tag:blogger.com,1999:blog-91007618881442660062024-03-14T09:35:16.266+00:00Sanesecurity ClamAV blog: zero hour malware, phishing and scamsA hopefully interesting blog from the world of zero hour malware, phishing,
scams and spamsSteve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.comBlogger757125tag:blogger.com,1999:blog-9100761888144266006.post-59907301481835160002016-07-19T08:51:00.005+01:002016-07-19T08:51:53.735+01:00Best spam/malware email fail of the year so far<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Best spam/malware email fail of the year so far... <b></b></div>
<br />
<br /><b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><pre>{nreceived}
date: {date}
from: {from_generated}
x-mailer: the bat! ({nthebat_3_ver}) {nthebat_3_type}
x-priority: 3 (normal)
message-id: <{digit}.{symbol}{digit}@{nhost}>
to: {mail_to}
subject: {subject}
mime-version: 1.0
content-type: multipart/alternative;
boundary="----------{_nthebat_2_boundary}"
------------{_nthebat_2_boundary}
content-type: text/plain; charset=koi8-r
content-transfer-encoding: 8bit
{encode}{_body_text}{/encode}
------------{_nthebat_2_boundary}
content-type: text/html; charset=koi8-r
content-transfer-encoding: 8bit
{encode}
<html><head><title></title>
</head>
<body>
{_body_html}
</body></html>{/encode}
------------{_nthebat_2_boundary}--
</pre>
</td></tr>
</tbody></table>
</div>
<b></b><br />
<br /><br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-84301207362090710372016-07-18T13:01:00.001+01:002016-07-18T13:03:48.723+01:00bank account report with attached zip Javascript malware.<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
bank account report with attached zip is Javascript malware<b> #Locky #Malware</b></div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
<br />
Subject: bank account report</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">How are things?<br />
<br />
Thank you very much for responding my email in a very short time. Attached is
the bank account report. Please look at it again and see if you have any
disapproval.<br />
<br />
<pre class="moz-signature" cols="72">--
Yours faithfully,
Kenneth Anthony
MYSALE GROUP PLC
Phone: +1 (851) 555-20-91, Fax: +1 (851) 555-20-72</pre>
</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
obc_889.zip </div>
<br />
<br />
<b>Sanesecurity Signature detection(s):<br /></b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<b>phish.ndb: Sanesecurity.Malware.26256.JsHeur.UNOFFICIAL FOUND<br /><br />foxhole_filename.cdb: Sanesecurity.Foxhole.Zip_fs294.UNOFFICIAL FOUND<br /><br />foxhole_js.cdb: Sanesecurity.Foxhole.Wsf_Zip_1.UNOFFICIAL FOUND</b><b></b></div>
<b></b><br />
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-32309590719719485122016-03-31T13:12:00.001+01:002016-03-31T13:12:24.171+01:00locky javascript malware that arrives in Zip and Rar files.<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Taking a quick look at yesterdays #locky #javascript #malware that arrives in Zip and Rar files.<br /> </div>
<br />
<b>Sanesecurity database used:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
foxhole_filename.cdb</div>
<br />
<b>Detection:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><span style="font-family: "arial" , "sans-serif";"><span style="font-family: "arial" , "sans-serif";">Known viruses: 246<br />Engine version: 0.99.1<span style="font-family: "arial" , "sans-serif";"> (ClamAV<span style="font-family: "arial" , "sans-serif";">)</span></span><br />Scanned directories: 0<br /><b>Scanned files: 3063</b><br /><b>Infected files: 3031</b><br />Data scanned: 0.70 MB<br />Data read: 4.29 MB (ratio 0.16:1)<br />Time: 46.672 sec (0 m 46 s)<br /></span></span></td></tr>
</tbody></table>
</div>
<b></b><br />
<br /><b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
00176f934e72a23228e0d3f8ac57dcb70af384db1c6ec3f6e0231dcf3efe0fcd<br />00185adf730a696e361fbccc6ba02a2316e1247ab75be4413ca158c3fba8b9fb<br />00ff112e5933c7ca9546a7425a19addb503d8181664818567f112c3b167cca54<br />012b9a2a5c2c4fb8b9cced306c67d20e43df994254b5f2d1de8ebe76af5965c6<br />012d48e747617b3ec82400850fda7b5b6829a19bac18daea73fe877be633646b<br />016f55c4f2347e1c6157b0e3cf79f86be89063bcb82c41db320432e8cae3a40a<br />01adcf87168906c7ceb11940e68955bd643a6c4c47598854dcb766e836d86e98<br />025df7d12da73b7addefd0a897ded121aab204990c9c4bb964a04cabd547f646<br />028e22d490caabba4897a66b553c77b7bd8a85087e8ee5d39b2cab1e4f61db03<br />029f6ad53e809dbe57579af0be6a4c407372efaea9c862fa97f4110db983c57c<br />0337d78c009a6d12e4bbaacb8e3e7c948106d95340555c68c96ddad9abaa42e8<br />035aff27c36cc77aaac6d15b59776bb459a37d6d50939e5144f7d85ed0da2a16<br />035c812dc13360ea13099c68cee613676aa47c6c66be49de0dc7517ea97604df<br />037bd27dcc1cc41062a1e656fc9ae8ef062a4216eaf593861a190c03faef4eae<br />0390ea4322d22d5cc1a86e428fc28b42e4e1a25c99c37ad26b64086df6409391<br />039c36ed1b4606060be30ac72aecf73bd3a561b934d7996dc892209b90ec6d8e<br />03b9c6508120edbed0e63d084b23d6aebdda8822a9c2f70f0e5459e3a981a55e<br />03be7f76dcd59cd926cfb59a33abe77dfdc04dc7361307a0175fc2e81879fc60<br />03f8431bf60f3c2e6ad7025ee412272610f1d4df5689a0ec8ea0d518eb995a2b<br />04b4aa7b4d8742f9970ee6f183330d34e305ef236baddfd153572b18e0eb3a1c<br />05093940f85101831ffcf18ba3c07c15072b193b9d8e60ea621e4035d0fb6e19<br />05405933f953efec7160345c5e6a62c74c869480eef3435a5e8fbee03fdd3323<br />056265800db396f7cb8ececa45d928c2d7e4ef12fc3f6e6287e72b058c309f71<br />0593285c9428eebb3c7139231e94a1eb480b9287a7c806c26190401311bc2336<br />0640c9b65deb2a59a10de9780bf233f1e9358359003805136cb0b5611bf89c88<br />0658b70dc5f83f4a5affb4c6d80e4d4e42b3676a0ba379fdc955b3d5efa67d98<br />066af1692db4d9200801bb5714daf2509c8638d34320844ad7fdda0407f37634<br />06847d39531de8801f2f09a8ef3347fba7b2ed8c43f414e42eda86542200c93a<br />06caa6291357afcad42b4495db5c9ad90ada0f68d5639a192a4ace03a68347c3<br />06cb069aaabd1127b14469ee916c819bef7520a25986383f97b56ba058b9f7d2<br />06dd069a3b02b213bab8ce4876276131d3e6df36a3ae92d0ee5438d77b786498<br />06e1b7bbda5f4d3d6d0a928633e25b3f0096df1ce457ea076b57bfe8a1cdfca1<br />06ffaaf364eec17adaca8debf643de238f6f3859ab9a8517ce8d88ae9ec31df4<br />072f2882434f8f89baff6b80e888d9c98fada2f623c465e3632e56b49e2c622a<br />077502b5a4c40724cd65a503e19c285930178736cae7904c169d5ac86c59f5c9<br />0775e81e5a55a999f06b8ee08d6882a0420be284c5545ca8102d8ba9c1f98f5f<br />077d9ef0d3975cdf9b90c8310208e7a2f1be89def5108b54c8d4e576864102c8<br />07e6554413102d3a828d3826879181372152ecd7e53f25f711c09062dceece66<br />08427a96214c5d77d4d5aa02ed441523e88651ab1c5ccaecad4ed84128e8e78b<br />0854b788533d89368f2964aa27fc6c52a0e908d17d5e02ce4e43f82b010083f4<br />086eb0e799e62b84d6be33e916bfac1c344d64f02f3592f49cb65740c17c7079<br />09347a2aa26abd3b26636a227b8e5c15c08138b1ce578a12b2e0f9af3e36b4af<br />099e13f0af5c81ea353f5ed30e810abfe45be02184fb50b8454063371902ca84<br />09d5c9766a91b1cabb88b1068ade5a8c4814301d10c00c7a6b96ba8e09d59cf3<br />09d81664413b5b37fe1d9f8174a21bd3512110548b533c87ebd037180d497d0b<br />09de1a4438e4f6e93ab652820adfe9f2ece1a8cfbc37b18eec93965280ea4611<br />0a0d398d9b72c544eed0e7160a5631a713697c0e2ac26cb3b2de6e2df7c7224c<br />0a2187a126bfbc623ae19368850eb64ec6cda8c671b6ecaa2b22a04cac715dfa<br />0a704ec7157d1544b8eea447ba22e4225b6b29504b6ab90bb53f2cac2f4bb46a<br />0abac9bea1ddbaa95c7b7d3ebd3bbf9e0c45b6d29779fb5adf9190a5884e76d8<br />0b79b8dbbc9bb8b05af42b4a4998c91162b203e4c6a85250c5af479df5c8b11e<br />0c2d17eabfbb7c3994692ad856ed2b6b32a25cfe6bb0a48000824c74d77aef6a<br />0c5b9cd34d85a40794dafbf142537281eb4a597931c8ab1ffd25a09eff832ccf<br />0ca74e65cd76d257d664a02c17841e4c933c97c4232708547ccf501a2e21adfb<br />0d9e7d0177699391e34a5640a98e88186ad9e13de87a36026690269a75073b2b<br />0dc82537b447f8a8b9f5d57af7f72e4abf7d9137b18d5ae1486bc79d4f9b9534<br />0eb0ba965a4dddd1b9de337b6effaf3e208f4bf7d1d2ccebd651fd53d11286dd<br />0ec0ce8eb21051ef751c5ab0759c4e292b30176ef3c79b8fd80a6d5cecbd729e<br />0ec2011c97d19736e1d87e9f2fbdea8c2b784c0b7d06a7f3c18ef2180fe060c2<br />0ed1f4382dcb32e470580aa853f9af529b4af67c0c74c480cb737ab9a921c88b<br />0efc291a42a073b00e2e9dfd1d015cc5cf990feb08c64126d80082d996b6c1cb<br />0f163ceb7d04f6942cefd4c2c48967dee831c58b688d63fa0eb5b6d54dd3d25f<br />0f2370beb096959f7de9828ca77150e92685a43b0939d92c8a8481b69b3e941a<br />0f675803d3e9aefa78cc4ac4e2fc4cd36df48a30546dc07cabbaf977a8f2ead9<br />0f9da1b0cd0ec41f6b84fcc10486b997cd10cbcd514b5a0aaa53de4f48cafd12<br />101bef9c8e4bfd1fcbbd6631bddb38e8f7d780473027490c9c2169dc9e82ef5c<br />1035b7dbd634f63ca863b9e61db4088b378253d2dbc04b325bf2aae44f432539<br />10d0a3dd1d64b4cec33c8e23acb4315cd58deb282be5e59e30a21c6eb67c0ead<br />10f753550c5304fbd9df5434ae31bcd3eb6636aa6b86bcaaa3677949a50a284b<br />11f1d189c3ff3c09e945354983b054922d7198b3b46744f00edc26bf6d3b6b0c<br />1217ad298ce7e23b53e36047abd4120041742181591271f0ad87c2619022dae6<br />127e91e30d0c936a8d654df5d76f23e8a4c1f46099d87bcd87edf598e03f7466<br />12bd9e449005de1652fc481468099a2e3af668973c6f1347a87007c044435b5a<br />12cd0f2a568a6bc7d52c938f0c23643affcab4d2823610ea51b98e8a916a08c8<br />1308f593e99e46b9697c116b63d807f4176deb0eb9f609cfff51683aa5bf9aa6<br />1368f44b9347dc3cbbffeb9347f67e98e37abfeb8251c7038bd0d00c4c3c9d66<br />1377c4dbafd0c92ce1b06b420a7007af81a7f8a0955f490fe808fc07d64a2933<br />13995d7076c34c84683191b1ecfc220b3cc28285ab1018d86de556e4a93dda6a<br />13be907b4650e9eaea4a45d60d97e919c38fde8275f01fd9a7146ee1d3c1791c<br />144aaf44570783f4849bea5408ccad05439972088ff0d67307b0d659b26489a4<br />1467615fa891c829ca18a45be2b0b2c95d4e53d96eab2dd0f66647ec74976085<br />14e3b080e768f189f3a4537d5a7780ef2b9459cb3922b8187ef734617409de92<br />1517c5b07fabda2f156fd0469694684a5f3c252acf87170c73c5848befd71c07<br />1644063626a2fe8255b659fabcc111b61234845eeb2402a601642844452d8191<br />164f95a683fc6ebf0f605eabcc3e77fd27fa9d218c63fbf82f31dc8bae2d697b<br />165ca914c4535642b77d6aba42344b8421cb102e37939e9670114b2b2d78c410<br />1667de3c11f761f4cce867f007882b24ca0a0c619c942fdc81233310640a3ab4<br />167f919f159a894263b596bea6b3dd88c9dfc7aa28dde195d64080f61aaa89ed<br />168b7fd40139eeaad9d41b11a6068bc92900cd3428d703355624486b2dc8705f<br />16a459a1b20a103307869aadec8941b95b89b2c2c2b58b10d3b772b92c7d9306<br />16e92bd1341e732d7579d6e22b695a78f110184743d11c410ce9c77be66f8402<br />16ec70a11dc59032cb5fa31c6a70b99d2b8d6e88c1d27fbe16acd5241959f20f<br />1769ec0710efe1c3c70670260076d533b0f819f77052aedab254546cca9e68c5<br />177d38ee419d354752f61133c9819424c664ba3f3fe5f5e8f87e668237bdd792<br />178323392da550429a8c3ccd89f3e79aa10578d017ce8d7cf6105a08978107e0<br />179d0f042f1da2f9820abccec714c591e379ad04f889830d1fb2c7bcaa976aa2<br />17cc278ac4a34cb9d0791148419a88fcfe556dff08875ef3d06764a1529f3a06<br />182cff6c39168f93d95b5427a2fce7465ac825edf2e210ee8137698a512cf0cc<br />18846ca741cb8cceb71032775b5080c4d5e332b18665438cf46b918acb57a909<br />188db4b4410ec158dacd9e2e19136225a9b76d45fcfff634c51b5379c0db1ad3<br />18f8c2e7d9a9b5ade8cd25361b71f6cc1f4b89fceee4a117a8309ca86ff91eac<br />18ff07f18b3db7b905022e1f6db2695a58b92b53b739e88dbbdea21cd74c10fd<br />19162f5ab4c99e840530568da69c8f4f07ef9e531e6ba2185d128cee347aad24<br />19ccb29408fed7ce1f52bea47c226d53c5bd359350fb593c0ba05117e1d71270<br />19fb7e470821e4617e0cff135edc6e9bcd21bc5fa97784458ac5f505956e3aab<br />1a0c2dbe4327c29b264a4b1e50047b6242b953d924d388ddec4c6552bc718fd7<br />1a5210385593ee6c7f782a3b31b1273e4a6c1b56843f4fc35f9dd411d85b6fdb<br />1a97aebbbb7358dca2ac8a67d910b243720035e222b5ba6742082b4c26e84c03<br />1ad2cff6db57510528aa0bc894882e59b316d1ab2c6716c2a049e636677e064a<br />1ae1f5974857f1abaf70cabaab8b402ba0093a7dfd516ec0f8105a68d0ae5e84<br />1b0a50627cbedc0375eb58ab8452f5f183076ae15d93dff4d87ed575d5758285<br />1b15fb6b5480e5c68b00a64753fa3bf3ba974f523ed31af726fa66f5c0abc1b1<br />1b370ea2bb3505edf6de147d7a2ce3daaea7e358a1ba339d5b1f72d6fc56abef<br />1baff76e17a5eef9743c881dbbb37e8bfa11a594ff8a6602c2864ae483641eb8<br />1bb0b4daf2e86a8a728e5b61fdb88fb6a2c944ef8ba075b41739010ea0a2532f<br />1c688b81cea9f27a7eed5b2cea234d4331fafa5410b69ec2c05739938956f3f2<br />1caff262f5f9fcf751f43e1c2b2923659186b5fa9847b208a670195c86eb5ae1<br />1cb89442705e8c31514ced9d0a80e2881214509848af95554d114ffe6a9c7e25<br />1cf7d6eaf39bfd547c1a963524c07d7d8cf13d3055f1975ad8205851fe22fd86<br />1d07d375913a2bf9f2671c302cfda9e52884323df8064026d99ec87f90ff8023<br />1d1f1c9d3bbf25529ef8ea16fa4f0e9f2ed912a71042d2609624e3e7678d6f17<br />1d8a0183ea71f7257a1c33b95959330c11b0f7f53fea5e8cefaa7da7578f6aee<br />1d8a8394907660247dab0bfcf1c8c0e18e031c2aa2f0e60f70860a7aead0c708<br />1da2769687c35086e6478cd826ef91397b67464b46b31e54e7e5341651113d41<br />1de233be193e0dc4cae74a48e5fb84b5fec10bed39aada825160938d989d5ebf<br />1dea8b12ae59446406c7d0e6e6e734648b96968a4f7fa3fef6166c6fb97df7e1<br />1e45612c1259102859825098b27c73fc7659eaa4dbe7228d381b15435474066b<br />1eae85fa748c0abcb9d5d26cdc90cf010a598729f93ec3b905fcd225ca4b9084<br />1ed88fcdeb5a5715f392a5bfd3fc1910bdc2c3614c26b01915cffef430414183<br />1f1cace1f5c06dcde28b6f75c042f298dfce21a5dc4fe71a8b3812b39ba3a04a<br />1f748f5545450bdfd2c4920dacbce5ca7dbefd3cbff07cddaeeefa9da3279bf0<br />1f78d32490be0df7322a2138cfbf6c810417597b21d293bdfbb0bad7f2350457<br />1ffd4480b203a916ab0f3aa689fdddba234ae61cbfcf9d55ec31e5bbbc5c82d6<br />2018c3b35426bed75bfbdb5be745068dafc38ff77fb56e5747660c762c5dec9d<br />208c313aac153944e96d311138ec7dfc2e52ab669af831a210164bb7cf5b3100<br />211b47464504778315cd7385cc9988f6f81d60bebc251bcc44ee1ab82c551f97<br />216bf522366d7a11681c792f0a3a25750daac481b67b8418ae5e644f9dd82495<br />21e670a1623bf3fb2c602fb14cfa83f4640b346386e75751d076fa3e8d7173e6<br />2252ac2ab95cf743aba47fd68638b8a9fda4b92a5a009c8dc87ad58635ed6698<br />22803be68807e430c32f798c2213b6c968f37e7bada8b646a57288791fe3ec05<br />22bc25e4b6ae08d5d978fd611bca0977832ea796a532c806f33c6d860bc90c60<br />22d85463d35e15f76ed2338505976ee9ff554a546ead31b6d682955d86f41a10<br />22fdb27547198eeff728db9cb114ee930f9bcbbf43484a461d4e5add4fa7b888<br />236b325c9ca910baeaaf5f6cc2bd5586ce08fe6e9a143f76f9a86660e8de152b<br />2388ba30d701e3f92bb8c339190d0d7a88378fbcbe6bf5ca90d7a05325065640<br />23dc5e079ada20dab2346d7d86858943d1d3ea2d11d8cf7a8afe745e8e1c1bac<br />23dd11b85e19e747843c50d150159078fc2516cb57473aa09101d8a609440039<br />24d5e34b782ae745e28c3782cd685da1fd8e9109171d8e65179f8c60585b41b9<br />250c0a9a74f14357b9c7002b61484325165152c0d051587e9420ba03325a6adf<br />2510d1d06033642e141ec93322e3a8a289bb85eafa2babd2a26cf5e6208ff7c7<br />2524f9d8a857dde55b0d2b813f68e0b93ecdbeacc7d047eb0bccdbe9d9fd3c56<br />2560ead74d234bb99d35fefd86f2fb9864f3bc0b25f1c52a57b6a609b84e3042<br />258228f21e99577b1f96adc04cad286241149b01ed2659ac7f337aeb64faa7e3<br />258760dc3ce2ec4c1c2c1d8392d10a731b1901a1241adbe3f65c0c10fd04c27a<br />25bc3f607833a8968b5e30ac593c81b7154e243479cffc1cd5b1f2fe825c22b2<br />25bcd89631fffb5777007e0d6e0e2222abeafe8352239f2f9b20531e72df0ea0<br />25e4ad694d8b494e3d4cbe73c6d0c5b248cdc916ababd8b46cd1ceb7621e8139<br />26962c28f32c557eecfc7ec0ddeadb6707239d60bd1e48e2dc342f19bb9ce605<br />26f02d676df07938aec5ca03d24792b5632f2ce4522b42951fc7221981b0af8c<br />272e0cbf96cad81ca00fcefc55c2514966d0b76ca8befbde1cf50a248b8e96e6<br />276ee3d0b3e21eea3456cd45700740c3653ebf6e9a3eaf25ef47b600fb56067c<br />278ee9fd0e68c0a253f843820b2f90984d43696eea56b2f4915c96f827b3f53b<br />2835877d0a7bbacb4837aafb6307fc0810730bb8451b251035702752d72df822<br />28496c171692aa6e3296f712424a7e70bd3c86378e7ba5200c5aa95a3a0d4c0b<br />28ff6daa3d9dbb89ecc8bdf9bf4c2a2403afcb059a9bc790329880ec61b03410<br />2903135a6605557b454a6cf0e9c4d4c1390065d12590d1a808d0cb8976867ca1<br />2905cd4e903fe609335e965cc222a740f16ec81e1b33a1517d2b54b723d1ce9c<br />2924da6a0d748572c1f3e4c4294419998c610ef5f99fc77dbf234d45ab263826<br />293e53a5544b960ae0585ba96829c1aa70204b5e64bbe8b1d56ba6426fad2cde<br />29ab36a8e556f838e2ee2c5225209fdeb5b620a8e56955ec545d4e9f5c7bad6d<br />29c5cffbea74c57ef4c29e4644df730e5eeb830710af3d0fd07c1f12ea1db098<br />29c761a394b120cbc25220098f0bab3f4de606312cef14e28e77fe98ff5bae1a<br />2b840cabba88599bc8a697f2e49565bd0175391f12bbf7db65db1da211d87723<br />2b8b67f8014768a1e16ec1c51b55406858dce2bbf60d692b2b5ed02801523853<br />2bb0428e820175f2271a2e9c19e8bd085b4963722792929af9c915fe85ba284d<br />2c2751b27efc1a2912b8fa3319fb58dbe886c00d28688470f72ac9ea25cf6664<br />2c29a02093e354aebcffe6c95a74862806b6cc2921aec0573bcdcab208cfe7ee<br />2c6f367b2ff96471837d5745e748c84997ea16d4ebc4478288f942a5214e589a<br />2c8925af32d9b27b79b90302b7df4ac50779346369363833bebb91220ba089ce<br />2cbba6f99a7135cb922d657ee97b065917a450f4302ab4efe0bdbd5c74f539a1<br />2d099eda3b951dc764ceb27d647ee31a71d17e25f24ba93cee7e033f59be9bda<br />2d5904d3860f67c363246a59dbcdf3e5291cab4330d559557e9bd986b5bbf7d0<br />2e663f410ea795c88d94fb1db4fda4b3e79031504006033172abb3c6496a6c86<br />2ee6cfc8492c1e4403ef5ac0559e365e9916b92ba15b41b70de7ccfbcabc6cdb<br />2f2c40c22be1aa9a66fe55f4e9d33be2cc4bc7b73e3f8bd9c5084ad631809975<br />2f2f4ef9694829c476af0f340441ab61815756428eb3f621f1155064c3b2033e<br />2f940cc42cac1f7e39c786e879fb7c0829c9f289ab1b7a92c7b1c92b4fdee26f<br />3058899b05de7ac792b9bdd846287466ffa1830c0f094df26cb6f55c45810105<br />3102c576d4e39f026a45de85fe19019003dcf4ea9d284198c5e610307fc96b29<br />3107c9c899674d8d83e61aa4f03d9b808fd9735dc7dfe52602b556e4c87ca08e<br />31234b21be15d0f69b78e5535b83a0c895b91f7fb746789c4518649244d2e674<br />315016ddbb2ffe02cc88704ec8259a45c258515ce0ff723c680383a10bb59e09<br />31b0a0be53650f8165bcfb1daba1ce08144cf9b1d323bd7b6847da0250d46543<br />3260eb9f0d9098576991738354f38c5b1d3422a47ffa7dbee17f2be4cb85a2c9<br />33266fca43cd51dc7a29f77e5e4d673b94bdd377954d3334c5d40fcd41280f02<br />342014a84c489d76229633464cd825a86d0b4280d1a6778604526a3ffe194a0c<br />347572bba5c2baad92c3a76b3c7d359d1608bee2e8f08d1b410972693fda7bb5<br />349e84ee6b427660696df0b40f175589d5ff083f797bc33b03a7063b7688548f<br />352b6ec45652dbe0bacc8797315db893bccf6cffef85fa8050e04c23f43ec37a<br />3545fcd4baaf7cf09d9f06768fbc913b13bba295a5b3f27b91aca898c5c5df1d<br />35faa0e36ad3909e4addf541ea4927e155df3fe090d7c0bf05d0b83c0be5ce9e<br />3695933bb6c93029bbb6935c4d26c62cf136986a9ba0e4516e4cf220ad1d0aa9<br />36e5dcf5e2908a6171df25e1d0aea78103912e559535076f9bd1d4137ff8a933<br />372cca86770c8415c40b8f184afc44a54fa24ad1e59536cbd8b0a20147355e82<br />37758225759c7df69ceda71a4f7d4d399b03b44dd3e755b985fe7c6b62ef1327<br />38777ad5bf0d5fbbe5b60affa262c0fbc694cabe0690f9d9e03ff31bd3f2f041<br />3883d82ec5eaf6e48c5378f38d29dd9f32efaf59a850363cb7709e27dc4cac16<br />38ce14dd5d9aebbab6daeccafa1fc8240aac4ef285384ee95e61a51ff7161af3<br />38ec4b43de7ffa81386be93209b1a2430ab8d184b59b8a873b7d6c7d337cdb96<br />39008de7e65a614525f1ccfea40aab748a8f97de63b4994c72d131cdf3ab7fe1<br />3930c6228bf68bae394c5248bfed632182cfdc4b3806a63d0e76781ac46847ee<br />3931be271a4a3af7ec0a5c960bd44031004b1f7c3f2e52f01dfbb3360d6b11ac<br />394c9d8e69a3d862cc49d9ea8ce73317b1c16b85cab3a2d971618a6b79e1367d<br />397f06af79383bee37371e6d3bfca83687a2900acdc09822ece44104e5c3a1c1<br />39bee6c56b370c105881a36ea364b23db4a274652381539b8bcc23c9cbc95f2e<br />3a1379ce8d1ca4a38a70f55a4021e7ffb134522a4e1946de0dabaef45403f312<br />3a23e7228affe00d3f9ea8405f8aed47dc06beac99e770f0e6704227ca8f5b2f<br />3a25c81738390b70fb8d848d614d4d2284e5f4ff673552f8caa93d3c699e96d7<br />3af0c24333d2e951fc68ebb00611e98fcd1b6f546bf89009b66f3fd0a159103b<br />3b17b39ab23da38bf9539d2779ab343c56126087461e430fbc9972e83efc212b<br />3b395ae0c1ce977d13f98f40113d21d19455e23931080428afbbc973dba90ec5<br />3b888708cf15795be404eb3f0b099bf756c6e9e3ac3554b96955ea8d730294bf<br />3c0e506e2f48568a53a0321b2c61788838e00e9a6abb0842efdb246e4acf2e78<br />3c1896b81196078d11e2f68bd758810287af2e235926fab1b2c9a6af99913ece<br />3c5f5fdfd246c1c6dbb7cd3ef201e7dfd05f0b8ddfc2b2bf08a1ea499eb47484<br />3d0a1356e678da6a5f5e682165b58a00a0c82743bba4cbd25c674b8027d166c3<br />3d1e62caf6600a08885d06e0432bc88e9607c417a321d3d54399102af1c365e2<br />3d69b035836880868fbc66f5cff70e7477eb02d7c3953e933d53816fbad0003a<br />3d815f8b44dee3ce77bc8dee1ce455f94ee215d6d161894c54a906039fe12682<br />3d8fa5ae49b004845c8a49cfb89480e676bc5027947ce3b3419ceed47d90b5b7<br />3dd738af088e4a303cc28ce71f38091e55dc0814dd23f38070ebea517b234ab2<br />3df6ccd3d56d0fa23874471e9bc741a50c8868e9e3a0ad85a787adcae395c8c4<br />3e0362d6f30d1baccf012d7a769431acd96176ca813a21c95d23e6a159aa0741<br />3e34292cc2c953ada80738625660333c422139fd5c09fa489bd1735684d55fc4<br />3e9a212afa481872fb161373c3316e55f0ce43cddf424aaf5a37804738ee6836<br />3ef2028ebdeecb1fb6cd03c4f06df21e37e0e1940221d02e56bfb3954865cd32<br />3f4bbf66dbef745ac0d1bced55f4b55e905f039c57df7660f4a5933b6f314c55<br />3f4ef11f58a8e2955616d6a45f646914dd67d7fee7439355cfc56a3ff715b765<br />3f633ebaa0435359fa4dbafeafe77a821ff6f9101a3ea515ba789fe72e99e4ac<br />3f79b9eb2a86c0c2008717159bbd6410192b65d677b7896c94d51f79f2f563a7<br />3f9040ef4e293348bedf55e56e22948ca613ed6cd3cd5bbd5905dbf904a37c91<br />3fc4243a5e01c3a07ed0f594ee29194e21a175f21a80f16ab1d412d6d1b0e2ff<br />3fe18266184971fdc288c1b6d81555a30247b741ce400fd65a07516dcf6cf762<br />40168e134b65ec64cb3c3b924caecd821bdb655472edfd4547be2265643a4831<br />4092fdf9bb3034bc76d1fe477ebdc8b77a96781f91d58263a33f7167d8b7a3e8<br />411439818e28a0173c5d8c6943ff150433c938cc162df3e86e53ddb5a8008193<br />41355e1ad0df9c60d6dd29eae0b27862cf8023bb298b20fc2742185f6559e5b8<br />413f3c3a3af618bdf36325c89ee47293cd9aada5e589b7e40431c2645a460511<br />417491e21c618b6728fcd4961623f364c2788ca71e890285a5638a256e411626<br />41846fa6b5d79494887cac14165667ea11823bd971273934f54f0782a2ae078b<br />41d646c9b77c382da0bf97878bf803e34bbcb470f0c90b9a1ea753b70d09e394<br />427c1bd5c36b77a3685c1f56b1332d086678b7d6529eadf3f608c61f1ad213c7<br />42e1e5b94113fc7da58f22f83e02d69ee35cd3b4c0e3d99d11f085e14caec430<br />431191a82ec67c7fe0d9717b163443559b1cd13269f3b0730ad3e0080490a483<br />43862a673f8bededa70e9a2f6ceb407aee8df9cd1b294aba863a950f2cedabfd<br />44162a15b1e1c9ae989227e55fb987d5852d2927f3f52b535d194c01604d391b<br />447690639177469b6eaf9c2ec03b9da8cde3a03a092ffd7470a522ba54732989<br />4482c1cba9987a879a570195902c484a353c13531282a860481679b55d712165<br />448b3e4c7c29536c9c7426a74fcf1cd8b316dc1724c5188655c8ba1f5e78948a<br />44ba40ad2849edd45461fdf62cc47db93864e84e2fdde5fe7aa44ffe2976c0e4<br />44d29b3b3a4ab8510efcfae736b0223298dfc85066d776d55aa1479be2d47e88<br />459845093ad2a9edea7c16d36ae66464bba2e9377f9520886c9496c147de214b<br />45bf48c08f237e0c5be0972da2188cabf259ad5fc88a9b675ce563815f0899d4<br />46ed3040d2c56843ae091828bb5da296ab5bddd3cb4ed17e7ab7d5b3b59cbc4d<br />472d71a971db799233738c8e102556e86b14a950485ef5895f263e24c4b6c733<br />475ae3a3e09851c50c8bf313856991998e61cd926f1fd3989349f5646cf1d1fb<br />4770a6abc4741fb01f56f37d3a75f1f989a48970d852e2c21e5cad5d0deb51b4<br />477f4183edb98c785b513f636d8c1874600ecfee348f3bba26bd8f52c0f0c0f9<br />47ae362db2d4b7d37f9adf590080e6a8d9240a7cd84de5e12cadeb2f6e226e38<br />47aefa121a13e101732e0a782571d119c562d9446f893ba5aaefb7cab9df6ee4<br />47b0c23818f304cdb5f2e539e4e1c7a9a6564683c5ba20366879cb282dbe4951<br />4808baed48ba5573d753fd493135a1cc39a48e78c092ae8ba0e28d17404d0b80<br />48b3d6661ed749e8ccccc01db47dd734d020bf885709354b956bc8188eeed37f<br />48d5d1beb8536e8df905a88081c52a323ca9c6e32ea51fc67b5be61c43de5cbc<br />48d5f1ed7c52ece50ac06ec1badf402bfb67b3d2123ae826ba1ce898d578ee2c<br />48fbb0fc9d24fde74de6e7bc0f6bd543418dbd0d821bdf0bc30b1b44169dda97<br />490789bdcadb946f904ebd3c06720f57b9c5fc1b8a244700d9e576e12f568f47<br />4971a1f9fbc1bad75da005a9b2dbbe12f86a694b7eb750b91aefdbcd238930f5<br />4993e2e2bafc5455bf5b3b92f50840bd653eda325d5658fa7da5516249888b86<br />49d83f948bf0814f8ff336ce163a9ccaaed5149c16611adf6792edaee79fa559<br />4a22e8b3e11942e1a09d9ed44d24e8b23c26b1be59b462728e6c6ca0efb17db1<br />4a6eb83221869225eb40691fd0f36f9a3cf4dfc143a65c11d92c4e4597db24c5<br />4b40f0cb4a9a556bc2da654c028ccfe269ee15a30c7476b71b59fc8bd52b97ec<br />4b48e15711b957259179b300562af4a542cb1dc831678b22556f4e5a659cf6d4<br />4b6457ba087c97b1335c9ed62bff893092b129c4e40387f97e79320b84eecd35<br />4c51f7ed40a802dafc74fd01f316f7be388efe91a49681693145744eefd18dd6<br />4cae7c569f8e4b8c86053b551e2d1f58ea2a3644888e358cb7a6a1889b693c88<br />4cba84d147a28f3df463410dc2f3e3ec645a644a46502c8ad791417a31ad492e<br />4cf02b885419c059248638ab537436b3106d018ed44f94e680de8580ebbb8564<br />4da8862bfaa2ded7d1f954d133de393e49a1e1ffbfc7ce03d965e33193d32f18<br />4dd5c8870694f251fd8db44296a86dbe4a78cd6358f6d8baf5c825f216d360a4<br />4dff9a884460a2b8bb5796150aea7460765fef7a2943d2e2e8d7eefa21040529<br />4e1c6a9f42425216e69ce6333cdc9e1af617f46186344c60179aa6507b4bfd05<br />4e5b471d1d19af341fe7db6be6188802256b8ce209ed5fa7276417c96cb91a38<br />4eacf4357375400c5584bc2c1060055c55c97de353325dd1fe97340514031e28<br />4f05a777741bfd55e59479faeb3a50808df13efcdaf87538612d27fb22163b66<br />4f15d02e41937aad2c3c68b2646a76a0dc1a506ded536c9140eb0a806d011503<br />4f1cac233b03546d7429e2b5b0416d053b797f8c215debba25264fbc89f587c1<br />4f3b77e37553efcc7cf4a21ead5a0a704e8c5ed7a70ca891538fc02965dfa11f<br />4fa2efcff0347c0e0246a4977688cf443569b9765acc1b0c7dd7f3c5c5a4afbd<br />4fca6960d159bc83e7ad2180bf825afbcae8d4b83b426e5e09b49c44e1384f6d<br />506f445ebd514b5a9cb9786fc646e72e6bc36ef326287723c0fd9111fb514c5c<br />5074e21fa8e56bc5dba92850eb83e9ab19689aeaaa43e06aa8fd0fa325486a0f<br />51088823ef6c2f07579ca4a8a382050ba6165487ffe0627f1073d62c240dbfe0<br />512ff135b1c0809a00c0572f7b30a132f3389de782e1b4fe47a26867a64f1301<br />51548268a05a62da1e78f59d2d5fda4330737b97c6d5e0c2e91a881ec731fde5<br />51c87d4656095486dc08b50fdf76010d016c2921a6b7450c58db8a10d52f28ce<br />52007d939ee45f5e761389e5dcf06342eb7a37bd69dac38a96c2cc441d07e0b7<br />5276a4a9ec8280b884b70cb8f9a6938adae49010316f0871393e00e27e6c953d<br />52c5a6859e83801d0a5c5473c294d6e5afd71970e70dff4f49ff3259c28607b0<br />52ff318b71de43f58741e4d9e118d95e8b4f5c20159b42a799928ccac08ec035<br />5337aaff4d748a5fb1c4996ddac1f153b8030bbedd74f82398ecd4943f63d029<br />53576f60dc5874abc181472dd640e2ac920cd60b481f461e8f3af7cc71376df6<br />537b339e0573b59a4ee4bf9c04370f23d9f855971284800f14f5ec71db70d082<br />53afbabc36a7ba986722c9050aed27cabb26e57ef348189f17061571be056ad4<br />53dee12b2f84aa9e8d13e316c31d58c407b52d011b6d134711efa930dfa0171a<br />53f966b1c0eeef70a488a6b9b8937c1262a4b81b0910244efe43355c4eedd529<br />5406f98ae456235693b206607a748100e085ca5c1e177342989efb885d1d6854<br />5444cf989777d70ef504d3e7a601394607f929bfe67c742a94f2de78d4341ab2<br />553f39a7824a8eeae1a149195f833a0d0b8717563139022907512947443b05c8<br />5543f5af31682705961d2c08c1c14e37cca29c460365f41fcf04d27fe283e486<br />5578fd942e55e040c9aa109346f30602b186cd12ed526b0ee9ff1141f2dd0b7e<br />56432a182b07c45c9053bae3e9c48e137a1d2844483e976c5a894557d68d3189<br />56cc2379c5ab75f18762d90832e7a2bffaadcfe445f76fba344bf6d018428941<br />570db0c19533584046e26dc7e39b98ad2d7fc756b7ca032983723bdbc074be1e<br />58856688df124da04d4ee46f41b0914cf8d4b10619bdcdd166f9b898d3c92fae<br />589f98b8fb0d17903a80148ff107006b12be55739c6b11e9b4d3088e8b2c5d73<br />58ac4c501d2ab24d167c64bce54f9f8a38404ac2cd63e54c80d7d07ef5a04903<br />58daa8cc56223d79d1be5e54eb475e1301f4a06574df408c0ba46ba6c0c0cd74<br />5932cc491102ec28791549bf08c09c249652e7ccb82514895fb196d7cd9ea510<br />59f467202350244b1b557f602ab1d9878c6ffac2ed38fbed281b5f27bc5b39b2<br />5a0afec9f79fe824930b7d8533766392b4b3254cc67324ab5fb143887b7d12a2<br />5a0c19535da0548a5b5f9d00f5f26376272d2865887e6c6b40925ad6960a7dbb<br />5a0c6a32ab620d617ea1480b20aa386498c99c6b12a72a0af05273aa9383a1f7<br />5a70f8cdcf1a9a65532dde41082a7167b5df3666db5c9bac4e52b9a5e76f09e8<br />5a97d68a6b85962c9b542928917e91c75a62225d00d9691c6c199edb57ba12a8<br />5aaab0d309079eee0ddf23951e89c0c07abad5fba3a774aceb9adf6251e37aaa<br />5aab2844c77943b56fe71d92b2a287d06fe0061c4306e21d85730a6bfa20ab58<br />5ae47ee413d7c445e8818e78aae25bb02788def4328114cfa72846573ff5e715<br />5bd29f369a3c5cc9427c27244305bc1968b19747285d8e64b5a64a75231442f8<br />5bdf9a33c23e23236f68f8fe791adf3f5ea5611a2e5bc92c1ecf650221236d7f<br />5bff03a0b728655b1649c8e63041a255620fb2402c5eb3f0cb16dadc953c581b<br />5c3caa5557ee2d7d22f9f257546fb6f3c27dd0f37c985a367e01152b59a475b6<br />5ca029d618ed555c5207a204461ac20532ee29d5d99a9dafd6ec590712b2ac43<br />5cc162056fc6ef7908ce543d76d0b91cfc2c11c15d81d5c464098d6a923db37f<br />5ce05782564a8b15a2bec9457c04e9a1bb61d7c247ed2769d37b2cca1fda05ad<br />5cfdd3e1abccb4b17824e2cde382221743d81b1107895489a1e6abd88dd30f99<br />5e08ad2407b073eec5f5ee0b3230a4ea542f73577308e778dffac60510b1569a<br />5e17b2911f4e4f5e021197acabaac8dcdc3d1e3e8d01d84fbbd84c1667235100<br />5e39dc4273976492a65d4c17b11d4e3ff72e230dcde7f4844fc3afa721790b0d<br />5e3ab630fd42dd7c94adc49cdbe34d004b4769b7df7cb3ac1a04ea49c512fd6c<br />5e3b2cdbd6250cc0267f3f53861ce2805b98bacf0747d7c3b0f13f3b1ee5b651<br />5e468a21f97626dc3387cdee6ec5091fbae4b7650bb83724a6ac4432307124dd<br />5e4d240291b362708bf4c053fadc634672f50820730bcea263e7916eec1f9a2f<br />5e7432dc751f938f20ffec7beb864f16e19d888e9d5f2f415f7994daea8c27a1<br />5f9744fbf21a8e26ba2563072cb05a0a336ff018750e29ecdf8af7e1fd1a9759<br />5f9dfe59d30f0d3ac6a8f0cd71f9743d5b3c37c95ee0940536d1914f0ead36ce<br />5fa7066396fdedab03fcb48137828b2c73a8bd86cfbbaebf46ef9132d3f5437b<br />5fb19d0be9b56c121e5319793d2939ccc7ce9a0399d4ab6b8dc564dcae00a0cf<br />600bdc0e3c3568502d7b17cbe5af547faa95b6d49dd7bb5f220760e34ffe0052<br />6087accdb21acc449913008879a9e61b07afd600d8e502bbc2bb5f851087017b<br />60bafbe1c792fb324513b9a62ef8d2b070d19c63d0181b6c9acfb71885c366f7<br />60bd3f306225c86b24720866ee1be9e77f90e0573bbb50d967d7541f7e435964<br />6106b83dc80ac4fdf11e2a88291967d0005ac16227a9db27e01fbbd3ab8bec4f<br />61171cfc161253b053fbf1b7e9408cbde5e802e1eaf02ae4f4c8f31b2d16b001<br />6167b171c6d408bc6415aa15e3c968263b6abf63cfc46ee34383fc5a2e811799<br />617e72a84a141d96c44cf3f389aed3e308752a1c6d3a2bddd0443a7f49bcc55a<br />61a444e9cb0f85fcfd91e668ab5819298022260b27687f60e9fa590a9cb30386<br />61f316fb23848fe6cab8a29901d35c6e1836090ff54fd7a53893d14d80ebf801<br />623d8815e8b08bfe48b581dd71266e04e2f9e2973e83e7660828793f575249ce<br />623f2049982a4dcf82b72736d1e7a5bca949209aa2ca0fd53b09ebf47733cfb9<br />6325269bb751a9c2413c7b3ce6a904eac06e51d8c50d7931981119b1ca006325<br />636ae7b98fcbd0c2ec7d7b7febc24363b6b41e61dc7c57f9798a75048554a25d<br />6380ba00c0b3308049501266b9f8918375be7ff97dd1726e6e34f410ded49669<br />63a05a18e0446aac3e6a84ce14e42df400f3c55b8b59133767a178aeb94251d6<br />63c74f1a8a4366a292998df3d4ce18a34c1ddc757f9a1519896dc4bc88d7a895<br />643eb0d7d4c6635a6d9b2e557c0861004ecc5a0451a26903aa8c89e6845a1b16<br />64589b36615ab7c46b8966d0dea759109f1c1c98f73185fa284e519a843d01c1<br />645f8f08ffb72c34b31876c31dd1b00beeebfd2728e118c4cdfbb55b753055b9<br />64dfb0fcc2a6b44472b58a9f52c3e4bfb7af75014c467fe90f57439ec036a145<br />66188d198c9bb12ff672752219a397d6b3f4d027502d143a0c6fd8cca799d27b<br />66463df1063ce134e3074490fc55b797dc7002c73f2cc5edea8157ca42f7d43b<br />66ca3191fcfaa7fd78308cff4ecc6bcabb0815c8a14a372e94e1f12fef6dee00<br />67abb0fead07231e5c8aa5e6a33afadfa52afd7c716ecd41d80cf6ffd6a3d88a<br />689856e10642e0e4c332b1575a218c7e3b872ff76e91dd74838b2f47a9a315fc<br />68a6e7486383bf8cb0b8817a427650226d9efe43d2a176a3e19201a8aceffc6a<br />68defa2cc349ad9780de7dd71861de6d94af1cfe4304cb2f4bcf0384aed3f5fb<br />6973db480c503611f39d6487881ab34b497ac1fce68bfcf6a2e67368001cd676<br />69b513f35dbffd47b57fb3ea1a68d6487ffef325b43b9c25b7aafa33f1b09f9e<br />69be0dbc34c4f73a9fd5deca5ad583065bffaf118dba8273c17e7028c0f08170<br />69e2f319ae789636b2595e86bb4b3ad9557d168ba9cd005ec89f5929a04f8f8a<br />6a0724509395020c1aa3d998ebdcda2f424911ce6f0747d7a2442c18658b39a5<br />6a22b5440eb1197de9526250559f6c5f93c37500d09cd6954da79b36a705e801<br />6a25a57de8c5a519c698d2a6b0e48447710f97c034f159722d862cfa7389309c<br />6a4c4f7364cd529f7d3291b3ad98455aa3c3e1e82a431b396ec88e5fb9667f8d<br />6a9ac1051daeaedae22d432d712c5a7f3e8dd6b8577c6f8f3afb3d4ac2041214<br />6ad9011abf300b437c85e069e5ce60965cc88f05bc0acc5e2bb75d05e85c3244<br />6ae02c0a5f5ebf4c6aa0b7ec69e1c04cafbb74ea185ddb7ece03591ebb90b3ff<br />6ae7852ad9f9a95bbab664c77251719a519e808690e29150e24414ffff291712<br />6c0f368279915fdfc790db8f97e256118af2ea983d7d6d307ba42634d23ceac9<br />6c353d433e65b7ebd5140d0a9bc11cffe1f8a83eff834183ad882ec9fbe99c0f<br />6c3f5c9af5bc9576ddacc97eed4302d9029b8b55b231d6e2b05412bd5699469f<br />6c68c1d89bc329979a5f98e630db09db046d0914c1c8ec94f8741c2f7c085e4b<br />6c7e149bb91a86d983801d96e9bab4a7b50c9b441cd80e818ca875b9375f7869<br />6cc250b195d2da07b451eec071715985bde216b610264faeebf88ab67ba99e08<br />6d20d806cdc42dd333773f63ef499304d2e6bbd0b5e911072d16c60ebfed7482<br />6d5b9d323245cfb1c181cc462c7cfcad572aea75d4550c0f63152bfa54075c35<br />6d5d3eab0efdedd5c67ec3a222fe5002b98a598d5c36e9d059d913c9e91b4b47<br />6d644111f5bc60246eb13e8dd61ebb03725cf6c4c35d5aa52ca9d756ab63b750<br />6d6da46abe4fe963b0f9515218540e5e869ce5a3a75845bc2c222e989b159626<br />6d7f65e98d192809d0c273638f8c55cbf4c6518de8850c0a051540b3d267976b<br />6db5b580ecd0d48d49fc20f9964738f826e25b003a2e3f78d8aa539f0562fa3d<br />6e00283647b32368a64dcdc7d323fe2da1f5b4e693065332f3d3d97e5fbeeb8e<br />6e5caf9140027511477ab1a31b132ad9029cde57f8641e382375f62c2bb7ae5a<br />6e63d90597d7176ff7543f56f74267711b94eb393470907fffc043006ba9d446<br />6e995c693c23d2ace347bf43950c458d38905681426430ffa11b807c943b8d94<br />6eb8d21a3446cbc2103b75c8908a3627a4c22593f3b598e2ca4529bcb704545d<br />6ed4de51be1fb064ab50d531e4a57a8f7a9db3794d6cba1983e2682289ab1a06<br />6f16d2a49dd65dee8440a74822a24882a3622af0e7ce647f473e81ec136f8dda<br />6f1adce7d6ed4ef4eabbe86c042545d924d7b7e5442e61ff68089fcb9029f824<br />6fbf1d2867a90c6677d8dc95041386cd2ac00702bba1b3db96d169126f8323fa<br />6fed57731c730a09ae2326fea8f70a1f5f01e76a0817f8a7dee78bf56f3dc813<br />70751a756e1ea0dc1078de5ea00717037fa884ed60877308d8028f73b2a71e86<br />70ff4a2cb2ac8626c96bbd0de2b7ff5cc9377db587ee3a552388e2f571682392<br />712ce534e3da97742e303ee96ffe460ed2a650206a3a2b491c3c3e8f0510dd0c<br />71378a2e676c7e339f9337e7ebd388a60a7f66343b52eba3be7b9e60032945ee<br />7189dd388312c3213aa7902f0046abd12e6ec5de6e2fe6b80b9fc947bc500b29<br />71aaef3d7589e9e7e37049439710054a90559a6ba650fe6df75b2b2000571be1<br />71d62fbef87061fd4786df52fe631ab35f314ca9b1379bfe809c6d7c48f6f7a1<br />71f55a3b463a1c79a0b5fd130bf01d17797db1fc901d240a80f43e472c13f003<br />728c0a50e7b03cab8187a4072a9b6b8f6d21bb619e6a5f02bed5f2ee4f1ca8a9<br />7309f1bb2dd528e4144fe1374873ed984d3bff40ea48a164d42c35d9c48d4652<br />733bed2dea5b23ab4a35e2038d9ab805924db9ab2f15233a602587afee0d1a19<br />7381127cfd31b05ac331a6aab0565b650ae79a4fa7c203d50a5ac70c4ca696f5<br />738492c68befe5e13dfaf398784131fd28bfcbd6069d5ec39819d5ae0a79b406<br />739a5820c42ae1ca7623205178b67f31f8f039bc55312064f294fe5fa955ff03<br />73b6cf2990e18642c0a5cbbf748396896d40fef6e1fff4d4a63527ab2e0ddcf6<br />73e9d6a947f5474a3b39112962e1330c566b2440e0b694fef266e46351a1eac2<br />7466cecf817958184bd2854f1eeb4c2ea4d3a5128b092447cc01fe35c05df3e3<br />74c339e21023a0fe02ef15cdabe77fbaf43b53b16682e411eba3be72e53220f7<br />75470e4cae250f3e029ac55c688a56f68953be837d25f687cbae4663b1a27d6a<br />757593ea18ba5d452043a0c689ecdf1ab1d7ff5d4ce6e85aec2f659647516c08<br />75a5cf8b7e2d8b3c722835cd97411ecb7a395832677a53fe3484da4ea4a1a980<br />763fc2016ff5f4206ab3c810c7de5f620817610b4f68ee07d98806d272b2e042<br />7641ad7112a0ad9e14bafd52af21929daff735f4c290160d098ab3c5ac2ebd0b<br />7649e205b8292a72f8032ddcd0e2d8005020bcf3f84ff6c311d2fc11f2206902<br />76d893091d6c19af239542b374e8c3dc764ea9b8be2f9615be5e2ccd0a10576d<br />775327951af16784aede470a16b6819c44e0805fd86881b910b90e7ca6a60911<br />775d86bfbb23fda1425c17c656a8fe1dec079564b211979d80dff7908bf9a99d<br />77ec5c5e6205094ae1d8c978b72d3d3f2c8139f4e266b30fd77f761a31512399<br />77fe44433e9dc31249cfc88dd703f75f0b89bc076421ffbedc2c0a2901376831<br />786484c3ad5b8a7550a9e8f7e6c15121e42cbf429a6c30e792b6673cb0f919af<br />796dcd8154da2726015822e4b6d34c28d2245ba17a083712be927d121dc73856<br />798a03d3c7ee5d65f8dee5ebd72a84471b8f3b150d8b4a06b6028f78d62a61f1<br />79bba4050c55a027311c0c59a4111e2c674eb26a8f8a6d321a4074e83406182c<br />79cec0a33b2aa90b22dc5e96f228dd4ecc6fb565f711a7cf9f320b89680a702a<br />7a1f60ce75e54703d4a53dbfbe07d83668b68b2f1ff0852e1baac6eb12a9ad35<br />7a7a7c940696802158971fad22ba566d1cd0133b1ab70fb4b843f8ef893429de<br />7b0aacc5fc5f5e6e4973877aaa2cf99c903b03998ff2fef52f07f5e62d327649<br />7bc6bf94ea3b34496a534a479064d07356edee2ff1d7a38bfc1743e4c8413b40<br />7c3330dd55c081ab0da82dc2e0db96ce0d3b1b9824340bb620800bd6a743bf50<br />7c35feffacbbef43312dfb8fc0e7eea37cd54f29046ff04289c7ac054a18a2bf<br />7c5565f643065d0cd9eb23372801ec3c58bc0a2601c35695c644b6aa98d3b9c2<br />7c9171b8a033c0d3e74e297521ebced29f71b722775b13ac8b2c3d41adbd5c06<br />7cd7d3570f3e7dee527c4f39284e6ce733e21b615782fe0ff59959f32705ee63<br />7d29a409f13ea93bf4e4edaeb499e7b0b5384cfcd88e93e2b2499bd11c6d602f<br />7d62b4874e093d4b01bbd81ba2549a3957e9b19cf52331d53f026ef5e5c1c53a<br />7dad1571e0160e77e245216c6f342064dc18062666f57ab23223bdca438affb9<br />7f1173f478ef7e94484a429412daa139d90eb3318e2eb174875cfc15f2fab805<br />7f220d148b76c557fdd87b3e316f397176a66a9d729b474450aea2d27fc55fe5<br />7fe171a1dc066dcfe77e69e729e22f20b30e603a42dd9d084f16084d639c5fb7<br />80bc6d86d1c614d5d4d1ce1187791c070be402f254ff7cc2c94f184d4a7a7cef<br />80c052af90e27a6bab0d39822c224d86916b0f17c77dd41d801fdc446bdfc51d<br />80c5e10b627acdbbaf1da657e237eccbfd756394baa14efa800bce9a00bffdea<br />80d282cf3236112d44b793ca0ad9cfdfe3303c9df5d818fff34d69fcbc584670<br />80f1e53a72c7932ae38f21dafc4977fbdc9190023baf47f49a8ed2eac592cce5<br />8118b94db01130105d829b4e00448a16055b8f9a232ae753481f696119848edb<br />8154213d6dcec25fb27d44e7175be69d28e9ce226267b848dda0a8afac9bd160<br />81902e3b4d3d77f2c9154f46fd4289df775742ff11124458e48e601c4e22cb72<br />8198965804ad0231f6e6f86d33693c37782f91cd1125abb0fda9f5fa1333f075<br />82cf60acf2fdc69ac88d4995089bc2b6928a59d7b1c101f111d39f24220e0347<br />82ec62effdccd4f500dfa49b42d998a849f1772a8e4cb4a6e25e42c04061070e<br />830febbe628471adec2515bb8db0e0f20d42da8df777c4a43ee6aacac636588f<br />8320b9d50c7e13b9fa05681ed92108b320ae82e16d9448095986f85e51c77f2a<br />836f35a103270abb32732bfdb8140f774d1f34921ba53490eef9d11abd06be9c<br />837967328daee433a36e271b434363e26d283734ea1d956b47ea21360d68d231<br />837d1c97dffcd6d12e4bd25420eb4ecd3c71e1ba57072581ad05d783810cc922<br />83b52f09a220171c5514fce5ff192b5f2aed529efa2d3b4593c656108e8c245c<br />84196e22090c98f2e51c60ea8ddd541c8fa959e961357cddfef64c775483e379<br />84bcec5b971c43c00cfe417d12d93c6f0d0da98b034b9aac0770318383ce3080<br />84e5301db65c010b10033dd8ff74689644c48b452266864def360a2c5f63bb6f<br />84ed984a5799fe85d78bbc3eb641c740286825136d6868a69cc4290d07a7ead7<br />85a11b9a72c9ab5a8c613bfeb9f2c111e9bf6a5aa31fbbe3a7ea541d28d9e671<br />85a760788e8519361d87dff125e5dd98b8d1c819854b428f0f15a1aa86297afc<br />85ef576e57c53665b365eccbf786a19d9ba0c0a2e6bb64afa1bd8aa607ce6268<br />8631460d5bbccff0e05c2f1fedf89aaa399df15b41f7ff1b1ccbc49f2016c324<br />864c0be62f3cdffeb053df6d505f88c63792e22c67c83dbd1672d88f11f5d7fa<br />867960f9eb5c2867d7001b1f1aa06a3c5dfbc5ef1a650d39d9ebd7551b08ec04<br />8688201267b4fd17e956a4eb075fd53f9709ec25de6cbf64c3aeb96e943f5fce<br />8713d72a4cd5760bd40a00837e4a5425123bc692c271f2b25a2ca87d75f140a6<br />8787057a86ba9e6ef144ffa01c9fd50b8051aa928fffd05f3a1ea8a26a21e884<br />87a2ac3a8ec1e4ec97817e087578077edfd5aea6e1221c9611f9184ecb1ec7d4<br />87a7fb3fef8132ead17a61c5d57014984dd19b245d523b5950357ffa40ce5de2<br />880ca90917d7e90b79e3c2cc9cd55a016d475abe37310e18121753ac3aec9a3b<br />888dfaa0c6a80f7d9f8c68a53447351d87a9cba3d6f5e0dcde64c0f45102b2aa<br />88dfd64749305d26b64a9b01238b3df3354fea372e5c0d99bd7633c2afccdffe<br />88eaae768e32a164a43f14c3bc6a7ff01aa69e871c2c2ff4f21c9d25f6879986<br />89b2cc26e4739aee10c9d7647243a4a5123b5291a50435aeb501f05a8c0be498<br />89e85fe02520586e524c4b441039bf3f71125c87986f64838ba7555574589e63<br />89fdcad5ea252ef33a34cf477e2f226002576826145bf7a514dc9c48c5ff6426<br />8a79ec1b75680b0d506efa06c6288f52ee36025eebaa85785f964b5a8f182ad2<br />8a97dcb657258aabf26ff6c5d067151eb140af470835840d356aa0f435098cf6<br />8abb46429fb1ed1572a0bc6a2f25763069aadab8647c9d39fd30bf481e2664e7<br />8aec8c84d0e73ab386223486f0e4042ba276219245e26b6d97e304274a7ddaf8<br />8b3e879cf5e73bb7e92607fa85179ddd323cc37d53147f327846ffd8d9dc463e<br />8b59aad208b65a88209728b10ef20f2e900cc065e27a0bd33a1d5ac1a75e9318<br />8c20ab97c7c4b5464c1bcf26ca89952cd67011e5326b24f031fb315866a17114<br />8d6f0f0577d4804390a5bd0ac7ad58d7209fc3257565fc223d0e9ee34b656e92<br />8d705ef656fdc5f631ccb06679d2e611d8b308a6d4f204996b12ef44736e78fe<br />8de103bbbcbe317697d0ab42233768d5a7d3ad864ac9a71e1288fa773be2c8ab<br />8e27053ca26f346b6f941250aadbb834ee90cd2e928fc51ab39732b17230e987<br />8e7c488413455be21fd50ab221ebff606bf9000593e8bd6db5be6dd3425396fd<br />8e8b6f1aa61bcc19f99d66294fe82366bc6f20dd01a88adeaf9b032bedae8eb9<br />8eb51f515337253e1d329853018224719b1d7102d7f74914b596b6098e541bfe<br />8f288574f490bef62db891ca48e3fa4be42311562a6cc7d16577c845dc76bf24<br />8fae14325cb26269cca93ed399f6fa5295f97b97b4edc4a4905f16fef6d18dca<br />8fcb1f8591d4a67f03e69acbeb81f096988da553f4041930b21e25fbce1df16a<br />8fd5de7479fcca96272a9cdf2e9793540b32dd6fba1f13d2ed7c4310b20aebed<br />8fe55b47f67c704b78a48fcd8a32b8bfdf165d4a951b19ea41da0e19fe540776<br />910d03d7237ccb4eea67cfdb4ee8d31dc32f8ace09bd39e202cde4bc9938df2c<br />9128f06e2e0630d07ca32e2d794d69e71c3d1b6dafb119725139aa11de7b423b<br />913b90d31924349826fe105b2147274289d2f98d003c6d9f781135fc5be5ae24<br />919b6973e643f65a8fe0298ec73ab87f980f2405e454e9bf1bee0544ff0a229b<br />91d5659cb532b764a912c866c451dbfac8b4007b3be2c3575f9803ed9126b607<br />92062ace4fa1b10b954cb33eedf80153841736539bbd790daead136cbf3c1845<br />922593c5c16ab4cadf4407d3310a25171de66aeac952fc78ed5307d5d9ae22e6<br />926033255e21c98ce6648bed69c27ad20b3561ab73f9d186323d709abbf83465<br />92c9462a53e5b41f227dd71063611af11bda33f9ee4282d930598857127352a9<br />92c9ec7e95a49e336dba2d5868a8ee2f701904d6c7cd1f25daae94d3c13e081d<br />92d4e3d0fce1204968427970fbce829dcf4f4252c7544648bcbfb3fe6a70c1ec<br />92d560f915567695cae2c77c9eac4668b3f916aff3bf715a328a18932b2e1571<br />92fe74beca646a2708cdb78cf5eff77a5b1eaf10be765ee011c1e9578626949d<br />9318b77c538c393287ac98bdcd4b2a7fc98c6bb983fd0d2bf2dc18b917a2f7ad<br />9323be1c16aa05f16523b2bd7762ea7d809e54341704793bb6fa74a2f1c7fcb0<br />9337e6c54a5dd92bcdd144f2ba8758eeebdf3850ef421ee60658131121231d18<br />934e0582871c8bf07b317f795ab70e6f9cb60ab922d202dbdb912133224faaeb<br />93564fa9d7b648da2162787b129993d717f9116e0a0dbc219cc54b1351f02880<br />93704efee3081e449c390f970157716c0074ddb01f26ba9630de38fb515b0992<br />940d35189e651a9a9da7c5cc716242ecfa4a3f6d8d8e7a3d1b3dde3efe148c52<br />9469ed869ed074e6a39c04f2dff007eb4b7e26ee84920e8ebcdaf282a6b8a4c4<br />947f833297620be2b1fc998bb37fa1fe42917b18b62976a21cb2a9039793b89e<br />94d6de8de6425b843c5e90b6e889570d8ffc06cda8d4070c5783ee40ebb143b1<br />95308fa2905d7d2e77749f8181e062ccdf0b330e2e26006f3a1820dc0b7e6f7d<br />9575f8099ef0349b48ce3f3c08384cefada13a04c132a62548b9580dd1eea480<br />9595db846709dfca2263b1f6bbadb89c0528c46f4bceae593e4b634827fd90a6<br />95b79672f3c5603517d9f83864acde7b25b72053b2f57ce18f4bf22bdfa1c50e<br />95ed8eaa9d8b6e037ecf7222e8d3d78c8a3af5b1e18a5dd25d71b277677411f1<br />966aec4c6cf60d5fab328b1d4aff706d6919e5848fcb494c84ea7a02050be0b2<br />96a235cc4d2aac5b69754161bb045587725cb6f7272fd091eb747693fcdd09e2<br />96d05d681da6bd2ede99b8b6daf85a8986a9f44228a1f5cdc80d55dee2f9e2fe<br />9755565a5bbb9a82a38edde926e8154f4f97b4503961a2300366152b0096ab79<br />977e3e0f6146ac00eaeee278f4ec82cd201a57c004b9b8228c536e6048622fc4<br />97b78e75e2b01f2669da82d341f867ecfa27ed4089c653d23508e8ec8951c867<br />98720bebaace5d7f781030fcc9cc804ea3bcacc4b3731c12eaa6b8e528113cee<br />98a2474881f43e52cee3ddd24576983f66709364ad8cd32069211507c55c1744<br />98b5d3747f31ef1eb805b805daad85452ce47ba26df9aae90527eb62f5b0ba3a<br />98d8e8c18d08012109db77337584239de1463b1f8f7bfb185fbad0dae81f39e9<br />99196d123d537a01aa2dce449fe8fc518c34548b1558fbe3ffa24be3b33a8432<br />9923f6e51ebb4e1e5cc03b686b4ad622377a030dbc9e8f644617b6adfd4e4cfc<br />99e9bdb0bc9f2a9daa40145527f950a17b556f8515b1c28741e033c426781425<br />99f9a97f1acf64b469df736f0d3bfb31b9f40cac8fb79960aba437cc0675f838<br />9a1e395aaf82e081a123df444cb001663f6d32db8446e1d2531519cdc956f5a2<br />9a50d7bd2fa67b5a365416ad2870130b38df6dbd6cb02dd86bb230db0521267f<br />9a6f269493f8ccac7af82206a116c60a4fac49706faaf5e77463899c7c1c266c<br />9ad55cdb57db6c01c929b9b5fc709232960ceb989f1558442c94328a33408ba7<br />9c14c8142a3c7a4910aa4d751f8a0eecaef2742353c877b8edf99e898d4af743<br />9c238b76c05696692575cb0890cf7ed48a7c64372b868375ba1bec3ea6aed5c5<br />9c34f46172cfb2d15ba3e14686282129cc9884cd0f6fc8550a04a602e8c29a0d<br />9c3a66f2c85822e1996e637841eb246c4be1eca008765dcbd54c731eb8fe22ef<br />9c7c05b2bdb94db85ef96c15159a62e6d9666ca26f8316f412c3eae0aec21002<br />9c82ed321ad8708468ec3e8edf2ceeb346fe26a6d96bd97298adf799cd4bdda2<br />9c8cef079e25171207cffd041166053169a5f5e9971415f6522bc69fa9081e64<br />9cd02292b71b3174981f2ee453d0eb46659e7c3300c66501af508b9d1e879214<br />9cea1dc278a702acad49abdaf85b6307eb8eef8404fa27217397b01c71131960<br />9d1008ea842361a2c3844cb95a37af4ae7de5a5299c003bb08e35bbc2cb6702f<br />9d2e76b0fe1e290e9e466a170a90187e0ab6c901d522915d4dadcd69883a84d3<br />9d914d89d20616333df20073ed1a639bbd8898ca3303e737745d047dd398b45a<br />9e0a20549012c55cb64cbaf9a17fc4bde1ed7915086f4a7ed9a26213ba62847d<br />9e484aa1b3919ad4e9e185d97fbb5ca942772adda89a90575ed3b50b8431d3d3<br />9e55b71343c4a35a6287f36348728637701a34205249379d81c0b213c947fcf3<br />9f59e06b84a0deb55e579f5c5f5b61344b3c0db336f6470d26109e0618a01d79<br />9fb33e73c96e4f567eabb64d2253c9eceab08a1ef06daa70c3272d88ee1dc098<br />9ff2faf9e9037125c53ae95394c514d2ff9e24d82813f75a90771bfe695a73c8<br />a0782e1c3f82993e2b4742ce4c519722eb8e021cfee1834a7f20dc4185500de4<br />a0cebe09dc8fcdf64653ec6ccc3f06f552c74eb7488dcfcdd8ac6582f7ecc1a3<br />a0f5637e809d137fe1add62b316c845ecd1399fe24631c07394f9b7202e7c374<br />a11fecfedba413e8aa584c1d7bc00e4b3fbbe421980fad563cdc96936369d85b<br />a1958d254027a9b9f617fdbe3e291ddf3bb871e869c6a289dfa2ef1216000f95<br />a19c1632729130bac678641cfc2864e85650e0b661c39583575c6781fb5a7a9f<br />a286fe74d9bcf4dab28a3d6a53515c222c543621bad414dd1be0c16fa2cedc7c<br />a2c3f6350672808c22e23a9bc210218f9e12a61bb0f08087ea10a69b54383c3b<br />a32321f07d9c6f8aa6380035a813d5bea4464dfc1a0e076d230cdea5bf191136<br />a376c41e9468e52c3f6297d2174add14680e5b56ba95aad9307401c8e834287a<br />a37d926cbe660181a0d1f8b404bdf673de5df3c493af6e19babede429f2c715a<br />a3c4161a89fa93bdcb2dbef97582a89af01e7fcbe9f8de8e2fcc6e1316b0c6c5<br />a40dab8f410b855142bc361903cde99e54868f858a3f829d6812a2c471128451<br />a4559e3e402ebe03880cea3f2b31b8cf2cf3062046feccdbd2ecefc5e82237f3<br />a57249e85673a334c0f91b03a89e5d9bcd076153be0f0c1a947c0d7cef2494ff<br />a5bf481beaed1981daa88a03da0cfc76a5e6d0aed80576c023b075a88d3ef119<br />a5c76f3bb972651d7feece18d9403545cc0bc909ce77516e5cbaccdff0854db3<br />a5e59dd125eeb8e3aeddf299c081867c1063ee34e66d4d0fc3bff2624cde0cbb<br />a5f9cfb6917d4ec1a701ed48764d8d56ef844c2abfc0b9ecaf3e6c8aa2b9b5a8<br />a65392a542b233ffd3f43108a696f99bc4191a224ce27debce3ad05478ad8432<br />a6af612e719336db7eae8e1b2f019f803b74e3ae6812c62ed6739a022a057602<br />a6bf75d5cca8187a0138c1e9ed092e28cab3ed428fd62b3dd067c70137e388cc<br />a7e869bfa5c0d43f6c46d37d37ffd823a1ca4d691bb7a64c72188e9565417b02<br />a7ec1fa956abb35a21c2008d774e00fc61a128d6a141d7bcb0541ff110d6324f<br />a91b9a290d6159518e423a583c9efa5f8c059c73463d1c874efd75ff8491091b<br />a99278a5e014a8524c09d78dbf8b12512bf17d759a1e37ec74e4403241e78bfa<br />a9acac9bba469c17e12d5aa668cfcfab99903635e7af70b41a544e621945ec03<br />aad8d4c98bac4a22569298e6afa58857ca7c0b393cec2368561a159ae1a09751<br />ab55c7863ba63c7b2d313ce13b0e10dd59ec702995cc82a4b200661a93f1433a<br />ab5efe1a32dfa5f8e57c4565c5ab1a8a7372475fe6d3aa85d111d5f2b8ea33ac<br />acad81f7330deee079c22885c105fc126796cb171f3297c6d2e9f0480d00e627<br />acb4249b15ab1e96be873e02f665362824803436b047dbfcdb1a0f48a2303900<br />ad193f9ba775850945428ce77b04e88f1afbdd9069d03a02914a27fbb49d8ffe<br />ad77bed985cb4bfcfcd72811d132c3f41902063c9f5b2f0de27b8a54eeda44ad<br />ad805de893ad6772972c40323cfd03399ddb7e474e03c26722a62222b2bbb84a<br />ad95e7d663acd5ce9856c9d6f00c1b199f42a307ee089b216f118e1c83bd17b2<br />ae0ff6079725a0fbab174963de5f3feef838944d8adad85138e5176848832603<br />ae457584d01656518c21281eb6651d8225c486673c2e862cb4bc92f7add88596<br />ae4ed61df314e5762a5921200b79f4fe0c1008b124aeb1aca718cdb46367bc97<br />ae7187fe51f90a47ed82d96c8a919fc74d3220965108084de8656a6eb4bf03bc<br />aefe67e1b8083c45da3f187b0c6d16f3bb37a1a44a4d417fcefd7103d4ef6d24<br />af32ffb269c4c560c3bf4e6659676b6c8b84f902ffe9de1871a92cc9093f5796<br />af490a1f43031e3fdc39d8437a8b7bb1bb2c145d406354a2b00343d473bd500a<br />af55bc2fcfecf897af87ed655561f3b58a0e11f5f27ad0f651ca96dda7d66846<br />af6830b0c675a6b42787f3b784bf09b697cc9b91a7379a8bac0f857f6c2195b7<br />afb9c4e6789622918dd7aa060eb7123ee0e02b6c4e054285e6284b7fc42489a4<br />afc3d6d4287c40918c833f38cf1a97ed92e1ca805cae4312ea23940331b92857<br />affdbc560e8a9b853a931ac51f18cff15d25a7de26b154df2978ab25880385de<br />b0071a7e73782025dd10b0bda6bbbd0778b0c9c2b511c3a7c3c9d1a9afbae307<br />b06d026cf319a3a17f9452425b05f10d7fb27ad381eadc4a82eeb3ebdb03fada<br />b074439475a2c26365f164c6201e50f631195333992ff78507c14f35b7691e33<br />b09a142e098e2259bfca0e734f308517b6fa3418a18c3c12b00ddc5916c48476<br />b10a93dacab87468935bdf119d1d9385f518b55e5b5f04cd5e66e47247499523<br />b19eda4880e3fb894c50fedcc42a184bec0662c1564ff6708630926cf2683ba2<br />b2501ab44626bf8551f3b9b91341c870e1bc8c21c74c7469fa6a6c125ce1d4e9<br />b299cd1cf9175903fe22cd6f40446a5f1437baffb9ee4b03387d780cff341cf6<br />b311510a607253aa5823c9bd0569e41b8b0d25126ea06f5fb8e9f587f8f5a396<br />b3b28cdd733df640697784cf7c4716c3a92a4c978e902f9245f744bb752331bf<br />b42275350982a0dea69bb0a086910f30bd5bb4931812c7b8d99b09a90d23a7f6<br />b43fe1d7ee03102a5eed9a4a909ececf481c8f2402c88e7f9f2b54abd601c2ba<br />b462c09db343ddf3b8bbc4efe20d40e69e3dadfda5c8434e7d702b8102c5f61e<br />b488692d688b0e25914878bc5628569b2181281cf88f8d1dff4986f0fd865b9f<br />b4aef450646e3324c46c57eb7715393503a1888a5ec2bc114c88cd70e5fd5c7d<br />b4d4a44515b41685fb82ee868f056a50fe162a0b20351792dcb13645bf2429b7<br />b4f13f51b9c579fffba5cf094dd24a738cb0a45a6a373bba8e829c40960cebe5<br />b4f77ab249594c3cd2d457bf309fe873a78495fa60d7236fcec6540791908cd2<br />b514c3ea4b198f8c556001e8c651560365600ef454fa0e6a3c2c7fd29e50d5a7<br />b52b15728708f74db75235362d6f4202a94c36d3cf1b2aba8f90975e7b8f88e8<br />b5379bd66b57bf866a3c37840f96de2394bd989f38dc379a7732d86e68b18a12<br />b55f7069a86fb5d521838ffa420980cb308d02382c05f5e1a6141ee72a536d0c<br />b628bbf04aebc82131eacb3db734aa45357a1c8ddadff1431680f498524ace5a<br />b6ee0f6ceaa65f79765dcf50886432b8e9a35aab79e42d2a7bd98076c328841c<br />b7539059780494729dba0a482ab6a6ace26bacdd5d42e0040bd75656159221d5<br />b77bec2f73718d74ce72975e1abb30aeedcf0df6d44d4a313d5c1cd8236aa114<br />b7cbd8e58a86b11b62be76d23725eecae4592e26f3f8de061ffb887a7be409f5<br />b892ab8bb4b972721f491945dc8f736d258a916ff417e278c49ebb571b1be1aa<br />b8a3dc7b85afcc25933fdc7e5ccb7eed3d10603f450cf380bad12fd4030620b5<br />b8bca7bfe02246fb9d640025e0d26d5a93a7521c8651fcd0d64697afab25f181<br />b97464ddd8d2ae7c256eb7f5668cdfb4afad0fadccf5782963f13afa2b6919dd<br />b9a3cee6a188bd18274e990d781815faf127625746f0d05b1bb5aec5dcc1b99c<br />b9a7bfbe1f47118d823eb58ef76c676234a19071801aeb43ad485dbf867f5be3<br />b9b434de7d445a1a1b6b65e3adf5edb8c90b28263bbfbc5cc5d83c8e563d07f2<br />b9d1eeded27b2b563deaf7368cfc26f388bc865f19e598dacf2f8b184dd320aa<br />b9dd5659735544f78ae84c261d627d75713af337888c3e49ee16ff88804feb3a<br />b9f61f31476c2793a6f5e0d47f79addce524e3524d3853a6c0a242968d1792fd<br />ba8e40cf6401e55258c630ebfdbf1759fea0445de82cf657230484b76442c907<br />bac7435aa96affd30c4664f5b3736dac7db462ba81cc8606f9f5e2abef3c1fdd<br />bae8dc7cbf57a2606e5ac1701fd33bd3a4ab3a82b57348cff450cfff252f972e<br />bb3e2b84af53863674c7776086ee41053375d35bba9ae14dbb36de1b356b3682<br />bb669ad7c878aa05397a5f1ee46dbf9626474fa3ca83c30ba837155d9719c4c0<br />bb66f594b52b79f7d37e49db6aa154089d934888b04acc9d02b1c143c9f190f8<br />bb7cb890db76ab4f22b8156304de6bb0273b4b5783383c00dbadea9772973e33<br />bba62c5d0522d4423923b06f8dcb525f429b8c0fabbb20f2de2ac552781169cc<br />bbff93b8d1d4334d15202b8c6b471e18234a3b6c4fa06222c1544cbf82db9599<br />bc04b23761eae98bd13b5c17e00081a597522c1f39495133639810209c1a682f<br />bc52b36da279fc3f89a385a2cce4402c7f599f074a9c09f3e57c363c1f98908b<br />bdb48cea620e8768391b78389b8d805faad01e76da6c5dca8f030fd4f65b70bc<br />bdd92b04c5ffc6f480e6bc289ce6bb6ad2678572b90232df32d1670ca8921611<br />be18d86e335e3d2f31bf0554d80fadad53fb9c7061f5f0b643973e4411a593d7<br />be30fe55bc91c4b274ab336f9a90968bc521bba3f991c5a4b64eef7b1eb75325<br />bf5d6ee652d0616ca88d99949d4892d4ae75b19d7ddfdbceb489065322e0686e<br />bf64d10811df1cc5bad8b44604326ddd7233d94496b983dd6758d3d91c43dac7<br />bf8cb4a9656317ee407d600ebf8bd30180c46c7554a8189a3d1b142fcfcf52f7<br />bfe42b3e4628d1a2f67671c1914008fb2ab8f1a5bda86a57e01f3520abceabdf<br />c03097c5c348df4ec4bdde6e7b7d3f432b7fe5b2fe52cfa00f49500cc6ac18d5<br />c06550108fc4ce037df252234b86822512c4806e0319a262a50ad4a836395c1b<br />c06a5c9a595e7f222fec81c955ecce4aa7536f4c760a6e742980732978fb500c<br />c0f88c090df37d3761c16a320d4e52ef0104f1ae84a1299e8e968a1d949e66e4<br />c124ae917988d1d35316402b8b2f1e5c2a6cf2e73969f72e82b58d9def5170ca<br />c1812a3e14df7e16b1cb5781e42f4333aa023a1a8b357ebe64501cea135c33d9<br />c1f090ff1ee3d13b8fdff63b1a8d5c42b40840f9b73f1faca0351f9303c06bb5<br />c28c1b7a448f2f944c8d00febd5bd589dc4ab787578e54b1ac5d00cf7a537124<br />c2e269c8527f4f79cbd5fe165f4b7ef90db0c7acf012ab9ead56e69ef573199c<br />c2e4e8750e786d99413a56417e7beb2141cdc1da7aeca37dbfa5a48876edeeb6<br />c39441ae9ce8dcfac42716b6f954dedb073a7c438b23f52243dd0a586edd208f<br />c39efbdcb145fb83bf532d16e0d96e78c4a7d786f079940379be4b160b2f98d7<br />c3a412480b6b06311b37bafe6cdf69f1a14429987845dd091baa7181637c7a93<br />c3c201d88eb95812d65095dfe0e7bf985d6bd65ebe0d37fe3cea5547660a939d<br />c4623f721ff73b72799b1c2f78ab6f4ce777448ce5ff698fcbe3a56b0cd4a1c3<br />c468c8ec17f11c763f78e53a6392c78d5c1c20920a58f5d37359ddeb2b1ffb87<br />c4f565e1c2899aa93e5710326098a9ce6668e79eb581344f973130b8954d0fc3<br />c53f3e74a2999ebd82722557a9345f64645bffe83f0705c666bc16a5195ed34c<br />c59e6b32212866039418ff58c6b7a4b5a977cfc8be7fef762a1cdbfb6a539dbf<br />c6040569745b9ae2205e745813fb0543c4145f263568cd8c1c48705be7d49387<br />c620657d814b927ef4cc71ce04428464125beb1b690d9bc0a731b156b8981fea<br />c63dc384336295b8b543ac7fd3bff1d0a6bc87c424870afbbf78c38eee4a0561<br />c65ad0ffc49026c1f61f05e760751ea7a128f00aae8cfc850ae977d01766509d<br />c65b2c54ca269e08cf7f637d6cae7bacbcf6c6db545963f67bf15d4a0f83af52<br />c6943327e178b4351f2df7f20e4baa91121c125bc6899d183f3e63ee298e1374<br />c699a79bec1843b99321d125a7debe2607630de4e4484c1ce6828bbc1e533ebd<br />c6df9efda3d51be96e656c47d84f0a6d601afb516c3299000df0f02c704ceb6f<br />c6dfe4c74954ed0b416ad081348423a0a4c268ffa6399fc6d0e16eabff990242<br />c776e57a576911fe117847df29acf821ab47736860b96fb13a0f5a644d9136ae<br />c79f3108594232fef0f8a93daf8632b1c90c164c61d9b35c81a9bc147750e1cd<br />c7bbf83a72b33cc5bed14cb04bfc054649c51e63748c2ff35bea7ac0c42e6055<br />c7e6ee24d5f311600f5800ca0c46e8f72d4c3d96b899ab8f42c58cace6a3b760<br />c80b31ac260fc01e3faf905091592526eec9c04dda612e91b8b21f24425785b2<br />c8137bf8706f6c541d73847c337f2a3b8e39684c01f1ccfa618e461bc72e9437<br />c828ee724a01ce9d552eb530211a3987ac41169808417cb34a974b2944359037<br />c8664488d299177c7f23808d85c0b9b3efcd2047055cefb4860cb6cded131a47<br />c892d46ce16653f01879666d1187088dd7482985b46dcb3314eaae5b18151a29<br />c8a3dd8320fff8b95ed98f7464a9063836e4461bf6266a76a57c80a78ef63623<br />c8c004223663cd262b47050249208b7a83c6a8682d4246ada308ac96f19eba4c<br />c8c2ba3bb1cd7b81653b48ebc09780aa29e68b765b23c8f58f73b65bed0cd09b<br />c90c4aae10ded9d9fc86f051f752c5495f240615dfefb217e50672242190be04<br />cab2e4cd1f74785d5636699912b9422b0d4e051e8b3d100f6df76e6947eee76f<br />cad4cc81e2ac331be9826679db3b9f4edb79854dd92d52ab382e2c54793b3635<br />cb3599042ca25a9657925286e473fe3c99ddbe0757d5035bc42dcaac29cc9211<br />cb5ead65f68cbceeaf0321972b59c3a960519902c552a26fa271816f74697749<br />cb5f37e2209cdb0b8feedca4b41c6b324b81e397c022596d4703aaf2372da3d4<br />cb6c25e7c3e251b28bf825138e11bec6218205ed490dde95292b58b23bd8c6c3<br />cbd8a27aea8c1429816fb175ffaff1fcf165798cc25300779007df415ab1d377<br />cbff574892265487a920084ebdd0d18be7f19f10438d131bb72d1f183a3104bf<br />cc4c6ceac6b911770a0c1169d23aaf5b042466bb5c6feb2bf10993a1697c851a<br />cc52fbc90549f1fbda7ddb0997610d8ba41c3b5af37288d859dcb8911fc8b19f<br />cc53af733bcbb2bbccb7a0b7c16de37871ef5ffc17a6eda75f79ad1fe63e47dc<br />cc96add105cfd0887bbda4e8a287b9f4711c52bbca6327e78a6185b9e88748d1<br />ccf2de6f0a5e9b9b6c97df32d0a6a49e4547e56b4743fa8c36d6168044ec58f6<br />cd07272cdc4b43d8462ad1c69baa983352d8e65d4c9016a1d1ea842544b8db21<br />cdbd275fe771d4e2678f72672ad939889f49a7307a049a9b1cdedf4a8cd7250a<br />ce41ee175a770d547a8fc8d5b623c977477a9ae438f5e65e8c09093727264a29<br />ce5bc4716502e6937f0f95bd7cfa481c66a694b2fb1fde0a882fd4272508db53<br />ceaa8a681d01e10b2b0f711d6db98587006bddfc99275345fa52e8fc1e5dc85d<br />ced5af601a8fc23b7e36136818e55af575a165423280ca5db1d4fdbcbd5d270d<br />cf00de733902a722a22a66be785293b20c3518b1ef88cc180985fde21cc5560c<br />cfaafb9afcbaaf5f77b41a0c0246855e41742feb1fe22a26342d896176d9ae47<br />cfc6081cec8f2e01997a827011505e13ba62fda0b3a82ad5f5b40dd02c42b53f<br />cfd862a207315e58713b6f47d499b8b4de0d54ce4c054563a8c0245cae6427c0<br />d0c0786684c34c6f0a6899ce97298352ff6c216f01b778bb963cd1ef34276e0c<br />d0ef689d84d5c51d5641227b56d09278bbb50b7dd9d65abbaf9344b5ef325792<br />d11f73db6fc346b1b2ae37412b9434eae9729f0d93d9d98f4f565263d59c48f9<br />d152f0c2536f6a681746b9dc4be6f154bba4a98d10249a304f430345be227b09<br />d1594f5051fc52b4652a9bcc8ace6ef1140a6e1d2b2a42b25bf606196bfbb3dd<br />d18833d4673821bd2dbc9e7ed273f9ddc2f13300bea217256c217fd06d7918f9<br />d1c018025d9785afb2f9541644c63449552808e8c2f45300f89a484e04602623<br />d1f73c6e5c6a2813510214d884bd709bfeafadea49a7510fce9108678038c298<br />d23449012574d957dc5fe5daf65ba5d576f355e476557418f9fa94b42d4258f1<br />d27d773cff2b12caa61a625d801e86217d34721e994f8780491f7b76650cf2b7<br />d2eabd4459c16bf695a0ba1b3ce466effbeba055a16935f5bd9d21891e0b1ede<br />d3b490cf5e87f08a5d53d52ec38c378dff1c692069918f5440ed39543fdb723f<br />d3fb9ed50e75cb87dae30ded29065e0c3763764e5608e8b533086d35416c218f<br />d46dc8c840da3638d01e2c3bbe65f199683d2c498afe6ce10665a7362891cd8d<br />d5016da488343e971a6177322a4f5a9c3708f40fdc11b7cacc6cb374776fe85b<br />d5236793607b94f07d320050d9de04e8f26476388962e439966a46c83053f17e<br />d544488ed87fb1407b7967a26871ffc9f9c4e3485017f3dfd8c074dc4b55d4cd<br />d6208830748bd2000c61542293e19d22fe5bdd8e2b1127e2cdc3892049e9f48d<br />d636f5adc0221ebc95b3b91f59b5408b96edddaea332dd95ddcc9282972e7b88<br />d65292d9d6186788beefd72d1dd15061c65978af5dc4570f4238c2e771e334ad<br />d67d93ba20d06a160d8d7d11195ae2ecfcc555c6967e7ad621f01e800eb9fe27<br />d7022c48210ecd0cf713b4bab5101be4a1f9428591b557cc476e3a93450e818e<br />d71bcc5ad9a500e5710c4c70626b6e2ee811c0c50faaa70c6e1072472a96a6a9<br />d72fe01a0fa3a86e9e3a062c2910b6473aa98df709c7bffd3ec46b8295fe22d8<br />d7f796e60cc4683876d4ff24b4854255a9cb1658c9548749d6f2428eb4baba33<br />d8014e5159e726524e080fa747a69b3961b3042b36fcff5d327aa3233e3d3c1e<br />d835c95ea02a5a0890a34bb6814053fc09b98f7277fc9246e5f8f155fe962050<br />d8461343ea515e279f27fda8f182733fec45e2de4bf1be6949190b2168b29388<br />d8b1d58ba6b614c3c38ffb12299ed917cd2ced49317cc9ae9dbb30263140cb01<br />d8f58ca1839ef2e0c26289d7a1fd7d9e3ea041c8a2004db38283faf5ae8f75b3<br />d91d3ca9c9504620a81d01ae1f132d502b8100b82c17dc64dcc7aa7aee875221<br />d9b2d62a13b0b7a7d67ad9504810fb62bf508ff2441a9e333bbcb87807e8645c<br />d9bb75d294e9a9abd2151ad8d30b7cce3a436f30fc8c82c7121d9ddf4db48684<br />da0af3aac4d021c25c98207ba2bc3143932b20ce92430330934d650f49d6b15d<br />da574101654dfb0a1786ca0c1b47b3e0c9f30c5b46b48511058519248ff0531f<br />da9335bdf1e3c0d6a9de08bef6d8077cc2d9b10a43dc054b7e248cc99c99abd1<br />da9ddd14435fed40e5c0ba5857cf3d1542d38c02c5c2700bb66cb55c4843bb5b<br />dabeff3875119f5e5f047f7f4cc5be6594c44a0723ee408d456c91a519931d3c<br />daf9a1fcb404a042aa05433d4e0c7f4bf30a0a9db12044136bea235c7e4fcf3e<br />db506ab30fc9a9df917e5b58340e30b7791e7e6974a70b5b46558f0950ea6500<br />db6a56d6d2a80e2d09039a73bc879795818a2a5a44fb90c4bce65008d236fdd6<br />dc3becaef3d9d6f15b9f0704e863c1a8c536362cc9b3319577376e9213e63db8<br />dc655a64ab2feef1eec518d37bf9652e9d2996e0208f6574cff05c7ebadd2ee9<br />dcaee8b8517d9c93966767936df71cd31508290cecffad887e7a6e88d6d4d234<br />dcb3479f2c11ad1c08419a9385cf3f94491c0b9fb8ae495857b2347d682a6c23<br />dcca1a9f6679089822ba70e6b052a69b9eb3fcc91af2b98f5e08f1caf5f126b6<br />dd690bda3eb45f80aa108b3070038ece2a2041890b7fcb12133b19f276c8636f<br />ddc1d031f7076b10b1b803b4f7bf1abd8bb0f324b5c1ed9473c56a34548ab27c<br />deab2ec74a4af99ce572a3bd073e0df5c9f7113dd3da2842b05d58c4605f4f9e<br />df041141f36a3597b19cd9d32c99f6c87d94c921d668023c583f4cc7f3f1a44d<br />df2209826c834506c543e3437fc6265463a5bc4ebc51600bfaf0e365175e0a53<br />df289d8d9a2298f4fb947a53f0e0fc1fe4f0dfefb13258ac792ef92322e4383a<br />df45413bccdd56a9f82ec4d888d66a57b03155099ed2629ec68654b26f8b2a07<br />df794a97ad140587e8f5d13d666e917e0de19c65f2ba9ac140a0df44bf1fad81<br />dfd30d2ad191338f57953a9be714d01797424c881e625d6d52aee5d2de3a54fa<br />e013c067cfe91f441ca485aecc3652806263e79035ea1f12536b560b3c5032bc<br />e046779f11c54e8785722c5650954ec1f1bdfc24f8478e29f4cbc509c96c746d<br />e06b0f5da9610c7491f64fe2b9a00c11a017312224b3e213d11fa6ccc823c635<br />e07aa40532632d78d78ba2e89c51162bebfce7aeffae98f217b9f20f19e83f00<br />e0a0f35342e6c5801369c031fdff52eb95dcca19b80d968c85dd18a5587c8f66<br />e0d8fc32126b2667ad1ae65e16724c42f4203f9079b76a17ba7571b9ea462012<br />e0e0751b00362e3604cb5efb8531f8b4f70daf8040c9cd5376c8e7e1a52f4171<br />e13f5e22db056809fc27e5b09b3a23252d9190553207044c7c10495e7ff7e338<br />e15c479c4d01af8b537bc1308aa2b671003d9654cc2c85d84b42bacbd63f5a47<br />e1acd4b37ad78a373fa2245ea64cea68667a1cd3124ca836371c3dc1dec075e6<br />e1b372c021a2feec164ec5cb53689d1efad6bd09ba9bc9795b0d9a21769c8c60<br />e21cb5553b7a838ee6d4c55beacde3443a9cd5061fa8c4772ccf41fd45e9ed44<br />e2795259909f16ade4cdae2a17d37f462ec50a773b7e61ace4cf270c68e705ee<br />e36d1c0a57bb621c6f6055d90f0438fe917c357f7a160d8beab0af8a4148c025<br />e402c62ee86586de3d9c7c7d10157bd87e5a777e6f41f210b772a9c657ce5fa7<br />e44361646c594bba1fe91c51a14512886e449750d72f1b33c75720861136b8df<br />e47feaceca80cdabff6fa4cbfcc5f96d64b530491acb5952025a2bf76b835d7e<br />e4d55a9d6a4f613291827c487ed9874ac962fe06efe82bd3163054804715b70e<br />e527b0672f9e13ed40e4210441ad05d3b9da262f2945447445499fcb8f608c26<br />e53f61abe3f38089be81c4721351492536aee246a74ce6d199833e205813e61b<br />e584fdff1b37aeb6ba3feb62ed9d058b502146e3eea6e53a86e51878fb4f8f82<br />e6332170122616746e0731406498134302318ada066b22ad8cbf64da98fe17fe<br />e652fa7696b68645118f8f91b05428fea41b3f097edc5903d96e4b0caa956583<br />e6eef815a8562d3851b853329b2e6c94151e8c91cbdcd580050493719e68d1b1<br />e79432801ed189d022e4adbcda8101acb51e82bb9bb8881300e1711c4134df06<br />e796a3546ef1d5792468700e79b6053117da69f954c8bd314016f470b4ae4fdb<br />e7c130fdd8b854b459421c15a02aa1065b172bec6c07428db87b971d69c3c243<br />e820271a235a15b439a06fdbed705bbfabb8655519f4ab6fd28d3698a789edf0<br />e8726efc496cd84cf1c13f474f7c98a38bc731b041de6c5efcb0d1294515751c<br />e8de1073a81a5869cac5bb86fa5d967090364f412b65955f46b4999da085c587<br />e907e32a434083dcd4a057ec9641d630605cafcb8dc2ae457c5c70d3fda2ff33<br />e94c3cd1069085b457f9ace8dca42bf6e3389efc4293dbbed51982303662b89c<br />e954cde993355c37cff2601e7ae4a0f751dbe4bc4ea21ce9697bc531d9d42745<br />e99569f0d48988d9d2dc0a73ea61e9876e71528d0ab604afebdf93b4241ee355<br />e9990dcf9a5c9a50bd39fe016df3e30a658902193aa7be0e7987698e5feae79b<br />e9d4ca08bc505caebc44f11a5d14cd0abf05133bedc621c61d1f68fef0bc4365<br />ea3356406823793f563943d12e20a661eb05fec2f7e978af48888cca19c69c38<br />ea3a846a9b39700d4639b4a0fcc98cfe057cadd3966deb583527ab985e66c2c3<br />ea5ce47991bee29820628245d23e4e19558792ddbfd1bb0a7caaef65acd86cb4<br />ea5d039e04e4a3f2f934ee4bab950b5a919110b6e7ef99d5c0f105790d5d45e8<br />ea64967de3636c97d6e88e2b59f4229dac44fdfad9d04b04dce27b7384abaf4d<br />eab058569e06d6048bebf4a7331c6ffff9c8dce8b8549ec30e704b7132bc33c8<br />eae0f346d9bbf3d9d982a8920bc218d5a7dbc3667d381ee38c6b0f84ca99ad94<br />ebda3a1024ddb963841da090170b685250d08d14d1f8e2985dd89a02722f31e8<br />ec4d88a9c6f68b3286f32c50478ae2a30a25f091c64ff30860265fed49372ea2<br />ec9d8ba227412a6ad0d2ede5e1ebc5d249d7dabc5ed704111c54be0ff8de026a<br />ece80e23880c31d96b696fc1448c06f9887b9769f5a3a2f70dba432c6bb7cf96<br />ed15e717f7a2e84acc5e4afbc427dbe0959d57cb92d81954fe461354aeedc15c<br />ed99f1257f3c9a2bc8cbab8446878350ab225091270832ca400262ef6255dabb<br />edb08c09f2bdf1ccd085f049b2f86c17cc6067d6e45452d0b10cfa281d1bc2a9<br />ede9dcb9fe215776ae41399178b570a12dfabff84a08fc0d6b5e19a23b7fb09e<br />ee3ddf9b65eb3b78f16537c9e21bbeccf128d1499a3aa0813d0ef1b03ebaed84<br />ee8641d9a79cdd44436f026f9f75c38d47c046c8e49d2e4b3fe96ced3fb53f93<br />ee89792dfe19f134c44077ad20ec4ada502313bbe6779fbba20b6c64171139cb<br />eec3f7c9946b625762db1f8b869f919abefeb9affbec505edd304d313422fb6a<br />ef1298422b63764a454fe3a75527df09e1b336193f2b0e9f753e551fd5ff9f5c<br />ef8d8aab9ca60b3213eedbb4407f077e2667617a745d3e57078e627182ea150f<br />efa25978768f24e2da437d25fe782a35a146ffbc1dec19a2eee175d29ec8e02e<br />efc2d357c7f19bdedaf50d4dac2abeb55f936abb1375cdb866fd0482a8fe1723<br />efc97198c8cca7e2d9735997eb0033f352e8789bb2ed53a078e7becd9aa5793d<br />f00999b96586d3658efd174b0a7a956dd13fbad9d9e0c61385c8e238d7255422<br />f0235018fe81a93c2821fb1e6e58f352cb18f7e3a1c57e5aa08ad9ddacfe4083<br />f064f0f831cf4cfeb4c4ee7eee27466a6aba150dbe0e86b6d15ef7ea4a325793<br />f06e2cc079ddc87d58a2474dc76cc5d96f2e8ade57fccf5261167bdb4ba4aa28<br />f09b850adae5c8ade179eaa4c6b448d802cbc8cd8b91e876c97b227841e4bba0<br />f0a6e403cbcf0d4c2d303c1f9e8551d9e3ffe2367b1191c9acb8971856426426<br />f0b1e32790dea5781e207d4a8e28b4adbbb2d16b6ebce9d574b62a665a5abfd9<br />f0b81c1b3fd60da0093a7d2abf9ab800cf880c6f05573bf5bfb996aeb6313b62<br />f0ccd05d0725e3c0356158b5b88100db0c423955c97d37250620671fd7e65218<br />f144a5018fb89a71472b654b06656fd7e8ecc362eeb1e8abc34be7af4f553bfa<br />f2444d22f8a5863d442bef8a9e47624ef41ae8cd1add092e1c450b3a0dfb6423<br />f24ae9664eab8bf6761fa472aaf3e01c794ea932cc95d9068d38638284bb5014<br />f25710528f68a2a84dc4dcd7eb7aaa217ec472c01bde352bff5632a502eff579<br />f3496c5f9409864297f984751f314c88c73e5698064c830b71fd70964cab940d<br />f3e7cee0411472c7fe1849cf150fbf8a8bc2bb633eedfd118cdd45ff6b343ed7<br />f4209ce5441f8cb37d9f09228c53aea29fab54429e479d14e44b28b4fc234080<br />f493a5a69ccec96d2098d2df95398f231fc75bedd5a9cb5789fdf99ffb1fc2ec<br />f4b3a57470eec03304c2c858c072ec47184eafb12513e16ba90f47253371ff31<br />f5624ff0be19d27be55ac2eadb9a29c6d03ceb1e5994a55a05113b991f33e56f<br />f5bf14c41b0eb384ed9c3c1a419210dcb2625d48554639372dde8a805351fb51<br />f5f6b397d589629b3847d0ebd98502e054d5e75104ffad2eb89d14558daa50c4<br />f5fa33df7b2f50d7844321c4da614fb4f8dce08b14b6636fdcbb3e8ea300fb9e<br />f658200e3cfc605ac308a40b065a824354e1ada518ea6d49a1238c640b60a38b<br />f67e67c268395c982c085cbc7b9c81d18740948abe99070b6718e7de17c6daea<br />f6cee3373fdee2eb82091eae12c1be7c222ea0f1d4e01ed0c53caef4bbe451b8<br />f6ec0153e0a07e009fde41a9cf48c60df37d8bfdd73f119dffaf0ba508487164<br />f6fbeaad6abaa1c07e15d1e4fecfb94d796ee25fe302964d1635885bf96a8850<br />f6fe20bf5156883574af0f0a00d34bff8d2335718bbcdb7c12d409eea02c7d4e<br />f75081b2408a0ad0000e7e661ab138e68a6634271d3b6518d8e5705ee9e8a58c<br />f7f40c4b00f860b1b54d2bbf1c845de0c25370a88428d4a3a4b47958c9ceba6c<br />f82d016c782987bdac11468783acc83b6f4b941caacc25c2d0372a6a165adeaf<br />f88df3838e5e1625961d8df72a1ef84574d944b660c5fbe80370cb4830fa0701<br />f8c3c5b1cc1dbc0f213dc580d0c96125feceaeb54cba201d4e6f2f9eb4cec6c0<br />f8cef5254d1e29dce6d01ff4c6c56cde3166cd5b20e231ee568db01fe9a2cb93<br />f8d5d5ed9b87d41fd92ef7b9b9f67c81afed12e03142654ca56459011f7ae881<br />f9017c9d63d25b19e4127931bba3a6bb585295a5300577ff744e034ade318d27<br />f90e8bb38a2077c118adfefcecb7ab8e149ed5156199336c6cf7d5bfd3feb3bd<br />f96351769cb8229ac7d837de109991c9872dba08213ca7dd9c00ebcb80e7eebc<br />f98d4c79fb5dd6e8dd9f5fbcb63ad9bb6e78c229d1f36902a872d10047c8712e<br />f9de7da959032a05cc0d1e19c3454ed80e17d95a83abbc33aa1a159f66eac8d0<br />f9e8ffc571faf578988ccbf01bc863c803f67e20fa8f015dccea4eedd811db3b<br />fa482f294a4e7a80414bcd9826614633be42f3c30b36614bcfde00533eec1c59<br />fa6adfcd29b6cabbd119679d2e662b5814328b47ef6720a543a1cce0c4ad1a16<br />fa8dbf4299f2dafe172c648d6031e6a48d90d63a5a0def8f7efa3777189ea9df<br />faa3c57fb1aa67a88859bd269c1daa301513c576eac8665aa5f157713a82387a<br />facbdc9dcbb7bad3e674ff44d7401665424429d732699d021d7b8070ae830c74<br />faeeab56ad6c9312bae5ef29f520e26a5cea2d1fbec694bb35b3945c028675ba<br />fafd3d77e954dd96d336803f97bbdf22ead27720e17806955e672d841a4a214a<br />fb433ba07db56cfe88ae89790f02d0aab39ead2078a06837dd487178ae83de8c<br />fc036a7ea3a6891c5d55ffc24f8c0921d5591112121377a1ce2aa5ff3aaa773d<br />fc14668c15268660ae8d29e33f032f99e61f30e4eb9d5a7d9b18aad10744ddcc<br />fcd241e7d989c70def5f759ddd93d439005f6937f4063d696e2c9974ff5fe8b2<br />fd02403ca6a1bf8e452f3a650a320f98517778de3aa7063aa6f76efce6b177d6<br />fd8722f6eb4c1ea80194812b24fccc4de6b4508bb225ce3c775d2bdfa1f7f522<br />fdbbf58137a68dac93de4ab8a9f7e9a73c1fde25932f6c3d25e54ae9ed86830a<br />fde4ec38571e04093b85ed93fad673bffa9e3d49c386430c4e18cfc7c0c2bd5e<br />fde859594a63cf0995740269717cb3638e2191e0699a8922ee12cc3bb5bd417e<br />fe2963b99ce99db4b39d77faf58c86d7ec220c5ae0769b3b3a5a0d4435a1d7c7<br />fe2f8cc1d59c5d56b2f7b7eab7582e27be96deedb3044fcd67d7b1f520f9bb7f<br />fe545720c25f2e96fdbe46a0433651acea4bec0fc7e8f05ebd4f7e0a0738929e<br />ffa7e0d82c26d710280e5093a537333b5e0312a4a7a27095b42b73f203efda6f<br /></div>
<br />
<br /><br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-10171865034343938342016-02-12T10:05:00.003+00:002016-02-12T10:05:49.659+00:00DVSA RECEIPT Fixed Penalty Receipt.docm macro malware.<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
DVSA RECEIPT Fixed Penalty Receipt.docm macro malware.</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
From: FPO.CC.16@vosa.gsi.gov.uk<br />Subject: DVSA RECEIPT</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><span style="font-family: "arial" , "sans-serif";">Good afternoon<br /><br />Please find attached your receipt, sent as requested.<br /><br />Kind regards<br /><br />(See attached file)<br /><br />Fixed Penalty Office<br />Driver and Vehicle Standards Agency | The Ellipse, Padley Road, Swansea,<br />SA1 8AN<br />Phone: 0300 123 9000<br /><br /><br /><br />Find out more about government services at www.gov.uk/dvsa<br /></span></td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
Fixed Penalty Receipt.docm</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
0dda0877471ac5db18ae6fd73bb18631217c3523a62ac98014dbd0327b7fde4c [1]<br />0e19094349ff5f62edd75ada9d525c93290df664ca83bd48778785f37f8a9bf2<br />13a647063abc0c96c6b40e8f5908bd68bc83140cf5834da1dc1dc08f1ab6c179<br />198e1e93db960ead8919591dd346b92329643033bd4d08d850c8ee2516797d34<br />1e9dbbcfa9635fe25249ade71617cd0e58d48e9ba077550825506a8e47443253<br />29db94d7bdce786d56276a53769a216160e8cd715c1149b5932c65a0f66e512a<br />4bed42a911d4c2cdf889aa4653535d961ecd9c91489854b80398a4bf183b48a9<br />530874814a36ce7eb97f8f20fdcfa8a9b88611357fc8a331b9043ef15673da10<br />7fcfe1db01f0142c7ed7ce1438f7d7fe923e4372ede59cc392afb8fa95da27cf<br />9e3c66e66fd25be87d8bb5b1d0402061ea54a1326c75c33063c3a6cea7647ddf<br />9e8eda43c5b6c982f34460785ada9dd68b6119b27a9a625853e5a6f6648cc28b<br />a9298f6796324ffca68054d10ca4ae40c2244a5850a8067263852dbd5a1db63c<br />b5d88b0f4de6967db60ac0eb5c9efa9d50541d0d4dd4c20ee154138b17bbece2<br />c97fd5433505bee10fc45f6db21e5034555d981d4f5e5c6b11375bab918f8e51<br />d1800389fe499a5ebdb6d908e707d17a2ded727c3923bc41395f194cfe218d45<br />f4a903126a77f816f2081a5dfb1ff550b5c5ea28a15e36a46eb37db5a1e2f64f<br />f504d9e70444e94697fdd89fa511eff2e6c1d9d393b9627de9833982f1a00814<br />fd162cd2fbf98ceb3436382d80fce88608fe4c563cc38bd83d1d72bf3fc17e42</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/0dda0877471ac5db18ae6fd73bb18631217c3523a62ac98014dbd0327b7fde4c/analysis/">1</a>] (detection 3/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<b>badmacro.ndb:</b><b> Sanesecurity.Badmacro.Xls.Wshell.G</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com2tag:blogger.com,1999:blog-9100761888144266006.post-17461622850287107272016-02-10T14:52:00.001+00:002016-02-10T14:52:54.051+00:00Remittance advice from Sky Group: Account No. 437786 macro malware.<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Remittance advice from Sky Group: Account No. 437786 macro malware.</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Subject: Remittance advice from Sky Group: Account No. 437786</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><div>
<div style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: #b5c4df 1pt solid; padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 3pt;">
<div class="MsoNormal">
<b><span lang="EN-US" style="font-family: "Tahoma","sans-serif"; font-size: 10pt;">From:</span></b><span lang="EN-US" style="font-family: "Tahoma","sans-serif"; font-size: 10pt;">
AccountsPayable-Ariba@sky.uk [mailto:AccountsPayable-Ariba@sky.uk]
<br /><b>Sent:</b> 02 February 2016 23:14<br /><b>To:</b> Accounts
Department<br /><b>Subject:</b> Remittance advice from Sky Group: Account No.
841479</span></div>
</div>
</div>
<div class="MsoNormal">
<br /></div>
<b><u><span style="color: black; font-family: "Arial","sans-serif";">PLEASE DO
NOT RESPOND TO THIS EMAIL, THIS MAILBOX IS NOT MONITORED</span></u></b>
<br />
<span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">Please
find attached the payment advice from the Sky Group. </span><br />
<span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">Please
note that payments can take up to three days to clear into your bank account,
dependent on payment method.</span><br />
<span style="color: #3399ff; font-family: "Arial","sans-serif"; font-size: 10pt;">Should
you need to contact Accounts Payable at SKY, contact details are below. Please
note that we operate via a helpdesk system, once you have emailed the team, you
will be advised of a unique Service Request (SR) number which will allow you to
track updates on your request. Please respond directly to these emails to ensure
all the information is attached to your query and we can assist
you.</span><br />
<b><span style="color: #3399ff; font-family: "Arial","sans-serif"; font-size: 10pt;">Office
Hours are: Mon - Fri 8:30am - 5pm</span></b><br />
<div>
<div class="MsoNormal">
<b><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">Accounts
Payable:</span></b></div>
</div>
<span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">Email
</span><span style="color: #3399ff; font-family: "Arial","sans-serif"; font-size: 10pt;">APhelpdesk@sky.uk</span><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;"> or
alternatively please telephone 0333 100 1212 and select option
4.</span></td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
Remittance_CoNo89995_AccNo437786_PaymentNo1588511.DOC</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
08ab1d20c74e1a8cac98b180eb63f122e820af2715ae40e0d6e6f00792c1b4a9 [1]<br />407274c5c7db94bd6704da5a995cd97921e469d1ecc4b25cb4b046b2329284e9<br />4c562688b8c6337da38b175a2faacaf666cdb5739c0b05eb04098f1f5c48a153<br />95aa21816dd1ba87d9f69e2f435af4e4d028edd3c1a78c217d7b03199f5f9e5e<br />9c6d3f9b0e405b9c6465dd07cd6967e3d4bfb380f13085943b78a87ad827821f<br />b13090e27168fa4a86f80034c2075762ca8f444fa8ca73cb4459cbaff0ca4fac<br />bb959c7a9944da696e51205beb020ade25dbd2816b1d2f2d215e58c160c11f80<br />df79de9eaf3511f054b1991a87c76b975be2e5dbe7c4c0104d943641e118bc6d<br />e41c48484185a5e0646b0286d6918d36e62493c17d1d83c82ea9904918a55deb<br />e8fc51fffa90fcf5bee44589a6f07d98cf9f4e1fcbcaa727dc28f3e816dd5f03<br />feb618a5256533a489921e98ceb3d3c04d987878f0e6b6134a78987ec6c11b41</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/08ab1d20c74e1a8cac98b180eb63f122e820af2715ae40e0d6e6f00792c1b4a9/analysis/">1</a>] (detection 5/55)</div>
<b><br />Sanesecurity Signature detection:<br /></b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
phish.ndb:<b> Sanesecurity.Malware.25962.XmlHeurGen</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-87862657700081592012016-02-09T09:07:00.005+00:002016-02-09T09:07:41.391+00:00aldridgesecurity Accounts document2016-02-09-103153.doc<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
aldridgesecurity Accounts document2016-02-09-103153.doc malware.</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<span style="color: navy;"><span style="font-size: x-small;"><span style="font-family: "verdana";"><b>From: {accounts_do_not_reply@aldridgesecurity.co.uk}</b></span></span></span></div>
<br />
<b>Message Body:</b><br />
<br /><div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<b>Accounts</b></div>
<br />
<br />
<b>Attachment filename(s):</b><br />
<b></b><br />
<br /><div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
document2016-02-09-103153.doc</div>
<br />
<br />
<b></b><br />
<b></b><br />
<b><br />Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
daa0816967567ca402adc2c754c8f716c376defa423fd1a9ff4a64ed2a6f9303 [1]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/daa0816967567ca402adc2c754c8f716c376defa423fd1a9ff4a64ed2a6f9303/analysis/">1</a>] (detection 5/55)</div>
<b><br />Sanesecurity Signature detection:<br /></b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.HttpSha.New</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-78728552717007796882016-02-09T08:38:00.002+00:002016-02-09T08:38:28.194+00:00Angela Sherman In Associates. statement malware.<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Angela Sherman In Associates. statement malware.</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: "Angela Sherman" {k.kikuchi@fujishojikk.co.jp}<br />
Subject: In Associates. statement</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><span style="color: navy;"><span style="font-size: x-small;"><span style="font-family: "verdana";">Please review attached the statement<br /><br />Kind regards<br />In Associates<br />Angela Sherman<br /></span></span></span></td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
1K5G7W7BV0.doc</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
17fe083def58b7a99a223db58cc9f4ce3509af6ab16afa511877e09eef4e9876 [1]<br />
05da6b5bf60f3d3b04542460e44954a8a55731b4b9308a2e2db9d6fef5d2624a<br />
07c956ac49608763db224a7b30778e9a7b4adf7af1061d2418c07353adaa0675<br />
0e2f114a0d3addfa76445ee955ae2871c537601af448eafdca1a1c84f713169c<br />
110cc9e8bc936a9d9d15fe2e2f7caebdd297100e838a49f6b2383afdde839b7d<br />
1203364bb4fc4247f4a810a8344cd6c42c2dde87c40b5dfdde893026bd7d8124<br />
134899e7dff4fe1d0625dc82df73feeb78bc14353e6db54b28d68e51919a6bb1<br />
257255630ba20ea510f4f665f1dcf723061527735ed66d86c31f1835765dd4cb<br />
263eee192b98bf42e72da617de19b6a0a1ee7331bd944950370c7bee1b79fb0d<br />
27d29356f57b29f06d7be83c7e23c9900aaf3c8cb333cc1aac664af7c3e6a602<br />
292b1a0984bcb5265489c54efaeda06525ece845a2c8684b59d4d158ec537af1<br />
3005ca10fe51340f182b6382ce656e860cf8ccbb059c5bfc856d821dfb2809c5<br />
3ac1c6b3a53579dbe37cebb2802c6045f6f4abd8b18f21c7a3a1115f0285559f<br />
3c4cea3748579adbc314b5ec3d8eb282c564ea00a4436a59488e009b9a557356<br />
3e6cda6b3a3437a0d8e729665ca5795fc056bc316e3eeb1fe0187db66ff440ca<br />
3e8401c3d7e171f3631e2925de2c06777716e9c338c37545bcbdae306046beb6<br />
42e4e721ace37bfa1a20d75a883f53e34eecf092e625213903195e7a7c759d9f<br />
48ec6cfa0c31f966b240a35f8369ab2f0d400ea23a651eac07d3d3cba63b06bc<br />
4f2c053f50280ed98774faf1b8111182b4937349fb5a896ce0629e957a390693<br />
5282e498ff67e5cf3255309262ceed810fee9db8cb16c056821ce95787319635<br />
6006045b0344846d8629290b5160c11de3c8a688078f7c922cd5c24652eed0f7<br />
6135ac6308369811d8ed2f92f06871154b2a4d7b7baef9bedcdf324356a5cfec<br />
78fb2677fed1cbfa904a225a9f215e3dec6872277e04fd76d79bc5a0869a08f0<br />
7d3d8dc692656057ca590dfdcdb2aea66d06afc5e554825a7bfdd4a70eb5d5a0<br />
81020196ad67e320ecb59bedd58a6f4d74614a2c672b490cf049e13fba2da031<br />
81034d0b7888fe3fd9055016548e4bac4fb6b0c9e8c57b477b12447568076682<br />
817aae5424281536389e55f095c8c4e5433a034cba126d8b4705ad38633c03b2<br />
8675cc689a2ebfa91af066222d44b107734eb2442c6b1be9cc6ea6c3903e5932<br />
87c32711670315ad5f0a5fdf90e9fbeea811579e5da3f738e5d84cb52996df6f<br />
8ae89923a5003dce6a3041bbeb5f97d5e4ef46acc75b7bfcd85260453b4c8a38<br />
8ea2951468300c888a57ed7ba20de0cd321df33f9ea4644f6bbed4c87add0b1f<br />
9795cad4d678c356aa085ea23d4c25571a5f451f1bde9be01d91221a20f4c851<br />
99810c2f0ad322803c021a731dd5d4b7becec53614fb7471a22255601aa6c143<br />
99d32b8dfe700879899800934fe9ee2ffc1de57b8c857dc4baa64d21ce4d81a7<br />
9c5e24e43d73976da9760685c3adfcfd6ce76f40876ffcd47c62f926a10fbe04<br />
a2073a284b324bd8431a19209df191b761135804e266ea3b165a873f47762f12<br />
a36a64c85aafc851f55ffc073ec74d18e9b12633d7047f04f28a768898f8146a<br />
a37511c3bdb0d1e735d829434b88515167c7ad9455458cab26001e03fc40146d<br />
a4a23baa3c55b5f27b36723d91361f24ceadb9ff555aae1ad6fa3ad889ef2425<br />
a5b4d50a828035590c3a84cddd468d841c500af797e74ff05137452d4a2f3b90<br />
a7d6f6f5a8ed0dc94a75cb171b510071571bfc44b7dcda00592960cec5f4fe90<br />
b2f01abb39ae5201377af4adc34be5f359b0dacf282fd10939e515953d80efb2<br />
b377dc142881784c3237d49a185905730a8a3385440a5b92d88eb0f236e5bb4d<br />
b5f2c9888d765117926febaa92b7ed8966c7b5befa00568881f9d33e651fb6b1<br />
bd7729098082c671520cacce936da97538506cb335d2a72d167ccb282efaa147<br />
c6f7a3689654d3bcf210d787ea146861fb46ca25173e51e8fa18a33516ce073f<br />
c99de9f2394dd3bd9b4f004e4b7c4fbb8aced733b9ef3f708b6ad3ebc63a0d4f<br />
cc711628d86f5f4b92742c1f0ec23722d431b6396c5d40f7225d99d591e28aa6<br />
cd91e3053441bfb21b473e0e8431cf9a8bda0cb9e1fbb15ff5e70fa3634ffba8<br />
cdf8e54e946f0fb4f507d80d6fba57dbea900372d66736503ea0310600429ab9<br />
d145626ab3785b251db24572c13589a0ad86796d4e8d5c951ac263947c1a0d41<br />
d49d86bfaf84ae4486cfcff1a66a7c2de5853f9b2dd01dcad9ab1784d8e9f7f6<br />
db5a19df4540def28c2f7a9c7896ab18fce11698e75b87dba59b3404acb59c44<br />
dd32ac74aa84bda10f09d66c7195532cfd6a09e97f5020a2579083ddf8d07365<br />
dd33172fcb0d33dad96cd99fff1d101a5a193263e0669cdc439d1035f41329db<br />
de0791d3375a511006ab9b3fee92b1bc4df5f739d169c21f47840a69b1314579<br />
e1f281bbcdb6be3ec851e5f32968e4db42cdc265946ed5d7d68cb662390b729d<br />
e2080686c5581dbf532b323e2b4d3d9b7a0e1abc92df6536f4e0cc6e30e1a139<br />
ea02524fddfd3415eacd6d1a0d7097aff7bddb132fda3be43ac61ec5284a9aba<br />
f0e46a777ffb42d2be8c9df7a66383c447d52879c98bdc157de2dd1e68e04100<br />
f11e19f56267fd59e4e8ac4ccbe8bd28f47f4770cf80db3111e381eea5401270<br />
f2186396e65db1a3984e2b5d39f31a640e3c9df8d2f784fdf30d62bfb71fe685<br />
f3eb740b4ee9ee75a9bb3db075c06b86ee2445166e8edbd764cf1be360e923cb<br />
f5390db63b3220956b017f76d846714946b75f6ad876545f0449a54c5f56f1ef<br />
f56e8f8c7045b64b2135f808baf137a78f986e30edbfa65c1b0be00064bb0bd9<br />
f6d476fdca2507a2068dc5b078aa2b6ca94f8e22f5d02cc6075fc42590f5c603<br />
f9460ca81ec1d81175a4beb353db5fb89f6840c700b802838463f4419b3c27d9<br />
fb2b961abf215490f676e080ecbed468e3cad64f9ea5c97542e64049ca141d60</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/17fe083def58b7a99a223db58cc9f4ce3509af6ab16afa511877e09eef4e9876/analysis/">1</a>] (detection 2/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Doc.shellv3</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-88264595136033988642016-02-09T08:27:00.004+00:002016-02-09T08:27:43.690+00:00Kyra Haley Dictum Corp.: invoice<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Kyra Haley Dictum Corp.: invoice malware.</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: "Kyra Haley" {press@sanzpont.com}<br />
Subject: Dictum Corp.: invoice</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><span style="color: navy;"><span style="font-size: x-small;"><span style="font-family: "verdana";">Please find attached the invoice<br /><br />Thanks<br />Dictum Corp.<br />Kyra Haley<br /></span></span></span></td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
1W14I9390Y9.doc</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
17fe083def58b7a99a223db58cc9f4ce3509af6ab16afa511877e09eef4e9876 [1]<br />05da6b5bf60f3d3b04542460e44954a8a55731b4b9308a2e2db9d6fef5d2624a<br />07c956ac49608763db224a7b30778e9a7b4adf7af1061d2418c07353adaa0675<br />0e2f114a0d3addfa76445ee955ae2871c537601af448eafdca1a1c84f713169c<br />110cc9e8bc936a9d9d15fe2e2f7caebdd297100e838a49f6b2383afdde839b7d<br />1203364bb4fc4247f4a810a8344cd6c42c2dde87c40b5dfdde893026bd7d8124<br />134899e7dff4fe1d0625dc82df73feeb78bc14353e6db54b28d68e51919a6bb1<br />257255630ba20ea510f4f665f1dcf723061527735ed66d86c31f1835765dd4cb<br />263eee192b98bf42e72da617de19b6a0a1ee7331bd944950370c7bee1b79fb0d<br />27d29356f57b29f06d7be83c7e23c9900aaf3c8cb333cc1aac664af7c3e6a602<br />292b1a0984bcb5265489c54efaeda06525ece845a2c8684b59d4d158ec537af1<br />3005ca10fe51340f182b6382ce656e860cf8ccbb059c5bfc856d821dfb2809c5<br />3ac1c6b3a53579dbe37cebb2802c6045f6f4abd8b18f21c7a3a1115f0285559f<br />3c4cea3748579adbc314b5ec3d8eb282c564ea00a4436a59488e009b9a557356<br />3e6cda6b3a3437a0d8e729665ca5795fc056bc316e3eeb1fe0187db66ff440ca<br />3e8401c3d7e171f3631e2925de2c06777716e9c338c37545bcbdae306046beb6<br />42e4e721ace37bfa1a20d75a883f53e34eecf092e625213903195e7a7c759d9f<br />48ec6cfa0c31f966b240a35f8369ab2f0d400ea23a651eac07d3d3cba63b06bc<br />4f2c053f50280ed98774faf1b8111182b4937349fb5a896ce0629e957a390693<br />5282e498ff67e5cf3255309262ceed810fee9db8cb16c056821ce95787319635<br />6006045b0344846d8629290b5160c11de3c8a688078f7c922cd5c24652eed0f7<br />6135ac6308369811d8ed2f92f06871154b2a4d7b7baef9bedcdf324356a5cfec<br />78fb2677fed1cbfa904a225a9f215e3dec6872277e04fd76d79bc5a0869a08f0<br />7d3d8dc692656057ca590dfdcdb2aea66d06afc5e554825a7bfdd4a70eb5d5a0<br />81020196ad67e320ecb59bedd58a6f4d74614a2c672b490cf049e13fba2da031<br />81034d0b7888fe3fd9055016548e4bac4fb6b0c9e8c57b477b12447568076682<br />817aae5424281536389e55f095c8c4e5433a034cba126d8b4705ad38633c03b2<br />8675cc689a2ebfa91af066222d44b107734eb2442c6b1be9cc6ea6c3903e5932<br />87c32711670315ad5f0a5fdf90e9fbeea811579e5da3f738e5d84cb52996df6f<br />8ae89923a5003dce6a3041bbeb5f97d5e4ef46acc75b7bfcd85260453b4c8a38<br />8ea2951468300c888a57ed7ba20de0cd321df33f9ea4644f6bbed4c87add0b1f<br />9795cad4d678c356aa085ea23d4c25571a5f451f1bde9be01d91221a20f4c851<br />99810c2f0ad322803c021a731dd5d4b7becec53614fb7471a22255601aa6c143<br />99d32b8dfe700879899800934fe9ee2ffc1de57b8c857dc4baa64d21ce4d81a7<br />9c5e24e43d73976da9760685c3adfcfd6ce76f40876ffcd47c62f926a10fbe04<br />a2073a284b324bd8431a19209df191b761135804e266ea3b165a873f47762f12<br />a36a64c85aafc851f55ffc073ec74d18e9b12633d7047f04f28a768898f8146a<br />a37511c3bdb0d1e735d829434b88515167c7ad9455458cab26001e03fc40146d<br />a4a23baa3c55b5f27b36723d91361f24ceadb9ff555aae1ad6fa3ad889ef2425<br />a5b4d50a828035590c3a84cddd468d841c500af797e74ff05137452d4a2f3b90<br />a7d6f6f5a8ed0dc94a75cb171b510071571bfc44b7dcda00592960cec5f4fe90<br />b2f01abb39ae5201377af4adc34be5f359b0dacf282fd10939e515953d80efb2<br />b377dc142881784c3237d49a185905730a8a3385440a5b92d88eb0f236e5bb4d<br />b5f2c9888d765117926febaa92b7ed8966c7b5befa00568881f9d33e651fb6b1<br />bd7729098082c671520cacce936da97538506cb335d2a72d167ccb282efaa147<br />c6f7a3689654d3bcf210d787ea146861fb46ca25173e51e8fa18a33516ce073f<br />c99de9f2394dd3bd9b4f004e4b7c4fbb8aced733b9ef3f708b6ad3ebc63a0d4f<br />cc711628d86f5f4b92742c1f0ec23722d431b6396c5d40f7225d99d591e28aa6<br />cd91e3053441bfb21b473e0e8431cf9a8bda0cb9e1fbb15ff5e70fa3634ffba8<br />cdf8e54e946f0fb4f507d80d6fba57dbea900372d66736503ea0310600429ab9<br />d145626ab3785b251db24572c13589a0ad86796d4e8d5c951ac263947c1a0d41<br />d49d86bfaf84ae4486cfcff1a66a7c2de5853f9b2dd01dcad9ab1784d8e9f7f6<br />db5a19df4540def28c2f7a9c7896ab18fce11698e75b87dba59b3404acb59c44<br />dd32ac74aa84bda10f09d66c7195532cfd6a09e97f5020a2579083ddf8d07365<br />dd33172fcb0d33dad96cd99fff1d101a5a193263e0669cdc439d1035f41329db<br />de0791d3375a511006ab9b3fee92b1bc4df5f739d169c21f47840a69b1314579<br />e1f281bbcdb6be3ec851e5f32968e4db42cdc265946ed5d7d68cb662390b729d<br />e2080686c5581dbf532b323e2b4d3d9b7a0e1abc92df6536f4e0cc6e30e1a139<br />ea02524fddfd3415eacd6d1a0d7097aff7bddb132fda3be43ac61ec5284a9aba<br />f0e46a777ffb42d2be8c9df7a66383c447d52879c98bdc157de2dd1e68e04100<br />f11e19f56267fd59e4e8ac4ccbe8bd28f47f4770cf80db3111e381eea5401270<br />f2186396e65db1a3984e2b5d39f31a640e3c9df8d2f784fdf30d62bfb71fe685<br />f3eb740b4ee9ee75a9bb3db075c06b86ee2445166e8edbd764cf1be360e923cb<br />f5390db63b3220956b017f76d846714946b75f6ad876545f0449a54c5f56f1ef<br />f56e8f8c7045b64b2135f808baf137a78f986e30edbfa65c1b0be00064bb0bd9<br />f6d476fdca2507a2068dc5b078aa2b6ca94f8e22f5d02cc6075fc42590f5c603<br />f9460ca81ec1d81175a4beb353db5fb89f6840c700b802838463f4419b3c27d9<br />fb2b961abf215490f676e080ecbed468e3cad64f9ea5c97542e64049ca141d60</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/17fe083def58b7a99a223db58cc9f4ce3509af6ab16afa511877e09eef4e9876/analysis/">1</a>] (detection 2/55)</div>
<b><br />Sanesecurity Signature detection:<br /></b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Doc.shellv3</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-84825622791834389602016-02-08T11:30:00.000+00:002016-02-08T11:30:06.494+00:00crosswater Accounts Documentation - Invoices<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
crosswater Accounts Documentation - Invoices javascript malware.</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: {CreditControl@crosswater.co.uk}<br />Subject: Accounts Documentation - Invoices</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><span style="color: navy;"><span style="font-size: x-small;"><span style="font-family: "verdana";">Please find attached the invoice(s) raised on your account today. If you have more than one invoice they will all be in the single attachment above.<br /><br />If you have any queries please do not hesitate to contact the Credit Controller who deals with your account.<br />Alternatively if you do not know the name of the Credit Controller you can contact us at:<br /><br />Accounts@crosswater-holdings.co.uk<br /><br />or call us on 0845 873 8840<br /><br />Please do not reply to this E-mail as this is a forwarding address only.<br /></span></span></span></td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
~13190.js</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
2ec49eae0c0aa7b0b9e50a71a00627f7c716ef038fc65b30e9bcf2d3c69e1917<br />
02cf2db86004fc507a9c276bdee187919ca83cb0625f6e64dc3b8b3a170545fc<br />
0b04548b0a4167600a7764cfc747957d12da5249959eb65ce2b017958eba2c99<br />
0ec6e87b09d639ca50507349974a95d9b695b67e0456a1c4a32419753d478e15<br />
1475e116878a83e7b3a208b547df8bcab351ad97a74dd88cce5041360828af9a<br />
3317b1744819a1e458c8a06928762a9664386a6960499bf6ad2a2f2c6b4e56d2<br />
3d223db58c4a3c3ac7799faa4a64555197d136d66c25c8ffbd634440dc20c4f4<br />
65bfbb31293855f7a2d869575aa71020d0362dbd67d42966829d416b8d43894c<br />
681f63e319229f82b625c629bf4890208cbab03b247763e854b2ecfc8dc6ca21<br />
6e09805b01e3434c76bfb13d0dc57f5e8548ca0692bb9a3ffb730543ef838db5<br />
7a16f3d7440fe27ca9bd0c7f02e270ba3a6fc055e9eedd12c9e49426f72b8f2c<br />
7d9ed7cc7cbc6e36070e4f9e76591cfb2482abe2705589d39e4fa54c7b49dd53<br />
ac4bb9c83ddc71796bfb52010d19fccfee3322e83a8689c79a5c398cf6654ca6<br />
b05daf28bc0b246ce6163e01a352dc8bd8cc0d03ce23f363898f682c686ec34b<br />
c047813d5eb2b83e6d6d4f67c8bccee441ec8ef3a64aa531679271c6e68b4bc6<br />
c66f97158c069e4ad27948b453985395ee7b39242daf7f7e467873b4c132bf71<br />
cf8371ffacd2e7e569670d341ae807f60cb2dbabf27dfc8ea7096b5505886355<br />
d48e19711fe2c3e62686a2234d7f8416c6846d8f07172d3d457fa017d02505b3<br />
e558ff9fbce1da8057f90df83b89e6b79ccf8ac403117e1b7e14090dd91bdefe<br />
e9bcacfd12ecd5405f388ade06811a332e5ae8797369c115d9df8b76a8728a52<br />
fcf1f35adb267655d6fbaf014ba51ec07480d2f80a0a78de940e215879a30290</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/2ec49eae0c0aa7b0b9e50a71a00627f7c716ef038fc65b30e9bcf2d3c69e1917/analysis/">1</a>] (detection 1/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
phish.ndb:<b> Sanesecurity.Malware.25968.JsHeur</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-86449746368162308012016-02-08T10:17:00.001+00:002016-02-08T10:17:08.435+00:00Delivery Note from Edgar's Water DOC2105685 Lizzie.Writer<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Delivery Note from Edgar's Water DOC2105685 Lizzie.Writer javascript malware.</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: {Lizzie.Writer@edgarswater.co.uk}<reception optivet.com=""></reception><br />
Subject: Delivery Note from Edgar's Water DOC2105685</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><span style="color: navy; font-family: Verdana; font-size: x-small;">Please find attached your latest
delivery note from Edgar's Water.</span> <br />
<span style="color: navy; font-family: Verdana; font-size: x-small;">If you have any queries please either
email accounts@edgarswater.co.uk or call the accounts department on 01622 834800
Option 4.</span></td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
DELIVERYNOTE_CHAR009B_44_55782.JS</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
2ec49eae0c0aa7b0b9e50a71a00627f7c716ef038fc65b30e9bcf2d3c69e1917<br />02cf2db86004fc507a9c276bdee187919ca83cb0625f6e64dc3b8b3a170545fc<br />0b04548b0a4167600a7764cfc747957d12da5249959eb65ce2b017958eba2c99<br />0ec6e87b09d639ca50507349974a95d9b695b67e0456a1c4a32419753d478e15<br />1475e116878a83e7b3a208b547df8bcab351ad97a74dd88cce5041360828af9a<br />3317b1744819a1e458c8a06928762a9664386a6960499bf6ad2a2f2c6b4e56d2<br />3d223db58c4a3c3ac7799faa4a64555197d136d66c25c8ffbd634440dc20c4f4<br />65bfbb31293855f7a2d869575aa71020d0362dbd67d42966829d416b8d43894c<br />681f63e319229f82b625c629bf4890208cbab03b247763e854b2ecfc8dc6ca21<br />6e09805b01e3434c76bfb13d0dc57f5e8548ca0692bb9a3ffb730543ef838db5<br />7a16f3d7440fe27ca9bd0c7f02e270ba3a6fc055e9eedd12c9e49426f72b8f2c<br />7d9ed7cc7cbc6e36070e4f9e76591cfb2482abe2705589d39e4fa54c7b49dd53<br />ac4bb9c83ddc71796bfb52010d19fccfee3322e83a8689c79a5c398cf6654ca6<br />b05daf28bc0b246ce6163e01a352dc8bd8cc0d03ce23f363898f682c686ec34b<br />c047813d5eb2b83e6d6d4f67c8bccee441ec8ef3a64aa531679271c6e68b4bc6<br />c66f97158c069e4ad27948b453985395ee7b39242daf7f7e467873b4c132bf71<br />cf8371ffacd2e7e569670d341ae807f60cb2dbabf27dfc8ea7096b5505886355<br />d48e19711fe2c3e62686a2234d7f8416c6846d8f07172d3d457fa017d02505b3<br />e558ff9fbce1da8057f90df83b89e6b79ccf8ac403117e1b7e14090dd91bdefe<br />e9bcacfd12ecd5405f388ade06811a332e5ae8797369c115d9df8b76a8728a52<br />fcf1f35adb267655d6fbaf014ba51ec07480d2f80a0a78de940e215879a30290</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/2ec49eae0c0aa7b0b9e50a71a00627f7c716ef038fc65b30e9bcf2d3c69e1917/analysis/">1</a>] (detection 1/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
phish.ndb:<b> Sanesecurity.Malware.25968.JsHeur</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-7459629153127005562016-02-08T09:28:00.000+00:002016-02-08T09:28:00.690+00:00Scanned file from Optivet Referrals .tiff.js javascript malware<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Scanned file from Optivet Referrals .tiff.js javascript malware.</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: Optivet Referrals <reception optivet.com=""></reception><br />
Subject: Scanned file from Optivet Referrals</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><div class="MsoNormal">
Dear Sir/Madam</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Please find attached a document from <span class="SpellE">Optivet</span> Referrals. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Yours faithfully</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span class="GramE">The Reception Team at <span class="SpellE">Optivet</span>.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span class="SpellE"><span class="GramE">Optivet</span></span><span class="GramE"> Referrals Ltd. Company Reg.
No. 06906314.</span> Registered office: Calyx House, South Road, Taunton, <span class="GramE">Somerset</span>. TA1 3DU</div>
<div class="MsoNormal">
<span class="SpellE">Optivet</span> Referrals Ltd. may monitor
email traffic data and also the content of email for the purposes of security
and staff training.</div>
<div class="MsoNormal">
This message is private and confidential. If you have
received this message in error, please notify us and remove it from your system</div>
</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
596968702143.tiff.js</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
2ccc322afcc0135500103ff96e4e96b35856855ca309c2883632bcdb4b70f532 [1]<br />cde1d1b9d1234ec89cdda6a59d32380421b00d2cbf951e2b43a6d24202b1763<br />113b61b6239cda4933e462164572a09f872ea70a0f5a789ed8a08aec0181004b<br />20c21cdc8b74c3f2e9f3643c1f98730d9327c26f1c66fb2206d35a5ac4f71740<br />22e4c0515e1ca1ec6f387b7aa76df92d1c0cd476217ef469a7b4af7a1686b50a<br />2441791a25cddb126f551736581cd8e54e4cdcf7bc743dfd3963081d9102f078<br />26239974381d815ff49649511b39fddddfdd5e891b0640cbf09ec272079fe351<br />2d14004f2cb69f7f0c6f17ef0bea8b890f26dfe2ce249091894fc148afd85759<br />41668765a8a494db5eed8b1704abbc3df35290c6bdf5cb60f086beede78c5b03<br />5509ac7f77e297dd96fdd0c00f38d8ed1e5ebccf1c9b87584ef88f5f0bc0cb2f<br />56730ed6ea8a4766a3a747e1cf3cab343a4f9b83fd14ed05956c90a9cd26f364<br />689a5011e9aaf95f6b5ae27407c3a56fe91bad81facc9a6ec16b014c8311b073<br />ac4bb9c83ddc71796bfb52010d19fccfee3322e83a8689c79a5c398cf6654ca6<br />b71f7f8f6cfb5718951ea7b7447fa0dc0c9caeb5bb7d9dd779ab80707981d876<br />c1fa36e007356c6f49855a74afa6d121409f5b012119eb1525a44ca55593841f<br />c38c6d7486bd2cc3a2f4387a63fa4c71c784aec54234946a3c2084580208b634<br />d1ee98273bc70d5b06196bce99dff7cb30283daf38a271eed860da2418d7abba<br />e0731d2f431d10778aea927109902742bec40e5c48ada281b7c204c37fcc7e72<br />ec3fc09556aa803305bd7dee344e74a1cbcb75deae221799c04cff1c4a926751</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/2ccc322afcc0135500103ff96e4e96b35856855ca309c2883632bcdb4b70f532/analysis/">1</a>] (detection 1/55)</div>
<b><br />Sanesecurity Signature detection:<br /></b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
phish.ndb:<b> Sanesecurity.Malware.25968.JsHeur</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-3996967937665851962016-02-04T11:37:00.001+00:002016-02-04T11:37:16.958+00:00Imexpart Limited - Parcels Dispatched imex.prcl.I806015.doc malware<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Imexpart Limited - Parcels Dispatched imex.prcl.I806015.doc malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: reports@imexpart.com<br />
Subject: Imexpart Limited - Parcels Dispatched</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">Your Imexpart order I806015 has now been dispatched. Our driver Agency should
deliver this to you by 11.50pm. This is subject to traffic and weather
conditions.<br /><br />
<div class="MsoNormal">
<b><span lang="EN-US" style="color: #d81f2a; font-family: Tahoma,sans-serif; font-size: 10pt; line-height: 115%;">A
Saturday morning delivery service is available</span></b>*<b> - call for details or
visit: www.imexpart.com/delivery/<wbr></wbr>saturday_opening</b></div>
<br />
<div class="MsoNormal">
<span lang="EN-US" style="color: black; font-family: Tahoma,sans-serif; font-size: 7pt; line-height: 115%;">*Saturday
delivery to selected postcodes only.</span></div>
<br /><br /><span style="color: #1f497d; font-family: Arial,sans-serif; font-size: 10pt; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">Regards</span><br /><br /><b><span style="color: #222222; font-family: Verdana,sans-serif; font-size: 10pt; mso-bidi-font-family: Arial; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">Imexpart
Limited</span></b><br /><b><span style="color: grey; font-family: Verdana,sans-serif; font-size: 10pt; mso-bidi-font-family: Arial; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">Links
31, Willowbridge Way,</span></b><br /><b><span style="color: grey; font-family: Verdana,sans-serif; font-size: 10pt; mso-bidi-font-family: Arial; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">Whitwood,
Castleford, West Yorkshire,</span></b><br /><b><span style="color: grey; font-family: Verdana,sans-serif; font-size: 10pt; mso-bidi-font-family: Arial; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">WF10
5NP, ENGLAND</span></b><br /><b><span style="color: grey; font-family: Arial,sans-serif; font-size: 7.5pt; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">Registeredin
England: 1974788</span></b><br /><b><span style="color: #222222; font-family: Verdana,sans-serif; font-size: 10pt; mso-bidi-font-family: Arial; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">Tel:
</span></b><b><span style="color: blue; font-family: Verdana,sans-serif; font-size: 10pt; mso-bidi-font-family: Arial; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">+
44 (0) 1977 553936</span></b><br /><b><span style="color: #222222; font-family: Verdana,sans-serif; font-size: 10pt; mso-bidi-font-family: Arial; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">Fax:
</span></b><b><span style="color: blue; font-family: Verdana,sans-serif; font-size: 10pt; mso-bidi-font-family: Arial; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">+
44 (0) 1977 604684</span></b><br /><b><span style="color: #222222; font-family: Verdana,sans-serif; font-size: 10pt; mso-bidi-font-family: Arial; mso-fareast-font-family: Times New Roman; mso-fareast-language: EN-GB;">Website:
</span></b><a href="http://www.imexpart.com/" target="_blank">www.imexpart.com</a></td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
imex.prcl.I806015.doc</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
614d73dbe1e450758dc4603b7496ced4624fcdf96b490260ddda3f2c65dd3c8d [1]<br />b8fec4afd947c567dd1e956ad254ea5a895cacc43cdf159dbc7b30db6178ae6e [2]<br />d7e5db2fc1195f5a9e9eb06d017924bd689e655561158cabb72176a8d9fbbf79 [3]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [1] (detection 5/55)<br />
VirusTotal Report: [2] (detection 5/55)<br />
VirusTotal Report: [3] (detection 5/55)</div>
<b><br />Sanesecurity Signature detection:<br /></b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
phish.ndb:<b> Sanesecurity.Malware.25086.MacroHeurGen.Al2</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-79480538192444864372016-02-01T10:35:00.001+00:002016-02-01T10:35:07.918+00:00Duration Windows Order Processed. V9568HW.doc<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Duration Windows Order Processed. V9568HW.doc macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: NoReply-Duration Windows {noreply@duration.co.uk}<br />Subject: Order Processed.</div>
<br /><b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><span style="font-family: Arial; font-size: x-small;">Dear Customer,</span> <br />
<span style="font-family: Arial; font-size: x-small;">Please find details for your order attached as a PDF
to this e-mail.</span> <br />
<span style="font-family: Arial; font-size: x-small;">Regards,</span> <br /><span style="font-family: Arial; font-size: x-small;">Duration
Windows</span> <br /><span style="font-family: Arial; font-size: x-small;">Sales Department</span> </td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
V9568HW.doc</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
003837a453ab7dd0dda51804f4208b10009dc33a9a909e9689b82a1b993deea1 [1]<br />66ee53feafb8bd00d44cb5cb002fdf16298fa44d9925d25045ed8a61a2f9ff01 [2]<br />a9eb20b8bbaf117bb82725139188676c1a89811570c6d71e97a2baa7edc83823 [3]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/003837a453ab7dd0dda51804f4208b10009dc33a9a909e9689b82a1b993deea1/analysis/">1</a>] (detection 5/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/66ee53feafb8bd00d44cb5cb002fdf16298fa44d9925d25045ed8a61a2f9ff01/analysis/">2</a>] (detection 5/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/a9eb20b8bbaf117bb82725139188676c1a89811570c6d71e97a2baa7edc83823/analysis/">3</a>] (detection 5/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
phish.ndb:<b> Sanesecurity.Malware.25086.MacroHeurGen.Al2</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-52387808378191448622016-01-29T10:02:00.000+00:002016-01-29T10:05:00.359+00:00Despatch Note FFGDES34309 Foyle Food Group Limited<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Despatch Note FFGDES34309 Foyle Food Group Limited macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: Foyle Food Group Limited {accounts@foylefoodgroup.com}<br />
Subject: Despatch Note FFGDES34309</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">Please find attached Despatch Note FFGDES34309 </td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
FFGDES34309.doc</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
03d4676d6b9459ebde4e49406b681291b62093862b6b70e82ee36814ae3eb380<b> [1]</b><br />
a7373d7df306a0a23fd99ce583e3f58edd0694c96134258325b21272597d63b9 [2]<br />0948b607da8e1dbfb5f235c9005d634afdf477a2ee9e8e344ccf445f41b195dc [3]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/03d4676d6b9459ebde4e49406b681291b62093862b6b70e82ee36814ae3eb380/analysis/">1</a>] (detection 4/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/a7373d7df306a0a23fd99ce583e3f58edd0694c96134258325b21272597d63b9/analysis/">2</a>] (detection 4/55)<br />VirusTotal Report: [<a href="https://www.virustotal.com/en/file/0948b607da8e1dbfb5f235c9005d634afdf477a2ee9e8e344ccf445f41b195dc/analysis/">3</a>] (detection 4/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Doc.cu1</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com2tag:blogger.com,1999:blog-9100761888144266006.post-74800569830517810452016-01-28T13:22:00.001+00:002016-01-28T13:22:09.009+00:00Lesley Mawson PAYMENT CONFIRMATION PAYMENT VOUCHER.DOC<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Lesley Mawson PAYMENT CONFIRMATION PAYMENT VOUCHER.DOC macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: "Lesley Mawson" {LMawson@agrin.co.uk}<br />Subject: PAYMENT CONFIRMATION</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">For the attention of the accounts department.<br /><br />Please find attached a copy of our payment to you.<br /><br />Kind regards<br />Lesley<br /><br /><br />Lesley Mawson<br /><br />A.I.P. Ltd<br />9 Wassage Way, Hampton Lovett Ind Estate, Droitwich. WR9 0NX</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
PAYMENT VOUCHER.DOC</div>
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
f92337d3097225f9c70dcc1d9064dee66a620f65c890139d4ac06efdc45e7e2a<b> [1]</b></div>
<br /><b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/f92337d3097225f9c70dcc1d9064dee66a620f65c890139d4ac06efdc45e7e2a/analysis/">1</a>] (detection 2/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Doc.exetmp</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-66727403982094603112016-01-28T13:01:00.000+00:002016-01-28T13:01:12.134+00:00Hayley Stoakes Invoice macro malware<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Hayley Stoakes Invoice macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
From: "Hayley Stoakes" {hayley@whirlowdale.com}<br />Subject: Invoice</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">Thank you for your order. Your Invoice - 96413 - is attached.</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
96413.DOC</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
45f8c1de7d25c8a24246943ae194cb692add12efaab12d2689aa7a47e7d6b46a [1]<br />
f92337d3097225f9c70dcc1d9064dee66a620f65c890139d4ac06efdc45e7e2a [2]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/45f8c1de7d25c8a24246943ae194cb692add12efaab12d2689aa7a47e7d6b46a/analysis/">1</a>] (detection 2/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/f92337d3097225f9c70dcc1d9064dee66a620f65c890139d4ac06efdc45e7e2a/analysis/">2</a>] (detection 2/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Doc.exetmp</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-20851671473377888012016-01-28T11:26:00.003+00:002016-01-28T11:26:30.624+00:00IKEA Purchase Order [2001800526]<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
IKEA Purchase Order [2001800526] macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
From: order@ibxplatform.com<br />Subject: IKEA Purchase Order [2001800526]</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">This message contains a Purchase Order from IKEA. If you have any questions regarding this Purchase Order and its contents, we kindly ask you to contact your customer directly. <br />If this message is incomplete or not readable, feel free to refer to our contact details below. <br />Please do not reply to this message!<br /><br /><br />Diese Nachricht enthält eine Bestellung von IKEA. Bitte nehmen Sie Kontakt mit dem Kunden direkt auf, sollten Fragen zum Inhalt dieser Bestellung bestehen.<br />Sollte diese Nachricht unvollständig oder nicht lesbar sein, bitten wir Sie sich an den unten genannten Kontakt zu wenden.<br />Bitte antworten Sie nicht auf diese Nachricht!<br /><br /><br />Este mensaje contiene una Orden de Compra de IKEA. Póngase en contacto con el cliente directamente si tiene alguna pregunta respecto a la Orden de Compra y su contenido.<br />Si este mensaje está incompleto o no leÃble, siga nuestros detalles de contactos en la parte inferior.<br />Por favor no responda este mensaje.<br /><br /><br />Ce message contient un bon de commande de la société IKEA. Pour toutes questions concernant cette commande ou son contenu, nous vous prions de bien vouloir contacter votre client directement.<br />Si ce message est incomplet ou si vous avez des difficultés à le lire, n'hésitez pas à nous contacter avec les coordonnées ci-dessous.<br />Veuillez ne pas répondre à ce message s'il vous plaît !<br /><br /><br />Detta meddelande innehÃ¥ller en inköpsorder ifrÃ¥n IKEA, vänligen kontakta din kund direkt om du har nÃ¥gra frÃ¥gor angÃ¥ende inköpsordern och dess innehÃ¥ll.<br />Om det här meddelandet är ofullständigt eller oläsligt, kontakta oss pÃ¥ nedanstÃ¥ende adress eller telefonnummer.<br />Vänligen svara ej pÃ¥ detta meddelande!<br />Kind regards,<br /><br />IBX Service Desk<br />Capgemini BPO | IBX Business Network | Sweden <br />Gustavslundsvägen 131, SE-167 51 Bromma, Sweden <br />Postal Address: BOX 825, SE-167 24 Bromma, Sweden <br />Internet: www.capgemini.com/procurement | www.ibxplatform.com | www.ehandelsplattformen.no<br /><br />Support Email: support@ibxplatform.com <br /><br />Toll free: <br />Austria 0800.295.265 Norway 800.167.57<br />Brazil 08000 380 599 Sweden 020.313.200<br />Denmark 808.89.961 United Kingdom 080.8234.9169<br />Finland 0800.114.671 USA 866.8236.518<br />Germany 0800.181.1539 India 0008001008811 <br /><br />Not toll free:<br />International +46 8 5648.9600<br /></td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
Purchase_Order_Number__2001800526.doc</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
45f8c1de7d25c8a24246943ae194cb692add12efaab12d2689aa7a47e7d6b46a [1]<br />f92337d3097225f9c70dcc1d9064dee66a620f65c890139d4ac06efdc45e7e2a [2]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/45f8c1de7d25c8a24246943ae194cb692add12efaab12d2689aa7a47e7d6b46a/analysis/">1</a>] (detection 2/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/f92337d3097225f9c70dcc1d9064dee66a620f65c890139d4ac06efdc45e7e2a/analysis/">2</a>] (detection 2/55)</div>
<b><br />Sanesecurity Signature detection:<br /></b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Doc.exetmp</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-58540759322245503632016-01-27T16:31:00.001+00:002016-01-27T16:31:35.764+00:00Enterprise Invoices No. macro malware<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Enterprise Invoices No. macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
<br />
Subject: Enterprise Invoices No.65698</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">Please find attached invoice/s from<br />Enterprise Security Distribution (South West) Limited<br />Unit 20, Avon Valley Business Park<br />St Annes Road<br />St Annes<br />Bristol<br />BS4 4EE<br /><br />Corina Wilkerson<br />Accountant<br />Tel: 0117 977 5373</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
scan-hpC4D6A@kichkas.net_7399292.xls</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
0fc743807ff0fcce578947faa3f29b24f5ad632bfc5b3af582d2ea2a270c8599 [1]<br />378bd2fe58b2fb7cae6ee9168087b53bb9ea371f132f3d8304fc78cdff2758f1 [2]<br />4d4bb2cd6843832f37926855d419c346d07161baed97a8a882c54ef16e69d137 [3]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/0fc743807ff0fcce578947faa3f29b24f5ad632bfc5b3af582d2ea2a270c8599/analysis/">1</a>] (detection 0/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/378bd2fe58b2fb7cae6ee9168087b53bb9ea371f132f3d8304fc78cdff2758f1/analysis/">2</a>] (detection 0/55)<br />VirusTotal Report: [<a href="https://www.virustotal.com/en/file/4d4bb2cd6843832f37926855d419c346d07161baed97a8a882c54ef16e69d137/analysis/">3</a>] (detection 0/55)</div>
<b><br />Sanesecurity Signature detection:<br /></b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
phish.ndb:<b> Sanesecurity.Malware.25962.XmlHeurGen</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-39532120557180832712016-01-27T14:19:00.002+00:002016-01-27T14:19:24.217+00:00Dawn Salter Invoice 9210.doc <b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Dawn Salter Invoice 9210.doc macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
From: Dawn Salter {dawn@mrswebsolutions.com}<br />Subject: Invoice 9210</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><div class="MsoNormal">
Good afternoon</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
I hope all is good with you.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Please see attached invoice 9210.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Kind
regards</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Dawn</span></div>
<div class="MsoNormal">
<span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><img alt="http://www.mrswebsolutions.com/email/spacer.gif" height="1" id="Picture_x0020_1" src="" width="1" /></span></div>
<div class="MsoNormal">
<b><span style="font-family: "Arial","sans-serif"; font-size: 10pt;">Dawn <span style="color: #ca006c;">Salter</span></span></b><b><i><span style="font-family: "Arial","sans-serif"; font-size: 7.5pt;">Office
Manager</span></i></b></div>
<div class="MsoNormal">
<b><i><span style="font-family: "Arial","sans-serif"; font-size: 7.5pt;"><br /></span></i></b></div>
<table border="0" cellpadding="0" cellspacing="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;"><div class="MsoNormal" style="line-height: 13pt;">
<i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">Tel:</span></i><i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;"><br /></span></i><i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">DDI:</span></i></div>
<div class="MsoNormal" style="line-height: 13pt;">
<i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">Web:</span></i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;"></span></div>
</td>
<td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;">
<div class="MsoNormal" style="line-height: 13pt;">
<i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;"><br /></span></i><b><i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">+44
(0)1252 616000 / +44 (0)1252 622722</span></i></b></div>
<div class="MsoNormal" style="line-height: 13pt;">
<b><i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">+44
(0)1252 916494</span></i></b><i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;"><br /></span></i><i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;"><a href="http://www.mrswebsolutions.com/"><span style="color: black;">www.mrswebsolutions.com</span></a></span></i></div>
</td></tr>
<tr>
<td colspan="2" style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 7.5pt;">
<div class="MsoNormal" style="line-height: 13pt;">
<i><span style="color: #999999; font-family: "Arial","sans-serif"; font-size: 10pt;">1
Blue Prior Business Park, Church Crookham, Fleet, Hants, GU52
0RJ</span></i><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10pt;">
</span></div>
</td></tr>
</tbody></table>
</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
9210.doc</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
a8bfefc9496bc1878947f85d9564b9fc84b56a6dd2e90c7ca58759a6f8625a54 [1]<br />d7cefbfcfc5af2529683b156f7afe5c88cac653009f9b30fd7663f9a27dabcc3 [2]<br />ea62fe423a2f7f97bb93990bc42664b54e09af054fd167fa2e0fd781f265a333 [3]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/a8bfefc9496bc1878947f85d9564b9fc84b56a6dd2e90c7ca58759a6f8625a54/analysis/">1</a>] (detection 2/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/d7cefbfcfc5af2529683b156f7afe5c88cac653009f9b30fd7663f9a27dabcc3/analysis/">2</a>] (detection 2/55)<br />VirusTotal Report: [<a href="https://www.virustotal.com/en/file/ea62fe423a2f7f97bb93990bc42664b54e09af054fd167fa2e0fd781f265a333/analysis/">3</a>] (detection 2/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Doc.vbfexe</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com1tag:blogger.com,1999:blog-9100761888144266006.post-54326044042599434332016-01-27T09:45:00.001+00:002016-01-27T09:45:45.868+00:00Michelle Ludlow New Order doc4502094035.doc<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Michelle Ludlow New Order doc4502094035.doc macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
From: Michelle Ludlow {Michelle.Ludlow@dssmith.com}<br />Subject: New Order</div>
<br /><b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;"><div class="MsoNormal">
<span style="color: black; font-family: "Verdana","sans-serif"; font-size: 10pt;">Hi</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="color: black; font-family: "Verdana","sans-serif"; font-size: 10pt;">Please
see attached for tomorrow.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="color: black; font-family: "Verdana","sans-serif"; font-size: 10pt;">Thanks</span></div>
<div class="MsoNormal">
<br /></div>
<table border="0" cellpadding="0" cellspacing="0" class="MsoNormalTable">
<tbody>
<tr>
<td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;">
<div class="MsoNormal">
<b><span style="color: black; font-family: "Verdana","sans-serif"; font-size: 9pt;">Michelle
Ludlow</span></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;"></span></div>
</td></tr>
<tr>
<td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;">
<div class="MsoNormal">
<span style="color: black; font-family: "Verdana","sans-serif"; font-size: 9pt;">Customer
Services Co-Ordinator - Packaging Services</span><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;"></span></div>
</td></tr>
<tr>
<td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;">
<div class="MsoNormal">
<span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;"></span></div>
</td></tr>
<tr>
<td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;">
<div class="MsoNormal">
<b><span style="color: black; font-family: "Verdana","sans-serif"; font-size: 9pt;">Packaging
Division</span></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;"></span></div>
</td></tr>
<tr>
<td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;">
<div class="MsoNormal">
<span style="color: black; font-family: "Verdana","sans-serif"; font-size: 9pt;">Dodwells
Road, Hinckley LE10 3BX, United Kingdom</span><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;"></span></div>
</td></tr>
<tr>
<td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;">
<div class="MsoNormal">
<span style="color: black; font-family: "Verdana","sans-serif"; font-size: 9pt;">T +44
(0)1455 892939 F +44 (0)1455 892924 </span><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;"></span></div>
</td></tr>
<tr>
<td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;">
<div class="MsoNormal">
<span style="color: black; font-family: "Verdana","sans-serif"; font-size: 9pt;"><a href="mailto:michelle.ludlow@dssmith.com"><span style="color: blue;">michelle.ludlow@dssmith.com</span></a></span><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;"></span></div>
</td></tr>
<tr>
<td style="padding-bottom: 0cm; padding-left: 0cm; padding-right: 0cm; padding-top: 0cm;">
<div class="MsoNormal">
<span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;"><a href="http://www.dssmith.com/"><b><span style="color: #d67b19; font-family: "Verdana","sans-serif"; font-size: 9pt; text-decoration: none;">www.dssmith.com</span></b></a></span></div>
</td></tr>
</tbody></table>
</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
doc4502094035.doc</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
6ecc8c79c0f1d4579ac9e68aeeb538199b835a8f27d51643b85a386daa5ff33c [1]<br />f4b65dc842ba7353e4b13211f5474d0841ef98152f1c9ab208681b25365d775e [2]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/6ecc8c79c0f1d4579ac9e68aeeb538199b835a8f27d51643b85a386daa5ff33c/analysis/">1</a>] (detection 4/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/f4b65dc842ba7353e4b13211f5474d0841ef98152f1c9ab208681b25365d775e/analysis/">2</a>] (detection 4/55)<br />
</div>
<b><br />Sanesecurity Signature detection:<br /></b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Doc.cu1</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-21008085795464613152016-01-25T09:17:00.001+00:002016-01-25T09:17:22.710+00:00Direct Debit Mandate from HPscanner macro malware<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Direct Debit Mandate from HPscanner macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Subject: Direct Debit Mandate from MERCER RESOURCES PLC</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">Good morning<br /><br />Please attached Direct Debit Mandate from MERCER RESOURCES PLC;<br />complete, sign and scan return at your earliest convenience.<br /><br /><br />Kind regards,<br /><br />Elise Burke<br />TEAM SUPPORT<br />MERCER RESOURCES PLC<br />t. 01754 660 271<br />f. 0868 400 3263</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
HPscanner523BD@sabanet.ir_147039.doc</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
1535fe867d5ddf44fd66313125158917a78926131c9875e4a1a15f7a391f6e18 [1]<br />214bf2375880d6f73f0b8f5988737f536ad19c1d201a35bea8e8ce42f8bf86bb<br />3f6ea28afc16479c7024abe87d55f25493c34622693cc04b5d06cb71db23297b<br />a1a751102b3b47e478d36fffa786397eaaf3f3b9fe5518ab9d26ad59f71267a5<br />e770c69c7970bd96c469d56a50467dd38ec03b167fd6df5f1706f8620c47c86b</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/1535fe867d5ddf44fd66313125158917a78926131c9875e4a1a15f7a391f6e18/analysis/">1</a>] (detection 3/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
phish.ndb:<b> Sanesecurity.Malware.25962.XmlHeurGen</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-78681803920277296722016-01-22T12:21:00.002+00:002016-01-22T12:21:54.614+00:00UKMail 988271023 tracking information macro malware<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
UKMail 988271023 tracking information macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
From: no-reply@ukmail.com<br />Subject: UKMail 988271023 tracking information</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">UKMail Info!<br />Your parcel has not been delivered to your address January 21, 2016, because nobody was at home.<br />Please view the information about your parcel, print it and go to the post office to receive your package.<br /><br />Warranties<br />UKMail expressly disclaims all conditions, guarantees and warranties, express or implied, in respect of the Service.<br />Where the law prevents such exclusion and implies conditions and warranties into this contract,<br />where legally permissible the liability of UKMail for breach of such condition,<br />guarantee or warranty is limited at the option of UKMail to either supplying the Service again or paying the cost of having the service supplied again.<br />If you don't receive a package within 30 working days UKMail will charge you for it's keeping.<br />You can find any information about the procedure and conditions of parcel keeping in the nearest post office.<br /><br />Best regards,<br />UKMail</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
988271023-PRCL.xls</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
886adc192957bda32b375503c0d8b3c09f4b77a2609e4ef5952072c79c1ca7a0 [1]<br />c66742b7b4a90e7cf7c909152ca4f5ebc9d8dbc5825877fd3b1103081abb948c [2]<br />eae89bcb2c5349000441990e85c09b64d6dc0a9d4308140f640ef357f68b2876 [3]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/886adc192957bda32b375503c0d8b3c09f4b77a2609e4ef5952072c79c1ca7a0/analysis/">1</a>] (detection 3/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/c66742b7b4a90e7cf7c909152ca4f5ebc9d8dbc5825877fd3b1103081abb948c/analysis/">2</a>] (detection 3/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/eae89bcb2c5349000441990e85c09b64d6dc0a9d4308140f640ef357f68b2876/analysis/">3</a>] (detection 3/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Xls.Wshell.G</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-92009378630242157272016-01-22T09:08:00.003+00:002016-01-22T09:08:14.694+00:00Message from scanner macro malware<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Message from scanner macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
Subject: Message from scanner</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">Attachment: [SKM_4050151222162800.doc]</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
SKM_4050151222162800.doc</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
0f5bb3b7d13333c2141f7ee490773c70a919cf6a208c9bd37a3ba790eae48e3e [1]<br />
60c2aa4d30f1a1d84e03cde89c9d16de70071f0bed798a95e309218a8ee64997 [2]<br />
d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd [3]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/0f5bb3b7d13333c2141f7ee490773c70a919cf6a208c9bd37a3ba790eae48e3e/analysis/">1</a>] (detection 3/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/60c2aa4d30f1a1d84e03cde89c9d16de70071f0bed798a95e309218a8ee64997/analysis/">2</a>] (detection 3/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd/analysis/">3</a>] (detection 3/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Wsc.New</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com1tag:blogger.com,1999:blog-9100761888144266006.post-47589321985847810692016-01-22T09:04:00.002+00:002016-01-22T09:04:34.884+00:00Message from KONICA_MINOLTA macro malware<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Message from KONICA_MINOLTA macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
Subject: Message from KONICA_MINOLTA</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">Attachment: [SKM_4050151222162800.doc]</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
SKM_4050151222162800.doc</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
0f5bb3b7d13333c2141f7ee490773c70a919cf6a208c9bd37a3ba790eae48e3e [1]<br />
60c2aa4d30f1a1d84e03cde89c9d16de70071f0bed798a95e309218a8ee64997 [2]<br />
d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd [3]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/0f5bb3b7d13333c2141f7ee490773c70a919cf6a208c9bd37a3ba790eae48e3e/analysis/">1</a>] (detection 3/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/60c2aa4d30f1a1d84e03cde89c9d16de70071f0bed798a95e309218a8ee64997/analysis/">2</a>] (detection 3/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd/analysis/">3</a>] (detection 3/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Wsc.New</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0tag:blogger.com,1999:blog-9100761888144266006.post-38898614194934104532016-01-22T09:02:00.004+00:002016-01-22T09:02:33.061+00:00Message from MFD macro malware<b>Description:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<br />
Message from MFD macro malware</div>
<br />
<b>Headers:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
Subject: Message from MFD</div>
<br />
<b>Message Body:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<table border="0" cellpadding="0" class="MsoNormalTable" style="width: 600px;"><tbody>
<tr><td style="padding-bottom: 0.75pt; padding-left: 0.75pt; padding-right: 0.75pt; padding-top: 0.75pt;">Attachment: [SKM_4050151222162800.doc]</td></tr>
</tbody></table>
</div>
<b><br />Attachment filename(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
SKM_4050151222162800.doc</div>
<br />
<br />
<b>Sha256 Hashes: </b><b><br /></b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
0f5bb3b7d13333c2141f7ee490773c70a919cf6a208c9bd37a3ba790eae48e3e [1]<br />60c2aa4d30f1a1d84e03cde89c9d16de70071f0bed798a95e309218a8ee64997 [2]<br />d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd [3]</div>
<br />
<b>Malware Virus Scanner Report(s):</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/0f5bb3b7d13333c2141f7ee490773c70a919cf6a208c9bd37a3ba790eae48e3e/analysis/">1</a>] (detection 3/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/60c2aa4d30f1a1d84e03cde89c9d16de70071f0bed798a95e309218a8ee64997/analysis/">2</a>] (detection 3/55)<br />
VirusTotal Report: [<a href="https://www.virustotal.com/en/file/d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd/analysis/">3</a>] (detection 3/55)</div>
<b><br />Sanesecurity Signature detection:</b><br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
badmacro.ndb:<b> Sanesecurity.Badmacro.Wsc.New</b></div>
<b><br />Important notes:</b><br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
<u>Am I Safe?</u><br />
<br />
The current round of Word/Excel/XML/Docm attachments<b> are targeted at Windows and Microsoft Office users.</b><br />
<br />
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe<b>.</b>LibreOffice and OpenOffice users should also be safe<b> but do not enable macros if asked to by the attached file.</b><br />
<br />
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,<br />
<b> do not enable macros if asked to by the attached file.</b><br />
<br />
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.<br />
<br />
These word/excel attachments normally try to download either...<br />
<br />
<a href="http://sanesecurity.blogspot.co.uk/2015/01/word-excel-macro-malware-dridex-bot.html">Dridex banking trojan</a>,<br />
<a href="http://sanesecurity.blogspot.com/2015/10/shifu-banking-trojan.html">Shifu banking trojan</a><br />
<br />
... both of which are designed to steal login information regarding your bank accounts either by <br />
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)</div>
<br />
<br />
<div style="background: #eee; border: 1px solid #ccc; padding: 5px 10px;">
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email <b>normally won't have
come from their servers or IT systems but from an external bot net.
</b><br />
<br />
These bot-net emails normally have faked email headers/addresses. <br />
<br />
<b>It's
not advised to ring/email the the company themselves, as there won't really be
anything they can do to help you or to stop the emails being spread.</b></div>
<br />
<br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Cheers,</span><br />
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;">Steve</span></div>
<div class="MsoNormal">
<a href="http://sanesecurity.com/"><span style="font-family: "times new roman" , serif; font-size: 12pt;">Sanesecurity.com</span></a></div>
Steve Basfordhttp://www.blogger.com/profile/09190356137354403294noreply@blogger.com0