Windows
Analysis Report
Quotation.xls
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
EXCEL.EXE (PID: 3028 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\EXCEL. EXE" /auto mation -Em bedding MD5: D53B85E21886D2AF9815C377537BCAC3) AcroRd32.exe (PID: 1872 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroR d32.exe" - Embedding MD5: 2F8D93826B8CBF9290BC57535C7A6817) RdrCEF.exe (PID: 3188 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroC EF\RdrCEF. exe" --bac kgroundcol or=1651404 3 MD5: 326A645391A97C760B60C558A35BB068)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MalDoc_4 | Yara detected MalDoc | Joe Security |
System Summary |
---|
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Source: | Author: frack113: |
- • AV Detection
- • Compliance
- • Spreading
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Stealing of Sensitive Information
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Directory queried: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | File source: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Screenshot OCR: |
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD000EE583/\x1Ole' : | ||
Source: | Stream path 'MBD000EE583/\x1Ole' : |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD000EE580/CONTENTS' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'MBD000EE580/CONTENTS' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Directory queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 11 File and Directory Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | Virustotal | Browse | ||
13% | ReversingLabs | Document-Office.Trojan.Sonbokli |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
2s.gg | 13.107.246.40 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.40 | 2s.gg | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
IP |
---|
192.168.2.255 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1415005 |
Start date and time: | 2024-03-25 12:52:18 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Quotation.xls |
Detection: | MAL |
Classification: | mal68.troj.expl.winXLS@11/29@1/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, WM IADAP.exe - Excluded IPs from analysis (wh
itelisted): 23.50.124.134, 23. 207.202.183, 23.207.202.187, 2 3.207.202.196 - Excluded domains from analysis
(whitelisted): ssl.adobe.com. edgekey.net, armmf.adobe.com, e4578.dscb.akamaiedge.net, acr oipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, acroipm 2.adobe.com - Report size getting too big, t
oo many NtCreateFile calls fou nd. - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtQueryDirectoryFile c alls found. - Report size getting too big, t
oo many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
11:53:34 | API Interceptor | |
11:53:40 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.40 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | TechSupportScam | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | TechSupportScam | Browse | |||
Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
36f7277af969a6947a61ae0b815907a1 | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 270336 |
Entropy (8bit): | 0.0018811398465979306 |
Encrypted: | false |
SSDEEP: | 3:MsEllllkEthXllkl2zE4ltwCZq:/M/xT02z7Oz |
MD5: | E356C76ACF3317D02705149284017DF1 |
SHA1: | 7871F5D21209DD63E2228F369A9D5F153D70DE16 |
SHA-256: | 90FA1ADC9A3BB3EEB568406F7A4B2FA9E98EBBF58089853DD88745F3B4F9F3BD |
SHA-512: | 2B9A0491A4096B02D3CC1C06A8BA28077A9F804E92DAB7F4526ED9E216D899C6B9461A51436678DDB86F82F509945F9679DF11D921CB7BDBE494B5D19E9D0388 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.238155146872105 |
Encrypted: | false |
SSDEEP: | 6:FJX+q2PP2nKuAl9OmbnIFUt88JjZmw+8Jf2BVkwOP2nKuAl9OmbjLJ:uvWHAahFUt8w/+22P57HAaSJ |
MD5: | 33906028D3DEA06F2BF237BAEBFDFA4B |
SHA1: | 572289EAF5C62C2D1D77804B980F5F804E3C772B |
SHA-256: | AA60AC4568526BCD0E550A87BEC07481ABDE638CF1604B031876891F2ED9548F |
SHA-512: | A0BC9F6A1C1FE48E0AED091E1D32C9A9AE9F6888AA664836223B45C6D0B963B807CE7EBEEE205544C870C66F8C31F871EF191F8DFC01DEED7344E2E5B5FD34F3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.238155146872105 |
Encrypted: | false |
SSDEEP: | 6:FJX+q2PP2nKuAl9OmbnIFUt88JjZmw+8Jf2BVkwOP2nKuAl9OmbjLJ:uvWHAahFUt8w/+22P57HAaSJ |
MD5: | 33906028D3DEA06F2BF237BAEBFDFA4B |
SHA1: | 572289EAF5C62C2D1D77804B980F5F804E3C772B |
SHA-256: | AA60AC4568526BCD0E550A87BEC07481ABDE638CF1604B031876891F2ED9548F |
SHA-512: | A0BC9F6A1C1FE48E0AED091E1D32C9A9AE9F6888AA664836223B45C6D0B963B807CE7EBEEE205544C870C66F8C31F871EF191F8DFC01DEED7344E2E5B5FD34F3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.238155146872105 |
Encrypted: | false |
SSDEEP: | 6:FJX+q2PP2nKuAl9OmbnIFUt88JjZmw+8Jf2BVkwOP2nKuAl9OmbjLJ:uvWHAahFUt8w/+22P57HAaSJ |
MD5: | 33906028D3DEA06F2BF237BAEBFDFA4B |
SHA1: | 572289EAF5C62C2D1D77804B980F5F804E3C772B |
SHA-256: | AA60AC4568526BCD0E550A87BEC07481ABDE638CF1604B031876891F2ED9548F |
SHA-512: | A0BC9F6A1C1FE48E0AED091E1D32C9A9AE9F6888AA664836223B45C6D0B963B807CE7EBEEE205544C870C66F8C31F871EF191F8DFC01DEED7344E2E5B5FD34F3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.006738561099835664 |
Encrypted: | false |
SSDEEP: | 3:ImtVzzNXM1xVlt/XSxdlt4dV1gt/l:IiVzexlKxdX4m1l |
MD5: | D4CF1F3A7B99D7068973876B73A1F224 |
SHA1: | 415439B3A600BAA93C50CB1E29E75CCF22B24CD5 |
SHA-256: | C1F5B396738C5E9346D2C9CDD39ECFB59CAB894EE387E9AD9629AB7F1B34AD06 |
SHA-512: | 5A0AA86402DBE099F487A805EF33AB3B644CA64CC83B1F47437FF24F57F3D2C6E5DBD5F35E4AF3640D2A9F493361A8F71751546620163DF278306FA5E7717D87 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61440 |
Entropy (8bit): | 3.5761552870725093 |
Encrypted: | false |
SSDEEP: | 384:neh9dThqtELJ8DAcLKuZsLRGlKhsvXh+vSc:/AeZsLQhUSc |
MD5: | E7B6E83EC58A38694A8FE87CC7831966 |
SHA1: | 855175FDA6DB814A4C95924A20F0097E5BC76BC4 |
SHA-256: | 1174274E82BC5064ECDFC78BCDC2CA91773DE0B33C68A3DEB06AA0DC9103F360 |
SHA-512: | 7D1225B1673BC7BA1C038E18997C65C878055B1D063078B5891678206835B4BBFBA601D66E5EEE4BCBF9C8DCB47944C3DA155E7980D1297775112DFDB2BCA502 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.3126281281578103 |
Encrypted: | false |
SSDEEP: | 48:7MUL2iomVmBsmom1CAiomKom1Nom1Aiom1RROiom1Com1pom1viomVPiomg0qAlq:7vaCm6rAwhbCP0d49IVXEBodRBkH |
MD5: | D58A8C27BD4820D275592D9379390EB7 |
SHA1: | CBF7C165D69ACBF747326EA467E079F40FF96C7B |
SHA-256: | 9B25517D6C2A9EEC934F8E95F1D62194E1BB80064A197E6BCE7B9FEEE1D2251D |
SHA-512: | 3FF5BA396732C6BF91FBE9607013506878D6F4DAB70E22E0037E464072ABB3A2658027C9B8C47A624D2580423A398258DCFBA24FC5E9B5252A8CAC0398CACACA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 536 |
Entropy (8bit): | 5.17576513886526 |
Encrypted: | false |
SSDEEP: | 12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa |
MD5: | 4D5E3CD969F14362210F0473720C5528 |
SHA1: | AFD90E9888759B809F78E87D5550B601A288A0A3 |
SHA-256: | 79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE |
SHA-512: | B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 536 |
Entropy (8bit): | 5.17576513886526 |
Encrypted: | false |
SSDEEP: | 12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa |
MD5: | 4D5E3CD969F14362210F0473720C5528 |
SHA1: | AFD90E9888759B809F78E87D5550B601A288A0A3 |
SHA-256: | 79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE |
SHA-512: | B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 536 |
Entropy (8bit): | 5.17576513886526 |
Encrypted: | false |
SSDEEP: | 12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa |
MD5: | 4D5E3CD969F14362210F0473720C5528 |
SHA1: | AFD90E9888759B809F78E87D5550B601A288A0A3 |
SHA-256: | 79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE |
SHA-512: | B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9566 |
Entropy (8bit): | 5.226610011802065 |
Encrypted: | false |
SSDEEP: | 192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV |
MD5: | 63B24EA3A13EAC476D6309BB202EF459 |
SHA1: | 89502C393549C20C933E4553F51F74F3DBE085EF |
SHA-256: | 2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA |
SHA-512: | 2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9566 |
Entropy (8bit): | 5.226610011802065 |
Encrypted: | false |
SSDEEP: | 192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV |
MD5: | 63B24EA3A13EAC476D6309BB202EF459 |
SHA1: | 89502C393549C20C933E4553F51F74F3DBE085EF |
SHA-256: | 2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA |
SHA-512: | 2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 176406 |
Entropy (8bit): | 2.484446607797001 |
Encrypted: | false |
SSDEEP: | 1536:ANTBeJFFFFFFp7LDyWC+voagpPOrtpyxxxxxxVzS:RDyt+voagpP |
MD5: | 949FACFA2A9AF0437E9E0DC9B47519D0 |
SHA1: | 4BD793C2FD9C71D49874338C7C118631531FD032 |
SHA-256: | 5748FB2871CE9D51A2DBDB5A69BC89A02B74EFC6C64EE1EE164E4B7D8F01E0F5 |
SHA-512: | 2829763A349E8FFEF0777C9FBDB5C59BA28CE2AC778B2232FEEAED07F0E11A58B0F38CB5FD36A5AEB875C7732C985029F99A18A2E87BCF3BC1E7B87D1A9CABFF |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72643 |
Entropy (8bit): | 5.393779678652009 |
Encrypted: | false |
SSDEEP: | 768:PCbTjMYOpdyVFWqnPvBRSiRkTIVzY3Z2XqpWHDKXUHYyu:AlOpdyVFWcPvBBRkTIdY3w6UHK |
MD5: | C765890C72D1098C86BB149551F04F5B |
SHA1: | A170915B44BB6625069E25726E071E6E552D7C3E |
SHA-256: | C1F668F57FE219F028EE8DE7A81EFA842ED9D3AEA7464A979494C7B6DBC98BA7 |
SHA-512: | F8E6FE00A7EC0376EB472DF7EE49F8A718427C0EFE5D26482127AAA9F4FEB0B90ED94F08B1A06BC99FEDE09B1D8AAC60F1292A81338CC211492F19A501535B14 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 884312 |
Entropy (8bit): | 1.2944965349348616 |
Encrypted: | false |
SSDEEP: | 1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw |
MD5: | 9ABE7EB352E0DB96B52C99AC2FDEA85F |
SHA1: | 8DC45D02308275BA32B7FFB320A3042256D40C8B |
SHA-256: | EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869 |
SHA-512: | E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 433328 |
Entropy (8bit): | 5.820372794819892 |
Encrypted: | false |
SSDEEP: | 6144:5ifm7kwvqU4iyCbPUV7gdaI6z0R/sjBx2:5l7kwvqULUVS |
MD5: | 80FFFCB0396B7B7239A1C487BC4ED268 |
SHA1: | 10C60440CAA34570EECCBA82ECFD190AD62BABF9 |
SHA-256: | 9EF35080E86224DB2E177FD5476252DC848E82A635F92B04A6E3C35ED79E34B6 |
SHA-512: | 30A23B18E5ACEC847F6C76F3B1F1828EFBCF5308B09C933B96AF4D6D881621B30D3D9EE3DAC4CD42FAAD34578667E37E7EF5D08F8BE87FBDEAA21967A735CDE4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 884312 |
Entropy (8bit): | 1.2944875740888722 |
Encrypted: | false |
SSDEEP: | 1536:k3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:5ux/ZiOE85e+8J2dvRcvMyw |
MD5: | B6DFB3AA7AC4A1A52336C30FA821857B |
SHA1: | 66ECB808A516AC5B07A01CDFCAD65FD7B9907619 |
SHA-256: | E22202331F689D7568E674B0DCD895DF66FAC5980498F05A846DE244AB3394C4 |
SHA-512: | A13562F976BCBEEF7D4B4926C37E39BFD4C588EF6E746792B806E6737C91604175395021D4884493D764CE7F0EE2ACC6C7D03A6045A5B4ED6616E5D7E4C9FE94 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 1.9017483361098562 |
Encrypted: | false |
SSDEEP: | 24:YOu6PJqRixxBBBQAAJnHbG/KD3ql/mfzG/S6ATn9eDIb6eD/qLvae:9u6IRixxBBBQlJatF6n8g/wae |
MD5: | 8F636083CE616F8EB610556C57CC3CAA |
SHA1: | 4291DA8874EF4A60300F4BAAEC84F5A4A425E31E |
SHA-256: | 62E41677B9A6F9B0139BB4D5EAA890F1423F707383A960FFA261A7C4A677F3EB |
SHA-512: | 78FF54528C73E9E52C67FC8536BDA2628F4177ACDC9E749F4EAF69639F82E468B3766AEACD4F24BABCB30227572B2F522FDDF2FBD8B790C474ACF313BD32C84A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 1.929653848333741 |
Encrypted: | false |
SSDEEP: | 12:YB1uOUvJqRENEtEtEdEdEdEO6Mcs/vs9/09v89fE9vM9/U9Lzlm97z9m9Lz1m9bO:Y7uTvJqRiGGWWWRKqurbkdBvae |
MD5: | 4A103FC1809C8EA381D2ACB5380EF4F6 |
SHA1: | 6C81D37798C4D78C64E7D3EF7EB2ACB317C9FF67 |
SHA-256: | 1AB8F5ABD845FFD0C61A61BB09BFCF20569B80B4496BCCB58C623753CF40485C |
SHA-512: | 77DA8AB022505D77F89749E97628CAF4DD8414251CB673598ACBA8F7D30D1889037FAB30094A6CE7DC47293697A6BEF28B92364D00129B59D2FC3711C82650F5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330948 |
Entropy (8bit): | 4.97410497936274 |
Encrypted: | false |
SSDEEP: | 3072:H0Bd8yCKdQW2222222Igccz3/qSmV1XITSuaZgOTARfMDc1ji:H0Bd8yCKdQRzw4muaZ9TARfMDcFi |
MD5: | 91E42C95A20C0DA7401F5D2FE56963B5 |
SHA1: | 5E7247DB014DABC98E6A6334E01A123111F999A6 |
SHA-256: | 16C7596240D87E8C68DA3B103C151665626023CAB52BC8667558D927B5353F27 |
SHA-512: | 64E2B7E0A3B016A1C25E43F10F8F536451A8FEE2345F3CB0DC913F18FB1C71726C95E7702220AECDDC9C15B8AC1C5F909AFF703C11102FE10CCE3140850DDC5C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 172032 |
Entropy (8bit): | 6.203825072432931 |
Encrypted: | false |
SSDEEP: | 3072:BZkJAg15FTKWIHSApIYYFxEtjPOtioVjDGUU1qfDlaGGx+cugLX0d6RwE/zDiamj:BZunFTqynxEtjPOtioVjDGUU1qfDlavK |
MD5: | B0B039C9D556965D0D5748A4666FE1DE |
SHA1: | 5549D605D38B29D0BAEFB557DAA7A530957C4FAC |
SHA-256: | C084C8C4CE9857D5691C11BF2D49F265A2BBBE660425E6CFDA14C2B29F4D89A4 |
SHA-512: | 3F21F457A60CD2694C45B8EAA4A723A7907F41B3C47914AEEB84E55D09008767084C7DC276AF6BD03D115A2443D3AEF060FB463B05317A612E0BBA81EDD8569F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.8539726837564245 |
Encrypted: | false |
SSDEEP: | 192:KoruQTYZwtFEBP6pIMkrlzDDgoAlKl0CkDNpJ:ZBTYOIBP+kBHnAclSDF |
MD5: | 5CC24B2C64A3E891AC20A84EBCB285A0 |
SHA1: | 63D685400D0EC628051188F5A621C76B64AFFE4B |
SHA-256: | 1ED7D2517E0116192B12605739CBFAC7E644BDCA430763D6D02FBA63951AE780 |
SHA-512: | 778917037AD06BADDC8A197D30BB60EFE3B36EAD0040CD4BF2DE4CE56F9925D24D4E503AB9CBD812464060BF42CEFA9C5EE406B1CE1BF952386778960802BA54 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10240 |
Entropy (8bit): | 0.6739662216458647 |
Encrypted: | false |
SSDEEP: | 12:Ppb0slZp69PO9tauZ7nH2AaYSQ81v0t4TreIBUxFj87+k/R:RbG4WuZfKZ1c+reIAon/R |
MD5: | C61F99FE7BEE945FC31B62121BE075CD |
SHA1: | 083BBD0568633FECB8984002EB4FE8FA08E17DD9 |
SHA-256: | 1E0973F4EDEF345D1EA8E90E447B9801FABDE63A2A1751E63B91A8467E130732 |
SHA-512: | 46D743C564A290EDFF307F8D0EF012BB01ED4AA6D9667E87A53976B8F3E87D78BEBE763121A91BA8FB5B0CF5A8C9FDE313D7FBD144FB929D98D7D39F4C9602C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24152 |
Entropy (8bit): | 0.7532185028349225 |
Encrypted: | false |
SSDEEP: | 48:CMnfnO4FGtsFqN6t8nlztZKR6axR6uiozVb:ZnfO4kWKpZKdxR35 |
MD5: | 520FE964934AF1AB0CEBA2366830D0FA |
SHA1: | B90310ACA870261CB619FDFD1E54E1B1A25074FF |
SHA-256: | DBD45EEA386D364B30BA189E079BFA05C2C40D9E5E83722C39A171998ED079C1 |
SHA-512: | A4839A6AB8DB522D9121A590B8C711E8C4F172D9CB71C918860F8048472920F3341B7BA624DFF514BE397809149E4471B2DF981DC81FE77C26B2DDF342A42F8C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 364544 |
Entropy (8bit): | 7.806741893911411 |
Encrypted: | false |
SSDEEP: | 6144:ulunhTqypxEtjPOtioVjDGUU1qfDlavx+fgLX0d6NivPbVWre6EAKnXgt1W/hdyG:uIhTz+CbVWHKXgt1sdR/vmsw872W |
MD5: | 266ACEF87A0366FDACDDA4E381195D72 |
SHA1: | 229E8EBD3A16BDA6A05373A30EA16ADAF0E6358D |
SHA-256: | ABF9C2F24423AD52E8501DAD92EA8CA5AADA461EF024DA5CD3A0E88CD8CDDDD1 |
SHA-512: | 0F854B5F3BE22A46F1243664F29965D664D2DAE8DAA545F7589CEB69400D4AB5845AA61D41818D6E945B0F1559BB9E9553EF519F5E60A2C002640BB142BA3B30 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 364544 |
Entropy (8bit): | 7.806741893911411 |
Encrypted: | false |
SSDEEP: | 6144:ulunhTqypxEtjPOtioVjDGUU1qfDlavx+fgLX0d6NivPbVWre6EAKnXgt1W/hdyG:uIhTz+CbVWHKXgt1sdR/vmsw872W |
MD5: | 266ACEF87A0366FDACDDA4E381195D72 |
SHA1: | 229E8EBD3A16BDA6A05373A30EA16ADAF0E6358D |
SHA-256: | ABF9C2F24423AD52E8501DAD92EA8CA5AADA461EF024DA5CD3A0E88CD8CDDDD1 |
SHA-512: | 0F854B5F3BE22A46F1243664F29965D664D2DAE8DAA545F7589CEB69400D4AB5845AA61D41818D6E945B0F1559BB9E9553EF519F5E60A2C002640BB142BA3B30 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.444659639727352 |
TrID: |
|
File name: | Quotation.xls |
File size: | 325'120 bytes |
MD5: | 0cd0b71b219419b688ecd6599223639a |
SHA1: | fde7e33898b73304755f1cff8578139f34246e23 |
SHA256: | 3a23b616a5944735ffa156ebfba3fcf8debec466c00687a52ecdbde03b2bd94a |
SHA512: | 4f100911dd165722b710438510ca61b7541d22c9c25a2df59f2c5f49ad40ed789b6754f143930dee88bf45f063d0ed2548e97713f29ccd13db24f9b03493308a |
SSDEEP: | 6144:ZyunhXx+oY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVqIMIlSD3Sclx/nTOtB:ZzhXx+l3bVqIMIlSDicj6Is |
TLSH: | EF64E151BE91874AE85607754DFB4A9A6325FC41AF524F0F324CF71D3EB03A44E2BA22 |
File Content Preview: | ........................>.......................................................G...H...{...................................................................................................................................................................... |
Icon Hash: | 276ea3a6a6b7bfbf |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2024-03-24 17:45:21 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 83 ee 8e c0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 83 ee 0b e3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 83 ee 8f 13 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 83 ee 81 99 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.2920681057018664 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . ~ . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD000EE580/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD000EE580/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 62 |
Entropy: | 2.7788384466112834 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 3 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 33 00 |
General | |
Stream Path: | MBD000EE580/CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.7, 1 pages |
Stream Size: | 20909 |
Entropy: | 7.967116806702583 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / A c r o F o r m 3 0 R . > > . e n d o b j . 4 0 o b j . < < . / P r o d u c e r ( 3 . 0 . 4 \\ ( 5 . 0 . 8 \\ ) ) . / M o d D a t e ( D : 2 0 2 3 0 9 2 2 0 3 2 2 4 8 + 0 2 ' 0 0 ' ) . > > . e n d o b j . 2 0 o b j . < < . / T y p e / P a g e s . / K i d s [ 5 0 R ] . / C o u n t 1 . > > . e n d o b j . 3 0 o b j . < < . / F i e l d s [ ] . / D R 6 0 R . > > . e n d |
Data Raw: | 25 50 44 46 2d 31 2e 37 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 33 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 72 6f 64 75 63 65 72 20 28 33 2e 30 2e 34 20 5c 28 35 2e 30 2e 38 5c 29 20 29 0a 2f 4d 6f 64 44 61 74 65 |
General | |
Stream Path: | MBD000EE581/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 113 |
Entropy: | 3.9544012817407785 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . / . . . M i c r o s o f t O f f i c e E x c e l M a c r o - E n a b l e d W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 4d 61 63 72 6f 2d 45 6e 61 62 6c 65 64 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD000EE581/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 11603 |
Entropy: | 7.129143775443908 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . h f . . . 6 . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 68 cf de 66 81 01 00 00 36 05 00 00 13 00 cc 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c8 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD000EE582/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD000EE582/\x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 708 |
Entropy: | 3.6235698530352805 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 20 02 00 00 dc 01 00 00 14 00 00 00 01 00 00 00 a8 00 00 00 02 00 00 00 b0 00 00 00 03 00 00 00 bc 00 00 00 0e 00 00 00 c8 00 00 00 0f 00 00 00 d4 00 00 00 04 00 00 00 e0 00 00 00 05 00 00 00 |
General | |
Stream Path: | MBD000EE582/\x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 23248 |
Entropy: | 3.023529376533741 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . 4 . . . . . . . < . . . . . . . D . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v i v i e n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 5a 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e4 00 00 00 09 00 00 00 f4 00 00 00 |
General | |
Stream Path: | MBD000EE582/Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 97808 |
Entropy: | 7.365164212626042 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . P . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
Stream Path: | MBD000EE583/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 578 |
Entropy: | 5.890730367113106 |
Base64 Encoded: | False |
Data ASCII: | . . . . h . ] ~ . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . : . / . / . 2 . s . . . g . g . / . 3 . z . M . . . 1 F 2 . | F m q . a \\ > 2 D n D : ) ! 5 x . s 7 . . . C . . 9 y C m . : ~ = > . } . Y # U { * 5 . , W & L . 6 z < . . # B @ . % R d o n . . Z 1 3 . . . . # o & * . . . . P . . g / ! & . 4 t G < + . . . . . . . . . . . . . . . . . . . x . E . E . B . 3 . V . G . 5 . a . E . 0 . D . U . 3 . E . M . O . f . B . Y . m . C . Q . G . I . b . 1 . N . x . O . 6 . v . D . c . L . R . |
Data Raw: | 01 00 00 02 83 68 0f 5d 88 7e dc 17 00 00 00 00 00 00 00 00 00 00 00 00 ee 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b ea 00 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 32 00 73 00 2e 00 67 00 67 00 2f 00 33 00 7a 00 4d 00 00 00 31 46 32 fc aa cd ee d8 96 7c 46 d4 6d f1 a1 71 0a dc 61 5c f0 3e 32 be 81 af 44 6e 44 9d 85 3a 29 83 ef 21 be 35 bc 9d 78 1c a9 d2 ee 73 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 151279 |
Entropy: | 7.995935603742815 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . j l E q m J . 2 D = z . d . < m h 1 z A ^ Y G . P . . . . . . . . . . . . \\ . p . v = . U Z v . & " . D > J f o l - } p f . . . . 0 k F a . . . ? w ^ O ] 8 [ . N C % * . n . ; { o m 4 . 5 _ D i h B . . . $ a . . . . . . . = . . . . ^ v 9 . . . . . ~ M E T m . . . . . . . . i . . . . v . . . . . . . D . . . . l = . . . Q d N K . ~ B 5 @ . . . . . . m " . . . { . . . . } [ . . . . ) . . . 4 1 . . . ; t 7 . D . t . 8 _ . . . U d @ ~ o 1 . . . l { . A { . = |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 af fa 6a a9 95 e7 6c fe 45 b9 71 6d 4a 07 32 89 f2 ca 44 3d 7a 81 04 64 14 3c bc 8a 6d 68 c6 31 b4 7a 41 5e 8f 59 47 1e 85 50 94 af 90 a1 c2 9b e1 00 02 00 b0 04 c1 00 02 00 9d 16 e2 00 00 00 5c 00 70 00 76 dd 3d f3 1c c3 55 5a a5 76 db c4 8a f7 af 26 22 9b 04 a1 e5 a7 44 3e 4a 9b a3 66 6f 6c |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 523 |
Entropy: | 5.281635851471027 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 7 B 2 E 2 6 F 5 - 3 2 E 2 - 4 7 A 9 - 9 6 6 0 - A E 8 9 E 9 7 7 2 4 B C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 6 5 6 7 8 6 5 4 B A 7 6 B E 7 6 B |
Data Raw: | 49 44 3d 22 7b 37 42 32 45 32 36 46 35 2d 33 32 45 32 2d 34 37 41 39 2d 39 36 36 30 2d 41 45 38 39 45 39 37 37 32 34 42 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.9874635293076497 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.364380970389258 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 4 . h . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 34 ba 0e 68 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
- Total Packets: 23
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 25, 2024 12:53:27.265935898 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.366673946 CET | 80 | 49163 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:27.366753101 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.367100954 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.466829062 CET | 80 | 49163 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:27.467048883 CET | 80 | 49163 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:27.471324921 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.477732897 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.477799892 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:27.477880001 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.484338999 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.484373093 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:27.795260906 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:27.795351028 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.800404072 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.800416946 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:27.800777912 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:27.803292036 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.928618908 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:27.928736925 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:27.928791046 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:51.913686037 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:52.014431000 CET | 80 | 49163 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:52.014487982 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:52.015697956 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:52.015716076 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:52.015765905 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:52.018040895 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:52.018059015 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:52.334033012 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:52.334109068 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:52.339633942 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:52.339648962 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:52.339968920 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:52.340019941 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:52.344600916 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 25, 2024 12:53:52.344671011 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 25, 2024 12:53:52.344723940 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 25, 2024 12:53:04.084023952 CET | 138 | 138 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:53:27.150363922 CET | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 25, 2024 12:53:27.256373882 CET | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Mar 25, 2024 12:53:52.128031015 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:53:52.877669096 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:53:53.627680063 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:54:01.120549917 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:54:01.870158911 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:54:02.620223045 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:54:03.835768938 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:54:04.585303068 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:54:05.335411072 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 25, 2024 12:55:03.768484116 CET | 138 | 138 | 192.168.2.22 | 192.168.2.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 25, 2024 12:53:27.150363922 CET | 192.168.2.22 | 8.8.8.8 | 0xdddc | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 25, 2024 12:53:27.256373882 CET | 8.8.8.8 | 192.168.2.22 | 0xdddc | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2024 12:53:27.256373882 CET | 8.8.8.8 | 192.168.2.22 | 0xdddc | No error (0) | 13.107.213.40 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49163 | 13.107.246.40 | 80 | 3028 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 25, 2024 12:53:27.367100954 CET | 315 | OUT | |
Mar 25, 2024 12:53:27.467048883 CET | 274 | IN | |
Mar 25, 2024 12:53:51.913686037 CET | 315 | OUT | |
Mar 25, 2024 12:53:52.014431000 CET | 274 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:53:04 |
Start date: | 24/03/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13ffc0000 |
File size: | 28'253'536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 11:53:33 |
Start date: | 24/03/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf0000 |
File size: | 2'525'680 bytes |
MD5 hash: | 2F8D93826B8CBF9290BC57535C7A6817 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 11:53:40 |
Start date: | 24/03/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3d0000 |
File size: | 9'805'808 bytes |
MD5 hash: | 326A645391A97C760B60C558A35BB068 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |