Edit tour

Windows Analysis Report
MV_TRANS-ASIA_I.xls

Overview

General Information

Sample Name:	MV_TRANS-ASIA_I.xls
Analysis ID:	1274208
MD5:	0c13eceb36bdde5263a3e2ecc3339407
SHA1:	19d9f3512d1d0e0ec66fe8fec4efd149f4287e1f
SHA256:	fffb8dde88ae23cc6c9b00e3692bfe33242ebfde732dc0b0f4a445b729985fc5
Tags:	xls
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Antivirus detection for dropped file

Excel sheet contains many unusual embedded objects

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample execution stops while process was sleeping (likely an evasion)

Document contains embedded VBA macros

Document misses a certain OLE stream usually present in this Microsoft Office document type

Classification

Process Tree

System is w10x64

EXCEL.EXE (PID: 5468 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)

WINWORD.EXE (PID: 4668 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)

splwow64.exe (PID: 5496 cmdline: C:\Windows\splwow64.exe 12288 MD5: 8D59B31FF375059E3C32B17BF31A76D5)

AcroRd32.exe (PID: 5680 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding MD5: B969CF0C7B2C443A99034881E8C8740A)

RdrCEF.exe (PID: 2528 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• AV Detection
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: MV_TRANS-ASIA_I.xls

Avira: detected

Multi AV Scanner detection for submitted file

Source: MV_TRANS-ASIA_I.xls	Virustotal: Detection: 42%			Perma Link
Source: MV_TRANS-ASIA_I.xls	ReversingLabs: Detection: 26%

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\~DF91913997E8231534.TMP

Avira: detection malicious, Label: EXP/CVE-2018-0798.Gen

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Source: excel.exe

Memory has grown: Private usage: 1MB later: 80MB

Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.aadrm.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.cortana.ai
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.office.net
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.onedrive.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://api.scheduler.
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://augloop.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cdn.entity.
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://clients.config.office.net
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://config.edge.skype.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cortana.ai
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cortana.ai/api
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://cr.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://d.docs.live.net
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://directory.services.
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ecs.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://graph.windows.net
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://graph.windows.net/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://invites.office.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://login.windows.local
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://management.azure.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://management.azure.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://messaging.office.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://officeapps.live.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://onedrive.live.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://outlook.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://outlook.office.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://outlook.office365.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://settings.outlook.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://substrate.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://tasks.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	String found in binary or memory: https://www.yammer.com

System Summary

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Source: Screenshot number: 16

Screenshot OCR: document is protected (')T_2 (') (') X a kheet2 J Sheet3 I IE] I m I i '00% O Type her

Excel sheet contains many unusual embedded objects

Source: MV_TRANS-ASIA_I.xls	OLE: Microsoft Word 2007+
Source: ~DF91913997E8231534.TMP.0.dr	OLE: Microsoft Word 2007+

Source: MV_TRANS-ASIA_I.xls	OLE indicator, VBA macros: true
Source: ~DF91913997E8231534.TMP.0.dr	OLE indicator, VBA macros: true

Source: ~WRF{C5C377A4-DBAB-4E46-BF0B-39EC296CAA1F}.tmp.1.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: MV_TRANS-ASIA_I.xls	Virustotal: Detection: 42%
Source: MV_TRANS-ASIA_I.xls	ReversingLabs: Detection: 26%

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: MV_TRANS-ASIA_I.xls	OLE indicator, Workbook stream: true
Source: ~DF91913997E8231534.TMP.0.dr	OLE indicator, Workbook stream: true

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" -Embedding
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{1935121C-0117-4180-8A62-DDC0FB773FCC} - OProcSessId.dat

Jump to behavior

Source: classification engine

Classification label: mal76.winXLS@22/81@0/1

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: MV_TRANS-ASIA_I.xls

Static file information: File size 1436672 > 1048576

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Source: ~WRF{C5C377A4-DBAB-4E46-BF0B-39EC296CAA1F}.tmp.1.dr

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: MV_TRANS-ASIA_I.xls	Stream path 'MBD001D392B/CONTENTS' entropy: 7.98177286202 (max. 8.0)
Source: MV_TRANS-ASIA_I.xls	Stream path 'MBD001D392C/CONTENTS' entropy: 7.91669502048 (max. 8.0)
Source: MV_TRANS-ASIA_I.xls	Stream path 'MBD001D392D/CONTENTS' entropy: 7.90090466154 (max. 8.0)
Source: MV_TRANS-ASIA_I.xls	Stream path 'MBD001D392F/CONTENTS' entropy: 7.94631733096 (max. 8.0)
Source: MV_TRANS-ASIA_I.xls	Stream path 'MBD001D3930/CONTENTS' entropy: 7.91669502048 (max. 8.0)
Source: MV_TRANS-ASIA_I.xls	Stream path 'MBD001D3931/CONTENTS' entropy: 7.94924924846 (max. 8.0)
Source: MV_TRANS-ASIA_I.xls	Stream path 'MBD001D3933/CONTENTS' entropy: 7.94631733096 (max. 8.0)
Source: MV_TRANS-ASIA_I.xls	Stream path 'MBD001D3934/Package' entropy: 7.98610659657 (max. 8.0)
Source: MV_TRANS-ASIA_I.xls	Stream path 'Workbook' entropy: 7.90099886459 (max. 8.0)
Source: ~DF91913997E8231534.TMP.0.dr	Stream path 'MBD001D392B/CONTENTS' entropy: 7.98177286202 (max. 8.0)
Source: ~DF91913997E8231534.TMP.0.dr	Stream path 'MBD001D392C/CONTENTS' entropy: 7.91669502048 (max. 8.0)
Source: ~DF91913997E8231534.TMP.0.dr	Stream path 'MBD001D392D/CONTENTS' entropy: 7.90090466154 (max. 8.0)
Source: ~DF91913997E8231534.TMP.0.dr	Stream path 'MBD001D392F/CONTENTS' entropy: 7.94631733096 (max. 8.0)
Source: ~DF91913997E8231534.TMP.0.dr	Stream path 'MBD001D3930/CONTENTS' entropy: 7.91669502048 (max. 8.0)
Source: ~DF91913997E8231534.TMP.0.dr	Stream path 'MBD001D3931/CONTENTS' entropy: 7.94924924846 (max. 8.0)
Source: ~DF91913997E8231534.TMP.0.dr	Stream path 'MBD001D3933/CONTENTS' entropy: 7.94631733096 (max. 8.0)
Source: ~DF91913997E8231534.TMP.0.dr	Stream path 'MBD001D3934/Package' entropy: 7.98610659657 (max. 8.0)
Source: ~DF91913997E8231534.TMP.0.dr	Stream path 'Workbook' entropy: 7.90099886459 (max. 8.0)

Source: C:\Windows\splwow64.exe

Window / User API: threadDelayed 410

Source: C:\Windows\splwow64.exe	Last function: Thread delayed
Source: C:\Windows\splwow64.exe	Last function: Thread delayed

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scripting	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Disable or Modify Tools	LSASS Memory	1 Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Process Injection	NTDS	2 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Scripting	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Obfuscated Files or Information	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
MV_TRANS-ASIA_I.xls	43%	Virustotal		Browse
MV_TRANS-ASIA_I.xls	26%	ReversingLabs	Win32.Exploit.CVE-2018-0802
MV_TRANS-ASIA_I.xls	100%	Avira	EXP/CVE-2018-0798.Gen

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\~DF91913997E8231534.TMP	100%	Avira	EXP/CVE-2018-0798.Gen

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://cdn.entity.	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://ofcrecsvcapi-int.azurewebsites.net/	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://powerlift-frontdesk.acompli.net	0%	URL Reputation	safe
https://officeci.azurewebsites.net/api/	0%	URL Reputation	safe
https://api.scheduler.	0%	URL Reputation	safe
https://my.microsoftpersonalcontent.com	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://api.aadrm.com	0%	URL Reputation	safe
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h	0%	Avira URL Cloud	safe
https://dev0-api.acompli.net/autodetect	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://api.addins.store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://dataservice.o365filtering.com/	0%	URL Reputation	safe
https://officesetup.getmicrosoftkey.com	0%	URL Reputation	safe
https://prod-global-autodetect.acompli.net/autodetect	0%	URL Reputation	safe
https://d.docs.live.net	0%	URL Reputation	safe
https://ncus.contentsync.	0%	URL Reputation	safe
https://apis.live.net/v5.0/	0%	URL Reputation	safe
https://wus2.contentsync.	0%	URL Reputation	safe
https://make.powerautomate.com	0%	URL Reputation	safe
https://asgsmsproxyapi.azurewebsites.net/	0%	URL Reputation	safe
https://login.windows.local	0%	URL Reputation	safe
https://api.officescripts.microsoftusercontent.com/api	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.diagnosticssdf.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://login.microsoftonline.com/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://shell.suite.office.com:1443	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://autodiscover-s.outlook.com/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://cdn.entity.	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://api.addins.omex.office.net/appinfo/query	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://clients.config.office.net/user/v1.0/tenantassociationkey	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://powerlift.acompli.net	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://rpsticket.partnerservices.getmicrosoftkey.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://lookup.onenote.com/lookup/geolocation/v1	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://cortana.ai	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://cloudfiles.onenote.com/upload.aspx	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://entitlement.diagnosticssdf.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://api.aadrm.com/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://ofcrecsvcapi-int.azurewebsites.net/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://www.yammer.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://api.microsoftstream.com/api/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://cr.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	Avira URL Cloud: safe	low
https://portal.office.com/account/?ref=ClientMeControl	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://graph.ppe.windows.net	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://res.getmicrosoftkey.com/api/redemptionevents	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://powerlift-frontdesk.acompli.net	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://tasks.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://officeci.azurewebsites.net/api/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://api.scheduler.	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://my.microsoftpersonalcontent.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://store.office.cn/addinstemplate	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://api.aadrm.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://globaldisco.crm.dynamics.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://messaging.engagement.office.com/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://dev0-api.acompli.net/autodetect	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://www.odwebp.svc.ms	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://api.diagnosticssdf.office.com/v2/feedback	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://api.powerbi.com/v1.0/myorg/groups	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://web.microsoftstream.com/video/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://api.addins.store.officeppe.com/addinstemplate	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://graph.windows.net	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://dataservice.o365filtering.com/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://officesetup.getmicrosoftkey.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://analysis.windows.net/powerbi/api	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://prod-global-autodetect.acompli.net/autodetect	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://substrate.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://outlook.office365.com/autodiscover/autodiscover.json	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://consent.config.office.com/consentcheckin/v1.0/consents	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://d.docs.live.net	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://ncus.contentsync.	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
http://weather.service.msn.com/data.aspx	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://apis.live.net/v5.0/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://messaging.lifecycle.office.com/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://pushchannel.1drv.ms	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://management.azure.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://outlook.office365.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://wus2.contentsync.	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://incidents.diagnostics.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://clients.config.office.net/user/v1.0/ios	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://make.powerautomate.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://insertmedia.bing.office.net/odc/insertmedia	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://o365auditrealtimeingestion.manage.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://outlook.office365.com/api/v1.0/me/Activities	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://api.office.net	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://incidents.diagnosticssdf.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://asgsmsproxyapi.azurewebsites.net/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/android/policies	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://entitlement.diagnostics.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://substrate.office.com/search/api/v2/init	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://outlook.office.com/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://storage.live.com/clientlogs/uploadlocation	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://login.windows.local	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://outlook.office365.com/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://webshell.suite.office.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://login.microsoftonline.com	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://substrate.office.com/search/api/v1/SearchHistory	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://management.azure.com/	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://messaging.lifecycle.office.com/getcustommessage16	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://api.officescripts.microsoftusercontent.com/api	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high
https://login.windows.net/common/oauth2/authorize	EC4C8406-9600-479F-B523-6A0DBCE8283F.0.dr	false		high

World Map of Contacted IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1274208
Start date and time:	2023-07-17 07:54:11 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 53s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled GSI enabled (VBA) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	MV_TRANS-ASIA_I.xls
Detection:	MAL
Classification:	mal76.winXLS@22/81@0/1
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .xls Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Scroll down Close Viewer

Warnings

Excluded IPs from analysis (whitelisted): 52.109.28.100, 20.224.224.21, 20.126.106.131, 20.25.84.51, 2.21.22.179, 2.21.22.155, 23.36.224.131
Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, acroipm2.adobe.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, config.officeapps.live.com, a122.dscd.akamai.net, nexus.officeapps.live.com, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:56:10	API Interceptor	509x Sleep call for process: splwow64.exe modified
07:56:20	API Interceptor	2x Sleep call for process: RdrCEF.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	205
Entropy (8bit):	5.61223987875705
Encrypted:	false
SSDEEP:	3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuVlTYAlKMkt+H/XiTFJrqzOJkvP5m1:men9YOFLvEWdM9QqYAmt+H/Xi7Z+P41
MD5:	C871053BF2AC0B98BC89253E672BF376
SHA1:	CCBC5B2142B2863FDCFACEA270C2401726C10A32
SHA-256:	2C767E8B72495786362FE1A7CAEFC788646A05D2AC0C66D13EDC5055496A13E2
SHA-512:	5A13506044393B0A588E876983840555C454E83E7F559A5E192D214770AAC4DAEF92E68147BCE1AC1D653CC2BDE529AD5A0AD9457B3042DE20AA04206971BF2D
Malicious:	false
Reputation:	low
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..Yd.>_/....."#.D.%..6-.A.A..Eo......................d.{v.^.G...d.W.:...P..k%..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	174
Entropy (8bit):	5.51088976744848
Encrypted:	false
SSDEEP:	3:m+lF9NX6v8RzYOCGLvHktWVne3duE19hMktWg3e98fZe/O+/rkwGhkg4m1:mi9NqEYOFLvEkNoddjtWg68Be7Ywcr1
MD5:	8F1944E2F1324D7E22D9796C459B6496
SHA1:	73903F86A9109D31A6B9512EDD63F35413510178
SHA-256:	67B8180CF7D6FE1CDB22615D55A959D9633AB32895CCAAC3EE569D47A9CD7F79
SHA-512:	DD5B5695E0F82BFB341F7DD9E3CE36D1E9F85AD158145329562EC302AC40A44BFDDCDB4FBC408715E1D24666C7ADACAE88C64368B724E8469BE0554609F13B6A
Malicious:	false
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ..o6.>_/....."#.D.R..6-.A.A..Eo...................1.x.'.vI..*\|Z..o...+.4....0..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	246
Entropy (8bit):	5.551924042879212
Encrypted:	false
SSDEEP:	6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhudYOthkmt/RlUoSjGY1:DyeRVFAFjVFAF5YOX9tZlUo6
MD5:	91C69F5E63FF0B0F2C5758C1378F2F9A
SHA1:	9C82A9D22B83E5043A301FCFCC62288C478514DA
SHA-256:	59F331BEEAEDFD53DE4B1D1077DE5CB550159E8D288184DD91C2D738681F3458
SHA-512:	C03641488E3096440DED0F99F522B14451B2402A77F894EF40C1D29551E03A0CAE3793A195EC509AB681536442E8C65D5C176F67637A4BC19A6C217CCF77766E
Malicious:	false
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..`a.>_/....."#.D..p.6-.A.A..Eo.......k.9..........hvDO.N.t@.....n.*...... ....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.650561115995741
Encrypted:	false
SSDEEP:	6:mNtVYOFLvEWdFCi5RsYDwtR9lTuiWulHyA1:IbRkiDlsHTjWus
MD5:	CCF2B87A14EBBEE6C8F8CE51E4ED9D41
SHA1:	6D02BB66DDC645E8E0ACC524E500CA41F4838B16
SHA-256:	96850A33C1599C42FF4C89BDB77EF44E792008F12EB743587D86736571868B97
SHA-512:	B3B214CC56E81CEB0C771110074A1CE7E41C0C469A3D4990A60CC28360F1CCD3EF784CC3C9A60DE36C3A269786A3EC5C4EBD7A08EAA96ED3570CC4E70CE7FEF2
Malicious:	false
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js .UEW.>_/....."#.DM.J.6-.A.A..Eo.......V..........8 P..a...R..Y....7.@..2Dm{..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.523137919000196
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVu0rtc/OVyh9PT41:pyixRu6qOV41T
MD5:	DA1F6A367B150F236EFA17FFE47F124F
SHA1:	5925F64767F6CF07D44BC965A41D9D648CEE75F5
SHA-256:	D93F2C9B951CEA7C4E228876DC38EDC4A6962AE3767EBF4FCF9E6805645FCA9F
SHA-512:	DEFB285D57A1367538037630A94BE2D89E58E946DD16095E424931B1FC5B133B44F1380D2EE2DFB14751CF0A356A6844D30D135D208DACB223B6A187694DE0AB
Malicious:	false
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .g.b.>_/....."#.D..r.6-.A.A..Eo.........f........k.Q.....-_..y.....O...>..1....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.566661576240236
Encrypted:	false
SSDEEP:	3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVoNh/VtTBqMktkX3lYo2sZI8xeGI:mvYOFLvEWdhwjQjv/BQtkV3ZIl6P41
MD5:	6ED08598A6F76F46FC28C46D781F474E
SHA1:	28F4981C716DA1086E4D13A66793A2849ADE9C29
SHA-256:	3457860971B87FDD8A79AB3214159DBC7F806C01730C7D80FDFDC4D808EC6761
SHA-512:	68F6A1C076220A4DC029E5EA0A199867C894831DA63E363F35540D2B9681EE6691EDEBED67A01E55D6E6FB6FEE3844B9211CA17145268BA219B227E1FC09517F
Malicious:	false
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js .AD^.>_/....."#.D..].6-.A.A..Eo......c............].>....uUf..N...k......c..l.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.520746708732466
Encrypted:	false
SSDEEP:	3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVQyb6Kl6FpV0hMkt9ltlVcyx3:mJYOFLvEWdGQRQOdQ7HZFpVQtNrD6g1
MD5:	37DCE6A501921682AEFBFE877FA10E1B
SHA1:	3160403CDC41C8E104181011F0B4BDB892ED5A39
SHA-256:	123E3CECD049C060705583572118BE26C4297948FF9CABC29A9914CBF8617DD2
SHA-512:	EDC557C8F104C8CC01DEBE5DD7124339BBA77930846001F6F5AD29AE50B2878B133DC0844A0363921E170A3999C476BA26DD4E07C1306CAEAA44A746DC63F690
Malicious:	false
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ..,c.>_/....."#.D..}.6-.A.A..Eo......M..+..........c..y/L....\|y.n..C/I.....X7-ne.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.5431419378256335
Encrypted:	false
SSDEEP:	3:m+lLp08RzYOCGLvHkfaMMuVB2dY0hMktLtDQMWqg4nRb7om5m1:mOYOFLvECMLcY0jt5EuR/41
MD5:	5412B176A37357F111F0AA175F8BB2EF
SHA1:	F5807E2E0D3E9D97D316E43863C4F34394F1F91F
SHA-256:	3B5F52D3EFDF4B3AAB2413144377256A9CBF63159662B86049F640EE29684B77
SHA-512:	88FC43B41B115F9B1611A9915080F6683ACF01A36F2F828BA9F18399A4C06BF965738A448705F274EEC5DE41CAB5AEBD3CACEBA5191DC010942C9E0508C1C3A8
Malicious:	false
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..t6.>_/....."#.D.x..6-.A.A..Eo......I.;..........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.52309525423456
Encrypted:	false
SSDEEP:	6:m4fPYOFLvEWdtuvAlUTOteWby0zBUKSAA1:pR6AlUKIWb
MD5:	2E4BBA1013971089FFDED1A40B7563E4
SHA1:	31814365231DC102FBF6BB73423DCA16B5F2F698
SHA-256:	C658F57EDDE953DE46E3B5E920376C5D33666232C59C3B3795FEF5F281997816
SHA-512:	C54CE0F8C94B45B071DB22ADC34EC4A75D399C88373D0C60C83E8C0D0636E6F13B0BC656A59F0B2BB53873751485B533B8AD464768CD7662F2E3DFF5850E343A
Malicious:	false
Preview:	0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ...d.>_/....."#.D..~.6-.A.A..Eo.........Q........Q..E.=....=h`t..t..3%A.F$..w..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	177
Entropy (8bit):	5.4877875378804575
Encrypted:	false
SSDEEP:	3:m+l64HXlA8RzYOCGLvHkjXMLOWFvOpb62yI3hMktcltMd1dn76KohyP5m1:md4HXXYOFLvEjMSWFvO162b3jt4+jUd1
MD5:	B2F3F8612B84CB3CD1F28CE9D4DA0DD3
SHA1:	384D7457E7585E19DC6B39163F66ED4F7B136230
SHA-256:	12FF8A02C800B9B2A0B88A3072F521C44E186B7528C72B9C2D2D7E026B74467D
SHA-512:	7AFB2C10F3F634B99A99788DB7989EC5FD16259D0D974D9645EBBF3DE0E7C35E571A72459AF025C2949E249DB80C8933BEDE85902EE1E3E9D6333502C4EE92AA
Malicious:	false
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ..q6.>_/....."#.D.k..6-.A.A..Eo..................PU ....t^.....a.k..u.7.M.BW6#}..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	187
Entropy (8bit):	5.551946923522821
Encrypted:	false
SSDEEP:	3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLmtBhleL/TcMktW//jUPqf9tsDMaPV44m1:mkl9YOFLvEWsfOLmtReWtW//oPqVyM+e
MD5:	A879848609F1099D1309297AD51595C6
SHA1:	7BC8D045859DE60698A0F4614AEA59096B199B0E
SHA-256:	8EDE23779D93C1A33D3F7660B4DDF3C527F22CC29D56F9A987A02990F45D0B6C
SHA-512:	A755B30DDB60057F0BC8E8FA1FE9551233BB74D02633B8D9D95B16EFE2E4D8B0FB31C765AB3F3964F17AC51A6376C363E8164F3765D866168A2CECC519F0D78C
Malicious:	false
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .:.X.>_/....."#.D.nD.6-.A.A..Eo.......&...........q.O...j....._y..L^z...?..@N..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	244
Entropy (8bit):	5.5873111736313605
Encrypted:	false
SSDEEP:	6:mt9YOFLvEWdVFLBKFjVFLBKFly2liIaKtCtqtwSeKaT9pr1:URVFAFjVFAF3kI5UtqtwSeKaTL
MD5:	515776C56999EFEA34F652FE86530864
SHA1:	A9ABC844CA9C2FF02E750BFC1792BCB1E3C0E9B7
SHA-256:	71E090610F36219FE0894B246AC88BF821CA68C072AED89DA6762B202A098376
SHA-512:	B1C5F0CCBB4EBD83CD04CA9AD487572B1F8BB802E5683F1ED4542BBC857730197D54519313119C2BDF8E0ABAE80C8A187F3F5B31B041E42AB0EB6723E15A8CA1
Malicious:	false
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .=.b.>_/....."#.D.mw.6-.A.A..Eo......W.................H...{...2../.k`..r4.C. .A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.4762597236937625
Encrypted:	false
SSDEEP:	3:m+lx4F08RzYOCGLvHkWBGKuKjXKGBIEGdevA/KPWFvsasdwTI3hMktlqyrpYFm1:ms2VYOFLvEWdvBIEGdeXuKdwTOtll11
MD5:	39816C41D385BF0716307FDCE2241D8E
SHA1:	6F90190E096CF377142587DF3D4A28E4C559796C
SHA-256:	91447CD470AFEA613B2027F8100E42C8EE81557AE684E9869609FF2C179F62EA
SHA-512:	654E39D6D9D1174DC810AFBD3C54080DB8A99A75F0B854424B3B7817481A48A5C06C091FA51DEA7587EF4324C80CFE5B72A824032072E7950ED6D65E900A59D3
Malicious:	false
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ...a.>_/....."#.D..q.6-.A.A..Eo...................A.o]@r..Q.....<w.....].n\....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.614284452386816
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQUldHQt29xm7OhKlvA1:RbR16/Xw4xmJ
MD5:	250B1BAE344CFB109250F9908861AEF8
SHA1:	B391A0F20C24483BABE64421D9FB9C85F85A873C
SHA-256:	34907413BFA978FADC74432CDCF31706C9C734D7B46BFE7CEEFC1A0FDDA4F033
SHA-512:	36EAE82C772C6ABB98F9DDC03B25A2FDBFC5A4A4680BD2D3A6E03851E28A6C6998AF0911D132C02C2F8D2B8A8F6D7797AEAC7F3514AC3E4E03F7B3D80E5810F5
Malicious:	false
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ...^.>_/....."#.D.%].6-.A.A..Eo......].0...........4T].....Tw.....(..b...EO....9.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.5486003345539485
Encrypted:	false
SSDEEP:	3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvxLlg3hMktPf/FdF5YufMy:ms2gEYOFLvEWdGQRQVubRGtPfddFt1
MD5:	E280C58A7CA3BFA0630FE68BA42ECFEA
SHA1:	E1C78EBDC2784E3A0B7337D82E5E12DFCE73880B
SHA-256:	97ECA4707E4EF6F3C24DDC9324D66B29CAB854BFDD64EA719C3DB96D826CB6EE
SHA-512:	92797A388E30FC0D895FD0BB1C6A9FAE0216A53E87E50B8CA07C1D3BDCBFF4C850F9732D02494E1814296D400ABD7728097C4E8823A48C4AF806569509ECC908
Malicious:	false
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..}a.>_/....."#.D .q.6-.A.A..Eo.......{!.........@..{o]...9o\|..qY....T....{..u.b..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	206
Entropy (8bit):	5.579782196146133
Encrypted:	false
SSDEEP:	3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVy0bN6I3hMktF5F/l4EnNWQ1SUm1:mzyEYOFLvEWdrIOQZ0bsOtMEt1S/1
MD5:	7654A9790356D9B93271C6E90B54A225
SHA1:	47C184234887C7D61F522A22373FC00F4F06ED7D
SHA-256:	02AF6CCC02163F84D6B1E33AD39A5474D0C55E783296F65A1A56D4383FE36396
SHA-512:	4757542994269E4454CE2184A56F86F286DE829D53BCD63239D611D422241C9F309FDEC031035A410318B045C1C684D3D0796DBCDC4243F8C20962BF31230072
Malicious:	false
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .h.Y.>_/....."#.D.9L.6-.A.A..Eo......b.n..........t\a......x5.'OuE.C..@......x..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.570237511250573
Encrypted:	false
SSDEEP:	3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvAt+2X3TcMktR9//SlwJNqww6U+5y:mnYOFLvEWdhwyuizqtb//SlwrqwK+41
MD5:	AB88BA320A998AFC717B2DE2490AC7F9
SHA1:	DD5FBD6F499812A7A21260182C3B50D5562CBA0F
SHA-256:	4AB1B8E911FE8AFE2AFDA0B83D620121CDE1A8E00FCE1EDD112B2C08A068CC5C
SHA-512:	3C98E60EC4A4FE855FCDBFA27201FD2A625FB37C5BEC4120EEAC067B180EAD2607AC3C4FA95D28363D3248752F8F05DD0C341D21D101ECA2B93D77B31F55E80A
Malicious:	false
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ...].>_/....."#.D..\.6-.A.A..Eo........ ................7...o..a=.98I......(3.$G.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.578590624509309
Encrypted:	false
SSDEEP:	3:m+l26Xa8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKH/KPWFvY0q+ppO9hMktpbX8c:mYXYOFLvEWdrROk/RJbu+9+qtSfO441
MD5:	B78E7AAE756C4DC24521317DAD0C4859
SHA1:	3FEDB7F8EB5613799356ACD4ED77FCB34C679CF2
SHA-256:	2EE888BAD682A6B262B8AA77978A567AA4DED6FF0068C1046F3735D2A4277163
SHA-512:	FC9C3BC502EF3574DD2B0E172B0716906B33F7D43159F304E3132837C620199144252315162F21F586E281FCE29FC833BC7DBF7A53576678EAA0FF7A71BEBAAF
Malicious:	false
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .[.Y.>_/....."#.D..L.6-.A.A..Eo......$..Z..........~..rw.+[....!.)?..f.U..(=.=.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	186
Entropy (8bit):	5.582116833997269
Encrypted:	false
SSDEEP:	3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVpVlcBS/Mkt45zoIN1OFPL4m1:mmDEYOFLvEWXItc0t6zV1QPLr1
MD5:	6474913FB488D2BD37477A269631A5D3
SHA1:	6225A41FC0983BCA1A66258028FC0F7FD3B1D7AF
SHA-256:	8C7260677BF30713DED205BCF180B419BA18C18260D78D555AA6B4017A6F7C74
SHA-512:	EDB8BF9B9FC7A00D5138D3CD5C10B153124613690CAA1464F515C7C7D56945543A1A525990231AC7FC2EC4E84AFCADE0079A3F5E97969E945E89D3CBFABBC796
Malicious:	false
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ...X.>_/....."#.D.`D.6-.A.A..Eo...................~]...%s..<...n.f..<.....1#..U..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	207
Entropy (8bit):	5.5763103933628075
Encrypted:	false
SSDEEP:	3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFv2KmXpShMkt+D9/tm8D6EsEJeUm1:m52YOFLvEWdMAukNwt+DWEvsEJ41
MD5:	A649C83AB20040A2D03E7E0EEE4283F7
SHA1:	F8102ECFEB3A058AFF4AA2DAA3C1AEFF0A8BEA9D
SHA-256:	474743EEE136D1C5D07F99D60ECCCDC832382195558424928EC4A45A93264311
SHA-512:	55533B93C63005E467E6936D4F7FCECC5D2FCFD7B753F6B6BC60652587FB29DE9789131AC4AAAE08B51E35018562A51AB4DA1AF256F7579356205FE740637F5A
Malicious:	false
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..pb.>_/....."#.D:@r.6-.A.A..Eo.......R.f..........z._a...'.v.......4p3..1.']...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.517331819243656
Encrypted:	false
SSDEEP:	6:mYilPYOFLvEWd8CAdAuBeEOtzetaong1:6lJRO5O9eAo
MD5:	DEF6387A0F907D18B5BFEBD6D468D193
SHA1:	F70022CBD4B97ACD830BDCB5B1B209BE8477577E
SHA-256:	E1452A393B01DB999FE59C0B9127B6CDF935FC42C2363415FE1AD815DA7D5D29
SHA-512:	14A22DA6859221DFACF0F6326D14C703BAC54D992964184E0F5673ADD29D650E87D285D4DBD9311A94E5D25A682A7491049356E8821A109B8EEA32E69A80686D
Malicious:	false
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ...b.>_/....."#.D.qr.6-.A.A..Eo.........c........c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.578404208551662
Encrypted:	false
SSDEEP:	3:m+l18t08RzYOCGLvHkWBGKuKjXKeRKVIJ/2oKPWFvKMktENDOe28WIJLkxwy4m1:mY8nYOFLvEWdrROk/Iu6tENDN16wG1
MD5:	0E855DD48677834E2A49D1E6D2463BC6
SHA1:	27D3D6D8DD32354D1AB810D2DF0F60B396ED24D2
SHA-256:	2EDBC922371BF3FF21A00DE6E0F6080D9F03E01998B7CE55754B980C400FA8B4
SHA-512:	8FF4E585C0C2D7E6D92CC7AA17D6485E5772C3882632602C64EBAC4C6EFB4C49621F817615573153635EE33619CF806AA4B50DC06D27C085AC37B9251A55CA69
Malicious:	false
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..kY.>_/....."#.D=.K.6-.A.A..Eo........M=..........%.k.SZ..~W.....:)'B..ad......A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.621795549321476
Encrypted:	false
SSDEEP:	3:m+lstxt08RzYOCGLvHkWBGKuKjXKX+IAuAJVKjXKLuVflek19hMktiaQPmJelc0A:mLrnYOFLvEWdrIoJUQPk19tueJIi1
MD5:	2A440B631436A61BBB294B4E0633E1A1
SHA1:	BCB32B49052B8A0D8233EE9BA5F627EF414315EA
SHA-256:	E3134367A5A0F730EAB44DB0AEDD35B107F9B0214EB51287322C6A7F4D4F5412
SHA-512:	17ACDC190982F95AFFC0113D987FF2558D58DC8102A776421560DE2C1A4F165B28E9D6EF5D16172FB9E23A1320C5221412607F9B751D5491A19B67EED57185DE
Malicious:	false
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .#.Y.>_/....."#.D..M.6-.A.A..Eo......=..J.........;"./N_.,.:C..2....9L.H...3:...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.584096849733228
Encrypted:	false
SSDEEP:	6:mOEYOFLvEWdrIhuJH4yiHk9tG/zgm2d/1:0RkW92R
MD5:	08170EB2CA2B31E06D2C33D55FC28F19
SHA1:	AFEC5404BEC52E33161F084C6DA7DCEEE83B6E2D
SHA-256:	3B3B97A65C58E5F016A673C68216C66D97BF7EA29C2E75ABA5DE5DF582A10F16
SHA-512:	99F9CB4AC5A3F9E0732F2EB64E8E63D19E2DC73450683AA7BEFB19E59BC4CFC7901C5D8F7037D11651655AE2A3F5A05F82583576270B231A1199A275D9A82503
Malicious:	false
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ..OY.>_/....."#.D..G.6-.A.A..Eo................Z.Z}Q..4.o....0+..[\|..n:*..U.W.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.589059156215248
Encrypted:	false
SSDEEP:	3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvtUeOES9hMktoUcf/GBiaQ562HvpMm1:mAElVYOFLvEW1KsY9jtJcfrx56uvp1
MD5:	5F172C8DD74FCBC2D035C99FAAE25B56
SHA1:	A8D2382D98FAD661049DBC11AF2815D38690B6C6
SHA-256:	890477B637E175111902B6F167A64E987D9FAA259E619AAD977B2BB14A6C4E4B
SHA-512:	E6DE88680A35301C8196F43AC87A541394D6B10ECB53E5EBED79CBFAB0E9FC47516695409B91522BC6B433D04DFFD60D9F15DDF2B63BF67557981389B371FE02
Malicious:	false
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ...9.>_/....."#.D....6-.A.A..Eo.................z?...SwC...^..y.....V..7R-O.....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.577671284259141
Encrypted:	false
SSDEEP:	6:mWYOFLvEWdBJvvu1attdadUDLYtmOZn1:xRBJMatLHDcFZ
MD5:	6FCA2269A987D0B7B0CE14A60C25D940
SHA1:	19394BA726993C2D90BD4D5B37A69FA495B88846
SHA-256:	3D0DB86A1A07B153B4A0D68D7154C45719F9015969E3CA8EA4A0253698C721BF
SHA-512:	76AED7908FC50F1EF7B018F91B45A34A6749E1BC1DAFBF12698993B88171EA93511839A2051F96EEA2801F6E39005C601B0ECEBF9F646CB54771FD1EE6BAB0D2
Malicious:	false
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ...a.>_/....."#.D. r.6-.A.A..Eo.......+z.............t.q..W.EZ....1...[.zC.7mD..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.605662204872649
Encrypted:	false
SSDEEP:	3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFvSeXE3hMktlFlllnpSKGoS6:msRPYOFLvEWIa7zp7ECjtlFF8VPu1
MD5:	B01BCE57B6D6A59332809F475A51F7DF
SHA1:	54B53ECE8A6482109B2C5526B4DEC4979E32D699
SHA-256:	85DC3494C8209F260E17B67FB93C5D8D1C729174D7FD75280C2A6DC295BBDA69
SHA-512:	72C7BE53B9D4C8D5774AAEACCA53C0D9F0E6855E70469A7D0B1DED275A2E25534AD658470E63543C5161BEC9A20E3210450CDA916F314849023464DE1F91C6C8
Malicious:	false
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .(.6.>_/....."#.D[...6-.A.A..Eo.......c.............L...Im.@.........E.nW...IP..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.576524207874448
Encrypted:	false
SSDEEP:	3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuVSb6K/e4Mktv936F4XVAZ+8cV3I:mKPYOFLvEWdENU9QRdeKtvMwiM3Y1
MD5:	425C8360C0B4F42225D881898BDE8618
SHA1:	208FBF744D1DEFC6E7A5D4191A9ED6B2121AC2F8
SHA-256:	A8828F20982185964FA1113039710FDA39FFBD1F40BD28F98B579D6880BB8313
SHA-512:	97CE52C5C0AB206A247896174BAE4CD12EAA8A276CCDFC593340E4B77BD2C235AFA8543C659E45CC70CEE955B49159D35F8F08D8097A3454E35789E83F8F623C
Malicious:	false
Preview:	0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js .KB^.>_/....."#.D..h.6-.A.A..Eo......t.............M....m+lS..e.....<7.U.P8*.0K.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.593287128153404
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQtd9t8tmjBRCh/41:XRc9Yd9PDi/
MD5:	3862E106B096B935B868DF37FE81C4F6
SHA1:	7F7BB74B0886930574073300201229B9EAA4CB2D
SHA-256:	F50A27EF56FBDA3B380659CF8F92391C485E61C71CB0A43F602288176404ADAA
SHA-512:	11B2FCD1A22A658B437C8C868A34C876A889E02492A9624FDE32332DB08AEE8C648DC8B8D4A1ED375CC49F1550E98905BBA552D8CCEE5F2276A1F929571DBC68
Malicious:	false
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ...c.>_/....."#.D.n..6-.A.A..Eo......Y...........PJm...0x.x..RD...BB!@5..<..]....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.611435621416203
Encrypted:	false
SSDEEP:	6:mqs6XYOFLvEWdFCi5mhu+FKtAl9kULlF4r1:bs6xRkiMcG37LlF4
MD5:	259AB2CE32FEA5EE82988CFE9F1543BD
SHA1:	76A7FD2C2F6C6E323B1D51E0C81465BB0873DECB
SHA-256:	E860E331B010B224EAC7C2B0DC65CB9099B5D9219C9225A939E8839C3A86557C
SHA-512:	80BBDC0B90CA3882809D200CA15C3A6756AFA052E28106162AB400F30291BFE2ED3E18C2A13AEAB3E8CA92D39812500EC7267CD6927D59102F7AB66228B1EE87
Malicious:	false
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .G.L.>_/....."#.D)...6-.A.A..Eo......Q............P...#4..l....5...5..).w.. .h.~..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.504281726105637
Encrypted:	false
SSDEEP:	3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvR+Blbf0TB0hMktSO9lllPECcu1F:mhYOFLvEWd/aFu7+XcTBQtSOnEN941
MD5:	0B9B83AB42D8ABD27458E235ADDFDFAE
SHA1:	A8F2ACE0492802C37B55843B8DF2AD3A27F1D642
SHA-256:	2A4B6B72C7058D6BE8F358A4A91DA0966D1697B667E4BB92A335254653E8EB72
SHA-512:	8F08AFD82DE6884F4D0FD2B4064DADA5074614F1D5D135E90B4C86F1959C22041ABEF898B97A48A61D672699DE2A18E4677E0679BD6CD8207DB86C984CFF1C17
Malicious:	false
Preview:	0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js .4.d.>_/....."#.D.~.6-.A.A..Eo......6..k...........a.f.m.i.o.p..3U5.....^...I.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.5617501576374275
Encrypted:	false
SSDEEP:	6:mR9YOFLvEWd7VIGXOdQhCrqTtFBMqVd3G4K41:2DRuRk1TLB9Vd2
MD5:	2158B57C75CAAF89F36F71AD0ED6D2A7
SHA1:	2D977C6391F50593724FC14DB757582AD08F6D4A
SHA-256:	225BCBA6268EE6970290203D24BC717DB932B331A8093964F666F33688C347C7
SHA-512:	15DB00FCE8277CD419E467476BC6ED10F87C29F8C1068202AE63105D02E741794AD1645C301C03BCFA5C7F4EE6E90FCB17C2AC3E404D16B8E3D33FA638A84260
Malicious:	false
Preview:	0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js .V.d.>_/....."#.D..~.6-.A.A..Eo........4...........y.$..$.v5j...T...z.]..._S....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.550592010262846
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9QJ6K3MtPTuA424r1:+RQA6RYr
MD5:	F2E9E588441DE9E4854E3FE2D235952A
SHA1:	AD1E7E9296AE27789FC9B3940675F15EA7528965
SHA-256:	37B8CF910D9EF839EE672E2144580AA0DB8CCB33EA9A5F77C4318219698C3F0C
SHA-512:	C399E84F0FEB784938A3335AEF906AD9A9E15A7ACAFC689729AD505E186DC58C061FC79CA6EB8E5473EFA5112246E1DFC57C658ABF59FE2269057A1EB1FC056F
Malicious:	false
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..[d.>_/....."#.DJA..6-.A.A..Eo.......>.e........#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.549428198836326
Encrypted:	false
SSDEEP:	3:m+lS5Etla8RzYOCGLvHkWBGKuKjXKVRNUp/KPWFvc2ET1/MktE1Ag2iHio/Mm1:moXXYOFLvEWdENUAuFctE+yC8n1
MD5:	C3A7782AA11794810C8A8CAC53D25271
SHA1:	4301A78D6F82445D88F3097549ACE123CB62F415
SHA-256:	CBFE2E6BC09750EAA3234B940A035B32FAC77461AE2BB9FC2747E18F1073A397
SHA-512:	35996FE6DAFC50F46ED829C7CF53F750946F308D7A24441BAB41CB5C5EB4854900006D422B510B0E6EB67C5F8E0B17C77DC67CAC989E065D7F4A7111DE38D28F
Malicious:	false
Preview:	0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .9M].>_/....."#.D.y\.6-.A.A..Eo......=..=........8.../...;.\\o....1..........+..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	221
Entropy (8bit):	5.581669803020839
Encrypted:	false
SSDEEP:	6:mQZYOFLvEWdrROk/VQ/qTtFl5tsLmB41:nRrROk/VVzl5tN
MD5:	BEFE1B9793D4F60F15C00CB43D0C75D2
SHA1:	3B23B653C5F3521FA0C8E2CC4526CCA149A140E6
SHA-256:	F167067D7192854F54C9638B692DB45042D8340AC82ECD0036E20422A658A1C7
SHA-512:	9E5F9B962FDEE7CB96CF239FF26EE5FB3ED068D1640D5E3A1A37161FA80B53F91723F89C5B7E0B49163FFCA3B7D9EDFCB024AE721AD1552C35BFE1561EC1B09D
Malicious:	false
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ...Y.>_/....."#.DC7M.6-.A.A..Eo.................. ./.ev......N~..6.b.....$.j;:C...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.54053900670049
Encrypted:	false
SSDEEP:	6:mZ/lXYOFLvEWdccAWujfJOZwtILdm9741:qxRchfJEwaLdu7
MD5:	4EDEE7ADE1D31967944B1E5A7125E232
SHA1:	EE134DD29121E58419443F4014F1DCDC7199619F
SHA-256:	CF539C0AB365AFCE8DA72358EB03095C1BBEC58D24483D5E3701226E5EB114E8
SHA-512:	CD3191C3DE59F830BA4EF04B819347B26E538D7A8B72E71A773538BC178838E738897C0394D2529253B27E9023FD8C3A9B697E672BFE21E9BBFCF40430819AB6
Malicious:	false
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js .,ma.>_/....."#.D..p.6-.A.A..Eo.....................U...I.>P...X...x..0U.~;m.x.k.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.5953360097985705
Encrypted:	false
SSDEEP:	3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFv6lxKMktUpHllOB6shoq+Nem1:mMOYOFLvEWdwAPVuETwtUpH/OB6Jn1
MD5:	3B930E2E525CE053D6B36431FFC84FF6
SHA1:	8C9FE70468306FD294E9AEFA98D736382938E8BC
SHA-256:	12AC713AEC177276A63919A131DEF06C85F7A586A2F467FDB0AD06B65CEAC061
SHA-512:	2BFFBB06539EEF1EC2BF3922C6C7A7965733091A1A512B4BC8765102D55EAF1D6B868EFA9BC231DFBBEA9692A0FCB03FB0510531DABDE52F481C40B006530273
Malicious:	false
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..K].>_/....."#.D)B\.6-.A.A..Eo.......................k....F..D..O.n;[.1m.....=..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.5920685689605465
Encrypted:	false
SSDEEP:	3:m+lUDflllla8RzYOCGLvHkWBGKuKjXKBRSJvBCvlKLuV5KlwOhMkt9Q/aN/hcfsy:m3PXYOFLvEWdBJvYQvRt9QIhcsBXIh1
MD5:	1408FA5CB916829135B1FD1A65B4E9C7
SHA1:	90DA54F7CE20BFF187D7BF887FD0978013853EDD
SHA-256:	E489FEEB8028A3F02434CCC2A703DDACE3D8A612D67F0B62A8CEC95009FF868A
SHA-512:	4DE433437372BF3CCA1EBE4BC1EDBB44DACCE592FA68AD7A210004EB118725333AF3E9144214B7E9D77FCC3CEF0EB1514A59BDD671563F18470B865381C60237
Malicious:	false
Preview:	0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ..Dd.>_/....."#.D.V~.6-.A.A..Eo......a.]...........k..`..N3.... ..d..$[.....{.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	228
Entropy (8bit):	5.576880970155669
Encrypted:	false
SSDEEP:	3:m+l4kC8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKjXKLuVIebhMkt2tRlc3ORajei:msPYOFLvEWdrROk/RJUQe/t2Bc3Me/1
MD5:	B9959BF04C262EAC43B85EF0C73BAA85
SHA1:	30C18D01976DA949ADCB72CCE5F671F9B0C28E89
SHA-256:	1CA8DE24BF2A6E0ACBA765ACF08EF2137B8740E45DF8E47F6DB5DC5CFE04DF5C
SHA-512:	F5FE7305AD425F2BF12E96B4BBE3C3C3F185CF4CA2D11E028B48290426F95EF01134B9C24C899A8C9B007AC01F86CD9B998176F4570906BFC1DA566048957D58
Malicious:	false
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...Y.>_/....."#.D..N.6-.A.A..Eo......^.N..............9Q].8O.z....=..:.N.{....N{.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	modified
Size (bytes):	1032
Entropy (8bit):	5.142868973326352
Encrypted:	false
SSDEEP:	24:N/uwXRxcIpk4YMFIGOZbzE0jxFtwxU8inEsDDEqcnugYQTc26wL9:w3nsGdm
MD5:	A431D80A00A83CA06547CFFA8BD91B2E
SHA1:	51583DC3594374B607018D4D46D7416CB3D779F5
SHA-256:	217F035E62AAFAD7AD8EEA4DF08A475E39E2AEF9D9186B653EF9754FC6FEEFE2
SHA-512:	751A3A05483E1C60858CCACFCDCFB9A342C0D04BA113C80F8E9B9C53775A69481C290AD19BBD12A8FF70F3C1E8225ED29AD485E73A0860906055D8F6B32F90BB
Malicious:	false
Preview:	.....S6oy retne....)........T...........C..M.....k...............#...(...k..............3...@.W.>_/..........v...q...i9.>_/...........6<\|....'.>_/.........<...W..J.'.>_/..............oB.'.>_/...........a.....'.>_/..........]...I...H.>_/...........;.y~A.@.W.>_/...........P....V@.W.>_/.........F..=z;.@.W.>_/................@.W.>_/.............o.@.W.>_/.............@.W.>_/...........2q....@.W.>_/.........Gy.'.h.@.W.>_/.............k7A.@.W.>_/.........:..N.A..@.W.>_/..........;/...@.W.>_/................@.W.>_/............P[. q@.W.>_/.........,+..._.#@.W.>_/..........J..j...@.W.>_/.........A?.2:..@.W.>_/..............q.@.W.>_/..........u\]..q@.W.>_/.........!...0.o@.W.>_/...............@.W.>_/..........o..k..@.W.>_/.........^.~..z.@.W.>_/..........[.i..%.@.W.>_/.........+.U.!..V@.W.>_/..........+.{..'.0g.>_/..........@..x.0g.>_/............MV3...0g.>_/.........)....J:.0g.>_/..........&.S....0g.>_/.............D.4..0g.>_/..........~.,.4>.0g.>_/.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	1032
Entropy (8bit):	5.142868973326352
Encrypted:	false
SSDEEP:	24:N/uwXRxcIpk4YMFIGOZbzE0jxFtwxU8inEsDDEqcnugYQTc26wL9:w3nsGdm
MD5:	A431D80A00A83CA06547CFFA8BD91B2E
SHA1:	51583DC3594374B607018D4D46D7416CB3D779F5
SHA-256:	217F035E62AAFAD7AD8EEA4DF08A475E39E2AEF9D9186B653EF9754FC6FEEFE2
SHA-512:	751A3A05483E1C60858CCACFCDCFB9A342C0D04BA113C80F8E9B9C53775A69481C290AD19BBD12A8FF70F3C1E8225ED29AD485E73A0860906055D8F6B32F90BB
Malicious:	false
Preview:	.....S6oy retne....)........T...........C..M.....k...............#...(...k..............3...@.W.>_/..........v...q...i9.>_/...........6<\|....'.>_/.........<...W..J.'.>_/..............oB.'.>_/...........a.....'.>_/..........]...I...H.>_/...........;.y~A.@.W.>_/...........P....V@.W.>_/.........F..=z;.@.W.>_/................@.W.>_/.............o.@.W.>_/.............@.W.>_/...........2q....@.W.>_/.........Gy.'.h.@.W.>_/.............k7A.@.W.>_/.........:..N.A..@.W.>_/..........;/...@.W.>_/................@.W.>_/............P[. q@.W.>_/.........,+..._.#@.W.>_/..........J..j...@.W.>_/.........A?.2:..@.W.>_/..............q.@.W.>_/..........u\]..q@.W.>_/.........!...0.o@.W.>_/...............@.W.>_/..........o..k..@.W.>_/.........^.~..z.@.W.>_/..........[.i..%.@.W.>_/.........+.U.!..V@.W.>_/..........+.{..'.0g.>_/..........@..x.0g.>_/............MV3...0g.>_/.........)....J:.0g.>_/..........&.S....0g.>_/.............D.4..0g.>_/..........~.,.4>.0g.>_/.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF5b1969.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	1032
Entropy (8bit):	5.142868973326352
Encrypted:	false
SSDEEP:	24:N/uwXRxcIpk4YMFIGOZbzE0jxFtwxU8inEsDDEqcnugYQTc26wL9:w3nsGdm
MD5:	A431D80A00A83CA06547CFFA8BD91B2E
SHA1:	51583DC3594374B607018D4D46D7416CB3D779F5
SHA-256:	217F035E62AAFAD7AD8EEA4DF08A475E39E2AEF9D9186B653EF9754FC6FEEFE2
SHA-512:	751A3A05483E1C60858CCACFCDCFB9A342C0D04BA113C80F8E9B9C53775A69481C290AD19BBD12A8FF70F3C1E8225ED29AD485E73A0860906055D8F6B32F90BB
Malicious:	false
Preview:	.....S6oy retne....)........T...........C..M.....k...............#...(...k..............3...@.W.>_/..........v...q...i9.>_/...........6<\|....'.>_/.........<...W..J.'.>_/..............oB.'.>_/...........a.....'.>_/..........]...I...H.>_/...........;.y~A.@.W.>_/...........P....V@.W.>_/.........F..=z;.@.W.>_/................@.W.>_/.............o.@.W.>_/.............@.W.>_/...........2q....@.W.>_/.........Gy.'.h.@.W.>_/.............k7A.@.W.>_/.........:..N.A..@.W.>_/..........;/...@.W.>_/................@.W.>_/............P[. q@.W.>_/.........,+..._.#@.W.>_/..........J..j...@.W.>_/.........A?.2:..@.W.>_/..............q.@.W.>_/..........u\]..q@.W.>_/.........!...0.o@.W.>_/...............@.W.>_/..........o..k..@.W.>_/.........^.~..z.@.W.>_/..........[.i..%.@.W.>_/.........+.U.!..V@.W.>_/..........+.{..'.0g.>_/..........@..x.0g.>_/............MV3...0g.>_/.........)....J:.0g.>_/..........&.S....0g.>_/.............D.4..0g.>_/..........~.,.4>.0g.>_/.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\todelete_86b8040b7132b608_0_1 (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	206
Entropy (8bit):	5.579782196146133
Encrypted:	false
SSDEEP:	3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVy0bN6I3hMktF5F/l4EnNWQ1SUm1:mzyEYOFLvEWdrIOQZ0bsOtMEt1S/1
MD5:	7654A9790356D9B93271C6E90B54A225
SHA1:	47C184234887C7D61F522A22373FC00F4F06ED7D
SHA-256:	02AF6CCC02163F84D6B1E33AD39A5474D0C55E783296F65A1A56D4383FE36396
SHA-512:	4757542994269E4454CE2184A56F86F286DE829D53BCD63239D611D422241C9F309FDEC031035A410318B045C1C684D3D0796DBCDC4243F8C20962BF31230072
Malicious:	false
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .h.Y.>_/....."#.D.9L.6-.A.A..Eo......b.n..........t\a......x5.'OuE.C..@......x..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\todelete_8c84d92a9dbce3e0_0_1 (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.578590624509309
Encrypted:	false
SSDEEP:	3:m+l26Xa8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKH/KPWFvY0q+ppO9hMktpbX8c:mYXYOFLvEWdrROk/RJbu+9+qtSfO441
MD5:	B78E7AAE756C4DC24521317DAD0C4859
SHA1:	3FEDB7F8EB5613799356ACD4ED77FCB34C679CF2
SHA-256:	2EE888BAD682A6B262B8AA77978A567AA4DED6FF0068C1046F3735D2A4277163
SHA-512:	FC9C3BC502EF3574DD2B0E172B0716906B33F7D43159F304E3132837C620199144252315162F21F586E281FCE29FC833BC7DBF7A53576678EAA0FF7A71BEBAAF
Malicious:	false
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .[.Y.>_/....."#.D..L.6-.A.A..Eo......$..Z..........~..rw.+[....!.)?..f.U..(=.=.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\todelete_aba6710fde0876af_0_1 (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.589059156215248
Encrypted:	false
SSDEEP:	3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvtUeOES9hMktoUcf/GBiaQ562HvpMm1:mAElVYOFLvEW1KsY9jtJcfrx56uvp1
MD5:	5F172C8DD74FCBC2D035C99FAAE25B56
SHA1:	A8D2382D98FAD661049DBC11AF2815D38690B6C6
SHA-256:	890477B637E175111902B6F167A64E987D9FAA259E619AAD977B2BB14A6C4E4B
SHA-512:	E6DE88680A35301C8196F43AC87A541394D6B10ECB53E5EBED79CBFAB0E9FC47516695409B91522BC6B433D04DFFD60D9F15DDF2B63BF67557981389B371FE02
Malicious:	false
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ...9.>_/....."#.D....6-.A.A..Eo.................z?...SwC...^..y.....V..7R-O.....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\todelete_febb41df4ea2b63a_0_1 (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	228
Entropy (8bit):	5.576880970155669
Encrypted:	false
SSDEEP:	3:m+l4kC8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKjXKLuVIebhMkt2tRlc3ORajei:msPYOFLvEWdrROk/RJUQe/t2Bc3Me/1
MD5:	B9959BF04C262EAC43B85EF0C73BAA85
SHA1:	30C18D01976DA949ADCB72CCE5F671F9B0C28E89
SHA-256:	1CA8DE24BF2A6E0ACBA765ACF08EF2137B8740E45DF8E47F6DB5DC5CFE04DF5C
SHA-512:	F5FE7305AD425F2BF12E96B4BBE3C3C3F185CF4CA2D11E028B48290426F95EF01134B9C24C899A8C9B007AC01F86CD9B998176F4570906BFC1DA566048957D58
Malicious:	false
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...Y.>_/....."#.D..N.6-.A.A..Eo......^.N..............9Q].8O.z....=..:.N.{....N{.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2078706890484066
Encrypted:	false
SSDEEP:	6:koUTgce9+q2Pwkn2nKuAl9OmbnIFUtJUTgXqNJZmwjUTgCe9VkwOwkn2nKuAl9Oe:k2c9vYfHAahFUt7Xa/Zz5JfHAaSJ
MD5:	694ACD9820150A6D78ED376BC1CB3481
SHA1:	4B15D61B52A82F14F53E6EBDE8C02F7A9134F74C
SHA-256:	F3E91ED81CBE42D135366DAE0A12D36F8D946932EF1BB0C94381E957C9BE448A
SHA-512:	5ABC0B027BCD580CF2FC7F49524C1761099B76EAAC761AB4A9E8A7822A24ED483B68547AC6829E35D35A0414379044FE416118DFA84206053558717A542DDE9E
Malicious:	false
Preview:	2023/07/17-07:56:28.231 1808 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/07/17-07:56:28.232 1808 Recovering log #3.2023/07/17-07:56:28.233 1808 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2078706890484066
Encrypted:	false
SSDEEP:	6:koUTgce9+q2Pwkn2nKuAl9OmbnIFUtJUTgXqNJZmwjUTgCe9VkwOwkn2nKuAl9Oe:k2c9vYfHAahFUt7Xa/Zz5JfHAaSJ
MD5:	694ACD9820150A6D78ED376BC1CB3481
SHA1:	4B15D61B52A82F14F53E6EBDE8C02F7A9134F74C
SHA-256:	F3E91ED81CBE42D135366DAE0A12D36F8D946932EF1BB0C94381E957C9BE448A
SHA-512:	5ABC0B027BCD580CF2FC7F49524C1761099B76EAAC761AB4A9E8A7822A24ED483B68547AC6829E35D35A0414379044FE416118DFA84206053558717A542DDE9E
Malicious:	false
Preview:	2023/07/17-07:56:28.231 1808 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/07/17-07:56:28.232 1808 Recovering log #3.2023/07/17-07:56:28.233 1808 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF5a583c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2078706890484066
Encrypted:	false
SSDEEP:	6:koUTgce9+q2Pwkn2nKuAl9OmbnIFUtJUTgXqNJZmwjUTgCe9VkwOwkn2nKuAl9Oe:k2c9vYfHAahFUt7Xa/Zz5JfHAaSJ
MD5:	694ACD9820150A6D78ED376BC1CB3481
SHA1:	4B15D61B52A82F14F53E6EBDE8C02F7A9134F74C
SHA-256:	F3E91ED81CBE42D135366DAE0A12D36F8D946932EF1BB0C94381E957C9BE448A
SHA-512:	5ABC0B027BCD580CF2FC7F49524C1761099B76EAAC761AB4A9E8A7822A24ED483B68547AC6829E35D35A0414379044FE416118DFA84206053558717A542DDE9E
Malicious:	false
Preview:	2023/07/17-07:56:28.231 1808 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/07/17-07:56:28.232 1808 Recovering log #3.2023/07/17-07:56:28.233 1808 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.010033345187060907
Encrypted:	false
SSDEEP:	3:ImtV4WhkCuttMTLS/Jf0lt+urQTlD7vt/lcvmllXM3/62/X:IiV4W4kTLLlousTxvv8Cm
MD5:	3A0F8193E47E6B7D6CDCB8E7BD757B05
SHA1:	9E18F31DB641D6F5155D8377719B8DE4E3964ED5
SHA-256:	B83B37B96CD2F9878A0F745C46B75D6E003A982A94DE44737A12D412F7E96F8B
SHA-512:	EC67C25540C6A46B402FAF2E222BDC6CCA90E41602C61B744B7C40161CE33A8B005111DE4FC9A37362C34DBFABE21732E26846E7AB0718A114A9938AD4B14CCC
Malicious:	false
Preview:	VLnk.....?......).0k.....................................................................................................................................................................................................................................................U....n.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3024000, file counter 16, database pages 15, cookie 0x5, schema 4, UTF-8, version-valid-for 16
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	3.5673224383030018
Encrypted:	false
SSDEEP:	384:XeT9dThxtELJ8fwRRwZsLRGlKhsvXh+vSc:ikYZsLQhUSc
MD5:	73AB0C61197DD8A6D422E9B50B8A80EE
SHA1:	A7FBC9289ABF2C21F0CE818B7A53A806ADBFFEC6
SHA-256:	DC6B7A61118A6AD1D30FF287F24C179164A501841BE633A67DA40FFD2AD5AF59
SHA-512:	967D4B4DD019747F68DBC5108A7D5476968EF8989D8574F92635CD2A8B8A353584AD631955F4826CA45077ED19B522D12B3601D4800B7E657C1F00A025A45DD9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.311322132354603
Encrypted:	false
SSDEEP:	48:7Mv2iomVQYom1CMiomQom1Nom1Aiom1RROiom1Com1pom1TiomVPiomg9qQlmFTx:7xCgM2hHCP9N49IVXEBodRBkV
MD5:	622E1430ECC62A18A35535D2F02586D0
SHA1:	9533B6E26C55A6EC3366DA09B6FF4AF11DB6E758
SHA-256:	E35623DC16EF69917C4948D9AFA386253F477DFB64047DDEE338FA20EAC57A85
SHA-512:	1946BEA31635AC8494AF31AF2546B4FB96A491A0102BC933FC8F7EBC0F6C9930B577968074D9E471F20097D648083F154F6B23C2D852735C76FA1611A4D743A5
Malicious:	false
Preview:	.... .c.....S.e...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................W....X.W.L...y.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	536
Entropy (8bit):	5.17576513886526
Encrypted:	false
SSDEEP:	12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
MD5:	4D5E3CD969F14362210F0473720C5528
SHA1:	AFD90E9888759B809F78E87D5550B601A288A0A3
SHA-256:	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
SHA-512:	B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.4608

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	536
Entropy (8bit):	5.17576513886526
Encrypted:	false
SSDEEP:	12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
MD5:	4D5E3CD969F14362210F0473720C5528
SHA1:	AFD90E9888759B809F78E87D5550B601A288A0A3
SHA-256:	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
SHA-512:	B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	536
Entropy (8bit):	5.17576513886526
Encrypted:	false
SSDEEP:	12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
MD5:	4D5E3CD969F14362210F0473720C5528
SHA1:	AFD90E9888759B809F78E87D5550B601A288A0A3
SHA-256:	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
SHA-512:	B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	9566
Entropy (8bit):	5.226610011802065
Encrypted:	false
SSDEEP:	192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
MD5:	63B24EA3A13EAC476D6309BB202EF459
SHA1:	89502C393549C20C933E4553F51F74F3DBE085EF
SHA-256:	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
SHA-512:	2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.4608

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	9566
Entropy (8bit):	5.226610011802065
Encrypted:	false
SSDEEP:	192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
MD5:	63B24EA3A13EAC476D6309BB202EF459
SHA1:	89502C393549C20C933E4553F51F74F3DBE085EF
SHA-256:	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
SHA-512:	2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	710203
Entropy (8bit):	1.793563245167485
Encrypted:	false
SSDEEP:	1536:9WsrYBP+Unk6/nrSllajJw3W+kCo0NggpPCfIA08fM8eeeepF:9BkWlllajJw3W+PoNgpP
MD5:	3A1007D6764F9F112D164E57A09A24E8
SHA1:	DAB006AD11CD0EE8DB9715FFE780A2B8487844FE
SHA-256:	825F4CECD0764872C98774ACF9BD291E9FFBC53BBB343B062AD621ADD6C75791
SHA-512:	73418095BBF80818AD949F0B748A9109F316D948BCEB503710EC687E6C8F5FD91321B406C2E00CA95A9DA928BE461DFEAFBAE4241CD54F8165EF1727796128B9
Malicious:	false
Preview:	Adobe Acrobat Reader DC 19.0....?A12_Spinner_Light_32_00053.@...@.......@....@.......................................................................................................n...o...q...s...s...s...s...s...s...s...s...q...o...n...k.E.....................................................................................................................................................................................................p...s...s...s...s...s...s...s...s...s...s...s...s...s...s...s...o...l.f.f.......................................................................................................................................................................................l...s...s...s...s...s...s...s...s...s...s...s...s...s...s...s...s...s...s...o...j.4.............................................................................................................................................................................c.p.s...s...s...s...s...s...s...s...s...s...s...s..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	63598
Entropy (8bit):	5.4331110334817385
Encrypted:	false
SSDEEP:	768:PCbGNFYGpiyVFiC0ZA12OCLRGxPJpYXRJ7kVwV8NHOYyu:J0GpiyVFihE2tLRGxP8kV88NuK
MD5:	C4AC96052C37B1A6F6ACAAA2E2C5E3ED
SHA1:	9716DF1A7F75C74BEE25AD5789A2D6FF1CA0AE44
SHA-256:	90A1C57F22E293C1CDA151369ABDABA6769AA79931DE447FD7057085C9527E49
SHA-512:	EF49DBB7A7F9FAE4FBE70B2B52B18DF1C8E7289953D5187A1427F1D4E534D47C71D060D9DE27796856D7C2CF7EC4D8C852F2227D2CAF0786B41436E6C61CBFF8
Malicious:	false
Preview:	4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\EC4C8406-9600-479F-B523-6A0DBCE8283F

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	157495
Entropy (8bit):	5.349714680817874
Encrypted:	false
SSDEEP:	1536:n+C/FPgfHB7U9guw19Q9DQA+zQvk4F77nXmvidlXRjE6LRj6g:CDQ9DQA+zQXWg
MD5:	E4FEB58E41C974A18DD206DE41065D49
SHA1:	18528DAA290D92C66B1B12DFD703BCDE7FEA7843
SHA-256:	0FAB80758DD2FEE9E82699A201B2BBE138F323DEE0EC6D47BDCAE83B122D281B
SHA-512:	8BA792E0F15203A1CDED3E20A795160E9885AC304D0578ACB10A3DD7C67335E7A65CF8343B83AF9183954F3E9E148C1B40FADA7B8717AB396ABCFCD480B01642
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-07-17T05:55:18">.. Build: 16.0.16711.30526-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\12A6B5D8.emf

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	884312
Entropy (8bit):	1.2944965349348616
Encrypted:	false
SSDEEP:	1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw
MD5:	9ABE7EB352E0DB96B52C99AC2FDEA85F
SHA1:	8DC45D02308275BA32B7FFB320A3042256D40C8B
SHA-256:	EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869
SHA-512:	E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB
Malicious:	false
Preview:	....l............................2...... EMF....X~..........................8...X....................?...........................................2......................Q....}..........................................P...(...x...$}...... ....2......(...................$}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\16EBD673.emf

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1504016
Entropy (8bit):	1.5408998413531072
Encrypted:	false
SSDEEP:	1536:PW99999m999997999999bNc99999m999997999999rw99F99U999p99999r9999Z:7inzXA1VW/uyqkekBSTv03FScSw8kCn
MD5:	0FFCA2E0D06FD9393E46F20F4AE6B53E
SHA1:	FEAD188430DF862BA1F39A92480BD8089E533AD6
SHA-256:	FA91A49FBA91AF8F9F6487B69D5D3265DFAAA123563A0558B79C0F72792C41C3
SHA-512:	A09C1DD090E0506E670C5FF848AE1A45890BC6D70EB20C139B19993A8B160893FADAD9ED5A578AAC309E4F99E20B9490186D170A984C1701143C217F48ACDE0E
Malicious:	false
Preview:	....l...........R...H............)...;.. EMF................................8...X....................?...........................................)...;..........S...I...Q...T...........R...H...................S...I...P...(...x........... ....)...;..(...S...I.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\297FEF5D.emf

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1504016
Entropy (8bit):	0.6376230814613634
Encrypted:	false
SSDEEP:	1536:zmUE4ZVtO1ZKadEb/adPaa1LxakIaprMaHaDavag1a1mjMaJnaIah/axShMkGtaH:zmUE4ZVtO1Z9EbKPFLZ/rjHgMmOC
MD5:	4D59A7E93170340B5EC4009F7FA3AD31
SHA1:	E07421156DD87789F93F10904118343CA452BBB5
SHA-256:	83473215E5C2160333AA92EA7F9B1276D8ED7DD66AFC472DC92C88055D189D7D
SHA-512:	415102AD30DF62A63EC47D7B432AB397C2CFC8B6F7FE1E8A7057877379B65D344499089780E089AD2F5C08E3050F4DC2205E7C3C4FFE484C39D067027783AB55
Malicious:	false
Preview:	....l...........R...H............)...;.. EMF................................8...X....................?...........................................)...;..........S...I...Q...T...........R...H...................S...I...P...(...x........... ....)...;..(...S...I.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\41B92C74.emf

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	360824
Entropy (8bit):	3.2366588167853583
Encrypted:	false
SSDEEP:	768:AIccnhKlm0RE4fDONBEKnK1uJq9jn+6VkCYhT/7DRIktjomB:AIPnhKlR7ON6k6x9jIxB
MD5:	649BC957D73117EC8A34E263992E1206
SHA1:	50636F1BB74D7C9F8504112788353CD957354931
SHA-256:	248213732341A5A1530BA451107F43C4C7AA0F5EAA77B8DCCE389635BEE4A688
SHA-512:	7A35BF591BD9D9EA612B7D61A53ABED6B215A7D70C7ABF6F7C45A06A47E7B3EFC9E509045D41134646DD897071CAF9703EA997CE5C887F5F5D0223F1DD033886
Malicious:	false
Preview:	....l...........`...............uN...R.. EMF....x...=.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................a......."...........!...............................................a......."...........!...............................................a......."...........!...............................................a......."...........!...............................................a......."...........!...............................................a.......'.......................%...........................................................&...........................%...........................6.......`.......%...........L...d..........._...............`.......!...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\74F335BA.emf

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1505804
Entropy (8bit):	0.611760173242012
Encrypted:	false
SSDEEP:	768:/jKn4RpbfoTGRFm2GWWDEXM4espe2B/nwyFwx+VjRQ9+c4AgD7PHj8bKYEqQtVxY:/jhRpbfoaRFvGWW6/4DADMXIok/2GiEs
MD5:	D69C22A341E111FEEA69DF6D8C655D60
SHA1:	AC862337F2EFA43627508927F5052CE694012206
SHA-256:	05B2053BF1D070D6034B45CD79B54D80DA3C6D88D016671A345E75048B1A68DB
SHA-512:	D4DB33ED046B3C9BA09C4B3FEAC17B1FE2E75FCE67F4154FD795D504708C295A1E3C8331ED3D6C3EE9950C936C4CC25B5D690558C26F2E1F7771BD5EB275822C
Malicious:	false
Preview:	....l...........R...I............)...;.. EMF................................8...X....................?...........................................)...;..........S...J...Q...P...........R...I...................S...J...P...(...x........... ....)...;..(...S...J.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\86DB968E.emf

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	563220
Entropy (8bit):	3.1451344438951194
Encrypted:	false
SSDEEP:	1536:9IPnhKlzON6k6FkWnrKld6RBRL9jHXMpVTsW:9Ifk8HukUW7qOWW
MD5:	1E4BA5BE743CD211DB2785335298C75D
SHA1:	6169D84FC99CFF765CEDB41DBB2B7183BAC6AFAB
SHA-256:	13355342932542883BC3466357C60CB8497E87B614A9286226DD96D4826780DB
SHA-512:	FEB70E6B7BFBBA9DC918184609E1F910431182DF1542751FA0764477C462680E0975DC4E2314A376F118222EC45828848B4AA30B086E461E5CAB7A098FEAFBBF
Malicious:	false
Preview:	....l...............'...........VT...c.. EMF........................................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i......................................................P$...`.:.-z.P.@..%...<.:...:.......:.d.:..N.Q..:...:.....L.:...:..N.Q..:...:. ....y.P..:...:. ............z.P........................................%...X...%...7...................{$..................C.a.l.i.b.r.i...........p.:.X.....:...:..2.P........dv......%...........%...........%...........!...............................F...(.......GDIC................).......F...4...(...EMF+*@..$..........?...........?........F...........EMF+.@..................................l...........`...............uN...R.. EMF................................8...X.......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A23AD1CC.emf

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1505804
Entropy (8bit):	0.6261842732011597
Encrypted:	false
SSDEEP:	1536:GMPrTmqNX4MeOVPzBymPhVPSH4xsUXFfvbU77iCxlGjD+ysfh/mGG:GMPW0PzPXr11v4/mGG
MD5:	A01B9617553432807B9B58025B338D97
SHA1:	439BDCC450408B9735B2428C2D53D2E6977FA58C
SHA-256:	7A0426ED2E2349916969FF7087C0F76089FB8CE7F4627F3D11CCBC1AAEFCEDCE
SHA-512:	312CC2563FA865D6A939FEA85A520627C73ED9A95BAFC98C89495F21D535DC658825BE74B64F0F5C5815D1D234FC6E77A71779247E4973E39BA8DCCEC2F09BEE
Malicious:	false
Preview:	....l...........R...I............)...;.. EMF................................8...X....................?...........................................)...;..........S...J...Q...P...........R...I...................S...J...P...(...x........... ....)...;..(...S...J.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B013937.emf

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1505804
Entropy (8bit):	1.5719113060369843
Encrypted:	false
SSDEEP:	1536:YTg8p9E9G919NmVVg999vM9W9+99rjx9VwwI2o9l9O9c99999d93feVr2rX6tb71:Igev7w1qbEn0cK1biej15fde
MD5:	AB3C71DADD57C96DE74236A677761633
SHA1:	B1831C9C1D2276395D10AAA35D0A837A1E51C31C
SHA-256:	BE0B0602293E0078A54D37F29B03C21091D4450EDCF827A577D376E670A2C445
SHA-512:	D8A711A9F27244CB49F5C9813F2B11B5300A4D48BD30477110F33B08551696CB0FB52DCE072F6C962B04CB57CDAD14C16CF25C675683D65C61B88B2B05BB9354
Malicious:	false
Preview:	....l...........R...I............)...;.. EMF................................8...X....................?...........................................)...;..........S...J...Q...P...........R...I...................S...J...P...(...x........... ....)...;..(...S...J.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~$RO0000.doc

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.4190068502587043
Encrypted:	false
SSDEEP:	3:Rl/ZdV4volFrjtlttNUltd1lln:RtZX4A5jX/23dl
MD5:	22EDA48C698D77F5EDD76C113A8C17FA
SHA1:	F37CD83E8629BABF7D1C1543035AE7DCC3195336
SHA-256:	FB2722F575EE5DB8EA1ECEC0AEF9CB2A44BBECAEA355EAEA197D716553AC276A
SHA-512:	CE840580CEA1FA0BA626F70F26C4438357547F56207FEF7A3A08DB6D425AF5DF65FBC0E99F840B9A95F7A95BADE33A9207551B35930C65CDAE6F220E20B9A369
Malicious:	false
Preview:	.pratesh................................................p.r.a.t.e.s.h.........a.#.............................e.'.. ..d.3..Bp.................i.+..!...Bp..Bp.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{C5C377A4-DBAB-4E46-BF0B-39EC296CAA1F}.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	7.589471200554308
Encrypted:	false
SSDEEP:	3072:rTL4FLsZqiPWXARhZ68FsTyesAPVZZ+oq/3TLPcx8zJjCXaWfEXXXXXXXXXXXXUZ:rTOLsciuXARh0k5eE/3v/p7XXXXXXXXs
MD5:	B9CF147A11C5472B3DDABCECB4FEA645
SHA1:	813458C582D9C0B50BB925D59FD222D64ED9CC55
SHA-256:	459CA22BF4ED75729711B21332424458E70C9E3ACE7E0C5315E65A3244C764DB
SHA-512:	E942E4E169DA7E8125F85CDE351195304CEEA28DF44360D621C16072A1A1A3897FFE3232244D67163519FA7998F8AAC7FA9E58DEA56095C6A1CF3CC8502C19F7
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRO0000.doc

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type:	Microsoft Word 2007+
Category:	dropped
Size (bytes):	222536
Entropy (8bit):	7.986106596567772
Encrypted:	false
SSDEEP:	6144:EfTmk4N1HBqIlzK10s5eY9p73VVQsxAGvBQ:Eb6HBqIlzKmszp7jZAGvq
MD5:	A2411BDA9FD65DCA69FE3827C53400CE
SHA1:	FC4B6B079272FFC749E762F4C0E728B243D9DF44
SHA-256:	1B2AE580BE8EB987CD2676D60FE9524BBA9BAA1C7C7444C5CAF7F485DF85DCE9
SHA-512:	5F4E5A7198CAC671330817EB9074A1FA61F2AD08098C48B8534FC8078AEB69DA24E20791B5BBCD5371D2799BBED986E64ADB670CFEA9CAFA1E08626262279399
Malicious:	false
Preview:	PK..........!.................[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T.N.0..#....(q..j....(.`.Mk...g....&H.........zz.ZS.BD.]...+.I..[..q~S....pJ..f+@v1;<..W.. ..-S..\..X..."..V$.....\|...'..)..%p.L...W.....~...mXq.>.S.L.o...;1..~....."Qu../.......\.G$} C.\|V.1..wG.ZAq/b.....7..W^.X......7....3[.^."....X..V...L+...*.c.I.}..9.m....@...1i.G7\:.D-...7.c.w.H.#.....=.h.)w.Qk..q..V..A(\.$.Y..1...Vv....].7....z.E.............._4c{3e...............PK..........!.........N......._r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{73518E95-782A-45BE-9C96-7CF15AFBE3D3}.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	0.6020888437828444
Encrypted:	false
SSDEEP:	3:Gg7NYtl6K6DlK/lllYdltn/ldl/dVGqlrzNkk174wPxZlhWu/+6n:3pk65K/G3NtukSwPxZSu26
MD5:	A011B8D7E882E35715E853C4A8453C23
SHA1:	442DBC16B47AA37F2D28ADE2B41A1C56A53E4A68
SHA-256:	55544BA145BA271F5DF122D0E03670AA85FC5E03AA1B2FFB0F80F8233165383A
SHA-512:	3D1D82F699FF213BF3018322663CDFBFC10990DCF3086DB8A4A76F08EAD55DEA3826FA25C6E642539F3ED2A37CE11E176CCF091227574119E262146E363836C4
Malicious:	false
Preview:	....E.M.B.E.D. .E.x.c.e.l...S.h.e.e.t...1.2..... . .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C568A0DB-DBE4-44C5-85CE-BCEC9ECCA540}.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	0.05390218305374581
Encrypted:	false
SSDEEP:	3:ol3lYdn:4Wn
MD5:	5D4D94EE7E06BBB0AF9584119797B23A
SHA1:	DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256:	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512:	95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF1F963D1F478F8E7D.TMP

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF91913997E8231534.TMP

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Sun Jul 16 18:43:24 2023, Security: 0
Category:	dropped
Size (bytes):	1436672
Entropy (8bit):	7.890409437083905
Encrypted:	false
SSDEEP:	24576:IIu9VNZylw6VVOZyRw6VleHBlEzp7uVR0bgcwyA52hcP5YwVux:IIuPR6VVYF6V8hOzFgjy+P5Yj
MD5:	B4115B969BFB265BE73E717391CB3E1F
SHA1:	F44BD7D04C27ED8796C76CF8FFE72B356318AC80
SHA-256:	07B01D42247B67313D436A455F86A91C4205CFEDA02AE04218FBB0D0CBF8A16C
SHA-512:	ACC46018062E6EBDA250B18506C8D5EA9C4B9E36CB66D937688F256279DAC5D28FDAE585697F708E5EBCFD5D640C7CA388258C78AD931D9688E32A37B5A7D60F
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	......................>.......................................................p...q...................S...T...K.......................k.......m.......o.......q.......................................................................................................................................................................................................................................................................................................................................................................................o...n............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./.......1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m.......................s...t...u...v...w...x...y...z...

C:\Users\user\AppData\Local\Temp\~DFF5BAAE5120DD87CE.TMP

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.001885083860130436
Encrypted:	false
SSDEEP:	3:K/:
MD5:	062170D41AFAB5BC613F0C6F009FC51D
SHA1:	0C7EF25F5BB567E4714172829E0598FD90C2E6AB
SHA-256:	EC10A6A383686B5B3ACA96509633961719EC862C20827871A234AA9ADB63863F
SHA-512:	C4548BFE57926D42C648D3C20C23DB430AF017C739DEBFD5D41E587627E7BF41A345005F797364200D7F63CD33F41A935566F5DFA4388373139147B20C7346DB
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFFAD80AEB439BFBA7.TMP

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.6759519140009473
Encrypted:	false
SSDEEP:	12:wwiNiRAxdmNmPlE7EprJQwIdpI5NZMJgF4NJ2RZwfg:IiRAx4NSPprSwgpXuFeJ2W
MD5:	29DB0E735966B4175186D8B1E31433F2
SHA1:	5315462C8A8CE1E704E6AA78DAC8FE04C99119E4
SHA-256:	4CD385E3B8F22E156832D84DD6AB1A5AB5B55968774B70DC46DCD12F33586C0F
SHA-512:	1341BDBA0B522C3AD234FCC09BD75803452A444EDD539AA56B516910CC66CC382190E11F920709EFEE5E1A62C5EE942E4D4A6A59CF884AB7822636EB20D9B36B
Malicious:	false
Preview:	...S.v...:@..hC-.H.QE..\|....l.s...... ........k.Hk..x....n^\|}.]..r..9.._#Z. ...>.....p.J.j_..Tj.....i.Q.....Os..3\|B...lp..?....h=...6K.s4...^..qZ.......;$].Z?.S......U ...lq....J...].P%.. .....5. <Z\|...$D.._.Q.\|)..9......:.$..]....\|-.....$....5.4...;..B3h.f3...s..g..".o.2..>.$...,..b.gP.Q.EC..)..#1.~....H.[..t#.2......X...Uc.....2..k..8$....w?..b+ZsF.0...!.k..'T.U.......epaCp\fw.f+.......U.h3..s..+1.M`-..`.....Y.d.{....C.....I*.....lM..=B.]QV..F...)'....^.2........._CR...Y.....m.C..\|......q.?.u.{....X.J..J................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	24152
Entropy (8bit):	0.7530730999389024
Encrypted:	false
SSDEEP:	24:8fVtBUG6/HOKZP2ZWedbpUQqDVDuHh0UDvNs90LbglAUnYn:8TBW/uKUEY2DDVQh0IseHGRc
MD5:	7CE04D02A980B310BEFD5CA048E563DD
SHA1:	388CDE051FE089C475024409211827B24105D63A
SHA-256:	43934CF20C8A3223DF6EE4F440B484C4F29970192310F3DE1891969AE8453A43
SHA-512:	5F2B722E774A448A9DC46E0291E5CA5472B53170ADA21217A6F7B1D45965C5C8FC705A4D9DBF8FAFF79C1873149D2DE4C19BDF19B6D096892C081715668E5E87
Malicious:	false
Preview:	....2{VU..!. ..-W. ..f-w:m..[..b.......%..G."4)....v0..O....,(~..Ti.B;.e.....4...A;...rB..O......2..]...W.S..Bu..........b.}...9...].dVER.o....:..j.&..:&.).."<....8....:...$.6yI....4:W.`..........VIc....\|.c;...:..xR+K.d....4:~..MVs.%.rO...b.......J..F....H.Rk.o.0..Pi......<_..C...........kB".y.L..o....J....^.....H.7..4n..Z..&...o.....pV....r..f.}......%......}......[<.H..v.4....J.a.K8..L.&.].x..."....b...=.w...XMW.....m.6.A.~.E..m........)x..._.E>/!X<.,b.}.d..}.2!.(D4..5.&.;.;4..Y.....Q..akm.dn..q..}..b#..."s.S-......7.......0$...X.X..N...a.T3>6.c,.\|..A...o......y.:H..k..OQD!y;....yC.N..1.&C.#>.....3.<Ar.GQ...a...Z.<..RtZ]=<...c-..u..G.Y:'...`kA...n..Z..1./...^Y.._........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.4190068502587043
Encrypted:	false
SSDEEP:	3:Rl/ZdV4volFrjtlttNUltd1lln:RtZX4A5jX/23dl
MD5:	22EDA48C698D77F5EDD76C113A8C17FA
SHA1:	F37CD83E8629BABF7D1C1543035AE7DCC3195336
SHA-256:	FB2722F575EE5DB8EA1ECEC0AEF9CB2A44BBECAEA355EAEA197D716553AC276A
SHA-512:	CE840580CEA1FA0BA626F70F26C4438357547F56207FEF7A3A08DB6D425AF5DF65FBC0E99F840B9A95F7A95BADE33A9207551B35930C65CDAE6F220E20B9A369
Malicious:	false
Preview:	.pratesh................................................p.r.a.t.e.s.h.........a.#.............................e.'.. ..d.3..Bp.................i.+..!...Bp..Bp.....

C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Download File

Process:	C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	20
Entropy (8bit):	2.8954618442383215
Encrypted:	false
SSDEEP:	3:QVNliGn:Q9rn
MD5:	C4F79900719F08A6F11287E3C7991493
SHA1:	754325A769BE6ECCC664002CD8F6BDB0D0B8CA4D
SHA-256:	625CA96CCA65A363CC76429804FF47520B103D2044BA559B11EB02AB7B4D79A8
SHA-512:	0F3C498BC7680B4C9167F790CC0BE6C889354AF703ABF0547F87B78FEB0BAA9F5220691DF511192B36AD9F3F69E547E6D382833E6BC25CDB4CD2191920970C5F
Malicious:	false
Preview:	..p.r.a.t.e.s.h.....

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Sun Jul 16 18:43:24 2023, Security: 0
Entropy (8bit):	7.890455030717108
TrID:	Microsoft Excel sheet (30009/1) 47.99% Microsoft Excel sheet (alternate) (24509/1) 39.20% Generic OLE2 / Multistream Compound File (8008/1) 12.81%
File name:	MV_TRANS-ASIA_I.xls
File size:	1'436'672 bytes
MD5:	0c13eceb36bdde5263a3e2ecc3339407
SHA1:	19d9f3512d1d0e0ec66fe8fec4efd149f4287e1f
SHA256:	fffb8dde88ae23cc6c9b00e3692bfe33242ebfde732dc0b0f4a445b729985fc5
SHA512:	e80548f69aca18ff637171e013f39c418813cf6e73de0d81a7b0fda0a2ef4b94cf4355d89ce0fd89911237d05cbff26dc408d233b462908f42aa0ac7515542c0
SSDEEP:	24576:UIu9VNZylw6VVOZyNw6VleHBlEzp7usR0bgcwyA52hcP5YwVux:UIuPR6VVYp6V8hOzkgjy+P5Yj
TLSH:	3765F103D804CBC3D40D83F4BE530EE90F0A6F19E99A7DDB10667F8B3A71A62595A25D
File Content Preview:	........................>.......................................................p...q...................S...T...K.......................k.......m.......o.......q..............................................................................................

File Icon


Icon Hash:	31d5a58e838eacb3

Static OLE Info

General

Document Type:	OLE
Number of OLE Files:	1

OLE File "MV_TRANS-ASIA_I.xls"

Indicators

Has Summary Info:
Application Name:	Microsoft Excel
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	True
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Summary

Code Page:	1252
Author:
Last Saved By:
Create Time:	2006-09-16 00:00:00
Last Saved Time:	2023-07-16 17:43:24
Creating Application:
Security:	0

Document Summary

Document Code Page:	1252
Thumbnail Scaling Desired:	False
Contains Dirty Links:	False
Shared Document:	False
Changed Hyperlinks:	False
Application Version:	786432

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 114

General
Stream Path:	\x1CompObj
File Type:	data
Stream Size:	114
Entropy:	4.25248375192737
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244

General
Stream Path:	\x5DocumentSummaryInformation
File Type:	data
Stream Size:	244
Entropy:	2.889430592781307
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00

Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200

General
Stream Path:	\x5SummaryInformation
File Type:	data
Stream Size:	200
Entropy:	3.181023541297328
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . \| . # . @ . . . . . . . . . . . . . . .
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00

Stream Path: MBD001D392B/\x1CompObj, File Type: data, Stream Size: 93

General
Stream Path:	MBD001D392B/\x1CompObj
File Type:	data
Stream Size:	93
Entropy:	4.2892020709435155
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D392B/\x1Ole, File Type: data, Stream Size: 62

General
Stream Path:	MBD001D392B/\x1Ole
File Type:	data
Stream Size:	62
Entropy:	2.7788384466112834
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 7 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 37 00

Stream Path: MBD001D392B/CONTENTS, File Type: PDF document, version 1.7, 1 pages, Stream Size: 20243

General
Stream Path:	MBD001D392B/CONTENTS
File Type:	PDF document, version 1.7, 1 pages
Stream Size:	20243
Entropy:	7.981772862022755
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 7 . % . 4 0 o b j . < < . / T y p e / X O b j e c t . / S u b t y p e / I m a g e . / W i d t h 9 6 5 . / H e i g h t 5 4 3 . / B i t s P e r C o m p o n e n t 8 . / C o l o r S p a c e / D e v i c e R G B . / F i l t e r [ / F l a t e D e c o d e / D C T D e c o d e ] . / L e n g t h 1 9 3 0 9 . / D e c o d e P a r m s [ n u l l < < . / Q u a l i t y 6 0 . > > ] . > > . s t r e a m . x . T . . - Z . w . . . < . . . N . Y 8 $ b . . . } > { s v [ j T 9 . s g Z . .
Data Raw:	25 50 44 46 2d 31 2e 37 0a 25 e2 e3 cf d3 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 58 4f 62 6a 65 63 74 0a 2f 53 75 62 74 79 70 65 20 2f 49 6d 61 67 65 0a 2f 57 69 64 74 68 20 39 36 35 0a 2f 48 65 69 67 68 74 20 35 34 33 0a 2f 42 69 74 73 50 65 72 43 6f 6d 70 6f 6e 65 6e 74 20 38 0a 2f 43 6f 6c 6f 72 53 70 61 63 65 20 2f 44 65 76 69 63 65 52 47 42 0a 2f 46 69 6c 74

Stream Path: MBD001D392C/\x1CompObj, File Type: data, Stream Size: 93

General
Stream Path:	MBD001D392C/\x1CompObj
File Type:	data
Stream Size:	93
Entropy:	4.2892020709435155
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D392C/\x1Ole, File Type: data, Stream Size: 62

General
Stream Path:	MBD001D392C/\x1Ole
File Type:	data
Stream Size:	62
Entropy:	2.7788384466112834
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 4 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 34 00

Stream Path: MBD001D392C/CONTENTS, File Type: PDF document, version 1.5, 1 pages (zip deflate encoded), Stream Size: 31606

General
Stream Path:	MBD001D392C/CONTENTS
File Type:	PDF document, version 1.5, 1 pages (zip deflate encoded)
Stream Size:	31606
Entropy:	7.916695020479147
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R \| ( ( " * " < 6 ] . . { n n \| . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . .
Data Raw:	25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69

Stream Path: MBD001D392D/\x1CompObj, File Type: data, Stream Size: 93

General
Stream Path:	MBD001D392D/\x1CompObj
File Type:	data
Stream Size:	93
Entropy:	4.2892020709435155
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D392D/\x1Ole, File Type: data, Stream Size: 62

General
Stream Path:	MBD001D392D/\x1Ole
File Type:	data
Stream Size:	62
Entropy:	2.7788384466112834
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 5 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 35 00

Stream Path: MBD001D392D/CONTENTS, File Type: PDF document, version 1.4, 1 pages, Stream Size: 86163

General
Stream Path:	MBD001D392D/CONTENTS
File Type:	PDF document, version 1.4, 1 pages
Stream Size:	86163
Entropy:	7.900904661540566
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 4 . % . . 1 0 o b j . < < . / C r e a t o r ( C a n o n i R - A D V C 5 2 3 5 P D F ) . / C r e a t i o n D a t e ( D : 2 0 2 2 0 1 1 2 1 1 0 1 5 8 Z 0 0 ' 0 0 ' ) . / P r o d u c e r ( \\ 3 7 6 \\ 3 7 7 \\ 0 0 0 A \\ 0 0 0 d \\ 0 0 0 o \\ 0 0 0 b \\ 0 0 0 e \\ 0 0 0 \\ 0 0 0 P \\ 0 0 0 S \\ 0 0 0 L \\ 0 0 0 \\ 0 0 0 1 \\ 0 0 0 . \\ 0 0 0 \\ . 2 \\ 0 0 0 e \\ 0 0 0 \\ 0 0 0 f \\ 0 0 0 o \\ 0 0 0 r \\ 0 0 0 \\ 0 0 0 C \\ 0 0 0 a \\ 0 0 0 n \\ 0 0 0 o \\ 0 0 0 n \\ 0 0 0 \\ 0 0 0 ) . > > . e n
Data Raw:	25 50 44 46 2d 31 2e 34 0a 25 e2 e3 cf d3 0d 0a 31 20 30 20 6f 62 6a 0a 3c 3c 20 0a 2f 43 72 65 61 74 6f 72 20 28 43 61 6e 6f 6e 20 69 52 2d 41 44 56 20 43 35 32 33 35 20 20 50 44 46 29 0a 2f 43 72 65 61 74 69 6f 6e 44 61 74 65 20 28 44 3a 32 30 32 32 30 31 31 32 31 31 30 31 35 38 5a 30 30 27 30 30 27 29 0a 2f 50 72 6f 64 75 63 65 72 20 28 5c 33 37 36 5c 33 37 37 5c 30 30 30 41 5c

Stream Path: MBD001D392E/\x1CompObj, File Type: data, Stream Size: 93

General
Stream Path:	MBD001D392E/\x1CompObj
File Type:	data
Stream Size:	93
Entropy:	4.2892020709435155
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D392E/\x1Ole, File Type: data, Stream Size: 64

General
Stream Path:	MBD001D392E/\x1Ole
File Type:	data
Stream Size:	64
Entropy:	2.892622069467395
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 6 9 1 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 36 39 31 00

Stream Path: MBD001D392E/CONTENTS, File Type: PDF document, version 1.4, 1 pages, Stream Size: 124841

General
Stream Path:	MBD001D392E/CONTENTS
File Type:	PDF document, version 1.4, 1 pages
Stream Size:	124841
Entropy:	7.657052848938946
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 4 . . % . . % . . % w P D F b y W P C u b e d G m b H V 3 . 5 4 x [ 0 ] . . % . . % . . 1 0 o b j . < < / T y p e / M e t a d a t a / S u b t y p e / X M L / L e n g t h 1 4 4 7 > > . . s t r e a m . < ? x p a c k e t b e g i n = " . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > . < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " 3 . 1 - 7 0 1 " > . < r d f : R D F x m l n s : r d f = " h t t p : / / w w w . w 3 .
Data Raw:	25 50 44 46 2d 31 2e 34 0d 0a 25 e2 e3 cf d3 0d 0a 25 0d 0a 25 77 50 44 46 20 62 79 20 57 50 43 75 62 65 64 20 47 6d 62 48 20 56 33 2e 35 34 78 5b 30 5d 0d 0a 25 0d 0a 25 0d 0a 31 20 30 20 6f 62 6a 0d 3c 3c 2f 54 79 70 65 2f 4d 65 74 61 64 61 74 61 2f 53 75 62 74 79 70 65 2f 58 4d 4c 2f 4c 65 6e 67 74 68 20 31 34 34 37 20 3e 3e 0d 0a 73 74 72 65 61 6d 0a 3c 3f 78 70 61 63 6b 65 74

Stream Path: MBD001D392F/\x1CompObj, File Type: data, Stream Size: 93

General
Stream Path:	MBD001D392F/\x1CompObj
File Type:	data
Stream Size:	93
Entropy:	4.2892020709435155
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D392F/\x1Ole, File Type: data, Stream Size: 64

General
Stream Path:	MBD001D392F/\x1Ole
File Type:	data
Stream Size:	64
Entropy:	2.892622069467395
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 6 9 0 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 36 39 30 00

Stream Path: MBD001D392F/CONTENTS, File Type: PDF document, version 1.5, Stream Size: 66661

General
Stream Path:	MBD001D392F/CONTENTS
File Type:	PDF document, version 1.5
Stream Size:	66661
Entropy:	7.946317330962055
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 5 . % . 2 0 o b j . < < . / P a g e s 4 0 R . / T y p e / C a t a l o g . / O u t p u t I n t e n t s 5 0 R . / M e t a d a t a 6 0 R . / A c r o F o r m 7 0 R . / V e r s i o n / 1 # 2 E 5 . > > . e n d o b j . 6 0 o b j . < < . / T y p e / M e t a d a t a . / S u b t y p e / X M L . / F i l t e r / F l a t e D e c o d e . / L e n g t h 4 5 4 . > > . s t r e a m . . x n 0 . . S X . 6 _ Q . U 4 : m Q . # c . . W M X T . . H > > . } \| . l . M . / . T
Data Raw:	25 50 44 46 2d 31 2e 35 0a 25 a7 e3 f1 f1 0a 32 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 61 67 65 73 20 34 20 30 20 52 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 4f 75 74 70 75 74 49 6e 74 65 6e 74 73 20 35 20 30 20 52 0a 2f 4d 65 74 61 64 61 74 61 20 36 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 37 20 30 20 52 0a 2f 56 65 72 73 69 6f 6e 20 2f 31 23 32 45 35 0a 3e 3e 0a 65 6e

Stream Path: MBD001D3930/\x1CompObj, File Type: data, Stream Size: 93

General
Stream Path:	MBD001D3930/\x1CompObj
File Type:	data
Stream Size:	93
Entropy:	4.2892020709435155
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D3930/\x1Ole, File Type: data, Stream Size: 64

General
Stream Path:	MBD001D3930/\x1Ole
File Type:	data
Stream Size:	64
Entropy:	2.892622069467395
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 9 5 1 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 39 35 31 00

Stream Path: MBD001D3930/CONTENTS, File Type: PDF document, version 1.5, 1 pages (zip deflate encoded), Stream Size: 31606

General
Stream Path:	MBD001D3930/CONTENTS
File Type:	PDF document, version 1.5, 1 pages (zip deflate encoded)
Stream Size:	31606
Entropy:	7.916695020479147
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R \| ( ( " * " < 6 ] . . { n n \| . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . .
Data Raw:	25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69

Stream Path: MBD001D3931/\x1CompObj, File Type: data, Stream Size: 93

General
Stream Path:	MBD001D3931/\x1CompObj
File Type:	data
Stream Size:	93
Entropy:	4.2892020709435155
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D3931/\x1Ole, File Type: data, Stream Size: 64

General
Stream Path:	MBD001D3931/\x1Ole
File Type:	data
Stream Size:	64
Entropy:	2.892622069467395
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 9 5 0 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 39 35 30 00

Stream Path: MBD001D3931/CONTENTS, File Type: PDF document, version 1.7, 1 pages, Stream Size: 62293

General
Stream Path:	MBD001D3931/CONTENTS
File Type:	PDF document, version 1.7, 1 pages
Stream Size:	62293
Entropy:	7.949249248462166
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / P a g e M o d e / U s e N o n e . / V i e w e r P r e f e r e n c e s < < . / F i t W i n d o w t r u e . / P a g e L a y o u t / S i n g l e P a g e . / N o n F u l l S c r e e n P a g e M o d e / U s e N o n e . > > . > > . e n d o b j . 5 0 o b j . < < . / L e n g t h 1 2 7 2 . / F i l t e r [ / F l a t e D e c o d e ] . > > . s t r e a m . x X
Data Raw:	25 50 44 46 2d 31 2e 37 20 0a 25 e2 e3 cf d3 20 0a 31 20 30 20 6f 62 6a 20 0a 3c 3c 20 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 20 0a 2f 50 61 67 65 73 20 32 20 30 20 52 20 0a 2f 50 61 67 65 4d 6f 64 65 20 2f 55 73 65 4e 6f 6e 65 20 0a 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 3c 3c 20 0a 2f 46 69 74 57 69 6e 64 6f 77 20 74 72 75 65 20 0a 2f 50 61 67 65 4c 61 79

Stream Path: MBD001D3932/\x1CompObj, File Type: data, Stream Size: 93

General
Stream Path:	MBD001D3932/\x1CompObj
File Type:	data
Stream Size:	93
Entropy:	4.2892020709435155
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D3932/\x1Ole, File Type: data, Stream Size: 64

General
Stream Path:	MBD001D3932/\x1Ole
File Type:	data
Stream Size:	64
Entropy:	2.892622069467395
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 6 9 1 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 36 39 31 00

Stream Path: MBD001D3932/CONTENTS, File Type: PDF document, version 1.4, 1 pages, Stream Size: 124841

General
Stream Path:	MBD001D3932/CONTENTS
File Type:	PDF document, version 1.4, 1 pages
Stream Size:	124841
Entropy:	7.657052848938946
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 4 . . % . . % . . % w P D F b y W P C u b e d G m b H V 3 . 5 4 x [ 0 ] . . % . . % . . 1 0 o b j . < < / T y p e / M e t a d a t a / S u b t y p e / X M L / L e n g t h 1 4 4 7 > > . . s t r e a m . < ? x p a c k e t b e g i n = " . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > . < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " 3 . 1 - 7 0 1 " > . < r d f : R D F x m l n s : r d f = " h t t p : / / w w w . w 3 .
Data Raw:	25 50 44 46 2d 31 2e 34 0d 0a 25 e2 e3 cf d3 0d 0a 25 0d 0a 25 77 50 44 46 20 62 79 20 57 50 43 75 62 65 64 20 47 6d 62 48 20 56 33 2e 35 34 78 5b 30 5d 0d 0a 25 0d 0a 25 0d 0a 31 20 30 20 6f 62 6a 0d 3c 3c 2f 54 79 70 65 2f 4d 65 74 61 64 61 74 61 2f 53 75 62 74 79 70 65 2f 58 4d 4c 2f 4c 65 6e 67 74 68 20 31 34 34 37 20 3e 3e 0d 0a 73 74 72 65 61 6d 0a 3c 3f 78 70 61 63 6b 65 74

Stream Path: MBD001D3933/\x1CompObj, File Type: data, Stream Size: 93

General
Stream Path:	MBD001D3933/\x1CompObj
File Type:	data
Stream Size:	93
Entropy:	4.2892020709435155
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D3933/\x1Ole, File Type: data, Stream Size: 64

General
Stream Path:	MBD001D3933/\x1Ole
File Type:	data
Stream Size:	64
Entropy:	2.892622069467395
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 6 9 0 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 36 39 30 00

Stream Path: MBD001D3933/CONTENTS, File Type: PDF document, version 1.5, Stream Size: 66661

General
Stream Path:	MBD001D3933/CONTENTS
File Type:	PDF document, version 1.5
Stream Size:	66661
Entropy:	7.946317330962055
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 5 . % . 2 0 o b j . < < . / P a g e s 4 0 R . / T y p e / C a t a l o g . / O u t p u t I n t e n t s 5 0 R . / M e t a d a t a 6 0 R . / A c r o F o r m 7 0 R . / V e r s i o n / 1 # 2 E 5 . > > . e n d o b j . 6 0 o b j . < < . / T y p e / M e t a d a t a . / S u b t y p e / X M L . / F i l t e r / F l a t e D e c o d e . / L e n g t h 4 5 4 . > > . s t r e a m . . x n 0 . . S X . 6 _ Q . U 4 : m Q . # c . . W M X T . . H > > . } \| . l . M . / . T
Data Raw:	25 50 44 46 2d 31 2e 35 0a 25 a7 e3 f1 f1 0a 32 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 61 67 65 73 20 34 20 30 20 52 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 4f 75 74 70 75 74 49 6e 74 65 6e 74 73 20 35 20 30 20 52 0a 2f 4d 65 74 61 64 61 74 61 20 36 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 37 20 30 20 52 0a 2f 56 65 72 73 69 6f 6e 20 2f 31 23 32 45 35 0a 3e 3e 0a 65 6e

Stream Path: MBD001D3934/\x1CompObj, File Type: data, Stream Size: 98

General
Stream Path:	MBD001D3934/\x1CompObj
File Type:	data
Stream Size:	98
Entropy:	3.587021451896387
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t O f f i c e W o r d D o c u m e n t . . . . . M S W o r d D o c x . . . . . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 57 6f 72 64 20 44 6f 63 75 6d 65 6e 74 00 0b 00 00 00 4d 53 57 6f 72 64 44 6f 63 78 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D3934/Package, File Type: Microsoft Word 2007+, Stream Size: 222536

General
Stream Path:	MBD001D3934/Package
File Type:	Microsoft Word 2007+
Stream Size:	222536
Entropy:	7.986106596567772
Base64 Encoded:	True
Data ASCII:	P K . . . . . . . . . . ! . . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	50 4b 03 04 14 00 06 00 08 00 00 00 21 00 91 93 a8 bc 8f 01 00 00 bf 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD001D3935/\x1OlE10NAtiVE, File Type: data, Stream Size: 1575

General
Stream Path:	MBD001D3935/\x1OlE10NAtiVE
File Type:	data
Stream Size:	1575
Entropy:	7.23485897637031
Base64 Encoded:	True
Data ASCII:	. 6 . . ~ . G . . . N . . . . . . . . . . . . . . . . . . . . . . . . . P . E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ) D . . . . 2 . . . . { . > _ , ^ ; k 1 . . U ; ? E . . . c . q z > y . i 6 , F [ 9 x ! " . q l Y 3 u . . A ; = . . . * . H ) \\ x , . { ) 1 s o . x . P Q A J 8 c . Y Z a T ] . ' . $ S W P b u = K L . . ' . T A 7 d e K @ } . - ( $ a F b 4 / . . 1 \| . e = 7 < . < . I ? " U r ^ . . @ . D _ _ u . % . } ' R D " } . D } t o % s . . j 3 q M M . . W P . . . . . C . . - V . . - d
Data Raw:	e4 04 36 01 03 7e 01 eb 47 0a 01 05 ad 4e b7 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 06 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 29 c3 44 00 00 00 00 e9 32 01 00 00 bc 02 de e3 7b 16 3e 5f 2c 5e 3b 6b f6 31 c2 a3 1f bc 86 92 55 3b 3f fb e6 45 e6 10 09 fe f9 be 14 63 bc e1 c4 81 71 8a 7a c0 a6

Stream Path: MBD001D3935/\x1Ole, File Type: data, Stream Size: 20

General
Stream Path:	MBD001D3935/\x1Ole
File Type:	data
Stream Size:	20
Entropy:	0.5689955935892812
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . .
Data Raw:	01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 563748

General
Stream Path:	Workbook
File Type:	Applesoft BASIC program data, first line number 16
Stream Size:	563748
Entropy:	7.900998864592758
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . l . 9 P . 8 . . . . . . . X . @ . . . . . . . . . . " . . . .
Data Raw:	09 08 10 00 00 06 05 00 aa 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 517

General
Stream Path:	_VBA_PROJECT_CUR/PROJECT
File Type:	ASCII text, with CRLF line terminators
Stream Size:	517
Entropy:	5.221184697935102
Base64 Encoded:	True
Data ASCII:	I D = " { 5 6 6 A 4 A E 7 - 8 5 A 5 - 4 3 2 E - B 6 8 C - 3 1 E A F B C 7 0 1 B 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 1 3 3 C 9 2 F C D 2 F C D 2 F C
Data Raw:	49 44 3d 22 7b 35 36 36 41 34 41 45 37 2d 38 35 41 35 2d 34 33 32 45 2d 42 36 38 43 2d 33 31 45 41 46 42 43 37 30 31 42 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30

Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104

General
Stream Path:	_VBA_PROJECT_CUR/PROJECTwm
File Type:	data
Stream Size:	104
Entropy:	3.0488640812019017
Base64 Encoded:	False
Data ASCII:	T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
Data Raw:	54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00

Network Behavior

⊘No network behavior found

Statistics

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXEPID: 5468, Parent PID: 796

General

Target ID:	0
Start time:	07:55:16
Start date:	17/07/2023
Path:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
Imagebase:	0xc0000
File size:	27'110'184 bytes
MD5 hash:	5D6638F2C8F8571C593999C58866007E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Registry Activities

Key Created

Key Value Created

Analysis Process: WINWORD.EXEPID: 4668, Parent PID: 796

General

Target ID:	1
Start time:	07:56:08
Start date:	17/07/2023
Path:	C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" -Embedding
Imagebase:	0xc60000
File size:	1'937'688 bytes
MD5 hash:	0B9AB9B9C4DE429473D6450D4297A123
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Analysis Process: splwow64.exePID: 5496, Parent PID: 4668

General

Target ID:	2
Start time:	07:56:10
Start date:	17/07/2023
Path:	C:\Windows\splwow64.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\splwow64.exe 12288
Imagebase:	0x7ff69cdb0000
File size:	130'560 bytes
MD5 hash:	8D59B31FF375059E3C32B17BF31A76D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Analysis Process: AcroRd32.exePID: 5680, Parent PID: 796

General

Target ID:	3
Start time:	07:56:15
Start date:	17/07/2023
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
Imagebase:	0x820000
File size:	2'571'312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

File Activities

File Created

File Moved

Registry Activities

Key Created

Analysis Process: RdrCEF.exePID: 2528, Parent PID: 5680

General

Target ID:	4
Start time:	07:56:19
Start date:	17/07/2023
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Imagebase:	0x960000
File size:	9'475'120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used or give context to information collected by a keylogger.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MV_TRANS-ASIA_I.xls

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

Windows Analysis Report
MV_TRANS-ASIA_I.xls