File name:

Sharepointrv_06_19_2018_ Invoice 18760pdf.xps

Full analysis: https://app.any.run/tasks/fabc3ff8-eb80-478e-8853-6ea5ed9ef920
Verdict: No threats detected
Analysis date: June 20, 2018, 15:02:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
MIME: application/octet-stream
File info: Microsoft OOXML
MD5:

AA4C188D43B8CFEAC350FABAB143AE43

SHA1:

2A0363E8799BF360F361CEBC135E361C1C6458B9

SHA256:

246AA9679BF951D23EC60ECC50BEE61606C59BD7C5BEF355708C7D54105CC1F8

SSDEEP:

12288:YU/HXovKhIqIQnGEmVzO6cuhJoqi8iXyA8kgJU:v4v8bI2+coJoqiIA8kgJU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Dropped object may contain URL's

      • xpsrchvw.exe (PID: 2368)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.oxps/xps | Open XML Paper Specification (57)
.zip | Open Packaging Conventions container (35)
.zip | ZIP compressed archive (8)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0006
ZipCompression: Deflated
ZipModifyDate: 1980:01:01 00:00:00
ZipCRC: 0x74536f20
ZipCompressedSize: 360
ZipUncompressedSize: 1063
ZipFileName: [Content_Types].xml

XMP

Creator: Josh Richardson

XML

CreateDate: 2018:06:19 18:43:26Z
ModifyDate: 2018:06:19 18:43:26Z
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start xpsrchvw.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2368"C:\Windows\System32\xpsrchvw.exe" "C:\Users\admin\AppData\Local\Temp\Sharepointrv_06_19_2018_ Invoice 18760pdf.xps"C:\Windows\System32\xpsrchvw.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
XPS Viewer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\xpsrchvw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
26
Read events
21
Write events
5
Delete events
0

Modification events

(PID) Process:(2368) xpsrchvw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\XPSViewer\View
Operation:writeName:PrevPagesToCache
Value:
2
(PID) Process:(2368) xpsrchvw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\XPSViewer\View
Operation:writeName:NextPagesToCache
Value:
10
(PID) Process:(2368) xpsrchvw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\XPSViewer\View
Operation:writeName:HoldAllMaxPagesToCache
Value:
20
(PID) Process:(2368) xpsrchvw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
xpsrchvw.exe
(PID) Process:(2368) xpsrchvw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\XPSViewer
Operation:writeName:FindOptions
Value:
16
Executable files
0
Suspicious files
0
Text files
5
Unknown types
3

Dropped files

PID
Process
Filename
Type
2368xpsrchvw.exeC:\Users\admin\AppData\LocalLow\Temp\Microsoft\OPC\DDT.f1ve76ayejrf3sz5l8s9f4juh.tmpimage
MD5:
SHA256:
2368xpsrchvw.exeC:\Users\admin\AppData\LocalLow\Temp\Microsoft\OPC\DDT.2d0xy8_bx8h_xarw8r9xzk00.tmptext
MD5:
SHA256:
2368xpsrchvw.exeC:\Users\admin\AppData\LocalLow\Temp\Microsoft\OPC\DDT.3xlds1cwby1m0hwrs9nomedeb.tmpimage
MD5:
SHA256:
2368xpsrchvw.exeC:\Users\admin\AppData\LocalLow\Temp\Microsoft\OPC\DDT.8_xc3wdyrzxcn0n43ztp3sx1c.tmpodttf
MD5:
SHA256:
2368xpsrchvw.exeC:\Users\admin\AppData\LocalLow\Temp\Microsoft\OPC\DDT.dfmoq2fu8pvna9d8kdg3mv0bc.tmpttf
MD5:
SHA256:
2368xpsrchvw.exeC:\Users\admin\AppData\LocalLow\Temp\Microsoft\OPC\DDT.7t6wib3nq8qgqxg1psv6yzz6c.tmpodttf
MD5:
SHA256:
2368xpsrchvw.exeC:\Users\admin\AppData\LocalLow\Temp\Microsoft\OPC\DDT.lmq71f2jar0u9yybe_9lx_qoe.tmptext
MD5:
SHA256:
2368xpsrchvw.exeC:\Users\admin\AppData\LocalLow\Temp\Microsoft\OPC\DDT.8prp8h6hlkl09l12p9z9b4vab.tmptext
MD5:0A9EBBCA867FF233708008B056DE61B1
SHA256:A00CA37E3C02C36C3DD6B5DA4A326278FFC20CA27AAA93D4B08A1251FD708D32
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Sharepointrv_06_19_2018_ Invoice 18760pdf.xps