[ CryptStringToBinary ]
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptstringtobinarya

[ NtAllocateVirtualMemory ]
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntallocatevirtualmemory

rdx = contains the address which stores the address of newly allocated memory

[ NTSTATUS Values ]
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55

[ VirtualProtectEx ]
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualprotectex


[ Breakpoints To Set ]
VirtualAlloc
VirtualProtect
CryptStringToBinaryA

[ certutil ]
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil

certutil -decode dump.b64 dump.bin

where dump.b64 = input, dump.bin = output