Windows
Analysis Report
NEW ORDER.xls
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
EXCEL.EXE (PID: 2080 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\EXCEL. EXE" /auto mation -Em bedding MD5: D53B85E21886D2AF9815C377537BCAC3) AcroRd32.exe (PID: 2352 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroR d32.exe" - Embedding MD5: 2F8D93826B8CBF9290BC57535C7A6817) RdrCEF.exe (PID: 1256 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroC EF\RdrCEF. exe" --bac kgroundcol or=1651404 3 MD5: 326A645391A97C760B60C558A35BB068)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MalDoc_4 | Yara detected MalDoc | Joe Security |
System Summary |
---|
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Source: | Author: frack113: |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | File source: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD005055A2/\x1Ole' : | ||
Source: | Stream path 'MBD005055A2/\x1Ole' : |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD0050559F/CONTENTS' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'MBD0050559F/CONTENTS' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Document-Office.Exploit.CVE-2017-0199 | ||
19% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
2s.gg | 13.107.246.40 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.40 | 2s.gg | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1416417 |
Start date and time: | 2024-03-27 11:58:08 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | NEW ORDER.xls |
Detection: | MAL |
Classification: | mal68.troj.expl.winXLS@10/26@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, WM IADAP.exe, svchost.exe - Report size getting too big, t
oo many NtCreateFile calls fou nd. - Report size getting too big, t
oo many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
10:59:29 | API Interceptor | |
10:59:46 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.40 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
2s.gg | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer, RedLine, SmokeLoader, XWorm, zgRAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
36f7277af969a6947a61ae0b815907a1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 270336 |
Entropy (8bit): | 0.0018885380473555064 |
Encrypted: | false |
SSDEEP: | 3:MsEllllkEthXllkl2zEdlefl:/M/xT02zh |
MD5: | 5AFAE1B127F8E90CEA6DEFCFAD3C89AC |
SHA1: | DF4484B0E67EAD88E181ACF2C60628C360D029CB |
SHA-256: | 57A7E9DEADA76B0FDCD0D09FF0AD3E8D55B3DBD99971767A86AD27630A53E998 |
SHA-512: | 7C77AFFA67E5FF7455E8170619B4C4DBFB03756687ACC202F8EE2DE20AB987854FDFCD291B78D4428689B5C432E6455D1474855DB9BFDAF95F823BC3073FDC2A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.223148994984305 |
Encrypted: | false |
SSDEEP: | 6:FQztaq2PP2nKuAl9OmbnIFUt88Qzu6Zmw+8QzuGkwOP2nKuAl9OmbjLJ:2AvWHAahFUt8x66/+x6G57HAaSJ |
MD5: | 9A29B1FDAC2D351EBF3951826EE54EA6 |
SHA1: | D8A9964783720E07DAD53C8C69E410BA7BC228AA |
SHA-256: | 16F1F38321E9ED66DE494FC7CCD643624C3704D55651896FC79A13CBD1D46BAF |
SHA-512: | 1A7F656D232805735296571291F4E44568394B82CE8B2DAAE9F28FEAE688065173C2305D69E922B750083F53802E07FCA59694E71C681F41E1A26549725D65AD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.223148994984305 |
Encrypted: | false |
SSDEEP: | 6:FQztaq2PP2nKuAl9OmbnIFUt88Qzu6Zmw+8QzuGkwOP2nKuAl9OmbjLJ:2AvWHAahFUt8x66/+x6G57HAaSJ |
MD5: | 9A29B1FDAC2D351EBF3951826EE54EA6 |
SHA1: | D8A9964783720E07DAD53C8C69E410BA7BC228AA |
SHA-256: | 16F1F38321E9ED66DE494FC7CCD643624C3704D55651896FC79A13CBD1D46BAF |
SHA-512: | 1A7F656D232805735296571291F4E44568394B82CE8B2DAAE9F28FEAE688065173C2305D69E922B750083F53802E07FCA59694E71C681F41E1A26549725D65AD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.223148994984305 |
Encrypted: | false |
SSDEEP: | 6:FQztaq2PP2nKuAl9OmbnIFUt88Qzu6Zmw+8QzuGkwOP2nKuAl9OmbjLJ:2AvWHAahFUt8x66/+x6G57HAaSJ |
MD5: | 9A29B1FDAC2D351EBF3951826EE54EA6 |
SHA1: | D8A9964783720E07DAD53C8C69E410BA7BC228AA |
SHA-256: | 16F1F38321E9ED66DE494FC7CCD643624C3704D55651896FC79A13CBD1D46BAF |
SHA-512: | 1A7F656D232805735296571291F4E44568394B82CE8B2DAAE9F28FEAE688065173C2305D69E922B750083F53802E07FCA59694E71C681F41E1A26549725D65AD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.005597679101775777 |
Encrypted: | false |
SSDEEP: | 3:ImtVOM1xVlt/XSxdltIt/l:IiVfxlKxdXI1l |
MD5: | FD55D575475A6BD81B055F46FA34BA8B |
SHA1: | 289A6344929F221E19D2F9097A5907FE42C03855 |
SHA-256: | 261CE45767DBF1E61AAF67C5EC1D75C2FF5C02681DF96897D5B0EC56A0F8C2AB |
SHA-512: | F2247D89C3268E838AE6F4BCDC1C4BB9C60E4F2E05B1763CD152811661A00B8BFC467F71009894676E38CE31229DF35F6FC9F2F19C2911698012D0594697F098 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 536 |
Entropy (8bit): | 5.17576513886526 |
Encrypted: | false |
SSDEEP: | 12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa |
MD5: | 4D5E3CD969F14362210F0473720C5528 |
SHA1: | AFD90E9888759B809F78E87D5550B601A288A0A3 |
SHA-256: | 79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE |
SHA-512: | B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 536 |
Entropy (8bit): | 5.17576513886526 |
Encrypted: | false |
SSDEEP: | 12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa |
MD5: | 4D5E3CD969F14362210F0473720C5528 |
SHA1: | AFD90E9888759B809F78E87D5550B601A288A0A3 |
SHA-256: | 79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE |
SHA-512: | B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 536 |
Entropy (8bit): | 5.17576513886526 |
Encrypted: | false |
SSDEEP: | 12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa |
MD5: | 4D5E3CD969F14362210F0473720C5528 |
SHA1: | AFD90E9888759B809F78E87D5550B601A288A0A3 |
SHA-256: | 79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE |
SHA-512: | B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9566 |
Entropy (8bit): | 5.226610011802065 |
Encrypted: | false |
SSDEEP: | 192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV |
MD5: | 63B24EA3A13EAC476D6309BB202EF459 |
SHA1: | 89502C393549C20C933E4553F51F74F3DBE085EF |
SHA-256: | 2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA |
SHA-512: | 2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9566 |
Entropy (8bit): | 5.226610011802065 |
Encrypted: | false |
SSDEEP: | 192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV |
MD5: | 63B24EA3A13EAC476D6309BB202EF459 |
SHA1: | 89502C393549C20C933E4553F51F74F3DBE085EF |
SHA-256: | 2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA |
SHA-512: | 2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128373 |
Entropy (8bit): | 1.984352562880039 |
Encrypted: | false |
SSDEEP: | 384:hNzyk+spBXiosQUYuoB7OdnGbLq+ACtKzZQ9w/fQ1D+v+W2gnHwvAgIEyXG1oJ/J:nUwvgnHwvAP |
MD5: | B4621E956E08FFC84D8E099B27014FEE |
SHA1: | CB4604EED70C03ABADD11C5EF15E566B8A9802E4 |
SHA-256: | 0C42B243A4C3673436D22F0C51033E2306005CDB0CFCB82A849452BD3E741CF7 |
SHA-512: | A99A6769B42241891C83EDD62CD4E4027BBF2F5BC716B4ED01CFDBE7312526C5DA8A3D37EB2D471C0A707952A6D8C9143A921FA7428B9F46105583549540DC47 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 433328 |
Entropy (8bit): | 5.820456234012868 |
Encrypted: | false |
SSDEEP: | 6144:Fifm7kwvqU4iyCbPUV7gdaI6z0R/sjBx2:Fl7kwvqULUVS |
MD5: | 36B5BB0BDB4A0B922BA3F2A2965B371B |
SHA1: | DF44483ECCB0CFB97C2989322550092449E4583E |
SHA-256: | FB11125A1D0D754680E21BD8778ACF809799248C512A6C1F4CB31C459BCB9019 |
SHA-512: | 12874686670EF7FC26513E77608272825E22DD125EF68C86D1C33892E17BE95484B40A60BF3BC072F3E8A0963A92A363B957946F9CDC4C9DE665177B8E02D584 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 1.929653848333741 |
Encrypted: | false |
SSDEEP: | 12:YB1uOUvJqRENEtEtEdEdEdEO6Mcs/vs9/09v89fE9vM9/U9Lzlm97z9m9Lz1m9bO:Y7uTvJqRiGGWWWRKqurbkdBvae |
MD5: | 4A103FC1809C8EA381D2ACB5380EF4F6 |
SHA1: | 6C81D37798C4D78C64E7D3EF7EB2ACB317C9FF67 |
SHA-256: | 1AB8F5ABD845FFD0C61A61BB09BFCF20569B80B4496BCCB58C623753CF40485C |
SHA-512: | 77DA8AB022505D77F89749E97628CAF4DD8414251CB673598ACBA8F7D30D1889037FAB30094A6CE7DC47293697A6BEF28B92364D00129B59D2FC3711C82650F5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 1.9017483361098562 |
Encrypted: | false |
SSDEEP: | 24:YOu6PJqRixxBBBQAAJnHbG/KD3ql/mfzG/S6ATn9eDIb6eD/qLvae:9u6IRixxBBBQlJatF6n8g/wae |
MD5: | 8F636083CE616F8EB610556C57CC3CAA |
SHA1: | 4291DA8874EF4A60300F4BAAEC84F5A4A425E31E |
SHA-256: | 62E41677B9A6F9B0139BB4D5EAA890F1423F707383A960FFA261A7C4A677F3EB |
SHA-512: | 78FF54528C73E9E52C67FC8536BDA2628F4177ACDC9E749F4EAF69639F82E468B3766AEACD4F24BABCB30227572B2F522FDDF2FBD8B790C474ACF313BD32C84A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330948 |
Entropy (8bit): | 4.972275318037275 |
Encrypted: | false |
SSDEEP: | 3072:N0Bd8yCKdQW2222222Igccz3/qSmV1XITSuaZgOTARfMDc1ji:N0Bd8yCKdQRzw4muaZ9TARfMDcFi |
MD5: | FF59AF315557FDF3174DBF47FACD66F7 |
SHA1: | 34C6851CF24217B4B5F1BEBAAF5DEE072327FB8A |
SHA-256: | 07F29406508DC93447018A35FF105ECAFA5F0520F96F4F883A5AFA2D09437D8F |
SHA-512: | 98F385541E6C954E9CE40897B6BD339BF36891C98BFD7CDE4B1ACF620D91BBFA96542F3A0ABDC1422369B3811B685D085A7014376A79BC0B7AE210F21FDF7EF8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 884312 |
Entropy (8bit): | 1.2944965349348616 |
Encrypted: | false |
SSDEEP: | 1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw |
MD5: | 9ABE7EB352E0DB96B52C99AC2FDEA85F |
SHA1: | 8DC45D02308275BA32B7FFB320A3042256D40C8B |
SHA-256: | EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869 |
SHA-512: | E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 884312 |
Entropy (8bit): | 1.2944875740888722 |
Encrypted: | false |
SSDEEP: | 1536:k3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:5ux/ZiOE85e+8J2dvRcvMyw |
MD5: | B6DFB3AA7AC4A1A52336C30FA821857B |
SHA1: | 66ECB808A516AC5B07A01CDFCAD65FD7B9907619 |
SHA-256: | E22202331F689D7568E674B0DCD895DF66FAC5980498F05A846DE244AB3394C4 |
SHA-512: | A13562F976BCBEEF7D4B4926C37E39BFD4C588EF6E746792B806E6737C91604175395021D4884493D764CE7F0EE2ACC6C7D03A6045A5B4ED6616E5D7E4C9FE94 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.852318730682997 |
Encrypted: | false |
SSDEEP: | 192:RoruQTYZwtFEBP6pIMkrlzDDg2Z42dDNpJ:OBTYOIBP+kBHGuDF |
MD5: | B7F77CE44F5F52B14F1DAC36486A9B17 |
SHA1: | 05EAC437FF7674B190A59D6ADBCEAD5906D46F02 |
SHA-256: | CB51AC0FE5A2CAA1BC60CDA7C8EC0CC565D48E7F0C6A187E6D2EDA46FCE7697C |
SHA-512: | FADE50BE986D2F85AB1AF6832C4CB0AA745413BF82B2451EA1F305C67B072CEB3586C4A5F4FEEEBFB99EA5526AF99AA01EF0E8DF6633F5D4E108D2683C4F4D5C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 172032 |
Entropy (8bit): | 6.268632028925797 |
Encrypted: | false |
SSDEEP: | 3072:BZkJAg151TKWIHDepIYYFxEtjPOtioVjDGUU1qfDlaGGx+cugLX0d6AwE/zDiam+:BZun1TqjxxEtjPOtioVjDGUU1qfDlav0 |
MD5: | 2575F913DD12A89FD788DE1BAA24B1FF |
SHA1: | 4C6B9DEB23897F14420863044039C32DE0C5813C |
SHA-256: | A9DA10FB28DDC78E17616D47447672184903028ACED9EECE77F9E356B2576201 |
SHA-512: | C11D8E90A05CEA5BE87DB47F4EE0E5657A6A6F0F9E481F96FDAB6CD031DCBF6F890763865FC25F1741FBAA19D8330E1977365D8D67DEB2327546BB9590E8E91B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10240 |
Entropy (8bit): | 0.6739662216458647 |
Encrypted: | false |
SSDEEP: | 12:Ppb0slZp69PO9tauZ7nH2AaYSQ81v0t4TreIBUxFj87+k/R:RbG4WuZfKZ1c+reIAon/R |
MD5: | C61F99FE7BEE945FC31B62121BE075CD |
SHA1: | 083BBD0568633FECB8984002EB4FE8FA08E17DD9 |
SHA-256: | 1E0973F4EDEF345D1EA8E90E447B9801FABDE63A2A1751E63B91A8467E130732 |
SHA-512: | 46D743C564A290EDFF307F8D0EF012BB01ED4AA6D9667E87A53976B8F3E87D78BEBE763121A91BA8FB5B0CF5A8C9FDE313D7FBD144FB929D98D7D39F4C9602C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24152 |
Entropy (8bit): | 0.7532185028349225 |
Encrypted: | false |
SSDEEP: | 48:CMnfnO4FGtsFqN6t8nlztZKR6axR6uiozVb:ZnfO4kWKpZKdxR35 |
MD5: | 520FE964934AF1AB0CEBA2366830D0FA |
SHA1: | B90310ACA870261CB619FDFD1E54E1B1A25074FF |
SHA-256: | DBD45EEA386D364B30BA189E079BFA05C2C40D9E5E83722C39A171998ED079C1 |
SHA-512: | A4839A6AB8DB522D9121A590B8C711E8C4F172D9CB71C918860F8048472920F3341B7BA624DFF514BE397809149E4471B2DF981DC81FE77C26B2DDF342A42F8C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 364544 |
Entropy (8bit): | 7.80574920458647 |
Encrypted: | false |
SSDEEP: | 6144:Z+unhTqjixEtjPOtioVjDGUU1qfDlavx+fgLX0d6UivKbV2kTyF0BdfM+ewnHQa6:Z/hT8EHbVtZM+ew7vX0FvI/b |
MD5: | 3B2C51FB3EC8765058BCA061B463FDD6 |
SHA1: | CCF3BA89647FFA9130A16F10761354E5F055ED70 |
SHA-256: | 50E10C8D91F1CA164A2646045760F6A93DD18EDFE2674D15434B2437F2DC3AED |
SHA-512: | F1E62D1C68B41DB737667BDA8C9E35A4599CA66464679CF6E5607E69FD2295815E0B59559B70731EA2C7C8A8FDDFED5CDD57DC76410D0FE5F51CEB201628C657 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 364544 |
Entropy (8bit): | 7.80574920458647 |
Encrypted: | false |
SSDEEP: | 6144:Z+unhTqjixEtjPOtioVjDGUU1qfDlavx+fgLX0d6UivKbV2kTyF0BdfM+ewnHQa6:Z/hT8EHbVtZM+ew7vX0FvI/b |
MD5: | 3B2C51FB3EC8765058BCA061B463FDD6 |
SHA1: | CCF3BA89647FFA9130A16F10761354E5F055ED70 |
SHA-256: | 50E10C8D91F1CA164A2646045760F6A93DD18EDFE2674D15434B2437F2DC3AED |
SHA-512: | F1E62D1C68B41DB737667BDA8C9E35A4599CA66464679CF6E5607E69FD2295815E0B59559B70731EA2C7C8A8FDDFED5CDD57DC76410D0FE5F51CEB201628C657 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.445174793793269 |
TrID: |
|
File name: | NEW ORDER.xls |
File size: | 325'120 bytes |
MD5: | 3a676a14c0aa582a465032b971ca23f5 |
SHA1: | 04b12227d6b22ed562005d126cd7e3366c4fe966 |
SHA256: | 3688f05556a136fe094de5cb1888eac2a579525f72cd027e19738582ed40c283 |
SHA512: | f4e2e080f2c6b73aad8f8a487e65a5aed1cee9fa77e9e82f1e0538c978c2f150e10b2ac93e96d65857a7380acd94e16178c82bedb65c415b247f01580e49ae05 |
SSDEEP: | 6144:VPunhX2jaLY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVlLMIU6FDCmg9bhQ87:VqhX2ja23bVlLMILKbhQ4z3SJKgJeB/b |
TLSH: | 7164E041FA81865AE585473649F74BAA6325FC409F524B0F324CF71E3DB03E46E3BA62 |
File Content Preview: | ........................>.......................................................G...H...{...................................................................................................................................................................... |
Icon Hash: | 276ea3a6a6b7bfbf |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2024-03-25 12:48:57 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . m . . f . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 6d 17 0c 66 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . m . D . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 6d 17 82 44 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . m . 9 N . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 6d 17 39 4e 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . m . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 6d 17 e6 8a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.2882936681910495 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . B . . ~ . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD0050559F/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD0050559F/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 62 |
Entropy: | 2.7788384466112834 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 3 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 33 00 |
General | |
Stream Path: | MBD0050559F/CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.7, 1 pages |
Stream Size: | 20909 |
Entropy: | 7.967116806702583 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / A c r o F o r m 3 0 R . > > . e n d o b j . 4 0 o b j . < < . / P r o d u c e r ( 3 . 0 . 4 \\ ( 5 . 0 . 8 \\ ) ) . / M o d D a t e ( D : 2 0 2 3 0 9 2 2 0 3 2 2 4 8 + 0 2 ' 0 0 ' ) . > > . e n d o b j . 2 0 o b j . < < . / T y p e / P a g e s . / K i d s [ 5 0 R ] . / C o u n t 1 . > > . e n d o b j . 3 0 o b j . < < . / F i e l d s [ ] . / D R 6 0 R . > > . e n d |
Data Raw: | 25 50 44 46 2d 31 2e 37 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 33 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 72 6f 64 75 63 65 72 20 28 33 2e 30 2e 34 20 5c 28 35 2e 30 2e 38 5c 29 20 29 0a 2f 4d 6f 64 44 61 74 65 |
General | |
Stream Path: | MBD005055A0/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 113 |
Entropy: | 3.9544012817407785 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . / . . . M i c r o s o f t O f f i c e E x c e l M a c r o - E n a b l e d W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 4d 61 63 72 6f 2d 45 6e 61 62 6c 65 64 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD005055A0/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 11594 |
Entropy: | 7.133836970926882 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . h f . . . 6 . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 68 cf de 66 81 01 00 00 36 05 00 00 13 00 cc 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c8 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD005055A1/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD005055A1/\x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 708 |
Entropy: | 3.6235698530352805 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 20 02 00 00 dc 01 00 00 14 00 00 00 01 00 00 00 a8 00 00 00 02 00 00 00 b0 00 00 00 03 00 00 00 bc 00 00 00 0e 00 00 00 c8 00 00 00 0f 00 00 00 d4 00 00 00 04 00 00 00 e0 00 00 00 05 00 00 00 |
General | |
Stream Path: | MBD005055A1/\x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 23248 |
Entropy: | 3.0232976457110414 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . 4 . . . . . . . < . . . . . . . D . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v i v i e n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 5a 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e4 00 00 00 09 00 00 00 f4 00 00 00 |
General | |
Stream Path: | MBD005055A1/Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 97808 |
Entropy: | 7.36513443754125 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . P . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
Stream Path: | MBD005055A2/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 466 |
Entropy: | 6.599365577984179 |
Base64 Encoded: | False |
Data ASCII: | . . . . r b . ` . . . . . . . . . . . . ( . . . y . . . K . $ . . . h . t . t . p . : . / . / . 2 . s . . . g . g . / . 3 . z . s . . . . . $ 2 A v . a ; . . \\ ^ 2 s Z 6 X 0 . H 9 : % n . m . . j . D . . . g Q Q . + . U l K * 5 d q . x W ~ @ P h ' 0 k 6 . . s b . $ . x . . . . b 5 . . x c X . l . . : D . ) o v A S A ^ G . 1 j % . + S * # . I . c [ . d ' ) @ A . } E . . . . F . < H . h . . 4 2 : y ; / . . F . " j . . . . . . . . . . . . . . . . J . . . o . 7 . n . D . r . M . 6 . m . B . q . Y . t . R . T |
Data Raw: | 01 00 00 02 97 72 62 08 a8 8f b4 60 00 00 00 00 00 00 00 00 00 00 00 00 28 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 24 01 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 32 00 73 00 2e 00 67 00 67 00 2f 00 33 00 7a 00 73 00 00 00 10 01 9d 8a 24 32 41 76 ea 97 ac 61 95 3b 0d 09 5c 5e 32 82 ba b9 ce 73 ab b5 bc 5a f3 ac 36 c1 58 30 1f 90 e5 48 39 3a 25 ad 6e 0e 6d 0b |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 151378 |
Entropy: | 7.995716884610021 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . T 3 . ' ' u 6 . . k P y . $ . } . . . . . 1 . . . . . . . ! . . . \\ . p . l r } 4 6 ] . g . . v H M . b x . + . ` S e < F . 6 a 1 . F . . : - H O ; y S < b A . . k . . < R v . C 6 t H A . B . . . @ a . . . x d . . . = . . . 3 . . . . ! u } y . c $ . . . . o . . . . . . . . . . . C . . . . . . . . . . . . w = . . . . . p r \\ . R ^ . , @ . . . l y . . . i " . . . O b . . . . . F . . . N . . . . 1 . . . . . ' u H . : * G L . P 8 t 1 . . . ~ ' . . S ] o |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 d7 98 54 e2 f7 d7 33 1b 20 a1 27 27 d5 75 36 9c 93 02 d6 19 94 6b c4 50 db 79 16 be 24 1a 97 7d de ad f4 d0 f3 13 d1 dd ad d3 b7 9f b8 0b cc 31 e1 00 02 00 b0 04 c1 00 02 00 21 ee e2 00 00 00 5c 00 70 00 f3 6c 72 c6 7d 34 36 d6 5d a9 0c bf ec a7 67 c6 90 19 76 48 de 4d 03 62 bd 8d 78 ab df 14 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 519 |
Entropy: | 5.215893266258675 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 6 7 7 0 F B B C - E A F 2 - 4 6 7 D - 9 0 D 3 - F 8 8 E 0 7 C 3 D 9 9 D } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 4 0 4 2 6 2 6 0 6 6 6 0 6 6 6 0 6 |
Data Raw: | 49 44 3d 22 7b 36 37 37 30 46 42 42 43 2d 45 41 46 32 2d 34 36 37 44 2d 39 30 44 33 2d 46 38 38 45 30 37 43 33 44 39 39 44 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.977174695581832 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.367111124104135 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . Q . h . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 51 c6 0f 68 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
- Total Packets: 23
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 27, 2024 11:59:24.467451096 CET | 49165 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:24.568376064 CET | 80 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:24.568455935 CET | 49165 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:24.568684101 CET | 49165 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:24.667865038 CET | 80 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:24.668363094 CET | 80 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:24.668421984 CET | 49165 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:24.701205015 CET | 49166 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:24.701236963 CET | 443 | 49166 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:24.701498032 CET | 49166 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:24.708641052 CET | 49166 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:24.708657026 CET | 443 | 49166 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:25.027367115 CET | 443 | 49166 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:25.027432919 CET | 49166 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:25.033155918 CET | 49166 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:25.033166885 CET | 443 | 49166 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:25.033477068 CET | 443 | 49166 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:25.033540964 CET | 49166 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:25.111618996 CET | 49166 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:25.111774921 CET | 443 | 49166 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:25.111841917 CET | 49166 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.080995083 CET | 49165 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.223705053 CET | 80 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:46.228486061 CET | 80 | 49165 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:46.228590012 CET | 49165 | 80 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.229372025 CET | 49167 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.229412079 CET | 443 | 49167 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:46.229470968 CET | 49167 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.257710934 CET | 49167 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.257729053 CET | 443 | 49167 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:46.571302891 CET | 443 | 49167 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:46.571497917 CET | 49167 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.581305027 CET | 49167 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.581317902 CET | 443 | 49167 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:46.581626892 CET | 443 | 49167 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:46.581680059 CET | 49167 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.585331917 CET | 49167 | 443 | 192.168.2.22 | 13.107.246.40 |
Mar 27, 2024 11:59:46.585377932 CET | 443 | 49167 | 13.107.246.40 | 192.168.2.22 |
Mar 27, 2024 11:59:46.585438967 CET | 49167 | 443 | 192.168.2.22 | 13.107.246.40 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 27, 2024 11:59:24.331805944 CET | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 27, 2024 11:59:24.449301958 CET | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 27, 2024 11:59:24.331805944 CET | 192.168.2.22 | 8.8.8.8 | 0xac92 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 27, 2024 11:59:24.449301958 CET | 8.8.8.8 | 192.168.2.22 | 0xac92 | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2024 11:59:24.449301958 CET | 8.8.8.8 | 192.168.2.22 | 0xac92 | No error (0) | 13.107.213.40 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49165 | 13.107.246.40 | 80 | 2080 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 27, 2024 11:59:24.568684101 CET | 315 | OUT | |
Mar 27, 2024 11:59:24.668363094 CET | 274 | IN | |
Mar 27, 2024 11:59:46.080995083 CET | 315 | OUT | |
Mar 27, 2024 11:59:46.228486061 CET | 274 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:58:58 |
Start date: | 26/03/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f270000 |
File size: | 28'253'536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 10:59:29 |
Start date: | 26/03/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x13e0000 |
File size: | 2'525'680 bytes |
MD5 hash: | 2F8D93826B8CBF9290BC57535C7A6817 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 10:59:45 |
Start date: | 26/03/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x130000 |
File size: | 9'805'808 bytes |
MD5 hash: | 326A645391A97C760B60C558A35BB068 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |