Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GMCCA Carrier Profile.xls

Overview

General Information

Sample name:GMCCA Carrier Profile.xls
Analysis ID:1445940
MD5:85dd8907418b9f4a2550629fa96a3e66
SHA1:83deda72fcf638042b9b6d0e615efbec3e6b0652
SHA256:656dfc269bb525cebce7872bd65019ee6ac8ecc573063bebf9c9dbd899644aa5
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections

Classification

Process Tree

  • System is w10x64_ra
  • EXCEL.EXE (PID: 1540 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\GMCCA Carrier Profile.xls" MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 3740 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.67, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1540, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49715
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49715, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1540, Protocol: tcp, SourceIp: 13.107.246.67, SourceIsIpv6: false, SourcePort: 443

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 192.168.2.16:49715 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49715
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.16:49721
Source: excel.exeMemory has grown: Private usage: 1MB later: 92MB
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: classification engineClassification label: clean2.winXLS@3/1@0/37
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{0D5C5676-F71D-4BB1-938D-B187FA68E209} - OProcSessId.dat
Source: GMCCA Carrier Profile.xlsOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.ini
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\GMCCA Carrier Profile.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: GMCCA Carrier Profile.xlsInitial sample: OLE summary lastprinted = 2013-03-11 15:12:32
Source: GMCCA Carrier Profile.xlsInitial sample: OLE indicators vbamacros = False
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Process Injection		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Extra Window Memory Injection		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS2
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
part-0039.t-0009.t-msedge.net
13.107.246.67
truefalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    52.113.194.132
    		unknownUnited States
    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    52.109.28.47
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    52.109.32.97
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    13.107.246.67
    		part-0039.t-0009.t-msedge.netUnited States
    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    104.119.108.127
    		unknownUnited States
    		16625AKAMAI-ASUSfalse
    20.189.173.13
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1445940
    Start date and time:2024-05-22 20:06:38 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:16
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:GMCCA Carrier Profile.xls
    Detection:CLEAN
    Classification:clean2.winXLS@3/1@0/37
    Cookbook Comments:
    • Found application associated with file extension: .xls

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.28.47, 104.119.108.127, 52.113.194.132
    • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, eur.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, s-0005-office.config.skype.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, uks-azsc-000.roaming.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, europe.configsvc1.live.com.akadns.net
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtCreateKey calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • VT rate limit hit for: GMCCA Carrier Profile.xls

    Created / dropped Files

    C:\Users\user\AppData\Local\Temp\~DFCD825819E72E7998.TMP

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    File Type:data
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):2.389026789615768
    Encrypted:false
    SSDEEP:
    MD5:835240A65A7A6A06911FE243AE3065DD
    SHA1:A66584B111BEFB7672AC20E81CAD7E8C6F155363
    SHA-256:0C830624659D0D572D84D01C8FC6FD7AF25D61C1B9A4F67245D43F15C5EC5D84
    SHA-512:8EE568F7FB9E7E548A5991438BF744EF7E9AACE9313AE6855843264FB3F48F457B94AF6D5240101AA01251D6213DC9F4419FE53F9E16904D49F22A3E3DF2BC90
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    Static File Info

    General

    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: kapowers, Last Saved By: Naas, Jared, Name of Creating Application: Microsoft Excel, Last Printed: Mon Mar 11 15:12:32 2013, Create Time/Date: Thu Jul 7 18:09:35 2005, Last Saved Time/Date: Wed Apr 20 14:48:24 2022, Security: 0
    Entropy (8bit):4.3514091844773395
    TrID:
    • Microsoft Excel sheet (30009/1) 78.94%
    • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
    File name:GMCCA Carrier Profile.xls
    File size:74'240 bytes
    MD5:85dd8907418b9f4a2550629fa96a3e66
    SHA1:83deda72fcf638042b9b6d0e615efbec3e6b0652
    SHA256:656dfc269bb525cebce7872bd65019ee6ac8ecc573063bebf9c9dbd899644aa5
    SHA512:6f8dbad172f5651a49fce0c88983a28832aad0c9dd7ea7fa278dbd5687cb8811930df7bcc07fcc509d40f58b26af3895559e07b5dff5a2035d6a27798939d76b
    SSDEEP:1536:/m1lvxEtjPOtioVjDGUU1qfDlaGGx+cL/IERSGjO9MoY68E:u1lvxEtjPOtioVjDGUU1qfDlaGGx+cLH
    TLSH:2B73EEC2E7689867D67D93354C51B76C3731EC514B6B834B214232BDAFF2AE02F0619A
    File Content Preview:........................>.......................................................u..............................................................................................................................................................................

    File Icon

    Icon Hash:35ed8e920e8c81b5

    Static OLE Info

    General

    Document Type:OLE
    Number of OLE Files:1

    OLE File "GMCCA Carrier Profile.xls"

    Indicators
    Has Summary Info:
    Application Name:Microsoft Excel
    Encrypted Document:False
    Contains Word Document Stream:False
    Contains Workbook/Book Stream:True
    Contains PowerPoint Document Stream:False
    Contains Visio Document Stream:False
    Contains ObjectPool Stream:False
    Flash Objects Count:0
    Contains VBA Macros:False
    Summary
    Code Page:1252
    Author:kapowers
    Last Saved By:Naas, Jared
    Last Printed:2013-03-11 15:12:32
    Create Time:2005-07-07 17:09:35
    Last Saved Time:2022-04-20 13:48:24
    Creating Application:Microsoft Excel
    Security:0
    Document Summary
    Document Code Page:1252
    Thumbnail Scaling Desired:False
    Company:CNF Inc.
    Contains Dirty Links:False
    Shared Document:False
    Changed Hyperlinks:False
    Application Version:1048576

    Streams

    Stream Path: \x1CompObj, File Type: data, Stream Size: 108
    General
    Stream Path:\x1CompObj
    CLSID:
    File Type:data
    Stream Size:108
    Entropy:4.188499988527259
    Base64 Encoded:True
    Data ASCII:. . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 1e 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 356
    General
    Stream Path:\x5DocumentSummaryInformation
    CLSID:
    File Type:data
    Stream Size:356
    Entropy:3.6911835942457287
    Base64 Encoded:False
    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . 4 . . . . . . . . . . . P . . . . . . . X . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C N F I n c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C a r r i e r P r o f i l e . . . . . ' C a r r i e r P r o f i l e ' ! P r i n t _ A r e a . . . . . ' C a r r i e r
    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 34 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 6c 00 00 00 0b 00 00 00 74 00 00 00 10 00 00 00 7c 00 00 00 13 00 00 00 84 00 00 00 16 00 00 00 8c 00 00 00 0d 00 00 00 94 00 00 00 0c 00 00 00 f4 00 00 00
    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 236
    General
    Stream Path:\x5SummaryInformation
    CLSID:
    File Type:data
    Stream Size:236
    Entropy:3.7517368926263326
    Base64 Encoded:False
    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . d . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . k a p o w e r s . . . . . . . . . . . . N a a s , J a r e d . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . h j . . @ . . . & . . @ . . . . M T . . . . . . . . .
    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 bc 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 78 00 00 00 0b 00 00 00 90 00 00 00 0c 00 00 00 9c 00 00 00 0d 00 00 00 a8 00 00 00 13 00 00 00 b4 00 00 00 02 00 00 00 e4 04 00 00
    Stream Path: MBD00089DBE/\x1CompObj, File Type: data, Stream Size: 77
    General
    Stream Path:MBD00089DBE/\x1CompObj
    CLSID:
    File Type:data
    Stream Size:77
    Entropy:2.954779533874008
    Base64 Encoded:False
    Data ASCII:. . . . . . . . . . . . . . . . . . . . F . . . . P B r u s h . . . . . P B r u s h . . . . . P B r u s h . 9 q . . . . . . . . . . . .
    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 0a 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 07 00 00 00 50 42 72 75 73 68 00 07 00 00 00 50 42 72 75 73 68 00 07 00 00 00 50 42 72 75 73 68 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
    Stream Path: MBD00089DBE/\x1Ole, File Type: data, Stream Size: 20
    General
    Stream Path:MBD00089DBE/\x1Ole
    CLSID:
    File Type:data
    Stream Size:20
    Entropy:0.5689955935892812
    Base64 Encoded:False
    Data ASCII:. . . . . . . . . . . . . . . . . . . .
    Data Raw:01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Stream Path: MBD00089DBE/\x1Ole10ItemName, File Type: data, Stream Size: 5
    General
    Stream Path:MBD00089DBE/\x1Ole10ItemName
    CLSID:
    File Type:data
    Stream Size:5
    Entropy:1.3709505944546687
    Base64 Encoded:False
    Data ASCII:. . . . .
    Data Raw:01 00 00 00 0c
    Stream Path: MBD00089DBE/\x1Ole10Native, File Type: data, Stream Size: 7812
    General
    Stream Path:MBD00089DBE/\x1Ole10Native
    CLSID:
    File Type:data
    Stream Size:7812
    Entropy:1.8137136915567662
    Base64 Encoded:True
    Data ASCII:. . . B M b . . . . . . . 6 . . . ( . . . c . . . C . . . . . . . . . . . , . . . . . . . . . . . . . . . . . h h i . . p . . . . B B D . . . N N P . . . . t t v . [ [ ] . . n . . . . . p 3 . . . . . . y . . . . P . . e % . . . . . . . . . . . C . j . b . . A . . . N . _ . . . . . m * . [ . . 5 5 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    Data Raw:80 1e 00 00 42 4d 62 1e 00 00 00 00 00 00 36 04 00 00 28 00 00 00 63 00 00 00 43 00 00 00 01 00 08 00 00 00 00 00 2c 1a 00 00 c4 0e 00 00 c4 0e 00 00 00 00 00 00 00 00 00 00 68 68 69 00 cc cc cd 00 f6 d0 70 00 cf ad 8a 00 9a 9a 9b 00 42 42 44 00 f2 f2 f2 00 81 81 82 00 4e 4e 50 00 d9 d9 d9 00 b3 b3 b4 00 8e 8e 8f 00 74 74 76 00 5b 5b 5d 00 c3 99 6e 00 e6 e6 e6 00 fe fc f6 00 f9 f5
    Stream Path: MBD00089DBE/\x3ObjInfo, File Type: data, Stream Size: 4
    General
    Stream Path:MBD00089DBE/\x3ObjInfo
    CLSID:
    File Type:data
    Stream Size:4
    Entropy:0.8112781244591328
    Base64 Encoded:False
    Data ASCII:. . . .
    Data Raw:00 00 03 00
    Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 60498
    General
    Stream Path:Workbook
    CLSID:
    File Type:Applesoft BASIC program data, first line number 16
    Stream Size:60498
    Entropy:4.397850508916329
    Base64 Encoded:True
    Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . \\ . p . . . . M c A l l e n , C h r i s t o p h e r J B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . x K ' 8 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . 1 . . . .
    Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 16 00 00 4d 63 41 6c 6c 65 6e 2c 20 43 68 72 69 73 74 6f 70 68 65 72 20 4a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20