Subject: Order: 28112610/00 - Your ref.: 89403
From: Melba lochhead (SALES1@krheadshots.com)
Date: Monday, 19 September 2016, 16:05
Thank you for your order.
Please find attached our order confirmation.
Should you be unable to open the links in the document, you can download the latest version of Adobe Acrobat Reader for free via the following link: http://www.adobe.com/products/acrobat/readstep2.html
Should you have any further questions, do not hesitate to contact me.
Internal Sales Advisor - Material Handling Equipment Parts & Accessories
TVH UK LTD
UNIT 17 PARAGON WAY • GB-CV7 9QS EXHALL, COVENTRY
T 02476 585 000 • F 02476 585 001 • www.tvh-uk.co.uk
Watch our company movies on www.tvh.tv
Take our forklift and aerial work platform challenge!
Identify 10 brands by their machines. Be the fastest and win great prizes! Click on the image to start the quiz.
I have only seen a single sample so far, but I understand that reference numbers and names vary. Attached is a malicious .DOCM file with a name in the format OffOrd_87654321-00-1234567-654321.docm , my trusted source says that the various versions download a component from:
It drops a DLL which had a moderate detection rate earlier. This version of Locky does not communicate with C2 servers, so if you want to block or monitor traffic perhaps you should use the string 67SELbosjc358.