29.0.0 Ocean Jasper

ID: 238148Sample Name: PD_66910971.xlsCookbook: default.jbsTime: 19:19:28Date: 12/06/2020Version: 29.0.0 Ocean Jasper

25555555555566666777889999

101010131414151515151717202020343435353535353536363636

36373737

3737

Table of Contents

Table of ContentsAnalysis Report PD_669 10971.xls

OverviewGeneral InformationDetectionSignaturesClassification

StartupMalware ConfigurationYara OverviewSigma Overview

System Summary:Signature Overview

AV Detection:Software Vulnerabilities:System Summary:Mitre Att&ck Matrix

Behavior GraphScreenshots

ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Domains and IPsContacted DomainsURLs from Memory and BinariesContacted IPsPublic

General InformationSimulations

Behavior and APIsJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

Created / dropped FilesStatic File Info

GeneralFile IconStatic OLE Info

GeneralOLE File "PD_669 10971.xls"IndicatorsSummaryDocument SummaryStreams with VBA

VBA File Name: CarClass.cls, Stream Size: 2504General

VBA Code KeywordsVBA CodeVBA File Name: Module0.bas, Stream Size: 683General

VBA Code KeywordsVBA Code

Copyright null 2020 of 113

3737

37383838

38404040

40404141

41414242

42424242

42424242

43434343

43444444

4444

44444445454545454545454646464646464646474747474747474748484848484848484949494949494949

505050505050

VBA File Name: Module1.bas, Stream Size: 4935General




VBA Code KeywordsVBA CodeVBA File Name: Page1.cls, Stream Size: 977General

VBA Code KeywordsVBA CodeVBA File Name: Page11.cls, Stream Size: 977General

VBA Code KeywordsVBA CodeVBA File Name: PrepareForm.frm, Stream Size: 1650General

VBA Code KeywordsVBA CodeVBA File Name: UserForm6.frm, Stream Size: 1159General

VBA Code KeywordsVBA CodeVBA File Name: one.cls, Stream Size: 3051General

VBA Code KeywordsVBA Code

StreamsStream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 292GeneralStream Path: \x5SummaryInformation, File Type: data, Stream Size: 352GeneralStream Path: MBD0090C244/\x1CompObj, File Type: data, Stream Size: 76GeneralStream Path: MBD0090C244/\x1Ole10Native, File Type: data, Stream Size: 614941GeneralStream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 135282GeneralStream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 944GeneralStream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 266GeneralStream Path: _VBA_PROJECT_CUR/PrepareForm/\x1CompObj, File Type: data, Stream Size: 97GeneralStream Path: _VBA_PROJECT_CUR/PrepareForm/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 311GeneralStream Path: _VBA_PROJECT_CUR/PrepareForm/f, File Type: data, Stream Size: 13229GeneralStream Path: _VBA_PROJECT_CUR/PrepareForm/o, File Type: empty, Stream Size: 0GeneralStream Path: _VBA_PROJECT_CUR/UserForm6/\x1CompObj, File Type: data, Stream Size: 97GeneralStream Path: _VBA_PROJECT_CUR/UserForm6/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 292GeneralStream Path: _VBA_PROJECT_CUR/UserForm6/f, File Type: data, Stream Size: 395GeneralStream Path: _VBA_PROJECT_CUR/UserForm6/o, File Type: data, Stream Size: 292GeneralStream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 7159GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 2529GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 335GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_4, File Type: data, Stream Size: 160GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_5, File Type: data, Stream Size: 656GeneralStream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 1327General

Network BehaviorCode ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: EXCEL.EXE PID: 5416 Parent PID: 700


50505051525263

64646464

646465

656565656566

87878788

888888888989

111111

111111

111111

111111

112112

112112

112112

113113

113

GeneralFile Activities

File CreatedFile DeletedFile MovedFile WrittenFile Read

Registry ActivitiesKey CreatedKey Value CreatedKey Value Modified

Analysis Process: splwow64.exe PID: 6088 Parent PID: 5416GeneralFile Activities

Analysis Process: WerFault.exe PID: 4832 Parent PID: 5416GeneralFile Activities

File CreatedFile DeletedFile Written

Registry ActivitiesKey CreatedKey Value CreatedKey Value Modified

Analysis Process: WerFault.exe PID: 4664 Parent PID: 5416GeneralFile Activities

File CreatedFile DeletedFile Written

Registry ActivitiesKey Created

Analysis Process: WerFault.exe PID: 4316 Parent PID: 5416General







Disassembly


Analysis Report PD_669 10971.xls

Overview

General Information

Sample Name:

PD_669 10971.xls

MD5: e01daa23055e3e…

SHA1: 5a72024f11fe977…

SHA256: 7bafb9938c0694b…

Most interesting Screenshot:

Detection

Get2DownloaderGet2DownloaderScore: 100

Range: 0 - 100

Whitelisted: false

Confidence: 100%

Signatures

Document exploit detected (creates f






Document exploit detected (creates fDocument exploit detected (creates f……

Document exploit detected (drops PE






Document exploit detected (drops PEDocument exploit detected (drops PE……

Multi AV Scanner detection for dropp






Multi AV Scanner detection for droppMulti AV Scanner detection for dropp……

Multi AV Scanner detection for subm






Multi AV Scanner detection for submMulti AV Scanner detection for subm……

Office document tries to convince vic






Office document tries to convince vicOffice document tries to convince vic……

Sigma detected: Get2 Downloader






Sigma detected: Get2 DownloaderSigma detected: Get2 Downloader

Document contains an embedded VB






Document contains an embedded VBDocument contains an embedded VB……















Document contains an embedded ma






Document contains an embedded maDocument contains an embedded ma……

Machine Learning detection for samp






Machine Learning detection for sampMachine Learning detection for samp……

Office process drops PE file






Office process drops PE fileOffice process drops PE file

Creates files inside the system direc






Creates files inside the system direcCreates files inside the system direc……

Document contains embedded VBA m






Document contains embedded VBA mDocument contains embedded VBA m……

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE filesDrops PE files

Enables debug privileges






Enables debug privilegesEnables debug privileges

Found a high number of Window / Us






Found a high number of Window / UsFound a high number of Window / Us……

IP address seen in connection with o






IP address seen in connection with oIP address seen in connection with o……

One or more processes crash






One or more processes crashOne or more processes crash

Queries disk information (often used






Queries disk information (often used Queries disk information (often used ……

Sample file is different than original f






Sample file is different than original fSample file is different than original f……

Tries to load missing DLLs






Tries to load missing DLLsTries to load missing DLLs

Classification

Malware Configuration

Yara Overview

Sigma Overview

System Summary:


Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

System is w10x64

EXCEL.EXE (PID: 5416 cmdline: 'C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE' /automation -Embedding MD5: D672D26C85AEB9536B9736BF04054969)

splwow64.exe (PID: 6088 cmdline: C:\Windows\splwow64.exe 12288 MD5: 8D59B31FF375059E3C32B17BF31A76D5)

WerFault.exe (PID: 4832 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 2492 MD5: 80E91E3C0F5563E4049B62FCAF5D67AC)









cleanup

No configs have been found

No yara matches

Startup


Signature Overview

• AV Detection

• Software Vulnerabilities

• Networking

• System Summary

• Persistence and Installation Behavior

• Hooking and other Techniques for Hiding and Protection

• Malware Analysis System Evasion

• Anti Debugging

Click to jump to signature section

AV Detection:

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Document exploit detected (drops PE files)

System Summary:

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Document contains an embedded VBA macro with suspicious strings

Document contains an embedded VBA with functions possibly related to ADO stream file operations

Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)

Document contains an embedded macro with GUI obfuscation


Mitre Att&ck Matrix

Initial Access Execution PersistencePrivilegeEscalation Defense Evasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

ValidAccounts

Scripting 4 1 WinlogonHelper DLL

ProcessInjection 1

Masquerading 1 1 CredentialDumping

Virtualization/SandboxEvasion 1

ApplicationDeploymentSoftware

Data fromLocalSystem

DataCompressed

DataObfuscation

Eavesdrop onInsecureNetworkCommunication

ReplicationThroughRemovableMedia

Graphical UserInterface 1

PortMonitors

AccessibilityFeatures

Disabling SecurityTools 1

NetworkSniffing

Process Discovery 1 RemoteServices

Data fromRemovableMedia

ExfiltrationOver OtherNetworkMedium

FallbackChannels

Exploit SS7 toRedirect PhoneCalls/SMS

ExternalRemoteServices

Exploitation forClientExecution 2

AccessibilityFeatures

PathInterception

Virtualization/SandboxEvasion 1

InputCapture

Application WindowDiscovery 1

WindowsRemoteManagement

Data fromNetworkSharedDrive

AutomatedExfiltration

CustomCryptographicProtocol

Exploit SS7 toTrack DeviceLocation


Drive-byCompromise

ScheduledTask

SystemFirmware

DLL SearchOrderHijacking

Process Injection 1 Credentialsin Files

Security SoftwareDiscovery 1 1

LogonScripts

InputCapture

DataEncrypted

MultibandCommunication

SIM CardSwap

Exploit Public-FacingApplication

Command-Line Interface

ShortcutModification

File SystemPermissionsWeakness

Scripting 4 1 AccountManipulation

File and DirectoryDiscovery 1

SharedWebroot

DataStaged

ScheduledTransfer

StandardCryptographicProtocol

ManipulateDeviceCommunication

SpearphishingLink

Graphical UserInterface

ModifyExistingService

NewService

DLL Side-Loading 1 Brute Force System InformationDiscovery 1 1

Third-partySoftware

ScreenCapture

DataTransferSize Limits

CommonlyUsed Port

Jamming orDenial ofService

Initial Access Execution PersistencePrivilegeEscalation Defense Evasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

Behavior Graph

ID: 238148

Sample: PD_669 10971.xls

Startdate: 12/06/2020

Architecture: WINDOWS

Score: 100

Sigma detected: Get2Downloader

Multi AV Scanner detectionfor dropped file

Multi AV Scanner detectionfor submitted file 8 other signatures

EXCEL.EXE

250 81

started

13.107.42.23

unknown

United States

13.107.5.88

unknown

United States

5 other IPs or domains

C:\Users\user\AppData\Roaming\...\libOmio.dll, PE32

dropped

C:\Users\user\AppData\...\oleObject1.bin, Composite

dropped

C:\Users\user\AppData\Local\Temp\basecamp, COM

dropped

Document exploit detected(creates forbidden files)

WerFault.exe

24 10

started

WerFault.exe

9

started

splwow64.exe

started

7 other processes

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Graph

Screenshots


No bigger version No bigger version No bigger version

No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version

No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version

No bigger version No bigger version No bigger version No bigger version

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample


Source Detection Scanner Label Link

PD_669 10971.xls 44% Virustotal Browse

PD_669 10971.xls 100% Joe Sandbox ML


C:\Users\user\AppData\Local\Temp\basecamp 3% Virustotal Browse

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\libOmio.dll 32% Virustotal Browse

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\libOmio.dll 25% ReversingLabs Win32.Trojan.Ursu

No Antivirus matches

No Antivirus matches


https://cdn.entity. 0% URL Reputation safe

https://cdn.entity. 0% URL Reputation safe

https://wus2-000.contentsync. 0% URL Reputation safe

https://wus2-000.contentsync. 0% URL Reputation safe

https://powerlift.acompli.net 0% Virustotal Browse

https://powerlift.acompli.net 0% URL Reputation safe

https://powerlift.acompli.net 0% URL Reputation safe

https://rpsticket.partnerservices.getmicrosoftkey.com 0% Virustotal Browse

https://rpsticket.partnerservices.getmicrosoftkey.com 0% URL Reputation safe

https://rpsticket.partnerservices.getmicrosoftkey.com 0% URL Reputation safe

https://api.aadrm.com/ 0% Virustotal Browse

https://api.aadrm.com/ 0% URL Reputation safe

https://api.aadrm.com/ 0% URL Reputation safe

https://ofcrecsvcapi-int.azurewebsites.net/ 0% Virustotal Browse

https://ofcrecsvcapi-int.azurewebsites.net/ 0% Avira URL Cloud safe

https://res.getmicrosoftkey.com/api/redemptionevents 0% Virustotal Browse

https://res.getmicrosoftkey.com/api/redemptionevents 0% URL Reputation safe

https://res.getmicrosoftkey.com/api/redemptionevents 0% URL Reputation safe

https://powerlift-frontdesk.acompli.net 0% Virustotal Browse

https://powerlift-frontdesk.acompli.net 0% URL Reputation safe

https://powerlift-frontdesk.acompli.net 0% URL Reputation safe

https://officeci.azurewebsites.net/api/ 0% Virustotal Browse

https://officeci.azurewebsites.net/api/ 0% Avira URL Cloud safe

https://store.office.cn/addinstemplate 0% Virustotal Browse

https://store.office.cn/addinstemplate 0% URL Reputation safe

https://store.office.cn/addinstemplate 0% URL Reputation safe

https://wus2-000.pagecontentsync. 0% URL Reputation safe

https://wus2-000.pagecontentsync. 0% URL Reputation safe

https://store.officeppe.com/addinstemplate 0% Virustotal Browse

https://store.officeppe.com/addinstemplate 0% URL Reputation safe

https://store.officeppe.com/addinstemplate 0% URL Reputation safe

https://dev0-api.acompli.net/autodetect 0% Virustotal Browse

https://dev0-api.acompli.net/autodetect 0% URL Reputation safe

https://dev0-api.acompli.net/autodetect 0% URL Reputation safe

https://www.odwebp.svc.ms 0% Virustotal Browse

https://www.odwebp.svc.ms 0% URL Reputation safe

https://www.odwebp.svc.ms 0% URL Reputation safe

https://dataservice.o365filtering.com/ 0% Virustotal Browse

https://dataservice.o365filtering.com/ 0% URL Reputation safe

https://dataservice.o365filtering.com/ 0% URL Reputation safe

https://officesetup.getmicrosoftkey.com 0% Virustotal Browse

https://officesetup.getmicrosoftkey.com 0% URL Reputation safe

https://officesetup.getmicrosoftkey.com 0% URL Reputation safe

Dropped Files

Unpacked PE Files

Domains

URLs


https://www.virustotal.com/gui/file/7bafb9938c0694ba42a9a3ac10322418c39e9783da5772390132552efd7227e6/detection/f-7bafb9938c0694ba42a9a3ac10322418c39e9783da5772390132552efd7227e6-1591981887

https://www.virustotal.com/gui/file/88db87de2e37b1c6d285fe273cf71a5a3c5aafc3d388f0215aa2c1f05d2bba74/detection/f-88db87de2e37b1c6d285fe273cf71a5a3c5aafc3d388f0215aa2c1f05d2bba74-1591977239

https://www.virustotal.com/gui/file/e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487/detection/f-e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487-1591980923

https://www.virustotal.com/gui/url/36c4ac17068fcfcc56bdd98a22fe26e68b5aaa5338eb023c6670c98fff55c8d3/detection/u-36c4ac17068fcfcc56bdd98a22fe26e68b5aaa5338eb023c6670c98fff55c8d3-1591038939

https://www.virustotal.com/gui/url/03395b586433c877f6dca74c012e7722aabf90583f5385188ff7ff4bf16093a7/detection/u-03395b586433c877f6dca74c012e7722aabf90583f5385188ff7ff4bf16093a7-1587479932

https://www.virustotal.com/gui/url/c48beca7d086ce3509a197eaae28579b70909052fc961238a3cbc3b3965ed162/detection/u-c48beca7d086ce3509a197eaae28579b70909052fc961238a3cbc3b3965ed162-1591888833

https://www.virustotal.com/gui/url/b52ed68c7daea1a0dbbae7e0dd7f2959e3b318743ba4678ef8fb0f0964b6661c/detection/u-b52ed68c7daea1a0dbbae7e0dd7f2959e3b318743ba4678ef8fb0f0964b6661c-1552003358

https://www.virustotal.com/gui/url/1ffce76c590674182ef2470f1292b622d50bc12589a4a13a2d39d1632afa37f9/detection/u-1ffce76c590674182ef2470f1292b622d50bc12589a4a13a2d39d1632afa37f9-1590476989

https://www.virustotal.com/gui/url/26433be36678daacb46da52e0a84bbae6043c49d55d84c7d6066e87815f883af/detection/u-26433be36678daacb46da52e0a84bbae6043c49d55d84c7d6066e87815f883af-1590476970

https://www.virustotal.com/gui/url/1fd63af70561d504e1c4d2320234c5e465bc7e41e684b620b56ec0cb469b30cc/detection/u-1fd63af70561d504e1c4d2320234c5e465bc7e41e684b620b56ec0cb469b30cc-1552003459

https://www.virustotal.com/gui/url/8848c28f30481ca630ec1623db5bc418cf47b2ce0567e693a88e606d4d0f68bb/detection/u-8848c28f30481ca630ec1623db5bc418cf47b2ce0567e693a88e606d4d0f68bb-1587480103

https://www.virustotal.com/gui/url/44cde64799c1c36a60be172f43d9ad4712f5c5b6a2603afec34e6ac27cecda8c/detection/u-44cde64799c1c36a60be172f43d9ad4712f5c5b6a2603afec34e6ac27cecda8c-1574428026

https://www.virustotal.com/gui/url/a7537da08cf1398a432c6cf346ca8d4d531aaab5d0e5da14bbef521f7d514ac9/detection/u-a7537da08cf1398a432c6cf346ca8d4d531aaab5d0e5da14bbef521f7d514ac9-1587480181

https://www.virustotal.com/gui/url/723994f77f6abcf01493a50c0b8d0df7680ef412ba0243f816a91b96415aae49/detection/u-723994f77f6abcf01493a50c0b8d0df7680ef412ba0243f816a91b96415aae49-1591934195

https://www.virustotal.com/gui/url/8dae14ccb02f0ab5cacd551d7c97984ef8b68a9a8155b2d9ca01f710a1d62bec/detection/u-8dae14ccb02f0ab5cacd551d7c97984ef8b68a9a8155b2d9ca01f710a1d62bec-1588773719

https://www.virustotal.com/gui/url/0730d51843e14fc178544a786c96a245158947ca3700c1967e1ffd2bf7728e79/detection/u-0730d51843e14fc178544a786c96a245158947ca3700c1967e1ffd2bf7728e79-1589951899

https://prod-global-autodetect.acompli.net/autodetect 0% Virustotal Browse

https://prod-global-autodetect.acompli.net/autodetect 0% URL Reputation safe

https://prod-global-autodetect.acompli.net/autodetect 0% URL Reputation safe

https://apis.live.net/v5.0/ 0% Virustotal Browse

https://apis.live.net/v5.0/ 0% URL Reputation safe

https://apis.live.net/v5.0/ 0% URL Reputation safe

https://asgsmsproxyapi.azurewebsites.net/ 0% Virustotal Browse

https://asgsmsproxyapi.azurewebsites.net/ 0% Avira URL Cloud safe

https://ncus-000.contentsync. 0% URL Reputation safe

https://ncus-000.contentsync. 0% URL Reputation safe

https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile 0% Virustotal Browse

https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile 0% URL Reputation safe

https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile 0% URL Reputation safe

https://skyapi.live.net/Activity/ 0% Virustotal Browse

https://skyapi.live.net/Activity/ 0% URL Reputation safe

https://skyapi.live.net/Activity/ 0% URL Reputation safe

https://dataservice.o365filtering.com 0% Virustotal Browse

https://dataservice.o365filtering.com 0% URL Reputation safe

https://dataservice.o365filtering.com 0% URL Reputation safe

https://ovisualuiapp.azurewebsites.net/pbiagave/ 0% Virustotal Browse

https://ovisualuiapp.azurewebsites.net/pbiagave/ 0% Avira URL Cloud safe

https://directory.services. 0% Virustotal Browse

https://directory.services. 0% URL Reputation safe

https://directory.services. 0% URL Reputation safe


No contacted domains info

Name Source Malicious Antivirus Detection Reputation

https://api.diagnosticssdf.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://login.microsoftonline.com/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://shell.suite.office.com:1443 D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://cdn.entity. D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false URL Reputation: safeURL Reputation: safe

unknown

https://wus2-000.contentsync. D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://powerlift.acompli.net D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false 0%, Virustotal, BrowseURL Reputation: safeURL Reputation: safe

unknown

https://rpsticket.partnerservices.getmicrosoftkey.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://lookup.onenote.com/lookup/geolocation/v1 D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://api.powerbi.com/v1.0/myorg/imports D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://cloudfiles.onenote.com/upload.aspx D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

Domains and IPs

Contacted Domains

URLs from Memory and Binaries


https://www.virustotal.com/gui/url/3504e12f573e1ad0e8ffff8a861f2c9f296141f19fe2a05eaf3e544809e18151/detection/u-3504e12f573e1ad0e8ffff8a861f2c9f296141f19fe2a05eaf3e544809e18151-1587480279

https://www.virustotal.com/gui/url/28a2c81e16693ad93331b3786e55554f3561b63131e58e7a1dcd2d420219829a/detection/u-28a2c81e16693ad93331b3786e55554f3561b63131e58e7a1dcd2d420219829a-1512878565

https://www.virustotal.com/gui/url/a6fd4878647aaa786a2f8f16c37a515f1e846462aa302219121a7f4310806bc8/detection/u-a6fd4878647aaa786a2f8f16c37a515f1e846462aa302219121a7f4310806bc8-1584741004

https://www.virustotal.com/gui/url/0f951f26199bbe9dbdf42340d705b20a1fefe5e8cd858733d40c9c77310e0b98/detection/u-0f951f26199bbe9dbdf42340d705b20a1fefe5e8cd858733d40c9c77310e0b98-1531087382

https://www.virustotal.com/gui/url/d2c1ff0b312f9995f2fe0cc773587a97147111da6f68c0556f8ef316b0867baf/detection/u-d2c1ff0b312f9995f2fe0cc773587a97147111da6f68c0556f8ef316b0867baf-1584845538


https://www.virustotal.com/gui/url/95995ca7fe0d352c8d090bc578e116c595327474114bfe881d2bb59f9acef2bd/detection/u-95995ca7fe0d352c8d090bc578e116c595327474114bfe881d2bb59f9acef2bd-1552003417

https://www.virustotal.com/gui/url/1078700f4ffbb9b71a491c5754f9e69abed1824ce458682cf4691bec3678f956/detection/u-1078700f4ffbb9b71a491c5754f9e69abed1824ce458682cf4691bec3678f956-1575466372

https://www.virustotal.com/gui/url/36c4ac17068fcfcc56bdd98a22fe26e68b5aaa5338eb023c6670c98fff55c8d3/detection/u-36c4ac17068fcfcc56bdd98a22fe26e68b5aaa5338eb023c6670c98fff55c8d3-1591038939

https://www.virustotal.com/gui/url/03395b586433c877f6dca74c012e7722aabf90583f5385188ff7ff4bf16093a7/detection/u-03395b586433c877f6dca74c012e7722aabf90583f5385188ff7ff4bf16093a7-1587479932

https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://entitlement.diagnosticssdf.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://api.aadrm.com/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://ofcrecsvcapi-int.azurewebsites.net/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false 0%, Virustotal, BrowseAvira URL Cloud: safe

low

https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://api.microsoftstream.com/api/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://cr.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://portal.office.com/account/?ref=ClientMeControl D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://ecs.office.com/config/v2/Office D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://graph.ppe.windows.net D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://res.getmicrosoftkey.com/api/redemptionevents D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://powerlift-frontdesk.acompli.net D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://tasks.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://officeci.azurewebsites.net/api/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr


low

https://sr.outlook.office.net/ws/speech/recognize/assistant/work

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://store.office.cn/addinstemplate D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://wus2-000.pagecontentsync. D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://outlook.office.com/autosuggest/api/v1/init?cvid= D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://globaldisco.crm.dynamics.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://store.officeppe.com/addinstemplate D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://dev0-api.acompli.net/autodetect D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://www.odwebp.svc.ms D7947CFB-C60D-4B09-B664-749490813E98.0.dr


low

https://api.powerbi.com/v1.0/myorg/groups D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://web.microsoftstream.com/video/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://graph.windows.net D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://dataservice.o365filtering.com/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://officesetup.getmicrosoftkey.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://analysis.windows.net/powerbi/api D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high



https://www.virustotal.com/gui/url/c48beca7d086ce3509a197eaae28579b70909052fc961238a3cbc3b3965ed162/detection/u-c48beca7d086ce3509a197eaae28579b70909052fc961238a3cbc3b3965ed162-1591888833

https://www.virustotal.com/gui/url/b52ed68c7daea1a0dbbae7e0dd7f2959e3b318743ba4678ef8fb0f0964b6661c/detection/u-b52ed68c7daea1a0dbbae7e0dd7f2959e3b318743ba4678ef8fb0f0964b6661c-1552003358

https://www.virustotal.com/gui/url/1ffce76c590674182ef2470f1292b622d50bc12589a4a13a2d39d1632afa37f9/detection/u-1ffce76c590674182ef2470f1292b622d50bc12589a4a13a2d39d1632afa37f9-1590476989

https://www.virustotal.com/gui/url/26433be36678daacb46da52e0a84bbae6043c49d55d84c7d6066e87815f883af/detection/u-26433be36678daacb46da52e0a84bbae6043c49d55d84c7d6066e87815f883af-1590476970

https://www.virustotal.com/gui/url/1fd63af70561d504e1c4d2320234c5e465bc7e41e684b620b56ec0cb469b30cc/detection/u-1fd63af70561d504e1c4d2320234c5e465bc7e41e684b620b56ec0cb469b30cc-1552003459

https://www.virustotal.com/gui/url/8848c28f30481ca630ec1623db5bc418cf47b2ce0567e693a88e606d4d0f68bb/detection/u-8848c28f30481ca630ec1623db5bc418cf47b2ce0567e693a88e606d4d0f68bb-1587480103

https://www.virustotal.com/gui/url/44cde64799c1c36a60be172f43d9ad4712f5c5b6a2603afec34e6ac27cecda8c/detection/u-44cde64799c1c36a60be172f43d9ad4712f5c5b6a2603afec34e6ac27cecda8c-1574428026

https://www.virustotal.com/gui/url/a7537da08cf1398a432c6cf346ca8d4d531aaab5d0e5da14bbef521f7d514ac9/detection/u-a7537da08cf1398a432c6cf346ca8d4d531aaab5d0e5da14bbef521f7d514ac9-1587480181

https://www.virustotal.com/gui/url/723994f77f6abcf01493a50c0b8d0df7680ef412ba0243f816a91b96415aae49/detection/u-723994f77f6abcf01493a50c0b8d0df7680ef412ba0243f816a91b96415aae49-1591934195


https://www.virustotal.com/gui/url/0730d51843e14fc178544a786c96a245158947ca3700c1967e1ffd2bf7728e79/detection/u-0730d51843e14fc178544a786c96a245158947ca3700c1967e1ffd2bf7728e79-1589951899

https://prod-global-autodetect.acompli.net/autodetect D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://outlook.office365.com/autodiscover/autodiscover.jsonD7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

weather.service.msn.com/data.aspx D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://apis.live.net/v5.0/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr


low

https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://management.azure.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://incidents.diagnostics.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://clients.config.office.net/user/v1.0/ios D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://insertmedia.bing.office.net/odc/insertmedia D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://o365auditrealtimeingestion.manage.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://outlook.office365.com/api/v1.0/me/Activities D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://incidents.diagnosticssdf.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://asgsmsproxyapi.azurewebsites.net/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr


low

https://clients.config.office.net/user/v1.0/android/policies D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://entitlement.diagnostics.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonD7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://storage.live.com/clientlogs/uploadlocation D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://templatelogging.office.com/client/log D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://management.azure.com/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://ncus-000.contentsync. D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://login.windows.net/common/oauth2/authorize D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile

D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://graph.windows.net/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://devnull.onenote.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://messaging.office.com/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high



https://www.virustotal.com/gui/url/3504e12f573e1ad0e8ffff8a861f2c9f296141f19fe2a05eaf3e544809e18151/detection/u-3504e12f573e1ad0e8ffff8a861f2c9f296141f19fe2a05eaf3e544809e18151-1587480279

https://www.virustotal.com/gui/url/28a2c81e16693ad93331b3786e55554f3561b63131e58e7a1dcd2d420219829a/detection/u-28a2c81e16693ad93331b3786e55554f3561b63131e58e7a1dcd2d420219829a-1512878565

https://www.virustotal.com/gui/url/a6fd4878647aaa786a2f8f16c37a515f1e846462aa302219121a7f4310806bc8/detection/u-a6fd4878647aaa786a2f8f16c37a515f1e846462aa302219121a7f4310806bc8-1584741004

https://www.virustotal.com/gui/url/0f951f26199bbe9dbdf42340d705b20a1fefe5e8cd858733d40c9c77310e0b98/detection/u-0f951f26199bbe9dbdf42340d705b20a1fefe5e8cd858733d40c9c77310e0b98-1531087382

https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://skyapi.live.net/Activity/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr


low

https://clients.config.office.net/user/v1.0/mac D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://dataservice.o365filtering.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://onedrive.live.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://ovisualuiapp.azurewebsites.net/pbiagave/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr


low

https://visio.uservoice.com/forums/368202-visio-on-devices

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://directory.services. D7947CFB-C60D-4B09-B664-749490813E98.0.dr


unknown

https://login.windows-ppe.net/common/oauth2/authorize D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://loki.delve.office.com/api/v1/configuration/officewin32/D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://onedrive.live.com/embed? D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://augloop.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://clients.config.office.net/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://api.diagnostics.office.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://settings.outlook.com D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://graph.ppe.windows.net/ D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://store.office.de/addinstemplate D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://api.powerbi.com/v1.0/myorg/datasets D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook

D7947CFB-C60D-4B09-B664-749490813E98.0.dr

false high


Contacted IPs


https://www.virustotal.com/gui/url/d2c1ff0b312f9995f2fe0cc773587a97147111da6f68c0556f8ef316b0867baf/detection/u-d2c1ff0b312f9995f2fe0cc773587a97147111da6f68c0556f8ef316b0867baf-1584845538


https://www.virustotal.com/gui/url/95995ca7fe0d352c8d090bc578e116c595327474114bfe881d2bb59f9acef2bd/detection/u-95995ca7fe0d352c8d090bc578e116c595327474114bfe881d2bb59f9acef2bd-1552003417

https://www.virustotal.com/gui/url/1078700f4ffbb9b71a491c5754f9e69abed1824ce458682cf4691bec3678f956/detection/u-1078700f4ffbb9b71a491c5754f9e69abed1824ce458682cf4691bec3678f956-1575466372

General Information

Joe Sandbox Version: 29.0.0 Ocean Jasper

Analysis ID: 238148

Start date: 12.06.2020

Start time: 19:19:28

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 17m 2s

Hypervisor based Inspection enabled: false

Report type: light

Sample file name: PD_669 10971.xls

Cookbook file name: default.jbs

Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

Run name: Without Instrumentation

Number of analysed new started processes analysed: 40

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Country Flag ASN ASN Name Malicious

8.8.8.8 United States 15169 unknown false


5.149.253.194 United Kingdom 201525 unknown false





Public


Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: MAL

Classification: mal100.expl.evad.winXLS@12/53@0/7

Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .xls

Warnings:Max analysis timeout: 720s exceeded, the analysis took too longBehavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, wermgr.exe, WMIADAP.exe, MusNotifyIcon.exe, svchost.exe, UsoClient.exeReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtCreateFile calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtQueryAttributesFile calls found.Report size getting too big, too many NtSetInformationFile calls found.

Time Type Description

19:20:27 API Interceptor 1068x Sleep call for process: splwow64.exe modified

Match Associated Sample Name / URL SHA 256 Detection Link Context

8.8.8.8 BadStuff.js Get hash malicious Browse 8.8.8.8/SlvMWdIEW62C9c

BadStuff.js Get hash malicious Browse 8.8.8.8/CTM5wttwLFcLdHfVk

33payment advice.exe Get hash malicious Browse www.zulinfang.mobi/fu/?id=i07vHMa0svfKfxE6I3aRHA3lctcdYaT9x0iZT9MH0oRhMFPgh9mSEtNU17XFCBgMQA4XWErQDlzTwB-AplygzQ..

Show All

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs


https://view.joesandbox.com/analysis/122590/html/none?idtype=webid#static

https://view.joesandbox.com/analysis/122590/html/none?idtype=webid





37documents.exe Get hash malicious Browse www.tasteofunexpected.com/tf/?id=y6IrbpvfhkYfQXXyqC8dooAvfrv2e2apV7igF70LYGyF4OCvwj5JxRVBdRghvKGGuc_KsFbnbWPC0Def

63AWB 043255.exe Get hash malicious Browse www.serikatsaudagarnusantara.com/ed/?id=kIz4OnF7tHMqdv1cSepeHoY02Vsws5yCI7zf8DN1pvMb9hdHFpZX44eSyhzXC7u5icfl1yYYsvfyl6we

d62c.exe Get hash malicious Browse www.epckednilm.info/fu/?id=i07vHMa0svfKfxE6I3aRHA3lctcdYaT9x0iZT9MH0oRhMFPgh9mSEtNU17XFCBgMQA4XWErQDlzTwB-AplygzQ..

27TTcopyMT107-36000_payment.exe Get hash malicious Browse www.watchsummer.com/tr/?id=oqCXvgIUiCxPFtn1J0rb33q5mpSH48Vd1XRAfBxi4MgNDwsdTt0dcXb5dgzj2vPAuld1RDreAlRWWLP9Xot16w..&sql=1

download_adobeflashplayer_install_9_.exe Get hash malicious Browse wetr34.sitesled.com/wind.jpg

INV-000524.vbs Get hash malicious Browse naturofind.org/p66/JIKJHgft

177Purchase Order.exe Get hash malicious Browse www.phutungototp.com/ho/?id=y3T6nEBciedL7htO4xn1ZYijVAw7sJXLjwubagvJUtMFVf7aOWPSa_Bl5i178f_EjROvybrSr7PC3267XbUsBg..

8Order Inquiry.exe Get hash malicious Browse www.quyuar.com/dr/?id=gCqdDQsh4d7ynFKSj09V1Y12J91NTUfM9LddDKzxEGHO7R4ogEQ3AGAU2DRYiF_Nduo4Rd-EW24x-O38aOud_g..

27Tobye.js Get hash malicious Browse my.internaldating.ru/js/boxun4.bin

11Marena.js Get hash malicious Browse my.internaldating.ru/js/boxun4.bin

39Harriot.js Get hash malicious Browse my.internaldating.ru/js/boxun4.bin

























1Vida.js Get hash malicious Browse my.internaldating.ru/js/boxun4.bin

43Colleen.js Get hash malicious Browse my.internaldating.ru/js/boxun4.bin

67Roxanne.js Get hash malicious Browse my.internaldating.ru/js/boxun4.bin

15Winnah.js Get hash malicious Browse my.internaldating.ru/js/boxun4.bin

33Elfrida.js Get hash malicious Browse my.internaldating.ru/js/boxun4.bin

25Cornelle.js Get hash malicious Browse my.internaldating.ru/js/boxun4.bin


No context


unknown Invoice 44387 - Due Date _ 12 June, 2020 - Client ID 7776042.html

Get hash malicious Browse 212.159.9.92

https://u.to/ofqqGA Get hash malicious Browse 193.109.247.239

https://cloud.smartdraw.com/share.aspx/?pubDocShare=2319AC972B6938D7B9401E8425E8FFCA385




https://reflectionsofmyeyes.com/vox/amFtZXNfYmVubmlnaG9mQGJheWxvci5lZHU=


jo.gov.moh.aman_1.0.apk Get hash malicious Browse 173.194.76.188

technis.org/jzuaokr/kr9clxXZfN.zip Get hash malicious Browse 104.16.132.229

Invoice_18744_-_Due_Date___12_June%2C_2020_-_Client_ID_2606438.html



baylor21.baylorrgb749.southwest-85.com/?R3drr=https%3A%2F%2Fshigatsuwakimi.blob.core.windows.net%2Fkatekyo%2Fgoogle.html%23Z3JhbnRfbm93ZWxsQGJheWxvci5lZHU= View


Invoice 36653 - Due Date _ 12 June, 2020 - Client ID 1441364.html


https://t-info.mail.adobe.com/r/?id=h531da677,b8fb2bef,b8fb3304&p1=analytics.twitter.com/daa/0/daa_optout_actions?action_id=3&participant_id=716&rd=https://tradescouncil.com/jdanielsjdanielsjdanielsw23de35d23e35de23e35jdaniels/&p2=JVLsH//#[email protected]


TALQ_812421154768_10062020.vbs Get hash malicious Browse 204.11.58.87

https://onedrive.live.com/view.aspx?resid=C1FADE07C4796650!176&authkey=!AJs-iBA3u8U4WgA


Erlinda Barak CV.xls Get hash malicious Browse 205.185.125.104


83878C91171338902E0FE0FB97A8C47A.dotm Get hash malicious Browse 45.40.189.16

https://xh1643879264863098023.el.r.appspot.com/#[email protected]


Boeing_AERO_GS.docx Get hash malicious Browse 51.68.152.96







Domains

ASN







































































No context

No context

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_03eafcfb\Report.werProcess: C:\Windows\SysWOW64\WerFault.exe

File Type: Little-endian UTF-16 Unicode text, with CRLF line terminators

Size (bytes): 26222

Entropy (8bit): 3.74957673345421

Encrypted: false

MD5: 00749BF96FA56B9498F9073BE97B07BD

SHA1: 124CF9B960067F713C027EE06B7D9E275E223E4F

SHA-256: 5CAE4EEBB44E43D123BB680A98A6B9ACDB2F92581EA0BCD3688B9AF9F927938A

SHA-512: 4E69BB982397AD5073E3CD344D105BC4F72495D9C51ACF6D965F50BE314DE73A4E4E1350AA2F73634EF066F9D4372F19A04DB3CA0AADF58C364D6DD03D69E9A3

Malicious: false

Reputation: low

Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.6.4.8.8.7.3.6.6.2.0.7.9.0.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.4.7.b.0.7.f.2.-.8.4.6.4.-.4.9.8.4.-.8.3.b.a.-.1.c.0.9.7.3.f.0.c.5.5.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.c.7.6.9.8.c.a.-.d.9.9.2.-.4.4.0.8.-.b.e.3.8.-.6.f.b.d.0.6.2.b.7.b.8.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.8.-.0.0.0.1.-.0.0.1.c.-.f.7.a.4.-.6.3.2.1.2.9.4.1.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.3.2.3.c.2.4.0.c.3.a.c.0.4.a.3.6.8.7.7.9.f.f.c.c.d.f.d.b.3.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.1.1.7.f.4.1.4.f.e.0.9.e.3.4.8.9.0.3.e.d.6.1.9.a.0.2.b.0.c.6.5.9.7.1.1.a.6.2.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.8././.1.1././.1.2.:.0.2.:.3.9.:.0.6.!.2.9.d.e.8.e.d.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_0a72b6b7\Report.werProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 26260

Entropy (8bit): 3.7491784407076514

Encrypted: false

MD5: 9F21A873D2B7ABC3D981E9F4A04F7F1A

SHA1: 75F58E5C07DA90AA0FAC724D6993D16083BEE860

SHA-256: BC38CF9FA7019700B2BE213164D3418757A700A4FA49FFBC0CC87404D8F5C2E9

SHA-512: E3070FED7FE15642A2361383A5F0C2E94E8AB0E2CF2ED663B8597E6DB29F4F51401A98374462F6707999EF11BDE5C230D3F5DD87B6F1F2877DE2F47CADCCF5F6

Malicious: false

Reputation: low

Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.6.4.8.8.9.8.0.6.1.1.9.7.7.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.c.f.3.0.2.2.9.-.5.9.b.2.-.4.3.2.8.-.b.a.5.2.-.6.9.a.b.2.0.a.4.8.2.6.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.9.d.2.0.3.f.0.-.f.a.9.e.-.4.9.e.0.-.b.6.6.a.-.e.7.d.3.1.1.5.6.d.5.c.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.8.-.0.0.0.1.-.0.0.1.c.-.f.7.a.4.-.6.3.2.1.2.9.4.1.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.3.2.3.c.2.4.0.c.3.a.c.0.4.a.3.6.8.7.7.9.f.f.c.c.d.f.d.b.3.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.1.1.7.f.4.1.4.f.e.0.9.e.3.4.8.9.0.3.e.d.6.1.9.a.0.2.b.0.c.6.5.9.7.1.1.a.6.2.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.8././.1.1././.1.2.:.0.2.:.3.9.:.0.6.!.2.9.d.e.8.e.d.!.

JA3 Fingerprints

Dropped Files

Created / dropped Files


















C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_10883a9f\Report.werProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 26256

Entropy (8bit): 3.749142658306768

Encrypted: false

MD5: FD34E65940E4359011FFC7F34DDF55A3

SHA1: 57CEF3DC40A2422F5333A39683DA36C445EC28AA

SHA-256: 14B1BD6942131B7DC4BE5A1B891E2D9800B5393875A53D9BE217089EE5EE076B

SHA-512: 492EC9AEC584ACCA726C408353BB156B7BEBF443A3753CE159EAEA7B294B2627C11E7E6089E8091D3BEB584C82CF8302245AF8BA8B1EDE5BD2495FD3EADA47D6

Malicious: false

Reputation: low

Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.6.4.8.8.5.5.5.2.7.6.5.3.0.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.6.3.7.5.f.f.7.-.f.2.7.0.-.4.b.c.a.-.8.3.6.5.-.4.a.3.0.a.d.c.7.4.e.7.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.4.d.9.0.0.c.a.-.d.8.6.3.-.4.0.f.4.-.b.4.f.8.-.f.8.f.2.d.8.7.5.8.f.5.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.8.-.0.0.0.1.-.0.0.1.c.-.f.7.a.4.-.6.3.2.1.2.9.4.1.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.3.2.3.c.2.4.0.c.3.a.c.0.4.a.3.6.8.7.7.9.f.f.c.c.d.f.d.b.3.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.1.1.7.f.4.1.4.f.e.0.9.e.3.4.8.9.0.3.e.d.6.1.9.a.0.2.b.0.c.6.5.9.7.1.1.a.6.2.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.8././.1.1././.1.2.:.0.2.:.3.9.:.0.6.!.2.9.d.e.8.e.d.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_108fbba7\Report.werProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 26258

Entropy (8bit): 3.748411754788295

Encrypted: false

MD5: 6E22BB452B3E154B0B2BF10C244F755C

SHA1: 2FDB178CD80418075CBA91F1FC47F2118A012E4F

SHA-256: 2587403FD1F14B21106F0AFE11C8EBA1AD60194E966397DD5E688B0EB4932C82

SHA-512: 5CB3D253D6E19CEB8A694F6C654D726F1C251CB5EE5B4E7E92D8A9E1287B91824450897B5F89BA131BA67DDB5F80D026F8C94F95CAF2C60EC39FB963C61C6DE6

Malicious: false

Reputation: low

Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.6.4.8.8.7.8.5.3.6.5.8.8.9.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.0.a.3.3.8.e.c.-.b.9.e.b.-.4.f.7.7.-.9.8.1.d.-.7.9.d.4.8.4.e.7.1.e.6.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.3.a.3.0.6.5.1.-.5.d.2.9.-.4.5.4.d.-.9.8.c.1.-.d.4.0.4.6.8.2.c.f.5.b.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.8.-.0.0.0.1.-.0.0.1.c.-.f.7.a.4.-.6.3.2.1.2.9.4.1.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.3.2.3.c.2.4.0.c.3.a.c.0.4.a.3.6.8.7.7.9.f.f.c.c.d.f.d.b.3.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.1.1.7.f.4.1.4.f.e.0.9.e.3.4.8.9.0.3.e.d.6.1.9.a.0.2.b.0.c.6.5.9.7.1.1.a.6.2.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.8././.1.1././.1.2.:.0.2.:.3.9.:.0.6.!.2.9.d.e.8.e.d.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_1182c899\Report.werProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 26260

Entropy (8bit): 3.748399737814802

Encrypted: false

MD5: F1089AC419CA0178A0DA8638BA85A690

SHA1: 977B39E99A69968C1FF1E2DA8233BFA98C0CDB37

SHA-256: FA9D6A4E47A754BA33665CD8F86A32694E27906F554FE8DC8A185F3F51F8FC19

SHA-512: DF227A89EC857F973ED557B23879728D51F375EC6651C520C8814037413D6A2259FF131BE399B366B54A3133F854375200FB56601CCC36527725B616781F525E

Malicious: false

Reputation: low

Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.6.4.8.8.9.8.5.2.2.1.8.5.6.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.5.5.7.e.3.4.6.-.f.0.a.8.-.4.5.4.7.-.a.c.7.2.-.b.1.e.c.9.3.0.7.b.1.3.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.4.9.2.4.e.b.c.-.e.5.8.8.-.4.5.8.e.-.9.5.d.d.-.6.9.6.2.e.b.5.f.1.e.c.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.8.-.0.0.0.1.-.0.0.1.c.-.f.7.a.4.-.6.3.2.1.2.9.4.1.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.3.2.3.c.2.4.0.c.3.a.c.0.4.a.3.6.8.7.7.9.f.f.c.c.d.f.d.b.3.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.1.1.7.f.4.1.4.f.e.0.9.e.3.4.8.9.0.3.e.d.6.1.9.a.0.2.b.0.c.6.5.9.7.1.1.a.6.2.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.8././.1.1././.1.2.:.0.2.:.3.9.:.0.6.!.2.9.d.e.8.e.d.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_126c269a\Report.werProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 26260

Entropy (8bit): 3.7490910869803797

Encrypted: false


MD5: C08B68F5945AB7B6B76E7AAB701CB762

SHA1: E67052C2CF44BD38F419E3C71CFA847B0CE8F2D9

SHA-256: 4E62E0736A5CBB7623E6BA71DA25786D259B75B7055018D53D30EC213E1D5C2B

SHA-512: CA09D8CEBA022920F2A738B48E96F530F8B641F9F3AC2EA7D918693382DC4BAEB0CCE500C8375582316DC1176CAD6893171E55B033EF5509EFB20A0F1529F278

Malicious: false

Reputation: low

Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.6.4.8.8.5.5.0.6.5.7.3.8.9.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.b.8.0.3.7.8.6.-.b.5.f.9.-.4.9.f.4.-.9.a.4.1.-.8.f.5.3.5.5.d.d.2.c.0.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.a.c.c.f.2.4.b.-.1.5.c.1.-.4.4.0.1.-.b.1.6.5.-.e.d.f.4.d.a.5.0.5.0.f.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.8.-.0.0.0.1.-.0.0.1.c.-.f.7.a.4.-.6.3.2.1.2.9.4.1.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.3.2.3.c.2.4.0.c.3.a.c.0.4.a.3.6.8.7.7.9.f.f.c.c.d.f.d.b.3.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.1.1.7.f.4.1.4.f.e.0.9.e.3.4.8.9.0.3.e.d.6.1.9.a.0.2.b.0.c.6.5.9.7.1.1.a.6.2.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.8././.1.1././.1.2.:.0.2.:.3.9.:.0.6.!.2.9.d.e.8.e.d.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_126c269a\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_12afab4c\Report.werProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 26258

Entropy (8bit): 3.748781222685059

Encrypted: false

MD5: D3381F5779B6F8B9E6C204F1886F0AF4

SHA1: D84EFBB7325E793FA6F28731C47E66D5DAFFE517

SHA-256: 102E8302B295BE98F6E0A57F5938EA3CD41F21B945CDE320F15D16439B7F2181

SHA-512: CBC769F93164FA7B165B75EC27B469318D2F1A9E6B0EA0827E5D64678C3770F95B09E8F9664704786D81054CE6C18B6C2528159431BD40B2D8BB06C1819D39DC

Malicious: false

Reputation: low

Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.6.4.8.8.7.8.1.2.3.3.5.8.9.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.d.a.e.9.e.d.2.-.c.6.8.5.-.4.d.c.6.-.a.7.1.9.-.7.f.6.4.0.5.d.f.2.d.4.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.7.e.6.e.1.4.-.8.e.8.0.-.4.e.0.4.-.8.5.1.5.-.9.b.9.0.1.4.7.e.d.8.a.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.8.-.0.0.0.1.-.0.0.1.c.-.f.7.a.4.-.6.3.2.1.2.9.4.1.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.3.2.3.c.2.4.0.c.3.a.c.0.4.a.3.6.8.7.7.9.f.f.c.c.d.f.d.b.3.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.1.1.7.f.4.1.4.f.e.0.9.e.3.4.8.9.0.3.e.d.6.1.9.a.0.2.b.0.c.6.5.9.7.1.1.a.6.2.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.8././.1.1././.1.2.:.0.2.:.3.9.:.0.6.!.2.9.d.e.8.e.d.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_12b34477\Report.werProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 26258

Entropy (8bit): 3.7488505637687837

Encrypted: false

MD5: 406A697929AEA58212BBC884911C5365

SHA1: 3F175AB112D37C72391D40C2662A888D54546F1D

SHA-256: D6033B01CD10555B30B2EEA2A00B6FB32CF7F0111F7B9323C1E5E2017D1196F3

SHA-512: 66FDB9B53FD0F7ED9D897B472087A36C049A1F5FC922A4F3EFDFAF4B291E55BAA8A0B60681F5281221ADD33A402EE3EC94F25685FF81C534CFC9D0C69C9369DD

Malicious: false

Reputation: low

Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.6.4.8.8.4.9.2.1.9.6.9.4.7.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.1.e.b.a.2.c.c.-.3.2.6.d.-.4.3.5.b.-.a.1.7.5.-.9.c.7.5.b.c.2.1.d.c.f.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.0.5.f.8.8.6.0.-.8.7.d.2.-.4.7.0.1.-.8.6.a.6.-.c.e.8.6.6.0.e.6.b.7.d.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.8.-.0.0.0.1.-.0.0.1.c.-.f.7.a.4.-.6.3.2.1.2.9.4.1.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.3.2.3.c.2.4.0.c.3.a.c.0.4.a.3.6.8.7.7.9.f.f.c.c.d.f.d.b.3.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.1.1.7.f.4.1.4.f.e.0.9.e.3.4.8.9.0.3.e.d.6.1.9.a.0.2.b.0.c.6.5.9.7.1.1.a.6.2.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.8././.1.1././.1.2.:.0.2.:.3.9.:.0.6.!.2.9.d.e.8.e.d.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_1742e695\Report.werProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 26260

Entropy (8bit): 3.7484490441926916

Encrypted: false

MD5: 8A19F9B0F70FAD4E8D6202384544C832

SHA1: 99C7AC9B2A1C2E407FF111BB5BEEE9A538CDF809

SHA-256: 44EF1FCB6C892587B287E939352AED252CE164FD4F4D619C301B9A2E7D3EB0C9

SHA-512: 0518C162C63CF5E11C034B363A19DE51907C7D59CB40BB27886E306104BCBF0B282BC791C704E705A46507258F8B99F09AA44253A382E249F36A76F68B1711ED

Malicious: false

Reputation: low


Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.3.6.4.8.8.7.3.0.6.5.9.3.4.4.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.5.2.3.5.e.7.b.-.0.3.0.4.-.4.b.5.9.-.8.c.b.a.-.2.1.f.d.f.0.b.f.a.b.a.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.5.3.9.9.4.2.d.-.3.6.2.a.-.4.c.9.3.-.b.b.2.a.-.a.5.8.f.a.f.2.e.c.6.7.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.8.-.0.0.0.1.-.0.0.1.c.-.f.7.a.4.-.6.3.2.1.2.9.4.1.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.3.2.3.c.2.4.0.c.3.a.c.0.4.a.3.6.8.7.7.9.f.f.c.c.d.f.d.b.3.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.1.1.7.f.4.1.4.f.e.0.9.e.3.4.8.9.0.3.e.d.6.1.9.a.0.2.b.0.c.6.5.9.7.1.1.a.6.2.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.8././.1.1././.1.2.:.0.2.:.3.9.:.0.6.!.2.9.d.e.8.e.d.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_1742e695\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1ED9.tmp.dmpProcess: C:\Windows\SysWOW64\WerFault.exe

File Type: Mini DuMP crash report, 15 streams, Sat Jun 13 02:22:31 2020, 0x1205a4 type

Size (bytes): 312411

Entropy (8bit): 2.246976659154861

Encrypted: false

MD5: C78E0541E009D29D13F220ED9A900DB7

SHA1: F6D48972A5C0AFCF718552C447D19A790CC8C2E1

SHA-256: 6611E6FF14D534D6EE1DA0714DC4F9C84C1F680C5495760E67A5A2F2ECF1E9CB

SHA-512: 92345F9F1FE730BD5B42A178C21B80FC30AB59BF0C71C0E5D01383C366F2E31064DF10575631D8AE44D1E93ED004D5CEFDFBD3FC963CB78C5BF59B1C2EFABFF5

Malicious: false

Reputation: low

Preview:MDMP....... .......g8.^...................?...........B.......T......GenuineIntel............T.......(....7.^....:........................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER24A7.tmp.WERInternalMetadata.xmlProcess: C:\Windows\SysWOW64\WerFault.exe

File Type: XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators

Size (bytes): 8302

Entropy (8bit): 3.6996117085864957

Encrypted: false

MD5: A5638277D4806B19F5022E0E5C3EE834

SHA1: 7A83EF8072845CD1E34926D1316A39DFB704893A

SHA-256: 1DC7BE1AF5775E09D057FDC7F5B8918D851F459A24FD79C0AE68A66671F8571F

SHA-512: 27170F076217BB2C36F0783670207BD122234A8678FB31B4CA39637B9BCCDB5F4AF2093FE5E11BA52820E3A14D114ECF60674E408112D966F378BD6441F961AE

Malicious: false

Reputation: low

Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1.6.5...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.6.5.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.4.1.6.<./.P.i.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2515.tmp.xmlProcess: C:\Windows\SysWOW64\WerFault.exe

File Type: XML 1.0 document, ASCII text, with CRLF line terminators

Size (bytes): 4574

Entropy (8bit): 4.459645456769821

Encrypted: false

MD5: 168333F670F2947B88B09939A6B4D26C

SHA1: 456FDEA511DD74BAC0B188A810F90D6EF83C4932

SHA-256: 259AA0A2E499C7F673E2AC5F818B173E6CE7B3BDB807196246B4C9AF16BC98D9

SHA-512: 27183D3617A33658195D073A641431A29503114F6AA48807276C12F421368E96D2C7AFBC8EC832AD936451DB0707A798FDBB0EA32C7738BD210BBB0AF7A4B19A

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="165" />.. <arg nm="verqfe" val="165" />.. <arg nm="csdbld" val="165" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1010479" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.165.17134.0-11.0.75" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="2048" /

C:\ProgramData\Microsoft\Windows\WER\Temp\WER30DB.tmp.dmp


Process: C:\Windows\SysWOW64\WerFault.exe



Entropy (8bit): 2.2597388788985393

Encrypted: false

MD5: D2533BCA204E3492ADC4B13F39F92B0C

SHA1: 1D0940CFE1C5D4B858D6B130960CDF12A98CE1AB

SHA-256: 9A00B4700CCF7E4173992718052B3769F3E3CBA5925139F4F1BF1FEED18A5864

SHA-512: 11C2D7499A355DAF75B4CA5617030EDB364AB5CECBED657777F0900CE8E6D11114BC1E1C7BEAEFCA8427D263DC09ABC7A02CA6F2A7064F92E8FE21273DC469D1

Malicious: false

Preview:MDMP....... .......l8.^...................?...........B.......T......GenuineIntel............T.......(....7.^....:........................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER30DB.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER38DB.tmp.WERInternalMetadata.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 8302

Entropy (8bit): 3.6995147996762245

Encrypted: false

MD5: C6230BA168925091EE14CD71838FACFD

SHA1: 2D4F614E33ABE5A1BF6B099923E3279055EDA8B2

SHA-256: 2184B53924786D1519595B3D0DCF6DE235DFBA998FCD68A588395898543AA324

SHA-512: 2DA3796C24085CA2FBE343FE1C76C58D16B24ED7BEA3F6712C42CDF605B1A0E1602CDC24C8859A91ECB4467CF288AFA3A6364D78FC9E48D1104714085FA34B89

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WER3949.tmp.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 4574

Entropy (8bit): 4.46348092329818

Encrypted: false

MD5: FCA3C1B421470F748085EF9EE3AA53E0

SHA1: DA3BC0BFEC62AC3D7378D8306C2A7D8DC3A24B2E

SHA-256: C2743A98CB8D536C2EC165274769952FE6FD4B30A6EEA576D402809B5EA9BD80

SHA-512: F4B3C2EF109DC879D618BCD10B05BCDAFC6CD8CD55D9C02A0F2DCC3B3782E8EBF922CAE1E518B7933946B4ECEAA6D10DD2D5F6C8BA1D30A232DBB7B1F8A7748C

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A75.tmp.dmpProcess: C:\Windows\SysWOW64\WerFault.exe



Entropy (8bit): 2.605179415689641

Encrypted: false

MD5: 74415C9DC16055EA502E9BF0BCF18E97

SHA1: 5814ED21E388D0ADEC8D927BB4CAE671A1C690FC

SHA-256: EE3C58AD0970F15FE73457CEC0416A37A9624B3BBCCCDDAC3E394E018FFB1C45

SHA-512: CECDC8668BE89D85F89E47CD219FB5CD6820C9654C0C49F533520F218DB61C557FA54B212C94E4F1B5CEE4498015FA51E9C40872FCCEF2B2669378033FB4094D

Malicious: false


Preview:MDMP....... .......-8.^...................?...........B.......T......GenuineIntel............T.......(....7.^....:........................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A75.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4246.tmp.WERInternalMetadata.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 8300

Entropy (8bit): 3.6999227739097114

Encrypted: false

MD5: 40D4059FD66BB1E59569264E29AAE422

SHA1: 01EAD6F3CE1FDEAC7F0B0C2B69CA637CEB92439B

SHA-256: 3A49C5840779F3A35BA64DB5B79F32FE91064C495327A881F8BB7DA239E7A1F2

SHA-512: C574B4567ED57019D998296ECA1DB62DCFD1B37C554FB17AD1D820104FD127438E3E204A802238DE40C4F3986FD843AE7F64172A4F8F62FEC99C3CC259917769

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WER42F3.tmp.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 4574

Entropy (8bit): 4.461513014134368

Encrypted: false

MD5: D66D9EAA75CA0544619C4B81CE7CAD9E

SHA1: 078B76617210F9DDCFB6043BD6778CB4C6744887

SHA-256: C1D5ABEDDCB4E90296D2464D9F329AF744F3E5A08F4F44AECA689F367FD892E0

SHA-512: 9DD7940DA498F25D7B91B2604998655088DAE1F8B7FC5B61D5F260EEF405B1925D1ED9D4DA27C852B0DC88DE4BDBF4A1E6E9A83B737119FC0C5997D1F9A04ABB

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERA38C.tmp.dmpProcess: C:\Windows\SysWOW64\WerFault.exe



Entropy (8bit): 2.378686035830766

Encrypted: false

MD5: BCA5AE273DDEFE989EAF1778DF6C8819

SHA1: D56EBBA8E30BF83D7BED62720A91751828093324

SHA-256: 0847160C81B55FFA0C3871EA8FB1A4F7CE9436A191F914A36F8E4BE8C9C7E055

SHA-512: 7E4FB65DC51167CEC314FB934F81E7D3A1953E2B93921BC3FE97211BE57F4BD2CAD2199557E1CC2EA151F87A979A5646D5292513EB1A2D2851C5EFC28E38887F

Malicious: false

Preview:MDMP....... .......N9.^...................?...........B......|T......GenuineIntel............T.......(....7.^....C........................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA8FB.tmp.WERInternalMetadata.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 8304

Entropy (8bit): 3.699783305569705

Encrypted: false

MD5: D712667C88CBA85696B047D2CB44403C


SHA1: B8020025AB23BC915290B8B73827B545CD745D86

SHA-256: 3C4DCDA9B158205A5791F6374B1FC651AB3994FEFAF3EA75F54504C04CB0C94D

SHA-512: 500F81EE9623D0A7E5C16C2E5B99BE0F0AA1E7F60174EF7255C1CA1D3A8AA7BB655542579585B298746A7503CD510F719C8A134CBF3330CFB7B8BBB3B13EF693

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERA8FB.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA95A.tmp.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 4574

Entropy (8bit): 4.460231623734726

Encrypted: false

MD5: BF928731172D128B0F96EA2B1057D185

SHA1: C3F56C290FC164426C96C4241D1C65D19EE89174

SHA-256: 6AE53C082F99A67DF86433FD99F3B7A1C54F4AC45769B5CCBE5EBA075045492F

SHA-512: AEC30F3EEB8AFEDCA529CE42F0403587FEA6127FDB5FDD753255091FA945188CEA503A224CAFB69AD232887628F5DF38380F339FAFABA474F3B92EAD00106977

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE5B.tmp.dmpProcess: C:\Windows\SysWOW64\WerFault.exe



Entropy (8bit): 2.3774308116439675

Encrypted: false

MD5: 953A02DAAD6F848F649974F5FD42D8F2

SHA1: E0C58FCE0C1A09BA7E8A78D5725B9A1B2B3ED455

SHA-256: A153E38A4C726CA24EFDF9340AF730A16EE25A53033B15A8950B3482137CFCD7

SHA-512: A836678E6023EB769E2A0E394A3BA9A574EFC3246658C11B8E9B68E164C9D5D2DF4F6405E0CA2AA9CE0DD61CAD918489B0A1622959E2B035FBFB8D35C37E928E

Malicious: false

Preview:MDMP....... ........:.^...................?...........B......|T......GenuineIntel............T.......(....7.^....D........................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3A9.tmp.dmpProcess: C:\Windows\SysWOW64\WerFault.exe



Entropy (8bit): 2.3373625070860586

Encrypted: false

MD5: F0485BF04E3BF1E9191E7689898D0195

SHA1: 24707BC6DA0212D6BE1A53713D98298ECAE0D77A

SHA-256: A24C0F75E29791ABC1006D9B49BF56FB5B8AE75D3BE77E61351F083D27124A9F

SHA-512: 710FF95ABA3CF56490582E3FEFB3EBDCA4920409CE5AFEE059B7C4436C10AFE0A479F1AF32CFF5B2A5B456B9CBCA947D24CE627AACF67ACD4AA376D5889B1EA3

Malicious: false

Preview:MDMP....... .......R9.^...................?...........B......|T......GenuineIntel............T.......(....7.^....C........................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................


C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4C4.tmp.WERInternalMetadata.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 8304

Entropy (8bit): 3.70063377929905

Encrypted: false

MD5: 21E5C5582B47EEB5BA9C34107439662B

SHA1: A317C27C0213B15D1C61A8580C7AC8B709F6B970

SHA-256: 293D50D34711E5C4BAC2D2DCCBE407B46F49C5FA7ABF780ED6165C45A3459649

SHA-512: 4E6ACC0EA273394298EA623B82D3B5A216A709325FC8C73A0639F1B862D3B0107D669726DE72EF8934536E58EAB97A54569C36E0D8609C46E73B00153F4BF580

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERB561.tmp.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 4574

Entropy (8bit): 4.460757383188483

Encrypted: false

MD5: B75EF6ACE188AF6A9DE20D689C858B39

SHA1: 25922694CFA61AA5CD904D0F6031973F28755999

SHA-256: 003326563860125CC18B3A0F8E754D3C5BD61158BAE6C45C63B1A52D36C79E92

SHA-512: 36FFCEADE637E2E04648747A5CA904E31B9CBAB949559F0CCCE13F852DADC0DBDDC7FE8721C6E21E21C587719EAE1D8043C56B330E3FDDCD8F587360D8B6BFA7

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9F3.tmp.WERInternalMetadata.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 8304

Entropy (8bit): 3.6981296842323856

Encrypted: false

MD5: F4106726BA45FFB2AE1273E4EC58B710

SHA1: C54ECBD6799CC6909339B4AB2FC6CD7B19A2D13A

SHA-256: F48AF6F220E96B352CEEB76238A5981E366AF1E82C71AAE53E23094857E8DE9C

SHA-512: 5AFED3B10A363BE68F24BEB46AA638D860EBFA85E36FD286F689526BF64C26D44AF3E0F99FEF65511A24006E36414C46A45A6AB947116B5F6F47FC05F4FC7BEB

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA52.tmp.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 4574

Entropy (8bit): 4.46206430342968

Encrypted: false

MD5: 33D11F25B8BD116580D4EF2AB16F7CD0

SHA1: 0AD0F371E1B1A926895DE7A81DC6DFA69AD62D4B

SHA-256: 485E39473299DB26F935385A90C2E8FAA7DF1DEEEA5B4B3E5381B5CD2B39A981

SHA-512: 5BB4C7E435EB4A20434B4B943023772925A276A081D624CAC35E47E684CB6BC74143A9488D0051FD029E17718B1F8FBC193F274B6DA722E670620D821DEC7D1B

Malicious: false



C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA52.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC05C.tmp.dmpProcess: C:\Windows\SysWOW64\WerFault.exe



Entropy (8bit): 2.342501155778975

Encrypted: false

MD5: 450C6682488F1497CEE7820DDCC91574

SHA1: C14D6519B704A25F0721447AD718A8AFB030D7F2

SHA-256: B4F4B6B2BCC21517F74B814B88ADF2288B5EDB2766BE15806AAB14B8357D61C8

SHA-512: F89A075BF0F3768651F8CB2F3140B0B94EEF90127EB668B4131E472F8D0495EC54BD5436DF5A5DB49DFE0DE913F60A654CCC7322CC87C69168BAA1BCFD28C4CE

Malicious: false

Preview:MDMP....... ........:.^...................?...........B......|T......GenuineIntel............T.......(....7.^....D........................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC697.tmp.WERInternalMetadata.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 8304

Entropy (8bit): 3.698501730437607

Encrypted: false

MD5: 73101E524820E88BAA65AF29CAD29A1B

SHA1: 9AC2D34FC127858EC741D4975A69F6B62B7338E5

SHA-256: B1C9C6CC7EE1E2C2D22ED9AF592C6CDDA8443092E8E8A76B9C214C0A25542A81

SHA-512: 9D94756E89CE93E1809E94B0DD09EAA93A8082FB6FC2AB122239A8E49D1F7ED7D2E1CB79C3D932CAAC14A6B7496C52A513C9117A8AF4C0E9AEA13FF97933F50F

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERC744.tmp.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 4574

Entropy (8bit): 4.463075056011114

Encrypted: false

MD5: E3CDA2040B27B9A195DC1ECD8D449814

SHA1: 30988A5E6B6AA5B8C0881BC4442446D290544039

SHA-256: 4F4F06D4C4AD4698F5AD6A7BA5F2E68552D03DEE23D69F99F525CFE53057BE38

SHA-512: 4EEED6518A37AD7A88F3964A49C52594F916240DC1CB42B2BF01D06DC1056BD248C95129821B76B05AE7BDF4B650FFA5CE86BF13BDB7E2D3F369156C1047F3F9

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDF9.tmp.dmpProcess: C:\Windows\SysWOW64\WerFault.exe



Entropy (8bit): 2.322769034372081


Encrypted: false

MD5: 25BD5E69AECDFE3F60C44CD53A8EDA61

SHA1: 3190786C9D33AA6B490DCF0AC2B4142EA24C9815

SHA-256: 02845FA8814F3992A4E487F72EF6635391915EA40D7D66C0436D63911B66B1DA

SHA-512: 018D3ADD21416453631A6FE9DA2D09C7A1A5B0A24A3CD9D1D0230F27126A3F491CB11508BFDBE60AB16FA85AD8DA442A7BCA08272299F69CE887EBAEE1ACBCB1

Malicious: false

Preview:MDMP....... ........9.^...................?...........B.......T......GenuineIntel............T.......(....7.^....C........................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDF9.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE405.tmp.WERInternalMetadata.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 8304

Entropy (8bit): 3.701059264551976

Encrypted: false

MD5: A52AF39EA9A347750D34D791BA1F224E

SHA1: 3E49AFE9989891064CFC9BF880D6781BFE9AA689

SHA-256: 0205513563B5DCFF1D21EA4183C03659E8BF565E993864477E1CD11911D809B8

SHA-512: 599CBFF8075D16EE32C861A143D51ADEE364C37D1C6DD80FB6A6E79D4445EF7173C940273E37D4F7E3BF80D519DC074A77379FF7BF78DDE5D33AC0FE25BDB0DA

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERE474.tmp.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 4574

Entropy (8bit): 4.460945528051079

Encrypted: false

MD5: DEC34DFAF81F014553AE0740AA3E1FE3

SHA1: B7A4E111CC65EBBB40238E091A13E0E8CB1FA297

SHA-256: 67CCD1162156C2652C155D90B945559F35ED7C2E01FE4E9D76D4BC01F9E6C0A4

SHA-512: 17CAC7EBAE1506BEAC1BE634FA4AE71596617DE1D84CEAB6AA3E75840CFC129A89DA6B1CB2FD43B6C9EB9F8D6CD1EAD8D42E45E5076F2EDAF6F6025E85259AB0

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERF53B.tmp.dmpProcess: C:\Windows\SysWOW64\WerFault.exe



Entropy (8bit): 2.3372226677468286

Encrypted: false

MD5: 3658D122B684FA01BCAB0DC290AE3BB3

SHA1: DA3A6C45ADE626A42E2D0C69D8B0A0F93617950F

SHA-256: 0526E2570AF20D3179BDC790A1A0BF57DFD3B83BCBFBFBE2FE87BFA8D211DD52

SHA-512: C000C3BAAFD396AACF8C5C143E9646980DC07E1F28FFAFEB42A72F655FE16E8BD3D74679FEAB79DDADC76A82B005B9DCA26D90E8B9EAA7270B572875A0984305

Malicious: false

Preview:MDMP....... .......!9.^...................?...........B......|T......GenuineIntel............T.......(....7.^....C........................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................


C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB46.tmp.WERInternalMetadata.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 8304

Entropy (8bit): 3.7001585034126356

Encrypted: false

MD5: F111EA90A1D2085794A9CF670418637B

SHA1: 4984BB4FAA3B1622B358FDD14F0F0180EFC76A25

SHA-256: BF92359668B2BD62893E813CFD3542006B9B0E43CCA1EACD89C3D8DF4DED7476

SHA-512: 3A397D5261AB9D807B0B8B8BDE50D23ADDCFBC76AD9CA343D904D06E5A24E7AC39B8E0C6DA9E8E62CD64A510189F4A1CA9A97930CB6125F3D1E832B6EC724E6D

Malicious: false


C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBD4.tmp.xmlProcess: C:\Windows\SysWOW64\WerFault.exe


Size (bytes): 4574

Entropy (8bit): 4.462566083645905

Encrypted: false

MD5: 785A9076B48DF223C1CF0F35A7A51591

SHA1: BC28ED593E9BCC9E68A486A61AE1FC0ABE50DFF9

SHA-256: AA5C5E54C3984A122C5AD773178AF53AC498FFAFD901EBE6252E68946C6EB212

SHA-512: B09090329A8ABDAA38868DC4B7D3A3E77334257B2A177C14D120692AE81260F5D1AC5595114CB6D2ED92EFA3166ED71A4ECFC6C0E4A07A6566E43B4A0CF4C335

Malicious: false


C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D7947CFB-C60D-4B09-B664-749490813E98Process: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators


Entropy (8bit): 5.378290954662956

Encrypted: false

MD5: 2AADF15A15A3C3F513C4646C1F4F27BA

SHA1: 78A6E78F1005CA6246D27A0B20AF6BC79D9364AF

SHA-256: 13A606DDB35F1FD46D21FE15E665A5DD65FD5A22BAADCBF3E543CB0839599BF6

SHA-512: D852D036DEC8073A1C5AFA5280E991E36706F839548A0162028AD4FA48A12279C63EC34935D6CFF034EB4B29789DA741D90C6FEAB3C7158747D0D2C46849EE33

Malicious: false

Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2020-06-12T17:20:20">.. Build: 16.0.13011.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xmlProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: XML 1.0 document, ASCII text, with very long lines, with no line terminators


Entropy (8bit): 5.105190603444391

Encrypted: false

MD5: 5F2A0C5CE21462BA3620A02E887FE38F

SHA1: F55BE2197E8A76192D29AE68D0E25BAD8BF144E1

SHA-256: F1E6977EE28764F50918828603EBD1CE27A4151349DEB6099C269447D950DB57

SHA-512: D7582E9DFE8461C428C922000C8A5B287CD4D4F484353A65242779B04BA9D2B4DFA0A528F4FC3AD60FFA0E57BD2835D5A6ECBDFD5C68E0CCAA7F9863DF1E5C0D

Malicious: false


Preview:<?xml version="1.0" encoding="utf-8"?><Rules xmlns="urn:Rules"><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" xmlns=""><S><Etw T="1" E="159" G="{02fd33df-f746-4a10-93a0-2bc6273bc8e4}" /><F T="2"><O T="AND"><L><O T="NE"><L><S T="1" F="Warning" /></L><R><V V="37" T="U32" /></R></O></L><R><O T="NE"><L><S T="1" F="Warning" /></L><R><V V="29" T="U32" /></R></O></R></O></F><TI T="3" I="10min" /><A T="4" E="TelemetrySuspend" /><A T="5" E="TelemetryShutdown" /></S><G I="true" R="TriggerOldest"><S T="2"><F N="RuleID" /><F N="RuleVersion" /><F N="Warning" /><F N="Info" /></S></G><C T="U32" I="0" O="false" N="ErrorCount"><C><S T="2" /></C></C><C T="U32" I="1" O="false" N="ErrorRuleId"><S T="2" F="RuleID" /></C><C T="U16" I="2" O="false" N="ErrorRuleVersion"><S T="2" F="RuleVersion" /></C><C T="U8" I="3" O="false" N="WarningInfo"><S T="2" F="Warning" /></C><C

C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.dbProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: SQLite 3.x database, last written using SQLite version 3019003

Size (bytes): 4096

Entropy (8bit): 0.09237477444559435

Encrypted: false

MD5: 1A9A28416CE9CCB568FC28191B8B1267

SHA1: 49BD37DCB1210C3DCDACE52393537FA0197EC14F

SHA-256: 9B8EC34DF5486C537505C5B582CD27519C114BE8EB58098E1C6F7DCCDF63C617

SHA-512: 516998D8F0639272541EF5DFE99EF0B73281F320CB6014AEDF96E5D415DA301CED8E1ADF38A7514D3279BE9B850A2C3F8D21A385C03F520351AAAF4FD693AABA

Malicious: false

Preview:SQLite format 3......@ ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-journalProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: data

Size (bytes): 524

Entropy (8bit): 0.27937671757176796

Encrypted: false

MD5: AC08C0E81B904E70EC950FB92768DE7F

SHA1: 59F21CC1D1A29C912D018A9498E11FEB06C25147

SHA-256: 4BD908B049D327AE0B701AD4FC4073F25D40AD7561DCB94FCA6AB7493B6DD133

SHA-512: 8EC7FB446540FACAC50A50042204FC9426991B3C2F6B4DC9BB5F01B0E7B94DCE18A0A0B49E62CF7588DF50C9D4BB6B484D88A758D0B9B62E1B4B918811EA0966

Malicious: false

Preview:..............D.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.....

C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-walProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: SQLite Write-Ahead Log, version 3007000

Size (bytes): 37112

Entropy (8bit): 0.40359483868295926

Encrypted: false

MD5: BE3C5334BC6285390DDAF76FAC5E0FCA

SHA1: 55A95874F4665E7615D1BA374F91202B3A9DCF89

SHA-256: 415EE184E54DEE2E17D3B28E8C09410B6DCE1A31B9CFD40F617EE550D1F9E62D

SHA-512: 5957FAEDD78C2ED434621211343D8D0371FC83F690EE6743981CD8359E62C9B5569BC0308197AB08356BDB2B3E8516BE136626927C96A3E2B313176AA67507E1

Malicious: false

Preview:7....-..........}4]..!J2.D7..v0A........}4]..!J2....]>.SQLite format 3......@ ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db.sessionProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: SQLite 3.x database, last written using SQLite version 3019003

Size (bytes): 61440

Entropy (8bit): 0.45328312377601476

Encrypted: false

MD5: 5F578D197E0D9CD8843141450FE84D92

SHA1: 58F2614CEEDDFE6CFFF25B8C163F273217CFB6DE

SHA-256: 86A52BBF55F5C59A047FA2CB6961B7752576E7A8D89FC15B3ADCDCE3F925498E


SHA-512: 6A65FD044CBF4BD1B5C036DDC510D61FD5A2A253A0611FDE7C842160FB4AB77E48D311296706D8B3BF79B7DC1624E9296284A4E1A3A3D4C8772B930CAD5D0739

Malicious: false

Preview:SQLite format 3......@ ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db.session

C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db.session-journalProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: data

Size (bytes): 44184

Entropy (8bit): 0.4738238003283008

Encrypted: false

MD5: DDAE83AEC605F9F6BEB3C27EEC78947D

SHA1: C0D0CC007271827F63C91772CF6B6D7509596E99

SHA-256: BC8B3F791FBA0B94B4BB318842CBC3A1C700751F167D3D691C3A99E33B568522

SHA-512: 94A8E5F2F902BF90D2F77859700F391CEDFC888465BAC55407FE0A7687D026B8BECEF94C5C4C354089722E13BE5B8D249C5A405F1A6493EA77B7C9051EF155D6

Malicious: false

Preview:.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c................."...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2C5A9E27.emfProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: Windows Enhanced Metafile (EMF) image data version 0x10000

Size (bytes): 700

Entropy (8bit): 3.5728396480428266

Encrypted: false

MD5: 6764DFB59D65C635348B642501433F00

SHA1: 41B87DED8F8A8D8F428B53A6E0D78728C4E6E910

SHA-256: 3D77BAF710A0E6A07A82DA0B8D66E390CB9FFF612A44746BB914412D5BA1F351

SHA-512: FD80242A15CC9B6B2F8150D114C1F36AB26CDD4528FE37024A21FCF141DEF2449D53D27FB4477767DA358E090631F82722A79D0E9DB1A54A89F797CEF6C687EA

Malicious: false

Preview:....l.......A...w...`...............F... EMF.............................................................:..............................l...R...p...................................S.e.g.o.e. .U.I....................................................w........ .>m...........w....O.f.f.i.c.e.1.6................. .>m....j6.s.......................w...w(...'5.s............85.s...wl... ..w.rvd...............l... ..w.rvd.h..PIiv........8.kv.....h......0...t.bv..kvh...0....h..........4.......Z..w(.......dv......%...................................T...|.......A...w...`..........A...AC...A.......L.......................\...b.a.s.e.c.a.m.p.................................%...............................

C:\Users\user\AppData\Local\Temp\D7F30000Process: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: data


Entropy (8bit): 7.984073015353868

Encrypted: false

MD5: 21226B3FBF86BAFBD10F4A7EF403BB23

SHA1: F715994D120AD94287C555404367D77FB7AE0AC2

SHA-256: C4722B66FC56A9BD5F79FD54CDE6ED0D0E9958DA5ADF6B3607CDD724741A88FE

SHA-512: 476409AA42EAA980FC1D76EF14DA023A153FE84FFEDDA371A28E640501F630344E6F71281B1F9A39D343584A7E836ACB877BECA63073C86AC228572146C5C928

Malicious: false

Preview:.U.n.0....?......."..C.c. ....Hb......C...@.`..-$.7+..[....T..l^.X..qR.f./.._V`.V..,.l...?.,^v.. k.5.c.W.c..X9..vZ.....:.E........8...2&..\.B+.u,..W.R..7.s..f.{...I(.X...tm....y7.].. $......E...b$..AN0.7Ne..m.v.m...m...E...v.]E..}.._..#....;...."u. Q.'8.{...JB.$B|..R.....^9..N.......e?.s.?.F._...I.e....Z.x~N..aF.1.4..A.{.@>Gj........!.E...1=....^0+.i."w..Wo..y5u.}A.&.*v..O.y.q.....N.d]z....|...4.'[email protected]..........!.K...............[Content_Types].xml ...(...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exdProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: data


Entropy (8bit): 4.364817585804397

Encrypted: false

MD5: 2D6B8C9DC5B3002CDFD1F737E35D46B3

SHA1: E07FBDF5EF10FD1A8450082F6B0DA8BFBFB2DBB2

SHA-256: D6C7212CA3BD545DD443805C69DEF03BC314ADE5A78AC138CA6B0B1DC0FE69C1


SHA-512: BB1C92E130C861393A14D5CA979E314290DC95447BF35E029177EA5FA85B0C8C11EAF5D0AA21473989DF3131D74C829C32694877D972F2F5E2B884393AE4FDBB

Malicious: false

Preview:MSFT................Q................................$......$....... ...................d.......,...........X....... [email protected]...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0*...*...*..\+...+..$,...,...,..P-...-......|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. [email protected]:...:...:..`;...;..(<...<...<..T=...=...>...>...>[email protected]@...@..<A...A...B..hB.......l...B..........................$................................................ ...............................x...I..............T........................................... ...................................................

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd

C:\Users\user\AppData\Local\Temp\VBF56F.tmpProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: ASCII text, with CRLF line terminators

Size (bytes): 219

Entropy (8bit): 4.897118736106247

Encrypted: false

MD5: 3D7B679B71B104672291A34AE53669EF

SHA1: C2A27D136EA6975945B17D345BA0A8E4429969D4

SHA-256: 907A8D493BC7BE3FC02C5F29BFE1722003A783BC90AE96D952273B245A48E73E

SHA-512: D3E4112508EC9DE52479CB48E7767B2E7E09EF929AE940CF89318E6383AF858CC25A2A7C7534E547F3DF1150F8F92D84DBE783B80E0152C06BC19A3EA49D317C

Malicious: false

Preview:VERSION 1.0 CLASS..BEGIN.. MultiUse = -1 'True..END..Attribute VB_Name = "Page11"..Attribute VB_GlobalNameSpace = False..Attribute VB_Creatable = False..Attribute VB_PredeclaredId = True..Attribute VB_Exposed = True..

C:\Users\user\AppData\Local\Temp\basecamp

Process: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: COM executable for DOS


Entropy (8bit): 5.739042908207294

Encrypted: false

MD5: AA1B21A3949E90471A7337DD4C9EE635

SHA1: 5D3984441EFA32A195D0B89C671C6D7CCA00375C

SHA-256: 88DB87DE2E37B1C6D285FE273CF71A5A3C5AAFC3D388F0215AA2C1F05D2BBA74

SHA-512: 5B76C0D12CFE34D3D3334E0BAC9979A3E9C58235D62518839FFF03BDCF762CAE2284CD2DD4341EE47FAE39C4D2536BBC8373CE533FB8128B5D0626996F478BD7

Malicious: false

Antivirus: Antivirus: Virustotal, Detection: 3%, Browse

Preview:..................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.<...R...R...R.".....R.".P...R.Rich..R.........PE..d.....*X.........." .........................................................0............`.......................................................... ...............................................................................................................rdata..p...........................@[email protected]........ ......................@..@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\basecamp:Zone.IdentifierProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE


Size (bytes): 26

Entropy (8bit): 3.95006375643621

Encrypted: false

MD5: FBCCF14D504B7B2DBCB5A5BDA75BD93B

SHA1: D59FC84CDD5217C6CF74785703655F78DA6B582B

SHA-256: EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913

SHA-512: AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98

Malicious: false

Preview:[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Local\Temp\funduct.xlsx.zipProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: Microsoft Excel 2007+


Entropy (8bit): 7.984073015353868

Encrypted: false

MD5: 485EF3692496DDD78AADFF969A93D68F

SHA1: 8A89505B410B6FCC8FBBDCCBA501AB60A0DFB005

SHA-256: 8361BD5713D53F0AD1DD607B0281A5AE9BB529F4CD30625591718A8B0C05AC38

SHA-512: B773D4EBD2552DB8B4934EF4B4B526183F9BDC211C37FEC88442821006086BFEA79C74908339D30D9C9D735EDB4D27FD823174F50284DD6ACB6CCE7C794C3778


https://www.virustotal.com/gui/file/88db87de2e37b1c6d285fe273cf71a5a3c5aafc3d388f0215aa2c1f05d2bba74/detection/f-88db87de2e37b1c6d285fe273cf71a5a3c5aafc3d388f0215aa2c1f05d2bba74-1591977239

Static File Info

General

Malicious: false

Preview:PK..........!.K...............[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................U.n.0....?......."..C.c. ....Hb......C...@.`..-$.7+..[....T..l^.X..qR.f./.._V`.V..,.l...?.,^v.. k.5.c.W.c..X9..vZ.....:.E........8...2&..\.B+.u,..W.R..7.s..f.{...I(.X...tm....y7.].. $......E...b$..AN0.7Ne..m.v.m...m...E...v.]E..}.._..#....;...."u. Q.'8.{...JB.$B|..R.....^9..N.......e?.s.?.F._...I.e....Z.x~N..aF.1.4..A.{.@>Gj........!.E...1=....^0+.i."w..Wo..y5u.}A.&.*v..O.y.q.....N.d]z....|...4.'[email protected]

C:\Users\user\AppData\Local\Temp\funduct.xlsx.zip

C:\Users\user\AppData\Local\Temp\oleObject1.bin


File Type: Composite Document File V2 Document, Cannot read section info


Entropy (8bit): 5.725556420766676

Encrypted: false

MD5: C6B2A34B8082F73B3AD04BD2029A1A35

SHA1: 187514B18F23AF582BCEFFE257D4469DE727B02A

SHA-256: 67A242A5DB23BFD7192D94D3C2882C02F196C8E432F6A5B6DE525A1274830C37

SHA-512: 88420FCF4A5EB9B9F4FBCFE40385D7F7C6C11A2580372D345CD6B1CE4EAA0A2696666AD4D3D66BE4CD0486356C4D7DF30BD81D500C997A46D4BF1D1842422C59

Malicious: true

Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Users\user\AppData\Local\Temp\~$funduct.xlsxProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File Type: data

Size (bytes): 165

Entropy (8bit): 1.4134958568691696

Encrypted: false

MD5: EC44A10D4853F1CFFE7BBDA771AEE4D8

SHA1: 895FCC3C3C58D771A8DBDB804D74B878AE167DE4

SHA-256: 269F81E30F3F32118FD912EFC6DDD81B27D197E4CA23D6FAD8BD7E9848FC37BE

SHA-512: AFC14523F0E2975749AC1DAA3CE3C68FE1CAADDC16AFE67042D605F6A61ED250E538457F458A4EE153334C9E1EA8F7C13A6CA8CA6B264A0BD373E60264F90482

Malicious: false

Preview:.user ..G.u.c.c.i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\libOmio.dll


File Type: PE32 executable (DLL) (console) Intel 80386, for MS Windows


Entropy (8bit): 5.674502735022164

Encrypted: false

MD5: 83B02E12A48B092F91788D7C253DD1C2

SHA1: ACF4E3C3FD1772C7D4EBEC32B38D018CCE4E9707

SHA-256: E35B9FEACFBA1DF802F9ED242775361F4317C22782F4E9E2DDDD095577A72487

SHA-512: 2346555B01A3F5DA162DCE7A8091E304A207965F1AD6D956E6FC0DE1AD457C1BEA0EE0B7FCBA53FDC0155C021BBA53213F585932C59D1A09B0C429E0E190318F

Malicious: true

Antivirus: Antivirus: Virustotal, Detection: 32%, BrowseAntivirus: ReversingLabs, Detection: 25%

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.0.r.^.r.^.r.^...U.s.^...T.e.^..P.x.^.{..p.^.....q.^.r._.:.^.{..s.^.{..s.^.{..s.^.Richr.^.........................PE..L...P..Z...........!.....J...D......0........`.......................................................................k..H...<e..<.......................................@[email protected].......................`..(............................text...TI.......J.................. ..`.rdata.......`.......N..............@[email protected]... [email protected]....,[email protected][email protected]................................................................................................................................................................................................................................................................................................................


https://www.virustotal.com/gui/file/e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487/detection/f-e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487-1591980923

File type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, Code page: 1252, Title: tUOO, Subject: YaVMj, Author: OPVJMX, Last Saved By: Administrator, Revision Number: 365, Name of Creating Application: Microsoft Excel, Total Editing Time: 16:37:00, Create Time/Date: Fri Aug 30 10:14:50 2019, Last Saved Time/Date: Wed Jun 10 15:08:07 2020, Number of Pages: 1, Number of Words: 4330, Number of Characters: 9615, Security: 0

Entropy (8bit): 6.087815742592478

TrID: Microsoft Windows Installer (77509/1) 55.35%Microsoft Excel sheet (30009/1) 21.43%Microsoft Excel sheet (alternate) (24509/1) 17.50%Generic OLE2 / Multistream Compound File (8008/1) 5.72%

File name: PD_669 10971.xls

File size: 827392

MD5: e01daa23055e3ed64b745e50214b7a79

SHA1: 5a72024f11fe97713235209b2ca5a3faff30a1a0

SHA256: 7bafb9938c0694ba42a9a3ac10322418c39e9783da5772390132552efd7227e6

SHA512: 6c7359aaf612cca9e4f3b619bf76595e59705480ca1d064ac7229dac49f6a5cc4f52103ba0949504962b6e545e05e22025179f7a50ee913073dc607ba6fa987e

SSDEEP: 12288:9QWgDUAWheFf77t2RxdMgDgrUsIGLcS19wTVFU6XRuD+yaCr6bszHl:9QzpWheN7tqgrUGLcSKVFU6hBI6bkH

File Content Preview: ........................>...............................................................................................a......................................................................................................................................

General

File Icon

Icon Hash: 74ecd4c6c3c6c4d8

GeneralDocument Type: OLE

Number of OLE Files: 1

IndicatorsHas Summary Info: True

Application Name: Microsoft Excel

Encrypted Document: False

Contains Word Document Stream: False

Contains Workbook/Book Stream: True

Contains PowerPoint Document Stream: False

Contains Visio Document Stream: False

Contains ObjectPool Stream:

Flash Objects Count:

Contains VBA Macros: True

SummaryCode Page: 1252

Title: tUOO

Subject: YaVMj

Author: OPVJMX

Last Saved By: Administrator

Revion Number: 365

Total Edit Time: 59820

Create Time: 2019-08-30 09:14:50

Last Saved Time: 2020-06-10 14:08:07

Number of Pages: 1

Number of Words: 4330

Static OLE Info

OLE File "PD_669 10971.xls"


Number of Characters: 9615

Creating Application: Microsoft Excel

Security: 0

Summary

Document SummaryDocument Code Page: 1252

Number of Bytes: 10037

Number of Lines: 775

Number of Paragraphs: 50

Thumbnail Scaling Desired: False

Company:

Contains Dirty Links: False

Shared Document: False

Changed Hyperlinks: False

Application Version: 1048576

General

Stream Path: _VBA_PROJECT_CUR/VBA/CarClass

VBA File Name: CarClass.cls

Stream Size: 2504

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 00 f0 00 00 00 14 05 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff 1b 05 00 00 af 07 00 00 00 00 00 00 01 00 00 00 d6 53 fe 0a 00 00 ff ff 01 00 00 00 80 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

String)

VB_Name

VB_Creatable

VB_Exposed

car.SpecialFolders(""

"CarClass"

CheckCar

Integer)

Public

vSpeed

LicensePlate

vLicensePlate

String

'Raise

error

LicensePlate(lp

VB_Customizable

Integer

SpecialFolders()

Err.Raise

Drive)

Drive

Speed(sp

Len(lp)

Application.WorksheetFunction.Min(sp,

VB_TemplateDerived

Property

Application.WorksheetFunction.Max(vSpeed,

(xlErrValue)

CheckCar(car

False

Streams with VBA

VBA File Name: CarClass.cls, Stream Size: 2504

VBA Code Keywords


VBA Code

Speed()

Attribute

Object,

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

Speed

Keyword

General

Stream Path: _VBA_PROJECT_CUR/VBA/Module0

VBA File Name: Module0.bas

Stream Size: 683

Data ASCII: . . . . . . . . . $ . . . . . . . . . . . . . . . + . . . . . . . . . . . . . . . . S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 01 f0 00 00 00 24 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 2b 02 00 00 7f 02 00 00 00 00 00 00 01 00 00 00 d6 53 df 07 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

Attribute

VB_Name

General



Stream Size: 4935

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . . . . . . . . . . . . S P " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 01 f0 00 00 00 dc 05 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff e3 05 00 00 53 0f 00 00 00 00 00 00 01 00 00 00 d6 53 50 22 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

#Else

Const

Variant

errorhand

Public

Resume

GetP.aram

sT(ii)

False

String)

sPath

String

sNextChar

errorhand:

VBA File Name: Module0.bas, Stream Size: 683

VBA Code Keywords


VBA Code Keywords


VBA Code

GetParam(Count

PathBack(ByVal

Len(Comma.nd$)

tooolsetChunkI

Declaration()

tooolsetChunkQ

ElseIf

Command$

Integer)

ALen.B(sCommand)

PrepareConfigForOutput()

Integer

Count

Error

Attribute

sCommand

Mid(sCommand,

abbrev

VB_Name

tooolsetChunkIParameter

Mi.d$(Comma.nd$,

PathB.ack

Path.Back

FlagDouble

UBound(sT)

Len(sPath)

Boolean

PrepareConfigForOutput

Keyword

General



Stream Size: 9174

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . S G C . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . S e t W i n d o w L o n g A . . . . . . 8 . . . . . . . . . . . . . . . F i n d W i n d o w A . . .. . X . . . $ . . . . . . . . . . . D r a w M e n u B a r . . . . . x . . . D . . . . . . . . . . . G e t W i n d o w L o n g A . . . . . . . . . . d . . . . . . . . . . . G e t W i n d o w L o n g A . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 03 00 02 00 00 f4 0c 00 00 e4 01 00 00 c0 02 00 00 ff ff ff ff 23 0d 00 00 af 1b 00 00 00 00 00 00 01 00 00 00 d6 53 47 43 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 10 01 00 00 00 00 b6 02 14 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 53 65 74 57 69 6e 64 6f 77 4c 6f 6e 67 41 00 00 00 00 b6 02 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 69 6e 64 57

Keyword

#Else

VistaQ

Const

ctackPip

lpClassName

Width

ColRange

Byte)

CurrentSizeOfAT,

Public

WS_SYSMENU

Resume

Long)

ByVal

sendings


VBA Code Keywords


ThirdB

sNMSP.Namespace(ctackPip)

PtrSafe

Declare

"FindWindowA"

ChDir

False

ms.gR.esult

VistaQ(WhereToGo)

ctackPop

""",""pipk"",""J"")"

String,

ErrorTrap:

String)

result

SecondB

Join(Array(dershlep,

sNMSP.Namespace(dershlep)

GetFlexGridColFromXPos

String

ColumnRangeWidth

Integer,

ctackPop,

ctackPup

dershlep

Shell

DrawMenuBar

"\funduct.xlsx"),

.Cols

Alias

ctackPip,

WhereToGo,

Single)

sNMSP

DerTip()

#LongData,

nIndex

dwNewLong

ColumnWidth

WS_CAPTION

ctackPup,

(ByVal

NumberBuffer(LongData

ByteData

ColumnWidth(ByVal

lAccWidth

GWL_STYLE

PublicResumEraseByArrayList

Integer

FirstB

Long,

ActiveWorkbook.SaveAs

Application.DisplayAlerts

Error

"GetWindowLongA"

TheGrid

ofbl,

Attribute

CurrentSizeOfAT

MsgBox(result

FileWherePutTo

"\libOmio.dll"

"SetWindowLongA"

.ColWidth(i)

Keyword


VBA Code

VB_Name

"LL("""

Composition

Function

ThisWorkbook.Sheets.Copy

GetFlexGridColFromXPos(TheGrid,

ErrorTrap

FileCopy

RCPN_D_FMOD_OK

ERRCHECK(result)

ColumnRangeWidth(ByVal

DoEvents

lpWindowName

ErrorHandler

FlagDouble

BoxWSL

Context

Local:=False,

PrepareForm.Enabled

ActiveWorkbook.Close

Private

ErrorHandler:

Boolean

PrepareConfigForOutput

Keyword

General



Stream Size: 2564

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . S v . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 01 f0 00 00 00 fc 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 03 03 00 00 37 08 00 00 00 00 00 00 01 00 00 00 d6 53 76 a4 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

VB_Name

Integer)

Public

String

GetP.aram

tooolsetChunkQ

Integer

GetParam(Count

Count

Mi.d$(Comma.nd$,

ElseIf

Len(Comma.nd$)

False

Attribute

tooolsetChunkI

Boolean


VBA Code Keywords


General



Stream Size: 4120

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . S . R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 01 f0 00 00 00 8c 04 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 93 04 00 00 37 0c 00 00 00 00 00 00 01 00 00 00 d6 53 84 52 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

PublicResumEraseByArrayList(ParamArray

Access

windowHandle,

Public

Resume

Long,

ThirdB

FreeFile

putArrayBigList()

UBound(Declaration)

frm.Caption)

windowStyle

String,

GWL_STYLE,

GWL_STYLE)

WS_SYSMENU)

ReDim

putArrayBigList

DrawMenuBar

windowHandle

Boolean)

Binary

Integer)

Integer

(windowStyle

FirstB

Declaration(i)

Error

Attribute

Close

NumberBuffer

SimpleMethod

VB_Name

Write

SecondB

(windowHandle)

KeyPropUpdate(frm

BoxWSL

Declaration(k)

Variant)

PrepareForm.Enabled

Object,

While

abbrev

LBound(Declaration)


VBA Code Keywords


General

Stream Path: _VBA_PROJECT_CUR/VBA/Page1

VBA File Name: Page1.cls

Stream Size: 977

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 d6 53 a1 ee 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

False

VB_Exposed

Attribute

VB_Name

VB_Creatable

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

VB_Customizable

VB_TemplateDerived

General

Stream Path: _VBA_PROJECT_CUR/VBA/Page11

VBA File Name: Page11.cls

Stream Size: 977

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . Q . . . . # . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 d6 53 f4 51 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

False

VB_Exposed

Attribute

VB_Name

VB_Creatable

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

VB_Customizable

VB_TemplateDerived

General

Stream Path: _VBA_PROJECT_CUR/VBA/PrepareForm

VBA File Name: Page1.cls, Stream Size: 977

VBA Code Keywords

VBA File Name: Page11.cls, Stream Size: 977

VBA Code Keywords

VBA File Name: PrepareForm.frm, Stream Size: 1650


VBA File Name: PrepareForm.frm

Stream Size: 1650

Data ASCII: . . . . . . . . . . . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 00 f0 00 00 00 c0 03 00 00 d4 00 00 00 4c 02 00 00 ff ff ff ff c7 03 00 00 13 05 00 00 00 00 00 00 01 00 00 00 d6 53 b9 10 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

General

VBA Code

Keyword

VB_Name

VB_Creatable

VB_Exposed

UserForm_Activate()

KeyPropUpdate(Me,

VB_Customizable

DerTip

DoEvents

False)

"PrepareForm"

UserForm_Initialize()

VB_TemplateDerived

False

Attribute

Private

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

General

Stream Path: _VBA_PROJECT_CUR/VBA/UserForm6

VBA File Name: UserForm6.frm

Stream Size: 1159

Data ASCII: . . . . . . . . . @ . . . . . . . L . . . . . . . G . . . . . . . . . . . . . . . . S . V . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 00 f0 00 00 00 40 03 00 00 d4 00 00 00 4c 02 00 00 ff ff ff ff 47 03 00 00 9b 03 00 00 00 00 00 00 01 00 00 00 d6 53 cb 56 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

VB_Exposed

Attribute

VB_Name

VB_Creatable

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

VB_Customizable

False

VB_TemplateDerived

VBA Code Keywords

VBA File Name: UserForm6.frm, Stream Size: 1159

VBA Code Keywords


VBA Code

General

Stream Path: _VBA_PROJECT_CUR/VBA/one

VBA File Name: one.cls

Stream Size: 3051

Data ASCII: . . . . . . . . . , . . . . . . . ( . . . . . . . 5 . . . . . . . . . . . . . . . . S Z . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 00 f0 00 00 00 2c 04 00 00 d4 00 00 00 28 02 00 00 ff ff ff ff 35 04 00 00 01 09 00 00 00 00 00 00 01 00 00 00 d6 53 5a f2 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

PopulateDivineCommercial(dImmer

"one"

VB_Name

VB_Creatable

VB_Exposed

ActiveHotbit

Workbook_Activate()

Integer)

PrepareForm.show

Public

String

ActiveHotbit.ExpandEnvironmentStrings(PRP

PrepareForm.Visible

"Minor

health

ChDir

"Major

VB_Customizable

car.CheckCar(ActiveHotbit,

GetInfirmityLevelDescription

WshShell

CarClass

VB_TemplateDerived

disability"

False

problems"

Attribute

PopulateDivineCommercial

Private

SpecialPath

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

"Severe

Select

General

Stream Path: \x5DocumentSummaryInformation

File Type: data

VBA File Name: one.cls, Stream Size: 3051

VBA Code Keywords

Streams

Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 292


Stream Size: 292

Entropy: 2.75053147878

Base64 Encoded: False

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . h . . . . . . . p . . . . . .. | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . 5 ' . . . . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . D o c u m e n t

Data Raw: fe ff 00 00 06 03 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f4 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 04 00 00 00 7c 00 00 00 05 00 00 00 84 00 00 00 06 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00

General

General

Stream Path: \x5SummaryInformation

File Type: data

Stream Size: 352

Entropy: 3.57183035351


Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . 0 . . . . . . . . . . . x . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . ( . . . . . . . . . . . . . . . . . . . t U O O . . . . . . . . . . . . Y a V M j . . . . . . . . . . . O P V JM X . . . . . . . . . . A d m i n i s t r a t o r . . . . . . . . . . .

Data Raw: fe ff 00 00 06 03 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 30 01 00 00 0e 00 00 00 01 00 00 00 78 00 00 00 02 00 00 00 80 00 00 00 03 00 00 00 90 00 00 00 04 00 00 00 a0 00 00 00 08 00 00 00 b0 00 00 00 09 00 00 00 c8 00 00 00 12 00 00 00 d4 00 00 00 0a 00 00 00 ec 00 00 00 0c 00 00 00 f8 00 00 00

General

Stream Path: MBD0090C244/\x1CompObj

File Type: data

Stream Size: 76

Entropy: 3.09344952647


Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . .

Data Raw: 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

General

Stream Path: MBD0090C244/\x1Ole10Native

File Type: data

Stream Size: 614941

Entropy: 5.73916332785

Base64 Encoded: True

Data ASCII: . b . . . . b a s e c a m p . C : \\ 1 \\ b a s e c a m p . . . . . . . . . C : \\ U s e r s \\ A D M I N I ~ 1 \\ A p p D a t a \\ L o c a l \\ T e m p \\ b a s e c a m p . 6 a . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . Y . < . . . R . . . R . . . R . " . . . . . R . " . P . . . R . R i ch . . R . . . . . . . .

Data Raw: 19 62 09 00 02 00 62 61 73 65 63 61 6d 70 00 43 3a 5c 31 5c 62 61 73 65 63 61 6d 70 00 00 00 03 00 2e 00 00 00 43 3a 5c 55 73 65 72 73 5c 41 44 4d 49 4e 49 7e 31 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 54 65 6d 70 5c 62 61 73 65 63 61 6d 70 00 36 61 09 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

General

Stream Path: Workbook

File Type: Applesoft BASIC program data, first line number 16

Stream Size: 135282

Entropy: 7.42676381875


Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 352

Stream Path: MBD0090C244/\x1CompObj, File Type: data, Stream Size: 76

Stream Path: MBD0090C244/\x1Ole10Native, File Type: data, Stream Size: 614941

Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 135282


Data ASCII: . . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . A d m i n i s t r a t o r B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . o n e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . =. . . . . . . . p . ' 8 . . . . . . . X . @ . . . . . . . . .

Data Raw: 09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 0d 00 00 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

General

General

Stream Path: _VBA_PROJECT_CUR/PROJECT


Stream Size: 944

Entropy: 5.23737769823


Data ASCII: I D = " { B 5 A D 7 8 9 3 - 6 B 9 0 - 4 D B 9 - A 1 F 3 - E 6 E C 2 7 1 F F A 5 3 } " . . D o c u m e n t = o n e / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = P a g e 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8 7 7 - 1 1 C E - 9 F 6 8 - 0 0 A A 0 0 5 7 4 A 4 F } . . B a s e C l a s s = P r e p a r e F o r m . . M o d u l e = M o d u l e 2 . . B a s e C l a s s = U s e r F o r m 6 . . D o c u m e n t = P a g e 1 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e =

Data Raw: 49 44 3d 22 7b 42 35 41 44 37 38 39 33 2d 36 42 39 30 2d 34 44 42 39 2d 41 31 46 33 2d 45 36 45 43 32 37 31 46 46 41 35 33 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 6f 6e 65 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 50 61 67 65 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 50 61 63 6b 61 67 65 3d 7b 41 43 39 46 32 46

General

Stream Path: _VBA_PROJECT_CUR/PROJECTwm

File Type: data

Stream Size: 266

Entropy: 3.36931619226


Data ASCII: o n e . o . n . e . . . P a g e 1 . P . a . g . e . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . P r e p a r e F o r m . P . r . e . p . a . r . e . F . o . r . m . . . M o d u l e 2 . M . o . d . u . l . e . 2 . . . U s e r F o r m 6 . U . s . e . r . F . o . r . m . 6 . . . P a g e 1 1 . P . a . g . e . 1 . 1 . . . M o d u l e 5 . M .o . d . u . l . e . 5 . . . M o d u l e 4 . M . o . d . u . l . e . 4 . . . M o d u l e 0 . M . o . d . u . l . e . 0 . . . C a r C l a s s . C . a . r . C . l .

Data Raw: 6f 6e 65 00 6f 00 6e 00 65 00 00 00 50 61 67 65 31 00 50 00 61 00 67 00 65 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 50 72 65 70 61 72 65 46 6f 72 6d 00 50 00 72 00 65 00 70 00 61 00 72 00 65 00 46 00 6f 00 72 00 6d 00 00 00 4d 6f 64 75 6c 65 32 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 32 00 00 00 55 73 65 72 46 6f 72 6d 36 00 55 00 73 00

General

Stream Path: _VBA_PROJECT_CUR/PrepareForm/\x1CompObj

File Type: data

Stream Size: 97

Entropy: 3.61064918306


Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b ed d e d O b j e c t . . . . . . 9 . q . . . . . . . . . . . .

Data Raw: 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

General

Stream Path: _VBA_PROJECT_CUR/PrepareForm/\x3VBFrame


Stream Size: 311

Entropy: 4.66172829894


Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 944

Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 266

Stream Path: _VBA_PROJECT_CUR/PrepareForm/\x1CompObj, File Type: data, Stream Size: 97

Stream Path: _VBA_PROJECT_CUR/PrepareForm/\x3VBFrame, File Type: ASCII text, with CRLF line terminators,Stream Size: 311


Data ASCII: V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } P r e p a r e F o r m . . C a p t i o n = " M i c r o s o f t O f f i c e C o m p o n e n t s " . . C l i e n t H e i g h t = 1 7 1 6 . . C l i e n t L e f t = 4 8 . . C l i e n t T o p = 3 8 4 . . C l i e n t W i d t h = 5 5 5 6 . . S t a r t U p P o s i t i

Data Raw: 56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 50 72 65 70 61 72 65 46 6f 72 6d 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 43 6f 6d 70 6f 6e 65 6e 74 73 22 0d 0a 20

General

General

Stream Path: _VBA_PROJECT_CUR/PrepareForm/f

File Type: data

Stream Size: 13229

Entropy: 7.80460024665


Data ASCII: . . ( . . . 0 . . . . . . . . . . . . . . . . . . } . . X & . . . . . . . . . . . . . . . R . . . . . . . . . . . K . Q . . . . . . . P . . .T a h o m a . R . . . . . . . . . . . K . Q l t . . > 3 . . . . . . . . J F I F . . . . . ` . ` . . . . . Z E x i f . . M M . *. . . . . . . . . . . . . . . . . J . . . . . . . . . . . . Q . . . . . . . . . . . Q . . . . . . . . . . . Q . . . . . . . . . . . . . . . . . . .. . . . . . . C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 00 04 28 00 08 0d 30 0e 01 00 00 00 01 00 ff ff ff ff 01 00 02 00 00 00 00 7d 00 00 58 26 00 00 e3 0b 00 00 00 00 00 00 00 00 00 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 cc 00 00 90 01 ea 50 01 00 06 54 61 68 6f 6d 61 04 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 6c 74 00 00 3e 33 00 00 ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 5a 45 78 69

General

Stream Path: _VBA_PROJECT_CUR/PrepareForm/o

File Type: empty

Stream Size: 0

Entropy: 0.0


Data ASCII:

Data Raw:

General

Stream Path: _VBA_PROJECT_CUR/UserForm6/\x1CompObj

File Type: data

Stream Size: 97

Entropy: 3.61064918306


Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b ed d e d O b j e c t . . . . . . 9 . q . . . . . . . . . . . .

Data Raw: 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

General

Stream Path: _VBA_PROJECT_CUR/UserForm6/\x3VBFrame


Stream Size: 292

Entropy: 4.60789642864


Data ASCII: V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } U s e r F o r m 6 . . C a p t i o n = " U s e r F o r m 2 " . . C l i e n t H e i g h t = 3 0 1 2 . . C l i e n t L e f t = 1 2 0 . . C l i e n t T o p = 4 6 8 . . C l i e n t W i d t h = 4 5 6 0 . . S t a r t U p P o s i t i o n = 1 ' C e n t e r O w

Stream Path: _VBA_PROJECT_CUR/PrepareForm/f, File Type: data, Stream Size: 13229

Stream Path: _VBA_PROJECT_CUR/PrepareForm/o, File Type: empty, Stream Size: 0

Stream Path: _VBA_PROJECT_CUR/UserForm6/\x1CompObj, File Type: data, Stream Size: 97

Stream Path: _VBA_PROJECT_CUR/UserForm6/\x3VBFrame, File Type: ASCII text, with CRLF line terminators,Stream Size: 292


Data Raw: 56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 55 73 65 72 46 6f 72 6d 36 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 55 73 65 72 46 6f 72 6d 32 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 20 20 20 3d 20

General

General

Stream Path: _VBA_PROJECT_CUR/UserForm6/f

File Type: data

Stream Size: 395

Entropy: 4.58734814197


Data ASCII: . . $ . . . . . . . . . . . . . . . . . . } . . k . . . . . . . . . . . . . . . . R . . . . . . . . . . . K . Q . . . . . . . P . . . T a h om a . . . . . . 8 . . . . . . e . . , . . . . . . . . . . . . . . . . . 4 . . . . . . . T e x t B o x 1 T E M P { . . . " . . . . . 4 . . . . . . . . . . . . . . . . . H . . . . . . . T e x t B o x 3 T e m p l a t e s . i . { . . . . . . . . . < . . . . . . . . . .. . . . . . . 2 . . . 8 . . . . . . . L a b e l 1 x 3 \\ o l e O b j e c t 1 . b i n . ] . . . . . . . .

Data Raw: 00 04 24 00 08 0c 10 0c 05 00 00 00 ff ff 00 00 07 00 00 00 00 7d 00 00 6b 1f 00 00 c6 14 00 00 00 00 00 00 00 00 00 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 cc 00 00 90 01 ea 50 01 00 06 54 61 68 6f 6d 61 00 00 05 00 00 00 38 01 00 00 00 85 01 65 00 00 2c 00 e7 01 00 00 08 00 00 80 04 00 00 80 01 00 00 00 34 00 00 00 00 00 17 00 54 65 78 74 42 6f 78 31 54 45 4d 50 7b

General

Stream Path: _VBA_PROJECT_CUR/UserForm6/o

File Type: data

Stream Size: 292

Entropy: 3.77420228611


Data ASCII: . . . . . . . . . . . . . H . , . . . . { . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a . . . . ( . . . @ . . . . . . H . , .. . . . . . . { . . . \\ o l e O b j e c t * . b i n . . . . . 5 . . . . . . . . . . . . . . . T a h o m a v . . . . . ( . . . . . . .L a b e l 1 . . . . . . { . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a v . . . . . ( . . . . . . . L a b e l 2 . . . . .. { . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a v . . . . . A . . . . . . . . H . , . . . .

Data Raw: 00 02 14 00 01 01 00 80 00 00 00 00 1b 48 80 2c ec 09 00 00 7b 02 00 00 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 00 02 00 00 54 61 68 6f 6d 61 00 00 00 02 28 00 01 01 40 80 00 00 00 00 1b 48 80 2c 0f 00 00 80 ec 09 00 00 7b 02 00 00 5c 6f 6c 65 4f 62 6a 65 63 74 2a 2e 62 69 6e 00 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 00 02 00 00 54 61 68 6f 6d 61 76 11 00 02 18 00

General

Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT

File Type: data

Stream Size: 7159

Entropy: 5.13142655621


Data ASCII: . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 .0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . . ( . x . 8 . 6 . ) . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . ..

Data Raw: cc 61 af 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 07 00 02 00 2c 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

General

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0

File Type: data

Stream Size: 2529

Entropy: 4.3094793837


Data ASCII: . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . . . . . . . .. . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ W . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . < . . . . . . F . . . . . . . _ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Stream Path: _VBA_PROJECT_CUR/UserForm6/f, File Type: data, Stream Size: 395

Stream Path: _VBA_PROJECT_CUR/UserForm6/o, File Type: data, Stream Size: 292

Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 7159

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 2529


Data Raw: 93 4b 2a af 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 04 00 06 00 04 00 06 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 00 02 00 00 80 00 00 00 80 00 00 00 80 00 00 00 04 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 03 00 00 7e 03 00 00 7e 03 00 00 7e 03 00 00 7e

General

General


File Type: data

Stream Size: 335

Entropy: 3.97044139223


Data ASCII: r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . p a r a m e t e r 1 . . . . . . . . n I n d e x . . . . . . . . d w N e w L o ng . . . . . . . . l p C l a s s N a m e . . . . . . . . l p W i n d o w N a m e . . . . . . . . L o n g D a t a . . . .. . . . C o n t e x t . . . . . . . . B y t e D a t a . . . . . . . . C o l R a n g e . . . . . . . . W i d

Data Raw: 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 03 00 00 08 0a 00 00 00 70 61 72 61 6d 65 74 65 72 31 02 00 00 08 06 00 00 00 6e 49 6e 64 65 78 03 00

General


File Type: data

Stream Size: 160

Entropy: 2.40515850022


Data ASCII: r U . . . . . . . . . . . . . . . . . . . ~ | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M . . . . . . .

Data Raw: 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 02 00 00 7e 7c 00 00 7f 00 00 00 00 0e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 05 00 08 00 00 00 00 00 04 00 04 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 04 00 00 12 04 00 04 00 00 12 05 00 04 00 00 12 06 00

General


File Type: data

Stream Size: 656

Entropy: 2.59644877473


Data ASCII: r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . p . . . . . . . . .. . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . Q . . . . . . . $ . . p . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . D . . p . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . , . . . . . . .. . d . . p . . . . . . . . . . . . . . . . . . a . . . . . .

Data Raw: 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 04 00 ff ff ff ff ff ff ff ff 00 00 00 00 08 00 00 00 04 00 30 00 a1 0a 00 00 00 00 00 00 00 00 00 70 0c 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 61 00 00 00 00 00 01 00 81 00 00 00 00 00 01 00 99 00 00 00 00 00 01 00 00 00 00 00 08 08 08 08 2c 00 51 0b 00 00 00 00 00 00 24 00

General

Stream Path: _VBA_PROJECT_CUR/VBA/dir

File Type: data

Stream Size: 1327

Entropy: 6.74004010091


Data ASCII: . + . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r .. . . . . . . . . . . ` . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 02 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . -

Data Raw: 01 2b b5 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 1a 05 cc 60 03 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47




Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 1327


No network behavior found

Code Manipulations

Statistics

Behavior

• EXCEL.EXE

• splwow64.exe

• WerFault.exe

• WerFault.exe

• WerFault.exe

• WerFault.exe

• WerFault.exe

• WerFault.exe

• WerFault.exe

• WerFault.exe

• WerFault.exe

Click to jump to process

System Behavior

Network Behavior

File ActivitiesFile Activities


Start date: 12/06/2020

Path: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE' /automation -Embedding

Imagebase: 0xc00000

File size: 43854104 bytes

MD5 hash: D672D26C85AEB9536B9736BF04054969

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: high

File Path Access Attributes Options Completion CountSourceAddress Symbol

Analysis Process: EXCEL.EXE PID: 5416 Parent PID: 700Analysis Process: EXCEL.EXE PID: 5416 Parent PID: 700

General

File CreatedFile Created


C:\Users\user\AppData\Local\Temp\~DF96F62741B1105DFF.TMP read attributes | synchronize | generic read | generic write

device synchronous io non alert | non directory file

success or wait 1 6663C70C unknown

C:\Users\user\AppData\Local\Temp\~DF6F63366EF1BEDEB2.TMP read attributes | delete | synchronize | generic read | generic write

device synchronous io non alert | non directory file | delete on close

success or wait 1 66697025 unknown

C:\Users\user\AppData\Local\Temp\VBE read data or list directory | synchronize

device directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 667270E2 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd read attributes | synchronize | generic read | generic write


success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\~DF28BAD242C80A9E72.TMP read attributes | synchronize | generic read | generic write



C:\Users\user\Application Data\Microsoft\Forms read data or list directory | synchronize


success or wait 1 6666FA9F unknown

C:\Users\user\Application Data\Microsoft\Forms\EXCEL.box read attributes | synchronize | generic read | generic write



C:\Users\user\AppData\Local\Temp\~DFB1F25718C2A44535.TMP read attributes | synchronize | generic read | generic write



C:\Users\user\AppData\Local\Temp\~DF7D1BCCAB7E85B45D.TMP read attributes | delete | synchronize | generic read | generic write

device synchronous io non alert | non directory file | delete on close


C:\Users\user\AppData\Local\Temp\~DFC7652D5B14C9A437.TMP read attributes | synchronize | generic read | generic write



C:\Users\user\AppData\Local\Temp\VBF56E.tmp read attributes | synchronize | generic read


success or wait 1 6678A0F4 GetTempFileNameA

C:\Users\user\AppData\Local\Temp\VBF56F.tmp read attributes | synchronize | generic read


success or wait 1 66797710 GetTempFileNameA

C:\Users\user\AppData\Local\Temp\VBF570.tmp read attributes | synchronize | generic read


success or wait 1 6678A2CD GetTempFileNameA

C:\Users\user\AppData\Local\Temp\funduct.xlsx.zip read attributes | synchronize | generic write



C:\Users\user\AppData\Local\Temp read data or list directory | synchronize


object name collision 1 66680D8C unknown

C:\Users\user\AppData\Local\Temp\oleObject1.bin read attributes | synchronize | generic read | generic write

device sequential only | synchronous io non alert | non directory file

success or wait 1 66680D8C unknown


read attributes | synchronize | generic read | generic write




File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Roaming\Microsoft\Forms\EXCEL.box success or wait 1 6666FA9F unknown

C:\Users\user\AppData\Local\Temp\~DF28BAD242C80A9E72.TMP success or wait 1 66697F47 unknown

File DeletedFile Deleted


C:\Users\user\AppData\Local\Temp\VBF56E.tmp success or wait 1 6678A3AE DeleteFileA

C:\Users\user\AppData\Local\Temp\VBF570.tmp success or wait 1 6678A40F DeleteFileA

C:\Users\user\AppData\Local\Temp\VBF56E.tmp success or wait 1 667A66B7 DeleteFileA

C:\Users\user\AppData\Local\Temp\~DF3D8F94D159A1FBBE.TMP success or wait 1 666D256B unknown


Old File Path New File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\VBF56F.tmp C:\Users\user\AppData\Local\Temp\VBF56E.tmp success or wait 1 6678A3E4 MoveFileA

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 4d 53 46 54 MSFT success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 02 00 01 00 .... success or wait 1 666B3650 unknown




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 2 51 00 Q. success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 2 00 00 .. success or wait 1 666B3650 unknown




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 ab 00 00 00 .... success or wait 1 666B3650 unknown




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 cd 02 00 00 .... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 15 24 00 00 .$.. success or wait 1 666B3650 unknown


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 24 00 00 00 $... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 ff ff ff ff .... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 20 00 00 00 ... success or wait 1 666B3650 unknown


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 0d 00 00 00 .... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 bc 00 00 00 .... success or wait 1 666B3650 unknown

File MovedFile Moved

File WrittenFile Written


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 684 00 00 00 00 64 00 00 00 c8 00 00 00 2c 01 00 00 90 01 00 00 f4 01 00 00 58 02 00 00 bc 02 00 00 20 03 00 00 84 03 00 00 e8 03 00 00 4c 04 00 00 b0 04 00 00 14 05 00 00 78 05 00 00 dc 05 00 00 40 06 00 00 a4 06 00 00 08 07 00 00 6c 07 00 00 d0 07 00 00 34 08 00 00 98 08 00 00 fc 08 00 00 60 09 00 00 c4 09 00 00 28 0a 00 00 8c 0a 00 00 f0 0a 00 00 54 0b 00 00 b8 0b 00 00 1c 0c 00 00 80 0c 00 00 e4 0c 00 00 48 0d 00 00 ac 0d 00 00 10 0e 00 00 74 0e 00 00 d8 0e 00 00 3c 0f 00 00 a0 0f 00 00 04 10 00 00 68 10 00 00 cc 10 00 00 30 11 00 00 94 11 00 00 f8 11 00 00 5c 12 00 00 c0 12 00 00 24 13 00 00 88 13 00 00 ec 13 00 00 50 14 00 00 b4 14 00 00 18 15 00 00 7c 15 00 00 e0 15 00 00 44 16 00 00 a8 16 00 00 0c 17 00 00 70 17 00 00 d4 17 00 00 38 18 00 00 9c 18 00

....d.......,...........X.......

...........L...........x...

[email protected].....

......`.......(...........T...

................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8......


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 00 6c 00 00 cc 42 00 00 0f 00 00 00

.....l...B...... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 00 0a 00 00 d0 08 00 00 0f 00 00 00

................ success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 24 00 00 00 1c 00 00 00 0f 00 00 00

....$........... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 00 0c 00 00 00 07 00 00 0f 00 00 00


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 80 00 00 00 ff ff ff ff 0f 00 00 00


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 00 20 00 00 80 10 00 00 0f 00 00 00

..... .......... success or wait 1 666B3650 unknown



C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 00 78 00 00 ec 49 00 00 0f 00 00 00

.....x...I...... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 00 0b 00 00 54 06 00 00 0f 00 00 00

........T....... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 00 10 00 00 10 0e 00 00 0f 00 00 00




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 ff ff ff ff 20 00 00 00 10 00 00 00 0f 00 00 00

.... ........... success or wait 1 666B3650 unknown









C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 17100 26 21 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 04 00 00 00 03 00 03 80 00 00 00 00 a8 53 c6 11 ff ff ff ff 26 21 01 00 ff ff ff ff 00 00 00 00 ff ff ff ff 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 2c 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 04 00 00 00 03 00 03 80 00 00 00 00 c0 54 c6 11 ff ff ff ff a6 10 02 00 ff ff ff ff 00 00 00 00 ff ff ff ff 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 44 00 00

&!...........................................................................................S......&!..........................................0.......,........................................T..................................................H.......D..


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 128 38 10 00 00 f8 07 00 00 50 10 00 00 10 08 00 00 a8 0f 00 00 40 0e 00 00 c0 0f 00 00 b8 0e 00 00 58 0e 00 00 18 0f 00 00 e8 0b 00 00 98 0a 00 00 e8 0e 00 00 c0 0c 00 00 c8 0d 00 00 28 0e 00 00 90 09 00 00 88 0b 00 00 20 10 00 00 58 0b 00 00 08 10 00 00 88 0e 00 00 68 10 00 00 d8 0f 00 00 88 05 00 00 48 0f 00 00 90 0c 00 00 10 0e 00 00 70 0e 00 00 78 0f 00 00 00 0f 00 00 30 0f 00 00

[email protected]...........................(........... ...X...........h...........H...........p...x.......0...




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4224 c4 e8 c0 a5 dd 1f fc 47 92 b9 3f b7 88 e0 40 4d fe ff ff ff ff ff ff ff 01 43 50 66 0f be 1a 10 8b bb 00 aa 00 30 0c ab 00 00 00 00 ff ff ff ff 13 43 50 66 0f be 1a 10 8b bb 00 aa 00 30 0c ab 64 00 00 00 ff ff ff ff 0b 43 50 66 0f be 1a 10 8b bb 00 aa 00 30 0c ab c8 00 00 00 ff ff ff ff 02 e0 f6 be 74 a8 1a 10 8b ba 00 aa 00 30 0c ab 2c 01 00 00 ff ff ff ff 03 e0 f6 be 74 a8 1a 10 8b ba 00 aa 00 30 0c ab 90 01 00 00 ff ff ff ff 20 47 bb 10 97 f7 ce 11 b9 ec 00 aa 00 6b 1a 69 f4 01 00 00 ff ff ff ff e0 03 0c 57 97 f7 ce 11 b9 ec 00 aa 00 6b 1a 69 58 02 00 00 ff ff ff ff 90 f5 72 ec 75 f3 ce 11 b9 e8 00 aa 00 6b 1a 69 bc 02 00 00 ff ff ff ff 70 23 b0 82 bc b5 cf 11 81 0f 00 a0 c9 03 00 74 20 03 00 00 ff ff ff ff 71 23 b0 82 bc b5 cf 11 81 0f 00 a0 c9 03 00

[email protected]..

.......0...........CPf........

.0..d........CPf.........0....

..........t........0..,.......

....t........0.......... G....

.......k.i...........W........

.k.iX.........r.u........k.i..

......p#.............t .......q#.............


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 1792 20 03 00 00 01 00 00 00 ff ff ff ff ff ff ff ff 84 03 00 00 01 00 00 00 ff ff ff ff ff ff ff ff e8 03 00 00 01 00 00 00 ff ff ff ff ff ff ff ff 4c 04 00 00 01 00 00 00 ff ff ff ff ff ff ff ff b0 04 00 00 01 00 00 00 ff ff ff ff ff ff ff ff bc 02 00 00 01 00 00 00 ff ff ff ff ff ff ff ff d8 0e 00 00 01 00 00 00 ff ff ff ff 70 00 00 00 68 10 00 00 03 00 00 00 ff ff ff ff ff ff ff ff 04 10 00 00 01 00 00 00 ff ff ff ff 90 00 00 00 30 11 00 00 03 00 00 00 ff ff ff ff ff ff ff ff a0 0f 00 00 01 00 00 00 ff ff ff ff b0 00 00 00 94 11 00 00 03 00 00 00 ff ff ff ff ff ff ff ff 64 19 00 00 01 00 00 00 ff ff ff ff d0 00 00 00 28 23 00 00 03 00 00 00 ff ff ff ff ff ff ff ff c8 19 00 00 01 00 00 00 ff ff ff ff f0 00 00 00 f0 23 00 00 03 00 00 00 ff ff ff ff ff ff ff

...............................................L...........................................................p...h...............................0...............................................d...............(#...............................#.............




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 2256 00 00 01 03 00 00 00 00 38 10 00 00 01 00 01 03 00 00 00 00 50 10 00 00 02 00 00 01 00 00 00 00 00 00 00 00 03 00 00 01 00 00 00 00 00 00 00 00 04 00 00 01 00 00 00 00 00 00 00 00 05 00 00 01 00 00 00 00 01 00 00 00 06 00 00 01 00 00 00 00 02 00 00 00 07 00 00 01 00 00 00 00 00 00 00 00 08 00 00 01 00 00 00 00 00 00 00 00 09 00 00 01 00 00 00 00 00 00 00 00 0a 00 00 01 00 00 00 00 01 00 00 00 0b 00 00 01 00 00 00 00 02 00 00 00 0c 00 00 01 00 00 00 00 00 00 00 00 0d 00 00 01 00 00 00 00 00 00 00 00 0e 00 00 01 00 00 00 00 00 00 00 00 0f 00 00 01 00 00 00 00 01 00 00 00 10 00 00 01 00 00 00 00 02 00 00 00 11 00 00 01 00 00 00 00 00 00 00 00 12 00 00 01 00 00 00 00 00 00 00 00 13 00 00 01 00 00 00 00 00 00 00 00 14 00 00 01 00 00 00 00 01 00 00 00 15 00 00

........8...........P.........

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 28 20 10 00 00 00 00 00 00 02 00 00 00 2d 00 73 74 64 6f 6c 65 32 2e 74 6c 62 57 57 57

...........-.stdole2.tlbWWW success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 512 74 41 00 00 bc 24 00 00 5c 30 00 00 a8 49 00 00 e4 47 00 00 60 3c 00 00 f8 2d 00 00 58 45 00 00 2c 41 00 00 bc 47 00 00 88 30 00 00 cc 49 00 00 3c 2c 00 00 cc 48 00 00 70 46 00 00 68 3d 00 00 20 42 00 00 64 24 00 00 b8 3b 00 00 44 47 00 00 48 46 00 00 48 43 00 00 48 3e 00 00 94 26 00 00 4c 3c 00 00 18 3a 00 00 20 44 00 00 44 38 00 00 a8 45 00 00 18 47 00 00 80 45 00 00 10 43 00 00 14 49 00 00 84 49 00 00 2c 30 00 00 24 40 00 00 90 42 00 00 ac 44 00 00 1c 3e 00 00 ac 3f 00 00 34 42 00 00 14 45 00 00 98 47 00 00 a4 43 00 00 94 32 00 00 14 41 00 00 0c 48 00 00 5c 44 00 00 bc 45 00 00 84 28 00 00 c0 2f 00 00 ac 2d 00 00 e4 31 00 00 b4 41 00 00 b4 40 00 00 6c 34 00 00 e8 21 00 00 9c 40 00 00 40 3b 00 00 08 2a 00 00 6c 45 00 00 cc 40 00 00 24 46 00 00 fc 3e 00

tA...$..\0...I...G..`<...-..XE..,A...G...0...I..<,...H..pF..h=.. B..d$...;..DG..HF..HC..H>...&..L<...:.. D..D8...E...G...E...C...I...I..,[email protected]...>...?..4B...E...G...C...2...A...H..\D...E...(.../[email protected]...!...@..@;...*..lE...@..$F...>.




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 18924 ff ff ff ff ff ff ff ff 07 00 43 0f 4d 53 46 6f 72 6d 73 57 00 00 00 00 ff ff ff ff 09 38 e4 f5 4f 4c 45 5f 43 4f 4c 4f 52 57 57 57 64 00 00 00 ff ff ff ff 0a 38 28 6f 4f 4c 45 5f 48 41 4e 44 4c 45 57 57 c8 00 00 00 ff ff ff ff 10 38 c2 57 4f 4c 45 5f 4f 50 54 45 58 43 4c 55 53 49 56 45 2c 01 00 00 ff ff ff ff 05 38 9f ce 49 46 6f 6e 74 57 57 57 90 01 00 00 ff ff ff ff 04 28 55 10 46 6f 6e 74 f4 01 00 00 ff ff ff ff 0c 38 a9 2a 66 6d 44 72 6f 70 45 66 66 65 63 74 58 02 00 00 ff ff ff ff 08 38 8c 62 66 6d 41 63 74 69 6f 6e bc 02 00 00 ff ff ff ff 10 38 8f 6b 49 44 61 74 61 41 75 74 6f 57 72 61 70 70 65 72 20 03 00 00 ff ff ff ff 0e 38 dc 56 49 52 65 74 75 72 6e 49 6e 74 65 67 65 72 57 57 84 03 00 00 ff ff ff ff 0e 38 e0 39 49 52 65 74 75 72 6e 42 6f 6f 6c

..........C.MSFormsW.........8..OLE_COLORWWWd........8(oOLE_HANDLEWW.........8.WOLE_OPTEXCLUSIVE,........8..IFontWWW.........(U.Font.........8.*fmDropEffectX........8.bfmAction.........8.kIDataAutoWrapper ........8.VIReturnIntegerWW.........8.9IReturnBool


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 1620 22 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 4f 62 6a 65 63 74 20 4c 69 62 72 61 72 79 1c 00 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 4f 57 36 34 5c 66 6d 32 30 2e 68 6c 70 57 57 04 00 4e 6f 6e 65 57 57 04 00 43 6f 70 79 57 57 04 00 4d 6f 76 65 57 57 0a 00 43 6f 70 79 4f 72 4d 6f 76 65 03 00 43 75 74 57 57 57 05 00 50 61 73 74 65 57 08 00 44 72 61 67 44 72 6f 70 57 57 07 00 49 6e 68 65 72 69 74 57 57 57 02 00 4f 6e 57 57 57 57 03 00 4f 66 66 57 57 57 07 00 44 65 66 61 75 6c 74 57 57 57 05 00 41 72 72 6f 77 57 05 00 43 72 6f 73 73 57 05 00 49 42 65 61 6d 57 08 00 53 69 7a 65 4e 45 53 57 57 57 06 00 53 69 7a 65 4e 53 08 00 53 69 7a 65 4e 57 53 45 57 57 06 00 53 69 7a 65 57 45 07 00 55 70 41 72 72 6f 77 57 57 57 09 00 48 6f 75 72 47

".Microsoft Forms 2.0 Object Library..C:\Windows\SysWOW64\fm20.hlpWW..NoneWW..CopyWW..MoveWW..CopyOrMove..CutWWW..PasteW..DragDropWW..InheritWWW..OnWWWW..OffWWW..DefaultWWW..ArrowW..CrossW..IBeamW..SizeNESWWW..SizeNS..SizeNWSEWW..SizeWE..UpArrowWWW..HourG




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 3600 1a 00 08 40 08 00 08 80 1a 00 06 40 06 00 06 80 1a 00 0b 40 0b 00 0b 80 1a 00 02 40 02 00 02 80 1d 00 ff 7f 64 00 00 00 1a 00 ff 7f 20 00 00 00 1d 00 ff 7f 2c 01 00 00 1a 00 ff 7f 30 00 00 00 1a 00 ff 7f 38 00 00 00 1d 00 ff 7f 19 00 00 00 1a 00 ff 7f 48 00 00 00 1a 00 00 40 18 00 00 80 1a 00 fe 7f 58 00 00 00 1a 00 13 40 17 00 13 80 1d 00 ff 7f 25 00 00 00 1a 00 ff 7f 70 00 00 00 1a 00 10 40 10 00 10 80 1a 00 fe 7f 80 00 00 00 1a 00 03 40 03 00 03 80 1d 00 ff 7f 31 00 00 00 1a 00 ff 7f 98 00 00 00 1d 00 ff 7f 3d 00 00 00 1a 00 ff 7f a8 00 00 00 1a 00 0c 40 0c 00 0c 80 1d 00 ff 7f 49 00 00 00 1a 00 ff 7f c0 00 00 00 1d 00 03 00 f4 01 00 00 1d 00 ff 7f 55 00 00 00 1a 00 ff 7f d8 00 00 00 1d 00 ff 7f 61 00 00 00 1a 00 ff 7f e8 00 00 00 1d 00 ff 7f 6d 00 00

...@.......@.......@.......@..

......d....... .......,[email protected]......@........%.......p......@[email protected]...............=..............@........I.......................U...............a...............m..


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 03 00 fe ff ff ff 57 57 03 00 ff ff ff ff 57 57

......WW......WW success or wait 1 666B3650 unknown


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 2 24 00 $. success or wait 1956 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 22 00 00 19 00 19 80 00 00 00 00 0c 00 4c 00 11 44 01 00 01 00 00 00

............L..D...... success or wait 1757 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 12 00 00 00 00 24 11 00 00 0a 00 00 00

....$....... success or wait 1215 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 88 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 03 00 00 00 03 00 00 00 04 00 00 00 04 00 00 00 05 00 00 00 05 00 00 00 06 00 00 00 06 00 00 00 07 00 00 00 07 00 00 00 08 00 00 00 08 00 00 00 10 00 01 60 11 00 01 60 12 00 01 60 13 00 01 60 14 00 01 60 15 00 01 60

..............................

..............................

.......`...`...`...`...`...`


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 88 14 11 00 00 14 11 00 00 38 11 00 00 38 11 00 00 5c 11 00 00 5c 11 00 00 80 11 00 00 80 11 00 00 a8 11 00 00 a8 11 00 00 d8 11 00 00 d8 11 00 00 10 12 00 00 10 12 00 00 38 12 00 00 38 12 00 00 60 12 00 00 88 12 00 00 b0 12 00 00 dc 12 00 00 20 13 00 00 38 13 00 00

........8...8...\...\.........

..........................8...8...`............... ...8...


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 88 00 00 00 00 24 00 00 00 48 00 00 00 6c 00 00 00 90 00 00 00 b4 00 00 00 d8 00 00 00 fc 00 00 00 20 01 00 00 44 01 00 00 68 01 00 00 8c 01 00 00 b0 01 00 00 d4 01 00 00 f8 01 00 00 1c 02 00 00 40 02 00 00 64 02 00 00 88 02 00 00 ac 02 00 00 dc 02 00 00 00 03 00 00

....$...H...l...................

...D...h...................

[email protected]...................


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 4d 53 46 54 MSFT success or wait 1 666B3650 unknown







C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 2 51 00 Q. success or wait 1 666B3650 unknown





C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 ab 00 00 00 .... success or wait 1 666B3650 unknown




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 cd 02 00 00 .... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 15 24 00 00 .$.. success or wait 1 666B3650 unknown



C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 ff ff ff ff .... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 20 00 00 00 ... success or wait 1 666B3650 unknown


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 0d 00 00 00 .... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 4 bc 00 00 00 .... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 684 00 00 00 00 64 00 00 00 c8 00 00 00 2c 01 00 00 90 01 00 00 f4 01 00 00 58 02 00 00 bc 02 00 00 20 03 00 00 84 03 00 00 e8 03 00 00 4c 04 00 00 b0 04 00 00 14 05 00 00 78 05 00 00 dc 05 00 00 40 06 00 00 a4 06 00 00 08 07 00 00 6c 07 00 00 d0 07 00 00 34 08 00 00 98 08 00 00 fc 08 00 00 60 09 00 00 c4 09 00 00 28 0a 00 00 8c 0a 00 00 f0 0a 00 00 54 0b 00 00 b8 0b 00 00 1c 0c 00 00 80 0c 00 00 e4 0c 00 00 48 0d 00 00 ac 0d 00 00 10 0e 00 00 74 0e 00 00 d8 0e 00 00 3c 0f 00 00 a0 0f 00 00 04 10 00 00 68 10 00 00 cc 10 00 00 30 11 00 00 94 11 00 00 f8 11 00 00 5c 12 00 00 c0 12 00 00 24 13 00 00 88 13 00 00 ec 13 00 00 50 14 00 00 b4 14 00 00 18 15 00 00 7c 15 00 00 e0 15 00 00 44 16 00 00 a8 16 00 00 0c 17 00 00 70 17 00 00 d4 17 00 00 38 18 00 00 9c 18 00

....d.......,...........X.......

...........L...........x...

[email protected].....

......`.......(...........T...

................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8......


C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 f0 03 00 00 cc 42 00 00 ff ff ff ff 0f 00 00 00

.....B.......... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 bc 5e 00 00 d0 08 00 00 ff ff ff ff 0f 00 00 00

.^.............. success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 8c 67 00 00 1c 00 00 00 ff ff ff ff 0f 00 00 00

.g.............. success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 bc 57 00 00 00 07 00 00 ff ff ff ff 0f 00 00 00

.W.............. success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 bc 46 00 00 80 00 00 00 ff ff ff ff 0f 00 00 00

.F.............. success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 3c 47 00 00 80 10 00 00 ff ff ff ff 0f 00 00 00

<G.............. success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 a8 67 00 00 00 02 00 00 ff ff ff ff 0f 00 00 00

.g.............. success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 a8 69 00 00 ec 49 00 00 ff ff ff ff 0f 00 00 00

.i...I.......... success or wait 1 666B3650 unknown



C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 94 b3 00 00 54 06 00 00 ff ff ff ff 0f 00 00 00

....T........... success or wait 1 666B3650 unknown

C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 e8 b9 00 00 10 0e 00 00 ff ff ff ff 0f 00 00 00




C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 16 f8 c7 00 00 10 00 00 00 ff ff ff ff 0f 00 00 00








C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd unknown 17100 26 21 00 00 08 c8 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 04 00 00 00 03 00 03 80 00 00 00 00 00 00 00 00 ff ff ff ff 26 21 01 00 08 c8 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 2c 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 04 00 00 00 03 00 03 80 00 00 00 00 00 00 00 00 ff ff ff ff a6 10 02 00 08 c8 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 44 00 00

&!..................................................................................................&!..........................................0.......,...........................................................................................H.......D..


C:\Users\user\AppData\Local\Temp\VBF56F.tmp unknown 55 56 45 52 53 49 4f 4e 20 31 2e 30 20 43 4c 41 53 53 0d 0a 42 45 47 49 4e 0d 0a 20 20 4d 75 6c 74 69 55 73 65 20 3d 20 2d 31 20 20 27 54 72 75 65 0d 0a 45 4e 44 0d 0a

VERSION 1.0 CLASS..BEGIN.. MultiUse = -1 'True..END..

success or wait 1 6672D72B _lwrite

C:\Users\user\AppData\Local\Temp\VBF56F.tmp unknown 164 41 74 74 72 69 62 75 74 65 20 56 42 5f 4e 61 6d 65 20 3d 20 22 50 61 67 65 31 31 22 0d 0a 41 74 74 72 69 62 75 74 65 20 56 42 5f 47 6c 6f 62 61 6c 4e 61 6d 65 53 70 61 63 65 20 3d 20 46 61 6c 73 65 0d 0a 41 74 74 72 69 62 75 74 65 20 56 42 5f 43 72 65 61 74 61 62 6c 65 20 3d 20 46 61 6c 73 65 0d 0a 41 74 74 72 69 62 75 74 65 20 56 42 5f 50 72 65 64 65 63 6c 61 72 65 64 49 64 20 3d 20 54 72 75 65 0d 0a 41 74 74 72 69 62 75 74 65 20 56 42 5f 45 78 70 6f 73 65 64 20 3d 20 54 72 75 65 0d 0a

Attribute VB_Name = "Page11"..Attribute VB_GlobalNameSpace = False..Attribute VB_Creatable = False..Attribute VB_PredeclaredId = True..Attribute VB_Exposed = True..

success or wait 1 6672D72B _lwrite



C:\Users\user\AppData\Local\Temp\~$funduct.xlsx unknown 55 05 47 75 63 63 69 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

.user success or wait 1 DA07DE WriteFile

C:\Users\user\AppData\Local\Temp\~$funduct.xlsx unknown 110 05 00 47 00 75 00 63 00 63 00 69 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00

..G.u.c.c.i. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . .

success or wait 1 DA0839 WriteFile

C:\Users\user\AppData\Local\Temp\funduct.xlsx.zip unknown 65024 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 4b 0f ba 85 b7 01 00 00 bd 06 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PK..........!.K...............[Content_Types].xml ...(.........................................................................................................................................................................................................

success or wait 8 666559D6 unknown



C:\Users\user\AppData\Local\Temp\oleObject1.bin unknown 16384 d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 03 00 fe ff 09 00 06 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 01 00 00 00 00 00 00 00 00 10 00 00 02 00 00 00 01 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

........................>.....

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............


C:\Users\user\AppData\Local\Temp\oleObject1.bin unknown 16384 c2 00 60 02 5b 00 60 93 2f 00 60 98 a2 00 60 ad 0d 00 60 dd 49 00 60 ae 39 00 60 48 91 00 60 e7 e4 00 60 5e bc 00 60 7e 41 00 60 c2 2b 00 60 97 cd 00 60 d3 c6 00 60 f7 9a 00 60 32 f8 00 60 5f eb 00 60 51 54 00 60 2d 68 00 60 71 32 00 60 c8 e9 00 60 d4 77 00 60 ad 71 00 60 12 1d 00 60 88 c5 00 60 ba df 00 60 89 5a 00 60 76 ed 00 60 e3 9a 00 60 04 75 00 60 1a c6 00 60 a9 7c 00 60 2d e7 00 60 36 0c 00 60 6c 19 00 60 f8 53 00 60 c1 fc 00 60 ef c5 00 60 96 80 00 60 f1 dc 00 60 00 62 00 60 63 85 00 60 d3 c9 00 60 35 85 00 60 a2 dd 00 60 e7 0c 00 60 a7 09 00 60 75 1f 00 60 bb 7a 00 60 85 ec 00 60 fa 48 00 60 31 3f 00 60 1d e9 00 60 a6 ba 00 60 78 ce 00 60 45 68 00 60 3b 9c 00 60 5b 3e 00 60 0b f8 00 60 2f bf 00 60 b6 c9 00 60 31 7b 00 60 79 ac 00 60 47 03 00 60

..`.[.`./.`...`...`.I.`.9.`H..`...`^..`~A.`.+.`...`...`...`2..`_..`QT.`-h.`q2.`...`.w.`.q.`...`...`...`.Z.`v..`...`.u.`...`.|.`-..`6..`l..`.S.`...`...`...`...`.b.`c..`...`5..`...`...`...`u..`.z.`...`.H.`1?.`...`...`x..`Eh.`;..`[>.`...`/..`...`1{.`y..`G..`




C:\Users\user\AppData\Local\Temp\oleObject1.bin unknown 8192 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............



unknown 1 4d M success or wait 285696 666559D6 unknown


File Path Offset Length Completion CountSourceAddress Symbol

C:\Users\Public\desktop.ini unknown 176 success or wait 1 66680D8C unknown

C:\Users\Public\Desktop\desktop.ini unknown 176 success or wait 1 66680D8C unknown

C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini unknown 176 success or wait 1 66680D8C unknown

C:\Users\user\Documents\desktop.ini unknown 404 success or wait 1 66680D8C unknown

C:\Users\user\Music\desktop.ini unknown 506 success or wait 1 66680D8C unknown

C:\Users\user\Pictures\desktop.ini unknown 506 success or wait 1 66680D8C unknown

C:\Users\user\Videos\desktop.ini unknown 506 success or wait 1 66680D8C unknown

C:\Users\user\Downloads\desktop.ini unknown 284 success or wait 1 66680D8C unknown

C:\Users\user\OneDrive\desktop.ini unknown 98 success or wait 1 66680D8C unknown

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini unknown 402 success or wait 1 66680D8C unknown

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini unknown 176 success or wait 1 66680D8C unknown

C:\Windows\Fonts\desktop.ini unknown 67 success or wait 1 66680D8C unknown

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini unknown 176 success or wait 1 66680D8C unknown

C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini unknown 696 success or wait 1 66680D8C unknown

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini unknown 266 success or wait 1 66680D8C unknown

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini unknown 176 success or wait 1 66680D8C unknown

C:\Users\user\Favorites\desktop.ini unknown 404 success or wait 1 66680D8C unknown

C:\Users\user\AppData\Local\Temp\funduct.xlsx unknown 65024 success or wait 8 666B06D0 unknown

C:\Users\user\AppData\Local\Temp\funduct.xlsx unknown 65024 end of file 1 666B06D0 unknown

C:\Users\user\AppData\Local\Temp\funduct.xlsx.zip unknown 1 success or wait 2 66680D8C unknown











File ReadFile Read


Registry ActivitiesRegistry Activities







C:\Users\user\AppData\Local\Temp\oleObject1.bin unknown 1 success or wait 99312 666B06D0 unknown


Key Path Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache success or wait 1 C987BC RegCreateKeyExW

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0 success or wait 1 C987E4 RegCreateKeyExW

HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1 success or wait 1 66664F25 RegCreateKeyExA

HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common success or wait 1 66664F25 RegCreateKeyExA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage

success or wait 1 666E0DE8 unknown

Key Path Name Type Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0

MSForms dword 1 success or wait 1 C98806 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0

MSComctlLib dword 1 success or wait 1 C98806 RegSetValueExW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage

VBAFilesIntl_1033 dword 1355546625 success or wait 1 666E0DE8 unknown

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached

{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF

binary 01 00 00 00 00 00 00 00 13 18 27 37 29 41 D6 01


Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum

Implementing binary 1C 00 00 00 01 00 00 00 E4 07 06 00 06 00 0D 00 02 00 14 00 20 00 63 03 01 00 00 00 1E 76 81 27 E0 28 09 41 99 FE B9 D1 27 C5 7A FE

1C 00 00 00 01 00 00 00 E4 07 06 00 06 00 0D 00 02 00 14 00 20 00 6B 03 01 00 00 00 1E 76 81 27 E0 28 09 41 99 FE B9 D1 27 C5 7A FE




Path: C:\Windows\splwow64.exe

Wow64 process (32bit): false

Commandline: C:\Windows\splwow64.exe 12288

Imagebase: 0x7ff7a2370000


MD5 hash: 8D59B31FF375059E3C32B17BF31A76D5

Key CreatedKey Created

Key Value CreatedKey Value Created

Key Value ModifiedKey Value Modified

Analysis Process: splwow64.exe PID: 6088 Parent PID: 5416Analysis Process: splwow64.exe PID: 6088 Parent PID: 5416

General





Reputation: high





Path: C:\Windows\SysWOW64\WerFault.exe


Commandline: C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 2492

Imagebase: 0xa10000


MD5 hash: 80E91E3C0F5563E4049B62FCAF5D67AC



Reputation: high


C:\Users\user\AppData\Local\DBG read data or list directory | synchronize


object name collision 1 64BB1717 unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A75.tmp read attributes | synchronize | generic read


success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A75.tmp.dmp read attributes | synchronize | generic read | generic write



C:\ProgramData\Microsoft\Windows\WER\Temp\WER4246.tmp read attributes | synchronize | generic read



C:\ProgramData\Microsoft\Windows\WER\Temp\WER4246.tmp.WERInternalMetadata.xml




C:\ProgramData\Microsoft\Windows\WER\Temp\WER42F3.tmp read attributes | synchronize | generic read



C:\ProgramData\Microsoft\Windows\WER\Temp\WER42F3.tmp.xml read attributes | synchronize | generic read | generic write



C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_12b34477

read data or list directory | synchronize



C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_12b34477\Report.wer

read attributes | synchronize | generic write



Analysis Process: WerFault.exe PID: 4832 Parent PID: 5416Analysis Process: WerFault.exe PID: 4832 Parent PID: 5416

General





C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A75.tmp success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4246.tmp success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER42F3.tmp success or wait 1 64BA497A unknown

C:\Users\user\AppData\Local\Temp\{5F5C2939-9FCE-42E8-BEA1-F2378749598F} - OProcSessId.dat success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A75.tmp.dmp success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4246.tmp.WERInternalMetadata.xml success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER42F3.tmp.xml success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4310.tmp.csv success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER443A.tmp.txt success or wait 1 64BA497A unknown



unknown 32 4d 44 4d 50 93 a7 ee a0 0f 00 00 00 20 00 00 00 00 00 00 00 2d 38 e4 5e a4 05 12 00 00 00 00 00

MDMP........ .......-8.^........ success or wait 1 64BA497A unknown


unknown 6 00 00 00 00 00 00 ...... success or wait 1 64BA497A unknown


unknown 1420 00 00 06 00 02 3f 04 01 0a 00 00 00 00 00 00 00 ee 42 00 00 02 00 00 00 ac 54 00 00 00 01 00 00 47 65 6e 75 69 6e 65 49 6e 74 65 6c f2 06 03 00 ff fb 8b 17 00 00 00 00 54 05 00 00 f7 03 00 00 28 15 00 00 cc 37 e4 5e 04 00 00 00 3a 00 00 00 a4 0d 00 00 a4 0d 00 00 a4 0d 00 00 01 00 00 00 01 00 00 00 00 30 00 00 0d 00 00 00 00 00 00 00 02 00 00 00 e0 01 00 00 50 00 61 00 63 00 69 00 66 00 69 00 63 00 20 00 53 00 74 00 61 00 6e 00 64 00 61 00 72 00 64 00 20 00 54 00 69 00 6d 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 00 00 50 00 61 00 63 00 69 00 66 00 69 00 63 00 20 00 44 00 61 00 79 00 6c 00 69 00 67 00 68 00 74 00 20 00 54 00 69 00 6d 00 65 00 00 00 00 00 00 00 00 00 00

.....?...........B.......T....

..GenuineIntel............T...

....(....7.^....:.............

...........0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e..........





unknown 716 7f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa 2b 00 00 00 53 00 00 00 2b 00 00 00 2b 00 00 00 c8 53 25 1b 00 00 a8 f3 00 00 00 00 c8 53 25 1b 11 00 00 00 11 00 00 00 30 c4 95 03 90 ff 4b 77 23 00 00 00 86 02 01 00 f8 c3 95 03 2b 00 00 00 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa

..............................

..............................

..............................

..............................

....................+...S...+.

..+....S%..........S%.........0.....Kw#...........+......................................................



unknown 168 2c 15 00 00 00 00 00 00 05 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 90 ff 4b 77 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 f3 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 02 00 00 70 69 00 00

,.........................Kw........................................................................................................................................pi..



unknown 20 65 01 00 00 e0 73 d0 03 00 00 00 00 04 00 00 00 14 ce 00 00

e....s.............. success or wait 357 64BA497A unknown


unknown 4 44 24 89 6d D$.m success or wait 356 64BA497A unknown


unknown 4 74 99 3b 6d t.;m success or wait 1 64BA497A unknown


unknown 4 1b 00 00 00 .... success or wait 27 64BA497A unknown




unknown 716 3f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa 2b 00 00 00 53 00 00 00 2b 00 00 00 2b 00 00 00 aa aa aa aa 00 00 00 00 00 00 00 00 c8 53 25 1b aa aa aa aa 00 00 00 00 20 bd 95 03 bc a7 4f 77 23 00 00 00 12 02 00 00 e0 bc 95 03 2b 00 00 00 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa

?...........................................................................................................................................+...S...+...+................S%......... .....Ow#...........+......................................................



unknown 48 f0 17 00 00 01 00 00 00 20 00 00 00 00 00 00 00 00 f0 6b 03 00 00 00 00 c4 f6 90 19 00 00 00 00 3c 09 00 00 c9 17 03 00 cc 02 00 00 f4 b4 00 00

........ .........k.............<...............



unknown 4 a4 00 00 00 .... success or wait 164 64BA497A unknown


unknown 24 12 00 00 00 45 00 58 00 43 00 45 00 4c 00 2e 00 45 00 58 00 45 00 00 00

....E.X.C.E.L...E.X.E... success or wait 164 64BA497A unknown


unknown 120 00 00 a8 03 00 00 00 00 00 c0 04 00 00 00 00 00 50 a0 f1 5a 58 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 18 00 00 00 08 00 00 00

................P..ZXh........

..............................

..............................

..............................



unknown 54 30 00 00 00 72 00 65 00 73 00 6f 00 75 00 72 00 63 00 65 00 70 00 6f 00 6c 00 69 00 63 00 79 00 63 00 6c 00 69 00 65 00 6e 00 74 00 2e 00 64 00 6c 00 6c 00 00 00

0...r.e.s.o.u.r.c.e.p.o.l.i.c.y.c.l.i.e.n.t...d.l.l...





unknown 668 00 00 9f 64 00 00 00 00 00 00 40 00 69 49 40 00 53 37 f1 3e 48 69 00 00 01 00 0f 00 5a 62 02 00 00 10 00 00 8d ff 07 00 01 00 00 00 ef ff 07 00 00 00 01 00 00 00 01 00 00 00 00 00 ff ff fe 7f 00 00 00 00 0f 00 00 00 00 00 00 00 04 00 00 00 00 a0 69 00 00 00 00 00 00 20 74 02 00 00 00 00 3c e0 02 00 00 01 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 a9 85 03 00 00 00 00 00 95 33 04 00 00 00 00 00 35 b6 01 00 00 00 00 00 8e 11 1b 00 00 00 00 00 b2 ed 04 00 00 00 00 00 40 ff 1f 00 00 00 00 00 e0 51 06 00 00 00 00 00 d2 71 d6 ee 00 00 00 00 2c 5b 34 44 00 00 00 00 67 bb ce 21 00 00 00 00 f3 60 af 03 00 00 00 00 85 6f 08 00 85 46 05 00 99 99 05 00 33 35 05 00 b2 ed 04 00 8d ff 10 00 e0 51 06 00 cf 58 39 00 6c ca 01 00 1b a6 1b 00 00 00 00 00 4f dd 1b 00 61 87 05

[email protected]@.S7.>Hi......Zb

..............................

......................i...... t.....<............................3......5.......................@........Q.......q......,[4D....g..!.....`.......o...F......35...........Q...X9.l...........O...a..



unknown 82758 06 00 00 00 4b 00 65 00 79 00 00 00 06 00 00 00 4b 00 65 00 79 00 00 00 0a 00 00 00 45 00 76 00 65 00 6e 00 74 00 00 00 00 00 00 00 06 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 28 00 00 00 57 00 61 00 69 00 74 00 43 00 6f 00 6d 00 70 00 6c 00 65 00 74 00 69 00 6f 00 6e 00 50 00 61 00 63 00 6b 00 65 00 74 00 00 00 18 00 00 00 49 00 6f 00 43 00 6f 00 6d 00 70 00 6c 00 65 00 74 00 69 00 6f 00 6e 00 00 00 1e 00 00 00 54 00 70 00 57 00 6f 00 72 00 6b 00 65 00 72 00 46 00 61 00 63 00 74 00 6f 00 72 00 79 00 00 00 0e 00 00 00 49 00 52 00 54 00 69 00 6d 00 65 00 72 00 00 00 28 00 00 00 57 00 61 00 69 00 74 00 43 00 6f 00 6d 00 70 00 6c 00 65 00 74 00 69 00 6f 00 6e 00 50 00 61 00 63 00 6b 00 65 00 74 00 00 00 0e 00 00 00 49 00 52 00 54 00 69 00 6d 00 65 00 72

....K.e.y.......K.e.y.......E.v.e.n.t.......................(...W.a.i.t.C.o.m.p.l.e.t.i.o.n.P.a.c.k.e.t.......I.o.C.o.m.p.l.e.t.i.o.n.......T.p.W.o.r.k.e.r.F.a.c.t.o.r.y.......I.R.T.i.m.e.r...(...W.a.i.t.C.o.m.p.l.e.t.i.o.n.P.a.c.k.e.t.......I.R.T.i.m.e.r





unknown 120 03 00 00 00 14 05 00 00 08 07 00 00 04 00 00 00 34 45 00 00 28 0c 00 00 0e 00 00 00 cc 00 00 00 5c 51 00 00 05 00 00 00 54 16 00 00 c0 b7 00 00 06 00 00 00 a8 00 00 00 60 06 00 00 07 00 00 00 38 00 00 00 d4 00 00 00 0f 00 00 00 54 05 00 00 0c 01 00 00 0c 00 00 00 98 c7 00 00 6f fa 04 00 15 00 00 00 ec 01 00 00 28 52 00 00 16 00 00 00 98 00 00 00 14 54 00 00

................4E..(.........

..\Q......T...............`...

....8...........T.............

..o...........(R...........T..



unknown 2 ff fe .. success or wait 1 64BA497A unknown


unknown 78 3c 00 3f 00 78 00 6d 00 6c 00 20 00 76 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3d 00 22 00 31 00 2e 00 30 00 22 00 20 00 65 00 6e 00 63 00 6f 00 64 00 69 00 6e 00 67 00 3d 00 22 00 55 00 54 00 46 00 2d 00 31 00 36 00 22 00 3f 00 3e 00

<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.



unknown 4 0d 00 0a 00 .... success or wait 1 64BA497A unknown


unknown 38 3c 00 57 00 45 00 52 00 52 00 65 00 70 00 6f 00 72 00 74 00 4d 00 65 00 74 00 61 00 64 00 61 00 74 00 61 00 3e 00

<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.





unknown 2 09 00 .. success or wait 1 64BA497A unknown


unknown 44 3c 00 4f 00 53 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 82 3c 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 4e 00 54 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3e 00 31 00 30 00 2e 00 30 00 3c 00 2f 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 4e 00 54 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3e 00

<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.







unknown 40 3c 00 42 00 75 00 69 00 6c 00 64 00 3e 00 31 00 37 00 31 00 33 00 34 00 3c 00 2f 00 42 00 75 00 69 00 6c 00 64 00 3e 00

<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.









unknown 82 3c 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 3e 00 28 00 30 00 78 00 33 00 30 00 29 00 3a 00 20 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 20 00 31 00 30 00 20 00 50 00 72 00 6f 00 3c 00 2f 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 3e 00

<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.







unknown 62 3c 00 45 00 64 00 69 00 74 00 69 00 6f 00 6e 00 3e 00 50 00 72 00 6f 00 66 00 65 00 73 00 73 00 69 00 6f 00 6e 00 61 00 6c 00 3c 00 2f 00 45 00 64 00 69 00 74 00 69 00 6f 00 6e 00 3e 00

<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.







unknown 138 3c 00 42 00 75 00 69 00 6c 00 64 00 53 00 74 00 72 00 69 00 6e 00 67 00 3e 00 31 00 37 00 31 00 33 00 34 00 2e 00 31 00 36 00 35 00 2e 00 61 00 6d 00 64 00 36 00 34 00 66 00 72 00 65 00 2e 00 72 00 73 00 34 00 5f 00 72 00 65 00 6c 00 65 00 61 00 73 00 65 00 2e 00 31 00 38 00 30 00 34 00 31 00 30 00 2d 00 31 00 38 00 30 00 34 00 3c 00 2f 00 42 00 75 00 69 00 6c 00 64 00 53 00 74 00 72 00 69 00 6e 00 67 00 3e 00

<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1.6.5...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.







unknown 48 3c 00 52 00 65 00 76 00 69 00 73 00 69 00 6f 00 6e 00 3e 00 31 00 36 00 35 00 3c 00 2f 00 52 00 65 00 76 00 69 00 73 00 69 00 6f 00 6e 00 3e 00

<.R.e.v.i.s.i.o.n.>.1.6.5.<./.R.e.v.i.s.i.o.n.>.







unknown 72 3c 00 46 00 6c 00 61 00 76 00 6f 00 72 00 3e 00 4d 00 75 00 6c 00 74 00 69 00 70 00 72 00 6f 00 63 00 65 00 73 00 73 00 6f 00 72 00 20 00 46 00 72 00 65 00 65 00 3c 00 2f 00 46 00 6c 00 61 00 76 00 6f 00 72 00 3e 00

<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.









unknown 64 3c 00 41 00 72 00 63 00 68 00 69 00 74 00 65 00 63 00 74 00 75 00 72 00 65 00 3e 00 58 00 36 00 34 00 3c 00 2f 00 41 00 72 00 63 00 68 00 69 00 74 00 65 00 63 00 74 00 75 00 72 00 65 00 3e 00

<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.







unknown 34 3c 00 4c 00 43 00 49 00 44 00 3e 00 31 00 30 00 33 00 33 00 3c 00 2f 00 4c 00 43 00 49 00 44 00 3e 00

<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.







unknown 46 3c 00 2f 00 4f 00 53 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 40 3c 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 30 3c 00 50 00 69 00 64 00 3e 00 35 00 34 00 31 00 36 00 3c 00 2f 00 50 00 69 00 64 00 3e 00

<.P.i.d.>.5.4.1.6.<./.P.i.d.>. success or wait 1 64BA497A unknown






unknown 64 3c 00 49 00 6d 00 61 00 67 00 65 00 4e 00 61 00 6d 00 65 00 3e 00 45 00 58 00 43 00 45 00 4c 00 2e 00 45 00 58 00 45 00 3c 00 2f 00 49 00 6d 00 61 00 67 00 65 00 4e 00 61 00 6d 00 65 00 3e 00

<.I.m.a.g.e.N.a.m.e.>.E.X.C.E.L...E.X.E.<./.I.m.a.g.e.N.a.m.e.>.







unknown 90 3c 00 43 00 6d 00 64 00 4c 00 69 00 6e 00 65 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 3e 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 3c 00 2f 00 43 00 6d 00 64 00 4c 00 69 00 6e 00 65 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 3e 00

<.C.m.d.L.i.n.e.S.i.g.n.a.t.u.r.e.>.0.0.0.0.0.0.0.0.<./.C.m.d.L.i.n.e.S.i.g.n.a.t.u.r.e.>.









unknown 44 3c 00 55 00 70 00 74 00 69 00 6d 00 65 00 3e 00 39 00 37 00 38 00 38 00 31 00 3c 00 2f 00 55 00 70 00 74 00 69 00 6d 00 65 00 3e 00

<.U.p.t.i.m.e.>.9.7.8.8.1.<./.U.p.t.i.m.e.>.







unknown 82 3c 00 57 00 6f 00 77 00 36 00 34 00 20 00 67 00 75 00 65 00 73 00 74 00 3d 00 22 00 33 00 33 00 32 00 22 00 20 00 68 00 6f 00 73 00 74 00 3d 00 22 00 33 00 34 00 34 00 30 00 34 00 22 00 3e 00 31 00 3c 00 2f 00 57 00 6f 00 77 00 36 00 34 00 3e 00

<.W.o.w.6.4. .g.u.e.s.t.=.".3.3.2.". .h.o.s.t.=.".3.4.4.0.4.".>.1.<./.W.o.w.6.4.>.







unknown 52 3c 00 49 00 70 00 74 00 45 00 6e 00 61 00 62 00 6c 00 65 00 64 00 3e 00 30 00 3c 00 2f 00 49 00 70 00 74 00 45 00 6e 00 61 00 62 00 6c 00 65 00 64 00 3e 00

<.I.p.t.E.n.a.b.l.e.d.>.0.<./.I.p.t.E.n.a.b.l.e.d.>.







unknown 44 3c 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 56 00 6d 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<.P.r.o.c.e.s.s.V.m.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 88 3c 00 50 00 65 00 61 00 6b 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00 37 00 31 00 30 00 32 00 35 00 38 00 36 00 38 00 38 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00

<.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.>.7.1.0.2.5.8.6.8.8.<./.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.>.









unknown 72 3c 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00 36 00 38 00 39 00 37 00 35 00 38 00 32 00 30 00 38 00 3c 00 2f 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00

<.V.i.r.t.u.a.l.S.i.z.e.>.6.8.9.7.5.8.2.0.8.<./.V.i.r.t.u.a.l.S.i.z.e.>.







unknown 76 3c 00 50 00 61 00 67 00 65 00 46 00 61 00 75 00 6c 00 74 00 43 00 6f 00 75 00 6e 00 74 00 3e 00 36 00 34 00 39 00 38 00 38 00 3c 00 2f 00 50 00 61 00 67 00 65 00 46 00 61 00 75 00 6c 00 74 00 43 00 6f 00 75 00 6e 00 74 00 3e 00

<.P.a.g.e.F.a.u.l.t.C.o.u.n.t.>.6.4.9.8.8.<./.P.a.g.e.F.a.u.l.t.C.o.u.n.t.>.







unknown 100 3c 00 50 00 65 00 61 00 6b 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00 31 00 35 00 36 00 34 00 39 00 31 00 37 00 37 00 36 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00

<.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.1.5.6.4.9.1.7.7.6.<./.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.







unknown 82 3c 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00 35 00 33 00 38 00 37 00 30 00 35 00 39 00 32 00 3c 00 2f 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00

<.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.5.3.8.7.0.5.9.2.<./.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.







unknown 116 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 31 00 36 00 39 00 31 00 33 00 36 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.1.1.6.9.1.3.6.<./.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.









unknown 100 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 31 00 33 00 37 00 32 00 34 00 38 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.1.1.3.7.2.4.8.<./.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 126 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 35 00 31 00 35 00 35 00 32 00 38 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.5.1.5.5.2.8.<./.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 110 3c 00 51 00 75 00 6f 00 74 00 61 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 35 00 31 00 35 00 32 00 35 00 36 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.5.1.5.2.5.6.<./.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 80 3c 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 30 00 30 00 39 00 39 00 39 00 31 00 36 00 38 00 3c 00 2f 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.a.g.e.f.i.l.e.U.s.a.g.e.>.1.0.0.9.9.9.1.6.8.<./.P.a.g.e.f.i.l.e.U.s.a.g.e.>.









unknown 96 3c 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 31 00 32 00 30 00 38 00 37 00 30 00 34 00 30 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.>.1.1.2.0.8.7.0.4.0.<./.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.>.







unknown 76 3c 00 50 00 72 00 69 00 76 00 61 00 74 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 30 00 30 00 39 00 39 00 39 00 31 00 36 00 38 00 3c 00 2f 00 50 00 72 00 69 00 76 00 61 00 74 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.r.i.v.a.t.e.U.s.a.g.e.>.1.0.0.9.9.9.1.6.8.<./.P.r.i.v.a.t.e.U.s.a.g.e.>.







unknown 46 3c 00 2f 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 56 00 6d 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<./.P.r.o.c.e.s.s.V.m.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 30 3c 00 50 00 61 00 72 00 65 00 6e 00 74 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 3e 00

<.P.a.r.e.n.t.P.r.o.c.e.s.s.>. success or wait 1 64BA497A unknown














unknown 28 3c 00 50 00 69 00 64 00 3e 00 37 00 30 00 30 00 3c 00 2f 00 50 00 69 00 64 00 3e 00

<.P.i.d.>.7.0.0.<./.P.i.d.>. success or wait 1 64BA497A unknown






unknown 68 3c 00 49 00 6d 00 61 00 67 00 65 00 4e 00 61 00 6d 00 65 00 3e 00 73 00 76 00 63 00 68 00 6f 00 73 00 74 00 2e 00 65 00 78 00 65 00 3c 00 2f 00 49 00 6d 00 61 00 67 00 65 00 4e 00 61 00 6d 00 65 00 3e 00

<.I.m.a.g.e.N.a.m.e.>.s.v.c.h.o.s.t...e.x.e.<./.I.m.a.g.e.N.a.m.e.>.

















unknown 48 3c 00 55 00 70 00 74 00 69 00 6d 00 65 00 3e 00 35 00 34 00 35 00 34 00 39 00 36 00 30 00 3c 00 2f 00 55 00 70 00 74 00 69 00 6d 00 65 00 3e 00

<.U.p.t.i.m.e.>.5.4.5.4.9.6.0.<./.U.p.t.i.m.e.>.







unknown 78 3c 00 57 00 6f 00 77 00 36 00 34 00 20 00 67 00 75 00 65 00 73 00 74 00 3d 00 22 00 30 00 22 00 20 00 68 00 6f 00 73 00 74 00 3d 00 22 00 33 00 34 00 34 00 30 00 34 00 22 00 3e 00 30 00 3c 00 2f 00 57 00 6f 00 77 00 36 00 34 00 3e 00

<.W.o.w.6.4. .g.u.e.s.t.=.".0.". .h.o.s.t.=.".3.4.4.0.4.".>.0.<./.W.o.w.6.4.>.

























unknown 90 3c 00 50 00 65 00 61 00 6b 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00 34 00 32 00 39 00 34 00 39 00 36 00 37 00 32 00 39 00 35 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00

<.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.>.4.2.9.4.9.6.7.2.9.5.<./.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.>.







unknown 74 3c 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00 34 00 32 00 39 00 34 00 39 00 36 00 37 00 32 00 39 00 35 00 3c 00 2f 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00

<.V.i.r.t.u.a.l.S.i.z.e.>.4.2.9.4.9.6.7.2.9.5.<./.V.i.r.t.u.a.l.S.i.z.e.>.















unknown 98 3c 00 50 00 65 00 61 00 6b 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00 32 00 30 00 34 00 35 00 31 00 33 00 32 00 38 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00

<.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.2.0.4.5.1.3.2.8.<./.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.







unknown 80 3c 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00 35 00 30 00 30 00 35 00 33 00 31 00 32 00 3c 00 2f 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00

<.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.5.0.0.5.3.1.2.<./.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.









unknown 114 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 35 00 30 00 33 00 32 00 34 00 30 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.5.0.3.2.4.0.<./.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 98 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 34 00 32 00 33 00 37 00 36 00 30 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.4.2.3.7.6.0.<./.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 124 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 32 00 34 00 38 00 39 00 36 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.2.4.8.9.6.<./.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 108 3c 00 51 00 75 00 6f 00 74 00 61 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 32 00 33 00 34 00 30 00 38 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.2.3.4.0.8.<./.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.









unknown 76 3c 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 38 00 32 00 33 00 37 00 30 00 35 00 36 00 3c 00 2f 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.a.g.e.f.i.l.e.U.s.a.g.e.>.8.2.3.7.0.5.6.<./.P.a.g.e.f.i.l.e.U.s.a.g.e.>.







unknown 92 3c 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 38 00 34 00 37 00 34 00 36 00 32 00 34 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.>.8.4.7.4.6.2.4.<./.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.>.







unknown 72 3c 00 50 00 72 00 69 00 76 00 61 00 74 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 38 00 32 00 33 00 37 00 30 00 35 00 36 00 3c 00 2f 00 50 00 72 00 69 00 76 00 61 00 74 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.r.i.v.a.t.e.U.s.a.g.e.>.8.2.3.7.0.5.6.<./.P.r.i.v.a.t.e.U.s.a.g.e.>.















unknown 42 3c 00 2f 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<./.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 32 3c 00 2f 00 50 00 61 00 72 00 65 00 6e 00 74 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 3e 00

<./.P.a.r.e.n.t.P.r.o.c.e.s.s.>.

















unknown 38 3c 00 50 00 72 00 6f 00 62 00 6c 00 65 00 6d 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 73 00 3e 00

<.P.r.o.b.l.e.m.S.i.g.n.a.t.u.r.e.s.>.







unknown 62 3c 00 45 00 76 00 65 00 6e 00 74 00 54 00 79 00 70 00 65 00 3e 00 41 00 50 00 50 00 43 00 52 00 41 00 53 00 48 00 3c 00 2f 00 45 00 76 00 65 00 6e 00 74 00 54 00 79 00 70 00 65 00 3e 00

<.E.v.e.n.t.T.y.p.e.>.A.P.P.C.R.A.S.H.<./.E.v.e.n.t.T.y.p.e.>.







unknown 68 3c 00 50 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72 00 30 00 3e 00 45 00 58 00 43 00 45 00 4c 00 2e 00 45 00 58 00 45 00 3c 00 2f 00 50 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72 00 30 00 3e 00

<.P.a.r.a.m.e.t.e.r.0.>.E.X.C.E.L...E.X.E.<./.P.a.r.a.m.e.t.e.r.0.>.







unknown 40 3c 00 2f 00 50 00 72 00 6f 00 62 00 6c 00 65 00 6d 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 73 00 3e 00

<./.P.r.o.b.l.e.m.S.i.g.n.a.t.u.r.e.s.>.







unknown 38 3c 00 44 00 79 00 6e 00 61 00 6d 00 69 00 63 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 73 00 3e 00

<.D.y.n.a.m.i.c.S.i.g.n.a.t.u.r.e.s.>.







unknown 96 3c 00 50 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72 00 31 00 3e 00 31 00 30 00 2e 00 30 00 2e 00 31 00 37 00 31 00 33 00 34 00 2e 00 32 00 2e 00 30 00 2e 00 30 00 2e 00 32 00 35 00 36 00 2e 00 34 00 38 00 3c 00 2f 00 50 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72 00 31 00 3e 00

<.P.a.r.a.m.e.t.e.r.1.>.1.0...0...1.7.1.3.4...2...0...0...2.5.6...4.8.<./.P.a.r.a.m.e.t.e.r.1.>.









unknown 40 3c 00 2f 00 44 00 79 00 6e 00 61 00 6d 00 69 00 63 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 73 00 3e 00

<./.D.y.n.a.m.i.c.S.i.g.n.a.t.u.r.e.s.>.







unknown 38 3c 00 53 00 79 00 73 00 74 00 65 00 6d 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<.S.y.s.t.e.m.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 94 3c 00 4d 00 49 00 44 00 3e 00 45 00 33 00 38 00 42 00 36 00 30 00 42 00 33 00 2d 00 35 00 46 00 46 00 41 00 2d 00 34 00 46 00 38 00 38 00 2d 00 41 00 41 00 35 00 38 00 2d 00 43 00 44 00 44 00 34 00 39 00 37 00 45 00 37 00 43 00 42 00 32 00 32 00 3c 00 2f 00 4d 00 49 00 44 00 3e 00

<.M.I.D.>.E.3.8.B.6.0.B.3.-.5.F.F.A.-.4.F.8.8.-.A.A.5.8.-.C.D.D.4.9.7.E.7.C.B.2.2.<./.M.I.D.>.







unknown 106 3c 00 53 00 79 00 73 00 74 00 65 00 6d 00 4d 00 61 00 6e 00 75 00 66 00 61 00 63 00 74 00 75 00 72 00 65 00 72 00 3e 00 61 00 6a 00 67 00 63 00 71 00 67 00 68 00 20 00 47 00 6d 00 62 00 48 00 3c 00 2f 00 53 00 79 00 73 00 74 00 65 00 6d 00 4d 00 61 00 6e 00 75 00 66 00 61 00 63 00 74 00 75 00 72 00 65 00 72 00 3e 00

<.S.y.s.t.e.m.M.a.n.u.f.a.c.t.u.r.e.r.>.a.j.g.c.q.g.h. .G.m.b.H.<./.S.y.s.t.e.m.M.a.n.u.f.a.c.t.u.r.e.r.>.







unknown 98 3c 00 53 00 79 00 73 00 74 00 65 00 6d 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 3e 00 70 00 6c 00 78 00 63 00 6b 00 6b 00 6a 00 65 00 6c 00 63 00 3c 00 2f 00 53 00 79 00 73 00 74 00 65 00 6d 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 3e 00

<.S.y.s.t.e.m.P.r.o.d.u.c.t.N.a.m.e.>.p.l.x.c.k.k.j.e.l.c.<./.S.y.s.t.e.m.P.r.o.d.u.c.t.N.a.m.e.>.









unknown 74 3c 00 42 00 49 00 4f 00 53 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3e 00 70 00 6c 00 78 00 63 00 6b 00 6b 00 6a 00 65 00 6c 00 63 00 3c 00 2f 00 42 00 49 00 4f 00 53 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3e 00

<.B.I.O.S.V.e.r.s.i.o.n.>.p.l.x.c.k.k.j.e.l.c.<./.B.I.O.S.V.e.r.s.i.o.n.>.







unknown 82 3c 00 4f 00 53 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 44 00 61 00 74 00 65 00 3e 00 31 00 35 00 35 00 38 00 31 00 32 00 33 00 36 00 31 00 36 00 3c 00 2f 00 4f 00 53 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 44 00 61 00 74 00 65 00 3e 00

<.O.S.I.n.s.t.a.l.l.D.a.t.e.>.1.5.5.8.1.2.3.6.1.6.<./.O.S.I.n.s.t.a.l.l.D.a.t.e.>.







unknown 102 3c 00 4f 00 53 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 54 00 69 00 6d 00 65 00 3e 00 32 00 30 00 31 00 38 00 2d 00 30 00 37 00 2d 00 31 00 32 00 54 00 30 00 39 00 3a 00 30 00 32 00 3a 00 35 00 36 00 5a 00 3c 00 2f 00 4f 00 53 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 54 00 69 00 6d 00 65 00 3e 00

<.O.S.I.n.s.t.a.l.l.T.i.m.e.>.2.0.1.8.-.0.7.-.1.2.T.0.9.:.0.2.:.5.6.Z.<./.O.S.I.n.s.t.a.l.l.T.i.m.e.>.







unknown 68 3c 00 54 00 69 00 6d 00 65 00 5a 00 6f 00 6e 00 65 00 42 00 69 00 61 00 73 00 3e 00 30 00 38 00 3a 00 30 00 30 00 3c 00 2f 00 54 00 69 00 6d 00 65 00 5a 00 6f 00 6e 00 65 00 42 00 69 00 61 00 73 00 3e 00

<.T.i.m.e.Z.o.n.e.B.i.a.s.>.0.8.:.0.0.<./.T.i.m.e.Z.o.n.e.B.i.a.s.>.







unknown 40 3c 00 2f 00 53 00 79 00 73 00 74 00 65 00 6d 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<./.S.y.s.t.e.m.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 34 3c 00 53 00 65 00 63 00 75 00 72 00 65 00 42 00 6f 00 6f 00 74 00 53 00 74 00 61 00 74 00 65 00 3e 00

<.S.e.c.u.r.e.B.o.o.t.S.t.a.t.e.>.









unknown 114 3c 00 55 00 45 00 46 00 49 00 53 00 65 00 63 00 75 00 72 00 65 00 42 00 6f 00 6f 00 74 00 45 00 6e 00 61 00 62 00 6c 00 65 00 64 00 3e 00 4e 00 6f 00 74 00 43 00 61 00 70 00 61 00 62 00 6c 00 65 00 3c 00 2f 00 55 00 45 00 46 00 49 00 53 00 65 00 63 00 75 00 72 00 65 00 42 00 6f 00 6f 00 74 00 45 00 6e 00 61 00 62 00 6c 00 65 00 64 00 3e 00

<.U.E.F.I.S.e.c.u.r.e.B.o.o.t.E.n.a.b.l.e.d.>.N.o.t.C.a.p.a.b.l.e.<./.U.E.F.I.S.e.c.u.r.e.B.o.o.t.E.n.a.b.l.e.d.>.







unknown 36 3c 00 2f 00 53 00 65 00 63 00 75 00 72 00 65 00 42 00 6f 00 6f 00 74 00 53 00 74 00 61 00 74 00 65 00 3e 00

<./.S.e.c.u.r.e.B.o.o.t.S.t.a.t.e.>.







unknown 24 3c 00 49 00 6e 00 74 00 65 00 67 00 72 00 61 00 74 00 6f 00 72 00 3e 00

<.I.n.t.e.g.r.a.t.o.r.>. success or wait 1 64BA497A unknown






unknown 46 3c 00 46 00 6c 00 61 00 67 00 73 00 3e 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 42 00 3c 00 2f 00 46 00 6c 00 61 00 67 00 73 00 3e 00

<.F.l.a.g.s.>.0.0.0.0.0.0.0.B.<./.F.l.a.g.s.>.







unknown 26 3c 00 2f 00 49 00 6e 00 74 00 65 00 67 00 72 00 61 00 74 00 6f 00 72 00 3e 00

<./.I.n.t.e.g.r.a.t.o.r.>. success or wait 1 64BA497A unknown






unknown 100 3c 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 54 00 69 00 6d 00 65 00 6c 00 69 00 6e 00 65 00 73 00 20 00 42 00 61 00 73 00 65 00 54 00 69 00 6d 00 65 00 3d 00 22 00 32 00 30 00 32 00 30 00 2d 00 30 00 36 00 2d 00 31 00 33 00 54 00 30 00 32 00 3a 00 32 00 31 00 3a 00 33 00 34 00 5a 00 22 00 3e 00

<.P.r.o.c.e.s.s.T.i.m.e.l.i.n.e.s. .B.a.s.e.T.i.m.e.=.".2.0.2.0.-.0.6.-.1.3.T.0.2.:.2.1.:.3.4.Z.".>.









unknown 266 3c 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 20 00 41 00 73 00 49 00 64 00 3d 00 22 00 33 00 38 00 36 00 22 00 20 00 50 00 49 00 44 00 3d 00 22 00 35 00 34 00 31 00 36 00 22 00 20 00 55 00 70 00 74 00 69 00 6d 00 65 00 4d 00 53 00 3d 00 22 00 39 00 33 00 30 00 38 00 31 00 22 00 20 00 54 00 69 00 6d 00 65 00 53 00 69 00 6e 00 63 00 65 00 43 00 72 00 65 00 61 00 74 00 69 00 6f 00 6e 00 4d 00 53 00 3d 00 22 00 39 00 33 00 30 00 38 00 31 00 22 00 20 00 53 00 75 00 73 00 70 00 65 00 6e 00 64 00 65 00 64 00 4d 00 53 00 3d 00 22 00 30 00 22 00 20 00 48 00 61 00 6e 00 67 00 43 00 6f 00 75 00 6e 00 74 00 3d 00 22 00 30 00 22 00 20 00 47 00 68 00 6f 00 73 00 74 00 43 00 6f 00 75 00 6e 00 74 00 3d 00 22 00 31 00 22 00 20 00 43 00 72 00 61 00 73 00 68 00 65 00 64

<.P.r.o.c.e.s.s. .A.s.I.d.=.".3.8.6.". .P.I.D.=.".5.4.1.6.". .U.p.t.i.m.e.M.S.=.".9.3.0.8.1.". .T.i.m.e.S.i.n.c.e.C.r.e.a.t.i.o.n.M.S.=.".9.3.0.8.1.". .S.u.s.p.e.n.d.e.d.M.S.=.".0.". .H.a.n.g.C.o.u.n.t.=.".0.". .G.h.o.s.t.C.o.u.n.t.=.".1.". .C.r.a.s.h.e.d







unknown 20 3c 00 2f 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 3e 00

<./.P.r.o.c.e.s.s.>. success or wait 1 64BA497A unknown






unknown 38 3c 00 2f 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 54 00 69 00 6d 00 65 00 6c 00 69 00 6e 00 65 00 73 00 3e 00

<./.P.r.o.c.e.s.s.T.i.m.e.l.i.n.e.s.>.







unknown 38 3c 00 52 00 65 00 70 00 6f 00 72 00 74 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<.R.e.p.o.r.t.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 98 3c 00 47 00 75 00 69 00 64 00 3e 00 39 00 31 00 65 00 62 00 61 00 32 00 63 00 63 00 2d 00 33 00 32 00 36 00 64 00 2d 00 34 00 33 00 35 00 62 00 2d 00 61 00 31 00 37 00 35 00 2d 00 39 00 63 00 37 00 35 00 62 00 63 00 32 00 31 00 64 00 63 00 66 00 36 00 3c 00 2f 00 47 00 75 00 69 00 64 00 3e 00

<.G.u.i.d.>.9.1.e.b.a.2.c.c.-.3.2.6.d.-.4.3.5.b.-.a.1.7.5.-.9.c.7.5.b.c.2.1.d.c.f.6.<./.G.u.i.d.>.









unknown 98 3c 00 43 00 72 00 65 00 61 00 74 00 69 00 6f 00 6e 00 54 00 69 00 6d 00 65 00 3e 00 32 00 30 00 32 00 30 00 2d 00 30 00 36 00 2d 00 31 00 33 00 54 00 30 00 32 00 3a 00 32 00 31 00 3a 00 33 00 34 00 5a 00 3c 00 2f 00 43 00 72 00 65 00 61 00 74 00 69 00 6f 00 6e 00 54 00 69 00 6d 00 65 00 3e 00

<.C.r.e.a.t.i.o.n.T.i.m.e.>.2.0.2.0.-.0.6.-.1.3.T.0.2.:.2.1.:.3.4.Z.<./.C.r.e.a.t.i.o.n.T.i.m.e.>.







unknown 40 3c 00 2f 00 52 00 65 00 70 00 6f 00 72 00 74 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<./.R.e.p.o.r.t.I.n.f.o.r.m.a.t.i.o.n.>.





unknown 40 3c 00 2f 00 57 00 45 00 52 00 52 00 65 00 70 00 6f 00 72 00 74 00 4d 00 65 00 74 00 61 00 64 00 61 00 74 00 61 00 3e 00

<./.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.


C:\ProgramData\Microsoft\Windows\WER\Temp\WER42F3.tmp.xml

unknown 4574 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 79 65 73 22 3f 3e 0d 0a 3c 72 65 71 20 76 65 72 3d 22 32 22 3e 0d 0a 20 20 3c 74 6c 6d 3e 0d 0a 20 20 20 20 3c 73 72 63 3e 0d 0a 20 20 20 20 20 20 3c 64 65 73 63 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 61 63 68 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 6f 73 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 72 67 20 6e 6d 3d 22 76 65 72 6d 61 6a 22 20 76 61 6c 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 72 67 20 6e 6d 3d 22 76 65 72 6d 69 6e 22 20 76 61 6c 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 72 67 20 6e 6d 3d 22 76 65 72 62 6c 64 22 20 76 61 6c 3d 22

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="





unknown 22 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3d 00 31 00 0d 00 0a 00

V.e.r.s.i.o.n.=.1..... success or wait 288 64BA497A unknown





unknown 46 4d 00 65 00 74 00 61 00 64 00 61 00 74 00 61 00 48 00 61 00 73 00 68 00 3d 00 31 00 34 00 39 00 39 00 31 00 33 00 37 00 34 00 34 00 31 00

M.e.t.a.d.a.t.a.H.a.s.h.=.1.4.9.9.1.3.7.4.4.1.




HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{11517B7C-E79D-4e20-961B-75A811715ADD}

success or wait 1 64BC36BF unknown

\REGISTRY\A\{02e1dbea-cb29-7acb-f87d-d24758c6644c}\Root success or wait 1 64BC36BF unknown

\REGISTRY\A\{02e1dbea-cb29-7acb-f87d-d24758c6644c}\Root\InventoryApplicationFile success or wait 1 64BC36BF unknown

\REGISTRY\A\{02e1dbea-cb29-7acb-f87d-d24758c6644c}\Root\InventoryApplicationFile\PermissionsCheckTestKey success or wait 1 64BC36BF unknown

\REGISTRY\A\{02e1dbea-cb29-7acb-f87d-d24758c6644c}\Root\InventoryApplicationFile\PermissionsCheckTestKey success or wait 1 64BC36BF unknown

\REGISTRY\A\{02e1dbea-cb29-7acb-f87d-d24758c6644c}\Root\InventoryApplicationFile\excel.exe|d697219a success or wait 1 64BC36BF unknown

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug success or wait 1 64BC1FB2 RegCreateKeyExW

\REGISTRY\A\{02e1dbea-cb29-7acb-f87d-d24758c6644c}\Root\InventoryApplicationFile\PermissionsCheckTestKey success or wait 1 64BA43D1 unknown


\REGISTRY\A\{02e1dbea-cb29-7acb-f87d-d24758c6644c}\Root\InventoryApplicationFile

WritePermissionsCheck dword 1 success or wait 1 64BC36BF unknown

\REGISTRY\A\{02e1dbea-cb29-7acb-f87d-d24758c6644c}\Root\InventoryApplicationFile

ProviderSyncId unicode {c77f63cc-93fb-4630-b248-f186b0a9dc97}


\REGISTRY\A\{02e1dbea-cb29-7acb-f87d-d24758c6644c}\Root\InventoryApplicationFile\excel.exe|d697219a

ProgramId unicode 0006264323c240c3ac04a368779ffccdfdb300000000



FileId unicode 0000a7117f414fe09e348903ed619a02b0c659711a62



LowerCaseLongPath unicode c:\program files (x86)\microsoft office\root\office16\excel.exe



LongPathHash unicode excel.exe|d697219a success or wait 1 64BC36BF unknown


Name unicode EXCEL.EXE success or wait 1 64BC36BF unknown


Publisher unicode microsoft corporation success or wait 1 64BC36BF unknown


Version unicode 16.0.11001.20108 success or wait 1 64BC36BF unknown


BinFileVersion unicode 16.0.11001.20108 success or wait 1 64BC36BF unknown


BinaryType unicode pe32_i386 success or wait 1 64BC36BF unknown


ProductName unicode microsoft office success or wait 1 64BC36BF unknown


ProductVersion unicode 16.0.11001.20108 success or wait 1 64BC36BF unknown


LinkDate unicode 11/12/2018 02:39:06 success or wait 1 64BC36BF unknown


BinProductVersion unicode 16.0.11001.20108 success or wait 1 64BC36BF unknown


Size B 18 29 9D 02 00 00 00 00 success or wait 1 64BC36BF unknown


Key Value CreatedKey Value Created



Language dword 0 success or wait 1 64BC36BF unknown


IsPeFile dword 1 success or wait 1 64BC36BF unknown


IsOsComponent dword 0 success or wait 1 64BC36BF unknown


Usn B F0 39 3D 07 00 00 00 00 success or wait 1 64BC36BF unknown

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug

ExceptionRecord binary 05 00 00 C0 00 00 00 00 00 00 00 00 90 FF 4B 77 02 00 00 00 00 00 00 00 00 00 A8 F3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

success or wait 1 64BC1FE8 RegSetValueExW


Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager

PendingFileRenameOperations

unicode array

\??\C:\Program Files (x86)\Google\Update\1.3.34.11

\??\C:\Program Files (x86)\Google\Update\1.3.34.11\??\C:\Windows\AppCompat\Programs\Amcache.hve.tmp!\??\C:\Windows\AppCompat\Programs\Amcache.hve








Imagebase: 0xa10000





Reputation: high


C:\Users\user\AppData\Local\DBG read data or list directory | synchronize


object name collision 1 64BB1717 unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1ED9.tmp read attributes | synchronize | generic read



C:\ProgramData\Microsoft\Windows\WER\Temp\WER1ED9.tmp.dmp read attributes | synchronize | generic read | generic write



C:\ProgramData\Microsoft\Windows\WER\Temp\WER24A7.tmp read attributes | synchronize | generic read



Key Value ModifiedKey Value Modified


General



C:\ProgramData\Microsoft\Windows\WER\Temp\WER24A7.tmp.WERInternalMetadata.xml




C:\ProgramData\Microsoft\Windows\WER\Temp\WER2515.tmp read attributes | synchronize | generic read



C:\ProgramData\Microsoft\Windows\WER\Temp\WER2515.tmp.xml read attributes | synchronize | generic read | generic write



C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_5ba28ef63b8bb90deff13a5945431f4197fe71a_d21a61c2_126c269a

read data or list directory | synchronize




read attributes | synchronize | generic write





C:\ProgramData\Microsoft\Windows\WER\Temp\WER1ED9.tmp success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER24A7.tmp success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2515.tmp success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1ED9.tmp.dmp success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER24A7.tmp.WERInternalMetadata.xml success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2515.tmp.xml success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2508.tmp.csv success or wait 1 64BA497A unknown

C:\ProgramData\Microsoft\Windows\WER\Temp\WER268F.tmp.txt success or wait 1 64BA497A unknown


C:\ProgramData\Microsoft\Windows\WER\Temp\WER1ED9.tmp.dmp

unknown 32 4d 44 4d 50 93 a7 ee a0 0f 00 00 00 20 00 00 00 00 00 00 00 67 38 e4 5e a4 05 12 00 00 00 00 00

MDMP........ .......g8.^........ success or wait 1 64BA497A unknown


unknown 6 00 00 00 00 00 00 ...... success or wait 1 64BA497A unknown





unknown 1420 00 00 06 00 02 3f 04 01 0a 00 00 00 00 00 00 00 ee 42 00 00 02 00 00 00 ac 54 00 00 00 01 00 00 47 65 6e 75 69 6e 65 49 6e 74 65 6c f2 06 03 00 ff fb 8b 17 00 00 00 00 54 05 00 00 f7 03 00 00 28 15 00 00 cc 37 e4 5e 05 00 00 00 3a 00 00 00 a4 0d 00 00 a4 0d 00 00 a4 0d 00 00 01 00 00 00 01 00 00 00 00 30 00 00 0d 00 00 00 00 00 00 00 02 00 00 00 e0 01 00 00 50 00 61 00 63 00 69 00 66 00 69 00 63 00 20 00 53 00 74 00 61 00 6e 00 64 00 61 00 72 00 64 00 20 00 54 00 69 00 6d 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 00 00 50 00 61 00 63 00 69 00 66 00 69 00 63 00 20 00 44 00 61 00 79 00 6c 00 69 00 67 00 68 00 74 00 20 00 54 00 69 00 6d 00 65 00 00 00 00 00 00 00 00 00 00

.....?...........B.......T....

..GenuineIntel............T...

....(....7.^....:.............

...........0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e..........



unknown 716 7f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa 2b 00 00 00 53 00 00 00 2b 00 00 00 2b 00 00 00 c8 53 25 1b 00 00 a8 f3 00 00 00 00 c8 53 25 1b 11 00 00 00 11 00 00 00 c0 f5 90 19 90 ff 4b 77 23 00 00 00 86 02 01 00 88 f5 90 19 2b 00 00 00 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa

..............................

..............................

..............................

..............................

....................+...S...+.

..+....S%..........S%.........

......Kw#...........+.........

..............................

...............





unknown 168 f0 17 00 00 00 00 00 00 05 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 90 ff 4b 77 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 f3 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 02 00 00 70 69 00 00

..........................Kw..

..............................

..............................

..............................

..............................

..............pi..



unknown 20 d9 00 00 00 e0 73 d0 03 00 00 00 00 04 00 00 00 54 c5 00 00

.....s..........T... success or wait 217 64BA497A unknown


unknown 4 44 24 89 6d D$.m success or wait 216 64BA497A unknown


unknown 4 74 99 3b 6d t.;m success or wait 1 64BA497A unknown


unknown 4 1b 00 00 00 .... success or wait 27 64BA497A unknown


unknown 716 3f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa 2b 00 00 00 53 00 00 00 2b 00 00 00 2b 00 00 00 aa aa aa aa aa aa aa aa 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 b7 96 03 9c 2b cf 76 23 00 00 00 06 02 00 00 5c b6 96 03 2b 00 00 00 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa

?...........................................................................................................................................+...S...+...+................................+.v#.......\...+......................................................



unknown 48 f0 17 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 f0 6b 03 00 00 00 00 6c ee 90 19 00 00 00 00 94 11 00 00 21 0b 03 00 cc 02 00 00 f4 b4 00 00

........ .........k.....l.....

......!...........success or wait 1 64BA497A unknown


unknown 4 a4 00 00 00 .... success or wait 164 64BA497A unknown


unknown 24 12 00 00 00 45 00 58 00 43 00 45 00 4c 00 2e 00 45 00 58 00 45 00 00 00

....E.X.C.E.L...E.X.E... success or wait 164 64BA497A unknown




unknown 120 00 00 a8 03 00 00 00 00 00 c0 04 00 00 00 00 00 50 a0 f1 5a 58 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 18 00 00 00 08 00 00 00

................P..ZXh........

..............................

..............................

..............................



unknown 54 30 00 00 00 72 00 65 00 73 00 6f 00 75 00 72 00 63 00 65 00 70 00 6f 00 6c 00 69 00 63 00 79 00 63 00 6c 00 69 00 65 00 6e 00 74 00 2e 00 64 00 6c 00 6c 00 00 00

0...r.e.s.o.u.r.c.e.p.o.l.i.c.y.c.l.i.e.n.t...d.l.l...



unknown 668 00 00 9f 64 00 00 00 00 00 00 40 00 69 49 40 00 53 37 f1 3e 48 69 00 00 01 00 0f 00 5a 62 02 00 00 10 00 00 8d ff 07 00 01 00 00 00 ef ff 07 00 00 00 01 00 00 00 01 00 00 00 00 00 ff ff fe 7f 00 00 00 00 0f 00 00 00 00 00 00 00 04 00 00 00 00 20 4c 00 00 00 00 00 00 20 74 02 00 00 00 00 71 e6 02 00 00 01 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 74 94 03 00 00 00 00 00 95 33 04 00 00 00 00 00 35 b6 01 00 00 00 00 00 58 1d 1b 00 00 00 00 00 e8 e1 04 00 00 00 00 00 40 ff 1f 00 00 00 00 00 e0 51 06 00 00 00 00 00 c0 1f 26 26 01 00 00 00 65 04 48 4b 00 00 00 00 93 4d 09 23 00 00 00 00 59 4f d0 03 00 00 00 00 69 79 08 00 62 82 05 00 55 f3 05 00 2e 55 05 00 e8 e1 04 00 8d ff 10 00 e0 51 06 00 4e 65 42 00 75 dd 01 00 59 2e 1f 00 00 00 00 00 44 00 22 00 d1 8a 05

[email protected]@.S7.>Hi......Zb

..............................

..................... L...... t.....q...................t........3......5.......X...............@........Q........&&....e.HK.....M.#....YO......iy..b...U....U...........Q..NeB.u...Y.......D."....





unknown 82898 06 00 00 00 4b 00 65 00 79 00 00 00 06 00 00 00 4b 00 65 00 79 00 00 00 0a 00 00 00 45 00 76 00 65 00 6e 00 74 00 00 00 00 00 00 00 06 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 28 00 00 00 57 00 61 00 69 00 74 00 43 00 6f 00 6d 00 70 00 6c 00 65 00 74 00 69 00 6f 00 6e 00 50 00 61 00 63 00 6b 00 65 00 74 00 00 00 18 00 00 00 49 00 6f 00 43 00 6f 00 6d 00 70 00 6c 00 65 00 74 00 69 00 6f 00 6e 00 00 00 1e 00 00 00 54 00 70 00 57 00 6f 00 72 00 6b 00 65 00 72 00 46 00 61 00 63 00 74 00 6f 00 72 00 79 00 00 00 0e 00 00 00 49 00 52 00 54 00 69 00 6d 00 65 00 72 00 00 00 28 00 00 00 57 00 61 00 69 00 74 00 43 00 6f 00 6d 00 70 00 6c 00 65 00 74 00 69 00 6f 00 6e 00 50 00 61 00 63 00 6b 00 65 00 74 00 00 00 0e 00 00 00 49 00 52 00 54 00 69 00 6d 00 65 00 72

....K.e.y.......K.e.y.......E.v.e.n.t.......................(...W.a.i.t.C.o.m.p.l.e.t.i.o.n.P.a.c.k.e.t.......I.o.C.o.m.p.l.e.t.i.o.n.......T.p.W.o.r.k.e.r.F.a.c.t.o.r.y.......I.R.T.i.m.e.r...(...W.a.i.t.C.o.m.p.l.e.t.i.o.n.P.a.c.k.e.t.......I.R.T.i.m.e.r



unknown 120 03 00 00 00 14 05 00 00 08 07 00 00 04 00 00 00 34 45 00 00 28 0c 00 00 0e 00 00 00 cc 00 00 00 5c 51 00 00 05 00 00 00 94 0d 00 00 c0 b7 00 00 06 00 00 00 a8 00 00 00 60 06 00 00 07 00 00 00 38 00 00 00 d4 00 00 00 0f 00 00 00 54 05 00 00 0c 01 00 00 0c 00 00 00 e8 c7 00 00 bb fc 03 00 15 00 00 00 ec 01 00 00 28 52 00 00 16 00 00 00 98 00 00 00 14 54 00 00

................4E..(.........

..\Q......................`...

....8...........T.............

..............(R...........T..





unknown 78 3c 00 3f 00 78 00 6d 00 6c 00 20 00 76 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3d 00 22 00 31 00 2e 00 30 00 22 00 20 00 65 00 6e 00 63 00 6f 00 64 00 69 00 6e 00 67 00 3d 00 22 00 55 00 54 00 46 00 2d 00 31 00 36 00 22 00 3f 00 3e 00

<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.





unknown 38 3c 00 57 00 45 00 52 00 52 00 65 00 70 00 6f 00 72 00 74 00 4d 00 65 00 74 00 61 00 64 00 61 00 74 00 61 00 3e 00

<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.









unknown 44 3c 00 4f 00 53 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 82 3c 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 4e 00 54 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3e 00 31 00 30 00 2e 00 30 00 3c 00 2f 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 4e 00 54 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3e 00

<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.







unknown 40 3c 00 42 00 75 00 69 00 6c 00 64 00 3e 00 31 00 37 00 31 00 33 00 34 00 3c 00 2f 00 42 00 75 00 69 00 6c 00 64 00 3e 00

<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.







unknown 82 3c 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 3e 00 28 00 30 00 78 00 33 00 30 00 29 00 3a 00 20 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 20 00 31 00 30 00 20 00 50 00 72 00 6f 00 3c 00 2f 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 3e 00

<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.







unknown 62 3c 00 45 00 64 00 69 00 74 00 69 00 6f 00 6e 00 3e 00 50 00 72 00 6f 00 66 00 65 00 73 00 73 00 69 00 6f 00 6e 00 61 00 6c 00 3c 00 2f 00 45 00 64 00 69 00 74 00 69 00 6f 00 6e 00 3e 00

<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.









unknown 138 3c 00 42 00 75 00 69 00 6c 00 64 00 53 00 74 00 72 00 69 00 6e 00 67 00 3e 00 31 00 37 00 31 00 33 00 34 00 2e 00 31 00 36 00 35 00 2e 00 61 00 6d 00 64 00 36 00 34 00 66 00 72 00 65 00 2e 00 72 00 73 00 34 00 5f 00 72 00 65 00 6c 00 65 00 61 00 73 00 65 00 2e 00 31 00 38 00 30 00 34 00 31 00 30 00 2d 00 31 00 38 00 30 00 34 00 3c 00 2f 00 42 00 75 00 69 00 6c 00 64 00 53 00 74 00 72 00 69 00 6e 00 67 00 3e 00

<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1.6.5...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.







unknown 48 3c 00 52 00 65 00 76 00 69 00 73 00 69 00 6f 00 6e 00 3e 00 31 00 36 00 35 00 3c 00 2f 00 52 00 65 00 76 00 69 00 73 00 69 00 6f 00 6e 00 3e 00

<.R.e.v.i.s.i.o.n.>.1.6.5.<./.R.e.v.i.s.i.o.n.>.







unknown 72 3c 00 46 00 6c 00 61 00 76 00 6f 00 72 00 3e 00 4d 00 75 00 6c 00 74 00 69 00 70 00 72 00 6f 00 63 00 65 00 73 00 73 00 6f 00 72 00 20 00 46 00 72 00 65 00 65 00 3c 00 2f 00 46 00 6c 00 61 00 76 00 6f 00 72 00 3e 00

<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.







unknown 64 3c 00 41 00 72 00 63 00 68 00 69 00 74 00 65 00 63 00 74 00 75 00 72 00 65 00 3e 00 58 00 36 00 34 00 3c 00 2f 00 41 00 72 00 63 00 68 00 69 00 74 00 65 00 63 00 74 00 75 00 72 00 65 00 3e 00

<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.







unknown 34 3c 00 4c 00 43 00 49 00 44 00 3e 00 31 00 30 00 33 00 33 00 3c 00 2f 00 4c 00 43 00 49 00 44 00 3e 00

<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.







unknown 46 3c 00 2f 00 4f 00 53 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.

















unknown 30 3c 00 50 00 69 00 64 00 3e 00 35 00 34 00 31 00 36 00 3c 00 2f 00 50 00 69 00 64 00 3e 00

<.P.i.d.>.5.4.1.6.<./.P.i.d.>. success or wait 1 64BA497A unknown






unknown 64 3c 00 49 00 6d 00 61 00 67 00 65 00 4e 00 61 00 6d 00 65 00 3e 00 45 00 58 00 43 00 45 00 4c 00 2e 00 45 00 58 00 45 00 3c 00 2f 00 49 00 6d 00 61 00 67 00 65 00 4e 00 61 00 6d 00 65 00 3e 00

<.I.m.a.g.e.N.a.m.e.>.E.X.C.E.L...E.X.E.<./.I.m.a.g.e.N.a.m.e.>.















unknown 46 3c 00 55 00 70 00 74 00 69 00 6d 00 65 00 3e 00 31 00 35 00 35 00 37 00 38 00 38 00 3c 00 2f 00 55 00 70 00 74 00 69 00 6d 00 65 00 3e 00

<.U.p.t.i.m.e.>.1.5.5.7.8.8.<./.U.p.t.i.m.e.>.







unknown 82 3c 00 57 00 6f 00 77 00 36 00 34 00 20 00 67 00 75 00 65 00 73 00 74 00 3d 00 22 00 33 00 33 00 32 00 22 00 20 00 68 00 6f 00 73 00 74 00 3d 00 22 00 33 00 34 00 34 00 30 00 34 00 22 00 3e 00 31 00 3c 00 2f 00 57 00 6f 00 77 00 36 00 34 00 3e 00

<.W.o.w.6.4. .g.u.e.s.t.=.".3.3.2.". .h.o.s.t.=.".3.4.4.0.4.".>.1.<./.W.o.w.6.4.>.

























unknown 88 3c 00 50 00 65 00 61 00 6b 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00 37 00 31 00 30 00 32 00 35 00 38 00 36 00 38 00 38 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00

<.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.>.7.1.0.2.5.8.6.8.8.<./.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.>.







unknown 72 3c 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00 36 00 38 00 39 00 33 00 31 00 39 00 39 00 33 00 36 00 3c 00 2f 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00

<.V.i.r.t.u.a.l.S.i.z.e.>.6.8.9.3.1.9.9.3.6.<./.V.i.r.t.u.a.l.S.i.z.e.>.

















unknown 100 3c 00 50 00 65 00 61 00 6b 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00 31 00 35 00 36 00 34 00 39 00 31 00 37 00 37 00 36 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00

<.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.1.5.6.4.9.1.7.7.6.<./.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.







unknown 82 3c 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00 35 00 35 00 30 00 39 00 35 00 32 00 39 00 36 00 3c 00 2f 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00

<.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.5.5.0.9.5.2.9.6.<./.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.







unknown 116 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 31 00 36 00 39 00 31 00 33 00 36 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.1.1.6.9.1.3.6.<./.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 100 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 31 00 33 00 35 00 32 00 33 00 32 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.1.1.3.5.2.3.2.<./.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.









unknown 126 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 36 00 37 00 30 00 31 00 35 00 32 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.6.7.0.1.5.2.<./.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 110 3c 00 51 00 75 00 6f 00 74 00 61 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 36 00 36 00 39 00 37 00 34 00 34 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.6.6.9.7.4.4.<./.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 80 3c 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 30 00 30 00 34 00 33 00 38 00 30 00 31 00 36 00 3c 00 2f 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.a.g.e.f.i.l.e.U.s.a.g.e.>.1.0.0.4.3.8.0.1.6.<./.P.a.g.e.f.i.l.e.U.s.a.g.e.>.







unknown 96 3c 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 31 00 32 00 30 00 38 00 37 00 30 00 34 00 30 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.>.1.1.2.0.8.7.0.4.0.<./.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.>.









unknown 76 3c 00 50 00 72 00 69 00 76 00 61 00 74 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 31 00 30 00 30 00 34 00 33 00 38 00 30 00 31 00 36 00 3c 00 2f 00 50 00 72 00 69 00 76 00 61 00 74 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.r.i.v.a.t.e.U.s.a.g.e.>.1.0.0.4.3.8.0.1.6.<./.P.r.i.v.a.t.e.U.s.a.g.e.>.















unknown 30 3c 00 50 00 61 00 72 00 65 00 6e 00 74 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 3e 00

<.P.a.r.e.n.t.P.r.o.c.e.s.s.>. success or wait 1 64BA497A unknown














unknown 28 3c 00 50 00 69 00 64 00 3e 00 37 00 30 00 30 00 3c 00 2f 00 50 00 69 00 64 00 3e 00

<.P.i.d.>.7.0.0.<./.P.i.d.>. success or wait 1 64BA497A unknown






unknown 68 3c 00 49 00 6d 00 61 00 67 00 65 00 4e 00 61 00 6d 00 65 00 3e 00 73 00 76 00 63 00 68 00 6f 00 73 00 74 00 2e 00 65 00 78 00 65 00 3c 00 2f 00 49 00 6d 00 61 00 67 00 65 00 4e 00 61 00 6d 00 65 00 3e 00

<.I.m.a.g.e.N.a.m.e.>.s.v.c.h.o.s.t...e.x.e.<./.I.m.a.g.e.N.a.m.e.>.

















unknown 48 3c 00 55 00 70 00 74 00 69 00 6d 00 65 00 3e 00 35 00 35 00 31 00 32 00 38 00 36 00 37 00 3c 00 2f 00 55 00 70 00 74 00 69 00 6d 00 65 00 3e 00

<.U.p.t.i.m.e.>.5.5.1.2.8.6.7.<./.U.p.t.i.m.e.>.







unknown 78 3c 00 57 00 6f 00 77 00 36 00 34 00 20 00 67 00 75 00 65 00 73 00 74 00 3d 00 22 00 30 00 22 00 20 00 68 00 6f 00 73 00 74 00 3d 00 22 00 33 00 34 00 34 00 30 00 34 00 22 00 3e 00 30 00 3c 00 2f 00 57 00 6f 00 77 00 36 00 34 00 3e 00

<.W.o.w.6.4. .g.u.e.s.t.=.".0.". .h.o.s.t.=.".3.4.4.0.4.".>.0.<./.W.o.w.6.4.>.























unknown 90 3c 00 50 00 65 00 61 00 6b 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00 34 00 32 00 39 00 34 00 39 00 36 00 37 00 32 00 39 00 35 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00

<.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.>.4.2.9.4.9.6.7.2.9.5.<./.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.>.









unknown 74 3c 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00 34 00 32 00 39 00 34 00 39 00 36 00 37 00 32 00 39 00 35 00 3c 00 2f 00 56 00 69 00 72 00 74 00 75 00 61 00 6c 00 53 00 69 00 7a 00 65 00 3e 00

<.V.i.r.t.u.a.l.S.i.z.e.>.4.2.9.4.9.6.7.2.9.5.<./.V.i.r.t.u.a.l.S.i.z.e.>.















unknown 98 3c 00 50 00 65 00 61 00 6b 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00 32 00 30 00 34 00 35 00 31 00 33 00 32 00 38 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00

<.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.2.0.4.5.1.3.2.8.<./.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.







unknown 80 3c 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00 33 00 31 00 31 00 37 00 30 00 35 00 36 00 3c 00 2f 00 57 00 6f 00 72 00 6b 00 69 00 6e 00 67 00 53 00 65 00 74 00 53 00 69 00 7a 00 65 00 3e 00

<.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.3.1.1.7.0.5.6.<./.W.o.r.k.i.n.g.S.e.t.S.i.z.e.>.







unknown 114 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 35 00 30 00 33 00 32 00 34 00 30 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.5.0.3.2.4.0.<./.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.









unknown 98 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 34 00 32 00 34 00 36 00 34 00 30 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.4.2.4.6.4.0.<./.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 124 3c 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 32 00 34 00 38 00 39 00 36 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 50 00 65 00 61 00 6b 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.2.4.8.9.6.<./.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 108 3c 00 51 00 75 00 6f 00 74 00 61 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00 32 00 33 00 34 00 30 00 38 00 3c 00 2f 00 51 00 75 00 6f 00 74 00 61 00 4e 00 6f 00 6e 00 50 00 61 00 67 00 65 00 64 00 50 00 6f 00 6f 00 6c 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.2.3.4.0.8.<./.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.>.







unknown 76 3c 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 38 00 32 00 31 00 32 00 34 00 38 00 30 00 3c 00 2f 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.a.g.e.f.i.l.e.U.s.a.g.e.>.8.2.1.2.4.8.0.<./.P.a.g.e.f.i.l.e.U.s.a.g.e.>.









unknown 92 3c 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 38 00 34 00 37 00 34 00 36 00 32 00 34 00 3c 00 2f 00 50 00 65 00 61 00 6b 00 50 00 61 00 67 00 65 00 66 00 69 00 6c 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.>.8.4.7.4.6.2.4.<./.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.>.







unknown 72 3c 00 50 00 72 00 69 00 76 00 61 00 74 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00 38 00 32 00 31 00 32 00 34 00 38 00 30 00 3c 00 2f 00 50 00 72 00 69 00 76 00 61 00 74 00 65 00 55 00 73 00 61 00 67 00 65 00 3e 00

<.P.r.i.v.a.t.e.U.s.a.g.e.>.8.2.1.2.4.8.0.<./.P.r.i.v.a.t.e.U.s.a.g.e.>.























unknown 32 3c 00 2f 00 50 00 61 00 72 00 65 00 6e 00 74 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 3e 00

<./.P.a.r.e.n.t.P.r.o.c.e.s.s.>.















unknown 38 3c 00 50 00 72 00 6f 00 62 00 6c 00 65 00 6d 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 73 00 3e 00

<.P.r.o.b.l.e.m.S.i.g.n.a.t.u.r.e.s.>.









unknown 62 3c 00 45 00 76 00 65 00 6e 00 74 00 54 00 79 00 70 00 65 00 3e 00 41 00 50 00 50 00 43 00 52 00 41 00 53 00 48 00 3c 00 2f 00 45 00 76 00 65 00 6e 00 74 00 54 00 79 00 70 00 65 00 3e 00

<.E.v.e.n.t.T.y.p.e.>.A.P.P.C.R.A.S.H.<./.E.v.e.n.t.T.y.p.e.>.







unknown 68 3c 00 50 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72 00 30 00 3e 00 45 00 58 00 43 00 45 00 4c 00 2e 00 45 00 58 00 45 00 3c 00 2f 00 50 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72 00 30 00 3e 00

<.P.a.r.a.m.e.t.e.r.0.>.E.X.C.E.L...E.X.E.<./.P.a.r.a.m.e.t.e.r.0.>.







unknown 40 3c 00 2f 00 50 00 72 00 6f 00 62 00 6c 00 65 00 6d 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 73 00 3e 00

<./.P.r.o.b.l.e.m.S.i.g.n.a.t.u.r.e.s.>.







unknown 38 3c 00 44 00 79 00 6e 00 61 00 6d 00 69 00 63 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 73 00 3e 00

<.D.y.n.a.m.i.c.S.i.g.n.a.t.u.r.e.s.>.







unknown 96 3c 00 50 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72 00 31 00 3e 00 31 00 30 00 2e 00 30 00 2e 00 31 00 37 00 31 00 33 00 34 00 2e 00 32 00 2e 00 30 00 2e 00 30 00 2e 00 32 00 35 00 36 00 2e 00 34 00 38 00 3c 00 2f 00 50 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72 00 31 00 3e 00

<.P.a.r.a.m.e.t.e.r.1.>.1.0...0...1.7.1.3.4...2...0...0...2.5.6...4.8.<./.P.a.r.a.m.e.t.e.r.1.>.







unknown 40 3c 00 2f 00 44 00 79 00 6e 00 61 00 6d 00 69 00 63 00 53 00 69 00 67 00 6e 00 61 00 74 00 75 00 72 00 65 00 73 00 3e 00

<./.D.y.n.a.m.i.c.S.i.g.n.a.t.u.r.e.s.>.









unknown 38 3c 00 53 00 79 00 73 00 74 00 65 00 6d 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<.S.y.s.t.e.m.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 94 3c 00 4d 00 49 00 44 00 3e 00 45 00 33 00 38 00 42 00 36 00 30 00 42 00 33 00 2d 00 35 00 46 00 46 00 41 00 2d 00 34 00 46 00 38 00 38 00 2d 00 41 00 41 00 35 00 38 00 2d 00 43 00 44 00 44 00 34 00 39 00 37 00 45 00 37 00 43 00 42 00 32 00 32 00 3c 00 2f 00 4d 00 49 00 44 00 3e 00

<.M.I.D.>.E.3.8.B.6.0.B.3.-.5.F.F.A.-.4.F.8.8.-.A.A.5.8.-.C.D.D.4.9.7.E.7.C.B.2.2.<./.M.I.D.>.







unknown 106 3c 00 53 00 79 00 73 00 74 00 65 00 6d 00 4d 00 61 00 6e 00 75 00 66 00 61 00 63 00 74 00 75 00 72 00 65 00 72 00 3e 00 61 00 6a 00 67 00 63 00 71 00 67 00 68 00 20 00 47 00 6d 00 62 00 48 00 3c 00 2f 00 53 00 79 00 73 00 74 00 65 00 6d 00 4d 00 61 00 6e 00 75 00 66 00 61 00 63 00 74 00 75 00 72 00 65 00 72 00 3e 00

<.S.y.s.t.e.m.M.a.n.u.f.a.c.t.u.r.e.r.>.a.j.g.c.q.g.h. .G.m.b.H.<./.S.y.s.t.e.m.M.a.n.u.f.a.c.t.u.r.e.r.>.







unknown 98 3c 00 53 00 79 00 73 00 74 00 65 00 6d 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 3e 00 70 00 6c 00 78 00 63 00 6b 00 6b 00 6a 00 65 00 6c 00 63 00 3c 00 2f 00 53 00 79 00 73 00 74 00 65 00 6d 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 3e 00

<.S.y.s.t.e.m.P.r.o.d.u.c.t.N.a.m.e.>.p.l.x.c.k.k.j.e.l.c.<./.S.y.s.t.e.m.P.r.o.d.u.c.t.N.a.m.e.>.







unknown 74 3c 00 42 00 49 00 4f 00 53 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3e 00 70 00 6c 00 78 00 63 00 6b 00 6b 00 6a 00 65 00 6c 00 63 00 3c 00 2f 00 42 00 49 00 4f 00 53 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3e 00

<.B.I.O.S.V.e.r.s.i.o.n.>.p.l.x.c.k.k.j.e.l.c.<./.B.I.O.S.V.e.r.s.i.o.n.>.









unknown 82 3c 00 4f 00 53 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 44 00 61 00 74 00 65 00 3e 00 31 00 35 00 35 00 38 00 31 00 32 00 33 00 36 00 31 00 36 00 3c 00 2f 00 4f 00 53 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 44 00 61 00 74 00 65 00 3e 00

<.O.S.I.n.s.t.a.l.l.D.a.t.e.>.1.5.5.8.1.2.3.6.1.6.<./.O.S.I.n.s.t.a.l.l.D.a.t.e.>.







unknown 102 3c 00 4f 00 53 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 54 00 69 00 6d 00 65 00 3e 00 32 00 30 00 31 00 38 00 2d 00 30 00 37 00 2d 00 31 00 32 00 54 00 30 00 39 00 3a 00 30 00 32 00 3a 00 35 00 36 00 5a 00 3c 00 2f 00 4f 00 53 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 54 00 69 00 6d 00 65 00 3e 00

<.O.S.I.n.s.t.a.l.l.T.i.m.e.>.2.0.1.8.-.0.7.-.1.2.T.0.9.:.0.2.:.5.6.Z.<./.O.S.I.n.s.t.a.l.l.T.i.m.e.>.







unknown 68 3c 00 54 00 69 00 6d 00 65 00 5a 00 6f 00 6e 00 65 00 42 00 69 00 61 00 73 00 3e 00 30 00 38 00 3a 00 30 00 30 00 3c 00 2f 00 54 00 69 00 6d 00 65 00 5a 00 6f 00 6e 00 65 00 42 00 69 00 61 00 73 00 3e 00

<.T.i.m.e.Z.o.n.e.B.i.a.s.>.0.8.:.0.0.<./.T.i.m.e.Z.o.n.e.B.i.a.s.>.







unknown 40 3c 00 2f 00 53 00 79 00 73 00 74 00 65 00 6d 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<./.S.y.s.t.e.m.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 34 3c 00 53 00 65 00 63 00 75 00 72 00 65 00 42 00 6f 00 6f 00 74 00 53 00 74 00 61 00 74 00 65 00 3e 00

<.S.e.c.u.r.e.B.o.o.t.S.t.a.t.e.>.









unknown 114 3c 00 55 00 45 00 46 00 49 00 53 00 65 00 63 00 75 00 72 00 65 00 42 00 6f 00 6f 00 74 00 45 00 6e 00 61 00 62 00 6c 00 65 00 64 00 3e 00 4e 00 6f 00 74 00 43 00 61 00 70 00 61 00 62 00 6c 00 65 00 3c 00 2f 00 55 00 45 00 46 00 49 00 53 00 65 00 63 00 75 00 72 00 65 00 42 00 6f 00 6f 00 74 00 45 00 6e 00 61 00 62 00 6c 00 65 00 64 00 3e 00

<.U.E.F.I.S.e.c.u.r.e.B.o.o.t.E.n.a.b.l.e.d.>.N.o.t.C.a.p.a.b.l.e.<./.U.E.F.I.S.e.c.u.r.e.B.o.o.t.E.n.a.b.l.e.d.>.







unknown 36 3c 00 2f 00 53 00 65 00 63 00 75 00 72 00 65 00 42 00 6f 00 6f 00 74 00 53 00 74 00 61 00 74 00 65 00 3e 00

<./.S.e.c.u.r.e.B.o.o.t.S.t.a.t.e.>.







unknown 24 3c 00 49 00 6e 00 74 00 65 00 67 00 72 00 61 00 74 00 6f 00 72 00 3e 00

<.I.n.t.e.g.r.a.t.o.r.>. success or wait 1 64BA497A unknown






unknown 46 3c 00 46 00 6c 00 61 00 67 00 73 00 3e 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 42 00 3c 00 2f 00 46 00 6c 00 61 00 67 00 73 00 3e 00

<.F.l.a.g.s.>.0.0.0.0.0.0.0.B.<./.F.l.a.g.s.>.







unknown 26 3c 00 2f 00 49 00 6e 00 74 00 65 00 67 00 72 00 61 00 74 00 6f 00 72 00 3e 00

<./.I.n.t.e.g.r.a.t.o.r.>. success or wait 1 64BA497A unknown






unknown 100 3c 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 54 00 69 00 6d 00 65 00 6c 00 69 00 6e 00 65 00 73 00 20 00 42 00 61 00 73 00 65 00 54 00 69 00 6d 00 65 00 3d 00 22 00 32 00 30 00 32 00 30 00 2d 00 30 00 36 00 2d 00 31 00 33 00 54 00 30 00 32 00 3a 00 32 00 32 00 3a 00 33 00 32 00 5a 00 22 00 3e 00

<.P.r.o.c.e.s.s.T.i.m.e.l.i.n.e.s. .B.a.s.e.T.i.m.e.=.".2.0.2.0.-.0.6.-.1.3.T.0.2.:.2.2.:.3.2.Z.".>.









unknown 266 3c 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 20 00 41 00 73 00 49 00 64 00 3d 00 22 00 33 00 38 00 36 00 22 00 20 00 50 00 49 00 44 00 3d 00 22 00 35 00 34 00 31 00 36 00 22 00 20 00 55 00 70 00 74 00 69 00 6d 00 65 00 4d 00 53 00 3d 00 22 00 39 00 33 00 30 00 38 00 31 00 22 00 20 00 54 00 69 00 6d 00 65 00 53 00 69 00 6e 00 63 00 65 00 43 00 72 00 65 00 61 00 74 00 69 00 6f 00 6e 00 4d 00 53 00 3d 00 22 00 39 00 33 00 30 00 38 00 31 00 22 00 20 00 53 00 75 00 73 00 70 00 65 00 6e 00 64 00 65 00 64 00 4d 00 53 00 3d 00 22 00 30 00 22 00 20 00 48 00 61 00 6e 00 67 00 43 00 6f 00 75 00 6e 00 74 00 3d 00 22 00 30 00 22 00 20 00 47 00 68 00 6f 00 73 00 74 00 43 00 6f 00 75 00 6e 00 74 00 3d 00 22 00 32 00 22 00 20 00 43 00 72 00 61 00 73 00 68 00 65 00 64

<.P.r.o.c.e.s.s. .A.s.I.d.=.".3.8.6.". .P.I.D.=.".5.4.1.6.". .U.p.t.i.m.e.M.S.=.".9.3.0.8.1.". .T.i.m.e.S.i.n.c.e.C.r.e.a.t.i.o.n.M.S.=.".9.3.0.8.1.". .S.u.s.p.e.n.d.e.d.M.S.=.".0.". .H.a.n.g.C.o.u.n.t.=.".0.". .G.h.o.s.t.C.o.u.n.t.=.".2.". .C.r.a.s.h.e.d







unknown 20 3c 00 2f 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 3e 00

<./.P.r.o.c.e.s.s.>. success or wait 1 64BA497A unknown






unknown 38 3c 00 2f 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 54 00 69 00 6d 00 65 00 6c 00 69 00 6e 00 65 00 73 00 3e 00

<./.P.r.o.c.e.s.s.T.i.m.e.l.i.n.e.s.>.







unknown 38 3c 00 52 00 65 00 70 00 6f 00 72 00 74 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<.R.e.p.o.r.t.I.n.f.o.r.m.a.t.i.o.n.>.







unknown 98 3c 00 47 00 75 00 69 00 64 00 3e 00 35 00 62 00 38 00 30 00 33 00 37 00 38 00 36 00 2d 00 62 00 35 00 66 00 39 00 2d 00 34 00 39 00 66 00 34 00 2d 00 39 00 61 00 34 00 31 00 2d 00 38 00 66 00 35 00 33 00 35 00 35 00 64 00 64 00 32 00 63 00 30 00 32 00 3c 00 2f 00 47 00 75 00 69 00 64 00 3e 00

<.G.u.i.d.>.5.b.8.0.3.7.8.6.-.b.5.f.9.-.4.9.f.4.-.9.a.4.1.-.8.f.5.3.5.5.d.d.2.c.0.2.<./.G.u.i.d.>.









unknown 98 3c 00 43 00 72 00 65 00 61 00 74 00 69 00 6f 00 6e 00 54 00 69 00 6d 00 65 00 3e 00 32 00 30 00 32 00 30 00 2d 00 30 00 36 00 2d 00 31 00 33 00 54 00 30 00 32 00 3a 00 32 00 32 00 3a 00 33 00 32 00 5a 00 3c 00 2f 00 43 00 72 00 65 00 61 00 74 00 69 00 6f 00 6e 00 54 00 69 00 6d 00 65 00 3e 00

<.C.r.e.a.t.i.o.n.T.i.m.e.>.2.0.2.0.-.0.6.-.1.3.T.0.2.:.2.2.:.3.2.Z.<./.C.r.e.a.t.i.o.n.T.i.m.e.>.







unknown 40 3c 00 2f 00 52 00 65 00 70 00 6f 00 72 00 74 00 49 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 3e 00

<./.R.e.p.o.r.t.I.n.f.o.r.m.a.t.i.o.n.>.





unknown 40 3c 00 2f 00 57 00 45 00 52 00 52 00 65 00 70 00 6f 00 72 00 74 00 4d 00 65 00 74 00 61 00 64 00 61 00 74 00 61 00 3e 00

<./.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.


C:\ProgramData\Microsoft\Windows\WER\Temp\WER2515.tmp.xml

unknown 4574 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 79 65 73 22 3f 3e 0d 0a 3c 72 65 71 20 76 65 72 3d 22 32 22 3e 0d 0a 20 20 3c 74 6c 6d 3e 0d 0a 20 20 20 20 3c 73 72 63 3e 0d 0a 20 20 20 20 20 20 3c 64 65 73 63 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 61 63 68 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 6f 73 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 72 67 20 6e 6d 3d 22 76 65 72 6d 61 6a 22 20 76 61 6c 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 72 67 20 6e 6d 3d 22 76 65 72 6d 69 6e 22 20 76 61 6c 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 72 67 20 6e 6d 3d 22 76 65 72 62 6c 64 22 20 76 61 6c 3d 22

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="





unknown 22 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3d 00 31 00 0d 00 0a 00

V.e.r.s.i.o.n.=.1..... success or wait 288 64BA497A unknown





unknown 46 4d 00 65 00 74 00 61 00 64 00 61 00 74 00 61 00 48 00 61 00 73 00 68 00 3d 00 32 00 31 00 32 00 34 00 30 00 38 00 38 00 35 00 36 00 30 00

M.e.t.a.d.a.t.a.H.a.s.h.=.2.1.2.4.0.8.8.5.6.0.




\REGISTRY\A\{6ecc9da4-3f0b-b0d6-ebba-80b3e1f5b5e8}\Root\InventoryApplicationFile\PermissionsCheckTestKey success or wait 1 64BC36BF unknown

\REGISTRY\A\{6ecc9da4-3f0b-b0d6-ebba-80b3e1f5b5e8}\Root\InventoryApplicationFile\PermissionsCheckTestKey success or wait 1 64BC36BF unknown

\REGISTRY\A\{6ecc9da4-3f0b-b0d6-ebba-80b3e1f5b5e8}\Root\InventoryApplicationFile\PermissionsCheckTestKey success or wait 1 64BA43D1 unknown






Imagebase: 0xa10000





Reputation: high






Imagebase: 0xa10000





Reputation: high







General


General


General



Imagebase: 0xa10000





Reputation: high






Imagebase: 0xa10000





Reputation: high






Imagebase: 0x9d0000





Reputation: high






Imagebase: 0xa10000





Reputation: high


General


General


General


Disassembly






Imagebase: 0xa10000





Reputation: high


General


29.0.0 Ocean Jasper

Documents

Transcript of 29.0.0 Ocean Jasper