Windows
Analysis Report
MV_TRANS-ASIA_I.xls
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
EXCEL.EXE (PID: 5468 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Office16\ EXCEL.EXE" /automati on -Embedd ing MD5: 5D6638F2C8F8571C593999C58866007E)
WINWORD.EXE (PID: 4668 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Office16\ WINWORD.EX E" -Embedd ing MD5: 0B9AB9B9C4DE429473D6450D4297A123) splwow64.exe (PID: 5496 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 8D59B31FF375059E3C32B17BF31A76D5)
AcroRd32.exe (PID: 5680 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroR d32.exe" - Embedding MD5: B969CF0C7B2C443A99034881E8C8740A) RdrCEF.exe (PID: 2528 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroC EF\RdrCEF. exe" --bac kgroundcol or=1651404 3 MD5: 9AEBA3BACD721484391D15478A4080C7)
- cleanup
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: |
Source: | File opened: |
Source: | Memory has grown: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Screenshot OCR: |
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: | ||
Source: | OLE indicator, VBA macros: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Key opened: |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Key opened: |
Source: | File opened: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Stream path 'MBD001D392B/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D392C/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D392D/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D392F/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D3930/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D3931/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D3933/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D3934/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'MBD001D392B/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D392C/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D392D/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D392F/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D3930/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D3931/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D3933/CONTENTS' entropy: | ||
Source: | Stream path 'MBD001D3934/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Window / User API: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Scripting | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Virtualization/Sandbox Evasion | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Disable or Modify Tools | LSASS Memory | 1 Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Virtualization/Sandbox Evasion | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Process Injection | NTDS | 2 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Scripting | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Obfuscated Files or Information | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Extra Window Memory Injection | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
43% | Virustotal | Browse | ||
26% | ReversingLabs | Win32.Exploit.CVE-2018-0802 | ||
100% | Avira | EXP/CVE-2018-0798.Gen |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | EXP/CVE-2018-0798.Gen |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 38.0.0 Beryl |
Analysis ID: | 1274208 |
Start date and time: | 2023-07-17 07:54:11 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | MV_TRANS-ASIA_I.xls |
Detection: | MAL |
Classification: | mal76.winXLS@22/81@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Excluded IPs from analysis (wh
itelisted): 52.109.28.100, 20. 224.224.21, 20.126.106.131, 20 .25.84.51, 2.21.22.179, 2.21.2 2.155, 23.36.224.131 - Excluded domains from analysis
(whitelisted): prod-w.nexus.l ive.com.akadns.net, acroipm2.a dobe.com.edgesuite.net, e4578. dscb.akamaiedge.net, prod.conf igsvc1.live.com.akadns.net, ct ldl.windowsupdate.com, acroipm 2.adobe.com, ssl.adobe.com.edg ekey.net, armmf.adobe.com, con fig.officeapps.live.com, a122. dscd.akamai.net, nexus.officea pps.live.com, officeclient.mic rosoft.com, europe.configsvc1. live.com.akadns.net - Report size getting too big, t
oo many NtCreateFile calls fou nd. - Report size getting too big, t
oo many NtSetInformationFile c alls found. - Report size getting too big, t
oo many NtWriteVirtualMemory c alls found.
Time | Type | Description |
---|---|---|
07:56:10 | API Interceptor | |
07:56:20 | API Interceptor |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 205 |
Entropy (8bit): | 5.61223987875705 |
Encrypted: | false |
SSDEEP: | 3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuVlTYAlKMkt+H/XiTFJrqzOJkvP5m1:men9YOFLvEWdM9QqYAmt+H/Xi7Z+P41 |
MD5: | C871053BF2AC0B98BC89253E672BF376 |
SHA1: | CCBC5B2142B2863FDCFACEA270C2401726C10A32 |
SHA-256: | 2C767E8B72495786362FE1A7CAEFC788646A05D2AC0C66D13EDC5055496A13E2 |
SHA-512: | 5A13506044393B0A588E876983840555C454E83E7F559A5E192D214770AAC4DAEF92E68147BCE1AC1D653CC2BDE529AD5A0AD9457B3042DE20AA04206971BF2D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 174 |
Entropy (8bit): | 5.51088976744848 |
Encrypted: | false |
SSDEEP: | 3:m+lF9NX6v8RzYOCGLvHktWVne3duE19hMktWg3e98fZe/O+/rkwGhkg4m1:mi9NqEYOFLvEkNoddjtWg68Be7Ywcr1 |
MD5: | 8F1944E2F1324D7E22D9796C459B6496 |
SHA1: | 73903F86A9109D31A6B9512EDD63F35413510178 |
SHA-256: | 67B8180CF7D6FE1CDB22615D55A959D9633AB32895CCAAC3EE569D47A9CD7F79 |
SHA-512: | DD5B5695E0F82BFB341F7DD9E3CE36D1E9F85AD158145329562EC302AC40A44BFDDCDB4FBC408715E1D24666C7ADACAE88C64368B724E8469BE0554609F13B6A |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 5.551924042879212 |
Encrypted: | false |
SSDEEP: | 6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhudYOthkmt/RlUoSjGY1:DyeRVFAFjVFAF5YOX9tZlUo6 |
MD5: | 91C69F5E63FF0B0F2C5758C1378F2F9A |
SHA1: | 9C82A9D22B83E5043A301FCFCC62288C478514DA |
SHA-256: | 59F331BEEAEDFD53DE4B1D1077DE5CB550159E8D288184DD91C2D738681F3458 |
SHA-512: | C03641488E3096440DED0F99F522B14451B2402A77F894EF40C1D29551E03A0CAE3793A195EC509AB681536442E8C65D5C176F67637A4BC19A6C217CCF77766E |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 232 |
Entropy (8bit): | 5.650561115995741 |
Encrypted: | false |
SSDEEP: | 6:mNtVYOFLvEWdFCi5RsYDwtR9lTuiWulHyA1:IbRkiDlsHTjWus |
MD5: | CCF2B87A14EBBEE6C8F8CE51E4ED9D41 |
SHA1: | 6D02BB66DDC645E8E0ACC524E500CA41F4838B16 |
SHA-256: | 96850A33C1599C42FF4C89BDB77EF44E792008F12EB743587D86736571868B97 |
SHA-512: | B3B214CC56E81CEB0C771110074A1CE7E41C0C469A3D4990A60CC28360F1CCD3EF784CC3C9A60DE36C3A269786A3EC5C4EBD7A08EAA96ED3570CC4E70CE7FEF2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 210 |
Entropy (8bit): | 5.523137919000196 |
Encrypted: | false |
SSDEEP: | 6:m+yiXYOFLvEWd7VIGXVu0rtc/OVyh9PT41:pyixRu6qOV41T |
MD5: | DA1F6A367B150F236EFA17FFE47F124F |
SHA1: | 5925F64767F6CF07D44BC965A41D9D648CEE75F5 |
SHA-256: | D93F2C9B951CEA7C4E228876DC38EDC4A6962AE3767EBF4FCF9E6805645FCA9F |
SHA-512: | DEFB285D57A1367538037630A94BE2D89E58E946DD16095E424931B1FC5B133B44F1380D2EE2DFB14751CF0A356A6844D30D135D208DACB223B6A187694DE0AB |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 216 |
Entropy (8bit): | 5.566661576240236 |
Encrypted: | false |
SSDEEP: | 3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVoNh/VtTBqMktkX3lYo2sZI8xeGI:mvYOFLvEWdhwjQjv/BQtkV3ZIl6P41 |
MD5: | 6ED08598A6F76F46FC28C46D781F474E |
SHA1: | 28F4981C716DA1086E4D13A66793A2849ADE9C29 |
SHA-256: | 3457860971B87FDD8A79AB3214159DBC7F806C01730C7D80FDFDC4D808EC6761 |
SHA-512: | 68F6A1C076220A4DC029E5EA0A199867C894831DA63E363F35540D2B9681EE6691EDEBED67A01E55D6E6FB6FEE3844B9211CA17145268BA219B227E1FC09517F |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 209 |
Entropy (8bit): | 5.520746708732466 |
Encrypted: | false |
SSDEEP: | 3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVQyb6Kl6FpV0hMkt9ltlVcyx3:mJYOFLvEWdGQRQOdQ7HZFpVQtNrD6g1 |
MD5: | 37DCE6A501921682AEFBFE877FA10E1B |
SHA1: | 3160403CDC41C8E104181011F0B4BDB892ED5A39 |
SHA-256: | 123E3CECD049C060705583572118BE26C4297948FF9CABC29A9914CBF8617DD2 |
SHA-512: | EDC557C8F104C8CC01DEBE5DD7124339BBA77930846001F6F5AD29AE50B2878B133DC0844A0363921E170A3999C476BA26DD4E07C1306CAEAA44A746DC63F690 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 179 |
Entropy (8bit): | 5.5431419378256335 |
Encrypted: | false |
SSDEEP: | 3:m+lLp08RzYOCGLvHkfaMMuVB2dY0hMktLtDQMWqg4nRb7om5m1:mOYOFLvECMLcY0jt5EuR/41 |
MD5: | 5412B176A37357F111F0AA175F8BB2EF |
SHA1: | F5807E2E0D3E9D97D316E43863C4F34394F1F91F |
SHA-256: | 3B5F52D3EFDF4B3AAB2413144377256A9CBF63159662B86049F640EE29684B77 |
SHA-512: | 88FC43B41B115F9B1611A9915080F6683ACF01A36F2F828BA9F18399A4C06BF965738A448705F274EEC5DE41CAB5AEBD3CACEBA5191DC010942C9E0508C1C3A8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 214 |
Entropy (8bit): | 5.52309525423456 |
Encrypted: | false |
SSDEEP: | 6:m4fPYOFLvEWdtuvAlUTOteWby0zBUKSAA1:pR6AlUKIWb |
MD5: | 2E4BBA1013971089FFDED1A40B7563E4 |
SHA1: | 31814365231DC102FBF6BB73423DCA16B5F2F698 |
SHA-256: | C658F57EDDE953DE46E3B5E920376C5D33666232C59C3B3795FEF5F281997816 |
SHA-512: | C54CE0F8C94B45B071DB22ADC34EC4A75D399C88373D0C60C83E8C0D0636E6F13B0BC656A59F0B2BB53873751485B533B8AD464768CD7662F2E3DFF5850E343A |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 177 |
Entropy (8bit): | 5.4877875378804575 |
Encrypted: | false |
SSDEEP: | 3:m+l64HXlA8RzYOCGLvHkjXMLOWFvOpb62yI3hMktcltMd1dn76KohyP5m1:md4HXXYOFLvEjMSWFvO162b3jt4+jUd1 |
MD5: | B2F3F8612B84CB3CD1F28CE9D4DA0DD3 |
SHA1: | 384D7457E7585E19DC6B39163F66ED4F7B136230 |
SHA-256: | 12FF8A02C800B9B2A0B88A3072F521C44E186B7528C72B9C2D2D7E026B74467D |
SHA-512: | 7AFB2C10F3F634B99A99788DB7989EC5FD16259D0D974D9645EBBF3DE0E7C35E571A72459AF025C2949E249DB80C8933BEDE85902EE1E3E9D6333502C4EE92AA |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 187 |
Entropy (8bit): | 5.551946923522821 |
Encrypted: | false |
SSDEEP: | 3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLmtBhleL/TcMktW//jUPqf9tsDMaPV44m1:mkl9YOFLvEWsfOLmtReWtW//oPqVyM+e |
MD5: | A879848609F1099D1309297AD51595C6 |
SHA1: | 7BC8D045859DE60698A0F4614AEA59096B199B0E |
SHA-256: | 8EDE23779D93C1A33D3F7660B4DDF3C527F22CC29D56F9A987A02990F45D0B6C |
SHA-512: | A755B30DDB60057F0BC8E8FA1FE9551233BB74D02633B8D9D95B16EFE2E4D8B0FB31C765AB3F3964F17AC51A6376C363E8164F3765D866168A2CECC519F0D78C |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 244 |
Entropy (8bit): | 5.5873111736313605 |
Encrypted: | false |
SSDEEP: | 6:mt9YOFLvEWdVFLBKFjVFLBKFly2liIaKtCtqtwSeKaT9pr1:URVFAFjVFAF3kI5UtqtwSeKaTL |
MD5: | 515776C56999EFEA34F652FE86530864 |
SHA1: | A9ABC844CA9C2FF02E750BFC1792BCB1E3C0E9B7 |
SHA-256: | 71E090610F36219FE0894B246AC88BF821CA68C072AED89DA6762B202A098376 |
SHA-512: | B1C5F0CCBB4EBD83CD04CA9AD487572B1F8BB802E5683F1ED4542BBC857730197D54519313119C2BDF8E0ABAE80C8A187F3F5B31B041E42AB0EB6723E15A8CA1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 211 |
Entropy (8bit): | 5.4762597236937625 |
Encrypted: | false |
SSDEEP: | 3:m+lx4F08RzYOCGLvHkWBGKuKjXKGBIEGdevA/KPWFvsasdwTI3hMktlqyrpYFm1:ms2VYOFLvEWdvBIEGdeXuKdwTOtll11 |
MD5: | 39816C41D385BF0716307FDCE2241D8E |
SHA1: | 6F90190E096CF377142587DF3D4A28E4C559796C |
SHA-256: | 91447CD470AFEA613B2027F8100E42C8EE81557AE684E9869609FF2C179F62EA |
SHA-512: | 654E39D6D9D1174DC810AFBD3C54080DB8A99A75F0B854424B3B7817481A48A5C06C091FA51DEA7587EF4324C80CFE5B72A824032072E7950ED6D65E900A59D3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 202 |
Entropy (8bit): | 5.614284452386816 |
Encrypted: | false |
SSDEEP: | 6:maVYOFLvEWdwAPCQUldHQt29xm7OhKlvA1:RbR16/Xw4xmJ |
MD5: | 250B1BAE344CFB109250F9908861AEF8 |
SHA1: | B391A0F20C24483BABE64421D9FB9C85F85A873C |
SHA-256: | 34907413BFA978FADC74432CDCF31706C9C734D7B46BFE7CEEFC1A0FDDA4F033 |
SHA-512: | 36EAE82C772C6ABB98F9DDC03B25A2FDBFC5A4A4680BD2D3A6E03851E28A6C6998AF0911D132C02C2F8D2B8A8F6D7797AEAC7F3514AC3E4E03F7B3D80E5810F5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 211 |
Entropy (8bit): | 5.5486003345539485 |
Encrypted: | false |
SSDEEP: | 3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvxLlg3hMktPf/FdF5YufMy:ms2gEYOFLvEWdGQRQVubRGtPfddFt1 |
MD5: | E280C58A7CA3BFA0630FE68BA42ECFEA |
SHA1: | E1C78EBDC2784E3A0B7337D82E5E12DFCE73880B |
SHA-256: | 97ECA4707E4EF6F3C24DDC9324D66B29CAB854BFDD64EA719C3DB96D826CB6EE |
SHA-512: | 92797A388E30FC0D895FD0BB1C6A9FAE0216A53E87E50B8CA07C1D3BDCBFF4C850F9732D02494E1814296D400ABD7728097C4E8823A48C4AF806569509ECC908 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 206 |
Entropy (8bit): | 5.579782196146133 |
Encrypted: | false |
SSDEEP: | 3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVy0bN6I3hMktF5F/l4EnNWQ1SUm1:mzyEYOFLvEWdrIOQZ0bsOtMEt1S/1 |
MD5: | 7654A9790356D9B93271C6E90B54A225 |
SHA1: | 47C184234887C7D61F522A22373FC00F4F06ED7D |
SHA-256: | 02AF6CCC02163F84D6B1E33AD39A5474D0C55E783296F65A1A56D4383FE36396 |
SHA-512: | 4757542994269E4454CE2184A56F86F286DE829D53BCD63239D611D422241C9F309FDEC031035A410318B045C1C684D3D0796DBCDC4243F8C20962BF31230072 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 218 |
Entropy (8bit): | 5.570237511250573 |
Encrypted: | false |
SSDEEP: | 3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvAt+2X3TcMktR9//SlwJNqww6U+5y:mnYOFLvEWdhwyuizqtb//SlwrqwK+41 |
MD5: | AB88BA320A998AFC717B2DE2490AC7F9 |
SHA1: | DD5FBD6F499812A7A21260182C3B50D5562CBA0F |
SHA-256: | 4AB1B8E911FE8AFE2AFDA0B83D620121CDE1A8E00FCE1EDD112B2C08A068CC5C |
SHA-512: | 3C98E60EC4A4FE855FCDBFA27201FD2A625FB37C5BEC4120EEAC067B180EAD2607AC3C4FA95D28363D3248752F8F05DD0C341D21D101ECA2B93D77B31F55E80A |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 230 |
Entropy (8bit): | 5.578590624509309 |
Encrypted: | false |
SSDEEP: | 3:m+l26Xa8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKH/KPWFvY0q+ppO9hMktpbX8c:mYXYOFLvEWdrROk/RJbu+9+qtSfO441 |
MD5: | B78E7AAE756C4DC24521317DAD0C4859 |
SHA1: | 3FEDB7F8EB5613799356ACD4ED77FCB34C679CF2 |
SHA-256: | 2EE888BAD682A6B262B8AA77978A567AA4DED6FF0068C1046F3735D2A4277163 |
SHA-512: | FC9C3BC502EF3574DD2B0E172B0716906B33F7D43159F304E3132837C620199144252315162F21F586E281FCE29FC833BC7DBF7A53576678EAA0FF7A71BEBAAF |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 186 |
Entropy (8bit): | 5.582116833997269 |
Encrypted: | false |
SSDEEP: | 3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVpVlcBS/Mkt45zoIN1OFPL4m1:mmDEYOFLvEWXItc0t6zV1QPLr1 |
MD5: | 6474913FB488D2BD37477A269631A5D3 |
SHA1: | 6225A41FC0983BCA1A66258028FC0F7FD3B1D7AF |
SHA-256: | 8C7260677BF30713DED205BCF180B419BA18C18260D78D555AA6B4017A6F7C74 |
SHA-512: | EDB8BF9B9FC7A00D5138D3CD5C10B153124613690CAA1464F515C7C7D56945543A1A525990231AC7FC2EC4E84AFCADE0079A3F5E97969E945E89D3CBFABBC796 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 207 |
Entropy (8bit): | 5.5763103933628075 |
Encrypted: | false |
SSDEEP: | 3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFv2KmXpShMkt+D9/tm8D6EsEJeUm1:m52YOFLvEWdMAukNwt+DWEvsEJ41 |
MD5: | A649C83AB20040A2D03E7E0EEE4283F7 |
SHA1: | F8102ECFEB3A058AFF4AA2DAA3C1AEFF0A8BEA9D |
SHA-256: | 474743EEE136D1C5D07F99D60ECCCDC832382195558424928EC4A45A93264311 |
SHA-512: | 55533B93C63005E467E6936D4F7FCECC5D2FCFD7B753F6B6BC60652587FB29DE9789131AC4AAAE08B51E35018562A51AB4DA1AF256F7579356205FE740637F5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 210 |
Entropy (8bit): | 5.517331819243656 |
Encrypted: | false |
SSDEEP: | 6:mYilPYOFLvEWd8CAdAuBeEOtzetaong1:6lJRO5O9eAo |
MD5: | DEF6387A0F907D18B5BFEBD6D468D193 |
SHA1: | F70022CBD4B97ACD830BDCB5B1B209BE8477577E |
SHA-256: | E1452A393B01DB999FE59C0B9127B6CDF935FC42C2363415FE1AD815DA7D5D29 |
SHA-512: | 14A22DA6859221DFACF0F6326D14C703BAC54D992964184E0F5673ADD29D650E87D285D4DBD9311A94E5D25A682A7491049356E8821A109B8EEA32E69A80686D |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 223 |
Entropy (8bit): | 5.578404208551662 |
Encrypted: | false |
SSDEEP: | 3:m+l18t08RzYOCGLvHkWBGKuKjXKeRKVIJ/2oKPWFvKMktENDOe28WIJLkxwy4m1:mY8nYOFLvEWdrROk/Iu6tENDN16wG1 |
MD5: | 0E855DD48677834E2A49D1E6D2463BC6 |
SHA1: | 27D3D6D8DD32354D1AB810D2DF0F60B396ED24D2 |
SHA-256: | 2EDBC922371BF3FF21A00DE6E0F6080D9F03E01998B7CE55754B980C400FA8B4 |
SHA-512: | 8FF4E585C0C2D7E6D92CC7AA17D6485E5772C3882632602C64EBAC4C6EFB4C49621F817615573153635EE33619CF806AA4B50DC06D27C085AC37B9251A55CA69 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 213 |
Entropy (8bit): | 5.621795549321476 |
Encrypted: | false |
SSDEEP: | 3:m+lstxt08RzYOCGLvHkWBGKuKjXKX+IAuAJVKjXKLuVflek19hMktiaQPmJelc0A:mLrnYOFLvEWdrIoJUQPk19tueJIi1 |
MD5: | 2A440B631436A61BBB294B4E0633E1A1 |
SHA1: | BCB32B49052B8A0D8233EE9BA5F627EF414315EA |
SHA-256: | E3134367A5A0F730EAB44DB0AEDD35B107F9B0214EB51287322C6A7F4D4F5412 |
SHA-512: | 17ACDC190982F95AFFC0113D987FF2558D58DC8102A776421560DE2C1A4F165B28E9D6EF5D16172FB9E23A1320C5221412607F9B751D5491A19B67EED57185DE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 208 |
Entropy (8bit): | 5.584096849733228 |
Encrypted: | false |
SSDEEP: | 6:mOEYOFLvEWdrIhuJH4yiHk9tG/zgm2d/1:0RkW92R |
MD5: | 08170EB2CA2B31E06D2C33D55FC28F19 |
SHA1: | AFEC5404BEC52E33161F084C6DA7DCEEE83B6E2D |
SHA-256: | 3B3B97A65C58E5F016A673C68216C66D97BF7EA29C2E75ABA5DE5DF582A10F16 |
SHA-512: | 99F9CB4AC5A3F9E0732F2EB64E8E63D19E2DC73450683AA7BEFB19E59BC4CFC7901C5D8F7037D11651655AE2A3F5A05F82583576270B231A1199A275D9A82503 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 188 |
Entropy (8bit): | 5.589059156215248 |
Encrypted: | false |
SSDEEP: | 3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvtUeOES9hMktoUcf/GBiaQ562HvpMm1:mAElVYOFLvEW1KsY9jtJcfrx56uvp1 |
MD5: | 5F172C8DD74FCBC2D035C99FAAE25B56 |
SHA1: | A8D2382D98FAD661049DBC11AF2815D38690B6C6 |
SHA-256: | 890477B637E175111902B6F167A64E987D9FAA259E619AAD977B2BB14A6C4E4B |
SHA-512: | E6DE88680A35301C8196F43AC87A541394D6B10ECB53E5EBED79CBFAB0E9FC47516695409B91522BC6B433D04DFFD60D9F15DDF2B63BF67557981389B371FE02 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 214 |
Entropy (8bit): | 5.577671284259141 |
Encrypted: | false |
SSDEEP: | 6:mWYOFLvEWdBJvvu1attdadUDLYtmOZn1:xRBJMatLHDcFZ |
MD5: | 6FCA2269A987D0B7B0CE14A60C25D940 |
SHA1: | 19394BA726993C2D90BD4D5B37A69FA495B88846 |
SHA-256: | 3D0DB86A1A07B153B4A0D68D7154C45719F9015969E3CA8EA4A0253698C721BF |
SHA-512: | 76AED7908FC50F1EF7B018F91B45A34A6749E1BC1DAFBF12698993B88171EA93511839A2051F96EEA2801F6E39005C601B0ECEBF9F646CB54771FD1EE6BAB0D2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 211 |
Entropy (8bit): | 5.605662204872649 |
Encrypted: | false |
SSDEEP: | 3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFvSeXE3hMktlFlllnpSKGoS6:msRPYOFLvEWIa7zp7ECjtlFF8VPu1 |
MD5: | B01BCE57B6D6A59332809F475A51F7DF |
SHA1: | 54B53ECE8A6482109B2C5526B4DEC4979E32D699 |
SHA-256: | 85DC3494C8209F260E17B67FB93C5D8D1C729174D7FD75280C2A6DC295BBDA69 |
SHA-512: | 72C7BE53B9D4C8D5774AAEACCA53C0D9F0E6855E70469A7D0B1DED275A2E25534AD658470E63543C5161BEC9A20E3210450CDA916F314849023464DE1F91C6C8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 208 |
Entropy (8bit): | 5.576524207874448 |
Encrypted: | false |
SSDEEP: | 3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuVSb6K/e4Mktv936F4XVAZ+8cV3I:mKPYOFLvEWdENU9QRdeKtvMwiM3Y1 |
MD5: | 425C8360C0B4F42225D881898BDE8618 |
SHA1: | 208FBF744D1DEFC6E7A5D4191A9ED6B2121AC2F8 |
SHA-256: | A8828F20982185964FA1113039710FDA39FFBD1F40BD28F98B579D6880BB8313 |
SHA-512: | 97CE52C5C0AB206A247896174BAE4CD12EAA8A276CCDFC593340E4B77BD2C235AFA8543C659E45CC70CEE955B49159D35F8F08D8097A3454E35789E83F8F623C |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 208 |
Entropy (8bit): | 5.593287128153404 |
Encrypted: | false |
SSDEEP: | 6:mQt6EYOFLvEWdccAHQtd9t8tmjBRCh/41:XRc9Yd9PDi/ |
MD5: | 3862E106B096B935B868DF37FE81C4F6 |
SHA1: | 7F7BB74B0886930574073300201229B9EAA4CB2D |
SHA-256: | F50A27EF56FBDA3B380659CF8F92391C485E61C71CB0A43F602288176404ADAA |
SHA-512: | 11B2FCD1A22A658B437C8C868A34C876A889E02492A9624FDE32332DB08AEE8C648DC8B8D4A1ED375CC49F1550E98905BBA552D8CCEE5F2276A1F929571DBC68 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 231 |
Entropy (8bit): | 5.611435621416203 |
Encrypted: | false |
SSDEEP: | 6:mqs6XYOFLvEWdFCi5mhu+FKtAl9kULlF4r1:bs6xRkiMcG37LlF4 |
MD5: | 259AB2CE32FEA5EE82988CFE9F1543BD |
SHA1: | 76A7FD2C2F6C6E323B1D51E0C81465BB0873DECB |
SHA-256: | E860E331B010B224EAC7C2B0DC65CB9099B5D9219C9225A939E8839C3A86557C |
SHA-512: | 80BBDC0B90CA3882809D200CA15C3A6756AFA052E28106162AB400F30291BFE2ED3E18C2A13AEAB3E8CA92D39812500EC7267CD6927D59102F7AB66228B1EE87 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 215 |
Entropy (8bit): | 5.504281726105637 |
Encrypted: | false |
SSDEEP: | 3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvR+Blbf0TB0hMktSO9lllPECcu1F:mhYOFLvEWd/aFu7+XcTBQtSOnEN941 |
MD5: | 0B9B83AB42D8ABD27458E235ADDFDFAE |
SHA1: | A8F2ACE0492802C37B55843B8DF2AD3A27F1D642 |
SHA-256: | 2A4B6B72C7058D6BE8F358A4A91DA0966D1697B667E4BB92A335254653E8EB72 |
SHA-512: | 8F08AFD82DE6884F4D0FD2B4064DADA5074614F1D5D135E90B4C86F1959C22041ABEF898B97A48A61D672699DE2A18E4677E0679BD6CD8207DB86C984CFF1C17 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 208 |
Entropy (8bit): | 5.5617501576374275 |
Encrypted: | false |
SSDEEP: | 6:mR9YOFLvEWd7VIGXOdQhCrqTtFBMqVd3G4K41:2DRuRk1TLB9Vd2 |
MD5: | 2158B57C75CAAF89F36F71AD0ED6D2A7 |
SHA1: | 2D977C6391F50593724FC14DB757582AD08F6D4A |
SHA-256: | 225BCBA6268EE6970290203D24BC717DB932B331A8093964F666F33688C347C7 |
SHA-512: | 15DB00FCE8277CD419E467476BC6ED10F87C29F8C1068202AE63105D02E741794AD1645C301C03BCFA5C7F4EE6E90FCB17C2AC3E404D16B8E3D33FA638A84260 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 208 |
Entropy (8bit): | 5.550592010262846 |
Encrypted: | false |
SSDEEP: | 6:mkqYOFLvEWd8CAd9QJ6K3MtPTuA424r1:+RQA6RYr |
MD5: | F2E9E588441DE9E4854E3FE2D235952A |
SHA1: | AD1E7E9296AE27789FC9B3940675F15EA7528965 |
SHA-256: | 37B8CF910D9EF839EE672E2144580AA0DB8CCB33EA9A5F77C4318219698C3F0C |
SHA-512: | C399E84F0FEB784938A3335AEF906AD9A9E15A7ACAFC689729AD505E186DC58C061FC79CA6EB8E5473EFA5112246E1DFC57C658ABF59FE2269057A1EB1FC056F |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 210 |
Entropy (8bit): | 5.549428198836326 |
Encrypted: | false |
SSDEEP: | 3:m+lS5Etla8RzYOCGLvHkWBGKuKjXKVRNUp/KPWFvc2ET1/MktE1Ag2iHio/Mm1:moXXYOFLvEWdENUAuFctE+yC8n1 |
MD5: | C3A7782AA11794810C8A8CAC53D25271 |
SHA1: | 4301A78D6F82445D88F3097549ACE123CB62F415 |
SHA-256: | CBFE2E6BC09750EAA3234B940A035B32FAC77461AE2BB9FC2747E18F1073A397 |
SHA-512: | 35996FE6DAFC50F46ED829C7CF53F750946F308D7A24441BAB41CB5C5EB4854900006D422B510B0E6EB67C5F8E0B17C77DC67CAC989E065D7F4A7111DE38D28F |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 221 |
Entropy (8bit): | 5.581669803020839 |
Encrypted: | false |
SSDEEP: | 6:mQZYOFLvEWdrROk/VQ/qTtFl5tsLmB41:nRrROk/VVzl5tN |
MD5: | BEFE1B9793D4F60F15C00CB43D0C75D2 |
SHA1: | 3B23B653C5F3521FA0C8E2CC4526CCA149A140E6 |
SHA-256: | F167067D7192854F54C9638B692DB45042D8340AC82ECD0036E20422A658A1C7 |
SHA-512: | 9E5F9B962FDEE7CB96CF239FF26EE5FB3ED068D1640D5E3A1A37161FA80B53F91723F89C5B7E0B49163FFCA3B7D9EDFCB024AE721AD1552C35BFE1561EC1B09D |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 210 |
Entropy (8bit): | 5.54053900670049 |
Encrypted: | false |
SSDEEP: | 6:mZ/lXYOFLvEWdccAWujfJOZwtILdm9741:qxRchfJEwaLdu7 |
MD5: | 4EDEE7ADE1D31967944B1E5A7125E232 |
SHA1: | EE134DD29121E58419443F4014F1DCDC7199619F |
SHA-256: | CF539C0AB365AFCE8DA72358EB03095C1BBEC58D24483D5E3701226E5EB114E8 |
SHA-512: | CD3191C3DE59F830BA4EF04B819347B26E538D7A8B72E71A773538BC178838E738897C0394D2529253B27E9023FD8C3A9B697E672BFE21E9BBFCF40430819AB6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 204 |
Entropy (8bit): | 5.5953360097985705 |
Encrypted: | false |
SSDEEP: | 3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFv6lxKMktUpHllOB6shoq+Nem1:mMOYOFLvEWdwAPVuETwtUpH/OB6Jn1 |
MD5: | 3B930E2E525CE053D6B36431FFC84FF6 |
SHA1: | 8C9FE70468306FD294E9AEFA98D736382938E8BC |
SHA-256: | 12AC713AEC177276A63919A131DEF06C85F7A586A2F467FDB0AD06B65CEAC061 |
SHA-512: | 2BFFBB06539EEF1EC2BF3922C6C7A7965733091A1A512B4BC8765102D55EAF1D6B868EFA9BC231DFBBEA9692A0FCB03FB0510531DABDE52F481C40B006530273 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 212 |
Entropy (8bit): | 5.5920685689605465 |
Encrypted: | false |
SSDEEP: | 3:m+lUDflllla8RzYOCGLvHkWBGKuKjXKBRSJvBCvlKLuV5KlwOhMkt9Q/aN/hcfsy:m3PXYOFLvEWdBJvYQvRt9QIhcsBXIh1 |
MD5: | 1408FA5CB916829135B1FD1A65B4E9C7 |
SHA1: | 90DA54F7CE20BFF187D7BF887FD0978013853EDD |
SHA-256: | E489FEEB8028A3F02434CCC2A703DDACE3D8A612D67F0B62A8CEC95009FF868A |
SHA-512: | 4DE433437372BF3CCA1EBE4BC1EDBB44DACCE592FA68AD7A210004EB118725333AF3E9144214B7E9D77FCC3CEF0EB1514A59BDD671563F18470B865381C60237 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228 |
Entropy (8bit): | 5.576880970155669 |
Encrypted: | false |
SSDEEP: | 3:m+l4kC8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKjXKLuVIebhMkt2tRlc3ORajei:msPYOFLvEWdrROk/RJUQe/t2Bc3Me/1 |
MD5: | B9959BF04C262EAC43B85EF0C73BAA85 |
SHA1: | 30C18D01976DA949ADCB72CCE5F671F9B0C28E89 |
SHA-256: | 1CA8DE24BF2A6E0ACBA765ACF08EF2137B8740E45DF8E47F6DB5DC5CFE04DF5C |
SHA-512: | F5FE7305AD425F2BF12E96B4BBE3C3C3F185CF4CA2D11E028B48290426F95EF01134B9C24C899A8C9B007AC01F86CD9B998176F4570906BFC1DA566048957D58 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1032 |
Entropy (8bit): | 5.142868973326352 |
Encrypted: | false |
SSDEEP: | 24:N/uwXRxcIpk4YMFIGOZbzE0jxFtwxU8inEsDDEqcnugYQTc26wL9:w3nsGdm |
MD5: | A431D80A00A83CA06547CFFA8BD91B2E |
SHA1: | 51583DC3594374B607018D4D46D7416CB3D779F5 |
SHA-256: | 217F035E62AAFAD7AD8EEA4DF08A475E39E2AEF9D9186B653EF9754FC6FEEFE2 |
SHA-512: | 751A3A05483E1C60858CCACFCDCFB9A342C0D04BA113C80F8E9B9C53775A69481C290AD19BBD12A8FF70F3C1E8225ED29AD485E73A0860906055D8F6B32F90BB |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1032 |
Entropy (8bit): | 5.142868973326352 |
Encrypted: | false |
SSDEEP: | 24:N/uwXRxcIpk4YMFIGOZbzE0jxFtwxU8inEsDDEqcnugYQTc26wL9:w3nsGdm |
MD5: | A431D80A00A83CA06547CFFA8BD91B2E |
SHA1: | 51583DC3594374B607018D4D46D7416CB3D779F5 |
SHA-256: | 217F035E62AAFAD7AD8EEA4DF08A475E39E2AEF9D9186B653EF9754FC6FEEFE2 |
SHA-512: | 751A3A05483E1C60858CCACFCDCFB9A342C0D04BA113C80F8E9B9C53775A69481C290AD19BBD12A8FF70F3C1E8225ED29AD485E73A0860906055D8F6B32F90BB |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1032 |
Entropy (8bit): | 5.142868973326352 |
Encrypted: | false |
SSDEEP: | 24:N/uwXRxcIpk4YMFIGOZbzE0jxFtwxU8inEsDDEqcnugYQTc26wL9:w3nsGdm |
MD5: | A431D80A00A83CA06547CFFA8BD91B2E |
SHA1: | 51583DC3594374B607018D4D46D7416CB3D779F5 |
SHA-256: | 217F035E62AAFAD7AD8EEA4DF08A475E39E2AEF9D9186B653EF9754FC6FEEFE2 |
SHA-512: | 751A3A05483E1C60858CCACFCDCFB9A342C0D04BA113C80F8E9B9C53775A69481C290AD19BBD12A8FF70F3C1E8225ED29AD485E73A0860906055D8F6B32F90BB |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 206 |
Entropy (8bit): | 5.579782196146133 |
Encrypted: | false |
SSDEEP: | 3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVy0bN6I3hMktF5F/l4EnNWQ1SUm1:mzyEYOFLvEWdrIOQZ0bsOtMEt1S/1 |
MD5: | 7654A9790356D9B93271C6E90B54A225 |
SHA1: | 47C184234887C7D61F522A22373FC00F4F06ED7D |
SHA-256: | 02AF6CCC02163F84D6B1E33AD39A5474D0C55E783296F65A1A56D4383FE36396 |
SHA-512: | 4757542994269E4454CE2184A56F86F286DE829D53BCD63239D611D422241C9F309FDEC031035A410318B045C1C684D3D0796DBCDC4243F8C20962BF31230072 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 230 |
Entropy (8bit): | 5.578590624509309 |
Encrypted: | false |
SSDEEP: | 3:m+l26Xa8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKH/KPWFvY0q+ppO9hMktpbX8c:mYXYOFLvEWdrROk/RJbu+9+qtSfO441 |
MD5: | B78E7AAE756C4DC24521317DAD0C4859 |
SHA1: | 3FEDB7F8EB5613799356ACD4ED77FCB34C679CF2 |
SHA-256: | 2EE888BAD682A6B262B8AA77978A567AA4DED6FF0068C1046F3735D2A4277163 |
SHA-512: | FC9C3BC502EF3574DD2B0E172B0716906B33F7D43159F304E3132837C620199144252315162F21F586E281FCE29FC833BC7DBF7A53576678EAA0FF7A71BEBAAF |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 188 |
Entropy (8bit): | 5.589059156215248 |
Encrypted: | false |
SSDEEP: | 3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvtUeOES9hMktoUcf/GBiaQ562HvpMm1:mAElVYOFLvEW1KsY9jtJcfrx56uvp1 |
MD5: | 5F172C8DD74FCBC2D035C99FAAE25B56 |
SHA1: | A8D2382D98FAD661049DBC11AF2815D38690B6C6 |
SHA-256: | 890477B637E175111902B6F167A64E987D9FAA259E619AAD977B2BB14A6C4E4B |
SHA-512: | E6DE88680A35301C8196F43AC87A541394D6B10ECB53E5EBED79CBFAB0E9FC47516695409B91522BC6B433D04DFFD60D9F15DDF2B63BF67557981389B371FE02 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228 |
Entropy (8bit): | 5.576880970155669 |
Encrypted: | false |
SSDEEP: | 3:m+l4kC8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKjXKLuVIebhMkt2tRlc3ORajei:msPYOFLvEWdrROk/RJUQe/t2Bc3Me/1 |
MD5: | B9959BF04C262EAC43B85EF0C73BAA85 |
SHA1: | 30C18D01976DA949ADCB72CCE5F671F9B0C28E89 |
SHA-256: | 1CA8DE24BF2A6E0ACBA765ACF08EF2137B8740E45DF8E47F6DB5DC5CFE04DF5C |
SHA-512: | F5FE7305AD425F2BF12E96B4BBE3C3C3F185CF4CA2D11E028B48290426F95EF01134B9C24C899A8C9B007AC01F86CD9B998176F4570906BFC1DA566048957D58 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2078706890484066 |
Encrypted: | false |
SSDEEP: | 6:koUTgce9+q2Pwkn2nKuAl9OmbnIFUtJUTgXqNJZmwjUTgCe9VkwOwkn2nKuAl9Oe:k2c9vYfHAahFUt7Xa/Zz5JfHAaSJ |
MD5: | 694ACD9820150A6D78ED376BC1CB3481 |
SHA1: | 4B15D61B52A82F14F53E6EBDE8C02F7A9134F74C |
SHA-256: | F3E91ED81CBE42D135366DAE0A12D36F8D946932EF1BB0C94381E957C9BE448A |
SHA-512: | 5ABC0B027BCD580CF2FC7F49524C1761099B76EAAC761AB4A9E8A7822A24ED483B68547AC6829E35D35A0414379044FE416118DFA84206053558717A542DDE9E |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2078706890484066 |
Encrypted: | false |
SSDEEP: | 6:koUTgce9+q2Pwkn2nKuAl9OmbnIFUtJUTgXqNJZmwjUTgCe9VkwOwkn2nKuAl9Oe:k2c9vYfHAahFUt7Xa/Zz5JfHAaSJ |
MD5: | 694ACD9820150A6D78ED376BC1CB3481 |
SHA1: | 4B15D61B52A82F14F53E6EBDE8C02F7A9134F74C |
SHA-256: | F3E91ED81CBE42D135366DAE0A12D36F8D946932EF1BB0C94381E957C9BE448A |
SHA-512: | 5ABC0B027BCD580CF2FC7F49524C1761099B76EAAC761AB4A9E8A7822A24ED483B68547AC6829E35D35A0414379044FE416118DFA84206053558717A542DDE9E |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2078706890484066 |
Encrypted: | false |
SSDEEP: | 6:koUTgce9+q2Pwkn2nKuAl9OmbnIFUtJUTgXqNJZmwjUTgCe9VkwOwkn2nKuAl9Oe:k2c9vYfHAahFUt7Xa/Zz5JfHAaSJ |
MD5: | 694ACD9820150A6D78ED376BC1CB3481 |
SHA1: | 4B15D61B52A82F14F53E6EBDE8C02F7A9134F74C |
SHA-256: | F3E91ED81CBE42D135366DAE0A12D36F8D946932EF1BB0C94381E957C9BE448A |
SHA-512: | 5ABC0B027BCD580CF2FC7F49524C1761099B76EAAC761AB4A9E8A7822A24ED483B68547AC6829E35D35A0414379044FE416118DFA84206053558717A542DDE9E |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.010033345187060907 |
Encrypted: | false |
SSDEEP: | 3:ImtV4WhkCuttMTLS/Jf0lt+urQTlD7vt/lcvmllXM3/62/X:IiV4W4kTLLlousTxvv8Cm |
MD5: | 3A0F8193E47E6B7D6CDCB8E7BD757B05 |
SHA1: | 9E18F31DB641D6F5155D8377719B8DE4E3964ED5 |
SHA-256: | B83B37B96CD2F9878A0F745C46B75D6E003A982A94DE44737A12D412F7E96F8B |
SHA-512: | EC67C25540C6A46B402FAF2E222BDC6CCA90E41602C61B744B7C40161CE33A8B005111DE4FC9A37362C34DBFABE21732E26846E7AB0718A114A9938AD4B14CCC |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61440 |
Entropy (8bit): | 3.5673224383030018 |
Encrypted: | false |
SSDEEP: | 384:XeT9dThxtELJ8fwRRwZsLRGlKhsvXh+vSc:ikYZsLQhUSc |
MD5: | 73AB0C61197DD8A6D422E9B50B8A80EE |
SHA1: | A7FBC9289ABF2C21F0CE818B7A53A806ADBFFEC6 |
SHA-256: | DC6B7A61118A6AD1D30FF287F24C179164A501841BE633A67DA40FFD2AD5AF59 |
SHA-512: | 967D4B4DD019747F68DBC5108A7D5476968EF8989D8574F92635CD2A8B8A353584AD631955F4826CA45077ED19B522D12B3601D4800B7E657C1F00A025A45DD9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.311322132354603 |
Encrypted: | false |
SSDEEP: | 48:7Mv2iomVQYom1CMiomQom1Nom1Aiom1RROiom1Com1pom1TiomVPiomg9qQlmFTx:7xCgM2hHCP9N49IVXEBodRBkV |
MD5: | 622E1430ECC62A18A35535D2F02586D0 |
SHA1: | 9533B6E26C55A6EC3366DA09B6FF4AF11DB6E758 |
SHA-256: | E35623DC16EF69917C4948D9AFA386253F477DFB64047DDEE338FA20EAC57A85 |
SHA-512: | 1946BEA31635AC8494AF31AF2546B4FB96A491A0102BC933FC8F7EBC0F6C9930B577968074D9E471F20097D648083F154F6B23C2D852735C76FA1611A4D743A5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 536 |
Entropy (8bit): | 5.17576513886526 |
Encrypted: | false |
SSDEEP: | 12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa |
MD5: | 4D5E3CD969F14362210F0473720C5528 |
SHA1: | AFD90E9888759B809F78E87D5550B601A288A0A3 |
SHA-256: | 79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE |
SHA-512: | B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 536 |
Entropy (8bit): | 5.17576513886526 |
Encrypted: | false |
SSDEEP: | 12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa |
MD5: | 4D5E3CD969F14362210F0473720C5528 |
SHA1: | AFD90E9888759B809F78E87D5550B601A288A0A3 |
SHA-256: | 79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE |
SHA-512: | B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 536 |
Entropy (8bit): | 5.17576513886526 |
Encrypted: | false |
SSDEEP: | 12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa |
MD5: | 4D5E3CD969F14362210F0473720C5528 |
SHA1: | AFD90E9888759B809F78E87D5550B601A288A0A3 |
SHA-256: | 79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE |
SHA-512: | B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9566 |
Entropy (8bit): | 5.226610011802065 |
Encrypted: | false |
SSDEEP: | 192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV |
MD5: | 63B24EA3A13EAC476D6309BB202EF459 |
SHA1: | 89502C393549C20C933E4553F51F74F3DBE085EF |
SHA-256: | 2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA |
SHA-512: | 2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9566 |
Entropy (8bit): | 5.226610011802065 |
Encrypted: | false |
SSDEEP: | 192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV |
MD5: | 63B24EA3A13EAC476D6309BB202EF459 |
SHA1: | 89502C393549C20C933E4553F51F74F3DBE085EF |
SHA-256: | 2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA |
SHA-512: | 2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 710203 |
Entropy (8bit): | 1.793563245167485 |
Encrypted: | false |
SSDEEP: | 1536:9WsrYBP+Unk6/nrSllajJw3W+kCo0NggpPCfIA08fM8eeeepF:9BkWlllajJw3W+PoNgpP |
MD5: | 3A1007D6764F9F112D164E57A09A24E8 |
SHA1: | DAB006AD11CD0EE8DB9715FFE780A2B8487844FE |
SHA-256: | 825F4CECD0764872C98774ACF9BD291E9FFBC53BBB343B062AD621ADD6C75791 |
SHA-512: | 73418095BBF80818AD949F0B748A9109F316D948BCEB503710EC687E6C8F5FD91321B406C2E00CA95A9DA928BE461DFEAFBAE4241CD54F8165EF1727796128B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 63598 |
Entropy (8bit): | 5.4331110334817385 |
Encrypted: | false |
SSDEEP: | 768:PCbGNFYGpiyVFiC0ZA12OCLRGxPJpYXRJ7kVwV8NHOYyu:J0GpiyVFihE2tLRGxP8kV88NuK |
MD5: | C4AC96052C37B1A6F6ACAAA2E2C5E3ED |
SHA1: | 9716DF1A7F75C74BEE25AD5789A2D6FF1CA0AE44 |
SHA-256: | 90A1C57F22E293C1CDA151369ABDABA6769AA79931DE447FD7057085C9527E49 |
SHA-512: | EF49DBB7A7F9FAE4FBE70B2B52B18DF1C8E7289953D5187A1427F1D4E534D47C71D060D9DE27796856D7C2CF7EC4D8C852F2227D2CAF0786B41436E6C61CBFF8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 157495 |
Entropy (8bit): | 5.349714680817874 |
Encrypted: | false |
SSDEEP: | 1536:n+C/FPgfHB7U9guw19Q9DQA+zQvk4F77nXmvidlXRjE6LRj6g:CDQ9DQA+zQXWg |
MD5: | E4FEB58E41C974A18DD206DE41065D49 |
SHA1: | 18528DAA290D92C66B1B12DFD703BCDE7FEA7843 |
SHA-256: | 0FAB80758DD2FEE9E82699A201B2BBE138F323DEE0EC6D47BDCAE83B122D281B |
SHA-512: | 8BA792E0F15203A1CDED3E20A795160E9885AC304D0578ACB10A3DD7C67335E7A65CF8343B83AF9183954F3E9E148C1B40FADA7B8717AB396ABCFCD480B01642 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 884312 |
Entropy (8bit): | 1.2944965349348616 |
Encrypted: | false |
SSDEEP: | 1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw |
MD5: | 9ABE7EB352E0DB96B52C99AC2FDEA85F |
SHA1: | 8DC45D02308275BA32B7FFB320A3042256D40C8B |
SHA-256: | EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869 |
SHA-512: | E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1504016 |
Entropy (8bit): | 1.5408998413531072 |
Encrypted: | false |
SSDEEP: | 1536:PW99999m999997999999bNc99999m999997999999rw99F99U999p99999r9999Z:7inzXA1VW/uyqkekBSTv03FScSw8kCn |
MD5: | 0FFCA2E0D06FD9393E46F20F4AE6B53E |
SHA1: | FEAD188430DF862BA1F39A92480BD8089E533AD6 |
SHA-256: | FA91A49FBA91AF8F9F6487B69D5D3265DFAAA123563A0558B79C0F72792C41C3 |
SHA-512: | A09C1DD090E0506E670C5FF848AE1A45890BC6D70EB20C139B19993A8B160893FADAD9ED5A578AAC309E4F99E20B9490186D170A984C1701143C217F48ACDE0E |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1504016 |
Entropy (8bit): | 0.6376230814613634 |
Encrypted: | false |
SSDEEP: | 1536:zmUE4ZVtO1ZKadEb/adPaa1LxakIaprMaHaDavag1a1mjMaJnaIah/axShMkGtaH:zmUE4ZVtO1Z9EbKPFLZ/rjHgMmOC |
MD5: | 4D59A7E93170340B5EC4009F7FA3AD31 |
SHA1: | E07421156DD87789F93F10904118343CA452BBB5 |
SHA-256: | 83473215E5C2160333AA92EA7F9B1276D8ED7DD66AFC472DC92C88055D189D7D |
SHA-512: | 415102AD30DF62A63EC47D7B432AB397C2CFC8B6F7FE1E8A7057877379B65D344499089780E089AD2F5C08E3050F4DC2205E7C3C4FFE484C39D067027783AB55 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 360824 |
Entropy (8bit): | 3.2366588167853583 |
Encrypted: | false |
SSDEEP: | 768:AIccnhKlm0RE4fDONBEKnK1uJq9jn+6VkCYhT/7DRIktjomB:AIPnhKlR7ON6k6x9jIxB |
MD5: | 649BC957D73117EC8A34E263992E1206 |
SHA1: | 50636F1BB74D7C9F8504112788353CD957354931 |
SHA-256: | 248213732341A5A1530BA451107F43C4C7AA0F5EAA77B8DCCE389635BEE4A688 |
SHA-512: | 7A35BF591BD9D9EA612B7D61A53ABED6B215A7D70C7ABF6F7C45A06A47E7B3EFC9E509045D41134646DD897071CAF9703EA997CE5C887F5F5D0223F1DD033886 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.611760173242012 |
Encrypted: | false |
SSDEEP: | 768:/jKn4RpbfoTGRFm2GWWDEXM4espe2B/nwyFwx+VjRQ9+c4AgD7PHj8bKYEqQtVxY:/jhRpbfoaRFvGWW6/4DADMXIok/2GiEs |
MD5: | D69C22A341E111FEEA69DF6D8C655D60 |
SHA1: | AC862337F2EFA43627508927F5052CE694012206 |
SHA-256: | 05B2053BF1D070D6034B45CD79B54D80DA3C6D88D016671A345E75048B1A68DB |
SHA-512: | D4DB33ED046B3C9BA09C4B3FEAC17B1FE2E75FCE67F4154FD795D504708C295A1E3C8331ED3D6C3EE9950C936C4CC25B5D690558C26F2E1F7771BD5EB275822C |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 563220 |
Entropy (8bit): | 3.1451344438951194 |
Encrypted: | false |
SSDEEP: | 1536:9IPnhKlzON6k6FkWnrKld6RBRL9jHXMpVTsW:9Ifk8HukUW7qOWW |
MD5: | 1E4BA5BE743CD211DB2785335298C75D |
SHA1: | 6169D84FC99CFF765CEDB41DBB2B7183BAC6AFAB |
SHA-256: | 13355342932542883BC3466357C60CB8497E87B614A9286226DD96D4826780DB |
SHA-512: | FEB70E6B7BFBBA9DC918184609E1F910431182DF1542751FA0764477C462680E0975DC4E2314A376F118222EC45828848B4AA30B086E461E5CAB7A098FEAFBBF |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.6261842732011597 |
Encrypted: | false |
SSDEEP: | 1536:GMPrTmqNX4MeOVPzBymPhVPSH4xsUXFfvbU77iCxlGjD+ysfh/mGG:GMPW0PzPXr11v4/mGG |
MD5: | A01B9617553432807B9B58025B338D97 |
SHA1: | 439BDCC450408B9735B2428C2D53D2E6977FA58C |
SHA-256: | 7A0426ED2E2349916969FF7087C0F76089FB8CE7F4627F3D11CCBC1AAEFCEDCE |
SHA-512: | 312CC2563FA865D6A939FEA85A520627C73ED9A95BAFC98C89495F21D535DC658825BE74B64F0F5C5815D1D234FC6E77A71779247E4973E39BA8DCCEC2F09BEE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 1.5719113060369843 |
Encrypted: | false |
SSDEEP: | 1536:YTg8p9E9G919NmVVg999vM9W9+99rjx9VwwI2o9l9O9c99999d93feVr2rX6tb71:Igev7w1qbEn0cK1biej15fde |
MD5: | AB3C71DADD57C96DE74236A677761633 |
SHA1: | B1831C9C1D2276395D10AAA35D0A837A1E51C31C |
SHA-256: | BE0B0602293E0078A54D37F29B03C21091D4450EDCF827A577D376E670A2C445 |
SHA-512: | D8A711A9F27244CB49F5C9813F2B11B5300A4D48BD30477110F33B08551696CB0FB52DCE072F6C962B04CB57CDAD14C16CF25C675683D65C61B88B2B05BB9354 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4190068502587043 |
Encrypted: | false |
SSDEEP: | 3:Rl/ZdV4volFrjtlttNUltd1lln:RtZX4A5jX/23dl |
MD5: | 22EDA48C698D77F5EDD76C113A8C17FA |
SHA1: | F37CD83E8629BABF7D1C1543035AE7DCC3195336 |
SHA-256: | FB2722F575EE5DB8EA1ECEC0AEF9CB2A44BBECAEA355EAEA197D716553AC276A |
SHA-512: | CE840580CEA1FA0BA626F70F26C4438357547F56207FEF7A3A08DB6D425AF5DF65FBC0E99F840B9A95F7A95BADE33A9207551B35930C65CDAE6F220E20B9A369 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 196608 |
Entropy (8bit): | 7.589471200554308 |
Encrypted: | false |
SSDEEP: | 3072:rTL4FLsZqiPWXARhZ68FsTyesAPVZZ+oq/3TLPcx8zJjCXaWfEXXXXXXXXXXXXUZ:rTOLsciuXARh0k5eE/3v/p7XXXXXXXXs |
MD5: | B9CF147A11C5472B3DDABCECB4FEA645 |
SHA1: | 813458C582D9C0B50BB925D59FD222D64ED9CC55 |
SHA-256: | 459CA22BF4ED75729711B21332424458E70C9E3ACE7E0C5315E65A3244C764DB |
SHA-512: | E942E4E169DA7E8125F85CDE351195304CEEA28DF44360D621C16072A1A1A3897FFE3232244D67163519FA7998F8AAC7FA9E58DEA56095C6A1CF3CC8502C19F7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 222536 |
Entropy (8bit): | 7.986106596567772 |
Encrypted: | false |
SSDEEP: | 6144:EfTmk4N1HBqIlzK10s5eY9p73VVQsxAGvBQ:Eb6HBqIlzKmszp7jZAGvq |
MD5: | A2411BDA9FD65DCA69FE3827C53400CE |
SHA1: | FC4B6B079272FFC749E762F4C0E728B243D9DF44 |
SHA-256: | 1B2AE580BE8EB987CD2676D60FE9524BBA9BAA1C7C7444C5CAF7F485DF85DCE9 |
SHA-512: | 5F4E5A7198CAC671330817EB9074A1FA61F2AD08098C48B8534FC8078AEB69DA24E20791B5BBCD5371D2799BBED986E64ADB670CFEA9CAFA1E08626262279399 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 0.6020888437828444 |
Encrypted: | false |
SSDEEP: | 3:Gg7NYtl6K6DlK/lllYdltn/ldl/dVGqlrzNkk174wPxZlhWu/+6n:3pk65K/G3NtukSwPxZSu26 |
MD5: | A011B8D7E882E35715E853C4A8453C23 |
SHA1: | 442DBC16B47AA37F2D28ADE2B41A1C56A53E4A68 |
SHA-256: | 55544BA145BA271F5DF122D0E03670AA85FC5E03AA1B2FFB0F80F8233165383A |
SHA-512: | 3D1D82F699FF213BF3018322663CDFBFC10990DCF3086DB8A4A76F08EAD55DEA3826FA25C6E642539F3ED2A37CE11E176CCF091227574119E262146E363836C4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1436672 |
Entropy (8bit): | 7.890409437083905 |
Encrypted: | false |
SSDEEP: | 24576:IIu9VNZylw6VVOZyRw6VleHBlEzp7uVR0bgcwyA52hcP5YwVux:IIuPR6VVYF6V8hOzFgjy+P5Yj |
MD5: | B4115B969BFB265BE73E717391CB3E1F |
SHA1: | F44BD7D04C27ED8796C76CF8FFE72B356318AC80 |
SHA-256: | 07B01D42247B67313D436A455F86A91C4205CFEDA02AE04218FBB0D0CBF8A16C |
SHA-512: | ACC46018062E6EBDA250B18506C8D5EA9C4B9E36CB66D937688F256279DAC5D28FDAE585697F708E5EBCFD5D640C7CA388258C78AD931D9688E32A37B5A7D60F |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.001885083860130436 |
Encrypted: | false |
SSDEEP: | 3:K/: |
MD5: | 062170D41AFAB5BC613F0C6F009FC51D |
SHA1: | 0C7EF25F5BB567E4714172829E0598FD90C2E6AB |
SHA-256: | EC10A6A383686B5B3ACA96509633961719EC862C20827871A234AA9ADB63863F |
SHA-512: | C4548BFE57926D42C648D3C20C23DB430AF017C739DEBFD5D41E587627E7BF41A345005F797364200D7F63CD33F41A935566F5DFA4388373139147B20C7346DB |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10240 |
Entropy (8bit): | 0.6759519140009473 |
Encrypted: | false |
SSDEEP: | 12:wwiNiRAxdmNmPlE7EprJQwIdpI5NZMJgF4NJ2RZwfg:IiRAx4NSPprSwgpXuFeJ2W |
MD5: | 29DB0E735966B4175186D8B1E31433F2 |
SHA1: | 5315462C8A8CE1E704E6AA78DAC8FE04C99119E4 |
SHA-256: | 4CD385E3B8F22E156832D84DD6AB1A5AB5B55968774B70DC46DCD12F33586C0F |
SHA-512: | 1341BDBA0B522C3AD234FCC09BD75803452A444EDD539AA56B516910CC66CC382190E11F920709EFEE5E1A62C5EE942E4D4A6A59CF884AB7822636EB20D9B36B |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24152 |
Entropy (8bit): | 0.7530730999389024 |
Encrypted: | false |
SSDEEP: | 24:8fVtBUG6/HOKZP2ZWedbpUQqDVDuHh0UDvNs90LbglAUnYn:8TBW/uKUEY2DDVQh0IseHGRc |
MD5: | 7CE04D02A980B310BEFD5CA048E563DD |
SHA1: | 388CDE051FE089C475024409211827B24105D63A |
SHA-256: | 43934CF20C8A3223DF6EE4F440B484C4F29970192310F3DE1891969AE8453A43 |
SHA-512: | 5F2B722E774A448A9DC46E0291E5CA5472B53170ADA21217A6F7B1D45965C5C8FC705A4D9DBF8FAFF79C1873149D2DE4C19BDF19B6D096892C081715668E5E87 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4190068502587043 |
Encrypted: | false |
SSDEEP: | 3:Rl/ZdV4volFrjtlttNUltd1lln:RtZX4A5jX/23dl |
MD5: | 22EDA48C698D77F5EDD76C113A8C17FA |
SHA1: | F37CD83E8629BABF7D1C1543035AE7DCC3195336 |
SHA-256: | FB2722F575EE5DB8EA1ECEC0AEF9CB2A44BBECAEA355EAEA197D716553AC276A |
SHA-512: | CE840580CEA1FA0BA626F70F26C4438357547F56207FEF7A3A08DB6D425AF5DF65FBC0E99F840B9A95F7A95BADE33A9207551B35930C65CDAE6F220E20B9A369 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20 |
Entropy (8bit): | 2.8954618442383215 |
Encrypted: | false |
SSDEEP: | 3:QVNliGn:Q9rn |
MD5: | C4F79900719F08A6F11287E3C7991493 |
SHA1: | 754325A769BE6ECCC664002CD8F6BDB0D0B8CA4D |
SHA-256: | 625CA96CCA65A363CC76429804FF47520B103D2044BA559B11EB02AB7B4D79A8 |
SHA-512: | 0F3C498BC7680B4C9167F790CC0BE6C889354AF703ABF0547F87B78FEB0BAA9F5220691DF511192B36AD9F3F69E547E6D382833E6BC25CDB4CD2191920970C5F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.890455030717108 |
TrID: |
|
File name: | MV_TRANS-ASIA_I.xls |
File size: | 1'436'672 bytes |
MD5: | 0c13eceb36bdde5263a3e2ecc3339407 |
SHA1: | 19d9f3512d1d0e0ec66fe8fec4efd149f4287e1f |
SHA256: | fffb8dde88ae23cc6c9b00e3692bfe33242ebfde732dc0b0f4a445b729985fc5 |
SHA512: | e80548f69aca18ff637171e013f39c418813cf6e73de0d81a7b0fda0a2ef4b94cf4355d89ce0fd89911237d05cbff26dc408d233b462908f42aa0ac7515542c0 |
SSDEEP: | 24576:UIu9VNZylw6VVOZyNw6VleHBlEzp7usR0bgcwyA52hcP5YwVux:UIuPR6VVYp6V8hOzkgjy+P5Yj |
TLSH: | 3765F103D804CBC3D40D83F4BE530EE90F0A6F19E99A7DDB10667F8B3A71A62595A25D |
File Content Preview: | ........................>.......................................................p...q...................S...T...K.......................k.......m.......o.......q.............................................................................................. |
Icon Hash: | 31d5a58e838eacb3 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2023-07-16 17:43:24 |
Creating Application: | |
Security: | 0 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.181023541297328 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD001D392B/\x1CompObj |
File Type: | data |
Stream Size: | 93 |
Entropy: | 4.2892020709435155 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D392B/\x1Ole |
File Type: | data |
Stream Size: | 62 |
Entropy: | 2.7788384466112834 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 7 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 37 00 |
General | |
Stream Path: | MBD001D392B/CONTENTS |
File Type: | PDF document, version 1.7, 1 pages |
Stream Size: | 20243 |
Entropy: | 7.981772862022755 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 7 . % . 4 0 o b j . < < . / T y p e / X O b j e c t . / S u b t y p e / I m a g e . / W i d t h 9 6 5 . / H e i g h t 5 4 3 . / B i t s P e r C o m p o n e n t 8 . / C o l o r S p a c e / D e v i c e R G B . / F i l t e r [ / F l a t e D e c o d e / D C T D e c o d e ] . / L e n g t h 1 9 3 0 9 . / D e c o d e P a r m s [ n u l l < < . / Q u a l i t y 6 0 . > > ] . > > . s t r e a m . x . T . . - Z . w . . . < . . . N . Y 8 $ b . . . } > { s v [ j T 9 . s g Z . . |
Data Raw: | 25 50 44 46 2d 31 2e 37 0a 25 e2 e3 cf d3 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 58 4f 62 6a 65 63 74 0a 2f 53 75 62 74 79 70 65 20 2f 49 6d 61 67 65 0a 2f 57 69 64 74 68 20 39 36 35 0a 2f 48 65 69 67 68 74 20 35 34 33 0a 2f 42 69 74 73 50 65 72 43 6f 6d 70 6f 6e 65 6e 74 20 38 0a 2f 43 6f 6c 6f 72 53 70 61 63 65 20 2f 44 65 76 69 63 65 52 47 42 0a 2f 46 69 6c 74 |
General | |
Stream Path: | MBD001D392C/\x1CompObj |
File Type: | data |
Stream Size: | 93 |
Entropy: | 4.2892020709435155 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D392C/\x1Ole |
File Type: | data |
Stream Size: | 62 |
Entropy: | 2.7788384466112834 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 4 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 34 00 |
General | |
Stream Path: | MBD001D392C/CONTENTS |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 31606 |
Entropy: | 7.916695020479147 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
General | |
Stream Path: | MBD001D392D/\x1CompObj |
File Type: | data |
Stream Size: | 93 |
Entropy: | 4.2892020709435155 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D392D/\x1Ole |
File Type: | data |
Stream Size: | 62 |
Entropy: | 2.7788384466112834 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 5 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 35 00 |
General | |
Stream Path: | MBD001D392D/CONTENTS |
File Type: | PDF document, version 1.4, 1 pages |
Stream Size: | 86163 |
Entropy: | 7.900904661540566 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 4 . % . . 1 0 o b j . < < . / C r e a t o r ( C a n o n i R - A D V C 5 2 3 5 P D F ) . / C r e a t i o n D a t e ( D : 2 0 2 2 0 1 1 2 1 1 0 1 5 8 Z 0 0 ' 0 0 ' ) . / P r o d u c e r ( \\ 3 7 6 \\ 3 7 7 \\ 0 0 0 A \\ 0 0 0 d \\ 0 0 0 o \\ 0 0 0 b \\ 0 0 0 e \\ 0 0 0 \\ 0 0 0 P \\ 0 0 0 S \\ 0 0 0 L \\ 0 0 0 \\ 0 0 0 1 \\ 0 0 0 . \\ 0 0 0 \\ . 2 \\ 0 0 0 e \\ 0 0 0 \\ 0 0 0 f \\ 0 0 0 o \\ 0 0 0 r \\ 0 0 0 \\ 0 0 0 C \\ 0 0 0 a \\ 0 0 0 n \\ 0 0 0 o \\ 0 0 0 n \\ 0 0 0 \\ 0 0 0 ) . > > . e n |
Data Raw: | 25 50 44 46 2d 31 2e 34 0a 25 e2 e3 cf d3 0d 0a 31 20 30 20 6f 62 6a 0a 3c 3c 20 0a 2f 43 72 65 61 74 6f 72 20 28 43 61 6e 6f 6e 20 69 52 2d 41 44 56 20 43 35 32 33 35 20 20 50 44 46 29 0a 2f 43 72 65 61 74 69 6f 6e 44 61 74 65 20 28 44 3a 32 30 32 32 30 31 31 32 31 31 30 31 35 38 5a 30 30 27 30 30 27 29 0a 2f 50 72 6f 64 75 63 65 72 20 28 5c 33 37 36 5c 33 37 37 5c 30 30 30 41 5c |
General | |
Stream Path: | MBD001D392E/\x1CompObj |
File Type: | data |
Stream Size: | 93 |
Entropy: | 4.2892020709435155 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D392E/\x1Ole |
File Type: | data |
Stream Size: | 64 |
Entropy: | 2.892622069467395 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 6 9 1 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 36 39 31 00 |
General | |
Stream Path: | MBD001D392E/CONTENTS |
File Type: | PDF document, version 1.4, 1 pages |
Stream Size: | 124841 |
Entropy: | 7.657052848938946 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 4 . . % . . % . . % w P D F b y W P C u b e d G m b H V 3 . 5 4 x [ 0 ] . . % . . % . . 1 0 o b j . < < / T y p e / M e t a d a t a / S u b t y p e / X M L / L e n g t h 1 4 4 7 > > . . s t r e a m . < ? x p a c k e t b e g i n = " . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > . < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " 3 . 1 - 7 0 1 " > . < r d f : R D F x m l n s : r d f = " h t t p : / / w w w . w 3 . |
Data Raw: | 25 50 44 46 2d 31 2e 34 0d 0a 25 e2 e3 cf d3 0d 0a 25 0d 0a 25 77 50 44 46 20 62 79 20 57 50 43 75 62 65 64 20 47 6d 62 48 20 56 33 2e 35 34 78 5b 30 5d 0d 0a 25 0d 0a 25 0d 0a 31 20 30 20 6f 62 6a 0d 3c 3c 2f 54 79 70 65 2f 4d 65 74 61 64 61 74 61 2f 53 75 62 74 79 70 65 2f 58 4d 4c 2f 4c 65 6e 67 74 68 20 31 34 34 37 20 3e 3e 0d 0a 73 74 72 65 61 6d 0a 3c 3f 78 70 61 63 6b 65 74 |
General | |
Stream Path: | MBD001D392F/\x1CompObj |
File Type: | data |
Stream Size: | 93 |
Entropy: | 4.2892020709435155 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D392F/\x1Ole |
File Type: | data |
Stream Size: | 64 |
Entropy: | 2.892622069467395 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 6 9 0 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 36 39 30 00 |
General | |
Stream Path: | MBD001D392F/CONTENTS |
File Type: | PDF document, version 1.5 |
Stream Size: | 66661 |
Entropy: | 7.946317330962055 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 2 0 o b j . < < . / P a g e s 4 0 R . / T y p e / C a t a l o g . / O u t p u t I n t e n t s 5 0 R . / M e t a d a t a 6 0 R . / A c r o F o r m 7 0 R . / V e r s i o n / 1 # 2 E 5 . > > . e n d o b j . 6 0 o b j . < < . / T y p e / M e t a d a t a . / S u b t y p e / X M L . / F i l t e r / F l a t e D e c o d e . / L e n g t h 4 5 4 . > > . s t r e a m . . x n 0 . . S X . 6 _ Q . U 4 : m Q . # c . . W M X T . . H > > . } | . l . M . / . T |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 a7 e3 f1 f1 0a 32 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 61 67 65 73 20 34 20 30 20 52 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 4f 75 74 70 75 74 49 6e 74 65 6e 74 73 20 35 20 30 20 52 0a 2f 4d 65 74 61 64 61 74 61 20 36 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 37 20 30 20 52 0a 2f 56 65 72 73 69 6f 6e 20 2f 31 23 32 45 35 0a 3e 3e 0a 65 6e |
General | |
Stream Path: | MBD001D3930/\x1CompObj |
File Type: | data |
Stream Size: | 93 |
Entropy: | 4.2892020709435155 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D3930/\x1Ole |
File Type: | data |
Stream Size: | 64 |
Entropy: | 2.892622069467395 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 9 5 1 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 39 35 31 00 |
General | |
Stream Path: | MBD001D3930/CONTENTS |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 31606 |
Entropy: | 7.916695020479147 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
General | |
Stream Path: | MBD001D3931/\x1CompObj |
File Type: | data |
Stream Size: | 93 |
Entropy: | 4.2892020709435155 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D3931/\x1Ole |
File Type: | data |
Stream Size: | 64 |
Entropy: | 2.892622069467395 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 9 5 0 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 39 35 30 00 |
General | |
Stream Path: | MBD001D3931/CONTENTS |
File Type: | PDF document, version 1.7, 1 pages |
Stream Size: | 62293 |
Entropy: | 7.949249248462166 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / P a g e M o d e / U s e N o n e . / V i e w e r P r e f e r e n c e s < < . / F i t W i n d o w t r u e . / P a g e L a y o u t / S i n g l e P a g e . / N o n F u l l S c r e e n P a g e M o d e / U s e N o n e . > > . > > . e n d o b j . 5 0 o b j . < < . / L e n g t h 1 2 7 2 . / F i l t e r [ / F l a t e D e c o d e ] . > > . s t r e a m . x X |
Data Raw: | 25 50 44 46 2d 31 2e 37 20 0a 25 e2 e3 cf d3 20 0a 31 20 30 20 6f 62 6a 20 0a 3c 3c 20 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 20 0a 2f 50 61 67 65 73 20 32 20 30 20 52 20 0a 2f 50 61 67 65 4d 6f 64 65 20 2f 55 73 65 4e 6f 6e 65 20 0a 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 3c 3c 20 0a 2f 46 69 74 57 69 6e 64 6f 77 20 74 72 75 65 20 0a 2f 50 61 67 65 4c 61 79 |
General | |
Stream Path: | MBD001D3932/\x1CompObj |
File Type: | data |
Stream Size: | 93 |
Entropy: | 4.2892020709435155 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D3932/\x1Ole |
File Type: | data |
Stream Size: | 64 |
Entropy: | 2.892622069467395 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 6 9 1 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 36 39 31 00 |
General | |
Stream Path: | MBD001D3932/CONTENTS |
File Type: | PDF document, version 1.4, 1 pages |
Stream Size: | 124841 |
Entropy: | 7.657052848938946 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 4 . . % . . % . . % w P D F b y W P C u b e d G m b H V 3 . 5 4 x [ 0 ] . . % . . % . . 1 0 o b j . < < / T y p e / M e t a d a t a / S u b t y p e / X M L / L e n g t h 1 4 4 7 > > . . s t r e a m . < ? x p a c k e t b e g i n = " . " i d = " W 5 M 0 M p C e h i H z r e S z N T c z k c 9 d " ? > . < x : x m p m e t a x m l n s : x = " a d o b e : n s : m e t a / " x : x m p t k = " 3 . 1 - 7 0 1 " > . < r d f : R D F x m l n s : r d f = " h t t p : / / w w w . w 3 . |
Data Raw: | 25 50 44 46 2d 31 2e 34 0d 0a 25 e2 e3 cf d3 0d 0a 25 0d 0a 25 77 50 44 46 20 62 79 20 57 50 43 75 62 65 64 20 47 6d 62 48 20 56 33 2e 35 34 78 5b 30 5d 0d 0a 25 0d 0a 25 0d 0a 31 20 30 20 6f 62 6a 0d 3c 3c 2f 54 79 70 65 2f 4d 65 74 61 64 61 74 61 2f 53 75 62 74 79 70 65 2f 58 4d 4c 2f 4c 65 6e 67 74 68 20 31 34 34 37 20 3e 3e 0d 0a 73 74 72 65 61 6d 0a 3c 3f 78 70 61 63 6b 65 74 |
General | |
Stream Path: | MBD001D3933/\x1CompObj |
File Type: | data |
Stream Size: | 93 |
Entropy: | 4.2892020709435155 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o b a t . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 14 00 00 00 41 63 72 6f 62 61 74 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D3933/\x1Ole |
File Type: | data |
Stream Size: | 64 |
Entropy: | 2.892622069467395 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 1 ! O b j e c t 6 9 0 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 12 00 00 00 53 68 65 65 74 31 21 4f 62 6a 65 63 74 20 36 39 30 00 |
General | |
Stream Path: | MBD001D3933/CONTENTS |
File Type: | PDF document, version 1.5 |
Stream Size: | 66661 |
Entropy: | 7.946317330962055 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 2 0 o b j . < < . / P a g e s 4 0 R . / T y p e / C a t a l o g . / O u t p u t I n t e n t s 5 0 R . / M e t a d a t a 6 0 R . / A c r o F o r m 7 0 R . / V e r s i o n / 1 # 2 E 5 . > > . e n d o b j . 6 0 o b j . < < . / T y p e / M e t a d a t a . / S u b t y p e / X M L . / F i l t e r / F l a t e D e c o d e . / L e n g t h 4 5 4 . > > . s t r e a m . . x n 0 . . S X . 6 _ Q . U 4 : m Q . # c . . W M X T . . H > > . } | . l . M . / . T |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 a7 e3 f1 f1 0a 32 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 61 67 65 73 20 34 20 30 20 52 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 4f 75 74 70 75 74 49 6e 74 65 6e 74 73 20 35 20 30 20 52 0a 2f 4d 65 74 61 64 61 74 61 20 36 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 37 20 30 20 52 0a 2f 56 65 72 73 69 6f 6e 20 2f 31 23 32 45 35 0a 3e 3e 0a 65 6e |
General | |
Stream Path: | MBD001D3934/\x1CompObj |
File Type: | data |
Stream Size: | 98 |
Entropy: | 3.587021451896387 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t O f f i c e W o r d D o c u m e n t . . . . . M S W o r d D o c x . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 57 6f 72 64 20 44 6f 63 75 6d 65 6e 74 00 0b 00 00 00 4d 53 57 6f 72 64 44 6f 63 78 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D3934/Package |
File Type: | Microsoft Word 2007+ |
Stream Size: | 222536 |
Entropy: | 7.986106596567772 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 91 93 a8 bc 8f 01 00 00 bf 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001D3935/\x1OlE10NAtiVE |
File Type: | data |
Stream Size: | 1575 |
Entropy: | 7.23485897637031 |
Base64 Encoded: | True |
Data ASCII: | . 6 . . ~ . G . . . N . . . . . . . . . . . . . . . . . . . . . . . . . P . E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ) D . . . . 2 . . . . { . > _ , ^ ; k 1 . . U ; ? E . . . c . q z > y . i 6 , F [ 9 x ! " . q l Y 3 u . . A ; = . . . * . H ) \\ x , . { ) 1 s o . x . P Q A J 8 c . Y Z a T ] . ' . $ S W P b u = K L . . ' . T A 7 d e K @ } . - ( $ a F b 4 / . . 1 | . e = 7 < . < . I ? " U r ^ . . @ . D _ _ u . % . } ' R D " } . D } t o % s . . j 3 q M M . . W P . . . . . C . . - V . . - d |
Data Raw: | e4 04 36 01 03 7e 01 eb 47 0a 01 05 ad 4e b7 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 06 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 29 c3 44 00 00 00 00 e9 32 01 00 00 bc 02 de e3 7b 16 3e 5f 2c 5e 3b 6b f6 31 c2 a3 1f bc 86 92 55 3b 3f fb e6 45 e6 10 09 fe f9 be 14 63 bc e1 c4 81 71 8a 7a c0 a6 |
General | |
Stream Path: | MBD001D3935/\x1Ole |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.5689955935892812 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | Workbook |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 563748 |
Entropy: | 7.900998864592758 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . l . 9 P . 8 . . . . . . . X . @ . . . . . . . . . . " . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 aa 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 517 |
Entropy: | 5.221184697935102 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 5 6 6 A 4 A E 7 - 8 5 A 5 - 4 3 2 E - B 6 8 C - 3 1 E A F B C 7 0 1 B 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 1 3 3 C 9 2 F C D 2 F C D 2 F C |
Data Raw: | 49 44 3d 22 7b 35 36 36 41 34 41 45 37 2d 38 35 41 35 2d 34 33 32 45 2d 42 36 38 43 2d 33 31 45 41 46 42 43 37 30 31 42 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
Click to jump to process
Target ID: | 0 |
Start time: | 07:55:16 |
Start date: | 17/07/2023 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc0000 |
File size: | 27'110'184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 1 |
Start time: | 07:56:08 |
Start date: | 17/07/2023 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc60000 |
File size: | 1'937'688 bytes |
MD5 hash: | 0B9AB9B9C4DE429473D6450D4297A123 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 07:56:10 |
Start date: | 17/07/2023 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69cdb0000 |
File size: | 130'560 bytes |
MD5 hash: | 8D59B31FF375059E3C32B17BF31A76D5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 07:56:15 |
Start date: | 17/07/2023 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x820000 |
File size: | 2'571'312 bytes |
MD5 hash: | B969CF0C7B2C443A99034881E8C8740A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 4 |
Start time: | 07:56:19 |
Start date: | 17/07/2023 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x960000 |
File size: | 9'475'120 bytes |
MD5 hash: | 9AEBA3BACD721484391D15478A4080C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |