Windows
Analysis Report
PO_OCF 408.xls
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
EXCEL.EXE (PID: 1884 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\EXCEL. EXE" /auto mation -Em bedding MD5: D53B85E21886D2AF9815C377537BCAC3) AcroRd32.exe (PID: 2212 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroR d32.exe" - Embedding MD5: 2F8D93826B8CBF9290BC57535C7A6817) RdrCEF.exe (PID: 2164 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroC EF\RdrCEF. exe" --bac kgroundcol or=1651404 3 MD5: 326A645391A97C760B60C558A35BB068)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MalDoc_4 | Yara detected MalDoc | Joe Security |
System Summary |
---|
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Source: | Author: frack113: |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | File source: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Screenshot OCR: |
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD000A282D/CONTENTS' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'MBD000A282D/CONTENTS' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
2s.gg | 13.107.246.40 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.40 | 2s.gg | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1416056 |
Start date and time: | 2024-03-26 19:41:07 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PO_OCF 408.xls |
Detection: | MAL |
Classification: | mal68.troj.expl.winXLS@10/21@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, WM IADAP.exe, svchost.exe - Report size getting too big, t
oo many NtCreateFile calls fou nd. - Report size getting too big, t
oo many NtQueryValueKey calls found. - VT rate limit hit for: PO_OCF
408.xls
Time | Type | Description |
---|---|---|
18:42:20 | API Interceptor | |
18:42:36 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.40 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
2s.gg | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Njrat | Browse |
| |
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | MAC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
36f7277af969a6947a61ae0b815907a1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 270336 |
Entropy (8bit): | 0.0018885380473555064 |
Encrypted: | false |
SSDEEP: | 3:MsEllllkEthXllkl2zE+/j//:/M/xT02zb |
MD5: | 9DF1593FEE4FCD00F72EBE0DD8F6D812 |
SHA1: | E83178164F1FA2E076E6A561ADFED2C058DBECDE |
SHA-256: | 15B9FC33A98427BEB4F7D666440AB2638B7237BDEFAD573F69262FAFC0DCC3E3 |
SHA-512: | ADDE1CF4C2B7015F446D0E44C991B9B83746904FC70A4602C571B87A02B726609CB138C2DC707AF629A6C844157081057A34F25FE59D9A5F2F62CD8EDA9CFEBA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.251652192067681 |
Encrypted: | false |
SSDEEP: | 6:FuUb5zN+q2PP2nKuAl9OmbnIFUt88uUb5tZZmw+8uUb5tNVkwOP2nKuAl9OmbjLJ:B5zIvWHAahFUt8W5tZ/+W5tz57HAaSJ |
MD5: | BC2CE77F1C94189E3C739E651F39D3A6 |
SHA1: | 3216796BA896AE002624EE3441F1D09ED40170FA |
SHA-256: | 1B6F50E670D3C45FF57098F94E8346BBDC5F0735E0B08C013686CD0FC5614119 |
SHA-512: | 04E35D6115BF9FC839769B31063D74905C6204029EED36EA89D90E6F5E51BA1A8F24BAED95084FEFCDAD35CB1AFCF890FFB9F002D9A341A079567AB920090E08 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.251652192067681 |
Encrypted: | false |
SSDEEP: | 6:FuUb5zN+q2PP2nKuAl9OmbnIFUt88uUb5tZZmw+8uUb5tNVkwOP2nKuAl9OmbjLJ:B5zIvWHAahFUt8W5tZ/+W5tz57HAaSJ |
MD5: | BC2CE77F1C94189E3C739E651F39D3A6 |
SHA1: | 3216796BA896AE002624EE3441F1D09ED40170FA |
SHA-256: | 1B6F50E670D3C45FF57098F94E8346BBDC5F0735E0B08C013686CD0FC5614119 |
SHA-512: | 04E35D6115BF9FC839769B31063D74905C6204029EED36EA89D90E6F5E51BA1A8F24BAED95084FEFCDAD35CB1AFCF890FFB9F002D9A341A079567AB920090E08 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.251652192067681 |
Encrypted: | false |
SSDEEP: | 6:FuUb5zN+q2PP2nKuAl9OmbnIFUt88uUb5tZZmw+8uUb5tNVkwOP2nKuAl9OmbjLJ:B5zIvWHAahFUt8W5tZ/+W5tz57HAaSJ |
MD5: | BC2CE77F1C94189E3C739E651F39D3A6 |
SHA1: | 3216796BA896AE002624EE3441F1D09ED40170FA |
SHA-256: | 1B6F50E670D3C45FF57098F94E8346BBDC5F0735E0B08C013686CD0FC5614119 |
SHA-512: | 04E35D6115BF9FC839769B31063D74905C6204029EED36EA89D90E6F5E51BA1A8F24BAED95084FEFCDAD35CB1AFCF890FFB9F002D9A341A079567AB920090E08 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.005597679101775777 |
Encrypted: | false |
SSDEEP: | 3:ImtVOM1xVlt/XSxdltIt/l:IiVfxlKxdXI1l |
MD5: | FD55D575475A6BD81B055F46FA34BA8B |
SHA1: | 289A6344929F221E19D2F9097A5907FE42C03855 |
SHA-256: | 261CE45767DBF1E61AAF67C5EC1D75C2FF5C02681DF96897D5B0EC56A0F8C2AB |
SHA-512: | F2247D89C3268E838AE6F4BCDC1C4BB9C60E4F2E05B1763CD152811661A00B8BFC467F71009894676E38CE31229DF35F6FC9F2F19C2911698012D0594697F098 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126040 |
Entropy (8bit): | 1.985251446829603 |
Encrypted: | false |
SSDEEP: | 384:hNzyk+spBXiosQUYuoB7OdnGbLq+AtKzZQ9w/fQ1D+v+W2gnHwvAgIEyXG1oJ/+e:ntwvgnHwvAP |
MD5: | 330C5CD92C1A1BA53D223D90D4D391F2 |
SHA1: | C00EBD56BD6F9AE08DA567BA1ACC03C019310D4C |
SHA-256: | 3A63E107719ACD1588F7743E7BDC5990394C6D84134BD8093FAB20B16BB5B07F |
SHA-512: | 0C3EEFF95351BB418799345ACEBC72046C82BF9E5DC8480CCFDFB7E1CE3A2A208439C4F4EB1BFCA4B401BC4F6E1269645B41DD6F0DF622B968DF3CA2CE39222B |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 433328 |
Entropy (8bit): | 5.820528508142912 |
Encrypted: | false |
SSDEEP: | 6144:Bifm7kwvqU4iyCbPUV7gdaI6z0R/sjBx2:Bl7kwvqULUVS |
MD5: | 0A58C97C0448845A9EAA51E02C066A87 |
SHA1: | 9242A149FE6330D035CDD62D32512E3270DF7587 |
SHA-256: | E6E9E16C76C7D33BCE7E91BE7C683C7A94D85E6C7BC408E9D769423312C6D7CA |
SHA-512: | DE0380FAD1E7822AE2C5A0CBBA3B2CE0D721E058F6EFE8DB6EA95E5BFF8825ACEE634E9FE73E77926FFF9F6EDD9AB6744238B5BBEABF2F51B0A9FA7D93E2E8B1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 1.9017483361098562 |
Encrypted: | false |
SSDEEP: | 24:YOu6PJqRixxBBBQAAJnHbG/KD3ql/mfzG/S6ATn9eDIb6eD/qLvae:9u6IRixxBBBQlJatF6n8g/wae |
MD5: | 8F636083CE616F8EB610556C57CC3CAA |
SHA1: | 4291DA8874EF4A60300F4BAAEC84F5A4A425E31E |
SHA-256: | 62E41677B9A6F9B0139BB4D5EAA890F1423F707383A960FFA261A7C4A677F3EB |
SHA-512: | 78FF54528C73E9E52C67FC8536BDA2628F4177ACDC9E749F4EAF69639F82E468B3766AEACD4F24BABCB30227572B2F522FDDF2FBD8B790C474ACF313BD32C84A |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 884312 |
Entropy (8bit): | 1.2944875740888722 |
Encrypted: | false |
SSDEEP: | 1536:k3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:5ux/ZiOE85e+8J2dvRcvMyw |
MD5: | B6DFB3AA7AC4A1A52336C30FA821857B |
SHA1: | 66ECB808A516AC5B07A01CDFCAD65FD7B9907619 |
SHA-256: | E22202331F689D7568E674B0DCD895DF66FAC5980498F05A846DE244AB3394C4 |
SHA-512: | A13562F976BCBEEF7D4B4926C37E39BFD4C588EF6E746792B806E6737C91604175395021D4884493D764CE7F0EE2ACC6C7D03A6045A5B4ED6616E5D7E4C9FE94 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 884312 |
Entropy (8bit): | 1.2944965349348616 |
Encrypted: | false |
SSDEEP: | 1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw |
MD5: | 9ABE7EB352E0DB96B52C99AC2FDEA85F |
SHA1: | 8DC45D02308275BA32B7FFB320A3042256D40C8B |
SHA-256: | EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869 |
SHA-512: | E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330948 |
Entropy (8bit): | 4.973268478523415 |
Encrypted: | false |
SSDEEP: | 3072:90Bd8yCKdQW2222222Igccz3/qSmV1XITSuaZgOTARfMDc1ji:90Bd8yCKdQRzw4muaZ9TARfMDcFi |
MD5: | 08659781405024E100D0B67B032FEE12 |
SHA1: | F8E4C121D4FE0D35AB333AD79F5C4B06104B4AD0 |
SHA-256: | CA7CD4E41B8B2DDF5D8B720CDC0E1D48F634FE5E5EEE9DB432146E807A99F55D |
SHA-512: | 8536D53A8991BED15151FEBB344C8473D0890DE1BDECB52E386DC707B4D4DFD1CC8D2CC8A3F9A7DE41E4F16D2828BCD7DC5B1BBB001E93A91E2109C6D4D9FBE3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 1.929653848333741 |
Encrypted: | false |
SSDEEP: | 12:YB1uOUvJqRENEtEtEdEdEdEO6Mcs/vs9/09v89fE9vM9/U9Lzlm97z9m9Lz1m9bO:Y7uTvJqRiGGWWWRKqurbkdBvae |
MD5: | 4A103FC1809C8EA381D2ACB5380EF4F6 |
SHA1: | 6C81D37798C4D78C64E7D3EF7EB2ACB317C9FF67 |
SHA-256: | 1AB8F5ABD845FFD0C61A61BB09BFCF20569B80B4496BCCB58C623753CF40485C |
SHA-512: | 77DA8AB022505D77F89749E97628CAF4DD8414251CB673598ACBA8F7D30D1889037FAB30094A6CE7DC47293697A6BEF28B92364D00129B59D2FC3711C82650F5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 172032 |
Entropy (8bit): | 6.196196069117546 |
Encrypted: | false |
SSDEEP: | 3072:BZkJAg15FTKWIH+mpIYYFxEtjPOtioVjDGUU1qfDlaGGx+cugLX0d6zwE/zDiamU:BZunFTqeZxEtjPOtioVjDGUU1qfDlavX |
MD5: | E50371BCDCEC0A9585FA2C7018D9A721 |
SHA1: | 02C0242B3B562784A7C89084A9D442E8C705EB02 |
SHA-256: | 91370C6A919D200FA5BB23522C8E83F4A4AE4409DA8D3D8430CCD8B54F579F8F |
SHA-512: | 306DD6565462737812BC6C54F362BE78860BA8FB2B2BB4C212DB482C1001FF6324FD18D5B6EC507E3242594BBA277A77C013C4332989A425E5C37F6804CFCE20 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.8491666669351865 |
Encrypted: | false |
SSDEEP: | 192:uoruQTYZwtFEBP6pIMkrlzDDgODkDNpJ:VBTYOIBP+kBHJDkDF |
MD5: | 83D854D2812E7BD346F4A36FA7B6FDE7 |
SHA1: | E791F88CEBE8EB54B976C63DF024108749A75D53 |
SHA-256: | 87C518C0F0A30B16C20C0B0FC1B5337FBAE655F401BD0D059E05F0DED3C92BFB |
SHA-512: | 6ED975560AF94C2D695491599972664BAD77780D57136086435374376A067FA2F9F0A38DF0EE593CDC6D31A7E099F56E18E4463BB8F10494A2ABA6BCDFC0BAE3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10240 |
Entropy (8bit): | 0.6739662216458647 |
Encrypted: | false |
SSDEEP: | 12:Ppb0slZp69PO9tauZ7nH2AaYSQ81v0t4TreIBUxFj87+k/R:RbG4WuZfKZ1c+reIAon/R |
MD5: | C61F99FE7BEE945FC31B62121BE075CD |
SHA1: | 083BBD0568633FECB8984002EB4FE8FA08E17DD9 |
SHA-256: | 1E0973F4EDEF345D1EA8E90E447B9801FABDE63A2A1751E63B91A8467E130732 |
SHA-512: | 46D743C564A290EDFF307F8D0EF012BB01ED4AA6D9667E87A53976B8F3E87D78BEBE763121A91BA8FB5B0CF5A8C9FDE313D7FBD144FB929D98D7D39F4C9602C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24152 |
Entropy (8bit): | 0.7532185028349225 |
Encrypted: | false |
SSDEEP: | 48:CMnfnO4FGtsFqN6t8nlztZKR6axR6uiozVb:ZnfO4kWKpZKdxR35 |
MD5: | 520FE964934AF1AB0CEBA2366830D0FA |
SHA1: | B90310ACA870261CB619FDFD1E54E1B1A25074FF |
SHA-256: | DBD45EEA386D364B30BA189E079BFA05C2C40D9E5E83722C39A171998ED079C1 |
SHA-512: | A4839A6AB8DB522D9121A590B8C711E8C4F172D9CB71C918860F8048472920F3341B7BA624DFF514BE397809149E4471B2DF981DC81FE77C26B2DDF342A42F8C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 364032 |
Entropy (8bit): | 7.809315911307731 |
Encrypted: | false |
SSDEEP: | 6144:zlunhTqejxEtjPOtioVjDGUU1qfDlavx+fgLX0d6bivVbVjUnj46v9Wa76sObu4b:zIhTviMbVYj46j6sObuEzhKWrHj3sw/ |
MD5: | 32D0EFF7F71A28F9EDD7659EB0CEF09B |
SHA1: | 0FACE6B59C5DD27E369AD3917E2DA9D3D7E7CC39 |
SHA-256: | 0A83BF3B56696F347A008DF0364806B5B341919A44B032283D17B6EA24496962 |
SHA-512: | 03390E1590FC8D39B1EFFA1B5E8D34B39AEFB12290313AA814DEAEEA7E630502189755A31457DAC6F0C37C906EA66CA773E09DD8368E7F696F4C31666D73C4F2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 364032 |
Entropy (8bit): | 7.809315911307731 |
Encrypted: | false |
SSDEEP: | 6144:zlunhTqejxEtjPOtioVjDGUU1qfDlavx+fgLX0d6bivVbVjUnj46v9Wa76sObu4b:zIhTviMbVYj46j6sObuEzhKWrHj3sw/ |
MD5: | 32D0EFF7F71A28F9EDD7659EB0CEF09B |
SHA1: | 0FACE6B59C5DD27E369AD3917E2DA9D3D7E7CC39 |
SHA-256: | 0A83BF3B56696F347A008DF0364806B5B341919A44B032283D17B6EA24496962 |
SHA-512: | 03390E1590FC8D39B1EFFA1B5E8D34B39AEFB12290313AA814DEAEEA7E630502189755A31457DAC6F0C37C906EA66CA773E09DD8368E7F696F4C31666D73C4F2 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.4485767997075385 |
TrID: |
|
File name: | PO_OCF 408.xls |
File size: | 324'608 bytes |
MD5: | b1b6a921c32d375e2bc145aabc5590ed |
SHA1: | df721ea78886ba9fa47e0b4ff172cff71d3eac65 |
SHA256: | 6d0082a6aaeb5d47a2083d5b416c7b7e906c9e25e0f1f1c92a9ae44ae6f38b9f |
SHA512: | 62e409a8663f38ee22184704303bb08844b5ecd593865ec1a5acf8f908e48981ff1d541bd157b14a6f6ffc59677344d2752b0ea886744e4d15e8739a761ffbb9 |
SSDEEP: | 6144:w0unhXqFY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVsHGMIhshrP6nMe0zO3c:w9hXqs3bVsHGMICOnWO3Moi9d |
TLSH: | 1664D042FA41870AE85547714DF74AAE6325FC415F934B0B364CF72E3EF02A46E2BA61 |
File Content Preview: | ........................>.......................................................G...H...z...................................................................................................................................................................... |
Icon Hash: | 276ea3a6a6b7bfbf |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2024-03-26 06:41:50 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 b3 44 0b 81 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D U V . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 b3 44 55 56 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D f . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 b3 44 66 1a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 b3 44 80 c4 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.2403503175049813 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . T H . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD000A282D/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD000A282D/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 62 |
Entropy: | 2.7788384466112834 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 3 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 33 00 |
General | |
Stream Path: | MBD000A282D/CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.7, 1 pages |
Stream Size: | 20909 |
Entropy: | 7.967116806702583 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / A c r o F o r m 3 0 R . > > . e n d o b j . 4 0 o b j . < < . / P r o d u c e r ( 3 . 0 . 4 \\ ( 5 . 0 . 8 \\ ) ) . / M o d D a t e ( D : 2 0 2 3 0 9 2 2 0 3 2 2 4 8 + 0 2 ' 0 0 ' ) . > > . e n d o b j . 2 0 o b j . < < . / T y p e / P a g e s . / K i d s [ 5 0 R ] . / C o u n t 1 . > > . e n d o b j . 3 0 o b j . < < . / F i e l d s [ ] . / D R 6 0 R . > > . e n d |
Data Raw: | 25 50 44 46 2d 31 2e 37 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 33 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 72 6f 64 75 63 65 72 20 28 33 2e 30 2e 34 20 5c 28 35 2e 30 2e 38 5c 29 20 29 0a 2f 4d 6f 64 44 61 74 65 |
General | |
Stream Path: | MBD000A282E/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 113 |
Entropy: | 3.9544012817407785 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . / . . . M i c r o s o f t O f f i c e E x c e l M a c r o - E n a b l e d W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 4d 61 63 72 6f 2d 45 6e 61 62 6c 65 64 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD000A282E/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 11593 |
Entropy: | 7.129232244356437 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . h f . . . 6 . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 68 cf de 66 81 01 00 00 36 05 00 00 13 00 cc 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c8 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD000A282F/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD000A282F/\x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 708 |
Entropy: | 3.6235698530352805 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 20 02 00 00 dc 01 00 00 14 00 00 00 01 00 00 00 a8 00 00 00 02 00 00 00 b0 00 00 00 03 00 00 00 bc 00 00 00 0e 00 00 00 c8 00 00 00 0f 00 00 00 d4 00 00 00 04 00 00 00 e0 00 00 00 05 00 00 00 |
General | |
Stream Path: | MBD000A282F/\x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 23248 |
Entropy: | 3.028372274349727 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . 4 . . . . . . . < . . . . . . . D . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v i v i e n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 5a 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e4 00 00 00 09 00 00 00 f4 00 00 00 |
General | |
Stream Path: | MBD000A282F/Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 97808 |
Entropy: | 7.364997649638122 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . P . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
Stream Path: | MBD000A2830/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 316 |
Entropy: | 6.193265789129319 |
Base64 Encoded: | False |
Data ASCII: | . . . . 7 ` . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . : . / . / . 2 . s . . . g . g . / . 4 . 2 . Q . . . . . . [ 2 : 1 d @ . e k ` ~ H e P . 7 m j 8 > . [ X . ~ X . { o . . C . B . . 2 G , 7 s y a } . B ~ ' . . . . & } O D w z . m x R A . . ! { ' ^ Z . L = g h ' . . X 1 . " 0 8 X . . . . . . . . . . . . . . . . . . . . 2 . q . H . Q . 5 . I . Y . E . P . S . . . O . d . f | T A . k ! ~ . v A u m |
Data Raw: | 01 00 00 02 8d a4 88 37 a8 ee da 60 00 00 00 00 00 00 00 00 00 00 00 00 c6 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b c2 00 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 32 00 73 00 2e 00 67 00 67 00 2f 00 34 00 32 00 51 00 00 00 0d aa 88 0a a2 00 ae 5b 32 3a 31 64 b7 b4 40 0c 65 6b 60 7e e0 48 a7 65 82 50 01 37 96 f0 6d 6a a0 38 3e b4 95 1e 5b 58 1c b8 7e 58 d5 84 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 151302 |
Entropy: | 7.995436452193399 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . . _ = . 0 h L _ K . . > j ] 3 " * * . p 5 t . . . . . . . 6 . . . \\ . p . . p 1 q ] < i 6 . o . . . W . . V . . J 6 C 8 n . L ( h s b 7 . $ t j W . a y h . c ! c . [ . { . ` w g . . t 3 5 < . K B . . . a . . . . 1 . . . = . . . f . . . . , k h 7 . p . . . . . < . . . . v . . . . $ . . . . 9 . . . . h _ . . . U = . . . { . Y . S n W . . . / h @ . . . . . . " . . . / . . . . k v . . . . . . . . s 1 . . . G . . . z s . < . ^ Q z z . 1 . . . . } . I y . : |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 ae d1 1e ee 02 e9 fe 5f cf 3d d7 da 2e 30 8e 68 f6 4c aa 99 9f 5f 4b 9e ce ac 91 83 15 3e 6a ad 5d b3 33 22 2a 2a 9b 0e 70 f3 ad 35 bf 74 a2 e6 e1 00 02 00 b0 04 c1 00 02 00 36 ed e2 00 00 00 5c 00 70 00 17 70 31 c1 e1 87 71 ff e3 95 e6 5d fd 99 3c 69 f0 ab 8a 36 10 aa 83 6f fe 08 a2 b4 10 1b |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 529 |
Entropy: | 5.241798815069371 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 2 C 5 5 A 7 0 3 - 8 E F 2 - 4 4 B 6 - 8 A 2 4 - D 1 C E F 4 3 2 F C D F } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 4 3 4 1 4 A 2 8 A 8 2 C A 8 2 C A |
Data Raw: | 49 44 3d 22 7b 32 43 35 35 41 37 30 33 2d 38 45 46 32 2d 34 34 42 36 2d 38 41 32 34 2d 44 31 43 45 46 34 33 32 46 43 44 46 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.966636528011703 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.350980612687125 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . h . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 b4 c1 10 68 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
- Total Packets: 24
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2024 19:42:16.301249027 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.400440931 CET | 80 | 49163 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.400515079 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.400798082 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.499654055 CET | 80 | 49163 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.500044107 CET | 80 | 49163 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.500226974 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.506340027 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.506367922 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.506439924 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.512697935 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.512711048 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.829709053 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.829785109 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.835045099 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.835052967 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.835413933 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.835469961 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.941570044 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.941675901 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.941726923 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:16.941859007 CET | 443 | 49164 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:16.941900969 CET | 49164 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.059370041 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.163379908 CET | 80 | 49163 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:36.163496017 CET | 49163 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.163867950 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.163902044 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:36.163954020 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.164222002 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.164231062 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:36.490767956 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:36.490852118 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.495486021 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.495492935 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:36.495760918 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:36.495803118 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.502712011 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 26, 2024 19:42:36.502737999 CET | 443 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 26, 2024 19:42:36.502789974 CET | 49165 | 443 | 192.168.2.22 | 13.107.246.40 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2024 19:42:16.166445017 CET | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 26, 2024 19:42:16.293255091 CET | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 26, 2024 19:42:16.166445017 CET | 192.168.2.22 | 8.8.8.8 | 0xaee4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 26, 2024 19:42:16.293255091 CET | 8.8.8.8 | 192.168.2.22 | 0xaee4 | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 19:42:16.293255091 CET | 8.8.8.8 | 192.168.2.22 | 0xaee4 | No error (0) | 13.107.213.40 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49163 | 13.107.246.40 | 80 | 1884 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 26, 2024 19:42:16.400798082 CET | 315 | OUT | |
Mar 26, 2024 19:42:16.500044107 CET | 274 | IN | |
Mar 26, 2024 19:42:36.059370041 CET | 315 | OUT | |
Mar 26, 2024 19:42:36.163379908 CET | 274 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:41:52 |
Start date: | 25/03/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f6e0000 |
File size: | 28'253'536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 18:42:20 |
Start date: | 25/03/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x13e0000 |
File size: | 2'525'680 bytes |
MD5 hash: | 2F8D93826B8CBF9290BC57535C7A6817 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 18:42:35 |
Start date: | 25/03/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x130000 |
File size: | 9'805'808 bytes |
MD5 hash: | 326A645391A97C760B60C558A35BB068 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |