElementById("resultTable").innerHTML = html;
 818 | 
 819 |   $("#tree-container").empty();
 820 | 
 821 |   var myTable = $("#onTable").dataTable({{
 822 |     "pageLength": 50,
 823 |     ajax: {{
 824 |       "url": "windows.verinfo.VerInfo.json",
 825 |       "type": "GET",
 826 |       "dataSrc": "",
 827 |     }},
 828 |     columns: [
 829 |       {{data: 'Base'}},
 830 |       {{data: 'Build'}},
 831 |       {{data: 'Major'}},
 832 |       {{data: 'Minor'}},
 833 |       {{data: 'Name'}},
 834 |       {{data: 'PID'}},
 835 |       {{data: 'Process'}},
 836 |       {{data: 'Product'}},
 837 |     ],
 838 |   }});
 839 | }}
 840 | 
 841 | function queryVirtMap() {{
 842 |   html = '<table id="onTable" class="display"><thead><tr><th>Start offset</th><th>End offset</th><th>Region</th></tr></thead><tbody></tbody></table>';
 843 |   document.getElementById("resultTable").innerHTML = html;
 844 | 
 845 |   $("#tree-container").empty();
 846 | 
 847 |   var myTable = $("#onTable").dataTable({{
 848 |     "pageLength": 50,
 849 |     ajax: {{
 850 |       "url": "windows.virtmap.VirtMap.json",
 851 |       "type": "GET",
 852 |       "dataSrc": "",
 853 |     }},
 854 |     columns: [
 855 |       {{data: 'Start offset'}},
 856 |       {{data: 'End offset'}},
 857 |       {{data: 'Region'}},
 858 |     ],
 859 |   }});
 860 | }}
 861 | 
 862 | function queryYaraScan() {{
 863 |   html = '<table id="onTable" class="display"><thead><tr><th>Offset</th><th>PID</th><th>Rule</th><th>Component</th><th>Value</th></tr></thead><tbody></tbody></table>';
 864 |   document.getElementById("resultTable").innerHTML = html;
 865 | 
 866 |   $("#tree-container").empty();
 867 | 
 868 |   var myTable = $("#onTable").dataTable({{
 869 |     "pageLength": 50,
 870 |     ajax: {{
 871 |       "url": "yarascan.YaraScan.json",
 872 |       "type": "GET",
 873 |       "dataSrc": "",
 874 |     }},
 875 |     columns: [
 876 |       {{data: 'Offset'}},
 877 |       {{data: 'PID'}},
 878 |       {{data: 'Rule'}},
 879 |       {{data: 'Component'}},
 880 |       {{data: 'Value'}},
 881 |     ],
 882 |   }});
 883 | }}
 884 | 
 885 | function queryImpHash(hash) {{
 886 |   html = '<table id="onTable" class="display"><thead><tr><th>ImageFileName</th><th>Module Base</th><th>Module Name</th><th>PID</th><th>imphash</th></tr></thead><tbody></tbody></table>';
 887 |   document.getElementById("resultTable").innerHTML = html;
 888 | 
 889 |   $("#tree-container").empty();
 890 |   $.fn.dataTable.ext.errMode = 'none';
 891 | 
 892 |   var myTable = $("#onTable").dataTable({{
 893 |     "pageLength": 50,
 894 |     ajax: {{
 895 |       "url": "pehash.ImpHash.json",
 896 |       "type": "GET",
 897 |       "dataSrc": "",
 898 |       "error": function(jqXHR, textStatus, errorThrown){{
 899 |         runAPI(hash, "imphash");
 900 |         document.getElementById("resultTable").innerHTML = "";
 901 |         document.getElementById("resultTable").innerHTML = '<div class="d-flex justify-content-center"><strong>Now processing...</strong><div class="spinner-grow text-dark" role="status"></div></div>';
 902 |       }}
 903 |     }},
 904 |     columns: [
 905 |       {{data: 'ImageFileName'}},
 906 |       {{data: 'Module Base'}},
 907 |       {{data: 'Module Name'}},
 908 |       {{data: 'PID'}},
 909 |       {{data: 'imphash'}},
 910 |     ],
 911 |   }});
 912 | }}
 913 | 
 914 | function queryImpFuzzy(hash) {{
 915 |   html = '<table id="onTable" class="display"><thead><tr><th>ImageFileName</th><th>Module Base</th><th>Module Name</th><th>PID</th><th>impfuzzy</th></tr></thead><tbody></tbody></table>';
 916 |   document.getElementById("resultTable").innerHTML = html;
 917 | 
 918 |   $("#tree-container").empty();
 919 | 
 920 |   var myTable = $("#onTable").dataTable({{
 921 |     "pageLength": 50,
 922 |     ajax: {{
 923 |       "url": "pehash.ImpFuzzy.json",
 924 |       "type": "GET",
 925 |       "dataSrc": "",
 926 |       "error": function(jqXHR, textStatus, errorThrown){{
 927 |         runAPI(hash, "impfuzzy");
 928 |         document.getElementById("resultTable").innerHTML = "";
 929 |         document.getElementById("resultTable").innerHTML = '<div class="d-flex justify-content-center"><strong>Now processing...</strong><div class="spinner-grow text-dark" role="status"></div></div>';
 930 |       }}
 931 |     }},
 932 |     columns: [
 933 |       {{data: 'ImageFileName'}},
 934 |       {{data: 'Module Base'}},
 935 |       {{data: 'Module Name'}},
 936 |       {{data: 'PID'}},
 937 |       {{data: 'impfuzzy'}},
 938 |     ],
 939 |   }});
 940 | }}
 941 | 
 942 | function queryDumpFiles(hash) {{
 943 |   html = '<table id="onTable" class="display"><thead><tr><th>CreateTime</th><th>ExitTime</th><th>Handles</th><th>ImageFileName</th><th>PID</th><th>PPID</th><th>SessionId</th><th>Threads</th><th>Wow64</th></tr></thead><tbody></tbody></table>';
 944 |   document.getElementById("resultTable").innerHTML = html;
 945 | 
 946 |   $("#tree-container").empty();
 947 | 
 948 |   var myTable = $("#onTable").dataTable({{
 949 |     "pageLength": 50,
 950 |     "fnRowCallback": function(nRow, aData, iDisplayIndex) {{
 951 |             $('td:eq(4)', nRow).html('<a href="{api_gateway_url}?hash=' + hash + '&plugin=dumpfiles&pid=' + aData["PID"] + '" target="_blank">' + aData["PID"] + '</a>');
 952 |             return nRow;
 953 |         }},
 954 |     ajax: {{
 955 |       "url": "windows.pslist.PsList.json",
 956 |       "type": "GET",
 957 |       "dataSrc": "",
 958 |     }},
 959 |     columns: [
 960 |       {{data: 'CreateTime'}},
 961 |       {{data: 'ExitTime'}},
 962 |       {{data: 'Handles'}},
 963 |       {{data: 'ImageFileName'}},
 964 |       {{data: 'PID'}},
 965 |       {{data: 'PPID'}},
 966 |       {{data: 'SessionId'}},
 967 |       {{data: 'Threads'}},
 968 |       {{data: 'Wow64'}},
 969 |     ],
 970 |   }});
 971 | }}
 972 | 
 973 | 
 974 | function queryPsTree() {{
 975 |   jsonTemplate = '{{"CreateTime": "", "ImageFileName": "TOP", "PID": "", "PPID": "", "Wow64": "", "children": __}}';
 976 | 
 977 |   $("#resultTable").empty();
 978 | 
 979 |   d3.json("windows.pstree.PsTree.json", function(error, json) {{
 980 |     var jsonStr = JSON.stringify(json).replace(/__children/g, 'children');
 981 |     treeBoxes('', JSON.parse(jsonTemplate.replace('__', jsonStr)));
 982 |   }});
 983 | }}
 984 | 
 985 | 
 986 | function treeBoxes(urlService, jsonData) {{
 987 | 	var urlService_ = '';
 988 | 
 989 | 	var blue = '#337ab7',
 990 | 		green = '#5cb85c',
 991 | 		yellow = '#f0ad4e',
 992 | 		blueText = '#4ab1eb',
 993 | 		purple = '#9467bd';
 994 | 
 995 | 	var margin = {{
 996 | 					top : 0,
 997 | 					right : 0,
 998 | 					bottom : 0,
 999 | 					left : 0
1000 | 				 }},
1001 | 		// Height and width are redefined later in function of the size of the tree
1002 | 		// (after that the data are loaded)
1003 | 		width = 800 - margin.right - margin.left,
1004 | 		height = 400 - margin.top - margin.bottom;
1005 | 
1006 |     // size of the diagram
1007 |     var viewerWidth = $(document).width() - margin.right - margin.left;
1008 |     var viewerHeight =  $(document).height() - margin.top - margin.bottom;
1009 | 
1010 |     // console.log("width:", width, viewerWidth);
1011 |     // console.log("height:", height, viewerHeight);
1012 | 
1013 | 	var rectNode = {{ width : 140, height : 70, textMargin : 5 }},
1014 | 		tooltip = {{ width : 150, height : 40, textMargin : 5 }};
1015 | 	var i = 0,
1016 | 		duration = 750,
1017 | 		root;
1018 | 
1019 | 	var mousedown; // Use to save temporarily 'mousedown.zoom' value
1020 | 	var mouseWheel,
1021 | 		mouseWheelName,
1022 | 		isKeydownZoom = false;
1023 | 
1024 | 	var tree;
1025 | 	var baseSvg,
1026 | 		svgGroup,
1027 | 		nodeGroup, // If nodes are not grouped together, after a click the svg node will be set after his corresponding tooltip and will hide it
1028 | 		nodeGroupTooltip,
1029 | 		linkGroup,
1030 | 		linkGroupToolTip,
1031 | 		defs;
1032 | 
1033 | 	init(urlService, jsonData);
1034 | 
1035 | 	function init(urlService, jsonData)
1036 | 	{{
1037 | 		urlService_ = urlService;
1038 | 		if (urlService && urlService.length > 0)
1039 | 		{{
1040 | 			if (urlService.charAt(urlService.length - 1) != '/')
1041 | 				urlService_ += '/';
1042 | 		}}
1043 | 
1044 | 		if (jsonData)
1045 | 			drawTree(jsonData);
1046 | 		else
1047 | 		{{
1048 | 			console.error(jsonData);
1049 | 			alert('Invalides data.');
1050 | 		}}
1051 | 	}}
1052 | 
1053 | 	function drawTree(jsonData)
1054 | 	{{
1055 | 		tree = d3.layout.tree().size([ height, width ]);
1056 | 		root = jsonData;
1057 | 		root.fixed = true;
1058 | 
1059 | 		// Dynamically set the height of the main svg container
1060 | 		// breadthFirstTraversal returns the max number of node on a same level
1061 | 		// and colors the nodes
1062 | 		var maxDepth = 0;
1063 | 		var maxTreeWidth = breadthFirstTraversal(tree.nodes(root), function(currentLevel) {{
1064 | 			maxDepth++;
1065 | 			currentLevel.forEach(function(node) {{
1066 | 				// if (node.type == 'type1')      // <-----------------------------------------------------------------
1067 | 				// 	node.color = blue;
1068 | 				// if (node.type == 'type2')
1069 | 				// 	node.color = green;
1070 | 				// if (node.type == 'type3')
1071 | 				// 	node.color = yellow;
1072 | 				// if (node.type == 'type4')
1073 | 				// 	node.color = purple;
1074 | 				}});
1075 | 			}});
1076 | 		height = maxTreeWidth * (rectNode.height + 20) + 20 - margin.right - margin.left;
1077 | 		width = maxDepth * (rectNode.width * 1.5) - margin.top - margin.bottom;
1078 | 		tree = d3.layout.tree().size([ height, width ]);
1079 | 		root.x0 = height / 2;
1080 | 		root.y0 = 0;
1081 | 
1082 | 		baseSvg = d3.select('#tree-container').append('svg')
1083 | 	 //    .attr('width', width + margin.right + margin.left)
1084 | 		// .attr('height', height + margin.top + margin.bottom)
1085 | 	    .attr('width', viewerWidth)
1086 | 		.attr('height', viewerHeight)
1087 | 		.attr('class', 'svgContainer')
1088 | 
1089 | 		.call(d3.behavior.zoom().scaleExtent([0.1, 3])
1090 | 		      //.scaleExtent([0.5, 1.5]) // Limit the zoom scale
1091 | 		      .on('zoom', zoomAndDrag));
1092 | 
1093 | 		// Mouse wheel is desactivated, else after a first drag of the tree, wheel event drags the tree (instead of scrolling the window)
1094 | 		getMouseWheelEvent();
1095 | 		d3.select('#tree-container').select('svg').on(mouseWheelName, null);
1096 | 		d3.select('#tree-container').select('svg').on('dblclick.zoom', null);
1097 | 
1098 | 		svgGroup = baseSvg.append('g')
1099 | 		.attr('class','drawarea')
1100 | 		.append('g')
1101 | 		.attr('transform', 'translate(' + margin.left + ',' + margin.top + ')');
1102 | 
1103 | 		// SVG elements under nodeGroupTooltip could be associated with nodeGroup,
1104 | 		// same for linkGroupToolTip and linkGroup,
1105 | 		// but this separation allows to manage the order on which elements are drew
1106 | 		// and so tooltips are always on top.
1107 | 		nodeGroup = svgGroup.append('g')
1108 | 					.attr('id', 'nodes');
1109 | 		linkGroup = svgGroup.append('g')
1110 | 					.attr('id', 'links');
1111 | 		linkGroupToolTip = svgGroup.append('g')
1112 | 			   				.attr('id', 'linksTooltips');
1113 | 		nodeGroupTooltip = svgGroup.append('g')
1114 | 			   				.attr('id', 'nodesTooltips');
1115 | 
1116 | 		defs = baseSvg.append('defs');
1117 | 		initArrowDef();
1118 | 		initDropShadow();
1119 | 
1120 | 		update(root);
1121 | 	}}
1122 | 
1123 | 	function update(source)
1124 | 	{{
1125 | 		// Compute the new tree layout
1126 | 		var nodes = tree.nodes(root).reverse(),
1127 | 			links = tree.links(nodes);
1128 | 
1129 | 		// Check if two nodes are in collision on the ordinates axe and move them
1130 | 		breadthFirstTraversal(tree.nodes(root), collision);
1131 | 		// Normalize for fixed-depth
1132 | 		nodes.forEach(function(d) {{
1133 | 			d.y = d.depth * (rectNode.width * 1.5);
1134 | 		}});
1135 | 
1136 | 	// 1) ******************* Update the nodes *******************
1137 | 		var node = nodeGroup.selectAll('g.node').data(nodes, function(d) {{
1138 | 			return d.id || (d.id = ++i);
1139 | 		}});
1140 | 		var nodesTooltip = nodeGroupTooltip.selectAll('g').data(nodes, function(d) {{
1141 | 			return d.id || (d.id = ++i);
1142 | 		}});
1143 | 
1144 | 		// Enter any new nodes at the parent's previous position
1145 | 		// We use "insert" rather than "append", so when a new child node is added (after a click)
1146 | 		// it is added at the top of the group, so it is drawed first
1147 | 		// else the nodes tooltips are drawed before their children nodes and they
1148 | 		// hide them
1149 | 		var nodeEnter = node.enter().insert('g', 'g.node')
1150 | 		.attr('class', 'node')
1151 | 		.attr('transform', function(d) {{
1152 | 			  return 'translate(' + source.y0 + ',' + source.x0 + ')'; }})
1153 | 		.on('click', function(d) {{
1154 | 						click(d);
1155 | 			}});
1156 | 		var nodeEnterTooltip = nodesTooltip.enter().append('g')
1157 | 			.attr('transform', function(d) {{
1158 | 				  return 'translate(' + source.y0 + ',' + source.x0 + ')'; }});
1159 | 
1160 | 		nodeEnter.append('g').append('rect')
1161 | 		.attr('rx', 6)
1162 | 		.attr('ry', 6)
1163 | 		.attr('width', rectNode.width)
1164 | 		.attr('height', rectNode.height)
1165 | 		.attr('class', 'node-rect')
1166 | 		.attr('fill', function (d) {{ return d.color; }})
1167 | 		.attr('filter', 'url(#drop-shadow)');
1168 | 
1169 | 		nodeEnter.append('foreignObject')
1170 | 		.attr('x', rectNode.textMargin)
1171 | 		.attr('y', rectNode.textMargin)
1172 | 		.attr('width', function() {{
1173 | 					return (rectNode.width - rectNode.textMargin * 2) < 0 ? 0
1174 | 							: (rectNode.width - rectNode.textMargin * 2)
1175 | 				}})
1176 | 		.attr('height', function() {{
1177 | 					return (rectNode.height - rectNode.textMargin * 2) < 0 ? 0
1178 | 							: (rectNode.height - rectNode.textMargin * 2)
1179 | 				}})
1180 | 		.append('xhtml').html(function(d) {{  // <===========================================================================================
1181 | 					return '<div style="width: '
1182 | 							+ (rectNode.width - rectNode.textMargin * 2) + 'px; height: '
1183 | 							+ (rectNode.height - rectNode.textMargin * 2) + 'px;" class="node-text wordwrap">'
1184 | 							+ '<b>' + d.ImageFileName + '</b><br>'
1185 | 							+ '<b>PID: </b>' + d.PID + '<br>'
1186 | 							+ '<b>PPID: </b>' + d.PPID + '<br>'
1187 | 							+ '<b>Wow64: </b>' + d.Wow64 + '<br>'
1188 | 							+ '<b>CreateTime: </b>' + d.CreateTime + '<br>'
1189 | 							+ '</div>';
1190 | 				}})
1191 | 		.on('mouseover', function(d) {{
1192 | 			$('#nodeInfoID' + d.id).css('visibility', 'visible');
1193 | 			$('#nodeInfoTextID' + d.id).css('visibility', 'visible');
1194 | 		}})
1195 | 		.on('mouseout', function(d) {{
1196 | 			$('#nodeInfoID' + d.id).css('visibility', 'hidden');
1197 | 			$('#nodeInfoTextID' + d.id).css('visibility', 'hidden');
1198 | 		}});
1199 | 
1200 | 		// Transition nodes to their new position.
1201 | 		var nodeUpdate = node.transition().duration(duration)
1202 | 		.attr('transform', function(d) {{ return 'translate(' + d.y + ',' + d.x + ')'; }});
1203 | 		nodesTooltip.transition().duration(duration)
1204 | 		.attr('transform', function(d) {{ return 'translate(' + d.y + ',' + d.x + ')'; }});
1205 | 
1206 | 		nodeUpdate.select('rect')
1207 | 		.attr('class', function(d) {{ return d._children ? 'node-rect-closed' : 'node-rect'; }});
1208 | 
1209 | 		nodeUpdate.select('text').style('fill-opacity', 1);
1210 | 
1211 | 		// Transition exiting nodes to the parent's new position
1212 | 		var nodeExit = node.exit().transition().duration(duration)
1213 | 			.attr('transform', function(d) {{ return 'translate(' + source.y + ',' + source.x + ')'; }})
1214 | 			.remove();
1215 | 
1216 | 		nodeExit.select('text').style('fill-opacity', 1e-6);
1217 | 
1218 | 
1219 | 	// 2) ******************* Update the links *******************
1220 | 		var link = linkGroup.selectAll('path').data(links, function(d) {{
1221 | 			return d.target.id;
1222 | 		}});
1223 | 		var linkTooltip = linkGroupToolTip.selectAll('g').data(links, function(d) {{
1224 | 			return d.target.id;
1225 | 		}});
1226 | 
1227 | 		d3.selection.prototype.moveToFront = function() {{
1228 | 			  return this.each(function(){{
1229 | 				    this.parentNode.appendChild(this);
1230 | 				  }});
1231 | 			}};
1232 | 
1233 | 		// Enter any new links at the parent's previous position.
1234 | 			// Enter any new links at the parent's previous position.
1235 | 			var linkenter = link.enter().insert('path', 'g')
1236 | 			.attr('class', 'link')
1237 | 			.attr('id', function(d) {{ return 'linkID' + d.target.id; }})
1238 | 			.attr('d', function(d) {{ return diagonal(d); }})
1239 | 			.attr('marker-end', 'url(#end-arrow)')
1240 | 			.on('mouseover', function(d) {{
1241 | 				d3.select(this).moveToFront();
1242 | 				d3.select(this).attr('marker-end', 'url(#end-arrow-selected)');
1243 | 				d3.select(this).attr('class', 'linkselected');
1244 | 
1245 | 			}})
1246 | 			.on('mouseout', function(d) {{
1247 | 				d3.select(this).attr('marker-end', 'url(#end-arrow)');
1248 | 				d3.select(this).attr('class', 'link');
1249 | 			}});
1250 | 
1251 | 		// Transition links to their new position.
1252 | 		var linkUpdate = link.transition().duration(duration)
1253 | 						 	 .attr('d', function(d) {{ return diagonal(d); }});
1254 | 
1255 | 		// Transition exiting nodes to the parent's new position.
1256 | 		link.exit().transition()
1257 | 		.remove();
1258 | 
1259 | 		// Stash the old positions for transition.
1260 | 		nodes.forEach(function(d) {{
1261 | 			d.x0 = d.x;
1262 | 			d.y0 = d.y;
1263 | 		}});
1264 | 	}}
1265 | 
1266 | 	// Zoom functionnality is desactivated (user can use browser Ctrl + mouse wheel shortcut)
1267 | 	function zoomAndDrag() {{
1268 | 	    //var scale = d3.event.scale,
1269 | 	    var scale = 1,
1270 | 	        translation = d3.event.translate,
1271 | 	        tbound = -height * scale,
1272 | 	        bbound = height * scale,
1273 | 	        lbound = (-width + margin.right) * scale,
1274 | 	        rbound = (width - margin.left) * scale;
1275 | 	    // limit translation to thresholds
1276 | 	    translation = [
1277 | 	        Math.max(Math.min(translation[0], rbound), lbound),
1278 | 	        Math.max(Math.min(translation[1], bbound), tbound)
1279 | 	    ];
1280 | 	    d3.select('.drawarea')
1281 | 	        .attr('transform', 'translate(' + translation + ')' +
1282 | 	              ' scale(' + scale + ')');
1283 | 	}}
1284 | 
1285 | 	// Toggle children on click.
1286 | 	function click(d) {{
1287 | 		if (d.children) {{
1288 | 			d._children = d.children;
1289 | 			d.children = null;
1290 | 		}} else {{
1291 | 			d.children = d._children;
1292 | 			d._children = null;
1293 | 		}}
1294 | 		update(d);
1295 | 	}}
1296 | 
1297 | 	// Breadth-first traversal of the tree
1298 | 	// func function is processed on every node of a same level
1299 | 	// return the max level
1300 | 	  function breadthFirstTraversal(tree, func)
1301 | 	  {{
1302 | 		  var max = 0;
1303 | 		  if (tree && tree.length > 0)
1304 | 		  {{
1305 | 			  var currentDepth = tree[0].depth;
1306 | 			  var fifo = [];
1307 | 			  var currentLevel = [];
1308 | 
1309 | 			  fifo.push(tree[0]);
1310 | 			  while (fifo.length > 0) {{
1311 | 				  var node = fifo.shift();
1312 | 				  if (node.depth > currentDepth) {{
1313 | 					  func(currentLevel);
1314 | 					  currentDepth++;
1315 | 					  max = Math.max(max, currentLevel.length);
1316 | 					  currentLevel = [];
1317 | 				  }}
1318 | 				  currentLevel.push(node);
1319 | 				  if (node.children) {{
1320 | 					  for (var j = 0; j < node.children.length; j++) {{
1321 | 						  fifo.push(node.children[j]);
1322 | 					  }}
1323 | 				  }}
1324 | 		  	}}
1325 | 			func(currentLevel);
1326 | 			return Math.max(max, currentLevel.length);
1327 | 		}}
1328 | 		return 0;
1329 | 	  }}
1330 | 
1331 | 	// x = ordoninates and y = abscissas
1332 | 	function collision(siblings) {{
1333 | 	  var minPadding = 5;
1334 | 	  if (siblings) {{
1335 | 		  for (var i = 0; i < siblings.length - 1; i++)
1336 | 		  {{
1337 | 			  if (siblings[i + 1].x - (siblings[i].x + rectNode.height) < minPadding)
1338 | 				  siblings[i + 1].x = siblings[i].x + rectNode.height + minPadding;
1339 | 		  }}
1340 | 	  }}
1341 | 	}}
1342 | 
1343 | 	function removeMouseEvents() {{
1344 | 		// Drag and zoom behaviors are temporarily disabled, so tooltip text can be selected
1345 | 		mousedown = d3.select('#tree-container').select('svg').on('mousedown.zoom');
1346 | 		d3.select('#tree-container').select('svg').on("mousedown.zoom", null);
1347 | 	}}
1348 | 
1349 | 	function reactivateMouseEvents() {{
1350 | 		// Reactivate the drag and zoom behaviors
1351 | 		d3.select('#tree-container').select('svg').on('mousedown.zoom', mousedown);
1352 | 	}}
1353 | 
1354 | 	// Name of the event depends of the browser
1355 | 	function getMouseWheelEvent() {{
1356 | 		if (d3.select('#tree-container').select('svg').on('wheel.zoom'))
1357 | 		{{
1358 | 			mouseWheelName = 'wheel.zoom';
1359 | 			return d3.select('#tree-container').select('svg').on('wheel.zoom');
1360 | 		}}
1361 | 		if (d3.select('#tree-container').select('svg').on('mousewheel.zoom') != null)
1362 | 		{{
1363 | 			mouseWheelName = 'mousewheel.zoom';
1364 | 			return d3.select('#tree-container').select('svg').on('mousewheel.zoom');
1365 | 		}}
1366 | 		if (d3.select('#tree-container').select('svg').on('DOMMouseScroll.zoom'))
1367 | 		{{
1368 | 			mouseWheelName = 'DOMMouseScroll.zoom';
1369 | 			return d3.select('#tree-container').select('svg').on('DOMMouseScroll.zoom');
1370 | 		}}
1371 | 	}}
1372 | 
1373 | 	function diagonal(d) {{
1374 | 		var p0 = {{
1375 | 			x : d.source.x + rectNode.height / 2,
1376 | 			y : (d.source.y + rectNode.width)
1377 | 		}}, p3 = {{
1378 | 			x : d.target.x + rectNode.height / 2,
1379 | 			y : d.target.y  - 12 // -12, so the end arrows are just before the rect node
1380 | 		}}, m = (p0.y + p3.y) / 2, p = [ p0, {{
1381 | 			x : p0.x,
1382 | 			y : m
1383 | 		}}, {{
1384 | 			x : p3.x,
1385 | 			y : m
1386 | 		}}, p3 ];
1387 | 		p = p.map(function(d) {{
1388 | 			return [ d.y, d.x ];
1389 | 		}});
1390 | 		return 'M' + p[0] + 'C' + p[1] + ' ' + p[2] + ' ' + p[3];
1391 | 	}}
1392 | 
1393 | 	function initDropShadow() {{
1394 | 		var filter = defs.append("filter")
1395 | 		    .attr("id", "drop-shadow")
1396 | 		    .attr("color-interpolation-filters", "sRGB");
1397 | 
1398 | 		filter.append("feOffset")
1399 | 		.attr("result", "offOut")
1400 | 		.attr("in", "SourceGraphic")
1401 | 	    .attr("dx", 0)
1402 | 	    .attr("dy", 0);
1403 | 
1404 | 		filter.append("feGaussianBlur")
1405 | 		    .attr("stdDeviation", 2);
1406 | 
1407 | 		filter.append("feOffset")
1408 | 		    .attr("dx", 2)
1409 | 		    .attr("dy", 2)
1410 | 		    .attr("result", "shadow");
1411 | 
1412 | 		filter.append("feComposite")
1413 | 	    .attr("in", 'offOut')
1414 | 	    .attr("in2", 'shadow')
1415 | 	    .attr("operator", "over");
1416 | 	}}
1417 | 
1418 | 	function initArrowDef() {{
1419 | 		// Build the arrows definitions
1420 | 		// End arrow
1421 | 		defs.append('marker')
1422 | 		.attr('id', 'end-arrow')
1423 | 		.attr('viewBox', '0 -5 10 10')
1424 | 		.attr('refX', 0)
1425 | 		.attr('refY', 0)
1426 | 		.attr('markerWidth', 6)
1427 | 		.attr('markerHeight', 6)
1428 | 		.attr('orient', 'auto')
1429 | 		.attr('class', 'arrow')
1430 | 		.append('path')
1431 | 		.attr('d', 'M0,-5L10,0L0,5');
1432 | 
1433 | 		// End arrow selected
1434 | 		defs.append('marker')
1435 | 		.attr('id', 'end-arrow-selected')
1436 | 		.attr('viewBox', '0 -5 10 10')
1437 | 		.attr('refX', 0)
1438 | 		.attr('refY', 0)
1439 | 		.attr('markerWidth', 6)
1440 | 		.attr('markerHeight', 6)
1441 | 		.attr('orient', 'auto')
1442 | 		.attr('class', 'arrowselected')
1443 | 		.append('path')
1444 | 		.attr('d', 'M0,-5L10,0L0,5');
1445 | 
1446 | 		// Start arrow
1447 | 		defs.append('marker')
1448 | 		.attr('id', 'start-arrow')
1449 | 		.attr('viewBox', '0 -5 10 10')
1450 | 		.attr('refX', 0)
1451 | 		.attr('refY', 0)
1452 | 		.attr('markerWidth', 6)
1453 | 		.attr('markerHeight', 6)
1454 | 		.attr('orient', 'auto')
1455 | 		.attr('class', 'arrow')
1456 | 		.append('path')
1457 | 		.attr('d', 'M10,-5L0,0L10,5');
1458 | 
1459 | 		// Start arrow selected
1460 | 		defs.append('marker')
1461 | 		.attr('id', 'start-arrow-selected')
1462 | 		.attr('viewBox', '0 -5 10 10')
1463 | 		.attr('refX', 0)
1464 | 		.attr('refY', 0)
1465 | 		.attr('markerWidth', 6)
1466 | 		.attr('markerHeight', 6)
1467 | 		.attr('orient', 'auto')
1468 | 		.attr('class', 'arrowselected')
1469 | 		.append('path')
1470 | 		.attr('d', 'M10,-5L0,0L10,5');
1471 | 	}}
1472 | }}
1473 | 
1474 | function runAPI(hash, plugin) {{
1475 |   var request = new XMLHttpRequest();
1476 | 
1477 |   request.open('GET', '{api_gateway_url}?hash=' + hash + '&plugin=' + plugin, false);
1478 |   request.send();
1479 | }}
1480 | 


--------------------------------------------------------------------------------
/terraform/api.tf:
--------------------------------------------------------------------------------
  1 | resource "aws_api_gateway_rest_api" "api" {
  2 |   name  = "${local.name}-api"
  3 | }
  4 | 
  5 | resource "aws_api_gateway_resource" "analysis" {
  6 |   rest_api_id = aws_api_gateway_rest_api.api.id
  7 |   parent_id   = aws_api_gateway_rest_api.api.root_resource_id
  8 |   path_part   = "analysis"
  9 | }
 10 | 
 11 | resource "aws_api_gateway_method" "analysis" {
 12 |   rest_api_id      = aws_api_gateway_rest_api.api.id
 13 |   resource_id      = aws_api_gateway_resource.analysis.id
 14 |   api_key_required = "false"
 15 |   authorization    = "NONE"
 16 |   http_method      = "GET"
 17 | }
 18 | 
 19 | resource "aws_api_gateway_method_response" "analysis" {
 20 |   rest_api_id = aws_api_gateway_rest_api.api.id
 21 |   resource_id = aws_api_gateway_resource.analysis.id
 22 |   http_method = aws_api_gateway_method.analysis.http_method
 23 |   status_code = "200"
 24 | 
 25 |   response_models = {
 26 |     "text/html" = "Empty"
 27 |   }
 28 | 
 29 |   response_parameters = {
 30 |     "method.response.header.Access-Control-Allow-Headers" = "false"
 31 |     "method.response.header.Access-Control-Allow-Methods" = "false"
 32 |     "method.response.header.Access-Control-Allow-Origin"  = "false"
 33 |   }
 34 |   depends_on = [aws_api_gateway_method.analysis]
 35 | }
 36 | 
 37 | resource "aws_api_gateway_integration" "analysis" {
 38 |   connection_type         = "INTERNET"
 39 |   content_handling        = "CONVERT_TO_TEXT"
 40 |   http_method             = aws_api_gateway_method.analysis.http_method
 41 |   integration_http_method = "POST"
 42 |   passthrough_behavior    = "WHEN_NO_MATCH"
 43 |   resource_id             = aws_api_gateway_resource.analysis.id
 44 |   rest_api_id             = aws_api_gateway_rest_api.api.id
 45 |   type                    = "AWS_PROXY"
 46 |   uri                     = aws_lambda_function.function_plugin.invoke_arn
 47 | }
 48 | 
 49 | resource "aws_api_gateway_integration_response" "analysis" {
 50 |   http_method = aws_api_gateway_method.analysis.http_method
 51 |   resource_id = aws_api_gateway_resource.analysis.id
 52 | 
 53 |   response_parameters = {
 54 |     "method.response.header.Access-Control-Allow-Origin" = "'*'"
 55 |   }
 56 | 
 57 |   rest_api_id = aws_api_gateway_rest_api.api.id
 58 |   status_code = "200"
 59 | 
 60 |   depends_on = [aws_api_gateway_integration.analysis]
 61 | }
 62 | 
 63 | resource "aws_api_gateway_deployment" "api" {
 64 |   rest_api_id       = aws_api_gateway_rest_api.api.id
 65 |   stage_name        = "analysis"
 66 |   stage_description = "timestamp = ${timestamp()}"
 67 | 
 68 |   depends_on = [
 69 |     aws_api_gateway_integration.analysis
 70 |   ]
 71 | 
 72 |   lifecycle {
 73 |     create_before_destroy = true
 74 |   }
 75 | }
 76 | 
 77 | resource "aws_api_gateway_stage" "api" {
 78 |   deployment_id         = aws_api_gateway_deployment.api.id
 79 |   cache_cluster_enabled = "false"
 80 |   rest_api_id           = aws_api_gateway_rest_api.api.id
 81 |   stage_name            = "v1"
 82 |   xray_tracing_enabled  = "false"
 83 | }
 84 | 
 85 | #resource "aws_api_gateway_method_settings" "api" {
 86 | #  rest_api_id = aws_api_gateway_rest_api.api.id
 87 | #  stage_name  = aws_api_gateway_stage.api.stage_name
 88 | #  method_path = "*/*"
 89 | #
 90 | #  settings {
 91 | #    data_trace_enabled = true
 92 | #    logging_level      = "INFO"
 93 | #  }
 94 | #}
 95 | 
 96 | resource "aws_lambda_permission" "analysis" {
 97 |   action        = "lambda:InvokeFunction"
 98 |   function_name = "${local.function_name}_plugin"
 99 |   principal     = "apigateway.amazonaws.com"
100 |   source_arn    = "${aws_api_gateway_rest_api.api.execution_arn}/*/${aws_api_gateway_method.analysis.http_method}/${aws_api_gateway_resource.analysis.path_part}"
101 | 
102 |   depends_on    = [aws_lambda_function.function_plugin]
103 | }
104 | 
105 | resource "aws_api_gateway_rest_api_policy" "analysis" {
106 |   rest_api_id = aws_api_gateway_rest_api.api.id
107 | 
108 | policy = jsonencode({
109 |   Version = "2012-10-17"
110 |   Statement = [
111 |     {
112 |       Effect    = "Allow"
113 |       Principal = "*"
114 |       Action    = "execute-api:Invoke"
115 |       Resource = [
116 |         "${aws_api_gateway_rest_api.api.execution_arn}/*",
117 |       ]
118 |       Condition = {
119 |         IpAddress = {
120 |           "aws:SourceIp" = var.trusted_ip
121 |         }
122 |       }
123 |     },
124 |   ]
125 | })
126 | }
127 | 


--------------------------------------------------------------------------------
/terraform/batch.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_batch_job_definition" "analysis" {
 2 |     name = "${local.name}_job"
 3 |     type = "container"
 4 |     platform_capabilities = [
 5 |       "FARGATE",
 6 |     ]
 7 |     container_properties = <<CONTAINER_PROPERTIES
 8 | {
 9 |     "command": ["echo","hello world"],
10 |     "image": "${aws_ecr_repository.analysis.repository_url}:latest",
11 |     "fargatePlatformConfiguration": {
12 |       "platformVersion": "LATEST"
13 |     },
14 |     "resourceRequirements": [
15 |       {"type": "VCPU", "value": "4"},
16 |       {"type": "MEMORY", "value": "25600"}
17 |     ],
18 |     "environment": [
19 |       {"name": "AWS_ACCESS_KEY_ID", "value": "${var.aws_access_key_id}"},
20 |       {"name": "AWS_SECRET_ACCESS_KEY", "value": "${var.aws_secret_access_key}"},
21 |       {"name": "S3_BUCKET", "value": "${aws_s3_bucket_website_configuration.analysis.website_endpoint}"},
22 |       {"name": "BACKET_NAME", "value": "${local.name}-bucket"},
23 |       {"name": "IMAGE_BACKET_NAME", "value": "${local.name}-memory-bucket"},
24 |       {"name": "REPO_NAME", "value": "${local.name}-repo"},
25 |       {"name": "CODE_REPO", "value": "${aws_codecommit_repository.analysis.clone_url_http}"},
26 |       {"name": "REGION", "value": "${var.region}"},
27 |       {"name": "API_GATEWAY_URL", "value": "${aws_api_gateway_stage.api.invoke_url}/${aws_api_gateway_resource.analysis.path_part}"}
28 |     ],
29 |     "networkConfiguration": {
30 |       "assignPublicIp": "ENABLED"
31 |     },
32 |     "executionRoleArn": "${aws_iam_role.runner_task_exec_role.arn}"
33 | }
34 | CONTAINER_PROPERTIES
35 | }
36 | 
37 | resource "aws_batch_compute_environment" "analysis" {
38 |   compute_environment_name = "${local.name}_env"
39 |   compute_resources {
40 |     max_vcpus = 16
41 |     security_group_ids = [
42 |       aws_security_group.runner_batch_compute_sg.id
43 |     ]
44 |     subnets = [
45 |       aws_subnet.analysis_subnet.id,
46 |       aws_subnet.analysis_subnet-public.id,
47 |     ]
48 | 
49 |     type = "FARGATE"
50 |   }
51 |   service_role = aws_iam_role.runner_batch_svc_role.arn
52 |   type = "MANAGED"
53 |   state = "ENABLED"
54 |   depends_on = [aws_iam_role_policy_attachment.runner_batch_svc_role_attach_batch_service_role]
55 | }
56 | 
57 | resource "aws_batch_job_queue" "analysis" {
58 |   name     = "${local.name}_job_queue"
59 |   state    = "ENABLED"
60 |   priority = 1
61 |   compute_environments = [
62 |     aws_batch_compute_environment.analysis.arn
63 |   ]
64 | }
65 | 
66 | resource "aws_security_group" "runner_batch_compute_sg" {
67 |   name   = "${local.name}-runner-batch-compute-sg"
68 |   vpc_id = aws_vpc.analysis_subnet.id
69 | 
70 |   egress {
71 |     from_port        = 0
72 |     to_port          = 0
73 |     protocol         = "-1"
74 |     cidr_blocks      = ["0.0.0.0/0"]
75 |   }
76 | }
77 | 


--------------------------------------------------------------------------------
/terraform/cloudwatch.tf:
--------------------------------------------------------------------------------
 1 | # Memory image submit event from S3
 2 | resource "aws_cloudwatch_event_rule" "s3-event" {
 3 |   name        = "${local.name}_s3-pushevent"
 4 | 
 5 |   event_pattern =  <<EOF
 6 |   {
 7 |     "source": ["aws.s3"],
 8 |     "detail-type": ["Object Created"],
 9 |     "detail": {
10 |       "bucket": {
11 |         "name": ["${aws_s3_bucket.memory.id}"]
12 |       }
13 |     }
14 |   }
15 | EOF
16 | }
17 | 
18 | resource "aws_cloudwatch_event_target" "push_event" {
19 |     rule      = aws_cloudwatch_event_rule.s3-event.name
20 |     arn       = aws_lambda_function.function_all.arn
21 | }
22 | 
23 | resource "aws_lambda_permission" "cloudwatch_event" {
24 |     action        = "lambda:InvokeFunction"
25 |     function_name = aws_lambda_function.function_all.function_name
26 |     principal     = "events.amazonaws.com"
27 |     source_arn    = aws_cloudwatch_event_rule.s3-event.arn
28 | }
29 | 
30 | 
31 | # Memory image submit event from S3
32 | resource "aws_cloudwatch_event_rule" "batch-job" {
33 |   name = "${local.name}-batch-job"
34 | 
35 |   event_pattern = <<EOF
36 |   {
37 |     "source": ["aws.batch"],
38 |     "detail-type": ["Batch Job State Change"],
39 |     "detail": {
40 |       "status": ["FAILED", "SUCCESSED"],
41 |       "jobQueue": ["${aws_batch_job_queue.analysis.arn}"]
42 |     }
43 |   }
44 | EOF
45 | }
46 | 
47 | resource "aws_cloudwatch_event_target" "sns" {
48 |   rule = aws_cloudwatch_event_rule.batch-job.name
49 |   arn  = aws_sns_topic.analysis.arn
50 | 
51 |   input_transformer {
52 |     input_paths = {
53 |       status   = "$.detail.status",
54 |       jobName  = "$.detail.jobName",
55 | 
56 |     }
57 |     input_template = "\"Memory analysis job <status> (Job name: <jobName>)\""
58 |   }
59 | }
60 | 


--------------------------------------------------------------------------------
/terraform/codecommit.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_codecommit_repository" "analysis" {
 2 |   repository_name = "${local.name}-repo"
 3 | }
 4 | 
 5 | resource "null_resource" "push_pruebascode" {
 6 |   triggers = {
 7 |     file1 = "${sha256(file("analysis_script/analysis.py"))}"
 8 |     file2 = "${sha256(file("analysis_script/template.css"))}"
 9 |     file3 = "${sha256(file("analysis_script/template.html"))}"
10 |     file4 = "${sha256(file("analysis_script/template.js"))}"
11 |   }
12 | 
13 |   provisioner "local-exec" {
14 |     command = <<EOT
15 | 	cd ${var.codecommit_dir}
16 |   mkdir dev
17 |   cd dev
18 |   rm -rf .git
19 |   git init
20 |   git config --global init.defaultBranch main
21 | 	git config --local user.name ${var.codecommit_username}
22 | 	git config --local user.email ${var.codecommit_email}
23 | 	git config --local credential.helper '!aws codecommit credential-helper $@'
24 | 	git config --local credential.UseHttpPath true
25 | 	git remote add origin ${aws_codecommit_repository.analysis.clone_url_http}
26 | 	git remote -v
27 |   git branch -m main
28 |   git pull origin main
29 |   cp ../analysis.py .
30 |   cp ../template.* .
31 |   git add .
32 | 	git commit -m "Updated analysis script ${timestamp()}"
33 | 	git push -u origin main
34 |       EOT
35 |     interpreter = ["/bin/bash", "-c"]
36 |     working_dir = path.module
37 |   }
38 | 
39 |   depends_on = [aws_codecommit_repository.analysis]
40 | }
41 | 


--------------------------------------------------------------------------------
/terraform/docker/Dockerfile:
--------------------------------------------------------------------------------
  1 | FROM alpine:latest
  2 | 
  3 | ENV LANG="C.UTF-8"
  4 | ENV LC_ALL="C.UTF-8"
  5 | 
  6 | RUN addgroup -S volg && \
  7 |     adduser -DG -S voluser -G volg -g "Unprivileged user,,,,"
  8 | 
  9 | RUN apk add --no-cache \
 10 |         capstone \
 11 |         dumb-init \
 12 |         git \
 13 |         zip \
 14 |         libfuzzy2-dev \
 15 |         binutils \
 16 |         libffi-dev \
 17 |         python3 && \
 18 |     apk add --no-cache --virtual=stage \
 19 |         gcc \
 20 |         musl-dev \
 21 |         curl \
 22 |         python3-dev
 23 | 
 24 | ENV PYTHONFAULTHANDLER="1"
 25 | ENV PYTHONHASHSEED="random"
 26 | ENV PYTHONUNBUFFERED="1"
 27 | ENV PYTHONUTF8="1"
 28 | 
 29 | RUN python3 -m ensurepip --default-pip && \
 30 |     python3 -m pip install --upgrade pip && \
 31 |     python3 -m pip install --no-cache --upgrade \
 32 |         wheel && \
 33 |     python3 -m pip install --no-cache --upgrade \
 34 |         pefile \
 35 |         yara-python \
 36 |         GitPython \
 37 |         pyimpfuzzy \
 38 |         ssdeep \
 39 |         pycryptodome
 40 | 
 41 | WORKDIR /usr/local/lib
 42 | 
 43 | RUN git clone --branch=develop --depth=1 --single-branch \
 44 |         https://github.com/volatilityfoundation/volatility3.git
 45 | 
 46 | WORKDIR /usr/local/lib/volatility3
 47 | 
 48 | RUN python3 setup.py install && \
 49 |     chmod 0755 \
 50 |         vol.py \
 51 |         volatility3/framework/symbols/windows/pdbconv.py && \
 52 |     for destination in "v3" "vol" "vol3" "volatility" "volatility3"; \
 53 |     do ln -sf \
 54 |         /usr/local/lib/volatility3/vol.py \
 55 |         /usr/local/bin/${destination}; \
 56 |     done
 57 | 
 58 | ENV PATH=/usr/local/bin:${PATH}
 59 | 
 60 | WORKDIR /tmp
 61 | 
 62 | RUN curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub && \
 63 |     curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.33-r0/glibc-2.33-r0.apk && \
 64 |     curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.33-r0/glibc-bin-2.33-r0.apk && \
 65 |     apk add --no-cache glibc-2.33-r0.apk glibc-bin-2.33-r0.apk && \
 66 |     curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && \
 67 |     unzip awscliv2.zip && \
 68 |     ./aws/install && \
 69 |     rm -rf *.apk && \
 70 |     rm awscliv2.zip && \
 71 |     rm -rf aws
 72 | 
 73 | RUN git clone --branch=master --recursive --single-branch \
 74 |     https://github.com/JPCERTCC/impfuzzy.git \
 75 |     impfuzzy
 76 | 
 77 | RUN git clone --branch=main --recursive --single-branch \
 78 |     https://github.com/JPCERTCC/Windows-Symbol-Tables.git \
 79 |     symbols
 80 | 
 81 | RUN cp -R /tmp/symbols/symbols/windows /usr/local/lib/volatility3/volatility3/symbols && \
 82 |     rm -rf symbols
 83 | 
 84 | RUN apk --purge del \
 85 |        stage
 86 | 
 87 | WORKDIR "/usr/local/lib/volatility3/volatility3/symbols"
 88 | 
 89 | RUN find . -type d -exec chmod 0777 "{}" \; && \
 90 |     find . -type f -exec chmod 0666 "{}" \; && \
 91 |     find /usr/lib/python3* -type d -name symbols -exec chmod 0777 "{}" \;
 92 | 
 93 | WORKDIR /tmp
 94 | 
 95 | COPY run.sh /tmp
 96 | 
 97 | RUN chmod +x /tmp/run.sh
 98 | 
 99 | USER voluser
100 | 
101 | CMD /bin/sh
102 | 


--------------------------------------------------------------------------------
/terraform/docker/run.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | CODE_REPO="https://git-codecommit.${REGION}.amazonaws.com/v1/repos/${REPO_NAME}"
 4 | CODE_DIR="/tmp/${REPO_NAME}"
 5 | 
 6 | git clone --config credential.helper='!aws --region $REGION codecommit credential-helper $@' --config credential.UseHttpPath=true $CODE_REPO $CODE_DIR
 7 | 
 8 | chmod +x /tmp/$REPO_NAME/analysis.py
 9 | 
10 | python3 /tmp/$REPO_NAME/analysis.py "$@"
11 | 


--------------------------------------------------------------------------------
/terraform/ecr.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_ecr_repository" "analysis" {
 2 |   name                 = var.image_name
 3 |   image_tag_mutability = "MUTABLE"
 4 | 
 5 |   image_scanning_configuration {
 6 |     scan_on_push = true
 7 |   }
 8 | }
 9 | 
10 | resource "null_resource" "docker_build_push" {
11 |   triggers = {
12 |     file1 = "${sha256(file("docker/Dockerfile"))}"
13 |     file2 = "${sha256(file("docker/run.sh"))}"
14 |   }
15 | 
16 |   provisioner "local-exec" {
17 |     command = <<EOT
18 |   $(aws ecr get-login --no-include-email --region ${var.region})
19 |   docker build -t ${var.image_name} ${var.docker_dir}
20 |   docker tag ${var.image_name}:latest ${aws_ecr_repository.analysis.repository_url}
21 |   docker push ${aws_ecr_repository.analysis.repository_url}:latest
22 |       EOT
23 |     interpreter = ["/bin/bash", "-c"]
24 |     working_dir = path.module
25 |   }
26 | }
27 | 


--------------------------------------------------------------------------------
/terraform/iam.tf:
--------------------------------------------------------------------------------
 1 | # for Lambda iam policy
 2 | data "aws_iam_policy_document" "AWSLambdaTrustPolicy" {
 3 |   statement {
 4 |     actions = ["sts:AssumeRole"]
 5 |     effect  = "Allow"
 6 | 
 7 |     principals {
 8 |       type        = "Service"
 9 |       identifiers = ["lambda.amazonaws.com"]
10 |     }
11 |   }
12 | }
13 | 
14 | resource "aws_iam_role" "function_role" {
15 |   name               = "${local.name}-lambdaurl-function_role"
16 |   assume_role_policy = data.aws_iam_policy_document.AWSLambdaTrustPolicy.json
17 | }
18 | 
19 | resource "aws_iam_role_policy_attachment" "lambda_policy" {
20 |   role       = aws_iam_role.function_role.name
21 |   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
22 | }
23 | 
24 | resource "aws_iam_policy" "batch" {
25 |   name        = "${local.name}-batch"
26 | 
27 |   policy = jsonencode({
28 |     Version: "2012-10-17",
29 |     Statement: [
30 |       {
31 |         Sid: "",
32 |         Action: [
33 |           "batch:SubmitJob"
34 |         ],
35 |         Effect: "Allow",
36 |         Resource: "*",
37 |       }
38 |     ]
39 |   })
40 | }
41 | 
42 | resource "aws_iam_role_policy_attachment" "lambda-batch" {
43 |   role       = aws_iam_role.function_role.name
44 |   policy_arn = aws_iam_policy.batch.arn
45 | }
46 | 
47 | 
48 | 
49 | # for Batch iam policy
50 | resource "aws_iam_role" "runner_batch_svc_role" {
51 |   name = "${local.name}-batch-svc-role"
52 | 
53 |   assume_role_policy = jsonencode({
54 |     Version : "2012-10-17"
55 |     Statement : [
56 |       {
57 |         Action : "sts:AssumeRole"
58 |         Effect : "Allow"
59 |         Principal : {
60 |           Service : "batch.amazonaws.com"
61 |         }
62 |       }
63 |     ]
64 |   })
65 | }
66 | 
67 | resource "aws_iam_role_policy_attachment" "runner_batch_svc_role_attach_batch_service_role" {
68 |   role       = aws_iam_role.runner_batch_svc_role.name
69 |   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole"
70 | }
71 | 
72 | resource "aws_iam_role" "runner_task_exec_role" {
73 |   name = "${local.name}-task-exec-role"
74 |   assume_role_policy = jsonencode({
75 |     Version : "2012-10-17"
76 |     Statement : [
77 |       {
78 |         Action : "sts:AssumeRole"
79 |         Effect : "Allow"
80 |         Principal : {
81 |           Service : "ecs-tasks.amazonaws.com"
82 |         }
83 |       }
84 |     ]
85 |   })
86 | }
87 | 
88 | resource "aws_iam_role_policy_attachment" "runner_task_exec_role_attach_ecs_task_exec_role" {
89 |   role       = aws_iam_role.runner_task_exec_role.name
90 |   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
91 | }
92 | 


--------------------------------------------------------------------------------
/terraform/init.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_version = "1.2.3"
 3 | 
 4 |   required_providers {
 5 |     aws = "4.19.0"
 6 |   }
 7 | 
 8 |   backend "s3" {
 9 |     bucket  = "analysis-tfstate-s3"
10 |     key     = "terraform.tfstate"
11 |     region  = "us-east-1"
12 |     encrypt = true
13 |   }
14 | }
15 | 
16 | provider "aws" {
17 |   region  = var.region
18 | }
19 | 
20 | locals {
21 |   function_name = "${var.app_name}-func"
22 |   name = var.app_name
23 | }
24 | 


--------------------------------------------------------------------------------
/terraform/lambda.tf:
--------------------------------------------------------------------------------
 1 | data "archive_file" "function_source_all" {
 2 |   type        = "zip"
 3 |   source_dir  = "Lambda_all"
 4 |   output_path = "archive/analysis-func_all.zip"
 5 | }
 6 | 
 7 | resource "aws_lambda_function" "function_all" {
 8 |   function_name = "${local.function_name}_all"
 9 |   handler       = "lambda_function_all.lambda_handler"
10 |   memory_size   = "128"
11 |   role          = aws_iam_role.function_role.arn
12 |   runtime       = "python3.8"
13 |   timeout       = "10"
14 | 
15 |   filename         = data.archive_file.function_source_all.output_path
16 |   source_code_hash = data.archive_file.function_source_all.output_base64sha256
17 | 
18 |   environment {
19 |     variables = {
20 |       JOB_QUEUE = aws_batch_job_queue.analysis.arn
21 |       JOB_DEFINITION = "${var.app_name}_job"
22 |       S3_BUCKET = aws_s3_bucket_website_configuration.analysis.website_endpoint
23 |     }
24 |   }
25 | 
26 |   tracing_config {
27 |     mode = "PassThrough"
28 |   }
29 | 
30 |   depends_on = [aws_iam_role_policy_attachment.lambda_policy, aws_cloudwatch_log_group.lambda_log_group_all]
31 | }
32 | 
33 | resource "aws_cloudwatch_log_group" "lambda_log_group_all" {
34 |   name = "/aws/lambda/${local.function_name}_all"
35 | }
36 | 
37 | 
38 | data "archive_file" "function_source_plugin" {
39 |   type        = "zip"
40 |   source_dir  = "Lambda_plugin"
41 |   output_path = "archive/analysis-func_plugin.zip"
42 | }
43 | 
44 | resource "aws_lambda_function" "function_plugin" {
45 |   function_name = "${local.function_name}_plugin"
46 |   handler       = "lambda_function_plugin.lambda_handler"
47 |   memory_size   = "128"
48 |   role          = aws_iam_role.function_role.arn
49 |   runtime       = "python3.8"
50 |   timeout       = "10"
51 | 
52 |   filename         = data.archive_file.function_source_plugin.output_path
53 |   source_code_hash = data.archive_file.function_source_plugin.output_base64sha256
54 | 
55 |   environment {
56 |     variables = {
57 |       JOB_QUEUE = aws_batch_job_queue.analysis.arn
58 |       JOB_DEFINITION = "${var.app_name}_job"
59 |       S3_BUCKET = aws_s3_bucket_website_configuration.analysis.website_endpoint
60 |     }
61 |   }
62 | 
63 |   tracing_config {
64 |     mode = "PassThrough"
65 |   }
66 | 
67 |   depends_on = [aws_iam_role_policy_attachment.lambda_policy, aws_cloudwatch_log_group.lambda_log_group_plugin]
68 | }
69 | 
70 | resource "aws_cloudwatch_log_group" "lambda_log_group_plugin" {
71 |   name = "/aws/lambda/${local.function_name}_plugin"
72 | }
73 | 


--------------------------------------------------------------------------------
/terraform/network.tf:
--------------------------------------------------------------------------------
  1 | resource "aws_vpc" "analysis_subnet" {
  2 |   cidr_block = var.cidr_block_vpc
  3 | 
  4 |   enable_dns_support = true
  5 |   enable_dns_hostnames = true
  6 | }
  7 | 
  8 | # private subnet
  9 | resource "aws_subnet" "analysis_subnet" {
 10 |   vpc_id = aws_vpc.analysis_subnet.id
 11 |   map_public_ip_on_launch = true
 12 | 
 13 |   cidr_block = "${cidrsubnet(aws_vpc.analysis_subnet.cidr_block,8,20)}"
 14 | }
 15 | 
 16 | # public subnet
 17 | resource "aws_subnet" "analysis_subnet-public" {
 18 |   vpc_id            = aws_vpc.analysis_subnet.id
 19 |   cidr_block        = "${cidrsubnet(aws_vpc.analysis_subnet.cidr_block,8,1)}"
 20 |   availability_zone = "${var.region}a"
 21 | }
 22 | 
 23 | # Gateway
 24 | resource "aws_internet_gateway" "main-gw" {
 25 |   vpc_id = aws_vpc.analysis_subnet.id
 26 | }
 27 | 
 28 | # VPC Endpoint
 29 | resource "aws_vpc_endpoint" "ecr_api" {
 30 |   service_name      = "com.amazonaws.${var.region}.ecr.api"
 31 |   vpc_endpoint_type = "Interface"
 32 |   vpc_id            = aws_vpc.analysis_subnet.id
 33 |   subnet_ids        = [aws_subnet.analysis_subnet.id]
 34 | 
 35 |   security_group_ids = [
 36 |     aws_security_group.https.id,
 37 |   ]
 38 | 
 39 |   private_dns_enabled = true
 40 | }
 41 | 
 42 | resource "aws_vpc_endpoint" "ecr_dkr" {
 43 |   service_name      = "com.amazonaws.${var.region}.ecr.dkr"
 44 |   vpc_endpoint_type = "Interface"
 45 |   vpc_id            = aws_vpc.analysis_subnet.id
 46 |   subnet_ids        = [aws_subnet.analysis_subnet.id]
 47 | 
 48 |   security_group_ids = [
 49 |     aws_security_group.https.id,
 50 |   ]
 51 | 
 52 |   private_dns_enabled = true
 53 | }
 54 | 
 55 | resource "aws_vpc_endpoint" "logs" {
 56 |   service_name      = "com.amazonaws.${var.region}.logs"
 57 |   vpc_endpoint_type = "Interface"
 58 |   vpc_id = aws_vpc.analysis_subnet.id
 59 |   subnet_ids = [aws_subnet.analysis_subnet.id]
 60 | 
 61 |   security_group_ids = [
 62 |     aws_security_group.https.id,
 63 |   ]
 64 |   private_dns_enabled = true
 65 | }
 66 | 
 67 | resource "aws_vpc_endpoint" "s3" {
 68 |   service_name      = "com.amazonaws.${var.region}.s3"
 69 |   vpc_endpoint_type = "Gateway"
 70 |   vpc_id            = aws_vpc.analysis_subnet.id
 71 | 
 72 |   route_table_ids = [
 73 |     aws_default_route_table.default-route-table.id
 74 |   ]
 75 | }
 76 | 
 77 | resource "aws_vpc_endpoint" "git-codecommit" {
 78 |   service_name      = "com.amazonaws.${var.region}.git-codecommit"
 79 |   vpc_endpoint_type = "Interface"
 80 |   vpc_id            = aws_vpc.analysis_subnet.id
 81 |   subnet_ids        = [aws_subnet.analysis_subnet.id]
 82 | 
 83 |   security_group_ids = [
 84 |     aws_security_group.https.id,
 85 |   ]
 86 | 
 87 |   private_dns_enabled = true
 88 | }
 89 | 
 90 | # Routing default
 91 | resource "aws_default_route_table" "default-route-table" {
 92 |   default_route_table_id = aws_vpc.analysis_subnet.default_route_table_id
 93 | }
 94 | 
 95 | resource "aws_route_table_association" "route-private" {
 96 |   route_table_id = aws_default_route_table.default-route-table.id
 97 |   subnet_id      = aws_subnet.analysis_subnet.id
 98 | }
 99 | 
100 | # Routing internet
101 | resource "aws_route_table" "public-route-table" {
102 |   vpc_id = aws_vpc.analysis_subnet.id
103 | 
104 |   route {
105 |     cidr_block = "0.0.0.0/0"
106 |     gateway_id = aws_internet_gateway.main-gw.id
107 |   }
108 | }
109 | 
110 | resource "aws_route_table_association" "route-public" {
111 |   route_table_id = aws_route_table.public-route-table.id
112 |   subnet_id      = aws_subnet.analysis_subnet-public.id
113 | }
114 | 
115 | resource "aws_security_group" "https" {
116 |   name        = "https"
117 |   description = "https"
118 |   vpc_id      = aws_vpc.analysis_subnet.id
119 | 
120 |   egress {
121 |     cidr_blocks = ["0.0.0.0/0"]
122 |     from_port   = 0
123 |     protocol    = "-1"
124 |     to_port     = 0
125 |   }
126 | 
127 |   ingress {
128 |     cidr_blocks = ["0.0.0.0/0"]
129 |     from_port   = 443
130 |     protocol    = "tcp"
131 |     to_port     = 443
132 |   }
133 | 
134 |   timeouts {}
135 | }
136 | 


--------------------------------------------------------------------------------
/terraform/s3.tf:
--------------------------------------------------------------------------------
  1 | # analysis results backet
  2 | resource "aws_s3_bucket" "analysis" {
  3 |   bucket        = "${local.name}-bucket"
  4 |   force_destroy = "false"
  5 | }
  6 | 
  7 | resource "aws_s3_object" "error" {
  8 |   bucket = aws_s3_bucket.analysis.id
  9 |   key    = "error.html"
 10 |   source = "s3/error.html"
 11 |   content_type = "text/html"
 12 |   etag = filemd5("s3/error.html")
 13 | }
 14 | 
 15 | resource "aws_s3_bucket_versioning" "analysis" {
 16 |   bucket = aws_s3_bucket.analysis.id
 17 |   versioning_configuration {
 18 |     status = "Enabled"
 19 |   }
 20 | }
 21 | 
 22 | resource "aws_s3_bucket_website_configuration" "analysis" {
 23 |   bucket = aws_s3_bucket.analysis.bucket
 24 | 
 25 |   index_document {
 26 |     suffix = "index.html"
 27 |   }
 28 | 
 29 |   error_document {
 30 |     key = "error.html"
 31 |   }
 32 | }
 33 | 
 34 | resource "aws_s3_bucket_acl" "analysis" {
 35 |   bucket = aws_s3_bucket.analysis.id
 36 |   access_control_policy {
 37 |     grant {
 38 |       grantee {
 39 |         id   = data.aws_canonical_user_id.current_user.id
 40 |         type = "CanonicalUser"
 41 |       }
 42 |       permission = "FULL_CONTROL"
 43 |     }
 44 | 
 45 |     owner {
 46 |       id = data.aws_canonical_user_id.current_user.id
 47 |     }
 48 |   }
 49 | }
 50 | 
 51 | resource "aws_s3_bucket_request_payment_configuration" "analysis" {
 52 |   bucket = aws_s3_bucket.analysis.bucket
 53 |   payer  = "BucketOwner"
 54 | }
 55 | 
 56 | resource "aws_s3_bucket_public_access_block" "image_bucket" {
 57 |   bucket                  = aws_s3_bucket.analysis.bucket
 58 |   block_public_acls       = true
 59 |   block_public_policy     = true
 60 |   ignore_public_acls      = true
 61 |   restrict_public_buckets = true
 62 | }
 63 | 
 64 | resource "aws_s3_bucket_policy" "analysis" {
 65 |   bucket = aws_s3_bucket.analysis.id
 66 | 
 67 |   policy = jsonencode({
 68 |     Version = "2012-10-17"
 69 |     Statement = [
 70 |       {
 71 |         Sid       = "AllowPublicRead"
 72 |         Effect    = "Allow"
 73 |         Principal = {
 74 |           "AWS" = "*"
 75 |         }
 76 |         Action    = "s3:GetObject"
 77 |         Resource = [
 78 |           "${aws_s3_bucket.analysis.arn}/*",
 79 |         ]
 80 |         Condition = {
 81 |           IpAddress = {
 82 |             "aws:SourceIp" = var.trusted_ip
 83 |           }
 84 |         }
 85 |       },
 86 |     ]
 87 |   })
 88 | }
 89 | 
 90 | data "aws_canonical_user_id" "current_user" {}
 91 | 
 92 | 
 93 | # memory images backet
 94 | resource "aws_s3_bucket" "memory" {
 95 |   bucket        = "${local.name}-memory-bucket"
 96 |   force_destroy = "false"
 97 | }
 98 | 
 99 | resource "aws_s3_bucket_versioning" "memory" {
100 |   bucket = aws_s3_bucket.memory.id
101 |   versioning_configuration {
102 |     status = "Enabled"
103 |   }
104 | }
105 | 
106 | resource "aws_s3_bucket_acl" "memory" {
107 |   bucket = aws_s3_bucket.memory.id
108 |   access_control_policy {
109 |     grant {
110 |       grantee {
111 |         id   = data.aws_canonical_user_id.current_user.id
112 |         type = "CanonicalUser"
113 |       }
114 |       permission = "FULL_CONTROL"
115 |     }
116 | 
117 |     owner {
118 |       id = data.aws_canonical_user_id.current_user.id
119 |     }
120 |   }
121 | }
122 | 
123 | resource "aws_s3_bucket_request_payment_configuration" "memory" {
124 |   bucket = aws_s3_bucket.memory.bucket
125 |   payer  = "BucketOwner"
126 | }
127 | 
128 | resource "aws_s3_bucket_public_access_block" "memory" {
129 |   bucket                  = aws_s3_bucket.memory.bucket
130 |   block_public_acls       = true
131 |   block_public_policy     = true
132 |   ignore_public_acls      = true
133 |   restrict_public_buckets = true
134 | }
135 | 
136 | resource "aws_s3_bucket_notification" "memory" {
137 |   bucket = aws_s3_bucket.memory.id
138 |   eventbridge = true
139 | }
140 | 


--------------------------------------------------------------------------------
/terraform/s3/error.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <head>
 3 |   <meta charset="utf-8">
 4 |   <title>Analysis Results</title>
 5 |   <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/css/bootstrap.min.css" integrity="sha384-+0n0xVW2eSR5OomGNYDnhzAbDsOXxcvSN1TPprVMTNDbiYZCxYbOOl7+AMvyTG2x" crossorigin="anonymous">
 6 |   <script>
 7 |     var href = window.location.href ;
 8 |     setTimeout("location.href='" + href + "'",1000*60);
 9 |   </script>
10 | </head>
11 | <body>
12 |   <nav class="navbar navbar-light bg-light">
13 |     <div class="container-fluid">
14 |       <span class="navbar-brand mb-0">
15 |         <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAArQAAABLCAIAAAAOB4NoAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAEaYSURBVHhe7X0HmBRV1nZLHCQHWcO3uruuq66u++muYVfXNa2CxMmZIEGCJAHJgihZzCCiqKAoqwSRIEEwEAQEkZwzyFRV5xwG+n9PVU9Pd3V31e3uGobvt3jeZ56m6t5zzw11znuzwevz69ChQ4cOHTp0hKGTAx06dOjQoUNHFHRyoEOHDh06dOiIgk4OdOjQoUOHDh1R0MmBDh06dOjQoSMKOjnQoUOHDh06dERBJwc6dOjQoUOHjijo5ECHDh06dOjQEQWdHOjQoUOHDh06oqCTAx06EsLnr4Ts1f8J/F/XX4cM/nJ/eTAKgQt65f664Av4Axej28BFeigLlj6qihxA4yAbLgblcZODXy4wLgLlMRHVEIgRIoMvJkpSQMZlAhOh/II8bnIIyAUmAv7J46YG5hSB1BqAau0AyZYbPjCxUgIVwH+9waBPBH6En9Or8ovy6Cy4EK1hIlxISfgl0F9DiDmNVCllVBQaGnDyn3mFAZHJrCKQL5croAjkKLJO7Tbfib2eUwdCOLnfw59FzYYDUCEkxRX8oU81JF8RrB4IOjPIlMcSXYYsTCLI46aIS1r1kUiujhC4wm5QdDw5fchzMqINnD3qRbsKC0eD0YQrVAk5gH4HlztWznasnqOCr2Y5tmzzSBlOBVS73q9nOVbFSI7EilmO8y7/xWSsYSAYOLXRueIduagwlr3tdKfBD2Cvv3/Pseo9udhYrJjpOCHAuMslsAIfv9u78i252Fgsn+EwEj2IkZAsQGwtnpUz5fLjYtU7js1b0QBihCjiQjBwfrsL1SqTFgkosP+Il5EfiN9eIFju3fK5c/FL1ucfMJY0Fwoa8TIUNRd632GcMcy66n3ngaNQuxyxEFcmLRHw0f403/GVWqWvfNuxe783KX5wafTXEEh33VznjN7WSTnmKXmpABHf6W+dO9L2yTjb2g+da9537tvksZnxpYRMJBNRIAMSQMt/rYtlcq48CW0xMcv80WibifOhnydXIx4kTuBy+rYuc7070PrsPaa8+nx+Qz73Sj63fgWu5PMa8PkN+G43COPbmhe/bN+3mb4mRGSpVhSRL+D7ZJx9YqZcWznyLQun2CFT1ev4L/jtVt8nL9gRRS5ExOQc8xvdLOvmOaFkOBZ0PvKTZ/YA26RsefhIUNzulpWzEbcyxRQhVv2q2Q4IhFhZQlUEtDG0tKVvOKA/Cz+oIEz+3d+7P33RNvxf5tKWVN2VDUAEGgaaQddreQRY8JJ9xxqXyM8oIrIpk8kO7cmBP+i3b7Q/YeCy6jCgNtfWwL2/wJ1aZcNJbH/F/LhaWpk1uI7XG53BQICRT1G7cXcylHWoLRcVxhOGsrW7qE3L4zIA1bZxlLEVYxHV4toY+J/LkiM3YSCtdUOMLNXRxlD26usafHUXg4ENzxsfY24ArQ3chqNJsB/fRf/F084OBi4zce0AbQ1lI4aoZwdNCGF2LXFM+pcAU5tdl8uuxxc04Ytb8CVXxaAFX9SUz7uSh3x8k/lXCTNH2fYeJHarmpAP3/kex2OGskgl4yLTwLW5zQyZMglxccn01xBIC8wA9Q5tUYkpoyO+65qEDlfQX2QfvrPTb4Sxrczr5jrcHmr8yj4SAWYPssEEUbHHyNcWUhIlLQTVmpVoAUz8hExLToZYSrXoS0F05LS9gWuHFmIgy4nfAPKOAHiLHzmo/Ub8y8WWn9fBqKq4BwToep0gxVUGlEfSz/7dpKo8Ajx9oxGaSArHRU4G/6SB+/It8pGIAhd4+pC3laGMpT0gDOIumxGKmzKg58iHzCg9luxrCbG5DrlXpSQlWnBsl2dGLytaNUosVKS1uA41KtsAEGoDNUKNBMGyM3g0g4lZlo2LXBCCgkptIEF7cgBt5rXmcxrRV8qC0uZ8q0ZG2LgUeuHwQ5smmjMzVNIC2yrI4J7JtynXRyXQ2/a5cg1cSYyoMLJrcCt/SLFDHwx6+9XlCluwFVFLobA+15OUl8thAbK8sq8xu756WiiiCRM1IAdw3hfOubJRei3lScRFcRM+V/SFjA0AIWffTw2sNEZUGKUt+Na1hfNBf3nir8InDsTt/8ze62oeH1V+Y3KfaCoyUXGBYKXwtc353Hp8dgbX7S7Tt6ItvpB4oALkwPODo20NTiYqDprxrX+vTg4usf4aAglNzLTAl/e9zTglz4Jua2pAL3PEv03wWEDnawT4DJhdMpHgWLU5dKdGP2ra9S3lC6ZWpoMEvOp2vRHGd/i/TJNzUtdEHVnmCZnmgsbkFI3naRBYpokEqcO353t3n1uMcCQSLYDpRwZnPWNd9a5j70b36YMe/pwXOXI7fSf3e47v8mxc6Fo41T6t0NL7T0bIp+yLJdDrT8Y178OJxmdIgYv+0we88C4gE9OKlPKOch77hKmwCQ//TUPWidkG9HdYfaB9yCnyi1zLRAGocdQ7av/FdqFGDpvz/lBbdh2ux++FqflKmkzOtaAoEHfUI+o0RQH+C35jmbe1oQx6jm9rnhRPzyrC5DwLChxF9Mtxb/wxJHFI48R+z6hHzKhEqTZBBPv9xfhGd+vSNxxgjWcOe86foDYAnNjrOXvEs22Fa/F0+2tdLAgW+goQtzZX1IxfONUh0s2YhNSgNTmgGSxPiYErZnMMhJZ8loFbszMVRwtysHmyOjkAYA3RIftwCdsQBXIRcOWrkYOvtqaiM42sfGtvc4WSb5MBdrzNFYIQhKeTS1MF2tlX/VjJwcTJWozXiYlueM7Yri6To0IDAJOYv4KmTmVyYoGK8Wy1wwKWKjawHAM3a55SXYOMXrC6J94jgGgXNmP1qXGB2ilqTLy+73/Mpy0JmwTIgXcryAFDQs34J/+oQg4uvf4aAlkb8aAJlmtmLyt+I8V0AMMHwEq6nD5QgaWvOSZ0JOYBE4kuFKzk6EfNZ47QkguZGgAedv0fAV2xLV8Sh5BJ1hQBf8CP3h60OrydzLpMEwDByi/6xz1pRl1Af7jtofcZV85y+Hw+aSwBAeDmEZcWIcIWVCxODKeCYCbet2iqffA9JkSHEGQfPOPozzQ4JEsOEaEJ9EFIcYKpUk4MAqARKCXob7cgZpScSEjkAMEAcTVD3CINoN5R+yMfDJODwOtdrSBDYx7DExVNlrzigCYj/63OnhUQzruinlWEchR4omYgLR1491kb8gjiDl7Y6ybh0/F2u7WyDUitXVqECOA3IL6lAPjhdPpWvu0Y14rGRegTqM2hG7BlGbXwpGYZNCYH5cHAsXnWdrWT8HxAYQN+YE878iaTpgp2cgDACLY18Ic9/qBq96gqyQEax8JiIUcc/2QGn1OT+5iR2UQDDeLSkwOR/HoHNWQdHSltzrf/jTEQLFdd8QD1ptzC5TVVElvShM+93YKMJxqKwCvTdntpHQ61kI5bjQTkoBm3ry0s3xDHEAMakoNq0V9DQP6oh8ywWW92I3Ige5sc0GBEwDHBM8F3ooUA+L35C9fgu03ocsFHwkp+SRO98rTw5KnfCrDUGz53adPyEwBdVYeNvCbSOrIzjldA6if3eYqa0oAwtB18r+ngVvrepbww2nSkU7EwzX9gi3v0I2akmIdqNXDLaAw/KvvQ4chP5CBBtZVrAaV6VAwJaciFCjkQsxkKGc/SIi3UO2ofbUBKN/ZJIiBfn092QBPVkMqgvO+IyNElGTCTALWlIS4UvqwZoJzh8nvdZJSmV7pdL3z7KRlkRCE6yNwGUAtSLOEX34xeVqRFXLkGN61QtIrMUwwakwOkPftfXF6T5AxWaQu+TT3BBXIdI1AZSZEDoLgRX3wnWlW5ygh21ZED8pqeHjW4oquSKyJo3qlNKpYUUaqBHIg0UVhPs7lsNJHPrcm9NlPFQENm2XJrGwM8oix6BFqCAnLbziasGvS5TRvsWQausHlyFJYFYOgwxJ+ujEPjtCIH1aW/hkDWNCMHCQALiCxA+Nblrs5XC/C4HWtws/vLk8N/JXLwfVWTg0ivaZX7VyR9bI+3Yw1aMwEjvnoOPkPqAjJygjjwS13JwMFtnk4thZwMGkd5p19U9tnJQThkyJWyk4N4IZHWZUEO2HKkOaB2XHIAZmDifF2uFfLq06DR+0NpEhz5ZeQEcQGqASFlZ7zDHzCjXWXV4QbfQ9MxjDI1JQcgLB5xqp59TiEEPvsKbvE6poHlSCRLDuA54ITGj6NvTyYqClVGDgLBwLnFtrY1kzbr6Ni1M/DHgwGFSfS4QE6rhRwASPrdh/lsttUnRBDrCILColHiVb4R13AFzZQEFtTlRj0bp48oAfV64ZQzx8AVMS74SB6UEQO387xPtoBUE3JQjfprCGStqslBCNRmKLnh/zZl1iKLLNnccAD8rgZyEO2NyCuch6MiZlDcjD9zWJwBScMlRAKZgvwX2piRfSS9fGblp6GTA5YcaQ6oHUsORC5LM1x5Dahv89NamgJg7+IrA6lA2ofDbB0MtAphagGNH8jCxIWW5AB9mj1vmTswzjRHo6gh/3Rh0jMLSZMD0cu2N/Dr9yv69SojB6iVua35XObVmpHIrc29NzfpLh1SrC5yQCvm7FSMxVfJ04qL/Lrc2NEwXnI5EtC6Ds42K/MqOLa2DYxWMIy4tlWkF8OvU5mVSB+F9bhObeWNWQNyUK36awhk7RKRAxEw/Uhlco4luy4t7Dq22wN/Kb3C8+olB5JXQJmDGeReydvM+G9lLE3gFycaXmxvhuNpbeDMvE9aDqmTA5YcaQ6oHUsO8HDMY2ZpRmnXd8QMwuE1AWoGMuePs4McIMubF7toXCommAxakgPU3NSb+XzFjl0i0IKAmjyf5Jq7FMgBUNKM79DS6FDopFYROSBD4C5KarVmBEqa8IX3s5K+MBC+usgBgNS3v2hqW5upgqRFIcdgzWK/VWrc3mdUFjHQmtNPVnsSZQGtZcckc9taTMM2IJHoxhU0pF3FITTkC5sqzmiIKGrMP1mTX7lWrkb65KB69dcQyFpS5AC2G7YsFjRHyzZbDAlIqPsN5IORx3Ci+FG95AAKzBlMJrv9FdyJveplHrhIGUewSKAclHuZYrDy7Lq0hXXBSyHap5MDlhxpDqgtIwfI1JYvXVKhffVOwlHPMNDmY9sAnijnQpxiKO97mxEU5KX2TKWnHTkAPy1zdVRbRq4AWnO3ODmTlBo5AArqcX2y8ZEkKKCqIQflwcDRuZZkV2tWgsY8uH2eQBzfmRjIYzWSA6mzO+pqjpEyFtbnnimNUy94sm28qX0dpaIrbsh3eSyxsyFNPD1qMq32KGzE40PtfqtxYpH59aesr3W14O/0IvPwvwvgH1n1+OJ4QuCPc2txnW83HTbGaRjpkoPq1l9DIGvs5ABWz2qig4A2LnJtWlyJjYucP33tFs7RIDwMnyxWLOBBzx7xoljwEW1bGeo5IW5S5EDyzSkAwgPltFsBCC/4R5/eafO1Ec97+HCYykZr6I8AZ496f1jq+mySfdHL9nmjbAun2Nd+6Px5vdsjHuqQyBmXnfH2u8NY1JR/wlCGQpMGTn7l5CC8W0EqWEVQvcskxIXogFWlXYghB4GiZnSQ0aiHVTIlrTYVfvH9uNK19HXHomliG5hqXz7DsX21C58J3sZVlbJwwf9iO3NhY7IMC8YzjQtqRg7gp3940dSxHoPtS4DiRnyXtskNM6ZMDmAHYSU/+iLBKH3VkANkbca9Sa/WjEReXe5NtVV7MiDR6iQHaNDBgG2bHRaZhTWiXtob+K2nowtWHHF5qiYX16VJKL2KdpAfcgQuJuhK0j6ajyws3e682tyANpYTv3h9FYt+K0CnGrscnuWjLcV15fVY0py+uhefI2YTtwzTJAfVrr+GQBKM5ACW7vwpL0ICHWqIpx5VAOY1O4MvbMJPyLSYOKblSkjr2btN8MQTsyrdEjs5QODTh7ybl7g2f5E0tq1wwZSj09bKUAaWIHX0keK8UXb05uEYIBy+NTK5SODt0Z88A+80Ir/QVso+lYN4ok5OBl/cnJ/ZyyqGrIwF34yIX891Skmgfj8eXUlBfs3kAO3q9AFiivkN+beetrzd1zqzd3zg7YcjbGeORC0ejAvI5M56PxxuQxSZkEjMGWJFXcAeHtzqgUwQx63LXR3EI6240z6FVJB3i9E3oaMFbYAW0ES2AXGxYXEzfnw7c9np6F274oTC3k3urtfSulRk+YU2VHQKjS0MzcgBOogvXMcVNGewfQkAx9DOwJ9IZs1dyuQAKG3Bt6slHHH7g7FUqyrIAT5UtysPMlMdWQFKmvJZtyb3VSBw9ZIDADp83FbIasBUTbQv48Go2RP8XtVL6HilUvS8WtyEiUr2HUI+aiuons1V1JDvm00eCx9t7FAtvihpBtdb5hp5I59ZUaqFDfiOTYS1X3vwyp+g9aZJDqpdfw2BVBjJAd7O7meDOwf5g57gl2F0vlqAhc2i4/bIO5465EWWZdFlQPNYM4c8JQwxJKM08JeRHED4psUuySgj3RSAuNCz9y3GcJaDwXI8yc7g5o5UGjaAYt9+6kS60p7M0quEZ/9uev5x89gnzM/cZgRg8bPFo3KKmglbliEjJAoKA1PyLHAeICXwKD+vFyezK7zCr5kciC7Tj8LMrU9TLaiaRMBbIK++ShEBCACqIYWXCZEhrwH1ZEAmpBUnqEe0gefuVzrWCVVw9pgX9YjWjpYAetH/DiMiAv3/auz3FxNKD5KpOdXlv3hFnJvwSyMZgY+ft1Oi9UEp+OV0siTrUkdtyAEM38UDDnxyLL1DBdCau4+SWHOXDjkA4IeK7qJGJt/ZWAXkAKrunJ7ias1KtOQ7GPgdvD9R/zgWyF21kwMiRj53Z+r6yxONA3FQZ9kPob6guKrRSXWRuGmVNOMzrzcF4NiU+l7eYY3Vz13IuoLbeByB5dFlQFoQOO1Ovn1tOsKr10Pm816VWGmTg2rWX0Mga+zk4PWuVri315+yXgj6HXZfJJwO39LXHHB7BY3oeADor2z1Ahf8FiHkukxlobtqGMkBQg69zwSz3u16YQDM8e1Jo8+tZM2tZp+0q17qaMJmQpnzpxIclodmQ1fwBaBhQWO6QGH3t263myRAW0lhBPjluPejMfZ88ch9SFv1HhxA+Yk9nm6/FcCr4AKff8Jkt8uN1a+aHIjTNCcPeCdlW0Y+bBr9aHyM+Y952AOmoqbky5129YwjGAIjCiLKRIUx6mHT+Dbmg9s8EpdFLtob6ITTr+cq2V4EQxNC80NT/26By+WCy6LSAPADbQDteeU7js7XCGAPHWtwr3bBl1UOlYY/YMLnA/k9fi+cTnIjjDbkAEmuHWTMUvRALLyhpAmf/48k1tylSQ5oZ2MNbhKdGRydYhWQA4ScepPiak2xPyR/GIP8DG7ChCRcOLJW/eRArKm9b1ja1GBab1HSlM/+o7gfV9R/QUchS+HMKCJM3OqdigPL9CG5OzMsBc2pxS1ZzzRGLZ5e7J2dZXpzEpFx1XuS0iIHl4H+GgLJsZMDhEFX6a3uFBImOAqidz+2ywNRsIDL31JpvTCjsMh0Pl0NGtSVJpvZyQFColP42UQUV9QrRnhE+hUmAfi99gOn1JWE8HAwGeCYD23zSGMPHjfFQsaRETLxolcAEAYSTJyv721G9B3Bk6YVWuBI0FlEThe9TPUbSz5+5eQAkMoNzUAaZYkFkju51wtfS9mJOZ0iEpRx8WhIBEYURJSJCkNqdfiLWKiUc8coFiqXP5fwRi6IR/hWhjIU0U7xmHMkh3qPbAMS08UXAeaB8gEbeLnIAq6QeyXtjXyrJ3FrpC6TrAytyIF3sOJK8tLmfFY99ZXS4po7fj/zmrt0yYE4l4GKWS9WZ6VkrcmB76I/eMaBhBKWQEtaJZ5HB97FvIpGaTO+/W9DjlOWSlwg5OVADkT35ht/I9s2vJZ8zhXcHLqOKxA84eyoOGxQWJ/rm6eymIsq1KtyWYaEkmZ83h9Mp22hD5issExUJGhUkKASTERa5OAy0F9DQLdkyYFCSDwf+7gZXeRxrdUdBgLAdMIfS2wA/02OHNTmPp9CvlayyMkiWqD/s0kOaNL3z5UTDbGA0efO+FqLjmH7avoiYOLjeilUN94OudcE/wSKAFWh8NGdNFVEXiQmvE4OQkDhJACKNNmjIREYURBRJioKFbEQbN8mD+oLhFUt4wH4+Nx6/NzhZOtQDnGZhEQRZg+wQRO6fimD9sduEq9fUlA+ETQgB/6g37NNnFOIMVUSwAwybzCZf3J0YOg45tXlXntD5UMNI31yAKCf2uGa6DsbtSYHpOcLSqs1ixryz/awb51izlKcWSeIo+7fM19jiGZxWZADaicB9x67sqcPA22mXTMYzfL3HhRyGidUng42qCOcuajGJlGhF12FDM4VKG7C5zXhXxtt37vdA48ufYrqjlYN6ZKD6tZfQ0AlbcnBJ+PtHWtyQ+5hIgewVGmRg8kpjhzIAIGz+luhiXihgEoh9L+DdqDl1ucndDRvW+my0HaSULVGGv2Qb+hve+Z24+tdrdLsQ/itDDo5UEUKGUdgREFEWYC4QHa+W+BCxlWrAG/R+8eHkJPBjXrY9O2nzrJT6NCiDRBZRL2HQ4KD4uGKWY5+dxhfbGfmz1Cw8NukoAE5QNpLOxuzEy83K7iSGzOCvM6QRuqTprTmjvm+Wk3IAQC/2K8govepNTlAsDG/UVqtmW3glv7gC1rpJmLVwQOU5+jnWC0UMnWZkAMAyiwpNiovLQyjqBE/8H5jseJoSo6Be5vtYKhg0NPLwBUx8BKgpAWfV4/GunrcJDz3hHn15879uzwXxE8RaZWnNAKfFjm4DPTXEFBDW3IAu8niWtBpQwBpWuHAlpSmFbQkB/5PJU6jdnsvTL/L7R/wVxN8T1YdmkDpcq0w+B7jx2Pseza64ZMQnaoV/E8cn8B/iYqrbXzXyYEqqpocwK/vWO1GhYpVUC57GwmpQse3tSAJtAGkUnoV3/fPxtkDbT+tcQm/RJPFitrHX0ZN4iJtckB6eHvXSbz9uiWPzuLmMwgW+PpZI0vPGOF/PM+05k4rciB1x+curHAzmpIDeIUL+5RWa1L3t6HgFq8jm3oLl6828E7hm6LvAEsgTysWKPbLhxzQysSgpztaixpHlFCseGhPCbrId5CNYJlhQTAq22RO6CoVzxEqbMRn1eKyG/JP32wcW2j5bpnr6EEaqgVknF0ZaZODatZfQyDpZMnBWz0oJLrCkQiI28phEPPq89l1uQ+GgN/LJUQChvLEPg8MK/iBRZCW9SVBDrpeR+Tgi1dpWkEN6uM0CLN8Bk0rdLq68lCmRJByuupdx4gHTQWNaCZUYgn4+9T1wvAHTZ9Pth/d6fF4K4mCTEIswp5PJweJkELGEZidHCDY0Z0kH94BFkI28SSDRPu2rXS/1MFc3FxAWmiNaD8da3GdrxYG3mX8ZJx9zwZ35KiSaiNURrrkIBAM8CtsCgvNSpvxHW4kauwHTz+kNPsQRn4GN4ltzZ1m5ED0uO3q8Mc8IinRlBwg76v6Ka3WLKzPDXmGuiPIzs5XWXY00Arz1T+xpn4ZkQOxyo68b6HLk2IUSArixldu83GmQgBQDmsGGjPZBi1iAZ4uHTiYWZOWTfS5wzilh2XLOvdp8RAe6KD6HaZPDqpXfw2BFNnJwRtP0W6FVztZ3W6f8by3EmXe86e8u9a7ev9JgL+Ev0f/KdGSLgnI5oq3HTCpeQ3oXAHxSRLkAB213Pr82Fbmj8faPhyeEHOGWNfMcaqaZgTY+bUbvAfNmAIrOgYA0qAhYBZ8mxa7Xu1sGXCnKRudSHGPO4ootx7f4/fCuFbmlW87zp+sqNbEYnVyoIqqJgeI5fHQgpKONbh9m0KHUymh4j4tMICda93vDbI9908T2mSYLKIMQWFBFkFhj+8O9QFAguVy2JAuOUDan3RQ2n4NT//y9NCHFwz6xjKchcC+5k5DcgDQzsa/UZtDnWlKDnzPNlCYT6FBi/UHRFHoythd2UhXbfS4sAE/iO2Sa2TnsiIHAJKYegeXm8ZhUAC0HdE/zlmKiUDjN4ed+HpVZ21U0JIcbVFTPr8+XfRX+Bt+8CPm79a60WKUiy5NclDt+msIZI2dHLzV3Zpdl7rX8OIwfJX4H9rdg1fSemz4Y9XGgAB9bzVmZ3BTckNbovCXmRz4Px1nhx/NqUdH0CgA5APVNCVPZdeV2BGkrROIIh5OIA8QH6GTKkhzSAA9Wv2+E2n1vc2IXEhjCfhR3Jwfep9x1bvEURA4Lk3RyYEqqpocAMjF0zcZUWsfRF8JpgwkJ7EE/AVR3rzU9VZP68C7SA4UIKIgnorxzO3GT16w2cxwLqlc45QeOaD27VHaYSXuBdhtC1wQyQv5csV1eSGIg/zfHaGmEJVcDLQlB3RxcA1uwktkZbQiB/6g377R3jZxR7m0Od/+WhMyIjEhJP3W3bSgTBZMBtj3NhlGO8PMAgRebuQAZRI46sxi4ECJQIXWWEh4wVICIGuv3ZkuKYlEaUu+pAWN2+NTfOpW01pxl1GiCzvSJAdA9eqvIZAKIzmAkT2x1ysd/gOrJwMeQsiQe01bV8C5qhhWuMkT+zww32AS+zaHemmIxUgOpHnc+WNtwx8wIcWh98UHenKD/hY6qJhUUmyfCDD4bhPYxnP/UFl2EBcw99J0A+J6vP5T+z1fvuF4qb0ZOUI2QZtQrT1vNH63gAxa7EITnRyo4tKQg3cGEP0tbKpySmZ8+GlmUCIK0IE74/1mvnNaoaX3zUZpOAHUs+Qqfu5I+GAKJo+uiLTIQXkwcPJTa7vER7rSrPA9lQyadvSdY15zN0x94Q8TOWjJ5zVgHcSWBqvFvQBuTchBMFi+pFRQWq1Zj3uRrpAOhRfvHrS0r6PqAOiS6yXfeBkUuOzIAQCtVvU0dkjtsO2WNKsyf4UnWVVpW80+J3hnyqQkEWh2XzzXdmRnqzvBmQHpk4Pq1V9DIGsw7izkAEAtmwXfjlUudK+3Lq/Eli9du751nztO28ZYWgISGvBXU159vueNqV68RPyAxlfgaGH94wJvj+/2ogcPCoIem4I7AWCsf1jqghFH4NOHxP1vMWEYAaIgpQ4NbVbfznXuiVl01IFEEYb+w2yndYtRURBeJwfKSCHjCJwUOQC948/60ADgxZe9RctZZAHYEUkW3R7f/i2et3paCxrTplY0SDT743vEfa0xERMhLXKAlGb/i89NvNMstzb37ryoxeT4Pfkm9XVV0po7v1rPWJ0cgBk0Nc4bau6oeGdPJEqa8VnXmcq97oIrlJZHMJEDsibennRZjjx6COIBPtuFiNWX5f5gOd3cqOoAihryPVX394t1dBmSA2nMSe2Wxfgobsh3fogYJ+NJD5FArG+GmuChGRtDUoCLzavNlf7NbAv6paGySKRPDoBq1F9DIBfs5ACA5YXjhCuVAQ9hDfFeFj4WSOWTcbQ1oI2B2/+DG3HDz5MgBxVAiokAlaQlZqruRAIU6HYD3eKPrh5+pzD2GwskigxCWtkp74SOFnidnHp8SXNBXIhQGUwnB6q4BOQAQEZQTbRV9UreZlG6XoEdaEgiaQ4Yy3zvDrJl1SbhaP8bF9MwkixwIqRBDuDGPOLYeyI31pJu4D0VfVcC3PmOl80d1CcCxDV3P6t4X3VycBXftgkN2U25nVPYLi9DURO++++E4hZKJpiFHASCgfNLbW1rJpRD+zZvl7dy/HfOI0qUS0IpXXItCGpD65B2OZIDcYzk1EILTbgk0w+mXF/BH7D4L6bWuxUHh997XFC+4DEdoBg7PWBGy5Sd5awJOahG/TUEspYUOUgHsNtIYsNCJ42y1uZe7RS1FAC/UyAHCmB3JxJgwQ/9SJMd0O0NcUcGqlgWJmVAGQjctNgFx5BXny9qKsBVhH1PWFWdHCRCChlH4GTJgf+C3+n0Z4mXYw2+B95Kyz1E4lhC4OA2T3eRg0K9H1exNvXUyQGM+543Le0TL60vbsR3bRfz8YNS2MWz3tRcQmEDfkAPlTV3TOSgoRGd8aDN1Qk9eOZ+aokiMwBYyAHyPu9JPjfxas28OnFuWSwPBs5+bm1bS11VuuR6kcroOnS4PMkBgLTevI9nJ21AXi3uJVoUIheVBGg7pXfmo0K7GnxJyySSZkduDW7MCPkIoTbkAKgm/TUEJF8aciB1oBdOscMmwkFKZxFG9s7x3+olBwB0+HA4XVuKWHPEVWkssdgBgcf3eHPrET9An4dKQOQfOjlQxaUhBwDyBZ/dlo415Ib+k/hBshKUAYFgCcXNhfyGNH7gdPpY+Efq5ADpvfoXXmFTfk4t7vOVcVwXKnUGy5q7FnzbeoIjSCeJyySEwUgOvOKOjjNLrKi8dBd7V0CdHDCs1uxwBX8ENFHW5qiv43mqhvpB+qBfnVurmFe8vWzJAfxl8KyT/abKkmZ89g0mOuAhvd6VdJfxF4PMWVdwBU2SG7pgQWlL2lm383zU8IZm5KCa9NcQyFpVkwMwAEg+sNU9/EHx4pk6XO+bBVhwmMjIYAhT7eRA/N4D00voOIeONeiKKcQiZbQbQoC0Q9tofCKzFjd3RGguMqyqTg4SIYWMI3AK5ABAdj4abSd+UJcbcp9JOq5Ak2kmCReCfovJl9eA5hdGPMi0ADZVcnDBHzQqH3rPdzTwp+lgH3LM0SjfPs2kfhqSuOZu8TqlnjE7OfCJpb+0i7F9XW3GY1XJQTkI+zxLu9oJdSttzne4GU08fhG98w8l4hWCOHFzUvGSa0i7bMkBAPXWD2I9MzGvDjdnPtN5iOoQN5Kd/sYx9DZa9gEXW5LoFK+UUNSA75UftSJEQ3JAuOT6awiIrVJyAFt9Megf19pM0+3iFbdTCyyw17EmG6lXPzmooDIvF4XOv+t+g/Hnb2jnCFRilKAKSHv7GWtOBtE+D3hHeaWqOjlIhBQyjsCpkQMAOVr6Oh0FlFuPL2jMr57jRP8eD7WaZUDpbVzkwueANsByrEKK5ABeeetLZuVNiUVN+YEPmMY8Zhr1SBTGPG4eeKtQrHbaAVDUkH868lTjGCRFDkR76ht1A6c6aMECVXIAtd/+p+IASUu+sKkwqpV5dHT5AGNbmXtey2Tuacmn4vnBUONyJgfiILmrmG3wAGW+Sm0qJymIJwr79i6xj/knZb9jbfomi5qhL55uCxE731ELbjQmByIupf4aAllLghyIyywQLALkTeXBIgBm8MOXLvi8wib8s383bfkSjj/+WD2eJ0UOxHkKZQROHwy5E7viPX4ySPxgwUs26bIcWPDn7jdtW+mCECnLtPQyjbqQ5GfVpv0LHz8Po6qTA3VcYnIAIFObl7jgOrNBaq+gLQZrP3DwFSeVQayCDiyAnAF/pd2zox5WL8AUyQEUHf9brkBt0wEyWdg4DliYAUC7+Q0Cn3jNXXLkAFUIY3fcWVCDK067m6VCDuDz3AxLK8APYgpHAmNHsKQJX6B4yTVeXdbkgDT0DWvIFSba0BGBLAP33WF/UNuxblphTh/euYPuDbNtL/zHNOBWIac2l1mHrk5Px9Hm1OQ+XVo57lUV5IBwqfTXEMgaKzkQh9znj7ONftQ8WuxmTC2wLJxmh5VU8JToEv283i3N4pvKyLnKAoSBV+zkAAE2f+H6bJJ90bSE+OJV+/tDbXkNeHhcj0flQFw5xMye3O8deKcpqw4NL8PZdLtBeLGdec37jrPHvJGnI6dAFBB3ziAbxJY0py315Pl2kOdDPxL/lQWORDgki4902nVykDo5AJBHq8k3MdOCmsquS0sIC5vy6FEvfd1xdKdH3JKaOlFAxE2LXZm1qNLdLqUcAamQA5i5C4cdKIgqWi8dCVio+UsSWqhkyQGAkt3/rqVdkovkY6FMDmCvd73GchBy2lC75Br5vfzJwXNs5CDTwP1wuryKJsIDYrcPuOjzHt/t3viedfzjpgG30zWhHWvx+ck72sL63LCBleVZVeSgAlWtv4aAkozkAKnDJrY2lOXVp+3aAOwavP6wB1QmTfEWDBs9pDcUk8ArRnKAt0um2VuLxy6hW68AKCnN7CprmAjSDrR9G90jHzaD3kE3OAkSW4d75nbjxEzzipmOUwe9LlcEUWBbnYCQiIjSg2MQp7Qrd13aFY9kIB/JRg4CF/zCLxXkIMHACdTWyYEypC0Gx3d7JmWZO18j0EYb8XRkoOeNdEL24ulEFKzi0YcoE7QZRrJIHWTpYtKa3MZFrouKeqZCDiB9/dDUj3lPCsWN+U5PJPy8UyAHAKTNbS0wznMngjI5wPPpf1a/QkkT5NflXn09oWlDZv9/IgebTweqiByEgc8M3zbKjXDBe3KX58dF9ilPmAbcQYsecuozD+o05kv+U9l0q5ochFFF+msIyGQmB4FXO9FMeb87jK8/ZX2l1DKtkHaEo19+ZAddqygLHwaa8ZLpdI0C7LWC6YR8ZnIQ6HmjEd669y1GUJOh/0iIIfeZhv7TdGKPJ2UPAW2lfRZnj3rXzXOO+Lep++8Ecg/SNQo1iCFBDRCFJa84Tu4NXS/J4h4QDJ4G0b/9lPJrM4UcObqqCifw4xXIhBTS5VDykcjy4e3kTeF+XE6fT5EcjHwoxPDCT3RyUAmIFKvVLPi++69zcq65158Eab4JrRosAfXY/QZh9KPmzybaD+3wSGRRQcMwEGzIvSa0gfcGqywqSo0c+IY1S+X4mlSguOYuNXIgznN7BjVXnxZRgBI5uOAPltFqTc2XkceF8iXXeK6Tg7io6GrLn0dBdLSSpYaeZ3a7P+5hAhtjmZYqbcpn/z3ieFAkpCk5uMT6awjIZCcHCAODOKsPDJm0dLf86ZuM2Rn8q52VdIOnxNvMWjy86afjE97Bgefs5KDr/9CtjF++4UiwiDgKqbkHyR9AE/xFFsQeJP22WXzHdnmWvuYY87i5xx8qiILoJICBdxoXTrGjllVXrkFUr5uMcAyfTaStqi47nc2n6s/gcuwWCgmHdOagUkjQlEPbPNCtNZ0eHf8OYqT7ZncrwrzSKVT79EQnBxUQ786gSxPwF2LDV2l4fb4Tez0r33FMyrH0uYV4KtKSRhRQL0//UXinn9XpoI9dJlAGiHoDpV2LG/eEShkmTQ7oDNcf7W0uyZyChLza3DsfxF9zlyI5IMMacO1ypHO8vwI5IK1YrpDQCtIl11z8S65R/To5kEP0HMLPzklPmj+cgSyzWZkKLn9mqS27pjrzK4WPF+8jlaJrSQ6qQ38NAZnJkoNwSLTPxS/bYRNh3fAEBikyfCTwdtYztuwMLl+8gzFuSDxnJwcICX8M51QV3whZ1mDg1AHP5FzL0H+Y5o2kNYPhwQA4CbHuKIzT4Tvyk+fLNx3j25l7/lHIyaAJF2QBXp+yqTh+gABjHjXDnbz3LPUagdbwZzW4w9uVhmGkxRAgB4i4fVXl+ZKxgIbLZzpQswWNE86q4Pm4VrSRRLqGW3qikwMJyKDd6oObH3yP6fWnLD7Ue4W5Q82G2wBY4KmDnq8/FO/c+rNROr0ABVjcnP/lhMo53Ig+d4QN4Yerzc0lTQ4gbulTSpcFaI6SJnz+vfF7CSmTAwACt04wtauR4uIDBXIAb8dy+aSGyK/HTRgf368jmzo5iITY4fatGmfJMXC5DWhn1+erklt2hyL94BFBdc8LXSzyz0oTphU5qC79NQRkpkwOYIVdbrrMEF3PH5YqOSoYUKs4GA47uP7j+L4fMi8HciCRtoVTHSA92XVpSABqTxXvdYzlNJFEwePzHf6JjtDPq0/bEJ5/XGWkB29HPUwl/1pnKk8gpx6P/66mOy3lgSOBkD1vNEKx+eOUrkLFK7grBBvfJmHLwfN+f6Fh7QUvhs64wxOdHEgDBpsWu4qbUY2gDFFE/W4X4OljB4QiiQL+nj7o+e8EOwhZXgO+87Xi1SFKpNm/6GUHPooB/0tsUvY2EkmSA6KQ3r51El8WUBWQ1ty546y5S4ccACim1+/hsxsy2OsYJCIH8AEXD9Be1Us2sgLQJde/IxoYlwPp5CAEsQPkOOoaewffrmboeEFxRwy/bhv8K6utCQbLV/c3qvLj4oZ8j5zKIz41IAfVqr+GgKopkwPp4bAHTNl1+XGtVX1JAF4K/i/ysqVI4GE1kwOxTvlffCMeNLUXD8Dp8Qfj7AFW2G5oNeNpyrXCYABeSQsOvp7rzK7DtaJ9B0rrExFyxIM0cvDxGKpZ6b+oiHAnPhHwdlZf2unQ9TpxSCBeEtIAONSGV1vxdkJLgujZGXTt9TfzQ2Hw5FdODqgc/P7XulgRHc21qBk/Z7ANpZSTwQ+5lwy77PCuSFDiYlWeO+ZFqcL17P9BeTlOYHZ/G0KO+rdKGSZHDgLBgGmV7cmqufdFAbTm7rU4rS1NcuBDaw64u1/JFSbfy09EDlDcawYasxicsaagS66/ORxfH3ZyMPVVFLI05Zk0lMeyFHBpyIFfnL79YYalsDaX1ziqAZc259vV4Zcuo2NnytVmbcWOu/e5luprbvIzuCmTK11OmuSg2vXXENAzPXLg/2Z+aDsWsqPgO2E0j+/1wlzCau/dEOfUF8hMlhx88SrN1qcKUiksEz1CPFw315l7JW2sgM9+pZPVT3NG5W/1pFlhqP2+eKAyaZ7I5RO9oIsrkQvk9OxRn4IjgajO1wgo+YXTiOIAn463I6E+t6h0IqH26YNeGrCpCcdPJRDlKSv800sdLMhLxxriPE68egGBsJlDyxeOV6zZROBkycHzjyGk+sqPeIiqAmUgZFWTA5QStDqwxd3lOnEpSU3uuX+ahPOw5OUgTxCIh88/bpZqGenIoochLk8pz6lLreibT5QaM5KbkkvXcU3K0ZQcQNaCLD5Hratd0pwvbsYGtlWNtObuL3FykiY5AMpBd76lg82TXXyQmBz4hjRSsbylLWPKITEY15YXXMmNGR6nT4NCYyQHxY35vm0s25Y7vvssaXzziWPnNo+f+ZOIxCUgB/hWy22e6f8S2hn4uGvxSlvwaAMv9rMJFWfOIApsdxj4r/Tcybun/l3IUh9tEm8O+6myhaRDDi4H/TUENEmHHEj2lOxmbW4lOaqoKDIg5MD/pVNfhj8Qx4DgCTs56Ha9kN+Af/4J80djbB8MSxpzhtoWTrEfpDEeEihNiIxva0bFQb3i5oKog+h0xeGECR0tUAy2vv8dpl+OS8fgUA2CKADigjUKhh/wJUPukVaoJVxdAaDcIPxJcUZmj0iVEHfHGhf+i8JUiCgBASZlW8iB1SB+gMCiPiGt+HO+sa2oTiFqxcyElYLnGz53IVjo5CUxRfxgJwf/nWBHvfe51Tj/BbushFWBKlg83X5yH+s0HL6aKiUH+DChCRRDGwCpQtmK41Kh1az48el4G2TmwMG15H9eT5NoeIgoUhsA8FtEwOn0Ty+h2aXWhrJzx7zKBLHL1UQQP5+iMi6YDDmgb9LTxcAVK9rx4iZ81xuFPjcLvf6kgt63CN2uZeMH4pq7bZx8zV365ABAYa3tb2pXO7nhkLjkAN7RuUllTgHMoKAx3+tWoTdDEfW5VejUnIkf0FUUTYx070CEPgByx0gOAPADfHip4TFD2eodqfiSqiYHqBTHHmdpRllOA6X1JaiX/Hp8ZiN+fLZl8Xv2Y0c9/FmvcN5rPO/lz3nP7XeufsU2NdNUWJdTvTATQG++bUsjqGe44aVMDi4T/TUEspYOOZCeT86xZGfwqvOmaJBbl7nai73qX07I78NFXHZyMOYxM8x3+MSFFCA6xbIfV1JaZad80kF46MONftTstEd9OxIBeqc/jR/AbeDvyIfM7w+1ffepa/f37l3furevdq9+z/HfifZh95sQILc+jwx+8ZqSuYdr2bLcDVFwzPgtcQWPjxZw4OF3/1UpAVEl/zO3G1EIqJEefxAmZppnD7K9XGwZ/YhZGvxASb6pOEOBV9MKiWEMjzjeHz/YycFXs53QH0xIVrbsaB0xaKGMKiUHKE/UQq+bjOB/KP++txlP7BEnByMoGv4LpoWCRfFC8rN3m2b1s6153wFuhzaAv1/Ndiyf4Xj+cTMsQ3ZdGo9RLn/QEavJhxpHyANbFFehJkUOYCnOLFC5LRAuql0zo5O4DNq6KvwXjzgYt/zl1+MmxlzHpwk5EHm6b+LtyV0PGJccoFa+6KKyWrO4Ed+jDS1Fji6KRPDvesXCcMM1QF29VTHuGSqxk4N0kFOL++9ipYOcEwHZrFJygEayboixbeJLLiKBBgy7k1OHLizAp56VQdPA+JDgXbIy6CghxoGcvFrc9OjDJ1ImB5eJ/hoCWUuTHMCo7frGDXMJX2sWyOSFX8UCEWFhYGGnl8jX6+G/jOQAXTHujG/YA+ZeNxv7/jkVwK12/50AL44edjBY3k28Qhf8APYdasR29YgWBgPoL/b4vQDngeKCY0NRoDahMEBOBQ/FrjyqbA0tKlQpzJH/NqMbKt77FwqJH6Mfo2UZg+5SWbsOQElgagHNHUATaCXpgL/Qoet1wspZlBdZrDAkepFZixbcraBdNqHniMJIDqTR9Te6WfvcYuxzq7yEVdHvL8bO19D+jln9VBqehColB1DgZfCk2nTI96xnSB9wBVkYAM/Pn/IOvIsOzcysSW0ApS21Afyl8q9J3zjKH3LmDgc7VMoX3s5/3o7wqEEKqThWlAQ5gKx3HuTzFD1o4ZXcyCFi+0CqDEBNT/wdl89w3kBpM77D9fI1d9qQA9FwB62uUgNXxGY6gTjkgLLjebqm8mpNHhEXfe2liDGlEQtaFVHuymeb9ShswA3qKR/QQ4ldMnLw+dLLkRxQGZbR3Y8pnJmN7jgh5rky0FbbtjC6glG3R6ZMDi4T/TUEspYmOZBewcDBzH1C6+crn8cCb5e96URysN34b6SJhxBGcgDALyJ8Gihf9ibNl8NDB4MX/mMoy8ngvp6r6tEp0c1LXW90J48IStHlWgEMD06u2/UCuu/Tiy1fz3OKZ+DI40YCdOqXY6HJ/i1fVh6Nh+e7v6OjptEdF87LR1ZiIQ1pnNxHhy5MK7SMa21+/gnzu4NsW5a6JN8vCx8JvF36euhkKhjkcEVAICs5AETOlCrKxz5ODe+Npy4LctDjD0a0AbFtl6P0ZAHCgDQE3rPB/cEw24A7jd1vENBo0QbwaaM9gDuOa2VGdZh4tAGlTEFJVEF+A5q/kNayyALIwEwOIDfgLlD2Ui2p87p+n0ozjQS8+5YJpo5sPWP4hu+OUvYio2tCDgCIOrnAio+EZRgDiCUHgWBAWGFrU1PJFpdCn9pGS+LbImKBKnz7H0yXRUH4kxmCI3pmAdF/5eQAQCEcmE1X3kkr/KsUqAUk9NV2kf9F6JDOmoPLQX8NgexoQg5m96f183CTykJgFRGgYw1iEh+Njupa4Tc7OUgTkB+x0r58yH3GvPo8ensw/eG97HEB/eHLoSoAF2I1+c6f9Jp5X8VVC0AU44mFVAL97jDmNeDRv8dv6ntUvMV/Ue9gWmPVTsUJQ3RXIZUkSPMUsmCRkDxTdl0+px4HVhGZEH4nQQ7SAIQzNjwJVU0O5gy1SSMBZw6rf27iCgMqapBUl8OPNsCd8Xp9lW1AefwMQLA3e1qzMzh8C8onXUpgJQcXgoH9syzt6yjZJpqn/I28c68C9Io4F4w+i0suuJIbRcMSldE1JAcANF+Yb+yQwdTTiiUHiD6/A5/TSKmIihrwz3RW6ejIUB4MHFO8+jkSdMm1NCxRER1a6eQAgGLfjqLFX4xrYFMDPGtHA/fKlDjdwXTIAVDt+msICE+fHMD+njpAOxGAE3tVppAR94OhdCASEsVvGPPw82oiBwHurDezFq0VGPQ3WjbB4k4AOGDYdLgB/FV2xmFIzEDavdbGwO35Xn44BBRb/zEtjAfWvF8lVS/pMCXPAmYAz+SEo43wZHj1KyQHqD7oUHqVkN+QbiI00g4FeZi4QGpSGwAY2wCAtL5dQLUMDT+fpDL7IIGVHEDv1/+Xy1O8LKCgHvfCGLQteVxlIPyUm9hmFlrwbZqY0EEPe3ptyYG44tL73DVMdyLIyQHFddNqTSWWw2cbuGWbk+yTiZIL2WYW6JLr6Gv48VsnBxJQFHvesxXU4XIb0YicTHj6KGlOi4ZeodOo4rS3NMkBUL36awjIT58cSG/h2rMz+LfE8wBkbyMBV4SuEmgEHORXsyttlCQBub705AD49hMn2F5OPb73zUank5SBprJYaQJeBGIXT3cgIeR9Zp/4BUXj7U/QokL0YoVfWL0UIyQdPniONoUh+1BGpgP++yskBwBY2plDRHDBD4qa8sd304JEhVRSA7SD2G0rXCh/VPHQ+8TFJQwtjY0coH9vcsI0K88pIMDGk0nfqAsHv32qmXFmIcvArdxW6Vw1JgdUioHyU45chvldGTkQ+/dW5VVjRG7qC+6YDQWqQF2+9xDTInPkt80VPBcxbYG4OjkIA6XhOuOacK+QVYvLb6KZi0WHu6A+n1mPX7gCPiZ+Y0ufHADVqL+GQBIakQP/gpdodVV2XfXVVQgwKZsuber6P5XTEPhRXeRAfEJr0WGy8+rzufX4NR8QLUMw9u6gAkSXQEm81NEMpwVmMIbOBohf2qL/9uc14OGlCpvwwjlYNm2YCsTCBb7dh7bkZdXhxrWOc4Yjnvw6yQGA8jm0w5NVhw437GDg5o2yiyeRaEQRwIpFaUtepVuU0cw6XS1AN9UJCAlM5AA+WHVlQGkzvt1vk5xTkADmIbDOLBTW5wb2qByWJ3IwSUtyAIBE759pbqt2pzORgy2V5AAZn/UvXtl/Q/lneyc3pyAhPLPAMt+RU5Ob93mlk4Zil4wcfPZFiuRgaANWcrDpVFrkAPDT1+I/vNox6g4hty7dUljcPEUvi1glLcitZmXwQzItZ60kWZZcGEQOtrCSg9a/T7h0vLr01xDImibkgE7UsdK+LFjk7WuUjlIGYBNPHaReGpzxT+tCgSGzGsmB+JC6dPkNaCYeig240yRdpIvngYvk4MPR2SGOVxM2LXZ1u552uIEZTMwir+xPTDuQ6Il93qza5KUya/Gr36PxFSA1plKhAx3vQ1dKiocBD7tfdBAxAvHwV0sOABTU6YPep66nQ5BQSmiQy2c6xAKkw69SLn+pFZ064Blyd+jwzV43GaEnu25M5ABpzG8jZF5JZigRcmpwEyel+IEh1uQbuZxGcplx0Ih/XNyzIEUEOdgw3tSuVkywMJryT9Q2epKkLNBnzhNC+zox0iLQwVC2/IdIcuAbUKMsv6k8WCTaGcrW/lwZJQmIMwv5BjrJUSYzFnl1uWf7VK7MQFkt72XsoJgXTdDRwC1IceTAP7xJWV4TucBYtDGU/XAuEPd+qWQhEeoTm11zu5k6teThZeEgC1F9LWizH7xmXGooPieHCmUKYENrc4gyutiyez+NByqfTghy4PvB/riBLkdRRlEDvl28I78icen11xBIa+S/yUbP6Ek2GtYqEfB2Zi8iB4mWl+PhoL8bs+vyEzKpxGTRZQDvf+5+OhApNLIqRpfIwWbitSrR0wTkL3pZTg5EHfxul39sazM8aE4GUYTeNxvnjbJxZ+gGHYREAGl2mbhCLF3w03O8La+4whGs4vuFzr5/NsJX5YqnMkjLMBWYgQREP77Hi/aTk0FnavW9zfjNfKekOekAspJAB1JA1EHc0EHhofmPq1xjW9GgRa54TsP7Q0Ud4vlXPEf9oj2MeUS9EtMBhCMJJJTEboUdIXLgcZPpjpQWCbxCAIkcHN6eHDkAREfuf3cgLbAFOtZAV5l/u7f1yE6PWKRU/pBJ5Y9KjEcZQ+WPnraYTQTe/b17XCv0ckPlP0lkh8pLX2VgIgfouR74wJrXkO9yLW2kiUXn3/Cd/mzioFxKNCcQDJxfZ4Pjl4mNRUljfuK4Ss+HXpR9t7NbS9rYIwspoVMLvl8WUzuIQrk/eNE79QGhuKVcoATkt8tdJgvaekU9IYnPi4WC5vKQYZQ25wfnWcFmUhuzhfxvRpoKmqgXUf6V/PKNlTMvKCLjNkfXFnQhhyykhkCBdP2rib8QSKEBSAyvsJlK1kqv4kd1suEr0nDQW/yq8eF59652rZhufe4OeFC+qAkd5wKTmlWHh9cJQ3zC5YAiX0WFObaT5dslLmsFwZdJjgMa5vWM/ytf8ht51qJwjVByjbB6A9MhbpdUf+2AFMc8ZoIRRHf2l+Peo7s8cXFst+fkfu/wB02w5rP6xt95hVJCH5f22dfk9m52H98jFxKJM4c9i6bRkTKZNcXj+URNpGNrP5tkP31IHl5bnD3qmdnbiloYEXH+jwTxVoLAvs2ekQ+b4JiRX6gETzPwLhPcGDy08bzXAzsZMv0SyGFIIOrg95875lk9h67pK2xCa0eQTVR6/ztMZ47AGrAaQEiD/x7fTmIqJKekOT+10PLtJ86yU160YTQ5yZOJCOmAh2hCcE4Is/ZDx9t9rN1uEKB/dgYtYuj3FyM4BwJDSVlyEvBqRi8rsjz4btP5UwnbQ/qAcCSBhFQXqUhAvo7v9YInwbke3KbUuvAKARAMuT59UOmAwkRA6UGl8ye9r5RaJXeO6oNr7/47YWqBBTV7+gDtTUDtxJY/VYE4zmQ2+tZ/7AyXP9mBOlz3G4Qda4j7ErGISVcBrAsSwQ9EVZSQGjOQAH4gk5YYURHFUVZZADkiw7NCrCplyHaBy97GRTqOTSZKEVERWYpIE6TcAMAPZKISQEtmUImKmTkRPuGY+6fVrg3/da77wL7sTdvyGQT8WPux8/vPndvXu01usnSSPqq9sSgQP5AiqiImrgIumf4aAel+PJqWp+U3pG2TCpDCtDaUbVlWuTU/EpJJhQcqaEzH8siixwIOD5Z34J2VIwfoUcGAZmfIQ1YFkDRyNHcEnYEWmQsJUiUe2+VBDxIckaYDahJLQO7gJGDo+9xqHPO4+cX25hfamMEzXupAv/EEz1FKCAOPgvD4i/+CguzdJA4IJdWWYC7E9YP7t3hGP2bKa0DePawD+ocD7zSOfMiEpKHDO/2t+PtSR/Ozd5sG32MsaSFIly+A3EAHZHbwPaZNi2g4WZl9IsDX85yIi0qUlZjmQBJIaN1HTIPcaF0XLvofN5QVt1BvXQhQ3IwXj4UmPy0TxQhpnABc8NMX7d2upyOzwuWJJMDYevzBOOoRKv/xbc2vdbVOyjaDyb3Yztz/r8YSuoONyh/BEB511+tPxvUfhRayyBJiASs50KHjVwJ8n6KZliA50ZArBeCi4g6NXj64/PUnvhr0j2ttzm8kv0lEhqKmtD5uwUtKO6+QowNbPF2uFRBSFj0W8A09/yCYOJ+0JgtF4bD7htxrwnNZyKoAfPa4J2nkXMF5VIwGBX762vXRGNvQe03IFyJKo80E6VBC8YBC6QcA/w1ngOIa8x/z0tcdyCAkKLtkZUhMRTjnXfamA2xA0gHJwQWG3JX4O/ykwxVEZRAGOgx7wDRvpO3UAYmDxh8GlwEh33jKSlmIKTQNAeFIgnHYQAJCLp7mAKeUiYoFMg7hGxZqsHhFHCKiNnD4J/fCKfbxbcwofzr5NIM4ilTjVPWoCLENSA8lQoCQaM/zx9qkESPG8o8LnRzo0KHjUkPkB+S9XE6f25UQTgc5OVVrK3kyBJZFj4UkMHLUV+oo+wN+V0xgbQH5SAVpKTCDSoRGg8TwAf/x3Z6ty13LZjjmP2+b0cv6cpFlejFhaoHlk3E2PMfbwztoKgrh8VeiPumjYiKDZEKHDQudy2c65o2yTSsIKTCt0PLhMNvHY2x4/t0Cp7gZLxQ+2RELKZZye0gTEC6pJ0taGYii2lABJwlXb6tJQWSKoZI5fci7Y61rzQdOUMY5g20o+VAVFFjmjbYtmubYuMh56EeP1MYQPqnlBXGhkwMdOnRUD+Am4fmUIYuiAFnERJDFkiALU3WQpcsCxIKTqJhpht2PBb0lZ5xqH1EVRKJCCiTUAUhXB4b2kCZSU4+loQJVV/6QDEar3Aak8ic1ZHFThU4OdOjQoUOHDh1R0MmBDh06dOjQoSMKOjnQoUOHDh06dERBJwc6dOjQoUOHjijo5ECHDh06dOjQEQWdHOjQoUOHDh06oqCTAx06dOjQoUNHFHRyoEOHDh06dOiIgk4OdOjQoUOHDh1R0MmBDh06dOjQoSMKOjnQoUOHDh06dERBJwc6dOjQoUOHjijo5ECHDh06dOjQEQGf//8BHuhhWECmXPUAAAAASUVORK5CYII=" width="270">
16 |       </span>
17 |     </div>
18 |   </nav>
19 |    <div class="container-fluid">
20 |      <div class="row">
21 |        <div class="col-sm-12 col-md-12 main mt-3">
22 |          <div class="d-flex justify-content-center">
23 |            <div class="spinner-border" role="status">
24 |              <span class="visually-hidden">Processing...</span>
25 |            </div>
26 |          </div>
27 |       </div>
28 |     </div>
29 |   </div>
30 | </body>
31 | </html>
32 | 


--------------------------------------------------------------------------------
/terraform/sns.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_sns_topic" "analysis" {
 2 |   name            = "${local.name}_topic"
 3 |   delivery_policy = jsonencode({
 4 |     "http" : {
 5 |       "defaultHealthyRetryPolicy" : {
 6 |         "minDelayTarget" : 20,
 7 |         "maxDelayTarget" : 20,
 8 |         "numRetries" : 3,
 9 |         "numMaxDelayRetries" : 0,
10 |         "numNoDelayRetries" : 0,
11 |         "numMinDelayRetries" : 0,
12 |         "backoffFunction" : "linear"
13 |       },
14 |       "disableSubscriptionOverrides" : false,
15 |       "defaultThrottlePolicy" : {
16 |         "maxReceivesPerSecond" : 1
17 |       }
18 |     }
19 |   })
20 | }
21 | 
22 | resource "aws_sns_topic_subscription" "analysis" {
23 |   topic_arn = aws_sns_topic.analysis.arn
24 |   protocol  = "email"
25 |   endpoint  = var.sns_email
26 | }
27 | 
28 | resource "aws_sns_topic_policy" "default" {
29 |   arn = aws_sns_topic.analysis.arn
30 | 
31 |   policy = <<EOF
32 |   {
33 |     "Version": "2012-10-17",
34 |     "Id": "__default_policy_ID",
35 |     "Statement": [
36 |       {
37 |         "Sid": "AWSEvents_smebiz-codepipeline-events_SendToSNS",
38 |         "Effect": "Allow",
39 |         "Principal": {
40 |           "Service": "events.amazonaws.com"
41 |         },
42 |         "Action": "sns:Publish",
43 |         "Resource": "${aws_sns_topic.analysis.arn}"
44 |       }
45 |     ]
46 |   }
47 | EOF
48 | }
49 | 


--------------------------------------------------------------------------------
/terraform/variables.tf:
--------------------------------------------------------------------------------
 1 | # Region to build the system
 2 | variable "region" {
 3 |   default = "us-east-1"
 4 | }
 5 | 
 6 | # Docker image name
 7 | variable "image_name" {
 8 |   default = "memory-analysis"
 9 | }
10 | 
11 | # Dockerfile directory
12 | variable "docker_dir" {
13 |   default = "docker"
14 | }
15 | 
16 | # Analysis script directory
17 | variable "codecommit_dir" {
18 |   default = "analysis_script"
19 | }
20 | 
21 | # Username to commit to Codecommit
22 | variable "codecommit_username" {
23 |   default = "terraformer"
24 | }
25 | 
26 | # E-mail to commit to Codecommit
27 | variable "codecommit_email" {
28 |   default = "test@example.com"
29 | }
30 | 
31 | # System name to build on AWS
32 | variable "app_name" {
33 |   default = "memory-analysis"
34 | }
35 | 
36 | # IP address to access API Gateway and S3
37 | variable "trusted_ip" {
38 |   default = "192.168.1.1/32"
39 | }
40 | 
41 | # Network address used by VPC
42 | variable "cidr_block_vpc" {
43 |   default = "172.20.0.0/16"
44 | }
45 | 
46 | # AWS access key
47 | variable "aws_access_key_id" {
48 |   default = ""
49 | }
50 | 
51 | # AWS secret access key
52 | variable "aws_secret_access_key" {
53 |   default = ""
54 | }
55 | 
56 | # E-mail to notify the analysis status
57 | variable "sns_email" {
58 |   default = ""
59 | }
60 | 


--------------------------------------------------------------------------------