Edit tour

Windows Analysis Report
DNTT-v3.1.xlsb.xlsx

Overview

General Information

Sample Name:	DNTT-v3.1.xlsb.xlsx
Analysis ID:	884307
MD5:	58be1a9f659789f310eedeb51b53cb00
SHA1:	d67441795a3082629c985c3c3603cd529555dfef
SHA256:	d2c498978b976913d00cd3f79816a8e3d3cc57232a2584c7c702ce614ec27f78
Tags:	xlsx
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Document contains an embedded VBA macro with suspicious strings

Searches for Windows Mail specific files

Document contains an embedded VBA macro which executes code when the document is opened / closed

Document contains embedded VBA macros

Potential document exploit detected (unknown TCP traffic)

Potential document exploit detected (performs DNS queries)

Detected TCP or UDP traffic on non-standard ports

Document misses a certain OLE stream usually present in this Microsoft Office document type

Uses SMTP (mail sending)

Classification

Process Tree

System is w7x64

EXCEL.EXE (PID: 1256 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 222.255.103.91:587 -> 192.168.2.22:49183
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587

Source: global traffic

DNS query: name: mail.acsv.com.vn

Source: global traffic

TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587

Source: global traffic

TCP traffic: 192.168.2.22:49183 -> 222.255.103.91:587

Source: unknown

DNS traffic detected: queries for: mail.acsv.com.vn

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\75D6A495.emf

Jump to behavior

System Summary

Document contains an embedded VBA macro with suspicious strings

Source: DNTT-v3.1.xlsb.xlsx	OLE, VBA macro line: .Subject = Logo & " [by " & Environ$("username") & " - at " & Environ$("computername") & "]"
Source: DNTT-v3.1.xlsb.xlsx	OLE, VBA macro line: .HTMLBody = "File DNTT dang duoc mo voi thong tin nhu sau:" & "<BR>" & "<BR>" & "+ User: " & Environ$("username") & "<BR>" & "+ Computer: " & Environ$("computername") & "<BR>" & "+ File located at: " & ThisWorkbook.FullName & "<BR>" & "+ Time: " & Now & "<BR>" & "+ Product Code: " & ProductCode & "<BR>" & "+ Version: " & MyVersion

Source: DNTT-v3.1.xlsb.xlsx

OLE, VBA macro line: Private Sub Workbook_Open()

Source: DNTT-v3.1.xlsb.xlsx

OLE indicator, VBA macros: true

Source: DNTT-v3.1.xlsb.xlsx	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~DF6F7D75D952D3162B.TMP.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR3590.tmp

Jump to behavior

Source: classification engine

Classification label: mal48.troj.spyw.expl.winXLSX@1/12@1/1

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$DNTT-v3.1.xlsb.xlsx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/media/image5.emf
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/drawings/vmlDrawing2.vml
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/drawings/drawing3.xml
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/media/image2.emf
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/media/image4.emf
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/media/image3.emf
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/drawings/_rels/vmlDrawing2.vml.rels
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/drawings/drawing2.xml
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin
Source: DNTT-v3.1.xlsb.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings4.bin

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: ~DF6F7D75D952D3162B.TMP.0.dr

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: DNTT-v3.1.xlsb.xlsx	Stream path 'FrmAbout/o' entropy: 7.92965968979 (max. 8.0)
Source: DNTT-v3.1.xlsb.xlsx	Stream path 'FrmMain/o' entropy: 7.92968111429 (max. 8.0)

Stealing of Sensitive Information

Searches for Windows Mail specific files

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Directory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail *	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Directory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail account<.oeaccount	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Directory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail unknown	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Directory queried: C:\Users\user\AppData\Local\Microsoft\Windows Mail unknown	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	12 Scripting	Path Interception	Path Interception	1 Masquerading	OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Email Collection	Exfiltration Over Other Network Medium	1 Non-Standard Port	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 Exploitation for Client Execution	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	12 Scripting	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	11 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
DNTT-v3.1.xlsb.xlsx	0%	ReversingLabs
DNTT-v3.1.xlsb.xlsx	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mail10391.maychuemail.com	222.255.103.91	true	false		unknown
mail.acsv.com.vn	unknown	unknown	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
222.255.103.91	mail10391.maychuemail.com	Viet Nam		7643	VNPT-AS-VNVietnamPostsandTelecommunicationsVNPTVN	false

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	884307
Start date and time:	2023-06-08 18:05:37 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Run name:	Without Instrumentation
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	DNTT-v3.1.xlsb.xlsx
Detection:	MAL
Classification:	mal48.troj.spyw.expl.winXLSX@1/12@1/1
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .xlsx

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Exclude process from analysis (whitelisted): dllhost.exe
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
VNPT-AS-VNVietnamPostsandTelecommunicationsVNPTVN	Inquiry_65621.exe	Get hash	malicious	Snake Keylogger, StormKitty	Browse	103.119.85.190
	68U0QXnd7X	Get hash	malicious	Mirai Moobot	Browse	203.162.81.2
	wuININp85R	Get hash	malicious	Mirai	Browse	203.162.81.1
	85767629937021522.doc	Get hash	malicious	Unknown	Browse	123.30.139.93
	02132022769992.doc	Get hash	malicious	HawkEye MailPassView	Browse	123.30.139.93
	ACH Payment Confirmation.htm	Get hash	malicious	HTMLPhisher	Browse	123.30.139.93
	xs8ZDCjaun	Get hash	malicious	Mirai	Browse	123.30.244.89
	gunzipped.exe	Get hash	malicious	Lokibot	Browse	123.30.136.234
	xd.arm	Get hash	malicious	Mirai	Browse	203.162.81.5
	o2VoxS1Hs4.exe	Get hash	malicious	AsyncRAT	Browse	123.30.136.111
	37transcrip.exe	Get hash	malicious		Browse	203.176.59.222
	1youtube2@youtube.exe	Get hash	malicious		Browse	203.176.59.222
	31messag.exe	Get hash	malicious		Browse	203.176.59.222
	http://www.malwaeduskills.com/sites/US/New-Order-Upcoming/INV245869673909601	Get hash	malicious		Browse	103.54.250.16
	http://theminetulsa.com/default/US/STATUS/Invoice/	Get hash	malicious		Browse	103.54.250.16
	.exe	Get hash	malicious		Browse	203.176.59.222
	57.html .exe	Get hash	malicious		Browse	203.176.59.222
	document.pdf	Get hash	malicious		Browse	123.30.135.239
	http://www.banhkemminhnguyetvungtau.com/LLC/Invoice-number-26192742/	Get hash	malicious		Browse	103.54.250.2

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3B1D78B1.emf

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	2672
Entropy (8bit):	2.408149114267445
Encrypted:	false
SSDEEP:	24:Y9HlOsD07SLDjr3zGskdDhbDruhLgjJtxHtSvEld5aps8qFCN:eHYe3jGskdYhLgjJtxHtSvE35aO8fN
MD5:	95ECAC60BF7014151CB42D88906C9336
SHA1:	10786D24E9DBAD964D498A9D56B2EEEBC5AC43C4
SHA-256:	4DF28A59148788443C5658ACC07BFA701F2AE257CAC61968FC6B98EC8D02BA79
SHA-512:	AC4CA8B718D147D0AA83DBE69A84D186F0E8A4413ED848A7CC13E6AC8C48376E11B74D298155A9AB8677C14367C35D0F3C37C8BC092008E13846F5F9EB5487E3
Malicious:	false
Reputation:	low
Preview:	....l...........7...%...........Y...D... EMF....p...2.......................8...&...................p\|......F...4...&...GDIC..........9:..................................................&.8...............iii.......-.........!...&.....7.......!.....7.$.....................-.........!...$.............!.....6.......................-.........!...".....6.......!.....5.#.....................-.........!...!.............!.....4.......................-.........!... .4.........-.........!.....2.....................&.8....................................................@..Segoe UI.....$8.....................-.................2.............2...About...............'...............................8...&...........8...&...........................8...&...!.......'...............iii.....%...........L...d...7.......7...%...7...........&...!..............?...........?................................L...d.......$...6...%.......$...7.......!..............?...........?................................'.......

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5189986B.emf

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	2660
Entropy (8bit):	2.452824241114738
Encrypted:	false
SSDEEP:	24:Y8v8Osn0FjqMBwRO++rfD1RKzyoWoGsONvwlUaCAEqCY:9jUGwRQngN5GDNvw2aCXqCY
MD5:	33E805B058BCE2CB38493B094BB8D61E
SHA1:	9ECE10CA144064A5C5A5A3916FAFC06675C1A368
SHA-256:	59B1FBD88631130C36BD7B7361151B32BAF83958C71CD28BB63516AAF33B6096
SHA-512:	8DB4C62A2E082D29DA4F4AFBE13BEF5D74D489162055E51C3E8EF6556BE90358467768B6DE1A9090CBC5E7D0C54A705D99260F1D36EFF84B41C6F0A53A30DD86
Malicious:	false
Reputation:	low
Preview:	....l...........Y...-...........b....... EMF....d...2.......................8...&...................p\|......F...0..."...GDIC........\|..`....................................................Z...............iii.......-.........!.........X.......!.....X.-.....................-.........!...-.............!.....V.......................-.........!...,.....W.......!.....U.,.....................-.........!...+.............!.....T.......................-.........!...*.T.........-.........!...(.R.......................Z....................................................@..Segoe UI.....$8................^....-.................2.............S.#.Save............'...............................Z...............Z...............................Z.......!.......'...............iii.....%...........L...d...X.......Y...-...X...............!..............?...........?................................L...d.......-...W...-.......-...X.......!..............?...........?................................'...........

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\75D6A495.emf

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1084420
Entropy (8bit):	5.5642230502361585
Encrypted:	false
SSDEEP:	12288:FbBaUkDdJjTsBKdtro3O46EJ+aa07EbBaUkDdJjTsBKdtro3O46EJ+aa07R:HaUkJWKHmg+y07AaUkJWKHmg+y07R
MD5:	EE45723F31F5CEBAAC6944C23EF45780
SHA1:	CDD67D5BE4EB295DA593229F311D2109D6BE50A6
SHA-256:	20B4D048401BA36ECA379C45648830AF0B9100BD538749770CB2E73D39E9AE86
SHA-512:	D4CDECCDCCB777431E768E6491D6ECE63E8683777BD85F116ADA4640D36824399CA0FA51E944B9A90E55FF972599D3D879683FBA3C5883426630891250D516BB
Malicious:	false
Preview:	....l...........\|...o...........z....... EMF........5.......................8...&...................p\|......F...\|C..nC..GDIC.........B......VC.........!..................................p.}...............iii.......-.........!...p.....{.......!.....{.n.....................-.........!...n.............!.....y.......................-.........!...l.....z.......!.....x.m.....................-.........!...k.............!.....w.......................-.........!...j.w.........-.........!...h.u....................................,..A.....~.......f.s.....(.......~............Y............................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9406B992.emf

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	2652
Entropy (8bit):	2.455247836377708
Encrypted:	false
SSDEEP:	24:Y8H8OSyV0FjqMBwRO+++L1RKzyoWoGsONvwl5a6qkllqCmlk:9HrNGwRdgN5GDNvw7a61rqCmi
MD5:	516D5B196EBA0D33058941F40C9279ED
SHA1:	2304A8D01FDD67A76137C3A31A5D0BC5F41EABF9
SHA-256:	B11A0F510E80B017369CFB9C33860FC6A9B5B0669033503BBAD60CAF945A4056
SHA-512:	1177462E8112DF03353EA0F7995F40A1C2DF4FE5C84B3031176A21C2407C30E726952BA16A7C304AFDB4F7428AE89CA67F3F85B4E5F6F226DC2F80BF02055D22
Malicious:	false
Preview:	....l...........Y...-...........b....... EMF....\...2.......................8...&...................p\|......F...,... ...GDIC..............................................................Z...............iii.......-.........!.........X.......!.....X.-.....................-.........!...-.............!.....V.......................-.........!...,.....W.......!.....U.,.....................-.........!...+.............!.....T.......................-.........!...*.T.........-.........!...(.R.......................Z....................................................@..Segoe UI.....$8................^....-.................2.............S.#.New...........'.............................Z...............Z...............................Z.......!.......'...............iii.....%...........L...d...X.......Y...-...X...............!..............?...........?................................L...d.......-...W...-.......-...X.......!..............?...........?................................'...............

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D92A5F70.emf

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	2884
Entropy (8bit):	2.5462973325597593
Encrypted:	false
SSDEEP:	24:Y8LOcu0FjqMBwRO++SQFQTD1RKzyoWoGsONvwlOwaooZEXjvqCsqCx4:9y7GwRHQFQLgN5GDNvw4waooijqCsqCS
MD5:	873426F93018F9037AB99C1BC60A858D
SHA1:	2956FE54EE0D94F53FA426777F644AF718836D7A
SHA-256:	DD00BF49C1B968F648E25F51B3C5C7FC8C54DAB2FE0121174D2537D93C2DBCDC
SHA-512:	0D0AA0E7EE85BB63C42053A0EE0BD9B006267E3B2B457EA03A3ED753657AE53709B8D0AC908C8C5757F9F712853AAA933C4AA94FEC14779F0DC152E5321FE544
Malicious:	false
Preview:	....l...........Y...-...........b....... EMF....D...6.......................8...&...................p\|......F...x...j...GDIC...............R.........).....................................Z...............iii.......-.........!.........X.......!.....X.-.....................-.........!...-.............!.....V.......................-.........!...,.....W.......!.....U.,.....................-.........!...+.............!.....T.......................-.........!...*.T.........-.........!...(.R.......................Z....................................................@..Segoe UI.....$8................^....-...........................2.............S.#.Print...................................2.............S.#.Print...............'...............................Z...............Z...............................Z.......!.......'...............iii.....%...........L...d...X.......Y...-...X...............!..............?...........?................................L...d.......-...W...-.......-...X.......

C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	225928
Entropy (8bit):	4.308660710329749
Encrypted:	false
SSDEEP:	1536:cizKLEQNSk8SCtKBX0Gpb2vxKHnVMOkOX0mRO/NIAIQK7viKAJYsA0ppDCLTfMRr:cTNNSk8DtKBrpb2vxrOpprf/ng
MD5:	9E17DFF0AA0E9CA5B3ADBB70A6131DB4
SHA1:	B0B887221694F7EBD76421B9D089B95846543321
SHA-256:	667FE3B8C964CD1F06973394AE6E3005A4797383970005C643D0FBC214F2BA3F
SHA-512:	5F84F8AE80CBDBAFD12AFA001E41435849CCDADD0AAA8D280D182D55BEF460EA753520EA3623B4DA8AE049E7FC7D7D1DE7FCC0626AF3FAE47AE7236D6D30BA43
Malicious:	false
Preview:	MSFT................Q................................$......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........\|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0......*..\+...+..$,...,...,..P-...-......\|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8.......8...........O...............b..4...........LK..............,<...............<...............b...............d...I.............T...........4...P...........................................................................................&!..............................................................................................

C:\Users\user\AppData\Local\Temp\~DF48D2C4BEDCFAEFED.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	180224
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	86D6B1F60177B5B625CB1478E1AF4DDC
SHA1:	0B7BB3EA9B1DE90400938DECCC3C05A0A861CD62
SHA-256:	04DB6BC901FD5824D01B77B0923ABF5D0A1B25C8BC32DCF1D569F2B5DFE609E3
SHA-512:	D9B8D319B4DB40BF762306BF70104AC719FA33EED621FA3BD6EA6891E0127E3BC76C6F3C19C5AB26A58D376EAE69D1043B19A6A1C810C56132715C6FEB6BED36
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF6F7D75D952D3162B.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	753664
Entropy (8bit):	2.7729001325127394
Encrypted:	false
SSDEEP:	3072:BoNAwH/YFjquNq7u00xJRb7y1wZyiw1Ts/xOOQo+ZL6xjZawHwLJCMiB:O71lAXQxiB
MD5:	828D393F43BA1A11C348B8006A4E508E
SHA1:	C15FF2E4314E1F41EA6C06E23422CA983AC7F22C
SHA-256:	3DD1E7F1380DA8B828AEE6F382A0782AD3A00DC48F76BE0B57CC0281FDB02CBA
SHA-512:	26EFB8BA7CDB483CA0D06A8B6C98ACA7B858230E0070CDE083A6DA729CF9B55BAE531442900BB942435DD523836275731B8388203DF73C792CAE92EA56AA3DCE
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF86D4CE46545EA2BD.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFE7890E8E5F5C18D9.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	63EB8CDB8871E1FD24FF711ACA7F9F55
SHA1:	D64F241AAB379A721487CD1452937C06DBF6ABAB
SHA-256:	F4BC1E5E95F61AF52FFE72C0566E9050F194905D04490007DE194223803F8BB3
SHA-512:	41361C685C554F1AC7D2C82A0C578B6222E88CD9BE85AFF6FBCD34691D31F38B1AD86293F6C07B51B5FA742D5AF41D994A2401583C356C8563BA703D51BBC1FF
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$DNTT-v3.1.xlsb.xls

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fV:vBFFGS
MD5:	797869BB881CFBCDAC2064F92B26E46F
SHA1:	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
SHA-256:	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
SHA-512:	1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
Malicious:	false
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C:\Users\user\Desktop\~$DNTT-v3.1.xlsb.xlsx

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fV:vBFFGS
MD5:	797869BB881CFBCDAC2064F92B26E46F
SHA1:	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
SHA-256:	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
SHA-512:	1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
Malicious:	true
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General

File type:	Microsoft Excel 2007+
Entropy (8bit):	7.995295517786062
TrID:	Excel Microsoft Office Open XML Format document with Macro (52504/1) 37.23% Microsoft Excel Office Binary workbook document (40504/1) 28.72% Excel Microsoft Office Open XML Format document (40004/1) 28.37% ZIP compressed archive (8000/1) 5.67%
File name:	DNTT-v3.1.xlsb.xlsx
File size:	1047758
MD5:	58be1a9f659789f310eedeb51b53cb00
SHA1:	d67441795a3082629c985c3c3603cd529555dfef
SHA256:	d2c498978b976913d00cd3f79816a8e3d3cc57232a2584c7c702ce614ec27f78
SHA512:	351bf54aae7f9e1f3e234a17af439e20dac97edd7c8cc6388eb636b1e3837afb3a63c3bb969c0adcc44083904d37b308894fc5b4d39ca01d2b6640ee36adf0de
SSDEEP:	24576:xSolDHszMZqFKjaGL5bhDWlmNbhZhK12cLjJtbP0Cco2SWc:RlrsSYKP1hDBvhK12edN0qvWc
TLSH:	2025339292C93CDEF1031DFD37453AD714DA722EB899A9C924145BD868E2AC329CDE0D
File Content Preview:	PK..........!.................[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon


Icon Hash:	2562ab89a7b7bfbf

Static OLE Info

General

Document Type:	OpenXML
Number of OLE Files:	1

OLE File "/opt/package/joesandbox/database/analysis/884307/sample/DNTT-v3.1.xlsb.xlsx"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Summary

Author:
Last Saved By:
Create Time:	2015-05-05T04:49:53Z
Last Saved Time:	2023-06-01T06:49:29Z
Creating Application:
Security:	0

Document Summary

Thumbnail Scaling Desired:	false
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	16.0300

Streams with VBA

VBA File Name: FrmAbout.frm, Stream Size: 3334

General
Stream Path:	VBA/FrmAbout
VBA File Name:	FrmAbout.frm
Stream Size:	3334
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O * 8 . @ E D a . . n I t , O . a V ^ . D T . . . . . . ] > b J . { % [ . . . . . . . . . . . . . . . . . . . . . . . x . . . . ] > b J . { % [ . O * 8 . @ E D a . . . . . M E . . . . . . . . . . . . . . . . . . . . . P . . . . . . S P . . . . S . . . . . S . . . . . S . . . . . > " . . . . . < X . . . . . . < ( . . . . . . < 0 . . . . . . < 8 . . . . . . < @ . . . . . . < H . . . . . . < `
Data Raw:	01 16 03 00 02 00 01 00 00 a6 07 00 00 e4 00 00 00 d4 02 00 00 d4 07 00 00 ae 08 00 00 3e 0b 00 00 05 00 00 00 01 00 00 00 90 8a bf c2 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff f8 00 ff ff 00 00 4f 2a 9d 38 f3 16 40 45 87 44 61 1b 95 eb f8 85 06 ac be a3 8a 6e 9b 49 86 b5 cb 74 2c 4f e1 0a 81 61 56 9b 5e 14 92 44 b0 54 ba ea 90

VBA Code

Attribute VB_Name = "FrmAbout"
Attribute VB_Base = "0{3135DB52-F0C7-4305-9B4A-568E7549DCE3}{D779E037-C670-4C83-9214-AF5051E2C423}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False


Option Explicit

Private Sub CommandButton1_Click()
Unload Me
End Sub

Private Sub Frame2_Click()

End Sub

Private Sub Label11_Click()

End Sub

Private Sub Label13_Click()

End Sub

Private Sub Label8_Click()

End Sub

Private Sub UserForm_Initialize()
FrmAbout.Label11 = ProductCode
FrmAbout.Label8 = MyVersion
FrmAbout.Label13 = LastUpdate
FrmAbout.Caption = Logo
FrmAbout.TextBox1.Locked = True
End Sub

VBA File Name: FrmMain.frm, Stream Size: 47398

General
Stream Path:	VBA/FrmMain
VBA File Name:	FrmMain.frm
Stream Size:	47398
Data ASCII:	. . . . . . . . . z . . . . . . . . : . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . e . % H I . . Q n y ] . e C U . & / . ) 5 . X D F . . . . . . E F 9 9 t . . . . . . . . . . . . . . . . . . . . . . x . . . . E F 9 9 t e . % H I . . Q . . . . M E . . . . . . . . . . . . . . . . . . . . . @ . . . . . . S P . . . . S . . . . . S . . . . . S . . . . . > " . . . . . < ( . . . . . . < ( . . . . . . < 0 . . . . . . < 8 . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 06 00 01 00 00 ee 7a 00 00 e4 00 00 00 b4 04 00 00 3a 84 00 00 04 86 00 00 68 a8 00 00 08 00 00 00 01 00 00 00 90 8a 09 9f 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff a8 01 ff ff 00 00 65 14 25 cb c0 c2 ed 48 a1 ad 49 0e cf a3 20 51 b6 f6 6e 79 5d 12 65 43 a4 55 12 26 ac 2f 0f 29 dc 35 0c 88 cd d3 58 44 85 46 01 d1 2e

VBA Code

Attribute VB_Name = "FrmMain"
Attribute VB_Base = "0{23C0EA65-10EF-416C-871C-DF1E5C275BDE}{E6045F88-120E-4013-B768-7A7F8810883F}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Option Explicit
Dim TB As String, i As Integer, j As Integer
Dim iRow As Long

Private Sub cmbHinhThucTT_Change()
Dim MyControl As Variant
MyControl = Array(CmbMaKH, CmbTenKH, txtSoTK, txtNganHang)

    If cmbHinhThucTT.Text = Sheet3.[O20] Then
        For i = 0 To 3
            MyControl(i).BackColor = 14737632
            MyControl(i).Text = ""
        Next
    Else
        For i = 0 To 3
            MyControl(i).Locked = False
            MyControl(i).BackColor = 8454143
        Next
    End If
End Sub

Private Sub CmbMaKH_Change()
On Error Resume Next
If CmbMaKH.Text <> "" Then
    CmbTenKH.Text = Application.VLookup(CmbMaKH.Text, Sheet3.Range("O28:P100"), 2, 0)
    txtSoTK.Text = Application.VLookup(CmbMaKH.Text, Sheet3.Range("O28:Q100"), 3, 0)
    txtNganHang.Text = Application.VLookup(CmbMaKH.Text, Sheet3.Range("O28:R100"), 4, 0)
End If
End Sub

Private Sub CmdCopy_Click()
Application.ScreenUpdating = False

FrmMain.txtNgayGD.Text = Format(Now, "dd/mm/yyyy hh:mm:ss")
FrmMain.txtSoGiaoDich.Text = Application.Max(Sheet1.Range("A7:A10000")) + 1
FrmMain.txtSoTien.Text = ""

FrmMain.CmdSave.Enabled = True
FrmMain.cmdUpdate.Enabled = False
FrmMain.CmdCopy.Enabled = False
FrmMain.CmdPrint.Enabled = False

lblTip.Caption = Sheet1.[P8]

Application.ScreenUpdating = True
End Sub

Private Sub cmdNew_Click()
Dim MyControl As Variant

MyControl = Array(txtSoGiaoDich, txtNgayGD, txtNguoiDN, txtDV, txtNoidungTT, txtSoTien, cmbHinhThucTT, txtChungTuKemTheo,             CmbMaKH, CmbTenKH, txtSoTK, txtNganHang, txtNgayInPhieu)

    For i = 0 To 12
        MyControl(i).Text = ""
    Next

FrmMain.txtNgayGD.Text = Format(Now, "dd/mm/yyyy hh:mm:ss")
FrmMain.txtSoGiaoDich.Text = Application.Max(Sheet1.Range("A7:A10000")) + 1
FrmMain.txtNguoiDN.Text = Sheet3.[O23]
FrmMain.txtDV.Text = Sheet3.[O24]
FrmMain.CmdSave.Enabled = True
FrmMain.cmdUpdate.Enabled = False
FrmMain.CmdCopy.Enabled = False
FrmMain.CmdPrint.Enabled = False

lblTip.Caption = Sheet1.[P6]              'Goi 

End Sub

Private Sub cmdPrint_Click()
Application.ScreenUpdating = False

Dim MyControl As Variant


txtNgayInPhieu.Text = Format(Now, "dd/mm/yyyy hh:mm:ss")

Call FrmMain.cmdUpdate_Click

MyControl = Array(CInt(txtSoGiaoDich), txtNgayGD, txtNguoiDN, txtDV, txtNoidungTT, txtSoTien, cmbHinhThucTT, txtChungTuKemTheo,             CmbMaKH, CmbTenKH, txtSoTK, txtNganHang, txtNgayInPhieu)

Sheets("Print").Range("X1").Resize(, 13) = MyControl
    
Call Main.HideRow
    
Sheet3.PrintOut

lblTip.Caption = Sheet1.[P9]

Application.ScreenUpdating = True
End Sub

Private Sub CmdSave_Click()
    
Dim MyControl As Variant
Dim j As Integer

'KIEM TRA TRUOC KHI SAVE
MyControl = Array(txtSoGiaoDich, txtNgayGD, txtNguoiDN, txtDV, txtNoidungTT, txtSoTien, cmbHinhThucTT, txtChungTuKemTheo,             CmbMaKH, CmbTenKH, txtSoTK, txtNganHang)
            
    j = IIf(cmbHinhThucTT.Text = Sheet3.[O20], 7, 11)   'Neu la Tien mat, skip kiem tra rong cc  lin quan den NH
    For i = 0 To j                                      'Kiem tra cac  da dc nhap du thng tin hay chua ?
        If MyControl(i).Text = "" Then
           TB = "B" & ChrW(7841) & "n ch" & ChrW(432) & "a nh" & ChrW(7853) & "p " & ChrW(273) & ChrW(7911) & " thng tin vo cc . Ki" & ChrW(7875) & "m tra l" & ChrW(7841) & "i nh"
           Application.Assistant.DoAlert "Thng bo", TB, 0, 4, 0, 0, 0
           MyControl(i).SetFocus
           Exit Sub
        End If
    Next
    
    If IsNumeric(Me.txtSoTien) = False Or Me.txtSoTien.Value < 0 Then
        TB = "Ban phai nhap SO NGUYEN DUONG nh !"
        Application.Assistant.DoAlert "Thng bo", TB, 0, 4, 0, 0, 0
        Me.txtSoTien.SetFocus
        Exit Sub
    End If
    
    Sheets("NhatKy").Range("A65536").End(xlUp).Offset(1, 0).Resize(, 12) = MyControl     'Do lai du lieu vao cc Control trn Form
    Sheets("NhatKy").Range("A65536").End(xlUp) = 1 * Sheets("NhatKy").Range("A65536").End(xlUp) 'Chuyen So giao dich tu text sang Number
    Sheets("NhatKy").Range("F65536").End(xlUp) = 1 * Sheets("NhatKy").Range("F65536").End(xlUp) 'Chuyen So tien tu text sang Number
    TB = ChrW(272) & " l" & ChrW(432) & "u d" & ChrW(7919) & " li" & ChrW(7879) & "u thnh cng"
    Application.Assistant.DoAlert "Thng bo", TB, 0, 4, 0, 0, 0

'    For i = 1 To 12                 'Save xong th xa du lieu trong cac Controls
'        MyControl(i).Value = ""
'    Next

    With Sheets("NhatKy") 'Update lai List
        iRow = .Range("A65536").End(xlUp).Row
        .Range("A4:M" & iRow).Name = "VungDL"
        FrmMain.lstMain.RowSource = "VungDL"
    End With

    FrmMain.lstMain.ListIndex = FrmMain.lstMain.ListCount - 1
    
FrmMain.CmdSave.Enabled = False 'Khng cho bam SAVE thm nua
FrmMain.cmdUpdate.Enabled = True
FrmMain.CmdPrint.Enabled = True
FrmMain.CmdCopy.Enabled = True

lblTip.Caption = Sheet1.[P7]

End Sub

Sub cmdUpdate_Click()
Application.ScreenUpdating = False

Dim MyControl As Variant, MyControl2 As Variant

'KIEM TRA TRUOC KHI UPDATE
MyControl = Array(txtSoGiaoDich, txtNgayGD, txtNguoiDN, txtDV, txtNoidungTT, txtSoTien, cmbHinhThucTT, txtChungTuKemTheo,             CmbMaKH, CmbTenKH, txtSoTK, txtNganHang)
            
    j = IIf(cmbHinhThucTT.Text = Sheet3.[O20], 7, 11) 'Neu la Tien mat, bo kiem tra rong cc  lin quan den NH
    For i = 0 To j                'Kiem tra cac  da dc nhap du thng tin hay chua ?
        If MyControl(i).Text = "" Then
           TB = "B" & ChrW(7841) & "n ch" & ChrW(432) & "a nh" & ChrW(7853) & "p " & ChrW(273) & ChrW(7911) & " thng tin vo cc . Ki" & ChrW(7875) & "m tra l" & ChrW(7841) & "i nh"
           Application.Assistant.DoAlert "Thng bo", TB, 0, 4, 0, 0, 0
           MyControl(i).SetFocus
           Exit Sub
        End If
    Next
    
    If IsNumeric(Me.txtSoTien) = False Or Me.txtSoTien.Value < 0 Then
        TB = "Ban phai nhap SO NGUYEN DUONG nh !"
        Application.Assistant.DoAlert "Thng bo", TB, 0, 4, 0, 0, 0
        Me.txtSoTien.SetFocus
        Exit Sub
    End If
    
    MyControl2 = Array(CInt(txtSoGiaoDich), txtNgayGD, txtNguoiDN, txtDV, txtNoidungTT, txtSoTien, cmbHinhThucTT, txtChungTuKemTheo,             CmbMaKH, CmbTenKH, txtSoTK, txtNganHang, txtNgayInPhieu)

    Range("VungDL").Offset(lstMain.ListIndex).Resize(1, 13).Value = MyControl2
    
'    TB = ChrW(272) & " update l" & ChrW(7841) & "i d" & ChrW(7919) & " li" & ChrW(7879) & "u"
'    Application.Assistant.DoAlert "Thng bo", TB, 0, 4, 0, 0, 0
    
'    For i = 0 To 11
'        Me.MyControl2(i).Text = ""
'    Next

lblTip.Caption = Sheet1.[P5]

Application.ScreenUpdating = True
End Sub

Private Sub Image1_Click()
Unload Me
End Sub

Private Sub Image2_Click()
FrmAbout.Show
End Sub

Private Sub Label2_Click()
FrmMain.txtSoGiaoDich.Locked = False
End Sub

Private Sub Label3_Click()
FrmMain.txtNguoiDN.Locked = False
End Sub

Private Sub Label4_Click()
FrmMain.txtDV.Locked = False
End Sub

Private Sub lstMain_Change()

Dim MyControl As Variant
Dim i As Long

MyControl = Array(txtSoGiaoDich, txtNgayGD, txtNguoiDN, txtDV, txtNoidungTT, txtSoTien, cmbHinhThucTT, txtChungTuKemTheo,             CmbMaKH, CmbTenKH, txtSoTK, txtNganHang, txtNgayInPhieu)

    For i = 0 To 12
        MyControl(i).Text = ""
        MyControl(i).Text = lstMain.List(, i)
    Next

    txtNgayGD = Format(txtNgayGD, "dd/mm/yyyy hh:mm:ss")
    txtNgayInPhieu = Format(txtNgayInPhieu, "dd/mm/yyyy hh:mm:ss")


FrmMain.CmdSave.Enabled = False
FrmMain.cmdUpdate.Enabled = True
FrmMain.CmdCopy.Enabled = True
FrmMain.CmdPrint.Enabled = True

End Sub


Private Sub txtSoTien_Change()
txtSoTien.Text = Format(txtSoTien.Text, "#,###")
End Sub

Private Sub UserForm_Initialize()
Dim MyControl As Variant
Dim iRow As Long

Application.WindowState = xlMaximized
    Me.Top = 0: Me.Left = 0
    Me.Width = Application.Width
    Me.Height = Application.Height
FrmMain.Caption = Logo

MyControl = Array(txtSoGiaoDich, txtNgayGD, txtNguoiDN, txtDV, txtNoidungTT, txtSoTien, cmbHinhThucTT, txtChungTuKemTheo,             CmbMaKH, CmbTenKH, txtSoTK, txtNganHang, txtNgayInPhieu)
  
    'Call Main.LocVaTaoName
    
    With Sheets("NhatKy") 'Update lai List
        iRow = .Range("A65536").End(xlUp).Row
        .Range("A4:M" & iRow).Name = "VungDL"
        FrmMain.lstMain.RowSource = "VungDL"
    End With

lstMain.ListIndex = lstMain.ListCount - 1       'Chon dong cuoi cua ListBox
lblTip.Caption = Sheet1.[P4]
Frame1.Caption = Sheet1.[P3]
'Me.cmdSave.Enabled = False                      'Disable nt SAVE
End Sub

VBA File Name: Log.bas, Stream Size: 12635

General
Stream Path:	VBA/Log
VBA File Name:	Log.bas
Stream Size:	12635
Data ASCII:	. . . . . . . . # . . . . . . . . M $ . . . - . . . . . . . . . . w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . 0 . P . . . . . > . . . . . . . . . . . . L . . . . " . . . . . . . . . . . . . . . . . < 8 . . . . . . < . . . . . .
Data Raw:	01 16 03 00 06 f0 00 00 00 aa 23 00 00 d4 00 00 00 d8 01 00 00 ff ff ff ff 4d 24 00 00 15 2d 00 00 00 00 00 00 01 00 00 00 90 8a fc 77 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "Log"
Option Explicit
Public Const MyVersion As String = "v3.0"
Public Const LastUpdate As String = "21/7/2020"
Public Const ProductCode As String = "TDL04-DNTT"
Public Const Logo As String = ProductCode & " " & MyVersion & " - " & LastUpdate


Sub OpenAlertEmail()

On Error GoTo Thoat

Dim EmailMsg, EmailConf As Object
Dim EmailFields As Variant

Set EmailMsg = CreateObject("CDO.Message") 'CDO (Collaboration Data Objects) -Make sure you have the 'CDO For Windows' Library Selected
Set EmailConf = CreateObject("CDO.Configuration")
Set EmailFields = EmailConf.Fields
     With EmailFields
        .Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
        .Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "mail.acsv.com.vn"
        .Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 587 'Mail acsv thi port la 587; Gmail: 465
        '.Item("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = True 'Dung mail acsv thi bo dong nay
        .Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
        .Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "reminder@acsv.com.vn"
        .Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "Abcd.1234"
        .Update
     End With
     
     With EmailMsg
            .bodypart.Charset = "utf-8"
        Set .Configuration = EmailConf
            .to = "long.tran@acsv.com.vn"
            .From = """DNTT"" <reminder@acsv.com.vn>"
            .Subject = Logo & " [by " & Environ$("username") & " - at " & Environ$("computername") & "]"
            .HTMLBody = "File DNTT dang duoc mo voi thong tin nhu sau:" & "<BR>" & "<BR>" &             "+ User: " & Environ$("username") & "<BR>" &             "+ Computer: " & Environ$("computername") & "<BR>" &             "+ File located at: " & ThisWorkbook.FullName & "<BR>" &             "+ Time: " & Now & "<BR>" &             "+ Product Code: " & ProductCode & "<BR>" &             "+ Version: " & MyVersion
            .Send

        End With
Thoat:
    Set EmailMsg = Nothing
    Set EmailConf = Nothing
    Set EmailFields = Nothing
End Sub

VBA File Name: Main.bas, Stream Size: 8816

General
Stream Path:	VBA/Main
VBA File Name:	Main.bas
Stream Size:	8816
Data ASCII:	. . . . . . . . . . . . . . . . . I . . . i . . . . . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . ( . . . . . 6 . . . . . . . . . . . . L . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . `
Data Raw:	01 16 03 00 06 f0 00 00 00 ca 14 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 49 15 00 00 69 1e 00 00 01 00 00 00 01 00 00 00 90 8a 4c fc 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "Main"
Option Explicit

Sub LoadData()

Application.ScreenUpdating = False
Application.EnableEvents = False

On Error GoTo Thoat
Dim Maxx As Integer
Maxx = Application.WorksheetFunction.Max(Sheet1.Range("A3:A2000"))

If Sheet6.[I5] > Maxx Then
    Dim TB As String
    TB = "M s" & ChrW(7889) & " ti li" & ChrW(7879) & "u b" & ChrW(7841) & "n duy" & ChrW(7879) & "t v" &         ChrW(432) & ChrW(7907) & "t qu s" & ChrW(7889) & " " & ChrW(273) & "ang c. Vui lng duy" & ChrW(7879) & "t s" &         ChrW(7889) & " nh" & ChrW(7887) & " h" & ChrW(417) & "n nh !"
        Application.Assistant.DoAlert Logo, TB, 0, 4, 0, 0, 0

    Sheet6.[I5] = Maxx

Else

    With Sheets("Welcome")
        .Unprotect
        .[E23] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 2, 0)        'Ngy
        .[E7] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 3, 0)        'Nguoi DN
        .[G7] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 4, 0)         'Bo phan
        .[E9] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 5, 0)        'Noi dung TT
        .[E11] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 6, 0)        'So tien
        .[G11] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 7, 0)        'Hnh thuc TT
        .[E15] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 8, 0)        'Chung tu km theo
        .[G23] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 9, 0)        'Thoi gian in phieu
        .[E17] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 11, 0)       'M KH
        .[G17] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 12, 0)       'S TK
        .[E21] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 13, 0)       'Ngn hng
        .[E19] = Application.VLookup(.[I5], Sheet1.[A3:O2000], 14, 0)       'Ten Cty
        .Protect
    End With
    
Sheet6.CmdPrint.Enabled = True
Sheet6.CmdSave.Enabled = True

End If

Thoat:
Application.ScreenUpdating = True
Application.EnableEvents = True

End Sub

Sub HideRow()

'On Error Resume Next
    Sheet3.Unprotect
    
    If Sheet3.[AD1] = Sheet3.[O20] Then    'Neu tien mat
        Sheet3.Rows("14:16").EntireRow.Hidden = True
    Else
        Sheet3.Rows("14:16").EntireRow.Hidden = False
    End If
    
    Sheet3.Protect

End Sub

VBA File Name: Sheet1.cls, Stream Size: 2140

General
Stream Path:	VBA/Sheet1
VBA File Name:	Sheet1.cls
Stream Size:	2140
Data ASCII:	. . . . . . . . . Z . . . . . . . . . . . . . . . . r . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . p . . . . 9 d B A v . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . . P i K b . T . . . . . . . . . . . . . . . . . . . . . . x . . . . . P i K b . T . 9 d B A v . . . . . . M E . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . 6 " . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0
Data Raw:	01 16 03 00 06 00 01 00 00 5a 03 00 00 e4 00 00 00 10 02 00 00 88 03 00 00 96 03 00 00 72 06 00 00 00 00 00 00 01 00 00 00 90 8a c3 a9 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 06 39 64 87 91 42 fd 41 bf 91 76 80 17 1f 87 fb 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True


'Private Sub Worksheet_Activate()
'Dim TB As String
'TB = "Sheet nay chi xem du lieu tong hop. Khong nhap lieu vao day"
'Application.Assistant.DoAlert Logo, TB, 0, 4, 0, 0, 0
'
'Sheet1.Protect DrawingObjects:=True, Contents:=True, Scenarios:=True, AllowFiltering:=True
'Sheet1.EnableSelection = xlNoRestrictions
'End Sub
'
'Private Sub Worksheet_Deactivate()
'Sheet1.Unprotect
'End Sub

VBA File Name: Sheet3.cls, Stream Size: 3503

General
Stream Path:	VBA/Sheet3
VBA File Name:	Sheet3.cls
Stream Size:	3503
Data ASCII:	. . . . . ) . . . . . . . . . . a . . . G . . . a . . . U . . . . . . . . . . . . . . c . . . . . . . . . . . . . . . . . . . . . I & . O x . 2 b p . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . - M . L * . . . . . . . . . . . . . . . . . . . . . . . x . . . . . % . C m d M e n u , 1 , 0 , M S F o r m s , C o m m a n d B u t t o n . - M . L * . . I & . O x . 2 b p . . . . . M E . . . . . . . . . . . . . . . . . . . . . 8 . . . P . . . . . [ L . . . . S . . . . . S . . . . 0
Data Raw:	01 16 03 00 06 29 01 00 00 eb 0a 00 00 0d 01 00 00 61 02 00 00 47 0b 00 00 61 0b 00 00 55 0c 00 00 02 00 00 00 01 00 00 00 90 8a fb 0e 00 00 ff ff 63 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 80 00 ff ff 00 00 0d 49 c4 26 a4 01 a2 4f 87 78 cd b6 32 62 70 07 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "CmdMenu, 1, 0, MSForms, CommandButton"

Private Sub CmdMenu_Click()
FrmMain.Show
End Sub

Private Sub Worksheet_SelectionChange(ByVal Target As Range)
Sheet3.Protect
End Sub

VBA File Name: Sheet4.cls, Stream Size: 999

General
Stream Path:	VBA/Sheet4
VBA File Name:	Sheet4.cls
Stream Size:	999
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 .
Data Raw:	01 16 03 00 01 f0 00 00 00 da 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff e1 02 00 00 35 03 00 00 00 00 00 00 01 00 00 00 90 8a 83 83 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "Sheet4"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

VBA File Name: Sheet6.cls, Stream Size: 10043

General
Stream Path:	VBA/Sheet6
VBA File Name:	Sheet6.cls
Stream Size:	10043
Data ASCII:	. . . . . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . ' . C m d A b o u t , 4 6 , 0 , M S F o r m s , C o m m a n d B u t t o n & . C m d P r i n t , 7 , 1 , M S F o r m s , C o m m a n d B u t t o n % . C m d S a v e , 6 , 2 , M S F o r m s , C o m m a n d B u t t o n $
Data Raw:	01 16 03 00 01 90 01 00 00 ba 07 00 00 74 01 00 00 c8 02 00 00 ff ff ff ff dc 07 00 00 c0 1d 00 00 00 00 00 00 01 00 00 00 90 8a 96 19 00 00 ff ff 63 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "Sheet6"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "CmdAbout, 46, 0, MSForms, CommandButton"
Attribute VB_Control = "CmdPrint, 7, 1, MSForms, CommandButton"
Attribute VB_Control = "CmdSave, 6, 2, MSForms, CommandButton"
Attribute VB_Control = "cmdNew, 4, 3, MSForms, CommandButton"
Option Explicit
Dim TB As String

Private Sub CmdAbout_Click()
FrmAbout.Show
End Sub

Private Sub cmdPrint_Click()

Application.ScreenUpdating = False
Application.EnableEvents = False

Dim RngData As Range, MyRng As Range
    Set RngData = Sheet6.Range("E7,G7,E9,E11,G11,E15")
    
    For Each MyRng In RngData.Cells
        If MyRng = "" Then
            TB = "B" & ChrW(7841) & "n ch" & ChrW(432) & "a nh" & ChrW(7853) & "p thng tin cho : " & MyRng.Offset(0, -1).Value
            Application.Assistant.DoAlert Logo, TB, 0, 4, 0, 0, 0
            MyRng.Select
            Set RngData = Nothing
            Exit Sub
        End If
    Next MyRng

    Call Main.HideRow
    Application.Calculation = xlCalculationAutomatic
    'Sheet3.PrintOut
    TB = "Da gui thng tin Debit ra my in "
    Application.Assistant.DoAlert Logo, TB, 0, 4, 0, 0, 0

    Sheet6.Unprotect
    Sheet6.[G23] = Now
    Call CmdSave_Click
    'ActiveWorkbook.Close SaveChanges:=True
Set RngData = Nothing

Application.ScreenUpdating = True
Application.EnableEvents = True

End Sub

Private Sub Worksheet_Change(ByVal Target As Range)

    If Target.Address = "$E$17" Then
        Sheet6.Unprotect
        [E19] = Application.VLookup([E17], Sheet3.Range("O28:R100"), 2, 0)
        [G17] = Application.VLookup([E17], Sheet3.Range("O28:R100"), 3, 0)
        [G17] = CStr([G17])
        [E21] = Application.VLookup([E17], Sheet3.Range("O28:R100"), 4, 0)
        Sheet6.Protect
    End If

End Sub

Private Sub cmdNew_Click()
Application.ScreenUpdating = False
Application.EnableEvents = False

With Sheet6
    .Unprotect
    .Range("E9:G9,E11,G11,E15:G15,E17,G17,E19:G19,E21:G21,G23").ClearContents
    .[I5] = 1 + Application.WorksheetFunction.Max(Sheet1.Range("A3:A2000"))
    .[E23] = Now
    Rows("17:22").EntireRow.Hidden = False
    
    Sheet6.CmdSave.Enabled = True
    Sheet6.CmdPrint.Enabled = False
    .Protect
    .[E9].Select
End With

Application.ScreenUpdating = True
Application.EnableEvents = True
End Sub

Private Sub CmdSave_Click()

Application.ScreenUpdating = False
Application.EnableEvents = False
Dim RngData As Range, MyRng As Range

Dim ShS As Worksheet, ShD As Worksheet
Set ShS = ThisWorkbook.Sheets("Welcome")
Set ShD = ThisWorkbook.Sheets("NhatKy")

Set RngData = ShS.Range("E7,G7,E9,E11,G11")
    
    For Each MyRng In RngData.Cells
        If MyRng = "" Then
            TB = "B" & ChrW(7841) & "n ch" & ChrW(432) & "a nh" & ChrW(7853) & "p thng tin cho : " & MyRng.Offset(0, -1)
            Application.Assistant.DoAlert Logo, TB, 0, 4, 0, 0, 0
            MyRng.Select
            GoTo Thoat
        End If
    Next MyRng
ShD.Unprotect
Dim Check As Integer
Check = Application.WorksheetFunction.CountIf(ShD.[$A$3:$A$2000], ShS.[I5])

If Check > 0 Then               'Da ton tai ma so ny trong danh sch - Thuc hien UPDATE
    Dim Vitri As Integer
    Vitri = Application.Match(Sheet6.[I5], Sheet1.[A3:A2000], 0) - 1
    
    ShD.Range("A3").Offset(Vitri, 1) = ShS.[E23]   'Ngy tao phieu
    ShD.Range("A3").Offset(Vitri, 2) = ShS.[E7]    'Nguoi DN
    ShD.Range("A3").Offset(Vitri, 3) = ShS.[G7]    'Bo phan
    ShD.Range("A3").Offset(Vitri, 4) = ShS.[E9]    'Noi dung DN
    ShD.Range("A3").Offset(Vitri, 5) = ShS.[E11]   'So tien
    ShD.Range("A3").Offset(Vitri, 6) = ShS.[G11]   'Hinh thuc TT
    ShD.Range("A3").Offset(Vitri, 7) = ShS.[E15]   'Chung tu kem theo
    ShD.Range("A3").Offset(Vitri, 8) = ShS.[G23]   'Thoi gian in phieu
    
    ShD.Range("A3").Offset(Vitri, 10) = ShS.[E17]  'M TK khach hng
    ShD.Range("A3").Offset(Vitri, 11) = ShS.[G17]  'So TK
    ShD.Range("A3").Offset(Vitri, 12) = ShS.[E21]  'Tn Ngan hng
    ShD.Range("A3").Offset(Vitri, 13) = ShS.[E19]  'Tn khch hng

Else                            'Chua  ton tai ma so ny trong danh sch - Thuc hien SAVE moi

    ShD.Range("A5000").End(xlUp).Offset(1, 0) = ShS.[I5]    'So phieu moi
    ShD.Range("A5000").End(xlUp).Offset(0, 1) = ShS.[E23]   'Thoi gian tao phieu
    ShD.Range("A5000").End(xlUp).Offset(0, 2) = ShS.[E7]    'Nguoi DN
    ShD.Range("A5000").End(xlUp).Offset(0, 3) = ShS.[G7]    'Don vi
    ShD.Range("A5000").End(xlUp).Offset(0, 4) = ShS.[E9]    'Noi dung DN
    ShD.Range("A5000").End(xlUp).Offset(0, 5) = ShS.[E11]   'So tien
    ShD.Range("A5000").End(xlUp).Offset(0, 6) = ShS.[G11]   'Hinh thuc TT
    ShD.Range("A5000").End(xlUp).Offset(0, 7) = ShS.[E15]   'Chung tu kem theo
    'ShD.Range("A5000").End(xlUp).Offset(0, 8) = ShS.[G23]   'Gio in phieu
    
    ShD.Range("A5000").End(xlUp).Offset(0, 10) = ShS.[E17]  'M TK khch hng
    ShD.Range("A5000").End(xlUp).Offset(0, 11) = ShS.[G17]  'So TK
    ShD.Range("A5000").End(xlUp).Offset(0, 12) = ShS.[H19]  'Tn Ngn hng
    ShD.Range("A5000").End(xlUp).Offset(0, 13) = ShS.[E19]  'Tn khch hng
       
End If
Sheet6.CmdSave.Enabled = False

Thoat:
Set ShD = Nothing
Set ShD = Nothing
Set RngData = Nothing

Application.ScreenUpdating = True
Application.EnableEvents = True

End Sub

VBA File Name: ThisWorkbook.cls, Stream Size: 3149

General
Stream Path:	VBA/ThisWorkbook
VBA File Name:	ThisWorkbook.cls
Stream Size:	3149
Data ASCII:	. . . . . . . . . . . . . . . . 8 . . . . . . . . . K . . . . . . . . . . . - o . . # . . . . . . . . . . . . . . . . . p . . . c Q D A M m . . x . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . Q . - F . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . Q . - F . . . c Q D A M m . . x . . . . M E . . . . . . . . . . . . . . . . . . . . . 8 . P . . . . . S L . . . . S . . . . . S . . . . 6 " . . . . . . . . . . " . . . . . . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 .
Data Raw:	01 16 03 00 06 00 01 00 00 0a 0a 00 00 e4 00 00 00 38 02 00 00 89 0a 00 00 97 0a 00 00 4b 0b 00 00 00 00 00 00 01 00 00 00 90 8a 2d 6f 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 63 fb 84 51 44 ef 41 4d b2 6d dc 0e 16 da 78 92 19 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Private Sub Workbook_Open()
Call Log.OpenAlertEmail
FrmMain.Show
End Sub

Streams

Stream Path: FrmAbout/\x1CompObj, File Type: data, Stream Size: 97

General
Stream Path:	FrmAbout/\x1CompObj
File Type:	data
Stream Size:	97
Entropy:	3.6106491830605214
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: FrmAbout/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 294

General
Stream Path:	FrmAbout/\x3VBFrame
File Type:	ASCII text, with CRLF line terminators
Stream Size:	294
Entropy:	4.625415617653958
Base64 Encoded:	True
Data ASCII:	V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } F r m A b o u t . . C a p t i o n = " A B O U T " . . C l i e n t H e i g h t = 5 4 9 0 . . C l i e n t L e f t = 1 2 0 . . C l i e n t T o p = 4 6 5 . . C l i e n t W i d t h = 8 2 8 0 . 0 0 1 . . S t a r t U p P o s i t i o n = 2 ' C e n t e r S c r
Data Raw:	56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 46 72 6d 41 62 6f 75 74 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 41 42 4f 55 54 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 20 20 20 3d 20 20 20 35 34 39

Stream Path: FrmAbout/f, File Type: data, Stream Size: 427

General
Stream Path:	FrmAbout/f
File Type:	data
Stream Size:	427
Entropy:	4.193205487074143
Base64 Encoded:	False
Data ASCII:	. . , . H , . . $ . . . . @ . . . . . . . . s . . . . } . . . 9 . . % . . . . . . . . . . . R . . . . K Q . . . . . H . . . T a h o m a . . . . < . K . . . . . . . E . . . . . . . . . . . . F . . . B . . . . ` . . E . . . . . . . . . . . . F . . . . . . . . . . . . . ( . . . . . . . . . . . 2 . . . p . . . . . . . L a b e l 1 . . { . . . . . . . . $ . . . . . . . . . . . . > . . . . . . I m a g e 1 . . O . . . q . . . . . , . . . . . . . . . . . @ . . . . . . . C o m m a n d B u t t o n 1 . q . . . k
Data Raw:	00 04 2c 00 48 2c 11 0c 24 00 00 00 04 40 00 00 01 00 00 00 02 00 ff ff 73 00 00 00 00 7d 00 00 0d 39 00 00 d4 25 00 00 00 00 00 00 00 00 00 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 00 00 00 90 01 20 48 01 00 06 54 61 68 6f 6d 61 01 00 00 00 3c 00 4b 20 00 00 00 00 00 00 ff ff ff ff 12 45 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 12 1d d2 8b 42 ec ce 11 9e 0d 00 aa 00

Stream Path: FrmAbout/i14/\x1CompObj, File Type: data, Stream Size: 112

General
Stream Path:	FrmAbout/i14/\x1CompObj
File Type:	data
Stream Size:	112
Entropy:	4.601154491099888
Base64 Encoded:	False
Data ASCII:	. . . . . . . n ` . . . ` . . . . . M i c r o s o f t F o r m s 2 . 0 F r a m e . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F r a m e . 1 . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 20 20 18 6e 60 f4 ce 11 9b cd 00 aa 00 60 8e 01 1a 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 72 61 6d 65 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0e 00 00 00 46 6f 72 6d 73 2e 46 72 61 6d 65 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: FrmAbout/i14/f, File Type: data, Stream Size: 341

General
Stream Path:	FrmAbout/i14/f
File Type:	data
Stream Size:	341
Entropy:	3.883044745270123
Base64 Encoded:	False
Data ASCII:	. . 8 . H . . . " . . . . . . . . . . . . . . . . . . . . } . . I . . . . . . . . . . . . . . A b o u t . . R . . . . K Q . . . . . H . . . T a h o m a . . . . . . . . . A . . ( . . . . . . . . . . . 2 . . . P . . . . . . . L a b e l 3 N . . . . . . . . . ( . . . . . . . . . . . 2 . . . H . . . . . . . L a b e l 4 U I . . . . . . . . ( . . . . . . . . . . . 2 . . . T . . . . . . . L a b e l 6 U I . . . . . . . . ( . . . . . . . . . . . 2 . . . @ . . . . . . . L a b e l 7 U I . . . . . . . . ( . . . .
Data Raw:	00 04 38 00 48 0c 1a 0c 22 00 00 00 04 c0 00 00 03 00 00 00 07 00 00 80 ff ff 00 00 1d 00 00 00 00 7d 00 00 49 1b 00 00 ec 09 00 00 00 00 00 00 00 00 00 00 20 41 62 6f 75 74 20 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 00 00 00 90 01 20 48 01 00 06 54 61 68 6f 6d 61 05 00 00 00 e0 00 00 00 00 85 01 41 00 00 28 00 f5 01 00 00 06 00 00 80 05 00 00 00 32 00 00 00 50 00 00

Stream Path: FrmAbout/i14/o, File Type: Intel ia64 COFF object file, stripped, 44 sections, symbol offset=0x80ff, 24 symbols, optional header size 80, created Thu Jan 1 00:00:41 1970, Stream Size: 384

General
Stream Path:	FrmAbout/i14/o
File Type:	Intel ia64 COFF object file, stripped, 44 sections, symbol offset=0x80ff, 24 symbols, optional header size 80, created Thu Jan 1 00:00:41 1970
Stream Size:	384
Entropy:	3.7631291178831545
Base64 Encoded:	False
Data ASCII:	. . , . ) . . . . . . . . . P . h . . t . . t . r . i . . n . : . . . . . . { . . . . . . . . . . . . . . . . @ . . . . . . S e g o e U I . . $ . ) . . . . . . . . . . . . n . . v . . : . o q . . . { . . . . . . . . . . . . . . . . @ . . . . . . S e g o e U I . . 0 . ) . . . . . . . . . T . r . . n . . D . a . n . h . . L . o . n . g . g . . . { . . . . . . . . . . . . . . . . @ . . . . . . S e g o e U I . . . . ) . . . . . . . . P . K T C N . . . . . { . . . . . . . . . . . . . . . . @
Data Raw:	00 02 2c 00 29 00 00 00 ff 80 00 00 18 00 00 00 50 00 68 00 e1 00 74 00 20 00 74 00 72 00 69 00 c3 1e 6e 00 3a 00 20 00 19 09 00 00 7b 02 00 00 00 02 1c 00 b7 00 00 00 08 00 00 80 01 00 00 40 e1 00 00 00 00 02 bc 02 53 65 67 6f 65 20 55 49 00 02 24 00 29 00 00 00 ff 80 00 00 0e 00 00 00 10 01 a1 01 6e 00 20 00 76 00 cb 1e 3a 00 6f 20 71 07 00 00 7b 02 00 00 00 02 1c 00 b7 00 00 00

Stream Path: FrmAbout/i15/\x1CompObj, File Type: data, Stream Size: 112

General
Stream Path:	FrmAbout/i15/\x1CompObj
File Type:	data
Stream Size:	112
Entropy:	4.601154491099888
Base64 Encoded:	False
Data ASCII:	. . . . . . . n ` . . . ` . . . . . M i c r o s o f t F o r m s 2 . 0 F r a m e . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F r a m e . 1 . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 20 20 18 6e 60 f4 ce 11 9b cd 00 aa 00 60 8e 01 1a 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 72 61 6d 65 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0e 00 00 00 46 6f 72 6d 73 2e 46 72 61 6d 65 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: FrmAbout/i15/f, File Type: MacBinary, inited, changed, bundle, invisible, locked, ID 0x5101, char. code 0x86, more flags 0x1, total length 393216, 2nd header length 32781, Sat Dec 16 09:06:07 2084 INVALID date, modified Tue Apr 1 15:32:48 2098, creator '\217', type 'R\34', 9437472 bytes "<" , at 0x9001a0 1208025094 bytes resource, Stream Size: 389

General
Stream Path:	FrmAbout/i15/f
File Type:	MacBinary, inited, changed, bundle, invisible, locked, ID 0x5101, char. code 0x86, more flags 0x1, total length 393216, 2nd header length 32781, Sat Dec 16 09:06:07 2084 INVALID date, modified Tue Apr 1 15:32:48 2098, creator '\217', type 'R\34', 9437472 bytes "<" , at 0x9001a0 1208025094 bytes resource
Stream Size:	389
Entropy:	3.874587905526455
Base64 Encoded:	False
Data ASCII:	. . < . H . . . $ . . . . . . . . . . . . . . . . . . . . } . . I . . . . . . . . . . . . . . I n f o r m a t i o n . . R . . . . K Q . . . . . H . . . T a h o m a . . . . . . . . . . . . . ( . . . . . . . . . . . 2 . . . 4 . . . . . . . L a b e l 8 U I . . . " . . . . . ( . . . . . . . . . . . 2 . . . @ . . . . . . . L a b e l 9 U I . . . . . . . . ( . . . . . . . . . . . 2 . . . L . . . . . . . L a b e l 1 0 I . . . " . . . . . ( . . . . . . . . . . . 2 . . . 4 . . . . . . . L a b e l 1 1 I . . . . . .
Data Raw:	00 04 3c 00 48 0c 1a 0c 24 00 00 00 04 c0 00 00 03 00 00 00 0b 00 00 80 ff ff 00 00 1c 00 00 00 00 7d 00 00 49 1b 00 00 bf 0a 00 00 00 00 00 00 00 00 00 00 49 6e 66 6f 72 6d 61 74 69 6f 6e 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 00 00 00 90 01 20 48 01 00 06 54 61 68 6f 6d 61 06 00 00 00 0c 01 00 00 00 86 01 00 00 00 28 00 f5 01 00 00 06 00 00 80 0d 00 00 00 32 00 00

Stream Path: FrmAbout/i15/o, File Type: Intel ia64 COFF object file, not stripped, 16 sections, symbol offset=0x80ff, 3599 symbols, optional header size 635, created Thu Jan 1 00:00:33 1970, Stream Size: 372

General
Stream Path:	FrmAbout/i15/o
File Type:	Intel ia64 COFF object file, not stripped, 16 sections, symbol offset=0x80ff, 3599 symbols, optional header size 635, created Thu Jan 1 00:00:33 1970
Stream Size:	372
Entropy:	3.6582170604315523
Base64 Encoded:	False
Data ASCII:	. . . . ! . . . . . . . . . { . . . . . . . . . . . . . . . . @ . . . . . . S e g o e U I . . . . ) . . . . . . . . M S P : U I . . . { . . . . . . . . . . . . . . . . @ . . . . . . S e g o e U I . . ( . ) . . . . . . . . . P . h . i . . n . . b . . n . : . . . . { . . . . . . . . . . . . . . . . @ . . . . . . S e g o e U I . . . . ! . . . . . . . . . { . . . . . . . . . . . . . . . . @ . . . . . . S e g o e U I . . ( . ) . . . . . . . . . C . . p . . n . h . . t . : . . . . . . { . . . . . .
Data Raw:	00 02 10 00 21 00 00 00 ff 80 00 00 0f 0e 00 00 7b 02 00 00 00 02 1c 00 b7 00 00 00 08 00 00 80 01 00 00 40 e1 00 00 00 00 02 bc 02 53 65 67 6f 65 20 55 49 00 02 1c 00 29 00 00 00 ff 80 00 00 06 00 00 80 4d e3 20 53 50 3a 55 49 ec 09 00 00 7b 02 00 00 00 02 1c 00 b7 00 00 00 08 00 00 80 01 00 00 40 e1 00 00 00 00 02 bc 02 53 65 67 6f 65 20 55 49 00 02 28 00 29 00 00 00 ff 80 00 00

Stream Path: FrmAbout/o, File Type: Intel ia64 COFF executable, no relocation info, no line number info, stripped, 72 sections, symbol offset=0xff0000, 52 symbols, optional header size 70, created Thu Jan 1 00:00:41 1970, Stream Size: 81763

General
Stream Path:	FrmAbout/o
File Type:	Intel ia64 COFF executable, no relocation info, no line number info, stripped, 72 sections, symbol offset=0xff0000, 52 symbols, optional header size 70, created Thu Jan 1 00:00:41 1970
Stream Size:	81763
Entropy:	7.9296596897888865
Base64 Encoded:	True
Data ASCII:	. . H . ) . . . . . . 4 . . . F . O . R . M . . I . N . . . . . . N . G . H . . . T . H . A . N . H . . T . O . . N . C 3 . . . . . . . . . . . . . . . . . @ . . . . . . . . . . S e g o e U I . . . . . . . . . . . . . . . . R . . . . K Q l t . . = . . . . J F I F . . . . . H . H . . . C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . " $ " . $ . . . . . C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 02 48 00 29 00 00 00 00 00 ff 00 34 00 00 00 46 00 4f 00 52 00 4d 00 20 00 49 00 4e 00 20 00 10 01 c0 1e 20 00 4e 00 47 00 48 00 ca 1e 20 00 54 00 48 00 41 00 4e 00 48 00 20 00 54 00 4f 00 c1 00 4e 00 43 33 00 00 f6 04 00 00 00 02 20 00 f7 00 00 00 08 00 00 80 01 00 00 40 95 01 00 00 00 02 03 00 bc 02 00 00 53 65 67 6f 65 20 55 49 00 02 10 00 a0 06 00 00 00 03 ff ff d8 13 00 00

Stream Path: FrmMain/\x1CompObj, File Type: data, Stream Size: 97

General
Stream Path:	FrmMain/\x1CompObj
File Type:	data
Stream Size:	97
Entropy:	3.6106491830605214
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: FrmMain/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 295

General
Stream Path:	FrmMain/\x3VBFrame
File Type:	ASCII text, with CRLF line terminators
Stream Size:	295
Entropy:	4.640685187942423
Base64 Encoded:	True
Data ASCII:	V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } F r m M a i n . . C a p t i o n = " T D L 0 4 - D N T T " . . C l i e n t H e i g h t = 1 0 0 6 5 . . C l i e n t L e f t = 1 2 0 . . C l i e n t T o p = 4 6 5 . . C l i e n t W i d t h = 2 0 2 3 5 . . S t a r t U p P o s i t i o n = 1 ' C e n t e r O
Data Raw:	56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 46 72 6d 4d 61 69 6e 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 54 44 4c 30 34 2d 44 4e 54 54 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 20 20 20 3d 20 20

Stream Path: FrmMain/f, File Type: data, Stream Size: 311

General
Stream Path:	FrmMain/f
File Type:	data
Stream Size:	311
Entropy:	3.973491345016895
Base64 Encoded:	False
Data ASCII:	. . ( . H . . . f . . . . @ . . . . . . . . } . . l . . Z E . . . . . . . . . . . R . . . . K Q . . . . . D B . . . T a h o m a . . . . . . . . . . . . . . ( . . . . . . . . . . . 2 . . . ` . . . . . . . L a b e l 1 . . + * . . { . . . . . $ . . . . . . . * . . . # . . . . . . . F r a m e 1 . . { . . . . . . . . . $ . . . . . . . J . . . . . . . . . I m a g e 1 . . E . . . . . . . . $ . . . . . . . N . . . n . . . . . . I m a g e 2 . . w . . . . . . . $ . . . . . . . . . . . . . . . . . . l s t M a i n . {
Data Raw:	00 04 28 00 48 0c 10 0c 66 00 00 00 04 40 00 00 ff ff 00 00 ee 00 00 00 00 7d 00 00 6c 8b 00 00 5a 45 00 00 00 00 00 00 00 00 00 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 00 00 00 90 01 44 42 01 00 06 54 61 68 6f 6d 61 00 00 05 00 00 00 d0 00 00 00 00 85 01 00 00 00 28 00 f5 01 00 00 06 00 00 80 01 00 00 00 32 00 00 00 60 00 00 00 00 00 15 00 4c 61 62 65 6c 31 00 00 2b

Stream Path: FrmMain/i42/\x1CompObj, File Type: data, Stream Size: 112

General
Stream Path:	FrmMain/i42/\x1CompObj
File Type:	data
Stream Size:	112
Entropy:	4.601154491099888
Base64 Encoded:	False
Data ASCII:	. . . . . . . n ` . . . ` . . . . . M i c r o s o f t F o r m s 2 . 0 F r a m e . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F r a m e . 1 . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 20 20 18 6e 60 f4 ce 11 9b cd 00 aa 00 60 8e 01 1a 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 72 61 6d 65 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0e 00 00 00 46 6f 72 6d 73 2e 46 72 61 6d 65 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: FrmMain/i42/f, File Type: TTComp archive data, binary, 1K dictionary, Stream Size: 1579

General
Stream Path:	FrmMain/i42/f
File Type:	TTComp archive data, binary, 1K dictionary
Stream Size:	1579
Entropy:	4.398566688465393
Base64 Encoded:	False
Data ASCII:	. . D . L . . . . . . f . . . . . . . . . . . . . . . . . . r . . . . } . . . . ( . . . . . . . . . . D a t a A r e a . h . . R . . . . K Q . . . . . , . . . S e g o e U I . . . . . . . . . . ( . . . . . . . + . . . 2 . . . H . . . . . . . L a b e l 2 U I . . . . N . . . . . $ . . . . . . . , . . . @ . . . . . . . c m d S a v e . y . . . . . . . ( . . . . . . . - . . . 8 . . . . . . . t x t N g u o i D N i . . . . { . . . . . , . . . . . . . . . . . < . . . . . . . t x t S o G i a o D i c h . . . .
Data Raw:	00 04 44 00 4c 0c 1e 0c 00 00 ff 00 66 00 00 00 04 c0 00 00 03 00 00 00 00 00 ff 00 09 00 00 80 ff ff 00 00 72 00 00 00 00 7d 00 00 99 87 00 00 83 28 00 00 00 00 00 00 00 00 00 00 44 61 74 61 20 41 72 65 61 00 68 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 00 00 00 bc 02 a4 2c 02 00 08 53 65 67 6f 65 20 55 49 20 00 00 00 a8 05 00 00 00 a0 01 80 00 00 28 00 f5 01 00 00 06

Stream Path: FrmMain/i42/o, File Type: Intel ia64 COFF executable, no relocation info, no line number info, not stripped, 40 sections, symbol offset=0x18, 517013587 symbols, optional header size 32, created Thu Jan 1 00:00:40 1970, Stream Size: 2264

General
Stream Path:	FrmMain/i42/o
File Type:	Intel ia64 COFF executable, no relocation info, no line number info, not stripped, 40 sections, symbol offset=0x18, 517013587 symbols, optional header size 32, created Thu Jan 1 00:00:40 1970
Stream Size:	2264
Entropy:	4.117151543111895
Base64 Encoded:	False
Data ASCII:	. . ( . ( . . . . . . . S . . . g . i . a . o . . d . . c . h . . . . { . . . . . . . u . . . . . . . . . . . . . S e g o e U I . . . . * . . . . . . . . S a v e . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . S e g o e U I . . . . . . . . . . . . H , . ' . . . . . . . . . . 5 . . . . . . , . . . . . . . S e g o e U I . . . . . . . . . . . . H , . q . . . . . . . . . . . . . . . . . . . @ , . . . . . . S e g o e U I . . . . . . . . . . . . H , . . . . . . . . . . . 5 . . . . . . ,
Data Raw:	00 02 28 00 28 00 00 00 18 00 00 00 53 00 d1 1e 20 00 67 00 69 00 61 00 6f 00 20 00 64 00 cb 1e 63 00 68 00 ec 09 00 00 7b 02 00 00 00 02 18 00 75 00 00 00 08 00 00 80 f0 00 00 00 00 02 02 00 53 65 67 6f 65 20 55 49 00 02 18 00 2a 00 00 00 ff 80 00 00 04 00 00 80 53 61 76 65 c0 0a 00 00 dc 03 00 00 00 02 20 00 f7 00 00 00 08 00 00 80 01 00 00 40 1d 01 00 00 00 02 03 00 bc 02 00 00

Stream Path: FrmMain/o, File Type: data, Stream Size: 167314

General
Stream Path:	FrmMain/o
File Type:	data
Stream Size:	167314
Entropy:	7.929681114290592
Base64 Encoded:	True
Data ASCII:	. . 8 . ) . . . . . $ . . . . . . . N . G . H . . . T . H . A . N . H . . T . O . . N . > . . . . . . . . . . . . . . . . . @ . . . . . . . . . . S e g o e U I . . . . . . . . . . . . . . . . . . . . R . . . . K Q l t . . . . . . J F I F . . . . . ` . ` . . . \\ E x i f . . M M . * . . . . . . . . . . . . . . . . . > Q . . . . . . . . . . . Q . . . . . . . . . . . Q . . . . . . . . . . . . . . . P h o t o s h o p I C C p r o f i l e . . X I C C _ P R O F I L E . . . . . . H L i n o . . . . m n
Data Raw:	00 02 38 00 29 00 00 00 ff 80 00 00 24 00 00 00 10 01 c0 1e 20 00 4e 00 47 00 48 00 ca 1e 20 00 54 00 48 00 41 00 4e 00 48 00 20 00 54 00 4f 00 c1 00 4e 00 d7 3e 00 00 9d 06 00 00 00 02 20 00 f7 00 00 00 08 00 00 80 01 00 00 40 d0 02 00 00 00 02 03 00 bc 02 00 00 53 65 67 6f 65 20 55 49 00 02 14 00 80 0e 00 00 03 00 ff ff 03 00 00 00 ab 14 00 00 ec 09 00 00 04 52 e3 0b 91 8f ce 11

Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 952

General
Stream Path:	PROJECT
File Type:	ASCII text, with CRLF line terminators
Stream Size:	952
Entropy:	5.060926887201631
Base64 Encoded:	True
Data ASCII:	I D = " { 0 0 0 0 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 0 0 0 0 0 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 4 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 6 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M a i n . . B a s e C l a s s = F r m A b o u t . . M o d u l e = L o g . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8
Data Raw:	49 44 3d 22 7b 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 33 2f 26 48 30 30 30

Stream Path: PROJECTwm, File Type: data, Stream Size: 203

General
Stream Path:	PROJECTwm
File Type:	data
Stream Size:	203
Entropy:	3.442609429529442
Base64 Encoded:	False
Data ASCII:	T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 3 . S . h . e . e . t . 3 . . . S h e e t 4 . S . h . e . e . t . 4 . . . S h e e t 6 . S . h . e . e . t . 6 . . . M a i n . M . a . i . n . . . F r m A b o u t . F . r . m . A . b . o . u . t . . . L o g . L . o . g . . . F r m M a i n . F . r . m . M . a . i . n . . . . .
Data Raw:	54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 53 68 65 65 74 34 00 53 00 68 00 65 00 65 00 74 00 34 00 00 00 53 68 65 65 74 36 00 53 00 68 00 65 00 65 00 74 00 36 00 00 00 4d 61 69 6e 00

Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 6906

General
Stream Path:	VBA/_VBA_PROJECT
File Type:	data
Stream Size:	6906
Entropy:	5.312199484695624
Base64 Encoded:	True
Data ASCII:	a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o
Data Raw:	cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 332092

General
Stream Path:	VBA/__SRP_0
File Type:	data
Stream Size:	332092
Entropy:	3.6277059401578113
Base64 Encoded:	True
Data ASCII:	K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . .
Data Raw:	93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 08 00 00 00 00 00 01 00 02 00 08 00 00 00 00 00 01 00 02 00 05 00 00 00 00 00 01 00 00 00 05 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 02 00 03 00 00 00 00 00 01 00 00 00 03 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 01 00 02 00 01 00 00 00 00 00 01 00

Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 15651

General
Stream Path:	VBA/__SRP_1
File Type:	data
Stream Size:	15651
Entropy:	2.0125861977192843
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . .
Data Raw:	72 55 00 06 00 00 00 00 00 00 40 03 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00

Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 2295

General
Stream Path:	VBA/__SRP_2
File Type:	data
Stream Size:	2295
Entropy:	3.917855690662334
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . ) . . . . . . . . . . 9 . . . . . . . . . / . . . . . . . . . . q . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . ! . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e f8 05 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 10 00 00 00 00 00 00 00 00 00 02 00 01 00 01 00 30 00 00 00 11 1c 00 00 00 00 00 00 00 00 00 00 d1 29 00 00 00 00

Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 164

General
Stream Path:	VBA/__SRP_3
File Type:	data
Stream Size:	164
Entropy:	1.5797085352110123
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 02 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: VBA/__SRP_4, File Type: data, Stream Size: 206

General
Stream Path:	VBA/__SRP_4
File Type:	data
Stream Size:	206
Entropy:	1.7408319798714924
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . . . . . . . . . . . 8 . a . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	72 55 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 05 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 05 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: VBA/__SRP_5, File Type: data, Stream Size: 1040

General
Stream Path:	VBA/__SRP_5
File Type:	data
Stream Size:	1040
Entropy:	3.495005880383342
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . 9 . . . . . . . . . a 9 . . . . . . . . . 9 . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . W . . . . . . . . . . A p . . . . . . . . . . q . . . . . . . . . . . r . . . . . . . . . . H . . . . . . . . . . . . . . . i . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 01 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 04 00 10 00 00 00 00 00 00 00 00 00 05 00 02 00 02 00 0b 00 00 00 e1 f6 39 00 00 00 00 00 00 00 00 00 b1 d7 39 00 00 00

Stream Path: VBA/__SRP_6, File Type: data, Stream Size: 880

General
Stream Path:	VBA/__SRP_6
File Type:	data
Stream Size:	880
Entropy:	2.10477128115157
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a 9 . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . . . . . . . . / . ` . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . \| .
Data Raw:	72 55 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 07 00 c0 ce 01 00 00 00 00 00 00 00 00 00 01 00 01 00 03 00 00 00 f1 00 00 00 00 00 00 00 00 00 02 00 70 cf 01 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00

Stream Path: VBA/__SRP_7, File Type: data, Stream Size: 156

General
Stream Path:	VBA/__SRP_7
File Type:	data
Stream Size:	156
Entropy:	1.7820663630707383
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . 8 . . . . . . . . . . . . . . . ` . . . 8 . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 06 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 38 00 e1 01 00 00 00 00 00 00 00 00 06 00 00 00 03 60 00 00 80 08 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: VBA/__SRP_8, File Type: data, Stream Size: 284

General
Stream Path:	VBA/__SRP_8
File Type:	data
Stream Size:	284
Entropy:	2.2102801559172462
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . 8 . . . . . . . . . . . H . 1 . . . . . . . . . . . . . . ` . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . q . . . . . . . . . . . . . . . . . . @ . . . . . Q H . . . . . . . . . . h . . . . . . . b . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 09 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 88 00 00 00 08 00 38 00 01 03 00 00 00 00 00 00 00 00 09 00 00 00 03 60 00 00 d8 04 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: VBA/__SRP_9, File Type: data, Stream Size: 1062

General
Stream Path:	VBA/__SRP_9
File Type:	data
Stream Size:	1062
Entropy:	2.1667908732085364
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . ! C . . . . . . . . . . 9 . . . . . . . . . B . . . . . . . . . . . . . . ` . . . C . . . . . . . . . . . . . . . . . . . . . C . . . . . . . . . . . . . . . . . . . ` i . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . H . . . . . . . . . . U . . . . . . . . . . . . . . . . . .
Data Raw:	72 55 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 08 00 10 d0 01 00 00 00 00 00 00 00 00 00 02 00 02 00 00 00 00 00 01 00 01 00 00 00 02 00 b1 e3 39 00 00 00 00 00 00 00 00 00 21 43 00 00 00 00 00 00 00 00 00 00 e1 e3

Stream Path: VBA/__SRP_a, File Type: data, Stream Size: 432

General
Stream Path:	VBA/__SRP_a
File Type:	data
Stream Size:	432
Entropy:	1.6732146004701063
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . B . . . . . . . . . . ! C . . . . . . . . . . Q C . . . . . . . . . . B . . . . . . . . . . . . . . ` . . . C . . . . . . . . . . . . . . . . . . . . . C . . . . . . . . . . . . . . . D . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0b 00 70 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 01 00 f1 42 00 00 00 00 00 00 00 00 00 00 21 43 00 00 00 00 00 00 00 00 00 00 51 43

Stream Path: VBA/__SRP_b, File Type: data, Stream Size: 106

General
Stream Path:	VBA/__SRP_b
File Type:	data
Stream Size:	106
Entropy:	1.3591119461716878
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . b . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0a 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 00 00 00 00 00 00 62 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00

Stream Path: VBA/__SRP_c, File Type: data, Stream Size: 864

General
Stream Path:	VBA/__SRP_c
File Type:	data
Stream Size:	864
Entropy:	2.409485206737975
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . P . 8 . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . X . 8 . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . ` . 8 . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . h . 8 . . . . . . . . . . . 8 . 1 . . . . . . . . . . . . . . ` . . p . 8 . . . . . . . . . . . 8 . ! . . . . . . . . . . . . . . `
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0d 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 b0 01 00 00 08 00 38 00 e1 01 00 00 00 00 00 00 00 00 0d 00 00 00 03 60 00 00 50 04 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: VBA/__SRP_d, File Type: data, Stream Size: 19038

General
Stream Path:	VBA/__SRP_d
File Type:	data
Stream Size:	19038
Entropy:	3.69471866496723
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . M . . . q 9 . . . . . . . . . 9 . . . . . . . . . 9 . . . . . . . . . q 9 . . . . . . . . . Q 9 . . . . . . . . . . 9 . . . . . . . . . 1 9 . . . . . . . . . q 9 . . . . . . . . . 9 . . . . . . . . . q 9 . . . . . . . . . 9 . . . . . . . . . Q I . . . . . . . . . . 2 . . . . . . . . . . ( . . . . . . . . . . p . . . . . . . . . . .
Data Raw:	72 55 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0c 00 50 cf 01 00 00 00 00 00 00 00 00 00 0f 00 0f 00 4d 00 00 00 71 ce 39 00 00 00 00 00 00 00 00 00 b1 cf 39 00 00 00 00 00 00 00 00 00 f1 d0 39 00 00 00 00 00 00 00

Stream Path: VBA/dir, File Type: data, Stream Size: 1008

General
Stream Path:	VBA/dir
File Type:	data
Stream Size:	1008
Entropy:	6.688009058084014
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . g * . a . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 .
Data Raw:	01 ec b3 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 67 2a 1a 61 01 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2023 18:06:46.476484060 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:46.751485109 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:46.751660109 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:47.032821894 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:47.033495903 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:47.308751106 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:47.309159994 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:47.584069967 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:47.584460974 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:47.859103918 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:47.859570026 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:48.137267113 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:48.137854099 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:48.415544033 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:48.415783882 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:48.698822021 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:48.699054956 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:48.976696968 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:48.977191925 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:49.251643896 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:49.251827955 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:49.560435057 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:49.562994957 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:49.563267946 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:49.840955973 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:49.841837883 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:49.841872931 CEST	587	49183	222.255.103.91	192.168.2.22
Jun 8, 2023 18:06:49.842050076 CEST	49183	587	192.168.2.22	222.255.103.91
Jun 8, 2023 18:06:49.842050076 CEST	49183	587	192.168.2.22	222.255.103.91

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2023 18:06:45.495450974 CEST	50134	53	192.168.2.22	8.8.8.8
Jun 8, 2023 18:06:46.466460943 CEST	53	50134	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 8, 2023 18:06:45.495450974 CEST	192.168.2.22	8.8.8.8	0x41c4	Standard query (0)	mail.acsv.com.vn	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 8, 2023 18:06:46.466460943 CEST	8.8.8.8	192.168.2.22	0x41c4	No error (0)	mail.acsv.com.vn	mail10391.maychuemail.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 8, 2023 18:06:46.466460943 CEST	8.8.8.8	192.168.2.22	0x41c4	No error (0)	mail10391.maychuemail.com		222.255.103.91	A (IP address)	IN (0x0001)	false

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Jun 8, 2023 18:06:47.032821894 CEST	587	49183	222.255.103.91	192.168.2.22	220 784114.static.maychudns.com ESMTP MSA Thu, 08 Jun 2023 23:06:43 +0700
Jun 8, 2023 18:06:47.033495903 CEST	49183	587	192.168.2.22	222.255.103.91	EHLO 648351
Jun 8, 2023 18:06:47.308751106 CEST	587	49183	222.255.103.91	192.168.2.22	250-784114.static.maychudns.com Hello 648351 [102.129.143.77], pleased to meet you 250-AUTH LOGIN CRAM-MD5 PLAIN 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-STARTTLS 250 SIZE 54272000
Jun 8, 2023 18:06:47.309159994 CEST	49183	587	192.168.2.22	222.255.103.91	AUTH LOGIN
Jun 8, 2023 18:06:47.584069967 CEST	587	49183	222.255.103.91	192.168.2.22	334 VXNlcm5hbWU6
Jun 8, 2023 18:06:47.859103918 CEST	587	49183	222.255.103.91	192.168.2.22	334 UGFzc3dvcmQ6
Jun 8, 2023 18:06:48.137267113 CEST	587	49183	222.255.103.91	192.168.2.22	235 2.7.0 Authentication successful
Jun 8, 2023 18:06:48.137854099 CEST	49183	587	192.168.2.22	222.255.103.91	MAIL FROM: <reminder@acsv.com.vn>
Jun 8, 2023 18:06:48.415544033 CEST	587	49183	222.255.103.91	192.168.2.22	250 2.1.0 Sender OK
Jun 8, 2023 18:06:48.415783882 CEST	49183	587	192.168.2.22	222.255.103.91	RCPT TO: <long.tran@acsv.com.vn>
Jun 8, 2023 18:06:48.698822021 CEST	587	49183	222.255.103.91	192.168.2.22	250 2.1.5 Recipient OK
Jun 8, 2023 18:06:48.699054956 CEST	49183	587	192.168.2.22	222.255.103.91	DATA
Jun 8, 2023 18:06:48.976696968 CEST	587	49183	222.255.103.91	192.168.2.22	354 Enter mail, end with <CRLF>.<CRLF>
Jun 8, 2023 18:06:49.251827955 CEST	49183	587	192.168.2.22	222.255.103.91	.
Jun 8, 2023 18:06:49.560435057 CEST	587	49183	222.255.103.91	192.168.2.22	250 2.6.0 Ok, message saved <Message-ID: <9E904B10B5514890868705A714E2EDC3@648351>>
Jun 8, 2023 18:06:49.562994957 CEST	49183	587	192.168.2.22	222.255.103.91	QUIT
Jun 8, 2023 18:06:49.841837883 CEST	587	49183	222.255.103.91	192.168.2.22	221 2.0.0 See ya in cyberspace

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: EXCEL.EXEPID: 1256, Parent PID: 576

General

Target ID:	0
Start time:	18:07:10
Start date:	08/06/2023
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Imagebase:	0x13f2e0000
File size:	28253536 bytes
MD5 hash:	D53B85E21886D2AF9815C377537BCAC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DNTT-v3.1.xlsb.xlsx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3B1D78B1.emf

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5189986B.emf

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\75D6A495.emf

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9406B992.emf

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D92A5F70.emf

C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd

C:\Users\user\AppData\Local\Temp\~DF48D2C4BEDCFAEFED.TMP

C:\Users\user\AppData\Local\Temp\~DF6F7D75D952D3162B.TMP

C:\Users\user\AppData\Local\Temp\~DF86D4CE46545EA2BD.TMP

C:\Users\user\AppData\Local\Temp\~DFE7890E8E5F5C18D9.TMP

C:\Users\user\Desktop\~$DNTT-v3.1.xlsb.xls

C:\Users\user\Desktop\~$DNTT-v3.1.xlsb.xlsx

Static File Info

General

File Icon

Static OLE Info

General

OLE File "/opt/package/joesandbox/database/analysis/884307/sample/DNTT-v3.1.xlsb.xlsx"

Indicators

Summary

Document Summary

Streams with VBA

VBA File Name: FrmAbout.frm, Stream Size: 3334

General

VBA Code

VBA File Name: FrmMain.frm, Stream Size: 47398

General

VBA Code

VBA File Name: Log.bas, Stream Size: 12635

General

Windows Analysis Report
DNTT-v3.1.xlsb.xlsx