Windows
Analysis Report
MS100384UTC.xls
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w11x64_office
- EXCEL.EXE (PID: 6888 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\E XCEL.EXE" /automatio n -Embeddi ng MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77) - splwow64.exe (PID: 5084 cmdline:
C:\Windows \splwow64. exe 12288 MD5: AF4A7EBF6114EE9E6FBCC910EC3C96E6)
- EXCEL.EXE (PID: 8592 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\E XCEL.EXE" "C:\Users\ user\Deskt op\MS10038 4UTC.xls" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
- cleanup
System Summary |
---|
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Directory created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: | ||
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD006207A8/\x1Ole' : | ||
Source: | Stream path 'MBD006207A8/\x1Ole' : |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Directory created: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Stream path 'MBD006207A6/MBD007203CB/Workbook' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'MBD006207A6/MBD007203CB/Workbook' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 3 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | Virustotal | Browse | ||
18% | ReversingLabs | |||
100% | Joe Sandbox ML |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
chrome.cloudflare-dns.com | 162.159.61.3 | true | false | high | |
s.deemos.com | 14.103.79.10 | true | false | unknown | |
assets.msn.com | unknown | unknown | false | high | |
cxcs.microsoft.net | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
14.103.79.10 | s.deemos.com | China | 18002 | WORLDPHONE-INASNumberforInterdomainRoutingIN | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1578870 |
Start date and time: | 2024-12-20 16:03:10 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | MS100384UTC.xls |
Detection: | MAL |
Classification: | mal56.winXLS@4/46@4/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, BackgroundTransferHost.exe, appidcertstorecheck.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.194.30.59, 52.109.32.97, 52.109.28.47, 52.113.194.132, 52.109.28.48, 95.100.135.35, 95.100.135.50, 95.100.135.49, 95.100.135.75, 95.100.135.48, 95.100.135.41, 95.100.135.43, 95.100.135.66, 95.100.135.58, 52.182.143.215, 184.30.24.41, 95.100.135.80, 95.100.135.57, 95.100.135.65, 95.100.135.59, 95.100.135.73, 95.100.135.67, 95.100.135.72, 51.116.253.169, 23.195.77.178, 20.12.23.50, 20.190.177.19, 20.103.156.88
- Excluded domains from analysis (whitelisted): osiprod-uks-bronze-azsc-000.uksouth.cloudapp.azure.com, e1324.dscd.akamaiedge.net, odc.officeapps.live.com, onedscolprdgwc04.germanywestcentral.cloudapp.azure.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, cxcs.microsoft.net.edgekey.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, c.pki.goog, e3230.b.akamaiedge.net, e28578.d.akamaiedge.net, res-1-tls.cdn.office.net, onedscolprdcus22.centralus.cloudapp.azure.com, windows.msn.com, ecs.office.com, e40491.dscg.akamaiedge.net, assets.msn.com.edgekey.net, client.wns.windows.com, prod.configsvc1.live.com.akadns.net, fd.api.iris.microsoft.com, uci.cdn.office.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, s-0005-office.config.skype.com, uks-azsc-000.
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadFile calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Report size getting too big, too many NtSetValueKey calls found.
Time | Type | Description |
---|---|---|
10:05:25 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
14.103.79.10 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
chrome.cloudflare-dns.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Metasploit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
s.deemos.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
WORLDPHONE-INASNumberforInterdomainRoutingIN | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1584 |
Entropy (8bit): | 2.6928361216532144 |
Encrypted: | false |
SSDEEP: | 24:YxIPuk+z7Fl3HyFOqYp2IyoeyjkFP5VQBMQRgYOCE+E7UXOKI5KazYvKISmtzGd2:YxAT+PFKUFM78BMQiYOSVIADK+GTzq |
MD5: | CE32F70E720ADCBCA3832170077678F5 |
SHA1: | DBC905854C8C46BA08DFE3CB040A644C06E76F8D |
SHA-256: | DC3B4A2D32EEB0B387AD67EE71194B61AB60818C633DF870DA89F5485D26FACE |
SHA-512: | 48BC3D3AF66EBA0CBA9941D3D8AA1E4360683DE7EDFB8489EACACA9052CF717136EA7CC6B9E58958B454D265C1A011865421BA818D461A15BFD17453DD14C2F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134544 |
Entropy (8bit): | 2.9527588414114754 |
Encrypted: | false |
SSDEEP: | 768:P0WYNNkN2HtS1u40TiTKAvGNLnvfKx4t1cEU9W3V/DOEsx:pYN/Ni0TiTKeYjfKx4tCEU9W35psx |
MD5: | 83F48FDD46D3424E92E24E709EAB5960 |
SHA1: | 6CEE65663B48B56BDFF6756C38C1F4190EAC6E12 |
SHA-256: | 77F4BCE7FBE1E2F98A04DC51994467460B255135535CDE954EEE8180F500C6AE |
SHA-512: | 8F781049001FC063EDB9B4352C0EA05D8DA9DCFC599234A58258C6FB4C4CED2B862A701081F10B68E286124413AD04F4AAAB485D376B0A2FB04167AFF121F47E |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 98872 |
Entropy (8bit): | 2.314922296391176 |
Encrypted: | false |
SSDEEP: | 768:XOT4vdx1DW7ohBb66mQK4BTonxqQbApQK6c:+2wc |
MD5: | B16BE7C4304EF9B5B22852D6EF8F1F1A |
SHA1: | 2989DB9F02F4762B4188740DDA110F01FB8B9801 |
SHA-256: | 0EFC26A98A1502D38DCC21398179082E2239EC6069E6CA7D2C273751D22C1363 |
SHA-512: | 502E5995E4CDF88B2D6605C467BB9B560F679921B20F13147E05FF5831E1082F27AE93DAAF91C84A20B38FD13FC14F8A0F7DF12AC52C67A7B408B1E99202A18B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 153132 |
Entropy (8bit): | 2.3475145785826403 |
Encrypted: | false |
SSDEEP: | 1536:GAOsHV+DAtQaqrUPig97qG7bIQWkaYgJzQp:jdbp |
MD5: | 00F44ACEBCC79C40BBC3A6DB23EDBD6E |
SHA1: | 69E3D0D6E877268A1AC3C6FBB0DB83F62976EFB5 |
SHA-256: | 3376D5411FF0B0286D5BAF9323176C24B644BDDA527D9F661CE2C99E453E0877 |
SHA-512: | 6EB6034B264CC5174004E202365DC618815CA6ABCA8A72C9005E1A3F799E9EDE184DC7884B64B3741E4DD4B2F7B7E3E295434ED6CAD4D8DD1B83FAC82F8C6353 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 13284 |
Entropy (8bit): | 2.735825271732709 |
Encrypted: | false |
SSDEEP: | 96:9pyRiCCyynOYeK4jlGWS0BL7g5lqUTM/tIdSUsQ5lV:9rR/W305sUTMpQR |
MD5: | 901DCD18F7643CAEBDE4301E05F5C748 |
SHA1: | A0ABDDACFFDE3CCF88AA4CBC6F7B252385745BA4 |
SHA-256: | BBE8A43E3E499CE8744B1C8680300A8C4EAD33C08EE82CC4D59624C0BB871FB1 |
SHA-512: | ADF5729E56F94556E7C979202C75FC1B051B3D9B7B30344C6E9DFE0F5164B3D30554505DC1E9BB8C6319A50436B533EAC7021CC030E040659D02C0616EE3A743 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 98872 |
Entropy (8bit): | 2.315181778019076 |
Encrypted: | false |
SSDEEP: | 768:XOIjvbx1DW7ohBb66mQK4BTonxqQbApQK6c:+awc |
MD5: | 7E328FF1675F4035FD4012FA1A739859 |
SHA1: | C3A9AE8FCF918AED84252E8920E9AE1685C9B9A8 |
SHA-256: | 46EC194B848F5709908BBB3E5DC445510A02FCE5EBEBF2DD3C49E60B99CB478C |
SHA-512: | D4A6D551A8D45FC0307B5A4554991B7F770E3BE2CE69B0008E51D161C4204E0CCEECB55529F16017FC422CA12DA58292A1E2A0B7D69A415E9E983227D2A69618 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8184 |
Entropy (8bit): | 2.1428473327791178 |
Encrypted: | false |
SSDEEP: | 96:EV5g2s88nDfgshP5L9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:EaouIWZ4V79FdigmR7qii1Bo |
MD5: | 4C052D852534E15CBE079EABAE1E82C2 |
SHA1: | 25679AF476A0AE2435DD5B31D43160EB50E84886 |
SHA-256: | 10B2B1D465D9216DDD9F1252464D0111DA823EB5482CA34700688064EC7E4786 |
SHA-512: | F757A810E45E5E34F34DBCF9FD0067610C705ABCB472289401D6C62B2BD2F7163E46911E52055090461A1142C35801F6BDB16972EE1CC9580D267D41BE232D31 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 153132 |
Entropy (8bit): | 2.3475145785826403 |
Encrypted: | false |
SSDEEP: | 1536:GAOsHV+DAtQaqrUPig97qG7bIQWkaYgJzQp:jdbp |
MD5: | 00F44ACEBCC79C40BBC3A6DB23EDBD6E |
SHA1: | 69E3D0D6E877268A1AC3C6FBB0DB83F62976EFB5 |
SHA-256: | 3376D5411FF0B0286D5BAF9323176C24B644BDDA527D9F661CE2C99E453E0877 |
SHA-512: | 6EB6034B264CC5174004E202365DC618815CA6ABCA8A72C9005E1A3F799E9EDE184DC7884B64B3741E4DD4B2F7B7E3E295434ED6CAD4D8DD1B83FAC82F8C6353 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8184 |
Entropy (8bit): | 2.139796018041356 |
Encrypted: | false |
SSDEEP: | 96:EV5g2s88nDfgsRo5v9CWZBqlA2B79sIRdYZgmR7qii1Bo1V:EaofwWZC79FdigmR7qii1Bo |
MD5: | F51FE5344B566DD2D3CC97BB43307EAB |
SHA1: | 7B9D3BCEDD619F87F6E71E2E830F62F7B341667B |
SHA-256: | A2F08D981F4917EA44AF6B813109EA7BB6CC4BEBF8FDA1728BC6DD53CCB40015 |
SHA-512: | 3F894000B0D464B71F7DF8075D8839F48911B19BE5DBDE40565651ED93C2B5BE75886C2C9924B81A8771E73B9BE1104B88F1ECFD540B1A055106F57A3622F34B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1293620 |
Entropy (8bit): | 4.563127917199792 |
Encrypted: | false |
SSDEEP: | 6144:HepUelSAzNeNpVAZSedri2/Op4mD3f5ReZdZJElOFmkDrvwA2w4Meh/q4MmuRDrM:HepRlSPiS4ri2/lmzCJEuL1eU1muq |
MD5: | F71C973B5E362DFD6408D6C009E5643E |
SHA1: | 24B3CE67B31BFD4791287932206D54C73489424E |
SHA-256: | 27D0986B7EC233689490135118670F01325F21DFD6F60492AF5D62C7CF1E3045 |
SHA-512: | 4C3F506BC4313437C9194EED3CD5AB6616490AE376FC61DD38D8E00F975C41A23FC8D322E41CFBEC380F04F49ADF6E77A3B22BB5C96EBE714F5713B09838F1F4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8184 |
Entropy (8bit): | 2.139796018041356 |
Encrypted: | false |
SSDEEP: | 96:EV5g2s88nDfgsRo5v9CWZBqlA2B79sIRdYZgmR7qii1Bo1V:EaofwWZC79FdigmR7qii1Bo |
MD5: | F51FE5344B566DD2D3CC97BB43307EAB |
SHA1: | 7B9D3BCEDD619F87F6E71E2E830F62F7B341667B |
SHA-256: | A2F08D981F4917EA44AF6B813109EA7BB6CC4BEBF8FDA1728BC6DD53CCB40015 |
SHA-512: | 3F894000B0D464B71F7DF8075D8839F48911B19BE5DBDE40565651ED93C2B5BE75886C2C9924B81A8771E73B9BE1104B88F1ECFD540B1A055106F57A3622F34B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 13372 |
Entropy (8bit): | 2.1473925042420063 |
Encrypted: | false |
SSDEEP: | 96:Xgk+uuuvSZbSG3+LB3mzlvpJbp0HWSj0ToYb4IzV:NGEmUj0/b9 |
MD5: | 40AE2474054CBA4DD18B28D539158E78 |
SHA1: | 1CACCDF691DB4A3362DF4C7115363BF6BAE19254 |
SHA-256: | 2ACE233DC0E2A94C44A4DCCFD6F7126A0B0CA8C10D79FB2FCF6654B1C49ED7AD |
SHA-512: | D0FC99B07C9345C8BF2360CE713088D5AAAEA81D960D5D5AB4B2B5964A2E7ECEA6DB557395D6E49AA2CD358B953594ABE0CAFEB70D7D35453E858D53E29FA14D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 149960 |
Entropy (8bit): | 2.364147876323635 |
Encrypted: | false |
SSDEEP: | 1536:5HR+z0eZQJYAkQDnGvVf1oLJknhmUI/FdOG:2H3G |
MD5: | AB78B9733990369B3E9DC0DD8C82B01A |
SHA1: | B81EA3B50DFF865B78090652590E956D01B09A03 |
SHA-256: | DC05EBFF552FC321C95DAE1FCFCE52682AB2FBC1DD7F37E39A74CD33E4EE8F73 |
SHA-512: | 3E46A89C8B920B44E11DAD59A0E3073AB8F9106457AADC05344388D4D48EDC7DCDA05FC9F275B5636F58CB7FE8CFC1D2A418A06B395D47BE557268394590CFC9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 98872 |
Entropy (8bit): | 2.315181778019076 |
Encrypted: | false |
SSDEEP: | 768:XOIjvbx1DW7ohBb66mQK4BTonxqQbApQK6c:+awc |
MD5: | 7E328FF1675F4035FD4012FA1A739859 |
SHA1: | C3A9AE8FCF918AED84252E8920E9AE1685C9B9A8 |
SHA-256: | 46EC194B848F5709908BBB3E5DC445510A02FCE5EBEBF2DD3C49E60B99CB478C |
SHA-512: | D4A6D551A8D45FC0307B5A4554991B7F770E3BE2CE69B0008E51D161C4204E0CCEECB55529F16017FC422CA12DA58292A1E2A0B7D69A415E9E983227D2A69618 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8208 |
Entropy (8bit): | 2.1398294191890463 |
Encrypted: | false |
SSDEEP: | 96:Eeg2s88nDfgQI5N9fWZBKlA2B79sIRdYZgmR7qii1Bo1V:E/ox7WZ4V79FdigmR7qii1Bo |
MD5: | 657358BC46EB5EAC57B0EBD4CA37B569 |
SHA1: | 4E5EEFCF7279D596D9AA92DD2E767A98C71E5894 |
SHA-256: | 3D3C06A2F04678213C8BF0F34A64ED456BA00A4FBEC82ACF8D6850D67A9A3F09 |
SHA-512: | 0F06307262171B82301FEF2AD1C3A4CC549BC4577BB8908F40E881BA345732C4A822E5009286ED4B386B7A1A3E2F35896C377A43D52BA6753BF80E2C5D4F419E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8184 |
Entropy (8bit): | 2.139796018041356 |
Encrypted: | false |
SSDEEP: | 96:EV5g2s88nDfgsRo5v9CWZBqlA2B79sIRdYZgmR7qii1Bo1V:EaofwWZC79FdigmR7qii1Bo |
MD5: | F51FE5344B566DD2D3CC97BB43307EAB |
SHA1: | 7B9D3BCEDD619F87F6E71E2E830F62F7B341667B |
SHA-256: | A2F08D981F4917EA44AF6B813109EA7BB6CC4BEBF8FDA1728BC6DD53CCB40015 |
SHA-512: | 3F894000B0D464B71F7DF8075D8839F48911B19BE5DBDE40565651ED93C2B5BE75886C2C9924B81A8771E73B9BE1104B88F1ECFD540B1A055106F57A3622F34B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 13372 |
Entropy (8bit): | 2.160795758936947 |
Encrypted: | false |
SSDEEP: | 96:Xgk+uuttT0UGv+0B3atldpJbp0HWSj0ToYb4IzV:QGfMSj0/b9 |
MD5: | 3916ABA74C162A2299A44A36C37A86D6 |
SHA1: | 55A8610B11C5563F87C409878A16FD2DD1561D60 |
SHA-256: | 8EA31523C9A5F647002F972EE947B7EFA5E382F367D0410C91BDBC354A44DC41 |
SHA-512: | B403A4E36DB52A4ABCBA889ACA0A0A4CE818603CA97DA8B5BD8A4379209558AC16E8C1A3384EF35356A448C6503BE8736F8F33E7841A9A128C8FF4076FFA6A39 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 13372 |
Entropy (8bit): | 2.1473925042420063 |
Encrypted: | false |
SSDEEP: | 96:Xgk+uuuvSZbSG3+LB3mzlvpJbp0HWSj0ToYb4IzV:NGEmUj0/b9 |
MD5: | 40AE2474054CBA4DD18B28D539158E78 |
SHA1: | 1CACCDF691DB4A3362DF4C7115363BF6BAE19254 |
SHA-256: | 2ACE233DC0E2A94C44A4DCCFD6F7126A0B0CA8C10D79FB2FCF6654B1C49ED7AD |
SHA-512: | D0FC99B07C9345C8BF2360CE713088D5AAAEA81D960D5D5AB4B2B5964A2E7ECEA6DB557395D6E49AA2CD358B953594ABE0CAFEB70D7D35453E858D53E29FA14D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 98872 |
Entropy (8bit): | 2.315181778019076 |
Encrypted: | false |
SSDEEP: | 768:XOIjvbx1DW7ohBb66mQK4BTonxqQbApQK6c:+awc |
MD5: | 7E328FF1675F4035FD4012FA1A739859 |
SHA1: | C3A9AE8FCF918AED84252E8920E9AE1685C9B9A8 |
SHA-256: | 46EC194B848F5709908BBB3E5DC445510A02FCE5EBEBF2DD3C49E60B99CB478C |
SHA-512: | D4A6D551A8D45FC0307B5A4554991B7F770E3BE2CE69B0008E51D161C4204E0CCEECB55529F16017FC422CA12DA58292A1E2A0B7D69A415E9E983227D2A69618 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 44256 |
Entropy (8bit): | 3.147465798679962 |
Encrypted: | false |
SSDEEP: | 384:j1W5NF0vUXfOjwTsiyGGiugBhUErpxTORe4tyJ2c:ZWYW+GGidBhUErpxTORe4ty5 |
MD5: | 36D8FF25D14E7E2FBB1968E952FF9C17 |
SHA1: | E3BD7140DA6CAD87C5A1D5417DFBDD7B0E67B110 |
SHA-256: | 305DCBFBEB9FFEE587E061D779CA1DDF31939ECD64EEE7D8A22BA9D640B48633 |
SHA-512: | B4B753222F617F78B36949BD9F37E13D68D9FD7367484BEE799F0D7AE38E1705E997A6409251BC2B9830012536FBD08C3C6CB7411D9122F939833F38E303DCBF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 13372 |
Entropy (8bit): | 2.1473925042420063 |
Encrypted: | false |
SSDEEP: | 96:Xgk+uuuvSZbSG3+LB3mzlvpJbp0HWSj0ToYb4IzV:NGEmUj0/b9 |
MD5: | 40AE2474054CBA4DD18B28D539158E78 |
SHA1: | 1CACCDF691DB4A3362DF4C7115363BF6BAE19254 |
SHA-256: | 2ACE233DC0E2A94C44A4DCCFD6F7126A0B0CA8C10D79FB2FCF6654B1C49ED7AD |
SHA-512: | D0FC99B07C9345C8BF2360CE713088D5AAAEA81D960D5D5AB4B2B5964A2E7ECEA6DB557395D6E49AA2CD358B953594ABE0CAFEB70D7D35453E858D53E29FA14D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 150296 |
Entropy (8bit): | 2.366927564562352 |
Encrypted: | false |
SSDEEP: | 1536:CHAe0p6eZQJYAkQDnGvVf1oLJknhmUI/Fc3I:hpRnI |
MD5: | 811E56B7750FA327FF8894DBFE3B7FC0 |
SHA1: | FBC3FD9923F42E6AFF9A776451E2F1EB3F015DB9 |
SHA-256: | D47FD1693E7016B620B0F2E0D29ABA530FD3DBCB57ADE7B51E98814619535C1C |
SHA-512: | 6D124FC8905E83601D5403E3FA501BB2F1204FCB09A20056311BE62B3BDDDDB00FEAE786671BF526719FAAF74F43CCBDA6EA67309B5532486BB99751CA9ADBC7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 13444 |
Entropy (8bit): | 2.1581245620306637 |
Encrypted: | false |
SSDEEP: | 96:tgk+uuVPZukH/GF+rB3YPlb3pJbp0HWSj0ToYb4IzV:qGCYlKj0/b9 |
MD5: | 11F3B1AFC8B93322F41B8E2976FA5232 |
SHA1: | 35C416E1D7D0047947F1D9C78245B39157ABBBC9 |
SHA-256: | 316316F41A3A8C59EFCAA2A1699D11329CE2C3B027EE0D690A4122EA2F3B3438 |
SHA-512: | 402CE17AD59EBABA5B8BA3314C4125003385AF0832DF2E409107B8A7309F0A15194724F316C38FBD05C1E78F63B6D45AFB0E32D359BE880D3391913CB9A1BE24 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 44256 |
Entropy (8bit): | 3.15066292565687 |
Encrypted: | false |
SSDEEP: | 384:IhpMW5NFNimpUIuOjwTsiyGGiugBhUErpxTORe4tyIWY5:BWzi+8+GGidBhUErpxTORe4tyI9 |
MD5: | F1EC2E98B0F577B675156B13DCF94105 |
SHA1: | 4FF2D02051E92771FBB245BA8095C80148A0F61A |
SHA-256: | 66AFB9C12E20A08F9A713C366EDE8A9CD8F4A93B7D7BFC76205013C28A3250E9 |
SHA-512: | 6E442DB49BF2A429AD2CA7CB3804D79791C1E1FEB414F69FDDD58042E98C5AA5BFC1C751713DB76DD58DC9F3CAC3A7C491228797A909F8FD0291048E8F2FC9BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 99352 |
Entropy (8bit): | 2.3136165760823117 |
Encrypted: | false |
SSDEEP: | 768:hOk4vdB1DW7ohBb66mQK4BTonxqQbApQK6c:U5wc |
MD5: | 544DC4FE93B389F51FB0324233EDEA41 |
SHA1: | E0D276BE4EEE929F3C4A7DA5C2E02D1556C9EB55 |
SHA-256: | 626FB90E6606C22F739BA4F3085C2D763A7916694295E6B5B84443631A28A346 |
SHA-512: | 5B7045EB2E9903EC8E686F7DE1E5DF6165331E2C517CD1C3780CDDA10352E5C9E8EFD4F8578B50F0C461AF49C821C4D373693BB410F0652A0440139A09F5C4EA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8084 |
Entropy (8bit): | 2.5551694039574895 |
Encrypted: | false |
SSDEEP: | 96:j+RiOO++Z39FAcRwxBdEtzBfCC7Boff8oBJ6ANQ4HJV:jtGNOzBArH |
MD5: | 721E8AAC81F0A6D4659831CB8194D668 |
SHA1: | 6BE0CEFAEC9F0B1EAD9DE03C8D4679767CF8B549 |
SHA-256: | E52DF310BB20C42F738A3C8E03ED4110CB795B8A07AE5D4E474EA075564B1622 |
SHA-512: | 24CACEED3153493E34988C35628FAA2C198C9B13AFDD8ABC214EFBA0ACCD0579BADCD5EB0F76F5BDA16D3A279DB4DF4BB218ABD5FFD751C6E62676BD1AAEF2E7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 153132 |
Entropy (8bit): | 2.3475145785826403 |
Encrypted: | false |
SSDEEP: | 1536:GAOsHV+DAtQaqrUPig97qG7bIQWkaYgJzQp:jdbp |
MD5: | 00F44ACEBCC79C40BBC3A6DB23EDBD6E |
SHA1: | 69E3D0D6E877268A1AC3C6FBB0DB83F62976EFB5 |
SHA-256: | 3376D5411FF0B0286D5BAF9323176C24B644BDDA527D9F661CE2C99E453E0877 |
SHA-512: | 6EB6034B264CC5174004E202365DC618815CA6ABCA8A72C9005E1A3F799E9EDE184DC7884B64B3741E4DD4B2F7B7E3E295434ED6CAD4D8DD1B83FAC82F8C6353 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 109544 |
Entropy (8bit): | 4.282675970330063 |
Encrypted: | false |
SSDEEP: | 768:I4KlWqWxZiDQ4hHdCUeHxCDJB9Cnh3KCg0F9BV:I42WxF4MyeKCV |
MD5: | F7B9A8F20E64B2CB6B572BCBA5866236 |
SHA1: | 2F092A0A518639332BE76BF60DBB966AC331D356 |
SHA-256: | 72447B22A4BBC05B9E9183DF2ADB712AB51C3A45C6247C2303024197D1623F57 |
SHA-512: | 4A78624A9EB02208F3F30D03CC53EBE00BDD2C59E8F7719E35E706D51CD2F8D0D330BE6D6FAD2A9652536F888CB99E0CBE1E3B97A05EA65CB5914C37C501B728 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 38 |
Entropy (8bit): | 4.218469211370857 |
Encrypted: | false |
SSDEEP: | 3:XMzKXvwg3ekVR:wKoPg |
MD5: | 747C4630DB2B517212CBB21C143BBCC0 |
SHA1: | C6EF21A5467CEC5C604F2A1D74F3CA01FEA45766 |
SHA-256: | 9BECF04824FD08F7A82078A50CD483D16682F0F04FCABA8464E1AB64CF719283 |
SHA-512: | 195DE64DA15BD3E5731E0C2732565908765429C423D619E679F7D153493532CA37DF5D25D2F107CC960EACA037A27D6875E5C4192D85F01480CB8E757959558C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1734707063546365800_1224D4D7-DB6A-4C3E-AFBE-A5D244BB04C1.log
Download File
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 8.112143835430977E-5 |
Encrypted: | false |
SSDEEP: | 3:Tuekk9NJtHFfs1XsExe/t:qeVJ8 |
MD5: | AFDEAC461EEC32D754D8E6017E845D21 |
SHA1: | 5D0874C19B70638A0737696AEEE55BFCC80D7ED8 |
SHA-256: | 3A96B02F6A09F6A6FAC2A44A5842FF9AEB17EB4D633E48ABF6ADDF6FB447C7E2 |
SHA-512: | CAB6B8F9FFDBD80210F42219BAC8F1124D6C0B6995C5128995F7F48CED8EF0F2159EA06A2CD09B1FDCD409719F94A7DB437C708D3B1FDA01FDC80141A4595FC7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1734707063546680300_1224D4D7-DB6A-4C3E-AFBE-A5D244BB04C1.log
Download File
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1734707156694810100_AF6BA543-84D0-426D-A7EA-32E6947B592F.log
Download File
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 71 |
Entropy (8bit): | 4.3462513114457515 |
Encrypted: | false |
SSDEEP: | 3:Tuekk9NJtHFfs1XsExen:qeVJ8u |
MD5: | 8F4510F128F81A8BAF2A345D00F7E30C |
SHA1: | 8C711E6C484881ECDC83B6BDAC41C7A19EDE9C37 |
SHA-256: | 15AA8B35FC5F139EF0B0FBC641CAA862AED19674625B81D1DC63467BC0AAFED9 |
SHA-512: | 78695E5E2337703757903B8452E31A98F860022B04972651212C3004FEBE29017380A8BCA9FCCFD935DE00D8BD73AA556C30A3CEA5FC76E7ADF7E7763D68E78F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1734707063543428900_1224D4D7-DB6A-4C3E-AFBE-A5D244BB04C1.log
Download File
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.21696248242958527 |
Encrypted: | false |
SSDEEP: | 1536:Fo7syyYhc8/nVAe2V5aX13oip+oiKYNXCCgVPLeq/9Rff/hYKCrYz4sfpNAiXSZO:WsFmnVx/4Yoa1JOmMzR9/FLY |
MD5: | D07DC7E4DE727FB61C2300FC33182E46 |
SHA1: | 51EF64B1AC92831A8C8D4EB3A5761E1D7465EB0B |
SHA-256: | 4E8055B44D53E4254B3584D35023433A2C21EBA8E61A0A88C402CFC71A4C46C1 |
SHA-512: | AD0C8A7DB505658D54DE01B71FCF3D2CE72BEBA7AD3A10069C65E95CA2AD299AC9A9EE06A64979FFB4FA074176D770C9B6DA28771B8DC21EF0D9B03145723A2B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1734707063543839100_1224D4D7-DB6A-4C3E-AFBE-A5D244BB04C1.log
Download File
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1734707156693865000_AF6BA543-84D0-426D-A7EA-32E6947B592F.log
Download File
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 567332 |
Entropy (8bit): | 5.31998672632733 |
Encrypted: | false |
SSDEEP: | 1536:F/usOVwKfqFKrcTGRH/kUPWan2sFmEKtDj1gYLuQ+xEhzeTMkR0HRXHJ/kDfab+8:csVKr7Z/kOj2xjce9/FLYICr8r |
MD5: | 887CC9F2C5EC59B7F6E3762D520EC457 |
SHA1: | 87FD5D1926D041B7C64D4EF97EFB3A0952DAB8B8 |
SHA-256: | 88E16F411A10AFAEF81AD129D6CD26409028962D9796CD59F2C18068011F7028 |
SHA-512: | D2519ADCF3D00BFD889E7BA0E031EAC3B519405F173EE5F0F36C00184E256224F9447B51B0F9A29052F3DB9C3B496FC931ADAE479AD04EEEBA4332550802D8C1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1584 |
Entropy (8bit): | 2.6928361216532144 |
Encrypted: | false |
SSDEEP: | 24:YxIPuk+z7Fl3HyFOqYp2IyoeyjkFP5VQBMQRgYOCE+E7UXOKI5KazYvKISmtzGd2:YxAT+PFKUFM78BMQiYOSVIADK+GTzq |
MD5: | CE32F70E720ADCBCA3832170077678F5 |
SHA1: | DBC905854C8C46BA08DFE3CB040A644C06E76F8D |
SHA-256: | DC3B4A2D32EEB0B387AD67EE71194B61AB60818C633DF870DA89F5485D26FACE |
SHA-512: | 48BC3D3AF66EBA0CBA9941D3D8AA1E4360683DE7EDFB8489EACACA9052CF717136EA7CC6B9E58958B454D265C1A011865421BA818D461A15BFD17453DD14C2F0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 7.471672312730222 |
Encrypted: | false |
SSDEEP: | 768:aU/DwTo0TJZpXXGvdfBwEhkYTEEYzIMEK7ilqjqofK:/h0tZp4tSEqzEYzIMEHl3 |
MD5: | 5563A74B780C7D134F198CDFFA10F2AE |
SHA1: | 39E3E997CC260DAEF25D1C9948C0586615A91598 |
SHA-256: | FD4ED2FB2AFC1DFC5F0823852C275983EA7D26AA3A3675B685C6242C35D75D7D |
SHA-512: | 049A8056710F9A81D3D63276009E6249C7268EBDFCC76341F404824E449D0D17362675AB58333CBCA303AB158DD5A5A6CCCEF88694A95DED3D89670E2D607203 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 6.4666351200891485 |
Encrypted: | false |
SSDEEP: | 192:+CPUgZlJJ9vnUufWG72ofW2snm2bBxPDmSj8+PqSx6:FMgZlJJlnUufV2oO28nfDj84x6 |
MD5: | B9316D0AF915E8300A91B4ACBA4AAF9B |
SHA1: | 33CF7ECEF68A603C5DA5E14C30A3B303281A0432 |
SHA-256: | 1ECA1C35869561FFD9BBBA14B738CA993E675FAA939B14381A93387A77E1A114 |
SHA-512: | 32D24158B9FD2B4DE324C2D3BE6819ABFA8A4287CB9516420148DDBF8833FBC01198B2C534F0192B6F94A0CCD5436CFE6F55E878A69AFFC9250D7F2BE4BA0060 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 53760 |
Entropy (8bit): | 7.385765624319284 |
Encrypted: | false |
SSDEEP: | 768:A5VIHbSIpsp3/10qfTaClc4xJNzD/1FCUpeZ8Ak5mhvMYVZAf:AkHbXpsJ2crDtkFZ8nukB |
MD5: | F5A89BC66779754CFB13A2AA811B04A8 |
SHA1: | B8B82DC7417622E9DEC6C1BDEFA4E797F851D8AB |
SHA-256: | 2ADD58D9AA42AFF69B088733753718701CD924BA07A7DCFF097EB757A02EFA37 |
SHA-512: | 60550CC977D3F78D86F0FF34B1456B7697B120F3C7D88E80E20B0AB194C08D53693514A6D3B6BD34714BC200A5734E7266D390F4A9ED731108D6A1884011862C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 229376 |
Entropy (8bit): | 6.394430044729381 |
Encrypted: | false |
SSDEEP: | 6144:9X7zwPk3hbdlylKsgwyzcTbWhZFVE+WaxHAEWhcI7PIDqZ8:9wQW+APJ |
MD5: | DC4A3849CB3F9A4F466711C4793B7CDB |
SHA1: | 00299AEE0DD95AF72D0B0623B5456EA5639E3C8A |
SHA-256: | FBEBBC65B613AE9012E58753435A11CBF1E525E0F96BFBF7C432FC64A13ADFD2 |
SHA-512: | DA088CD71FB159F438BC2D6C09DFCCF5F000580BAE8D7338912FF10C0B7AF3850630775A2C6858594D10E798646686EAA10D9DA68C3C76B22F9531F701A894F1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 854528 |
Entropy (8bit): | 7.6234148495739325 |
Encrypted: | false |
SSDEEP: | 12288:RweW+fJEUiOIBUzMTSRD3DERnLRmF8DhEPDxpsAQx1Zj+j9EPVPJBKASDbz:R/BaQbARM8Az8Z+joVPJBK7n |
MD5: | FE530E03039EC67DC9B28B1E7BBC4851 |
SHA1: | 81BDB19A4C86655A40BC166249C6D3A47D865BC6 |
SHA-256: | 82B54ABFC12BAAF89C24A1B423E9DA29A418E5F50E25885F779A20888AE36AE1 |
SHA-512: | D0B6FEEB2CF71FFFAD1404ECDF71E4601A850A3F6788DB8BB73BD612ACF3B5256CC0C035701B7E9627D1B5B8A08D77B8BA8491030548A110F64AE126A14EACD2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 854528 |
Entropy (8bit): | 7.6234148495739325 |
Encrypted: | false |
SSDEEP: | 12288:RweW+fJEUiOIBUzMTSRD3DERnLRmF8DhEPDxpsAQx1Zj+j9EPVPJBKASDbz:R/BaQbARM8Az8Z+joVPJBK7n |
MD5: | FE530E03039EC67DC9B28B1E7BBC4851 |
SHA1: | 81BDB19A4C86655A40BC166249C6D3A47D865BC6 |
SHA-256: | 82B54ABFC12BAAF89C24A1B423E9DA29A418E5F50E25885F779A20888AE36AE1 |
SHA-512: | D0B6FEEB2CF71FFFAD1404ECDF71E4601A850A3F6788DB8BB73BD612ACF3B5256CC0C035701B7E9627D1B5B8A08D77B8BA8491030548A110F64AE126A14EACD2 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.744269957296979 |
TrID: |
|
File name: | MS100384UTC.xls |
File size: | 1'123'840 bytes |
MD5: | 59b463677f083cb8bf771e27162ef915 |
SHA1: | d97b1cdbb09e2b4b93f8de903460fade41382ff0 |
SHA256: | c306daeb532d48d6f51f35c1612d9bed38e854aa80eb86f14513c06a6bee67d7 |
SHA512: | c8c45e4a7f43e6ff3e60d44367ff43e24753e670dcf9e7d3ebf2d6444aff7a46c612362b0f83b3683b23098c2f67ee528541ff5d3654d56ba018fa1c018b10a6 |
SSDEEP: | 24576:iBajbARM8A18Z+jZ+X+VcVtsnV6+05dpd:ihU1XjZ+uaNb3 |
TLSH: | 763501E5738DAB52C609563575F393AE1714AC03E902423B36F8B31D1AFB6D08643F9A |
File Content Preview: | ........................>.......................................................i...j...k...l...m...............V...W...r.......g.......i...................................................................................................................... |
Icon Hash: | 35ed8e920e8c81b5 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2024-12-20 07:24:08 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` ! . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 21 8f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` 3 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 fe 33 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 0b bc 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e2 09 fd 9d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e2 09 09 b0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.260350317504982 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . \\ 7 ( R . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD006207A4/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A4/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 12479 |
Entropy: | 7.0945112382968425 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a7 95 f9 99 84 01 00 00 14 06 00 00 13 00 dd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A5/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A5/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 37036 |
Entropy: | 7.720975169587741 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . 8 . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 b7 a1 38 de e3 01 00 00 cb 09 00 00 13 00 e9 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 e5 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/\x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.701136490257069 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F e u i l 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00 |
General | |
Stream Path: | MBD006207A6/\x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 220 |
Entropy: | 3.372234242231489 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . \\ . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ; { ) . @ . . . . Z % . } . @ . . . . % ? ` * C . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 ac 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 08 00 00 00 5c 00 00 00 12 00 00 00 68 00 00 00 0b 00 00 00 80 00 00 00 0c 00 00 00 8c 00 00 00 0d 00 00 00 98 00 00 00 13 00 00 00 a4 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | MBD006207A6/MBD0018D4CE/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.5689955935892812 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/MBD0018D4CE/\x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 4 |
Entropy: | 0.8112781244591328 |
Base64 Encoded: | False |
Data ASCII: | . . . . |
Data Raw: | 00 00 03 00 |
General | |
Stream Path: | MBD006207A6/MBD0018D4CE/Contents |
CLSID: | |
File Type: | Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c |
Stream Size: | 197671 |
Entropy: | 6.989042939766534 |
Base64 Encoded: | True |
Data ASCII: | C P T 9 F I L E . . . . . . . . . . . . . . . . 8 . 8 . . . . . . . . . . . . . . . . . . . . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 43 50 54 39 46 49 4c 45 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 38 b4 00 d0 38 b4 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00 94 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/MBD0068D442/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.219515110876372 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/MBD0068D442/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 26243 |
Entropy: | 7.635433729726103 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . & . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a1 26 fd 83 92 01 00 00 ae 05 00 00 13 00 e0 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 dc 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/MBD007203CB/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/MBD007203CB/\x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 248 |
Entropy: | 3.0523231150355867 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P u r c h a s e O r d e r T e m p l a t e . . . . . . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a2 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | MBD006207A6/MBD007203CB/\x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 256 |
Entropy: | 4.086306928392587 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . B r a t i s l a v M i l o j e v i c | E L M E D d . o . o . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . N ; . . @ . . . . . . . @ . . . . v @ n ) C . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 d0 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 08 00 00 00 7c 00 00 00 12 00 00 00 8c 00 00 00 0b 00 00 00 a4 00 00 00 0c 00 00 00 b0 00 00 00 0d 00 00 00 bc 00 00 00 13 00 00 00 c8 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | MBD006207A6/MBD007203CB/Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 134792 |
Entropy: | 7.974168320310173 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . Z i ^ . m . q l % . w " . x . Z q C b g i ' . h . . # . . . . . . . P . . . \\ . p . . 6 u ! l ( n y I T 5 W { L : 1 J . S . . . . 0 x . 3 . ` . X { ( / z 7 / . 8 x X g X # v . . [ d C y . . s . ] G 9 m . u . . . B . . . R a . . . . . . . = . . . L . . . O . . r 7 . v . . . " . . . . " _ K : . . . . . . . . . j # . . . . K . . . . . . . . = . . . " j ! ; . g . . @ . . . . . . . ^ " . . . 9 . . . . r . . . . . . . 1 . . . : . t . ? e . ) n S P x . b & 1 |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 5a 69 5e 2e a6 e0 6d 97 16 71 6c a3 ef b8 25 05 77 88 22 87 ec d8 b3 78 17 a4 5a 71 43 ad a8 c2 62 67 69 b8 d9 e2 27 83 c8 df b8 f6 68 1b 05 23 e1 00 02 00 b0 04 c1 00 02 00 ef 50 e2 00 00 00 5c 00 70 00 13 36 75 21 6c 28 6e bd 95 81 f4 c7 79 fa 49 54 35 99 57 f1 85 8d fb f3 e2 7b 4c b1 ea 3a |
General | |
Stream Path: | MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 468 |
Entropy: | 5.269289820125323 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 1 9 C 9 4 3 8 D - F 0 7 5 - 4 2 6 8 - 9 E 6 E - 7 B 8 A E 6 6 D 5 A 0 F } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " C D C F 3 A 0 A C A D 2 C E D 2 C E D 2 C E D 2 C E " . . D P B = " 9 9 9 B 6 E 9 3 6 F 9 |
Data Raw: | 49 44 3d 22 7b 31 39 43 39 34 33 38 44 2d 46 30 37 35 2d 34 32 36 38 2d 39 45 36 45 2d 37 42 38 41 45 36 36 44 35 41 30 46 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 83 |
Entropy: | 3.0672749060249043 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2486 |
Entropy: | 3.9244127831265385 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | MBD006207A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 536 |
Entropy: | 6.330646364694152 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . C W ] i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . |
Data Raw: | 01 14 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 43 57 5d 69 12 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
General | |
Stream Path: | MBD006207A6/MBD00726B69/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.219515110876372 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/MBD00726B69/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 26242 |
Entropy: | 7.635424485665502 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . & . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a1 26 fd 83 92 01 00 00 ae 05 00 00 13 00 e0 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 dc 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A6/Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 283872 |
Entropy: | 7.743278150467805 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . H < l - 9 . . . . . . . X . @ . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
Stream Path: | MBD006207A7/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A7/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 45934 |
Entropy: | 7.5587990853484195 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 8c e9 8c 8c 7e 01 00 00 8c 05 00 00 13 00 dc 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d8 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD006207A8/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 806 |
Entropy: | 5.102215976650107 |
Base64 Encoded: | False |
Data ASCII: | . . . . A . l - { . . . . . . . . . . . . 2 . . . y . . . K . . . . . h . t . t . p . s . : . / . / . s . . . d . e . e . m . o . s . . . c . o . m . / . q . j . E . 1 . B . c . W . g . ? . & . s . m . o . k . e . = . w . e . a . l . t . h . y . & . c . o . m . m . a . = . a . n . n . o . y . e . d . & . t . a . n . k . f . u . l . = . w . a . c . k . y . & . l . i . t . e . r . a . t . u . r . e . . . P . . S . # c - . " . . : P . H 9 M R 3 7 9 k 6 O o ~ g j . . . , / [ . v [ D " v Z c . 4 5 ~ . @ < J . M |
Data Raw: | 01 00 00 02 41 8f 02 6c 2d 81 d8 7b 00 00 00 00 00 00 00 00 00 00 00 00 32 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 2e 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 73 00 2e 00 64 00 65 00 65 00 6d 00 6f 00 73 00 2e 00 63 00 6f 00 6d 00 2f 00 71 00 6a 00 45 00 31 00 42 00 63 00 57 00 67 00 3f 00 26 00 73 00 6d 00 6f 00 6b 00 65 00 3d 00 77 00 65 00 61 00 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 319988 |
Entropy: | 7.998590879161447 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . l k e " . . T R 7 $ + G . ~ " K e . . 9 # } C _ V . . . . . . . . . M . . . \\ . p . r [ O I U . . w . t n 6 3 q H . . F u . [ 8 . L * V ' 1 ) e > . . . . * \\ . . 2 . 5 y . . . d 7 & . . B . . . a . . . % M . . . = . . . . . . . . * 6 @ . j . N ` . . . . . . . . . . a . . . . 3 . . . . . . . . ; . . . . \\ = . . . P ` d > a [ / . . g [ @ . . . @ . . . k " . . . . ` . . . . F 1 . . . 3 . . . . 1 . . . ) $ . $ r V q ) . E | ; [ v . O & L 0 . 1 . . . . . . 5 |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 6c b5 ce 6b 65 a6 dc 22 7f 7f 54 52 37 24 2b 47 7f 7e 9e 22 4b 65 0d 13 39 23 7d ac 94 8a ea fc f1 43 8e 85 ba b6 82 5f f6 56 87 2e bc da e4 0a e1 00 02 00 b0 04 c1 00 02 00 8d 4d e2 00 00 00 5c 00 70 00 fa 72 5b 91 4f dc 49 f3 e1 e2 c4 55 8a cb fd 02 19 77 0f a0 74 d2 d5 ff a1 6e da 36 df 33 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 527 |
Entropy: | 5.254178060321263 |
Base64 Encoded: | True |
Data ASCII: | I D = " { E 1 2 2 2 7 D 7 - 3 F 5 8 - 4 E C 2 - A 9 2 4 - 4 C 8 5 C 1 0 E 7 5 E B } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 1 9 1 B C 7 F D C B F D C B F D C |
Data Raw: | 49 44 3d 22 7b 45 31 32 32 32 37 44 37 2d 33 46 35 38 2d 34 45 43 32 2d 41 39 32 34 2d 34 43 38 35 43 31 30 45 37 35 45 42 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 20, 2024 16:05:18.425332069 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:18.425383091 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:18.425441980 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:18.427438974 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:18.427453995 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:20.127860069 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:20.127959013 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:20.129460096 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:20.129484892 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:20.130693913 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:20.130758047 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:20.132455111 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:20.132541895 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:20.132841110 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:20.132860899 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:20.132893085 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:20.144376040 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:20.191359043 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:21.188205004 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:21.188260078 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:21.188271046 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:21.188281059 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:21.188322067 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:21.195036888 CET | 49816 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:21.195050001 CET | 443 | 49816 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:21.196898937 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:21.196913004 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:21.196980953 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:21.198563099 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:21.198575020 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:22.852582932 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:22.852653027 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:22.854980946 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:22.854994059 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:22.855401993 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:22.855457067 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:22.856534004 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:22.856611967 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:22.856662035 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:22.856815100 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:22.899362087 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:23.597887039 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:23.597913027 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:23.597939968 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:23.597948074 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:23.597987890 CET | 443 | 49818 | 14.103.79.10 | 192.168.2.24 |
Dec 20, 2024 16:05:23.598002911 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:23.598022938 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:23.598042011 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:23.598813057 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Dec 20, 2024 16:05:23.598849058 CET | 49818 | 443 | 192.168.2.24 | 14.103.79.10 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 20, 2024 16:04:09.015593052 CET | 61154 | 53 | 192.168.2.24 | 1.1.1.1 |
Dec 20, 2024 16:05:17.501480103 CET | 54595 | 53 | 192.168.2.24 | 1.1.1.1 |
Dec 20, 2024 16:05:18.424280882 CET | 53 | 54595 | 1.1.1.1 | 192.168.2.24 |
Dec 20, 2024 16:05:56.212402105 CET | 56403 | 53 | 192.168.2.24 | 1.1.1.1 |
Dec 20, 2024 16:05:56.349145889 CET | 53 | 56403 | 1.1.1.1 | 192.168.2.24 |
Dec 20, 2024 16:05:57.234168053 CET | 54595 | 53 | 192.168.2.24 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 20, 2024 16:04:09.015593052 CET | 192.168.2.24 | 1.1.1.1 | 0x9000 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 20, 2024 16:05:17.501480103 CET | 192.168.2.24 | 1.1.1.1 | 0xd018 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 20, 2024 16:05:56.212402105 CET | 192.168.2.24 | 1.1.1.1 | 0x1212 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 20, 2024 16:05:57.234168053 CET | 192.168.2.24 | 1.1.1.1 | 0xc19c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 20, 2024 16:04:09.308499098 CET | 1.1.1.1 | 192.168.2.24 | 0x9000 | No error (0) | cxcs.microsoft.net.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 20, 2024 16:05:18.424280882 CET | 1.1.1.1 | 192.168.2.24 | 0xd018 | No error (0) | 14.103.79.10 | A (IP address) | IN (0x0001) | false | ||
Dec 20, 2024 16:05:56.349145889 CET | 1.1.1.1 | 192.168.2.24 | 0x1212 | No error (0) | 162.159.61.3 | A (IP address) | IN (0x0001) | false | ||
Dec 20, 2024 16:05:56.349145889 CET | 1.1.1.1 | 192.168.2.24 | 0x1212 | No error (0) | 172.64.41.3 | A (IP address) | IN (0x0001) | false | ||
Dec 20, 2024 16:05:57.371979952 CET | 1.1.1.1 | 192.168.2.24 | 0xc19c | No error (0) | assets.msn.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.24 | 49816 | 14.103.79.10 | 443 | 6888 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-20 15:05:20 UTC | 272 | OUT | |
2024-12-20 15:05:21 UTC | 397 | IN | |
2024-12-20 15:05:21 UTC | 38 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.24 | 49818 | 14.103.79.10 | 443 | 6888 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-20 15:05:22 UTC | 213 | OUT | |
2024-12-20 15:05:23 UTC | 448 | IN | |
2024-12-20 15:05:23 UTC | 3620 | IN | |
2024-12-20 15:05:23 UTC | 1025 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:04:22 |
Start date: | 20/12/2024 |
Path: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a90e0000 |
File size: | 70'082'712 bytes |
MD5 hash: | F9F7B6C42211B06E7AC3E4B60AA8FB77 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 16 |
Start time: | 10:05:25 |
Start date: | 20/12/2024 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79de00000 |
File size: | 192'512 bytes |
MD5 hash: | AF4A7EBF6114EE9E6FBCC910EC3C96E6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 19 |
Start time: | 10:05:56 |
Start date: | 20/12/2024 |
Path: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a90e0000 |
File size: | 70'082'712 bytes |
MD5 hash: | F9F7B6C42211B06E7AC3E4B60AA8FB77 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
9 | Attribute VB_Name = "Sheet1" |
10 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
11 | Attribute VB_GlobalNameSpace = False |
12 | Attribute VB_Creatable = False |
13 | Attribute VB_PredeclaredId = True |
14 | Attribute VB_Exposed = True |
15 | Attribute VB_TemplateDerived = False |
16 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
9 | Attribute VB_Name = "Sheet2" |
10 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
11 | Attribute VB_GlobalNameSpace = False |
12 | Attribute VB_Creatable = False |
13 | Attribute VB_PredeclaredId = True |
14 | Attribute VB_Exposed = True |
15 | Attribute VB_TemplateDerived = False |
16 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
9 | Attribute VB_Name = "ThisWorkbook" |
10 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
11 | Attribute VB_GlobalNameSpace = False |
12 | Attribute VB_Creatable = False |
13 | Attribute VB_PredeclaredId = True |
14 | Attribute VB_Exposed = True |
15 | Attribute VB_TemplateDerived = False |
16 | Attribute VB_Customizable = True |