Try VMRay Platform
Malicious
Classifications

Spyware Downloader Injector Exploit

Threat Names

RedLine RedLine.A Mal/Generic-S

Dynamic Analysis Report

Created on 2024-06-24T16:43:17+00:00

Invoice LGMSCH0040924 Paid - EFT Remittance Advice and Receipt.doc

Word Document
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes" to "10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\Invoice LGMSCH0040924 Paid - EFT Remittance Advice and Receipt.doc Sample File Word Document
Malicious
...
»
Also Known As C:\Users\kEecfMwgj\AppData\Local\Temp\tmp993A.tmp (Accessed File, Dropped File)
MIME Type application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size 16.04 KB
MD5 9edc82805ecc2d30f07d99973883c3c6 Copy to Clipboard
SHA1 877fae637a454593a1b66bfede20356803833266 Copy to Clipboard
SHA256 927e8668d7e5b22d0d278cb66ecbb15a51420f2fc5299aaa324d43a7d04719a2 Copy to Clipboard
SSDeep 384:tyXxo8qWds8PL8wi4OEwH8TIbE91r2fR3JYovij7XCnp:tcxIq5P3DOqnYJZ1vO7XCp Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
Office Information
»
Creator Modexcomm
Last Modified By Modexcomm
Revision 7
Create Time 2023-03-27 22:13 (UTC)
Modify Time 2023-08-16 13:25 (UTC)
Application Microsoft Office Word
App Version 12.0000
Template Normal.dotm
Document Security NONE
Editing Time 19.0
Page Count 7
Line Count 150
Paragraph Count 42
Word Count 3177
Character Count 18113
Chars With Spaces 21248
ScaleCrop False
SharedDoc False
Document Content Snippet
» 
dMBCBESONDERHEDE BESONDERHEDE VIR HIERDIE MAANDDRAENDE NR. HOEV30208 NBC DRAAG 30 STK30308 NBC DRAAG 6 STK32007X NBC DRAAG 74 STK33005 NBC wat 5 stelle dra52799 / 800U (25877/21) NBC wat 30 PCS dra6001 NBC wat 100 stuks dra6004 NBC wat 180 stuks dra6006 NBC wat 30 PCS dra6011 C3 NBC wat 10 stuks dra6202 NBC wat 280 stuks dra6203 NBC DRAAG 330 STK6205 (Stel) NBC DRAER 224 STK6205ZZ NBC DRAAG 8 STELS6207 NBC DRAER 32 STK6207N NBC wat 10 stuks dra6207ZZ NBC DRAER 52 STK6209 NBC wat 24 stuks dra6209N NBC wat 10 stuks dra6211 NBC met 26 st6212 NBC met 24 st6213 C3 NBC wat 20 stuks dra6215 C3 NBC wat 10 stuks dra628RSS NBC wat 120 stuks dra6300 NBC wat 180 stuks dra6304 (Kit) NBC DRAER 4 STK6307ZZ NBC wat 10 stuks dra6308 C3 NBC DRAAG 40 STK6308ZZ NBC wat 10 stuks dra6311 NBC wat 10 stuks dra6312 NBC wat 10 stuks dra6312ZZ C3 NBC DRAER 6 STK6902 C3 NBC wat 20 stuks draLM48548 / 510 NBC DRAER 96 STKNJ309 NBC DRAER 6 STK1988/1922 (NSPP01) .NC 706304.BEARING SET (NPP02) 11230209 (NSPP01) .NC 20
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://universalmovies.top/notorious.doc
Show WHOIS
Malicious
-
...
C:\Users\kEecfMwgj\AppData\Roaming\notorious53209.exe Downloaded File Binary
Malicious
...
»
Also Known As c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\extexport2[1].exe (Extracted File, Downloaded File)
MIME Type application/vnd.microsoft.portable-executable
File Size 629.00 KB
MD5 901a623dbccaa22525373cd36195ee14 Copy to Clipboard
SHA1 9adb6dddb68cd7e116da9392e7ee63a8fa394495 Copy to Clipboard
SHA256 b5e250a95073b5dfe33f66c13cc89da0fc8d3af226e5efb06bb8fcfd9a4cd6ec Copy to Clipboard
SSDeep 12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcN6S5UesUInNnpo2R2:hBXu9HGaVHN6S5U5Rn/Y Copy to Clipboard
ImpHash fc6683d30d9f25244a50fd5357825e79 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x0051F090
Size Of Code 0x00057000
Size Of Initialized Data 0x00047000
Size Of Uninitialized Data 0x000C8000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-06-24 07:38 (UTC)
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x00401000 0x000C8000 0x00000000 0x00000400 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x004C9000 0x00057000 0x00056400 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.94
.rsrc 0x00520000 0x00047000 0x00046C00 0x00056800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.42
Imports (18)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA - 0x005668C0 0x001668C0 0x0009D0C0 0x00000000
GetProcAddress - 0x005668C4 0x001668C4 0x0009D0C4 0x00000000
VirtualProtect - 0x005668C8 0x001668C8 0x0009D0C8 0x00000000
VirtualAlloc - 0x005668CC 0x001668CC 0x0009D0CC 0x00000000
VirtualFree - 0x005668D0 0x001668D0 0x0009D0D0 0x00000000
ExitProcess - 0x005668D4 0x001668D4 0x0009D0D4 0x00000000
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAce - 0x005668DC 0x001668DC 0x0009D0DC 0x00000000
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Remove - 0x005668E4 0x001668E4 0x0009D0E4 0x00000000
COMDLG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW - 0x005668EC 0x001668EC 0x0009D0EC 0x00000000
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LineTo - 0x005668F4 0x001668F4 0x0009D0F4 0x00000000
IPHLPAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IcmpSendEcho - 0x005668FC 0x001668FC 0x0009D0FC 0x00000000
MPR.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetUseConnectionW - 0x00566904 0x00166904 0x0009D104 0x00000000
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoGetObject - 0x0056690C 0x0016690C 0x0009D10C 0x00000000
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantInit 0x00000008 0x00566914 0x00166914 0x0009D114 -
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessMemoryInfo - 0x0056691C 0x0016691C 0x0009D11C 0x00000000
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragFinish - 0x00566924 0x00166924 0x0009D124 0x00000000
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDC - 0x0056692C 0x0016692C 0x0009D12C 0x00000000
USERENV.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadUserProfileW - 0x00566934 0x00166934 0x0009D134 0x00000000
UxTheme.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsThemeActive - 0x0056693C 0x0016693C 0x0009D13C 0x00000000
VERSION.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW - 0x00566944 0x00166944 0x0009D144 0x00000000
WININET.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FtpOpenFileW - 0x0056694C 0x0016694C 0x0009D14C 0x00000000
WINMM.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime - 0x00566954 0x00166954 0x0009D154 0x00000000
WSOCK32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
connect 0x00000004 0x0056695C 0x0016695C 0x0009D15C -
Memory Dumps (38)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
notorious53209.exe 6 0x011C0000 0x01326FFF First Execution False 32-bit 0x012DF090 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011ED812 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011F4D6B False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011EC845 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011E6DAE False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011C1000 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011C4AD2 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011C77C7 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011C3CA8 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011CF8CF False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011C2649 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011C5A64 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011F0738 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x01229393 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011C69CA False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011FE45A False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x0122768B False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011D0A8D False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011CA000 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x0120220E False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011EE000 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011CE580 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x0123474D False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011D2123 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011C31CE False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011CB381 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x01204E46 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011CD260 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011FF22E False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x01241917 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011CE580 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011CB381 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x011E9BEC False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x0123E237 False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Content Changed False 32-bit 0x01241917 False
...
buffer 6 0x00550000 0x00553FFF First Execution False 32-bit 0x005523B0 False
...
buffer 6 0x00560000 0x00577FFF Dump Rule: RedLineConfig False 32-bit - False
...
notorious53209.exe 6 0x011C0000 0x01326FFF Process Termination False 32-bit - False
...
C:\Users\KEECFM~1\AppData\Local\Temp\Keily Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 95.50 KB
MD5 f19534a061ecc70bb81126f953505d72 Copy to Clipboard
SHA1 c1613560ea60d1a0407ba6b06eea10c874512a48 Copy to Clipboard
SHA256 97d29f1e5e3bb5c8c1eb956c0135a820825973869c1b098705490010e0216fa8 Copy to Clipboard
SSDeep 1536:3f3IwWiew9JOnlc9exhXLpLiw5kvYBnuRJd4d89cpmnn/amKyQH4b:v4wWcJOl0yfLi6RBnGQdCcSTKyw4b Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp9A2A.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 91.98 KB
MD5 608ef0359d99c952e43ce266b4ad75a3 Copy to Clipboard
SHA1 3ce3dd5ea20a51eaeec4d1459ef18ba6010017d0 Copy to Clipboard
SHA256 7206d6259658c04b684edf9625fe4a7c5a16c69935f92f824820b76efc85b887 Copy to Clipboard
SSDeep 1536:3+UX9aQUvCzTzww0MdpfkFb7esgmC+VQnMtgnfIj7Zi3HgwvE23hCDJslnbtOmzL:3+UX9XGCzKMduF5jC+eMsfIjFiXvE2RD Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp99EB.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 83.98 KB
MD5 08a1243659743bfdaba69abca22014c1 Copy to Clipboard
SHA1 06d6f1f5cdcc32142a0a106bd757aeff18d6fd36 Copy to Clipboard
SHA256 38c62a9fa1c8bfc041ded191e6a97d3df52573b8ed0eb100979320b928df10ac Copy to Clipboard
SSDeep 1536:+X7eEvuc7n8m/HQa2Y1nVGm39hvkFQqEYQnVkOPz2fdpjkPZQVdjQBMeEWe8iOGk:+X7eEvuinRJ5VGkkFNcVka6dpjMAdEBH Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\aut6BD1.tmp Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 75.61 KB
MD5 30ab7658ad775cb44e4b08c7ebc12a2c Copy to Clipboard
SHA1 5d14b0bfb0ae504148edc517f41dc0a5992ed935 Copy to Clipboard
SHA256 8fad249f983dbf5caaef3d72a53210f4a1b2be6d81b2eb3a59cf7151bf5666c1 Copy to Clipboard
SSDeep 1536:h7JUSmTdZHmVysGL4cdNtKFk8MfCCaeQ6++dzexRW0vqN:h7QZGVysGLDvQffC9Xyxs0vM Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp9A4C.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 69.33 KB
MD5 0fa5d0b9cbb9cc39326a9d5b4091ced1 Copy to Clipboard
SHA1 643713efb6de05dfe1fd48fb8f24b572e9f8abcc Copy to Clipboard
SHA256 bea0ab0557fa4f611aa981f06928b86b5a1239235d69b254b7c0fdd82a95a57d Copy to Clipboard
SSDeep 1536:vMDfCpRgX0EfowixGIkeVmC8nQlNSSJsU3WhKa+ZBiXQl/f2P:vMWwFfUxGyOnQlUGss1CV Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\lophophorine Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 28.08 KB
MD5 c2214b487e6119b5226d591926532ee9 Copy to Clipboard
SHA1 d9a27c71655d441a47a92aa63aad433f25625fb5 Copy to Clipboard
SHA256 33ce9852b482618cce0e5c282fd710e02400cb310cee839537db9c2585167adb Copy to Clipboard
SSDeep 768:AiTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbA+IL26cz24vfF3if6gn:AiTZ+2QoioGRk6ZklputwjpjBkCiw2RC Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp993B.tmp Dropped File Unknown
Clean
...
»
MIME Type application/CDFV2
File Size 20.19 KB
MD5 e71afd08a5e03a621f42227b036badcc Copy to Clipboard
SHA1 6514f452b667e3d641dc5ead80ecbc6633ca3e1b Copy to Clipboard
SHA256 eb4d94a4b1dda069e1a106840ba590e1295ef596fc36bea370a577c5a1744eb5 Copy to Clipboard
SSDeep 384:oA4EMpoLhPJzgGQ/zpiEtoeHgzqplHB24CAW30DzxyoJAcKvU9FbT5P+:o3E/JzpiFiEtlBp1B2wLxyoJyME Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp9A3B.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 18.38 KB
MD5 4d6800f33a90ffbf715f5d526472cf81 Copy to Clipboard
SHA1 8aed575a7d6bb98d259cb3d20c23d49d82c442f3 Copy to Clipboard
SHA256 87aa935c79ecee24e7a368083b674f5f6439fd577b830a83459020513109b095 Copy to Clipboard
SSDeep 384:gaGNrCOwit82nvFI2CnD9CTz3m2Tvyyo7OYjeaodGXfTmc:j+rybU9I2Csdz3oCaeapn Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp997B.tmp Dropped File Unknown
Clean
...
»
MIME Type application/CDFV2
File Size 18.29 KB
MD5 dbbbb9fdd135484d3139a445c673e8ef Copy to Clipboard
SHA1 80470cdc14e878de3bd874894a674059961d2cba Copy to Clipboard
SHA256 33b5894094c57e730222d4553045b817846a90a85fae7d32c91785e7d8bed089 Copy to Clipboard
SSDeep 384:I/3YYW8EAsicdzaC3jvV2Fd82NMD9UM1M6jJEPJMCR:nz8EAsicdzD3j9PDZWPJMCR Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\aut6E04.tmp Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 9.60 KB
MD5 dd1e8868f31121b176c168a4a1b48e63 Copy to Clipboard
SHA1 1a57a6b5da768e963166b07a13a38eec98f0878f Copy to Clipboard
SHA256 d36e5c68763ed63f3068f5330f4d80488a0294c05663c30ade57e017ea50f842 Copy to Clipboard
SSDeep 192:6ZxWQa8nm1Wh8fpWAsdzNasmdge/rEoTyRLB7bNZUDLrMZkn:6Zx3a8nmYhzd0smr/rEvRLtZeDXMZo Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp98DC.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 8.16 KB
MD5 7f137e2edb0893d03d23d22af4312d4a Copy to Clipboard
SHA1 b87801b7c78c509e08de559ab9b7fb50d333dadc Copy to Clipboard
SHA256 5c9c660dfeee77d28765bf62e36c8f22b3b560f434f8c020f57d9d657b2688f9 Copy to Clipboard
SSDeep 192:nmDv0COIIlHtxc6QJUA/YYd/kiEMBdZ/sNYw2cagTI:nm43ZQDUZ+/YodZ/nvcagTI Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp99DA.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 6.89 KB
MD5 06fe2bbde8f86d3dd742a728d7d5bdf7 Copy to Clipboard
SHA1 fc8383a91bd0c43f46c589f1d0bfab284e60c828 Copy to Clipboard
SHA256 1a75db162d5af2e75c9fa889ed3af9a2b347a62df5fcc7d111ae4c37fed98b3e Copy to Clipboard
SSDeep 96:gwsAMBEe9dvvuz21PKwqOPnOuHk42lX+QdTRB8YZy6AwqJj7CROBFOLOY1Wf9DIU:rXWuzZsmZ+Qd96YZ2wqJjoW5xDIap Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp998B.tmp Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 162 Bytes
MD5 9b341e547a9242f1d29c0e67a6193c3a Copy to Clipboard
SHA1 d0a3a2dd38a65ba53e4da6fa6f3fdda22bc52257 Copy to Clipboard
SHA256 5ee74b175686b662f4e3e7c6576f1c14f0af55849520e28b1297ac884d8feaae Copy to Clipboard
SSDeep 3:vgAUMXalAUDyIlCPXvv7LmvlvydBl/Lj:NrXalAU2IYv7LelvydP Copy to Clipboard
ImpHash -
bf89362748b9e66c11aaa49ddf83b1665fe038d04225b36de4f26cffc11a0f3d Downloaded File RTF
Clean
...
»
MIME Type text/rtf
File Size 604.43 KB
MD5 2d1b096a33d1b673fd06db9f3e861761 Copy to Clipboard
SHA1 3c0a1d1bd1b54381df8769ecc173e8635fea366e Copy to Clipboard
SHA256 bf89362748b9e66c11aaa49ddf83b1665fe038d04225b36de4f26cffc11a0f3d Copy to Clipboard
SSDeep 6144:IwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAqtUn:+u Copy to Clipboard
ImpHash -
Static Analysis Parser Error invalid control word value pattern
Office Information
»
Document Content Snippet
» 
44345958please click Enable editing from the yellow bar above.The independent auditors’ opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit’s) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning properly. Conver
262d95391c07f588b9c11c58cfa50001b9580cfd8adc021e5914f5f22cd62c3a Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 614.51 KB
MD5 2d4e63ece094094b6939a02d1da4a508 Copy to Clipboard
SHA1 1963cfc668edff96bf3be42da6a4dd6fb34b3f77 Copy to Clipboard
SHA256 262d95391c07f588b9c11c58cfa50001b9580cfd8adc021e5914f5f22cd62c3a Copy to Clipboard
SSDeep 12288:Rvp5IOyyuiVKoNa0Oz59TnXUFowd7aUH8FrWBEOiH:D5nlPMoxOz5m9dlH8IB7iH Copy to Clipboard
ImpHash -
54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 4.63 KB
MD5 e5352cba98e11406528542044acbbe7e Copy to Clipboard
SHA1 b1eaaacc1325cc909535c2841e8d684aa2273891 Copy to Clipboard
SHA256 54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb Copy to Clipboard
SSDeep 48:k+9Sj+eM8gVZOYZMVYZUkVYZUnVYxYZb1VYZfVYZ4NVYZwVYZjVYZPVYZVVYZQuB:k8SZMfaKAwsGUmFIHg6Pf6/WYiiLc Copy to Clipboard
ImpHash -
43580270910ee9931690af4be61798afb0081c5d3e8026220d6054284a435902 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 338 Bytes
MD5 e8a26e91cd7708072392b4c72c3e9789 Copy to Clipboard
SHA1 f294a87ae3b629464372c8b6b5fd380be0dfc3c0 Copy to Clipboard
SHA256 43580270910ee9931690af4be61798afb0081c5d3e8026220d6054284a435902 Copy to Clipboard
SSDeep 6:YK71n8l62T0JWuvyCli45INZxJPn8F2AX52n4Mm6ww62fVHJEamhn:YKb2T0JWu6ClHE8JeBm6f679 Copy to Clipboard
ImpHash -
86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 212 Bytes
MD5 fc84bcc8146c9ff744b7b40b32d6e2ba Copy to Clipboard
SHA1 f47e4ac2333724ff55ce229f32aa60e54f4af6fe Copy to Clipboard
SHA256 86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9 Copy to Clipboard
SSDeep 6:CYJL2NAUnW52Y/X7mKgr/O191i/O9ri/kwt8:CYF2N4n/r8r/OD1i/Os/kv Copy to Clipboard
ImpHash -
c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 144 Bytes
MD5 48f60f2233183cbf7feefff44bb2c9b0 Copy to Clipboard
SHA1 703d119e8daecff83e7cab5eb3beb8239e39a54f Copy to Clipboard
SHA256 c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd Copy to Clipboard
SSDeep 3:CObJLWHNANGzppWWodLe2e3oIJiqDmKADJqbZKWPKBq0Y88:CYJL2NAUnW5w2Oo4mKgE9KK4t8 Copy to Clipboard
ImpHash -
59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 137 Bytes
MD5 f6fbd3d72da9e92b7698097dbff33f36 Copy to Clipboard
SHA1 ee221cd7fc9792f7609b771c0dbe1a5aa51c6905 Copy to Clipboard
SHA256 59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5 Copy to Clipboard
SSDeep 3:CObJLWHNANGzppWWodLYSYQLjRn0DDmKADJqbZKWPKBq0Y88:CYJL2NAUnW52Y/h4mKgE9KK4t8 Copy to Clipboard
ImpHash -
b5fabd4fcbcdda3d96752c9703daca8118bcc6392838d464cb1f510c858d020d Extracted File Image
Clean
...
»
Parent File C:\Users\kEecfMwgj\AppData\Roaming\notorious53209.exe
MIME Type image/png
File Size 10.21 KB
MD5 7c61cfb07017a1ee523604e85a1d77f7 Copy to Clipboard
SHA1 0cc3bdd537416cebd07ed00fa73ebea2958775c5 Copy to Clipboard
SHA256 b5fabd4fcbcdda3d96752c9703daca8118bcc6392838d464cb1f510c858d020d Copy to Clipboard
SSDeep 192:TKDujb4YuylQa3Op+cliLYHKLMiR6LAotBnlo2rWbMggOq42y56:TKDc3uyX3O3lCYaRaAoblodDQ Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image